devloop 0.2.2__tar.gz → 0.3.0__tar.gz

{devloop-0.2.2 → devloop-0.3.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devloop
-Version: 0.2.2
+Version: 0.3.0
 Summary: Intelligent background agents for development workflow automation
 License: MIT
 License-File: LICENSE
@@ -21,6 +21,10 @@ Classifier: Topic :: Software Development :: Build Tools
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Classifier: Topic :: Software Development :: Quality Assurance
 Classifier: Topic :: Utilities
+Provides-Extra: all-optional
+Provides-Extra: ci-monitor
+Provides-Extra: code-rabbit
+Provides-Extra: snyk
 Requires-Dist: aiofiles (>=23.2,<24.0)
 Requires-Dist: psutil (>=5.9,<6.0)
 Requires-Dist: pydantic (>=2.5,<3.0)
@@ -104,9 +108,31 @@ All agents run **non-intrusively in the background**, respecting your workflow.
 #### Option 1: From PyPI (Recommended)
 
 ```bash
+# Basic installation (all default agents)
 pip install devloop
+
+# With optional agents (Snyk security scanning)
+pip install devloop[snyk]
+
+# With multiple optional agents
+pip install devloop[snyk,code-rabbit]
+
+# With all optional agents
+pip install devloop[all-optional]
 ```
 
+**Available extras:**
+- `snyk` — Dependency vulnerability scanning via Snyk CLI
+- `code-rabbit` — AI-powered code analysis
+- `ci-monitor` — CI/CD pipeline monitoring
+- `all-optional` — All of the above
+
+**Optional sandbox enhancements:**
+- **Pyodide WASM Sandbox** (cross-platform Python sandboxing)
+  - Requires: Node.js 18+ (system dependency)
+  - Install: See [Pyodide Installation Guide](./docs/PYODIDE_INSTALLATION.md)
+  - Works in POC mode without installation for testing
+
 #### Option 2: From Source
 
 ```bash
@@ -127,17 +153,24 @@ poetry shell
 ### Initialize & Run (Fully Automated)
 
 ```bash
-# 1. Initialize in your project (handles everything automatically)
+# 1. Initialize in your project (interactive setup)
 devloop init /path/to/your/project
 ```
 
-The `init` command automatically:
-- ✅ Sets up .devloop directory and configuration
-- ✅ Creates AGENTS.md and CODING_RULES.md
-- ✅ Sets up git hooks (if git repo)
+The `init` command will:
+- ✅ Set up .devloop directory with default agents
+- ✅ Ask which optional agents you want to enable:
+  - **Snyk** — Scan dependencies for vulnerabilities
+  - **Code Rabbit** — AI-powered code analysis
+  - **CI Monitor** — Track CI/CD pipeline status
+- ✅ Create configuration file with your selections
+- ✅ Set up git hooks (if git repo)
 - ✅ Registers Amp integration (if in Amp)
-- ✅ Configures commit/push discipline enforcement
-- ✅ Verifies everything works
+
+```bash
+# 1a. Alternative: Non-interactive setup (skip optional agent prompts)
+devloop init /path/to/your/project --non-interactive
+```
 
 Then just:
 ```bash

{devloop-0.2.2 → devloop-0.3.0}/README.md

@@ -70,9 +70,31 @@ All agents run **non-intrusively in the background**, respecting your workflow.
 #### Option 1: From PyPI (Recommended)
 
 ```bash
+# Basic installation (all default agents)
 pip install devloop
+
+# With optional agents (Snyk security scanning)
+pip install devloop[snyk]
+
+# With multiple optional agents
+pip install devloop[snyk,code-rabbit]
+
+# With all optional agents
+pip install devloop[all-optional]
 ```
 
+**Available extras:**
+- `snyk` — Dependency vulnerability scanning via Snyk CLI
+- `code-rabbit` — AI-powered code analysis
+- `ci-monitor` — CI/CD pipeline monitoring
+- `all-optional` — All of the above
+
+**Optional sandbox enhancements:**
+- **Pyodide WASM Sandbox** (cross-platform Python sandboxing)
+  - Requires: Node.js 18+ (system dependency)
+  - Install: See [Pyodide Installation Guide](./docs/PYODIDE_INSTALLATION.md)
+  - Works in POC mode without installation for testing
+
 #### Option 2: From Source
 
 ```bash
@@ -93,17 +115,24 @@ poetry shell
 ### Initialize & Run (Fully Automated)
 
 ```bash
-# 1. Initialize in your project (handles everything automatically)
+# 1. Initialize in your project (interactive setup)
 devloop init /path/to/your/project
 ```
 
-The `init` command automatically:
-- ✅ Sets up .devloop directory and configuration
-- ✅ Creates AGENTS.md and CODING_RULES.md
-- ✅ Sets up git hooks (if git repo)
+The `init` command will:
+- ✅ Set up .devloop directory with default agents
+- ✅ Ask which optional agents you want to enable:
+  - **Snyk** — Scan dependencies for vulnerabilities
+  - **Code Rabbit** — AI-powered code analysis
+  - **CI Monitor** — Track CI/CD pipeline status
+- ✅ Create configuration file with your selections
+- ✅ Set up git hooks (if git repo)
 - ✅ Registers Amp integration (if in Amp)
-- ✅ Configures commit/push discipline enforcement
-- ✅ Verifies everything works
+
+```bash
+# 1a. Alternative: Non-interactive setup (skip optional agent prompts)
+devloop init /path/to/your/project --non-interactive
+```
 
 Then just:
 ```bash

{devloop-0.2.2 → devloop-0.3.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "devloop"
-version = "0.2.2"
+version = "0.3.0"
 description = "Intelligent background agents for development workflow automation"
 authors = ["DevLoop Contributors <devloop@example.com>"]
 license = "MIT"
@@ -33,6 +33,10 @@ classifiers = [
     "Topic :: Utilities"
 ]
 packages = [{include = "devloop", from = "src"}]
+include = [
+    "src/devloop/security/package.json",
+    "src/devloop/security/pyodide_runner.js",
+]
 
 [tool.poetry.dependencies]
 python = "^3.11"
@@ -53,6 +57,12 @@ bandit = "^1.7"
 radon = "^6.0"
 types-aiofiles = "^23.2"
 
+[tool.poetry.extras]
+snyk = []
+code-rabbit = []
+ci-monitor = []
+all-optional = []
+
 [tool.poetry.scripts]
 devloop = "devloop.cli.main:app"
 

{devloop-0.2.2 → devloop-0.3.0}/src/devloop/agents/linter.py

@@ -1,14 +1,15 @@
 """Linter agent - runs linters on file changes."""
 
-import asyncio
 import json
 from datetime import datetime
 from pathlib import Path
 from typing import Any, Dict, List, Optional
 
+from devloop.agents.sandbox_helper import create_agent_sandbox_helper
 from devloop.core.agent import Agent, AgentResult
 from devloop.core.context_store import Finding, Severity
 from devloop.core.event import Event
+from devloop.security.sandbox import CommandNotAllowedError, SandboxTimeoutError
 
 
 class LinterConfig:
@@ -70,6 +71,11 @@ class LinterAgent(Agent):
         )
         self.config = LinterConfig(config or {})
         self._last_run: Dict[str, float] = {}  # path -> timestamp for debouncing
+        # Initialize sandbox helper for secure command execution
+        self.sandbox = create_agent_sandbox_helper(
+            agent_name=name,
+            agent_type="linter",
+        )
 
     async def handle(self, event: Event) -> AgentResult:
         """Handle file change event by running linter."""
@@ -198,45 +204,32 @@ class LinterAgent(Agent):
     async def _run_ruff(self, path: Path) -> LinterResult:
         """Run ruff on a Python file."""
         try:
-            # Get updated environment with venv bin in PATH
-            import os
-
-            env = os.environ.copy()
-            venv_bin = Path(__file__).parent.parent.parent.parent / ".venv" / "bin"
-            if venv_bin.exists():
-                env["PATH"] = f"{venv_bin}:{env.get('PATH', '')}"
-
-            # Check if ruff is installed
-            check = await asyncio.create_subprocess_exec(
-                "ruff",
-                "--version",
-                stdout=asyncio.subprocess.PIPE,
-                stderr=asyncio.subprocess.PIPE,
-                env=env,
-            )
-            await check.communicate()
-
-            if check.returncode != 0:
-                return LinterResult(success=False, error="ruff not installed")
-
-            # Run ruff with JSON output
-            proc = await asyncio.create_subprocess_exec(
-                "ruff",
-                "check",
-                "--output-format",
-                "json",
-                str(path),
-                stdout=asyncio.subprocess.PIPE,
-                stderr=asyncio.subprocess.PIPE,
-                env=env,
-            )
+            # Get venv path
+            venv_path = Path(__file__).parent.parent.parent.parent / ".venv"
 
-            stdout, stderr = await proc.communicate()
+            # Check if ruff is available in the sandbox
+            if not await self.sandbox.check_tool_available("ruff"):
+                return LinterResult(
+                    success=False, error="ruff not installed or not allowed"
+                )
+
+            # Run ruff with JSON output in sandbox
+            if venv_path.exists():
+                result = await self.sandbox.run_sandboxed_with_venv(
+                    ["ruff", "check", "--output-format", "json", str(path)],
+                    venv_path=venv_path,
+                    cwd=path.parent,
+                )
+            else:
+                result = await self.sandbox.run_sandboxed(
+                    ["ruff", "check", "--output-format", "json", str(path)],
+                    cwd=path.parent,
+                )
 
             # ruff returns non-zero if issues found, but that's expected
-            if stdout:
+            if result.stdout:
                 try:
-                    issues = json.loads(stdout.decode())
+                    issues = json.loads(result.stdout)
                     return LinterResult(success=True, issues=issues)
                 except json.JSONDecodeError:
                     # No issues found or invalid JSON
@@ -245,39 +238,33 @@ class LinterAgent(Agent):
                 # No output = no issues
                 return LinterResult(success=True, issues=[])
 
-        except FileNotFoundError:
-            return LinterResult(success=False, error="ruff command not found")
+        except CommandNotAllowedError as e:
+            self.logger.error(f"ruff command not allowed in sandbox: {e}")
+            return LinterResult(success=False, error="ruff command not allowed")
+        except SandboxTimeoutError:
+            return LinterResult(success=False, error="ruff execution timeout")
+        except Exception as e:
+            self.logger.error(f"Error running ruff in sandbox: {e}")
+            return LinterResult(success=False, error=str(e))
 
     async def _run_eslint(self, path: Path) -> LinterResult:
         """Run eslint on a JavaScript/TypeScript file."""
         try:
-            # Check if eslint is installed
-            check = await asyncio.create_subprocess_exec(
-                "eslint",
-                "--version",
-                stdout=asyncio.subprocess.PIPE,
-                stderr=asyncio.subprocess.PIPE,
-            )
-            await check.communicate()
-
-            if check.returncode != 0:
-                return LinterResult(success=False, error="eslint not installed")
-
-            # Run eslint with JSON output
-            proc = await asyncio.create_subprocess_exec(
-                "eslint",
-                "--format",
-                "json",
-                str(path),
-                stdout=asyncio.subprocess.PIPE,
-                stderr=asyncio.subprocess.PIPE,
-            )
+            # Check if eslint is available in the sandbox
+            if not await self.sandbox.check_tool_available("eslint"):
+                return LinterResult(
+                    success=False, error="eslint not installed or not allowed"
+                )
 
-            stdout, stderr = await proc.communicate()
+            # Run eslint with JSON output in sandbox
+            result = await self.sandbox.run_sandboxed(
+                ["eslint", "--format", "json", str(path)],
+                cwd=path.parent,
+            )
 
-            if stdout:
+            if result.stdout:
                 try:
-                    results = json.loads(stdout.decode())
+                    results = json.loads(result.stdout)
                     # ESLint returns array of file results
                     if results and len(results) > 0:
                         issues = results[0].get("messages", [])
@@ -287,48 +274,51 @@ class LinterAgent(Agent):
 
             return LinterResult(success=True, issues=[])
 
-        except FileNotFoundError:
-            return LinterResult(success=False, error="eslint command not found")
+        except CommandNotAllowedError as e:
+            self.logger.error(f"eslint command not allowed in sandbox: {e}")
+            return LinterResult(success=False, error="eslint command not allowed")
+        except SandboxTimeoutError:
+            return LinterResult(success=False, error="eslint execution timeout")
+        except Exception as e:
+            self.logger.error(f"Error running eslint in sandbox: {e}")
+            return LinterResult(success=False, error=str(e))
 
     async def _auto_fix(self, linter: str, path: Path) -> LinterResult:
         """Attempt to auto-fix issues."""
         try:
-            # Get updated environment with venv bin in PATH
-            import os
-
-            env = os.environ.copy()
-            venv_bin = Path(__file__).parent.parent.parent.parent / ".venv" / "bin"
-            if venv_bin.exists():
-                env["PATH"] = f"{venv_bin}:{env.get('PATH', '')}"
+            # Get venv path
+            venv_path = Path(__file__).parent.parent.parent.parent / ".venv"
 
             if linter == "ruff":
-                proc = await asyncio.create_subprocess_exec(
-                    "ruff",
-                    "check",
-                    "--fix",
-                    str(path),
-                    stdout=asyncio.subprocess.PIPE,
-                    stderr=asyncio.subprocess.PIPE,
-                    env=env,
-                )
-                await proc.communicate()
+                if venv_path.exists():
+                    await self.sandbox.run_sandboxed_with_venv(
+                        ["ruff", "check", "--fix", str(path)],
+                        venv_path=venv_path,
+                        cwd=path.parent,
+                    )
+                else:
+                    await self.sandbox.run_sandboxed(
+                        ["ruff", "check", "--fix", str(path)],
+                        cwd=path.parent,
+                    )
                 return LinterResult(success=True)
 
             elif linter == "eslint":
-                proc = await asyncio.create_subprocess_exec(
-                    "eslint",
-                    "--fix",
-                    str(path),
-                    stdout=asyncio.subprocess.PIPE,
-                    stderr=asyncio.subprocess.PIPE,
-                    env=env,
+                await self.sandbox.run_sandboxed(
+                    ["eslint", "--fix", str(path)],
+                    cwd=path.parent,
                 )
-                await proc.communicate()
                 return LinterResult(success=True)
 
             return LinterResult(success=False, error="Auto-fix not supported")
 
+        except CommandNotAllowedError as e:
+            self.logger.error(f"Auto-fix command not allowed in sandbox: {e}")
+            return LinterResult(success=False, error="Auto-fix command not allowed")
+        except SandboxTimeoutError:
+            return LinterResult(success=False, error="Auto-fix execution timeout")
         except Exception as e:
+            self.logger.error(f"Error during auto-fix in sandbox: {e}")
             return LinterResult(success=False, error=str(e))
 
     async def _write_findings_to_context(

devloop-0.3.0/src/devloop/agents/sandbox_helper.py

@@ -0,0 +1,231 @@
+"""Helper utilities for agents to use sandbox execution.
+
+This module provides a simple API for agents to execute commands in a sandbox
+without needing to understand the details of sandbox configuration and selection.
+"""
+
+from __future__ import annotations
+
+import logging
+import os
+from pathlib import Path
+from typing import Dict, List, Optional
+
+from devloop.security.factory import create_sandbox
+from devloop.security.sandbox import (
+    CommandNotAllowedError,
+    SandboxConfig,
+    SandboxExecutor,
+    SandboxResult,
+    SandboxTimeoutError,
+)
+
+logger = logging.getLogger(__name__)
+
+
+class AgentSandboxHelper:
+    """Helper class for agents to use sandbox execution.
+
+    This provides a simple interface for agents to run commands in a sandbox
+    without needing to manage sandbox lifecycle or configuration details.
+    """
+
+    def __init__(
+        self,
+        agent_name: str,
+        agent_type: str,
+        config: Optional[SandboxConfig] = None,
+    ):
+        """Initialize sandbox helper for an agent.
+
+        Args:
+            agent_name: Name of the agent (for logging)
+            agent_type: Type of agent (for sandbox selection, e.g., "linter", "formatter")
+            config: Optional sandbox configuration (uses defaults if not provided)
+        """
+        self.agent_name = agent_name
+        self.agent_type = agent_type
+        self.config = config or SandboxConfig()
+        self._sandbox: Optional[SandboxExecutor] = None
+        self._sandbox_initialized = False
+
+    async def _get_sandbox(self) -> SandboxExecutor:
+        """Get or create sandbox executor.
+
+        Returns:
+            SandboxExecutor instance
+        """
+        if self._sandbox is None or not self._sandbox_initialized:
+            self._sandbox = await create_sandbox(self.config, self.agent_type)
+            self._sandbox_initialized = True
+            logger.debug(
+                f"Initialized sandbox for {self.agent_name} ({self.agent_type})"
+            )
+        return self._sandbox
+
+    async def run_sandboxed(
+        self,
+        cmd: List[str],
+        cwd: Optional[Path] = None,
+        env: Optional[Dict[str, str]] = None,
+        timeout: Optional[int] = None,
+    ) -> SandboxResult:
+        """Run a command in the sandbox.
+
+        This is the main method agents should use to execute commands safely.
+
+        Args:
+            cmd: Command and arguments to execute
+            cwd: Working directory (defaults to current directory)
+            env: Environment variables (will be filtered to allowed list)
+            timeout: Optional timeout override (uses config default if not provided)
+
+        Returns:
+            SandboxResult with stdout, stderr, exit_code, and metrics
+
+        Raises:
+            CommandNotAllowedError: If command is not in whitelist
+            SandboxTimeoutError: If execution exceeds timeout
+            RuntimeError: If sandbox execution fails
+
+        Example:
+            >>> helper = AgentSandboxHelper("linter", "linter")
+            >>> result = await helper.run_sandboxed(["ruff", "check", "file.py"])
+            >>> if result.exit_code == 0:
+            ...     print(result.stdout)
+        """
+        sandbox = await self._get_sandbox()
+
+        # Use provided cwd or default to current directory
+        if cwd is None:
+            cwd = Path.cwd()
+
+        # Merge environment with current environment if provided
+        if env is not None:
+            merged_env = os.environ.copy()
+            merged_env.update(env)
+            env = merged_env
+
+        # Override timeout if provided
+        if timeout is not None:
+            original_timeout = self.config.timeout_seconds
+            self.config.timeout_seconds = timeout
+            try:
+                result = await sandbox.execute(cmd, cwd, env)
+            finally:
+                self.config.timeout_seconds = original_timeout
+        else:
+            result = await sandbox.execute(cmd, cwd, env)
+
+        logger.debug(
+            f"{self.agent_name}: Executed {cmd[0]} in {result.duration_ms}ms "
+            f"(exit={result.exit_code})"
+        )
+
+        return result
+
+    async def check_tool_available(self, tool_name: str) -> bool:
+        """Check if a tool is available and allowed in the sandbox.
+
+        Args:
+            tool_name: Name of the tool to check (e.g., "ruff", "black")
+
+        Returns:
+            True if tool is available and allowed, False otherwise
+
+        Example:
+            >>> helper = AgentSandboxHelper("linter", "linter")
+            >>> if await helper.check_tool_available("ruff"):
+            ...     result = await helper.run_sandboxed(["ruff", "check", "file.py"])
+        """
+        try:
+            result = await self.run_sandboxed(
+                [tool_name, "--version"],
+                timeout=5,  # Quick check
+            )
+            return result.exit_code == 0
+        except (CommandNotAllowedError, RuntimeError):
+            return False
+        except SandboxTimeoutError:
+            # If it times out on --version, something is wrong
+            return False
+
+    async def run_sandboxed_with_venv(
+        self,
+        cmd: List[str],
+        venv_path: Path,
+        cwd: Optional[Path] = None,
+        env: Optional[Dict[str, str]] = None,
+    ) -> SandboxResult:
+        """Run a command with a Python virtual environment in PATH.
+
+        This is a convenience method for agents that need to run Python tools
+        installed in a virtual environment.
+
+        Args:
+            cmd: Command and arguments to execute
+            venv_path: Path to virtual environment root
+            cwd: Working directory
+            env: Additional environment variables
+
+        Returns:
+            SandboxResult from execution
+
+        Example:
+            >>> helper = AgentSandboxHelper("linter", "linter")
+            >>> venv = Path(__file__).parent.parent.parent.parent / ".venv"
+            >>> result = await helper.run_sandboxed_with_venv(
+            ...     ["ruff", "check", "file.py"],
+            ...     venv_path=venv
+            ... )
+        """
+        # Add venv bin to PATH
+        venv_bin = venv_path / "bin"
+        if not venv_bin.exists():
+            raise ValueError(f"Virtual environment bin not found: {venv_bin}")
+
+        # Prepare environment with venv in PATH
+        env = env or {}
+        env["PATH"] = f"{venv_bin}:{os.environ.get('PATH', '')}"
+
+        return await self.run_sandboxed(cmd, cwd, env)
+
+
+def create_agent_sandbox_helper(
+    agent_name: str,
+    agent_type: str,
+    config: Optional[Dict] = None,
+) -> AgentSandboxHelper:
+    """Factory function to create a sandbox helper for an agent.
+
+    This is the recommended way for agents to create their sandbox helper.
+
+    Args:
+        agent_name: Name of the agent
+        agent_type: Type identifier (e.g., "linter", "formatter", "type_checker")
+        config: Optional configuration dict (will be converted to SandboxConfig)
+
+    Returns:
+        AgentSandboxHelper instance ready to use
+
+    Example:
+        >>> # In an agent's __init__:
+        >>> from devloop.agents.sandbox_helper import create_agent_sandbox_helper
+        >>> self.sandbox = create_agent_sandbox_helper(
+        ...     agent_name=self.name,
+        ...     agent_type="linter"
+        ... )
+        >>>
+        >>> # In the agent's handle method:
+        >>> result = await self.sandbox.run_sandboxed(["ruff", "check", str(path)])
+    """
+    sandbox_config = None
+    if config:
+        # Convert config dict to SandboxConfig if provided
+        sandbox_config = SandboxConfig(**config)
+
+    return AgentSandboxHelper(
+        agent_name=agent_name,
+        agent_type=agent_type,
+        config=sandbox_config,
+    )