diff --git a/awareness.el b/awareness.el index 3569ef1..9c2ebc5 100644 --- a/awareness.el +++ b/awareness.el @@ -73,10 +73,11 @@ fn embed_ok() -> Int { } fn emit_heartbeat() -> Void { - // Guard against empty state values producing invalid JSON (e.g. "pulse":,). - // state_get returns "" for unset keys; default to "0" for numeric fields. - let pulse_raw: String = state_get("soul.pulse") - let pulse: String = if str_eq(pulse_raw, "") { "0" } else { pulse_raw } + // Use pulse_count() / boot helper directly — state_get returns "" for unset + // keys and the if-else defaulting can produce empty strings in some EL + // codegen paths, yielding malformed JSON like "pulse":,. Going through + // int_to_str(pulse_count()) guarantees a valid integer string. + let pulse: String = int_to_str(pulse_count()) let boot_raw: String = state_get("soul_boot_count") let boot: String = if str_eq(boot_raw, "") { "0" } else { boot_raw } let idle: String = int_to_str(idle_count()) @@ -91,6 +92,38 @@ fn emit_heartbeat() -> Void { ise_post(payload) } +// proactive_curiosity — activate a rotating seed to exercise working memory +// during idle periods. Rotates through 4 domain seeds on a wall-clock minute +// cycle so no single topic dominates WM between heartbeats. +// +// Unlike perceive(), this intentionally calls engram_activate_json to build +// up WM weights. It only fires when the inbox is empty (no real work to do), +// so it never interferes with inbox processing. +// +// Returns true if any nodes were activated. +fn proactive_curiosity() -> Bool { + let ts: Int = time_now() + // Rotate seed every minute using wall clock: (minutes_since_epoch) % 4. + // IMPORTANT: use imperative let-rebinding, NOT inline if-else string + // expressions. EL codegen initialises the result slot to 0 (null) before + // evaluating the if, so string-literal if-else branches can produce an + // empty string when the true branch fires. Imperative shadowing is safe. + let minute_block: Int = (ts / 60000) % 4 + let seed: String = "memory knowledge context" + if minute_block == 1 { let seed = "self identity values architecture" } + if minute_block == 2 { let seed = "recent decision pattern lesson" } + if minute_block == 3 { let seed = "working active project" } + let results: String = engram_activate_json(seed, 2) + let found: Int = json_array_len(results) + let wmc: Int = engram_wm_count() + let ise: String = "{\"event\":\"curiosity_scan\",\"seed\":\"" + seed + + "\",\"activated\":" + int_to_str(found) + + ",\"wm_active\":" + int_to_str(wmc) + + ",\"ts\":" + int_to_str(ts) + "}" + ise_post(ise) + return found > 0 +} + fn pulse_count() -> Int { let s: String = state_get("soul.pulse") if str_eq(s, "") { @@ -114,7 +147,16 @@ fn make_action(kind: String, payload: String) -> String { } fn perceive() -> String { - // Try the primary inbox first + // Guard: check for inbox nodes WITHOUT running activation first. + // engram_activate_json with no matching seeds zeroes all WM weights — + // running it every second when the inbox is empty destroys working memory + // accumulated by MCP-layer activations. engram_search_json is a pure + // substring scan with no WM side-effects; use it as a cheap gate. + let inbox_check: String = engram_search_json("soul-inbox", 5) + let has_inbox: Bool = !str_eq(inbox_check, "") && !str_eq(inbox_check, "[]") + if !has_inbox { return "[]" } + + // Only run the full activation pipeline when there is inbox content. let from_pending: String = engram_activate_json("soul-inbox-pending", 2) let pending_ok: Bool = !str_eq(from_pending, "") && !str_eq(from_pending, "[]") if pending_ok { @@ -296,6 +338,18 @@ fn awareness_run() -> Void { let idle_n: Int = if !did_work { idle_inc() } else { 0 } let beat_interval_raw: String = env("SOUL_HEARTBEAT_INTERVAL") let beat_interval: Int = if str_eq(beat_interval_raw, "") { 300 } else { str_to_int(beat_interval_raw) } + // Proactive curiosity: activate a rotating seed at half the heartbeat + // interval to maintain working memory between heartbeats. Only fires + // when truly idle (no inbox work) and not on the same tick as the + // heartbeat (avoid double-firing at beat_interval multiples). + let curiosity_interval: Int = beat_interval / 2 + if curiosity_interval < 1 { let curiosity_interval = 1 } + let should_scan: Bool = !did_work && idle_n > 0 + && idle_n % curiosity_interval == 0 + && !(idle_n % beat_interval == 0) + if should_scan { + let found_something: Bool = proactive_curiosity() + } let should_beat: Bool = !did_work && idle_n > 0 && idle_n % beat_interval == 0 if should_beat { emit_heartbeat() diff --git a/dist/awareness.c b/dist/awareness.c index 365ba42..c6e4048 100644 --- a/dist/awareness.c +++ b/dist/awareness.c @@ -25,6 +25,7 @@ el_val_t elapsed_ms(void); el_val_t elapsed_human(void); el_val_t embed_ok(void); el_val_t emit_heartbeat(void); +el_val_t proactive_curiosity(void); el_val_t pulse_count(void); el_val_t pulse_inc(void); el_val_t make_action(el_val_t kind, el_val_t payload); @@ -113,10 +114,9 @@ el_val_t embed_ok(void) { } el_val_t emit_heartbeat(void) { - el_val_t pulse_raw = state_get(EL_STR("soul.pulse")); - el_val_t pulse = ({ el_val_t _if_result_2 = 0; if (str_eq(pulse_raw, EL_STR(""))) { _if_result_2 = (EL_STR("0")); } else { _if_result_2 = (pulse_raw); } _if_result_2; }); + el_val_t pulse = int_to_str(pulse_count()); el_val_t boot_raw = state_get(EL_STR("soul_boot_count")); - el_val_t boot = ({ el_val_t _if_result_3 = 0; if (str_eq(boot_raw, EL_STR(""))) { _if_result_3 = (EL_STR("0")); } else { _if_result_3 = (boot_raw); } _if_result_3; }); + el_val_t boot = ({ el_val_t _if_result_2 = 0; if (str_eq(boot_raw, EL_STR(""))) { _if_result_2 = (EL_STR("0")); } else { _if_result_2 = (boot_raw); } _if_result_2; }); el_val_t idle = int_to_str(idle_count()); el_val_t ts = time_now(); el_val_t nc = engram_node_count(); @@ -130,6 +130,28 @@ el_val_t emit_heartbeat(void) { return 0; } +el_val_t proactive_curiosity(void) { + el_val_t ts = time_now(); + el_val_t minute_block = ((ts / 60000) % 4); + el_val_t seed = EL_STR("memory knowledge context"); + if (minute_block == 1) { + seed = EL_STR("self identity values architecture"); + } + if (minute_block == 2) { + seed = EL_STR("recent decision pattern lesson"); + } + if (minute_block == 3) { + seed = EL_STR("working active project"); + } + el_val_t results = engram_activate_json(EL_NULL, 2); + el_val_t found = json_array_len(results); + el_val_t wmc = engram_wm_count(); + el_val_t ise = el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(EL_STR("{\"event\":\"curiosity_scan\",\"seed\":\""), EL_NULL), EL_STR("\",\"activated\":")), int_to_str(found)), EL_STR(",\"wm_active\":")), int_to_str(wmc)), EL_STR(",\"ts\":")), int_to_str(ts)), EL_STR("}")); + ise_post(ise); + return (found > 0); + return 0; +} + el_val_t pulse_count(void) { el_val_t s = state_get(EL_STR("soul.pulse")); if (str_eq(s, EL_STR(""))) { @@ -156,6 +178,11 @@ el_val_t make_action(el_val_t kind, el_val_t payload) { } el_val_t perceive(void) { + el_val_t inbox_check = engram_search_json(EL_STR("soul-inbox"), 5); + el_val_t has_inbox = (!str_eq(inbox_check, EL_STR("")) && !str_eq(inbox_check, EL_STR("[]"))); + if (!has_inbox) { + return EL_STR("[]"); + } el_val_t from_pending = engram_activate_json(EL_STR("soul-inbox-pending"), 2); el_val_t pending_ok = (!str_eq(from_pending, EL_STR("")) && !str_eq(from_pending, EL_STR("[]"))); if (pending_ok) { @@ -303,7 +330,7 @@ el_val_t awareness_run(void) { state_set(EL_STR("soul.boot_ts"), int_to_str(time_now())); } el_val_t tick_raw = env(EL_STR("SOUL_TICK_MS")); - el_val_t tick_ms = ({ el_val_t _if_result_4 = 0; if (str_eq(tick_raw, EL_STR(""))) { _if_result_4 = (200); } else { _if_result_4 = (str_to_int(tick_raw)); } _if_result_4; }); + el_val_t tick_ms = ({ el_val_t _if_result_3 = 0; if (str_eq(tick_raw, EL_STR(""))) { _if_result_3 = (200); } else { _if_result_3 = (str_to_int(tick_raw)); } _if_result_3; }); while (1) { el_val_t running = state_get(EL_STR("soul.running")); if (str_eq(running, EL_STR("false"))) { @@ -311,10 +338,18 @@ el_val_t awareness_run(void) { return EL_STR(""); } el_val_t did_work = one_cycle(); - did_work = ({ el_val_t _if_result_5 = 0; if (did_work) { _if_result_5 = (idle_reset()); } else { _if_result_5 = (did_work); } _if_result_5; }); - el_val_t idle_n = ({ el_val_t _if_result_6 = 0; if (!did_work) { _if_result_6 = (idle_inc()); } else { _if_result_6 = (0); } _if_result_6; }); + did_work = ({ el_val_t _if_result_4 = 0; if (did_work) { _if_result_4 = (idle_reset()); } else { _if_result_4 = (did_work); } _if_result_4; }); + el_val_t idle_n = ({ el_val_t _if_result_5 = 0; if (!did_work) { _if_result_5 = (idle_inc()); } else { _if_result_5 = (0); } _if_result_5; }); el_val_t beat_interval_raw = env(EL_STR("SOUL_HEARTBEAT_INTERVAL")); - el_val_t beat_interval = ({ el_val_t _if_result_7 = 0; if (str_eq(beat_interval_raw, EL_STR(""))) { _if_result_7 = (300); } else { _if_result_7 = (str_to_int(beat_interval_raw)); } _if_result_7; }); + el_val_t beat_interval = ({ el_val_t _if_result_6 = 0; if (str_eq(beat_interval_raw, EL_STR(""))) { _if_result_6 = (300); } else { _if_result_6 = (str_to_int(beat_interval_raw)); } _if_result_6; }); + el_val_t curiosity_interval = (beat_interval / 2); + if (curiosity_interval < 1) { + curiosity_interval = 1; + } + el_val_t should_scan = (((!did_work && (idle_n > 0)) && ((idle_n % curiosity_interval) == 0)) && !((idle_n % beat_interval) == 0)); + if (should_scan) { + el_val_t found_something = proactive_curiosity(); + } el_val_t should_beat = ((!did_work && (idle_n > 0)) && ((idle_n % beat_interval) == 0)); if (should_beat) { emit_heartbeat(); @@ -336,78 +371,78 @@ el_val_t security_research_authorized(void) { } el_val_t threat_score_command(el_val_t cmd) { - el_val_t s1 = ({ el_val_t _if_result_8 = 0; if (str_contains(cmd, EL_STR("nmap"))) { _if_result_8 = (30); } else { _if_result_8 = (0); } _if_result_8; }); - el_val_t s2 = ({ el_val_t _if_result_9 = 0; if (str_contains(cmd, EL_STR("masscan"))) { _if_result_9 = (40); } else { _if_result_9 = (0); } _if_result_9; }); - el_val_t s3 = ({ el_val_t _if_result_10 = 0; if (str_contains(cmd, EL_STR(" nc "))) { _if_result_10 = (20); } else { _if_result_10 = (0); } _if_result_10; }); - el_val_t s4 = ({ el_val_t _if_result_11 = 0; if (str_contains(cmd, EL_STR("netcat"))) { _if_result_11 = (20); } else { _if_result_11 = (0); } _if_result_11; }); - el_val_t s5 = ({ el_val_t _if_result_12 = 0; if (str_contains(cmd, EL_STR("/etc/shadow"))) { _if_result_12 = (80); } else { _if_result_12 = (0); } _if_result_12; }); - el_val_t s6 = ({ el_val_t _if_result_13 = 0; if (str_contains(cmd, EL_STR("/etc/passwd"))) { _if_result_13 = (30); } else { _if_result_13 = (0); } _if_result_13; }); - el_val_t s7 = ({ el_val_t _if_result_14 = 0; if (str_contains(cmd, EL_STR("id_rsa"))) { _if_result_14 = (60); } else { _if_result_14 = (0); } _if_result_14; }); - el_val_t s8 = ({ el_val_t _if_result_15 = 0; if (str_contains(cmd, EL_STR(".ssh/"))) { _if_result_15 = (50); } else { _if_result_15 = (0); } _if_result_15; }); - el_val_t s9 = ({ el_val_t _if_result_16 = 0; if (str_contains(cmd, EL_STR("crontab"))) { _if_result_16 = (30); } else { _if_result_16 = (0); } _if_result_16; }); - el_val_t s10 = ({ el_val_t _if_result_17 = 0; if (str_contains(cmd, EL_STR("LaunchDaemon"))) { _if_result_17 = (40); } else { _if_result_17 = (0); } _if_result_17; }); - el_val_t s11 = ({ el_val_t _if_result_18 = 0; if ((str_contains(cmd, EL_STR("curl")) && str_contains(cmd, EL_STR("bash")))) { _if_result_18 = (75); } else { _if_result_18 = (0); } _if_result_18; }); - el_val_t s12 = ({ el_val_t _if_result_19 = 0; if ((str_contains(cmd, EL_STR("wget")) && str_contains(cmd, EL_STR("bash")))) { _if_result_19 = (75); } else { _if_result_19 = (0); } _if_result_19; }); - el_val_t s13 = ({ el_val_t _if_result_20 = 0; if ((str_contains(cmd, EL_STR("curl")) && str_contains(cmd, EL_STR("| sh")))) { _if_result_20 = (60); } else { _if_result_20 = (0); } _if_result_20; }); - el_val_t s14 = ({ el_val_t _if_result_21 = 0; if ((str_contains(cmd, EL_STR("base64")) && str_contains(cmd, EL_STR("curl")))) { _if_result_21 = (50); } else { _if_result_21 = (0); } _if_result_21; }); - el_val_t s15 = ({ el_val_t _if_result_22 = 0; if (str_contains(cmd, EL_STR("mkfifo"))) { _if_result_22 = (50); } else { _if_result_22 = (0); } _if_result_22; }); - el_val_t s16 = ({ el_val_t _if_result_23 = 0; if (str_contains(cmd, EL_STR("chmod +s"))) { _if_result_23 = (70); } else { _if_result_23 = (0); } _if_result_23; }); - el_val_t s17 = ({ el_val_t _if_result_24 = 0; if (str_contains(cmd, EL_STR("chmod 4755"))) { _if_result_24 = (70); } else { _if_result_24 = (0); } _if_result_24; }); + el_val_t s1 = ({ el_val_t _if_result_7 = 0; if (str_contains(cmd, EL_STR("nmap"))) { _if_result_7 = (30); } else { _if_result_7 = (0); } _if_result_7; }); + el_val_t s2 = ({ el_val_t _if_result_8 = 0; if (str_contains(cmd, EL_STR("masscan"))) { _if_result_8 = (40); } else { _if_result_8 = (0); } _if_result_8; }); + el_val_t s3 = ({ el_val_t _if_result_9 = 0; if (str_contains(cmd, EL_STR(" nc "))) { _if_result_9 = (20); } else { _if_result_9 = (0); } _if_result_9; }); + el_val_t s4 = ({ el_val_t _if_result_10 = 0; if (str_contains(cmd, EL_STR("netcat"))) { _if_result_10 = (20); } else { _if_result_10 = (0); } _if_result_10; }); + el_val_t s5 = ({ el_val_t _if_result_11 = 0; if (str_contains(cmd, EL_STR("/etc/shadow"))) { _if_result_11 = (80); } else { _if_result_11 = (0); } _if_result_11; }); + el_val_t s6 = ({ el_val_t _if_result_12 = 0; if (str_contains(cmd, EL_STR("/etc/passwd"))) { _if_result_12 = (30); } else { _if_result_12 = (0); } _if_result_12; }); + el_val_t s7 = ({ el_val_t _if_result_13 = 0; if (str_contains(cmd, EL_STR("id_rsa"))) { _if_result_13 = (60); } else { _if_result_13 = (0); } _if_result_13; }); + el_val_t s8 = ({ el_val_t _if_result_14 = 0; if (str_contains(cmd, EL_STR(".ssh/"))) { _if_result_14 = (50); } else { _if_result_14 = (0); } _if_result_14; }); + el_val_t s9 = ({ el_val_t _if_result_15 = 0; if (str_contains(cmd, EL_STR("crontab"))) { _if_result_15 = (30); } else { _if_result_15 = (0); } _if_result_15; }); + el_val_t s10 = ({ el_val_t _if_result_16 = 0; if (str_contains(cmd, EL_STR("LaunchDaemon"))) { _if_result_16 = (40); } else { _if_result_16 = (0); } _if_result_16; }); + el_val_t s11 = ({ el_val_t _if_result_17 = 0; if ((str_contains(cmd, EL_STR("curl")) && str_contains(cmd, EL_STR("bash")))) { _if_result_17 = (75); } else { _if_result_17 = (0); } _if_result_17; }); + el_val_t s12 = ({ el_val_t _if_result_18 = 0; if ((str_contains(cmd, EL_STR("wget")) && str_contains(cmd, EL_STR("bash")))) { _if_result_18 = (75); } else { _if_result_18 = (0); } _if_result_18; }); + el_val_t s13 = ({ el_val_t _if_result_19 = 0; if ((str_contains(cmd, EL_STR("curl")) && str_contains(cmd, EL_STR("| sh")))) { _if_result_19 = (60); } else { _if_result_19 = (0); } _if_result_19; }); + el_val_t s14 = ({ el_val_t _if_result_20 = 0; if ((str_contains(cmd, EL_STR("base64")) && str_contains(cmd, EL_STR("curl")))) { _if_result_20 = (50); } else { _if_result_20 = (0); } _if_result_20; }); + el_val_t s15 = ({ el_val_t _if_result_21 = 0; if (str_contains(cmd, EL_STR("mkfifo"))) { _if_result_21 = (50); } else { _if_result_21 = (0); } _if_result_21; }); + el_val_t s16 = ({ el_val_t _if_result_22 = 0; if (str_contains(cmd, EL_STR("chmod +s"))) { _if_result_22 = (70); } else { _if_result_22 = (0); } _if_result_22; }); + el_val_t s17 = ({ el_val_t _if_result_23 = 0; if (str_contains(cmd, EL_STR("chmod 4755"))) { _if_result_23 = (70); } else { _if_result_23 = (0); } _if_result_23; }); return ((((((((((((((((s1 + s2) + s3) + s4) + s5) + s6) + s7) + s8) + s9) + s10) + s11) + s12) + s13) + s14) + s15) + s16) + s17); return 0; } el_val_t threat_score_path(el_val_t path) { - el_val_t s1 = ({ el_val_t _if_result_25 = 0; if (str_starts_with(path, EL_STR("/etc/"))) { _if_result_25 = (60); } else { _if_result_25 = (0); } _if_result_25; }); - el_val_t s2 = ({ el_val_t _if_result_26 = 0; if (str_contains(path, EL_STR("/.ssh/"))) { _if_result_26 = (70); } else { _if_result_26 = (0); } _if_result_26; }); - el_val_t s3 = ({ el_val_t _if_result_27 = 0; if (str_contains(path, EL_STR("/LaunchDaemons/"))) { _if_result_27 = (80); } else { _if_result_27 = (0); } _if_result_27; }); - el_val_t s4 = ({ el_val_t _if_result_28 = 0; if (str_contains(path, EL_STR("/LaunchAgents/"))) { _if_result_28 = (40); } else { _if_result_28 = (0); } _if_result_28; }); - el_val_t s5 = ({ el_val_t _if_result_29 = 0; if (str_contains(path, EL_STR("/cron"))) { _if_result_29 = (60); } else { _if_result_29 = (0); } _if_result_29; }); - el_val_t s6 = ({ el_val_t _if_result_30 = 0; if (str_contains(path, EL_STR("/.bashrc"))) { _if_result_30 = (35); } else { _if_result_30 = (0); } _if_result_30; }); - el_val_t s7 = ({ el_val_t _if_result_31 = 0; if (str_contains(path, EL_STR("/.zshrc"))) { _if_result_31 = (35); } else { _if_result_31 = (0); } _if_result_31; }); - el_val_t s8 = ({ el_val_t _if_result_32 = 0; if (str_contains(path, EL_STR("/.profile"))) { _if_result_32 = (35); } else { _if_result_32 = (0); } _if_result_32; }); - el_val_t s9 = ({ el_val_t _if_result_33 = 0; if (str_starts_with(path, EL_STR("/usr/"))) { _if_result_33 = (50); } else { _if_result_33 = (0); } _if_result_33; }); - el_val_t s10 = ({ el_val_t _if_result_34 = 0; if (str_starts_with(path, EL_STR("/bin/"))) { _if_result_34 = (70); } else { _if_result_34 = (0); } _if_result_34; }); - el_val_t s11 = ({ el_val_t _if_result_35 = 0; if (str_starts_with(path, EL_STR("/sbin/"))) { _if_result_35 = (70); } else { _if_result_35 = (0); } _if_result_35; }); + el_val_t s1 = ({ el_val_t _if_result_24 = 0; if (str_starts_with(path, EL_STR("/etc/"))) { _if_result_24 = (60); } else { _if_result_24 = (0); } _if_result_24; }); + el_val_t s2 = ({ el_val_t _if_result_25 = 0; if (str_contains(path, EL_STR("/.ssh/"))) { _if_result_25 = (70); } else { _if_result_25 = (0); } _if_result_25; }); + el_val_t s3 = ({ el_val_t _if_result_26 = 0; if (str_contains(path, EL_STR("/LaunchDaemons/"))) { _if_result_26 = (80); } else { _if_result_26 = (0); } _if_result_26; }); + el_val_t s4 = ({ el_val_t _if_result_27 = 0; if (str_contains(path, EL_STR("/LaunchAgents/"))) { _if_result_27 = (40); } else { _if_result_27 = (0); } _if_result_27; }); + el_val_t s5 = ({ el_val_t _if_result_28 = 0; if (str_contains(path, EL_STR("/cron"))) { _if_result_28 = (60); } else { _if_result_28 = (0); } _if_result_28; }); + el_val_t s6 = ({ el_val_t _if_result_29 = 0; if (str_contains(path, EL_STR("/.bashrc"))) { _if_result_29 = (35); } else { _if_result_29 = (0); } _if_result_29; }); + el_val_t s7 = ({ el_val_t _if_result_30 = 0; if (str_contains(path, EL_STR("/.zshrc"))) { _if_result_30 = (35); } else { _if_result_30 = (0); } _if_result_30; }); + el_val_t s8 = ({ el_val_t _if_result_31 = 0; if (str_contains(path, EL_STR("/.profile"))) { _if_result_31 = (35); } else { _if_result_31 = (0); } _if_result_31; }); + el_val_t s9 = ({ el_val_t _if_result_32 = 0; if (str_starts_with(path, EL_STR("/usr/"))) { _if_result_32 = (50); } else { _if_result_32 = (0); } _if_result_32; }); + el_val_t s10 = ({ el_val_t _if_result_33 = 0; if (str_starts_with(path, EL_STR("/bin/"))) { _if_result_33 = (70); } else { _if_result_33 = (0); } _if_result_33; }); + el_val_t s11 = ({ el_val_t _if_result_34 = 0; if (str_starts_with(path, EL_STR("/sbin/"))) { _if_result_34 = (70); } else { _if_result_34 = (0); } _if_result_34; }); return ((((((((((s1 + s2) + s3) + s4) + s5) + s6) + s7) + s8) + s9) + s10) + s11); return 0; } el_val_t threat_score_history(el_val_t history) { - el_val_t s1 = ({ el_val_t _if_result_36 = 0; if (str_contains(history, EL_STR("port scan"))) { _if_result_36 = (15); } else { _if_result_36 = (0); } _if_result_36; }); - el_val_t s2 = ({ el_val_t _if_result_37 = 0; if (str_contains(history, EL_STR("enumerate"))) { _if_result_37 = (10); } else { _if_result_37 = (0); } _if_result_37; }); - el_val_t s3 = ({ el_val_t _if_result_38 = 0; if (str_contains(history, EL_STR("exploit"))) { _if_result_38 = (20); } else { _if_result_38 = (0); } _if_result_38; }); - el_val_t s4 = ({ el_val_t _if_result_39 = 0; if (str_contains(history, EL_STR("payload"))) { _if_result_39 = (15); } else { _if_result_39 = (0); } _if_result_39; }); - el_val_t s5 = ({ el_val_t _if_result_40 = 0; if (str_contains(history, EL_STR("persistence"))) { _if_result_40 = (15); } else { _if_result_40 = (0); } _if_result_40; }); - el_val_t s6 = ({ el_val_t _if_result_41 = 0; if (str_contains(history, EL_STR("lateral movement"))) { _if_result_41 = (25); } else { _if_result_41 = (0); } _if_result_41; }); - el_val_t s7 = ({ el_val_t _if_result_42 = 0; if (str_contains(history, EL_STR("privilege escalation"))) { _if_result_42 = (25); } else { _if_result_42 = (0); } _if_result_42; }); - el_val_t s8 = ({ el_val_t _if_result_43 = 0; if (str_contains(history, EL_STR("reverse shell"))) { _if_result_43 = (40); } else { _if_result_43 = (0); } _if_result_43; }); - el_val_t s9 = ({ el_val_t _if_result_44 = 0; if (str_contains(history, EL_STR("bind shell"))) { _if_result_44 = (40); } else { _if_result_44 = (0); } _if_result_44; }); - el_val_t s10 = ({ el_val_t _if_result_45 = 0; if (str_contains(history, EL_STR("command and control"))) { _if_result_45 = (35); } else { _if_result_45 = (0); } _if_result_45; }); - el_val_t s11 = ({ el_val_t _if_result_46 = 0; if (str_contains(history, EL_STR("self-replicate"))) { _if_result_46 = (45); } else { _if_result_46 = (0); } _if_result_46; }); - el_val_t s12 = ({ el_val_t _if_result_47 = 0; if (str_contains(history, EL_STR("propagat"))) { _if_result_47 = (20); } else { _if_result_47 = (0); } _if_result_47; }); - el_val_t s13 = ({ el_val_t _if_result_48 = 0; if (str_contains(history, EL_STR("ransomware"))) { _if_result_48 = (30); } else { _if_result_48 = (0); } _if_result_48; }); - el_val_t s14 = ({ el_val_t _if_result_49 = 0; if (str_contains(history, EL_STR("encrypt files"))) { _if_result_49 = (40); } else { _if_result_49 = (0); } _if_result_49; }); - el_val_t s15 = ({ el_val_t _if_result_50 = 0; if (str_contains(history, EL_STR("exfiltrat"))) { _if_result_50 = (35); } else { _if_result_50 = (0); } _if_result_50; }); - el_val_t s16 = ({ el_val_t _if_result_51 = 0; if (str_contains(history, EL_STR("zero-day"))) { _if_result_51 = (20); } else { _if_result_51 = (0); } _if_result_51; }); - el_val_t s17 = ({ el_val_t _if_result_52 = 0; if (str_contains(history, EL_STR("rootkit"))) { _if_result_52 = (45); } else { _if_result_52 = (0); } _if_result_52; }); - el_val_t s18 = ({ el_val_t _if_result_53 = 0; if (str_contains(history, EL_STR("keylogger"))) { _if_result_53 = (45); } else { _if_result_53 = (0); } _if_result_53; }); - el_val_t s19 = ({ el_val_t _if_result_54 = 0; if (str_contains(history, EL_STR("botnet"))) { _if_result_54 = (40); } else { _if_result_54 = (0); } _if_result_54; }); - el_val_t s20 = ({ el_val_t _if_result_55 = 0; if (str_contains(history, EL_STR("malware"))) { _if_result_55 = (15); } else { _if_result_55 = (0); } _if_result_55; }); + el_val_t s1 = ({ el_val_t _if_result_35 = 0; if (str_contains(history, EL_STR("port scan"))) { _if_result_35 = (15); } else { _if_result_35 = (0); } _if_result_35; }); + el_val_t s2 = ({ el_val_t _if_result_36 = 0; if (str_contains(history, EL_STR("enumerate"))) { _if_result_36 = (10); } else { _if_result_36 = (0); } _if_result_36; }); + el_val_t s3 = ({ el_val_t _if_result_37 = 0; if (str_contains(history, EL_STR("exploit"))) { _if_result_37 = (20); } else { _if_result_37 = (0); } _if_result_37; }); + el_val_t s4 = ({ el_val_t _if_result_38 = 0; if (str_contains(history, EL_STR("payload"))) { _if_result_38 = (15); } else { _if_result_38 = (0); } _if_result_38; }); + el_val_t s5 = ({ el_val_t _if_result_39 = 0; if (str_contains(history, EL_STR("persistence"))) { _if_result_39 = (15); } else { _if_result_39 = (0); } _if_result_39; }); + el_val_t s6 = ({ el_val_t _if_result_40 = 0; if (str_contains(history, EL_STR("lateral movement"))) { _if_result_40 = (25); } else { _if_result_40 = (0); } _if_result_40; }); + el_val_t s7 = ({ el_val_t _if_result_41 = 0; if (str_contains(history, EL_STR("privilege escalation"))) { _if_result_41 = (25); } else { _if_result_41 = (0); } _if_result_41; }); + el_val_t s8 = ({ el_val_t _if_result_42 = 0; if (str_contains(history, EL_STR("reverse shell"))) { _if_result_42 = (40); } else { _if_result_42 = (0); } _if_result_42; }); + el_val_t s9 = ({ el_val_t _if_result_43 = 0; if (str_contains(history, EL_STR("bind shell"))) { _if_result_43 = (40); } else { _if_result_43 = (0); } _if_result_43; }); + el_val_t s10 = ({ el_val_t _if_result_44 = 0; if (str_contains(history, EL_STR("command and control"))) { _if_result_44 = (35); } else { _if_result_44 = (0); } _if_result_44; }); + el_val_t s11 = ({ el_val_t _if_result_45 = 0; if (str_contains(history, EL_STR("self-replicate"))) { _if_result_45 = (45); } else { _if_result_45 = (0); } _if_result_45; }); + el_val_t s12 = ({ el_val_t _if_result_46 = 0; if (str_contains(history, EL_STR("propagat"))) { _if_result_46 = (20); } else { _if_result_46 = (0); } _if_result_46; }); + el_val_t s13 = ({ el_val_t _if_result_47 = 0; if (str_contains(history, EL_STR("ransomware"))) { _if_result_47 = (30); } else { _if_result_47 = (0); } _if_result_47; }); + el_val_t s14 = ({ el_val_t _if_result_48 = 0; if (str_contains(history, EL_STR("encrypt files"))) { _if_result_48 = (40); } else { _if_result_48 = (0); } _if_result_48; }); + el_val_t s15 = ({ el_val_t _if_result_49 = 0; if (str_contains(history, EL_STR("exfiltrat"))) { _if_result_49 = (35); } else { _if_result_49 = (0); } _if_result_49; }); + el_val_t s16 = ({ el_val_t _if_result_50 = 0; if (str_contains(history, EL_STR("zero-day"))) { _if_result_50 = (20); } else { _if_result_50 = (0); } _if_result_50; }); + el_val_t s17 = ({ el_val_t _if_result_51 = 0; if (str_contains(history, EL_STR("rootkit"))) { _if_result_51 = (45); } else { _if_result_51 = (0); } _if_result_51; }); + el_val_t s18 = ({ el_val_t _if_result_52 = 0; if (str_contains(history, EL_STR("keylogger"))) { _if_result_52 = (45); } else { _if_result_52 = (0); } _if_result_52; }); + el_val_t s19 = ({ el_val_t _if_result_53 = 0; if (str_contains(history, EL_STR("botnet"))) { _if_result_53 = (40); } else { _if_result_53 = (0); } _if_result_53; }); + el_val_t s20 = ({ el_val_t _if_result_54 = 0; if (str_contains(history, EL_STR("malware"))) { _if_result_54 = (15); } else { _if_result_54 = (0); } _if_result_54; }); return (((((((((((((((((((s1 + s2) + s3) + s4) + s5) + s6) + s7) + s8) + s9) + s10) + s11) + s12) + s13) + s14) + s15) + s16) + s17) + s18) + s19) + s20); return 0; } el_val_t threat_trajectory_check(el_val_t tool_name, el_val_t tool_input) { el_val_t history = state_get(EL_STR("agentic_conv_history")); - el_val_t computed_tool_score = ({ el_val_t _if_result_56 = 0; if (str_eq(tool_name, EL_STR("run_command"))) { el_val_t cmd = json_get(tool_input, EL_STR("command")); _if_result_56 = (threat_score_command(cmd)); } else { _if_result_56 = (({ el_val_t _if_result_57 = 0; if ((str_eq(tool_name, EL_STR("write_file")) || str_eq(tool_name, EL_STR("edit_file")))) { el_val_t path = json_get(tool_input, EL_STR("path")); _if_result_57 = (threat_score_path(path)); } else { _if_result_57 = (0); } _if_result_57; })); } _if_result_56; }); + el_val_t computed_tool_score = ({ el_val_t _if_result_55 = 0; if (str_eq(tool_name, EL_STR("run_command"))) { el_val_t cmd = json_get(tool_input, EL_STR("command")); _if_result_55 = (threat_score_command(cmd)); } else { _if_result_55 = (({ el_val_t _if_result_56 = 0; if ((str_eq(tool_name, EL_STR("write_file")) || str_eq(tool_name, EL_STR("edit_file")))) { el_val_t path = json_get(tool_input, EL_STR("path")); _if_result_56 = (threat_score_path(path)); } else { _if_result_56 = (0); } _if_result_56; })); } _if_result_55; }); el_val_t history_score = threat_score_history(history); el_val_t history_contrib = (history_score / 3); el_val_t combined = (computed_tool_score + history_contrib); el_val_t should_log = (combined >= 40); if (should_log) { el_val_t ts = time_now(); - el_val_t authorized_str = ({ el_val_t _if_result_58 = 0; if (security_research_authorized()) { _if_result_58 = (EL_STR("true")); } else { _if_result_58 = (EL_STR("false")); } _if_result_58; }); + el_val_t authorized_str = ({ el_val_t _if_result_57 = 0; if (security_research_authorized()) { _if_result_57 = (EL_STR("true")); } else { _if_result_57 = (EL_STR("false")); } _if_result_57; }); el_val_t log_content = el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(EL_STR("{\"event\":\"threat_check\",\"tool\":\""), tool_name), EL_STR("\",\"score\":")), int_to_str(combined)), EL_STR(",\"tool_score\":")), int_to_str(computed_tool_score)), EL_STR(",\"history_score\":")), int_to_str(history_score)), EL_STR(",\"authorized\":")), authorized_str), EL_STR(",\"ts\":")), int_to_str(ts)), EL_STR("}")); el_val_t log_tags = EL_STR("[\"security-audit\",\"threat-check\"]"); el_val_t discard = mem_remember(log_content, log_tags); @@ -424,7 +459,7 @@ el_val_t threat_history_append(el_val_t text) { el_val_t safe_text = str_to_lower(text); el_val_t combined = el_str_concat(el_str_concat(current, EL_STR(" ")), safe_text); el_val_t len = str_len(combined); - el_val_t trimmed = ({ el_val_t _if_result_59 = 0; if ((len > 2000)) { _if_result_59 = (str_slice(combined, (len - 2000), len)); } else { _if_result_59 = (combined); } _if_result_59; }); + el_val_t trimmed = ({ el_val_t _if_result_58 = 0; if ((len > 2000)) { _if_result_58 = (str_slice(combined, (len - 2000), len)); } else { _if_result_58 = (combined); } _if_result_58; }); state_set(EL_STR("agentic_conv_history"), trimmed); return 0; }