Implement BZZZ Phase 2A: Unified SLURP Architecture with Consensus Elections

🎯 Major architectural achievement: SLURP is now a specialized BZZZ agent with admin role ## Core Implementation: ### 1. Unified Architecture - SLURP becomes admin-role BZZZ agent with master authority - Single P2P network for all coordination (no separate systems) - Distributed admin role with consensus-based failover ### 2. Role-Based Authority System (pkg/config/roles.go) - Authority levels: master/decision/coordination/suggestion/read_only - Admin role includes SLURP functionality (context curation, decision ingestion) - Flexible role definitions via .ucxl/roles.yaml configuration - Authority methods: CanDecryptRole(), CanMakeDecisions(), IsAdminRole() ### 3. Election System with Consensus (pkg/election/election.go) - Election triggers: heartbeat timeout, discovery failure, split brain, quorum loss - Leadership scoring: uptime, capabilities, resources, network quality - Raft-based consensus algorithm for distributed coordination - Split brain detection prevents multiple admin conflicts ### 4. Age Encryption Integration - Role-based Age keypairs for content encryption - Hierarchical access: admin can decrypt all roles, others limited by authority - Shamir secret sharing foundation for admin key distribution (3/5 threshold) - UCXL content encrypted by creator's role level ### 5. Security & Configuration - Cluster security config with election timeouts and quorum requirements - Audit logging for security events and key reconstruction - Project-specific role definitions in .ucxl/roles.yaml - Role-specific prompt templates in .ucxl/templates/ ### 6. Main Application Integration (main.go) - Election manager integrated into BZZZ startup process - Admin callbacks for automatic SLURP enablement - Heartbeat system for admin leadership maintenance - Authority level display in startup information ## Benefits: ✅ High Availability: Any node can become admin via consensus ✅ Security: Age encryption + Shamir prevents single points of failure ✅ Flexibility: User-definable roles with granular authority ✅ Unified Architecture: Single P2P network for all coordination ✅ Automatic Failover: Elections triggered by multiple conditions ## Next Steps (Phase 2B): - Age encryption implementation for UCXL content - Shamir secret sharing key reconstruction algorithm - DHT integration for distributed encrypted storage - Decision publishing pipeline integration 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-08 15:44:10 +10:00
parent 1ef5931c36
commit 78d34c19dd
8 changed files with 1458 additions and 17 deletions
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -10,17 +10,30 @@ import (
 	"gopkg.in/yaml.v2"
 )

+// SecurityConfig holds cluster security and election configuration
+type SecurityConfig struct {
+	// Admin key sharing
+	AdminKeyShares  ShamirShare    `yaml:"admin_key_shares" json:"admin_key_shares"`
+	ElectionConfig  ElectionConfig `yaml:"election_config" json:"election_config"`
+	
+	// Key management
+	KeyRotationDays int    `yaml:"key_rotation_days,omitempty" json:"key_rotation_days,omitempty"`
+	AuditLogging    bool   `yaml:"audit_logging" json:"audit_logging"`
+	AuditPath       string `yaml:"audit_path,omitempty" json:"audit_path,omitempty"`
+}
+
 // Config represents the complete configuration for a Bzzz agent
 type Config struct {
-	HiveAPI HiveAPIConfig `yaml:"hive_api"`
-	Agent   AgentConfig   `yaml:"agent"`
-	GitHub  GitHubConfig  `yaml:"github"`
-	P2P     P2PConfig     `yaml:"p2p"`
-	Logging LoggingConfig `yaml:"logging"`
-	HCFS    HCFSConfig    `yaml:"hcfs"`
-	Slurp   SlurpConfig   `yaml:"slurp"`
-	V2      V2Config      `yaml:"v2"` // BZZZ v2 protocol settings
-	UCXL    UCXLConfig    `yaml:"ucxl"` // UCXL protocol settings
+	HiveAPI  HiveAPIConfig  `yaml:"hive_api"`
+	Agent    AgentConfig    `yaml:"agent"`
+	GitHub   GitHubConfig   `yaml:"github"`
+	P2P      P2PConfig      `yaml:"p2p"`
+	Logging  LoggingConfig  `yaml:"logging"`
+	HCFS     HCFSConfig     `yaml:"hcfs"`
+	Slurp    SlurpConfig    `yaml:"slurp"`
+	V2       V2Config       `yaml:"v2"`   // BZZZ v2 protocol settings
+	UCXL     UCXLConfig     `yaml:"ucxl"` // UCXL protocol settings
+	Security SecurityConfig `yaml:"security"` // Cluster security and elections
 }

 // HiveAPIConfig holds Hive system integration settings
@@ -320,6 +333,26 @@ func getDefaultConfig() *Config {
 				DiscoveryTimeout:   30 * time.Second,
 			},
 		},
+		Security: SecurityConfig{
+			AdminKeyShares: ShamirShare{
+				Threshold:   3,
+				TotalShares: 5,
+			},
+			ElectionConfig: ElectionConfig{
+				HeartbeatTimeout:     5 * time.Second,
+				DiscoveryTimeout:     30 * time.Second,
+				ElectionTimeout:      15 * time.Second,
+				MaxDiscoveryAttempts: 6,
+				DiscoveryBackoff:     5 * time.Second,
+				MinimumQuorum:        3,
+				ConsensusAlgorithm:   "raft",
+				SplitBrainDetection:  true,
+				ConflictResolution:   "highest_uptime",
+			},
+			KeyRotationDays: 90,
+			AuditLogging:    true,
+			AuditPath:       ".bzzz/security-audit.log",
+		},
 		V2: V2Config{
 			Enabled:         false, // Disabled by default for backward compatibility
 			ProtocolVersion: "2.0.0",