agmem 0.1.1__py3-none-any.whl → 0.1.3__py3-none-any.whl

memvcs/core/test_runner.py

@@ -14,6 +14,7 @@ from datetime import datetime
 
 try:
     import yaml
+
     YAML_AVAILABLE = True
 except ImportError:
     YAML_AVAILABLE = False
@@ -22,6 +23,7 @@ except ImportError:
 @dataclass
 class TestCase:
     """A single test case for memory validation."""
+
     name: str
     query: str
     expected_fact: str
@@ -33,6 +35,7 @@ class TestCase:
 @dataclass
 class TestFailure:
     """Represents a failed test."""
+
     test_name: str
     query: str
     expected: str
@@ -44,6 +47,7 @@ class TestFailure:
 @dataclass
 class TestResult:
     """Result of running memory tests."""
+
     passed: bool
     total_count: int
     passed_count: int
@@ -55,118 +59,122 @@ class TestResult:
 class TestRunner:
     """
     Runner for memory regression tests.
-    
+
     Tests are defined in YAML files in the tests/ directory of the memory repo.
     """
-    
+
     def __init__(self, repo, vector_store=None):
         """
         Initialize test runner.
-        
+
         Args:
             repo: Repository instance
             vector_store: Optional VectorStore for semantic search tests
         """
         self.repo = repo
         self.vector_store = vector_store
-        self.tests_dir = repo.root / 'tests'
-    
+        self.tests_dir = repo.root / "tests"
+
     def load_tests(self) -> List[TestCase]:
         """
         Load all test cases from the tests/ directory.
-        
+
         Returns:
             List of TestCase objects
         """
         tests = []
-        
+
         if not self.tests_dir.exists():
             return tests
-        
-        for test_file in self.tests_dir.glob('**/*.yaml'):
+
+        for test_file in self.tests_dir.glob("**/*.yaml"):
             tests.extend(self._load_test_file(test_file))
-        
-        for test_file in self.tests_dir.glob('**/*.yml'):
+
+        for test_file in self.tests_dir.glob("**/*.yml"):
             tests.extend(self._load_test_file(test_file))
-        
-        for test_file in self.tests_dir.glob('**/*.json'):
+
+        for test_file in self.tests_dir.glob("**/*.json"):
             tests.extend(self._load_json_test_file(test_file))
-        
+
         return tests
-    
+
     def _load_test_file(self, path: Path) -> List[TestCase]:
         """Load tests from a YAML file."""
         if not YAML_AVAILABLE:
             return []
-        
+
         try:
             with open(path) as f:
                 data = yaml.safe_load(f)
-            
-            if not data or 'tests' not in data:
+
+            if not data or "tests" not in data:
                 return []
-            
+
             tests = []
             file_name = path.stem
-            
-            for i, test_data in enumerate(data['tests']):
-                name = test_data.get('name', f"{file_name}_{i}")
-                tests.append(TestCase(
-                    name=name,
-                    query=test_data['query'],
-                    expected_fact=test_data['expected_fact'],
-                    confidence_threshold=test_data.get('confidence_threshold', 0.7),
-                    required=test_data.get('required', False),
-                    tags=test_data.get('tags', [])
-                ))
-            
+
+            for i, test_data in enumerate(data["tests"]):
+                name = test_data.get("name", f"{file_name}_{i}")
+                tests.append(
+                    TestCase(
+                        name=name,
+                        query=test_data["query"],
+                        expected_fact=test_data["expected_fact"],
+                        confidence_threshold=test_data.get("confidence_threshold", 0.7),
+                        required=test_data.get("required", False),
+                        tags=test_data.get("tags", []),
+                    )
+                )
+
             return tests
-        
+
         except Exception as e:
             print(f"Warning: Failed to load test file {path}: {e}")
             return []
-    
+
     def _load_json_test_file(self, path: Path) -> List[TestCase]:
         """Load tests from a JSON file."""
         try:
             with open(path) as f:
                 data = json.load(f)
-            
+
             if not data:
                 return []
-            
+
             # Support both array of tests and object with 'tests' key
             if isinstance(data, list):
                 test_list = data
-            elif 'tests' in data:
-                test_list = data['tests']
+            elif "tests" in data:
+                test_list = data["tests"]
             else:
                 return []
-            
+
             tests = []
             file_name = path.stem
-            
+
             for i, test_data in enumerate(test_list):
-                name = test_data.get('name', f"{file_name}_{i}")
-                tests.append(TestCase(
-                    name=name,
-                    query=test_data['query'],
-                    expected_fact=test_data['expected_fact'],
-                    confidence_threshold=test_data.get('confidence_threshold', 0.7),
-                    required=test_data.get('required', False),
-                    tags=test_data.get('tags', [])
-                ))
-            
+                name = test_data.get("name", f"{file_name}_{i}")
+                tests.append(
+                    TestCase(
+                        name=name,
+                        query=test_data["query"],
+                        expected_fact=test_data["expected_fact"],
+                        confidence_threshold=test_data.get("confidence_threshold", 0.7),
+                        required=test_data.get("required", False),
+                        tags=test_data.get("tags", []),
+                    )
+                )
+
             return tests
-        
+
         except Exception as e:
             print(f"Warning: Failed to load test file {path}: {e}")
             return []
-    
+
     def run_test(self, test: TestCase) -> Optional[TestFailure]:
         """
         Run a single test case.
-        
+
         Returns:
             TestFailure if test failed, None if passed
         """
@@ -176,12 +184,12 @@ class TestRunner:
         else:
             # Fall back to simple text matching
             return self._run_text_test(test)
-    
+
     def _run_semantic_test(self, test: TestCase) -> Optional[TestFailure]:
         """Run test using semantic search."""
         try:
             results = self.vector_store.search(test.query, k=5)
-            
+
             if not results:
                 return TestFailure(
                     test_name=test.name,
@@ -189,30 +197,30 @@ class TestRunner:
                     expected=test.expected_fact,
                     actual=None,
                     message="No results found for query",
-                    is_critical=test.required
+                    is_critical=test.required,
                 )
-            
+
             # Check if any result contains the expected fact
             for result in results:
-                content = result.get('content', '')
-                similarity = result.get('similarity', 0)
-                
+                content = result.get("content", "")
+                similarity = result.get("similarity", 0)
+
                 if similarity >= test.confidence_threshold:
                     # Use simple string matching as judge
                     if self._fact_matches(test.expected_fact, content):
                         return None  # Test passed
-            
+
             # No matching result found
             best_result = results[0] if results else {}
             return TestFailure(
                 test_name=test.name,
                 query=test.query,
                 expected=test.expected_fact,
-                actual=best_result.get('content', '')[:200],
+                actual=best_result.get("content", "")[:200],
                 message=f"Expected fact not found in top results (best similarity: {best_result.get('similarity', 0):.2f})",
-                is_critical=test.required
+                is_critical=test.required,
             )
-        
+
         except Exception as e:
             return TestFailure(
                 test_name=test.name,
@@ -220,14 +228,14 @@ class TestRunner:
                 expected=test.expected_fact,
                 actual=None,
                 message=f"Error running semantic test: {e}",
-                is_critical=test.required
+                is_critical=test.required,
             )
-    
+
     def _run_text_test(self, test: TestCase) -> Optional[TestFailure]:
         """Run test using simple text search through memory files."""
         try:
-            current_dir = self.repo.root / 'current'
-            
+            current_dir = self.repo.root / "current"
+
             if not current_dir.exists():
                 return TestFailure(
                     test_name=test.name,
@@ -235,27 +243,27 @@ class TestRunner:
                     expected=test.expected_fact,
                     actual=None,
                     message="No current/ directory found",
-                    is_critical=test.required
+                    is_critical=test.required,
                 )
-            
+
             # Search through all memory files
-            for memory_file in current_dir.glob('**/*.md'):
+            for memory_file in current_dir.glob("**/*.md"):
                 try:
                     content = memory_file.read_text()
                     if self._fact_matches(test.expected_fact, content):
                         return None  # Test passed
                 except Exception:
                     continue
-            
+
             return TestFailure(
                 test_name=test.name,
                 query=test.query,
                 expected=test.expected_fact,
                 actual=None,
                 message="Expected fact not found in any memory file",
-                is_critical=test.required
+                is_critical=test.required,
             )
-        
+
         except Exception as e:
             return TestFailure(
                 test_name=test.name,
@@ -263,83 +271,83 @@ class TestRunner:
                 expected=test.expected_fact,
                 actual=None,
                 message=f"Error running text test: {e}",
-                is_critical=test.required
+                is_critical=test.required,
             )
-    
+
     def _fact_matches(self, expected: str, content: str) -> bool:
         """
         Check if expected fact is present in content.
-        
+
         Uses case-insensitive substring matching.
         For more sophisticated matching, this could use an LLM judge.
         """
         expected_lower = expected.lower()
         content_lower = content.lower()
-        
+
         # Direct substring match
         if expected_lower in content_lower:
             return True
-        
+
         # Check if all key words are present
         key_words = expected_lower.split()
         if len(key_words) > 2:
             matches = sum(1 for word in key_words if word in content_lower)
             if matches >= len(key_words) * 0.8:  # 80% of words match
                 return True
-        
+
         return False
-    
+
     def run_all(self, tags: Optional[List[str]] = None) -> TestResult:
         """
         Run all tests.
-        
+
         Args:
             tags: Optional list of tags to filter tests
-            
+
         Returns:
             TestResult with overall results
         """
         start_time = datetime.now()
         tests = self.load_tests()
-        
+
         # Filter by tags if specified
         if tags:
             tests = [t for t in tests if any(tag in t.tags for tag in tags)]
-        
+
         failures = []
         passed_count = 0
-        
+
         for test in tests:
             failure = self.run_test(test)
             if failure:
                 failures.append(failure)
             else:
                 passed_count += 1
-        
+
         duration = (datetime.now() - start_time).total_seconds() * 1000
-        
+
         # Check if any critical tests failed
         critical_failures = [f for f in failures if f.is_critical]
         passed = len(critical_failures) == 0
-        
+
         return TestResult(
             passed=passed,
             total_count=len(tests),
             passed_count=passed_count,
             failed_count=len(failures),
             failures=failures,
-            duration_ms=int(duration)
+            duration_ms=int(duration),
         )
-    
+
     def run_for_branch(self, branch: str) -> TestResult:
         """
         Run tests against a specific branch.
-        
+
         Creates a temporary vector store with only the branch's data.
-        
+
         Args:
             branch: Branch name to test
-            
+
         Returns:
             TestResult
         """

memvcs/core/trust.py

@@ -0,0 +1,103 @@
+"""
+Multi-agent trust and identity model for agmem.
+
+Trust store: map public keys to levels (full | conditional | untrusted).
+Used on pull/merge to decide auto-merge, prompt, or block.
+"""
+
+import hashlib
+import json
+from pathlib import Path
+from typing import Optional, Dict, List, Any, Union
+
+TRUST_LEVELS = ("full", "conditional", "untrusted")
+
+
+def _trust_dir(mem_dir: Path) -> Path:
+    return mem_dir / "trust"
+
+
+def _trust_file(mem_dir: Path) -> Path:
+    return _trust_dir(mem_dir) / "trust.json"
+
+
+def _key_id(public_key_pem: bytes) -> str:
+    """Stable id for a public key (hash of PEM)."""
+    return hashlib.sha256(public_key_pem).hexdigest()[:16]
+
+
+def _ensure_bytes(pem: Union[bytes, str]) -> bytes:
+    """Normalize PEM to bytes for hashing/serialization."""
+    return pem.encode("utf-8") if isinstance(pem, str) else pem
+
+
+def load_trust_store(mem_dir: Path) -> List[Dict[str, Any]]:
+    """Load trust store: list of { key_id, public_key_pem, level }."""
+    path = _trust_file(mem_dir)
+    if not path.exists():
+        return []
+    try:
+        data = json.loads(path.read_text())
+        return data.get("entries", [])
+    except Exception:
+        return []
+
+
+def get_trust_level(mem_dir: Path, public_key_pem: Union[bytes, str]) -> Optional[str]:
+    """Get trust level for a public key. Returns 'full'|'conditional'|'untrusted' or None if unknown."""
+    pem_b = _ensure_bytes(public_key_pem)
+    kid = _key_id(pem_b)
+    key_pem_str = pem_b.decode("utf-8")
+    for e in load_trust_store(mem_dir):
+        entry_id = e.get("key_id") or _key_id((e.get("public_key_pem") or "").encode())
+        if entry_id == kid:
+            return e.get("level")
+        if e.get("public_key_pem") == key_pem_str:
+            return e.get("level")
+    return None
+
+
+# Reasonable upper bound for PEM to avoid DoS (typical Ed25519 public PEM ~120 bytes)
+_MAX_PEM_BYTES = 8192
+
+
+def set_trust(mem_dir: Path, public_key_pem: Union[bytes, str], level: str) -> None:
+    """Set trust level for a public key. level: full | conditional | untrusted."""
+    if level not in TRUST_LEVELS:
+        raise ValueError(f"level must be one of {TRUST_LEVELS}")
+    pem_b = _ensure_bytes(public_key_pem)
+    if len(pem_b) > _MAX_PEM_BYTES:
+        raise ValueError("Public key PEM exceeds maximum size")
+    kid = _key_id(pem_b)
+    key_pem_str = pem_b.decode("utf-8")
+    _trust_dir(mem_dir).mkdir(parents=True, exist_ok=True)
+    entries = load_trust_store(mem_dir)
+    entries = [
+        e
+        for e in entries
+        if (e.get("key_id") or _key_id((e.get("public_key_pem") or "").encode())) != kid
+    ]
+    entries.append({"key_id": kid, "public_key_pem": key_pem_str, "level": level})
+    _trust_file(mem_dir).write_text(json.dumps({"entries": entries}, indent=2))
+
+
+def find_verifying_key(mem_dir: Path, commit_metadata: Dict[str, Any]) -> Optional[bytes]:
+    """
+    Try each key in trust store to verify the commit's signature.
+    commit_metadata should have merkle_root and signature.
+    Returns public_key_pem of first key that verifies, or None.
+    """
+    from .crypto_verify import verify_signature
+
+    root = commit_metadata.get("merkle_root")
+    sig = commit_metadata.get("signature")
+    if not root or not sig:
+        return None
+    for e in load_trust_store(mem_dir):
+        pem = e.get("public_key_pem")
+        if not pem:
+            continue
+        pem_b = _ensure_bytes(pem)
+        if verify_signature(root, sig, pem_b):
+            return pem_b
+    return None