AUDIT: Hardened harness with mandatory skill verification and literacy audit

2026-04-13 20:40:37 -04:00
parent fb7e658419
commit 51ff6b2e61
8 changed files with 102 additions and 64 deletions
--- a/docs/ux.org
+++ b/docs/ux.org
@@ -53,5 +53,14 @@ This opens a slick, colorful interactive terminal session:
 5. The Deterministic Engine (Bouncer) verifies it is a safe read-only action.
 6. The ~:cli~ Actuator formats the Lisp response into Markdown and sends it back over the socket.

-* 3. The Continuous Loop (Daily Usage)
+* 3. The Interactive Refinement (v0.2.0)
+** Goal
+Transition from a "Verified Wrapper" around netcat to a high-fidelity, native Common Lisp TUI that rivals the experience of ~gemini-cli~.
+
+** Features
+- *Homoiconic UI:* The TUI is rendered directly by the Lisp kernel, allowing for live introspection of the agent's thoughts.
+- *Rich Formatting:* ANSI colors, bold headers, and syntax-highlighted code blocks.
+- *Command Palette:* Slash commands for system control without leaving the chat.
+
+* 4. The Continuous Loop (Daily Usage)
 (To be defined as the agent's capabilities expand into Scribe, Gardener, and Emacs-native interactions).
--- a/literate/reason.org
+++ b/literate/reason.org
@@ -57,12 +57,13 @@ The `think` function represents the "intuitive" side of the agent. It identifies
  (let* ((active-skill (find-triggered-skill context))
         (tool-belt (generate-tool-belt-prompt))
         (global-context (context-assemble-global-awareness))
+         (system-logs (context-get-system-logs))
         (assistant-name (or (uiop:getenv "MEMEX_ASSISTANT") "Agent")))
    (if active-skill
        (let* ((prompt-generator (skill-probabilistic-prompt active-skill))
               (raw-prompt (when prompt-generator (funcall prompt-generator context)))
-               (system-prompt (format nil "IDENTITY: Actuator for ~a. MANDATE: ONE Lisp plist. ~a ~a" 
-                                      assistant-name global-context tool-belt)))
+               (system-prompt (format nil "IDENTITY: Actuator for ~a. MANDATE: ONE Lisp plist. ~a ~a RECENT_LOGS: ~a" 
+                                      assistant-name global-context tool-belt system-logs)))
          (if (and raw-prompt (> (length raw-prompt) 1))
              (let* ((thought (probabilistic-call raw-prompt :system-prompt system-prompt :context context))
                     ;; Ensure we are working with a string for read-from-string
--- a/literate/skills.org
+++ b/literate/skills.org
@@ -324,9 +324,14 @@ The unified orchestrator for the system boot sequence.
      (harness-log " LOADER: Initializing ~a skills..." (length sorted-files))
      
      (dolist (file sorted-files)
-        (let ((skill-name (pathname-name file)))
+        (let* ((skill-name (pathname-name file))
+               (is-mandatory (member skill-name mandatory-skills :test #'string-equal)))
          (harness-log " LOADER: Loading ~a..." skill-name)
-          (load-skill-with-timeout file 5)))
+          (let ((status (load-skill-with-timeout file 5)))
+            (unless (eq status :success)
+              (if is-mandatory
+                  (error "BOOT FAILURE: Mandatory skill '~a' failed to load (Status: ~a)." skill-name status)
+                  (harness-log "LOADER WARNING: Skill '~a' failed to load." skill-name))))))
      
      ;; Final Summary
      (let ((ready 0) (failed 0))
--- a/skills/org-skill-bouncer.org
+++ b/skills/org-skill-bouncer.org
@@ -1,6 +1,7 @@
 :PROPERTIES:
 :ID:       bouncer-agent-skill
 :CREATED:  [2026-04-11 Sat 15:20]
+:EDITED:   [2026-04-13 Mon 18:35]
 :END:
 #+TITLE: SKILL: Deterministic Engine Bouncer (Authorization Gate)
 #+STARTUP: content
@@ -9,18 +10,15 @@
 * Overview
 The *Deterministic Engine Bouncer* is the authorization gate for high-risk actions. It serializes intercepted actions into Org nodes ("Flight Plans") and re-injects them once manually approved by the Sovereign.

-** Deep Reasoning: Beyond Permission
-While the *Formal Prover* ensures an action is "legal" (e.g., "Yes, you are allowed to send a Matrix message"), the *Bouncer* ensures the action is "safe" by inspecting the payload content via **Deep Packet Inspection (DPI)**.
+* Package Context
+#+begin_src lisp
+(in-package :org-agent)
+#+end_src

-1. **Secret Exposure Gate:** The Bouncer automatically scans all outgoing `:text` payloads for strings matching your API keys or sensitive IDs stored in the `Credentials Vault`.
-2. **Network Exfiltration Gate:** It monitors for unauthorized IP addresses or domains in shell commands, preventing the agent from "phoning home" to a malicious server.
-3. **The Final Filter:** The Bouncer sits at the very end of the deterministic pipeline. It is the last gate before an action touches the physical hardware.
+* Deep Packet Inspection (DPI)
+The Bouncer ensures the action is "safe" by inspecting the payload content via Deep Packet Inspection.

-* Implementation
-
-** Deep Packet Inspection (DPI)
-
-*** Secret Exposure Check
+** Secret Exposure Check
 Retrieves all active secrets from the vault and scans the payload for potential leaks.

 #+begin_src lisp
@@ -36,7 +34,7 @@ Retrieves all active secrets from the vault and scans the payload for potential
      found-secret)))
 #+end_src

-*** Network Exfiltration Check
+** Network Exfiltration Check
 Inspects shell commands for unwhitelisted domains or IP addresses.

 #+begin_src lisp
@@ -53,8 +51,8 @@ Inspects shell commands for unwhitelisted domains or IP addresses.
            (not (some (lambda (safe) (search safe domain)) network-whitelist))))))))
 #+end_src

-** Runtime Guard (bouncer-check)
-The primary entry point for all high-impact actions.
+* Runtime Guard (bouncer-check)
+The primary entry point for all high-impact actions. It blocks or queues actions based on risk vectors.

 #+begin_src lisp
 (defun bouncer-check (action context)
@@ -96,7 +94,9 @@ The primary entry point for all high-impact actions.
      (t action))))
 #+end_src

-** Approval Processing
+* Approval Processing
+The Bouncer periodically scans the Memex for approved "Flight Plans" and re-injects them into the metabolic loop.
+
 #+begin_src lisp
 (defun bouncer-process-approvals ()
  "Scans the object store for APPROVED flight plans and re-injects their actions."
@@ -118,31 +118,40 @@ The primary entry point for all high-impact actions.
    found-any))
 #+end_src

-** Skill Definition
+* Skill Definition
+The Bouncer skill reacts to approval requirements by creating flight plan nodes, and periodically checks for manual approvals via heartbeats.
+
+** Skill Logic
+#+begin_src lisp
+(defun bouncer-deterministic-gate (action context)
+  "Main gate for the bouncer skill."
+  (declare (ignore action))
+  (let* ((payload (getf context :payload))
+         (sensor (getf payload :sensor)))
+    (case sensor
+      (:approval-required
+       (let* ((blocked-action (getf payload :action))
+              (id (org-id-new)))
+         (harness-log "BOUNCER: Creating flight plan node...")
+         ;; Create the node in Emacs (or inbox)
+         (list :type :REQUEST :target :emacs :action :insert-node 
+               :id id :attributes `(:TITLE "Flight Plan: High-Risk Action" 
+                                    :TODO "PLAN" 
+                                    :TAGS ("FLIGHT_PLAN")
+                                    :ACTION ,(format nil "~s" blocked-action)))))
+      (:heartbeat
+       ;; Periodically check for approvals
+       (bouncer-process-approvals)
+       nil))))
+#+end_src
+
+** Skill Registration
 #+begin_src lisp
 (defskill :skill-bouncer
-  :priority 100
+  :priority 150
  :trigger (lambda (ctx) 
             (or (eq (getf (getf ctx :payload) :sensor) :approval-required)
                 (eq (getf (getf ctx :payload) :sensor) :heartbeat)))
  :probabilistic nil
-  :deterministic (lambda (action context)
-              (declare (ignore action))
-              (let* ((payload (getf context :payload))
-                     (sensor (getf payload :sensor)))
-                (case sensor
-                  (:approval-required
-                   (let* ((blocked-action (getf payload :action))
-                          (id (org-id-new)))
-                     (harness-log "BOUNCER: Creating flight plan node...")
-                     ;; Create the node in Emacs (or inbox)
-                     (list :type :REQUEST :target :emacs :action :insert-node 
-                           :id id :attributes `(:TITLE "Flight Plan: High-Risk Action" 
-                                                :TODO "PLAN" 
-                                                :TAGS ("FLIGHT_PLAN")
-                                                :ACTION ,(format nil "~s" blocked-action)))))
-                  (:heartbeat
-                   ;; Periodically check for approvals
-                   (bouncer-process-approvals)
-                   nil)))))
+  :deterministic #'bouncer-deterministic-gate)
 #+end_src
--- a/skills/org-skill-policy.org
+++ b/skills/org-skill-policy.org
@@ -1,7 +1,7 @@
 :PROPERTIES:
 :ID:       47425a43-2be0-423c-8509-22592cfe9c9e
 :CREATED:  [2026-04-07 Tue 12:57]
-:EDITED:   [2026-04-12 Sun 20:10]
+:EDITED:   [2026-04-13 Mon 18:30]
 :END:
 #+TITLE: SKILL: System Policy
 #+STARTUP: content
@@ -10,15 +10,15 @@
 * Overview
 The *Org-Agent* is a probabilistic-deterministic harness for a personal operating system. It uses Org-mode as its native memory and Common Lisp as its deterministic reasoning engine.

+* Package Context
+Every skill executes within its own jailed package namespace, while inheriting core harness symbols.
+
 #+begin_src lisp :tangle ../src/policy.lisp
 (in-package :org-agent)
 #+end_src

-This document contains the *Core System Policy*. These are non-negotiable philosophical and technical constraints that every agentic action MUST satisfy. 
-
-The Deterministic Engine uses these headlines as a "Moral Compass" during the decision stage.
-
 * The Core Invariants
+This document contains the *Core System Policy*. These are non-negotiable philosophical and technical constraints that every agentic action MUST satisfy. The Deterministic Engine uses these headlines as a "Moral Compass" during the decision stage.

 ** 1. Sovereignty Above All
 Every action must increase the user's independence from centralized, proprietary platforms. If a tool or library introduces a dependency on a non-sovereign entity, it must be flagged for replacement.
@@ -27,19 +27,9 @@ Every action must increase the user's independence from centralized, proprietary
 (defun policy-check-sovereignty (action context)
  "Ensures the action does not violate the Sovereignty invariant."
  (declare (ignore context))
-  ;; Implementation placeholder
+  ;; Implementation placeholder: currently permits all actions.
+  ;; Future: Scan for non-sovereign domain names or proprietary API endpoints.
  action)
-
-(defun policy-deterministic-gate (action context)
-  "The main policy gate. Sub-calls engineering standards if available."
-  (let ((current-action (policy-check-sovereignty action context)))
-    (when current-action
-      (let ((eng-pkg (find-package :org-agent.skills.org-skill-engineering-standards)))
-        (when eng-pkg
-          (let ((eng-gate (find-symbol "ENGINEERING-STANDARDS-GATE" eng-pkg)))
-            (when (and eng-gate (fboundp eng-gate))
-              (setf current-action (funcall (symbol-function eng-gate) current-action context)))))))
-    current-action))
 #+end_src

 ** 2. Technical Mastery & Mentorship
@@ -54,9 +44,26 @@ The agent's "Thought Stream" must be fully auditable. Hidden reasoning or obfusc
 ** 5. Long-Term Sustainability
 Prioritize local, energy-efficient, and offline-first architectures. The "Memex" should be functional in a 100-year horizon.

-* Operational Mandates
-Every action performed by an agent in this environment must also adhere to the [[file:../../org-agent-contrib/org-skill-engineering-standards.org][Engineering Standards]].
+* The Policy Gate
+The main deterministic entry point for the policy skill. It orchestrates the various invariant checks and delegates to engineering standards.

+#+begin_src lisp :tangle ../src/policy.lisp
+(defun policy-deterministic-gate (action context)
+  "The main policy gate. Sub-calls engineering standards if available."
+  (let ((current-action (policy-check-sovereignty action context)))
+    (when current-action
+      (let ((eng-pkg (find-package :org-agent.skills.org-skill-engineering-standards)))
+        (when eng-pkg
+          (let ((eng-gate (find-symbol "ENGINEERING-STANDARDS-GATE" eng-pkg)))
+            (when (and eng-gate (fboundp eng-gate))
+              (setf current-action (funcall (symbol-function eng-gate) current-action context)))))))
+    current-action))
+#+end_src
+
+* Operational Mandates
+Every action performed by an agent in this environment must also adhere to the [[file:org-skill-engineering-standards.org][Engineering Standards]].
+
+** Skill Registration
 #+begin_src lisp :tangle ../src/policy.lisp
 (defskill :skill-policy
  :priority 100
--- a/src/policy.lisp
+++ b/src/policy.lisp
@@ -3,7 +3,8 @@
 (defun policy-check-sovereignty (action context)
  "Ensures the action does not violate the Sovereignty invariant."
  (declare (ignore context))
-  ;; Implementation placeholder
+  ;; Implementation placeholder: currently permits all actions.
+  ;; Future: Scan for non-sovereign domain names or proprietary API endpoints.
  action)

 (defun policy-deterministic-gate (action context)
--- a/src/reason.lisp
+++ b/src/reason.lisp
@@ -32,12 +32,13 @@
  (let* ((active-skill (find-triggered-skill context))
         (tool-belt (generate-tool-belt-prompt))
         (global-context (context-assemble-global-awareness))
+         (system-logs (context-get-system-logs))
         (assistant-name (or (uiop:getenv "MEMEX_ASSISTANT") "Agent")))
    (if active-skill
        (let* ((prompt-generator (skill-probabilistic-prompt active-skill))
               (raw-prompt (when prompt-generator (funcall prompt-generator context)))
-               (system-prompt (format nil "IDENTITY: Actuator for ~a. MANDATE: ONE Lisp plist. ~a ~a" 
-                                      assistant-name global-context tool-belt)))
+               (system-prompt (format nil "IDENTITY: Actuator for ~a. MANDATE: ONE Lisp plist. ~a ~a RECENT_LOGS: ~a" 
+                                      assistant-name global-context tool-belt system-logs)))
          (if (and raw-prompt (> (length raw-prompt) 1))
              (let* ((thought (probabilistic-call raw-prompt :system-prompt system-prompt :context context))
                     ;; Ensure we are working with a string for read-from-string
--- a/src/skills.lisp
+++ b/src/skills.lisp
@@ -211,9 +211,14 @@
      (harness-log " LOADER: Initializing ~a skills..." (length sorted-files))
      
      (dolist (file sorted-files)
-        (let ((skill-name (pathname-name file)))
+        (let* ((skill-name (pathname-name file))
+               (is-mandatory (member skill-name mandatory-skills :test #'string-equal)))
          (harness-log " LOADER: Loading ~a..." skill-name)
-          (load-skill-with-timeout file 5)))
+          (let ((status (load-skill-with-timeout file 5)))
+            (unless (eq status :success)
+              (if is-mandatory
+                  (error "BOOT FAILURE: Mandatory skill '~a' failed to load (Status: ~a)." skill-name status)
+                  (harness-log "LOADER WARNING: Skill '~a' failed to load." skill-name))))))
      
      ;; Final Summary
      (let ((ready 0) (failed 0))