alkdev/alknet-firewall
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: initial architecture specification and research

Browse Source 
Phase 0→1 setup for alknet-firewall — a behavioral signal detection
library that screens untrusted LLM inputs using small model activations.

Architecture docs (5 specs, 10 ADRs, 7 open questions):
- overview: vision, scope, dependencies, package structure
- firewall: core API, alarm protocol, score composition, error handling
- codebook: SVD basis, spline distributions, calibration, tensor format
- model: activation extraction, model-agnostic interface, lazy loading
- configuration: thresholds, model selection, detection tuning

Research reports:
- modern-python-project-setup: uv, pyproject.toml, src layout, ruff, CI
- python-ml-packaging: optional PyTorch, HF Hub download, safetensors
- llm-input-safety-landscape: threat taxonomy, defenses, academic evidence

Agent role adaptations for Python project (replaced Rust conventions).
This commit is contained in:
glm-5.1
2026-06-13 05:17:40 +00:00
parent 141628bae4
commit cf464c2296
23 changed files with 3900 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
.opencode/agents/implementation-specialist.md
View File

@@ -112,17 +112,17 @@ If blocked → Safe Exit (see below)
### 4. Self-Verify
```bash
# Build
cargo build
# Lint
cargo clippy -- -D warnings
# Run tests
cargo test
uv run ruff check src/ tests/
# Format check
cargo fmt --check
uv run ruff format --check src/ tests/
# Type check
uv run mypy src/
# Run tests
uv run pytest
```
Check each acceptance criterion in the task file.
@@ -131,7 +131,7 @@ Check each acceptance criterion in the task file.
```bash
# Stage only source code — NOT task files
git add src/ test/ docs/ # or specific files as appropriate
git add src/ tests/ docs/ # or specific files as appropriate
git commit -m "feat(<task-id>): <description>"
git push origin $(git branch --show-current)
```
@@ -200,8 +200,8 @@ When available, use memory tools to manage your context:
assistant messages if you lose track
- `memory({tool: "search", args: {query: "..."}})` — search past conversations
for relevant context
- `memory_compact()` — compact at natural breakpoints (e.g., after completing a
subtask) when context is above 80%
- `memory_compact()` — compact at natural breakpoints (e.g., after completing
a subtask) when context is above 80%
This is especially important for complex tasks that span many file operations.
@@ -209,16 +209,23 @@ This is especially important for complex tasks that span many file operations.
Read `AGENTS.md` at project root for full details. Key rules:
1. **No comments in code** — Per project convention.
2. **Error handling** — Use `anyhow::Result` for application code, `thiserror` for
library error types. Never panic in library code.
3. **Feature flags** — Transports are feature-gated (`tls`, `iroh`, `acme`). Base
crate should compile lean.
4. **Async runtime** — `tokio` is the async runtime. All I/O is async.
5. **Naming conventions** — Rust standard: `snake_case` for functions/variables/
modules, `PascalCase` for types/traits, `SCREAMING_SNAKE_CASE` for constants.
6. **Module structure** — One module per component under `src/`. Re-export via
`mod.rs` or `lib.rs` as appropriate.
1. **Type hints required** — All public functions must have type annotations.
Use `mypy --strict` for validation.
2. **Error handling** — Use custom exception classes for library errors
(subclass from `AlknetFirewallError`). Use explicit `Result` patterns or
raised exceptions; never silently swallow errors.
3. **Optional dependencies** — PyTorch is an optional dependency via extras.
Use lazy imports with clear error messages when torch is not installed.
4. **Naming conventions** — Python standard: `snake_case` for functions/variables/
modules, `PascalCase` for classes, `UPPER_SNAKE_CASE` for constants.
5. **Module structure** — One module per component under `src/alknet_firewall/`.
Use `__init__.py` for public API re-exports.
6. **Testing** — Unit tests in `tests/`, integration tests marked with
`@pytest.mark.integration`. Mock ML model loading in unit tests; use tiny
models for integration tests.
7. **No comments in code** — Per project convention. Use docstrings for public API.
8. **safetensors only** — Never load pickle-based `.pt`/`.bin` model files.
Always use safetensors format for security.
## Key Principles