alkdev/alknet-firewall
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: initial architecture specification and research

Browse Source 
Phase 0→1 setup for alknet-firewall — a behavioral signal detection
library that screens untrusted LLM inputs using small model activations.

Architecture docs (5 specs, 10 ADRs, 7 open questions):
- overview: vision, scope, dependencies, package structure
- firewall: core API, alarm protocol, score composition, error handling
- codebook: SVD basis, spline distributions, calibration, tensor format
- model: activation extraction, model-agnostic interface, lazy loading
- configuration: thresholds, model selection, detection tuning

Research reports:
- modern-python-project-setup: uv, pyproject.toml, src layout, ruff, CI
- python-ml-packaging: optional PyTorch, HF Hub download, safetensors
- llm-input-safety-landscape: threat taxonomy, defenses, academic evidence

Agent role adaptations for Python project (replaced Rust conventions).
This commit is contained in:
glm-5.1
2026-06-13 05:17:40 +00:00
parent 141628bae4
commit cf464c2296
23 changed files with 3900 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
.opencode/agents/code-reviewer.md
View File

@@ -96,28 +96,28 @@ Verify:
- Edge cases considered
- No brittle tests (over-mocked, timing-dependent)
#### D. Static Analysis (Rust toolchain)
#### D. Static Analysis (Python toolchain)
Run the project's build, lint, and format commands:
Run the project's lint, type-check, and format commands:
```bash
cargo build # Build check
cargo clippy -- -D warnings # Lint
cargo fmt --check # Format check
uv run ruff check src/ tests/ # Lint
uv run ruff format --check src/ tests/ # Format check
uv run mypy src/ # Type check
```
#### D2. Project Convention Checks
For this project, also verify:
- No comments in code (per project convention)
- Error handling uses `anyhow::Result` (application) / `thiserror` (library) — no
panics in library code
- Feature flags are used correctly (`tls`, `iroh`, `acme`) — base crate compiles
lean
- Public API is well-documented with `///` doc comments where appropriate
- Module structure follows Rust conventions (`mod.rs`, `lib.rs`)
- No unnecessary `unwrap()` or `expect()` in library code
- No comments in code (per project convention; docstrings for public API are fine)
- Error handling uses custom exception classes (subclass `AlknetFirewallError`)
for library errors; no silently swallowed exceptions
- Optional dependencies (torch) use lazy imports with clear error messages
- Public API is well-documented with docstrings where appropriate
- Module structure follows Python conventions (`__init__.py` for re-exports)
- Type hints are present on all public functions
- Model loading uses safetensors format only (never `.pt`/`.bin` pickle files)
#### E. Security