Resolve import cycles and migrate to chorus.services module path

This comprehensive refactoring addresses critical architectural issues:

IMPORT CYCLE RESOLUTION:
• pkg/crypto ↔ pkg/slurp/roles: Created pkg/security/access_levels.go
• pkg/ucxl → pkg/dht: Created pkg/storage/interfaces.go
• pkg/slurp/leader → pkg/election → pkg/slurp/storage: Moved types to pkg/election/interfaces.go

MODULE PATH MIGRATION:
• Changed from github.com/anthonyrawlins/bzzz to chorus.services/bzzz
• Updated all import statements across 115+ files
• Maintains compatibility while removing personal GitHub account dependency

TYPE SYSTEM IMPROVEMENTS:
• Resolved duplicate type declarations in crypto package
• Added missing type definitions (RoleStatus, TimeRestrictions, KeyStatus, KeyRotationResult)
• Proper interface segregation to prevent future cycles

ARCHITECTURAL BENEFITS:
• Build now progresses past structural issues to normal dependency resolution
• Cleaner separation of concerns between packages
• Eliminates circular dependencies that prevented compilation
• Establishes foundation for scalable codebase growth

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

pkg/crypto/access_control.go

@@ -30,9 +30,10 @@ import (
 	"sync"
 	"time"
 
-	"github.com/anthonyrawlins/bzzz/pkg/config"
-	"github.com/anthonyrawlins/bzzz/pkg/ucxl"
-	"github.com/anthonyrawlins/bzzz/pkg/slurp/roles"
+	"chorus.services/bzzz/pkg/config"
+	"chorus.services/bzzz/pkg/security"
+	"chorus.services/bzzz/pkg/ucxl"
+	"chorus.services/bzzz/pkg/slurp/roles"
 )
 
 // AccessControlMatrix implements sophisticated access control enforcement
@@ -138,6 +139,26 @@ const (
 	RoleTypeEmergency   RoleType = "emergency"   // Emergency access role
 )
 
+// RoleStatus represents the status of a role
+type RoleStatus string
+
+const (
+	RoleStatusActive    RoleStatus = "active"    // Role is active and usable
+	RoleStatusInactive  RoleStatus = "inactive"  // Role is inactive
+	RoleStatusSuspended RoleStatus = "suspended" // Role is temporarily suspended
+	RoleStatusRevoked   RoleStatus = "revoked"   // Role has been revoked
+	RoleStatusPending   RoleStatus = "pending"   // Role is pending approval
+)
+
+// TimeRestrictions represents time-based access restrictions
+type TimeRestrictions struct {
+	AllowedHours    []int             `json:"allowed_hours"`    // 0-23 allowed hours
+	AllowedDays     []time.Weekday    `json:"allowed_days"`     // Allowed days of week
+	AllowedTimeZone string            `json:"allowed_timezone"` // Timezone for restrictions
+	StartDate       *time.Time        `json:"start_date"`       // Role start date
+	EndDate         *time.Time        `json:"end_date"`         // Role end date
+}
+
 // Delegation represents role delegation
 type Delegation struct {
 	DelegationID        string                 `json:"delegation_id"`
@@ -824,7 +845,7 @@ func NewRoleHierarchy(cfg *config.Config) (*RoleHierarchy, error) {
 		role := &Role{
 			ID:                  roleID,
 			Name:                configRole.Name,
-			Description:         configRole.Description,
+			Description:         configRole.Name, // Use Name as Description since Description field doesn't exist
 			Type:                RoleTypeStandard,
 			Status:              RoleStatusActive,
 			DirectPermissions:   []string{},

pkg/crypto/age_crypto.go

@@ -38,7 +38,7 @@ import (
 
 	"filippo.io/age"           // Modern, secure encryption library
 	"filippo.io/age/agessh"    // SSH key support (unused but available)
-	"github.com/anthonyrawlins/bzzz/pkg/config"
+	"chorus.services/bzzz/pkg/config"
 )
 
 // AgeCrypto handles Age encryption for role-based content security.
@@ -336,7 +336,7 @@ func (ac *AgeCrypto) EncryptUCXLContent(content []byte, creatorRole string) ([]b
 // getDecryptableRolesForCreator determines which roles should be able to decrypt content from a creator
 func (ac *AgeCrypto) getDecryptableRolesForCreator(creatorRole string) ([]string, error) {
 	roles := config.GetPredefinedRoles()
-	creator, exists := roles[creatorRole]
+	_, exists := roles[creatorRole]
 	if !exists {
 		return nil, fmt.Errorf("creator role '%s' not found", creatorRole)
 	}

pkg/crypto/audit_logger.go

@@ -37,8 +37,8 @@ import (
 	"sync"
 	"time"
 
-	"github.com/anthonyrawlins/bzzz/pkg/config"
-	"github.com/anthonyrawlins/bzzz/pkg/ucxl"
+	"chorus.services/bzzz/pkg/config"
+	"chorus.services/bzzz/pkg/ucxl"
 )
 
 // AuditLoggerImpl implements comprehensive audit logging
@@ -773,7 +773,7 @@ func (al *AuditLoggerImpl) updateUserBehaviorProfile(event *AuditEvent) {
 
 	// Update activity patterns
 	hour := event.Timestamp.Hour()
-	if !contains(profile.TypicalHours, hour) {
+	if !auditContains(profile.TypicalHours, hour) {
 		profile.TypicalHours = append(profile.TypicalHours, hour)
 	}
 
@@ -924,7 +924,7 @@ type AuditQueryCriteria struct {
 }
 
 // Helper functions
-func contains(slice []int, item int) bool {
+func auditContains(slice []int, item int) bool {
 	for _, s := range slice {
 		if s == item {
 			return true

pkg/crypto/key_manager.go

@@ -32,7 +32,7 @@ import (
 	"time"
 
 	"golang.org/x/crypto/pbkdf2"
-	"github.com/anthonyrawlins/bzzz/pkg/config"
+	"chorus.services/bzzz/pkg/config"
 )
 
 // KeyManager handles sophisticated key management for role-based encryption
@@ -98,6 +98,49 @@ type KeyUsageStats struct {
 	SuspiciousActivity bool                  `json:"suspicious_activity"`
 }
 
+// KeyStatus represents the status of a cryptographic key
+type KeyStatus string
+
+const (
+	KeyStatusActive     KeyStatus = "active"     // Key is active and can be used
+	KeyStatusInactive   KeyStatus = "inactive"   // Key is inactive
+	KeyStatusExpired    KeyStatus = "expired"    // Key has expired
+	KeyStatusRevoked    KeyStatus = "revoked"    // Key has been revoked
+	KeyStatusSuspended  KeyStatus = "suspended"  // Key is temporarily suspended
+	KeyStatusPending    KeyStatus = "pending"    // Key is pending activation
+)
+
+// RoleKey represents a cryptographic key associated with a role
+type RoleKey struct {
+	KeyID       string      `json:"key_id"`
+	RoleID      string      `json:"role_id"`
+	KeyType     string      `json:"key_type"`
+	Version     int         `json:"version"`
+	CreatedAt   time.Time   `json:"created_at"`
+	ExpiresAt   *time.Time  `json:"expires_at,omitempty"`
+	Status      KeyStatus   `json:"status"`
+	KeyData     []byte      `json:"key_data,omitempty"`
+}
+
+// KeyRotationResult represents the result of a key rotation operation
+type KeyRotationResult struct {
+	Success           bool                   `json:"success"`
+	OldKeyID          string                 `json:"old_key_id"`
+	NewKeyID          string                 `json:"new_key_id"`
+	RotatedAt         time.Time              `json:"rotated_at"`
+	RollbackKeyID     string                 `json:"rollback_key_id,omitempty"`
+	Error             string                 `json:"error,omitempty"`
+	RotationDuration  time.Duration          `json:"rotation_duration"`
+	AffectedSystems   []string               `json:"affected_systems"`
+	Metadata          map[string]interface{} `json:"metadata"`
+	
+	// Additional fields used in the code
+	RotatedRoles      []string               `json:"rotated_roles"`
+	NewKeys           map[string]*RoleKey    `json:"new_keys"`
+	RevokedKeys       map[string]*RoleKey    `json:"revoked_keys"`
+	RotationTime      time.Duration          `json:"rotation_time"`
+}
+
 // KeyFilter represents criteria for filtering keys
 type KeyFilter struct {
 	RoleID            string                 `json:"role_id,omitempty"`

pkg/crypto/role_crypto.go

@@ -37,40 +37,26 @@ import (
 	"time"
 
 	"golang.org/x/crypto/pbkdf2"
-	"github.com/anthonyrawlins/bzzz/pkg/config"
-	"github.com/anthonyrawlins/bzzz/pkg/ucxl"
-	slurpContext "github.com/anthonyrawlins/bzzz/pkg/slurp/context"
-	"github.com/anthonyrawlins/bzzz/pkg/slurp/roles"
+	"chorus.services/bzzz/pkg/config"
+	"chorus.services/bzzz/pkg/security"
+	"chorus.services/bzzz/pkg/ucxl"
+	slurpContext "chorus.services/bzzz/pkg/slurp/context"
+	"chorus.services/bzzz/pkg/slurp/roles"
 )
 
-// AccessLevel defines the security clearance levels for role-based encryption
-type AccessLevel int
+// AccessLevel type alias for backward compatibility
+type AccessLevel = security.AccessLevel
 
+// Access level constants for backward compatibility
 const (
-	AccessPublic AccessLevel = iota // Public information, no encryption required
-	AccessLow                       // Basic encrypted information for standard roles
-	AccessMedium                    // Confidential information for coordination roles
-	AccessHigh                      // Sensitive information for decision-making roles
-	AccessCritical                  // Highly classified information for master roles only
+	AccessPublic    = security.AccessLevelPublic
+	AccessLow       = security.AccessLevelInternal
+	AccessMedium    = security.AccessLevelConfidential
+	AccessHigh      = security.AccessLevelSecret
+	AccessCritical  = security.AccessLevelTopSecret
 )
 
-// String returns the string representation of an access level
-func (al AccessLevel) String() string {
-	switch al {
-	case AccessPublic:
-		return "public"
-	case AccessLow:
-		return "low"
-	case AccessMedium:
-		return "medium"
-	case AccessHigh:
-		return "high"
-	case AccessCritical:
-		return "critical"
-	default:
-		return "unknown"
-	}
-}
+// Note: String() method is provided by security.AccessLevel
 
 // RoleEncryptionConfig represents encryption configuration for a role
 type RoleEncryptionConfig struct {
@@ -160,21 +146,7 @@ type RoleCrypto struct {
 	auditLogger       AuditLogger
 }
 
-// AccessControlMatrix defines role hierarchy and access relationships
-type AccessControlMatrix struct {
-	mu              sync.RWMutex
-	roleHierarchy   map[string][]string        // Role -> can access roles
-	accessLevels    map[string]AccessLevel     // Role -> access level
-	compartments    map[string][]string        // Role -> accessible compartments
-	policyEngine    PolicyEngine               // Policy evaluation engine
-}
-
-// PolicyEngine interface for evaluating access control policies
-type PolicyEngine interface {
-	EvaluateAccess(ctx *AccessContext) (*AccessDecision, error)
-	LoadPolicies(policies []*SecurityPolicy) error
-	ValidatePolicy(policy *SecurityPolicy) error
-}
+// AccessControlMatrix and PolicyEngine are defined in access_control.go
 
 // SecurityPolicy represents a security policy for access control
 type SecurityPolicy struct {
@@ -188,33 +160,7 @@ type SecurityPolicy struct {
 }
 
 // PolicyRule represents a single rule within a security policy
-type PolicyRule struct {
-	ID            string                `json:"id"`
-	Condition     string                `json:"condition"`     // CEL expression
-	Action        PolicyAction          `json:"action"`
-	Effect        PolicyEffect          `json:"effect"`
-	Priority      int                   `json:"priority"`
-	Metadata      map[string]interface{} `json:"metadata"`
-}
-
-// PolicyAction represents actions that can be taken by policy rules
-type PolicyAction string
-
-const (
-	PolicyActionAllow     PolicyAction = "allow"
-	PolicyActionDeny      PolicyAction = "deny"
-	PolicyActionAudit     PolicyAction = "audit"
-	PolicyActionTransform PolicyAction = "transform"
-)
-
-// PolicyEffect represents the effect of a policy rule
-type PolicyEffect string
-
-const (
-	PolicyEffectPermit PolicyEffect = "permit"
-	PolicyEffectForbid PolicyEffect = "forbid"
-	PolicyEffectOblige PolicyEffect = "oblige"
-)
+// PolicyRule, PolicyAction, and PolicyEffect are defined in access_control.go
 
 // AccessContext represents context for access control decisions
 type AccessContext struct {
@@ -299,6 +245,7 @@ type AuditEvent struct {
 	Timestamp         time.Time              `json:"timestamp"`
 	UserID            string                 `json:"user_id"`
 	Data              map[string]interface{} `json:"data"`
+	IntegrityHash     string                 `json:"integrity_hash,omitempty"`
 }
 
 // NewRoleCrypto creates a new role-based crypto handler

pkg/crypto/role_crypto_test.go

@@ -29,9 +29,9 @@ import (
 	"github.com/stretchr/testify/require"
 	"github.com/stretchr/testify/suite"
 
-	"github.com/anthonyrawlins/bzzz/pkg/config"
-	"github.com/anthonyrawlins/bzzz/pkg/ucxl"
-	slurpContext "github.com/anthonyrawlins/bzzz/pkg/slurp/context"
+	"chorus.services/bzzz/pkg/config"
+	"chorus.services/bzzz/pkg/ucxl"
+	slurpContext "chorus.services/bzzz/pkg/slurp/context"
 )
 
 // RoleCryptoTestSuite provides comprehensive testing for role-based encryption

pkg/crypto/shamir.go

@@ -6,7 +6,7 @@ import (
 	"fmt"
 	"math/big"
 
-	"github.com/anthonyrawlins/bzzz/pkg/config"
+	"chorus.services/bzzz/pkg/config"
 )
 
 // ShamirSecretSharing implements Shamir's Secret Sharing algorithm for Age keys