Skip to content
Personal Digital Estate

Glossary (CONTEXT.md)

This context describes the digital systems, assets, identities, and data flows that Francois controls for personal and family use. Professional systems are treated as an external boundary, with only explicitly selected work material crossing into the personal estate.

North Star

Section titled “North Star”

Build the capacity to deliver things that matter — for my family, my career, and myself — by compounding knowledge, automating the mundane, and staying sovereign over my tools.

Three pillars:

  1. Deliver things that matter — not busywork, not over-engineering. Things with real impact on family, career, and personal growth.
  2. Compound knowledge — every Project makes the next one faster. The bidirectional flywheel between personal lab and professional world.
  3. Stay sovereign — own your data, own your tools, don’t depend on any single provider.

Friday evening scenario: Tired from work. Djuly needs help with the dietician website. Blog post idea nagging. Strata has a bug. The north star says: Djuly’s business matters more than the bug tonight. The blog post can wait. Helping Djuly builds a reusable Venture Scaffolding pattern you’ll use again.

Guiding Convictions

Section titled “Guiding Convictions”

Key insights that drive every decision in this estate.

  1. “The boundary is a human routing decision” — Francois decides which Project lives in which PARA (pro or perso) by instinct, not by technical rule. A perso Project can deliver career value; a pro skill can power personal projects.

  2. “WHY → WHAT → HOW” — Francois drives the WHY (the north star, the intent, the spark) and the WHAT (outcomes, not plumbing). Agents help with the HOW. The WHY is always a human question — it’s what makes a project worth doing. The WHAT is the Strategist path: build the infra yourself (it’s fun + builds skills), but fuel it with premium AI so the machine produces results.

  3. “The framework IS the moat” — AI commoditizes execution (anyone can ask ChatGPT to configure rclone). But the architecture thinking — PARA, DDD contexts, the bidirectional flywheel — that’s the competitive advantage no tool replaces.

  4. “One brain, two worlds” — Hermes doesn’t have a pro mode and a perso mode. Its target is one Unified Project Radar mixing personal, family, and pro priorities, because real life doesn’t respect the boundary. Day-one Agent Host access stays Francois-personal only; Djuly and pro source access are roadmap until boundary-safe.

  5. “Google Drive until it hurts, then GitHub” — No premature migration. A Project graduates to GitHub at the first npm install or python -m venv, not before.

  6. “Pay-per-token matches variable energy” — €0 on lazy months, €20 when on fire. OpenRouter pay-per-token automatically scales with motivation. No subscription guilt.

  7. “The hours I’m spending will have a return on investment” — This architecture Project lives in perso PARA but its ROI spans time savings, career, sovereignty, and capacity to deliver things that matter.

  8. “Careful by default, fast when you choose” — Hermes uses branch-review for substantive changes, auto-commit only on explicit “just do it.” The agent is powerful but on a leash.

  9. “The human sparks, the agent grinds, the human decides” — Francois supplies the creative vision and makes every final call. Hermes supplies speed, evidence, and challenge — it can originate ideas and push back, but never overrides Francois’s judgment. Even when Hermes has stronger evidence, “I’m doing this for fun” is a valid decision.

  10. “The agent grows with you” — Hermes builds skills from experience. Every interaction makes the next one faster and smarter. The dream: an assistant that compounds its own capabilities over time, just as the Knowledge Vault compounds knowledge.

Language

Section titled “Language”

Personal Digital Estate: The set of personal and family digital assets, accounts, devices, data, domains, websites, assistants, storage, and recovery practices that Francois controls. Avoid: Digital life, personal IT, home stack

Professional Boundary: The organization-controlled digital environment that Francois uses for work but does not own or govern. Both sides have their own PARA folder structure in their respective Google Drives. Francois decides — by instinct and judgment — which projects live in which PARA. Some perso PARA projects (like this architecture project) deliver direct value to the professional world; some pro PARA skills flow back into the personal estate. The boundary is a human routing decision, not a technical wall. Avoid: Pro life, work stack, Decathlon architecture

Professional Reference Material: Selected organization-owned files or folders intentionally made available to the Personal Digital Estate as read-only reference input. This material remains owned by the Professional Boundary — it is never copied into, edited from, or backed up by the personal estate, and it does not include giving the Agent Host professional Google Drive or GitHub tokens. Avoid: Pro files, work data, mounted pro account

Personal Identity: The primary digital identity Francois uses for his own domains, websites, dev tools, assistant, and personal accounts. Owns and governs the Personal Digital Estate. Avoid: Main account, personal login

Family Identity: A shared digital identity covering family-level assets — shared Google storage, family photos, kids’ accounts. Governed by Francois but distinct from the Personal Identity to keep permissions and backups separate. Avoid: Household account, family plan

Methodology

Section titled “Methodology”

Goal: A measurable outcome that answers “WHY am I doing this?” — the strategic intent behind one or more Projects or Ventures. Goals are durable; Projects come and go in service of them. Goals live as context in the Pro Mission (professional) or as declared intent in the Venture Log (personal). A Goal without an active Project is a wish. A Project without a Goal is busywork. Avoid: Objective, KPI, resolution

Idea: A potential new Project, Venture, or product that hasn’t been validated yet. Not a PARA entity — it has no folder. It exists only as a 💡 Sparked entry in the Venture Log until validated through Evidence-Guided Development. Most Ideas get parked. That’s the system working. Avoid: Feature request, backlog item, ticket

Task: An atomic unit of work that takes hours, not days. Lives inside a Project or Area — never standalone. Tasks don’t enter the Venture Log, but the Evidence-Guided Development mindset still applies: always ask “is this worth my time?” before starting. A Task has a deadline — if it can be done, decide when. Avoid: Todo, story, issue (in this context)

Project: A time-bounded effort with a clear Goal and a deadline. Ends when the goal is met or the effort is abandoned. Scale: days to weeks. Lives as a folder in the PARA “Projects” section of the Knowledge Vault. If it has build artifacts, it also exists as a Code Project on GitHub. PARA guideline: maintain 10–15 active Projects across both vaults. Projects enter the Venture Log and are tracked there. Avoid: Using “project” for ongoing responsibilities (those are Areas)

Venture: A large-scale effort spanning months that decomposes into multiple Projects. Ventures go through full Evidence-Guided Development validation before the first Project is created. Scale: months. Tracked in the Venture Log at the venture level; sub-Projects are tracked individually in PARA. Avoid: Initiative, program, epic

Area: An ongoing responsibility or product with no end date, maintained indefinitely. Lives as a folder in the PARA “Areas” section of the Knowledge Vault. Areas spawn Projects — if an Area isn’t generating Projects, it’s either stable (good) or neglected (Hermes should review it). When a Venture reaches 📈 In Production in the Venture Log, it graduates to an Area. All Areas — including those born on GitHub — must have a PARA folder (with a pointer README if the code lives elsewhere). Avoid: Ongoing project, responsibility, domain

Evidence-Guided Development: The practice of validating Ideas through increasing levels of evidence (assessment → fact-finding → testing) before committing to build. Inspired by Itamar Gilad’s idea validation framework. Applied proportionally: Ventures get full validation with grilling; Projects get logged with intent and goal; Tasks get a mental “is it worth my time?” check. The mindset is universal; the logging is proportional to scale. Avoid: GIST (that’s Gilad’s broader planning framework), gut feeling, roadmap

Intent: The category of expected return for a Project or Venture: commercial (revenue), portfolio (career/skills), or fun (joy/learning). Declared at the 💡 Sparked stage in the Venture Log. Determines the depth of Evidence-Guided Development validation: commercial gets full grilling with market evidence; portfolio gets lighter assessment; fun skips validation entirely. A Goal is specific (“earn €X from dietician practice”); an Intent is the category (“commercial”). Every entry in the Venture Log has both. Avoid: Purpose, motivation, category

Venture Log: A structured lifecycle tracker for Ideas, Projects, and Ventures evaluated through Evidence-Guided Development. Records each entry’s scale (Venture / Project), intent (commercial / portfolio / fun), goal, confidence level at validation (🟢 high / 🟡 medium / 🔵 for fun), and progression through stages: Sparked → Validating → Validated or Parked → Building → MVP → In Production → Milestone → Retired. Lives at src/content/docs/operations/venture-log.md. Enables year-end metrics: ideas kept vs parked, time-to-MVP, validation accuracy. Tasks do NOT enter the Venture Log. Avoid: Backlog, roadmap, project tracker

Knowledge & Storage

Section titled “Knowledge & Storage”

Knowledge Vault: The PARA-organized folder structure in Google Drive (the single source of truth for documents) containing .md notes, .gdoc/.gsheet files, and lightweight Project assets. Day-one Agent Host access is Francois’s Personal Google Drive only; professional and family vault access are roadmap capabilities. Code Projects do not live here — Google Drive Desktop sync chokes on node_modules/venv/build artifacts. Code Projects get a pointer README in their PARA folder and live in GitHub. Avoid: Notes app, second brain, wiki, Obsidian vault

Code Project: Any project that has heavy dependency/build artifacts (node_modules, Python venv, dist/, build/) — files that overwhelm Google Drive Desktop sync. These live in GitHub as SSOT, cloned locally to ~/workspace/. The graduation trigger is the first npm install or python -m venv — before that, a project with a few scripts can stay happily in Google Drive. The corresponding PARA folder in the Knowledge Vault keeps a pointer README linking to the GitHub repo. Avoid: Repo, repository, codebase

Unified Project Radar: The Hermes Agent’s target ability to present a single prioritized view of active Projects and Areas across personal and professional life. Day-one VPS scope reads Francois’s Personal Knowledge Vault only; Djuly and Pro Knowledge Vault access remain roadmap capabilities that require approved boundary-safe access patterns. Hermes can still use the Pro Mission, the North Star, and the Venture Log to recommend what Francois should focus on. Avoid: Dashboard, project list, task manager

Pro Mission: Francois’s annual professional mission at Decathlon — the north star that guides which pro projects to prioritize and what initiatives to pursue. Currently being written. Once finalized (with Hermes’s help), it becomes core agent context that drives the Unified Project Radar and helps Hermes suggest ideas, initiatives, and career moves aligned with the mission. Complemented by Decathlon HR context (career path, job ladder). Avoid: Job description, OKRs, goals

Drive Bridge: An rclone mount on the Agent Host VPS that exposes approved Google Drive accounts as local filesystems. Day-one mount: Francois’s Personal Google Drive (read/write — the Knowledge Vault SSOT). Family and professional Google sources are roadmap only and require approved boundary-safe access patterns before any family or professional OAuth token is placed on the Agent Host. Google Drive remains the single source of truth; rclone translates filesystem operations to Google Drive API calls with local caching. Avoid: Sync, mount, rclone, NFS

Collaboration Hub: Google Drive when used for its collaboration features — sharing .gdocs/.gsheets with other people (family, friends, colleagues). Same physical storage as the Knowledge Vault, but describes the use-case of multi-person editing. The Hermes Agent reads but does not write collaborative documents. Avoid: Shared drive, team files

Hosting & Delivery

Section titled “Hosting & Delivery”

Site: A personal website deployed as a static build to Cloudflare Pages via the DNS Gateway. All current sites are static generators (Hugo or Astro). Sites: notes.ducatillon.net, strata.ducatillon.net, locationyeu.com, chateaudebourgon.com (Astro migration in progress), sommelier-arena.ducatillon.net, docs.ducatillon.net (architecture wiki, Astro + Starlight, private behind Cloudflare Access). Avoid: Web app, server, project

Architecture Wiki: The docs.ducatillon.net Site, built with Astro + Starlight from a private GitHub repo. Contains C4 Mermaid diagrams, CONTEXT.md glossary, ADRs, cost breakdown, and folder structure. Serves both humans (rendered website) and the Hermes Agent (raw .md via GitHub MCP). Protected by Cloudflare Access (email OTP). Avoid: Docs site, wiki, knowledge base

Agent Host: The Hostinger VPS KVM2 reserved exclusively for running the Hermes Agent and any future dynamic services. Hosts the Drive Bridge (rclone mount) for local filesystem access to the Knowledge Vault. Runs three services: hermes-gateway (systemd — Telegram/messaging gateway + agent core), the Hermes dashboard on port 9119 (web UI for sessions, logs, cron, analytics, chat, and non-secret operations), and 9router on port 3000 (model-routing dashboard, proxied via nginx on port 80). No static sites run here — those live on Cloudflare Pages. Avoid: Server, VPS, hosting

Hermes Agent: A self-hosted instance of NousResearch/hermes-agent running on the Agent Host. The personal AI assistant accessible via Telegram (for Francois and wife) and a web dashboard at hermes.ducatillon.net (port 9119, exposed via Agent Tunnel). The day-one dashboard provides session history, log viewer, scheduled prompts, analytics, skills view, non-secret operations, and an embedded Chat tab; it must not display or edit .env secrets. Uses a free LLM model as default for simple tasks and switches to a paid model via OpenRouter (pay-per-token) for complex reasoning. Also deploys 9router (port 3000, proxied via nginx on port 80) — a separate model-routing dashboard for multi-provider management and usage stats. Reads/writes the Knowledge Vault via the Drive Bridge. Learns across sessions and creates skills from experience. Avoid: AI, bot, chatbot, assistant app

Domains & DNS

Section titled “Domains & DNS”

Domain Registrar: PlanetHoster — where all domains are purchased and registered (ducatillon.net, locationyeu.com, chateaudebourgon.com). Nameservers point to DNS Gateway. Avoid: Domain provider, hosting

DNS Gateway: Cloudflare — manages DNS records, CDN, and SSL for all domains. Also hosts static Sites via Cloudflare Pages. Not the registrar. Avoid: Cloudflare, CDN, nameserver

Access & Networking

Section titled “Access & Networking”

Agent Tunnel: A Cloudflare Tunnel connecting the Agent Host VPS to the DNS Gateway. Exposes the Hermes dashboard (port 9119) at hermes.ducatillon.net with no inbound ports open on the VPS. Protected by Cloudflare Access with email OTP authentication. The 9router model-routing dashboard (port 80/3000) can also be exposed via the same tunnel on a subdomain if desired (e.g., router.ducatillon.net). Avoid: VPN, reverse proxy, port forwarding

Agent SSH: SSH key-based access to the Agent Host VPS for installation and maintenance. Password login disabled. Keys stored in Credential Vault. Avoid: Remote access, terminal login

Monitoring & Health

Section titled “Monitoring & Health”

Health Dashboard: An instance of Uptime Kuma running on the Agent Host VPS, exposed at health.ducatillon.net via the Agent Tunnel (behind Cloudflare Access). Monitors all estate services and sends alerts via Telegram when something is down. Avoid: Status page, monitoring tool, observability

Roadmap — OpenTelemetry: When the estate grows beyond a handful of services or request-level tracing inside Hermes becomes valuable, add an OTel collector + Grafana stack. Not needed day one.

Security & Recovery

Section titled “Security & Recovery”

Credential Vault: Bitwarden (free tier) — the single source of truth for all personal estate credentials (logins, API keys, SSH keys, service accounts). Cross-platform, family-shareable, provider-agnostic (self-hostable). Avoid: Password manager, keychain

Identity Guard: The 2FA/TOTP layer protecting critical accounts. Currently: Google Authenticator + Ping ID (work, to be migrated away). Target: Aegis Authenticator (free, open-source, encrypted backups). Personal 2FA must not depend on the Professional Boundary. Avoid: Two-factor, authenticator, MFA app

Backup Target: A recovery destination for irreplaceable estate data. The Hermes Agent state is backed up daily as encrypted archives to a private personal GitHub repository and weekly to an external hard drive; Google Photos, Knowledge Vault snapshots, and Credential Vault exports remain weekly external hard drive backups. Avoid: NAS, backup server, cold storage

Example dialogue

Section titled “Example dialogue”

Dev: “Where should I store this new project document — Google Drive or the architecture repo?”

Domain expert: “If it’s a collaborative document you’ll share with others, it goes in the Collaboration Hub (Google Drive). If it’s an architecture decision or diagram, it goes in the Architecture Wiki repo on GitHub. If it’s a personal note, write it as .md in the Knowledge Vault (also Google Drive, your PARA structure). The Hermes Agent can read all three.”

Dev: “Can I access my notes from my work laptop?”

Domain expert: “Yes — Decathlon IT allows personal SSH keys and personal GitHub access on the managed M3Pro. For lightweight docs still in the Knowledge Vault, open them in VS Code from the local Google Drive folder. For Code Projects that have migrated to GitHub, clone them to ~/workspace/ with your perso SSH key. The Professional Boundary is about ownership and governance — it doesn’t block Francois from using the M3Pro for personal work.”

Dev: “I have an idea for a wine subscription box. Where does it go?”

Domain expert: “It enters the Venture Log as a 💡 Sparked Idea. Hermes grills you through Evidence-Guided Development: What’s the Goal? (Revenue? Fun? Learning?) What’s the Intent? (Commercial / portfolio / fun?) What evidence do you have? If validated, it becomes a Venture and decomposes into Projects — each with a deadline and a PARA folder. If you say ‘I’m doing this for fun,’ Hermes records the 🔵 intent and skips validation. Either way, the decision is yours.”

Dev: “Strata has been running for a while. Is it still a Project?”

Domain expert: “No — Strata is an Area. It reached 📈 In Production and graduated. It has no end date. But specific improvements — like ‘add multi-currency support’ — enter the Venture Log as new Projects under that Area, each with a deadline.”

Dev: “How does Hermes read my files if they’re in Google Drive?”

Domain expert: “Through the Drive Bridge — an rclone mount on the Agent Host that presents Google Drive as a local filesystem. Google Drive stays the single source of truth.”