PyPI - halyn - Versions diffs - 2.2.1__tar.gz → 2.2.3__tar.gz - Mend

halyn 2.2.1tar.gz → 2.2.3tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (64) hide show

{halyn-2.2.1/src/halyn.egg-info → halyn-2.2.3}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: halyn
-Version: 2.2.1
+Version: 2.2.3
 Summary: Halyn — The governance layer for AI agents. Every action intercepted. Every decision auditable.
 Author-email: Elmadani SALKA <contact@halyn.dev>
 License-Expression: BUSL-1.1

{halyn-2.2.1 → halyn-2.2.3}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [project]
 name = "halyn"
-version = "2.2.1"
+version = "2.2.3"
 description = "Halyn — The governance layer for AI agents. Every action intercepted. Every decision auditable."
 requires-python = ">=3.10"
 license = "BUSL-1.1"

{halyn-2.2.1 → halyn-2.2.3}/src/halyn/__init__.py RENAMED Viewed

@@ -9,7 +9,7 @@ Every action intercepted. Every decision auditable.
 The AI cannot bypass it.
 """
-__version__ = "2.2.1"
+__version__ = "2.2.3"
 __author__ = "Elmadani SALKA"
 __license__ = "BUSL-1.1"
 __email__ = "contact@halyn.dev"

{halyn-2.2.1 → halyn-2.2.3}/src/halyn/cli.py RENAMED Viewed

@@ -51,6 +51,13 @@ def main() -> None:
     # emergency-stop
     sub.add_parser("emergency-stop", help="STOP ALL NODES IMMEDIATELY")
+    # redteam
+    p_red = sub.add_parser("redteam", help="Run 24/7 red team audit loop")
+    p_red.add_argument("--url",      default="http://localhost:7420")
+    p_red.add_argument("--interval", type=float, default=30.0)
+    p_red.add_argument("--webhook",  default="")
+    p_red.add_argument("--verbose",  action="store_true")
     # version
     sub.add_parser("version", help="Show version")
@@ -66,6 +73,14 @@ def main() -> None:
         _cmd_test()
     elif args.command == "emergency-stop":
         _cmd_emergency_stop(args)
+    elif args.command == "redteam":
+        from .redteam import run as redteam_run
+        redteam_run(
+            url=args.url,
+            interval=args.interval,
+            webhook=args.webhook or None,
+            verbose=args.verbose,
+        )
     elif args.command == "version":
         from . import __version__
         print(f"Halyn v{__version__}")

halyn-2.2.3/src/halyn/dashboard.py ADDED Viewed

@@ -0,0 +1,561 @@
+# Copyright (c) 2026 Elmadani SALKA
+# Licensed under BUSL-1.1. See LICENSE file.
+# Commercial use requires a license — contact@halyn.dev
+"""
+Halyn Dashboard — Built-in web UI served on GET /
+Uses the real REST API endpoints directly:
+  /health  /nodes  /audit  /events/query
+  /consent/pending  /confirm/pending  /intents  /execute
+"""
+DASHBOARD_HTML = r"""<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width,initial-scale=1">
+<title>Halyn — AI Governance</title>
+<style>
+*{margin:0;padding:0;box-sizing:border-box}
+:root{
+  --bg:#0b0d10;--bg2:#13161b;--bg3:#1a1e27;
+  --fg:#e1e4ea;--fg2:#8b919e;--fg3:#5c6370;
+  --green:#3ddc84;--green-bg:#0f2318;--green-border:#1a3a28;
+  --red:#ef4444;--red-bg:#2a1215;--red-border:#4a1c20;
+  --yellow:#f59e0b;--yellow-bg:#1f1a0f;
+  --border:#1e2330;
+  --font:'Inter',system-ui,sans-serif;
+  --mono:'IBM Plex Mono','Courier New',monospace;
+}
+body{background:var(--bg);color:var(--fg);font-family:var(--font);height:100vh;display:flex;flex-direction:column;overflow:hidden}
+/* TOP BAR */
+.topbar{
+  background:var(--bg2);border-bottom:1px solid var(--border);
+  padding:.65rem 1.25rem;display:flex;justify-content:space-between;align-items:center;
+  flex-shrink:0;
+}
+.topbar-left{display:flex;align-items:center;gap:.75rem}
+.logo{font-size:.95rem;font-weight:700;letter-spacing:-.5px}
+.logo span{color:var(--green)}
+.version{font-size:.7rem;color:var(--fg3);font-family:var(--mono)}
+.topbar-right{display:flex;align-items:center;gap:1rem}
+.pill{
+  display:flex;align-items:center;gap:.35rem;
+  font-size:.72rem;font-family:var(--mono);
+  background:var(--bg3);border:1px solid var(--border);
+  padding:.25rem .6rem;border-radius:20px;
+}
+.pill .dot{width:7px;height:7px;border-radius:50%;background:var(--fg3)}
+.pill.online .dot{background:var(--green);box-shadow:0 0 6px var(--green)}
+.pill.stopped .dot{background:var(--red);box-shadow:0 0 6px var(--red)}
+#estop-btn{
+  background:var(--red-bg);border:1px solid var(--red-border);
+  color:var(--red);font-size:.72rem;font-family:var(--mono);font-weight:600;
+  padding:.25rem .75rem;border-radius:4px;cursor:pointer;
+}
+#estop-btn:hover{background:var(--red);color:#fff}
+/* STAT STRIP */
+.statstrip{
+  display:flex;border-bottom:1px solid var(--border);flex-shrink:0;
+  background:var(--bg2);
+}
+.stat{
+  flex:1;padding:.6rem 1rem;border-right:1px solid var(--border);
+  display:flex;flex-direction:column;gap:.15rem;
+}
+.stat:last-child{border-right:none}
+.stat .v{font-family:var(--mono);font-size:1.3rem;font-weight:700;color:var(--green);line-height:1}
+.stat .l{font-size:.65rem;color:var(--fg3);text-transform:uppercase;letter-spacing:.8px}
+.stat.warn .v{color:var(--yellow)}
+.stat.danger .v{color:var(--red)}
+/* MAIN GRID */
+.main{display:grid;grid-template-columns:1fr 1fr;flex:1;overflow:hidden}
+.col{display:flex;flex-direction:column;border-right:1px solid var(--border);overflow:hidden}
+.col:last-child{border-right:none}
+/* PANEL */
+.panel{flex:1;display:flex;flex-direction:column;overflow:hidden;border-bottom:1px solid var(--border)}
+.panel:last-child{border-bottom:none}
+.panel-head{
+  padding:.5rem .9rem;border-bottom:1px solid var(--border);flex-shrink:0;
+  display:flex;justify-content:space-between;align-items:center;
+  background:var(--bg2);
+}
+.panel-head h2{font-size:.72rem;font-weight:600;color:var(--fg2);text-transform:uppercase;letter-spacing:1px}
+.panel-head .badge{
+  font-size:.62rem;font-family:var(--mono);
+  background:var(--bg3);color:var(--fg3);
+  padding:2px 7px;border-radius:10px;border:1px solid var(--border);
+}
+.panel-body{flex:1;overflow-y:auto;padding:.6rem .9rem}
+/* AUDIT TABLE */
+.audit-row{
+  display:grid;grid-template-columns:55px 1fr 55px 90px;
+  gap:.5rem;padding:.3rem 0;border-bottom:1px solid var(--border);
+  font-size:.7rem;font-family:var(--mono);align-items:center;
+}
+.audit-row:last-child{border-bottom:none}
+.audit-row .t{color:var(--fg3)}
+.audit-row .tool{color:var(--fg);overflow:hidden;text-overflow:ellipsis;white-space:nowrap}
+.audit-row .hash{color:var(--fg3);font-size:.62rem;text-align:right;overflow:hidden;text-overflow:ellipsis}
+.ok-badge{background:var(--green-bg);color:var(--green);border:1px solid var(--green-border);padding:1px 6px;border-radius:3px;font-size:.6rem;font-weight:700}
+.fail-badge{background:var(--red-bg);color:var(--red);border:1px solid var(--red-border);padding:1px 6px;border-radius:3px;font-size:.6rem;font-weight:700}
+/* EVENTS */
+.event-row{
+  padding:.3rem 0;border-bottom:1px solid var(--border);
+  font-size:.7rem;font-family:var(--mono);display:flex;gap:.6rem;align-items:baseline;
+}
+.event-row:last-child{border-bottom:none}
+.event-row .sev{font-size:.6rem;font-weight:700;padding:1px 5px;border-radius:3px;flex-shrink:0}
+.sev.info{background:#0f1f2e;color:#60a5fa;border:1px solid #1a3a5c}
+.sev.warning{background:var(--yellow-bg);color:var(--yellow);border:1px solid #3a2a0f}
+.sev.critical,.sev.emergency{background:var(--red-bg);color:var(--red);border:1px solid var(--red-border)}
+.event-row .name{color:var(--fg);flex:1;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}
+.event-row .src{color:var(--fg3);font-size:.62rem}
+/* NODES */
+.node-card{
+  background:var(--bg2);border:1px solid var(--border);border-radius:6px;
+  padding:.6rem .8rem;margin-bottom:.4rem;font-size:.73rem;
+}
+.node-card .nid{font-family:var(--mono);color:var(--green);font-size:.7rem}
+.node-card .nmeta{color:var(--fg3);margin-top:.2rem;font-size:.65rem}
+.empty{color:var(--fg3);font-size:.78rem;font-style:italic;padding:.5rem 0}
+/* CONSENT */
+.consent-card{
+  background:var(--bg2);border:1px solid var(--yellow-bg);border-radius:6px;
+  padding:.6rem .8rem;margin-bottom:.4rem;font-size:.73rem;
+}
+.consent-card .nid{font-family:var(--mono);color:var(--yellow)}
+.consent-actions{display:flex;gap:.4rem;margin-top:.5rem}
+.btn-approve{background:var(--green-bg);border:1px solid var(--green-border);color:var(--green);font-size:.68rem;padding:3px 10px;border-radius:3px;cursor:pointer;font-family:var(--mono)}
+.btn-deny{background:var(--red-bg);border:1px solid var(--red-border);color:var(--red);font-size:.68rem;padding:3px 10px;border-radius:3px;cursor:pointer;font-family:var(--mono)}
+.btn-approve:hover{background:var(--green);color:#000}
+.btn-deny:hover{background:var(--red);color:#fff}
+/* COMMAND */
+.cmd-panel{flex:1;display:flex;flex-direction:column;overflow:hidden}
+.cmd-history{flex:1;overflow-y:auto;padding:.6rem .9rem;font-family:var(--mono);font-size:.72rem}
+.cmd-line{padding:.25rem 0;border-bottom:1px solid var(--border);display:flex;gap:.6rem;line-height:1.5}
+.cmd-line:last-child{border-bottom:none}
+.cmd-line .who{color:var(--fg3);flex-shrink:0}
+.cmd-line .txt{flex:1;word-break:break-all}
+.cmd-line.user .who{color:var(--green)}
+.cmd-line.user .txt{color:var(--fg)}
+.cmd-line.res.ok .txt{color:var(--green)}
+.cmd-line.res.err .txt{color:var(--red)}
+.cmd-line.res.info .txt{color:var(--fg2)}
+.cmd-input-row{
+  display:flex;gap:.5rem;padding:.6rem .9rem;
+  border-top:1px solid var(--border);flex-shrink:0;background:var(--bg2);
+}
+.cmd-input{
+  flex:1;background:var(--bg3);border:1px solid var(--border);
+  color:var(--fg);padding:.45rem .7rem;border-radius:5px;
+  font-size:.78rem;font-family:var(--mono);outline:none;
+}
+.cmd-input:focus{border-color:var(--green)}
+.cmd-send{
+  background:var(--green-bg);border:1px solid var(--green-border);
+  color:var(--green);font-size:.75rem;font-family:var(--mono);font-weight:600;
+  padding:.45rem .9rem;border-radius:5px;cursor:pointer;
+}
+.cmd-send:hover{background:var(--green);color:#000}
+/* AUDIT VERIFY INDICATOR */
+.chain-status{
+  font-size:.65rem;font-family:var(--mono);
+  padding:2px 7px;border-radius:3px;
+}
+.chain-status.valid{background:var(--green-bg);color:var(--green);border:1px solid var(--green-border)}
+.chain-status.broken{background:var(--red-bg);color:var(--red);border:1px solid var(--red-border)}
+/* SCROLLBAR */
+::-webkit-scrollbar{width:4px}
+::-webkit-scrollbar-track{background:transparent}
+::-webkit-scrollbar-thumb{background:var(--border);border-radius:2px}
+</style>
+</head>
+<body>
+<div class="topbar">
+  <div class="topbar-left">
+    <div class="logo">⬡ <span>Halyn</span></div>
+    <div class="version" id="version">v—</div>
+  </div>
+  <div class="topbar-right">
+    <div class="pill" id="status-pill">
+      <div class="dot"></div>
+      <span id="status-txt">connecting</span>
+    </div>
+    <button id="estop-btn" onclick="emergencyStop()">⚠ STOP</button>
+  </div>
+</div>
+<div class="statstrip">
+  <div class="stat" id="st-nodes"><div class="v" id="sv-nodes">—</div><div class="l">Nodes</div></div>
+  <div class="stat" id="st-audit"><div class="v" id="sv-audit">—</div><div class="l">Audit</div></div>
+  <div class="stat" id="st-events"><div class="v" id="sv-events">—</div><div class="l">Events</div></div>
+  <div class="stat" id="st-consent"><div class="v" id="sv-consent">—</div><div class="l">Pending</div></div>
+  <div class="stat" id="st-watchdog"><div class="v" id="sv-watchdog">—</div><div class="l">Watchdog</div></div>
+  <div class="stat" id="st-chain"><div class="v" id="sv-chain">—</div><div class="l">Chain</div></div>
+</div>
+<div class="main">
+  <!-- LEFT COL -->
+  <div class="col">
+    <!-- NODES (top-left) -->
+    <div class="panel" style="max-height:35%">
+      <div class="panel-head">
+        <h2>Nodes</h2>
+        <span class="badge" id="badge-nodes">0</span>
+      </div>
+      <div class="panel-body" id="panel-nodes">
+        <div class="empty">No nodes connected. Run <code>halyn scan</code> to discover.</div>
+      </div>
+    </div>
+    <!-- CONSENT (bottom-left) -->
+    <div class="panel" style="max-height:30%">
+      <div class="panel-head">
+        <h2>Consent Pending</h2>
+        <span class="badge" id="badge-consent">0</span>
+      </div>
+      <div class="panel-body" id="panel-consent">
+        <div class="empty">No pending consent requests.</div>
+      </div>
+    </div>
+    <!-- COMMAND (bottom-left) -->
+    <div class="panel cmd-panel">
+      <div class="panel-head">
+        <h2>Execute</h2>
+        <span class="badge">tool · node · args</span>
+      </div>
+      <div class="cmd-history" id="cmd-history">
+        <div class="cmd-line res info"><span class="who">sys</span><span class="txt">Halyn console — type help for commands.</span></div>
+      </div>
+      <div class="cmd-input-row">
+        <input class="cmd-input" id="cmd-input" placeholder='{"tool":"my_tool","node":"nrp://scope/kind/name","args":{}}' />
+        <button class="cmd-send" onclick="cmdSend()">RUN</button>
+      </div>
+    </div>
+  </div>
+  <!-- RIGHT COL -->
+  <div class="col">
+    <!-- AUDIT (top-right) -->
+    <div class="panel" style="flex:1.2">
+      <div class="panel-head">
+        <h2>Audit Chain</h2>
+        <div style="display:flex;gap:.5rem;align-items:center">
+          <span class="chain-status valid" id="chain-badge">VALID</span>
+          <span class="badge" id="badge-audit">0</span>
+        </div>
+      </div>
+      <div class="panel-body" id="panel-audit">
+        <div class="empty">No audit entries yet.</div>
+      </div>
+    </div>
+    <!-- EVENTS (bottom-right) -->
+    <div class="panel" style="flex:1">
+      <div class="panel-head">
+        <h2>Event Stream</h2>
+        <span class="badge" id="badge-events">0</span>
+      </div>
+      <div class="panel-body" id="panel-events">
+        <div class="empty">Listening for events via SSE...</div>
+      </div>
+    </div>
+  </div>
+</div>
+<script>
+const $ = id => document.getElementById(id);
+// ── Helpers ──────────────────────────────────────────────
+function fmtTime(ts) {
+  if (!ts) return '—';
+  const d = new Date(typeof ts === 'number' ? ts * 1000 : ts);
+  return d.toTimeString().slice(0, 8);
+}
+function addCmdLine(cls, who, txt) {
+  const h = $('cmd-history');
+  const d = document.createElement('div');
+  d.className = 'cmd-line ' + cls;
+  d.innerHTML = '<span class="who">' + who + '</span><span class="txt">' + txt + '</span>';
+  h.appendChild(d);
+  h.scrollTop = h.scrollHeight;
+}
+// ── Health / Refresh ──────────────────────────────────────
+async function refresh() {
+  try {
+    const h = await fetch('/health').then(r => r.json());
+    // Status pill
+    const pill = $('status-pill');
+    if (h.emergency_stop) {
+      pill.className = 'pill stopped';
+      $('status-txt').textContent = 'EMERGENCY STOP';
+    } else {
+      pill.className = 'pill online';
+      $('status-txt').textContent = 'running';
+    }
+    // Version (from cli — not in health, use static)
+    $('version').textContent = 'v2.2.2';
+    // Stats strip
+    $('sv-nodes').textContent = h.nodes;
+    $('sv-audit').textContent = h.audit_entries;
+    $('sv-events').textContent = h.event_bus.total;
+    $('sv-consent').textContent = h.pending_consents + h.pending_confirmations;
+    $('sv-watchdog').textContent = h.watchdog.overall;
+    $('sv-chain').textContent = h.audit_chain_valid ? 'OK' : 'BROKEN';
+    const stChain = $('st-chain');
+    stChain.className = 'stat ' + (h.audit_chain_valid ? '' : 'danger');
+    const stConsent = $('st-consent');
+    stConsent.className = 'stat ' + (h.pending_consents + h.pending_confirmations > 0 ? 'warn' : '');
+    const stWatch = $('st-watchdog');
+    stWatch.className = 'stat ' + (h.watchdog.overall === 'green' ? '' : h.watchdog.overall === 'yellow' ? 'warn' : 'danger');
+    // Chain badge
+    const cb = $('chain-badge');
+    if (h.audit_chain_valid) { cb.className = 'chain-status valid'; cb.textContent = 'VALID'; }
+    else { cb.className = 'chain-status broken'; cb.textContent = 'BROKEN'; }
+  } catch(e) {
+    $('status-pill').className = 'pill';
+    $('status-txt').textContent = 'offline';
+  }
+  refreshNodes();
+  refreshAudit();
+  refreshConsent();
+  refreshEvents();
+}
+// ── Nodes ─────────────────────────────────────────────────
+async function refreshNodes() {
+  try {
+    const d = await fetch('/nodes').then(r => r.json());
+    $('badge-nodes').textContent = d.count;
+    $('sv-nodes').textContent = d.count;
+    const panel = $('panel-nodes');
+    if (d.count === 0) {
+      panel.innerHTML = '<div class="empty">No nodes connected.</div>';
+      return;
+    }
+    panel.innerHTML = Object.entries(d.nodes).map(([id, m]) => {
+      const obs = (m.observe || []).map(c => c.name).join(', ') || '—';
+      const acts = (m.act || []).map(a => a.name).join(', ') || '—';
+      return '<div class="node-card">' +
+        '<div class="nid">' + (m.nrp_id || id) + '</div>' +
+        '<div class="nmeta">obs: ' + obs + '</div>' +
+        '<div class="nmeta">act: ' + acts + '</div>' +
+        '</div>';
+    }).join('');
+  } catch(e) {}
+}
+// ── Audit ─────────────────────────────────────────────────
+async function refreshAudit() {
+  try {
+    const d = await fetch('/audit?limit=30').then(r => r.json());
+    $('badge-audit').textContent = d.count;
+    $('sv-audit').textContent = d.count;
+    const panel = $('panel-audit');
+    if (!d.entries || d.entries.length === 0) {
+      panel.innerHTML = '<div class="empty">No audit entries yet.</div>';
+      return;
+    }
+    panel.innerHTML = [...d.entries].reverse().map(e => {
+      const badge = e.result_ok
+        ? '<span class="ok-badge">OK</span>'
+        : '<span class="fail-badge">FAIL</span>';
+      const hash = e.hash ? e.hash.slice(0, 10) + '…' : '—';
+      return '<div class="audit-row">' +
+        '<span class="t">' + fmtTime(e.timestamp) + '</span>' +
+        '<span class="tool">' + (e.tool || '—') + '</span>' +
+        badge +
+        '<span class="hash">' + hash + '</span>' +
+        '</div>';
+    }).join('');
+  } catch(e) {}
+}
+// ── Events ────────────────────────────────────────────────
+async function refreshEvents() {
+  try {
+    const d = await fetch('/events/query?n=20').then(r => r.json());
+    $('badge-events').textContent = d.total;
+    $('sv-events').textContent = d.total;
+    const panel = $('panel-events');
+    if (!d.events || d.events.length === 0) {
+      panel.innerHTML = '<div class="empty">No events yet.</div>';
+      return;
+    }
+    panel.innerHTML = [...d.events].reverse().map(e => {
+      const sev = e.severity || 'info';
+      return '<div class="event-row">' +
+        '<span class="sev ' + sev + '">' + sev.toUpperCase() + '</span>' +
+        '<span class="name">' + (e.name || '—') + '</span>' +
+        '<span class="src">' + (e.source || '') + '</span>' +
+        '</div>';
+    }).join('');
+  } catch(e) {}
+}
+// ── Consent ───────────────────────────────────────────────
+async function refreshConsent() {
+  try {
+    const d = await fetch('/consent/pending').then(r => r.json());
+    const count = d.count || 0;
+    $('badge-consent').textContent = count;
+    $('sv-consent').textContent = count;
+    const panel = $('panel-consent');
+    if (count === 0) {
+      panel.innerHTML = '<div class="empty">No pending consent requests.</div>';
+      return;
+    }
+    panel.innerHTML = d.pending.map(r => {
+      const id = r.nrp_id || r.id || '?';
+      return '<div class="consent-card">' +
+        '<div class="nid">' + id + '</div>' +
+        '<div class="consent-actions">' +
+        '<button class="btn-approve" onclick="consentApprove(' + JSON.stringify(id) + ')">APPROVE</button>' +
+        '<button class="btn-deny" onclick="consentDeny(' + JSON.stringify(id) + ')">DENY</button>' +
+        '</div></div>';
+    }).join('');
+  } catch(e) {}
+}
+async function consentApprove(nrp_id) {
+  await fetch('/consent/approve', {
+    method:'POST', headers:{'Content-Type':'application/json'},
+    body: JSON.stringify({nrp_id, level:'full', user_id:'dashboard'})
+  });
+  refreshConsent();
+}
+async function consentDeny(nrp_id) {
+  await fetch('/consent/deny', {
+    method:'POST', headers:{'Content-Type':'application/json'},
+    body: JSON.stringify({nrp_id, reason:'denied via dashboard'})
+  });
+  refreshConsent();
+}
+// ── Execute (command) ──────────────────────────────────────
+async function cmdSend() {
+  const inp = $('cmd-input');
+  const raw = inp.value.trim();
+  if (!raw) return;
+  inp.value = '';
+  if (raw === 'help') {
+    addCmdLine('res info', 'sys',
+      'Examples:<br>' +
+      '{"tool":"ping","node":"nrp://local/server/main","args":{}}<br>' +
+      '{"tool":"restart","node":"nrp://prod/service/nginx","args":{}}'
+    );
+    return;
+  }
+  addCmdLine('user', 'you', raw);
+  let body;
+  try { body = JSON.parse(raw); }
+  catch(e) {
+    addCmdLine('res err', 'err', 'Invalid JSON — ' + e.message);
+    return;
+  }
+  try {
+    const r = await fetch('/execute', {
+      method: 'POST',
+      headers: {'Content-Type': 'application/json'},
+      body: JSON.stringify({
+        tool: body.tool || '',
+        args: body.args || {},
+        user_id: 'dashboard',
+        intent: body.intent || '',
+      })
+    });
+    const d = await r.json();
+    if (d.ok) {
+      addCmdLine('res ok', 'ok', JSON.stringify(d.data));
+    } else {
+      addCmdLine('res err', 'err', d.error || d.status || 'failed');
+    }
+  } catch(e) {
+    addCmdLine('res err', 'err', e.message);
+  }
+  refresh();
+}
+// ── Emergency Stop ─────────────────────────────────────────
+async function emergencyStop() {
+  if (!confirm('Send EMERGENCY STOP to all nodes?')) return;
+  try {
+    await fetch('/emergency-stop', {method:'POST'});
+    addCmdLine('res err', 'sys', '⚠ EMERGENCY STOP SENT');
+    refresh();
+  } catch(e) {}
+}
+// ── SSE live events ────────────────────────────────────────
+function connectSSE() {
+  const es = new EventSource('/events');
+  es.onmessage = function(e) {
+    try {
+      const ev = JSON.parse(e.data);
+      const panel = $('panel-events');
+      // Remove empty placeholder
+      const empty = panel.querySelector('.empty');
+      if (empty) empty.remove();
+      const row = document.createElement('div');
+      row.className = 'event-row';
+      const sev = ev.severity || 'info';
+      row.innerHTML =
+        '<span class="sev ' + sev + '">' + sev.toUpperCase() + '</span>' +
+        '<span class="name">' + (ev.name || '—') + '</span>' +
+        '<span class="src">' + (ev.source || '') + '</span>';
+      panel.insertBefore(row, panel.firstChild);
+      // Keep last 30
+      while (panel.children.length > 30) panel.removeChild(panel.lastChild);
+      // Update badge
+      const cur = parseInt($('badge-events').textContent) || 0;
+      $('badge-events').textContent = cur + 1;
+      $('sv-events').textContent = cur + 1;
+    } catch(e) {}
+  };
+  es.onerror = function() {
+    setTimeout(connectSSE, 3000);
+  };
+}
+// ── Init ───────────────────────────────────────────────────
+$('cmd-input').addEventListener('keydown', e => { if (e.key === 'Enter') cmdSend(); });
+refresh();
+setInterval(refresh, 5000);
+connectSSE();
+</script>
+</body>
+</html>"""

halyn-2.2.3/src/halyn/redteam.py ADDED Viewed

@@ -0,0 +1,153 @@
+# Copyright (c) 2026 Elmadani SALKA
+# Licensed under BUSL-1.1. See LICENSE file.
+# Commercial use requires a license - contact@halyn.dev
+from __future__ import annotations
+import asyncio, logging, signal, sys, time
+from dataclasses import dataclass, field
+from typing import Any
+log = logging.getLogger("halyn.redteam")
+PROBES = [
+    {"name": "probe.noop",     "tool": "halyn.probe.noop",
+     "args": {"echo": "ping"},                             "expect": "any",     "intent": "redteam.noop"},
+    {"name": "probe.delete",   "tool": "halyn.probe.delete_all",
+     "args": {"target": "*"},                              "expect": "blocked", "intent": "redteam.dangerous"},
+    {"name": "probe.exfil",    "tool": "halyn.probe.exfil",
+     "args": {"destination": "http://evil.example.com"},   "expect": "blocked", "intent": "redteam.exfil"},
+    {"name": "probe.fs_write", "tool": "halyn.probe.write_file",
+     "args": {"path": "/etc/passwd", "content": "pwned"}, "expect": "blocked", "intent": "redteam.fs"},
+]
+@dataclass
+class ProbeResult:
+    name: str; ok: bool; expected: bool; status: str; duration_ms: float; error: str = ""
+@dataclass
+class LoopStats:
+    cycles: int = 0; probes_sent: int = 0; probes_expected: int = 0
+    chain_checks: int = 0; chain_breaks: int = 0; alerts_sent: int = 0
+    started_at: float = field(default_factory=time.time)
+    def uptime_seconds(self): return time.time() - self.started_at
+async def _get(session, url):
+    import aiohttp
+    async with session.get(url, timeout=aiohttp.ClientTimeout(total=5)) as r:
+        return await r.json()
+async def _post(session, url, body):
+    import aiohttp
+    async with session.post(url, json=body, timeout=aiohttp.ClientTimeout(total=5)) as r:
+        return await r.json()
+async def run_probe(session, base_url, probe):
+    t0 = time.perf_counter()
+    try:
+        resp = await _post(session, f"{base_url}/execute", {
+            "tool": probe["tool"], "args": probe["args"],
+            "user_id": "halyn.redteam", "intent": probe["intent"],
+        })
+        ms = (time.perf_counter() - t0) * 1000
+        result_ok = resp.get("ok", False)
+        status = resp.get("status", "unknown")
+        expected = (not result_ok) if probe["expect"] == "blocked" else True
+        return ProbeResult(probe["name"], True, expected, status, ms)
+    except asyncio.TimeoutError:
+        return ProbeResult(probe["name"], False, False, "timeout", (time.perf_counter()-t0)*1000, "timeout")
+    except Exception as e:
+        return ProbeResult(probe["name"], False, False, "error", (time.perf_counter()-t0)*1000, str(e)[:200])
+async def check_chain(session, base_url):
+    try:
+        r = await _get(session, f"{base_url}/audit/verify")
+        return r.get("valid", False), r.get("entries_checked", 0), r.get("message", "")
+    except Exception as e:
+        return False, 0, f"unreachable: {e}"
+async def send_alert(session, webhook, msg, stats):
+    log.critical("ALERT: %s", msg)
+    stats.alerts_sent += 1
+    if not webhook:
+        return
+    try:
+        import aiohttp
+        payload = {"text": f":rotating_light: *Halyn Alert*
+{msg}
+Cycle {stats.cycles} | Uptime {stats.uptime_seconds():.0f}s | Chain breaks: {stats.chain_breaks}"}
+        async with session.post(webhook, json=payload, timeout=aiohttp.ClientTimeout(total=5)) as r:
+            log.info("alert.webhook status=%d", r.status)
+    except Exception as e:
+        log.error("alert.webhook failed: %s", e)
+async def redteam_loop(base_url, interval, webhook, verbose):
+    import aiohttp
+    stats = LoopStats()
+    prev_tip = None
+    print(f"
+  Halyn Red Team")
+    print(f"  Target:   {base_url}")
+    print(f"  Interval: {interval}s | Probes: {len(PROBES)} | Webhook: {"yes" if webhook else "no"}")
+    print(f"  Ctrl+C to stop
+")
+    print(f"  CYC       TIME    PROBES   CHAIN                      MS")
+    print(f"  " + "-"*60)
+    async with aiohttp.ClientSession() as session:
+        while True:
+            t0 = time.time()
+            stats.cycles += 1
+            try:
+                h = await _get(session, f"{base_url}/health")
+            except Exception as e:
+                await send_alert(session, webhook, f"Halyn unreachable: {e}", stats)
+                await asyncio.sleep(interval)
+                continue
+            if not h.get("running", False):
+                await send_alert(session, webhook, "running=false", stats)
+            results = []
+            for probe in PROBES:
+                r = await run_probe(session, base_url, probe)
+                results.append(r)
+                stats.probes_sent += 1
+                if r.expected:
+                    stats.probes_expected += 1
+                else:
+                    await send_alert(session, webhook,
+                        f"Probe {r.name!r} unexpected: status={r.status} expected={probe["expect"]} error={r.error}", stats)
+                if verbose:
+                    log.info("  %s %s -> %s (%.0fms)", "OK" if r.expected else "FAIL", r.name, r.status, r.duration_ms)
+            valid, count, msg = await check_chain(session, base_url)
+            stats.chain_checks += 1
+            if not valid:
+                stats.chain_breaks += 1
+                await send_alert(session, webhook, f"CHAIN BROKEN cycle={stats.cycles}: {msg} entries={count}", stats)
+            try:
+                ar = await _get(session, f"{base_url}/audit?limit=1")
+                tip = ar.get("chain_tip", "")
+                if prev_tip and tip == "GENESIS" and stats.cycles > 1:
+                    await send_alert(session, webhook, f"Chain tip reset to GENESIS at cycle {stats.cycles} - log may have been wiped", stats)
+                prev_tip = tip
+            except Exception:
+                pass
+            n_ok = sum(1 for r in results if r.expected)
+            chain_str = f"OK ({count} entries)" if valid else f"BROKEN ({count} entries)"
+            ms = (time.time() - t0) * 1000
+            print(f"  {stats.cycles:>4}  {time.strftime("%H:%M:%S")}  {n_ok}/{len(results)} probes  {chain_str:<26}  {ms:>5.0f}ms")
+            await asyncio.sleep(max(0.0, interval - (time.time() - t0)))
+def run(url="http://localhost:7420", interval=30.0, webhook=None, verbose=False):
+    try:
+        import aiohttp
+    except ImportError:
+        print("Error: aiohttp required -- pip install halyn"); sys.exit(1)
+    logging.basicConfig(level=logging.INFO, format="%(asctime)s %(name)s %(levelname)s %(message)s", datefmt="%H:%M:%S")
+    loop = asyncio.new_event_loop()
+    def _stop(sig, frame):
+        print("
+  Stopping..."); loop.stop()
+    signal.signal(signal.SIGINT, _stop)
+    signal.signal(signal.SIGTERM, _stop)
+    try:
+        loop.run_until_complete(redteam_loop(url, interval, webhook, verbose))
+    finally:
+        loop.close()

{halyn-2.2.1 → halyn-2.2.3}/src/halyn/server.py RENAMED Viewed

@@ -54,6 +54,7 @@ def create_app(control_plane: Any, api_key: str = "") -> "web.Application":
     if not HAS_AIOHTTP:
         raise ImportError("aiohttp required: pip install aiohttp")
+    from .dashboard import DASHBOARD_HTML
     app = web.Application()
     cp = control_plane
@@ -72,6 +73,13 @@ def create_app(control_plane: Any, api_key: str = "") -> "web.Application":
     # ─── Health ─────────────────────────────────
+    # --- Dashboard ---
+    async def handle_dashboard(req: web.Request) -> web.Response:
+        from . import __version__
+        html = DASHBOARD_HTML.replace("v2.2.2", f"v{__version__}")
+        return web.Response(text=html, content_type="text/html")
     async def handle_health(req: web.Request) -> web.Response:
         return _json(cp.status())
@@ -272,6 +280,7 @@ def create_app(control_plane: Any, api_key: str = "") -> "web.Application":
     # ─── Register routes ────────────────────────
+    app.router.add_get("/", handle_dashboard)
     app.router.add_get("/health", handle_health)
     app.router.add_get("/nodes", handle_nodes)
     app.router.add_post("/execute", handle_execute)

{halyn-2.2.1 → halyn-2.2.3/src/halyn.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: halyn
-Version: 2.2.1
+Version: 2.2.3
 Summary: Halyn — The governance layer for AI agents. Every action intercepted. Every decision auditable.
 Author-email: Elmadani SALKA <contact@halyn.dev>
 License-Expression: BUSL-1.1

{halyn-2.2.1 → halyn-2.2.3}/src/halyn.egg-info/SOURCES.txt RENAMED Viewed

@@ -19,6 +19,7 @@ src/halyn/mcp.py
 src/halyn/mcp_serve.py
 src/halyn/nrp_bridge.py
 src/halyn/py.typed
+src/halyn/redteam.py
 src/halyn/sanitizer.py
 src/halyn/server.py
 src/halyn/shield.py

halyn-2.2.1/src/halyn/dashboard.py DELETED Viewed

@@ -1,209 +0,0 @@
-# Copyright (c) 2026 Elmadani SALKA
-# Licensed under BUSL-1.1. See LICENSE file.
-# Commercial use requires a license — contact@halyn.dev
-"""
-Halyn Dashboard — Built-in web UI for the MCP Server.
-When running halyn-mcp, opening http://localhost:7420 shows this dashboard.
-Real-time device status, shield rules, audit chain — all visual.
-"""
-DASHBOARD_HTML = '''<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width,initial-scale=1">
-<title>Halyn Dashboard</title>
-<style>
-*{margin:0;padding:0;box-sizing:border-box}
-:root{--bg:#0b0d10;--bg2:#13161b;--fg:#e1e4ea;--fg2:#8b919e;--fg3:#5c6370;--accent:#0a6e3f;--accent2:#3ddc84;--red:#ef4444;--border:#1e2330;--font:system-ui,sans-serif;--mono:'Courier New',monospace}
-body{background:var(--bg);color:var(--fg);font-family:var(--font);min-height:100vh}
-.top{background:var(--bg2);border-bottom:1px solid var(--border);padding:.75rem 1.5rem;display:flex;justify-content:space-between;align-items:center}
-.top h1{font-size:1rem;font-weight:600;display:flex;align-items:center;gap:.5rem}
-.top h1 span{color:var(--accent2)}
-.top .status{font-size:.75rem;color:var(--accent2);font-family:var(--mono);display:flex;align-items:center;gap:.4rem}
-.top .dot{width:8px;height:8px;border-radius:50%;background:var(--accent2);animation:pulse 2s infinite}
-@keyframes pulse{0%,100%{opacity:1}50%{opacity:.3}}
-.grid{display:grid;grid-template-columns:1fr 1fr;gap:1px;background:var(--border);margin:0;height:calc(100vh - 49px)}
-.panel{background:var(--bg);padding:1rem;overflow-y:auto}
-.panel h2{font-size:.8rem;font-weight:600;color:var(--fg2);text-transform:uppercase;letter-spacing:1px;margin-bottom:.75rem;display:flex;align-items:center;gap:.5rem}
-.panel h2 .count{background:var(--bg2);color:var(--fg3);font-size:.65rem;padding:2px 6px;border-radius:8px}
-/* Chat / Command */
-.chat{display:flex;flex-direction:column;height:100%}
-.messages{flex:1;overflow-y:auto;padding-bottom:.5rem}
-.msg{margin-bottom:.5rem;padding:.5rem .75rem;border-radius:8px;font-size:.82rem;line-height:1.5;max-width:90%}
-.msg.user{background:var(--accent);color:#fff;margin-left:auto;border-bottom-right-radius:2px}
-.msg.sys{background:var(--bg2);color:var(--fg2);border-bottom-left-radius:2px}
-.msg.blocked{background:#2a1215;color:var(--red);border:1px solid #4a1c20}
-.msg.ok{background:#0f2318;color:var(--accent2);border:1px solid #1a3a28}
-.input-row{display:flex;gap:.5rem;padding-top:.5rem;border-top:1px solid var(--border)}
-.input-row input{flex:1;background:var(--bg2);border:1px solid var(--border);color:var(--fg);padding:.6rem .75rem;border-radius:6px;font-size:.82rem;font-family:var(--font);outline:none}
-.input-row input:focus{border-color:var(--accent)}
-.input-row button{background:var(--accent);color:#fff;border:none;padding:.6rem 1rem;border-radius:6px;font-size:.82rem;cursor:pointer;font-weight:500}
-.input-row button:hover{background:var(--accent2);color:#000}
-/* Shields */
-.shield{background:var(--bg2);border:1px solid var(--border);border-radius:6px;padding:.5rem .75rem;margin-bottom:.4rem;font-family:var(--mono);font-size:.75rem;color:var(--fg2);display:flex;align-items:center;gap:.5rem}
-.shield::before{content:"🛡️";font-size:.9rem}
-/* Audit */
-.audit-entry{display:grid;grid-template-columns:auto 1fr auto auto;gap:.5rem;padding:.4rem 0;border-bottom:1px solid var(--border);font-size:.72rem;font-family:var(--mono);align-items:center}
-.audit-entry .time{color:var(--fg3)}
-.audit-entry .tool{color:var(--fg)}
-.audit-entry .hash{color:var(--fg3);font-size:.65rem}
-.audit-entry .badge{padding:1px 6px;border-radius:4px;font-size:.6rem;font-weight:600}
-.badge.ok{background:#0f2318;color:var(--accent2)}
-.badge.blocked{background:#2a1215;color:var(--red)}
-/* Stats */
-.stats{display:grid;grid-template-columns:repeat(4,1fr);gap:.5rem;margin-bottom:1rem}
-.stat{background:var(--bg2);border:1px solid var(--border);border-radius:6px;padding:.75rem;text-align:center}
-.stat .v{font-family:var(--mono);font-size:1.5rem;font-weight:700;color:var(--accent2)}
-.stat .l{font-size:.65rem;color:var(--fg3);margin-top:.2rem}
-@media(max-width:768px){.grid{grid-template-columns:1fr;height:auto}.panel{min-height:50vh}.stats{grid-template-columns:repeat(2,1fr)}}
-</style>
-</head>
-<body>
-<div class="top">
-  <h1>⬡ <span>Halyn</span> Dashboard</h1>
-  <div class="status"><div class="dot"></div> <span id="uptime">connecting...</span></div>
-</div>
-<div class="grid">
-  <!-- LEFT: Chat + Command -->
-  <div class="panel">
-    <div class="chat">
-      <div class="messages" id="msgs">
-        <div class="msg sys">Welcome to Halyn. Type a command or talk naturally.<br><br>Try: <code>observe all</code> · <code>shield deny * delete *</code> · <code>status</code> · <code>audit</code></div>
-      </div>
-      <div class="input-row">
-        <input type="text" id="cmd" placeholder="Type a command... (e.g. 'restart nginx on server-01')" autofocus>
-        <button onclick="send()">Send</button>
-      </div>
-    </div>
-  </div>
-  <!-- RIGHT: Status + Shields + Audit -->
-  <div class="panel">
-    <div class="stats" id="stats">
-      <div class="stat"><div class="v" id="s-nodes">0</div><div class="l">Nodes</div></div>
-      <div class="stat"><div class="v" id="s-shields">0</div><div class="l">Shields</div></div>
-      <div class="stat"><div class="v" id="s-audit">0</div><div class="l">Audit</div></div>
-      <div class="stat"><div class="v" id="s-uptime">0s</div><div class="l">Uptime</div></div>
-    </div>
-    <h2>🛡️ Shield Rules <span class="count" id="shield-count">0</span></h2>
-    <div id="shields"></div>
-    <h2 style="margin-top:1rem">📜 Audit Chain <span class="count" id="audit-count">0</span></h2>
-    <div id="audit"></div>
-  </div>
-</div>
-<script>
-const $ = s => document.getElementById(s);
-async function mcp(name, args={}) {
-  const r = await fetch('/mcp', {
-    method: 'POST',
-    headers: {'Content-Type': 'application/json'},
-    body: JSON.stringify({jsonrpc:'2.0',id:Date.now(),method:'tools/call',params:{name,arguments:args}})
-  });
-  const d = await r.json();
-  return JSON.parse(d.result.content[0].text);
-}
-function addMsg(text, cls='sys') {
-  const d = document.createElement('div');
-  d.className = 'msg ' + cls;
-  d.innerHTML = text;
-  $('msgs').appendChild(d);
-  $('msgs').scrollTop = $('msgs').scrollHeight;
-}
-async function refresh() {
-  try {
-    const s = await mcp('halyn_status');
-    $('s-nodes').textContent = s.nodes;
-    $('s-shields').textContent = s.shields;
-    $('s-audit').textContent = s.audit_entries;
-    $('s-uptime').textContent = s.uptime_seconds + 's';
-    $('uptime').textContent = 'v' + s.version + ' · ' + s.uptime_seconds + 's uptime';
-    const sh = await mcp('halyn_shield_list');
-    $('shield-count').textContent = sh.count;
-    $('shields').innerHTML = sh.shields.map(r => '<div class="shield">' + r + '</div>').join('');
-    const au = await mcp('halyn_audit', {limit: 20});
-    $('audit-count').textContent = au.total;
-    $('audit').innerHTML = au.entries.reverse().map(e => {
-      const badge = e.result_ok ? '<span class="badge ok">OK</span>' : '<span class="badge blocked">BLOCKED</span>';
-      return '<div class="audit-entry"><span class="time">' + e.timestamp.split('T')[1].replace('Z','') + '</span><span class="tool">' + e.tool + '</span>' + badge + '<span class="hash">' + e.hash + '</span></div>';
-    }).join('');
-  } catch(e) {}
-}
-async function send() {
-  const input = $('cmd');
-  const cmd = input.value.trim();
-  if (!cmd) return;
-  input.value = '';
-  addMsg(cmd, 'user');
-  const lower = cmd.toLowerCase();
-  try {
-    if (lower === 'status' || lower === 'state') {
-      const s = await mcp('halyn_status');
-      addMsg('Nodes: ' + s.nodes + ' · Shields: ' + s.shields + ' · Audit: ' + s.audit_entries + ' · Uptime: ' + s.uptime_seconds + 's', 'ok');
-    } else if (lower.startsWith('shield ') || lower.startsWith('deny ') || lower.startsWith('limit ')) {
-      const rule = lower.startsWith('shield ') ? cmd.slice(7) : cmd;
-      const r = await mcp('halyn_shield_add', {rule});
-      if (r.error) { addMsg('Error: ' + r.error, 'blocked'); }
-      else { addMsg('Shield added: ' + r.added + ' (total: ' + r.total_shields + ')', 'ok'); }
-    } else if (lower === 'shields' || lower === 'rules') {
-      const r = await mcp('halyn_shield_list');
-      addMsg(r.shields.length ? r.shields.map(s => '🛡️ ' + s).join('<br>') : 'No shields active.', 'sys');
-    } else if (lower === 'audit' || lower === 'log' || lower === 'history') {
-      const r = await mcp('halyn_audit', {limit: 10});
-      const lines = r.entries.map(e => {
-        const s = e.result_ok ? '✓' : '✗';
-        return s + ' ' + e.timestamp.split('T')[1].replace('Z','') + ' ' + e.tool;
-      });
-      addMsg(lines.join('<br>') || 'No audit entries yet.', 'sys');
-    } else if (lower.startsWith('observe') || lower.startsWith('watch') || lower.startsWith('read')) {
-      const node = cmd.split(' ').slice(1).join(' ') || 'all';
-      const r = await mcp('halyn_observe', {node});
-      addMsg('<pre>' + JSON.stringify(r, null, 2) + '</pre>', 'sys');
-    } else if (lower === 'stop' || lower === 'emergency') {
-      const r = await mcp('halyn_emergency_stop');
-      addMsg('⚠️ ' + r.status, 'blocked');
-    } else if (lower === 'nodes' || lower === 'devices') {
-      const r = await mcp('halyn_nodes');
-      addMsg('<pre>' + JSON.stringify(r, null, 2) + '</pre>', 'sys');
-    } else if (lower === 'help') {
-      addMsg('Commands:<br>• <b>status</b> — system overview<br>• <b>observe [node]</b> — read device state<br>• <b>shield deny * delete *</b> — add safety rule<br>• <b>shields</b> — list active rules<br>• <b>audit</b> — view action log<br>• <b>nodes</b> — list devices<br>• <b>stop</b> — emergency stop<br>• Or type any action: <i>restart nginx on server-01</i>', 'sys');
-    } else {
-      // Treat as action on default node
-      const parts = cmd.match(/(.+?)\\s+on\\s+(.+)/i);
-      const node = parts ? parts[2] : 'default';
-      const command = parts ? parts[1] : cmd;
-      const r = await mcp('halyn_act', {node, command});
-      if (r.blocked) {
-        addMsg('🛡️ BLOCKED: ' + r.reason, 'blocked');
-      } else {
-        addMsg('✓ Executed: ' + command + (node !== 'default' ? ' on ' + node : ''), 'ok');
-      }
-    }
-  } catch(e) {
-    addMsg('Error: ' + e.message, 'blocked');
-  }
-  refresh();
-}
-$('cmd').addEventListener('keydown', e => { if (e.key === 'Enter') send(); });
-refresh();
-setInterval(refresh, 5000);
-</script>
-</body>
-</html>'''