Merge pull request #13 from PredicateSystems/real

readl examples with v1/execute to read files

Author: rcholic

examples/file-processor-demo/.env.example

@@ -0,0 +1,41 @@
+# File Processor Demo - Environment Configuration
+# Copy this file to .env and fill in your values
+
+# ==============================================================================
+# LLM Provider Configuration (choose ONE)
+# ==============================================================================
+
+# Option 1: Anthropic Claude (recommended)
+ANTHROPIC_API_KEY=your-anthropic-api-key-here
+ANTHROPIC_MODEL=claude-sonnet-4-20250514
+
+# Option 2: OpenAI
+# OPENAI_API_KEY=your-openai-api-key-here
+# OPENAI_MODEL=gpt-4o
+
+# Option 3: Local LLM (Ollama or LM Studio)
+# LOCAL_LLM_BASE_URL=http://host.docker.internal:11434/v1
+# LOCAL_LLM_MODEL=llama3.2
+
+# Force specific provider (optional - auto-detects based on keys if not set)
+# LLM_PROVIDER=anthropic  # or: openai, local, ollama, lmstudio
+
+# ==============================================================================
+# Sidecar Configuration
+# ==============================================================================
+
+# Sidecar URL (defaults to docker service name)
+PREDICATE_SIDECAR_URL=http://predicate-sidecar:8787
+
+# Agent principal identity
+SECURECLAW_PRINCIPAL=agent:file-processor
+
+# ==============================================================================
+# Optional Settings
+# ==============================================================================
+
+# Enable verbose logging
+SECURECLAW_VERBOSE=true
+
+# Cloud tracing (optional)
+# PREDICATE_API_KEY=your-predicate-api-key-here

examples/file-processor-demo/.gitignore

@@ -0,0 +1,33 @@
+# Environment files (contain secrets)
+.env
+.env.local
+.env.*.local
+
+# Dependencies
+node_modules/
+
+# Build output
+dist/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Logs
+*.log
+npm-debug.log*
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# Workspace output (generated files)
+workspace/output/*
+workspace/archive/*
+!workspace/output/.gitkeep
+!workspace/archive/.gitkeep

examples/file-processor-demo/Dockerfile

@@ -0,0 +1,34 @@
+# ============================================================================
+# File Processor Agent - Dockerfile
+# ============================================================================
+#
+# Builds the file processor agent with zero filesystem privileges.
+# All file operations go through the sidecar's /v1/execute endpoint.
+#
+# ============================================================================
+
+FROM node:20-slim
+
+WORKDIR /app
+
+# Install dependencies
+RUN apt-get update && apt-get install -y \
+    curl \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy package files
+COPY package.json tsconfig.json ./
+COPY src ./src
+
+# Install npm dependencies
+RUN npm install
+
+# Build TypeScript
+RUN npm run build
+
+# Create non-root user (agent runs with minimal privileges)
+RUN useradd -m -s /bin/bash agent
+USER agent
+
+# Entry point
+CMD ["node", "dist/file-processor-agent.js"]

examples/file-processor-demo/Dockerfile.sidecar

@@ -0,0 +1,38 @@
+# Predicate Authority Sidecar
+#
+# Uses Ubuntu 24.04 LTS which has GLIBC 2.39 (required by the sidecar binary).
+# Downloads the binary from GitHub releases - cached in Docker layers.
+
+FROM ubuntu:24.04
+
+# Install curl for downloading binary and health checks
+RUN apt-get update && apt-get install -y curl ca-certificates && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+
+# Detect architecture and download appropriate binary
+# This layer is cached after first build
+ARG TARGETARCH
+RUN ARCH=$(echo ${TARGETARCH:-$(uname -m)} | sed 's/amd64/x64/' | sed 's/x86_64/x64/' | sed 's/aarch64/arm64/') && \
+    echo "Detected architecture: $ARCH" && \
+    curl -fsSL -o /tmp/sidecar.tar.gz \
+    "https://github.com/PredicateSystems/predicate-authority-sidecar/releases/download/v0.6.7/predicate-authorityd-linux-${ARCH}.tar.gz" && \
+    tar -xzf /tmp/sidecar.tar.gz -C /usr/local/bin && \
+    chmod +x /usr/local/bin/predicate-authorityd && \
+    rm /tmp/sidecar.tar.gz
+
+# Copy policy file (at end for better caching)
+COPY policy.yaml /app/policy.yaml
+
+EXPOSE 8787
+
+# Run sidecar with delegation enabled for /v1/execute support
+# The --enable-delegation flag enables mandate issuance AND mandate store
+CMD ["predicate-authorityd", \
+     "--host", "0.0.0.0", \
+     "--port", "8787", \
+     "--mode", "local_only", \
+     "--policy-file", "/app/policy.yaml", \
+     "--log-level", "info", \
+     "--enable-delegation", \
+     "run"]