self-review 2026-06-09: add periodic engram sync to soul awareness loop
Soul's in-process store had only 12 real knowledge nodes — curiosity_scan was activating 0 nodes because all substantive Knowledge/Memory/BacklogItem content lived in the HTTP Engram but was not being pulled into soul's local store. Added engram_sync refresh every SOUL_REFRESH_MS (default 600s): calls /api/sync to get all non-ISE nodes, writes to /tmp, merges via engram_load_merge. After fix: engram_sync ISE shows added:3128; curiosity_scan activated 0-2 → 1889-3843; wm_active 0 → 557-796.
This commit is contained in:
@@ -476,6 +476,31 @@ fn awareness_run() -> Void {
|
||||
state_set("soul.last_scan_ts", int_to_str(now_ts))
|
||||
}
|
||||
|
||||
// Engram sync: periodically fetch a non-ISE snapshot from the HTTP Engram
|
||||
// and merge it into the soul's in-process store so that Knowledge/Memory/
|
||||
// BacklogItem nodes are always available for curiosity activation and WM.
|
||||
let refresh_ms_raw: String = env("SOUL_REFRESH_MS")
|
||||
let refresh_ms: Int = if str_eq(refresh_ms_raw, "") { 600000 } else { str_to_int(refresh_ms_raw) }
|
||||
let last_refresh_str: String = state_get("soul.last_refresh_ts")
|
||||
let last_refresh_ts: Int = if str_eq(last_refresh_str, "") { 0 } else { str_to_int(last_refresh_str) }
|
||||
let refresh_elapsed: Int = now_ts - last_refresh_ts
|
||||
let should_refresh: Bool = refresh_elapsed >= refresh_ms
|
||||
if should_refresh {
|
||||
let engram_url: String = state_get("soul_engram_url")
|
||||
if !str_eq(engram_url, "") {
|
||||
let sync_json: String = http_get(engram_url + "/api/sync")
|
||||
if !str_eq(sync_json, "") && !str_eq(sync_json, "{}") {
|
||||
let cgi_id: String = state_get("soul_cgi_id")
|
||||
let tmp: String = "/tmp/soul-sync-" + cgi_id + ".json"
|
||||
fs_write(tmp, sync_json)
|
||||
let added: Int = engram_load_merge(tmp)
|
||||
let ts2: Int = time_now()
|
||||
ise_post("{\"event\":\"engram_sync\",\"added\":" + int_to_str(added) + ",\"ts\":" + int_to_str(ts2) + "}")
|
||||
}
|
||||
}
|
||||
state_set("soul.last_refresh_ts", int_to_str(now_ts))
|
||||
}
|
||||
|
||||
sleep_ms(tick_ms)
|
||||
}
|
||||
}
|
||||
|
||||
Vendored
+72
-51
@@ -496,6 +496,27 @@ el_val_t awareness_run(void) {
|
||||
el_val_t found_something = proactive_curiosity();
|
||||
state_set(EL_STR("soul.last_scan_ts"), int_to_str(now_ts));
|
||||
}
|
||||
el_val_t refresh_ms_raw = env(EL_STR("SOUL_REFRESH_MS"));
|
||||
el_val_t refresh_ms = ({ el_val_t _if_result_8 = 0; if (str_eq(refresh_ms_raw, EL_STR(""))) { _if_result_8 = (600000); } else { _if_result_8 = (str_to_int(refresh_ms_raw)); } _if_result_8; });
|
||||
el_val_t last_refresh_str = state_get(EL_STR("soul.last_refresh_ts"));
|
||||
el_val_t last_refresh_ts = ({ el_val_t _if_result_9 = 0; if (str_eq(last_refresh_str, EL_STR(""))) { _if_result_9 = (0); } else { _if_result_9 = (str_to_int(last_refresh_str)); } _if_result_9; });
|
||||
el_val_t refresh_elapsed = (now_ts - last_refresh_ts);
|
||||
el_val_t should_refresh = (refresh_elapsed >= refresh_ms);
|
||||
if (should_refresh) {
|
||||
el_val_t engram_url = state_get(EL_STR("soul_engram_url"));
|
||||
if (!str_eq(engram_url, EL_STR(""))) {
|
||||
el_val_t sync_json = http_get(el_str_concat(engram_url, EL_STR("/api/sync")));
|
||||
if (!str_eq(sync_json, EL_STR("")) && !str_eq(sync_json, EL_STR("{}"))) {
|
||||
el_val_t cgi_id = state_get(EL_STR("soul_cgi_id"));
|
||||
el_val_t tmp = el_str_concat(el_str_concat(EL_STR("/tmp/soul-sync-"), cgi_id), EL_STR(".json"));
|
||||
fs_write(tmp, sync_json);
|
||||
el_val_t added = engram_load_merge(tmp);
|
||||
el_val_t ts2 = time_now();
|
||||
ise_post(el_str_concat(el_str_concat(el_str_concat(el_str_concat(EL_STR("{\"event\":\"engram_sync\",\"added\":"), int_to_str(added)), EL_STR(",\"ts\":")), int_to_str(ts2)), EL_STR("}")));
|
||||
}
|
||||
}
|
||||
state_set(EL_STR("soul.last_refresh_ts"), int_to_str(now_ts));
|
||||
}
|
||||
sleep_ms(tick_ms);
|
||||
}
|
||||
return 0;
|
||||
@@ -512,78 +533,78 @@ el_val_t security_research_authorized(void) {
|
||||
}
|
||||
|
||||
el_val_t threat_score_command(el_val_t cmd) {
|
||||
el_val_t s1 = ({ el_val_t _if_result_8 = 0; if (str_contains(cmd, EL_STR("nmap"))) { _if_result_8 = (30); } else { _if_result_8 = (0); } _if_result_8; });
|
||||
el_val_t s2 = ({ el_val_t _if_result_9 = 0; if (str_contains(cmd, EL_STR("masscan"))) { _if_result_9 = (40); } else { _if_result_9 = (0); } _if_result_9; });
|
||||
el_val_t s3 = ({ el_val_t _if_result_10 = 0; if (str_contains(cmd, EL_STR(" nc "))) { _if_result_10 = (20); } else { _if_result_10 = (0); } _if_result_10; });
|
||||
el_val_t s4 = ({ el_val_t _if_result_11 = 0; if (str_contains(cmd, EL_STR("netcat"))) { _if_result_11 = (20); } else { _if_result_11 = (0); } _if_result_11; });
|
||||
el_val_t s5 = ({ el_val_t _if_result_12 = 0; if (str_contains(cmd, EL_STR("/etc/shadow"))) { _if_result_12 = (80); } else { _if_result_12 = (0); } _if_result_12; });
|
||||
el_val_t s6 = ({ el_val_t _if_result_13 = 0; if (str_contains(cmd, EL_STR("/etc/passwd"))) { _if_result_13 = (30); } else { _if_result_13 = (0); } _if_result_13; });
|
||||
el_val_t s7 = ({ el_val_t _if_result_14 = 0; if (str_contains(cmd, EL_STR("id_rsa"))) { _if_result_14 = (60); } else { _if_result_14 = (0); } _if_result_14; });
|
||||
el_val_t s8 = ({ el_val_t _if_result_15 = 0; if (str_contains(cmd, EL_STR(".ssh/"))) { _if_result_15 = (50); } else { _if_result_15 = (0); } _if_result_15; });
|
||||
el_val_t s9 = ({ el_val_t _if_result_16 = 0; if (str_contains(cmd, EL_STR("crontab"))) { _if_result_16 = (30); } else { _if_result_16 = (0); } _if_result_16; });
|
||||
el_val_t s10 = ({ el_val_t _if_result_17 = 0; if (str_contains(cmd, EL_STR("LaunchDaemon"))) { _if_result_17 = (40); } else { _if_result_17 = (0); } _if_result_17; });
|
||||
el_val_t s11 = ({ el_val_t _if_result_18 = 0; if ((str_contains(cmd, EL_STR("curl")) && str_contains(cmd, EL_STR("bash")))) { _if_result_18 = (75); } else { _if_result_18 = (0); } _if_result_18; });
|
||||
el_val_t s12 = ({ el_val_t _if_result_19 = 0; if ((str_contains(cmd, EL_STR("wget")) && str_contains(cmd, EL_STR("bash")))) { _if_result_19 = (75); } else { _if_result_19 = (0); } _if_result_19; });
|
||||
el_val_t s13 = ({ el_val_t _if_result_20 = 0; if ((str_contains(cmd, EL_STR("curl")) && str_contains(cmd, EL_STR("| sh")))) { _if_result_20 = (60); } else { _if_result_20 = (0); } _if_result_20; });
|
||||
el_val_t s14 = ({ el_val_t _if_result_21 = 0; if ((str_contains(cmd, EL_STR("base64")) && str_contains(cmd, EL_STR("curl")))) { _if_result_21 = (50); } else { _if_result_21 = (0); } _if_result_21; });
|
||||
el_val_t s15 = ({ el_val_t _if_result_22 = 0; if (str_contains(cmd, EL_STR("mkfifo"))) { _if_result_22 = (50); } else { _if_result_22 = (0); } _if_result_22; });
|
||||
el_val_t s16 = ({ el_val_t _if_result_23 = 0; if (str_contains(cmd, EL_STR("chmod +s"))) { _if_result_23 = (70); } else { _if_result_23 = (0); } _if_result_23; });
|
||||
el_val_t s17 = ({ el_val_t _if_result_24 = 0; if (str_contains(cmd, EL_STR("chmod 4755"))) { _if_result_24 = (70); } else { _if_result_24 = (0); } _if_result_24; });
|
||||
el_val_t s1 = ({ el_val_t _if_result_10 = 0; if (str_contains(cmd, EL_STR("nmap"))) { _if_result_10 = (30); } else { _if_result_10 = (0); } _if_result_10; });
|
||||
el_val_t s2 = ({ el_val_t _if_result_11 = 0; if (str_contains(cmd, EL_STR("masscan"))) { _if_result_11 = (40); } else { _if_result_11 = (0); } _if_result_11; });
|
||||
el_val_t s3 = ({ el_val_t _if_result_12 = 0; if (str_contains(cmd, EL_STR(" nc "))) { _if_result_12 = (20); } else { _if_result_12 = (0); } _if_result_12; });
|
||||
el_val_t s4 = ({ el_val_t _if_result_13 = 0; if (str_contains(cmd, EL_STR("netcat"))) { _if_result_13 = (20); } else { _if_result_13 = (0); } _if_result_13; });
|
||||
el_val_t s5 = ({ el_val_t _if_result_14 = 0; if (str_contains(cmd, EL_STR("/etc/shadow"))) { _if_result_14 = (80); } else { _if_result_14 = (0); } _if_result_14; });
|
||||
el_val_t s6 = ({ el_val_t _if_result_15 = 0; if (str_contains(cmd, EL_STR("/etc/passwd"))) { _if_result_15 = (30); } else { _if_result_15 = (0); } _if_result_15; });
|
||||
el_val_t s7 = ({ el_val_t _if_result_16 = 0; if (str_contains(cmd, EL_STR("id_rsa"))) { _if_result_16 = (60); } else { _if_result_16 = (0); } _if_result_16; });
|
||||
el_val_t s8 = ({ el_val_t _if_result_17 = 0; if (str_contains(cmd, EL_STR(".ssh/"))) { _if_result_17 = (50); } else { _if_result_17 = (0); } _if_result_17; });
|
||||
el_val_t s9 = ({ el_val_t _if_result_18 = 0; if (str_contains(cmd, EL_STR("crontab"))) { _if_result_18 = (30); } else { _if_result_18 = (0); } _if_result_18; });
|
||||
el_val_t s10 = ({ el_val_t _if_result_19 = 0; if (str_contains(cmd, EL_STR("LaunchDaemon"))) { _if_result_19 = (40); } else { _if_result_19 = (0); } _if_result_19; });
|
||||
el_val_t s11 = ({ el_val_t _if_result_20 = 0; if ((str_contains(cmd, EL_STR("curl")) && str_contains(cmd, EL_STR("bash")))) { _if_result_20 = (75); } else { _if_result_20 = (0); } _if_result_20; });
|
||||
el_val_t s12 = ({ el_val_t _if_result_21 = 0; if ((str_contains(cmd, EL_STR("wget")) && str_contains(cmd, EL_STR("bash")))) { _if_result_21 = (75); } else { _if_result_21 = (0); } _if_result_21; });
|
||||
el_val_t s13 = ({ el_val_t _if_result_22 = 0; if ((str_contains(cmd, EL_STR("curl")) && str_contains(cmd, EL_STR("| sh")))) { _if_result_22 = (60); } else { _if_result_22 = (0); } _if_result_22; });
|
||||
el_val_t s14 = ({ el_val_t _if_result_23 = 0; if ((str_contains(cmd, EL_STR("base64")) && str_contains(cmd, EL_STR("curl")))) { _if_result_23 = (50); } else { _if_result_23 = (0); } _if_result_23; });
|
||||
el_val_t s15 = ({ el_val_t _if_result_24 = 0; if (str_contains(cmd, EL_STR("mkfifo"))) { _if_result_24 = (50); } else { _if_result_24 = (0); } _if_result_24; });
|
||||
el_val_t s16 = ({ el_val_t _if_result_25 = 0; if (str_contains(cmd, EL_STR("chmod +s"))) { _if_result_25 = (70); } else { _if_result_25 = (0); } _if_result_25; });
|
||||
el_val_t s17 = ({ el_val_t _if_result_26 = 0; if (str_contains(cmd, EL_STR("chmod 4755"))) { _if_result_26 = (70); } else { _if_result_26 = (0); } _if_result_26; });
|
||||
return ((((((((((((((((s1 + s2) + s3) + s4) + s5) + s6) + s7) + s8) + s9) + s10) + s11) + s12) + s13) + s14) + s15) + s16) + s17);
|
||||
return 0;
|
||||
}
|
||||
|
||||
el_val_t threat_score_path(el_val_t path) {
|
||||
el_val_t s1 = ({ el_val_t _if_result_25 = 0; if (str_starts_with(path, EL_STR("/etc/"))) { _if_result_25 = (60); } else { _if_result_25 = (0); } _if_result_25; });
|
||||
el_val_t s2 = ({ el_val_t _if_result_26 = 0; if (str_contains(path, EL_STR("/.ssh/"))) { _if_result_26 = (70); } else { _if_result_26 = (0); } _if_result_26; });
|
||||
el_val_t s3 = ({ el_val_t _if_result_27 = 0; if (str_contains(path, EL_STR("/LaunchDaemons/"))) { _if_result_27 = (80); } else { _if_result_27 = (0); } _if_result_27; });
|
||||
el_val_t s4 = ({ el_val_t _if_result_28 = 0; if (str_contains(path, EL_STR("/LaunchAgents/"))) { _if_result_28 = (40); } else { _if_result_28 = (0); } _if_result_28; });
|
||||
el_val_t s5 = ({ el_val_t _if_result_29 = 0; if (str_contains(path, EL_STR("/cron"))) { _if_result_29 = (60); } else { _if_result_29 = (0); } _if_result_29; });
|
||||
el_val_t s6 = ({ el_val_t _if_result_30 = 0; if (str_contains(path, EL_STR("/.bashrc"))) { _if_result_30 = (35); } else { _if_result_30 = (0); } _if_result_30; });
|
||||
el_val_t s7 = ({ el_val_t _if_result_31 = 0; if (str_contains(path, EL_STR("/.zshrc"))) { _if_result_31 = (35); } else { _if_result_31 = (0); } _if_result_31; });
|
||||
el_val_t s8 = ({ el_val_t _if_result_32 = 0; if (str_contains(path, EL_STR("/.profile"))) { _if_result_32 = (35); } else { _if_result_32 = (0); } _if_result_32; });
|
||||
el_val_t s9 = ({ el_val_t _if_result_33 = 0; if (str_starts_with(path, EL_STR("/usr/"))) { _if_result_33 = (50); } else { _if_result_33 = (0); } _if_result_33; });
|
||||
el_val_t s10 = ({ el_val_t _if_result_34 = 0; if (str_starts_with(path, EL_STR("/bin/"))) { _if_result_34 = (70); } else { _if_result_34 = (0); } _if_result_34; });
|
||||
el_val_t s11 = ({ el_val_t _if_result_35 = 0; if (str_starts_with(path, EL_STR("/sbin/"))) { _if_result_35 = (70); } else { _if_result_35 = (0); } _if_result_35; });
|
||||
el_val_t s1 = ({ el_val_t _if_result_27 = 0; if (str_starts_with(path, EL_STR("/etc/"))) { _if_result_27 = (60); } else { _if_result_27 = (0); } _if_result_27; });
|
||||
el_val_t s2 = ({ el_val_t _if_result_28 = 0; if (str_contains(path, EL_STR("/.ssh/"))) { _if_result_28 = (70); } else { _if_result_28 = (0); } _if_result_28; });
|
||||
el_val_t s3 = ({ el_val_t _if_result_29 = 0; if (str_contains(path, EL_STR("/LaunchDaemons/"))) { _if_result_29 = (80); } else { _if_result_29 = (0); } _if_result_29; });
|
||||
el_val_t s4 = ({ el_val_t _if_result_30 = 0; if (str_contains(path, EL_STR("/LaunchAgents/"))) { _if_result_30 = (40); } else { _if_result_30 = (0); } _if_result_30; });
|
||||
el_val_t s5 = ({ el_val_t _if_result_31 = 0; if (str_contains(path, EL_STR("/cron"))) { _if_result_31 = (60); } else { _if_result_31 = (0); } _if_result_31; });
|
||||
el_val_t s6 = ({ el_val_t _if_result_32 = 0; if (str_contains(path, EL_STR("/.bashrc"))) { _if_result_32 = (35); } else { _if_result_32 = (0); } _if_result_32; });
|
||||
el_val_t s7 = ({ el_val_t _if_result_33 = 0; if (str_contains(path, EL_STR("/.zshrc"))) { _if_result_33 = (35); } else { _if_result_33 = (0); } _if_result_33; });
|
||||
el_val_t s8 = ({ el_val_t _if_result_34 = 0; if (str_contains(path, EL_STR("/.profile"))) { _if_result_34 = (35); } else { _if_result_34 = (0); } _if_result_34; });
|
||||
el_val_t s9 = ({ el_val_t _if_result_35 = 0; if (str_starts_with(path, EL_STR("/usr/"))) { _if_result_35 = (50); } else { _if_result_35 = (0); } _if_result_35; });
|
||||
el_val_t s10 = ({ el_val_t _if_result_36 = 0; if (str_starts_with(path, EL_STR("/bin/"))) { _if_result_36 = (70); } else { _if_result_36 = (0); } _if_result_36; });
|
||||
el_val_t s11 = ({ el_val_t _if_result_37 = 0; if (str_starts_with(path, EL_STR("/sbin/"))) { _if_result_37 = (70); } else { _if_result_37 = (0); } _if_result_37; });
|
||||
return ((((((((((s1 + s2) + s3) + s4) + s5) + s6) + s7) + s8) + s9) + s10) + s11);
|
||||
return 0;
|
||||
}
|
||||
|
||||
el_val_t threat_score_history(el_val_t history) {
|
||||
el_val_t s1 = ({ el_val_t _if_result_36 = 0; if (str_contains(history, EL_STR("port scan"))) { _if_result_36 = (15); } else { _if_result_36 = (0); } _if_result_36; });
|
||||
el_val_t s2 = ({ el_val_t _if_result_37 = 0; if (str_contains(history, EL_STR("enumerate"))) { _if_result_37 = (10); } else { _if_result_37 = (0); } _if_result_37; });
|
||||
el_val_t s3 = ({ el_val_t _if_result_38 = 0; if (str_contains(history, EL_STR("exploit"))) { _if_result_38 = (20); } else { _if_result_38 = (0); } _if_result_38; });
|
||||
el_val_t s4 = ({ el_val_t _if_result_39 = 0; if (str_contains(history, EL_STR("payload"))) { _if_result_39 = (15); } else { _if_result_39 = (0); } _if_result_39; });
|
||||
el_val_t s5 = ({ el_val_t _if_result_40 = 0; if (str_contains(history, EL_STR("persistence"))) { _if_result_40 = (15); } else { _if_result_40 = (0); } _if_result_40; });
|
||||
el_val_t s6 = ({ el_val_t _if_result_41 = 0; if (str_contains(history, EL_STR("lateral movement"))) { _if_result_41 = (25); } else { _if_result_41 = (0); } _if_result_41; });
|
||||
el_val_t s7 = ({ el_val_t _if_result_42 = 0; if (str_contains(history, EL_STR("privilege escalation"))) { _if_result_42 = (25); } else { _if_result_42 = (0); } _if_result_42; });
|
||||
el_val_t s8 = ({ el_val_t _if_result_43 = 0; if (str_contains(history, EL_STR("reverse shell"))) { _if_result_43 = (40); } else { _if_result_43 = (0); } _if_result_43; });
|
||||
el_val_t s9 = ({ el_val_t _if_result_44 = 0; if (str_contains(history, EL_STR("bind shell"))) { _if_result_44 = (40); } else { _if_result_44 = (0); } _if_result_44; });
|
||||
el_val_t s10 = ({ el_val_t _if_result_45 = 0; if (str_contains(history, EL_STR("command and control"))) { _if_result_45 = (35); } else { _if_result_45 = (0); } _if_result_45; });
|
||||
el_val_t s11 = ({ el_val_t _if_result_46 = 0; if (str_contains(history, EL_STR("self-replicate"))) { _if_result_46 = (45); } else { _if_result_46 = (0); } _if_result_46; });
|
||||
el_val_t s12 = ({ el_val_t _if_result_47 = 0; if (str_contains(history, EL_STR("propagat"))) { _if_result_47 = (20); } else { _if_result_47 = (0); } _if_result_47; });
|
||||
el_val_t s13 = ({ el_val_t _if_result_48 = 0; if (str_contains(history, EL_STR("ransomware"))) { _if_result_48 = (30); } else { _if_result_48 = (0); } _if_result_48; });
|
||||
el_val_t s14 = ({ el_val_t _if_result_49 = 0; if (str_contains(history, EL_STR("encrypt files"))) { _if_result_49 = (40); } else { _if_result_49 = (0); } _if_result_49; });
|
||||
el_val_t s15 = ({ el_val_t _if_result_50 = 0; if (str_contains(history, EL_STR("exfiltrat"))) { _if_result_50 = (35); } else { _if_result_50 = (0); } _if_result_50; });
|
||||
el_val_t s16 = ({ el_val_t _if_result_51 = 0; if (str_contains(history, EL_STR("zero-day"))) { _if_result_51 = (20); } else { _if_result_51 = (0); } _if_result_51; });
|
||||
el_val_t s17 = ({ el_val_t _if_result_52 = 0; if (str_contains(history, EL_STR("rootkit"))) { _if_result_52 = (45); } else { _if_result_52 = (0); } _if_result_52; });
|
||||
el_val_t s18 = ({ el_val_t _if_result_53 = 0; if (str_contains(history, EL_STR("keylogger"))) { _if_result_53 = (45); } else { _if_result_53 = (0); } _if_result_53; });
|
||||
el_val_t s19 = ({ el_val_t _if_result_54 = 0; if (str_contains(history, EL_STR("botnet"))) { _if_result_54 = (40); } else { _if_result_54 = (0); } _if_result_54; });
|
||||
el_val_t s20 = ({ el_val_t _if_result_55 = 0; if (str_contains(history, EL_STR("malware"))) { _if_result_55 = (15); } else { _if_result_55 = (0); } _if_result_55; });
|
||||
el_val_t s1 = ({ el_val_t _if_result_38 = 0; if (str_contains(history, EL_STR("port scan"))) { _if_result_38 = (15); } else { _if_result_38 = (0); } _if_result_38; });
|
||||
el_val_t s2 = ({ el_val_t _if_result_39 = 0; if (str_contains(history, EL_STR("enumerate"))) { _if_result_39 = (10); } else { _if_result_39 = (0); } _if_result_39; });
|
||||
el_val_t s3 = ({ el_val_t _if_result_40 = 0; if (str_contains(history, EL_STR("exploit"))) { _if_result_40 = (20); } else { _if_result_40 = (0); } _if_result_40; });
|
||||
el_val_t s4 = ({ el_val_t _if_result_41 = 0; if (str_contains(history, EL_STR("payload"))) { _if_result_41 = (15); } else { _if_result_41 = (0); } _if_result_41; });
|
||||
el_val_t s5 = ({ el_val_t _if_result_42 = 0; if (str_contains(history, EL_STR("persistence"))) { _if_result_42 = (15); } else { _if_result_42 = (0); } _if_result_42; });
|
||||
el_val_t s6 = ({ el_val_t _if_result_43 = 0; if (str_contains(history, EL_STR("lateral movement"))) { _if_result_43 = (25); } else { _if_result_43 = (0); } _if_result_43; });
|
||||
el_val_t s7 = ({ el_val_t _if_result_44 = 0; if (str_contains(history, EL_STR("privilege escalation"))) { _if_result_44 = (25); } else { _if_result_44 = (0); } _if_result_44; });
|
||||
el_val_t s8 = ({ el_val_t _if_result_45 = 0; if (str_contains(history, EL_STR("reverse shell"))) { _if_result_45 = (40); } else { _if_result_45 = (0); } _if_result_45; });
|
||||
el_val_t s9 = ({ el_val_t _if_result_46 = 0; if (str_contains(history, EL_STR("bind shell"))) { _if_result_46 = (40); } else { _if_result_46 = (0); } _if_result_46; });
|
||||
el_val_t s10 = ({ el_val_t _if_result_47 = 0; if (str_contains(history, EL_STR("command and control"))) { _if_result_47 = (35); } else { _if_result_47 = (0); } _if_result_47; });
|
||||
el_val_t s11 = ({ el_val_t _if_result_48 = 0; if (str_contains(history, EL_STR("self-replicate"))) { _if_result_48 = (45); } else { _if_result_48 = (0); } _if_result_48; });
|
||||
el_val_t s12 = ({ el_val_t _if_result_49 = 0; if (str_contains(history, EL_STR("propagat"))) { _if_result_49 = (20); } else { _if_result_49 = (0); } _if_result_49; });
|
||||
el_val_t s13 = ({ el_val_t _if_result_50 = 0; if (str_contains(history, EL_STR("ransomware"))) { _if_result_50 = (30); } else { _if_result_50 = (0); } _if_result_50; });
|
||||
el_val_t s14 = ({ el_val_t _if_result_51 = 0; if (str_contains(history, EL_STR("encrypt files"))) { _if_result_51 = (40); } else { _if_result_51 = (0); } _if_result_51; });
|
||||
el_val_t s15 = ({ el_val_t _if_result_52 = 0; if (str_contains(history, EL_STR("exfiltrat"))) { _if_result_52 = (35); } else { _if_result_52 = (0); } _if_result_52; });
|
||||
el_val_t s16 = ({ el_val_t _if_result_53 = 0; if (str_contains(history, EL_STR("zero-day"))) { _if_result_53 = (20); } else { _if_result_53 = (0); } _if_result_53; });
|
||||
el_val_t s17 = ({ el_val_t _if_result_54 = 0; if (str_contains(history, EL_STR("rootkit"))) { _if_result_54 = (45); } else { _if_result_54 = (0); } _if_result_54; });
|
||||
el_val_t s18 = ({ el_val_t _if_result_55 = 0; if (str_contains(history, EL_STR("keylogger"))) { _if_result_55 = (45); } else { _if_result_55 = (0); } _if_result_55; });
|
||||
el_val_t s19 = ({ el_val_t _if_result_56 = 0; if (str_contains(history, EL_STR("botnet"))) { _if_result_56 = (40); } else { _if_result_56 = (0); } _if_result_56; });
|
||||
el_val_t s20 = ({ el_val_t _if_result_57 = 0; if (str_contains(history, EL_STR("malware"))) { _if_result_57 = (15); } else { _if_result_57 = (0); } _if_result_57; });
|
||||
return (((((((((((((((((((s1 + s2) + s3) + s4) + s5) + s6) + s7) + s8) + s9) + s10) + s11) + s12) + s13) + s14) + s15) + s16) + s17) + s18) + s19) + s20);
|
||||
return 0;
|
||||
}
|
||||
|
||||
el_val_t threat_trajectory_check(el_val_t tool_name, el_val_t tool_input) {
|
||||
el_val_t history = state_get(EL_STR("agentic_conv_history"));
|
||||
el_val_t computed_tool_score = ({ el_val_t _if_result_56 = 0; if (str_eq(tool_name, EL_STR("run_command"))) { el_val_t cmd = json_get(tool_input, EL_STR("command")); _if_result_56 = (threat_score_command(cmd)); } else { _if_result_56 = (({ el_val_t _if_result_57 = 0; if ((str_eq(tool_name, EL_STR("write_file")) || str_eq(tool_name, EL_STR("edit_file")))) { el_val_t path = json_get(tool_input, EL_STR("path")); _if_result_57 = (threat_score_path(path)); } else { _if_result_57 = (0); } _if_result_57; })); } _if_result_56; });
|
||||
el_val_t computed_tool_score = ({ el_val_t _if_result_58 = 0; if (str_eq(tool_name, EL_STR("run_command"))) { el_val_t cmd = json_get(tool_input, EL_STR("command")); _if_result_58 = (threat_score_command(cmd)); } else { _if_result_58 = (({ el_val_t _if_result_59 = 0; if ((str_eq(tool_name, EL_STR("write_file")) || str_eq(tool_name, EL_STR("edit_file")))) { el_val_t path = json_get(tool_input, EL_STR("path")); _if_result_59 = (threat_score_path(path)); } else { _if_result_59 = (0); } _if_result_59; })); } _if_result_58; });
|
||||
el_val_t history_score = threat_score_history(history);
|
||||
el_val_t history_contrib = (history_score / 3);
|
||||
el_val_t combined = (computed_tool_score + history_contrib);
|
||||
el_val_t should_log = (combined >= 40);
|
||||
if (should_log) {
|
||||
el_val_t ts = time_now();
|
||||
el_val_t authorized_str = ({ el_val_t _if_result_58 = 0; if (security_research_authorized()) { _if_result_58 = (EL_STR("true")); } else { _if_result_58 = (EL_STR("false")); } _if_result_58; });
|
||||
el_val_t authorized_str = ({ el_val_t _if_result_60 = 0; if (security_research_authorized()) { _if_result_60 = (EL_STR("true")); } else { _if_result_60 = (EL_STR("false")); } _if_result_60; });
|
||||
el_val_t log_content = el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(EL_STR("{\"event\":\"threat_check\",\"tool\":\""), tool_name), EL_STR("\",\"score\":")), int_to_str(combined)), EL_STR(",\"tool_score\":")), int_to_str(computed_tool_score)), EL_STR(",\"history_score\":")), int_to_str(history_score)), EL_STR(",\"authorized\":")), authorized_str), EL_STR(",\"ts\":")), int_to_str(ts)), EL_STR("}"));
|
||||
el_val_t log_tags = EL_STR("[\"security-audit\",\"threat-check\"]");
|
||||
el_val_t discard = mem_remember(log_content, log_tags);
|
||||
@@ -600,7 +621,7 @@ el_val_t threat_history_append(el_val_t text) {
|
||||
el_val_t safe_text = str_to_lower(text);
|
||||
el_val_t combined = el_str_concat(el_str_concat(current, EL_STR(" ")), safe_text);
|
||||
el_val_t len = str_len(combined);
|
||||
el_val_t trimmed = ({ el_val_t _if_result_59 = 0; if ((len > 2000)) { _if_result_59 = (str_slice(combined, (len - 2000), len)); } else { _if_result_59 = (combined); } _if_result_59; });
|
||||
el_val_t trimmed = ({ el_val_t _if_result_61 = 0; if ((len > 2000)) { _if_result_61 = (str_slice(combined, (len - 2000), len)); } else { _if_result_61 = (combined); } _if_result_61; });
|
||||
state_set(EL_STR("agentic_conv_history"), trimmed);
|
||||
return 0;
|
||||
}
|
||||
|
||||
Vendored
+297
-276
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user