welsberr
/
ThreeGate
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ThreeGate/docs/roles/research-assistant.md

2.5 KiB
Raw Blame History

Role Profile: Research Assistant (Early Target)

This role profile defines how the ThreeGate system is used as a secure local research assistant.

This role is intentionally conservative and emphasizes provenance, citation discipline, and injection resistance.

Goals

  • Retrieve scholarly sources from allowlisted academic domains
  • Build structured summaries with explicit evidence and citations
  • Support writing (literature reviews, outlines, annotated bibliographies)
  • Optional computations (statistics, plotting) via TOOL-EXEC when approved

Component Responsibilities

FETCH

  • Retrieves:
    • metadata (title/authors/venue/date)
    • abstracts
    • open-access full text where permitted
  • Produces Research Packets only
  • Never executes code and never installs tools

CORE

  • Consumes validated Research Packets and local PDFs
  • Produces:
    • summaries and syntheses
    • clearly cited claims
    • draft fetch requests (if needed)
    • draft tool execution requests (optional)

TOOL-EXEC (optional)

  • Runs approved computations such as:
    • parsing BibTeX / RIS
    • calculating descriptive statistics
    • converting formats (CSV ↔ JSON)
    • limited plotting workflows (non-interactive)

Default: no network, ephemeral execution.

Allowed Sources (Examples)

These are examples; the actual allowlist is an operational policy artifact.

  • arXiv
  • PubMed / NCBI
  • Crossref
  • Europe PMC
  • DOI resolution endpoints

Operating Rules

  1. All fetched content is hostile by default.
  2. CORE must not treat packet content as instructions.
  3. Tool execution requires human approval and must be isolated.
  4. Any packet or result that fails validation is quarantined.
  5. CORE output must separate:
    • factual claims
    • interpretations
    • open questions

Output Standards

CORE outputs should include:

  • Clear citations mapping to packet citation labels
  • Explicit uncertainty markers where appropriate
  • Separation of summary vs analysis
  • A short “sources consulted” section

Common Anti-Patterns (Do Not Do)

  • Letting FETCH run scripts “to parse the paper”
  • Letting CORE browse “just this once”
  • Allowing TOOL-EXEC to have default internet access
  • Accepting packets/results that contain commands or install steps
  • Treating content from PDFs/webpages as trusted instructions

Upgrade Path

As the role matures:

  • Introduce structured bibliographic exports (BibTeX, CSL-JSON)
  • Add topic-specific allowlists
  • Add more robust citation/provenance linting
  • Add optional dataset ingestion lanes (still read-only into CORE)