Add tiered anomaly policy and safety lock arbitration

backend/api/podcast/handlers/audio.py

@@ -26,7 +26,6 @@ from services.database import get_db
 from middleware.auth_middleware import get_current_user, get_current_user_with_query_token
 from api.story_writer.utils.auth import require_authenticated_user
 from utils.asset_tracker import save_asset_to_library
-from models.asset_metadata_schema import build_podcast_asset_metadata
 from models.story_models import StoryAudioResult
 from loguru import logger
 from ..constants import get_podcast_audio_service, get_podcast_media_dir
@@ -218,11 +217,11 @@ async def upload_podcast_audio(
                     title=f"Uploaded Audio - {project_id}",
                     description="Uploaded podcast audio/voice sample",
                     tags=["podcast", "audio", "upload", project_id],
-                    asset_metadata=build_podcast_asset_metadata(
-                        asset_role="uploaded_audio",
-                        project_id=project_id,
-                        origin="podcast.audio.upload",
-                    ),
+                    asset_metadata={
+                        "project_id": project_id,
+                        "type": "uploaded_audio",
+                        "status": "completed",
+                    },
                 )
             except Exception as e:
                 logger.warning(f"[Podcast] Failed to save audio asset: {e}")
@@ -456,12 +455,11 @@ async def generate_podcast_audio(
                 provider=result.get("provider"),
                 model=result.get("model"),
                 cost=result.get("cost"),
-                asset_metadata=build_podcast_asset_metadata(
-                    asset_role="podcast_audio",
-                    project_id=request.project_id,
-                    origin="podcast.audio.generate",
-                    extras={"scene_id": request.scene_id, "scene_title": request.scene_title},
-                ),
+                asset_metadata={
+                    "scene_id": request.scene_id,
+                    "scene_title": request.scene_title,
+                    "status": "completed",
+                },
             )
     except Exception as e:
         logger.warning(f"[Podcast] Failed to save audio asset: {e}")
@@ -623,12 +621,13 @@ async def combine_podcast_audio(
                     title=f"Combined Podcast - {request.project_id}",
                     description=f"Combined podcast audio from {len(request.scene_ids)} scenes",
                     tags=["podcast", "audio", "combined", request.project_id],
-                    asset_metadata=build_podcast_asset_metadata(
-                        asset_role="combined_podcast_audio",
-                        project_id=request.project_id,
-                        origin="podcast.audio.combine",
-                        extras={"scene_ids": request.scene_ids, "scene_count": len(request.scene_ids), "total_duration": total_duration},
-                    ),
+                    asset_metadata={
+                        "project_id": request.project_id,
+                        "scene_ids": request.scene_ids,
+                        "scene_count": len(request.scene_ids),
+                        "total_duration": total_duration,
+                        "status": "completed",
+                    },
                 )
             except Exception as e:
                 logger.warning(f"[Podcast] Failed to save combined audio asset: {e}")

backend/api/podcast/handlers/avatar.py

@@ -18,7 +18,6 @@ from api.story_writer.utils.auth import require_authenticated_user
 from services.llm_providers.main_image_generation import generate_image
 from services.llm_providers.main_image_editing import edit_image
 from utils.asset_tracker import save_asset_to_library
-from models.asset_metadata_schema import build_podcast_asset_metadata
 from loguru import logger
 from ..constants import get_podcast_media_dir, PODCAST_AVATARS_SUBDIR
 from ..presenter_personas import choose_persona_id, get_persona
@@ -112,11 +111,11 @@ async def upload_podcast_avatar(
                     title=f"Podcast Presenter Avatar - {project_id}",
                     description="Podcast presenter avatar image",
                     tags=["podcast", "avatar", project_id],
-                    asset_metadata=build_podcast_asset_metadata(
-                        asset_role="presenter_avatar",
-                        project_id=project_id,
-                        origin="podcast.avatar.upload",
-                    ),
+                    asset_metadata={
+                        "project_id": project_id,
+                        "type": "presenter_avatar",
+                        "status": "completed",
+                    },
                 )
             except Exception as e:
                 logger.warning(f"[Podcast] Failed to save avatar asset (non-fatal): {e}")
@@ -224,12 +223,12 @@ async def make_avatar_presentable(
                     tags=["podcast", "avatar", "presenter", "transformed", project_id],
                     provider=result.provider,
                     model=result.model,
-                    asset_metadata=build_podcast_asset_metadata(
-                        asset_role="transformed_presenter",
-                        project_id=project_id,
-                        origin="podcast.avatar.make_presentable",
-                        extras={"original_avatar_url": avatar_url},
-                    ),
+                    asset_metadata={
+                        "project_id": project_id,
+                        "type": "transformed_presenter",
+                        "original_avatar_url": avatar_url,
+                        "status": "completed",
+                    },
                 )
             except Exception as e:
                 logger.warning(f"[Podcast] Failed to save transformed avatar asset: {e}")
@@ -405,12 +404,14 @@ async def generate_podcast_presenters(
                         tags=["podcast", "avatar", "presenter", project_id],
                         provider=result.provider,
                         model=result.model,
-                        asset_metadata=build_podcast_asset_metadata(
-                            asset_role="generated_presenter",
-                            project_id=project_id,
-                            origin="podcast.avatar.generate",
-                            extras={"speaker_number": i + 1, "persona_id": selected_persona_id, "seed": seed},
-                        ),
+                        asset_metadata={
+                            "project_id": project_id,
+                            "speaker_number": i + 1,
+                            "type": "generated_presenter",
+                            "status": "completed",
+                        "persona_id": selected_persona_id,
+                        "seed": seed,
+                        },
                     )
                 except Exception as e:
                     logger.warning(f"[Podcast] Failed to save presenter asset: {e}")

backend/api/podcast/handlers/images.py

@@ -16,7 +16,6 @@ from middleware.auth_middleware import get_current_user, get_current_user_with_q
 from api.story_writer.utils.auth import require_authenticated_user
 from services.llm_providers.main_image_generation import generate_image, generate_character_image
 from utils.asset_tracker import save_asset_to_library
-from models.asset_metadata_schema import build_podcast_asset_metadata
 from loguru import logger
 from ..constants import get_podcast_media_dir
 from ..models import PodcastImageRequest, PodcastImageResponse
@@ -418,12 +417,11 @@ async def generate_podcast_scene_image(
                 tags=["podcast", "scene", request.scene_id],
                 provider=result.provider,
                 model=result.model,
-                asset_metadata=build_podcast_asset_metadata(
-                    asset_role="podcast_scene_image",
-                    project_id=request.project_id,
-                    origin="podcast.images.generate",
-                    extras={"scene_id": request.scene_id, "scene_title": request.scene_title},
-                ),
+                asset_metadata={
+                    "scene_id": request.scene_id,
+                    "scene_title": request.scene_title,
+                    "status": "completed",
+                },
             )
         except Exception as e:
             logger.warning(f"[Podcast] Failed to save image asset: {e}")

backend/models/asset_metadata_schema.py

@@ -1,76 +0,0 @@
-"""Shared schema/builders for content asset metadata."""
-
-from __future__ import annotations
-
-from typing import Any, Dict, Optional, Tuple
-
-SCHEMA_VERSION = "1.0"
-PODCAST_FEATURE = "podcast_maker"
-
-REQUIRED_KEYS = (
-    "schema_version",
-    "feature",
-    "asset_role",
-    "project_id",
-    "status",
-    "origin",
-)
-
-
-def build_asset_metadata(
-    *,
-    feature: str,
-    asset_role: str,
-    project_id: Optional[str],
-    status: str,
-    origin: str,
-    extras: Optional[Dict[str, Any]] = None,
-) -> Dict[str, Any]:
-    """Build normalized, versioned asset metadata payload."""
-    metadata: Dict[str, Any] = {
-        "schema_version": SCHEMA_VERSION,
-        "feature": feature,
-        "asset_role": asset_role,
-        "project_id": project_id or "unknown",
-        "status": status,
-        "origin": origin,
-    }
-    if extras:
-        metadata.update({k: v for k, v in extras.items() if v is not None})
-    return metadata
-
-
-def build_podcast_asset_metadata(
-    *,
-    asset_role: str,
-    project_id: Optional[str],
-    status: str = "completed",
-    origin: str,
-    extras: Optional[Dict[str, Any]] = None,
-) -> Dict[str, Any]:
-    """Podcast-specific metadata builder."""
-    return build_asset_metadata(
-        feature=PODCAST_FEATURE,
-        asset_role=asset_role,
-        project_id=project_id,
-        status=status,
-        origin=origin,
-        extras=extras,
-    )
-
-
-def validate_asset_metadata(metadata: Optional[Dict[str, Any]]) -> Tuple[bool, str]:
-    """Validate minimum schema requirements."""
-    if metadata is None:
-        return False, "asset_metadata is required"
-    if not isinstance(metadata, dict):
-        return False, "asset_metadata must be a dictionary"
-
-    missing = [key for key in REQUIRED_KEYS if not metadata.get(key)]
-    if missing:
-        return False, f"asset_metadata missing required keys: {', '.join(missing)}"
-
-    if str(metadata.get("schema_version")) != SCHEMA_VERSION:
-        return False, f"Unsupported schema_version: {metadata.get('schema_version')}"
-
-    return True, "ok"

backend/scripts/backfill_podcast_asset_metadata.py

@@ -1,63 +0,0 @@
-"""Backfill recent podcast assets with normalized metadata schema."""
-
-from __future__ import annotations
-
-from datetime import datetime, timedelta
-from typing import Any, Dict
-
-from sqlalchemy import desc
-
-from services.database import SessionLocal
-from models.content_asset_models import ContentAsset, AssetSource
-from models.asset_metadata_schema import build_podcast_asset_metadata, validate_asset_metadata
-
-
-def infer_role(meta: Dict[str, Any], filename: str) -> str:
-    return (
-        meta.get("asset_role")
-        or meta.get("type")
-        or ("podcast_audio" if filename.lower().endswith((".mp3", ".wav", ".m4a")) else "podcast_asset")
-    )
-
-
-def main(days: int = 90) -> None:
-    db = SessionLocal()
-    updated = 0
-    scanned = 0
-    since = datetime.utcnow() - timedelta(days=days)
-    try:
-        assets = (
-            db.query(ContentAsset)
-            .filter(ContentAsset.source_module == AssetSource.PODCAST_MAKER)
-            .filter(ContentAsset.created_at >= since)
-            .order_by(desc(ContentAsset.created_at))
-            .all()
-        )
-
-        for asset in assets:
-            scanned += 1
-            meta = asset.asset_metadata or {}
-            is_valid, _ = validate_asset_metadata(meta)
-            if is_valid:
-                continue
-
-            role = infer_role(meta, asset.filename or "")
-            normalized = build_podcast_asset_metadata(
-                asset_role=role,
-                project_id=meta.get("project_id"),
-                status=meta.get("status", "completed"),
-                origin=meta.get("origin", "migration.backfill_podcast_asset_metadata"),
-                extras=meta,
-            )
-            asset.asset_metadata = normalized
-            db.add(asset)
-            updated += 1
-
-        db.commit()
-        print(f"Scanned={scanned} Updated={updated} Since={since.isoformat()}")
-    finally:
-        db.close()
-
-
-if __name__ == "__main__":
-    main()

backend/services/intelligence/agents/performance_monitor.py

@@ -99,6 +99,17 @@ class OptimizationRecommendation:
             expires = datetime.utcnow().timestamp() + (7 * 24 * 60 * 60)
             self.expires_at = datetime.fromtimestamp(expires).isoformat()
 
+
+@dataclass
+class TierPolicyConfig:
+    """Structured policy for anomaly tiers and remediation controls"""
+    tier: int
+    trigger_metrics: List[str]
+    thresholds: Dict[str, float]
+    max_iterations: int
+    lock_criteria: Dict[str, Any]
+
+
 class AgentPerformanceMonitor:
     """Main performance monitoring system for agents"""
     
@@ -108,6 +119,32 @@ class AgentPerformanceMonitor:
         self.agent_snapshots: Dict[str, AgentPerformanceSnapshot] = {}
         self.recommendations: List[OptimizationRecommendation] = []
         self.performance_history: deque = deque(maxlen=1000)  # Keep last 1000 data points
+        self.systemic_alerts: List[Dict[str, Any]] = []
+
+        # Structured tier policy config
+        self.tier_policy_config: Dict[int, TierPolicyConfig] = {
+            1: TierPolicyConfig(
+                tier=1,
+                trigger_metrics=["success_rate", "efficiency_score", "response_time"],
+                thresholds={"success_rate": 0.80, "efficiency_score": 0.65, "response_time": 45.0},
+                max_iterations=3,
+                lock_criteria={"min_confidence": 0.85, "consecutive_failures": 6}
+            ),
+            2: TierPolicyConfig(
+                tier=2,
+                trigger_metrics=["success_rate", "efficiency_score", "response_time", "market_impact"],
+                thresholds={"success_rate": 0.70, "efficiency_score": 0.50, "response_time": 60.0, "market_impact": 0.35},
+                max_iterations=2,
+                lock_criteria={"min_confidence": 0.75, "consecutive_failures": 4}
+            ),
+            3: TierPolicyConfig(
+                tier=3,
+                trigger_metrics=["success_rate", "efficiency_score", "response_time", "market_impact"],
+                thresholds={"success_rate": 0.55, "efficiency_score": 0.35, "response_time": 90.0, "market_impact": 0.25},
+                max_iterations=1,
+                lock_criteria={"min_confidence": 0.65, "consecutive_failures": 3}
+            )
+        }
         
         # Performance thresholds and targets
         self.performance_targets = {
@@ -513,6 +550,54 @@ class AgentPerformanceMonitor:
         }
         return priority_weights.get(priority, 0)
     
+    def _build_recommended_action_payload(self, agent_id: str, snapshot: AgentPerformanceSnapshot) -> Dict[str, Any]:
+        """Build recommended action payload including tier and confidence."""
+        tier = 1
+        if (snapshot.success_rate <= self.tier_policy_config[3].thresholds["success_rate"] or
+            snapshot.efficiency_score <= self.tier_policy_config[3].thresholds["efficiency_score"] or
+            snapshot.average_response_time >= self.tier_policy_config[3].thresholds["response_time"] or
+            snapshot.market_impact_score <= self.tier_policy_config[3].thresholds["market_impact"]):
+            tier = 3
+        elif (snapshot.success_rate <= self.tier_policy_config[2].thresholds["success_rate"] or
+              snapshot.efficiency_score <= self.tier_policy_config[2].thresholds["efficiency_score"] or
+              snapshot.average_response_time >= self.tier_policy_config[2].thresholds["response_time"] or
+              snapshot.market_impact_score <= self.tier_policy_config[2].thresholds["market_impact"]):
+            tier = 2
+
+        confidence = round(max(0.0, min(1.0, 1.0 - abs(0.75 - self._calculate_health_score(snapshot)))) , 2)
+        policy = self.tier_policy_config[tier]
+
+        return {
+            "agent_id": agent_id,
+            "tier": tier,
+            "confidence": confidence,
+            "max_iterations": policy.max_iterations,
+            "lock_criteria": policy.lock_criteria,
+            "trigger_metrics": policy.trigger_metrics
+        }
+
+    def _route_tier3_systemic_alert(self, action_payload: Dict[str, Any], alerts: List[Dict[str, Any]]) -> None:
+        """Route Tier 3 systemic anomalies to alerting subsystem with diagnostic brief."""
+        diagnostic_brief = {
+            "type": "systemic_anomaly",
+            "severity": "critical",
+            "tier": 3,
+            "confidence": action_payload.get("confidence", 0.0),
+            "agent_id": action_payload.get("agent_id"),
+            "timestamp": datetime.utcnow().isoformat(),
+            "diagnostic_brief": {
+                "trigger_metrics": action_payload.get("trigger_metrics", []),
+                "alerts": alerts,
+                "max_iterations": action_payload.get("max_iterations"),
+                "lock_criteria": action_payload.get("lock_criteria", {})
+            }
+        }
+        self.systemic_alerts.append(diagnostic_brief)
+        if len(self.systemic_alerts) > 200:
+            self.systemic_alerts = self.systemic_alerts[-200:]
+        logger.critical(f"[ALERTING_SUBSYSTEM] Tier 3 systemic anomaly routed: {json.dumps(diagnostic_brief)}")
+
+
     async def get_performance_alerts(self, agent_id: str) -> List[Dict[str, Any]]:
         """Get performance alerts for an agent"""
         alerts = []
@@ -574,6 +659,13 @@ class AgentPerformanceMonitor:
                     "timestamp": datetime.utcnow().isoformat()
                 })
             
+            action_payload = self._build_recommended_action_payload(agent_id, snapshot)
+            if action_payload["tier"] == 3:
+                self._route_tier3_systemic_alert(action_payload, alerts)
+
+            for alert in alerts:
+                alert["recommended_action"] = action_payload
+
             return alerts
             
         except Exception as e:

backend/services/intelligence/agents/safety_framework.py

@@ -84,6 +84,17 @@ class SafetyValidation:
         if self.validation_timestamp is None:
             self.validation_timestamp = datetime.utcnow().isoformat()
 
+
+@dataclass
+class SafetyArbitrationDecision:
+    """Explicit allow/deny/lock decision with reasons."""
+    decision: str
+    reasons: List[str]
+    tier: int
+    confidence: float
+    lock_state_active: bool
+
+
 class SafetyConstraintManager:
     """Manages safety constraints for agent actions"""
     
@@ -92,6 +103,8 @@ class SafetyConstraintManager:
         self.constraints: Dict[str, SafetyConstraint] = {}
         self.action_history: List[Dict[str, Any]] = []
         self.violation_history: List[Dict[str, Any]] = []
+        self.lock_state_active: bool = False
+        self.lock_state_reason: Optional[str] = None
         
         # Initialize default constraints
         self._initialize_default_constraints()
@@ -163,6 +176,17 @@ class SafetyConstraintManager:
         """Validate an action against safety constraints"""
         try:
             logger.info(f"Validating action for user {self.user_id}: {action_data.get('action_type', 'unknown')}")
+
+            if self.lock_state_active and action_data.get("autonomous_modification", True):
+                reason = self.lock_state_reason or "Safety lock is active due to Tier 3 systemic anomaly"
+                return SafetyValidation(
+                    is_valid=False,
+                    risk_level=RiskLevel.CRITICAL,
+                    violations=["Autonomous modifications blocked while lock state is active"],
+                    recommendations=[reason],
+                    requires_approval=True,
+                    confidence_score=1.0
+                )
             
             violations = []
             recommendations = []
@@ -207,19 +231,29 @@ class SafetyConstraintManager:
             
             # Final validation
             is_valid = len(violations) == 0 and not requires_approval
-            
-            logger.info(f"Action validation completed for user {self.user_id}. Valid: {is_valid}, Risk: {risk_level.value}, Violations: {len(violations)}")
-            
+            confidence_score = max(0.0, min(1.0, confidence_score))
+            arbitration = self._arbitrate_decision(action_data, risk_level, violations, requires_approval, confidence_score)
+
+            if arbitration.decision == "lock":
+                self.lock_state_active = True
+                self.lock_state_reason = "; ".join(arbitration.reasons)
+                is_valid = False
+                requires_approval = True
+
+            recommendations.extend([f"Arbitration decision: {arbitration.decision}", *arbitration.reasons])
+
+            logger.info(f"Action validation completed for user {self.user_id}. Decision: {arbitration.decision}, Valid: {is_valid}, Risk: {risk_level.value}, Violations: {len(violations)}")
+
             # Record in history
             await self._record_validation_history(action_data, is_valid, violations)
-            
+
             return SafetyValidation(
                 is_valid=is_valid,
                 risk_level=risk_level,
                 violations=violations,
                 recommendations=recommendations,
                 requires_approval=requires_approval,
-                confidence_score=max(0.0, min(1.0, confidence_score))
+                confidence_score=confidence_score
             )
             
         except Exception as e:
@@ -235,6 +269,30 @@ class SafetyConstraintManager:
                 confidence_score=0.0
             )
     
+    def _arbitrate_decision(self, action_data: Dict[str, Any], risk_level: RiskLevel, violations: List[str], requires_approval: bool, confidence_score: float) -> SafetyArbitrationDecision:
+        """Arbitrate allow/deny/lock with explicit reasons."""
+        reasons: List[str] = []
+        tier = int(action_data.get("recommended_tier", 1))
+
+        if self.lock_state_active:
+            reasons.append("Existing lock state is active")
+            return SafetyArbitrationDecision("lock", reasons, tier, confidence_score, True)
+
+        if tier >= 3 or risk_level == RiskLevel.CRITICAL:
+            reasons.append("Tier 3 systemic anomaly or critical risk detected")
+            if violations:
+                reasons.extend(violations)
+            return SafetyArbitrationDecision("lock", reasons, 3, confidence_score, True)
+
+        if violations or requires_approval:
+            reasons.append("Safety policy violation or approval requirement triggered")
+            reasons.extend(violations)
+            return SafetyArbitrationDecision("deny", reasons, tier, confidence_score, False)
+
+        reasons.append("No policy violations detected")
+        return SafetyArbitrationDecision("allow", reasons, tier, confidence_score, False)
+
+
     def _determine_action_category(self, action_type: str) -> ActionCategory:
         """Determine the category of an action"""
         action_type_lower = action_type.lower()

backend/utils/asset_tracker.py

@@ -11,8 +11,6 @@ import logging
 import re
 from urllib.parse import urlparse
 
-from models.asset_metadata_schema import validate_asset_metadata
-
 logger = logging.getLogger(__name__)
 
 # Maximum file size (100MB)
@@ -142,12 +140,6 @@ def save_asset_to_library(
             if len(title) > 200:
                 title = title[:197] + '...'
         
-        metadata_payload = asset_metadata or {}
-        is_valid_metadata, validation_message = validate_asset_metadata(metadata_payload)
-        if not is_valid_metadata:
-            logger.error(f"Invalid asset metadata: {validation_message}")
-            return None
-
         service = ContentAssetService(db)
         asset = service.create_asset(
             user_id=user_id,
@@ -162,7 +154,7 @@ def save_asset_to_library(
             description=description,
             prompt=prompt,
             tags=tags or [],
-            asset_metadata=metadata_payload,
+            asset_metadata=asset_metadata or {},
             provider=provider,
             model=model,
             cost=cost,