eyeling 1.21.9 → 1.22.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/HANDBOOK.md +45 -0
- package/dist/browser/eyeling.browser.js +89 -33
- package/examples/arcling/README.md +17 -21
- package/examples/arcling/delfour/delfour.model.go +546 -0
- package/examples/arcling/delfour/delfour.spec.md +1 -2
- package/examples/arcling/flandor/flandor.model.go +630 -0
- package/examples/arcling/flandor/flandor.spec.md +1 -2
- package/examples/arcling/medior/medior.model.go +626 -0
- package/examples/arcling/medior/medior.spec.md +1 -2
- package/eyeling.js +88 -33
- package/lib/builtins.js +72 -29
- package/lib/rules.js +16 -4
- package/package.json +1 -1
- package/test/api.test.js +117 -0
- package/test/arcling.test.js +34 -16
- package/examples/arcling/delfour/delfour.instance.schema.json +0 -201
- package/examples/arcling/delfour/delfour.model.mjs +0 -273
- package/examples/arcling/flandor/flandor.instance.schema.json +0 -285
- package/examples/arcling/flandor/flandor.model.mjs +0 -303
- package/examples/arcling/medior/medior.instance.schema.json +0 -275
- package/examples/arcling/medior/medior.model.mjs +0 -344
|
@@ -0,0 +1,630 @@
|
|
|
1
|
+
package main
|
|
2
|
+
|
|
3
|
+
import (
|
|
4
|
+
"crypto/hmac"
|
|
5
|
+
"crypto/sha256"
|
|
6
|
+
"encoding/hex"
|
|
7
|
+
"encoding/json"
|
|
8
|
+
"errors"
|
|
9
|
+
"fmt"
|
|
10
|
+
"os"
|
|
11
|
+
"sort"
|
|
12
|
+
"strings"
|
|
13
|
+
"time"
|
|
14
|
+
)
|
|
15
|
+
|
|
16
|
+
type Data struct {
|
|
17
|
+
CaseName string `json:"caseName"`
|
|
18
|
+
Region string `json:"region"`
|
|
19
|
+
Question string `json:"question"`
|
|
20
|
+
Timestamps Timestamps `json:"timestamps"`
|
|
21
|
+
EvaluationContext EvaluationContext `json:"evaluationContext"`
|
|
22
|
+
Thresholds Thresholds `json:"thresholds"`
|
|
23
|
+
Signals Signals `json:"signals"`
|
|
24
|
+
Budget Budget `json:"budget"`
|
|
25
|
+
Packages []Package `json:"packages"`
|
|
26
|
+
InsightPolicy InsightPolicy `json:"insightPolicy"`
|
|
27
|
+
Integrity Integrity `json:"integrity"`
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
type Timestamps struct {
|
|
31
|
+
CreatedAt string `json:"createdAt"`
|
|
32
|
+
ExpiresAt string `json:"expiresAt"`
|
|
33
|
+
AuthorizedAt string `json:"authorizedAt"`
|
|
34
|
+
DutyPerformedAt string `json:"dutyPerformedAt"`
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
type EvaluationContext struct {
|
|
38
|
+
ScopeDevice string `json:"scopeDevice"`
|
|
39
|
+
ScopeEvent string `json:"scopeEvent"`
|
|
40
|
+
Purpose string `json:"purpose"`
|
|
41
|
+
ProhibitedReusePurpose string `json:"prohibitedReusePurpose"`
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
type Thresholds struct {
|
|
45
|
+
ExportOrdersIndexBelow int `json:"exportOrdersIndexBelow"`
|
|
46
|
+
TechnicalVacancyRatePctAbove float64 `json:"technicalVacancyRatePctAbove"`
|
|
47
|
+
GridCongestionHoursAbove int `json:"gridCongestionHoursAbove"`
|
|
48
|
+
ActiveNeedCountAtLeast int `json:"activeNeedCountAtLeast"`
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
type Cluster struct {
|
|
52
|
+
ID string `json:"id"`
|
|
53
|
+
Name string `json:"name"`
|
|
54
|
+
ExportOrdersIndex int `json:"exportOrdersIndex"`
|
|
55
|
+
EnergyIntensity int `json:"energyIntensity"`
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
type LabourMarket struct {
|
|
59
|
+
TechnicalVacancyRatePct float64 `json:"technicalVacancyRatePct"`
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
type Grid struct {
|
|
63
|
+
CongestionHours int `json:"congestionHours"`
|
|
64
|
+
RenewableCurtailmentMWh int `json:"renewableCurtailmentMWh"`
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
type Signals struct {
|
|
68
|
+
Clusters []Cluster `json:"clusters"`
|
|
69
|
+
LabourMarket LabourMarket `json:"labourMarket"`
|
|
70
|
+
Grid Grid `json:"grid"`
|
|
71
|
+
}
|
|
72
|
+
|
|
73
|
+
type Budget struct {
|
|
74
|
+
WindowName string `json:"windowName"`
|
|
75
|
+
MaxMEUR int `json:"maxMEUR"`
|
|
76
|
+
}
|
|
77
|
+
|
|
78
|
+
type Package struct {
|
|
79
|
+
ID string `json:"id"`
|
|
80
|
+
Name string `json:"name"`
|
|
81
|
+
CostMEUR int `json:"costMEUR"`
|
|
82
|
+
WorkerCoverage int `json:"workerCoverage"`
|
|
83
|
+
GridReliefMW int `json:"gridReliefMW"`
|
|
84
|
+
CoversExportWeakness bool `json:"coversExportWeakness"`
|
|
85
|
+
CoversSkillsStrain bool `json:"coversSkillsStrain"`
|
|
86
|
+
CoversGridStress bool `json:"coversGridStress"`
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
type InsightPolicy struct {
|
|
90
|
+
ID string `json:"id"`
|
|
91
|
+
Metric string `json:"metric"`
|
|
92
|
+
Type string `json:"type"`
|
|
93
|
+
SuggestionPolicy string `json:"suggestionPolicy"`
|
|
94
|
+
PolicyType string `json:"policyType"`
|
|
95
|
+
PolicyProfile string `json:"policyProfile"`
|
|
96
|
+
}
|
|
97
|
+
|
|
98
|
+
type Integrity struct {
|
|
99
|
+
HashAlgorithm string `json:"hashAlgorithm"`
|
|
100
|
+
MacAlgorithm string `json:"macAlgorithm"`
|
|
101
|
+
Secret string `json:"secret"`
|
|
102
|
+
VerificationMode string `json:"verificationMode"`
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
type Insight struct {
|
|
106
|
+
CreatedAt string `json:"createdAt"`
|
|
107
|
+
ExpiresAt string `json:"expiresAt"`
|
|
108
|
+
ID string `json:"id"`
|
|
109
|
+
Metric string `json:"metric"`
|
|
110
|
+
Region string `json:"region"`
|
|
111
|
+
ScopeDevice string `json:"scopeDevice"`
|
|
112
|
+
ScopeEvent string `json:"scopeEvent"`
|
|
113
|
+
SuggestionPolicy string `json:"suggestionPolicy"`
|
|
114
|
+
Threshold int `json:"threshold"`
|
|
115
|
+
Type string `json:"type"`
|
|
116
|
+
}
|
|
117
|
+
|
|
118
|
+
type Constraint struct {
|
|
119
|
+
LeftOperand string `json:"leftOperand"`
|
|
120
|
+
Operator string `json:"operator"`
|
|
121
|
+
RightOperand string `json:"rightOperand"`
|
|
122
|
+
}
|
|
123
|
+
|
|
124
|
+
type Duty struct {
|
|
125
|
+
Action string `json:"action"`
|
|
126
|
+
Constraint Constraint `json:"constraint"`
|
|
127
|
+
}
|
|
128
|
+
|
|
129
|
+
type Permission struct {
|
|
130
|
+
Action string `json:"action"`
|
|
131
|
+
Constraint Constraint `json:"constraint"`
|
|
132
|
+
Target string `json:"target"`
|
|
133
|
+
}
|
|
134
|
+
|
|
135
|
+
type Prohibition struct {
|
|
136
|
+
Action string `json:"action"`
|
|
137
|
+
Constraint Constraint `json:"constraint"`
|
|
138
|
+
Target string `json:"target"`
|
|
139
|
+
}
|
|
140
|
+
|
|
141
|
+
type Policy struct {
|
|
142
|
+
Duty Duty `json:"duty"`
|
|
143
|
+
Permission Permission `json:"permission"`
|
|
144
|
+
Profile string `json:"profile"`
|
|
145
|
+
Prohibition Prohibition `json:"prohibition"`
|
|
146
|
+
Type string `json:"type"`
|
|
147
|
+
}
|
|
148
|
+
|
|
149
|
+
type Envelope struct {
|
|
150
|
+
Insight Insight `json:"insight"`
|
|
151
|
+
Policy Policy `json:"policy"`
|
|
152
|
+
}
|
|
153
|
+
|
|
154
|
+
type Derived struct {
|
|
155
|
+
ExportWeakness bool `json:"exportWeakness"`
|
|
156
|
+
SkillsStrain bool `json:"skillsStrain"`
|
|
157
|
+
GridStress bool `json:"gridStress"`
|
|
158
|
+
ActiveNeedCount int `json:"activeNeedCount"`
|
|
159
|
+
NeedsRetoolingPulse bool `json:"needsRetoolingPulse"`
|
|
160
|
+
EligiblePackageIDs []string `json:"eligiblePackageIds"`
|
|
161
|
+
RecommendedPackageID *string `json:"recommendedPackageId"`
|
|
162
|
+
RecommendedPackageName *string `json:"recommendedPackageName"`
|
|
163
|
+
}
|
|
164
|
+
|
|
165
|
+
type IntegrityResult struct {
|
|
166
|
+
CanonicalEnvelope string `json:"canonicalEnvelope"`
|
|
167
|
+
PayloadHashSHA256 string `json:"payloadHashSHA256"`
|
|
168
|
+
EnvelopeHmacSHA256 string `json:"envelopeHmacSHA256"`
|
|
169
|
+
VerificationMode string `json:"verificationMode"`
|
|
170
|
+
}
|
|
171
|
+
|
|
172
|
+
type Answer struct {
|
|
173
|
+
Name string `json:"name"`
|
|
174
|
+
Region string `json:"region"`
|
|
175
|
+
Metric string `json:"metric"`
|
|
176
|
+
ActiveNeedCount int `json:"activeNeedCount"`
|
|
177
|
+
Threshold int `json:"threshold"`
|
|
178
|
+
RecommendedPackage *string `json:"recommendedPackage"`
|
|
179
|
+
BudgetCapMEUR int `json:"budgetCapMEUR"`
|
|
180
|
+
PackageCostMEUR *int `json:"packageCostMEUR"`
|
|
181
|
+
PayloadHashSHA256 string `json:"payloadHashSHA256"`
|
|
182
|
+
EnvelopeHmacSHA256 string `json:"envelopeHmacSHA256"`
|
|
183
|
+
}
|
|
184
|
+
|
|
185
|
+
type Checks struct {
|
|
186
|
+
PayloadHashMatches bool `json:"payloadHashMatches"`
|
|
187
|
+
SignatureVerifies bool `json:"signatureVerifies"`
|
|
188
|
+
ThresholdReached bool `json:"thresholdReached"`
|
|
189
|
+
ScopeComplete bool `json:"scopeComplete"`
|
|
190
|
+
MinimizationRespected bool `json:"minimizationRespected"`
|
|
191
|
+
AuthorizationAllowed bool `json:"authorizationAllowed"`
|
|
192
|
+
DutyTimely bool `json:"dutyTimely"`
|
|
193
|
+
SurveillanceReuseProhibited bool `json:"surveillanceReuseProhibited"`
|
|
194
|
+
PackageWithinBudget bool `json:"packageWithinBudget"`
|
|
195
|
+
PackageCoversAllActiveNeeds bool `json:"packageCoversAllActiveNeeds"`
|
|
196
|
+
LowestCostEligiblePackageChosen bool `json:"lowestCostEligiblePackageChosen"`
|
|
197
|
+
}
|
|
198
|
+
|
|
199
|
+
type Result struct {
|
|
200
|
+
CaseName string `json:"caseName"`
|
|
201
|
+
Derived Derived `json:"derived"`
|
|
202
|
+
Envelope Envelope `json:"envelope"`
|
|
203
|
+
Integrity IntegrityResult `json:"integrity"`
|
|
204
|
+
Answer Answer `json:"answer"`
|
|
205
|
+
ReasonWhy []string `json:"reasonWhy"`
|
|
206
|
+
Checks Checks `json:"checks"`
|
|
207
|
+
AllChecksPass bool `json:"allChecksPass"`
|
|
208
|
+
ArcText string `json:"arcText"`
|
|
209
|
+
}
|
|
210
|
+
|
|
211
|
+
func assertTrue(condition bool, message string) error {
|
|
212
|
+
if !condition {
|
|
213
|
+
return errors.New(message)
|
|
214
|
+
}
|
|
215
|
+
return nil
|
|
216
|
+
}
|
|
217
|
+
|
|
218
|
+
func readJSON(path string) (Data, error) {
|
|
219
|
+
var data Data
|
|
220
|
+
b, err := os.ReadFile(path)
|
|
221
|
+
if err != nil {
|
|
222
|
+
return data, err
|
|
223
|
+
}
|
|
224
|
+
err = json.Unmarshal(b, &data)
|
|
225
|
+
return data, err
|
|
226
|
+
}
|
|
227
|
+
|
|
228
|
+
func parseTime(value string) time.Time {
|
|
229
|
+
t, err := time.Parse(time.RFC3339Nano, value)
|
|
230
|
+
if err != nil {
|
|
231
|
+
panic(err)
|
|
232
|
+
}
|
|
233
|
+
return t
|
|
234
|
+
}
|
|
235
|
+
|
|
236
|
+
func stableStringify(value any) string {
|
|
237
|
+
switch v := value.(type) {
|
|
238
|
+
case nil:
|
|
239
|
+
return "null"
|
|
240
|
+
case map[string]any:
|
|
241
|
+
keys := make([]string, 0, len(v))
|
|
242
|
+
for key := range v {
|
|
243
|
+
keys = append(keys, key)
|
|
244
|
+
}
|
|
245
|
+
sort.Strings(keys)
|
|
246
|
+
parts := make([]string, 0, len(keys))
|
|
247
|
+
for _, key := range keys {
|
|
248
|
+
parts = append(parts, fmt.Sprintf("%s:%s", stableStringify(key), stableStringify(v[key])))
|
|
249
|
+
}
|
|
250
|
+
return "{" + strings.Join(parts, ",") + "}"
|
|
251
|
+
case []any:
|
|
252
|
+
parts := make([]string, 0, len(v))
|
|
253
|
+
for _, item := range v {
|
|
254
|
+
parts = append(parts, stableStringify(item))
|
|
255
|
+
}
|
|
256
|
+
return "[" + strings.Join(parts, ",") + "]"
|
|
257
|
+
default:
|
|
258
|
+
b, _ := json.Marshal(v)
|
|
259
|
+
return string(b)
|
|
260
|
+
}
|
|
261
|
+
}
|
|
262
|
+
|
|
263
|
+
func canonicalValue(value any) any {
|
|
264
|
+
b, _ := json.Marshal(value)
|
|
265
|
+
var out any
|
|
266
|
+
_ = json.Unmarshal(b, &out)
|
|
267
|
+
return out
|
|
268
|
+
}
|
|
269
|
+
|
|
270
|
+
func validateInstance(data Data) error {
|
|
271
|
+
if err := assertTrue(data.CaseName != "", "caseName is required"); err != nil {
|
|
272
|
+
return err
|
|
273
|
+
}
|
|
274
|
+
if err := assertTrue(data.Region != "", "region is required"); err != nil {
|
|
275
|
+
return err
|
|
276
|
+
}
|
|
277
|
+
if err := assertTrue(len(data.Signals.Clusters) > 0, "signals.clusters is required"); err != nil {
|
|
278
|
+
return err
|
|
279
|
+
}
|
|
280
|
+
if err := assertTrue(len(data.Packages) > 0, "packages is required"); err != nil {
|
|
281
|
+
return err
|
|
282
|
+
}
|
|
283
|
+
return nil
|
|
284
|
+
}
|
|
285
|
+
|
|
286
|
+
func countTrue(values ...bool) int {
|
|
287
|
+
total := 0
|
|
288
|
+
for _, value := range values {
|
|
289
|
+
if value {
|
|
290
|
+
total++
|
|
291
|
+
}
|
|
292
|
+
}
|
|
293
|
+
return total
|
|
294
|
+
}
|
|
295
|
+
|
|
296
|
+
func clauseR1ExportWeakness(data Data) bool {
|
|
297
|
+
for _, cluster := range data.Signals.Clusters {
|
|
298
|
+
if cluster.ExportOrdersIndex < data.Thresholds.ExportOrdersIndexBelow {
|
|
299
|
+
return true
|
|
300
|
+
}
|
|
301
|
+
}
|
|
302
|
+
return false
|
|
303
|
+
}
|
|
304
|
+
|
|
305
|
+
func clauseR2SkillsStrain(data Data) bool {
|
|
306
|
+
return data.Signals.LabourMarket.TechnicalVacancyRatePct > data.Thresholds.TechnicalVacancyRatePctAbove
|
|
307
|
+
}
|
|
308
|
+
|
|
309
|
+
func clauseR3GridStress(data Data) bool {
|
|
310
|
+
return data.Signals.Grid.CongestionHours > data.Thresholds.GridCongestionHoursAbove
|
|
311
|
+
}
|
|
312
|
+
|
|
313
|
+
func clauseR4ActiveNeedCount(exportWeakness, skillsStrain, gridStress bool) int {
|
|
314
|
+
return countTrue(exportWeakness, skillsStrain, gridStress)
|
|
315
|
+
}
|
|
316
|
+
|
|
317
|
+
func clauseR5NeedsRetoolingPulse(data Data, activeNeedCount int) bool {
|
|
318
|
+
return activeNeedCount >= data.Thresholds.ActiveNeedCountAtLeast
|
|
319
|
+
}
|
|
320
|
+
|
|
321
|
+
func deriveInsight(data Data) Insight {
|
|
322
|
+
return Insight{
|
|
323
|
+
CreatedAt: data.Timestamps.CreatedAt,
|
|
324
|
+
ExpiresAt: data.Timestamps.ExpiresAt,
|
|
325
|
+
ID: data.InsightPolicy.ID,
|
|
326
|
+
Metric: data.InsightPolicy.Metric,
|
|
327
|
+
Region: data.Region,
|
|
328
|
+
ScopeDevice: data.EvaluationContext.ScopeDevice,
|
|
329
|
+
ScopeEvent: data.EvaluationContext.ScopeEvent,
|
|
330
|
+
SuggestionPolicy: data.InsightPolicy.SuggestionPolicy,
|
|
331
|
+
Threshold: data.Thresholds.ActiveNeedCountAtLeast,
|
|
332
|
+
Type: data.InsightPolicy.Type,
|
|
333
|
+
}
|
|
334
|
+
}
|
|
335
|
+
|
|
336
|
+
func derivePolicy(data Data) Policy {
|
|
337
|
+
return Policy{
|
|
338
|
+
Duty: Duty{
|
|
339
|
+
Action: "odrl:delete",
|
|
340
|
+
Constraint: Constraint{
|
|
341
|
+
LeftOperand: "odrl:dateTime",
|
|
342
|
+
Operator: "odrl:eq",
|
|
343
|
+
RightOperand: data.Timestamps.ExpiresAt,
|
|
344
|
+
},
|
|
345
|
+
},
|
|
346
|
+
Permission: Permission{
|
|
347
|
+
Action: "odrl:use",
|
|
348
|
+
Constraint: Constraint{
|
|
349
|
+
LeftOperand: "odrl:purpose",
|
|
350
|
+
Operator: "odrl:eq",
|
|
351
|
+
RightOperand: data.EvaluationContext.Purpose,
|
|
352
|
+
},
|
|
353
|
+
Target: data.InsightPolicy.ID,
|
|
354
|
+
},
|
|
355
|
+
Profile: data.InsightPolicy.PolicyProfile,
|
|
356
|
+
Prohibition: Prohibition{
|
|
357
|
+
Action: "odrl:distribute",
|
|
358
|
+
Constraint: Constraint{
|
|
359
|
+
LeftOperand: "odrl:purpose",
|
|
360
|
+
Operator: "odrl:eq",
|
|
361
|
+
RightOperand: data.EvaluationContext.ProhibitedReusePurpose,
|
|
362
|
+
},
|
|
363
|
+
Target: data.InsightPolicy.ID,
|
|
364
|
+
},
|
|
365
|
+
Type: data.InsightPolicy.PolicyType,
|
|
366
|
+
}
|
|
367
|
+
}
|
|
368
|
+
|
|
369
|
+
func packageCoversAllActiveNeeds(pkg Package, exportWeakness, skillsStrain, gridStress bool) bool {
|
|
370
|
+
return (!exportWeakness || pkg.CoversExportWeakness) &&
|
|
371
|
+
(!skillsStrain || pkg.CoversSkillsStrain) &&
|
|
372
|
+
(!gridStress || pkg.CoversGridStress)
|
|
373
|
+
}
|
|
374
|
+
|
|
375
|
+
func clauseS1EligiblePackages(data Data, exportWeakness, skillsStrain, gridStress bool) []Package {
|
|
376
|
+
eligible := make([]Package, 0)
|
|
377
|
+
for _, pkg := range data.Packages {
|
|
378
|
+
if pkg.CostMEUR <= data.Budget.MaxMEUR && packageCoversAllActiveNeeds(pkg, exportWeakness, skillsStrain, gridStress) {
|
|
379
|
+
eligible = append(eligible, pkg)
|
|
380
|
+
}
|
|
381
|
+
}
|
|
382
|
+
sort.Slice(eligible, func(i, j int) bool { return eligible[i].CostMEUR < eligible[j].CostMEUR })
|
|
383
|
+
return eligible
|
|
384
|
+
}
|
|
385
|
+
|
|
386
|
+
func clauseS2RecommendedPackage(data Data, exportWeakness, skillsStrain, gridStress bool) ([]Package, *Package) {
|
|
387
|
+
eligible := clauseS1EligiblePackages(data, exportWeakness, skillsStrain, gridStress)
|
|
388
|
+
if len(eligible) == 0 {
|
|
389
|
+
return eligible, nil
|
|
390
|
+
}
|
|
391
|
+
recommended := eligible[0]
|
|
392
|
+
return eligible, &recommended
|
|
393
|
+
}
|
|
394
|
+
|
|
395
|
+
func clauseG1AuthorizedUse(data Data) bool {
|
|
396
|
+
return data.EvaluationContext.Purpose == "regional_stabilization" && !parseTime(data.Timestamps.AuthorizedAt).After(parseTime(data.Timestamps.ExpiresAt))
|
|
397
|
+
}
|
|
398
|
+
|
|
399
|
+
func clauseG2SurveillanceReuseProhibited(data Data) bool {
|
|
400
|
+
return data.EvaluationContext.ProhibitedReusePurpose == "firm_surveillance"
|
|
401
|
+
}
|
|
402
|
+
|
|
403
|
+
func clauseG3DutyTimely(data Data) bool {
|
|
404
|
+
return !parseTime(data.Timestamps.DutyPerformedAt).After(parseTime(data.Timestamps.ExpiresAt))
|
|
405
|
+
}
|
|
406
|
+
|
|
407
|
+
func clauseM1CanonicalEnvelope(data Data) (Envelope, string) {
|
|
408
|
+
envelope := Envelope{Insight: deriveInsight(data), Policy: derivePolicy(data)}
|
|
409
|
+
return envelope, stableStringify(canonicalValue(envelope))
|
|
410
|
+
}
|
|
411
|
+
|
|
412
|
+
func sha256Hex(text string) string {
|
|
413
|
+
sum := sha256.Sum256([]byte(text))
|
|
414
|
+
return hex.EncodeToString(sum[:])
|
|
415
|
+
}
|
|
416
|
+
|
|
417
|
+
func hmacSHA256Hex(secret, text string) string {
|
|
418
|
+
mac := hmac.New(sha256.New, []byte(secret))
|
|
419
|
+
_, _ = mac.Write([]byte(text))
|
|
420
|
+
return hex.EncodeToString(mac.Sum(nil))
|
|
421
|
+
}
|
|
422
|
+
|
|
423
|
+
func clauseM4MinimizationRespected(insight Insight) bool {
|
|
424
|
+
b, _ := json.Marshal(insight)
|
|
425
|
+
s := strings.ToLower(string(b))
|
|
426
|
+
return !strings.Contains(s, "salary") && !strings.Contains(s, "payroll") && !strings.Contains(s, "invoice") && !strings.Contains(s, "medical") && !strings.Contains(s, "firmname")
|
|
427
|
+
}
|
|
428
|
+
|
|
429
|
+
func clauseM5ScopeComplete(insight Insight) bool {
|
|
430
|
+
return insight.ScopeDevice != "" && insight.ScopeEvent != "" && insight.ExpiresAt != ""
|
|
431
|
+
}
|
|
432
|
+
|
|
433
|
+
func yesNo(value bool) string {
|
|
434
|
+
if value {
|
|
435
|
+
return "PASS"
|
|
436
|
+
}
|
|
437
|
+
return "FAIL"
|
|
438
|
+
}
|
|
439
|
+
|
|
440
|
+
func evaluate(data Data) (Result, error) {
|
|
441
|
+
if err := validateInstance(data); err != nil {
|
|
442
|
+
return Result{}, err
|
|
443
|
+
}
|
|
444
|
+
|
|
445
|
+
exportWeakness := clauseR1ExportWeakness(data)
|
|
446
|
+
skillsStrain := clauseR2SkillsStrain(data)
|
|
447
|
+
gridStress := clauseR3GridStress(data)
|
|
448
|
+
activeNeedCount := clauseR4ActiveNeedCount(exportWeakness, skillsStrain, gridStress)
|
|
449
|
+
needsRetoolingPulse := clauseR5NeedsRetoolingPulse(data, activeNeedCount)
|
|
450
|
+
|
|
451
|
+
envelope, canonicalEnvelope := clauseM1CanonicalEnvelope(data)
|
|
452
|
+
payloadHashSHA256 := sha256Hex(canonicalEnvelope)
|
|
453
|
+
envelopeHmacSHA256 := hmacSHA256Hex(data.Integrity.Secret, canonicalEnvelope)
|
|
454
|
+
|
|
455
|
+
eligible, recommended := clauseS2RecommendedPackage(data, exportWeakness, skillsStrain, gridStress)
|
|
456
|
+
recommendedID := (*string)(nil)
|
|
457
|
+
recommendedName := (*string)(nil)
|
|
458
|
+
packageCostMEUR := (*int)(nil)
|
|
459
|
+
if recommended != nil {
|
|
460
|
+
recommendedID = &recommended.ID
|
|
461
|
+
recommendedName = &recommended.Name
|
|
462
|
+
packageCostMEUR = &recommended.CostMEUR
|
|
463
|
+
}
|
|
464
|
+
|
|
465
|
+
checks := Checks{
|
|
466
|
+
PayloadHashMatches: payloadHashSHA256 == sha256Hex(canonicalEnvelope),
|
|
467
|
+
SignatureVerifies: data.Integrity.VerificationMode == "trustedPrecomputedInput" && envelopeHmacSHA256 == hmacSHA256Hex(data.Integrity.Secret, canonicalEnvelope),
|
|
468
|
+
ThresholdReached: needsRetoolingPulse,
|
|
469
|
+
ScopeComplete: clauseM5ScopeComplete(envelope.Insight),
|
|
470
|
+
MinimizationRespected: clauseM4MinimizationRespected(envelope.Insight),
|
|
471
|
+
AuthorizationAllowed: clauseG1AuthorizedUse(data),
|
|
472
|
+
DutyTimely: clauseG3DutyTimely(data),
|
|
473
|
+
SurveillanceReuseProhibited: clauseG2SurveillanceReuseProhibited(data),
|
|
474
|
+
PackageWithinBudget: recommended != nil && recommended.CostMEUR <= data.Budget.MaxMEUR,
|
|
475
|
+
PackageCoversAllActiveNeeds: recommended != nil && packageCoversAllActiveNeeds(*recommended, exportWeakness, skillsStrain, gridStress),
|
|
476
|
+
LowestCostEligiblePackageChosen: recommended != nil && recommended.ID == eligible[0].ID,
|
|
477
|
+
}
|
|
478
|
+
|
|
479
|
+
clusterBits := make([]string, 0, len(data.Signals.Clusters))
|
|
480
|
+
for _, cluster := range data.Signals.Clusters {
|
|
481
|
+
clusterBits = append(clusterBits, fmt.Sprintf("%s=%d", cluster.Name, cluster.ExportOrdersIndex))
|
|
482
|
+
}
|
|
483
|
+
|
|
484
|
+
reasonWhy := []string{
|
|
485
|
+
fmt.Sprintf("ExportWeakness holds because at least one cluster has exportOrdersIndex < %d (%s).", data.Thresholds.ExportOrdersIndexBelow, strings.Join(clusterBits, ", ")),
|
|
486
|
+
fmt.Sprintf("SkillsStrain holds because the technical vacancy rate is %g%% and the threshold is > %g%%.", data.Signals.LabourMarket.TechnicalVacancyRatePct, data.Thresholds.TechnicalVacancyRatePctAbove),
|
|
487
|
+
fmt.Sprintf("GridStress holds because congestion hours = %d and the threshold is > %d.", data.Signals.Grid.CongestionHours, data.Thresholds.GridCongestionHoursAbove),
|
|
488
|
+
"The recommendation rule selects the least-cost package that covers every active need and remains within budget.",
|
|
489
|
+
func() string {
|
|
490
|
+
if recommended != nil {
|
|
491
|
+
return fmt.Sprintf("The selected package is \"%s\" with cost €%dM, workerCoverage=%d, gridReliefMW=%d.", recommended.Name, recommended.CostMEUR, recommended.WorkerCoverage, recommended.GridReliefMW)
|
|
492
|
+
}
|
|
493
|
+
return "No eligible package exists within budget."
|
|
494
|
+
}(),
|
|
495
|
+
fmt.Sprintf("Use is permitted only for purpose \"%s\" and expires at %s.", data.EvaluationContext.Purpose, data.Timestamps.ExpiresAt),
|
|
496
|
+
}
|
|
497
|
+
|
|
498
|
+
answer := Answer{
|
|
499
|
+
Name: data.CaseName,
|
|
500
|
+
Region: data.Region,
|
|
501
|
+
Metric: data.InsightPolicy.Metric,
|
|
502
|
+
ActiveNeedCount: activeNeedCount,
|
|
503
|
+
Threshold: data.Thresholds.ActiveNeedCountAtLeast,
|
|
504
|
+
RecommendedPackage: recommendedName,
|
|
505
|
+
BudgetCapMEUR: data.Budget.MaxMEUR,
|
|
506
|
+
PackageCostMEUR: packageCostMEUR,
|
|
507
|
+
PayloadHashSHA256: payloadHashSHA256,
|
|
508
|
+
EnvelopeHmacSHA256: envelopeHmacSHA256,
|
|
509
|
+
}
|
|
510
|
+
|
|
511
|
+
arcLines := []string{
|
|
512
|
+
"=== Answer ===",
|
|
513
|
+
fmt.Sprintf("Name: %s", answer.Name),
|
|
514
|
+
fmt.Sprintf("Region: %s", answer.Region),
|
|
515
|
+
fmt.Sprintf("Metric: %s", answer.Metric),
|
|
516
|
+
fmt.Sprintf("Active need count: %d/%d", answer.ActiveNeedCount, answer.Threshold),
|
|
517
|
+
fmt.Sprintf("Recommended package: %s", derefString(answer.RecommendedPackage)),
|
|
518
|
+
fmt.Sprintf("Budget cap: €%dM", answer.BudgetCapMEUR),
|
|
519
|
+
fmt.Sprintf("Package cost: €%sM", derefIntString(answer.PackageCostMEUR)),
|
|
520
|
+
fmt.Sprintf("Payload SHA-256: %s", answer.PayloadHashSHA256),
|
|
521
|
+
fmt.Sprintf("Envelope HMAC-SHA-256: %s", answer.EnvelopeHmacSHA256),
|
|
522
|
+
"",
|
|
523
|
+
"=== Reason Why ===",
|
|
524
|
+
}
|
|
525
|
+
arcLines = append(arcLines, reasonWhy...)
|
|
526
|
+
arcLines = append(arcLines, "", "=== Check ===")
|
|
527
|
+
checkOrder := []struct {
|
|
528
|
+
name string
|
|
529
|
+
ok bool
|
|
530
|
+
}{
|
|
531
|
+
{"payloadHashMatches", checks.PayloadHashMatches},
|
|
532
|
+
{"signatureVerifies", checks.SignatureVerifies},
|
|
533
|
+
{"thresholdReached", checks.ThresholdReached},
|
|
534
|
+
{"scopeComplete", checks.ScopeComplete},
|
|
535
|
+
{"minimizationRespected", checks.MinimizationRespected},
|
|
536
|
+
{"authorizationAllowed", checks.AuthorizationAllowed},
|
|
537
|
+
{"dutyTimely", checks.DutyTimely},
|
|
538
|
+
{"surveillanceReuseProhibited", checks.SurveillanceReuseProhibited},
|
|
539
|
+
{"packageWithinBudget", checks.PackageWithinBudget},
|
|
540
|
+
{"packageCoversAllActiveNeeds", checks.PackageCoversAllActiveNeeds},
|
|
541
|
+
{"lowestCostEligiblePackageChosen", checks.LowestCostEligiblePackageChosen},
|
|
542
|
+
}
|
|
543
|
+
for _, item := range checkOrder {
|
|
544
|
+
arcLines = append(arcLines, fmt.Sprintf("- %s: %s", yesNo(item.ok), item.name))
|
|
545
|
+
}
|
|
546
|
+
|
|
547
|
+
allChecksPass := checks.PayloadHashMatches && checks.SignatureVerifies && checks.ThresholdReached && checks.ScopeComplete && checks.MinimizationRespected && checks.AuthorizationAllowed && checks.DutyTimely && checks.SurveillanceReuseProhibited && checks.PackageWithinBudget && checks.PackageCoversAllActiveNeeds && checks.LowestCostEligiblePackageChosen
|
|
548
|
+
|
|
549
|
+
return Result{
|
|
550
|
+
CaseName: data.CaseName,
|
|
551
|
+
Derived: Derived{
|
|
552
|
+
ExportWeakness: exportWeakness,
|
|
553
|
+
SkillsStrain: skillsStrain,
|
|
554
|
+
GridStress: gridStress,
|
|
555
|
+
ActiveNeedCount: activeNeedCount,
|
|
556
|
+
NeedsRetoolingPulse: needsRetoolingPulse,
|
|
557
|
+
EligiblePackageIDs: func() []string {
|
|
558
|
+
ids := make([]string, 0, len(eligible))
|
|
559
|
+
for _, pkg := range eligible {
|
|
560
|
+
ids = append(ids, pkg.ID)
|
|
561
|
+
}
|
|
562
|
+
return ids
|
|
563
|
+
}(),
|
|
564
|
+
RecommendedPackageID: recommendedID,
|
|
565
|
+
RecommendedPackageName: recommendedName,
|
|
566
|
+
},
|
|
567
|
+
Envelope: envelope,
|
|
568
|
+
Integrity: IntegrityResult{
|
|
569
|
+
CanonicalEnvelope: canonicalEnvelope,
|
|
570
|
+
PayloadHashSHA256: payloadHashSHA256,
|
|
571
|
+
EnvelopeHmacSHA256: envelopeHmacSHA256,
|
|
572
|
+
VerificationMode: data.Integrity.VerificationMode,
|
|
573
|
+
},
|
|
574
|
+
Answer: answer,
|
|
575
|
+
ReasonWhy: reasonWhy,
|
|
576
|
+
Checks: checks,
|
|
577
|
+
AllChecksPass: allChecksPass,
|
|
578
|
+
ArcText: strings.Join(arcLines, "\n"),
|
|
579
|
+
}, nil
|
|
580
|
+
}
|
|
581
|
+
|
|
582
|
+
func derefString(value *string) string {
|
|
583
|
+
if value == nil {
|
|
584
|
+
return "<nil>"
|
|
585
|
+
}
|
|
586
|
+
return *value
|
|
587
|
+
}
|
|
588
|
+
|
|
589
|
+
func derefIntString(value *int) string {
|
|
590
|
+
if value == nil {
|
|
591
|
+
return "<nil>"
|
|
592
|
+
}
|
|
593
|
+
return fmt.Sprintf("%d", *value)
|
|
594
|
+
}
|
|
595
|
+
|
|
596
|
+
func main() {
|
|
597
|
+
inputPath := "flandor.data.json"
|
|
598
|
+
jsonMode := false
|
|
599
|
+
for _, arg := range os.Args[1:] {
|
|
600
|
+
if arg == "--json" {
|
|
601
|
+
jsonMode = true
|
|
602
|
+
} else if !strings.HasPrefix(arg, "--") {
|
|
603
|
+
inputPath = arg
|
|
604
|
+
}
|
|
605
|
+
}
|
|
606
|
+
|
|
607
|
+
data, err := readJSON(inputPath)
|
|
608
|
+
if err != nil {
|
|
609
|
+
fmt.Fprintln(os.Stderr, err)
|
|
610
|
+
os.Exit(1)
|
|
611
|
+
}
|
|
612
|
+
|
|
613
|
+
result, err := evaluate(data)
|
|
614
|
+
if err != nil {
|
|
615
|
+
fmt.Fprintln(os.Stderr, err)
|
|
616
|
+
os.Exit(1)
|
|
617
|
+
}
|
|
618
|
+
|
|
619
|
+
if jsonMode {
|
|
620
|
+
enc := json.NewEncoder(os.Stdout)
|
|
621
|
+
enc.SetIndent("", " ")
|
|
622
|
+
_ = enc.Encode(result)
|
|
623
|
+
} else {
|
|
624
|
+
fmt.Println(result.ArcText)
|
|
625
|
+
}
|
|
626
|
+
|
|
627
|
+
if !result.AllChecksPass {
|
|
628
|
+
os.Exit(1)
|
|
629
|
+
}
|
|
630
|
+
}
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
## Status
|
|
4
4
|
|
|
5
|
-
This document is the **normative specification** for the Flandor case. The file `flandor.model.
|
|
5
|
+
This document is the **normative specification** for the Flandor case. The file `flandor.model.go` is the **reference Go implementation** of these clauses. The file `flandor.data.json` is the **instance** evaluated in this bundle. The file `flandor.expected.json` is the **conformance vector** for that instance.
|
|
6
6
|
|
|
7
7
|
## Insight Economy context
|
|
8
8
|
|
|
@@ -15,7 +15,6 @@ The product being traded is therefore not raw data, and not even a general forec
|
|
|
15
15
|
- “iff” means “if and only if”.
|
|
16
16
|
- A clause identifier such as `R1` or `M3` is normative.
|
|
17
17
|
- A conforming implementation may be written in any language, but it shall produce the same derived values and pass/fail outcomes for the supplied instance.
|
|
18
|
-
- The reference implementation uses ECMAScript because you preferred an international-standard JS language.
|
|
19
18
|
|
|
20
19
|
## Vocabulary
|
|
21
20
|
|