ARCH: Finalize Microkernel Decoupling - Move behavioral skills to dynamic user-space

skills/org-skill-shell-actuator.org

@@ -78,16 +78,14 @@ Interfaces for secure system calls. State is event-driven via the core kernel bu
 ** Allowed Commands
 Whitelist of permitted host binaries.
 
-#+begin_src lisp :tangle ../src/shell-logic.lisp
-(in-package :org-agent)
+#+begin_src lisp
 (defparameter *allowed-commands* '("ls" "git" "rg" "grep" "date" "echo" "cat" "node" "python3" "sbcl"))
 #+end_src
 
 ** Shell Metacharacters
 Dangerous characters that are banned to prevent command injection.
 
-#+begin_src lisp :tangle ../src/shell-logic.lisp
-(in-package :org-agent)
+#+begin_src lisp
 (defparameter *shell-metacharacters* '(#\; #\& #\| #\> #\< #\$ #\` #\\ #\!)
   "Characters that are banned in shell commands to prevent injection.")
 #+end_src
@@ -95,8 +93,7 @@ Dangerous characters that are banned to prevent command injection.
 ** Safety Check (shell-command-safe-p)
 Predicate to verify a command string is free of metacharacters.
 
-#+begin_src lisp :tangle ../src/shell-logic.lisp
-(in-package :org-agent)
+#+begin_src lisp
 (defun shell-command-safe-p (cmd-string)
   "Returns T if the command string contains no dangerous metacharacters."
   (not (some (lambda (char) (find char cmd-string)) *shell-metacharacters*)))
@@ -105,8 +102,7 @@ Predicate to verify a command string is free of metacharacters.
 ** Shell Execution (execute-shell-safely)
 The primary secure actuator for host system calls.
 
-#+begin_src lisp :tangle ../src/shell-logic.lisp
-(in-package :org-agent)
+#+begin_src lisp
 (defun execute-shell-safely (action context)
   (let* ((cmd-string (getf (getf action :payload) :cmd))
          (executable (car (uiop:split-string (string-trim " " cmd-string) :separator '(#\Space)))))
@@ -136,8 +132,7 @@ The primary secure actuator for host system calls.
 ** Script Synthesis (execute-sandboxed-script)
 Executes a synthesized script (Python/Lisp/JS) in a controlled directory.
 
-#+begin_src lisp :tangle ../src/shell-logic.lisp
-(in-package :org-agent)
+#+begin_src lisp
 (defun execute-sandboxed-script (action context)
   "Executes a synthesized script (Python/Lisp/JS) in a controlled directory.
    This enables SOTA-level Tool Synthesis and Iterative Fixing."
@@ -166,8 +161,7 @@ Executes a synthesized script (Python/Lisp/JS) in a controlled directory.
 ** Infrastructure: MicroVM Provisioning
 Hardware-Level Isolation for future security evolution.
 
-#+begin_src lisp :tangle ../src/shell-logic.lisp
-(in-package :org-agent)
+#+begin_src lisp
 (defun provision-microvm (id &key (cpu 1) (ram 512))
   "Hardware-Level Isolation: Provisions an ephemeral Firecracker MicroVM.
    This is the high-security evolution of directory-based sandboxing."
@@ -177,8 +171,7 @@ Hardware-Level Isolation for future security evolution.
 #+end_src
 
 ** Feedback Perception
-#+begin_src lisp :tangle ../src/shell-logic.lisp
-(in-package :org-agent)
+#+begin_src lisp
 (defun trigger-skill-shell-actuator (context)
   (let ((type (getf context :type))
         (payload (getf context :payload)))
@@ -187,8 +180,7 @@ Hardware-Level Isolation for future security evolution.
 #+end_src
 
 ** Probabilistic-Cognitive Analysis
-#+begin_src lisp :tangle ../src/shell-logic.lisp
-(in-package :org-agent)
+#+begin_src lisp
 (defun probabilistic-skill-shell-actuator (context)
   (let* ((p (getf context :payload))
          (cmd (getf p :cmd))
@@ -229,16 +221,14 @@ Hardware-Level Isolation for future security evolution.
 ** Registration: Actuator
 Register the shell channel as a physical actuator.
 
-#+begin_src lisp :tangle ../src/shell-logic.lisp
-(in-package :org-agent)
+#+begin_src lisp
 (org-agent:register-actuator :shell #'execute-shell-safely)
 #+end_src
 
 ** Registration: Skill
 Define the skill entry for the shell actuator.
 
-#+begin_src lisp :tangle ../src/shell-logic.lisp
-(in-package :org-agent)
+#+begin_src lisp
 (defskill :skill-shell-actuator
   :priority 80
   :trigger #'trigger-skill-shell-actuator