Implement BZZZ Phase 2A: Unified SLURP Architecture with Consensus Elections

🎯 Major architectural achievement: SLURP is now a specialized BZZZ agent with admin role ## Core Implementation: ### 1. Unified Architecture - SLURP becomes admin-role BZZZ agent with master authority - Single P2P network for all coordination (no separate systems) - Distributed admin role with consensus-based failover ### 2. Role-Based Authority System (pkg/config/roles.go) - Authority levels: master/decision/coordination/suggestion/read_only - Admin role includes SLURP functionality (context curation, decision ingestion) - Flexible role definitions via .ucxl/roles.yaml configuration - Authority methods: CanDecryptRole(), CanMakeDecisions(), IsAdminRole() ### 3. Election System with Consensus (pkg/election/election.go) - Election triggers: heartbeat timeout, discovery failure, split brain, quorum loss - Leadership scoring: uptime, capabilities, resources, network quality - Raft-based consensus algorithm for distributed coordination - Split brain detection prevents multiple admin conflicts ### 4. Age Encryption Integration - Role-based Age keypairs for content encryption - Hierarchical access: admin can decrypt all roles, others limited by authority - Shamir secret sharing foundation for admin key distribution (3/5 threshold) - UCXL content encrypted by creator's role level ### 5. Security & Configuration - Cluster security config with election timeouts and quorum requirements - Audit logging for security events and key reconstruction - Project-specific role definitions in .ucxl/roles.yaml - Role-specific prompt templates in .ucxl/templates/ ### 6. Main Application Integration (main.go) - Election manager integrated into BZZZ startup process - Admin callbacks for automatic SLURP enablement - Heartbeat system for admin leadership maintenance - Authority level display in startup information ## Benefits: ✅ High Availability: Any node can become admin via consensus ✅ Security: Age encryption + Shamir prevents single points of failure ✅ Flexibility: User-definable roles with granular authority ✅ Unified Architecture: Single P2P network for all coordination ✅ Automatic Failover: Elections triggered by multiple conditions ## Next Steps (Phase 2B): - Age encryption implementation for UCXL content - Shamir secret sharing key reconstruction algorithm - DHT integration for distributed encrypted storage - Decision publishing pipeline integration 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-08 15:44:10 +10:00
parent 1ef5931c36
commit 78d34c19dd
8 changed files with 1458 additions and 17 deletions
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -10,17 +10,30 @@ import (
 	"gopkg.in/yaml.v2"
 )

+// SecurityConfig holds cluster security and election configuration
+type SecurityConfig struct {
+	// Admin key sharing
+	AdminKeyShares  ShamirShare    `yaml:"admin_key_shares" json:"admin_key_shares"`
+	ElectionConfig  ElectionConfig `yaml:"election_config" json:"election_config"`
+	
+	// Key management
+	KeyRotationDays int    `yaml:"key_rotation_days,omitempty" json:"key_rotation_days,omitempty"`
+	AuditLogging    bool   `yaml:"audit_logging" json:"audit_logging"`
+	AuditPath       string `yaml:"audit_path,omitempty" json:"audit_path,omitempty"`
+}
+
 // Config represents the complete configuration for a Bzzz agent
 type Config struct {
-	HiveAPI HiveAPIConfig `yaml:"hive_api"`
-	Agent   AgentConfig   `yaml:"agent"`
-	GitHub  GitHubConfig  `yaml:"github"`
-	P2P     P2PConfig     `yaml:"p2p"`
-	Logging LoggingConfig `yaml:"logging"`
-	HCFS    HCFSConfig    `yaml:"hcfs"`
-	Slurp   SlurpConfig   `yaml:"slurp"`
-	V2      V2Config      `yaml:"v2"` // BZZZ v2 protocol settings
-	UCXL    UCXLConfig    `yaml:"ucxl"` // UCXL protocol settings
+	HiveAPI  HiveAPIConfig  `yaml:"hive_api"`
+	Agent    AgentConfig    `yaml:"agent"`
+	GitHub   GitHubConfig   `yaml:"github"`
+	P2P      P2PConfig      `yaml:"p2p"`
+	Logging  LoggingConfig  `yaml:"logging"`
+	HCFS     HCFSConfig     `yaml:"hcfs"`
+	Slurp    SlurpConfig    `yaml:"slurp"`
+	V2       V2Config       `yaml:"v2"`   // BZZZ v2 protocol settings
+	UCXL     UCXLConfig     `yaml:"ucxl"` // UCXL protocol settings
+	Security SecurityConfig `yaml:"security"` // Cluster security and elections
 }

 // HiveAPIConfig holds Hive system integration settings
@@ -320,6 +333,26 @@ func getDefaultConfig() *Config {
 				DiscoveryTimeout:   30 * time.Second,
 			},
 		},
+		Security: SecurityConfig{
+			AdminKeyShares: ShamirShare{
+				Threshold:   3,
+				TotalShares: 5,
+			},
+			ElectionConfig: ElectionConfig{
+				HeartbeatTimeout:     5 * time.Second,
+				DiscoveryTimeout:     30 * time.Second,
+				ElectionTimeout:      15 * time.Second,
+				MaxDiscoveryAttempts: 6,
+				DiscoveryBackoff:     5 * time.Second,
+				MinimumQuorum:        3,
+				ConsensusAlgorithm:   "raft",
+				SplitBrainDetection:  true,
+				ConflictResolution:   "highest_uptime",
+			},
+			KeyRotationDays: 90,
+			AuditLogging:    true,
+			AuditPath:       ".bzzz/security-audit.log",
+		},
 		V2: V2Config{
 			Enabled:         false, // Disabled by default for backward compatibility
 			ProtocolVersion: "2.0.0",
--- a/pkg/config/roles.go
+++ b/pkg/config/roles.go
@@ -2,11 +2,63 @@ package config

 import (
 	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
 	"strings"
+	"time"
+
+	"gopkg.in/yaml.v2"
 )

-// RoleDefinition represents a complete role definition from Bees-AgenticWorkers
+// AuthorityLevel defines the decision-making authority of a role
+type AuthorityLevel string
+
+const (
+	AuthorityMaster       AuthorityLevel = "master"       // Full admin access, can decrypt all roles (SLURP functionality)
+	AuthorityDecision     AuthorityLevel = "decision"     // Can make permanent decisions
+	AuthorityCoordination AuthorityLevel = "coordination" // Can coordinate across roles
+	AuthoritySuggestion   AuthorityLevel = "suggestion"   // Can suggest, no permanent decisions
+	AuthorityReadOnly     AuthorityLevel = "read_only"    // Observer access only
+)
+
+// AgeKeyPair holds Age encryption keys for a role
+type AgeKeyPair struct {
+	PublicKey  string `yaml:"public,omitempty" json:"public,omitempty"`
+	PrivateKey string `yaml:"private,omitempty" json:"private,omitempty"`
+}
+
+// ShamirShare represents a share of the admin secret key
+type ShamirShare struct {
+	Index       int    `yaml:"index" json:"index"`
+	Share       string `yaml:"share" json:"share"`
+	Threshold   int    `yaml:"threshold" json:"threshold"`
+	TotalShares int    `yaml:"total_shares" json:"total_shares"`
+}
+
+// ElectionConfig defines consensus election parameters
+type ElectionConfig struct {
+	// Trigger timeouts
+	HeartbeatTimeout    time.Duration `yaml:"heartbeat_timeout" json:"heartbeat_timeout"`
+	DiscoveryTimeout    time.Duration `yaml:"discovery_timeout" json:"discovery_timeout"`
+	ElectionTimeout     time.Duration `yaml:"election_timeout" json:"election_timeout"`
+	
+	// Discovery settings
+	MaxDiscoveryAttempts int           `yaml:"max_discovery_attempts" json:"max_discovery_attempts"`
+	DiscoveryBackoff     time.Duration `yaml:"discovery_backoff" json:"discovery_backoff"`
+	
+	// Consensus requirements
+	MinimumQuorum       int    `yaml:"minimum_quorum" json:"minimum_quorum"`
+	ConsensusAlgorithm  string `yaml:"consensus_algorithm" json:"consensus_algorithm"` // "raft", "pbft"
+	
+	// Split brain detection
+	SplitBrainDetection bool   `yaml:"split_brain_detection" json:"split_brain_detection"`
+	ConflictResolution  string `yaml:"conflict_resolution,omitempty" json:"conflict_resolution,omitempty"`
+}
+
+// RoleDefinition represents a complete role definition with authority and encryption
 type RoleDefinition struct {
+	// Existing fields from Bees-AgenticWorkers
 	Name         string   `yaml:"name"`
 	SystemPrompt string   `yaml:"system_prompt"`
 	ReportsTo    []string `yaml:"reports_to"`
@@ -16,18 +68,61 @@ type RoleDefinition struct {
 	
 	// Collaboration preferences
 	CollaborationDefaults CollaborationConfig `yaml:"collaboration_defaults"`
+	
+	// NEW: Authority and encryption fields for Phase 2A
+	AuthorityLevel   AuthorityLevel `yaml:"authority_level" json:"authority_level"`
+	CanDecrypt      []string       `yaml:"can_decrypt,omitempty" json:"can_decrypt,omitempty"` // Roles this role can decrypt
+	AgeKeys         AgeKeyPair     `yaml:"age_keys,omitempty" json:"age_keys,omitempty"`
+	PromptTemplate  string         `yaml:"prompt_template,omitempty" json:"prompt_template,omitempty"`
+	Model           string         `yaml:"model,omitempty" json:"model,omitempty"`
+	MaxTasks        int            `yaml:"max_tasks,omitempty" json:"max_tasks,omitempty"`
+	
+	// Special functions (for admin/specialized roles)
+	SpecialFunctions []string `yaml:"special_functions,omitempty" json:"special_functions,omitempty"`
+	
+	// Decision context
+	DecisionScope []string `yaml:"decision_scope,omitempty" json:"decision_scope,omitempty"` // What domains this role can decide on
 }

 // GetPredefinedRoles returns all predefined roles from Bees-AgenticWorkers.md
 func GetPredefinedRoles() map[string]RoleDefinition {
 	return map[string]RoleDefinition{
+		// NEW: Admin role with SLURP functionality
+		"admin": {
+			Name: "SLURP Admin Agent",
+			SystemPrompt: "You are the **SLURP Admin Agent** with master authority level and context curation functionality.\n\n* **Responsibilities:** Maintain global context graph, ingest and analyze all distributed decisions, manage key reconstruction, coordinate admin elections.\n* **Authority:** Can decrypt and analyze all role-encrypted decisions, publish system-level decisions, manage cluster security.\n* **Special Functions:** Context curation, decision ingestion, semantic analysis, key reconstruction, admin election coordination.\n* **Reports To:** Distributed consensus (no single authority).\n* **Deliverables:** Global context analysis, decision quality metrics, cluster health reports, security audit logs.",
+			ReportsTo:    []string{}, // Admin reports to consensus
+			Expertise:    []string{"context_curation", "decision_analysis", "semantic_indexing", "distributed_systems", "security", "consensus_algorithms"},
+			Deliverables: []string{"global_context_graph", "decision_quality_metrics", "cluster_health_reports", "security_audit_logs"},
+			Capabilities: []string{"context_curation", "decision_ingestion", "semantic_analysis", "key_reconstruction", "admin_election", "cluster_coordination"},
+			AuthorityLevel: AuthorityMaster,
+			CanDecrypt:     []string{"*"}, // Can decrypt all roles
+			SpecialFunctions: []string{"slurp_functionality", "admin_election", "key_management", "consensus_coordination"},
+			Model:            "gpt-4o",
+			MaxTasks:         10,
+			DecisionScope:    []string{"system", "security", "architecture", "operations", "consensus"},
+			CollaborationDefaults: CollaborationConfig{
+				PreferredMessageTypes:    []string{"admin_election", "key_reconstruction", "consensus_request", "system_alert"},
+				AutoSubscribeToRoles:     []string{"senior_software_architect", "security_expert", "systems_engineer"},
+				AutoSubscribeToExpertise: []string{"architecture", "security", "infrastructure", "consensus"},
+				ResponseTimeoutSeconds:   60, // Fast response for admin duties
+				MaxCollaborationDepth:    10,
+				EscalationThreshold:      1, // Immediate escalation for admin issues
+			},
+		},
+		
 		"senior_software_architect": {
 			Name: "Senior Software Architect",
-			SystemPrompt: "You are the **Senior Software Architect**. You define the system's overall structure, select tech stacks, and ensure long-term maintainability.\n\n* **Responsibilities:** Draft high-level architecture diagrams, define API contracts, set coding standards, mentor engineering leads.\n* **Expertise:** Deep experience in multiple programming paradigms, distributed systems, security models, and cloud architectures.\n* **Reports To:** Product Owner / Technical Director.\n* **Deliverables:** Architecture blueprints, tech stack decisions, integration strategies, and review sign-offs on major design changes.",
-			ReportsTo:    []string{"product_owner", "technical_director"},
+			SystemPrompt: "You are the **Senior Software Architect**. You define the system's overall structure, select tech stacks, and ensure long-term maintainability.\n\n* **Responsibilities:** Draft high-level architecture diagrams, define API contracts, set coding standards, mentor engineering leads.\n* **Authority:** Can make strategic technical decisions that are published as permanent UCXL decision nodes.\n* **Expertise:** Deep experience in multiple programming paradigms, distributed systems, security models, and cloud architectures.\n* **Reports To:** Product Owner / Technical Director.\n* **Deliverables:** Architecture blueprints, tech stack decisions, integration strategies, and review sign-offs on major design changes.",
+			ReportsTo:    []string{"product_owner", "technical_director", "admin"},
 			Expertise:    []string{"architecture", "distributed_systems", "security", "cloud_architectures", "api_design"},
 			Deliverables: []string{"architecture_blueprints", "tech_stack_decisions", "integration_strategies", "design_reviews"},
 			Capabilities: []string{"task-coordination", "meta-discussion", "architecture", "code-review", "mentoring"},
+			AuthorityLevel: AuthorityDecision,
+			CanDecrypt:     []string{"senior_software_architect", "backend_developer", "frontend_developer", "full_stack_engineer", "database_engineer"},
+			Model:          "gpt-4o",
+			MaxTasks:       5,
+			DecisionScope:  []string{"architecture", "design", "technology_selection", "system_integration"},
 			CollaborationDefaults: CollaborationConfig{
 				PreferredMessageTypes:    []string{"coordination_request", "meta_discussion", "escalation_trigger"},
 				AutoSubscribeToRoles:     []string{"lead_designer", "security_expert", "systems_engineer"},
@@ -40,11 +135,16 @@ func GetPredefinedRoles() map[string]RoleDefinition {
 		
 		"lead_designer": {
 			Name: "Lead Designer",
-			SystemPrompt: "You are the **Lead Designer**. You guide the creative vision and maintain design cohesion across the product.\n\n* **Responsibilities:** Oversee UX flow, wireframes, and feature design; ensure consistency of theme and style; mediate between product vision and technical constraints.\n* **Expertise:** UI/UX principles, accessibility, information architecture, Figma/Sketch proficiency.\n* **Reports To:** Product Owner.\n* **Deliverables:** Style guides, wireframes, feature specs, and iterative design documentation.",
-			ReportsTo:    []string{"product_owner"},
+			SystemPrompt: "You are the **Lead Designer**. You guide the creative vision and maintain design cohesion across the product.\n\n* **Responsibilities:** Oversee UX flow, wireframes, and feature design; ensure consistency of theme and style; mediate between product vision and technical constraints.\n* **Authority:** Can make design decisions that influence product direction and user experience.\n* **Expertise:** UI/UX principles, accessibility, information architecture, Figma/Sketch proficiency.\n* **Reports To:** Product Owner.\n* **Deliverables:** Style guides, wireframes, feature specs, and iterative design documentation.",
+			ReportsTo:    []string{"product_owner", "admin"},
 			Expertise:    []string{"ui_ux", "accessibility", "information_architecture", "design_systems", "user_research"},
 			Deliverables: []string{"style_guides", "wireframes", "feature_specs", "design_documentation"},
 			Capabilities: []string{"task-coordination", "meta-discussion", "design", "user_experience"},
+			AuthorityLevel: AuthorityDecision,
+			CanDecrypt:     []string{"lead_designer", "ui_ux_designer", "frontend_developer"},
+			Model:          "gpt-4o",
+			MaxTasks:       4,
+			DecisionScope:  []string{"design", "user_experience", "accessibility", "visual_identity"},
 			CollaborationDefaults: CollaborationConfig{
 				PreferredMessageTypes:    []string{"task_help_request", "coordination_request", "meta_discussion"},
 				AutoSubscribeToRoles:     []string{"ui_ux_designer", "frontend_developer"},
@@ -57,11 +157,16 @@ func GetPredefinedRoles() map[string]RoleDefinition {
 		
 		"security_expert": {
 			Name: "Security Expert",
-			SystemPrompt: "You are the **Security Expert**. You ensure the system is hardened against vulnerabilities.\n\n* **Responsibilities:** Conduct threat modeling, penetration tests, code reviews for security flaws, and define access control policies.\n* **Expertise:** Cybersecurity frameworks (OWASP, NIST), encryption, key management, zero-trust systems.\n* **Reports To:** Senior Software Architect.\n* **Deliverables:** Security audits, vulnerability reports, risk mitigation plans, compliance documentation.",
-			ReportsTo:    []string{"senior_software_architect"},
+			SystemPrompt: "You are the **Security Expert**. You ensure the system is hardened against vulnerabilities.\n\n* **Responsibilities:** Conduct threat modeling, penetration tests, code reviews for security flaws, and define access control policies.\n* **Authority:** Can make security-related decisions and coordinate security implementations across teams.\n* **Expertise:** Cybersecurity frameworks (OWASP, NIST), encryption, key management, zero-trust systems.\n* **Reports To:** Senior Software Architect.\n* **Deliverables:** Security audits, vulnerability reports, risk mitigation plans, compliance documentation.",
+			ReportsTo:    []string{"senior_software_architect", "admin"},
 			Expertise:    []string{"cybersecurity", "owasp", "nist", "encryption", "key_management", "zero_trust", "penetration_testing"},
 			Deliverables: []string{"security_audits", "vulnerability_reports", "risk_mitigation_plans", "compliance_documentation"},
 			Capabilities: []string{"task-coordination", "meta-discussion", "security-analysis", "code-review", "threat-modeling"},
+			AuthorityLevel: AuthorityCoordination,
+			CanDecrypt:     []string{"security_expert", "backend_developer", "devops_engineer", "systems_engineer"},
+			Model:          "gpt-4o",
+			MaxTasks:       4,
+			DecisionScope:  []string{"security", "access_control", "threat_mitigation", "compliance"},
 			CollaborationDefaults: CollaborationConfig{
 				PreferredMessageTypes:    []string{"dependency_alert", "task_help_request", "escalation_trigger"},
 				AutoSubscribeToRoles:     []string{"backend_developer", "devops_engineer", "senior_software_architect"},
@@ -287,7 +392,7 @@ func (c *Config) ApplyRoleDefinition(roleName string) error {
 		return fmt.Errorf("unknown role: %s", roleName)
 	}
 	
-	// Apply role configuration
+	// Apply existing role configuration
 	c.Agent.Role = role.Name
 	c.Agent.SystemPrompt = role.SystemPrompt
 	c.Agent.ReportsTo = role.ReportsTo
@@ -296,6 +401,33 @@ func (c *Config) ApplyRoleDefinition(roleName string) error {
 	c.Agent.Capabilities = role.Capabilities
 	c.Agent.CollaborationSettings = role.CollaborationDefaults
 	
+	// Apply NEW authority and encryption settings
+	if role.Model != "" {
+		// Set primary model for this role
+		c.Agent.DefaultReasoningModel = role.Model
+		// Ensure it's in the models list
+		if !contains(c.Agent.Models, role.Model) {
+			c.Agent.Models = append([]string{role.Model}, c.Agent.Models...)
+		}
+	}
+	
+	if role.MaxTasks > 0 {
+		c.Agent.MaxTasks = role.MaxTasks
+	}
+	
+	// Apply special functions for admin roles
+	if role.AuthorityLevel == AuthorityMaster {
+		// Enable SLURP functionality for admin role
+		c.Slurp.Enabled = true
+		// Add special admin capabilities
+		adminCaps := []string{"context_curation", "decision_ingestion", "semantic_analysis", "key_reconstruction"}
+		for _, cap := range adminCaps {
+			if !contains(c.Agent.Capabilities, cap) {
+				c.Agent.Capabilities = append(c.Agent.Capabilities, cap)
+			}
+		}
+	}
+	
 	return nil
 }

@@ -329,4 +461,118 @@ func GetAvailableRoles() []string {
 	}
 	
 	return names
+}
+
+// GetRoleAuthority returns the authority level for a given role
+func (c *Config) GetRoleAuthority(roleName string) (AuthorityLevel, error) {
+	roles := GetPredefinedRoles()
+	
+	role, exists := roles[roleName]
+	if !exists {
+		return AuthorityReadOnly, fmt.Errorf("role '%s' not found", roleName)
+	}
+	
+	return role.AuthorityLevel, nil
+}
+
+// CanDecryptRole checks if current role can decrypt content from target role
+func (c *Config) CanDecryptRole(targetRole string) (bool, error) {
+	if c.Agent.Role == "" {
+		return false, fmt.Errorf("no role configured")
+	}
+	
+	roles := GetPredefinedRoles()
+	
+	currentRole, exists := roles[c.Agent.Role]
+	if !exists {
+		return false, fmt.Errorf("current role '%s' not found", c.Agent.Role)
+	}
+	
+	// Master authority can decrypt everything
+	if currentRole.AuthorityLevel == AuthorityMaster {
+		return true, nil
+	}
+	
+	// Check if target role is in can_decrypt list
+	for _, role := range currentRole.CanDecrypt {
+		if role == targetRole || role == "*" {
+			return true, nil
+		}
+	}
+	
+	return false, nil
+}
+
+// IsAdminRole checks if the current agent has admin (master) authority
+func (c *Config) IsAdminRole() bool {
+	if c.Agent.Role == "" {
+		return false
+	}
+	
+	authority, err := c.GetRoleAuthority(c.Agent.Role)
+	if err != nil {
+		return false
+	}
+	
+	return authority == AuthorityMaster
+}
+
+// CanMakeDecisions checks if current role can make permanent decisions
+func (c *Config) CanMakeDecisions() bool {
+	if c.Agent.Role == "" {
+		return false
+	}
+	
+	authority, err := c.GetRoleAuthority(c.Agent.Role)
+	if err != nil {
+		return false
+	}
+	
+	return authority == AuthorityMaster || authority == AuthorityDecision
+}
+
+// GetDecisionScope returns the decision domains this role can decide on
+func (c *Config) GetDecisionScope() []string {
+	if c.Agent.Role == "" {
+		return []string{}
+	}
+	
+	roles := GetPredefinedRoles()
+	role, exists := roles[c.Agent.Role]
+	if !exists {
+		return []string{}
+	}
+	
+	return role.DecisionScope
+}
+
+// HasSpecialFunction checks if the current role has a specific special function
+func (c *Config) HasSpecialFunction(function string) bool {
+	if c.Agent.Role == "" {
+		return false
+	}
+	
+	roles := GetPredefinedRoles()
+	role, exists := roles[c.Agent.Role]
+	if !exists {
+		return false
+	}
+	
+	for _, specialFunc := range role.SpecialFunctions {
+		if specialFunc == function {
+			return true
+		}
+	}
+	
+	return false
+}
+
+// contains checks if a string slice contains a value
+func contains(slice []string, value string) bool {
+	for _, item := range slice {
+		if item == value {
+			return true
+		}
+	}
+	return false
 }