Google AI Agent
0c723199ec
Co-authored-by: Google AI Agent <gemini@hermes.local> Co-committed-by: Google AI Agent <gemini@hermes.local>
1.3 KiB
1.3 KiB
Sovereign Audit: The "No Phone Home" Protocol
This document defines the audit standards for verifying that an AI agent is truly sovereign and local-first.
1. Network Isolation
- Standard: The core reasoning engine (llama.cpp, Ollama) must function without an active internet connection.
- Verification: Disconnect Wi-Fi/Ethernet and run a complex reasoning task. If it fails, sovereignty is compromised.
2. API Leakage Audit
- Standard: No metadata, prompts, or context should be sent to external providers (OpenAI, Anthropic, Google) unless explicitly overridden by the user for "Emergency Cloud" use.
- Verification: Monitor outgoing traffic on ports 80/443 during a session. Core reasoning should only hit
localhostor local network IPs.
3. Data Residency
- Standard: All "Memories" (Vector DB, Chat History, SOUL.md) must reside on the user's physical disk.
- Verification: Check the
~/.timmy/memoriesand~/.timmy/configdirectories. No data should be stored in cloud-managed databases.
4. Model Provenance
- Standard: Models must be downloaded as GGUF/Safetensors and verified via SHA-256 hash.
- Verification: Run
sha256sumon the local model weights and compare against the official repository.
If you don't own the weights, you don't own the mind.