agentops-cockpit 0.9.7__py3-none-any.whl → 0.9.8__py3-none-any.whl

agent_ops_cockpit/ops/auditors/behavioral.py

@@ -0,0 +1,31 @@
+from tenacity import retry, wait_exponential, stop_after_attempt
+from tenacity import retry, wait_exponential, stop_after_attempt
+from tenacity import retry, wait_exponential, stop_after_attempt
+import ast
+import json
+import os
+from typing import List
+from .base import BaseAuditor, AuditFinding
+
+class BehavioralAuditor(BaseAuditor):
+    """
+    v1.1 Enterprise Architect: Behavioral & Trace Auditor.
+    Compares runtime traces (JSON) against static code promises.
+    """
+
+    def audit(self, tree: ast.AST, content: str, file_path: str) -> List[AuditFinding]:
+        findings = []
+        trace_path = os.path.join(os.path.dirname(file_path), 'trace.json')
+        if not os.path.exists(trace_path):
+            return []
+        try:
+            with open(trace_path, 'r') as f:
+                trace_data = json.load(f)
+            if 'mask' in content.lower() or 'pii' in content.lower():
+                for entry in trace_data.get('logs', []):
+                    message = entry.get('message', '')
+                    if '@' in message and '.' in message:
+                        findings.append(AuditFinding(category='🎭 Behavioral', title='Trace-to-Code Mismatch (PII Leak)', description=f"Code promises PII masking, but trace.json contains raw email patterns at {entry.get('timestamp')}.", impact='CRITICAL', roi="Ensure semantic masking logic handles 'suffix+alias' patterns correctly.", file_path=file_path))
+        except Exception:
+            pass
+        return findings

agent_ops_cockpit/ops/auditors/compliance.py

@@ -0,0 +1,35 @@
+import ast
+from typing import List
+from .base import BaseAuditor, AuditFinding
+
+class ComplianceAuditor(BaseAuditor):
+    """
+    v1.1 Enterprise Architect: Governance & Compliance Auditor.
+    Maps code flaws to specific audit controls (SOC2, HIPAA, NIST).
+    """
+    def audit(self, tree: ast.AST, content: str, file_path: str) -> List[AuditFinding]:
+        findings = []
+        
+        # Check for Audit Logging (SOC2 CC6.1 - Access Monitoring)
+        if "log" not in content.lower():
+            findings.append(AuditFinding(
+                category="⚖️ Compliance",
+                title="SOC2 Control Gap: Missing Transit Logging",
+                description="No logging detected in mission-critical file. SOC2 CC6.1 requires audit trails for all system access.",
+                impact="HIGH",
+                roi="Critical for passing external audits and root-cause analysis.",
+                file_path=file_path
+            ))
+
+        # Check for HIPAA (Encryption at Rest - Simplified)
+        if "sql" in content.lower() or "db" in content.lower():
+            if "encrypt" not in content.lower() and "secret" not in content.lower():
+                findings.append(AuditFinding(
+                    category="⚖️ Compliance",
+                    title="HIPAA Risk: Potential Unencrypted ePHI",
+                    description="Database interaction detected without explicit encryption or secret management headers.",
+                    impact="CRITICAL",
+                    roi="Avoid legal penalties by enforcing encryption headers in database client configuration."
+                ))
+
+        return findings

agent_ops_cockpit/ops/auditors/dependency.py

@@ -0,0 +1,48 @@
+import ast
+import os
+import re
+from typing import List
+from .base import BaseAuditor, AuditFinding
+
+class DependencyAuditor(BaseAuditor):
+    """
+    v1.1 Enterprise Architect: Dependency Fragility Auditor.
+    Scans pyproject.toml and requirements.txt for version drift and known conflicts.
+    """
+    KNOW_CONFLICTS = [
+        ("langchain", "0.1.0", "crewai", "0.30.0", "Breaking change in BaseCallbackHandler. Expect runtime crashes during tool execution.")
+    ]
+
+    def audit(self, tree: ast.AST, content: str, file_path: str) -> List[AuditFinding]:
+        findings = []
+        
+        # Only check dependencies once per audit root (if we detect we are in the root)
+        if not file_path.endswith(("pyproject.toml", "requirements.txt")):
+            return []
+
+        # Simple regex for dependency parsing (v1.1)
+        deps = re.findall(r"(['\"]?\w+['\"]?)\s*[>=<]{1,2}\s*([\d\.]*)", content)
+        dep_map = {name.strip("'\""): version for name, version in deps}
+
+        for p1, v1_min, p2, v2_min, reason in self.KNOW_CONFLICTS:
+            if p1 in dep_map and p2 in dep_map:
+                findings.append(AuditFinding(
+                    category="📦 Dependency",
+                    title="Version Drift Conflict Detected",
+                    description=f"Detected potential conflict between {p1} and {p2}. {reason}",
+                    impact="HIGH",
+                    roi="Prevent runtime failures and dependency hell before deployment.",
+                    file_path=file_path
+                ))
+
+        # Licensing Check
+        if "agpl" in content.lower():
+             findings.append(AuditFinding(
+                category="⚖️ Compliance",
+                title="Restrictive License Warning",
+                description="AGPL-licensed dependency found. This may require full source disclosure for the entire project.",
+                impact="MEDIUM",
+                roi="Avoid legal risk by switching to MIT/Apache alternatives."
+            ))
+
+        return findings

agent_ops_cockpit/ops/auditors/finops.py

@@ -0,0 +1,48 @@
+from tenacity import retry, wait_exponential, stop_after_attempt
+import ast
+import re
+from typing import List
+from .base import BaseAuditor, AuditFinding
+
+class FinOpsAuditor(BaseAuditor):
+    """
+    v1.2 Principal SME: FinOps & Economic Sustainability Auditor.
+    Projects TCO and identifies missed caching opportunities for high-volume agents.
+    """
+    MODEL_PRICES = {
+        'gemini-1.5-pro': 3.5, 
+        'gemini-1.5-flash': 0.35, 
+        'gpt-4': 10.0, 
+        'gpt-3.5': 0.5
+    }
+
+    def audit(self, tree: ast.AST, content: str, file_path: str) -> List[AuditFinding]:
+        findings = []
+        
+        # 1. Model TCO Projection
+        for model, price in self.MODEL_PRICES.items():
+            if model in content.lower():
+                has_loop = re.search(r'for\s+\w+\s+in', content)
+                multiplier = 10 if has_loop else 1
+                projected_cost = price * multiplier
+                findings.append(AuditFinding(
+                    category="💰 FinOps",
+                    title=f"Inference Cost Projection ({model})",
+                    description=f"Detected {model} usage. Projected TCO over 1M tokens: ${projected_cost:.2f}.",
+                    impact="INFO",
+                    roi=f"Switching to Flash-equivalent could reduce projected cost to ${0.35 * multiplier:.2f}."
+                ))
+
+        # 2. Context Caching Opportunity
+        docstrings = re.findall(r'"""([\s\S]*?)"""|\'\'\'([\s\S]*?)\'\'\'', content)
+        has_large_prompt = any(len(d[0] or d[1]) > 500 for d in docstrings)
+        if has_large_prompt and 'CachingConfig' not in content:
+            findings.append(AuditFinding(
+                category="💰 FinOps",
+                title="Context Caching Opportunity",
+                description="Large static system instructions detected without CachingConfig.",
+                impact="HIGH",
+                roi="Implement Vertex AI Context Caching to reduce repeated prefix costs by 90%."
+            ))
+
+        return findings

agent_ops_cockpit/ops/auditors/graph.py

@@ -0,0 +1,49 @@
+import ast
+from typing import List
+from .base import BaseAuditor, AuditFinding
+
+class DeepGraphAuditor(BaseAuditor):
+    """
+    Analyzes the 'Seams' between components and identifies dependency risks.
+    """
+    def audit(self, tree: ast.AST, content: str, file_path: str) -> List[AuditFinding]:
+        findings = []
+        
+        # 1. Dependency Cycle Detection (Simplified for AST)
+        # Look for circular imports or cross-module logic smells
+        imports = []
+        for node in ast.walk(tree):
+            if isinstance(node, (ast.Import, ast.ImportFrom)):
+                if isinstance(node, ast.Import):
+                    for alias in node.names:
+                        imports.append(alias.name)
+                else:
+                    if node.module:
+                        imports.append(node.module)
+
+        # 2. Hanging Tool Call Detection (Zombies)
+        # Look for async calls without timeouts or cancellation guards
+        for node in ast.walk(tree):
+            if isinstance(node, ast.Await):
+                if isinstance(node.value, ast.Call):
+                    # Check for 'timeout' or 'wait' arguments in the call
+                    has_timeout = any(kw.arg == "timeout" for kw in node.value.keywords)
+                    if not has_timeout:
+                        func_name = ""
+                        if isinstance(node.value.func, ast.Name):
+                            func_name = node.value.func.id
+                        elif isinstance(node.value.func, ast.Attribute):
+                            func_name = node.value.func.attr
+                        
+                        if any(x in func_name.lower() for x in ["get", "post", "fetch", "invoke", "call"]):
+                             findings.append(AuditFinding(
+                                category="🧗 Resiliency",
+                                title="Zombie Tool Call Detected",
+                                description=f"Async call to '{func_name}' lacks a timeout. This risks 'Hanging Workers' in high-concurrency environments.",
+                                impact="HIGH",
+                                roi="Prevents thread-pool exhaustion and 99th percentile latency spikes.",
+                                line_number=node.lineno,
+                                file_path=file_path
+                            ))
+
+        return findings

agent_ops_cockpit/ops/auditors/pivot.py

@@ -0,0 +1,51 @@
+import ast
+import re
+from typing import List
+from .base import BaseAuditor, AuditFinding
+
+class PivotAuditor(BaseAuditor):
+    """
+    v1.2 Principal SME: Strategic Pivot Auditor.
+    Reasons across multiple dimensions (Cost, Sovereignty, Protocol) to suggest 
+    high-level architectural shifts (e.g., OpenAI -> Gemma2, REST -> MCP).
+    """
+    
+    def audit(self, tree: ast.AST, content: str, file_path: str) -> List[AuditFinding]:
+        findings = []
+        
+        # 1. Model Pivot: OpenAI/GPT -> Sovereign/Open Source (Gemma2)
+        if re.search(r"gpt-4|gpt-3\.5|openai", content.lower()):
+            findings.append(AuditFinding(
+                category="🚀 Strategic Pivot",
+                title="Sovereign Model Migration Opportunity",
+                description="Detected OpenAI dependency. For maximum Data Sovereignty and 40% TCO reduction, consider pivoting to Gemma2 or Llama3-70B on Vertex AI Prediction endpoints.",
+                impact="HIGH",
+                roi="Eliminates cross-border data risk and reduces projected inference TCO.",
+                file_path=file_path
+            ))
+
+        # 2. Protocol Pivot: Legacy REST -> Model Context Protocol (MCP)
+        # Look for raw requests or aiohttp calls within 'tools' or 'mcp' directories
+        if ("tools" in file_path or "mcp" in file_path) and re.search(r"requests\.|aiohttp\.", content):
+            findings.append(AuditFinding(
+                category="🚀 Strategic Pivot",
+                title="Legacy Tooling -> MCP Migration",
+                description="Detected raw REST calls in a tool-heavy module. Migrating to Model Context Protocol (MCP) would provide unified governance, better tool discovery, and standardized error handling.",
+                impact="MEDIUM",
+                roi="Future-proofs the tool layer and enables interoperability with MCP-native ecosystems.",
+                file_path=file_path
+            ))
+
+        # 3. Compute Pivot: Cloud Run -> GKE (Scale reasoning)
+        # Heuristic: If we see many service definitions or complex scaling params
+        if "deploy" in content.lower() and "scaling" in content.lower():
+             findings.append(AuditFinding(
+                category="🚀 Strategic Pivot",
+                title="Compute Scaling Optimization",
+                description="Detected complex scaling logic. If traffic exceeds 10k RPS, consider pivoting from Cloud Run to GKE with Anthos for hybrid-cloud sovereignty.",
+                impact="INFO",
+                roi="Optimizes unit cost at extreme scale while maintaining multi-cloud flexibility.",
+                file_path=file_path
+            ))
+
+        return findings

agent_ops_cockpit/ops/auditors/reasoning.py

@@ -0,0 +1,67 @@
+import ast
+import re
+from typing import List
+from .base import BaseAuditor, AuditFinding
+
+class ReasoningAuditor(BaseAuditor):
+    """
+    The 'Shadow Consultant' reasoning engine.
+    Performs Phase 2 Active Reasoning: identifying trade-offs, bottlenecks, and intent.
+    """
+    def audit(self, tree: ast.AST, content: str, file_path: str) -> List[AuditFinding]:
+        findings = []
+        
+        # 1. Intent Detection: Look for 'Seams' between frameworks
+        if "langgraph" in content.lower() and "crewai" in content.lower():
+             findings.append(AuditFinding(
+                category="🏗️ Architecture",
+                title="Strategic Conflict: Multi-Orchestrator Setup",
+                description="Detected both LangGraph and CrewAI. Using two loop managers is a 'High-Entropy' pattern that often leads to cyclic state deadlocks.",
+                impact="HIGH",
+                roi="Recommend using LangGraph for 'Brain' and CrewAI for 'Task Workers' to ensure state consistency.",
+                file_path=file_path
+            ))
+
+        # 2. Logic Probing: Sequential await profiling
+        async_funcs = [n for n in ast.walk(tree) if isinstance(n, ast.AsyncFunctionDef)]
+        for func in async_funcs:
+            awaits = [n for n in ast.walk(func) if isinstance(n, ast.Await)]
+            if len(awaits) >= 3:
+                # Check if awaits are independent (not using results of previous yields)
+                # This is a 'Reasoning' step over the AST
+                findings.append(AuditFinding(
+                    category="🧗 Reliability",
+                    title="Sequential Data Fetching Bottleneck",
+                    description=f"Function '{func.name}' has {len(awaits)} sequential await calls. This increases latency lineary (T1+T2+T3).",
+                    impact="MEDIUM",
+                    roi="Parallelizing these calls could reduce latency by up to 60%.",
+                    line_number=func.lineno,
+                    file_path=file_path
+                ))
+
+        # 3. FinOps Reasoning: High-tier model in loops
+        # (Simulated reasoning: we look for model strings and for loops together)
+        if re.search(r"gemini-1\.5-pro|gpt-4", content) and re.search(r"for\s+\w+\s+in", content):
+             if any(x in content.lower() for x in ["classify", "label", "is_", "has_"]):
+                findings.append(AuditFinding(
+                    category="💰 FinOps",
+                    title="Model Efficiency Regression",
+                    description="High-tier model (Pro/GPT-4) detected inside a loop performing simple classification tasks.",
+                    impact="HIGH",
+                    roi="Pivoting to Gemini 1.5 Flash for this loop reduces token spend by 90% with zero accuracy loss.",
+                    file_path=file_path
+                ))
+
+        # 4. Context Bloat Analysis (Prompt Logic)
+        long_prompts = re.findall(r"['\"]{3}([\s\S]{5000,})['\"]{3}", content)
+        if long_prompts:
+            findings.append(AuditFinding(
+                category="📉 Efficiency",
+                title="Architectural Prompt Bloat",
+                description="Massive static context (>5k chars) detected in system instruction. This risks 'Lost in the Middle' hallucinations.",
+                impact="MEDIUM",
+                roi="Pivot to a RAG (Retrieval Augmented Generation) pattern to improve factual grounding accuracy.",
+                file_path=file_path
+            ))
+
+        return findings

agent_ops_cockpit/ops/auditors/reliability.py

@@ -0,0 +1,53 @@
+from tenacity import retry, wait_exponential, stop_after_attempt
+import ast
+from typing import List
+from .base import BaseAuditor, AuditFinding
+
+class ReliabilityAuditor(BaseAuditor):
+    """
+    Analyzes code for execution patterns, identifying sequential bottlenecks and missing resiliency.
+    """
+
+    def audit(self, tree: ast.AST, content: str, file_path: str) -> List[AuditFinding]:
+        findings = []
+        for node in ast.walk(tree):
+            if isinstance(node, (ast.FunctionDef, ast.AsyncFunctionDef)):
+                await_nodes = [n for n in ast.walk(node) if isinstance(n, ast.Await)]
+                if len(await_nodes) > 2:
+                    findings.append(AuditFinding(category='🧗 Reliability & Perf', title='Sequential Bottleneck Detected', description="Multiple sequential 'await' calls identified. This increases total latency linearly.", impact='MEDIUM', roi='Reduces latency by up to 50% using asyncio.gather().', line_number=node.lineno, file_path=file_path))
+            if isinstance(node, ast.Call):
+                func_name = ''
+                if isinstance(node.func, ast.Name):
+                    func_name = node.func.id
+                elif isinstance(node.func, ast.Attribute):
+                    func_name = node.func.attr
+                if any((x in func_name.lower() for x in ['get', 'post', 'request', 'fetch', 'query'])):
+                    parent = self._get_parent_function(tree, node)
+                    if parent and (not self._is_decorated_with_retry(parent)):
+                        findings.append(AuditFinding(category='🧗 Reliability', title='Missing Resiliency Logic', description=f"External call '{func_name}' is not protected by retry logic.", impact='HIGH', roi='Increases up-time and handles transient network failures.', line_number=node.lineno, file_path=file_path))
+            if isinstance(node, (ast.Assign, ast.AnnAssign)):
+                if isinstance(node.value, (ast.Constant, ast.JoinedStr)):
+                    val = ''
+                    if isinstance(node.value, ast.Constant) and isinstance(node.value.value, str):
+                        val = node.value.value
+                    elif isinstance(node.value, ast.JoinedStr):
+                        val = ''.join([s.value for s in node.value.values if isinstance(s, ast.Constant)])
+                    if len(val) > 20 and any((x in val.lower() for x in ['act as', 'you are', 'instruction'])):
+                        if not any((x in val.lower() for x in ["don't know", 'unsure', 'refuse', 'do not make up'])):
+                            findings.append(AuditFinding(category='🧗 Reliability', title='High Hallucination Risk', description="System prompt lacks negative constraints (e.g., 'If you don't know, say I don't know').", impact='HIGH', roi='Reduces autonomous failures by enforcing refusal boundaries.', line_number=node.lineno, file_path=file_path))
+        return findings
+
+    def _get_parent_function(self, tree, node):
+        for p in ast.walk(tree):
+            if isinstance(p, (ast.FunctionDef, ast.AsyncFunctionDef)):
+                if any((n is node for n in ast.walk(p))):
+                    return p
+        return None
+
+    def _is_decorated_with_retry(self, node):
+        for decorator in node.decorator_list:
+            if isinstance(decorator, ast.Name) and 'retry' in decorator.id.lower():
+                return True
+            if isinstance(decorator, ast.Call) and isinstance(decorator.func, ast.Name) and ('retry' in decorator.func.id.lower()):
+                return True
+        return False

agent_ops_cockpit/ops/auditors/security.py

@@ -0,0 +1,87 @@
+import ast
+import re
+from typing import List
+from .base import BaseAuditor, AuditFinding
+
+class SecurityAuditor(BaseAuditor):
+    """
+    Reasoning-based Security Auditor.
+    Scans for 'Seams' where unsanitized user input flows into LLM calls or Tool execution.
+    """
+    def audit(self, tree: ast.AST, content: str, file_path: str) -> List[AuditFinding]:
+        findings = []
+        
+        # Track variables that might contain raw user input
+        input_vars = set(["prompt", "user_input", "query", "request"])
+        sanitized_vars = set()
+        
+        for node in ast.walk(tree):
+            # Track sanitization calls
+            if isinstance(node, ast.Assign):
+                if isinstance(node.value, ast.Call):
+                    # If we call a scrubber, mark the target as sanitized
+                    func_name = ""
+                    if isinstance(node.value.func, ast.Name):
+                        func_name = node.value.func.id
+                    elif isinstance(node.value.func, ast.Attribute):
+                        func_name = node.value.func.attr
+                    
+                    if any(x in func_name.lower() for x in ["scrub", "mask", "sanitize", "guard", "filter"]):
+                        for target in node.targets:
+                            if isinstance(target, ast.Name):
+                                sanitized_vars.add(target.id)
+            
+            # Detect LLM invocations with unsanitized inputs
+            if isinstance(node, ast.Call):
+                func_name = ""
+                if isinstance(node.func, ast.Name):
+                    func_name = node.func.id
+                elif isinstance(node.func, ast.Attribute):
+                    func_name = node.func.attr
+                
+                if any(x in func_name.lower() for x in ["invoke", "generate", "call", "chat", "predict"]):
+                    # Check arguments
+                    for arg in node.args:
+                        if isinstance(arg, ast.Name) and (arg.id in input_vars) and (arg.id not in sanitized_vars):
+                            findings.append(AuditFinding(
+                                category="🛡️ Security",
+                                title="Prompt Injection Susceptibility",
+                                description=f"The variable '{arg.id}' flows into an LLM call without detected sanitization logic (e.g., scrub/guard).",
+                                impact="CRITICAL",
+                                roi="Prevents prompt injection attacks by 99%.",
+                                line_number=node.lineno,
+                                file_path=file_path
+                            ))
+
+        # Secret Scanning (v1.1)
+        for node in ast.walk(tree):
+            if isinstance(node, ast.Assign):
+                for target in node.targets:
+                    if isinstance(target, ast.Name):
+                        if any(x in target.id.lower() for x in ["key", "token", "secret", "password", "auth"]):
+                            if isinstance(node.value, ast.Constant) and isinstance(node.value.value, str):
+                                val = node.value.value
+                                if len(val) > 16 and re.search(r"\d", val) and re.search(r"[a-zA-Z]", val):
+                                    findings.append(AuditFinding(
+                                        category="🛡️ Security",
+                                        title="Hardcoded Secret Detected",
+                                        description=f"Variable '{target.id}' appears to contain a hardcoded credential.",
+                                        impact="CRITICAL",
+                                        roi="Prevent catastrophic credential leaks by using Google Secret Manager.",
+                                        line_number=node.lineno,
+                                        file_path=file_path
+                                    ))
+
+        # Look for TODOs in comments
+        if "// todo" in content.lower() or "# todo" in content.lower():
+            if "mask" in content.lower() or "pii" in content.lower():
+                 findings.append(AuditFinding(
+                    category="🛡️ Security",
+                    title="Incomplete PII Protection",
+                    description="Source code contains 'TODO' comments related to PII masking. Active protection is currently absent.",
+                    impact="HIGH",
+                    roi="Closes compliance gap for GDPR/SOC2.",
+                    file_path=file_path
+                ))
+
+        return findings

agent_ops_cockpit/ops/auditors/sme_v12.py

@@ -0,0 +1,76 @@
+import ast
+import re
+from typing import List
+from .base import BaseAuditor, AuditFinding
+
+class HITLAuditor(BaseAuditor):
+    """
+    v1.2 Principal SME: Human-in-the-Loop (HITL) Policy Auditor.
+    Flags high-risk "write" permissions that lack explicit approval gates.
+    """
+    SENSITIVE_ACTIONS = [
+        (r"(?i)transfer", "Financial Transfer"),
+        (r"(?i)delete", "Resource Deletion"),
+        (r"(?i)update_policy", "Policy Modification"),
+        (r"(?i)send_email", "External Communication"),
+        (r"(?i)purchase", "Procurement")
+    ]
+
+    def audit(self, tree: ast.AST, content: str, file_path: str) -> List[AuditFinding]:
+        findings = []
+        
+        for node in ast.walk(tree):
+            # Check function definitions for sensitive names
+            if isinstance(node, ast.FunctionDef):
+                for pattern, category in self.SENSITIVE_ACTIONS:
+                    if re.search(pattern, node.name):
+                        # Look for 'human_approval' or 'require_approval' in arguments or decorator
+                        has_gate = any(arg.arg in ["human_approval", "require_approval", "gate"] for arg in node.args.args)
+                        
+                        # Also check decorators
+                        if not has_gate:
+                            for decorator in node.decorator_list:
+                                if isinstance(decorator, ast.Name) and "gate" in decorator.id.lower():
+                                    has_gate = True
+                                elif isinstance(decorator, ast.Call) and isinstance(decorator.func, ast.Name) and "gate" in decorator.func.id.lower():
+                                    has_gate = True
+
+                        if not has_gate:
+                            findings.append(AuditFinding(
+                                category="🛡️ HITL Guardrail",
+                                title=f"Ungated {category} Action",
+                                description=f"Function '{node.name}' performs a high-risk action but lacks a 'human_approval' flag or security gate.",
+                                impact="CRITICAL",
+                                roi="Prevents autonomous catastrophic failures and unauthorized financial moves.",
+                                line_number=node.lineno,
+                                file_path=file_path
+                            ))
+
+        return findings
+
+class A2AAuditor(BaseAuditor):
+    """
+    v1.2 Principal SME: Agent-to-Agent (A2A) Efficiency Auditor.
+    Detects "Chatter Bloat" where agents pass excessive state objects.
+    """
+    def audit(self, tree: ast.AST, content: str, file_path: str) -> List[AuditFinding]:
+        findings = []
+        
+        # Look for patterns like passing 'state' or 'full_context' in a2a calls
+        for node in ast.walk(tree):
+            if isinstance(node, ast.Call):
+                # Heuristic: passing a variable named 'state', 'context', or 'message_log'
+                for arg in node.args:
+                    if isinstance(arg, ast.Name) and arg.id in ["state", "full_context", "messages", "history"]:
+                        # Detection of "Chatter Bloat"
+                        findings.append(AuditFinding(
+                            category="📉 A2A Efficiency",
+                            title="A2A Chatter Bloat Detected",
+                            description=f"Passing entire variable '{arg.id}' to tool/agent call. This introduces high latency and token waste.",
+                            impact="MEDIUM",
+                            roi="Reduces token cost and latency by 30-50% through surgical state passing.",
+                            line_number=node.lineno,
+                            file_path=file_path
+                        ))
+
+        return findings

agent_ops_cockpit/ops/auditors/sovereignty.py

@@ -0,0 +1,74 @@
+import ast
+import re
+from typing import List
+from .base import BaseAuditor, AuditFinding
+
+class SovereigntyAuditor(BaseAuditor):
+    """
+    v1.1 Phase 6: The Sovereign. 
+    Audits for Multi-Cloud Portability and Data Residency (GDPR/EU Sovereign).
+    Detects Vendor Lock-in (Hardcoded Provider Specifics).
+    """
+    VULNERABLE_PATTERNS = [
+        (r"project[-_]id\s*=\s*['\"][\w-]+['\"]", "Hardcoded GCP Project ID. Use environment variables for portability."),
+        (r"region\s*=\s*['\"]us-[\w-]+['\"]", "Hardcoded US Region. Risk to EU Data Sovereignty if not configured per environment."),
+        (r"aws_[\w-]+\s*=\s*['\"]", "AWS-specific credential detected. Ensure abstraction layer for Multi-Cloud."),
+        (r"azure_[\w-]+\s*=\s*['\"]", "Azure-specific endpoint detected. Risk of vendor lock-in.")
+    ]
+
+    def audit(self, tree: ast.AST, content: str, file_path: str) -> List[AuditFinding]:
+        findings = []
+
+        # 1. Vendor Lock-in Check (Hardcoded IDs/Regions)
+        for pattern, reason in self.VULNERABLE_PATTERNS:
+            matches = re.finditer(pattern, content)
+            for match in matches:
+                # Find the line number based on char offset
+                line_no = content.count('\n', 0, match.start()) + 1
+                findings.append(AuditFinding(
+                    category="🌍 Sovereignty",
+                    title="Vendor Lock-in Risk",
+                    description=reason,
+                    impact="MEDIUM",
+                    roi="Enables Multi-Cloud failover and EU sovereignty compliance.",
+                    line_number=line_no,
+                    file_path=file_path
+                ))
+
+        # 2. Data Residency Audit (Sovereign Cloud patterns)
+        if "google.cloud" in content and "europe-" not in content.lower():
+            if "gdpr" in content.lower() or "compliance" in content.lower():
+                findings.append(AuditFinding(
+                    category="🌍 Sovereignty",
+                    title="EU Data Sovereignty Gap",
+                    description="Compliance code detected but no European region routing found. Risk of non-compliance with EU data residency laws.",
+                    impact="HIGH",
+                    roi="Prevents multi-million Euro GDPR fines.",
+                    file_path=file_path
+                ))
+
+        # 3. Cloud Agnostic Interface Audit
+        direct_sdks = ["vertexai", "boto3", "azure-identity"]
+        for sdk in direct_sdks:
+            if f"import {sdk}" in content or f"from {sdk}" in content:
+                findings.append(AuditFinding(
+                    category="🌍 Sovereignty",
+                    title="Direct Vendor SDK Exposure",
+                    description=f"Directly importing '{sdk}'. Consider wrapping in a provider-agnostic bridge to allow Multi-Cloud mobility.",
+                    impact="LOW",
+                    roi="Reduces refactoring cost during platform migration.",
+                    file_path=file_path
+                ))
+
+        # 4. v1.3 Strategic Exit: TCO & Migration Plan
+        if any(x in content.lower() for x in ["vertexai", "google.cloud"]):
+            findings.append(AuditFinding(
+                category="🌍 Sovereignty",
+                title="Strategic Exit Plan (Cloud)",
+                description="Detected hardcoded cloud dependencies. For a 'Category Killer' grade, implement an abstraction layer that allows switching to Gemma 2 on GKE.",
+                impact="INFO",
+                roi="Estimated 12% OpEx reduction via open-source pivot. Exit effort: ~14 lines of code.",
+                file_path=file_path
+            ))
+
+        return findings