t-ron 0.90.0 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180

//! Query API — what T.Ron personality in SecureYeoman queries.

use crate::audit::{AuditLogger, SecurityEvent};
use crate::score::RiskScorer;
use std::sync::Arc;

/// Query interface for the T.Ron SecureYeoman personality.
#[derive(Clone)]
pub struct TRonQuery {
    pub(crate) audit: Arc<AuditLogger>,
}

impl TRonQuery {
    /// Recent security events.
    pub async fn recent_events(&self, limit: usize) -> Vec<SecurityEvent> {
        self.audit.recent(limit).await
    }

    /// Per-agent risk score (0.0 = trusted, 1.0 = hostile).
    pub async fn agent_risk_score(&self, agent_id: &str) -> f64 {
        RiskScorer::score(&self.audit, agent_id).await
    }

    /// Total events logged.
    pub async fn total_events(&self) -> usize {
        self.audit.total_count().await
    }

    /// Total denied calls.
    pub async fn total_denials(&self) -> usize {
        self.audit.deny_count().await
    }

    /// Audit trail for a specific agent.
    pub async fn agent_audit(&self, agent_id: &str, limit: usize) -> Vec<SecurityEvent> {
        self.audit.agent_events(agent_id, limit).await
    }

    /// Verify the libro audit chain integrity (tamper detection).
    pub fn verify_chain(&self) -> libro::Result<()> {
        self.audit.verify_chain()
    }

    /// Structured review/summary of the audit chain.
    #[must_use]
    pub fn chain_review(&self) -> libro::ChainReview {
        self.audit.chain_review()
    }

    /// Number of entries in the libro chain.
    #[must_use]
    pub fn chain_len(&self) -> usize {
        self.audit.chain_len()
    }
}

#[cfg(test)]
mod tests {
    use crate::{DefaultAction, TRon, TRonConfig};

    fn permissive_config() -> TRonConfig {
        TRonConfig {
            default_unknown_agent: DefaultAction::Allow,
            default_unknown_tool: DefaultAction::Allow,
            scan_payloads: false,
            analyze_patterns: false,
            ..Default::default()
        }
    }

    #[tokio::test]
    async fn query_api_initial_state() {
        let tron = TRon::new(TRonConfig::default());
        let query = tron.query();
        assert_eq!(query.total_events().await, 0);
        assert_eq!(query.total_denials().await, 0);
        assert!(query.recent_events(10).await.is_empty());
    }

    #[tokio::test]
    async fn query_after_checks() {
        let tron = TRon::new(permissive_config());
        let query = tron.query();

        // Run some calls through the pipeline
        let call = crate::gate::ToolCall {
            agent_id: "agent-1".to_string(),
            tool_name: "tarang_probe".to_string(),
            params: serde_json::json!({}),
            timestamp: chrono::Utc::now(),
        };
        for _ in 0..5 {
            tron.check(&call).await;
        }

        assert_eq!(query.total_events().await, 5);
        assert_eq!(query.total_denials().await, 0);

        let events = query.recent_events(3).await;
        assert_eq!(events.len(), 3);
    }

    #[tokio::test]
    async fn query_risk_score_after_denials() {
        let tron = TRon::new(TRonConfig::default());
        let query = tron.query();

        // Unknown agent will be denied
        let call = crate::gate::ToolCall {
            agent_id: "bad-agent".to_string(),
            tool_name: "anything".to_string(),
            params: serde_json::json!({}),
            timestamp: chrono::Utc::now(),
        };
        for _ in 0..5 {
            let v = tron.check(&call).await;
            assert!(v.is_denied());
        }

        assert_eq!(query.total_denials().await, 5);
        assert_eq!(query.agent_risk_score("bad-agent").await, 1.0);
        assert_eq!(query.agent_risk_score("nobody").await, 0.0);
    }

    #[tokio::test]
    async fn query_agent_audit_trail() {
        let tron = TRon::new(TRonConfig::default());
        let query = tron.query();

        // Generate events for two agents
        let call_a = crate::gate::ToolCall {
            agent_id: "agent-a".to_string(),
            tool_name: "tool".to_string(),
            params: serde_json::json!({}),
            timestamp: chrono::Utc::now(),
        };
        let call_b = crate::gate::ToolCall {
            agent_id: "agent-b".to_string(),
            tool_name: "tool".to_string(),
            params: serde_json::json!({}),
            timestamp: chrono::Utc::now(),
        };
        for _ in 0..3 {
            tron.check(&call_a).await;
        }
        for _ in 0..7 {
            tron.check(&call_b).await;
        }

        let trail_a = query.agent_audit("agent-a", 100).await;
        let trail_b = query.agent_audit("agent-b", 100).await;
        assert_eq!(trail_a.len(), 3);
        assert_eq!(trail_b.len(), 7);

        // Limit works
        assert_eq!(query.agent_audit("agent-b", 2).await.len(), 2);
    }

    #[tokio::test]
    async fn query_chain_verification() {
        let tron = TRon::new(permissive_config());
        let query = tron.query();

        let call = crate::gate::ToolCall {
            agent_id: "agent-1".to_string(),
            tool_name: "tool".to_string(),
            params: serde_json::json!({}),
            timestamp: chrono::Utc::now(),
        };
        for _ in 0..10 {
            tron.check(&call).await;
        }

        assert!(query.verify_chain().is_ok());
        assert_eq!(query.chain_len(), 10);

        let review = query.chain_review();
        assert_eq!(review.entry_count, 10);
    }
}