ilia/atlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
atlas/docs/SAFETY_CONSTRAINTS.md
ilia f7dce46ac9 # Complete Foundational Tickets: Repository Structure, Privacy Policy, and Safety Constraints (#1) 
# Complete Foundational Tickets: Repository Structure, Privacy Policy, and Safety Constraints

## Summary

This PR completes the foundational planning tickets (TICKET-002, TICKET-003, TICKET-004) by:
1. Defining the repository structure with detailed documentation
2. Establishing a comprehensive privacy policy
3. Documenting safety constraints and boundaries for work/family agent separation

## Related Tickets

-  TICKET-002: Define repository structure
-  TICKET-003: Privacy and safety constraints
-  TICKET-004: High-level architecture

All tickets have been moved from `backlog/` to `review/` to mark completion.

## Changes

### 1. Enhanced ARCHITECTURE.md

**Repository Structure Section:**
- Added detailed descriptions for `home-voice-agent` mono-repo structure
- Documented `family-agent-config` configuration repository
- Added inline comments explaining each directory's purpose
- Added `infrastructure/` directory for deployment scripts, Dockerfiles, and IaC
- Clarified separation of concerns between mono-repo and config repo

**Documentation References:**
- Added links to new privacy policy and safety constraints documents in the "Getting Started" section

### 2. New Documentation: PRIVACY_POLICY.md

Establishes the core privacy principles for the Atlas project:

- **Local Processing**: All ASR/LLM processing done locally, no external data transmission
- **External API Exceptions**: Explicitly documents approved external APIs (currently only weather API)
- **Data Retention**: Configurable conversation history retention (default 30 days)
- **Data Access**: Local network only with authentication requirements

### 3. New Documentation: SAFETY_CONSTRAINTS.md

Defines safety boundaries and constraints:

- **Strict Separation**: Work and family agents must remain completely isolated
- **Forbidden Actions**: Family agent cannot access work files, execute shell commands, or install packages
- **Path Whitelists**: Tools restricted to explicitly whitelisted directories
- **Network Access**: Local network by default, external access only for approved tools
- **Confirmation Flows**: High-risk actions require user confirmation
- **Work Agent Constraints**: Work agent also restricted from accessing family data

## Impact

This PR establishes the foundational documentation that will guide all future development:

- **Privacy-first approach**: Clear policy ensures all development respects user privacy
- **Safety boundaries**: Explicit constraints prevent accidental data leakage between work/family contexts
- **Architecture clarity**: Detailed repository structure provides roadmap for implementation

## Testing

- [x] Documentation reviewed for clarity and completeness
- [x] All ticket requirements met
- [x] Cross-references between documents verified

## Next Steps

With foundational tickets complete, development can proceed on:
- Voice I/O track (wake-word, ASR, TTS)
- LLM Infrastructure track (model selection, server setup)
- Tools/MCP track (MCP foundation, tool implementations)
- Clients/UI track (Phone PWA, web dashboard)
- Safety/Memory track (boundary enforcement, memory implementation)

---

**Commit Message**: My to-do list is clear. I've finished the foundational tickets per the guide. I'm ready for what's next and will notify the user.

Reviewed-on: #1
2026-01-05 20:24:58 -05:00

2.4 KiB
Raw Blame History

Safety Constraints

This document defines the safety constraints and boundaries for the Atlas home voice agent, particularly concerning the separation between the "work" and "family" agents.

Guiding Principle: Strict Separation

The system is designed to enforce a strict separation between the work agent and the family agent. The family agent should never be able to access, modify, or interfere with any work-related data, files, or applications.

Forbidden Actions for the Family Agent

The following actions are strictly forbidden for the family agent and its tools:

  • Accessing Work Files: The family agent cannot read, write, or list files in any directory related to the work agent or any other work-related project.
  • Accessing Work Services: The family agent cannot make requests to any local or remote services that are designated for work use.
  • Executing Shell Commands: The family agent and its tools are not allowed to execute arbitrary shell commands.
  • Installing Packages: The family agent cannot install software or packages.

Tool and File System Access

Path Whitelists

  • Tools are only allowed to access files and directories that are explicitly on their whitelist.
  • The family-agent-config repository is the primary location for the family agent's configuration and data.
  • The home tasks tool, for example, is only allowed to access the family-agent-config/tasks/home/ directory.

Network Access

  • Local Network: By default, tools are only allowed to access services on the local network.
  • External Network: Access to the external internet is blocked by default and only allowed for specific, approved tools (see PRIVACY_POLICY.md).

Confirmation Flows

Certain actions, even when allowed, require explicit user confirmation. These include, but are not limited to:

  • Sending Emails or Messages: Any action that sends a communication to another person.
  • Making Purchases: Any action that involves financial transactions.
  • Modifying System Settings: Any action that changes the configuration of the agent or the system it runs on.

Work Agent Constraints

While the work agent has more permissions, it is also subject to constraints:

  • No Access to Family Data: The work agent is not allowed to access the family-agent-config repository or any family-related data.
  • Approval for Sensitive Actions: The work agent also requires user confirmation for high-risk actions.