Quartermaster¶
Codename: Quartermaster · repo quartermaster · Acquisitions, rationed.
A personal agent that finds the best value-for-fit RAM (and later, any fitment-gated hardware) across EU classifieds + multi-retailer price data, and ranks it by live landed cost vs the market -- so you see the best deal available now. The value is the funnel before the click: compatibility gating, live landed-cost valuation, and budget discipline.
Buying stays in your hands -- a one-click-approved auction snipe within a hard budget is a later phase.
Source on GitHub The Plan Security
Status¶
- v0 foundation shipped: uv toolchain, the money/safety schema core (reserve-release ledger + FSM + source-tag), CI + an autouse network-egress blocker.
- P1.1 fitment core shipped: deterministic RAM compatibility gating (
assess()-> PASS / UNVERIFIED / REJECT) against a target-machine profile. - Pivoted to SEARCH + COMPARE first (eBay API dropped at Gate 0). Phase 1 = alert + compare only (no buy button); bid/buy is Phase 2.
The non-negotiables (hard-coded)¶
- Human one-click approval before every binding bid -- no autonomous bidding.
- eBay content is deterministic-only, never sent to an LLM, purged < 6 h, source-tagged.
- No scraping -- classifieds = native saved-search alert emails; the body is the dataset.
- EU-only auto-bid; fail-closed kill-switch;
DRY_RUNdefaults true; two-signal arming. - Reserved-budget ledger with a release path (sum of live max-bids <= cap).
Map¶
| Doc | What |
|---|---|
| The Plan | Authoritative design (post two red-teams + the pivot). |
| Architecture | Data flows + components. |
| UX & digest | The digest surface + the approval-channel model. |
| Security | Security model + how to report a vulnerability. |
| Decisions | The ADR-style decision log. |
Background reading (why this exists, the price-API landscape, the eBay Gate-0 research) is in the Background section of the nav.
Configuration¶
Config is separate from the program: env vars prefixed QM_ (or a gitignored .env). Secrets
live in your secret store, injected via env -- e.g. export QM_SERPAPI_API_KEY="$(bw get password
serpapi)". QM_DRY_RUN defaults true (fail-safe). See Security.