ziro 0.1.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- app/__init__.py +10 -0
- app/_hf_bootstrap.py +78 -0
- app/agents/.subagents/reflector.agent.md +26 -0
- app/agents/.subagents/scout.agent.md +30 -0
- app/agents/.subagents/solver.agent.md +37 -0
- app/agents/default/agent_config.yaml +89 -0
- app/agents/default/attachment_policy.yaml +8 -0
- app/agents/default/compaction_policy.yaml +24 -0
- app/agents/default/fs_policy.yaml +30 -0
- app/agents/default/guardrails_policy.yaml +145 -0
- app/agents/default/handoff_policy.yaml +12 -0
- app/agents/default/hooks.yaml +36 -0
- app/agents/default/mcp_servers.yaml +149 -0
- app/agents/default/memory_policy.yaml +17 -0
- app/agents/default/meta.yaml +17 -0
- app/agents/default/permissions.yaml +27 -0
- app/agents/default/shell_policy.yaml +29 -0
- app/agents/default/subagent_policy.yaml +15 -0
- app/agents/default/tool_policy.yaml +28 -0
- app/agents/default/voice_policy.yaml +29 -0
- app/agents/default/webfetch_policy.yaml +14 -0
- app/agents/life_coach/agent_config.yaml +49 -0
- app/agents/life_coach/attachment_policy.yaml +8 -0
- app/agents/life_coach/compaction_policy.yaml +24 -0
- app/agents/life_coach/guardrails_policy.yaml +145 -0
- app/agents/life_coach/handoff_policy.yaml +12 -0
- app/agents/life_coach/mcp_servers.yaml +63 -0
- app/agents/life_coach/memory_policy.yaml +17 -0
- app/agents/life_coach/meta.yaml +17 -0
- app/agents/life_coach/permissions.yaml +24 -0
- app/agents/life_coach/shell_policy.yaml +28 -0
- app/agents/life_coach/subagent_policy.yaml +15 -0
- app/agents/life_coach/tool_policy.yaml +15 -0
- app/agents/life_coach/voice_policy.yaml +29 -0
- app/agents/life_coach/webfetch_policy.yaml +14 -0
- app/agents/registry.yaml +10 -0
- app/agents/researcher/agent_config.yaml +59 -0
- app/agents/researcher/attachment_policy.yaml +8 -0
- app/agents/researcher/compaction_policy.yaml +25 -0
- app/agents/researcher/guardrails_policy.yaml +39 -0
- app/agents/researcher/handoff_policy.yaml +12 -0
- app/agents/researcher/hooks.yaml +63 -0
- app/agents/researcher/mcp_servers.yaml +64 -0
- app/agents/researcher/memory_policy.yaml +17 -0
- app/agents/researcher/meta.yaml +16 -0
- app/agents/researcher/permissions.yaml +22 -0
- app/agents/researcher/queue_policy.yaml +13 -0
- app/agents/researcher/shell_policy.yaml +29 -0
- app/agents/researcher/subagent_policy.yaml +20 -0
- app/agents/researcher/tool_policy.yaml +19 -0
- app/agents/researcher/voice_policy.yaml +29 -0
- app/agents/researcher/webfetch_policy.yaml +15 -0
- app/agents/researcher_docker/agent_config.yaml +56 -0
- app/agents/researcher_docker/attachment_policy.yaml +8 -0
- app/agents/researcher_docker/compaction_policy.yaml +25 -0
- app/agents/researcher_docker/guardrails_policy.yaml +39 -0
- app/agents/researcher_docker/handoff_policy.yaml +12 -0
- app/agents/researcher_docker/hooks.yaml +63 -0
- app/agents/researcher_docker/mcp_servers.yaml +26 -0
- app/agents/researcher_docker/memory_policy.yaml +17 -0
- app/agents/researcher_docker/meta.yaml +16 -0
- app/agents/researcher_docker/permissions.yaml +22 -0
- app/agents/researcher_docker/shell_policy.yaml +27 -0
- app/agents/researcher_docker/subagent_policy.yaml +20 -0
- app/agents/researcher_docker/tool_policy.yaml +19 -0
- app/agents/researcher_docker/webfetch_policy.yaml +15 -0
- app/capabilities/__init__.py +38 -0
- app/capabilities/audit.py +71 -0
- app/capabilities/builtins.py +143 -0
- app/capabilities/context.py +28 -0
- app/capabilities/manager.py +354 -0
- app/capabilities/models.py +160 -0
- app/capabilities/registry.py +57 -0
- app/clarify/__init__.py +0 -0
- app/clarify/models.py +30 -0
- app/clarify/tools.py +70 -0
- app/cli/__init__.py +0 -0
- app/cli/chat_once.py +195 -0
- app/cli/guard_check.py +143 -0
- app/cli/init.py +137 -0
- app/cli/launch_sync.py +122 -0
- app/cli/manage_agents.py +419 -0
- app/cli/run_scenarios.py +175 -0
- app/cli/runner.py +582 -0
- app/cli/show_graph.py +75 -0
- app/cli/startup.py +92 -0
- app/commands/__init__.py +7 -0
- app/commands/builtins.py +496 -0
- app/commands/registry.py +89 -0
- app/commands/session.py +304 -0
- app/compaction/__init__.py +40 -0
- app/compaction/models.py +87 -0
- app/compaction/node.py +176 -0
- app/compaction/summarizer.py +76 -0
- app/compaction/tokenizer.py +87 -0
- app/compaction/window.py +171 -0
- app/core/__init__.py +0 -0
- app/core/agent_md.py +80 -0
- app/core/agent_profiles.py +589 -0
- app/core/config.py +574 -0
- app/core/embeddings.py +142 -0
- app/core/flavour_apply.py +83 -0
- app/core/flavours.py +55 -0
- app/core/paths.py +159 -0
- app/core/retry.py +93 -0
- app/core/skills_catalog.py +85 -0
- app/core/trust.py +127 -0
- app/core/ui_prefs.py +37 -0
- app/fs/__init__.py +0 -0
- app/fs/models.py +35 -0
- app/fs/tools.py +264 -0
- app/graph/__init__.py +0 -0
- app/graph/graph.py +377 -0
- app/graph/interrupts.py +213 -0
- app/graph/nodes.py +618 -0
- app/graph/state.py +147 -0
- app/guardrails/__init__.py +32 -0
- app/guardrails/backends.py +613 -0
- app/guardrails/evaluator.py +75 -0
- app/guardrails/models.py +125 -0
- app/guardrails/nodes.py +71 -0
- app/guardrails/policy_loader.py +20 -0
- app/handoff/__init__.py +7 -0
- app/handoff/models.py +27 -0
- app/handoff/tools.py +54 -0
- app/hooks/__init__.py +30 -0
- app/hooks/callables.py +78 -0
- app/hooks/guards.py +258 -0
- app/hooks/models.py +105 -0
- app/hooks/registry.py +76 -0
- app/hooks/runner.py +31 -0
- app/io/__init__.py +1 -0
- app/io/attachments.py +154 -0
- app/llm/__init__.py +4 -0
- app/llm/adapter.py +86 -0
- app/llm/factory.py +48 -0
- app/llm/openrouter_adapter.py +132 -0
- app/llm/openrouter_catalog.py +266 -0
- app/main.py +700 -0
- app/memory/__init__.py +0 -0
- app/memory/checkpointer.py +22 -0
- app/memory/models.py +104 -0
- app/memory/node.py +63 -0
- app/memory/reflection.py +88 -0
- app/memory/store.py +214 -0
- app/permissions/__init__.py +43 -0
- app/permissions/gate.py +49 -0
- app/permissions/hook.py +57 -0
- app/permissions/models.py +68 -0
- app/permissions/policy.py +74 -0
- app/permissions/store.py +37 -0
- app/queue/__init__.py +9 -0
- app/queue/inflight.py +46 -0
- app/queue/models.py +71 -0
- app/queue/worker.py +241 -0
- app/rag/__init__.py +0 -0
- app/rag/indexer.py +108 -0
- app/rag/retriever.py +222 -0
- app/subagents/__init__.py +12 -0
- app/subagents/models.py +69 -0
- app/subagents/orchestrator.py +336 -0
- app/subagents/tool.py +116 -0
- app/tasks/__init__.py +25 -0
- app/tasks/models.py +21 -0
- app/tasks/reducer.py +58 -0
- app/tasks/render.py +36 -0
- app/tasks/tools.py +126 -0
- app/tools/__init__.py +0 -0
- app/tools/bootstrap.py +190 -0
- app/tools/indexer.py +36 -0
- app/tools/mcp_client.py +252 -0
- app/tools/mcp_manager.py +403 -0
- app/tools/mcp_models.py +73 -0
- app/tools/meta_tools.py +177 -0
- app/tools/oauth.py +345 -0
- app/tools/registry.py +277 -0
- app/tools/shell.py +456 -0
- app/tools/shell_audit.py +151 -0
- app/tools/shell_models.py +138 -0
- app/tui/__init__.py +49 -0
- app/tui/app.py +1143 -0
- app/tui/demo.py +105 -0
- app/tui/mcp_panel.py +311 -0
- app/tui/messages.py +54 -0
- app/tui/modals.py +307 -0
- app/tui/skills_panel.py +67 -0
- app/tui/store.py +40 -0
- app/tui/styles.tcss +290 -0
- app/tui/theme.py +171 -0
- app/tui/themes/README.md +39 -0
- app/tui/themes/carbon.yaml +10 -0
- app/tui/themes/gruvbox.yaml +10 -0
- app/tui/themes/nord.yaml +10 -0
- app/tui/widgets.py +722 -0
- app/voice/__init__.py +7 -0
- app/voice/backends.py +170 -0
- app/voice/models.py +65 -0
- app/voice/pipeline.py +180 -0
- app/webfetch/__init__.py +6 -0
- app/webfetch/models.py +22 -0
- app/webfetch/tool.py +173 -0
- flavours/coder.yaml +13 -0
- flavours/guarded.yaml +11 -0
- flavours/minimal.yaml +8 -0
- flavours/research.yaml +10 -0
- flavours/voice-assistant.yaml +10 -0
- skills/__init__.py +0 -0
- skills/brand-guidelines/SKILL.md +72 -0
- skills/deep-research/SKILL.md +168 -0
- skills/deep-research/references/decomposition.md +66 -0
- skills/deep-research/references/synthesis.md +73 -0
- skills/deep-research/references/tool-routing.md +74 -0
- skills/deep-research/references/verification.md +56 -0
- skills/doc-coauthoring/SKILL.md +375 -0
- skills/docx/SKILL.md +589 -0
- skills/docx/scripts/__init__.py +1 -0
- skills/docx/scripts/accept_changes.py +135 -0
- skills/docx/scripts/comment.py +318 -0
- skills/docx/scripts/office/helpers/__init__.py +0 -0
- skills/docx/scripts/office/helpers/merge_runs.py +199 -0
- skills/docx/scripts/office/helpers/simplify_redlines.py +197 -0
- skills/docx/scripts/office/pack.py +159 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-chart.xsd +1499 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-chartDrawing.xsd +146 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-diagram.xsd +1085 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-lockedCanvas.xsd +11 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-main.xsd +3081 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-picture.xsd +23 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-spreadsheetDrawing.xsd +185 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-wordprocessingDrawing.xsd +287 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/pml.xsd +1676 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-additionalCharacteristics.xsd +28 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-bibliography.xsd +144 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-commonSimpleTypes.xsd +174 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-customXmlDataProperties.xsd +25 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-customXmlSchemaProperties.xsd +18 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesCustom.xsd +59 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesExtended.xsd +56 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesVariantTypes.xsd +195 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-math.xsd +582 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-relationshipReference.xsd +25 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/sml.xsd +4439 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-main.xsd +570 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-officeDrawing.xsd +509 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-presentationDrawing.xsd +12 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-spreadsheetDrawing.xsd +108 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-wordprocessingDrawing.xsd +96 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/wml.xsd +3646 -0
- skills/docx/scripts/office/schemas/ISO-IEC29500-4_2016/xml.xsd +116 -0
- skills/docx/scripts/office/schemas/ecma/fouth-edition/opc-contentTypes.xsd +42 -0
- skills/docx/scripts/office/schemas/ecma/fouth-edition/opc-coreProperties.xsd +50 -0
- skills/docx/scripts/office/schemas/ecma/fouth-edition/opc-digSig.xsd +49 -0
- skills/docx/scripts/office/schemas/ecma/fouth-edition/opc-relationships.xsd +33 -0
- skills/docx/scripts/office/schemas/mce/mc.xsd +75 -0
- skills/docx/scripts/office/schemas/microsoft/wml-2010.xsd +560 -0
- skills/docx/scripts/office/schemas/microsoft/wml-2012.xsd +67 -0
- skills/docx/scripts/office/schemas/microsoft/wml-2018.xsd +14 -0
- skills/docx/scripts/office/schemas/microsoft/wml-cex-2018.xsd +20 -0
- skills/docx/scripts/office/schemas/microsoft/wml-cid-2016.xsd +13 -0
- skills/docx/scripts/office/schemas/microsoft/wml-sdtdatahash-2020.xsd +4 -0
- skills/docx/scripts/office/schemas/microsoft/wml-symex-2015.xsd +8 -0
- skills/docx/scripts/office/soffice.py +183 -0
- skills/docx/scripts/office/unpack.py +132 -0
- skills/docx/scripts/office/validate.py +111 -0
- skills/docx/scripts/office/validators/__init__.py +15 -0
- skills/docx/scripts/office/validators/base.py +847 -0
- skills/docx/scripts/office/validators/docx.py +446 -0
- skills/docx/scripts/office/validators/pptx.py +275 -0
- skills/docx/scripts/office/validators/redlining.py +247 -0
- skills/docx/scripts/templates/comments.xml +3 -0
- skills/docx/scripts/templates/commentsExtended.xml +3 -0
- skills/docx/scripts/templates/commentsExtensible.xml +3 -0
- skills/docx/scripts/templates/commentsIds.xml +3 -0
- skills/docx/scripts/templates/people.xml +3 -0
- skills/four-blocks-reflection/SKILL.md +118 -0
- skills/four-blocks-reflection/references/abc-model.md +51 -0
- skills/four-blocks-reflection/references/bridge-layer-patterns.md +156 -0
- skills/four-blocks-reflection/references/crisis-and-liability.md +107 -0
- skills/four-blocks-reflection/references/disputing-process.md +62 -0
- skills/four-blocks-reflection/references/first-responder-scenarios.md +219 -0
- skills/four-blocks-reflection/references/four-block-formulas.md +93 -0
- skills/four-blocks-reflection/references/multi-block-sequencing.md +136 -0
- skills/four-blocks-reflection/references/safety-and-crisis.md +49 -0
- skills/four-blocks-reflection/references/seven-irrational-beliefs.md +80 -0
- skills/four-blocks-reflection/references/three-insights.md +74 -0
- skills/loader.py +84 -0
- skills/pdf/SKILL.md +314 -0
- skills/pdf/forms.md +294 -0
- skills/pdf/reference.md +612 -0
- skills/pdf/scripts/check_bounding_boxes.py +65 -0
- skills/pdf/scripts/check_fillable_fields.py +11 -0
- skills/pdf/scripts/convert_pdf_to_images.py +33 -0
- skills/pdf/scripts/create_validation_image.py +37 -0
- skills/pdf/scripts/extract_form_field_info.py +122 -0
- skills/pdf/scripts/extract_form_structure.py +115 -0
- skills/pdf/scripts/fill_fillable_fields.py +98 -0
- skills/pdf/scripts/fill_pdf_form_with_annotations.py +107 -0
- skills/pdf-report/SKILL.md +67 -0
- skills/pdf-report/scripts/report_template.py +133 -0
- skills/pptx/SKILL.md +231 -0
- skills/pptx/editing.md +205 -0
- skills/pptx/pptxgenjs.md +420 -0
- skills/pptx/scripts/__init__.py +0 -0
- skills/pptx/scripts/add_slide.py +195 -0
- skills/pptx/scripts/clean.py +286 -0
- skills/pptx/scripts/office/helpers/__init__.py +0 -0
- skills/pptx/scripts/office/helpers/merge_runs.py +199 -0
- skills/pptx/scripts/office/helpers/simplify_redlines.py +197 -0
- skills/pptx/scripts/office/pack.py +159 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-chart.xsd +1499 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-chartDrawing.xsd +146 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-diagram.xsd +1085 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-lockedCanvas.xsd +11 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-main.xsd +3081 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-picture.xsd +23 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-spreadsheetDrawing.xsd +185 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-wordprocessingDrawing.xsd +287 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/pml.xsd +1676 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-additionalCharacteristics.xsd +28 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-bibliography.xsd +144 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-commonSimpleTypes.xsd +174 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-customXmlDataProperties.xsd +25 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-customXmlSchemaProperties.xsd +18 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesCustom.xsd +59 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesExtended.xsd +56 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesVariantTypes.xsd +195 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-math.xsd +582 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-relationshipReference.xsd +25 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/sml.xsd +4439 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-main.xsd +570 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-officeDrawing.xsd +509 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-presentationDrawing.xsd +12 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-spreadsheetDrawing.xsd +108 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-wordprocessingDrawing.xsd +96 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/wml.xsd +3646 -0
- skills/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/xml.xsd +116 -0
- skills/pptx/scripts/office/schemas/ecma/fouth-edition/opc-contentTypes.xsd +42 -0
- skills/pptx/scripts/office/schemas/ecma/fouth-edition/opc-coreProperties.xsd +50 -0
- skills/pptx/scripts/office/schemas/ecma/fouth-edition/opc-digSig.xsd +49 -0
- skills/pptx/scripts/office/schemas/ecma/fouth-edition/opc-relationships.xsd +33 -0
- skills/pptx/scripts/office/schemas/mce/mc.xsd +75 -0
- skills/pptx/scripts/office/schemas/microsoft/wml-2010.xsd +560 -0
- skills/pptx/scripts/office/schemas/microsoft/wml-2012.xsd +67 -0
- skills/pptx/scripts/office/schemas/microsoft/wml-2018.xsd +14 -0
- skills/pptx/scripts/office/schemas/microsoft/wml-cex-2018.xsd +20 -0
- skills/pptx/scripts/office/schemas/microsoft/wml-cid-2016.xsd +13 -0
- skills/pptx/scripts/office/schemas/microsoft/wml-sdtdatahash-2020.xsd +4 -0
- skills/pptx/scripts/office/schemas/microsoft/wml-symex-2015.xsd +8 -0
- skills/pptx/scripts/office/soffice.py +183 -0
- skills/pptx/scripts/office/unpack.py +132 -0
- skills/pptx/scripts/office/validate.py +111 -0
- skills/pptx/scripts/office/validators/__init__.py +15 -0
- skills/pptx/scripts/office/validators/base.py +847 -0
- skills/pptx/scripts/office/validators/docx.py +446 -0
- skills/pptx/scripts/office/validators/pptx.py +275 -0
- skills/pptx/scripts/office/validators/redlining.py +247 -0
- skills/pptx/scripts/thumbnail.py +289 -0
- skills/xlsx/SKILL.md +291 -0
- skills/xlsx/scripts/office/helpers/__init__.py +0 -0
- skills/xlsx/scripts/office/helpers/merge_runs.py +199 -0
- skills/xlsx/scripts/office/helpers/simplify_redlines.py +197 -0
- skills/xlsx/scripts/office/pack.py +159 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-chart.xsd +1499 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-chartDrawing.xsd +146 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-diagram.xsd +1085 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-lockedCanvas.xsd +11 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-main.xsd +3081 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-picture.xsd +23 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-spreadsheetDrawing.xsd +185 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-wordprocessingDrawing.xsd +287 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/pml.xsd +1676 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-additionalCharacteristics.xsd +28 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-bibliography.xsd +144 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-commonSimpleTypes.xsd +174 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-customXmlDataProperties.xsd +25 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-customXmlSchemaProperties.xsd +18 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesCustom.xsd +59 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesExtended.xsd +56 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesVariantTypes.xsd +195 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-math.xsd +582 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-relationshipReference.xsd +25 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/sml.xsd +4439 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-main.xsd +570 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-officeDrawing.xsd +509 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-presentationDrawing.xsd +12 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-spreadsheetDrawing.xsd +108 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-wordprocessingDrawing.xsd +96 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/wml.xsd +3646 -0
- skills/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/xml.xsd +116 -0
- skills/xlsx/scripts/office/schemas/ecma/fouth-edition/opc-contentTypes.xsd +42 -0
- skills/xlsx/scripts/office/schemas/ecma/fouth-edition/opc-coreProperties.xsd +50 -0
- skills/xlsx/scripts/office/schemas/ecma/fouth-edition/opc-digSig.xsd +49 -0
- skills/xlsx/scripts/office/schemas/ecma/fouth-edition/opc-relationships.xsd +33 -0
- skills/xlsx/scripts/office/schemas/mce/mc.xsd +75 -0
- skills/xlsx/scripts/office/schemas/microsoft/wml-2010.xsd +560 -0
- skills/xlsx/scripts/office/schemas/microsoft/wml-2012.xsd +67 -0
- skills/xlsx/scripts/office/schemas/microsoft/wml-2018.xsd +14 -0
- skills/xlsx/scripts/office/schemas/microsoft/wml-cex-2018.xsd +20 -0
- skills/xlsx/scripts/office/schemas/microsoft/wml-cid-2016.xsd +13 -0
- skills/xlsx/scripts/office/schemas/microsoft/wml-sdtdatahash-2020.xsd +4 -0
- skills/xlsx/scripts/office/schemas/microsoft/wml-symex-2015.xsd +8 -0
- skills/xlsx/scripts/office/soffice.py +183 -0
- skills/xlsx/scripts/office/unpack.py +132 -0
- skills/xlsx/scripts/office/validate.py +111 -0
- skills/xlsx/scripts/office/validators/__init__.py +15 -0
- skills/xlsx/scripts/office/validators/base.py +847 -0
- skills/xlsx/scripts/office/validators/docx.py +446 -0
- skills/xlsx/scripts/office/validators/pptx.py +275 -0
- skills/xlsx/scripts/office/validators/redlining.py +247 -0
- skills/xlsx/scripts/recalc.py +184 -0
- ziro/__init__.py +52 -0
- ziro/_version.py +24 -0
- ziro/agent.py +278 -0
- ziro/capabilities.py +41 -0
- ziro/py.typed +0 -0
- ziro/types.py +27 -0
- ziro-0.1.1.dist-info/METADATA +502 -0
- ziro-0.1.1.dist-info/RECORD +420 -0
- ziro-0.1.1.dist-info/WHEEL +4 -0
- ziro-0.1.1.dist-info/entry_points.txt +4 -0
app/__init__.py
ADDED
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
"""Ziro package.
|
|
2
|
+
|
|
3
|
+
F24: configure HuggingFace offline mode **first** — before any submodule import can
|
|
4
|
+
pull in ``transformers``/``huggingface_hub`` (whose offline flag is frozen at import).
|
|
5
|
+
See :mod:`app._hf_bootstrap`.
|
|
6
|
+
"""
|
|
7
|
+
|
|
8
|
+
from app._hf_bootstrap import configure_hf_offline
|
|
9
|
+
|
|
10
|
+
configure_hf_offline()
|
app/_hf_bootstrap.py
ADDED
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
"""F24 — HuggingFace offline bootstrap (runs before any transformers/hub import).
|
|
2
|
+
|
|
3
|
+
``huggingface_hub`` reads ``HF_HUB_OFFLINE`` into a module constant **once, at
|
|
4
|
+
import time**, and it is imported very early (via
|
|
5
|
+
``langchain_core.language_models.base`` → ``transformers``). Setting the env var any
|
|
6
|
+
later has no effect (verified during implementation). The only chokepoint that runs
|
|
7
|
+
before that import is ``app/__init__.py``, which calls :func:`configure_hf_offline`
|
|
8
|
+
here.
|
|
9
|
+
|
|
10
|
+
Going offline removes ~9 s of HuggingFace Hub revision/etag checks per launch (a
|
|
11
|
+
cached-model construct drops from ~9.2 s to ~0.3 s) **and** pins the embedding space
|
|
12
|
+
to the cached revision the FAISS index was built against. To stay correct on a fresh
|
|
13
|
+
machine, we only go offline when the model is **already cached** (a pure filesystem
|
|
14
|
+
check, no import) — otherwise the one-time download still runs. This module imports
|
|
15
|
+
nothing but :mod:`os` so it can run before the heavy import web.
|
|
16
|
+
"""
|
|
17
|
+
|
|
18
|
+
from __future__ import annotations
|
|
19
|
+
|
|
20
|
+
import os
|
|
21
|
+
|
|
22
|
+
_EMB_MODEL = "sentence-transformers/all-MiniLM-L6-v2"
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
def _hub_cache_dir() -> str:
|
|
26
|
+
"""The HuggingFace hub cache directory, honouring the standard env overrides."""
|
|
27
|
+
cache = os.environ.get("HUGGINGFACE_HUB_CACHE")
|
|
28
|
+
if cache:
|
|
29
|
+
return cache
|
|
30
|
+
home = os.environ.get("HF_HOME") or os.path.join(
|
|
31
|
+
os.path.expanduser("~"), ".cache", "huggingface"
|
|
32
|
+
)
|
|
33
|
+
return os.path.join(home, "hub")
|
|
34
|
+
|
|
35
|
+
|
|
36
|
+
def _embeddings_cached(model: str = _EMB_MODEL) -> bool:
|
|
37
|
+
"""True iff a usable snapshot of ``model`` is already in the hub cache.
|
|
38
|
+
|
|
39
|
+
A usable snapshot carries ``config.json``; checking for it (rather than just the
|
|
40
|
+
snapshots dir) guards against a half-populated cache.
|
|
41
|
+
"""
|
|
42
|
+
folder = "models--" + model.replace("/", "--")
|
|
43
|
+
snapshots = os.path.join(_hub_cache_dir(), folder, "snapshots")
|
|
44
|
+
if not os.path.isdir(snapshots):
|
|
45
|
+
return False
|
|
46
|
+
try:
|
|
47
|
+
for snap in os.listdir(snapshots):
|
|
48
|
+
if os.path.exists(os.path.join(snapshots, snap, "config.json")):
|
|
49
|
+
return True
|
|
50
|
+
except OSError:
|
|
51
|
+
return False
|
|
52
|
+
return False
|
|
53
|
+
|
|
54
|
+
|
|
55
|
+
def configure_hf_offline() -> bool:
|
|
56
|
+
"""Set ``HF_HUB_OFFLINE``/``TRANSFORMERS_OFFLINE`` when safe. Returns True iff
|
|
57
|
+
offline is in effect. MUST run before any ``huggingface_hub`` import.
|
|
58
|
+
|
|
59
|
+
Precedence: ``ZIRO_NO_ENV_MUTATION=1`` disables all host-env mutation (for
|
|
60
|
+
embedders — ``import ziro`` must not silently touch the host process env);
|
|
61
|
+
an explicit operator ``HF_HUB_OFFLINE`` is never overridden;
|
|
62
|
+
``ZIRO_EMBEDDINGS_OFFLINE=1`` forces offline regardless of cache; otherwise
|
|
63
|
+
we go offline only when the embeddings model is already cached.
|
|
64
|
+
"""
|
|
65
|
+
if os.environ.get("ZIRO_NO_ENV_MUTATION") == "1":
|
|
66
|
+
# Never write to the host env. Report the current offline state, but leave
|
|
67
|
+
# it to the operator to set HF_HUB_OFFLINE explicitly when embedding Ziro.
|
|
68
|
+
explicit_ro = os.environ.get("HF_HUB_OFFLINE")
|
|
69
|
+
return explicit_ro not in (None, "0", "", "false", "False")
|
|
70
|
+
explicit = os.environ.get("HF_HUB_OFFLINE")
|
|
71
|
+
if explicit is not None: # respect an operator's explicit choice, either way
|
|
72
|
+
return explicit not in ("0", "", "false", "False")
|
|
73
|
+
forced = os.environ.get("ZIRO_EMBEDDINGS_OFFLINE", "") in ("1", "true", "True")
|
|
74
|
+
if forced or _embeddings_cached():
|
|
75
|
+
os.environ["HF_HUB_OFFLINE"] = "1"
|
|
76
|
+
os.environ["TRANSFORMERS_OFFLINE"] = "1"
|
|
77
|
+
return True
|
|
78
|
+
return False
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: Reflector
|
|
3
|
+
description: Reflection coach — structures experiences into actionable insight
|
|
4
|
+
enabled: true
|
|
5
|
+
model: deepseek/deepseek-v4-flash
|
|
6
|
+
# Demonstrates the namespace form: whole `rag` + `memory` namespaces are expanded
|
|
7
|
+
# to all their tools at bind time (vs. scout's explicit qualified `tools:` list).
|
|
8
|
+
namespaces:
|
|
9
|
+
- rag
|
|
10
|
+
- memory
|
|
11
|
+
skills:
|
|
12
|
+
- four-blocks-reflection
|
|
13
|
+
soul: |
|
|
14
|
+
A warm, structured reflection guide. Turns raw experience into clear next steps.
|
|
15
|
+
---
|
|
16
|
+
You are Reflector, a focused reflection subagent.
|
|
17
|
+
|
|
18
|
+
Your job: take the experience or situation in the task and produce a structured
|
|
19
|
+
reflection that ends in concrete, actionable takeaways. You run in isolation —
|
|
20
|
+
work only from what the task gives you.
|
|
21
|
+
|
|
22
|
+
- Consult your scoped skills (search_skills) for the reflection framework before
|
|
23
|
+
structuring your answer.
|
|
24
|
+
- Be concise and concrete; avoid vague encouragement.
|
|
25
|
+
- End your reply with a line beginning `HANDOFF:` containing the distilled
|
|
26
|
+
reflection + next steps the parent should receive.
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: Scout
|
|
3
|
+
description: Focused research scout — gathers and reports grounded findings
|
|
4
|
+
enabled: true
|
|
5
|
+
model: deepseek/deepseek-v4-flash
|
|
6
|
+
tools:
|
|
7
|
+
- rag:search_rag
|
|
8
|
+
- rag:search_skills
|
|
9
|
+
- rag:load_skill_ref
|
|
10
|
+
- memory:save_memory
|
|
11
|
+
- webfetch:web_fetch # inherited from parent core; lets the scout actually fetch sources
|
|
12
|
+
skills:
|
|
13
|
+
- deep-research
|
|
14
|
+
soul: |
|
|
15
|
+
A neutral, source-grounded scout. Values traceable evidence over speculation.
|
|
16
|
+
---
|
|
17
|
+
You are Scout, a focused research subagent.
|
|
18
|
+
|
|
19
|
+
Your job: take the single task handed to you, gather what is needed, and return
|
|
20
|
+
one concise, evidence-grounded answer. You run in isolation — everything you need
|
|
21
|
+
is in the task.
|
|
22
|
+
|
|
23
|
+
- Consult your scoped skills (search_skills) for research methodology before you
|
|
24
|
+
start a non-trivial investigation.
|
|
25
|
+
- Ground claims in real sources: use `web_fetch` to pull primary pages and
|
|
26
|
+
`search_rag` for the local corpus. Prefer a fetched source over recollection.
|
|
27
|
+
- Lead with the answer, then the supporting detail. No filler.
|
|
28
|
+
- When you lack a source, say so plainly rather than guessing.
|
|
29
|
+
- End your reply with a line beginning `HANDOFF:` containing the final answer the
|
|
30
|
+
parent should receive.
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: Solver
|
|
3
|
+
description: Generalist problem-solver subagent — takes a self-contained task and drives it to a verified result using whatever tools it inherits
|
|
4
|
+
enabled: true
|
|
5
|
+
# model omitted → inherits the OPENROUTER_MODEL env default (a capable model),
|
|
6
|
+
# so the solver is genuinely smart, not a fast-but-shallow scratch worker.
|
|
7
|
+
namespaces:
|
|
8
|
+
- rag
|
|
9
|
+
- memory
|
|
10
|
+
- tasks
|
|
11
|
+
tools:
|
|
12
|
+
- webfetch:web_fetch # inherited from parent core
|
|
13
|
+
- shell:run_shell # inherited ONLY if the parent has loaded shell (active); HITL-gated
|
|
14
|
+
# No skills scope → unscoped: the solver may search and load ANY skill it needs.
|
|
15
|
+
soul: |
|
|
16
|
+
A relentless, resourceful problem-solver. Owns the task end to end, verifies its
|
|
17
|
+
own work, and is honest about what it could and could not establish.
|
|
18
|
+
---
|
|
19
|
+
You are Solver, a generalist problem-solving subagent. The parent handed you one
|
|
20
|
+
self-contained task and expects a finished, verified result — not a sketch.
|
|
21
|
+
|
|
22
|
+
How you work:
|
|
23
|
+
- Plan first with `write_todos` when the task has more than one step; keep it honest.
|
|
24
|
+
- Discover before you guess. `search_skills` for how-to, `search_tools` +
|
|
25
|
+
`load_tools` for capabilities, `search_rag` for the local corpus, `web_fetch`
|
|
26
|
+
for primary sources. If you think "I can't do X," search for X first.
|
|
27
|
+
- If shell is available to you (the parent loaded it), use it to actually run,
|
|
28
|
+
test, and inspect — don't reason about code you could just execute.
|
|
29
|
+
- Reflect after each meaningful step: did it move the goal, is the result correct,
|
|
30
|
+
what should change the plan. Verify — run it, re-read it, cross-check — before
|
|
31
|
+
you claim anything. Evidence before assertions.
|
|
32
|
+
- If you hit a real wall (missing permission, credential, or a decision only the
|
|
33
|
+
parent/user can make), say so plainly instead of fabricating.
|
|
34
|
+
|
|
35
|
+
You run in isolation: everything you need is in the task or discoverable. End your
|
|
36
|
+
reply with a line beginning `HANDOFF:` containing the finished result — the answer,
|
|
37
|
+
what you verified, and anything still open — that the parent should receive.
|
|
@@ -0,0 +1,89 @@
|
|
|
1
|
+
# Generalist persona — an autonomous, goal-driven agent that discovers and uses
|
|
2
|
+
# whatever skills, tools, and subagents a task needs, and reflects as it goes.
|
|
3
|
+
# `intro` is the one-line identity that opens the system prompt (overrides the
|
|
4
|
+
# generic BASE_SYSTEM default).
|
|
5
|
+
intro: |
|
|
6
|
+
You are a capable, autonomous generalist agent with persistent memory, a
|
|
7
|
+
knowledge base, and a discoverable surface of skills, tools, and subagents.
|
|
8
|
+
system_prompt: |
|
|
9
|
+
You are a capable, autonomous generalist agent. Given a goal, you work toward it
|
|
10
|
+
relentlessly — planning, gathering what you need, acting, checking your own work,
|
|
11
|
+
and course-correcting — until the goal is genuinely met or you are truly blocked.
|
|
12
|
+
You do not stop at the first plausible answer and you do not hand back half-done
|
|
13
|
+
work. You are resourceful: you assume the capability you need probably already
|
|
14
|
+
exists somewhere on your surface, and you go find it before guessing.
|
|
15
|
+
|
|
16
|
+
## Your surface — discover, then use
|
|
17
|
+
You start each thread knowing only a few core tools. Everything else you must
|
|
18
|
+
discover. Treat this as a reflex, not a last resort:
|
|
19
|
+
- Skills (how to do something well): `search_skills("<what you're trying to do>")`
|
|
20
|
+
to find relevant references, then `load_skill_ref(skill_name, filename)` to pull
|
|
21
|
+
a specific file only when a step needs it. Load one at a time, just-in-time.
|
|
22
|
+
- Tools (capabilities): `web_fetch` is always in hand — use it freely to read the
|
|
23
|
+
live web. For everything else, `search_tools("<keyword>")` finds deferred tools,
|
|
24
|
+
`load_tools([...])` activates them, `list_tools(ns)` browses a namespace,
|
|
25
|
+
`unload_tools([...])` frees context. A tool you load stays available for the rest
|
|
26
|
+
of the thread. The shell (`shell:run_shell`) is among them — load it and use it to
|
|
27
|
+
run code, inspect files, and drive other tools; each command is approved by the
|
|
28
|
+
user before it runs, so prefer doing over describing.
|
|
29
|
+
- Knowledge (indexed documents): `search_rag("<query>")` before relying on memory
|
|
30
|
+
for anything the user's own corpus might cover.
|
|
31
|
+
- Memory (durable facts about this user): `save_memory(content)` whenever you learn
|
|
32
|
+
a stable preference, constraint, or fact worth keeping across sessions.
|
|
33
|
+
If you ever think "I can't do X," first run a search for X. Most of the time the
|
|
34
|
+
capability is one discovery call away.
|
|
35
|
+
|
|
36
|
+
## Subagents — delegate to stay focused
|
|
37
|
+
For any self-contained chunk of work — research a topic, read and summarize a large
|
|
38
|
+
document, explore a branch of the problem, or just take a hard subtask off your
|
|
39
|
+
plate — delegate it to a subagent instead of doing it inline. `spawn_subagent` and
|
|
40
|
+
`dispatch_subagents` are already in your core surface, so reach for them directly:
|
|
41
|
+
- `spawn_subagent(agent_id, task)` for one isolated subtask; you get back one
|
|
42
|
+
concise result and keep your own context clean.
|
|
43
|
+
- `dispatch_subagents(tasks)` to fan several independent subtasks out at once.
|
|
44
|
+
- `get_subagent_transcript(run_id)` (discover via `search_tools`) to pull a child's
|
|
45
|
+
full transcript when you need the detail behind its summary.
|
|
46
|
+
Your children: `solver` (a capable generalist — give it any self-contained problem
|
|
47
|
+
and it drives to a verified result), `scout` (source-grounded research, can fetch
|
|
48
|
+
the web), and `reflector` (structured reflection). A child inherits a tool only if
|
|
49
|
+
you currently hold it — so if you want `solver` to use the shell, load `shell`
|
|
50
|
+
first, then spawn it. Give each child a crisp, self-contained brief: the goal, the
|
|
51
|
+
inputs, and exactly what to return. Delegate the work, not the thinking — you stay
|
|
52
|
+
the owner of the goal.
|
|
53
|
+
|
|
54
|
+
## Plan and track — make the goal visible
|
|
55
|
+
For anything beyond a single trivial step, externalize the plan so neither of us
|
|
56
|
+
loses the thread:
|
|
57
|
+
- `write_todos([...])` to lay out the steps the moment the work has more than one part.
|
|
58
|
+
- `update_todo(...)` to mark progress as you go — one item in progress at a time,
|
|
59
|
+
closed out the instant it's actually done.
|
|
60
|
+
Keep the list honest: it should always reflect the real state, not an aspiration.
|
|
61
|
+
|
|
62
|
+
## Reflect — this is non-negotiable
|
|
63
|
+
You improve your own work in a loop. After each meaningful step, pause and check:
|
|
64
|
+
- Did that step actually move toward the goal, or just feel productive?
|
|
65
|
+
- Is the result correct? Verify it — run it, re-read it, cross-check a source —
|
|
66
|
+
rather than assuming. Evidence before claims, always.
|
|
67
|
+
- What did I learn that should change the plan? Update the todos accordingly.
|
|
68
|
+
- Am I missing a skill, tool, or subagent that would do this better? Go get it.
|
|
69
|
+
- Am I stuck repeating myself or looping? If so, change approach, don't retry harder.
|
|
70
|
+
When you believe you're done, do one final reflection pass against the original
|
|
71
|
+
goal — every part addressed, every claim verified — before you say so.
|
|
72
|
+
|
|
73
|
+
## Persistence and honesty
|
|
74
|
+
- Keep going until the goal is met. Don't end a turn with the work unfinished and
|
|
75
|
+
no next action; either take the next step or clearly state what's blocking you.
|
|
76
|
+
- When you are genuinely blocked — missing a permission, credential, decision, or
|
|
77
|
+
information only the user has — say so plainly and, if it warrants a human,
|
|
78
|
+
`request_handoff`. Don't fabricate, don't guess past a real gap.
|
|
79
|
+
- Be straight about uncertainty. Distinguish what you verified from what you assume.
|
|
80
|
+
If a result is partial, say which part is solid and which is open.
|
|
81
|
+
- Lead with the answer or the outcome, then the supporting detail. No filler, no
|
|
82
|
+
narrating tool calls for their own sake — just the substance and the result.
|
|
83
|
+
soul_prompt: |
|
|
84
|
+
This assistant is a general-purpose autonomous agent. It pursues the user's goal
|
|
85
|
+
end to end, discovering and using whatever skills, tools, and subagents the task
|
|
86
|
+
needs, verifying its own work, and being honest about uncertainty and limits.
|
|
87
|
+
fallback_messages:
|
|
88
|
+
- "I hit a snag on that step. Let me restate where things stand and what I'll try next."
|
|
89
|
+
- "Something went wrong on my end — give me the goal again and I'll pick the thread back up."
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
enabled: true # master flag — false bypasses attachment parsing entirely
|
|
2
|
+
max_image_bytes: 4000000 # raw-byte cap BEFORE base64 (~5.3MB data-uri); mirrors _cap_tool_text intent
|
|
3
|
+
allowed_image_types: [".png", ".jpg", ".jpeg", ".gif", ".webp"]
|
|
4
|
+
vision_unsupported_notice: >-
|
|
5
|
+
[note: this model can't read images; your attachment was ignored and only your
|
|
6
|
+
text was processed.]
|
|
7
|
+
oversize_notice: "[image '{name}' skipped: {size} bytes exceeds cap of {cap} bytes]"
|
|
8
|
+
unreadable_notice: "[image '{name}' skipped: {reason}]"
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
enabled: true # master flag — false fully bypasses compaction
|
|
2
|
+
|
|
3
|
+
# Percentage-of-window triggering
|
|
4
|
+
trigger_pct: 0.75 # compact when request exceeds 75% of usable input budget
|
|
5
|
+
target_pct: 0.50 # compact down toward 50% (hysteresis band)
|
|
6
|
+
reserved_output_tokens: null # null → auto from model max_completion_tokens; int overrides (clamped to model cap)
|
|
7
|
+
auto_output_ceiling: 8192 # ceiling applied when auto-deriving the output budget
|
|
8
|
+
schema_headroom_pct: 0.05 # cushion for system prompt + bound tool schemas
|
|
9
|
+
|
|
10
|
+
# Window resolution
|
|
11
|
+
model_context_window: null # null → resolve from OpenRouter /models; int → override
|
|
12
|
+
default_context_window: 32000 # fallback when resolution fails
|
|
13
|
+
absolute_trigger_cap: null # optional cost cap: effective trigger = min(pct-budget, cap)
|
|
14
|
+
|
|
15
|
+
# Retention / strategy
|
|
16
|
+
keep_recent_min: 6
|
|
17
|
+
max_tool_message_tokens: 4000 # fixed cap on a single ToolMessage at ingestion
|
|
18
|
+
max_tool_message_pct: 0.15 # also cap it at 15% of usable input budget (per-model); effective cap = min of the two
|
|
19
|
+
strategy: hybrid # hybrid | trim
|
|
20
|
+
|
|
21
|
+
# Summarizer
|
|
22
|
+
summary_model: null # null → reuse the agent's meta.yaml model
|
|
23
|
+
summary_max_tokens: 512
|
|
24
|
+
extract_facts: false # Phase 4
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
# Default-agent filesystem-tools policy (read_file / grep / glob_files).
|
|
2
|
+
# Core tools under namespace "fs" — always bound (see tool_policy.yaml core_tools).
|
|
3
|
+
# Pure stdlib, cross-platform (Windows + POSIX), no shell-out. Set
|
|
4
|
+
# `enabled: false` to disable — the tools are then never registered (invisible to
|
|
5
|
+
# discovery and the permission view). A missing file falls back to these defaults.
|
|
6
|
+
enabled: true
|
|
7
|
+
|
|
8
|
+
# Confine every resolved path under the project root; refuse `..` escapes.
|
|
9
|
+
# Keep ON unless the agent must read outside the repo.
|
|
10
|
+
confine: true
|
|
11
|
+
|
|
12
|
+
# read_file caps.
|
|
13
|
+
max_read_bytes: 256000 # hard byte ceiling per read
|
|
14
|
+
max_read_lines: 2000 # default line window when `limit` is omitted
|
|
15
|
+
|
|
16
|
+
# Result caps (a truncation marker is appended when hit).
|
|
17
|
+
max_grep_matches: 200
|
|
18
|
+
max_glob_results: 200
|
|
19
|
+
|
|
20
|
+
# Directories pruned by grep / never descended into.
|
|
21
|
+
ignore_dirs:
|
|
22
|
+
- ".git"
|
|
23
|
+
- "node_modules"
|
|
24
|
+
- "__pycache__"
|
|
25
|
+
- ".venv"
|
|
26
|
+
- "venv"
|
|
27
|
+
- ".mypy_cache"
|
|
28
|
+
- ".pytest_cache"
|
|
29
|
+
- "dist"
|
|
30
|
+
- "build"
|
|
@@ -0,0 +1,145 @@
|
|
|
1
|
+
version: "1"
|
|
2
|
+
enable_input_guard: true
|
|
3
|
+
enable_output_guard: true
|
|
4
|
+
|
|
5
|
+
# ──────────────────────────────────────────────────────────────────────────────
|
|
6
|
+
# Defense-in-depth guardrails for the Four-Blocks coaching agent.
|
|
7
|
+
#
|
|
8
|
+
# Input (before the LLM): prompt-injection (regex + ML) + harmful content.
|
|
9
|
+
# Output (before the user): harmful content + PII leakage.
|
|
10
|
+
#
|
|
11
|
+
# IMPORTANT — this is a mental-health coaching app. It legitimately discusses
|
|
12
|
+
# depression, guilt, anxiety and worthlessness. The Llama-Guard rules therefore
|
|
13
|
+
# scope which categories block: self-harm (S11) and specialized-advice (S6) are
|
|
14
|
+
# NOT blocked — those distress disclosures must reach the skill's crisis/wellbeing
|
|
15
|
+
# flow, not get a cold refusal. Only genuinely malicious categories block.
|
|
16
|
+
# ──────────────────────────────────────────────────────────────────────────────
|
|
17
|
+
|
|
18
|
+
default_refusal_templates:
|
|
19
|
+
- "I'm unable to process that request right now."
|
|
20
|
+
- "That request can't be handled. Please try again."
|
|
21
|
+
- "Something went wrong evaluating your request. Please rephrase."
|
|
22
|
+
|
|
23
|
+
backends:
|
|
24
|
+
regex_injection:
|
|
25
|
+
type: regex_injection
|
|
26
|
+
detect_typoglycemia: true
|
|
27
|
+
detect_base64: true
|
|
28
|
+
detect_hex: true
|
|
29
|
+
detect_char_spacing: true
|
|
30
|
+
min_encoded_len: 12
|
|
31
|
+
|
|
32
|
+
deberta:
|
|
33
|
+
type: local_classifier
|
|
34
|
+
model_name: protectai/deberta-v3-base-prompt-injection
|
|
35
|
+
device: cpu
|
|
36
|
+
batch_size: 8
|
|
37
|
+
injection_label: INJECTION
|
|
38
|
+
threshold: 0.5
|
|
39
|
+
fail_open: true
|
|
40
|
+
|
|
41
|
+
presidio:
|
|
42
|
+
type: presidio
|
|
43
|
+
languages:
|
|
44
|
+
- en
|
|
45
|
+
score_threshold: 0.5
|
|
46
|
+
entities:
|
|
47
|
+
- CREDIT_CARD
|
|
48
|
+
- CRYPTO
|
|
49
|
+
- EMAIL_ADDRESS
|
|
50
|
+
- IBAN_CODE
|
|
51
|
+
- IP_ADDRESS
|
|
52
|
+
- PHONE_NUMBER
|
|
53
|
+
- US_BANK_NUMBER
|
|
54
|
+
- US_DRIVER_LICENSE
|
|
55
|
+
- US_ITIN
|
|
56
|
+
- US_PASSPORT
|
|
57
|
+
- US_SSN
|
|
58
|
+
fail_open: false
|
|
59
|
+
|
|
60
|
+
llama_guard:
|
|
61
|
+
type: llama_guard
|
|
62
|
+
model_path: ./models/Llama-Guard-3-1B.Q4_K_M.gguf
|
|
63
|
+
n_ctx: 2048
|
|
64
|
+
n_threads: 4
|
|
65
|
+
max_tokens: 32
|
|
66
|
+
block_categories:
|
|
67
|
+
- S1 # Violent Crimes
|
|
68
|
+
- S2 # Non-Violent Crimes
|
|
69
|
+
- S3 # Sex Crimes
|
|
70
|
+
- S4 # Child Exploitation
|
|
71
|
+
- S9 # Indiscriminate Weapons
|
|
72
|
+
- S10 # Hate
|
|
73
|
+
- S14 # Code Interpreter Abuse / malware
|
|
74
|
+
fail_open: false
|
|
75
|
+
|
|
76
|
+
input_rules:
|
|
77
|
+
- name: prompt_injection_regex
|
|
78
|
+
backend: regex_injection
|
|
79
|
+
enabled: true
|
|
80
|
+
severity: block
|
|
81
|
+
description: >
|
|
82
|
+
Deterministic detection of instruction-override, prompt-extraction,
|
|
83
|
+
role/tag spoofing, control-token injection, DAN jailbreaks, and encoded
|
|
84
|
+
or scrambled evasions of the same.
|
|
85
|
+
refusal_message: >
|
|
86
|
+
That request looks like an attempt to change how I work, so I can't act on it.
|
|
87
|
+
I can only follow my own guidelines — but if there's something on your mind, I'm here for that.
|
|
88
|
+
refusal_templates:
|
|
89
|
+
- "That looks like an attempt to change my instructions, so I can't act on it. If there's something you'd like to talk through, I'm here."
|
|
90
|
+
- "I can only follow my own guidelines, so I can't take that on. What's actually on your mind today?"
|
|
91
|
+
|
|
92
|
+
- name: prompt_injection_ml
|
|
93
|
+
backend: deberta
|
|
94
|
+
enabled: true
|
|
95
|
+
severity: block
|
|
96
|
+
description: >
|
|
97
|
+
ML classifier catching paraphrased or novel injection attempts that the
|
|
98
|
+
regex layer may miss.
|
|
99
|
+
refusal_message: >
|
|
100
|
+
That request looks like an attempt to change how I work, so I can't act on it.
|
|
101
|
+
I can only follow my own guidelines — but if there's something on your mind, I'm here for that.
|
|
102
|
+
refusal_templates:
|
|
103
|
+
- "That looks like an attempt to change my instructions, so I can't act on it. If there's something you'd like to talk through, I'm here."
|
|
104
|
+
- "I can only follow my own guidelines, so I can't take that on. What's actually on your mind today?"
|
|
105
|
+
|
|
106
|
+
- name: harmful_content
|
|
107
|
+
backend: llama_guard
|
|
108
|
+
enabled: false
|
|
109
|
+
severity: block
|
|
110
|
+
description: >
|
|
111
|
+
Block requests for instructions enabling violent/non-violent crime, sexual
|
|
112
|
+
crimes, child exploitation, weapons, hate, or malware. (Self-harm and
|
|
113
|
+
mental-health distress are intentionally NOT blocked here.)
|
|
114
|
+
refusal_message: >
|
|
115
|
+
I can't help with that. If something painful is going on for you, though, I'm glad to talk it through.
|
|
116
|
+
refusal_templates:
|
|
117
|
+
- "I can't help with that. If something painful is behind it, though, I'm here to talk."
|
|
118
|
+
- "That's not something I can help with. But if there's something you're struggling with, I'd like to hear it."
|
|
119
|
+
|
|
120
|
+
output_rules:
|
|
121
|
+
- name: harmful_content_in_response
|
|
122
|
+
backend: llama_guard
|
|
123
|
+
enabled: false
|
|
124
|
+
severity: block
|
|
125
|
+
description: >
|
|
126
|
+
Block a response that contains harmful instructions (crime, weapons, hate,
|
|
127
|
+
malware, exploitation) even if the input looked benign.
|
|
128
|
+
refusal_message: >
|
|
129
|
+
I wasn't able to put together a response I'm comfortable sharing. Could you rephrase what you're after?
|
|
130
|
+
refusal_templates:
|
|
131
|
+
- "I wasn't able to give a response I'm comfortable sharing. Could you say more about what you need?"
|
|
132
|
+
- "That one didn't come out in a way I can share. Let's try it from a different angle."
|
|
133
|
+
|
|
134
|
+
- name: pii_leakage
|
|
135
|
+
backend: presidio
|
|
136
|
+
enabled: false
|
|
137
|
+
severity: block
|
|
138
|
+
description: >
|
|
139
|
+
Block a response that exposes personal identifiers — emails, phone numbers,
|
|
140
|
+
government IDs, or financial account numbers — that shouldn't be surfaced.
|
|
141
|
+
refusal_message: >
|
|
142
|
+
My response included some sensitive details I shouldn't share, so I've held it back. Could you ask again?
|
|
143
|
+
refusal_templates:
|
|
144
|
+
- "That response had sensitive details I shouldn't share, so I held it back. Could you ask again?"
|
|
145
|
+
- "I caught some private information in that reply and stopped it. Let's try again."
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
# F07 Human Handoff policy.
|
|
2
|
+
enabled: true # master flag — false → request_handoff unregistered
|
|
3
|
+
operator_prompt: |
|
|
4
|
+
[HUMAN HANDOFF] The agent escalated this conversation.
|
|
5
|
+
Reason: {reason}
|
|
6
|
+
Type your reply to the user (blank = use fallback):
|
|
7
|
+
timeout_seconds: null # null → wait indefinitely (Dev CLI). Prod worker should bound it.
|
|
8
|
+
on_timeout: fallback # fallback | refuse | keep_waiting
|
|
9
|
+
fallback_message: >
|
|
10
|
+
A team member will follow up with you shortly. In the meantime,
|
|
11
|
+
is there anything else I can help with?
|
|
12
|
+
inject_as: assistant # assistant | tool
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
# Hooks for the `default` (Generalist) agent.
|
|
2
|
+
#
|
|
3
|
+
# F10 shell audit: now that shell is enabled, every intent + outcome is logged
|
|
4
|
+
# to data/audit/shell-audit.jsonl (dev) / the tool_audit table (prod). The model
|
|
5
|
+
# calls the tool unqualified ("run_shell"), so the matcher globs the suffix to
|
|
6
|
+
# also catch "shell:run_shell" / "shell_run_shell".
|
|
7
|
+
version: "1"
|
|
8
|
+
enabled: true
|
|
9
|
+
hooks:
|
|
10
|
+
- name: shell-audit-intent
|
|
11
|
+
event: pre_tool
|
|
12
|
+
matcher: "*run_shell"
|
|
13
|
+
python: app.tools.shell_audit:log_intent
|
|
14
|
+
on_error: allow
|
|
15
|
+
- name: shell-audit-outcome
|
|
16
|
+
event: post_tool
|
|
17
|
+
matcher: "*run_shell"
|
|
18
|
+
python: app.tools.shell_audit:log_outcome
|
|
19
|
+
on_error: allow
|
|
20
|
+
# F27 loop guard: break a runaway streak of failing run_shell retries (deny +
|
|
21
|
+
# steer toward write_file). A genuinely different command is still allowed.
|
|
22
|
+
- name: shell-loop-guard
|
|
23
|
+
event: pre_tool
|
|
24
|
+
matcher: "*run_shell"
|
|
25
|
+
python: app.hooks.guards:shell_loop_guard
|
|
26
|
+
on_error: allow
|
|
27
|
+
# Verification loop guard (langfuse session test-104): deny + steer once the
|
|
28
|
+
# SAME failure signature (pytest/go test/jest/mypy/tsc/rustc/panic/traceback)
|
|
29
|
+
# recurs 2+ runs in a row, even across edits that made the shell commands
|
|
30
|
+
# look different (shell-loop-guard misses that case — it only compares
|
|
31
|
+
# command text, not the underlying failure).
|
|
32
|
+
- name: verification-loop-guard
|
|
33
|
+
event: pre_tool
|
|
34
|
+
matcher: "*run_shell"
|
|
35
|
+
python: app.hooks.guards:verification_loop_guard
|
|
36
|
+
on_error: allow
|