amr/passepartout
1
0
Fork 0
Code Issues 15 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

AUDIT: Hardened harness with mandatory skill verification and literacy audit

Browse Source
This commit is contained in:
Amr Gharbeia
2026-04-13 20:40:37 -04:00
parent fb7e658419
commit 51ff6b2e61
8 changed files with 102 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
docs/ux.org
View File

@@ -53,5 +53,14 @@ This opens a slick, colorful interactive terminal session:
5. The Deterministic Engine (Bouncer) verifies it is a safe read-only action. 5. The Deterministic Engine (Bouncer) verifies it is a safe read-only action.
6. The ~:cli~ Actuator formats the Lisp response into Markdown and sends it back over the socket. 6. The ~:cli~ Actuator formats the Lisp response into Markdown and sends it back over the socket.
* 3. The Continuous Loop (Daily Usage) * 3. The Interactive Refinement (v0.2.0)
** Goal
Transition from a "Verified Wrapper" around netcat to a high-fidelity, native Common Lisp TUI that rivals the experience of ~gemini-cli~.
** Features
- *Homoiconic UI:* The TUI is rendered directly by the Lisp kernel, allowing for live introspection of the agent's thoughts.
- *Rich Formatting:* ANSI colors, bold headers, and syntax-highlighted code blocks.
- *Command Palette:* Slash commands for system control without leaving the chat.
* 4. The Continuous Loop (Daily Usage)
(To be defined as the agent's capabilities expand into Scribe, Gardener, and Emacs-native interactions). (To be defined as the agent's capabilities expand into Scribe, Gardener, and Emacs-native interactions).

5
literate/reason.org
View File

@@ -57,12 +57,13 @@ The `think` function represents the "intuitive" side of the agent. It identifies
(let* ((active-skill (find-triggered-skill context)) (let* ((active-skill (find-triggered-skill context))
(tool-belt (generate-tool-belt-prompt)) (tool-belt (generate-tool-belt-prompt))
(global-context (context-assemble-global-awareness)) (global-context (context-assemble-global-awareness))
(system-logs (context-get-system-logs))
(assistant-name (or (uiop:getenv "MEMEX_ASSISTANT") "Agent"))) (assistant-name (or (uiop:getenv "MEMEX_ASSISTANT") "Agent")))
(if active-skill (if active-skill
(let* ((prompt-generator (skill-probabilistic-prompt active-skill)) (let* ((prompt-generator (skill-probabilistic-prompt active-skill))
(raw-prompt (when prompt-generator (funcall prompt-generator context))) (raw-prompt (when prompt-generator (funcall prompt-generator context)))
(system-prompt (format nil "IDENTITY: Actuator for ~a. MANDATE: ONE Lisp plist. ~a ~a" (system-prompt (format nil "IDENTITY: Actuator for ~a. MANDATE: ONE Lisp plist. ~a ~a RECENT_LOGS: ~a"
assistant-name global-context tool-belt))) assistant-name global-context tool-belt system-logs)))
(if (and raw-prompt (> (length raw-prompt) 1)) (if (and raw-prompt (> (length raw-prompt) 1))
(let* ((thought (probabilistic-call raw-prompt :system-prompt system-prompt :context context)) (let* ((thought (probabilistic-call raw-prompt :system-prompt system-prompt :context context))
;; Ensure we are working with a string for read-from-string ;; Ensure we are working with a string for read-from-string

9
literate/skills.org
View File

@@ -324,9 +324,14 @@ The unified orchestrator for the system boot sequence.
(harness-log " LOADER: Initializing ~a skills..." (length sorted-files)) (harness-log " LOADER: Initializing ~a skills..." (length sorted-files))
(dolist (file sorted-files) (dolist (file sorted-files)
(let ((skill-name (pathname-name file))) (let* ((skill-name (pathname-name file))
(is-mandatory (member skill-name mandatory-skills :test #'string-equal)))
(harness-log " LOADER: Loading ~a..." skill-name) (harness-log " LOADER: Loading ~a..." skill-name)
(load-skill-with-timeout file 5))) (let ((status (load-skill-with-timeout file 5)))
(unless (eq status :success)
(if is-mandatory
(error "BOOT FAILURE: Mandatory skill '~a' failed to load (Status: ~a)." skill-name status)
(harness-log "LOADER WARNING: Skill '~a' failed to load." skill-name))))))
;; Final Summary ;; Final Summary
(let ((ready 0) (failed 0)) (let ((ready 0) (failed 0))

79
skills/org-skill-bouncer.org
View File

@@ -1,6 +1,7 @@
:PROPERTIES: :PROPERTIES:
:ID: bouncer-agent-skill :ID: bouncer-agent-skill
:CREATED: [2026-04-11 Sat 15:20] :CREATED: [2026-04-11 Sat 15:20]
:EDITED: [2026-04-13 Mon 18:35]
:END: :END:
#+TITLE: SKILL: Deterministic Engine Bouncer (Authorization Gate) #+TITLE: SKILL: Deterministic Engine Bouncer (Authorization Gate)
#+STARTUP: content #+STARTUP: content
@@ -9,18 +10,15 @@
* Overview * Overview
The *Deterministic Engine Bouncer* is the authorization gate for high-risk actions. It serializes intercepted actions into Org nodes ("Flight Plans") and re-injects them once manually approved by the Sovereign. The *Deterministic Engine Bouncer* is the authorization gate for high-risk actions. It serializes intercepted actions into Org nodes ("Flight Plans") and re-injects them once manually approved by the Sovereign.
** Deep Reasoning: Beyond Permission * Package Context
While the *Formal Prover* ensures an action is "legal" (e.g., "Yes, you are allowed to send a Matrix message"), the *Bouncer* ensures the action is "safe" by inspecting the payload content via **Deep Packet Inspection (DPI)**. #+begin_src lisp
(in-package :org-agent)
#+end_src
1. **Secret Exposure Gate:** The Bouncer automatically scans all outgoing `:text` payloads for strings matching your API keys or sensitive IDs stored in the `Credentials Vault`. * Deep Packet Inspection (DPI)
2. **Network Exfiltration Gate:** It monitors for unauthorized IP addresses or domains in shell commands, preventing the agent from "phoning home" to a malicious server. The Bouncer ensures the action is "safe" by inspecting the payload content via Deep Packet Inspection.
3. **The Final Filter:** The Bouncer sits at the very end of the deterministic pipeline. It is the last gate before an action touches the physical hardware.
* Implementation ** Secret Exposure Check
** Deep Packet Inspection (DPI)
*** Secret Exposure Check
Retrieves all active secrets from the vault and scans the payload for potential leaks. Retrieves all active secrets from the vault and scans the payload for potential leaks.
#+begin_src lisp #+begin_src lisp
@@ -36,7 +34,7 @@ Retrieves all active secrets from the vault and scans the payload for potential
found-secret))) found-secret)))
#+end_src #+end_src
*** Network Exfiltration Check ** Network Exfiltration Check
Inspects shell commands for unwhitelisted domains or IP addresses. Inspects shell commands for unwhitelisted domains or IP addresses.
#+begin_src lisp #+begin_src lisp
@@ -53,8 +51,8 @@ Inspects shell commands for unwhitelisted domains or IP addresses.
(not (some (lambda (safe) (search safe domain)) network-whitelist)))))))) (not (some (lambda (safe) (search safe domain)) network-whitelist))))))))
#+end_src #+end_src
** Runtime Guard (bouncer-check) * Runtime Guard (bouncer-check)
The primary entry point for all high-impact actions. The primary entry point for all high-impact actions. It blocks or queues actions based on risk vectors.
#+begin_src lisp #+begin_src lisp
(defun bouncer-check (action context) (defun bouncer-check (action context)
@@ -96,7 +94,9 @@ The primary entry point for all high-impact actions.
(t action)))) (t action))))
#+end_src #+end_src
** Approval Processing * Approval Processing
The Bouncer periodically scans the Memex for approved "Flight Plans" and re-injects them into the metabolic loop.
#+begin_src lisp #+begin_src lisp
(defun bouncer-process-approvals () (defun bouncer-process-approvals ()
"Scans the object store for APPROVED flight plans and re-injects their actions." "Scans the object store for APPROVED flight plans and re-injects their actions."
@@ -118,31 +118,40 @@ The primary entry point for all high-impact actions.
found-any)) found-any))
#+end_src #+end_src
** Skill Definition * Skill Definition
The Bouncer skill reacts to approval requirements by creating flight plan nodes, and periodically checks for manual approvals via heartbeats.
** Skill Logic
#+begin_src lisp
(defun bouncer-deterministic-gate (action context)
"Main gate for the bouncer skill."
(declare (ignore action))
(let* ((payload (getf context :payload))
(sensor (getf payload :sensor)))
(case sensor
(:approval-required
(let* ((blocked-action (getf payload :action))
(id (org-id-new)))
(harness-log "BOUNCER: Creating flight plan node...")
;; Create the node in Emacs (or inbox)
(list :type :REQUEST :target :emacs :action :insert-node
:id id :attributes `(:TITLE "Flight Plan: High-Risk Action"
:TODO "PLAN"
:TAGS ("FLIGHT_PLAN")
:ACTION ,(format nil "~s" blocked-action)))))
(:heartbeat
;; Periodically check for approvals
(bouncer-process-approvals)
nil))))
#+end_src
** Skill Registration
#+begin_src lisp #+begin_src lisp
(defskill :skill-bouncer (defskill :skill-bouncer
:priority 100 :priority 150
:trigger (lambda (ctx) :trigger (lambda (ctx)
(or (eq (getf (getf ctx :payload) :sensor) :approval-required) (or (eq (getf (getf ctx :payload) :sensor) :approval-required)
(eq (getf (getf ctx :payload) :sensor) :heartbeat))) (eq (getf (getf ctx :payload) :sensor) :heartbeat)))
:probabilistic nil :probabilistic nil
:deterministic (lambda (action context) :deterministic #'bouncer-deterministic-gate)
(declare (ignore action))
(let* ((payload (getf context :payload))
(sensor (getf payload :sensor)))
(case sensor
(:approval-required
(let* ((blocked-action (getf payload :action))
(id (org-id-new)))
(harness-log "BOUNCER: Creating flight plan node...")
;; Create the node in Emacs (or inbox)
(list :type :REQUEST :target :emacs :action :insert-node
:id id :attributes `(:TITLE "Flight Plan: High-Risk Action"
:TODO "PLAN"
:TAGS ("FLIGHT_PLAN")
:ACTION ,(format nil "~s" blocked-action)))))
(:heartbeat
;; Periodically check for approvals
(bouncer-process-approvals)
nil)))))
#+end_src #+end_src

45
skills/org-skill-policy.org
View File

@@ -1,7 +1,7 @@
:PROPERTIES: :PROPERTIES:
:ID: 47425a43-2be0-423c-8509-22592cfe9c9e :ID: 47425a43-2be0-423c-8509-22592cfe9c9e
:CREATED: [2026-04-07 Tue 12:57] :CREATED: [2026-04-07 Tue 12:57]
:EDITED: [2026-04-12 Sun 20:10] :EDITED: [2026-04-13 Mon 18:30]
:END: :END:
#+TITLE: SKILL: System Policy #+TITLE: SKILL: System Policy
#+STARTUP: content #+STARTUP: content
@@ -10,15 +10,15 @@
* Overview * Overview
The *Org-Agent* is a probabilistic-deterministic harness for a personal operating system. It uses Org-mode as its native memory and Common Lisp as its deterministic reasoning engine. The *Org-Agent* is a probabilistic-deterministic harness for a personal operating system. It uses Org-mode as its native memory and Common Lisp as its deterministic reasoning engine.
* Package Context
Every skill executes within its own jailed package namespace, while inheriting core harness symbols.
#+begin_src lisp :tangle ../src/policy.lisp #+begin_src lisp :tangle ../src/policy.lisp
(in-package :org-agent) (in-package :org-agent)
#+end_src #+end_src
This document contains the *Core System Policy*. These are non-negotiable philosophical and technical constraints that every agentic action MUST satisfy.
The Deterministic Engine uses these headlines as a "Moral Compass" during the decision stage.
* The Core Invariants * The Core Invariants
This document contains the *Core System Policy*. These are non-negotiable philosophical and technical constraints that every agentic action MUST satisfy. The Deterministic Engine uses these headlines as a "Moral Compass" during the decision stage.
** 1. Sovereignty Above All ** 1. Sovereignty Above All
Every action must increase the user's independence from centralized, proprietary platforms. If a tool or library introduces a dependency on a non-sovereign entity, it must be flagged for replacement. Every action must increase the user's independence from centralized, proprietary platforms. If a tool or library introduces a dependency on a non-sovereign entity, it must be flagged for replacement.
@@ -27,19 +27,9 @@ Every action must increase the user's independence from centralized, proprietary
(defun policy-check-sovereignty (action context) (defun policy-check-sovereignty (action context)
"Ensures the action does not violate the Sovereignty invariant." "Ensures the action does not violate the Sovereignty invariant."
(declare (ignore context)) (declare (ignore context))
;; Implementation placeholder ;; Implementation placeholder: currently permits all actions.
;; Future: Scan for non-sovereign domain names or proprietary API endpoints.
action) action)
(defun policy-deterministic-gate (action context)
"The main policy gate. Sub-calls engineering standards if available."
(let ((current-action (policy-check-sovereignty action context)))
(when current-action
(let ((eng-pkg (find-package :org-agent.skills.org-skill-engineering-standards)))
(when eng-pkg
(let ((eng-gate (find-symbol "ENGINEERING-STANDARDS-GATE" eng-pkg)))
(when (and eng-gate (fboundp eng-gate))
(setf current-action (funcall (symbol-function eng-gate) current-action context)))))))
current-action))
#+end_src #+end_src
** 2. Technical Mastery & Mentorship ** 2. Technical Mastery & Mentorship
@@ -54,9 +44,26 @@ The agent's "Thought Stream" must be fully auditable. Hidden reasoning or obfusc
** 5. Long-Term Sustainability ** 5. Long-Term Sustainability
Prioritize local, energy-efficient, and offline-first architectures. The "Memex" should be functional in a 100-year horizon. Prioritize local, energy-efficient, and offline-first architectures. The "Memex" should be functional in a 100-year horizon.
* Operational Mandates * The Policy Gate
Every action performed by an agent in this environment must also adhere to the [[file:../../org-agent-contrib/org-skill-engineering-standards.org][Engineering Standards]]. The main deterministic entry point for the policy skill. It orchestrates the various invariant checks and delegates to engineering standards.
#+begin_src lisp :tangle ../src/policy.lisp
(defun policy-deterministic-gate (action context)
"The main policy gate. Sub-calls engineering standards if available."
(let ((current-action (policy-check-sovereignty action context)))
(when current-action
(let ((eng-pkg (find-package :org-agent.skills.org-skill-engineering-standards)))
(when eng-pkg
(let ((eng-gate (find-symbol "ENGINEERING-STANDARDS-GATE" eng-pkg)))
(when (and eng-gate (fboundp eng-gate))
(setf current-action (funcall (symbol-function eng-gate) current-action context)))))))
current-action))
#+end_src
* Operational Mandates
Every action performed by an agent in this environment must also adhere to the [[file:org-skill-engineering-standards.org][Engineering Standards]].
** Skill Registration
#+begin_src lisp :tangle ../src/policy.lisp #+begin_src lisp :tangle ../src/policy.lisp
(defskill :skill-policy (defskill :skill-policy
:priority 100 :priority 100

3
src/policy.lisp
View File

@@ -3,7 +3,8 @@
(defun policy-check-sovereignty (action context) (defun policy-check-sovereignty (action context)
"Ensures the action does not violate the Sovereignty invariant." "Ensures the action does not violate the Sovereignty invariant."
(declare (ignore context)) (declare (ignore context))
;; Implementation placeholder ;; Implementation placeholder: currently permits all actions.
;; Future: Scan for non-sovereign domain names or proprietary API endpoints.
action) action)
(defun policy-deterministic-gate (action context) (defun policy-deterministic-gate (action context)

5
src/reason.lisp
View File

@@ -32,12 +32,13 @@
(let* ((active-skill (find-triggered-skill context)) (let* ((active-skill (find-triggered-skill context))
(tool-belt (generate-tool-belt-prompt)) (tool-belt (generate-tool-belt-prompt))
(global-context (context-assemble-global-awareness)) (global-context (context-assemble-global-awareness))
(system-logs (context-get-system-logs))
(assistant-name (or (uiop:getenv "MEMEX_ASSISTANT") "Agent"))) (assistant-name (or (uiop:getenv "MEMEX_ASSISTANT") "Agent")))
(if active-skill (if active-skill
(let* ((prompt-generator (skill-probabilistic-prompt active-skill)) (let* ((prompt-generator (skill-probabilistic-prompt active-skill))
(raw-prompt (when prompt-generator (funcall prompt-generator context))) (raw-prompt (when prompt-generator (funcall prompt-generator context)))
(system-prompt (format nil "IDENTITY: Actuator for ~a. MANDATE: ONE Lisp plist. ~a ~a" (system-prompt (format nil "IDENTITY: Actuator for ~a. MANDATE: ONE Lisp plist. ~a ~a RECENT_LOGS: ~a"
assistant-name global-context tool-belt))) assistant-name global-context tool-belt system-logs)))
(if (and raw-prompt (> (length raw-prompt) 1)) (if (and raw-prompt (> (length raw-prompt) 1))
(let* ((thought (probabilistic-call raw-prompt :system-prompt system-prompt :context context)) (let* ((thought (probabilistic-call raw-prompt :system-prompt system-prompt :context context))
;; Ensure we are working with a string for read-from-string ;; Ensure we are working with a string for read-from-string

9
src/skills.lisp
View File

@@ -211,9 +211,14 @@
(harness-log " LOADER: Initializing ~a skills..." (length sorted-files)) (harness-log " LOADER: Initializing ~a skills..." (length sorted-files))
(dolist (file sorted-files) (dolist (file sorted-files)
(let ((skill-name (pathname-name file))) (let* ((skill-name (pathname-name file))
(is-mandatory (member skill-name mandatory-skills :test #'string-equal)))
(harness-log " LOADER: Loading ~a..." skill-name) (harness-log " LOADER: Loading ~a..." skill-name)
(load-skill-with-timeout file 5))) (let ((status (load-skill-with-timeout file 5)))
(unless (eq status :success)
(if is-mandatory
(error "BOOT FAILURE: Mandatory skill '~a' failed to load (Status: ~a)." skill-name status)
(harness-log "LOADER WARNING: Skill '~a' failed to load." skill-name))))))
;; Final Summary ;; Final Summary
(let ((ready 0) (failed 0)) (let ((ready 0) (failed 0))