ARCH: Finalize semantic reorganization, skill jailing, and unified CLI

2026-04-22 11:38:13 -04:00
parent 60f2c152e0
commit 6c333af7aa
51 changed files with 974 additions and 717 deletions
--- a/skills/org-skill-bouncer.org
+++ b/skills/org-skill-bouncer.org
@@ -12,7 +12,7 @@
 The *Deterministic Engine Bouncer* is the authorization gate for high-risk actions. It serializes intercepted actions into Org nodes ("Flight Plans") and re-injects them once manually approved by the Autonomous.

 * Package Context
-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-bouncer.lisp
 (in-package :opencortex)
 #+end_src

@@ -22,7 +22,7 @@ The Bouncer ensures the action is "safe" by inspecting the payload content via D
 ** Secret Exposure Check
 Retrieves all active secrets from the vault and scans the payload for potential leaks.

-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-bouncer.lisp
 (defun bouncer-scan-secrets (text)
  "Returns the name of the secret found in TEXT, or NIL if clean."
  (when (and text (stringp text))
@@ -38,7 +38,7 @@ Retrieves all active secrets from the vault and scans the payload for potential
 ** Network Exfiltration Check
 Inspects shell commands for unwhitelisted domains or IP addresses.

-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-bouncer.lisp
 (defun bouncer-check-network-exfil (cmd)
  "Returns T if the command appears to target an unwhitelisted external host."
  (when (and cmd (stringp cmd))
@@ -55,7 +55,7 @@ Inspects shell commands for unwhitelisted domains or IP addresses.
 * Runtime Guard (bouncer-check)
 The primary entry point for all high-impact actions. It blocks or queues actions based on risk vectors.

-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-bouncer.lisp
 (defun bouncer-check (action context)
  "The 5-Vector security gate. Blocks or queues actions based on risk."
  (let* ((target (getf action :target))
@@ -98,7 +98,7 @@ The primary entry point for all high-impact actions. It blocks or queues actions
 * Approval Processing
 The Bouncer periodically scans the Memex for approved "Flight Plans" and re-injects them into the metabolic loop.

-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-bouncer.lisp
 (defun bouncer-process-approvals ()
  "Scans the object store for APPROVED flight plans and re-injects their actions."
  (let ((approved-nodes (list-objects-with-attribute :TODO "APPROVED"))
@@ -123,7 +123,7 @@ The Bouncer periodically scans the Memex for approved "Flight Plans" and re-inje
 The Bouncer skill reacts to approval requirements by creating flight plan nodes, and periodically checks for manual approvals via heartbeats.

 ** Skill Logic
-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-bouncer.lisp
 (defun bouncer-deterministic-gate (action context)
  "Main gate for the bouncer skill."
  (let* ((payload (getf context :payload))
@@ -148,7 +148,7 @@ The Bouncer skill reacts to approval requirements by creating flight plan nodes,
 #+end_src

 ** Skill Registration
-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-bouncer.lisp
 (defskill :skill-bouncer
  :priority 150
  :trigger (lambda (ctx) t) ;; Bouncer evaluates all actions deterministically
--- a/skills/org-skill-cli-gateway.org
+++ b/skills/org-skill-cli-gateway.org
@@ -11,11 +11,7 @@ The *CLI Gateway* is the primary sensory and actuating interface for human inter

 * Implementation

-#+begin_src lisp
-(in-package :cl-user)
-(defpackage :opencortex.skills.org-skill-cli-gateway
-  (:use :cl :opencortex))
-(in-package :opencortex.skills.org-skill-cli-gateway)
+#+begin_src lisp :tangle ../library/gen/org-skill-cli-gateway.lisp

 (defvar *cli-port* 9105)
 (defvar *cli-server-socket* nil)
--- a/skills/org-skill-credentials-vault.org
+++ b/skills/org-skill-credentials-vault.org
@@ -33,7 +33,7 @@ Securely manage all authentication tokens required for the opencortex to operate
 The vault provides a secure lookup table in RAM, backed by the persistent Memory. Access is restricted to internal kernel requests and explicitly authorized deterministic gates.

 ** 2. Semantic Interfaces
-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-credentials-vault.lisp
 (defun vault-get-secret (provider &key type)
  "Retrieves a secret (api-key or session) for a provider.")

@@ -61,13 +61,13 @@ Tests in `tests/vault-tests.lisp` will verify:
 * Phase D: Build (Implementation)

 ** Package Context
-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-credentials-vault.lisp
 #+end_src

 ** Vault State
 We maintain an in-memory hash table for secrets, which is hydrated from and persisted to the Memory.

-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-credentials-vault.lisp
 (defvar opencortex::*vault-memory* (make-hash-table :test 'equal)
  "In-memory cache of sensitive credentials.")
 #+end_src
@@ -75,7 +75,7 @@ We maintain an in-memory hash table for secrets, which is hydrated from and pers
 ** Helper: Secret Masking
 The `vault-mask-string` function ensures that diagnostic output never contains the full plaintext of a sensitive token.

-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-credentials-vault.lisp
 (defun vault-mask-string (str)
  "Returns a masked version of a sensitive string."
  (if (and str (> (length str) 8))
@@ -86,7 +86,7 @@ The `vault-mask-string` function ensures that diagnostic output never contains t
 ** Retrieval (vault-get-secret)
 This function is the secure getter for all system secrets. It prioritizes the Vault (Memory) and falls back to environment variables for legacy compatibility.

-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-credentials-vault.lisp
 (defun vault-get-secret (provider &key (type :api-key))
  "Retrieves a credential. Type can be :api-key or :session."
  (let* ((key (format nil "~a-~a" provider type))
@@ -112,7 +112,7 @@ This function is the secure getter for all system secrets. It prioritizes the Va
 ** Persistence (vault-set-secret)
 When a secret is updated, we immediately snapshot the Memory to ensure the credential change is versioned and durable.

-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-credentials-vault.lisp
 (defun vault-set-secret (provider secret &key (type :api-key))
  "Securely stores a secret and triggers a Merkle snapshot."
  (let ((key (format nil "~a-~a" provider type)))
@@ -125,7 +125,7 @@ When a secret is updated, we immediately snapshot the Memory to ensure the crede
 ** Onboarding Logic
 Retained from the legacy Google skill, this provides the instructions for the autonomous cookie handshake.

-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-credentials-vault.lisp
 (defun vault-onboard-gemini-web ()
  "Instructions for the Autonomous Cookie Handshake."
  (harness-log "--- GEMINI WEB ONBOARDING ---")
@@ -137,7 +137,7 @@ Retained from the legacy Google skill, this provides the instructions for the au
 #+end_src

 ** Registration
-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-credentials-vault.lisp
 (progn
  (defskill :skill-credentials-vault
    :priority 200 ; High priority, foundational
@@ -153,7 +153,7 @@ Retained from the legacy Google skill, this provides the instructions for the au
 Note: Tests disabled in jail load.

 ** 1. Unit Tests (FiveAM)
-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-credentials-vault.lisp
 #|
 (defpackage :opencortex-vault-tests
  (:use :cl :fiveam :opencortex))
--- a/skills/org-skill-gardener.org
+++ b/skills/org-skill-gardener.org
@@ -37,14 +37,14 @@ The Gardener runs on a low-priority heartbeat. It performs a "Deep Audit" of the
 * Phase D: Build (Implementation)

 ** Package Context
-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-gardener.lisp
 (in-package :opencortex)
 #+end_src

 ** State: Maintenance Cycle
 We track the last audit time to ensure the Gardener doesn't over-consume resources.

-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-gardener.lisp
 (defvar *gardener-last-audit* 0
  "The universal-time of the last full Memex audit.")
 #+end_src
@@ -52,7 +52,7 @@ We track the last audit time to ensure the Gardener doesn't over-consume resourc
 ** Audit: Broken Links
 Scans the content of all objects for `id:` links and verifies the targets exist.

-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-gardener.lisp
 (defun gardener-find-broken-links ()
  "Returns a list of broken ID links found in the Memex."
  (let ((broken nil))
@@ -69,7 +69,7 @@ Scans the content of all objects for `id:` links and verifies the targets exist.
 ** Audit: Orphaned Nodes
 Identifies nodes that are not linked to and do not link to anything else.

-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-gardener.lisp
 (defun gardener-find-orphans ()
  "Returns a list of IDs for headlines that are structurally isolated."
  (let ((inbound (make-hash-table :test 'equal))
@@ -95,7 +95,7 @@ Identifies nodes that are not linked to and do not link to anything else.
 ** Skill Logic: The Audit Pass
 The Gardener's deterministic gate performs the actual analysis and logs the results. In future versions, it will generate probabilistic repair proposals.

-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-gardener.lisp
 (defun gardener-deterministic-gate (action context)
  "Main gate for the Gardener skill. Audits graph integrity."
  (declare (ignore action context))
@@ -118,7 +118,7 @@ The Gardener's deterministic gate performs the actual analysis and logs the resu
 #+end_src

 ** Skill Registration
-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-gardener.lisp
 (defskill :skill-gardener
  :priority 40
  :trigger (lambda (ctx)
--- a/skills/org-skill-homoiconic-memory.org
+++ b/skills/org-skill-homoiconic-memory.org
@@ -11,11 +11,7 @@ The *Homoiconic Memory* skill provides the core persistence layer for OpenCortex

 * Implementation

-#+begin_src lisp
-(in-package :cl-user)
-(defpackage :opencortex.skills.org-skill-homoiconic-memory
-  (:use :cl :opencortex))
-(in-package :opencortex.skills.org-skill-homoiconic-memory)
+#+begin_src lisp :tangle ../library/gen/org-skill-homoiconic-memory.lisp

 (defun memory-org-to-json (source)
  "Converts Org-mode source to JSON AST."
--- a/skills/org-skill-llama-backend.org
+++ b/skills/org-skill-llama-backend.org
@@ -21,12 +21,12 @@ This skill acts as a proxy between the OpenCortex kernel and the Lisp-agnostic `
 * Phase D: Build (Implementation)

 ** Package Context
-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-llama-backend.lisp
 (in-package :opencortex)
 #+end_src

 ** The Inference Engine (llama-inference)
-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-llama-backend.lisp
 (defun llama-inference (prompt system-prompt &key (model "local-model"))
  "Sends a completion request to the local llama.cpp server."
  (let ((endpoint (uiop:getenv "LLAMACPP_ENDPOINT")))
@@ -51,7 +51,7 @@ This skill acts as a proxy between the OpenCortex kernel and the Lisp-agnostic `
 #+end_src

 ** Registration
-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-llama-backend.lisp
 (progn
  (register-probabilistic-backend :llama #'llama-inference)
  (harness-log "LLAMA: Local backend registered and active."))
--- a/skills/org-skill-llm-gateway.org
+++ b/skills/org-skill-llm-gateway.org
@@ -19,11 +19,7 @@ The gateway utilizes a functional dispatch pattern. A single entry point, `execu
 * Phase D: Build (Implementation)

 ** Implementation
-#+begin_src lisp
-(in-package :cl-user)
-(defpackage :opencortex.skills.org-skill-llm-gateway
-  (:use :cl :opencortex))
-(in-package :opencortex.skills.org-skill-llm-gateway)
+#+begin_src lisp :tangle ../library/gen/org-skill-llm-gateway.lisp

 (defun get-nested (alist &rest keys)
  "Recursively extracts nested values from an alist, handling both objects and arrays."
--- a/skills/org-skill-peripheral-vision.org
+++ b/skills/org-skill-peripheral-vision.org
@@ -37,7 +37,7 @@ Move context pruning and rendering logic out of `context.lisp` to allow for more

 ** 2. Semantic Interfaces

-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-peripheral-vision.lisp
 (defun context-render-to-org (obj &key depth foveal-id semantic-threshold foveal-vector)
  "Recursively renders an org-object with foveal-peripheral pruning.")

@@ -48,7 +48,7 @@ Move context pruning and rendering logic out of `context.lisp` to allow for more
 * Phase D: Build (Implementation)

 ** Foveal-Peripheral Pruning
-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-peripheral-vision.lisp

 (defun context-render-to-org (obj &key (depth 1) (foveal-id nil) (semantic-threshold 0.75) (foveal-vector nil))
  "Recursively renders an org-object and its children to an Org string using a Foveal-Peripheral Hybrid model."
@@ -112,7 +112,7 @@ Move context pruning and rendering logic out of `context.lisp` to allow for more
 #+end_src

 * Registration
-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-peripheral-vision.lisp
 (defskill :skill-peripheral-vision
  :priority 90
  :dependencies ("org-skill-embedding")
--- a/skills/org-skill-policy.org
+++ b/skills/org-skill-policy.org
@@ -13,7 +13,7 @@ The *opencortex* is a probabilistic-deterministic harness for a personal operati
 * Package Context
 Every skill executes within its own jailed package namespace, while inheriting core harness symbols.

-#+begin_src lisp :tangle ../src/policy.lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-policy.lisp
 (in-package :opencortex)
 #+end_src

@@ -23,7 +23,7 @@ This document contains the *Core System Policy*. These are non-negotiable philos
 ** 1. Autonomy Above All
 Every action must increase the user's independence from centralized, proprietary platforms. If a tool or library introduces a dependency on a non-autonomous entity, it must be flagged for replacement.

-#+begin_src lisp :tangle ../src/policy.lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-policy.lisp
 (defun policy-check-autonomy (action context)
  "Ensures the action does not violate the Autonomy invariant."
  (declare (ignore context))
@@ -47,7 +47,7 @@ Prioritize local, energy-efficient, and offline-first architectures. The "Memex"
 * The Policy Gate
 The main deterministic entry point for the policy skill. It orchestrates the various invariant checks and delegates to engineering standards.

-#+begin_src lisp :tangle ../src/policy.lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-policy.lisp
 (defun policy-deterministic-gate (action context)
  "The main policy gate. Sub-calls engineering standards if available."
  (let ((current-action (policy-check-autonomy action context)))
@@ -64,7 +64,7 @@ The main deterministic entry point for the policy skill. It orchestrates the var
 Every action performed by an agent in this environment must also adhere to the [[file:org-skill-engineering-standards.org][Engineering Standards]].

 ** Skill Registration
-#+begin_src lisp :tangle ../src/policy.lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-policy.lisp
 (defskill :skill-policy
  :priority 100
  :trigger (lambda (ctx) t)
--- a/skills/org-skill-protocol-validator.org
+++ b/skills/org-skill-protocol-validator.org
@@ -45,7 +45,7 @@ Decouple protocol parsing (framing/unframing) from semantic validation.
 * Phase D: Build (Implementation)

 ** Schema Enforcement
-#+begin_src lisp :tangle ../src/communication-validator.lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-protocol-validator.lisp
 (in-package :opencortex)

 (defun validate-communication-protocol-schema (msg)
@@ -79,7 +79,7 @@ Decouple protocol parsing (framing/unframing) from semantic validation.
 #+end_src

 * Registration
-#+begin_src lisp :tangle ../src/communication-validator.lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-protocol-validator.lisp
 (defskill :skill-communication-protocol-validator
  :priority 95
  :trigger (lambda (ctx) (member (getf (getf ctx :payload) :sensor) '(:protocol-received)))
--- a/skills/org-skill-scribe.org
+++ b/skills/org-skill-scribe.org
@@ -41,14 +41,14 @@ The Scribe reacts to the `:heartbeat` sensor. It maintains a state file (`scribe
 * Phase D: Build (Implementation)

 ** Package Context
-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-scribe.lisp
 (in-package :opencortex)
 #+end_src

 ** State: Checkpoint Management
 We track the last processed universal time to avoid redundant distillation.

-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-scribe.lisp
 (defvar *scribe-last-checkpoint* 0
  "The universal-time of the last successful distillation run.")

@@ -70,7 +70,7 @@ We track the last processed universal time to avoid redundant distillation.
 ** Filtering: Privacy & Relevance
 The Scribe only cares about non-personal, non-distilled headlines.

-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-scribe.lisp
 (defun scribe-get-distillable-nodes ()
  "Returns a list of org-objects from the daily/ folder that require distillation."
  (let ((results nil))
@@ -91,7 +91,7 @@ The Scribe only cares about non-personal, non-distilled headlines.
 ** Probabilistic: Extraction Prompt
 The LLM is tasked with identifying atomic concepts within the raw text.

-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-scribe.lisp
 (defun probabilistic-skill-scribe (context)
  "Generates the extraction prompt for the Scribe."
  (let* ((payload (getf context :payload))
@@ -122,7 +122,7 @@ TEXT:
 ** Deterministic: Note Committal
 The deterministic gate receives the list of proposed notes and writes them to the filesystem.

-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-scribe.lisp
 (defun scribe-commit-notes (proposals)
  "Writes proposed atomic notes to the notes/ directory. Appends if the note exists."
  (let ((notes-dir (uiop:merge-pathnames* "notes/" (asdf:system-source-directory :opencortex))))
@@ -159,7 +159,7 @@ The deterministic gate receives the list of proposed notes and writes them to th
 #+end_src

 ** Skill Registration
-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-scribe.lisp
 (defskill :skill-scribe
  :priority 50
  :trigger (lambda (ctx)
@@ -174,6 +174,6 @@ The deterministic gate receives the list of proposed notes and writes them to th
 #+end_src

 ** Initialization
-#+begin_src lisp
+#+begin_src lisp :tangle ../library/gen/org-skill-scribe.lisp
 (scribe-load-state)
 #+end_src
--- a/skills/org-skill-shell-actuator.org
+++ b/skills/org-skill-shell-actuator.org
@@ -11,11 +11,7 @@ The *Shell Actuator* provides a controlled interface for the OpenCortex to execu

 * Implementation

-#+begin_src lisp
-(in-package :cl-user)
-(defpackage :opencortex.skills.org-skill-shell-actuator
-  (:use :cl :opencortex))
-(in-package :opencortex.skills.org-skill-shell-actuator)
+#+begin_src lisp :tangle ../library/gen/org-skill-shell-actuator.lisp

 (defparameter *allowed-commands* '("ls" "git" "rg" "grep" "date" "echo" "cat" "node" "python3" "sbcl"))