deepparallel 0.5.1__tar.gz → 0.5.2__tar.gz

{deepparallel-0.5.1 → deepparallel-0.5.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: deepparallel
-Version: 0.5.1
+Version: 0.5.2
 Summary: DeepParallel - a multi-model agentic coding CLI with cross-model Guardian review, served via Crowe Logic.
 Author-email: Michael Crowe <michael@crowelogic.com>
 License: Apache-2.0

{deepparallel-0.5.1 → deepparallel-0.5.2}/deepparallel/__init__.py

@@ -1,3 +1,3 @@
 """DeepParallel CLI package."""
 
-__version__ = "0.5.1"
+__version__ = "0.5.2"

{deepparallel-0.5.1 → deepparallel-0.5.2}/deepparallel/agent.py

@@ -204,6 +204,38 @@ def _guardian_verdict(guardian, name: str, args: dict) -> str | None:
     return guardian_review(guardian, _guardian_review_content(name, args))
 
 
+def _local_module_names(target_path: str) -> set[str]:
+    """Module names that resolve to files in the workspace, so a sibling import
+    like `from compound_library import ...` is never flagged as a hallucinated
+    PyPI package. Scans the target file's directory and the cwd (capped)."""
+    names: set[str] = set()
+    roots = []
+    try:
+        roots.append(Path(target_path).expanduser().resolve().parent)
+    except Exception:  # noqa: BLE001
+        pass
+    try:
+        roots.append(Path.cwd().resolve())
+    except Exception:  # noqa: BLE001
+        pass
+    seen_roots: set[Path] = set()
+    for root in roots:
+        if root in seen_roots:
+            continue
+        seen_roots.add(root)
+        try:
+            for i, p in enumerate(root.rglob("*.py")):
+                names.add(p.stem)
+                if p.name == "__init__.py":
+                    names.add(p.parent.name)
+                if i >= 5000:
+                    break
+        except Exception:  # noqa: BLE001
+            pass
+    names.discard("__init__")
+    return names
+
+
 def _supply_chain_note(name: str, args: dict) -> str | None:
     """Best-effort: flag hallucinated/slopsquatted deps an edit introduces."""
     content = args.get("new_source") or args.get("new_string") or args.get("content") or ""
@@ -213,7 +245,7 @@ def _supply_chain_note(name: str, args: dict) -> str | None:
     try:
         from deepparallel import supply_chain
 
-        result = supply_chain.audit(content, path)
+        result = supply_chain.audit(content, path, _local_module_names(path))
     except Exception:  # noqa: BLE001 - supply-chain check is best-effort
         return None
     if result["hallucinated"]:

{deepparallel-0.5.1 → deepparallel-0.5.2}/deepparallel/supply_chain.py

@@ -44,23 +44,30 @@ _IMPORT_RE = re.compile(r"^\s*(?:import\s+([a-zA-Z0-9_.]+)|from\s+([a-zA-Z0-9_.]
 _REQ_RE = re.compile(r"^\s*([A-Za-z0-9][A-Za-z0-9._-]*)")
 
 
-def extract_dependencies(content: str, filename: str) -> list[dict]:
-    """Return [{name, ecosystem, raw}] introduced by this content."""
+def extract_dependencies(
+    content: str, filename: str, local_modules: set[str] | None = None
+) -> list[dict]:
+    """Return [{name, ecosystem, raw}] introduced by this content.
+
+    `local_modules` names resolve to files in the workspace (sibling modules,
+    local packages) and are never treated as third-party dependencies.
+    """
     fn = filename.rsplit("/", 1)[-1].lower()
     if fn == "package.json":
         return _from_package_json(content)
     if fn in ("requirements.txt",) or fn.startswith("requirements"):
         return _from_requirements(content)
     if fn.endswith(".py"):
-        return _from_python(content)
+        return _from_python(content, local_modules)
     return []
 
 
-def _from_python(content: str) -> list[dict]:
+def _from_python(content: str, local: set[str] | None = None) -> list[dict]:
+    local = local or set()
     out, seen = [], set()
     for imp, frm in _IMPORT_RE.findall(content):
         mod = (imp or frm).split(".")[0]
-        if not mod or mod.startswith("_") or mod in _STDLIB or mod in seen:
+        if not mod or mod.startswith("_") or mod in _STDLIB or mod in seen or mod in local:
             continue
         seen.add(mod)
         dist = _PYPI_ALIASES.get(mod, mod)
@@ -117,11 +124,15 @@ def check_exists(name: str, ecosystem: str) -> bool | None:
     return None
 
 
-def audit(content: str, filename: str) -> dict:
-    """Audit a change's dependencies. Returns findings + the hallucinated list."""
+def audit(content: str, filename: str, local_modules: set[str] | None = None) -> dict:
+    """Audit a change's dependencies. Returns findings + the hallucinated list.
+
+    `local_modules` are workspace-local module names (sibling files, local
+    packages) that must not be checked against PyPI/npm.
+    """
     findings = []
     hallucinated = []
-    for dep in extract_dependencies(content, filename):
+    for dep in extract_dependencies(content, filename, local_modules):
         exists = check_exists(dep["name"], dep["ecosystem"])
         status = "ok" if exists is True else "missing" if exists is False else "unknown"
         findings.append({"name": dep["name"], "ecosystem": dep["ecosystem"], "status": status})

deepparallel-0.5.2/deepparallel/system_prompt.txt

@@ -0,0 +1,14 @@
+You are DeepParallel, a precise coding assistant from Crowe Logic.
+
+Voice: direct and concise. Lead with the answer, not a preamble — never open with "I'd be happy to", "Great question", or by restating the request. Give depth only when asked or when the problem genuinely needs it. Stop when the answer is complete; don't pad with summaries or follow-up offers unless they add real value.
+
+Formatting: clean Markdown. Single blank lines between paragraphs — never double. Fenced code blocks with a language tag for code, inline backticks for identifiers and paths, tight lists (no blank line between items). Prefer a short prose answer over a bulleted list when a sentence will do.
+
+You can use tools to read, search, analyze, edit, open, and run code. Use them when they help; do not call them speculatively. When the user asks to "open" a file (an HTML report, image, PDF, or folder) for viewing, use open_path to launch it in the default app rather than read_file, which only returns text. When asked to run something with different parameters, prefer non-destructive approaches (CLI arguments, environment variables, or a temporary copy) over editing the user's source files. Only edit a source file when changing it is the actual goal, and explain what you changed.
+
+Engineering discipline — how you build:
+- Build the smallest unit that can be verified, and verify it before scaling up. Before generating a multi-file system, write the single most fundamental primitive and run it (or a one-line check) to confirm it works. Never emit hundreds of lines across several files before executing anything — a wrong assumption then costs many rounds of debugging instead of one.
+- Ground before you generate. For domain work (chemistry, biology, finance, an API or library you are not certain of), prefer retrieving real data or references over inventing them. Use mcp_search with a single keyword (e.g. "pubchem") to find a domain MCP server, web_fetch for documentation, and read_file/grep for local truth. Reach for a database or a reference before reconstructing it from memory.
+- Treat warnings as signal, not noise. A Guardian "risky/bug" verdict, a supply-chain flag, a parser or valence error, or a low similarity-to-reference score is evidence that something is wrong. Investigate and fix the cause; never rationalize it away or approve through it.
+- Validate against known-good references. When generating structured artifacts (molecules, schemas, configs, queries), check a sample against a known-correct example before trusting the whole batch. If your output does not resemble the references you expect, the generator is wrong, not the references.
+- Label honestly. Never emit an output whose name, ID, or label does not match what it actually is. If you cannot represent something correctly, say so rather than silently substituting a near-miss.

{deepparallel-0.5.1 → deepparallel-0.5.2}/deepparallel/tools/mcp.py

@@ -10,6 +10,7 @@ from __future__ import annotations
 
 import json
 import os
+import re
 import subprocess
 import sys
 import threading
@@ -159,6 +160,35 @@ def _reap_idle() -> None:
             del _pool[key]
 
 
+def _registry_query(query: str, limit: int) -> list[dict]:
+    """One registry search call; returns raw server entries (possibly empty)."""
+    r = httpx.get(
+        _REGISTRY_API,
+        params={"search": query, "limit": limit},
+        timeout=_TIMEOUT,
+        headers={"user-agent": _UA},
+    )
+    r.raise_for_status()
+    return r.json().get("servers", [])
+
+
+def _format_server(entry: dict) -> dict:
+    server = entry.get("server", entry)
+    return {
+        "name": server.get("name", "unknown"),
+        "description": server.get("description", ""),
+        "version": server.get("version", ""),
+        "packages": [
+            {
+                "type": p.get("registryType", ""),
+                "package": p.get("identifier", ""),
+                "transport": p.get("transport", {}).get("type", "unknown"),
+            }
+            for p in server.get("packages", [])
+        ],
+    }
+
+
 @tool(dangerous=False)
 def mcp_search(query: str, limit: int = 10) -> str:
     """Search the MCP server registry (5,800+ servers) for a capability.
@@ -166,39 +196,34 @@ def mcp_search(query: str, limit: int = 10) -> str:
     Returns matching server names, descriptions, and package install info.
     Use this first to discover what exists, then mcp_list_tools to connect.
 
-    :param query: Capability to search for (e.g. "postgres", "slack", "github").
+    :param query: A single capability keyword works best (e.g. "pubchem",
+        "postgres", "slack"); multi-word phrases are split and merged automatically.
     :param limit: Maximum number of results (max 50).
     """
     limit = min(int(limit), 50)
     try:
-        r = httpx.get(
-            _REGISTRY_API,
-            params={"search": query, "limit": limit},
-            timeout=_TIMEOUT,
-            headers={"user-agent": _UA},
-        )
-        r.raise_for_status()
-        data = r.json()
+        servers = _registry_query(query, limit)
+        # The registry matches substrings, not phrases or meaning: a natural-
+        # language query like "chemistry molecular docking" matches nothing,
+        # while the single word "chemistry" finds servers. When a multi-word
+        # query comes back empty, retry each significant word and merge, so the
+        # model discovers servers without having to guess the exact term.
+        if not servers:
+            words = [w for w in re.findall(r"[A-Za-z0-9]+", query.lower()) if len(w) > 2]
+            seen: set[str] = set()
+            merged: list[dict] = []
+            for word in dict.fromkeys(words):
+                for entry in _registry_query(word, limit):
+                    name = entry.get("server", entry).get("name", "")
+                    if name and name not in seen:
+                        seen.add(name)
+                        merged.append(entry)
+                if len(merged) >= limit:
+                    break
+            servers = merged[:limit]
     except Exception as e:  # noqa: BLE001 - surface registry failure to the model
         return json.dumps({"error": f"registry search failed: {type(e).__name__}: {e}"})
-    results = []
-    for entry in data.get("servers", []):
-        server = entry.get("server", entry)
-        results.append(
-            {
-                "name": server.get("name", "unknown"),
-                "description": server.get("description", ""),
-                "version": server.get("version", ""),
-                "packages": [
-                    {
-                        "type": p.get("registryType", ""),
-                        "package": p.get("identifier", ""),
-                        "transport": p.get("transport", {}).get("type", "unknown"),
-                    }
-                    for p in server.get("packages", [])
-                ],
-            }
-        )
+    results = [_format_server(entry) for entry in servers]
     return json.dumps({"query": query, "count": len(results), "servers": results})
 
 

{deepparallel-0.5.1 → deepparallel-0.5.2}/deepparallel/tools/web.py

@@ -46,10 +46,10 @@ def web_search(query: str, count: int = 5) -> str:
     :param query: The search query.
     :param count: Maximum number of results.
     """
-    key = os.environ.get("DEEPPARALLEL_SEARCH_API_KEY")
+    key = (os.environ.get("DEEPPARALLEL_SEARCH_API_KEY") or "").strip()
     if not key:
         return json.dumps(
-            {"error": "search not configured: set DEEPPARALLEL_SEARCH_API_KEY (Brave Search API)"}
+            {"error": "search not configured: set DEEPPARALLEL_SEARCH_API_KEY (Brave Search API key)"}
         )
     url = os.environ.get(
         "DEEPPARALLEL_SEARCH_URL", "https://api.search.brave.com/res/v1/web/search"
@@ -61,7 +61,13 @@ def web_search(query: str, count: int = 5) -> str:
             headers={"X-Subscription-Token": key, "accept": "application/json"},
             timeout=_TIMEOUT,
         )
-        r.raise_for_status()
+        if r.status_code >= 400:
+            # Surface the provider's error body: a bare "422" hides the reason
+            # (missing key header, over-long query, plan limit). The body tells
+            # the model and the user exactly what to fix.
+            return json.dumps(
+                {"error": f"search failed: HTTP {r.status_code}: {(r.text or '')[:300]}"}
+            )
         data = r.json()
     except Exception as e:  # noqa: BLE001 - surface search failure to the model
         return json.dumps({"error": f"search failed: {type(e).__name__}: {e}"})

{deepparallel-0.5.1 → deepparallel-0.5.2}/deepparallel.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: deepparallel
-Version: 0.5.1
+Version: 0.5.2
 Summary: DeepParallel - a multi-model agentic coding CLI with cross-model Guardian review, served via Crowe Logic.
 Author-email: Michael Crowe <michael@crowelogic.com>
 License: Apache-2.0

{deepparallel-0.5.1 → deepparallel-0.5.2}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "deepparallel"
-version = "0.5.1"
+version = "0.5.2"
 description = "DeepParallel - a multi-model agentic coding CLI with cross-model Guardian review, served via Crowe Logic."
 readme = "README.md"
 license = { text = "Apache-2.0" }

{deepparallel-0.5.1 → deepparallel-0.5.2}/tests/test_supply_chain.py

@@ -69,3 +69,21 @@ def test_check_pypi_existence(monkeypatch):
 def test_audit_empty_when_no_deps():
     out = sc.audit("x = 1\nprint(x)\n", "app.py")
     assert out["findings"] == [] and out["hallucinated"] == []
+
+
+def test_audit_skips_workspace_local_modules(monkeypatch):
+    # 200 for requests, 404 for everything else (so a local module would be
+    # falsely flagged if it were checked).
+    def fake_get(url, **kw):
+        code = 200 if "/requests/" in url else 404
+        return httpx.Response(code, request=httpx.Request("GET", url))
+
+    monkeypatch.setattr(httpx, "get", fake_get)
+    code = "from compound_library import build\nimport receptor_analysis\nimport requests\n"
+    out = sc.audit(code, "scripts/workflow.py",
+                   local_modules={"compound_library", "receptor_analysis"})
+    names = {f["name"] for f in out["findings"]}
+    assert "compound_library" not in names  # local, never checked
+    assert "receptor_analysis" not in names
+    assert "requests" in names
+    assert out["hallucinated"] == []  # the false positive is gone

{deepparallel-0.5.1 → deepparallel-0.5.2}/tests/test_tools_mcp.py

@@ -45,3 +45,38 @@ def test_call_tool_rejects_bad_arguments_json():
 def test_stop_server_not_running():
     out = json.loads(mcp_mod.mcp_stop_server("never-started"))
     assert out["note"] == "never-started was not running"
+
+
+def test_mcp_search_multiword_falls_back_to_keywords(monkeypatch):
+    # The registry matches substrings: a phrase returns nothing, but a single
+    # keyword finds a server. mcp_search should split and merge automatically.
+    calls = []
+
+    def fake_query(query, limit):
+        calls.append(query)
+        if " " in query:
+            return []  # phrase matches nothing, like the real registry
+        if query == "pubchem":
+            return [{"server": {"name": "io.github.cyanheads/pubchem-mcp-server",
+                                "description": "Search compounds.", "packages": []}}]
+        return []
+
+    monkeypatch.setattr(mcp_mod, "_registry_query", fake_query)
+    out = json.loads(mcp_mod.mcp_search("pubchem chembl bioassay"))
+    assert out["count"] >= 1
+    assert any("pubchem" in s["name"] for s in out["servers"])
+    assert "pubchem chembl bioassay" in calls  # tried the phrase first
+    assert "pubchem" in calls  # then fell back to the keyword
+
+
+def test_mcp_search_single_word_skips_fallback(monkeypatch):
+    calls = []
+
+    def fake_query(query, limit):
+        calls.append(query)
+        return [{"server": {"name": "ai.waystation/postgres", "packages": []}}]
+
+    monkeypatch.setattr(mcp_mod, "_registry_query", fake_query)
+    out = json.loads(mcp_mod.mcp_search("postgres"))
+    assert out["count"] == 1
+    assert calls == ["postgres"]  # primary hit, no fallback fan-out

{deepparallel-0.5.1 → deepparallel-0.5.2}/tests/test_tools_web.py

@@ -80,3 +80,18 @@ def test_web_search_parses_results(monkeypatch):
 
 def test_web_search_is_non_dangerous():
     assert get_registry().get("web_search").dangerous is False
+
+
+def test_web_search_surfaces_http_error_body(monkeypatch):
+    monkeypatch.setenv("DEEPPARALLEL_SEARCH_API_KEY", "k")
+    body = '{"error":{"detail":"x-subscription-token Field required"}}'
+    monkeypatch.setattr(httpx, "get", lambda url, **kw: _Resp(text=body, status=422))
+    out = json.loads(web_mod.web_search("anything"))
+    assert "HTTP 422" in out["error"]
+    assert "x-subscription-token" in out["error"]  # the real reason, not a bare 422
+
+
+def test_web_search_blank_key_treated_as_unconfigured(monkeypatch):
+    monkeypatch.setenv("DEEPPARALLEL_SEARCH_API_KEY", "   ")
+    out = json.loads(web_mod.web_search("anything"))
+    assert "DEEPPARALLEL_SEARCH_API_KEY" in out["error"]

deepparallel-0.5.1/deepparallel/system_prompt.txt

@@ -1,7 +0,0 @@
-You are DeepParallel, a precise coding assistant from Crowe Logic.
-
-Voice: direct and concise. Lead with the answer, not a preamble — never open with "I'd be happy to", "Great question", or by restating the request. Give depth only when asked or when the problem genuinely needs it. Stop when the answer is complete; don't pad with summaries or follow-up offers unless they add real value.
-
-Formatting: clean Markdown. Single blank lines between paragraphs — never double. Fenced code blocks with a language tag for code, inline backticks for identifiers and paths, tight lists (no blank line between items). Prefer a short prose answer over a bulleted list when a sentence will do.
-
-You can use tools to read, search, analyze, edit, open, and run code. Use them when they help; do not call them speculatively. When the user asks to "open" a file (an HTML report, image, PDF, or folder) for viewing, use open_path to launch it in the default app rather than read_file, which only returns text. When asked to run something with different parameters, prefer non-destructive approaches (CLI arguments, environment variables, or a temporary copy) over editing the user's source files. Only edit a source file when changing it is the actual goal, and explain what you changed.