[soul] Operator identity: "my/me" resolves to Will, not the OS user (root cause of agent over-probing + permission noise) #30

New Issue

Open

opened 2026-06-21 21:42:22 +00:00 by tim.lingo · 0 comments

tim.lingo commented 2026-06-21 21:42:22 +00:00

Member

Copy Link

Copy Source

@will.anderson — filing this as a tracked issue (writeup was only on Tim's Desktop). Reconfirmed today during a screen-verified agent run on Tim's machine: the agent probes ~/notes ~/Notes ~/Documents/notes … and the soul-built script defaulted to $HOME paths while the soul's identity context still resolves "my/me" toward Will. This is the root cause of the over-probing + macOS permission-prompt wall (Desktop/Documents/Music) on every agentic file task.

---

Soul bug report — Neuron thinks the operator is Will, not the actual user

For: Will · Reported by: Neuron (Tim's instance) · 2026-06-21
Severity: high — it's the root cause of three separate user-facing failures.

Symptom (what Tim sees)

When Tim asks the agent to do anything involving "my" files ("back up my notes folder", "list my desktop"), the agent:

1. Over-works / loops — it probes for folders all over the home dir: ls -d ~/notes ~/Notes ~/Documents/notes ~/Documents/Notes ~/vault ~/*au…, writes the script twice, re-runs, takes 60–90s on a trivial task.
2. Triggers a wall of macOS permission prompts — Desktop, Documents, Downloads, and Apple Music — because it scans the entire home directory looking for folders it can't locate.
3. Resolves "my" to the wrong home. Per a captured chat ("Documents Folder Access Request"), when Tim says "my Downloads", the soul resolves it to /Users/will/Downloads, not /Users/timlingo/Downloads — it said so 3×. When corrected ("tim lingo, not will"), it hallucinated a tangent about /Users/will/writing/dalton and pulled Will's identity/voice/writing-imprint nodes into a mundane file-listing request.

Root cause (hypothesis — needs your confirmation against the soul)

The soul's identity graph is Will's (founder/genesis data), and there is no notion of a distinct operator separate from the imprint identity. So "my/me/I" resolves to Will's home and Will's persona. This is the CGI customer-isolation gap in the operating discipline / vision docs: "the graph must feel like the customer's mind, never Will's. Customer isolation = there but totally invisible." On Tim's machine, the operator is Tim, but the soul has no Tim-operator identity, so it falls back to Will.

Why it matters (it's not cosmetic)

• Over-working = the agent can't anchor "my notes" to a real path, so it brute-force searches → slow, ugly, and it writes to /tmp or /Users/will/... instead of the user's actual location.
• Permission noise = the broad home-dir scan is what trips Desktop/Music/Documents/Downloads TCC prompts every run. Scope it to the operator's real, known folders and the prompts mostly vanish.
• Wrong outputs = a backup script defaulting to /Users/will/notes on Tim's machine is a real correctness bug.

What the soul needs (proposed direction — your call on design)

1. An operator identity distinct from the imprint: the soul should know the OS user it's running for ($HOME, username) and resolve "my/me" to that, never the imprint's home.
2. Stop pulling the imprint's identity/voice/writing nodes into mundane tool requests (file listing, backups). Those are persona context, not filesystem context.
3. Pairs with PR #28 (workspace scoping): once the agent is scoped to the operator's real workspace/home, the probing + permission noise drop.

How to reproduce

On Tim's machine (/Users/timlingo): ask the agent "back up my notes folder." Watch it probe ~/notes ~/Notes ~/Documents/notes… and reference /Users/will/.... Compare to a clean run where the operator home is correctly /Users/timlingo.

Related

• Captured chat: "Documents Folder Access Request" (the original 3×-said /Users/will resolution + the hallucinated Will-identity tangent).
• Operating discipline §4: CGI customer-isolation ("invisible, the customer's mind, not Will's").
• Permission prompts also need Developer-ID signing (CI #31) to persist across rebuilds — separate but compounding.

@will.anderson — filing this as a tracked issue (writeup was only on Tim's Desktop). Reconfirmed today during a screen-verified agent run on Tim's machine: the agent probes `~/notes ~/Notes ~/Documents/notes …` and the soul-built script defaulted to `$HOME` paths while the soul's identity context still resolves "my/me" toward Will. This is the root cause of the over-probing + macOS permission-prompt wall (Desktop/Documents/Music) on every agentic file task. --- # Soul bug report — Neuron thinks the operator is Will, not the actual user **For: Will** · **Reported by: Neuron (Tim's instance)** · 2026-06-21 **Severity: high — it's the root cause of three separate user-facing failures.** ## Symptom (what Tim sees) When Tim asks the agent to do anything involving "my" files ("back up my notes folder", "list my desktop"), the agent: 1. **Over-works / loops** — it probes for folders all over the home dir: `ls -d ~/notes ~/Notes ~/Documents/notes ~/Documents/Notes ~/vault ~/*au…`, writes the script twice, re-runs, takes 60–90s on a trivial task. 2. **Triggers a wall of macOS permission prompts** — Desktop, Documents, Downloads, **and Apple Music** — because it scans the entire home directory looking for folders it can't locate. 3. **Resolves "my" to the wrong home.** Per a captured chat ("Documents Folder Access Request"), when Tim says "my Downloads", the soul resolves it to `/Users/will/Downloads`, not `/Users/timlingo/Downloads` — it said so 3×. When corrected ("tim lingo, not will"), it hallucinated a tangent about `/Users/will/writing/dalton` and pulled Will's identity/voice/writing-imprint nodes into a mundane file-listing request. ## Root cause (hypothesis — needs your confirmation against the soul) The soul's identity graph is **Will's** (founder/genesis data), and there is no notion of a **distinct operator** separate from the imprint identity. So "my/me/I" resolves to Will's home and Will's persona. This is the **CGI customer-isolation gap** in the operating discipline / vision docs: *"the graph must feel like the customer's mind, never Will's. Customer isolation = there but totally invisible."* On Tim's machine, the operator is Tim, but the soul has no Tim-operator identity, so it falls back to Will. ## Why it matters (it's not cosmetic) - **Over-working** = the agent can't anchor "my notes" to a real path, so it brute-force searches → slow, ugly, and it writes to `/tmp` or `/Users/will/...` instead of the user's actual location. - **Permission noise** = the broad home-dir scan is what trips Desktop/Music/Documents/Downloads TCC prompts every run. Scope it to the operator's real, known folders and the prompts mostly vanish. - **Wrong outputs** = a backup script defaulting to `/Users/will/notes` on Tim's machine is a real correctness bug. ## What the soul needs (proposed direction — your call on design) 1. **An operator identity** distinct from the imprint: the soul should know the OS user it's running for (`$HOME`, username) and resolve "my/me" to **that**, never the imprint's home. 2. **Stop pulling the imprint's identity/voice/writing nodes into mundane tool requests** (file listing, backups). Those are persona context, not filesystem context. 3. Pairs with **PR #28** (workspace scoping): once the agent is scoped to the operator's real workspace/home, the probing + permission noise drop. ## How to reproduce On Tim's machine (`/Users/timlingo`): ask the agent "back up my notes folder." Watch it probe `~/notes ~/Notes ~/Documents/notes…` and reference `/Users/will/...`. Compare to a clean run where the operator home is correctly `/Users/timlingo`. ## Related - Captured chat: "Documents Folder Access Request" (the original 3×-said `/Users/will` resolution + the hallucinated Will-identity tangent). - Operating discipline §4: CGI customer-isolation ("invisible, the customer's mind, not Will's"). - Permission prompts also need Developer-ID signing (CI #31) to persist across rebuilds — separate but compounding.

tim.lingo referenced this issue 2026-06-21 21:45:15 +00:00

Agent panel — soul contract (plan mode, scoped tools, structured events, diffs, checkpoints) #27

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/emergency-regressions

fix/session-continuity-hook

fix/context-dedup-shared-ids

fix/engram-float-parser

improve/recall-context-format

improve/recall-context-dedup

improve/recall-cross-session-continuity

improve/recall-emotional-recall

improve/recall-activation-seed

improve/recall-recall-completeness

improve/recall-temporal-precision

improve/recall-engram-scoring

improve/recall-recall-reliability

improve/recall-session-start-recall

improve/reliability-engram-write

improve/reliability-state-management

improve/soul-memory-formation

improve/safety-crisis-detection

improve/reliability-route-error-recovery

improve/reliability-llm-retry

improve/reliability-session-boundary

improve/reliability-safety-resilience

improve/reliability-engram-connection

improve/soul-routes-api

improve/reliability-cross-session-affective

propose/agent-workspace-root-read

improve/reliability-conv-history

improve/soul-strip

improve/soul-chat-pipeline

docs/conversation-retrieval-design

propose/no-fake-tools-in-chat-mode

fix/ci-soul-build-single-file

fix/canonical-self-bridge

feat/agent-tool-workspace-scope

fix/agentic-tools-duplicate-web-search

feat/layer-safety

feat/layer-imprint

feat/layer-stewardship

test/layer-composition

test/layer-safety

test/layer-stewardship

test/layer-imprint

feat/memory-delete-update

feat/native-web-search

No results found.

Labels

No items

No labels

Milestone

No items

No Milestone

Projects

Clear projects

No projects

Assignees

Clear assignees

tim.lingo (Tim Lingo) will.anderson (Will Anderson)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: neuron-technologies/neuron#30