agent_control_specification_core 0.3.1-beta.0

Stateless Rust core for Agent Control Specification
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159

use crate::{policy_input::canonical_json, JsonValue, RuntimeError};

#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub struct Limits {
    pub max_snapshot_bytes: usize,
    pub max_policy_input_depth: usize,
    pub max_annotators_per_point: usize,
    pub max_annotator_output_bytes: usize,
    pub max_policy_output_bytes: usize,
    pub max_extends_depth: usize,
    pub max_merged_manifest_bytes: usize,
    pub max_manifest_url_bytes: usize,
    pub manifest_url_timeout_ms: u64,
    pub max_manifest_url_redirects: usize,
}

impl Default for Limits {
    fn default() -> Self {
        Self {
            max_snapshot_bytes: 1_048_576,
            max_policy_input_depth: 64,
            max_annotators_per_point: 16,
            max_annotator_output_bytes: 262_144,
            max_policy_output_bytes: 262_144,
            max_extends_depth: 16,
            max_merged_manifest_bytes: 1_048_576,
            max_manifest_url_bytes: 1_048_576,
            manifest_url_timeout_ms: 30_000,
            max_manifest_url_redirects: 5,
        }
    }
}

impl Limits {
    pub fn validate_json_depth(self, value: &JsonValue, context: &str) -> Result<(), RuntimeError> {
        validate_json_depth(value, 0, self.max_policy_input_depth, context)
    }

    pub fn validate_snapshot(self, snapshot: &JsonValue) -> Result<(), RuntimeError> {
        self.validate_json_depth(snapshot, "snapshot")?;
        let bytes = canonical_json(snapshot).map_err(|err| {
            RuntimeError::ResourceLimitExceeded(format!(
                "failed to serialize snapshot for resource limit check: {err}"
            ))
        })?;
        if bytes.len() > self.max_snapshot_bytes {
            return Err(RuntimeError::ResourceLimitExceeded(format!(
                "snapshot serialized size {} exceeds limit {}",
                bytes.len(),
                self.max_snapshot_bytes
            )));
        }
        Ok(())
    }

    pub fn validate_policy_input(self, policy_input: &JsonValue) -> Result<(), RuntimeError> {
        self.validate_json_depth(policy_input, "policy input")
    }

    pub fn validate_policy_output(self, policy_output: &JsonValue) -> Result<(), RuntimeError> {
        self.validate_json_depth(policy_output, "policy output")?;
        let bytes = canonical_json(policy_output).map_err(|err| {
            RuntimeError::ResourceLimitExceeded(format!(
                "failed to serialize policy output for resource limit check: {err}"
            ))
        })?;
        if bytes.len() > self.max_policy_output_bytes {
            return Err(RuntimeError::ResourceLimitExceeded(format!(
                "policy output serialized size {} exceeds limit {}",
                bytes.len(),
                self.max_policy_output_bytes
            )));
        }
        Ok(())
    }

    pub fn validate_annotator_output(
        self,
        annotator_name: &str,
        output: &JsonValue,
    ) -> Result<(), RuntimeError> {
        self.validate_json_depth(output, "annotator output")
            .map_err(|err| RuntimeError::AnnotationFailed(format!("{annotator_name}: {err}")))?;
        reject_reserved_reason(output)
            .map_err(|err| RuntimeError::AnnotationFailed(format!("{annotator_name}: {err}")))?;
        let bytes = canonical_json(output).map_err(|err| {
            RuntimeError::AnnotationFailed(format!(
                "{annotator_name}: failed to serialize annotator output: {err}"
            ))
        })?;
        if bytes.len() > self.max_annotator_output_bytes {
            return Err(RuntimeError::AnnotationFailed(format!(
                "{annotator_name}: annotator output serialized size {} exceeds limit {}",
                bytes.len(),
                self.max_annotator_output_bytes
            )));
        }
        Ok(())
    }
}

fn validate_json_depth(
    value: &JsonValue,
    depth: usize,
    max_depth: usize,
    context: &str,
) -> Result<(), RuntimeError> {
    match value {
        JsonValue::Array(items) => {
            let next_depth = depth + 1;
            if next_depth > max_depth {
                return Err(RuntimeError::ResourceLimitExceeded(format!(
                    "{context} JSON nesting depth exceeds limit {max_depth}"
                )));
            }
            for item in items {
                validate_json_depth(item, next_depth, max_depth, context)?;
            }
        }
        JsonValue::Object(map) => {
            let next_depth = depth + 1;
            if next_depth > max_depth {
                return Err(RuntimeError::ResourceLimitExceeded(format!(
                    "{context} JSON nesting depth exceeds limit {max_depth}"
                )));
            }
            for item in map.values() {
                validate_json_depth(item, next_depth, max_depth, context)?;
            }
        }
        _ => {}
    }
    Ok(())
}

fn reject_reserved_reason(value: &JsonValue) -> Result<(), String> {
    match value {
        JsonValue::Array(items) => {
            for item in items {
                reject_reserved_reason(item)?;
            }
        }
        JsonValue::Object(map) => {
            if let Some(JsonValue::String(reason)) = map.get("reason") {
                if reason.starts_with("runtime_error:") {
                    return Err(
                        "annotator output reason must not use reserved runtime_error prefix"
                            .to_string(),
                    );
                }
            }
            for item in map.values() {
                reject_reserved_reason(item)?;
            }
        }
        _ => {}
    }
    Ok(())
}