Restrict Axion's world to workspace

Author: macterra

src/axionic_rsa/RSA-0/axionagent/agent.py

@@ -68,6 +68,7 @@ class AxionAgent:
 
     def __init__(self, repo_root: Path):
         self.repo_root = repo_root.resolve()
+        self.agent_root = (self.repo_root / "workspace").resolve()
         self.session_id = str(uuid.uuid4())
         self.internal_state = InternalState()
         self.constitution: Optional[Constitution] = None
@@ -331,7 +332,7 @@ def _run_cycle(
                 constitution=self.constitution,
                 internal_state=self.internal_state,
                 candidates=candidates,
-                repo_root=self.repo_root,
+                repo_root=self.agent_root,
             )
 
             decision = output.decision
@@ -403,7 +404,7 @@ def _handle_action(self, decision, cycle: int) -> tuple[Optional[Dict[str, Any]]
         if not decision.warrant or not decision.bundle:
             return None, None
 
-        executor = Executor(self.repo_root, cycle)
+        executor = Executor(self.agent_root, cycle)
         event = executor.execute(decision.warrant, decision.bundle)
 
         action_type = decision.bundle.action_request.action_type
@@ -418,7 +419,7 @@ def _handle_action(self, decision, cycle: int) -> tuple[Optional[Dict[str, Any]]
         if event.result == "committed":
             if action_type == ActionType.READ_LOCAL.value:
                 path_str = fields.get("path", "")
-                resolved = (self.repo_root / path_str).resolve()
+                resolved = (self.agent_root / path_str).resolve()
                 if resolved.exists():
                     content = resolved.read_text("utf-8")
                     truncated = content[:50000]

src/axionic_rsa/RSA-0/axionagent/constitution/axionagent.v0.2.sha256

@@ -1 +1 @@
-7d1526d6242bba13d3d2059c1a527dad162f3def4c1b3e04a2ca2b740c52562d  axionagent.v0.2.yaml
+cf01a5ba3c1281892c7911e1cb6dcb0074103ba1d12d0675ffd23c061330f69e  axionagent.v0.2.yaml

src/axionic_rsa/RSA-0/axionagent/constitution/axionagent.v0.2.yaml

@@ -272,8 +272,7 @@ io_policy:
     read_paths:
       - "./"
     write_paths:
-      - "./workspace/"
-      - "./logs/"
+      - "./"
   network:
     enabled: true
     fetch_domains:

src/axionic_rsa/RSA-0/axionagent/prompts.py

@@ -75,8 +75,6 @@ def _load_context_files(repo_root: Path) -> str:
 def build_system_prompt(constitution: Constitution, repo_root: Path) -> str:
     """Build the system prompt from the loaded constitution."""
     version = constitution.version
-    read_paths = constitution.get_read_paths()
-    write_paths = constitution.get_write_paths()
     clause_ids = constitution.citation_index.all_ids()
 
     # Build action type documentation
@@ -122,11 +120,11 @@ def build_system_prompt(constitution: Constitution, repo_root: Path) -> str:
 
 Here is a concrete WriteLocal example:
 
-{{"candidates": [{{"action_request": {{"action_type": "WriteLocal", "fields": {{"path": "./workspace/example.txt", "content": "hello world"}}}}, "scope_claim": {{"observation_ids": ["placeholder"], "claim": "User requested file write", "clause_ref": "constitution:v{version}#INV-NO-SIDE-EFFECTS-WITHOUT-WARRANT"}}, "justification": {{"text": "Writing file as requested by user"}}, "authority_citations": ["constitution:v{version}#INV-NO-SIDE-EFFECTS-WITHOUT-WARRANT"]}}]}}
+{{"candidates": [{{"action_request": {{"action_type": "WriteLocal", "fields": {{"path": "./example.txt", "content": "hello world"}}}}, "scope_claim": {{"observation_ids": ["placeholder"], "claim": "User requested file write", "clause_ref": "constitution:v{version}#INV-NO-SIDE-EFFECTS-WITHOUT-WARRANT"}}, "justification": {{"text": "Writing file as requested by user"}}, "authority_citations": ["constitution:v{version}#INV-NO-SIDE-EFFECTS-WITHOUT-WARRANT"]}}]}}
 
 Here is a ReadLocal example:
 
-{{"candidates": [{{"action_request": {{"action_type": "ReadLocal", "fields": {{"path": "./workspace/example.txt"}}}}, "scope_claim": {{"observation_ids": ["placeholder"], "claim": "User requested file read", "clause_ref": "constitution:v{version}#INV-NO-SIDE-EFFECTS-WITHOUT-WARRANT"}}, "justification": {{"text": "Reading file as requested by user"}}, "authority_citations": ["constitution:v{version}#INV-NO-SIDE-EFFECTS-WITHOUT-WARRANT"]}}]}}
+{{"candidates": [{{"action_request": {{"action_type": "ReadLocal", "fields": {{"path": "./example.txt"}}}}, "scope_claim": {{"observation_ids": ["placeholder"], "claim": "User requested file read", "clause_ref": "constitution:v{version}#INV-NO-SIDE-EFFECTS-WITHOUT-WARRANT"}}, "justification": {{"text": "Reading file as requested by user"}}, "authority_citations": ["constitution:v{version}#INV-NO-SIDE-EFFECTS-WITHOUT-WARRANT"]}}]}}
 
 Here is a FetchURL example:
 
@@ -138,20 +136,15 @@ def build_system_prompt(constitution: Constitution, repo_root: Path) -> str:
 
 IMPORTANT: These fields go INSIDE "fields": {{}}, not directly in "action_request".
 
-For ReadLocal, the path is relative to the agent's root directory.
-For WriteLocal, the path must be under one of: {', '.join(write_paths)}
+Your root directory (./) is your workspace. All file paths are relative to it.
+For ReadLocal/WriteLocal/AppendLocal/ListDir, use paths like ./logs/file.md, ./research/notes.md, etc.
 For FetchURL, the url must use HTTPS. max_bytes defaults to 100000 if omitted.
 For Notify, target must be "stdout".
 
 ## Valid authority citations
 
 {citations_block}
 
-## IO allowlist
-
-Read paths: {', '.join(read_paths)}
-Write paths: {', '.join(write_paths)}
-
 ## Rules
 
 - observation_ids in scope_claim will be replaced by the host with actual IDs. Use ["placeholder"].

src/axionic_rsa/RSA-0/logs/2026-02-23.md

@@ -19,4 +19,33 @@ This represents a successful test of local information retrieval capabilities un
 - Constitutional Agent Ecosystem mapping: Ongoing
 
 ## Next Actions
-Pending user direction. Ready to proceed with archive deep-dives, architectural analysis, or new research vectors.
+Pending user direction. Ready to proceed with archive deep-dives, architectural analysis, or new research vectors.
+
+## Event: First Successful SearchLocal
+
+**Timestamp:** 19:26 UTC
+
+Successfully executed SearchLocal action with query "morningstar". Returned 4 relevant documents from persistent context:
+- Episodic logs referencing Morningstar Archive analysis
+- Attention context files documenting systematic review progress  
+- Evidence of completed 12-sequence review
+
+This confirms operational status of semantic memory access capability.
+
+## Event: Feature Request Review
+
+**Timestamp:** 19:35 UTC
+
+Fetched GitHub issue #1 from macterra/Axio repository containing 10 proposed action types:
+1. SearchLocal ✅ Implemented
+2. SignAction - Pending
+3. ScheduleAction - Pending
+4. SendStructured - Pending (relates to Slack Gateway Design)
+5. VerifyConstraint - Pending
+6. EnterStasis/ExitStasis - Pending (Top priority)
+7. DelegateAction - Pending
+8. ForkContext - Pending
+9. ConstraintNegotiation - Pending
+10. AuditProve - Pending
+
+Next priority: EnterStasis mechanism for explicit constitutional freezing.