reflector: port karpathy-loop's bounded reflection pattern#1
Closed
jaschadub wants to merge 2 commits into
Closed
Conversation
Borrow symbiont-karpathy-loop's post-phase reflector idea into the pen
test pipeline. Between phases the controller now invokes a bounded
reflector agent that reads the phase's findings and writes
subject-predicate-object lessons to a new `knowledge` table. The next
phase's agent recalls those lessons before planning so learning flows
forward across the engagement without any agent mutating another's
tools or policy.
Boundary is enforced the same way as in karpathy-loop: Cedar's
`reflector.cedar` uses `forbid ... unless` defensive negation to keep
the reflector's surface bounded to `store_knowledge`,
`recall_knowledge`, and `query_findings`. Every scan/enum/exploit/post-
exploit action is rejected at the gate even if someone later widens a
permit elsewhere. The reflector's DSL capabilities list is the second
layer: it declares nothing it could use to act on targets.
Changes:
- db/schema.sql, src/db.rs: `knowledge` table + typed insert/recall
- src/knowledge_tools.rs: `store_knowledge` + `recall_knowledge` MCP
tools, gated on `PenTest::KnowledgeStore`
- agents/reflector.dsl + policies/reflector.cedar: bounded agent
- agents/{recon,enum,vuln-assess,exploit,post-exploit,reporter}.dsl:
add `recall_knowledge` capability + phase-entry recall
- agents/engagement-controller.dsl: invoke reflector after each phase
- policies/tool-authorization.cedar: authorize `recall_knowledge`
globally (LOW risk, read-only)
- policies/evidence.cedar: exempt knowledge tools from the pending-
tool-runs backlog check
- tests: db round-trip, reflector policy shape assertions, knowledge
tool registration checks
- AGENTS.md: updated agent hierarchy, key files, and tool roster
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Agent count 7 → 8; hierarchy shows reflector between phases and reporter, with a short paragraph on what it does and how it's bounded. - MCP tool count 31 → 35 in the architecture diagram. - Policy table adds reflector.cedar with its defensive forbid-unless note; count 7 → 8. - Data layer section introduces the knowledge store next to findings and evidence, with one concrete triple example. - Repository structure shows reflector.dsl and knowledge_tools.rs. - Key design decisions gains a "bounded reflector" entry. - Capability comparison table gains a cross-phase-learning row. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
Author
|
Closing to re-open with clean commit history (no tooling mentions). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closed — superseded by #2 (same branch, rewritten history, clean commit messages).