bog-agents-daemon 0.7.1__tar.gz

bog_agents_daemon-0.7.1/.gitignore

@@ -0,0 +1,232 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[codz]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py.cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# UV
+#   Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#uv.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+#poetry.toml
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#   pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
+#   https://pdm-project.org/en/latest/usage/project/#working-with-version-control
+#pdm.lock
+#pdm.toml
+.pdm-python
+.pdm-build/
+
+# pixi
+#   Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
+#pixi.lock
+#   Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
+#   in the .venv directory. It is recommended not to include this directory in version control.
+.pixi
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.envrc
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/
+
+# Abstra
+# Abstra is an AI-powered process automation framework.
+# Ignore directories containing user credentials, local state, and settings.
+# Learn more at https://abstra.io/docs
+.abstra/
+
+# Visual Studio Code
+#  Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore
+#  that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
+#  and can be added to the global gitignore or merged into this file. However, if you prefer,
+#  you could uncomment the following to ignore the entire vscode folder
+# .vscode/
+
+# Node.js
+node_modules/
+
+# Ruff stuff:
+.ruff_cache/
+
+# Pytest temporary runtime directories (created by conftest.py test isolation)
+.pytest-tmp-runtime/
+
+# PyPI configuration file
+.pypirc
+
+# Cursor
+#  Cursor is an AI-powered code editor. `.cursorignore` specifies files/directories to
+#  exclude from AI features like autocomplete and code analysis. Recommended for sensitive data
+#  refer to https://docs.cursor.com/context/ignore-files
+.cursorignore
+.cursorindexingignore
+
+# Marimo
+marimo/_static/
+marimo/_lsp/
+__marimo__/
+
+# LangGraph
+.langgraph_api
+
+#claude
+.claude
+
+.idea
+TEXTUAL_REFACTOR_PLAN.md
+libs/cli/TEXTUAL_PROGRESS.md
+
+/tmp/
+.tmp*/
+
+# macOS
+.DS_Store
+*/tmp/.DS_Store
+
+CLAUDE.md

bog_agents_daemon-0.7.1/CHANGELOG.md

@@ -0,0 +1,32 @@
+# Changelog
+
+## [0.7.1](https://github.com/bogware/bog-agents/compare/bog-agents-daemon==0.7.0...bog-agents-daemon==0.7.1) (2026-04-20)
+
+
+### Features
+
+* 0.7.0 - daemon/mcp/plugins/hardening ([#40](https://github.com/bogware/bog-agents/issues/40)) ([2427dfb](https://github.com/bogware/bog-agents/commit/2427dfbda3bffc17ea34f6e38de8d2634a57f86f))
+
+## [0.7.0] - 2026-04-18
+
+### Features
+
+- Initial production release of the ambient agent daemon
+- REST API (FastAPI) on `localhost:7391` with token-based auth
+- Job store: persistent JSON storage with atomic writes and thread-safe locking
+- Trigger types: cron, interval, file-change (with debounce), webhook (HMAC-SHA256 verified), git-push, manual
+- Output targets: log, file, email (SMTP), Slack, GitHub comments, webhook, stdout
+- Scheduler: asyncio-based with configurable concurrency semaphore (default 5 concurrent jobs)
+- Service installer: systemd unit generator (`install_systemd`) and macOS launchd plist generator (`install_launchd`)
+- Git hook installer: `install_git_hook` writes a post-receive hook to any repo
+- Graceful shutdown: drains in-flight jobs (30 s timeout) on SIGTERM/SIGINT
+- Agent timeout: configurable via `BOG_DAEMON_AGENT_TIMEOUT` env var (default 30 min)
+- Run file pruning: keeps last N run files per job (`BOG_DAEMON_MAX_RUNS_PER_JOB`, default 100)
+- `/ready` readiness probe endpoint (no auth — Kubernetes-compatible)
+
+### Security
+
+- Timing-safe auth token comparison via `hmac.compare_digest`
+- Path traversal guard on file output targets
+- Shell injection prevention via `shlex.quote()` in git hook generation
+- HMAC-SHA256 webhook secret validation

bog_agents_daemon-0.7.1/Makefile

@@ -0,0 +1,20 @@
+.PHONY: install test lint format help
+
+install:
+	uv sync --group test
+
+test:
+	uv run --group test pytest tests/ -q --timeout=30
+
+lint:
+	uv run ruff check bog_agents_daemon/
+	uv run ruff check tests/ --ignore=ANN,S,ARG || true
+
+format:
+	uv run ruff format bog_agents_daemon/ tests/
+
+help:
+	@echo "install  - install dependencies"
+	@echo "test     - run unit tests"
+	@echo "lint     - run ruff linter"
+	@echo "format   - run ruff formatter"

bog_agents_daemon-0.7.1/PKG-INFO

@@ -0,0 +1,201 @@
+Metadata-Version: 2.4
+Name: bog-agents-daemon
+Version: 0.7.1
+Summary: Ambient agent daemon for bog-agents — run agents on schedules, file-change triggers, webhooks, and git pushes
+Project-URL: Homepage, https://github.com/bogware/bog-agents
+Project-URL: Repository, https://github.com/bogware/bog-agents
+Project-URL: Issues, https://github.com/bogware/bog-agents/issues
+Project-URL: Changelog, https://github.com/bogware/bog-agents/blob/main/libs/daemon/CHANGELOG.md
+Author-email: bogware <support@bogware.com>
+Maintainer-email: bogware <support@bogware.com>
+License: MIT
+Keywords: agents,ai,bog-agents,cron,daemon,langchain,langgraph,llm,scheduler
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: No Input/Output (Daemon)
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: System :: Distributed Computing
+Requires-Python: <4.0,>=3.11
+Requires-Dist: aiofiles<25.0.0,>=23.0.0
+Requires-Dist: bog-agents<1.0.0,>=0.7.0
+Requires-Dist: fastapi<1.0.0,>=0.115.0
+Requires-Dist: uvicorn<1.0.0,>=0.30.0
+Description-Content-Type: text/markdown
+
+# bog-agents-daemon
+
+**v0.7.0** — Ambient agent daemon for [Bog Agents](https://github.com/bogware/bog-agents). Run AI agents on schedules, file-change triggers, webhooks, and git pushes without keeping a terminal open.
+
+[![PyPI](https://img.shields.io/pypi/v/bog-agents-daemon)](https://pypi.org/project/bog-agents-daemon/)
+[![License](https://img.shields.io/pypi/l/bog-agents-daemon)](https://opensource.org/licenses/MIT)
+
+---
+
+## Install
+
+```bash
+pip install bog-agents-daemon
+
+# Or with uv
+uv tool install bog-agents-daemon
+```
+
+Requires **Python 3.11+** and a running Bog Agents installation (`bog-agents>=0.7.0`).
+
+---
+
+## Quick Start
+
+```bash
+# 1. Start the daemon (runs on localhost:7391 by default)
+bog-agents-daemon
+
+# 2. Or manage it via the bog-agents CLI
+bog-agents daemon start
+bog-agents daemon status
+
+# 3. Create a job (cron trigger, every day at 9 AM)
+curl -s -X POST http://localhost:7391/jobs \
+  -H "X-Daemon-Token: $(cat ~/.bog-agents/daemon/token)" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "name": "daily-standup",
+    "prompt": "Summarize recent git commits and open PRs",
+    "triggers": [{"type": "cron", "cron": "0 9 * * 1-5"}],
+    "outputs": [{"target": "log"}]
+  }'
+```
+
+---
+
+## Install as a System Service
+
+The daemon can auto-register itself as a background service that starts on login:
+
+```bash
+# Linux (systemd)
+bog-agents daemon install
+systemctl --user enable --now bog-agents-daemon
+
+# macOS (launchd)
+bog-agents daemon install
+# daemon starts automatically at login
+```
+
+---
+
+## Trigger Types
+
+| Trigger | Config key | Description |
+|---------|-----------|-------------|
+| **cron** | `cron: "0 9 * * 1-5"` | Standard 5-field cron expression |
+| **interval** | `interval_seconds: 3600` | Every N seconds |
+| **file_change** | `watch_dir`, `watch_patterns` | Any matched file modified |
+| **webhook** | `webhook_path: "/hooks/deploy"` | POST to `/webhooks/<path>` |
+| **git_push** | `git_branch_pattern: "main"` | Git post-receive hook fires |
+| **manual** | — | `POST /jobs/{id}/run` |
+
+---
+
+## Output Targets
+
+| Target | Description |
+|--------|-------------|
+| `log` | Daemon log (default) |
+| `file` | Append/overwrite a local file |
+| `email` | Send via SMTP |
+| `slack` | Post to a Slack incoming webhook |
+| `github_comment` | Comment on a GitHub issue or PR |
+| `webhook` | POST JSON to any URL |
+| `stdout` | Print to daemon stdout |
+
+---
+
+## REST API
+
+The daemon exposes a REST API on `http://127.0.0.1:7391` (localhost only). All endpoints except `/ready` require the `X-Daemon-Token` header.
+
+```bash
+TOKEN=$(cat ~/.bog-agents/daemon/token)
+
+# Health
+curl -H "X-Daemon-Token: $TOKEN" http://localhost:7391/health
+
+# Readiness probe (no auth)
+curl http://localhost:7391/ready
+
+# List jobs
+curl -H "X-Daemon-Token: $TOKEN" http://localhost:7391/jobs
+
+# Create job
+curl -X POST -H "X-Daemon-Token: $TOKEN" -H "Content-Type: application/json" \
+  -d '{"name":"my-job","prompt":"...","triggers":[...],"outputs":[...]}' \
+  http://localhost:7391/jobs
+
+# Trigger manually
+curl -X POST -H "X-Daemon-Token: $TOKEN" http://localhost:7391/jobs/{id}/run
+
+# View run history
+curl -H "X-Daemon-Token: $TOKEN" http://localhost:7391/jobs/{id}/runs
+
+# Enable/disable
+curl -X POST -H "X-Daemon-Token: $TOKEN" http://localhost:7391/jobs/{id}/enable
+curl -X POST -H "X-Daemon-Token: $TOKEN" http://localhost:7391/jobs/{id}/disable
+
+# Delete
+curl -X DELETE -H "X-Daemon-Token: $TOKEN" http://localhost:7391/jobs/{id}
+```
+
+---
+
+## Git Push Triggers
+
+Install a git post-receive hook to fire jobs on push:
+
+```bash
+# Via bog-agents CLI (recommended)
+bog-agents daemon install-git-hook --repo /path/to/repo
+
+# Or via daemon CLI
+bog-agents-daemon install-git-hook --repo /path/to/repo
+```
+
+The hook POSTs `{"ref": "refs/heads/main", "new_sha": "...", "old_sha": "..."}` to `/webhooks/git-push`. Jobs with `type: git_push` and a matching `git_branch_pattern` will fire.
+
+---
+
+## Environment Variables
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `BOG_DAEMON_AGENT_TIMEOUT` | `1800` | Max seconds per agent run |
+| `BOG_DAEMON_MAX_CONCURRENT_JOBS` | `5` | Max parallel agent executions |
+| `BOG_DAEMON_MAX_RUNS_PER_JOB` | `100` | Run files kept per job (older pruned) |
+
+---
+
+## Security
+
+- API binds to `127.0.0.1` (localhost only) — not reachable from the network.
+- Auth token stored at `~/.bog-agents/daemon/token` (mode `0600`).
+- Webhook secrets validated with HMAC-SHA256 (`hmac.compare_digest` — timing-safe).
+- Token comparison uses `hmac.compare_digest` to prevent timing attacks.
+- File output restricted to `$HOME` and `/tmp` (path traversal guard).
+- Git hook scripts use `shlex.quote()` to prevent shell injection.
+
+---
+
+## Development
+
+```bash
+cd libs/daemon
+uv sync --group test
+uv run pytest tests/ -q
+uv run ruff check bog_agents_daemon/
+```

bog_agents_daemon-0.7.1/README.md

@@ -0,0 +1,171 @@
+# bog-agents-daemon
+
+**v0.7.0** — Ambient agent daemon for [Bog Agents](https://github.com/bogware/bog-agents). Run AI agents on schedules, file-change triggers, webhooks, and git pushes without keeping a terminal open.
+
+[![PyPI](https://img.shields.io/pypi/v/bog-agents-daemon)](https://pypi.org/project/bog-agents-daemon/)
+[![License](https://img.shields.io/pypi/l/bog-agents-daemon)](https://opensource.org/licenses/MIT)
+
+---
+
+## Install
+
+```bash
+pip install bog-agents-daemon
+
+# Or with uv
+uv tool install bog-agents-daemon
+```
+
+Requires **Python 3.11+** and a running Bog Agents installation (`bog-agents>=0.7.0`).
+
+---
+
+## Quick Start
+
+```bash
+# 1. Start the daemon (runs on localhost:7391 by default)
+bog-agents-daemon
+
+# 2. Or manage it via the bog-agents CLI
+bog-agents daemon start
+bog-agents daemon status
+
+# 3. Create a job (cron trigger, every day at 9 AM)
+curl -s -X POST http://localhost:7391/jobs \
+  -H "X-Daemon-Token: $(cat ~/.bog-agents/daemon/token)" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "name": "daily-standup",
+    "prompt": "Summarize recent git commits and open PRs",
+    "triggers": [{"type": "cron", "cron": "0 9 * * 1-5"}],
+    "outputs": [{"target": "log"}]
+  }'
+```
+
+---
+
+## Install as a System Service
+
+The daemon can auto-register itself as a background service that starts on login:
+
+```bash
+# Linux (systemd)
+bog-agents daemon install
+systemctl --user enable --now bog-agents-daemon
+
+# macOS (launchd)
+bog-agents daemon install
+# daemon starts automatically at login
+```
+
+---
+
+## Trigger Types
+
+| Trigger | Config key | Description |
+|---------|-----------|-------------|
+| **cron** | `cron: "0 9 * * 1-5"` | Standard 5-field cron expression |
+| **interval** | `interval_seconds: 3600` | Every N seconds |
+| **file_change** | `watch_dir`, `watch_patterns` | Any matched file modified |
+| **webhook** | `webhook_path: "/hooks/deploy"` | POST to `/webhooks/<path>` |
+| **git_push** | `git_branch_pattern: "main"` | Git post-receive hook fires |
+| **manual** | — | `POST /jobs/{id}/run` |
+
+---
+
+## Output Targets
+
+| Target | Description |
+|--------|-------------|
+| `log` | Daemon log (default) |
+| `file` | Append/overwrite a local file |
+| `email` | Send via SMTP |
+| `slack` | Post to a Slack incoming webhook |
+| `github_comment` | Comment on a GitHub issue or PR |
+| `webhook` | POST JSON to any URL |
+| `stdout` | Print to daemon stdout |
+
+---
+
+## REST API
+
+The daemon exposes a REST API on `http://127.0.0.1:7391` (localhost only). All endpoints except `/ready` require the `X-Daemon-Token` header.
+
+```bash
+TOKEN=$(cat ~/.bog-agents/daemon/token)
+
+# Health
+curl -H "X-Daemon-Token: $TOKEN" http://localhost:7391/health
+
+# Readiness probe (no auth)
+curl http://localhost:7391/ready
+
+# List jobs
+curl -H "X-Daemon-Token: $TOKEN" http://localhost:7391/jobs
+
+# Create job
+curl -X POST -H "X-Daemon-Token: $TOKEN" -H "Content-Type: application/json" \
+  -d '{"name":"my-job","prompt":"...","triggers":[...],"outputs":[...]}' \
+  http://localhost:7391/jobs
+
+# Trigger manually
+curl -X POST -H "X-Daemon-Token: $TOKEN" http://localhost:7391/jobs/{id}/run
+
+# View run history
+curl -H "X-Daemon-Token: $TOKEN" http://localhost:7391/jobs/{id}/runs
+
+# Enable/disable
+curl -X POST -H "X-Daemon-Token: $TOKEN" http://localhost:7391/jobs/{id}/enable
+curl -X POST -H "X-Daemon-Token: $TOKEN" http://localhost:7391/jobs/{id}/disable
+
+# Delete
+curl -X DELETE -H "X-Daemon-Token: $TOKEN" http://localhost:7391/jobs/{id}
+```
+
+---
+
+## Git Push Triggers
+
+Install a git post-receive hook to fire jobs on push:
+
+```bash
+# Via bog-agents CLI (recommended)
+bog-agents daemon install-git-hook --repo /path/to/repo
+
+# Or via daemon CLI
+bog-agents-daemon install-git-hook --repo /path/to/repo
+```
+
+The hook POSTs `{"ref": "refs/heads/main", "new_sha": "...", "old_sha": "..."}` to `/webhooks/git-push`. Jobs with `type: git_push` and a matching `git_branch_pattern` will fire.
+
+---
+
+## Environment Variables
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `BOG_DAEMON_AGENT_TIMEOUT` | `1800` | Max seconds per agent run |
+| `BOG_DAEMON_MAX_CONCURRENT_JOBS` | `5` | Max parallel agent executions |
+| `BOG_DAEMON_MAX_RUNS_PER_JOB` | `100` | Run files kept per job (older pruned) |
+
+---
+
+## Security
+
+- API binds to `127.0.0.1` (localhost only) — not reachable from the network.
+- Auth token stored at `~/.bog-agents/daemon/token` (mode `0600`).
+- Webhook secrets validated with HMAC-SHA256 (`hmac.compare_digest` — timing-safe).
+- Token comparison uses `hmac.compare_digest` to prevent timing attacks.
+- File output restricted to `$HOME` and `/tmp` (path traversal guard).
+- Git hook scripts use `shlex.quote()` to prevent shell injection.
+
+---
+
+## Development
+
+```bash
+cd libs/daemon
+uv sync --group test
+uv run pytest tests/ -q
+uv run ruff check bog_agents_daemon/
+```

bog_agents_daemon-0.7.1/bog_agents_daemon/__init__.py

@@ -0,0 +1,3 @@
+"""Bog Agents Daemon — ambient agent service."""
+
+__version__ = "0.7.1"