agent_os_kernel 3.1.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- agent_control_plane/__init__.py +662 -0
- agent_control_plane/a2a_adapter.py +543 -0
- agent_control_plane/adapter.py +417 -0
- agent_control_plane/agent_hibernation.py +394 -0
- agent_control_plane/agent_kernel.py +470 -0
- agent_control_plane/compliance.py +720 -0
- agent_control_plane/constraint_graphs.py +478 -0
- agent_control_plane/control_plane.py +854 -0
- agent_control_plane/example_executors.py +195 -0
- agent_control_plane/execution_engine.py +231 -0
- agent_control_plane/flight_recorder.py +846 -0
- agent_control_plane/governance_layer.py +435 -0
- agent_control_plane/hf_utils.py +563 -0
- agent_control_plane/interfaces/__init__.py +55 -0
- agent_control_plane/interfaces/kernel_interface.py +361 -0
- agent_control_plane/interfaces/plugin_interface.py +497 -0
- agent_control_plane/interfaces/protocol_interfaces.py +387 -0
- agent_control_plane/kernel_space.py +1009 -0
- agent_control_plane/langchain_adapter.py +424 -0
- agent_control_plane/lifecycle.py +3113 -0
- agent_control_plane/mcp_adapter.py +653 -0
- agent_control_plane/ml_safety.py +563 -0
- agent_control_plane/multimodal.py +727 -0
- agent_control_plane/mute_agent.py +422 -0
- agent_control_plane/observability.py +787 -0
- agent_control_plane/orchestrator.py +482 -0
- agent_control_plane/plugin_registry.py +750 -0
- agent_control_plane/policy_engine.py +954 -0
- agent_control_plane/process_isolation.py +777 -0
- agent_control_plane/shadow_mode.py +310 -0
- agent_control_plane/signals.py +493 -0
- agent_control_plane/supervisor_agents.py +430 -0
- agent_control_plane/time_travel_debugger.py +557 -0
- agent_control_plane/tool_registry.py +452 -0
- agent_control_plane/vfs.py +697 -0
- agent_kernel/__init__.py +69 -0
- agent_kernel/analyzer.py +435 -0
- agent_kernel/auditor.py +36 -0
- agent_kernel/completeness_auditor.py +237 -0
- agent_kernel/detector.py +203 -0
- agent_kernel/kernel.py +744 -0
- agent_kernel/memory_manager.py +85 -0
- agent_kernel/models.py +374 -0
- agent_kernel/nudge_mechanism.py +263 -0
- agent_kernel/outcome_analyzer.py +338 -0
- agent_kernel/patcher.py +582 -0
- agent_kernel/semantic_analyzer.py +316 -0
- agent_kernel/semantic_purge.py +349 -0
- agent_kernel/simulator.py +449 -0
- agent_kernel/teacher.py +85 -0
- agent_kernel/triage.py +152 -0
- agent_os/__init__.py +409 -0
- agent_os/_adversarial_impl.py +200 -0
- agent_os/_circuit_breaker_impl.py +232 -0
- agent_os/_mcp_metrics.py +193 -0
- agent_os/adversarial.py +20 -0
- agent_os/agents_compat.py +490 -0
- agent_os/audit_logger.py +135 -0
- agent_os/base_agent.py +651 -0
- agent_os/circuit_breaker.py +34 -0
- agent_os/cli/__init__.py +659 -0
- agent_os/cli/cmd_audit.py +128 -0
- agent_os/cli/cmd_init.py +152 -0
- agent_os/cli/cmd_policy.py +41 -0
- agent_os/cli/cmd_policy_gen.py +180 -0
- agent_os/cli/cmd_validate.py +258 -0
- agent_os/cli/mcp_scan.py +265 -0
- agent_os/cli/output.py +192 -0
- agent_os/cli/policy_checker.py +330 -0
- agent_os/compat.py +74 -0
- agent_os/constraint_graph.py +234 -0
- agent_os/content_governance.py +140 -0
- agent_os/context_budget.py +305 -0
- agent_os/credential_redactor.py +224 -0
- agent_os/diff_policy.py +89 -0
- agent_os/egress_policy.py +159 -0
- agent_os/escalation.py +276 -0
- agent_os/event_bus.py +124 -0
- agent_os/exceptions.py +180 -0
- agent_os/execution_context_policy.py +141 -0
- agent_os/github_enterprise.py +96 -0
- agent_os/health.py +20 -0
- agent_os/integrations/__init__.py +279 -0
- agent_os/integrations/a2a_adapter.py +279 -0
- agent_os/integrations/agent_lightning/__init__.py +30 -0
- agent_os/integrations/anthropic_adapter.py +420 -0
- agent_os/integrations/autogen_adapter.py +620 -0
- agent_os/integrations/base.py +1137 -0
- agent_os/integrations/compat.py +229 -0
- agent_os/integrations/config.py +98 -0
- agent_os/integrations/conversation_guardian.py +957 -0
- agent_os/integrations/crewai_adapter.py +467 -0
- agent_os/integrations/drift_detector.py +425 -0
- agent_os/integrations/dry_run.py +124 -0
- agent_os/integrations/escalation.py +582 -0
- agent_os/integrations/gemini_adapter.py +364 -0
- agent_os/integrations/google_adk_adapter.py +633 -0
- agent_os/integrations/guardrails_adapter.py +394 -0
- agent_os/integrations/health.py +197 -0
- agent_os/integrations/langchain_adapter.py +654 -0
- agent_os/integrations/llamafirewall.py +343 -0
- agent_os/integrations/llamaindex_adapter.py +188 -0
- agent_os/integrations/logging.py +191 -0
- agent_os/integrations/maf_adapter.py +631 -0
- agent_os/integrations/mistral_adapter.py +365 -0
- agent_os/integrations/openai_adapter.py +816 -0
- agent_os/integrations/openai_agents_sdk.py +406 -0
- agent_os/integrations/policy_compose.py +171 -0
- agent_os/integrations/profiling.py +144 -0
- agent_os/integrations/pydantic_ai_adapter.py +420 -0
- agent_os/integrations/rate_limiter.py +130 -0
- agent_os/integrations/rbac.py +143 -0
- agent_os/integrations/registry.py +113 -0
- agent_os/integrations/scope_guard.py +303 -0
- agent_os/integrations/semantic_kernel_adapter.py +769 -0
- agent_os/integrations/smolagents_adapter.py +629 -0
- agent_os/integrations/templates.py +178 -0
- agent_os/integrations/token_budget.py +134 -0
- agent_os/integrations/tool_aliases.py +190 -0
- agent_os/integrations/webhooks.py +177 -0
- agent_os/lite.py +208 -0
- agent_os/mcp_gateway.py +385 -0
- agent_os/mcp_message_signer.py +273 -0
- agent_os/mcp_protocols.py +161 -0
- agent_os/mcp_response_scanner.py +232 -0
- agent_os/mcp_security.py +924 -0
- agent_os/mcp_session_auth.py +231 -0
- agent_os/mcp_sliding_rate_limiter.py +184 -0
- agent_os/memory_guard.py +409 -0
- agent_os/metrics.py +134 -0
- agent_os/mute.py +428 -0
- agent_os/mute_agent.py +209 -0
- agent_os/policies/__init__.py +77 -0
- agent_os/policies/async_evaluator.py +275 -0
- agent_os/policies/backends.py +670 -0
- agent_os/policies/bridge.py +169 -0
- agent_os/policies/budget.py +85 -0
- agent_os/policies/cli.py +294 -0
- agent_os/policies/conflict_resolution.py +270 -0
- agent_os/policies/data_classification.py +252 -0
- agent_os/policies/evaluator.py +239 -0
- agent_os/policies/policy_schema.json +228 -0
- agent_os/policies/rate_limiting.py +145 -0
- agent_os/policies/schema.py +115 -0
- agent_os/policies/shared.py +331 -0
- agent_os/prompt_injection.py +694 -0
- agent_os/providers.py +182 -0
- agent_os/py.typed +0 -0
- agent_os/retry.py +81 -0
- agent_os/reversibility.py +251 -0
- agent_os/sandbox.py +432 -0
- agent_os/sandbox_provider.py +140 -0
- agent_os/secure_codegen.py +525 -0
- agent_os/security_skills.py +538 -0
- agent_os/semantic_policy.py +422 -0
- agent_os/server/__init__.py +15 -0
- agent_os/server/__main__.py +25 -0
- agent_os/server/app.py +277 -0
- agent_os/server/models.py +104 -0
- agent_os/shift_left_metrics.py +130 -0
- agent_os/stateless.py +742 -0
- agent_os/supervisor.py +148 -0
- agent_os/task_outcome.py +148 -0
- agent_os/transparency.py +181 -0
- agent_os/trust_root.py +128 -0
- agent_os_kernel-3.1.0.dist-info/METADATA +1269 -0
- agent_os_kernel-3.1.0.dist-info/RECORD +337 -0
- agent_os_kernel-3.1.0.dist-info/WHEEL +4 -0
- agent_os_kernel-3.1.0.dist-info/entry_points.txt +2 -0
- agent_os_kernel-3.1.0.dist-info/licenses/LICENSE +21 -0
- agent_os_observability/__init__.py +27 -0
- agent_os_observability/dashboards.py +898 -0
- agent_os_observability/metrics.py +398 -0
- agent_os_observability/server.py +223 -0
- agent_os_observability/tracer.py +232 -0
- agent_primitives/__init__.py +24 -0
- agent_primitives/failures.py +84 -0
- agent_primitives/py.typed +0 -0
- amb_core/__init__.py +177 -0
- amb_core/adapters/__init__.py +57 -0
- amb_core/adapters/aws_sqs_broker.py +376 -0
- amb_core/adapters/azure_servicebus_broker.py +340 -0
- amb_core/adapters/kafka_broker.py +260 -0
- amb_core/adapters/nats_broker.py +285 -0
- amb_core/adapters/rabbitmq_broker.py +235 -0
- amb_core/adapters/redis_broker.py +262 -0
- amb_core/broker.py +145 -0
- amb_core/bus.py +481 -0
- amb_core/cloudevents.py +509 -0
- amb_core/dlq.py +345 -0
- amb_core/hf_utils.py +536 -0
- amb_core/memory_broker.py +410 -0
- amb_core/models.py +141 -0
- amb_core/persistence.py +529 -0
- amb_core/schema.py +294 -0
- amb_core/tracing.py +358 -0
- atr/__init__.py +640 -0
- atr/access.py +348 -0
- atr/composition.py +645 -0
- atr/decorator.py +357 -0
- atr/executor.py +384 -0
- atr/health.py +557 -0
- atr/hf_utils.py +449 -0
- atr/injection.py +422 -0
- atr/metrics.py +440 -0
- atr/policies.py +403 -0
- atr/py.typed +2 -0
- atr/registry.py +452 -0
- atr/schema.py +480 -0
- atr/tools/safe/__init__.py +75 -0
- atr/tools/safe/calculator.py +467 -0
- atr/tools/safe/datetime_tool.py +443 -0
- atr/tools/safe/file_reader.py +402 -0
- atr/tools/safe/http_client.py +316 -0
- atr/tools/safe/json_parser.py +374 -0
- atr/tools/safe/text_tool.py +537 -0
- atr/tools/safe/toolkit.py +175 -0
- caas/__init__.py +162 -0
- caas/api/__init__.py +7 -0
- caas/api/server.py +1328 -0
- caas/caching.py +834 -0
- caas/cli.py +210 -0
- caas/conversation.py +223 -0
- caas/decay.py +72 -0
- caas/detection/__init__.py +9 -0
- caas/detection/detector.py +238 -0
- caas/enrichment.py +130 -0
- caas/gateway/__init__.py +27 -0
- caas/gateway/trust_gateway.py +474 -0
- caas/hf_utils.py +479 -0
- caas/ingestion/__init__.py +23 -0
- caas/ingestion/processors.py +253 -0
- caas/ingestion/structure_parser.py +188 -0
- caas/models.py +356 -0
- caas/pragmatic_truth.py +444 -0
- caas/routing/__init__.py +10 -0
- caas/routing/heuristic_router.py +58 -0
- caas/storage/__init__.py +9 -0
- caas/storage/store.py +389 -0
- caas/triad.py +213 -0
- caas/tuning/__init__.py +9 -0
- caas/tuning/tuner.py +329 -0
- caas/vfs/__init__.py +14 -0
- caas/vfs/filesystem.py +452 -0
- cmvk/__init__.py +218 -0
- cmvk/audit.py +402 -0
- cmvk/benchmarks.py +478 -0
- cmvk/constitutional.py +904 -0
- cmvk/hf_utils.py +301 -0
- cmvk/metrics.py +473 -0
- cmvk/profiles.py +300 -0
- cmvk/py.typed +0 -0
- cmvk/types.py +12 -0
- cmvk/verification.py +956 -0
- emk/__init__.py +89 -0
- emk/causal.py +352 -0
- emk/hf_utils.py +421 -0
- emk/indexer.py +83 -0
- emk/py.typed +0 -0
- emk/schema.py +204 -0
- emk/sleep_cycle.py +347 -0
- emk/store.py +281 -0
- iatp/__init__.py +166 -0
- iatp/attestation.py +461 -0
- iatp/cli.py +317 -0
- iatp/hf_utils.py +472 -0
- iatp/ipc_pipes.py +580 -0
- iatp/main.py +412 -0
- iatp/models/__init__.py +447 -0
- iatp/policy_engine.py +337 -0
- iatp/py.typed +2 -0
- iatp/recovery.py +321 -0
- iatp/security/__init__.py +270 -0
- iatp/sidecar/__init__.py +519 -0
- iatp/telemetry/__init__.py +164 -0
- iatp/tests/__init__.py +1 -0
- iatp/tests/test_attestation.py +370 -0
- iatp/tests/test_cli.py +131 -0
- iatp/tests/test_ed25519_attestation.py +211 -0
- iatp/tests/test_models.py +130 -0
- iatp/tests/test_policy_engine.py +347 -0
- iatp/tests/test_recovery.py +281 -0
- iatp/tests/test_security.py +222 -0
- iatp/tests/test_sidecar.py +167 -0
- iatp/tests/test_telemetry.py +175 -0
- mcp_kernel_server/__init__.py +28 -0
- mcp_kernel_server/cli.py +274 -0
- mcp_kernel_server/resources.py +217 -0
- mcp_kernel_server/server.py +564 -0
- mcp_kernel_server/tools.py +1174 -0
- mute_agent/__init__.py +68 -0
- mute_agent/core/__init__.py +1 -0
- mute_agent/core/execution_agent.py +166 -0
- mute_agent/core/handshake_protocol.py +201 -0
- mute_agent/core/reasoning_agent.py +238 -0
- mute_agent/knowledge_graph/__init__.py +1 -0
- mute_agent/knowledge_graph/graph_elements.py +65 -0
- mute_agent/knowledge_graph/multidimensional_graph.py +170 -0
- mute_agent/knowledge_graph/subgraph.py +224 -0
- mute_agent/listener/__init__.py +43 -0
- mute_agent/listener/adapters/__init__.py +31 -0
- mute_agent/listener/adapters/base_adapter.py +189 -0
- mute_agent/listener/adapters/caas_adapter.py +344 -0
- mute_agent/listener/adapters/control_plane_adapter.py +436 -0
- mute_agent/listener/adapters/iatp_adapter.py +332 -0
- mute_agent/listener/adapters/scak_adapter.py +251 -0
- mute_agent/listener/listener.py +610 -0
- mute_agent/listener/state_observer.py +436 -0
- mute_agent/listener/threshold_config.py +313 -0
- mute_agent/super_system/__init__.py +1 -0
- mute_agent/super_system/router.py +204 -0
- mute_agent/visualization/__init__.py +10 -0
- mute_agent/visualization/graph_debugger.py +502 -0
- nexus/README.md +60 -0
- nexus/__init__.py +51 -0
- nexus/arbiter.py +359 -0
- nexus/client.py +466 -0
- nexus/dmz.py +444 -0
- nexus/escrow.py +430 -0
- nexus/exceptions.py +286 -0
- nexus/pyproject.toml +36 -0
- nexus/registry.py +393 -0
- nexus/reputation.py +425 -0
- nexus/schemas/__init__.py +51 -0
- nexus/schemas/compliance.py +276 -0
- nexus/schemas/escrow.py +251 -0
- nexus/schemas/manifest.py +225 -0
- nexus/schemas/receipt.py +208 -0
- nexus/tests/__init__.py +0 -0
- nexus/tests/conftest.py +146 -0
- nexus/tests/test_arbiter.py +192 -0
- nexus/tests/test_dmz.py +194 -0
- nexus/tests/test_escrow.py +276 -0
- nexus/tests/test_exceptions.py +225 -0
- nexus/tests/test_registry.py +232 -0
- nexus/tests/test_reputation.py +328 -0
- nexus/tests/test_schemas.py +295 -0
|
@@ -0,0 +1,854 @@
|
|
|
1
|
+
# Copyright (c) Microsoft Corporation.
|
|
2
|
+
# Licensed under the MIT License.
|
|
3
|
+
|
|
4
|
+
"""
|
|
5
|
+
Agent Control Plane - Main Interface
|
|
6
|
+
|
|
7
|
+
Layer 3: The Framework - The Governance Layer
|
|
8
|
+
|
|
9
|
+
The main control plane that integrates all components:
|
|
10
|
+
- Agent Kernel (via KernelInterface for dependency injection)
|
|
11
|
+
- Policy Engine
|
|
12
|
+
- Execution Engine
|
|
13
|
+
- Audit System
|
|
14
|
+
- Shadow Mode (simulation)
|
|
15
|
+
- Validators (via ValidatorInterface - MuteAgent pattern is now optional)
|
|
16
|
+
- Constraint Graphs (multi-dimensional)
|
|
17
|
+
- Supervisor Agents (via SupervisorInterface)
|
|
18
|
+
|
|
19
|
+
Allowed Dependencies:
|
|
20
|
+
- iatp (for message security)
|
|
21
|
+
- cmvk (for verification)
|
|
22
|
+
- caas (for context routing)
|
|
23
|
+
|
|
24
|
+
Forbidden Dependencies:
|
|
25
|
+
- scak (should implement KernelInterface instead)
|
|
26
|
+
- mute-agent as hard dependency (should use ValidatorInterface)
|
|
27
|
+
|
|
28
|
+
Pattern: Components are injected at runtime via PluginRegistry.
|
|
29
|
+
"""
|
|
30
|
+
|
|
31
|
+
from typing import Dict, List, Optional, Any, Union
|
|
32
|
+
from datetime import datetime
|
|
33
|
+
import warnings
|
|
34
|
+
|
|
35
|
+
from .agent_kernel import (
|
|
36
|
+
AgentKernel, AgentContext, ExecutionRequest, ExecutionResult,
|
|
37
|
+
ActionType, PermissionLevel, PolicyRule, ExecutionStatus
|
|
38
|
+
)
|
|
39
|
+
from .policy_engine import PolicyEngine, ResourceQuota, RiskPolicy, create_default_policies
|
|
40
|
+
from .execution_engine import (
|
|
41
|
+
ExecutionEngine, ExecutionContext, SandboxLevel
|
|
42
|
+
)
|
|
43
|
+
from .example_executors import (
|
|
44
|
+
file_read_executor, code_execution_executor, api_call_executor
|
|
45
|
+
)
|
|
46
|
+
from .shadow_mode import ShadowModeExecutor, ShadowModeConfig, ReasoningStep
|
|
47
|
+
from .constraint_graphs import (
|
|
48
|
+
DataGraph, PolicyGraph, TemporalGraph, ConstraintGraphValidator
|
|
49
|
+
)
|
|
50
|
+
from .supervisor_agents import SupervisorAgent, SupervisorNetwork
|
|
51
|
+
from .agent_hibernation import HibernationManager, HibernationConfig
|
|
52
|
+
from .time_travel_debugger import TimeTravelDebugger, TimeTravelConfig
|
|
53
|
+
|
|
54
|
+
# Import interfaces for dependency injection
|
|
55
|
+
from .interfaces.kernel_interface import KernelInterface, KernelCapability
|
|
56
|
+
from .interfaces.plugin_interface import (
|
|
57
|
+
ValidatorInterface,
|
|
58
|
+
ExecutorInterface,
|
|
59
|
+
ContextRouterInterface,
|
|
60
|
+
SupervisorInterface,
|
|
61
|
+
ValidationResult,
|
|
62
|
+
)
|
|
63
|
+
from .interfaces.protocol_interfaces import (
|
|
64
|
+
MessageSecurityInterface,
|
|
65
|
+
VerificationInterface,
|
|
66
|
+
ContextRoutingInterface,
|
|
67
|
+
)
|
|
68
|
+
|
|
69
|
+
# Import plugin registry for dependency injection
|
|
70
|
+
from .plugin_registry import PluginRegistry, PluginType, get_registry
|
|
71
|
+
|
|
72
|
+
# Import mute_agent for backward compatibility (deprecated pattern)
|
|
73
|
+
# New code should use PluginRegistry to register validators
|
|
74
|
+
from .mute_agent import MuteAgentValidator, MuteAgentConfig
|
|
75
|
+
|
|
76
|
+
|
|
77
|
+
class AgentControlPlane:
|
|
78
|
+
"""
|
|
79
|
+
Agent Control Plane - Main interface for governed agent execution
|
|
80
|
+
|
|
81
|
+
Layer 3: The Framework - The Governance Layer
|
|
82
|
+
|
|
83
|
+
This is the primary interface for applications to interact with
|
|
84
|
+
the control plane. It integrates all governance, safety, and
|
|
85
|
+
execution components including:
|
|
86
|
+
- Shadow Mode for simulation
|
|
87
|
+
- Validators (via ValidatorInterface - replaces hard-coded Mute Agent)
|
|
88
|
+
- Constraint Graphs for multi-dimensional context
|
|
89
|
+
- Supervisor Agents (via SupervisorInterface)
|
|
90
|
+
|
|
91
|
+
Dependency Injection:
|
|
92
|
+
Components can be injected via the PluginRegistry:
|
|
93
|
+
|
|
94
|
+
```python
|
|
95
|
+
from agent_control_plane import AgentControlPlane, PluginRegistry
|
|
96
|
+
|
|
97
|
+
# Get the registry
|
|
98
|
+
registry = PluginRegistry()
|
|
99
|
+
|
|
100
|
+
# Register custom kernel (e.g., SCAK)
|
|
101
|
+
registry.register_kernel(my_custom_kernel)
|
|
102
|
+
|
|
103
|
+
# Register validators
|
|
104
|
+
registry.register_validator(my_validator, action_types=["code_execution"])
|
|
105
|
+
|
|
106
|
+
# Create control plane (will use registered components)
|
|
107
|
+
control_plane = AgentControlPlane(use_plugin_registry=True)
|
|
108
|
+
```
|
|
109
|
+
|
|
110
|
+
Allowed Protocol Dependencies:
|
|
111
|
+
- iatp: Inter-Agent Transport Protocol (message security)
|
|
112
|
+
- cmvk: Cryptographic Message Verification Kit
|
|
113
|
+
- caas: Context-as-a-Service (context routing)
|
|
114
|
+
"""
|
|
115
|
+
|
|
116
|
+
def __init__(
|
|
117
|
+
self,
|
|
118
|
+
enable_default_policies: bool = True,
|
|
119
|
+
enable_shadow_mode: bool = False,
|
|
120
|
+
enable_constraint_graphs: bool = False,
|
|
121
|
+
enable_hibernation: bool = False,
|
|
122
|
+
enable_time_travel: bool = False,
|
|
123
|
+
use_plugin_registry: bool = False,
|
|
124
|
+
kernel: Optional[KernelInterface] = None,
|
|
125
|
+
validators: Optional[List[ValidatorInterface]] = None,
|
|
126
|
+
context_router: Optional[Union[ContextRouterInterface, ContextRoutingInterface]] = None,
|
|
127
|
+
message_security: Optional[MessageSecurityInterface] = None,
|
|
128
|
+
verifier: Optional[VerificationInterface] = None,
|
|
129
|
+
hibernation_config: Optional[HibernationConfig] = None,
|
|
130
|
+
time_travel_config: Optional[TimeTravelConfig] = None,
|
|
131
|
+
):
|
|
132
|
+
"""
|
|
133
|
+
Initialize the Agent Control Plane.
|
|
134
|
+
|
|
135
|
+
Args:
|
|
136
|
+
enable_default_policies: Whether to load default security policies
|
|
137
|
+
enable_shadow_mode: Whether to enable shadow/simulation mode
|
|
138
|
+
enable_constraint_graphs: Whether to enable constraint graph validation
|
|
139
|
+
enable_hibernation: Whether to enable agent hibernation (serverless agents)
|
|
140
|
+
enable_time_travel: Whether to enable time-travel debugging
|
|
141
|
+
use_plugin_registry: If True, use components from PluginRegistry
|
|
142
|
+
kernel: Optional custom kernel implementing KernelInterface
|
|
143
|
+
validators: Optional list of validators implementing ValidatorInterface
|
|
144
|
+
context_router: Optional context router for caas integration
|
|
145
|
+
message_security: Optional message security provider for iatp integration
|
|
146
|
+
verifier: Optional verifier for cmvk integration
|
|
147
|
+
hibernation_config: Optional configuration for hibernation
|
|
148
|
+
time_travel_config: Optional configuration for time-travel debugging
|
|
149
|
+
"""
|
|
150
|
+
# Plugin registry integration
|
|
151
|
+
self._use_plugin_registry = use_plugin_registry
|
|
152
|
+
self._registry = get_registry() if use_plugin_registry else None
|
|
153
|
+
|
|
154
|
+
# Use injected kernel or fall back to default AgentKernel
|
|
155
|
+
if kernel is not None:
|
|
156
|
+
self._custom_kernel = kernel
|
|
157
|
+
# Wrap custom kernel in compatibility layer
|
|
158
|
+
self.kernel = AgentKernel() # Default for now, custom kernel used via interface
|
|
159
|
+
elif use_plugin_registry and self._registry:
|
|
160
|
+
registered_kernel = self._registry.get_kernel()
|
|
161
|
+
self._custom_kernel = registered_kernel
|
|
162
|
+
self.kernel = AgentKernel() # Default fallback
|
|
163
|
+
else:
|
|
164
|
+
self._custom_kernel = None
|
|
165
|
+
self.kernel = AgentKernel()
|
|
166
|
+
|
|
167
|
+
self.policy_engine = PolicyEngine()
|
|
168
|
+
self.execution_engine = ExecutionEngine()
|
|
169
|
+
|
|
170
|
+
# Wire the policy engine into the kernel so intercept_tool_execution works
|
|
171
|
+
self.kernel.policy_engine = self.policy_engine
|
|
172
|
+
|
|
173
|
+
# Shadow Mode for simulation
|
|
174
|
+
self.shadow_mode_enabled = enable_shadow_mode
|
|
175
|
+
self.shadow_executor = ShadowModeExecutor(ShadowModeConfig(enabled=enable_shadow_mode))
|
|
176
|
+
|
|
177
|
+
# Validators (replaces hard-coded mute_validators)
|
|
178
|
+
# Support both legacy MuteAgentValidator and new ValidatorInterface
|
|
179
|
+
self.mute_validators: Dict[str, MuteAgentValidator] = {} # Legacy support
|
|
180
|
+
self._validators: List[ValidatorInterface] = [] # New interface-based validators
|
|
181
|
+
|
|
182
|
+
if validators:
|
|
183
|
+
self._validators.extend(validators)
|
|
184
|
+
elif use_plugin_registry and self._registry:
|
|
185
|
+
self._validators.extend(self._registry.get_all_validators())
|
|
186
|
+
|
|
187
|
+
# Protocol integrations (iatp, cmvk, caas)
|
|
188
|
+
self._context_router = context_router
|
|
189
|
+
self._message_security = message_security
|
|
190
|
+
self._verifier = verifier
|
|
191
|
+
|
|
192
|
+
if use_plugin_registry and self._registry:
|
|
193
|
+
if not self._context_router:
|
|
194
|
+
self._context_router = self._registry.get_context_router()
|
|
195
|
+
if not self._message_security:
|
|
196
|
+
self._message_security = self._registry.get_message_security()
|
|
197
|
+
if not self._verifier:
|
|
198
|
+
self._verifier = self._registry.get_verifier()
|
|
199
|
+
|
|
200
|
+
# Constraint Graphs
|
|
201
|
+
self.constraint_graphs_enabled = enable_constraint_graphs
|
|
202
|
+
if enable_constraint_graphs:
|
|
203
|
+
self.data_graph = DataGraph()
|
|
204
|
+
self.policy_graph = PolicyGraph()
|
|
205
|
+
self.temporal_graph = TemporalGraph()
|
|
206
|
+
self.constraint_validator = ConstraintGraphValidator(
|
|
207
|
+
self.data_graph,
|
|
208
|
+
self.policy_graph,
|
|
209
|
+
self.temporal_graph
|
|
210
|
+
)
|
|
211
|
+
else:
|
|
212
|
+
self.data_graph = None
|
|
213
|
+
self.policy_graph = None
|
|
214
|
+
self.temporal_graph = None
|
|
215
|
+
self.constraint_validator = None
|
|
216
|
+
|
|
217
|
+
# Supervisor Network
|
|
218
|
+
self.supervisor_network = SupervisorNetwork()
|
|
219
|
+
|
|
220
|
+
# Agent Hibernation (Serverless Agents)
|
|
221
|
+
self.hibernation_enabled = enable_hibernation
|
|
222
|
+
if enable_hibernation:
|
|
223
|
+
self.hibernation_manager = HibernationManager(hibernation_config or HibernationConfig())
|
|
224
|
+
else:
|
|
225
|
+
self.hibernation_manager = None
|
|
226
|
+
|
|
227
|
+
# Time-Travel Debugging
|
|
228
|
+
self.time_travel_enabled = enable_time_travel
|
|
229
|
+
if enable_time_travel:
|
|
230
|
+
# Pass FlightRecorder if kernel has audit_logger
|
|
231
|
+
flight_recorder = getattr(self.kernel, 'audit_logger', None)
|
|
232
|
+
self.time_travel_debugger = TimeTravelDebugger(
|
|
233
|
+
flight_recorder=flight_recorder,
|
|
234
|
+
config=time_travel_config or TimeTravelConfig()
|
|
235
|
+
)
|
|
236
|
+
else:
|
|
237
|
+
self.time_travel_debugger = None
|
|
238
|
+
|
|
239
|
+
# Register default executors
|
|
240
|
+
self._register_default_executors()
|
|
241
|
+
|
|
242
|
+
# Add default policies if requested
|
|
243
|
+
if enable_default_policies:
|
|
244
|
+
self._add_default_policies()
|
|
245
|
+
|
|
246
|
+
def create_agent(
|
|
247
|
+
self,
|
|
248
|
+
agent_id: str,
|
|
249
|
+
permissions: Optional[Dict[ActionType, PermissionLevel]] = None,
|
|
250
|
+
quota: Optional[ResourceQuota] = None
|
|
251
|
+
) -> AgentContext:
|
|
252
|
+
"""
|
|
253
|
+
Create a new agent with specified permissions and quotas
|
|
254
|
+
|
|
255
|
+
Args:
|
|
256
|
+
agent_id: Unique identifier for the agent
|
|
257
|
+
permissions: Dictionary of action types to permission levels
|
|
258
|
+
quota: Resource quota for the agent
|
|
259
|
+
|
|
260
|
+
Returns:
|
|
261
|
+
AgentContext for the created agent session
|
|
262
|
+
"""
|
|
263
|
+
# Create agent session in kernel
|
|
264
|
+
context = self.kernel.create_agent_session(agent_id, permissions)
|
|
265
|
+
|
|
266
|
+
# Set quota if provided
|
|
267
|
+
if quota:
|
|
268
|
+
self.policy_engine.set_quota(agent_id, quota)
|
|
269
|
+
|
|
270
|
+
return context
|
|
271
|
+
|
|
272
|
+
def execute_action(
|
|
273
|
+
self,
|
|
274
|
+
agent_context: AgentContext,
|
|
275
|
+
action_type: ActionType,
|
|
276
|
+
parameters: Dict[str, Any],
|
|
277
|
+
execution_context: Optional[ExecutionContext] = None,
|
|
278
|
+
reasoning_chain: Optional[List[ReasoningStep]] = None
|
|
279
|
+
) -> Dict[str, Any]:
|
|
280
|
+
"""
|
|
281
|
+
Execute an action on behalf of an agent
|
|
282
|
+
|
|
283
|
+
This is the main entry point for agent actions. It goes through
|
|
284
|
+
the complete governance pipeline:
|
|
285
|
+
1. Validator validation (includes legacy Mute Agent support)
|
|
286
|
+
2. Permission check (Kernel)
|
|
287
|
+
3. Constraint Graph validation (if enabled)
|
|
288
|
+
4. Policy validation (Policy Engine)
|
|
289
|
+
5. Risk assessment (Kernel)
|
|
290
|
+
6. Rate limiting (Policy Engine)
|
|
291
|
+
7. Shadow Mode or Real Execution
|
|
292
|
+
8. Audit logging (Kernel)
|
|
293
|
+
|
|
294
|
+
Args:
|
|
295
|
+
agent_context: Context for the agent making the request
|
|
296
|
+
action_type: Type of action to execute
|
|
297
|
+
parameters: Parameters for the action
|
|
298
|
+
execution_context: Optional execution context (sandboxing, timeouts, etc.)
|
|
299
|
+
reasoning_chain: Optional reasoning steps that led to this action
|
|
300
|
+
|
|
301
|
+
Returns:
|
|
302
|
+
Dictionary with execution results and metadata
|
|
303
|
+
"""
|
|
304
|
+
# Create a temporary request for validation
|
|
305
|
+
temp_request = ExecutionRequest(
|
|
306
|
+
request_id="temp",
|
|
307
|
+
agent_context=agent_context,
|
|
308
|
+
action_type=action_type,
|
|
309
|
+
parameters=parameters,
|
|
310
|
+
timestamp=datetime.now()
|
|
311
|
+
)
|
|
312
|
+
|
|
313
|
+
# 1a. Validate against registered validators (new pattern)
|
|
314
|
+
for validator in self._validators:
|
|
315
|
+
result = validator.validate_request(temp_request)
|
|
316
|
+
if not result.is_valid:
|
|
317
|
+
return {
|
|
318
|
+
"success": False,
|
|
319
|
+
"error": result.reason,
|
|
320
|
+
"status": "validator_rejected",
|
|
321
|
+
"details": result.details
|
|
322
|
+
}
|
|
323
|
+
|
|
324
|
+
# 1b. Validate against legacy Mute Agent capabilities (backward compatibility)
|
|
325
|
+
if agent_context.agent_id in self.mute_validators:
|
|
326
|
+
validator = self.mute_validators[agent_context.agent_id]
|
|
327
|
+
result = validator.validate_request(temp_request)
|
|
328
|
+
if not result.is_valid:
|
|
329
|
+
return {
|
|
330
|
+
"success": False,
|
|
331
|
+
"error": result.reason,
|
|
332
|
+
"status": "capability_mismatch"
|
|
333
|
+
}
|
|
334
|
+
|
|
335
|
+
# 2. Submit request to kernel for permission check
|
|
336
|
+
request = self.kernel.submit_request(agent_context, action_type, parameters)
|
|
337
|
+
|
|
338
|
+
|
|
339
|
+
if request.status == ExecutionStatus.DENIED:
|
|
340
|
+
return {
|
|
341
|
+
"success": False,
|
|
342
|
+
"error": "Request denied by kernel",
|
|
343
|
+
"request_id": request.request_id,
|
|
344
|
+
"status": request.status.value
|
|
345
|
+
}
|
|
346
|
+
|
|
347
|
+
# 3. Validate against Constraint Graphs (if enabled)
|
|
348
|
+
if self.constraint_graphs_enabled and self.constraint_validator:
|
|
349
|
+
is_valid, violations = self.constraint_validator.validate_request(request)
|
|
350
|
+
if not is_valid:
|
|
351
|
+
return {
|
|
352
|
+
"success": False,
|
|
353
|
+
"error": f"Constraint graph violations: {', '.join(violations)}",
|
|
354
|
+
"request_id": request.request_id,
|
|
355
|
+
"status": "constraint_violation",
|
|
356
|
+
"violations": violations
|
|
357
|
+
}
|
|
358
|
+
|
|
359
|
+
# 4. Validate with policy engine
|
|
360
|
+
is_valid, reason = self.policy_engine.validate_request(request)
|
|
361
|
+
if not is_valid:
|
|
362
|
+
return {
|
|
363
|
+
"success": False,
|
|
364
|
+
"error": f"Policy validation failed: {reason}",
|
|
365
|
+
"request_id": request.request_id,
|
|
366
|
+
"status": "policy_violation"
|
|
367
|
+
}
|
|
368
|
+
|
|
369
|
+
# 5. Validate risk level
|
|
370
|
+
if not self.policy_engine.validate_risk(request, request.risk_score):
|
|
371
|
+
return {
|
|
372
|
+
"success": False,
|
|
373
|
+
"error": "Request risk level too high",
|
|
374
|
+
"request_id": request.request_id,
|
|
375
|
+
"risk_score": request.risk_score,
|
|
376
|
+
"status": "risk_denied"
|
|
377
|
+
}
|
|
378
|
+
|
|
379
|
+
# 6. Execute in Shadow Mode or Real Mode
|
|
380
|
+
if self.shadow_mode_enabled:
|
|
381
|
+
# Shadow mode: simulate without executing
|
|
382
|
+
simulation = self.shadow_executor.execute_in_shadow(request, reasoning_chain)
|
|
383
|
+
return {
|
|
384
|
+
"success": True,
|
|
385
|
+
"result": simulation.simulated_result,
|
|
386
|
+
"request_id": request.request_id,
|
|
387
|
+
"status": "simulated",
|
|
388
|
+
"outcome": simulation.outcome.value,
|
|
389
|
+
"actual_impact": simulation.actual_impact,
|
|
390
|
+
"risk_score": request.risk_score,
|
|
391
|
+
"note": "This was executed in SHADOW MODE - no actual execution occurred"
|
|
392
|
+
}
|
|
393
|
+
else:
|
|
394
|
+
# Real execution
|
|
395
|
+
execution_result = self.execution_engine.execute(request, execution_context)
|
|
396
|
+
|
|
397
|
+
# Update kernel with execution result
|
|
398
|
+
if execution_result["success"]:
|
|
399
|
+
kernel_result = self.kernel.execute(request)
|
|
400
|
+
return {
|
|
401
|
+
"success": True,
|
|
402
|
+
"result": execution_result["result"],
|
|
403
|
+
"request_id": request.request_id,
|
|
404
|
+
"metrics": execution_result.get("metrics", {}),
|
|
405
|
+
"risk_score": request.risk_score
|
|
406
|
+
}
|
|
407
|
+
else:
|
|
408
|
+
return execution_result
|
|
409
|
+
|
|
410
|
+
def add_policy_rule(self, rule: PolicyRule):
|
|
411
|
+
"""Add a custom policy rule"""
|
|
412
|
+
self.kernel.add_policy_rule(rule)
|
|
413
|
+
self.policy_engine.add_custom_rule(rule)
|
|
414
|
+
|
|
415
|
+
def set_agent_quota(self, agent_id: str, quota: ResourceQuota):
|
|
416
|
+
"""Set resource quota for an agent"""
|
|
417
|
+
self.policy_engine.set_quota(agent_id, quota)
|
|
418
|
+
|
|
419
|
+
def set_risk_policy(self, policy_id: str, policy: RiskPolicy):
|
|
420
|
+
"""Set a risk policy"""
|
|
421
|
+
self.policy_engine.set_risk_policy(policy_id, policy)
|
|
422
|
+
|
|
423
|
+
def get_agent_status(self, agent_id: str) -> Dict[str, Any]:
|
|
424
|
+
"""Get comprehensive status for an agent"""
|
|
425
|
+
return {
|
|
426
|
+
"agent_id": agent_id,
|
|
427
|
+
"quota_status": self.policy_engine.get_quota_status(agent_id),
|
|
428
|
+
"active_executions": len([
|
|
429
|
+
ctx for ctx in self.execution_engine.get_active_executions().values()
|
|
430
|
+
]),
|
|
431
|
+
"execution_history": self.execution_engine.get_execution_history(agent_id, limit=10)
|
|
432
|
+
}
|
|
433
|
+
|
|
434
|
+
def get_audit_log(self, limit: int = 100) -> List[Dict[str, Any]]:
|
|
435
|
+
"""Get audit log entries"""
|
|
436
|
+
return self.kernel.get_audit_log()[-limit:]
|
|
437
|
+
|
|
438
|
+
def get_execution_history(
|
|
439
|
+
self,
|
|
440
|
+
agent_id: Optional[str] = None,
|
|
441
|
+
limit: int = 100
|
|
442
|
+
) -> List[Dict[str, Any]]:
|
|
443
|
+
"""Get execution history"""
|
|
444
|
+
return self.execution_engine.get_execution_history(agent_id, limit)
|
|
445
|
+
|
|
446
|
+
def _register_default_executors(self):
|
|
447
|
+
"""Register default executors for common action types"""
|
|
448
|
+
self.execution_engine.register_executor(ActionType.FILE_READ, file_read_executor)
|
|
449
|
+
self.execution_engine.register_executor(ActionType.CODE_EXECUTION, code_execution_executor)
|
|
450
|
+
self.execution_engine.register_executor(ActionType.API_CALL, api_call_executor)
|
|
451
|
+
|
|
452
|
+
def _add_default_policies(self):
|
|
453
|
+
"""Add default security policies"""
|
|
454
|
+
for policy in create_default_policies():
|
|
455
|
+
self.add_policy_rule(policy)
|
|
456
|
+
|
|
457
|
+
# ===== New Methods for Advanced Features =====
|
|
458
|
+
|
|
459
|
+
def enable_mute_agent(self, agent_id: str, config: MuteAgentConfig):
|
|
460
|
+
"""
|
|
461
|
+
Enable Mute Agent mode for an agent.
|
|
462
|
+
|
|
463
|
+
The agent will only execute actions that match its defined capabilities
|
|
464
|
+
and return NULL for out-of-scope requests.
|
|
465
|
+
"""
|
|
466
|
+
self.mute_validators[agent_id] = MuteAgentValidator(config)
|
|
467
|
+
|
|
468
|
+
def enable_shadow_mode(self, enabled: bool = True):
|
|
469
|
+
"""
|
|
470
|
+
Enable or disable shadow mode for all executions.
|
|
471
|
+
|
|
472
|
+
In shadow mode, actions are simulated but not actually executed.
|
|
473
|
+
"""
|
|
474
|
+
self.shadow_mode_enabled = enabled
|
|
475
|
+
self.shadow_executor.config.enabled = enabled
|
|
476
|
+
|
|
477
|
+
def get_shadow_simulations(self, agent_id: Optional[str] = None) -> List[Any]:
|
|
478
|
+
"""Get shadow mode simulation log"""
|
|
479
|
+
return self.shadow_executor.get_simulation_log(agent_id)
|
|
480
|
+
|
|
481
|
+
def get_shadow_statistics(self) -> Dict[str, Any]:
|
|
482
|
+
"""Get statistics about shadow mode executions"""
|
|
483
|
+
return self.shadow_executor.get_statistics()
|
|
484
|
+
|
|
485
|
+
def add_supervisor(self, supervisor: SupervisorAgent):
|
|
486
|
+
"""Add a supervisor agent to monitor worker agents"""
|
|
487
|
+
self.supervisor_network.add_supervisor(supervisor)
|
|
488
|
+
|
|
489
|
+
def run_supervision(self) -> Dict[str, List[Any]]:
|
|
490
|
+
"""
|
|
491
|
+
Run a supervision cycle to check for violations.
|
|
492
|
+
|
|
493
|
+
Returns violations detected by all supervisors.
|
|
494
|
+
"""
|
|
495
|
+
execution_log = self.get_execution_history()
|
|
496
|
+
audit_log = self.get_audit_log()
|
|
497
|
+
return self.supervisor_network.run_supervision_cycle(execution_log, audit_log)
|
|
498
|
+
|
|
499
|
+
def get_supervisor_summary(self) -> Dict[str, Any]:
|
|
500
|
+
"""Get summary of supervisor network activity"""
|
|
501
|
+
return self.supervisor_network.get_network_summary()
|
|
502
|
+
|
|
503
|
+
# ===== Plugin Registry Integration Methods =====
|
|
504
|
+
|
|
505
|
+
def register_validator(
|
|
506
|
+
self,
|
|
507
|
+
validator: ValidatorInterface,
|
|
508
|
+
action_types: Optional[List[str]] = None
|
|
509
|
+
) -> None:
|
|
510
|
+
"""
|
|
511
|
+
Register a validator with the control plane.
|
|
512
|
+
|
|
513
|
+
This is the preferred method for adding validators instead of
|
|
514
|
+
using enable_mute_agent() directly.
|
|
515
|
+
|
|
516
|
+
Args:
|
|
517
|
+
validator: Validator implementing ValidatorInterface
|
|
518
|
+
action_types: Optional list of action types this validator handles
|
|
519
|
+
"""
|
|
520
|
+
self._validators.append(validator)
|
|
521
|
+
|
|
522
|
+
# Also register with plugin registry if available
|
|
523
|
+
if self._registry:
|
|
524
|
+
self._registry.register_validator(validator, action_types=action_types)
|
|
525
|
+
|
|
526
|
+
def register_kernel(self, kernel: KernelInterface) -> None:
|
|
527
|
+
"""
|
|
528
|
+
Register a custom kernel with the control plane.
|
|
529
|
+
|
|
530
|
+
This allows injecting custom kernels like SCAK without hard imports.
|
|
531
|
+
|
|
532
|
+
Args:
|
|
533
|
+
kernel: Kernel implementing KernelInterface
|
|
534
|
+
"""
|
|
535
|
+
self._custom_kernel = kernel
|
|
536
|
+
|
|
537
|
+
# Also register with plugin registry if available
|
|
538
|
+
if self._registry:
|
|
539
|
+
self._registry.register_kernel(kernel)
|
|
540
|
+
|
|
541
|
+
def register_context_router(
|
|
542
|
+
self,
|
|
543
|
+
router: Union[ContextRouterInterface, ContextRoutingInterface]
|
|
544
|
+
) -> None:
|
|
545
|
+
"""
|
|
546
|
+
Register a context router for caas integration.
|
|
547
|
+
|
|
548
|
+
Args:
|
|
549
|
+
router: Context router implementing ContextRouterInterface
|
|
550
|
+
"""
|
|
551
|
+
self._context_router = router
|
|
552
|
+
|
|
553
|
+
if self._registry:
|
|
554
|
+
self._registry.register_context_router(router)
|
|
555
|
+
|
|
556
|
+
def register_message_security(self, security: MessageSecurityInterface) -> None:
|
|
557
|
+
"""
|
|
558
|
+
Register a message security provider for iatp integration.
|
|
559
|
+
|
|
560
|
+
Args:
|
|
561
|
+
security: Security provider implementing MessageSecurityInterface
|
|
562
|
+
"""
|
|
563
|
+
self._message_security = security
|
|
564
|
+
|
|
565
|
+
if self._registry:
|
|
566
|
+
self._registry.register_message_security(security)
|
|
567
|
+
|
|
568
|
+
def register_verifier(self, verifier: VerificationInterface) -> None:
|
|
569
|
+
"""
|
|
570
|
+
Register a verifier for cmvk integration.
|
|
571
|
+
|
|
572
|
+
Args:
|
|
573
|
+
verifier: Verifier implementing VerificationInterface
|
|
574
|
+
"""
|
|
575
|
+
self._verifier = verifier
|
|
576
|
+
|
|
577
|
+
if self._registry:
|
|
578
|
+
self._registry.register_verifier(verifier)
|
|
579
|
+
|
|
580
|
+
def get_registered_validators(self) -> List[ValidatorInterface]:
|
|
581
|
+
"""Get all registered validators"""
|
|
582
|
+
return self._validators.copy()
|
|
583
|
+
|
|
584
|
+
def get_plugin_registry(self) -> Optional[PluginRegistry]:
|
|
585
|
+
"""Get the plugin registry if enabled"""
|
|
586
|
+
return self._registry
|
|
587
|
+
|
|
588
|
+
# Constraint Graph methods
|
|
589
|
+
|
|
590
|
+
def add_data_table(self, table_name: str, schema: Dict[str, Any], metadata: Optional[Dict] = None):
|
|
591
|
+
"""Add a database table to the data graph"""
|
|
592
|
+
if self.data_graph:
|
|
593
|
+
self.data_graph.add_database_table(table_name, schema, metadata)
|
|
594
|
+
|
|
595
|
+
def add_data_path(self, path: str, access_level: str = "read", metadata: Optional[Dict] = None):
|
|
596
|
+
"""Add a file path to the data graph"""
|
|
597
|
+
if self.data_graph:
|
|
598
|
+
self.data_graph.add_file_path(path, access_level, metadata)
|
|
599
|
+
|
|
600
|
+
def add_policy_constraint(self, rule_id: str, name: str, applies_to: List[str], rule_type: str):
|
|
601
|
+
"""Add a policy constraint to the policy graph"""
|
|
602
|
+
if self.policy_graph:
|
|
603
|
+
self.policy_graph.add_policy_rule(rule_id, name, applies_to, rule_type)
|
|
604
|
+
|
|
605
|
+
def add_maintenance_window(self, window_id: str, start_time, end_time, blocked_actions: List[ActionType]):
|
|
606
|
+
"""Add a maintenance window to the temporal graph"""
|
|
607
|
+
if self.temporal_graph:
|
|
608
|
+
self.temporal_graph.add_maintenance_window(window_id, start_time, end_time, blocked_actions)
|
|
609
|
+
|
|
610
|
+
def get_constraint_validation_log(self) -> List[Dict[str, Any]]:
|
|
611
|
+
"""Get log of constraint graph validations"""
|
|
612
|
+
if self.constraint_validator:
|
|
613
|
+
return self.constraint_validator.get_validation_log()
|
|
614
|
+
return []
|
|
615
|
+
|
|
616
|
+
# ===== Agent Hibernation Methods (Serverless Agents) =====
|
|
617
|
+
|
|
618
|
+
def hibernate_agent(
|
|
619
|
+
self,
|
|
620
|
+
agent_id: str,
|
|
621
|
+
agent_context: AgentContext,
|
|
622
|
+
caas_pointer: Optional[str] = None,
|
|
623
|
+
additional_state: Optional[Dict[str, Any]] = None
|
|
624
|
+
):
|
|
625
|
+
"""
|
|
626
|
+
Hibernate an agent by serializing its state to disk.
|
|
627
|
+
|
|
628
|
+
This implements the "Serverless Agents" pattern - agents sitting idle
|
|
629
|
+
in memory are hibernated to disk, removing the need for "always-on" servers.
|
|
630
|
+
|
|
631
|
+
Args:
|
|
632
|
+
agent_id: Agent identifier
|
|
633
|
+
agent_context: Agent context to hibernate
|
|
634
|
+
caas_pointer: Optional pointer to context in caas (Context-as-a-Service)
|
|
635
|
+
additional_state: Optional additional state to serialize
|
|
636
|
+
|
|
637
|
+
Returns:
|
|
638
|
+
Metadata about the hibernated agent
|
|
639
|
+
"""
|
|
640
|
+
if not self.hibernation_enabled or not self.hibernation_manager:
|
|
641
|
+
raise RuntimeError("Hibernation is not enabled")
|
|
642
|
+
|
|
643
|
+
return self.hibernation_manager.hibernate_agent(
|
|
644
|
+
agent_id, agent_context, caas_pointer, additional_state
|
|
645
|
+
)
|
|
646
|
+
|
|
647
|
+
def wake_agent(self, agent_id: str) -> Dict[str, Any]:
|
|
648
|
+
"""
|
|
649
|
+
Wake up a hibernated agent and restore its state.
|
|
650
|
+
|
|
651
|
+
Args:
|
|
652
|
+
agent_id: Agent identifier to wake
|
|
653
|
+
|
|
654
|
+
Returns:
|
|
655
|
+
Restored agent state
|
|
656
|
+
"""
|
|
657
|
+
if not self.hibernation_enabled or not self.hibernation_manager:
|
|
658
|
+
raise RuntimeError("Hibernation is not enabled")
|
|
659
|
+
|
|
660
|
+
return self.hibernation_manager.wake_agent(agent_id)
|
|
661
|
+
|
|
662
|
+
def is_agent_hibernated(self, agent_id: str) -> bool:
|
|
663
|
+
"""Check if an agent is currently hibernated"""
|
|
664
|
+
if not self.hibernation_enabled or not self.hibernation_manager:
|
|
665
|
+
return False
|
|
666
|
+
|
|
667
|
+
return self.hibernation_manager.is_agent_hibernated(agent_id)
|
|
668
|
+
|
|
669
|
+
def record_agent_activity(self, agent_id: str):
|
|
670
|
+
"""Record activity for an agent (resets idle timer)"""
|
|
671
|
+
if self.hibernation_enabled and self.hibernation_manager:
|
|
672
|
+
self.hibernation_manager.record_agent_activity(agent_id)
|
|
673
|
+
|
|
674
|
+
def hibernate_idle_agents(self, min_idle_seconds: Optional[int] = None) -> List[str]:
|
|
675
|
+
"""
|
|
676
|
+
Automatically hibernate agents that have been idle.
|
|
677
|
+
|
|
678
|
+
Args:
|
|
679
|
+
min_idle_seconds: Minimum idle time (uses config default if None)
|
|
680
|
+
|
|
681
|
+
Returns:
|
|
682
|
+
List of agent IDs that were hibernated
|
|
683
|
+
"""
|
|
684
|
+
if not self.hibernation_enabled or not self.hibernation_manager:
|
|
685
|
+
return []
|
|
686
|
+
|
|
687
|
+
idle_agents = self.hibernation_manager.get_idle_agents(min_idle_seconds)
|
|
688
|
+
hibernated = []
|
|
689
|
+
|
|
690
|
+
for agent_id in idle_agents:
|
|
691
|
+
# Get agent context from active sessions
|
|
692
|
+
if agent_id in self.kernel.active_sessions:
|
|
693
|
+
session_id = None
|
|
694
|
+
for sid, ctx in self.kernel.active_sessions.items():
|
|
695
|
+
if ctx.agent_id == agent_id:
|
|
696
|
+
session_id = sid
|
|
697
|
+
break
|
|
698
|
+
|
|
699
|
+
if session_id:
|
|
700
|
+
agent_context = self.kernel.active_sessions[session_id]
|
|
701
|
+
try:
|
|
702
|
+
self.hibernate_agent(agent_id, agent_context)
|
|
703
|
+
hibernated.append(agent_id)
|
|
704
|
+
# Remove from active sessions
|
|
705
|
+
del self.kernel.active_sessions[session_id]
|
|
706
|
+
except Exception as e:
|
|
707
|
+
self.kernel.logger.error(f"Failed to hibernate idle agent {agent_id}: {e}")
|
|
708
|
+
|
|
709
|
+
return hibernated
|
|
710
|
+
|
|
711
|
+
def get_hibernation_statistics(self) -> Dict[str, Any]:
|
|
712
|
+
"""Get statistics about agent hibernation"""
|
|
713
|
+
if not self.hibernation_enabled or not self.hibernation_manager:
|
|
714
|
+
return {"enabled": False}
|
|
715
|
+
|
|
716
|
+
return self.hibernation_manager.get_statistics()
|
|
717
|
+
|
|
718
|
+
# ===== Time-Travel Debugging Methods =====
|
|
719
|
+
|
|
720
|
+
def replay_agent_history(
|
|
721
|
+
self,
|
|
722
|
+
agent_id: str,
|
|
723
|
+
minutes: int,
|
|
724
|
+
callback: Optional[callable] = None
|
|
725
|
+
):
|
|
726
|
+
"""
|
|
727
|
+
Replay the last N minutes of an agent's life exactly as it happened.
|
|
728
|
+
|
|
729
|
+
This implements "Time-Travel Debugging" - re-run agent actions from history
|
|
730
|
+
for debugging and analysis.
|
|
731
|
+
|
|
732
|
+
Args:
|
|
733
|
+
agent_id: Agent identifier
|
|
734
|
+
minutes: Number of minutes to replay
|
|
735
|
+
callback: Optional callback for each replayed event
|
|
736
|
+
|
|
737
|
+
Returns:
|
|
738
|
+
ReplaySession for the replay
|
|
739
|
+
"""
|
|
740
|
+
if not self.time_travel_enabled or not self.time_travel_debugger:
|
|
741
|
+
raise RuntimeError("Time-travel debugging is not enabled")
|
|
742
|
+
|
|
743
|
+
session = self.time_travel_debugger.replay_time_window(agent_id, minutes)
|
|
744
|
+
|
|
745
|
+
if callback:
|
|
746
|
+
self.time_travel_debugger.replay_agent_history(
|
|
747
|
+
agent_id, session.session_id, callback
|
|
748
|
+
)
|
|
749
|
+
|
|
750
|
+
return session
|
|
751
|
+
|
|
752
|
+
def capture_agent_state_snapshot(
|
|
753
|
+
self,
|
|
754
|
+
agent_id: str,
|
|
755
|
+
agent_context: AgentContext,
|
|
756
|
+
metadata: Optional[Dict[str, Any]] = None
|
|
757
|
+
):
|
|
758
|
+
"""
|
|
759
|
+
Capture a point-in-time snapshot of agent state for time-travel debugging.
|
|
760
|
+
|
|
761
|
+
Args:
|
|
762
|
+
agent_id: Agent identifier
|
|
763
|
+
agent_context: Agent context to snapshot
|
|
764
|
+
metadata: Optional metadata
|
|
765
|
+
"""
|
|
766
|
+
if not self.time_travel_enabled or not self.time_travel_debugger:
|
|
767
|
+
return
|
|
768
|
+
|
|
769
|
+
# Convert agent context to serializable state
|
|
770
|
+
state = {
|
|
771
|
+
"session_id": agent_context.session_id,
|
|
772
|
+
"created_at": agent_context.created_at.isoformat(),
|
|
773
|
+
"permissions": {str(k): v.value for k, v in agent_context.permissions.items()},
|
|
774
|
+
"metadata": agent_context.metadata
|
|
775
|
+
}
|
|
776
|
+
|
|
777
|
+
self.time_travel_debugger.capture_state_snapshot(agent_id, state, metadata)
|
|
778
|
+
|
|
779
|
+
def get_replay_summary(self, session_id: str) -> Dict[str, Any]:
|
|
780
|
+
"""Get summary of a replay session"""
|
|
781
|
+
if not self.time_travel_enabled or not self.time_travel_debugger:
|
|
782
|
+
raise RuntimeError("Time-travel debugging is not enabled")
|
|
783
|
+
|
|
784
|
+
return self.time_travel_debugger.get_replay_summary(session_id)
|
|
785
|
+
|
|
786
|
+
def get_time_travel_statistics(self) -> Dict[str, Any]:
|
|
787
|
+
"""Get statistics about time-travel debugging"""
|
|
788
|
+
if not self.time_travel_enabled or not self.time_travel_debugger:
|
|
789
|
+
return {"enabled": False}
|
|
790
|
+
|
|
791
|
+
return self.time_travel_debugger.get_statistics()
|
|
792
|
+
|
|
793
|
+
|
|
794
|
+
|
|
795
|
+
# Convenience functions for common operations
|
|
796
|
+
|
|
797
|
+
def create_read_only_agent(control_plane: AgentControlPlane, agent_id: str) -> AgentContext:
|
|
798
|
+
"""Create an agent with read-only permissions"""
|
|
799
|
+
permissions = {
|
|
800
|
+
ActionType.FILE_READ: PermissionLevel.READ_ONLY,
|
|
801
|
+
ActionType.DATABASE_QUERY: PermissionLevel.READ_ONLY,
|
|
802
|
+
}
|
|
803
|
+
|
|
804
|
+
quota = ResourceQuota(
|
|
805
|
+
agent_id=agent_id,
|
|
806
|
+
max_requests_per_minute=30,
|
|
807
|
+
max_requests_per_hour=500,
|
|
808
|
+
allowed_action_types=[ActionType.FILE_READ, ActionType.DATABASE_QUERY]
|
|
809
|
+
)
|
|
810
|
+
|
|
811
|
+
return control_plane.create_agent(agent_id, permissions, quota)
|
|
812
|
+
|
|
813
|
+
|
|
814
|
+
def create_standard_agent(control_plane: AgentControlPlane, agent_id: str) -> AgentContext:
|
|
815
|
+
"""Create an agent with standard permissions"""
|
|
816
|
+
permissions = {
|
|
817
|
+
ActionType.FILE_READ: PermissionLevel.READ_ONLY,
|
|
818
|
+
ActionType.FILE_WRITE: PermissionLevel.READ_WRITE,
|
|
819
|
+
ActionType.API_CALL: PermissionLevel.READ_WRITE,
|
|
820
|
+
ActionType.DATABASE_QUERY: PermissionLevel.READ_ONLY,
|
|
821
|
+
ActionType.CODE_EXECUTION: PermissionLevel.READ_WRITE,
|
|
822
|
+
}
|
|
823
|
+
|
|
824
|
+
quota = ResourceQuota(
|
|
825
|
+
agent_id=agent_id,
|
|
826
|
+
max_requests_per_minute=60,
|
|
827
|
+
max_requests_per_hour=1000,
|
|
828
|
+
allowed_action_types=[
|
|
829
|
+
ActionType.FILE_READ,
|
|
830
|
+
ActionType.FILE_WRITE,
|
|
831
|
+
ActionType.API_CALL,
|
|
832
|
+
ActionType.DATABASE_QUERY,
|
|
833
|
+
ActionType.CODE_EXECUTION,
|
|
834
|
+
]
|
|
835
|
+
)
|
|
836
|
+
|
|
837
|
+
return control_plane.create_agent(agent_id, permissions, quota)
|
|
838
|
+
|
|
839
|
+
|
|
840
|
+
def create_admin_agent(control_plane: AgentControlPlane, agent_id: str) -> AgentContext:
|
|
841
|
+
"""Create an agent with admin permissions"""
|
|
842
|
+
permissions = {
|
|
843
|
+
action_type: PermissionLevel.ADMIN
|
|
844
|
+
for action_type in ActionType
|
|
845
|
+
}
|
|
846
|
+
|
|
847
|
+
quota = ResourceQuota(
|
|
848
|
+
agent_id=agent_id,
|
|
849
|
+
max_requests_per_minute=120,
|
|
850
|
+
max_requests_per_hour=5000,
|
|
851
|
+
allowed_action_types=list(ActionType)
|
|
852
|
+
)
|
|
853
|
+
|
|
854
|
+
return control_plane.create_agent(agent_id, permissions, quota)
|