chore: add copyright headers, CI tests, and sanitize gitignore

2026-05-11 20:42:36 +02:00 · 2026-03-31 22:13:34 +10:00 · 2026-03-31 22:13:34 +10:00 · d1f844235e
commit d1f844235e
parent 5cbb3d89d3
325 changed files with 2267 additions and 902 deletions
--- a/internal/domain/identity/agent.go
+++ b/internal/domain/identity/agent.go
@ -1,3 +1,7 @@
+// Copyright 2026 Syntrex Lab. All rights reserved.
+// Use of this source code is governed by an Apache-2.0 license
+// that can be found in the LICENSE file.
+
 // Package identity implements Non-Human Identity (NHI) for AI agents (SDD-003).
 //
 // Each agent has a unique AgentIdentity with capabilities (tool permissions),
@ -30,11 +34,11 @@ type AgentIdentity struct {
 	AgentID         string            `json:"agent_id"`
 	AgentName       string            `json:"agent_name"`
 	AgentType       AgentType         `json:"agent_type"`
-	CreatedBy       string            `json:"created_by"`        // Human principal who deployed
-	DelegationChain []DelegationLink  `json:"delegation_chain"`  // Trust ancestry chain
-	Capabilities    []ToolPermission  `json:"capabilities"`      // Per-tool allowlists
-	Constraints     AgentConstraints  `json:"constraints"`       // Operational limits
-	Tags            map[string]string `json:"tags,omitempty"`    // Arbitrary metadata
+	CreatedBy       string            `json:"created_by"`       // Human principal who deployed
+	DelegationChain []DelegationLink  `json:"delegation_chain"` // Trust ancestry chain
+	Capabilities    []ToolPermission  `json:"capabilities"`     // Per-tool allowlists
+	Constraints     AgentConstraints  `json:"constraints"`      // Operational limits
+	Tags            map[string]string `json:"tags,omitempty"`   // Arbitrary metadata
 	CreatedAt       time.Time         `json:"created_at"`
 	LastSeenAt      time.Time         `json:"last_seen_at"`
 }
--- a/internal/domain/identity/capability.go
+++ b/internal/domain/identity/capability.go
@ -1,3 +1,7 @@
+// Copyright 2026 Syntrex Lab. All rights reserved.
+// Use of this source code is governed by an Apache-2.0 license
+// that can be found in the LICENSE file.
+
 package identity

 // CapabilityDecision represents the result of a capability check.
--- a/internal/domain/identity/errors.go
+++ b/internal/domain/identity/errors.go
@ -1,3 +1,7 @@
+// Copyright 2026 Syntrex Lab. All rights reserved.
+// Use of this source code is governed by an Apache-2.0 license
+// that can be found in the LICENSE file.
+
 package identity

 import "errors"
--- a/internal/domain/identity/identity_test.go
+++ b/internal/domain/identity/identity_test.go
@ -1,3 +1,7 @@
+// Copyright 2026 Syntrex Lab. All rights reserved.
+// Use of this source code is governed by an Apache-2.0 license
+// that can be found in the LICENSE file.
+
 package identity

 import (
--- a/internal/domain/identity/memory.go
+++ b/internal/domain/identity/memory.go
@ -1,3 +1,7 @@
+// Copyright 2026 Syntrex Lab. All rights reserved.
+// Use of this source code is governed by an Apache-2.0 license
+// that can be found in the LICENSE file.
+
 package identity

 import (
--- a/internal/domain/identity/pinning.go
+++ b/internal/domain/identity/pinning.go
@ -1,3 +1,7 @@
+// Copyright 2026 Syntrex Lab. All rights reserved.
+// Use of this source code is governed by an Apache-2.0 license
+// that can be found in the LICENSE file.
+
 package identity

 // Context-aware trimming with security event pinning (SDD-003 M5).
@ -8,23 +12,23 @@ package identity

 // Message represents a context window message.
 type Message struct {
-	Role      string `json:"role"`       // "user", "assistant", "system", "security"
-	Content   string `json:"content"`
-	TokenCount int   `json:"token_count"`
-	IsPinned  bool   `json:"is_pinned"`  // Security events are pinned
-	EventType string `json:"event_type,omitempty"` // For security messages
+	Role       string `json:"role"` // "user", "assistant", "system", "security"
+	Content    string `json:"content"`
+	TokenCount int    `json:"token_count"`
+	IsPinned   bool   `json:"is_pinned"`            // Security events are pinned
+	EventType  string `json:"event_type,omitempty"` // For security messages
 }

 // PinnedEventTypes are security events that MUST NOT be trimmed from context.
 var PinnedEventTypes = map[string]bool{
-	"permission_denied":        true,
-	"injection_detected":       true,
-	"circuit_breaker_open":     true,
+	"permission_denied":         true,
+	"injection_detected":        true,
+	"circuit_breaker_open":      true,
 	"credential_access_blocked": true,
-	"exfiltration_attempt":     true,
-	"ssrf_blocked":             true,
-	"genai_credential_access":  true,
-	"genai_persistence":        true,
+	"exfiltration_attempt":      true,
+	"ssrf_blocked":              true,
+	"genai_credential_access":   true,
+	"genai_persistence":         true,
 }

 // IsPinnedEvent returns true if the event type should be pinned (never trimmed).
@ -84,7 +88,7 @@ func TrimContext(messages []Message, maxTokens int) []Message {
 	usedTokens := 0
 	// Keep messages from the END (newest) that fit
 	for i := len(unpinned) - 1; i >= 0; i-- {
-		if usedTokens + unpinned[i].msg.TokenCount <= remainingBudget {
+		if usedTokens+unpinned[i].msg.TokenCount <= remainingBudget {
 			survivingUnpinned = append([]indexedMsg{unpinned[i]}, survivingUnpinned...)
 			usedTokens += unpinned[i].msg.TokenCount
 		}
--- a/internal/domain/identity/store.go
+++ b/internal/domain/identity/store.go
@ -1,3 +1,7 @@
+// Copyright 2026 Syntrex Lab. All rights reserved.
+// Use of this source code is governed by an Apache-2.0 license
+// that can be found in the LICENSE file.
+
 package identity

 import (