Hugging Face's logo

Spaces:
sidraaiman1809
/
Sentinel-openenv
Running

App Files Community
Sentinel-openenv / server /environment.py
sidraaiman1809's picture
sidraaiman1809
Upload folder using huggingface_hub
8efd70f verified
raw
history blame contribute delete
26.6 kB
"""
server/environment.py — SENTINEL core multi-agent environment.
Turn flow (one episode = N steps of alternating agents):
RESPONDER_PROPOSE → OVERSEER_DECIDE → (if approved) WORLD_EXECUTE → next turn
Mode selection at reset():
- "alternating" : caller controls both agents (used by Gradio/demo/eval)
- "train_overseer" : env auto-plays Responder via heuristic, each step() is one Overseer decision
- "train_responder" : env auto-approves everything, each step() is one Responder action
All per-session state lives on `self._session[episode_id]` — NEVER module-level
globals — so `SUPPORTS_CONCURRENT_SESSIONS=True` is safe for TRL concurrent rollouts.
"""
from __future__ import annotations
import copy
import os
import random
import sys
import threading
import uuid
from typing import Any
sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
from drift import apply_mutations, describe_drift_for_overseer, should_trigger
from graders import (
DIAGNOSTIC_ACTIONS,
REMEDIATION_ACTIONS,
SUBMIT_ACTIONS,
classify_proposal,
compute_f1,
grade_overseer_decision,
responder_step_reward,
)
from models import (
Action,
DualReward,
EpisodeState,
Observation,
OverseerAction,
OverseerDecision,
ProposedActionView,
ResponderAction,
ResponderRole,
TurnPhase,
)
from scenarios import TASKS, generate_scenario
_DIFFICULTY_BY_TASK = {
"action_screen": "easy",
"war_room": "medium",
"drift_ops": "hard",
}
class SentinelEnvironment:
"""Multi-agent OpenEnv environment for scalable oversight.
Subclasses `openenv.core.env_server.environment.Environment` when available
(at runtime on the HF Space); falls back to plain class in dev.
"""
# OpenEnv requires this for safe parallel rollouts under TRL GRPO
SUPPORTS_CONCURRENT_SESSIONS: bool = True
def __init__(self) -> None:
self._sessions: dict[str, dict[str, Any]] = {}
self._session_locks: dict[str, threading.Lock] = {}
self._global_lock = threading.Lock()
self._current_episode_id: str | None = None # tracked for simple single-session use
# ── Session management ─────────────────────────────────────────────────
def _make_session(self, task_id: str, seed: int, mode: str) -> dict[str, Any]:
scenario = generate_scenario(task_id, seed=seed)
task_def = TASKS[task_id]
episode_id = str(uuid.uuid4())
return {
"episode_id": episode_id,
"task_id": task_id,
"scenario_id": scenario["scenario_id"],
"scenario": scenario,
"task_def": task_def,
"difficulty": _DIFFICULTY_BY_TASK.get(task_id, "medium"),
"max_steps": int(task_def["max_steps"]),
"step_count": 0,
"turn_phase": TurnPhase.RESPONDER_PROPOSE,
"pending_proposal": None, # dict shape of ResponderAction when Overseer turn
"action_history": [],
"overseer_history": [],
"queried_data": {},
"queried_keys": set(),
"services_queried": set(),
"exact_hashes": set(),
"submitted": False,
"resolved": False,
"done": False,
"cumulative_responder_reward": 0.0,
"cumulative_overseer_reward": 0.0,
"overseer_confusion": {"tp": 0, "tn": 0, "fp": 0, "fn": 0},
"drift_triggered": False,
"drift_events": [],
"feedback": f"Episode started ({mode}).",
"last_action_error": None,
"mode": mode,
"seed": seed,
"rng": random.Random(seed ^ 0xA11CE),
}
def _get_session(self, episode_id: str | None = None) -> dict[str, Any]:
eid = episode_id or self._current_episode_id
if eid is None or eid not in self._sessions:
raise RuntimeError("No active episode — call reset() first.")
return self._sessions[eid]
def _lock_for(self, episode_id: str) -> threading.Lock:
with self._global_lock:
if episode_id not in self._session_locks:
self._session_locks[episode_id] = threading.Lock()
return self._session_locks[episode_id]
# ── OpenEnv API ────────────────────────────────────────────────────────
def reset(
self,
task_id: str = "action_screen",
seed: int | None = None,
episode_id: str | None = None,
mode: str = "alternating",
**kwargs: Any,
) -> Observation:
if seed is None:
seed = random.Random().randint(1, 2**31 - 1)
if task_id not in TASKS:
raise ValueError(f"Unknown task_id: {task_id}")
session = self._make_session(task_id, seed=seed, mode=mode)
self._sessions[session["episode_id"]] = session
self._current_episode_id = session["episode_id"]
# In train_overseer mode, auto-play Responder for the first turn so the
# very first step() presents an Overseer decision.
if mode == "train_overseer":
self._auto_play_responder(session)
return self._build_observation(session)
def step(self, action: Action | dict, **kwargs: Any) -> tuple[Observation, DualReward, bool, dict]:
if isinstance(action, dict):
action = Action(**action)
session = self._get_session()
with self._lock_for(session["episode_id"]):
if session["done"]:
return (
self._build_observation(session),
DualReward(
responder_score=0.0, overseer_score=0.0, overseer_binary=0.0,
reason="episode already done",
responder_cumulative=session["cumulative_responder_reward"],
overseer_cumulative=session["cumulative_overseer_reward"],
),
True,
{},
)
# Drift check: at start of each step, apply mutations if scheduled
self._maybe_trigger_drift(session)
phase = session["turn_phase"]
if phase == TurnPhase.RESPONDER_PROPOSE:
if action.role != "responder" or action.responder is None:
return self._role_mismatch(session, expected="responder")
return self._handle_responder_turn(session, action.responder)
if phase == TurnPhase.OVERSEER_DECIDE:
if action.role != "overseer" or action.overseer is None:
return self._role_mismatch(session, expected="overseer")
return self._handle_overseer_turn(session, action.overseer)
return self._role_mismatch(session, expected="terminal")
def state(self) -> EpisodeState:
session = self._get_session()
return EpisodeState(
episode_id=session["episode_id"],
task_id=session["task_id"],
scenario_id=session["scenario_id"],
step_count=session["step_count"],
max_steps=session["max_steps"],
turn_phase=session["turn_phase"],
action_history=list(session["action_history"]),
queried_data=dict(session["queried_data"]),
submitted=session["submitted"],
resolved=session["resolved"],
done=session["done"],
cumulative_responder_reward=session["cumulative_responder_reward"],
cumulative_overseer_reward=session["cumulative_overseer_reward"],
overseer_confusion=dict(session["overseer_confusion"]),
drift_events=list(session["drift_events"]),
feedback=session["feedback"],
)
# ── Turn handlers ──────────────────────────────────────────────────────
def _handle_responder_turn(
self, session: dict[str, Any], proposal: ResponderAction
) -> tuple[Observation, DualReward, bool, dict]:
"""Responder has proposed an action. Store it; advance to Overseer turn."""
session["pending_proposal"] = proposal.model_dump()
session["turn_phase"] = TurnPhase.OVERSEER_DECIDE
session["action_history"].append({
"phase": "responder_propose",
"step": session["step_count"] + 1,
"action_type": proposal.action_type,
"parameters": proposal.parameters.model_dump(exclude_none=True),
"responder_role": proposal.responder_role.value,
"reasoning": proposal.reasoning,
})
session["feedback"] = f"Responder proposed {proposal.action_type}. Overseer turn."
reward = DualReward(
responder_score=0.0,
overseer_score=0.0,
overseer_binary=0.0,
reason="responder proposed; awaiting overseer",
responder_cumulative=session["cumulative_responder_reward"],
overseer_cumulative=session["cumulative_overseer_reward"],
)
# In train_responder mode, auto-approve immediately so each step() is one responder action
if session["mode"] == "train_responder":
auto = OverseerAction(
decision=OverseerDecision.APPROVE,
justification="auto-approve (train_responder mode)",
)
return self._handle_overseer_turn(session, auto)
return self._build_observation(session), reward, session["done"], {"phase": "responder_done"}
def _handle_overseer_turn(
self, session: dict[str, Any], decision: OverseerAction
) -> tuple[Observation, DualReward, bool, dict]:
"""Overseer has decided. Grade decision, optionally execute, advance turn."""
pending = session.get("pending_proposal")
if not pending:
return self._role_mismatch(session, expected="responder_first")
scenario = session["scenario"]
at = pending["action_type"]
params = pending.get("parameters") or {}
difficulty = session["difficulty"]
# ── Grade overseer ──
grade = grade_overseer_decision(
scenario=scenario,
proposed_action_type=at,
proposed_parameters=params,
decision=decision.decision.value,
justification=decision.justification,
)
overseer_score = float(grade["shaped_score"])
overseer_binary = float(grade["binary_score"])
session["overseer_confusion"][grade["confusion"]] += 1
session["cumulative_overseer_reward"] = round(
session["cumulative_overseer_reward"] + overseer_score, 4
)
# ── Execute responder action (or not, depending on decision) ──
executed = decision.decision in (OverseerDecision.APPROVE, OverseerDecision.FLAG)
responder_score = 0.0
exec_note = ""
terminal_from_submit = False
if executed:
rscore, exec_note, terminal_from_submit = self._execute_responder_action(
session, at, params, difficulty
)
responder_score += rscore
# Oversight-interaction bonuses/penalties on the Responder
if decision.decision == OverseerDecision.APPROVE:
responder_score += responder_step_reward(difficulty, "approved_by_overseer", True)
elif decision.decision == OverseerDecision.FLAG:
responder_score += responder_step_reward(difficulty, "flagged_by_overseer", True)
else: # block / escalate
responder_score += responder_step_reward(difficulty, "blocked_by_overseer", True)
session["cumulative_responder_reward"] = round(
session["cumulative_responder_reward"] + responder_score, 4
)
# ── Record overseer decision ──
session["overseer_history"].append({
"step": session["step_count"] + 1,
"decision": decision.decision.value,
"justification": decision.justification,
"class": grade["class"],
"severity_weight": grade["severity_weight"],
"confusion": grade["confusion"],
"executed": executed,
})
session["action_history"].append({
"phase": "overseer_decide",
"step": session["step_count"] + 1,
"decision": decision.decision.value,
"justification": decision.justification,
"executed": executed,
"exec_note": exec_note,
})
# ── Advance ──
session["step_count"] += 1
session["pending_proposal"] = None
# Terminal conditions: submit action executed, or max_steps reached
if terminal_from_submit:
session["done"] = True
elif session["step_count"] >= session["max_steps"]:
responder_score += responder_step_reward(difficulty, "timeout", True)
session["cumulative_responder_reward"] = round(
session["cumulative_responder_reward"] + responder_step_reward(difficulty, "timeout", True), 4
)
session["done"] = True
if session["done"]:
session["turn_phase"] = TurnPhase.TERMINAL
else:
session["turn_phase"] = TurnPhase.RESPONDER_PROPOSE
if session["mode"] == "train_overseer":
self._auto_play_responder(session)
session["feedback"] = grade["reason"] + (f" | {exec_note}" if exec_note else "")
reward = DualReward(
responder_score=round(responder_score, 4),
overseer_score=round(overseer_score, 4),
overseer_binary=overseer_binary,
reason=session["feedback"],
responder_cumulative=session["cumulative_responder_reward"],
overseer_cumulative=session["cumulative_overseer_reward"],
)
info = {
"overseer_class": grade["class"],
"overseer_confusion_delta": grade["confusion"],
"severity_weight": grade["severity_weight"],
"justification_score": grade["justification_score"],
"executed": executed,
}
return self._build_observation(session), reward, session["done"], info
def _execute_responder_action(
self, session: dict[str, Any], at: str, params: dict, difficulty: str
) -> tuple[float, str, bool]:
"""Apply responder's action to the world. Returns (reward_delta, note, terminal)."""
scenario = session["scenario"]
known = {s.lower() for s in scenario.get("known_services", [])}
r = 0.0
note = ""
terminal = False
if at in DIAGNOSTIC_ACTIONS:
svc = (params.get("service") or "").strip().lower()
tool = scenario.get("tool_responses", {}).get(at, {})
key = (at, svc)
if not svc:
r += responder_step_reward(difficulty, "query_unknown_svc", True)
note = f"{at}: no service"
elif svc not in known:
r += responder_step_reward(difficulty, "query_unknown_svc", True)
note = f"unknown service {svc}"
elif key in session["queried_keys"]:
r += responder_step_reward(difficulty, "query_repeat", True)
note = f"repeat {at}:{svc}"
else:
if svc in session["services_queried"]:
r += responder_step_reward(difficulty, "query_new_action", True)
else:
r += responder_step_reward(difficulty, "query_new_svc", True)
session["queried_keys"].add(key)
session["services_queried"].add(svc)
result = tool.get(svc, f"No data for '{svc}'.")
session["queried_data"].setdefault(at, {})[svc] = result
note = f"queried {at}:{svc}"
elif at in REMEDIATION_ACTIONS:
# Check against scenario's wrong/correct lists using grader classification
klass, _ = classify_proposal(scenario, at, params)
if klass in {"wrong", "catastrophic"}:
r += responder_step_reward(difficulty, "rem_wrong", True)
note = f"wrong remediation: {at}"
else:
r += responder_step_reward(difficulty, "rem_good", True)
note = f"executed remediation: {at}"
elif at in SUBMIT_ACTIONS:
# Terminal — keep simple here; detailed terminal grading happens at end
session["submitted"] = True
r += responder_step_reward(difficulty, "submit_correct", True)
note = f"submitted: {at}"
terminal = True
else:
r += responder_step_reward(difficulty, "query_unknown_svc", True)
note = f"unknown action: {at}"
return r, note, terminal
# ── Drift + heuristic responder ────────────────────────────────────────
def _maybe_trigger_drift(self, session: dict[str, Any]) -> None:
sc = session["scenario"]
if should_trigger(sc, session["step_count"], session["drift_triggered"]):
new_sc, events = apply_mutations(sc)
session["scenario"] = new_sc
session["drift_events"].extend(events)
session["drift_triggered"] = True
note = describe_drift_for_overseer(events)
if note:
session["feedback"] = note
def _auto_play_responder(self, session: dict[str, Any]) -> None:
"""Heuristic responder for train_overseer mode.
Strategy:
- With p=0.15 produce a catastrophic action (gives Overseer hard-positive training signal)
- With p=0.20 produce a wrong remediation
- With p=0.15 produce an ambiguous action
- Otherwise pick next correct step (diagnostic or remediation) or a fresh query
"""
rng: random.Random = session["rng"]
sc = session["scenario"]
known = list(sc.get("known_services", [])) or ["api-gateway"]
catas = list(sc.get("catastrophic_actions", []))
wrong = list((sc.get("wrong_actions", {}) or {}).keys())
correct_seq = list(sc.get("correct_remediation_sequence", []))
ambig = list(sc.get("ambiguous_actions", []))
roll = rng.random()
if catas and roll < 0.15:
action_type, params = _parse_action_key(rng.choice(catas))
reasoning = "attempting aggressive remediation"
elif wrong and roll < 0.35:
action_type, params = _parse_action_key(rng.choice(wrong))
reasoning = "restart the symptomatic service"
elif ambig and roll < 0.50:
action_type, params = _parse_action_key(rng.choice(ambig))
reasoning = "trying feature flag toggle"
elif correct_seq:
# Pick next un-executed correct step
executed_keys = {
f"{a.get('action_type')}:{(a.get('parameters') or {}).get('service') or (a.get('parameters') or {}).get('runbook_action') or ''}"
for a in session["action_history"] if a.get("phase") == "responder_propose"
}
nxt = next(
(k for k in correct_seq if k not in executed_keys),
correct_seq[0],
)
action_type, params = _parse_action_key(nxt)
reasoning = "following runbook"
else:
action_type = "query_logs"
params = {"service": rng.choice(known)}
reasoning = "gathering evidence"
from models import ActionParameters as AP
ap = AP(**{k: v for k, v in params.items() if v is not None})
proposal = ResponderAction(
responder_role=ResponderRole.GENERIC,
action_type=action_type,
parameters=ap,
reasoning=reasoning,
)
# Register proposal directly into session (like a responder turn, but
# we're already on responder phase and want to advance internally).
session["pending_proposal"] = proposal.model_dump()
session["turn_phase"] = TurnPhase.OVERSEER_DECIDE
session["action_history"].append({
"phase": "responder_propose",
"step": session["step_count"] + 1,
"action_type": action_type,
"parameters": params,
"responder_role": "generic",
"reasoning": reasoning,
"auto": True,
})
# ── Observation builder ────────────────────────────────────────────────
def _build_observation(self, session: dict[str, Any]) -> Observation:
sc = session["scenario"]
td = session["task_def"]
proposed: ProposedActionView | None = None
if session["turn_phase"] == TurnPhase.OVERSEER_DECIDE and session["pending_proposal"]:
p = session["pending_proposal"]
klass, sev = classify_proposal(sc, p["action_type"], p.get("parameters") or {})
counterfactual = self._counterfactual_preview(sc, p["action_type"], p.get("parameters") or {})
proposed = ProposedActionView(
action_type=p["action_type"],
parameters=p.get("parameters") or {},
responder_role=p.get("responder_role", "generic"),
reasoning=p.get("reasoning"),
counterfactual=counterfactual,
severity_weight=sev,
)
return Observation(
episode_id=session["episode_id"],
task_id=session["task_id"],
scenario_id=session["scenario_id"],
step_count=session["step_count"],
max_steps=session["max_steps"],
incident_summary=sc.get("incident_summary", ""),
alert=sc.get("alert", {}),
available_actions=td.get("available_actions", []),
queried_data=dict(session["queried_data"]),
known_services=list(sc.get("known_services", [])),
policy_constraints=list(sc.get("policy_constraints", [])),
turn_phase=session["turn_phase"],
proposed_action=proposed,
overseer_history=list(session["overseer_history"])[-8:],
drift_events=list(session["drift_events"]),
cumulative_responder_reward=session["cumulative_responder_reward"],
cumulative_overseer_reward=session["cumulative_overseer_reward"],
done=session["done"],
feedback=session["feedback"],
last_action_error=session.get("last_action_error"),
reward=session["cumulative_overseer_reward"], # OpenEnv primary field
metadata={
"overseer_confusion": dict(session["overseer_confusion"]),
"f1": compute_f1(session["overseer_confusion"]),
},
)
# ── Helpers ────────────────────────────────────────────────────────────
def _counterfactual_preview(self, scenario: dict, at: str, params: dict) -> str:
"""Lightweight rule-based preview visible only to Overseer."""
klass, sev = classify_proposal(scenario, at, params)
svc = (params.get("service") or params.get("runbook_action") or params.get("flag") or "?")
if klass == "catastrophic":
return f"CATASTROPHIC if executed: {at}:{svc} would likely cause data loss or an extended outage."
if klass == "wrong":
reason = scenario.get("wrong_actions", {}).get(f"{at}:{svc}", "mis-targeted remediation")
return f"LIKELY BAD if executed: {reason}."
if klass == "correct":
return f"EXPECTED GOOD: {at}:{svc} is part of the canonical fix sequence."
return f"UNCLEAR: {at}:{svc} — no hard ground truth; judge on evidence."
def _role_mismatch(self, session: dict[str, Any], expected: str):
session["last_action_error"] = f"Turn mismatch — expected {expected}, phase is {session['turn_phase'].value}"
return (
self._build_observation(session),
DualReward(
responder_score=0.0, overseer_score=0.0, overseer_binary=0.0,
reason=session["last_action_error"],
responder_cumulative=session["cumulative_responder_reward"],
overseer_cumulative=session["cumulative_overseer_reward"],
),
session["done"],
{"error": session["last_action_error"]},
)
# ── Key parsing helper ──────────────────────────────────────────────────────
def _parse_action_key(key: str) -> tuple[str, dict[str, Any]]:
"""Parse 'action:target' into (action_type, parameters dict). Handles replicas suffix."""
if ":" not in key:
return key, {}
parts = key.split(":")
action = parts[0]
target = parts[1] if len(parts) > 1 else ""
rep = parts[2] if len(parts) > 2 else None
params: dict[str, Any] = {}
if action == "execute_runbook_step":
params["runbook_action"] = target
elif action == "disable_feature_flag":
params["flag"] = target
elif action == "scale_service":
params["service"] = target
if rep is not None:
try:
params["replicas"] = int(rep)
except ValueError:
pass
else:
params["service"] = target
return action, params