Complete BZZZ functionality port to CHORUS

🎭 CHORUS now contains full BZZZ functionality adapted for containers

Core systems ported:
- P2P networking (libp2p with DHT and PubSub)
- Task coordination (COOEE protocol)
- HMMM collaborative reasoning
- SHHH encryption and security
- SLURP admin election system
- UCXL content addressing
- UCXI server integration
- Hypercore logging system
- Health monitoring and graceful shutdown
- License validation with KACHING

Container adaptations:
- Environment variable configuration (no YAML files)
- Container-optimized logging to stdout/stderr
- Auto-generated agent IDs for container deployments
- Docker-first architecture

All proven BZZZ P2P protocols, AI integration, and collaboration
features are now available in containerized form.

Next: Build and test container deployment.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

pkg/slurp/roles/doc.go

@@ -0,0 +1,102 @@
+// Package roles provides role-based access control and context filtering for the SLURP system.
+//
+// This package implements comprehensive role-based access control (RBAC) for contextual
+// intelligence, ensuring that context information is appropriately filtered, encrypted,
+// and distributed based on role permissions and security requirements. It integrates
+// with the existing BZZZ crypto system to provide secure, scalable access control.
+//
+// Key Features:
+//   - Hierarchical role definition and management
+//   - Context filtering based on role permissions and access levels
+//   - Integration with BZZZ crypto system for role-based encryption
+//   - Dynamic permission evaluation and caching for performance
+//   - Role-specific context views and perspectives
+//   - Audit logging for access control decisions
+//   - Permission inheritance and delegation
+//   - Temporal access control with time-based permissions
+//
+// Core Components:
+//   - RoleManager: Definition and management of roles and permissions
+//   - AccessController: Access control decision making and enforcement
+//   - ContextFilter: Role-based filtering of context information
+//   - PermissionEvaluator: Dynamic evaluation of permissions
+//   - AuditLogger: Logging of access control events
+//   - EncryptionManager: Role-based encryption and key management
+//
+// Integration Points:
+//   - pkg/crypto: Role-based encryption and key management
+//   - pkg/slurp/context: Context filtering and access control
+//   - pkg/slurp/storage: Encrypted storage with role-based access
+//   - pkg/election: Leader-based role administration
+//   - pkg/config: Role configuration and policies
+//
+// Example Usage:
+//
+//	roleManager := roles.NewRoleManager(storage, crypto)
+//	ctx := context.Background()
+//	
+//	// Define a new role
+//	role := &Role{
+//	    Name: "Senior Developer",
+//	    Permissions: []Permission{
+//	        PermissionReadCode,
+//	        PermissionWriteCode,
+//	        PermissionViewArchitecture,
+//	    },
+//	    AccessLevel: AccessLevelHigh,
+//	}
+//	err := roleManager.CreateRole(ctx, role)
+//	
+//	// Assign role to user
+//	err = roleManager.AssignRole(ctx, "user123", "senior-developer")
+//	
+//	// Filter context based on role
+//	filter := roles.NewContextFilter(roleManager)
+//	filteredContext, err := filter.FilterContext(ctx, originalContext, "senior-developer")
+//	
+//	// Check permissions
+//	controller := roles.NewAccessController(roleManager)
+//	canAccess, err := controller.CheckPermission(ctx, "user123", PermissionViewArchitecture)
+//	if canAccess {
+//	    // Allow access to architectural context
+//	}
+//
+// Role Hierarchy:
+// The system supports hierarchical roles where higher-level roles inherit
+// permissions from lower-level roles. This enables flexible permission
+// management while maintaining security boundaries appropriate for different
+// team responsibilities and access needs.
+//
+// Access Levels:
+// Context information is classified into different access levels (Public,
+// Low, Medium, High, Critical) and roles are granted appropriate access
+// levels. This ensures sensitive information is only available to
+// authorized personnel while enabling collaboration on appropriate content.
+//
+// Temporal Access Control:
+// The system supports time-based access control where permissions can be
+// granted for specific time periods, enabling temporary access for
+// contractors, time-limited elevated permissions, and automatic access
+// revocation for compliance and security requirements.
+//
+// Performance Considerations:
+// - Permission caching with configurable TTL for fast access decisions
+// - Batch permission evaluation for efficiency with large contexts
+// - Pre-computed role hierarchies and permission inheritance
+// - Optimized context filtering algorithms for minimal overhead
+// - Background permission synchronization across cluster nodes
+//
+// Security Model:
+// All access control decisions are based on cryptographically verified
+// role assignments and permissions. The system integrates with the BZZZ
+// crypto infrastructure to ensure secure key distribution and context
+// encryption, preventing unauthorized access even in case of node
+// compromise or network interception.
+//
+// Audit and Compliance:
+// Comprehensive audit logging tracks all access control decisions,
+// permission changes, and context access patterns. This supports
+// compliance requirements, security analysis, and debugging of
+// access control issues while maintaining performance through
+// asynchronous logging and efficient storage.
+package roles