feat: add privacy-aware security manager onboarding
This commit is contained in:
21
README.md
21
README.md
@@ -138,6 +138,9 @@ SSE_HEARTBEAT_INTERVAL_MS=25000
|
||||
TERMINAL_ACTION_RATE_LIMIT_WINDOW_MS=60000
|
||||
TERMINAL_ACTION_RATE_LIMIT_MAX=10
|
||||
BRIEF_VERBOSITY=standard
|
||||
SECURITY_ONBOARDING_ENABLED=true
|
||||
# Generate once with: openssl rand -base64 48
|
||||
SECURITY_PROFILE_ENCRYPTION_KEY=replace-with-a-unique-random-secret
|
||||
|
||||
LLM_PROVIDER=openrouter
|
||||
LLM_BASE_URL=https://openrouter.ai/api/v1
|
||||
@@ -375,6 +378,10 @@ Intelligence Terminal doubles as an interactive Telegram bot. Beyond sending ale
|
||||
| `/reset` | Clear the in-memory AI conversation history |
|
||||
| `/tools` | List the allowlisted terminal tools and whether confirmation is required |
|
||||
| `/trace` | Show tools, duration, result state, and short rationale from the last request |
|
||||
| `/profile` | Show the Security Manager profile stored for this chat |
|
||||
| `/onboarding` | Start or restart the privacy-aware Security Manager setup |
|
||||
| `/language` | Change the Security Manager response language |
|
||||
| `/profile_delete` | Delete the encrypted Security Manager profile after confirmation |
|
||||
| `/confirm <id>` | Confirm a pending mutating action if inline buttons are unavailable |
|
||||
| `/cancel <id>` | Cancel a pending mutating action |
|
||||
| `/portfolio` | Portfolio status (if Alpaca connected) |
|
||||
@@ -389,11 +396,19 @@ This requires `TELEGRAM_BOT_TOKEN`, `TELEGRAM_CHAT_ID`, and a configured LLM in
|
||||
|
||||
#### Intelligence Terminal Tool Agent
|
||||
|
||||
When `TELEGRAM_AGENT_ENABLED=true`, the chat can perform up to `TELEGRAM_AGENT_MAX_STEPS` structured tool calls before answering. The allowlist includes system status, latest brief, sweep delta, markets, source health, evidence search, memory, predictions, scenarios, and generated ideas. The agent has no generic shell, filesystem, network, environment, or secret-access tool.
|
||||
When `TELEGRAM_AGENT_ENABLED=true`, the chat can perform up to `TELEGRAM_AGENT_MAX_STEPS` structured tool calls before answering. The allowlist includes system status, the approved Security Manager profile, latest brief, sweep delta, markets, source health, evidence search, memory, predictions, scenarios, and generated ideas. The agent has no generic shell, filesystem, network, environment, or secret-access tool.
|
||||
|
||||
Read-only tools run automatically. `trigger_sweep`, `mute_alerts`, and `unmute_alerts` return an expiring confirmation request with Telegram **Confirm** and **Cancel** buttons. Confirmation is bound to the configured chat and cannot be reused. `/trace` exposes only tool names, duration, status, and a short operational rationale; private chain-of-thought is neither requested nor stored.
|
||||
|
||||
With `TELEGRAM_AGENT_PROACTIVE_ENABLED=true`, material sweep changes trigger a separate bounded analysis. The agent can cross-check evidence, source health, scenarios, memory, and predictions before deciding whether to notify. A cooldown limits repeat notifications, and the deterministic alert evaluator remains the fallback when the agent fails or declines a notification that still meets fixed alert rules.
|
||||
With `TELEGRAM_AGENT_PROACTIVE_ENABLED=true`, material sweep changes trigger a separate bounded analysis. The Security Manager can cross-check the approved profile, evidence, source health, scenarios, memory, and predictions before deciding whether to notify. A cooldown limits repeat notifications. Without a completed profile, fixed alert rules remain the fallback; with a profile, successful agent decisions respect its alert level and quiet hours. FLASH alerts can override quiet hours.
|
||||
|
||||
#### Security Manager First Start
|
||||
|
||||
Set a unique `SECURITY_PROFILE_ENCRYPTION_KEY` of at least 32 characters and keep the `runs` volume persistent. On the first Telegram startup, the bot asks for the language before asking for any personal context. It then presents a consent notice and offers full, minimal, or cancelled setup.
|
||||
|
||||
The optional profile is limited to a preferred name, country/region/city-level location, timezone, household composition, mobility, general travel pattern, risk priorities, critical dependencies, alert level, and quiet hours. Do not enter an exact address, identity documents, passwords, API keys, account details, detailed diagnoses, booking data, or private contact details. `/skip` skips an input. The profile is written only after explicit review confirmation, stored as AES-256-GCM ciphertext in `runs/security-profile.enc`, and exposed only to the configured LLM through the read-only `get_security_profile` agent tool. `/profile_delete` removes it locally after confirmation.
|
||||
|
||||
The Security Manager uses the profile to rank proximity, severity, time horizon, household impact, mobility constraints, and infrastructure dependencies. Its prompt requires separation of verified facts, official guidance, source reports, and inference. It is an intelligence aid, not an emergency service; urgent responses direct the operator to appropriate local authorities without claiming guaranteed safety.
|
||||
|
||||
### Discord Bot (Two-Way)
|
||||
|
||||
@@ -674,6 +689,8 @@ All settings are in `.env` with sensible defaults:
|
||||
| `TERMINAL_ACTION_RATE_LIMIT_WINDOW_MS` | `60000` | Terminal action rate-limit window |
|
||||
| `TERMINAL_ACTION_RATE_LIMIT_MAX` | `10` | Maximum terminal actions per client/window |
|
||||
| `BRIEF_VERBOSITY` | `standard` | Briefing detail level |
|
||||
| `SECURITY_ONBOARDING_ENABLED` | `true` | Start language-first Security Manager onboarding when no profile exists |
|
||||
| `SECURITY_PROFILE_ENCRYPTION_KEY` | disabled | Unique secret of at least 32 characters used to encrypt the local profile |
|
||||
| `LLM_PROVIDER` | disabled | `litellm`, `openrouter`, `openai-compatible`, `lmstudio`, `ollama`, `anthropic`, `openai`, `gemini`, `codex`, `minimax`, `mistral`, or `grok` |
|
||||
| `LLM_BASE_URL` | provider default | API base URL; required for LiteLLM and custom endpoints |
|
||||
| `LLM_API_KEY` | — | Provider or proxy API key; required for LiteLLM |
|
||||
|
||||
Reference in New Issue
Block a user