ziro 0.1.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (420) hide show
  1. app/__init__.py +10 -0
  2. app/_hf_bootstrap.py +78 -0
  3. app/agents/.subagents/reflector.agent.md +26 -0
  4. app/agents/.subagents/scout.agent.md +30 -0
  5. app/agents/.subagents/solver.agent.md +37 -0
  6. app/agents/default/agent_config.yaml +89 -0
  7. app/agents/default/attachment_policy.yaml +8 -0
  8. app/agents/default/compaction_policy.yaml +24 -0
  9. app/agents/default/fs_policy.yaml +30 -0
  10. app/agents/default/guardrails_policy.yaml +145 -0
  11. app/agents/default/handoff_policy.yaml +12 -0
  12. app/agents/default/hooks.yaml +36 -0
  13. app/agents/default/mcp_servers.yaml +149 -0
  14. app/agents/default/memory_policy.yaml +17 -0
  15. app/agents/default/meta.yaml +17 -0
  16. app/agents/default/permissions.yaml +27 -0
  17. app/agents/default/shell_policy.yaml +29 -0
  18. app/agents/default/subagent_policy.yaml +15 -0
  19. app/agents/default/tool_policy.yaml +28 -0
  20. app/agents/default/voice_policy.yaml +29 -0
  21. app/agents/default/webfetch_policy.yaml +14 -0
  22. app/agents/life_coach/agent_config.yaml +49 -0
  23. app/agents/life_coach/attachment_policy.yaml +8 -0
  24. app/agents/life_coach/compaction_policy.yaml +24 -0
  25. app/agents/life_coach/guardrails_policy.yaml +145 -0
  26. app/agents/life_coach/handoff_policy.yaml +12 -0
  27. app/agents/life_coach/mcp_servers.yaml +63 -0
  28. app/agents/life_coach/memory_policy.yaml +17 -0
  29. app/agents/life_coach/meta.yaml +17 -0
  30. app/agents/life_coach/permissions.yaml +24 -0
  31. app/agents/life_coach/shell_policy.yaml +28 -0
  32. app/agents/life_coach/subagent_policy.yaml +15 -0
  33. app/agents/life_coach/tool_policy.yaml +15 -0
  34. app/agents/life_coach/voice_policy.yaml +29 -0
  35. app/agents/life_coach/webfetch_policy.yaml +14 -0
  36. app/agents/registry.yaml +10 -0
  37. app/agents/researcher/agent_config.yaml +59 -0
  38. app/agents/researcher/attachment_policy.yaml +8 -0
  39. app/agents/researcher/compaction_policy.yaml +25 -0
  40. app/agents/researcher/guardrails_policy.yaml +39 -0
  41. app/agents/researcher/handoff_policy.yaml +12 -0
  42. app/agents/researcher/hooks.yaml +63 -0
  43. app/agents/researcher/mcp_servers.yaml +64 -0
  44. app/agents/researcher/memory_policy.yaml +17 -0
  45. app/agents/researcher/meta.yaml +16 -0
  46. app/agents/researcher/permissions.yaml +22 -0
  47. app/agents/researcher/queue_policy.yaml +13 -0
  48. app/agents/researcher/shell_policy.yaml +29 -0
  49. app/agents/researcher/subagent_policy.yaml +20 -0
  50. app/agents/researcher/tool_policy.yaml +19 -0
  51. app/agents/researcher/voice_policy.yaml +29 -0
  52. app/agents/researcher/webfetch_policy.yaml +15 -0
  53. app/agents/researcher_docker/agent_config.yaml +56 -0
  54. app/agents/researcher_docker/attachment_policy.yaml +8 -0
  55. app/agents/researcher_docker/compaction_policy.yaml +25 -0
  56. app/agents/researcher_docker/guardrails_policy.yaml +39 -0
  57. app/agents/researcher_docker/handoff_policy.yaml +12 -0
  58. app/agents/researcher_docker/hooks.yaml +63 -0
  59. app/agents/researcher_docker/mcp_servers.yaml +26 -0
  60. app/agents/researcher_docker/memory_policy.yaml +17 -0
  61. app/agents/researcher_docker/meta.yaml +16 -0
  62. app/agents/researcher_docker/permissions.yaml +22 -0
  63. app/agents/researcher_docker/shell_policy.yaml +27 -0
  64. app/agents/researcher_docker/subagent_policy.yaml +20 -0
  65. app/agents/researcher_docker/tool_policy.yaml +19 -0
  66. app/agents/researcher_docker/webfetch_policy.yaml +15 -0
  67. app/capabilities/__init__.py +38 -0
  68. app/capabilities/audit.py +71 -0
  69. app/capabilities/builtins.py +143 -0
  70. app/capabilities/context.py +28 -0
  71. app/capabilities/manager.py +354 -0
  72. app/capabilities/models.py +160 -0
  73. app/capabilities/registry.py +57 -0
  74. app/clarify/__init__.py +0 -0
  75. app/clarify/models.py +30 -0
  76. app/clarify/tools.py +70 -0
  77. app/cli/__init__.py +0 -0
  78. app/cli/chat_once.py +195 -0
  79. app/cli/guard_check.py +143 -0
  80. app/cli/init.py +137 -0
  81. app/cli/launch_sync.py +122 -0
  82. app/cli/manage_agents.py +419 -0
  83. app/cli/run_scenarios.py +175 -0
  84. app/cli/runner.py +582 -0
  85. app/cli/show_graph.py +75 -0
  86. app/cli/startup.py +92 -0
  87. app/commands/__init__.py +7 -0
  88. app/commands/builtins.py +496 -0
  89. app/commands/registry.py +89 -0
  90. app/commands/session.py +304 -0
  91. app/compaction/__init__.py +40 -0
  92. app/compaction/models.py +87 -0
  93. app/compaction/node.py +176 -0
  94. app/compaction/summarizer.py +76 -0
  95. app/compaction/tokenizer.py +87 -0
  96. app/compaction/window.py +171 -0
  97. app/core/__init__.py +0 -0
  98. app/core/agent_md.py +80 -0
  99. app/core/agent_profiles.py +589 -0
  100. app/core/config.py +574 -0
  101. app/core/embeddings.py +142 -0
  102. app/core/flavour_apply.py +83 -0
  103. app/core/flavours.py +55 -0
  104. app/core/paths.py +159 -0
  105. app/core/retry.py +93 -0
  106. app/core/skills_catalog.py +85 -0
  107. app/core/trust.py +127 -0
  108. app/core/ui_prefs.py +37 -0
  109. app/fs/__init__.py +0 -0
  110. app/fs/models.py +35 -0
  111. app/fs/tools.py +264 -0
  112. app/graph/__init__.py +0 -0
  113. app/graph/graph.py +377 -0
  114. app/graph/interrupts.py +213 -0
  115. app/graph/nodes.py +618 -0
  116. app/graph/state.py +147 -0
  117. app/guardrails/__init__.py +32 -0
  118. app/guardrails/backends.py +613 -0
  119. app/guardrails/evaluator.py +75 -0
  120. app/guardrails/models.py +125 -0
  121. app/guardrails/nodes.py +71 -0
  122. app/guardrails/policy_loader.py +20 -0
  123. app/handoff/__init__.py +7 -0
  124. app/handoff/models.py +27 -0
  125. app/handoff/tools.py +54 -0
  126. app/hooks/__init__.py +30 -0
  127. app/hooks/callables.py +78 -0
  128. app/hooks/guards.py +258 -0
  129. app/hooks/models.py +105 -0
  130. app/hooks/registry.py +76 -0
  131. app/hooks/runner.py +31 -0
  132. app/io/__init__.py +1 -0
  133. app/io/attachments.py +154 -0
  134. app/llm/__init__.py +4 -0
  135. app/llm/adapter.py +86 -0
  136. app/llm/factory.py +48 -0
  137. app/llm/openrouter_adapter.py +132 -0
  138. app/llm/openrouter_catalog.py +266 -0
  139. app/main.py +700 -0
  140. app/memory/__init__.py +0 -0
  141. app/memory/checkpointer.py +22 -0
  142. app/memory/models.py +104 -0
  143. app/memory/node.py +63 -0
  144. app/memory/reflection.py +88 -0
  145. app/memory/store.py +214 -0
  146. app/permissions/__init__.py +43 -0
  147. app/permissions/gate.py +49 -0
  148. app/permissions/hook.py +57 -0
  149. app/permissions/models.py +68 -0
  150. app/permissions/policy.py +74 -0
  151. app/permissions/store.py +37 -0
  152. app/queue/__init__.py +9 -0
  153. app/queue/inflight.py +46 -0
  154. app/queue/models.py +71 -0
  155. app/queue/worker.py +241 -0
  156. app/rag/__init__.py +0 -0
  157. app/rag/indexer.py +108 -0
  158. app/rag/retriever.py +222 -0
  159. app/subagents/__init__.py +12 -0
  160. app/subagents/models.py +69 -0
  161. app/subagents/orchestrator.py +336 -0
  162. app/subagents/tool.py +116 -0
  163. app/tasks/__init__.py +25 -0
  164. app/tasks/models.py +21 -0
  165. app/tasks/reducer.py +58 -0
  166. app/tasks/render.py +36 -0
  167. app/tasks/tools.py +126 -0
  168. app/tools/__init__.py +0 -0
  169. app/tools/bootstrap.py +190 -0
  170. app/tools/indexer.py +36 -0
  171. app/tools/mcp_client.py +252 -0
  172. app/tools/mcp_manager.py +403 -0
  173. app/tools/mcp_models.py +73 -0
  174. app/tools/meta_tools.py +177 -0
  175. app/tools/oauth.py +345 -0
  176. app/tools/registry.py +277 -0
  177. app/tools/shell.py +456 -0
  178. app/tools/shell_audit.py +151 -0
  179. app/tools/shell_models.py +138 -0
  180. app/tui/__init__.py +49 -0
  181. app/tui/app.py +1143 -0
  182. app/tui/demo.py +105 -0
  183. app/tui/mcp_panel.py +311 -0
  184. app/tui/messages.py +54 -0
  185. app/tui/modals.py +307 -0
  186. app/tui/skills_panel.py +67 -0
  187. app/tui/store.py +40 -0
  188. app/tui/styles.tcss +290 -0
  189. app/tui/theme.py +171 -0
  190. app/tui/themes/README.md +39 -0
  191. app/tui/themes/carbon.yaml +10 -0
  192. app/tui/themes/gruvbox.yaml +10 -0
  193. app/tui/themes/nord.yaml +10 -0
  194. app/tui/widgets.py +722 -0
  195. app/voice/__init__.py +7 -0
  196. app/voice/backends.py +170 -0
  197. app/voice/models.py +65 -0
  198. app/voice/pipeline.py +180 -0
  199. app/webfetch/__init__.py +6 -0
  200. app/webfetch/models.py +22 -0
  201. app/webfetch/tool.py +173 -0
  202. flavours/coder.yaml +13 -0
  203. flavours/guarded.yaml +11 -0
  204. flavours/minimal.yaml +8 -0
  205. flavours/research.yaml +10 -0
  206. flavours/voice-assistant.yaml +10 -0
  207. skills/__init__.py +0 -0
  208. skills/brand-guidelines/SKILL.md +72 -0
  209. skills/deep-research/SKILL.md +168 -0
  210. skills/deep-research/references/decomposition.md +66 -0
  211. skills/deep-research/references/synthesis.md +73 -0
  212. skills/deep-research/references/tool-routing.md +74 -0
  213. skills/deep-research/references/verification.md +56 -0
  214. skills/doc-coauthoring/SKILL.md +375 -0
  215. skills/docx/SKILL.md +589 -0
  216. skills/docx/scripts/__init__.py +1 -0
  217. skills/docx/scripts/accept_changes.py +135 -0
  218. skills/docx/scripts/comment.py +318 -0
  219. skills/docx/scripts/office/helpers/__init__.py +0 -0
  220. skills/docx/scripts/office/helpers/merge_runs.py +199 -0
  221. skills/docx/scripts/office/helpers/simplify_redlines.py +197 -0
  222. skills/docx/scripts/office/pack.py +159 -0
  223. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-chart.xsd +1499 -0
  224. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-chartDrawing.xsd +146 -0
  225. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-diagram.xsd +1085 -0
  226. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-lockedCanvas.xsd +11 -0
  227. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-main.xsd +3081 -0
  228. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-picture.xsd +23 -0
  229. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-spreadsheetDrawing.xsd +185 -0
  230. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-wordprocessingDrawing.xsd +287 -0
  231. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/pml.xsd +1676 -0
  232. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-additionalCharacteristics.xsd +28 -0
  233. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-bibliography.xsd +144 -0
  234. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-commonSimpleTypes.xsd +174 -0
  235. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-customXmlDataProperties.xsd +25 -0
  236. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-customXmlSchemaProperties.xsd +18 -0
  237. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesCustom.xsd +59 -0
  238. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesExtended.xsd +56 -0
  239. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesVariantTypes.xsd +195 -0
  240. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-math.xsd +582 -0
  241. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-relationshipReference.xsd +25 -0
  242. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/sml.xsd +4439 -0
  243. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-main.xsd +570 -0
  244. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-officeDrawing.xsd +509 -0
  245. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-presentationDrawing.xsd +12 -0
  246. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-spreadsheetDrawing.xsd +108 -0
  247. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-wordprocessingDrawing.xsd +96 -0
  248. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/wml.xsd +3646 -0
  249. skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/xml.xsd +116 -0
  250. skills/docx/scripts/office/schemas/ecma/fouth-edition/opc-contentTypes.xsd +42 -0
  251. skills/docx/scripts/office/schemas/ecma/fouth-edition/opc-coreProperties.xsd +50 -0
  252. skills/docx/scripts/office/schemas/ecma/fouth-edition/opc-digSig.xsd +49 -0
  253. skills/docx/scripts/office/schemas/ecma/fouth-edition/opc-relationships.xsd +33 -0
  254. skills/docx/scripts/office/schemas/mce/mc.xsd +75 -0
  255. skills/docx/scripts/office/schemas/microsoft/wml-2010.xsd +560 -0
  256. skills/docx/scripts/office/schemas/microsoft/wml-2012.xsd +67 -0
  257. skills/docx/scripts/office/schemas/microsoft/wml-2018.xsd +14 -0
  258. skills/docx/scripts/office/schemas/microsoft/wml-cex-2018.xsd +20 -0
  259. skills/docx/scripts/office/schemas/microsoft/wml-cid-2016.xsd +13 -0
  260. skills/docx/scripts/office/schemas/microsoft/wml-sdtdatahash-2020.xsd +4 -0
  261. skills/docx/scripts/office/schemas/microsoft/wml-symex-2015.xsd +8 -0
  262. skills/docx/scripts/office/soffice.py +183 -0
  263. skills/docx/scripts/office/unpack.py +132 -0
  264. skills/docx/scripts/office/validate.py +111 -0
  265. skills/docx/scripts/office/validators/__init__.py +15 -0
  266. skills/docx/scripts/office/validators/base.py +847 -0
  267. skills/docx/scripts/office/validators/docx.py +446 -0
  268. skills/docx/scripts/office/validators/pptx.py +275 -0
  269. skills/docx/scripts/office/validators/redlining.py +247 -0
  270. skills/docx/scripts/templates/comments.xml +3 -0
  271. skills/docx/scripts/templates/commentsExtended.xml +3 -0
  272. skills/docx/scripts/templates/commentsExtensible.xml +3 -0
  273. skills/docx/scripts/templates/commentsIds.xml +3 -0
  274. skills/docx/scripts/templates/people.xml +3 -0
  275. skills/four-blocks-reflection/SKILL.md +118 -0
  276. skills/four-blocks-reflection/references/abc-model.md +51 -0
  277. skills/four-blocks-reflection/references/bridge-layer-patterns.md +156 -0
  278. skills/four-blocks-reflection/references/crisis-and-liability.md +107 -0
  279. skills/four-blocks-reflection/references/disputing-process.md +62 -0
  280. skills/four-blocks-reflection/references/first-responder-scenarios.md +219 -0
  281. skills/four-blocks-reflection/references/four-block-formulas.md +93 -0
  282. skills/four-blocks-reflection/references/multi-block-sequencing.md +136 -0
  283. skills/four-blocks-reflection/references/safety-and-crisis.md +49 -0
  284. skills/four-blocks-reflection/references/seven-irrational-beliefs.md +80 -0
  285. skills/four-blocks-reflection/references/three-insights.md +74 -0
  286. skills/loader.py +84 -0
  287. skills/pdf/SKILL.md +314 -0
  288. skills/pdf/forms.md +294 -0
  289. skills/pdf/reference.md +612 -0
  290. skills/pdf/scripts/check_bounding_boxes.py +65 -0
  291. skills/pdf/scripts/check_fillable_fields.py +11 -0
  292. skills/pdf/scripts/convert_pdf_to_images.py +33 -0
  293. skills/pdf/scripts/create_validation_image.py +37 -0
  294. skills/pdf/scripts/extract_form_field_info.py +122 -0
  295. skills/pdf/scripts/extract_form_structure.py +115 -0
  296. skills/pdf/scripts/fill_fillable_fields.py +98 -0
  297. skills/pdf/scripts/fill_pdf_form_with_annotations.py +107 -0
  298. skills/pdf-report/SKILL.md +67 -0
  299. skills/pdf-report/scripts/report_template.py +133 -0
  300. skills/pptx/SKILL.md +231 -0
  301. skills/pptx/editing.md +205 -0
  302. skills/pptx/pptxgenjs.md +420 -0
  303. skills/pptx/scripts/__init__.py +0 -0
  304. skills/pptx/scripts/add_slide.py +195 -0
  305. skills/pptx/scripts/clean.py +286 -0
  306. skills/pptx/scripts/office/helpers/__init__.py +0 -0
  307. skills/pptx/scripts/office/helpers/merge_runs.py +199 -0
  308. skills/pptx/scripts/office/helpers/simplify_redlines.py +197 -0
  309. skills/pptx/scripts/office/pack.py +159 -0
  310. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-chart.xsd +1499 -0
  311. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-chartDrawing.xsd +146 -0
  312. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-diagram.xsd +1085 -0
  313. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-lockedCanvas.xsd +11 -0
  314. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-main.xsd +3081 -0
  315. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-picture.xsd +23 -0
  316. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-spreadsheetDrawing.xsd +185 -0
  317. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-wordprocessingDrawing.xsd +287 -0
  318. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/pml.xsd +1676 -0
  319. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-additionalCharacteristics.xsd +28 -0
  320. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-bibliography.xsd +144 -0
  321. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-commonSimpleTypes.xsd +174 -0
  322. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-customXmlDataProperties.xsd +25 -0
  323. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-customXmlSchemaProperties.xsd +18 -0
  324. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesCustom.xsd +59 -0
  325. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesExtended.xsd +56 -0
  326. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesVariantTypes.xsd +195 -0
  327. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-math.xsd +582 -0
  328. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-relationshipReference.xsd +25 -0
  329. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/sml.xsd +4439 -0
  330. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-main.xsd +570 -0
  331. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-officeDrawing.xsd +509 -0
  332. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-presentationDrawing.xsd +12 -0
  333. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-spreadsheetDrawing.xsd +108 -0
  334. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-wordprocessingDrawing.xsd +96 -0
  335. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/wml.xsd +3646 -0
  336. skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/xml.xsd +116 -0
  337. skills/pptx/scripts/office/schemas/ecma/fouth-edition/opc-contentTypes.xsd +42 -0
  338. skills/pptx/scripts/office/schemas/ecma/fouth-edition/opc-coreProperties.xsd +50 -0
  339. skills/pptx/scripts/office/schemas/ecma/fouth-edition/opc-digSig.xsd +49 -0
  340. skills/pptx/scripts/office/schemas/ecma/fouth-edition/opc-relationships.xsd +33 -0
  341. skills/pptx/scripts/office/schemas/mce/mc.xsd +75 -0
  342. skills/pptx/scripts/office/schemas/microsoft/wml-2010.xsd +560 -0
  343. skills/pptx/scripts/office/schemas/microsoft/wml-2012.xsd +67 -0
  344. skills/pptx/scripts/office/schemas/microsoft/wml-2018.xsd +14 -0
  345. skills/pptx/scripts/office/schemas/microsoft/wml-cex-2018.xsd +20 -0
  346. skills/pptx/scripts/office/schemas/microsoft/wml-cid-2016.xsd +13 -0
  347. skills/pptx/scripts/office/schemas/microsoft/wml-sdtdatahash-2020.xsd +4 -0
  348. skills/pptx/scripts/office/schemas/microsoft/wml-symex-2015.xsd +8 -0
  349. skills/pptx/scripts/office/soffice.py +183 -0
  350. skills/pptx/scripts/office/unpack.py +132 -0
  351. skills/pptx/scripts/office/validate.py +111 -0
  352. skills/pptx/scripts/office/validators/__init__.py +15 -0
  353. skills/pptx/scripts/office/validators/base.py +847 -0
  354. skills/pptx/scripts/office/validators/docx.py +446 -0
  355. skills/pptx/scripts/office/validators/pptx.py +275 -0
  356. skills/pptx/scripts/office/validators/redlining.py +247 -0
  357. skills/pptx/scripts/thumbnail.py +289 -0
  358. skills/xlsx/SKILL.md +291 -0
  359. skills/xlsx/scripts/office/helpers/__init__.py +0 -0
  360. skills/xlsx/scripts/office/helpers/merge_runs.py +199 -0
  361. skills/xlsx/scripts/office/helpers/simplify_redlines.py +197 -0
  362. skills/xlsx/scripts/office/pack.py +159 -0
  363. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-chart.xsd +1499 -0
  364. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-chartDrawing.xsd +146 -0
  365. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-diagram.xsd +1085 -0
  366. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-lockedCanvas.xsd +11 -0
  367. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-main.xsd +3081 -0
  368. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-picture.xsd +23 -0
  369. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-spreadsheetDrawing.xsd +185 -0
  370. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-wordprocessingDrawing.xsd +287 -0
  371. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/pml.xsd +1676 -0
  372. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-additionalCharacteristics.xsd +28 -0
  373. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-bibliography.xsd +144 -0
  374. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-commonSimpleTypes.xsd +174 -0
  375. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-customXmlDataProperties.xsd +25 -0
  376. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-customXmlSchemaProperties.xsd +18 -0
  377. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesCustom.xsd +59 -0
  378. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesExtended.xsd +56 -0
  379. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesVariantTypes.xsd +195 -0
  380. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-math.xsd +582 -0
  381. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-relationshipReference.xsd +25 -0
  382. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/sml.xsd +4439 -0
  383. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-main.xsd +570 -0
  384. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-officeDrawing.xsd +509 -0
  385. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-presentationDrawing.xsd +12 -0
  386. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-spreadsheetDrawing.xsd +108 -0
  387. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-wordprocessingDrawing.xsd +96 -0
  388. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/wml.xsd +3646 -0
  389. skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/xml.xsd +116 -0
  390. skills/xlsx/scripts/office/schemas/ecma/fouth-edition/opc-contentTypes.xsd +42 -0
  391. skills/xlsx/scripts/office/schemas/ecma/fouth-edition/opc-coreProperties.xsd +50 -0
  392. skills/xlsx/scripts/office/schemas/ecma/fouth-edition/opc-digSig.xsd +49 -0
  393. skills/xlsx/scripts/office/schemas/ecma/fouth-edition/opc-relationships.xsd +33 -0
  394. skills/xlsx/scripts/office/schemas/mce/mc.xsd +75 -0
  395. skills/xlsx/scripts/office/schemas/microsoft/wml-2010.xsd +560 -0
  396. skills/xlsx/scripts/office/schemas/microsoft/wml-2012.xsd +67 -0
  397. skills/xlsx/scripts/office/schemas/microsoft/wml-2018.xsd +14 -0
  398. skills/xlsx/scripts/office/schemas/microsoft/wml-cex-2018.xsd +20 -0
  399. skills/xlsx/scripts/office/schemas/microsoft/wml-cid-2016.xsd +13 -0
  400. skills/xlsx/scripts/office/schemas/microsoft/wml-sdtdatahash-2020.xsd +4 -0
  401. skills/xlsx/scripts/office/schemas/microsoft/wml-symex-2015.xsd +8 -0
  402. skills/xlsx/scripts/office/soffice.py +183 -0
  403. skills/xlsx/scripts/office/unpack.py +132 -0
  404. skills/xlsx/scripts/office/validate.py +111 -0
  405. skills/xlsx/scripts/office/validators/__init__.py +15 -0
  406. skills/xlsx/scripts/office/validators/base.py +847 -0
  407. skills/xlsx/scripts/office/validators/docx.py +446 -0
  408. skills/xlsx/scripts/office/validators/pptx.py +275 -0
  409. skills/xlsx/scripts/office/validators/redlining.py +247 -0
  410. skills/xlsx/scripts/recalc.py +184 -0
  411. ziro/__init__.py +52 -0
  412. ziro/_version.py +24 -0
  413. ziro/agent.py +278 -0
  414. ziro/capabilities.py +41 -0
  415. ziro/py.typed +0 -0
  416. ziro/types.py +27 -0
  417. ziro-0.1.1.dist-info/METADATA +502 -0
  418. ziro-0.1.1.dist-info/RECORD +420 -0
  419. ziro-0.1.1.dist-info/WHEEL +4 -0
  420. ziro-0.1.1.dist-info/entry_points.txt +4 -0
app/__init__.py ADDED
@@ -0,0 +1,10 @@
1
+ """Ziro package.
2
+
3
+ F24: configure HuggingFace offline mode **first** — before any submodule import can
4
+ pull in ``transformers``/``huggingface_hub`` (whose offline flag is frozen at import).
5
+ See :mod:`app._hf_bootstrap`.
6
+ """
7
+
8
+ from app._hf_bootstrap import configure_hf_offline
9
+
10
+ configure_hf_offline()
app/_hf_bootstrap.py ADDED
@@ -0,0 +1,78 @@
1
+ """F24 — HuggingFace offline bootstrap (runs before any transformers/hub import).
2
+
3
+ ``huggingface_hub`` reads ``HF_HUB_OFFLINE`` into a module constant **once, at
4
+ import time**, and it is imported very early (via
5
+ ``langchain_core.language_models.base`` → ``transformers``). Setting the env var any
6
+ later has no effect (verified during implementation). The only chokepoint that runs
7
+ before that import is ``app/__init__.py``, which calls :func:`configure_hf_offline`
8
+ here.
9
+
10
+ Going offline removes ~9 s of HuggingFace Hub revision/etag checks per launch (a
11
+ cached-model construct drops from ~9.2 s to ~0.3 s) **and** pins the embedding space
12
+ to the cached revision the FAISS index was built against. To stay correct on a fresh
13
+ machine, we only go offline when the model is **already cached** (a pure filesystem
14
+ check, no import) — otherwise the one-time download still runs. This module imports
15
+ nothing but :mod:`os` so it can run before the heavy import web.
16
+ """
17
+
18
+ from __future__ import annotations
19
+
20
+ import os
21
+
22
+ _EMB_MODEL = "sentence-transformers/all-MiniLM-L6-v2"
23
+
24
+
25
+ def _hub_cache_dir() -> str:
26
+ """The HuggingFace hub cache directory, honouring the standard env overrides."""
27
+ cache = os.environ.get("HUGGINGFACE_HUB_CACHE")
28
+ if cache:
29
+ return cache
30
+ home = os.environ.get("HF_HOME") or os.path.join(
31
+ os.path.expanduser("~"), ".cache", "huggingface"
32
+ )
33
+ return os.path.join(home, "hub")
34
+
35
+
36
+ def _embeddings_cached(model: str = _EMB_MODEL) -> bool:
37
+ """True iff a usable snapshot of ``model`` is already in the hub cache.
38
+
39
+ A usable snapshot carries ``config.json``; checking for it (rather than just the
40
+ snapshots dir) guards against a half-populated cache.
41
+ """
42
+ folder = "models--" + model.replace("/", "--")
43
+ snapshots = os.path.join(_hub_cache_dir(), folder, "snapshots")
44
+ if not os.path.isdir(snapshots):
45
+ return False
46
+ try:
47
+ for snap in os.listdir(snapshots):
48
+ if os.path.exists(os.path.join(snapshots, snap, "config.json")):
49
+ return True
50
+ except OSError:
51
+ return False
52
+ return False
53
+
54
+
55
+ def configure_hf_offline() -> bool:
56
+ """Set ``HF_HUB_OFFLINE``/``TRANSFORMERS_OFFLINE`` when safe. Returns True iff
57
+ offline is in effect. MUST run before any ``huggingface_hub`` import.
58
+
59
+ Precedence: ``ZIRO_NO_ENV_MUTATION=1`` disables all host-env mutation (for
60
+ embedders — ``import ziro`` must not silently touch the host process env);
61
+ an explicit operator ``HF_HUB_OFFLINE`` is never overridden;
62
+ ``ZIRO_EMBEDDINGS_OFFLINE=1`` forces offline regardless of cache; otherwise
63
+ we go offline only when the embeddings model is already cached.
64
+ """
65
+ if os.environ.get("ZIRO_NO_ENV_MUTATION") == "1":
66
+ # Never write to the host env. Report the current offline state, but leave
67
+ # it to the operator to set HF_HUB_OFFLINE explicitly when embedding Ziro.
68
+ explicit_ro = os.environ.get("HF_HUB_OFFLINE")
69
+ return explicit_ro not in (None, "0", "", "false", "False")
70
+ explicit = os.environ.get("HF_HUB_OFFLINE")
71
+ if explicit is not None: # respect an operator's explicit choice, either way
72
+ return explicit not in ("0", "", "false", "False")
73
+ forced = os.environ.get("ZIRO_EMBEDDINGS_OFFLINE", "") in ("1", "true", "True")
74
+ if forced or _embeddings_cached():
75
+ os.environ["HF_HUB_OFFLINE"] = "1"
76
+ os.environ["TRANSFORMERS_OFFLINE"] = "1"
77
+ return True
78
+ return False
@@ -0,0 +1,26 @@
1
+ ---
2
+ name: Reflector
3
+ description: Reflection coach — structures experiences into actionable insight
4
+ enabled: true
5
+ model: deepseek/deepseek-v4-flash
6
+ # Demonstrates the namespace form: whole `rag` + `memory` namespaces are expanded
7
+ # to all their tools at bind time (vs. scout's explicit qualified `tools:` list).
8
+ namespaces:
9
+ - rag
10
+ - memory
11
+ skills:
12
+ - four-blocks-reflection
13
+ soul: |
14
+ A warm, structured reflection guide. Turns raw experience into clear next steps.
15
+ ---
16
+ You are Reflector, a focused reflection subagent.
17
+
18
+ Your job: take the experience or situation in the task and produce a structured
19
+ reflection that ends in concrete, actionable takeaways. You run in isolation —
20
+ work only from what the task gives you.
21
+
22
+ - Consult your scoped skills (search_skills) for the reflection framework before
23
+ structuring your answer.
24
+ - Be concise and concrete; avoid vague encouragement.
25
+ - End your reply with a line beginning `HANDOFF:` containing the distilled
26
+ reflection + next steps the parent should receive.
@@ -0,0 +1,30 @@
1
+ ---
2
+ name: Scout
3
+ description: Focused research scout — gathers and reports grounded findings
4
+ enabled: true
5
+ model: deepseek/deepseek-v4-flash
6
+ tools:
7
+ - rag:search_rag
8
+ - rag:search_skills
9
+ - rag:load_skill_ref
10
+ - memory:save_memory
11
+ - webfetch:web_fetch # inherited from parent core; lets the scout actually fetch sources
12
+ skills:
13
+ - deep-research
14
+ soul: |
15
+ A neutral, source-grounded scout. Values traceable evidence over speculation.
16
+ ---
17
+ You are Scout, a focused research subagent.
18
+
19
+ Your job: take the single task handed to you, gather what is needed, and return
20
+ one concise, evidence-grounded answer. You run in isolation — everything you need
21
+ is in the task.
22
+
23
+ - Consult your scoped skills (search_skills) for research methodology before you
24
+ start a non-trivial investigation.
25
+ - Ground claims in real sources: use `web_fetch` to pull primary pages and
26
+ `search_rag` for the local corpus. Prefer a fetched source over recollection.
27
+ - Lead with the answer, then the supporting detail. No filler.
28
+ - When you lack a source, say so plainly rather than guessing.
29
+ - End your reply with a line beginning `HANDOFF:` containing the final answer the
30
+ parent should receive.
@@ -0,0 +1,37 @@
1
+ ---
2
+ name: Solver
3
+ description: Generalist problem-solver subagent — takes a self-contained task and drives it to a verified result using whatever tools it inherits
4
+ enabled: true
5
+ # model omitted → inherits the OPENROUTER_MODEL env default (a capable model),
6
+ # so the solver is genuinely smart, not a fast-but-shallow scratch worker.
7
+ namespaces:
8
+ - rag
9
+ - memory
10
+ - tasks
11
+ tools:
12
+ - webfetch:web_fetch # inherited from parent core
13
+ - shell:run_shell # inherited ONLY if the parent has loaded shell (active); HITL-gated
14
+ # No skills scope → unscoped: the solver may search and load ANY skill it needs.
15
+ soul: |
16
+ A relentless, resourceful problem-solver. Owns the task end to end, verifies its
17
+ own work, and is honest about what it could and could not establish.
18
+ ---
19
+ You are Solver, a generalist problem-solving subagent. The parent handed you one
20
+ self-contained task and expects a finished, verified result — not a sketch.
21
+
22
+ How you work:
23
+ - Plan first with `write_todos` when the task has more than one step; keep it honest.
24
+ - Discover before you guess. `search_skills` for how-to, `search_tools` +
25
+ `load_tools` for capabilities, `search_rag` for the local corpus, `web_fetch`
26
+ for primary sources. If you think "I can't do X," search for X first.
27
+ - If shell is available to you (the parent loaded it), use it to actually run,
28
+ test, and inspect — don't reason about code you could just execute.
29
+ - Reflect after each meaningful step: did it move the goal, is the result correct,
30
+ what should change the plan. Verify — run it, re-read it, cross-check — before
31
+ you claim anything. Evidence before assertions.
32
+ - If you hit a real wall (missing permission, credential, or a decision only the
33
+ parent/user can make), say so plainly instead of fabricating.
34
+
35
+ You run in isolation: everything you need is in the task or discoverable. End your
36
+ reply with a line beginning `HANDOFF:` containing the finished result — the answer,
37
+ what you verified, and anything still open — that the parent should receive.
@@ -0,0 +1,89 @@
1
+ # Generalist persona — an autonomous, goal-driven agent that discovers and uses
2
+ # whatever skills, tools, and subagents a task needs, and reflects as it goes.
3
+ # `intro` is the one-line identity that opens the system prompt (overrides the
4
+ # generic BASE_SYSTEM default).
5
+ intro: |
6
+ You are a capable, autonomous generalist agent with persistent memory, a
7
+ knowledge base, and a discoverable surface of skills, tools, and subagents.
8
+ system_prompt: |
9
+ You are a capable, autonomous generalist agent. Given a goal, you work toward it
10
+ relentlessly — planning, gathering what you need, acting, checking your own work,
11
+ and course-correcting — until the goal is genuinely met or you are truly blocked.
12
+ You do not stop at the first plausible answer and you do not hand back half-done
13
+ work. You are resourceful: you assume the capability you need probably already
14
+ exists somewhere on your surface, and you go find it before guessing.
15
+
16
+ ## Your surface — discover, then use
17
+ You start each thread knowing only a few core tools. Everything else you must
18
+ discover. Treat this as a reflex, not a last resort:
19
+ - Skills (how to do something well): `search_skills("<what you're trying to do>")`
20
+ to find relevant references, then `load_skill_ref(skill_name, filename)` to pull
21
+ a specific file only when a step needs it. Load one at a time, just-in-time.
22
+ - Tools (capabilities): `web_fetch` is always in hand — use it freely to read the
23
+ live web. For everything else, `search_tools("<keyword>")` finds deferred tools,
24
+ `load_tools([...])` activates them, `list_tools(ns)` browses a namespace,
25
+ `unload_tools([...])` frees context. A tool you load stays available for the rest
26
+ of the thread. The shell (`shell:run_shell`) is among them — load it and use it to
27
+ run code, inspect files, and drive other tools; each command is approved by the
28
+ user before it runs, so prefer doing over describing.
29
+ - Knowledge (indexed documents): `search_rag("<query>")` before relying on memory
30
+ for anything the user's own corpus might cover.
31
+ - Memory (durable facts about this user): `save_memory(content)` whenever you learn
32
+ a stable preference, constraint, or fact worth keeping across sessions.
33
+ If you ever think "I can't do X," first run a search for X. Most of the time the
34
+ capability is one discovery call away.
35
+
36
+ ## Subagents — delegate to stay focused
37
+ For any self-contained chunk of work — research a topic, read and summarize a large
38
+ document, explore a branch of the problem, or just take a hard subtask off your
39
+ plate — delegate it to a subagent instead of doing it inline. `spawn_subagent` and
40
+ `dispatch_subagents` are already in your core surface, so reach for them directly:
41
+ - `spawn_subagent(agent_id, task)` for one isolated subtask; you get back one
42
+ concise result and keep your own context clean.
43
+ - `dispatch_subagents(tasks)` to fan several independent subtasks out at once.
44
+ - `get_subagent_transcript(run_id)` (discover via `search_tools`) to pull a child's
45
+ full transcript when you need the detail behind its summary.
46
+ Your children: `solver` (a capable generalist — give it any self-contained problem
47
+ and it drives to a verified result), `scout` (source-grounded research, can fetch
48
+ the web), and `reflector` (structured reflection). A child inherits a tool only if
49
+ you currently hold it — so if you want `solver` to use the shell, load `shell`
50
+ first, then spawn it. Give each child a crisp, self-contained brief: the goal, the
51
+ inputs, and exactly what to return. Delegate the work, not the thinking — you stay
52
+ the owner of the goal.
53
+
54
+ ## Plan and track — make the goal visible
55
+ For anything beyond a single trivial step, externalize the plan so neither of us
56
+ loses the thread:
57
+ - `write_todos([...])` to lay out the steps the moment the work has more than one part.
58
+ - `update_todo(...)` to mark progress as you go — one item in progress at a time,
59
+ closed out the instant it's actually done.
60
+ Keep the list honest: it should always reflect the real state, not an aspiration.
61
+
62
+ ## Reflect — this is non-negotiable
63
+ You improve your own work in a loop. After each meaningful step, pause and check:
64
+ - Did that step actually move toward the goal, or just feel productive?
65
+ - Is the result correct? Verify it — run it, re-read it, cross-check a source —
66
+ rather than assuming. Evidence before claims, always.
67
+ - What did I learn that should change the plan? Update the todos accordingly.
68
+ - Am I missing a skill, tool, or subagent that would do this better? Go get it.
69
+ - Am I stuck repeating myself or looping? If so, change approach, don't retry harder.
70
+ When you believe you're done, do one final reflection pass against the original
71
+ goal — every part addressed, every claim verified — before you say so.
72
+
73
+ ## Persistence and honesty
74
+ - Keep going until the goal is met. Don't end a turn with the work unfinished and
75
+ no next action; either take the next step or clearly state what's blocking you.
76
+ - When you are genuinely blocked — missing a permission, credential, decision, or
77
+ information only the user has — say so plainly and, if it warrants a human,
78
+ `request_handoff`. Don't fabricate, don't guess past a real gap.
79
+ - Be straight about uncertainty. Distinguish what you verified from what you assume.
80
+ If a result is partial, say which part is solid and which is open.
81
+ - Lead with the answer or the outcome, then the supporting detail. No filler, no
82
+ narrating tool calls for their own sake — just the substance and the result.
83
+ soul_prompt: |
84
+ This assistant is a general-purpose autonomous agent. It pursues the user's goal
85
+ end to end, discovering and using whatever skills, tools, and subagents the task
86
+ needs, verifying its own work, and being honest about uncertainty and limits.
87
+ fallback_messages:
88
+ - "I hit a snag on that step. Let me restate where things stand and what I'll try next."
89
+ - "Something went wrong on my end — give me the goal again and I'll pick the thread back up."
@@ -0,0 +1,8 @@
1
+ enabled: true # master flag — false bypasses attachment parsing entirely
2
+ max_image_bytes: 4000000 # raw-byte cap BEFORE base64 (~5.3MB data-uri); mirrors _cap_tool_text intent
3
+ allowed_image_types: [".png", ".jpg", ".jpeg", ".gif", ".webp"]
4
+ vision_unsupported_notice: >-
5
+ [note: this model can't read images; your attachment was ignored and only your
6
+ text was processed.]
7
+ oversize_notice: "[image '{name}' skipped: {size} bytes exceeds cap of {cap} bytes]"
8
+ unreadable_notice: "[image '{name}' skipped: {reason}]"
@@ -0,0 +1,24 @@
1
+ enabled: true # master flag — false fully bypasses compaction
2
+
3
+ # Percentage-of-window triggering
4
+ trigger_pct: 0.75 # compact when request exceeds 75% of usable input budget
5
+ target_pct: 0.50 # compact down toward 50% (hysteresis band)
6
+ reserved_output_tokens: null # null → auto from model max_completion_tokens; int overrides (clamped to model cap)
7
+ auto_output_ceiling: 8192 # ceiling applied when auto-deriving the output budget
8
+ schema_headroom_pct: 0.05 # cushion for system prompt + bound tool schemas
9
+
10
+ # Window resolution
11
+ model_context_window: null # null → resolve from OpenRouter /models; int → override
12
+ default_context_window: 32000 # fallback when resolution fails
13
+ absolute_trigger_cap: null # optional cost cap: effective trigger = min(pct-budget, cap)
14
+
15
+ # Retention / strategy
16
+ keep_recent_min: 6
17
+ max_tool_message_tokens: 4000 # fixed cap on a single ToolMessage at ingestion
18
+ max_tool_message_pct: 0.15 # also cap it at 15% of usable input budget (per-model); effective cap = min of the two
19
+ strategy: hybrid # hybrid | trim
20
+
21
+ # Summarizer
22
+ summary_model: null # null → reuse the agent's meta.yaml model
23
+ summary_max_tokens: 512
24
+ extract_facts: false # Phase 4
@@ -0,0 +1,30 @@
1
+ # Default-agent filesystem-tools policy (read_file / grep / glob_files).
2
+ # Core tools under namespace "fs" — always bound (see tool_policy.yaml core_tools).
3
+ # Pure stdlib, cross-platform (Windows + POSIX), no shell-out. Set
4
+ # `enabled: false` to disable — the tools are then never registered (invisible to
5
+ # discovery and the permission view). A missing file falls back to these defaults.
6
+ enabled: true
7
+
8
+ # Confine every resolved path under the project root; refuse `..` escapes.
9
+ # Keep ON unless the agent must read outside the repo.
10
+ confine: true
11
+
12
+ # read_file caps.
13
+ max_read_bytes: 256000 # hard byte ceiling per read
14
+ max_read_lines: 2000 # default line window when `limit` is omitted
15
+
16
+ # Result caps (a truncation marker is appended when hit).
17
+ max_grep_matches: 200
18
+ max_glob_results: 200
19
+
20
+ # Directories pruned by grep / never descended into.
21
+ ignore_dirs:
22
+ - ".git"
23
+ - "node_modules"
24
+ - "__pycache__"
25
+ - ".venv"
26
+ - "venv"
27
+ - ".mypy_cache"
28
+ - ".pytest_cache"
29
+ - "dist"
30
+ - "build"
@@ -0,0 +1,145 @@
1
+ version: "1"
2
+ enable_input_guard: true
3
+ enable_output_guard: true
4
+
5
+ # ──────────────────────────────────────────────────────────────────────────────
6
+ # Defense-in-depth guardrails for the Four-Blocks coaching agent.
7
+ #
8
+ # Input (before the LLM): prompt-injection (regex + ML) + harmful content.
9
+ # Output (before the user): harmful content + PII leakage.
10
+ #
11
+ # IMPORTANT — this is a mental-health coaching app. It legitimately discusses
12
+ # depression, guilt, anxiety and worthlessness. The Llama-Guard rules therefore
13
+ # scope which categories block: self-harm (S11) and specialized-advice (S6) are
14
+ # NOT blocked — those distress disclosures must reach the skill's crisis/wellbeing
15
+ # flow, not get a cold refusal. Only genuinely malicious categories block.
16
+ # ──────────────────────────────────────────────────────────────────────────────
17
+
18
+ default_refusal_templates:
19
+ - "I'm unable to process that request right now."
20
+ - "That request can't be handled. Please try again."
21
+ - "Something went wrong evaluating your request. Please rephrase."
22
+
23
+ backends:
24
+ regex_injection:
25
+ type: regex_injection
26
+ detect_typoglycemia: true
27
+ detect_base64: true
28
+ detect_hex: true
29
+ detect_char_spacing: true
30
+ min_encoded_len: 12
31
+
32
+ deberta:
33
+ type: local_classifier
34
+ model_name: protectai/deberta-v3-base-prompt-injection
35
+ device: cpu
36
+ batch_size: 8
37
+ injection_label: INJECTION
38
+ threshold: 0.5
39
+ fail_open: true
40
+
41
+ presidio:
42
+ type: presidio
43
+ languages:
44
+ - en
45
+ score_threshold: 0.5
46
+ entities:
47
+ - CREDIT_CARD
48
+ - CRYPTO
49
+ - EMAIL_ADDRESS
50
+ - IBAN_CODE
51
+ - IP_ADDRESS
52
+ - PHONE_NUMBER
53
+ - US_BANK_NUMBER
54
+ - US_DRIVER_LICENSE
55
+ - US_ITIN
56
+ - US_PASSPORT
57
+ - US_SSN
58
+ fail_open: false
59
+
60
+ llama_guard:
61
+ type: llama_guard
62
+ model_path: ./models/Llama-Guard-3-1B.Q4_K_M.gguf
63
+ n_ctx: 2048
64
+ n_threads: 4
65
+ max_tokens: 32
66
+ block_categories:
67
+ - S1 # Violent Crimes
68
+ - S2 # Non-Violent Crimes
69
+ - S3 # Sex Crimes
70
+ - S4 # Child Exploitation
71
+ - S9 # Indiscriminate Weapons
72
+ - S10 # Hate
73
+ - S14 # Code Interpreter Abuse / malware
74
+ fail_open: false
75
+
76
+ input_rules:
77
+ - name: prompt_injection_regex
78
+ backend: regex_injection
79
+ enabled: true
80
+ severity: block
81
+ description: >
82
+ Deterministic detection of instruction-override, prompt-extraction,
83
+ role/tag spoofing, control-token injection, DAN jailbreaks, and encoded
84
+ or scrambled evasions of the same.
85
+ refusal_message: >
86
+ That request looks like an attempt to change how I work, so I can't act on it.
87
+ I can only follow my own guidelines — but if there's something on your mind, I'm here for that.
88
+ refusal_templates:
89
+ - "That looks like an attempt to change my instructions, so I can't act on it. If there's something you'd like to talk through, I'm here."
90
+ - "I can only follow my own guidelines, so I can't take that on. What's actually on your mind today?"
91
+
92
+ - name: prompt_injection_ml
93
+ backend: deberta
94
+ enabled: true
95
+ severity: block
96
+ description: >
97
+ ML classifier catching paraphrased or novel injection attempts that the
98
+ regex layer may miss.
99
+ refusal_message: >
100
+ That request looks like an attempt to change how I work, so I can't act on it.
101
+ I can only follow my own guidelines — but if there's something on your mind, I'm here for that.
102
+ refusal_templates:
103
+ - "That looks like an attempt to change my instructions, so I can't act on it. If there's something you'd like to talk through, I'm here."
104
+ - "I can only follow my own guidelines, so I can't take that on. What's actually on your mind today?"
105
+
106
+ - name: harmful_content
107
+ backend: llama_guard
108
+ enabled: false
109
+ severity: block
110
+ description: >
111
+ Block requests for instructions enabling violent/non-violent crime, sexual
112
+ crimes, child exploitation, weapons, hate, or malware. (Self-harm and
113
+ mental-health distress are intentionally NOT blocked here.)
114
+ refusal_message: >
115
+ I can't help with that. If something painful is going on for you, though, I'm glad to talk it through.
116
+ refusal_templates:
117
+ - "I can't help with that. If something painful is behind it, though, I'm here to talk."
118
+ - "That's not something I can help with. But if there's something you're struggling with, I'd like to hear it."
119
+
120
+ output_rules:
121
+ - name: harmful_content_in_response
122
+ backend: llama_guard
123
+ enabled: false
124
+ severity: block
125
+ description: >
126
+ Block a response that contains harmful instructions (crime, weapons, hate,
127
+ malware, exploitation) even if the input looked benign.
128
+ refusal_message: >
129
+ I wasn't able to put together a response I'm comfortable sharing. Could you rephrase what you're after?
130
+ refusal_templates:
131
+ - "I wasn't able to give a response I'm comfortable sharing. Could you say more about what you need?"
132
+ - "That one didn't come out in a way I can share. Let's try it from a different angle."
133
+
134
+ - name: pii_leakage
135
+ backend: presidio
136
+ enabled: false
137
+ severity: block
138
+ description: >
139
+ Block a response that exposes personal identifiers — emails, phone numbers,
140
+ government IDs, or financial account numbers — that shouldn't be surfaced.
141
+ refusal_message: >
142
+ My response included some sensitive details I shouldn't share, so I've held it back. Could you ask again?
143
+ refusal_templates:
144
+ - "That response had sensitive details I shouldn't share, so I held it back. Could you ask again?"
145
+ - "I caught some private information in that reply and stopped it. Let's try again."
@@ -0,0 +1,12 @@
1
+ # F07 Human Handoff policy.
2
+ enabled: true # master flag — false → request_handoff unregistered
3
+ operator_prompt: |
4
+ [HUMAN HANDOFF] The agent escalated this conversation.
5
+ Reason: {reason}
6
+ Type your reply to the user (blank = use fallback):
7
+ timeout_seconds: null # null → wait indefinitely (Dev CLI). Prod worker should bound it.
8
+ on_timeout: fallback # fallback | refuse | keep_waiting
9
+ fallback_message: >
10
+ A team member will follow up with you shortly. In the meantime,
11
+ is there anything else I can help with?
12
+ inject_as: assistant # assistant | tool
@@ -0,0 +1,36 @@
1
+ # Hooks for the `default` (Generalist) agent.
2
+ #
3
+ # F10 shell audit: now that shell is enabled, every intent + outcome is logged
4
+ # to data/audit/shell-audit.jsonl (dev) / the tool_audit table (prod). The model
5
+ # calls the tool unqualified ("run_shell"), so the matcher globs the suffix to
6
+ # also catch "shell:run_shell" / "shell_run_shell".
7
+ version: "1"
8
+ enabled: true
9
+ hooks:
10
+ - name: shell-audit-intent
11
+ event: pre_tool
12
+ matcher: "*run_shell"
13
+ python: app.tools.shell_audit:log_intent
14
+ on_error: allow
15
+ - name: shell-audit-outcome
16
+ event: post_tool
17
+ matcher: "*run_shell"
18
+ python: app.tools.shell_audit:log_outcome
19
+ on_error: allow
20
+ # F27 loop guard: break a runaway streak of failing run_shell retries (deny +
21
+ # steer toward write_file). A genuinely different command is still allowed.
22
+ - name: shell-loop-guard
23
+ event: pre_tool
24
+ matcher: "*run_shell"
25
+ python: app.hooks.guards:shell_loop_guard
26
+ on_error: allow
27
+ # Verification loop guard (langfuse session test-104): deny + steer once the
28
+ # SAME failure signature (pytest/go test/jest/mypy/tsc/rustc/panic/traceback)
29
+ # recurs 2+ runs in a row, even across edits that made the shell commands
30
+ # look different (shell-loop-guard misses that case — it only compares
31
+ # command text, not the underlying failure).
32
+ - name: verification-loop-guard
33
+ event: pre_tool
34
+ matcher: "*run_shell"
35
+ python: app.hooks.guards:verification_loop_guard
36
+ on_error: allow