PyPI - prismal-ai - Versions diffs - 3.0.0__tar.gz - Mend

prismal-ai 3.0.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (355) hide show

prismal_ai-3.0.0/.codegraph/.gitignore +16 -0
prismal_ai-3.0.0/.codegraph/codegraph.db +0 -0
prismal_ai-3.0.0/.gitignore +76 -0
prismal_ai-3.0.0/.gitleaks.toml +69 -0
prismal_ai-3.0.0/.pre-commit-config.yaml +316 -0
prismal_ai-3.0.0/.python-version +1 -0
prismal_ai-3.0.0/.trivyignore +61 -0
prismal_ai-3.0.0/CHANGELOG.md +229 -0
prismal_ai-3.0.0/CLAUDE.md +189 -0
prismal_ai-3.0.0/CONTRIBUTING.md +279 -0
prismal_ai-3.0.0/LICENSE +21 -0
prismal_ai-3.0.0/PKG-INFO +670 -0
prismal_ai-3.0.0/PLAN_MIGRACION.md +200 -0
prismal_ai-3.0.0/README.md +506 -0
prismal_ai-3.0.0/assets/prismal-logo-icon.svg +37 -0
prismal_ai-3.0.0/assets/prismal-logo.svg +72 -0
prismal_ai-3.0.0/config/mcp_servers.yaml +74 -0
prismal_ai-3.0.0/env.example +407 -0
prismal_ai-3.0.0/examples/README.md +292 -0
prismal_ai-3.0.0/examples/extension/custom_node.py +36 -0
prismal_ai-3.0.0/examples/extension/custom_subgraph.py +45 -0
prismal_ai-3.0.0/examples/extension/discover_plugins_demo.py +53 -0
prismal_ai-3.0.0/examples/extension/langchain_migration.py +35 -0
prismal_ai-3.0.0/examples/multimodal/01_vision_agent.py +206 -0
prismal_ai-3.0.0/examples/multimodal/02_audio_agent.py +196 -0
prismal_ai-3.0.0/examples/multimodal/03_video_agent.py +223 -0
prismal_ai-3.0.0/examples/multimodal/04_modality_router.py +162 -0
prismal_ai-3.0.0/examples/multimodal/05_multimodal_fusion.py +195 -0
prismal_ai-3.0.0/examples/multimodal_pipeline.py +70 -0
prismal_ai-3.0.0/examples/patterns/01_tree_of_thoughts.py +221 -0
prismal_ai-3.0.0/examples/patterns/02_debate.py +165 -0
prismal_ai-3.0.0/examples/patterns/03_lats.py +284 -0
prismal_ai-3.0.0/examples/patterns/04_llm_compiler.py +355 -0
prismal_ai-3.0.0/examples/patterns/05_mixture_of_agents.py +198 -0
prismal_ai-3.0.0/examples/patterns/06_reflection_loop.py +273 -0
prismal_ai-3.0.0/examples/patterns/07_constitutional_ai.py +249 -0
prismal_ai-3.0.0/examples/patterns/08_swarm.py +304 -0
prismal_ai-3.0.0/examples/patterns/09_parallel_dispatcher.py +310 -0
prismal_ai-3.0.0/examples/plugin_template/README.md +47 -0
prismal_ai-3.0.0/examples/plugin_template/pyproject.toml +21 -0
prismal_ai-3.0.0/examples/plugin_template/src/prismal_x_example/__init__.py +5 -0
prismal_ai-3.0.0/examples/plugin_template/src/prismal_x_example/nodes.py +12 -0
prismal_ai-3.0.0/examples/plugin_template/src/prismal_x_example/plugin.py +34 -0
prismal_ai-3.0.0/examples/plugin_template/tests/test_plugin.py +19 -0
prismal_ai-3.0.0/examples/rag/01_crag.py +280 -0
prismal_ai-3.0.0/examples/rag/02_adaptive_rag.py +303 -0
prismal_ai-3.0.0/examples/rag/03_self_rag.py +270 -0
prismal_ai-3.0.0/examples/rag/04_hyde.py +328 -0
prismal_ai-3.0.0/examples/rag/05_hybrid_search.py +332 -0
prismal_ai-3.0.0/examples/rag/06_hierarchical_rag.py +305 -0
prismal_ai-3.0.0/examples/rag/07_rag_fusion.py +318 -0
prismal_ai-3.0.0/examples/rag/08_multi_vector_rag.py +319 -0
prismal_ai-3.0.0/examples/rag/09_multimodal_rag.py +312 -0
prismal_ai-3.0.0/examples/subgraphs/01_ml_pipeline.py +177 -0
prismal_ai-3.0.0/examples/subgraphs/02_financial_analyst.py +266 -0
prismal_ai-3.0.0/examples/subgraphs/03_dev_pipeline.py +366 -0
prismal_ai-3.0.0/examples/subgraphs/04_code_review.py +777 -0
prismal_ai-3.0.0/examples/subgraphs/05_data_etl.py +580 -0
prismal_ai-3.0.0/examples/subgraphs/06_customer_service.py +471 -0
prismal_ai-3.0.0/examples/subgraphs/07_document_generation.py +484 -0
prismal_ai-3.0.0/examples/subgraphs/08_debate_consensus.py +454 -0
prismal_ai-3.0.0/examples/subgraphs/09_hitl_approval.py +801 -0
prismal_ai-3.0.0/examples/subgraphs/10_analysis_orchestrator.py +883 -0
prismal_ai-3.0.0/examples/subgraphs/11_engineering_orchestrator.py +340 -0
prismal_ai-3.0.0/examples/subgraphs/12_research_orchestrator.py +290 -0
prismal_ai-3.0.0/examples/tool_provider_custom.py +71 -0
prismal_ai-3.0.0/examples/tool_provider_host.py +99 -0
prismal_ai-3.0.0/examples/visualize_graphs.py +52 -0
prismal_ai-3.0.0/examples.md +404 -0
prismal_ai-3.0.0/prismal/agents/__init__.py +31 -0
prismal_ai-3.0.0/prismal/agents/codeact_agent.py +638 -0
prismal_ai-3.0.0/prismal/agents/coder.py +185 -0
prismal_ai-3.0.0/prismal/agents/context.py +77 -0
prismal_ai-3.0.0/prismal/agents/critic.py +200 -0
prismal_ai-3.0.0/prismal/agents/cron_manager.py +172 -0
prismal_ai-3.0.0/prismal/agents/cua_agent.py +558 -0
prismal_ai-3.0.0/prismal/agents/data_analyst.py +170 -0
prismal_ai-3.0.0/prismal/agents/domain_supervisor.py +334 -0
prismal_ai-3.0.0/prismal/agents/extension/__init__.py +81 -0
prismal_ai-3.0.0/prismal/agents/extension/_middleware.py +304 -0
prismal_ai-3.0.0/prismal/agents/extension/_registry.py +41 -0
prismal_ai-3.0.0/prismal/agents/extension/adapters.py +136 -0
prismal_ai-3.0.0/prismal/agents/extension/builder.py +263 -0
prismal_ai-3.0.0/prismal/agents/extension/decorators.py +164 -0
prismal_ai-3.0.0/prismal/agents/extension/plugins.py +335 -0
prismal_ai-3.0.0/prismal/agents/extension/ports.py +146 -0
prismal_ai-3.0.0/prismal/agents/extension/providers.py +363 -0
prismal_ai-3.0.0/prismal/agents/factory.py +480 -0
prismal_ai-3.0.0/prismal/agents/file_manager.py +155 -0
prismal_ai-3.0.0/prismal/agents/graph.py +806 -0
prismal_ai-3.0.0/prismal/agents/intent_router.py +160 -0
prismal_ai-3.0.0/prismal/agents/meta_learner.py +300 -0
prismal_ai-3.0.0/prismal/agents/multimodal/__init__.py +45 -0
prismal_ai-3.0.0/prismal/agents/multimodal/audio_agent.py +200 -0
prismal_ai-3.0.0/prismal/agents/multimodal/ingestion.py +178 -0
prismal_ai-3.0.0/prismal/agents/multimodal/modality_router.py +252 -0
prismal_ai-3.0.0/prismal/agents/multimodal/multimodal_fusion.py +172 -0
prismal_ai-3.0.0/prismal/agents/multimodal/video_agent.py +268 -0
prismal_ai-3.0.0/prismal/agents/multimodal/vision_agent.py +188 -0
prismal_ai-3.0.0/prismal/agents/network_supervisor.py +247 -0
prismal_ai-3.0.0/prismal/agents/parallel_research.py +221 -0
prismal_ai-3.0.0/prismal/agents/patterns/__init__.py +38 -0
prismal_ai-3.0.0/prismal/agents/patterns/constitutional.py +330 -0
prismal_ai-3.0.0/prismal/agents/patterns/debate.py +353 -0
prismal_ai-3.0.0/prismal/agents/patterns/lats.py +342 -0
prismal_ai-3.0.0/prismal/agents/patterns/llm_compiler.py +399 -0
prismal_ai-3.0.0/prismal/agents/patterns/mixture_of_agents.py +199 -0
prismal_ai-3.0.0/prismal/agents/patterns/nodes.py +486 -0
prismal_ai-3.0.0/prismal/agents/patterns/parallel.py +166 -0
prismal_ai-3.0.0/prismal/agents/patterns/reflection.py +255 -0
prismal_ai-3.0.0/prismal/agents/patterns/swarm.py +171 -0
prismal_ai-3.0.0/prismal/agents/patterns/tree_of_thoughts.py +476 -0
prismal_ai-3.0.0/prismal/agents/planner.py +365 -0
prismal_ai-3.0.0/prismal/agents/rag_agent.py +339 -0
prismal_ai-3.0.0/prismal/agents/researcher.py +243 -0
prismal_ai-3.0.0/prismal/agents/skill_creator.py +512 -0
prismal_ai-3.0.0/prismal/agents/skill_manager.py +725 -0
prismal_ai-3.0.0/prismal/agents/spawner.py +115 -0
prismal_ai-3.0.0/prismal/agents/state.py +163 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/__init__.py +22 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/analysis_orchestrator/__init__.py +13 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/analysis_orchestrator/builder.py +222 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/artifacts.py +94 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/code_review/__init__.py +55 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/code_review/builder.py +110 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/code_review/linter_node.py +68 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/code_review/logic_reviewer_node.py +66 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/code_review/report_generator_node.py +111 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/code_review/security_scanner_node.py +69 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/code_review/suggester_node.py +82 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/code_review/types.py +52 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/customer_service/__init__.py +44 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/customer_service/builder.py +149 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/customer_service/classifier_node.py +81 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/customer_service/escalation_node.py +62 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/customer_service/faq_retrieval_node.py +80 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/customer_service/response_generator_node.py +74 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/customer_service/ticket_creator_node.py +66 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/data_etl/__init__.py +35 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/data_etl/auditor_node.py +83 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/data_etl/builder.py +120 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/data_etl/extractor_node.py +90 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/data_etl/loader_node.py +87 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/data_etl/transformer_node.py +123 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/data_etl/validator_node.py +92 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/debate_consensus/__init__.py +44 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/debate_consensus/_helpers.py +97 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/debate_consensus/builder.py +106 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/debate_consensus/consensus_node.py +88 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/debate_consensus/moderator_node.py +33 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/debate_consensus/opponent_node.py +32 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/debate_consensus/proponent_node.py +31 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/dev_pipeline/__init__.py +0 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/dev_pipeline/architect_agent.py +153 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/dev_pipeline/builder.py +196 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/dev_pipeline/developer_agent.py +173 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/dev_pipeline/parallel_unit_test.py +254 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/dev_pipeline/po_agent.py +271 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/dev_pipeline/qa_agent.py +158 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/dev_pipeline/reviewer_agent.py +162 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/dev_pipeline/unit_test_agent.py +159 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/document_generation/__init__.py +43 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/document_generation/builder.py +121 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/document_generation/editor_node.py +69 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/document_generation/formatter_node.py +71 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/document_generation/planner_node.py +92 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/document_generation/researcher_node.py +98 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/document_generation/writer_node.py +75 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/engineering_orchestrator/__init__.py +13 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/engineering_orchestrator/builder.py +153 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/factory.py +168 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/financial/__init__.py +0 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/financial/artifacts.py +213 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/financial/builder.py +442 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/financial/fundamental_analyst.py +190 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/financial/market_data_collector.py +263 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/financial/report_generator.py +229 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/financial/risk_sentiment_analyst.py +190 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/financial/technical_analyst.py +252 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/financial/tools_finance.py +252 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/gates.py +420 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/ml_pipeline/__init__.py +0 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/ml_pipeline/artifacts.py +163 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/ml_pipeline/builder.py +135 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/ml_pipeline/data_ingester.py +193 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/ml_pipeline/eda_analyst.py +194 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/ml_pipeline/feature_engineer.py +192 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/ml_pipeline/model_evaluator.py +217 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/ml_pipeline/model_exporter.py +210 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/ml_pipeline/model_trainer.py +217 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/ml_pipeline/tools_ml.py +945 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/multimodal_pipeline/__init__.py +18 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/multimodal_pipeline/builder.py +324 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/registry.py +206 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/research_orchestrator/__init__.py +21 -0
prismal_ai-3.0.0/prismal/agents/subgraphs/research_orchestrator/builder.py +170 -0
prismal_ai-3.0.0/prismal/agents/supervisor.py +1114 -0
prismal_ai-3.0.0/prismal/agents/tool_registry.py +987 -0
prismal_ai-3.0.0/prismal/agents/tools.py +1247 -0
prismal_ai-3.0.0/prismal/agents/visualization.py +131 -0
prismal_ai-3.0.0/prismal/core/__init__.py +48 -0
prismal_ai-3.0.0/prismal/core/config.py +1385 -0
prismal_ai-3.0.0/prismal/core/database.py +236 -0
prismal_ai-3.0.0/prismal/core/env_compat.py +62 -0
prismal_ai-3.0.0/prismal/core/exceptions.py +664 -0
prismal_ai-3.0.0/prismal/core/logging.py +176 -0
prismal_ai-3.0.0/prismal/core/users.py +298 -0
prismal_ai-3.0.0/prismal/data/__init__.py +36 -0
prismal_ai-3.0.0/prismal/data/duckdb_engine.py +187 -0
prismal_ai-3.0.0/prismal/data/polars_utils.py +320 -0
prismal_ai-3.0.0/prismal/events/__init__.py +20 -0
prismal_ai-3.0.0/prismal/events/file_watcher.py +251 -0
prismal_ai-3.0.0/prismal/events/webhook_dispatcher.py +190 -0
prismal_ai-3.0.0/prismal/langgraph.py +61 -0
prismal_ai-3.0.0/prismal/mcp/__init__.py +32 -0
prismal_ai-3.0.0/prismal/mcp/adapter.py +342 -0
prismal_ai-3.0.0/prismal/mcp/client.py +441 -0
prismal_ai-3.0.0/prismal/mcp/connection.py +675 -0
prismal_ai-3.0.0/prismal/mcp/servers/__init__.py +10 -0
prismal_ai-3.0.0/prismal/mcp/servers/datetime_server.py +595 -0
prismal_ai-3.0.0/prismal/memory/__init__.py +36 -0
prismal_ai-3.0.0/prismal/memory/chat_session_store.py +185 -0
prismal_ai-3.0.0/prismal/memory/conversation_history.py +156 -0
prismal_ai-3.0.0/prismal/memory/long_term.py +387 -0
prismal_ai-3.0.0/prismal/memory/long_term_store.py +327 -0
prismal_ai-3.0.0/prismal/memory/mongodb_store.py +340 -0
prismal_ai-3.0.0/prismal/memory/preferences.py +351 -0
prismal_ai-3.0.0/prismal/memory/profile.py +271 -0
prismal_ai-3.0.0/prismal/memory/session_registry.py +222 -0
prismal_ai-3.0.0/prismal/memory/short_term.py +125 -0
prismal_ai-3.0.0/prismal/monitoring/__init__.py +15 -0
prismal_ai-3.0.0/prismal/monitoring/_settings_proxy.py +22 -0
prismal_ai-3.0.0/prismal/monitoring/cost_tracker.py +399 -0
prismal_ai-3.0.0/prismal/monitoring/langfuse_client.py +217 -0
prismal_ai-3.0.0/prismal/monitoring/otel.py +363 -0
prismal_ai-3.0.0/prismal/plugins.py +112 -0
prismal_ai-3.0.0/prismal/providers/__init__.py +44 -0
prismal_ai-3.0.0/prismal/providers/cross_modal_embeddings.py +149 -0
prismal_ai-3.0.0/prismal/providers/multimodal.py +44 -0
prismal_ai-3.0.0/prismal/providers/registry.py +321 -0
prismal_ai-3.0.0/prismal/providers/stt.py +227 -0
prismal_ai-3.0.0/prismal/providers/tts.py +275 -0
prismal_ai-3.0.0/prismal/providers/vision.py +45 -0
prismal_ai-3.0.0/prismal/rag/__init__.py +99 -0
prismal_ai-3.0.0/prismal/rag/adaptive.py +326 -0
prismal_ai-3.0.0/prismal/rag/crag.py +320 -0
prismal_ai-3.0.0/prismal/rag/embeddings.py +94 -0
prismal_ai-3.0.0/prismal/rag/engine.py +293 -0
prismal_ai-3.0.0/prismal/rag/federated.py +226 -0
prismal_ai-3.0.0/prismal/rag/fusion.py +232 -0
prismal_ai-3.0.0/prismal/rag/hierarchical.py +281 -0
prismal_ai-3.0.0/prismal/rag/hybrid.py +239 -0
prismal_ai-3.0.0/prismal/rag/hyde.py +177 -0
prismal_ai-3.0.0/prismal/rag/loaders/__init__.py +26 -0
prismal_ai-3.0.0/prismal/rag/loaders/audio_loader.py +101 -0
prismal_ai-3.0.0/prismal/rag/loaders/document_loader.py +180 -0
prismal_ai-3.0.0/prismal/rag/loaders/image_loader.py +53 -0
prismal_ai-3.0.0/prismal/rag/loaders/video_loader.py +96 -0
prismal_ai-3.0.0/prismal/rag/multi_vector.py +295 -0
prismal_ai-3.0.0/prismal/rag/multimodal.py +220 -0
prismal_ai-3.0.0/prismal/rag/self_rag.py +273 -0
prismal_ai-3.0.0/prismal/rag/vector_store.py +213 -0
prismal_ai-3.0.0/prismal/sandbox/__init__.py +10 -0
prismal_ai-3.0.0/prismal/sandbox/executor.py +507 -0
prismal_ai-3.0.0/prismal/sandbox/installer.py +307 -0
prismal_ai-3.0.0/prismal/sandbox/isolation.py +1369 -0
prismal_ai-3.0.0/prismal/sandbox/manager.py +205 -0
prismal_ai-3.0.0/prismal/sandbox/tools.py +305 -0
prismal_ai-3.0.0/prismal/scheduler/__init__.py +60 -0
prismal_ai-3.0.0/prismal/scheduler/cron_manager.py +699 -0
prismal_ai-3.0.0/prismal/scheduler/datetime_service.py +333 -0
prismal_ai-3.0.0/prismal/scheduler/executor.py +504 -0
prismal_ai-3.0.0/prismal/scheduler/heartbeat_delivery.py +201 -0
prismal_ai-3.0.0/prismal/scheduler/notifier.py +211 -0
prismal_ai-3.0.0/prismal/scheduler/prefect_flows.py +184 -0
prismal_ai-3.0.0/prismal/security/__init__.py +43 -0
prismal_ai-3.0.0/prismal/security/action_interceptor.py +205 -0
prismal_ai-3.0.0/prismal/security/audit.py +320 -0
prismal_ai-3.0.0/prismal/security/filesystem_guard.py +99 -0
prismal_ai-3.0.0/prismal/security/guardrails.py +227 -0
prismal_ai-3.0.0/prismal/security/media_validator.py +260 -0
prismal_ai-3.0.0/prismal/security/nemo_rails.py +265 -0
prismal_ai-3.0.0/prismal/security/patterns/__init__.py +0 -0
prismal_ai-3.0.0/prismal/security/patterns/injection_patterns.yaml +83 -0
prismal_ai-3.0.0/prismal/security/permissions.py +159 -0
prismal_ai-3.0.0/prismal/security/pii_sanitizer.py +90 -0
prismal_ai-3.0.0/prismal/security/prompt_builder.py +75 -0
prismal_ai-3.0.0/prismal/security/sanitizer.py +154 -0
prismal_ai-3.0.0/prismal/skills/__init__.py +32 -0
prismal_ai-3.0.0/prismal/skills/available/__init__.py +0 -0
prismal_ai-3.0.0/prismal/skills/available/calendar/__init__.py +0 -0
prismal_ai-3.0.0/prismal/skills/available/calendar/skill.py +166 -0
prismal_ai-3.0.0/prismal/skills/available/code_executor/__init__.py +0 -0
prismal_ai-3.0.0/prismal/skills/available/code_executor/skill.py +130 -0
prismal_ai-3.0.0/prismal/skills/available/database_query/__init__.py +0 -0
prismal_ai-3.0.0/prismal/skills/available/database_query/skill.py +158 -0
prismal_ai-3.0.0/prismal/skills/available/email_reader/__init__.py +0 -0
prismal_ai-3.0.0/prismal/skills/available/email_reader/skill.py +212 -0
prismal_ai-3.0.0/prismal/skills/available/spec_driven_design/SKILL.md +123 -0
prismal_ai-3.0.0/prismal/skills/available/spec_driven_design/references/01-PLANTILLA-PRD.md +159 -0
prismal_ai-3.0.0/prismal/skills/available/spec_driven_design/references/02-PLANTILLA-API-SPEC.md +320 -0
prismal_ai-3.0.0/prismal/skills/available/spec_driven_design/references/03-PLANTILLA-TECHNICAL-DESIGN.md +227 -0
prismal_ai-3.0.0/prismal/skills/available/spec_driven_design/references/04-PLANTILLA-DATA-MODEL.md +190 -0
prismal_ai-3.0.0/prismal/skills/available/spec_driven_design/references/05-PLANTILLA-IMPLEMENTATION-PLAN.md +205 -0
prismal_ai-3.0.0/prismal/skills/available/spec_driven_design/references/06-GUIA-LLENADO.md +284 -0
prismal_ai-3.0.0/prismal/skills/available/spec_driven_design/scripts/validate_specs.py +204 -0
prismal_ai-3.0.0/prismal/skills/available/spec_driven_design/skill.py +46 -0
prismal_ai-3.0.0/prismal/skills/available/weather/__init__.py +0 -0
prismal_ai-3.0.0/prismal/skills/available/weather/skill.py +137 -0
prismal_ai-3.0.0/prismal/skills/available/web_search/__init__.py +0 -0
prismal_ai-3.0.0/prismal/skills/available/web_search/skill.py +163 -0
prismal_ai-3.0.0/prismal/skills/base.py +573 -0
prismal_ai-3.0.0/prismal/skills/manager.py +638 -0
prismal_ai-3.0.0/prismal/skills/remote_installer.py +613 -0
prismal_ai-3.0.0/prismal/utils/__init__.py +0 -0
prismal_ai-3.0.0/pyproject.toml +475 -0
prismal_ai-3.0.0/setup.cfg +29 -0
prismal_ai-3.0.0/specs/a2a-interop/ARCHITECTURE.md +237 -0
prismal_ai-3.0.0/specs/a2a-interop/PLAN.md +289 -0
prismal_ai-3.0.0/specs/a2a-interop/SPEC.md +278 -0
prismal_ai-3.0.0/specs/a2a-interop/TASKS.md +165 -0
prismal_ai-3.0.0/specs/advanced-architectures/ARCHITECTURE.md +538 -0
prismal_ai-3.0.0/specs/advanced-architectures/PRD.md +445 -0
prismal_ai-3.0.0/specs/advanced-architectures/SPEC.md +1517 -0
prismal_ai-3.0.0/specs/advanced-architectures/TASKS.md +749 -0
prismal_ai-3.0.0/specs/agent-eval-harness/PLAN.md +113 -0
prismal_ai-3.0.0/specs/agent-identity-governance/PLAN.md +118 -0
prismal_ai-3.0.0/specs/composition-root/ARCHITECTURE.md +242 -0
prismal_ai-3.0.0/specs/composition-root/PLAN.md +267 -0
prismal_ai-3.0.0/specs/composition-root/SPEC.md +228 -0
prismal_ai-3.0.0/specs/composition-root/TASKS.md +172 -0
prismal_ai-3.0.0/specs/cost-budget-governance/PLAN.md +116 -0
prismal_ai-3.0.0/specs/dependency-security-remediation/ARCHITECTURE.md +209 -0
prismal_ai-3.0.0/specs/dependency-security-remediation/PLAN.md +229 -0
prismal_ai-3.0.0/specs/dependency-security-remediation/SPEC.md +211 -0
prismal_ai-3.0.0/specs/dependency-security-remediation/TASKS.md +209 -0
prismal_ai-3.0.0/specs/dependency-security-remediation/remediation-tracker.csv +19 -0
prismal_ai-3.0.0/specs/extension-surface/ARCHITECTURE.md +601 -0
prismal_ai-3.0.0/specs/extension-surface/PLAN.md +375 -0
prismal_ai-3.0.0/specs/extension-surface/SPEC.md +855 -0
prismal_ai-3.0.0/specs/extension-surface/TASKS.md +458 -0
prismal_ai-3.0.0/specs/multimodal-agents/ARCHITECTURE.md +584 -0
prismal_ai-3.0.0/specs/multimodal-agents/PLAN.md +319 -0
prismal_ai-3.0.0/specs/multimodal-agents/SPEC.md +996 -0
prismal_ai-3.0.0/specs/multimodal-agents/TASKS.md +480 -0
prismal_ai-3.0.0/specs/tool-provider-injection/ARCHITECTURE.md +320 -0
prismal_ai-3.0.0/specs/tool-provider-injection/PLAN.md +370 -0
prismal_ai-3.0.0/specs/tool-provider-injection/SPEC.md +380 -0
prismal_ai-3.0.0/specs/tool-provider-injection/TASKS.md +272 -0
prismal_ai-3.0.0/specs/vector-store-port/ARCHITECTURE.md +281 -0
prismal_ai-3.0.0/specs/vector-store-port/PLAN.md +300 -0
prismal_ai-3.0.0/specs/vector-store-port/SPEC.md +293 -0
prismal_ai-3.0.0/specs/vector-store-port/TASKS.md +200 -0
prismal_ai-3.0.0/ty.toml +126 -0
prismal_ai-3.0.0/uv.lock +8567 -0

prismal_ai-3.0.0/.codegraph/.gitignore ADDED Viewed

@@ -0,0 +1,16 @@
+# CodeGraph data files
+# These are local to each machine and should not be committed
+# Database
+*.db
+*.db-wal
+*.db-shm
+# Cache
+cache/
+# Logs
+*.log
+# Hook markers
+.dirty

prismal_ai-3.0.0/.codegraph/codegraph.db ADDED Viewed

Binary file

prismal_ai-3.0.0/.gitignore ADDED Viewed

@@ -0,0 +1,76 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+# Virtual environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/
+coverage.xml
+*.cover
+.hypothesis/
+# Mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+# Ruff
+.ruff_cache/
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+# Data (runtime)
+data/db/
+data/logs/
+data/workspace/
+data/documents/
+data/backups/
+# Skills (AI-generated, not committed)
+prismal/skills/custom/
+prismal/skills/active/
+# Secrets
+.env
+env.example
+!env.example
+*.html
+*.pdf
+dist/
+packaging/
+*.pptx
+*.ipynb
+.pypirc.tmp

prismal_ai-3.0.0/.gitleaks.toml ADDED Viewed

@@ -0,0 +1,69 @@
+# .gitleaks.toml
+# Prismal — Gitleaks configuration
+# ============================================================
+title = "Prismal Gitleaks Config"
+[extend]
+# Hereda todas las reglas por defecto de gitleaks
+useDefault = true
+# ----------------------------------------------------------
+# Allowlist global — patrones que NO son secretos reales
+# ----------------------------------------------------------
+[allowlist]
+description = "Valores de ejemplo y placeholders"
+regexes = [
+  # Placeholders comunes en documentacion y ejemplos
+  '''(?i)(example|placeholder|your[-_]?key|changeme|dummy|fake|test[-_]?key|xxxx+|1234+)''',
+  # Variables de entorno sin valor asignado (solo nombre)
+  '''^\s*[A-Z_]+=\s*$''',
+  # URLs de documentacion
+  '''https?://(docs\.|www\.)?''',
+]
+paths = [
+  # Archivos de ejemplo/plantilla
+  '''\.env\.example$''',
+  '''\.env\.template$''',
+  '''\.env\.sample$''',
+  # Tests y fixtures
+  '''tests?/.*''',
+  '''fixtures?/.*''',
+  # Ejemplos / demos — contienen credenciales falsas intencionales
+  # usadas como entrada de los subgraphs de code-review y security scan.
+  '''examples?/.*''',
+  # Documentacion
+  '''docs?/.*''',
+  '''README.*''',
+  '''CHANGELOG.*''',
+  # Lock files (no contienen secrets reales)
+  '''uv\.lock$''',
+  '''package-lock\.json$''',
+]
+# ----------------------------------------------------------
+# Reglas adicionales especificas de CuidaSalud
+# ----------------------------------------------------------
+# Detecta posibles tokens de Mercantil Seguros
+[[rules]]
+description = "Mercantil Seguros API Token"
+id = "mercantil-token"
+regex = '''(?i)mercantil.{0,20}(token|key|secret).{0,5}[=:].{0,5}["']?[A-Za-z0-9+/]{20,}'''
+tags = ["api-key", "mercantil"]
+# Detecta posibles credenciales de AWS hardcodeadas
+[[rules]]
+description = "AWS Access Key hardcoded"
+id = "aws-access-key-cuida"
+regex = '''(?i)aws.{0,20}(access.?key|secret).{0,5}[=:].{0,5}["']?[A-Za-z0-9/+]{20,}'''
+tags = ["aws", "credentials"]
+[rules.allowlist]
+regexes = [
+  # Permite referencias a variables de entorno
+  '''\$\{?[A-Z_]+\}?''',
+  '''os\.environ''',
+  '''os\.getenv''',
+]

prismal_ai-3.0.0/.pre-commit-config.yaml ADDED Viewed

@@ -0,0 +1,316 @@
+# .pre-commit-config.yaml
+# CuidaSalud — cuida-integrations (FastAPI + uv)
+# ============================================================
+# Gate local: lint, tipos, complejidad, SAST, secrets, deps
+# Tests y Trivy quedan en CI (demasiado lentos para pre-commit)
+#
+# Instalacion:
+#   uv add --dev pre-commit
+#   uv run pre-commit install
+#   uv run pre-commit install --hook-type commit-msg
+#   uv run pre-commit run --all-files   # primera ejecucion completa
+# ============================================================
+default_language_version:
+  python: python3.13
+# e2e runs on `git push` (pre-push), mutmut only on demand (manual). Install
+# the extra hook type once:  uv run pre-commit install --install-hooks
+default_install_hook_types: [pre-commit, pre-push, commit-msg]
+# Excluye globalmente: venv, migraciones, tests de hooks pesados,
+# plantillas Helm (Jinja, no YAML puro), datos y artefactos runtime.
+exclude: |
+  (?x)^(
+    \.venv/.*|
+    migrations/.*|
+    \.git/.*|
+    helm/.*|
+    data/.*|
+    dist/.*|
+    docs/.*|
+    chat_history/.*|
+    assets/.*|
+    node_modules/.*
+  )$
+repos:
+  # ----------------------------------------------------------
+  # 1. SECRETS — Gitleaks
+  # Detecta API keys, tokens, passwords, JWTs hardcodeados
+  # ----------------------------------------------------------
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.21.2
+    hooks:
+      - id: gitleaks
+        name: "secrets: Gitleaks"
+  # ----------------------------------------------------------
+  # 2. CALIDAD GENERAL
+  # Hooks estandar: whitespace, EOF, YAML, TOML, JSON, merge
+  # ----------------------------------------------------------
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: trailing-whitespace
+        name: "fmt: trailing whitespace"
+      - id: end-of-file-fixer
+        name: "fmt: end of file"
+      - id: check-yaml
+        name: "lint: YAML valido"
+        args: [--unsafe]         # permite tags custom en docker-compose
+      - id: check-toml
+        name: "lint: TOML valido"
+      - id: check-json
+        name: "lint: JSON valido"
+      - id: check-merge-conflict
+        name: "git: sin conflict markers"
+      - id: check-added-large-files
+        name: "git: archivos grandes (max 500KB)"
+        args: [--maxkb=500]
+      - id: detect-private-key
+        name: "secrets: private keys"
+        # file_manager.py docstring lists the PEM header literally as a pattern
+        # the agent must refuse to write -- excluded as false positive.
+        # Exclude both old path (monolith) and new path (extracted package).
+        exclude: ^(prismal/agents/file_manager\.py|packages/prismal/prismal/agents/file_manager\.py)$
+      - id: debug-statements
+        name: "python: sin breakpoint() / pdb / set_trace()"
+      - id: check-ast
+        name: "python: AST valido (sintaxis)"
+  # ----------------------------------------------------------
+  # 3. DOCKERFILE — Hadolint
+  # Malas practicas, instrucciones inseguras, :latest tags
+  # ----------------------------------------------------------
+  - repo: https://github.com/hadolint/hadolint
+    rev: v2.13.1-beta
+    hooks:
+      - id: hadolint-docker
+        name: "docker: Hadolint"
+        args:
+          - --failure-threshold=warning
+          - --ignore=DL3008     # apt-get sin pin version (ok en CI images)
+          - --ignore=DL3013     # pip install sin pin version (gestionado por uv.lock en este repo)
+          - --ignore=SC2015     # "A && B || C" idiom intencional en Dockerfile
+  # ----------------------------------------------------------
+  # 4. LINTING + COMPLEJIDAD CICLOMATICA — Ruff
+  # C901: max-complexity = 10 (configurado en pyproject.toml)
+  # Tambien aplica formato (reemplaza black + isort)
+  # ----------------------------------------------------------
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    # Mantener alineado con la version de ruff en uv.lock (la que usa el job
+    # `lint` de .github/workflows/ci.yml via `uv run ruff`). Si actualizas el
+    # lock, actualiza este rev para evitar drift entre pre-commit y CI.
+    rev: v0.15.11
+    hooks:
+      - id: ruff
+        name: "lint: Ruff (lint + C901)"
+        args: [--fix, --exit-non-zero-on-fix]
+      - id: ruff-format
+        name: "fmt: Ruff format"
+  # ----------------------------------------------------------
+  # 5. TYPE CHECKING — ty (Astral)
+  # Tipos, flujo de datos, None no manejado, retornos incorrectos
+  # Solo corre si hay cambios en app/
+  # ----------------------------------------------------------
+  - repo: local
+    hooks:
+      - id: ty-check
+        name: "types: ty (informational)"
+        language: system
+        # ty (Astral) aun en alpha v0.0.x — los errores actuales son informativos
+        # y no bloquean el commit. El type-check autoritativo es `mypy --strict`
+        # (ver CLAUDE.md > "Before Every Commit"). Migrar a `ty` cuando estabilice.
+        # Se invoca por path al venv para no depender de `uv` ni del PATH del IDE.
+        entry: .venv/bin/ty
+        args: [check, --exit-zero, --output-format=concise, prismal/]
+        pass_filenames: false
+        types: [python]
+        files: ^prismal/
+  # ----------------------------------------------------------
+  # 6. COMPLEJIDAD COGNITIVA — flake8 + CCR001
+  # Complementa Ruff C901 con la metrica cognitiva de SonarSource
+  # Umbral: 12 (mas estricto que ciclomatica por su naturaleza)
+  # ----------------------------------------------------------
+  - repo: https://github.com/PyCQA/flake8
+    rev: 7.3.0
+    hooks:
+      - id: flake8
+        name: "complexity: cognitive CCR001 (baseline=100)"
+        additional_dependencies:
+          - flake8-cognitive-complexity==0.1.0
+        args:
+          - --select=CCR001
+          # Umbral alineado con el peor caso actual (_repl_async: 98).
+          # TODO: bajar progresivamente a 12 conforme se refactoren
+          #   supervisor_node, _repl_async, react_loop, skill_manager_node.
+          - --max-cognitive-complexity=100
+        files: ^prismal/
+        exclude: ^tests/
+  # ----------------------------------------------------------
+  # 7. COMPLEJIDAD — Radon (reporte, no bloquea)
+  # Muestra funciones con CC >= C (10+) como informacion
+  # verbose: true para ver output aunque no falle
+  # ----------------------------------------------------------
+  - repo: local
+    hooks:
+      - id: radon-cc
+        name: "complexity: Radon CC report (warning)"
+        language: system
+        # Path al venv en vez de `uv run ...` para no depender de `uv` en el PATH del IDE.
+        entry: .venv/bin/radon
+        args: [cc, prismal/, -s, -n, C]
+        pass_filenames: false
+        files: ^prismal/
+        verbose: true
+  # ----------------------------------------------------------
+  # 8. COMPLEJIDAD — Lizard (bloquea)
+  # CCN <= 10 y cognitive <= 12 por funcion
+  # Tambien valida parametros (<= 5) y longitud (<= 60 lineas)
+  # ----------------------------------------------------------
+  - repo: local
+    hooks:
+      - id: lizard
+        name: "complexity: Lizard CCN+args+length (baseline)"
+        language: system
+        # Umbrales alineados con codebase actual. Meta: CCN=10 / args=5 / length=200.
+        # TODO: bajar progresivamente al refactorizar _repl_async, supervisor_node,
+        #   react_loop, skill_manager_node, cua_node, codeact _validate_imports.
+        # Path al venv en vez de `uv run ...` para no depender de `uv` en el PATH del IDE.
+        entry: .venv/bin/lizard
+        args: [prismal/, --CCN, "40", --arguments, "15", --length, "350", -w]
+        pass_filenames: false
+        files: ^prismal/
+        exclude: ^tests/
+  # ----------------------------------------------------------
+  # 9. SAST — Bandit
+  # Vulnerabilidades Python: eval, subprocess, shell=True,
+  # pickle inseguro, hardcoded passwords, assert en produccion
+  # ----------------------------------------------------------
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.9.4
+    hooks:
+      - id: bandit
+        name: "sast: Bandit (medium+)"
+        additional_dependencies: ["bandit[toml]"]
+        args:
+          - -r
+          - prismal/
+          - -c
+          - pyproject.toml
+          - --severity-level=medium
+          - -q
+        pass_filenames: false
+        files: ^prismal/
+        exclude: ^tests/
+  # ----------------------------------------------------------
+  # 10. SAST — Semgrep
+  # Deshabilitado en pre-commit: opentelemetry-instrumentation (dep. de semgrep)
+  # usa pkg_resources que no está disponible en Python 3.13.
+  # Semgrep se ejecuta en CI (Bitbucket Pipelines) con todas las reglas:
+  #   p/python, p/secrets, p/owasp-top-ten, p/fastapi
+  # ----------------------------------------------------------
+  # - repo: https://github.com/semgrep/semgrep
+  #   rev: v1.116.0
+  #   hooks:
+  #     - id: semgrep
+  #       name: "sast: Semgrep (python + secrets)"
+  #       args: [--config=p/python, --config=p/secrets, --error, --quiet, --exclude=tests]
+  #       pass_filenames: false
+  # ----------------------------------------------------------
+  # 11. SEGURIDAD DEPENDENCIAS — pip-audit
+  # Solo corre si cambia pyproject.toml o uv.lock
+  # CVEs en paquetes del entorno gestionado por uv
+  # ----------------------------------------------------------
+  - repo: local
+    hooks:
+      - id: pip-audit
+        name: "sca: pip-audit (CVEs en deps)"
+        language: system
+        # Triage activo de CVEs en `prismal doctor security-check` (Phase 30).
+        # Solo CVEs SIN fix upstream aplicable, espejo exacto de `.trivyignore`
+        # (ver justificacion + trigger por entrada alli) y de ci.yml
+        # (PIP_AUDIT_IGNORES). Remediacion 2026-06:
+        # specs/dependency-security-remediation/.
+        # Path al venv en vez de `uv run ...` para no depender de `uv` en el PATH del IDE.
+        entry: .venv/bin/pip-audit
+        args:
+          # ecdsa (won't-fix, Minerva) — GHSA + alias CVE
+          - --ignore-vuln=GHSA-wj6h-64fc-37mp
+          - --ignore-vuln=CVE-2024-23342
+          # transformers 4.57.6 (solo rama lock py>=3.14) — mitigado torch>=2.6
+          - --ignore-vuln=CVE-2026-1839
+          # pip 26.0.1: CVE-2026-3219 sin fix publicado aun
+          - --ignore-vuln=CVE-2026-3219
+          # chromadb 1.5.8: CVE-2026-45829 sin first_patched_version
+          - --ignore-vuln=CVE-2026-45829
+          - --skip-editable
+        pass_filenames: false
+        files: ^(pyproject\.toml|uv\.lock)$
+  # ----------------------------------------------------------
+  # 12. CONVENTIONAL COMMITS
+  # Formato: feat:, fix:, chore:, docs:, refactor:, test:, ci:
+  # Requiere: uv run pre-commit install --hook-type commit-msg
+  # ----------------------------------------------------------
+#   - repo: https://github.com/compilerla/conventional-pre-commit
+#     rev: v3.4.0
+#     hooks:
+#       - id: conventional-pre-commit
+#         name: "git: conventional commit message"
+#         stages: [commit-msg]
+#         args:
+#           - feat
+#           - fix
+#           - chore
+#           - docs
+#           - style
+#           - refactor
+#           - test
+#           - ci
+#           - perf
+#           - revert
+  # ----------------------------------------------------------
+  # 13. E2E TESTS — runs on `git push` (pre-push stage)
+  # Deterministic end-to-end run of the compiled graph with a mocked LLM.
+  # Kept off the per-commit path (tests live in CI) but gates pushes.
+  # ----------------------------------------------------------
+  - repo: local
+    hooks:
+      - id: pytest-e2e
+        name: "tests: e2e (compiled graph, mocked LLM)"
+        language: system
+        entry: .venv/bin/pytest
+        args: [tests/e2e, -m, e2e, -q]
+        pass_filenames: false
+        stages: [pre-push]
+        types: [python]
+  # ----------------------------------------------------------
+  # 14. MUTATION TESTING — mutmut, scoped to prismal/security/
+  # Manual stage only (slow). Run on demand:
+  #   uv run pre-commit run mutmut --hook-stage manual
+  #   (or directly: uv run mutmut run && uv run mutmut results)
+  # ----------------------------------------------------------
+  - repo: local
+    hooks:
+      - id: mutmut
+        name: "mutation: mutmut (prismal/security)"
+        language: system
+        entry: .venv/bin/mutmut
+        args: [run]
+        pass_filenames: false
+        stages: [manual]
+        types: [python]

prismal_ai-3.0.0/.python-version ADDED Viewed

	@@ -0,0 +1 @@
1	+ 3.13

prismal_ai-3.0.0/.trivyignore ADDED Viewed

@@ -0,0 +1,61 @@
+# .trivyignore — Prismal
+# ============================================================
+# CVEs/GHSAs aceptadas/mitigadas en dependencias SIN fix upstream
+# aplicable. Cada entrada exige: razon, surface, referencia al spec
+# y TRIGGER de re-evaluacion.
+#
+# Mismos IDs que `pip-audit --ignore-vuln` en `.github/workflows/ci.yml`
+# y en `.pre-commit-config.yaml` -> hook `pip-audit`. Mantener los tres
+# espejados (regla de oro).
+#
+# Triage activo: `prismal doctor security-check` (Phase 30 maintenance).
+# Remediacion 2026-06: specs/dependency-security-remediation/ (18 alertas
+# Dependabot; las resueltas por el lock se retiraron de esta lista).
+# ============================================================
+# --- ecdsa 0.19.2 -> CVE-2024-23342 (Minerva timing attack) --
+# Transitiva (python-jose -> ecdsa). El mantenedor de python-ecdsa
+# declaro publicamente que NO habra fix (GHSA-wj6h-64fc-37mp): la
+# mitigacion completa requiere criptografia en C. Recomienda migrar
+# a `cryptography`. Ya usamos python-jose[cryptography] pero python-jose
+# arrastra `ecdsa` como dep regular. Surface: prismal no realiza firmas
+# ECDSA P-256 sensibles en caliente -> riesgo residual aceptado.
+# Spec: specs/dependency-security-remediation/SPEC.md (SEC-A05, alerta #1).
+# TRIGGER de re-evaluacion: migracion python-jose -> PyJWT (deuda
+# registrada en el spec) o fix upstream en python-ecdsa -> quitar ignore.
+CVE-2024-23342
+# --- transformers 4.57.6 (marker py>=3.14) -> CVE-2026-1839 --
+# RCE en Trainer._load_rng_state() via torch.load() sin weights_only
+# (GHSA-69w3-r845-3855, fix transformers 5.0.0rc3). MITIGADO:
+# (1) pyproject fija torch>=2.6 (lock: 2.11.0) -> safe_globals() de
+#     PyTorch >=2.6 neutraliza el vector de deserializacion;
+# (2) prismal no usa la clase Trainer (solo inferencia/embeddings via
+#     sentence-transformers);
+# (3) en py<3.14 el lock ya resuelve transformers 5.5.4 (>=5.0.0rc3);
+#     solo la rama del lock para py>=3.14 conserva 4.57.6.
+# Spec: specs/dependency-security-remediation/SPEC.md (SEC-A10, alerta #2).
+# TRIGGER de re-evaluacion: release estable de transformers 5.x soportado
+# por sentence-transformers en py>=3.14 -> subir y quitar este ignore.
+CVE-2026-1839
+# --- pip 26.0.1 -> CVE-2026-3219 (sin fix upstream aun) ------
+# pip 26.0.1 es el ultimo release publicado y CVE-2026-3219 no tiene
+# first_patched_version. Dependencia del toolchain (pip-audit), no del
+# runtime de prismal.
+# TRIGGER de re-evaluacion: pip publica release con fix -> quitar ignore.
+CVE-2026-3219
+# --- chromadb 1.5.8 -> CVE-2026-45829 (sin fix upstream) -----
+# CRITICAL — pre-authentication code injection (GHSA-f4j7-r4q5-qw2c). El rango
+# vulnerable es >=1.0.0,<=1.5.9 con first_patched=None: NO existe version
+# parcheada (1.5.9 sigue afectada) y el stack langchain-chroma no admite
+# downgrade a <1.0.0. ChromaDB se usa aqui como vector store local/embebido
+# (SQLite + Chroma), no como servidor HTTP expuesto, lo que limita la
+# explotabilidad pre-auth (verificado: solo `Chroma(persist_directory=...)`
+# en rag/vector_store.py, sin HttpClient ni `chroma run`). Mismo ignore en
+# pip-audit (.pre-commit-config.yaml + ci.yml).
+# Spec: specs/dependency-security-remediation/SPEC.md (SEC-A02, alerta #15).
+# TRIGGER de re-evaluacion: chromadb publica first_patched_version ->
+# quitar ignore y subir. Triage: `prismal doctor security-check`.
+CVE-2026-45829