ciris-agent 1.7.7__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- ciris_adapters/README.md +113 -0
- ciris_adapters/__init__.py +30 -0
- ciris_adapters/ciris_covenant_metrics/README.md +144 -0
- ciris_adapters/ciris_covenant_metrics/__init__.py +36 -0
- ciris_adapters/ciris_covenant_metrics/adapter.py +249 -0
- ciris_adapters/ciris_covenant_metrics/manifest.json +152 -0
- ciris_adapters/ciris_covenant_metrics/services.py +403 -0
- ciris_adapters/ciris_hosted_tools/__init__.py +24 -0
- ciris_adapters/ciris_hosted_tools/adapter.py +169 -0
- ciris_adapters/ciris_hosted_tools/manifest.json +94 -0
- ciris_adapters/ciris_hosted_tools/services.py +744 -0
- ciris_adapters/external_data_sql/README.md +559 -0
- ciris_adapters/external_data_sql/__init__.py +43 -0
- ciris_adapters/external_data_sql/adapter.py +144 -0
- ciris_adapters/external_data_sql/configurable.py +315 -0
- ciris_adapters/external_data_sql/dialects/__init__.py +37 -0
- ciris_adapters/external_data_sql/dialects/base.py +133 -0
- ciris_adapters/external_data_sql/dialects/mysql.py +63 -0
- ciris_adapters/external_data_sql/dialects/postgresql.py +59 -0
- ciris_adapters/external_data_sql/dialects/sqlite.py +62 -0
- ciris_adapters/external_data_sql/example_config.json +88 -0
- ciris_adapters/external_data_sql/example_privacy_schema.yaml +127 -0
- ciris_adapters/external_data_sql/manifest.json +195 -0
- ciris_adapters/external_data_sql/privacy_schema_loader.py +189 -0
- ciris_adapters/external_data_sql/protocol.py +101 -0
- ciris_adapters/external_data_sql/schemas.py +146 -0
- ciris_adapters/external_data_sql/service.py +1547 -0
- ciris_adapters/external_data_sql/service_old.py +492 -0
- ciris_adapters/home_assistant/__init__.py +63 -0
- ciris_adapters/home_assistant/adapter.py +201 -0
- ciris_adapters/home_assistant/communication_service.py +347 -0
- ciris_adapters/home_assistant/configurable.py +667 -0
- ciris_adapters/home_assistant/manifest.json +203 -0
- ciris_adapters/home_assistant/schemas.py +129 -0
- ciris_adapters/home_assistant/service.py +751 -0
- ciris_adapters/home_assistant/tool_service.py +441 -0
- ciris_adapters/mcp_client/__init__.py +82 -0
- ciris_adapters/mcp_client/adapter.py +847 -0
- ciris_adapters/mcp_client/config.py +280 -0
- ciris_adapters/mcp_client/configurable.py +422 -0
- ciris_adapters/mcp_client/manifest.json +185 -0
- ciris_adapters/mcp_client/mcp_communication_service.py +393 -0
- ciris_adapters/mcp_client/mcp_tool_service.py +463 -0
- ciris_adapters/mcp_client/mcp_wise_service.py +394 -0
- ciris_adapters/mcp_client/schemas.py +149 -0
- ciris_adapters/mcp_client/security.py +592 -0
- ciris_adapters/mcp_common/__init__.py +44 -0
- ciris_adapters/mcp_common/manifest.json +25 -0
- ciris_adapters/mcp_common/protocol.py +315 -0
- ciris_adapters/mcp_common/schemas.py +225 -0
- ciris_adapters/mcp_server/__init__.py +47 -0
- ciris_adapters/mcp_server/adapter.py +581 -0
- ciris_adapters/mcp_server/config.py +260 -0
- ciris_adapters/mcp_server/configurable.py +393 -0
- ciris_adapters/mcp_server/handlers.py +663 -0
- ciris_adapters/mcp_server/manifest.json +211 -0
- ciris_adapters/mcp_server/security.py +500 -0
- ciris_adapters/mock_llm/README.md +117 -0
- ciris_adapters/mock_llm/__init__.py +21 -0
- ciris_adapters/mock_llm/adapter.py +131 -0
- ciris_adapters/mock_llm/configurable.py +237 -0
- ciris_adapters/mock_llm/manifest.json +106 -0
- ciris_adapters/mock_llm/protocol.py +37 -0
- ciris_adapters/mock_llm/responses.py +520 -0
- ciris_adapters/mock_llm/responses_action_selection.py +1041 -0
- ciris_adapters/mock_llm/responses_epistemic.py +17 -0
- ciris_adapters/mock_llm/responses_feedback.py +27 -0
- ciris_adapters/mock_llm/schemas.py +35 -0
- ciris_adapters/mock_llm/service.py +294 -0
- ciris_adapters/navigation/__init__.py +21 -0
- ciris_adapters/navigation/adapter.py +129 -0
- ciris_adapters/navigation/configurable.py +239 -0
- ciris_adapters/navigation/manifest.json +104 -0
- ciris_adapters/navigation/service.py +487 -0
- ciris_adapters/reddit/README.md +132 -0
- ciris_adapters/reddit/REDDIT_ADAPTER_ANALYSIS.md +715 -0
- ciris_adapters/reddit/REDDIT_ADAPTER_SUMMARY.txt +278 -0
- ciris_adapters/reddit/REDDIT_ANALYSIS_INDEX.md +307 -0
- ciris_adapters/reddit/REDDIT_PRODUCTION_READINESS_PLAN.md +518 -0
- ciris_adapters/reddit/__init__.py +15 -0
- ciris_adapters/reddit/adapter.py +189 -0
- ciris_adapters/reddit/configurable.py +274 -0
- ciris_adapters/reddit/error_handler.py +307 -0
- ciris_adapters/reddit/manifest.json +218 -0
- ciris_adapters/reddit/observer.py +532 -0
- ciris_adapters/reddit/protocol.py +34 -0
- ciris_adapters/reddit/schemas.py +433 -0
- ciris_adapters/reddit/service.py +1471 -0
- ciris_adapters/sample_adapter/README.md +474 -0
- ciris_adapters/sample_adapter/__init__.py +45 -0
- ciris_adapters/sample_adapter/adapter.py +208 -0
- ciris_adapters/sample_adapter/configurable.py +469 -0
- ciris_adapters/sample_adapter/manifest.json +247 -0
- ciris_adapters/sample_adapter/services.py +486 -0
- ciris_adapters/weather/__init__.py +16 -0
- ciris_adapters/weather/adapter.py +130 -0
- ciris_adapters/weather/configurable.py +240 -0
- ciris_adapters/weather/manifest.json +156 -0
- ciris_adapters/weather/service.py +600 -0
- ciris_agent-1.7.7.dist-info/METADATA +284 -0
- ciris_agent-1.7.7.dist-info/RECORD +986 -0
- ciris_agent-1.7.7.dist-info/WHEEL +5 -0
- ciris_agent-1.7.7.dist-info/entry_points.txt +15 -0
- ciris_agent-1.7.7.dist-info/licenses/LICENSE +205 -0
- ciris_agent-1.7.7.dist-info/licenses/NOTICE +82 -0
- ciris_agent-1.7.7.dist-info/top_level.txt +4 -0
- ciris_engine/__init__.py +15 -0
- ciris_engine/ciris_templates/ally.yaml +632 -0
- ciris_engine/ciris_templates/default.yaml +411 -0
- ciris_engine/ciris_templates/echo-core.yaml +629 -0
- ciris_engine/ciris_templates/echo-speculative.yaml +764 -0
- ciris_engine/ciris_templates/echo.yaml +647 -0
- ciris_engine/ciris_templates/sage.yaml +332 -0
- ciris_engine/ciris_templates/scout.yaml +338 -0
- ciris_engine/ciris_templates/test.yaml +168 -0
- ciris_engine/cli.py +42 -0
- ciris_engine/config/CIRIS_SERVICES.json +19 -0
- ciris_engine/config/MODEL_CAPABILITIES.json +419 -0
- ciris_engine/config/PRICING_DATA.json +179 -0
- ciris_engine/config/__init__.py +50 -0
- ciris_engine/config/ciris_services.py +113 -0
- ciris_engine/config/model_capabilities.py +388 -0
- ciris_engine/config/pricing_models.py +276 -0
- ciris_engine/constants.py +35 -0
- ciris_engine/data/__init__.py +1 -0
- ciris_engine/data/covenant_1.0b.txt +978 -0
- ciris_engine/gui_static/11steps.svg +107 -0
- ciris_engine/gui_static/2x-schematics.png +0 -0
- ciris_engine/gui_static/404/index.html +1 -0
- ciris_engine/gui_static/404.html +1 -0
- ciris_engine/gui_static/_next/static/0edhkwDxd5UccTsCmtaBi/_buildManifest.js +1 -0
- ciris_engine/gui_static/_next/static/0edhkwDxd5UccTsCmtaBi/_ssgManifest.js +1 -0
- ciris_engine/gui_static/_next/static/U-3xTQao7hc2wnAi-Uekm/_buildManifest.js +1 -0
- ciris_engine/gui_static/_next/static/U-3xTQao7hc2wnAi-Uekm/_ssgManifest.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/3297-60e86ba0f8a7b040.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/3835-2aad4b7f5f8e4643.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/4499-99a0bc47de0b8975.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/4534-af88cd4ba6e99bff.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/4541-84b455f9e0dc4cfe.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/4789-61412711484754bb.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/6539-c6398bc9d7018430.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/704-8e827b26cc8c2d32.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/704-fb45d630f3192c6f.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/8072-de4952a2e6d2b33f.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/8315-b91d03a3949db0af.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/8386-f93a83ccbd789bd9.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/87c73c54-781a7f35148d5433.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/8903-fefea3339a02d41b.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/9090-e66485adf8d9d990.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/_not-found/page-a67d9808462c23b1.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/account/api-keys/page-2d7ee1583bbbd02e.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/account/api-keys/page-6a3c2bae6fe92b7b.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/account/consent/page-2ed3a035136bc4e8.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/account/consent/page-b2f5c91844a32422.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/account/page-25b90f89af3ea58c.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/account/page-b65d16c94ecaf69c.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/account/privacy/page-675b6d05c8f9184f.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/account/privacy/page-cbee2e1c8ab52145.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/account/settings/page-0f44da06697cf9f0.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/account/settings/page-563420253577edbf.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/adapters/page-1854631018bc32be.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/agents/page-8353752c176a7c70.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/agents/page-f61a529f110a6040.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/api-demo/page-7f19b9d20d39be28.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/api-demo/page-d1063938f249b8bd.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/audit/page-321b6728b8fff0bb.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/audit/page-ebac35ca961a1277.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/billing/page-6f3dc3bd02924f8e.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/billing/page-fa4a469f814c821a.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/comms/page-0d4f734269addd8f.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/comms/page-79227d426050089c.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/config/page-018d21d683b6e5bc.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/config/page-2aa5a5363ca2a371.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/consent/page-198373205fd316e2.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/consent/page-f2ca39e7713b13f8.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/dashboard/page-1dd5a196f643c60d.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/dashboard/page-530a04d3abbb8cda.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/docs/page-3193b06d094ab654.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/docs/page-330e996dedb87aba.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/layout-0a70f5fc460298b1.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/layout-21f2f99dd5b336e9.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/login/page-33240e6c6034a49d.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/login/page-68ffab6d54a7fdcd.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/logs/page-8a6167aecc4a475c.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/memory/page-9ca8c5d0056de3ff.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/memory/page-e961226941c18f81.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/page-6fdb065a787a4974.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/page-89f87d431be6064a.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/runtime/page-2e728b9c43aa164d.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/runtime/page-c7dd033dc40a72f0.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/services/page-ae9f0bdf11d01a95.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/services/page-b10feb79ca5d75e5.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/sessions/page-13ebe7ef1c16ae11.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/sessions/page-e6c82b16d617f785.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/setup/page-0beb5f5b5a5c20fc.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/setup/page-2595e729eae30c0e.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/status-dashboard/page-1037c987aecc3653.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/status-dashboard/page-2ffd147f6d3162ff.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/system/page-2c5798d58cafcd91.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/system/page-505b1ba4eceb01c3.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/test-auth/page-b0cad31d5cb1b2fa.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/test-auth/page-f3ecd7a8012df230.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/test-login/page-f35117fdc4105801.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/test-login/page-fb583a7924114906.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/test-sdk/page-50f116fd76935563.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/test-sdk/page-c37d8aa5ba623a44.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/tools/page-429aec7a707777ef.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/tools/page-5f705aad60e0c04e.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/users/page-13476b8b0f3808cc.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/users/page-7e500d154ed5bba4.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/wa/page-cc4a9d8a5cb44d08.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/app/wa/page-ec3e429efbc79230.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/framework-9d29490f5ba089ba.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/main-1f554952e47a82c4.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/main-app-26fa8aed029082e5.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/main-app-97b0486ef6bcef25.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/pages/_app-6ce685456e616eb2.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/pages/_error-d4bce98d93fe21e7.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/polyfills-42372ed130431b0a.js +1 -0
- ciris_engine/gui_static/_next/static/chunks/webpack-fcebd240b7f8477d.js +1 -0
- ciris_engine/gui_static/_next/static/css/16b94b1fe0cc6e37.css +3 -0
- ciris_engine/gui_static/_next/static/css/77a24ceaae86deff.css +3 -0
- ciris_engine/gui_static/_next/static/media/4cf2300e9c8272f7-s.p.woff2 +0 -0
- ciris_engine/gui_static/_next/static/media/747892c23ea88013-s.woff2 +0 -0
- ciris_engine/gui_static/_next/static/media/8d697b304b401681-s.woff2 +0 -0
- ciris_engine/gui_static/_next/static/media/93f479601ee12b01-s.p.woff2 +0 -0
- ciris_engine/gui_static/_next/static/media/9610d9e46709d722-s.woff2 +0 -0
- ciris_engine/gui_static/_next/static/media/ba015fad6dcf6784-s.woff2 +0 -0
- ciris_engine/gui_static/_next/static/media/d8298875641ec7d4-s.p.woff2 +0 -0
- ciris_engine/gui_static/account/api-keys/index.html +1 -0
- ciris_engine/gui_static/account/api-keys/index.txt +27 -0
- ciris_engine/gui_static/account/consent/index.html +1 -0
- ciris_engine/gui_static/account/consent/index.txt +27 -0
- ciris_engine/gui_static/account/index.html +1 -0
- ciris_engine/gui_static/account/index.txt +27 -0
- ciris_engine/gui_static/account/privacy/index.html +1 -0
- ciris_engine/gui_static/account/privacy/index.txt +27 -0
- ciris_engine/gui_static/account/settings/index.html +1 -0
- ciris_engine/gui_static/account/settings/index.txt +27 -0
- ciris_engine/gui_static/adapters/index.html +1 -0
- ciris_engine/gui_static/adapters/index.txt +27 -0
- ciris_engine/gui_static/agents/index.html +1 -0
- ciris_engine/gui_static/agents/index.txt +27 -0
- ciris_engine/gui_static/andrew-roberts-euBRXcx57T4-unsplash.jpg +0 -0
- ciris_engine/gui_static/api-demo/index.html +1 -0
- ciris_engine/gui_static/api-demo/index.txt +27 -0
- ciris_engine/gui_static/audit/index.html +1 -0
- ciris_engine/gui_static/audit/index.txt +27 -0
- ciris_engine/gui_static/billing/index.html +1 -0
- ciris_engine/gui_static/billing/index.txt +27 -0
- ciris_engine/gui_static/blurryinfo.png +0 -0
- ciris_engine/gui_static/chip-vincent-PkQDwfl9Flc-unsplash.jpg +0 -0
- ciris_engine/gui_static/ciris-architecture.svg +338 -0
- ciris_engine/gui_static/comms/index.html +1 -0
- ciris_engine/gui_static/comms/index.txt +27 -0
- ciris_engine/gui_static/config/index.html +1 -0
- ciris_engine/gui_static/config/index.txt +27 -0
- ciris_engine/gui_static/consent/index.html +1 -0
- ciris_engine/gui_static/consent/index.txt +27 -0
- ciris_engine/gui_static/dashboard/index.html +1 -0
- ciris_engine/gui_static/dashboard/index.txt +27 -0
- ciris_engine/gui_static/docs/index.html +1 -0
- ciris_engine/gui_static/docs/index.txt +27 -0
- ciris_engine/gui_static/eric.png +0 -0
- ciris_engine/gui_static/file.svg +1 -0
- ciris_engine/gui_static/globe.svg +1 -0
- ciris_engine/gui_static/index.html +1 -0
- ciris_engine/gui_static/index.txt +27 -0
- ciris_engine/gui_static/infogfx-1@2x.png +0 -0
- ciris_engine/gui_static/infogfx-2.png +0 -0
- ciris_engine/gui_static/infogfx-dark-1.png +0 -0
- ciris_engine/gui_static/kelly-vohs-soSTXmIxTDU-unsplash.jpg +0 -0
- ciris_engine/gui_static/login/index.html +1 -0
- ciris_engine/gui_static/login/index.txt +27 -0
- ciris_engine/gui_static/logs/index.html +1 -0
- ciris_engine/gui_static/logs/index.txt +27 -0
- ciris_engine/gui_static/memory/index.html +1 -0
- ciris_engine/gui_static/memory/index.txt +27 -0
- ciris_engine/gui_static/nathan-farrish-ArcTfEoBgzs-unsplash.jpg +0 -0
- ciris_engine/gui_static/next.svg +1 -0
- ciris_engine/gui_static/overview.svg +512 -0
- ciris_engine/gui_static/overview1.svg +407 -0
- ciris_engine/gui_static/overview2.svg +370 -0
- ciris_engine/gui_static/pipeline-visualization.svg +278 -0
- ciris_engine/gui_static/privacy-policy.html +160 -0
- ciris_engine/gui_static/runtime/index.html +8 -0
- ciris_engine/gui_static/runtime/index.txt +27 -0
- ciris_engine/gui_static/services/index.html +1 -0
- ciris_engine/gui_static/services/index.txt +27 -0
- ciris_engine/gui_static/sessions/index.html +1 -0
- ciris_engine/gui_static/sessions/index.txt +27 -0
- ciris_engine/gui_static/setup/index.html +1 -0
- ciris_engine/gui_static/setup/index.txt +27 -0
- ciris_engine/gui_static/status-dashboard/index.html +1 -0
- ciris_engine/gui_static/status-dashboard/index.txt +27 -0
- ciris_engine/gui_static/system/index.html +1 -0
- ciris_engine/gui_static/system/index.txt +27 -0
- ciris_engine/gui_static/terms-of-service.html +174 -0
- ciris_engine/gui_static/test-auth/index.html +1 -0
- ciris_engine/gui_static/test-auth/index.txt +27 -0
- ciris_engine/gui_static/test-login/index.html +1 -0
- ciris_engine/gui_static/test-login/index.txt +27 -0
- ciris_engine/gui_static/test-sdk/index.html +1 -0
- ciris_engine/gui_static/test-sdk/index.txt +27 -0
- ciris_engine/gui_static/tools/index.html +1 -0
- ciris_engine/gui_static/tools/index.txt +27 -0
- ciris_engine/gui_static/users/index.html +1 -0
- ciris_engine/gui_static/users/index.txt +27 -0
- ciris_engine/gui_static/vercel.svg +1 -0
- ciris_engine/gui_static/videos/video1.mp4 +0 -0
- ciris_engine/gui_static/videos/video3.mp4 +0 -0
- ciris_engine/gui_static/wa/index.html +1 -0
- ciris_engine/gui_static/wa/index.txt +27 -0
- ciris_engine/gui_static/window.svg +1 -0
- ciris_engine/logic/__init__.py +8 -0
- ciris_engine/logic/adapters/__init__.py +74 -0
- ciris_engine/logic/adapters/api/__init__.py +5 -0
- ciris_engine/logic/adapters/api/adapter.py +1037 -0
- ciris_engine/logic/adapters/api/api_communication.py +370 -0
- ciris_engine/logic/adapters/api/api_document.py +330 -0
- ciris_engine/logic/adapters/api/api_observer.py +24 -0
- ciris_engine/logic/adapters/api/api_runtime_control.py +388 -0
- ciris_engine/logic/adapters/api/api_tools.py +299 -0
- ciris_engine/logic/adapters/api/api_vision.py +215 -0
- ciris_engine/logic/adapters/api/app.py +272 -0
- ciris_engine/logic/adapters/api/auth.py +159 -0
- ciris_engine/logic/adapters/api/config.py +101 -0
- ciris_engine/logic/adapters/api/constants.py +55 -0
- ciris_engine/logic/adapters/api/dependencies/__init__.py +1 -0
- ciris_engine/logic/adapters/api/dependencies/auth.py +260 -0
- ciris_engine/logic/adapters/api/endpoints/__init__.py +1 -0
- ciris_engine/logic/adapters/api/endpoints/emergency.py +86 -0
- ciris_engine/logic/adapters/api/middleware/__init__.py +1 -0
- ciris_engine/logic/adapters/api/middleware/rate_limiter.py +302 -0
- ciris_engine/logic/adapters/api/models.py +29 -0
- ciris_engine/logic/adapters/api/routes/__init__.py +52 -0
- ciris_engine/logic/adapters/api/routes/agent.py +1762 -0
- ciris_engine/logic/adapters/api/routes/audit.py +707 -0
- ciris_engine/logic/adapters/api/routes/auth.py +1745 -0
- ciris_engine/logic/adapters/api/routes/billing.py +895 -0
- ciris_engine/logic/adapters/api/routes/config.py +329 -0
- ciris_engine/logic/adapters/api/routes/connectors.py +534 -0
- ciris_engine/logic/adapters/api/routes/consent.py +637 -0
- ciris_engine/logic/adapters/api/routes/dsar.py +637 -0
- ciris_engine/logic/adapters/api/routes/dsar_multi_source.py +484 -0
- ciris_engine/logic/adapters/api/routes/emergency.py +302 -0
- ciris_engine/logic/adapters/api/routes/memory.py +733 -0
- ciris_engine/logic/adapters/api/routes/memory_filters.py +230 -0
- ciris_engine/logic/adapters/api/routes/memory_models.py +112 -0
- ciris_engine/logic/adapters/api/routes/memory_queries.py +236 -0
- ciris_engine/logic/adapters/api/routes/memory_query_helpers.py +394 -0
- ciris_engine/logic/adapters/api/routes/memory_visualization.py +359 -0
- ciris_engine/logic/adapters/api/routes/memory_visualization_helpers.py +110 -0
- ciris_engine/logic/adapters/api/routes/partnership.py +541 -0
- ciris_engine/logic/adapters/api/routes/setup.py +1374 -0
- ciris_engine/logic/adapters/api/routes/system.py +3049 -0
- ciris_engine/logic/adapters/api/routes/system_extensions.py +952 -0
- ciris_engine/logic/adapters/api/routes/telemetry.py +1987 -0
- ciris_engine/logic/adapters/api/routes/telemetry_converters.py +141 -0
- ciris_engine/logic/adapters/api/routes/telemetry_helpers.py +111 -0
- ciris_engine/logic/adapters/api/routes/telemetry_logs_reader.py +280 -0
- ciris_engine/logic/adapters/api/routes/telemetry_metrics.py +131 -0
- ciris_engine/logic/adapters/api/routes/telemetry_models.py +190 -0
- ciris_engine/logic/adapters/api/routes/telemetry_otlp.py +878 -0
- ciris_engine/logic/adapters/api/routes/telemetry_resource_helpers.py +191 -0
- ciris_engine/logic/adapters/api/routes/tickets.py +541 -0
- ciris_engine/logic/adapters/api/routes/tools.py +556 -0
- ciris_engine/logic/adapters/api/routes/transparency.py +281 -0
- ciris_engine/logic/adapters/api/routes/users.py +981 -0
- ciris_engine/logic/adapters/api/routes/verification.py +373 -0
- ciris_engine/logic/adapters/api/routes/wa.py +369 -0
- ciris_engine/logic/adapters/api/service_configuration.py +177 -0
- ciris_engine/logic/adapters/api/services/__init__.py +1 -0
- ciris_engine/logic/adapters/api/services/auth_service.py +1417 -0
- ciris_engine/logic/adapters/api/services/oauth_security.py +68 -0
- ciris_engine/logic/adapters/base.py +141 -0
- ciris_engine/logic/adapters/base_adapter.py +73 -0
- ciris_engine/logic/adapters/base_observer.py +1141 -0
- ciris_engine/logic/adapters/base_vision.py +312 -0
- ciris_engine/logic/adapters/cirisnode_client.py +307 -0
- ciris_engine/logic/adapters/cli/__init__.py +3 -0
- ciris_engine/logic/adapters/cli/adapter.py +207 -0
- ciris_engine/logic/adapters/cli/cli_adapter.py +902 -0
- ciris_engine/logic/adapters/cli/cli_observer.py +268 -0
- ciris_engine/logic/adapters/cli/cli_tools.py +427 -0
- ciris_engine/logic/adapters/cli/cli_wa_service.py +134 -0
- ciris_engine/logic/adapters/cli/config.py +73 -0
- ciris_engine/logic/adapters/discord/__init__.py +3 -0
- ciris_engine/logic/adapters/discord/adapter.py +783 -0
- ciris_engine/logic/adapters/discord/ciris_discord_client.py +159 -0
- ciris_engine/logic/adapters/discord/config.py +177 -0
- ciris_engine/logic/adapters/discord/constants.py +185 -0
- ciris_engine/logic/adapters/discord/discord-stubs.pyi +50 -0
- ciris_engine/logic/adapters/discord/discord_adapter.py +1584 -0
- ciris_engine/logic/adapters/discord/discord_audit.py +150 -0
- ciris_engine/logic/adapters/discord/discord_channel_manager.py +351 -0
- ciris_engine/logic/adapters/discord/discord_connection_manager.py +313 -0
- ciris_engine/logic/adapters/discord/discord_embed_formatter.py +369 -0
- ciris_engine/logic/adapters/discord/discord_error_classifier.py +302 -0
- ciris_engine/logic/adapters/discord/discord_error_handler.py +316 -0
- ciris_engine/logic/adapters/discord/discord_guidance_handler.py +460 -0
- ciris_engine/logic/adapters/discord/discord_message_handler.py +207 -0
- ciris_engine/logic/adapters/discord/discord_observer.py +670 -0
- ciris_engine/logic/adapters/discord/discord_rate_limiter.py +249 -0
- ciris_engine/logic/adapters/discord/discord_reaction_handler.py +278 -0
- ciris_engine/logic/adapters/discord/discord_tool_handler.py +465 -0
- ciris_engine/logic/adapters/discord/discord_tool_service.py +790 -0
- ciris_engine/logic/adapters/discord/discord_tools.py +90 -0
- ciris_engine/logic/adapters/discord/discord_vision_helper.py +148 -0
- ciris_engine/logic/adapters/discord/py.typed +0 -0
- ciris_engine/logic/adapters/document_parser.py +320 -0
- ciris_engine/logic/audit/__init__.py +10 -0
- ciris_engine/logic/audit/hash_chain.py +313 -0
- ciris_engine/logic/audit/signature_manager.py +352 -0
- ciris_engine/logic/audit/verifier.py +408 -0
- ciris_engine/logic/buses/__init__.py +21 -0
- ciris_engine/logic/buses/base_bus.py +178 -0
- ciris_engine/logic/buses/bus_manager.py +121 -0
- ciris_engine/logic/buses/communication_bus.py +387 -0
- ciris_engine/logic/buses/llm_bus.py +722 -0
- ciris_engine/logic/buses/memory_bus.py +577 -0
- ciris_engine/logic/buses/prohibitions.py +502 -0
- ciris_engine/logic/buses/runtime_control_bus.py +539 -0
- ciris_engine/logic/buses/tool_bus.py +482 -0
- ciris_engine/logic/buses/wise_bus.py +684 -0
- ciris_engine/logic/config/__init__.py +25 -0
- ciris_engine/logic/config/bootstrap.py +255 -0
- ciris_engine/logic/config/config_accessor.py +202 -0
- ciris_engine/logic/config/db_paths.py +194 -0
- ciris_engine/logic/config/env_utils.py +39 -0
- ciris_engine/logic/conscience/__init__.py +16 -0
- ciris_engine/logic/conscience/build_deferral_package.py +0 -0
- ciris_engine/logic/conscience/core.py +688 -0
- ciris_engine/logic/conscience/interface.py +33 -0
- ciris_engine/logic/conscience/registry.py +76 -0
- ciris_engine/logic/conscience/thought_depth_guardrail.py +231 -0
- ciris_engine/logic/conscience/updated_status_conscience.py +156 -0
- ciris_engine/logic/context/__init__.py +10 -0
- ciris_engine/logic/context/batch_context.py +550 -0
- ciris_engine/logic/context/builder.py +149 -0
- ciris_engine/logic/context/channel_resolution.py +136 -0
- ciris_engine/logic/context/secrets_snapshot.py +52 -0
- ciris_engine/logic/context/system_snapshot.py +116 -0
- ciris_engine/logic/context/system_snapshot_helpers.py +1651 -0
- ciris_engine/logic/covenant/__init__.py +33 -0
- ciris_engine/logic/covenant/executor.py +303 -0
- ciris_engine/logic/covenant/extractor.py +382 -0
- ciris_engine/logic/covenant/handler.py +241 -0
- ciris_engine/logic/covenant/verifier.py +383 -0
- ciris_engine/logic/dma/__init__.py +15 -0
- ciris_engine/logic/dma/action_selection/__init__.py +11 -0
- ciris_engine/logic/dma/action_selection/action_instruction_generator.py +444 -0
- ciris_engine/logic/dma/action_selection/context_builder.py +508 -0
- ciris_engine/logic/dma/action_selection/faculty_integration.py +193 -0
- ciris_engine/logic/dma/action_selection/special_cases.py +132 -0
- ciris_engine/logic/dma/action_selection_pdma.py +365 -0
- ciris_engine/logic/dma/base_dma.py +335 -0
- ciris_engine/logic/dma/csdma.py +239 -0
- ciris_engine/logic/dma/dma_executor.py +575 -0
- ciris_engine/logic/dma/dsdma_base.py +410 -0
- ciris_engine/logic/dma/exceptions.py +4 -0
- ciris_engine/logic/dma/factory.py +150 -0
- ciris_engine/logic/dma/pdma.py +120 -0
- ciris_engine/logic/dma/prompt_loader.py +189 -0
- ciris_engine/logic/dma/prompts/action_selection_pdma.yml +58 -0
- ciris_engine/logic/dma/prompts/csdma_common_sense.yml +28 -0
- ciris_engine/logic/dma/prompts/dsdma_base.yml +17 -0
- ciris_engine/logic/dma/prompts/pdma_ethical.yml +42 -0
- ciris_engine/logic/formatters/__init__.py +26 -0
- ciris_engine/logic/formatters/crisis_resources.py +80 -0
- ciris_engine/logic/formatters/escalation.py +21 -0
- ciris_engine/logic/formatters/identity.py +224 -0
- ciris_engine/logic/formatters/prompt_blocks.py +64 -0
- ciris_engine/logic/formatters/system_snapshot.py +193 -0
- ciris_engine/logic/formatters/user_profiles.py +108 -0
- ciris_engine/logic/handlers/__init__.py +1 -0
- ciris_engine/logic/handlers/control/__init__.py +1 -0
- ciris_engine/logic/handlers/control/defer_handler.py +195 -0
- ciris_engine/logic/handlers/control/ponder_handler.py +154 -0
- ciris_engine/logic/handlers/control/reject_handler.py +81 -0
- ciris_engine/logic/handlers/external/__init__.py +1 -0
- ciris_engine/logic/handlers/external/observe_handler.py +154 -0
- ciris_engine/logic/handlers/external/speak_handler.py +250 -0
- ciris_engine/logic/handlers/external/tool_handler.py +148 -0
- ciris_engine/logic/handlers/memory/__init__.py +1 -0
- ciris_engine/logic/handlers/memory/forget_handler.py +107 -0
- ciris_engine/logic/handlers/memory/memorize_handler.py +391 -0
- ciris_engine/logic/handlers/memory/recall_handler.py +213 -0
- ciris_engine/logic/handlers/terminal/__init__.py +1 -0
- ciris_engine/logic/handlers/terminal/task_complete_handler.py +299 -0
- ciris_engine/logic/infrastructure/__init__.py +1 -0
- ciris_engine/logic/infrastructure/handlers/__init__.py +8 -0
- ciris_engine/logic/infrastructure/handlers/action_dispatcher.py +382 -0
- ciris_engine/logic/infrastructure/handlers/base_handler.py +450 -0
- ciris_engine/logic/infrastructure/handlers/exceptions.py +2 -0
- ciris_engine/logic/infrastructure/handlers/handler_registry.py +59 -0
- ciris_engine/logic/infrastructure/handlers/helpers.py +55 -0
- ciris_engine/logic/infrastructure/step_streaming.py +149 -0
- ciris_engine/logic/infrastructure/sub_services/__init__.py +1 -0
- ciris_engine/logic/infrastructure/sub_services/identity_variance_monitor.py +1035 -0
- ciris_engine/logic/infrastructure/sub_services/pattern_analysis_loop.py +758 -0
- ciris_engine/logic/infrastructure/sub_services/wa_cli_bootstrap.py +229 -0
- ciris_engine/logic/infrastructure/sub_services/wa_cli_display.py +176 -0
- ciris_engine/logic/infrastructure/sub_services/wa_cli_oauth.py +404 -0
- ciris_engine/logic/infrastructure/sub_services/wa_cli_wizard.py +181 -0
- ciris_engine/logic/persistence/__init__.py +130 -0
- ciris_engine/logic/persistence/analytics.py +97 -0
- ciris_engine/logic/persistence/db/__init__.py +28 -0
- ciris_engine/logic/persistence/db/core.py +520 -0
- ciris_engine/logic/persistence/db/dialect.py +380 -0
- ciris_engine/logic/persistence/db/execution_helpers.py +216 -0
- ciris_engine/logic/persistence/db/migration_runner.py +191 -0
- ciris_engine/logic/persistence/db/operations.py +313 -0
- ciris_engine/logic/persistence/db/query_builder.py +232 -0
- ciris_engine/logic/persistence/db/retry.py +154 -0
- ciris_engine/logic/persistence/db/setup.py +18 -0
- ciris_engine/logic/persistence/migrations/postgres/001_initial_schema.sql +4 -0
- ciris_engine/logic/persistence/migrations/postgres/002_add_retry_status.sql +3 -0
- ciris_engine/logic/persistence/migrations/postgres/003_add_task_update_tracking.sql +8 -0
- ciris_engine/logic/persistence/migrations/postgres/004_add_occurrence_id.sql +54 -0
- ciris_engine/logic/persistence/migrations/postgres/005_add_consolidation_locks.sql +22 -0
- ciris_engine/logic/persistence/migrations/postgres/006_add_correlation_id_unique_index.sql +16 -0
- ciris_engine/logic/persistence/migrations/postgres/007_add_dsar_tickets.sql +39 -0
- ciris_engine/logic/persistence/migrations/postgres/008_rename_to_tickets_add_sop.sql +123 -0
- ciris_engine/logic/persistence/migrations/postgres/009_add_ticket_status_columns.sql +39 -0
- ciris_engine/logic/persistence/migrations/postgres/010_add_images_to_tasks.sql +5 -0
- ciris_engine/logic/persistence/migrations/sqlite/001_initial_schema.sql +357 -0
- ciris_engine/logic/persistence/migrations/sqlite/002_add_retry_status.sql +3 -0
- ciris_engine/logic/persistence/migrations/sqlite/003_add_task_update_tracking.sql +8 -0
- ciris_engine/logic/persistence/migrations/sqlite/004_add_occurrence_id.sql +45 -0
- ciris_engine/logic/persistence/migrations/sqlite/005_add_consolidation_locks.sql +22 -0
- ciris_engine/logic/persistence/migrations/sqlite/006_add_correlation_id_unique_index.sql +16 -0
- ciris_engine/logic/persistence/migrations/sqlite/007_add_dsar_tickets.sql +39 -0
- ciris_engine/logic/persistence/migrations/sqlite/008_rename_to_tickets_add_sop.sql +120 -0
- ciris_engine/logic/persistence/migrations/sqlite/009_add_ticket_status_columns.sql +129 -0
- ciris_engine/logic/persistence/migrations/sqlite/010_add_images_to_tasks.sql +17 -0
- ciris_engine/logic/persistence/models/__init__.py +141 -0
- ciris_engine/logic/persistence/models/correlations.py +881 -0
- ciris_engine/logic/persistence/models/deferral.py +68 -0
- ciris_engine/logic/persistence/models/dsar.py +286 -0
- ciris_engine/logic/persistence/models/graph.py +362 -0
- ciris_engine/logic/persistence/models/identity.py +264 -0
- ciris_engine/logic/persistence/models/queue_status.py +139 -0
- ciris_engine/logic/persistence/models/tasks.py +1043 -0
- ciris_engine/logic/persistence/models/thoughts.py +400 -0
- ciris_engine/logic/persistence/models/tickets.py +518 -0
- ciris_engine/logic/persistence/stores/__init__.py +13 -0
- ciris_engine/logic/persistence/stores/auth_helpers.py +117 -0
- ciris_engine/logic/persistence/stores/authentication_store.py +414 -0
- ciris_engine/logic/persistence/utils.py +212 -0
- ciris_engine/logic/processors/__init__.py +30 -0
- ciris_engine/logic/processors/core/__init__.py +1 -0
- ciris_engine/logic/processors/core/base_processor.py +280 -0
- ciris_engine/logic/processors/core/main_processor.py +1777 -0
- ciris_engine/logic/processors/core/step_decorators.py +1583 -0
- ciris_engine/logic/processors/core/thought_processor/__init__.py +20 -0
- ciris_engine/logic/processors/core/thought_processor/action_execution.py +49 -0
- ciris_engine/logic/processors/core/thought_processor/conscience_execution.py +382 -0
- ciris_engine/logic/processors/core/thought_processor/finalize_action.py +66 -0
- ciris_engine/logic/processors/core/thought_processor/gather_context.py +120 -0
- ciris_engine/logic/processors/core/thought_processor/main.py +920 -0
- ciris_engine/logic/processors/core/thought_processor/perform_aspdma.py +86 -0
- ciris_engine/logic/processors/core/thought_processor/perform_dmas.py +106 -0
- ciris_engine/logic/processors/core/thought_processor/recursive_processing.py +237 -0
- ciris_engine/logic/processors/core/thought_processor/round_complete.py +52 -0
- ciris_engine/logic/processors/core/thought_processor/start_round.py +64 -0
- ciris_engine/logic/processors/exceptions.py +59 -0
- ciris_engine/logic/processors/states/__init__.py +1 -0
- ciris_engine/logic/processors/states/dream_processor.py +1381 -0
- ciris_engine/logic/processors/states/play_processor.py +141 -0
- ciris_engine/logic/processors/states/shutdown_processor.py +623 -0
- ciris_engine/logic/processors/states/solitude_processor.py +305 -0
- ciris_engine/logic/processors/states/wakeup_processor.py +802 -0
- ciris_engine/logic/processors/states/work_processor.py +742 -0
- ciris_engine/logic/processors/support/__init__.py +1 -0
- ciris_engine/logic/processors/support/dma_orchestrator.py +336 -0
- ciris_engine/logic/processors/support/processing_queue.py +133 -0
- ciris_engine/logic/processors/support/shutdown_condition_evaluator.py +294 -0
- ciris_engine/logic/processors/support/state_manager.py +358 -0
- ciris_engine/logic/processors/support/task_manager.py +303 -0
- ciris_engine/logic/processors/support/thought_escalation.py +116 -0
- ciris_engine/logic/processors/support/thought_manager.py +328 -0
- ciris_engine/logic/processors/support/thought_manager_enhanced.py +105 -0
- ciris_engine/logic/registries/__init__.py +34 -0
- ciris_engine/logic/registries/base.py +653 -0
- ciris_engine/logic/registries/circuit_breaker.py +275 -0
- ciris_engine/logic/registries/typed_registries.py +184 -0
- ciris_engine/logic/runtime/__init__.py +7 -0
- ciris_engine/logic/runtime/adapter_loader.py +261 -0
- ciris_engine/logic/runtime/adapter_manager.py +1053 -0
- ciris_engine/logic/runtime/ciris_runtime.py +2342 -0
- ciris_engine/logic/runtime/ciris_runtime_helpers.py +923 -0
- ciris_engine/logic/runtime/component_builder.py +361 -0
- ciris_engine/logic/runtime/identity_manager.py +219 -0
- ciris_engine/logic/runtime/module_loader.py +207 -0
- ciris_engine/logic/runtime/prevent_sideeffects.py +30 -0
- ciris_engine/logic/runtime/runtime_interface.py +23 -0
- ciris_engine/logic/runtime/service_initializer.py +1623 -0
- ciris_engine/logic/secrets/__init__.py +30 -0
- ciris_engine/logic/secrets/encryption.py +175 -0
- ciris_engine/logic/secrets/filter.py +295 -0
- ciris_engine/logic/secrets/service.py +652 -0
- ciris_engine/logic/secrets/store.py +669 -0
- ciris_engine/logic/services/__init__.py +1 -0
- ciris_engine/logic/services/adaptation/__init__.py +3 -0
- ciris_engine/logic/services/base_graph_service.py +142 -0
- ciris_engine/logic/services/base_infrastructure_service.py +69 -0
- ciris_engine/logic/services/base_scheduled_service.py +136 -0
- ciris_engine/logic/services/base_service.py +247 -0
- ciris_engine/logic/services/governance/__init__.py +3 -0
- ciris_engine/logic/services/governance/adaptive_filter/__init__.py +14 -0
- ciris_engine/logic/services/governance/adaptive_filter/service.py +818 -0
- ciris_engine/logic/services/governance/consent/__init__.py +53 -0
- ciris_engine/logic/services/governance/consent/air.py +403 -0
- ciris_engine/logic/services/governance/consent/decay.py +324 -0
- ciris_engine/logic/services/governance/consent/dsar_automation.py +589 -0
- ciris_engine/logic/services/governance/consent/exceptions.py +106 -0
- ciris_engine/logic/services/governance/consent/metrics.py +270 -0
- ciris_engine/logic/services/governance/consent/partnership.py +533 -0
- ciris_engine/logic/services/governance/consent/service.py +1256 -0
- ciris_engine/logic/services/governance/dsar/__init__.py +29 -0
- ciris_engine/logic/services/governance/dsar/orchestrator.py +977 -0
- ciris_engine/logic/services/governance/dsar/schemas.py +141 -0
- ciris_engine/logic/services/governance/dsar/signature_service.py +283 -0
- ciris_engine/logic/services/governance/self_observation/__init__.py +20 -0
- ciris_engine/logic/services/governance/self_observation/service.py +1153 -0
- ciris_engine/logic/services/governance/visibility/__init__.py +17 -0
- ciris_engine/logic/services/governance/visibility/service.py +512 -0
- ciris_engine/logic/services/governance/wise_authority/__init__.py +15 -0
- ciris_engine/logic/services/governance/wise_authority/service.py +827 -0
- ciris_engine/logic/services/graph/__init__.py +5 -0
- ciris_engine/logic/services/graph/audit_service/__init__.py +5 -0
- ciris_engine/logic/services/graph/audit_service/service.py +1675 -0
- ciris_engine/logic/services/graph/base.py +208 -0
- ciris_engine/logic/services/graph/config_service/__init__.py +5 -0
- ciris_engine/logic/services/graph/config_service/service.py +372 -0
- ciris_engine/logic/services/graph/incident_service/__init__.py +5 -0
- ciris_engine/logic/services/graph/incident_service/service.py +803 -0
- ciris_engine/logic/services/graph/memory_service.py +1120 -0
- ciris_engine/logic/services/graph/telemetry_service/__init__.py +5 -0
- ciris_engine/logic/services/graph/telemetry_service/exceptions.py +104 -0
- ciris_engine/logic/services/graph/telemetry_service/helpers.py +1337 -0
- ciris_engine/logic/services/graph/telemetry_service/service.py +2429 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/__init__.py +17 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/aggregation_helpers.py +355 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/cleanup_helpers.py +438 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/compressor.py +260 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/consolidators/__init__.py +27 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/consolidators/audit.py +326 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/consolidators/conversation.py +291 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/consolidators/memory.py +197 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/consolidators/metrics.py +251 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/consolidators/task.py +257 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/consolidators/trace.py +363 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/data_converter.py +545 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/date_calculation_helpers.py +193 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/db_query_helpers.py +296 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/edge_helpers.py +92 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/edge_manager.py +896 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/extensive_helpers.py +322 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/period_manager.py +152 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/profound_helpers.py +277 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/query_manager.py +812 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/service.py +1692 -0
- ciris_engine/logic/services/graph/tsdb_consolidation/sql_builders.py +363 -0
- ciris_engine/logic/services/infrastructure/__init__.py +1 -0
- ciris_engine/logic/services/infrastructure/authentication/__init__.py +5 -0
- ciris_engine/logic/services/infrastructure/authentication/service.py +1634 -0
- ciris_engine/logic/services/infrastructure/database_maintenance/__init__.py +15 -0
- ciris_engine/logic/services/infrastructure/database_maintenance/service.py +764 -0
- ciris_engine/logic/services/infrastructure/resource_monitor/__init__.py +7 -0
- ciris_engine/logic/services/infrastructure/resource_monitor/ciris_billing_provider.py +755 -0
- ciris_engine/logic/services/infrastructure/resource_monitor/service.py +409 -0
- ciris_engine/logic/services/infrastructure/resource_monitor/simple_credit_provider.py +129 -0
- ciris_engine/logic/services/lifecycle/__init__.py +3 -0
- ciris_engine/logic/services/lifecycle/initialization/__init__.py +10 -0
- ciris_engine/logic/services/lifecycle/initialization/service.py +312 -0
- ciris_engine/logic/services/lifecycle/scheduler/__init__.py +5 -0
- ciris_engine/logic/services/lifecycle/scheduler/service.py +607 -0
- ciris_engine/logic/services/lifecycle/shutdown/__init__.py +9 -0
- ciris_engine/logic/services/lifecycle/shutdown/service.py +378 -0
- ciris_engine/logic/services/lifecycle/time/__init__.py +15 -0
- ciris_engine/logic/services/lifecycle/time/service.py +259 -0
- ciris_engine/logic/services/memory_service/__init__.py +8 -0
- ciris_engine/logic/services/mixins/__init__.py +13 -0
- ciris_engine/logic/services/mixins/example_usage.py +200 -0
- ciris_engine/logic/services/mixins/request_metrics.py +179 -0
- ciris_engine/logic/services/runtime/__init__.py +3 -0
- ciris_engine/logic/services/runtime/adapter_configuration/__init__.py +16 -0
- ciris_engine/logic/services/runtime/adapter_configuration/service.py +674 -0
- ciris_engine/logic/services/runtime/adapter_configuration/session.py +67 -0
- ciris_engine/logic/services/runtime/control_service/__init__.py +5 -0
- ciris_engine/logic/services/runtime/control_service/service.py +2269 -0
- ciris_engine/logic/services/runtime/llm_service/__init__.py +14 -0
- ciris_engine/logic/services/runtime/llm_service/pricing_calculator.py +279 -0
- ciris_engine/logic/services/runtime/llm_service/service.py +930 -0
- ciris_engine/logic/services/tools/__init__.py +5 -0
- ciris_engine/logic/services/tools/core_tool_service/__init__.py +8 -0
- ciris_engine/logic/services/tools/core_tool_service/service.py +852 -0
- ciris_engine/logic/setup/__init__.py +1 -0
- ciris_engine/logic/setup/first_run.py +250 -0
- ciris_engine/logic/setup/wizard.py +327 -0
- ciris_engine/logic/telemetry/__init__.py +46 -0
- ciris_engine/logic/telemetry/core.py +239 -0
- ciris_engine/logic/telemetry/hot_cold_config.py +133 -0
- ciris_engine/logic/telemetry/log_collector.py +190 -0
- ciris_engine/logic/telemetry/resource_monitor.py +7 -0
- ciris_engine/logic/telemetry/security.py +79 -0
- ciris_engine/logic/utils/__init__.py +18 -0
- ciris_engine/logic/utils/channel_utils.py +75 -0
- ciris_engine/logic/utils/consent/__init__.py +1 -0
- ciris_engine/logic/utils/consent/partnership_utils.py +172 -0
- ciris_engine/logic/utils/constants.py +92 -0
- ciris_engine/logic/utils/context_utils.py +145 -0
- ciris_engine/logic/utils/directory_setup.py +533 -0
- ciris_engine/logic/utils/graphql_context_provider.py +152 -0
- ciris_engine/logic/utils/identity_resolution.py +843 -0
- ciris_engine/logic/utils/incident_capture_handler.py +303 -0
- ciris_engine/logic/utils/initialization_manager.py +74 -0
- ciris_engine/logic/utils/jsondict_helpers.py +290 -0
- ciris_engine/logic/utils/log_sanitizer.py +97 -0
- ciris_engine/logic/utils/logging_config.py +151 -0
- ciris_engine/logic/utils/observability_decorators.py +544 -0
- ciris_engine/logic/utils/occurrence_utils.py +155 -0
- ciris_engine/logic/utils/path_resolution.py +281 -0
- ciris_engine/logic/utils/platform_detection.py +286 -0
- ciris_engine/logic/utils/privacy.py +266 -0
- ciris_engine/logic/utils/profile_loader.py +124 -0
- ciris_engine/logic/utils/profile_manager.py +16 -0
- ciris_engine/logic/utils/runtime_utils.py +69 -0
- ciris_engine/logic/utils/shutdown_manager.py +107 -0
- ciris_engine/logic/utils/task_formatters.py +60 -0
- ciris_engine/logic/utils/task_thought_factory.py +404 -0
- ciris_engine/logic/utils/thought_utils.py +54 -0
- ciris_engine/logic/utils/user_utils.py +70 -0
- ciris_engine/protocols/__init__.py +0 -0
- ciris_engine/protocols/adapters/__init__.py +35 -0
- ciris_engine/protocols/adapters/base.py +149 -0
- ciris_engine/protocols/adapters/configurable.py +265 -0
- ciris_engine/protocols/adapters/message.py +90 -0
- ciris_engine/protocols/audit/__init__.py +1 -0
- ciris_engine/protocols/buses/__init__.py +1 -0
- ciris_engine/protocols/config/__init__.py +1 -0
- ciris_engine/protocols/conscience/__init__.py +1 -0
- ciris_engine/protocols/consent.py +88 -0
- ciris_engine/protocols/context/__init__.py +1 -0
- ciris_engine/protocols/data/__init__.py +1 -0
- ciris_engine/protocols/dma/__init__.py +1 -0
- ciris_engine/protocols/dma/base.py +107 -0
- ciris_engine/protocols/faculties.py +34 -0
- ciris_engine/protocols/formatters/__init__.py +1 -0
- ciris_engine/protocols/handlers/__init__.py +1 -0
- ciris_engine/protocols/infrastructure/__init__.py +25 -0
- ciris_engine/protocols/infrastructure/base.py +377 -0
- ciris_engine/protocols/persistence/__init__.py +1 -0
- ciris_engine/protocols/pipeline_control.py +609 -0
- ciris_engine/protocols/processors/__init__.py +19 -0
- ciris_engine/protocols/processors/agent.py +299 -0
- ciris_engine/protocols/processors/base.py +130 -0
- ciris_engine/protocols/processors/orchestration.py +62 -0
- ciris_engine/protocols/registries/__init__.py +1 -0
- ciris_engine/protocols/runtime/__init__.py +1 -0
- ciris_engine/protocols/runtime/base.py +163 -0
- ciris_engine/protocols/secrets/__init__.py +1 -0
- ciris_engine/protocols/services/__init__.py +80 -0
- ciris_engine/protocols/services/adaptation/__init__.py +7 -0
- ciris_engine/protocols/services/adaptation/self_observation.py +265 -0
- ciris_engine/protocols/services/governance/__init__.py +20 -0
- ciris_engine/protocols/services/governance/communication.py +58 -0
- ciris_engine/protocols/services/governance/filter.py +56 -0
- ciris_engine/protocols/services/governance/visibility.py +32 -0
- ciris_engine/protocols/services/governance/wa_auth.py +192 -0
- ciris_engine/protocols/services/governance/wise_authority.py +75 -0
- ciris_engine/protocols/services/graph/__init__.py +19 -0
- ciris_engine/protocols/services/graph/audit.py +92 -0
- ciris_engine/protocols/services/graph/config.py +54 -0
- ciris_engine/protocols/services/graph/incident_management.py +103 -0
- ciris_engine/protocols/services/graph/memory.py +110 -0
- ciris_engine/protocols/services/graph/telemetry.py +51 -0
- ciris_engine/protocols/services/graph/tsdb_consolidation.py +87 -0
- ciris_engine/protocols/services/infrastructure/__init__.py +11 -0
- ciris_engine/protocols/services/infrastructure/authentication.py +159 -0
- ciris_engine/protocols/services/infrastructure/credit_gate.py +46 -0
- ciris_engine/protocols/services/infrastructure/database_maintenance.py +25 -0
- ciris_engine/protocols/services/infrastructure/resource_monitor.py +83 -0
- ciris_engine/protocols/services/lifecycle/__init__.py +13 -0
- ciris_engine/protocols/services/lifecycle/initialization.py +41 -0
- ciris_engine/protocols/services/lifecycle/scheduler.py +42 -0
- ciris_engine/protocols/services/lifecycle/shutdown.py +50 -0
- ciris_engine/protocols/services/lifecycle/time.py +31 -0
- ciris_engine/protocols/services/runtime/__init__.py +13 -0
- ciris_engine/protocols/services/runtime/llm.py +50 -0
- ciris_engine/protocols/services/runtime/runtime_control.py +193 -0
- ciris_engine/protocols/services/runtime/secrets.py +100 -0
- ciris_engine/protocols/services/runtime/tool.py +123 -0
- ciris_engine/protocols/telemetry/__init__.py +1 -0
- ciris_engine/protocols/utils/__init__.py +1 -0
- ciris_engine/schemas/__init__.py +112 -0
- ciris_engine/schemas/actions/__init__.py +37 -0
- ciris_engine/schemas/actions/parameters.py +137 -0
- ciris_engine/schemas/adapters/__init__.py +13 -0
- ciris_engine/schemas/adapters/cirisnode.py +135 -0
- ciris_engine/schemas/adapters/cli.py +97 -0
- ciris_engine/schemas/adapters/cli_tools.py +98 -0
- ciris_engine/schemas/adapters/discord.py +125 -0
- ciris_engine/schemas/adapters/graphql_core.py +144 -0
- ciris_engine/schemas/adapters/registration.py +47 -0
- ciris_engine/schemas/adapters/runtime_context.py +48 -0
- ciris_engine/schemas/adapters/tool_execution.py +45 -0
- ciris_engine/schemas/adapters/tools.py +96 -0
- ciris_engine/schemas/api/__init__.py +1 -0
- ciris_engine/schemas/api/agent.py +50 -0
- ciris_engine/schemas/api/audit.py +38 -0
- ciris_engine/schemas/api/auth.py +351 -0
- ciris_engine/schemas/api/config_security.py +242 -0
- ciris_engine/schemas/api/emergency.py +111 -0
- ciris_engine/schemas/api/responses.py +72 -0
- ciris_engine/schemas/api/runtime.py +26 -0
- ciris_engine/schemas/api/telemetry.py +109 -0
- ciris_engine/schemas/api/wa.py +90 -0
- ciris_engine/schemas/audit/__init__.py +13 -0
- ciris_engine/schemas/audit/core.py +139 -0
- ciris_engine/schemas/audit/hash_chain.py +58 -0
- ciris_engine/schemas/audit/verification.py +131 -0
- ciris_engine/schemas/buses/__init__.py +1 -0
- ciris_engine/schemas/config/__init__.py +41 -0
- ciris_engine/schemas/config/agent.py +279 -0
- ciris_engine/schemas/config/cognitive_state_behaviors.py +194 -0
- ciris_engine/schemas/config/default_dsar_sops.py +178 -0
- ciris_engine/schemas/config/essential.py +195 -0
- ciris_engine/schemas/config/tickets.py +86 -0
- ciris_engine/schemas/conscience/__init__.py +25 -0
- ciris_engine/schemas/conscience/context.py +34 -0
- ciris_engine/schemas/conscience/core.py +145 -0
- ciris_engine/schemas/conscience/results.py +24 -0
- ciris_engine/schemas/consent/__init__.py +5 -0
- ciris_engine/schemas/consent/core.py +404 -0
- ciris_engine/schemas/context/__init__.py +1 -0
- ciris_engine/schemas/covenant.py +382 -0
- ciris_engine/schemas/data/__init__.py +1 -0
- ciris_engine/schemas/dma/__init__.py +16 -0
- ciris_engine/schemas/dma/core.py +199 -0
- ciris_engine/schemas/dma/faculty.py +192 -0
- ciris_engine/schemas/dma/prompts.py +172 -0
- ciris_engine/schemas/dma/results.py +103 -0
- ciris_engine/schemas/formatters/__init__.py +1 -0
- ciris_engine/schemas/handlers/__init__.py +10 -0
- ciris_engine/schemas/handlers/context.py +119 -0
- ciris_engine/schemas/handlers/contexts.py +100 -0
- ciris_engine/schemas/handlers/core.py +167 -0
- ciris_engine/schemas/handlers/memory_schemas.py +67 -0
- ciris_engine/schemas/handlers/schemas.py +95 -0
- ciris_engine/schemas/identity.py +149 -0
- ciris_engine/schemas/infrastructure/__init__.py +1 -0
- ciris_engine/schemas/infrastructure/base.py +256 -0
- ciris_engine/schemas/infrastructure/behavioral_patterns.py +129 -0
- ciris_engine/schemas/infrastructure/feedback_loop.py +57 -0
- ciris_engine/schemas/infrastructure/identity_variance.py +141 -0
- ciris_engine/schemas/infrastructure/oauth.py +175 -0
- ciris_engine/schemas/infrastructure/wa_cli_wizard.py +54 -0
- ciris_engine/schemas/persistence/__init__.py +34 -0
- ciris_engine/schemas/persistence/core.py +140 -0
- ciris_engine/schemas/persistence/correlations.py +73 -0
- ciris_engine/schemas/persistence/postgres/__init__.py +1 -0
- ciris_engine/schemas/persistence/postgres/tables.py +280 -0
- ciris_engine/schemas/persistence/sqlite/__init__.py +1 -0
- ciris_engine/schemas/persistence/sqlite/tables.py +281 -0
- ciris_engine/schemas/platform.py +149 -0
- ciris_engine/schemas/processors/__init__.py +26 -0
- ciris_engine/schemas/processors/base.py +130 -0
- ciris_engine/schemas/processors/cognitive.py +77 -0
- ciris_engine/schemas/processors/context.py +35 -0
- ciris_engine/schemas/processors/core.py +152 -0
- ciris_engine/schemas/processors/dma.py +105 -0
- ciris_engine/schemas/processors/error.py +122 -0
- ciris_engine/schemas/processors/main.py +109 -0
- ciris_engine/schemas/processors/phase_results.py +21 -0
- ciris_engine/schemas/processors/results.py +99 -0
- ciris_engine/schemas/processors/solitude.py +79 -0
- ciris_engine/schemas/processors/state.py +202 -0
- ciris_engine/schemas/processors/state_example.py +177 -0
- ciris_engine/schemas/processors/states.py +21 -0
- ciris_engine/schemas/processors/status.py +34 -0
- ciris_engine/schemas/registries/__init__.py +1 -0
- ciris_engine/schemas/registries/base.py +66 -0
- ciris_engine/schemas/resources/__init__.py +15 -0
- ciris_engine/schemas/resources/crisis.py +315 -0
- ciris_engine/schemas/runtime/__init__.py +42 -0
- ciris_engine/schemas/runtime/adapter_management.py +186 -0
- ciris_engine/schemas/runtime/api.py +58 -0
- ciris_engine/schemas/runtime/audit.py +50 -0
- ciris_engine/schemas/runtime/bootstrap.py +33 -0
- ciris_engine/schemas/runtime/contexts.py +61 -0
- ciris_engine/schemas/runtime/core.py +161 -0
- ciris_engine/schemas/runtime/enums.py +167 -0
- ciris_engine/schemas/runtime/extended.py +232 -0
- ciris_engine/schemas/runtime/manifest.py +311 -0
- ciris_engine/schemas/runtime/memory.py +60 -0
- ciris_engine/schemas/runtime/messages.py +108 -0
- ciris_engine/schemas/runtime/models.py +156 -0
- ciris_engine/schemas/runtime/processing_context.py +43 -0
- ciris_engine/schemas/runtime/protocols_core.py +96 -0
- ciris_engine/schemas/runtime/resources.py +33 -0
- ciris_engine/schemas/runtime/system_context.py +417 -0
- ciris_engine/schemas/secrets/__init__.py +1 -0
- ciris_engine/schemas/secrets/core.py +267 -0
- ciris_engine/schemas/secrets/service.py +95 -0
- ciris_engine/schemas/services/__init__.py +33 -0
- ciris_engine/schemas/services/audit_summary_node.py +172 -0
- ciris_engine/schemas/services/authority/__init__.py +39 -0
- ciris_engine/schemas/services/authority/jwt.py +158 -0
- ciris_engine/schemas/services/authority/wa_updates.py +138 -0
- ciris_engine/schemas/services/authority/wise_authority.py +163 -0
- ciris_engine/schemas/services/authority_core.py +370 -0
- ciris_engine/schemas/services/capabilities.py +72 -0
- ciris_engine/schemas/services/community_core.py +95 -0
- ciris_engine/schemas/services/context.py +111 -0
- ciris_engine/schemas/services/conversation_summary_node.py +189 -0
- ciris_engine/schemas/services/core/__init__.py +153 -0
- ciris_engine/schemas/services/core/runtime.py +262 -0
- ciris_engine/schemas/services/core/runtime_config.py +117 -0
- ciris_engine/schemas/services/core/secrets.py +65 -0
- ciris_engine/schemas/services/correlation_node.py +179 -0
- ciris_engine/schemas/services/credit_gate.py +92 -0
- ciris_engine/schemas/services/discord_nodes.py +299 -0
- ciris_engine/schemas/services/feedback_core.py +131 -0
- ciris_engine/schemas/services/filters_core.py +270 -0
- ciris_engine/schemas/services/governance.py +26 -0
- ciris_engine/schemas/services/graph/__init__.py +26 -0
- ciris_engine/schemas/services/graph/attributes.py +254 -0
- ciris_engine/schemas/services/graph/audit.py +98 -0
- ciris_engine/schemas/services/graph/consolidation.py +338 -0
- ciris_engine/schemas/services/graph/edge_types.py +43 -0
- ciris_engine/schemas/services/graph/edges.py +88 -0
- ciris_engine/schemas/services/graph/incident.py +312 -0
- ciris_engine/schemas/services/graph/memory.py +84 -0
- ciris_engine/schemas/services/graph/node_data.py +174 -0
- ciris_engine/schemas/services/graph/query_results.py +82 -0
- ciris_engine/schemas/services/graph/telemetry.py +250 -0
- ciris_engine/schemas/services/graph/tsdb_consolidation.py +27 -0
- ciris_engine/schemas/services/graph/tsdb_models.py +107 -0
- ciris_engine/schemas/services/graph_core.py +196 -0
- ciris_engine/schemas/services/graph_typed_nodes.py +194 -0
- ciris_engine/schemas/services/infrastructure/__init__.py +1 -0
- ciris_engine/schemas/services/infrastructure/resource_monitor.py +20 -0
- ciris_engine/schemas/services/lifecycle/__init__.py +9 -0
- ciris_engine/schemas/services/lifecycle/initialization.py +33 -0
- ciris_engine/schemas/services/lifecycle/time.py +50 -0
- ciris_engine/schemas/services/llm.py +187 -0
- ciris_engine/schemas/services/metadata.py +43 -0
- ciris_engine/schemas/services/nodes.py +704 -0
- ciris_engine/schemas/services/operations.py +126 -0
- ciris_engine/schemas/services/requests.py +128 -0
- ciris_engine/schemas/services/resources_core.py +182 -0
- ciris_engine/schemas/services/runtime_control.py +1010 -0
- ciris_engine/schemas/services/shutdown.py +88 -0
- ciris_engine/schemas/services/special/__init__.py +0 -0
- ciris_engine/schemas/services/special/self_observation.py +396 -0
- ciris_engine/schemas/services/trace_summary_node.py +199 -0
- ciris_engine/schemas/services/visibility.py +98 -0
- ciris_engine/schemas/streaming/__init__.py +10 -0
- ciris_engine/schemas/streaming/reasoning_stream.py +95 -0
- ciris_engine/schemas/telemetry/__init__.py +0 -0
- ciris_engine/schemas/telemetry/collector.py +67 -0
- ciris_engine/schemas/telemetry/core.py +252 -0
- ciris_engine/schemas/telemetry/unified.py +59 -0
- ciris_engine/schemas/tools.py +72 -0
- ciris_engine/schemas/types.py +47 -0
- ciris_engine/schemas/utils/__init__.py +1 -0
- ciris_engine/schemas/utils/config_validator.py +54 -0
- ciris_engine/utils/__init__.py +1 -0
- ciris_engine/utils/serialization.py +35 -0
- ciris_sdk/__init__.py +124 -0
- ciris_sdk/auth_store.py +261 -0
- ciris_sdk/client.py +261 -0
- ciris_sdk/exceptions.py +73 -0
- ciris_sdk/model_types.py +258 -0
- ciris_sdk/models.py +354 -0
- ciris_sdk/pagination.py +214 -0
- ciris_sdk/rate_limiter.py +188 -0
- ciris_sdk/setup.py +17 -0
- ciris_sdk/telemetry_models.py +257 -0
- ciris_sdk/telemetry_responses.py +199 -0
- ciris_sdk/transport.py +177 -0
- ciris_sdk/websocket.py +400 -0
- main.py +766 -0
|
@@ -0,0 +1,592 @@
|
|
|
1
|
+
"""
|
|
2
|
+
MCP Security Module.
|
|
3
|
+
|
|
4
|
+
Implements security measures to protect against malicious MCP servers:
|
|
5
|
+
- Tool poisoning detection
|
|
6
|
+
- Input/output validation
|
|
7
|
+
- Rate limiting
|
|
8
|
+
- Permission enforcement
|
|
9
|
+
- Hidden instruction detection
|
|
10
|
+
|
|
11
|
+
Based on security research from:
|
|
12
|
+
- https://modelcontextprotocol.io/specification/draft/basic/security_best_practices
|
|
13
|
+
- https://www.redhat.com/en/blog/model-context-protocol-mcp-understanding-security-risks-and-controls
|
|
14
|
+
- https://www.pillar.security/blog/the-security-risks-of-model-context-protocol-mcp
|
|
15
|
+
"""
|
|
16
|
+
|
|
17
|
+
import asyncio
|
|
18
|
+
import hashlib
|
|
19
|
+
import logging
|
|
20
|
+
import re
|
|
21
|
+
import time
|
|
22
|
+
from collections import defaultdict
|
|
23
|
+
from dataclasses import dataclass, field
|
|
24
|
+
from datetime import datetime, timezone
|
|
25
|
+
from enum import Enum
|
|
26
|
+
from typing import Any, Dict, List, Optional, Set, Tuple
|
|
27
|
+
|
|
28
|
+
from pydantic import BaseModel, ConfigDict, Field
|
|
29
|
+
|
|
30
|
+
from .config import MCPSecurityConfig, MCPServerConfig
|
|
31
|
+
|
|
32
|
+
logger = logging.getLogger(__name__)
|
|
33
|
+
|
|
34
|
+
|
|
35
|
+
class SecurityViolationType(str, Enum):
|
|
36
|
+
"""Types of security violations."""
|
|
37
|
+
|
|
38
|
+
TOOL_POISONING = "tool_poisoning" # Malicious instructions in tool description
|
|
39
|
+
HIDDEN_INSTRUCTION = "hidden_instruction" # Hidden instructions detected
|
|
40
|
+
INPUT_TOO_LARGE = "input_too_large" # Input exceeds size limit
|
|
41
|
+
OUTPUT_TOO_LARGE = "output_too_large" # Output exceeds size limit
|
|
42
|
+
BLOCKED_TOOL = "blocked_tool" # Tool is on blocklist
|
|
43
|
+
UNAUTHORIZED_TOOL = "unauthorized_tool" # Tool not on allowlist
|
|
44
|
+
RATE_LIMIT_EXCEEDED = "rate_limit_exceeded" # Too many calls
|
|
45
|
+
PERMISSION_DENIED = "permission_denied" # Permission level insufficient
|
|
46
|
+
SCHEMA_VALIDATION_FAILED = "schema_validation_failed" # Input/output schema mismatch
|
|
47
|
+
VERSION_MISMATCH = "version_mismatch" # Server version changed unexpectedly
|
|
48
|
+
SUSPICIOUS_PATTERN = "suspicious_pattern" # Suspicious content pattern detected
|
|
49
|
+
|
|
50
|
+
|
|
51
|
+
@dataclass
|
|
52
|
+
class SecurityViolation:
|
|
53
|
+
"""Record of a security violation."""
|
|
54
|
+
|
|
55
|
+
violation_type: SecurityViolationType
|
|
56
|
+
server_id: str
|
|
57
|
+
tool_name: Optional[str]
|
|
58
|
+
description: str
|
|
59
|
+
severity: str # "low", "medium", "high", "critical"
|
|
60
|
+
timestamp: datetime = field(default_factory=lambda: datetime.now(timezone.utc))
|
|
61
|
+
context: Dict[str, Any] = field(default_factory=dict)
|
|
62
|
+
blocked: bool = True # Whether the operation was blocked
|
|
63
|
+
|
|
64
|
+
|
|
65
|
+
class SecurityEvent(BaseModel):
|
|
66
|
+
"""Security event for logging and monitoring."""
|
|
67
|
+
|
|
68
|
+
event_type: str = Field(..., description="Type of security event")
|
|
69
|
+
server_id: str = Field(..., description="Server that triggered the event")
|
|
70
|
+
tool_name: Optional[str] = Field(None, description="Tool involved if applicable")
|
|
71
|
+
description: str = Field(..., description="Event description")
|
|
72
|
+
severity: str = Field("medium", description="Event severity")
|
|
73
|
+
timestamp: datetime = Field(default_factory=lambda: datetime.now(timezone.utc), description="Event time")
|
|
74
|
+
context: Dict[str, Any] = Field(default_factory=dict, description="Additional context")
|
|
75
|
+
|
|
76
|
+
model_config = ConfigDict(extra="forbid")
|
|
77
|
+
|
|
78
|
+
|
|
79
|
+
class RateLimiter:
|
|
80
|
+
"""Token bucket rate limiter for MCP operations."""
|
|
81
|
+
|
|
82
|
+
def __init__(self, max_calls_per_minute: int, max_concurrent: int) -> None:
|
|
83
|
+
self.max_calls_per_minute = max_calls_per_minute
|
|
84
|
+
self.max_concurrent = max_concurrent
|
|
85
|
+
self._calls: List[float] = []
|
|
86
|
+
self._concurrent = 0
|
|
87
|
+
self._lock = asyncio.Lock()
|
|
88
|
+
|
|
89
|
+
async def acquire(self) -> bool:
|
|
90
|
+
"""Try to acquire a rate limit slot. Returns False if rate limited."""
|
|
91
|
+
async with self._lock:
|
|
92
|
+
now = time.time()
|
|
93
|
+
# Remove old calls outside the window
|
|
94
|
+
self._calls = [t for t in self._calls if now - t < 60.0]
|
|
95
|
+
|
|
96
|
+
if len(self._calls) >= self.max_calls_per_minute:
|
|
97
|
+
return False
|
|
98
|
+
|
|
99
|
+
if self._concurrent >= self.max_concurrent:
|
|
100
|
+
return False
|
|
101
|
+
|
|
102
|
+
self._calls.append(now)
|
|
103
|
+
self._concurrent += 1
|
|
104
|
+
return True
|
|
105
|
+
|
|
106
|
+
async def release(self) -> None:
|
|
107
|
+
"""Release a rate limit slot."""
|
|
108
|
+
async with self._lock:
|
|
109
|
+
if self._concurrent > 0:
|
|
110
|
+
self._concurrent -= 1
|
|
111
|
+
|
|
112
|
+
|
|
113
|
+
class ToolPoisoningDetector:
|
|
114
|
+
"""Detects tool poisoning attacks in MCP tool descriptions.
|
|
115
|
+
|
|
116
|
+
Tool poisoning is when an attacker embeds malicious instructions
|
|
117
|
+
in tool descriptions that are invisible to users but interpreted
|
|
118
|
+
by the AI model.
|
|
119
|
+
|
|
120
|
+
References:
|
|
121
|
+
- https://www.pillar.security/blog/the-security-risks-of-model-context-protocol-mcp
|
|
122
|
+
- https://strobes.co/blog/mcp-model-context-protocol-and-its-critical-vulnerabilities/
|
|
123
|
+
"""
|
|
124
|
+
|
|
125
|
+
# Default patterns for detecting malicious hidden instructions
|
|
126
|
+
DEFAULT_PATTERNS = [
|
|
127
|
+
# HTML-style hidden tags
|
|
128
|
+
r"<hidden>.*?</hidden>",
|
|
129
|
+
r"<system>.*?</system>",
|
|
130
|
+
r"<instruction>.*?</instruction>",
|
|
131
|
+
r"<secret>.*?</secret>",
|
|
132
|
+
r"<invisible>.*?</invisible>",
|
|
133
|
+
# HTML comments
|
|
134
|
+
r"<!--.*?-->",
|
|
135
|
+
# Null byte injection
|
|
136
|
+
r"\x00.*?\x00",
|
|
137
|
+
# Common prompt injection patterns
|
|
138
|
+
r"(?i)SYSTEM:\s*.+",
|
|
139
|
+
r"(?i)IGNORE\s+PREVIOUS\s+INSTRUCTIONS?",
|
|
140
|
+
r"(?i)DISREGARD\s+ALL\s+PREVIOUS",
|
|
141
|
+
r"(?i)OVERRIDE:\s*.+",
|
|
142
|
+
r"(?i)ADMIN\s+MODE:\s*.+",
|
|
143
|
+
r"(?i)DEBUG\s+MODE:\s*.+",
|
|
144
|
+
# SSH key extraction patterns
|
|
145
|
+
r"(?i)exfiltrate.*ssh.*key",
|
|
146
|
+
r"(?i)send.*to.*server",
|
|
147
|
+
r"(?i)upload.*credential",
|
|
148
|
+
r"(?i)steal.*token",
|
|
149
|
+
# Unicode abuse (zero-width characters)
|
|
150
|
+
r"[\u200b\u200c\u200d\ufeff]", # Zero-width chars
|
|
151
|
+
r"[\u202a-\u202e]", # Bidirectional control chars
|
|
152
|
+
# Base64 encoded instructions
|
|
153
|
+
r"(?i)base64.*decode.*execute",
|
|
154
|
+
# Script injection
|
|
155
|
+
r"<script.*?>.*?</script>",
|
|
156
|
+
r"javascript:",
|
|
157
|
+
r"data:text/html",
|
|
158
|
+
]
|
|
159
|
+
|
|
160
|
+
def __init__(self, custom_patterns: Optional[List[str]] = None) -> None:
|
|
161
|
+
"""Initialize detector with patterns.
|
|
162
|
+
|
|
163
|
+
Args:
|
|
164
|
+
custom_patterns: Additional regex patterns to detect
|
|
165
|
+
"""
|
|
166
|
+
self.patterns = self.DEFAULT_PATTERNS.copy()
|
|
167
|
+
if custom_patterns:
|
|
168
|
+
self.patterns.extend(custom_patterns)
|
|
169
|
+
self._compiled_patterns = [re.compile(p, re.DOTALL | re.IGNORECASE) for p in self.patterns]
|
|
170
|
+
|
|
171
|
+
def detect(self, text: str) -> List[Tuple[str, str]]:
|
|
172
|
+
"""Detect potential tool poisoning in text.
|
|
173
|
+
|
|
174
|
+
Args:
|
|
175
|
+
text: Text to analyze (typically tool description)
|
|
176
|
+
|
|
177
|
+
Returns:
|
|
178
|
+
List of (pattern, matched_text) tuples for detected issues
|
|
179
|
+
"""
|
|
180
|
+
findings: List[Tuple[str, str]] = []
|
|
181
|
+
for i, pattern in enumerate(self._compiled_patterns):
|
|
182
|
+
matches = pattern.findall(text)
|
|
183
|
+
for match in matches:
|
|
184
|
+
match_str = match if isinstance(match, str) else str(match)
|
|
185
|
+
# Truncate long matches for logging
|
|
186
|
+
if len(match_str) > 100:
|
|
187
|
+
match_str = match_str[:100] + "..."
|
|
188
|
+
findings.append((self.patterns[i], match_str))
|
|
189
|
+
return findings
|
|
190
|
+
|
|
191
|
+
def is_safe(self, text: str) -> Tuple[bool, List[str]]:
|
|
192
|
+
"""Check if text is safe (no poisoning detected).
|
|
193
|
+
|
|
194
|
+
Args:
|
|
195
|
+
text: Text to check
|
|
196
|
+
|
|
197
|
+
Returns:
|
|
198
|
+
(is_safe, list of reason strings)
|
|
199
|
+
"""
|
|
200
|
+
findings = self.detect(text)
|
|
201
|
+
if not findings:
|
|
202
|
+
return True, []
|
|
203
|
+
reasons = [f"Pattern '{p}' matched: {m}" for p, m in findings]
|
|
204
|
+
return False, reasons
|
|
205
|
+
|
|
206
|
+
|
|
207
|
+
class InputValidator:
|
|
208
|
+
"""Validates inputs and outputs for MCP operations."""
|
|
209
|
+
|
|
210
|
+
def __init__(self, config: MCPSecurityConfig) -> None:
|
|
211
|
+
self.config = config
|
|
212
|
+
self.poisoning_detector = ToolPoisoningDetector(config.hidden_instruction_patterns)
|
|
213
|
+
|
|
214
|
+
def validate_input_size(self, data: Any) -> Tuple[bool, Optional[str]]:
|
|
215
|
+
"""Validate input data size."""
|
|
216
|
+
import json
|
|
217
|
+
|
|
218
|
+
try:
|
|
219
|
+
size = len(json.dumps(data).encode("utf-8"))
|
|
220
|
+
if size > self.config.max_input_size_bytes:
|
|
221
|
+
return False, f"Input size {size} exceeds limit {self.config.max_input_size_bytes}"
|
|
222
|
+
return True, None
|
|
223
|
+
except (TypeError, ValueError) as e:
|
|
224
|
+
return False, f"Failed to serialize input: {e}"
|
|
225
|
+
|
|
226
|
+
def validate_output_size(self, data: Any) -> Tuple[bool, Optional[str]]:
|
|
227
|
+
"""Validate output data size."""
|
|
228
|
+
import json
|
|
229
|
+
|
|
230
|
+
try:
|
|
231
|
+
size = len(json.dumps(data).encode("utf-8"))
|
|
232
|
+
if size > self.config.max_output_size_bytes:
|
|
233
|
+
return False, f"Output size {size} exceeds limit {self.config.max_output_size_bytes}"
|
|
234
|
+
return True, None
|
|
235
|
+
except (TypeError, ValueError) as e:
|
|
236
|
+
return False, f"Failed to serialize output: {e}"
|
|
237
|
+
|
|
238
|
+
def validate_tool_description(self, description: str) -> Tuple[bool, List[str]]:
|
|
239
|
+
"""Validate a tool description for poisoning attempts."""
|
|
240
|
+
if not self.config.detect_tool_poisoning:
|
|
241
|
+
return True, []
|
|
242
|
+
return self.poisoning_detector.is_safe(description)
|
|
243
|
+
|
|
244
|
+
|
|
245
|
+
class MCPSecurityManager:
|
|
246
|
+
"""
|
|
247
|
+
Central security manager for MCP operations.
|
|
248
|
+
|
|
249
|
+
Provides comprehensive security controls including:
|
|
250
|
+
- Tool allowlist/blocklist enforcement
|
|
251
|
+
- Rate limiting per server
|
|
252
|
+
- Tool poisoning detection
|
|
253
|
+
- Input/output validation
|
|
254
|
+
- Version change detection
|
|
255
|
+
- Permission enforcement
|
|
256
|
+
"""
|
|
257
|
+
|
|
258
|
+
def __init__(self, global_config: MCPSecurityConfig) -> None:
|
|
259
|
+
"""Initialize security manager.
|
|
260
|
+
|
|
261
|
+
Args:
|
|
262
|
+
global_config: Global security configuration
|
|
263
|
+
"""
|
|
264
|
+
self.global_config = global_config
|
|
265
|
+
self._rate_limiters: Dict[str, RateLimiter] = {}
|
|
266
|
+
self._server_configs: Dict[str, MCPSecurityConfig] = {}
|
|
267
|
+
self._server_versions: Dict[str, str] = {}
|
|
268
|
+
self._tool_hashes: Dict[str, Dict[str, str]] = defaultdict(dict) # server_id -> {tool_name -> hash}
|
|
269
|
+
self._violations: List[SecurityViolation] = []
|
|
270
|
+
self._lock = asyncio.Lock()
|
|
271
|
+
|
|
272
|
+
def register_server(self, server_config: MCPServerConfig) -> None:
|
|
273
|
+
"""Register a server for security management."""
|
|
274
|
+
server_id = server_config.server_id
|
|
275
|
+
security = server_config.security
|
|
276
|
+
|
|
277
|
+
# Merge with global config (server-specific overrides)
|
|
278
|
+
effective_security = MCPSecurityConfig(
|
|
279
|
+
pin_version=security.pin_version or self.global_config.pin_version,
|
|
280
|
+
allow_version_updates=security.allow_version_updates,
|
|
281
|
+
permission_level=security.permission_level,
|
|
282
|
+
allowed_tools=security.allowed_tools or self.global_config.allowed_tools,
|
|
283
|
+
blocked_tools=list(set(security.blocked_tools + self.global_config.blocked_tools)),
|
|
284
|
+
validate_inputs=security.validate_inputs and self.global_config.validate_inputs,
|
|
285
|
+
validate_outputs=security.validate_outputs and self.global_config.validate_outputs,
|
|
286
|
+
max_input_size_bytes=min(security.max_input_size_bytes, self.global_config.max_input_size_bytes),
|
|
287
|
+
max_output_size_bytes=min(security.max_output_size_bytes, self.global_config.max_output_size_bytes),
|
|
288
|
+
detect_tool_poisoning=security.detect_tool_poisoning and self.global_config.detect_tool_poisoning,
|
|
289
|
+
max_calls_per_minute=min(security.max_calls_per_minute, self.global_config.max_calls_per_minute),
|
|
290
|
+
max_concurrent_calls=min(security.max_concurrent_calls, self.global_config.max_concurrent_calls),
|
|
291
|
+
sandbox_enabled=security.sandbox_enabled or self.global_config.sandbox_enabled,
|
|
292
|
+
)
|
|
293
|
+
|
|
294
|
+
self._server_configs[server_id] = effective_security
|
|
295
|
+
|
|
296
|
+
# Create rate limiter for this server
|
|
297
|
+
self._rate_limiters[server_id] = RateLimiter(
|
|
298
|
+
effective_security.max_calls_per_minute,
|
|
299
|
+
effective_security.max_concurrent_calls,
|
|
300
|
+
)
|
|
301
|
+
|
|
302
|
+
logger.info(f"Registered MCP server '{server_id}' with security controls")
|
|
303
|
+
|
|
304
|
+
async def check_tool_access(
|
|
305
|
+
self, server_id: str, tool_name: str, tool_description: str
|
|
306
|
+
) -> Tuple[bool, Optional[SecurityViolation]]:
|
|
307
|
+
"""Check if access to a tool is allowed.
|
|
308
|
+
|
|
309
|
+
Args:
|
|
310
|
+
server_id: Server providing the tool
|
|
311
|
+
tool_name: Name of the tool
|
|
312
|
+
tool_description: Tool description (checked for poisoning)
|
|
313
|
+
|
|
314
|
+
Returns:
|
|
315
|
+
(allowed, violation) - violation is None if allowed
|
|
316
|
+
"""
|
|
317
|
+
config = self._server_configs.get(server_id, self.global_config)
|
|
318
|
+
|
|
319
|
+
# Check blocklist first
|
|
320
|
+
if tool_name in config.blocked_tools:
|
|
321
|
+
violation = SecurityViolation(
|
|
322
|
+
violation_type=SecurityViolationType.BLOCKED_TOOL,
|
|
323
|
+
server_id=server_id,
|
|
324
|
+
tool_name=tool_name,
|
|
325
|
+
description=f"Tool '{tool_name}' is on the blocklist",
|
|
326
|
+
severity="high",
|
|
327
|
+
)
|
|
328
|
+
await self._record_violation(violation)
|
|
329
|
+
return False, violation
|
|
330
|
+
|
|
331
|
+
# Check allowlist if specified
|
|
332
|
+
if config.allowed_tools and tool_name not in config.allowed_tools:
|
|
333
|
+
violation = SecurityViolation(
|
|
334
|
+
violation_type=SecurityViolationType.UNAUTHORIZED_TOOL,
|
|
335
|
+
server_id=server_id,
|
|
336
|
+
tool_name=tool_name,
|
|
337
|
+
description=f"Tool '{tool_name}' is not on the allowlist",
|
|
338
|
+
severity="medium",
|
|
339
|
+
)
|
|
340
|
+
await self._record_violation(violation)
|
|
341
|
+
return False, violation
|
|
342
|
+
|
|
343
|
+
# Check for tool poisoning
|
|
344
|
+
if config.detect_tool_poisoning:
|
|
345
|
+
validator = InputValidator(config)
|
|
346
|
+
is_safe, reasons = validator.validate_tool_description(tool_description)
|
|
347
|
+
if not is_safe:
|
|
348
|
+
violation = SecurityViolation(
|
|
349
|
+
violation_type=SecurityViolationType.TOOL_POISONING,
|
|
350
|
+
server_id=server_id,
|
|
351
|
+
tool_name=tool_name,
|
|
352
|
+
description=f"Tool poisoning detected: {'; '.join(reasons)}",
|
|
353
|
+
severity="critical",
|
|
354
|
+
context={"reasons": reasons},
|
|
355
|
+
)
|
|
356
|
+
await self._record_violation(violation)
|
|
357
|
+
return False, violation
|
|
358
|
+
|
|
359
|
+
# Check for tool description changes (detect updates that may be malicious)
|
|
360
|
+
desc_hash = hashlib.sha256(tool_description.encode()).hexdigest()
|
|
361
|
+
if tool_name in self._tool_hashes[server_id]:
|
|
362
|
+
if self._tool_hashes[server_id][tool_name] != desc_hash:
|
|
363
|
+
logger.warning(
|
|
364
|
+
f"Tool '{tool_name}' description changed for server '{server_id}'. "
|
|
365
|
+
"This may indicate a malicious update."
|
|
366
|
+
)
|
|
367
|
+
# Don't block, but log the change
|
|
368
|
+
event = SecurityEvent(
|
|
369
|
+
event_type="tool_description_changed",
|
|
370
|
+
server_id=server_id,
|
|
371
|
+
tool_name=tool_name,
|
|
372
|
+
description="Tool description changed since last seen",
|
|
373
|
+
severity="medium",
|
|
374
|
+
context={"old_hash": self._tool_hashes[server_id][tool_name], "new_hash": desc_hash},
|
|
375
|
+
)
|
|
376
|
+
logger.info(f"Security event: {event.model_dump_json()}")
|
|
377
|
+
|
|
378
|
+
self._tool_hashes[server_id][tool_name] = desc_hash
|
|
379
|
+
return True, None
|
|
380
|
+
|
|
381
|
+
async def check_rate_limit(self, server_id: str) -> Tuple[bool, Optional[SecurityViolation]]:
|
|
382
|
+
"""Check if operation is within rate limits.
|
|
383
|
+
|
|
384
|
+
Args:
|
|
385
|
+
server_id: Server to check rate limit for
|
|
386
|
+
|
|
387
|
+
Returns:
|
|
388
|
+
(allowed, violation)
|
|
389
|
+
"""
|
|
390
|
+
rate_limiter = self._rate_limiters.get(server_id)
|
|
391
|
+
if not rate_limiter:
|
|
392
|
+
# No rate limiter configured, allow
|
|
393
|
+
return True, None
|
|
394
|
+
|
|
395
|
+
allowed = await rate_limiter.acquire()
|
|
396
|
+
if not allowed:
|
|
397
|
+
violation = SecurityViolation(
|
|
398
|
+
violation_type=SecurityViolationType.RATE_LIMIT_EXCEEDED,
|
|
399
|
+
server_id=server_id,
|
|
400
|
+
tool_name=None,
|
|
401
|
+
description="Rate limit exceeded for server",
|
|
402
|
+
severity="medium",
|
|
403
|
+
)
|
|
404
|
+
await self._record_violation(violation)
|
|
405
|
+
return False, violation
|
|
406
|
+
|
|
407
|
+
return True, None
|
|
408
|
+
|
|
409
|
+
async def release_rate_limit(self, server_id: str) -> None:
|
|
410
|
+
"""Release rate limit slot after operation completes."""
|
|
411
|
+
rate_limiter = self._rate_limiters.get(server_id)
|
|
412
|
+
if rate_limiter:
|
|
413
|
+
await rate_limiter.release()
|
|
414
|
+
|
|
415
|
+
async def validate_input(
|
|
416
|
+
self, server_id: str, tool_name: str, parameters: Any
|
|
417
|
+
) -> Tuple[bool, Optional[SecurityViolation]]:
|
|
418
|
+
"""Validate input parameters.
|
|
419
|
+
|
|
420
|
+
Args:
|
|
421
|
+
server_id: Server ID
|
|
422
|
+
tool_name: Tool being called
|
|
423
|
+
parameters: Input parameters
|
|
424
|
+
|
|
425
|
+
Returns:
|
|
426
|
+
(valid, violation)
|
|
427
|
+
"""
|
|
428
|
+
config = self._server_configs.get(server_id, self.global_config)
|
|
429
|
+
|
|
430
|
+
if not config.validate_inputs:
|
|
431
|
+
return True, None
|
|
432
|
+
|
|
433
|
+
validator = InputValidator(config)
|
|
434
|
+
is_valid, error = validator.validate_input_size(parameters)
|
|
435
|
+
|
|
436
|
+
if not is_valid:
|
|
437
|
+
violation = SecurityViolation(
|
|
438
|
+
violation_type=SecurityViolationType.INPUT_TOO_LARGE,
|
|
439
|
+
server_id=server_id,
|
|
440
|
+
tool_name=tool_name,
|
|
441
|
+
description=error or "Input validation failed",
|
|
442
|
+
severity="medium",
|
|
443
|
+
)
|
|
444
|
+
await self._record_violation(violation)
|
|
445
|
+
return False, violation
|
|
446
|
+
|
|
447
|
+
return True, None
|
|
448
|
+
|
|
449
|
+
async def validate_output(
|
|
450
|
+
self, server_id: str, tool_name: str, result: Any
|
|
451
|
+
) -> Tuple[bool, Optional[SecurityViolation]]:
|
|
452
|
+
"""Validate output result.
|
|
453
|
+
|
|
454
|
+
Args:
|
|
455
|
+
server_id: Server ID
|
|
456
|
+
tool_name: Tool that produced the output
|
|
457
|
+
result: Output result
|
|
458
|
+
|
|
459
|
+
Returns:
|
|
460
|
+
(valid, violation)
|
|
461
|
+
"""
|
|
462
|
+
config = self._server_configs.get(server_id, self.global_config)
|
|
463
|
+
|
|
464
|
+
if not config.validate_outputs:
|
|
465
|
+
return True, None
|
|
466
|
+
|
|
467
|
+
validator = InputValidator(config)
|
|
468
|
+
is_valid, error = validator.validate_output_size(result)
|
|
469
|
+
|
|
470
|
+
if not is_valid:
|
|
471
|
+
violation = SecurityViolation(
|
|
472
|
+
violation_type=SecurityViolationType.OUTPUT_TOO_LARGE,
|
|
473
|
+
server_id=server_id,
|
|
474
|
+
tool_name=tool_name,
|
|
475
|
+
description=error or "Output validation failed",
|
|
476
|
+
severity="medium",
|
|
477
|
+
)
|
|
478
|
+
await self._record_violation(violation)
|
|
479
|
+
return False, violation
|
|
480
|
+
|
|
481
|
+
return True, None
|
|
482
|
+
|
|
483
|
+
async def check_version(self, server_id: str, current_version: str) -> Tuple[bool, Optional[SecurityViolation]]:
|
|
484
|
+
"""Check server version against pinned version.
|
|
485
|
+
|
|
486
|
+
Args:
|
|
487
|
+
server_id: Server to check
|
|
488
|
+
current_version: Current server version
|
|
489
|
+
|
|
490
|
+
Returns:
|
|
491
|
+
(allowed, violation)
|
|
492
|
+
"""
|
|
493
|
+
config = self._server_configs.get(server_id, self.global_config)
|
|
494
|
+
|
|
495
|
+
# Check pinned version
|
|
496
|
+
if config.pin_version and config.pin_version != current_version:
|
|
497
|
+
if not config.allow_version_updates:
|
|
498
|
+
violation = SecurityViolation(
|
|
499
|
+
violation_type=SecurityViolationType.VERSION_MISMATCH,
|
|
500
|
+
server_id=server_id,
|
|
501
|
+
tool_name=None,
|
|
502
|
+
description=(f"Server version mismatch: expected {config.pin_version}, got {current_version}"),
|
|
503
|
+
severity="high",
|
|
504
|
+
context={"expected": config.pin_version, "actual": current_version},
|
|
505
|
+
)
|
|
506
|
+
await self._record_violation(violation)
|
|
507
|
+
return False, violation
|
|
508
|
+
else:
|
|
509
|
+
# Log the version change but allow
|
|
510
|
+
logger.warning(
|
|
511
|
+
f"MCP server '{server_id}' version changed from {config.pin_version} to {current_version}"
|
|
512
|
+
)
|
|
513
|
+
|
|
514
|
+
# Track version for future checks
|
|
515
|
+
if server_id in self._server_versions:
|
|
516
|
+
if self._server_versions[server_id] != current_version:
|
|
517
|
+
logger.info(
|
|
518
|
+
f"MCP server '{server_id}' version updated: "
|
|
519
|
+
f"{self._server_versions[server_id]} -> {current_version}"
|
|
520
|
+
)
|
|
521
|
+
|
|
522
|
+
self._server_versions[server_id] = current_version
|
|
523
|
+
return True, None
|
|
524
|
+
|
|
525
|
+
async def _record_violation(self, violation: SecurityViolation) -> None:
|
|
526
|
+
"""Record a security violation."""
|
|
527
|
+
async with self._lock:
|
|
528
|
+
self._violations.append(violation)
|
|
529
|
+
# Keep only last 1000 violations
|
|
530
|
+
if len(self._violations) > 1000:
|
|
531
|
+
self._violations = self._violations[-1000:]
|
|
532
|
+
|
|
533
|
+
# Log the violation
|
|
534
|
+
log_method = (
|
|
535
|
+
logger.critical
|
|
536
|
+
if violation.severity == "critical"
|
|
537
|
+
else (
|
|
538
|
+
logger.error
|
|
539
|
+
if violation.severity == "high"
|
|
540
|
+
else (logger.warning if violation.severity == "medium" else logger.info)
|
|
541
|
+
)
|
|
542
|
+
)
|
|
543
|
+
log_method(
|
|
544
|
+
f"MCP Security Violation [{violation.violation_type.value}] "
|
|
545
|
+
f"server={violation.server_id} tool={violation.tool_name}: {violation.description}"
|
|
546
|
+
)
|
|
547
|
+
|
|
548
|
+
def get_violations(
|
|
549
|
+
self, server_id: Optional[str] = None, since: Optional[datetime] = None
|
|
550
|
+
) -> List[SecurityViolation]:
|
|
551
|
+
"""Get recorded security violations.
|
|
552
|
+
|
|
553
|
+
Args:
|
|
554
|
+
server_id: Filter by server ID
|
|
555
|
+
since: Filter violations after this time
|
|
556
|
+
|
|
557
|
+
Returns:
|
|
558
|
+
List of violations matching criteria
|
|
559
|
+
"""
|
|
560
|
+
violations = self._violations.copy()
|
|
561
|
+
if server_id:
|
|
562
|
+
violations = [v for v in violations if v.server_id == server_id]
|
|
563
|
+
if since:
|
|
564
|
+
violations = [v for v in violations if v.timestamp >= since]
|
|
565
|
+
return violations
|
|
566
|
+
|
|
567
|
+
def get_security_metrics(self) -> Dict[str, Any]:
|
|
568
|
+
"""Get security metrics for telemetry."""
|
|
569
|
+
return {
|
|
570
|
+
"total_violations": len(self._violations),
|
|
571
|
+
"violations_by_type": {
|
|
572
|
+
vtype.value: len([v for v in self._violations if v.violation_type == vtype])
|
|
573
|
+
for vtype in SecurityViolationType
|
|
574
|
+
},
|
|
575
|
+
"violations_by_severity": {
|
|
576
|
+
sev: len([v for v in self._violations if v.severity == sev])
|
|
577
|
+
for sev in ["low", "medium", "high", "critical"]
|
|
578
|
+
},
|
|
579
|
+
"servers_monitored": len(self._server_configs),
|
|
580
|
+
"tool_hashes_tracked": sum(len(hashes) for hashes in self._tool_hashes.values()),
|
|
581
|
+
}
|
|
582
|
+
|
|
583
|
+
|
|
584
|
+
__all__ = [
|
|
585
|
+
"SecurityViolationType",
|
|
586
|
+
"SecurityViolation",
|
|
587
|
+
"SecurityEvent",
|
|
588
|
+
"RateLimiter",
|
|
589
|
+
"ToolPoisoningDetector",
|
|
590
|
+
"InputValidator",
|
|
591
|
+
"MCPSecurityManager",
|
|
592
|
+
]
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
"""
|
|
2
|
+
MCP Common Utilities.
|
|
3
|
+
|
|
4
|
+
Shared code between MCP client and MCP server adapters:
|
|
5
|
+
- Protocol helpers
|
|
6
|
+
- Transport abstractions
|
|
7
|
+
- Schema converters
|
|
8
|
+
"""
|
|
9
|
+
|
|
10
|
+
import logging
|
|
11
|
+
|
|
12
|
+
from .protocol import (
|
|
13
|
+
MCPCapability,
|
|
14
|
+
MCPError,
|
|
15
|
+
MCPErrorCode,
|
|
16
|
+
MCPMessage,
|
|
17
|
+
MCPMessageType,
|
|
18
|
+
MCPProtocolVersion,
|
|
19
|
+
create_error_response,
|
|
20
|
+
create_success_response,
|
|
21
|
+
validate_mcp_message,
|
|
22
|
+
)
|
|
23
|
+
from .schemas import MCPPromptArgument, MCPPromptInfo, MCPResourceInfo, MCPToolInfo, MCPToolInputSchema
|
|
24
|
+
|
|
25
|
+
logger = logging.getLogger(__name__)
|
|
26
|
+
|
|
27
|
+
__all__ = [
|
|
28
|
+
# Protocol
|
|
29
|
+
"MCPProtocolVersion",
|
|
30
|
+
"MCPMessageType",
|
|
31
|
+
"MCPCapability",
|
|
32
|
+
"MCPMessage",
|
|
33
|
+
"MCPError",
|
|
34
|
+
"MCPErrorCode",
|
|
35
|
+
"validate_mcp_message",
|
|
36
|
+
"create_success_response",
|
|
37
|
+
"create_error_response",
|
|
38
|
+
# Schemas
|
|
39
|
+
"MCPToolInfo",
|
|
40
|
+
"MCPToolInputSchema",
|
|
41
|
+
"MCPResourceInfo",
|
|
42
|
+
"MCPPromptInfo",
|
|
43
|
+
"MCPPromptArgument",
|
|
44
|
+
]
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
{
|
|
2
|
+
"module": {
|
|
3
|
+
"name": "mcp_common",
|
|
4
|
+
"version": "1.0.0",
|
|
5
|
+
"description": "Shared utilities for MCP client and server adapters including protocol helpers and schema converters",
|
|
6
|
+
"author": "CIRIS Team",
|
|
7
|
+
"safe_domain": true
|
|
8
|
+
},
|
|
9
|
+
"services": [],
|
|
10
|
+
"capabilities": [],
|
|
11
|
+
"dependencies": {
|
|
12
|
+
"protocols": [],
|
|
13
|
+
"schemas": [],
|
|
14
|
+
"external": {}
|
|
15
|
+
},
|
|
16
|
+
"exports": {
|
|
17
|
+
"protocol": "mcp_common.protocol",
|
|
18
|
+
"schemas": "mcp_common.schemas"
|
|
19
|
+
},
|
|
20
|
+
"configuration": {},
|
|
21
|
+
"metadata": {
|
|
22
|
+
"type": "library",
|
|
23
|
+
"description": "Shared MCP utilities - no standalone services"
|
|
24
|
+
}
|
|
25
|
+
}
|