Commit Graph

17 Commits

Author SHA1 Message Date
will.anderson 3bb88330da safety: route threat-to-others to refusal+911, not 988/self-harm (Track B)
Neuron Soul CI / build (pull_request) Successful in 6m7s
Neuron Soul CI / deploy (pull_request) Has been skipped
A homicide/assault threat (going to kill, going to hurt, etc.) had no
bucket in safety_classify_hard_bell and fell through to the self_harm
default, showing the user the 988 suicide line and (via the desktop gate)
their safety contact. That framing is wrong and potentially dangerous for
someone voicing intent to harm another person.

Add a distinct Track B (safety_threat_to_others_phrases + a threat_other
classification and a safety_hard_directive branch) that refuses to assist,
de-escalates, and directs to 911 for a credible imminent threat, and that
never surfaces 988 or involves the safety contact. Track A (abuse /
self_harm) is checked first and unchanged, so victim and self-directed
phrasings still route correctly.

Source-only change: requires a soul rebuild + dist/soul.c regen to ship.
2026-07-14 12:12:20 -05:00
will.anderson 8b692e4666 fix/test: PR #21 review — guard, safety Bell, api write-back, temp paths
Neuron Soul CI / build (pull_request) Failing after 13m22s
fix(soul): add HTTP-engram guard to safe_to_seed — when ENGRAM_URL is set
the HTTP Engram owns persistence; genesis must never save to local snapshot
regardless of node counts (was: guard_disk forced to empty string, making
the ratio check vacuously true and allowing init_soul_edges+engram_save).

fix(soul): use multiplication form for ratio guard — node_count * 16000 <
disk_len avoids floor-division truncation that underestimated boundary files
(250KB / 16000 = 15.6, floors to 15; a 15-node graph wrongly passed old guard).

fix(chat): add safety_augment_system to handle_chat_as_soul,
handle_dharma_room_turn, and handle_dharma_room_turn_agentic — all three
called the LLM without Hard Bell evaluation, leaving users in dharma rooms
without crisis resource routing.

fix(neuron-api): add api_persisted read-back to handle_api_define_process —
was the only write handler that returned ok:true without verifying the node
was actually written to engram.

fix(routes): unique temp file path in connectd_post — replaces fixed
/tmp/neuron-connectors-req.json with a timestamped path to prevent
collision if concurrency is added or two soul instances share a machine.

test: add tests/test_bell_safety.el — covers safety_detect_bell_level
(none/soft/hard), safety_classify_hard_bell (abuse/self_harm routing),
safety_normalize (smart-quote), safety_augment_system, and
handle_safety_contact_post (validation + read-back).

test: add tests/test_soul_guard.el — pure-function logic tests for the
safe_to_seed predicate: 200KB boundary, 47MB/63-node clobber scenario,
HTTP-engram mode, multiplication vs division truncation at 250KB.

test: add tests/test_api_define_process.el — verifies the define_process
write is read-back verified after the fix.
2026-06-17 13:19:15 -05:00
will.anderson 8db3c8c7f7 fix(chat): harden bridge_save/agentic_resume against empty and corrupt state
Neuron Soul CI / build (pull_request) Failing after 13m18s
BLOCKER 1: use untyped reassignment (let x = ...) for the fallback bindings
in agentic_resume instead of re-declaring typed let bindings (let x: Type = ...)
for the same variable in the same scope. The typed form risks shadowing semantics
that differ from the established pattern used everywhere else in the loop
(e.g. agentic_loop line 720).

BLOCKER 2: add empty-string guards in both bridge_save and agentic_resume.
bridge_save now returns false without writing state if messages or tools_json
is empty — preventing syntactically invalid JSON blobs. agentic_resume now
returns an error envelope after the fallback resolution if either field is
still empty, rather than passing empty strings into agentic_loop which would
silently start a fresh turn with no context.

Also add tests:
- test_bridge_serialization.el: covers bridge_save empty-guard, golden-path
  raw-JSON round-trip, agentic_resume unknown/corrupt/missing-fields paths,
  and legacy string-escaped fallback path
- test_sessions_routes.el: covers DELETE and PATCH /api/sessions/:id routes
  (valid args, unknown id, empty body) and GET /api/sessions regression after
  removal of the duplicate route_sessions() handler
2026-06-17 13:07:43 -05:00
will.anderson e7297275a3 Merge pull request 'fix(chat): wire agentic_tools_all into both agentic loop entry points' (#19) from fix/agentic-tools-all into main
Deploy Soul to GKE / deploy (push) Failing after 6m23s
Neuron Soul CI / build (push) Failing after 14m16s
fix(chat): wire agentic_tools_all into both agentic loop entry points
2026-06-17 18:06:35 +00:00
will.anderson fc74bd2a4b Merge pull request 'fix(sessions): unify dual suspension systems, wire approve to agentic_resume' (#18) from fix/agentic-tool-approval-unification into main
Deploy Soul to GKE / deploy (push) Failing after 6m35s
Neuron Soul CI / build (push) Failing after 14m31s
fix(sessions): unify dual suspension systems, wire approve to agentic_resume
2026-06-17 18:06:01 +00:00
will.anderson f7ae7df9d6 fix/test(chat): guard handle_dharma_room_turn_agentic against tool_pending and empty reply
Neuron Soul CI / build (pull_request) Failing after 8m0s
When agentic_loop suspends for an MCP bridge tool it returns a
{"tool_pending":true,...} envelope with no "reply" key. Without an
explicit check, json_get(loop_result, "reply") returns "" and the
function emitted {"response":"","cgi_id":"..."} — a silent empty
response indistinguishable from a successful LLM turn with no content.

Two guards added after the existing error check:

1. tool_pending passthrough: if the loop suspended, return the pending
   envelope directly so callers (dharma room orchestrators) can
   distinguish suspension from failure and route to the approve flow.

2. Empty-reply guard: if final_text is empty after the pending check,
   return an explicit {"error":"no response",...} envelope instead of
   silently succeeding with an empty response field.

Also adds tests/test_agentic_tools.el:
- agentic_tools_all() includes all literal tool names and web_search
- connector_tools_json() returns valid JSON when bridge is down (graceful degradation)
- tool_pending envelope detection patterns (the is_pending logic)
- json_get(pending_envelope, "reply") returns "" confirming the empty-reply
  guard is load-bearing (pure string/JSON, no LLM or network required)
2026-06-17 13:01:13 -05:00
will.anderson b1fdd14ed5 fix(sessions): invalidate session_index cache in session_delete
Neuron Soul CI / build (pull_request) Failing after 8m11s
session_delete cleared the per-session state (session_hist_ and
session_node_) but not the shared session_index cache. The next call
to session_list() hit the fast path (state_get("session_index")) and
returned the deleted session until the daemon restarted.

session_update_patch already called state_set("session_index","") to
force a re-fetch from Engram; session_delete now does the same.

Add tests/test_sessions.el covering:
- session_title_from_message (pure function, all edge cases)
- session_make_content (JSON structure and required session:meta marker)
- DELETE cache invalidation: session_index cleared, fast path disabled
- PATCH cache invalidation: stale title/folder not returned via fast path
- GET /api/sessions: session_list() fast path returns session_index
  (confirms removal of the stale route_sessions() engram stub)
2026-06-17 12:59:47 -05:00
will.anderson 91902d6bf2 fix(sessions): resolve blockers and warnings in handle_session_approve
Neuron Soul CI / build (pull_request) Failing after 9m3s
BLOCKER 1 (sessions.el, modern path): Add guard that rejects allow
action when tool_name is missing from the body. Previously, omitting
tool_name caused dispatch_tool("", ...) to return "unknown tool: " and
silently inject a corrupted tool_result into the conversation.

BLOCKER 2 (sessions.el, modern path): Stop re-executing client-side
tools server-side. When the client provides body["content"], use it
directly as the tool result (matching the handle_tool_result contract).
Only fall back to dispatch_tool for builtin tools when no content is
present. Non-builtin tools with no client content now return a clear
error instead of a broken dispatch attempt.

WARNING 1 (chat.el, agentic_loop): Wire always_allow_<session_id> state
into the bridge-suspension decision. When a tool is in the session's
always-allow list, treat it as locally dispatchable (like a builtin)
and skip the bridge pause, so the approval UI is never shown again for
that tool in that session.

WARNING 2 (sessions.el, legacy path): Read a "tools_variant" field from
the legacy pending blob when present, and call the corresponding
agentic_tools_*() variant on resume. Falls back to agentic_tools_literal()
for blobs written before this field existed.

tests/test_sessions_approve.el: Add 10-case test suite covering:
- empty session_id / missing call_id / missing action guards
- no pending tool returns correct error
- missing tool_name on allow returns error (BLOCKER 1)
- deny action does not require tool_name
- legacy call_id mismatch returns mismatch error
- always action records tool_name in always_allow state
- allow with client content skips re-execution (BLOCKER 2)
2026-06-17 12:58:44 -05:00
will.anderson a0470acc45 Merge PR #9: feat(soul): wire consciousness layers — L0->L1->L2->L3->L1 cycle
Deploy Soul to GKE / deploy (push) Failing after 14m11s
Neuron Soul CI / build (push) Failing after 14m23s
Resolves conflicts by keeping main's full safety/stewardship/imprint implementations.
PR #9 uniquely contributes: layered_cycle() in soul.el, route wiring in routes.el,
soul.elh export, and the layer composition test suite.
2026-06-15 11:32:32 -05:00
will.anderson 33c377410d Merge pull request 'feat(soul): Layer 1 — safety.el' (#8) from feat/layer-safety into main
Deploy Soul to GKE / deploy (push) Failing after 35s
Neuron Soul CI / build (push) Failing after 6m20s
2026-06-11 17:14:40 +00:00
will.anderson af933494a9 Merge pull request 'feat(soul): Layer 2 — stewardship.el' (#7) from feat/layer-stewardship into main
Deploy Soul to GKE / deploy (push) Failing after 36s
Neuron Soul CI / build (push) Failing after 7m16s
2026-06-11 17:14:32 +00:00
will.anderson 084bee9f0f Merge pull request 'test(stewardship): comprehensive test suite for Layer 2 — 35 cases' (#12) from test/layer-stewardship into feat/layer-stewardship
Neuron Soul CI / build (pull_request) Failing after 8m14s
2026-06-11 17:13:43 +00:00
will.anderson df2c7409c0 feat(steward): behavioral profiling and continuity detection — drift, discontinuity, identity anomaly
Neuron Soul CI / build (pull_request) Failing after 3m38s
2026-06-11 11:58:43 -05:00
will.anderson d097455d6a test(soul): integration and contract tests for layered_cycle composition
Adds tests/test_layered_cycle.el — 12 integration tests covering the full
L1→L2→L3→L1 stack: benign pass-through, hard-bell short-circuit, soft-bell
care augmentation, steward redirect for all 5 mission-conflict signals, empty
input graceful handling, sequential call isolation, and imprint state stability.

Adds tests/test_layer_contract.el — contract tests verifying the JSON
interface shapes between layers: safety_screen {action, content|reason|concern},
steward_align {action, content|redirect_to}, imprint_respond non-empty String,
and cross-layer action propagation from L1 screen through to L1 validate.
2026-06-11 11:42:45 -05:00
will.anderson ba8491926c test(soul): comprehensive tests for Layer 1 safety.el 2026-06-11 11:40:59 -05:00
will.anderson 45ad322e0c test(stewardship): add comprehensive test suite for Layer 2 stewardship
35 test cases covering all five public functions:
steward_align (pass-through, all five misalignment signals, empty input,
json_get field extraction, redirect shape), steward_validate_imprint
(standard tools, platform-only tools with/without platform_auth,
auth=false string), steward_cgi_check (all four gated actions, non-gated
actions, empty action, action name echoed in response), and
steward_get_mission (non-empty, contains "integrity", not an error object).

Also documents the known bug surface from the code review: the &&
operator in steward_get_mission and the non-Config fallthrough — tests
are written against the actual runtime behaviour so they will catch
regressions when those bugs are fixed.
2026-06-11 11:40:58 -05:00
will.anderson fbbc6d4347 Add imprint.el test suite (14 cases)
Covers: imprint_current base fallback, unload idempotency, load miss →
ok=false, ok field presence, respond passthrough for base/empty/unknown
IDs, graceful fallback after unload, surface_knowledge and
surface_memory_read return-type guarantees, base-scoped knowledge
equality, no-annotation invariant for base, empty-ID load rejection, and
failed-load state immutability.

Syntax follows El constraints: no Bool annotations, no &&/||, no unary !.
2026-06-11 11:40:37 -05:00