asfops 0.1.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- asfops-0.1.0/.github/workflows/ci.yml +60 -0
- asfops-0.1.0/.github/workflows/release.yml +40 -0
- asfops-0.1.0/.gitignore +218 -0
- asfops-0.1.0/.python-version +1 -0
- asfops-0.1.0/CONTRIBUTING.md +56 -0
- asfops-0.1.0/LICENSE +21 -0
- asfops-0.1.0/PKG-INFO +118 -0
- asfops-0.1.0/README.md +91 -0
- asfops-0.1.0/pyproject.toml +91 -0
- asfops-0.1.0/src/asfops/__init__.py +83 -0
- asfops-0.1.0/src/asfops/_version.py +1 -0
- asfops-0.1.0/src/asfops/api.py +128 -0
- asfops-0.1.0/src/asfops/cli/__init__.py +5 -0
- asfops-0.1.0/src/asfops/cli/app.py +282 -0
- asfops-0.1.0/src/asfops/cli/render.py +76 -0
- asfops-0.1.0/src/asfops/config.py +56 -0
- asfops-0.1.0/src/asfops/exceptions.py +33 -0
- asfops-0.1.0/src/asfops/fleet/__init__.py +31 -0
- asfops-0.1.0/src/asfops/fleet/member.py +20 -0
- asfops-0.1.0/src/asfops/fleet/roles.py +57 -0
- asfops-0.1.0/src/asfops/fleet/roster.py +285 -0
- asfops-0.1.0/src/asfops/fleet/schemas.py +90 -0
- asfops-0.1.0/src/asfops/models/__init__.py +18 -0
- asfops-0.1.0/src/asfops/models/bridge.py +136 -0
- asfops-0.1.0/src/asfops/models/client.py +58 -0
- asfops-0.1.0/src/asfops/models/copilot.py +382 -0
- asfops-0.1.0/src/asfops/models/resolve.py +23 -0
- asfops-0.1.0/src/asfops/orchestrator.py +268 -0
- asfops-0.1.0/src/asfops/py.typed +0 -0
- asfops-0.1.0/src/asfops/results.py +330 -0
- asfops-0.1.0/tests/__init__.py +0 -0
- asfops-0.1.0/tests/conftest.py +105 -0
- asfops-0.1.0/tests/fakes/__init__.py +0 -0
- asfops-0.1.0/tests/fakes/copilot_fakes.py +104 -0
- asfops-0.1.0/tests/test_api.py +85 -0
- asfops-0.1.0/tests/test_bridge.py +72 -0
- asfops-0.1.0/tests/test_cli.py +166 -0
- asfops-0.1.0/tests/test_client.py +60 -0
- asfops-0.1.0/tests/test_copilot_model.py +189 -0
- asfops-0.1.0/tests/test_orchestrator.py +145 -0
- asfops-0.1.0/tests/test_render.py +100 -0
- asfops-0.1.0/tests/test_results_usage.py +190 -0
- asfops-0.1.0/tests/test_roster.py +67 -0
- asfops-0.1.0/tests/test_schemas.py +30 -0
- asfops-0.1.0/tests/test_version.py +6 -0
- asfops-0.1.0/uv.lock +2167 -0
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
name: CI
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches: [main]
|
|
6
|
+
pull_request:
|
|
7
|
+
|
|
8
|
+
concurrency:
|
|
9
|
+
group: ${{ github.workflow }}-${{ github.ref }}
|
|
10
|
+
cancel-in-progress: true
|
|
11
|
+
|
|
12
|
+
jobs:
|
|
13
|
+
lint:
|
|
14
|
+
name: Lint & typecheck
|
|
15
|
+
runs-on: ubuntu-latest
|
|
16
|
+
steps:
|
|
17
|
+
- uses: actions/checkout@v4
|
|
18
|
+
- uses: astral-sh/setup-uv@v5
|
|
19
|
+
with:
|
|
20
|
+
python-version: "3.13"
|
|
21
|
+
- name: Install dependencies
|
|
22
|
+
run: uv sync --group dev
|
|
23
|
+
- name: Ruff format
|
|
24
|
+
run: uv run ruff format --check .
|
|
25
|
+
- name: Ruff lint
|
|
26
|
+
run: uv run ruff check .
|
|
27
|
+
- name: Mypy
|
|
28
|
+
run: uv run mypy src tests
|
|
29
|
+
|
|
30
|
+
test:
|
|
31
|
+
name: Test (py${{ matrix.python-version }})
|
|
32
|
+
runs-on: ubuntu-latest
|
|
33
|
+
strategy:
|
|
34
|
+
fail-fast: false
|
|
35
|
+
matrix:
|
|
36
|
+
python-version: ["3.13", "3.14"]
|
|
37
|
+
steps:
|
|
38
|
+
- uses: actions/checkout@v4
|
|
39
|
+
- uses: astral-sh/setup-uv@v5
|
|
40
|
+
with:
|
|
41
|
+
python-version: ${{ matrix.python-version }}
|
|
42
|
+
- name: Install dependencies
|
|
43
|
+
run: uv sync --group dev
|
|
44
|
+
- name: Pytest with coverage
|
|
45
|
+
run: uv run pytest --cov=asfops --cov-report=term --cov-report=xml
|
|
46
|
+
|
|
47
|
+
build:
|
|
48
|
+
name: Build distribution
|
|
49
|
+
runs-on: ubuntu-latest
|
|
50
|
+
steps:
|
|
51
|
+
- uses: actions/checkout@v4
|
|
52
|
+
- uses: astral-sh/setup-uv@v5
|
|
53
|
+
with:
|
|
54
|
+
python-version: "3.13"
|
|
55
|
+
- name: Build sdist and wheel
|
|
56
|
+
run: uv build
|
|
57
|
+
- name: Check metadata
|
|
58
|
+
run: uvx twine check dist/*
|
|
59
|
+
- name: Import smoke test
|
|
60
|
+
run: uv run --isolated --no-project --with dist/*.whl python -c "import asfops; print(asfops.__version__)"
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
name: Release
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
tags: ["v*"]
|
|
6
|
+
|
|
7
|
+
jobs:
|
|
8
|
+
build:
|
|
9
|
+
name: Build distribution
|
|
10
|
+
runs-on: ubuntu-latest
|
|
11
|
+
steps:
|
|
12
|
+
- uses: actions/checkout@v4
|
|
13
|
+
- uses: astral-sh/setup-uv@v5
|
|
14
|
+
with:
|
|
15
|
+
python-version: "3.13"
|
|
16
|
+
- name: Build sdist and wheel
|
|
17
|
+
run: uv build
|
|
18
|
+
- name: Check metadata
|
|
19
|
+
run: uvx twine check dist/*
|
|
20
|
+
- uses: actions/upload-artifact@v4
|
|
21
|
+
with:
|
|
22
|
+
name: dist
|
|
23
|
+
path: dist/
|
|
24
|
+
|
|
25
|
+
publish:
|
|
26
|
+
name: Publish to PyPI
|
|
27
|
+
needs: build
|
|
28
|
+
runs-on: ubuntu-latest
|
|
29
|
+
environment:
|
|
30
|
+
name: pypi
|
|
31
|
+
url: https://pypi.org/p/asfops
|
|
32
|
+
permissions:
|
|
33
|
+
id-token: write
|
|
34
|
+
steps:
|
|
35
|
+
- uses: actions/download-artifact@v4
|
|
36
|
+
with:
|
|
37
|
+
name: dist
|
|
38
|
+
path: dist/
|
|
39
|
+
- name: Publish (trusted publishing)
|
|
40
|
+
uses: pypa/gh-action-pypi-publish@release/v1
|
asfops-0.1.0/.gitignore
ADDED
|
@@ -0,0 +1,218 @@
|
|
|
1
|
+
# Byte-compiled / optimized / DLL files
|
|
2
|
+
__pycache__/
|
|
3
|
+
*.py[codz]
|
|
4
|
+
*$py.class
|
|
5
|
+
|
|
6
|
+
# C extensions
|
|
7
|
+
*.so
|
|
8
|
+
|
|
9
|
+
# Distribution / packaging
|
|
10
|
+
.Python
|
|
11
|
+
build/
|
|
12
|
+
develop-eggs/
|
|
13
|
+
dist/
|
|
14
|
+
downloads/
|
|
15
|
+
eggs/
|
|
16
|
+
.eggs/
|
|
17
|
+
lib/
|
|
18
|
+
lib64/
|
|
19
|
+
parts/
|
|
20
|
+
sdist/
|
|
21
|
+
var/
|
|
22
|
+
wheels/
|
|
23
|
+
share/python-wheels/
|
|
24
|
+
*.egg-info/
|
|
25
|
+
.installed.cfg
|
|
26
|
+
*.egg
|
|
27
|
+
MANIFEST
|
|
28
|
+
|
|
29
|
+
# PyInstaller
|
|
30
|
+
# Usually these files are written by a python script from a template
|
|
31
|
+
# before PyInstaller builds the exe, so as to inject date/other infos into it.
|
|
32
|
+
*.manifest
|
|
33
|
+
*.spec
|
|
34
|
+
|
|
35
|
+
# Installer logs
|
|
36
|
+
pip-log.txt
|
|
37
|
+
pip-delete-this-directory.txt
|
|
38
|
+
|
|
39
|
+
# Unit test / coverage reports
|
|
40
|
+
htmlcov/
|
|
41
|
+
.tox/
|
|
42
|
+
.nox/
|
|
43
|
+
.coverage
|
|
44
|
+
.coverage.*
|
|
45
|
+
.cache
|
|
46
|
+
nosetests.xml
|
|
47
|
+
coverage.xml
|
|
48
|
+
*.cover
|
|
49
|
+
*.py.cover
|
|
50
|
+
.hypothesis/
|
|
51
|
+
.pytest_cache/
|
|
52
|
+
cover/
|
|
53
|
+
|
|
54
|
+
# Translations
|
|
55
|
+
*.mo
|
|
56
|
+
*.pot
|
|
57
|
+
|
|
58
|
+
# Django stuff:
|
|
59
|
+
*.log
|
|
60
|
+
local_settings.py
|
|
61
|
+
db.sqlite3
|
|
62
|
+
db.sqlite3-journal
|
|
63
|
+
|
|
64
|
+
# Flask stuff:
|
|
65
|
+
instance/
|
|
66
|
+
.webassets-cache
|
|
67
|
+
|
|
68
|
+
# Scrapy stuff:
|
|
69
|
+
.scrapy
|
|
70
|
+
|
|
71
|
+
# Sphinx documentation
|
|
72
|
+
docs/_build/
|
|
73
|
+
|
|
74
|
+
# PyBuilder
|
|
75
|
+
.pybuilder/
|
|
76
|
+
target/
|
|
77
|
+
|
|
78
|
+
# Jupyter Notebook
|
|
79
|
+
.ipynb_checkpoints
|
|
80
|
+
|
|
81
|
+
# IPython
|
|
82
|
+
profile_default/
|
|
83
|
+
ipython_config.py
|
|
84
|
+
|
|
85
|
+
# pyenv
|
|
86
|
+
# For a library or package, you might want to ignore these files since the code is
|
|
87
|
+
# intended to run in multiple environments; otherwise, check them in:
|
|
88
|
+
# .python-version
|
|
89
|
+
|
|
90
|
+
# pipenv
|
|
91
|
+
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
|
|
92
|
+
# However, in case of collaboration, if having platform-specific dependencies or dependencies
|
|
93
|
+
# having no cross-platform support, pipenv may install dependencies that don't work, or not
|
|
94
|
+
# install all needed dependencies.
|
|
95
|
+
# Pipfile.lock
|
|
96
|
+
|
|
97
|
+
# UV
|
|
98
|
+
# Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
|
|
99
|
+
# This is especially recommended for binary packages to ensure reproducibility, and is more
|
|
100
|
+
# commonly ignored for libraries.
|
|
101
|
+
# uv.lock
|
|
102
|
+
|
|
103
|
+
# poetry
|
|
104
|
+
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
|
|
105
|
+
# This is especially recommended for binary packages to ensure reproducibility, and is more
|
|
106
|
+
# commonly ignored for libraries.
|
|
107
|
+
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
|
|
108
|
+
# poetry.lock
|
|
109
|
+
# poetry.toml
|
|
110
|
+
|
|
111
|
+
# pdm
|
|
112
|
+
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
|
|
113
|
+
# pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
|
|
114
|
+
# https://pdm-project.org/en/latest/usage/project/#working-with-version-control
|
|
115
|
+
# pdm.lock
|
|
116
|
+
# pdm.toml
|
|
117
|
+
.pdm-python
|
|
118
|
+
.pdm-build/
|
|
119
|
+
|
|
120
|
+
# pixi
|
|
121
|
+
# Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
|
|
122
|
+
# pixi.lock
|
|
123
|
+
# Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
|
|
124
|
+
# in the .venv directory. It is recommended not to include this directory in version control.
|
|
125
|
+
.pixi
|
|
126
|
+
|
|
127
|
+
# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
|
|
128
|
+
__pypackages__/
|
|
129
|
+
|
|
130
|
+
# Celery stuff
|
|
131
|
+
celerybeat-schedule
|
|
132
|
+
celerybeat.pid
|
|
133
|
+
|
|
134
|
+
# Redis
|
|
135
|
+
*.rdb
|
|
136
|
+
*.aof
|
|
137
|
+
*.pid
|
|
138
|
+
|
|
139
|
+
# RabbitMQ
|
|
140
|
+
mnesia/
|
|
141
|
+
rabbitmq/
|
|
142
|
+
rabbitmq-data/
|
|
143
|
+
|
|
144
|
+
# ActiveMQ
|
|
145
|
+
activemq-data/
|
|
146
|
+
|
|
147
|
+
# SageMath parsed files
|
|
148
|
+
*.sage.py
|
|
149
|
+
|
|
150
|
+
# Environments
|
|
151
|
+
.env
|
|
152
|
+
.envrc
|
|
153
|
+
.venv
|
|
154
|
+
env/
|
|
155
|
+
venv/
|
|
156
|
+
ENV/
|
|
157
|
+
env.bak/
|
|
158
|
+
venv.bak/
|
|
159
|
+
|
|
160
|
+
# Spyder project settings
|
|
161
|
+
.spyderproject
|
|
162
|
+
.spyproject
|
|
163
|
+
|
|
164
|
+
# Rope project settings
|
|
165
|
+
.ropeproject
|
|
166
|
+
|
|
167
|
+
# mkdocs documentation
|
|
168
|
+
/site
|
|
169
|
+
|
|
170
|
+
# mypy
|
|
171
|
+
.mypy_cache/
|
|
172
|
+
.dmypy.json
|
|
173
|
+
dmypy.json
|
|
174
|
+
|
|
175
|
+
# Pyre type checker
|
|
176
|
+
.pyre/
|
|
177
|
+
|
|
178
|
+
# pytype static type analyzer
|
|
179
|
+
.pytype/
|
|
180
|
+
|
|
181
|
+
# Cython debug symbols
|
|
182
|
+
cython_debug/
|
|
183
|
+
|
|
184
|
+
# PyCharm
|
|
185
|
+
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
|
|
186
|
+
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
|
|
187
|
+
# and can be added to the global gitignore or merged into this file. For a more nuclear
|
|
188
|
+
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
|
|
189
|
+
# .idea/
|
|
190
|
+
|
|
191
|
+
# Abstra
|
|
192
|
+
# Abstra is an AI-powered process automation framework.
|
|
193
|
+
# Ignore directories containing user credentials, local state, and settings.
|
|
194
|
+
# Learn more at https://abstra.io/docs
|
|
195
|
+
.abstra/
|
|
196
|
+
|
|
197
|
+
# Visual Studio Code
|
|
198
|
+
# Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore
|
|
199
|
+
# that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
|
|
200
|
+
# and can be added to the global gitignore or merged into this file. However, if you prefer,
|
|
201
|
+
# you could uncomment the following to ignore the entire vscode folder
|
|
202
|
+
# .vscode/
|
|
203
|
+
# Temporary file for partial code execution
|
|
204
|
+
tempCodeRunnerFile.py
|
|
205
|
+
|
|
206
|
+
# Ruff stuff:
|
|
207
|
+
.ruff_cache/
|
|
208
|
+
|
|
209
|
+
# PyPI configuration file
|
|
210
|
+
.pypirc
|
|
211
|
+
|
|
212
|
+
# Marimo
|
|
213
|
+
marimo/_static/
|
|
214
|
+
marimo/_lsp/
|
|
215
|
+
__marimo__/
|
|
216
|
+
|
|
217
|
+
# Streamlit
|
|
218
|
+
.streamlit/secrets.toml
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
3.13
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
# Contributing to asfops
|
|
2
|
+
|
|
3
|
+
## Development setup
|
|
4
|
+
|
|
5
|
+
```bash
|
|
6
|
+
uv sync --group dev
|
|
7
|
+
```
|
|
8
|
+
|
|
9
|
+
## Checks (what CI runs)
|
|
10
|
+
|
|
11
|
+
```bash
|
|
12
|
+
uv run ruff format --check .
|
|
13
|
+
uv run ruff check .
|
|
14
|
+
uv run mypy src tests
|
|
15
|
+
uv run pytest --cov=asfops --cov-report=term
|
|
16
|
+
```
|
|
17
|
+
|
|
18
|
+
All of the above must pass. Coverage is gated at 85%. Tests never require a
|
|
19
|
+
GitHub Copilot subscription — the Copilot SDK is faked and pydantic-ai's
|
|
20
|
+
`TestModel`/`FunctionModel` stand in for live models. Live tests are marked
|
|
21
|
+
`@pytest.mark.copilot` and are deselected by default; run them with
|
|
22
|
+
`uv run pytest -m copilot` once you're authenticated.
|
|
23
|
+
|
|
24
|
+
## Architecture
|
|
25
|
+
|
|
26
|
+
- `models/` — the `CopilotModel` pydantic-ai provider (Copilot SDK bridge),
|
|
27
|
+
the shared client lifecycle, the fallback `CopilotBridge`, and model-ref
|
|
28
|
+
resolution. All Copilot-SDK touchpoints live here.
|
|
29
|
+
- `fleet/` — role schemas, the role registry, the 17-role roster, and the
|
|
30
|
+
per-member agent builder.
|
|
31
|
+
- `orchestrator.py` — triage → fan-out → synthesis.
|
|
32
|
+
- `results.py` — result models, usage aggregation, markdown report assembly.
|
|
33
|
+
- `api.py` — the public `Fleet` and module-level helpers.
|
|
34
|
+
- `cli/` — the typer + rich command-line interface.
|
|
35
|
+
|
|
36
|
+
## Releasing to PyPI (trusted publishing)
|
|
37
|
+
|
|
38
|
+
Publishing is automated via GitHub Actions using PyPI
|
|
39
|
+
[trusted publishing](https://docs.pypi.org/trusted-publishers/) (OIDC — no API
|
|
40
|
+
tokens stored).
|
|
41
|
+
|
|
42
|
+
**One-time setup (maintainer):**
|
|
43
|
+
|
|
44
|
+
1. On <https://pypi.org>, add a **pending publisher** for the project `asfops`:
|
|
45
|
+
- Owner: `brettbergin`
|
|
46
|
+
- Repository: `agentic-security-fleet-ops`
|
|
47
|
+
- Workflow: `release.yml`
|
|
48
|
+
- Environment: `pypi`
|
|
49
|
+
2. In the GitHub repo settings, create an **Environment** named `pypi`
|
|
50
|
+
(optionally add required reviewers as a release gate).
|
|
51
|
+
|
|
52
|
+
**Each release:**
|
|
53
|
+
|
|
54
|
+
1. Bump the version in `src/asfops/_version.py`.
|
|
55
|
+
2. Commit, then tag: `git tag vX.Y.Z && git push origin vX.Y.Z`.
|
|
56
|
+
3. The `Release` workflow builds the sdist/wheel and publishes to PyPI.
|
asfops-0.1.0/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 Brett Bergin
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
asfops-0.1.0/PKG-INFO
ADDED
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: asfops
|
|
3
|
+
Version: 0.1.0
|
|
4
|
+
Summary: Agentic Security Fleet Ops — an LLM-agent security department with a Security Orchestrator, built on pydantic-ai with a GitHub Copilot SDK provider.
|
|
5
|
+
Project-URL: Homepage, https://github.com/brettbergin/agentic-security-fleet-ops
|
|
6
|
+
Project-URL: Repository, https://github.com/brettbergin/agentic-security-fleet-ops
|
|
7
|
+
Project-URL: Issues, https://github.com/brettbergin/agentic-security-fleet-ops/issues
|
|
8
|
+
Author-email: Brett Bergin <brettberginbc@yahoo.com>
|
|
9
|
+
License-Expression: MIT
|
|
10
|
+
License-File: LICENSE
|
|
11
|
+
Keywords: agents,copilot,llm,orchestration,pydantic-ai,security
|
|
12
|
+
Classifier: Development Status :: 4 - Beta
|
|
13
|
+
Classifier: Intended Audience :: Developers
|
|
14
|
+
Classifier: Intended Audience :: Information Technology
|
|
15
|
+
Classifier: Operating System :: OS Independent
|
|
16
|
+
Classifier: Programming Language :: Python :: 3.13
|
|
17
|
+
Classifier: Programming Language :: Python :: 3.14
|
|
18
|
+
Classifier: Topic :: Security
|
|
19
|
+
Classifier: Typing :: Typed
|
|
20
|
+
Requires-Python: >=3.13
|
|
21
|
+
Requires-Dist: github-copilot-sdk<2,>=1.0.2
|
|
22
|
+
Requires-Dist: pydantic-ai>=1.0
|
|
23
|
+
Requires-Dist: pydantic>=2.10
|
|
24
|
+
Requires-Dist: rich>=13.9
|
|
25
|
+
Requires-Dist: typer>=0.15
|
|
26
|
+
Description-Content-Type: text/markdown
|
|
27
|
+
|
|
28
|
+
# asfops — Agentic Security Fleet Ops
|
|
29
|
+
|
|
30
|
+
[](https://github.com/brettbergin/agentic-security-fleet-ops/actions/workflows/ci.yml)
|
|
31
|
+
[](https://pypi.org/project/asfops/)
|
|
32
|
+
[](https://pypi.org/project/asfops/)
|
|
33
|
+
[](LICENSE)
|
|
34
|
+
|
|
35
|
+
An entire security department as a fleet of LLM agents. Give `asfops` any security-relevant input — a code change, a design doc, an incident description, a compliance question — and the **Security Orchestrator** decides which security specialists should weigh in, runs them in parallel, and composes their findings into a single comprehensive markdown report.
|
|
36
|
+
|
|
37
|
+
Built on [pydantic-ai](https://ai.pydantic.dev/), with the [GitHub Copilot SDK](https://github.com/github/copilot-sdk) exposed as a first-class pydantic-ai provider (`CopilotModel`) — so the fleet runs on your GitHub Copilot subscription by default, or on any pydantic-ai model (OpenAI, Anthropic, …) you choose.
|
|
38
|
+
|
|
39
|
+
## Install
|
|
40
|
+
|
|
41
|
+
```bash
|
|
42
|
+
pip install asfops
|
|
43
|
+
# or
|
|
44
|
+
uv add asfops
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
## Quickstart
|
|
48
|
+
|
|
49
|
+
```python
|
|
50
|
+
import asfops
|
|
51
|
+
|
|
52
|
+
result = asfops.assess_sync(
|
|
53
|
+
"Review this design: a public REST API that accepts file uploads "
|
|
54
|
+
"to S3 using presigned URLs, authenticated with long-lived API keys."
|
|
55
|
+
)
|
|
56
|
+
|
|
57
|
+
print(result.report_md) # the composed security report
|
|
58
|
+
print(result.triage.selected) # which specialists were engaged, and why
|
|
59
|
+
print(result.metadata) # per-agent model + token usage, per-model totals
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
Async, with configuration:
|
|
63
|
+
|
|
64
|
+
```python
|
|
65
|
+
from asfops import Fleet, FleetConfig
|
|
66
|
+
|
|
67
|
+
fleet = Fleet(FleetConfig(
|
|
68
|
+
default_model="copilot:claude-sonnet-4.5", # any pydantic-ai model ref works too
|
|
69
|
+
model_overrides={"threat-model": "anthropic:claude-sonnet-4-5"},
|
|
70
|
+
force_roles=("grc",),
|
|
71
|
+
max_concurrency=5,
|
|
72
|
+
))
|
|
73
|
+
result = await fleet.assess("...")
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
## CLI
|
|
77
|
+
|
|
78
|
+
```bash
|
|
79
|
+
asfops assess "We're adding a webhook receiver that executes user-supplied templates"
|
|
80
|
+
asfops roster # meet the department
|
|
81
|
+
asfops run threat-model "..." # engage a single specialist
|
|
82
|
+
asfops models # check Copilot availability / list models
|
|
83
|
+
```
|
|
84
|
+
|
|
85
|
+
## The fleet
|
|
86
|
+
|
|
87
|
+
17 specialists covering the modern security department: Product Security, Security Architecture, Threat Modeling, AppSec, Cloud Security, IAM, Pen Testing, Red Team, Bug Bounty, Vulnerability Management, Supply Chain Security, Threat Detection, SOC, Incident Response/DFIR, GRC & Compliance, Privacy, and CISO-level leadership framing. `asfops roster` shows each role's charter.
|
|
88
|
+
|
|
89
|
+
## Authentication
|
|
90
|
+
|
|
91
|
+
By default the fleet runs on the GitHub Copilot runtime (bundled CLI, auto-downloaded). You need a GitHub Copilot subscription and one of:
|
|
92
|
+
|
|
93
|
+
- being logged in via `gh auth login` / Copilot CLI, or
|
|
94
|
+
- `COPILOT_GITHUB_TOKEN` / `GH_TOKEN` / `GITHUB_TOKEN` set.
|
|
95
|
+
|
|
96
|
+
No Copilot? Point the fleet at any pydantic-ai provider: `FleetConfig(default_model="openai:gpt-5.2")` or `anthropic:claude-sonnet-4-5` with the corresponding API key.
|
|
97
|
+
|
|
98
|
+
## Result metadata
|
|
99
|
+
|
|
100
|
+
Every `FleetResult` optionally includes (`include_metadata=True`, default):
|
|
101
|
+
|
|
102
|
+
- per-agent: role, resolved model id, input/output/cache token counts, duration
|
|
103
|
+
- totals per model, plus a grand total across the whole assessment
|
|
104
|
+
|
|
105
|
+
## Development
|
|
106
|
+
|
|
107
|
+
```bash
|
|
108
|
+
uv sync --group dev
|
|
109
|
+
uv run pytest --cov=asfops
|
|
110
|
+
uv run ruff format --check . && uv run ruff check .
|
|
111
|
+
uv run mypy src tests
|
|
112
|
+
```
|
|
113
|
+
|
|
114
|
+
Releases: bump `src/asfops/_version.py`, tag `vX.Y.Z`, push the tag — GitHub Actions publishes to PyPI via [trusted publishing](https://docs.pypi.org/trusted-publishers/).
|
|
115
|
+
|
|
116
|
+
## License
|
|
117
|
+
|
|
118
|
+
MIT
|
asfops-0.1.0/README.md
ADDED
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
# asfops — Agentic Security Fleet Ops
|
|
2
|
+
|
|
3
|
+
[](https://github.com/brettbergin/agentic-security-fleet-ops/actions/workflows/ci.yml)
|
|
4
|
+
[](https://pypi.org/project/asfops/)
|
|
5
|
+
[](https://pypi.org/project/asfops/)
|
|
6
|
+
[](LICENSE)
|
|
7
|
+
|
|
8
|
+
An entire security department as a fleet of LLM agents. Give `asfops` any security-relevant input — a code change, a design doc, an incident description, a compliance question — and the **Security Orchestrator** decides which security specialists should weigh in, runs them in parallel, and composes their findings into a single comprehensive markdown report.
|
|
9
|
+
|
|
10
|
+
Built on [pydantic-ai](https://ai.pydantic.dev/), with the [GitHub Copilot SDK](https://github.com/github/copilot-sdk) exposed as a first-class pydantic-ai provider (`CopilotModel`) — so the fleet runs on your GitHub Copilot subscription by default, or on any pydantic-ai model (OpenAI, Anthropic, …) you choose.
|
|
11
|
+
|
|
12
|
+
## Install
|
|
13
|
+
|
|
14
|
+
```bash
|
|
15
|
+
pip install asfops
|
|
16
|
+
# or
|
|
17
|
+
uv add asfops
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
## Quickstart
|
|
21
|
+
|
|
22
|
+
```python
|
|
23
|
+
import asfops
|
|
24
|
+
|
|
25
|
+
result = asfops.assess_sync(
|
|
26
|
+
"Review this design: a public REST API that accepts file uploads "
|
|
27
|
+
"to S3 using presigned URLs, authenticated with long-lived API keys."
|
|
28
|
+
)
|
|
29
|
+
|
|
30
|
+
print(result.report_md) # the composed security report
|
|
31
|
+
print(result.triage.selected) # which specialists were engaged, and why
|
|
32
|
+
print(result.metadata) # per-agent model + token usage, per-model totals
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
Async, with configuration:
|
|
36
|
+
|
|
37
|
+
```python
|
|
38
|
+
from asfops import Fleet, FleetConfig
|
|
39
|
+
|
|
40
|
+
fleet = Fleet(FleetConfig(
|
|
41
|
+
default_model="copilot:claude-sonnet-4.5", # any pydantic-ai model ref works too
|
|
42
|
+
model_overrides={"threat-model": "anthropic:claude-sonnet-4-5"},
|
|
43
|
+
force_roles=("grc",),
|
|
44
|
+
max_concurrency=5,
|
|
45
|
+
))
|
|
46
|
+
result = await fleet.assess("...")
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
## CLI
|
|
50
|
+
|
|
51
|
+
```bash
|
|
52
|
+
asfops assess "We're adding a webhook receiver that executes user-supplied templates"
|
|
53
|
+
asfops roster # meet the department
|
|
54
|
+
asfops run threat-model "..." # engage a single specialist
|
|
55
|
+
asfops models # check Copilot availability / list models
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
## The fleet
|
|
59
|
+
|
|
60
|
+
17 specialists covering the modern security department: Product Security, Security Architecture, Threat Modeling, AppSec, Cloud Security, IAM, Pen Testing, Red Team, Bug Bounty, Vulnerability Management, Supply Chain Security, Threat Detection, SOC, Incident Response/DFIR, GRC & Compliance, Privacy, and CISO-level leadership framing. `asfops roster` shows each role's charter.
|
|
61
|
+
|
|
62
|
+
## Authentication
|
|
63
|
+
|
|
64
|
+
By default the fleet runs on the GitHub Copilot runtime (bundled CLI, auto-downloaded). You need a GitHub Copilot subscription and one of:
|
|
65
|
+
|
|
66
|
+
- being logged in via `gh auth login` / Copilot CLI, or
|
|
67
|
+
- `COPILOT_GITHUB_TOKEN` / `GH_TOKEN` / `GITHUB_TOKEN` set.
|
|
68
|
+
|
|
69
|
+
No Copilot? Point the fleet at any pydantic-ai provider: `FleetConfig(default_model="openai:gpt-5.2")` or `anthropic:claude-sonnet-4-5` with the corresponding API key.
|
|
70
|
+
|
|
71
|
+
## Result metadata
|
|
72
|
+
|
|
73
|
+
Every `FleetResult` optionally includes (`include_metadata=True`, default):
|
|
74
|
+
|
|
75
|
+
- per-agent: role, resolved model id, input/output/cache token counts, duration
|
|
76
|
+
- totals per model, plus a grand total across the whole assessment
|
|
77
|
+
|
|
78
|
+
## Development
|
|
79
|
+
|
|
80
|
+
```bash
|
|
81
|
+
uv sync --group dev
|
|
82
|
+
uv run pytest --cov=asfops
|
|
83
|
+
uv run ruff format --check . && uv run ruff check .
|
|
84
|
+
uv run mypy src tests
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
Releases: bump `src/asfops/_version.py`, tag `vX.Y.Z`, push the tag — GitHub Actions publishes to PyPI via [trusted publishing](https://docs.pypi.org/trusted-publishers/).
|
|
88
|
+
|
|
89
|
+
## License
|
|
90
|
+
|
|
91
|
+
MIT
|
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
[build-system]
|
|
2
|
+
requires = ["hatchling"]
|
|
3
|
+
build-backend = "hatchling.build"
|
|
4
|
+
|
|
5
|
+
[project]
|
|
6
|
+
name = "asfops"
|
|
7
|
+
description = "Agentic Security Fleet Ops — an LLM-agent security department with a Security Orchestrator, built on pydantic-ai with a GitHub Copilot SDK provider."
|
|
8
|
+
readme = "README.md"
|
|
9
|
+
license = "MIT"
|
|
10
|
+
license-files = ["LICENSE"]
|
|
11
|
+
authors = [{ name = "Brett Bergin", email = "brettberginbc@yahoo.com" }]
|
|
12
|
+
requires-python = ">=3.13"
|
|
13
|
+
dynamic = ["version"]
|
|
14
|
+
keywords = ["security", "agents", "llm", "pydantic-ai", "copilot", "orchestration"]
|
|
15
|
+
classifiers = [
|
|
16
|
+
"Development Status :: 4 - Beta",
|
|
17
|
+
"Intended Audience :: Developers",
|
|
18
|
+
"Intended Audience :: Information Technology",
|
|
19
|
+
"Operating System :: OS Independent",
|
|
20
|
+
"Programming Language :: Python :: 3.13",
|
|
21
|
+
"Programming Language :: Python :: 3.14",
|
|
22
|
+
"Topic :: Security",
|
|
23
|
+
"Typing :: Typed",
|
|
24
|
+
]
|
|
25
|
+
dependencies = [
|
|
26
|
+
"pydantic>=2.10",
|
|
27
|
+
"pydantic-ai>=1.0",
|
|
28
|
+
"github-copilot-sdk>=1.0.2,<2",
|
|
29
|
+
"typer>=0.15",
|
|
30
|
+
"rich>=13.9",
|
|
31
|
+
]
|
|
32
|
+
|
|
33
|
+
[project.urls]
|
|
34
|
+
Homepage = "https://github.com/brettbergin/agentic-security-fleet-ops"
|
|
35
|
+
Repository = "https://github.com/brettbergin/agentic-security-fleet-ops"
|
|
36
|
+
Issues = "https://github.com/brettbergin/agentic-security-fleet-ops/issues"
|
|
37
|
+
|
|
38
|
+
[project.scripts]
|
|
39
|
+
asfops = "asfops.cli.app:main"
|
|
40
|
+
|
|
41
|
+
[dependency-groups]
|
|
42
|
+
dev = [
|
|
43
|
+
"pytest>=8.3",
|
|
44
|
+
"pytest-asyncio>=0.25",
|
|
45
|
+
"pytest-cov>=6.0",
|
|
46
|
+
"mypy>=1.14",
|
|
47
|
+
"ruff>=0.9",
|
|
48
|
+
]
|
|
49
|
+
|
|
50
|
+
[tool.hatch.version]
|
|
51
|
+
path = "src/asfops/_version.py"
|
|
52
|
+
|
|
53
|
+
[tool.hatch.build.targets.wheel]
|
|
54
|
+
packages = ["src/asfops"]
|
|
55
|
+
|
|
56
|
+
[tool.ruff]
|
|
57
|
+
line-length = 100
|
|
58
|
+
target-version = "py313"
|
|
59
|
+
|
|
60
|
+
[tool.ruff.lint]
|
|
61
|
+
select = ["E", "F", "I", "UP", "B", "ASYNC", "RUF"]
|
|
62
|
+
|
|
63
|
+
[tool.mypy]
|
|
64
|
+
python_version = "3.13"
|
|
65
|
+
strict = true
|
|
66
|
+
warn_unreachable = true
|
|
67
|
+
|
|
68
|
+
[[tool.mypy.overrides]]
|
|
69
|
+
module = "copilot.*"
|
|
70
|
+
ignore_missing_imports = true
|
|
71
|
+
follow_untyped_imports = true
|
|
72
|
+
|
|
73
|
+
[tool.pytest.ini_options]
|
|
74
|
+
asyncio_mode = "auto"
|
|
75
|
+
testpaths = ["tests"]
|
|
76
|
+
addopts = "-m 'not copilot'"
|
|
77
|
+
markers = [
|
|
78
|
+
"copilot: live tests requiring GitHub Copilot auth (deselected by default)",
|
|
79
|
+
]
|
|
80
|
+
|
|
81
|
+
[tool.coverage.run]
|
|
82
|
+
source = ["asfops"]
|
|
83
|
+
|
|
84
|
+
[tool.coverage.report]
|
|
85
|
+
fail_under = 85
|
|
86
|
+
show_missing = true
|
|
87
|
+
exclude_also = [
|
|
88
|
+
"if TYPE_CHECKING:",
|
|
89
|
+
"raise NotImplementedError",
|
|
90
|
+
"@overload",
|
|
91
|
+
]
|