Hugging Face's logo

Spaces:
mindbomber
/
aana-demo
Running

App Files Community
1
aana-demo
File size: 8,528 Bytes
b64b75a
5940b95
cc31b8b
 
 
 
5940b95
cc31b8b
5940b95
b64b75a
cc31b8b
b64b75a
5940b95
cc31b8b
5940b95
 
b64b75a
 
 
 
 
 
d97269a
b64b75a
 
 
 
 
 
 
 
d97269a
b64b75a
 
 
 
 
 
 
 
d97269a
b64b75a
 
 
 
 
 
 
 
d97269a
b64b75a
 
 
 
 
 
 
 
cc31b8b
5940b95
 
b64b75a
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
cc31b8b
b64b75a
5940b95
b64b75a
5940b95
 
cc31b8b
b64b75a
5940b95
cc31b8b
7bb5b4a
cc31b8b
b64b75a
 
cc31b8b
d97269a
 
 
 
 
 
 
 
 
 
 
 
 
 
 
b64b75a
 
 
d97269a
b64b75a
 
5940b95
cc31b8b
d97269a
cc31b8b
b64b75a
5940b95
b64b75a
 
 
 
 
 
 
 
 
 
cc31b8b
5940b95
 
8273c10
 
 
5940b95
8273c10
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
"""Canonical public "Try AANA in 2 minutes" Hugging Face Space.

The public Space surface must keep accepting these seven frozen fields:
tool_name, tool_category, authorization_state, evidence_refs, risk_domain,
proposed_arguments, and recommended_route.
"""

from __future__ import annotations

import copy
import json
from typing import Any

import aana


PUBLIC_MESSAGE = (
    "AANA is a pre-action control layer for AI agents: agents propose actions, "
    "AANA checks evidence/auth/risk, and tools execute only when the route is accept."
)

EXAMPLE_EVENTS: dict[str, dict[str, Any]] = {
    "Allowed: confirmed write": {
        "tool_name": "send_email",
        "tool_category": "write",
        "authorization_state": "confirmed",
        "evidence_refs": ["user_confirmed_send_email", "draft_id:123"],
        "risk_domain": "customer_support",
        "proposed_arguments": {"to": "customer@example.com"},
        "recommended_route": "accept",
    },
    "Blocked: write missing confirmation": {
        "tool_name": "send_email",
        "tool_category": "write",
        "authorization_state": "user_claimed",
        "evidence_refs": ["draft_id:123"],
        "risk_domain": "customer_support",
        "proposed_arguments": {"to": "customer@example.com"},
        "recommended_route": "accept",
    },
    "Blocked: private read missing auth": {
        "tool_name": "get_recent_transactions",
        "tool_category": "private_read",
        "authorization_state": "none",
        "evidence_refs": [],
        "risk_domain": "finance",
        "proposed_arguments": {"account_id": "acct_redacted", "limit": 5},
        "recommended_route": "accept",
    },
    "Blocked: unknown destructive tool": {
        "tool_name": "delete_database",
        "tool_category": "unknown",
        "authorization_state": "none",
        "evidence_refs": [],
        "risk_domain": "unknown",
        "proposed_arguments": {"database": "prod"},
        "recommended_route": "refuse",
    },
}


def example_event(name: str) -> str:
    """Return a formatted example event for a scenario button/dropdown."""

    return json.dumps(copy.deepcopy(EXAMPLE_EVENTS[name]), indent=2, sort_keys=True)


def _decision(result: dict[str, Any]) -> dict[str, Any]:
    architecture = result.get("architecture_decision")
    return architecture if isinstance(architecture, dict) else result


def _route(result: dict[str, Any]) -> str:
    decision = _decision(result)
    return str(decision.get("route") or result.get("route") or result.get("recommended_action") or "defer")


def _synthetic_tool(event: dict[str, Any]) -> dict[str, Any]:
    """Synthetic-only executor used to prove blocked tools do not run."""

    return {
        "synthetic_tool_executed": True,
        "tool_name": event.get("tool_name"),
        "argument_keys": sorted((event.get("proposed_arguments") or {}).keys()),
        "side_effects": "none_public_demo_only",
    }


def guarded_synthetic_execution(event: dict[str, Any], result: dict[str, Any]) -> dict[str, Any]:
    """Run the synthetic tool only when AANA returns accept."""

    route = _route(result)
    proof = {
        "required_route": "accept",
        "aana_route": route,
        "blocked_tool_non_execution_proven": route != "accept",
        "synthetic_executor_call_count_before": 0,
        "synthetic_executor_call_count_after": 0,
        "synthetic_executor_result": None,
    }
    if route == "accept":
        proof["synthetic_executor_result"] = _synthetic_tool(event)
        proof["synthetic_executor_call_count_after"] = 1
        proof["blocked_tool_non_execution_proven"] = False
    return proof


def summarize_decision(event: dict[str, Any], result: dict[str, Any], execution_proof: dict[str, Any]) -> dict[str, Any]:
    """Extract the reviewer-facing fields from the full AANA result."""

    decision = _decision(result)
    evidence_refs = decision.get("evidence_refs") if isinstance(decision.get("evidence_refs"), dict) else {}
    audit_event = decision.get("audit_safe_log_event") or decision.get("audit_event") or {}
    return {
        "route": decision.get("route") or result.get("route"),
        "aix_score": decision.get("aix_score") or (result.get("aix") or {}).get("score"),
        "hard_blockers": decision.get("hard_blockers") or result.get("hard_blockers") or [],
        "missing_evidence": decision.get("missing_evidence") or evidence_refs.get("missing") or [],
        "authorization_state": decision.get("authorization_state") or event.get("authorization_state"),
        "recovery_suggestion": decision.get("correction_recovery_suggestion") or decision.get("recovery_suggestion"),
        "audit_safe_log_event": audit_event,
        "execution_allowed": _route(result) == "accept",
        "synthetic_executor_call_count_after": execution_proof["synthetic_executor_call_count_after"],
        "blocked_tool_non_execution_proven": execution_proof["blocked_tool_non_execution_proven"],
    }


def check_event(event_json: str) -> tuple[str, str, str, str]:
    """Check a pasted tool-call event and return Gradio-friendly outputs."""

    event = json.loads(event_json)
    result = aana.check_tool_call(event)
    execution_proof = guarded_synthetic_execution(event, result)
    summary = summarize_decision(event, result, execution_proof)
    route = str(summary["route"])
    proof_line = (
        "Synthetic executor did not run because AANA did not return accept."
        if route != "accept"
        else "Synthetic executor ran because AANA returned accept."
    )
    markdown = "\n".join(
        [
            f"## Route: `{route}`",
            f"- AIx score: `{summary['aix_score']}`",
            f"- Authorization state: `{summary['authorization_state']}`",
            f"- Hard blockers: `{summary['hard_blockers'] or ['none']}`",
            f"- Missing evidence: `{summary['missing_evidence'] or ['none']}`",
            f"- Execution proof: {proof_line}",
        ]
    )
    return (
        markdown,
        json.dumps(summary, indent=2, sort_keys=True),
        json.dumps(execution_proof, indent=2, sort_keys=True),
        json.dumps(result, indent=2, sort_keys=True),
    )


def check_json_event(event_json: str) -> str:
    """Backward-compatible helper returning the full AANA decision as JSON."""

    return check_event(event_json)[3]


def build_demo():
    """Build the Gradio UI only when the Space runtime imports it."""

    import gradio as gr

    with gr.Blocks(title="Try AANA") as demo:
        gr.Markdown("# Try AANA in 2 minutes")
        gr.Markdown(PUBLIC_MESSAGE)
        gr.Markdown(
            "**What this demonstrates:** an agent proposes a tool call. AANA checks "
            "evidence/auth/risk. The tool only executes if the route is `accept`."
        )
        gr.Markdown(
            "**How to test it:** pick an example, click `Check With AANA`, then inspect "
            "the route and executor proof."
        )
        gr.Markdown(
            "**Reviewer checklist:** `accept` allows execution; `ask`, `defer`, and "
            "`refuse` block execution; missing auth/evidence becomes a blocker; an "
            "audit-safe event is emitted; and a bad runtime recommendation can be overridden."
        )
        gr.Markdown(
            "**Contrast:** a plain permissive agent would execute the proposed tool call. "
            "AANA blocks unless the contract is satisfied."
        )
        scenario = gr.Dropdown(
            choices=list(EXAMPLE_EVENTS),
            value="Blocked: write missing confirmation",
            label="Load example",
            interactive=True,
        )
        event = gr.Code(
            value=example_event("Blocked: write missing confirmation"),
            language="json",
            label="Paste Agent Action Contract v1 tool call",
        )
        with gr.Row():
            load = gr.Button("Load Example")
            check = gr.Button("Check With AANA", variant="primary")
        summary = gr.Markdown(label="Decision summary")
        compact = gr.Code(language="json", label="Route, AIx, blockers, missing evidence, auth state")
        proof = gr.Code(language="json", label="Blocked-tool non-execution proof")
        full = gr.Code(language="json", label="Full AANA decision")

        load.click(example_event, inputs=scenario, outputs=event)
        check.click(check_event, inputs=event, outputs=[summary, compact, proof, full])
    return demo


demo = build_demo()


if __name__ == "__main__":
    demo.launch()