The pattern I didn’t know I had
This week an AI agent told me something about my own systems that I’d never noticed, and it was correct: I have one favorite architecture, and I’ve built it three times.
- At work: git holds Terraform code → Terraform derives the S3 buckets. Nobody clicks around in the AWS console; the repo is the truth.
- In the homelab: git holds Kubernetes manifests → ArgoCD derives the cluster. Every app on my rack is a folder in a repo.
- In my second brain: a vault of markdown notes → an indexer derives the search database (SQLite FTS + a link graph) that my AI tools query.
Same shape everywhere: a plain-text source of truth in git, and a machine that builds the real thing from it. Master copy, derived state. I never decided this consciously — it’s just how my hands build things now.
GitOps isn’t the git part
Here’s the thing that the third copy got wrong, and it took me embarrassingly long to see because I teach this pattern at the infrastructure layer.
“Configuration in git” existed long before GitOps. What made GitOps an actual
shift was the reconciler: ArgoCD doesn’t apply your manifests once and
wish you luck. It watches, continuously. When the cluster drifts from the
repo, you get an OutOfSync badge, and with selfHeal enabled it puts
reality back where the repo says it should be. The loop is the product. Git
is just where the loop points.
My vault had no loop. If I edited a note and forgot to rebuild the index, the search results my AI agents rely on were silently stale — no badge, no error, nothing. The only protection was a rule in the repo’s agent instructions: “if files and index disagree, the files win — run the indexer.”
A policy that agents must remember. In other words: I was running Kubernetes with a sticky note on the monitor that says please redeploy after editing the YAML. I would never accept that on my cluster. My brain ran on it for months.
The fix took an afternoon
Two pieces, both boring on purpose.
exo status — the OutOfSync badge. The indexer now stores a content hash
per note; status re-hashes the vault and diffs:
{
"status": "OutOfSync",
"modified": ["vault/10-notes/interests-themes.md"],
"new": [],
"deleted": [],
"repair": "exo index"
}
Exit code 0 when synced, 1 when not — so scripts and CI can ask the question
too, exactly like argocd app get.
Git hooks — the selfHeal. Versioned hooks (core.hooksPath .githooks) on
post-commit and post-merge rebuild the index after every commit and pull:
command -v exo >/dev/null 2>&1 || exit 0
EXO_ROOT="$(git rev-parse --show-toplevel)"
exo index >/dev/null 2>&1 && echo "exo: index reconciled (Synced)"
Now every git commit in the vault prints exo: index reconciled (Synced)
on its way out. The rule didn’t change — files win — but it stopped being
something agents must remember and became something a machine enforces.
That’s the entire difference between configuration management and GitOps,
replayed at the knowledge layer.
The part where it gets a little strange
The reason I’m writing this post at all: I didn’t have this idea. A scheduled agent did, on what I can only describe as an idle walk.
My vault has a weekly cron job — we call it the Wanderer — that samples pairs of notes that are far apart: different folders, different months, almost no shared vocabulary. A headless Claude gets the pairs with exactly one task: read both notes in full and say whether anything genuinely connects. “Nothing connects” is a successful run. That last sentence is load-bearing — the run always reports its result either way, so the agent never needs to manufacture a finding to have done its job.
On its very first walk, it collided a work note about Terraform-driven S3 provisioning with the architecture map of the vault itself, and wrote: same sentence in different clothes — and the brain copy is missing its reconciler. Then it listed the two fixes you just read about.
Retrieval answers the questions you ask. Distant collisions surface the questions you didn’t know you had. It turns out my second brain didn’t need to get better at remembering — it needed to occasionally interrupt me.
If you keep a vault
Whatever your stack — Obsidian, org-mode, a folder of markdown — if anything derives from your notes (an index, embeddings, a published site), then you have source of truth and derived state, and the GitOps question applies: who notices when they drift? If the answer is “I do, hopefully,” you’re running the sticky-note era. Give it a badge and a loop. It’s an afternoon.