Hugging Face's logo

Spaces:
SZLHOLDINGS
/
sentra
Running

App Files Community
1
betterwithage commited on
Commit
1c021fa
·
verified ·
1 Parent(s): 6cb93f8

round2: full operational - 8 gates, Wire B, /console/, #try-it, Rosie

Browse files
Files changed (1) hide show
  1. Dockerfile +161 -2
Dockerfile CHANGED
@@ -1,3 +1,162 @@
1
- # sentra Space - proxy to canonical GHCR image (resolves cache-miss exit-1)
2
- FROM ghcr.io/szl-holdings/sentra:uds-v0.2.0
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
3
  EXPOSE 7860
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # SPDX-License-Identifier: Apache-2.0
2
+ # © 2026 Lutar, Stephen P. — SZL Holdings · ORCID 0009-0001-0110-4173 · Doctrine v11
3
+ #
4
+ # sentra HF Docker Space — FULL OPERATIONAL (round2 delivery)
5
+ #
6
+ # Routes:
7
+ # / — VERBATIM Replit React SPA (Vite base="/", a11oy pattern) — REPLACES old landing per founder
8
+ # /console/ — Replit SPA console (verbatim, standalone)
9
+ # /api/sentra/healthz — liveness probe
10
+ # /api/sentra/v1/verdict — POST: Wire B full immune verdict
11
+ # /api/sentra/v1/inspect — POST: Wire B full-signal inspect
12
+ # /api/sentra/v1/gates — GET: list all 8 immune gates
13
+ # /api/sentra/v1/gates/{id} — GET: per-gate detail
14
+ # /api/sentra/v1/gates/{id}/test — POST: per-gate test
15
+ # /api/sentra/v1/audit-log — GET: recent verdict history
16
+ # /api/sentra/v1/threats — GET: threat-signature STIX corpus
17
+ # /api/sentra/v1/forecast — GET/POST: witnessed forecasting (Mādhava envelope, Cursor #65)
18
+ #
19
+ # Canonical (Doctrine v11): 749 decl / 14 unique axioms (15 raw, 1 dup) / 163 tracked sorries / 12 MCP tools / 46 policy gates
20
+ # /brain — immune brain page (theorems + 8 gates + 5 LLM tiers + screening)
21
+ # /api/sentra/v1/brain* — brain JSON + screen; /llm/route + /llm/tiers; /mesh/state; /brainz
22
+ #
23
+ # HF Space requirement: listen on PORT 7860.
24
+
25
+ FROM python:3.12-slim
26
+
27
+ WORKDIR /app
28
+
29
+ # Install dependencies
30
+ RUN apt-get update && apt-get install -y --no-install-recommends git && \
31
+ apt-get clean && rm -rf /var/lib/apt/lists/*
32
+
33
+ # Install Python dependencies
34
+ RUN pip install --no-cache-dir \
35
+ "fastapi>=0.111.0,<1.0.0" \
36
+ "uvicorn[standard]>=0.29.0,<1.0.0" \
37
+ "pydantic>=2.7.0,<3.0.0"
38
+ # BE hardening: slowapi rate limiter (60/min/IP). pydantic+fastapi already present.
39
+ RUN pip install --no-cache-dir "slowapi>=0.1.9"
40
+
41
+ # ADDITIVE (Yachay / Provenance Hardening): cryptography for DSSE+Cosign Khipu signing.
42
+ RUN pip install --no-cache-dir "cryptography>=42.0"
43
+
44
+ # NOTE (P0 CI fix, Dev1 Rumi): torch+faiss+sentence-transformers removed from
45
+ # build-time pip install. At ~1GB+ they cause GH Actions OOM on ubuntu-latest
46
+ # (7GB RAM). szl_rag.py already has honest try/except lazy-load fallback:
47
+ # if the import fails it returns {"status":"rag_unavailable"} with no crash.
48
+ # Install huggingface_hub only (lightweight) for HF dataset caching utilities.
49
+ RUN pip install --no-cache-dir "huggingface_hub>=0.23.0"
50
+
51
+ # Verbatim Replit React SPA at root (Vite base="/"): index.html + assets in landing/.
52
+ # Old Vessels-DNA landing replaced per founder directive; /api/sentra/* contract preserved.
53
+ COPY landing/ ./landing/
54
+
55
+ # Copy console SPA (Replit verbatim, standalone)
56
+ COPY console/ ./console/
57
+
58
+ # Copy serve orchestrator
59
+ COPY serve.py ./serve.py
60
+ # Sentra <-> Killinchu cyber bridge (ADDITIVE): /drone-cyber tab + endpoints.
61
+ COPY sentra_drone_cyber.py ./sentra_drone_cyber.py
62
+ # a11oy.code (ADDITIVE, Doctrine v11 §14): math-corpus + code-proxy for sentra.
63
+ COPY szl_math_corpus.py ./szl_math_corpus.py
64
+ COPY szl_code_proxy.py ./szl_code_proxy.py
65
+
66
+ # Anatomy substrate (ADDITIVE): canonical formulas + composer routes.
67
+ COPY szl_formulas.py ./szl_formulas.py
68
+ COPY szl_anatomy_routes.py ./szl_anatomy_routes.py
69
+
70
+ # ADDITIVE (Doctrine v11): shared per-app BRAIN + unified LLM router + mesh wires.
71
+ COPY szl_brain.py ./szl_brain.py
72
+ # ADDITIVE (Doctrine v11): shared agentic-RAG service (organ=immune).
73
+ COPY szl_rag.py ./szl_rag.py
74
+ COPY szl_wire.py ./szl_wire.py
75
+ COPY szl_dsse.py ./szl_dsse.py
76
+ COPY szl_provenance.py ./szl_provenance.py
77
+ COPY szl_jack.py ./szl_jack.py
78
+
79
+
80
+ # ADDITIVE (Yachay / Live 3D Wires, PURIQ Doctrine v12): COPY the live-wires
81
+ # module + host page + scene core so `import szl_live_wires` resolves in-container.
82
+ # Without these the register() call in the server silently fails and /live-wires
83
+ # falls through to the SPA shell. ADDITIVE ONLY. Sign: Yachay.
84
+ COPY szl_live_wires.py ./szl_live_wires.py
85
+ COPY live_wires.html ./live_wires.html
86
+ COPY live_wires_3d.js ./live_wires_3d.js
87
+
88
+ # ADDITIVE (Wire I): Rosie-companion module baked into the image. Yachay.
89
+ COPY szl_rosie_companion.py ./szl_rosie_companion.py
90
+ COPY serve.py ./serve.py
91
+ ENV PORT=7860
92
+ # BE hardening (Greene) — per-file COPY (this Dockerfile uses per-file COPY).
93
+ COPY szl_be_hardening.py ./szl_be_hardening.py
94
+
95
  EXPOSE 7860
96
+
97
+ # ADDITIVE (UNAY + Khipu-LMDB v2, 2026-06-01, Yachay): real durable lmdb persistence
98
+ # + optional sqlite-vss vector recall (szl_unay degrades to honest cosine-fallback if
99
+ # the extension cannot load in the slim image). Never affects existing routes.
100
+ RUN pip install --no-cache-dir "lmdb>=1.4.0"
101
+ # sqlite-vss removed: no pre-built wheel for python:3.12-slim (P0 CI fix, Dev1 Rumi)
102
+ # szl_unay.py has honest fallback to cosine similarity when sqlite-vss .so cannot load
103
+ # ADDITIVE (UNAY + Khipu-LMDB v2, 2026-06-01, Yachay / Perplexity Computer Agent):
104
+ # explicit per-file COPY (this Dockerfile does not use `COPY . .`). serve.py imports
105
+ # szl_unay_routes and calls .register(app, ns="sentra") -> /api/sentra/v2/unay/* +
106
+ # /api/sentra/v2/khipu/lmdb/*. Real durable lmdb + real sqlite-vss honest fallback.
107
+ COPY szl_unay.py ./szl_unay.py
108
+ COPY szl_khipu_lmdb.py ./szl_khipu_lmdb.py
109
+ COPY szl_khipu_replicate.py ./szl_khipu_replicate.py
110
+ COPY szl_unay_routes.py ./szl_unay_routes.py
111
+ # ADDITIVE (Warhacker aliases, Yachay 2026-06-01): top-level /healthz + /khipu/* + /wires/D.
112
+ # Per-file COPY (no `COPY . .`) — without this `import szl_warhacker_aliases` fails.
113
+ COPY szl_warhacker_aliases.py ./szl_warhacker_aliases.py
114
+ # ADDITIVE (3D scene TABS, Yachay 2026-06-02): /threat-globe + /verdict-river as
115
+ # Three.js tabs fed by live /api/sentra/v1/{audit-log,gates}. Per-file COPY (no
116
+ # `COPY . .`) — without this `import sentra_v4_threat` silently fails and the
117
+ # routes fall through to the SPA shell. ADDITIVE; does NOT replace the front or
118
+ # the /console/ 8-gate experience. Doctrine v11 LOCKED 749/14/163.
119
+ COPY sentra_v4_threat.py ./sentra_v4_threat.py
120
+ # Re-COPY serve.py last so the route registrations above are baked in.
121
+ COPY serve.py ./serve.py
122
+ # ADDITIVE (V4 Fleet Panel + operator_shell_v4 fix, 2026-06-02, Dev2 Inti):
123
+ # explicit per-file COPY (this Dockerfile does not use COPY . .).
124
+ # Signed-off-by: Yachay <yachay@szlholdings.ai>
125
+ # Co-Authored-By: Perplexity Computer Agent <agent@perplexity.ai>
126
+ # operator_shell_v4.py: Unified Operator Shell v4 (was missing — caused HTML bleed-through)
127
+ # szl_v4_fleet.py: /api/health + /api/sentra/v4/fleet[/doctrine] + /fleet + /thesis
128
+ # web/v4_fleet_panel.html: canonical fleet panel
129
+ COPY operator_shell_v4.py ./operator_shell_v4.py
130
+ COPY szl_v4_fleet.py ./szl_v4_fleet.py
131
+ COPY web/v4_fleet_panel.html ./web/v4_fleet_panel.html
132
+
133
+
134
+
135
+ # ADDITIVE (feat/immune-dsse-rekor-verify, Dev1 / Yachay; Perplexity Computer Agent):
136
+ # Per-file COPY (this Dockerfile uses no `COPY . .`) for the new immune provenance
137
+ # package. serve.py does `sys.path.insert(0, "/app/src")` then
138
+ # `from sentra import dsse, rekor, in_toto`. Without these COPYs the import fails
139
+ # and the new routes 503. cryptography>=42.0 already installed above.
140
+ # Doctrine v11 LOCKED 749/14/163. HONESTY OVER CHECKLIST — no mocks.
141
+ # Signed-off-by: Yachay <yachay@szlholdings.ai>
142
+ # Co-Authored-By: Perplexity Computer Agent <agent@perplexity.ai>
143
+ COPY src/sentra/__init__.py ./src/sentra/__init__.py
144
+ COPY src/sentra/dsse.py ./src/sentra/dsse.py
145
+ COPY src/sentra/rekor.py ./src/sentra/rekor.py
146
+ COPY src/sentra/in_toto.py ./src/sentra/in_toto.py
147
+ # Re-COPY serve.py last so the new route registrations are baked in.
148
+ COPY serve.py ./serve.py
149
+
150
+ # ADDITIVE (Formulas → Ecosystem echo, Opus 4.8, 2026-06-03): per-file COPY of the
151
+ # shared formulas package + endpoint shim (this Dockerfile never uses `COPY . .`).
152
+ # serve.py imports sentra_formula_endpoints which imports szl_shared_formulas.* —
153
+ # without these COPYs the import fails and /api/sentra/v1/formula/* fall through.
154
+ # Echoes a11oy front-door formulas: PAC-Bayes + Bloom. thesis_v22.pdf §2 + real Lean.
155
+ # Signed-off-by: Yachay <yachay@szlholdings.ai>
156
+ # Co-Authored-By: Perplexity Computer Agent <agent@perplexity.ai>
157
+ COPY szl_shared_formulas/__init__.py ./szl_shared_formulas/__init__.py
158
+ COPY szl_shared_formulas/pac_bayes.py ./szl_shared_formulas/pac_bayes.py
159
+ COPY szl_shared_formulas/bloom_filter.py ./szl_shared_formulas/bloom_filter.py
160
+ COPY sentra_formula_endpoints.py ./sentra_formula_endpoints.py
161
+
162
+ CMD ["python", "serve.py"]