feat(v0.3.0): Event Orchestrator skill

- New system-event-orchestrator skill with hook registry, cron registry, and tier classifier - Three dispatch tiers: :reflex (no LLM), :cognition (light), :reasoning (full) - Org-mode timestamp parsing for repeat patterns (+1w, +1d, +1m) - Registers on heartbeat via defskill, dispatches due cron jobs - Fix all remaining harness-log → log-message references across org files
2026-05-02 22:36:39 -04:00
parent 95d1ea3fed
commit d35aea391e
34 changed files with 507 additions and 124 deletions
--- a/org/security-dispatcher.org
+++ b/org/security-dispatcher.org
@@ -291,12 +291,12 @@ privacy tags, privacy text, shell safety, network exfil, high-impact approval."

       ;; Vector 0: REPL verification lint (warn, don't block)
      (repl-lint
-       (harness-log "BOUNCER: ~a" (proto-get repl-lint :text))
+       (log-message "BOUNCER: ~a" (proto-get repl-lint :text))
       action)

       ;; Vector 1: Lisp syntax validation (block bad lisp writes)
      ((and lisp-valid (eq (getf lisp-valid :status) :error))
-       (harness-log "LINT VIOLATION: Blocked write — lisp syntax error in ~a: ~a" filepath (getf lisp-valid :reason))
+       (log-message "LINT VIOLATION: Blocked write — lisp syntax error in ~a: ~a" filepath (getf lisp-valid :reason))
       (list :type :LOG
             :payload (list :level :error
                            :text (format nil "Lisp syntax error in ~a: ~a. The write was blocked. Fix the parenthesis balance and retry." filepath (getf lisp-valid :reason)))))
@@ -304,7 +304,7 @@ privacy tags, privacy text, shell safety, network exfil, high-impact approval."
      ;; Vector 2: File read to a protected secret path
      ((and filepath (dispatcher-check-secret-path filepath))
       (let ((matched (dispatcher-check-secret-path filepath)))
-         (harness-log "SECURITY VIOLATION: Blocked read of protected path '~a' (matched: ~a)" filepath matched)
+         (log-message "SECURITY VIOLATION: Blocked read of protected path '~a' (matched: ~a)" filepath matched)
         (list :type :LOG
               :payload (list :level :error
                              :text (format nil "Action blocked: Attempted read of protected path '~a'" filepath)))))
@@ -312,7 +312,7 @@ privacy tags, privacy text, shell safety, network exfil, high-impact approval."
      ;; Vector 3: Content contains secret patterns
      ((and text (dispatcher-exposure-scan text))
       (let ((matched (dispatcher-exposure-scan text)))
-         (harness-log "SECURITY VIOLATION: Content contains secret patterns: ~a" matched)
+         (log-message "SECURITY VIOLATION: Content contains secret patterns: ~a" matched)
         (list :type :LOG
               :payload (list :level :error
                              :text "Action blocked: Content contains potential secret exposure."))))
@@ -320,21 +320,21 @@ privacy tags, privacy text, shell safety, network exfil, high-impact approval."
      ;; Vector 4: Content contains vault secrets
      ((and text (dispatcher-vault-scan text))
       (let ((secret-name (dispatcher-vault-scan text)))
-         (harness-log "SECURITY VIOLATION: Blocked potential leak of secret '~a'" secret-name)
+         (log-message "SECURITY VIOLATION: Blocked potential leak of secret '~a'" secret-name)
         (list :type :LOG
               :payload (list :level :error
                              :text (format nil "Action blocked: Potential exposure of '~a'" secret-name)))))

      ;; Vector 5: Privacy-tagged content in action
      ((and tags (dispatcher-check-privacy-tags tags))
-       (harness-log "PRIVACY VIOLATION: Action contains privacy-tagged content")
+       (log-message "PRIVACY VIOLATION: Action contains privacy-tagged content")
       (list :type :LOG
             :payload (list :level :warn
                            :text "Action blocked: Content tagged with privacy filter.")))

      ;; Vector 6: Text leaks privacy tag names
      ((and text (dispatcher-check-text-for-privacy text))
-       (harness-log "PRIVACY WARNING: Text may contain leaked private content")
+       (log-message "PRIVACY WARNING: Text may contain leaked private content")
       (list :type :LOG
             :payload (list :level :warn
                            :text "Action blocked: Text may reference private content.")))
@@ -342,7 +342,7 @@ privacy tags, privacy text, shell safety, network exfil, high-impact approval."
       ;; Vector 7: Shell destructive/injection patterns
      ((and cmd (dispatcher-check-shell-safety cmd))
       (let ((matched (dispatcher-check-shell-safety cmd)))
-         (harness-log "SHELL VIOLATION: Destructive or injection pattern in command: ~a" matched)
+         (log-message "SHELL VIOLATION: Destructive or injection pattern in command: ~a" matched)
         (list :type :LOG
               :payload (list :level :error
                              :text (format nil "Shell command blocked: contains unsafe pattern ~a" matched)))))
@@ -351,14 +351,14 @@ privacy tags, privacy text, shell safety, network exfil, high-impact approval."
      ((and (or (eq target :shell)
                (and (eq target :tool) (equal (proto-get payload :tool) "shell")))
            (dispatcher-check-network-exfil cmd))
-        (harness-log "SECURITY WARNING: External network call detected. Queuing for approval.")
+        (log-message "SECURITY WARNING: External network call detected. Queuing for approval.")
        (list :type :EVENT :payload (list :sensor :approval-required :action action)))

      ;; Vector 8: High-impact action approval
      ((or (member target '(:shell))
           (and (eq target :tool) (member (proto-get payload :tool) '("shell" "repair-file") :test #'string=))
           (and (eq target :emacs) (eq (proto-get payload :action) :eval)))
-       (harness-log "SECURITY: High-impact action requires approval: ~a" (or (proto-get payload :tool) target))
+       (log-message "SECURITY: High-impact action requires approval: ~a" (or (proto-get payload :tool) target))
       (list :type :EVENT :payload (list :sensor :approval-required :action action)))
      (t action))))

@@ -375,7 +375,7 @@ privacy tags, privacy text, shell safety, network exfil, high-impact approval."
             (tags (getf attrs :TAGS))
             (action-str (getf attrs :ACTION)))
        (when (and (member "FLIGHT_PLAN" tags :test #'string-equal) action-str)
-          (harness-log "BOUNCER: Found approved flight plan '~a'. Re-injecting..." (org-object-id node))
+          (log-message "BOUNCER: Found approved flight plan '~a'. Re-injecting..." (org-object-id node))
          (let ((action (ignore-errors (read-from-string action-str))))
            (when action
              (setf (getf action :approved) t)
@@ -390,7 +390,7 @@ privacy tags, privacy text, shell safety, network exfil, high-impact approval."
 (defun dispatcher-flight-plan-create (blocked-action)
  "Creates a Flight Plan node for manual approval."
  (let ((id (org-id-new)))
-    (harness-log "BOUNCER: Creating flight plan node '~a'..." id)
+    (log-message "BOUNCER: Creating flight plan node '~a'..." id)
    (list :type :REQUEST :target :emacs
          :payload (list :action :insert-node :id id
                         :attributes (list :TITLE "Flight Plan: High-Risk Action"