Harden CHORUS security and messaging stack

2025-09-20 23:21:35 +10:00
parent 57751f277a
commit 1bb736c09a
25 changed files with 2793 additions and 2474 deletions
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -28,17 +28,18 @@ type Config struct {

 // AgentConfig defines agent-specific settings
 type AgentConfig struct {
-	ID                       string   `yaml:"id"`
-	Specialization           string   `yaml:"specialization"`
-	MaxTasks                 int      `yaml:"max_tasks"`
-	Capabilities             []string `yaml:"capabilities"`
-	Models                   []string `yaml:"models"`
-	Role                     string   `yaml:"role"`
-	Expertise                []string `yaml:"expertise"`
-	ReportsTo                string   `yaml:"reports_to"`
-	Deliverables             []string `yaml:"deliverables"`
-	ModelSelectionWebhook    string   `yaml:"model_selection_webhook"`
-	DefaultReasoningModel    string   `yaml:"default_reasoning_model"`
+	ID                    string   `yaml:"id"`
+	Specialization        string   `yaml:"specialization"`
+	MaxTasks              int      `yaml:"max_tasks"`
+	Capabilities          []string `yaml:"capabilities"`
+	Models                []string `yaml:"models"`
+	Role                  string   `yaml:"role"`
+	Project               string   `yaml:"project"`
+	Expertise             []string `yaml:"expertise"`
+	ReportsTo             string   `yaml:"reports_to"`
+	Deliverables          []string `yaml:"deliverables"`
+	ModelSelectionWebhook string   `yaml:"model_selection_webhook"`
+	DefaultReasoningModel string   `yaml:"default_reasoning_model"`
 }

 // NetworkConfig defines network and API settings
@@ -65,9 +66,9 @@ type LicenseConfig struct {

 // AIConfig defines AI service settings
 type AIConfig struct {
-	Provider   string          `yaml:"provider"`
-	Ollama     OllamaConfig    `yaml:"ollama"`
-	ResetData  ResetDataConfig `yaml:"resetdata"`
+	Provider  string          `yaml:"provider"`
+	Ollama    OllamaConfig    `yaml:"ollama"`
+	ResetData ResetDataConfig `yaml:"resetdata"`
 }

 // OllamaConfig defines Ollama-specific settings
@@ -78,10 +79,10 @@ type OllamaConfig struct {

 // ResetDataConfig defines ResetData LLM service settings
 type ResetDataConfig struct {
-	BaseURL   string        `yaml:"base_url"`
-	APIKey    string        `yaml:"api_key"`
-	Model     string        `yaml:"model"`
-	Timeout   time.Duration `yaml:"timeout"`
+	BaseURL string        `yaml:"base_url"`
+	APIKey  string        `yaml:"api_key"`
+	Model   string        `yaml:"model"`
+	Timeout time.Duration `yaml:"timeout"`
 }

 // LoggingConfig defines logging settings
@@ -103,9 +104,9 @@ type DHTConfig struct {

 // UCXLConfig defines UCXL protocol settings
 type UCXLConfig struct {
-	Enabled    bool         `yaml:"enabled"`
-	Server     ServerConfig `yaml:"server"`
-	Storage    StorageConfig `yaml:"storage"`
+	Enabled    bool             `yaml:"enabled"`
+	Server     ServerConfig     `yaml:"server"`
+	Storage    StorageConfig    `yaml:"storage"`
 	Resolution ResolutionConfig `yaml:"resolution"`
 }

@@ -133,25 +134,26 @@ type SlurpConfig struct {

 // WHOOSHAPIConfig defines WHOOSH API integration settings
 type WHOOSHAPIConfig struct {
-	URL      string `yaml:"url"`
-	BaseURL  string `yaml:"base_url"`
-	Token    string `yaml:"token"`
-	Enabled  bool   `yaml:"enabled"`
+	URL     string `yaml:"url"`
+	BaseURL string `yaml:"base_url"`
+	Token   string `yaml:"token"`
+	Enabled bool   `yaml:"enabled"`
 }

 // LoadFromEnvironment loads configuration from environment variables
 func LoadFromEnvironment() (*Config, error) {
 	cfg := &Config{
 		Agent: AgentConfig{
-			ID:             getEnvOrDefault("CHORUS_AGENT_ID", ""),
-			Specialization: getEnvOrDefault("CHORUS_SPECIALIZATION", "general_developer"),
-			MaxTasks:       getEnvIntOrDefault("CHORUS_MAX_TASKS", 3),
-			Capabilities:   getEnvArrayOrDefault("CHORUS_CAPABILITIES", []string{"general_development", "task_coordination"}),
-			Models:         getEnvArrayOrDefault("CHORUS_MODELS", []string{"meta/llama-3.1-8b-instruct"}),
-			Role:           getEnvOrDefault("CHORUS_ROLE", ""),
-			Expertise:      getEnvArrayOrDefault("CHORUS_EXPERTISE", []string{}),
-			ReportsTo:      getEnvOrDefault("CHORUS_REPORTS_TO", ""),
-			Deliverables:   getEnvArrayOrDefault("CHORUS_DELIVERABLES", []string{}),
+			ID:                    getEnvOrDefault("CHORUS_AGENT_ID", ""),
+			Specialization:        getEnvOrDefault("CHORUS_SPECIALIZATION", "general_developer"),
+			MaxTasks:              getEnvIntOrDefault("CHORUS_MAX_TASKS", 3),
+			Capabilities:          getEnvArrayOrDefault("CHORUS_CAPABILITIES", []string{"general_development", "task_coordination"}),
+			Models:                getEnvArrayOrDefault("CHORUS_MODELS", []string{"meta/llama-3.1-8b-instruct"}),
+			Role:                  getEnvOrDefault("CHORUS_ROLE", ""),
+			Project:               getEnvOrDefault("CHORUS_PROJECT", "chorus"),
+			Expertise:             getEnvArrayOrDefault("CHORUS_EXPERTISE", []string{}),
+			ReportsTo:             getEnvOrDefault("CHORUS_REPORTS_TO", ""),
+			Deliverables:          getEnvArrayOrDefault("CHORUS_DELIVERABLES", []string{}),
 			ModelSelectionWebhook: getEnvOrDefault("CHORUS_MODEL_SELECTION_WEBHOOK", ""),
 			DefaultReasoningModel: getEnvOrDefault("CHORUS_DEFAULT_REASONING_MODEL", "meta/llama-3.1-8b-instruct"),
 		},
@@ -214,10 +216,10 @@ func LoadFromEnvironment() (*Config, error) {
 			AuditLogging:    getEnvBoolOrDefault("CHORUS_AUDIT_LOGGING", true),
 			AuditPath:       getEnvOrDefault("CHORUS_AUDIT_PATH", "/tmp/chorus-audit.log"),
 			ElectionConfig: ElectionConfig{
-				DiscoveryTimeout:  getEnvDurationOrDefault("CHORUS_DISCOVERY_TIMEOUT", 10*time.Second),
-				HeartbeatTimeout:  getEnvDurationOrDefault("CHORUS_HEARTBEAT_TIMEOUT", 30*time.Second),
-				ElectionTimeout:   getEnvDurationOrDefault("CHORUS_ELECTION_TIMEOUT", 60*time.Second),
-				DiscoveryBackoff:  getEnvDurationOrDefault("CHORUS_DISCOVERY_BACKOFF", 5*time.Second),
+				DiscoveryTimeout: getEnvDurationOrDefault("CHORUS_DISCOVERY_TIMEOUT", 10*time.Second),
+				HeartbeatTimeout: getEnvDurationOrDefault("CHORUS_HEARTBEAT_TIMEOUT", 30*time.Second),
+				ElectionTimeout:  getEnvDurationOrDefault("CHORUS_ELECTION_TIMEOUT", 60*time.Second),
+				DiscoveryBackoff: getEnvDurationOrDefault("CHORUS_DISCOVERY_BACKOFF", 5*time.Second),
 				LeadershipScoring: &LeadershipScoring{
 					UptimeWeight:     0.4,
 					CapabilityWeight: 0.3,
@@ -247,7 +249,7 @@ func (c *Config) Validate() error {
 	if c.License.LicenseID == "" {
 		return fmt.Errorf("CHORUS_LICENSE_ID is required")
 	}
-	
+
 	if c.Agent.ID == "" {
 		// Auto-generate agent ID if not provided
 		hostname, _ := os.Hostname()
@@ -258,7 +260,7 @@ func (c *Config) Validate() error {
 			c.Agent.ID = fmt.Sprintf("chorus-%s", hostname)
 		}
 	}
-	
+
 	return nil
 }

@@ -329,14 +331,14 @@ func getEnvOrFileContent(envKey, fileEnvKey string) string {
 	if value := os.Getenv(envKey); value != "" {
 		return value
 	}
-	
+
 	// Then try reading from file path specified in fileEnvKey
 	if filePath := os.Getenv(fileEnvKey); filePath != "" {
 		if content, err := ioutil.ReadFile(filePath); err == nil {
 			return strings.TrimSpace(string(content))
 		}
 	}
-	
+
 	return ""
 }

@@ -360,4 +362,4 @@ func LoadConfig(configPath string) (*Config, error) {
 func SaveConfig(cfg *Config, configPath string) error {
 	// For containers, configuration is environment-based, so this is a no-op
 	return nil
-}
+}