mirror of
https://github.com/BigBodyCobain/Shadowbroker.git
synced 2026-05-08 18:34:58 +02:00
BigBodyCobain
531 lines
18 KiB
Python
531 lines
18 KiB
Python
"""Compatibility telemetry and sunset targets for legacy Mesh paths."""
|
|
|
|
from __future__ import annotations
|
|
|
|
import json
|
|
import os
|
|
import threading
|
|
import time
|
|
from datetime import date
|
|
from pathlib import Path
|
|
from typing import Any
|
|
|
|
from services.config import get_settings
|
|
|
|
DATA_DIR = Path(__file__).resolve().parents[2] / "data"
|
|
COMPATIBILITY_FILE = DATA_DIR / "mesh_compatibility_usage.json"
|
|
RECENT_TARGET_LIMIT = 8
|
|
_LOCK = threading.Lock()
|
|
|
|
LEGACY_NODE_ID_BINDING_TARGET = {
|
|
"target_version": "0.10.0",
|
|
"target_date": "2026-06-01",
|
|
"status": "telemetry_only",
|
|
"block_env": "MESH_BLOCK_LEGACY_NODE_ID_COMPAT",
|
|
}
|
|
|
|
LEGACY_AGENT_ID_LOOKUP_TARGET = {
|
|
"target_version": "0.10.0",
|
|
"target_date": "2026-06-01",
|
|
"status": "enforced",
|
|
"block_env": "MESH_BLOCK_LEGACY_AGENT_ID_LOOKUP",
|
|
"override_env": "MESH_ALLOW_LEGACY_AGENT_ID_LOOKUP_UNTIL",
|
|
}
|
|
|
|
LEGACY_DM_SIGNATURE_COMPAT_TARGET = {
|
|
"target_version": "0.10.0",
|
|
"target_date": "2026-06-01",
|
|
"status": "telemetry_only",
|
|
"override_env": "MESH_ALLOW_LEGACY_DM_SIGNATURE_COMPAT_UNTIL",
|
|
}
|
|
|
|
LEGACY_GATE_SIGNATURE_COMPAT_TARGET = {
|
|
"target_version": "0.10.0",
|
|
"target_date": "2026-06-01",
|
|
"status": "telemetry_only",
|
|
"override_env": "MESH_ALLOW_LEGACY_GATE_SIGNATURE_COMPAT_UNTIL",
|
|
}
|
|
|
|
LEGACY_DM_GET_TARGET = {
|
|
"target_version": "0.10.0",
|
|
"target_date": "2026-06-01",
|
|
"status": "telemetry_only",
|
|
"override_env": "MESH_ALLOW_LEGACY_DM_GET_UNTIL",
|
|
}
|
|
|
|
COMPAT_DM_INVITE_IMPORT_TARGET = {
|
|
"target_version": "0.10.0",
|
|
"target_date": "2026-06-01",
|
|
"status": "telemetry_only",
|
|
"override_env": "MESH_ALLOW_COMPAT_DM_INVITE_IMPORT_UNTIL",
|
|
}
|
|
|
|
LEGACY_DM1_TARGET = {
|
|
"target_version": "0.10.0",
|
|
"target_date": "2026-06-01",
|
|
"status": "telemetry_only",
|
|
"override_env": "MESH_ALLOW_LEGACY_DM1_UNTIL",
|
|
}
|
|
|
|
|
|
def sunset_target_label(entry: dict[str, Any]) -> str:
|
|
version = str(entry.get("target_version", "") or "").strip()
|
|
date = str(entry.get("target_date", "") or "").strip()
|
|
if version and date:
|
|
return f"{version} ({date})"
|
|
if version:
|
|
return version
|
|
if date:
|
|
return date
|
|
return "the current compatibility cutoff"
|
|
|
|
|
|
def _safe_int(value: Any, default: int = 0) -> int:
|
|
try:
|
|
return int(value)
|
|
except (TypeError, ValueError):
|
|
return default
|
|
|
|
|
|
def _bool_env(name: str, default: bool = False) -> bool:
|
|
raw = os.environ.get(name)
|
|
if raw is None:
|
|
return default
|
|
return str(raw).strip().lower() in {"1", "true", "yes", "on"}
|
|
|
|
|
|
def _dev_legacy_compat_override_enabled() -> bool:
|
|
"""True only for explicit local/dev migration work.
|
|
|
|
Date-based legacy compatibility env vars are intentionally not enough on
|
|
their own anymore. Phase-2 private profiles must not accidentally reopen
|
|
DM1, legacy GET mailbox access, direct agent_id lookup, or legacy signing
|
|
just because an old migration variable is still present.
|
|
"""
|
|
return _bool_env("MESH_DEV_ALLOW_LEGACY_COMPAT", False)
|
|
|
|
|
|
def _dated_override_active(raw: str) -> bool:
|
|
value = str(raw or "").strip()
|
|
if not value:
|
|
return False
|
|
try:
|
|
return _today_utc() <= date.fromisoformat(value)
|
|
except ValueError:
|
|
return False
|
|
|
|
|
|
def _default_usage() -> dict[str, Any]:
|
|
return {
|
|
"legacy_node_id_binding": {
|
|
"count": 0,
|
|
"blocked_count": 0,
|
|
"last_seen_at": 0,
|
|
"recent_targets": [],
|
|
},
|
|
"legacy_agent_id_lookup": {
|
|
"count": 0,
|
|
"blocked_count": 0,
|
|
"last_seen_at": 0,
|
|
"recent_targets": [],
|
|
},
|
|
"legacy_dm_get": {
|
|
"count": 0,
|
|
"blocked_count": 0,
|
|
"last_seen_at": 0,
|
|
"recent_kinds": [],
|
|
},
|
|
}
|
|
|
|
|
|
def _normalize_recent_kinds(entries: Any) -> list[str]:
|
|
normalized: list[str] = []
|
|
for raw in list(entries or []):
|
|
kind = str(raw or "").strip().lower()
|
|
if not kind or kind in normalized:
|
|
continue
|
|
normalized.append(kind)
|
|
return normalized[-4:]
|
|
|
|
|
|
def _normalize_recent_targets(kind: str, entries: Any) -> list[dict[str, Any]]:
|
|
normalized: list[dict[str, Any]] = []
|
|
for raw in list(entries or []):
|
|
current = dict(raw or {})
|
|
if kind == "legacy_node_id_binding":
|
|
node_id = str(current.get("node_id", "") or "").strip().lower()
|
|
if not node_id:
|
|
continue
|
|
normalized.append(
|
|
{
|
|
"node_id": node_id,
|
|
"current_node_id": str(current.get("current_node_id", "") or "").strip().lower(),
|
|
"count": _safe_int(current.get("count", 0), 0),
|
|
"blocked_count": _safe_int(current.get("blocked_count", 0), 0),
|
|
"last_seen_at": _safe_int(current.get("last_seen_at", 0), 0),
|
|
}
|
|
)
|
|
else:
|
|
agent_id = str(current.get("agent_id", "") or "").strip().lower()
|
|
if not agent_id:
|
|
continue
|
|
normalized.append(
|
|
{
|
|
"agent_id": agent_id,
|
|
"lookup_kinds": [
|
|
str(item or "").strip().lower()
|
|
for item in list(current.get("lookup_kinds") or [])
|
|
if str(item or "").strip()
|
|
][-4:],
|
|
"count": _safe_int(current.get("count", 0), 0),
|
|
"blocked_count": _safe_int(current.get("blocked_count", 0), 0),
|
|
"last_seen_at": _safe_int(current.get("last_seen_at", 0), 0),
|
|
}
|
|
)
|
|
normalized.sort(key=lambda item: _safe_int(item.get("last_seen_at", 0), 0), reverse=True)
|
|
return normalized[:RECENT_TARGET_LIMIT]
|
|
|
|
|
|
def _normalize_usage(payload: dict[str, Any] | None) -> dict[str, Any]:
|
|
current = _default_usage()
|
|
current.update(payload or {})
|
|
for kind in ("legacy_node_id_binding", "legacy_agent_id_lookup"):
|
|
bucket = dict(current.get(kind) or {})
|
|
current[kind] = {
|
|
"count": _safe_int(bucket.get("count", 0), 0),
|
|
"blocked_count": _safe_int(bucket.get("blocked_count", 0), 0),
|
|
"last_seen_at": _safe_int(bucket.get("last_seen_at", 0), 0),
|
|
"recent_targets": _normalize_recent_targets(kind, bucket.get("recent_targets", [])),
|
|
}
|
|
mailbox_bucket = dict(current.get("legacy_dm_get") or {})
|
|
current["legacy_dm_get"] = {
|
|
"count": _safe_int(mailbox_bucket.get("count", 0), 0),
|
|
"blocked_count": _safe_int(mailbox_bucket.get("blocked_count", 0), 0),
|
|
"last_seen_at": _safe_int(mailbox_bucket.get("last_seen_at", 0), 0),
|
|
"recent_kinds": _normalize_recent_kinds(mailbox_bucket.get("recent_kinds", [])),
|
|
}
|
|
return current
|
|
|
|
|
|
def _read_usage() -> dict[str, Any]:
|
|
try:
|
|
if not COMPATIBILITY_FILE.exists():
|
|
return _default_usage()
|
|
return _normalize_usage(json.loads(COMPATIBILITY_FILE.read_text(encoding="utf-8")))
|
|
except Exception:
|
|
return _default_usage()
|
|
|
|
|
|
def _write_usage(payload: dict[str, Any]) -> None:
|
|
DATA_DIR.mkdir(parents=True, exist_ok=True)
|
|
temp_path = COMPATIBILITY_FILE.with_suffix(".tmp")
|
|
temp_path.write_text(json.dumps(payload, sort_keys=True), encoding="utf-8")
|
|
temp_path.replace(COMPATIBILITY_FILE)
|
|
|
|
|
|
def _record_recent_node_id(
|
|
entries: list[dict[str, Any]],
|
|
*,
|
|
node_id: str,
|
|
current_node_id: str,
|
|
blocked: bool,
|
|
seen_at: int,
|
|
) -> list[dict[str, Any]]:
|
|
key = str(node_id or "").strip().lower()
|
|
current = str(current_node_id or "").strip().lower()
|
|
matched = None
|
|
for entry in entries:
|
|
if str(entry.get("node_id", "") or "").strip().lower() == key:
|
|
matched = entry
|
|
break
|
|
if matched is None:
|
|
matched = {
|
|
"node_id": key,
|
|
"current_node_id": current,
|
|
"count": 0,
|
|
"blocked_count": 0,
|
|
"last_seen_at": 0,
|
|
}
|
|
entries.append(matched)
|
|
matched["current_node_id"] = current
|
|
matched["count"] = _safe_int(matched.get("count", 0), 0) + 1
|
|
matched["blocked_count"] = _safe_int(matched.get("blocked_count", 0), 0) + (1 if blocked else 0)
|
|
matched["last_seen_at"] = seen_at
|
|
entries.sort(key=lambda item: _safe_int(item.get("last_seen_at", 0), 0), reverse=True)
|
|
return entries[:RECENT_TARGET_LIMIT]
|
|
|
|
|
|
def _record_recent_lookup(
|
|
entries: list[dict[str, Any]],
|
|
*,
|
|
agent_id: str,
|
|
lookup_kind: str,
|
|
blocked: bool,
|
|
seen_at: int,
|
|
) -> list[dict[str, Any]]:
|
|
key = str(agent_id or "").strip().lower()
|
|
kind = str(lookup_kind or "").strip().lower()
|
|
matched = None
|
|
for entry in entries:
|
|
if str(entry.get("agent_id", "") or "").strip().lower() == key:
|
|
matched = entry
|
|
break
|
|
if matched is None:
|
|
matched = {
|
|
"agent_id": key,
|
|
"lookup_kinds": [],
|
|
"count": 0,
|
|
"blocked_count": 0,
|
|
"last_seen_at": 0,
|
|
}
|
|
entries.append(matched)
|
|
lookup_kinds = [
|
|
str(item or "").strip().lower()
|
|
for item in list(matched.get("lookup_kinds") or [])
|
|
if str(item or "").strip()
|
|
]
|
|
if kind and kind not in lookup_kinds:
|
|
lookup_kinds.append(kind)
|
|
matched["lookup_kinds"] = lookup_kinds[-4:]
|
|
matched["count"] = _safe_int(matched.get("count", 0), 0) + 1
|
|
matched["blocked_count"] = _safe_int(matched.get("blocked_count", 0), 0) + (1 if blocked else 0)
|
|
matched["last_seen_at"] = seen_at
|
|
entries.sort(key=lambda item: _safe_int(item.get("last_seen_at", 0), 0), reverse=True)
|
|
return entries[:RECENT_TARGET_LIMIT]
|
|
|
|
|
|
def legacy_node_id_compat_blocked() -> bool:
|
|
if _bool_env("MESH_BLOCK_LEGACY_NODE_ID_COMPAT", False):
|
|
return True
|
|
return not legacy_node_id_compat_override_active()
|
|
|
|
|
|
def _today_utc() -> date:
|
|
return date.today()
|
|
|
|
|
|
def legacy_node_id_compat_override_until() -> str:
|
|
return str(os.environ.get("MESH_ALLOW_LEGACY_NODE_ID_COMPAT_UNTIL", "") or "").strip()
|
|
|
|
|
|
def legacy_node_id_compat_override_active() -> bool:
|
|
return _dev_legacy_compat_override_enabled() and _dated_override_active(
|
|
legacy_node_id_compat_override_until()
|
|
)
|
|
|
|
|
|
def legacy_agent_id_lookup_blocked() -> bool:
|
|
if _bool_env("MESH_BLOCK_LEGACY_AGENT_ID_LOOKUP", True):
|
|
return True
|
|
return not legacy_agent_id_lookup_override_active()
|
|
|
|
|
|
def legacy_agent_id_lookup_override_until() -> str:
|
|
return str(os.environ.get("MESH_ALLOW_LEGACY_AGENT_ID_LOOKUP_UNTIL", "") or "").strip()
|
|
|
|
|
|
def legacy_agent_id_lookup_override_active() -> bool:
|
|
return _dev_legacy_compat_override_enabled() and _dated_override_active(
|
|
legacy_agent_id_lookup_override_until()
|
|
)
|
|
|
|
|
|
def legacy_dm_signature_compat_override_until() -> str:
|
|
return str(os.environ.get("MESH_ALLOW_LEGACY_DM_SIGNATURE_COMPAT_UNTIL", "") or "").strip()
|
|
|
|
|
|
def legacy_dm_signature_compat_override_active() -> bool:
|
|
return _dev_legacy_compat_override_enabled() and _dated_override_active(
|
|
legacy_dm_signature_compat_override_until()
|
|
)
|
|
|
|
|
|
def legacy_gate_signature_compat_override_until() -> str:
|
|
return str(os.environ.get("MESH_ALLOW_LEGACY_GATE_SIGNATURE_COMPAT_UNTIL", "") or "").strip()
|
|
|
|
|
|
def legacy_gate_signature_compat_override_active() -> bool:
|
|
return _dev_legacy_compat_override_enabled() and _dated_override_active(
|
|
legacy_gate_signature_compat_override_until()
|
|
)
|
|
|
|
|
|
def legacy_dm_get_override_until() -> str:
|
|
return str(os.environ.get("MESH_ALLOW_LEGACY_DM_GET_UNTIL", "") or "").strip()
|
|
|
|
|
|
def legacy_dm_get_override_active() -> bool:
|
|
return _dev_legacy_compat_override_enabled() and _dated_override_active(
|
|
legacy_dm_get_override_until()
|
|
)
|
|
|
|
|
|
def compat_dm_invite_import_override_until() -> str:
|
|
return str(os.environ.get("MESH_ALLOW_COMPAT_DM_INVITE_IMPORT_UNTIL", "") or "").strip()
|
|
|
|
|
|
def compat_dm_invite_import_override_active() -> bool:
|
|
if not _dev_legacy_compat_override_enabled():
|
|
return False
|
|
if "MESH_ALLOW_COMPAT_DM_INVITE_IMPORT" in os.environ:
|
|
return _bool_env("MESH_ALLOW_COMPAT_DM_INVITE_IMPORT", False)
|
|
return _dated_override_active(compat_dm_invite_import_override_until())
|
|
|
|
|
|
def legacy_dm1_override_until() -> str:
|
|
return str(os.environ.get("MESH_ALLOW_LEGACY_DM1_UNTIL", "") or "").strip()
|
|
|
|
|
|
def legacy_dm1_override_active() -> bool:
|
|
return _dev_legacy_compat_override_enabled() and _dated_override_active(
|
|
legacy_dm1_override_until()
|
|
)
|
|
|
|
|
|
def _sunset_target(
|
|
entry: dict[str, Any],
|
|
*,
|
|
blocked: bool,
|
|
unblocked_status: str = "telemetry_only",
|
|
override_until: str = "",
|
|
) -> dict[str, Any]:
|
|
target = dict(entry)
|
|
target["status"] = "enforced" if blocked else str(unblocked_status or "telemetry_only")
|
|
target["blocked"] = blocked
|
|
if override_until:
|
|
target["override_until"] = override_until
|
|
return target
|
|
|
|
|
|
def record_legacy_node_id_binding(node_id: str, current_node_id: str, *, blocked: bool = False) -> None:
|
|
seen_at = int(time.time())
|
|
with _LOCK:
|
|
usage = _read_usage()
|
|
bucket = usage["legacy_node_id_binding"]
|
|
bucket["count"] = _safe_int(bucket.get("count", 0), 0) + 1
|
|
bucket["blocked_count"] = _safe_int(bucket.get("blocked_count", 0), 0) + (1 if blocked else 0)
|
|
bucket["last_seen_at"] = seen_at
|
|
bucket["recent_targets"] = _record_recent_node_id(
|
|
list(bucket.get("recent_targets") or []),
|
|
node_id=node_id,
|
|
current_node_id=current_node_id,
|
|
blocked=blocked,
|
|
seen_at=seen_at,
|
|
)
|
|
_write_usage(usage)
|
|
|
|
|
|
def record_legacy_agent_id_lookup(
|
|
agent_id: str,
|
|
*,
|
|
lookup_kind: str,
|
|
blocked: bool = False,
|
|
) -> None:
|
|
seen_at = int(time.time())
|
|
with _LOCK:
|
|
usage = _read_usage()
|
|
bucket = usage["legacy_agent_id_lookup"]
|
|
bucket["count"] = _safe_int(bucket.get("count", 0), 0) + 1
|
|
bucket["blocked_count"] = _safe_int(bucket.get("blocked_count", 0), 0) + (1 if blocked else 0)
|
|
bucket["last_seen_at"] = seen_at
|
|
bucket["recent_targets"] = _record_recent_lookup(
|
|
list(bucket.get("recent_targets") or []),
|
|
agent_id=agent_id,
|
|
lookup_kind=lookup_kind,
|
|
blocked=blocked,
|
|
seen_at=seen_at,
|
|
)
|
|
_write_usage(usage)
|
|
|
|
|
|
def record_legacy_dm_get(
|
|
*,
|
|
operation: str,
|
|
blocked: bool = False,
|
|
) -> None:
|
|
seen_at = int(time.time())
|
|
kind = str(operation or "").strip().lower()
|
|
with _LOCK:
|
|
usage = _read_usage()
|
|
bucket = usage["legacy_dm_get"]
|
|
bucket["count"] = _safe_int(bucket.get("count", 0), 0) + 1
|
|
bucket["blocked_count"] = _safe_int(bucket.get("blocked_count", 0), 0) + (1 if blocked else 0)
|
|
bucket["last_seen_at"] = seen_at
|
|
recent_kinds = [
|
|
str(item or "").strip().lower()
|
|
for item in list(bucket.get("recent_kinds") or [])
|
|
if str(item or "").strip()
|
|
]
|
|
if kind and kind not in recent_kinds:
|
|
recent_kinds.append(kind)
|
|
bucket["recent_kinds"] = recent_kinds[-4:]
|
|
_write_usage(usage)
|
|
|
|
|
|
def compatibility_status_snapshot() -> dict[str, Any]:
|
|
node_blocked = legacy_node_id_compat_blocked()
|
|
node_override_until = legacy_node_id_compat_override_until() if not node_blocked else ""
|
|
lookup_blocked = legacy_agent_id_lookup_blocked()
|
|
lookup_override_active = legacy_agent_id_lookup_override_active()
|
|
lookup_override_until = legacy_agent_id_lookup_override_until() if lookup_override_active else ""
|
|
dm_sig_override_active = legacy_dm_signature_compat_override_active()
|
|
dm_sig_override_until = legacy_dm_signature_compat_override_until() if dm_sig_override_active else ""
|
|
gate_sig_override_active = legacy_gate_signature_compat_override_active()
|
|
gate_sig_override_until = legacy_gate_signature_compat_override_until() if gate_sig_override_active else ""
|
|
dm_get_override_active = legacy_dm_get_override_active()
|
|
dm_get_override_until = legacy_dm_get_override_until() if dm_get_override_active else ""
|
|
compat_invite_override_active = compat_dm_invite_import_override_active()
|
|
compat_invite_override_until = (
|
|
compat_dm_invite_import_override_until() if compat_invite_override_active else ""
|
|
)
|
|
dm1_override_active = legacy_dm1_override_active()
|
|
dm1_override_until = legacy_dm1_override_until() if dm1_override_active else ""
|
|
return {
|
|
"sunset": {
|
|
"legacy_node_id_binding": _sunset_target(
|
|
LEGACY_NODE_ID_BINDING_TARGET,
|
|
blocked=node_blocked,
|
|
unblocked_status="migration_override",
|
|
override_until=node_override_until,
|
|
),
|
|
"legacy_agent_id_lookup": _sunset_target(
|
|
LEGACY_AGENT_ID_LOOKUP_TARGET,
|
|
blocked=lookup_blocked,
|
|
unblocked_status="dev_migration_override",
|
|
override_until=lookup_override_until,
|
|
),
|
|
"legacy_dm_signature_compat": _sunset_target(
|
|
LEGACY_DM_SIGNATURE_COMPAT_TARGET,
|
|
blocked=not dm_sig_override_active,
|
|
unblocked_status="dev_migration_override",
|
|
override_until=dm_sig_override_until,
|
|
),
|
|
"legacy_gate_signature_compat": _sunset_target(
|
|
LEGACY_GATE_SIGNATURE_COMPAT_TARGET,
|
|
blocked=not gate_sig_override_active,
|
|
unblocked_status="dev_migration_override",
|
|
override_until=gate_sig_override_until,
|
|
),
|
|
"legacy_dm_get": _sunset_target(
|
|
LEGACY_DM_GET_TARGET,
|
|
blocked=not dm_get_override_active,
|
|
unblocked_status="dev_migration_override",
|
|
override_until=dm_get_override_until,
|
|
),
|
|
"compat_dm_invite_import": _sunset_target(
|
|
COMPAT_DM_INVITE_IMPORT_TARGET,
|
|
blocked=not compat_invite_override_active,
|
|
unblocked_status="dev_migration_override",
|
|
override_until=compat_invite_override_until,
|
|
),
|
|
"legacy_dm1": _sunset_target(
|
|
LEGACY_DM1_TARGET,
|
|
blocked=not dm1_override_active,
|
|
unblocked_status="dev_migration_override",
|
|
override_until=dm1_override_until,
|
|
),
|
|
},
|
|
"usage": _read_usage(),
|
|
"dev_legacy_compat_override_enabled": _dev_legacy_compat_override_enabled(),
|
|
}
|