passepartout/org/security-policy.org

#+TITLE: SKILL: Policy (org-skill-policy.org)
#+AUTHOR: Agent
#+FILETAGS: :system:policy:constitutional:
#+PROPERTY: header-args:lisp :tangle ../lisp/security-policy.lisp

* Architectural Intent: The Constitutional Layer

The Policy skill encodes the non-negotiable values of Passepartout. Every action the agent proposes must pass through this gate. If the action lacks justification, it is blocked — not because it's dangerous, but because it's opaque.

This is the "Radical Transparency" invariant in practice. The agent must explain *why* it wants to do something, not just *what* it wants to do. An action with ~:explanation "Because I said so"~ is rejected. An action with ~:explanation "The user asked me to read their TODO list and summarize it"~ passes.

The Policy skill is intentionally simple. It has one job: ensure every action has a meaningful explanation. Other security concerns (secret scanning, path blocking, network exfiltration) are handled by the Dispatcher. The Policy is about values, not threats.

** Contract

1. (policy-compliance-check action context): if ~action~ has an
   ~:explanation~ string longer than 10 characters, returns the action
   unchanged. Otherwise, returns a ~:LOG~ rejection plist with
   ~:level :warn~.

** Boundaries

- Does NOT check for dangerous content — the Dispatcher does that.
- Does NOT validate explanation quality — only length and presence.
- Does NOT consider ~context~ — implementation ignores it currently.

* Implementation

** Package Context
#+begin_src lisp
(in-package :passepartout)
#+end_src

** Policy Logic (policy-compliance-check)
;; REPL-VERIFIED: 2026-05-03T13:00:00
#+begin_src lisp
(defun policy-compliance-check (action context)
  "Enforces constitutional invariants on proposed actions."
  (declare (ignore context))
  (let* ((payload (proto-get action :payload))
         (explanation (proto-get payload :explanation)))
    (if (and explanation (stringp explanation) (> (length explanation) 10))
        action
        (progn
          (log-message "POLICY VIOLATION: Action lacks sufficient explanation.")
          (list :type :LOG
                :payload (list :level :warn
                              :text "Action blocked: Missing or insufficient :explanation. Please justify your reasoning."))))))
#+end_src

** Skill Registration
#+begin_src lisp
(defskill :passepartout-security-policy
  :priority 500
  :trigger (lambda (ctx) (declare (ignore ctx)) t)
  :deterministic #'policy-compliance-check)
#+end_src

* Test Suite

#+begin_src lisp
(eval-when (:compile-toplevel :load-toplevel :execute)
  (ql:quickload :fiveam :silent t))

(defpackage :passepartout-security-policy-tests
  (:use :cl :fiveam :passepartout)
  (:export #:policy-suite))

(in-package :passepartout-security-policy-tests)

(def-suite policy-suite :description "Verification of the Constitutional Policy Layer")
(in-suite policy-suite)

(test test-policy-passes-valid-explanation
  "Contract 1: action with sufficient explanation passes through unchanged."
  (let* ((action '(:type :REQUEST :payload (:action :read :explanation "The user asked me to read the TODO list for today.")))
         (result (policy-compliance-check action nil)))
    (is (equal action result))))

(test test-policy-rejects-short-explanation
  "Contract 1: action with explanation ≤10 characters is rejected with :LOG."
  (let* ((action '(:type :REQUEST :payload (:action :read :explanation "hi")))
         (result (policy-compliance-check action nil)))
    (is (eq :LOG (getf result :type)))
    (is (search "blocked" (getf (getf result :payload) :text) :test #'char-equal))))

(test test-policy-rejects-missing-explanation
  "Contract 1: action without :explanation is rejected."
  (let* ((action '(:type :REQUEST :payload (:action :read)))
         (result (policy-compliance-check action nil)))
    (is (eq :LOG (getf result :type)))))
#+end_src