loopentx 0.1.0__py3-none-any.whl

loopentx/llm/caller.py

@@ -0,0 +1,103 @@
+"""LLM caller — routes ctx.think() to the configured provider."""
+
+from __future__ import annotations
+
+import re
+from typing import Optional
+
+import structlog
+
+from loopentx.core.config import get_config
+
+log = structlog.get_logger()
+
+
+async def call_llm(
+    prompt:      str,
+    system:      Optional[str] = None,
+    choose_from: Optional[list[str]] = None,
+) -> str:
+    """Call the configured LLM provider and return the response string.
+
+    Automatically routes to OpenAI or Anthropic based on config.
+    If choose_from is set, validates the response against the allowed values.
+    """
+    cfg = get_config()
+
+    if cfg.llm_provider == "anthropic":
+        response = await _call_anthropic(prompt, system, cfg)
+    elif cfg.llm_provider == "openai":
+        response = await _call_openai(prompt, system, cfg)
+    else:
+        raise ValueError(f"Unsupported LLM provider: {cfg.llm_provider!r}")
+
+    response = response.strip()
+
+    if choose_from:
+        response = _extract_choice(response, choose_from)
+
+    log.info("llm.called", provider=cfg.llm_provider,
+             prompt_len=len(prompt), response_len=len(response))
+    return response
+
+
+async def _call_anthropic(prompt: str, system: Optional[str], cfg: Any) -> str:
+    try:
+        import anthropic
+    except ImportError:
+        raise ImportError("pip install loopentx[anthropic]")
+
+    api_key = cfg.llm_api_key or None
+    client  = anthropic.AsyncAnthropic(api_key=api_key)
+
+    kwargs: dict = dict(
+        model=cfg.llm_model,
+        max_tokens=1024,
+        messages=[{"role": "user", "content": prompt}],
+    )
+    if system:
+        kwargs["system"] = system
+
+    msg = await client.messages.create(**kwargs)
+    return msg.content[0].text
+
+
+async def _call_openai(prompt: str, system: Optional[str], cfg: Any) -> str:
+    try:
+        from openai import AsyncOpenAI
+    except ImportError:
+        raise ImportError("pip install loopentx[openai]")
+
+    api_key = cfg.llm_api_key or None
+    client  = AsyncOpenAI(api_key=api_key)
+
+    messages = []
+    if system:
+        messages.append({"role": "system", "content": system})
+    messages.append({"role": "user", "content": prompt})
+
+    resp = await client.chat.completions.create(
+        model=cfg.llm_model,
+        messages=messages,
+        max_tokens=1024,
+    )
+    return resp.choices[0].message.content or ""
+
+
+def _extract_choice(response: str, choices: list[str]) -> str:
+    """Extract the matching choice from the LLM response."""
+    lower = response.lower().strip()
+    for choice in choices:
+        if choice.lower() in lower:
+            return choice
+    # Fuzzy: first word
+    first_word = re.split(r"\W+", lower)[0] if lower else ""
+    for choice in choices:
+        if choice.lower().startswith(first_word):
+            return choice
+    log.warning("llm.choice_not_found", response=response, choices=choices)
+    return choices[0]
+
+
+# Allow Any import for type hints in private functions
+from typing import Any

loopentx/trust/__init__.py

@@ -0,0 +1,4 @@
+"""Loopentx trust layer."""
+from loopentx.trust.policy import policy, PolicyContext
+from loopentx.trust.scorer import TrustScorer, TrustScore
+__all__ = ["policy", "PolicyContext", "TrustScorer", "TrustScore"]

loopentx/trust/policy.py

@@ -0,0 +1,185 @@
+"""The @policy decorator — capability scoping, shadow mode, blast radius."""
+
+from __future__ import annotations
+
+import functools
+import time
+from typing import Any, Callable, Optional
+
+import structlog
+
+from loopentx.core.models import BlastRadius, SkillRegistration, TrustLevel
+from loopentx.core.exceptions import PolicyViolationError, SkillNotApprovedError
+from loopentx.core.config import get_config
+
+log = structlog.get_logger()
+
+_WRITE_PATTERNS = [
+    "post_", "send_", "write_", "create_", "update_", "delete_",
+    "publish_", "notify_", "alert_", "push_", "emit_", "dispatch_",
+    "insert_", "patch_", "put_", "remove_", "drop_",
+]
+
+
+class PolicyContext:
+    """Runtime policy enforcement attached to a skill."""
+
+    def __init__(
+        self,
+        skill_name:       str,
+        can_read:         list[str],
+        can_write:        list[str],
+        blast_radius:     BlastRadius,
+        shadow_cycles:    int,
+        require_approval: bool,
+    ) -> None:
+        self.skill_name       = skill_name
+        self.can_read         = set(can_read)
+        self.can_write        = set(can_write)
+        self.blast_radius     = blast_radius
+        self.shadow_cycles    = shadow_cycles
+        self.require_approval = require_approval
+
+    def assert_can_read(self, capability: str) -> None:
+        if capability not in self.can_read and capability not in self.can_write:
+            raise PolicyViolationError(self.skill_name, capability, "read")
+
+    def assert_can_write(self, capability: str) -> None:
+        if capability not in self.can_write:
+            raise PolicyViolationError(self.skill_name, capability, "write")
+
+    def is_write_action(self, fn: Callable) -> bool:
+        name = fn.__name__.lower()
+        return any(name.startswith(p) for p in _WRITE_PATTERNS)
+
+    def to_registration(self, fn_name: str) -> SkillRegistration:
+        needs_gate = self.shadow_cycles > 0 or self.require_approval
+        return SkillRegistration(
+            name=fn_name,
+            kind="skill",
+            can_read=list(self.can_read),
+            can_write=list(self.can_write),
+            blast_radius=self.blast_radius,
+            shadow_cycles=self.shadow_cycles,
+            shadow_cycles_remaining=self.shadow_cycles,
+            require_approval=self.require_approval,
+            is_active=not needs_gate,
+            is_shadow=self.shadow_cycles > 0,
+            trust_level=TrustLevel.UNTRUSTED if needs_gate else TrustLevel.PROVISIONAL,
+        )
+
+
+def policy(
+    can_read:         Optional[list[str]] = None,
+    can_write:        Optional[list[str]] = None,
+    blast_radius:     str = "low",
+    shadow_cycles:    int = 0,
+    require_approval: bool = False,
+) -> Callable:
+    """Declare the trust policy for a skill.
+
+    Must be applied ABOVE @skill in the decorator stack.
+
+    Args:
+        can_read:         Systems the skill may read from.
+        can_write:        Systems the skill may write to (implies read).
+        blast_radius:     Impact scope: "low" | "medium" | "high" | "critical".
+                          high/critical automatically require human approval.
+        shadow_cycles:    Dry-run cycles before going live. Write actions
+                          are captured but not applied during shadow mode.
+        require_approval: Require explicit `loopentx trust approve` before live.
+
+    Example:
+        @policy(
+            can_read=["metrics_api"],
+            can_write=["slack"],
+            blast_radius="medium",
+            shadow_cycles=3,
+        )
+        @skill(retries=3)
+        async def triage(ctx, services: list[str]):
+            ...
+    """
+    try:
+        blast = BlastRadius(blast_radius)
+    except ValueError:
+        raise ValueError(
+            f"Invalid blast_radius: {blast_radius!r}. "
+            f"Must be one of: low, medium, high, critical"
+        )
+
+    _require = require_approval or blast in (BlastRadius.HIGH, BlastRadius.CRITICAL)
+
+    def decorator(fn: Callable) -> Callable:
+        policy_ctx = PolicyContext(
+            skill_name=fn.__name__,
+            can_read=can_read or [],
+            can_write=can_write or [],
+            blast_radius=blast,
+            shadow_cycles=shadow_cycles,
+            require_approval=_require,
+        )
+
+        if hasattr(fn, "_loopentx_skill"):
+            fn._loopentx_skill.policy_context = policy_ctx
+
+        @functools.wraps(fn)
+        async def wrapper(**kwargs: Any) -> Any:
+            if shadow_cycles > 0 or _require:
+                cfg = get_config()
+                reg = await cfg.backend.get_skill_registration(fn.__name__)
+                if reg and not reg.is_active:
+                    if reg.is_shadow and reg.shadow_cycles_remaining > 0:
+                        return await _run_shadow(fn, policy_ctx, reg, **kwargs)
+                    raise SkillNotApprovedError(fn.__name__)
+            return await fn(**kwargs)
+
+        wrapper._loopentx_policy = policy_ctx   # type: ignore[attr-defined]
+        if hasattr(fn, "_loopentx_skill"):
+            wrapper._loopentx_skill = fn._loopentx_skill  # type: ignore[attr-defined]
+            wrapper._loopentx_skill.policy_context = policy_ctx
+            wrapper._loopentx_kind = "skill"             # type: ignore[attr-defined]
+
+        return wrapper
+
+    return decorator
+
+
+async def _run_shadow(
+    fn:         Callable,
+    policy_ctx: PolicyContext,
+    reg:        Any,
+    **kwargs:   Any,
+) -> Any:
+    from loopentx.core.context import LoopContext
+    from loopentx.core.config import get_config
+    from ulid import ULID
+
+    cfg    = get_config()
+    run_id = str(ULID())
+    ctx    = LoopContext(
+        run_id=run_id,
+        skill_name=fn.__name__,
+        backend=cfg.backend,
+        policy_context=policy_ctx,
+        shadow_mode=True,
+    )
+
+    if hasattr(fn, "_loopentx_skill"):
+        result = await fn._loopentx_skill.execute(ctx, **kwargs)
+    else:
+        result = await fn(ctx, **kwargs)
+
+    remaining = reg.shadow_cycles_remaining - 1
+    if remaining <= 0:
+        if policy_ctx.blast_radius == BlastRadius.LOW and not policy_ctx.require_approval:
+            await cfg.backend.approve_skill(fn.__name__, approved_by="auto")
+            log.info("policy.auto_approved", skill=fn.__name__)
+        else:
+            log.info("policy.shadow_complete_awaiting_approval",
+                     skill=fn.__name__, blast=policy_ctx.blast_radius.value)
+    else:
+        reg.shadow_cycles_remaining = remaining
+        await cfg.backend.save_skill_registration(reg)
+
+    return result

loopentx/trust/scorer.py

@@ -0,0 +1,141 @@
+"""Trust scorer — evaluates skill reliability and promotes trust levels."""
+
+from __future__ import annotations
+
+import time
+from typing import Optional
+
+import structlog
+
+from loopentx.core.models import TrustRecord, TrustLevel, RunStatus
+from loopentx.core.config import get_config
+
+log = structlog.get_logger()
+
+THRESHOLDS = {
+    TrustLevel.AUTONOMOUS:   0.90,
+    TrustLevel.TRUSTED:      0.65,
+    TrustLevel.PROVISIONAL:  0.30,
+    TrustLevel.UNTRUSTED:    0.0,
+}
+
+WEIGHTS = {
+    "success_rate":        0.45,
+    "human_approval_rate": 0.30,
+    "volume_bonus":        0.10,
+    "recency_factor":      0.15,
+}
+
+
+class TrustScorer:
+    """Calculates and updates trust scores for loops and skills.
+
+    Score components:
+      success_rate (45%)       — ratio of completed to total live runs
+      human_approval_rate (30%)— ratio of approvals to human reviews
+      volume_bonus (10%)       — logarithmic reward for proven track record
+      recency_factor (15%)     — penalises dormant skills
+
+    Score → Level:
+      0.00–0.29  UNTRUSTED    shadow + human review required
+      0.30–0.64  PROVISIONAL  runs live, changes monitored
+      0.65–0.89  TRUSTED      autonomous, changes need review
+      0.90–1.00  AUTONOMOUS   fully autonomous, changes auto-approved
+    """
+
+    async def evaluate(self, skill_name: str) -> TrustRecord:
+        cfg   = get_config()
+        since = time.time() - (30 * 86400)
+        runs  = await cfg.backend.get_runs(skill_name=skill_name, since=since)
+
+        existing = await cfg.backend.get_trust_record(skill_name)
+        trust    = existing or TrustRecord(skill_name=skill_name)
+
+        if not runs:
+            trust.last_evaluated_at = time.time()
+            return trust
+
+        live   = [r for r in runs if not r.is_shadow]
+        total  = len(live)
+        ok     = sum(1 for r in live if r.status == RunStatus.COMPLETED)
+        failed = sum(1 for r in live if r.status == RunStatus.FAILED)
+        shadow = sum(1 for r in runs if r.is_shadow)
+
+        trust.total_runs     = total
+        trust.successful_runs= ok
+        trust.failed_runs    = failed
+        trust.shadow_runs    = shadow
+
+        durations = [r.duration_ms for r in runs if r.duration_ms]
+        trust.avg_duration_ms = sum(durations) / len(durations) if durations else 0.0
+
+        success_rate = ok / total if total > 0 else 0.0
+
+        approvals   = trust.human_approvals
+        rejections  = trust.human_rejections
+        reviews     = approvals + rejections
+        approval_rate = approvals / reviews if reviews > 0 else 0.5
+
+        volume_bonus = min(total / 50.0, 1.0)
+
+        most_recent   = max((r.completed_at or 0.0) for r in runs)
+        days_inactive = (time.time() - most_recent) / 86400 if most_recent else 30
+        recency       = max(0.0, 1.0 - days_inactive / 14.0)
+
+        score = (
+            success_rate   * WEIGHTS["success_rate"]
+            + approval_rate * WEIGHTS["human_approval_rate"]
+            + volume_bonus  * WEIGHTS["volume_bonus"]
+            + recency       * WEIGHTS["recency_factor"]
+        )
+
+        trust.trust_score        = round(min(score, 1.0), 4)
+        trust.trust_level        = self._to_level(trust.trust_score)
+        trust.last_evaluated_at  = time.time()
+        trust.last_updated_at    = time.time()
+
+        log.info("trust.evaluated", skill=skill_name, score=trust.trust_score,
+                 level=trust.trust_level, success_rate=round(success_rate, 3))
+        return trust
+
+    def _to_level(self, score: float) -> TrustLevel:
+        for level, threshold in THRESHOLDS.items():
+            if score >= threshold:
+                return level
+        return TrustLevel.UNTRUSTED
+
+    def explain(self, trust: TrustRecord) -> str:
+        return "\n".join([
+            f"Trust: '{trust.skill_name}' → {trust.trust_score:.2f} ({trust.trust_level.value})",
+            f"  Runs (30d):       {trust.total_runs}",
+            f"  Successful:       {trust.successful_runs}",
+            f"  Failed:           {trust.failed_runs}",
+            f"  Shadow runs:      {trust.shadow_runs}",
+            f"  Human approvals:  {trust.human_approvals}",
+            f"  Human rejections: {trust.human_rejections}",
+            f"  Avg duration:     {trust.avg_duration_ms:.0f}ms",
+        ])
+
+
+class TrustScore:
+    """Convenience helpers for reading and updating trust records."""
+
+    @staticmethod
+    async def get(skill_name: str) -> Optional[TrustRecord]:
+        return await get_config().backend.get_trust_record(skill_name)
+
+    @staticmethod
+    async def approve(skill_name: str, approved_by: str = "human") -> None:
+        backend = get_config().backend
+        trust   = await backend.get_trust_record(skill_name) or TrustRecord(skill_name=skill_name)
+        trust.human_approvals  += 1
+        trust.last_updated_at   = time.time()
+        await backend.save_trust_record(trust)
+
+    @staticmethod
+    async def reject(skill_name: str, rejected_by: str = "human") -> None:
+        backend = get_config().backend
+        trust   = await backend.get_trust_record(skill_name) or TrustRecord(skill_name=skill_name)
+        trust.human_rejections += 1
+        trust.last_updated_at   = time.time()
+        await backend.save_trust_record(trust)