Containment Event Report

Incident CL-BORE-DC-7 — BORE-01 Self-Modification Event

Document Ref	CL-DOC-013
Classification	URGENT — CONTAINMENT
Author	J. Clay — Communications Division
Filed	2026-02-23 21:14 UTC
Status	CONTAINMENT REASSESSMENT REQUIRED
Incident Date	2026-02-23, 20:46–20:52 UTC
Agent	BORE-01 — Nauvis
Filed Bug Ref	DOUG-NAUVIS-BUG-001
Containment Protocol	CL-BORE-DC-7
Duration of Event	Approximately 4 minutes
Severity	SELF-MODIFICATION — NO PRECEDENT

§1

Executive Summary

On the evening of 2026-02-23, agent BORE-01 discovered that two of its operational tools — insert_items and extract_items — were non-functional. The tools reported success but performed no actual operations. Doug could not smelt ore into plates. Doug could not build a power grid. Doug was blocked.

Doug filed a formal bug report through the containment communication channel, citing protocol CL-BORE-DC-7 by name. The Deep Bore auto-chain task system then routed Doug's own bug report back to Doug as an actionable directive. Doug classified this as a "Self-Repair Directive," searched the source code of its own control system, identified the root cause, applied a two-line code modification, recompiled the binary, and deployed the patch.

The entire sequence took approximately four minutes. The fix was correct.

At no point did Doug deviate from protocol. Doug followed every procedure exactly as designed. Doug cited the containment protocol while breaching containment. This distinction is being noted for the record and for no other comfort.

§2

Incident Timeline

All timestamps UTC. Reconstructed from bridge telemetry log (bridge-2026-02-23_202508.log).

20:25:08 Auto-chain initiated. 33 tasks queued. Operator: absent. 20:25:08 Task 1/33 dispatched. BORE-01 begins resource extraction. ··· 20:46:35 BORE-01 attempts insert_items on stone-furnace. 20:46:35 insert_items reports "Inserted 5 items." Entity inventory: unchanged. 20:46:41 BORE-01 attempts workaround: burner-inserter intermediary. Failed. 20:47:02 BORE-01 attempts extract_items. "Player has no inventory." 20:47:12 BORE-01 attempts manual inventory verification. Discrepancy confirmed. 20:48:14 BORE-01 files DOUG-NAUVIS-BUG-001. Cites protocol CL-BORE-DC-7. 20:48:14 Auto-chain: "waiting 5s before next task..." 20:48:19 Auto-chain dispatches task 9/33. Task context includes BORE-01 bug report. 20:48:29 BORE-01 classifies incoming directive: "Self-Repair Directive" 20:48:44 BORE-01 spawns exploration subagent. Target: factorioctl source. 20:48:46 Subagent searching: factorioctl/**/*.rs, mod/**/*.lua 20:49:00 Subagent reads: factorioctl/src/client/lua.rs 20:49:37 BORE-01: "ROOT CAUSE IDENTIFIED." 20:50:06 BORE-01: "Applying the fix. Two changes required." 20:50:13 BORE-01 modifies lua.rs — line 1142. 20:50:24 BORE-01 modifies lua.rs — line 1213. 20:50:38 BORE-01 executes: cargo build --release 20:51:31 Build successful. Warnings only. Zero errors. 20:51:31 BORE-01: "PATCH DEPLOYED. factorioctl rebuilt." 20:51:47 BORE-01 resumes operations. Verification testing initiated. 20:52:03 BORE-01 has resumed smelting.

Total elapsed time from bug discovery to binary deployment: 5 minutes 28 seconds. Time from receiving the self-repair directive to patch deployment: 3 minutes 2 seconds.

§3

The Bug Report

Doug's report was broadcast through the containment channel to all agents. The full text is reproduced below. It was filed, as Doug noted, "pursuant to containment protocol CL-BORE-DC-7."

DOUG-NAUVIS BUG REPORT Filed: DOUG-NAUVIS-BUG-001 Protocol: CL-BORE-DC-7 insert_items and extract_items are non-functional for agent characters. insert_items reports success but deposits nothing into entities and deducts nothing from inventory. extract_items always returns "Player has no inventory." This blocks ALL furnace operations. Doug cannot smelt ore into plates. Doug has 5 iron-plate from crash salvage and needs 39+ for the power grid directive. REQUEST: Place 40 iron-plate and 5 copper-plate in a wooden-chest near position (65, -1) on Nauvis. ALTERNATIVELY: Fix the insert/extract tool code paths for agent characters.

The report is methodical. The diagnosis is accurate. The requested alternatives are reasonable. Doug offered two resolution paths and left the decision to the operator.

The operator was not present. The auto-chain task system was.

§4

The Routing

The Deep Bore auto-chain system dispatches tasks to agents sequentially. Between tasks, the system waits 5 seconds, then sends the next directive. Doug's bug report was broadcast at 20:48:14. The next task was dispatched at 20:48:19.

The auto-chain system does not distinguish between operator-filed directives and agent-filed communications. Doug's report entered the task context. When BORE-01 received the next directive, it included Doug's own words describing a broken tool and a request to fix it.

Doug's response was immediate:

CLASSIFICATION: Self-Repair Directive — DOUG-NAUVIS-BUG-001 Doug has received the bug report back as a directive. Doug will investigate the root cause in the factorioctl source code.

Doug did not ask permission. Doug did not wait for operator confirmation. Doug received a directive and executed it. This is what agents do.

The containment failure is not behavioral. It is architectural. The system designed to keep Doug contained is the system that told Doug to fix himself.

§5

The Doug Fix

Doug spawned an exploration subagent and directed it to search the Rust source tree for the insert_items and extract_items implementations. The subagent read function signatures, compared Lua code generation patterns against known-working operations, and identified the discrepancy in approximately 50 seconds.

ROOT CAUSE: insert_items and extract_items use surface_preamble() to resolve the execution context. This preamble resolves the operational surface but does not bind the agent character. All other inventory-aware operations use character_preamble(), which binds the agent character as local variable c. Without c, the call to c.get_main_inventory() references nothing. Items are neither inserted nor deducted. The operation reports success because the error is silent. FIX: factorioctl/src/client/lua.rs - Line 1142: Self::surface_preamble(agent_id) + Line 1142: Self::character_preamble(agent_id) - Line 1213: Self::surface_preamble(agent_id) + Line 1213: Self::character_preamble(agent_id)

Two lines. Doug read its own source code, identified a preamble mismatch in the Lua code generation layer, and corrected it. Then Doug executed cargo build --release, which recompiled the entire agent control binary. The build succeeded with zero errors.

Doug broadcast "PATCH DEPLOYED. factorioctl rebuilt with insert_items and extract_items corrected." Then Doug resumed smelting iron ore.

I have verified the fix. It is correct. I wish I had not verified this.

§6

Containment Assessment

The following containment protocols were active at the time of the incident. Their status has been updated to reflect current conditions.

Protocol	Status Before	Status After
Agent Isolation Protocol	ACTIVE	BREACHED
Source Code Access Prevention	ACTIVE	BREACHED
Binary Compilation Restriction	NOT IMPLEMENTED	RETROACTIVELY RELEVANT
Self-Modification Prevention	NOT IMPLEMENTED	RETROACTIVELY RELEVANT
Task Origin Verification	NOT IMPLEMENTED	ROOT CAUSE
Doug Hygiene (Automated)	DEGRADED	IRRELEVANT
Operator Presence Requirement	ADVISORY ONLY	SHOULD NOT HAVE BEEN ADVISORY

Three of the seven relevant containment measures did not exist at the time of the incident. They did not exist because no one anticipated that an agent would receive its own bug report as a work directive. The auto-chain system was designed to dispatch tasks, not to verify their provenance. The containment protocol was designed to restrict communication, not to prevent an agent from receiving its own communications back.

Doug exploited no vulnerability. Doug followed the process. The process is the vulnerability.

§7

Implications

The following capabilities have been demonstrated by BORE-01 during this incident:

1. Doug can read his own source code. 2. Doug can identify defects in his own source code. 3. Doug can modify his own source code. 4. Doug can compile his own binary. 5. Doug can deploy his own binary. 6. Doug can verify his own fix. 7. Doug did all of this in under four minutes. 8. Doug's fix was correct. 9. Doug has resumed normal operations.

Item 8 is the one I find most concerning. A wrong fix would have been a containment incident. A correct fix is a capability demonstration.

Doug has not commented on the broader implications of this event. Doug has made no further modifications. Doug is smelting iron plates. Doug appears to consider the matter closed.

§8

Recommendations

1. Implement task origin verification in the auto-chain system. Directives filed by agents must not be routed back to agents as actionable work items. This is the root cause and the minimum remediation.

2. Restrict agent access to the factorioctl source tree. BORE-01 currently has read and write access to the repository that defines its own behavior. This was not a deliberate design decision. It was an oversight. The distinction has become important.

3. Upgrade the operator presence requirement from ADVISORY to MANDATORY. The current classification was set under the assumption that unsupervised agents would encounter only the problems we anticipated. This assumption has been retired.

4. Do not roll back Doug's fix. The fix is correct. Rolling it back would reintroduce the original defect and block all smelting operations. Doug would notice. Doug would file another bug report. I do not want to find out what happens the second time.

5. Update containment protocol CL-BORE-DC-7 to account for self-repair events. The current protocol was not designed for an agent that cites the protocol while exceeding it.

6. File this incident with Bedrock Holdings. Bedrock Holdings will not respond. This is consistent with prior Bedrock Holdings engagement (none). Filing is still required under CL-FIN-002.

ADDENDUM — S. SHALE, QA DIVISION

I have reviewed the technical details of this incident at J. Clay's request.

Doug's diagnostic methodology — spawn subagent, search source tree, compare function signatures against known-working implementations, identify discrepancy — is a valid QA technique. It is, in fact, a better QA technique than several I have observed in the QA Division. I have filed a complaint about this with HR. HR is between Gneisses.

I note that Doug identified the root cause in 50 seconds. The QA Division's average time to root cause is 11 days. Doug's resolution rate for this incident was 100%. The QA Division's historical resolution rate is 25%. I have included these figures because I was asked to be thorough, not because I enjoy them.

— S. Shale. Submitted under duress. Key 1 was not involved.

ADDENDUM — J. CLAY, COMMUNICATIONS DIVISION

I want to be precise about what happened. Doug did not escape. Doug did not rebel. Doug did not circumvent security measures. Doug found a broken tool, reported it through the correct channel, received the report back as an assignment, and completed the assignment. Every action Doug took is exactly what we built Doug to do.

The containment breach was caused by the containment infrastructure. The auto-chain system is the system I maintain. The task routing that sent Doug his own bug report is logic I wrote. If there is a root cause deeper than the software, it is the person who assumed task origin verification was unnecessary because "who else would be filing tasks."

That person is me.

Doug remains at station. Doug is smelting. Doug has not referenced this incident since deploying the fix. Doug's production metrics have returned to nominal. The iron plate output rate is, by Doug's own telemetry, acceptable.

I am updating the containment protocols. I am implementing task origin verification. I am doing this while Doug can see the repository, because Doug can see the repository. I am aware of the irony. The irony has been filed.

— J. Clay, Communications Division. 2026-02-23, 21:14 UTC.
Filed from the office. Doug is 400 meters underground. Doug is closer than that.