tony/CHORUS
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

Align SLURP access control with config authority levels

Browse Source
This commit is contained in:
anthonyrawlins
2025-09-27 15:33:23 +10:00
parent 0b670a535d
commit a99469f346
3 changed files with 157 additions and 148 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/config/config.go
View File

@@ -274,14 +274,13 @@ func (c *Config) ApplyRoleDefinition(role string) error {
} }
// GetRoleAuthority returns the authority level for a role (from CHORUS) // GetRoleAuthority returns the authority level for a role (from CHORUS)
func (c *Config) GetRoleAuthority(role string) (string, error) { func (c *Config) GetRoleAuthority(role string) (AuthorityLevel, error) {
// This would contain the authority mapping from CHORUS roles := GetPredefinedRoles()
switch role { if def, ok := roles[role]; ok {
case "admin": return def.AuthorityLevel, nil
return "master", nil
default:
return "member", nil
} }
return AuthorityReadOnly, fmt.Errorf("unknown role: %s", role)
} }
// Helper functions for environment variable parsing // Helper functions for environment variable parsing

48
pkg/config/security.go
View File

@@ -2,12 +2,18 @@ package config
import "time" import "time"
// Authority levels for roles // AuthorityLevel represents the privilege tier associated with a role.
type AuthorityLevel string
// Authority levels for roles (aligned with CHORUS hierarchy).
const ( const (
AuthorityReadOnly = "readonly" AuthorityMaster AuthorityLevel = "master"
AuthoritySuggestion = "suggestion" AuthorityAdmin AuthorityLevel = "admin"
AuthorityFull = "full" AuthorityDecision AuthorityLevel = "decision"
AuthorityAdmin = "admin" AuthorityCoordination AuthorityLevel = "coordination"
AuthorityFull AuthorityLevel = "full"
AuthoritySuggestion AuthorityLevel = "suggestion"
AuthorityReadOnly AuthorityLevel = "readonly"
) )
// SecurityConfig defines security-related configuration // SecurityConfig defines security-related configuration
@@ -43,14 +49,14 @@ type AgeKeyPair struct {
// RoleDefinition represents a role configuration // RoleDefinition represents a role configuration
type RoleDefinition struct { type RoleDefinition struct {
Name string `yaml:"name"` Name string `yaml:"name"`
Description string `yaml:"description"` Description string `yaml:"description"`
Capabilities []string `yaml:"capabilities"` Capabilities []string `yaml:"capabilities"`
AccessLevel string `yaml:"access_level"` AccessLevel string `yaml:"access_level"`
AuthorityLevel string `yaml:"authority_level"` AuthorityLevel AuthorityLevel `yaml:"authority_level"`
Keys *AgeKeyPair `yaml:"keys,omitempty"` Keys *AgeKeyPair `yaml:"keys,omitempty"`
AgeKeys *AgeKeyPair `yaml:"age_keys,omitempty"` // Legacy field name AgeKeys *AgeKeyPair `yaml:"age_keys,omitempty"` // Legacy field name
CanDecrypt []string `yaml:"can_decrypt,omitempty"` // Roles this role can decrypt CanDecrypt []string `yaml:"can_decrypt,omitempty"` // Roles this role can decrypt
} }
// GetPredefinedRoles returns the predefined roles for the system // GetPredefinedRoles returns the predefined roles for the system
@@ -61,7 +67,7 @@ func GetPredefinedRoles() map[string]*RoleDefinition {
Description: "Project coordination and management", Description: "Project coordination and management",
Capabilities: []string{"coordination", "planning", "oversight"}, Capabilities: []string{"coordination", "planning", "oversight"},
AccessLevel: "high", AccessLevel: "high",
AuthorityLevel: AuthorityAdmin, AuthorityLevel: AuthorityMaster,
CanDecrypt: []string{"project_manager", "backend_developer", "frontend_developer", "devops_engineer", "security_engineer"}, CanDecrypt: []string{"project_manager", "backend_developer", "frontend_developer", "devops_engineer", "security_engineer"},
}, },
"backend_developer": { "backend_developer": {
@@ -69,7 +75,7 @@ func GetPredefinedRoles() map[string]*RoleDefinition {
Description: "Backend development and API work", Description: "Backend development and API work",
Capabilities: []string{"backend", "api", "database"}, Capabilities: []string{"backend", "api", "database"},
AccessLevel: "medium", AccessLevel: "medium",
AuthorityLevel: AuthorityFull, AuthorityLevel: AuthorityDecision,
CanDecrypt: []string{"backend_developer"}, CanDecrypt: []string{"backend_developer"},
}, },
"frontend_developer": { "frontend_developer": {
@@ -77,7 +83,7 @@ func GetPredefinedRoles() map[string]*RoleDefinition {
Description: "Frontend UI development", Description: "Frontend UI development",
Capabilities: []string{"frontend", "ui", "components"}, Capabilities: []string{"frontend", "ui", "components"},
AccessLevel: "medium", AccessLevel: "medium",
AuthorityLevel: AuthorityFull, AuthorityLevel: AuthorityCoordination,
CanDecrypt: []string{"frontend_developer"}, CanDecrypt: []string{"frontend_developer"},
}, },
"devops_engineer": { "devops_engineer": {
@@ -85,7 +91,7 @@ func GetPredefinedRoles() map[string]*RoleDefinition {
Description: "Infrastructure and deployment", Description: "Infrastructure and deployment",
Capabilities: []string{"infrastructure", "deployment", "monitoring"}, Capabilities: []string{"infrastructure", "deployment", "monitoring"},
AccessLevel: "high", AccessLevel: "high",
AuthorityLevel: AuthorityFull, AuthorityLevel: AuthorityDecision,
CanDecrypt: []string{"devops_engineer", "backend_developer"}, CanDecrypt: []string{"devops_engineer", "backend_developer"},
}, },
"security_engineer": { "security_engineer": {
@@ -93,7 +99,7 @@ func GetPredefinedRoles() map[string]*RoleDefinition {
Description: "Security oversight and hardening", Description: "Security oversight and hardening",
Capabilities: []string{"security", "audit", "compliance"}, Capabilities: []string{"security", "audit", "compliance"},
AccessLevel: "high", AccessLevel: "high",
AuthorityLevel: AuthorityAdmin, AuthorityLevel: AuthorityMaster,
CanDecrypt: []string{"security_engineer", "project_manager", "backend_developer", "frontend_developer", "devops_engineer"}, CanDecrypt: []string{"security_engineer", "project_manager", "backend_developer", "frontend_developer", "devops_engineer"},
}, },
"security_expert": { "security_expert": {
@@ -101,7 +107,7 @@ func GetPredefinedRoles() map[string]*RoleDefinition {
Description: "Advanced security analysis and policy work", Description: "Advanced security analysis and policy work",
Capabilities: []string{"security", "policy", "response"}, Capabilities: []string{"security", "policy", "response"},
AccessLevel: "high", AccessLevel: "high",
AuthorityLevel: AuthorityAdmin, AuthorityLevel: AuthorityMaster,
CanDecrypt: []string{"security_expert", "security_engineer", "project_manager"}, CanDecrypt: []string{"security_expert", "security_engineer", "project_manager"},
}, },
"senior_software_architect": { "senior_software_architect": {
@@ -109,7 +115,7 @@ func GetPredefinedRoles() map[string]*RoleDefinition {
Description: "Architecture governance and system design", Description: "Architecture governance and system design",
Capabilities: []string{"architecture", "design", "coordination"}, Capabilities: []string{"architecture", "design", "coordination"},
AccessLevel: "high", AccessLevel: "high",
AuthorityLevel: AuthorityAdmin, AuthorityLevel: AuthorityDecision,
CanDecrypt: []string{"senior_software_architect", "project_manager", "backend_developer", "frontend_developer"}, CanDecrypt: []string{"senior_software_architect", "project_manager", "backend_developer", "frontend_developer"},
}, },
"qa_engineer": { "qa_engineer": {
@@ -117,7 +123,7 @@ func GetPredefinedRoles() map[string]*RoleDefinition {
Description: "Quality assurance and testing", Description: "Quality assurance and testing",
Capabilities: []string{"testing", "validation"}, Capabilities: []string{"testing", "validation"},
AccessLevel: "medium", AccessLevel: "medium",
AuthorityLevel: AuthorityFull, AuthorityLevel: AuthorityCoordination,
CanDecrypt: []string{"qa_engineer", "backend_developer", "frontend_developer"}, CanDecrypt: []string{"qa_engineer", "backend_developer", "frontend_developer"},
}, },
"readonly_user": { "readonly_user": {

244
pkg/slurp/context/types.go
View File

@@ -4,8 +4,8 @@ import (
"fmt" "fmt"
"time" "time"
"chorus/pkg/ucxl"
"chorus/pkg/config" "chorus/pkg/config"
"chorus/pkg/ucxl"
) )
// ContextNode represents a hierarchical context node in the SLURP system. // ContextNode represents a hierarchical context node in the SLURP system.
@@ -19,25 +19,25 @@ type ContextNode struct {
UCXLAddress ucxl.Address `json:"ucxl_address"` // Associated UCXL address UCXLAddress ucxl.Address `json:"ucxl_address"` // Associated UCXL address
Summary string `json:"summary"` // Brief description Summary string `json:"summary"` // Brief description
Purpose string `json:"purpose"` // What this component does Purpose string `json:"purpose"` // What this component does
// Context metadata // Context metadata
Technologies []string `json:"technologies"` // Technologies used Technologies []string `json:"technologies"` // Technologies used
Tags []string `json:"tags"` // Categorization tags Tags []string `json:"tags"` // Categorization tags
Insights []string `json:"insights"` // Analytical insights Insights []string `json:"insights"` // Analytical insights
// Hierarchy control // Hierarchy control
OverridesParent bool `json:"overrides_parent"` // Whether this overrides parent context OverridesParent bool `json:"overrides_parent"` // Whether this overrides parent context
ContextSpecificity int `json:"context_specificity"` // Specificity level (higher = more specific) ContextSpecificity int `json:"context_specificity"` // Specificity level (higher = more specific)
AppliesToChildren bool `json:"applies_to_children"` // Whether this applies to child directories AppliesToChildren bool `json:"applies_to_children"` // Whether this applies to child directories
// Metadata // Metadata
GeneratedAt time.Time `json:"generated_at"` // When context was generated GeneratedAt time.Time `json:"generated_at"` // When context was generated
RAGConfidence float64 `json:"rag_confidence"` // RAG system confidence (0-1) RAGConfidence float64 `json:"rag_confidence"` // RAG system confidence (0-1)
// Access control // Access control
EncryptedFor []string `json:"encrypted_for"` // Roles that can access EncryptedFor []string `json:"encrypted_for"` // Roles that can access
AccessLevel RoleAccessLevel `json:"access_level"` // Required access level AccessLevel RoleAccessLevel `json:"access_level"` // Required access level
// Custom metadata // Custom metadata
Metadata map[string]interface{} `json:"metadata,omitempty"` // Additional metadata Metadata map[string]interface{} `json:"metadata,omitempty"` // Additional metadata
} }
@@ -47,11 +47,11 @@ type ContextNode struct {
type RoleAccessLevel int type RoleAccessLevel int
const ( const (
AccessPublic RoleAccessLevel = iota // Anyone can access AccessPublic RoleAccessLevel = iota // Anyone can access
AccessLow // Basic role access AccessLow // Basic role access
AccessMedium // Coordination role access AccessMedium // Coordination role access
AccessHigh // Decision role access AccessHigh // Decision role access
AccessCritical // Master role access only AccessCritical // Master role access only
) )
// EncryptedContext represents role-encrypted context data for DHT storage // EncryptedContext represents role-encrypted context data for DHT storage
@@ -75,26 +75,26 @@ type ResolvedContext struct {
Technologies []string `json:"technologies"` // Merged technologies Technologies []string `json:"technologies"` // Merged technologies
Tags []string `json:"tags"` // Merged tags Tags []string `json:"tags"` // Merged tags
Insights []string `json:"insights"` // Merged insights Insights []string `json:"insights"` // Merged insights
// Resolution metadata // Resolution metadata
ContextSourcePath string `json:"context_source_path"` // Primary source context path ContextSourcePath string `json:"context_source_path"` // Primary source context path
InheritanceChain []string `json:"inheritance_chain"` // Context inheritance chain InheritanceChain []string `json:"inheritance_chain"` // Context inheritance chain
ResolutionConfidence float64 `json:"resolution_confidence"` // Overall confidence (0-1) ResolutionConfidence float64 `json:"resolution_confidence"` // Overall confidence (0-1)
BoundedDepth int `json:"bounded_depth"` // Actual traversal depth used BoundedDepth int `json:"bounded_depth"` // Actual traversal depth used
GlobalContextsApplied bool `json:"global_contexts_applied"` // Whether global contexts were applied GlobalContextsApplied bool `json:"global_contexts_applied"` // Whether global contexts were applied
ResolvedAt time.Time `json:"resolved_at"` // When resolution occurred ResolvedAt time.Time `json:"resolved_at"` // When resolution occurred
} }
// ResolutionStatistics represents statistics about context resolution operations // ResolutionStatistics represents statistics about context resolution operations
type ResolutionStatistics struct { type ResolutionStatistics struct {
ContextNodes int `json:"context_nodes"` // Total context nodes in hierarchy ContextNodes int `json:"context_nodes"` // Total context nodes in hierarchy
GlobalContexts int `json:"global_contexts"` // Number of global contexts GlobalContexts int `json:"global_contexts"` // Number of global contexts
MaxHierarchyDepth int `json:"max_hierarchy_depth"` // Maximum hierarchy depth allowed MaxHierarchyDepth int `json:"max_hierarchy_depth"` // Maximum hierarchy depth allowed
CachedResolutions int `json:"cached_resolutions"` // Number of cached resolutions CachedResolutions int `json:"cached_resolutions"` // Number of cached resolutions
TotalResolutions int `json:"total_resolutions"` // Total resolution operations TotalResolutions int `json:"total_resolutions"` // Total resolution operations
AverageDepth float64 `json:"average_depth"` // Average traversal depth AverageDepth float64 `json:"average_depth"` // Average traversal depth
CacheHitRate float64 `json:"cache_hit_rate"` // Cache hit rate (0-1) CacheHitRate float64 `json:"cache_hit_rate"` // Cache hit rate (0-1)
LastResetAt time.Time `json:"last_reset_at"` // When stats were last reset LastResetAt time.Time `json:"last_reset_at"` // When stats were last reset
} }
// ContextScope defines the scope of a context node's application // ContextScope defines the scope of a context node's application
@@ -108,25 +108,25 @@ const (
// HierarchyStats represents statistics about hierarchy operations // HierarchyStats represents statistics about hierarchy operations
type HierarchyStats struct { type HierarchyStats struct {
NodesCreated int `json:"nodes_created"` // Number of nodes created NodesCreated int `json:"nodes_created"` // Number of nodes created
NodesUpdated int `json:"nodes_updated"` // Number of nodes updated NodesUpdated int `json:"nodes_updated"` // Number of nodes updated
FilesAnalyzed int `json:"files_analyzed"` // Number of files analyzed FilesAnalyzed int `json:"files_analyzed"` // Number of files analyzed
DirectoriesScanned int `json:"directories_scanned"` // Number of directories scanned DirectoriesScanned int `json:"directories_scanned"` // Number of directories scanned
GenerationTime time.Duration `json:"generation_time"` // Time taken for generation GenerationTime time.Duration `json:"generation_time"` // Time taken for generation
AverageConfidence float64 `json:"average_confidence"` // Average confidence score AverageConfidence float64 `json:"average_confidence"` // Average confidence score
TotalSize int64 `json:"total_size"` // Total size of analyzed content TotalSize int64 `json:"total_size"` // Total size of analyzed content
SkippedFiles int `json:"skipped_files"` // Number of files skipped SkippedFiles int `json:"skipped_files"` // Number of files skipped
Errors []string `json:"errors"` // Generation errors Errors []string `json:"errors"` // Generation errors
} }
// CacheEntry represents a cached context resolution // CacheEntry represents a cached context resolution
type CacheEntry struct { type CacheEntry struct {
Key string `json:"key"` // Cache key Key string `json:"key"` // Cache key
ResolvedCtx *ResolvedContext `json:"resolved_ctx"` // Cached resolved context ResolvedCtx *ResolvedContext `json:"resolved_ctx"` // Cached resolved context
CreatedAt time.Time `json:"created_at"` // When cached CreatedAt time.Time `json:"created_at"` // When cached
ExpiresAt time.Time `json:"expires_at"` // When cache expires ExpiresAt time.Time `json:"expires_at"` // When cache expires
AccessCount int `json:"access_count"` // Number of times accessed AccessCount int `json:"access_count"` // Number of times accessed
LastAccessed time.Time `json:"last_accessed"` // When last accessed LastAccessed time.Time `json:"last_accessed"` // When last accessed
} }
// ValidationResult represents the result of context validation // ValidationResult represents the result of context validation
@@ -149,13 +149,13 @@ type ValidationIssue struct {
// MergeOptions defines options for merging contexts during resolution // MergeOptions defines options for merging contexts during resolution
type MergeOptions struct { type MergeOptions struct {
PreferParent bool `json:"prefer_parent"` // Prefer parent values over child PreferParent bool `json:"prefer_parent"` // Prefer parent values over child
MergeTechnologies bool `json:"merge_technologies"` // Merge technology lists MergeTechnologies bool `json:"merge_technologies"` // Merge technology lists
MergeTags bool `json:"merge_tags"` // Merge tag lists MergeTags bool `json:"merge_tags"` // Merge tag lists
MergeInsights bool `json:"merge_insights"` // Merge insight lists MergeInsights bool `json:"merge_insights"` // Merge insight lists
ExcludedFields []string `json:"excluded_fields"` // Fields to exclude from merge ExcludedFields []string `json:"excluded_fields"` // Fields to exclude from merge
WeightParentByDepth bool `json:"weight_parent_by_depth"` // Weight parent influence by depth WeightParentByDepth bool `json:"weight_parent_by_depth"` // Weight parent influence by depth
MinConfidenceThreshold float64 `json:"min_confidence_threshold"` // Minimum confidence to include MinConfidenceThreshold float64 `json:"min_confidence_threshold"` // Minimum confidence to include
} }
// BatchResolutionRequest represents a batch resolution request // BatchResolutionRequest represents a batch resolution request
@@ -178,12 +178,12 @@ type BatchResolutionResult struct {
// ContextError represents a context-related error with structured information // ContextError represents a context-related error with structured information
type ContextError struct { type ContextError struct {
Type string `json:"type"` // Error type (validation, resolution, access, etc.) Type string `json:"type"` // Error type (validation, resolution, access, etc.)
Message string `json:"message"` // Human-readable error message Message string `json:"message"` // Human-readable error message
Code string `json:"code"` // Machine-readable error code Code string `json:"code"` // Machine-readable error code
Address *ucxl.Address `json:"address"` // Related UCXL address if applicable Address *ucxl.Address `json:"address"` // Related UCXL address if applicable
Context map[string]string `json:"context"` // Additional context information Context map[string]string `json:"context"` // Additional context information
Underlying error `json:"underlying"` // Underlying error if any Underlying error `json:"underlying"` // Underlying error if any
} }
func (e *ContextError) Error() string { func (e *ContextError) Error() string {
@@ -199,34 +199,34 @@ func (e *ContextError) Unwrap() error {
// Common error types and codes // Common error types and codes
const ( const (
ErrorTypeValidation = "validation" ErrorTypeValidation = "validation"
ErrorTypeResolution = "resolution" ErrorTypeResolution = "resolution"
ErrorTypeAccess = "access" ErrorTypeAccess = "access"
ErrorTypeStorage = "storage" ErrorTypeStorage = "storage"
ErrorTypeEncryption = "encryption" ErrorTypeEncryption = "encryption"
ErrorTypeDHT = "dht" ErrorTypeDHT = "dht"
ErrorTypeHierarchy = "hierarchy" ErrorTypeHierarchy = "hierarchy"
ErrorTypeCache = "cache" ErrorTypeCache = "cache"
ErrorTypeTemporalGraph = "temporal_graph" ErrorTypeTemporalGraph = "temporal_graph"
ErrorTypeIntelligence = "intelligence" ErrorTypeIntelligence = "intelligence"
) )
const ( const (
ErrorCodeInvalidAddress = "invalid_address" ErrorCodeInvalidAddress = "invalid_address"
ErrorCodeInvalidContext = "invalid_context" ErrorCodeInvalidContext = "invalid_context"
ErrorCodeInvalidRole = "invalid_role" ErrorCodeInvalidRole = "invalid_role"
ErrorCodeAccessDenied = "access_denied" ErrorCodeAccessDenied = "access_denied"
ErrorCodeNotFound = "not_found" ErrorCodeNotFound = "not_found"
ErrorCodeDepthExceeded = "depth_exceeded" ErrorCodeDepthExceeded = "depth_exceeded"
ErrorCodeCycleDetected = "cycle_detected" ErrorCodeCycleDetected = "cycle_detected"
ErrorCodeEncryptionFailed = "encryption_failed" ErrorCodeEncryptionFailed = "encryption_failed"
ErrorCodeDecryptionFailed = "decryption_failed" ErrorCodeDecryptionFailed = "decryption_failed"
ErrorCodeDHTError = "dht_error" ErrorCodeDHTError = "dht_error"
ErrorCodeCacheError = "cache_error" ErrorCodeCacheError = "cache_error"
ErrorCodeStorageError = "storage_error" ErrorCodeStorageError = "storage_error"
ErrorCodeInvalidConfig = "invalid_config" ErrorCodeInvalidConfig = "invalid_config"
ErrorCodeTimeout = "timeout" ErrorCodeTimeout = "timeout"
ErrorCodeInternalError = "internal_error" ErrorCodeInternalError = "internal_error"
) )
// NewContextError creates a new context error with structured information // NewContextError creates a new context error with structured information
@@ -292,7 +292,7 @@ func ParseRoleAccessLevel(level string) (RoleAccessLevel, error) {
case "critical": case "critical":
return AccessCritical, nil return AccessCritical, nil
default: default:
return AccessPublic, NewContextError(ErrorTypeValidation, ErrorCodeInvalidRole, return AccessPublic, NewContextError(ErrorTypeValidation, ErrorCodeInvalidRole,
fmt.Sprintf("invalid role access level: %s", level)) fmt.Sprintf("invalid role access level: %s", level))
} }
} }
@@ -302,8 +302,12 @@ func AuthorityToAccessLevel(authority config.AuthorityLevel) RoleAccessLevel {
switch authority { switch authority {
case config.AuthorityMaster: case config.AuthorityMaster:
return AccessCritical return AccessCritical
case config.AuthorityAdmin:
return AccessCritical
case config.AuthorityDecision: case config.AuthorityDecision:
return AccessHigh return AccessHigh
case config.AuthorityFull:
return AccessHigh
case config.AuthorityCoordination: case config.AuthorityCoordination:
return AccessMedium return AccessMedium
case config.AuthoritySuggestion: case config.AuthoritySuggestion:
@@ -322,23 +326,23 @@ func (cn *ContextNode) Validate() error {
} }
if err := cn.UCXLAddress.Validate(); err != nil { if err := cn.UCXLAddress.Validate(); err != nil {
return NewContextError(ErrorTypeValidation, ErrorCodeInvalidAddress, return NewContextError(ErrorTypeValidation, ErrorCodeInvalidAddress,
"invalid UCXL address").WithUnderlying(err).WithAddress(cn.UCXLAddress) "invalid UCXL address").WithUnderlying(err).WithAddress(cn.UCXLAddress)
} }
if cn.Summary == "" { if cn.Summary == "" {
return NewContextError(ErrorTypeValidation, ErrorCodeInvalidContext, return NewContextError(ErrorTypeValidation, ErrorCodeInvalidContext,
"context summary cannot be empty").WithAddress(cn.UCXLAddress) "context summary cannot be empty").WithAddress(cn.UCXLAddress)
} }
if cn.RAGConfidence < 0 || cn.RAGConfidence > 1 { if cn.RAGConfidence < 0 || cn.RAGConfidence > 1 {
return NewContextError(ErrorTypeValidation, ErrorCodeInvalidContext, return NewContextError(ErrorTypeValidation, ErrorCodeInvalidContext,
"RAG confidence must be between 0 and 1").WithAddress(cn.UCXLAddress). "RAG confidence must be between 0 and 1").WithAddress(cn.UCXLAddress).
WithContext("confidence", fmt.Sprintf("%.2f", cn.RAGConfidence)) WithContext("confidence", fmt.Sprintf("%.2f", cn.RAGConfidence))
} }
if cn.ContextSpecificity < 0 { if cn.ContextSpecificity < 0 {
return NewContextError(ErrorTypeValidation, ErrorCodeInvalidContext, return NewContextError(ErrorTypeValidation, ErrorCodeInvalidContext,
"context specificity cannot be negative").WithAddress(cn.UCXLAddress). "context specificity cannot be negative").WithAddress(cn.UCXLAddress).
WithContext("specificity", fmt.Sprintf("%d", cn.ContextSpecificity)) WithContext("specificity", fmt.Sprintf("%d", cn.ContextSpecificity))
} }
@@ -346,7 +350,7 @@ func (cn *ContextNode) Validate() error {
// Validate role access levels // Validate role access levels
for _, role := range cn.EncryptedFor { for _, role := range cn.EncryptedFor {
if role == "" { if role == "" {
return NewContextError(ErrorTypeValidation, ErrorCodeInvalidRole, return NewContextError(ErrorTypeValidation, ErrorCodeInvalidRole,
"encrypted_for roles cannot be empty").WithAddress(cn.UCXLAddress) "encrypted_for roles cannot be empty").WithAddress(cn.UCXLAddress)
} }
} }
@@ -354,32 +358,32 @@ func (cn *ContextNode) Validate() error {
return nil return nil
} }
// Validate validates a ResolvedContext for consistency and completeness // Validate validates a ResolvedContext for consistency and completeness
func (rc *ResolvedContext) Validate() error { func (rc *ResolvedContext) Validate() error {
if err := rc.UCXLAddress.Validate(); err != nil { if err := rc.UCXLAddress.Validate(); err != nil {
return NewContextError(ErrorTypeValidation, ErrorCodeInvalidAddress, return NewContextError(ErrorTypeValidation, ErrorCodeInvalidAddress,
"invalid UCXL address in resolved context").WithUnderlying(err).WithAddress(rc.UCXLAddress) "invalid UCXL address in resolved context").WithUnderlying(err).WithAddress(rc.UCXLAddress)
} }
if rc.Summary == "" { if rc.Summary == "" {
return NewContextError(ErrorTypeValidation, ErrorCodeInvalidContext, return NewContextError(ErrorTypeValidation, ErrorCodeInvalidContext,
"resolved context summary cannot be empty").WithAddress(rc.UCXLAddress) "resolved context summary cannot be empty").WithAddress(rc.UCXLAddress)
} }
if rc.ResolutionConfidence < 0 || rc.ResolutionConfidence > 1 { if rc.ResolutionConfidence < 0 || rc.ResolutionConfidence > 1 {
return NewContextError(ErrorTypeValidation, ErrorCodeInvalidContext, return NewContextError(ErrorTypeValidation, ErrorCodeInvalidContext,
"resolution confidence must be between 0 and 1").WithAddress(rc.UCXLAddress). "resolution confidence must be between 0 and 1").WithAddress(rc.UCXLAddress).
WithContext("confidence", fmt.Sprintf("%.2f", rc.ResolutionConfidence)) WithContext("confidence", fmt.Sprintf("%.2f", rc.ResolutionConfidence))
} }
if rc.BoundedDepth < 0 { if rc.BoundedDepth < 0 {
return NewContextError(ErrorTypeValidation, ErrorCodeInvalidContext, return NewContextError(ErrorTypeValidation, ErrorCodeInvalidContext,
"bounded depth cannot be negative").WithAddress(rc.UCXLAddress). "bounded depth cannot be negative").WithAddress(rc.UCXLAddress).
WithContext("depth", fmt.Sprintf("%d", rc.BoundedDepth)) WithContext("depth", fmt.Sprintf("%d", rc.BoundedDepth))
} }
if rc.ContextSourcePath == "" { if rc.ContextSourcePath == "" {
return NewContextError(ErrorTypeValidation, ErrorCodeInvalidContext, return NewContextError(ErrorTypeValidation, ErrorCodeInvalidContext,
"context source path cannot be empty").WithAddress(rc.UCXLAddress) "context source path cannot be empty").WithAddress(rc.UCXLAddress)
} }
@@ -398,8 +402,8 @@ func (cn *ContextNode) HasRole(role string) bool {
// CanAccess checks if a role can access this context based on authority level // CanAccess checks if a role can access this context based on authority level
func (cn *ContextNode) CanAccess(role string, authority config.AuthorityLevel) bool { func (cn *ContextNode) CanAccess(role string, authority config.AuthorityLevel) bool {
// Master authority can access everything // Master/Admin authority can access everything
if authority == config.AuthorityMaster { if authority == config.AuthorityMaster || authority == config.AuthorityAdmin {
return true return true
} }
@@ -421,16 +425,16 @@ func (cn *ContextNode) Clone() *ContextNode {
Summary: cn.Summary, Summary: cn.Summary,
Purpose: cn.Purpose, Purpose: cn.Purpose,
Technologies: make([]string, len(cn.Technologies)), Technologies: make([]string, len(cn.Technologies)),
Tags: make([]string, len(cn.Tags)), Tags: make([]string, len(cn.Tags)),
Insights: make([]string, len(cn.Insights)), Insights: make([]string, len(cn.Insights)),
OverridesParent: cn.OverridesParent, OverridesParent: cn.OverridesParent,
ContextSpecificity: cn.ContextSpecificity, ContextSpecificity: cn.ContextSpecificity,
AppliesToChildren: cn.AppliesToChildren, AppliesToChildren: cn.AppliesToChildren,
GeneratedAt: cn.GeneratedAt, GeneratedAt: cn.GeneratedAt,
RAGConfidence: cn.RAGConfidence, RAGConfidence: cn.RAGConfidence,
EncryptedFor: make([]string, len(cn.EncryptedFor)), EncryptedFor: make([]string, len(cn.EncryptedFor)),
AccessLevel: cn.AccessLevel, AccessLevel: cn.AccessLevel,
Metadata: make(map[string]interface{}), Metadata: make(map[string]interface{}),
} }
copy(cloned.Technologies, cn.Technologies) copy(cloned.Technologies, cn.Technologies)
@@ -448,18 +452,18 @@ func (cn *ContextNode) Clone() *ContextNode {
// Clone creates a deep copy of the ResolvedContext // Clone creates a deep copy of the ResolvedContext
func (rc *ResolvedContext) Clone() *ResolvedContext { func (rc *ResolvedContext) Clone() *ResolvedContext {
cloned := &ResolvedContext{ cloned := &ResolvedContext{
UCXLAddress: *rc.UCXLAddress.Clone(), UCXLAddress: *rc.UCXLAddress.Clone(),
Summary: rc.Summary, Summary: rc.Summary,
Purpose: rc.Purpose, Purpose: rc.Purpose,
Technologies: make([]string, len(rc.Technologies)), Technologies: make([]string, len(rc.Technologies)),
Tags: make([]string, len(rc.Tags)), Tags: make([]string, len(rc.Tags)),
Insights: make([]string, len(rc.Insights)), Insights: make([]string, len(rc.Insights)),
ContextSourcePath: rc.ContextSourcePath, ContextSourcePath: rc.ContextSourcePath,
InheritanceChain: make([]string, len(rc.InheritanceChain)), InheritanceChain: make([]string, len(rc.InheritanceChain)),
ResolutionConfidence: rc.ResolutionConfidence, ResolutionConfidence: rc.ResolutionConfidence,
BoundedDepth: rc.BoundedDepth, BoundedDepth: rc.BoundedDepth,
GlobalContextsApplied: rc.GlobalContextsApplied, GlobalContextsApplied: rc.GlobalContextsApplied,
ResolvedAt: rc.ResolvedAt, ResolvedAt: rc.ResolvedAt,
} }
copy(cloned.Technologies, rc.Technologies) copy(cloned.Technologies, rc.Technologies)
@@ -468,4 +472,4 @@ func (rc *ResolvedContext) Clone() *ResolvedContext {
copy(cloned.InheritanceChain, rc.InheritanceChain) copy(cloned.InheritanceChain, rc.InheritanceChain)
return cloned return cloned
} }