diff --git a/skills/org-skill-bouncer.org b/skills/org-skill-bouncer.org index 943aab4..6d55190 100644 --- a/skills/org-skill-bouncer.org +++ b/skills/org-skill-bouncer.org @@ -9,6 +9,13 @@ * Overview The *System 2 Bouncer* is the authorization gate for high-risk actions. It serializes intercepted actions into Org nodes ("Flight Plans") and re-injects them once manually approved by the Sovereign. +** Deep Reasoning: Beyond Permission +While the *Formal Prover* ensures an action is "legal" (e.g., "Yes, you are allowed to send a Matrix message"), the *Bouncer* ensures the action is "safe" by inspecting the payload content via **Deep Packet Inspection (DPI)**. + +1. **Secret Exposure Gate:** The Bouncer automatically scans all outgoing `:text` payloads for strings matching your API keys or sensitive IDs stored in the `Credentials Vault`. +2. **Network Exfiltration Gate:** It monitors for unauthorized IP addresses or domains in shell commands, preventing the agent from "phoning home" to a malicious server. +3. **The Final Filter:** The Bouncer sits at the very end of the symbolic pipeline. It is the last gate before an action touches the physical hardware. + * Implementation ** Approval Processing diff --git a/skills/org-skill-formal-verification.org b/skills/org-skill-formal-verification.org index a88602c..741e97c 100644 --- a/skills/org-skill-formal-verification.org +++ b/skills/org-skill-formal-verification.org @@ -10,6 +10,15 @@ * Overview The *Formal Verification Gate* replaces heuristic whitelisting with symbolic logic proofs. It ensures that every action proposed by System 1 is *provably safe* against the kernel's core security invariants using a Lisp-native symbolic prover. +** Deep Reasoning: The Sandbox of Intent +This gate is the first line of defense against both "Inside Threats" (maliciously modified skill files) and "Hallucination Threats" (LLMs generating unsafe commands). + +1. **Isolation from Implementation:** The Prover does not trust the logic inside a skill. It sits between the skill's proposal and the physical world. +2. **Structural Enforcement:** Even if a skill is compromised and attempts to execute a command like `rm -rf /`, the Prover identifies the violation of the `path-confinement` invariant and blocks it before it hits the OS. +3. **Prover vs. Bouncer:** + - **The Prover (Static):** Focuses on *Structure*. "Is this path legal? Is this tool allowed?" + - **The Bouncer (Runtime):** Focuses on *Content*. "Is this message leaking my API keys? Is this network packet unauthorized?" + * Phase A: Demand (PRD) :PROPERTIES: :STATUS: SIGNED diff --git a/skills/org-skill-state-persistence.org b/skills/org-skill-state-persistence.org index 1de0dfe..fed5783 100644 --- a/skills/org-skill-state-persistence.org +++ b/skills/org-skill-state-persistence.org @@ -9,6 +9,13 @@ * Overview The *State Persistence Layer* ensures the durability and sovereignty of the agent's memory. It unifies local, high-performance Lisp image dumps with decentralized, immutable IPFS checkpointing. This dual-path approach provides both rapid operational recovery and long-term historical integrity. +** Deep Reasoning: Protection Against External Tampering +While the *Prover* and *Bouncer* protect against internal skill failures, the Merkle-Tree architecture within the State Layer protects against **External Threats** (e.g., a hacker or virus modifying your `.org` files directly on disk). + +1. **Skill Hashing:** Every code block and headline in a skill file has a unique Merkle hash recorded in the Object Store. +2. **Integrity Verification:** Upon loading or reloading a skill, the Kernel re-calculates the hash and compares it against the "known good" state in the Merkle Tree. +3. **Automatic Lockdown:** If a file has been tampered with externally, the hash mismatch triggers an immediate lockdown. The Kernel refuses to execute the skill and alerts the Sovereign via Signal/Telegram. + * Phase A: Demand (PRD) :PROPERTIES: :STATUS: SIGNED