Squashed 'vendor/ruvector/' content from commit b64c2172

git-subtree-dir: vendor/ruvector git-subtree-split: b64c21726f2bb37286d9ee36a7869fef60cc6900
2026-02-28 14:39:40 -05:00
commit d803bfe2b1
7854 changed files with 3522914 additions and 0 deletions
--- a/crates/cognitum-gate-tilezero/examples/basic_gate.rs
+++ b/crates/cognitum-gate-tilezero/examples/basic_gate.rs
@@ -0,0 +1,93 @@
+//! Basic Coherence Gate Example
+//!
+//! This example demonstrates:
+//! - Creating a TileZero arbiter
+//! - Evaluating an action
+//! - Verifying the permit token
+//!
+//! Run with: cargo run --example basic_gate
+
+use cognitum_gate_tilezero::{
+    ActionContext, ActionMetadata, ActionTarget, GateDecision, GateThresholds, TileZero,
+};
+use std::collections::HashMap;
+
+#[tokio::main]
+async fn main() -> Result<(), Box<dyn std::error::Error>> {
+    println!("=== Cognitum Coherence Gate - Basic Example ===\n");
+
+    // Create TileZero with default thresholds
+    let thresholds = GateThresholds::default();
+    let tilezero = TileZero::new(thresholds);
+
+    println!("TileZero initialized with thresholds:");
+    println!("  Min cut: {}", tilezero.thresholds().min_cut);
+    println!("  Max shift: {}", tilezero.thresholds().max_shift);
+    println!(
+        "  Deny threshold (tau_deny): {}",
+        tilezero.thresholds().tau_deny
+    );
+    println!(
+        "  Permit threshold (tau_permit): {}",
+        tilezero.thresholds().tau_permit
+    );
+    println!();
+
+    // Create an action context
+    let action = ActionContext {
+        action_id: "config-push-001".to_string(),
+        action_type: "config_change".to_string(),
+        target: ActionTarget {
+            device: Some("router-west-03".to_string()),
+            path: Some("/network/interfaces/eth0".to_string()),
+            extra: HashMap::new(),
+        },
+        context: ActionMetadata {
+            agent_id: "ops-agent-12".to_string(),
+            session_id: Some("sess-abc123".to_string()),
+            prior_actions: vec![],
+            urgency: "normal".to_string(),
+        },
+    };
+
+    println!("Evaluating action:");
+    println!("  ID: {}", action.action_id);
+    println!("  Type: {}", action.action_type);
+    println!("  Agent: {}", action.context.agent_id);
+    println!("  Target: {:?}", action.target.device);
+    println!();
+
+    // Evaluate the action
+    let token = tilezero.decide(&action).await;
+
+    // Display result
+    match token.decision {
+        GateDecision::Permit => {
+            println!("Decision: PERMIT");
+            println!("  The action is allowed to proceed.");
+        }
+        GateDecision::Defer => {
+            println!("Decision: DEFER");
+            println!("  Human review required.");
+        }
+        GateDecision::Deny => {
+            println!("Decision: DENY");
+            println!("  Action blocked due to safety concerns.");
+        }
+    }
+
+    println!("\nToken details:");
+    println!("  Sequence: {}", token.sequence);
+    println!("  Valid until: {} ns", token.timestamp + token.ttl_ns);
+    println!("  Witness hash: {:02x?}", &token.witness_hash[..8]);
+
+    // Verify the token
+    let verifier = tilezero.verifier();
+    match verifier.verify(&token) {
+        Ok(()) => println!("\nToken signature: VALID"),
+        Err(e) => println!("\nToken signature: INVALID - {:?}", e),
+    }
+
+    println!("\n=== Example Complete ===");
+    Ok(())
+}
--- a/crates/cognitum-gate-tilezero/examples/human_escalation.rs
+++ b/crates/cognitum-gate-tilezero/examples/human_escalation.rs
@@ -0,0 +1,114 @@
+//! Human Escalation Example
+//!
+//! This example demonstrates the hybrid agent/human workflow:
+//! - Detecting when human review is needed (DEFER)
+//! - Presenting the escalation context
+//!
+//! Run with: cargo run --example human_escalation
+
+use cognitum_gate_tilezero::{
+    ActionContext, ActionMetadata, ActionTarget, GateDecision, GateThresholds, TileZero,
+};
+use std::collections::HashMap;
+use std::io::{self, Write};
+
+#[tokio::main]
+async fn main() -> Result<(), Box<dyn std::error::Error>> {
+    println!("=== Cognitum Coherence Gate - Human Escalation Example ===\n");
+
+    // Create TileZero with conservative thresholds to trigger DEFER
+    let thresholds = GateThresholds {
+        min_cut: 15.0,  // Higher threshold
+        max_shift: 0.3, // Lower tolerance for shift
+        tau_deny: 0.01,
+        tau_permit: 100.0,
+        permit_ttl_ns: 300_000_000_000, // 5 minutes
+        theta_uncertainty: 10.0,
+        theta_confidence: 3.0,
+    };
+    let tilezero = TileZero::new(thresholds);
+
+    // Simulate a risky action
+    let action = ActionContext {
+        action_id: "critical-update-042".to_string(),
+        action_type: "database_migration".to_string(),
+        target: ActionTarget {
+            device: Some("production-db-primary".to_string()),
+            path: Some("/data/schema".to_string()),
+            extra: HashMap::new(),
+        },
+        context: ActionMetadata {
+            agent_id: "migration-agent".to_string(),
+            session_id: Some("migration-session".to_string()),
+            prior_actions: vec![],
+            urgency: "high".to_string(),
+        },
+    };
+
+    println!("Evaluating high-risk action:");
+    println!("  Type: {}", action.action_type);
+    println!("  Target: {:?}", action.target.device);
+    println!();
+
+    // Evaluate - this may trigger DEFER due to conservative thresholds
+    let token = tilezero.decide(&action).await;
+
+    if token.decision == GateDecision::Defer {
+        println!("Decision: DEFER - Human review required\n");
+
+        // Display escalation context
+        println!("┌─────────────────────────────────────────────────────┐");
+        println!("│  HUMAN DECISION REQUIRED                           │");
+        println!("├─────────────────────────────────────────────────────┤");
+        println!("│  Action: {}              │", action.action_id);
+        println!("│  Target: {:?}                 │", action.target.device);
+        println!("│                                                     │");
+        println!("│  Why deferred:                                      │");
+        println!("│  • High-risk target (production database)           │");
+        println!("│  • Action type: database_migration                  │");
+        println!("│                                                     │");
+        println!("│  Options:                                           │");
+        println!("│  [1] APPROVE - Allow the action                     │");
+        println!("│  [2] DENY   - Block the action                      │");
+        println!("│  [3] ESCALATE - Need more review                    │");
+        println!("└─────────────────────────────────────────────────────┘");
+        println!();
+
+        // Get human input
+        print!("Enter your decision (1/2/3): ");
+        io::stdout().flush()?;
+
+        let mut input = String::new();
+        io::stdin().read_line(&mut input)?;
+
+        match input.trim() {
+            "1" => {
+                println!("\nYou chose: APPROVE");
+                println!("In production, this would:");
+                println!("  - Record the approval with your identity");
+                println!("  - Generate a new PERMIT token");
+                println!("  - Log the decision to the audit trail");
+            }
+            "2" => {
+                println!("\nYou chose: DENY");
+                println!("In production, this would:");
+                println!("  - Record the denial with your identity");
+                println!("  - Block the action permanently");
+                println!("  - Alert the requesting agent");
+            }
+            _ => {
+                println!("\nYou chose: ESCALATE");
+                println!("In production, this would:");
+                println!("  - Forward to Tier 3 (policy team)");
+                println!("  - Extend the timeout");
+                println!("  - Provide additional context");
+            }
+        }
+    } else {
+        println!("Decision: {:?}", token.decision);
+        println!("(Automatic - no human review needed)");
+    }
+
+    println!("\n=== Example Complete ===");
+    Ok(())
+}
--- a/crates/cognitum-gate-tilezero/examples/receipt_audit.rs
+++ b/crates/cognitum-gate-tilezero/examples/receipt_audit.rs
@@ -0,0 +1,103 @@
+//! Receipt Audit Trail Example
+//!
+//! This example demonstrates:
+//! - Generating multiple decisions
+//! - Accessing the receipt log
+//! - Verifying hash chain integrity
+//!
+//! Run with: cargo run --example receipt_audit
+
+use cognitum_gate_tilezero::{
+    ActionContext, ActionMetadata, ActionTarget, GateThresholds, TileZero,
+};
+use std::collections::HashMap;
+
+#[tokio::main]
+async fn main() -> Result<(), Box<dyn std::error::Error>> {
+    println!("=== Cognitum Coherence Gate - Receipt Audit Example ===\n");
+
+    let tilezero = TileZero::new(GateThresholds::default());
+
+    // Generate several decisions
+    let actions = vec![
+        ("action-001", "config_read", "agent-1", "router-1"),
+        ("action-002", "config_write", "agent-1", "router-1"),
+        ("action-003", "restart", "agent-2", "service-a"),
+        ("action-004", "deploy", "agent-3", "cluster-prod"),
+        ("action-005", "rollback", "agent-3", "cluster-prod"),
+    ];
+
+    println!("Generating decisions...\n");
+
+    for (id, action_type, agent, target) in &actions {
+        let action = ActionContext {
+            action_id: id.to_string(),
+            action_type: action_type.to_string(),
+            target: ActionTarget {
+                device: Some(target.to_string()),
+                path: None,
+                extra: HashMap::new(),
+            },
+            context: ActionMetadata {
+                agent_id: agent.to_string(),
+                session_id: None,
+                prior_actions: vec![],
+                urgency: "normal".to_string(),
+            },
+        };
+
+        let token = tilezero.decide(&action).await;
+        println!("  {} -> {:?}", id, token.decision);
+    }
+
+    println!("\n--- Audit Trail ---\n");
+
+    // Verify the hash chain
+    match tilezero.verify_receipt_chain().await {
+        Ok(()) => println!("Hash chain: VERIFIED"),
+        Err(e) => println!("Hash chain: BROKEN - {:?}", e),
+    }
+
+    // Display receipt summary
+    println!("\nReceipts:");
+    println!("{:-<60}", "");
+    println!(
+        "{:<10} {:<15} {:<12} {:<20}",
+        "Seq", "Action", "Decision", "Hash (first 8)"
+    );
+    println!("{:-<60}", "");
+
+    for seq in 0..actions.len() as u64 {
+        if let Some(receipt) = tilezero.get_receipt(seq).await {
+            let hash = receipt.hash();
+            let hash_hex = hex::encode(&hash[..4]);
+            println!(
+                "{:<10} {:<15} {:<12} {}...",
+                receipt.sequence,
+                receipt.token.action_id,
+                format!("{:?}", receipt.token.decision),
+                hash_hex
+            );
+        }
+    }
+
+    println!("{:-<60}", "");
+
+    // Export for compliance
+    println!("\nExporting audit log...");
+
+    let audit_json = tilezero.export_receipts_json().await?;
+    let filename = format!(
+        "audit_log_{}.json",
+        std::time::SystemTime::now()
+            .duration_since(std::time::UNIX_EPOCH)
+            .unwrap()
+            .as_secs()
+    );
+
+    println!("  Would write {} bytes to {}", audit_json.len(), filename);
+    println!("  (Skipping actual file write in example)");
+
+    println!("\n=== Example Complete ===");
+    Ok(())
+}