codeframe-ai 0.9.0__py3-none-any.whl

codeframe/__init__.py

@@ -0,0 +1,11 @@
+"""
+CodeFRAME: Fully Remote Autonomous Multiagent Environment for Coding
+
+An autonomous AI development system where multiple specialized agents
+collaborate to build software projects from requirements to deployment.
+"""
+
+__version__ = "0.1.0"
+__author__ = "Frank Bria"
+
+__all__ = ["__version__", "__author__"]

codeframe/__main__.py

@@ -0,0 +1,20 @@
+"""Entry point for `python -m codeframe` invocation.
+
+This module enables running the CLI via:
+    python -m codeframe [command] [options]
+
+The help text will correctly show 'codeframe' as the command name.
+"""
+
+
+def main():
+    """Run the CLI with proper program name."""
+    from codeframe.cli.app import main as app_main
+
+    # The telemetry-aware wrapper invokes the app with prog_name="codeframe",
+    # so the usage line shows the right command name here too.
+    app_main()
+
+
+if __name__ == "__main__":
+    main()

codeframe/adapters/__init__.py

@@ -0,0 +1,5 @@
+"""CodeFRAME adapters package.
+
+Adapters provide implementations for external services (LLM providers, etc.)
+that can be swapped without changing core logic.
+"""

codeframe/adapters/e2b/__init__.py

@@ -0,0 +1,13 @@
+"""E2B cloud execution adapter package."""
+
+from __future__ import annotations
+
+
+def __getattr__(name: str):
+    if name == "E2BAgentAdapter":
+        from codeframe.adapters.e2b.adapter import E2BAgentAdapter
+        return E2BAgentAdapter
+    raise AttributeError(f"module {__name__!r} has no attribute {name!r}")
+
+
+__all__ = ["E2BAgentAdapter"]

codeframe/adapters/e2b/adapter.py

@@ -0,0 +1,342 @@
+"""E2B cloud execution adapter.
+
+Runs CodeFrame's ReAct agent loop inside an E2B Linux sandbox, providing
+fully isolated execution without touching the local filesystem.
+"""
+
+from __future__ import annotations
+
+import logging
+import os
+import time
+from pathlib import Path
+from typing import Callable
+
+from codeframe.adapters.e2b.credential_scanner import scan_path
+from codeframe.core.adapters.agent_adapter import (
+    AgentEvent,
+    AgentResult,
+)
+
+logger = logging.getLogger(__name__)
+
+# E2B pricing: ~$0.002 per sandbox-minute (estimate, adjust as needed)
+_COST_PER_MINUTE = 0.002
+
+# Hard cap on sandbox lifetime
+_MAX_TIMEOUT_MINUTES = 60
+_MIN_TIMEOUT_MINUTES = 1
+
+# Remote workspace path inside the sandbox
+_SANDBOX_WORKSPACE = "/workspace"
+
+# Codeframe install command (uses the published package)
+_INSTALL_CMD = "pip install codeframe --quiet"
+
+
+class E2BAgentAdapter:
+    """Runs a CodeFrame task inside an E2B Linux sandbox.
+
+    Lifecycle:
+    1. Credential-scan the local workspace — abort if secrets detected.
+    2. Create E2B sandbox with configured timeout.
+    3. Upload clean workspace files.
+    4. Initialize git inside sandbox (needed for diff-based change detection).
+    5. Install codeframe inside sandbox.
+    6. Run the agent via ``cf work start`` CLI.
+    7. Download changed files (via ``git diff``) to local workspace.
+    8. Return AgentResult with cloud metadata.
+    """
+
+    name = "cloud"
+
+    def __init__(self, timeout_minutes: int = 30) -> None:
+        self._timeout_minutes = max(
+            _MIN_TIMEOUT_MINUTES,
+            min(timeout_minutes, _MAX_TIMEOUT_MINUTES),
+        )
+
+    @classmethod
+    def requirements(cls) -> dict[str, str]:
+        """Return required environment variables."""
+        return {"E2B_API_KEY": "E2B API key for cloud sandbox execution"}
+
+    def run(
+        self,
+        task_id: str,
+        prompt: str,
+        workspace_path: Path,
+        on_event: Callable[[AgentEvent], None] | None = None,
+    ) -> AgentResult:
+        """Execute a task inside an E2B sandbox.
+
+        Args:
+            task_id: CodeFrame task identifier.
+            prompt: Rich context prompt (written to sandbox as a file).
+            workspace_path: Local workspace root to upload.
+            on_event: Optional progress callback.
+
+        Returns:
+            AgentResult with status, modified_files, and cloud_metadata.
+        """
+        start_time = time.monotonic()
+
+        def _emit(event_type: str, message: str, data: dict | None = None) -> None:
+            if on_event is not None:
+                on_event(AgentEvent(type=event_type, message=message, data=data or {}))
+            logger.info("[E2B] %s: %s", event_type, message)
+
+        # Step 1: Credential scan
+        _emit("progress", "Scanning workspace for credentials before upload...")
+        scan_result = scan_path(workspace_path)
+
+        if not scan_result.is_clean:
+            blocked = ", ".join(scan_result.blocked_files[:5])
+            error_msg = (
+                f"Credential scan failed: {len(scan_result.blocked_files)} "
+                f"sensitive file(s) detected and blocked from upload. "
+                f"Files: {blocked}"
+            )
+            _emit("error", error_msg)
+            elapsed = (time.monotonic() - start_time) / 60
+            return AgentResult(
+                status="failed",
+                error=error_msg,
+                cloud_metadata={
+                    "sandbox_minutes": elapsed,
+                    "cost_usd_estimate": 0.0,
+                    "files_uploaded": 0,
+                    "files_downloaded": 0,
+                    "credential_scan_blocked": len(scan_result.blocked_files),
+                },
+            )
+
+        # Step 2: Create sandbox
+        try:
+            from e2b import Sandbox
+        except ImportError:
+            return AgentResult(
+                status="failed",
+                error=(
+                    "The 'e2b' package is required for --engine cloud. "
+                    "Install it with: pip install 'codeframe[cloud]'"
+                ),
+                cloud_metadata={
+                    "sandbox_minutes": 0.0,
+                    "cost_usd_estimate": 0.0,
+                    "files_uploaded": 0,
+                    "files_downloaded": 0,
+                    "credential_scan_blocked": 0,
+                },
+            )
+
+        api_key = os.environ.get("E2B_API_KEY")
+        timeout_seconds = self._timeout_minutes * 60
+
+        _emit("progress", f"Creating E2B sandbox (timeout={self._timeout_minutes}min)...")
+        try:
+            sbx = Sandbox.create(
+                timeout=timeout_seconds,
+                api_key=api_key,
+            )
+        except Exception as exc:
+            elapsed = (time.monotonic() - start_time) / 60
+            return AgentResult(
+                status="failed",
+                error=f"Failed to create E2B sandbox: {exc}",
+                cloud_metadata={
+                    "sandbox_minutes": elapsed,
+                    "cost_usd_estimate": round(elapsed * _COST_PER_MINUTE, 6),
+                    "files_uploaded": 0,
+                    "files_downloaded": 0,
+                    "credential_scan_blocked": 0,
+                },
+            )
+
+        _emit("progress", f"Sandbox created: {sbx.sandbox_id}")
+
+        try:
+            # Step 3: Upload workspace files
+            files_uploaded = self._upload_workspace(sbx, workspace_path, _emit)
+            _emit("progress", f"Uploaded {files_uploaded} files to sandbox")
+
+            # Step 4: Initialize git baseline (for diff detection)
+            sbx.commands.run(
+                f"cd {_SANDBOX_WORKSPACE} && git init -q && git add -A && "
+                f"git -c user.email=agent@e2b.local -c user.name=agent commit -q -m init",
+                timeout=30,
+            )
+
+            # Step 5: Install codeframe
+            _emit("progress", "Installing codeframe in sandbox...")
+            install_result = sbx.commands.run(
+                f"cd {_SANDBOX_WORKSPACE} && {_INSTALL_CMD}",
+                timeout=300,
+            )
+            if install_result.exit_code != 0:
+                logger.warning("pip install warnings: %s", install_result.stderr[:500])
+
+            # Step 6: Run agent
+            # Pass secrets via the SDK's envs dict — never interpolate into shell strings
+            _emit("progress", f"Starting agent for task {task_id}...")
+            agent_envs: dict[str, str] = {}
+            anthropic_key = os.environ.get("ANTHROPIC_API_KEY", "")
+            if anthropic_key:
+                agent_envs["ANTHROPIC_API_KEY"] = anthropic_key
+
+            agent_cmd = f"cd {_SANDBOX_WORKSPACE} && cf work start {task_id} --execute"
+
+            output_lines: list[str] = []
+
+            def _on_stdout(line: str) -> None:
+                output_lines.append(line)
+                _emit("output", line, {"stream": "stdout"})
+
+            def _on_stderr(line: str) -> None:
+                output_lines.append(line)
+                _emit("output", line, {"stream": "stderr"})
+
+            agent_result = sbx.commands.run(
+                agent_cmd,
+                envs=agent_envs,
+                timeout=timeout_seconds,
+                on_stdout=_on_stdout,
+                on_stderr=_on_stderr,
+            )
+
+            output_text = "\n".join(output_lines)
+            agent_succeeded = agent_result.exit_code == 0
+
+            # Step 7: Download changed files
+            files_downloaded = 0
+            modified_files: list[str] = []
+
+            if agent_succeeded:
+                _emit("progress", "Downloading changed files from sandbox...")
+                modified_files, files_downloaded = self._download_changed_files(
+                    sbx, workspace_path, _emit
+                )
+
+            elapsed = (time.monotonic() - start_time) / 60
+            cloud_meta = {
+                "sandbox_minutes": round(elapsed, 3),
+                "cost_usd_estimate": round(elapsed * _COST_PER_MINUTE, 6),
+                "files_uploaded": files_uploaded,
+                "files_downloaded": files_downloaded,
+                "credential_scan_blocked": 0,
+            }
+
+            if agent_succeeded:
+                _emit("progress", "Execution complete")
+                return AgentResult(
+                    status="completed",
+                    output=output_text,
+                    modified_files=modified_files,
+                    cloud_metadata=cloud_meta,
+                )
+            else:
+                error = agent_result.stderr or output_text or "Agent exited with non-zero status"
+                _emit("error", f"Agent failed: {error[:200]}")
+                return AgentResult(
+                    status="failed",
+                    output=output_text,
+                    error=error[:500],
+                    cloud_metadata=cloud_meta,
+                )
+
+        finally:
+            try:
+                sbx.kill()
+            except Exception:
+                pass
+
+    def _upload_workspace(
+        self,
+        sbx: object,
+        workspace_path: Path,
+        emit: Callable[[str, str, dict | None], None],
+    ) -> int:
+        """Upload workspace files to sandbox, returning the count uploaded."""
+        _EXCLUDED = frozenset({
+            "__pycache__", ".git", ".mypy_cache", ".pytest_cache",
+            ".ruff_cache", "node_modules", ".venv", "venv",
+        })
+
+        uploaded = 0
+        for path in sorted(workspace_path.rglob("*")):
+            if any(part in _EXCLUDED for part in path.parts):
+                continue
+            if not path.is_file():
+                continue
+
+            rel = path.relative_to(workspace_path)
+            remote_path = f"{_SANDBOX_WORKSPACE}/{rel}"
+
+            try:
+                content = path.read_bytes()
+                sbx.files.write(remote_path, content)
+                uploaded += 1
+            except Exception as exc:
+                logger.warning("Failed to upload %s: %s", rel, exc)
+
+        return uploaded
+
+    def _download_changed_files(
+        self,
+        sbx: object,
+        workspace_path: Path,
+        emit: Callable[[str, str, dict | None], None],
+    ) -> tuple[list[str], int]:
+        """Download files changed or created by the agent.
+
+        Uses ``git status --porcelain`` to capture both modified tracked files
+        and newly created untracked files (git diff only sees tracked changes).
+
+        Returns:
+            Tuple of (list of relative file paths, count downloaded).
+        """
+        status_result = sbx.commands.run(
+            f"cd {_SANDBOX_WORKSPACE} && git status --porcelain",
+            timeout=30,
+        )
+
+        if status_result.exit_code != 0 or not status_result.stdout.strip():
+            return [], 0
+
+        changed: list[str] = []
+        for line in status_result.stdout.splitlines():
+            line = line.strip()
+            if not line:
+                continue
+            # porcelain format: XY filename (or "XY old -> new" for renames)
+            parts = line.split(None, 1)
+            if len(parts) < 2:
+                continue
+            xy, filepath = parts
+            # Handle renames: "R old -> new" — take the new name after " -> "
+            if " -> " in filepath:
+                filepath = filepath.split(" -> ", 1)[1]
+            changed.append(filepath.strip())
+
+        downloaded = 0
+        modified_files: list[str] = []
+
+        for rel_path in changed:
+            remote = f"{_SANDBOX_WORKSPACE}/{rel_path}"
+            local = workspace_path / rel_path
+
+            try:
+                content = sbx.files.read(remote)
+                local.parent.mkdir(parents=True, exist_ok=True)
+                if isinstance(content, str):
+                    local.write_text(content, encoding="utf-8")
+                else:
+                    local.write_bytes(bytes(content))
+                modified_files.append(rel_path)
+                downloaded += 1
+                logger.debug("Downloaded: %s", rel_path)
+            except Exception as exc:
+                logger.warning("Failed to download %s: %s", rel_path, exc)
+
+        emit("progress", f"Downloaded {downloaded} changed file(s)")
+        return modified_files, downloaded

codeframe/adapters/e2b/budget.py

@@ -0,0 +1,71 @@
+"""Cloud run metadata persistence for E2B budget tracking.
+
+Records sandbox execution metrics (minutes, cost, file counts) in the
+cloud_run_metadata SQLite table and provides lookup for the work show command.
+"""
+
+from __future__ import annotations
+
+import sqlite3
+from datetime import datetime, timezone
+from typing import Any
+
+
+def record_cloud_run(
+    workspace: Any,
+    run_id: str,
+    sandbox_minutes: float,
+    cost_usd: float,
+    files_uploaded: int,
+    files_downloaded: int,
+    scan_blocked: int,
+) -> None:
+    """Insert a cloud run record into cloud_run_metadata.
+
+    Args:
+        workspace: Workspace instance with db_path attribute.
+        run_id: CodeFrame run identifier.
+        sandbox_minutes: Wall-clock minutes the sandbox was alive.
+        cost_usd: Estimated cost in USD.
+        files_uploaded: Number of files uploaded to the sandbox.
+        files_downloaded: Number of changed files downloaded from sandbox.
+        scan_blocked: Number of files blocked by credential scanner.
+    """
+    created_at = datetime.now(timezone.utc).isoformat()
+    conn = sqlite3.connect(workspace.db_path)
+    try:
+        conn.execute(
+            """
+            INSERT OR REPLACE INTO cloud_run_metadata
+                (run_id, sandbox_minutes, cost_usd_estimate,
+                 files_uploaded, files_downloaded,
+                 credential_scan_blocked, created_at)
+            VALUES (?, ?, ?, ?, ?, ?, ?)
+            """,
+            (run_id, sandbox_minutes, cost_usd,
+             files_uploaded, files_downloaded, scan_blocked, created_at),
+        )
+        conn.commit()
+    finally:
+        conn.close()
+
+
+def get_cloud_run(workspace: Any, run_id: str) -> dict | None:
+    """Retrieve a cloud run record by run_id.
+
+    Args:
+        workspace: Workspace instance with db_path attribute.
+        run_id: CodeFrame run identifier.
+
+    Returns:
+        Dict with cloud run fields, or None if not found.
+    """
+    conn = sqlite3.connect(workspace.db_path)
+    conn.row_factory = sqlite3.Row
+    try:
+        row = conn.execute(
+            "SELECT * FROM cloud_run_metadata WHERE run_id = ?", (run_id,)
+        ).fetchone()
+        return dict(row) if row else None
+    finally:
+        conn.close()

codeframe/adapters/e2b/credential_scanner.py

@@ -0,0 +1,134 @@
+"""Credential scanner for workspace upload safety.
+
+Scans a directory tree for sensitive files and secret patterns before
+uploading to an E2B sandbox, preventing accidental credential leakage.
+"""
+
+from __future__ import annotations
+
+import logging
+import re
+from dataclasses import dataclass, field
+from pathlib import Path
+
+logger = logging.getLogger(__name__)
+
+# Directories that are always excluded from scanning and upload counts
+_EXCLUDED_DIRS = frozenset({
+    "__pycache__",
+    ".git",
+    ".mypy_cache",
+    ".pytest_cache",
+    ".ruff_cache",
+    "node_modules",
+    ".venv",
+    "venv",
+    ".tox",
+    "dist",
+    "build",
+    ".eggs",
+})
+
+# High-risk filename/extension patterns (case-insensitive glob-style matching)
+_BLOCKED_FILENAME_PATTERNS = (
+    re.compile(r"^\.env$"),
+    re.compile(r"^\.env\."),
+    re.compile(r"\.pem$"),
+    re.compile(r"\.key$"),
+    re.compile(r"^id_rsa$"),
+    re.compile(r"^id_dsa$"),
+    re.compile(r"^id_ecdsa$"),
+    re.compile(r"^id_ed25519$"),
+    re.compile(r"^credentials$"),
+    re.compile(r"^secrets\..+"),
+    re.compile(r"\.pfx$"),
+    re.compile(r"\.p12$"),
+)
+
+# Content patterns that indicate embedded secrets (applied to text files)
+_SECRET_CONTENT_PATTERNS = (
+    re.compile(r"AKIA[0-9A-Z]{16}"),                       # AWS access key
+    re.compile(r"sk-[a-zA-Z0-9]{48}"),                     # OpenAI API key
+    re.compile(r"ghp_[a-zA-Z0-9]{36}"),                    # GitHub PAT
+    re.compile(r"ghs_[a-zA-Z0-9]{36}"),                    # GitHub app token
+    re.compile(r"(?i)(api_key|secret|password)\s*=\s*['\"][^'\"]{8,}['\"]"),
+)
+
+# Max bytes to sample for content scanning (avoid reading huge binaries)
+_MAX_CONTENT_SAMPLE = 8192
+
+
+@dataclass
+class ScanResult:
+    """Result of a credential scan."""
+
+    blocked_files: list[str] = field(default_factory=list)
+    scanned_count: int = 0
+    is_clean: bool = True
+
+
+def scan_path(root: Path) -> ScanResult:
+    """Scan *root* for credentials before uploading to a sandbox.
+
+    Walks the directory tree, checks filenames against the blocklist, and
+    samples text file content for known secret patterns.
+
+    Args:
+        root: Root directory to scan.
+
+    Returns:
+        ScanResult with blocked file list, scanned count, and is_clean flag.
+    """
+    result = ScanResult()
+
+    for path in sorted(root.rglob("*")):
+        # Skip excluded directories
+        if any(part in _EXCLUDED_DIRS for part in path.parts):
+            continue
+
+        if not path.is_file():
+            continue
+
+        filename = path.name
+        rel = str(path.relative_to(root))
+
+        # Check filename against blocklist
+        if _is_blocked_filename(filename):
+            result.blocked_files.append(rel)
+            result.is_clean = False
+            logger.info("Blocked (filename): %s", rel)
+            result.scanned_count += 1
+            continue
+
+        # Check content for secret patterns (text files only)
+        if _contains_secret(path):
+            result.blocked_files.append(rel)
+            result.is_clean = False
+            logger.info("Blocked (content pattern): %s", rel)
+
+        result.scanned_count += 1
+        logger.debug("Scanned: %s", rel)
+
+    return result
+
+
+def _is_blocked_filename(filename: str) -> bool:
+    """Return True if *filename* matches any high-risk pattern."""
+    for pattern in _BLOCKED_FILENAME_PATTERNS:
+        if pattern.search(filename):
+            return True
+    return False
+
+
+def _contains_secret(path: Path) -> bool:
+    """Return True if the file content matches any known secret pattern."""
+    try:
+        content = path.read_bytes()[:_MAX_CONTENT_SAMPLE]
+        text = content.decode("utf-8", errors="replace")
+    except OSError:
+        return False
+
+    for pattern in _SECRET_CONTENT_PATTERNS:
+        if pattern.search(text):
+            return True
+    return False

codeframe/adapters/llm/__init__.py

@@ -0,0 +1,92 @@
+"""LLM adapter package.
+
+Provides a unified interface for LLM providers with task-based model selection.
+
+Usage:
+    from codeframe.adapters.llm import AnthropicProvider, get_provider
+
+    # Get configured provider
+    provider = get_provider()
+
+    # Or create directly
+    provider = AnthropicProvider()
+
+    # Make a completion
+    response = provider.complete(
+        messages=[{"role": "user", "content": "Hello"}],
+        purpose="planning",  # Selects appropriate model
+    )
+"""
+
+import os
+
+from codeframe.adapters.llm.base import (
+    LLMProvider,
+    LLMResponse,
+    Message,
+    ModelSelector,
+    Purpose,
+    StreamChunk,
+    Tool,
+    ToolCall,
+    ToolResult,
+)
+from codeframe.adapters.llm.anthropic import AnthropicProvider
+from codeframe.adapters.llm.mock import MockProvider
+from codeframe.adapters.llm.openai import OpenAIProvider
+
+__all__ = [
+    "LLMProvider",
+    "LLMResponse",
+    "Message",
+    "ModelSelector",
+    "Purpose",
+    "StreamChunk",
+    "Tool",
+    "ToolCall",
+    "ToolResult",
+    "AnthropicProvider",
+    "MockProvider",
+    "OpenAIProvider",
+    "get_provider",
+]
+
+_OPENAI_COMPATIBLE = {"openai", "ollama", "vllm", "compatible"}
+
+
+def get_provider(provider_type: str = "anthropic", **kwargs) -> LLMProvider:
+    """Get a configured LLM provider.
+
+    Args:
+        provider_type: Provider type ("anthropic", "openai", "ollama",
+            "vllm", "compatible", or "mock"). OpenAI-compatible types are
+            all routed to OpenAIProvider.
+        **kwargs: Optional overrides passed to the provider constructor.
+            Supported keys: api_key, model, base_url.
+            For local providers (ollama, vllm, compatible) that don't
+            require authentication, api_key defaults to "not-required"
+            if OPENAI_API_KEY is not set.
+
+    Returns:
+        Configured LLMProvider instance
+
+    Raises:
+        ValueError: If provider type is unknown
+    """
+    if provider_type in _OPENAI_COMPATIBLE:
+        api_key = kwargs.get("api_key") or os.environ.get("OPENAI_API_KEY")
+        if not api_key and provider_type != "openai":
+            # Local providers (ollama, vllm, compatible) don't need real auth;
+            # the openai SDK still requires a non-empty api_key value.
+            api_key = "not-required"
+        return OpenAIProvider(
+            api_key=api_key,
+            model=kwargs.get("model", os.environ.get("CODEFRAME_LLM_MODEL", "gpt-4o")),
+            base_url=kwargs.get("base_url", os.environ.get("OPENAI_BASE_URL")),
+        )
+    elif provider_type == "anthropic":
+        return AnthropicProvider()
+    elif provider_type == "mock":
+        return MockProvider()
+    else:
+        raise ValueError(f"Unknown provider type: {provider_type}")