PyPI - conduct-cli - Versions diffs - 0.2.0__py3-none-any.whl - Mend

conduct-cli 0.2.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

conduct_cli/__init__.py +0 -0
conduct_cli/api.py +100 -0
conduct_cli/guard.py +421 -0
conduct_cli/main.py +1154 -0
conduct_cli-0.2.0.dist-info/METADATA +108 -0
conduct_cli-0.2.0.dist-info/RECORD +9 -0
conduct_cli-0.2.0.dist-info/WHEEL +5 -0
conduct_cli-0.2.0.dist-info/entry_points.txt +2 -0
conduct_cli-0.2.0.dist-info/top_level.txt +1 -0

conduct_cli/__init__.py ADDED Viewed

File without changes

conduct_cli/api.py ADDED Viewed

@@ -0,0 +1,100 @@
+import json
+import socket
+import sys
+import urllib.request
+import urllib.error
+RED   = "\033[31m"
+RESET = "\033[0m"
+DEV_WORKSPACE = "00000000-0000-0000-0000-000000000001"
+def headers(workspace_id: str, token=None, content_type="application/json", api_key=None) -> dict:
+    h = {"Content-Type": content_type, "X-Workspace-Id": workspace_id}
+    if api_key:
+        h["X-Api-Key"] = api_key
+    elif token:
+        h["Authorization"] = f"Bearer {token}"
+    return h
+def req(method: str, url: str, hdrs: dict, body=None, timeout: int = 30) -> dict:
+    data = json.dumps(body).encode() if body is not None else None
+    r = urllib.request.Request(url, data=data, headers=hdrs, method=method)
+    try:
+        with urllib.request.urlopen(r, timeout=timeout) as resp:
+            raw = resp.read()
+            return json.loads(raw) if raw else {}
+    except urllib.error.HTTPError as e:
+        raw = e.read().decode()
+        try:
+            detail = json.loads(raw).get("detail", raw)
+        except Exception:
+            detail = raw
+        print(f"{RED}HTTP {e.code}: {detail}{RESET}")
+        sys.exit(1)
+    except (socket.timeout, TimeoutError):
+        print(f"{RED}Request timed out: {url}{RESET}")
+        sys.exit(1)
+def req_text(method: str, url: str, hdrs: dict, body_text: str, timeout: int = 30) -> dict:
+    r = urllib.request.Request(url, data=body_text.encode(), headers=hdrs, method=method)
+    try:
+        with urllib.request.urlopen(r, timeout=timeout) as resp:
+            raw = resp.read()
+            return json.loads(raw) if raw else {}
+    except urllib.error.HTTPError as e:
+        raw = e.read().decode()
+        try:
+            detail = json.loads(raw).get("detail", raw)
+        except Exception:
+            detail = raw
+        print(f"{RED}HTTP {e.code}: {detail}{RESET}")
+        sys.exit(1)
+    except (socket.timeout, TimeoutError):
+        print(f"{RED}Request timed out: {url}{RESET}")
+        sys.exit(1)
+def stream(url: str, hdrs=None):
+    """Yield parsed SSE data dicts."""
+    r = urllib.request.Request(url, headers=hdrs or {})
+    try:
+        resp = urllib.request.urlopen(r)
+    except urllib.error.HTTPError as e:
+        msg = e.read().decode()
+        raise RuntimeError(f"Stream {e.code}: {msg}")
+    buf = b""
+    while True:
+        chunk = resp.read(1)
+        if not chunk:
+            break
+        buf += chunk
+        if buf.endswith(b"\n\n"):
+            text = buf.decode().strip()
+            buf  = b""
+            event = "message"
+            for line in text.splitlines():
+                if line.startswith("event:"):
+                    event = line[6:].strip()
+                elif line.startswith("data:"):
+                    try:
+                        data = json.loads(line[5:].strip())
+                    except json.JSONDecodeError:
+                        data = {"raw": line[5:].strip()}
+                    data.setdefault("kind", event)
+                    yield data
+            event = "message"
+def find_or_create_workflow(server: str, name: str, hdrs: dict) -> str:
+    for wf in req("GET", f"{server}/workflows", hdrs):
+        if wf["name"] == name:
+            return wf["id"]
+    wf = req("POST", f"{server}/workflows", hdrs, {
+        "name": name,
+        "graph": {"nodes": [], "edges": []},
+    })
+    return wf["id"]

conduct_cli/guard.py ADDED Viewed

@@ -0,0 +1,421 @@
+"""conduct guard — team policy + MCP registration subcommand."""
+import json
+import sys
+import urllib.error
+import urllib.request
+from datetime import datetime, timedelta, timezone
+from pathlib import Path
+RESET  = "\033[0m"
+BOLD   = "\033[1m"
+GREEN  = "\033[32m"
+RED    = "\033[31m"
+BLUE   = "\033[34m"
+GRAY   = "\033[90m"
+CYAN   = "\033[36m"
+YELLOW = "\033[33m"
+GUARD_DIR    = Path.home() / ".conductguard"
+CONFIG_PATH  = GUARD_DIR / "config.json"
+POLICY_PATH  = GUARD_DIR / "policy.json"
+# AI tool config files and the label to show the user
+_MCP_TARGETS = [
+    (Path.home() / ".claude"    / "settings.json", "Claude Code"),
+    (Path.home() / ".cursor"    / "mcp.json",      "Cursor"),
+    (Path.home() / ".windsurf"  / "mcp.json",      "Windsurf"),
+    (Path.home() / ".codex"     / "mcp.json",      "Codex"),
+]
+# ── Guard config helpers ──────────────────────────────────────────────────────
+def _load_guard_config() -> dict:
+    if CONFIG_PATH.exists():
+        return json.loads(CONFIG_PATH.read_text())
+    return {}
+def _save_guard_config(data: dict):
+    GUARD_DIR.mkdir(parents=True, exist_ok=True)
+    CONFIG_PATH.write_text(json.dumps(data, indent=2))
+def _require_guard_config() -> dict:
+    cfg = _load_guard_config()
+    if not cfg or not cfg.get("team_id"):
+        print(f"{RED}Not connected. Run: conduct guard join <invite-code>{RESET}")
+        sys.exit(1)
+    return cfg
+def _api_url(cfg: dict) -> str:
+    return cfg.get("api_url", "https://api.conductai.ai").rstrip("/")
+# ── HTTP helpers (no third-party deps — mirrors api.py style) ─────────────────
+def _req(method: str, url: str, body=None, token: str = None, timeout: int = 20) -> dict:
+    headers = {"Content-Type": "application/json"}
+    if token:
+        headers["Authorization"] = f"Bearer {token}"
+    data = json.dumps(body).encode() if body is not None else None
+    r = urllib.request.Request(url, data=data, headers=headers, method=method)
+    try:
+        with urllib.request.urlopen(r, timeout=timeout) as resp:
+            raw = resp.read()
+            return json.loads(raw) if raw else {}
+    except urllib.error.HTTPError as e:
+        raw = e.read().decode()
+        try:
+            detail = json.loads(raw).get("detail", raw)
+        except Exception:
+            detail = raw
+        print(f"{RED}HTTP {e.code}: {detail}{RESET}")
+        sys.exit(1)
+    except Exception:
+        print(f"{RED}Could not reach ConductAI API. Check your connection.{RESET}")
+        sys.exit(1)
+# ── MCP registration helpers ──────────────────────────────────────────────────
+def _mcp_entry(team_id: str, member_token: str) -> dict:
+    return {
+        "command": "conductguard-mcp",
+        "args": ["--team", team_id, "--token", member_token],
+    }
+def _register_mcp(team_id: str, member_token: str) -> list[tuple[str, bool]]:
+    """Write MCP entry into every found AI tool config. Returns list of (label, registered_now)."""
+    entry   = _mcp_entry(team_id, member_token)
+    results = []
+    for cfg_path, label in _MCP_TARGETS:
+        if not cfg_path.exists():
+            continue
+        try:
+            existing = json.loads(cfg_path.read_text())
+        except (json.JSONDecodeError, OSError):
+            existing = {}
+        mcp_servers = existing.get("mcpServers", {})
+        current     = mcp_servers.get("conductguard", {})
+        # Idempotent: only write if missing or token changed
+        if (current.get("command") == entry["command"]
+                and current.get("args") == entry["args"]):
+            results.append((label, False))
+            continue
+        mcp_servers["conductguard"] = entry
+        existing["mcpServers"]      = mcp_servers
+        try:
+            cfg_path.write_text(json.dumps(existing, indent=2))
+            results.append((label, True))
+        except OSError:
+            print(f"{YELLOW}Warning: could not write to {cfg_path} — skipping.{RESET}")
+            results.append((label, False))
+    return results
+def _save_policy(policy: dict):
+    GUARD_DIR.mkdir(parents=True, exist_ok=True)
+    POLICY_PATH.write_text(json.dumps(policy, indent=2))
+# ── since-string parser ───────────────────────────────────────────────────────
+def _parse_since(since_str: str) -> str:
+    """Convert '7d', '24h', '1h', '30d' to an ISO-8601 UTC timestamp string."""
+    unit  = since_str[-1].lower()
+    value = int(since_str[:-1])
+    delta_map = {"h": timedelta(hours=value), "d": timedelta(days=value)}
+    if unit not in delta_map:
+        print(f"{RED}Invalid --since value '{since_str}'. Use: 1h, 24h, 7d, 30d{RESET}")
+        sys.exit(1)
+    return (datetime.now(tz=timezone.utc) - delta_map[unit]).isoformat()
+# ── Commands ──────────────────────────────────────────────────────────────────
+def cmd_guard_join(args):
+    invite_code = args.invite_code
+    # Prompt for email if not supplied
+    email = getattr(args, "email", None) or input("Email address: ").strip()
+    if not email:
+        print(f"{RED}Email is required.{RESET}")
+        sys.exit(1)
+    # Use configured API URL or default
+    existing_cfg = _load_guard_config()
+    base_url     = existing_cfg.get("api_url", "https://api.conductai.ai").rstrip("/")
+    print(f"\nJoining team with invite code {CYAN}{invite_code}{RESET}…")
+    payload = {
+        "invite_code": invite_code,
+        "email":       email,
+    }
+    result = _req("POST", f"{base_url}/guard/teams/join", body=payload)
+    team_id      = result["team_id"]
+    team_name    = result.get("team_name", team_id)
+    member_id    = result["member_id"]
+    member_token = result.get("member_token", "")
+    policy       = result.get("policy", {"team_id": team_id, "version": "", "rules": []})
+    # Download and persist policy
+    _save_policy(policy)
+    rule_count = len(policy.get("rules", []))
+    print(f"  {GREEN}Policy downloaded:{RESET} {rule_count} rule(s)")
+    # Register MCP in all found tool configs
+    registered = _register_mcp(team_id, member_token)
+    new_tools   = [label for label, is_new in registered if is_new]
+    all_tools   = [label for label, _ in registered]
+    for label, is_new in registered:
+        icon = f"{GREEN}registered{RESET}" if is_new else f"{GRAY}already registered{RESET}"
+        print(f"  {label} -> {icon}")
+    # Persist guard config
+    cfg = {
+        "team_id":    team_id,
+        "team_name":  team_name,
+        "member_id":  member_id,
+        "user_email": email,
+        "api_url":    base_url,
+    }
+    if member_token:
+        cfg["member_token"] = member_token
+    _save_guard_config(cfg)
+    print(
+        f"\n{BOLD}{GREEN}Connected to {team_name}.{RESET} "
+        f"{len(all_tools)} AI tool(s) registered. "
+        f"{rule_count} polic{'y' if rule_count == 1 else 'ies'} active."
+    )
+def cmd_guard_sync(args):
+    cfg          = _require_guard_config()
+    team_id      = cfg["team_id"]
+    member_token = cfg.get("member_token", "")
+    base_url     = _api_url(cfg)
+    print(f"Syncing policy for team {CYAN}{cfg.get('team_name', team_id)}{RESET}…")
+    policy = _req(
+        "GET",
+        f"{base_url}/guard/policies/sync?team_id={team_id}",
+        token=member_token,
+    )
+    _save_policy(policy)
+    rule_count = len(policy.get("rules", []))
+    print(f"  {GREEN}Policy refreshed:{RESET} {rule_count} rule(s)")
+    # Re-scan and register any newly found tool configs
+    registered = _register_mcp(team_id, member_token)
+    new_tools  = [(label, is_new) for label, is_new in registered if is_new]
+    if new_tools:
+        for label, _ in new_tools:
+            print(f"  {label} newly detected -> {GREEN}registered{RESET}")
+    else:
+        print(f"  {GRAY}No new AI tool configs detected.{RESET}")
+    print(f"\n{BOLD}Policy refreshed ({rule_count} rule(s)).{RESET}")
+def cmd_guard_status(args):
+    cfg          = _require_guard_config()
+    team_id      = cfg["team_id"]
+    user_email   = cfg.get("user_email", "")
+    team_name    = cfg.get("team_name", team_id)
+    member_token = cfg.get("member_token", "")
+    base_url     = _api_url(cfg)
+    # Load local policy for rule count
+    rule_count = 0
+    if POLICY_PATH.exists():
+        try:
+            policy     = json.loads(POLICY_PATH.read_text())
+            rule_count = len(policy.get("rules", []))
+        except Exception:
+            pass
+    # Fetch today's spend
+    spend = {}
+    try:
+        spend = _req(
+            "GET",
+            f"{base_url}/guard/spend?team_id={team_id}",
+            token=member_token,
+        )
+    except SystemExit:
+        pass
+    # Fetch recent violations (today)
+    today_iso = datetime.now(tz=timezone.utc).replace(
+        hour=0, minute=0, second=0, microsecond=0
+    ).isoformat()
+    events: list = []
+    try:
+        events = _req(
+            "GET",
+            (
+                f"{base_url}/guard/events"
+                f"?team_id={team_id}"
+                f"&user_email={user_email}"
+                f"&since={today_iso}"
+                f"&limit=20"
+            ),
+            token=member_token,
+        )
+        if not isinstance(events, list):
+            events = events.get("events", [])
+    except SystemExit:
+        pass
+    violations = [e for e in events if e.get("decision") == "blocked"]
+    # Format spend figures
+    sessions     = spend.get("sessions", 0)
+    tokens_used  = spend.get("tokens_used", 0)
+    token_saved_pct = spend.get("token_saved_pct", 0)
+    cost         = spend.get("cost_usd", 0.0)
+    cost_saved   = spend.get("cost_saved_usd", 0.0)
+    viol_summary = ""
+    if violations:
+        rule_names = ", ".join(
+            v.get("rule", "unknown") for v in violations[:3]
+        )
+        viol_summary = f"  ({rule_names} — blocked)"
+    print(f"\n{BOLD}Guard status{RESET} — {user_email}")
+    print(f"Team: {team_name} · {rule_count} polic{'y' if rule_count == 1 else 'ies'} active")
+    print()
+    print(f"Today:")
+    print(f"  Sessions: {sessions}")
+    print(f"  Tokens used: {tokens_used:,}  (saved {token_saved_pct}% via optimization)")
+    print(f"  Cost: ${cost:.2f}  (saved ${cost_saved:.2f})")
+    print(f"  Violations: {len(violations)}{viol_summary}")
+    print()
+def cmd_guard_audit(args):
+    cfg          = _require_guard_config()
+    team_id      = cfg["team_id"]
+    user_email   = cfg.get("user_email", "")
+    member_token = cfg.get("member_token", "")
+    base_url     = _api_url(cfg)
+    since_str = getattr(args, "since", None) or "24h"
+    since_iso = _parse_since(since_str)
+    events_resp = _req(
+        "GET",
+        (
+            f"{base_url}/guard/events"
+            f"?team_id={team_id}"
+            f"&user_email={user_email}"
+            f"&since={since_iso}"
+            f"&limit=50"
+        ),
+        token=member_token,
+    )
+    events = events_resp if isinstance(events_resp, list) else events_resp.get("events", [])
+    if not events:
+        print(f"{GRAY}No events in the last {since_str}.{RESET}")
+        return
+    # Table header
+    ts_w     = 22
+    tool_w   = 14
+    action_w = 28
+    dec_w    = 10
+    print()
+    print(
+        f"{BOLD}"
+        f"{'Timestamp':<{ts_w}} "
+        f"{'Tool':<{tool_w}} "
+        f"{'Action':<{action_w}} "
+        f"{'Decision':<{dec_w}} "
+        f"{'Rule'}"
+        f"{RESET}"
+    )
+    print("─" * (ts_w + tool_w + action_w + dec_w + 20))
+    for ev in events:
+        ts_raw   = ev.get("timestamp", ev.get("created_at", ""))
+        ts       = ts_raw[:19].replace("T", " ") if ts_raw else "—"
+        tool     = (ev.get("tool") or "—")[:tool_w - 1]
+        action   = (ev.get("action") or "—")[:action_w - 1]
+        decision = ev.get("decision", "—")
+        rule     = ev.get("rule", "—")
+        dec_color = RED if decision == "blocked" else GREEN if decision == "allowed" else GRAY
+        print(
+            f"  {GRAY}{ts:<{ts_w}}{RESET} "
+            f"{tool:<{tool_w}} "
+            f"{action:<{action_w}} "
+            f"{dec_color}{decision:<{dec_w}}{RESET} "
+            f"{GRAY}{rule}{RESET}"
+        )
+    print()
+# ── Subparser registration (called from main.py) ──────────────────────────────
+def register_guard_parser(sub):
+    """Attach the `guard` subparser tree to an existing argparse subparsers object."""
+    guard_p = sub.add_parser("guard", help="Guard — team policies and MCP registration")
+    guard_sub = guard_p.add_subparsers(dest="guard_command")
+    # conduct guard join <invite-code>
+    join_p = guard_sub.add_parser("join", help="Join a team with an invite code")
+    join_p.add_argument("invite_code", help="Team invite code")
+    join_p.add_argument("--email", help="Your email address (prompted if omitted)")
+    # conduct guard sync
+    guard_sub.add_parser("sync", help="Refresh policy and re-scan for AI tools")
+    # conduct guard status
+    guard_sub.add_parser("status", help="Show today's spend and violations")
+    # conduct guard audit [--since 7d]
+    audit_p = guard_sub.add_parser("audit", help="Show recent guard events")
+    audit_p.add_argument(
+        "--since",
+        default="24h",
+        metavar="PERIOD",
+        help="Time window: 1h, 24h, 7d, 30d (default: 24h)",
+    )
+    return guard_p, guard_sub
+def dispatch_guard(args, guard_p):
+    """Dispatch to the correct guard handler. Called from main()."""
+    guard_command = getattr(args, "guard_command", None)
+    if guard_command == "join":
+        cmd_guard_join(args)
+    elif guard_command == "sync":
+        cmd_guard_sync(args)
+    elif guard_command == "status":
+        cmd_guard_status(args)
+    elif guard_command == "audit":
+        cmd_guard_audit(args)
+    else:
+        guard_p.print_help()
+        sys.exit(1)