assay-core 2.17.0

High-performance evaluation framework for LLM agents (Core)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

use lazy_static::lazy_static;
use std::collections::HashSet;
use std::sync::Mutex;

lazy_static! {
    static ref FORBIDDEN_LABELS: HashSet<&'static str> = {
        let mut s = HashSet::new();
        s.insert("trace_id");
        s.insert("span_id");
        s.insert("user_id");
        s.insert("prompt_hash");
        s.insert("file_path");
        s
    };
}

pub struct MetricRegistry {
    // In real OTel context, this wraps MeterProvider
    // For MVP, checking logic.
    #[allow(dead_code)]
    registered_instruments: Mutex<HashSet<String>>,
}

impl Default for MetricRegistry {
    fn default() -> Self {
        Self::new()
    }
}

impl MetricRegistry {
    pub fn new() -> Self {
        Self {
            registered_instruments: Mutex::new(HashSet::new()),
        }
    }

    /// Register a metric with validated labels.
    pub fn register_counter(&self, _name: &str, labels: &[&str]) {
        if let Ok(_safe_labels) = self.filter_labels(labels) {
            // ... call OTel SDK with safe_labels ...
            // In a real impl, we'd pass safe_labels to the SDK.
        } else {
            // Dropped (Fail-closed or Logged as per config)
        }
    }

    pub fn register_histogram(&self, _name: &str, labels: &[&str]) {
        if let Ok(_safe_labels) = self.filter_labels(labels) {
            // ... call OTel SDK ...
        }
    }

    fn filter_labels<'a>(&self, labels: &'a [&'a str]) -> Result<Vec<&'a str>, String> {
        let mut safe = Vec::with_capacity(labels.len());
        for label in labels {
            if FORBIDDEN_LABELS.contains(label) {
                let msg = format!("Cardinality Violation: Forbidden metric label '{}'", label);
                eprintln!(
                    "ERROR: Dropping forbidden metric label '{}' to prevent hash collision DoS",
                    label
                );
                return Err(msg);
            }
            safe.push(*label);
        }
        Ok(safe)
    }

    /// Check that labels are allowed (E8.2 low-cardinality enforcement). Used by tests and callers that need to validate before registering.
    pub fn check_labels(&self, labels: &[&str]) -> Result<(), String> {
        self.filter_labels(labels).map(|_| ())
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_cardinality_forbidden_labels_rejected() {
        let r = MetricRegistry::new();
        assert!(r.check_labels(&["model", "operation"]).is_ok());
        assert!(r.check_labels(&["user_id"]).is_err());
        assert!(r.check_labels(&["trace_id"]).is_err());
        assert!(r.check_labels(&["prompt_hash"]).is_err());
        assert!(r.check_labels(&["file_path"]).is_err());
        assert!(r.check_labels(&["model", "user_id"]).is_err());
    }
}