dacli-core 0.4.0__tar.gz

dacli_core-0.4.0/PKG-INFO

@@ -0,0 +1,30 @@
+Metadata-Version: 2.4
+Name: dacli-core
+Version: 0.4.0
+Summary: Headless governed extension host for dacli — runs with no TUI installed
+Author-email: Mouad Jaouhari <github@mj-dev.net>
+Project-URL: Homepage, https://github.com/mouadja02/dacli
+Keywords: agent,governance,extension host,data engineering
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+Requires-Dist: dacli-ai==0.3.0
+Requires-Dist: pydantic<3,>=2.5
+Requires-Dist: pyyaml<7,>=6
+Requires-Dist: python-dotenv<2,>=1
+Requires-Dist: httpx<1,>=0.27
+Requires-Dist: cryptography<49,>=42
+Requires-Dist: tiktoken<1,>=0.7
+Requires-Dist: rich<16,>=13
+Provides-Extra: pty
+Requires-Dist: pywinpty<3,>=2; sys_platform == "win32" and extra == "pty"
+Requires-Dist: ptyprocess<1,>=0.7; sys_platform != "win32" and extra == "pty"
+Provides-Extra: keyring
+Requires-Dist: keyring<26,>=24; extra == "keyring"
+
+# dacli-core
+
+The governed extension host: agent loop, extension registry, governance gate,
+secrets, post-condition verify, context economy, dispatcher, and the `~/.dacli/`
+resolver. Runs headless (`--mode json`) with no TUI installed.
+
+Part of [dacli](https://github.com/mouadja02/dacli). Depends on `dacli-ai`.

dacli_core-0.4.0/README.md

@@ -0,0 +1,7 @@
+# dacli-core
+
+The governed extension host: agent loop, extension registry, governance gate,
+secrets, post-condition verify, context economy, dispatcher, and the `~/.dacli/`
+resolver. Runs headless (`--mode json`) with no TUI installed.
+
+Part of [dacli](https://github.com/mouadja02/dacli). Depends on `dacli-ai`.

dacli_core-0.4.0/pyproject.toml

@@ -0,0 +1,53 @@
+[build-system]
+requires = ["setuptools>=68"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "dacli-core"
+dynamic = ["version"]
+description = "Headless governed extension host for dacli — runs with no TUI installed"
+readme = "README.md"
+requires-python = ">=3.10"
+authors = [{ name = "Mouad Jaouhari", email = "github@mj-dev.net" }]
+keywords = ["agent", "governance", "extension host", "data engineering"]
+# The host, kernel, extension registry, governance gate, secrets, verify, context
+# economy, dispatcher, paths resolver, audit ledger. Depends on dacli-ai. Runs
+# headless (--mode json) with dacli-tui NOT installed: rich is here for console
+# output, but the TUI (textual/prompt-toolkit, the dacli-tui wheel) is not pulled.
+dependencies = [
+    "dacli-ai==0.3.0",
+    "pydantic>=2.5,<3",
+    "pyyaml>=6,<7",
+    "python-dotenv>=1,<2",
+    "httpx>=0.27,<1",
+    "cryptography>=42,<49",
+    "tiktoken>=0.7,<1",
+    "rich>=13,<16",
+]
+
+[project.optional-dependencies]
+# Faithful TTY for the governed terminal. The shell path works over stdlib pipes;
+# install only for ANSI/interactive fidelity. Lazy-imported in sandbox.shells.
+pty = [
+    "pywinpty>=2,<3 ; sys_platform == 'win32'",
+    "ptyprocess>=0.7,<1 ; sys_platform != 'win32'",
+]
+# Store the Fernet key in the OS keyring instead of the .key file. Selected with
+# DACLI_KEY_BACKEND=keyring; lazy-imported in core.crypto.
+keyring = ["keyring>=24,<26"]
+
+[project.urls]
+Homepage = "https://github.com/mouadja02/dacli"
+
+[tool.setuptools.dynamic]
+version = { attr = "dacli.core.__version__" }
+
+[tool.setuptools.packages.find]
+where = ["src"]
+include = ["dacli*"]
+namespaces = true
+
+[tool.setuptools.package-data]
+"dacli.prompts" = ["*.md", "fragments/*.md"]
+"dacli.config" = ["*.yaml"]
+"dacli.connectors" = ["templates/*", "**/manifest.yaml", "**/SKILL.md"]

dacli_core-0.4.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

dacli_core-0.4.0/src/dacli/config/__init__.py

@@ -0,0 +1,68 @@
+from dacli.config.settings import (
+    ConnectorConfig,
+    Settings,
+    is_llm_configured,
+    load_config,
+)
+
+CLI_COMMANDS = [
+    ("/help", "Show this help message"),
+    ("/keys", "Show keyboard shortcuts"),
+    ("/init", "Generate a DACLI.md priors draft from your config"),
+    ("/status", "Show current progress and state"),
+    (
+        "/doctor",
+        "Diagnose config/state/LLM/connectors (where things resolve, what's live)",
+    ),
+    ("/usage", "Show token usage and cost (overall, by model, this session)"),
+    ("/context", "Explain the assembled context (sources, tokens, budget)"),
+    ("/audit", "Show governance decisions for this session (why the agent acted)"),
+    ("/why-failed [dag]", "Explain the most recent pipeline failure + a governed fix"),
+    ("/tools", "Show enabled tools and capabilities"),
+    (
+        "/connect [ext]",
+        "Configure an extension's credentials — interactive, or pass a name",
+    ),
+    ("/new-extension", "Generate a new extension from a natural-language description"),
+    ("/reload", "Reload extensions from disk without restarting"),
+    ("/extensions", "List loaded extensions, status, and config state"),
+    (
+        "/scope [ext] [level]",
+        "View or set permission scope (read_only|write|risky|admin)",
+    ),
+    ("/creds [ext] [--delete]", "View stored credentials (masked) or delete them"),
+    (
+        "/workspace [name]",
+        "List or switch workspaces (own extensions, secrets, history, audit)",
+    ),
+    (
+        "/testmode [tool]",
+        "Toggle staging test mode (health-gated, side-effect-free) for new connectors",
+    ),
+    ("/setup", "Walk through a first connection (conversational onboarding)"),
+    ("/history", "Show conversation history"),
+    ("/find <text>", "Search history and tool results for matching turns"),
+    ("/last-error", "Re-show the most recent failed tool result"),
+    ("/expand <id>", "Re-render a tool result in full from the off-context spill"),
+    ("/transcript", "Open the full-screen transcript viewer (needs dacli[tui])"),
+    ("/sessions", "List available sessions"),
+    ("/catalog [connector]", "List known data objects from the catalog cache"),
+    ("/schema <object>", "Show cached columns/row-count for one object"),
+    ("/load <id>", "Load a previous session"),
+    ("/export", "Export current state to JSON"),
+    ("/config", "Show current configuration"),
+    ("/theme <name>", "Switch UI theme (dark, light, ocean, mono)"),
+    ("/prompt", "View/edit the system prompt"),
+    ("/clear", "Clear conversation history"),
+    ("/cls", "Clear the screen (keeps conversation history)"),
+    ("/reset", "Reset agent state"),
+    ("/exit", "Exit the CLI"),
+]
+
+__all__ = [
+    "CLI_COMMANDS",
+    "ConnectorConfig",
+    "Settings",
+    "is_llm_configured",
+    "load_config",
+]

dacli_core-0.4.0/src/dacli/config/policy.yaml

@@ -0,0 +1,100 @@
+# DACLI governance policy.
+#
+# Maps blast-radius tiers to enforcement decisions. This file lets a team tune
+# velocity vs. caution per connector / environment WITHOUT code changes. Absent
+# any override, the locked posture applies:
+#
+#   safe         -> auto             (run immediately)
+#   write        -> verify           (run + mandatory post-condition)
+#   risky        -> confirm          (human confirm + rollback plan)
+#   irreversible -> dry_run+approve  (dry-run + verified rollback + approval)
+#
+# Resolution is most-specific-wins:
+#   connectors.<id>.environments.<env>  >  connectors.<id>.tiers  >  defaults
+#
+# Valid decisions: auto | verify | confirm | dry_run+approve
+
+# Global tier -> decision overrides (apply to every connector unless a more
+# specific rule below matches). Leave empty to keep the locked posture.
+defaults: {}
+
+# Identifier tokens that mark an action's target as production. A prod target
+# promotes the classifier tier one step (write->risky, risky->irreversible).
+prod_markers:
+  - PROD
+  - PRODUCTION
+  - GOLD
+  - PRD
+
+# Least-privilege scope per connector (the connection-profile opt-in). The code
+# default is `read_only` (an action above the scope is refused even if the model
+# asks). Widen here to enable writes/destructive ops:
+#   read_only -> safe only | write -> +create/insert | risky -> +update/delete |
+#   admin -> +drop/truncate. Tighten any connector to read_only to make it
+#   strictly observe-only.
+connectors:
+  # --- Era 2: the governed shell tier --------------------------------------
+  # The shell tier (run_shell_command) flows through this SAME policy table: the
+  # *command* is blast-radius-classified (an `ls` is safe; `rm -rf` / `git push
+  # --force` are irreversible and refused for want of a verifiable undo). Its
+  # least-privilege ceiling is set by `terminal.scope` in settings (default
+  # 'write'), which is authoritative over any `scope:` here. The tiers/
+  # environments overrides below still apply — e.g. require approval for every
+  # shell write, or auto-run writes on a throwaway box.
+  shell:
+    tiers: {}             # e.g. {write: confirm} to gate even mkdir/touch
+    environments: {}
+
+  # --- Wave 1 platforms ---------------------------------------------
+  # All ship read-only (the code default). Widen the grant per deployment:
+  #   write -> +create/insert/put | risky -> +update/delete | admin -> +drop.
+  # A platform left at read_only is strictly observe-only even if the model asks
+  # to write — the capability simply isn't there to misuse.
+  dbt:
+    scope: read_only      # widen to `risky` to allow `dbt run` / `dbt build`
+    tiers: {}
+    environments: {}
+  bigquery:
+    scope: read_only      # native dry_run gives an exact cost/effect preview first
+    tiers: {}
+    environments: {}
+  databricks:
+    scope: read_only      # Delta time travel backs RESTORE-based rollback
+    tiers: {}
+    environments: {}
+  s3:
+    scope: read_only      # enable bucket versioning before granting delete (admin)
+    tiers: {}
+    environments: {}
+  gcs:
+    scope: read_only      # enable object versioning before granting delete (admin)
+    tiers: {}
+    environments: {}
+
+  # --- Wave 2 operational databases ---------------------------------
+  postgres:
+    scope: read_only      # fully transactional — BEGIN/ROLLBACK is a true undo
+    tiers: {}
+    environments: {}
+  mysql:
+    scope: read_only      # DML transactional (InnoDB); DDL needs mysqldump snapshots
+    tiers: {}
+    environments: {}
+  mongodb:
+    scope: read_only      # no native undo — deletes rely on mongodump copy-aside
+    tiers: {}
+    environments: {}
+  dynamodb:
+    scope: read_only      # enable PITR before granting destructive ops (admin)
+    tiers: {}
+    environments: {}
+
+  # --- Wave 3 orchestration ---------------------------------------------------
+  airflow:
+    scope: read_only      # grant `risky` to trigger/pause; delete is gated hard
+    tiers: {}
+    environments: {}
+  dagster:
+    scope: read_only      # grant `risky` to launch runs
+    tiers: {}
+    environments: {}