Dev#424
Open
Brad-Edwards wants to merge 206 commits into
Open
Conversation
…t-semantics-design Add participant semantics design
…antics Implement SEM-208 participant behavior semantics
Implement SEM-209 interaction semantics
Implement SEM-210 visibility boundaries
added: participant action semantics
feat: add typed SDL runtime surfaces
added: participant attribution semantics
Add runtime detection definition semantics
fix: unify runtime service family registry
Add ACES gap remediation overlay skill
Peer-review-grade analysis of the ACES SDL runtime-surface expressivity gaps found while holding the 16 remaining APTL TechVault SCN-010 SOC-stack containers to the wazuh.manager parity depth bar, plus the cohesive whole-SDL architecture that resolves them. Requirements DSL-132..139 (Ground Control, aces-sdl). Epic #449. Refs #450 #451 #452 #453 #454 #455 #456 #457
Introspects RUNTIME_SERVICE_FAMILIES and asserts the single structural invariant set (Runtime<Noun> model class, singular(collection)+_id primary identifier, registered typed-child collections). Pre-existing violations are tracked in KNOWN_VIOLATIONS and driven to empty as families are reconciled; any new family or unintended change that violates an invariant fails the suite. This is the executable drift defense for DSL-139 (#439/#442/#443/#444). Refs #457
Resolves the class-name invariant violation for the ssh-servers family (every runtime service-family model must be Runtime<Noun>). Regenerates the SDL authoring/instantiated schemas ($defs SshServerConfig -> RuntimeSshServer) from the pydantic source, and removes class-name:ssh-servers from the invariant-lint allowlist. The server_id -> ssh_server_id primary-id rename is batched with the other primary-id reconciliations. Refs #457
Resolves the class-name invariant violation for the database-services family. Updates the normative sections.md reference, regenerates the SDL schemas from the pydantic source, and clears class-name:database-services from the invariant-lint allowlist. Refs #457
…alues Five runtime families (database, dns, directory-identity, mail-service, security-monitoring) each carried their own drifted _SECRET_NAME_TOKENS + _name_indicates_secret, with non-overlapping token sets and a part-match on 'key' only in runtime_dns. Extracts one shared name_indicates_secret helper (SECRET_NAME_TOKENS union + SECRET_NAME_PARTS) into runtime_values; detection is now a strict superset across all families, closing gaps where one family would redact a secret-bearing setting name another let through. Refs #457
…me families runtime.app_authorizations (RuntimeAppAuthorization): application-internal RBAC shared primitive - principals (with credential_classification, never raw secrets), roles, resource-scoped permission_grants, role_mappings, tenants; require_grants_for_resource_vocabulary guard; scenario-level role_ref integrity. runtime.scheduled_jobs (RuntimeScheduledJob): cadence + run-state primitive (schedule kind closed interval|cron|calendar; last_result open). Both register through the family registry, attach under Node.runtime, regenerate the SDL schemas, and pass the cross-family invariant lint by construction. Adds ADR-046/047, lineage/sections/validation/precedents/limitations docs. Closes #452 #453. Refs #449
…ns spines runtime.datastore_services (RuntimeDatastoreService): one data_model-discriminated datastore spine (search_index | wide_column | key_value | relational) covering OpenSearch/ES, Cassandra, Redis - cluster/node topology, partitions with shard/replica/replication-factor geometry, templates/aliases/mappings, lifecycle and ingest policies, persistence/eviction, pubsub/queues, plugins, transport security, backup targets, settings; authorization_ref delegates RBAC. runtime.platform_applications (RuntimePlatformApplication): one platform_kind spine (analytics_dashboard | threat_intel | case_management | analyzer_engine | soar) - organizations/tenants, bounded typed content_objects with references + marking_refs (no raw bodies), upstream_bindings, connectors, settings. Both ship a require_profile_for_<discriminator> guard so an under-populated instance FAILS validation (search-cluster-without-shards, Redis-as-relational, threat-intel-without-corpus, dashboard-without-saved-objects all rejected). Register through the family registry, regenerate schemas, pass the invariant lint by construction. Adds ADR-048/049 + lineage/sections/validation/precedents/ limitations docs. Closes #450 #451. Refs #449
…ities families runtime.forwarding_agents (RuntimeForwardingAgent): agent-side log-forwarding and content-sync state - agent_kind discriminator, sources (tailed_path/api_pull/queue + parse_format), transforms (passthrough/parse/ioc_to_rule), ship_targets with ingestion/enrollment endpoints + classified enrollment identity, buffer_policy, reload_channels, settings; require_profile_for_agent_kind guard. runtime.orchestration_authorities (RuntimeOrchestrationAuthority): container-spawn control authority - control_interface_ref, engine + api version, org/env scope, spawn_templates, lifecycle_policy, realized_children, privilege_class; require_profile_for_privilege_class guard (host_root_equivalent must reference a read-write docker.sock control interface, resolved by the validator). Foundation: RuntimeControlInterface gains a require_symbol control_interface_id so orchestration authorities can reference a specific control interface. Both families register through the family registry, regenerate schemas, pass the invariant lint. Adds ADR-050/051 + lineage/sections/validation/precedents/limitations docs. Closes #454 #455. Refs #449
…am_target Three typed relationship subtypes carry domain-specific access detail on a top-level edge without re-typing the families they reference, mirroring database_access/mail_access: - RelationshipForwardingEdge (runtime_forwarding_agent): forwarder_ref, target_listener_role (reuses RuntimeSecurityMonitoringListenerRole), redacted enrollment identity, protocol, parse_format. - RelationshipServiceIntegration (runtime_platform_application): consumer/engine refs, integration_kind, auth_principal_ref, closed direction. - RelationshipProxyUpstream (runtime_application) + RuntimeApplicationRoute. upstream_target: route_ref, upstream node/service, TLS-termination. The validator adds _verify_relationship_forwarding_edges / _service_integrations / _proxy_upstreams with two agreement guards: a forwarding edge's role/protocol must agree with one of the agent's ship targets, and a proxy upstream's shared facts must agree with the referenced route's upstream_target (same fact at two scopes cannot contradict). Adds ADR-052 + lineage/sections/ validation/precedents/limitations docs. Closes #456. Refs #449
Empties the cross-family invariant-lint allowlist (full enforcement, old+new): Primary id uniformity (#443) - rename the 7 forked primary ids to the single singular(collection)+_id rule, collision-aware (child listener_id/service_id left intact): listener_id->service_listener_id, authority_id->identity_authority_id, service_id->file_service_id / mail_service_id, sensor_id->network_sensor_id, engine_id->network_detection_engine_id, manager_id->security_monitoring_manager_id, server_id->ssh_server_id. Registry id_field, validator refs, per-node dedup, generated schemas, tests, and the in-repo example scenarios all updated. Container plurality (#443) - remove the RuntimeConfiguration process scalar twin; a single observed process is a one-element processes list. Validation wiring (#442) - migrate the mail family's free-function validators (_runtime_mail_semantics.py, deleted) to in-class @model_validator methods on RuntimeMailService and in-class SemanticValidator._verify_* methods, matching every other family. No behavior change. KNOWN_VIOLATIONS is now empty: the runtime surface is describable by one enforced invariant set. Refs #457 #449
…ime surface
Adds an executable invariant (test_runtime_enums_open_or_closed_not_single_sentinel)
asserting no runtime-family enum carries exactly one of {unknown, other} - it
must be OPEN (both, an extensible observed-value taxonomy) or CLOSED (neither,
a fixed structural/protocol/redaction vocabulary). Resolves the #443 enum-
sentinel inconsistency (single-file contradictions, 49 single-sentinel enums).
Reconciles all 49 single-sentinel runtime enums ADDITIVELY to open: other-only
enums gain 'unknown', unknown-only enums gain 'other'. No existing value or
default changes; zero closed-by-removal (RuntimeSensitivityClassification and
RuntimeControlInterfaceAccess keep UNKNOWN as their active default and were
made open, not stripped). Regenerates schemas; documents the rule in
validation.md.
Refs #457 #449
…-folds doctrine Adds the previously-omitted shipped families (security-monitoring manager + detection definitions, mail-service, file-sharing/resource-access, generic service listeners) to the limitations.md capability enumeration, and records the deliberate confirmation-folds / non-gaps doctrine (Suricata, relational database, OS-local identity, transport tier are existing surfaces, not new ones) so the observable-parity gate is shown to cut against over-building as well as under-coverage. Closes the #444 doc-coverage reconciliation. Refs #457 #449
…inventory SCN-010 SOC-stack runtime inventory: 6 families + relationship subtypes + DSL-139 uniformity (DSL-132…139)
feat: add scenario-level forwarding agents
docs: add SDL module composition ADR
docs: add participant runtime design
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Related Issues
Requirement Context
aces-sdlChanges
Test Plan
uvx nox -s verifypasses, or the unchecked sessions are listed belowuvx nox -s docs)Checklist
docs/explain/reference/coding-standards.md)changelog.d/, or not neededNotes for Review