chyrd 0.4.0__py3-none-any.whl

chyrd/__init__.py

@@ -0,0 +1,6 @@
+"""CHYRD - the bird-fast AI coding agent that lives in your terminal."""
+
+__version__ = "0.4.0"
+
+APP_NAME = "CHYRD"
+TAGLINE = "fly through code."

chyrd/__main__.py

@@ -0,0 +1,7 @@
+"""Enable `python -m chyrd` to run the CLI."""
+from __future__ import annotations
+
+from chyrd.cli import main
+
+if __name__ == "__main__":
+    raise SystemExit(main())

chyrd/_buildflag.py

@@ -0,0 +1,2 @@
+"""Generated at build time by build_hardened.py - do not commit."""
+HARDENED = True

chyrd/_hardening.py

@@ -0,0 +1,111 @@
+"""Runtime self-protection for hardened CHYRD release builds.
+
+This module is INERT by default. It only does anything when the binary was
+produced by the hardened build pipeline, which bakes in CHYRD_HARDENED=1 (and
+optionally a signed license). That keeps development, tests, and source runs
+completely unaffected - none of the anti-tamper logic fires from `python -m`.
+
+The protections here raise the cost of reverse engineering and tampering; they
+do NOT make it impossible (nothing local can - see build/HARDENING.md). The
+genuinely un-bypassable controls are server-side (license activation, gated
+features), which `license.py` handles.
+"""
+from __future__ import annotations
+
+import os
+import sys
+import time
+
+def _baked_flag() -> bool:
+    """True if the hardened build wrote chyrd/_buildflag.py with HARDENED=True.
+
+    The build pipeline generates that module just before compiling and removes
+    it after, so it never exists in the source tree or normal installs.
+    """
+    try:
+        from chyrd import _buildflag  # type: ignore
+        return bool(getattr(_buildflag, "HARDENED", False))
+    except Exception:  # noqa: BLE001 - absent in source/dev/test
+        return False
+
+
+# Active only in a hardened release build (baked flag) or when explicitly asked
+# via env. Source, dev, and test runs leave this False so nothing below fires.
+HARDENED = _baked_flag() or os.environ.get("CHYRD_HARDENED", "") == "1"
+
+
+def _is_debugger_present() -> bool:
+    """Best-effort debugger detection across platforms. Never raises."""
+    # A Python-level tracer (pdb, profilers, some debuggers) is the cheapest tell.
+    try:
+        if sys.gettrace() is not None:
+            return True
+    except Exception:  # noqa: BLE001
+        pass
+
+    if sys.platform == "win32":
+        try:
+            import ctypes
+
+            kernel32 = ctypes.windll.kernel32
+            if kernel32.IsDebuggerPresent():
+                return True
+            # CheckRemoteDebuggerPresent catches debuggers attached out-of-proc.
+            present = ctypes.c_int(0)
+            kernel32.CheckRemoteDebuggerPresent(
+                kernel32.GetCurrentProcess(), ctypes.byref(present)
+            )
+            if present.value:
+                return True
+        except Exception:  # noqa: BLE001
+            pass
+    else:
+        # On Linux, a tracer shows up as a non-zero TracerPid in /proc/self/status.
+        try:
+            with open("/proc/self/status", "r", encoding="ascii", errors="ignore") as fh:
+                for line in fh:
+                    if line.startswith("TracerPid:"):
+                        if int(line.split(":", 1)[1].strip() or "0") != 0:
+                            return True
+                        break
+        except Exception:  # noqa: BLE001
+            pass
+    return False
+
+
+def _timing_anomaly() -> bool:
+    """A single-stepping debugger inflates the time for a trivial loop."""
+    try:
+        start = time.perf_counter()
+        acc = 0
+        for i in range(100_000):
+            acc += i
+        elapsed = time.perf_counter() - start
+        # A no-op 100k loop is sub-millisecond natively; >250ms means something
+        # (a step debugger or instrumentation) is watching every instruction.
+        return elapsed > 0.25
+    except Exception:  # noqa: BLE001
+        return False
+
+
+def guard(*, strict: bool = False) -> None:
+    """Run protections if this is a hardened build. No-op otherwise.
+
+    strict=True exits the process on detection (used at the binary's entry
+    point). strict=False (the default) only sets a flag other code can read,
+    so a partial detection never hard-crashes a legitimate user.
+    """
+    if not HARDENED:
+        return
+    detected = False
+    try:
+        detected = _is_debugger_present() or _timing_anomaly()
+    except Exception:  # noqa: BLE001 - protection must never crash normal use
+        detected = False
+    if detected and strict:
+        # Exit quietly; do not reveal why (less signal for an attacker).
+        os._exit(1)
+
+
+def is_hardened() -> bool:
+    return HARDENED

chyrd/agent/__init__.py

@@ -0,0 +1,6 @@
+"""Agent engine package: the loop, prompts, subagents, and compaction."""
+from __future__ import annotations
+
+from chyrd.agent.engine import AgentEngine
+
+__all__ = ["AgentEngine"]

chyrd/agent/compact.py

@@ -0,0 +1,184 @@
+"""Context compaction: fold an over-long conversation into a summary.
+
+When the running conversation approaches the model's context window, the engine
+calls :func:`compact` to replace the older messages with a single summary
+``user`` Message produced by one provider call, keeping the most recent turns
+verbatim. If summarisation fails for any reason we fall back to a plain
+truncation so the loop can always continue.
+
+``estimate_tokens`` is the chars / 4 heuristic the blueprint specifies; it
+counts every textual part (including tool results) so the estimate tracks the
+real prompt size, not just assistant text.
+"""
+from __future__ import annotations
+
+from chyrd.providers.base import (
+    Message,
+    StreamError,
+    TextDelta,
+    TextPart,
+    ThinkingPart,
+    ToolCallPart,
+    ToolResultPart,
+)
+
+# How many of the most recent messages are always kept verbatim.
+DEFAULT_KEEP_LAST = 6
+
+_SUMMARY_PROMPT = (
+    "Summarize this conversation so work can continue seamlessly. Capture: the "
+    "user's goal and any explicit requirements or constraints; key decisions and "
+    "their rationale; files and symbols that were read, written, or edited (with "
+    "paths); commands that were run and their outcomes; what is still in progress "
+    "and the immediate next step. Be specific and dense - this summary REPLACES "
+    "the earlier transcript, so omit nothing load-bearing. Do not add commentary, "
+    "apologies, or a preamble; output only the summary."
+)
+
+
+def _part_text(part: object) -> str:
+    """Best-effort textual length contribution of a single Part."""
+    if isinstance(part, (TextPart, ThinkingPart)):
+        return part.text or ""
+    if isinstance(part, ToolResultPart):
+        return part.content or ""
+    if isinstance(part, ToolCallPart):
+        # name + a rough rendering of the arguments
+        try:
+            return part.name + " " + repr(part.arguments)
+        except Exception:  # noqa: BLE001 - never let estimation raise
+            return part.name
+    return ""
+
+
+def estimate_tokens(messages: list[Message]) -> int:
+    """Estimate prompt tokens via the chars // 4 heuristic.
+
+    Counts all textual content across every part - text, thinking, tool call
+    arguments, and tool results - so the estimate reflects the full serialized
+    prompt rather than just assistant output.
+    """
+    chars = 0
+    for msg in messages:
+        for part in msg.parts:
+            chars += len(_part_text(part))
+    return chars // 4
+
+
+def _render_for_summary(messages: list[Message]) -> str:
+    """Flatten messages into a plain transcript for the summariser."""
+    lines: list[str] = []
+    for msg in messages:
+        role = msg.role
+        for part in msg.parts:
+            if isinstance(part, TextPart):
+                if part.text.strip():
+                    lines.append(f"[{role}] {part.text}")
+            elif isinstance(part, ThinkingPart):
+                if part.text.strip():
+                    lines.append(f"[{role}:thinking] {part.text}")
+            elif isinstance(part, ToolCallPart):
+                lines.append(f"[{role}] call {part.name}({part.arguments})")
+            elif isinstance(part, ToolResultPart):
+                marker = "error" if part.is_error else "result"
+                lines.append(f"[tool:{part.tool_name}:{marker}] {part.content}")
+    return "\n".join(lines)
+
+
+def _truncate(messages: list[Message], keep_last: int) -> list[Message]:
+    """Plain fallback: drop the oldest messages, keep the tail.
+
+    The cut snaps FORWARD to the next user message so the kept tail never
+    starts mid tool-exchange (dangling tool results 400 strict providers);
+    snapping forward guarantees the list still shrinks.
+    """
+    if keep_last <= 0:
+        return list(messages[-1:]) if messages else []
+    if len(messages) <= keep_last:
+        return list(messages)
+    start = len(messages) - keep_last
+    while start < len(messages) and messages[start].role != "user":
+        start += 1
+    if start >= len(messages):
+        start = len(messages) - 1   # no user message in the tail: keep the last
+    return list(messages[start:])
+
+
+async def compact(
+    provider,
+    model: str,
+    messages: list[Message],
+    keep_last: int = DEFAULT_KEEP_LAST,
+    *,
+    max_tokens: int = 2048,
+) -> list[Message]:
+    """Return a compacted message list.
+
+    The most recent ``keep_last`` messages are preserved verbatim; everything
+    before them is summarised into one ``user`` Message via a single provider
+    call. On any failure (stream error, exception, empty summary) we fall back
+    to a plain truncation so the agent loop never stalls on compaction.
+    """
+    if len(messages) <= keep_last:
+        return list(messages)
+
+    # Snap the keep boundary BACK to a user message: a tail that starts
+    # mid tool-exchange leaves dangling tool_use/tool_result pairs, and a
+    # summary user-message followed by another user message breaks strict
+    # role alternation - both are 400s on Anthropic.
+    start = len(messages) - keep_last if keep_last > 0 else len(messages)
+    while start > 0 and messages[start].role != "user":
+        start -= 1
+    if start <= 0:
+        return list(messages)   # no clean boundary - skip compaction
+    older = messages[:start]
+    recent = messages[start:]
+    if not older:
+        return list(messages)
+
+    transcript = _render_for_summary(older)
+    summary_request = [
+        Message(
+            role="user",
+            parts=[TextPart(_SUMMARY_PROMPT + "\n\nConversation to summarize:\n\n" + transcript)],
+        )
+    ]
+
+    summary_text = ""
+    try:
+        async for event in provider.stream(
+            model=model,
+            messages=summary_request,
+            tools=[],
+            system="You are a precise summarizer of engineering conversations.",
+            max_tokens=max_tokens,
+        ):
+            if isinstance(event, TextDelta):
+                summary_text += event.text
+            elif isinstance(event, StreamError):
+                summary_text = ""
+                break
+    except Exception:  # noqa: BLE001 - summarisation must never crash the engine
+        summary_text = ""
+
+    if not summary_text.strip():
+        # Could not summarise - shrink by truncation instead.
+        return _truncate(messages, keep_last)
+
+    header = (
+        "[Earlier conversation summarized to save context]\n\n"
+        + summary_text.strip()
+    )
+    # recent[0] is a user message (boundary snapped above): MERGE the summary
+    # into it instead of prepending a second user message, so user/assistant
+    # alternation stays intact for strict providers.
+    first = recent[0]
+    merged = Message(
+        role="user",
+        parts=[TextPart(header + "\n\n---\n\n" + first.text())]
+        + [p for p in first.parts if not isinstance(p, TextPart)],
+    )
+    return [merged, *recent[1:]]
+
+
+__all__ = ["estimate_tokens", "compact", "DEFAULT_KEEP_LAST"]