synapse-orch-ai 1.1.2__tar.gz

synapse_orch_ai-1.1.2/.codacy.yaml

@@ -0,0 +1,79 @@
+---
+# Codacy configuration — controls both API-upload scans and Actions workflow scans.
+# Stack: Python backend + TypeScript/Next.js frontend + Docker
+engines:
+  # Python security — keep
+  bandit:
+    enabled: true
+  ruff:
+    enabled: true
+  pylint:
+    enabled: true
+  prospector:
+    enabled: false   # redundant with ruff + pylint
+  pylintpython3:
+    enabled: false   # duplicate of pylint
+
+  # JavaScript / TypeScript — keep ESLint only
+  eslint:
+    enabled: true
+  jshint:
+    enabled: false   # deprecated, ESLint covers it
+  tslint:
+    enabled: false   # deprecated, ESLint covers it
+
+  # CSS — keep Stylelint only
+  stylelint:
+    enabled: true
+  csslint:
+    enabled: false   # redundant with stylelint
+
+  # Infrastructure / Docker
+  checkov:
+    enabled: true
+  hadolint:
+    enabled: true
+
+  # Shell scripts (setup.sh, start.sh)
+  shellcheck:
+    enabled: true
+  psscriptanalyzer:
+    enabled: false   # PowerShell — not a focus
+
+  # Static analysis
+  semgrep:
+    enabled: true
+
+  # Disabled — not relevant to this stack
+  pmd:
+    enabled: false   # Java only
+  pmd-7:
+    enabled: false   # Java only
+  lizard:
+    enabled: false   # complexity metrics, not security
+  jacksonlinter:
+    enabled: false
+  markdownlint:
+    enabled: false
+  remark-lint:
+    enabled: false
+  opengrep:
+    enabled: false
+  spectral:
+    enabled: false
+
+exclude_paths:
+  - node_modules/**
+  - frontend/node_modules/**
+  - backend/node_modules/**
+  - frontend/.next/**
+  - backend/venv/**
+  - backend/.venv/**
+  - backend/chroma_db/**
+  - backend/data/**
+  - backend/logs/**
+  - dist/**
+  - frontend-build/**
+  - synapse/_frontend/**
+  - "**/__pycache__/**"
+  - "**/*.egg-info/**"

synapse_orch_ai-1.1.2/.dockerignore

@@ -0,0 +1,20 @@
+backend/venv/
+backend/__pycache__/
+backend/data/chroma_db/
+backend/data/vault/
+backend/data/settings.json
+backend/data/credentials.json
+backend/data/token.json
+backend/data/personal_details.json
+frontend/node_modules/
+frontend/.next/
+.git/
+*.log
+*.pyc
+*.pyo
+synapse/_frontend/
+frontend-build/
+dist/
+*.egg-info/
+.env
+.env.local

synapse_orch_ai-1.1.2/.env.example

@@ -0,0 +1,37 @@
+# Synapse - Environment Configuration
+# Copy this file to .env and fill in your values.
+# All values are optional — Synapse works with defaults.
+
+# Directory where Synapse stores user data (settings, agent configs, vault, logs)
+# Default: backend/data  (relative to the project root)
+SYNAPSE_DATA_DIR=backend/data
+
+# Ollama base URL (for local models)
+# Default: http://127.0.0.1:11434
+OLLAMA_BASE_URL=http://127.0.0.1:11434
+
+# Port for the backend API server
+# Default: 8000
+SYNAPSE_BACKEND_PORT=8000
+
+# Port for the frontend web UI
+# Default: 3000
+SYNAPSE_FRONTEND_PORT=3000
+
+# Backend port exposed to the Next.js browser bundle (used in UI instructions like Google OAuth redirect URI)
+# Must match SYNAPSE_BACKEND_PORT. Requires a frontend rebuild when changed.
+# Default: 8000
+NEXT_PUBLIC_BACKEND_PORT=8000
+
+# Backend URL as seen by the Next.js server (used in Docker / custom deployments).
+# OPTIONAL — if omitted, auto-derived from SYNAPSE_BACKEND_PORT as http://127.0.0.1:<port>.
+# Override here for Docker/remote deployments (e.g. http://synapse-backend:8000).
+# BACKEND_URL=http://synapse-backend:8000
+
+# CORS origins allowed by the backend (comma-separated)
+# Default: http://localhost:3000,http://localhost:5173
+CORS_ORIGINS=http://localhost:3000
+
+# Coding Agent default db configuration
+# Default: postgres://postgres:password@localhost:5432/synapse
+DATABASE_URL=postgres://postgres:root@localhost:5432/synapse

synapse_orch_ai-1.1.2/.github/FUNDING.yml

@@ -0,0 +1,15 @@
+# These are supported funding model platforms
+
+github: [naveenraj-17]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+polar: # Replace with a single Polar username
+buy_me_a_coffee: # Replace with a single Buy Me a Coffee username
+thanks_dev: # Replace with a single thanks.dev username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

synapse_orch_ai-1.1.2/.github/workflows/codacy.yml

@@ -0,0 +1,106 @@
+name: Codacy Security Scan
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+  workflow_dispatch:
+  schedule:
+    - cron: '30 3 * * *'
+
+permissions:
+  contents: read
+  security-events: write
+  actions: read
+
+jobs:
+  codacy-security-scan:
+    name: Codacy Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      # Run only the security tools relevant to this project (Python + TypeScript + Docker)
+      - name: Run Security Analysis
+        timeout-minutes: 20
+        continue-on-error: true
+        run: |
+          mkdir -p sarif_results
+
+          TOOLS="bandit semgrep checkov eslint"
+          for tool in $TOOLS; do
+            echo "::group::Running $tool"
+            docker run --rm \
+              --env CODACY_CODE="$PWD" \
+              --env JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8" \
+              --volume /var/run/docker.sock:/var/run/docker.sock \
+              --volume "$PWD":"$PWD" \
+              --volume /tmp:/tmp \
+              codacy/codacy-analysis-cli:7.10.0 -- \
+              analyze \
+              --tool "$tool" \
+              --verbose \
+              --format sarif \
+              --output "$PWD/sarif_results/${tool}.sarif" \
+              --max-allowed-issues 2147483647 \
+              --skip-uncommitted-files-check || echo "::warning::$tool analysis failed"
+            echo "::endgroup::"
+          done
+
+      # Tag each SARIF with a unique category so GitHub doesn't merge them
+      - name: Prepare SARIF for upload
+        run: |
+          sudo python3 -c '
+          import json, os, glob
+
+          for path in glob.glob("sarif_results/*.sarif"):
+              if os.path.getsize(path) == 0:
+                  os.remove(path)
+                  continue
+              try:
+                  with open(path) as f:
+                      data = json.load(f)
+                  runs = data.get("runs", [])
+                  has_results = any(run.get("results") for run in runs)
+                  if not runs or not has_results:
+                      print(f"Skipping {path}: no results")
+                      os.remove(path)
+                      continue
+                  tool = os.path.basename(path).replace(".sarif", "")
+                  for i, run in enumerate(runs):
+                      if "automationDetails" not in run:
+                          run["automationDetails"] = {}
+                      run["automationDetails"]["id"] = f"codacy-{tool}-{i}"
+                  with open(path, "w") as f:
+                      json.dump(data, f, indent=2)
+              except (json.JSONDecodeError, KeyError):
+                  print(f"Warning: Could not process {path}")
+                  os.remove(path)
+          '
+
+      - name: Fix file permissions
+        run: sudo chown -R $(id -u):$(id -g) sarif_results/
+
+      - name: Upload SARIF results
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          for file in sarif_results/*.sarif; do
+            [ -f "$file" ] || continue
+            [ -s "$file" ] || continue
+            echo "Uploading $file..."
+            gzip -c "$file" > payload.gz
+            b64_payload=$(base64 -w0 payload.gz)
+            gh api \
+              --method POST \
+              -H "Accept: application/vnd.github+json" \
+              -H "X-GitHub-Api-Version: 2022-11-28" \
+              /repos/${{ github.repository }}/code-scanning/sarifs \
+              -f commit_sha="${{ github.sha }}" \
+              -f ref="${{ github.ref }}" \
+              -f sarif="$b64_payload" || echo "::warning::Failed to upload $file"
+            sleep 2
+          done
+          echo "All uploads complete!"

synapse_orch_ai-1.1.2/.github/workflows/codeql.yml

@@ -0,0 +1,104 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL Advanced"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+  workflow_dispatch:
+  schedule:
+    - cron: '30 3 * * *'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners (GitHub.com only)
+    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    env:
+      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: javascript-typescript
+          build-mode: none
+        - language: python
+          build-mode: none
+        # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift'
+        # Use `c-cpp` to analyze code written in C, C++ or both
+        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Add any setup steps before running the `github/codeql-action/init` action.
+    # This includes steps like installing compilers or runtimes (`actions/setup-node`
+    # or others). This is typically only required for manual builds.
+    # - name: Setup runtime (example)
+    #   uses: actions/setup-example@v1
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v4
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+    # If the analyze step fails for one of the languages you are analyzing with
+    # "We were unable to automatically build your code", modify the matrix above
+    # to set the build mode to "manual" for that language. Then modify this step
+    # to build your code.
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+    - name: Run manual build steps
+      if: matrix.build-mode == 'manual'
+      shell: bash
+      run: |
+        echo 'If you are using a "manual" build mode for one or more of the' \
+          'languages you are analyzing, replace this with the commands to build' \
+          'your code, for example:'
+        echo '  make bootstrap'
+        echo '  make release'
+        exit 1
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v4
+      with:
+        category: "/language:${{matrix.language}}"

synapse_orch_ai-1.1.2/.github/workflows/publish.yml

@@ -0,0 +1,76 @@
+name: Publish Synapse
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  build-frontend:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Build Next.js standalone
+        run: bash scripts/build_frontend.sh
+
+      - name: Upload frontend artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: frontend-builds
+          path: |
+            synapse/_frontend
+            frontend-build
+
+  publish-python:
+    runs-on: ubuntu-latest
+    needs: build-frontend
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Download frontend artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: frontend-builds
+
+      - name: Build Python package
+        run: |
+          pip install hatch
+          hatch build
+
+      - name: Publish to PyPI
+        run: |
+          pip install twine
+          twine upload --skip-existing dist/*
+        env:
+          TWINE_USERNAME: __token__
+          TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+
+  publish-npm:
+    runs-on: ubuntu-latest
+    needs: build-frontend
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Download frontend artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: frontend-builds
+
+      - name: Publish to npm
+        run: npm publish --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

synapse_orch_ai-1.1.2/.gitignore

@@ -0,0 +1,43 @@
+# General
+.DS_Store
+.vscode/
+.idea/
+*.log
+
+# Python / Backend
+**/__pycache__/
+backend/node_modules/
+backend/data/orchestration_runs/
+backend/logs/
+backend/venv/
+backend/data/chroma_db/
+backend/data/*
+backend/.playwright-mcp/
+
+# Javascript / Frontend
+frontend/node_modules/
+frontend/.next/
+frontend/next-env.d.ts
+
+# Specific project files
+backend/chroma_db/
+backend/data/chroma_db/
+backend/.venv/
+
+# Distribution artifacts
+dist/
+*.egg-info/
+*.whl
+*.tar.gz
+*.tgz
+synapse/_frontend/
+frontend-build/
+node_modules/
+
+# Environment files
+.env
+.env.local
+.env.*.local
+
+# Security — token files
+backend/data/token.json

synapse_orch_ai-1.1.2/CODE_OF_CONDUCT.md

@@ -0,0 +1,128 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+synapse.ai.orch@gmail.com.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.