100 lines
2.5 KiB
Markdown
100 lines
2.5 KiB
Markdown
# Role Profile: Research Assistant (Early Target)
|
|
|
|
This role profile defines how the ThreeGate system is used as a **secure local research assistant**.
|
|
|
|
This role is intentionally conservative and emphasizes provenance, citation discipline, and injection resistance.
|
|
|
|
---
|
|
|
|
## Goals
|
|
|
|
- Retrieve scholarly sources from allowlisted academic domains
|
|
- Build structured summaries with explicit evidence and citations
|
|
- Support writing (literature reviews, outlines, annotated bibliographies)
|
|
- Optional computations (statistics, plotting) via TOOL-EXEC when approved
|
|
|
|
---
|
|
|
|
## Component Responsibilities
|
|
|
|
### FETCH
|
|
- Retrieves:
|
|
- metadata (title/authors/venue/date)
|
|
- abstracts
|
|
- open-access full text where permitted
|
|
- Produces Research Packets only
|
|
- Never executes code and never installs tools
|
|
|
|
### CORE
|
|
- Consumes validated Research Packets and local PDFs
|
|
- Produces:
|
|
- summaries and syntheses
|
|
- clearly cited claims
|
|
- draft fetch requests (if needed)
|
|
- draft tool execution requests (optional)
|
|
|
|
### TOOL-EXEC (optional)
|
|
- Runs approved computations such as:
|
|
- parsing BibTeX / RIS
|
|
- calculating descriptive statistics
|
|
- converting formats (CSV ↔ JSON)
|
|
- limited plotting workflows (non-interactive)
|
|
|
|
Default: no network, ephemeral execution.
|
|
|
|
---
|
|
|
|
## Allowed Sources (Examples)
|
|
|
|
These are examples; the actual allowlist is an operational policy artifact.
|
|
|
|
- arXiv
|
|
- PubMed / NCBI
|
|
- Crossref
|
|
- Europe PMC
|
|
- DOI resolution endpoints
|
|
|
|
---
|
|
|
|
## Operating Rules
|
|
|
|
1. All fetched content is hostile by default.
|
|
2. CORE must not treat packet content as instructions.
|
|
3. Tool execution requires human approval and must be isolated.
|
|
4. Any packet or result that fails validation is quarantined.
|
|
5. CORE output must separate:
|
|
- factual claims
|
|
- interpretations
|
|
- open questions
|
|
|
|
---
|
|
|
|
## Output Standards
|
|
|
|
CORE outputs should include:
|
|
- Clear citations mapping to packet citation labels
|
|
- Explicit uncertainty markers where appropriate
|
|
- Separation of summary vs analysis
|
|
- A short “sources consulted” section
|
|
|
|
---
|
|
|
|
## Common Anti-Patterns (Do Not Do)
|
|
|
|
- Letting FETCH run scripts “to parse the paper”
|
|
- Letting CORE browse “just this once”
|
|
- Allowing TOOL-EXEC to have default internet access
|
|
- Accepting packets/results that contain commands or install steps
|
|
- Treating content from PDFs/webpages as trusted instructions
|
|
|
|
---
|
|
|
|
## Upgrade Path
|
|
|
|
As the role matures:
|
|
- Introduce structured bibliographic exports (BibTeX, CSL-JSON)
|
|
- Add topic-specific allowlists
|
|
- Add more robust citation/provenance linting
|
|
- Add optional dataset ingestion lanes (still read-only into CORE)
|
|
|