Coverage for core / superadmins.py: 80.0%

15 statements  

« prev     ^ index     » next       coverage.py v7.14.0, created at 2026-05-12 04:49 +0000

1"""Canonical superadmin allowlist + central report-in URLs. 

2 

3Single source of truth for the universal-peer-join + central-report 

4spec (see Nunba memory: 

5``project_universal_peer_join_central_report.md``). Every install — 

6Nunba bundled, Docker, OS-via-ISO, embedded — ships this constant 

7identically. No parallel copies allowed in main / admin_bp / 

8federation modules. 

9 

10Two open user-confirmation items: 

11- ``sathish@hertai.com`` is likely a typo for ``sathish@hertzai.com``. 

12 Preserved verbatim until the user confirms. 

13- ``cortext@hertzai.com`` is likely a typo for ``cortex@hertzai.com``. 

14 Preserved verbatim until the user confirms. 

15 

16Constitutional rule: this allowlist must NEVER be silently mutated by 

17self-evolution / autoresearch agents. Edits flow through the signed 

18admin-config gate or a release bump, nothing else. 

19""" 

20from __future__ import annotations 

21from typing import FrozenSet, Tuple 

22 

23 

24# ─── Allowlist (verbatim, see module docstring for typo notes) ──────── 

25 

26SUPERADMIN_EMAILS: FrozenSet[str] = frozenset({ 

27 'sathish@hertai.com', 

28 'giri@hertzai.com', 

29 'central@hevolve.ai', 

30 'sathish@hevolve.ai', 

31 'cortext@hertzai.com', 

32}) 

33 

34 

35# ─── Central report-in URLs (where a fresh install posts identity) ─── 

36 

37# Primary genesis centrals. An install reports its identity here on 

38# first successful peer-join, then opportunistically thereafter (every 

39# REPORT_INTERVAL_SEC). 

40SUPERADMIN_CENTRAL_URLS: Tuple[str, ...] = ( 

41 'https://central.hevolve.ai', 

42) 

43 

44# Fallback genesis centrals. Tried only if every primary URL fails 

45# the report-in attempt — provides Azure-side redundancy when the 

46# `central.hevolve.ai` DNS or origin is unreachable. azurekong is the 

47# same Kong gateway already used elsewhere in the stack (e.g. MiniCPM 

48# inference at azurekong.hertzai.com:8000), so an install reaching 

49# this URL is hitting our existing production infrastructure. 

50SUPERADMIN_FALLBACK_CENTRAL_URLS: Tuple[str, ...] = ( 

51 'https://azurekong.hertzai.com', 

52) 

53 

54# Combined view for consumers that want to know about ALL centrals 

55# regardless of priority (e.g. peer_discovery genesis seed list, where 

56# we want gossip to find either). Order: primary first, then fallback. 

57ALL_CENTRAL_URLS: Tuple[str, ...] = ( 

58 SUPERADMIN_CENTRAL_URLS + SUPERADMIN_FALLBACK_CENTRAL_URLS 

59) 

60 

61 

62# ─── Tunables (operator-overridable via env) ────────────────────────── 

63 

64# How often a node re-reports identity to centrals after the first 

65# successful join. Long-cadence — this is presence/inventory, not the 

66# realtime gossip path. 

67REPORT_INTERVAL_SEC = 3600 # 1 hour 

68 

69# Per-attempt HTTP timeout (connect, read). Centrals offline must not 

70# slow the boot path. 

71REPORT_TIMEOUT_CONNECT = 3.0 

72REPORT_TIMEOUT_READ = 8.0 

73 

74# Outbox drain cadence — when a central was unreachable, the report 

75# lands in the outbox and the next loop tick retries. 

76REPORT_OUTBOX_RETRY_SEC = 300 # 5 minutes 

77 

78 

79def is_superadmin_email(email: str) -> bool: 

80 """Case-insensitive membership check.""" 

81 if not email: 

82 return False 

83 return email.strip().lower() in {e.lower() for e in SUPERADMIN_EMAILS} 

84 

85 

86__all__ = [ 

87 'SUPERADMIN_EMAILS', 

88 'SUPERADMIN_CENTRAL_URLS', 

89 'SUPERADMIN_FALLBACK_CENTRAL_URLS', 

90 'ALL_CENTRAL_URLS', 

91 'REPORT_INTERVAL_SEC', 

92 'REPORT_TIMEOUT_CONNECT', 

93 'REPORT_TIMEOUT_READ', 

94 'REPORT_OUTBOX_RETRY_SEC', 

95 'is_superadmin_email', 

96]