amr/passepartout
1
0
Fork 0
Code Issues 15 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

docs: add missing prose headlines in security-dispatcher.org HITL section
Some checks failed
Deploy (Gitea) / deploy (push) Failing after 3s
Details

Browse Source 
Fixes 4 pre-existing PROSE-BEFORE-CODE violations in the HITL in-memory
store section. Each function (hitl-create, hitl-approve, hitl-deny,
hitl-handle-message) now has a *** sub-heading with explanatory prose
before its code block.
This commit is contained in:
Amr Gharbeia
2026-05-03 14:00:24 -04:00
parent 3f51a772d4
commit a16f973b50
2 changed files with 98 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
org/security-dispatcher.org
View File

@@ -453,6 +453,13 @@ with the token to approve or deny.
"Maps correlation token → blocked-action plist for pending HITL approvals.")
#+end_src
*** hitl-create
A new HITL entry is created whenever the deterministic engine returns an
~:approval-required~ level action. A correlation token is generated and
the blocked action is stored for later retrieval by ~hitl-approve~ or
~hitl-deny~.
;; REPL-VERIFIED: 2026-05-03T13:00:00
#+begin_src lisp
(defun hitl-create (blocked-action)
@@ -465,6 +472,13 @@ with the token to approve or deny.
:message (format nil "HITL: Action requires approval [~a]. Reply /approve ~a to approve." token token))))
#+end_src
*** hitl-approve
When the user sends an approval command with a valid token, the blocked
action is retrieved, stamped with ~:approved t~, and re-injected into the
pipeline via ~stimulus-inject~. The perceive gate detects the
~:approval-required~ sensor with ~:approved t~ and processes it.
;; REPL-VERIFIED: 2026-05-03T13:00:00
#+begin_src lisp
(defun hitl-approve (token)
@@ -487,6 +501,12 @@ Returns T if found and approved, nil if token is invalid."
nil))))
#+end_src
*** hitl-deny
Denial removes the pending action from the store without re-injecting it.
The action is silently discarded and the token becomes invalid for future
use.
;; REPL-VERIFIED: 2026-05-03T13:00:00
#+begin_src lisp
(defun hitl-deny (token)
@@ -502,6 +522,14 @@ Returns T if found, nil if token is invalid."
nil)))
#+end_src
*** hitl-handle-message
The universal entry point for HITL commands arriving from any gateway.
Parses the text for ~/approve~, ~/deny~, ~approve~, or ~deny~ followed
by a token, dispatches to ~hitl-approve~ or ~hitl-deny~, and returns T
if the message was a HITL command (so the gateway knows not to inject it
into the main pipeline).
;; REPL-VERIFIED: 2026-05-03T13:00:00
#+begin_src lisp
(defun hitl-handle-message (text &optional source)