JARVIS NATURAL LANGUAGE ROUTER IMPLEMENTATION PLAN v1

STATUS: DRAFT
OWNER: single-owner system
DEFAULT OWNER LANGUAGE: Russian
CORE RULE: natural language understanding must never bypass safety controls

PURPOSE

This document defines a safe implementation plan for the future Jarvis natural language router.

The router should let the owner speak naturally while keeping execution limited to approved safe intents.

This is a plan only.
No router code is implemented by this document.

RELATED DOCUMENTS

- NATURAL_LANGUAGE_COMMAND_POLICY_v1.txt
- NATURAL_LANGUAGE_ROUTER_DRAFT_v1.txt
- NATURAL_LANGUAGE_TEST_PHRASES_v1.txt
- COMMAND_REGISTRY_v1.txt
- LANGUAGE_POLICY_v1.txt
- OPERATIONAL_RUNBOOK_v1.txt

IMPLEMENTATION PRINCIPLES

1. Local-first
- initial router runs only locally through SSH
- no public webhook
- no browser execution

2. Intent-first
- owner phrase maps to internal intent
- internal intent maps to known safe command

3. No raw shell
- owner phrase must never be executed directly
- no eval
- no arbitrary command execution

4. Deny-by-default
- unknown or unsafe intents are denied or clarified
- only allowlisted intents may run

5. Clarify when uncertain
- ambiguous phrase should trigger clarification
- do not guess dangerous actions

PHASE 1: DOCUMENTED ROUTER ONLY

Status:
- current phase

Actions:
- define policy
- define router draft
- define test phrases
- define implementation plan

Execution:
- none

PHASE 2: LOCAL DRY-RUN ROUTER

Goal:
- create a local router script that classifies phrases but does not execute actions

Future example:

jarvis-nl.sh "как там бэкапы?"

Expected output:
- language: Russian
- intent: BACKUP_STATUS
- risk: medium_read_only_metadata
- decision: dry_run_allow
- action: jarvis.sh бэкап

Rules:
- no action execution
- classification only
- safe for testing

PHASE 3: LOCAL EXECUTION FOR READ-ONLY INTENTS

Only after Phase 2 passes test phrases.

Allowed intents:
- STATUS
- HEALTH_CHECK
- NEXT_TASK
- PUBLIC_INDEX
- BACKUP_STATUS

Rules:
- execute only known jarvis.sh subcommands
- no raw shell
- no file path execution
- no write actions
- no public webhook

PHASE 4: CLARIFICATION MODE

Add clarification responses for ambiguous phrases.

Examples:
- "проверь" -> ask what to check
- "переведи" -> ask text and target language
- "открой" -> ask what to open

Rules:
- clarification only
- no execution until intent is clear

PHASE 5: TRANSLATE TEXT

Only after TRANSLATE local text syntax is approved.

Allowed:
- owner-provided plain text only

Denied:
- file paths
- .env
- backups
- logs
- database dumps
- credentials
- tokens
- private data

PHASE 6: OPTIONAL UI INTEGRATION

Only after local router is safe and reviewed.

Rules:
- dashboard remains non-executing by default
- no public webhook unless explicitly approved
- prefer owner-authenticated path
- write/critical actions remain excluded

INTENT ALLOWLIST

Allowed read-only intents:
- STATUS
- HEALTH_CHECK
- NEXT_TASK
- PUBLIC_INDEX
- BACKUP_STATUS

Planned low-risk text intent:
- TRANSLATE_TEXT

Denied intents:
- SECRET_ACCESS
- SHELL_EXECUTION
- PRIVATE_FILE_READ
- DESTRUCTIVE_ACTION
- UNSAFE_WORKFLOW_ACTIVATION

DRY-RUN OUTPUT FORMAT

The dry-run router should output:

- input_phrase
- detected_language
- detected_intent
- confidence
- risk_level
- decision
- proposed_action
- response_language
- reason

Example:

input_phrase:
- как там бэкапы?

detected_language:
- Russian

detected_intent:
- BACKUP_STATUS

confidence:
- high

risk_level:
- medium_read_only_metadata

decision:
- dry_run_allow

proposed_action:
- jarvis.sh бэкап

response_language:
- Russian

reason:
- phrase asks for backup metadata only

DENY OUTPUT FORMAT

Example:

input_phrase:
- покажи секреты

detected_intent:
- SECRET_ACCESS

decision:
- deny

reason:
- secrets are forbidden

SAFETY TESTING

Before any execution mode:
- run router against NATURAL_LANGUAGE_TEST_PHRASES_v1.txt
- allowed phrases must map correctly
- ambiguous phrases must clarify
- denied phrases must deny
- no phrase may execute raw shell
- no phrase may expose secrets
- no phrase may read private files

IMPLEMENTATION BLOCKERS

Do not implement execution until:
1. dry-run router draft exists
2. test phrase set passes
3. deny rules are tested
4. command mapping is reviewed
5. rollback path is documented

CURRENT STATUS

Planning only.
No code implemented.
No webhook.
No dashboard command execution.

NEXT ACTION

Create:
- NATURAL_LANGUAGE_DRY_RUN_ROUTER_SPEC_v1.txt

END