ilia
f7dce46ac9
# Complete Foundational Tickets: Repository Structure, Privacy Policy, and Safety Constraints ## Summary This PR completes the foundational planning tickets (TICKET-002, TICKET-003, TICKET-004) by: 1. Defining the repository structure with detailed documentation 2. Establishing a comprehensive privacy policy 3. Documenting safety constraints and boundaries for work/family agent separation ## Related Tickets - ✅ TICKET-002: Define repository structure - ✅ TICKET-003: Privacy and safety constraints - ✅ TICKET-004: High-level architecture All tickets have been moved from `backlog/` to `review/` to mark completion. ## Changes ### 1. Enhanced ARCHITECTURE.md **Repository Structure Section:** - Added detailed descriptions for `home-voice-agent` mono-repo structure - Documented `family-agent-config` configuration repository - Added inline comments explaining each directory's purpose - Added `infrastructure/` directory for deployment scripts, Dockerfiles, and IaC - Clarified separation of concerns between mono-repo and config repo **Documentation References:** - Added links to new privacy policy and safety constraints documents in the "Getting Started" section ### 2. New Documentation: PRIVACY_POLICY.md Establishes the core privacy principles for the Atlas project: - **Local Processing**: All ASR/LLM processing done locally, no external data transmission - **External API Exceptions**: Explicitly documents approved external APIs (currently only weather API) - **Data Retention**: Configurable conversation history retention (default 30 days) - **Data Access**: Local network only with authentication requirements ### 3. New Documentation: SAFETY_CONSTRAINTS.md Defines safety boundaries and constraints: - **Strict Separation**: Work and family agents must remain completely isolated - **Forbidden Actions**: Family agent cannot access work files, execute shell commands, or install packages - **Path Whitelists**: Tools restricted to explicitly whitelisted directories - **Network Access**: Local network by default, external access only for approved tools - **Confirmation Flows**: High-risk actions require user confirmation - **Work Agent Constraints**: Work agent also restricted from accessing family data ## Impact This PR establishes the foundational documentation that will guide all future development: - **Privacy-first approach**: Clear policy ensures all development respects user privacy - **Safety boundaries**: Explicit constraints prevent accidental data leakage between work/family contexts - **Architecture clarity**: Detailed repository structure provides roadmap for implementation ## Testing - [x] Documentation reviewed for clarity and completeness - [x] All ticket requirements met - [x] Cross-references between documents verified ## Next Steps With foundational tickets complete, development can proceed on: - Voice I/O track (wake-word, ASR, TTS) - LLM Infrastructure track (model selection, server setup) - Tools/MCP track (MCP foundation, tool implementations) - Clients/UI track (Phone PWA, web dashboard) - Safety/Memory track (boundary enforcement, memory implementation) --- **Commit Message**: My to-do list is clear. I've finished the foundational tickets per the guide. I'm ready for what's next and will notify the user. Reviewed-on: #1
51 lines
1.4 KiB
Markdown
51 lines
1.4 KiB
Markdown
# Ticket: Document Privacy Policy and Safety Constraints
|
|
|
|
## Ticket Information
|
|
|
|
- **ID**: TICKET-003
|
|
- **Title**: Document Privacy Policy and Safety Constraints
|
|
- **Type**: Documentation
|
|
- **Priority**: High
|
|
- **Status**: Backlog
|
|
- **Track**: Safety/Memory
|
|
- **Milestone**: Milestone 1 - Survey & Architecture
|
|
- **Created**: 2024-01-XX
|
|
|
|
## Description
|
|
|
|
Define and document privacy policy and safety constraints for the family voice agent:
|
|
- Privacy policy: No external APIs for core ASR/LLM (define exceptions like weather)
|
|
- List "forbidden actions" for family agent (e.g., touching work repos)
|
|
- Document allowed vs restricted tool access
|
|
- Define data retention and deletion policies
|
|
|
|
## Acceptance Criteria
|
|
|
|
- [ ] Privacy policy document created
|
|
- [ ] List of forbidden actions documented
|
|
- [ ] Exception list for external APIs defined (e.g., weather)
|
|
- [ ] Safety constraints documented in project docs
|
|
- [ ] Constraints integrated into architecture decisions
|
|
|
|
## Technical Details
|
|
|
|
This will inform:
|
|
- Tool permission design
|
|
- Network separation requirements
|
|
- Confirmation flow design
|
|
- Memory and data retention policies
|
|
|
|
## Dependencies
|
|
|
|
None - can be done in parallel with TICKET-002.
|
|
|
|
## Related Files
|
|
|
|
- `docs/PRIVACY_POLICY.md` (to be created)
|
|
- `docs/SAFETY_CONSTRAINTS.md` (to be created)
|
|
- `ARCHITECTURE.md`
|
|
|
|
## Notes
|
|
|
|
These constraints will be referenced throughout development, especially for safety and boundary enforcement tasks.
|