diff --git a/build.zig b/build.zig index a9403cf..40192a4 100644 --- a/build.zig +++ b/build.zig @@ -267,6 +267,14 @@ pub fn build(b: *std.Build) void { l1_qvl_ffi_mod.addImport("qvl", l1_qvl_mod); l1_qvl_ffi_mod.addImport("time", time_mod); + // QVL FFI static library (for Rust L2 Membrane Agent) + const qvl_ffi_lib = b.addLibrary(.{ + .name = "qvl_ffi", + .root_module = l1_qvl_ffi_mod, + .linkage = .static, // Static library + }); + qvl_ffi_lib.linkLibC(); + b.installArtifact(qvl_ffi_lib); const l1_vector_tests = b.addTest(.{ .root_module = l1_vector_mod, diff --git a/membrane-agent/Cargo.lock b/membrane-agent/Cargo.lock new file mode 100644 index 0000000..11a7370 --- /dev/null +++ b/membrane-agent/Cargo.lock @@ -0,0 +1,634 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "android_system_properties" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" +dependencies = [ + "libc", +] + +[[package]] +name = "autocfg" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" + +[[package]] +name = "bitflags" +version = "2.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "812e12b5285cc515a9c72a5c1d3b6d46a19dac5acfef5265968c166106e31dd3" + +[[package]] +name = "bumpalo" +version = "3.19.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5dd9dc738b7a8311c7ade152424974d8115f2cdad61e8dab8dac9f2362298510" + +[[package]] +name = "bytes" +version = "1.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b35204fbdc0b3f4446b89fc1ac2cf84a8a68971995d0bf2e925ec7cd960f9cb3" + +[[package]] +name = "cc" +version = "1.2.55" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47b26a0954ae34af09b50f0de26458fa95369a0d478d8236d3f93082b219bd29" +dependencies = [ + "find-msvc-tools", + "shlex", +] + +[[package]] +name = "cfg-if" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" + +[[package]] +name = "chrono" +version = "0.4.43" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fac4744fb15ae8337dc853fee7fb3f4e48c0fbaa23d0afe49c447b4fab126118" +dependencies = [ + "iana-time-zone", + "js-sys", + "num-traits", + "wasm-bindgen", + "windows-link", +] + +[[package]] +name = "core-foundation-sys" +version = "0.8.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" + +[[package]] +name = "errno" +version = "0.3.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" +dependencies = [ + "libc", + "windows-sys 0.61.2", +] + +[[package]] +name = "find-msvc-tools" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582" + +[[package]] +name = "iana-time-zone" +version = "0.1.65" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e31bc9ad994ba00e440a8aa5c9ef0ec67d5cb5e5cb0cc7f8b744a35b389cc470" +dependencies = [ + "android_system_properties", + "core-foundation-sys", + "iana-time-zone-haiku", + "js-sys", + "log", + "wasm-bindgen", + "windows-core", +] + +[[package]] +name = "iana-time-zone-haiku" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f" +dependencies = [ + "cc", +] + +[[package]] +name = "js-sys" +version = "0.3.85" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8c942ebf8e95485ca0d52d97da7c5a2c387d0e7f0ba4c35e93bfcaee045955b3" +dependencies = [ + "once_cell", + "wasm-bindgen", +] + +[[package]] +name = "lazy_static" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" + +[[package]] +name = "libc" +version = "0.2.180" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bcc35a38544a891a5f7c865aca548a982ccb3b8650a5b06d0fd33a10283c56fc" + +[[package]] +name = "lock_api" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "224399e74b87b5f3557511d98dff8b14089b3dadafcab6bb93eab67d3aace965" +dependencies = [ + "scopeguard", +] + +[[package]] +name = "log" +version = "0.4.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897" + +[[package]] +name = "membrane-agent" +version = "0.1.0" +dependencies = [ + "cc", + "chrono", + "thiserror", + "tokio", + "tracing", + "tracing-subscriber", +] + +[[package]] +name = "mio" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a69bcab0ad47271a0234d9422b131806bf3968021e5dc9328caf2d4cd58557fc" +dependencies = [ + "libc", + "wasi", + "windows-sys 0.61.2", +] + +[[package]] +name = "nu-ansi-term" +version = "0.50.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5" +dependencies = [ + "windows-sys 0.61.2", +] + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", +] + +[[package]] +name = "once_cell" +version = "1.21.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" + +[[package]] +name = "parking_lot" +version = "0.12.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93857453250e3077bd71ff98b6a65ea6621a19bb0f559a85248955ac12c45a1a" +dependencies = [ + "lock_api", + "parking_lot_core", +] + +[[package]] +name = "parking_lot_core" +version = "0.9.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1" +dependencies = [ + "cfg-if", + "libc", + "redox_syscall", + "smallvec", + "windows-link", +] + +[[package]] +name = "pin-project-lite" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3b3cff922bd51709b605d9ead9aa71031d81447142d828eb4a6eba76fe619f9b" + +[[package]] +name = "proc-macro2" +version = "1.0.106" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "21b2ebcf727b7760c461f091f9f0f539b77b8e87f2fd88131e7f1b433b3cece4" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "redox_syscall" +version = "0.5.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d" +dependencies = [ + "bitflags", +] + +[[package]] +name = "rustversion" +version = "1.0.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d" + +[[package]] +name = "scopeguard" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" + +[[package]] +name = "sharded-slab" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6" +dependencies = [ + "lazy_static", +] + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "signal-hook-registry" +version = "1.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b" +dependencies = [ + "errno", + "libc", +] + +[[package]] +name = "smallvec" +version = "1.15.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" + +[[package]] +name = "socket2" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "86f4aa3ad99f2088c990dfa82d367e19cb29268ed67c574d10d0a4bfe71f07e0" +dependencies = [ + "libc", + "windows-sys 0.60.2", +] + +[[package]] +name = "syn" +version = "2.0.114" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d4d107df263a3013ef9b1879b0df87d706ff80f65a86ea879bd9c31f9b307c2a" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "thiserror" +version = "1.0.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52" +dependencies = [ + "thiserror-impl", +] + +[[package]] +name = "thiserror-impl" +version = "1.0.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "thread_local" +version = "1.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "tokio" +version = "1.49.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72a2903cd7736441aac9df9d7688bd0ce48edccaadf181c3b90be801e81d3d86" +dependencies = [ + "bytes", + "libc", + "mio", + "parking_lot", + "pin-project-lite", + "signal-hook-registry", + "socket2", + "tokio-macros", + "windows-sys 0.61.2", +] + +[[package]] +name = "tokio-macros" +version = "2.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "af407857209536a95c8e56f8231ef2c2e2aff839b22e07a1ffcbc617e9db9fa5" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tracing" +version = "0.1.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100" +dependencies = [ + "pin-project-lite", + "tracing-attributes", + "tracing-core", +] + +[[package]] +name = "tracing-attributes" +version = "0.1.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tracing-core" +version = "0.1.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a" +dependencies = [ + "once_cell", + "valuable", +] + +[[package]] +name = "tracing-log" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3" +dependencies = [ + "log", + "once_cell", + "tracing-core", +] + +[[package]] +name = "tracing-subscriber" +version = "0.3.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2f30143827ddab0d256fd843b7a66d164e9f271cfa0dde49142c5ca0ca291f1e" +dependencies = [ + "nu-ansi-term", + "sharded-slab", + "smallvec", + "thread_local", + "tracing-core", + "tracing-log", +] + +[[package]] +name = "unicode-ident" +version = "1.0.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9312f7c4f6ff9069b165498234ce8be658059c6728633667c526e27dc2cf1df5" + +[[package]] +name = "valuable" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65" + +[[package]] +name = "wasi" +version = "0.11.1+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" + +[[package]] +name = "wasm-bindgen" +version = "0.2.108" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "64024a30ec1e37399cf85a7ffefebdb72205ca1c972291c51512360d90bd8566" +dependencies = [ + "cfg-if", + "once_cell", + "rustversion", + "wasm-bindgen-macro", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.108" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "008b239d9c740232e71bd39e8ef6429d27097518b6b30bdf9086833bd5b6d608" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.108" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5256bae2d58f54820e6490f9839c49780dff84c65aeab9e772f15d5f0e913a55" +dependencies = [ + "bumpalo", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.108" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f01b580c9ac74c8d8f0c0e4afb04eeef2acf145458e52c03845ee9cd23e3d12" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "windows-core" +version = "0.62.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8e83a14d34d0623b51dce9581199302a221863196a1dde71a7663a4c2be9deb" +dependencies = [ + "windows-implement", + "windows-interface", + "windows-link", + "windows-result", + "windows-strings", +] + +[[package]] +name = "windows-implement" +version = "0.60.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "053e2e040ab57b9dc951b72c264860db7eb3b0200ba345b4e4c3b14f67855ddf" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "windows-interface" +version = "0.59.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f316c4a2570ba26bbec722032c4099d8c8bc095efccdc15688708623367e358" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "windows-link" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5" + +[[package]] +name = "windows-result" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7781fa89eaf60850ac3d2da7af8e5242a5ea78d1a11c49bf2910bb5a73853eb5" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-strings" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7837d08f69c77cf6b07689544538e017c1bfcf57e34b4c0ff58e6c2cd3b37091" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-sys" +version = "0.60.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2f500e4d28234f72040990ec9d39e3a6b950f9f22d3dba18416c35882612bcb" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-sys" +version = "0.61.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-targets" +version = "0.53.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4945f9f551b88e0d65f3db0bc25c33b8acea4d9e41163edf90dcd0b19f9069f3" +dependencies = [ + "windows-link", + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_gnullvm", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a9d8416fa8b42f5c947f8482c43e7d89e73a173cead56d044f6a56104a6d1b53" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9d782e804c2f632e395708e99a94275910eb9100b2114651e04744e9b125006" + +[[package]] +name = "windows_i686_gnu" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "960e6da069d81e09becb0ca57a65220ddff016ff2d6af6a223cf372a506593a3" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa7359d10048f68ab8b09fa71c3daccfb0e9b559aed648a8f95469c27057180c" + +[[package]] +name = "windows_i686_msvc" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e7ac75179f18232fe9c285163565a57ef8d3c89254a30685b57d83a38d326c2" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c3842cdd74a865a8066ab39c8a7a473c0778a3f29370b5fd6b4b9aa7df4a499" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0ffa179e2d07eee8ad8f57493436566c7cc30ac536a3379fdf008f47f6bb7ae1" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d6bbff5f0aada427a1e5a6da5f1f98158182f26556f345ac9e04d36d0ebed650" diff --git a/membrane-agent/src/anomaly_alerts.rs b/membrane-agent/src/anomaly_alerts.rs new file mode 100644 index 0000000..4cb90a8 --- /dev/null +++ b/membrane-agent/src/anomaly_alerts.rs @@ -0,0 +1,214 @@ +//! Anomaly Alert System - P0/P1 prioritized alerting +//! +//! Emits and tracks critical security alerts from QVL betrayal detection. + +use crate::qvl_ffi::{AnomalyScore, AnomalyReason}; +use chrono::{DateTime, Utc}; +use std::sync::{Arc, Mutex}; +use tracing::{error, warn, info}; + +/// Alert priority level +#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord)] +pub enum AlertPriority { + /// P0: Critical - immediate action required (score >= 0.9) + Critical = 0, + /// P1: Warning - investigate soon (score >= 0.7) + Warning = 1, + /// P2: Info - monitor (score >= 0.5) + Info = 2, +} + +/// Security alert +#[derive(Clone, Debug)] +pub struct Alert { + pub timestamp: DateTime, + pub priority: AlertPriority, + pub node: u32, + pub score: f64, + pub reason: AnomalyReason, +} + +impl Alert { + fn from_anomaly(anomaly: AnomalyScore) -> Self { + let priority = if anomaly.score >= 0.9 { + AlertPriority::Critical + } else if anomaly.score >= 0.7 { + AlertPriority::Warning + } else { + AlertPriority::Info + }; + + Self { + timestamp: Utc::now(), + priority, + node: anomaly.node, + score: anomaly.score, + reason: anomaly.reason, + } + } +} + +/// Anomaly alert system +pub struct AnomalyAlertSystem { + alerts: Arc>>, + max_alerts: usize, +} + +impl AnomalyAlertSystem { + /// Create new alert system + pub fn new() -> Self { + Self { + alerts: Arc::new(Mutex::new(Vec::new())), + max_alerts: 1000, + } + } + + /// Create with custom capacity + pub fn with_capacity(max_alerts: usize) -> Self { + Self { + alerts: Arc::new(Mutex::new(Vec::with_capacity(max_alerts))), + max_alerts, + } + } + + /// Emit an alert from anomaly score + pub fn emit(&self, anomaly: AnomalyScore) { + let alert = Alert::from_anomaly(anomaly); + + // Log based on priority + match alert.priority { + AlertPriority::Critical => { + error!( + "🚨 P0 CRITICAL ANOMALY: node={}, score={:.3}, reason={:?}", + alert.node, alert.score, alert.reason + ); + } + AlertPriority::Warning => { + warn!( + "⚠ī¸ P1 WARNING: node={}, score={:.3}, reason={:?}", + alert.node, alert.score, alert.reason + ); + } + AlertPriority::Info => { + info!( + "ℹī¸ P2 INFO: node={}, score={:.3}, reason={:?}", + alert.node, alert.score, alert.reason + ); + } + } + + // Store alert + let mut alerts = self.alerts.lock().unwrap(); + + // Enforce max capacity (FIFO eviction) + if alerts.len() >= self.max_alerts { + alerts.remove(0); + } + + alerts.push(alert); + } + + /// Get all critical (P0) alerts + pub fn get_critical_alerts(&self) -> Vec { + let alerts = self.alerts.lock().unwrap(); + alerts + .iter() + .filter(|a| a.priority == AlertPriority::Critical) + .cloned() + .collect() + } + + /// Get all alerts above a priority threshold + pub fn get_alerts_above(&self, min_priority: AlertPriority) -> Vec { + let alerts = self.alerts.lock().unwrap(); + alerts + .iter() + .filter(|a| a.priority <= min_priority) + .cloned() + .collect() + } + + /// Get alert count by priority + pub fn count_by_priority(&self, priority: AlertPriority) -> usize { + let alerts = self.alerts.lock().unwrap(); + alerts.iter().filter(|a| a.priority == priority).count() + } + + /// Clear all alerts + pub fn clear(&self) { + let mut alerts = self.alerts.lock().unwrap(); + alerts.clear(); + } + + /// Get total alert count + pub fn total_count(&self) -> usize { + let alerts = self.alerts.lock().unwrap(); + alerts.len() + } +} + +impl Default for AnomalyAlertSystem { + fn default() -> Self { + Self::new() + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_alert_priority_from_score() { + let anomaly_critical = AnomalyScore { + node: 1, + score: 0.95, + reason: AnomalyReason::NegativeCycle, + }; + + let alert = Alert::from_anomaly(anomaly_critical); + assert_eq!(alert.priority, AlertPriority::Critical); + + let anomaly_warning = AnomalyScore { + node: 2, + score: 0.75, + reason: AnomalyReason::NegativeCycle, + }; + + let alert = Alert::from_anomaly(anomaly_warning); + assert_eq!(alert.priority, AlertPriority::Warning); + } + + #[test] + fn test_alert_system_capacity() { + let system = AnomalyAlertSystem::with_capacity(3); + + for i in 0..5 { + let anomaly = AnomalyScore { + node: i, + score: 0.9, + reason: AnomalyReason::NegativeCycle, + }; + system.emit(anomaly); + } + + // Should only keep last 3 alerts + assert_eq!(system.total_count(), 3); + } + + #[test] + fn test_filter_by_priority() { + let system = AnomalyAlertSystem::new(); + + // Add mix of priorities + system.emit(AnomalyScore { node: 1, score: 0.95, reason: AnomalyReason::NegativeCycle }); + system.emit(AnomalyScore { node: 2, score: 0.75, reason: AnomalyReason::LowCoverage }); + system.emit(AnomalyScore { node: 3, score: 0.55, reason: AnomalyReason::BpDivergence }); + + let critical = system.get_critical_alerts(); + assert_eq!(critical.len(), 1); + assert_eq!(critical[0].node, 1); + + let warnings_and_above = system.get_alerts_above(AlertPriority::Warning); + assert_eq!(warnings_and_above.len(), 2); + } +} diff --git a/membrane-agent/src/event_listener.rs b/membrane-agent/src/event_listener.rs new file mode 100644 index 0000000..2e8f10f --- /dev/null +++ b/membrane-agent/src/event_listener.rs @@ -0,0 +1,137 @@ +//! Event Listener - L0 UTCP event monitoring stub +//! +//! Placeholder for future L0 integration via IPC/shared memory. + +use tokio::sync::mpsc; +use std::time::Duration; + +/// L0 transport events +#[derive(Debug, Clone)] +pub enum L0Event { + /// Packet received from peer + PacketReceived { + sender_did: [u8; 32], + packet_type: u8, + payload_size: usize, + }, + + /// Connection established with peer + ConnectionEstablished { + peer_did: [u8; 32], + }, + + /// Connection dropped + ConnectionDropped { + peer_did: [u8; 32], + reason: String, + }, +} + +/// Event listener configuration +#[derive(Debug, Clone)] +pub struct EventListenerConfig { + /// Channel buffer size + pub buffer_size: usize, + /// Polling interval (for stub mode) + pub poll_interval_ms: u64, +} + +impl Default for EventListenerConfig { + fn default() -> Self { + Self { + buffer_size: 1000, + poll_interval_ms: 100, + } + } +} + +/// Event listener for L0 transport events +pub struct EventListener { + #[allow(dead_code)] + event_tx: mpsc::Sender, + config: EventListenerConfig, +} + +impl EventListener { + /// Create new event listener + pub fn new(config: EventListenerConfig) -> (Self, mpsc::Receiver) { + let (tx, rx) = mpsc::channel(config.buffer_size); + ( + Self { + event_tx: tx, + config, + }, + rx, + ) + } + + /// Start listening for L0 events (stub implementation) + pub async fn start(&self) -> Result<(), EventListenerError> { + tracing::info!("🎧 Event listener started (STUB MODE)"); + tracing::info!(" TODO: Integrate with L0 UTCP via IPC/shared memory"); + + // TODO: Replace with actual L0 integration + // For now, just keep the task alive + loop { + tokio::time::sleep(Duration::from_millis(self.config.poll_interval_ms)).await; + } + } + + /// Inject a test event (for testing) + #[cfg(test)] + pub async fn inject_event(&self, event: L0Event) -> Result<(), EventListenerError> { + self.event_tx + .send(event) + .await + .map_err(|_| EventListenerError::ChannelClosed) + } +} + +/// Event listener errors +#[derive(Debug, thiserror::Error)] +pub enum EventListenerError { + #[error("Event channel closed")] + ChannelClosed, + + #[error("L0 integration not implemented")] + NotImplemented, +} + +#[cfg(test)] +mod tests { + use super::*; + + #[tokio::test] + async fn test_event_listener_creation() { + let config = EventListenerConfig::default(); + let (_listener, mut rx) = EventListener::new(config); + + // Should not block + tokio::select! { + _ = rx.recv() => panic!("Should not receive events in stub mode"), + _ = tokio::time::sleep(Duration::from_millis(10)) => {} + } + } + + #[tokio::test] + async fn test_inject_event() { + let config = EventListenerConfig::default(); + let (listener, mut rx) = EventListener::new(config); + + let test_event = L0Event::PacketReceived { + sender_did: [1u8; 32], + packet_type: 42, + payload_size: 1024, + }; + + listener.inject_event(test_event).await.unwrap(); + + let received = rx.recv().await.unwrap(); + match received { + L0Event::PacketReceived { packet_type, .. } => { + assert_eq!(packet_type, 42); + } + _ => panic!("Wrong event type"), + } + } +} diff --git a/membrane-agent/src/lib.rs b/membrane-agent/src/lib.rs index 8d83695..50acac7 100644 --- a/membrane-agent/src/lib.rs +++ b/membrane-agent/src/lib.rs @@ -3,8 +3,14 @@ //! Library components for the Membrane Agent daemon. pub mod qvl_ffi; +pub mod policy_enforcer; +pub mod anomaly_alerts; +pub mod event_listener; pub use qvl_ffi::{ QvlClient, QvlError, AnomalyScore, AnomalyReason, PopVerdict, QvlRiskEdge, }; +pub use policy_enforcer::{PolicyEnforcer, PolicyDecision}; +pub use anomaly_alerts::{AnomalyAlertSystem, Alert, AlertPriority}; +pub use event_listener::{EventListener, EventListenerConfig, L0Event}; diff --git a/membrane-agent/src/main.rs b/membrane-agent/src/main.rs index d66922c..3a24ef8 100644 --- a/membrane-agent/src/main.rs +++ b/membrane-agent/src/main.rs @@ -2,8 +2,13 @@ //! //! L2 trust-based policy enforcement daemon for Libertaria. -use membrane_agent::QvlClient; -use tracing::{info, error}; +use membrane_agent::{ + QvlClient, PolicyEnforcer, AnomalyAlertSystem, + EventListener, EventListenerConfig, L0Event, PolicyDecision, +}; +use std::sync::Arc; +use std::time::Duration; +use tracing::{info, warn, error}; #[tokio::main] async fn main() -> Result<(), Box> { @@ -13,22 +18,112 @@ async fn main() -> Result<(), Box> { info!("🛡ī¸ Membrane Agent starting..."); // Initialize QVL client - let qvl = QvlClient::new()?; + let qvl = Arc::new(QvlClient::new()?); info!("✅ QVL client initialized"); - // Test basic functionality - let reputation = qvl.get_reputation(0)?; - info!("Node 0 reputation: {:.2}", reputation); + // Initialize components + let policy_enforcer = Arc::new(PolicyEnforcer::new(qvl.clone())); + let alert_system = Arc::new(AnomalyAlertSystem::new()); + let config = EventListenerConfig::default(); + let (event_listener, mut event_rx) = EventListener::new(config); - let anomaly = qvl.detect_betrayal(0)?; - info!("Betrayal check: score={:.2}, reason={:?}", anomaly.score, anomaly.reason); + info!("✅ Policy enforcer initialized"); + info!("✅ Alert system initialized"); + info!("✅ Event listener initialized"); - info!("🚀 Membrane Agent running (stub mode)"); - info!("TODO: Implement event listener, policy enforcer, alert system"); + // Spawn event listener task + let listener_handle = tokio::spawn(async move { + if let Err(e) = event_listener.start().await { + error!("Event listener error: {}", e); + } + }); - // Keep daemon alive - tokio::signal::ctrl_c().await?; - info!("Shutting down..."); + // Spawn periodic betrayal detection + let qvl_clone = qvl.clone(); + let alerts_clone = alert_system.clone(); + let betrayal_handle = tokio::spawn(async move { + let mut interval = tokio::time::interval(Duration::from_secs(10)); + + loop { + interval.tick().await; + + // TODO: Get actual node list from registry + // For now, check a small set of test nodes + for node_id in 0..10 { + match qvl_clone.detect_betrayal(node_id) { + Ok(anomaly) if anomaly.score > 0.5 => { + alerts_clone.emit(anomaly); + } + Ok(_) => {}, // No anomaly + Err(e) => { + warn!("Betrayal check failed for node {}: {}", node_id, e); + } + } + } + + // Log alert stats every cycle + let p0_count = alerts_clone.count_by_priority(membrane_agent::AlertPriority::Critical); + let p1_count = alerts_clone.count_by_priority(membrane_agent::AlertPriority::Warning); + + if p0_count > 0 || p1_count > 0 { + info!("📊 Alert stats: P0={}, P1={}", p0_count, p1_count); + } + } + }); + + info!("🚀 Membrane Agent running"); + info!(" - Event listener: STUB MODE (TODO: L0 integration)"); + info!(" - Betrayal detection: every 10 seconds"); + info!(" - Policy enforcement: ready"); + + // Main event loop + loop { + tokio::select! { + Some(event) = event_rx.recv() => { + match event { + L0Event::PacketReceived { sender_did, packet_type, payload_size } => { + let decision = policy_enforcer.should_accept_packet(&sender_did); + + match decision { + PolicyDecision::Accept => { + info!("✅ ACCEPT packet type={} size={} from={:?}", + packet_type, payload_size, &sender_did[..4]); + }, + PolicyDecision::Deprioritize => { + warn!("âŦ‡ī¸ DEPRIORITIZE packet type={} from={:?}", + packet_type, &sender_did[..4]); + }, + PolicyDecision::Drop => { + error!("đŸšĢ DROP packet type={} from={:?}", + packet_type, &sender_did[..4]); + }, + PolicyDecision::Neutral => { + info!("âšĒ NEUTRAL packet type={} from={:?} (no trust data)", + packet_type, &sender_did[..4]); + }, + } + }, + L0Event::ConnectionEstablished { peer_did } => { + info!("🔗 Connection established with {:?}", &peer_did[..4]); + }, + L0Event::ConnectionDropped { peer_did, reason } => { + warn!("❌ Connection dropped with {:?}: {}", &peer_did[..4], reason); + }, + } + }, + + _ = tokio::signal::ctrl_c() => { + info!("Received Ctrl+C, shutting down..."); + break; + } + } + } + + // Cleanup + listener_handle.abort(); + betrayal_handle.abort(); + + info!("Membrane Agent stopped"); Ok(()) } diff --git a/membrane-agent/src/policy_enforcer.rs b/membrane-agent/src/policy_enforcer.rs new file mode 100644 index 0000000..6781d20 --- /dev/null +++ b/membrane-agent/src/policy_enforcer.rs @@ -0,0 +1,121 @@ +//! Policy Enforcer - Trust-based routing and access control +//! +//! Queries QVL for trust scores and makes policy decisions. + +use crate::qvl_ffi::{QvlClient, QvlError}; +use std::sync::Arc; + +/// Policy decision for packet handling +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +pub enum PolicyDecision { + /// Accept packet for normal processing/relay + Accept, + /// Deprioritize packet (low-priority queue) + Deprioritize, + /// Drop packet silently + Drop, + /// Treat as neutral (no trust data available) + Neutral, +} + +/// Trust-based policy enforcer +pub struct PolicyEnforcer { + qvl: Arc, + + // Policy thresholds + drop_threshold: f64, // Below this: drop + untrusted_threshold: f64, // Below this: deprioritize +} + +impl PolicyEnforcer { + /// Create new policy enforcer + pub fn new(qvl: Arc) -> Self { + Self { + qvl, + drop_threshold: 0.1, // Drop if trust < 0.1 + untrusted_threshold: 0.5, // Deprioritize if trust < 0.5 + } + } + + /// Create with custom thresholds + pub fn with_thresholds( + qvl: Arc, + drop_threshold: f64, + untrusted_threshold: f64, + ) -> Self { + Self { + qvl, + drop_threshold, + untrusted_threshold, + } + } + + /// Decide whether to accept a packet from a DID + pub fn should_accept_packet(&self, sender_did: &[u8; 32]) -> PolicyDecision { + match self.qvl.get_trust_score(sender_did) { + Ok(score) if score < self.drop_threshold => PolicyDecision::Drop, + Ok(score) if score < self.untrusted_threshold => PolicyDecision::Deprioritize, + Ok(_) => PolicyDecision::Accept, + Err(QvlError::TrustScoreFailed) | Err(QvlError::InvalidDid) => PolicyDecision::Neutral, + Err(_) => PolicyDecision::Neutral, + } + } + + /// Check if a node should be flagged for betrayal + pub fn check_for_betrayal(&self, node_id: u32) -> Option { + match self.qvl.detect_betrayal(node_id) { + Ok(anomaly) if anomaly.score > 0.7 => Some(anomaly.score), + _ => None, + } + } + + /// Batch check multiple nodes for betrayal + pub fn batch_check_betrayal(&self, node_ids: &[u32]) -> Vec<(u32, f64)> { + node_ids + .iter() + .filter_map(|&node_id| { + self.check_for_betrayal(node_id) + .map(|score| (node_id, score)) + }) + .collect() + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_policy_enforcer_neutral() { + let qvl = Arc::new(QvlClient::new().unwrap()); + let enforcer = PolicyEnforcer::new(qvl); + + let unknown_did = [0u8; 32]; + let decision = enforcer.should_accept_packet(&unknown_did); + + // Unknown DIDs should be treated as neutral + assert_eq!(decision, PolicyDecision::Neutral); + } + + #[test] + fn test_betrayal_check_clean_graph() { + let qvl = Arc::new(QvlClient::new().unwrap()); + let enforcer = PolicyEnforcer::new(qvl); + + // Empty graph should have no betrayal + let result = enforcer.check_for_betrayal(0); + assert_eq!(result, None); + } + + #[test] + fn test_batch_check() { + let qvl = Arc::new(QvlClient::new().unwrap()); + let enforcer = PolicyEnforcer::new(qvl); + + let nodes = vec![0, 1, 2, 3, 4]; + let betrayals = enforcer.batch_check_betrayal(&nodes); + + // Clean graph should have no betrayals + assert_eq!(betrayals.len(), 0); + } +}