9bdcbe0447
Major integrations and fixes: - Added BACKBEAT SDK integration for P2P operation timing - Implemented beat-aware status tracking for distributed operations - Added Docker secrets support for secure license management - Resolved KACHING license validation via HTTPS/TLS - Updated docker-compose configuration for clean stack deployment - Disabled rollback policies to prevent deployment failures - Added license credential storage (CHORUS-DEV-MULTI-001) Technical improvements: - BACKBEAT P2P operation tracking with phase management - Enhanced configuration system with file-based secrets - Improved error handling for license validation - Clean separation of KACHING and CHORUS deployment stacks 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
133 lines
4.4 KiB
Go
133 lines
4.4 KiB
Go
package config
|
|
|
|
import "time"
|
|
|
|
// Authority levels for roles
|
|
const (
|
|
AuthorityReadOnly = "readonly"
|
|
AuthoritySuggestion = "suggestion"
|
|
AuthorityFull = "full"
|
|
AuthorityAdmin = "admin"
|
|
)
|
|
|
|
// SecurityConfig defines security-related configuration
|
|
type SecurityConfig struct {
|
|
KeyRotationDays int `yaml:"key_rotation_days"`
|
|
AuditLogging bool `yaml:"audit_logging"`
|
|
AuditPath string `yaml:"audit_path"`
|
|
ElectionConfig ElectionConfig `yaml:"election"`
|
|
}
|
|
|
|
// ElectionConfig defines election timing and behavior settings
|
|
type ElectionConfig struct {
|
|
DiscoveryTimeout time.Duration `yaml:"discovery_timeout"`
|
|
HeartbeatTimeout time.Duration `yaml:"heartbeat_timeout"`
|
|
ElectionTimeout time.Duration `yaml:"election_timeout"`
|
|
DiscoveryBackoff time.Duration `yaml:"discovery_backoff"`
|
|
LeadershipScoring *LeadershipScoring `yaml:"leadership_scoring,omitempty"`
|
|
}
|
|
|
|
// LeadershipScoring defines weights for election scoring
|
|
type LeadershipScoring struct {
|
|
UptimeWeight float64 `yaml:"uptime_weight"`
|
|
CapabilityWeight float64 `yaml:"capability_weight"`
|
|
ExperienceWeight float64 `yaml:"experience_weight"`
|
|
LoadWeight float64 `yaml:"load_weight"`
|
|
}
|
|
|
|
// AgeKeyPair represents an Age encryption key pair
|
|
type AgeKeyPair struct {
|
|
PublicKey string `yaml:"public_key"`
|
|
PrivateKey string `yaml:"private_key"`
|
|
}
|
|
|
|
// RoleDefinition represents a role configuration
|
|
type RoleDefinition struct {
|
|
Name string `yaml:"name"`
|
|
Description string `yaml:"description"`
|
|
Capabilities []string `yaml:"capabilities"`
|
|
AccessLevel string `yaml:"access_level"`
|
|
AuthorityLevel string `yaml:"authority_level"`
|
|
Keys *AgeKeyPair `yaml:"keys,omitempty"`
|
|
AgeKeys *AgeKeyPair `yaml:"age_keys,omitempty"` // Legacy field name
|
|
CanDecrypt []string `yaml:"can_decrypt,omitempty"` // Roles this role can decrypt
|
|
}
|
|
|
|
// GetPredefinedRoles returns the predefined roles for the system
|
|
func GetPredefinedRoles() map[string]*RoleDefinition {
|
|
return map[string]*RoleDefinition{
|
|
"project_manager": {
|
|
Name: "project_manager",
|
|
Description: "Project coordination and management",
|
|
Capabilities: []string{"coordination", "planning", "oversight"},
|
|
AccessLevel: "high",
|
|
AuthorityLevel: AuthorityAdmin,
|
|
CanDecrypt: []string{"project_manager", "backend_developer", "frontend_developer", "devops_engineer", "security_engineer"},
|
|
},
|
|
"backend_developer": {
|
|
Name: "backend_developer",
|
|
Description: "Backend development and API work",
|
|
Capabilities: []string{"backend", "api", "database"},
|
|
AccessLevel: "medium",
|
|
AuthorityLevel: AuthorityFull,
|
|
CanDecrypt: []string{"backend_developer"},
|
|
},
|
|
"frontend_developer": {
|
|
Name: "frontend_developer",
|
|
Description: "Frontend UI development",
|
|
Capabilities: []string{"frontend", "ui", "components"},
|
|
AccessLevel: "medium",
|
|
AuthorityLevel: AuthorityFull,
|
|
CanDecrypt: []string{"frontend_developer"},
|
|
},
|
|
"devops_engineer": {
|
|
Name: "devops_engineer",
|
|
Description: "Infrastructure and deployment",
|
|
Capabilities: []string{"infrastructure", "deployment", "monitoring"},
|
|
AccessLevel: "high",
|
|
AuthorityLevel: AuthorityFull,
|
|
CanDecrypt: []string{"devops_engineer", "backend_developer"},
|
|
},
|
|
"security_engineer": {
|
|
Name: "security_engineer",
|
|
Description: "Security oversight and hardening",
|
|
Capabilities: []string{"security", "audit", "compliance"},
|
|
AccessLevel: "high",
|
|
AuthorityLevel: AuthorityAdmin,
|
|
CanDecrypt: []string{"security_engineer", "project_manager", "backend_developer", "frontend_developer", "devops_engineer"},
|
|
},
|
|
}
|
|
}
|
|
|
|
// CanDecryptRole checks if the current agent can decrypt content for a target role
|
|
func (c *Config) CanDecryptRole(targetRole string) (bool, error) {
|
|
roles := GetPredefinedRoles()
|
|
currentRole, exists := roles[c.Agent.Role]
|
|
if !exists {
|
|
return false, nil
|
|
}
|
|
|
|
targetRoleDef, exists := roles[targetRole]
|
|
if !exists {
|
|
return false, nil
|
|
}
|
|
|
|
// Simple access level check
|
|
currentLevel := getAccessLevelValue(currentRole.AccessLevel)
|
|
targetLevel := getAccessLevelValue(targetRoleDef.AccessLevel)
|
|
|
|
return currentLevel >= targetLevel, nil
|
|
}
|
|
|
|
func getAccessLevelValue(level string) int {
|
|
switch level {
|
|
case "low":
|
|
return 1
|
|
case "medium":
|
|
return 2
|
|
case "high":
|
|
return 3
|
|
default:
|
|
return 0
|
|
}
|
|
} |