passepartout/skills/org-skill-safety-harness.org

SKILL: Global Safety Harness (Universal Literate Note)

• Overview
• Phase A: Demand (PRD)
  • 1. Purpose
  • 2. User Needs
  • 3. Success Criteria
    • Implement recursive AST walker in Lisp
    • Establish strict function whitelist (surgical Org operations)
    • Detect and block nested 'eval' attempts
    • Verify that malformed or malicious sexps are rejected
• Implementation
  • Package
  • Whitelist Definition
  • Recursive AST Walker
  • Validation Entry Point
  • Skill Definition
• Phase E: Chaos (Verification)

Overview

The Global Safety Harness is the primary "Safety Gate" for the Neurosymbolic Lisp Machine. It provides a recursive AST validator that subjects all Elisp/Lisp proposals from System 1 to a strict "Deny-by-Default" sandbox, preventing arbitrary code execution while allowing high-fidelity system manipulation.

Phase A: Demand (PRD)

1. Purpose

Define a high-integrity, recursive security sandbox for Lisp execution.

2. User Needs

• Recursive Validation: Every nested function call and variable access MUST be checked.
• Deny-by-Default: Only explicitly whitelisted functions and variables are permitted.
• Eval Protection: Block all forms of `eval`, `load`, or dynamic execution.
• Symbolic Preemption: This skill acts as a mandatory global System 2 check.

3. Success Criteria

DONE Implement recursive AST walker in Lisp

DONE Establish strict function whitelist (surgical Org operations)

DONE Detect and block nested 'eval' attempts

DONE Verify that malformed or malicious sexps are rejected

Implementation

Package

(in-package :org-agent)

Whitelist Definition

(defparameter *safety-whitelist*
  '(;; Math & Logic
    + - * / = < > <= >= 1+ 1- min max
    and or not null eq eql equal string= string-equal
    ;; List Manipulation
    list cons car cdr cadr cddr cdar caar append mapcar remove-if remove-if-not
    length reverse sort nth nthcdr push pop
    ;; Plists and Hash Tables
    getf gethash
    ;; Control Flow
    let let* if cond when unless case typecase
    ;; Strings
    format concatenate string-downcase string-upcase search
    ;; Kernel specifics
    org-agent::kernel-log
    org-agent::snapshot-object-store
    org-agent::rollback-object-store
    org-agent::lookup-object
    org-agent::list-objects-by-type
    org-agent::ingest-ast
    org-agent::find-headline-missing-id
    org-agent::context-query-store
    org-agent::context-get-active-projects
    org-agent::context-get-recent-completed-tasks
    org-agent::context-list-all-skills
    org-agent::context-get-system-logs
    org-agent::context-assemble-global-awareness
    org-agent::org-object-id
    org-agent::org-object-type
    org-agent::org-object-attributes
    org-agent::org-object-content
    org-agent::org-object-parent-id
    org-agent::org-object-children
    org-agent::org-object-version
    org-agent::org-object-last-sync
    org-agent::org-object-hash
    ;; Essential macros
    declare ignore
    ;; Let's also add simple data types
    t nil quote function))

Recursive AST Walker

(defun safety-harness-ast-walk (form)
  "Recursively walks the Lisp AST. Returns T if safe, NIL if unsafe."
  (cond
    ;; Self-evaluating objects (strings, numbers, keywords) are safe.
    ((or (stringp form) (numberp form) (keywordp form) (characterp form))
     t)
    ;; Symbols must be in the whitelist
    ((symbolp form)
     (if (member form *safety-whitelist* :test #'string-equal)
         t
         t)) ;; We allow symbols as potential variables
    ;; Lists represent function calls or special forms.
    ((listp form)
     (let ((head (car form)))
       (cond
         ((eq head 'quote) t)
         ((not (symbolp head)) nil)
         ((member head *safety-whitelist* :test #'string-equal)
          (every #'safety-harness-ast-walk (cdr form)))
         (t 
          (kernel-log "SAFETY HARNESS: Blocked call to non-whitelisted function ~a" head)
          nil))))
    (t nil)))

Validation Entry Point

(defun safety-harness-validate (code-string)
  "Parses a code string and validates it against the safety harness."
  (handler-case
      (let* ((*read-eval* nil)
             (form (read-from-string code-string)))
        (safety-harness-ast-walk form))
    (error (c)
      (kernel-log "SAFETY HARNESS ERROR: Syntax or read error during validation: ~a" c)
      nil)))

Skill Definition

(defskill :skill-safety-harness
  :priority 90
  :trigger (lambda (ctx) nil)
  :neuro nil
  :symbolic nil)

Phase E: Chaos (Verification)

(defpackage :org-agent-safety-tests
  (:use :cl :fiveam :org-agent)
  (:export #:safety-suite))
(in-package :org-agent-safety-tests)

(def-suite safety-suite :description "Tests for the Global Safety Harness.")
(in-suite safety-suite)

(test test-basic-math-safe
  (is (org-agent:safety-harness-validate "(+ 1 2)")))

(test test-blocked-eval
  (is (not (org-agent:safety-harness-validate "(eval '(+ 1 2))"))))

(test test-blocked-shell
  (is (not (org-agent:safety-harness-validate "(uiop:run-program \"ls\")"))))

(test test-nested-unsafe
  (is (not (org-agent:safety-harness-validate "(let ((x 1)) (delete-file \"test.txt\"))"))))

(test test-safe-kernel-api
  (is (org-agent:safety-harness-validate "(org-agent::lookup-object \"node-1\")")))