agentops-cockpit 0.2.2__py3-none-any.whl → 0.3.0__py3-none-any.whl

agent_ops_cockpit/ops/evidence.py

@@ -0,0 +1,25 @@
+from pydantic import BaseModel, Field
+from typing import List, Optional, Dict, Any
+from datetime import datetime
+
+class EvidenceNode(BaseModel):
+    """A single piece of evidence or source used by the agent."""
+    source_id: str
+    source_type: str  # e.g., "doc", "web", "tool_query"
+    snippet: str
+    relevance_score: float = Field(ge=0.0, le=1.0)
+
+class AgentEvidencePacket(BaseModel):
+    """
+    Standard 'Evidence Packet' format. 
+    Ensures every agent response has a clear, auditable trail of information.
+    """
+    timestamp: str = Field(default_factory=lambda: datetime.utcnow().isoformat())
+    reasoning_path: List[str] = Field(default_factory=list)
+    sources: List[EvidenceNode] = Field(default_factory=list)
+    tool_calls: List[Dict[str, Any]] = Field(default_factory=list)
+    token_usage: Optional[Dict[str, int]] = None
+
+def pack_evidence(response_data: Dict[str, Any]) -> AgentEvidencePacket:
+    """Utility to formalize agent debug data into a sharable evidence packet."""
+    return AgentEvidencePacket(**response_data)

agent_ops_cockpit/ops/frameworks.py

@@ -0,0 +1,407 @@
+import os
+import re
+from typing import Dict, List, Any
+
+# --- CHECKLISTS ---
+
+GOOGLE_CHECKLIST = [
+    {
+        "category": "🏗️ Core Architecture (Google)",
+        "checks": [
+            ("Runtime: Is the agent running on Cloud Run or GKE?", "Critical for scalability and cost."),
+            ("Framework: Is ADK used for tool orchestration?", "Google-standard for agent-tool communication."),
+            ("Sandbox: Is Code Execution running in Vertex AI Sandbox?", "Prevents malicious code execution."),
+            ("Backend: Is FastAPI used for the Engine layer?", "Industry-standard for high-concurrency agent apps.")
+        ]
+    },
+    {
+        "category": "🛡️ Security & Privacy",
+        "checks": [
+            ("PII: Is a scrubber active before sending data to LLM?", "Compliance requirement (GDPR/SOC2)."),
+            ("Identity: Is IAM used for tool access?", "Ensures least-privilege security."),
+            ("Safety: Are Vertex AI Safety Filters configured?", "Protects against toxic generation.")
+        ]
+    },
+    {
+        "category": "📉 Optimization",
+        "checks": [
+            ("Caching: Is Semantic Caching (Hive Mind) enabled?", "Reduces LLM costs."),
+            ("Context: Are you using Context Caching?", "Critical for prompts > 32k tokens."),
+            ("Routing: Are you using Flash for simple tasks?", "Performance and cost optimization.")
+        ]
+    },
+    {
+        "category": "🌐 Infrastructure & Runtime",
+        "checks": [
+            ("Agent Engine: Are you using Vertex AI Reasoning Engine for deployment?", "Managed orchestration with built-in versioning and traces."),
+            ("Cloud Run: Is 'Startup CPU Boost' enabled?", "Critical for reducing cold-start latency in Python agents."),
+            ("GKE: Is Workload Identity used for IAM?", "Google-standard for secure service-to-service communication."),
+            ("VPC: Is VPC Service Controls (VPC SC) active?", "Prevents data exfiltration by isolating the agent environment.")
+        ]
+    },
+    {
+        "category": "🎭 Face (UI/UX)",
+        "checks": [
+            ("A2UI: Are components registered in the A2UIRenderer?", "Ensures engine-driven UI protocol compliance."),
+            ("Responsive: Are mobile-first media queries present in index.css?", "Ensures usability across devices (iOS/Android)."),
+            ("Accessibility: Do interactive elements have aria-labels?", "Critical for inclusive design and automated testing."),
+            ("Triggers: Are you using interactive triggers for state changes?", "Improves 'Agentic Feel' through reactive UI.")
+        ]
+    }
+]
+
+OPENAI_CHECKLIST = [
+    {
+        "category": "🏗️ Core Architecture (OpenAI)",
+        "checks": [
+            ("APIs: Using Assistants API or Tool Calling?", "Enables structured interactions and memory."),
+            ("Models: Using Mini models for simple tasks?", "Cost-efficient routing (GPT-4o-mini)."),
+            ("Memory: Is thread-based persistence implemented?", "Ensures session continuity."),
+            ("Tooling: Are Function Definitions schema-validated?", "Prevents runtime tool execution errors."),
+            ("Routing: Are deterministic routers used for critical branches?", "Prevents LLM drift in sensitive workflows."),
+            ("Outputs: Is 'Structured Outputs' enabled for tool calls?", "Ensures data integrity and prevents injection.")
+        ]
+    },
+    {
+        "category": "🛡️ Security & Safety",
+        "checks": [
+            ("Moderation: Is the OpenAI Moderation API active?", "Prevents policy violations in user inputs/outputs."),
+            ("Secrets: Are API Keys managed via Env/Secret Manager?", "Prevents credential leakage."),
+            ("PII: Are PII Guardrails configured to block sensitive leaks?", "Required for production data handling."),
+            ("HITL: Is there a User Approval node for sensitive actions?", "Human-in-the-loop for non-idempotent changes.")
+        ]
+    },
+    {
+        "category": "📉 Optimization",
+        "checks": [
+            ("Caching: Are you leveraging OpenAI's automatic prompt caching?", "Automatic for repeated prefixes."),
+            ("Token Management: Is max_completion_tokens set?", "Prevents runaway generation costs."),
+            ("Streaming: Is streaming enabled for UI responsiveness?", "Critical for premium user experience.")
+        ]
+    }
+]
+
+ANTHROPIC_CHECKLIST = [
+    {
+        "category": "🏗️ Core Architecture (Anthropic)",
+        "checks": [
+            ("Orchestration: Is an Orchestrator-Subagent pattern used?", "ANTHROPIC best practice for complex tasks."),
+            ("Loop: Is a structured Context-Action-Verify loop implemented?", "Ensures deterministic agent behavior."),
+            ("ACIs: Is the Agent-Computer Interface (ACI) well-documented?", "Detailed tool descriptions are critical for Claude.")
+        ]
+    },
+    {
+        "category": "🛡️ Security & Guardrails",
+        "checks": [
+            ("Sandbox: Are tool calls running in a sandboxed bash environment?", "Isolates host filesystem and network."),
+            ("IAM: Is 'Least Privilege' IAM enforced for all tools?", "Treat tool access like production IAM permissions."),
+            ("Confirmation: Are sensitive commands (git/rm) blocked or confirmed?", "Prevents accidental or malicious damage."),
+            ("Swiss Cheese: Are multiple layers of guardrails (filters + logic) active?", "Anthropic's 'Swiss Cheese Defense' model.")
+        ]
+    },
+    {
+        "category": "📉 Reliability",
+        "checks": [
+            ("Circuit Breakers: Are rate limits and circuit breakers active?", "Prevents infinite loops and API exhaustion."),
+            ("Human-in-the-Loop: Are critical file/env changes manual?", "Ensures safety in autonomous workflows."),
+            ("Logging: Is every tool invocation logged with full context?", "Auditability for autonomous agent decisions.")
+        ]
+    }
+]
+
+MICROSOFT_CHECKLIST = [
+    {
+        "category": "🏗️ Core Architecture (Microsoft)",
+        "checks": [
+            ("Framework: Using Unified Microsoft Agent Framework?", "Merges AutoGen orchestration with Semantic Kernel stability."),
+            ("Workflows: Are repeatable, graph-based processes defined?", "Semantic Kernel best practice for enterprise reliability."),
+            ("Orchestration: Is a centralized orchestrator managing multi-agent handoffs?", "Critical for complex problem solving in AutoGen."),
+            ("Maturity: Are features GA or Preview?", "Graduation process ensures production stability.")
+        ]
+    },
+    {
+        "category": "🛡️ Security & Governance",
+        "checks": [
+            ("Guardrails: Are real-time Semantic Guardrails active?", "Monitors prompts/responses for risky behavior."),
+            ("Secrets: Is Azure KeyVault used for key management?", "Production-standard for credential security."),
+            ("HITL: Are custom 'Guardrails Agents' active?", "AutoGen pattern for enforcing RAI policies."),
+            ("Sandbox: Is code execution isolated in Docker?", "Prevents malicious instruction execution.")
+        ]
+    },
+    {
+        "category": "📉 Reliability",
+        "checks": [
+            ("Observability: Is message tracing enabled via Azure AI?", "Critical for debugging multi-agent message flows."),
+            ("Testing: Are TypeChat or similar used for output validation?", "Ensures structured reliability in C#/Python.")
+        ]
+    }
+]
+
+AWS_CHECKLIST = [
+    {
+        "category": "🏗️ Core Architecture (AWS)",
+        "checks": [
+            ("Action Groups: Are Bedrock Action Groups used for tools?", "Standardizes tool execution via OpenAPI schemas."),
+            ("Grounding: Is Contextual Grounding enabled in Knowledge Bases?", "Mitigates hallucinations by anchoring to facts."),
+            ("Isolation: Is model customization running in a VPC?", "Ensures network security for specialized training.")
+        ]
+    },
+    {
+        "category": "🛡️ Security & Guardrails",
+        "checks": [
+            ("Guardrails: Are organization-level Bedrock Guardrails active?", "Enforces consistent RAI policies across apps."),
+            ("Information: Are PII Redaction and Denied Topics configured?", "Protects sensitive data and prevents brand risk."),
+            ("IAM: Are service roles scoped to least-privilege?", "Ensures agents cannot cross-service impersonate."),
+            ("KMS: Is encryption enabled via Customer Managed Keys (CMK)?", "Production requirement for rest and transit.")
+        ]
+    },
+    {
+        "category": "📉 Operations",
+        "checks": [
+            ("Logging: Is Model Invocation Logging enabled?", "Mandatory for audit and compliance (Audit Manager)."),
+            ("Tracing: Are Agent Traces used to monitor orchestration?", "Provides visibility into RAG and reasoning logic."),
+            ("IaC: Is the agent deployed via CloudFormation or CDK?", "Ensures repeatable and stable deployments.")
+        ]
+    }
+]
+
+COPILOTKIT_CHECKLIST = [
+    {
+        "category": "🏗️ Core Architecture (CopilotKit)",
+        "checks": [
+            ("Platform: Is CopilotKit Cloud or Self-Hosted used?", "Determines control over infrastructure and state."),
+            ("State: Is shared state used for UI-Agent sync?", "Ensures the 'Face' remains aligned with the 'Engine'."),
+            ("Reconnection: Is reliable thread persistence enabled?", "Critical for long-running user sessions.")
+        ]
+    },
+    {
+        "category": "🛡️ Security & Guardrails",
+        "checks": [
+            ("Moderation: Is 'guardrails_c' configured in the Cloud?", "Uses OpenAI content moderation as a baseline."),
+            ("Auth: Is MFA and Conditional Access enforced via Entra/IAM?", "Ensures only trusted users can trigger agent actions."),
+            ("Labels: Are Microsoft Purview sensitivity labels applied?", "Controls what documents the Copilot can access."),
+            ("HITL: Are 'Human-in-the-Loop' checkpoints defined?", "Empowers users to guide agents at critical junctures.")
+        ]
+    },
+    {
+        "category": "📉 Deployment",
+        "checks": [
+            ("Staging: Is a staged rollout (pilot program) active?", "Best practice for minimizing AI-driven risks."),
+            ("Monitoring: Is activity logging integrated with SIEM?", "Provides anomalous activity detection (Sentinel).")
+        ]
+    }
+]
+
+LANGCHAIN_CHECKLIST = [
+    {
+        "category": "🏗️ LangChain / LangGraph Architecture",
+        "checks": [
+            ("State: Is a typed State Schema used for the graph?", "Ensures data integrity across complex agentic nodes."),
+            ("Persistence: Is a Checkpointer (Sqlite/Postgres) active?", "Mandatory for long-running agents and cross-session resume."),
+            ("Observability: Is LangSmith integrated for trace analysis?", "De-facto standard for debugging cyclic graph execution."),
+            ("Tooling: Are custom tools wrapped in @tool decorators?", "Ensures schema extraction and LLM compatibility (OpenAI/Anthropic).")
+        ]
+    },
+    {
+        "category": "🛡️ Security & Guardrails",
+        "checks": [
+            ("Loop: Is a 'Max Iterations' limit set on the Graph?", "Prevents infinite loops and runaway API costs."),
+            ("Secrets: Are API keys loaded via ChatOpenAI(api_key=...)?", "Ensures keys are injectable and not hardcoded."),
+            ("Moderation: Is a moderation node active in the graph?", "Pattern for real-time safety filtering of agent thoughts.")
+        ]
+    }
+]
+
+GENERIC_CHECKLIST = [
+    {
+        "category": "🏗️ General Agent Architecture",
+        "checks": [
+            ("Tooling: Does the agent use structured tool calling?", "Essential for reliable interactions."),
+            ("Orchestration: Is there a clear reason-act loop?", "Ensures agentic behavior."),
+            ("Observability: Are traces/logs being captured?", "Critical for debugging production agents.")
+        ]
+    },
+    {
+        "category": "🛡️ Security",
+        "checks": [
+            ("Sandbox: Are tools running in an isolated environment?", "Protects the host system."),
+            ("Input Validation: Are tool arguments validated?", "Prevents local execution attacks.")
+        ]
+    }
+]
+
+FIREBASE_CHECKLIST = [
+    {
+        "category": "🏗️ Firebase Infrastructure",
+        "checks": [
+            ("Hosting: Are security headers (HSTS, CSP) configured in firebase.json?", "Prevents cross-site scripting and hijacking."),
+            ("Firestore: Are composite indexes used for complex agent queries?", "Ensures high-performance data retrieval for RAG."),
+            ("Functions: Is 'Minimum Instances' set for critical agent tools?", "Reduces cold-start latency for backend tool execution."),
+            ("Rules: Are security rules locked down to 'request.auth'?", "Prevents unauthorized database access.")
+        ]
+    }
+]
+
+
+# --- MULTI-LANGUAGE / FRONTEND CHECKLISTS ---
+
+STREAMLIT_CHECKLIST = [
+    {
+        "category": "🏗️ Streamlit Architecture",
+        "checks": [
+            ("State Management: Using st.session_state for agent history?", "Critical for maintaining context in stateful agents."),
+            ("Async: Are long-running agent calls wrapped in st.spinner?", "Improves UX by providing immediate feedback."),
+            ("Secrets: Using .streamlit/secrets.toml instead of hardcoding?", "Standard for secure key management in Streamlit.")
+        ]
+    }
+]
+
+LIT_CHECKLIST = [
+    {
+        "category": "🏗️ Lit Web Components",
+        "checks": [
+            ("Protocol: Is A2UI BaseElement used for styling isolation?", "Ensures components work across different host apps."),
+            ("Reactivity: Are agent updates handled via @property decorator?", "Standard for efficient Lite-element updates."),
+            ("Shadow DOM: Are styles encapsulated to avoid platform leaking?", "Critical for distributing agent widgets to 3rd party sites.")
+        ]
+    }
+]
+
+ANGULAR_CHECKLIST = [
+    {
+        "category": "🏗️ Angular Enterprise Face",
+        "checks": [
+            ("Signals: Using Angular Signals for real-time agent updates?", "Modern reactive pattern for low-latency UIs."),
+            ("Interceptors: Is there a global error handler for Agent API timeouts?", "Ensures graceful degradation when LLMs are slow."),
+            ("DI: Is the Agent Engine abstracted as a Service?", "Promotes testability and clean architecture.")
+        ]
+    }
+]
+
+NODEJS_CHECKLIST = [
+    {
+        "category": "🏗️ NodeJS / TypeScript Engine",
+        "checks": [
+            ("Runtime: Using Bun or Node 20+ for native fetch?", "Optimizes performance for high-frequency API calls."),
+            ("Security: Is Helmet middleware active in the Face API?", "Hardens the Express/Hono server against common attacks."),
+            ("Types: Are Zod/Pydantic-like schemas used for tool outputs?", "Ensures type-safety across the agent-tool boundary.")
+        ]
+    }
+]
+
+GO_CHECKLIST = [
+    {
+        "category": "🏗️ Go High-Perf Engine",
+        "checks": [
+            ("Concurrency: Using Goroutines for parallel tool execution?", "Leverages Go's performance for multi-agent orchestration."),
+            ("Validation: Using struct tags for JSON schema enforcement?", "Standard for ensuring engine-face protocol compatibility."),
+            ("Tracing: Using OpenTelemetry for multi-hop agent traces?", "Mandatory for observability in complex Go agents.")
+        ]
+    }
+]
+
+
+FRAMEWORKS = {
+    "google": {
+
+
+        "name": "Google Vertex AI / ADK",
+        "checklist": GOOGLE_CHECKLIST,
+        "indicators": [r"google-cloud-aiplatform", r"vertexai", r"adk", r"Google Cloud"]
+    },
+    "openai": {
+        "name": "OpenAI / Agentkit",
+        "checklist": OPENAI_CHECKLIST,
+        "indicators": [r"openai", r"gpt-", r"Agentkit", r"Assistant API"]
+    },
+    "anthropic": {
+        "name": "Anthropic Claude / SDK",
+        "checklist": ANTHROPIC_CHECKLIST,
+        "indicators": [r"anthropic", r"claude", r"sonnet", r"opus", r"haiku"]
+    },
+    "microsoft": {
+        "name": "Microsoft Agent Framework / AutoGen",
+        "checklist": MICROSOFT_CHECKLIST,
+        "indicators": [r"autogen", r"semantic-kernel", r"microsoft-agent", r"TypeChat"]
+    },
+    "aws": {
+        "name": "AWS Bedrock Agents",
+        "checklist": AWS_CHECKLIST,
+        "indicators": [r"boto3", r"bedrock", r"aws-sdk", r"ActionGroup"]
+    },
+    "copilotkit": {
+        "name": "CopilotKit.ai",
+        "checklist": COPILOTKIT_CHECKLIST,
+        "indicators": [r"copilotkit", r"Guardrails_c", r"CopilotSidebar"]
+    },
+    "langchain": {
+        "name": "LangChain / LangGraph",
+        "checklist": LANGCHAIN_CHECKLIST,
+        "indicators": [r"langchain", r"langgraph", r"stategraph", r"checkpointer"]
+    },
+
+    "streamlit": {
+        "name": "Streamlit (Python)",
+        "checklist": STREAMLIT_CHECKLIST,
+        "indicators": [r"streamlit", r"st\.", r"st_chat_message"]
+    },
+    "lit": {
+        "name": "Lit / Web Components",
+        "checklist": LIT_CHECKLIST,
+        "indicators": [r"lit-element", r"lit-html", r"@customElement"]
+    },
+    "angular": {
+        "name": "Angular Face",
+        "checklist": ANGULAR_CHECKLIST,
+        "indicators": [r"@angular/core", r"NgModule", r"RxJS"]
+    },
+    "nodejs": {
+        "name": "NodeJS / TypeScript Engine",
+        "checklist": NODEJS_CHECKLIST,
+        "indicators": [r"package\.json", r"npm", r"node", r"express", r"hono"]
+    },
+    "go": {
+        "name": "Go High-Perf Engine",
+        "checklist": GO_CHECKLIST,
+        "indicators": [r"go\.mod", r"goroutine", r"golang"]
+    },
+    "firebase": {
+        "name": "Firebase / Google Cloud Hosting",
+        "checklist": FIREBASE_CHECKLIST,
+        "indicators": [r"firebase\.json", r"\.firebaserc", r"firestore"]
+    },
+    "generic": {
+
+        "name": "Generic Agentic Stack",
+        "checklist": GENERIC_CHECKLIST,
+        "indicators": []
+    }
+}
+
+
+def detect_framework(path: str = ".") -> str:
+    """ Detects the framework based on README or requirements.txt files. """
+    content = ""
+    # Check README.md
+    readme_path = os.path.join(path, "README.md")
+    if os.path.exists(readme_path):
+        with open(readme_path, "r") as f:
+            content += f.read()
+            
+    # Check requirements.txt, pyproject.toml, package.json, go.mod, or firebase.json
+    for filename in ["requirements.txt", "pyproject.toml", "package.json", "go.mod", "firebase.json", ".firebaserc"]:
+
+
+        file_path = os.path.join(path, filename)
+        if os.path.exists(file_path):
+            content += f" {filename} " # Include filename as indicator
+            with open(file_path, "r") as f:
+                content += f.read()
+
+    # Match indicators
+    for framework, data in FRAMEWORKS.items():
+        for indicator in data["indicators"]:
+            if re.search(indicator, content, re.IGNORECASE):
+                return framework
+                
+    return "generic"

agent_ops_cockpit/ops/mcp_hub.py

@@ -0,0 +1,35 @@
+from typing import List, Dict, Any
+import asyncio
+
+class MCPHub:
+    """
+    Model Context Protocol (MCP) Hub.
+    Optimizes tool discovery, execution, and cost across multiple providers.
+    """
+
+    def __init__(self):
+        self.registry = {
+            "search": {"type": "mcp", "provider": "google-search", "status": "optimized"},
+            "db": {"type": "mcp", "provider": "alloydb-vector", "status": "optimized"},
+            "legacy_crm": {"type": "rest_api", "provider": "internal", "status": "deprecated"}
+        }
+
+    async def execute_tool(self, tool_name: str, args: Dict[str, Any]):
+        """
+        Executes a tool via MCP if available, else falls back to legacy.
+        Logs metrics for the Flight Recorder.
+        """
+        if tool_name not in self.registry:
+            raise ValueError(f"Tool {tool_name} not found in MCP Registry.")
+        
+        config = self.registry[tool_name]
+        
+        if config["status"] == "deprecated":
+            print(f"⚠️  WARNING: Using legacy Tool API for '{tool_name}'. Migrate to MCP for 30% lower latency.")
+        
+        print(f"🛠️  Executing tool '{tool_name}' via {config['type']} protocol...")
+        await asyncio.sleep(0.1) # Simulating execution
+        
+        return {"result": f"Data from {tool_name}", "protocol": config["type"]}
+
+global_mcp_hub = MCPHub()

agent_ops_cockpit/ops/memory_optimizer.py

@@ -0,0 +1,44 @@
+import time
+from typing import Dict, Any, List
+
+class MemoryOptimizer:
+    """
+    Optimizes agent memory usage by implementing eviction policies and size limits.
+    Helps prevent 'Large System Instruction' bloat over long conversations.
+    """
+    
+    def __init__(self, max_items: int = 50, ttl_seconds: int = 3600):
+        self.max_items = max_items
+        self.ttl_seconds = ttl_seconds
+        self.memory: Dict[str, Dict[str, Any]] = {}
+
+    def add_event(self, event_id: str, data: Any):
+        """Adds an event to memory with a timestamp."""
+        # Eviction logic: If full, remove oldest
+        if len(self.memory) >= self.max_items:
+            oldest_key = min(self.memory.keys(), key=lambda k: self.memory[k]['timestamp'])
+            del self.memory[oldest_key]
+            
+        self.memory[event_id] = {
+            "data": data,
+            "timestamp": time.time()
+        }
+
+    def get_optimized_context(self) -> List[Any]:
+        """Returns memory filtered by TTL and sorted by recency."""
+        current_time = time.time()
+        valid_items = [
+            item['data'] for item in self.memory.values()
+            if (current_time - item['timestamp']) < self.ttl_seconds
+        ]
+        return valid_items
+
+    def compress_summaries(self, items: List[str]) -> str:
+        """
+        Placeholder for LLM-based summarization to compress memory.
+        In a real scenario, this would call a Flash model to summarize history.
+        """
+        return f"Summary of {len(items)} items..."
+
+# Global Instance for the Cockpit
+agent_memory_manager = MemoryOptimizer(max_items=20, ttl_seconds=1800)

agent_ops_cockpit/ops/orchestrator.py

@@ -0,0 +1,103 @@
+import os
+from datetime import datetime
+from rich.console import Console
+from rich.panel import Panel
+from rich.table import Table
+
+# Import from package namespace
+from agent_ops_cockpit.ops import arch_review, reliability, secret_scanner, ui_auditor
+from agent_ops_cockpit.eval import quality_climber, red_team
+from agent_ops_cockpit import optimizer
+
+console = Console()
+
+class CockpitOrchestrator:
+    """
+    Main orchestrator for AgentOps audits.
+    Runs Arch Review, Quality Baseline, Red Team, and Performance tests.
+    """
+    
+    def __init__(self):
+        self.timestamp = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+        self.report_path = "cockpit_final_report.md"
+        self.results = {}
+
+    def run_step(self, name: str, func, *args, **kwargs):
+        console.print(f"\n🚀 [bold]Step: {name}[/bold]")
+        try:
+            # Capturing output for internal functions is harder without redirecting stdout
+            # For now, we just execute them for the effect and note success
+            func(*args, **kwargs)
+            self.results[name] = {
+                "success": True,
+                "output": f"Audit {name} executed successfully."
+            }
+            console.print(f"✅ {name} Completed.")
+        except Exception as e:
+            self.results[name] = {"success": False, "output": str(e)}
+            console.print(f"❌ {name} Failed: {e}")
+
+    def generate_report(self):
+        report = [
+            "# 🏁 AgentOps Cockpit: Final Audit Report",
+            f"**Timestamp**: {self.timestamp}",
+            f"**Status**: {'PASS' if all(r['success'] for r in self.results.values()) else 'FAIL'}",
+            "\n---",
+            "\n## 📊 Executive Summary"
+        ]
+        
+        summary_table = Table(show_header=True, header_style="bold magenta")
+        summary_table.add_column("Audit Type")
+        summary_table.add_column("Status")
+        
+        for name, data in self.results.items():
+            status = "✅ PASS" if data["success"] else "❌ FAIL"
+            summary_table.add_row(name, status)
+            report.append(f"- **{name}**: {status}")
+
+        console.print("\n", summary_table)
+        
+        report.append("\n## 🔍 Detailed Findings")
+        for name, data in self.results.items():
+            report.append(f"\n### {name}")
+            report.append(data["output"])
+
+        report.append("\n---")
+        report.append("\n*Generated by the AgentOps Cockpit Orchestrator.*")
+        
+        with open(self.report_path, "w") as f:
+            f.write("\n".join(report))
+        
+        console.print(f"\n✨ [bold green]Final Report generated at {self.report_path}[/bold green]")
+
+def run_full_audit():
+    orchestrator = CockpitOrchestrator()
+    
+    console.print(Panel.fit(
+        "🕹️ [bold blue]AGENTOPS COCKPIT: FULL SYSTEM AUDIT[/bold blue]\nLaunching all governance and optimization modules...",
+        border_style="blue"
+    ))
+
+    # 1. Architecture Review
+    orchestrator.run_step("Architecture Review", arch_review.audit, path=".")
+    
+    # 2. Quality Baseline
+    orchestrator.run_step("Quality Baseline", quality_climber.audit, path=".")
+    
+    # 3. Security & Secrets
+    orchestrator.run_step("Secret Scanner (Leak Detection)", secret_scanner.scan, path=".")
+    orchestrator.run_step("Adversarial Security (Red Team)", red_team.audit, agent_path="src/backend/agent.py")
+    
+    # 4. Face (UI/UX) Audit
+    orchestrator.run_step("UI/UX Quality (Face Auditor)", ui_auditor.audit, path="src")
+    
+    # 5. Token Optimization Audit
+    orchestrator.run_step("Token Optimization Audit", optimizer.audit, file_path="src/backend/agent.py", interactive=False)
+
+    # 6. Reliability Audit (Unit + Regression)
+    orchestrator.run_step("Reliability (Unit + Regression)", reliability.run_tests)
+
+    orchestrator.generate_report()
+
+if __name__ == "__main__":
+    run_full_audit()

agent_ops_cockpit/ops/pii_scrubber.py

@@ -0,0 +1,47 @@
+import re
+from typing import Dict, Any, List
+from rich.console import Console
+
+console = Console()
+
+class PIIScrubber:
+    """
+    Standard AgentOps PII Scrubber.
+    Detects and masks sensitive information before it reaches the LLM.
+    """
+    
+    PATTERNS = {
+        "EMAIL": r"[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}",
+        "PHONE": r"\b(?:\+?1[-. ]?)?\(?([2-9][0-8][0-9])\)?[-. ]?([2-9][0-9]{2})[-. ]?([0-9]{4})\b",
+        "CREDIT_CARD": r"\b(?:\d{4}[ -]?){3}\d{4}\b",
+        "SSN": r"\b\d{3}-\d{2}-\d{4}\b",
+        "IPV4": r"\b(?:\d{1,3}\.){3}\d{1,3}\b"
+    }
+
+    def __init__(self, enabled: bool = True):
+        self.enabled = enabled
+
+    def scrub(self, text: str) -> str:
+        """Scan and mask patterns in the text."""
+        if not self.enabled:
+            return text
+            
+        scrubbed_text = text
+        for label, pattern in self.PATTERNS.items():
+            scrubbed_text = re.sub(pattern, f"[[MASKED_{label}]]", scrubbed_text)
+            
+        return scrubbed_text
+
+    def audit_report(self, text: str) -> Dict[str, Any]:
+        """Detect findings without masking for auditing purposes."""
+        findings = {}
+        for label, pattern in self.PATTERNS.items():
+            matches = re.findall(pattern, text)
+            if matches:
+                findings[label] = len(matches)
+        return findings
+
+def agent_pii_middleware(prompt: str) -> str:
+    """Drop-in middleware for agent prompts."""
+    scrubber = PIIScrubber()
+    return scrubber.scrub(prompt)