radhiops 0.0.1__tar.gz

radhiops-0.0.1/.gitignore

@@ -0,0 +1,32 @@
+# Python
+__pycache__/
+*.py[cod]
+*.egg-info/
+.eggs/
+build/
+dist/
+.venv/
+venv/
+env/
+.pytest_cache/
+.mypy_cache/
+.ruff_cache/
+.coverage
+htmlcov/
+
+# Node
+node_modules/
+*.log
+npm-debug.log*
+
+# Env / secrets — never commit these
+.env
+.env.*
+*.pem
+*.key
+secrets/
+
+# IDE / OS
+.DS_Store
+.idea/
+*.swp

radhiops-0.0.1/PKG-INFO

@@ -0,0 +1,220 @@
+Metadata-Version: 2.4
+Name: radhiops
+Version: 0.0.1
+Summary: RadhiOps — BYOE AI Engineering Platform SDK
+Author: RadhiOps
+License: Apache-2.0
+Keywords: agents,ai,byoe,devops,mcp,security
+Requires-Python: >=3.10
+Requires-Dist: httpx>=0.27
+Requires-Dist: pydantic>=2.6
+Provides-Extra: all
+Requires-Dist: anthropic>=0.34; extra == 'all'
+Requires-Dist: google-generativeai>=0.7; extra == 'all'
+Requires-Dist: huggingface-hub>=0.24; extra == 'all'
+Requires-Dist: openai>=1.30; extra == 'all'
+Provides-Extra: anthropic
+Requires-Dist: anthropic>=0.34; extra == 'anthropic'
+Provides-Extra: dev
+Requires-Dist: pytest-asyncio>=0.23; extra == 'dev'
+Requires-Dist: pytest>=8.0; extra == 'dev'
+Requires-Dist: ruff>=0.5; extra == 'dev'
+Provides-Extra: google
+Requires-Dist: google-generativeai>=0.7; extra == 'google'
+Provides-Extra: huggingface
+Requires-Dist: huggingface-hub>=0.24; extra == 'huggingface'
+Provides-Extra: openai
+Requires-Dist: openai>=1.30; extra == 'openai'
+Description-Content-Type: text/markdown
+
+# radhiops
+
+The Python SDK for **RadhiOps** — the BYOE (Bring Your Own Everything) AI
+Engineering Platform.
+
+```bash
+pip install radhiops
+# providers are optional extras — install only what you use:
+pip install 'radhiops[openai]'        # or [anthropic], [google], [huggingface], [all]
+# ollama needs no extra (talks to your local server)
+```
+
+## Quick start
+
+```python
+from radhiops import RadhiOps
+
+# New here? A demo key seeds 500 free credits, fully offline.
+ops = RadhiOps(access_key="radhi_demo_yourtrialkey123")
+
+# Run a local security audit (no AI, no network needed).
+report = ops.soc.audit("./my-project")
+print(report.counts())          # {'low': 0, 'medium': 1, 'high': 0, 'critical': 0}
+print(report.passed)            # gate result for pre-push / pre-deploy
+
+# Bring your own model for AI-assisted remediation.
+ops.use_model("openai", model="gpt-4o-mini", api_key="sk-...")
+print(ops.soc.remediate(report))
+
+# Or run a fully local model via Ollama — no API key:
+ops.use_model("ollama", model="llama3.1")
+```
+
+## Repo agent — Git in plain English
+
+```python
+repo = ops.repo("./my-project")
+
+repo.command("what changed?")
+repo.command('commit "fix: handle null user"')
+repo.command("create a new branch feature/login")
+repo.command("merge dev into main")
+
+# push() runs a RadhiSOC security gate first and BLOCKS on high/critical
+# findings unless you explicitly override.
+result = repo.push()
+if not result.ok:
+    print(result.message)   # e.g. "Security gate blocked the push: 1 finding"
+```
+
+Common verbs are parsed by rules (free, offline). Ambiguous phrasing falls back
+to your BYOE model. Protected branches (main/master/prod) require
+`allow_protected=True`, and force pushes use `--force-with-lease`.
+
+```bash
+radhiops repo "push my changes" --path ./my-project
+radhiops repo "merge dev into main"
+```
+
+## Deployment agent — BYOE deploy targets
+
+Bring your own platform token. RadhiOps never stores it.
+
+```python
+# Vercel / Netlify / Render / Railway / Surge
+dep = ops.deploy("vercel", token="<vercel-token>", team_id="team_...")
+
+dep.list(limit=5)                  # recent deployments (normalized)
+d = dep.trigger()                  # kick a new deployment (where supported)
+final = dep.watch(d.id)            # poll until ready/failed
+if final.status.failed:
+    diag = dep.diagnose(d.id)      # rule-based + AI root-cause from the logs
+    print(diag.rule_based["suggestion"])
+```
+
+| Platform | name | Scope option | Triggers deploys |
+|----------|------|--------------|------------------|
+| Vercel | `vercel` | `team_id` (optional) | via git integration |
+| Netlify | `netlify` | `site_id` | yes (build) |
+| Render | `render` | `service_id` | yes |
+| Railway | `railway` | `service_id` | (monitor) |
+| Surge | `surge` | `domain` | yes (CLI) |
+
+The log diagnoser recognises common failures (missing modules, unset env vars,
+OOM, port conflicts, lockfile mismatches) with zero credits; anything it can't
+classify is escalated to your BYOE model.
+
+```bash
+radhiops deploy render status --id dep_123 --token $RENDER_TOKEN --opt service_id=srv_abc
+radhiops deploy vercel diagnose --id dpl_123 --token $VERCEL_TOKEN
+```
+
+## Runtime Monitor — production health & incidents
+
+```python
+mon = ops.monitor()
+mon.add_target("api", "https://myapp.com/health", contains="ok")
+mon.add_target("web", "https://myapp.com")
+
+mon.poll()                         # probe every target once
+for inc in mon.evaluate():         # anomalies -> incidents
+    print(inc.severity, inc.summary, "->", inc.escalate_to)
+
+# crash detection from a runtime log stream
+crash = mon.ingest_logs("api", ["Traceback (most recent call last):", "MemoryError"])
+
+# or run a monitoring loop with a callback per incident
+mon.watch(rounds=10, interval=30, on_incident=lambda i: print(i.to_dict()))
+```
+
+Detects: endpoint down (consecutive failures), error-rate spikes, latency
+degradation (p95), and runtime crashes (OOM, segfault, unhandled exceptions,
+restart loops, DB connection failures). Each incident is tagged with the agent
+that should handle it next (`DeploymentAgent`, `CyberDefenseAgent`), ready for
+the autonomous loop. Thresholds are tunable via `Thresholds`.
+
+## Cyber Defense agent — runtime attack detection
+
+Feed inbound requests through the guard; it returns an allow/challenge/block
+verdict and auto-blocklists serious offenders.
+
+```python
+guard = ops.defense()
+
+verdict = guard.analyze({
+    "ip": "203.0.113.9",
+    "path": "/search",
+    "query": "q=' UNION SELECT password FROM users--",
+})
+if verdict.blocked:
+    return Response(status=403)
+
+# behavioral: repeated failed logins from one IP -> brute force / stuffing
+verdict, incident = guard.inspect({"ip": "203.0.113.9", "auth_failed": True, "user": "admin"})
+
+# framework hook
+guard_fn = guard.middleware(on_block=lambda v: log.warning("blocked %s", v.ip))
+```
+
+Detects: SQL injection, XSS, SSRF, path traversal, command injection, header
+(CRLF) injection, brute force, credential stuffing, rate-limit abuse, and DDoS.
+Code-level attacks escalate to RadhiSOC (fix the code); volumetric attacks are
+blocked directly. Scoring/thresholds are tunable via `DefenseConfig`.
+
+## CLI
+
+```bash
+export RADHIOPS_ACCESS_KEY=radhi_demo_yourtrialkey123
+radhiops audit ./my-project
+radhiops audit . --json
+```
+
+The `audit` command exits non-zero when high/critical findings are present, so
+it drops straight into CI or a Kiro pre-push hook.
+
+## Supported model providers (BYOE)
+
+| Provider | name | Needs key? | Extra |
+|----------|------|-----------|-------|
+| OpenAI / compatible | `openai` | yes | `[openai]` |
+| Anthropic | `anthropic` | yes | `[anthropic]` |
+| Google Gemini | `google` | yes | `[google]` |
+| Ollama (local) | `ollama` | no | — |
+| Hugging Face | `huggingface` | yes | `[huggingface]` |
+
+Register your own (e.g. an MCP-backed model) with
+`radhiops.register_provider("mymodel", MyProviderClass)`.
+
+## Status
+
+Phase 0–5: BYOE model layer, access-key client, credit ledger (local + hosted),
+and all five agents — RadhiSOC (security), Repo (Git + pre-push gate),
+Deployment (multi-platform + log diagnosis), Runtime Monitor (health, anomalies,
+crashes), and Cyber Defense (runtime attack detection) — plus the Supabase
+backend. The autonomous cross-agent loop (incidents routing Monitor → Deployment
+→ RadhiSOC → Repo automatically) is next.
+
+### Online vs offline
+
+```python
+# Offline (default): local credit ledger, demo keys seeded with 500 credits.
+ops = RadhiOps(access_key="radhi_demo_...")
+
+# Online: validate + meter against the hosted backend (Supabase edge functions).
+ops = RadhiOps(
+    access_key="radhi_live_...",
+    offline=False,
+    api_base="https://<project-ref>.supabase.co",
+    anon_key="<supabase-anon-key>",
+)
+```

radhiops-0.0.1/README.md

@@ -0,0 +1,191 @@
+# radhiops
+
+The Python SDK for **RadhiOps** — the BYOE (Bring Your Own Everything) AI
+Engineering Platform.
+
+```bash
+pip install radhiops
+# providers are optional extras — install only what you use:
+pip install 'radhiops[openai]'        # or [anthropic], [google], [huggingface], [all]
+# ollama needs no extra (talks to your local server)
+```
+
+## Quick start
+
+```python
+from radhiops import RadhiOps
+
+# New here? A demo key seeds 500 free credits, fully offline.
+ops = RadhiOps(access_key="radhi_demo_yourtrialkey123")
+
+# Run a local security audit (no AI, no network needed).
+report = ops.soc.audit("./my-project")
+print(report.counts())          # {'low': 0, 'medium': 1, 'high': 0, 'critical': 0}
+print(report.passed)            # gate result for pre-push / pre-deploy
+
+# Bring your own model for AI-assisted remediation.
+ops.use_model("openai", model="gpt-4o-mini", api_key="sk-...")
+print(ops.soc.remediate(report))
+
+# Or run a fully local model via Ollama — no API key:
+ops.use_model("ollama", model="llama3.1")
+```
+
+## Repo agent — Git in plain English
+
+```python
+repo = ops.repo("./my-project")
+
+repo.command("what changed?")
+repo.command('commit "fix: handle null user"')
+repo.command("create a new branch feature/login")
+repo.command("merge dev into main")
+
+# push() runs a RadhiSOC security gate first and BLOCKS on high/critical
+# findings unless you explicitly override.
+result = repo.push()
+if not result.ok:
+    print(result.message)   # e.g. "Security gate blocked the push: 1 finding"
+```
+
+Common verbs are parsed by rules (free, offline). Ambiguous phrasing falls back
+to your BYOE model. Protected branches (main/master/prod) require
+`allow_protected=True`, and force pushes use `--force-with-lease`.
+
+```bash
+radhiops repo "push my changes" --path ./my-project
+radhiops repo "merge dev into main"
+```
+
+## Deployment agent — BYOE deploy targets
+
+Bring your own platform token. RadhiOps never stores it.
+
+```python
+# Vercel / Netlify / Render / Railway / Surge
+dep = ops.deploy("vercel", token="<vercel-token>", team_id="team_...")
+
+dep.list(limit=5)                  # recent deployments (normalized)
+d = dep.trigger()                  # kick a new deployment (where supported)
+final = dep.watch(d.id)            # poll until ready/failed
+if final.status.failed:
+    diag = dep.diagnose(d.id)      # rule-based + AI root-cause from the logs
+    print(diag.rule_based["suggestion"])
+```
+
+| Platform | name | Scope option | Triggers deploys |
+|----------|------|--------------|------------------|
+| Vercel | `vercel` | `team_id` (optional) | via git integration |
+| Netlify | `netlify` | `site_id` | yes (build) |
+| Render | `render` | `service_id` | yes |
+| Railway | `railway` | `service_id` | (monitor) |
+| Surge | `surge` | `domain` | yes (CLI) |
+
+The log diagnoser recognises common failures (missing modules, unset env vars,
+OOM, port conflicts, lockfile mismatches) with zero credits; anything it can't
+classify is escalated to your BYOE model.
+
+```bash
+radhiops deploy render status --id dep_123 --token $RENDER_TOKEN --opt service_id=srv_abc
+radhiops deploy vercel diagnose --id dpl_123 --token $VERCEL_TOKEN
+```
+
+## Runtime Monitor — production health & incidents
+
+```python
+mon = ops.monitor()
+mon.add_target("api", "https://myapp.com/health", contains="ok")
+mon.add_target("web", "https://myapp.com")
+
+mon.poll()                         # probe every target once
+for inc in mon.evaluate():         # anomalies -> incidents
+    print(inc.severity, inc.summary, "->", inc.escalate_to)
+
+# crash detection from a runtime log stream
+crash = mon.ingest_logs("api", ["Traceback (most recent call last):", "MemoryError"])
+
+# or run a monitoring loop with a callback per incident
+mon.watch(rounds=10, interval=30, on_incident=lambda i: print(i.to_dict()))
+```
+
+Detects: endpoint down (consecutive failures), error-rate spikes, latency
+degradation (p95), and runtime crashes (OOM, segfault, unhandled exceptions,
+restart loops, DB connection failures). Each incident is tagged with the agent
+that should handle it next (`DeploymentAgent`, `CyberDefenseAgent`), ready for
+the autonomous loop. Thresholds are tunable via `Thresholds`.
+
+## Cyber Defense agent — runtime attack detection
+
+Feed inbound requests through the guard; it returns an allow/challenge/block
+verdict and auto-blocklists serious offenders.
+
+```python
+guard = ops.defense()
+
+verdict = guard.analyze({
+    "ip": "203.0.113.9",
+    "path": "/search",
+    "query": "q=' UNION SELECT password FROM users--",
+})
+if verdict.blocked:
+    return Response(status=403)
+
+# behavioral: repeated failed logins from one IP -> brute force / stuffing
+verdict, incident = guard.inspect({"ip": "203.0.113.9", "auth_failed": True, "user": "admin"})
+
+# framework hook
+guard_fn = guard.middleware(on_block=lambda v: log.warning("blocked %s", v.ip))
+```
+
+Detects: SQL injection, XSS, SSRF, path traversal, command injection, header
+(CRLF) injection, brute force, credential stuffing, rate-limit abuse, and DDoS.
+Code-level attacks escalate to RadhiSOC (fix the code); volumetric attacks are
+blocked directly. Scoring/thresholds are tunable via `DefenseConfig`.
+
+## CLI
+
+```bash
+export RADHIOPS_ACCESS_KEY=radhi_demo_yourtrialkey123
+radhiops audit ./my-project
+radhiops audit . --json
+```
+
+The `audit` command exits non-zero when high/critical findings are present, so
+it drops straight into CI or a Kiro pre-push hook.
+
+## Supported model providers (BYOE)
+
+| Provider | name | Needs key? | Extra |
+|----------|------|-----------|-------|
+| OpenAI / compatible | `openai` | yes | `[openai]` |
+| Anthropic | `anthropic` | yes | `[anthropic]` |
+| Google Gemini | `google` | yes | `[google]` |
+| Ollama (local) | `ollama` | no | — |
+| Hugging Face | `huggingface` | yes | `[huggingface]` |
+
+Register your own (e.g. an MCP-backed model) with
+`radhiops.register_provider("mymodel", MyProviderClass)`.
+
+## Status
+
+Phase 0–5: BYOE model layer, access-key client, credit ledger (local + hosted),
+and all five agents — RadhiSOC (security), Repo (Git + pre-push gate),
+Deployment (multi-platform + log diagnosis), Runtime Monitor (health, anomalies,
+crashes), and Cyber Defense (runtime attack detection) — plus the Supabase
+backend. The autonomous cross-agent loop (incidents routing Monitor → Deployment
+→ RadhiSOC → Repo automatically) is next.
+
+### Online vs offline
+
+```python
+# Offline (default): local credit ledger, demo keys seeded with 500 credits.
+ops = RadhiOps(access_key="radhi_demo_...")
+
+# Online: validate + meter against the hosted backend (Supabase edge functions).
+ops = RadhiOps(
+    access_key="radhi_live_...",
+    offline=False,
+    api_base="https://<project-ref>.supabase.co",
+    anon_key="<supabase-anon-key>",
+)
+```

radhiops-0.0.1/pyproject.toml

@@ -0,0 +1,49 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "radhiops"
+version = "0.0.1"
+description = "RadhiOps — BYOE AI Engineering Platform SDK"
+readme = "README.md"
+requires-python = ">=3.10"
+license = { text = "Apache-2.0" }
+authors = [{ name = "RadhiOps" }]
+keywords = ["ai", "agents", "devops", "security", "byoe", "mcp"]
+dependencies = [
+    "httpx>=0.27",
+    "pydantic>=2.6",
+]
+
+[project.optional-dependencies]
+openai = ["openai>=1.30"]
+anthropic = ["anthropic>=0.34"]
+google = ["google-generativeai>=0.7"]
+huggingface = ["huggingface-hub>=0.24"]
+# ollama uses its local HTTP API via httpx — no extra dep required.
+all = [
+    "openai>=1.30",
+    "anthropic>=0.34",
+    "google-generativeai>=0.7",
+    "huggingface-hub>=0.24",
+]
+dev = [
+    "pytest>=8.0",
+    "pytest-asyncio>=0.23",
+    "ruff>=0.5",
+]
+
+[project.scripts]
+radhiops = "radhiops.cli:main"
+
+[tool.hatch.build.targets.wheel]
+packages = ["radhiops"]
+
+[tool.pytest.ini_options]
+asyncio_mode = "auto"
+testpaths = ["tests"]
+
+[tool.ruff]
+line-length = 100
+target-version = "py310"

radhiops-0.0.1/radhiops/__init__.py

@@ -0,0 +1,59 @@
+"""RadhiOps — BYOE AI Engineering Platform SDK."""
+
+from __future__ import annotations
+
+__version__ = "0.0.1"
+
+from .client import RadhiOps
+from .exceptions import (
+    AgentError,
+    AuthError,
+    InsufficientCreditsError,
+    ProviderError,
+    RadhiOpsError,
+    SubscriptionRequiredError,
+)
+from .plans import PLANS, Plan, upgrade_hint
+from .orchestrator import AutonomyMode, Orchestrator
+from .providers import (
+    ChatResult,
+    Message,
+    ModelProvider,
+    available_providers,
+    get_provider,
+    register_provider,
+)
+from .deploy import (
+    Deployment,
+    DeployStatus,
+    available_deploy_providers,
+    get_deploy_provider,
+    register_deploy_provider,
+)
+
+__all__ = [
+    "__version__",
+    "RadhiOps",
+    "RadhiOpsError",
+    "AuthError",
+    "AgentError",
+    "ProviderError",
+    "InsufficientCreditsError",
+    "SubscriptionRequiredError",
+    "PLANS",
+    "Plan",
+    "upgrade_hint",
+    "AutonomyMode",
+    "Orchestrator",
+    "ChatResult",
+    "Message",
+    "ModelProvider",
+    "available_providers",
+    "get_provider",
+    "register_provider",
+    "Deployment",
+    "DeployStatus",
+    "available_deploy_providers",
+    "get_deploy_provider",
+    "register_deploy_provider",
+]

radhiops-0.0.1/radhiops/agents/__init__.py

@@ -0,0 +1,19 @@
+"""RadhiOps agents."""
+
+from __future__ import annotations
+
+from .base import Agent
+from .cyberdefense import CyberDefenseAgent
+from .deployment import DeploymentAgent
+from .monitor import RuntimeMonitor
+from .repo import RepoAgent
+from .soc import RadhiSOC
+
+__all__ = [
+    "Agent",
+    "RadhiSOC",
+    "RepoAgent",
+    "DeploymentAgent",
+    "RuntimeMonitor",
+    "CyberDefenseAgent",
+]

radhiops-0.0.1/radhiops/agents/base.py

@@ -0,0 +1,52 @@
+"""Base class shared by every RadhiOps agent.
+
+An agent is given:
+  - a reference to the :class:`RadhiOps` client (for credits/auth/telemetry)
+  - an optional BYOE model provider (the user's own model)
+
+Agents expose high-level capabilities (audit, deploy, monitor, ...). Each
+capability that consumes platform resources reports its credit cost through
+``self._charge(...)`` so usage stays transparent.
+"""
+
+from __future__ import annotations
+
+from typing import TYPE_CHECKING, Any
+
+from ..providers.base import Message, ModelProvider
+
+if TYPE_CHECKING:
+    from ..client import RadhiOps
+
+
+class Agent:
+    #: Human-facing name, e.g. "RadhiSOC".
+    name: str = "Agent"
+
+    def __init__(self, client: "RadhiOps", model: ModelProvider | None = None) -> None:
+        self.client = client
+        self._model = model
+
+    @property
+    def model(self) -> ModelProvider:
+        """The BYOE model bound to this agent (falls back to the client default)."""
+        m = self._model or self.client.default_model
+        if m is None:
+            from ..exceptions import ProviderError
+
+            raise ProviderError(
+                f"{self.name} needs a model. Pass model=... or set a default "
+                "provider/model on the RadhiOps client."
+            )
+        return m
+
+    def _ask(self, system: str, user: str, **opts: Any) -> str:
+        """Convenience: single-turn prompt to the bound model."""
+        result = self.model.chat(
+            [Message("system", system), Message("user", user)], **opts
+        )
+        return result.text
+
+    def _charge(self, credits: int, action: str) -> None:
+        """Record credit usage for an action via the client."""
+        self.client._consume_credits(credits, f"{self.name}:{action}")