halyn 0.2.0__py3-none-any.whl

halyn/control_plane.py

@@ -0,0 +1,354 @@
+# Copyright (c) 2026 Elmadani SALKA. All rights reserved.
+# Licensed under the MIT License. See LICENSE file.
+"""
+Control Plane — The brain of Halyn.
+
+Integrates everything:
+  Discovery → Consent → Connect → Autonomy → Intent → Audit → Watchdog
+
+This is the single entry point. One class. Everything wired.
+"""
+
+from __future__ import annotations
+
+import asyncio
+import logging
+import time
+from dataclasses import dataclass, field
+from typing import Any
+
+from nrp import NRPDriver, NRPId, NRPManifest, EventBus, Severity
+
+from .engine import Engine
+from .types import Action, Result, ActionStatus
+from .autonomy import AutonomyController, Level, DomainPolicy, PRESET_DOMAINS
+from .audit import AuditStore
+from .consent import ConsentStore, ConsentLevel
+from .intent import IntentChain, IntentStore
+from .watchdog import Watchdog, Health, check_event_bus, check_disk_space
+from .discovery import Scanner, DiscoveredNode
+from .nrp_bridge import register_nrp_node
+from .config import HalynConfig
+
+log = logging.getLogger("halyn.control_plane")
+
+
+class ControlPlane:
+    """
+    The complete Halyn runtime.
+
+    Usage:
+        cp = ControlPlane.from_config("halyn.yml")
+        await cp.start()
+        result = await cp.execute("server/prod.observe", {"channels": "cpu,ram"})
+        await cp.stop()
+    """
+
+    def __init__(self, config: HalynConfig | None = None) -> None:
+        self.config = config or HalynConfig.load()
+
+        # Core
+        self.engine = Engine()
+        self.event_bus = EventBus()
+
+        # Safety & Control
+        self.autonomy = AutonomyController(default_level=Level.SUPERVISED)
+        self.audit = AuditStore(f"{self.config.data_dir}/audit.db")
+        self.consent = ConsentStore(f"{self.config.data_dir}/consent.db")
+        self.intents = IntentStore(f"{self.config.data_dir}/intent.db")
+
+        # Health
+        self.watchdog = Watchdog(interval=15.0)
+
+        # Discovery
+        self.scanner = Scanner()
+
+        # State
+        self._nodes: dict[str, NRPDriver] = {}
+        self._manifests: dict[str, NRPManifest] = {}
+        self._running = False
+        self._emergency_stop = False
+
+    @classmethod
+    def from_config(cls, path: str = "") -> ControlPlane:
+        config = HalynConfig.load(path)
+        cp = cls(config)
+
+        # Load domain policies from config
+        for name, domain_cfg in config.domains.items():
+            if isinstance(domain_cfg, dict):
+                cp.autonomy.add_domain(DomainPolicy(
+                    name=name,
+                    level=Level(domain_cfg.get("level", 1)),
+                    node_patterns=domain_cfg.get("nodes", ["*"]),
+                    confirm_commands=domain_cfg.get("confirm", []),
+                    blocked_commands=domain_cfg.get("blocked", []),
+                    max_actions_per_hour=domain_cfg.get("max_actions_per_hour", 1000),
+                ))
+            elif name in PRESET_DOMAINS:
+                cp.autonomy.add_domain(PRESET_DOMAINS[name])
+
+        return cp
+
+    async def start(self) -> None:
+        """Start all services."""
+        self._running = True
+
+        # Register watchdog checks
+        self.watchdog.register("event_bus", lambda: check_event_bus(self.event_bus))
+        self.watchdog.register("disk", lambda: check_disk_space("/"))
+        self.watchdog.on_failsafe(self._failsafe)
+
+        # Start background tasks
+        asyncio.create_task(self.event_bus.process_loop())
+        asyncio.create_task(self.watchdog.run())
+
+        # Auto-connect nodes from config
+        for node_cfg in self.config.nodes:
+            try:
+                await self._connect_from_config(node_cfg)
+            except Exception as exc:
+                log.error("control_plane.auto_connect_failed node=%s error=%s",
+                         node_cfg.get("id", "?"), exc)
+
+        log.info("control_plane.started nodes=%d tools=%d",
+                 len(self._nodes), len(self.engine.registry.tool_names))
+
+    async def stop(self) -> None:
+        """Graceful shutdown."""
+        self._running = False
+        self.watchdog.stop()
+
+        for nrp_id, driver in self._nodes.items():
+            try:
+                await driver.disconnect()
+            except Exception:
+                pass
+
+        self.audit.close()
+        self.consent.close()
+        self.intents.close()
+        log.info("control_plane.stopped")
+
+    async def execute(
+        self,
+        tool: str,
+        args: dict[str, Any] | None = None,
+        user_id: str = "",
+        llm_model: str = "",
+        intent_text: str = "",
+    ) -> Result:
+        """
+        Execute an action through the full pipeline:
+        Intent → Autonomy Check → Engine Execute → Audit
+        """
+        args = args or {}
+        action = Action(tool=tool, args=args)
+
+        # Emergency stop check
+        if self._emergency_stop:
+            return Result(status=ActionStatus.DENIED, error="EMERGENCY STOP ACTIVE")
+
+        # Build intent chain
+        chain = IntentChain(
+            user_id=user_id, llm_model=llm_model,
+            node=action.node, domain="",
+        )
+        if intent_text:
+            chain.request(intent_text)
+
+        # Get tool spec for autonomy check
+        spec = self.engine.registry.get_spec(tool)
+        if not spec:
+            chain.blocked(f"Tool not found: {tool}")
+            self.intents.save(chain)
+            return Result(status=ActionStatus.FAILED, error=f"Tool not found: {tool}")
+
+        tool_dangerous = getattr(spec, 'dangerous', False)
+
+        # Autonomy check
+        decision, reason = self.autonomy.check(action, spec.category, tool_dangerous)
+        chain.add("autonomy", f"{decision}: {reason}", level=decision)
+
+        if decision == "deny":
+            chain.blocked(reason)
+            self.intents.save(chain)
+            self.audit.record(
+                tool=tool, node=action.node, args=args,
+                status="denied", decision=decision,
+                user_id=user_id, llm_model=llm_model,
+                intent=intent_text, domain=chain.domain,
+            )
+            return Result(status=ActionStatus.DENIED, error=reason)
+
+        if decision == "confirm":
+            # Create confirmation request
+            req_id = f"req-{int(time.time()*1000)}"
+            self.autonomy.request_confirmation(req_id, action, reason)
+            chain.add("confirm_required", f"Waiting for approval: {reason}", request_id=req_id)
+            self.intents.save(chain)
+            return Result(
+                status=ActionStatus.DENIED,
+                error=f"Confirmation required: {reason}",
+                data={"request_id": req_id, "reason": reason},
+            )
+
+        # Execute
+        chain.action(f"Executing {tool}", tool=tool)
+        t0 = time.time()
+        result = await self.engine.execute(action)
+        duration = (time.time() - t0) * 1000
+
+        # Record result
+        if result.ok:
+            chain.result(str(result.data)[:200], success=True)
+        else:
+            chain.result(f"Failed: {result.error}", success=False)
+
+        # Save intent + audit
+        self.intents.save(chain)
+        self.audit.record(
+            tool=tool, node=action.node, args=args,
+            result=str(result.data or result.error)[:500],
+            status="ok" if result.ok else "error",
+            duration_ms=duration,
+            user_id=user_id, llm_model=llm_model,
+            intent=intent_text, domain=chain.domain,
+            decision=decision,
+        )
+
+        return result
+
+    # ─── Node Management ────────────────────────
+
+    async def connect_node(
+        self,
+        nrp_id: str,
+        driver: NRPDriver,
+        require_consent: bool = True,
+    ) -> NRPManifest | None:
+        """Connect a node with consent check."""
+        # Check consent
+        if require_consent:
+            record = self.consent.check(nrp_id)
+            if record is None or record.level == ConsentLevel.PENDING:
+                # Request consent
+                self.consent.request_consent(nrp_id, "New device")
+                log.info("control_plane.consent_pending nrp_id=%s", nrp_id)
+                return None
+            if record.level == ConsentLevel.DENY:
+                log.info("control_plane.consent_denied nrp_id=%s", nrp_id)
+                return None
+
+        # Register via NRP bridge
+        manifest = await register_nrp_node(
+            self.engine, nrp_id, driver, self.event_bus,
+        )
+        self._nodes[nrp_id] = driver
+        self._manifests[nrp_id] = manifest
+
+        # Register watchdog
+        async def check_node() -> Health:
+            try:
+                hb = await asyncio.wait_for(driver.heartbeat(), timeout=10)
+                return Health.GREEN if hb.get("alive") else Health.RED
+            except Exception:
+                return Health.RED
+        self.watchdog.register(f"node:{nrp_id}", check_node)
+
+        log.info("control_plane.connected nrp_id=%s tools=%d",
+                 nrp_id, len(manifest.act) + 4)
+        return manifest
+
+    async def scan(self, config: dict[str, Any] | None = None) -> list[DiscoveredNode]:
+        """Scan the network for new devices."""
+        nodes = await self.scanner.scan_all(config)
+        log.info("control_plane.scan found=%d", len(nodes))
+        return nodes
+
+    # ─── Emergency Stop ─────────────────────────
+
+    async def emergency_stop(self) -> None:
+        """STOP EVERYTHING. Immediately."""
+        self._emergency_stop = True
+        log.critical("EMERGENCY STOP ACTIVATED")
+
+        await self.event_bus.emit_simple(
+            "halyn.control_plane", "emergency_stop",
+            Severity.EMERGENCY,
+        )
+
+        # Tell all nodes to stop
+        for nrp_id, driver in self._nodes.items():
+            try:
+                await driver.act("emergency_stop", {})
+            except Exception:
+                pass
+
+        self.audit.record(
+            tool="EMERGENCY_STOP", status="executed",
+            intent="Emergency stop activated",
+        )
+
+    async def resume(self) -> None:
+        """Resume after emergency stop."""
+        self._emergency_stop = False
+        log.info("control_plane.resumed")
+        self.audit.record(tool="RESUME", status="executed")
+
+    # ─── Status ─────────────────────────────────
+
+    def status(self) -> dict[str, Any]:
+        """Complete system status."""
+        return {
+            "running": self._running,
+            "emergency_stop": self._emergency_stop,
+            "nodes": len(self._nodes),
+            "tools": len(self.engine.registry.tool_names),
+            "audit_entries": self.audit.count,
+            "audit_chain_valid": self.audit.verify_chain()[0],
+            "pending_consents": self.consent.pending_count(),
+            "pending_confirmations": len(self.autonomy.get_pending()),
+            "watchdog": self.watchdog.status_report(),
+            "event_bus": {
+                "total": self.event_bus.total,
+                "pending": self.event_bus.pending,
+            },
+        }
+
+    # ─── Internal ───────────────────────────────
+
+    async def _connect_from_config(self, node_cfg: dict[str, Any]) -> None:
+        """Connect a node from YAML config."""
+        nrp_id = node_cfg.get("id", "")
+        driver_type = node_cfg.get("driver", "")
+
+        if driver_type == "ssh":
+            from .drivers.ssh import SSHDriver
+            driver = SSHDriver(
+                host=node_cfg.get("host", ""),
+                user=node_cfg.get("user", ""),
+                key_path=node_cfg.get("key", ""),
+            )
+        elif driver_type == "http_auto":
+            from .drivers.http_auto import HTTPAutoDriver
+            driver = HTTPAutoDriver(
+                base_url=node_cfg.get("base_url", ""),
+                auth_token=node_cfg.get("auth_token", ""),
+            )
+        elif driver_type == "mqtt":
+            from .drivers.mqtt import MQTTDriver
+            driver = MQTTDriver(
+                broker=node_cfg.get("broker", ""),
+                topic=node_cfg.get("topic", "#"),
+            )
+        else:
+            log.warning("control_plane.unknown_driver type=%s", driver_type)
+            return
+
+        await self.connect_node(nrp_id, driver, require_consent=False)
+
+    async def _failsafe(self) -> None:
+        """Failsafe handler — called when watchdog detects critical failure."""
+        log.critical("FAILSAFE ACTIVATED — putting all nodes in safe mode")
+        await self.emergency_stop()

halyn/discovery.py

@@ -0,0 +1,323 @@
+# Copyright (c) 2026 Elmadani SALKA. All rights reserved.
+# Licensed under the MIT License. See LICENSE file.
+"""
+Discovery — Find nodes on the network automatically.
+
+Network scanner for NRP-compatible devices.
+Probes SSH, MQTT, HTTP, Docker, and OPC-UA endpoints.
+"""
+
+from __future__ import annotations
+
+import asyncio
+import json
+import logging
+import socket
+import subprocess
+from dataclasses import dataclass, field
+from typing import Any
+
+log = logging.getLogger("halyn.discovery")
+
+
+@dataclass(frozen=True, slots=True)
+class DiscoveredNode:
+    """A node found during scan. Not yet connected."""
+    address: str           # IP or hostname
+    port: int = 0
+    protocol: str = ""     # ssh, mqtt, http, ros2, opcua, docker, mdns
+    name: str = ""         # Human-readable name if available
+    metadata: dict[str, Any] = field(default_factory=dict)
+
+    @property
+    def suggested_nrp_id(self) -> str:
+        host = self.address.replace(".", "-")
+        kind = self.protocol or "unknown"
+        return f"nrp://local/{kind}/{host}"
+
+
+class Scanner:
+    """
+    Network scanner. Discovers potential NRP nodes.
+
+    Probes common ports and protocols to find devices
+    that could be connected via NRP drivers.
+    """
+
+    # Common ports and what they indicate
+    PORT_MAP: dict[int, str] = {
+        22: "ssh",
+        80: "http",
+        443: "https",
+        1883: "mqtt",
+        8883: "mqtt-tls",
+        4840: "opcua",
+        2375: "docker",
+        2376: "docker-tls",
+        7400: "ros2-dds",
+        8080: "http",
+        8443: "https",
+        8935: "halyn",
+        9090: "prometheus",
+        3000: "grafana",
+        5432: "postgres",
+        6379: "redis",
+        11311: "ros-master",
+    }
+
+    def __init__(self, timeout: float = 1.0, max_concurrent: int = 100) -> None:
+        self._timeout = timeout
+        self._max_concurrent = max_concurrent
+
+    async def scan_host(self, host: str, ports: list[int] | None = None) -> list[DiscoveredNode]:
+        """Scan a single host for open ports."""
+        ports = ports or list(self.PORT_MAP.keys())
+        nodes: list[DiscoveredNode] = []
+        sem = asyncio.Semaphore(self._max_concurrent)
+
+        async def probe(port: int) -> DiscoveredNode | None:
+            async with sem:
+                try:
+                    _, writer = await asyncio.wait_for(
+                        asyncio.open_connection(host, port),
+                        timeout=self._timeout,
+                    )
+                    writer.close()
+                    await writer.wait_closed()
+                    protocol = self.PORT_MAP.get(port, "tcp")
+                    return DiscoveredNode(
+                        address=host, port=port, protocol=protocol,
+                        name=f"{host}:{port}",
+                        metadata={"port": port, "protocol": protocol},
+                    )
+                except (asyncio.TimeoutError, ConnectionRefusedError, OSError):
+                    return None
+
+        results = await asyncio.gather(*[probe(p) for p in ports])
+        return [n for n in results if n is not None]
+
+    async def scan_subnet(self, subnet: str, ports: list[int] | None = None) -> list[DiscoveredNode]:
+        """
+        Scan a subnet (e.g. '192.168.1.0/24') for live hosts.
+        Uses ping sweep first, then port scan on responders.
+        """
+        # Parse subnet
+        if "/" not in subnet:
+            subnet += "/24"
+        base, prefix = subnet.rsplit("/", 1)
+        prefix = int(prefix)
+
+        if prefix < 24:
+            log.warning("discovery.subnet too large: %s (max /24)", subnet)
+            return []
+
+        # Generate host list
+        parts = base.split(".")
+        hosts = []
+        if prefix == 24:
+            for i in range(1, 255):
+                hosts.append(f"{parts[0]}.{parts[1]}.{parts[2]}.{i}")
+        else:
+            hosts = [base]
+
+        # Ping sweep (fast)
+        live_hosts = await self._ping_sweep(hosts)
+        log.info("discovery.ping_sweep found=%d/%d", len(live_hosts), len(hosts))
+
+        # Port scan live hosts
+        all_nodes: list[DiscoveredNode] = []
+        for host in live_hosts:
+            nodes = await self.scan_host(host, ports)
+            all_nodes.extend(nodes)
+
+        return all_nodes
+
+    async def scan_ssh(self, hosts: list[str], user: str = "", key_path: str = "") -> list[DiscoveredNode]:
+        """Quick SSH reachability check on a list of hosts."""
+        nodes: list[DiscoveredNode] = []
+        for host in hosts:
+            try:
+                cmd = ["ssh", "-o", "StrictHostKeyChecking=no",
+                       "-o", "ConnectTimeout=3", "-o", "BatchMode=yes"]
+                if key_path:
+                    cmd += ["-i", key_path]
+                target = f"{user}@{host}" if user else host
+                cmd += [target, "hostname"]
+                r = subprocess.run(cmd, capture_output=True, text=True, timeout=5)
+                if r.returncode == 0:
+                    hostname = r.stdout.strip()
+                    nodes.append(DiscoveredNode(
+                        address=host, port=22, protocol="ssh",
+                        name=hostname,
+                        metadata={"hostname": hostname, "user": user},
+                    ))
+            except (subprocess.TimeoutExpired, Exception) as e:
+                log.debug("discovery.ssh_failed host=%s error=%s", host, e)
+        return nodes
+
+    async def scan_mqtt(self, broker: str = "localhost", port: int = 1883) -> list[DiscoveredNode]:
+        """Check if an MQTT broker is reachable and list topics."""
+        try:
+            _, writer = await asyncio.wait_for(
+                asyncio.open_connection(broker, port),
+                timeout=self._timeout,
+            )
+            writer.close()
+            await writer.wait_closed()
+            return [DiscoveredNode(
+                address=broker, port=port, protocol="mqtt",
+                name=f"MQTT Broker {broker}",
+                metadata={"broker": broker, "port": port},
+            )]
+        except Exception:
+            return []
+
+    async def scan_docker(self, host: str = "localhost") -> list[DiscoveredNode]:
+        """Discover Docker containers on a host."""
+        nodes: list[DiscoveredNode] = []
+        try:
+            cmd = ["docker", "ps", "--format", '{{.Names}}\t{{.Image}}\t{{.Status}}']
+            if host != "localhost":
+                cmd = ["docker", "-H", f"tcp://{host}:2375"] + cmd[1:]
+            r = subprocess.run(cmd, capture_output=True, text=True, timeout=5)
+            if r.returncode == 0:
+                for line in r.stdout.strip().split("\n"):
+                    if not line:
+                        continue
+                    parts = line.split("\t")
+                    name = parts[0] if parts else "unknown"
+                    image = parts[1] if len(parts) > 1 else ""
+                    status = parts[2] if len(parts) > 2 else ""
+                    nodes.append(DiscoveredNode(
+                        address=host, port=2375, protocol="docker",
+                        name=name,
+                        metadata={"image": image, "status": status, "container": name},
+                    ))
+        except Exception as e:
+            log.debug("discovery.docker_failed host=%s error=%s", host, e)
+        return nodes
+
+    async def scan_http(self, urls: list[str]) -> list[DiscoveredNode]:
+        """Check HTTP endpoints for OpenAPI/health."""
+        nodes: list[DiscoveredNode] = []
+        try:
+            import aiohttp
+        except ImportError:
+            return nodes
+
+        async with aiohttp.ClientSession() as session:
+            for url in urls:
+                try:
+                    async with session.get(url, timeout=aiohttp.ClientTimeout(total=3)) as resp:
+                        if resp.status < 500:
+                            # Try to find OpenAPI spec
+                            has_openapi = False
+                            for spec_path in ["/openapi.json", "/swagger.json"]:
+                                try:
+                                    spec_url = url.rstrip("/") + spec_path
+                                    async with session.get(spec_url, timeout=aiohttp.ClientTimeout(total=3)) as sr:
+                                        if sr.status == 200:
+                                            has_openapi = True
+                                            break
+                                except Exception:
+                                    pass
+
+                            from urllib.parse import urlparse
+                            parsed = urlparse(url)
+                            nodes.append(DiscoveredNode(
+                                address=parsed.hostname or url,
+                                port=parsed.port or (443 if parsed.scheme == "https" else 80),
+                                protocol="http",
+                                name=parsed.hostname or url,
+                                metadata={"url": url, "status": resp.status,
+                                          "has_openapi": has_openapi},
+                            ))
+                except Exception:
+                    pass
+        return nodes
+
+    async def scan_all(self, config: dict[str, Any] | None = None) -> list[DiscoveredNode]:
+        """
+        Run all scanners based on config.
+        Returns deduplicated list of discovered nodes.
+        """
+        config = config or {}
+        all_nodes: list[DiscoveredNode] = []
+
+        # SSH hosts
+        ssh_hosts = config.get("ssh_hosts", [])
+        if ssh_hosts:
+            nodes = await self.scan_ssh(
+                ssh_hosts,
+                user=config.get("ssh_user", ""),
+                key_path=config.get("ssh_key", ""),
+            )
+            all_nodes.extend(nodes)
+            log.info("discovery.ssh found=%d", len(nodes))
+
+        # Subnet scan
+        subnets = config.get("subnets", [])
+        for subnet in subnets:
+            nodes = await self.scan_subnet(subnet)
+            all_nodes.extend(nodes)
+            log.info("discovery.subnet %s found=%d", subnet, len(nodes))
+
+        # MQTT brokers
+        mqtt_brokers = config.get("mqtt_brokers", [])
+        for broker in mqtt_brokers:
+            nodes = await self.scan_mqtt(broker)
+            all_nodes.extend(nodes)
+
+        # Docker
+        docker_hosts = config.get("docker_hosts", ["localhost"])
+        for host in docker_hosts:
+            nodes = await self.scan_docker(host)
+            all_nodes.extend(nodes)
+            log.info("discovery.docker %s found=%d", host, len(nodes))
+
+        # HTTP APIs
+        http_urls = config.get("http_urls", [])
+        if http_urls:
+            nodes = await self.scan_http(http_urls)
+            all_nodes.extend(nodes)
+            log.info("discovery.http found=%d", len(nodes))
+
+        log.info("discovery.complete total=%d", len(all_nodes))
+        return all_nodes
+
+    async def _ping_sweep(self, hosts: list[str]) -> list[str]:
+        """Fast ping sweep using asyncio."""
+        live: list[str] = []
+        sem = asyncio.Semaphore(50)
+
+        async def ping(host: str) -> str | None:
+            async with sem:
+                try:
+                    proc = await asyncio.create_subprocess_exec(
+                        "ping", "-c", "1", "-W", "1", host,
+                        stdout=asyncio.subprocess.DEVNULL,
+                        stderr=asyncio.subprocess.DEVNULL,
+                    )
+                    await asyncio.wait_for(proc.wait(), timeout=2.0)
+                    return host if proc.returncode == 0 else None
+                except Exception:
+                    return None
+
+        results = await asyncio.gather(*[ping(h) for h in hosts])
+        return [h for h in results if h is not None]
+
+    def format_results(self, nodes: list[DiscoveredNode]) -> str:
+        """Human-readable scan results."""
+        if not nodes:
+            return "No nodes discovered."
+        lines = [f"Discovered {len(nodes)} node(s):\n"]
+        for n in nodes:
+            meta = ""
+            if n.metadata.get("hostname"):
+                meta = f" ({n.metadata['hostname']})"
+            elif n.metadata.get("has_openapi"):
+                meta = " (OpenAPI detected)"
+            elif n.metadata.get("container"):
+                meta = f" [{n.metadata.get('image', '')}]"
+            lines.append(f"  {n.suggested_nrp_id:45s}  {n.protocol:8s}  {n.address}:{n.port}{meta}")
+        return "\n".join(lines)