epi-recorder 2.1.1__py3-none-any.whl → 2.1.3__py3-none-any.whl

epi_cli/chat.py

@@ -0,0 +1,193 @@
+"""
+EPI CLI Chat - Interactive evidence querying with AI.
+
+Allows users to ask natural language questions about their .epi evidence files.
+"""
+
+import json
+import os
+import warnings
+from pathlib import Path
+from typing import Optional
+
+import typer
+from rich.console import Console
+from rich.markdown import Markdown
+from rich.panel import Panel
+from rich.prompt import Prompt
+import google.api_core.exceptions
+
+from epi_core.container import EPIContainer
+
+
+console = Console()
+
+
+def load_steps_from_epi(epi_path: Path) -> list:
+    """Load steps from an .epi file."""
+    import tempfile
+    
+    temp_dir = Path(tempfile.mkdtemp())
+    extracted = EPIContainer.unpack(epi_path, temp_dir)
+    
+    steps_file = extracted / "steps.jsonl"
+    if not steps_file.exists():
+        return []
+    
+    steps = []
+    with open(steps_file, 'r', encoding='utf-8') as f:
+        for line in f:
+            if line.strip():
+                steps.append(json.loads(line))
+    
+    return steps
+
+
+def chat(
+    epi_file: Path = typer.Argument(..., help="Path to .epi file to chat with"),
+    model: str = typer.Option("gemini-2.0-flash", "--model", "-m", help="Gemini model to use")
+):
+    """
+    Chat with your evidence file using AI.
+    
+    Ask natural language questions about what happened in your recording.
+    
+    Example:
+        epi chat my_recording.epi
+    """
+    # Resolve path
+    if not epi_file.exists():
+        # Try epi-recordings directory
+        recordings_dir = Path("./epi-recordings")
+        potential_path = recordings_dir / f"{epi_file.stem}.epi"
+        if potential_path.exists():
+            epi_file = potential_path
+        else:
+            console.print(f"[red]Error:[/red] File not found: {epi_file}")
+            raise typer.Exit(1)
+    
+    # Check for API key
+    api_key = os.environ.get("GOOGLE_API_KEY") or os.environ.get("GEMINI_API_KEY")
+    if not api_key:
+        console.print(Panel(
+            "[yellow]No API key found![/yellow]\n\n"
+            "Set your Google AI API key:\n"
+            "  [cyan]set GOOGLE_API_KEY=your-key-here[/cyan]  (Windows)\n"
+            "  [cyan]export GOOGLE_API_KEY=your-key-here[/cyan]  (Mac/Linux)\n\n"
+            "Get a free key at: [link]https://makersuite.google.com/app/apikey[/link]",
+            title="[!] API Key Required",
+            border_style="yellow"
+        ))
+        raise typer.Exit(1)
+    
+    # Load the .epi file
+    console.print(f"\n[dim]Loading evidence from:[/dim] {epi_file}")
+    
+    try:
+        manifest = EPIContainer.read_manifest(epi_file)
+        steps = load_steps_from_epi(epi_file)
+    except Exception as e:
+        console.print(f"[red]Error loading .epi file:[/red] {e}")
+        raise typer.Exit(1)
+    
+    # Initialize Gemini
+    try:
+        import warnings
+        with warnings.catch_warnings():
+            warnings.simplefilter("ignore")
+            import google.generativeai as genai
+            
+        genai.configure(api_key=api_key)
+        ai_model = genai.GenerativeModel(model)
+    except ImportError:
+        console.print(Panel(
+            "[red]Google Generative AI package not installed![/red]\n\n"
+            "Install it with:\n"
+            "  [cyan]pip install google-generativeai[/cyan]",
+            title="[X] Missing Dependency",
+            border_style="red"
+        ))
+        raise typer.Exit(1)
+    except Exception as e:
+        console.print(f"[red]Error initializing Gemini:[/red] {e}")
+        raise typer.Exit(1)
+    
+    # Build context
+    context = f"""You are an expert assistant analyzing an EPI evidence recording file.
+    
+The recording contains cryptographically signed, tamper-proof evidence of an AI workflow execution.
+
+Recording metadata:
+- Created: {manifest.created_at}
+- Goal: {manifest.goal or 'Not specified'}
+- Command: {manifest.cli_command or 'Not specified'}
+- Workflow ID: {manifest.workflow_id}
+- Total steps: {len(steps)}
+
+Here are the recorded steps (this is the timeline of events):
+{json.dumps(steps[:50], indent=2, default=str)[:8000]}
+
+When answering questions:
+1. Be specific and cite step indices when relevant
+2. Distinguish between LLM requests, responses, and other events
+3. If asked about security, note that API keys are automatically redacted
+4. Keep answers concise but informative
+"""
+
+    # Start chat session
+    chat_session = ai_model.start_chat(history=[])
+    
+    # Display header
+    console.print()
+    console.print(Panel(
+        f"[bold cyan]EPI Evidence Chat[/bold cyan]\n\n"
+        f"[dim]File:[/dim] {epi_file.name}\n"
+        f"[dim]Steps:[/dim] {len(steps)}\n"
+        f"[dim]Model:[/dim] {model}\n\n"
+        f"Ask questions about this evidence recording.\n"
+        f"Type [yellow]exit[/yellow] or [yellow]quit[/yellow] to end the session.",
+        border_style="cyan"
+    ))
+    console.print()
+    
+    # Chat loop
+    while True:
+        try:
+            question = Prompt.ask("[bold cyan]You[/bold cyan]")
+        except (KeyboardInterrupt, EOFError):
+            console.print("\n[dim]Goodbye![/dim]")
+            break
+        
+        if question.lower() in ('exit', 'quit', 'q'):
+            console.print("[dim]Goodbye![/dim]")
+            break
+        
+        if not question.strip():
+            continue
+        
+        # Send to Gemini with context
+        try:
+            full_prompt = f"{context}\n\nUser question: {question}"
+            response = chat_session.send_message(full_prompt)
+            
+            console.print()
+            console.print("[bold green]AI:[/bold green]")
+            console.print(Markdown(response.text))
+            console.print()
+            
+        except google.api_core.exceptions.ResourceExhausted:
+            console.print(Panel(
+                "[yellow]API Quota Exceeded[/yellow]\n\n"
+                "You have hit the rate limit for the Gemini API (free tier).\n"
+                "Please wait a minute before trying again.",
+                title="[!] Rate Limit",
+                border_style="yellow"
+            ))
+        except google.api_core.exceptions.NotFound:
+            console.print(f"[red]Error:[/red] The model '{model}' was not found. Try using a different model with --model.")
+        except google.api_core.exceptions.InvalidArgument as e:
+            console.print(f"[red]Error:[/red] Invalid argument: {e}")
+        except Exception as e:
+            console.print(f"[red]Error:[/red] {e}")
+            console.print("[dim]Try asking a different question.[/dim]")
+            console.print()

epi_cli/main.py

@@ -12,7 +12,9 @@ from epi_cli.keys import generate_default_keypair_if_missing
 # Create Typer app
 app = typer.Typer(
     name="epi",
-    help="""EPI - Evidence Packaged Infrastructure for AI workflows
+    help="""EPI - The PDF for AI Evidence.
+    
+Cryptographic proof of what Autonomous AI Systems actually did.
 
 Commands:
   run    <script.py>        Record, auto-verify and open viewer. (Zero-config)
@@ -120,6 +122,10 @@ app.add_typer(view_app, name="view", help="Open recording in browser (name resol
 from epi_cli.ls import ls as ls_command
 app.command(name="ls", help="List local recordings (./epi-recordings/)")(ls_command)
 
+# NEW: chat command (v2.1.3 - AI-powered evidence querying)
+from epi_cli.chat import chat as chat_command
+app.command(name="chat", help="Chat with your evidence file using AI")(chat_command)
+
 # Phase 1: keys command (for manual key management)
 @app.command()
 def keys(

epi_core/__init__.py

@@ -2,7 +2,7 @@
 EPI Core - Core data structures, serialization, and container management.
 """
 
-__version__ = "2.1.0"
+__version__ = "2.1.3"
 
 from epi_core.schemas import ManifestModel, StepModel
 from epi_core.serialize import get_canonical_hash

epi_core/container.py

@@ -80,6 +80,8 @@ class EPIContainer:
         # Read template and assets
         template_html = template_path.read_text(encoding="utf-8")
         app_js = app_js_path.read_text(encoding="utf-8") if app_js_path.exists() else ""
+        crypto_js_path = viewer_static_dir / "crypto.js"
+        crypto_js = crypto_js_path.read_text(encoding="utf-8") if crypto_js_path.exists() else ""
         css_styles = css_path.read_text(encoding="utf-8") if css_path.exists() else ""
         
         # Read steps from steps.jsonl
@@ -112,10 +114,16 @@ class EPIContainer:
             f'<style>{css_styles}</style>'
         )
         
-        # Inline app.js
+        # Inline crypto.js and app.js
+        js_content = ""
+        if crypto_js:
+            js_content += f"<script>{crypto_js}</script>\n"
+        if app_js:
+            js_content += f"<script>{app_js}</script>"
+            
         html_with_js = html_with_css.replace(
             '<script src="app.js"></script>',
-            f'<script>{app_js}</script>'
+            js_content
         )
         
         return html_with_js

epi_core/schemas.py

@@ -18,7 +18,7 @@ class ManifestModel(BaseModel):
     """
     
     spec_version: str = Field(
-        default="1.0-keystone",
+        default="1.1-json",
         description="EPI specification version"
     )
     
@@ -47,6 +47,11 @@ class ManifestModel(BaseModel):
         description="Mapping of file paths to their SHA-256 hashes for integrity verification"
     )
     
+    public_key: Optional[str] = Field(
+        default=None,
+        description="Hex-encoded public key used for verification"
+    )
+    
     signature: Optional[str] = Field(
         default=None,
         description="Ed25519 signature of the canonical CBOR hash of this manifest (excluding signature field)"

epi_core/serialize.py

@@ -87,27 +87,56 @@ def get_canonical_hash(model: BaseModel, exclude_fields: set[str] | None = None)
         else:
             return value
     
+    # Normalize datetime and UUID fields to strings
     model_dict = normalize_value(model_dict)
     
     if exclude_fields:
         for field in exclude_fields:
             model_dict.pop(field, None)
-    
+
+    # JSON Canonicalization for Spec v1.1+
+    # Check if model has spec_version and if it indicates JSON usage
+    # We default to CBOR for backward compatibility
+    
+    use_json = False
+    
+    # Check spec_version in model or dict
+    spec_version = model_dict.get("spec_version")
+    if spec_version and (spec_version.startswith("1.1") or "json" in spec_version):
+        use_json = True
+        
+    if use_json:
+        return _get_json_canonical_hash(model_dict)
+    else:
+        return _get_cbor_canonical_hash(model_dict)
+
+
+def _get_json_canonical_hash(data: Any) -> str:
+    """Compute canonical SHA-256 hash using JSON (RFC 8785 style)."""
+    import json
+    
+    # Dump to JSON with sorted keys and no whitespace
+    json_bytes = json.dumps(
+        data,
+        sort_keys=True,
+        separators=(',', ':'),
+        ensure_ascii=False
+    ).encode("utf-8")
+    
+    return hashlib.sha256(json_bytes).hexdigest()
+
+
+def _get_cbor_canonical_hash(data: Any) -> str:
+    """Compute canonical SHA-256 hash using CBOR (Legacy v1.0)."""
     # Encode to canonical CBOR
-    # canonical=True ensures:
-    # - Keys are sorted lexicographically
-    # - Minimal encoding is used
-    # - Deterministic representation
     cbor_bytes = cbor2.dumps(
-        model_dict,
+        data,
         canonical=True,
         default=_cbor_default_encoder
     )
     
     # Compute SHA-256 hash
-    hash_obj = hashlib.sha256(cbor_bytes)
-    
-    return hash_obj.hexdigest()
+    return hashlib.sha256(cbor_bytes).hexdigest()
 
 
 def verify_hash(model: BaseModel, expected_hash: str, exclude_fields: set[str] | None = None) -> bool:

epi_core/trust.py

@@ -53,6 +53,16 @@ def sign_manifest(
         SigningError: If signing fails
     """
     try:
+        # Derive public key and add to manifest
+        public_key_obj = private_key.public_key()
+        public_key_hex = public_key_obj.public_bytes(
+            encoding=serialization.Encoding.Raw,
+            format=serialization.PublicFormat.Raw
+        ).hex()
+        
+        # We must update the manifest BEFORE hashing so the public key is signed
+        manifest.public_key = public_key_hex
+
         # Compute canonical hash (excluding signature field)
         manifest_hash = get_canonical_hash(manifest, exclude_fields={"signature"})
         hash_bytes = bytes.fromhex(manifest_hash)

epi_recorder/__init__.py

@@ -4,7 +4,7 @@ EPI Recorder - Runtime interception and workflow capture.
 Python API for recording AI workflows with cryptographic verification.
 """
 
-__version__ = "2.1.0"
+__version__ = "2.1.3"
 
 # Export Python API
 from epi_recorder.api import (

epi_recorder/patcher.py

@@ -325,7 +325,113 @@ def _patch_openai_legacy() -> bool:
         return False
 
 
-    return results
+# ==================== Google Gemini Patcher ====================
+
+def patch_gemini() -> bool:
+    """
+    Patch Google Generative AI library to intercept Gemini API calls.
+    
+    Returns:
+        bool: True if patching succeeded, False otherwise
+    """
+    try:
+        import warnings
+        with warnings.catch_warnings():
+            warnings.simplefilter("ignore")
+            import google.generativeai as genai
+            from google.generativeai.types import GenerateContentResponse
+        
+        # Get the GenerativeModel class
+        GenerativeModel = genai.GenerativeModel
+        
+        # Store original method
+        original_generate_content = GenerativeModel.generate_content
+        
+        @wraps(original_generate_content)
+        def wrapped_generate_content(self, *args, **kwargs):
+            """Wrapped Gemini generate_content with recording."""
+            
+            # Only record if context is active
+            if not is_recording():
+                return original_generate_content(self, *args, **kwargs)
+            
+            context = get_recording_context()
+            start_time = time.time()
+            
+            # Extract prompt from args/kwargs
+            contents = args[0] if args else kwargs.get("contents", "")
+            
+            # Capture request
+            request_data = {
+                "provider": "google",
+                "method": "GenerativeModel.generate_content",
+                "model": getattr(self, '_model_name', getattr(self, 'model_name', 'gemini')),
+                "contents": str(contents)[:2000],  # Truncate long prompts
+                "generation_config": str(kwargs.get("generation_config", {})),
+            }
+            
+            # Log request step
+            context.add_step("llm.request", request_data)
+            
+            # Execute original call
+            try:
+                response = original_generate_content(self, *args, **kwargs)
+                elapsed = time.time() - start_time
+                
+                # Capture response
+                response_text = ""
+                try:
+                    if hasattr(response, 'text'):
+                        response_text = response.text[:2000]  # Truncate long responses
+                    elif hasattr(response, 'parts'):
+                        response_text = str(response.parts)[:2000]
+                except Exception:
+                    response_text = "[Response text extraction failed]"
+                
+                response_data = {
+                    "provider": "google",
+                    "model": getattr(self, '_model_name', getattr(self, 'model_name', 'gemini')),
+                    "response": response_text,
+                    "latency_seconds": round(elapsed, 3)
+                }
+                
+                # Try to get usage info if available
+                try:
+                    if hasattr(response, 'usage_metadata'):
+                        usage = response.usage_metadata
+                        response_data["usage"] = {
+                            "prompt_tokens": getattr(usage, 'prompt_token_count', None),
+                            "completion_tokens": getattr(usage, 'candidates_token_count', None),
+                            "total_tokens": getattr(usage, 'total_token_count', None)
+                        }
+                except Exception:
+                    pass
+                
+                # Log response step
+                context.add_step("llm.response", response_data)
+                
+                return response
+            
+            except Exception as e:
+                # Log error step
+                context.add_step("llm.error", {
+                    "provider": "google",
+                    "error": str(e),
+                    "error_type": type(e).__name__
+                })
+                raise
+        
+        # Apply patch
+        GenerativeModel.generate_content = wrapped_generate_content
+        
+        return True
+    
+    except ImportError:
+        # google-generativeai not installed
+        return False
+    except Exception as e:
+        print(f"Warning: Failed to patch Gemini: {e}")
+        return False
 
 
 def patch_requests() -> bool:
@@ -419,6 +525,9 @@ def patch_all() -> Dict[str, bool]:
     # Patch OpenAI
     results["openai"] = patch_openai()
     
+    # Patch Google Gemini
+    results["gemini"] = patch_gemini()
+    
     # Patch generic requests (covers LangChain, Anthropic, etc.)
     results["requests"] = patch_requests()