welsberr
/
ThreeGate
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ThreeGate/README.md

2.7 KiB
Raw Blame History

ThreeGate

ThreeGate is a compartmentalized architecture for building secure, local AI assistants that perform goal-directed tasks without relying on autonomous agents or trusting large language models to behave safely.

ThreeGate separates thinking, retrieval, and execution into distinct, least-privileged components with enforced trust boundaries.

If prompt injection is inevitable, safety must come from structure.

What ThreeGate Is

ThreeGate is:

  • A reference architecture for secure local assistants
  • A defense-in-depth design against prompt injection, tool abuse, and data exfiltration
  • A human-governed system, not an autonomous agent
  • Designed for single-user, local operation
  • Explicitly extensible to multiple roles (research, policy analysis, data science, auditing)

What ThreeGate Is Not

ThreeGate is not:

  • An autonomous agent framework
  • A self-modifying system
  • A browsing-and-executing AI loop
  • A cloud-first or multi-tenant platform
  • A system that trusts LLM outputs without validation

Core Insight

Most unsafe AI systems fail because they allow a single component to:

Read untrusted input, reason about it, and immediately act on the world.

ThreeGate prevents this by enforcing three independent gates:

  1. FETCH — retrieves untrusted external content
  2. CORE — performs reasoning and synthesis
  3. TOOL-EXEC — executes code, only when explicitly approved

No component crosses more than one gate.

High-Level Architecture

 Internet
     ↑
[ Managed Proxy ]
     ↑
 FETCH (retrieval)
     ↓
Research Packets
     ↓
 CORE (analysis)
     ↓

(optional, human-approved) ↓ TOOL-EXEC (sandboxed execution)

Initial Target Role

The first concrete role implemented using ThreeGate is a:

Secure Local Research Assistant

Capabilities:

  • Scholarly retrieval (controlled, allowlisted)
  • Analysis and writing
  • Optional sandboxed computation
  • No autonomous browsing or execution

Repository Structure (Initial)

ThreeGate/
├── README.md
├── docs/
│ ├── architecture.md
│ ├── threat-model.md
│ └── why-this-is-safer.md

Status

This repository is in early specification and reference implementation phase.

The design is intentionally conservative. Convenience features are added only when they preserve trust boundaries.

License & Philosophy

ThreeGate favors:

  • Explicit over implicit authority
  • Structural safety over behavioral promises
  • Human-in-the-loop over automation

If a feature weakens a trust boundary, it does not belong here.