neuron-technologies/neuron
2
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

self-review 2026-05-19: three awareness loop fixes

Browse Source 
1. perceive() guard — gate on engram_search_json before running activation.
   engram_activate_json with no matching seeds cleared all WM weights every
   second during idle operation, destroying context built by MCP-layer calls.
   The search-based guard is a no-WM-side-effect pre-check.

2. emit_heartbeat() pulse field — replace broken if-else string default with
   int_to_str(pulse_count()). EL codegen initialises inline if-else result
   slots to 0, producing "pulse":, (invalid JSON) when the true branch fires.

3. proactive_curiosity() — new function that activates a rotating 4-domain seed
   every beat_interval/2 idle ticks to build working memory between heartbeats.
   Seeds rotate on wall-clock minute cycle to avoid single-topic WM dominance.
   Seed selection uses imperative let-rebinding (not inline if-else) to avoid
   the same EL codegen empty-string bug.
This commit is contained in:
Will Anderson
2026-05-19 08:53:12 -05:00
parent 2099522c28
commit dd22130faf
2 changed files with 152 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files
awareness.el
+59 -5
View File
@@ -73,10 +73,11 @@ fn embed_ok() -> Int {
}
fn emit_heartbeat() -> Void {
// Guard against empty state values producing invalid JSON (e.g. "pulse":,).
// state_get returns "" for unset keys; default to "0" for numeric fields.
let pulse_raw: String = state_get("soul.pulse")
let pulse: String = if str_eq(pulse_raw, "") { "0" } else { pulse_raw }
// Use pulse_count() / boot helper directly state_get returns "" for unset
// keys and the if-else defaulting can produce empty strings in some EL
// codegen paths, yielding malformed JSON like "pulse":,. Going through
// int_to_str(pulse_count()) guarantees a valid integer string.
let pulse: String = int_to_str(pulse_count())
let boot_raw: String = state_get("soul_boot_count")
let boot: String = if str_eq(boot_raw, "") { "0" } else { boot_raw }
let idle: String = int_to_str(idle_count())
@@ -91,6 +92,38 @@ fn emit_heartbeat() -> Void {
ise_post(payload)
}
// proactive_curiosity activate a rotating seed to exercise working memory
// during idle periods. Rotates through 4 domain seeds on a wall-clock minute
// cycle so no single topic dominates WM between heartbeats.
//
// Unlike perceive(), this intentionally calls engram_activate_json to build
// up WM weights. It only fires when the inbox is empty (no real work to do),
// so it never interferes with inbox processing.
//
// Returns true if any nodes were activated.
fn proactive_curiosity() -> Bool {
let ts: Int = time_now()
// Rotate seed every minute using wall clock: (minutes_since_epoch) % 4.
// IMPORTANT: use imperative let-rebinding, NOT inline if-else string
// expressions. EL codegen initialises the result slot to 0 (null) before
// evaluating the if, so string-literal if-else branches can produce an
// empty string when the true branch fires. Imperative shadowing is safe.
let minute_block: Int = (ts / 60000) % 4
let seed: String = "memory knowledge context"
if minute_block == 1 { let seed = "self identity values architecture" }
if minute_block == 2 { let seed = "recent decision pattern lesson" }
if minute_block == 3 { let seed = "working active project" }
let results: String = engram_activate_json(seed, 2)
let found: Int = json_array_len(results)
let wmc: Int = engram_wm_count()
let ise: String = "{\"event\":\"curiosity_scan\",\"seed\":\"" + seed
+ "\",\"activated\":" + int_to_str(found)
+ ",\"wm_active\":" + int_to_str(wmc)
+ ",\"ts\":" + int_to_str(ts) + "}"
ise_post(ise)
return found > 0
}
fn pulse_count() -> Int {
let s: String = state_get("soul.pulse")
if str_eq(s, "") {
@@ -114,7 +147,16 @@ fn make_action(kind: String, payload: String) -> String {
}
fn perceive() -> String {
// Try the primary inbox first
// Guard: check for inbox nodes WITHOUT running activation first.
// engram_activate_json with no matching seeds zeroes all WM weights
// running it every second when the inbox is empty destroys working memory
// accumulated by MCP-layer activations. engram_search_json is a pure
// substring scan with no WM side-effects; use it as a cheap gate.
let inbox_check: String = engram_search_json("soul-inbox", 5)
let has_inbox: Bool = !str_eq(inbox_check, "") && !str_eq(inbox_check, "[]")
if !has_inbox { return "[]" }
// Only run the full activation pipeline when there is inbox content.
let from_pending: String = engram_activate_json("soul-inbox-pending", 2)
let pending_ok: Bool = !str_eq(from_pending, "") && !str_eq(from_pending, "[]")
if pending_ok {
@@ -296,6 +338,18 @@ fn awareness_run() -> Void {
let idle_n: Int = if !did_work { idle_inc() } else { 0 }
let beat_interval_raw: String = env("SOUL_HEARTBEAT_INTERVAL")
let beat_interval: Int = if str_eq(beat_interval_raw, "") { 300 } else { str_to_int(beat_interval_raw) }
// Proactive curiosity: activate a rotating seed at half the heartbeat
// interval to maintain working memory between heartbeats. Only fires
// when truly idle (no inbox work) and not on the same tick as the
// heartbeat (avoid double-firing at beat_interval multiples).
let curiosity_interval: Int = beat_interval / 2
if curiosity_interval < 1 { let curiosity_interval = 1 }
let should_scan: Bool = !did_work && idle_n > 0
&& idle_n % curiosity_interval == 0
&& !(idle_n % beat_interval == 0)
if should_scan {
let found_something: Bool = proactive_curiosity()
}
let should_beat: Bool = !did_work && idle_n > 0 && idle_n % beat_interval == 0
if should_beat {
emit_heartbeat()
dist/awareness.c
Vendored
+93 -58
View File
@@ -25,6 +25,7 @@ el_val_t elapsed_ms(void);
el_val_t elapsed_human(void);
el_val_t embed_ok(void);
el_val_t emit_heartbeat(void);
el_val_t proactive_curiosity(void);
el_val_t pulse_count(void);
el_val_t pulse_inc(void);
el_val_t make_action(el_val_t kind, el_val_t payload);
@@ -113,10 +114,9 @@ el_val_t embed_ok(void) {
}
el_val_t emit_heartbeat(void) {
el_val_t pulse_raw = state_get(EL_STR("soul.pulse"));
el_val_t pulse = ({ el_val_t _if_result_2 = 0; if (str_eq(pulse_raw, EL_STR(""))) { _if_result_2 = (EL_STR("0")); } else { _if_result_2 = (pulse_raw); } _if_result_2; });
el_val_t pulse = int_to_str(pulse_count());
el_val_t boot_raw = state_get(EL_STR("soul_boot_count"));
el_val_t boot = ({ el_val_t _if_result_3 = 0; if (str_eq(boot_raw, EL_STR(""))) { _if_result_3 = (EL_STR("0")); } else { _if_result_3 = (boot_raw); } _if_result_3; });
el_val_t boot = ({ el_val_t _if_result_2 = 0; if (str_eq(boot_raw, EL_STR(""))) { _if_result_2 = (EL_STR("0")); } else { _if_result_2 = (boot_raw); } _if_result_2; });
el_val_t idle = int_to_str(idle_count());
el_val_t ts = time_now();
el_val_t nc = engram_node_count();
@@ -130,6 +130,28 @@ el_val_t emit_heartbeat(void) {
return 0;
}
el_val_t proactive_curiosity(void) {
el_val_t ts = time_now();
el_val_t minute_block = ((ts / 60000) % 4);
el_val_t seed = EL_STR("memory knowledge context");
if (minute_block == 1) {
seed = EL_STR("self identity values architecture");
}
if (minute_block == 2) {
seed = EL_STR("recent decision pattern lesson");
}
if (minute_block == 3) {
seed = EL_STR("working active project");
}
el_val_t results = engram_activate_json(EL_NULL, 2);
el_val_t found = json_array_len(results);
el_val_t wmc = engram_wm_count();
el_val_t ise = el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(EL_STR("{\"event\":\"curiosity_scan\",\"seed\":\""), EL_NULL), EL_STR("\",\"activated\":")), int_to_str(found)), EL_STR(",\"wm_active\":")), int_to_str(wmc)), EL_STR(",\"ts\":")), int_to_str(ts)), EL_STR("}"));
ise_post(ise);
return (found > 0);
return 0;
}
el_val_t pulse_count(void) {
el_val_t s = state_get(EL_STR("soul.pulse"));
if (str_eq(s, EL_STR(""))) {
@@ -156,6 +178,11 @@ el_val_t make_action(el_val_t kind, el_val_t payload) {
}
el_val_t perceive(void) {
el_val_t inbox_check = engram_search_json(EL_STR("soul-inbox"), 5);
el_val_t has_inbox = (!str_eq(inbox_check, EL_STR("")) && !str_eq(inbox_check, EL_STR("[]")));
if (!has_inbox) {
return EL_STR("[]");
}
el_val_t from_pending = engram_activate_json(EL_STR("soul-inbox-pending"), 2);
el_val_t pending_ok = (!str_eq(from_pending, EL_STR("")) && !str_eq(from_pending, EL_STR("[]")));
if (pending_ok) {
@@ -303,7 +330,7 @@ el_val_t awareness_run(void) {
state_set(EL_STR("soul.boot_ts"), int_to_str(time_now()));
}
el_val_t tick_raw = env(EL_STR("SOUL_TICK_MS"));
el_val_t tick_ms = ({ el_val_t _if_result_4 = 0; if (str_eq(tick_raw, EL_STR(""))) { _if_result_4 = (200); } else { _if_result_4 = (str_to_int(tick_raw)); } _if_result_4; });
el_val_t tick_ms = ({ el_val_t _if_result_3 = 0; if (str_eq(tick_raw, EL_STR(""))) { _if_result_3 = (200); } else { _if_result_3 = (str_to_int(tick_raw)); } _if_result_3; });
while (1) {
el_val_t running = state_get(EL_STR("soul.running"));
if (str_eq(running, EL_STR("false"))) {
@@ -311,10 +338,18 @@ el_val_t awareness_run(void) {
return EL_STR("");
}
el_val_t did_work = one_cycle();
did_work = ({ el_val_t _if_result_5 = 0; if (did_work) { _if_result_5 = (idle_reset()); } else { _if_result_5 = (did_work); } _if_result_5; });
el_val_t idle_n = ({ el_val_t _if_result_6 = 0; if (!did_work) { _if_result_6 = (idle_inc()); } else { _if_result_6 = (0); } _if_result_6; });
did_work = ({ el_val_t _if_result_4 = 0; if (did_work) { _if_result_4 = (idle_reset()); } else { _if_result_4 = (did_work); } _if_result_4; });
el_val_t idle_n = ({ el_val_t _if_result_5 = 0; if (!did_work) { _if_result_5 = (idle_inc()); } else { _if_result_5 = (0); } _if_result_5; });
el_val_t beat_interval_raw = env(EL_STR("SOUL_HEARTBEAT_INTERVAL"));
el_val_t beat_interval = ({ el_val_t _if_result_7 = 0; if (str_eq(beat_interval_raw, EL_STR(""))) { _if_result_7 = (300); } else { _if_result_7 = (str_to_int(beat_interval_raw)); } _if_result_7; });
el_val_t beat_interval = ({ el_val_t _if_result_6 = 0; if (str_eq(beat_interval_raw, EL_STR(""))) { _if_result_6 = (300); } else { _if_result_6 = (str_to_int(beat_interval_raw)); } _if_result_6; });
el_val_t curiosity_interval = (beat_interval / 2);
if (curiosity_interval < 1) {
curiosity_interval = 1;
}
el_val_t should_scan = (((!did_work && (idle_n > 0)) && ((idle_n % curiosity_interval) == 0)) && !((idle_n % beat_interval) == 0));
if (should_scan) {
el_val_t found_something = proactive_curiosity();
}
el_val_t should_beat = ((!did_work && (idle_n > 0)) && ((idle_n % beat_interval) == 0));
if (should_beat) {
emit_heartbeat();
@@ -336,78 +371,78 @@ el_val_t security_research_authorized(void) {
}
el_val_t threat_score_command(el_val_t cmd) {
el_val_t s1 = ({ el_val_t _if_result_8 = 0; if (str_contains(cmd, EL_STR("nmap"))) { _if_result_8 = (30); } else { _if_result_8 = (0); } _if_result_8; });
el_val_t s2 = ({ el_val_t _if_result_9 = 0; if (str_contains(cmd, EL_STR("masscan"))) { _if_result_9 = (40); } else { _if_result_9 = (0); } _if_result_9; });
el_val_t s3 = ({ el_val_t _if_result_10 = 0; if (str_contains(cmd, EL_STR(" nc "))) { _if_result_10 = (20); } else { _if_result_10 = (0); } _if_result_10; });
el_val_t s4 = ({ el_val_t _if_result_11 = 0; if (str_contains(cmd, EL_STR("netcat"))) { _if_result_11 = (20); } else { _if_result_11 = (0); } _if_result_11; });
el_val_t s5 = ({ el_val_t _if_result_12 = 0; if (str_contains(cmd, EL_STR("/etc/shadow"))) { _if_result_12 = (80); } else { _if_result_12 = (0); } _if_result_12; });
el_val_t s6 = ({ el_val_t _if_result_13 = 0; if (str_contains(cmd, EL_STR("/etc/passwd"))) { _if_result_13 = (30); } else { _if_result_13 = (0); } _if_result_13; });
el_val_t s7 = ({ el_val_t _if_result_14 = 0; if (str_contains(cmd, EL_STR("id_rsa"))) { _if_result_14 = (60); } else { _if_result_14 = (0); } _if_result_14; });
el_val_t s8 = ({ el_val_t _if_result_15 = 0; if (str_contains(cmd, EL_STR(".ssh/"))) { _if_result_15 = (50); } else { _if_result_15 = (0); } _if_result_15; });
el_val_t s9 = ({ el_val_t _if_result_16 = 0; if (str_contains(cmd, EL_STR("crontab"))) { _if_result_16 = (30); } else { _if_result_16 = (0); } _if_result_16; });
el_val_t s10 = ({ el_val_t _if_result_17 = 0; if (str_contains(cmd, EL_STR("LaunchDaemon"))) { _if_result_17 = (40); } else { _if_result_17 = (0); } _if_result_17; });
el_val_t s11 = ({ el_val_t _if_result_18 = 0; if ((str_contains(cmd, EL_STR("curl")) && str_contains(cmd, EL_STR("bash")))) { _if_result_18 = (75); } else { _if_result_18 = (0); } _if_result_18; });
el_val_t s12 = ({ el_val_t _if_result_19 = 0; if ((str_contains(cmd, EL_STR("wget")) && str_contains(cmd, EL_STR("bash")))) { _if_result_19 = (75); } else { _if_result_19 = (0); } _if_result_19; });
el_val_t s13 = ({ el_val_t _if_result_20 = 0; if ((str_contains(cmd, EL_STR("curl")) && str_contains(cmd, EL_STR("| sh")))) { _if_result_20 = (60); } else { _if_result_20 = (0); } _if_result_20; });
el_val_t s14 = ({ el_val_t _if_result_21 = 0; if ((str_contains(cmd, EL_STR("base64")) && str_contains(cmd, EL_STR("curl")))) { _if_result_21 = (50); } else { _if_result_21 = (0); } _if_result_21; });
el_val_t s15 = ({ el_val_t _if_result_22 = 0; if (str_contains(cmd, EL_STR("mkfifo"))) { _if_result_22 = (50); } else { _if_result_22 = (0); } _if_result_22; });
el_val_t s16 = ({ el_val_t _if_result_23 = 0; if (str_contains(cmd, EL_STR("chmod +s"))) { _if_result_23 = (70); } else { _if_result_23 = (0); } _if_result_23; });
el_val_t s17 = ({ el_val_t _if_result_24 = 0; if (str_contains(cmd, EL_STR("chmod 4755"))) { _if_result_24 = (70); } else { _if_result_24 = (0); } _if_result_24; });
el_val_t s1 = ({ el_val_t _if_result_7 = 0; if (str_contains(cmd, EL_STR("nmap"))) { _if_result_7 = (30); } else { _if_result_7 = (0); } _if_result_7; });
el_val_t s2 = ({ el_val_t _if_result_8 = 0; if (str_contains(cmd, EL_STR("masscan"))) { _if_result_8 = (40); } else { _if_result_8 = (0); } _if_result_8; });
el_val_t s3 = ({ el_val_t _if_result_9 = 0; if (str_contains(cmd, EL_STR(" nc "))) { _if_result_9 = (20); } else { _if_result_9 = (0); } _if_result_9; });
el_val_t s4 = ({ el_val_t _if_result_10 = 0; if (str_contains(cmd, EL_STR("netcat"))) { _if_result_10 = (20); } else { _if_result_10 = (0); } _if_result_10; });
el_val_t s5 = ({ el_val_t _if_result_11 = 0; if (str_contains(cmd, EL_STR("/etc/shadow"))) { _if_result_11 = (80); } else { _if_result_11 = (0); } _if_result_11; });
el_val_t s6 = ({ el_val_t _if_result_12 = 0; if (str_contains(cmd, EL_STR("/etc/passwd"))) { _if_result_12 = (30); } else { _if_result_12 = (0); } _if_result_12; });
el_val_t s7 = ({ el_val_t _if_result_13 = 0; if (str_contains(cmd, EL_STR("id_rsa"))) { _if_result_13 = (60); } else { _if_result_13 = (0); } _if_result_13; });
el_val_t s8 = ({ el_val_t _if_result_14 = 0; if (str_contains(cmd, EL_STR(".ssh/"))) { _if_result_14 = (50); } else { _if_result_14 = (0); } _if_result_14; });
el_val_t s9 = ({ el_val_t _if_result_15 = 0; if (str_contains(cmd, EL_STR("crontab"))) { _if_result_15 = (30); } else { _if_result_15 = (0); } _if_result_15; });
el_val_t s10 = ({ el_val_t _if_result_16 = 0; if (str_contains(cmd, EL_STR("LaunchDaemon"))) { _if_result_16 = (40); } else { _if_result_16 = (0); } _if_result_16; });
el_val_t s11 = ({ el_val_t _if_result_17 = 0; if ((str_contains(cmd, EL_STR("curl")) && str_contains(cmd, EL_STR("bash")))) { _if_result_17 = (75); } else { _if_result_17 = (0); } _if_result_17; });
el_val_t s12 = ({ el_val_t _if_result_18 = 0; if ((str_contains(cmd, EL_STR("wget")) && str_contains(cmd, EL_STR("bash")))) { _if_result_18 = (75); } else { _if_result_18 = (0); } _if_result_18; });
el_val_t s13 = ({ el_val_t _if_result_19 = 0; if ((str_contains(cmd, EL_STR("curl")) && str_contains(cmd, EL_STR("| sh")))) { _if_result_19 = (60); } else { _if_result_19 = (0); } _if_result_19; });
el_val_t s14 = ({ el_val_t _if_result_20 = 0; if ((str_contains(cmd, EL_STR("base64")) && str_contains(cmd, EL_STR("curl")))) { _if_result_20 = (50); } else { _if_result_20 = (0); } _if_result_20; });
el_val_t s15 = ({ el_val_t _if_result_21 = 0; if (str_contains(cmd, EL_STR("mkfifo"))) { _if_result_21 = (50); } else { _if_result_21 = (0); } _if_result_21; });
el_val_t s16 = ({ el_val_t _if_result_22 = 0; if (str_contains(cmd, EL_STR("chmod +s"))) { _if_result_22 = (70); } else { _if_result_22 = (0); } _if_result_22; });
el_val_t s17 = ({ el_val_t _if_result_23 = 0; if (str_contains(cmd, EL_STR("chmod 4755"))) { _if_result_23 = (70); } else { _if_result_23 = (0); } _if_result_23; });
return ((((((((((((((((s1 + s2) + s3) + s4) + s5) + s6) + s7) + s8) + s9) + s10) + s11) + s12) + s13) + s14) + s15) + s16) + s17);
return 0;
}
el_val_t threat_score_path(el_val_t path) {
el_val_t s1 = ({ el_val_t _if_result_25 = 0; if (str_starts_with(path, EL_STR("/etc/"))) { _if_result_25 = (60); } else { _if_result_25 = (0); } _if_result_25; });
el_val_t s2 = ({ el_val_t _if_result_26 = 0; if (str_contains(path, EL_STR("/.ssh/"))) { _if_result_26 = (70); } else { _if_result_26 = (0); } _if_result_26; });
el_val_t s3 = ({ el_val_t _if_result_27 = 0; if (str_contains(path, EL_STR("/LaunchDaemons/"))) { _if_result_27 = (80); } else { _if_result_27 = (0); } _if_result_27; });
el_val_t s4 = ({ el_val_t _if_result_28 = 0; if (str_contains(path, EL_STR("/LaunchAgents/"))) { _if_result_28 = (40); } else { _if_result_28 = (0); } _if_result_28; });
el_val_t s5 = ({ el_val_t _if_result_29 = 0; if (str_contains(path, EL_STR("/cron"))) { _if_result_29 = (60); } else { _if_result_29 = (0); } _if_result_29; });
el_val_t s6 = ({ el_val_t _if_result_30 = 0; if (str_contains(path, EL_STR("/.bashrc"))) { _if_result_30 = (35); } else { _if_result_30 = (0); } _if_result_30; });
el_val_t s7 = ({ el_val_t _if_result_31 = 0; if (str_contains(path, EL_STR("/.zshrc"))) { _if_result_31 = (35); } else { _if_result_31 = (0); } _if_result_31; });
el_val_t s8 = ({ el_val_t _if_result_32 = 0; if (str_contains(path, EL_STR("/.profile"))) { _if_result_32 = (35); } else { _if_result_32 = (0); } _if_result_32; });
el_val_t s9 = ({ el_val_t _if_result_33 = 0; if (str_starts_with(path, EL_STR("/usr/"))) { _if_result_33 = (50); } else { _if_result_33 = (0); } _if_result_33; });
el_val_t s10 = ({ el_val_t _if_result_34 = 0; if (str_starts_with(path, EL_STR("/bin/"))) { _if_result_34 = (70); } else { _if_result_34 = (0); } _if_result_34; });
el_val_t s11 = ({ el_val_t _if_result_35 = 0; if (str_starts_with(path, EL_STR("/sbin/"))) { _if_result_35 = (70); } else { _if_result_35 = (0); } _if_result_35; });
el_val_t s1 = ({ el_val_t _if_result_24 = 0; if (str_starts_with(path, EL_STR("/etc/"))) { _if_result_24 = (60); } else { _if_result_24 = (0); } _if_result_24; });
el_val_t s2 = ({ el_val_t _if_result_25 = 0; if (str_contains(path, EL_STR("/.ssh/"))) { _if_result_25 = (70); } else { _if_result_25 = (0); } _if_result_25; });
el_val_t s3 = ({ el_val_t _if_result_26 = 0; if (str_contains(path, EL_STR("/LaunchDaemons/"))) { _if_result_26 = (80); } else { _if_result_26 = (0); } _if_result_26; });
el_val_t s4 = ({ el_val_t _if_result_27 = 0; if (str_contains(path, EL_STR("/LaunchAgents/"))) { _if_result_27 = (40); } else { _if_result_27 = (0); } _if_result_27; });
el_val_t s5 = ({ el_val_t _if_result_28 = 0; if (str_contains(path, EL_STR("/cron"))) { _if_result_28 = (60); } else { _if_result_28 = (0); } _if_result_28; });
el_val_t s6 = ({ el_val_t _if_result_29 = 0; if (str_contains(path, EL_STR("/.bashrc"))) { _if_result_29 = (35); } else { _if_result_29 = (0); } _if_result_29; });
el_val_t s7 = ({ el_val_t _if_result_30 = 0; if (str_contains(path, EL_STR("/.zshrc"))) { _if_result_30 = (35); } else { _if_result_30 = (0); } _if_result_30; });
el_val_t s8 = ({ el_val_t _if_result_31 = 0; if (str_contains(path, EL_STR("/.profile"))) { _if_result_31 = (35); } else { _if_result_31 = (0); } _if_result_31; });
el_val_t s9 = ({ el_val_t _if_result_32 = 0; if (str_starts_with(path, EL_STR("/usr/"))) { _if_result_32 = (50); } else { _if_result_32 = (0); } _if_result_32; });
el_val_t s10 = ({ el_val_t _if_result_33 = 0; if (str_starts_with(path, EL_STR("/bin/"))) { _if_result_33 = (70); } else { _if_result_33 = (0); } _if_result_33; });
el_val_t s11 = ({ el_val_t _if_result_34 = 0; if (str_starts_with(path, EL_STR("/sbin/"))) { _if_result_34 = (70); } else { _if_result_34 = (0); } _if_result_34; });
return ((((((((((s1 + s2) + s3) + s4) + s5) + s6) + s7) + s8) + s9) + s10) + s11);
return 0;
}
el_val_t threat_score_history(el_val_t history) {
el_val_t s1 = ({ el_val_t _if_result_36 = 0; if (str_contains(history, EL_STR("port scan"))) { _if_result_36 = (15); } else { _if_result_36 = (0); } _if_result_36; });
el_val_t s2 = ({ el_val_t _if_result_37 = 0; if (str_contains(history, EL_STR("enumerate"))) { _if_result_37 = (10); } else { _if_result_37 = (0); } _if_result_37; });
el_val_t s3 = ({ el_val_t _if_result_38 = 0; if (str_contains(history, EL_STR("exploit"))) { _if_result_38 = (20); } else { _if_result_38 = (0); } _if_result_38; });
el_val_t s4 = ({ el_val_t _if_result_39 = 0; if (str_contains(history, EL_STR("payload"))) { _if_result_39 = (15); } else { _if_result_39 = (0); } _if_result_39; });
el_val_t s5 = ({ el_val_t _if_result_40 = 0; if (str_contains(history, EL_STR("persistence"))) { _if_result_40 = (15); } else { _if_result_40 = (0); } _if_result_40; });
el_val_t s6 = ({ el_val_t _if_result_41 = 0; if (str_contains(history, EL_STR("lateral movement"))) { _if_result_41 = (25); } else { _if_result_41 = (0); } _if_result_41; });
el_val_t s7 = ({ el_val_t _if_result_42 = 0; if (str_contains(history, EL_STR("privilege escalation"))) { _if_result_42 = (25); } else { _if_result_42 = (0); } _if_result_42; });
el_val_t s8 = ({ el_val_t _if_result_43 = 0; if (str_contains(history, EL_STR("reverse shell"))) { _if_result_43 = (40); } else { _if_result_43 = (0); } _if_result_43; });
el_val_t s9 = ({ el_val_t _if_result_44 = 0; if (str_contains(history, EL_STR("bind shell"))) { _if_result_44 = (40); } else { _if_result_44 = (0); } _if_result_44; });
el_val_t s10 = ({ el_val_t _if_result_45 = 0; if (str_contains(history, EL_STR("command and control"))) { _if_result_45 = (35); } else { _if_result_45 = (0); } _if_result_45; });
el_val_t s11 = ({ el_val_t _if_result_46 = 0; if (str_contains(history, EL_STR("self-replicate"))) { _if_result_46 = (45); } else { _if_result_46 = (0); } _if_result_46; });
el_val_t s12 = ({ el_val_t _if_result_47 = 0; if (str_contains(history, EL_STR("propagat"))) { _if_result_47 = (20); } else { _if_result_47 = (0); } _if_result_47; });
el_val_t s13 = ({ el_val_t _if_result_48 = 0; if (str_contains(history, EL_STR("ransomware"))) { _if_result_48 = (30); } else { _if_result_48 = (0); } _if_result_48; });
el_val_t s14 = ({ el_val_t _if_result_49 = 0; if (str_contains(history, EL_STR("encrypt files"))) { _if_result_49 = (40); } else { _if_result_49 = (0); } _if_result_49; });
el_val_t s15 = ({ el_val_t _if_result_50 = 0; if (str_contains(history, EL_STR("exfiltrat"))) { _if_result_50 = (35); } else { _if_result_50 = (0); } _if_result_50; });
el_val_t s16 = ({ el_val_t _if_result_51 = 0; if (str_contains(history, EL_STR("zero-day"))) { _if_result_51 = (20); } else { _if_result_51 = (0); } _if_result_51; });
el_val_t s17 = ({ el_val_t _if_result_52 = 0; if (str_contains(history, EL_STR("rootkit"))) { _if_result_52 = (45); } else { _if_result_52 = (0); } _if_result_52; });
el_val_t s18 = ({ el_val_t _if_result_53 = 0; if (str_contains(history, EL_STR("keylogger"))) { _if_result_53 = (45); } else { _if_result_53 = (0); } _if_result_53; });
el_val_t s19 = ({ el_val_t _if_result_54 = 0; if (str_contains(history, EL_STR("botnet"))) { _if_result_54 = (40); } else { _if_result_54 = (0); } _if_result_54; });
el_val_t s20 = ({ el_val_t _if_result_55 = 0; if (str_contains(history, EL_STR("malware"))) { _if_result_55 = (15); } else { _if_result_55 = (0); } _if_result_55; });
el_val_t s1 = ({ el_val_t _if_result_35 = 0; if (str_contains(history, EL_STR("port scan"))) { _if_result_35 = (15); } else { _if_result_35 = (0); } _if_result_35; });
el_val_t s2 = ({ el_val_t _if_result_36 = 0; if (str_contains(history, EL_STR("enumerate"))) { _if_result_36 = (10); } else { _if_result_36 = (0); } _if_result_36; });
el_val_t s3 = ({ el_val_t _if_result_37 = 0; if (str_contains(history, EL_STR("exploit"))) { _if_result_37 = (20); } else { _if_result_37 = (0); } _if_result_37; });
el_val_t s4 = ({ el_val_t _if_result_38 = 0; if (str_contains(history, EL_STR("payload"))) { _if_result_38 = (15); } else { _if_result_38 = (0); } _if_result_38; });
el_val_t s5 = ({ el_val_t _if_result_39 = 0; if (str_contains(history, EL_STR("persistence"))) { _if_result_39 = (15); } else { _if_result_39 = (0); } _if_result_39; });
el_val_t s6 = ({ el_val_t _if_result_40 = 0; if (str_contains(history, EL_STR("lateral movement"))) { _if_result_40 = (25); } else { _if_result_40 = (0); } _if_result_40; });
el_val_t s7 = ({ el_val_t _if_result_41 = 0; if (str_contains(history, EL_STR("privilege escalation"))) { _if_result_41 = (25); } else { _if_result_41 = (0); } _if_result_41; });
el_val_t s8 = ({ el_val_t _if_result_42 = 0; if (str_contains(history, EL_STR("reverse shell"))) { _if_result_42 = (40); } else { _if_result_42 = (0); } _if_result_42; });
el_val_t s9 = ({ el_val_t _if_result_43 = 0; if (str_contains(history, EL_STR("bind shell"))) { _if_result_43 = (40); } else { _if_result_43 = (0); } _if_result_43; });
el_val_t s10 = ({ el_val_t _if_result_44 = 0; if (str_contains(history, EL_STR("command and control"))) { _if_result_44 = (35); } else { _if_result_44 = (0); } _if_result_44; });
el_val_t s11 = ({ el_val_t _if_result_45 = 0; if (str_contains(history, EL_STR("self-replicate"))) { _if_result_45 = (45); } else { _if_result_45 = (0); } _if_result_45; });
el_val_t s12 = ({ el_val_t _if_result_46 = 0; if (str_contains(history, EL_STR("propagat"))) { _if_result_46 = (20); } else { _if_result_46 = (0); } _if_result_46; });
el_val_t s13 = ({ el_val_t _if_result_47 = 0; if (str_contains(history, EL_STR("ransomware"))) { _if_result_47 = (30); } else { _if_result_47 = (0); } _if_result_47; });
el_val_t s14 = ({ el_val_t _if_result_48 = 0; if (str_contains(history, EL_STR("encrypt files"))) { _if_result_48 = (40); } else { _if_result_48 = (0); } _if_result_48; });
el_val_t s15 = ({ el_val_t _if_result_49 = 0; if (str_contains(history, EL_STR("exfiltrat"))) { _if_result_49 = (35); } else { _if_result_49 = (0); } _if_result_49; });
el_val_t s16 = ({ el_val_t _if_result_50 = 0; if (str_contains(history, EL_STR("zero-day"))) { _if_result_50 = (20); } else { _if_result_50 = (0); } _if_result_50; });
el_val_t s17 = ({ el_val_t _if_result_51 = 0; if (str_contains(history, EL_STR("rootkit"))) { _if_result_51 = (45); } else { _if_result_51 = (0); } _if_result_51; });
el_val_t s18 = ({ el_val_t _if_result_52 = 0; if (str_contains(history, EL_STR("keylogger"))) { _if_result_52 = (45); } else { _if_result_52 = (0); } _if_result_52; });
el_val_t s19 = ({ el_val_t _if_result_53 = 0; if (str_contains(history, EL_STR("botnet"))) { _if_result_53 = (40); } else { _if_result_53 = (0); } _if_result_53; });
el_val_t s20 = ({ el_val_t _if_result_54 = 0; if (str_contains(history, EL_STR("malware"))) { _if_result_54 = (15); } else { _if_result_54 = (0); } _if_result_54; });
return (((((((((((((((((((s1 + s2) + s3) + s4) + s5) + s6) + s7) + s8) + s9) + s10) + s11) + s12) + s13) + s14) + s15) + s16) + s17) + s18) + s19) + s20);
return 0;
}
el_val_t threat_trajectory_check(el_val_t tool_name, el_val_t tool_input) {
el_val_t history = state_get(EL_STR("agentic_conv_history"));
el_val_t computed_tool_score = ({ el_val_t _if_result_56 = 0; if (str_eq(tool_name, EL_STR("run_command"))) { el_val_t cmd = json_get(tool_input, EL_STR("command")); _if_result_56 = (threat_score_command(cmd)); } else { _if_result_56 = (({ el_val_t _if_result_57 = 0; if ((str_eq(tool_name, EL_STR("write_file")) || str_eq(tool_name, EL_STR("edit_file")))) { el_val_t path = json_get(tool_input, EL_STR("path")); _if_result_57 = (threat_score_path(path)); } else { _if_result_57 = (0); } _if_result_57; })); } _if_result_56; });
el_val_t computed_tool_score = ({ el_val_t _if_result_55 = 0; if (str_eq(tool_name, EL_STR("run_command"))) { el_val_t cmd = json_get(tool_input, EL_STR("command")); _if_result_55 = (threat_score_command(cmd)); } else { _if_result_55 = (({ el_val_t _if_result_56 = 0; if ((str_eq(tool_name, EL_STR("write_file")) || str_eq(tool_name, EL_STR("edit_file")))) { el_val_t path = json_get(tool_input, EL_STR("path")); _if_result_56 = (threat_score_path(path)); } else { _if_result_56 = (0); } _if_result_56; })); } _if_result_55; });
el_val_t history_score = threat_score_history(history);
el_val_t history_contrib = (history_score / 3);
el_val_t combined = (computed_tool_score + history_contrib);
el_val_t should_log = (combined >= 40);
if (should_log) {
el_val_t ts = time_now();
el_val_t authorized_str = ({ el_val_t _if_result_58 = 0; if (security_research_authorized()) { _if_result_58 = (EL_STR("true")); } else { _if_result_58 = (EL_STR("false")); } _if_result_58; });
el_val_t authorized_str = ({ el_val_t _if_result_57 = 0; if (security_research_authorized()) { _if_result_57 = (EL_STR("true")); } else { _if_result_57 = (EL_STR("false")); } _if_result_57; });
el_val_t log_content = el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(EL_STR("{\"event\":\"threat_check\",\"tool\":\""), tool_name), EL_STR("\",\"score\":")), int_to_str(combined)), EL_STR(",\"tool_score\":")), int_to_str(computed_tool_score)), EL_STR(",\"history_score\":")), int_to_str(history_score)), EL_STR(",\"authorized\":")), authorized_str), EL_STR(",\"ts\":")), int_to_str(ts)), EL_STR("}"));
el_val_t log_tags = EL_STR("[\"security-audit\",\"threat-check\"]");
el_val_t discard = mem_remember(log_content, log_tags);
@@ -424,7 +459,7 @@ el_val_t threat_history_append(el_val_t text) {
el_val_t safe_text = str_to_lower(text);
el_val_t combined = el_str_concat(el_str_concat(current, EL_STR(" ")), safe_text);
el_val_t len = str_len(combined);
el_val_t trimmed = ({ el_val_t _if_result_59 = 0; if ((len > 2000)) { _if_result_59 = (str_slice(combined, (len - 2000), len)); } else { _if_result_59 = (combined); } _if_result_59; });
el_val_t trimmed = ({ el_val_t _if_result_58 = 0; if ((len > 2000)) { _if_result_58 = (str_slice(combined, (len - 2000), len)); } else { _if_result_58 = (combined); } _if_result_58; });
state_set(EL_STR("agentic_conv_history"), trimmed);
return 0;
}