tony/CHORUS
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

chore: align slurp config and scaffolding

Browse Source
This commit is contained in:
anthonyrawlins
2025-09-27 21:03:12 +10:00
parent acc4361463
commit 4a77862289
47 changed files with 5133 additions and 4274 deletions
Download Patch File Download Diff File Expand all files Collapse all files

473
pkg/slurp/intelligence/role_aware_processor.go
View File

@@ -8,80 +8,79 @@ import (
"sync"
"time"
"chorus/pkg/crypto"
slurpContext "chorus/pkg/slurp/context"
)
// RoleAwareProcessor provides role-based context processing and insight generation
type RoleAwareProcessor struct {
mu sync.RWMutex
config *EngineConfig
roleManager *RoleManager
securityFilter *SecurityFilter
insightGenerator *InsightGenerator
accessController *AccessController
auditLogger *AuditLogger
permissions *PermissionMatrix
roleProfiles map[string]*RoleProfile
mu sync.RWMutex
config *EngineConfig
roleManager *RoleManager
securityFilter *SecurityFilter
insightGenerator *InsightGenerator
accessController *AccessController
auditLogger *AuditLogger
permissions *PermissionMatrix
roleProfiles map[string]*RoleBlueprint
}
// RoleManager manages role definitions and hierarchies
type RoleManager struct {
roles map[string]*Role
hierarchies map[string]*RoleHierarchy
capabilities map[string]*RoleCapabilities
restrictions map[string]*RoleRestrictions
roles map[string]*Role
hierarchies map[string]*RoleHierarchy
capabilities map[string]*RoleCapabilities
restrictions map[string]*RoleRestrictions
}
// Role represents an AI agent role with specific permissions and capabilities
type Role struct {
ID string `json:"id"`
Name string `json:"name"`
Description string `json:"description"`
SecurityLevel int `json:"security_level"`
Capabilities []string `json:"capabilities"`
Restrictions []string `json:"restrictions"`
AccessPatterns []string `json:"access_patterns"`
ContextFilters []string `json:"context_filters"`
Priority int `json:"priority"`
ParentRoles []string `json:"parent_roles"`
ChildRoles []string `json:"child_roles"`
Metadata map[string]interface{} `json:"metadata"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
IsActive bool `json:"is_active"`
ID string `json:"id"`
Name string `json:"name"`
Description string `json:"description"`
SecurityLevel int `json:"security_level"`
Capabilities []string `json:"capabilities"`
Restrictions []string `json:"restrictions"`
AccessPatterns []string `json:"access_patterns"`
ContextFilters []string `json:"context_filters"`
Priority int `json:"priority"`
ParentRoles []string `json:"parent_roles"`
ChildRoles []string `json:"child_roles"`
Metadata map[string]interface{} `json:"metadata"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
IsActive bool `json:"is_active"`
}
// RoleHierarchy defines role inheritance and relationships
type RoleHierarchy struct {
ParentRole string `json:"parent_role"`
ChildRoles []string `json:"child_roles"`
InheritLevel int `json:"inherit_level"`
OverrideRules []string `json:"override_rules"`
ParentRole string `json:"parent_role"`
ChildRoles []string `json:"child_roles"`
InheritLevel int `json:"inherit_level"`
OverrideRules []string `json:"override_rules"`
}
// RoleCapabilities defines what a role can do
type RoleCapabilities struct {
RoleID string `json:"role_id"`
ReadAccess []string `json:"read_access"`
WriteAccess []string `json:"write_access"`
ExecuteAccess []string `json:"execute_access"`
AnalysisTypes []string `json:"analysis_types"`
InsightLevels []string `json:"insight_levels"`
SecurityScopes []string `json:"security_scopes"`
RoleID string `json:"role_id"`
ReadAccess []string `json:"read_access"`
WriteAccess []string `json:"write_access"`
ExecuteAccess []string `json:"execute_access"`
AnalysisTypes []string `json:"analysis_types"`
InsightLevels []string `json:"insight_levels"`
SecurityScopes []string `json:"security_scopes"`
DataClassifications []string `json:"data_classifications"`
}
// RoleRestrictions defines what a role cannot do or access
type RoleRestrictions struct {
RoleID string `json:"role_id"`
ForbiddenPaths []string `json:"forbidden_paths"`
ForbiddenTypes []string `json:"forbidden_types"`
ForbiddenKeywords []string `json:"forbidden_keywords"`
TimeRestrictions []string `json:"time_restrictions"`
RateLimit *RateLimit `json:"rate_limit"`
MaxContextSize int `json:"max_context_size"`
MaxInsights int `json:"max_insights"`
RoleID string `json:"role_id"`
ForbiddenPaths []string `json:"forbidden_paths"`
ForbiddenTypes []string `json:"forbidden_types"`
ForbiddenKeywords []string `json:"forbidden_keywords"`
TimeRestrictions []string `json:"time_restrictions"`
RateLimit *RateLimit `json:"rate_limit"`
MaxContextSize int `json:"max_context_size"`
MaxInsights int `json:"max_insights"`
}
// RateLimit defines rate limiting for role operations
@@ -111,9 +110,9 @@ type ContentFilter struct {
// AccessMatrix defines access control rules
type AccessMatrix struct {
Rules map[string]*AccessRule `json:"rules"`
DefaultDeny bool `json:"default_deny"`
LastUpdated time.Time `json:"last_updated"`
Rules map[string]*AccessRule `json:"rules"`
DefaultDeny bool `json:"default_deny"`
LastUpdated time.Time `json:"last_updated"`
}
// AccessRule defines a specific access control rule
@@ -144,14 +143,14 @@ type RoleInsightGenerator interface {
// InsightTemplate defines templates for generating insights
type InsightTemplate struct {
TemplateID string `json:"template_id"`
Name string `json:"name"`
Template string `json:"template"`
Variables []string `json:"variables"`
Roles []string `json:"roles"`
Category string `json:"category"`
Priority int `json:"priority"`
Metadata map[string]interface{} `json:"metadata"`
TemplateID string `json:"template_id"`
Name string `json:"name"`
Template string `json:"template"`
Variables []string `json:"variables"`
Roles []string `json:"roles"`
Category string `json:"category"`
Priority int `json:"priority"`
Metadata map[string]interface{} `json:"metadata"`
}
// InsightFilter filters insights based on role permissions
@@ -179,39 +178,39 @@ type PermissionMatrix struct {
// RolePermissions defines permissions for a specific role
type RolePermissions struct {
RoleID string `json:"role_id"`
ContextAccess *ContextAccessRights `json:"context_access"`
AnalysisAccess *AnalysisAccessRights `json:"analysis_access"`
InsightAccess *InsightAccessRights `json:"insight_access"`
SystemAccess *SystemAccessRights `json:"system_access"`
CustomAccess map[string]interface{} `json:"custom_access"`
RoleID string `json:"role_id"`
ContextAccess *ContextAccessRights `json:"context_access"`
AnalysisAccess *AnalysisAccessRights `json:"analysis_access"`
InsightAccess *InsightAccessRights `json:"insight_access"`
SystemAccess *SystemAccessRights `json:"system_access"`
CustomAccess map[string]interface{} `json:"custom_access"`
}
// ContextAccessRights defines context-related access rights
type ContextAccessRights struct {
ReadLevel int `json:"read_level"`
WriteLevel int `json:"write_level"`
AllowedTypes []string `json:"allowed_types"`
ForbiddenTypes []string `json:"forbidden_types"`
ReadLevel int `json:"read_level"`
WriteLevel int `json:"write_level"`
AllowedTypes []string `json:"allowed_types"`
ForbiddenTypes []string `json:"forbidden_types"`
PathRestrictions []string `json:"path_restrictions"`
SizeLimit int `json:"size_limit"`
SizeLimit int `json:"size_limit"`
}
// AnalysisAccessRights defines analysis-related access rights
type AnalysisAccessRights struct {
AllowedAnalysisTypes []string `json:"allowed_analysis_types"`
MaxComplexity int `json:"max_complexity"`
AllowedAnalysisTypes []string `json:"allowed_analysis_types"`
MaxComplexity int `json:"max_complexity"`
TimeoutLimit time.Duration `json:"timeout_limit"`
ResourceLimit int `json:"resource_limit"`
ResourceLimit int `json:"resource_limit"`
}
// InsightAccessRights defines insight-related access rights
type InsightAccessRights struct {
GenerationLevel int `json:"generation_level"`
AccessLevel int `json:"access_level"`
CategoryFilters []string `json:"category_filters"`
ConfidenceThreshold float64 `json:"confidence_threshold"`
MaxInsights int `json:"max_insights"`
GenerationLevel int `json:"generation_level"`
AccessLevel int `json:"access_level"`
CategoryFilters []string `json:"category_filters"`
ConfidenceThreshold float64 `json:"confidence_threshold"`
MaxInsights int `json:"max_insights"`
}
// SystemAccessRights defines system-level access rights
@@ -254,15 +253,15 @@ type AuditLogger struct {
// AuditEntry represents an audit log entry
type AuditEntry struct {
ID string `json:"id"`
Timestamp time.Time `json:"timestamp"`
RoleID string `json:"role_id"`
Action string `json:"action"`
Resource string `json:"resource"`
Result string `json:"result"` // success, denied, error
Details string `json:"details"`
Context map[string]interface{} `json:"context"`
SecurityLevel int `json:"security_level"`
ID string `json:"id"`
Timestamp time.Time `json:"timestamp"`
RoleID string `json:"role_id"`
Action string `json:"action"`
Resource string `json:"resource"`
Result string `json:"result"` // success, denied, error
Details string `json:"details"`
Context map[string]interface{} `json:"context"`
SecurityLevel int `json:"security_level"`
}
// AuditConfig defines audit logging configuration
@@ -276,49 +275,49 @@ type AuditConfig struct {
}
// RoleProfile contains comprehensive role configuration
type RoleProfile struct {
Role *Role `json:"role"`
Capabilities *RoleCapabilities `json:"capabilities"`
Restrictions *RoleRestrictions `json:"restrictions"`
Permissions *RolePermissions `json:"permissions"`
InsightConfig *RoleInsightConfig `json:"insight_config"`
SecurityConfig *RoleSecurityConfig `json:"security_config"`
type RoleBlueprint struct {
Role *Role `json:"role"`
Capabilities *RoleCapabilities `json:"capabilities"`
Restrictions *RoleRestrictions `json:"restrictions"`
Permissions *RolePermissions `json:"permissions"`
InsightConfig *RoleInsightConfig `json:"insight_config"`
SecurityConfig *RoleSecurityConfig `json:"security_config"`
}
// RoleInsightConfig defines insight generation configuration for a role
type RoleInsightConfig struct {
EnabledGenerators []string `json:"enabled_generators"`
MaxInsights int `json:"max_insights"`
ConfidenceThreshold float64 `json:"confidence_threshold"`
CategoryWeights map[string]float64 `json:"category_weights"`
CustomFilters []string `json:"custom_filters"`
EnabledGenerators []string `json:"enabled_generators"`
MaxInsights int `json:"max_insights"`
ConfidenceThreshold float64 `json:"confidence_threshold"`
CategoryWeights map[string]float64 `json:"category_weights"`
CustomFilters []string `json:"custom_filters"`
}
// RoleSecurityConfig defines security configuration for a role
type RoleSecurityConfig struct {
EncryptionRequired bool `json:"encryption_required"`
AccessLogging bool `json:"access_logging"`
EncryptionRequired bool `json:"encryption_required"`
AccessLogging bool `json:"access_logging"`
RateLimit *RateLimit `json:"rate_limit"`
IPWhitelist []string `json:"ip_whitelist"`
RequiredClaims []string `json:"required_claims"`
IPWhitelist []string `json:"ip_whitelist"`
RequiredClaims []string `json:"required_claims"`
}
// RoleSpecificInsight represents an insight tailored to a specific role
type RoleSpecificInsight struct {
ID string `json:"id"`
RoleID string `json:"role_id"`
Category string `json:"category"`
Title string `json:"title"`
Content string `json:"content"`
Confidence float64 `json:"confidence"`
Priority int `json:"priority"`
SecurityLevel int `json:"security_level"`
Tags []string `json:"tags"`
ActionItems []string `json:"action_items"`
References []string `json:"references"`
Metadata map[string]interface{} `json:"metadata"`
GeneratedAt time.Time `json:"generated_at"`
ExpiresAt *time.Time `json:"expires_at,omitempty"`
ID string `json:"id"`
RoleID string `json:"role_id"`
Category string `json:"category"`
Title string `json:"title"`
Content string `json:"content"`
Confidence float64 `json:"confidence"`
Priority int `json:"priority"`
SecurityLevel int `json:"security_level"`
Tags []string `json:"tags"`
ActionItems []string `json:"action_items"`
References []string `json:"references"`
Metadata map[string]interface{} `json:"metadata"`
GeneratedAt time.Time `json:"generated_at"`
ExpiresAt *time.Time `json:"expires_at,omitempty"`
}
// NewRoleAwareProcessor creates a new role-aware processor
@@ -331,7 +330,7 @@ func NewRoleAwareProcessor(config *EngineConfig) *RoleAwareProcessor {
accessController: NewAccessController(),
auditLogger: NewAuditLogger(),
permissions: NewPermissionMatrix(),
roleProfiles: make(map[string]*RoleProfile),
roleProfiles: make(map[string]*RoleBlueprint),
}
// Initialize default roles
@@ -342,10 +341,10 @@ func NewRoleAwareProcessor(config *EngineConfig) *RoleAwareProcessor {
// NewRoleManager creates a role manager with default roles
func NewRoleManager() *RoleManager {
rm := &RoleManager{
roles: make(map[string]*Role),
hierarchies: make(map[string]*RoleHierarchy),
capabilities: make(map[string]*RoleCapabilities),
restrictions: make(map[string]*RoleRestrictions),
roles: make(map[string]*Role),
hierarchies: make(map[string]*RoleHierarchy),
capabilities: make(map[string]*RoleCapabilities),
restrictions: make(map[string]*RoleRestrictions),
}
// Initialize with default roles
@@ -383,12 +382,15 @@ func (rap *RoleAwareProcessor) ProcessContextForRole(ctx context.Context, node *
// Apply insights to node
if len(insights) > 0 {
filteredNode.RoleSpecificInsights = insights
filteredNode.ProcessedForRole = roleID
if filteredNode.Metadata == nil {
filteredNode.Metadata = make(map[string]interface{})
}
filteredNode.Metadata["role_specific_insights"] = insights
filteredNode.Metadata["processed_for_role"] = roleID
}
// Log successful processing
rap.auditLogger.logAccess(roleID, "context:process", node.Path, "success",
rap.auditLogger.logAccess(roleID, "context:process", node.Path, "success",
fmt.Sprintf("processed with %d insights", len(insights)))
return filteredNode, nil
@@ -413,7 +415,7 @@ func (rap *RoleAwareProcessor) GenerateRoleSpecificInsights(ctx context.Context,
return nil, err
}
rap.auditLogger.logAccess(roleID, "insight:generate", node.Path, "success",
rap.auditLogger.logAccess(roleID, "insight:generate", node.Path, "success",
fmt.Sprintf("generated %d insights", len(insights)))
return insights, nil
@@ -448,69 +450,69 @@ func (rap *RoleAwareProcessor) GetRoleCapabilities(roleID string) (*RoleCapabili
func (rap *RoleAwareProcessor) initializeDefaultRoles() {
defaultRoles := []*Role{
{
ID: "architect",
Name: "System Architect",
Description: "High-level system design and architecture decisions",
SecurityLevel: 8,
Capabilities: []string{"architecture_design", "high_level_analysis", "strategic_planning"},
Restrictions: []string{"no_implementation_details", "no_low_level_code"},
ID: "architect",
Name: "System Architect",
Description: "High-level system design and architecture decisions",
SecurityLevel: 8,
Capabilities: []string{"architecture_design", "high_level_analysis", "strategic_planning"},
Restrictions: []string{"no_implementation_details", "no_low_level_code"},
AccessPatterns: []string{"architecture/**", "design/**", "docs/**"},
Priority: 1,
IsActive: true,
CreatedAt: time.Now(),
Priority: 1,
IsActive: true,
CreatedAt: time.Now(),
},
{
ID: "developer",
Name: "Software Developer",
Description: "Code implementation and development tasks",
SecurityLevel: 6,
Capabilities: []string{"code_analysis", "implementation", "debugging", "testing"},
Restrictions: []string{"no_architecture_changes", "no_security_config"},
ID: "developer",
Name: "Software Developer",
Description: "Code implementation and development tasks",
SecurityLevel: 6,
Capabilities: []string{"code_analysis", "implementation", "debugging", "testing"},
Restrictions: []string{"no_architecture_changes", "no_security_config"},
AccessPatterns: []string{"src/**", "lib/**", "test/**"},
Priority: 2,
IsActive: true,
CreatedAt: time.Now(),
Priority: 2,
IsActive: true,
CreatedAt: time.Now(),
},
{
ID: "security_analyst",
Name: "Security Analyst",
Description: "Security analysis and vulnerability assessment",
SecurityLevel: 9,
Capabilities: []string{"security_analysis", "vulnerability_assessment", "compliance_check"},
Restrictions: []string{"no_code_modification"},
ID: "security_analyst",
Name: "Security Analyst",
Description: "Security analysis and vulnerability assessment",
SecurityLevel: 9,
Capabilities: []string{"security_analysis", "vulnerability_assessment", "compliance_check"},
Restrictions: []string{"no_code_modification"},
AccessPatterns: []string{"**/*"},
Priority: 1,
IsActive: true,
CreatedAt: time.Now(),
Priority: 1,
IsActive: true,
CreatedAt: time.Now(),
},
{
ID: "devops_engineer",
Name: "DevOps Engineer",
Description: "Infrastructure and deployment operations",
SecurityLevel: 7,
Capabilities: []string{"infrastructure_analysis", "deployment", "monitoring", "ci_cd"},
Restrictions: []string{"no_business_logic"},
ID: "devops_engineer",
Name: "DevOps Engineer",
Description: "Infrastructure and deployment operations",
SecurityLevel: 7,
Capabilities: []string{"infrastructure_analysis", "deployment", "monitoring", "ci_cd"},
Restrictions: []string{"no_business_logic"},
AccessPatterns: []string{"infra/**", "deploy/**", "config/**", "docker/**"},
Priority: 2,
IsActive: true,
CreatedAt: time.Now(),
Priority: 2,
IsActive: true,
CreatedAt: time.Now(),
},
{
ID: "qa_engineer",
Name: "Quality Assurance Engineer",
Description: "Quality assurance and testing",
SecurityLevel: 5,
Capabilities: []string{"quality_analysis", "testing", "test_planning"},
Restrictions: []string{"no_production_access", "no_code_modification"},
ID: "qa_engineer",
Name: "Quality Assurance Engineer",
Description: "Quality assurance and testing",
SecurityLevel: 5,
Capabilities: []string{"quality_analysis", "testing", "test_planning"},
Restrictions: []string{"no_production_access", "no_code_modification"},
AccessPatterns: []string{"test/**", "spec/**", "qa/**"},
Priority: 3,
IsActive: true,
CreatedAt: time.Now(),
Priority: 3,
IsActive: true,
CreatedAt: time.Now(),
},
}
for _, role := range defaultRoles {
rap.roleProfiles[role.ID] = &RoleProfile{
rap.roleProfiles[role.ID] = &RoleBlueprint{
Role: role,
Capabilities: rap.createDefaultCapabilities(role),
Restrictions: rap.createDefaultRestrictions(role),
@@ -540,23 +542,23 @@ func (rap *RoleAwareProcessor) createDefaultCapabilities(role *Role) *RoleCapabi
baseCapabilities.ExecuteAccess = []string{"design_tools", "modeling"}
baseCapabilities.InsightLevels = []string{"strategic", "architectural", "high_level"}
baseCapabilities.SecurityScopes = []string{"public", "internal", "confidential"}
case "developer":
baseCapabilities.WriteAccess = []string{"src/**", "test/**"}
baseCapabilities.ExecuteAccess = []string{"compile", "test", "debug"}
baseCapabilities.InsightLevels = []string{"implementation", "code_quality", "performance"}
case "security_analyst":
baseCapabilities.ReadAccess = []string{"**/*"}
baseCapabilities.InsightLevels = []string{"security", "vulnerability", "compliance"}
baseCapabilities.SecurityScopes = []string{"public", "internal", "confidential", "secret"}
baseCapabilities.DataClassifications = []string{"public", "internal", "confidential", "restricted"}
case "devops_engineer":
baseCapabilities.WriteAccess = []string{"infra/**", "deploy/**", "config/**"}
baseCapabilities.ExecuteAccess = []string{"deploy", "configure", "monitor"}
baseCapabilities.InsightLevels = []string{"infrastructure", "deployment", "monitoring"}
case "qa_engineer":
baseCapabilities.WriteAccess = []string{"test/**", "qa/**"}
baseCapabilities.ExecuteAccess = []string{"test", "validate"}
@@ -587,21 +589,21 @@ func (rap *RoleAwareProcessor) createDefaultRestrictions(role *Role) *RoleRestri
// Architects have fewer restrictions
baseRestrictions.MaxContextSize = 50000
baseRestrictions.MaxInsights = 100
case "developer":
baseRestrictions.ForbiddenPaths = append(baseRestrictions.ForbiddenPaths, "architecture/**", "security/**")
baseRestrictions.ForbiddenTypes = []string{"security_config", "deployment_config"}
case "security_analyst":
// Security analysts have minimal path restrictions but keyword restrictions
baseRestrictions.ForbiddenPaths = []string{"temp/**"}
baseRestrictions.ForbiddenKeywords = []string{"password", "secret", "key"}
baseRestrictions.MaxContextSize = 100000
case "devops_engineer":
baseRestrictions.ForbiddenPaths = append(baseRestrictions.ForbiddenPaths, "src/**")
baseRestrictions.ForbiddenTypes = []string{"business_logic", "user_data"}
case "qa_engineer":
baseRestrictions.ForbiddenPaths = append(baseRestrictions.ForbiddenPaths, "src/**", "infra/**")
baseRestrictions.ForbiddenTypes = []string{"production_config", "security_config"}
@@ -615,10 +617,10 @@ func (rap *RoleAwareProcessor) createDefaultPermissions(role *Role) *RolePermiss
return &RolePermissions{
RoleID: role.ID,
ContextAccess: &ContextAccessRights{
ReadLevel: role.SecurityLevel,
WriteLevel: role.SecurityLevel - 2,
AllowedTypes: []string{"code", "documentation", "configuration"},
SizeLimit: 1000000,
ReadLevel: role.SecurityLevel,
WriteLevel: role.SecurityLevel - 2,
AllowedTypes: []string{"code", "documentation", "configuration"},
SizeLimit: 1000000,
},
AnalysisAccess: &AnalysisAccessRights{
AllowedAnalysisTypes: role.Capabilities,
@@ -627,10 +629,10 @@ func (rap *RoleAwareProcessor) createDefaultPermissions(role *Role) *RolePermiss
ResourceLimit: 100,
},
InsightAccess: &InsightAccessRights{
GenerationLevel: role.SecurityLevel,
AccessLevel: role.SecurityLevel,
ConfidenceThreshold: 0.5,
MaxInsights: 50,
GenerationLevel: role.SecurityLevel,
AccessLevel: role.SecurityLevel,
ConfidenceThreshold: 0.5,
MaxInsights: 50,
},
SystemAccess: &SystemAccessRights{
AdminAccess: role.SecurityLevel >= 8,
@@ -660,26 +662,26 @@ func (rap *RoleAwareProcessor) createDefaultInsightConfig(role *Role) *RoleInsig
"scalability": 0.9,
}
config.MaxInsights = 100
case "developer":
config.EnabledGenerators = []string{"code_insights", "implementation_suggestions", "bug_detection"}
config.CategoryWeights = map[string]float64{
"code_quality": 1.0,
"implementation": 0.9,
"bugs": 0.8,
"performance": 0.6,
"code_quality": 1.0,
"implementation": 0.9,
"bugs": 0.8,
"performance": 0.6,
}
case "security_analyst":
config.EnabledGenerators = []string{"security_insights", "vulnerability_analysis", "compliance_check"}
config.CategoryWeights = map[string]float64{
"security": 1.0,
"security": 1.0,
"vulnerabilities": 1.0,
"compliance": 0.9,
"privacy": 0.8,
"compliance": 0.9,
"privacy": 0.8,
}
config.MaxInsights = 200
case "devops_engineer":
config.EnabledGenerators = []string{"infrastructure_insights", "deployment_analysis", "monitoring_suggestions"}
config.CategoryWeights = map[string]float64{
@@ -688,7 +690,7 @@ func (rap *RoleAwareProcessor) createDefaultInsightConfig(role *Role) *RoleInsig
"monitoring": 0.8,
"automation": 0.7,
}
case "qa_engineer":
config.EnabledGenerators = []string{"quality_insights", "test_suggestions", "validation_analysis"}
config.CategoryWeights = map[string]float64{
@@ -751,7 +753,7 @@ func NewSecurityFilter() *SecurityFilter {
"top_secret": 10,
},
contentFilters: make(map[string]*ContentFilter),
accessMatrix: &AccessMatrix{
accessMatrix: &AccessMatrix{
Rules: make(map[string]*AccessRule),
DefaultDeny: true,
LastUpdated: time.Now(),
@@ -765,7 +767,7 @@ func (sf *SecurityFilter) filterForRole(node *slurpContext.ContextNode, role *Ro
// Apply content filtering based on role security level
filtered.Summary = sf.filterContent(node.Summary, role)
filtered.Purpose = sf.filterContent(node.Purpose, role)
// Filter insights based on role access level
filteredInsights := []string{}
for _, insight := range node.Insights {
@@ -816,7 +818,7 @@ func (sf *SecurityFilter) filterContent(content string, role *Role) string {
func (sf *SecurityFilter) canAccessInsight(insight string, role *Role) bool {
// Check if role can access this type of insight
lowerInsight := strings.ToLower(insight)
// Security analysts can see all insights
if role.ID == "security_analyst" {
return true
@@ -849,20 +851,20 @@ func (sf *SecurityFilter) canAccessInsight(insight string, role *Role) bool {
func (sf *SecurityFilter) filterTechnologies(technologies []string, role *Role) []string {
filtered := []string{}
for _, tech := range technologies {
if sf.canAccessTechnology(tech, role) {
filtered = append(filtered, tech)
}
}
return filtered
}
func (sf *SecurityFilter) canAccessTechnology(technology string, role *Role) bool {
// Role-specific technology access rules
lowerTech := strings.ToLower(technology)
switch role.ID {
case "qa_engineer":
// QA engineers shouldn't see infrastructure technologies
@@ -881,26 +883,26 @@ func (sf *SecurityFilter) canAccessTechnology(technology string, role *Role) boo
}
}
}
return true
}
func (sf *SecurityFilter) filterTags(tags []string, role *Role) []string {
filtered := []string{}
for _, tag := range tags {
if sf.canAccessTag(tag, role) {
filtered = append(filtered, tag)
}
}
return filtered
}
func (sf *SecurityFilter) canAccessTag(tag string, role *Role) bool {
// Simple tag filtering based on role
lowerTag := strings.ToLower(tag)
// Security-related tags only for security analysts and architects
securityTags := []string{"security", "vulnerability", "encryption", "authentication"}
for _, secTag := range securityTags {
@@ -908,7 +910,7 @@ func (sf *SecurityFilter) canAccessTag(tag string, role *Role) bool {
return false
}
}
return true
}
@@ -968,7 +970,7 @@ func (ig *InsightGenerator) generateForRole(ctx context.Context, node *slurpCont
func (ig *InsightGenerator) applyRoleFilters(insights []*RoleSpecificInsight, role *Role) []*RoleSpecificInsight {
filtered := []*RoleSpecificInsight{}
for _, insight := range insights {
// Check security level
if insight.SecurityLevel > role.SecurityLevel {
@@ -1174,6 +1176,7 @@ func (al *AuditLogger) GetAuditLog(limit int) []*AuditEntry {
// These would be fully implemented with sophisticated logic in production
type ArchitectInsightGenerator struct{}
func NewArchitectInsightGenerator() *ArchitectInsightGenerator { return &ArchitectInsightGenerator{} }
func (aig *ArchitectInsightGenerator) GenerateInsights(ctx context.Context, node *slurpContext.ContextNode, role *Role) ([]*RoleSpecificInsight, error) {
return []*RoleSpecificInsight{
@@ -1191,10 +1194,15 @@ func (aig *ArchitectInsightGenerator) GenerateInsights(ctx context.Context, node
}, nil
}
func (aig *ArchitectInsightGenerator) GetSupportedRoles() []string { return []string{"architect"} }
func (aig *ArchitectInsightGenerator) GetInsightTypes() []string { return []string{"architecture", "design", "patterns"} }
func (aig *ArchitectInsightGenerator) ValidateContext(node *slurpContext.ContextNode, role *Role) error { return nil }
func (aig *ArchitectInsightGenerator) GetInsightTypes() []string {
return []string{"architecture", "design", "patterns"}
}
func (aig *ArchitectInsightGenerator) ValidateContext(node *slurpContext.ContextNode, role *Role) error {
return nil
}
type DeveloperInsightGenerator struct{}
func NewDeveloperInsightGenerator() *DeveloperInsightGenerator { return &DeveloperInsightGenerator{} }
func (dig *DeveloperInsightGenerator) GenerateInsights(ctx context.Context, node *slurpContext.ContextNode, role *Role) ([]*RoleSpecificInsight, error) {
return []*RoleSpecificInsight{
@@ -1212,10 +1220,15 @@ func (dig *DeveloperInsightGenerator) GenerateInsights(ctx context.Context, node
}, nil
}
func (dig *DeveloperInsightGenerator) GetSupportedRoles() []string { return []string{"developer"} }
func (dig *DeveloperInsightGenerator) GetInsightTypes() []string { return []string{"code_quality", "implementation", "bugs"} }
func (dig *DeveloperInsightGenerator) ValidateContext(node *slurpContext.ContextNode, role *Role) error { return nil }
func (dig *DeveloperInsightGenerator) GetInsightTypes() []string {
return []string{"code_quality", "implementation", "bugs"}
}
func (dig *DeveloperInsightGenerator) ValidateContext(node *slurpContext.ContextNode, role *Role) error {
return nil
}
type SecurityInsightGenerator struct{}
func NewSecurityInsightGenerator() *SecurityInsightGenerator { return &SecurityInsightGenerator{} }
func (sig *SecurityInsightGenerator) GenerateInsights(ctx context.Context, node *slurpContext.ContextNode, role *Role) ([]*RoleSpecificInsight, error) {
return []*RoleSpecificInsight{
@@ -1232,11 +1245,18 @@ func (sig *SecurityInsightGenerator) GenerateInsights(ctx context.Context, node
},
}, nil
}
func (sig *SecurityInsightGenerator) GetSupportedRoles() []string { return []string{"security_analyst"} }
func (sig *SecurityInsightGenerator) GetInsightTypes() []string { return []string{"security", "vulnerability", "compliance"} }
func (sig *SecurityInsightGenerator) ValidateContext(node *slurpContext.ContextNode, role *Role) error { return nil }
func (sig *SecurityInsightGenerator) GetSupportedRoles() []string {
return []string{"security_analyst"}
}
func (sig *SecurityInsightGenerator) GetInsightTypes() []string {
return []string{"security", "vulnerability", "compliance"}
}
func (sig *SecurityInsightGenerator) ValidateContext(node *slurpContext.ContextNode, role *Role) error {
return nil
}
type DevOpsInsightGenerator struct{}
func NewDevOpsInsightGenerator() *DevOpsInsightGenerator { return &DevOpsInsightGenerator{} }
func (doig *DevOpsInsightGenerator) GenerateInsights(ctx context.Context, node *slurpContext.ContextNode, role *Role) ([]*RoleSpecificInsight, error) {
return []*RoleSpecificInsight{
@@ -1254,10 +1274,15 @@ func (doig *DevOpsInsightGenerator) GenerateInsights(ctx context.Context, node *
}, nil
}
func (doig *DevOpsInsightGenerator) GetSupportedRoles() []string { return []string{"devops_engineer"} }
func (doig *DevOpsInsightGenerator) GetInsightTypes() []string { return []string{"infrastructure", "deployment", "monitoring"} }
func (doig *DevOpsInsightGenerator) ValidateContext(node *slurpContext.ContextNode, role *Role) error { return nil }
func (doig *DevOpsInsightGenerator) GetInsightTypes() []string {
return []string{"infrastructure", "deployment", "monitoring"}
}
func (doig *DevOpsInsightGenerator) ValidateContext(node *slurpContext.ContextNode, role *Role) error {
return nil
}
type QAInsightGenerator struct{}
func NewQAInsightGenerator() *QAInsightGenerator { return &QAInsightGenerator{} }
func (qaig *QAInsightGenerator) GenerateInsights(ctx context.Context, node *slurpContext.ContextNode, role *Role) ([]*RoleSpecificInsight, error) {
return []*RoleSpecificInsight{
@@ -1275,5 +1300,9 @@ func (qaig *QAInsightGenerator) GenerateInsights(ctx context.Context, node *slur
}, nil
}
func (qaig *QAInsightGenerator) GetSupportedRoles() []string { return []string{"qa_engineer"} }
func (qaig *QAInsightGenerator) GetInsightTypes() []string { return []string{"quality", "testing", "validation"} }
func (qaig *QAInsightGenerator) ValidateContext(node *slurpContext.ContextNode, role *Role) error { return nil }
func (qaig *QAInsightGenerator) GetInsightTypes() []string {
return []string{"quality", "testing", "validation"}
}
func (qaig *QAInsightGenerator) ValidateContext(node *slurpContext.ContextNode, role *Role) error {
return nil
}