3tears-agent-acl 0.14.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- 3tears_agent_acl-0.14.0/.gitignore +216 -0
- 3tears_agent_acl-0.14.0/LICENSE +21 -0
- 3tears_agent_acl-0.14.0/PKG-INFO +181 -0
- 3tears_agent_acl-0.14.0/README.md +159 -0
- 3tears_agent_acl-0.14.0/pyproject.toml +51 -0
- 3tears_agent_acl-0.14.0/src/threetears/agent/acl/__init__.py +214 -0
- 3tears_agent_acl-0.14.0/src/threetears/agent/acl/audit_vocabulary.py +122 -0
- 3tears_agent_acl-0.14.0/src/threetears/agent/acl/authorize.py +366 -0
- 3tears_agent_acl-0.14.0/src/threetears/agent/acl/builtin_roles.py +185 -0
- 3tears_agent_acl-0.14.0/src/threetears/agent/acl/cache.py +558 -0
- 3tears_agent_acl-0.14.0/src/threetears/agent/acl/collections.py +1775 -0
- 3tears_agent_acl-0.14.0/src/threetears/agent/acl/entities.py +284 -0
- 3tears_agent_acl-0.14.0/src/threetears/agent/acl/evaluator.py +954 -0
- 3tears_agent_acl-0.14.0/src/threetears/agent/acl/invalidation.py +76 -0
- 3tears_agent_acl-0.14.0/src/threetears/agent/acl/loader.py +152 -0
- 3tears_agent_acl-0.14.0/src/threetears/agent/acl/loaders.py +227 -0
- 3tears_agent_acl-0.14.0/src/threetears/agent/acl/py.typed +0 -0
- 3tears_agent_acl-0.14.0/src/threetears/agent/acl/query_visibility.py +273 -0
- 3tears_agent_acl-0.14.0/src/threetears/agent/acl/types.py +421 -0
- 3tears_agent_acl-0.14.0/tests/__init__.py +1 -0
- 3tears_agent_acl-0.14.0/tests/unit/__init__.py +1 -0
- 3tears_agent_acl-0.14.0/tests/unit/_fake_loaders.py +199 -0
- 3tears_agent_acl-0.14.0/tests/unit/test_audit_vocabulary.py +100 -0
- 3tears_agent_acl-0.14.0/tests/unit/test_authorize.py +407 -0
- 3tears_agent_acl-0.14.0/tests/unit/test_builtin_roles.py +128 -0
- 3tears_agent_acl-0.14.0/tests/unit/test_cache.py +530 -0
- 3tears_agent_acl-0.14.0/tests/unit/test_collections.py +724 -0
- 3tears_agent_acl-0.14.0/tests/unit/test_evaluation.py +1132 -0
- 3tears_agent_acl-0.14.0/tests/unit/test_file_access.py +370 -0
- 3tears_agent_acl-0.14.0/tests/unit/test_introspection.py +555 -0
- 3tears_agent_acl-0.14.0/tests/unit/test_invalidation.py +81 -0
- 3tears_agent_acl-0.14.0/tests/unit/test_loaders.py +194 -0
- 3tears_agent_acl-0.14.0/tests/unit/test_query_visibility.py +263 -0
- 3tears_agent_acl-0.14.0/tests/unit/test_tool_eligibility_collections.py +244 -0
|
@@ -0,0 +1,216 @@
|
|
|
1
|
+
# Byte-compiled / optimized / DLL files
|
|
2
|
+
__pycache__/
|
|
3
|
+
*.py[codz]
|
|
4
|
+
*$py.class
|
|
5
|
+
|
|
6
|
+
# C extensions
|
|
7
|
+
*.so
|
|
8
|
+
|
|
9
|
+
# Distribution / packaging
|
|
10
|
+
.Python
|
|
11
|
+
build/
|
|
12
|
+
develop-eggs/
|
|
13
|
+
dist/
|
|
14
|
+
downloads/
|
|
15
|
+
eggs/
|
|
16
|
+
.eggs/
|
|
17
|
+
lib/
|
|
18
|
+
lib64/
|
|
19
|
+
parts/
|
|
20
|
+
sdist/
|
|
21
|
+
var/
|
|
22
|
+
wheels/
|
|
23
|
+
share/python-wheels/
|
|
24
|
+
*.egg-info/
|
|
25
|
+
.installed.cfg
|
|
26
|
+
*.egg
|
|
27
|
+
MANIFEST
|
|
28
|
+
|
|
29
|
+
# PyInstaller
|
|
30
|
+
# Usually these files are written by a python script from a template
|
|
31
|
+
# before PyInstaller builds the exe, so as to inject date/other infos into it.
|
|
32
|
+
*.manifest
|
|
33
|
+
*.spec
|
|
34
|
+
|
|
35
|
+
# Installer logs
|
|
36
|
+
pip-log.txt
|
|
37
|
+
pip-delete-this-directory.txt
|
|
38
|
+
|
|
39
|
+
# Unit test / coverage reports
|
|
40
|
+
htmlcov/
|
|
41
|
+
.tox/
|
|
42
|
+
.nox/
|
|
43
|
+
.coverage
|
|
44
|
+
.coverage.*
|
|
45
|
+
.cache
|
|
46
|
+
nosetests.xml
|
|
47
|
+
coverage.xml
|
|
48
|
+
*.cover
|
|
49
|
+
*.py.cover
|
|
50
|
+
.hypothesis/
|
|
51
|
+
.pytest_cache/
|
|
52
|
+
cover/
|
|
53
|
+
|
|
54
|
+
# Translations
|
|
55
|
+
*.mo
|
|
56
|
+
*.pot
|
|
57
|
+
|
|
58
|
+
# Django stuff:
|
|
59
|
+
*.log
|
|
60
|
+
local_settings.py
|
|
61
|
+
db.sqlite3
|
|
62
|
+
db.sqlite3-journal
|
|
63
|
+
|
|
64
|
+
# Flask stuff:
|
|
65
|
+
instance/
|
|
66
|
+
.webassets-cache
|
|
67
|
+
|
|
68
|
+
# Scrapy stuff:
|
|
69
|
+
.scrapy
|
|
70
|
+
|
|
71
|
+
# Sphinx documentation
|
|
72
|
+
docs/_build/
|
|
73
|
+
|
|
74
|
+
# PyBuilder
|
|
75
|
+
.pybuilder/
|
|
76
|
+
target/
|
|
77
|
+
|
|
78
|
+
# Jupyter Notebook
|
|
79
|
+
.ipynb_checkpoints
|
|
80
|
+
|
|
81
|
+
# IPython
|
|
82
|
+
profile_default/
|
|
83
|
+
ipython_config.py
|
|
84
|
+
|
|
85
|
+
# pyenv
|
|
86
|
+
# For a library or package, you might want to ignore these files since the code is
|
|
87
|
+
# intended to run in multiple environments; otherwise, check them in:
|
|
88
|
+
# .python-version
|
|
89
|
+
|
|
90
|
+
# pipenv
|
|
91
|
+
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
|
|
92
|
+
# However, in case of collaboration, if having platform-specific dependencies or dependencies
|
|
93
|
+
# having no cross-platform support, pipenv may install dependencies that don't work, or not
|
|
94
|
+
# install all needed dependencies.
|
|
95
|
+
#Pipfile.lock
|
|
96
|
+
|
|
97
|
+
# UV
|
|
98
|
+
# Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
|
|
99
|
+
# This is especially recommended for binary packages to ensure reproducibility, and is more
|
|
100
|
+
# commonly ignored for libraries.
|
|
101
|
+
#uv.lock
|
|
102
|
+
|
|
103
|
+
# poetry
|
|
104
|
+
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
|
|
105
|
+
# This is especially recommended for binary packages to ensure reproducibility, and is more
|
|
106
|
+
# commonly ignored for libraries.
|
|
107
|
+
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
|
|
108
|
+
#poetry.lock
|
|
109
|
+
#poetry.toml
|
|
110
|
+
|
|
111
|
+
# pdm
|
|
112
|
+
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
|
|
113
|
+
# pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
|
|
114
|
+
# https://pdm-project.org/en/latest/usage/project/#working-with-version-control
|
|
115
|
+
#pdm.lock
|
|
116
|
+
#pdm.toml
|
|
117
|
+
.pdm-python
|
|
118
|
+
.pdm-build/
|
|
119
|
+
|
|
120
|
+
# pixi
|
|
121
|
+
# Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
|
|
122
|
+
#pixi.lock
|
|
123
|
+
# Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
|
|
124
|
+
# in the .venv directory. It is recommended not to include this directory in version control.
|
|
125
|
+
.pixi
|
|
126
|
+
|
|
127
|
+
# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
|
|
128
|
+
__pypackages__/
|
|
129
|
+
|
|
130
|
+
# Celery stuff
|
|
131
|
+
celerybeat-schedule
|
|
132
|
+
celerybeat.pid
|
|
133
|
+
|
|
134
|
+
# SageMath parsed files
|
|
135
|
+
*.sage.py
|
|
136
|
+
|
|
137
|
+
# Environments
|
|
138
|
+
.env
|
|
139
|
+
.envrc
|
|
140
|
+
.venv
|
|
141
|
+
env/
|
|
142
|
+
venv/
|
|
143
|
+
ENV/
|
|
144
|
+
env.bak/
|
|
145
|
+
venv.bak/
|
|
146
|
+
|
|
147
|
+
# Spyder project settings
|
|
148
|
+
.spyderproject
|
|
149
|
+
.spyproject
|
|
150
|
+
|
|
151
|
+
# Rope project settings
|
|
152
|
+
.ropeproject
|
|
153
|
+
|
|
154
|
+
# mkdocs documentation
|
|
155
|
+
/site
|
|
156
|
+
|
|
157
|
+
# mypy
|
|
158
|
+
.mypy_cache/
|
|
159
|
+
.dmypy.json
|
|
160
|
+
dmypy.json
|
|
161
|
+
|
|
162
|
+
# Pyre type checker
|
|
163
|
+
.pyre/
|
|
164
|
+
|
|
165
|
+
# pytype static type analyzer
|
|
166
|
+
.pytype/
|
|
167
|
+
|
|
168
|
+
# Cython debug symbols
|
|
169
|
+
cython_debug/
|
|
170
|
+
|
|
171
|
+
# PyCharm
|
|
172
|
+
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
|
|
173
|
+
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
|
|
174
|
+
# and can be added to the global gitignore or merged into this file. For a more nuclear
|
|
175
|
+
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
|
|
176
|
+
#.idea/
|
|
177
|
+
|
|
178
|
+
# Abstra
|
|
179
|
+
# Abstra is an AI-powered process automation framework.
|
|
180
|
+
# Ignore directories containing user credentials, local state, and settings.
|
|
181
|
+
# Learn more at https://abstra.io/docs
|
|
182
|
+
.abstra/
|
|
183
|
+
|
|
184
|
+
# Visual Studio Code
|
|
185
|
+
# Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore
|
|
186
|
+
# that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
|
|
187
|
+
# and can be added to the global gitignore or merged into this file. However, if you prefer,
|
|
188
|
+
# you could uncomment the following to ignore the entire vscode folder
|
|
189
|
+
# .vscode/
|
|
190
|
+
|
|
191
|
+
# Ruff stuff:
|
|
192
|
+
.ruff_cache/
|
|
193
|
+
|
|
194
|
+
# PyPI configuration file
|
|
195
|
+
.pypirc
|
|
196
|
+
|
|
197
|
+
# Cursor
|
|
198
|
+
# Cursor is an AI-powered code editor. `.cursorignore` specifies files/directories to
|
|
199
|
+
# exclude from AI features like autocomplete and code analysis. Recommended for sensitive data
|
|
200
|
+
# refer to https://docs.cursor.com/context/ignore-files
|
|
201
|
+
.cursorignore
|
|
202
|
+
.cursorindexingignore
|
|
203
|
+
|
|
204
|
+
# Marimo
|
|
205
|
+
marimo/_static/
|
|
206
|
+
marimo/_lsp/
|
|
207
|
+
__marimo__/
|
|
208
|
+
|
|
209
|
+
# Claude Code local state
|
|
210
|
+
.claude/
|
|
211
|
+
|
|
212
|
+
# prawduct session evidence (local governance artifacts, never shipped)
|
|
213
|
+
.prawduct/
|
|
214
|
+
|
|
215
|
+
# macOS folder metadata
|
|
216
|
+
.DS_Store
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 Mark Pace
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
|
@@ -0,0 +1,181 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: 3tears-agent-acl
|
|
3
|
+
Version: 0.14.0
|
|
4
|
+
Summary: shared rbac evaluator + cache for the 3tears platform: groups, roles, role assignments, evaluation trails
|
|
5
|
+
Project-URL: Repository, https://github.com/pacepace/3tears
|
|
6
|
+
Author: pace
|
|
7
|
+
License-Expression: MIT
|
|
8
|
+
License-File: LICENSE
|
|
9
|
+
Classifier: Development Status :: 3 - Alpha
|
|
10
|
+
Classifier: Framework :: AsyncIO
|
|
11
|
+
Classifier: Intended Audience :: Developers
|
|
12
|
+
Classifier: Programming Language :: Python :: 3
|
|
13
|
+
Classifier: Programming Language :: Python :: 3.14
|
|
14
|
+
Classifier: Topic :: Security
|
|
15
|
+
Classifier: Topic :: Software Development :: Libraries
|
|
16
|
+
Classifier: Typing :: Typed
|
|
17
|
+
Requires-Python: >=3.14
|
|
18
|
+
Requires-Dist: 3tears
|
|
19
|
+
Requires-Dist: 3tears-observe
|
|
20
|
+
Requires-Dist: pydantic>=2.0
|
|
21
|
+
Description-Content-Type: text/markdown
|
|
22
|
+
|
|
23
|
+
# 3tears-agent-acl
|
|
24
|
+
|
|
25
|
+
Shared RBAC primitives for the 3tears platform: evaluator, cache,
|
|
26
|
+
canonical Collections, loader adapters, and NATS invalidation
|
|
27
|
+
payload models.
|
|
28
|
+
|
|
29
|
+
## Purpose
|
|
30
|
+
|
|
31
|
+
Single source of truth for "can actor do action on namespace" decisions
|
|
32
|
+
PLUS the persistence layer that feeds them. The same pure-Python
|
|
33
|
+
evaluator, canonical Collections, and loader adapters run in every
|
|
34
|
+
consuming application, so authorization answers are byte-identical
|
|
35
|
+
across processes and one set of unit tests covers every caller.
|
|
36
|
+
|
|
37
|
+
The Collections, loaders, and invalidation models are reusable across
|
|
38
|
+
any 3tears app. The package supersedes per-resource ACL code paths
|
|
39
|
+
(`namespace_grants`, workspace-specific checks, tool-access fnmatch
|
|
40
|
+
lists).
|
|
41
|
+
|
|
42
|
+
## Public API
|
|
43
|
+
|
|
44
|
+
Exports (see `src/threetears/agent/acl/__init__.py`):
|
|
45
|
+
|
|
46
|
+
### Evaluation
|
|
47
|
+
|
|
48
|
+
- `evaluate_decision(ctx, *, cache: AclCache) -> bool` -- fast yes/no
|
|
49
|
+
hot path. The cache is consulted for membership and per-namespace
|
|
50
|
+
contribution layers on every call, falling back to its loaders only
|
|
51
|
+
on cache miss; production hit rate against repeated authz checks
|
|
52
|
+
for the same `(actor, namespace)` is ~100% within the cache TTL.
|
|
53
|
+
- `evaluate_with_trail(ctx, *, cache) -> EvaluationResult` --
|
|
54
|
+
introspection path returning every
|
|
55
|
+
`(group, assignment, role) -> contributed_actions` chain plus
|
|
56
|
+
`limiting_side` for user×agent intersection queries. Uses the same
|
|
57
|
+
cache layers as `evaluate_decision`; trails are stored alongside
|
|
58
|
+
the action set so successive decision-mode and trail-mode calls
|
|
59
|
+
for the same actor + namespace serve from cache.
|
|
60
|
+
- `evaluate_file_access(*, namespace, user_id, agent_id, path,
|
|
61
|
+
direction, cache) -> bool` -- workspace path-glob gate; same cache
|
|
62
|
+
semantics.
|
|
63
|
+
- `authorize(*, namespace_collection, namespace_name, action,
|
|
64
|
+
user_id, agent_id, cache) -> EvaluationResult` -- canonical
|
|
65
|
+
authorization primitive every app's resource-typed wrapper
|
|
66
|
+
is built on. Looks up the namespace by name, runs
|
|
67
|
+
`evaluate_with_trail` through the cache, raises generic
|
|
68
|
+
`AccessDenied` on deny / `NamespaceNotFound` on missing row.
|
|
69
|
+
- `authorize_with_trail` -- variant returning `(result, ns_entity)`
|
|
70
|
+
for wrappers needing the entity.
|
|
71
|
+
- `AccessDenied` / `NamespaceNotFound` -- generic + namespace-miss
|
|
72
|
+
exception classes; per-resource wrappers subclass `AccessDenied`
|
|
73
|
+
to carry typed catching at endpoint code (e.g.
|
|
74
|
+
`MemoryAccessDenied`, `DatasourceAccessDenied`).
|
|
75
|
+
- `AclCache` -- three-layer in-process TTL cache
|
|
76
|
+
(`actor -> [GroupMembership]`, `(group_id, namespace_id) -> action_set
|
|
77
|
+
+ trails`, `(group_id, namespace_type, customer_id) -> action_set
|
|
78
|
+
+ trails`) with fine-grained invalidation hooks fired on
|
|
79
|
+
group-membership / role / assignment change. The `ActorMembershipEntry`
|
|
80
|
+
carries the full memberships tuple so the evaluator's
|
|
81
|
+
cross-customer + member-type filter runs against cached state.
|
|
82
|
+
|
|
83
|
+
### Persistence
|
|
84
|
+
|
|
85
|
+
- `GroupCollection`, `GroupMemberCollection`, `RoleCollection`,
|
|
86
|
+
`RoleAssignmentCollection`, `NamespaceCollection` -- three-tier
|
|
87
|
+
`SchemaBackedCollection` subclasses fronting the canonical RBAC
|
|
88
|
+
tables (`groups`, `group_members`, `roles`, `role_assignments`,
|
|
89
|
+
`namespaces`). Schemas use canonical RBAC names with no
|
|
90
|
+
deploy-specific schema prefix; the prefix is set on the L3 pool's
|
|
91
|
+
`search_path`, not in the schema name on the Collection.
|
|
92
|
+
- `GroupEntity`, `GroupMemberEntity`, `RoleEntity`,
|
|
93
|
+
`RoleAssignmentEntity`, `NamespaceEntity` -- `BaseEntity`
|
|
94
|
+
subclasses; four use composite primary keys post-row_scope
|
|
95
|
+
partitioning (`(row_scope, id)` for groups / role_assignments /
|
|
96
|
+
namespaces; `(group_id, id)` for group_members).
|
|
97
|
+
- `CollectionMembershipLoader`, `CollectionGrantLoader` -- concrete
|
|
98
|
+
loader adapters satisfying the `MembershipLoader` /
|
|
99
|
+
`GrantLoader` Protocols, wired against the canonical Collections.
|
|
100
|
+
|
|
101
|
+
### Invalidation
|
|
102
|
+
|
|
103
|
+
- `MembershipInvalidatePayload`, `AssignmentInvalidatePayload`,
|
|
104
|
+
`RoleInvalidatePayload` -- typed Pydantic models for the three
|
|
105
|
+
`{ns}.acl.*.invalidate` NATS subjects. Wire format is single-source:
|
|
106
|
+
every publisher (admin endpoints, agent self-mutations) and every
|
|
107
|
+
subscriber (cache subscribers in any consuming app) speaks
|
|
108
|
+
these models.
|
|
109
|
+
|
|
110
|
+
### Value types & protocols
|
|
111
|
+
|
|
112
|
+
- Value types: `Group`, `GroupMembership`, `Role`, `RoleAssignment`,
|
|
113
|
+
`Namespace`, `EvaluationContext`, `EvaluationResult`, `Trail`.
|
|
114
|
+
- Enums: `ActorType`, `MemberType`, `ScopeType`, `LimitingSide`.
|
|
115
|
+
- I/O protocols: `GrantLoader`, `MembershipLoader` -- callers may
|
|
116
|
+
implement these against any persistence layer; the canonical
|
|
117
|
+
`Collection*Loader` adapters above are the reference impls.
|
|
118
|
+
|
|
119
|
+
## Consuming the package from a 3tears app
|
|
120
|
+
|
|
121
|
+
Each app constructs the canonical Collections against its own L3
|
|
122
|
+
pool (direct asyncpg in a server-style deployment, NATS-proxied L3 in
|
|
123
|
+
each agent pod) and wires the canonical loader adapters + cache.
|
|
124
|
+
Deployment-specific admin query shapes (dynamic `list_by_filter` /
|
|
125
|
+
per-cardinality counts / multi-table discovery JOINs) live on
|
|
126
|
+
consuming-app subclasses.
|
|
127
|
+
|
|
128
|
+
```python
|
|
129
|
+
from threetears.agent.acl import (
|
|
130
|
+
AclCache,
|
|
131
|
+
CollectionGrantLoader,
|
|
132
|
+
CollectionMembershipLoader,
|
|
133
|
+
EvaluationContext,
|
|
134
|
+
GroupCollection,
|
|
135
|
+
GroupMemberCollection,
|
|
136
|
+
NamespaceCollection,
|
|
137
|
+
RoleAssignmentCollection,
|
|
138
|
+
RoleCollection,
|
|
139
|
+
evaluate_decision,
|
|
140
|
+
)
|
|
141
|
+
|
|
142
|
+
# 1. construct Collections against your registry / L3 pool
|
|
143
|
+
group_collection = GroupCollection(registry=registry, config=core_config)
|
|
144
|
+
group_member_collection = GroupMemberCollection(registry=registry, config=core_config)
|
|
145
|
+
role_collection = RoleCollection(registry=registry, config=core_config)
|
|
146
|
+
role_assignment_collection = RoleAssignmentCollection(registry=registry, config=core_config)
|
|
147
|
+
namespace_collection = NamespaceCollection(registry=registry, config=core_config)
|
|
148
|
+
|
|
149
|
+
# 2. wire the canonical loaders
|
|
150
|
+
membership_loader = CollectionMembershipLoader(collection=group_member_collection)
|
|
151
|
+
grant_loader = CollectionGrantLoader(
|
|
152
|
+
assignment_collection=role_assignment_collection,
|
|
153
|
+
role_collection=role_collection,
|
|
154
|
+
group_collection=group_collection,
|
|
155
|
+
)
|
|
156
|
+
|
|
157
|
+
# 3. build the cache
|
|
158
|
+
cache = AclCache(
|
|
159
|
+
membership_loader=membership_loader,
|
|
160
|
+
grant_loader=grant_loader,
|
|
161
|
+
ttl_seconds=60,
|
|
162
|
+
)
|
|
163
|
+
|
|
164
|
+
# 4. evaluate
|
|
165
|
+
ctx = EvaluationContext(
|
|
166
|
+
namespace=target_namespace,
|
|
167
|
+
action="read",
|
|
168
|
+
user_id=user_id,
|
|
169
|
+
agent_id=agent_id,
|
|
170
|
+
)
|
|
171
|
+
allowed = await evaluate_decision(
|
|
172
|
+
ctx,
|
|
173
|
+
membership_loader=membership_loader,
|
|
174
|
+
grant_loader=grant_loader,
|
|
175
|
+
)
|
|
176
|
+
```
|
|
177
|
+
|
|
178
|
+
Implicit ownership: if `namespace.owner_agent_id == ctx.agent_id`,
|
|
179
|
+
the agent side short-circuits to full permissions with no group
|
|
180
|
+
lookup or assignment query. Ownership is a property of the namespace
|
|
181
|
+
row, never a grant.
|
|
@@ -0,0 +1,159 @@
|
|
|
1
|
+
# 3tears-agent-acl
|
|
2
|
+
|
|
3
|
+
Shared RBAC primitives for the 3tears platform: evaluator, cache,
|
|
4
|
+
canonical Collections, loader adapters, and NATS invalidation
|
|
5
|
+
payload models.
|
|
6
|
+
|
|
7
|
+
## Purpose
|
|
8
|
+
|
|
9
|
+
Single source of truth for "can actor do action on namespace" decisions
|
|
10
|
+
PLUS the persistence layer that feeds them. The same pure-Python
|
|
11
|
+
evaluator, canonical Collections, and loader adapters run in every
|
|
12
|
+
consuming application, so authorization answers are byte-identical
|
|
13
|
+
across processes and one set of unit tests covers every caller.
|
|
14
|
+
|
|
15
|
+
The Collections, loaders, and invalidation models are reusable across
|
|
16
|
+
any 3tears app. The package supersedes per-resource ACL code paths
|
|
17
|
+
(`namespace_grants`, workspace-specific checks, tool-access fnmatch
|
|
18
|
+
lists).
|
|
19
|
+
|
|
20
|
+
## Public API
|
|
21
|
+
|
|
22
|
+
Exports (see `src/threetears/agent/acl/__init__.py`):
|
|
23
|
+
|
|
24
|
+
### Evaluation
|
|
25
|
+
|
|
26
|
+
- `evaluate_decision(ctx, *, cache: AclCache) -> bool` -- fast yes/no
|
|
27
|
+
hot path. The cache is consulted for membership and per-namespace
|
|
28
|
+
contribution layers on every call, falling back to its loaders only
|
|
29
|
+
on cache miss; production hit rate against repeated authz checks
|
|
30
|
+
for the same `(actor, namespace)` is ~100% within the cache TTL.
|
|
31
|
+
- `evaluate_with_trail(ctx, *, cache) -> EvaluationResult` --
|
|
32
|
+
introspection path returning every
|
|
33
|
+
`(group, assignment, role) -> contributed_actions` chain plus
|
|
34
|
+
`limiting_side` for user×agent intersection queries. Uses the same
|
|
35
|
+
cache layers as `evaluate_decision`; trails are stored alongside
|
|
36
|
+
the action set so successive decision-mode and trail-mode calls
|
|
37
|
+
for the same actor + namespace serve from cache.
|
|
38
|
+
- `evaluate_file_access(*, namespace, user_id, agent_id, path,
|
|
39
|
+
direction, cache) -> bool` -- workspace path-glob gate; same cache
|
|
40
|
+
semantics.
|
|
41
|
+
- `authorize(*, namespace_collection, namespace_name, action,
|
|
42
|
+
user_id, agent_id, cache) -> EvaluationResult` -- canonical
|
|
43
|
+
authorization primitive every app's resource-typed wrapper
|
|
44
|
+
is built on. Looks up the namespace by name, runs
|
|
45
|
+
`evaluate_with_trail` through the cache, raises generic
|
|
46
|
+
`AccessDenied` on deny / `NamespaceNotFound` on missing row.
|
|
47
|
+
- `authorize_with_trail` -- variant returning `(result, ns_entity)`
|
|
48
|
+
for wrappers needing the entity.
|
|
49
|
+
- `AccessDenied` / `NamespaceNotFound` -- generic + namespace-miss
|
|
50
|
+
exception classes; per-resource wrappers subclass `AccessDenied`
|
|
51
|
+
to carry typed catching at endpoint code (e.g.
|
|
52
|
+
`MemoryAccessDenied`, `DatasourceAccessDenied`).
|
|
53
|
+
- `AclCache` -- three-layer in-process TTL cache
|
|
54
|
+
(`actor -> [GroupMembership]`, `(group_id, namespace_id) -> action_set
|
|
55
|
+
+ trails`, `(group_id, namespace_type, customer_id) -> action_set
|
|
56
|
+
+ trails`) with fine-grained invalidation hooks fired on
|
|
57
|
+
group-membership / role / assignment change. The `ActorMembershipEntry`
|
|
58
|
+
carries the full memberships tuple so the evaluator's
|
|
59
|
+
cross-customer + member-type filter runs against cached state.
|
|
60
|
+
|
|
61
|
+
### Persistence
|
|
62
|
+
|
|
63
|
+
- `GroupCollection`, `GroupMemberCollection`, `RoleCollection`,
|
|
64
|
+
`RoleAssignmentCollection`, `NamespaceCollection` -- three-tier
|
|
65
|
+
`SchemaBackedCollection` subclasses fronting the canonical RBAC
|
|
66
|
+
tables (`groups`, `group_members`, `roles`, `role_assignments`,
|
|
67
|
+
`namespaces`). Schemas use canonical RBAC names with no
|
|
68
|
+
deploy-specific schema prefix; the prefix is set on the L3 pool's
|
|
69
|
+
`search_path`, not in the schema name on the Collection.
|
|
70
|
+
- `GroupEntity`, `GroupMemberEntity`, `RoleEntity`,
|
|
71
|
+
`RoleAssignmentEntity`, `NamespaceEntity` -- `BaseEntity`
|
|
72
|
+
subclasses; four use composite primary keys post-row_scope
|
|
73
|
+
partitioning (`(row_scope, id)` for groups / role_assignments /
|
|
74
|
+
namespaces; `(group_id, id)` for group_members).
|
|
75
|
+
- `CollectionMembershipLoader`, `CollectionGrantLoader` -- concrete
|
|
76
|
+
loader adapters satisfying the `MembershipLoader` /
|
|
77
|
+
`GrantLoader` Protocols, wired against the canonical Collections.
|
|
78
|
+
|
|
79
|
+
### Invalidation
|
|
80
|
+
|
|
81
|
+
- `MembershipInvalidatePayload`, `AssignmentInvalidatePayload`,
|
|
82
|
+
`RoleInvalidatePayload` -- typed Pydantic models for the three
|
|
83
|
+
`{ns}.acl.*.invalidate` NATS subjects. Wire format is single-source:
|
|
84
|
+
every publisher (admin endpoints, agent self-mutations) and every
|
|
85
|
+
subscriber (cache subscribers in any consuming app) speaks
|
|
86
|
+
these models.
|
|
87
|
+
|
|
88
|
+
### Value types & protocols
|
|
89
|
+
|
|
90
|
+
- Value types: `Group`, `GroupMembership`, `Role`, `RoleAssignment`,
|
|
91
|
+
`Namespace`, `EvaluationContext`, `EvaluationResult`, `Trail`.
|
|
92
|
+
- Enums: `ActorType`, `MemberType`, `ScopeType`, `LimitingSide`.
|
|
93
|
+
- I/O protocols: `GrantLoader`, `MembershipLoader` -- callers may
|
|
94
|
+
implement these against any persistence layer; the canonical
|
|
95
|
+
`Collection*Loader` adapters above are the reference impls.
|
|
96
|
+
|
|
97
|
+
## Consuming the package from a 3tears app
|
|
98
|
+
|
|
99
|
+
Each app constructs the canonical Collections against its own L3
|
|
100
|
+
pool (direct asyncpg in a server-style deployment, NATS-proxied L3 in
|
|
101
|
+
each agent pod) and wires the canonical loader adapters + cache.
|
|
102
|
+
Deployment-specific admin query shapes (dynamic `list_by_filter` /
|
|
103
|
+
per-cardinality counts / multi-table discovery JOINs) live on
|
|
104
|
+
consuming-app subclasses.
|
|
105
|
+
|
|
106
|
+
```python
|
|
107
|
+
from threetears.agent.acl import (
|
|
108
|
+
AclCache,
|
|
109
|
+
CollectionGrantLoader,
|
|
110
|
+
CollectionMembershipLoader,
|
|
111
|
+
EvaluationContext,
|
|
112
|
+
GroupCollection,
|
|
113
|
+
GroupMemberCollection,
|
|
114
|
+
NamespaceCollection,
|
|
115
|
+
RoleAssignmentCollection,
|
|
116
|
+
RoleCollection,
|
|
117
|
+
evaluate_decision,
|
|
118
|
+
)
|
|
119
|
+
|
|
120
|
+
# 1. construct Collections against your registry / L3 pool
|
|
121
|
+
group_collection = GroupCollection(registry=registry, config=core_config)
|
|
122
|
+
group_member_collection = GroupMemberCollection(registry=registry, config=core_config)
|
|
123
|
+
role_collection = RoleCollection(registry=registry, config=core_config)
|
|
124
|
+
role_assignment_collection = RoleAssignmentCollection(registry=registry, config=core_config)
|
|
125
|
+
namespace_collection = NamespaceCollection(registry=registry, config=core_config)
|
|
126
|
+
|
|
127
|
+
# 2. wire the canonical loaders
|
|
128
|
+
membership_loader = CollectionMembershipLoader(collection=group_member_collection)
|
|
129
|
+
grant_loader = CollectionGrantLoader(
|
|
130
|
+
assignment_collection=role_assignment_collection,
|
|
131
|
+
role_collection=role_collection,
|
|
132
|
+
group_collection=group_collection,
|
|
133
|
+
)
|
|
134
|
+
|
|
135
|
+
# 3. build the cache
|
|
136
|
+
cache = AclCache(
|
|
137
|
+
membership_loader=membership_loader,
|
|
138
|
+
grant_loader=grant_loader,
|
|
139
|
+
ttl_seconds=60,
|
|
140
|
+
)
|
|
141
|
+
|
|
142
|
+
# 4. evaluate
|
|
143
|
+
ctx = EvaluationContext(
|
|
144
|
+
namespace=target_namespace,
|
|
145
|
+
action="read",
|
|
146
|
+
user_id=user_id,
|
|
147
|
+
agent_id=agent_id,
|
|
148
|
+
)
|
|
149
|
+
allowed = await evaluate_decision(
|
|
150
|
+
ctx,
|
|
151
|
+
membership_loader=membership_loader,
|
|
152
|
+
grant_loader=grant_loader,
|
|
153
|
+
)
|
|
154
|
+
```
|
|
155
|
+
|
|
156
|
+
Implicit ownership: if `namespace.owner_agent_id == ctx.agent_id`,
|
|
157
|
+
the agent side short-circuits to full permissions with no group
|
|
158
|
+
lookup or assignment query. Ownership is a property of the namespace
|
|
159
|
+
row, never a grant.
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
[build-system]
|
|
2
|
+
requires = ["hatchling"]
|
|
3
|
+
build-backend = "hatchling.build"
|
|
4
|
+
|
|
5
|
+
[project]
|
|
6
|
+
name = "3tears-agent-acl"
|
|
7
|
+
version = "0.14.0"
|
|
8
|
+
description = "shared rbac evaluator + cache for the 3tears platform: groups, roles, role assignments, evaluation trails"
|
|
9
|
+
readme = "README.md"
|
|
10
|
+
requires-python = ">=3.14"
|
|
11
|
+
authors = [{name = "pace"}]
|
|
12
|
+
license = "MIT"
|
|
13
|
+
license-files = ["LICENSE"]
|
|
14
|
+
classifiers = [
|
|
15
|
+
"Development Status :: 3 - Alpha",
|
|
16
|
+
"Framework :: AsyncIO",
|
|
17
|
+
"Intended Audience :: Developers",
|
|
18
|
+
"Programming Language :: Python :: 3",
|
|
19
|
+
"Programming Language :: Python :: 3.14",
|
|
20
|
+
"Topic :: Security",
|
|
21
|
+
"Topic :: Software Development :: Libraries",
|
|
22
|
+
"Typing :: Typed",
|
|
23
|
+
]
|
|
24
|
+
dependencies = [
|
|
25
|
+
"3tears",
|
|
26
|
+
"3tears-observe",
|
|
27
|
+
"pydantic>=2.0",
|
|
28
|
+
]
|
|
29
|
+
|
|
30
|
+
[project.urls]
|
|
31
|
+
Repository = "https://github.com/pacepace/3tears"
|
|
32
|
+
|
|
33
|
+
[tool.hatch.build.targets.wheel]
|
|
34
|
+
packages = ["src/threetears"]
|
|
35
|
+
|
|
36
|
+
[tool.uv.sources]
|
|
37
|
+
3tears = { workspace = true }
|
|
38
|
+
3tears-observe = { workspace = true }
|
|
39
|
+
|
|
40
|
+
[tool.mypy]
|
|
41
|
+
strict = true
|
|
42
|
+
mypy_path = "src"
|
|
43
|
+
packages = ["threetears.agent.acl"]
|
|
44
|
+
explicit_package_bases = true
|
|
45
|
+
ignore_missing_imports = true
|
|
46
|
+
|
|
47
|
+
[tool.pytest.ini_options]
|
|
48
|
+
asyncio_mode = "auto"
|
|
49
|
+
markers = [
|
|
50
|
+
"integration: integration tests requiring docker or real infra",
|
|
51
|
+
]
|