ironclaw 0.24.0

Secure personal AI assistant that protects your data and expands its capabilities on the fly
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

use serde::Deserialize;

/// Sensitivity level for a memory layer.
#[derive(Debug, Clone, Default, PartialEq, Eq, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum LayerSensitivity {
    #[default]
    Private,
    Shared,
}

/// A named memory layer with read/write permissions and a scope.
///
/// Layers map to synthetic `user_id` values in the workspace tables.
/// The `scope` field is the user_id used for DB queries on this layer.
#[derive(Debug, Clone, Deserialize)]
pub struct MemoryLayer {
    pub name: String,
    pub scope: String,
    #[serde(default = "default_true")]
    pub writable: bool,
    #[serde(default)]
    pub sensitivity: LayerSensitivity,
}

fn default_true() -> bool {
    true
}

impl MemoryLayer {
    /// Build the default layer set: a single private layer for the given user_id.
    pub fn default_for_user(user_id: &str) -> Vec<MemoryLayer> {
        vec![MemoryLayer {
            name: "private".to_string(),
            scope: user_id.to_string(),
            writable: true,
            sensitivity: LayerSensitivity::Private,
        }]
    }

    /// Extract read scopes (all layer scope values).
    pub fn read_scopes(layers: &[MemoryLayer]) -> Vec<String> {
        layers.iter().map(|l| l.scope.clone()).collect()
    }

    /// Extract writable scopes only.
    pub fn writable_scopes(layers: &[MemoryLayer]) -> Vec<String> {
        layers
            .iter()
            .filter(|l| l.writable)
            .map(|l| l.scope.clone())
            .collect()
    }

    /// Find a layer by name. Returns None if not found.
    pub fn find<'a>(layers: &'a [MemoryLayer], name: &str) -> Option<&'a MemoryLayer> {
        layers.iter().find(|l| l.name == name)
    }

    /// Find the private layer (first layer with Private sensitivity).
    pub fn private_layer(layers: &[MemoryLayer]) -> Option<&MemoryLayer> {
        layers
            .iter()
            .find(|l| l.sensitivity == LayerSensitivity::Private)
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn default_for_user_creates_single_private_layer() {
        let layers = MemoryLayer::default_for_user("alice");
        assert_eq!(layers.len(), 1);
        assert_eq!(layers[0].name, "private");
        assert_eq!(layers[0].scope, "alice");
        assert!(layers[0].writable);
        assert_eq!(layers[0].sensitivity, LayerSensitivity::Private);
    }

    #[test]
    fn read_scopes_collects_all() {
        let layers = vec![
            MemoryLayer {
                name: "private".into(),
                scope: "alice".into(),
                writable: true,
                sensitivity: LayerSensitivity::Private,
            },
            MemoryLayer {
                name: "shared".into(),
                scope: "shared".into(),
                writable: true,
                sensitivity: LayerSensitivity::Shared,
            },
            MemoryLayer {
                name: "reports".into(),
                scope: "reports".into(),
                writable: false,
                sensitivity: LayerSensitivity::Shared,
            },
        ];
        let scopes = MemoryLayer::read_scopes(&layers);
        assert_eq!(scopes, vec!["alice", "shared", "reports"]);
    }

    #[test]
    fn writable_scopes_filters_read_only() {
        let layers = vec![
            MemoryLayer {
                name: "private".into(),
                scope: "alice".into(),
                writable: true,
                sensitivity: LayerSensitivity::Private,
            },
            MemoryLayer {
                name: "reports".into(),
                scope: "reports".into(),
                writable: false,
                sensitivity: LayerSensitivity::Shared,
            },
        ];
        let scopes = MemoryLayer::writable_scopes(&layers);
        assert_eq!(scopes, vec!["alice"]);
    }

    #[test]
    fn find_returns_matching_layer() {
        let layers = MemoryLayer::default_for_user("alice");
        assert!(MemoryLayer::find(&layers, "private").is_some());
        assert!(MemoryLayer::find(&layers, "shared").is_none());
    }

    #[test]
    fn deserialize_from_json() {
        let json = serde_json::json!({
            "name": "shared",
            "scope": "shared",
            "writable": true,
            "sensitivity": "shared"
        });
        let layer: MemoryLayer = serde_json::from_value(json).unwrap();
        assert_eq!(layer.name, "shared");
        assert_eq!(layer.sensitivity, LayerSensitivity::Shared);
    }

    #[test]
    fn deserialize_defaults() {
        let json = serde_json::json!({
            "name": "private",
            "scope": "alice"
        });
        let layer: MemoryLayer = serde_json::from_value(json).unwrap();
        assert!(layer.writable); // default true
        assert_eq!(layer.sensitivity, LayerSensitivity::Private); // default
    }
}