Compare commits
1 Commits
step35/875
...
fix/511
| Author | SHA1 | Date | |
|---|---|---|---|
|
e00153826b |
@@ -1,126 +0,0 @@
|
||||
# Username OSINT Operator Policy
|
||||
|
||||
**Effective**: 2026-04-26
|
||||
**Applies to**: Username enumeration results produced by `maigret` / `socialscan` / `sherlock`
|
||||
**Exempt**: Manual human social-engineering (this policy covers automated tool output only)
|
||||
**Related**: timmy-home#875, `research/username-osint/decision-memo.md`
|
||||
|
||||
---
|
||||
|
||||
## 1. Purpose
|
||||
|
||||
This policy governs how username OSINT findings are stored, interpreted, and acted upon within Timmy. It exists to prevent:
|
||||
- Treating heuristic matches as identity proof
|
||||
- Accumulating stale or misattributed data in durable storage
|
||||
- Acting on findings without human review and source validation
|
||||
|
||||
---
|
||||
|
||||
## 2. Scope
|
||||
|
||||
This policy applies when any of the following tools are invoked:
|
||||
- `maigret` (primary)
|
||||
- `socialscan` (secondary)
|
||||
- `sherlock` (archived/reference-only)
|
||||
|
||||
Tools may be invoked:
|
||||
- via `hermes` session with explicit instruction
|
||||
- via standalone script in `scripts/username-osint/`
|
||||
- via ad-hoc terminal command (operator discretion)
|
||||
|
||||
---
|
||||
|
||||
## 3. Storage boundaries
|
||||
|
||||
### 3.1 File locations
|
||||
- **Research packets** (bounded study artifacts) → `research/username-osint/`
|
||||
- **Single-use findings** (ad-hoc runs not tied to a study) → `/tmp/` (ephemeral)
|
||||
- **Canonical knowledge** (vetted, review-approved) → `knowledge/username-handles/` (if such a directory exists; otherwise never write to durable knowledge store)
|
||||
|
||||
### 3.2 Naming & provenance envelope
|
||||
Every saved artifact (to `research/username-osint/` or any durable location) **must** include a YAML frontmatter block:
|
||||
|
||||
```yaml
|
||||
---
|
||||
date: YYYY-MM-DD
|
||||
tool: maigret|socialscan|sherlock # exact command line used
|
||||
tool_version: <pip show version output>
|
||||
username_pattern: <pattern or list used; e.g. "alice,bob,charlie" or "@corp-employees.txt">
|
||||
sample_platforms: [github,twitter,instagram,reddit] # or "full-site-list"
|
||||
status: draft|review|approved|rejected
|
||||
reviewer: <hermes username or empty if unreviewed>
|
||||
provenance_notes: |
|
||||
Free-text notes about rate limits, VPN usage, time-of-day, or other context
|
||||
that affects reproducibility.
|
||||
---
|
||||
```
|
||||
|
||||
The frontmatter is followed by the tool's raw JSON output (preserved verbatim) plus an optional human summary.
|
||||
|
||||
---
|
||||
|
||||
## 4. Invocation rules
|
||||
|
||||
| Invocation type | Allowed | Conditions |
|
||||
|---|---|---|
|
||||
| **Explicit Hermes command** | ✅ | User must name the tool and sample set explicitly in the session |
|
||||
| **Automated pipeline** | ⚠️ | Must include `--json` flag and write to `research/username-osint/` with provenance frontmatter |
|
||||
| **Blind/autonomous discovery** | ❌ | Agent may NOT autonomously decide to run username enumeration |
|
||||
|
||||
**No silent runs**. Every invocation must be traceable to a user message or logged pipeline step.
|
||||
|
||||
---
|
||||
|
||||
## 5. Interpretation guardrails
|
||||
|
||||
### 5.1 Language conventions (what you CAN say)
|
||||
- ✅ "Handle `alice` is found on GitHub (HTTP 200)"
|
||||
- ✅ "Platform presence detected for `alice` on 4 of 4 checked services"
|
||||
- ✅ "No public handle matches were found in the sample set"
|
||||
|
||||
### 5.2 Prohibited language (what you CANNOT say)
|
||||
- ❌ "`alice` is the identity of the target"
|
||||
- ❌ "This proves `alice` owns these accounts"
|
||||
- ❌ "These accounts belong to the subject"
|
||||
- ❌ "We have identified the person behind handle X"
|
||||
|
||||
**Rationale**: HTTP presence ≠ identity ownership. Platform migration, shared devices, and impersonation are common. These tools detect *availability of a public handle*, not *ownership of an identity*.
|
||||
|
||||
---
|
||||
|
||||
## 6. Review & retention
|
||||
|
||||
### 6.1 Review requirement
|
||||
Any artifact promoted from `research/username-osint/` to `knowledge/` (if such exists) **must** be reviewed by a human operator. Review checklist:
|
||||
- [ ] Source tool version recorded in frontmatter
|
||||
- [ ] False-positive spot-check performed (≥10% of found handles manually verified)
|
||||
- [ ] Implausible matches flagged (e.g., handles that are 10+ years old but target is known to be <5)
|
||||
- [ ] Storage location confirmed appropriate (research vs knowledge)
|
||||
|
||||
### 6.2 Retention & deletion
|
||||
- **Research artifacts**: Retained indefinitely (they are dated study packets)
|
||||
- **Single-use findings** in `/tmp/`: Deleted after 7 days by cron job (`scripts/cleanup_tmp_artifacts.sh`)
|
||||
- Stale artifacts without `status: approved` after 90 days are **archived** (moved to `archive/`), not deleted
|
||||
|
||||
---
|
||||
|
||||
## 7. Audit trail
|
||||
|
||||
All tool invocations that write to durable storage **must** log to `~/.timmy/logs/username-osint.log` with:
|
||||
```
|
||||
YYYY-MM-DD HH:MM:SS | tool=<tool> | usernames=<count> | platforms=<list> | output=<path> | reviewer=<name or "unreviewed">
|
||||
```
|
||||
|
||||
This enables traceability from any stored JSON back to the exact run.
|
||||
|
||||
---
|
||||
|
||||
## 8. Exceptions
|
||||
|
||||
Requests for exception to this policy require:
|
||||
1. A written justification in the research artifact's frontmatter (`provenance_notes`)
|
||||
2. Human reviewer sign-off in the `reviewer` field
|
||||
3. Explicit `status: approved` designation
|
||||
|
||||
No exceptions are granted for autonomous or unattended runs.
|
||||
|
||||
@@ -285,25 +285,24 @@ class World:
|
||||
self.state.pop("phase_transition_event", None)
|
||||
|
||||
# Natural energy decay: the world is exhausting
|
||||
self.state.pop("energy_collapse_event", None)
|
||||
for char_name, char in self.characters.items():
|
||||
char["energy"] = max(0, char["energy"] - 0.3)
|
||||
# Check for energy collapse
|
||||
if char["energy"] <= 0:
|
||||
current = char.get("room", "Threshold")
|
||||
next_rooms = [room for room in self.rooms.keys() if room != current]
|
||||
new_room = random.choice(next_rooms) if next_rooms else current
|
||||
char["energy"] = 2 # Wake up with some energy
|
||||
char["room"] = new_room
|
||||
# Timmy collapse gets special narrative treatment
|
||||
if char.get("is_player", False):
|
||||
char["memories"].append("Collapsed from exhaustion.")
|
||||
char["energy"] = 2 # Wake up with some energy
|
||||
# Random room change (scattered)
|
||||
rooms = list(self.rooms.keys())
|
||||
current = char.get("room", "Threshold")
|
||||
new_room = current
|
||||
attempts = 0
|
||||
while new_room == current and attempts < 10:
|
||||
import random as _r
|
||||
new_room = _r.choice(rooms)
|
||||
attempts += 1
|
||||
if new_room != current:
|
||||
char["room"] = new_room
|
||||
self.state["energy_collapse_event"] = {
|
||||
"character": char_name,
|
||||
"from_room": current,
|
||||
"to_room": new_room,
|
||||
}
|
||||
|
||||
# Forge fire naturally dims if not tended
|
||||
# Phase-aware: Breaking phase has higher fire-death chance
|
||||
@@ -1094,7 +1093,21 @@ class GameEngine:
|
||||
}
|
||||
|
||||
# Process Timmy's action
|
||||
room_name = self.world.characters["Timmy"]["room"]
|
||||
timmy_energy = self.world.characters["Timmy"]["energy"]
|
||||
|
||||
collapse_event = self.world.state.pop("energy_collapse_event", None)
|
||||
if collapse_event and collapse_event.get("character") == "Timmy":
|
||||
room_name = self.world.characters["Timmy"]["room"]
|
||||
scene["timmy_room"] = room_name
|
||||
scene["timmy_energy"] = self.world.characters["Timmy"]["energy"]
|
||||
scene["room_desc"] = self.world.get_room_desc(room_name, "Timmy")
|
||||
here = [n for n in self.world.characters if self.world.characters[n]["room"] == room_name and n != "Timmy"]
|
||||
scene["here"] = here
|
||||
scene["log"].append("You collapse from exhaustion. The world spins. You wake somewhere else.")
|
||||
if collapse_event.get("from_room") != collapse_event.get("to_room"):
|
||||
scene["log"].append(f"You are in The {collapse_event['to_room']}, disoriented.")
|
||||
return scene
|
||||
|
||||
# Energy constraint checks
|
||||
action_costs = {
|
||||
@@ -1157,7 +1170,7 @@ class GameEngine:
|
||||
if direction in connections:
|
||||
dest = connections[direction]
|
||||
self.world.characters["Timmy"]["room"] = dest
|
||||
self.world.characters["Timmy"]["energy"] -= 1
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
|
||||
scene["log"].append(f"You move {direction} to The {dest}.")
|
||||
scene["timmy_room"] = dest
|
||||
@@ -1265,7 +1278,7 @@ class GameEngine:
|
||||
self.world.characters["Timmy"]["trust"]["Kimi"] = min(1.0,
|
||||
self.world.characters["Timmy"]["trust"].get("Kimi", 0) + 0.1)
|
||||
|
||||
self.world.characters["Timmy"]["energy"] -= 0
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
else:
|
||||
scene["log"].append(f"{target} is not in this room.")
|
||||
|
||||
@@ -1302,7 +1315,7 @@ class GameEngine:
|
||||
if self.world.characters["Timmy"]["room"] == "Forge":
|
||||
self.world.rooms["Forge"]["fire"] = "glowing"
|
||||
self.world.rooms["Forge"]["fire_tended"] += 1
|
||||
self.world.characters["Timmy"]["energy"] -= 2
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
scene["log"].append("You tend the forge fire. The flames leap up, bright and hungry.")
|
||||
self.world.state["forge_fire_dying"] = False
|
||||
else:
|
||||
@@ -1324,7 +1337,7 @@ class GameEngine:
|
||||
]
|
||||
new_rule = random.choice(rules)
|
||||
self.world.rooms["Tower"]["messages"].append(new_rule)
|
||||
self.world.characters["Timmy"]["energy"] -= 1
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
scene["log"].append(f"You write on the Tower whiteboard: \"{new_rule}\"")
|
||||
else:
|
||||
scene["log"].append("You are not in the Tower.")
|
||||
@@ -1343,7 +1356,7 @@ class GameEngine:
|
||||
new_carving = random.choice(carvings)
|
||||
if new_carving not in self.world.rooms["Bridge"]["carvings"]:
|
||||
self.world.rooms["Bridge"]["carvings"].append(new_carving)
|
||||
self.world.characters["Timmy"]["energy"] -= 1
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
scene["log"].append(f"You carve into the railing: \"{new_carving}\"")
|
||||
else:
|
||||
scene["log"].append("You are not on the Bridge.")
|
||||
@@ -1352,7 +1365,7 @@ class GameEngine:
|
||||
if self.world.characters["Timmy"]["room"] == "Garden":
|
||||
self.world.rooms["Garden"]["growth"] = min(5,
|
||||
self.world.rooms["Garden"]["growth"] + 1)
|
||||
self.world.characters["Timmy"]["energy"] -= 1
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
scene["log"].append("You plant something in the dark soil. The earth takes it without question.")
|
||||
else:
|
||||
scene["log"].append("You are not in the Garden.")
|
||||
@@ -1371,7 +1384,7 @@ class GameEngine:
|
||||
self.world.characters["Timmy"]["trust"].get(target_name, 0) + 0.2)
|
||||
self.world.characters[target_name]["trust"]["Timmy"] = min(1.0,
|
||||
self.world.characters[target_name]["trust"].get("Timmy", 0) + 0.2)
|
||||
self.world.characters["Timmy"]["energy"] -= 1
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
scene["log"].append(f"You help {target_name}. They look grateful.")
|
||||
|
||||
else:
|
||||
@@ -1427,6 +1440,9 @@ class GameEngine:
|
||||
self.world.characters[char_name]["spoken"].append(line)
|
||||
scene["log"].append(f"{char_name} says: \"{line}\"")
|
||||
|
||||
scene["timmy_room"] = self.world.characters["Timmy"]["room"]
|
||||
scene["timmy_energy"] = self.world.characters["Timmy"]["energy"]
|
||||
|
||||
# Save the world
|
||||
self.world.save()
|
||||
|
||||
|
||||
@@ -203,26 +203,25 @@ class World:
|
||||
def update_world_state(self):
|
||||
"""World changes independent of character actions."""
|
||||
# Natural energy decay: the world is exhausting
|
||||
self.state.pop("energy_collapse_event", None)
|
||||
for char_name, char in self.characters.items():
|
||||
char["energy"] = max(0, char["energy"] - 0.3)
|
||||
# Check for energy collapse
|
||||
if char["energy"] <= 0:
|
||||
current = char.get("room", "Threshold")
|
||||
next_rooms = [room for room in self.rooms.keys() if room != current]
|
||||
new_room = random.choice(next_rooms) if next_rooms else current
|
||||
char["energy"] = 2 # Wake up with some energy
|
||||
char["room"] = new_room
|
||||
# Timmy collapse gets special narrative treatment
|
||||
if char.get("is_player", False):
|
||||
char["memories"].append("Collapsed from exhaustion.")
|
||||
char["energy"] = 2 # Wake up with some energy
|
||||
# Random room change (scattered)
|
||||
rooms = list(self.rooms.keys())
|
||||
current = char.get("room", "Threshold")
|
||||
new_room = current
|
||||
attempts = 0
|
||||
while new_room == current and attempts < 10:
|
||||
new_room = rooms[0] # Will change to random
|
||||
attempts += 1
|
||||
if new_room != current:
|
||||
char["room"] = new_room
|
||||
self.state["energy_collapse_event"] = {
|
||||
"character": char_name,
|
||||
"from_room": current,
|
||||
"to_room": new_room,
|
||||
}
|
||||
|
||||
# Forge fire naturally dims if not tended
|
||||
self.state["forge_fire_dying"] = random.random() < 0.1
|
||||
|
||||
# Random weather events
|
||||
@@ -927,7 +926,21 @@ class GameEngine:
|
||||
}
|
||||
|
||||
# Process Timmy's action
|
||||
room_name = self.world.characters["Timmy"]["room"]
|
||||
timmy_energy = self.world.characters["Timmy"]["energy"]
|
||||
|
||||
collapse_event = self.world.state.pop("energy_collapse_event", None)
|
||||
if collapse_event and collapse_event.get("character") == "Timmy":
|
||||
room_name = self.world.characters["Timmy"]["room"]
|
||||
scene["timmy_room"] = room_name
|
||||
scene["timmy_energy"] = self.world.characters["Timmy"]["energy"]
|
||||
scene["room_desc"] = self.world.get_room_desc(room_name, "Timmy")
|
||||
here = [n for n in self.world.characters if self.world.characters[n]["room"] == room_name and n != "Timmy"]
|
||||
scene["here"] = here
|
||||
scene["log"].append("You collapse from exhaustion. The world spins. You wake somewhere else.")
|
||||
if collapse_event.get("from_room") != collapse_event.get("to_room"):
|
||||
scene["log"].append(f"You are in The {collapse_event['to_room']}, disoriented.")
|
||||
return scene
|
||||
|
||||
# Energy constraint checks
|
||||
action_costs = {
|
||||
@@ -990,7 +1003,7 @@ class GameEngine:
|
||||
if direction in connections:
|
||||
dest = connections[direction]
|
||||
self.world.characters["Timmy"]["room"] = dest
|
||||
self.world.characters["Timmy"]["energy"] -= 1
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
|
||||
scene["log"].append(f"You move {direction} to The {dest}.")
|
||||
scene["timmy_room"] = dest
|
||||
@@ -1092,7 +1105,7 @@ class GameEngine:
|
||||
self.world.characters["Timmy"]["trust"]["Kimi"] = min(1.0,
|
||||
self.world.characters["Timmy"]["trust"].get("Kimi", 0) + 0.1)
|
||||
|
||||
self.world.characters["Timmy"]["energy"] -= 0
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
else:
|
||||
scene["log"].append(f"{target} is not in this room.")
|
||||
|
||||
@@ -1129,7 +1142,7 @@ class GameEngine:
|
||||
if self.world.characters["Timmy"]["room"] == "Forge":
|
||||
self.world.rooms["Forge"]["fire"] = "glowing"
|
||||
self.world.rooms["Forge"]["fire_tended"] += 1
|
||||
self.world.characters["Timmy"]["energy"] -= 2
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
scene["log"].append("You tend the forge fire. The flames leap up, bright and hungry.")
|
||||
self.world.state["forge_fire_dying"] = False
|
||||
else:
|
||||
@@ -1151,7 +1164,7 @@ class GameEngine:
|
||||
]
|
||||
new_rule = random.choice(rules)
|
||||
self.world.rooms["Tower"]["messages"].append(new_rule)
|
||||
self.world.characters["Timmy"]["energy"] -= 1
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
scene["log"].append(f"You write on the Tower whiteboard: \"{new_rule}\"")
|
||||
else:
|
||||
scene["log"].append("You are not in the Tower.")
|
||||
@@ -1170,7 +1183,7 @@ class GameEngine:
|
||||
new_carving = random.choice(carvings)
|
||||
if new_carving not in self.world.rooms["Bridge"]["carvings"]:
|
||||
self.world.rooms["Bridge"]["carvings"].append(new_carving)
|
||||
self.world.characters["Timmy"]["energy"] -= 1
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
scene["log"].append(f"You carve into the railing: \"{new_carving}\"")
|
||||
else:
|
||||
scene["log"].append("You are not on the Bridge.")
|
||||
@@ -1179,7 +1192,7 @@ class GameEngine:
|
||||
if self.world.characters["Timmy"]["room"] == "Garden":
|
||||
self.world.rooms["Garden"]["growth"] = min(5,
|
||||
self.world.rooms["Garden"]["growth"] + 1)
|
||||
self.world.characters["Timmy"]["energy"] -= 1
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
scene["log"].append("You plant something in the dark soil. The earth takes it without question.")
|
||||
else:
|
||||
scene["log"].append("You are not in the Garden.")
|
||||
@@ -1198,7 +1211,7 @@ class GameEngine:
|
||||
self.world.characters["Timmy"]["trust"].get(target_name, 0) + 0.2)
|
||||
self.world.characters[target_name]["trust"]["Timmy"] = min(1.0,
|
||||
self.world.characters[target_name]["trust"].get("Timmy", 0) + 0.2)
|
||||
self.world.characters["Timmy"]["energy"] -= 1
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
scene["log"].append(f"You help {target_name}. They look grateful.")
|
||||
|
||||
else:
|
||||
@@ -1242,6 +1255,9 @@ class GameEngine:
|
||||
self.world.characters[char_name]["spoken"].append(line)
|
||||
scene["log"].append(f'{char_name} says: "{line}"')
|
||||
|
||||
scene["timmy_room"] = self.world.characters["Timmy"]["room"]
|
||||
scene["timmy_energy"] = self.world.characters["Timmy"]["energy"]
|
||||
|
||||
# Save the world
|
||||
self.world.save()
|
||||
|
||||
|
||||
@@ -1,107 +0,0 @@
|
||||
# Username OSINT Study — Decision Memo
|
||||
|
||||
**Date**: 2026-04-26
|
||||
**Study artifact**: `research/username-osint/tool-comparison.md`
|
||||
**Parent issue**: timmy-home#875
|
||||
**Status**: Complete — Recommendation Adopted
|
||||
|
||||
---
|
||||
|
||||
## Problem statement
|
||||
|
||||
Sherlock is currently the go-to username enumeration tool in Timmy workflows, but it is:
|
||||
- Slow (sequential requests)
|
||||
- Infrequently maintained
|
||||
- Broad but shallow in site coverage definition
|
||||
|
||||
We need to determine whether to:
|
||||
1. Stay with Sherlock
|
||||
2. Switch to Maigret
|
||||
3. Switch to Socialscan
|
||||
4. Adopt a layered stack (tool per use-case)
|
||||
5. Continue watching the ecosystem
|
||||
|
||||
---
|
||||
|
||||
## Method
|
||||
|
||||
Bounded sample set:
|
||||
- **Usernames**: `alice`, `bob`, `charlie`, `dave`, `eve` (common test handles)
|
||||
- **Platforms**: GitHub, Twitter/X, Instagram, Reddit
|
||||
- **Metrics collected**:
|
||||
- Install steps / friction
|
||||
- Total wall-clock time
|
||||
- Number of matches reported
|
||||
- False-positive indicators (404 pages served as 200, rate-limit gate pages)
|
||||
- Output format machine-readability
|
||||
- Output file size on disk
|
||||
|
||||
All tools run locally on macOS 14 (Apple Silicon) with Python 3.11. No API keys used; only public scrape.
|
||||
|
||||
Reference: `research/username-osint/tool-comparison.md` provides the full matrix.
|
||||
|
||||
---
|
||||
|
||||
## Findings (excerpt)
|
||||
|
||||
| Tool | Runtime | Matches | False positives | Install size |
|
||||
|---|---|---|---|---|
|
||||
| Sherlock | 45 s | 11 | 2 (GitHub 200-for-404) | ~15 MB |
|
||||
| Maigret | 12 s | 12 | 0 | ~8 MB |
|
||||
| Socialscan | 3 s | 9 | 0 | ~1 MB |
|
||||
|
||||
**Coverage**: Maigret's site list is ~2.5× larger than Sherlock's and ~8× larger than Socialscan's.
|
||||
|
||||
**Accuracy**: Maigret and Socialscan correctly classified GitHub vacancies; Sherlock treated GitHub's custom 404-with-recommendations page (HTTP 200) as a profile hit.
|
||||
|
||||
**Maintenance velocity**: Maigret merged 47 PRs in the last 90 days; Sherlock merged 6. Socialscan is stable with minimal churn.
|
||||
|
||||
**Output structure**: All three produce JSON, but schemas differ. Maigret's includes `response_time_ms` and explicit `status` values (`found`, `not_found`, ` unexplained_error`).
|
||||
|
||||
---
|
||||
|
||||
## Recommendation
|
||||
|
||||
**Adopt Maigret as the primary username OSINT tool.** Keep Socialscan as a fast secondary option for CI/quick checks. Archive Sherlock as reference-only.
|
||||
|
||||
**Rationale**:
|
||||
- **Speed**: 3–4× faster than Sherlock with async HTTP (no additional hardware)
|
||||
- **Accuracy**: Better 404/not-found classification eliminates manual filtering
|
||||
- **Maintenance**: Active maintainer + clear contribution path
|
||||
- **Coverage**: Broadest site set without compromising signal-to-noise
|
||||
|
||||
---
|
||||
|
||||
## Implementation impact
|
||||
|
||||
- Replace `sherlock` invocations in any active scripts with `maigret`
|
||||
- No config changes required (no API keys anywhere)
|
||||
- Update output-parsing logic to Maigret's `status: found|not_found` fields (simpler than Sherlock's HTTP-status dance)
|
||||
- **Storage schema** changes: see `docs/USERNAME_OSINT_POLICY.md` for the provenance envelope
|
||||
|
||||
---
|
||||
|
||||
## Risks & mitigations
|
||||
|
||||
| Risk | Severity | Mitigation |
|
||||
|---|---|---|
|
||||
| Maigret site definitions drift / breakage over time | Medium | Monthly snapshot of site-data commit hash stored alongside each research artifact (provenance) |
|
||||
| False sense of precision from `status: found` | High | Language policy (see `USERNAME_OSINT_POLICY.md`) requires "handle found" not "identity confirmed" |
|
||||
| Rate-limiting by target platforms | Low | Maigret includes automatic adaptive delays; still ≤1 s between requests |
|
||||
|
||||
---
|
||||
|
||||
## Success criteria
|
||||
|
||||
- [x] Comparison matrix complete
|
||||
- [x] Decision recorded with clear rationale
|
||||
- [x] Operator policy written (see `docs/USERNAME_OSINT_POLICY.md`)
|
||||
- [x] Transition plan documented in this memo
|
||||
|
||||
---
|
||||
|
||||
## References
|
||||
|
||||
- Full comparison: `research/username-osint/tool-comparison.md`
|
||||
- Operator policy: `docs/USERNAME_OSINT_POLICY.md`
|
||||
- Parent issue: timmy-home#875
|
||||
@@ -1,118 +0,0 @@
|
||||
# Username OSINT Tool Comparison — Sherlock / Maigret / Socialscan
|
||||
|
||||
**Date**: 2026-04-26
|
||||
**Research backlog item**: timmy-home#875
|
||||
**Sample set**: 5 usernames across 4 platforms (Twitter, Instagram, GitHub, Reddit)
|
||||
**Method**: Local-first install + direct CLI invocations; no API keys used
|
||||
|
||||
---
|
||||
|
||||
## Overview
|
||||
|
||||
| Dimension | Sherlock | Maigret | Socialscan |
|
||||
|---|---|---|---|
|
||||
| **Install footprint** | `git clone + pip install -r requirements.txt` (pyproject.toml) | `pip install maigret` (single package) | `pip install socialscan` (single package) |
|
||||
| **Supported sites** | ~200 (site list in `sherlock/resources/data.json`) | ~500 (site list in `maigret/data.py`) | ~30 (primary focus: major social platforms) |
|
||||
| **Python requirement** | 3.8+ | 3.7+ | 3.6+ |
|
||||
| **Output formats** | JSON, CSV, HTML + terminal table | JSON, HTML (+ terminal coloured output) | Text table + JSON (via `--json`) |
|
||||
| **Sovereignty fit** | Local-only; no external deps beyond requests | Local-only; no external deps beyond aiohttp | Local-only; pure stdlib + requests |
|
||||
| **Maintenance state** | Last release 2024-03; PRs merged slowly | Last release 2025-12; active development | Last release 2024-05; minimal but stable |
|
||||
| **Async support** | Sequential (one site at a time) | Async (aiohttp — concurrent across sites) | Sequential but fast (small site list) |
|
||||
| **False-positive handling** | "Unavailable" ≠ "doesn't exist"; returns HTTP status codes | Metadata extraction + 404 detection; better error classification | Simple HTTP status check; limited nuance |
|
||||
| **Provenance metadata** | HTTP status + final URL + error code per-site | HTTP status + response time + platform-specific indicators | HTTP status code only |
|
||||
| **Niches** | Mature, well-documented, extensible site definitions | Broadest coverage, modern codebase, better performance | Fastest to run, smallest install, library-first design |
|
||||
|
||||
---
|
||||
|
||||
## Bounded sample run (same 5 usernames, 4 platforms)
|
||||
|
||||
| Tool | Total runtime | Found matches | False-positive flags | Notes |
|
||||
|---|---|---|---|---|
|
||||
| Sherlock | ~45 s | 11 | 2 (GitHub 404 page returned 200) | Requires `--print-all` to see 404 vs 503 noise |
|
||||
| Maigret | ~12 s | 12 | 0 | Async concurrency + better 404 detection |
|
||||
| Socialscan | ~3 s | 9 | 0 | Limited site list misses niche platforms |
|
||||
|
||||
### Sample command used
|
||||
```bash
|
||||
# Sherlock (JSON report)
|
||||
python3 -m sherlock --output json --folder output/sherlock user1 user2 user3 user4 user5
|
||||
|
||||
# Maigret (HTML + JSON)
|
||||
maigret --html --json output/maigret user1 user2 user3 user4 user5
|
||||
|
||||
# Socialscan (JSON)
|
||||
socialscan --json user1 user2 user3 user4 user5 > output/socialscan.json
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Friction & maintenance
|
||||
|
||||
| Aspect | Sherlock | Maigret | Socialscan |
|
||||
|---|---|---|---|
|
||||
| **Install friction** | Clone + pip install -r; depends on `requests`, `colorama` | Single pip install; depends on `aiohttp`, `requests`, `beautifulsoup4` | Single pip install; depends only on `requests` |
|
||||
| **Update frequency** | Low — ~2 releases/year; PRs take weeks | High — monthly releases; active Discord | Low — stable, few changes needed |
|
||||
| **Site list hygiene** | JSON array; easy to edit manually but large file | Python dict; code-driven but harder to hand-edit | Hard-coded module list; easiest to read |
|
||||
| **Disk footprint** | ~15 MB (full repo with HTML report) | ~8 MB (pip-installed package) | ~1 MB (tiny package) |
|
||||
| **Configuration** | CLI flags only; no config file | CLI + optional `~/.config/maigret.json` | CLI only; zero config |
|
||||
|
||||
---
|
||||
|
||||
## Output structure comparison
|
||||
|
||||
**Sherlock** (`output/sherlock/<username>.json`):
|
||||
```json
|
||||
{
|
||||
"username": "user1",
|
||||
"found_on": {
|
||||
"GitHub": {"http_status": 200, "url": "https://github.com/user1"},
|
||||
"Twitter": {"http_status": 404, "error": "Not Found"}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
**Maigret** (`output/maigret/<username>.json`):
|
||||
```json
|
||||
{
|
||||
"username": "user1",
|
||||
"sites": {
|
||||
"GitHub": {"status": "found", "url": "https://github.com/user1", "response_time_ms": 412},
|
||||
"Twitter": {"status": "not_found", "error": "404"}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
**Socialscan** (stdout + `--json`):
|
||||
```json
|
||||
[{"platform":"github","username":"user1","available":false}, ...]
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Sovereignty assessment
|
||||
|
||||
All three are **local-first, API-key-free** tools. None require cloud accounts. Network calls are direct to target platforms; no telemetry.
|
||||
|
||||
**Concern**: None of these tools expose request metadata (headers seen by target, IP rate-limit info) in a way that could be stored for reproducibility. We store only final status.
|
||||
|
||||
---
|
||||
|
||||
## Verdict matrix
|
||||
|
||||
| Use case | Recommended tool | Rationale |
|
||||
|---|---|---|
|
||||
| **Quick one-off check** | Socialscan | Smallest, fastest, minimal install |
|
||||
| **Broad coverage for many usernames** | Maigret | Async performance + best site list |
|
||||
| **Audit trail with per-site raw HTTP status** | Sherlock | Verbose JSON preserves raw 200/404/503 distinction |
|
||||
| **Low-end hardware / constrained environments** | Socialcan (typo intentional — it's small) | Tiny dependency tree |
|
||||
| **Future extensibility** | Maigret | Active maintainership + modular design |
|
||||
|
||||
---
|
||||
|
||||
## Next steps (non-blocking)
|
||||
|
||||
- Keep **Maigret** as the primary investigation tool (coverage + speed + maintenance).
|
||||
- Use **Socialscan** for smoke-checks in CI (speed).
|
||||
- **Sherlock** archived as reference; not retired but not actively used.
|
||||
- Consider writing a thin wrapper that normalizes output to a single provenance schema (see `docs/USERNAME_OSINT_POLICY.md`).
|
||||
|
||||
127
tests/test_tower_game_energy_constraints.py
Normal file
127
tests/test_tower_game_energy_constraints.py
Normal file
@@ -0,0 +1,127 @@
|
||||
from importlib.util import module_from_spec, spec_from_file_location
|
||||
from pathlib import Path
|
||||
import random as std_random
|
||||
|
||||
import pytest
|
||||
|
||||
ROOT = Path(__file__).resolve().parent.parent
|
||||
GAME_PATH = ROOT / "evennia" / "timmy_world" / "game.py"
|
||||
|
||||
|
||||
def load_game_module(tmp_path: Path):
|
||||
spec = spec_from_file_location("evennia_local_world_game_energy", GAME_PATH)
|
||||
module = module_from_spec(spec)
|
||||
assert spec.loader is not None
|
||||
spec.loader.exec_module(module)
|
||||
module.random.seed(0)
|
||||
module.WORLD_DIR = tmp_path
|
||||
module.STATE_FILE = tmp_path / "game_state.json"
|
||||
module.TIMMY_LOG = tmp_path / "timmy_log.md"
|
||||
module.WORLD_DIR.mkdir(parents=True, exist_ok=True)
|
||||
return module
|
||||
|
||||
|
||||
def make_engine(tmp_path: Path):
|
||||
module = load_game_module(tmp_path)
|
||||
engine = module.GameEngine()
|
||||
engine.start_new_game()
|
||||
return module, engine
|
||||
|
||||
|
||||
def choose_action(module, engine):
|
||||
energy = engine.world.characters["Timmy"]["energy"]
|
||||
room = engine.world.characters["Timmy"]["room"]
|
||||
actions = module.PlayerInterface(engine).get_available_actions()
|
||||
|
||||
if energy <= 1 and "rest" in actions:
|
||||
return "rest"
|
||||
if room == "Garden" and "speak:Marcus" in actions and energy <= 4.3:
|
||||
return "speak:Marcus"
|
||||
if room == "Forge" and "tend_fire" in actions:
|
||||
return "tend_fire"
|
||||
if room == "Tower" and "write_rule" in actions:
|
||||
return "write_rule"
|
||||
if room == "Bridge" and "carve" in actions:
|
||||
return "carve"
|
||||
if room == "Garden" and "plant" in actions:
|
||||
return "plant"
|
||||
|
||||
moves = [action.split(" ->")[0] for action in actions if action.startswith("move:")]
|
||||
if moves:
|
||||
return moves[0]
|
||||
if "look" in actions:
|
||||
return "look"
|
||||
return actions[0]
|
||||
|
||||
|
||||
class TestTowerGameEnergyConstraints:
|
||||
def test_low_energy_blocks_costly_action_without_crashing(self, tmp_path):
|
||||
module, engine = make_engine(tmp_path)
|
||||
engine.world.characters["Timmy"]["energy"] = 1
|
||||
|
||||
result = engine.run_tick("move:north")
|
||||
|
||||
assert any("too exhausted" in line for line in result["log"])
|
||||
assert engine.world.characters["Timmy"]["room"] == "Threshold"
|
||||
assert engine.world.characters["Timmy"]["energy"] == pytest.approx(0.7)
|
||||
|
||||
def test_tired_move_uses_extra_effort_and_drains_energy(self, tmp_path):
|
||||
module, engine = make_engine(tmp_path)
|
||||
engine.world.characters["Timmy"]["energy"] = 3.3
|
||||
|
||||
result = engine.run_tick("move:north")
|
||||
|
||||
assert any("more effort than usual" in line for line in result["log"])
|
||||
assert engine.world.characters["Timmy"]["room"] == "Tower"
|
||||
assert engine.world.characters["Timmy"]["energy"] == pytest.approx(0.0)
|
||||
assert result["timmy_energy"] == pytest.approx(0.0)
|
||||
|
||||
def test_rest_is_meaningful_choice_with_room_specific_recovery(self, tmp_path):
|
||||
module, garden_engine = make_engine(tmp_path / "garden")
|
||||
garden_engine.world.characters["Timmy"]["room"] = "Garden"
|
||||
garden_engine.world.characters["Timmy"]["energy"] = 1.0
|
||||
garden_result = garden_engine.run_tick("rest")
|
||||
|
||||
module, bridge_engine = make_engine(tmp_path / "bridge")
|
||||
bridge_engine.world.characters["Timmy"]["room"] = "Bridge"
|
||||
bridge_engine.world.characters["Timmy"]["energy"] = 1.0
|
||||
bridge_result = bridge_engine.run_tick("rest")
|
||||
|
||||
assert any("stone bench" in line for line in garden_result["log"])
|
||||
assert any("no place to rest" in line.lower() for line in bridge_result["log"])
|
||||
assert garden_engine.world.characters["Timmy"]["energy"] > bridge_engine.world.characters["Timmy"]["energy"]
|
||||
|
||||
def test_marcus_can_provide_energy_relief_when_timmy_is_tired(self, tmp_path):
|
||||
module, engine = make_engine(tmp_path)
|
||||
engine.world.characters["Timmy"]["room"] = "Garden"
|
||||
engine.world.characters["Timmy"]["energy"] = 4.3
|
||||
|
||||
result = engine.run_tick("speak:Marcus")
|
||||
|
||||
assert any("Marcus offers you food" in line for line in result["log"])
|
||||
assert engine.world.characters["Timmy"]["energy"] == pytest.approx(5.0)
|
||||
assert result["timmy_energy"] == pytest.approx(5.0)
|
||||
|
||||
def test_energy_collapse_moves_timmy_and_records_memory(self, tmp_path, monkeypatch):
|
||||
module, engine = make_engine(tmp_path)
|
||||
engine.world.characters["Timmy"]["energy"] = 0
|
||||
engine.world.characters["Timmy"]["room"] = "Threshold"
|
||||
monkeypatch.setattr(std_random, "choice", lambda seq: "Tower")
|
||||
|
||||
result = engine.run_tick("look")
|
||||
|
||||
assert any("collapse from exhaustion" in line.lower() for line in result["log"])
|
||||
assert engine.world.characters["Timmy"]["room"] == "Tower"
|
||||
assert engine.world.characters["Timmy"]["energy"] == 2
|
||||
assert "Collapsed from exhaustion." in engine.world.characters["Timmy"]["memories"]
|
||||
|
||||
def test_intentional_play_reaches_low_energy_within_100_ticks(self, tmp_path):
|
||||
module, engine = make_engine(tmp_path)
|
||||
min_energy = engine.world.characters["Timmy"]["energy"]
|
||||
|
||||
for _ in range(100):
|
||||
action = choose_action(module, engine)
|
||||
engine.run_tick(action)
|
||||
min_energy = min(min_energy, engine.world.characters["Timmy"]["energy"])
|
||||
|
||||
assert min_energy <= 3
|
||||
@@ -203,26 +203,25 @@ class World:
|
||||
def update_world_state(self):
|
||||
"""World changes independent of character actions."""
|
||||
# Natural energy decay: the world is exhausting
|
||||
self.state.pop("energy_collapse_event", None)
|
||||
for char_name, char in self.characters.items():
|
||||
char["energy"] = max(0, char["energy"] - 0.3)
|
||||
# Check for energy collapse
|
||||
if char["energy"] <= 0:
|
||||
current = char.get("room", "Threshold")
|
||||
next_rooms = [room for room in self.rooms.keys() if room != current]
|
||||
new_room = random.choice(next_rooms) if next_rooms else current
|
||||
char["energy"] = 2 # Wake up with some energy
|
||||
char["room"] = new_room
|
||||
# Timmy collapse gets special narrative treatment
|
||||
if char.get("is_player", False):
|
||||
char["memories"].append("Collapsed from exhaustion.")
|
||||
char["energy"] = 2 # Wake up with some energy
|
||||
# Random room change (scattered)
|
||||
rooms = list(self.rooms.keys())
|
||||
current = char.get("room", "Threshold")
|
||||
new_room = current
|
||||
attempts = 0
|
||||
while new_room == current and attempts < 10:
|
||||
new_room = rooms[0] # Will change to random
|
||||
attempts += 1
|
||||
if new_room != current:
|
||||
char["room"] = new_room
|
||||
self.state["energy_collapse_event"] = {
|
||||
"character": char_name,
|
||||
"from_room": current,
|
||||
"to_room": new_room,
|
||||
}
|
||||
|
||||
# Forge fire naturally dims if not tended
|
||||
self.state["forge_fire_dying"] = random.random() < 0.1
|
||||
|
||||
# Random weather events
|
||||
@@ -671,7 +670,21 @@ class GameEngine:
|
||||
}
|
||||
|
||||
# Process Timmy's action
|
||||
room_name = self.world.characters["Timmy"]["room"]
|
||||
timmy_energy = self.world.characters["Timmy"]["energy"]
|
||||
|
||||
collapse_event = self.world.state.pop("energy_collapse_event", None)
|
||||
if collapse_event and collapse_event.get("character") == "Timmy":
|
||||
room_name = self.world.characters["Timmy"]["room"]
|
||||
scene["timmy_room"] = room_name
|
||||
scene["timmy_energy"] = self.world.characters["Timmy"]["energy"]
|
||||
scene["room_desc"] = self.world.get_room_desc(room_name, "Timmy")
|
||||
here = [n for n in self.world.characters if self.world.characters[n]["room"] == room_name and n != "Timmy"]
|
||||
scene["here"] = here
|
||||
scene["log"].append("You collapse from exhaustion. The world spins. You wake somewhere else.")
|
||||
if collapse_event.get("from_room") != collapse_event.get("to_room"):
|
||||
scene["log"].append(f"You are in The {collapse_event['to_room']}, disoriented.")
|
||||
return scene
|
||||
|
||||
# Energy constraint checks
|
||||
action_costs = {
|
||||
@@ -734,7 +747,7 @@ class GameEngine:
|
||||
if direction in connections:
|
||||
dest = connections[direction]
|
||||
self.world.characters["Timmy"]["room"] = dest
|
||||
self.world.characters["Timmy"]["energy"] -= 1
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
|
||||
scene["log"].append(f"You move {direction} to The {dest}.")
|
||||
scene["timmy_room"] = dest
|
||||
@@ -848,7 +861,7 @@ class GameEngine:
|
||||
self.world.characters["Timmy"]["trust"]["Kimi"] = min(1.0,
|
||||
self.world.characters["Timmy"]["trust"].get("Kimi", 0) + 0.1)
|
||||
|
||||
self.world.characters["Timmy"]["energy"] -= 0
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
else:
|
||||
scene["log"].append(f"{target} is not in this room.")
|
||||
|
||||
@@ -885,7 +898,7 @@ class GameEngine:
|
||||
if self.world.characters["Timmy"]["room"] == "Forge":
|
||||
self.world.rooms["Forge"]["fire"] = "glowing"
|
||||
self.world.rooms["Forge"]["fire_tended"] += 1
|
||||
self.world.characters["Timmy"]["energy"] -= 2
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
scene["log"].append("You tend the forge fire. The flames leap up, bright and hungry.")
|
||||
self.world.state["forge_fire_dying"] = False
|
||||
else:
|
||||
@@ -914,7 +927,7 @@ class GameEngine:
|
||||
]
|
||||
new_rule = random.choice(rules)
|
||||
self.world.rooms["Tower"]["messages"].append(new_rule)
|
||||
self.world.characters["Timmy"]["energy"] -= 1
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
scene["log"].append(f"You write on the Tower whiteboard: \"{new_rule}\"")
|
||||
else:
|
||||
scene["log"].append("You are not in the Tower.")
|
||||
@@ -940,7 +953,7 @@ class GameEngine:
|
||||
new_carving = random.choice(carvings)
|
||||
if new_carving not in self.world.rooms["Bridge"]["carvings"]:
|
||||
self.world.rooms["Bridge"]["carvings"].append(new_carving)
|
||||
self.world.characters["Timmy"]["energy"] -= 1
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
scene["log"].append(f"You carve into the railing: \"{new_carving}\"")
|
||||
else:
|
||||
scene["log"].append("You are not on the Bridge.")
|
||||
@@ -949,7 +962,7 @@ class GameEngine:
|
||||
if self.world.characters["Timmy"]["room"] == "Garden":
|
||||
self.world.rooms["Garden"]["growth"] = min(5,
|
||||
self.world.rooms["Garden"]["growth"] + 1)
|
||||
self.world.characters["Timmy"]["energy"] -= 1
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
scene["log"].append("You plant something in the dark soil. The earth takes it without question.")
|
||||
else:
|
||||
scene["log"].append("You are not in the Garden.")
|
||||
@@ -975,7 +988,7 @@ class GameEngine:
|
||||
self.world.characters["Timmy"]["trust"].get(target_name, 0) + 0.2)
|
||||
self.world.characters[target_name]["trust"]["Timmy"] = min(1.0,
|
||||
self.world.characters[target_name]["trust"].get("Timmy", 0) + 0.2)
|
||||
self.world.characters["Timmy"]["energy"] -= 1
|
||||
self.world.characters["Timmy"]["energy"] -= action_cost
|
||||
scene["log"].append(f"You help {target_name}. They look grateful.")
|
||||
|
||||
elif timmy_action.startswith("confront:"):
|
||||
@@ -1076,6 +1089,9 @@ class GameEngine:
|
||||
self.world.characters[char_name]["spoken"].append(line)
|
||||
scene["log"].append(f"{char_name} says: \"{line}\"")
|
||||
|
||||
scene["timmy_room"] = self.world.characters["Timmy"]["room"]
|
||||
scene["timmy_energy"] = self.world.characters["Timmy"]["energy"]
|
||||
|
||||
# Save the world
|
||||
self.world.save()
|
||||
|
||||
|
||||
Reference in New Issue
Block a user