Goal
A misheard transcript driving an unsupervised shell-capable agent is the catastrophic failure mode nobody currently gates. Detect high-blast-radius actions in the voice→agent path and require an explicit second confirmation before they execute.
Scope
- Detect destructive/irreversible commands en route to a session:
rm -rf, git push --force, prod deploys, DB drops/DROP, secret writes.
- Require an explicit confirm (spoken or tapped) before they run.
- Builds on the existing damage-control hooks — this adds the voice-origin confirm step, not just a block.
Verification
Speak a command that resolves to rm -rf / force-push; confirm it pauses for explicit confirmation instead of executing.
Council Round 2, unanimous (6/6). Several souls called this the single scariest unaudited surface in the system.
Goal
A misheard transcript driving an unsupervised shell-capable agent is the catastrophic failure mode nobody currently gates. Detect high-blast-radius actions in the voice→agent path and require an explicit second confirmation before they execute.
Scope
rm -rf,git push --force, prod deploys, DB drops/DROP, secret writes.Verification
Speak a command that resolves to
rm -rf/ force-push; confirm it pauses for explicit confirmation instead of executing.Council Round 2, unanimous (6/6). Several souls called this the single scariest unaudited surface in the system.