passepartout/docs/rca/rca-bouncer.org

Root Cause Analysis: Deterministic Engine Bouncer & Authorization Gate

• Executive Summary
• 1. Issue: Automated High-Risk Execution
  • Symptoms
  • Root Cause
  • Resolution
• 2. Design Decision: Org-native Approval
  • Requirement
  • Selected Path
  • Alignment
• 3. Permanent Learnings

Executive Summary

Implemented the "Planning Mode" Bouncer to intercept high-risk Probabilistic Engine proposals (e.g., shell commands, Lisp evaluation). The system now forces these actions into an asynchronous "Flight Plan" Org node for manual Sovereign approval, fulfilling the "everything is a node" and high-integrity mandates.

1. Issue: Automated High-Risk Execution

Symptoms

Probabilistic Engine proposals involving `shell` or `eval` were executed immediately upon passing the `decide` gate's safety harness. This lacked human-in-the-loop oversight for irreversible or complex operations.

Root Cause

Architecture gap. The system lacked an authorization state between "Safe" and "Executed".

Resolution

1. Interceptor: Added `bouncer-check` to `deterministic.lisp`. It flags high-risk actions that lack the `:approved t` property.
2. Asynchronous Event: If flagged, the harness emits an `:approval-required` event.

3. Flight Plan Skill: Created `org-skill-bouncer.org` to:

   • Catch the event and create a serialized Org node with state `PLAN`.
   • Monitor the Object Store for `APPROVED` states.
   • Re-inject approved actions with the `:approved t` bypass flag.

2. Design Decision: Org-native Approval

Requirement

Align with "Homoiconic Memory" and "Lisp Machine Sovereignty".

Selected Path

State-Based Approval (Org-native).

• Pros: Auditable, asynchronous, utilizes existing Org-mode workflows.
• Cons: Slightly more latency than an interactive prompt.

Alignment

Ensures that the agent's "Flight Plans" are first-class citizens in the Memex, allowing the Sovereign to review and approve them using standard GTD tools.

3. Permanent Learnings

• Serial Bypass: Always include a specific bypass flag (e.g., `:approved t`) when re-injecting intercepted actions to prevent infinite interception loops.
• Heartbeat Listeners: Periodic scanning of the Object Store for state transitions is an effective way to implement asynchronous authorization gates without blocking the harness.