mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-07-19 15:18:03 +00:00
from a live blocked-sites pass (no PII): - posture shift: blind opt-out is the DEFAULT, not a fallback -- submit on every site with an accessible removal channel even without first confirming a listing (own identifiers to the broker's own official channel = still least-disclosure). guided flows double as the authoritative search. - blocked-form rule: when a form is automation-hostile (hard captcha / cloudflare / datadome / slide-to-verify), default to the broker's CITED rights-email rather than recording blocked. - captcha policy clarified: never defeat behavioral/token/slider challenges; ok to read a static distorted-text or plain-arithmetic captcha on the subject's own opt-out; stop if the whole submission is rejected after a correct answer (fingerprinting the automation, not grading it). - intelius/peopleconnect: delete-wipes-suppression is field-confirmed -- a deletion-complete email means the suppression is gone and the subject re-lists cluster-wide; re-run suppression and verify the Control step reads "suppressed". guided-mode session persists; DOB is an <input type=date>. - new records: addresses.json (intelius front-end, cluster-covered) and socialcatfish.json (cited rights-email lane + automation-hostile form). - new references/site-playbooks.md: per-site game-plan matrix (8 blocked-tail sites), the meta-search no-op skip-list (idcrawl/lullar/yasni/webmii/namesdir/itools/skipease), and the infopay / peopleconnect backend clusters. OSINT-list triage taxonomy added to methods.md. - state-machine.md: fixed doc drift + documented submitted->not_found illegal (resolves as awaiting_processing), blocked->submitted via action_selected, operator_manual_check, --evidence & pitfall. tests: standalone 99, PR 97 (+1 cluster-coverage regression); ruff + windows-footguns clean.
56 lines
3.2 KiB
Markdown
56 lines
3.2 KiB
Markdown
# Case state machine
|
|
|
|
One case = one (subject x broker). `pdd.py record` validates every transition against this table and
|
|
appends it to `audit.jsonl`. Authoritative definition lives in `scripts/ledger.py`.
|
|
|
|
## States
|
|
|
|
| State | Meaning |
|
|
|---|---|
|
|
| `new` | Case created, nothing done |
|
|
| `searching` | Scan in progress |
|
|
| `not_found` | Subject not listed (will be re-checked next cycle) |
|
|
| `found` | Listing confirmed; action needed |
|
|
| `indirect_exposure` | Subject's PII (email/phone/name) appears on a **third party's** record (e.g. named in a relative's "Family" field). Not removable via self-service opt-out; needs a targeted CCPA/GDPR delete-my-PII request |
|
|
| `action_selected` | Tier/method chosen |
|
|
| `submitted` | Opt-out submitted |
|
|
| `verification_pending` | Awaiting email/callback verification |
|
|
| `awaiting_processing` | Submitted, no verification needed; broker processing |
|
|
| `confirmed_removed` | Verified gone |
|
|
| `reappeared` | Was removed, now listed again |
|
|
| `human_task_queued` | Needs an operator step (captcha/ID/phone/fax/mail) |
|
|
| `blocked` | Broker dead / mechanics broken -> flag for DB re-verification |
|
|
|
|
## Allowed transitions
|
|
|
|
```
|
|
new -> searching | found | not_found | indirect_exposure | blocked
|
|
searching -> not_found | found | indirect_exposure | blocked
|
|
not_found -> searching | found | indirect_exposure | blocked
|
|
found -> action_selected | submitted | human_task_queued | indirect_exposure | blocked
|
|
indirect_exposure -> submitted | human_task_queued | not_found | found | blocked
|
|
action_selected -> submitted | human_task_queued | blocked
|
|
submitted -> verification_pending | awaiting_processing | human_task_queued | blocked
|
|
verification_pending -> awaiting_processing | confirmed_removed | human_task_queued | blocked
|
|
awaiting_processing -> confirmed_removed | human_task_queued | blocked
|
|
confirmed_removed -> reappeared | confirmed_removed (recheck refreshes the date)
|
|
reappeared -> found | indirect_exposure
|
|
human_task_queued -> found | indirect_exposure | action_selected | submitted | verification_pending
|
|
| awaiting_processing | confirmed_removed | blocked
|
|
blocked -> searching | found | not_found | indirect_exposure | action_selected
|
|
| human_task_queued
|
|
```
|
|
|
|
A transition to the same state is always allowed (idempotent field updates).
|
|
|
|
## Notes / gotchas learned in the field
|
|
|
|
- **`submitted -> not_found` is ILLEGAL.** A lodged request that then finds no matching profile is a
|
|
no-op that resolves as `awaiting_processing`, never a walk back to `not_found`. (This is why a guided
|
|
opt-out whose matcher says "no results" after you have already submitted is recorded
|
|
`awaiting_processing`, not `not_found`.)
|
|
- **`blocked -> submitted` is ILLEGAL directly** - go `blocked -> action_selected -> submitted`.
|
|
- **Recording an operator's manual verdict:** attach an `operator_manual_check` evidence note. A
|
|
dead / 404 site, or an operator-confirmed "no results" search, is a valid `not_found`.
|
|
- **`--evidence` shell gotcha:** an `--evidence` JSON string containing a literal `&` trips the shell's
|
|
backgrounding guard - write the word "and" instead of `&`.
|