[FEATURE] implements WFGY semantic firewall

[Ofido]

Plan: Minimal Integration MVP for WFGY semantic firewall

thanks for the green light. i’ll push a tiny MVP so we can validate the idea in your stack first, then decide how deep we go.

0) goal in one line

add a lightweight pre-gen semantic firewall that checks role drift and context fit before the agent/tool runs. pass if ΔS ≤ 0.45 and coverage ≥ 0.70. if not, auto-reset or compress.

1) insertion point for MVP

Path A: prompt-wrapper proxy (no infra change)

• intercept request right before model call
• compute ΔS with anchors
• if drift: rewrite or re-init, else pass through

we can add Path B (embedding gate) later if you want, but path A gets us a fast win.

2) deliverables

• wfgy_guard.py a single file CLI
• spec.yaml anchors + weights + thresholds
• examples/ 3 tiny tasks for repro
• report.json per call telemetry

3) CLI

# init a sample spec
python wfgy_guard.py init --out spec.yaml

# run guard once
python wfgy_guard.py guard \
  --input input.txt \
  --goal goal.txt \
  --spec spec.yaml \
  --out report.json

# pipe mode for easy proxy
cat prompt.txt | python wfgy_guard.py guard --goal goal.txt --spec spec.yaml

4) spec.yaml (minimal)

anchors:
  entities: ["invoice", "due date", "customer id"]
  relations: ["invoice->due date", "customer id->lookup"]
  constraints: ["net-30", "usd only"]
weights:
  w_e: 0.5
  w_r: 0.3
  w_c: 0.2
thresholds:
  delta_s_max: 0.45
  coverage_min: 0.70
actions:
  on_drift: ["reset_role", "compress_context"]
  on_low_cov: ["add_missing_anchors"]

5) telemetry (always printed)

triage=No.1|No.5  delta_s=0.38  coverage=0.74  lambda=convergent  decision=pass

• triage maps to failure patterns we observe during guard
• decision is pass|rewrite|reset

6) acceptance targets

• ΔS ≤ 0.45 on 3 consecutive runs for the same task
• coverage ≥ 0.70 with anchors present
• no role drift across retry 1→3

7) quick dataset to reproduce

• ex1_tool_pick.txt tests wrong tool loop
• ex2_role_swap.txt tests role drift
• ex3_cold_boot.txt tests first call garbage

8) scope and time

• day 1 ship CLI + spec + examples
• day 2 wire into your pipeline as a thin proxy function
• day 3 tune anchors with your real tasks, confirm targets
• day 4 optional: add --ci mode to fail builds on drift

9) extension options after MVP

• Path B: embedding gate before retrieval, normalize vectors, add trace IDs
• Path C: multi-agent lock ordering and token passing to prevent deadlock
• Path D: recovery bridges for stalled steps

if this looks good, i’ll open a PR with the single-file CLI and the sample spec, then we tune it together on your tasks. happy to adjust the insertion point if you prefer embedding gate first. waiting on your preference and any constraints i should match.

Originally posted by @onestardao in #8

[onestardao]

Hey, sorry for the slow reply ^^ things have been crazy on my side.

Just wanted to say this is seriously impressive work. You understood the intent of the semantic firewall better than most, especially with the anchors + telemetry loop. Seeing you map out Path A/B/C and acceptance targets means you really got it — not just patching prompts, but turning it into a proper guardrail system.

If you want, I’m happy to share some internal notes / failure sets we use in production to help refine the ΔS thresholds and drift cases. But honestly, you’re already building something solid here.

Really appreciate you pushing this forward.

[Ofido]

Hello!
Thank you for raising this important discussion regarding the WFGY Semantic Firewall.

I would have liked to have already implemented this feature, but I noticed that the required changes for a robust and configurable implementation were getting too extensive, so I decided to postpone it slightly.
The complexity mainly stems from the need to tune the prompt behavior for different LLM sizes, a necessary step for an effective semantic firewall:

• Model Sensitivity: Smaller models, especially from Hugging Face, require very explicit and detailed prompts/explanations to generate accurate results.
• Prompt Efficiency: Conversely, larger models (like GPT-4.1/5 or Claude) often perform worse when subjected to extremely large, highly explanatory prompts.

To implement the required metrics—like the ΔS (semantic drift) and coverage checks mentioned in the proposal—effectively across all models, I need to study how to parameterize and implement them correctly. Unfortunately, securing sufficient funds for extensive testing on the more expensive, high-tier models has been an unexpected constraint.
Alongside this, I'm deep-diving into the Hugging Face structure to ensure the semantic firewall changes can be integrated optimally.
Here is the adjusted plan:

• Implement the WFGY feature as a prompt-level guard (fitting the "prompt-wrapper proxy" approach mentioned in the proposal).
• Ensure it can be disabled by the user through settings for testing and comparison.

This feature is absolutely on the way and planned! Thanks so much for all your support and input. Any thoughts or contributions you have in the meantime are super welcome!

[onestardao]

One reminder as you move forward: the firewall isn’t just filter logic
it must preserve semantic tension rather than collapse it.

Once a guard turns into a static condition, it stops being WFGY.
If you need reference metrics (drift, Δ-gap, or acceptance gates), I can share minimal templates.
Keep going — this is one of the few serious attempts I’ve seen.

^^ Good works