connectonion 0.6.3__py3-none-any.whl → 0.6.5__py3-none-any.whl

connectonion/network/trust/factory.py

@@ -1,23 +1,36 @@
 """
-Purpose: Factory for creating trust verification agents with policies.
+Factory for creating trust verification agents with policies.
+
+Policy files use YAML frontmatter for fast rules + markdown body for LLM prompts:
+
+    ---
+    allow: [whitelisted, contact]
+    deny: [blocked]
+    onboard:
+      invite_code: [BETA2024]
+      payment: 10
+    default: ask
+    ---
+    # LLM Prompt for trust evaluation...
+
+Fast rules execute without LLM (zero tokens, instant). Only 'default: ask' triggers LLM.
 
 String Resolution Priority:
-  1. Trust level ("open", "careful", "strict")
+  1. Trust level ("open", "careful", "strict") → loads from prompts/trust/{level}.md
   2. File path (if exists)
   3. Inline policy text
-
-LLM-Note:
-  Dependencies: [os, pathlib, typing, .prompts, .tools] | imported by [host/server.py] | tested by [tests/unit/test_trust.py]
-  Data flow: trust param → check env default → resolve by priority → return Agent or None
-  Errors: TypeError (invalid type) | FileNotFoundError (Path doesn't exist)
 """
 
 import os
 from pathlib import Path
 from typing import Union, Optional
 
-from .prompts import get_trust_prompt
 from .tools import get_trust_verification_tools
+from .fast_rules import parse_policy
+
+
+# Path to trust policy files (at repo root: prompts/trust/)
+PROMPTS_DIR = Path(__file__).parent.parent.parent.parent / "prompts" / "trust"
 
 
 # Trust level constants
@@ -45,21 +58,28 @@ def get_default_trust_level() -> Optional[str]:
 
 def create_trust_agent(trust: Union[str, Path, 'Agent', None], api_key: Optional[str] = None, model: str = "gpt-5-mini") -> Optional['Agent']:
     """
-    Create a trust agent based on the trust parameter.
+    DEPRECATED: Use TrustAgent instead.
+
+    >>> from connectonion.network.trust import TrustAgent
+    >>> trust = TrustAgent("careful")
+    >>> trust.should_allow("client-123")
+
+    This function returns a regular Agent, which lacks TrustAgent methods
+    like should_allow(), promote_to_contact(), etc.
 
     Args:
-        trust: Trust configuration:
-            - None: Check CONNECTONION_TRUST env, else return None
-            - Agent: Return as-is (must have tools)
-            - Path: Read file as policy
-            - str: Resolved by priority:
-                1. Trust level ("open", "careful", "strict")
-                2. File path (if file exists)
-                3. Inline policy text
+        trust: Trust configuration (see TrustAgent for new API)
 
     Returns:
         Agent configured for trust verification, or None
     """
+    import warnings
+    warnings.warn(
+        "create_trust_agent() is deprecated. Use TrustAgent instead: "
+        "from connectonion.network.trust import TrustAgent; trust = TrustAgent('careful')",
+        DeprecationWarning,
+        stacklevel=2
+    )
     from ...core.agent import Agent  # Import here to avoid circular dependency
     
     # If None, check for environment default
@@ -95,13 +115,20 @@ def create_trust_agent(trust: Union[str, Path, 'Agent', None], api_key: Optional
     # Handle string: trust level > file path > inline policy
     if isinstance(trust, str):
         if trust.lower() in TRUST_LEVELS:
-            return Agent(
-                name=f"trust_agent_{trust.lower()}",
-                tools=trust_tools,
-                system_prompt=get_trust_prompt(trust.lower()),
-                api_key=api_key,
-                model=model
-            )
+            # Load from prompts/trust/{level}.md
+            policy_path = PROMPTS_DIR / f"{trust.lower()}.md"
+            if policy_path.exists():
+                policy_text = policy_path.read_text(encoding='utf-8')
+                config, markdown_body = parse_policy(policy_text)
+                return Agent(
+                    name=f"trust_agent_{trust.lower()}",
+                    tools=trust_tools,
+                    system_prompt=markdown_body,
+                    api_key=api_key,
+                    model=model
+                )
+            # Fallback if file doesn't exist
+            raise FileNotFoundError(f"Trust policy file not found: {policy_path}")
 
         path = Path(trust)
         if path.exists() and path.is_file():

connectonion/network/trust/fast_rules.py

@@ -0,0 +1,100 @@
+"""
+Parse YAML config from trust policy files and execute fast rules.
+
+Config format:
+    allow: [whitelisted, contact]  # Who has access
+    deny: [blocked]                 # Who is blocked
+    onboard:                        # How strangers become contacts
+      invite_code: [CODE1, CODE2]
+      payment: 10
+    default: deny                   # allow | deny | ask
+"""
+
+import yaml
+from typing import Optional
+from .tools import is_whitelisted, is_blocked, is_contact, promote_to_contact
+
+
+def parse_policy(policy_text: str) -> tuple[dict, str]:
+    """
+    Parse YAML frontmatter from markdown policy file.
+
+    Returns:
+        (config_dict, markdown_body)
+    """
+    if not policy_text.startswith('---'):
+        return {}, policy_text
+
+    end = policy_text.find('---', 3)
+    if end == -1:
+        return {}, policy_text
+
+    yaml_content = policy_text[3:end].strip()
+    markdown_body = policy_text[end + 3:].strip()
+
+    config = yaml.safe_load(yaml_content) or {}
+    return config, markdown_body
+
+
+def evaluate_request(config: dict, client_id: str, request: dict) -> Optional[str]:
+    """
+    Evaluate request using fast rules (no LLM).
+
+    Config format:
+        allow: [whitelisted, contact]  # Who has access
+        deny: [blocked]                 # Who is blocked
+        onboard:                        # How strangers become contacts
+          invite_code: [CODE1]
+          payment: 10
+        default: deny                   # allow | deny | ask
+
+    Args:
+        config: Parsed YAML config
+        client_id: The client making request
+        request: Request data (may contain invite_code, payment, etc.)
+
+    Returns:
+        'allow', 'deny', or None (needs LLM)
+    """
+    # 1. Check deny list first (blocked users)
+    deny_list = config.get('deny', ['blocked'])
+    for condition in deny_list:
+        if condition == 'blocked' and is_blocked(client_id):
+            return 'deny'
+
+    # 2. Check allow list (whitelisted, contacts)
+    allow_list = config.get('allow', [])
+    for condition in allow_list:
+        if condition == 'whitelisted' and is_whitelisted(client_id):
+            return 'allow'
+        if condition == 'contact' and is_contact(client_id):
+            return 'allow'
+
+    # 3. Try onboarding (stranger → contact)
+    onboard = config.get('onboard', {})
+
+    # Check invite code
+    valid_codes = onboard.get('invite_code', [])
+    request_code = request.get('invite_code')
+    if request_code and request_code in valid_codes:
+        promote_to_contact(client_id)
+        return 'allow'
+
+    # Check payment
+    required_payment = onboard.get('payment')
+    request_payment = request.get('payment', 0)
+    if required_payment and request_payment >= required_payment:
+        promote_to_contact(client_id)
+        return 'allow'
+
+    # 4. Default action for strangers without onboarding
+    default = config.get('default', 'deny')
+
+    if default == 'allow':
+        return 'allow'
+    elif default == 'deny':
+        return 'deny'
+    elif default == 'ask':
+        return None  # Needs LLM evaluation
+
+    return 'deny'  # Safe fallback

connectonion/network/trust/tools.py

@@ -1,48 +1,86 @@
 """
 Purpose: Provide tool functions for trust agents to verify other agents
 LLM-Note:
-  Dependencies: imports from [pathlib, typing] | imported by [.factory] | tested by [tests/unit/test_trust_functions.py]
-  Data flow: create_trust_agent() calls get_trust_verification_tools() → returns list of [check_whitelist, test_capability, verify_agent] functions → these become tools for trust Agent → trust agent calls tools with agent_id → functions return descriptive strings → AI interprets results per trust policy
-  State/Effects: check_whitelist() reads ~/.connectonion/trusted.txt file if exists | supports wildcard patterns with * | test_capability() and verify_agent() are pure (no I/O, just return descriptive strings for AI)
-  Integration: exposes check_whitelist(agent_id), test_capability(agent_id, test, expected), verify_agent(agent_id, agent_info), get_trust_verification_tools() | used by factory.py to equip trust agents with verification capabilities
-  Performance: file read only for check_whitelist | simple string operations | no network calls
-  Errors: check_whitelist() catches file read exceptions and returns error string | missing whitelist file returns helpful message | no exceptions raised (errors returned as strings for AI interpretation)
+  Dependencies: imports from [pathlib, typing] | imported by [.factory, .fast_rules] | tested by [tests/unit/test_trust_functions.py]
+  Data flow: Fast rules call is_whitelisted/is_blocked/is_contact directly → returns bool for instant decisions | Trust agents call check_whitelist/check_blocklist/get_level → returns strings for LLM interpretation
+  State/Effects: Reads/writes ~/.co/{whitelist,blocklist,contacts}.txt files | Supports wildcard patterns with * | promote_*/demote_*/block/unblock modify list files
+  Integration: exposes fast rule helpers (is_*), trust agent tools (check_*, get_level), state modifiers (promote_*, demote_*, block, unblock) | Used by factory.py and fast_rules.py
+  Performance: Simple file I/O | No network calls | O(n) list lookup
+
+Trust Levels (stored in ~/.co/):
+  - stranger: Not in any list (default for unknown clients)
+  - contact: In contacts.txt (onboarded via invite/payment)
+  - whitelist: In whitelist.txt (fully trusted)
+  - blocked: In blocklist.txt (denied access)
 """
 
 from pathlib import Path
 from typing import List, Callable
 
 
+CO_DIR = Path.home() / ".co"
+
+
+def _check_list(list_name: str, agent_id: str) -> bool:
+    """Check if agent_id is in a list file. Supports wildcards."""
+    list_path = CO_DIR / f"{list_name}.txt"
+    if not list_path.exists():
+        return False
+    try:
+        content = list_path.read_text(encoding='utf-8')
+        for line in content.strip().split('\n'):
+            line = line.strip()
+            if not line or line.startswith('#'):
+                continue
+            if line == agent_id:
+                return True
+            if '*' in line:
+                pattern = line.replace('*', '')
+                if pattern in agent_id:
+                    return True
+        return False
+    except Exception:
+        return False
+
+
 def check_whitelist(agent_id: str) -> str:
     """
     Check if an agent is on the whitelist.
-    
+
     Args:
         agent_id: Identifier of the agent to check
-        
+
     Returns:
         String indicating if agent is whitelisted or not
     """
-    whitelist_path = Path.home() / ".connectonion" / "trusted.txt"
-    if whitelist_path.exists():
-        try:
-            whitelist = whitelist_path.read_text(encoding='utf-8')
-            lines = whitelist.strip().split('\n')
-            for line in lines:
-                line = line.strip()
-                if not line or line.startswith('#'):
-                    continue
-                if line == agent_id:
-                    return f"{agent_id} is on the whitelist"
-                # Simple wildcard support
-                if '*' in line:
-                    pattern = line.replace('*', '')
-                    if pattern in agent_id:
-                        return f"{agent_id} matches whitelist pattern: {line}"
-            return f"{agent_id} is NOT on the whitelist"
-        except Exception as e:
-            return f"Error reading whitelist: {e}"
-    return "No whitelist file found at ~/.connectonion/trusted.txt"
+    if _check_list("whitelist", agent_id):
+        return f"{agent_id} is on the whitelist"
+    return f"{agent_id} is NOT on the whitelist"
+
+
+def check_blocklist(agent_id: str) -> str:
+    """
+    Check if an agent is on the blocklist.
+
+    Args:
+        agent_id: Identifier of the agent to check
+
+    Returns:
+        String indicating if agent is blocked or not
+    """
+    if _check_list("blocklist", agent_id):
+        return f"{agent_id} is BLOCKED"
+    return f"{agent_id} is not blocked"
+
+
+def is_whitelisted(agent_id: str) -> bool:
+    """Check if agent is whitelisted. Returns bool for fast rules."""
+    return _check_list("whitelist", agent_id)
+
+
+def is_blocked(agent_id: str) -> bool:
+    """Check if agent is blocked. Returns bool for fast rules."""
+    return _check_list("blocklist", agent_id)
 
 
 def test_capability(agent_id: str, test: str, expected: str) -> str:
@@ -74,15 +112,261 @@ def verify_agent(agent_id: str, agent_info: str = "") -> str:
     return f"Verifying agent: {agent_id}. Info: {agent_info}"
 
 
+def _add_to_list(list_name: str, client_id: str) -> bool:
+    """Add client_id to a list file."""
+    CO_DIR.mkdir(parents=True, exist_ok=True)
+    list_path = CO_DIR / f"{list_name}.txt"
+
+    # Check if already in list
+    if _check_list(list_name, client_id):
+        return True
+
+    # Append to file
+    with open(list_path, 'a', encoding='utf-8') as f:
+        f.write(f"{client_id}\n")
+    return True
+
+
+def _remove_from_list(list_name: str, client_id: str) -> bool:
+    """Remove client_id from a list file."""
+    list_path = CO_DIR / f"{list_name}.txt"
+    if not list_path.exists():
+        return True
+
+    content = list_path.read_text(encoding='utf-8')
+    lines = [line for line in content.strip().split('\n')
+             if line.strip() and line.strip() != client_id]
+    list_path.write_text('\n'.join(lines) + '\n' if lines else '', encoding='utf-8')
+    return True
+
+
+# === Verification ===
+
+def verify_invite(client_id: str, invite_code: str, valid_codes: list[str]) -> str:
+    """
+    Verify invite code. Promotes to contact if valid.
+
+    Args:
+        client_id: Client to verify
+        invite_code: The invite code provided
+        valid_codes: List of valid invite codes
+
+    Returns:
+        Result message
+    """
+    if invite_code in valid_codes:
+        promote_to_contact(client_id)
+        return f"Invite code valid. {client_id} promoted to contact."
+    return f"Invalid invite code for {client_id}."
+
+
+def verify_payment(client_id: str, amount: float, required_amount: float) -> str:
+    """
+    Verify payment. Promotes to contact if sufficient.
+
+    Args:
+        client_id: Client to verify
+        amount: Payment amount received
+        required_amount: Required payment amount
+
+    Returns:
+        Result message
+    """
+    if amount >= required_amount:
+        promote_to_contact(client_id)
+        return f"Payment verified. {client_id} promoted to contact."
+    return f"Insufficient payment for {client_id}. Required: {required_amount}, got: {amount}"
+
+
+# === Promotion ===
+
+def promote_to_contact(client_id: str) -> str:
+    """Stranger → Contact"""
+    _add_to_list("contacts", client_id)
+    return f"{client_id} promoted to contact."
+
+
+def promote_to_whitelist(client_id: str) -> str:
+    """Contact → Whitelist"""
+    _add_to_list("whitelist", client_id)
+    return f"{client_id} promoted to whitelist."
+
+
+# === Demotion ===
+
+def demote_to_contact(client_id: str) -> str:
+    """Whitelist → Contact"""
+    _remove_from_list("whitelist", client_id)
+    _add_to_list("contacts", client_id)
+    return f"{client_id} demoted to contact."
+
+
+def demote_to_stranger(client_id: str) -> str:
+    """Contact → Stranger"""
+    _remove_from_list("contacts", client_id)
+    _remove_from_list("whitelist", client_id)
+    return f"{client_id} demoted to stranger."
+
+
+# === Blocking ===
+
+def block(client_id: str, reason: str = "") -> str:
+    """Add to blocklist."""
+    _add_to_list("blocklist", client_id)
+    return f"{client_id} blocked. Reason: {reason}"
+
+
+def unblock(client_id: str) -> str:
+    """Remove from blocklist."""
+    _remove_from_list("blocklist", client_id)
+    return f"{client_id} unblocked."
+
+
+# === Queries ===
+
+def get_level(client_id: str) -> str:
+    """Returns: stranger, contact, whitelist, or blocked."""
+    if is_blocked(client_id):
+        return "blocked"
+    if is_whitelisted(client_id):
+        return "whitelist"
+    if _check_list("contacts", client_id):
+        return "contact"
+    return "stranger"
+
+
+def is_contact(client_id: str) -> bool:
+    """Check if client is a contact."""
+    return _check_list("contacts", client_id)
+
+
+def is_stranger(client_id: str) -> bool:
+    """Check if client is a stranger (not contact, whitelist, or blocked)."""
+    return get_level(client_id) == "stranger"
+
+
 def get_trust_verification_tools() -> List[Callable]:
     """
     Get the list of trust verification tools.
-    
+
     Returns:
         List of trust verification functions
     """
     return [
         check_whitelist,
-        test_capability,
-        verify_agent
-    ]
+        check_blocklist,
+        promote_to_contact,
+        promote_to_whitelist,
+        demote_to_contact,
+        demote_to_stranger,
+        block,
+        unblock,
+        get_level,
+    ]
+
+
+# === Admin Management ===
+
+def load_admins(co_dir: Path = None) -> set:
+    """
+    Load admins list: self address (default) + ~/.co/admins.txt.
+
+    Args:
+        co_dir: Project .co directory (for self address). Defaults to cwd/.co
+
+    Returns:
+        Set of admin addresses
+    """
+    import json
+
+    admins = set()
+
+    # Self address is always admin (from project's .co/address.json)
+    if co_dir is None:
+        co_dir = Path.cwd() / ".co"
+
+    addr_file = co_dir / "address.json"
+    if addr_file.exists():
+        try:
+            addr_data = json.loads(addr_file.read_text(encoding='utf-8'))
+            if addr_data.get('address'):
+                admins.add(addr_data['address'])
+        except Exception:
+            pass
+
+    # Additional admins from ~/.co/admins.txt
+    admins_file = CO_DIR / "admins.txt"
+    if admins_file.exists():
+        try:
+            for line in admins_file.read_text(encoding='utf-8').splitlines():
+                line = line.strip()
+                if line and not line.startswith('#'):
+                    admins.add(line)
+        except Exception:
+            pass
+
+    return admins
+
+
+def is_admin(client_id: str, co_dir: Path = None) -> bool:
+    """Check if client is an admin."""
+    return client_id in load_admins(co_dir)
+
+
+def get_self_address(co_dir: Path = None) -> str | None:
+    """Get self address (super admin) from .co/address.json."""
+    import json
+
+    if co_dir is None:
+        co_dir = Path.cwd() / ".co"
+
+    addr_file = co_dir / "address.json"
+    if addr_file.exists():
+        try:
+            addr_data = json.loads(addr_file.read_text(encoding='utf-8'))
+            return addr_data.get('address')
+        except Exception:
+            pass
+    return None
+
+
+def is_super_admin(client_id: str, co_dir: Path = None) -> bool:
+    """Check if client is super admin (self address)."""
+    return client_id == get_self_address(co_dir)
+
+
+def add_admin(admin_id: str) -> str:
+    """Add an admin to ~/.co/admins.txt. Super admin only."""
+    CO_DIR.mkdir(parents=True, exist_ok=True)
+    admins_file = CO_DIR / "admins.txt"
+
+    # Check if already admin
+    existing = set()
+    if admins_file.exists():
+        existing = {line.strip() for line in admins_file.read_text(encoding='utf-8').splitlines()
+                    if line.strip() and not line.startswith('#')}
+
+    if admin_id in existing:
+        return f"{admin_id} is already an admin."
+
+    with open(admins_file, 'a', encoding='utf-8') as f:
+        f.write(f"{admin_id}\n")
+
+    return f"{admin_id} added as admin."
+
+
+def remove_admin(admin_id: str) -> str:
+    """Remove an admin from ~/.co/admins.txt. Super admin only."""
+    admins_file = CO_DIR / "admins.txt"
+
+    if not admins_file.exists():
+        return f"{admin_id} is not an admin."
+
+    lines = admins_file.read_text(encoding='utf-8').splitlines()
+    new_lines = [line for line in lines if line.strip() != admin_id]
+
+    if len(new_lines) == len(lines):
+        return f"{admin_id} is not an admin."
+
+    admins_file.write_text('\n'.join(new_lines) + '\n' if new_lines else '', encoding='utf-8')
+    return f"{admin_id} removed from admins."