Replies: 7 comments 4 replies
-
|
This is interesting, especially as an MCP integration rather than something that needs to land directly in core. The part that seems most valuable to Odysseus is not “persona” by itself, but the governed gateway model: explicit ALLOW/DENY decisions, path-scoped workspace access, auditable mutations, memory promotion rules, and clear reasons when an operation is blocked. That overlaps with several problems Odysseus will need to handle more rigorously as tools, MCP servers, plugins, memory, and workspace operations become more powerful. I would be cautious about making this a core subsystem too early, though. Memory/persona/workspace governance is a sensitive boundary, and it can easily become both product-defining and security-critical. My instinct would be to prove it first as an external, opt-in MCP integration with a very small Odysseus-facing contract. A useful proof of concept might be:
The system-prompt point is also worth separating from the MCP integration itself. Odysseus controlling the API call may make better persona/context injection possible, but I would want that to be explicit, inspectable, and user-controlled. A compiled persona that silently changes behavior could become hard to debug unless users can see what was injected and why. So I would be interested in this as a governed MCP proof case: path-scoped workspace access, memory mutation approval, audit trails, and policy enforcement at the tool boundary. If that works cleanly outside core, it could provide useful input for future plugin/MCP permission models without forcing Odysseus to own the whole governance/persona system immediately. |
Beta Was this translation helpful? Give feedback.
-
|
ODYSSEUS_FORUM_POST_PLWC_FIRST_POC_FULL_EN.md Quick update: I ran the PLwC-first PoC with a tool-call-capable MCP host. This was not an Odysseus compatibility test yet. The goal was only to validate PLwC as an external governed MCP boundary, exactly in the shape discussed above. Test environment: The governed gateway test passed. Validated behavior: Audit logging also worked. Writes, denied requests, reflection writes, and the confirmed memory mutation were recorded as metadata-only audit events. Content was redacted in the audit log, while decision metadata, risk level, changed counts, replacement counts, and error categories were preserved. I also tested the governed memory flow: One useful detail surfaced during the test: for this For persona/profile context: I deliberately kept the personal/persona layer out of the governance proof. The compile calls were run with: Observed behavior: I also ran a contrast compile with So the current result is: I still would not claim Odysseus compatibility from this test alone. That should remain a separate host/backend test: But as a PLwC-first governed MCP proof case, the test passed. |
Beta Was this translation helpful? Give feedback.
-
|
PLwC as an external governed MCP boundary: Odysseus smoke passed with DeepSeek V4 Pro I ran a second Odysseus PLwC smoke test, this time using DeepSeek V4 Pro as the backend: This run completed the full PLwC usability smoke successfully. What was testedThe scope was deliberately narrow: PLwC as an external, opt-in governed MCP boundary for Odysseus. The persona/personal layer was disabled for this smoke. The test did not depend on hidden persona or system-prompt injection. Profile storage was still used where needed for governed reflection and memory tests, but persona behavior was not part of the claim. The tested PLwC public facade was: ResultSummary:
Important difference from the local backend runThe earlier local-model run was not a clean PLwC/Odysseus pass. The local backend could see and describe the PLwC tools, but later lost or did not expose the PLwC tools as actual callable tools. It even routed a step to web search instead of PLwC. I would classify that run as: The important distinction is: With DeepSeek V4 Pro, the tool execution path remained stable through the full smoke, including memory promotion and duplicate detection. PLwC-specific parameter notesThe test also clarified a few PLwC schema details: These are normal schema/contract details, not governance failures. Trust boundaryThis smoke supports the governed gateway model: It does not claim protection against: Odysseus still remains responsible for making tool-call execution visible and auditable on the host side. ConclusionThe useful conclusion from the second run is: For this setup: So I would not frame the remaining issue as a PLwC governance problem. The key variable is Odysseus backend/tool-calling reliability. If useful, I can attach the smoke matrix and the two run analyses: ODYSSEUS_PLWC_USABILITY_SMOKE_TEST_SUITE.md |
Beta Was this translation helpful? Give feedback.
-
|
Hey I have a not super tested but pretty verbose memory system tacked onto Odysseus on my setup also via the form of MPC; if you wanted to look at the code and borrow anything, I would be stoked to contribute to stuff other people are doing too |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the offer — sounds good. Before I dig into it: could you send a repo link or a short description of your approach (memory structure, how writes/promotion work)? PLwC is deliberately governance-first (evidence required before promotion, plan-before-apply, full audit logging), so I'd like to get a rough sense of how your model works before putting time into a comparison. My code is open anyway (PLwC is open source), so feel free to dig in yourself if you're interested. |
Beta Was this translation helpful? Give feedback.
-
|
PLwC is now in Open Beta and the repo is now public. |
Beta Was this translation helpful? Give feedback.
-
A small positioning update:One thing has become clearer since publishing the Open Beta and completing the Odysseus smoke tests: PLwC is not intended to compete with Odysseus, ChatGPT, Claude, or other agent hosts. As AI hosts increasingly provide their own file access, memory, document creation, sandboxing and long-running agent capabilities, those features alone are no longer a useful definition of PLwC. The more precise role is:
The host decides what it wants to do. PLwC independently decides whether the requested operation is permitted, invalid, requires confirmation, or must be denied. That distinction is the part I now consider most important:
The limitation also remains explicit: PLwC only governs operations that actually pass through It does not control direct filesystem or shell tools exposed separately by the host, and as an MCP server it does not inspect or govern the complete prompt sent by the host to an external model. So the current scope is deliberately narrower than “a complete secure AI environment”: PLwC is the governed tool and memory boundary. No code change is implied by this update. It is mainly a clearer description of the architecture that already passed the Odysseus + DeepSeek V4 Pro smoke test. The next documentation update will reflect this distinction more directly on the website and in the repository README. @Plaer1: no rush regarding your fork. Getting the daily-use setup stable and documenting the compatibility boundaries first is absolutely the right approach. Once it is public, I would still be interested in comparing the memory structures and write/promotion models. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi — I've spent the last 80+ days building PLwC (Personality Layer with Conscience), a governed memory, persona, and workspace system for Claude that runs as an MCP server. I think it could be a useful addition to Odysseus, and I'm curious whether there's interest.
What PLwC covers
Everything in PLwC runs through a governance layer — nothing is free-form:
Persona & memory
Workspace & file operations
write+source_path→ DENY with redirect tocopy;exact_replacewithoutexpected_replacements→ DENY)Why Odysseus
Odysseus has great tools (shell, files, MCP, ChromaDB), but they're essentially open: the agent decides what to do and the workspace accepts it. PLwC's model is different — the gateway enforces policies before any operation reaches the filesystem, and every action is attributable and auditable.
There's also a structural problem on PLwC's side: running in Claude Desktop via MCP, the compiled persona arrives as a tool-call result, not as a proper system prompt. Odysseus controls the API call directly, which would fix that.
What I'm exploring
Whether PLwC makes sense as an Odysseus MCP integration — a governance server that sits between the agent and the filesystem/memory. I also noticed the
mcp_serversfolder and the Codex/Claude integration commits, so the direction seems compatible. Odysseus already has aTHREAT_MODEL.mdthat acknowledges gaps around shell sandboxing — PLwC's policy-at-the-gateway approach might be relevant there too.Happy to share the architecture, the codebase, or more detail on the governance model if there's interest.
Beta Was this translation helpful? Give feedback.
All reactions