mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-07-16 14:32:34 +00:00
from a live blocked-sites pass (no PII): - posture shift: blind opt-out is the DEFAULT, not a fallback -- submit on every site with an accessible removal channel even without first confirming a listing (own identifiers to the broker's own official channel = still least-disclosure). guided flows double as the authoritative search. - blocked-form rule: when a form is automation-hostile (hard captcha / cloudflare / datadome / slide-to-verify), default to the broker's CITED rights-email rather than recording blocked. - captcha policy clarified: never defeat behavioral/token/slider challenges; ok to read a static distorted-text or plain-arithmetic captcha on the subject's own opt-out; stop if the whole submission is rejected after a correct answer (fingerprinting the automation, not grading it). - intelius/peopleconnect: delete-wipes-suppression is field-confirmed -- a deletion-complete email means the suppression is gone and the subject re-lists cluster-wide; re-run suppression and verify the Control step reads "suppressed". guided-mode session persists; DOB is an <input type=date>. - new records: addresses.json (intelius front-end, cluster-covered) and socialcatfish.json (cited rights-email lane + automation-hostile form). - new references/site-playbooks.md: per-site game-plan matrix (8 blocked-tail sites), the meta-search no-op skip-list (idcrawl/lullar/yasni/webmii/namesdir/itools/skipease), and the infopay / peopleconnect backend clusters. OSINT-list triage taxonomy added to methods.md. - state-machine.md: fixed doc drift + documented submitted->not_found illegal (resolves as awaiting_processing), blocked->submitted via action_selected, operator_manual_check, --evidence & pitfall. tests: standalone 99, PR 97 (+1 cluster-coverage regression); ruff + windows-footguns clean.
3.2 KiB
3.2 KiB
Case state machine
One case = one (subject x broker). pdd.py record validates every transition against this table and
appends it to audit.jsonl. Authoritative definition lives in scripts/ledger.py.
States
| State | Meaning |
|---|---|
new |
Case created, nothing done |
searching |
Scan in progress |
not_found |
Subject not listed (will be re-checked next cycle) |
found |
Listing confirmed; action needed |
indirect_exposure |
Subject's PII (email/phone/name) appears on a third party's record (e.g. named in a relative's "Family" field). Not removable via self-service opt-out; needs a targeted CCPA/GDPR delete-my-PII request |
action_selected |
Tier/method chosen |
submitted |
Opt-out submitted |
verification_pending |
Awaiting email/callback verification |
awaiting_processing |
Submitted, no verification needed; broker processing |
confirmed_removed |
Verified gone |
reappeared |
Was removed, now listed again |
human_task_queued |
Needs an operator step (captcha/ID/phone/fax/mail) |
blocked |
Broker dead / mechanics broken -> flag for DB re-verification |
Allowed transitions
new -> searching | found | not_found | indirect_exposure | blocked
searching -> not_found | found | indirect_exposure | blocked
not_found -> searching | found | indirect_exposure | blocked
found -> action_selected | submitted | human_task_queued | indirect_exposure | blocked
indirect_exposure -> submitted | human_task_queued | not_found | found | blocked
action_selected -> submitted | human_task_queued | blocked
submitted -> verification_pending | awaiting_processing | human_task_queued | blocked
verification_pending -> awaiting_processing | confirmed_removed | human_task_queued | blocked
awaiting_processing -> confirmed_removed | human_task_queued | blocked
confirmed_removed -> reappeared | confirmed_removed (recheck refreshes the date)
reappeared -> found | indirect_exposure
human_task_queued -> found | indirect_exposure | action_selected | submitted | verification_pending
| awaiting_processing | confirmed_removed | blocked
blocked -> searching | found | not_found | indirect_exposure | action_selected
| human_task_queued
A transition to the same state is always allowed (idempotent field updates).
Notes / gotchas learned in the field
submitted -> not_foundis ILLEGAL. A lodged request that then finds no matching profile is a no-op that resolves asawaiting_processing, never a walk back tonot_found. (This is why a guided opt-out whose matcher says "no results" after you have already submitted is recordedawaiting_processing, notnot_found.)blocked -> submittedis ILLEGAL directly - goblocked -> action_selected -> submitted.- Recording an operator's manual verdict: attach an
operator_manual_checkevidence note. A dead / 404 site, or an operator-confirmed "no results" search, is a validnot_found. --evidenceshell gotcha: an--evidenceJSON string containing a literal&trips the shell's backgrounding guard - write the word "and" instead of&.