krnl-code 1.0.4__py3-none-any.whl

krnl_agent/guardrails.py

@@ -0,0 +1,70 @@
+"""Guardrails for autonomous deploy / self-heal.
+
+Two deterministic safety layers used by the deploy + ship + heal flows:
+
+  * spend gate — block anything that may create billable cloud infra unless the user
+    opted in (`deploy.allow_billable`), defaulting to free-tier-only. Irreversible /
+    money-spending steps stay behind an explicit approval.
+  * secret redaction — mask any known credential value (from the env vars our deploy
+    targets use) before it could be echoed to the user, logged, or audited.
+
+Graduated trust: a health-gated rollback (reverting to a known-good state) is always
+safe to automate; anything that *creates* state or *spends money* is gated.
+"""
+from __future__ import annotations
+
+import os
+import re
+
+from . import deploy
+
+# Env vars that hold deploy/monitoring credentials — their values get redacted.
+_CRED_ENVS = [
+    "VERCEL_TOKEN", "NETLIFY_AUTH_TOKEN", "CLOUDFLARE_API_TOKEN", "RENDER_API_KEY",
+    "RAILWAY_TOKEN", "RAILWAY_API_TOKEN", "FLY_API_TOKEN", "NEON_API_KEY",
+    "SUPABASE_ACCESS_TOKEN", "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY",
+    "AWS_SESSION_TOKEN", "AZURE_CLIENT_SECRET", "DOCKER_TOKEN", "DOCKER_PASSWORD",
+    "SENTRY_AUTH_TOKEN", "SENTRY_DSN", "DD_API_KEY", "DD_APP_KEY",
+    "UPTIMEROBOT_API_KEY", "GITHUB_TOKEN", "GH_TOKEN",
+]
+
+
+def spend_gate(deploy_cfg: dict, target_name: str) -> tuple[str, str]:
+    """Return (decision, reason). decision is 'allow' | 'ask' | 'deny'.
+
+    Free-tier targets → allow. Billable targets → 'ask' (approval) unless the user
+    set deploy.allow_billable: true, and 'deny' if deploy.free_tier_only is set.
+    """
+    dep = deploy_cfg or {}
+    t = deploy.target(target_name)
+    if t is None:
+        return "deny", f"unknown deploy target '{target_name}'"
+    if not t.billable and t.free_tier:
+        return "allow", "free-tier target"
+    # Billable / no-free-tier target.
+    if dep.get("free_tier_only", True) and not dep.get("allow_billable", False):
+        return "deny", (f"{target_name} may create billable infrastructure; blocked by "
+                        "deploy.free_tier_only (set deploy.allow_billable: true to permit)")
+    if dep.get("allow_billable", False):
+        return "allow", "billable allowed by deploy.allow_billable"
+    return "ask", f"{target_name} may incur cost — confirm before provisioning"
+
+
+def cost_ceiling(deploy_cfg: dict) -> float | None:
+    v = (deploy_cfg or {}).get("cost_ceiling_usd")
+    return float(v) if v is not None else None
+
+
+def redact(text: str) -> str:
+    """Mask known credential values and common secret token shapes in `text`."""
+    if not text:
+        return text
+    out = text
+    for env in _CRED_ENVS:
+        val = os.getenv(env)
+        if val and len(val) >= 6:
+            out = out.replace(val, f"$***{env}***")
+    # Generic token shapes (in case a value isn't from a known env var).
+    out = re.sub(r"\b(pypi-[A-Za-z0-9_\-]{8,}|gh[pousr]_[A-Za-z0-9]{20,}|"
+                 r"sk-[A-Za-z0-9]{20,}|AKIA[0-9A-Z]{16})\b", "***redacted***", out)
+    return out

krnl_agent/headless.py

@@ -0,0 +1,60 @@
+"""Headless execution — run the agent non-interactively (CI, scripts, schedules).
+
+Auto-approves all actions and optionally streams every event as JSON lines for
+command chaining (`krnl-agent run "..." --json`).
+"""
+from __future__ import annotations
+
+import json
+
+from .config import load_config
+from .events import AgentIO, ApprovalDecision
+from .loop import AgentSession
+
+
+class HeadlessIO(AgentIO):
+    def __init__(self, json_stream: bool = False):
+        self.events: list[dict] = []
+        self.final = ""
+        self.json_stream = json_stream
+
+    def _out(self, event: dict) -> None:
+        if self.json_stream:
+            print(json.dumps(event), flush=True)
+
+    def emit_sync(self, event: dict) -> None:
+        self.events.append(event)
+        self._out(event)
+
+    async def emit(self, event: dict) -> None:
+        self.events.append(event)
+        if event.get("type") == "assistant_message":
+            self.final = event["text"]
+        self._out(event)
+
+    async def request_approval(self, request: dict) -> ApprovalDecision:
+        self._out(request)
+        return ApprovalDecision(approved=True)
+
+
+async def run_headless(
+    task: str,
+    workspace: str,
+    *,
+    provider: str | None = None,
+    model: str | None = None,
+    api_key: str | None = None,
+    json_stream: bool = False,
+    team: str | None = None,
+) -> dict:
+    cfg = load_config(provider=provider, model=model, api_key=api_key)
+    cfg.agent.auto_approve_writes = True
+    cfg.agent.auto_approve_commands = True
+    io = HeadlessIO(json_stream)
+    session = AgentSession(workspace, cfg, io, team=team)
+    await session.run(task)
+    return {
+        "final": io.final,
+        "tokens": session.session_tokens,
+        "cost": round(session.session_cost, 4),
+    }

krnl_agent/history.py

@@ -0,0 +1,49 @@
+"""Persist conversation history per workspace so context survives restarts.
+
+Stored under ``~/.krnl-agent/sessions/<hash>.json``. The session saves after
+every turn and can reload on startup, so closing the CLI or reloading the VS Code
+window no longer wipes the conversation.
+"""
+from __future__ import annotations
+
+import hashlib
+import json
+from pathlib import Path
+
+from .settings import SETTINGS_DIR
+
+SESSIONS_DIR = SETTINGS_DIR / "sessions"
+
+
+def _session_file(workspace: str) -> Path:
+    key = hashlib.sha1(str(Path(workspace).resolve()).encode("utf-8")).hexdigest()[:16]
+    return SESSIONS_DIR / f"{key}.json"
+
+
+def load_history(workspace: str) -> list[dict]:
+    f = _session_file(workspace)
+    if not f.is_file():
+        return []
+    try:
+        data = json.loads(f.read_text(encoding="utf-8"))
+        return data.get("messages", []) if isinstance(data, dict) else []
+    except Exception:
+        return []
+
+
+def save_history(workspace: str, messages: list[dict]) -> None:
+    try:
+        SESSIONS_DIR.mkdir(parents=True, exist_ok=True)
+        _session_file(workspace).write_text(
+            json.dumps({"workspace": str(Path(workspace).resolve()), "messages": messages}),
+            encoding="utf-8",
+        )
+    except Exception:
+        pass
+
+
+def clear_history(workspace: str) -> None:
+    try:
+        _session_file(workspace).unlink()
+    except Exception:
+        pass

krnl_agent/hooks.py

@@ -0,0 +1,72 @@
+"""User-defined hooks — run shell commands on agent lifecycle events.
+
+Config (config.yaml):
+    hooks:
+      PreToolUse:
+        - matcher: "write_file|edit_file|multi_edit"   # regex on tool name (or "*")
+          command: "ruff check ."                        # non-zero exit BLOCKS the tool
+      PostToolUse:
+        - matcher: "*"
+          command: "echo done"
+      Stop:
+        - command: "notify-send 'agent finished'"
+      UserPromptSubmit:
+        - command: "echo prompt received"
+
+The event payload is passed to the command as JSON on stdin. For PreToolUse a
+non-zero exit code blocks the tool and the command's output is fed back to the
+model as the reason.
+"""
+from __future__ import annotations
+
+import json
+import re
+import subprocess
+from typing import Optional
+
+EVENTS = ("PreToolUse", "PostToolUse", "Stop", "UserPromptSubmit")
+
+
+class HookRunner:
+    def __init__(self, config: Optional[dict], workspace: str, timeout: int = 30):
+        self.config = config or {}
+        self.workspace = workspace
+        self.timeout = timeout
+
+    @property
+    def active(self) -> bool:
+        return bool(self.config)
+
+    def _matching(self, event: str, tool: Optional[str]) -> list[str]:
+        cmds = []
+        for hook in self.config.get(event, []) or []:
+            matcher = hook.get("matcher", "*")
+            if tool is None or matcher == "*" or re.search(matcher, tool):
+                if hook.get("command"):
+                    cmds.append(hook["command"])
+        return cmds
+
+    def run(self, event: str, payload: dict) -> tuple[bool, str]:
+        """Returns (blocked, message). `blocked` is only ever True for PreToolUse."""
+        tool = payload.get("tool")
+        outputs: list[str] = []
+        for command in self._matching(event, tool):
+            try:
+                res = subprocess.run(
+                    command,
+                    cwd=self.workspace,
+                    shell=True,
+                    input=json.dumps(payload),
+                    capture_output=True,
+                    text=True,
+                    timeout=self.timeout,
+                )
+            except Exception as e:  # noqa: BLE001
+                outputs.append(f"hook error: {e}")
+                continue
+            out = (res.stdout + res.stderr).strip()
+            if out:
+                outputs.append(out)
+            if event == "PreToolUse" and res.returncode != 0:
+                return True, out or f"blocked by hook (exit {res.returncode})"
+        return False, "\n".join(outputs)

krnl_agent/ingest.py

@@ -0,0 +1,129 @@
+"""Ingest files, folders, and images the user references or drags into the chat.
+
+If a message contains a path (quoted, bare, or the whole line - e.g. a drag-and-
+dropped file/folder, absolute or relative) that exists on disk, its contents are
+inlined into the prompt: text files are read (any reasonable length), folders are
+read recursively (bounded), and images become multimodal blocks for vision models.
+"""
+from __future__ import annotations
+
+import base64
+import mimetypes
+import re
+from pathlib import Path
+
+IMAGE_EXTS = {".png", ".jpg", ".jpeg", ".gif", ".webp", ".bmp", ".svg"}
+_MAX_FILE = 400_000        # chars per ingested file
+_MAX_TOTAL = 1_200_000     # total chars across an ingest
+_MAX_FOLDER_FILES = 60
+
+
+def _is_binary(p: Path) -> bool:
+    try:
+        with open(p, "rb") as f:
+            return b"\x00" in f.read(4096)
+    except Exception:
+        return True
+
+
+def _read_text(p: Path) -> str:
+    try:
+        data = p.read_text(encoding="utf-8", errors="replace")
+    except Exception as e:  # noqa: BLE001
+        return f"(could not read: {e})"
+    if len(data) > _MAX_FILE:
+        head = _MAX_FILE * 3 // 4
+        data = data[:head] + f"\n…[truncated, {len(data)} chars total]…\n" + data[-(_MAX_FILE - head):]
+    return data
+
+
+def _image_url(p: Path) -> str | None:
+    try:
+        mime = mimetypes.guess_type(str(p))[0] or "image/png"
+        b64 = base64.b64encode(p.read_bytes()).decode("ascii")
+        return f"data:{mime};base64,{b64}"
+    except Exception:
+        return None
+
+
+def _candidates(text: str) -> list[str]:
+    cands: list[str] = []
+    for m in re.finditer(r'"([^"]+)"|\'([^\']+)\'', text):  # quoted (drag-drop w/ spaces)
+        cands.append(m.group(1) or m.group(2))
+    whole = text.strip().strip('"').strip("'")
+    if whole:
+        cands.append(whole)                                  # whole line = one dropped path
+    for tok in re.split(r"\s+", text):                       # path-like tokens
+        tok = tok.strip().strip("\"'").rstrip(".,;:)").lstrip("@")
+        looks_path = "/" in tok or "\\" in tok or re.match(r"^[A-Za-z]:", tok)
+        has_ext = re.search(r"\.[A-Za-z0-9]{1,6}$", tok)
+        if len(tok) > 2 and (looks_path or has_ext):
+            cands.append(tok)
+    out, seen = [], set()
+    for c in cands:
+        if c and c not in seen:
+            seen.add(c)
+            out.append(c)
+    return out
+
+
+def _resolve(cand: str, ctx) -> Path | None:
+    try:
+        p = Path(cand)
+        if p.exists():
+            return p
+        rp = ctx.root / cand
+        if rp.exists():
+            return rp
+    except Exception:
+        return None
+    return None
+
+
+def gather(task: str, ctx) -> tuple[str, list[str]]:
+    """Return (augmented_task, image_data_urls). Inlines referenced files/folders;
+    collects images as data URLs for vision models."""
+    images: list[str] = []
+    blocks: list[str] = []
+    total = 0
+    handled: set[str] = set()
+    for cand in _candidates(task):
+        p = _resolve(cand, ctx)
+        if p is None:
+            continue
+        key = str(p.resolve())
+        if key in handled:
+            continue
+        handled.add(key)
+        try:
+            if p.is_dir():
+                files = [fp for fp in sorted(p.rglob("*"))
+                         if fp.is_file() and not _is_binary(fp)][:_MAX_FOLDER_FILES]
+                blocks.append(f"--- folder: {p} ({len(files)} files) ---")
+                for fp in files:
+                    if total > _MAX_TOTAL:
+                        break
+                    c = _read_text(fp)
+                    try:
+                        rel = fp.relative_to(p)
+                    except Exception:
+                        rel = fp.name
+                    blocks.append(f"### {rel}\n{c}")
+                    total += len(c)
+            elif p.suffix.lower() in IMAGE_EXTS:
+                url = _image_url(p)
+                if url:
+                    images.append(url)
+                    blocks.append(f"[image attached: {p.name}]")
+            elif p.is_file() and not _is_binary(p):
+                c = _read_text(p)
+                blocks.append(f"--- file: {p} ---\n{c}")
+                total += len(c)
+        except Exception:
+            continue
+        if total > _MAX_TOTAL:
+            break
+
+    if blocks:
+        task = task + "\n\n# Provided context (files / folders / images you referenced)\n" + "\n\n".join(blocks)
+    return task, images