openalice-clone-lab
Architecture rating
Rate-limit env (CLONELAB_RATE_LIMIT_PER_MINUTE), RLS toggle (CLONELAB_RLS_ENFORCE), JWT+Passport authn, consent-gated pipeline with deny-on-revoke tested — but all 14 env vars undeclared in manifest, no exposed health endpoint to verify headers/SSRF guards
RLS enforcement toggle + acceptance test (rls_isolates_jobs_by_owner), single migration 0001_init.sql present — but manifest_owns_tables is empty, only 1 migration suggests thin schema governance, no GDPR/retention signals visible
6 acceptance tests covering consent deny/revoke, self-clone liveness, synthetic NPC seal, RLS isolation — critical paths touched but no unit tests, single test file, no coverage metric; too thin for a security-critical ingestion worker
Max cyclomatic complexity 18, 5 god modules, 2 deep-nesting sites, 3 complexity flags — no evidence of graceful shutdown, timeouts, retries, or idempotency; health probe returns up:false with no https endpoint exposed
Atlas drift 0/100, manifest_present:false despite 14 undeclared env vars, 5 duplicate signatures, 6 format issues, 5 god modules — clean on cycles and dead imports but substrate conventions largely unadopted
Health endpoint missing ('no https endpoint in manifest exposes', up:false), zero console statements suggests no structured logging, no evidence of metrics/tracing/readiness probes in source tree
README empty, manifest_present:false, 78 missing docstrings across codebase, roadmap 30/100, only 2 features annotated — effectively undocumented service
source · auto-grader-2026-06-17
Code composition
tokei · loc- Rust96.4%
- TOML2.5%
- SQL1.1%
- Rust96.4%
- TOML2.5%
- SQL1.1%
- Rust96.4%· 3,998
- TOML2.5%· 102
- SQL1.1%· 47
| Language | % code | code | comments | blanks | files |
|---|---|---|---|---|---|
| Rust | 96.4% | 3,998 | 312 | 473 | 23 |
| TOML | 2.5% | 102 | 80 | 12 | 2 |
| SQL | 1.1% | 47 | 48 | 10 | 1 |
Telemetry ribbon · last 90 days
4 eventsclonelab/crate
1 feature- clonelab.crate.ingestion-workersrc/lib.rs:3Rust/Axum service (port 3994) that ingests media for the Soul Vault program, runs the consent-by-class anti-deepfake gate (default-deny on non-consensual clones), distills the soul through a graceful pipeline, and calls the downstream openalice-vault /seal. Produces self-clones (with verified liveness) and random-synthetic NPCs; other-clone + encore are default-denied (M3/M5). The ACTUAL biometric liveness verification is a clearly-named STUB — the GATE LOGIC is the solid, exhaustively-tested part. Owner isolation is enforced by Postgres Row-Level Security keyed on `app.owner_id` (see [`db`]); the app role MUST be NOSUPERUSER NOBYPASSRLS for FORCE RLS to bite (applied at boot via `CLONELAB_RLS_ENFORCE`). # @feature clonelab.crate.consent-gate The pure consent-by-class decision function ([`consent::gate`]): self → requires verified self-liveness (else DENY); random → ALLOW (synthetic-none); other → DEFAULT-DENY with ONE narrow fail-closed Allow door (M3) — a verified, identity-bound, fresh, non-revoked subject consent ([`consent::SubjectConsentDoc`] + [`consent::ThirdPartyConsentVerifier`] + [`consent::RevocationRegistry`]) → 'subject-signed'; encore → DENY (M5). The biometric liveness check + the third-party consent verifier are stub traits; two boot hard-guards forbid a stub in real-ingest mode; the class-decision logic is exhaustively unit-tested. # @feature clonelab.crate.synthetic-npc Deterministic procedural synthetic-NPC generation ([`synthetic::generate`]) — seed → reproducible SOUL.md envelope + voice/visual style refs (NO real person) → pipeline with subject_kind=random (gate ALLOWs) → seal. # @feature clonelab.abuse.provenance-watermark §6.9 abuse control (#720): every synthetic clone output carries an embedded, ed25519-signed provenance marker ([`provenance::ProvenanceMarker`] + [`provenance::ProvenanceSigner`], same self-contained raw-keyfile/base64-sig pattern as openalice-vault crypto::sign) — 'synthetic · clone-lab-generated · <timestamp>' staged as PROVENANCE.json and sealed with the bundle. HONEST: a tamper-evident provenance artifact + deterrent, NOT an unforgeable lock (mirrors the C2PA / vault-escrow honesty rail — strippable / re-encodable). # @feature clonelab.abuse.dua-gate §6.9 abuse control (#720): a default-deny Data-Use-Agreement gate for random/synthetic ingest ([`dua::require_dua_acceptance`]). The caller must accept a versioned DUA ('no real-person likeness under the random label', etc.) whose terms-hash an acceptance binds to (subject/timestamp/terms-hash recorded); without a matching acceptance random ingest is REFUSED. Closes the contractual side of the random-label-trust gap (the technical side is the identity-detection hook). # @feature clonelab.abuse.identity-detection-hook §6.9 abuse control (#720): a fail-closed verifier-trait hook ([`identity_detection::IdentityDetector`]) run on random-label uploads that (in real mode) flags real-person likeness → block. The real ML is GATED: ships a fail-closed STUB ([`identity_detection::StubIdentityDetector`]) + a hard-guard ([`identity_detection::real_ingest_identity_detection_precondition`]) that refuses to boot if the stub is active in real-ingest mode — mirrors the liveness / consent stub-guards. Technical floor under the random-label-trust gap.
clonelab/middleware
1 feature- clonelab.middleware.rate-limitsrc/main.rs:3Per-owner token-bucket rate limiter on the JWT-gated owner surface (default 600 req/min ≈ 10 RPS, overridable via CLONELAB_RATE_LIMIT_PER_MINUTE). Provided by openalice-axum-common::rate_limit. default-rpm: 600 Routes: * `/health` — Traefik liveness probe (public). * `/metrics` — Prometheus scrape. * owner surface (ingest / status / synthetic) — JWT-gated, rate-limited. Boot guard: if a required prerequisite is absent, the CloneLabService is `None` and owner endpoints return 503 while /health stays up.