ouroboros-ai 0.1.1__py3-none-any.whl → 0.2.0__py3-none-any.whl

ouroboros/__init__.py

@@ -1,6 +1,19 @@
-"""Ouroboros - Self-Improving AI Workflow System."""
+"""Ouroboros - Self-Improving AI Workflow System.
 
-__version__ = "0.1.0"
+A workflow system that uses Socratic questioning and ontological analysis
+to transform ambiguous requirements into executable specifications.
+
+Example:
+    # Using CLI
+    ouroboros init start "I want to build a task management CLI"
+    ouroboros run workflow seed.yaml
+
+    # Using Python
+    from ouroboros.core import Result, ValidationError
+    from ouroboros.bigbang import InterviewEngine
+"""
+
+__version__ = "0.2.0"
 
 __all__ = ["__version__", "main"]
 

ouroboros/bigbang/ambiguity.py

@@ -36,6 +36,9 @@ DEFAULT_MODEL = "openrouter/google/gemini-2.0-flash-001"
 # Temperature for reproducible scoring
 SCORING_TEMPERATURE = 0.1
 
+# Maximum token limit to prevent cost explosion
+MAX_TOKEN_LIMIT = 8192
+
 
 class ComponentScore(BaseModel):
     """Individual component score with justification.
@@ -106,6 +109,17 @@ class AmbiguityScorer:
     Uses LLM to evaluate clarity of goals, constraints, and success criteria
     from interview conversation, producing reproducible scores.
 
+    Uses adaptive token allocation: starts with `initial_max_tokens` and
+    doubles on truncation up to `MAX_TOKEN_LIMIT`. Retries up to `max_retries`
+    times on both provider errors and parse failures.
+
+    Attributes:
+        llm_adapter: The LLM adapter for completions.
+        model: Model identifier to use.
+        temperature: Temperature for reproducibility (default 0.1).
+        initial_max_tokens: Starting token limit (default 2048).
+        max_retries: Maximum retry attempts (default 3).
+
     Example:
         scorer = AmbiguityScorer(llm_adapter=LiteLLMAdapter())
 
@@ -123,7 +137,8 @@ class AmbiguityScorer:
     llm_adapter: LiteLLMAdapter
     model: str = DEFAULT_MODEL
     temperature: float = SCORING_TEMPERATURE
-    max_tokens: int = 2048
+    initial_max_tokens: int = 2048
+    max_retries: int = 3
 
     async def score(
         self, state: InterviewState
@@ -135,6 +150,9 @@ class AmbiguityScorer:
         - Constraints (30% weight)
         - Success criteria (30% weight)
 
+        Uses adaptive token allocation: starts with initial_max_tokens and
+        doubles on parse failure, up to max_retries attempts.
+
         Args:
             state: The interview state to score.
 
@@ -159,57 +177,98 @@ class AmbiguityScorer:
             Message(role=MessageRole.USER, content=user_prompt),
         ]
 
-        config = CompletionConfig(
-            model=self.model,
-            temperature=self.temperature,
-            max_tokens=self.max_tokens,
-        )
-
-        result = await self.llm_adapter.complete(messages, config)
+        current_max_tokens = self.initial_max_tokens
+        last_error: Exception | ProviderError | None = None
+        last_response: str = ""
 
-        if result.is_err:
-            log.warning(
-                "ambiguity.scoring.failed",
-                interview_id=state.interview_id,
-                error=str(result.error),
+        for attempt in range(self.max_retries):
+            config = CompletionConfig(
+                model=self.model,
+                temperature=self.temperature,
+                max_tokens=current_max_tokens,
             )
-            return Result.err(result.error)
-
-        # Parse the LLM response into scores
-        try:
-            breakdown = self._parse_scoring_response(result.value.content)
-            overall_score = self._calculate_overall_score(breakdown)
 
-            ambiguity_score = AmbiguityScore(
-                overall_score=overall_score,
-                breakdown=breakdown,
-            )
+            result = await self.llm_adapter.complete(messages, config)
+
+            # Fix #3: Retry on provider errors (rate limits, transient failures)
+            if result.is_err:
+                last_error = result.error
+                log.warning(
+                    "ambiguity.scoring.provider_error_retrying",
+                    interview_id=state.interview_id,
+                    error=str(result.error),
+                    attempt=attempt + 1,
+                    max_retries=self.max_retries,
+                )
+                continue
 
-            log.info(
-                "ambiguity.scoring.completed",
-                interview_id=state.interview_id,
-                overall_score=overall_score,
-                is_ready_for_seed=ambiguity_score.is_ready_for_seed,
-                goal_clarity=breakdown.goal_clarity.clarity_score,
-                constraint_clarity=breakdown.constraint_clarity.clarity_score,
-                success_criteria_clarity=breakdown.success_criteria_clarity.clarity_score,
-            )
+            # Parse the LLM response into scores
+            try:
+                breakdown = self._parse_scoring_response(result.value.content)
+                overall_score = self._calculate_overall_score(breakdown)
 
-            return Result.ok(ambiguity_score)
+                ambiguity_score = AmbiguityScore(
+                    overall_score=overall_score,
+                    breakdown=breakdown,
+                )
 
-        except (ValueError, KeyError) as e:
-            log.warning(
-                "ambiguity.scoring.parse_failed",
-                interview_id=state.interview_id,
-                error=str(e),
-                response=result.value.content[:500],
-            )
-            return Result.err(
-                ProviderError(
-                    f"Failed to parse scoring response: {e}",
-                    details={"response_preview": result.value.content[:200]},
+                log.info(
+                    "ambiguity.scoring.completed",
+                    interview_id=state.interview_id,
+                    overall_score=overall_score,
+                    is_ready_for_seed=ambiguity_score.is_ready_for_seed,
+                    goal_clarity=breakdown.goal_clarity.clarity_score,
+                    constraint_clarity=breakdown.constraint_clarity.clarity_score,
+                    success_criteria_clarity=breakdown.success_criteria_clarity.clarity_score,
+                    tokens_used=current_max_tokens,
+                    attempt=attempt + 1,
                 )
+
+                return Result.ok(ambiguity_score)
+
+            except (ValueError, KeyError) as e:
+                last_error = e
+                last_response = result.value.content
+
+                # Fix #2: Only increase tokens if response was truncated
+                is_truncated = result.value.finish_reason == "length"
+
+                if is_truncated:
+                    # Fix #1: Cap token growth with MAX_TOKEN_LIMIT
+                    next_tokens = min(current_max_tokens * 2, MAX_TOKEN_LIMIT)
+                    log.warning(
+                        "ambiguity.scoring.truncated_retrying",
+                        interview_id=state.interview_id,
+                        error=str(e),
+                        attempt=attempt + 1,
+                        current_tokens=current_max_tokens,
+                        next_tokens=next_tokens,
+                    )
+                    current_max_tokens = next_tokens
+                else:
+                    # Format error without truncation - retry with same tokens
+                    log.warning(
+                        "ambiguity.scoring.format_error_retrying",
+                        interview_id=state.interview_id,
+                        error=str(e),
+                        attempt=attempt + 1,
+                        finish_reason=result.value.finish_reason,
+                    )
+
+        # All retries exhausted
+        log.warning(
+            "ambiguity.scoring.failed",
+            interview_id=state.interview_id,
+            error=str(last_error),
+            response=last_response[:500] if last_response else None,
+            max_retries_exhausted=True,
+        )
+        return Result.err(
+            ProviderError(
+                f"Failed to parse scoring response after {self.max_retries} attempts: {last_error}",
+                details={"response_preview": last_response[:200] if last_response else None},
             )
+        )
 
     def _build_interview_context(self, state: InterviewState) -> str:
         """Build context string from interview state.
@@ -254,15 +313,17 @@ Evaluate three components:
 
 For each component, provide:
 - A clarity score between 0.0 (completely unclear) and 1.0 (perfectly clear)
-- A brief justification explaining the score
+- A brief justification (1-2 sentences max) explaining the score
+
+IMPORTANT: You MUST provide ALL six fields below. Keep justifications concise.
 
 Respond in this exact format:
 GOAL_CLARITY_SCORE: <score>
-GOAL_CLARITY_JUSTIFICATION: <justification>
+GOAL_CLARITY_JUSTIFICATION: <justification in 1-2 sentences>
 CONSTRAINT_CLARITY_SCORE: <score>
-CONSTRAINT_CLARITY_JUSTIFICATION: <justification>
+CONSTRAINT_CLARITY_JUSTIFICATION: <justification in 1-2 sentences>
 SUCCESS_CRITERIA_CLARITY_SCORE: <score>
-SUCCESS_CRITERIA_CLARITY_JUSTIFICATION: <justification>
+SUCCESS_CRITERIA_CLARITY_JUSTIFICATION: <justification in 1-2 sentences>
 
 Be strict in your evaluation. Scores above 0.8 require very specific, measurable requirements."""
 

ouroboros/bigbang/interview.py

@@ -17,6 +17,7 @@ from pydantic import BaseModel, Field
 import structlog
 
 from ouroboros.core.errors import ProviderError, ValidationError
+from ouroboros.core.security import InputValidator
 from ouroboros.core.types import Result
 from ouroboros.providers.base import (
     CompletionConfig,
@@ -186,9 +187,11 @@ class InterviewEngine:
         Returns:
             Result containing the new InterviewState or ValidationError.
         """
-        if not initial_context.strip():
+        # Validate initial context with security limits
+        is_valid, error_msg = InputValidator.validate_initial_context(initial_context)
+        if not is_valid:
             return Result.err(
-                ValidationError("Initial context cannot be empty", field="initial_context")
+                ValidationError(error_msg, field="initial_context")
             )
 
         if interview_id is None:
@@ -285,9 +288,11 @@ class InterviewEngine:
         Returns:
             Result containing updated state or ValidationError.
         """
-        if not user_response.strip():
+        # Validate user response with security limits
+        is_valid, error_msg = InputValidator.validate_user_response(user_response)
+        if not is_valid:
             return Result.err(
-                ValidationError("User response cannot be empty", field="user_response")
+                ValidationError(error_msg, field="user_response")
             )
 
         if state.is_complete:

ouroboros/cli/commands/run.py

@@ -15,6 +15,7 @@ import yaml
 
 from ouroboros.cli.formatters import console
 from ouroboros.cli.formatters.panels import print_error, print_info, print_success
+from ouroboros.core.security import InputValidator
 
 app = typer.Typer(
     name="run",
@@ -33,8 +34,15 @@ def _load_seed_from_yaml(seed_file: Path) -> dict:
         Seed configuration dictionary.
 
     Raises:
-        typer.Exit: If file cannot be loaded.
+        typer.Exit: If file cannot be loaded or exceeds size limit.
     """
+    # Security: Validate file size to prevent DoS
+    file_size = seed_file.stat().st_size
+    is_valid, error_msg = InputValidator.validate_seed_file_size(file_size)
+    if not is_valid:
+        print_error(f"Seed file validation failed: {error_msg}")
+        raise typer.Exit(1)
+
     try:
         with open(seed_file) as f:
             return yaml.safe_load(f)

ouroboros/core/__init__.py

@@ -27,6 +27,12 @@ from ouroboros.core.seed import (
     Seed,
     SeedMetadata,
 )
+from ouroboros.core.security import (
+    InputValidator,
+    mask_api_key,
+    sanitize_for_logging,
+    validate_api_key_format,
+)
 from ouroboros.core.types import CostUnits, DriftScore, EventPayload, Result
 
 __all__ = [
@@ -59,4 +65,9 @@ __all__ = [
     "compress_context",
     "compress_context_with_llm",
     "create_filtered_context",
+    # Security utilities
+    "InputValidator",
+    "mask_api_key",
+    "validate_api_key_format",
+    "sanitize_for_logging",
 ]

ouroboros/core/security.py

@@ -0,0 +1,327 @@
+"""Security utilities for Ouroboros.
+
+This module provides security-related utilities including:
+- API key validation and masking
+- Input sanitization
+- Size limits for external inputs
+
+Security Level: MEDIUM
+- API keys are masked in logs and error messages
+- Basic format validation for API keys
+- Size limits to prevent DoS attacks
+"""
+
+import re
+from typing import Any
+
+# Maximum sizes for external inputs (DoS prevention)
+MAX_INITIAL_CONTEXT_LENGTH = 50_000  # 50KB for initial interview context
+MAX_USER_RESPONSE_LENGTH = 10_000  # 10KB for interview responses
+MAX_SEED_FILE_SIZE = 1_000_000  # 1MB for seed YAML files
+MAX_LLM_RESPONSE_LENGTH = 100_000  # 100KB for LLM responses
+
+# API key patterns for validation (not exhaustive, basic format check)
+_API_KEY_PATTERNS: dict[str, re.Pattern[str]] = {
+    "openai": re.compile(r"^sk-[a-zA-Z0-9_-]{20,}$"),
+    "anthropic": re.compile(r"^sk-ant-[a-zA-Z0-9_-]{20,}$"),
+    "openrouter": re.compile(r"^sk-or-[a-zA-Z0-9_-]{20,}$"),
+    "google": re.compile(r"^AIza[a-zA-Z0-9_-]{35}$"),
+}
+
+# Sensitive field names that should be masked
+SENSITIVE_FIELD_NAMES = frozenset(
+    {
+        "password",
+        "api_key",
+        "apikey",
+        "api-key",
+        "secret",
+        "token",
+        "credential",
+        "auth",
+        "key",
+        "private",
+        "bearer",
+        "authorization",
+    }
+)
+
+# Sensitive value prefixes that indicate secrets
+SENSITIVE_PREFIXES = (
+    "sk-",
+    "pk-",
+    "api-",
+    "bearer ",
+    "token ",
+    "secret_",
+    "AIza",
+)
+
+
+def mask_api_key(api_key: str, visible_chars: int = 4) -> str:
+    """Mask an API key for safe logging/display.
+
+    Shows only the last few characters to help identify which key is being used.
+
+    Args:
+        api_key: The API key to mask.
+        visible_chars: Number of characters to show at the end (default 4).
+
+    Returns:
+        Masked API key like "sk-...xxxx" or "<empty>" if key is empty.
+
+    Example:
+        >>> mask_api_key("sk-1234567890abcdef")
+        'sk-...cdef'
+    """
+    if not api_key:
+        return "<empty>"
+
+    if len(api_key) <= visible_chars + 4:
+        # Key is too short to meaningfully mask
+        return "*" * len(api_key)
+
+    # Show prefix (like "sk-") and last few chars
+    if "-" in api_key[:6]:
+        prefix_end = api_key.index("-") + 1
+        prefix = api_key[:prefix_end]
+        return f"{prefix}...{api_key[-visible_chars:]}"
+
+    return f"...{api_key[-visible_chars:]}"
+
+
+def validate_api_key_format(api_key: str, provider: str | None = None) -> bool:
+    """Validate API key format (basic check, not authorization).
+
+    This performs a basic format validation. It does NOT verify that the key
+    is actually valid or authorized - that requires an API call.
+
+    Args:
+        api_key: The API key to validate.
+        provider: Optional provider name for specific validation.
+
+    Returns:
+        True if the key has a valid format.
+
+    Note:
+        This is a security convenience check, not a comprehensive validation.
+        Keys may be properly formatted but still invalid/expired.
+    """
+    if not api_key or len(api_key) < 10:
+        return False
+
+    # If provider specified, use specific pattern
+    if provider and provider.lower() in _API_KEY_PATTERNS:
+        pattern = _API_KEY_PATTERNS[provider.lower()]
+        return bool(pattern.match(api_key))
+
+    # Generic validation: must look like an API key
+    # Should have letters, numbers, possibly dashes/underscores
+    if not re.match(r"^[a-zA-Z0-9_-]{10,}$", api_key):
+        # Check if it's a prefixed key
+        return any(pattern.match(api_key) for pattern in _API_KEY_PATTERNS.values())
+
+    return True
+
+
+def is_sensitive_field(field_name: str) -> bool:
+    """Check if a field name indicates sensitive data.
+
+    Args:
+        field_name: The field name to check.
+
+    Returns:
+        True if the field likely contains sensitive data.
+    """
+    if not field_name:
+        return False
+
+    field_lower = field_name.lower()
+    return any(sensitive in field_lower for sensitive in SENSITIVE_FIELD_NAMES)
+
+
+def is_sensitive_value(value: Any) -> bool:
+    """Check if a value looks like sensitive data.
+
+    Args:
+        value: The value to check.
+
+    Returns:
+        True if the value appears to be sensitive (API key, token, etc).
+    """
+    if not isinstance(value, str):
+        return False
+
+    value_lower = value.lower()
+    return any(value_lower.startswith(prefix.lower()) for prefix in SENSITIVE_PREFIXES)
+
+
+def mask_sensitive_value(value: Any, field_name: str | None = None) -> str:
+    """Mask a potentially sensitive value for safe logging.
+
+    Args:
+        value: The value to potentially mask.
+        field_name: Optional field name for context.
+
+    Returns:
+        Masked string if sensitive, otherwise string representation.
+    """
+    if value is None:
+        return "<None>"
+
+    # Check if field name indicates sensitivity
+    if field_name and is_sensitive_field(field_name):
+        return "<REDACTED>"
+
+    # Check if value looks sensitive
+    if isinstance(value, str):
+        if is_sensitive_value(value):
+            return mask_api_key(value)
+
+        # Truncate long strings
+        if len(value) > 100:
+            return f"{value[:50]}...({len(value)} chars)"
+
+        return value
+
+    # For other types, show type info
+    if isinstance(value, (dict, list)):
+        return f"<{type(value).__name__} with {len(value)} items>"
+
+    return str(value)
+
+
+def sanitize_for_logging(data: dict[str, Any]) -> dict[str, Any]:
+    """Create a copy of data with sensitive values masked.
+
+    Use this before logging dictionaries that might contain sensitive data.
+
+    Args:
+        data: Dictionary that might contain sensitive data.
+
+    Returns:
+        New dictionary with sensitive values masked.
+
+    Example:
+        >>> sanitize_for_logging({"api_key": "sk-secret123", "name": "test"})
+        {'api_key': '<REDACTED>', 'name': 'test'}
+    """
+    result = {}
+    for key, value in data.items():
+        if is_sensitive_field(key):
+            result[key] = "<REDACTED>"
+        elif isinstance(value, str) and is_sensitive_value(value):
+            result[key] = mask_api_key(value)
+        elif isinstance(value, dict):
+            result[key] = sanitize_for_logging(value)
+        else:
+            result[key] = value
+    return result
+
+
+def truncate_input(text: str, max_length: int, suffix: str = "...") -> str:
+    """Truncate text to maximum length with suffix.
+
+    Args:
+        text: Text to truncate.
+        max_length: Maximum length including suffix.
+        suffix: Suffix to add if truncated (default "...").
+
+    Returns:
+        Truncated text or original if within limit.
+    """
+    if len(text) <= max_length:
+        return text
+
+    return text[: max_length - len(suffix)] + suffix
+
+
+class InputValidator:
+    """Validator for external inputs with size limits.
+
+    Provides validation methods for different types of external inputs
+    to prevent DoS attacks and ensure data quality.
+    """
+
+    @staticmethod
+    def validate_initial_context(context: str) -> tuple[bool, str]:
+        """Validate initial interview context.
+
+        Args:
+            context: The initial context string.
+
+        Returns:
+            Tuple of (is_valid, error_message). error_message is empty if valid.
+        """
+        if not context:
+            return False, "Initial context cannot be empty"
+
+        stripped = context.strip()
+        if not stripped:
+            return False, "Initial context cannot be only whitespace"
+
+        if len(stripped) > MAX_INITIAL_CONTEXT_LENGTH:
+            return (
+                False,
+                f"Initial context exceeds maximum length ({MAX_INITIAL_CONTEXT_LENGTH} chars)",
+            )
+
+        return True, ""
+
+    @staticmethod
+    def validate_user_response(response: str) -> tuple[bool, str]:
+        """Validate user response in interview.
+
+        Args:
+            response: The user's response string.
+
+        Returns:
+            Tuple of (is_valid, error_message). error_message is empty if valid.
+        """
+        if not response:
+            return False, "Response cannot be empty"
+
+        stripped = response.strip()
+        if not stripped:
+            return False, "Response cannot be only whitespace"
+
+        if len(stripped) > MAX_USER_RESPONSE_LENGTH:
+            return False, f"Response exceeds maximum length ({MAX_USER_RESPONSE_LENGTH} chars)"
+
+        return True, ""
+
+    @staticmethod
+    def validate_seed_file_size(file_size: int) -> tuple[bool, str]:
+        """Validate seed file size.
+
+        Args:
+            file_size: Size of the seed file in bytes.
+
+        Returns:
+            Tuple of (is_valid, error_message). error_message is empty if valid.
+        """
+        if file_size <= 0:
+            return False, "Seed file is empty"
+
+        if file_size > MAX_SEED_FILE_SIZE:
+            return False, f"Seed file exceeds maximum size ({MAX_SEED_FILE_SIZE // 1024}KB)"
+
+        return True, ""
+
+    @staticmethod
+    def validate_llm_response(response: str) -> tuple[bool, str]:
+        """Validate LLM response length.
+
+        Args:
+            response: The LLM response content.
+
+        Returns:
+            Tuple of (is_valid, error_message). error_message is empty if valid.
+        """
+        if not response:
+            return True, ""  # Empty response is valid (model may return empty)
+
+        if len(response) > MAX_LLM_RESPONSE_LENGTH:
+            return False, f"LLM response exceeds maximum length ({MAX_LLM_RESPONSE_LENGTH} chars)"
+
+        return True, ""

ouroboros/observability/logging.py

@@ -50,6 +50,12 @@ from typing import Any
 from pydantic import BaseModel, Field
 import structlog
 
+from ouroboros.core.security import (
+    is_sensitive_field,
+    is_sensitive_value,
+    mask_api_key,
+)
+
 
 class LogMode(str, Enum):
     """Logging output mode."""
@@ -159,6 +165,68 @@ def _setup_file_handler(config: LoggingConfig) -> TimedRotatingFileHandler | Non
     return handler
 
 
+def _mask_sensitive_data(
+    _logger: Any,
+    _method_name: str,
+    event_dict: dict[str, Any],
+) -> dict[str, Any]:
+    """Structlog processor that masks sensitive data in log entries.
+
+    Automatically detects and masks API keys, tokens, and other sensitive
+    values to prevent accidental exposure in logs.
+
+    Args:
+        _logger: The logger instance (unused).
+        _method_name: The log method name (unused).
+        event_dict: The event dictionary to process.
+
+    Returns:
+        Event dictionary with sensitive values masked.
+    """
+    for key, value in list(event_dict.items()):
+        # Skip standard structlog keys
+        if key in ("event", "level", "timestamp", "filename", "lineno"):
+            continue
+
+        # Check if field name indicates sensitivity
+        if is_sensitive_field(key):
+            event_dict[key] = "<REDACTED>"
+            continue
+
+        # Check if value looks sensitive
+        if isinstance(value, str) and is_sensitive_value(value):
+            event_dict[key] = mask_api_key(value)
+            continue
+
+        # Recursively handle nested dicts
+        if isinstance(value, dict):
+            event_dict[key] = _mask_dict_sensitive_data(value)
+
+    return event_dict
+
+
+def _mask_dict_sensitive_data(data: dict[str, Any]) -> dict[str, Any]:
+    """Recursively mask sensitive data in a dictionary.
+
+    Args:
+        data: Dictionary to process.
+
+    Returns:
+        Dictionary with sensitive values masked.
+    """
+    result = {}
+    for key, value in data.items():
+        if is_sensitive_field(key):
+            result[key] = "<REDACTED>"
+        elif isinstance(value, str) and is_sensitive_value(value):
+            result[key] = mask_api_key(value)
+        elif isinstance(value, dict):
+            result[key] = _mask_dict_sensitive_data(value)
+        else:
+            result[key] = value
+    return result
+
+
 def _get_shared_processors() -> list[Any]:
     """Get the shared processor chain for structlog.
 
@@ -170,6 +238,8 @@ def _get_shared_processors() -> list[Any]:
     return [
         # Merge contextvars into event dict (for cross-async context)
         structlog.contextvars.merge_contextvars,
+        # Mask sensitive data (API keys, tokens, etc.) - SECURITY
+        _mask_sensitive_data,
         # Add log level to all entries
         structlog.processors.add_log_level,
         # Add timestamp in ISO 8601 format

ouroboros/providers/litellm_adapter.py

@@ -12,6 +12,7 @@ import stamina
 import structlog
 
 from ouroboros.core.errors import ProviderError
+from ouroboros.core.security import InputValidator, MAX_LLM_RESPONSE_LENGTH
 from ouroboros.core.types import Result
 from ouroboros.providers.base import (
     CompletionConfig,
@@ -193,9 +194,22 @@ class LiteLLMAdapter:
         """
         choice = response.choices[0]
         usage = response.usage
+        content = choice.message.content or ""
+
+        # Security: Validate LLM response length to prevent DoS
+        is_valid, error_msg = InputValidator.validate_llm_response(content)
+        if not is_valid:
+            log.warning(
+                "llm.response.truncated",
+                model=config.model,
+                original_length=len(content),
+                max_length=MAX_LLM_RESPONSE_LENGTH,
+            )
+            # Truncate oversized responses instead of failing
+            content = content[:MAX_LLM_RESPONSE_LENGTH]
 
         return CompletionResponse(
-            content=choice.message.content or "",
+            content=content,
             model=response.model or config.model,
             usage=UsageInfo(
                 prompt_tokens=usage.prompt_tokens if usage else 0,

{ouroboros_ai-0.1.1.dist-info → ouroboros_ai-0.2.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ouroboros-ai
-Version: 0.1.1
+Version: 0.2.0
 Summary: Self-Improving AI Workflow System
 Author-email: Q00 <jqyu.lee@gmail.com>
 License-File: LICENSE
@@ -52,7 +52,7 @@ Description-Content-Type: text/markdown
 <br/>
 
 <p align="center">
-  <code>73 modules</code> · <code>1,292 tests</code> · <code>97%+ coverage</code>
+  <code>74 modules</code> · <code>1,341 tests</code> · <code>97%+ coverage</code>
 </p>
 
 <br/>
@@ -506,6 +506,36 @@ uv run ouroboros status health
 
 <br/>
 
+## ◈ Security
+
+<br/>
+
+Ouroboros includes built-in security features:
+
+| Feature | Description |
+|---------|-------------|
+| **API Key Masking** | Keys are automatically masked in logs (`sk-...xxxx`) |
+| **Log Sanitization** | Sensitive fields (password, token, secret) are redacted |
+| **Input Validation** | Size limits prevent DoS attacks (50KB context, 1MB seed files) |
+| **Credentials Protection** | `credentials.yaml` uses chmod 600 permissions |
+
+```python
+from ouroboros.core import mask_api_key, sanitize_for_logging
+
+# Mask API keys for display
+masked = mask_api_key("sk-1234567890abcdef")  # "sk-...cdef"
+
+# Sanitize dicts before logging
+safe_data = sanitize_for_logging({"api_key": "sk-secret", "name": "test"})
+# {"api_key": "<REDACTED>", "name": "test"}
+```
+
+<br/>
+
+---
+
+<br/>
+
 ## ◈ Development
 
 <br/>

{ouroboros_ai-0.1.1.dist-info → ouroboros_ai-0.2.0.dist-info}/RECORD

@@ -1,16 +1,16 @@
-ouroboros/__init__.py,sha256=OGnic_GtjWWUQ3JWfyhX0SftJL0iwCH8ezD-FM7i-b4,304
+ouroboros/__init__.py,sha256=lmQgHmNOWxGlmwayNvp1ckCuJycL8WzX5Y-7IzrFaVM,701
 ouroboros/__main__.py,sha256=f_qnL0zPJwh9kfQqynX5adpqzj8ilj94zW5Q2loqGxE,168
 ouroboros/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 ouroboros/bigbang/__init__.py,sha256=9xGqOYwMKBifb7QVwonc_wndNLMZb7ZH7xgMHaz_70A,951
-ouroboros/bigbang/ambiguity.py,sha256=KRHBSNmAB2zTI0ZD4zuP_mGWXr3jXdPuFgE57wsMg8Y,15619
-ouroboros/bigbang/interview.py,sha256=4TFRnD9KSH5oVZ8Mxgc6ea2YT2CQSVzjFnm1lSPHtZM,16890
+ouroboros/bigbang/ambiguity.py,sha256=hm-6LeuD_j14uzgZ2wnbBYq4Q24J7kEk4ag0DO0JtAU,18516
+ouroboros/bigbang/interview.py,sha256=zm1VrDNqE8ouGG62h8qnNkIpnUf3HHv4NjzMKDIaWcY,17147
 ouroboros/bigbang/seed_generator.py,sha256=7MY9a7Eua_zVGDWIVDlzOZJjeAwz0DRatXJg0PvMgiY,20082
 ouroboros/cli/__init__.py,sha256=CRpxsqJadZL7bCS-yrULWC51tqPKfPsxQLgt0JiwP4g,225
 ouroboros/cli/main.py,sha256=ldvqtVpw2xZwE8G7M34qY_7qg0RuNiydjdmmU-hdJvM,1485
 ouroboros/cli/commands/__init__.py,sha256=LZpEvU80R4Cq0LwgkwOluEGNsmmJ9K7roeDQ6bsbbDc,193
 ouroboros/cli/commands/config.py,sha256=kcqi0Wo09oo1MMyZIX4k2IDICV1SAX6HzAXZaIJGdKY,2100
 ouroboros/cli/commands/init.py,sha256=HmXwTLyso6p8Df5aAguxh-XTIYZGkzGltGXqJvDxI78,13536
-ouroboros/cli/commands/run.py,sha256=pcjt5UIlNjOHM5_O8G0MLDOUqCRg0Cv2IKNIK_gS5gg,5973
+ouroboros/cli/commands/run.py,sha256=DnxfbSdATDIaNYJXLcwAcR9NqNVGkVlHgYJImaSVn4I,6328
 ouroboros/cli/commands/status.py,sha256=Bnqpj1UkqhpBPYA11DV-Z63Bz8pjrebhlzeMKwz3_Ps,2217
 ouroboros/cli/formatters/__init__.py,sha256=-Ik7KXajaIExBxSAp5iYp8gO9SfXudGjyDe2nm2_msw,691
 ouroboros/cli/formatters/panels.py,sha256=d5TANIZy6FEEdpfnZaZ0epe-qIHJbh13qTCt23ur1jA,3388
@@ -19,10 +19,11 @@ ouroboros/cli/formatters/tables.py,sha256=XDzeew8d7_b-cQ54QH16fljR-lmwwo94-9Gbpr
 ouroboros/config/__init__.py,sha256=rQv4ph9qv1jP6YmIOOFBM-pjDR5br9RcW693mr0Hj_U,2006
 ouroboros/config/loader.py,sha256=yqHdrQs3bHbpp49jbjctRDx-zfFNI2rLco8JX44Awr0,8907
 ouroboros/config/models.py,sha256=d12m7-pCTQQASFfBTShIRS0zStn1gpzRWYe68Aky9T0,11740
-ouroboros/core/__init__.py,sha256=BbRkisCNTaM6eCrh2yppKhaQqAf2ZAy7tQH3Qmv5vSE,1363
+ouroboros/core/__init__.py,sha256=VHGSB01i56Rncbx-vfKqpvZ1oXDJUu0xp0kQ6tuwRqw,1622
 ouroboros/core/ac_tree.py,sha256=GNyeWB3GVrQhYI83_g2ISYoviKnUf-U6vTY9p6xkklM,11949
 ouroboros/core/context.py,sha256=A5WVPgsJlK-CDnDJx-_Tcfh_lE2AE3EYud45NKnYI2E,15675
 ouroboros/core/errors.py,sha256=e4kiduueE3e2HvNyOJLnFRGFoue2vfW8JTerzxjp5TM,8057
+ouroboros/core/security.py,sha256=LJq5FJzWdUIcjZGujI9xv1k3sFaD3XArBOlmArW-brg,9594
 ouroboros/core/seed.py,sha256=OIO4p1evYqpIrt841LVDVMaBZq9RCkM-e78MOb94BS8,7114
 ouroboros/core/types.py,sha256=SIc7XSIRizkeQU0kq4U02mZFsLtqVLmAo3ANypyUUfQ,6137
 ouroboros/evaluation/__init__.py,sha256=rwNeCtbFvDmq2Ad3YXj2n1tz2i9fESHQKwgjIyCZtCs,3067
@@ -43,7 +44,7 @@ ouroboros/execution/double_diamond.py,sha256=lbk9cY3Awd0h_YFp1G5OJnDpkV8htanSDhQ
 ouroboros/execution/subagent.py,sha256=_0-Ayz1p4r-cJP6kAYQP-bf9g2yLKXV81wffurBK9YM,8727
 ouroboros/observability/__init__.py,sha256=jgLIxPgBPJgSLCUjxR28tO3gkOuknbnb0H87NwkCl6Q,1654
 ouroboros/observability/drift.py,sha256=1BxZq-XIfhOJpTiBzbqgMpxziiJsb9KcLg_F5QKBIeM,11361
-ouroboros/observability/logging.py,sha256=LrGe8lrJp2D-kNXCToMPp_sU2Dhh_rxMGf7_2O4sDpQ,14908
+ouroboros/observability/logging.py,sha256=MC_VzyAyJtTq_3iv7uLxvlO9eCxtdY2ZyJ7ObwDds98,16994
 ouroboros/observability/retrospective.py,sha256=FH_9UC20RnH7OHNXMVIbsqC74B_4KIUy0UjtK-rguXU,11177
 ouroboros/orchestrator/__init__.py,sha256=g1aZSEM9gbl12mHINYoS93X1gacqePwrK4ElujoN0Uk,2130
 ouroboros/orchestrator/adapter.py,sha256=TpvgVMNfvNqvuffn41JDMYjWt2MFCLqTW1MtwOEZ-6E,13152
@@ -61,7 +62,7 @@ ouroboros/persistence/migrations/scripts/001_initial.sql,sha256=ZkABj9VKEyvwYwCm
 ouroboros/providers/__init__.py,sha256=sFQ049Gizx2GxWUTlsCLZHaskV8NVwPDdkXiLEWhrbc,583
 ouroboros/providers/base.py,sha256=u86bWAXtNIVCL1SxqXFK9sqpL6SZOc9h2vxAuVh7mxo,3823
 ouroboros/providers/claude_code_adapter.py,sha256=rVz_5eYRPL9SMt5PQBIbYGHLkRymTCXjCwZ6oZwMrCM,7285
-ouroboros/providers/litellm_adapter.py,sha256=OcCeph2ItQXup8MHNkDB_5EQGb3P-wtzT4T3jHAydnY,10160
+ouroboros/providers/litellm_adapter.py,sha256=ljl1SywN1QXEy6LrLhsUYvh9qc0RUuKIG8XFCRtU4yg,10761
 ouroboros/resilience/__init__.py,sha256=jcMdyk5WwaIh7iFVQ5rwaexCnnVpnumJUgWf4GO6w_4,1980
 ouroboros/resilience/lateral.py,sha256=Z4B7pOrD93D6bXu8BqrUvibqYSGyjv8Ubp6nWfLipjM,21582
 ouroboros/resilience/stagnation.py,sha256=k9tiAm__CzclpfRB6Z-8jZdfRwvr2la-BsqDJmEq8Ao,25659
@@ -74,8 +75,8 @@ ouroboros/routing/tiers.py,sha256=QhBQUOo2-h5Z3dEtC0lcOzkRnqTi2W7Jl46750AVNig,73
 ouroboros/secondary/__init__.py,sha256=kYQ7C4bnBzwDlPrU8qZrOPr2ZuTBaftGktOXl5WZl5Q,1123
 ouroboros/secondary/scheduler.py,sha256=sPVVWJ1q0yewRAM-Rm1j_HMerSe4cavIvP9z4xlUuL4,13737
 ouroboros/secondary/todo_registry.py,sha256=4W3C9Uro29VrVLCPKUlpH_BYpzQSbRNW1oMnDYyEhEw,13880
-ouroboros_ai-0.1.1.dist-info/METADATA,sha256=YBc7BIV85wPowCyG1jTx1H_kW-y07ciAIzZEqBRVK8o,18867
-ouroboros_ai-0.1.1.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-ouroboros_ai-0.1.1.dist-info/entry_points.txt,sha256=MoETHup6rVkR6AsyjoRzAgIuvVtYYm3Jw40itV3_VyI,53
-ouroboros_ai-0.1.1.dist-info/licenses/LICENSE,sha256=n2X-q26TqpXnoBo0t_WouhFxWw663_q5FmbYDZayoHo,1060
-ouroboros_ai-0.1.1.dist-info/RECORD,,
+ouroboros_ai-0.2.0.dist-info/METADATA,sha256=-znRAEKqEghugiU67FXrH52Hyt4kBtigrQvwXW-3J_E,19661
+ouroboros_ai-0.2.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+ouroboros_ai-0.2.0.dist-info/entry_points.txt,sha256=MoETHup6rVkR6AsyjoRzAgIuvVtYYm3Jw40itV3_VyI,53
+ouroboros_ai-0.2.0.dist-info/licenses/LICENSE,sha256=n2X-q26TqpXnoBo0t_WouhFxWw663_q5FmbYDZayoHo,1060
+ouroboros_ai-0.2.0.dist-info/RECORD,,