ilia/atlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
atlas/home-voice-agent/safety/boundaries/README.md
ilia bdbf09a9ac feat: Implement voice I/O services (TICKET-006, TICKET-010, TICKET-014) 
 TICKET-006: Wake-word Detection Service
- Implemented wake-word detection using openWakeWord
- HTTP/WebSocket server on port 8002
- Real-time detection with configurable threshold
- Event emission for ASR integration
- Location: home-voice-agent/wake-word/

 TICKET-010: ASR Service
- Implemented ASR using faster-whisper
- HTTP endpoint for file transcription
- WebSocket endpoint for streaming transcription
- Support for multiple audio formats
- Auto language detection
- GPU acceleration support
- Location: home-voice-agent/asr/

 TICKET-014: TTS Service
- Implemented TTS using Piper
- HTTP endpoint for text-to-speech synthesis
- Low-latency processing (< 500ms)
- Multiple voice support
- WAV audio output
- Location: home-voice-agent/tts/

 TICKET-047: Updated Hardware Purchases
- Marked Pi5 kit, SSD, microphone, and speakers as purchased
- Updated progress log with purchase status

📚 Documentation:
- Added VOICE_SERVICES_README.md with complete testing guide
- Each service includes README.md with usage instructions
- All services ready for Pi5 deployment

🧪 Testing:
- Created test files for each service
- All imports validated
- FastAPI apps created successfully
- Code passes syntax validation

🚀 Ready for:
- Pi5 deployment
- End-to-end voice flow testing
- Integration with MCP server

Files Added:
- wake-word/detector.py
- wake-word/server.py
- wake-word/requirements.txt
- wake-word/README.md
- wake-word/test_detector.py
- asr/service.py
- asr/server.py
- asr/requirements.txt
- asr/README.md
- asr/test_service.py
- tts/service.py
- tts/server.py
- tts/requirements.txt
- tts/README.md
- tts/test_service.py
- VOICE_SERVICES_README.md

Files Modified:
- tickets/done/TICKET-047_hardware-purchases.md

Files Moved:
- tickets/backlog/TICKET-006_prototype-wake-word-node.md → tickets/done/
- tickets/backlog/TICKET-010_streaming-asr-service.md → tickets/done/
- tickets/backlog/TICKET-014_tts-service.md → tickets/done/
2026-01-12 22:22:38 -05:00

130 lines
2.9 KiB
Markdown
Raw Blame History

# Boundary Enforcement
Enforces strict separation between work and family agents to ensure privacy and safety.
## Features
- **Path Whitelisting**: Restricts file system access to allowed directories
- **Tool Access Control**: Limits which tools each agent can use
- **Network Separation**: Controls network access
- **Config Validation**: Ensures config files don't mix work/family data
## Usage
```python
from safety.boundaries.policy import get_enforcer
enforcer = get_enforcer()
# Check path access
allowed, reason = enforcer.check_path_access(
agent_type="family",
path=Path("/home/beast/Code/atlas/home-voice-agent/data/tasks/home")
)
if not allowed:
raise PermissionError(reason)
# Check tool access
allowed, reason = enforcer.check_tool_access(
agent_type="family",
tool_name="add_task"
)
if not allowed:
raise PermissionError(reason)
# Check network access
allowed, reason = enforcer.check_network_access(
agent_type="family",
target="10.0.30.63"
)
if not allowed:
raise PermissionError(reason)
```
## Policies
### Family Agent Policy
**Allowed Paths**:
- `data/tasks/home/` - Home task Kanban
- `data/notes/home/` - Family notes
- `data/conversations.db` - Conversation history
- `data/timers.db` - Timers and reminders
**Forbidden Paths**:
- Work repositories
- Work-specific data directories
**Allowed Tools**:
- All home management tools (time, weather, timers, tasks, notes)
- No work-specific tools
**Network Access**:
- Localhost only (by default)
- Can be configured for specific networks
### Work Agent Policy
**Allowed Paths**:
- All family paths (read-only)
- Work-specific data directories
**Forbidden Paths**:
- Family notes (should not modify)
**Network Access**:
- Broader access including GPU VM
## Integration
### In MCP Tools
Tools should check boundaries before executing:
```python
from safety.boundaries.policy import get_enforcer
enforcer = get_enforcer()
def execute(self, agent_type: str, **kwargs):
# Check tool access
allowed, reason = enforcer.check_tool_access(agent_type, self.name)
if not allowed:
raise PermissionError(reason)
# Check path access if applicable
if "path" in kwargs:
allowed, reason = enforcer.check_path_access(agent_type, Path(kwargs["path"]))
if not allowed:
raise PermissionError(reason)
# Execute tool...
```
### In Router
The router can enforce network boundaries:
```python
from safety.boundaries.policy import get_enforcer
enforcer = get_enforcer()
# Before routing, check network access
allowed, reason = enforcer.check_network_access(agent_type, target_url)
```
## Static Policy Checks
For CI/CD, create a script that validates:
- Config files don't mix work/family paths
- Code doesn't grant cross-access
- Path whitelists are properly enforced
## Future Enhancements
- Container/namespace isolation
- Firewall rule generation
- Runtime monitoring and alerting
- Audit logging for boundary violations
Reference in New Issue View Git Blame Copy Permalink