dockerbrain 1.0__py3-none-any.whl

core/fixer/container.py

@@ -0,0 +1,171 @@
+from __future__ import annotations
+
+import json
+import subprocess
+
+from rich.console import Console
+from rich.panel import Panel
+from rich.prompt import Confirm
+
+from core.llm import load_llm_config, generate
+from core.optimizer import RuleBasedOptimizer
+
+console = Console()
+
+_BLOCKED_COMMANDS = {"rm", "rmi", "system prune", "volume rm", "network rm", "image rm"}
+
+
+def _is_safe_command(command: str) -> bool:
+    """Return True if the docker command is NOT destructive."""
+    cmd_lower = command.strip().lower()
+    if not cmd_lower.startswith("docker"):
+        return False
+    parts = cmd_lower.split()
+    if len(parts) < 2:
+        return False
+    sub = parts[1]
+    if sub in _BLOCKED_COMMANDS:
+        return False
+    if len(parts) >= 3:
+        two_word = f"{parts[1]} {parts[2]}"
+        if two_word in _BLOCKED_COMMANDS:
+            return False
+    return True
+
+
+_CONTAINER_FIX_SYSTEM_INSTRUCTION = (
+    "You are a Docker container optimization expert. Based on the metrics and issues "
+    "provided, generate a JSON array of fix actions.\n\n"
+    "CRITICAL: Your entire response MUST be a valid JSON array and nothing else. "
+    "No markdown, no explanation, no code fences — just the raw JSON.\n\n"
+    "Each element in the array must be an object with exactly these keys:\n"
+    '  - "container": the container name\n'
+    '  - "command": the exact docker CLI command to run (e.g. "docker update --memory 256m my_container")\n'
+    '  - "reason": a one-line explanation of why this fix is needed\n\n'
+    "Rules:\n"
+    "- Only suggest commands that are safe and non-destructive.\n"
+    "- Do NOT suggest `docker rm`, `docker rmi`, `docker system prune`, or any delete commands.\n"
+    "- Allowed commands include: `docker update`, `docker restart`, `docker stop`, `docker pull`.\n"
+    "- Do NOT suggest lowering memory limits just because current usage is low.\n"
+    "- If no fixes are needed, return an empty array: []\n"
+)
+
+
+def fix_containers(container_name: str | None = None) -> None:
+    """Analyze containers, get AI fix commands as JSON, confirm and execute each."""
+    console.print("[dim]Running analysis...[/]\n")
+    optimizer = RuleBasedOptimizer()
+    suggestions = optimizer.analyze(container_name=container_name)
+
+    if not suggestions:
+        console.print("[green]No issues found — all containers look healthy![/]")
+        return
+
+    console.print(
+        f"[bold]Found {len(suggestions)} issue(s). Preparing fixes...[/]\n"
+    )
+
+    issues_text = "\n".join(
+        f"- [{s.severity.value}] {s.container_name} ({s.rule_name}): {s.message}"
+        for s in suggestions
+    )
+
+    prompt = (
+        "## Container Issues to Fix\n\n"
+        f"{issues_text}\n\n"
+        "Generate the JSON array of fix actions."
+    )
+
+    config = load_llm_config()
+
+    with console.status("[bold green]Please wait...[/]", spinner="dots"):
+        raw_text = generate(
+            prompt=prompt,
+            system_instruction=_CONTAINER_FIX_SYSTEM_INSTRUCTION,
+            config=config,
+        )
+
+    try:
+        actions = json.loads(raw_text)
+    except json.JSONDecodeError:
+        console.print(
+            Panel(
+                "[red bold]Could not parse response as JSON.[/]\n\n"
+                f"[dim]Raw response:[/]\n{raw_text}",
+                title="[bold red]Parse Error[/]",
+                border_style="red",
+                expand=False,
+            )
+        )
+        return
+
+    if not actions:
+        console.print("[green]No fixes needed.[/]")
+        return
+
+    console.print(
+        Panel(
+            f"[bold]{len(actions)} fix action(s) proposed:[/]",
+            border_style="cyan",
+            expand=False,
+        )
+    )
+
+    executed = 0
+    skipped = 0
+    blocked = 0
+
+    for i, action in enumerate(actions, 1):
+        container = action.get("container", "?")
+        command = action.get("command", "")
+        reason = action.get("reason", "")
+
+        console.print(f"\n[bold cyan]Fix {i}/{len(actions)}[/]")
+        console.print(f"  Container: [cyan]{container}[/]")
+        console.print(f"  Reason:    [dim]{reason}[/]")
+        console.print(f"  Command:   [bold]{command}[/]")
+
+        if not _is_safe_command(command):
+            console.print(
+                f"  [red bold]BLOCKED[/] — This command is destructive and cannot be auto-executed."
+            )
+            blocked += 1
+            continue
+
+        if Confirm.ask("  Execute?", default=False):
+            try:
+                result = subprocess.run(
+                    command.split(),
+                    capture_output=True,
+                    text=True,
+                    timeout=30,
+                )
+                if result.returncode == 0:
+                    out = result.stdout.strip()
+                    console.print(f"  [green bold]Done[/]{': ' + out if out else ''}")
+                    executed += 1
+                else:
+                    console.print(f"  [red bold]Failed[/]: {result.stderr.strip()}")
+            except Exception as exc:
+                console.print(f"  [red bold]Error[/]: {exc}")
+        else:
+            console.print("  [dim]Skipped.[/]")
+            skipped += 1
+
+    console.print()
+    summary_parts = []
+    if executed:
+        summary_parts.append(f"[green]{executed} applied[/]")
+    if skipped:
+        summary_parts.append(f"[yellow]{skipped} skipped[/]")
+    if blocked:
+        summary_parts.append(f"[red]{blocked} blocked[/]")
+
+    console.print(
+        Panel(
+            " | ".join(summary_parts),
+            title="[bold]Fix Summary[/]",
+            border_style="cyan",
+            expand=False,
+        )
+    )

core/fixer/dockerfile.py

@@ -0,0 +1,225 @@
+from __future__ import annotations
+
+import difflib
+import json
+import shutil
+from pathlib import Path
+
+from rich.columns import Columns
+from rich.console import Console
+from rich.panel import Panel
+from rich.prompt import Confirm
+from rich.syntax import Syntax
+from rich.table import Table
+from rich.text import Text
+
+from core.llm import load_llm_config, generate, LLMConfig
+
+console = Console()
+
+_DEFAULT_DOCKERIGNORE = """\
+.git
+.gitignore
+.dockerignore
+node_modules
+__pycache__
+*.pyc
+.env
+.venv
+*.md
+.DS_Store
+Thumbs.db
+"""
+
+_DOCKERFILE_DETECT_SYSTEM = (
+    "You are a Dockerfile security and optimization expert. Analyze the Dockerfile and return ONLY a "
+    "valid JSON array of issues. No markdown, no explanation, no code fences — just the raw JSON.\n\n"
+    "Each issue object must have exactly these keys:\n"
+    '  - "line": integer (1-indexed) or null if not line-specific\n'
+    '  - "rule": short snake_case rule name (e.g. "hardcoded-secret", "cache-busting-copy")\n'
+    '  - "severity": one of "HIGH", "MEDIUM", or "LOW"\n'
+    '  - "message": a one-sentence explanation of the issue\n\n'
+    "Detect all of these if present:\n"
+    "  - Hardcoded secrets or tokens in ENV instructions\n"
+    "  - Large or bloated base images (ubuntu, debian, centos — suggest slim/alpine)\n"
+    "  - apt-get/apk install without --no-install-recommends\n"
+    "  - Multiple separate RUN apt-get/apk commands (should be chained with &&)\n"
+    "  - COPY . . before dependency install step (cache-busting)\n"
+    "  - Missing non-root USER directive\n"
+    "  - Shell form CMD/ENTRYPOINT instead of exec form (JSON array)\n"
+    "  - No HEALTHCHECK defined\n"
+    "  - Packages installed but cache not cleaned (no rm -rf /var/lib/apt/lists/*)\n"
+    "  - Any other security or optimization issues\n\n"
+    "If no issues are found, return an empty JSON array: []"
+)
+
+_DOCKERFILE_REWRITE_SYSTEM = (
+    "You are a Dockerfile optimization expert. You will be given a Dockerfile and a list of detected issues. "
+    "Rewrite the Dockerfile to fix ALL the issues. "
+    "Return ONLY the improved Dockerfile content with brief comments explaining changes. "
+    "IMPORTANT: NEVER place comments on the same line as code (no inline comments). "
+    "Always put comments on a separate line ABOVE the instruction they describe. "
+    "Do NOT wrap in markdown code fences. Do NOT add any explanation outside the Dockerfile."
+)
+
+
+def _ai_detect_dockerfile_issues(content: str, config: LLMConfig) -> list[dict]:
+    """Call LLM to detect issues in a Dockerfile. Returns a list of issue dicts."""
+
+    with console.status("[bold green]Analyzing Dockerfile...[/]", spinner="dots"):
+        raw = generate(
+            prompt=f"## Dockerfile to Analyze\n\n```dockerfile\n{content}\n```",
+            system_instruction=_DOCKERFILE_DETECT_SYSTEM,
+            config=config,
+        )
+
+    try:
+        return json.loads(raw)
+    except json.JSONDecodeError:
+        console.print(f"[red]Could not parse AI detection response as JSON.[/]\n[dim]{raw}[/]")
+        return []
+
+
+def _display_ai_issues_table(issues: list[dict], filename: str) -> None:
+    """Render AI-detected issues as a Rich table."""
+
+    _SEV_STYLE = {"HIGH": "bold red", "MEDIUM": "bold yellow", "LOW": "bold green"}
+    _SEV_RANK = {"HIGH": 0, "MEDIUM": 1, "LOW": 2}
+    sorted_issues = sorted(issues, key=lambda i: _SEV_RANK.get(i.get("severity", "LOW"), 9))
+
+    table = Table(
+        title=f"Dockerfile Issues — {filename}",
+        expand=True,
+        border_style="dim",
+        show_lines=True,
+    )
+    table.add_column("#", justify="right", style="dim", width=4)
+    table.add_column("Line", justify="right", width=5)
+    table.add_column("Rule", style="bold", no_wrap=True)
+    table.add_column("Severity", justify="center", width=8)
+    table.add_column("Message")
+
+    for i, issue in enumerate(sorted_issues, 1):
+        sev = issue.get("severity", "LOW")
+        line_val = str(issue.get("line")) if issue.get("line") else "—"
+        table.add_row(
+            str(i),
+            line_val,
+            issue.get("rule", "unknown"),
+            Text(sev, style=_SEV_STYLE.get(sev, "dim")),
+            issue.get("message", ""),
+        )
+
+    console.print()
+    console.print(table)
+    console.print(f"\n[dim]{len(issues)} issue(s) detected.[/]\n")
+
+
+def _ai_rewrite_dockerfile(content: str, issues: list[dict], config: LLMConfig) -> str:
+    """Call LLM to rewrite the Dockerfile fixing all detected issues."""
+
+    issues_text = "\n".join(
+        f"- [{i.get('severity')}] Line {i.get('line') or '?'} ({i.get('rule')}): {i.get('message')}"
+        for i in issues
+    )
+    prompt = (
+        f"## Dockerfile\n\n```dockerfile\n{content}\n```\n\n"
+        f"## Detected Issues\n\n{issues_text}\n\n"
+        "Please rewrite the Dockerfile to fix all the above issues."
+    )
+
+    with console.status("[bold green]Generating fix...[/]", spinner="dots"):
+        return generate(
+            prompt=prompt,
+            system_instruction=_DOCKERFILE_REWRITE_SYSTEM,
+            config=config,
+        )
+
+
+def _show_diff(original: str, optimized: str, original_path: Path) -> None:
+    """Display a side-by-side Rich diff between original and optimized Dockerfile."""
+
+    diff = list(difflib.unified_diff(
+        original.splitlines(),
+        optimized.splitlines(),
+        fromfile="Original",
+        tofile="Optimized",
+        lineterm="",
+    ))
+    if not diff:
+        console.print("[green]The Dockerfile is already optimal.[/]")
+        return
+
+    left = Panel(
+        Syntax(original, "dockerfile", theme="monokai", line_numbers=True, word_wrap=True),
+        title="[bold red]Original[/]",
+        border_style="red",
+        expand=True,
+    )
+    right = Panel(
+        Syntax(optimized, "dockerfile", theme="monokai", line_numbers=True, word_wrap=True),
+        title="[bold green]Optimized[/]",
+        border_style="green",
+        expand=True,
+    )
+    console.print()
+    console.print(Columns([left, right], equal=True, expand=True))
+
+
+def fix_dockerfile(dockerfile_path: str) -> None:
+    """AI-powered detect + fix: detects issues, displays them, then rewrites the Dockerfile."""
+    original_path = Path(dockerfile_path)
+    content = original_path.read_text(encoding="utf-8")
+    filename = original_path.name
+
+    config = load_llm_config()
+    issues = _ai_detect_dockerfile_issues(content, config)
+
+    if not issues:
+        console.print("[green bold]No issues detected![/]")
+        return
+
+    _display_ai_issues_table(issues, filename)
+    dockerignore_issues = [i for i in issues if i.get("rule") == "missing-dockerignore"]
+    dockerfile_issues = [i for i in issues if i.get("rule") != "missing-dockerignore"]
+
+    if dockerignore_issues:
+        dockerignore_path = original_path.parent / ".dockerignore"
+        if not dockerignore_path.exists():
+            if Confirm.ask(
+                f"[bold yellow]Create [cyan]{dockerignore_path}[/cyan]?[/] (fixes missing-dockerignore)",
+                default=True,
+            ):
+                dockerignore_path.write_text(_DEFAULT_DOCKERIGNORE, encoding="utf-8")
+                console.print(f"[green bold]Created:[/] [cyan]{dockerignore_path}[/]\n")
+            else:
+                console.print("[dim]Skipped .dockerignore creation.[/]\n")
+
+    if not dockerfile_issues:
+        console.print("[green]All issues resolved![/]")
+        return
+
+    optimized = _ai_rewrite_dockerfile(content, dockerfile_issues, config)
+    _show_diff(content, optimized, original_path)
+
+    console.print()
+    if not Confirm.ask(
+        "[bold yellow]Apply this fix?[/] (overwrites the Dockerfile, a .bak backup will be created)",
+        default=False,
+    ):
+        console.print("[dim]Skipped. No changes made.[/]")
+        return
+
+    backup_path = original_path.with_suffix(original_path.suffix + ".bak")
+    shutil.copy2(original_path, backup_path)
+    console.print(f"[dim]Backup saved to: {backup_path}[/]")
+    original_path.write_text(optimized, encoding="utf-8")
+    console.print(f"[green bold]Dockerfile fixed![/] Written to: [cyan]{original_path}[/]")
+
+    console.print("\n[dim]Re-checking for remaining issues...[/]")
+    remaining = _ai_detect_dockerfile_issues(optimized, config)
+    if not remaining:
+        console.print("[green bold]All issues resolved![/]")
+    else:
+        console.print(f"[yellow]{len(remaining)} issue(s) still remain after fix:[/]")
+        _display_ai_issues_table(remaining, filename)

core/llm.py

@@ -0,0 +1,212 @@
+from __future__ import annotations
+
+from dataclasses import dataclass
+from pathlib import Path
+
+from rich.console import Console
+from rich.panel import Panel
+
+console = Console()
+
+_PROVIDER_DEFAULTS: dict[str, dict[str, str]] = {
+    "gemini": {
+        "model":    "gemini-3.1-flash-lite-preview",
+        "base_url": "",  # uses google-genai SDK, not OpenAI
+    },
+    "groq": {
+        "model":    "llama-3.3-70b-versatile",
+        "base_url": "https://api.groq.com/openai/v1",
+    },
+    "ollama": {
+        "model":    "llama3.1",
+        "base_url": "http://localhost:11434/v1",
+    },
+}
+
+_VALID_PROVIDERS = set(_PROVIDER_DEFAULTS.keys())
+
+@dataclass
+class LLMConfig:
+    """Resolved LLM configuration."""
+
+    provider: str
+    model: str
+    api_key: str
+    base_url: str
+
+
+def _read_rc_section(section: str = "llm") -> dict[str, str]:
+    """Read a section from .dockerbrainrc (simple TOML-like INI parser)."""
+    rc_path = Path(".dockerbrainrc")
+    if not rc_path.exists():
+        return {}
+
+    data: dict[str, str] = {}
+    in_section = False
+
+    for line in rc_path.read_text(encoding="utf-8").splitlines():
+        stripped = line.strip()
+        if not stripped or stripped.startswith("#"):
+            continue
+        if stripped.startswith("["):
+            in_section = stripped.strip("[] ").lower() == section
+            continue
+        if in_section and "=" in stripped:
+            key, _, val = stripped.partition("=")
+            val = val.split("#")[0].strip().strip('"').strip("'")
+            data[key.strip()] = val
+
+    return data
+
+
+def load_llm_config() -> LLMConfig:
+    """Resolve LLM configuration from .dockerbrainrc only."""
+
+    rc = _read_rc_section("llm")
+    provider = (rc.get("provider") or "gemini").lower().strip()
+
+    if provider not in _VALID_PROVIDERS:
+        console.print(
+            f"[red bold]Unknown LLM provider:[/] [cyan]{provider}[/]\n"
+            f"[dim]Valid providers: {', '.join(sorted(_VALID_PROVIDERS))}[/]"
+        )
+        raise SystemExit(1)
+
+    defaults = _PROVIDER_DEFAULTS[provider]
+    model = rc.get("model") or defaults["model"]
+    base_url = rc.get("base_url") or defaults["base_url"]
+    api_key = rc.get("api_key") or ""
+
+    if not api_key and provider != "ollama":
+        _show_missing_key_error(provider)
+        raise SystemExit(1)
+
+    if provider == "ollama" and not api_key:
+        api_key = "ollama"
+
+    return LLMConfig(
+        provider=provider,
+        model=model,
+        api_key=api_key,
+        base_url=base_url,
+    )
+
+
+def _show_missing_key_error(provider: str) -> None:
+    """Show a brief error for missing API key."""
+    console.print(
+        Panel(
+            f"Add your key to [cyan].dockerbrainrc[/]:\n"
+            f'  [cyan]api_key = "your_key_here"[/]',
+            title="[bold red]Missing API Key[/]",
+            border_style="red",
+            expand=False,
+        )
+    )
+
+def _strip_code_fences(text: str) -> str:
+    """Strip markdown code fences that LLMs sometimes wrap responses in."""
+    text = text.strip()
+    if text.startswith("```"):
+        text = text[text.index("\n") + 1:] if "\n" in text else text
+    if text.endswith("```"):
+        text = text[:-3].rstrip()
+    return text
+
+
+def generate(
+    prompt: str,
+    system_instruction: str,
+    config: LLMConfig | None = None,
+) -> str:
+    """Send a prompt to the configured LLM and return the response text.
+
+    Works with any provider: Gemini uses google-genai SDK,
+    all others use the OpenAI-compatible API.
+    """
+    if config is None:
+        config = load_llm_config()
+
+    if config.provider == "gemini":
+        return _generate_gemini(prompt, system_instruction, config)
+    else:
+        return _generate_openai_compat(prompt, system_instruction, config)
+
+
+def generate_stream(
+    prompt: str,
+    system_instruction: str,
+    config: LLMConfig | None = None,
+):
+    """Yield response chunks from the configured LLM (streaming)."""
+    if config is None:
+        config = load_llm_config()
+
+    if config.provider == "gemini":
+        yield from _stream_gemini(prompt, system_instruction, config)
+    else:
+        yield from _stream_openai_compat(prompt, system_instruction, config)
+
+
+# Gemini backend
+def _generate_gemini(prompt: str, system_instruction: str, config: LLMConfig) -> str:
+    from google import genai
+    from google.genai import types
+
+    client = genai.Client(api_key=config.api_key)
+    response = client.models.generate_content(
+        model=config.model,
+        contents=prompt,
+        config=types.GenerateContentConfig(
+            system_instruction=system_instruction,
+        ),
+    )
+    return _strip_code_fences(response.text)
+
+def _stream_gemini(prompt: str, system_instruction: str, config: LLMConfig):
+    from google import genai
+    from google.genai import types
+
+    client = genai.Client(api_key=config.api_key)
+    stream = client.models.generate_content_stream(
+        model=config.model,
+        contents=prompt,
+        config=types.GenerateContentConfig(
+            system_instruction=system_instruction,
+        ),
+    )
+    for chunk in stream:
+        if chunk.text:
+            yield chunk.text
+
+
+# OpenAI-compatible backend
+def _generate_openai_compat(prompt: str, system_instruction: str, config: LLMConfig) -> str:
+    from openai import OpenAI
+
+    client = OpenAI(api_key=config.api_key, base_url=config.base_url)
+    response = client.chat.completions.create(
+        model=config.model,
+        messages=[
+            {"role": "system", "content": system_instruction},
+            {"role": "user", "content": prompt},
+        ],
+    )
+    return _strip_code_fences(response.choices[0].message.content or "")
+
+def _stream_openai_compat(prompt: str, system_instruction: str, config: LLMConfig):
+    from openai import OpenAI
+
+    client = OpenAI(api_key=config.api_key, base_url=config.base_url)
+    stream = client.chat.completions.create(
+        model=config.model,
+        messages=[
+            {"role": "system", "content": system_instruction},
+            {"role": "user", "content": prompt},
+        ],
+        stream=True,
+    )
+    for chunk in stream:
+        delta = chunk.choices[0].delta if chunk.choices else None
+        if delta and delta.content:
+            yield delta.content

core/monitor/__init__.py

@@ -0,0 +1,33 @@
+from core.monitor.snapshot import (
+    ContainerSnapshot,
+    IDLE_CPU_THRESHOLD,
+    IDLE_CONSECUTIVE_POLLS,
+    MEM_WARNING_PCT,
+    MEM_CRITICAL_PCT,
+)
+from core.monitor.display import (
+    _format_uptime,
+    _make_bar,
+    _cpu_color,
+    _mem_color,
+    build_monitor_layout,
+)
+from core.monitor.collector import (
+    ContainerMonitor,
+    run_monitor,
+)
+
+__all__ = [
+    "ContainerSnapshot",
+    "ContainerMonitor",
+    "run_monitor",
+    "build_monitor_layout",
+    "IDLE_CPU_THRESHOLD",
+    "IDLE_CONSECUTIVE_POLLS",
+    "MEM_WARNING_PCT",
+    "MEM_CRITICAL_PCT",
+    "_format_uptime",
+    "_make_bar",
+    "_cpu_color",
+    "_mem_color",
+]