3tears-registry 0.14.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. 3tears_registry-0.14.0/.gitignore +216 -0
  2. 3tears_registry-0.14.0/LICENSE +21 -0
  3. 3tears_registry-0.14.0/PKG-INFO +89 -0
  4. 3tears_registry-0.14.0/README.md +72 -0
  5. 3tears_registry-0.14.0/pyproject.toml +34 -0
  6. 3tears_registry-0.14.0/src/threetears/registry/__init__.py +68 -0
  7. 3tears_registry-0.14.0/src/threetears/registry/__main__.py +7 -0
  8. 3tears_registry-0.14.0/src/threetears/registry/auth.py +180 -0
  9. 3tears_registry-0.14.0/src/threetears/registry/catalog.py +565 -0
  10. 3tears_registry-0.14.0/src/threetears/registry/config.py +200 -0
  11. 3tears_registry-0.14.0/src/threetears/registry/discovery.py +290 -0
  12. 3tears_registry-0.14.0/src/threetears/registry/entities.py +56 -0
  13. 3tears_registry-0.14.0/src/threetears/registry/health.py +366 -0
  14. 3tears_registry-0.14.0/src/threetears/registry/heartbeat_collection.py +357 -0
  15. 3tears_registry-0.14.0/src/threetears/registry/l1_cache.py +202 -0
  16. 3tears_registry-0.14.0/src/threetears/registry/proxy.py +1045 -0
  17. 3tears_registry-0.14.0/src/threetears/registry/py.typed +0 -0
  18. 3tears_registry-0.14.0/src/threetears/registry/rbac_authorizer.py +239 -0
  19. 3tears_registry-0.14.0/src/threetears/registry/rbac_stack.py +410 -0
  20. 3tears_registry-0.14.0/src/threetears/registry/registration.py +466 -0
  21. 3tears_registry-0.14.0/src/threetears/registry/routing.py +63 -0
  22. 3tears_registry-0.14.0/src/threetears/registry/server.py +627 -0
  23. 3tears_registry-0.14.0/tests/__init__.py +0 -0
  24. 3tears_registry-0.14.0/tests/enforcement/__init__.py +0 -0
  25. 3tears_registry-0.14.0/tests/enforcement/test_no_hardcoded_timeouts.py +217 -0
  26. 3tears_registry-0.14.0/tests/integration/__init__.py +0 -0
  27. 3tears_registry-0.14.0/tests/integration/test_heartbeat_collection.py +442 -0
  28. 3tears_registry-0.14.0/tests/unit/__init__.py +0 -0
  29. 3tears_registry-0.14.0/tests/unit/registry/__init__.py +0 -0
  30. 3tears_registry-0.14.0/tests/unit/registry/_dispatch_auth.py +160 -0
  31. 3tears_registry-0.14.0/tests/unit/registry/test_auth_wire_fields.py +90 -0
  32. 3tears_registry-0.14.0/tests/unit/registry/test_catalog.py +839 -0
  33. 3tears_registry-0.14.0/tests/unit/registry/test_discovery.py +358 -0
  34. 3tears_registry-0.14.0/tests/unit/registry/test_health.py +585 -0
  35. 3tears_registry-0.14.0/tests/unit/registry/test_identity_verification.py +1140 -0
  36. 3tears_registry-0.14.0/tests/unit/registry/test_multi_pod.py +551 -0
  37. 3tears_registry-0.14.0/tests/unit/registry/test_proxy.py +738 -0
  38. 3tears_registry-0.14.0/tests/unit/registry/test_proxy_pending_endpoint.py +244 -0
  39. 3tears_registry-0.14.0/tests/unit/registry/test_rbac_authorizer.py +561 -0
  40. 3tears_registry-0.14.0/tests/unit/registry/test_rbac_stack.py +343 -0
  41. 3tears_registry-0.14.0/tests/unit/registry/test_readiness.py +69 -0
  42. 3tears_registry-0.14.0/tests/unit/registry/test_registration.py +428 -0
  43. 3tears_registry-0.14.0/tests/unit/registry/test_registration_barrier.py +511 -0
  44. 3tears_registry-0.14.0/tests/unit/registry/test_routing.py +131 -0
@@ -0,0 +1,216 @@
1
+ # Byte-compiled / optimized / DLL files
2
+ __pycache__/
3
+ *.py[codz]
4
+ *$py.class
5
+
6
+ # C extensions
7
+ *.so
8
+
9
+ # Distribution / packaging
10
+ .Python
11
+ build/
12
+ develop-eggs/
13
+ dist/
14
+ downloads/
15
+ eggs/
16
+ .eggs/
17
+ lib/
18
+ lib64/
19
+ parts/
20
+ sdist/
21
+ var/
22
+ wheels/
23
+ share/python-wheels/
24
+ *.egg-info/
25
+ .installed.cfg
26
+ *.egg
27
+ MANIFEST
28
+
29
+ # PyInstaller
30
+ # Usually these files are written by a python script from a template
31
+ # before PyInstaller builds the exe, so as to inject date/other infos into it.
32
+ *.manifest
33
+ *.spec
34
+
35
+ # Installer logs
36
+ pip-log.txt
37
+ pip-delete-this-directory.txt
38
+
39
+ # Unit test / coverage reports
40
+ htmlcov/
41
+ .tox/
42
+ .nox/
43
+ .coverage
44
+ .coverage.*
45
+ .cache
46
+ nosetests.xml
47
+ coverage.xml
48
+ *.cover
49
+ *.py.cover
50
+ .hypothesis/
51
+ .pytest_cache/
52
+ cover/
53
+
54
+ # Translations
55
+ *.mo
56
+ *.pot
57
+
58
+ # Django stuff:
59
+ *.log
60
+ local_settings.py
61
+ db.sqlite3
62
+ db.sqlite3-journal
63
+
64
+ # Flask stuff:
65
+ instance/
66
+ .webassets-cache
67
+
68
+ # Scrapy stuff:
69
+ .scrapy
70
+
71
+ # Sphinx documentation
72
+ docs/_build/
73
+
74
+ # PyBuilder
75
+ .pybuilder/
76
+ target/
77
+
78
+ # Jupyter Notebook
79
+ .ipynb_checkpoints
80
+
81
+ # IPython
82
+ profile_default/
83
+ ipython_config.py
84
+
85
+ # pyenv
86
+ # For a library or package, you might want to ignore these files since the code is
87
+ # intended to run in multiple environments; otherwise, check them in:
88
+ # .python-version
89
+
90
+ # pipenv
91
+ # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
92
+ # However, in case of collaboration, if having platform-specific dependencies or dependencies
93
+ # having no cross-platform support, pipenv may install dependencies that don't work, or not
94
+ # install all needed dependencies.
95
+ #Pipfile.lock
96
+
97
+ # UV
98
+ # Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
99
+ # This is especially recommended for binary packages to ensure reproducibility, and is more
100
+ # commonly ignored for libraries.
101
+ #uv.lock
102
+
103
+ # poetry
104
+ # Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
105
+ # This is especially recommended for binary packages to ensure reproducibility, and is more
106
+ # commonly ignored for libraries.
107
+ # https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
108
+ #poetry.lock
109
+ #poetry.toml
110
+
111
+ # pdm
112
+ # Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
113
+ # pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
114
+ # https://pdm-project.org/en/latest/usage/project/#working-with-version-control
115
+ #pdm.lock
116
+ #pdm.toml
117
+ .pdm-python
118
+ .pdm-build/
119
+
120
+ # pixi
121
+ # Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
122
+ #pixi.lock
123
+ # Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
124
+ # in the .venv directory. It is recommended not to include this directory in version control.
125
+ .pixi
126
+
127
+ # PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
128
+ __pypackages__/
129
+
130
+ # Celery stuff
131
+ celerybeat-schedule
132
+ celerybeat.pid
133
+
134
+ # SageMath parsed files
135
+ *.sage.py
136
+
137
+ # Environments
138
+ .env
139
+ .envrc
140
+ .venv
141
+ env/
142
+ venv/
143
+ ENV/
144
+ env.bak/
145
+ venv.bak/
146
+
147
+ # Spyder project settings
148
+ .spyderproject
149
+ .spyproject
150
+
151
+ # Rope project settings
152
+ .ropeproject
153
+
154
+ # mkdocs documentation
155
+ /site
156
+
157
+ # mypy
158
+ .mypy_cache/
159
+ .dmypy.json
160
+ dmypy.json
161
+
162
+ # Pyre type checker
163
+ .pyre/
164
+
165
+ # pytype static type analyzer
166
+ .pytype/
167
+
168
+ # Cython debug symbols
169
+ cython_debug/
170
+
171
+ # PyCharm
172
+ # JetBrains specific template is maintained in a separate JetBrains.gitignore that can
173
+ # be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
174
+ # and can be added to the global gitignore or merged into this file. For a more nuclear
175
+ # option (not recommended) you can uncomment the following to ignore the entire idea folder.
176
+ #.idea/
177
+
178
+ # Abstra
179
+ # Abstra is an AI-powered process automation framework.
180
+ # Ignore directories containing user credentials, local state, and settings.
181
+ # Learn more at https://abstra.io/docs
182
+ .abstra/
183
+
184
+ # Visual Studio Code
185
+ # Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore
186
+ # that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
187
+ # and can be added to the global gitignore or merged into this file. However, if you prefer,
188
+ # you could uncomment the following to ignore the entire vscode folder
189
+ # .vscode/
190
+
191
+ # Ruff stuff:
192
+ .ruff_cache/
193
+
194
+ # PyPI configuration file
195
+ .pypirc
196
+
197
+ # Cursor
198
+ # Cursor is an AI-powered code editor. `.cursorignore` specifies files/directories to
199
+ # exclude from AI features like autocomplete and code analysis. Recommended for sensitive data
200
+ # refer to https://docs.cursor.com/context/ignore-files
201
+ .cursorignore
202
+ .cursorindexingignore
203
+
204
+ # Marimo
205
+ marimo/_static/
206
+ marimo/_lsp/
207
+ __marimo__/
208
+
209
+ # Claude Code local state
210
+ .claude/
211
+
212
+ # prawduct session evidence (local governance artifacts, never shipped)
213
+ .prawduct/
214
+
215
+ # macOS folder metadata
216
+ .DS_Store
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Mark Pace
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
@@ -0,0 +1,89 @@
1
+ Metadata-Version: 2.4
2
+ Name: 3tears-registry
3
+ Version: 0.14.0
4
+ Summary: MCP-compatible tool registry for 3tears tool system
5
+ Project-URL: Repository, https://github.com/pacepace/3tears
6
+ Author: pace
7
+ License-Expression: MIT
8
+ License-File: LICENSE
9
+ Requires-Python: >=3.14
10
+ Requires-Dist: 3tears
11
+ Requires-Dist: 3tears-agent-acl>=0.1.0
12
+ Requires-Dist: 3tears-agent-tools>=0.5.0
13
+ Requires-Dist: 3tears-nats
14
+ Requires-Dist: 3tears-observe
15
+ Requires-Dist: nats-py>=2.0
16
+ Description-Content-Type: text/markdown
17
+
18
+ # 3tears Registry
19
+
20
+ MCP-compatible tool registry for the 3tears tool system. Routes tool calls between agents and tool pods via NATS request/reply.
21
+
22
+ Part of the [3tears](https://github.com/pacepace/3tears) framework.
23
+
24
+ ## Components
25
+
26
+ - **`ToolCatalog`** -- in-memory index of registered tool pods, backed by a NATS KV bucket for recovery across restarts.
27
+ - **`RegistrationHandler`** -- subscribes to `{ns}.tools.register` and mutates the catalog.
28
+ - **`HeartbeatMonitor`** -- sweeps pods whose heartbeats fell behind the timeout and evicts their endpoints.
29
+ - **`DiscoveryHandler`** -- serves `{ns}.tools.discover` for pod-readiness polling.
30
+ - **`CallProxy`** -- the hot path. Subscribes to `{ns}.tools.call`, authorizes via `AgentToolAuthorizer`, selects an endpoint via the configured `RoutingStrategy`, and forwards the call to the tool pod via NATS request/reply with identity + correlation carried through the `CallContext` envelope.
31
+ - **`RegistryRbacStack`** -- self-contained rbac surface the standalone server constructs against the connected NATS client: NATS-proxy `NamespaceCollection` + four rbac metadata Collections + `AclCache` + invalidation subscribers. The `_run_server()` entry point uses this to wire `RbacEvaluatorAuthorizer` without any host-application loaders, so a standalone server no longer defaults to deny-all.
32
+
33
+ ## Authorization
34
+
35
+ Tool dispatch authorization lives behind the `AgentToolAuthorizer` protocol. Implementations receive the calling agent id, the invoking user id (from `CallContext.user_id`), and the fully qualified tool name, and return a boolean decision.
36
+
37
+ Production deployments wire `RbacEvaluatorAuthorizer` (in `threetears.registry.rbac_authorizer`) which delegates to the unified rbac evaluator from `threetears.agent.acl`:
38
+
39
+ - The platform-side `ToolNamespaceEmitter` listens on `{ns}.tools.register` and upserts a `platform.namespaces` row of type `tool` per tool in every `RegistrationManifest`. The canonical `name` shape is `tools.<sanitized-mcp-name>.<sanitized-version>` (per `build_namespace_name`); `metadata` carries the pre-sanitized natural-identity fields `mcp_name` / `mcp_version` / `pod_id` so downstream pattern matching (the access materializer's agent.yaml `access.tools` patterns) does not need to reverse the sanitization rules.
40
+ - The authorizer resolves the tool namespace via an injected `NamespaceCollection`. The signature is `is_authorized(agent_id, user_id, tool_name, tool_version)`. The implementation builds the canonical lookup key via `build_namespace_name(PLURAL_PREFIX_TOOL, tool_name, tool_version)` rather than passing the raw `mcp_name` directly, so the lookup matches the row the emitter wrote.
41
+ - `evaluate_decision` resolves the two-sided grant chain: user side (groups the invoking user is in) intersected with agent side (groups the calling agent is in, short-circuited by namespace ownership). The decision is cached in `threetears.agent.acl.AclCache` with TTL + fine-grained invalidation; cross-process rbac mutations purge the cache promptly via the `acl.{membership,assignment,role}.invalidate` subjects the `RegistryRbacStack` subscribes to on startup.
42
+
43
+ Defense in depth: when `user_id=None` (tool dispatch without user identity) the authorizer denies unconditionally. When the namespace Collection's `get_by_name` returns `None` (tool registered but namespace row not yet visible) it denies. This catches registration races rather than defaulting to allow.
44
+
45
+ Platform-built-in tools land with `owner_agent_id=NULL, customer_id=NULL`. There is no implicit "anyone can call" behaviour for them. Grants are managed via explicit assignments on the platform-seeded `ToolCaller` role (same pattern as shared-type workspaces).
46
+
47
+ `RbacEvaluatorAuthorizer` is the only authorizer the production server wires: no dual-enforcement window, no back-compat aliases. The declarative `access.tools` expression on `agent.yaml` stays as operator-facing syntax and is translated to RBAC assignments at bootstrap.
48
+
49
+ ## Dev-mode authorizers
50
+
51
+ `AllowAllAuthorizer` permits every dispatch unconditionally, enabled by `THREETEARS_REGISTRY_ALLOW_ALL_TOOLS=true`. Use only in local dev containers when an explicit RBAC bypass is needed.
52
+
53
+ `DenyAllAuthorizer` refuses every dispatch. Available as a panic-button kill switch via `THREETEARS_REGISTRY_FORCE_DENY_ALL=true`. It is also the millisecond-window placeholder the server holds *before* the rbac stack is wired against the live NATS client during `serve()`.
54
+
55
+ ## Standalone entry point
56
+
57
+ ```bash
58
+ python -m threetears.registry
59
+ ```
60
+
61
+ Reads `THREETEARS_NATS_URL` (defaults to `nats://localhost:4222`) and `THREETEARS_NATS_SUBJECT_NAMESPACE` (the NATS subject namespace).
62
+
63
+ By default the entry point wires `RbacEvaluatorAuthorizer` against a self-contained `RegistryRbacStack` (NATS-proxy `NamespaceCollection` + four rbac metadata Collections + `AclCache` + invalidation subscribers). The proxy collections read through the platform broker's `system.platform.rbac` carve-out, so no direct DB credentials are needed. The registry is self-sufficient in any deployment with a reachable platform broker. Optional knobs:
64
+
65
+ - `THREETEARS_REGISTRY_ALLOW_ALL_TOOLS=true` -- bypass the rbac stack entirely (dev only).
66
+ - `THREETEARS_REGISTRY_FORCE_DENY_ALL=true` -- kill switch for misconfigured deployments.
67
+ - `THREETEARS_REGISTRY_ACL_TTL_SECONDS` -- override the AclCache TTL (default 60s).
68
+
69
+ Dispatch flow:
70
+
71
+ ```mermaid
72
+ sequenceDiagram
73
+ participant Agent
74
+ participant Registry
75
+ participant RbacStack
76
+ participant PlatformBroker
77
+ participant ToolPod
78
+
79
+ Agent->>Registry: ProxyCallRequest(tool_name, tool_version, context.user_id)
80
+ Registry->>RbacStack: is_authorized(agent_id, user_id, tool_name, tool_version)
81
+ RbacStack->>RbacStack: build_namespace_name(PLURAL_PREFIX_TOOL, tool_name, tool_version)
82
+ RbacStack->>PlatformBroker: NamespaceCollection.get_by_name (system.platform.rbac proxy)
83
+ PlatformBroker-->>RbacStack: tool namespace row
84
+ RbacStack->>RbacStack: evaluate_decision (user ∩ agent grants)
85
+ RbacStack-->>Registry: True / False
86
+ Registry->>ToolPod: forward call (CallContext echoed)
87
+ ToolPod-->>Registry: CallResponse
88
+ Registry-->>Agent: ProxyCallResponse
89
+ ```
@@ -0,0 +1,72 @@
1
+ # 3tears Registry
2
+
3
+ MCP-compatible tool registry for the 3tears tool system. Routes tool calls between agents and tool pods via NATS request/reply.
4
+
5
+ Part of the [3tears](https://github.com/pacepace/3tears) framework.
6
+
7
+ ## Components
8
+
9
+ - **`ToolCatalog`** -- in-memory index of registered tool pods, backed by a NATS KV bucket for recovery across restarts.
10
+ - **`RegistrationHandler`** -- subscribes to `{ns}.tools.register` and mutates the catalog.
11
+ - **`HeartbeatMonitor`** -- sweeps pods whose heartbeats fell behind the timeout and evicts their endpoints.
12
+ - **`DiscoveryHandler`** -- serves `{ns}.tools.discover` for pod-readiness polling.
13
+ - **`CallProxy`** -- the hot path. Subscribes to `{ns}.tools.call`, authorizes via `AgentToolAuthorizer`, selects an endpoint via the configured `RoutingStrategy`, and forwards the call to the tool pod via NATS request/reply with identity + correlation carried through the `CallContext` envelope.
14
+ - **`RegistryRbacStack`** -- self-contained rbac surface the standalone server constructs against the connected NATS client: NATS-proxy `NamespaceCollection` + four rbac metadata Collections + `AclCache` + invalidation subscribers. The `_run_server()` entry point uses this to wire `RbacEvaluatorAuthorizer` without any host-application loaders, so a standalone server no longer defaults to deny-all.
15
+
16
+ ## Authorization
17
+
18
+ Tool dispatch authorization lives behind the `AgentToolAuthorizer` protocol. Implementations receive the calling agent id, the invoking user id (from `CallContext.user_id`), and the fully qualified tool name, and return a boolean decision.
19
+
20
+ Production deployments wire `RbacEvaluatorAuthorizer` (in `threetears.registry.rbac_authorizer`) which delegates to the unified rbac evaluator from `threetears.agent.acl`:
21
+
22
+ - The platform-side `ToolNamespaceEmitter` listens on `{ns}.tools.register` and upserts a `platform.namespaces` row of type `tool` per tool in every `RegistrationManifest`. The canonical `name` shape is `tools.<sanitized-mcp-name>.<sanitized-version>` (per `build_namespace_name`); `metadata` carries the pre-sanitized natural-identity fields `mcp_name` / `mcp_version` / `pod_id` so downstream pattern matching (the access materializer's agent.yaml `access.tools` patterns) does not need to reverse the sanitization rules.
23
+ - The authorizer resolves the tool namespace via an injected `NamespaceCollection`. The signature is `is_authorized(agent_id, user_id, tool_name, tool_version)`. The implementation builds the canonical lookup key via `build_namespace_name(PLURAL_PREFIX_TOOL, tool_name, tool_version)` rather than passing the raw `mcp_name` directly, so the lookup matches the row the emitter wrote.
24
+ - `evaluate_decision` resolves the two-sided grant chain: user side (groups the invoking user is in) intersected with agent side (groups the calling agent is in, short-circuited by namespace ownership). The decision is cached in `threetears.agent.acl.AclCache` with TTL + fine-grained invalidation; cross-process rbac mutations purge the cache promptly via the `acl.{membership,assignment,role}.invalidate` subjects the `RegistryRbacStack` subscribes to on startup.
25
+
26
+ Defense in depth: when `user_id=None` (tool dispatch without user identity) the authorizer denies unconditionally. When the namespace Collection's `get_by_name` returns `None` (tool registered but namespace row not yet visible) it denies. This catches registration races rather than defaulting to allow.
27
+
28
+ Platform-built-in tools land with `owner_agent_id=NULL, customer_id=NULL`. There is no implicit "anyone can call" behaviour for them. Grants are managed via explicit assignments on the platform-seeded `ToolCaller` role (same pattern as shared-type workspaces).
29
+
30
+ `RbacEvaluatorAuthorizer` is the only authorizer the production server wires: no dual-enforcement window, no back-compat aliases. The declarative `access.tools` expression on `agent.yaml` stays as operator-facing syntax and is translated to RBAC assignments at bootstrap.
31
+
32
+ ## Dev-mode authorizers
33
+
34
+ `AllowAllAuthorizer` permits every dispatch unconditionally, enabled by `THREETEARS_REGISTRY_ALLOW_ALL_TOOLS=true`. Use only in local dev containers when an explicit RBAC bypass is needed.
35
+
36
+ `DenyAllAuthorizer` refuses every dispatch. Available as a panic-button kill switch via `THREETEARS_REGISTRY_FORCE_DENY_ALL=true`. It is also the millisecond-window placeholder the server holds *before* the rbac stack is wired against the live NATS client during `serve()`.
37
+
38
+ ## Standalone entry point
39
+
40
+ ```bash
41
+ python -m threetears.registry
42
+ ```
43
+
44
+ Reads `THREETEARS_NATS_URL` (defaults to `nats://localhost:4222`) and `THREETEARS_NATS_SUBJECT_NAMESPACE` (the NATS subject namespace).
45
+
46
+ By default the entry point wires `RbacEvaluatorAuthorizer` against a self-contained `RegistryRbacStack` (NATS-proxy `NamespaceCollection` + four rbac metadata Collections + `AclCache` + invalidation subscribers). The proxy collections read through the platform broker's `system.platform.rbac` carve-out, so no direct DB credentials are needed. The registry is self-sufficient in any deployment with a reachable platform broker. Optional knobs:
47
+
48
+ - `THREETEARS_REGISTRY_ALLOW_ALL_TOOLS=true` -- bypass the rbac stack entirely (dev only).
49
+ - `THREETEARS_REGISTRY_FORCE_DENY_ALL=true` -- kill switch for misconfigured deployments.
50
+ - `THREETEARS_REGISTRY_ACL_TTL_SECONDS` -- override the AclCache TTL (default 60s).
51
+
52
+ Dispatch flow:
53
+
54
+ ```mermaid
55
+ sequenceDiagram
56
+ participant Agent
57
+ participant Registry
58
+ participant RbacStack
59
+ participant PlatformBroker
60
+ participant ToolPod
61
+
62
+ Agent->>Registry: ProxyCallRequest(tool_name, tool_version, context.user_id)
63
+ Registry->>RbacStack: is_authorized(agent_id, user_id, tool_name, tool_version)
64
+ RbacStack->>RbacStack: build_namespace_name(PLURAL_PREFIX_TOOL, tool_name, tool_version)
65
+ RbacStack->>PlatformBroker: NamespaceCollection.get_by_name (system.platform.rbac proxy)
66
+ PlatformBroker-->>RbacStack: tool namespace row
67
+ RbacStack->>RbacStack: evaluate_decision (user ∩ agent grants)
68
+ RbacStack-->>Registry: True / False
69
+ Registry->>ToolPod: forward call (CallContext echoed)
70
+ ToolPod-->>Registry: CallResponse
71
+ Registry-->>Agent: ProxyCallResponse
72
+ ```
@@ -0,0 +1,34 @@
1
+ [build-system]
2
+ requires = ["hatchling"]
3
+ build-backend = "hatchling.build"
4
+
5
+ [project]
6
+ name = "3tears-registry"
7
+ version = "0.14.0"
8
+ description = "MCP-compatible tool registry for 3tears tool system"
9
+ readme = "README.md"
10
+ requires-python = ">=3.14"
11
+ authors = [{name = "pace"}]
12
+ license = "MIT"
13
+ license-files = ["LICENSE"]
14
+ dependencies = [
15
+ "3tears",
16
+ "3tears-agent-acl>=0.1.0",
17
+ "3tears-agent-tools>=0.5.0",
18
+ "3tears-nats",
19
+ "3tears-observe",
20
+ "nats-py>=2.0",
21
+ ]
22
+
23
+ [project.urls]
24
+ Repository = "https://github.com/pacepace/3tears"
25
+
26
+ [tool.hatch.build.targets.wheel]
27
+ packages = ["src/threetears"]
28
+
29
+ [tool.uv.sources]
30
+ 3tears = { workspace = true }
31
+ 3tears-agent-acl = { workspace = true }
32
+ 3tears-agent-tools = { workspace = true }
33
+ 3tears-nats = { workspace = true }
34
+ 3tears-observe = { workspace = true }
@@ -0,0 +1,68 @@
1
+ """3tears-registry: MCP-compatible tool registry for 3tears tool system."""
2
+
3
+ from __future__ import annotations
4
+
5
+ # Version derived from pyproject.toml so the metadata is the single
6
+ # source of truth -- a future release that bumps pyproject without
7
+ # updating ``__init__.py`` can't drift the runtime ``__version__``.
8
+ # The except guard handles the rare case where the package isn't
9
+ # installed via importlib.metadata (e.g. running directly from a
10
+ # checked-out source tree without ``uv sync``); the fallback keeps
11
+ # imports working but reports ``unknown`` rather than crashing.
12
+ from importlib.metadata import PackageNotFoundError as _PackageNotFoundError
13
+ from importlib.metadata import version as _version
14
+
15
+ try:
16
+ __version__ = _version("3tears-registry")
17
+ except _PackageNotFoundError: # pragma: no cover - dev fallback
18
+ __version__ = "unknown"
19
+
20
+ from threetears.registry.auth import (
21
+ AgentToolAuthorizer,
22
+ AllowAllAuthorizer,
23
+ DenyAllAuthorizer,
24
+ ToolPodAuth,
25
+ ToolPodAuthenticator,
26
+ )
27
+ from threetears.registry.catalog import CatalogEntry, ToolCatalog, ToolEndpoint
28
+ from threetears.registry.discovery import DiscoveryHandler
29
+ from threetears.registry.entities import HeartbeatEntity
30
+ from threetears.registry.health import HeartbeatSubscriber
31
+ from threetears.registry.heartbeat_collection import HeartbeatCollection
32
+ from threetears.registry.l1_cache import (
33
+ REGISTRY_L1_METADATA,
34
+ REGISTRY_L1_TABLE_NAMES,
35
+ create_registry_l1_backend,
36
+ pod_heartbeats_table,
37
+ )
38
+ from threetears.registry.proxy import CallProxy
39
+ from threetears.registry.rbac_authorizer import RbacEvaluatorAuthorizer
40
+ from threetears.registry.registration import RegistrationHandler, RegistrationResponse
41
+ from threetears.registry.routing import LeastConnectionsStrategy, RoutingStrategy
42
+ from threetears.registry.server import RegistryServer
43
+
44
+ __all__ = [
45
+ "AgentToolAuthorizer",
46
+ "AllowAllAuthorizer",
47
+ "CallProxy",
48
+ "CatalogEntry",
49
+ "DenyAllAuthorizer",
50
+ "DiscoveryHandler",
51
+ "HeartbeatCollection",
52
+ "HeartbeatEntity",
53
+ "HeartbeatSubscriber",
54
+ "LeastConnectionsStrategy",
55
+ "REGISTRY_L1_METADATA",
56
+ "REGISTRY_L1_TABLE_NAMES",
57
+ "RbacEvaluatorAuthorizer",
58
+ "RegistrationHandler",
59
+ "RegistrationResponse",
60
+ "RegistryServer",
61
+ "RoutingStrategy",
62
+ "ToolCatalog",
63
+ "ToolEndpoint",
64
+ "ToolPodAuth",
65
+ "ToolPodAuthenticator",
66
+ "create_registry_l1_backend",
67
+ "pod_heartbeats_table",
68
+ ]
@@ -0,0 +1,7 @@
1
+ """entry point for ``python -m threetears.registry``."""
2
+
3
+ from __future__ import annotations
4
+
5
+ from threetears.registry.server import _run_server
6
+
7
+ _run_server()