connectonion 0.6.4__py3-none-any.whl → 0.6.5__py3-none-any.whl

connectonion/cli/commands/trust_commands.py

@@ -0,0 +1,152 @@
+"""
+CLI commands for managing trust lists (contacts, whitelist, blocklist, admins).
+
+Addresses are shown in full (not truncated) so users can easily copy them
+for use in other commands or configuration files.
+
+Usage:
+    co trust list                    # List all trust lists
+    co trust level <address>         # Check trust level of address
+    co trust add <address>           # Add to contacts (default)
+    co trust add <address> -w        # Add to whitelist
+    co trust remove <address>        # Remove from all lists
+    co trust block <address>         # Block an address
+    co trust unblock <address>       # Unblock an address
+    co trust admin add <address>     # Add admin (super admin only)
+    co trust admin remove <address>  # Remove admin (super admin only)
+"""
+
+from pathlib import Path
+from rich.console import Console
+from rich.table import Table
+
+from ...network.trust.tools import (
+    CO_DIR,
+    get_level,
+    promote_to_contact,
+    promote_to_whitelist,
+    demote_to_stranger,
+    block,
+    unblock,
+    add_admin,
+    remove_admin,
+    load_admins,
+    get_self_address,
+)
+
+console = Console()
+
+
+def _read_list(list_name: str) -> list[str]:
+    """Read entries from a list file."""
+    list_path = CO_DIR / f"{list_name}.txt"
+    if not list_path.exists():
+        return []
+    content = list_path.read_text(encoding='utf-8')
+    return [line.strip() for line in content.splitlines()
+            if line.strip() and not line.startswith('#')]
+
+
+def handle_trust_list():
+    """List all trust lists."""
+    contacts = _read_list("contacts")
+    whitelist = _read_list("whitelist")
+    blocklist = _read_list("blocklist")
+    admins = load_admins()
+    self_addr = get_self_address()
+
+    console.print()
+
+    # Admins
+    console.print("[bold]Admins[/bold]")
+    if admins:
+        for addr in admins:
+            label = " [dim](self)[/dim]" if addr == self_addr else ""
+            console.print(f"  {addr}{label}")
+    else:
+        console.print("  [dim]No admins configured[/dim]")
+    console.print()
+
+    # Whitelist
+    console.print("[bold]Whitelist[/bold] [dim](full trust)[/dim]")
+    if whitelist:
+        for addr in whitelist:
+            console.print(f"  {addr}")
+    else:
+        console.print("  [dim]Empty[/dim]")
+    console.print()
+
+    # Contacts
+    console.print("[bold]Contacts[/bold] [dim](verified via invite/payment)[/dim]")
+    if contacts:
+        for addr in contacts:
+            console.print(f"  {addr}")
+    else:
+        console.print("  [dim]Empty[/dim]")
+    console.print()
+
+    # Blocklist
+    console.print("[bold]Blocklist[/bold] [dim](denied access)[/dim]")
+    if blocklist:
+        for addr in blocklist:
+            console.print(f"  [red]{addr}[/red]")
+    else:
+        console.print("  [dim]Empty[/dim]")
+    console.print()
+
+    console.print(f"[dim]Lists stored in: {CO_DIR}[/dim]")
+
+
+def handle_trust_level(address: str):
+    """Check trust level of an address."""
+    level = get_level(address)
+
+    level_colors = {
+        "stranger": "dim",
+        "contact": "cyan",
+        "whitelist": "green",
+        "blocked": "red",
+    }
+    color = level_colors.get(level, "white")
+
+    console.print(f"\n{address}: [{color}]{level}[/{color}]\n")
+
+
+def handle_trust_add(address: str, whitelist: bool = False):
+    """Add address to contacts or whitelist."""
+    if whitelist:
+        result = promote_to_whitelist(address)
+        console.print(f"\n[green]✓[/green] {result}\n")
+    else:
+        result = promote_to_contact(address)
+        console.print(f"\n[green]✓[/green] {result}\n")
+
+
+def handle_trust_remove(address: str):
+    """Remove address from all lists (demote to stranger)."""
+    result = demote_to_stranger(address)
+    console.print(f"\n[yellow]✓[/yellow] {result}\n")
+
+
+def handle_trust_block(address: str, reason: str = ""):
+    """Block an address."""
+    result = block(address, reason)
+    console.print(f"\n[red]✓[/red] {result}\n")
+
+
+def handle_trust_unblock(address: str):
+    """Unblock an address."""
+    result = unblock(address)
+    console.print(f"\n[green]✓[/green] {result}\n")
+
+
+def handle_admin_add(address: str):
+    """Add an admin."""
+    result = add_admin(address)
+    console.print(f"\n[green]✓[/green] {result}\n")
+
+
+def handle_admin_remove(address: str):
+    """Remove an admin."""
+    result = remove_admin(address)
+    console.print(f"\n[yellow]✓[/yellow] {result}\n")

connectonion/cli/main.py

@@ -56,6 +56,7 @@ def _show_help():
     console.print("  [green]init[/green]              Initialize in current directory")
     console.print("  [green]copy[/green]   <name>     Copy tool/plugin source to project")
     console.print("  [green]eval[/green]              Run evals and show status")
+    console.print("  [green]trust[/green]             Manage trust lists")
     console.print("  [green]deploy[/green]            Deploy to ConnectOnion Cloud")
     console.print("  [green]auth[/green]              Authenticate for managed keys")
     console.print("  [green]status[/green]            Check account balance")
@@ -174,6 +175,87 @@ def eval(
     handle_eval(name=name, agent_file=agent)
 
 
+# Trust command group
+trust_app = typer.Typer(help="Manage trust lists (contacts, whitelist, blocklist, admins)")
+app.add_typer(trust_app, name="trust")
+
+
+@trust_app.callback(invoke_without_command=True)
+def trust_callback(ctx: typer.Context):
+    """Trust list management."""
+    if ctx.invoked_subcommand is None:
+        # Default to list
+        from .commands.trust_commands import handle_trust_list
+        handle_trust_list()
+
+
+@trust_app.command("list")
+def trust_list():
+    """List all trust lists."""
+    from .commands.trust_commands import handle_trust_list
+    handle_trust_list()
+
+
+@trust_app.command("level")
+def trust_level(address: str = typer.Argument(..., help="Address to check")):
+    """Check trust level of an address."""
+    from .commands.trust_commands import handle_trust_level
+    handle_trust_level(address)
+
+
+@trust_app.command("add")
+def trust_add(
+    address: str = typer.Argument(..., help="Address to add"),
+    whitelist: bool = typer.Option(False, "-w", "--whitelist", help="Add to whitelist instead of contacts"),
+):
+    """Add address to contacts (default) or whitelist."""
+    from .commands.trust_commands import handle_trust_add
+    handle_trust_add(address, whitelist)
+
+
+@trust_app.command("remove")
+def trust_remove(address: str = typer.Argument(..., help="Address to remove")):
+    """Remove address from all lists (demote to stranger)."""
+    from .commands.trust_commands import handle_trust_remove
+    handle_trust_remove(address)
+
+
+@trust_app.command("block")
+def trust_block(
+    address: str = typer.Argument(..., help="Address to block"),
+    reason: str = typer.Option("", "-r", "--reason", help="Reason for blocking"),
+):
+    """Block an address."""
+    from .commands.trust_commands import handle_trust_block
+    handle_trust_block(address, reason)
+
+
+@trust_app.command("unblock")
+def trust_unblock(address: str = typer.Argument(..., help="Address to unblock")):
+    """Unblock an address."""
+    from .commands.trust_commands import handle_trust_unblock
+    handle_trust_unblock(address)
+
+
+# Admin subcommand group
+admin_app = typer.Typer(help="Manage admins (super admin only)")
+trust_app.add_typer(admin_app, name="admin")
+
+
+@admin_app.command("add")
+def admin_add(address: str = typer.Argument(..., help="Address to add as admin")):
+    """Add an admin."""
+    from .commands.trust_commands import handle_admin_add
+    handle_admin_add(address)
+
+
+@admin_app.command("remove")
+def admin_remove(address: str = typer.Argument(..., help="Address to remove from admins")):
+    """Remove an admin."""
+    from .commands.trust_commands import handle_admin_remove
+    handle_admin_remove(address)
+
+
 def cli():
     """Entry point."""
     app()

connectonion/core/llm.py

@@ -3,7 +3,7 @@ Purpose: Unified LLM provider abstraction with factory pattern for OpenAI, Anthr
 LLM-Note:
   Dependencies: imports from [abc, typing, dataclasses, json, os, base64, openai, anthropic, requests, pathlib, toml, pydantic, .usage, .exceptions] | imported by [agent.py, llm_do.py, conftest.py] | tested by [tests/test_llm.py, tests/test_llm_do.py, tests/test_real_*.py, tests/test_billing_error_agent.py]
   Data flow: Agent/llm_do calls create_llm(model, api_key) → factory routes to provider class → Provider.__init__() validates API key → Agent calls complete(messages, tools) OR structured_complete(messages, output_schema) → provider converts to native format → calls API → parses response → returns LLMResponse(content, tool_calls, raw_response) OR Pydantic model instance
-  State/Effects: reads environment variables (OPENAI_API_KEY, ANTHROPIC_API_KEY, GEMINI_API_KEY, OPENONION_API_KEY) | reads ~/.connectonion/.co/config.toml for OpenOnion auth | makes HTTP requests to LLM APIs | no caching or persistence
+  State/Effects: reads environment variables (OPENAI_API_KEY, ANTHROPIC_API_KEY, GEMINI_API_KEY, OPENONION_API_KEY) | reads ~/.co/config.toml for OpenOnion auth | makes HTTP requests to LLM APIs | no caching or persistence
   Integration: exposes create_llm(model, api_key), LLM abstract base class, OpenAILLM, AnthropicLLM, GeminiLLM, OpenOnionLLM, LLMResponse, ToolCall dataclasses | providers implement complete() and structured_complete() | OpenAI message format is lingua franca | tool calling uses OpenAI schema converted per-provider
   Performance: stateless (no caching) | synchronous (no streaming) | default max_tokens=8192 for Anthropic (required) | each call hits API
   Errors: raises ValueError for missing API keys, unknown models, invalid parameters | provider-specific errors bubble up (openai.APIError, anthropic.APIError, etc.) | OpenOnionLLM transforms 402 errors to InsufficientCreditsError with formatted message and typed attributes | Pydantic ValidationError for invalid structured output
@@ -97,7 +97,7 @@ Required (pick one):
   - OPENAI_API_KEY: For OpenAI models
   - ANTHROPIC_API_KEY: For Claude models
   - GEMINI_API_KEY or GOOGLE_API_KEY: For Gemini models
-  - OPENONION_API_KEY: For co/ managed keys (or from ~/.connectonion/.co/config.toml)
+  - OPENONION_API_KEY: For co/ managed keys (or from ~/.co/config.toml)
 
 Optional:
   - OPENONION_DEV: Use localhost:8000 for OpenOnion (development)

connectonion/docs/concepts/fast_rules.md

@@ -0,0 +1,237 @@
+# Fast Rules
+
+Fast rules are code-executed trust checks that run **before** the LLM. They burn zero tokens and are instant.
+
+## Why Fast Rules?
+
+Trust verification that uses an LLM costs tokens. Every verification burns money.
+
+- 1000 requests/day × $0.001/verification = $365/year just for "should I trust this?"
+- 90% of trust decisions are mechanical (whitelist check, blocklist check)
+- Only 10% need LLM judgment
+
+Fast rules handle the 90%. LLM handles the 10%.
+
+## How It Works
+
+```
+Request comes in
+       │
+       ▼
+┌─────────────────┐
+│   Fast Rules    │  ← No tokens, instant
+│                 │
+│ 1. blocked?     │──deny──►
+│ 2. whitelisted? │──allow──►
+│ 3. contact?     │──allow──►
+│ 4. onboard?     │──promote + allow──►
+└─────────────────┘
+       │
+       │ No rule matched
+       ▼
+┌─────────────────┐
+│   Trust Agent   │  ← LLM, burns tokens
+│   (if enabled)  │
+└─────────────────┘
+```
+
+## Policy File Format
+
+Trust policies are markdown files with YAML frontmatter:
+
+```yaml
+---
+# YAML config (fast rules)
+---
+
+# Markdown body (LLM system prompt)
+```
+
+### Full Example
+
+```yaml
+---
+# Who has access
+allow:
+  - whitelisted
+  - contact
+
+# Who is blocked
+deny:
+  - blocked
+
+# How strangers become contacts (onboarding)
+onboard:
+  invite_code: [BETA2024, FRIEND123]
+  payment: 10
+
+# Strangers without credentials
+default: ask  # allow | deny | ask
+---
+
+# Careful Trust
+
+You evaluate unknown agents...
+```
+
+## Config Options
+
+### `allow:`
+
+Who has access. List of conditions:
+
+```yaml
+---
+allow:
+  - whitelisted  # Users in ~/.co/whitelist.txt
+  - contact      # Users in ~/.co/contacts.txt
+---
+```
+
+### `deny:`
+
+Who is blocked:
+
+```yaml
+---
+deny:
+  - blocked  # Users in ~/.co/blocklist.txt
+---
+```
+
+### `onboard:`
+
+How strangers become contacts (OR logic):
+
+```yaml
+---
+onboard:
+  invite_code: [CODE1, CODE2]  # Valid invite codes
+  payment: 10                   # Minimum payment amount
+---
+```
+
+- `invite_code`: Client sends `invite_code` in request → becomes contact
+- `payment`: Client sends `payment` >= amount → becomes contact
+
+**OR logic**: Either invite_code OR payment passes → promoted to contact.
+
+### `default:`
+
+What to do with strangers who don't onboard:
+
+```yaml
+---
+default: ask    # Use LLM to decide (careful mode)
+# OR
+default: deny   # Reject (strict mode)
+# OR
+default: allow  # Accept (open mode)
+---
+```
+
+## The Three Presets
+
+### open (Development)
+
+```yaml
+---
+default: allow
+---
+```
+
+Everyone allowed. No verification.
+
+### careful (Staging)
+
+```yaml
+---
+allow:
+  - whitelisted
+  - contact
+
+deny:
+  - blocked
+
+onboard:
+  invite_code: [BETA2024]
+  payment: 10
+
+default: ask
+---
+```
+
+Whitelisted and contacts allowed. Strangers can onboard or be evaluated by LLM.
+
+### strict (Production)
+
+```yaml
+---
+allow:
+  - whitelisted
+
+deny:
+  - blocked
+
+default: deny
+---
+```
+
+Whitelist only. Everyone else denied.
+
+## Execution Order
+
+Fast rules execute in this order:
+
+1. Check `deny` list → deny if blocked
+2. Check `allow` list → allow if whitelisted/contact
+3. Try `onboard` → promote + allow if valid credentials
+4. `default` → allow / deny / ask
+
+## List Files
+
+Fast rules read from `~/.co/`:
+
+```
+~/.co/
+├── whitelist.txt   # Trusted clients
+├── contacts.txt    # Verified clients
+└── blocklist.txt   # Blocked clients
+```
+
+### Format
+
+```
+# Comments start with #
+client-id-123
+another-client
+
+# Wildcards supported
+payment-*
+*.trusted.com
+```
+
+## Implementation
+
+See `connectonion/network/trust/fast_rules.py`:
+
+```python
+from connectonion.network.trust import parse_policy, evaluate_request
+
+# Parse policy file
+config, markdown_body = parse_policy(policy_text)
+
+# Evaluate request
+result = evaluate_request(config, client_id, request)
+# Returns: 'allow', 'deny', or None (needs LLM)
+```
+
+## Summary
+
+| Feature | Fast Rules | LLM Trust Agent |
+|---------|------------|-----------------|
+| Tokens | Zero | Burns tokens |
+| Speed | Instant | Slow (API call) |
+| Logic | Simple checks | Complex reasoning |
+| Use | 90% of requests | 10% of requests |
+| Config | YAML frontmatter | Markdown body |