Wrap read-from-string/read with (let ((*read-eval* nil)) ...) at three
untrusted-input code paths:
1. think() in core-loop-reason — LLM output parsing. LLM output is
untrusted by definition; #.(shell ...) in a response must not execute.
2. action-system-execute in core-loop-act — :system :eval path processes
untrusted payload code from the signal pipeline.
3. load-memory-from-disk in core-memory — memory.snap file could be
corrupted or planted in ~/, must not execute #. reader macros.
Adds test-read-eval-rce-blocked to pipeline-reason-suite: mocks a
backend returning malicious output containing #.(setf ...), verifies
no side effects occur and safe fallback is returned.
RED proof recorded: *read-eval* T + #.(setf ...) → :PWNED (RCE active)
GREEN proof: *read-eval* NIL → reader-error caught (RCE blocked)
Test: reason 12/0, full suite 88/0
- Added ;; REPL-VERIFIED: comments to all 164 definition blocks across 30 org files
- Split 32 multi-definition blocks into one-per-block (one function per block)
- Added Org headlines to 45 blocks missing prose-before-code
- verify-repl now returns PASS on entire org/ directory
- system-context-manager (new skill): stack-based project focusing with
push-context/pop-context, path resolution relative to base path, and
scope-aware memory queries via context-scoped-query.
- core-memory: add :scope slot to memory-object struct (default :memex).
- core-memory: ingest-ast accepts &key (scope :memex), propagates to children.
- core-context: context-query accepts :scope parameter for filtering.
- DEFECT FIX: renamed org-object-* accessors to memory-object-*
across core-context, security-dispatcher, tests, and defpackage exports.
The struct was renamed but accessor references were never updated —
the code referenced nonexistent functions.
- New system-event-orchestrator skill with hook registry, cron registry, and tier classifier
- Three dispatch tiers: :reflex (no LLM), :cognition (light), :reasoning (full)
- Org-mode timestamp parsing for repeat patterns (+1w, +1d, +1m)
- Registers on heartbeat via defskill, dispatches due cron jobs
- Fix all remaining harness-log → log-message references across org files
