#+TITLE: SKILL: Shell Actuator Agent (Universal Literate Note)
#+ID: skill-shell-actuator
#+STARTUP: content
#+FILETAGS: :shell:actuator:system:psf:

* Overview
The **Shell Actuator Agent** provides the bridge to the host operating system. It enables secure command execution while maintaining a strict security posture through whitelisting and diagnostic feedback loops.

* Phase A: Demand (PRD)
:PROPERTIES:
:STATUS: FROZEN
:END:

** 1. Purpose
Define a secure, diagnostic-rich interface for host OS interaction.

** 2. User Needs
- **Secure Actuation:** Strict whitelist of permitted commands.
- **Diagnostic Feedback:** Capture STDOUT, STDERR, and exit codes.
- **Loop Closure:** Automatic neural analysis of command results.
- **Resilience:** Graceful handling of blocked or failed commands.

** 3. Success Criteria
*** TODO Whitelist Enforcement
*** TODO Diagnostic Capture
*** TODO Result Analysis Loop

* Phase B: Blueprint (PROTOCOL)
:PROPERTIES:
:STATUS: SIGNED
:END:

** 1. Architectural Intent
Interfaces for secure system calls. State is event-driven via the core kernel bus.

** 2. Semantic Interfaces
#+begin_src lisp
(defun execute-shell-safely (action)
  "Verifies command against whitelist and captures diagnostics.")

(defun trigger-skill-shell-actuator (context)
  "Monitors for shell-response events.")

(defun neuro-skill-shell-actuator (context)
  "Neural interpretation of command diagnostics.")
#+end_src

* Phase D: Build (Implementation)

** Whitelisting & Execution
#+begin_src lisp :tangle projects/org-skill-shell-actuator/src/shell-logic.lisp
(defparameter *allowed-commands* '("ls" "git" "rg" "grep" "date" "echo" "cat"))

(defun execute-shell-safely (action)
  (let* ((cmd-string (getf (getf action :payload) :cmd))
         (executable (car (uiop:split-string cmd-string :separator '(#\Space)))))
    (if (member executable *allowed-commands* :test #'string=)
        (multiple-value-bind (stdout stderr exit-code)
            (uiop:run-program cmd-string :output :string :error-output :string :ignore-error-status t)
          (org-agent:inject-stimulus 
           `(:type :EVENT :payload (:sensor :shell-response :cmd ,cmd-string :stdout ,(or stdout "") :stderr ,(or stderr "") :exit-code ,exit-code))))
        (org-agent:inject-stimulus 
         `(:type :EVENT :payload (:sensor :shell-response :cmd ,cmd-string :stdout "" :stderr "ERROR - Command not in security whitelist." :exit-code 1))))))
#+end_src

** Feedback Perception
#+begin_src lisp :tangle projects/org-skill-shell-actuator/src/shell-logic.lisp
(defun trigger-skill-shell-actuator (context)
  (let ((type (getf context :type))
        (payload (getf context :payload)))
    (and (eq type :EVENT)
         (eq (getf payload :sensor) :shell-response))))
#+end_src

** Neuro-Cognitive Analysis
#+begin_src lisp :tangle projects/org-skill-shell-actuator/src/shell-logic.lisp
(defun neuro-skill-shell-actuator (context)
  (let* ((p (getf context :payload))
         (cmd (getf p :cmd))
         (stdout (getf p :stdout))
         (stderr (getf p :stderr))
         (exit-code (getf p :exit-code)))
    (format nil "Command: ~a (Exit: ~a)~%STDOUT: ~a~%STDERR: ~a" cmd exit-code stdout stderr)))
#+end_src

* Registration
#+begin_src lisp
(defskill :skill-shell-actuator
  :priority 80
  :trigger #'trigger-skill-shell-actuator
  :neuro #'neuro-skill-shell-actuator
  :symbolic (lambda (action context) action))
#+end_src