devops-bot-sdk 1.4.0__tar.gz → 1.4.3__tar.gz

{devops_bot_sdk-1.4.0 → devops_bot_sdk-1.4.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devops-bot-sdk
-Version: 1.4.0
+Version: 1.4.3
 Summary: DevOps Bot Desktop SDK — thin client for the AgentOS Electron desktop app
 Author: noumanaziz2128
 License-Expression: LicenseRef-Proprietary

{devops_bot_sdk-1.4.0 → devops_bot_sdk-1.4.3}/devops_bot_sdk.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devops-bot-sdk
-Version: 1.4.0
+Version: 1.4.3
 Summary: DevOps Bot Desktop SDK — thin client for the AgentOS Electron desktop app
 Author: noumanaziz2128
 License-Expression: LicenseRef-Proprietary

{devops_bot_sdk-1.4.0 → devops_bot_sdk-1.4.3}/devops_bot_sdk.egg-info/SOURCES.txt

@@ -9,12 +9,17 @@ devops_bot_sdk.egg-info/top_level.txt
 sdk/__init__.py
 sdk/client.py
 sdk/config.py
+sdk/crucial.py
 sdk/exceptions.py
+sdk/git_ops.py
+sdk/graphify.py
 sdk/local_exec.py
 sdk/py.typed
+sdk/run_auto.py
 sdk/sse.py
 sdk/test.py
 sdk/test_pipeline.py
+sdk/updater.py
 sdk/collectors/__init__.py
 sdk/collectors/files.py
 sdk/collectors/process.py

{devops_bot_sdk-1.4.0 → devops_bot_sdk-1.4.3}/devops_bot_sdk.egg-info/entry_points.txt

@@ -1,2 +1,3 @@
 [console_scripts]
 agentos = sdk.config:configure_cli
+agentos-auto = sdk.run_auto:main

{devops_bot_sdk-1.4.0 → devops_bot_sdk-1.4.3}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "devops-bot-sdk"
-version = "1.4.0"
+version = "1.4.3"
 description = "DevOps Bot Desktop SDK — thin client for the AgentOS Electron desktop app"
 readme = "README.md"
 license = "LicenseRef-Proprietary"
@@ -32,7 +32,8 @@ all = [
 ]
 
 [project.scripts]
-agentos = "sdk.config:configure_cli"   # `agentos configure [--rotate]`
+agentos = "sdk.config:configure_cli"        # `agentos configure [--rotate]`
+agentos-auto = "sdk.run_auto:main"          # run orchestrate-auto LOCALLY (co_ token from config)
 
 [project.urls]
 Homepage   = "https://agentos.io"

{devops_bot_sdk-1.4.0 → devops_bot_sdk-1.4.3}/sdk/__init__.py

@@ -1,6 +1,6 @@
 """AgentOS Desktop SDK — thin HTTPS/SSE client for the Electron app.
 
-Version: 1.4.0
+Version: 1.4.3
 
 Public surface:
   BackendClient.from_config()        — create client from ~/.agentos/config.toml
@@ -30,7 +30,7 @@ Rules:
   - All data egress through submit_webhook only
 """
 
-__version__ = "1.4.0"
+__version__ = "1.4.3"
 __author__  = "AgentOS"
 
 from sdk.client import BackendClient

{devops_bot_sdk-1.4.0 → devops_bot_sdk-1.4.3}/sdk/client.py

@@ -36,7 +36,7 @@ from sdk.sse import _check_status, stream_with_reconnect
 
 logger = logging.getLogger(__name__)
 
-SDK_VERSION    = "1.4.0"
+SDK_VERSION    = "1.4.3"
 _POLL_INTERVAL = 3.0
 _POLL_TIMEOUT  = 600.0
 _ORCHESTRATE_TIMEOUT      = 2700.0  # 45 min — covers approval wait + VPS execution time
@@ -578,6 +578,133 @@ class BackendClient:
         _check_status(resp.status_code, self._base_url)
         return resp.json()
 
+    async def list_todo_tasks_raw(self, status: str = "To Do", limit: int = 10000) -> list[dict]:
+        """GET /tasks-ml (ML backend) — RAW task records.
+
+        Unlike list_tasks (the AI backend's refined view), this returns the raw
+        records that include `agentMode`, `jiraIssueKey`, `projectKey`, and
+        `humanInstructions` — needed to drive the local auto loop (autonomy
+        switch, branch naming, folder routing). Best-effort: returns [] on error.
+        """
+        from sdk.config import BE_DEFAULT_URL
+
+        url = f"{BE_DEFAULT_URL.rstrip('/')}/tasks-ml"
+        headers = {**self._headers, "accept": "*/*", "developer-name": "null", "product": ""}
+        try:
+            async with httpx.AsyncClient(timeout=30.0) as client:
+                resp = await client.get(url, params={"status": status, "limit": limit}, headers=headers)
+            if resp.status_code >= 400:
+                return []
+            return ((resp.json() or {}).get("data") or {}).get("records") or []
+        except Exception:
+            return []
+
+    async def approval_record(self, task_id: str) -> dict | None:
+        """GET /api/v1/mgmt/approve/{task_id} → the full decision record (or None).
+
+        Includes `decision` + `timestamp`. The timestamp lets the caller tell a
+        FRESH decision (for a new gate) from a stale one left by an earlier gate.
+        """
+        try:
+            async with httpx.AsyncClient(timeout=15.0) as client:
+                resp = await client.get(
+                    self._url(f"/api/v1/mgmt/approve/{task_id}"), headers=self._headers,
+                )
+            if resp.status_code >= 400:
+                return None
+            return (resp.json() or {}).get("record")
+        except Exception:
+            return None
+
+    async def approval_status(self, task_id: str) -> str:
+        """GET /api/v1/mgmt/approve/{task_id} → 'approved' | 'rejected' | 'pending'.
+
+        Polled by the local loop to learn the human's WhatsApp decision (the
+        backend records it under approval_log:{task_id}). Returns 'pending' on
+        any error so the caller keeps polling rather than acting prematurely.
+        """
+        try:
+            async with httpx.AsyncClient(timeout=15.0) as client:
+                resp = await client.get(
+                    self._url(f"/api/v1/mgmt/approve/{task_id}"), headers=self._headers,
+                )
+            if resp.status_code >= 400:
+                return "pending"
+            return str((resp.json() or {}).get("status") or "pending").lower()
+        except Exception:
+            return "pending"
+
+    async def github_token(self) -> str | None:
+        """GET /ml-api/github/token → the user's GitHub access token (gho_…).
+
+        Used by the LOCAL agent to authenticate git/gh for clone/push/PR. The
+        endpoint lives on the ML backend (devopsbot-be), authorised by the same
+        co_ token. Best-effort: returns None on any failure so a run without a
+        connected GitHub account still proceeds (clone/PR steps just won't auth).
+        """
+        from sdk.config import BE_DEFAULT_URL
+
+        url = f"{BE_DEFAULT_URL.rstrip('/')}/ml-api/github/token"
+        headers = {
+            **self._headers,
+            "accept": "*/*",
+            "developer-name": "null",
+            "product": "",
+        }
+        try:
+            async with httpx.AsyncClient(timeout=15.0) as client:
+                resp = await client.get(url, headers=headers)
+            if resp.status_code >= 400:
+                return None
+            data = (resp.json() or {}).get("data") or {}
+            return data.get("accessToken") or None
+        except Exception:
+            return None
+
+    async def notify_whatsapp(
+        self,
+        task_id: str,
+        message: str,
+        *,
+        summary: str = "",
+        risk_level: str = "LOW",
+        approver_role: str = "TEAM_LEAD",
+    ) -> bool:
+        """Push a WhatsApp message to the user via POST /approvals-ml.
+
+        Used for alerts — a hard error during local execution, or the context
+        window being exceeded. `message` is what the user receives on WhatsApp
+        (the backend forwards it). Best-effort: returns False and never raises so
+        a notification failure can't break the run.
+        """
+        from sdk.config import BE_DEFAULT_URL
+
+        url = f"{BE_DEFAULT_URL.rstrip('/')}/approvals-ml"
+        headers = {
+            **self._headers,
+            "accept": "*/*",
+            "Content-Type": "application/json",
+            "developer-name": "null",
+            "product": "",
+        }
+        payload = {
+            "taskId": task_id,
+            "gateNumber": 1,
+            "riskLevel": risk_level,
+            "message": (message or "")[:300],
+            "costEstimateUsd": 0,
+            "approverRole": approver_role,
+            "approvalSummary": (summary or message or "")[:300],
+            "inputTokens": 0,
+            "outputTokens": 0,
+        }
+        try:
+            async with httpx.AsyncClient(timeout=15.0) as client:
+                resp = await client.post(url, json=payload, headers=headers)
+            return resp.status_code < 400
+        except Exception:
+            return False
+
     # ── Webhook (sole data egress) ─────────────────────────────────────
 
     async def submit_webhook(

{devops_bot_sdk-1.4.0 → devops_bot_sdk-1.4.3}/sdk/config.py

@@ -29,9 +29,31 @@ BE_DEFAULT_URL = "https://devopsbot-be.apiswagger.co.uk"
 
 # ── Machine-derived Fernet key ────────────────────────────────────────
 
+def _get_username() -> str:
+    """Return the current username without relying on a controlling terminal.
+
+    os.getlogin() raises FileNotFoundError in non-interactive shells (SSH
+    sessions without TTY, subprocesses, systemd services). Fall back through
+    environment variables and pwd before giving up.
+    """
+    for fn in (
+        lambda: os.environ.get("USER") or "",
+        lambda: os.environ.get("LOGNAME") or "",
+        lambda: __import__("pwd").getpwuid(os.getuid()).pw_name,
+        lambda: os.getlogin(),
+    ):
+        try:
+            name = fn()
+            if name:
+                return name
+        except Exception:  # noqa: BLE001
+            continue
+    return "unknown"
+
+
 def _machine_key() -> bytes:
     from cryptography.fernet import Fernet
-    seed = f"{platform.node()}:{platform.system()}:{os.getlogin()}:agentos-sdk"
+    seed = f"{platform.node()}:{platform.system()}:{_get_username()}:agentos-sdk"
     key_bytes = hashlib.sha256(seed.encode()).digest()
     return base64.urlsafe_b64encode(key_bytes)
 

devops_bot_sdk-1.4.3/sdk/crucial.py

@@ -0,0 +1,61 @@
+"""Mid-run crucial-decision gate.
+
+When agentMode=true, the agent must PAUSE for human approval before a crucial /
+irreversible action (DB schema changes/migrations, dropping data, destructive
+shell, prod deploy, auth/billing changes, or anything the operator flagged in
+humanInstructions).
+
+Mechanism: the prompt instructs the agent to STOP and emit a one-line marker
+before any such action. The SDK detects the marker, opens an approval gate, and
+resumes the session on approval. (A Claude Code PreToolUse *blocking* hook is a
+planned hardening on top of this — its block protocol needs verifying against
+the installed claude version.)
+"""
+from __future__ import annotations
+
+MARKER = "AGENTOS_APPROVAL_REQUIRED:"
+
+_BUILTIN_CRUCIAL = (
+    "Database schema changes or migrations (CREATE/ALTER/DROP TABLE, "
+    "prisma/alembic/knex/typeorm migrate, etc.)",
+    "Deleting or dropping data (DROP/TRUNCATE/DELETE, dropdb)",
+    "Destructive shell commands (rm -rf, git push --force, terraform destroy, "
+    "kubectl delete, dropping volumes)",
+    "Production deployment or release",
+    "Changes to authentication, secrets/credentials, billing or payment logic",
+)
+
+
+def crucial_prompt(human_instructions: str | None) -> str:
+    """Prompt block telling the agent when and how to pause for approval."""
+    items = "\n".join(f"- {x}" for x in _BUILTIN_CRUCIAL)
+
+    extra = ""
+    hi = human_instructions or ""
+    flagged = [
+        ln.strip() for ln in hi.splitlines()
+        if any(k in ln.lower() for k in ("crucial", "approval", "sensitive", "do not"))
+    ]
+    if flagged:
+        extra = "\nThe operator additionally marked these as crucial:\n" + "\n".join(
+            f"- {ln}" for ln in flagged[:10]
+        )
+
+    return (
+        "\n\n=== CRUCIAL-DECISION GATE (mandatory) ===\n"
+        "Before performing any CRUCIAL or IRREVERSIBLE action you MUST pause for "
+        "human approval. Crucial actions include:\n" + items + extra + "\n"
+        "When you reach such a step, DO NOT perform it. Output EXACTLY one line:\n"
+        f"{MARKER} <one-line description of the action needing approval>\n"
+        "then STOP and end your turn. Do not proceed until you are told it is approved."
+    )
+
+
+def detect_marker(text: str | None) -> str | None:
+    """Return the description after the marker, or None if not present."""
+    if not text:
+        return None
+    for line in text.splitlines():
+        if MARKER in line:
+            return line.split(MARKER, 1)[1].strip() or "crucial action"
+    return None

devops_bot_sdk-1.4.3/sdk/git_ops.py

@@ -0,0 +1,214 @@
+"""Local git operations — feature branch + PR via the user's GitHub token.
+
+Runs `git`/`gh` as subprocesses on the user's machine, authenticated with the
+token fetched from the backend (`/ml-api/github/token`). The SDK owns branching,
+commit, push and PR for the PRIMARY project so it's deterministic; the agent is
+told not to do git for that repo (it may still clone/PR other repos the ticket
+names). Everything here is best-effort and never raises into the run.
+"""
+from __future__ import annotations
+
+import asyncio
+import logging
+import os
+import re
+import shutil
+from pathlib import Path
+
+logger = logging.getLogger(__name__)
+
+
+def slugify(text: str | None, max_len: int = 40) -> str:
+    s = re.sub(r"[^a-z0-9]+", "-", (text or "").lower()).strip("-")
+    return s[:max_len].strip("-") or "task"
+
+
+def _git_env(github_token: str | None) -> dict:
+    env = dict(os.environ)
+    if github_token:
+        env["GH_TOKEN"] = github_token
+        env["GITHUB_TOKEN"] = github_token
+        env["GIT_CONFIG_COUNT"] = "1"
+        env["GIT_CONFIG_KEY_0"] = (
+            f"url.https://x-access-token:{github_token}@github.com/.insteadOf"
+        )
+        env["GIT_CONFIG_VALUE_0"] = "https://github.com/"
+    env.setdefault("GIT_AUTHOR_NAME", "AgentOS")
+    env.setdefault("GIT_AUTHOR_EMAIL", "agentos@users.noreply.github.com")
+    env.setdefault("GIT_COMMITTER_NAME", "AgentOS")
+    env.setdefault("GIT_COMMITTER_EMAIL", "agentos@users.noreply.github.com")
+    return env
+
+
+async def _run(cmd: list[str], cwd: str, env: dict, timeout: float = 120.0):
+    """Run a command; return (returncode, stdout, stderr). Never raises."""
+    try:
+        proc = await asyncio.create_subprocess_exec(
+            *cmd, cwd=cwd, env=env,
+            stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE,
+        )
+        out, err = await asyncio.wait_for(proc.communicate(), timeout=timeout)
+        return (
+            proc.returncode,
+            out.decode("utf-8", "replace").strip(),
+            err.decode("utf-8", "replace").strip(),
+        )
+    except Exception as exc:  # noqa: BLE001
+        return 1, "", str(exc)
+
+
+async def _is_git_repo(path: str, env: dict) -> bool:
+    rc, out, _ = await _run(["git", "rev-parse", "--is-inside-work-tree"], path, env)
+    return rc == 0 and out == "true"
+
+
+async def detect_default_branch(path: str, env: dict) -> str:
+    """Repo default branch (origin/HEAD), falling back to the current branch."""
+    rc, out, _ = await _run(
+        ["git", "symbolic-ref", "refs/remotes/origin/HEAD"], path, env,
+    )
+    if rc == 0 and "/" in out:
+        return out.rsplit("/", 1)[-1]
+    rc, out, _ = await _run(["git", "rev-parse", "--abbrev-ref", "HEAD"], path, env)
+    return out if (rc == 0 and out) else "main"
+
+
+async def start_branch(
+    project_path: str, jira_key: str | None, summary: str | None, github_token: str | None,
+) -> dict | None:
+    """Create + check out `feature/<jira_key>-<slug>` off the default branch.
+
+    Returns {"branch", "base"} or None when the path isn't a git repo (e.g. a
+    fresh scratch dir) or the checkout failed.
+    """
+    path = str(Path(project_path).expanduser())
+    env = _git_env(github_token)
+    if not await _is_git_repo(path, env):
+        return None
+    base = await detect_default_branch(path, env)
+    key = slugify(jira_key or "task", max_len=24)
+    branch = f"feature/{key}-{slugify(summary)}"
+    await _run(["git", "fetch", "origin"], path, env, timeout=180.0)
+    rc, _, _ = await _run(["git", "checkout", "-B", branch], path, env)
+    if rc != 0:
+        return None
+    return {"branch": branch, "base": base}
+
+
+async def _remote_owner_repo(path: str, env: dict) -> tuple[str, str] | None:
+    """Parse origin's URL into (owner, repo). Handles https and ssh forms."""
+    rc, out, _ = await _run(["git", "remote", "get-url", "origin"], path, env)
+    if rc != 0 or not out:
+        return None
+    m = re.search(r"github\.com[:/]+([^/]+)/(.+?)(?:\.git)?/?$", out.strip())
+    if not m:
+        return None
+    return m.group(1), m.group(2)
+
+
+async def _create_pr_via_api(
+    owner: str, repo: str, base: str, head: str, title: str, body: str, token: str,
+) -> str | None:
+    """Open a PR through the GitHub REST API (no `gh` CLI needed).
+
+    The token from /ml-api/github/token carries `repo` scope, so it can both push
+    and open PRs. Returns the PR html_url, or the existing open PR's url when one
+    already exists for this head (422). Returns None (and logs) on any other error.
+    """
+    import httpx
+
+    api = f"https://api.github.com/repos/{owner}/{repo}/pulls"
+    headers = {
+        "Authorization": f"token {token}",
+        "Accept": "application/vnd.github+json",
+        "X-GitHub-Api-Version": "2022-11-28",
+    }
+    try:
+        async with httpx.AsyncClient(timeout=30.0) as c:
+            resp = await c.post(
+                api, headers=headers,
+                json={"title": title, "head": head, "base": base, "body": body},
+            )
+        if resp.status_code == 201:
+            return resp.json().get("html_url")
+        # 422 = a PR already exists for this head (or validation issue). Try to
+        # surface the existing open PR rather than reporting "no PR".
+        if resp.status_code == 422:
+            async with httpx.AsyncClient(timeout=30.0) as c:
+                r2 = await c.get(
+                    api, headers=headers,
+                    params={"head": f"{owner}:{head}", "state": "open"},
+                )
+            if r2.status_code == 200 and r2.json():
+                return r2.json()[0].get("html_url")
+        logger.warning(
+            "git_ops.pr_api_failed owner=%s repo=%s head=%s status=%s body=%s",
+            owner, repo, head, resp.status_code, resp.text[:300],
+        )
+    except Exception as exc:  # noqa: BLE001
+        logger.warning("git_ops.pr_api_error head=%s error=%s", head, exc)
+    return None
+
+
+async def finish_pr(
+    project_path: str, branch: str, base: str, title: str, body: str,
+    github_token: str | None,
+) -> dict:
+    """Stage all, commit, push the branch, open a PR. Best-effort.
+
+    PR creation prefers the GitHub REST API (works with just the token — no `gh`
+    install required) and falls back to the `gh` CLI. Every failure path is
+    logged so a missing PR is diagnosable instead of silent.
+
+    Returns {"pushed": bool, "pr_url": str | None, "pr_error": str | None}.
+    """
+    path = str(Path(project_path).expanduser())
+    env = _git_env(github_token)
+
+    await _run(["git", "add", "-A"], path, env)
+    # commit — no-op (non-zero) when there's nothing staged; ignore that case.
+    await _run(["git", "commit", "-m", title], path, env)
+
+    rc, _, push_err = await _run(
+        ["git", "push", "-u", "origin", branch, "--force-with-lease"],
+        path, env, timeout=300.0,
+    )
+    pushed = rc == 0
+    if not pushed:
+        logger.warning("git_ops.push_failed branch=%s error=%s", branch, push_err[:300])
+        return {"pushed": False, "pr_url": None, "pr_error": f"push failed: {push_err[:200]}"}
+
+    pr_url: str | None = None
+    pr_error: str | None = None
+
+    # 1. Preferred: REST API (no `gh` dependency).
+    owner_repo = await _remote_owner_repo(path, env)
+    if github_token and owner_repo:
+        owner, repo = owner_repo
+        pr_url = await _create_pr_via_api(owner, repo, base, branch, title, body, github_token)
+
+    # 2. Fallback: gh CLI, if installed.
+    if not pr_url and shutil.which("gh"):
+        rc, out, gh_err = await _run(
+            ["gh", "pr", "create", "--base", base, "--head", branch,
+             "--title", title, "--body", body],
+            path, env, timeout=120.0,
+        )
+        if rc == 0 and out:
+            pr_url = out.strip().splitlines()[-1]
+        else:
+            pr_error = f"gh pr create failed: {gh_err[:200]}"
+            logger.warning("git_ops.gh_pr_failed branch=%s error=%s", branch, gh_err[:300])
+
+    if not pr_url and pr_error is None:
+        # Pushed, but no PR and no specific error captured above.
+        pr_error = (
+            "no PR created — REST API returned no URL"
+            if (github_token and owner_repo)
+            else "no PR created — missing GitHub token or unrecognized origin remote"
+            if not shutil.which("gh")
+            else "no PR created"
+        )
+        logger.warning("git_ops.no_pr branch=%s reason=%s", branch, pr_error)
+
+    return {"pushed": pushed, "pr_url": pr_url, "pr_error": pr_error}