memex/notes/org-skill-safety-harness.org

SKILL: Global Safety Harness (Universal Literate Note)

• Overview
• Phase A: Demand (PRD)
  • 1. Purpose
  • 2. User Needs
  • 3. Success Criteria
    • Implement recursive AST walker in Lisp
    • Establish strict function whitelist (surgical Org operations)
    • Detect and block nested 'eval' attempts
    • Verify that malformed or malicious sexps are rejected
• Phase B: Blueprint (PROTOCOL)
  • 1. Architectural Intent
  • 2. Semantic Interfaces
• Phase D: Build (Implementation)
  • The Validator
• Registration

Overview

The Global Safety Harness is the primary "Safety Gate" for the Neurosymbolic Lisp Machine. It provides a recursive AST validator that subjects all Elisp proposals from System 1 to a strict "Deny-by-Default" sandbox, preventing arbitrary code execution while allowing high-fidelity system manipulation.

Phase A: Demand (PRD)

1. Purpose

Define a high-integrity, recursive security sandbox for Elisp execution.

2. User Needs

• Recursive Validation: Every nested function call and variable access MUST be checked.
• Deny-by-Default: Only explicitly whitelisted functions and variables are permitted.
• Eval Protection: Block all forms of `eval`, `load`, or dynamic execution.
• Symbolic Preemption: This skill acts as a mandatory global System 2 check.

3. Success Criteria

TODO Implement recursive AST walker in Lisp

TODO Establish strict function whitelist (surgical Org operations)

TODO Detect and block nested 'eval' attempts

TODO Verify that malformed or malicious sexps are rejected

Phase B: Blueprint (PROTOCOL)

1. Architectural Intent

Interfaces for deep inspection of Elisp proposals. Source of truth is the Lisp reader and the security whitelist.

2. Semantic Interfaces

(defun safety-harness-validate (code-string)
  "Parses and walks the Elisp AST. Returns T if safe, NIL otherwise.")

(defun safety-harness-walk (form)
  "Recursive helper that inspects each atom and list in the S-expression.")

Phase D: Build (Implementation)

The Validator

(defparameter *approved-functions* 
  '(message insert org-set-property org-id-goto save-excursion get-buffer-create format plist-get list quote))

(defun safety-harness-walk (form)
  "Recursively ensures all function calls in FORM are whitelisted."
  (cond
    ((atom form) t) ; Atoms (strings, numbers, symbols) are inherently safe
    ((listp form)
     (let ((fn (car form))
           (args (cdr form)))
       (and (member fn *approved-functions*)
            (every #'safety-harness-walk args))))
    (t nil)))

(defun safety-harness-validate (code-string)
  "Parses the string and triggers the recursive walk."
  (handler-case
      (let ((form (read-from-string code-string)))
        (safety-harness-walk form))
    (error (c)
      (kernel-log "SAFETY HARNESS - Parse error: ~a" c)
      nil)))

Registration

(defskill :skill-safety-harness
  :priority 100 ; Mandatory high-priority gate
  :trigger (lambda (context) nil) ; Triggered manually by kernel 'decide'
  :neuro (lambda (context) nil)
  :symbolic (lambda (action context) action))