epi-recorder 2.1.2__py3-none-any.whl → 2.2.0__py3-none-any.whl

epi_cli/ls.py

@@ -157,4 +157,8 @@ def ls(
     console.print()
     console.print(table)
     console.print()
-    console.print(f"[dim]Tip: View a recording with 'epi view <name>'[/dim]")
+    console.print(f"[dim]Tip: View a recording with 'epi view <name>'[/dim]")
+
+
+
+ 

epi_cli/main.py

@@ -12,7 +12,9 @@ from epi_cli.keys import generate_default_keypair_if_missing
 # Create Typer app
 app = typer.Typer(
     name="epi",
-    help="""EPI - Evidence Packaged Infrastructure for AI workflows
+    help="""EPI - The PDF for AI Evidence.
+    
+Cryptographic proof of what Autonomous AI Systems actually did.
 
 Commands:
   run    <script.py>        Record, auto-verify and open viewer. (Zero-config)
@@ -120,6 +122,14 @@ app.add_typer(view_app, name="view", help="Open recording in browser (name resol
 from epi_cli.ls import ls as ls_command
 app.command(name="ls", help="List local recordings (./epi-recordings/)")(ls_command)
 
+# NEW: chat command (v2.1.3 - AI-powered evidence querying)
+from epi_cli.chat import chat as chat_command
+app.command(name="chat", help="Chat with your evidence file using AI")(chat_command)
+
+# NEW: debug command (v2.2.0 - AI-powered mistake detection)
+from epi_cli.debug import app as debug_app
+app.add_typer(debug_app, name="debug", help="Debug AI agent recordings for mistakes")
+
 # Phase 1: keys command (for manual key management)
 @app.command()
 def keys(
@@ -314,3 +324,7 @@ def cli_main():
 
 if __name__ == "__main__":
     cli_main()
+
+
+
+ 

epi_cli/record.py

@@ -197,3 +197,7 @@ def record(
 
     # Exit with child return code
     raise typer.Exit(rc)
+
+
+
+ 

epi_cli/run.py

@@ -323,7 +323,7 @@ def run(
         km = KeyManager()
         priv = km.load_private_key("default")
         
-        # Read manifest from ZIP
+        # Extract, sign, and repack with new viewer
         import json as _json
         with zipfile.ZipFile(out, "r") as zf:
             raw = zf.read("manifest.json").decode("utf-8")
@@ -336,14 +336,18 @@ def run(
         sm = _sign(m, priv, "default")
         signed_json = sm.model_dump_json(indent=2)
         
-        # Replace manifest in ZIP
+        # Regenerate viewer.html with signed manifest and steps
+        viewer_html = EPIContainer._create_embedded_viewer(temp_workspace, sm)
+        
+        # Replace manifest AND viewer in ZIP
         temp_zip = out.with_suffix(".epi.tmp")
         with zipfile.ZipFile(out, "r") as zf_in:
             with zipfile.ZipFile(temp_zip, "w", zipfile.ZIP_DEFLATED) as zf_out:
                 for item in zf_in.namelist():
-                    if item != "manifest.json":
+                    if item not in ("manifest.json", "viewer.html"):
                         zf_out.writestr(item, zf_in.read(item))
                 zf_out.writestr("manifest.json", signed_json)
+                zf_out.writestr("viewer.html", viewer_html)
         
         temp_zip.replace(out)
         signed = True
@@ -394,4 +398,8 @@ def run(
         raise typer.Exit(rc)
     if not verified and not no_verify:
         raise typer.Exit(1)
-    raise typer.Exit(0)
+    raise typer.Exit(0)
+
+
+
+ 

epi_cli/verify.py

@@ -217,3 +217,7 @@ def print_trust_report(report: dict, epi_file: Path, verbose: bool = False):
     console.print("\n")
     console.print(panel)
     console.print("")
+
+
+
+ 

epi_cli/view.py

@@ -127,3 +127,7 @@ def view(
     except Exception as e:
         console.print(f"[red][FAIL] Error:[/red] {e}")
         raise typer.Exit(1)
+
+
+
+ 

epi_core/__init__.py

@@ -2,7 +2,7 @@
 EPI Core - Core data structures, serialization, and container management.
 """
 
-__version__ = "2.1.1"
+__version__ = "2.2.0"
 
 from epi_core.schemas import ManifestModel, StepModel
 from epi_core.serialize import get_canonical_hash
@@ -12,3 +12,7 @@ __all__ = [
     "StepModel",
     "get_canonical_hash",
 ]
+
+
+
+ 

epi_core/container.py

@@ -11,6 +11,7 @@ Implements the EPI file format specification:
 import hashlib
 import json
 import tempfile
+import threading
 import zipfile
 from pathlib import Path
 from typing import Optional
@@ -21,6 +22,9 @@ from epi_core.schemas import ManifestModel
 # EPI mimetype constant (vendor-specific MIME type per RFC 6838)
 EPI_MIMETYPE = "application/vnd.epi+zip"
 
+# Thread-safe lock for ZIP packing operations (prevents concurrent corruption)
+_zip_pack_lock = threading.Lock()
+
 
 class EPIContainer:
     """
@@ -157,6 +161,8 @@ class EPIContainer:
         """
         Create a .epi file from a source directory.
         
+        Thread-safe: Uses a module-level lock to prevent concurrent ZIP corruption.
+        
         The packing process:
         1. Write mimetype first (uncompressed) per ZIP spec
         2. Hash all files in source_dir
@@ -173,64 +179,67 @@ class EPIContainer:
             FileNotFoundError: If source_dir doesn't exist
             ValueError: If source_dir is not a directory
         """
-        if not source_dir.exists():
-            raise FileNotFoundError(f"Source directory not found: {source_dir}")
-        
-        if not source_dir.is_dir():
-            raise ValueError(f"Source must be a directory: {source_dir}")
-        
-        # Ensure output directory exists
-        output_path.parent.mkdir(parents=True, exist_ok=True)
-        
-        # Collect all files and compute hashes
-        file_manifest = {}
-        files_to_pack = []
-        
-        for file_path in source_dir.rglob("*"):
-            if file_path.is_file():
-                # Get relative path for archive
-                rel_path = file_path.relative_to(source_dir)
-                arc_name = str(rel_path).replace("\\", "/")  # Use forward slashes in ZIP
-                
-                # Compute hash
-                file_hash = EPIContainer._compute_file_hash(file_path)
-                file_manifest[arc_name] = file_hash
-                
-                files_to_pack.append((file_path, arc_name))
-        
-        # Update manifest with file hashes
-        manifest.file_manifest = file_manifest
-        
-        # Create embedded viewer with data injection
-        viewer_html = EPIContainer._create_embedded_viewer(source_dir, manifest)
-        
-        # Create ZIP file
-        with zipfile.ZipFile(output_path, "w", zipfile.ZIP_DEFLATED) as zf:
-            # 1. Write mimetype FIRST and UNCOMPRESSED (per EPI spec)
-            zf.writestr(
-                "mimetype",
-                EPI_MIMETYPE,
-                compress_type=zipfile.ZIP_STORED  # No compression
-            )
+        # CRITICAL: Acquire lock to prevent concurrent ZIP corruption
+        # Multiple threads writing to ZIP simultaneously causes file header mismatches
+        with _zip_pack_lock:
+            if not source_dir.exists():
+                raise FileNotFoundError(f"Source directory not found: {source_dir}")
+            
+            if not source_dir.is_dir():
+                raise ValueError(f"Source must be a directory: {source_dir}")
+            
+            # Ensure output directory exists
+            output_path.parent.mkdir(parents=True, exist_ok=True)
+            
+            # Collect all files and compute hashes
+            file_manifest = {}
+            files_to_pack = []
+            
+            for file_path in source_dir.rglob("*"):
+                if file_path.is_file():
+                    # Get relative path for archive
+                    rel_path = file_path.relative_to(source_dir)
+                    arc_name = str(rel_path).replace("\\", "/")  # Use forward slashes in ZIP
+                    
+                    # Compute hash
+                    file_hash = EPIContainer._compute_file_hash(file_path)
+                    file_manifest[arc_name] = file_hash
+                    
+                    files_to_pack.append((file_path, arc_name))
             
-            # 2. Write all other files
-            for file_path, arc_name in files_to_pack:
-                zf.write(file_path, arc_name, compress_type=zipfile.ZIP_DEFLATED)
+            # Update manifest with file hashes
+            manifest.file_manifest = file_manifest
             
-            # 3. Write embedded viewer
-            zf.writestr(
-                "viewer.html",
-                viewer_html,
-                compress_type=zipfile.ZIP_DEFLATED
-            )
+            # Create embedded viewer with data injection
+            viewer_html = EPIContainer._create_embedded_viewer(source_dir, manifest)
             
-            # 4. Write manifest.json LAST (after all files are hashed)
-            manifest_json = manifest.model_dump_json(indent=2)
-            zf.writestr(
-                "manifest.json",
-                manifest_json,
-                compress_type=zipfile.ZIP_DEFLATED
-            )
+            # Create ZIP file
+            with zipfile.ZipFile(output_path, "w", zipfile.ZIP_DEFLATED) as zf:
+                # 1. Write mimetype FIRST and UNCOMPRESSED (per EPI spec)
+                zf.writestr(
+                    "mimetype",
+                    EPI_MIMETYPE,
+                    compress_type=zipfile.ZIP_STORED  # No compression
+                )
+                
+                # 2. Write all other files
+                for file_path, arc_name in files_to_pack:
+                    zf.write(file_path, arc_name, compress_type=zipfile.ZIP_DEFLATED)
+                
+                # 3. Write embedded viewer
+                zf.writestr(
+                    "viewer.html",
+                    viewer_html,
+                    compress_type=zipfile.ZIP_DEFLATED
+                )
+                
+                # 4. Write manifest.json LAST (after all files are hashed)
+                manifest_json = manifest.model_dump_json(indent=2)
+                zf.writestr(
+                    "manifest.json",
+                    manifest_json,
+                    compress_type=zipfile.ZIP_DEFLATED
+                )
     
     @staticmethod
     def unpack(epi_path: Path, dest_dir: Optional[Path] = None) -> Path:
@@ -350,3 +359,7 @@ class EPIContainer:
                     mismatches[filename] = f"Hash mismatch: expected {expected_hash}, got {actual_hash}"
         
         return (len(mismatches) == 0, mismatches)
+
+
+
+ 

epi_core/redactor.py

@@ -277,3 +277,7 @@ def get_default_redactor() -> Redactor:
             pass  # Fail silently, use defaults
     
     return Redactor(config_path=config_path if config_path.exists() else None)
+
+
+
+ 

epi_core/schemas.py

@@ -18,7 +18,7 @@ class ManifestModel(BaseModel):
     """
     
     spec_version: str = Field(
-        default="1.1-json",
+        default="2.2.0",
         description="EPI specification version"
     )
     
@@ -145,4 +145,8 @@ class StepModel(BaseModel):
                 }
             }
         }
-    )
+    )
+
+
+
+ 

epi_core/serialize.py

@@ -158,3 +158,7 @@ def verify_hash(model: BaseModel, expected_hash: str, exclude_fields: set[str] |
     """
     actual_hash = get_canonical_hash(model, exclude_fields)
     return actual_hash == expected_hash
+
+
+
+ 

epi_core/storage.py

@@ -0,0 +1,186 @@
+"""
+SQLite-based storage for EPI recordings.
+
+Provides atomic, crash-safe storage replacing JSONL files.
+SQLite transactions ensure no data corruption on crashes.
+"""
+
+import sqlite3
+import json
+import time
+from pathlib import Path
+from typing import List, Dict, Any, Optional
+from datetime import datetime
+
+from .schemas import StepModel
+
+
+class EpiStorage:
+    """
+    SQLite-based atomic storage for agent execution.
+    Replaces JSONL (which corrupts on crashes).
+    """
+    
+    def __init__(self, session_id: str, output_dir: Path):
+        """
+        Initialize SQLite storage.
+        
+        Args:
+            session_id: Unique session identifier
+            output_dir: Directory for database file
+        """
+        self.session_id = session_id
+        self.output_dir = Path(output_dir)
+        self.output_dir.mkdir(parents=True, exist_ok=True)
+        
+        self.db_path = self.output_dir / f"{session_id}_temp.db"
+        self.conn = sqlite3.connect(str(self.db_path), check_same_thread=False)
+        self._init_tables()
+    
+    def _init_tables(self):
+        """Initialize database schema"""
+        self.conn.execute('''
+            CREATE TABLE IF NOT EXISTS steps (
+                id INTEGER PRIMARY KEY AUTOINCREMENT,
+                step_index INTEGER NOT NULL,
+                timestamp TEXT NOT NULL,
+                kind TEXT NOT NULL,
+                content TEXT NOT NULL,
+                created_at REAL NOT NULL
+            )
+        ''')
+        
+        self.conn.execute('''
+            CREATE TABLE IF NOT EXISTS metadata (
+                key TEXT PRIMARY KEY,
+                value TEXT NOT NULL
+            )
+        ''')
+        
+        self.conn.execute('''
+            CREATE INDEX IF NOT EXISTS idx_steps_index 
+            ON steps(step_index)
+        ''')
+        
+        self.conn.commit()
+    
+    def add_step(self, step: StepModel) -> None:
+        """
+        Atomic insert of execution step.
+        Survives process crashes.
+        
+        Args:
+            step: StepModel to persist
+        """
+        self.conn.execute(
+            '''INSERT INTO steps 
+               (step_index, timestamp, kind, content, created_at) 
+               VALUES (?, ?, ?, ?, ?)''',
+            (
+                step.index,
+                step.timestamp.isoformat(),
+                step.kind,
+                step.model_dump_json(),
+                time.time()
+            )
+        )
+        self.conn.commit()
+    
+    def get_steps(self) -> List[StepModel]:
+        """
+        Retrieve all steps in order.
+        
+        Returns:
+            List of StepModel instances
+        """
+        cursor = self.conn.execute(
+            'SELECT content FROM steps ORDER BY step_index'
+        )
+        rows = cursor.fetchall()
+        
+        steps = []
+        for row in rows:
+            step_data = json.loads(row[0])
+            steps.append(StepModel(**step_data))
+        
+        return steps
+    
+    def set_metadata(self, key: str, value: str) -> None:
+        """
+        Set metadata key-value pair.
+        
+        Args:
+            key: Metadata key
+            value: Metadata value
+        """
+        self.conn.execute(
+            'INSERT OR REPLACE INTO metadata (key, value) VALUES (?, ?)',
+            (key, value)
+        )
+        self.conn.commit()
+    
+    def get_metadata(self, key: str) -> Optional[str]:
+        """
+        Get metadata value.
+        
+        Args:
+            key: Metadata key
+            
+        Returns:
+            Metadata value or None
+        """
+        cursor = self.conn.execute(
+            'SELECT value FROM metadata WHERE key = ?',
+            (key,)
+        )
+        row = cursor.fetchone()
+        return row[0] if row else None
+    
+    def close(self) -> None:
+        """Close database connection."""
+        if self.conn:
+            self.conn.close()
+    
+    def export_to_jsonl(self, output_path: Path) -> None:
+        """
+        Export steps to JSONL file for backwards compatibility.
+        
+        Args:
+            output_path: Path to JSONL file
+        """
+        steps = self.get_steps()
+        with open(output_path, 'w', encoding='utf-8') as f:
+            for step in steps:
+                f.write(step.model_dump_json() + '\n')
+    
+    def finalize(self) -> Path:
+        """
+        Finalize recording and rename to final path.
+        This ensures we never have half-written files.
+        
+        Returns:
+            Path to finalized database file
+        """
+        # Add finalization metadata
+        self.set_metadata('finalized_at', datetime.utcnow().isoformat())
+        self.set_metadata('session_id', self.session_id)
+        
+        # Close connection
+        self.close()
+        
+        # Atomic rename (SQLite transaction guarantees consistency)
+        final_path = self.output_dir / "steps.jsonl"
+        
+        # Export to JSONL for backwards compatibility
+        self.conn = sqlite3.connect(str(self.db_path), check_same_thread=False)
+        self.export_to_jsonl(final_path)
+        self.close()
+        
+        # Clean up temp DB
+        self.db_path.unlink(missing_ok=True)
+        
+        return final_path
+
+
+
+ 

epi_core/trust.py

@@ -244,3 +244,7 @@ def create_verification_report(
         report["trust_message"] = "Integrity compromised - do not trust"
     
     return report
+
+
+
+ 

epi_recorder/__init__.py

@@ -4,7 +4,7 @@ EPI Recorder - Runtime interception and workflow capture.
 Python API for recording AI workflows with cryptographic verification.
 """
 
-__version__ = "2.1.1"
+__version__ = "2.2.0"
 
 # Export Python API
 from epi_recorder.api import (
@@ -19,3 +19,7 @@ __all__ = [
     "get_current_session",
     "__version__"
 ]
+
+
+
+ 

epi_recorder/api.py

@@ -176,6 +176,11 @@ class EpiRecorderSession:
                 output_path=self.output_path
             )
             
+            # CRITICAL: Windows file system flush
+            # Allow OS to finalize file before signing
+            import time
+            time.sleep(0.1)
+            
             # Sign if requested
             if self.auto_sign:
                 self._sign_epi_file()
@@ -355,7 +360,24 @@ class EpiRecorderSession:
                     encoding="utf-8"
                 )
                 
-                # Repack the ZIP with signed manifest
+                # Regenerate viewer.html with signed manifest
+                steps = []
+                steps_file = tmp_path / "steps.jsonl"
+                if steps_file.exists():
+                    for line in steps_file.read_text(encoding="utf-8").strip().split("\n"):
+                        if line:
+                            try:
+                                steps.append(json.loads(line))
+                            except json.JSONDecodeError:
+                                pass
+                
+                # Regenerate viewer with signed manifest
+                from epi_core.container import EPIContainer
+                viewer_html = EPIContainer._create_embedded_viewer(tmp_path, signed_manifest)
+                viewer_path = tmp_path / "viewer.html"
+                viewer_path.write_text(viewer_html, encoding="utf-8")
+                
+                # Repack the ZIP with signed manifest and updated viewer
                 # CRITICAL: Write to temp file first to prevent data loss
                 temp_output = self.output_path.with_suffix('.epi.tmp')
                 
@@ -590,4 +612,8 @@ def get_current_session() -> Optional[EpiRecorderSession]:
     Returns:
         EpiRecorderSession or None
     """
-    return getattr(_thread_local, 'active_session', None)
+    return getattr(_thread_local, 'active_session', None)
+
+
+
+