qae_kernel/

certificate.rs

// SPDX-License-Identifier: BUSL-1.1
//! Safety certificate — the output of the certification kernel.

use crate::DeterministicHash;
use crate::KernelResult;
use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};
use sha2::{Digest, Sha256};
use std::collections::BTreeMap;


/// Domain-agnostic safety zone classification.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]
pub enum SafetyZone {
    /// Comfortable headroom — all margins well above thresholds.
    Safe,
    /// Caution warranted — some margins approaching thresholds.
    Caution,
    /// Near constraint boundary — action is risky.
    Danger,
}

/// Certification decision made by the kernel.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub enum CertificationDecision {
    /// Action is certified — safe to proceed.
    Certified,
    /// Action is certified but with warnings.
    CertifiedWithWarning { warnings: Vec<String> },
    /// Action requires human review before proceeding.
    EscalateToHuman { reason: String },
    /// Action is blocked — too dangerous to proceed.
    Blocked { reason: String },
}

/// A safety certificate produced by the certification kernel.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SafetyCertificate {
    /// Unique certificate identifier.
    pub certificate_id: String,
    /// Identifier of the action that was certified.
    pub action_id: String,
    /// Identifier of the agent that proposed the action.
    pub agent_id: String,
    /// When the certification decision was made.
    pub decided_at: DateTime<Utc>,
    /// The certification decision.
    pub decision: CertificationDecision,
    /// Safety zone classification.
    pub zone: SafetyZone,
    /// Per-channel margins (channel_name -> margin in \[0,1\]).
    pub margins: BTreeMap<String, f64>,
    /// Aggregate rate of change (gradient).
    pub gradient: Option<f64>,
    /// Name of the binding (tightest) constraint channel.
    pub binding_constraint: Option<String>,
    /// Remaining budget before zone transition.
    pub drift_budget: Option<f64>,
    /// Deterministic hash for reproducibility verification.
    pub deterministic_hash: DeterministicHash,
    /// Opaque domain-specific payload (e.g., full channel breakdown as JSON).
    pub domain_payload: Option<serde_json::Value>,
}

/// Builder for assembling safety certificates.
pub struct SafetyCertificateBuilder {
    action_id: String,
    agent_id: String,
    decided_at: DateTime<Utc>,
    decision: Option<CertificationDecision>,
    zone: Option<SafetyZone>,
    margins: BTreeMap<String, f64>,
    gradient: Option<f64>,
    binding_constraint: Option<String>,
    drift_budget: Option<f64>,
    domain_payload: Option<serde_json::Value>,
}

impl SafetyCertificateBuilder {
    pub fn new(action_id: String, agent_id: String, decided_at: DateTime<Utc>) -> Self {
        Self {
            action_id,
            agent_id,
            decided_at,
            decision: None,
            zone: None,
            margins: BTreeMap::new(),
            gradient: None,
            binding_constraint: None,
            drift_budget: None,
            domain_payload: None,
        }
    }

    pub fn decision(mut self, decision: CertificationDecision) -> Self {
        self.decision = Some(decision);
        self
    }

    pub fn zone(mut self, zone: SafetyZone) -> Self {
        self.zone = Some(zone);
        self
    }

    pub fn margin(mut self, channel: String, value: f64) -> Self {
        self.margins.insert(channel, value);
        self
    }

    pub fn margins(mut self, margins: BTreeMap<String, f64>) -> Self {
        self.margins = margins;
        self
    }

    pub fn gradient(mut self, gradient: f64) -> Self {
        self.gradient = Some(gradient);
        self
    }

    pub fn binding_constraint(mut self, name: String) -> Self {
        self.binding_constraint = Some(name);
        self
    }

    pub fn drift_budget(mut self, budget: f64) -> Self {
        self.drift_budget = Some(budget);
        self
    }

    pub fn domain_payload(mut self, payload: serde_json::Value) -> Self {
        self.domain_payload = Some(payload);
        self
    }

    /// Build the safety certificate with a deterministic hash.
    pub fn build(self) -> KernelResult<SafetyCertificate> {
        let decision = self
            .decision
            .unwrap_or(CertificationDecision::Certified);
        let zone = self.zone.unwrap_or(SafetyZone::Safe);

        // Compute deterministic hash (covers decision + zone for tamper evidence)
        let hash_input = compute_hash_input(
            &self.action_id,
            &self.agent_id,
            &self.decided_at,
            &self.margins,
            &decision,
            &zone,
        );
        let mut hasher = Sha256::new();
        hasher.update(hash_input.as_bytes());
        let hash = hex::encode(hasher.finalize());

        // Derive certificate ID deterministically from hash (UUIDv5-style)
        let certificate_id = format!("cert-{}", &hash[..32]);

        Ok(SafetyCertificate {
            certificate_id,
            action_id: self.action_id,
            agent_id: self.agent_id,
            decided_at: self.decided_at,
            decision,
            zone,
            margins: self.margins,
            gradient: self.gradient,
            binding_constraint: self.binding_constraint,
            drift_budget: self.drift_budget,
            deterministic_hash: DeterministicHash(hash),
            domain_payload: self.domain_payload,
        })
    }
}

/// Compute deterministic hash input from certificate components.
/// Uses BTreeMap ordering for determinism. Includes decision and zone
/// so that tampering with either invalidates the hash.
fn compute_hash_input(
    action_id: &str,
    agent_id: &str,
    decided_at: &DateTime<Utc>,
    margins: &BTreeMap<String, f64>,
    decision: &CertificationDecision,
    zone: &SafetyZone,
) -> String {
    let mut parts = Vec::new();
    parts.push(format!("action:{}", action_id));
    parts.push(format!("agent:{}", agent_id));
    parts.push(format!("decided_at:{}", decided_at.to_rfc3339()));

    for (name, margin) in margins {
        parts.push(format!("channel:{}:{:.16e}", name, margin));
    }

    parts.push(format!("decision:{:?}", decision));
    parts.push(format!("zone:{:?}", zone));

    parts.join("|")
}

/// Verify that a safety certificate's hash matches its content.
pub fn verify_safety_certificate(cert: &SafetyCertificate) -> bool {
    let hash_input = compute_hash_input(
        &cert.action_id,
        &cert.agent_id,
        &cert.decided_at,
        &cert.margins,
        &cert.decision,
        &cert.zone,
    );
    let mut hasher = Sha256::new();
    hasher.update(hash_input.as_bytes());
    let expected = hex::encode(hasher.finalize());
    cert.deterministic_hash.0 == expected
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn certificate_hash_is_deterministic() {
        let decided_at = chrono::Utc::now();
        let cert1 = SafetyCertificateBuilder::new(
            "act-1".into(),
            "agent-1".into(),
            decided_at,
        )
        .decision(CertificationDecision::Certified)
        .zone(SafetyZone::Safe)
        .margin("channel_a".into(), 0.8)
        .margin("channel_b".into(), 0.7)
        .build()
        .unwrap();

        let cert2 = SafetyCertificateBuilder::new(
            "act-1".into(),
            "agent-1".into(),
            decided_at,
        )
        .decision(CertificationDecision::Certified)
        .zone(SafetyZone::Safe)
        .margin("channel_a".into(), 0.8)
        .margin("channel_b".into(), 0.7)
        .build()
        .unwrap();

        assert_eq!(cert1.deterministic_hash, cert2.deterministic_hash);
    }

    #[test]
    fn certificate_hash_verifies() {
        let cert = SafetyCertificateBuilder::new(
            "act-1".into(),
            "agent-1".into(),
            chrono::Utc::now(),
        )
        .margin("ch1".into(), 0.5)
        .build()
        .unwrap();

        assert!(verify_safety_certificate(&cert));
    }

    #[test]
    fn certification_decision_serialization() {
        let decisions = vec![
            CertificationDecision::Certified,
            CertificationDecision::CertifiedWithWarning {
                warnings: vec!["near limit".into()],
            },
            CertificationDecision::EscalateToHuman {
                reason: "regime change".into(),
            },
            CertificationDecision::Blocked {
                reason: "too risky".into(),
            },
        ];
        for decision in &decisions {
            let json = serde_json::to_string(decision).unwrap();
            let deserialized: CertificationDecision = serde_json::from_str(&json).unwrap();
            assert_eq!(&deserialized, decision);
        }
    }

    #[test]
    fn builder_defaults() {
        let cert = SafetyCertificateBuilder::new(
            "a".into(),
            "b".into(),
            chrono::Utc::now(),
        )
        .build()
        .unwrap();

        assert_eq!(cert.decision, CertificationDecision::Certified);
        assert_eq!(cert.zone, SafetyZone::Safe);
        assert!(cert.margins.is_empty());
        assert!(cert.gradient.is_none());
        assert!(cert.binding_constraint.is_none());
        assert!(cert.drift_budget.is_none());
        assert!(cert.domain_payload.is_none());
    }
}