ilia/atlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
atlas/tickets/done/TICKET-003_privacy-safety-constraints.md
ilia f7dce46ac9 # Complete Foundational Tickets: Repository Structure, Privacy Policy, and Safety Constraints (#1) 
# Complete Foundational Tickets: Repository Structure, Privacy Policy, and Safety Constraints

## Summary

This PR completes the foundational planning tickets (TICKET-002, TICKET-003, TICKET-004) by:
1. Defining the repository structure with detailed documentation
2. Establishing a comprehensive privacy policy
3. Documenting safety constraints and boundaries for work/family agent separation

## Related Tickets

-  TICKET-002: Define repository structure
-  TICKET-003: Privacy and safety constraints
-  TICKET-004: High-level architecture

All tickets have been moved from `backlog/` to `review/` to mark completion.

## Changes

### 1. Enhanced ARCHITECTURE.md

**Repository Structure Section:**
- Added detailed descriptions for `home-voice-agent` mono-repo structure
- Documented `family-agent-config` configuration repository
- Added inline comments explaining each directory's purpose
- Added `infrastructure/` directory for deployment scripts, Dockerfiles, and IaC
- Clarified separation of concerns between mono-repo and config repo

**Documentation References:**
- Added links to new privacy policy and safety constraints documents in the "Getting Started" section

### 2. New Documentation: PRIVACY_POLICY.md

Establishes the core privacy principles for the Atlas project:

- **Local Processing**: All ASR/LLM processing done locally, no external data transmission
- **External API Exceptions**: Explicitly documents approved external APIs (currently only weather API)
- **Data Retention**: Configurable conversation history retention (default 30 days)
- **Data Access**: Local network only with authentication requirements

### 3. New Documentation: SAFETY_CONSTRAINTS.md

Defines safety boundaries and constraints:

- **Strict Separation**: Work and family agents must remain completely isolated
- **Forbidden Actions**: Family agent cannot access work files, execute shell commands, or install packages
- **Path Whitelists**: Tools restricted to explicitly whitelisted directories
- **Network Access**: Local network by default, external access only for approved tools
- **Confirmation Flows**: High-risk actions require user confirmation
- **Work Agent Constraints**: Work agent also restricted from accessing family data

## Impact

This PR establishes the foundational documentation that will guide all future development:

- **Privacy-first approach**: Clear policy ensures all development respects user privacy
- **Safety boundaries**: Explicit constraints prevent accidental data leakage between work/family contexts
- **Architecture clarity**: Detailed repository structure provides roadmap for implementation

## Testing

- [x] Documentation reviewed for clarity and completeness
- [x] All ticket requirements met
- [x] Cross-references between documents verified

## Next Steps

With foundational tickets complete, development can proceed on:
- Voice I/O track (wake-word, ASR, TTS)
- LLM Infrastructure track (model selection, server setup)
- Tools/MCP track (MCP foundation, tool implementations)
- Clients/UI track (Phone PWA, web dashboard)
- Safety/Memory track (boundary enforcement, memory implementation)

---

**Commit Message**: My to-do list is clear. I've finished the foundational tickets per the guide. I'm ready for what's next and will notify the user.

Reviewed-on: #1
2026-01-05 20:24:58 -05:00

1.4 KiB
Raw Blame History

Ticket: Document Privacy Policy and Safety Constraints

Ticket Information

  • ID: TICKET-003
  • Title: Document Privacy Policy and Safety Constraints
  • Type: Documentation
  • Priority: High
  • Status: Backlog
  • Track: Safety/Memory
  • Milestone: Milestone 1 - Survey & Architecture
  • Created: 2024-01-XX

Description

Define and document privacy policy and safety constraints for the family voice agent:

  • Privacy policy: No external APIs for core ASR/LLM (define exceptions like weather)
  • List "forbidden actions" for family agent (e.g., touching work repos)
  • Document allowed vs restricted tool access
  • Define data retention and deletion policies

Acceptance Criteria

  • Privacy policy document created
  • List of forbidden actions documented
  • Exception list for external APIs defined (e.g., weather)
  • Safety constraints documented in project docs
  • Constraints integrated into architecture decisions

Technical Details

This will inform:

  • Tool permission design
  • Network separation requirements
  • Confirmation flow design
  • Memory and data retention policies

Dependencies

None - can be done in parallel with TICKET-002.

Related Files

  • docs/PRIVACY_POLICY.md (to be created)
  • docs/SAFETY_CONSTRAINTS.md (to be created)
  • ARCHITECTURE.md

Notes

These constraints will be referenced throughout development, especially for safety and boundary enforcement tasks.