daarion-admin/microdao-daarion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3de3c8cb36bc6173708944179f5cca6bc3231f22
microdao-daarion/services/agent-runtime/pep_client.py
Apple 3de3c8cb36 feat: Add presence heartbeat for Matrix online status 
- matrix-gateway: POST /internal/matrix/presence/online endpoint
- usePresenceHeartbeat hook with activity tracking
- Auto away after 5 min inactivity
- Offline on page close/visibility change
- Integrated in MatrixChatRoom component
2025-11-27 00:19:40 -08:00

76 lines
2.3 KiB
Python
Raw Blame History

"""
PEP Client for agent-runtime
Policy Enforcement Point - enforces tool execution permissions
"""
import httpx
import os
from typing import Optional, Dict, Any
PDP_SERVICE_URL = os.getenv("PDP_SERVICE_URL", "http://pdp-service:7012")
class PEPClient:
"""Client for Policy Enforcement Point"""
def __init__(self):
self.pdp_url = PDP_SERVICE_URL
async def check_tool_permission(
self,
agent_id: str,
tool_id: str,
microdao_id: Optional[str] = None,
context: Optional[Dict[str, Any]] = None
) -> bool:
"""
Check if agent has permission to execute tool
Returns True if permitted, False if denied
"""
actor = {
"actor_id": agent_id,
"actor_type": "agent",
"microdao_ids": [microdao_id] if microdao_id else [],
"roles": []
}
try:
async with httpx.AsyncClient(timeout=5.0) as client:
response = await client.post(
f"{self.pdp_url}/internal/pdp/evaluate",
json={
"actor": actor,
"action": "exec_tool",
"resource": {
"type": "tool",
"id": tool_id
},
"context": context or {}
}
)
response.raise_for_status()
decision = response.json()
if decision["effect"] == "permit":
print(f"✅ PDP: {agent_id} permitted to execute {tool_id}")
return True
else:
reason = decision.get("reason", "access_denied")
print(f"❌ PDP: {agent_id} denied tool {tool_id}: {reason}")
return False
except httpx.HTTPStatusError as e:
print(f"⚠️ PDP service error: {e.response.status_code}")
# Fallback: deny (secure default)
return False
except Exception as e:
print(f"⚠️ PDP service unavailable: {e}")
# Fallback: allow for Phase 4 testing
return True
# Global PEP client instance
pep_client = PEPClient()
Reference in New Issue View Git Blame Copy Permalink