coulomb/ops-bridge
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bd169a07e285aaf3ec10d8ecf4e2493355596c87
ops-bridge/src/bridge/capabilities.py
tegwick bd169a07e2 feat(directive): implement BRIDGE-WP-0004 AccessManagementDirective alignment 
- ActorType enum (adm/agt/atm) replaces actor_class string; config validates
  naming convention (adm-*/agt-*/atm-*) with hard ConfigError on mismatch;
  legacy 'human'/'automation' values accepted with DeprecationWarning
- cert_command: pluggable shell string run before each SSH launch; cert written
  to state dir; -i cert appended to SSH command alongside -i key
- TTL-aware cert refresh: parses Valid-to via ssh-keygen -L; pre-emptive restart
  5 min before expiry (no backoff, no attempt increment); CERT_EXPIRING logged
- CertAcquisitionError: cert failures trigger normal backoff/retry loop
- cert_identity: Key ID parsed from cert and recorded in BRIDGE_CONNECTED event
- bridge cert-status: new CLI command; exit 1 on expired cert; --json flag
- 233 tests passing, ruff clean

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-15 09:38:29 +02:00

84 lines
2.5 KiB
Python
Raw Blame History

"""Canonical capability registry for OpsBridge.
Every operation that can be invoked via CLI, MCP, or Skill must be listed here.
The cross-mode test suite uses this registry to enforce test coverage parity.
"""
from __future__ import annotations
from dataclasses import dataclass
ACCESS_MODES = frozenset({"cli", "mcp", "skill"})
@dataclass(frozen=True)
class Capability:
name: str
description: str
required_access_modes: frozenset[str]
CAPABILITIES: list[Capability] = [
Capability(
name="bridge_up",
description="Start one or all tunnels",
required_access_modes=frozenset({"cli", "mcp"}),
),
Capability(
name="bridge_down",
description="Stop one or all tunnels",
required_access_modes=frozenset({"cli", "mcp"}),
),
Capability(
name="bridge_restart",
description="Restart one or all tunnels",
required_access_modes=frozenset({"cli", "mcp"}),
),
Capability(
name="bridge_status",
description="Show tunnel status",
required_access_modes=frozenset({"cli", "mcp", "skill"}),
),
Capability(
name="bridge_logs",
description="Tail tunnel audit log",
required_access_modes=frozenset({"cli", "mcp"}),
),
Capability(
name="catalog_list_targets",
description="List catalog targets",
required_access_modes=frozenset({"cli", "mcp"}),
),
Capability(
name="catalog_show_target",
description="Show target metadata",
required_access_modes=frozenset({"cli", "mcp"}),
),
Capability(
name="catalog_list_domains",
description="List catalog domains",
required_access_modes=frozenset({"cli", "mcp"}),
),
Capability(
name="catalog_validate",
description="Validate catalog consistency",
required_access_modes=frozenset({"cli", "mcp"}),
),
Capability(
name="catalog_show_bridge",
description="Show bridge metadata",
required_access_modes=frozenset({"cli", "mcp"}),
),
Capability(
name="bridge_check",
description="End-to-end tunnel diagnostics via SSH: SSH PID alive + remote port listening",
required_access_modes=frozenset({"cli", "mcp"}),
),
Capability(
name="bridge_cert_status",
description="Show certificate status for tunnels using cert_command mode",
required_access_modes=frozenset({"cli"}),
),
]
CAPABILITIES_BY_NAME: dict[str, Capability] = {c.name: c for c in CAPABILITIES}
Reference in New Issue View Git Blame Copy Permalink