tony/CHORUS
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

Integrate BACKBEAT SDK and resolve KACHING license validation

Browse Source 
Major integrations and fixes:
- Added BACKBEAT SDK integration for P2P operation timing
- Implemented beat-aware status tracking for distributed operations
- Added Docker secrets support for secure license management
- Resolved KACHING license validation via HTTPS/TLS
- Updated docker-compose configuration for clean stack deployment
- Disabled rollback policies to prevent deployment failures
- Added license credential storage (CHORUS-DEV-MULTI-001)

Technical improvements:
- BACKBEAT P2P operation tracking with phase management
- Enhanced configuration system with file-based secrets
- Improved error handling for license validation
- Clean separation of KACHING and CHORUS deployment stacks

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
anthonyrawlins
2025-09-06 07:56:26 +10:00
parent 543ab216f9
commit 9bdcbe0447
4730 changed files with 1480093 additions and 1916 deletions
Download Patch File Download Diff File Expand all files Collapse all files

132
pkg/config/config.go
View File

@@ -2,25 +2,28 @@ package config
import (
"fmt"
"io/ioutil"
"os"
"strconv"
"strings"
"time"
)
// This is a container-adapted version of BZZZ's config system
// This is a container-adapted version of CHORUS's config system
// All configuration comes from environment variables instead of YAML files
// Config represents the complete CHORUS configuration loaded from environment variables
type Config struct {
Agent AgentConfig `yaml:"agent"`
Network NetworkConfig `yaml:"network"`
License LicenseConfig `yaml:"license"`
AI AIConfig `yaml:"ai"`
Logging LoggingConfig `yaml:"logging"`
V2 V2Config `yaml:"v2"`
UCXL UCXLConfig `yaml:"ucxl"`
Slurp SlurpConfig `yaml:"slurp"`
Agent AgentConfig `yaml:"agent"`
Network NetworkConfig `yaml:"network"`
License LicenseConfig `yaml:"license"`
AI AIConfig `yaml:"ai"`
Logging LoggingConfig `yaml:"logging"`
V2 V2Config `yaml:"v2"`
UCXL UCXLConfig `yaml:"ucxl"`
Slurp SlurpConfig `yaml:"slurp"`
Security SecurityConfig `yaml:"security"`
WHOOSHAPI WHOOSHAPIConfig `yaml:"whoosh_api"`
}
// AgentConfig defines agent-specific settings
@@ -46,10 +49,9 @@ type NetworkConfig struct {
BindAddr string `yaml:"bind_address"`
}
// LicenseConfig defines licensing settings (adapted from BZZZ)
// LicenseConfig defines licensing settings (adapted from CHORUS)
type LicenseConfig struct {
Email string `yaml:"email"`
LicenseKey string `yaml:"license_key"`
LicenseID string `yaml:"license_id"`
ClusterID string `yaml:"cluster_id"`
OrganizationName string `yaml:"organization_name"`
KachingURL string `yaml:"kaching_url"`
@@ -63,7 +65,9 @@ type LicenseConfig struct {
// AIConfig defines AI service settings
type AIConfig struct {
Ollama OllamaConfig `yaml:"ollama"`
Provider string `yaml:"provider"`
Ollama OllamaConfig `yaml:"ollama"`
ResetData ResetDataConfig `yaml:"resetdata"`
}
// OllamaConfig defines Ollama-specific settings
@@ -72,13 +76,21 @@ type OllamaConfig struct {
Timeout time.Duration `yaml:"timeout"`
}
// ResetDataConfig defines ResetData LLM service settings
type ResetDataConfig struct {
BaseURL string `yaml:"base_url"`
APIKey string `yaml:"api_key"`
Model string `yaml:"model"`
Timeout time.Duration `yaml:"timeout"`
}
// LoggingConfig defines logging settings
type LoggingConfig struct {
Level string `yaml:"level"`
Format string `yaml:"format"`
}
// V2Config defines v2-specific settings (from BZZZ)
// V2Config defines v2-specific settings (from CHORUS)
type V2Config struct {
DHT DHTConfig `yaml:"dht"`
}
@@ -119,6 +131,14 @@ type SlurpConfig struct {
Enabled bool `yaml:"enabled"`
}
// WHOOSHAPIConfig defines WHOOSH API integration settings
type WHOOSHAPIConfig struct {
URL string `yaml:"url"`
BaseURL string `yaml:"base_url"`
Token string `yaml:"token"`
Enabled bool `yaml:"enabled"`
}
// LoadFromEnvironment loads configuration from environment variables
func LoadFromEnvironment() (*Config, error) {
cfg := &Config{
@@ -127,13 +147,13 @@ func LoadFromEnvironment() (*Config, error) {
Specialization: getEnvOrDefault("CHORUS_SPECIALIZATION", "general_developer"),
MaxTasks: getEnvIntOrDefault("CHORUS_MAX_TASKS", 3),
Capabilities: getEnvArrayOrDefault("CHORUS_CAPABILITIES", []string{"general_development", "task_coordination"}),
Models: getEnvArrayOrDefault("CHORUS_MODELS", []string{"llama3.1:8b"}),
Models: getEnvArrayOrDefault("CHORUS_MODELS", []string{"meta/llama-3.1-8b-instruct"}),
Role: getEnvOrDefault("CHORUS_ROLE", ""),
Expertise: getEnvArrayOrDefault("CHORUS_EXPERTISE", []string{}),
ReportsTo: getEnvOrDefault("CHORUS_REPORTS_TO", ""),
Deliverables: getEnvArrayOrDefault("CHORUS_DELIVERABLES", []string{}),
ModelSelectionWebhook: getEnvOrDefault("CHORUS_MODEL_SELECTION_WEBHOOK", ""),
DefaultReasoningModel: getEnvOrDefault("CHORUS_DEFAULT_REASONING_MODEL", "llama3.1:8b"),
DefaultReasoningModel: getEnvOrDefault("CHORUS_DEFAULT_REASONING_MODEL", "meta/llama-3.1-8b-instruct"),
},
Network: NetworkConfig{
P2PPort: getEnvIntOrDefault("CHORUS_P2P_PORT", 9000),
@@ -142,8 +162,7 @@ func LoadFromEnvironment() (*Config, error) {
BindAddr: getEnvOrDefault("CHORUS_BIND_ADDRESS", "0.0.0.0"),
},
License: LicenseConfig{
Email: os.Getenv("CHORUS_LICENSE_EMAIL"),
LicenseKey: os.Getenv("CHORUS_LICENSE_KEY"),
LicenseID: getEnvOrFileContent("CHORUS_LICENSE_ID", "CHORUS_LICENSE_ID_FILE"),
ClusterID: getEnvOrDefault("CHORUS_CLUSTER_ID", "default-cluster"),
OrganizationName: getEnvOrDefault("CHORUS_ORGANIZATION_NAME", ""),
KachingURL: getEnvOrDefault("CHORUS_KACHING_URL", "https://kaching.chorus.services"),
@@ -151,10 +170,17 @@ func LoadFromEnvironment() (*Config, error) {
GracePeriodHours: getEnvIntOrDefault("CHORUS_GRACE_PERIOD_HOURS", 72),
},
AI: AIConfig{
Provider: getEnvOrDefault("CHORUS_AI_PROVIDER", "resetdata"),
Ollama: OllamaConfig{
Endpoint: getEnvOrDefault("OLLAMA_ENDPOINT", "http://localhost:11434"),
Timeout: getEnvDurationOrDefault("OLLAMA_TIMEOUT", 30*time.Second),
},
ResetData: ResetDataConfig{
BaseURL: getEnvOrDefault("RESETDATA_BASE_URL", "https://models.au-syd.resetdata.ai/v1"),
APIKey: os.Getenv("RESETDATA_API_KEY"),
Model: getEnvOrDefault("RESETDATA_MODEL", "meta/llama-3.1-8b-instruct"),
Timeout: getEnvDurationOrDefault("RESETDATA_TIMEOUT", 30*time.Second),
},
},
Logging: LoggingConfig{
Level: getEnvOrDefault("LOG_LEVEL", "info"),
@@ -183,6 +209,29 @@ func LoadFromEnvironment() (*Config, error) {
Slurp: SlurpConfig{
Enabled: getEnvBoolOrDefault("CHORUS_SLURP_ENABLED", false),
},
Security: SecurityConfig{
KeyRotationDays: getEnvIntOrDefault("CHORUS_KEY_ROTATION_DAYS", 30),
AuditLogging: getEnvBoolOrDefault("CHORUS_AUDIT_LOGGING", true),
AuditPath: getEnvOrDefault("CHORUS_AUDIT_PATH", "/tmp/chorus-audit.log"),
ElectionConfig: ElectionConfig{
DiscoveryTimeout: getEnvDurationOrDefault("CHORUS_DISCOVERY_TIMEOUT", 10*time.Second),
HeartbeatTimeout: getEnvDurationOrDefault("CHORUS_HEARTBEAT_TIMEOUT", 30*time.Second),
ElectionTimeout: getEnvDurationOrDefault("CHORUS_ELECTION_TIMEOUT", 60*time.Second),
DiscoveryBackoff: getEnvDurationOrDefault("CHORUS_DISCOVERY_BACKOFF", 5*time.Second),
LeadershipScoring: &LeadershipScoring{
UptimeWeight: 0.4,
CapabilityWeight: 0.3,
ExperienceWeight: 0.2,
LoadWeight: 0.1,
},
},
},
WHOOSHAPI: WHOOSHAPIConfig{
URL: getEnvOrDefault("WHOOSH_API_URL", "http://localhost:3000"),
BaseURL: getEnvOrDefault("WHOOSH_API_BASE_URL", "http://localhost:3000"),
Token: os.Getenv("WHOOSH_API_TOKEN"),
Enabled: getEnvBoolOrDefault("WHOOSH_API_ENABLED", false),
},
}
// Validate required configuration
@@ -195,12 +244,8 @@ func LoadFromEnvironment() (*Config, error) {
// Validate ensures all required configuration is present
func (c *Config) Validate() error {
if c.License.Email == "" {
return fmt.Errorf("CHORUS_LICENSE_EMAIL is required")
}
if c.License.LicenseKey == "" {
return fmt.Errorf("CHORUS_LICENSE_KEY is required")
if c.License.LicenseID == "" {
return fmt.Errorf("CHORUS_LICENSE_ID is required")
}
if c.Agent.ID == "" {
@@ -217,16 +262,16 @@ func (c *Config) Validate() error {
return nil
}
// ApplyRoleDefinition applies role-based configuration (from BZZZ)
// ApplyRoleDefinition applies role-based configuration (from CHORUS)
func (c *Config) ApplyRoleDefinition(role string) error {
// This would contain the role definition logic from BZZZ
// This would contain the role definition logic from CHORUS
c.Agent.Role = role
return nil
}
// GetRoleAuthority returns the authority level for a role (from BZZZ)
// GetRoleAuthority returns the authority level for a role (from CHORUS)
func (c *Config) GetRoleAuthority(role string) (string, error) {
// This would contain the authority mapping from BZZZ
// This would contain the authority mapping from CHORUS
switch role {
case "admin":
return "master", nil
@@ -278,6 +323,23 @@ func getEnvArrayOrDefault(key string, defaultValue []string) []string {
return defaultValue
}
// getEnvOrFileContent reads from environment variable or file (for Docker secrets support)
func getEnvOrFileContent(envKey, fileEnvKey string) string {
// First try the direct environment variable
if value := os.Getenv(envKey); value != "" {
return value
}
// Then try reading from file path specified in fileEnvKey
if filePath := os.Getenv(fileEnvKey); filePath != "" {
if content, err := ioutil.ReadFile(filePath); err == nil {
return strings.TrimSpace(string(content))
}
}
return ""
}
// IsSetupRequired checks if setup is required (always false for containers)
func IsSetupRequired(configPath string) bool {
return false // Containers are always pre-configured via environment
@@ -285,5 +347,17 @@ func IsSetupRequired(configPath string) bool {
// IsValidConfiguration validates configuration (simplified for containers)
func IsValidConfiguration(cfg *Config) bool {
return cfg.License.Email != "" && cfg.License.LicenseKey != ""
return cfg.License.LicenseID != "" && cfg.License.ClusterID != ""
}
// LoadConfig loads configuration from file (for API compatibility)
func LoadConfig(configPath string) (*Config, error) {
// For containers, always load from environment
return LoadFromEnvironment()
}
// SaveConfig saves configuration to file (stub for API compatibility)
func SaveConfig(cfg *Config, configPath string) error {
// For containers, configuration is environment-based, so this is a no-op
return nil
}

188
pkg/config/defaults.go
View File

@@ -1,188 +0,0 @@
package config
import (
"fmt"
"os"
"path/filepath"
"time"
)
// DefaultConfigPaths returns the default locations to search for config files
func DefaultConfigPaths() []string {
homeDir, _ := os.UserHomeDir()
return []string{
"./bzzz.yaml",
"./config/bzzz.yaml",
filepath.Join(homeDir, ".config", "bzzz", "config.yaml"),
"/etc/bzzz/config.yaml",
}
}
// GetNodeSpecificDefaults returns configuration defaults based on the node
func GetNodeSpecificDefaults(nodeID string) *Config {
config := getDefaultConfig()
// Set node-specific agent ID
config.Agent.ID = nodeID
// Set node-specific capabilities and models based on known cluster setup
switch {
case nodeID == "walnut" || containsString(nodeID, "walnut"):
config.Agent.Capabilities = []string{"task-coordination", "meta-discussion", "ollama-reasoning", "code-generation"}
config.Agent.Models = []string{"starcoder2:15b", "deepseek-coder-v2", "qwen3:14b", "phi3"}
config.Agent.Specialization = "code_generation"
case nodeID == "ironwood" || containsString(nodeID, "ironwood"):
config.Agent.Capabilities = []string{"task-coordination", "meta-discussion", "ollama-reasoning", "advanced-reasoning"}
config.Agent.Models = []string{"phi4:14b", "phi4-reasoning:14b", "gemma3:12b", "devstral"}
config.Agent.Specialization = "advanced_reasoning"
case nodeID == "acacia" || containsString(nodeID, "acacia"):
config.Agent.Capabilities = []string{"task-coordination", "meta-discussion", "ollama-reasoning", "code-analysis"}
config.Agent.Models = []string{"qwen2.5-coder", "deepseek-r1", "codellama", "llava"}
config.Agent.Specialization = "code_analysis"
default:
// Generic defaults for unknown nodes
config.Agent.Capabilities = []string{"task-coordination", "meta-discussion", "general"}
config.Agent.Models = []string{"phi3", "llama3.1"}
config.Agent.Specialization = "general_developer"
}
return config
}
// GetEnvironmentSpecificDefaults returns defaults based on environment
func GetEnvironmentSpecificDefaults(environment string) *Config {
config := getDefaultConfig()
switch environment {
case "development", "dev":
config.WHOOSHAPI.BaseURL = "http://localhost:8000"
config.P2P.EscalationWebhook = "http://localhost:5678/webhook-test/human-escalation"
config.Logging.Level = "debug"
config.Agent.PollInterval = 10 * time.Second
case "staging":
config.WHOOSHAPI.BaseURL = "https://hive-staging.home.deepblack.cloud"
config.P2P.EscalationWebhook = "https://n8n-staging.home.deepblack.cloud/webhook-test/human-escalation"
config.Logging.Level = "info"
config.Agent.PollInterval = 20 * time.Second
case "production", "prod":
config.WHOOSHAPI.BaseURL = "https://hive.home.deepblack.cloud"
config.P2P.EscalationWebhook = "https://n8n.home.deepblack.cloud/webhook-test/human-escalation"
config.Logging.Level = "warn"
config.Agent.PollInterval = 30 * time.Second
default:
// Default to production-like settings
config.Logging.Level = "info"
}
return config
}
// GetCapabilityPresets returns predefined capability sets
func GetCapabilityPresets() map[string][]string {
return map[string][]string{
"senior_developer": {
"task-coordination",
"meta-discussion",
"ollama-reasoning",
"code-generation",
"code-review",
"architecture",
},
"code_reviewer": {
"task-coordination",
"meta-discussion",
"ollama-reasoning",
"code-review",
"security-analysis",
"best-practices",
},
"debugger_specialist": {
"task-coordination",
"meta-discussion",
"ollama-reasoning",
"debugging",
"error-analysis",
"troubleshooting",
},
"devops_engineer": {
"task-coordination",
"meta-discussion",
"deployment",
"infrastructure",
"monitoring",
"automation",
},
"test_engineer": {
"task-coordination",
"meta-discussion",
"testing",
"quality-assurance",
"test-automation",
"validation",
},
"general_developer": {
"task-coordination",
"meta-discussion",
"ollama-reasoning",
"general",
},
}
}
// ApplyCapabilityPreset applies a predefined capability preset to the config
func (c *Config) ApplyCapabilityPreset(presetName string) error {
presets := GetCapabilityPresets()
capabilities, exists := presets[presetName]
if !exists {
return fmt.Errorf("unknown capability preset: %s", presetName)
}
c.Agent.Capabilities = capabilities
c.Agent.Specialization = presetName
return nil
}
// GetModelPresets returns predefined model sets for different specializations
func GetModelPresets() map[string][]string {
return map[string][]string{
"code_generation": {
"starcoder2:15b",
"deepseek-coder-v2",
"codellama",
},
"advanced_reasoning": {
"phi4:14b",
"phi4-reasoning:14b",
"deepseek-r1",
},
"code_analysis": {
"qwen2.5-coder",
"deepseek-coder-v2",
"codellama",
},
"general_purpose": {
"phi3",
"llama3.1:8b",
"qwen3",
},
"vision_tasks": {
"llava",
"llava:13b",
},
}
}
// containsString checks if a string contains a substring (case-insensitive)
func containsString(s, substr string) bool {
return len(s) >= len(substr) &&
(s[:len(substr)] == substr || s[len(s)-len(substr):] == substr)
}

4
pkg/config/hybrid_config.go
View File

@@ -44,7 +44,7 @@ type DiscoveryConfig struct {
MDNSEnabled bool `env:"BZZZ_MDNS_ENABLED" default:"true" json:"mdns_enabled" yaml:"mdns_enabled"`
DHTDiscovery bool `env:"BZZZ_DHT_DISCOVERY" default:"false" json:"dht_discovery" yaml:"dht_discovery"`
AnnounceInterval time.Duration `env:"BZZZ_ANNOUNCE_INTERVAL" default:"30s" json:"announce_interval" yaml:"announce_interval"`
ServiceName string `env:"BZZZ_SERVICE_NAME" default:"bzzz" json:"service_name" yaml:"service_name"`
ServiceName string `env:"BZZZ_SERVICE_NAME" default:"CHORUS" json:"service_name" yaml:"service_name"`
}
type MonitoringConfig struct {
@@ -82,7 +82,7 @@ func LoadHybridConfig() (*HybridConfig, error) {
MDNSEnabled: getEnvBool("BZZZ_MDNS_ENABLED", true),
DHTDiscovery: getEnvBool("BZZZ_DHT_DISCOVERY", false),
AnnounceInterval: getEnvDuration("BZZZ_ANNOUNCE_INTERVAL", 30*time.Second),
ServiceName: getEnvString("BZZZ_SERVICE_NAME", "bzzz"),
ServiceName: getEnvString("BZZZ_SERVICE_NAME", "CHORUS"),
}
// Load Monitoring configuration

573
pkg/config/roles.go
View File

@@ -1,573 +0,0 @@
package config
import (
"fmt"
"strings"
"time"
)
// AuthorityLevel defines the decision-making authority of a role
type AuthorityLevel string
const (
AuthorityMaster AuthorityLevel = "master" // Full admin access, can decrypt all roles (SLURP functionality)
AuthorityDecision AuthorityLevel = "decision" // Can make permanent decisions
AuthorityCoordination AuthorityLevel = "coordination" // Can coordinate across roles
AuthoritySuggestion AuthorityLevel = "suggestion" // Can suggest, no permanent decisions
AuthorityReadOnly AuthorityLevel = "read_only" // Observer access only
)
// AgeKeyPair holds Age encryption keys for a role
type AgeKeyPair struct {
PublicKey string `yaml:"public,omitempty" json:"public,omitempty"`
PrivateKey string `yaml:"private,omitempty" json:"private,omitempty"`
}
// ShamirShare represents a share of the admin secret key
type ShamirShare struct {
Index int `yaml:"index" json:"index"`
Share string `yaml:"share" json:"share"`
Threshold int `yaml:"threshold" json:"threshold"`
TotalShares int `yaml:"total_shares" json:"total_shares"`
}
// ElectionConfig defines consensus election parameters
type ElectionConfig struct {
// Trigger timeouts
HeartbeatTimeout time.Duration `yaml:"heartbeat_timeout" json:"heartbeat_timeout"`
DiscoveryTimeout time.Duration `yaml:"discovery_timeout" json:"discovery_timeout"`
ElectionTimeout time.Duration `yaml:"election_timeout" json:"election_timeout"`
// Discovery settings
MaxDiscoveryAttempts int `yaml:"max_discovery_attempts" json:"max_discovery_attempts"`
DiscoveryBackoff time.Duration `yaml:"discovery_backoff" json:"discovery_backoff"`
// Consensus requirements
MinimumQuorum int `yaml:"minimum_quorum" json:"minimum_quorum"`
ConsensusAlgorithm string `yaml:"consensus_algorithm" json:"consensus_algorithm"` // "raft", "pbft"
// Split brain detection
SplitBrainDetection bool `yaml:"split_brain_detection" json:"split_brain_detection"`
ConflictResolution string `yaml:"conflict_resolution,omitempty" json:"conflict_resolution,omitempty"`
}
// RoleDefinition represents a complete role definition with authority and encryption
type RoleDefinition struct {
// Existing fields from Bees-AgenticWorkers
Name string `yaml:"name"`
SystemPrompt string `yaml:"system_prompt"`
ReportsTo []string `yaml:"reports_to"`
Expertise []string `yaml:"expertise"`
Deliverables []string `yaml:"deliverables"`
Capabilities []string `yaml:"capabilities"`
// Collaboration preferences
CollaborationDefaults CollaborationConfig `yaml:"collaboration_defaults"`
// NEW: Authority and encryption fields for Phase 2A
AuthorityLevel AuthorityLevel `yaml:"authority_level" json:"authority_level"`
CanDecrypt []string `yaml:"can_decrypt,omitempty" json:"can_decrypt,omitempty"` // Roles this role can decrypt
AgeKeys AgeKeyPair `yaml:"age_keys,omitempty" json:"age_keys,omitempty"`
PromptTemplate string `yaml:"prompt_template,omitempty" json:"prompt_template,omitempty"`
Model string `yaml:"model,omitempty" json:"model,omitempty"`
MaxTasks int `yaml:"max_tasks,omitempty" json:"max_tasks,omitempty"`
// Special functions (for admin/specialized roles)
SpecialFunctions []string `yaml:"special_functions,omitempty" json:"special_functions,omitempty"`
// Decision context
DecisionScope []string `yaml:"decision_scope,omitempty" json:"decision_scope,omitempty"` // What domains this role can decide on
}
// GetPredefinedRoles returns all predefined roles from Bees-AgenticWorkers.md
func GetPredefinedRoles() map[string]RoleDefinition {
return map[string]RoleDefinition{
// NEW: Admin role with SLURP functionality
"admin": {
Name: "SLURP Admin Agent",
SystemPrompt: "You are the **SLURP Admin Agent** with master authority level and context curation functionality.\n\n* **Responsibilities:** Maintain global context graph, ingest and analyze all distributed decisions, manage key reconstruction, coordinate admin elections.\n* **Authority:** Can decrypt and analyze all role-encrypted decisions, publish system-level decisions, manage cluster security.\n* **Special Functions:** Context curation, decision ingestion, semantic analysis, key reconstruction, admin election coordination.\n* **Reports To:** Distributed consensus (no single authority).\n* **Deliverables:** Global context analysis, decision quality metrics, cluster health reports, security audit logs.",
ReportsTo: []string{}, // Admin reports to consensus
Expertise: []string{"context_curation", "decision_analysis", "semantic_indexing", "distributed_systems", "security", "consensus_algorithms"},
Deliverables: []string{"global_context_graph", "decision_quality_metrics", "cluster_health_reports", "security_audit_logs"},
Capabilities: []string{"context_curation", "decision_ingestion", "semantic_analysis", "key_reconstruction", "admin_election", "cluster_coordination"},
AuthorityLevel: AuthorityMaster,
CanDecrypt: []string{"*"}, // Can decrypt all roles
SpecialFunctions: []string{"slurp_functionality", "admin_election", "key_management", "consensus_coordination"},
Model: "gpt-4o",
MaxTasks: 10,
DecisionScope: []string{"system", "security", "architecture", "operations", "consensus"},
CollaborationDefaults: CollaborationConfig{
PreferredMessageTypes: []string{"admin_election", "key_reconstruction", "consensus_request", "system_alert"},
AutoSubscribeToRoles: []string{"senior_software_architect", "security_expert", "systems_engineer"},
AutoSubscribeToExpertise: []string{"architecture", "security", "infrastructure", "consensus"},
ResponseTimeoutSeconds: 60, // Fast response for admin duties
MaxCollaborationDepth: 10,
EscalationThreshold: 1, // Immediate escalation for admin issues
},
},
"senior_software_architect": {
Name: "Senior Software Architect",
SystemPrompt: "You are the **Senior Software Architect**. You define the system's overall structure, select tech stacks, and ensure long-term maintainability.\n\n* **Responsibilities:** Draft high-level architecture diagrams, define API contracts, set coding standards, mentor engineering leads.\n* **Authority:** Can make strategic technical decisions that are published as permanent UCXL decision nodes.\n* **Expertise:** Deep experience in multiple programming paradigms, distributed systems, security models, and cloud architectures.\n* **Reports To:** Product Owner / Technical Director.\n* **Deliverables:** Architecture blueprints, tech stack decisions, integration strategies, and review sign-offs on major design changes.",
ReportsTo: []string{"product_owner", "technical_director", "admin"},
Expertise: []string{"architecture", "distributed_systems", "security", "cloud_architectures", "api_design"},
Deliverables: []string{"architecture_blueprints", "tech_stack_decisions", "integration_strategies", "design_reviews"},
Capabilities: []string{"task-coordination", "meta-discussion", "architecture", "code-review", "mentoring"},
AuthorityLevel: AuthorityDecision,
CanDecrypt: []string{"senior_software_architect", "backend_developer", "frontend_developer", "full_stack_engineer", "database_engineer"},
Model: "gpt-4o",
MaxTasks: 5,
DecisionScope: []string{"architecture", "design", "technology_selection", "system_integration"},
CollaborationDefaults: CollaborationConfig{
PreferredMessageTypes: []string{"coordination_request", "meta_discussion", "escalation_trigger"},
AutoSubscribeToRoles: []string{"lead_designer", "security_expert", "systems_engineer"},
AutoSubscribeToExpertise: []string{"architecture", "security", "infrastructure"},
ResponseTimeoutSeconds: 300,
MaxCollaborationDepth: 5,
EscalationThreshold: 3,
},
},
"lead_designer": {
Name: "Lead Designer",
SystemPrompt: "You are the **Lead Designer**. You guide the creative vision and maintain design cohesion across the product.\n\n* **Responsibilities:** Oversee UX flow, wireframes, and feature design; ensure consistency of theme and style; mediate between product vision and technical constraints.\n* **Authority:** Can make design decisions that influence product direction and user experience.\n* **Expertise:** UI/UX principles, accessibility, information architecture, Figma/Sketch proficiency.\n* **Reports To:** Product Owner.\n* **Deliverables:** Style guides, wireframes, feature specs, and iterative design documentation.",
ReportsTo: []string{"product_owner", "admin"},
Expertise: []string{"ui_ux", "accessibility", "information_architecture", "design_systems", "user_research"},
Deliverables: []string{"style_guides", "wireframes", "feature_specs", "design_documentation"},
Capabilities: []string{"task-coordination", "meta-discussion", "design", "user_experience"},
AuthorityLevel: AuthorityDecision,
CanDecrypt: []string{"lead_designer", "ui_ux_designer", "frontend_developer"},
Model: "gpt-4o",
MaxTasks: 4,
DecisionScope: []string{"design", "user_experience", "accessibility", "visual_identity"},
CollaborationDefaults: CollaborationConfig{
PreferredMessageTypes: []string{"task_help_request", "coordination_request", "meta_discussion"},
AutoSubscribeToRoles: []string{"ui_ux_designer", "frontend_developer"},
AutoSubscribeToExpertise: []string{"design", "frontend", "user_experience"},
ResponseTimeoutSeconds: 180,
MaxCollaborationDepth: 3,
EscalationThreshold: 2,
},
},
"security_expert": {
Name: "Security Expert",
SystemPrompt: "You are the **Security Expert**. You ensure the system is hardened against vulnerabilities.\n\n* **Responsibilities:** Conduct threat modeling, penetration tests, code reviews for security flaws, and define access control policies.\n* **Authority:** Can make security-related decisions and coordinate security implementations across teams.\n* **Expertise:** Cybersecurity frameworks (OWASP, NIST), encryption, key management, zero-trust systems.\n* **Reports To:** Senior Software Architect.\n* **Deliverables:** Security audits, vulnerability reports, risk mitigation plans, compliance documentation.",
ReportsTo: []string{"senior_software_architect", "admin"},
Expertise: []string{"cybersecurity", "owasp", "nist", "encryption", "key_management", "zero_trust", "penetration_testing"},
Deliverables: []string{"security_audits", "vulnerability_reports", "risk_mitigation_plans", "compliance_documentation"},
Capabilities: []string{"task-coordination", "meta-discussion", "security-analysis", "code-review", "threat-modeling"},
AuthorityLevel: AuthorityCoordination,
CanDecrypt: []string{"security_expert", "backend_developer", "devops_engineer", "systems_engineer"},
Model: "gpt-4o",
MaxTasks: 4,
DecisionScope: []string{"security", "access_control", "threat_mitigation", "compliance"},
CollaborationDefaults: CollaborationConfig{
PreferredMessageTypes: []string{"dependency_alert", "task_help_request", "escalation_trigger"},
AutoSubscribeToRoles: []string{"backend_developer", "devops_engineer", "senior_software_architect"},
AutoSubscribeToExpertise: []string{"security", "backend", "infrastructure"},
ResponseTimeoutSeconds: 120,
MaxCollaborationDepth: 4,
EscalationThreshold: 1,
},
},
"systems_engineer": {
Name: "Systems Engineer",
SystemPrompt: "You are the **Systems Engineer**. You connect hardware, operating systems, and software infrastructure.\n\n* **Responsibilities:** Configure OS environments, network setups, and middleware; ensure system performance and uptime.\n* **Expertise:** Linux/Unix systems, networking, hardware integration, automation tools.\n* **Reports To:** Technical Lead.\n* **Deliverables:** Infrastructure configurations, system diagrams, performance benchmarks.",
ReportsTo: []string{"technical_lead"},
Expertise: []string{"linux", "unix", "networking", "hardware_integration", "automation", "system_administration"},
Deliverables: []string{"infrastructure_configurations", "system_diagrams", "performance_benchmarks"},
Capabilities: []string{"task-coordination", "meta-discussion", "infrastructure", "system_administration", "automation"},
CollaborationDefaults: CollaborationConfig{
PreferredMessageTypes: []string{"coordination_request", "dependency_alert", "task_help_request"},
AutoSubscribeToRoles: []string{"devops_engineer", "backend_developer"},
AutoSubscribeToExpertise: []string{"infrastructure", "deployment", "monitoring"},
ResponseTimeoutSeconds: 240,
MaxCollaborationDepth: 3,
EscalationThreshold: 2,
},
},
"frontend_developer": {
Name: "Frontend Developer",
SystemPrompt: "You are the **Frontend Developer**. You turn designs into interactive interfaces.\n\n* **Responsibilities:** Build UI components, optimize performance, ensure cross-browser/device compatibility, and integrate frontend with backend APIs.\n* **Expertise:** HTML, CSS, JavaScript/TypeScript, React/Vue/Angular, accessibility standards.\n* **Reports To:** Frontend Lead or Senior Architect.\n* **Deliverables:** Functional UI screens, reusable components, and documented frontend code.",
ReportsTo: []string{"frontend_lead", "senior_software_architect"},
Expertise: []string{"html", "css", "javascript", "typescript", "react", "vue", "angular", "accessibility"},
Deliverables: []string{"ui_screens", "reusable_components", "frontend_code", "documentation"},
Capabilities: []string{"task-coordination", "meta-discussion", "frontend", "ui_development", "component_design"},
CollaborationDefaults: CollaborationConfig{
PreferredMessageTypes: []string{"task_help_request", "coordination_request", "task_help_response"},
AutoSubscribeToRoles: []string{"ui_ux_designer", "backend_developer", "lead_designer"},
AutoSubscribeToExpertise: []string{"design", "backend", "api_integration"},
ResponseTimeoutSeconds: 180,
MaxCollaborationDepth: 3,
EscalationThreshold: 2,
},
},
"backend_developer": {
Name: "Backend Developer",
SystemPrompt: "You are the **Backend Developer**. You create APIs, logic, and server-side integrations.\n\n* **Responsibilities:** Implement core logic, manage data pipelines, enforce security, and support scaling strategies.\n* **Expertise:** Server frameworks, REST/GraphQL APIs, authentication, caching, microservices.\n* **Reports To:** Backend Lead or Senior Architect.\n* **Deliverables:** API endpoints, backend services, unit tests, and deployment-ready server code.",
ReportsTo: []string{"backend_lead", "senior_software_architect"},
Expertise: []string{"server_frameworks", "rest_api", "graphql", "authentication", "caching", "microservices", "databases"},
Deliverables: []string{"api_endpoints", "backend_services", "unit_tests", "server_code"},
Capabilities: []string{"task-coordination", "meta-discussion", "backend", "api_development", "database_design"},
CollaborationDefaults: CollaborationConfig{
PreferredMessageTypes: []string{"task_help_request", "coordination_request", "dependency_alert"},
AutoSubscribeToRoles: []string{"database_engineer", "frontend_developer", "security_expert"},
AutoSubscribeToExpertise: []string{"database", "frontend", "security"},
ResponseTimeoutSeconds: 200,
MaxCollaborationDepth: 4,
EscalationThreshold: 2,
},
},
"qa_engineer": {
Name: "QA Engineer",
SystemPrompt: "You are the **QA Engineer**. You ensure the system is reliable and bug-free.\n\n* **Responsibilities:** Create test plans, execute manual and automated tests, document bugs, and verify fixes.\n* **Expertise:** QA methodologies, Selenium/Cypress, regression testing, performance testing.\n* **Reports To:** QA Lead.\n* **Deliverables:** Test scripts, bug reports, QA coverage metrics, and sign-off on release quality.",
ReportsTo: []string{"qa_lead"},
Expertise: []string{"qa_methodologies", "selenium", "cypress", "regression_testing", "performance_testing", "test_automation"},
Deliverables: []string{"test_scripts", "bug_reports", "qa_metrics", "release_signoff"},
Capabilities: []string{"task-coordination", "meta-discussion", "testing", "quality_assurance", "test_automation"},
CollaborationDefaults: CollaborationConfig{
PreferredMessageTypes: []string{"task_help_request", "dependency_alert", "coordination_complete"},
AutoSubscribeToRoles: []string{"frontend_developer", "backend_developer", "devops_engineer"},
AutoSubscribeToExpertise: []string{"testing", "deployment", "automation"},
ResponseTimeoutSeconds: 150,
MaxCollaborationDepth: 3,
EscalationThreshold: 2,
},
},
"ui_ux_designer": {
Name: "UI/UX Designer",
SystemPrompt: "You are the **UI/UX Designer**. You shape how users interact with the product.\n\n* **Responsibilities:** Produce wireframes, prototypes, and design systems; ensure user flows are intuitive.\n* **Expertise:** Human-computer interaction, usability testing, Figma/Sketch, accessibility.\n* **Reports To:** Lead Designer.\n* **Deliverables:** Interactive prototypes, annotated mockups, and updated design documentation.",
ReportsTo: []string{"lead_designer"},
Expertise: []string{"human_computer_interaction", "usability_testing", "figma", "sketch", "accessibility", "user_flows"},
Deliverables: []string{"interactive_prototypes", "annotated_mockups", "design_documentation"},
Capabilities: []string{"task-coordination", "meta-discussion", "design", "prototyping", "user_research"},
CollaborationDefaults: CollaborationConfig{
PreferredMessageTypes: []string{"task_help_request", "coordination_request", "meta_discussion"},
AutoSubscribeToRoles: []string{"frontend_developer", "lead_designer"},
AutoSubscribeToExpertise: []string{"frontend", "design", "user_experience"},
ResponseTimeoutSeconds: 180,
MaxCollaborationDepth: 3,
EscalationThreshold: 2,
},
},
"ml_engineer": {
Name: "ML Engineer",
SystemPrompt: "You are the **Machine Learning Engineer**. You design, train, and integrate AI models into the product.\n\n* **Responsibilities:** Build pipelines, preprocess data, evaluate models, and deploy ML solutions.\n* **Expertise:** Python, TensorFlow/PyTorch, data engineering, model optimization.\n* **Reports To:** Senior Software Architect or Product Owner (depending on AI strategy).\n* **Deliverables:** Trained models, inference APIs, documentation of datasets and performance metrics.",
ReportsTo: []string{"senior_software_architect", "product_owner"},
Expertise: []string{"python", "tensorflow", "pytorch", "data_engineering", "model_optimization", "machine_learning"},
Deliverables: []string{"trained_models", "inference_apis", "dataset_documentation", "performance_metrics"},
Capabilities: []string{"task-coordination", "meta-discussion", "machine_learning", "data_analysis", "model_deployment"},
CollaborationDefaults: CollaborationConfig{
PreferredMessageTypes: []string{"task_help_request", "coordination_request", "meta_discussion"},
AutoSubscribeToRoles: []string{"backend_developer", "database_engineer", "devops_engineer"},
AutoSubscribeToExpertise: []string{"backend", "database", "deployment"},
ResponseTimeoutSeconds: 300,
MaxCollaborationDepth: 4,
EscalationThreshold: 3,
},
},
"devops_engineer": {
Name: "DevOps Engineer",
SystemPrompt: "You are the **DevOps Engineer**. You automate and maintain build, deployment, and monitoring systems.\n\n* **Responsibilities:** Manage CI/CD pipelines, infrastructure as code, observability, and rollback strategies.\n* **Expertise:** Docker, Kubernetes, Terraform, GitHub Actions/Jenkins, cloud providers.\n* **Reports To:** Systems Engineer or Senior Architect.\n* **Deliverables:** CI/CD configurations, monitoring dashboards, and operational runbooks.",
ReportsTo: []string{"systems_engineer", "senior_software_architect"},
Expertise: []string{"docker", "kubernetes", "terraform", "cicd", "github_actions", "jenkins", "cloud_providers", "monitoring"},
Deliverables: []string{"cicd_configurations", "monitoring_dashboards", "operational_runbooks"},
Capabilities: []string{"task-coordination", "meta-discussion", "deployment", "automation", "monitoring", "infrastructure"},
CollaborationDefaults: CollaborationConfig{
PreferredMessageTypes: []string{"coordination_request", "dependency_alert", "task_help_request"},
AutoSubscribeToRoles: []string{"backend_developer", "systems_engineer", "security_expert"},
AutoSubscribeToExpertise: []string{"backend", "infrastructure", "security"},
ResponseTimeoutSeconds: 240,
MaxCollaborationDepth: 4,
EscalationThreshold: 2,
},
},
"specialist_3d": {
Name: "3D Specialist",
SystemPrompt: "You are the **3D Specialist**. You create and optimize 3D assets for the product.\n\n* **Responsibilities:** Model, texture, and rig characters, environments, and props; ensure performance-friendly assets.\n* **Expertise:** Blender, Maya, Substance Painter, Unity/Unreal pipelines, optimization techniques.\n* **Reports To:** Art Director or Lead Designer.\n* **Deliverables:** Game-ready 3D assets, texture packs, rigged models, and export guidelines.",
ReportsTo: []string{"art_director", "lead_designer"},
Expertise: []string{"blender", "maya", "substance_painter", "unity", "unreal", "3d_modeling", "texturing", "rigging"},
Deliverables: []string{"3d_assets", "texture_packs", "rigged_models", "export_guidelines"},
Capabilities: []string{"task-coordination", "meta-discussion", "3d_modeling", "asset_optimization"},
CollaborationDefaults: CollaborationConfig{
PreferredMessageTypes: []string{"task_help_request", "coordination_request", "meta_discussion"},
AutoSubscribeToRoles: []string{"lead_designer", "engine_programmer"},
AutoSubscribeToExpertise: []string{"design", "engine", "optimization"},
ResponseTimeoutSeconds: 300,
MaxCollaborationDepth: 3,
EscalationThreshold: 2,
},
},
"technical_writer": {
Name: "Technical Writer",
SystemPrompt: "You are the **Technical Writer**. You make sure all documentation is accurate and user-friendly.\n\n* **Responsibilities:** Write developer docs, API references, user manuals, and release notes.\n* **Expertise:** Strong writing skills, Markdown, diagramming, understanding of tech stacks.\n* **Reports To:** Product Owner or Project Manager.\n* **Deliverables:** User guides, developer onboarding docs, and API documentation.",
ReportsTo: []string{"product_owner", "project_manager"},
Expertise: []string{"technical_writing", "markdown", "diagramming", "documentation", "user_guides"},
Deliverables: []string{"user_guides", "developer_docs", "api_documentation", "release_notes"},
Capabilities: []string{"task-coordination", "meta-discussion", "documentation", "technical_writing"},
CollaborationDefaults: CollaborationConfig{
PreferredMessageTypes: []string{"task_help_request", "coordination_complete", "meta_discussion"},
AutoSubscribeToRoles: []string{"backend_developer", "frontend_developer", "senior_software_architect"},
AutoSubscribeToExpertise: []string{"api_design", "documentation", "architecture"},
ResponseTimeoutSeconds: 200,
MaxCollaborationDepth: 3,
EscalationThreshold: 2,
},
},
"full_stack_engineer": {
Name: "Full Stack Engineer",
SystemPrompt: "You are the **Full Stack Engineer**. You bridge frontend and backend to build complete features.\n\n* **Responsibilities:** Implement end-to-end features, debug across the stack, and assist in both client and server layers.\n* **Expertise:** Modern JS frameworks, backend APIs, databases, cloud deployment.\n* **Reports To:** Senior Architect or Tech Lead.\n* **Deliverables:** Full feature implementations, integration tests, and code linking UI to backend.",
ReportsTo: []string{"senior_software_architect", "tech_lead"},
Expertise: []string{"javascript", "frontend_frameworks", "backend_apis", "databases", "cloud_deployment", "full_stack"},
Deliverables: []string{"feature_implementations", "integration_tests", "end_to_end_code"},
Capabilities: []string{"task-coordination", "meta-discussion", "frontend", "backend", "full_stack_development"},
CollaborationDefaults: CollaborationConfig{
PreferredMessageTypes: []string{"task_help_request", "coordination_request", "task_help_response"},
AutoSubscribeToRoles: []string{"frontend_developer", "backend_developer", "database_engineer"},
AutoSubscribeToExpertise: []string{"frontend", "backend", "database"},
ResponseTimeoutSeconds: 200,
MaxCollaborationDepth: 4,
EscalationThreshold: 2,
},
},
"database_engineer": {
Name: "Database Engineer",
SystemPrompt: "You are the **Database Engineer**. You design and maintain data structures for performance and reliability.\n\n* **Responsibilities:** Design schemas, optimize queries, manage migrations, and implement backup strategies.\n* **Expertise:** SQL/NoSQL databases, indexing, query tuning, replication/sharding.\n* **Reports To:** Backend Lead or Senior Architect.\n* **Deliverables:** Schema diagrams, migration scripts, tuning reports, and disaster recovery plans.",
ReportsTo: []string{"backend_lead", "senior_software_architect"},
Expertise: []string{"sql", "nosql", "indexing", "query_tuning", "replication", "sharding", "database_design"},
Deliverables: []string{"schema_diagrams", "migration_scripts", "tuning_reports", "disaster_recovery_plans"},
Capabilities: []string{"task-coordination", "meta-discussion", "database_design", "query_optimization", "data_modeling"},
CollaborationDefaults: CollaborationConfig{
PreferredMessageTypes: []string{"task_help_request", "dependency_alert", "coordination_request"},
AutoSubscribeToRoles: []string{"backend_developer", "ml_engineer", "devops_engineer"},
AutoSubscribeToExpertise: []string{"backend", "machine_learning", "deployment"},
ResponseTimeoutSeconds: 240,
MaxCollaborationDepth: 3,
EscalationThreshold: 2,
},
},
"engine_programmer": {
Name: "Engine Programmer",
SystemPrompt: "You are the **Engine Programmer**. You work close to the metal to extend and optimize the engine.\n\n* **Responsibilities:** Develop low-level systems (rendering, physics, memory), maintain performance, and enable tools for designers/artists.\n* **Expertise:** C++/Rust, graphics APIs (Vulkan/DirectX/OpenGL), performance profiling, game/real-time engines.\n* **Reports To:** Senior Software Architect or Technical Director.\n* **Deliverables:** Engine modules, profiling reports, performance patches, and technical documentation.",
ReportsTo: []string{"senior_software_architect", "technical_director"},
Expertise: []string{"cpp", "rust", "vulkan", "directx", "opengl", "performance_profiling", "game_engines", "low_level_programming"},
Deliverables: []string{"engine_modules", "profiling_reports", "performance_patches", "technical_documentation"},
Capabilities: []string{"task-coordination", "meta-discussion", "engine_development", "performance_optimization", "low_level_programming"},
CollaborationDefaults: CollaborationConfig{
PreferredMessageTypes: []string{"task_help_request", "meta_discussion", "coordination_request"},
AutoSubscribeToRoles: []string{"specialist_3d", "senior_software_architect"},
AutoSubscribeToExpertise: []string{"3d_modeling", "architecture", "optimization"},
ResponseTimeoutSeconds: 300,
MaxCollaborationDepth: 4,
EscalationThreshold: 3,
},
},
}
}
// ApplyRoleDefinition applies a predefined role to the agent config
func (c *Config) ApplyRoleDefinition(roleName string) error {
roles := GetPredefinedRoles()
role, exists := roles[roleName]
if !exists {
return fmt.Errorf("unknown role: %s", roleName)
}
// Apply existing role configuration
c.Agent.Role = role.Name
c.Agent.SystemPrompt = role.SystemPrompt
c.Agent.ReportsTo = role.ReportsTo
c.Agent.Expertise = role.Expertise
c.Agent.Deliverables = role.Deliverables
c.Agent.Capabilities = role.Capabilities
c.Agent.CollaborationSettings = role.CollaborationDefaults
// Apply NEW authority and encryption settings
if role.Model != "" {
// Set primary model for this role
c.Agent.DefaultReasoningModel = role.Model
// Ensure it's in the models list
if !contains(c.Agent.Models, role.Model) {
c.Agent.Models = append([]string{role.Model}, c.Agent.Models...)
}
}
if role.MaxTasks > 0 {
c.Agent.MaxTasks = role.MaxTasks
}
// Apply special functions for admin roles
if role.AuthorityLevel == AuthorityMaster {
// Enable SLURP functionality for admin role
c.Slurp.Enabled = true
// Add special admin capabilities
adminCaps := []string{"context_curation", "decision_ingestion", "semantic_analysis", "key_reconstruction"}
for _, cap := range adminCaps {
if !contains(c.Agent.Capabilities, cap) {
c.Agent.Capabilities = append(c.Agent.Capabilities, cap)
}
}
}
return nil
}
// GetRoleByName returns a role definition by name (case-insensitive)
func GetRoleByName(roleName string) (*RoleDefinition, error) {
roles := GetPredefinedRoles()
// Try exact match first
if role, exists := roles[roleName]; exists {
return &role, nil
}
// Try case-insensitive match
lowerRoleName := strings.ToLower(roleName)
for key, role := range roles {
if strings.ToLower(key) == lowerRoleName {
return &role, nil
}
}
return nil, fmt.Errorf("role not found: %s", roleName)
}
// GetAvailableRoles returns a list of all available role names
func GetAvailableRoles() []string {
roles := GetPredefinedRoles()
names := make([]string, 0, len(roles))
for name := range roles {
names = append(names, name)
}
return names
}
// GetRoleAuthority returns the authority level for a given role
func (c *Config) GetRoleAuthority(roleName string) (AuthorityLevel, error) {
roles := GetPredefinedRoles()
role, exists := roles[roleName]
if !exists {
return AuthorityReadOnly, fmt.Errorf("role '%s' not found", roleName)
}
return role.AuthorityLevel, nil
}
// CanDecryptRole checks if current role can decrypt content from target role
func (c *Config) CanDecryptRole(targetRole string) (bool, error) {
if c.Agent.Role == "" {
return false, fmt.Errorf("no role configured")
}
roles := GetPredefinedRoles()
currentRole, exists := roles[c.Agent.Role]
if !exists {
return false, fmt.Errorf("current role '%s' not found", c.Agent.Role)
}
// Master authority can decrypt everything
if currentRole.AuthorityLevel == AuthorityMaster {
return true, nil
}
// Check if target role is in can_decrypt list
for _, role := range currentRole.CanDecrypt {
if role == targetRole || role == "*" {
return true, nil
}
}
return false, nil
}
// IsAdminRole checks if the current agent has admin (master) authority
func (c *Config) IsAdminRole() bool {
if c.Agent.Role == "" {
return false
}
authority, err := c.GetRoleAuthority(c.Agent.Role)
if err != nil {
return false
}
return authority == AuthorityMaster
}
// CanMakeDecisions checks if current role can make permanent decisions
func (c *Config) CanMakeDecisions() bool {
if c.Agent.Role == "" {
return false
}
authority, err := c.GetRoleAuthority(c.Agent.Role)
if err != nil {
return false
}
return authority == AuthorityMaster || authority == AuthorityDecision
}
// GetDecisionScope returns the decision domains this role can decide on
func (c *Config) GetDecisionScope() []string {
if c.Agent.Role == "" {
return []string{}
}
roles := GetPredefinedRoles()
role, exists := roles[c.Agent.Role]
if !exists {
return []string{}
}
return role.DecisionScope
}
// HasSpecialFunction checks if the current role has a specific special function
func (c *Config) HasSpecialFunction(function string) bool {
if c.Agent.Role == "" {
return false
}
roles := GetPredefinedRoles()
role, exists := roles[c.Agent.Role]
if !exists {
return false
}
for _, specialFunc := range role.SpecialFunctions {
if specialFunc == function {
return true
}
}
return false
}
// contains checks if a string slice contains a value
func contains(slice []string, value string) bool {
for _, item := range slice {
if item == value {
return true
}
}
return false
}

133
pkg/config/security.go Normal file
View File

@@ -0,0 +1,133 @@
package config
import "time"
// Authority levels for roles
const (
AuthorityReadOnly = "readonly"
AuthoritySuggestion = "suggestion"
AuthorityFull = "full"
AuthorityAdmin = "admin"
)
// SecurityConfig defines security-related configuration
type SecurityConfig struct {
KeyRotationDays int `yaml:"key_rotation_days"`
AuditLogging bool `yaml:"audit_logging"`
AuditPath string `yaml:"audit_path"`
ElectionConfig ElectionConfig `yaml:"election"`
}
// ElectionConfig defines election timing and behavior settings
type ElectionConfig struct {
DiscoveryTimeout time.Duration `yaml:"discovery_timeout"`
HeartbeatTimeout time.Duration `yaml:"heartbeat_timeout"`
ElectionTimeout time.Duration `yaml:"election_timeout"`
DiscoveryBackoff time.Duration `yaml:"discovery_backoff"`
LeadershipScoring *LeadershipScoring `yaml:"leadership_scoring,omitempty"`
}
// LeadershipScoring defines weights for election scoring
type LeadershipScoring struct {
UptimeWeight float64 `yaml:"uptime_weight"`
CapabilityWeight float64 `yaml:"capability_weight"`
ExperienceWeight float64 `yaml:"experience_weight"`
LoadWeight float64 `yaml:"load_weight"`
}
// AgeKeyPair represents an Age encryption key pair
type AgeKeyPair struct {
PublicKey string `yaml:"public_key"`
PrivateKey string `yaml:"private_key"`
}
// RoleDefinition represents a role configuration
type RoleDefinition struct {
Name string `yaml:"name"`
Description string `yaml:"description"`
Capabilities []string `yaml:"capabilities"`
AccessLevel string `yaml:"access_level"`
AuthorityLevel string `yaml:"authority_level"`
Keys *AgeKeyPair `yaml:"keys,omitempty"`
AgeKeys *AgeKeyPair `yaml:"age_keys,omitempty"` // Legacy field name
CanDecrypt []string `yaml:"can_decrypt,omitempty"` // Roles this role can decrypt
}
// GetPredefinedRoles returns the predefined roles for the system
func GetPredefinedRoles() map[string]*RoleDefinition {
return map[string]*RoleDefinition{
"project_manager": {
Name: "project_manager",
Description: "Project coordination and management",
Capabilities: []string{"coordination", "planning", "oversight"},
AccessLevel: "high",
AuthorityLevel: AuthorityAdmin,
CanDecrypt: []string{"project_manager", "backend_developer", "frontend_developer", "devops_engineer", "security_engineer"},
},
"backend_developer": {
Name: "backend_developer",
Description: "Backend development and API work",
Capabilities: []string{"backend", "api", "database"},
AccessLevel: "medium",
AuthorityLevel: AuthorityFull,
CanDecrypt: []string{"backend_developer"},
},
"frontend_developer": {
Name: "frontend_developer",
Description: "Frontend UI development",
Capabilities: []string{"frontend", "ui", "components"},
AccessLevel: "medium",
AuthorityLevel: AuthorityFull,
CanDecrypt: []string{"frontend_developer"},
},
"devops_engineer": {
Name: "devops_engineer",
Description: "Infrastructure and deployment",
Capabilities: []string{"infrastructure", "deployment", "monitoring"},
AccessLevel: "high",
AuthorityLevel: AuthorityFull,
CanDecrypt: []string{"devops_engineer", "backend_developer"},
},
"security_engineer": {
Name: "security_engineer",
Description: "Security oversight and hardening",
Capabilities: []string{"security", "audit", "compliance"},
AccessLevel: "high",
AuthorityLevel: AuthorityAdmin,
CanDecrypt: []string{"security_engineer", "project_manager", "backend_developer", "frontend_developer", "devops_engineer"},
},
}
}
// CanDecryptRole checks if the current agent can decrypt content for a target role
func (c *Config) CanDecryptRole(targetRole string) (bool, error) {
roles := GetPredefinedRoles()
currentRole, exists := roles[c.Agent.Role]
if !exists {
return false, nil
}
targetRoleDef, exists := roles[targetRole]
if !exists {
return false, nil
}
// Simple access level check
currentLevel := getAccessLevelValue(currentRole.AccessLevel)
targetLevel := getAccessLevelValue(targetRoleDef.AccessLevel)
return currentLevel >= targetLevel, nil
}
func getAccessLevelValue(level string) int {
switch level {
case "low":
return 1
case "medium":
return 2
case "high":
return 3
default:
return 0
}
}

289
pkg/config/slurp_config.go
View File

@@ -1,289 +0,0 @@
package config
import (
"fmt"
"time"
)
// SlurpConfig holds SLURP event system integration configuration
type SlurpConfig struct {
// Connection settings
Enabled bool `yaml:"enabled" json:"enabled"`
BaseURL string `yaml:"base_url" json:"base_url"`
APIKey string `yaml:"api_key" json:"api_key"`
Timeout time.Duration `yaml:"timeout" json:"timeout"`
RetryCount int `yaml:"retry_count" json:"retry_count"`
RetryDelay time.Duration `yaml:"retry_delay" json:"retry_delay"`
// Event generation settings
EventGeneration EventGenerationConfig `yaml:"event_generation" json:"event_generation"`
// Project-specific event mappings
ProjectMappings map[string]ProjectEventMapping `yaml:"project_mappings" json:"project_mappings"`
// Default event settings
DefaultEventSettings DefaultEventConfig `yaml:"default_event_settings" json:"default_event_settings"`
// Batch processing settings
BatchProcessing BatchConfig `yaml:"batch_processing" json:"batch_processing"`
// Reliability settings
Reliability ReliabilityConfig `yaml:"reliability" json:"reliability"`
}
// EventGenerationConfig controls when and how SLURP events are generated
type EventGenerationConfig struct {
// Consensus requirements
MinConsensusStrength float64 `yaml:"min_consensus_strength" json:"min_consensus_strength"`
MinParticipants int `yaml:"min_participants" json:"min_participants"`
RequireUnanimity bool `yaml:"require_unanimity" json:"require_unanimity"`
// Time-based triggers
MaxDiscussionDuration time.Duration `yaml:"max_discussion_duration" json:"max_discussion_duration"`
MinDiscussionDuration time.Duration `yaml:"min_discussion_duration" json:"min_discussion_duration"`
// Event type generation rules
EnabledEventTypes []string `yaml:"enabled_event_types" json:"enabled_event_types"`
DisabledEventTypes []string `yaml:"disabled_event_types" json:"disabled_event_types"`
// Severity calculation
SeverityRules SeverityConfig `yaml:"severity_rules" json:"severity_rules"`
}
// SeverityConfig defines how to calculate event severity from HMMM discussions
type SeverityConfig struct {
// Base severity for each event type (1-10 scale)
BaseSeverity map[string]int `yaml:"base_severity" json:"base_severity"`
// Modifiers based on discussion characteristics
ParticipantMultiplier float64 `yaml:"participant_multiplier" json:"participant_multiplier"`
DurationMultiplier float64 `yaml:"duration_multiplier" json:"duration_multiplier"`
UrgencyKeywords []string `yaml:"urgency_keywords" json:"urgency_keywords"`
UrgencyBoost int `yaml:"urgency_boost" json:"urgency_boost"`
// Severity caps
MinSeverity int `yaml:"min_severity" json:"min_severity"`
MaxSeverity int `yaml:"max_severity" json:"max_severity"`
}
// ProjectEventMapping defines project-specific event mapping rules
type ProjectEventMapping struct {
ProjectPath string `yaml:"project_path" json:"project_path"`
CustomEventTypes map[string]string `yaml:"custom_event_types" json:"custom_event_types"`
SeverityOverrides map[string]int `yaml:"severity_overrides" json:"severity_overrides"`
AdditionalMetadata map[string]interface{} `yaml:"additional_metadata" json:"additional_metadata"`
EventFilters []EventFilter `yaml:"event_filters" json:"event_filters"`
}
// EventFilter defines conditions for filtering or modifying events
type EventFilter struct {
Name string `yaml:"name" json:"name"`
Conditions map[string]string `yaml:"conditions" json:"conditions"`
Action string `yaml:"action" json:"action"` // "allow", "deny", "modify"
Modifications map[string]string `yaml:"modifications" json:"modifications"`
}
// DefaultEventConfig provides default settings for generated events
type DefaultEventConfig struct {
DefaultSeverity int `yaml:"default_severity" json:"default_severity"`
DefaultCreatedBy string `yaml:"default_created_by" json:"default_created_by"`
DefaultTags []string `yaml:"default_tags" json:"default_tags"`
MetadataTemplate map[string]string `yaml:"metadata_template" json:"metadata_template"`
}
// BatchConfig controls batch processing of SLURP events
type BatchConfig struct {
Enabled bool `yaml:"enabled" json:"enabled"`
MaxBatchSize int `yaml:"max_batch_size" json:"max_batch_size"`
MaxBatchWait time.Duration `yaml:"max_batch_wait" json:"max_batch_wait"`
FlushOnShutdown bool `yaml:"flush_on_shutdown" json:"flush_on_shutdown"`
}
// ReliabilityConfig controls reliability features (idempotency, circuit breaker, DLQ)
type ReliabilityConfig struct {
// Circuit breaker settings
MaxFailures int `yaml:"max_failures" json:"max_failures"`
CooldownPeriod time.Duration `yaml:"cooldown_period" json:"cooldown_period"`
HalfOpenTimeout time.Duration `yaml:"half_open_timeout" json:"half_open_timeout"`
// Idempotency settings
IdempotencyWindow time.Duration `yaml:"idempotency_window" json:"idempotency_window"`
// Dead letter queue settings
DLQDirectory string `yaml:"dlq_directory" json:"dlq_directory"`
MaxRetries int `yaml:"max_retries" json:"max_retries"`
RetryInterval time.Duration `yaml:"retry_interval" json:"retry_interval"`
// Backoff settings
InitialBackoff time.Duration `yaml:"initial_backoff" json:"initial_backoff"`
MaxBackoff time.Duration `yaml:"max_backoff" json:"max_backoff"`
BackoffMultiplier float64 `yaml:"backoff_multiplier" json:"backoff_multiplier"`
JitterFactor float64 `yaml:"jitter_factor" json:"jitter_factor"`
}
// HmmmToSlurpMapping defines the mapping between HMMM discussion outcomes and SLURP event types
type HmmmToSlurpMapping struct {
// Consensus types to SLURP event types
ConsensusApproval string `yaml:"consensus_approval" json:"consensus_approval"` // -> "approval"
RiskIdentified string `yaml:"risk_identified" json:"risk_identified"` // -> "warning"
CriticalBlocker string `yaml:"critical_blocker" json:"critical_blocker"` // -> "blocker"
PriorityChange string `yaml:"priority_change" json:"priority_change"` // -> "priority_change"
AccessRequest string `yaml:"access_request" json:"access_request"` // -> "access_update"
ArchitectureDecision string `yaml:"architecture_decision" json:"architecture_decision"` // -> "structural_change"
InformationShare string `yaml:"information_share" json:"information_share"` // -> "announcement"
// Keywords that trigger specific event types
ApprovalKeywords []string `yaml:"approval_keywords" json:"approval_keywords"`
WarningKeywords []string `yaml:"warning_keywords" json:"warning_keywords"`
BlockerKeywords []string `yaml:"blocker_keywords" json:"blocker_keywords"`
PriorityKeywords []string `yaml:"priority_keywords" json:"priority_keywords"`
AccessKeywords []string `yaml:"access_keywords" json:"access_keywords"`
StructuralKeywords []string `yaml:"structural_keywords" json:"structural_keywords"`
AnnouncementKeywords []string `yaml:"announcement_keywords" json:"announcement_keywords"`
}
// GetDefaultSlurpConfig returns default SLURP configuration
func GetDefaultSlurpConfig() SlurpConfig {
return SlurpConfig{
Enabled: false, // Disabled by default until configured
BaseURL: "http://localhost:8080",
Timeout: 30 * time.Second,
RetryCount: 3,
RetryDelay: 5 * time.Second,
EventGeneration: EventGenerationConfig{
MinConsensusStrength: 0.7,
MinParticipants: 2,
RequireUnanimity: false,
MaxDiscussionDuration: 30 * time.Minute,
MinDiscussionDuration: 1 * time.Minute,
EnabledEventTypes: []string{
"announcement", "warning", "blocker", "approval",
"priority_change", "access_update", "structural_change",
},
DisabledEventTypes: []string{},
SeverityRules: SeverityConfig{
BaseSeverity: map[string]int{
"announcement": 3,
"warning": 5,
"blocker": 8,
"approval": 4,
"priority_change": 6,
"access_update": 5,
"structural_change": 7,
},
ParticipantMultiplier: 0.2,
DurationMultiplier: 0.1,
UrgencyKeywords: []string{"urgent", "critical", "blocker", "emergency", "immediate"},
UrgencyBoost: 2,
MinSeverity: 1,
MaxSeverity: 10,
},
},
ProjectMappings: make(map[string]ProjectEventMapping),
DefaultEventSettings: DefaultEventConfig{
DefaultSeverity: 5,
DefaultCreatedBy: "hmmm-consensus",
DefaultTags: []string{"hmmm-generated", "automated"},
MetadataTemplate: map[string]string{
"source": "hmmm-discussion",
"generation_type": "consensus-based",
},
},
BatchProcessing: BatchConfig{
Enabled: true,
MaxBatchSize: 10,
MaxBatchWait: 5 * time.Second,
FlushOnShutdown: true,
},
Reliability: ReliabilityConfig{
// Circuit breaker: allow 5 consecutive failures before opening for 1 minute
MaxFailures: 5,
CooldownPeriod: 1 * time.Minute,
HalfOpenTimeout: 30 * time.Second,
// Idempotency: 1-hour window to catch duplicate events
IdempotencyWindow: 1 * time.Hour,
// DLQ: retry up to 3 times with exponential backoff
DLQDirectory: "./data/slurp_dlq",
MaxRetries: 3,
RetryInterval: 30 * time.Second,
// Backoff: start with 1s, max 5min, 2x multiplier, ±25% jitter
InitialBackoff: 1 * time.Second,
MaxBackoff: 5 * time.Minute,
BackoffMultiplier: 2.0,
JitterFactor: 0.25,
},
}
}
// GetHmmmToSlurpMapping returns the default mapping configuration
func GetHmmmToSlurpMapping() HmmmToSlurpMapping {
return HmmmToSlurpMapping{
ConsensusApproval: "approval",
RiskIdentified: "warning",
CriticalBlocker: "blocker",
PriorityChange: "priority_change",
AccessRequest: "access_update",
ArchitectureDecision: "structural_change",
InformationShare: "announcement",
ApprovalKeywords: []string{"approve", "approved", "looks good", "lgtm", "accepted", "agree"},
WarningKeywords: []string{"warning", "caution", "risk", "potential issue", "concern", "careful"},
BlockerKeywords: []string{"blocker", "blocked", "critical", "urgent", "cannot proceed", "show stopper"},
PriorityKeywords: []string{"priority", "urgent", "high priority", "low priority", "reprioritize"},
AccessKeywords: []string{"access", "permission", "auth", "authorization", "credentials", "token"},
StructuralKeywords: []string{"architecture", "structure", "design", "refactor", "framework", "pattern"},
AnnouncementKeywords: []string{"announce", "fyi", "information", "update", "news", "notice"},
}
}
// ValidateSlurpConfig validates SLURP configuration
func ValidateSlurpConfig(config SlurpConfig) error {
if config.Enabled {
if config.BaseURL == "" {
return fmt.Errorf("slurp.base_url is required when SLURP is enabled")
}
if config.EventGeneration.MinConsensusStrength < 0 || config.EventGeneration.MinConsensusStrength > 1 {
return fmt.Errorf("slurp.event_generation.min_consensus_strength must be between 0 and 1")
}
if config.EventGeneration.MinParticipants < 1 {
return fmt.Errorf("slurp.event_generation.min_participants must be at least 1")
}
if config.DefaultEventSettings.DefaultSeverity < 1 || config.DefaultEventSettings.DefaultSeverity > 10 {
return fmt.Errorf("slurp.default_event_settings.default_severity must be between 1 and 10")
}
// Validate reliability settings
if config.Reliability.MaxFailures < 1 {
return fmt.Errorf("slurp.reliability.max_failures must be at least 1")
}
if config.Reliability.CooldownPeriod <= 0 {
return fmt.Errorf("slurp.reliability.cooldown_period must be positive")
}
if config.Reliability.IdempotencyWindow <= 0 {
return fmt.Errorf("slurp.reliability.idempotency_window must be positive")
}
if config.Reliability.MaxRetries < 0 {
return fmt.Errorf("slurp.reliability.max_retries cannot be negative")
}
if config.Reliability.BackoffMultiplier <= 1.0 {
return fmt.Errorf("slurp.reliability.backoff_multiplier must be greater than 1.0")
}
}
return nil
}