[idZddlZddlZddlZddlmZddlmZddlm Z ddl Z ddl m Z dZ e ejdz ZeGd d Zd ed efd Zdededed efdZGddZdS)z LuckySt Syndicate - Report Encryption & Key Management AES-256-GCM encryption for trading session reports. Redis-based key storage with 24-hour access grants for pledged syndicate members. N) dataclass)Optional)Path)AESGCMz registry.yamlcpeZdZUdZeed<eed<eed<defdZededee eeffdZ d S) EncryptedReportz6An AES-256-GCM encrypted report with its key material. ciphertextnoncekeyreturnc\tdd}||jz|jzS)u Serialize for on-chain storage. Format: [version:1][nonce:12][ciphertext:N] The AES key is NOT included — it's stored in Redis. rbig)REPORT_VERSIONto_bytesr r )self version_bytes '/app/agentic/syndicate/report_crypto.pyto_chain_byteszEncryptedReport.to_chain_bytes$s-&..q%88 dj(4?::datacD|d}|dd}|dd}|||fS)zk Parse on-chain bytes back into components. Returns: (version, nonce, ciphertext) rr N)rversionr r s rparse_chain_bytesz!EncryptedReport.parse_chain_bytes.s4q'QrT "##Y z))rN) __name__ __module__ __qualname____doc__bytes__annotations__r staticmethodtupleintrrrrr r s@@ LLL JJJ;;;;; * *%UE0A*B * * *\ * * *rr plaintextr ctjd}tjd}t|}|||dd}t |||S)z Encrypt a report string with AES-256-GCM. Generates a random 256-bit key and 96-bit nonce. Returns EncryptedReport with ciphertext, nonce, and key. utf-8N)r r r )secrets token_bytesrencryptencoder )r&r r aesgcmr s rencrypt_reportr0;sg  b ! !C   # #E C[[Fy'7'7'@'@$GGJ j3 G G GGrr r r cxt|}|||d}|dS)z Decrypt an AES-256-GCM encrypted report. Args: ciphertext: The encrypted data nonce: 12-byte nonce used during encryption key: 32-byte AES key Returns: Decrypted plaintext string Nr*)rdecryptdecode)r r r r/r&s rdecrypt_reportr4Is8C[[Fuj$77I   G $ $$rc eZdZdZdZdZdZdZdZde de d e d e d e e d e f d Z de de d e dee fdZd e de efdZde deefdZde defdZdS)ReportKeyManagerz Manages AES keys for encrypted reports via Redis. - Authors keep keys indefinitely (no expiry) - Other pledged syndicate members can request 24h access - Pledge verification checks registry.yaml z report:key:z report:grant:z report:index:iQc||_dS)N)redis)r redis_clients r__init__zReportKeyManager.__init__ns ! rtx_hashaes_keyauthor_address instance_idmarkets timestampc ||||||d}|j|j|t j||j|j||t| rt|ndidS)u Store the AES key for a report. Called by the report author. The key is stored with no expiry — the author always has access. Also indexes the report under the author's address for listing. ) aes_key_hexauthorr>r?r@r;rN) hexlowerr8set KEY_PREFIXjsondumpszadd INDEX_PREFIXfloatisdigitr%)rr;r<r=r>r?r@metadatas rstore_report_keyz!ReportKeyManager.store_report_keyqs #;;==$**,,&"     ) ) ) Jx     :."6"6"8"8 : : ei.?.?.A.AHC NNNqII J     rrequester_addressr c||kr!||}|r|dndS||sdS||}|sdS|d|krdS|d}|j|d|}|j||j||S)z Grant 24-hour access to a report's AES key. Verifies the requester is a pledged syndicate member. Returns the AES key hex string, or None if denied. rBNrC:)rE _get_metadata _is_pledged GRANT_PREFIXr8setex GRANT_TTL)rr;rPr=metarB grant_keys r grant_accesszReportKeyManager.grant_accesss  " " $ $(<(<(>(> > >%%g..D*.84 &&D 8 122 4!!'** 4 >^1133 3 34=) (O'OO4E4K4K4M4MOO  DNK@@@rcl|j|}|j|dd}g}|D]u}t |t r|}||}|r3d|D}| |v|S)z5List all report tx hashes and metadata for an author.rc&i|]\}}|dk ||S)rBr).0kvs r z;ReportKeyManager.list_reports_by_author..s(QQQdaa=>P>PQ>P>P>Pr) rKrEr8 zrevrange isinstancer!r3rSitemsappend)rr= index_key tx_hashesreportsr;rX safe_metas rlist_reports_by_authorz'ReportKeyManager.list_reports_by_authors(B.*>*>*@*@BB J((Ar::   * *G'5)) +!..**%%g..D *QQdjjllQQQ y)))rc|j|j|}|sdSt|tr|}t j|S)zGet report metadata from Redis.N)r8getrGrcr!r3rHloads)rr;raws rrSzReportKeyManager._get_metadatas\jnn:::;; 4 c5 ! ! **,,Cz#raddressc ttd5}tj|}dddn #1swxYwY|dpg}|D]\}|dd|kr|ddkrdS]d S#t $rYd SwxYw) z2Check if an address is a pledged syndicate member.rNagents base_addressstatusactiveTF)open REGISTRY_PATHyaml safe_loadrlrE Exception)rrofregistryrragents rrTzReportKeyManager._is_pledgeds mS)) -Q>!,, - - - - - - - - - - - - - - -\\(++1rF $ $99^R006688GMMOOKKyy**h66#tt5   55 s4B;8 B;<B;<A6B;8B;; C C N)rrrr rGrUrKrWr:strr!r%listrOrrZdictrjrSboolrTrrrr6r6^sCJ"L"LI"""" " "  "  " c " " " " " H$$$ $ # $$$$LST$Z"SXd^ 3 4      rr6)r osrHr+ dataclassesrtypingrpathlibrry+cryptography.hazmat.primitives.ciphers.aeadrr__file__parentrxr rr0r!r4r6rrrrsa !!!!!! >>>>>>X%7  ******* *: Hc Ho H H H H%u%U%%3%%%%*DDDDDDDDDDr