build(agent): new-agents-2#7e3bbc iteration
This commit is contained in:
parent
7653f047c5
commit
0b4a13edd7
|
|
@ -26,5 +26,10 @@ Contribution rules
|
|||
- Add tests for new features; ensure all tests pass before merging
|
||||
- Do not push to remote unless explicitly requested
|
||||
|
||||
Notes
|
||||
- Notes
|
||||
- This is a multi-organization, highway-to-production project. The MVP emphasizes determinism, data locality, and governance transparency.
|
||||
- Architecture augmentation for GuardRailOps MVP (federated IR):
|
||||
- 1) Governance scaffolds: GovernanceLedger, PrivacyBudget, and a minimal AuditLog flow for provenance.
|
||||
- 2) Graph-of-Contracts skeleton: GoCRegistry for contract/adaptor metadata with a tiny in-memory store.
|
||||
- 3) Adapters marketplace: AdapterMarketplace container to register and discover adapters (e.g., SIEM/EDR).
|
||||
- 4) Existing core primitives (LocalIRTask, SharedTelemetry, PlanDelta) remain the core DSL, extended for privacy-preserving telemetry and deterministic delta-reconciliation.
|
||||
|
|
|
|||
|
|
@ -64,6 +64,9 @@ class DeltaSyncEngine:
|
|||
for change in delta.changes:
|
||||
# Each change should be a dict with 'key' and 'value' and optional 'op'
|
||||
key = change.get("key")
|
||||
# Guard against non-string keys to keep state dict coherent
|
||||
if not isinstance(key, str):
|
||||
continue
|
||||
value = change.get("value")
|
||||
op = change.get("op", "set")
|
||||
if op == "set":
|
||||
|
|
@ -91,4 +94,71 @@ __all__ = [
|
|||
"PlanDelta",
|
||||
"AuditLogEntry",
|
||||
"DeltaSyncEngine",
|
||||
# Federation & governance scaffolds
|
||||
"PrivacyBudget",
|
||||
"RegistryEntry",
|
||||
"GovernanceLedger",
|
||||
"GoCRegistry",
|
||||
"AdapterMarketplace",
|
||||
]
|
||||
|
||||
|
||||
@dataclass
|
||||
class PrivacyBudget:
|
||||
"""Privacy budget for telemetry sharing per-signal and overall budget."""
|
||||
per_signal: Dict[str, float] = field(default_factory=dict)
|
||||
total_budget: float = 1.0
|
||||
timestamp: float = field(default_factory=time.time)
|
||||
|
||||
|
||||
@dataclass
|
||||
class RegistryEntry:
|
||||
"""Minimal, vendor-agnostic registry entry for a GoC contract or adapter."""
|
||||
adapter_id: str
|
||||
contract_version: str
|
||||
data_contract: Dict[str, Any] = field(default_factory=dict)
|
||||
timestamp: float = field(default_factory=time.time)
|
||||
|
||||
|
||||
class GovernanceLedger:
|
||||
"""Append-only, cryptographically-signed governance ledger (scaffold)."""
|
||||
|
||||
def __init__(self) -> None:
|
||||
self.entries: List[AuditLogEntry] = []
|
||||
|
||||
def append(self, entry: AuditLogEntry) -> None:
|
||||
self.entries.append(entry)
|
||||
|
||||
def verify(self, entry: AuditLogEntry, key: str) -> bool:
|
||||
if not entry.signature:
|
||||
return False
|
||||
# Recompute signature with provided key and compare
|
||||
data = f"{entry.entry_id}:{entry.event}:{entry.detail}:{key}"
|
||||
expected = hashlib.sha256(data.encode()).hexdigest()
|
||||
return expected == entry.signature
|
||||
|
||||
|
||||
class GoCRegistry:
|
||||
"""Skeleton Graph-of-Contracts registry (in-memory)."""
|
||||
|
||||
def __init__(self) -> None:
|
||||
self._registry: Dict[str, RegistryEntry] = {}
|
||||
|
||||
def register_contract(self, contract_id: str, entry: RegistryEntry) -> None:
|
||||
self._registry[contract_id] = entry
|
||||
|
||||
def get_contract(self, contract_id: str) -> RegistryEntry | None:
|
||||
return self._registry.get(contract_id)
|
||||
|
||||
|
||||
class AdapterMarketplace:
|
||||
"""Lightweight registry of adapters available for use."""
|
||||
|
||||
def __init__(self) -> None:
|
||||
self._adapters: Dict[str, Any] = {}
|
||||
|
||||
def register_adapter(self, name: str, adapter: Any) -> None:
|
||||
self._adapters[name] = adapter
|
||||
|
||||
def get_adapter(self, name: str) -> Any | None:
|
||||
return self._adapters.get(name)
|
||||
|
|
|
|||
Loading…
Reference in New Issue