feat(ttp): E.3.14 worker bootstrap (insert + ttp.tagged publish)

Inner loop drains a per-process asyncio.Queue populated by one pump task per topic in _TOPICS, dispatches each event through CompositeTagger, persists via repo.insert_tags(), and publishes ttp.tagged + per-technique ttp.rule.fired.<id> only when the insert returned a non-zero rowcount. CompositeTagger seeded with all six lifters (Behavioral, Intel, CanaryFingerprint, Email, Identity, Credential). Loop-prevention invariant from TTP_TAGGING.md §"Bus topics" enforced: N replays of the same upstream event publish exactly one ttp.tagged event. test_worker_bus covers both the direct invocation path and the idempotency replay path. Intel catch-up via attacker.session.ended is intentionally deferred to E.3.14b — needs a session→intel join the repo doesn't expose yet.
2026-05-01 20:57:57 -04:00
parent 322fd44d72
commit 101127247e
5 changed files with 499 additions and 186 deletions
--- a/decnet/ttp/factory.py
+++ b/decnet/ttp/factory.py
@@ -118,7 +118,9 @@ def get_tagger() -> Tagger:
        from decnet.ttp.impl.canary_fingerprint_lifter import (
            CanaryFingerprintLifter,
        )
+        from decnet.ttp.impl.credential_lifter import CredentialLifter
        from decnet.ttp.impl.email_lifter import EmailLifter
+        from decnet.ttp.impl.identity_lifter import IdentityLifter
        from decnet.ttp.impl.intel_lifter import IntelLifter
        from decnet.ttp.store.factory import get_rule_store
        store = get_rule_store()
@@ -127,6 +129,8 @@ def get_tagger() -> Tagger:
            IntelLifter(store),
            CanaryFingerprintLifter(store),
            EmailLifter(store),
+            IdentityLifter(store),
+            CredentialLifter(store),
        ])
    raise ValueError(
        f"Unknown tagger: {name!r}. Known: {_KNOWN}"