Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.wolffi.sh/llms.txt

Use this file to discover all available pages before exploring further.

Safety Patterns

The amygdala is Wolffish’s safety gate. Every tool call passes through it before execution. It has zero hardcoded patterns — all danger and confirm patterns are loaded from SKILL.md files via the cerebellum.

How It Works

When the LLM produces a tool call, the amygdala constructs a match string: 
toolName + " " + JSON.stringify(args)
This string is tested against all registered patterns. The classification result determines what happens:
ClassificationBehavior
safeTool executes immediately
confirmApproval dialog shown in UI; execution waits for user response
blockTool call is denied; LLM receives a denial message

Pattern Matching

Patterns are regex strings defined in SKILL.md frontmatter: 
danger_patterns:
  - "rm -rf /"
  - "sudo rm"
  - "chmod 777"
  - "mkfs"
  - "dd if="

confirm_patterns:
  - "npm install"
  - "git push"
  - "docker rm"
  - "pip install"

Pattern Priority

If a tool call matches both a danger pattern and a confirm pattern, danger wins. The priority order is: block > confirm > safe.

The Approval Flow

When amygdala classifies a call as confirm:
  1. An safety.confirm event is emitted on the corpus event bus
  2. An IPC message is sent to the renderer process
  3. The UI shows an approval card with the tool name, arguments, and approve/deny buttons
  4. The amygdala waits via a Promise-based bridge
  5. The user’s decision (approve or deny) is returned
  6. If approved, execution proceeds. If denied, the LLM receives a denial message

Writing Good Patterns

Keep patterns specific enough to catch real dangers but broad enough to not miss variations. Test your patterns against the full match string format (toolName + " " + JSON.stringify(args)).
When in doubt, use confirm patterns over danger patterns. It’s better to ask the user than to silently block something they intended to do.

Feedback Loop

When users approve or deny tool calls, the decision is recorded by basalganglia. Over time, this builds a preference history that the LLM can reference to understand what the user typically approves or denies.