AUDIT: Hardened harness with mandatory skill verification and literacy audit
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
:PROPERTIES:
|
||||
:ID: bouncer-agent-skill
|
||||
:CREATED: [2026-04-11 Sat 15:20]
|
||||
:EDITED: [2026-04-13 Mon 18:35]
|
||||
:END:
|
||||
#+TITLE: SKILL: Deterministic Engine Bouncer (Authorization Gate)
|
||||
#+STARTUP: content
|
||||
@@ -9,18 +10,15 @@
|
||||
* Overview
|
||||
The *Deterministic Engine Bouncer* is the authorization gate for high-risk actions. It serializes intercepted actions into Org nodes ("Flight Plans") and re-injects them once manually approved by the Sovereign.
|
||||
|
||||
** Deep Reasoning: Beyond Permission
|
||||
While the *Formal Prover* ensures an action is "legal" (e.g., "Yes, you are allowed to send a Matrix message"), the *Bouncer* ensures the action is "safe" by inspecting the payload content via **Deep Packet Inspection (DPI)**.
|
||||
* Package Context
|
||||
#+begin_src lisp
|
||||
(in-package :org-agent)
|
||||
#+end_src
|
||||
|
||||
1. **Secret Exposure Gate:** The Bouncer automatically scans all outgoing `:text` payloads for strings matching your API keys or sensitive IDs stored in the `Credentials Vault`.
|
||||
2. **Network Exfiltration Gate:** It monitors for unauthorized IP addresses or domains in shell commands, preventing the agent from "phoning home" to a malicious server.
|
||||
3. **The Final Filter:** The Bouncer sits at the very end of the deterministic pipeline. It is the last gate before an action touches the physical hardware.
|
||||
* Deep Packet Inspection (DPI)
|
||||
The Bouncer ensures the action is "safe" by inspecting the payload content via Deep Packet Inspection.
|
||||
|
||||
* Implementation
|
||||
|
||||
** Deep Packet Inspection (DPI)
|
||||
|
||||
*** Secret Exposure Check
|
||||
** Secret Exposure Check
|
||||
Retrieves all active secrets from the vault and scans the payload for potential leaks.
|
||||
|
||||
#+begin_src lisp
|
||||
@@ -36,7 +34,7 @@ Retrieves all active secrets from the vault and scans the payload for potential
|
||||
found-secret)))
|
||||
#+end_src
|
||||
|
||||
*** Network Exfiltration Check
|
||||
** Network Exfiltration Check
|
||||
Inspects shell commands for unwhitelisted domains or IP addresses.
|
||||
|
||||
#+begin_src lisp
|
||||
@@ -53,8 +51,8 @@ Inspects shell commands for unwhitelisted domains or IP addresses.
|
||||
(not (some (lambda (safe) (search safe domain)) network-whitelist))))))))
|
||||
#+end_src
|
||||
|
||||
** Runtime Guard (bouncer-check)
|
||||
The primary entry point for all high-impact actions.
|
||||
* Runtime Guard (bouncer-check)
|
||||
The primary entry point for all high-impact actions. It blocks or queues actions based on risk vectors.
|
||||
|
||||
#+begin_src lisp
|
||||
(defun bouncer-check (action context)
|
||||
@@ -96,7 +94,9 @@ The primary entry point for all high-impact actions.
|
||||
(t action))))
|
||||
#+end_src
|
||||
|
||||
** Approval Processing
|
||||
* Approval Processing
|
||||
The Bouncer periodically scans the Memex for approved "Flight Plans" and re-injects them into the metabolic loop.
|
||||
|
||||
#+begin_src lisp
|
||||
(defun bouncer-process-approvals ()
|
||||
"Scans the object store for APPROVED flight plans and re-injects their actions."
|
||||
@@ -118,31 +118,40 @@ The primary entry point for all high-impact actions.
|
||||
found-any))
|
||||
#+end_src
|
||||
|
||||
** Skill Definition
|
||||
* Skill Definition
|
||||
The Bouncer skill reacts to approval requirements by creating flight plan nodes, and periodically checks for manual approvals via heartbeats.
|
||||
|
||||
** Skill Logic
|
||||
#+begin_src lisp
|
||||
(defun bouncer-deterministic-gate (action context)
|
||||
"Main gate for the bouncer skill."
|
||||
(declare (ignore action))
|
||||
(let* ((payload (getf context :payload))
|
||||
(sensor (getf payload :sensor)))
|
||||
(case sensor
|
||||
(:approval-required
|
||||
(let* ((blocked-action (getf payload :action))
|
||||
(id (org-id-new)))
|
||||
(harness-log "BOUNCER: Creating flight plan node...")
|
||||
;; Create the node in Emacs (or inbox)
|
||||
(list :type :REQUEST :target :emacs :action :insert-node
|
||||
:id id :attributes `(:TITLE "Flight Plan: High-Risk Action"
|
||||
:TODO "PLAN"
|
||||
:TAGS ("FLIGHT_PLAN")
|
||||
:ACTION ,(format nil "~s" blocked-action)))))
|
||||
(:heartbeat
|
||||
;; Periodically check for approvals
|
||||
(bouncer-process-approvals)
|
||||
nil))))
|
||||
#+end_src
|
||||
|
||||
** Skill Registration
|
||||
#+begin_src lisp
|
||||
(defskill :skill-bouncer
|
||||
:priority 100
|
||||
:priority 150
|
||||
:trigger (lambda (ctx)
|
||||
(or (eq (getf (getf ctx :payload) :sensor) :approval-required)
|
||||
(eq (getf (getf ctx :payload) :sensor) :heartbeat)))
|
||||
:probabilistic nil
|
||||
:deterministic (lambda (action context)
|
||||
(declare (ignore action))
|
||||
(let* ((payload (getf context :payload))
|
||||
(sensor (getf payload :sensor)))
|
||||
(case sensor
|
||||
(:approval-required
|
||||
(let* ((blocked-action (getf payload :action))
|
||||
(id (org-id-new)))
|
||||
(harness-log "BOUNCER: Creating flight plan node...")
|
||||
;; Create the node in Emacs (or inbox)
|
||||
(list :type :REQUEST :target :emacs :action :insert-node
|
||||
:id id :attributes `(:TITLE "Flight Plan: High-Risk Action"
|
||||
:TODO "PLAN"
|
||||
:TAGS ("FLIGHT_PLAN")
|
||||
:ACTION ,(format nil "~s" blocked-action)))))
|
||||
(:heartbeat
|
||||
;; Periodically check for approvals
|
||||
(bouncer-process-approvals)
|
||||
nil)))))
|
||||
:deterministic #'bouncer-deterministic-gate)
|
||||
#+end_src
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
:PROPERTIES:
|
||||
:ID: 47425a43-2be0-423c-8509-22592cfe9c9e
|
||||
:CREATED: [2026-04-07 Tue 12:57]
|
||||
:EDITED: [2026-04-12 Sun 20:10]
|
||||
:EDITED: [2026-04-13 Mon 18:30]
|
||||
:END:
|
||||
#+TITLE: SKILL: System Policy
|
||||
#+STARTUP: content
|
||||
@@ -10,15 +10,15 @@
|
||||
* Overview
|
||||
The *Org-Agent* is a probabilistic-deterministic harness for a personal operating system. It uses Org-mode as its native memory and Common Lisp as its deterministic reasoning engine.
|
||||
|
||||
* Package Context
|
||||
Every skill executes within its own jailed package namespace, while inheriting core harness symbols.
|
||||
|
||||
#+begin_src lisp :tangle ../src/policy.lisp
|
||||
(in-package :org-agent)
|
||||
#+end_src
|
||||
|
||||
This document contains the *Core System Policy*. These are non-negotiable philosophical and technical constraints that every agentic action MUST satisfy.
|
||||
|
||||
The Deterministic Engine uses these headlines as a "Moral Compass" during the decision stage.
|
||||
|
||||
* The Core Invariants
|
||||
This document contains the *Core System Policy*. These are non-negotiable philosophical and technical constraints that every agentic action MUST satisfy. The Deterministic Engine uses these headlines as a "Moral Compass" during the decision stage.
|
||||
|
||||
** 1. Sovereignty Above All
|
||||
Every action must increase the user's independence from centralized, proprietary platforms. If a tool or library introduces a dependency on a non-sovereign entity, it must be flagged for replacement.
|
||||
@@ -27,19 +27,9 @@ Every action must increase the user's independence from centralized, proprietary
|
||||
(defun policy-check-sovereignty (action context)
|
||||
"Ensures the action does not violate the Sovereignty invariant."
|
||||
(declare (ignore context))
|
||||
;; Implementation placeholder
|
||||
;; Implementation placeholder: currently permits all actions.
|
||||
;; Future: Scan for non-sovereign domain names or proprietary API endpoints.
|
||||
action)
|
||||
|
||||
(defun policy-deterministic-gate (action context)
|
||||
"The main policy gate. Sub-calls engineering standards if available."
|
||||
(let ((current-action (policy-check-sovereignty action context)))
|
||||
(when current-action
|
||||
(let ((eng-pkg (find-package :org-agent.skills.org-skill-engineering-standards)))
|
||||
(when eng-pkg
|
||||
(let ((eng-gate (find-symbol "ENGINEERING-STANDARDS-GATE" eng-pkg)))
|
||||
(when (and eng-gate (fboundp eng-gate))
|
||||
(setf current-action (funcall (symbol-function eng-gate) current-action context)))))))
|
||||
current-action))
|
||||
#+end_src
|
||||
|
||||
** 2. Technical Mastery & Mentorship
|
||||
@@ -54,9 +44,26 @@ The agent's "Thought Stream" must be fully auditable. Hidden reasoning or obfusc
|
||||
** 5. Long-Term Sustainability
|
||||
Prioritize local, energy-efficient, and offline-first architectures. The "Memex" should be functional in a 100-year horizon.
|
||||
|
||||
* Operational Mandates
|
||||
Every action performed by an agent in this environment must also adhere to the [[file:../../org-agent-contrib/org-skill-engineering-standards.org][Engineering Standards]].
|
||||
* The Policy Gate
|
||||
The main deterministic entry point for the policy skill. It orchestrates the various invariant checks and delegates to engineering standards.
|
||||
|
||||
#+begin_src lisp :tangle ../src/policy.lisp
|
||||
(defun policy-deterministic-gate (action context)
|
||||
"The main policy gate. Sub-calls engineering standards if available."
|
||||
(let ((current-action (policy-check-sovereignty action context)))
|
||||
(when current-action
|
||||
(let ((eng-pkg (find-package :org-agent.skills.org-skill-engineering-standards)))
|
||||
(when eng-pkg
|
||||
(let ((eng-gate (find-symbol "ENGINEERING-STANDARDS-GATE" eng-pkg)))
|
||||
(when (and eng-gate (fboundp eng-gate))
|
||||
(setf current-action (funcall (symbol-function eng-gate) current-action context)))))))
|
||||
current-action))
|
||||
#+end_src
|
||||
|
||||
* Operational Mandates
|
||||
Every action performed by an agent in this environment must also adhere to the [[file:org-skill-engineering-standards.org][Engineering Standards]].
|
||||
|
||||
** Skill Registration
|
||||
#+begin_src lisp :tangle ../src/policy.lisp
|
||||
(defskill :skill-policy
|
||||
:priority 100
|
||||
|
||||
Reference in New Issue
Block a user