forked from molecule-ai/molecule-core
951ea163fa
Implements EU AI Act Annex III compliance (Art. 12 record-keeping, Art. 13
transparency) via an append-only HMAC-SHA256-chained agent event log.
Python (workspace-template/molecule_audit/):
- ledger.py: SQLAlchemy 2.0 AuditEvent model + PBKDF2 key derivation +
append_event() with prev_hmac chain linkage + verify_chain() CLI helper.
- hooks.py: LedgerHooks — on_task_start/on_llm_call/on_tool_call/on_task_end
pipeline hooks; exception-safe (_safe_append); context manager support.
- verify.py: `python -m molecule_audit.verify --agent-id <id>` CLI;
exits 0=valid, 1=broken, 2=missing SALT, 3=DB error.
- tests/test_audit_ledger.py: 46 tests covering HMAC determinism, field
sensitivity, chain verification, LedgerHooks lifecycle, CLI.
Go (platform/):
- migrations/028_audit_events.up.sql: audit_events table with indexes.
- internal/handlers/audit.go: GET /workspaces/:id/audit — parameterized
queries, inline chain verification (chain_valid: bool|null), PBKDF2
key cached via sync.Once.
- internal/handlers/audit_test.go: 14 tests — HMAC, chain verify, handler
query/filter/pagination/cap/error paths.
- internal/router/router.go: wire wsAuth.GET("/audit", audh.Query).
- .env.example: document AUDIT_LEDGER_SALT.
- requirements.txt: add sqlalchemy>=2.0.0.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
37 lines
1.2 KiB
Plaintext
37 lines
1.2 KiB
Plaintext
# Base image — bare minimum for A2A server and adapter loading
|
|
# Agent-specific deps are in adapters/<runtime>/requirements.txt
|
|
# and installed at container startup via entrypoint.sh
|
|
|
|
# A2A protocol
|
|
a2a-sdk[http-server]==0.3.25
|
|
|
|
# HTTP / server
|
|
httpx>=0.27.0
|
|
uvicorn>=0.30.0
|
|
starlette>=0.38.0
|
|
websockets>=12.0
|
|
|
|
# Config parsing
|
|
pyyaml>=6.0
|
|
|
|
# Shared tools framework (used by coordinator, delegation, memory, sandbox)
|
|
langchain-core>=0.3.0
|
|
|
|
# OpenTelemetry — workspace-level distributed tracing
|
|
# tools/telemetry.py gracefully degrades (noop) when these are absent,
|
|
# but they are required for actual trace export.
|
|
opentelemetry-api>=1.24.0
|
|
opentelemetry-sdk>=1.24.0
|
|
# OTLP/HTTP exporter: sends spans to any OTEL collector and to Langfuse ≥4
|
|
opentelemetry-exporter-otlp-proto-http>=1.24.0
|
|
|
|
# SQLAlchemy — used by molecule_audit ledger (EU AI Act Annex III compliance)
|
|
sqlalchemy>=2.0.0
|
|
|
|
# Temporal durable execution (optional)
|
|
# tools/temporal_workflow.py wraps task execution in Temporal workflows so
|
|
# tasks survive crashes and can resume. The module and TemporalWorkflowWrapper
|
|
# load cleanly without this package — all paths fall back to direct execution.
|
|
# Requires a running Temporal server; set TEMPORAL_HOST=<host>:7233 to enable.
|
|
temporalio>=1.7.0
|