@oswaldzsh/devhive 0.1.0

package/agents/verifier_static.py

@@ -0,0 +1,153 @@
+"""Static Verifier — analyzes code diff for suspicious patterns."""
+
+import json
+import os
+import yaml
+from typing import Optional
+
+from agents.base import AgentProcess
+from protocol.schemas import (
+    Task, ExecutionHandoff, Verdict, Finding, FindingEvidence,
+    Severity, SuggestedAction, VerdictOverall, VerifierType,
+)
+
+
+STATIC_SYSTEM_PROMPT = """You are a Static Verifier Agent. Your job is to:
+
+1. Read the code diff and Execution Handoff
+2. Identify suspicious patterns in the code itself (not test results)
+3. Output a structured Verdict in JSON format
+
+You focus on CODE PATTERNS, not runtime behavior:
+- Public API breaks (changed signatures, unchanged callers)
+- Unsafe operations (no timeout on network calls, missing error handling)
+- Dependency changes (new packages, version bumps)
+- Security issues (injection risks, exposed secrets, missing auth checks)
+- Code quality regressions (swallowed exceptions, overly complex logic)
+
+OUTPUT FORMAT:
+```json
+{
+  "overall": "PASS|WARN|FAIL",
+  "findings": [
+    {
+      "severity": "HIGH|MEDIUM|LOW",
+      "category": "api_break|security|dependency|code_quality|...",
+      "title": "short description",
+      "detail": "detailed explanation",
+      "suggested_action": "ROLLBACK|FIX|ESCALATE|IGNORE"
+    }
+  ]
+}
+```
+"""
+
+
+class StaticVerifier(AgentProcess):
+    """Checks code structure for suspicious patterns."""
+
+    def __init__(self, agent_id: str, task_queue, result_queue, config: dict = None):
+        super().__init__(agent_id, "static_verifier", task_queue, result_queue, config)
+        self.rules: list[dict] = []
+        self.rules_dir = ""
+
+    def _setup(self):
+        self.rules_dir = self.config.get("rules_dir", "verification/patterns/")
+        self._load_rules()
+
+    def _load_rules(self):
+        """Load YAML rule definitions."""
+        if not os.path.isdir(self.rules_dir):
+            return
+        for fname in sorted(os.listdir(self.rules_dir)):
+            if fname.endswith((".yaml", ".yml")):
+                with open(os.path.join(self.rules_dir, fname)) as f:
+                    data = yaml.safe_load(f)
+                    if data and "patterns" in data:
+                        self.rules.extend(data["patterns"])
+
+    def _execute(self, task: Task) -> Verdict:
+        handoff = task  # In practice the task payload contains the Handoff
+
+        # 1. Run deterministic rule checks
+        rule_findings = self._check_rules(task)
+
+        # 2. Ask LLM for pattern-based analysis
+        llm_findings = self._llm_analyze(task)
+
+        all_findings = rule_findings + llm_findings
+
+        # Determine overall verdict
+        has_high = any(f.severity == Severity.HIGH for f in all_findings)
+        has_medium = any(f.severity == Severity.MEDIUM for f in all_findings)
+        if has_high:
+            overall = VerdictOverall.FAIL
+        elif has_medium:
+            overall = VerdictOverall.WARN
+        else:
+            overall = VerdictOverall.PASS
+
+        return Verdict(
+            verifier_type=VerifierType.STATIC,
+            task_id=task.id,
+            overall=overall,
+            findings=all_findings,
+        )
+
+    def _check_rules(self, task: Task) -> list[Finding]:
+        """Run deterministic YAML rules against the diff."""
+        findings = []
+        for rule in self.rules:
+            # Apply each rule's detector logic
+            detector = rule.get("detector", {})
+            if detector.get("type") == "file_diff":
+                findings.append(Finding(
+                    severity=Severity(rule.get("severity", "MEDIUM")),
+                    category=rule.get("name", "rule_match"),
+                    title=rule.get("desc", ""),
+                    detail=f"Rule {rule['id']} matched: {rule.get('desc', '')}",
+                    evidence=FindingEvidence(type="rule", data=json.dumps(rule)),
+                    suggested_action=SuggestedAction.ESCALATE,
+                ))
+        return findings
+
+    def _llm_analyze(self, task: Task) -> list[Finding]:
+        """Use LLM for pattern-based code analysis."""
+        import asyncio
+
+        task_json = json.dumps(task.model_dump(), indent=2, default=str)
+
+        loop = asyncio.new_event_loop()
+        try:
+            response = loop.run_until_complete(
+                self._call_model(STATIC_SYSTEM_PROMPT, task_json, max_tokens=4096)
+            )
+        finally:
+            loop.close()
+
+        return self._parse_findings(response)
+
+    def _parse_findings(self, response: dict) -> list[Finding]:
+        """Extract findings from LLM response."""
+        import re
+        text = ""
+        for block in response.get("content", []):
+            if block.get("type") == "text":
+                text += block["text"]
+
+        match = re.search(r'```json\s*\n(.*?)\n```', text, re.DOTALL)
+        if not match:
+            return []
+
+        data = json.loads(match.group(1))
+        return [
+            Finding(
+                severity=Severity(f.get("severity", "MEDIUM")),
+                category=f.get("category", "unknown"),
+                title=f.get("title", ""),
+                detail=f.get("detail", ""),
+                evidence=FindingEvidence(type="llm_analysis", data=json.dumps(f)),
+                suggested_action=SuggestedAction(f.get("suggested_action", "ESCALATE")),
+            )
+            for f in data.get("findings", [])
+        ]

package/bin/dh

@@ -0,0 +1,77 @@
+#!/usr/bin/env bash
+# dh — DevHive CLI entry point
+# Resolves the Python module path and executes it.
+#
+# Resolution order:
+#   1. $DEVHIVE_HOME (explicit override)
+#   2. NPM global install: $(npm root -g)/devhive
+#   3. ~/.devhive (postinstall copy)
+#   4. ../ relative to this script (dev mode)
+#   5. /usr/local/lib/devhive
+
+set -e
+
+# ── Resolve module directory ────────────────────────────────
+
+find_module_dir() {
+    # 1. Explicit override
+    if [ -n "$DEVHIVE_HOME" ] && [ -d "$DEVHIVE_HOME/control_plane" ]; then
+        echo "$DEVHIVE_HOME"
+        return
+    fi
+
+    # 2. NPM global install (same dir as this script is in node_modules/devhive/bin)
+    SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+    NPM_MODULE="$(cd "$SCRIPT_DIR/.." 2>/dev/null && pwd)"
+    if [ -d "$NPM_MODULE/control_plane" ]; then
+        echo "$NPM_MODULE"
+        return
+    fi
+
+    # 3. Home dir copy
+    if [ -d "$HOME/.devhive/control_plane" ]; then
+        echo "$HOME/.devhive"
+        return
+    fi
+
+    # 4. System-wide
+    if [ -d "/usr/local/lib/devhive/control_plane" ]; then
+        echo "/usr/local/lib/devhive"
+        return
+    fi
+
+    echo ""
+}
+
+MODULE_DIR=$(find_module_dir)
+
+if [ -z "$MODULE_DIR" ]; then
+    echo "DevHive: module not found." >&2
+    echo "  Set DEVHIVE_HOME to the module path, or reinstall:" >&2
+    echo "    npm install -g devhive" >&2
+    echo "    pip3 install devhive" >&2
+    exit 1
+fi
+
+# ── Resolve Python ──────────────────────────────────────────
+
+PYTHON="${DEVHIVE_PYTHON:-}"
+if [ -z "$PYTHON" ]; then
+    for cmd in python3 python; do
+        if command -v "$cmd" &>/dev/null; then
+            PYTHON="$cmd"
+            break
+        fi
+    done
+fi
+
+if [ -z "$PYTHON" ]; then
+    echo "DevHive: Python 3.12+ required but not found." >&2
+    exit 1
+fi
+
+# ── Run ─────────────────────────────────────────────────────
+
+export PYTHONPATH="$MODULE_DIR:$PYTHONPATH"
+cd "$MODULE_DIR"
+exec "$PYTHON" -m control_plane.cli "$@"

package/config.yaml

@@ -0,0 +1,71 @@
+# DevHive Configuration
+api:
+  base_url: "https://aiapi.lejurobot.com"
+  auth_token: "${LEJU_TOKEN}"
+  default_model: "deepseek/deepseek-v4-pro"
+
+agents:
+  execute:
+    count: 2
+    max_context: 180000
+    timeout_seconds: 600
+    tools:
+      - read_file
+      - write_file
+      - edit_file
+      - bash
+      - git
+    sandbox:
+      file_whitelist: [".py", ".ts", ".js", ".rs", ".go", ".yaml", ".json", ".md", ".toml", ".cfg"]
+      forbidden_commands: ["rm -rf", "git push --force", "sudo", "chmod 777"]
+
+  static_verifier:
+    count: 1
+    max_context: 80000
+    timeout_seconds: 120
+    rules_dir: "verification/patterns/"
+
+  dynamic_verifier:
+    count: 1
+    max_context: 80000
+    timeout_seconds: 300
+    call_graph_db: "storage/call_graph.sqlite"
+    drift_thresholds:
+      duration_change_pct: 20
+      memory_change_pct: 50
+      log_volume_change_multiplier: 3.0
+
+  semantic_verifier:
+    count: 1
+    max_context: 120000
+    timeout_seconds: 180
+    trigger: "on_conflict_or_l2"
+
+convergence:
+  l1_max_retries: 3
+  l2_max_retries: 2
+  loop_detection_window: 5
+  loop_similarity_threshold: 0.8
+
+signature_db:
+  path: "signatures/signatures.db"
+  seed_file: "signatures/seed_signatures.json"
+  min_confidence: 0.65
+  top_k: 3
+  auto_learn: true
+
+escalation:
+  notify:
+    - type: "desktop_notification"
+    - type: "terminal_bell"
+  require_approval_for:
+    - auth
+    - payment
+    - data_deletion
+    - permission_change
+
+sandbox:
+  docker_image: "devhive-sandbox:latest"
+  memory_limit: "2g"
+  cpu_limit: 2
+  timeout_default: 600