passiveworkers 0.1.0__py3-none-any.whl

council/serve.py

@@ -0,0 +1,183 @@
+#!/usr/bin/env python3
+"""
+council/serve.py — the local research desk (single-user UI for council.local)
+==============================================================================
+    python -m council.serve          # → http://127.0.0.1:8770
+    pw serve
+
+One process, one user, no auth, no accounts, no map, no telemetry: a brief box, live
+progress while your models research, the rendered report, and the history of every
+report in ./reports/. The network app (council/net) is the separate multiplayer mode.
+"""
+
+from __future__ import annotations
+
+import os
+import pathlib
+import threading
+import uuid
+
+from fastapi import FastAPI, HTTPException
+from fastapi.responses import HTMLResponse, PlainTextResponse
+from pydantic import BaseModel, Field
+
+from council.local import run as run_research
+
+app = FastAPI(title="Passive Workers — local research desk")
+REPORTS = pathlib.Path("reports")
+_jobs: dict = {}          # id → {"log": [..], "done": bool, "file": str|None, "error": str|None}
+_lock = threading.Lock()
+
+
+class Brief(BaseModel):
+    brief: str = Field(..., max_length=4000)
+    depth: str = Field(default="standard", pattern="^(quick|standard|deep)$")
+    analysts: int = Field(default=3, ge=1, le=4)
+
+
+def _work(job_id: str, b: Brief) -> None:
+    j = _jobs[job_id]
+
+    def progress(msg: str) -> None:
+        with _lock:
+            j["log"].append(msg)
+
+    try:
+        path = run_research(b.brief, depth=b.depth, n_analysts=b.analysts,
+                            on_progress=progress)
+        with _lock:
+            j["file"], j["done"] = path.name, True
+    except Exception as e:
+        with _lock:
+            j["error"], j["done"] = f"{type(e).__name__}: {e}", True
+
+
+@app.post("/research")
+def research(b: Brief):
+    job_id = uuid.uuid4().hex[:12]
+    _jobs[job_id] = {"log": [], "done": False, "file": None, "error": None}
+    threading.Thread(target=_work, args=(job_id, b), daemon=True).start()
+    return {"job_id": job_id}
+
+
+@app.get("/progress/{job_id}")
+def progress(job_id: str):
+    j = _jobs.get(job_id)
+    if not j:
+        raise HTTPException(404)
+    with _lock:
+        return {"log": list(j["log"]), "done": j["done"], "file": j["file"], "error": j["error"]}
+
+
+@app.get("/reports")
+def reports():
+    if not REPORTS.exists():
+        return []
+    return sorted((p.name for p in REPORTS.glob("*.md")), reverse=True)
+
+
+@app.get("/report/{name}", response_class=PlainTextResponse)
+def report(name: str):
+    p = REPORTS / pathlib.Path(name).name      # basename only — no traversal
+    if not p.exists() or p.suffix != ".md":
+        raise HTTPException(404)
+    return p.read_text()
+
+
+@app.get("/", response_class=HTMLResponse)
+def home():
+    return SERVE_HTML
+
+
+SERVE_HTML = """<!doctype html>
+<html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1">
+<title>Research desk — Passive Workers</title>
+<style>
+:root{--bg:#0b1020;--ink:#e8ecff;--muted:#93a0c8;--edge:#222b4d;--card:#101736}
+body{margin:0;background:var(--bg);color:var(--ink);font:14px/1.55 -apple-system,Segoe UI,Inter,sans-serif}
+.wrap{max-width:860px;margin:0 auto;padding:28px 18px}
+h1{font-size:20px;margin:0 0 2px} .sub{color:var(--muted);font-size:13px;margin-bottom:18px}
+textarea{width:100%;box-sizing:border-box;min-height:84px;background:#0c1430;color:var(--ink);
+  border:1px solid var(--edge);border-radius:12px;padding:11px;font:inherit;resize:vertical}
+select,button{background:#0c1430;color:var(--ink);border:1px solid var(--edge);border-radius:10px;
+  padding:8px 12px;font:inherit;cursor:pointer}
+button.go{background:#2447b2;border-color:#2e57d6;font-weight:600}
+.row{display:flex;gap:10px;align-items:center;margin-top:10px;flex-wrap:wrap}
+.card{background:var(--card);border:1px solid var(--edge);border-radius:14px;padding:14px 16px;margin-top:16px}
+.muted{color:var(--muted)} .log div{font-size:12.5px;color:var(--muted);padding:1px 0}
+.report h1,.report h3{margin:14px 0 6px}.report h4{margin:10px 0 4px}
+.report a{color:#6ea8ff;word-break:break-all}
+.hist div{cursor:pointer;padding:6px 2px;border-top:1px dashed #1b2750}
+.hist div:hover{color:#fff}
+</style></head><body><div class="wrap">
+<h1>🔬 Research desk</h1>
+<div class="sub">Your models · your connection · your disk. Nothing leaves this machine but the web searches.</div>
+<textarea id="brief" placeholder="What should be researched?"></textarea>
+<div class="row">
+  <select id="depth"><option value="quick">quick (~2–5 min)</option>
+    <option value="standard" selected>standard (~5–15 min)</option>
+    <option value="deep">deep (~15–30 min)</option></select>
+  <select id="analysts"><option>1</option><option>2</option><option selected>3</option><option>4</option></select>
+  <span class="muted">local models as independent analysts</span>
+  <button class="go" id="go" style="margin-left:auto">Research →</button>
+</div>
+<div class="card" id="live" style="display:none"><b id="status">working…</b><div class="log" id="log"></div></div>
+<div class="card report" id="out" style="display:none"></div>
+<div class="card hist"><b>📄 Past reports</b><div id="hist" class="muted">none yet</div></div>
+<script>
+function esc(s){return String(s==null?'':s).replace(/[&<>"']/g,c=>({'&':'&amp;','<':'&lt;','>':'&gt;','"':'&quot;',"'":'&#39;'}[c]))}
+function md(t){
+  let h=esc(t||'');
+  h=h.replace(/^### (.*)$/gm,'<h4>$1</h4>').replace(/^## (.*)$/gm,'<h3>$1</h3>').replace(/^# (.*)$/gm,'<h1>$1</h1>');
+  h=h.replace(/\\*\\*([^*]+)\\*\\*/g,'<b>$1</b>');
+  h=h.replace(/(https?:\\/\\/[^\\s<)\\]]+)/g,'<a href="$1" target="_blank" rel="noopener">$1</a>');
+  h=h.replace(/\\n{2,}/g,'</p><p>').replace(/\\n/g,'<br>');
+  return '<p>'+h+'</p>';
+}
+async function refreshHist(){
+  try{const l=await (await fetch('/reports')).json();
+    const el=document.getElementById('hist');
+    if(!l.length){el.textContent='none yet';return}
+    el.innerHTML=l.map(n=>'<div onclick="openReport(\\''+esc(n)+'\\')">'+esc(n)+'</div>').join('');
+  }catch(e){}
+}
+async function openReport(name){
+  const t=await (await fetch('/report/'+encodeURIComponent(name))).text();
+  const o=document.getElementById('out');o.style.display='';o.innerHTML=md(t);
+  o.scrollIntoView({behavior:'smooth'});
+}
+let timer=null;
+document.getElementById('go').onclick=async()=>{
+  const brief=document.getElementById('brief').value.trim();if(!brief)return;
+  const body={brief:brief,depth:document.getElementById('depth').value,
+              analysts:+document.getElementById('analysts').value};
+  const r=await fetch('/research',{method:'POST',headers:{'Content-Type':'application/json'},
+                                   body:JSON.stringify(body)});
+  const j=await r.json();
+  document.getElementById('live').style.display='';document.getElementById('out').style.display='none';
+  document.getElementById('log').innerHTML='';document.getElementById('status').textContent='working…';
+  if(timer)clearInterval(timer);
+  timer=setInterval(async()=>{
+    const p=await (await fetch('/progress/'+j.job_id)).json();
+    document.getElementById('log').innerHTML=p.log.map(l=>'<div>'+esc(l)+'</div>').join('');
+    if(p.done){clearInterval(timer);timer=null;
+      document.getElementById('status').textContent=p.error?('✗ '+p.error):'done ✓';
+      if(p.file){openReport(p.file)}
+      refreshHist();
+    }
+  },1500);
+};
+refreshHist();
+</script></div></body></html>
+"""
+
+
+def main() -> None:
+    import uvicorn
+    host = os.environ.get("PW_SERVE_HOST", "127.0.0.1")  # 0.0.0.0 only inside containers
+    print(f"🔬 Research desk → http://{host}:8770  (Ctrl-C to stop)", flush=True)
+    uvicorn.run(app, host=host, port=8770, log_level="warning")
+
+
+if __name__ == "__main__":
+    main()

council/trust.py

@@ -0,0 +1,168 @@
+#!/usr/bin/env python3
+"""
+council/trust.py — out-of-band operator key trust (D25, FEDERATION_V2)
+=====================================================================
+Closes the honest limitation documented in D23. Signed deliverables were verified against the
+signing key the COORDINATOR reports for an operator (`registered_sign_pub`). That defeats a
+passive or honest-but-curious coordinator, but NOT a fully hostile one: a coordinator that
+controls the node record can swap the content, swap the key, and re-sign — the asker would
+still "verify" successfully against the rewritten key.
+
+The fix is an out-of-band root of trust the coordinator does not control: the asker PINS an
+operator's signing key and verifies every later deliverable against the PINNED key.
+
+  • Trust On First Use (TOFU) — like SSH `known_hosts`: on the first delivery from an operator,
+    pin whatever key the coordinator reports and warn that this first contact is unverified
+    (compare the printed fingerprint with the operator over a side channel to upgrade trust).
+  • Explicit pin — `pw trust add <operator> <pubkey>`: the operator shares their PUBLIC signing
+    key (safe to share) over a trusted channel; the asker pins it and the fingerprint is shown
+    to confirm. From then on a coordinator cannot forge a delivery for that operator.
+  • Mismatch — if a pinned operator's delivery presents a different key, fetch REFUSES and shows
+    both fingerprints (key rotation, a second machine, or coordinator tampering — verify before
+    trusting).
+
+Pure standard library: managing pins never requires the [crypto] extra (verifying a signature
+still does). Pins live in ~/.passiveworkers/trust.json, owner-only.
+"""
+
+from __future__ import annotations
+
+import base64
+import hashlib
+import json
+import os
+import pathlib
+import sys
+
+# status codes returned by classify()
+PINNED_MATCH = "pinned-match"   # key matches an existing out-of-band/TOFU pin → trusted
+UNPINNED = "unpinned"           # first contact — no pin yet (caller TOFU-pins after verifying)
+MISMATCH = "mismatch"           # key differs from the pin → REFUSE (rotation or tampering)
+NO_KEY = "no-key"               # nothing to pin/verify (unsigned delivery)
+
+
+def _store_path() -> pathlib.Path:
+    return pathlib.Path(os.environ.get("PW_LIBRARY_DIR",
+                                       str(pathlib.Path.home() / ".passiveworkers"))) / "trust.json"
+
+
+def _key_bytes(pub_b64: str) -> bytes:
+    """Canonical key material for fingerprinting — decode the base64 so the fingerprint is
+    independent of incidental string formatting; fall back to the raw bytes if it isn't b64."""
+    try:
+        return base64.b64decode(pub_b64.encode(), validate=True)
+    except Exception:
+        return pub_b64.encode()
+
+
+def fingerprint(pub_b64: str) -> str:
+    """A short, human-comparable fingerprint of a public key (80-bit truncated SHA-256, base32).
+    Formatted `PW-XXXX-XXXX-XXXX-XXXX` so two people can read it to each other out of band."""
+    if not pub_b64:
+        return ""
+    digest = hashlib.sha256(_key_bytes(pub_b64)).digest()[:10]   # 80 bits
+    b32 = base64.b32encode(digest).decode().rstrip("=")          # 16 chars, no padding
+    groups = [b32[i:i + 4] for i in range(0, len(b32), 4)]
+    return "PW-" + "-".join(groups)
+
+
+def _load() -> dict:
+    path = _store_path()
+    if not path.exists():
+        return {}
+    try:
+        d = json.loads(path.read_text())
+        if not isinstance(d, dict):
+            raise ValueError("trust store is not a JSON object")
+        return d
+    except Exception as e:
+        # Never silently drop pins: preserve the unreadable file (so a later _save doesn't blindly
+        # overwrite recoverable data) and tell the user, then start fresh.
+        try:
+            backup = path.parent / (path.name + ".corrupt")
+            os.replace(str(path), str(backup))
+            sys.stderr.write(f"⚠ trust store {path} was unreadable ({e}); moved to {backup}. "
+                             f"Starting fresh — re-pin operators or restore from that file.\n")
+        except Exception:
+            pass
+        return {}
+
+
+def _save(d: dict) -> None:
+    path = _store_path()
+    path.parent.mkdir(parents=True, exist_ok=True)
+    blob = json.dumps(d, indent=2, sort_keys=True).encode()
+    # Atomic + owner-only: write a temp file in the same dir (0600 from creation), then replace.
+    # No torn writes and no world-readable window. Single-user store; last writer wins on a truly
+    # concurrent write (the lost pin simply re-establishes via TOFU on the next fetch).
+    tmp = path.parent / (path.name + ".tmp")
+    try:
+        fd = os.open(str(tmp), os.O_WRONLY | os.O_CREAT | os.O_TRUNC, 0o600)
+        with os.fdopen(fd, "wb") as f:
+            f.write(blob)
+        os.chmod(tmp, 0o600)
+        os.replace(str(tmp), str(path))
+    except Exception:
+        # last-resort fallback: still force owner-only perms (a trust anchor must never be world-readable)
+        path.write_text(json.dumps(d, indent=2, sort_keys=True))
+        try:
+            os.chmod(path, 0o600)
+        except Exception:
+            pass
+
+
+def get(operator: str) -> dict | None:
+    """The pin for an operator handle, or None. {pub, fp, source}."""
+    return _load().get((operator or "").strip()) or None
+
+
+def list_pins() -> dict:
+    return _load()
+
+
+def pin(operator: str, pub_b64: str, source: str = "manual") -> dict:
+    """Pin (or re-pin) an operator's signing key. Returns the stored record. Caller decides
+    when re-pinning is appropriate (e.g. after verifying a rotated key out of band)."""
+    operator = (operator or "").strip()
+    if not operator:
+        raise ValueError("operator handle required")
+    if not pub_b64:
+        raise ValueError("public key required")
+    d = _load()
+    rec = {"pub": pub_b64, "fp": fingerprint(pub_b64), "source": source}
+    d[operator] = rec
+    _save(d)
+    return rec
+
+
+def remove(operator: str) -> bool:
+    d = _load()
+    if (operator or "").strip() in d:
+        del d[(operator or "").strip()]
+        _save(d)
+        return True
+    return False
+
+
+def classify(operator: str, presented_pub: str) -> tuple[str, dict | None]:
+    """PURE trust-state decision (no side effects) for a delivery's presented signing key.
+
+    Returns (status, existing_pin_or_None):
+      • NO_KEY       — unsigned delivery, nothing to decide.
+      • MISMATCH     — operator is pinned to a DIFFERENT key → caller must refuse.
+      • PINNED_MATCH — presented key equals the pin → verify against the pinned key.
+      • UNPINNED     — first contact → caller verifies, then TOFU-pins only if the signature is
+                       valid (we never pin a key taken from an invalid signature).
+
+    Pinning a rotated key is always an explicit, human-verified action (`pw trust add`), never
+    automatic — so a coordinator can't silently rotate a pinned operator's key.
+    """
+    operator = (operator or "").strip()
+    if not presented_pub:
+        return NO_KEY, None
+    existing = get(operator) if operator else None
+    if existing is None:
+        return UNPINNED, None
+    if existing["pub"] == presented_pub:
+        return PINNED_MATCH, existing
+    return MISMATCH, existing

council/worker.py

@@ -0,0 +1,123 @@
+#!/usr/bin/env python3
+"""
+council/worker.py — A "perspective" agent
+==========================================
+One worker = one contributor's machine running ONE model, optionally with a
+distinct LENS (angle of attack) and a COUNTRY tag. The diversity of the council
+comes from three stacked axes:
+
+  • different MODELS  (gemma vs qwen vs mistral — genuinely different training)
+  • different LENSES  (optimist vs skeptic vs first-principles — different prompts)
+  • different COUNTRIES (the real moat: a worker that researches the live web from
+                         inside Brazil sees different sources than one in Japan)
+
+A worker returns an OWNED DELIVERABLE — an answer it produced — never a tunnel for
+someone else's traffic. That bright line is what keeps Passive Workers clear of the
+residential-proxy / exit-node legal trap. The optional `web_context` is retrieved by
+the worker's OWN agent and handed in as text; wiring real per-country search is the
+next step (and the reason we need a second machine abroad).
+"""
+
+from __future__ import annotations
+
+import os
+import time
+from dataclasses import dataclass
+from typing import Callable, Optional
+
+import requests
+
+OLLAMA_BASE = "http://localhost:11434"
+
+# A small library of lenses — different prompts pull different ideas out of the same model.
+LENSES: dict[str, str] = {
+    "neutral": "Answer thoroughly and accurately.",
+    "opportunity": "Focus on the strongest opportunities, upsides, and what could go right.",
+    "skeptic": "Focus on risks, failure modes, hidden costs, and what could go wrong.",
+    "first_principles": "Reason from first principles; question assumptions others would take for granted.",
+    "practical": "Be concrete and actionable; prefer specific steps over abstractions.",
+}
+
+
+@dataclass
+class Answer:
+    worker_id: str
+    model: str
+    lens: str
+    country: str
+    text: str
+    tokens: int
+    elapsed_s: float
+
+
+@dataclass
+class PerspectiveWorker:
+    worker_id: str
+    model: str
+    lens: str = "neutral"
+    country: str = "local"
+    temperature: float = 0.7          # natural divergence between workers
+    num_predict: int = 500
+    ollama_base: str = OLLAMA_BASE
+    # Optional hook: a function (question) -> retrieved web context string, run by
+    # THIS worker's own agent. Left None in the MVP; this is where per-country
+    # search plugs in once a second machine abroad joins.
+    web_search: Optional[Callable[[str], str]] = None
+
+    def answer(self, question: str) -> Answer:
+        lens_instruction = LENSES.get(self.lens, LENSES["neutral"])
+        context_block = ""
+        if self.web_search is not None:
+            try:
+                ctx = self.web_search(question)
+                if ctx:
+                    from council.sanitize import spotlight
+                    context_block = (
+                        f"\n\nResearch you gathered from your local ({self.country}) web sources:\n"
+                        f"{spotlight(ctx)}\n"
+                        "Use it where relevant and cite what you used.\n"
+                    )
+            except Exception:
+                context_block = ""  # web is best-effort; never block the answer
+
+        prompt = (
+            f"{lens_instruction}\n\n"
+            f"Question:\n{question}\n"
+            f"{context_block}\n"
+            "Give your best standalone answer."
+        )
+
+        t0 = time.monotonic()
+        resp = requests.post(
+            f"{self.ollama_base}/api/generate",
+            json={
+                "model": self.model,
+                "prompt": prompt,
+                "stream": False,
+                "options": {"temperature": self.temperature, "num_predict": self.num_predict},
+                # keep the model warm across a worker's calls / the session (R17): kills the
+                # 5-30s reload stalls; PW_OLLAMA_KEEP_ALIVE="0" to unload immediately.
+                "keep_alive": os.environ.get("PW_OLLAMA_KEEP_ALIVE", "30m"),
+            },
+            # On a shared CPU host a concurrent heavy generation (e.g. another job's
+            # baseline) can starve this one; a hard 300s turned brief contention into
+            # empty answers (score 0, perspective lost). Configurable per node.
+            timeout=float(os.environ.get("PW_OLLAMA_TIMEOUT", "300")),
+        )
+        resp.raise_for_status()
+        data = resp.json()
+        elapsed = time.monotonic() - t0
+        text = (data.get("response") or "").strip()
+        tokens = data.get("eval_count") or len(text.split())
+        return Answer(
+            worker_id=self.worker_id,
+            model=self.model,
+            lens=self.lens,
+            country=self.country,
+            text=text,
+            tokens=tokens,
+            elapsed_s=elapsed,
+        )
+
+    def label(self) -> str:
+        return f"{self.worker_id} [{self.model}/{self.lens}/{self.country}]"