hirn 0.1.0

A cognitive memory database engine for LLM systems — the brain an LLM never had
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318

//! # Multi-Agent Coding with ACL — Cedar Policy Enforcement
//!
//! This example demonstrates hirn's Cedar-based authorization for
//! a multi-agent coding team scenario:
//!
//! 1. Set up a PolicyEngine with team-based policies
//! 2. Register agents in different teams (writers, readers, admins)
//! 3. Verify authorization decisions (allow/deny) for operations
//! 4. Agent reputation-based access control (ABAC)
//! 5. Namespace classification restrictions
//!
//! Run with: `cargo run --example multi_agent_acl -p hirn`

use hirn::prelude::*;
use hirn_engine::policy::{Action, AuthzRequest, PolicyEngine};
use hirn_storage::{HirnDb, HirnDbConfig};

#[tokio::main]
async fn main() -> HirnResult<()> {
    let dir = tempfile::tempdir().expect("failed to create temp dir");
    let path = dir.path().join("team");

    // ── 1. Create Cedar policies ────────────────────────────────────────
    // Define team-based access control policies.
    let policy_text = r#"
// Senior engineers can read and write in all realms
permit(
    principal in Hirn::Team::"senior-engineers",
    action in [Hirn::Action::"remember", Hirn::Action::"recall", Hirn::Action::"think",
               Hirn::Action::"connect"],
    resource in Hirn::Realm::"development"
);

// Junior engineers can only read
permit(
    principal in Hirn::Team::"junior-engineers",
    action in [Hirn::Action::"recall", Hirn::Action::"think"],
    resource in Hirn::Realm::"development"
);

// Only admins can consolidate, forget, or do admin operations
permit(
    principal in Hirn::Team::"admins",
    action,
    resource
);

// Block agents with low reputation from writing
forbid(
    principal,
    action in [Hirn::Action::"remember", Hirn::Action::"connect"],
    resource
) when { principal.reputation < 30 };

// Restricted namespaces require admin access
forbid(
    principal,
    action,
    resource
) when { resource.classification == "restricted" }
unless { principal in Hirn::Team::"admins" };
"#;

    let engine = PolicyEngine::new(
        hirn_engine::policy::DEFAULT_SCHEMA,
        &[("team-policies", policy_text)],
    )
    .expect("valid Cedar policies");

    println!("✓ Cedar policy engine initialized\n");

    // ── 2. Register entities ────────────────────────────────────────────
    // Register teams and agents in the policy engine's entity store.
    engine
        .register_organization("acme-corp", "ACME Corp")
        .expect("register org");

    engine
        .register_team(
            "senior-engineers",
            "Senior engineering team",
            Some("acme-corp"),
        )
        .expect("register team");
    engine
        .register_team(
            "junior-engineers",
            "Junior engineering team",
            Some("acme-corp"),
        )
        .expect("register team");
    engine
        .register_team("admins", "Admin team", Some("acme-corp"))
        .expect("register team");

    // Register agents with reputations
    engine
        .register_agent("alice", 85, "2024-01-15", &["senior-engineers"])
        .expect("register alice");
    engine
        .register_agent("bob", 45, "2024-06-01", &["junior-engineers"])
        .expect("register bob");
    engine
        .register_agent("charlie", 15, "2025-01-01", &["junior-engineers"])
        .expect("register charlie"); // Low reputation
    engine
        .register_agent("admin", 100, "2023-01-01", &["admins"])
        .expect("register admin");

    // Register realm and namespaces
    engine
        .register_realm("development", "Development environment")
        .expect("register realm");
    engine
        .register_namespace("shared", "public", "development")
        .expect("register namespace");
    engine
        .register_namespace("secrets", "restricted", "development")
        .expect("register namespace");

    println!("✓ Registered agents, teams, realm, and namespaces\n");

    // ── 3. Test RBAC — team-based access ────────────────────────────────
    println!("── RBAC Tests ──");

    // Alice (senior) can remember
    let decision = engine.authorize(&AuthzRequest {
        agent_id: "alice".to_string(),
        action: Action::Remember,
        realm: "development".to_string(),
        namespace: "shared".to_string(),
    });
    println!(
        "  Alice remember in shared: {}",
        if decision.allowed { "ALLOW" } else { "DENY" }
    );
    assert!(
        decision.allowed,
        "Senior engineer should be able to remember"
    );

    // Bob (junior) can recall but NOT remember
    let decision = engine.authorize(&AuthzRequest {
        agent_id: "bob".to_string(),
        action: Action::Recall,
        realm: "development".to_string(),
        namespace: "shared".to_string(),
    });
    println!(
        "  Bob recall in shared:     {}",
        if decision.allowed { "ALLOW" } else { "DENY" }
    );
    assert!(decision.allowed, "Junior engineer should be able to recall");

    let decision = engine.authorize(&AuthzRequest {
        agent_id: "bob".to_string(),
        action: Action::Remember,
        realm: "development".to_string(),
        namespace: "shared".to_string(),
    });
    println!(
        "  Bob remember in shared:   {}",
        if decision.allowed { "ALLOW" } else { " DENY" }
    );
    assert!(
        !decision.allowed,
        "Junior engineer should NOT be able to remember"
    );

    // Admin can do everything
    let decision = engine.authorize(&AuthzRequest {
        agent_id: "admin".to_string(),
        action: Action::Admin,
        realm: "development".to_string(),
        namespace: "shared".to_string(),
    });
    println!(
        "  Admin admin in shared:    {}",
        if decision.allowed { "ALLOW" } else { "DENY" }
    );
    assert!(decision.allowed, "Admin should have full access");

    // ── 4. Test ABAC — reputation-based ─────────────────────────────────
    println!("\n── ABAC Tests (reputation) ──");

    // Charlie (rep=15) is blocked from writing even though he's a junior engineer
    let decision = engine.authorize(&AuthzRequest {
        agent_id: "charlie".to_string(),
        action: Action::Remember,
        realm: "development".to_string(),
        namespace: "shared".to_string(),
    });
    println!(
        "  Charlie (rep=15) remember: {}",
        if decision.allowed { "ALLOW" } else { "DENY" }
    );
    assert!(
        !decision.allowed,
        "Low-reputation agent should be blocked from writing"
    );

    // Charlie can still read (no reputation restriction on recall)
    let decision = engine.authorize(&AuthzRequest {
        agent_id: "charlie".to_string(),
        action: Action::Recall,
        realm: "development".to_string(),
        namespace: "shared".to_string(),
    });
    println!(
        "  Charlie (rep=15) recall:   {}",
        if decision.allowed { "ALLOW" } else { "DENY" }
    );

    // ── 5. Test namespace classification ─────────────────────────────────
    println!("\n── Namespace Classification Tests ──");

    // Alice cannot access restricted namespace
    let decision = engine.authorize(&AuthzRequest {
        agent_id: "alice".to_string(),
        action: Action::Recall,
        realm: "development".to_string(),
        namespace: "secrets".to_string(),
    });
    println!(
        "  Alice recall in secrets:  {}",
        if decision.allowed { "ALLOW" } else { "DENY" }
    );
    assert!(
        !decision.allowed,
        "Non-admin should be blocked from restricted namespace"
    );

    // Admin CAN access restricted namespace
    let decision = engine.authorize(&AuthzRequest {
        agent_id: "admin".to_string(),
        action: Action::Recall,
        realm: "development".to_string(),
        namespace: "secrets".to_string(),
    });
    println!(
        "  Admin recall in secrets:  {}",
        if decision.allowed { "ALLOW" } else { "DENY" }
    );
    assert!(decision.allowed, "Admin should access restricted namespace");

    // ── 6. Policy diagnostics ───────────────────────────────────────────
    println!("\n── Policy Diagnostics ──");
    let decision = engine.authorize(&AuthzRequest {
        agent_id: "bob".to_string(),
        action: Action::Consolidate,
        realm: "development".to_string(),
        namespace: "shared".to_string(),
    });
    println!(
        "  Bob consolidate: {}",
        if decision.allowed { "ALLOW" } else { "DENY" }
    );
    if !decision.reasons.is_empty() {
        println!("  Reasons: {:?}", decision.reasons);
    }
    if !decision.policy_ids.is_empty() {
        println!("  Matching policies: {:?}", decision.policy_ids);
    }

    // ── 7. Use with HirnDB ─────────────────────────────────────────────
    println!("\n── Integration with HirnDB ──");
    let config = HirnConfig::builder()
        .db_path(&path)
        .embedding_dimensions(64)
        .build()?;
    let storage_config = HirnDbConfig::local(path.join("lance").to_str().unwrap());
    let storage = HirnDb::open(storage_config).await?.store_arc();
    let mut brain = Hirn::open_with_config(config, storage).await?;

    // Attach the policy engine to the database
    brain.set_policy_engine(engine);

    // Register agents
    let alice_id = AgentId::new("alice").expect("valid");
    let bob_id = AgentId::new("bob").expect("valid");
    brain
        .register_agent(&alice_id, "Alice — Senior Engineer")
        .await?;
    brain
        .register_agent(&bob_id, "Bob — Junior Engineer")
        .await?;

    // Alice can remember (senior engineer)
    let record = EpisodicRecord::builder()
        .content("Implemented new caching layer with 95% hit rate")
        .event_type(EventType::Experiment)
        .agent_id(alice_id.clone())
        .importance(0.85)
        .embedding(simple_embedding("caching layer implementation", 64))
        .build()?;

    match brain.episodic().remember(record).await {
        Ok(id) => println!("  Alice stored memory: {id}"),
        Err(e) => println!("  Alice blocked: {e}"),
    }

    println!("\n✓ Multi-agent ACL demo complete!");
    Ok(())
}

fn simple_embedding(text: &str, dims: usize) -> Vec<f32> {
    let mut emb = vec![0.0f32; dims];
    for (i, byte) in text.bytes().enumerate() {
        emb[i % dims] += f32::from(byte) / 255.0;
    }
    let norm: f32 = emb.iter().map(|x| x * x).sum::<f32>().sqrt();
    if norm > 0.0 {
        for x in &mut emb {
            *x /= norm;
        }
    }
    emb
}