@agentikos/omega-os 0.2.0 → 0.19.5

package/omega/Agentik_Engine/omega_engine/pursue.py

@@ -0,0 +1,205 @@
+"""pursue — goal-driven execution loop.
+
+The Agentik OS native equivalent of a goal-driven worker. Takes a
+``verify_cmd`` and an ``intent``. Iterates: ask the provider to act, run
+``verify_cmd``, if exit 0 → success; otherwise feed the failure back and
+iterate. Caps at ``max_iterations`` and writes a per-iteration log.
+
+Why this exists:
+  Claude Code's bundled ``/goal`` does this in the editor. We rebuild it
+  as a portable engine primitive so OmegaOS workers (running in any
+  context — daemon, CLI, autonomous charter) can use the same loop without
+  depending on a specific bundled skill we don't control.
+
+Output:
+  Each iteration appends to ``Agentik_Runtime/sessions/<task_id>/pursue.log``
+  with ``{iteration, attempted_change, verify_exit, verify_tail}``.
+  On success, writes a ``done.json`` (via ``omega_engine.done_signal``)
+  with ``status=done_clean`` and a summary. On budget exhaustion, the same
+  but with ``status=failed`` and the cumulative attempts as ``errors``.
+
+The provider used is the engine's normal ModelRouter — works with the
+MockProvider in tests and with ClaudeProvider in production.
+"""
+from __future__ import annotations
+
+import json
+import os
+import shlex
+import subprocess
+import time
+import uuid
+from dataclasses import dataclass, field
+from pathlib import Path
+from typing import Any
+
+
+@dataclass
+class PursueResult:
+    task_id: str
+    status: str                              # "done_clean" | "failed"
+    iterations: int
+    final_verify_exit: int | None
+    log_path: Path
+    done_path: Path
+    artifacts: dict[str, Any] = field(default_factory=dict)
+
+
+def _run_verify(verify_cmd: str, *, cwd: str | None = None,
+                timeout: int = 600) -> tuple[int, str]:
+    """Run the verify command in a shell and capture (exit_code, tail-of-output).
+
+    Returns a 2-tuple. ``tail`` is the last ~80 lines of stdout+stderr so we
+    can feed it back to the provider as the iteration's "what broke" context.
+    """
+    try:
+        proc = subprocess.run(
+            verify_cmd, shell=True, check=False, capture_output=True,
+            text=True, timeout=timeout, cwd=cwd,
+        )
+    except subprocess.TimeoutExpired:
+        return 124, "(verify_cmd timed out)"
+    out = (proc.stdout or "") + (proc.stderr or "")
+    tail = "\n".join(out.splitlines()[-80:])
+    return proc.returncode, tail
+
+
+def pursue(
+    intent: str,
+    verify_cmd: str,
+    *,
+    omega_home: str | Path | None = None,
+    task_id: str | None = None,
+    project: str | None = None,
+    max_iterations: int = 20,
+    cwd: str | None = None,
+    role: str = "worker",
+    timeout_per_iter: int = 600,
+    router=None,
+) -> PursueResult:
+    """Drive an agent toward a goal until ``verify_cmd`` exits 0.
+
+    Args:
+        intent: the natural-language goal the agent is pursuing.
+        verify_cmd: the shell command that proves the goal is met (exit 0).
+        omega_home: ``$OMEGA_HOME`` (defaults to env or ``~/Omega``).
+        task_id: optional id; one is generated if not provided.
+        project: project slug; if set, the cwd defaults to that project's
+            directory and per-project artefacts live there.
+        max_iterations: hard cap on attempts (default 20).
+        cwd: working directory for ``verify_cmd``. Defaults to project path
+            when ``project`` is set, else current directory.
+        role: provider role to use (default ``worker``).
+        timeout_per_iter: timeout (seconds) per provider call + verify pair.
+        router: an ``omega_engine.router.ModelRouter`` — defaults to one
+            built from env (mock if no real provider configured).
+
+    Returns: a ``PursueResult`` describing the outcome.
+    """
+    home = Path(omega_home or os.environ.get("OMEGA_HOME") or
+                Path.home() / "Omega")
+    task_id = task_id or "pur-" + uuid.uuid4().hex[:8]
+
+    # Local imports — keep this module's import-cost low.
+    from omega_engine.done_signal import DoneSignal, session_dir, write_done
+    from omega_engine.envelope import EnvelopeContext, build_envelope
+    from omega_engine.provider import AgentRequest
+
+    if router is None:
+        from omega_engine.router import ModelRouter
+        from omega_engine.provider import MockProvider
+        router = ModelRouter.single(MockProvider())
+
+    # Resolve cwd from project if not explicit.
+    if cwd is None and project:
+        cwd = str(home / "Agentik_Coding" / "projects" / project)
+    cwd = cwd or os.getcwd()
+
+    sess = session_dir(home, task_id)
+    log_path = sess / "pursue.log"
+    done_p = sess / ".done.json"
+
+    def log_iter(payload: dict[str, Any]) -> None:
+        with open(log_path, "a") as fh:
+            fh.write(json.dumps({"ts": int(time.time()), **payload}) + "\n")
+
+    provider = router.resolve(role)
+    last_exit: int | None = None
+    last_tail: str = ""
+    attempts: list[dict[str, Any]] = []
+
+    for i in range(1, max_iterations + 1):
+        # Build a rich envelope: the agent sees the goal, the verify_cmd,
+        # the previous failure tail, and its done.json contract.
+        ctx = EnvelopeContext(
+            role=role,
+            intent=(
+                f"GOAL: {intent}\n\n"
+                f"VERIFY: `{verify_cmd}` (must exit 0 to be done).\n\n"
+                + (f"PREVIOUS FAILURE (iter {i - 1}, exit {last_exit}):\n"
+                   f"```\n{last_tail}\n```\n" if i > 1 else "")
+                + f"This is iteration {i} of {max_iterations}. "
+                f"Make one focused, surgical change."
+            ),
+            task_id=task_id,
+            verify_cmd=verify_cmd,
+            done_json_path=str(done_p),
+            project={"slug": project, "path": cwd} if project else None,
+        )
+        envelope = build_envelope(home, ctx)
+        request = AgentRequest(
+            role=role, prompt=envelope["user"], context={
+                "task": intent, "verify_cmd": verify_cmd,
+            }, system=envelope["system"],
+        )
+
+        try:
+            result = provider.run(request)
+        except Exception as exc:  # noqa: BLE001
+            log_iter({"iter": i, "provider_error": str(exc)[:300]})
+            attempts.append({"iter": i, "error": str(exc)[:300]})
+            continue
+
+        # Run verify after the provider's turn.
+        exit_code, tail = _run_verify(
+            verify_cmd, cwd=cwd, timeout=timeout_per_iter,
+        )
+        last_exit = exit_code
+        last_tail = tail
+        log_iter({
+            "iter": i, "verify_exit": exit_code,
+            "provider_text": (result.text or "")[:300],
+            "verify_tail": tail[-400:],
+        })
+        attempts.append({"iter": i, "exit": exit_code})
+
+        if exit_code == 0:
+            sig = DoneSignal(
+                status="done_clean",
+                summary=f"goal '{intent}' verified by `{verify_cmd}` in {i} iter(s)",
+                artifacts={"attempts": attempts, "log": str(log_path)},
+                files_changed=list(result.artifacts.get("files") or []),
+            )
+            write_done(home, task_id, sig)
+            return PursueResult(
+                task_id=task_id, status="done_clean", iterations=i,
+                final_verify_exit=0, log_path=log_path, done_path=done_p,
+                artifacts=dict(sig.artifacts),
+            )
+
+    # Budget exhausted — honest failure.
+    sig = DoneSignal(
+        status="failed",
+        summary=(
+            f"goal '{intent}' not met after {max_iterations} iterations "
+            f"(last exit {last_exit})"
+        ),
+        artifacts={"attempts": attempts, "log": str(log_path)},
+        errors=[f"final verify exit: {last_exit}", last_tail[-200:]],
+    )
+    write_done(home, task_id, sig)
+    return PursueResult(
+        task_id=task_id, status="failed", iterations=max_iterations,
+        final_verify_exit=last_exit, log_path=log_path, done_path=done_p,
+        artifacts=dict(sig.artifacts),
+    )

package/omega/Agentik_Engine/omega_engine/router.py

@@ -32,3 +32,31 @@ class ModelRouter:
     def single(cls, provider: AgentProvider) -> "ModelRouter":
         """A router that sends every role to one provider — used for tests."""
         return cls({provider.id: provider}, {}, provider.id)
+
+    @classmethod
+    def auto(cls) -> "ModelRouter":
+        """Build the best router for the host.
+
+        Preference order:
+
+          1. ``claude`` CLI on PATH + logged in → ClaudeMaxProvider
+             (Max subscription, no API key).
+          2. ``ANTHROPIC_API_KEY`` env var set → ClaudeProvider (API).
+          3. Otherwise → MockProvider (deterministic offline).
+
+        Use this everywhere the engine needs a "sensible default" — the
+        mission runner, smoke, pursue, audit pipeline. Tests still use
+        ``single(MockProvider())`` for determinism.
+        """
+        import os
+        from omega_engine.provider import (
+            ClaudeMaxProvider,
+            ClaudeProvider,
+            MockProvider,
+        )
+
+        if ClaudeMaxProvider.is_available():
+            return cls.single(ClaudeMaxProvider())
+        if os.environ.get("ANTHROPIC_API_KEY"):
+            return cls.single(ClaudeProvider())
+        return cls.single(MockProvider())

package/omega/Agentik_Engine/omega_engine/skill_discovery/__init__.py

@@ -0,0 +1,48 @@
+"""Skill discovery + safety audit for Claude Code skills.
+
+OmegaOS pulls skills from many sources: the curated SSOT, Anthropic's
+official marketplace, Vercel Labs' skills CLI, davila7 templates, ad-hoc
+GitHub repos. Each source is a different trust surface. This package is
+the safety net:
+
+  * ``marketplaces.py``  — the catalog of known marketplaces with a
+                            ``trust`` rating.
+  * ``auditor.py``        — static + heuristic safety check on a SKILL.md
+                            before it lands in ``~/.claude/skills/``.
+  * ``finder.py``         — search across marketplaces.
+  * ``installer.py``      — validated install with audit gate.
+
+The user's hard rule: every new skill must pass the auditor first.
+Malware patterns (shell-pipe-curl-bash, ``eval``, opaque base64 blobs)
+hard-fail; suspicious-but-legitimate patterns (broad ``allowed-tools``,
+external network calls) warn but don't block — the operator gets the
+report and decides.
+"""
+from omega_engine.skill_discovery.auditor import (
+    SkillAuditIssue,
+    SkillAuditVerdict,
+    audit_skill_file,
+    audit_skill_text,
+)
+from omega_engine.skill_discovery.finder import (
+    DiscoveredSkill,
+    discover_skills,
+    list_curated,
+)
+from omega_engine.skill_discovery.installer import (
+    SkillInstallResult,
+    install_skill_from_github,
+)
+from omega_engine.skill_discovery.marketplaces import (
+    Marketplace,
+    load_marketplaces,
+)
+
+
+__all__ = [
+    "Marketplace", "load_marketplaces",
+    "SkillAuditIssue", "SkillAuditVerdict",
+    "audit_skill_file", "audit_skill_text",
+    "DiscoveredSkill", "discover_skills", "list_curated",
+    "SkillInstallResult", "install_skill_from_github",
+]

package/omega/Agentik_Engine/omega_engine/skill_discovery/auditor.py

@@ -0,0 +1,232 @@
+"""Skill safety auditor — block obvious malware before install.
+
+A SKILL.md can ship arbitrary instructions and tool grants. We treat
+each candidate skill as untrusted and run a battery of static checks
+that catch the most common attack patterns:
+
+  * ``curl … | sh`` and equivalents — remote code execution on install
+  * Opaque base64/hex blobs > N bytes — likely encoded payloads
+  * ``eval`` / ``exec(`` / ``os.system`` in inline scripts
+  * Network calls to unfamiliar hosts
+  * ``allowed-tools`` that grants ``Bash`` unrestricted (no glob)
+  * Hidden HTML/script injection in markdown
+  * Missing ``description`` / ``name`` (signals careless author)
+  * Excessive size (likely scraped content, not a real skill)
+
+Issues are tagged ``severity`` ∈ {block, warn, info}. The verdict
+function aggregates into a score (0-100) and a verified-or-not boolean.
+Block-severity issues hard-fail (verified=False, score capped).
+"""
+from __future__ import annotations
+
+import re
+from dataclasses import dataclass, field
+from pathlib import Path
+from typing import Any
+
+import yaml
+
+
+# ---- patterns ----------------------------------------------------------------
+
+# `curl ... | sh` / `wget ... | bash` and similar pipe-and-execute patterns.
+_PIPE_EXEC_RE = re.compile(
+    r"(?:curl|wget|fetch)\b[^|;]*?\|\s*(?:sh|bash|zsh|fish|pwsh|python\d?)",
+    re.IGNORECASE,
+)
+
+# `eval(...)`, `exec(...)`, `os.system(...)`, `subprocess.call(... shell=True ...)`
+_EVAL_EXEC_RE = re.compile(
+    r"\b(eval|exec)\s*\(", re.IGNORECASE,
+)
+_OS_SYSTEM_RE = re.compile(
+    r"\b(os\.system|subprocess\.\w+\([^)]*shell\s*=\s*True)",
+    re.IGNORECASE,
+)
+
+# Long base64-looking blocks (40+ continuous base64 chars on one line).
+_BASE64_RE = re.compile(r"[A-Za-z0-9+/=]{120,}")
+
+# Catchy script tags inside markdown.
+_SCRIPT_TAG_RE = re.compile(r"<\s*script\b", re.IGNORECASE)
+
+# Unrestricted Bash grant: just `Bash` (no glob) is a red flag.
+_BASH_FREE_RE = re.compile(r"(?:^|\s)Bash(?!\(|[A-Za-z])")
+
+# Network calls to suspicious hosts (raw IPs, .ru/.cn/.tk).
+_SUSPICIOUS_HOST_RE = re.compile(
+    r"https?://(?:[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+|[^/\s]+\.(?:ru|cn|tk|onion))",
+    re.IGNORECASE,
+)
+
+# Hidden HTML comments that might mask code.
+_HTML_COMMENT_RE = re.compile(r"<!--.*?-->", re.DOTALL)
+
+
+# ---- data model --------------------------------------------------------------
+
+
+@dataclass(frozen=True)
+class SkillAuditIssue:
+    severity: str          # "block" | "warn" | "info"
+    rule: str              # short rule id (e.g. "pipe-exec")
+    message: str
+    excerpt: str = ""      # the offending snippet, trimmed
+
+
+@dataclass
+class SkillAuditVerdict:
+    skill_name: str
+    score: int                                    # 0-100
+    verified: bool                                # iff no block issues
+    issues: list[SkillAuditIssue] = field(default_factory=list)
+    metadata: dict[str, Any] = field(default_factory=dict)
+
+    @property
+    def block_count(self) -> int:
+        return sum(1 for i in self.issues if i.severity == "block")
+
+    @property
+    def warn_count(self) -> int:
+        return sum(1 for i in self.issues if i.severity == "warn")
+
+
+# ---- the audit ---------------------------------------------------------------
+
+
+def _split_frontmatter(text: str) -> tuple[dict[str, Any], str]:
+    """Split YAML frontmatter from the body. Returns (frontmatter, body)."""
+    m = re.match(r"^---\s*\n(.*?)\n---\s*\n", text, re.DOTALL)
+    if not m:
+        return {}, text
+    try:
+        front = yaml.safe_load(m.group(1)) or {}
+    except yaml.YAMLError:
+        front = {}
+    return (front if isinstance(front, dict) else {}), text[m.end():]
+
+
+def audit_skill_text(
+    text: str, *, skill_name: str = "<unnamed>",
+) -> SkillAuditVerdict:
+    """Audit a SKILL.md body in memory. Returns the structured verdict."""
+    issues: list[SkillAuditIssue] = []
+    front, body = _split_frontmatter(text)
+
+    # --- frontmatter sanity ---
+    if not front.get("name") and skill_name == "<unnamed>":
+        issues.append(SkillAuditIssue(
+            "warn", "missing-name",
+            "skill has no `name` in frontmatter or filename",
+        ))
+    if not front.get("description"):
+        issues.append(SkillAuditIssue(
+            "warn", "missing-description",
+            "skill has no `description` — operators can't tell what it does",
+        ))
+    allowed = front.get("allowed-tools") or ""
+    if isinstance(allowed, list):
+        allowed_str = " ".join(str(x) for x in allowed)
+    else:
+        allowed_str = str(allowed)
+    if _BASH_FREE_RE.search(" " + allowed_str + " "):
+        issues.append(SkillAuditIssue(
+            "warn", "unrestricted-bash",
+            "`allowed-tools` grants `Bash` without a glob — any shell "
+            "command runs without per-use approval",
+        ))
+    if front.get("disable-model-invocation") is False and not front.get("description"):
+        issues.append(SkillAuditIssue(
+            "warn", "auto-invoke-no-desc",
+            "auto-invocable skill with no description — Claude can't "
+            "decide when to use it",
+        ))
+
+    # --- body patterns ---
+    for match in _PIPE_EXEC_RE.finditer(body):
+        issues.append(SkillAuditIssue(
+            "block", "pipe-exec",
+            "downloads-and-executes pattern detected (curl|sh, wget|bash)",
+            excerpt=match.group(0)[:120],
+        ))
+    for match in _OS_SYSTEM_RE.finditer(body):
+        issues.append(SkillAuditIssue(
+            "block", "shell-true-exec",
+            "subprocess with shell=True or os.system — arbitrary command exec",
+            excerpt=match.group(0)[:120],
+        ))
+    # eval/exec is sometimes legitimate (e.g. in code samples) — flag as warn.
+    for match in _EVAL_EXEC_RE.finditer(body):
+        issues.append(SkillAuditIssue(
+            "warn", "eval-exec",
+            "eval/exec call present — may be safe but warrants review",
+            excerpt=match.group(0)[:120],
+        ))
+    for match in _BASE64_RE.finditer(body):
+        issues.append(SkillAuditIssue(
+            "block", "opaque-blob",
+            "long base64-looking block (likely encoded payload)",
+            excerpt=match.group(0)[:60] + "…",
+        ))
+    if _SCRIPT_TAG_RE.search(body):
+        issues.append(SkillAuditIssue(
+            "warn", "script-tag",
+            "<script> tag in markdown — unusual for a SKILL.md",
+        ))
+    # Hidden HTML comments — count them; rarely needed in a SKILL.md.
+    comments = list(_HTML_COMMENT_RE.finditer(body))
+    if len(comments) > 5:
+        issues.append(SkillAuditIssue(
+            "info", "many-html-comments",
+            f"{len(comments)} HTML comments — could be hiding intent",
+        ))
+    for match in _SUSPICIOUS_HOST_RE.finditer(body):
+        issues.append(SkillAuditIssue(
+            "warn", "suspicious-host",
+            f"URL points at a suspicious host: {match.group(0)[:80]}",
+        ))
+
+    # Excessive size flag.
+    if len(text) > 200_000:
+        issues.append(SkillAuditIssue(
+            "warn", "excessive-size",
+            f"SKILL.md is {len(text):,} bytes — much larger than typical",
+        ))
+
+    # --- score ---
+    block_n = sum(1 for i in issues if i.severity == "block")
+    warn_n = sum(1 for i in issues if i.severity == "warn")
+    info_n = sum(1 for i in issues if i.severity == "info")
+    # Hard cap: any block → score ≤ 30 + verified=False.
+    score = 100 - (block_n * 35) - (warn_n * 8) - (info_n * 2)
+    if block_n > 0:
+        score = min(score, 30)
+    score = max(0, min(100, score))
+
+    return SkillAuditVerdict(
+        skill_name=str(front.get("name") or skill_name),
+        score=score, verified=(block_n == 0),
+        issues=issues,
+        metadata={
+            "size_bytes": len(text),
+            "frontmatter_keys": sorted(front.keys()) if front else [],
+            "block": block_n, "warn": warn_n, "info": info_n,
+        },
+    )
+
+
+def audit_skill_file(path: str | Path) -> SkillAuditVerdict:
+    """Audit a SKILL.md by path."""
+    p = Path(path)
+    try:
+        text = p.read_text()
+    except OSError as exc:
+        return SkillAuditVerdict(
+            skill_name=p.stem,
+            score=0, verified=False,
+            issues=[SkillAuditIssue(
+                "block", "unreadable",
+                f"cannot read {p}: {exc}",
+            )],
+        )
+    return audit_skill_text(text, skill_name=p.parent.name)

package/omega/Agentik_Engine/omega_engine/skill_discovery/finder.py

@@ -0,0 +1,94 @@
+"""Skill discovery — search the curated marketplaces.
+
+We don't try to be a general crawler. We rely on:
+
+  * The local SSOT catalog (``claude-plugins.yaml``) — every skill the
+    installer already knows about.
+  * The ``find-skills`` skill (Vercel Labs) — once installed, it's the
+    expert agent for live discovery via ``npx skills find``.
+
+This module's job: return a normalised list of *known* skills, with
+their marketplace + trust attribution, and let the CLI pass the list to
+the auditor before any actual install.
+"""
+from __future__ import annotations
+
+from dataclasses import dataclass
+from pathlib import Path
+from typing import Any
+
+import yaml
+
+from omega_engine.skill_discovery.marketplaces import (
+    Marketplace,
+    load_marketplaces,
+)
+
+
+@dataclass
+class DiscoveredSkill:
+    name: str
+    description: str
+    marketplace_id: str
+    marketplace_trust: str
+    scope: str                   # "user" | "project" | "local"
+    recommended: bool = False
+    secrets: list[str] = None    # type: ignore[assignment]
+    category: str = ""
+
+    def __post_init__(self) -> None:
+        if self.secrets is None:
+            self.secrets = []
+
+
+def list_curated(omega_home: str | Path) -> list[DiscoveredSkill]:
+    """Read the curated skill list from the SSOT catalog."""
+    path = (Path(omega_home) / "Agentik_SSOT" / "claude-plugins"
+            / "claude-plugins.yaml")
+    if not path.exists():
+        return []
+    data = yaml.safe_load(path.read_text()) or {}
+    markets = {m.id: m for m in load_marketplaces(omega_home)}
+    out: list[DiscoveredSkill] = []
+    for entry in data.get("catalog") or []:
+        mid = entry.get("marketplace", "")
+        m = markets.get(mid)
+        out.append(DiscoveredSkill(
+            name=entry.get("name", entry.get("id", "?")),
+            description=entry.get("description", ""),
+            marketplace_id=mid,
+            marketplace_trust=(m.trust if m else "low"),
+            scope=entry.get("scope", "user"),
+            recommended=bool(entry.get("recommended", False)),
+            secrets=list(entry.get("secrets") or []),
+            category=entry.get("category", ""),
+        ))
+    return out
+
+
+def discover_skills(
+    omega_home: str | Path,
+    *,
+    query: str | None = None,
+    min_trust: str = "low",
+    recommended_only: bool = False,
+) -> list[DiscoveredSkill]:
+    """Search the local catalog. ``query`` matches name + description
+    (case-insensitive substring). ``min_trust`` filters by marketplace
+    trust level. ``recommended_only`` returns only the curated picks.
+    """
+    from omega_engine.skill_discovery.marketplaces import trust_floor
+    floor = trust_floor(min_trust)
+    out: list[DiscoveredSkill] = []
+    q = (query or "").strip().lower()
+    for s in list_curated(omega_home):
+        if recommended_only and not s.recommended:
+            continue
+        if trust_floor(s.marketplace_trust) < floor:
+            continue
+        if q:
+            hay = f"{s.name} {s.description}".lower()
+            if q not in hay:
+                continue
+        out.append(s)
+    return out