devpy-cli 1.0.0__py3-none-any.whl

devpy_cli-1.0.0.dist-info/METADATA

@@ -0,0 +1,330 @@
+Metadata-Version: 2.4
+Name: devpy-cli
+Version: 1.0.0
+Summary: AI-powered DevOps CLI Assistant for local and remote Docker management
+Author-email: Eddy Ortega <atrox390@gmail.com>
+License: MIT
+Project-URL: Homepage, https://github.com/your-username/devpy-cli
+Project-URL: Bug Tracker, https://github.com/your-username/devpy-cli/issues
+Classifier: Programming Language :: Python :: 3
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Topic :: System :: Systems Administration
+Classifier: Topic :: Software Development :: Build Tools
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+Requires-Dist: docker>=7.0.0
+Requires-Dist: paramiko>=3.4.0
+Requires-Dist: cryptography>=42.0.0
+Requires-Dist: rich>=13.7.0
+Requires-Dist: langchain>=0.1.0
+Requires-Dist: langchain-openai>=0.0.5
+Requires-Dist: langgraph>=0.0.10
+Requires-Dist: python-dotenv>=1.0.0
+Requires-Dist: psutil>=5.9.0
+
+# DevPy CLI
+
+An intelligent command-line assistant powered by LLM (DeepSeek/OpenAI) to manage Docker environments, both local and remote via SSH. Designed to simplify DevOps tasks with natural language, ensuring security and control.
+
+## Key Features
+
+*   **Natural Language Interaction**: "Restart the nginx container", "Show database logs", "Monitor memory usage".
+*   **Local and Remote Docker Management**: Connect to your local machine or remote servers via SSH transparently.
+*   **Secure SSH Key Management**: Encrypted storage (AES-256) of SSH private keys. Import from `~/.ssh`.
+*   **Granular Permission System**:
+    *   Interactive confirmation for critical operations (write/delete).
+    *   Configurable whitelists.
+    *   Persistent permission rules with hot-reload.
+    *   "Dry-Run" mode to simulate executions.
+*   **Logging and Auditing**: Detailed logging of all operations and permission decisions in `logs/permissions.log`.
+
+## System Requirements
+
+*   Python 3.9 or higher.
+*   Docker client installed (local) or SSH access to a server with Docker.
+*   Operating System: Windows, macOS, Linux.
+
+## Installation
+
+1.  **Clone the repository:**
+
+    ```bash
+    git clone <repo-url>
+    cd devpy-cli
+    ```
+
+2.  **Create virtual environment (recommended):**
+
+    ```bash
+    python -m venv venv
+    # Windows
+    .\venv\Scripts\activate
+    # Linux/Mac
+    source venv/bin/activate
+    ```
+
+3.  **Install dependencies:**
+
+    ```bash
+    pip install -e .
+    ```
+
+4.  **Configure environment:**
+    Create a `.env` file in the root (you can copy the example if it exists) with your LLM API key:
+
+    ```ini
+    DEEPSEEK_API_KEY=your_api_key_here
+    # Optional: LLM=chatgpt and OPENAI_API_KEY=...
+    ```
+
+## Usage Guide
+
+### Start the CLI
+
+```bash
+# From the repository
+python app.py
+
+# Or if installed in editable mode
+devpy-cli
+```
+
+On first run, if no `.env` file exists, an interactive setup wizard will guide you through:
+- Choosing your LLM provider.
+- Entering the API key.
+- Optionally setting a custom base URL.
+
+After setup, the CLI banner appears and you are asked whether to enable dry-run mode.
+
+---
+
+### CLI Mode (Local Docker)
+
+Use this mode when you want to manage containers running on the same machine where DevPy CLI is installed.
+
+- **Requirements**
+  - Docker is installed and the daemon is running locally.
+  - Your user can talk to the Docker socket (e.g., `docker ps` works from your shell).
+
+- **Step-by-step**
+  1. Start the CLI (see above).
+  2. When prompted, choose whether to enable dry-run mode.
+  3. Ensure the mode is set to `local` (this is the default):
+     ```bash
+     config mode local
+     ```
+  4. Type natural language instructions, for example:
+     - `What containers are running?`
+     - `Restart the nginx container and show me its latest logs`
+     - `Create a redis container called cache`
+  5. When an action is potentially destructive (creating/stopping/removing containers, starting monitors, etc.), DevPy will:
+     - Show a preview of the Docker command.
+     - Ask for confirmation (once, for the command, or for the whole session).
+
+- **Typical local use cases**
+  - Quickly inspecting and restarting local services from the terminal.
+  - Checking logs of a misbehaving container.
+  - Spinning up utility containers (e.g., Redis, Postgres) by name and image.
+
+---
+
+### SSH Mode (Remote Docker over SSH)
+
+Use this mode to manage containers on a remote host over SSH, while still talking to the CLI locally.
+
+- **Prerequisites**
+  - The remote server:
+    - Has Docker installed and running.
+    - Is reachable via SSH (e.g., `ssh user@host` works).
+  - You have an SSH private key that can authenticate to that server.
+
+- **Step 1: Store your SSH key (encrypted)**
+
+  You can import keys from `~/.ssh` or add a specific file:
+
+  ```bash
+  # Scan ~/.ssh for potential keys and import one
+  keys scan
+
+  # Or add a specific key path
+  keys add my-remote /path/to/id_rsa
+
+  # List stored keys
+  keys list
+  ```
+
+  During `keys scan` or `keys add`, you are asked for a **passphrase for encryption**.  
+  This passphrase is used to derive a key that encrypts your private key on disk (AES-256 via `cryptography.Fernet`).
+
+- **Step 2: Configure SSH connection**
+
+  In the CLI, run:
+
+  ```bash
+  config ssh
+  ```
+
+  You will be prompted for:
+  - **SSH Host** (e.g., `myserver.example.com` or `192.168.1.100`)
+  - **SSH User** (e.g., `ubuntu`, `root`, `deploy`)
+  - **SSH Key Name** (one of the names returned by `keys list`)
+
+  This information is stored in `config.json`.
+
+- **Step 3: Switch to SSH mode**
+
+  ```bash
+  config mode ssh
+  ```
+
+  From now on, Docker operations happen against the remote host using the stored SSH configuration.
+
+- **Step 4: Authenticate with your key**
+
+  When the backend needs to connect to the remote Docker daemon, it:
+  - Prompts for the passphrase you used when storing the key, **or**
+  - Uses the `DOCKER_SSH_PASSPHRASE` environment variable if it is set.
+
+  This decrypted key is written to a temporary file (with restricted permissions) and used only for the SSH connection.
+
+- **Typical SSH use cases**
+  - Managing a remote Docker host from your laptop without logging in manually.
+  - Checking logs and restarting containers in staging/production environments.
+  - Monitoring memory usage of remote containers and triggering alerts.
+
+---
+
+### Command Reference
+
+#### Configuration Commands
+
+Use these to configure how the CLI connects and which LLM it uses:
+
+```bash
+# Show or set connection mode
+config mode           # shows current mode (local or ssh)
+config mode local     # use local Docker
+config mode ssh       # use remote Docker over SSH
+
+# Configure SSH details (host, user, key)
+config ssh
+
+# Re-run the LLM setup wizard and regenerate .env
+config llm
+```
+
+#### SSH Key Management Commands
+
+```bash
+# Import keys from ~/.ssh (interactive)
+keys scan
+
+# Add a key manually
+keys add <name> <path_to_private_key>
+
+# List saved keys
+keys list
+
+# Delete a stored key
+keys delete <name>
+```
+
+#### Permission Management Commands
+
+Control what the agent is allowed to do:
+
+```bash
+# View current rules
+permissions list
+
+# Block container restarts permanently
+permissions add restart_container deny
+
+# Allow container creation (with optional parameters)
+permissions add create_container allow
+
+# Reset all persistent permission rules
+permissions reset
+```
+
+During interactive confirmations, you can choose:
+- `y`  – allow once.
+- `yc` – always allow this exact command during the session.
+- `ys` – always allow this operation type during the session.
+- `n`  – deny.
+
+---
+
+### Interaction Examples with the Agent
+
+Once configured, simply type what you need:
+
+- *"What containers are running?"*
+- *"Restart the 'web-app' container and show me its latest logs"*
+- *"Create a redis container named 'my-redis'"*
+- *"Alert me if memory usage of container 'api' exceeds 80%"*
+
+The agent plans and executes one or more Docker operations, asking for permission when necessary.
+
+---
+
+### Dry-Run Mode
+
+You can enable dry-run mode in two ways:
+
+- At startup, when the CLI asks:
+  - Answer `y` to run in dry-run mode for the session.
+- Via environment variable:
+  - Set `DRY_RUN=1` before starting the app.
+
+In this mode, the agent **simulates** write actions (creating, deleting, restarting containers, starting monitors, etc.) without actually executing them.  
+The permission log still records what *would* have been executed.
+
+---
+
+## Authentication and Security
+
+- **LLM API Authentication**
+  - The `.env` file created by the setup wizard stores:
+    - `LLM` – which provider/adapter to use.
+    - `<PROVIDER>_API_KEY` – the API key for that provider.
+    - Optionally `LLM_BASE_URL` – custom base URL for compatible providers.
+  - You can re-run the wizard at any time with:
+    ```bash
+    config llm
+    ```
+
+- **SSH Key Encryption**
+  - Stored SSH keys live in `ssh_keys.enc`.
+  - Each key is encrypted using a passphrase-derived key (PBKDF2 + AES-256).
+  - The file permissions are hardened to allow read/write only for the current user.
+
+- **Runtime Environment Variables**
+  - `DRY_RUN` – if set to `1`, `true`, `yes`, or `y`, forces dry-run mode.
+  - `DOCKER_SSH_PASSPHRASE` – optional; if set, avoids interactive passphrase prompts for SSH keys.
+  - `DOCKER_SAFE_COMMANDS` – comma-separated list of operations that never prompt for confirmation.
+  - `DOCKER_CLI_USER` – overrides the username recorded in permission logs.
+
+- **Logging and Auditing**
+  - All operations go through a permission and logging layer.
+  - Logs are written as JSON lines to `logs/permissions.log`.
+  - Each entry includes timestamp, user, operation, arguments, decision, and optional command preview.
+
+## Project Structure
+
+*   `app.py`: Entry point.
+*   `frontend_cli.py`: User interface and CLI command handling.
+*   `backend.py`: Agent logic, integration with LangChain/LangGraph and Docker tools.
+*   `permissions_manager.py`: Access control and auditing system.
+*   `ssh_key_manager.py`: Encryption and key management.
+*   `config_manager.py`: Configuration persistence (mode, ssh host).
+*   `logs/`: Audit log files.
+
+## License
+
+MIT License. See `LICENSE` file for more details.
+
+## Author
+
+Developed by [Your Name/Organization].

devpy_cli-1.0.0.dist-info/RECORD

@@ -0,0 +1,12 @@
+app.py,sha256=iRPS0o8Ylp_PJiaPjmMkRvi0d2DGjgKotqZgCnVf0lA,383
+backend.py,sha256=yChg_BQAEU6OpPnL-4DDYFCCqkDEJuQiTVpjog2KHbc,12887
+config_manager.py,sha256=Nrgw0fQjLHl6sHb2Ww5ilKaYcvLmRhWgXdyXeyyyqTk,1345
+frontend_cli.py,sha256=OF9rs1NKpMhJXSJzxbEu9c3AhvXdwLWyCeOtHIKfZSQ,6452
+permissions_config_manager.py,sha256=w2nmRw54lZrrWa18uf18VedeK-gLbaBuSxr3Hy94E8E,3501
+permissions_manager.py,sha256=-blv36TGq0xkterLk8Nzt9Iaaw9RBv2yuEz3DBDJXNs,5646
+ssh_key_manager.py,sha256=49-23P0oo8ipmkjVfGLM9HFvVa-UZ6RqWR7uDxlRqgU,2423
+devpy_cli-1.0.0.dist-info/METADATA,sha256=9gRE3oEdgfSHDkaf6Nsfur1QqSDg1bzAJ49t651PoN0,10204
+devpy_cli-1.0.0.dist-info/WHEEL,sha256=YCfwYGOYMi5Jhw2fU4yNgwErybb2IX5PEwBKV4ZbdBo,91
+devpy_cli-1.0.0.dist-info/entry_points.txt,sha256=ww9qvpAxiE5vIb7huMHna206tHrkeTRAf2RWSGd5TDM,42
+devpy_cli-1.0.0.dist-info/top_level.txt,sha256=-yDfRnyYYfuyhetW2c6LJEg74FoesmjoPu8o9DHtPQw,103
+devpy_cli-1.0.0.dist-info/RECORD,,

devpy_cli-1.0.0.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (82.0.0)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

devpy_cli-1.0.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+devpy-cli = app:run_cli

devpy_cli-1.0.0.dist-info/top_level.txt

@@ -0,0 +1,7 @@
+app
+backend
+config_manager
+frontend_cli
+permissions_config_manager
+permissions_manager
+ssh_key_manager

frontend_cli.py

@@ -0,0 +1,205 @@
+from rich.console import Console
+from rich.prompt import Prompt
+from rich.markdown import Markdown
+from backend import run_agent_flow, config_manager, ssh_key_manager, reset_docker_client, permission_manager
+import os
+from pathlib import Path
+from setup_wizard import run_setup
+
+console = Console()
+
+
+def handle_config_command(user_input):
+  parts = user_input.split()
+  if len(parts) < 2:
+    console.print('[yellow]Usage: config [mode|ssh|llm][/yellow]')
+    return
+
+  cmd = parts[1]
+  if cmd == 'mode':
+    if len(parts) == 3:
+      new_mode = parts[2]
+      if new_mode in ['local', 'ssh']:
+        config_manager.set_mode(new_mode)
+        reset_docker_client()
+        console.print(f'[green]Mode set to {new_mode}[/green]')
+      else:
+        console.print("[red]Invalid mode. Use 'local' or 'ssh'[/red]")
+    else:
+      console.print(f'Current mode: {config_manager.get_mode()}')
+  elif cmd == 'ssh':
+    host = Prompt.ask('SSH Host')
+    user = Prompt.ask('SSH User')
+    keys = ssh_key_manager.list_keys()
+    if not keys:
+      console.print("[red]No SSH keys found. Add one with 'keys add' first.[/red]")
+      return
+    key_name = Prompt.ask('SSH Key Name', choices=keys)
+    config_manager.set_ssh_config(host, user, key_name)
+    reset_docker_client()
+    console.print('[green]SSH Configuration saved.[/green]')
+  elif cmd == 'llm':
+    console.print('[bold]Reconfiguring LLM Settings...[/bold]')
+    run_setup(force=True)
+    console.print('[yellow]Please restart the application for changes to take effect.[/yellow]')
+
+
+def handle_keys_command(user_input):
+  parts = user_input.split()
+  if len(parts) < 2:
+    console.print('[yellow]Usage: keys [list|add|delete|scan][/yellow]')
+    return
+
+  cmd = parts[1]
+  if cmd == 'list':
+    keys = ssh_key_manager.list_keys()
+    if keys:
+      console.print('Stored SSH Keys:')
+      for k in keys:
+        console.print(f'- {k}')
+    else:
+      console.print('No keys stored.')
+  elif cmd == 'scan':
+    # List keys in ~/.ssh
+    ssh_dir = Path.home() / '.ssh'
+    if not ssh_dir.exists():
+      console.print(f'[red]Directory {ssh_dir} not found.[/red]')
+      return
+
+    potential_keys = []
+    for f in ssh_dir.iterdir():
+      if (
+        f.is_file()
+        and not f.name.endswith('.pub')
+        and not f.name.startswith('known_hosts')
+        and not f.name.startswith('config')
+      ):
+        potential_keys.append(f)
+
+    if not potential_keys:
+      console.print(f'[yellow]No potential keys found in {ssh_dir}[/yellow]')
+      return
+
+    console.print(f'[bold]Found keys in {ssh_dir}:[/bold]')
+    choices = [k.name for k in potential_keys]
+    choices.append('Cancel')
+
+    selected = Prompt.ask('Select key to import', choices=choices, default='Cancel')
+    if selected == 'Cancel':
+      return
+
+    path = ssh_dir / selected
+    name = Prompt.ask('Enter name for this key', default=selected)
+    passphrase = Prompt.ask('Enter Passphrase for encryption', password=True)
+
+    try:
+      ssh_key_manager.add_key(name, str(path), passphrase)
+      console.print(f"[green]Key '{name}' imported successfully.[/green]")
+    except Exception as e:
+      console.print(f'[red]Error adding key: {e}[/red]')
+
+  elif cmd == 'add':
+    if len(parts) < 4:
+      console.print('[yellow]Usage: keys add <name> <path>[/yellow]')
+      return
+    name = parts[2]
+    path = parts[3]
+    passphrase = Prompt.ask('Enter Passphrase for encryption', password=True)
+    try:
+      ssh_key_manager.add_key(name, path, passphrase)
+      console.print(f"[green]Key '{name}' added successfully.[/green]")
+    except Exception as e:
+      console.print(f'[red]Error adding key: {e}[/red]')
+  elif cmd == 'delete':
+    if len(parts) < 3:
+      console.print('[yellow]Usage: keys delete <name>[/yellow]')
+      return
+    name = parts[2]
+    if ssh_key_manager.delete_key(name):
+      console.print(f"[green]Key '{name}' deleted.[/green]")
+    else:
+      console.print(f"[red]Key '{name}' not found.[/red]")
+
+
+def handle_permissions_command(user_input):
+  parts = user_input.split()
+  if len(parts) < 2:
+    console.print('[yellow]Usage: permissions [list|add|reset][/yellow]')
+    return
+
+  cmd = parts[1]
+  manager = permission_manager.config_manager
+
+  if cmd == 'list':
+    rules = manager.list_rules()
+    if not rules:
+      console.print('No permission rules configured.')
+    else:
+      console.print('[bold]Permission Rules:[/bold]')
+      for rule in rules:
+        console.print(f'- {rule["operation"]} -> {rule["decision"]} (Params: {rule.get("params")})')
+
+  elif cmd == 'add':
+    # Interactive add
+    # permissions add <operation> <decision> [param=value]
+    if len(parts) < 4:
+      console.print('[yellow]Usage: permissions add <operation> <allow|deny> [param=value...][/yellow]')
+      return
+
+    operation = parts[2]
+    decision = parts[3]
+    if decision not in ['allow', 'deny']:
+      console.print("[red]Decision must be 'allow' or 'deny'[/red]")
+      return
+
+    params = {}
+    if len(parts) > 4:
+      for p in parts[4:]:
+        if '=' in p:
+          k, v = p.split('=', 1)
+          params[k] = v
+
+    manager.add_rule(operation, decision, params=params)
+    console.print(f'[green]Rule added for {operation} -> {decision}[/green]')
+
+  elif cmd == 'reset':
+    if Prompt.ask('Are you sure you want to reset all permission rules?', choices=['y', 'n']) == 'y':
+      manager.reset_config()
+      console.print('[green]Permissions configuration reset.[/green]')
+
+
+def run_cli():
+  console.print(Markdown('# DevPy CLI'))
+  console.print('[dim]Version 1.0.0[/dim]\n')
+  dry_run_answer = Prompt.ask(
+    '\n[bold]Enable dry-run mode?[/bold]',
+    choices=['y', 'n'],
+    default='n',
+  )
+  if dry_run_answer == 'y':
+    os.environ['DRY_RUN'] = '1'
+  while True:
+    try:
+      user_input = Prompt.ask('\n[bold]Enter a command[/bold]')
+      if user_input.lower() in ['exit', 'quit', 'bye']:
+        console.print('\n[bold green]Goodbye[/bold green]')
+        break
+      if user_input.strip() == '':
+        continue
+
+      if user_input.startswith('config'):
+        handle_config_command(user_input)
+        continue
+
+      if user_input.startswith('keys'):
+        handle_keys_command(user_input)
+        continue
+
+      if user_input.startswith('permissions'):
+        handle_permissions_command(user_input)
+        continue
+
+      run_agent_flow(user_input)
+    except KeyboardInterrupt:
+      console.print('\n[bold green]Goodbye[/bold green]')
+      break

permissions_config_manager.py

@@ -0,0 +1,92 @@
+import json
+import os
+import threading
+import time
+from datetime import datetime
+from pathlib import Path
+
+class PermissionConfigManager:
+    def __init__(self, config_file='permissions_config.json'):
+        self.config_file = config_file
+        self.config = self._load_config()
+        self._last_mtime = self._get_mtime()
+        self._lock = threading.Lock()
+        self._start_watcher()
+
+    def _get_mtime(self):
+        try:
+            return os.path.getmtime(self.config_file)
+        except OSError:
+            return 0
+
+    def _load_config(self):
+        if not os.path.exists(self.config_file):
+            return {
+                "version": "1.0",
+                "rules": []
+            }
+        try:
+            with open(self.config_file, 'r', encoding='utf-8') as f:
+                return json.load(f)
+        except json.JSONDecodeError:
+            return {"version": "1.0", "rules": []}
+
+    def _save_config(self):
+        with self._lock:
+            with open(self.config_file, 'w', encoding='utf-8') as f:
+                json.dump(self.config, f, indent=2, ensure_ascii=False)
+
+    def _start_watcher(self):
+        def watcher():
+            while True:
+                time.sleep(2)
+                current_mtime = self._get_mtime()
+                if current_mtime > self._last_mtime:
+                    self._last_mtime = current_mtime
+                    with self._lock:
+                        print(f"[PermissionConfigManager] Reloading configuration from {self.config_file}")
+                        self.config = self._load_config()
+        
+        t = threading.Thread(target=watcher, daemon=True)
+        t.start()
+
+    def add_rule(self, operation, decision, context=None, params=None):
+        rule = {
+            "operation": operation,
+            "decision": decision,  # 'allow', 'deny', 'ask'
+            "created_at": datetime.utcnow().isoformat() + "Z",
+            "context": context or "",
+            "params": params or {}
+        }
+        with self._lock:
+            # Remove existing rules for same operation to avoid conflicts (simple priority: last wins)
+            # Or we can implement a more complex priority system.
+            # For now, let's append and filter during evaluation or replace.
+            # Strategy: Replace if exact match on operation and params?
+            # Let's just append for history, but get_decision will pick the latest relevant one.
+            self.config["rules"].insert(0, rule) # Insert at beginning for higher priority
+            self._save_config()
+        return rule
+
+    def get_decision(self, operation, params=None):
+        with self._lock:
+            for rule in self.config.get("rules", []):
+                if rule.get("operation") == operation:
+                    # Check params match if specified in rule
+                    rule_params = rule.get("params", {})
+                    if not rule_params:
+                        return rule.get("decision")
+                    
+                    # If rule has params, all must match provided params
+                    if params and all(params.get(k) == v for k, v in rule_params.items()):
+                        return rule.get("decision")
+        return None # No explicit rule found
+
+    def list_rules(self):
+        with self._lock:
+            return self.config.get("rules", [])
+
+    def reset_config(self):
+        with self._lock:
+            self.config = {"version": "1.0", "rules": []}
+            self._save_config()