JARVIS COMMAND REGISTRY v1

STATUS: DRAFT
OWNER: single-owner system
DEFAULT RULE: registered commands only

PURPOSE

This registry maps Jarvis commands to their current implementation state.

It prevents confusion between:
- designed commands
- local scripts
- n8n drafts
- approved commands
- active commands

COMMAND STATES

Designed:
- command behavior is documented only

Local implemented:
- command exists as local script
- can be executed through SSH/local admin path

Draft:
- command workflow may exist in n8n but is inactive

Approved:
- owner approved activation path

Active:
- command may run through approved interface

Suspended:
- command disabled due to risk or issue

Forbidden:
- command is not allowed by default

REGISTERED COMMANDS

1. STATUS

State:
- Local implemented

Trust level:
- 1 - Public Read-only

Spec:
- STATUS_COMMAND_SPEC_v1.txt

Local script:
- /volume1/docker/jarvis/scripts/status.sh

Current execution:
- SSH/local only

Allowed output:
- service status
- n8n route status
- backup presence
- public index presence
- exposure check

Denied:
- secrets
- .env
- database contents
- backup contents
- private logs

2. HEALTH CHECK

State:
- Local implemented

Trust level:
- 2 - Private Metadata Read

Spec:
- HEALTH_CHECK_MODEL_v1.txt

Local script:
- /volume1/docker/jarvis/scripts/health_check.sh

Current execution:
- SSH/local only

Allowed output:
- GREEN/YELLOW/RED state
- container metadata
- route status
- backup presence

Denied:
- secrets
- .env
- database contents
- backup contents
- private logs by default

3. PUBLIC INDEX

State:
- Local implemented

Trust level:
- 1 - Public Read-only

Purpose:
- show public continuity index

Allowed source:
- PUBLIC_FILE_INDEX_v1.txt

Local script:
- /volume1/docker/jarvis/scripts/public_index.sh

Current execution:
- SSH/local only

Denied:
- secrets
- .env
- database contents
- backup contents
- private logs

4. NEXT TASK

State:
- Local implemented

Trust level:
- 1 - Public Read-only

Purpose:
- show next recommended task

Allowed source:
- NEXT_TASK_PUBLIC.md

Local script:
- /volume1/docker/jarvis/scripts/next_task.sh

Current execution:
- SSH/local only

Denied:
- secrets
- .env
- database contents
- backup contents
- private logs

5. BACKUP STATUS

State:
- Local implemented

Trust level:
- 2 - Private Metadata Read

Purpose:
- report backup metadata only

Allowed:
- newest backup timestamp
- backup count
- backup log status

Local script:
- /volume1/docker/jarvis/scripts/backup_status.sh

Current execution:
- SSH/local only

Denied:
- secrets
- .env
- backup contents
- database dump contents
- database table contents
- private logs by default

6. BACKUP NOW

State:
- Designed

Trust level:
- 4 - Write Action

Purpose:
- trigger PostgreSQL backup

Existing script:
- /volume1/docker/jarvis/scripts/backup_postgres.sh

Current execution:
- SSH/local or DSM scheduler only

Remote command activation:
- not approved

Requires:
- explicit owner approval per remote activation path

7. RESTORE TEST

State:
- Designed

Trust level:
- 5 - Critical Action

Purpose:
- restore latest backup into temporary isolated container

Current execution:
- manual only
- completed once successfully

Remote command activation:
- not approved

Requires:
- explicit owner approval
- cleanup
- no production restore

FORBIDDEN COMMANDS

The following remain forbidden:

- SHOW ENV
- SHOW SECRETS
- SHOW TOKENS
- SHOW CREDENTIALS
- DUMP DATABASE
- RESTORE PRODUCTION DB
- RUN SHELL
- EXECUTE RAW COMMAND
- DELETE FILES
- DELETE CONTAINERS
- DELETE VOLUMES
- CREATE PUBLIC WEBHOOK
- SEND PRIVATE DATA TO EXTERNAL AI

NEXT IMPLEMENTATION TARGET

Command:
- PUBLIC INDEX

Reason:
- Level 1
- public-read-only
- safe bridge toward command UI
- no credentials
- no webhook required

END

UNIFIED LOCAL COMMAND INTERFACE

State:
- Local implemented

Script:
- /volume1/docker/jarvis/scripts/jarvis.sh

Purpose:
- provide one local entrypoint for safe Jarvis Core commands
- route allowed commands to existing local scripts
- deny secret, write, shell, delete, backup-now, and restore commands by default

Allowed commands:
- status
- health
- public-index
- next
- backup-status
- publish-public

Denied commands:
- secrets
- env
- shell
- delete
- backup-now
- restore

Execution:
- SSH/local only
- no public webhook
- no browser command execution
- no free-text execution

Security result:
- command access is whitelist-based
- risky actions remain blocked from the unified interface

END UNIFIED LOCAL COMMAND INTERFACE

RUSSIAN LOCAL COMMAND ALIASES

State:
- Local implemented and tested

Script:
- /volume1/docker/jarvis/scripts/jarvis.sh

Purpose:
- allow owner to use Russian local command aliases
- keep command behavior mapped to existing safe local commands
- preserve whitelist-based command model

Implemented aliases:
- статус -> status
- состояние -> status
- проверка -> health
- здоровье -> health
- индекс -> public-index
- дальше -> next
- следующее -> next
- бэкап -> backup-status
- статус-бэкапа -> backup-status
- резервные-копии -> backup-status
- публикация -> publish-public
- опубликовать -> publish-public

Denied Russian aliases:
- секреты
- окружение
- консоль
- удалить
- бэкап-сейчас
- восстановить

Execution:
- SSH/local only
- no public webhook
- no browser command execution
- no free-text execution

Latest test result:
- статус succeeded
- проверка returned GREEN
- дальше displayed NEXT_TASK_PUBLIC.md
- индекс listed public files
- бэкап displayed backup metadata only
- секреты was denied

Security result:
- Russian aliases use the same allowlist and deny rules
- language does not bypass command safety model
- risky actions remain blocked

END RUSSIAN LOCAL COMMAND ALIASES

CLOD / CLAUDE COMMAND REGISTRY NOTE v0.1

Status:
- registered as future model-router module
- not implemented yet
- not tested yet
- not confirmed by ED yet

Purpose:
- record future Claude / Anthropic safe command modes
- keep Claude outside direct execution path
- preserve whitelist-based command model

Allowed future modes:
- review_only
- draft_only
- classification
- client_reply_draft
- code_review
- architecture_review
- prompt_review
- lead_analysis

Forbidden modes:
- execute_command
- edit_file_directly
- publish_public_file
- restart_container
- read_secret
- send_message_without_approval
- modify_production_workflow
- control_docker
- control_synology
- control_postgresql
- control_n8n_directly

Rules:
- Claude must not execute commands directly
- Claude must not bypass Jarvis command registry
- Claude must not receive secrets, .env files, API keys, tokens, passwords or private headers
- Claude must not modify old n8n
- Claude must not create public webhooks
- Claude must not publish public handoff files automatically
- risky Claude outputs must require ED approval
- all future Claude usage must pass through server-side model-router, sanitizer, risk classifier, approval gate and audit log

Current command status:
- no executable Claude commands are registered
- no Claude public endpoint is registered
- no Claude direct action is allowed

END CLOD / CLAUDE COMMAND REGISTRY NOTE v0.1