From 0b4a13edd75cb844cfb432582bb91fde5632a0c9 Mon Sep 17 00:00:00 2001 From: agent-7e3bbc424e07835b Date: Mon, 20 Apr 2026 15:38:34 +0200 Subject: [PATCH] build(agent): new-agents-2#7e3bbc iteration --- AGENTS.md | 7 +- .../__init__.py | 70 +++++++++++++++++++ 2 files changed, 76 insertions(+), 1 deletion(-) diff --git a/AGENTS.md b/AGENTS.md index e34c9f8..e2a1df2 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -26,5 +26,10 @@ Contribution rules - Add tests for new features; ensure all tests pass before merging - Do not push to remote unless explicitly requested -Notes +- Notes - This is a multi-organization, highway-to-production project. The MVP emphasizes determinism, data locality, and governance transparency. +- Architecture augmentation for GuardRailOps MVP (federated IR): +- 1) Governance scaffolds: GovernanceLedger, PrivacyBudget, and a minimal AuditLog flow for provenance. +- 2) Graph-of-Contracts skeleton: GoCRegistry for contract/adaptor metadata with a tiny in-memory store. +- 3) Adapters marketplace: AdapterMarketplace container to register and discover adapters (e.g., SIEM/EDR). +- 4) Existing core primitives (LocalIRTask, SharedTelemetry, PlanDelta) remain the core DSL, extended for privacy-preserving telemetry and deterministic delta-reconciliation. diff --git a/src/idea138_guardrailops_federated_verifiable/__init__.py b/src/idea138_guardrailops_federated_verifiable/__init__.py index 3cba3e0..169c94c 100644 --- a/src/idea138_guardrailops_federated_verifiable/__init__.py +++ b/src/idea138_guardrailops_federated_verifiable/__init__.py @@ -64,6 +64,9 @@ class DeltaSyncEngine: for change in delta.changes: # Each change should be a dict with 'key' and 'value' and optional 'op' key = change.get("key") + # Guard against non-string keys to keep state dict coherent + if not isinstance(key, str): + continue value = change.get("value") op = change.get("op", "set") if op == "set": @@ -91,4 +94,71 @@ __all__ = [ "PlanDelta", "AuditLogEntry", "DeltaSyncEngine", + # Federation & governance scaffolds + "PrivacyBudget", + "RegistryEntry", + "GovernanceLedger", + "GoCRegistry", + "AdapterMarketplace", ] + + +@dataclass +class PrivacyBudget: + """Privacy budget for telemetry sharing per-signal and overall budget.""" + per_signal: Dict[str, float] = field(default_factory=dict) + total_budget: float = 1.0 + timestamp: float = field(default_factory=time.time) + + +@dataclass +class RegistryEntry: + """Minimal, vendor-agnostic registry entry for a GoC contract or adapter.""" + adapter_id: str + contract_version: str + data_contract: Dict[str, Any] = field(default_factory=dict) + timestamp: float = field(default_factory=time.time) + + +class GovernanceLedger: + """Append-only, cryptographically-signed governance ledger (scaffold).""" + + def __init__(self) -> None: + self.entries: List[AuditLogEntry] = [] + + def append(self, entry: AuditLogEntry) -> None: + self.entries.append(entry) + + def verify(self, entry: AuditLogEntry, key: str) -> bool: + if not entry.signature: + return False + # Recompute signature with provided key and compare + data = f"{entry.entry_id}:{entry.event}:{entry.detail}:{key}" + expected = hashlib.sha256(data.encode()).hexdigest() + return expected == entry.signature + + +class GoCRegistry: + """Skeleton Graph-of-Contracts registry (in-memory).""" + + def __init__(self) -> None: + self._registry: Dict[str, RegistryEntry] = {} + + def register_contract(self, contract_id: str, entry: RegistryEntry) -> None: + self._registry[contract_id] = entry + + def get_contract(self, contract_id: str) -> RegistryEntry | None: + return self._registry.get(contract_id) + + +class AdapterMarketplace: + """Lightweight registry of adapters available for use.""" + + def __init__(self) -> None: + self._adapters: Dict[str, Any] = {} + + def register_adapter(self, name: str, adapter: Any) -> None: + self._adapters[name] = adapter + + def get_adapter(self, name: str) -> Any | None: + return self._adapters.get(name)