aegisure 0.1.0__tar.gz

aegisure-0.1.0/.gitignore

@@ -0,0 +1,20 @@
+.env
+.env.local
+.venv/
+venv/
+__pycache__/
+*.pyc
+*.pyo
+*.egg-info/
+dist/
+build/
+.pytest_cache/
+.ruff_cache/
+.mypy_cache/
+node_modules/
+.next/
+coverage/
+.aegisure/
+*.sqlite3
+*.db
+.DS_Store

aegisure-0.1.0/PKG-INFO

@@ -0,0 +1,36 @@
+Metadata-Version: 2.4
+Name: aegisure
+Version: 0.1.0
+Summary: Aegisure CLI and core engine for governing AI coding agents.
+Project-URL: Homepage, https://aegisure.dev
+Project-URL: Repository, https://github.com/Hetul803/Aegisure
+Project-URL: Documentation, https://aegisure.dev/docs
+Author: Aegisure
+License: Proprietary
+Keywords: ai-agents,developer-tools,github,provenance,security
+Classifier: Development Status :: 3 - Alpha
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Requires-Python: >=3.10
+Requires-Dist: cryptography>=42.0.0
+Requires-Dist: httpx>=0.27.0
+Requires-Dist: pyyaml>=6.0.1
+Requires-Dist: typer>=0.12.0
+Description-Content-Type: text/markdown
+
+# Aegisure CLI
+
+Aegisure is the control and audit plane for AI coding agents. The CLI gives a local-first path for generating a repo Constitution, scanning diffs, exporting cross-agent memory files, capturing provenance, and preparing repair prompts.
+
+```bash
+pip install aegisure
+aegisure init
+aegisure scan --staged
+aegisure export
+```
+
+The static scanner is fully offline and does not call an LLM. Optional review features can use Anthropic, OpenAI, or Ollama when configured.

aegisure-0.1.0/README.md

@@ -0,0 +1,12 @@
+# Aegisure CLI
+
+Aegisure is the control and audit plane for AI coding agents. The CLI gives a local-first path for generating a repo Constitution, scanning diffs, exporting cross-agent memory files, capturing provenance, and preparing repair prompts.
+
+```bash
+pip install aegisure
+aegisure init
+aegisure scan --staged
+aegisure export
+```
+
+The static scanner is fully offline and does not call an LLM. Optional review features can use Anthropic, OpenAI, or Ollama when configured.

aegisure-0.1.0/pyproject.toml

@@ -0,0 +1,39 @@
+[build-system]
+requires = ["hatchling>=1.24"]
+build-backend = "hatchling.build"
+
+[project]
+name = "aegisure"
+version = "0.1.0"
+description = "Aegisure CLI and core engine for governing AI coding agents."
+readme = "README.md"
+requires-python = ">=3.10"
+license = { text = "Proprietary" }
+authors = [{ name = "Aegisure" }]
+keywords = ["ai-agents", "github", "security", "provenance", "developer-tools"]
+classifiers = [
+  "Development Status :: 3 - Alpha",
+  "Environment :: Console",
+  "Intended Audience :: Developers",
+  "Programming Language :: Python :: 3",
+  "Programming Language :: Python :: 3.10",
+  "Programming Language :: Python :: 3.11",
+  "Programming Language :: Python :: 3.12",
+]
+dependencies = [
+  "cryptography>=42.0.0",
+  "httpx>=0.27.0",
+  "pyyaml>=6.0.1",
+  "typer>=0.12.0",
+]
+
+[project.urls]
+Homepage = "https://aegisure.dev"
+Repository = "https://github.com/Hetul803/Aegisure"
+Documentation = "https://aegisure.dev/docs"
+
+[project.scripts]
+aegisure = "aegisure.cli:main"
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/aegisure", "src/aegisure_github"]

aegisure-0.1.0/src/aegisure/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.1.0"

aegisure-0.1.0/src/aegisure/agent_failure_memory.py

@@ -0,0 +1,51 @@
+from __future__ import annotations
+
+import json
+from dataclasses import dataclass
+from datetime import UTC, datetime
+from pathlib import Path
+
+
+@dataclass(frozen=True)
+class AgentFailureRecord:
+    repo: str
+    agent: str
+    failure_class: str
+    summary: str
+    repair_worked: bool | None = None
+    created_at: str = ""
+
+    def to_dict(self) -> dict:
+        return {
+            "repo": self.repo,
+            "agent": self.agent,
+            "failure_class": self.failure_class,
+            "summary": self.summary,
+            "repair_worked": self.repair_worked,
+            "created_at": self.created_at or datetime.now(UTC).replace(microsecond=0).isoformat().replace("+00:00", "Z"),
+        }
+
+
+def record_agent_failure(repo_path: str | Path, record: AgentFailureRecord) -> Path:
+    target_dir = Path(repo_path).resolve() / ".aegisure"
+    target_dir.mkdir(parents=True, exist_ok=True)
+    target = target_dir / "agent-failure-memory.jsonl"
+    with target.open("a", encoding="utf-8") as handle:
+        handle.write(json.dumps(record.to_dict(), sort_keys=True) + "\n")
+    return target
+
+
+def list_agent_failures(repo_path: str | Path, *, agent: str | None = None) -> list[dict]:
+    target = Path(repo_path).resolve() / ".aegisure" / "agent-failure-memory.jsonl"
+    if not target.exists():
+        return []
+    rows = []
+    for line in target.read_text(encoding="utf-8").splitlines():
+        try:
+            row = json.loads(line)
+        except Exception:
+            continue
+        if agent and row.get("agent") != agent:
+            continue
+        rows.append(row)
+    return rows

aegisure-0.1.0/src/aegisure/agent_memory_export.py

@@ -0,0 +1,140 @@
+from __future__ import annotations
+
+from pathlib import Path
+
+from .constitution import Constitution, constitution_for_repo, render_constitution
+
+
+EXPORT_TARGETS = (
+    "AEGIS.md",
+    "AGENTS.md",
+    "CLAUDE.md",
+    ".cursorrules",
+    ".clinerules",
+    ".github/copilot-instructions.md",
+)
+
+
+def _rules_block(constitution: Constitution) -> str:
+    return "\n".join(f"- {rule}" for rule in constitution.agent_rules)
+
+
+def _approval_block(constitution: Constitution) -> str:
+    return "\n".join(f"- {rule}" for rule in constitution.approval_rules)
+
+
+def _test_block(constitution: Constitution) -> str:
+    return "\n".join(f"- `{command}`" for command in constitution.test_commands) or "- No test command detected yet."
+
+
+def _protected_block(constitution: Constitution) -> str:
+    return "\n".join(f"- `{path}`" for path in constitution.protected_paths) or "- No protected paths detected yet."
+
+
+def build_memory_exports(constitution: Constitution) -> dict[str, str]:
+    shared = {
+        "repo": constitution.repo_name,
+        "summary": constitution.summary,
+        "rules": _rules_block(constitution),
+        "approval": _approval_block(constitution),
+        "tests": _test_block(constitution),
+        "protected": _protected_block(constitution),
+    }
+    aura_md = render_constitution(constitution)
+    agent_md = f"""# Agent Instructions for {shared['repo']}
+
+{shared['summary']}
+
+## Required Behavior
+{shared['rules']}
+
+## Human Approval Required
+{shared['approval']}
+
+## Protected Paths
+{shared['protected']}
+
+## Verification
+{shared['tests']}
+"""
+    claude_md = f"""# Claude Code Memory
+
+You are working in `{shared['repo']}`.
+
+Project summary: {shared['summary']}
+
+Follow these non-negotiable rules:
+{shared['rules']}
+
+Before editing protected areas, ask for human review:
+{shared['protected']}
+
+Run or recommend these checks:
+{shared['tests']}
+"""
+    cursor_rules = f"""You are an AI coding agent in {shared['repo']}.
+
+{shared['summary']}
+
+Rules:
+{shared['rules']}
+
+Protected paths:
+{shared['protected']}
+
+Tests:
+{shared['tests']}
+"""
+    cline_rules = f"""# Cline/Roo Rules
+
+Repository: {shared['repo']}
+
+{shared['summary']}
+
+Do:
+{shared['rules']}
+
+Require approval:
+{shared['approval']}
+
+Verify with:
+{shared['tests']}
+"""
+    copilot = f"""# GitHub Copilot Instructions
+
+This repository uses Aegisure as its project Constitution.
+
+Summary: {shared['summary']}
+
+Coding rules:
+{shared['rules']}
+
+Protected paths:
+{shared['protected']}
+
+Verification:
+{shared['tests']}
+"""
+    return {
+        "AEGIS.md": aura_md,
+        "AGENTS.md": agent_md,
+        "CLAUDE.md": claude_md,
+        ".cursorrules": cursor_rules,
+        ".clinerules": cline_rules,
+        ".github/copilot-instructions.md": copilot,
+    }
+
+
+def write_memory_exports(repo_path: str | Path, *, overwrite: bool = True) -> list[dict[str, str | bool]]:
+    repo = Path(repo_path).resolve()
+    exports = build_memory_exports(constitution_for_repo(repo))
+    results: list[dict[str, str | bool]] = []
+    for target, content in exports.items():
+        path = repo / target
+        path.parent.mkdir(parents=True, exist_ok=True)
+        previous = path.read_text(encoding="utf-8") if path.exists() else None
+        changed = previous != content
+        if changed and (overwrite or previous is None):
+            path.write_text(content, encoding="utf-8")
+        results.append({"path": str(path), "target": target, "changed": changed})
+    return results

aegisure-0.1.0/src/aegisure/attribution.py

@@ -0,0 +1,83 @@
+from __future__ import annotations
+
+import json
+import re
+from dataclasses import dataclass
+from datetime import UTC, datetime
+from pathlib import Path
+
+from .diff_parser import ParsedDiff
+
+
+KNOWN_AGENTS = {
+    "codex": ("codex", "openai codex"),
+    "claude-code": ("claude", "claude code"),
+    "cursor": ("cursor",),
+    "copilot": ("copilot", "github copilot"),
+    "cline": ("cline",),
+    "roo": ("roo", "roo code"),
+}
+
+
+@dataclass(frozen=True)
+class AttributionRecord:
+    repo: str
+    change_id: str
+    path: str
+    agent: str
+    source: str
+    created_at: str
+
+    def to_dict(self) -> dict:
+        return {
+            "repo": self.repo,
+            "change_id": self.change_id,
+            "path": self.path,
+            "agent": self.agent,
+            "source": self.source,
+            "created_at": self.created_at,
+        }
+
+
+def infer_agent(*, commit_message: str = "", pr_body: str = "", explicit_agent: str | None = None) -> str:
+    if explicit_agent:
+        return explicit_agent
+    text = f"{commit_message}\n{pr_body}".lower()
+    trailer = re.search(r"aura-agent:\s*([a-z0-9_.-]+)", text)
+    if trailer:
+        return trailer.group(1)
+    for agent, needles in KNOWN_AGENTS.items():
+        if any(needle in text for needle in needles):
+            return agent
+    return "unknown"
+
+
+def attribution_records(parsed: ParsedDiff, *, repo: str, change_id: str, agent: str, source: str = "analysis") -> list[AttributionRecord]:
+    now = datetime.now(UTC).replace(microsecond=0).isoformat().replace("+00:00", "Z")
+    return [AttributionRecord(repo=repo, change_id=change_id, path=file.path, agent=agent, source=source, created_at=now) for file in parsed.files]
+
+
+def append_attribution_ledger(repo_path: str | Path, records: list[AttributionRecord]) -> Path:
+    aegisure_dir = Path(repo_path).resolve() / ".aegisure"
+    aegisure_dir.mkdir(parents=True, exist_ok=True)
+    target = aegisure_dir / "attribution-ledger.jsonl"
+    with target.open("a", encoding="utf-8") as handle:
+        for record in records:
+            handle.write(json.dumps(record.to_dict(), sort_keys=True) + "\n")
+    return target
+
+
+def query_attribution_ledger(repo_path: str | Path, *, agent: str | None = None) -> list[dict]:
+    target = Path(repo_path).resolve() / ".aegisure" / "attribution-ledger.jsonl"
+    if not target.exists():
+        return []
+    rows = []
+    for line in target.read_text(encoding="utf-8").splitlines():
+        try:
+            row = json.loads(line)
+        except Exception:
+            continue
+        if agent and row.get("agent") != agent:
+            continue
+        rows.append(row)
+    return rows

aegisure-0.1.0/src/aegisure/cli.py

@@ -0,0 +1,182 @@
+from __future__ import annotations
+
+import asyncio
+import json
+import subprocess
+from pathlib import Path
+from typing import Optional
+
+import typer
+
+from .agent_memory_export import write_memory_exports
+from .attribution import append_attribution_ledger, attribution_records, infer_agent
+from .constitution import write_constitution, constitution_for_repo
+from .diff_parser import parse_unified_diff
+from .diff_risk import analyze_diff
+from .policy_engine import default_policy_yaml, evaluate_policy
+from .provenance import build_commit_message, prompt_hash, read_commit_provenance, record_git_note
+from .repair_prompt import generate_repair_prompt
+from .second_opinion import cross_model_second_opinion, heuristic_second_opinion
+
+app = typer.Typer(help="Aegisure: control and audit plane for AI coding agents.")
+
+
+def _repo(path: str | Path = ".") -> Path:
+    return Path(path).resolve()
+
+
+def _selected_repo(repo: Path | None, path: Path | None) -> Path:
+    return _repo(path or repo or ".")
+
+
+def _run_git(repo: Path, args: list[str], *, check: bool = True) -> subprocess.CompletedProcess[str]:
+    proc = subprocess.run(["git", *args], cwd=repo, capture_output=True, text=True)
+    if check and proc.returncode != 0:
+        raise typer.BadParameter(proc.stderr.strip() or proc.stdout.strip() or f"git {' '.join(args)} failed")
+    return proc
+
+
+def _diff_text(repo: Path, *, staged: bool = False, base: Optional[str] = None) -> str:
+    if base:
+        return _run_git(repo, ["diff", base]).stdout
+    if staged:
+        return _run_git(repo, ["diff", "--cached"]).stdout
+    text = _run_git(repo, ["diff"]).stdout
+    return text or _run_git(repo, ["diff", "--cached"]).stdout
+
+
+@app.command()
+def init(
+    repo: Path | None = typer.Argument(None, help="Repository to scan."),
+    path: Path | None = typer.Option(None, "--path", help="Repository to scan."),
+    overwrite: bool = typer.Option(False, help="Overwrite existing AEGIS.md."),
+) -> None:
+    """Scan a repository and generate the canonical AEGIS.md Constitution."""
+
+    target = write_constitution(_selected_repo(repo, path), overwrite=overwrite)
+    typer.echo(f"Generated {target}")
+
+
+@app.command()
+def export(
+    repo: Path | None = typer.Argument(None, help="Repository to export memory files into."),
+    path: Path | None = typer.Option(None, "--path", help="Repository to export memory files into."),
+) -> None:
+    """Export AEGIS.md into standard agent memory files."""
+
+    results = write_memory_exports(_selected_repo(repo, path), overwrite=True)
+    for result in results:
+        marker = "updated" if result["changed"] else "unchanged"
+        typer.echo(f"{marker}: {result['target']}")
+
+
+@app.command()
+def scan(
+    repo: Path | None = typer.Argument(None, help="Repository to scan."),
+    path: Path | None = typer.Option(None, "--path", help="Repository to scan."),
+    staged: bool = typer.Option(False, "--staged", help="Analyze staged changes."),
+    base: Optional[str] = typer.Option(None, "--base", help="Git ref to diff against."),
+    json_output: bool = typer.Option(False, "--json", help="Emit JSON."),
+) -> None:
+    """Analyze a local diff using the LLM-free static core."""
+
+    repo_path = _selected_repo(repo, path)
+    diff = _diff_text(repo_path, staged=staged, base=base)
+    constitution = constitution_for_repo(repo_path)
+    report = analyze_diff(diff, constitution=constitution)
+    policy = evaluate_policy(diff, policy_text=default_policy_yaml(), risk_report=report)
+    payload = {**report.to_dict(), "policy_evaluation": policy.to_dict()}
+    if json_output:
+        typer.echo(json.dumps(payload, indent=2, sort_keys=True))
+        if report.verdict == "block":
+            raise typer.Exit(1)
+        return
+    typer.echo(f"Aegisure verdict: {report.verdict} ({report.score}/100)")
+    typer.echo(report.summary)
+    for finding in report.findings:
+        location = f"{finding.path}:{finding.line}" if finding.line else finding.path
+        typer.echo(f"- {finding.severity.upper()} {finding.category} at {location}: {finding.explanation}")
+    if not policy.passed:
+        typer.echo("Policy violations:")
+        for violation in policy.violations:
+            typer.echo(f"- {violation.severity.upper()} {violation.rule_id}: {violation.explanation}")
+    if report.verdict == "block":
+        raise typer.Exit(1)
+
+
+@app.command()
+def repair(
+    repo: Path | None = typer.Argument(None, help="Repository to inspect."),
+    path: Path | None = typer.Option(None, "--path", help="Repository to inspect."),
+    staged: bool = typer.Option(False, "--staged", help="Use staged diff."),
+    agent: str = typer.Option("codex", "--agent", help="Target agent for the repair prompt."),
+) -> None:
+    """Generate a constrained repair prompt for the current risky diff."""
+
+    repo_path = _selected_repo(repo, path)
+    diff = _diff_text(repo_path, staged=staged)
+    constitution = constitution_for_repo(repo_path)
+    report = analyze_diff(diff, constitution=constitution)
+    prompt = generate_repair_prompt(risk_report=report, constitution=constitution, agent=agent)
+    typer.echo(prompt.prompt)
+
+
+@app.command()
+def review(
+    repo: Path | None = typer.Argument(None, help="Repository to inspect."),
+    path: Path | None = typer.Option(None, "--path", help="Repository to inspect."),
+    staged: bool = typer.Option(False, "--staged", help="Use staged diff."),
+    provider: str = typer.Option("static", "--provider", help="static, anthropic, openai, or ollama."),
+) -> None:
+    """Run a second opinion on the current diff."""
+
+    diff = _diff_text(_selected_repo(repo, path), staged=staged)
+    if provider == "static":
+        opinion = heuristic_second_opinion(diff)
+    else:
+        opinion = asyncio.run(cross_model_second_opinion(diff, author_agent="unknown", reviewer=provider))
+    typer.echo(json.dumps(opinion.to_dict(), indent=2, sort_keys=True))
+
+
+@app.command()
+def commit(
+    message: str = typer.Option(..., "-m", "--message", help="Commit message."),
+    agent: str = typer.Option(..., "--agent", help="Agent name: codex, claude-code, cursor, copilot, cline, roo, human."),
+    prompt: str = typer.Option(..., "--prompt", help="Prompt that produced the change."),
+    repo: Path | None = typer.Option(None, "--repo", help="Repository to commit."),
+    path: Path | None = typer.Option(None, "--path", help="Repository to commit."),
+) -> None:
+    """Create a git commit and capture provenance + attribution."""
+
+    repo_path = _selected_repo(repo, path)
+    final_message = build_commit_message(message, agent=agent, prompt=prompt)
+    _run_git(repo_path, ["commit", "-m", final_message])
+    sha = _run_git(repo_path, ["rev-parse", "HEAD"]).stdout.strip()
+    record = read_commit_provenance(repo_path, sha)
+    if record:
+        record_git_note(repo_path, sha, record)
+    diff = _run_git(repo_path, ["show", "--format=", "--find-renames", sha]).stdout
+    parsed = parse_unified_diff(diff)
+    ledger = attribution_records(parsed, repo=repo_path.name, change_id=prompt_hash(prompt), agent=infer_agent(explicit_agent=agent), source="cli_commit")
+    append_attribution_ledger(repo_path, ledger)
+    typer.echo(f"Committed {sha} and recorded {len(ledger)} attribution entries.")
+
+
+@app.command()
+def login(workspace: str = typer.Option("local", "--workspace", help="Workspace id or slug."), token: str = typer.Option("", "--token", help="Optional dashboard API token.")) -> None:
+    """Store local workspace login metadata for CLI use."""
+
+    from .state import record_audit_event
+    from .storage.db import init_db
+
+    init_db()
+    record_audit_event({"workspace_id": workspace, "event_type": "cli_login", "message": "CLI workspace login configured.", "payload": {"token_configured": bool(token)}})
+    typer.echo(f"CLI configured for workspace `{workspace}`. Static scans remain local-first.")
+
+
+def main() -> None:
+    app()
+
+
+if __name__ == "__main__":
+    main()