Draft
Conversation
kylewanginchina
force-pushed
the
support-agent-governance
branch
2 times, most recently
from
caaca7a to
26a0444
Compare
Add inputs.proc.ai_agent config section with http_endpoints (default: /v1/chat/completions, /v1/embeddings), max_payload_size (default: 1MB), and file_io_enabled. Forward to LogParserConfig. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add BIZ_TYPE_DEFAULT (0) and BIZ_TYPE_AI_AGENT (1) constants for process classification in AI agent governance. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Stub module for AI Agent governance. Returns no-ops in open source. Real implementation provided by enterprise enterprise-utils crate. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Enterprise-gated hook calls enterprise_utils::ai_agent::match_ai_agent_endpoint to detect LLM API URLs. Sets endpoint and biz_type=AI_AGENT on match. Priority: WASM/biz_field > AI Agent detection > http_endpoint config. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
AI Agent processes will be synced to controller with biz_type=1 (AI_AGENT). Field plumbing only — registry integration in a later task. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
AI Agent flows use ai_agent_max_payload_size (1MB default) instead of l7_log_packet_size to preserve full LLM request/response bodies for governance audit. Changes: - Add is_ai_agent flag to FlowLog (enterprise-gated) to track flows identified as AI Agent traffic via biz_type detection - In l7_parse_log, use ai_agent_max_payload_size for payload truncation when the flow is marked as AI Agent - After parse_payload returns, check parsed result for BIZ_TYPE_AI_AGENT and set the flag for subsequent packets in the flow - Add L7ParseResult::has_biz_type() helper to check parsed results - Saturate ParseParam::buf_size to u16::MAX to avoid overflow with larger AI Agent payload sizes Enterprise feature only. Original behavior preserved for non-AI-Agent flows and non-enterprise builds. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add access_permission (__u16) to __io_event_buffer struct for exposing file permission bits (inode->i_mode & 0xFFF) in I/O events. Add #ifdef EXTENDED_AI_AGENT_FILE_IO hook in trace_io_event_common() that allows enterprise extensions to bypass the latency filter for AI agent processes and populate access_permission from the inode. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add global registry accessors (init_global_registry, global_registry) to enterprise-utils ai_agent module (stub returns None in open source) - Initialize registry at startup in trident.rs (enterprise only) - Register AI Agent PIDs in perf/mod.rs when biz_type detection fires - proc_scan_hook checks registry to set biz_type=AI_AGENT on ProcessData Enterprise feature only. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… var - Import L7ProtocolInfoInterface trait for get_biz_type() in l7_protocol_log.rs - Prefix process_datas with underscore in proc_scan_hook.rs to suppress unused variable warning in non-enterprise builds Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
In C, a label must be followed by a statement, not a declaration. The struct declaration after skip_latency_filter: causes a compile error when EXTENDED_AI_AGENT_FILE_IO is defined. Add a null statement (;) to satisfy the grammar requirement. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…, PRD 2.2 Phase 1 - Fix 4 blockers: - B3: Add u32-key BPF map helpers (table.c/h) and Rust FFI for PID→BPF sync - B1: Add process_id to ParseParam, update match_ai_agent_endpoint for uniqueness - B4: Propagate access_permission through kernel→userspace→Rust→proto chain - B2: Wire file_io_enabled config through LogParserConfig to AiAgentRegistry Phase 2 - Unlimited stream reassembly: - Interpret max_payload_size=0 as usize::MAX (truly unlimited) - Change default max_payload_size from 1MB to 0 (unlimited) Phase 3 - PRD 2.2 event types: - Add FileOpEvent, PermOpEvent, ProcLifecycleEvent to EventType enum - Add proto messages: FileOpEventData, PermOpEventData, ProcLifecycleEventData - Add sched_comm_fork_ctx for process lifecycle BPF hooks - Wire BPF map FD at startup in ebpf_dispatcher Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
kylewanginchina
force-pushed
the
support-agent-governance
branch
from
26a0444 to
404ef66
Compare
Blocking fixes: - Remove duplicate sched_comm_fork_ctx struct in socket_trace.h - Add DATA_SOURCE constants for new event types in BPF common.h - Add FILE_OP_EVENT/PERM_OP_EVENT/PROC_LIFECYCLE_EVENT constants to ebpf.rs - Complete ProcEvent parsing: add FileOpEventData, PermOpEventData, ProcLifecycleEventData with packed struct parsing and proto encoding - Update EventType::from(u8) to dispatch new source types High-risk fixes: - Add server-side decoder handling for new event types in decoder.go - Wire cleanup_dead_pids to periodic proc_scan_hook for runtime cleanup Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- proc_scan_hook: inject AI agent PIDs not matched by process_matcher so they appear in MySQL process table (not just l7_flow_log) - handler.rs: add /v1/responses to default ai_agent_endpoints - perf/mod.rs: remove redundant register() with empty endpoint - http.rs: borrow path instead of cloning on every HTTP parse - socket.c: change __set_ai_agent_data_limit_max param to unsigned int to fix dead code branch (limit_size > INT_MAX unreachable with int) - server: decode access_permission from IoEventData into ClickHouse file_event table (column constant, EventStore field, column block) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
kylewanginchina
force-pushed
the
support-agent-governance
branch
from
6a472ef to
fa3ac8f
Compare
… sync when domain unverified
kylewanginchina
force-pushed
the
support-agent-governance
branch
from
6ea8ccf to
8980494
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR is for:
Support agent governance
Checklist
Backport to branches