tony/CHORUS
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8d9b62daf37ad7dc3f5f0a17966e5fe3a4e00361
CHORUS/pkg/slurp/roles/doc.go
anthonyrawlins 9bdcbe0447 Integrate BACKBEAT SDK and resolve KACHING license validation 
Major integrations and fixes:
- Added BACKBEAT SDK integration for P2P operation timing
- Implemented beat-aware status tracking for distributed operations
- Added Docker secrets support for secure license management
- Resolved KACHING license validation via HTTPS/TLS
- Updated docker-compose configuration for clean stack deployment
- Disabled rollback policies to prevent deployment failures
- Added license credential storage (CHORUS-DEV-MULTI-001)

Technical improvements:
- BACKBEAT P2P operation tracking with phase management
- Enhanced configuration system with file-based secrets
- Improved error handling for license validation
- Clean separation of KACHING and CHORUS deployment stacks

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-06 07:56:26 +10:00

102 lines
4.5 KiB
Go
Raw Blame History

// Package roles provides role-based access control and context filtering for the SLURP system.
//
// This package implements comprehensive role-based access control (RBAC) for contextual
// intelligence, ensuring that context information is appropriately filtered, encrypted,
// and distributed based on role permissions and security requirements. It integrates
// with the existing CHORUS crypto system to provide secure, scalable access control.
//
// Key Features:
// - Hierarchical role definition and management
// - Context filtering based on role permissions and access levels
// - Integration with CHORUS crypto system for role-based encryption
// - Dynamic permission evaluation and caching for performance
// - Role-specific context views and perspectives
// - Audit logging for access control decisions
// - Permission inheritance and delegation
// - Temporal access control with time-based permissions
//
// Core Components:
// - RoleManager: Definition and management of roles and permissions
// - AccessController: Access control decision making and enforcement
// - ContextFilter: Role-based filtering of context information
// - PermissionEvaluator: Dynamic evaluation of permissions
// - AuditLogger: Logging of access control events
// - EncryptionManager: Role-based encryption and key management
//
// Integration Points:
// - pkg/crypto: Role-based encryption and key management
// - pkg/slurp/context: Context filtering and access control
// - pkg/slurp/storage: Encrypted storage with role-based access
// - pkg/election: Leader-based role administration
// - pkg/config: Role configuration and policies
//
// Example Usage:
//
// roleManager := roles.NewRoleManager(storage, crypto)
// ctx := context.Background()
//
// // Define a new role
// role := &Role{
// Name: "Senior Developer",
// Permissions: []Permission{
// PermissionReadCode,
// PermissionWriteCode,
// PermissionViewArchitecture,
// },
// AccessLevel: AccessLevelHigh,
// }
// err := roleManager.CreateRole(ctx, role)
//
// // Assign role to user
// err = roleManager.AssignRole(ctx, "user123", "senior-developer")
//
// // Filter context based on role
// filter := roles.NewContextFilter(roleManager)
// filteredContext, err := filter.FilterContext(ctx, originalContext, "senior-developer")
//
// // Check permissions
// controller := roles.NewAccessController(roleManager)
// canAccess, err := controller.CheckPermission(ctx, "user123", PermissionViewArchitecture)
// if canAccess {
// // Allow access to architectural context
// }
//
// Role Hierarchy:
// The system supports hierarchical roles where higher-level roles inherit
// permissions from lower-level roles. This enables flexible permission
// management while maintaining security boundaries appropriate for different
// team responsibilities and access needs.
//
// Access Levels:
// Context information is classified into different access levels (Public,
// Low, Medium, High, Critical) and roles are granted appropriate access
// levels. This ensures sensitive information is only available to
// authorized personnel while enabling collaboration on appropriate content.
//
// Temporal Access Control:
// The system supports time-based access control where permissions can be
// granted for specific time periods, enabling temporary access for
// contractors, time-limited elevated permissions, and automatic access
// revocation for compliance and security requirements.
//
// Performance Considerations:
// - Permission caching with configurable TTL for fast access decisions
// - Batch permission evaluation for efficiency with large contexts
// - Pre-computed role hierarchies and permission inheritance
// - Optimized context filtering algorithms for minimal overhead
// - Background permission synchronization across cluster nodes
//
// Security Model:
// All access control decisions are based on cryptographically verified
// role assignments and permissions. The system integrates with the CHORUS
// crypto infrastructure to ensure secure key distribution and context
// encryption, preventing unauthorized access even in case of node
// compromise or network interception.
//
// Audit and Compliance:
// Comprehensive audit logging tracks all access control decisions,
// permission changes, and context access patterns. This supports
// compliance requirements, security analysis, and debugging of
// access control issues while maintaining performance through
// asynchronous logging and efficient storage.
package roles
Reference in New Issue View Git Blame Copy Permalink