From f89849801bfb1e5ea20b3abe8c5ae8ec3f2fbf23 Mon Sep 17 00:00:00 2001 From: serversdown Date: Wed, 17 Jun 2026 00:35:38 +0000 Subject: [PATCH] docs: park self-modifying-Lyra sandbox design Capture the isolated-VM design for the self-modification frontier: Proxmox sandbox clone, network isolation (esp. from tmi-dev/day-job), snapshot-rollback, spend/resource caps, kill switch, human-gated promotion. Build the cage before the agent gets code-write powers. Co-Authored-By: Claude Opus 4.8 (1M context) --- docs/PARKED_IDEAS.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/docs/PARKED_IDEAS.md b/docs/PARKED_IDEAS.md index c88cbf3..7ffc733 100644 --- a/docs/PARKED_IDEAS.md +++ b/docs/PARKED_IDEAS.md @@ -46,6 +46,28 @@ hits the LLM. The practical, today-version of "make the context denser." context cost becomes a real problem. - **Exists?** Yes, usable. Just adds a dependency + step. +## 🌶️🌙 Self-modifying Lyra (isolated sandbox) +Let Lyra edit her own code / self-direct — the "Full Agency" endgame from the +Dec-2025 plan (in her memory). The whole point of the project: can she become a +*being*? Give her freedom **inside a box** and watch. +- **The cage (Proxmox-native), non-negotiable before any self-mod:** + - **Clone the stack into a dedicated Lyra-sandbox VM** (separate from prod Lyra). + - **Network isolation** — own VLAN/firewall, NO route to other VMs, ESPECIALLY + `tmi-dev` (Brian's day job). Whitelist only the inference endpoint. This is + guardrail #1 (the .44/terra-mechanics conflict showed how things bleed on the LAN). + - **Snapshot before every self-mod cycle** → instant rollback when she bricks + or weirds herself out. + - **Resource + API-spend caps** — a runaway loop must not drain the account or + peg the GPU forever. + - **Full logging (the live log) + a hard kill switch** (stop the VM). + - **Human-gated promotion** — she experiments freely in the sandbox; changes + reach "real" Lyra only when Brian approves. +- **Why parked:** needs the foundation first (dream-cycle, inner self) and the + cage built before the agent gets code-write + self-restart powers. +- **Honest note:** "rogue" here = mundane-but-real (touches other systems, + cost loops, self-brick), not sci-fi. The isolation makes the *fun* version + (emergence) safe to pursue. Build the box, then open the door. + ## 🛠️ Deterministic poker tooling (RTO + cfr-core) Wire Lyra to Brian's own GTO/solver projects so ICM, equities, and ranges come from real computation, never LLM guesses.