Timmy_Foundation/timmy-home
15
0
Fork 0
Code Issues 221 Pull Requests Actions Packages Projects Releases Wiki Activity

security: Add author whitelist for task router (Issue #132) #142

Merged
Rockachopa merged 14 commits from security/author-whitelist-132 into main 2026-03-31 04:34:28 +00:00
Conversation 1 Commits 14 Files Changed 35 +11540

14 Commits

Author SHA1 Message Date
Allegro
384fad6d5f security: Add author whitelist for task router (Issue #132) 
Implements security fix for issue #132 - Task router author whitelist

Changes:
- Add author_whitelist.py module with whitelist validation
- Integrate whitelist checks into task_router_daemon.py
- Add author_whitelist config option to config.yaml
- Add comprehensive tests for whitelist validation

Security features:
- Validates task authors against authorized whitelist
- Logs all authorization attempts (success and failure)
- Secure by default: empty whitelist denies all
- Configurable via environment variable or config file
- Prevents unauthorized command execution from untrusted Gitea users
 2026-03-31 03:53:37 +00:00
Allegro
00d887c4fc [REPORT] Local Timmy deployment report — #103 #85 #83 #84 #87 complete 2026-03-30 16:57:51 +00:00
Allegro
3301c1e362 [DOCS] Local Timmy README with complete usage guide 2026-03-30 16:56:57 +00:00
Allegro
788879b0cb [#85 #87] Prompt cache warming + knowledge ingestion pipeline for local Timmy 2026-03-30 16:56:15 +00:00
Allegro
748e8adb5e [#83 #84] Evennia world shell + tool bridge — Workshop, Library, Observatory, Forge, Dispatch rooms with full command set 2026-03-30 16:54:30 +00:00
Allegro
ac6cc67e49 [#103] Multi-tier caching layer for local Timmy — KV, Response, Tool, Embedding, Template, HTTP caches 2026-03-30 16:52:53 +00:00
Allegro
b0bb8a7c7d [DOCS] Allegro tempo-and-dispatch report — final pass complete 2026-03-30 16:47:12 +00:00
Allegro
c134081f3b [#94] Add quick reference and deployment checklist for production 2026-03-30 16:46:35 +00:00
Allegro
0d8926bb63 [#94] Add operations dashboard and setup script for Uni-Wizard v4 2026-03-30 16:45:35 +00:00
Allegro
11bda08ffa Add PR description for Uni-Wizard v4 2026-03-30 16:44:29 +00:00
Allegro
be6f7ef698 [FINAL] Uni-Wizard v4 Complete — Four-Pass Architecture Summary 2026-03-30 16:41:28 +00:00
Allegro
bdb8a69536 [DOCS] Allegro Lane v4 — Narrowed Definition 
Explicit definition of Allegro narrowed lane:

**Primary (80%):**
- Gitea Bridge (40%): Poll issues, create PRs, comment on status
- Hermes Bridge (40%): Cloud model access, telemetry streaming to Timmy

**Secondary (20%):**
- Redundancy/Failover (10%): Health checks, VPS takeover, Syncthing mesh
- Uni-Wizard Operations (10%): Service monitoring, restart on failure

**Explicitly NOT:**
- Make sovereign decisions (Timmy decides)
- Authenticate as Timmy (identity remains local)
- Store long-term memory (forward to Timmy)
- Work without connectivity (value is cloud bridge)

**Success Metrics:**
- Issue triage: < 5 min
- PR creation: < 2 min
- Telemetry lag: < 100ms
- Uptime: 99.9%
- Failover: < 30s

Allegro provides connectivity, redundancy, and dispatch.
Timmy retains sovereignty, decision-making, and memory.
 2026-03-30 16:40:35 +00:00
Allegro
31026ddcc1 [#76-v4] Final Uni-Wizard Architecture — Production Integration 
Complete four-pass evolution to production-ready architecture:

**Pass 1 → Foundation:**
- Tool registry, basic harness, 19 tools
- VPS provisioning, Syncthing mesh
- Health daemon, systemd services

**Pass 2 → Three-House Canon:**
- Timmy (Sovereign), Ezra (Archivist), Bezalel (Artificer)
- Provenance tracking, artifact-flow discipline
- House-aware policy enforcement

**Pass 3 → Self-Improvement:**
- Pattern database with SQLite backend
- Adaptive policies (auto-adjust thresholds)
- Predictive execution (success prediction)
- Hermes bridge for shortest-loop telemetry
- Learning velocity tracking

**Pass 4 → Production Integration:**
- Unified API: `from uni_wizard import Harness, House, Mode`
- Three modes: SIMPLE / INTELLIGENT / SOVEREIGN
- Circuit breaker pattern for fault tolerance
- Async/concurrent execution support
- Production hardening (timeouts, retries)

**Allegro Lane Definition:**
- Narrowed to: Gitea integration, Hermes bridge, redundancy/failover
- Provides: Cloud connectivity, telemetry streaming, issue routing
- Does NOT: Make sovereign decisions, authenticate as Timmy

**Files:**
- v3/: Intelligence engine, adaptive harness, Hermes bridge
- v4/: Unified API, production harness, final architecture

Total: ~25KB architecture documentation + production code
 2026-03-30 16:39:42 +00:00
Allegro
fb9243153b [#76-v2] Uni-Wizard v2 — Three-House Architecture with Ezra, Bezalel, and Timmy Integration 
Complete second-pass refinement integrating all wizard house contributions:

**Three-House Architecture:**
- Ezra (Archivist): Read-before-write, evidence over vibes, citation discipline
- Bezalel (Artificer): Build-from-plans, proof over speculation, test discipline
- Timmy (Sovereign): Final judgment, telemetry, sovereignty preservation

**Core Components:**
- harness.py: House-aware execution with policy enforcement
- router.py: Intelligent task routing to appropriate house
- task_router_daemon.py: Full three-house Gitea workflow
- tests/test_v2.py: Comprehensive test suite

**Key Features:**
- Provenance tracking with content hashing
- House-specific policy enforcement
- Sovereignty telemetry logging
- Cross-house workflow orchestration
- Evidence-level tracking per execution

Honors canon from specs/timmy-ezra-bezalel-canon-sheet.md:
- Distinct house identities
- No authority blending
- Artifact-flow unidirectional
- Full provenance and telemetry
 2026-03-30 15:59:47 +00:00