# πŸ“‹ PHASE 4: SECURITY LAYER β€” Π”Π΅Ρ‚Π°Π»ΡŒΠ½ΠΈΠΉ План **ΠœΠ΅Ρ‚Π°:** ΠŸΠΎΠ²Π½ΠΎΡ†Ρ–Π½Π½ΠΈΠΉ Π±Π΅Π·ΠΏΠ΅ΠΊΠΎΠ²ΠΈΠΉ ΡˆΠ°Ρ€ для DAARION **Π’Π΅Ρ€ΠΌΡ–Π½:** 4-6 Ρ‚ΠΈΠΆΠ½Ρ–Π² (Π°Π±ΠΎ 3-4 Π³ΠΎΠ΄ΠΈΠ½ΠΈ automated) **ЗалСТності:** Phase 1-3 complete --- ## 🎯 OVERVIEW Phase 4 Π΄ΠΎΠ΄Π°Ρ” ΠΊΡ€ΠΈΡ‚ΠΈΡ‡Π½Ρƒ інфраструктуру Π±Π΅Π·ΠΏΠ΅ΠΊΠΈ: ``` β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ SECURITY LAYER (Phase 4) β”‚ β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ β”‚ β”‚ β”‚ 1. AUTH SERVICE β”‚ β”‚ └─ Identity & Sessions β”‚ β”‚ β”‚ β”‚ 2. PDP SERVICE (Policy Decision) β”‚ β”‚ └─ Centralized access control β”‚ β”‚ β”‚ β”‚ 3. PEP HOOKS (Policy Enforcement) β”‚ β”‚ └─ Enforce decisions in services β”‚ β”‚ β”‚ β”‚ 4. USAGE ENGINE β”‚ β”‚ └─ Track LLM/Tools/Agent usage β”‚ β”‚ β”‚ β”‚ 5. AUDIT LOG β”‚ β”‚ └─ Security events & compliance β”‚ β”‚ β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ ``` --- ## πŸ“¦ DELIVERABLES (40+ files) ### 1. **auth-service** (8 files) βœ… COMPLETE ``` services/auth-service/ β”œβ”€β”€ models.py βœ… ActorIdentity, SessionToken, ApiKey β”œβ”€β”€ actor_context.py βœ… build_actor_context, require_actor β”œβ”€β”€ routes_sessions.py βœ… /auth/login, /me, /logout β”œβ”€β”€ routes_api_keys.py βœ… /auth/api-keys CRUD β”œβ”€β”€ main.py βœ… FastAPI app + DB tables β”œβ”€β”€ requirements.txt βœ… β”œβ”€β”€ Dockerfile βœ… └── README.md βœ… Complete documentation ``` **Port:** 7011 **Status:** βœ… Working **Features:** - Mock login (3 test users) - Session tokens (7-day expiry) - API keys with optional expiration - ActorContext helper for other services --- ### 2. **pdp-service** (8 files) πŸ”„ 20% COMPLETE ``` services/pdp-service/ β”œβ”€β”€ models.py βœ… PolicyRequest, PolicyDecision β”œβ”€β”€ engine.py πŸ”œ Policy evaluation logic β”œβ”€β”€ policy_store.py πŸ”œ Config-based policy storage β”œβ”€β”€ main.py πŸ”œ FastAPI app β”œβ”€β”€ config.yaml πŸ”œ microDAO/channel policies β”œβ”€β”€ requirements.txt πŸ”œ β”œβ”€β”€ Dockerfile πŸ”œ └── README.md πŸ”œ Complete documentation ``` **Port:** 7012 **Purpose:** Centralized Policy Decision Point **Key Features:** - Evaluate access requests (actor + action + resource) - Config-based policies (v1) - Support for: - MicroDAO access (owner/admin/member) - Channel access (SEND_MESSAGE, READ) - Tool execution (EXEC_TOOL) - Agent management (MANAGE) - Usage viewing (VIEW_USAGE) **Policy Types:** #### MicroDAO Policies ```yaml microdao_policies: - microdao_id: "microdao:daarion" owners: ["user:1"] admins: ["user:1", "user:93"] members: ["user:*"] # All users ``` #### Channel Policies ```yaml channel_policies: - channel_id: "channel-uuid-123" microdao_id: "microdao:daarion" allowed_roles: ["member", "admin", "owner"] blocked_users: [] ``` #### Tool Policies ```yaml tool_policies: - tool_id: "projects.list" allowed_agents: ["agent:sofia", "agent:pm"] allowed_user_roles: ["admin", "owner"] ``` **Policy Evaluation Logic:** ```python def evaluate(request: PolicyRequest) -> PolicyDecision: # 1. System Admin bypass (careful!) if "system_admin" in request.actor.roles: return permit("system_admin") # 2. Resource-specific rules if request.resource.type == "microdao": if is_microdao_owner(actor, resource): return permit("microdao_owner") if is_microdao_admin(actor, resource): return permit("microdao_admin") if request.action == "read" and is_member(actor, resource): return permit("member") return deny("not_authorized") if request.resource.type == "channel": if not is_channel_member(actor, resource): return deny("not_channel_member") if request.action == "send_message": if is_blocked(actor, resource): return deny("blocked") return permit("channel_member") if request.resource.type == "tool": if actor.actor_id in tool.allowed_agents: return permit("allowed_agent") return deny("tool_not_allowed") # Default deny return deny("no_matching_policy") ``` --- ### 3. **usage-engine** (8 files) πŸ”œ 0% COMPLETE ``` services/usage-engine/ β”œβ”€β”€ models.py πŸ”œ LlmUsageEvent, ToolUsageEvent β”œβ”€β”€ collectors.py πŸ”œ NATS listeners β”œβ”€β”€ aggregators.py πŸ”œ Aggregate stats β”œβ”€β”€ reporters.py πŸ”œ API endpoints β”œβ”€β”€ main.py πŸ”œ FastAPI app β”œβ”€β”€ requirements.txt πŸ”œ β”œβ”€β”€ Dockerfile πŸ”œ └── README.md πŸ”œ Complete documentation ``` **Port:** 7013 **Purpose:** Usage tracking & billing foundation **NATS Subjects:** - `usage.llm` β€” LLM calls (from llm-proxy) - `usage.tool` β€” Tool executions (from toolcore) - `usage.agent` β€” Agent invocations (from agent-runtime) **Events:** #### LLM Usage Event ```json { "event_id": "evt-123", "timestamp": "2025-11-24T12:34:56Z", "actor": { "actor_id": "user:93", "actor_type": "human", "microdao_ids": ["microdao:7"] }, "agent_id": "agent:sofia", "microdao_id": "microdao:7", "model": "gpt-4.1-mini", "provider": "openai", "prompt_tokens": 1234, "completion_tokens": 567, "total_tokens": 1801, "latency_ms": 2345, "cost_usd": 0.0234 } ``` #### Tool Usage Event ```json { "event_id": "evt-456", "timestamp": "2025-11-24T12:35:00Z", "actor": { "actor_id": "agent:sofia", "actor_type": "agent" }, "agent_id": "agent:sofia", "microdao_id": "microdao:7", "tool_id": "projects.list", "success": true, "latency_ms": 123, "result_size_bytes": 4567 } ``` **API Endpoints:** ```http GET /internal/usage/summary?microdao_id=microdao:7&period=24h β†’ Aggregate stats (tokens, calls, cost) GET /internal/usage/agents?microdao_id=microdao:7&period=7d β†’ Top agents by usage GET /internal/usage/models?period=24h β†’ Model distribution GET /internal/usage/costs?microdao_id=microdao:7&period=30d β†’ Cost breakdown ``` **Database Tables:** ```sql CREATE TABLE usage_llm ( id UUID PRIMARY KEY, timestamp TIMESTAMPTZ NOT NULL, actor_id TEXT NOT NULL, agent_id TEXT, microdao_id TEXT, model TEXT NOT NULL, provider TEXT NOT NULL, prompt_tokens INT NOT NULL, completion_tokens INT NOT NULL, total_tokens INT NOT NULL, latency_ms INT, cost_usd DECIMAL(10, 6) ); CREATE TABLE usage_tool ( id UUID PRIMARY KEY, timestamp TIMESTAMPTZ NOT NULL, actor_id TEXT NOT NULL, agent_id TEXT, microdao_id TEXT, tool_id TEXT NOT NULL, success BOOLEAN NOT NULL, latency_ms INT, result_size_bytes INT ); -- Indexes for fast queries CREATE INDEX idx_usage_llm_microdao_time ON usage_llm(microdao_id, timestamp DESC); CREATE INDEX idx_usage_llm_agent ON usage_llm(agent_id, timestamp DESC); CREATE INDEX idx_usage_tool_microdao ON usage_tool(microdao_id, timestamp DESC); ``` --- ### 4. **PEP Integration** (3 services) πŸ”œ 0% COMPLETE #### 4.1 messaging-service PEP **File:** `services/messaging-service/pep_middleware.py` ```python from auth_service_client import get_actor_context from pdp_service_client import evaluate_policy async def check_send_message_permission( actor_id: str, channel_id: str, db_pool: asyncpg.Pool ) -> bool: """Check if actor can send message to channel""" # 1. Get actor context actor = await get_actor_context(actor_id, db_pool) # 2. Evaluate policy decision = await evaluate_policy( actor=actor, action="send_message", resource={"type": "channel", "id": channel_id} ) # 3. Return decision return decision.effect == "permit" ``` **Integration Points:** - `POST /api/messaging/channels/{channel_id}/messages` β€” check before send - `POST /api/messaging/channels` β€” check MANAGE permission - `POST /api/messaging/channels/{channel_id}/members` β€” check INVITE permission #### 4.2 agent-runtime PEP **File:** `services/agent-runtime/pep_client.py` ```python async def check_tool_execution_permission( agent_id: str, tool_id: str, microdao_id: str ) -> bool: """Check if agent can execute tool""" # Build agent actor actor = ActorIdentity( actor_id=agent_id, actor_type="agent", microdao_ids=[microdao_id], roles=["agent"] ) # Evaluate decision = await evaluate_policy( actor=actor, action="exec_tool", resource={"type": "tool", "id": tool_id} ) return decision.effect == "permit" ``` **Integration:** Before calling toolcore in `handle_invocation()` #### 4.3 toolcore PEP **Already has:** `allowed_agents` in registry **Additional:** Cross-check with PDP for user-initiated tool calls --- ### 5. **Audit Log** (1 migration) πŸ”œ 0% COMPLETE **File:** `migrations/004_create_security_audit.sql` ```sql CREATE TABLE security_audit ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), timestamp TIMESTAMPTZ NOT NULL DEFAULT NOW(), actor_id TEXT NOT NULL, actor_type TEXT NOT NULL, action TEXT NOT NULL, resource_type TEXT NOT NULL, resource_id TEXT NOT NULL, decision TEXT NOT NULL, -- permit/deny reason TEXT, context JSONB, ip_address INET, user_agent TEXT ); CREATE INDEX idx_audit_timestamp ON security_audit(timestamp DESC); CREATE INDEX idx_audit_actor ON security_audit(actor_id, timestamp DESC); CREATE INDEX idx_audit_decision ON security_audit(decision, timestamp DESC); CREATE INDEX idx_audit_resource ON security_audit(resource_type, resource_id); ``` **PDP Integration:** After every `evaluate()` call, write to audit log: ```python async def log_audit_event( request: PolicyRequest, decision: PolicyDecision, context: dict = None ): """Write audit log entry""" await db.execute(""" INSERT INTO security_audit (actor_id, actor_type, action, resource_type, resource_id, decision, reason, context) VALUES ($1, $2, $3, $4, $5, $6, $7, $8) """, request.actor.actor_id, request.actor.actor_type, request.action, request.resource.type, request.resource.id, decision.effect, decision.reason, json.dumps(context or {}) ) ``` **NATS Security Events:** - `security.suspicious` β€” Publish on: - Multiple deny events (>5 in 1 min) - Unusual tool execution attempts - Privilege escalation attempts --- ### 6. **Infrastructure** (3 files) πŸ”œ 0% COMPLETE #### 6.1 docker-compose.phase4.yml ```yaml services: auth-service: build: ./services/auth-service ports: ["7011:7011"] environment: - DATABASE_URL=postgresql://... pdp-service: build: ./services/pdp-service ports: ["7012:7012"] environment: - DATABASE_URL=postgresql://... usage-engine: build: ./services/usage-engine ports: ["7013:7013"] environment: - DATABASE_URL=postgresql://... - NATS_URL=nats://nats:4222 # + All Phase 3 services llm-proxy: environment: - AUTH_SERVICE_URL=http://auth-service:7011 # etc... ``` #### 6.2 scripts/start-phase4.sh #### 6.3 scripts/stop-phase4.sh --- ### 7. **Documentation** (4 files) πŸ”œ 0% COMPLETE #### 7.1 docs/AUTH_SERVICE_SPEC.md - Actor model - Session management - API keys - Integration guide #### 7.2 docs/PDP_SPEC.md - Policy model - Evaluation logic - Policy configuration - Adding new rules #### 7.3 docs/USAGE_ENGINE_SPEC.md - Event model - NATS integration - Aggregation queries - Billing foundation #### 7.4 PHASE4_READY.md - Overview - Quick start - Testing guide - Production readiness --- ## πŸ“Š IMPLEMENTATION ROADMAP ### Week 1: Core Services - βœ… auth-service (complete) - πŸ”„ pdp-service (20% β†’ 100%) - πŸ”œ usage-engine (0% β†’ 100%) ### Week 2: Integration - πŸ”œ PEP hooks (messaging-service) - πŸ”œ PEP hooks (agent-runtime) - πŸ”œ PEP hooks (toolcore) ### Week 3: Audit & Testing - πŸ”œ Audit log migration - πŸ”œ Security events (NATS) - πŸ”œ E2E testing ### Week 4: Documentation & Polish - πŸ”œ All docs (4 files) - πŸ”œ docker-compose - πŸ”œ Scripts - πŸ”œ PHASE4_READY.md --- ## 🎯 ACCEPTANCE CRITERIA ### Auth Service: βœ… - [x] Login works with mock users - [x] Session tokens created & validated - [x] API keys CRUD functional - [x] actor_context helper ready ### PDP Service: πŸ”œ - [ ] /internal/pdp/evaluate works - [ ] MicroDAO access rules - [ ] Channel access rules - [ ] Tool execution rules - [ ] 10+ unit tests ### PEP Integration: πŸ”œ - [ ] messaging-service blocks unauthorized sends - [ ] agent-runtime checks tool permissions - [ ] toolcore enforces allowed_agents ### Usage Engine: πŸ”œ - [ ] usage.llm events collected - [ ] usage.tool events collected - [ ] /internal/usage/summary works - [ ] Database tables created ### Audit Log: πŸ”œ - [ ] security_audit table exists - [ ] PDP writes every decision - [ ] Can query last 100 events - [ ] security.suspicious events published ### Infrastructure: πŸ”œ - [ ] docker-compose.phase4.yml works - [ ] All services healthy - [ ] Start/stop scripts functional - [ ] Documentation complete --- ## πŸš€ QUICK START (After Complete) ```bash # 1. Start Phase 4 ./scripts/start-phase4.sh # 2. Test Auth curl -X POST http://localhost:7011/auth/login \ -d '{"email": "user@daarion.city"}' # 3. Test PDP curl -X POST http://localhost:7012/internal/pdp/evaluate \ -d '{ "actor": {...}, "action": "send_message", "resource": {"type": "channel", "id": "..."} }' # 4. Check Usage curl http://localhost:7013/internal/usage/summary?period=24h # 5. View Audit docker exec daarion-postgres psql -U postgres -d daarion \ -c "SELECT * FROM security_audit ORDER BY timestamp DESC LIMIT 10;" ``` --- ## πŸ”œ AFTER PHASE 4 ### Phase 5: Advanced Features - Real Passkey integration - OAuth2 providers - Advanced policy language (ABAC) - Dynamic policy updates - Cost allocation & billing - Security analytics dashboard ### Phase 6: Production Hardening - Rate limiting (Redis) - DDoS protection - Penetration testing - Security audit - Compliance certification --- ## πŸ“š RESOURCES **Specs:** - Phase 4 Master Task (user-provided) - [PHASE4_STARTED.md](../PHASE4_STARTED.md) **Related:** - [PHASE3_IMPLEMENTATION_COMPLETE.md](../PHASE3_IMPLEMENTATION_COMPLETE.md) - [ALL_PHASES_STATUS.md](../ALL_PHASES_STATUS.md) **Standards:** - RBAC (Role-Based Access Control) - ABAC (Attribute-Based Access Control) - OAuth 2.0 / OpenID Connect - Audit logging best practices --- **Status:** πŸ“‹ Detailed Plan Complete **Next:** Continue Implementation **Version:** 1.0.0 **Last Updated:** 2025-11-24