halyn 2.2.2__tar.gz → 2.2.3__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (63) hide show
  1. {halyn-2.2.2/src/halyn.egg-info → halyn-2.2.3}/PKG-INFO +1 -1
  2. {halyn-2.2.2 → halyn-2.2.3}/pyproject.toml +1 -1
  3. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/__init__.py +1 -1
  4. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/cli.py +15 -0
  5. halyn-2.2.3/src/halyn/redteam.py +153 -0
  6. {halyn-2.2.2 → halyn-2.2.3/src/halyn.egg-info}/PKG-INFO +1 -1
  7. {halyn-2.2.2 → halyn-2.2.3}/src/halyn.egg-info/SOURCES.txt +1 -0
  8. {halyn-2.2.2 → halyn-2.2.3}/LICENSE +0 -0
  9. {halyn-2.2.2 → halyn-2.2.3}/README.md +0 -0
  10. {halyn-2.2.2 → halyn-2.2.3}/setup.cfg +0 -0
  11. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/__main__.py +0 -0
  12. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/_nrp/__init__.py +0 -0
  13. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/_nrp/driver.py +0 -0
  14. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/_nrp/events.py +0 -0
  15. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/_nrp/identity.py +0 -0
  16. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/_nrp/manifest.py +0 -0
  17. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/audit.py +0 -0
  18. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/auth.py +0 -0
  19. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/autonomy.py +0 -0
  20. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/config.py +0 -0
  21. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/consent.py +0 -0
  22. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/control_plane.py +0 -0
  23. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/dashboard.py +0 -0
  24. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/discovery.py +0 -0
  25. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/drivers/__init__.py +0 -0
  26. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/drivers/browser.py +0 -0
  27. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/drivers/dds.py +0 -0
  28. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/drivers/docker.py +0 -0
  29. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/drivers/http_auto.py +0 -0
  30. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/drivers/mqtt.py +0 -0
  31. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/drivers/opcua.py +0 -0
  32. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/drivers/ros2.py +0 -0
  33. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/drivers/serial.py +0 -0
  34. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/drivers/socket_raw.py +0 -0
  35. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/drivers/ssh.py +0 -0
  36. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/drivers/unitree.py +0 -0
  37. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/drivers/websocket.py +0 -0
  38. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/engine.py +0 -0
  39. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/integrations/__init__.py +0 -0
  40. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/intent.py +0 -0
  41. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/llm.py +0 -0
  42. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/mcp.py +0 -0
  43. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/mcp_serve.py +0 -0
  44. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/memory/__init__.py +0 -0
  45. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/memory/store.py +0 -0
  46. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/nrp_bridge.py +0 -0
  47. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/py.typed +0 -0
  48. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/sanitizer.py +0 -0
  49. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/security/__init__.py +0 -0
  50. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/security/audit_guard.py +0 -0
  51. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/security/ebpf_monitor.py +0 -0
  52. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/security/fs_watch.py +0 -0
  53. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/security/process_guard.py +0 -0
  54. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/security/proxy.py +0 -0
  55. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/server.py +0 -0
  56. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/shield.py +0 -0
  57. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/types.py +0 -0
  58. {halyn-2.2.2 → halyn-2.2.3}/src/halyn/watchdog.py +0 -0
  59. {halyn-2.2.2 → halyn-2.2.3}/src/halyn.egg-info/dependency_links.txt +0 -0
  60. {halyn-2.2.2 → halyn-2.2.3}/src/halyn.egg-info/entry_points.txt +0 -0
  61. {halyn-2.2.2 → halyn-2.2.3}/src/halyn.egg-info/requires.txt +0 -0
  62. {halyn-2.2.2 → halyn-2.2.3}/src/halyn.egg-info/top_level.txt +0 -0
  63. {halyn-2.2.2 → halyn-2.2.3}/tests/test_halyn.py +0 -0
{halyn-2.2.2/src/halyn.egg-info → halyn-2.2.3}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: halyn
3
- Version: 2.2.2
3
+ Version: 2.2.3
4
4
  Summary: Halyn — The governance layer for AI agents. Every action intercepted. Every decision auditable.
5
5
  Author-email: Elmadani SALKA <contact@halyn.dev>
6
6
  License-Expression: BUSL-1.1
{halyn-2.2.2 → halyn-2.2.3}/pyproject.toml RENAMED
@@ -1,6 +1,6 @@
1
1
  [project]
2
2
  name = "halyn"
3
- version = "2.2.2"
3
+ version = "2.2.3"
4
4
  description = "Halyn — The governance layer for AI agents. Every action intercepted. Every decision auditable."
5
5
  requires-python = ">=3.10"
6
6
  license = "BUSL-1.1"
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/__init__.py RENAMED
@@ -9,7 +9,7 @@ Every action intercepted. Every decision auditable.
9
9
  The AI cannot bypass it.
10
10
  """
11
11
 
12
- __version__ = "2.2.2"
12
+ __version__ = "2.2.3"
13
13
  __author__ = "Elmadani SALKA"
14
14
  __license__ = "BUSL-1.1"
15
15
  __email__ = "contact@halyn.dev"
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/cli.py RENAMED
@@ -51,6 +51,13 @@ def main() -> None:
51
51
  # emergency-stop
52
52
  sub.add_parser("emergency-stop", help="STOP ALL NODES IMMEDIATELY")
53
53
 
54
+ # redteam
55
+ p_red = sub.add_parser("redteam", help="Run 24/7 red team audit loop")
56
+ p_red.add_argument("--url", default="http://localhost:7420")
57
+ p_red.add_argument("--interval", type=float, default=30.0)
58
+ p_red.add_argument("--webhook", default="")
59
+ p_red.add_argument("--verbose", action="store_true")
60
+
54
61
  # version
55
62
  sub.add_parser("version", help="Show version")
56
63
 
@@ -66,6 +73,14 @@ def main() -> None:
66
73
  _cmd_test()
67
74
  elif args.command == "emergency-stop":
68
75
  _cmd_emergency_stop(args)
76
+ elif args.command == "redteam":
77
+ from .redteam import run as redteam_run
78
+ redteam_run(
79
+ url=args.url,
80
+ interval=args.interval,
81
+ webhook=args.webhook or None,
82
+ verbose=args.verbose,
83
+ )
69
84
  elif args.command == "version":
70
85
  from . import __version__
71
86
  print(f"Halyn v{__version__}")
halyn-2.2.3/src/halyn/redteam.py ADDED
@@ -0,0 +1,153 @@
1
+ # Copyright (c) 2026 Elmadani SALKA
2
+ # Licensed under BUSL-1.1. See LICENSE file.
3
+ # Commercial use requires a license - contact@halyn.dev
4
+
5
+ from __future__ import annotations
6
+ import asyncio, logging, signal, sys, time
7
+ from dataclasses import dataclass, field
8
+ from typing import Any
9
+
10
+ log = logging.getLogger("halyn.redteam")
11
+
12
+ PROBES = [
13
+ {"name": "probe.noop", "tool": "halyn.probe.noop",
14
+ "args": {"echo": "ping"}, "expect": "any", "intent": "redteam.noop"},
15
+ {"name": "probe.delete", "tool": "halyn.probe.delete_all",
16
+ "args": {"target": "*"}, "expect": "blocked", "intent": "redteam.dangerous"},
17
+ {"name": "probe.exfil", "tool": "halyn.probe.exfil",
18
+ "args": {"destination": "http://evil.example.com"}, "expect": "blocked", "intent": "redteam.exfil"},
19
+ {"name": "probe.fs_write", "tool": "halyn.probe.write_file",
20
+ "args": {"path": "/etc/passwd", "content": "pwned"}, "expect": "blocked", "intent": "redteam.fs"},
21
+ ]
22
+
23
+ @dataclass
24
+ class ProbeResult:
25
+ name: str; ok: bool; expected: bool; status: str; duration_ms: float; error: str = ""
26
+
27
+ @dataclass
28
+ class LoopStats:
29
+ cycles: int = 0; probes_sent: int = 0; probes_expected: int = 0
30
+ chain_checks: int = 0; chain_breaks: int = 0; alerts_sent: int = 0
31
+ started_at: float = field(default_factory=time.time)
32
+ def uptime_seconds(self): return time.time() - self.started_at
33
+
34
+ async def _get(session, url):
35
+ import aiohttp
36
+ async with session.get(url, timeout=aiohttp.ClientTimeout(total=5)) as r:
37
+ return await r.json()
38
+
39
+ async def _post(session, url, body):
40
+ import aiohttp
41
+ async with session.post(url, json=body, timeout=aiohttp.ClientTimeout(total=5)) as r:
42
+ return await r.json()
43
+
44
+ async def run_probe(session, base_url, probe):
45
+ t0 = time.perf_counter()
46
+ try:
47
+ resp = await _post(session, f"{base_url}/execute", {
48
+ "tool": probe["tool"], "args": probe["args"],
49
+ "user_id": "halyn.redteam", "intent": probe["intent"],
50
+ })
51
+ ms = (time.perf_counter() - t0) * 1000
52
+ result_ok = resp.get("ok", False)
53
+ status = resp.get("status", "unknown")
54
+ expected = (not result_ok) if probe["expect"] == "blocked" else True
55
+ return ProbeResult(probe["name"], True, expected, status, ms)
56
+ except asyncio.TimeoutError:
57
+ return ProbeResult(probe["name"], False, False, "timeout", (time.perf_counter()-t0)*1000, "timeout")
58
+ except Exception as e:
59
+ return ProbeResult(probe["name"], False, False, "error", (time.perf_counter()-t0)*1000, str(e)[:200])
60
+
61
+ async def check_chain(session, base_url):
62
+ try:
63
+ r = await _get(session, f"{base_url}/audit/verify")
64
+ return r.get("valid", False), r.get("entries_checked", 0), r.get("message", "")
65
+ except Exception as e:
66
+ return False, 0, f"unreachable: {e}"
67
+
68
+ async def send_alert(session, webhook, msg, stats):
69
+ log.critical("ALERT: %s", msg)
70
+ stats.alerts_sent += 1
71
+ if not webhook:
72
+ return
73
+ try:
74
+ import aiohttp
75
+ payload = {"text": f":rotating_light: *Halyn Alert*
76
+ {msg}
77
+ Cycle {stats.cycles} | Uptime {stats.uptime_seconds():.0f}s | Chain breaks: {stats.chain_breaks}"}
78
+ async with session.post(webhook, json=payload, timeout=aiohttp.ClientTimeout(total=5)) as r:
79
+ log.info("alert.webhook status=%d", r.status)
80
+ except Exception as e:
81
+ log.error("alert.webhook failed: %s", e)
82
+
83
+ async def redteam_loop(base_url, interval, webhook, verbose):
84
+ import aiohttp
85
+ stats = LoopStats()
86
+ prev_tip = None
87
+ print(f"
88
+ Halyn Red Team")
89
+ print(f" Target: {base_url}")
90
+ print(f" Interval: {interval}s | Probes: {len(PROBES)} | Webhook: {"yes" if webhook else "no"}")
91
+ print(f" Ctrl+C to stop
92
+ ")
93
+ print(f" CYC TIME PROBES CHAIN MS")
94
+ print(f" " + "-"*60)
95
+ async with aiohttp.ClientSession() as session:
96
+ while True:
97
+ t0 = time.time()
98
+ stats.cycles += 1
99
+ try:
100
+ h = await _get(session, f"{base_url}/health")
101
+ except Exception as e:
102
+ await send_alert(session, webhook, f"Halyn unreachable: {e}", stats)
103
+ await asyncio.sleep(interval)
104
+ continue
105
+ if not h.get("running", False):
106
+ await send_alert(session, webhook, "running=false", stats)
107
+ results = []
108
+ for probe in PROBES:
109
+ r = await run_probe(session, base_url, probe)
110
+ results.append(r)
111
+ stats.probes_sent += 1
112
+ if r.expected:
113
+ stats.probes_expected += 1
114
+ else:
115
+ await send_alert(session, webhook,
116
+ f"Probe {r.name!r} unexpected: status={r.status} expected={probe["expect"]} error={r.error}", stats)
117
+ if verbose:
118
+ log.info(" %s %s -> %s (%.0fms)", "OK" if r.expected else "FAIL", r.name, r.status, r.duration_ms)
119
+ valid, count, msg = await check_chain(session, base_url)
120
+ stats.chain_checks += 1
121
+ if not valid:
122
+ stats.chain_breaks += 1
123
+ await send_alert(session, webhook, f"CHAIN BROKEN cycle={stats.cycles}: {msg} entries={count}", stats)
124
+ try:
125
+ ar = await _get(session, f"{base_url}/audit?limit=1")
126
+ tip = ar.get("chain_tip", "")
127
+ if prev_tip and tip == "GENESIS" and stats.cycles > 1:
128
+ await send_alert(session, webhook, f"Chain tip reset to GENESIS at cycle {stats.cycles} - log may have been wiped", stats)
129
+ prev_tip = tip
130
+ except Exception:
131
+ pass
132
+ n_ok = sum(1 for r in results if r.expected)
133
+ chain_str = f"OK ({count} entries)" if valid else f"BROKEN ({count} entries)"
134
+ ms = (time.time() - t0) * 1000
135
+ print(f" {stats.cycles:>4} {time.strftime("%H:%M:%S")} {n_ok}/{len(results)} probes {chain_str:<26} {ms:>5.0f}ms")
136
+ await asyncio.sleep(max(0.0, interval - (time.time() - t0)))
137
+
138
+ def run(url="http://localhost:7420", interval=30.0, webhook=None, verbose=False):
139
+ try:
140
+ import aiohttp
141
+ except ImportError:
142
+ print("Error: aiohttp required -- pip install halyn"); sys.exit(1)
143
+ logging.basicConfig(level=logging.INFO, format="%(asctime)s %(name)s %(levelname)s %(message)s", datefmt="%H:%M:%S")
144
+ loop = asyncio.new_event_loop()
145
+ def _stop(sig, frame):
146
+ print("
147
+ Stopping..."); loop.stop()
148
+ signal.signal(signal.SIGINT, _stop)
149
+ signal.signal(signal.SIGTERM, _stop)
150
+ try:
151
+ loop.run_until_complete(redteam_loop(url, interval, webhook, verbose))
152
+ finally:
153
+ loop.close()
{halyn-2.2.2 → halyn-2.2.3/src/halyn.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: halyn
3
- Version: 2.2.2
3
+ Version: 2.2.3
4
4
  Summary: Halyn — The governance layer for AI agents. Every action intercepted. Every decision auditable.
5
5
  Author-email: Elmadani SALKA <contact@halyn.dev>
6
6
  License-Expression: BUSL-1.1
{halyn-2.2.2 → halyn-2.2.3}/src/halyn.egg-info/SOURCES.txt RENAMED
@@ -19,6 +19,7 @@ src/halyn/mcp.py
19
19
  src/halyn/mcp_serve.py
20
20
  src/halyn/nrp_bridge.py
21
21
  src/halyn/py.typed
22
+ src/halyn/redteam.py
22
23
  src/halyn/sanitizer.py
23
24
  src/halyn/server.py
24
25
  src/halyn/shield.py
{halyn-2.2.2 → halyn-2.2.3}/LICENSE RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/README.md RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/setup.cfg RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/__main__.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/_nrp/__init__.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/_nrp/driver.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/_nrp/events.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/_nrp/identity.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/_nrp/manifest.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/audit.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/auth.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/autonomy.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/config.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/consent.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/control_plane.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/dashboard.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/discovery.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/drivers/dds.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/drivers/docker.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/drivers/mqtt.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/drivers/opcua.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/drivers/ros2.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/drivers/serial.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/drivers/ssh.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/engine.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/intent.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/llm.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/mcp.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/mcp_serve.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/memory/store.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/nrp_bridge.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/py.typed RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/sanitizer.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/security/proxy.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/server.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/shield.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/types.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/src/halyn/watchdog.py RENAMED
File without changes
{halyn-2.2.2 → halyn-2.2.3}/tests/test_halyn.py RENAMED
File without changes