devops-bot-sdk 1.4.0__tar.gz → 1.4.1__tar.gz

{devops_bot_sdk-1.4.0 → devops_bot_sdk-1.4.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devops-bot-sdk
-Version: 1.4.0
+Version: 1.4.1
 Summary: DevOps Bot Desktop SDK — thin client for the AgentOS Electron desktop app
 Author: noumanaziz2128
 License-Expression: LicenseRef-Proprietary

{devops_bot_sdk-1.4.0 → devops_bot_sdk-1.4.1}/devops_bot_sdk.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devops-bot-sdk
-Version: 1.4.0
+Version: 1.4.1
 Summary: DevOps Bot Desktop SDK — thin client for the AgentOS Electron desktop app
 Author: noumanaziz2128
 License-Expression: LicenseRef-Proprietary

{devops_bot_sdk-1.4.0 → devops_bot_sdk-1.4.1}/devops_bot_sdk.egg-info/SOURCES.txt

@@ -9,12 +9,17 @@ devops_bot_sdk.egg-info/top_level.txt
 sdk/__init__.py
 sdk/client.py
 sdk/config.py
+sdk/crucial.py
 sdk/exceptions.py
+sdk/git_ops.py
+sdk/graphify.py
 sdk/local_exec.py
 sdk/py.typed
+sdk/run_auto.py
 sdk/sse.py
 sdk/test.py
 sdk/test_pipeline.py
+sdk/updater.py
 sdk/collectors/__init__.py
 sdk/collectors/files.py
 sdk/collectors/process.py

{devops_bot_sdk-1.4.0 → devops_bot_sdk-1.4.1}/devops_bot_sdk.egg-info/entry_points.txt

@@ -1,2 +1,3 @@
 [console_scripts]
 agentos = sdk.config:configure_cli
+agentos-auto = sdk.run_auto:main

{devops_bot_sdk-1.4.0 → devops_bot_sdk-1.4.1}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "devops-bot-sdk"
-version = "1.4.0"
+version = "1.4.1"
 description = "DevOps Bot Desktop SDK — thin client for the AgentOS Electron desktop app"
 readme = "README.md"
 license = "LicenseRef-Proprietary"
@@ -32,7 +32,8 @@ all = [
 ]
 
 [project.scripts]
-agentos = "sdk.config:configure_cli"   # `agentos configure [--rotate]`
+agentos = "sdk.config:configure_cli"        # `agentos configure [--rotate]`
+agentos-auto = "sdk.run_auto:main"          # run orchestrate-auto LOCALLY (co_ token from config)
 
 [project.urls]
 Homepage   = "https://agentos.io"

{devops_bot_sdk-1.4.0 → devops_bot_sdk-1.4.1}/sdk/__init__.py

@@ -1,6 +1,6 @@
 """AgentOS Desktop SDK — thin HTTPS/SSE client for the Electron app.
 
-Version: 1.4.0
+Version: 1.4.1
 
 Public surface:
   BackendClient.from_config()        — create client from ~/.agentos/config.toml
@@ -30,7 +30,7 @@ Rules:
   - All data egress through submit_webhook only
 """
 
-__version__ = "1.4.0"
+__version__ = "1.4.1"
 __author__  = "AgentOS"
 
 from sdk.client import BackendClient

{devops_bot_sdk-1.4.0 → devops_bot_sdk-1.4.1}/sdk/client.py

@@ -36,7 +36,7 @@ from sdk.sse import _check_status, stream_with_reconnect
 
 logger = logging.getLogger(__name__)
 
-SDK_VERSION    = "1.4.0"
+SDK_VERSION    = "1.4.1"
 _POLL_INTERVAL = 3.0
 _POLL_TIMEOUT  = 600.0
 _ORCHESTRATE_TIMEOUT      = 2700.0  # 45 min — covers approval wait + VPS execution time
@@ -578,6 +578,133 @@ class BackendClient:
         _check_status(resp.status_code, self._base_url)
         return resp.json()
 
+    async def list_todo_tasks_raw(self, status: str = "To Do", limit: int = 10000) -> list[dict]:
+        """GET /tasks-ml (ML backend) — RAW task records.
+
+        Unlike list_tasks (the AI backend's refined view), this returns the raw
+        records that include `agentMode`, `jiraIssueKey`, `projectKey`, and
+        `humanInstructions` — needed to drive the local auto loop (autonomy
+        switch, branch naming, folder routing). Best-effort: returns [] on error.
+        """
+        from sdk.config import BE_DEFAULT_URL
+
+        url = f"{BE_DEFAULT_URL.rstrip('/')}/tasks-ml"
+        headers = {**self._headers, "accept": "*/*", "developer-name": "null", "product": ""}
+        try:
+            async with httpx.AsyncClient(timeout=30.0) as client:
+                resp = await client.get(url, params={"status": status, "limit": limit}, headers=headers)
+            if resp.status_code >= 400:
+                return []
+            return ((resp.json() or {}).get("data") or {}).get("records") or []
+        except Exception:
+            return []
+
+    async def approval_record(self, task_id: str) -> dict | None:
+        """GET /api/v1/mgmt/approve/{task_id} → the full decision record (or None).
+
+        Includes `decision` + `timestamp`. The timestamp lets the caller tell a
+        FRESH decision (for a new gate) from a stale one left by an earlier gate.
+        """
+        try:
+            async with httpx.AsyncClient(timeout=15.0) as client:
+                resp = await client.get(
+                    self._url(f"/api/v1/mgmt/approve/{task_id}"), headers=self._headers,
+                )
+            if resp.status_code >= 400:
+                return None
+            return (resp.json() or {}).get("record")
+        except Exception:
+            return None
+
+    async def approval_status(self, task_id: str) -> str:
+        """GET /api/v1/mgmt/approve/{task_id} → 'approved' | 'rejected' | 'pending'.
+
+        Polled by the local loop to learn the human's WhatsApp decision (the
+        backend records it under approval_log:{task_id}). Returns 'pending' on
+        any error so the caller keeps polling rather than acting prematurely.
+        """
+        try:
+            async with httpx.AsyncClient(timeout=15.0) as client:
+                resp = await client.get(
+                    self._url(f"/api/v1/mgmt/approve/{task_id}"), headers=self._headers,
+                )
+            if resp.status_code >= 400:
+                return "pending"
+            return str((resp.json() or {}).get("status") or "pending").lower()
+        except Exception:
+            return "pending"
+
+    async def github_token(self) -> str | None:
+        """GET /ml-api/github/token → the user's GitHub access token (gho_…).
+
+        Used by the LOCAL agent to authenticate git/gh for clone/push/PR. The
+        endpoint lives on the ML backend (devopsbot-be), authorised by the same
+        co_ token. Best-effort: returns None on any failure so a run without a
+        connected GitHub account still proceeds (clone/PR steps just won't auth).
+        """
+        from sdk.config import BE_DEFAULT_URL
+
+        url = f"{BE_DEFAULT_URL.rstrip('/')}/ml-api/github/token"
+        headers = {
+            **self._headers,
+            "accept": "*/*",
+            "developer-name": "null",
+            "product": "",
+        }
+        try:
+            async with httpx.AsyncClient(timeout=15.0) as client:
+                resp = await client.get(url, headers=headers)
+            if resp.status_code >= 400:
+                return None
+            data = (resp.json() or {}).get("data") or {}
+            return data.get("accessToken") or None
+        except Exception:
+            return None
+
+    async def notify_whatsapp(
+        self,
+        task_id: str,
+        message: str,
+        *,
+        summary: str = "",
+        risk_level: str = "LOW",
+        approver_role: str = "TEAM_LEAD",
+    ) -> bool:
+        """Push a WhatsApp message to the user via POST /approvals-ml.
+
+        Used for alerts — a hard error during local execution, or the context
+        window being exceeded. `message` is what the user receives on WhatsApp
+        (the backend forwards it). Best-effort: returns False and never raises so
+        a notification failure can't break the run.
+        """
+        from sdk.config import BE_DEFAULT_URL
+
+        url = f"{BE_DEFAULT_URL.rstrip('/')}/approvals-ml"
+        headers = {
+            **self._headers,
+            "accept": "*/*",
+            "Content-Type": "application/json",
+            "developer-name": "null",
+            "product": "",
+        }
+        payload = {
+            "taskId": task_id,
+            "gateNumber": 1,
+            "riskLevel": risk_level,
+            "message": (message or "")[:300],
+            "costEstimateUsd": 0,
+            "approverRole": approver_role,
+            "approvalSummary": (summary or message or "")[:300],
+            "inputTokens": 0,
+            "outputTokens": 0,
+        }
+        try:
+            async with httpx.AsyncClient(timeout=15.0) as client:
+                resp = await client.post(url, json=payload, headers=headers)
+            return resp.status_code < 400
+        except Exception:
+            return False
+
     # ── Webhook (sole data egress) ─────────────────────────────────────
 
     async def submit_webhook(

{devops_bot_sdk-1.4.0 → devops_bot_sdk-1.4.1}/sdk/config.py

@@ -29,9 +29,31 @@ BE_DEFAULT_URL = "https://devopsbot-be.apiswagger.co.uk"
 
 # ── Machine-derived Fernet key ────────────────────────────────────────
 
+def _get_username() -> str:
+    """Return the current username without relying on a controlling terminal.
+
+    os.getlogin() raises FileNotFoundError in non-interactive shells (SSH
+    sessions without TTY, subprocesses, systemd services). Fall back through
+    environment variables and pwd before giving up.
+    """
+    for fn in (
+        lambda: os.environ.get("USER") or "",
+        lambda: os.environ.get("LOGNAME") or "",
+        lambda: __import__("pwd").getpwuid(os.getuid()).pw_name,
+        lambda: os.getlogin(),
+    ):
+        try:
+            name = fn()
+            if name:
+                return name
+        except Exception:  # noqa: BLE001
+            continue
+    return "unknown"
+
+
 def _machine_key() -> bytes:
     from cryptography.fernet import Fernet
-    seed = f"{platform.node()}:{platform.system()}:{os.getlogin()}:agentos-sdk"
+    seed = f"{platform.node()}:{platform.system()}:{_get_username()}:agentos-sdk"
     key_bytes = hashlib.sha256(seed.encode()).digest()
     return base64.urlsafe_b64encode(key_bytes)
 

devops_bot_sdk-1.4.1/sdk/crucial.py

@@ -0,0 +1,61 @@
+"""Mid-run crucial-decision gate.
+
+When agentMode=true, the agent must PAUSE for human approval before a crucial /
+irreversible action (DB schema changes/migrations, dropping data, destructive
+shell, prod deploy, auth/billing changes, or anything the operator flagged in
+humanInstructions).
+
+Mechanism: the prompt instructs the agent to STOP and emit a one-line marker
+before any such action. The SDK detects the marker, opens an approval gate, and
+resumes the session on approval. (A Claude Code PreToolUse *blocking* hook is a
+planned hardening on top of this — its block protocol needs verifying against
+the installed claude version.)
+"""
+from __future__ import annotations
+
+MARKER = "AGENTOS_APPROVAL_REQUIRED:"
+
+_BUILTIN_CRUCIAL = (
+    "Database schema changes or migrations (CREATE/ALTER/DROP TABLE, "
+    "prisma/alembic/knex/typeorm migrate, etc.)",
+    "Deleting or dropping data (DROP/TRUNCATE/DELETE, dropdb)",
+    "Destructive shell commands (rm -rf, git push --force, terraform destroy, "
+    "kubectl delete, dropping volumes)",
+    "Production deployment or release",
+    "Changes to authentication, secrets/credentials, billing or payment logic",
+)
+
+
+def crucial_prompt(human_instructions: str | None) -> str:
+    """Prompt block telling the agent when and how to pause for approval."""
+    items = "\n".join(f"- {x}" for x in _BUILTIN_CRUCIAL)
+
+    extra = ""
+    hi = human_instructions or ""
+    flagged = [
+        ln.strip() for ln in hi.splitlines()
+        if any(k in ln.lower() for k in ("crucial", "approval", "sensitive", "do not"))
+    ]
+    if flagged:
+        extra = "\nThe operator additionally marked these as crucial:\n" + "\n".join(
+            f"- {ln}" for ln in flagged[:10]
+        )
+
+    return (
+        "\n\n=== CRUCIAL-DECISION GATE (mandatory) ===\n"
+        "Before performing any CRUCIAL or IRREVERSIBLE action you MUST pause for "
+        "human approval. Crucial actions include:\n" + items + extra + "\n"
+        "When you reach such a step, DO NOT perform it. Output EXACTLY one line:\n"
+        f"{MARKER} <one-line description of the action needing approval>\n"
+        "then STOP and end your turn. Do not proceed until you are told it is approved."
+    )
+
+
+def detect_marker(text: str | None) -> str | None:
+    """Return the description after the marker, or None if not present."""
+    if not text:
+        return None
+    for line in text.splitlines():
+        if MARKER in line:
+            return line.split(MARKER, 1)[1].strip() or "crucial action"
+    return None

devops_bot_sdk-1.4.1/sdk/git_ops.py

@@ -0,0 +1,124 @@
+"""Local git operations — feature branch + PR via the user's GitHub token.
+
+Runs `git`/`gh` as subprocesses on the user's machine, authenticated with the
+token fetched from the backend (`/ml-api/github/token`). The SDK owns branching,
+commit, push and PR for the PRIMARY project so it's deterministic; the agent is
+told not to do git for that repo (it may still clone/PR other repos the ticket
+names). Everything here is best-effort and never raises into the run.
+"""
+from __future__ import annotations
+
+import asyncio
+import os
+import re
+import shutil
+from pathlib import Path
+
+
+def slugify(text: str | None, max_len: int = 40) -> str:
+    s = re.sub(r"[^a-z0-9]+", "-", (text or "").lower()).strip("-")
+    return s[:max_len].strip("-") or "task"
+
+
+def _git_env(github_token: str | None) -> dict:
+    env = dict(os.environ)
+    if github_token:
+        env["GH_TOKEN"] = github_token
+        env["GITHUB_TOKEN"] = github_token
+        env["GIT_CONFIG_COUNT"] = "1"
+        env["GIT_CONFIG_KEY_0"] = (
+            f"url.https://x-access-token:{github_token}@github.com/.insteadOf"
+        )
+        env["GIT_CONFIG_VALUE_0"] = "https://github.com/"
+    env.setdefault("GIT_AUTHOR_NAME", "AgentOS")
+    env.setdefault("GIT_AUTHOR_EMAIL", "agentos@users.noreply.github.com")
+    env.setdefault("GIT_COMMITTER_NAME", "AgentOS")
+    env.setdefault("GIT_COMMITTER_EMAIL", "agentos@users.noreply.github.com")
+    return env
+
+
+async def _run(cmd: list[str], cwd: str, env: dict, timeout: float = 120.0):
+    """Run a command; return (returncode, stdout, stderr). Never raises."""
+    try:
+        proc = await asyncio.create_subprocess_exec(
+            *cmd, cwd=cwd, env=env,
+            stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE,
+        )
+        out, err = await asyncio.wait_for(proc.communicate(), timeout=timeout)
+        return (
+            proc.returncode,
+            out.decode("utf-8", "replace").strip(),
+            err.decode("utf-8", "replace").strip(),
+        )
+    except Exception as exc:  # noqa: BLE001
+        return 1, "", str(exc)
+
+
+async def _is_git_repo(path: str, env: dict) -> bool:
+    rc, out, _ = await _run(["git", "rev-parse", "--is-inside-work-tree"], path, env)
+    return rc == 0 and out == "true"
+
+
+async def detect_default_branch(path: str, env: dict) -> str:
+    """Repo default branch (origin/HEAD), falling back to the current branch."""
+    rc, out, _ = await _run(
+        ["git", "symbolic-ref", "refs/remotes/origin/HEAD"], path, env,
+    )
+    if rc == 0 and "/" in out:
+        return out.rsplit("/", 1)[-1]
+    rc, out, _ = await _run(["git", "rev-parse", "--abbrev-ref", "HEAD"], path, env)
+    return out if (rc == 0 and out) else "main"
+
+
+async def start_branch(
+    project_path: str, jira_key: str | None, summary: str | None, github_token: str | None,
+) -> dict | None:
+    """Create + check out `feature/<jira_key>-<slug>` off the default branch.
+
+    Returns {"branch", "base"} or None when the path isn't a git repo (e.g. a
+    fresh scratch dir) or the checkout failed.
+    """
+    path = str(Path(project_path).expanduser())
+    env = _git_env(github_token)
+    if not await _is_git_repo(path, env):
+        return None
+    base = await detect_default_branch(path, env)
+    key = slugify(jira_key or "task", max_len=24)
+    branch = f"feature/{key}-{slugify(summary)}"
+    await _run(["git", "fetch", "origin"], path, env, timeout=180.0)
+    rc, _, _ = await _run(["git", "checkout", "-B", branch], path, env)
+    if rc != 0:
+        return None
+    return {"branch": branch, "base": base}
+
+
+async def finish_pr(
+    project_path: str, branch: str, base: str, title: str, body: str,
+    github_token: str | None,
+) -> dict:
+    """Stage all, commit, push the branch, open a PR. Best-effort.
+
+    Returns {"pushed": bool, "pr_url": str | None}.
+    """
+    path = str(Path(project_path).expanduser())
+    env = _git_env(github_token)
+
+    await _run(["git", "add", "-A"], path, env)
+    # commit — no-op (non-zero) when there's nothing staged; ignore that case.
+    await _run(["git", "commit", "-m", title], path, env)
+
+    rc, _, _ = await _run(
+        ["git", "push", "-u", "origin", branch, "--force-with-lease"],
+        path, env, timeout=300.0,
+    )
+    pushed = rc == 0
+    pr_url: str | None = None
+    if pushed and shutil.which("gh"):
+        rc, out, _ = await _run(
+            ["gh", "pr", "create", "--base", base, "--head", branch,
+             "--title", title, "--body", body],
+            path, env, timeout=120.0,
+        )
+        if rc == 0 and out:
+            pr_url = out.strip().splitlines()[-1]
+    return {"pushed": pushed, "pr_url": pr_url}

devops_bot_sdk-1.4.1/sdk/graphify.py

@@ -0,0 +1,172 @@
+"""Graphify integration — per-project knowledge-graph context management.
+
+graphify (https://github.com/safishamsi/graphify) turns a project into a
+queryable knowledge graph and plugs into Claude Code as a **skill + PreToolUse
+hook**, so the agent queries the graph instead of loading whole files — keeping
+large projects inside the context window.
+
+Everything here is best-effort and never raises: if graphify is unavailable or a
+step fails, the run continues on plain `claude`. Disable with
+``AGENTOS_NO_GRAPHIFY=1``.
+
+Per-project flow (called once before each local `claude` run):
+  ensure_installed()  → auto-install `graphifyy` via uv → pipx → pip if missing
+  ensure_skill()      → `graphify install` once (registers /graphify + the hook)
+  build_graph(path)   → `graphify extract <path> --update`  (incremental)
+  gitignore_out(path) → keep graphify-out/ out of commits/PRs
+"""
+from __future__ import annotations
+
+import asyncio
+import os
+import shutil
+import sys
+from pathlib import Path
+
+_SKILL_MARKER = Path.home() / ".agentos" / ".graphify_skill_installed"
+
+
+def _disabled() -> bool:
+    return bool(os.getenv("AGENTOS_NO_GRAPHIFY"))
+
+
+def is_available() -> bool:
+    """True when the `graphify` CLI is on PATH."""
+    return shutil.which("graphify") is not None
+
+
+async def _run(cmd: list[str], cwd: str | None = None, timeout: float = 600.0) -> bool:
+    """Run a command quietly; True on exit 0. Never raises."""
+    proc = None
+    try:
+        proc = await asyncio.create_subprocess_exec(
+            *cmd,
+            cwd=cwd,
+            stdout=asyncio.subprocess.DEVNULL,
+            stderr=asyncio.subprocess.DEVNULL,
+        )
+        await asyncio.wait_for(proc.wait(), timeout=timeout)
+        return proc.returncode == 0
+    except Exception:  # noqa: BLE001
+        if proc is not None:
+            try:
+                proc.kill()
+            except Exception:  # noqa: BLE001
+                pass
+        return False
+
+
+async def ensure_installed() -> bool:
+    """Install graphify (`graphifyy`) if missing — uv → pipx → pip. Returns availability."""
+    if _disabled():
+        return False
+    if is_available():
+        return True
+    candidates = [
+        ["uv", "tool", "install", "graphifyy"],
+        ["pipx", "install", "graphifyy"],
+        [sys.executable, "-m", "pip", "install", "graphifyy"],
+    ]
+    for cmd in candidates:
+        if shutil.which(cmd[0]) and await _run(cmd, timeout=300.0) and is_available():
+            return True
+    return is_available()
+
+
+async def ensure_skill() -> None:
+    """Register the Claude Code skill + PreToolUse hook once (`graphify install`)."""
+    if _disabled() or not is_available() or _SKILL_MARKER.exists():
+        return
+    if await _run(["graphify", "install"], timeout=120.0):
+        try:
+            _SKILL_MARKER.parent.mkdir(parents=True, exist_ok=True)
+            _SKILL_MARKER.write_text("ok")
+        except Exception:  # noqa: BLE001
+            pass
+
+
+async def build_graph(project_path: str) -> bool:
+    """Incrementally (re)build the project graph. Tolerates CLI-flag differences."""
+    if _disabled() or not is_available():
+        return False
+    p = str(Path(project_path).expanduser())
+    # Default extraction is tree-sitter based (fast, local). Try the documented
+    # forms in order; the first that succeeds wins.
+    for cmd in (
+        ["graphify", "extract", p, "--update"],
+        ["graphify", "extract", p],
+        ["graphify", p, "--update"],
+    ):
+        if await _run(cmd, cwd=p, timeout=600.0):
+            return True
+    return False
+
+
+# Volatile graphify artifacts to keep OUT of commits/PRs. graph.json and
+# GRAPH_REPORT.md are intentionally NOT listed — they stay trackable.
+_GITIGNORE_ENTRIES = (
+    "graphify-out/manifest.json",
+    "graphify-out/cost.json",
+    "graphify-out/cache",
+)
+
+
+def gitignore_out(project_path: str) -> None:
+    """Gitignore the volatile graphify artifacts (manifest/cost/cache).
+
+    Adds each entry only if absent (idempotent). graph.json / GRAPH_REPORT.md are
+    left trackable on purpose.
+    """
+    try:
+        gi = Path(project_path).expanduser() / ".gitignore"
+        existing = gi.read_text(encoding="utf-8") if gi.exists() else ""
+        missing = [e for e in _GITIGNORE_ENTRIES if e not in existing]
+        if not missing:
+            return
+        prefix = "" if (not existing or existing.endswith("\n")) else "\n"
+        with gi.open("a", encoding="utf-8") as f:
+            f.write(prefix + "\n".join(missing) + "\n")
+    except Exception:  # noqa: BLE001
+        pass
+
+
+# Debounced per-edit incremental updates (so rapid edits don't spawn a storm).
+_last_update: dict[str, float] = {}
+_UPDATE_DEBOUNCE_S = 15.0
+
+
+def schedule_update(project_path: str) -> None:
+    """Fire-and-forget incremental graph refresh after a file edit (debounced).
+
+    Runs `graphify extract <path> --update` in the background so it never blocks
+    the agent; coalesces bursts to at most one update per _UPDATE_DEBOUNCE_S.
+    """
+    if _disabled() or not is_available():
+        return
+    import time as _t
+
+    now = _t.monotonic()
+    p = str(Path(project_path).expanduser())
+    if now - _last_update.get(p, 0.0) < _UPDATE_DEBOUNCE_S:
+        return
+    _last_update[p] = now
+    try:
+        asyncio.get_running_loop().create_task(build_graph(p))
+    except RuntimeError:
+        pass  # no running loop — skip the background refresh
+
+
+async def prepare(project_path: str) -> bool:
+    """Full per-project prep before a local claude run.
+
+    install → skill/hook → gitignore → incremental graph build.
+    Returns True when a graph was built (graph-routed context is active).
+    """
+    if _disabled():
+        return False
+    await ensure_installed()
+    if not is_available():
+        return False
+    await ensure_skill()
+    gitignore_out(project_path)
+    return await build_graph(project_path)