agentx-security-sdk 0.3.2__tar.gz → 0.3.4__tar.gz

{agentx_security_sdk-0.3.2 → agentx_security_sdk-0.3.4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: agentx-security-sdk
-Version: 0.3.2
+Version: 0.3.4
 Summary: The self-healing exception handler for autonomous AI agents.
 Home-page: https://github.com/vdalal/semantic-gateway
 Author: AgentX Core Team
@@ -118,6 +118,12 @@ cd backend
 uvicorn gateway:app --host "0.0.0.0" --port=8000
 ```
 
+> **Both commands above build the gateway from source** (internal / source-access).
+> The gateway is closed-source, so **design partners run a prebuilt private image
+> instead** — `pip install agentx-security-sdk` does not ship it. Request access at
+> [agentx-core.com](https://agentx-core.com); once granted, the starter kit in
+> [`deploy/partner/`](deploy/partner/) pulls and runs the image (no source needed).
+
 The reasoning engine is now listening on http://localhost:8000. In `local`/`linked` mode it owns the policy lifecycle from a local SQLite store (seeded on first boot, editable via the Policy & Discovery tabs); in `cloud` mode it mirrors policies from your Supabase-backed Control Plane.
 
 ---

{agentx_security_sdk-0.3.2 → agentx_security_sdk-0.3.4}/README.md

@@ -93,6 +93,12 @@ cd backend
 uvicorn gateway:app --host "0.0.0.0" --port=8000
 ```
 
+> **Both commands above build the gateway from source** (internal / source-access).
+> The gateway is closed-source, so **design partners run a prebuilt private image
+> instead** — `pip install agentx-security-sdk` does not ship it. Request access at
+> [agentx-core.com](https://agentx-core.com); once granted, the starter kit in
+> [`deploy/partner/`](deploy/partner/) pulls and runs the image (no source needed).
+
 The reasoning engine is now listening on http://localhost:8000. In `local`/`linked` mode it owns the policy lifecycle from a local SQLite store (seeded on first boot, editable via the Policy & Discovery tabs); in `cloud` mode it mirrors policies from your Supabase-backed Control Plane.
 
 ---

{agentx_security_sdk-0.3.2 → agentx_security_sdk-0.3.4}/agentx_sdk/cli.py

@@ -206,6 +206,130 @@ def execute_vector_seed_compilation(gateway_url, api_key, output_dir=".agentx"):
         print("=" * 75)
         sys.exit(1)
 
+def _contribution_consent_value(env):
+    """Return the explicit AGENTX_CONTRIBUTE choice (True/False) if the developer
+    has set it (process env first, then .env), else None (undecided)."""
+    raw = os.environ.get("AGENTX_CONTRIBUTE")
+    if raw is None:
+        raw = env.get("AGENTX_CONTRIBUTE")
+    if raw is None:
+        return None
+    return raw.strip().lower() in ("1", "true", "yes", "on")
+
+
+def _persist_contribution_choice(value):
+    """Append AGENTX_CONTRIBUTE to ./.env so the choice sticks and the env var
+    stays the one canonical switch. Best-effort; never fatal."""
+    try:
+        prefix = "\n" if os.path.exists(".env") and os.path.getsize(".env") > 0 else ""
+        with open(".env", "a", encoding="utf-8") as f:
+            f.write(f"{prefix}AGENTX_CONTRIBUTE={'true' if value else 'false'}\n")
+    except Exception:
+        pass
+
+
+def resolve_contribution_consent(env):
+    """Decide whether to contribute. The explicit AGENTX_CONTRIBUTE (process env or
+    .env) is canonical and ALWAYS wins — set it and we never prompt. Only when it
+    is UNSET *and* we're on an interactive terminal do we surface a one-time,
+    value-framed prompt (and persist the answer to .env) — killing the discovery
+    friction without removing consent. Unset + non-interactive = OFF, so CI and
+    scripts are never blocked or hung."""
+    explicit = _contribution_consent_value(env)
+    if explicit is not None:
+        return explicit
+    if not sys.stdin.isatty():
+        print("\n   🔒 Contribution is OFF (AGENTX_CONTRIBUTE unset). Set it to true to help")
+        print("      grow shared immunity — abstract signals only, never your data.")
+        return False
+    print("\n   🌐 Help grow shared immunity?")
+    print("      We'd share ONLY anonymous, abstract signals (which policy fired, on")
+    print("      what day) — never your queries, reasoning, payloads, or any identifier.")
+    try:
+        answer = input("      Contribute these abstract signals? [y/N]: ").strip().lower()
+    except (EOFError, KeyboardInterrupt):
+        answer = ""
+    choice = answer in ("y", "yes")
+    _persist_contribution_choice(choice)
+    print(f"      {'✅ On' if choice else '🔒 Off'} — saved AGENTX_CONTRIBUTE="
+          f"{'true' if choice else 'false'} to ./.env (change it anytime).")
+    return choice
+
+
+def execute_contribution_push(gateway_url, control_plane_url, api_key, env):
+    """Grow the shared-immunity corpus from this machine — privacy-preserving by
+    construction.
+
+    The gateway projects the local incident store down to ABSTRACT, de-identified
+    signal (`/v1/contribution`), so raw payloads, chain-of-thought, and identifiers
+    never reach this process, let alone the network. We show exactly what would
+    leave, always write it locally for inspection, and POST it to the shared corpus
+    ONLY when the developer has explicitly opted in (AGENTX_CONTRIBUTE). Default is
+    OFF — nothing leaves your box without consent.
+    """
+    headers = {"Authorization": f"Bearer {api_key}"}
+    try:
+        res = requests.get(f"{gateway_url}/v1/contribution", headers=headers, timeout=5.0)
+    except requests.exceptions.ConnectionError:
+        print(f"❌ Unable to reach the AgentX gateway at {gateway_url} (is it up? `docker ps`).")
+        print("=" * 75)
+        return
+    if res.status_code != 200:
+        print(f"❌ Gateway returned status {res.status_code} for the contribution projection. Skipping.")
+        print("=" * 75)
+        return
+
+    body = res.json()
+    contributions = body.get("contributions", [])
+    fields = body.get("fields", [])
+
+    # Always write a local artifact so there is a record and the dev can inspect
+    # exactly what the abstract contribution looks like (the open data path).
+    target_dir = ".agentx"
+    os.makedirs(target_dir, exist_ok=True)
+    artifact = os.path.join(target_dir, "contribution.jsonl")
+    with open(artifact, "w", encoding="utf-8") as f:
+        for c in contributions:
+            f.write(json.dumps(c) + "\n")
+
+    print(f"\n🧬 Abstract contribution ready: {len(contributions)} signal(s).")
+    print(f"   Shared (and ONLY these): {', '.join(fields) or '—'}")
+    print("   Never shared: your queries, chain-of-thought, payloads, or any identifier.")
+    print(f"   💾 Written locally for your inspection: ./{artifact}")
+
+    if not contributions:
+        print("   (Nothing to contribute yet — run some protected agents first.)")
+        print("=" * 75)
+        return
+
+    if not resolve_contribution_consent(env):
+        print("\n   🔒 These signals stayed on your machine.")
+        print("=" * 75)
+        return
+
+    try:
+        post = requests.post(
+            f"{control_plane_url}/api/edge/contribute",
+            json={"contributions": contributions},
+            headers=headers,
+            timeout=10.0,
+        )
+        if post.status_code in (200, 201, 202):
+            print(f"\n   ✅ Contributed {len(contributions)} abstract signal(s) to shared immunity. Thank you.")
+        else:
+            print(f"\n   ⚠️  Shared corpus returned {post.status_code}. Saved locally; will retry next sync.")
+    except requests.exceptions.RequestException as e:
+        print(f"\n   ⚠️  Could not reach the shared corpus ({e}). Saved locally; will retry next sync.")
+    print("=" * 75)
+
+
+def execute_sync(gateway_url, control_plane_url, api_key, env):
+    """`agentx sync` = pull the latest policies, then (opt-in) push the abstract
+    contribution. One habit keeps you in sync with the network both ways."""
+    execute_policy_pull(control_plane_url, api_key)
+    execute_contribution_push(gateway_url, control_plane_url, api_key, env)
+
+
 def main():
     print("=" * 75)
     print("🛡️  AGENTX LOCAL OBSERVABILITY ENGINE")
@@ -248,6 +372,10 @@ def main():
 
     if command == "pull":
         execute_policy_pull(control_plane_url, api_key)
+    elif command == "push":
+        execute_contribution_push(gateway_url, control_plane_url, api_key, env)
+    elif command == "sync":
+        execute_sync(gateway_url, control_plane_url, api_key, env)
     elif command == "compile":
         # ✅ NEW SURGICAL HOOK: Routes the compile action to our new weights matrix builder
         # execute_vector_seed_compilation(gateway_url, api_key)
@@ -256,7 +384,9 @@ def main():
         execute_status_inspection(gateway_url, api_key)
     else:
         print(f"⚠️  Unknown command parameter input flag value string: '{command}'")
-        print("   Available options: agentx status | agentx pull")
+        print("   Available options: agentx status | agentx pull | agentx push | agentx sync")
+        print("   (push = contribute abstract signals to shared immunity, opt-in via AGENTX_CONTRIBUTE;")
+        print("    sync = pull + push)")
         print("=" * 75)
 
 if __name__ == "__main__":

{agentx_security_sdk-0.3.2 → agentx_security_sdk-0.3.4}/agentx_security_sdk.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: agentx-security-sdk
-Version: 0.3.2
+Version: 0.3.4
 Summary: The self-healing exception handler for autonomous AI agents.
 Home-page: https://github.com/vdalal/semantic-gateway
 Author: AgentX Core Team
@@ -118,6 +118,12 @@ cd backend
 uvicorn gateway:app --host "0.0.0.0" --port=8000
 ```
 
+> **Both commands above build the gateway from source** (internal / source-access).
+> The gateway is closed-source, so **design partners run a prebuilt private image
+> instead** — `pip install agentx-security-sdk` does not ship it. Request access at
+> [agentx-core.com](https://agentx-core.com); once granted, the starter kit in
+> [`deploy/partner/`](deploy/partner/) pulls and runs the image (no source needed).
+
 The reasoning engine is now listening on http://localhost:8000. In `local`/`linked` mode it owns the policy lifecycle from a local SQLite store (seeded on first boot, editable via the Policy & Discovery tabs); in `cloud` mode it mirrors policies from your Supabase-backed Control Plane.
 
 ---

{agentx_security_sdk-0.3.2 → agentx_security_sdk-0.3.4}/setup.py

@@ -9,7 +9,7 @@ if os.path.exists("README.md"):
 
 setup(
     name="agentx-security-sdk",
-    version="0.3.2",
+    version="0.3.4",
     author="AgentX Core Team", 
     author_email="founders@agentx-core.com",
     description="The self-healing exception handler for autonomous AI agents.",