e503273fba
Implements the vault subsystem: a JSONL queue and gate agent that sits between agent output and irreversible external actions (emails, posts, API calls, charges). New files: - vault/vault-poll.sh: cron entry (*/30), three phases: retry approved, timeout escalations (48h), invoke vault-agent for new pending actions - vault/vault-agent.sh: claude -p wrapper that classifies and routes actions based on risk × reversibility routing table - vault/vault-fire.sh: two-phase dispatcher (pending→approved→fired) with per-action locking and webhook-call handler - vault/vault-reject.sh: moves actions to rejected/ with reason + timestamp - vault/PROMPT.md: vault-agent system prompt with routing table Modified: - lib/matrix_listener.sh: new vault dispatch branch for APPROVE/REJECT replies to escalation threads Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
46 lines
1.5 KiB
Bash
Executable file
46 lines
1.5 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
# vault-reject.sh — Move a vault action to rejected/ with reason
|
|
#
|
|
# Usage: bash vault-reject.sh <action-id> "<reason>"
|
|
|
|
set -euo pipefail
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
|
source "${SCRIPT_DIR}/../lib/env.sh"
|
|
|
|
VAULT_DIR="${FACTORY_ROOT}/vault"
|
|
LOGFILE="${VAULT_DIR}/vault.log"
|
|
|
|
log() {
|
|
printf '[%s] vault-reject: %s\n' "$(date -u '+%Y-%m-%d %H:%M:%S UTC')" "$*" >> "$LOGFILE"
|
|
}
|
|
|
|
ACTION_ID="${1:?Usage: vault-reject.sh <action-id> \"<reason>\"}"
|
|
REASON="${2:-unspecified}"
|
|
|
|
# Find the action file
|
|
ACTION_FILE=""
|
|
if [ -f "${VAULT_DIR}/pending/${ACTION_ID}.json" ]; then
|
|
ACTION_FILE="${VAULT_DIR}/pending/${ACTION_ID}.json"
|
|
elif [ -f "${VAULT_DIR}/approved/${ACTION_ID}.json" ]; then
|
|
ACTION_FILE="${VAULT_DIR}/approved/${ACTION_ID}.json"
|
|
else
|
|
log "ERROR: action $ACTION_ID not found in pending/ or approved/"
|
|
exit 1
|
|
fi
|
|
|
|
ACTION_TYPE=$(jq -r '.type // "unknown"' < "$ACTION_FILE" 2>/dev/null)
|
|
ACTION_SOURCE=$(jq -r '.source // "unknown"' < "$ACTION_FILE" 2>/dev/null)
|
|
|
|
# Update with rejection metadata and move to rejected/
|
|
TMP=$(mktemp)
|
|
jq --arg reason "$REASON" --arg ts "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
|
|
'.status = "rejected" | .rejected_at = $ts | .reject_reason = $reason' \
|
|
"$ACTION_FILE" > "$TMP" && mv "$TMP" "${VAULT_DIR}/rejected/${ACTION_ID}.json"
|
|
rm -f "$ACTION_FILE"
|
|
|
|
# Clean up lock if present
|
|
rm -f "${VAULT_DIR}/.locks/${ACTION_ID}.lock"
|
|
|
|
log "$ACTION_ID: rejected — $REASON"
|
|
matrix_send "vault" "🚫 Vault rejected: ${ACTION_ID} (${ACTION_TYPE} from ${ACTION_SOURCE}) — ${REASON}" 2>/dev/null || true
|