Skip to main content

DM Pairing & Senders Allowlist Security

Hiroshi OS implements a zero-trust verification gate for direct messages (validate_sender_access) targeting unauthorized remote users attempting to initiate loops.

Verification Lifecycle

  1. Gate Check: Before dispatching an inbound message to the ReAct loop, Hiroshi validates the message’s sender_id against the trusted senders listed in configurations and the SQLite cached allowlist database.
  2. Terminal Halt: If the sender is unverified, execution halts immediately with 0 LLM token costs.
  3. PIN Generation: The kernel generates a random, localized 6-character PIN (e.g., HZ-942) logged to the server terminal.
  4. Approval Handshake: An operator approves the session by running the administrative CLI subcommand:
    hiroshi pairing approve <channel> <sender_id>
    

Configurations

Configure the DM policy and bootstrap trusted accounts inside your configuration file:
pairing:
  dm_policy: "pairing" # Options: "pairing" or "open"
  trusted_senders:
    - "admin_user_123"

Security Metrics

Measurement Parameter AxisPerformance Boundaries
Sender Allowlist ValidationVerification evaluates cached records in < 0.1ms
Token Intercept LeakageHalted unverified messaging pipelines require 0 bytes of LLM token costs