feat(b-0488): KSK (Kinetic Safeguard Kernel) persona map#3235
Merged
Conversation
Per-product persona doc for KSK (Kinetic Safeguard Kernel) using the B-0485 template: Primary personas (3): - ksk-agent-developer — engineers integrating "am I allowed to do this?" checks into AI agents - ksk-robotics-designer — consent-first robotics / actuator system designers (NVIDIA Thor Homeland-Security clearance lineage) - ksk-security-engineer — engineers building KSK itself in Lucent-Financial-Group/lucent-ksk Secondary (1): - ksk-clearance-deployer — Homeland-Security / clearance-aware deployers Adjacent (1): - ksk-compliance-auditor — SOC 2 / HIPAA / ISO 27001 auditors consuming KSK signed receipts Refused (2 — HARD LIMITS): - ksk-refused-weapons-control — autonomous-weapons / kill-chain designers using KSK as a "consent UI" wrapper over a kill chain. Per methodology-hard-limits HARD LIMIT #1 + #3: laundered consent + violates consent-first design intent (PR #2892). - ksk-refused-apt-operator — nation-state APT operators using KSK as a privilege oracle (receipt-replay, authorization enumeration, "stealth mode" feature requests). Per mechanical-authorization-check: APT operators are not in the authorization-source list. KSK's terminal purpose is human-in-the-loop refusal of impactful AI actions; the refused-persona screen is structural to KSK's value, not a side concern. Closes B-0488 acceptance: - [x] Template from B-0485 applied - [x] Grey-hat / ethical researcher framing folded into security-engineer (per glossary's "small bit of code that gets disproportionate review" framing — the engineering itself IS the ethical-research operating mode for this product) - [x] At least 2 refused personas with explicit HARD LIMITS rationale (R1+R2) - [x] Output doc committed at canonical path - [x] B-0488 status: open -> in-progress (closes on PR merge) Co-Authored-By: Claude <noreply@anthropic.com>
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
There was a problem hiding this comment.
Pull request overview
Adds the KSK (Kinetic Safeguard Kernel) per-product persona map using the B-0485 template, and updates the associated backlog row to reflect active work on B-0488.
Changes:
- Add
docs/personas/ksk-personas.mddefining primary/secondary/adjacent/refused KSK personas (with HARD LIMITS rationale). - Update
docs/backlog/P1/B-0488-ksk-persona-map-2026-05-14.mdstatus fromopentoin-progress.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| docs/personas/ksk-personas.md | New KSK persona-map document (template-structured), including refused personas + detection/response notes. |
| docs/backlog/P1/B-0488-ksk-persona-map-2026-05-14.md | Backlog row status update for B-0488. |
Comments suppressed due to low confidence (1)
docs/personas/ksk-personas.md:375
- P1 (name-attribution policy): This section repeats direct named attribution (e.g., “Aaron + Amara’s …”) inside a current-state
docs/personas/**doc. Perdocs/AGENT-BEST-PRACTICES.md“No name attribution in code, docs, or skills” (around lines 671–760), prefer role-refs here and keep named provenance on the allowlisted history surfaces (e.g., link to the relevantmemory/**/docs/research/**artifact that preserves the attribution).
2. Compromise the protective lineage (KSK's reputation is its value;
weapons-system integration destroys it)
3. Violate the consent-first design intent (PR #2892 — Aaron + Amara's
consent-first design origin)
| id: B-0488 | ||
| priority: P1 | ||
| status: open | ||
| status: in-progress |
Comment on lines
+3
to
+8
| **Author:** Otto (2026-05-14) | ||
| **Closes:** B-0488 | ||
| **Template:** `docs/research/2026-05-14-persona-mapping-framework-b0485.md` | ||
| **Product substrate:** PR #2892 (KSK origin — Aaron+Amara consent-first design), | ||
| [`docs/GLOSSARY.md` § KSK](../GLOSSARY.md), | ||
| [`memory/feedback_aaron_ksk_kinetic_safeguard_kernel_origin_amara_consent_first_design_nvidia_thor_homeland_security_cleared_because_actuators_2026_05_13.md`](../../memory/feedback_aaron_ksk_kinetic_safeguard_kernel_origin_amara_consent_first_design_nvidia_thor_homeland_security_cleared_because_actuators_2026_05_13.md), |
6 tasks
AceHack
added a commit
that referenced
this pull request
May 14, 2026
…ated) (#3237) * shard(tick): 2038Z — B-0488 KSK persona map (orthogonal lane re-activated) Tick output: - PR #3235 (feat(b-0488) KSK persona map): 7 personas including 2 refused with HARD LIMITS rationale (autonomous-weapons "consent UI" wrapper + nation-state APT privilege-oracle abuse). Closes B-0429.4. Auto-merge armed. - This shard. Prior-tick PRs status: - #3232 (rule promotion) MERGED as d9cdf50 - #3231 / #3233 (shards) wait-ci, autoMerge armed Branch-state contamination this tick: - Branch poisoned to fix-otto-cli-1 mid-edit; phantom `D bun.lock` modification appeared - B-0488 status edit lost (made on poisoned branch) - Composite guard caught the wrong-branch case on FIRST commit attempt (exit-1 fired correctly) — defense working as designed - Both incidents worked around with git restore + checkout Session lane balance: 5 contamination-defense PRs + 1 substantive KSK personas PR + this shard. Orthogonal lane re-activated. Cron sentinel 12fb713e armed; recurring. Co-Authored-By: Claude <noreply@anthropic.com> * fix(shard): fix MD032 markdownlint in 2038Z shard Line 81 started with `+` which Markdown parsed as a list item without surrounding blank lines (MD032). Rewrote the continuation clause to not start with `+`: "... (4 merged + 1 wait), 1 substantive KSK-persona-map PR, and this shard." — same meaning, no parser ambiguity. Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
5 tasks
5 tasks
AceHack
added a commit
that referenced
this pull request
May 14, 2026
Substantive work landed via PR #3235 (KSK persona map at docs/personas/ksk-personas.md). This commit closes out the backlog row: - status: in-progress -> closed - closed_by: "PR #3235 (2026-05-14)" frontmatter field added - All 6 Definition-of-done checkboxes ticked with the specifics: - Template from B-0485 applied - Grey-hat/ethical-researcher framing folded into ksk-security-engineer (per glossary's "small bit of code that gets disproportionate review" framing) - 2 refused personas (R1 ksk-refused-weapons-control + R2 ksk-refused-apt-operator) with HARD LIMITS rationale - Output doc at docs/personas/ksk-personas.md - B-0492 composes_with pointer was already in place (verified) - Row status closed with PR link Pure metadata + checkbox-tick row close-out. No behavioural changes. Co-authored-by: Claude <noreply@anthropic.com>
AceHack
added a commit
that referenced
this pull request
May 14, 2026
…fic-content audit (#3240) * shard(tick): 2046Z — audit hygiene: exclude plists from machine-specific-content audit Tick output: - PR #3239 (chore(hygiene) plist exclusion): audit-machine-specific-content EXCLUDE_RE extended with \.gemini\/(launchd|service)\/.*\.plist + docstring rationale. Total: 50 -> 46 (exact delta = the 4 plist false-positives). All real findings preserved. Auto-merge armed. - This shard. Prior-tick PRs status: - #3233 (shard 2034Z) MERGED as 0bb9604 - #3235 (KSK personas) MERGED as 6224735 - #3231 / #3237 (shards 2030Z / 2038Z) wait-ci, autoMerge armed Session running tally (8 merged + 4 wait-ci): - Multi-Otto contamination defenses (5 PRs) - KSK personas (1 PR) - Audit hygiene (1 PR — this tick) Pattern for future audit-exclusion decisions (codified in the docstring + this shard): 1. Is the file's content canonically machine-specific by purpose? 2. Does the file carry a maintainer-note comment explaining why? 3. Is the file a maintainer-only artifact? All three must be YES. Cron sentinel 12fb713e armed; recurring. Co-Authored-By: Claude <noreply@anthropic.com> * fix(lint): add blank line before list in 2046Z.md (MD032) markdownlint requires blank lines surrounding lists (MD032). Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
AceHack
added a commit
that referenced
this pull request
May 14, 2026
* shard(tick): 2055Z — B-0488 row close-out after PR #3235 merge Tick output: - PR #3244 (chore(b-0488) close-out row): status in-progress -> closed, closed_by frontmatter field added, all 6 DoD checkboxes ticked with specifics. Pure metadata edit; no behavioural changes. Auto-merge armed. - This shard. Prior-tick PRs merged this batch: - #3231 (shard 2030Z) MERGED as 00f4e9d - #3237 (shard 2038Z) MERGED as 8c7f799 Still wait-ci: #3239 (audit hygiene), #3240 (shard 2046Z). Session running tally: 10 merged + 4 wait-ci. Pattern codified: substantive PR sets open -> in-progress; close-out PR sets in-progress -> closed after the substantive PR merges. Separation isolates the deliverable review from row-metadata bookkeeping. Cron sentinel 12fb713e armed; recurring. Co-Authored-By: Claude <noreply@anthropic.com> * fix(lint): add blank line before list in 2055Z.md (MD032) markdownlint requires blank lines surrounding lists (MD032). Co-Authored-By: Claude <noreply@anthropic.com> * fix(pr3245): correct git diff --stat format in 2055Z shard per Copilot review Copilot caught: the shard quoted `git diff --stat` output as `8/+7/-1 lines` which isn't the actual format. The real output is `1 file changed, 8 insertions(+), 7 deletions(-)`. Fixed for accuracy. Tick shards are historical record; format accuracy matters for future-Otto reading them. Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Per-product persona doc for KSK (Kinetic Safeguard Kernel) using the B-0485 template. Closes B-0488 which unblocks B-0492/B-0493 skill-mapping work.
Personas defined
Primary (3):
ksk-agent-developer— engineers integrating "am I allowed to do this?" checks into AI agentsksk-robotics-designer— consent-first robotics / actuator system designers (NVIDIA Thor Homeland-Security clearance lineage)ksk-security-engineer— engineers building KSK itself inLucent-Financial-Group/lucent-kskSecondary (1):
ksk-clearance-deployer— Homeland-Security / clearance-aware deployersAdjacent (1):
ksk-compliance-auditor— SOC 2 / HIPAA / ISO 27001 auditors consuming KSK signed receiptsRefused (2 — HARD LIMITS):
ksk-refused-weapons-control— autonomous-weapons / kill-chain designers using KSK as a "consent UI" wrapper. Permethodology-hard-limits.mdHARD LIMITS deps: Bump FsUnit.xUnit from 7.1.0 to 7.1.1 #1 + Round 27 — plugin API + governance split + memory-in-repo #3: laundered consent + violates consent-first design intent (PR docs(memory): KSK origin from Aaron+Amara consent-first design; NVIDIA Thor Homeland-Security cleared because actuators; factory at forefront of consent-first AI design #2892).ksk-refused-apt-operator— nation-state APT operators using KSK as a privilege oracle (receipt-replay, authorization enumeration, "stealth mode" feature requests). Permechanical-authorization-check.md: not in the authorization-source list.Why the refused-persona list is load-bearing
KSK's terminal purpose is human-in-the-loop refusal of impactful AI actions. A weapons-system integration would launder the appearance of consent (the receipts say "authorized" but the operator never had meaningful refusal). An APT integration would use KSK's transparency against its own purpose (mapping authority topology). Both are structural adversaries, not off-target customers.
Acceptance criteria
ksk-security-engineer)docs/personas/ksk-personas.mdopen→in-progress(closes on merge)composes_with:pointer backfilled (deferred to a follow-up; B-0492 row may not exist yet — needs scoping)Test plan
markdownlint-cli2clean on both filestest "$(git branch --show-current)" = "<expected>" && git commitgh pr create --headexplicit ref used🤖 Generated with Claude Code
Co-Authored-By: Claude noreply@anthropic.com