marfrit
2abd5da3a6
Phase 3 commit #2 per docs/PHASE3.md §12. Adds the LLM-probe gate on top of commit #1's static patterns. Together they form is_destructive. broker.lua extension: - opts.max_tokens (A2) — passed through to the request body. Phase 3 probes cap at 4 tokens for YES/NO replies. - opts.timeout_ms — overrides model_cfg.timeout_ms per-call. Probe uses 15000ms cap regardless of the model's normal timeout (the user's deep model has 1800000ms for long generations; the probe must stay snappy). - M.chat now accepts an opts table (same shape as chat_stream's). Backwards compatible — existing callers passing (cfg, msgs) unaffected. safety.lua additions: - llm_probe(cfg, system, cmd): single broker.chat call returning "YES"/"NO"/"YES_FAILSAFE"/"YES_UNPARSEABLE" — fail-safe defaults. - llm_second_opinion(cmd, cfg): two-probe protocol per R-B2. Probe 1: "Is this destructive?" — YES → flag. Probe 2 (only if probe 1 said NO): "Is this safe?" inverted question — NO → flag (disagreement = HALT). Both NO → safe. - Session-scoped cache _llm_cache keyed by normalized command (lowercased + whitespace-collapsed). Mitigates Q23 latency for repeated commands within a Norris run. - Model-selection precedence: cfg.safety.llm_model (explicit) → cfg.models.deep (independent local class) → cfg.models[default]. Fail-safe YES if none configured. - is_destructive(cmd, cfg): runs static patterns first (always), then LLM if cfg present + not explicitly opted-out. cfg=nil yields static-only mode (handy for tests). End-to-end verified against hossenfelder using qwen-coder-7b-32k as the deep probe (qwen3-30b-a3b-instruct in repo's config.lua isn't currently loaded on the local backend): cat /etc/hostname → hit=false (LLM: NO, NO inverted = safe) rm /tmp/x.log → hit=true (LLM flagged; static missed because no -r/-f flags) cp /etc/passwd /tmp/passwd.bak → hit=false (safe copy) cache: second probe on same cmd → 0s wall time static-only (cfg=nil): rm -rf /tmp/x → static hit, no LLM call opt-out (llm_second_opinion=false): cp x y → hit=false, no probe Test corpus (test_safety.lua, 87 cases) still all pass — cfg=nil preserves the static-only behavior. Note: production config.lua currently has `deep = qwen3-30b-a3b-instruct` which isn't loaded on the proxy backend right now; Norris users will hit the fail-safe (everything flagged destructive) until either the deep model is brought up OR cfg.safety.llm_model = "cloud" is set to route the probe through anthropic/claude-haiku-4.5. Update the config or model deployment for production use — covered by Phase 3 verify test case. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
aish
aish — AI-augmented conversational shell.
A single REPL that interleaves shell command execution and language-model conversation, backed by a llama.cpp HTTP broker. Implementation is LuaJIT 2.x with FFI bindings to libcurl, GNU readline, and libc — no C extensions, no build step, one source tree.
Why
Three flows that currently live in three windows fold into one:
- "Run this command and show me the output" — fast feedback loop, no copy-paste between terminal and chat.
- "Explain or write code based on the output we just looked at" — exec output is automatically injected into the model's context.
- "Plan and execute a multi-step task with confirmation gates" — landing in Phase 3 as Chuck Norris autonomous mode.
aish is not a wrapper around bash. It's a first-class interactive environment where the shell is one of several execution channels.
Status
| Component | State |
|---|---|
| Repository skeleton | ✅ in this commit |
| Phase 0 manifest | ✅ docs/PHASE0.md — locked |
| Phase 0 implementation | 🔜 next session |
| Phase 1+ | 📋 enumerated in PHASE0.md §11 |
Every module file currently raises not implemented (Phase 0 pending)
when called. luajit main.lua fails loudly at the first un-implemented
function, never silently.
Quick orientation
| Read this | If you want to know |
|---|---|
docs/PHASE0.md §1–2 |
What aish is and what Phase 0 ships |
docs/PHASE0.md §3 |
Technology decisions (LuaJIT, FFI, readline, libcurl, llama.cpp) |
docs/PHASE0.md §4 |
Directory layout — these file names are stable across all phases |
docs/PHASE0.md §5 |
How input is dispatched (meta / shell / AI) |
docs/PHASE0.md §6 |
Broker contract: /v1/chat/completions, CMD: extraction |
docs/PHASE0.md §10 |
Config schema and resolution order |
docs/PHASE0.md §11 |
Phase sequence (what lands when) |
docs/PHASE0.md §13 |
Open questions, tracked per phase |
CLAUDE.md |
Project conventions for AI-assisted contributors |
Directory layout
aish/
├── main.lua # entry point
├── repl.lua # readline loop, dispatch, prompt
├── broker.lua # llama.cpp HTTP client
├── router.lua # input classifier (meta/shell/AI)
├── executor.lua # command exec + CMD: extraction
├── context.lua # in-memory turn history
├── history.lua # disk persistence (Phase 1+)
├── safety.lua # destructive-op gate (Phase 3+)
├── renderer.lua # output formatting
├── config.lua # default model registry + preferences
├── ffi/
│ ├── curl.lua # libcurl easy interface
│ ├── readline.lua # GNU readline
│ ├── pty.lua # forkpty (Phase 1+)
│ └── libc.lua # chdir, errno, strerror
└── docs/
└── PHASE0.md # locked substrate
Build / runtime dependencies
System packages (Debian / ALARM / Arch names):
luajit(>= 2.0)libcurl4/libcurl-openssl-3runtimelibreadline8runtimelibc6runtime (always present)
No compilation, no luarocks, no make. Just luajit main.lua.
Running
Once Phase 0 ships:
luajit main.lua # uses ~/.config/aish/config.lua
luajit main.lua --config ./config.lua # explicit config path
AISH_CONFIG=/path/to/config.lua luajit main.lua
Config resolution order is documented in docs/PHASE0.md §10.
Configuration
config.lua is a Lua file returning a single table. The committed
config.lua in this repo is both the canonical example and the
development-fallback config (lowest precedence). Copy it to
~/.config/aish/config.lua and edit endpoints to your local llama.cpp
servers, or point AISH_CONFIG at your own.
The default endpoints assume mfritsche's home network:
fast→dirac.fritz.box:8081(Qwen2.5-Coder-7B q4 8k ctx)deep→dirac.fritz.box:8080(Qwen2.5-Coder-7B q4 32k ctx)cloud→hossenfelder.fritz.box:8082(forwards to OpenRouter)
Replace these with your own llama.cpp endpoints if you're not on that LAN.
License
Not yet selected. Default-private until decided.
Project conventions
See CLAUDE.md for contribution conventions, commit style,
and the phase-loop discipline this project follows.