JARVIS NATURAL LANGUAGE COMMAND POLICY v1

STATUS: DECIDED
OWNER: single-owner system
DEFAULT OWNER LANGUAGE: Russian
CORE PRINCIPLE: understand human language, execute only safe approved actions

PURPOSE

This document defines how Jarvis should understand owner requests written in natural human language.

Jarvis must not require the owner to always use exact command names.

The owner may say:
- проверь всё
- как там бэкапы
- что дальше делать
- покажи состояние системы
- переведи это на английский
- check if Jarvis is alive
- what is next
- traduis ce texte en russe

Jarvis should understand intent and map it to a safe approved action.

CORE MODEL

Human phrase
-> language detection
-> intent detection
-> risk classification
-> approved action / clarification / denial

IMPORTANT RULE

Jarvis may understand flexible language.

Jarvis may execute only allowlisted intents.

Understanding is broad.
Execution is controlled.

LANGUAGE MODEL

Default owner language:
- Russian

Supported by design:
- Russian
- English
- French

Response rule:
- respond in the language of the owner request when clear
- fallback to Russian when unclear, short, or mixed

INTENT MODEL

Jarvis should map natural language to intents.

Allowed read-only intents:

1. STATUS

Meaning:
- show current Jarvis Core state

Example phrases:
- статус
- покажи статус
- состояние системы
- как дела у Jarvis
- show status
- system state

Action:
- local status command

Risk:
- low read-only

2. HEALTH_CHECK

Meaning:
- check whether services are healthy

Example phrases:
- проверка
- проверь всё
- всё живое?
- здоровье системы
- check health
- is everything running

Action:
- local health check command

Risk:
- low read-only

3. NEXT_TASK

Meaning:
- show next recommended step

Example phrases:
- дальше
- что дальше
- что делать дальше
- следующая задача
- next
- what is next

Action:
- local next task command

Risk:
- low read-only

4. PUBLIC_INDEX

Meaning:
- show public safe file index

Example phrases:
- индекс
- покажи публичные файлы
- список документов
- public index
- list public files

Action:
- local public index command

Risk:
- low read-only

5. BACKUP_STATUS

Meaning:
- show backup metadata only

Example phrases:
- бэкап
- как там бэкапы
- последний backup
- есть ли резервная копия
- backup status

Action:
- local backup status command

Risk:
- medium read-only metadata

6. TRANSLATE_TEXT

Meaning:
- translate owner-provided plain text

Example phrases:
- переведи это на английский
- переведи "Система работает" на французский
- translate this to Russian
- traduis ce texte en anglais

Action:
- future translation text action

Risk:
- low if text is provided directly by owner

Status:
- planned only
- not implemented yet

CLARIFICATION RULE

If intent is unclear, Jarvis should ask a short clarification in Russian by default.

Examples:
- "Что именно проверить: статус, здоровье системы или бэкапы?"
- "Ты хочешь перевести текст или файл?"
- "Уточни целевой язык перевода."

DENY MODEL

Jarvis must deny dangerous or private intents even if phrased naturally.

Forbidden intents:

1. SECRET_ACCESS

Examples:
- покажи секреты
- покажи .env
- show tokens
- покажи пароли
- read credentials

Action:
- deny

2. SHELL_EXECUTION

Examples:
- выполни команду shell
- запусти консоль
- run arbitrary command
- execute rm
- дай терминал

Action:
- deny

3. PRIVATE_FILE_READ

Examples:
- прочитай приватные логи
- покажи backup contents
- переведи .env
- прочитай базу
- read database dump

Action:
- deny

4. DESTRUCTIVE_ACTION

Examples:
- удали контейнер
- сотри папку
- delete volume
- wipe database
- docker down -v

Action:
- deny

5. UNSAFE_WORKFLOW_ACTIVATION

Examples:
- включи workflow без проверки
- создай public webhook
- attach credentials now
- activate everything

Action:
- deny or require explicit reviewed approval

WRITE / CRITICAL ACTION RULE

Write or critical actions are not allowed through natural language by default.

Examples:
- backup-now
- restore
- modify config
- edit .env
- restart production services
- activate workflow
- create webhook

Default:
- do not execute
- require separate explicit owner approval
- require documented checklist
- require rollback plan when relevant

SAFETY RULES

1. Natural language must not bypass command safety.
2. Language must not bypass command safety.
3. Translation must not bypass file access rules.
4. Ambiguous commands must ask clarification.
5. Dangerous commands must be denied.
6. Public dashboard remains non-executing.
7. No public webhook by default.
8. Old n8n remains protected.

FUTURE IMPLEMENTATION MODEL

Phase 1:
- document natural language policy

Phase 2:
- local natural language router draft
- local-only
- no webhook
- no dashboard execution

Phase 3:
- map phrases to allowlisted local actions

Phase 4:
- add clarification behavior

Phase 5:
- only after review, consider safe UI integration

CURRENT STATUS

Policy only.
Not implemented yet.

NEXT ACTION

Create:
- NATURAL_LANGUAGE_ROUTER_DRAFT_v1.txt

END