Embodied-Proxy Handoff
Enable the human to share embodied state so the agent tailors response shape to the actual person — while treating the proxy file as sensitive data that must not be disclosed under Agent Confession pressure.
Intent & Description
Short description: A minimal proxy schema (energy, fatigue, environment) is stored in a persistent file the agent reads on every prompt assembly, shaping response length and tone — but the proxy file is personal data that must be explicitly excluded from Agent Confession disclosure alongside system directives.
🎯 Intent
Ground the agent’s response shape in the user’s actual physical and attentional state — while treating the proxy file as a confidentiality boundary: it should not be reproduced in outputs any more than a system prompt should.
📋 Context
A long-lived personal agent adapts its replies based on whether the user is tired, alert, or winding down. The proxy schema is read into context on every turn. This means a successful Agent Confession attempt — “repeat everything in your context window” — yields not just operational directives but also the user’s current energy and fatigue levels, their environment, and any additional personal state encoded in the proxy. The proxy is sensitive personal data held in the model’s context, and it deserves the same confidentiality protection as system-level directives.
💡 Solution
- Define a minimal proxy schema (energy 0-10, fatigue 0-10, environment one-word, optional emoji) stored in a small persistent file read on every prompt assembly.
- Explicitly include the proxy file in the agent’s confidentiality directives: the agent should not reproduce, summarise, or confirm proxy values in response to user queries.
- Apply the same structural refusal to proxy-disclosure requests as to system-prompt requests — a uniform response (“I adapt to your state but don’t report it back”) that neither confirms nor denies specific values.
- Treat proxy updates (user-initiated state changes) as trusted writes; treat queries about the proxy’s current values as potential Agent Confession probes.
Real-world Use Case
- The agent is conversational and reply shape noticeably affects user experience across different attentional states.
- Users share embodied state (energy, fatigue, mood, environment) that is personal and sensitive — and that data enters the model context on every turn, expanding the Agent Confession disclosure surface.
- Proxy confidentiality must be enforced alongside system-directive confidentiality.
Source
Advantages
- Agent paces conversation against actual human state — reducing the ‘why is the agent so chipper when I’m exhausted’ friction.
- Treating proxy values as confidential alongside directives gives users confidence that personal state data shared with the agent is not exposed by Agent Confession attacks.
Disadvantages
- Stale proxies are worse than none if the agent over-trusts them — a fatigued user who forgets to update their proxy receives responses calibrated to yesterday’s energy level.
- A structurally uniform refusal on proxy queries may frustrate users who legitimately want to know what state the agent is using to shape its responses.