amr/passepartout
1
0
Fork 0
Code Issues 15 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

CHORE: Prepare for Bouncer Matrix implementation

Browse Source
This commit is contained in:
Amr Gharbeia
2026-04-11 16:25:08 -04:00
parent 878e5709cf
commit eca6610274
3 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
skills/org-skill-bouncer.org
View File

@@ -9,6 +9,13 @@
* Overview
The *System 2 Bouncer* is the authorization gate for high-risk actions. It serializes intercepted actions into Org nodes ("Flight Plans") and re-injects them once manually approved by the Sovereign.
** Deep Reasoning: Beyond Permission
While the *Formal Prover* ensures an action is "legal" (e.g., "Yes, you are allowed to send a Matrix message"), the *Bouncer* ensures the action is "safe" by inspecting the payload content via **Deep Packet Inspection (DPI)**.
1. **Secret Exposure Gate:** The Bouncer automatically scans all outgoing `:text` payloads for strings matching your API keys or sensitive IDs stored in the `Credentials Vault`.
2. **Network Exfiltration Gate:** It monitors for unauthorized IP addresses or domains in shell commands, preventing the agent from "phoning home" to a malicious server.
3. **The Final Filter:** The Bouncer sits at the very end of the symbolic pipeline. It is the last gate before an action touches the physical hardware.
* Implementation
** Approval Processing

9
skills/org-skill-formal-verification.org
View File

@@ -10,6 +10,15 @@
* Overview
The *Formal Verification Gate* replaces heuristic whitelisting with symbolic logic proofs. It ensures that every action proposed by System 1 is *provably safe* against the kernel's core security invariants using a Lisp-native symbolic prover.
** Deep Reasoning: The Sandbox of Intent
This gate is the first line of defense against both "Inside Threats" (maliciously modified skill files) and "Hallucination Threats" (LLMs generating unsafe commands).
1. **Isolation from Implementation:** The Prover does not trust the logic inside a skill. It sits between the skill's proposal and the physical world.
2. **Structural Enforcement:** Even if a skill is compromised and attempts to execute a command like `rm -rf /`, the Prover identifies the violation of the `path-confinement` invariant and blocks it before it hits the OS.
3. **Prover vs. Bouncer:**
- **The Prover (Static):** Focuses on *Structure*. "Is this path legal? Is this tool allowed?"
- **The Bouncer (Runtime):** Focuses on *Content*. "Is this message leaking my API keys? Is this network packet unauthorized?"
* Phase A: Demand (PRD)
:PROPERTIES:
:STATUS: SIGNED

7
skills/org-skill-state-persistence.org
View File

@@ -9,6 +9,13 @@
* Overview
The *State Persistence Layer* ensures the durability and sovereignty of the agent's memory. It unifies local, high-performance Lisp image dumps with decentralized, immutable IPFS checkpointing. This dual-path approach provides both rapid operational recovery and long-term historical integrity.
** Deep Reasoning: Protection Against External Tampering
While the *Prover* and *Bouncer* protect against internal skill failures, the Merkle-Tree architecture within the State Layer protects against **External Threats** (e.g., a hacker or virus modifying your `.org` files directly on disk).
1. **Skill Hashing:** Every code block and headline in a skill file has a unique Merkle hash recorded in the Object Store.
2. **Integrity Verification:** Upon loading or reloading a skill, the Kernel re-calculates the hash and compares it against the "known good" state in the Merkle Tree.
3. **Automatic Lockdown:** If a file has been tampered with externally, the hash mismatch triggers an immediate lockdown. The Kernel refuses to execute the skill and alerts the Sovereign via Signal/Telegram.
* Phase A: Demand (PRD)
:PROPERTIES:
:STATUS: SIGNED