:PROPERTIES:
:ID:       bouncer-agent-skill
:CREATED:  [2026-04-11 Sat 15:20]
:END:
#+TITLE: SKILL: System 2 Bouncer (Authorization Gate)
#+STARTUP: content
#+FILETAGS: :system:bouncer:authorization:psf:

* Overview
The *System 2 Bouncer* is the authorization gate for high-risk actions. It serializes intercepted actions into Org nodes ("Flight Plans") and re-injects them once manually approved by the Sovereign.

** Deep Reasoning: Beyond Permission
While the *Formal Prover* ensures an action is "legal" (e.g., "Yes, you are allowed to send a Matrix message"), the *Bouncer* ensures the action is "safe" by inspecting the payload content via **Deep Packet Inspection (DPI)**.

1. **Secret Exposure Gate:** The Bouncer automatically scans all outgoing `:text` payloads for strings matching your API keys or sensitive IDs stored in the `Credentials Vault`.
2. **Network Exfiltration Gate:** It monitors for unauthorized IP addresses or domains in shell commands, preventing the agent from "phoning home" to a malicious server.
3. **The Final Filter:** The Bouncer sits at the very end of the symbolic pipeline. It is the last gate before an action touches the physical hardware.

* Implementation

** Approval Processing
#+begin_src lisp :tangle ../src/bouncer.lisp
(in-package :org-agent)

(defun bouncer-process-approvals ()
  "Scans the object store for APPROVED flight plans and re-injects their actions."
  (let ((approved-nodes (list-objects-with-attribute :TODO "APPROVED"))
        (found-any nil))
    (dolist (node approved-nodes)
      (let* ((tags (getf (org-object-attributes node) :TAGS))
             (action-str (getf (org-object-attributes node) :ACTION)))
        (when (and (member "FLIGHT_PLAN" tags :test #'string-equal) action-str)
          (kernel-log "BOUNCER: Found approved flight plan ~a. Re-injecting..." (org-object-id node))
          (let ((action (ignore-errors (read-from-string action-str))))
            (when action
              ;; Add bypass flag
              (setf (getf action :approved) t)
              (inject-stimulus action)
              ;; Mark as DONE
              (setf (getf (org-object-attributes node) :TODO) "DONE")
              (setq found-any t))))))
    found-any))
#+end_src

** Skill Definition
#+begin_src lisp :tangle ../src/bouncer.lisp
(defskill :skill-bouncer
  :priority 100
  :trigger (lambda (ctx) 
             (or (eq (getf (getf ctx :payload) :sensor) :approval-required)
                 (eq (getf (getf ctx :payload) :sensor) :heartbeat)))
  :neuro nil
  :symbolic (lambda (action context)
              (declare (ignore action))
              (let* ((payload (getf context :payload))
                     (sensor (getf payload :sensor)))
                (case sensor
                  (:approval-required
                   (let* ((blocked-action (getf payload :action))
                          (id (org-id-new)))
                     (kernel-log "BOUNCER: Creating flight plan node...")
                     ;; Create the node in Emacs (or inbox)
                     (list :type :REQUEST :target :emacs :action :insert-node 
                           :id id :attributes `(:TITLE "Flight Plan: High-Risk Action" 
                                                :TODO "PLAN" 
                                                :TAGS ("FLIGHT_PLAN")
                                                :ACTION ,(format nil "~s" blocked-action)))))
                  (:heartbeat
                   ;; Periodically check for approvals
                   (bouncer-process-approvals)
                   nil)))))
#+end_src