feat: implemented verified Shell Actuator skill

- Enabled execution of whitelisted shell commands via OACP. - Added neuro-cognitive analysis for command results. - Fixed authentication fallback for background daemon. - Finalized Emacs UI robustness for all message types.
2026-04-04 13:37:47 -04:00
parent 51845ae7f6
commit 65a14784d3
13 changed files with 3147 additions and 15 deletions
--- a/notes/org-skill-chat.org
+++ b/notes/org-skill-chat.org
@@ -56,10 +56,15 @@ Interfaces for conversational event handling and UI integration. Source of truth
 #+begin_src lisp :tangle ../projects/org-skill-chat/src/chat-logic.lisp
 (defun verify-skill-chat (proposed-action context)
  (if (and (listp proposed-action)
-           (eq (getf proposed-action :target) :emacs)
-           (eq (getf (getf proposed-action :payload) :action) :insert-at-end))
+           (or (and (member (getf proposed-action :type) '(:request :REQUEST))
+                    (or (and (member (getf proposed-action :target) '(:emacs :EMACS))
+                             (member (getf (getf proposed-action :payload) :action) '(:insert-at-end :INSERT-AT-END)))
+                        (and (member (getf proposed-action :target) '(:shell :SHELL))
+                             (getf (getf proposed-action :payload) :cmd))))
+               (member (getf proposed-action :type) '(:response :RESPONSE :log :LOG))))
      proposed-action
-      '(:type :REQUEST :target :emacs :payload (:action :insert-at-end :buffer "*org-agent-chat*" :text "\n\n*System Error:* Chat agent failed to format response as a valid Lisp action."))))
+      (let ((err-text (format nil "\n\n*System Error:* Chat agent returned invalid action: ~s" proposed-action)))
+        `(:type :request :target :emacs :payload (:action :insert-at-end :buffer "*org-agent-chat*" :text ,err-text)))))
 #+end_src

 ** Neural Response Generation
@@ -87,8 +92,11 @@ EXAMPLE OF A BAD RESPONSE:
 Okay, here is your answer:
 (:type :request ...)

-EXAMPLE OF A GOOD RESPONSE:
-(:type :request :target :emacs :payload (:action :insert-at-end :buffer \"*org-agent-chat*\" :text \"* <Your Org-mode Response Here>\"))" assistant user))))
+EXAMPLE OF A GOOD RESPONSE (CHAT):
+(:type :request :target :emacs :payload (:action :insert-at-end :buffer \"*org-agent-chat*\" :text \"* <Your Org-mode Response Here>\"))
+
+EXAMPLE OF A GOOD RESPONSE (SHELL EXECUTION):
+(:type :request :target :shell :payload (:cmd \"ls -la\"))" assistant user))))
 #+end_src

 * Registration
--- a/notes/org-skill-emacs-bridge.org
+++ b/notes/org-skill-emacs-bridge.org
@@ -64,7 +64,7 @@ Interfaces for TCP I/O and protocol framing. Source of truth is the OACP specifi
         (msg (prin1-to-string envelope))
         (len (length msg))
         (framed (format nil "~6,'0x~a" len msg)))
-    (write-string (string-downcase framed) stream)
+    (write-string framed stream)
    (finish-output stream)))

 (defun broadcast-to-emacs (action-plist context)
--- a/notes/org-skill-shell-actuator.org
+++ b/notes/org-skill-shell-actuator.org
@@ -48,21 +48,23 @@ Interfaces for secure system calls. State is event-driven via the core kernel bu
 * Phase D: Build (Implementation)

 ** Whitelisting & Execution
-#+begin_src lisp :tangle projects/org-skill-shell-actuator/src/shell-logic.lisp
+#+begin_src lisp :tangle ../projects/org-skill-shell-actuator/src/shell-logic.lisp
 (defparameter *allowed-commands* '("ls" "git" "rg" "grep" "date" "echo" "cat" "node" "python3" "sbcl"))

-(defun execute-shell-safely (action)
+(defun execute-shell-safely (action context)
  (let* ((cmd-string (getf (getf action :payload) :cmd))
         (executable (car (uiop:split-string cmd-string :separator '(#\Space)))))
    (if (member executable *allowed-commands* :test #'string=)
        (multiple-value-bind (stdout stderr exit-code)
            (uiop:run-program cmd-string :output :string :error-output :string :ignore-error-status t)
          (org-agent:inject-stimulus 
-           `(:type :EVENT :payload (:sensor :shell-response :cmd ,cmd-string :stdout ,(or stdout "") :stderr ,(or stderr "") :exit-code ,exit-code))))
+           `(:type :EVENT :payload (:sensor :shell-response :cmd ,cmd-string :stdout ,(or stdout "") :stderr ,(or stderr "") :exit-code ,exit-code))
+           :stream (getf context :reply-stream)))
        (org-agent:inject-stimulus 
-         `(:type :EVENT :payload (:sensor :shell-response :cmd ,cmd-string :stdout "" :stderr "ERROR - Command not in security whitelist." :exit-code 1))))))
+         `(:type :EVENT :payload (:sensor :shell-response :cmd ,cmd-string :stdout "" :stderr "ERROR - Command not in security whitelist." :exit-code 1))
+         :stream (getf context :reply-stream)))))

-(defun execute-sandboxed-script (action)
+(defun execute-sandboxed-script (action context)
  "Executes a synthesized script (Python/Lisp/JS) in a controlled directory.
   This enables SOTA-level Tool Synthesis and Iterative Fixing."
  (let* ((payload (getf action :payload))
@@ -83,7 +85,8 @@ Interfaces for secure system calls. State is event-driven via the core kernel bu
      (multiple-value-bind (stdout stderr exit-code)
          (uiop:run-program cmd :output :string :error-output :string :ignore-error-status t)
        (org-agent:inject-stimulus 
-         `(:type :EVENT :payload (:sensor :shell-response :cmd ,cmd :stdout ,(or stdout "") :stderr ,(or stderr "") :exit-code ,exit-code :synthesis-p t)))))))
+         `(:type :EVENT :payload (:sensor :shell-response :cmd ,cmd :stdout ,(or stdout "") :stderr ,(or stderr "") :exit-code ,exit-code :synthesis-p t))
+         :stream (getf context :reply-stream))))))

 (defun provision-microvm (id &key (cpu 1) (ram 512))
  "Hardware-Level Isolation: Provisions an ephemeral Firecracker MicroVM.
@@ -94,7 +97,7 @@ Interfaces for secure system calls. State is event-driven via the core kernel bu
 #+end_src

 ** Feedback Perception
-#+begin_src lisp :tangle projects/org-skill-shell-actuator/src/shell-logic.lisp
+#+begin_src lisp :tangle ../projects/org-skill-shell-actuator/src/shell-logic.lisp
 (defun trigger-skill-shell-actuator (context)
  (let ((type (getf context :type))
        (payload (getf context :payload)))
@@ -103,7 +106,7 @@ Interfaces for secure system calls. State is event-driven via the core kernel bu
 #+end_src

 ** Neuro-Cognitive Analysis
-#+begin_src lisp :tangle projects/org-skill-shell-actuator/src/shell-logic.lisp
+#+begin_src lisp :tangle ../projects/org-skill-shell-actuator/src/shell-logic.lisp
 (defun neuro-skill-shell-actuator (context)
  (let* ((p (getf context :payload))
         (cmd (getf p :cmd))
@@ -122,11 +125,15 @@ Interfaces for secure system calls. State is event-driven via the core kernel bu
          If the command failed (Exit != 0), analyze the STDERR and propose a FIX for the script.
          If it succeeded, use the STDOUT to complete the original goal.
        " cmd exit-code stdout stderr)
-        (format nil "Command: ~a (Exit: ~a)~%STDOUT: ~a~%STDERR: ~a" cmd exit-code stdout stderr))))
+        (let ((result-text (format nil "* Shell Command Result\n- Command: ~a\n- Exit Code: ~a\n\n** STDOUT\n#+begin_example\n~a\n#+end_example\n\n** STDERR\n#+begin_example\n~a\n#+end_example"
+                                   cmd exit-code stdout stderr)))
+          `(:type :request :target :emacs :payload (:action :insert-at-end :buffer "*org-agent-chat*" :text ,result-text))))))
 #+end_src

 * Registration
 #+begin_src lisp
+(org-agent:register-actuator :shell #'execute-shell-safely)
+
 (defskill :skill-shell-actuator
  :priority 80
  :trigger #'trigger-skill-shell-actuator