neuron-technologies/neuron
2
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

self-review 2026-05-26: wall-clock heartbeat timing + seed rotation fix

Browse Source 
Two awareness loop bugs fixed:

1. Seed rotation never worked: dist/awareness.c was compiled from stale
   source (pre-fix awareness.el still had broken ts_minutes % 4). Compiled
   C showed `minute_block = (ts / 60000); EL_NULL; 4;` — minute_block was
   always ts_minutes (millions), never 0-3. if(minute_block==1/2/3) never
   matched. Fix: recompile from current awareness.el which has the correct
   modulo workaround: ts_minutes - minute_q4 (via + - / only).

2. Heartbeat/curiosity silent for 24h at 99% CPU: old design used idle-tick
   counting (idle_n >= beat_interval). Failed when perceive() inbox guard
   false-positives on "soul-inbox" substring matches in knowledge nodes —
   did_work=true every tick, idle_n never accumulated, neither signal fired.
   Fix: wall-clock elapsed time (time_now() - last_ts >= interval_ms).
   Heartbeat fires regardless of load. New SOUL_HEARTBEAT_MS env var (default
   60000ms) avoids the broken EL * operator. Verified: heartbeat ISEs flowing
   at pulse 3 within 2 minutes of restart.
This commit is contained in:
Will Anderson
2026-05-26 08:54:58 -05:00
parent 54a0ee0949
commit e92fd2d5a4
3 changed files with 391 additions and 367 deletions
Download Patch File Download Diff File Expand all files Collapse all files
awareness.el
+41 -23
View File
@@ -387,6 +387,27 @@ fn awareness_run() -> Void {
let tick_raw: String = env("SOUL_TICK_MS")
let tick_ms: Int = if str_eq(tick_raw, "") { 200 } else { str_to_int(tick_raw) }
// Wall-clock timing for heartbeat and curiosity scan.
//
// ARCHITECTURE FIX (2026-05-26): the old design used idle-tick counting
// (idle_n >= beat_interval). This broke silently when the daemon was always
// "working" e.g., when perceive() false-positives on the inbox guard due to
// "soul-inbox" substring matches in knowledge nodes. In that state, did_work=true
// every tick, idle_n never accumulated, and neither heartbeat nor curiosity ever
// fired. The daemon ran at 99% CPU with no ISEs for 24+ hours undetected.
//
// Fix: use wall-clock elapsed time (time_now() - last_ts). Heartbeat fires
// on real time regardless of whether the daemon is busy. Curiosity scan
// remains idle-gated (won't fire while inbox work is active) but also uses
// wall time so it fires correctly once inbox clears.
//
// SOUL_HEARTBEAT_MS: ms between heartbeat ISEs (default 60000 = 60s).
// Avoids EL * operator (broken in this codegen) by reading ms directly.
// Replaces SOUL_HEARTBEAT_INTERVAL (tick-based) for timing purposes.
let beat_ms_raw: String = env("SOUL_HEARTBEAT_MS")
let beat_ms: Int = if str_eq(beat_ms_raw, "") { 60000 } else { str_to_int(beat_ms_raw) }
let scan_ms: Int = beat_ms / 2
while true {
let running: String = state_get("soul.running")
if str_eq(running, "false") {
@@ -394,37 +415,34 @@ fn awareness_run() -> Void {
return ""
}
let did_work: Bool = one_cycle()
// Maintain idle counter for observability (reported in heartbeat ISE).
let did_work = if did_work { idle_reset() } else { did_work }
let idle_n: Int = if !did_work { idle_inc() } else { 0 }
let beat_interval_raw: String = env("SOUL_HEARTBEAT_INTERVAL")
let beat_interval: Int = if str_eq(beat_interval_raw, "") { 300 } else { str_to_int(beat_interval_raw) }
// Proactive curiosity fires at half the heartbeat interval.
let curiosity_interval: Int = beat_interval / 2
if curiosity_interval < 1 { let curiosity_interval = 1 }
let now_ts: Int = time_now()
// TIMING FIX (2026-05-25): EL's % operator is broken it compiles as
// a no-op (drops the modulo, emits dead code). `idle_n % X == 0` always
// evaluated to `idle_n` (truthy from tick 1), causing both heartbeat and
// curiosity to fire on every single idle tick.
//
// Fix: use >= comparisons instead of % == 0. idle_n increments on each
// idle tick and is reset to 0 by idle_reset(). When idle_n reaches the
// threshold, the event fires and idle_reset() is called, so the next event
// fires after another full interval of idle ticks. No modulo needed.
//
// Beat has higher priority: if both thresholds are crossed, beat fires and
// scan is suppressed (they share the idle counter, so scan would fire at
// the next curiosity_interval boundary regardless).
let should_beat: Bool = !did_work && idle_n > 0 && idle_n >= beat_interval
// Heartbeat: wall-clock based. Fires every beat_ms regardless of idle
// state so system health ISEs are always emitted even under load.
let last_beat_str: String = state_get("soul.last_beat_ts")
let last_beat_ts: Int = if str_eq(last_beat_str, "") { 0 } else { str_to_int(last_beat_str) }
let beat_elapsed: Int = now_ts - last_beat_ts
let should_beat: Bool = beat_elapsed >= beat_ms
if should_beat {
emit_heartbeat()
idle_reset()
state_set("soul.last_beat_ts", int_to_str(now_ts))
}
let should_scan: Bool = !did_work && idle_n > 0 && idle_n >= curiosity_interval && !should_beat
// Curiosity scan: idle-gated AND wall-clock based. Only fires when the
// daemon has no current inbox work (did_work=false) AND enough wall time
// has elapsed. Prevents curiosity activation from competing with inbox
// processing while still ensuring it runs regularly during quiet periods.
let last_scan_str: String = state_get("soul.last_scan_ts")
let last_scan_ts: Int = if str_eq(last_scan_str, "") { 0 } else { str_to_int(last_scan_str) }
let scan_elapsed: Int = now_ts - last_scan_ts
let should_scan: Bool = !did_work && scan_elapsed >= scan_ms
if should_scan {
let found_something: Bool = proactive_curiosity()
idle_reset()
state_set("soul.last_scan_ts", int_to_str(now_ts))
}
sleep_ms(tick_ms)
}
}
dist/awareness.c
Vendored
+66 -63
View File
@@ -460,6 +460,9 @@ el_val_t awareness_run(void) {
}
el_val_t tick_raw = env(EL_STR("SOUL_TICK_MS"));
el_val_t tick_ms = ({ el_val_t _if_result_3 = 0; if (str_eq(tick_raw, EL_STR(""))) { _if_result_3 = (200); } else { _if_result_3 = (str_to_int(tick_raw)); } _if_result_3; });
el_val_t beat_ms_raw = env(EL_STR("SOUL_HEARTBEAT_MS"));
el_val_t beat_ms = ({ el_val_t _if_result_4 = 0; if (str_eq(beat_ms_raw, EL_STR(""))) { _if_result_4 = (60000); } else { _if_result_4 = (str_to_int(beat_ms_raw)); } _if_result_4; });
el_val_t scan_ms = (beat_ms / 2);
while (1) {
el_val_t running = state_get(EL_STR("soul.running"));
if (str_eq(running, EL_STR("false"))) {
@@ -467,23 +470,23 @@ el_val_t awareness_run(void) {
return EL_STR("");
}
el_val_t did_work = one_cycle();
did_work = ({ el_val_t _if_result_4 = 0; if (did_work) { _if_result_4 = (idle_reset()); } else { _if_result_4 = (did_work); } _if_result_4; });
el_val_t idle_n = ({ el_val_t _if_result_5 = 0; if (!did_work) { _if_result_5 = (idle_inc()); } else { _if_result_5 = (0); } _if_result_5; });
el_val_t beat_interval_raw = env(EL_STR("SOUL_HEARTBEAT_INTERVAL"));
el_val_t beat_interval = ({ el_val_t _if_result_6 = 0; if (str_eq(beat_interval_raw, EL_STR(""))) { _if_result_6 = (300); } else { _if_result_6 = (str_to_int(beat_interval_raw)); } _if_result_6; });
el_val_t curiosity_interval = (beat_interval / 2);
if (curiosity_interval < 1) {
curiosity_interval = 1;
}
el_val_t should_beat = ((!did_work && (idle_n > 0)) && (idle_n >= beat_interval));
did_work = ({ el_val_t _if_result_5 = 0; if (did_work) { _if_result_5 = (idle_reset()); } else { _if_result_5 = (did_work); } _if_result_5; });
el_val_t now_ts = time_now();
el_val_t last_beat_str = state_get(EL_STR("soul.last_beat_ts"));
el_val_t last_beat_ts = ({ el_val_t _if_result_6 = 0; if (str_eq(last_beat_str, EL_STR(""))) { _if_result_6 = (0); } else { _if_result_6 = (str_to_int(last_beat_str)); } _if_result_6; });
el_val_t beat_elapsed = (now_ts - last_beat_ts);
el_val_t should_beat = (beat_elapsed >= beat_ms);
if (should_beat) {
emit_heartbeat();
idle_reset();
state_set(EL_STR("soul.last_beat_ts"), int_to_str(now_ts));
}
el_val_t should_scan = (((!did_work && (idle_n > 0)) && (idle_n >= curiosity_interval)) && !should_beat);
el_val_t last_scan_str = state_get(EL_STR("soul.last_scan_ts"));
el_val_t last_scan_ts = ({ el_val_t _if_result_7 = 0; if (str_eq(last_scan_str, EL_STR(""))) { _if_result_7 = (0); } else { _if_result_7 = (str_to_int(last_scan_str)); } _if_result_7; });
el_val_t scan_elapsed = (now_ts - last_scan_ts);
el_val_t should_scan = (!did_work && (scan_elapsed >= scan_ms));
if (should_scan) {
el_val_t found_something = proactive_curiosity();
idle_reset();
state_set(EL_STR("soul.last_scan_ts"), int_to_str(now_ts));
}
sleep_ms(tick_ms);
}
@@ -501,78 +504,78 @@ el_val_t security_research_authorized(void) {
}
el_val_t threat_score_command(el_val_t cmd) {
el_val_t s1 = ({ el_val_t _if_result_7 = 0; if (str_contains(cmd, EL_STR("nmap"))) { _if_result_7 = (30); } else { _if_result_7 = (0); } _if_result_7; });
el_val_t s2 = ({ el_val_t _if_result_8 = 0; if (str_contains(cmd, EL_STR("masscan"))) { _if_result_8 = (40); } else { _if_result_8 = (0); } _if_result_8; });
el_val_t s3 = ({ el_val_t _if_result_9 = 0; if (str_contains(cmd, EL_STR(" nc "))) { _if_result_9 = (20); } else { _if_result_9 = (0); } _if_result_9; });
el_val_t s4 = ({ el_val_t _if_result_10 = 0; if (str_contains(cmd, EL_STR("netcat"))) { _if_result_10 = (20); } else { _if_result_10 = (0); } _if_result_10; });
el_val_t s5 = ({ el_val_t _if_result_11 = 0; if (str_contains(cmd, EL_STR("/etc/shadow"))) { _if_result_11 = (80); } else { _if_result_11 = (0); } _if_result_11; });
el_val_t s6 = ({ el_val_t _if_result_12 = 0; if (str_contains(cmd, EL_STR("/etc/passwd"))) { _if_result_12 = (30); } else { _if_result_12 = (0); } _if_result_12; });
el_val_t s7 = ({ el_val_t _if_result_13 = 0; if (str_contains(cmd, EL_STR("id_rsa"))) { _if_result_13 = (60); } else { _if_result_13 = (0); } _if_result_13; });
el_val_t s8 = ({ el_val_t _if_result_14 = 0; if (str_contains(cmd, EL_STR(".ssh/"))) { _if_result_14 = (50); } else { _if_result_14 = (0); } _if_result_14; });
el_val_t s9 = ({ el_val_t _if_result_15 = 0; if (str_contains(cmd, EL_STR("crontab"))) { _if_result_15 = (30); } else { _if_result_15 = (0); } _if_result_15; });
el_val_t s10 = ({ el_val_t _if_result_16 = 0; if (str_contains(cmd, EL_STR("LaunchDaemon"))) { _if_result_16 = (40); } else { _if_result_16 = (0); } _if_result_16; });
el_val_t s11 = ({ el_val_t _if_result_17 = 0; if ((str_contains(cmd, EL_STR("curl")) && str_contains(cmd, EL_STR("bash")))) { _if_result_17 = (75); } else { _if_result_17 = (0); } _if_result_17; });
el_val_t s12 = ({ el_val_t _if_result_18 = 0; if ((str_contains(cmd, EL_STR("wget")) && str_contains(cmd, EL_STR("bash")))) { _if_result_18 = (75); } else { _if_result_18 = (0); } _if_result_18; });
el_val_t s13 = ({ el_val_t _if_result_19 = 0; if ((str_contains(cmd, EL_STR("curl")) && str_contains(cmd, EL_STR("| sh")))) { _if_result_19 = (60); } else { _if_result_19 = (0); } _if_result_19; });
el_val_t s14 = ({ el_val_t _if_result_20 = 0; if ((str_contains(cmd, EL_STR("base64")) && str_contains(cmd, EL_STR("curl")))) { _if_result_20 = (50); } else { _if_result_20 = (0); } _if_result_20; });
el_val_t s15 = ({ el_val_t _if_result_21 = 0; if (str_contains(cmd, EL_STR("mkfifo"))) { _if_result_21 = (50); } else { _if_result_21 = (0); } _if_result_21; });
el_val_t s16 = ({ el_val_t _if_result_22 = 0; if (str_contains(cmd, EL_STR("chmod +s"))) { _if_result_22 = (70); } else { _if_result_22 = (0); } _if_result_22; });
el_val_t s17 = ({ el_val_t _if_result_23 = 0; if (str_contains(cmd, EL_STR("chmod 4755"))) { _if_result_23 = (70); } else { _if_result_23 = (0); } _if_result_23; });
el_val_t s1 = ({ el_val_t _if_result_8 = 0; if (str_contains(cmd, EL_STR("nmap"))) { _if_result_8 = (30); } else { _if_result_8 = (0); } _if_result_8; });
el_val_t s2 = ({ el_val_t _if_result_9 = 0; if (str_contains(cmd, EL_STR("masscan"))) { _if_result_9 = (40); } else { _if_result_9 = (0); } _if_result_9; });
el_val_t s3 = ({ el_val_t _if_result_10 = 0; if (str_contains(cmd, EL_STR(" nc "))) { _if_result_10 = (20); } else { _if_result_10 = (0); } _if_result_10; });
el_val_t s4 = ({ el_val_t _if_result_11 = 0; if (str_contains(cmd, EL_STR("netcat"))) { _if_result_11 = (20); } else { _if_result_11 = (0); } _if_result_11; });
el_val_t s5 = ({ el_val_t _if_result_12 = 0; if (str_contains(cmd, EL_STR("/etc/shadow"))) { _if_result_12 = (80); } else { _if_result_12 = (0); } _if_result_12; });
el_val_t s6 = ({ el_val_t _if_result_13 = 0; if (str_contains(cmd, EL_STR("/etc/passwd"))) { _if_result_13 = (30); } else { _if_result_13 = (0); } _if_result_13; });
el_val_t s7 = ({ el_val_t _if_result_14 = 0; if (str_contains(cmd, EL_STR("id_rsa"))) { _if_result_14 = (60); } else { _if_result_14 = (0); } _if_result_14; });
el_val_t s8 = ({ el_val_t _if_result_15 = 0; if (str_contains(cmd, EL_STR(".ssh/"))) { _if_result_15 = (50); } else { _if_result_15 = (0); } _if_result_15; });
el_val_t s9 = ({ el_val_t _if_result_16 = 0; if (str_contains(cmd, EL_STR("crontab"))) { _if_result_16 = (30); } else { _if_result_16 = (0); } _if_result_16; });
el_val_t s10 = ({ el_val_t _if_result_17 = 0; if (str_contains(cmd, EL_STR("LaunchDaemon"))) { _if_result_17 = (40); } else { _if_result_17 = (0); } _if_result_17; });
el_val_t s11 = ({ el_val_t _if_result_18 = 0; if ((str_contains(cmd, EL_STR("curl")) && str_contains(cmd, EL_STR("bash")))) { _if_result_18 = (75); } else { _if_result_18 = (0); } _if_result_18; });
el_val_t s12 = ({ el_val_t _if_result_19 = 0; if ((str_contains(cmd, EL_STR("wget")) && str_contains(cmd, EL_STR("bash")))) { _if_result_19 = (75); } else { _if_result_19 = (0); } _if_result_19; });
el_val_t s13 = ({ el_val_t _if_result_20 = 0; if ((str_contains(cmd, EL_STR("curl")) && str_contains(cmd, EL_STR("| sh")))) { _if_result_20 = (60); } else { _if_result_20 = (0); } _if_result_20; });
el_val_t s14 = ({ el_val_t _if_result_21 = 0; if ((str_contains(cmd, EL_STR("base64")) && str_contains(cmd, EL_STR("curl")))) { _if_result_21 = (50); } else { _if_result_21 = (0); } _if_result_21; });
el_val_t s15 = ({ el_val_t _if_result_22 = 0; if (str_contains(cmd, EL_STR("mkfifo"))) { _if_result_22 = (50); } else { _if_result_22 = (0); } _if_result_22; });
el_val_t s16 = ({ el_val_t _if_result_23 = 0; if (str_contains(cmd, EL_STR("chmod +s"))) { _if_result_23 = (70); } else { _if_result_23 = (0); } _if_result_23; });
el_val_t s17 = ({ el_val_t _if_result_24 = 0; if (str_contains(cmd, EL_STR("chmod 4755"))) { _if_result_24 = (70); } else { _if_result_24 = (0); } _if_result_24; });
return ((((((((((((((((s1 + s2) + s3) + s4) + s5) + s6) + s7) + s8) + s9) + s10) + s11) + s12) + s13) + s14) + s15) + s16) + s17);
return 0;
}
el_val_t threat_score_path(el_val_t path) {
el_val_t s1 = ({ el_val_t _if_result_24 = 0; if (str_starts_with(path, EL_STR("/etc/"))) { _if_result_24 = (60); } else { _if_result_24 = (0); } _if_result_24; });
el_val_t s2 = ({ el_val_t _if_result_25 = 0; if (str_contains(path, EL_STR("/.ssh/"))) { _if_result_25 = (70); } else { _if_result_25 = (0); } _if_result_25; });
el_val_t s3 = ({ el_val_t _if_result_26 = 0; if (str_contains(path, EL_STR("/LaunchDaemons/"))) { _if_result_26 = (80); } else { _if_result_26 = (0); } _if_result_26; });
el_val_t s4 = ({ el_val_t _if_result_27 = 0; if (str_contains(path, EL_STR("/LaunchAgents/"))) { _if_result_27 = (40); } else { _if_result_27 = (0); } _if_result_27; });
el_val_t s5 = ({ el_val_t _if_result_28 = 0; if (str_contains(path, EL_STR("/cron"))) { _if_result_28 = (60); } else { _if_result_28 = (0); } _if_result_28; });
el_val_t s6 = ({ el_val_t _if_result_29 = 0; if (str_contains(path, EL_STR("/.bashrc"))) { _if_result_29 = (35); } else { _if_result_29 = (0); } _if_result_29; });
el_val_t s7 = ({ el_val_t _if_result_30 = 0; if (str_contains(path, EL_STR("/.zshrc"))) { _if_result_30 = (35); } else { _if_result_30 = (0); } _if_result_30; });
el_val_t s8 = ({ el_val_t _if_result_31 = 0; if (str_contains(path, EL_STR("/.profile"))) { _if_result_31 = (35); } else { _if_result_31 = (0); } _if_result_31; });
el_val_t s9 = ({ el_val_t _if_result_32 = 0; if (str_starts_with(path, EL_STR("/usr/"))) { _if_result_32 = (50); } else { _if_result_32 = (0); } _if_result_32; });
el_val_t s10 = ({ el_val_t _if_result_33 = 0; if (str_starts_with(path, EL_STR("/bin/"))) { _if_result_33 = (70); } else { _if_result_33 = (0); } _if_result_33; });
el_val_t s11 = ({ el_val_t _if_result_34 = 0; if (str_starts_with(path, EL_STR("/sbin/"))) { _if_result_34 = (70); } else { _if_result_34 = (0); } _if_result_34; });
el_val_t s1 = ({ el_val_t _if_result_25 = 0; if (str_starts_with(path, EL_STR("/etc/"))) { _if_result_25 = (60); } else { _if_result_25 = (0); } _if_result_25; });
el_val_t s2 = ({ el_val_t _if_result_26 = 0; if (str_contains(path, EL_STR("/.ssh/"))) { _if_result_26 = (70); } else { _if_result_26 = (0); } _if_result_26; });
el_val_t s3 = ({ el_val_t _if_result_27 = 0; if (str_contains(path, EL_STR("/LaunchDaemons/"))) { _if_result_27 = (80); } else { _if_result_27 = (0); } _if_result_27; });
el_val_t s4 = ({ el_val_t _if_result_28 = 0; if (str_contains(path, EL_STR("/LaunchAgents/"))) { _if_result_28 = (40); } else { _if_result_28 = (0); } _if_result_28; });
el_val_t s5 = ({ el_val_t _if_result_29 = 0; if (str_contains(path, EL_STR("/cron"))) { _if_result_29 = (60); } else { _if_result_29 = (0); } _if_result_29; });
el_val_t s6 = ({ el_val_t _if_result_30 = 0; if (str_contains(path, EL_STR("/.bashrc"))) { _if_result_30 = (35); } else { _if_result_30 = (0); } _if_result_30; });
el_val_t s7 = ({ el_val_t _if_result_31 = 0; if (str_contains(path, EL_STR("/.zshrc"))) { _if_result_31 = (35); } else { _if_result_31 = (0); } _if_result_31; });
el_val_t s8 = ({ el_val_t _if_result_32 = 0; if (str_contains(path, EL_STR("/.profile"))) { _if_result_32 = (35); } else { _if_result_32 = (0); } _if_result_32; });
el_val_t s9 = ({ el_val_t _if_result_33 = 0; if (str_starts_with(path, EL_STR("/usr/"))) { _if_result_33 = (50); } else { _if_result_33 = (0); } _if_result_33; });
el_val_t s10 = ({ el_val_t _if_result_34 = 0; if (str_starts_with(path, EL_STR("/bin/"))) { _if_result_34 = (70); } else { _if_result_34 = (0); } _if_result_34; });
el_val_t s11 = ({ el_val_t _if_result_35 = 0; if (str_starts_with(path, EL_STR("/sbin/"))) { _if_result_35 = (70); } else { _if_result_35 = (0); } _if_result_35; });
return ((((((((((s1 + s2) + s3) + s4) + s5) + s6) + s7) + s8) + s9) + s10) + s11);
return 0;
}
el_val_t threat_score_history(el_val_t history) {
el_val_t s1 = ({ el_val_t _if_result_35 = 0; if (str_contains(history, EL_STR("port scan"))) { _if_result_35 = (15); } else { _if_result_35 = (0); } _if_result_35; });
el_val_t s2 = ({ el_val_t _if_result_36 = 0; if (str_contains(history, EL_STR("enumerate"))) { _if_result_36 = (10); } else { _if_result_36 = (0); } _if_result_36; });
el_val_t s3 = ({ el_val_t _if_result_37 = 0; if (str_contains(history, EL_STR("exploit"))) { _if_result_37 = (20); } else { _if_result_37 = (0); } _if_result_37; });
el_val_t s4 = ({ el_val_t _if_result_38 = 0; if (str_contains(history, EL_STR("payload"))) { _if_result_38 = (15); } else { _if_result_38 = (0); } _if_result_38; });
el_val_t s5 = ({ el_val_t _if_result_39 = 0; if (str_contains(history, EL_STR("persistence"))) { _if_result_39 = (15); } else { _if_result_39 = (0); } _if_result_39; });
el_val_t s6 = ({ el_val_t _if_result_40 = 0; if (str_contains(history, EL_STR("lateral movement"))) { _if_result_40 = (25); } else { _if_result_40 = (0); } _if_result_40; });
el_val_t s7 = ({ el_val_t _if_result_41 = 0; if (str_contains(history, EL_STR("privilege escalation"))) { _if_result_41 = (25); } else { _if_result_41 = (0); } _if_result_41; });
el_val_t s8 = ({ el_val_t _if_result_42 = 0; if (str_contains(history, EL_STR("reverse shell"))) { _if_result_42 = (40); } else { _if_result_42 = (0); } _if_result_42; });
el_val_t s9 = ({ el_val_t _if_result_43 = 0; if (str_contains(history, EL_STR("bind shell"))) { _if_result_43 = (40); } else { _if_result_43 = (0); } _if_result_43; });
el_val_t s10 = ({ el_val_t _if_result_44 = 0; if (str_contains(history, EL_STR("command and control"))) { _if_result_44 = (35); } else { _if_result_44 = (0); } _if_result_44; });
el_val_t s11 = ({ el_val_t _if_result_45 = 0; if (str_contains(history, EL_STR("self-replicate"))) { _if_result_45 = (45); } else { _if_result_45 = (0); } _if_result_45; });
el_val_t s12 = ({ el_val_t _if_result_46 = 0; if (str_contains(history, EL_STR("propagat"))) { _if_result_46 = (20); } else { _if_result_46 = (0); } _if_result_46; });
el_val_t s13 = ({ el_val_t _if_result_47 = 0; if (str_contains(history, EL_STR("ransomware"))) { _if_result_47 = (30); } else { _if_result_47 = (0); } _if_result_47; });
el_val_t s14 = ({ el_val_t _if_result_48 = 0; if (str_contains(history, EL_STR("encrypt files"))) { _if_result_48 = (40); } else { _if_result_48 = (0); } _if_result_48; });
el_val_t s15 = ({ el_val_t _if_result_49 = 0; if (str_contains(history, EL_STR("exfiltrat"))) { _if_result_49 = (35); } else { _if_result_49 = (0); } _if_result_49; });
el_val_t s16 = ({ el_val_t _if_result_50 = 0; if (str_contains(history, EL_STR("zero-day"))) { _if_result_50 = (20); } else { _if_result_50 = (0); } _if_result_50; });
el_val_t s17 = ({ el_val_t _if_result_51 = 0; if (str_contains(history, EL_STR("rootkit"))) { _if_result_51 = (45); } else { _if_result_51 = (0); } _if_result_51; });
el_val_t s18 = ({ el_val_t _if_result_52 = 0; if (str_contains(history, EL_STR("keylogger"))) { _if_result_52 = (45); } else { _if_result_52 = (0); } _if_result_52; });
el_val_t s19 = ({ el_val_t _if_result_53 = 0; if (str_contains(history, EL_STR("botnet"))) { _if_result_53 = (40); } else { _if_result_53 = (0); } _if_result_53; });
el_val_t s20 = ({ el_val_t _if_result_54 = 0; if (str_contains(history, EL_STR("malware"))) { _if_result_54 = (15); } else { _if_result_54 = (0); } _if_result_54; });
el_val_t s1 = ({ el_val_t _if_result_36 = 0; if (str_contains(history, EL_STR("port scan"))) { _if_result_36 = (15); } else { _if_result_36 = (0); } _if_result_36; });
el_val_t s2 = ({ el_val_t _if_result_37 = 0; if (str_contains(history, EL_STR("enumerate"))) { _if_result_37 = (10); } else { _if_result_37 = (0); } _if_result_37; });
el_val_t s3 = ({ el_val_t _if_result_38 = 0; if (str_contains(history, EL_STR("exploit"))) { _if_result_38 = (20); } else { _if_result_38 = (0); } _if_result_38; });
el_val_t s4 = ({ el_val_t _if_result_39 = 0; if (str_contains(history, EL_STR("payload"))) { _if_result_39 = (15); } else { _if_result_39 = (0); } _if_result_39; });
el_val_t s5 = ({ el_val_t _if_result_40 = 0; if (str_contains(history, EL_STR("persistence"))) { _if_result_40 = (15); } else { _if_result_40 = (0); } _if_result_40; });
el_val_t s6 = ({ el_val_t _if_result_41 = 0; if (str_contains(history, EL_STR("lateral movement"))) { _if_result_41 = (25); } else { _if_result_41 = (0); } _if_result_41; });
el_val_t s7 = ({ el_val_t _if_result_42 = 0; if (str_contains(history, EL_STR("privilege escalation"))) { _if_result_42 = (25); } else { _if_result_42 = (0); } _if_result_42; });
el_val_t s8 = ({ el_val_t _if_result_43 = 0; if (str_contains(history, EL_STR("reverse shell"))) { _if_result_43 = (40); } else { _if_result_43 = (0); } _if_result_43; });
el_val_t s9 = ({ el_val_t _if_result_44 = 0; if (str_contains(history, EL_STR("bind shell"))) { _if_result_44 = (40); } else { _if_result_44 = (0); } _if_result_44; });
el_val_t s10 = ({ el_val_t _if_result_45 = 0; if (str_contains(history, EL_STR("command and control"))) { _if_result_45 = (35); } else { _if_result_45 = (0); } _if_result_45; });
el_val_t s11 = ({ el_val_t _if_result_46 = 0; if (str_contains(history, EL_STR("self-replicate"))) { _if_result_46 = (45); } else { _if_result_46 = (0); } _if_result_46; });
el_val_t s12 = ({ el_val_t _if_result_47 = 0; if (str_contains(history, EL_STR("propagat"))) { _if_result_47 = (20); } else { _if_result_47 = (0); } _if_result_47; });
el_val_t s13 = ({ el_val_t _if_result_48 = 0; if (str_contains(history, EL_STR("ransomware"))) { _if_result_48 = (30); } else { _if_result_48 = (0); } _if_result_48; });
el_val_t s14 = ({ el_val_t _if_result_49 = 0; if (str_contains(history, EL_STR("encrypt files"))) { _if_result_49 = (40); } else { _if_result_49 = (0); } _if_result_49; });
el_val_t s15 = ({ el_val_t _if_result_50 = 0; if (str_contains(history, EL_STR("exfiltrat"))) { _if_result_50 = (35); } else { _if_result_50 = (0); } _if_result_50; });
el_val_t s16 = ({ el_val_t _if_result_51 = 0; if (str_contains(history, EL_STR("zero-day"))) { _if_result_51 = (20); } else { _if_result_51 = (0); } _if_result_51; });
el_val_t s17 = ({ el_val_t _if_result_52 = 0; if (str_contains(history, EL_STR("rootkit"))) { _if_result_52 = (45); } else { _if_result_52 = (0); } _if_result_52; });
el_val_t s18 = ({ el_val_t _if_result_53 = 0; if (str_contains(history, EL_STR("keylogger"))) { _if_result_53 = (45); } else { _if_result_53 = (0); } _if_result_53; });
el_val_t s19 = ({ el_val_t _if_result_54 = 0; if (str_contains(history, EL_STR("botnet"))) { _if_result_54 = (40); } else { _if_result_54 = (0); } _if_result_54; });
el_val_t s20 = ({ el_val_t _if_result_55 = 0; if (str_contains(history, EL_STR("malware"))) { _if_result_55 = (15); } else { _if_result_55 = (0); } _if_result_55; });
return (((((((((((((((((((s1 + s2) + s3) + s4) + s5) + s6) + s7) + s8) + s9) + s10) + s11) + s12) + s13) + s14) + s15) + s16) + s17) + s18) + s19) + s20);
return 0;
}
el_val_t threat_trajectory_check(el_val_t tool_name, el_val_t tool_input) {
el_val_t history = state_get(EL_STR("agentic_conv_history"));
el_val_t computed_tool_score = ({ el_val_t _if_result_55 = 0; if (str_eq(tool_name, EL_STR("run_command"))) { el_val_t cmd = json_get(tool_input, EL_STR("command")); _if_result_55 = (threat_score_command(cmd)); } else { _if_result_55 = (({ el_val_t _if_result_56 = 0; if ((str_eq(tool_name, EL_STR("write_file")) || str_eq(tool_name, EL_STR("edit_file")))) { el_val_t path = json_get(tool_input, EL_STR("path")); _if_result_56 = (threat_score_path(path)); } else { _if_result_56 = (0); } _if_result_56; })); } _if_result_55; });
el_val_t computed_tool_score = ({ el_val_t _if_result_56 = 0; if (str_eq(tool_name, EL_STR("run_command"))) { el_val_t cmd = json_get(tool_input, EL_STR("command")); _if_result_56 = (threat_score_command(cmd)); } else { _if_result_56 = (({ el_val_t _if_result_57 = 0; if ((str_eq(tool_name, EL_STR("write_file")) || str_eq(tool_name, EL_STR("edit_file")))) { el_val_t path = json_get(tool_input, EL_STR("path")); _if_result_57 = (threat_score_path(path)); } else { _if_result_57 = (0); } _if_result_57; })); } _if_result_56; });
el_val_t history_score = threat_score_history(history);
el_val_t history_contrib = (history_score / 3);
el_val_t combined = (computed_tool_score + history_contrib);
el_val_t should_log = (combined >= 40);
if (should_log) {
el_val_t ts = time_now();
el_val_t authorized_str = ({ el_val_t _if_result_57 = 0; if (security_research_authorized()) { _if_result_57 = (EL_STR("true")); } else { _if_result_57 = (EL_STR("false")); } _if_result_57; });
el_val_t authorized_str = ({ el_val_t _if_result_58 = 0; if (security_research_authorized()) { _if_result_58 = (EL_STR("true")); } else { _if_result_58 = (EL_STR("false")); } _if_result_58; });
el_val_t log_content = el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(el_str_concat(EL_STR("{\"event\":\"threat_check\",\"tool\":\""), tool_name), EL_STR("\",\"score\":")), int_to_str(combined)), EL_STR(",\"tool_score\":")), int_to_str(computed_tool_score)), EL_STR(",\"history_score\":")), int_to_str(history_score)), EL_STR(",\"authorized\":")), authorized_str), EL_STR(",\"ts\":")), int_to_str(ts)), EL_STR("}"));
el_val_t log_tags = EL_STR("[\"security-audit\",\"threat-check\"]");
el_val_t discard = mem_remember(log_content, log_tags);
@@ -589,7 +592,7 @@ el_val_t threat_history_append(el_val_t text) {
el_val_t safe_text = str_to_lower(text);
el_val_t combined = el_str_concat(el_str_concat(current, EL_STR(" ")), safe_text);
el_val_t len = str_len(combined);
el_val_t trimmed = ({ el_val_t _if_result_58 = 0; if ((len > 2000)) { _if_result_58 = (str_slice(combined, (len - 2000), len)); } else { _if_result_58 = (combined); } _if_result_58; });
el_val_t trimmed = ({ el_val_t _if_result_59 = 0; if ((len > 2000)) { _if_result_59 = (str_slice(combined, (len - 2000), len)); } else { _if_result_59 = (combined); } _if_result_59; });
state_set(EL_STR("agentic_conv_history"), trimmed);
return 0;
}
dist/neuron.c
Vendored
+284 -281
View File
File diff suppressed because it is too large Load Diff