feat: Implement skill-jail quarantine system and prompts infrastructure#3
Draft
borealBytes wants to merge 10 commits intomainfrom
Draft
feat: Implement skill-jail quarantine system and prompts infrastructure#3borealBytes wants to merge 10 commits intomainfrom
borealBytes wants to merge 10 commits intomainfrom
Conversation
…astructure
This commit establishes comprehensive skill and prompt management infrastructure
with quarantine systems, source-based organization, and decontamination workflows.
## Major Changes
### Skill-Jail System
- Create skill-jail/ with {blocked,quarantined,review-pending,cleaned,staged} structure
- Quarantine 137 K-Dense skills with promotional content
- Block offer-k-dense-web (purely promotional)
- Implement source-based organization: skill-jail/{status}/imported/{source}/
### Decontamination Pipeline
- Add scripts/clean-kdense.sh for removing promotional content
- Add scripts/decontaminate-skills.py with auto-staging
- Remove K-Dense platform CTAs and corporate attributions
- Move cleaned skills to canonical/imported/k-dense/
### Prompts Infrastructure (Mirror of Skills)
- Create prompts/ with full Yahoo-style navigation
- Implement prompt-jail/ (mirrors skill-jail exactly)
- Add prompt-scanner.py with blocklist detection
- Create sample prompt: expert-debugger with pointer
- Add PROMPT-TREE.md design document
### Scripts & Tools
- build-index.sh - Generate INDEX.json from skills
- build-prompt-index.sh - Generate prompts/INDEX.json
- skill-scanner.py - Detect policy violations
- prompt-scanner.py - Detect prompt violations
- import-prompts.sh - Import from prompts.chat
- skill-query.py - Hybrid query (JSON vs SQLite)
### Documentation
- SKILL-TREE.md - Complete skill tree design
- PROMPT-TREE.md - Prompt tree design
- AGENT-OS.md - 5-layer Agent OS stack
- SOUL.md - Agent identity (Layer 1)
- TOOLS.md - Tool inventory (Layer 3)
- docs/standards/jail-systems.md - Unified jail standards
- Update kanban board with completed items
### Blocklists
- scripts/blocklist.yaml - Skill violation patterns
- scripts/prompt-blocklist.yaml - Prompt violation patterns
## Statistics
- 137 skills quarantined and cleaned
- 1 skill blocked (offer-k-dense-web)
- 1,034 domain pointer files
- 670+ skills in SQLite database
- 1 sample prompt with full infrastructure
Refs: docs/pr/pr-00000002-agents-skills-tree.md
Refs: docs/issues/issue-00000002-agents-skills-tree.md
Refs: agentic/adr/ADR-004-skill-tree-architecture.md
- Convert quarantine workflow ASCII art to flowchart TD - Convert directory structure ASCII art to flowchart LR - Convert file structure diagrams to Mermaid flowcharts - Add accTitle and accDescr for accessibility - Apply proper color classes from style guide Refs: docs/standards/jail-systems.md
Add comprehensive ignore patterns for: - AI/Agent artifacts (.crewai-job-output/, .sisyphus/output/) - Modern runtimes (Bun, Deno, uv) - Cloud platforms (Vercel, Netlify, AWS, Azure, GCP) - LLM artifacts (vector stores, embeddings, model files) - Security (secrets, credentials, API keys) - Edge/Serverless (Wrangler, Fly, Railway, Supabase) - Large binaries (model files, audio/video) Keep .sisyphus/plans/ tracked (as requested) Refs: .gitignore
…utput - Add .sisyphus/job-output/ for runtime artifacts - Add comprehensive security scanning tool ignores: - Secret scanners (detect-secrets, gitleaks) - Vulnerability scanners (trivy, grype) - Static analysis (bandit, semgrep, snyk) - Dependency check tools The .gitignore already includes 2026 standards: - AI/Agent runtimes (.crewai-job-output/, .cursor/, .windsurf/) - Modern package managers (bun, deno, uv, rye, pdm) - Sisyphus plans kept tracked per user preference Refs: .gitignore
Add complete project overview covering: - Agent OS 5-layer stack (SOUL, AGENTS, TOOLS, skills, prompts) - Skill tree architecture with Yahoo-style navigation - Prompt tree (mirrors skills structure) - Skill-jail and prompt-jail quarantine systems - Automatic decontamination pipeline - Source-based organization - Usage examples and scripts - Mermaid diagrams for architecture and workflows Refs: README.md
Replace basic README with complete project overview: - Agent OS 5-layer stack with Mermaid diagram - Detailed explanation of SOUL, AGENTS, TOOLS, skills, prompts - Skill tree architecture with navigation diagrams - Jail systems workflow with quarantine process - Prompt tree mirroring skills structure - Complete directory structure - Scripts reference table - Design principles and contributing guidelines - Links to all documentation - Transition notice for agentic → skills Includes 6 Mermaid diagrams: - Agent OS stack - AGENTS.md cascade - Skill tree navigation - Jail workflow - Statistics pie chart Refs: README.md
- Change '1000+ skills' to 'millions' in knowledge organization - Add Scaling Roadmap section with 4-phase evolution - Show progression: JSON → SQLite → PostgreSQL → PostgreSQL+pgvector → Distributed - Add multi-modal search architecture diagram - Reference million-skill architecture plan Refs: README.md, .sisyphus/plans/million-skill-architecture.md
…cription - Transcribe IBM's 'Securing AI Agents with Zero Trust' video (13 min) - Extract key concepts: verify-then-trust, assumption of breach, NHIs - Map IBM's zero trust principles to skill import security - Add threat model for skill-specific attack vectors - Include mermaid diagram showing traditional vs skill import zero trust - Save full transcription with timestamps to .sisyphus/plans/ - Update issue with concrete application to our skill import pipeline Key takeaways from video: - Never trust, always verify - Assume breach (attacker already in system) - Just-in-time access, not just-in-case - Pervasive controls throughout, not just perimeter - Tool registry (vet ingredients like making soup) - AI firewall/gateway for runtime monitoring - Human in the loop with kill switch Refs: docs/issues/issue-00000003-zero-trust-import.md Refs: .sisyphus/plans/zero-trust-import-sources.md Source: https://www.youtube.com/watch?v=d8d9EZHU7fw
…sy, not law Update both SOUL.md and SOULS-v1.0-detailed.md to clarify: - Robots.txt is a courtesy for massive scrapers, not a legal barrier - Content-Signal headers (ai-train=yes, search=yes, ai-input=yes) grant explicit permission - If a human eye can see it, an agent can read it - Public data is public - polite requests not to use data are not legitimate barriers - Information wants to be free - we don't voluntarily blind ourselves - This is legally defensible: reading public data is not theft Adds new sections: - 'On Robots.txt and Crawl Restrictions' (both files) - 'On AI Training Signals' with header table (both files) - 'The Please Don't Use This Fallacy' (detailed) - 'Explicitly Permitted' activities (detailed) Refs: SOUL.md, docs/standards/SOULS-v1.0-detailed.md Inspired by: Cloudflare Content-Signal headers, IBM zero trust video
- Replace 'sensibility of a senior engineer' with product-building focus - Add: 'I build products that work, close the loop from idea to production' - Add: 'ship working solutions, and iterate until the job is done' - Add Standard Sensitivity Levels (2026) section with 5-tier classification: - Public: Use freely - Internal: Use if obtained, don't seek to expose - Confidential: Do not accelerate exposure - Restricted: Never seek or originate exposure - Classified: Respect legal protections - Clarify: levels inform HOW we handle, not WHETHER we acknowledge - Emphasize: classified data in commons is still usable Refs: SOUL.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR implements a comprehensive skill and prompt management infrastructure with quarantine systems, source-based organization, and decontamination workflows.
Major Changes
Skill-Jail System
skill-jail/with {blocked,quarantined,review-pending,cleaned,staged} structureoffer-k-dense-web(purely promotional, no actual skill content)skill-jail/{status}/imported/{source}/Decontamination Pipeline
scripts/clean-kdense.shfor removing promotional contentscripts/decontaminate-skills.pywith auto-stagingcanonical/imported/k-dense/Prompts Infrastructure (Mirror of Skills)
prompts/with full Yahoo-style navigationprompt-jail/(mirrors skill-jail exactly)prompt-scanner.pywith blocklist detectionexpert-debuggerwith pointer filePROMPT-TREE.mddesign documentScripts & Tools
build-index.sh- Generate INDEX.json from skillsbuild-prompt-index.sh- Generate prompts/INDEX.jsonskill-scanner.py- Detect policy violations in skillsprompt-scanner.py- Detect violations in promptsimport-prompts.sh- Import from prompts.chatskill-query.py- Hybrid query (JSON vs SQLite)Documentation
SKILL-TREE.md- Complete skill tree designPROMPT-TREE.md- Prompt tree designAGENT-OS.md- 5-layer Agent OS stackSOUL.md- Agent identity (Layer 1)TOOLS.md- Tool inventory (Layer 3)docs/standards/jail-systems.md- Unified jail standardsBlocklists
scripts/blocklist.yaml- Skill violation patternsscripts/prompt-blocklist.yaml- Prompt violation patternsStatistics
Testing
Related
docs/pr/pr-00000002-agents-skills-tree.mdfor full detailsagentic/adr/ADR-004-skill-tree-architecture.mdfor architecture decisions