Skip to content

Commit 76c6d68

Browse files
Merge pull request #93 from Copilot-home/copilot/research-daiof-framework
feat: DAIOF Production Deployment Checklist — Security hardening, CI fixes, tests, documentation
2 parents ff78d3f + 87dc9e7 commit 76c6d68

15 files changed

Lines changed: 473 additions & 174 deletions

.github/copilot-instructions.md

Lines changed: 38 additions & 117 deletions
Original file line numberDiff line numberDiff line change
@@ -1,145 +1,66 @@
1-
# 🌟 Digital AI Organism Framework (DAIOF)
1+
# 🧬 Digital AI Organism Framework (DAIOF)
22

3-
> ## 🚀 **OFFICIALLY LAUNCHED - October 30, 2025!** 🎉
3+
> **OFFICIALLY LAUNCHED October 30, 2025**
44
55
## Architecture Overview
66

7-
This project uses [autoplans.dev](https://autoplans.dev) for AI-powered project management and development automation.
7+
DAIOF applies biological principles to AI systems: organisms have genomes, metabolism, nervous systems and live inside ecosystems.
88

99
### Key Components
1010

11-
Document your major system components and their interactions here:
12-
- Service boundaries and responsibilities
13-
- Data flow between components
14-
- Integration points and external dependencies
15-
- Critical architectural decisions and the reasoning behind them
11+
| Layer | Location | Responsibility |
12+
|---|---|---|
13+
| **Framework core** | `digital_ai_organism_framework.py` | `DigitalGenome`, `DigitalOrganism`, `DigitalEcosystem`, `SymphonyControlCenter` (monolith) |
14+
| **Package API** | `src/hyperai/` | Installable package re-exporting core classes with proper module boundaries |
15+
| **HAIOS Runtime** | `haios_runtime.py` | 7 Hard Invariants, AttestationLog (SHA-256 chain), safety floor enforcement |
16+
| **Orchestrator** | `unified_ai_orchestrator.py` | Heartbeat cycle (60 s) connecting all AI modules |
17+
| **LLM integration** | `ollama_config.py` | Ollama local LLM client with D&R 3-phase protocol |
18+
| **Autonomous agents** | `.github/scripts/` | GitHub API automation (issue triage, health, metrics, autonomous dev) |
19+
| **CI/CD** | `.github/workflows/ci.yml` | Pytest, flake8 lint, gene verification, codecov |
1620

1721
### Technology Stack
1822

19-
List your core technologies, frameworks, and key dependencies:
20-
- Languages and runtimes
21-
- Frameworks and libraries
22-
- Database and data storage
23-
- External services and APIs
23+
- **Language**: Python 3.9+
24+
- **Dependencies**: `numpy`, `PyGithub`, `pyyaml`, `requests` (see `requirements.txt`)
25+
- **LLM**: Ollama local (`http://localhost:11434`) — no cloud LLM keys required
26+
- **Storage**: SQLite (`autonomous_todo.db`), JSONL audit logs
27+
- **CI**: GitHub Actions, Codecov
2428

2529
## Development Workflows
2630

2731
### Build & Run
2832
```bash
29-
# Add your build commands here
30-
npm install
31-
npm run build
32-
npm run dev
33+
pip install -r requirements.txt # runtime deps
34+
pip install -e ".[dev]" # editable install + dev tools
35+
hyperai # CLI health check
36+
python quick_start.py # interactive demo
3337
```
3438

3539
### Testing
3640
```bash
37-
# Add your test commands here
38-
npm test
39-
npm run test:e2e
41+
pytest tests/ -v --cov=digital_ai_organism_framework
42+
python -m unittest tests/test_smoke.py
4043
```
4144

42-
### Debugging
43-
- Describe debugging setup and common debugging scenarios
44-
- Document environment variables and configuration
45-
- Note any debugging tools or extensions required
45+
### Key Design Patterns
4646

47-
## Project-Specific Conventions
48-
49-
### Code Style & Patterns
50-
- Document naming conventions that differ from defaults
51-
- Describe project-specific design patterns
52-
- Note any non-standard code organization
47+
- **4 Pillars** (`an_toan`, `duong_dai`, `tin_vao_so_lieu`, `han_che_rui_ro`): every action scored against Safety, Long-term, Data-driven, Risk-reduction.
48+
- **D&R Protocol** (Deconstruction → Focal Point → Re-architecture): applied in `SymphonyControlCenter.apply_dr_protocol()` and `OllamaClient.dandr_analysis()`.
49+
- **7 Hard Invariants**: attribution, safety floor ≥ 7, rollback, K-State = 1, 4 pillars composite ≥ 7.5, governance quorum, immutable audit.
50+
- **Biological metaphor**: `DigitalGenome` (traits + mutation), `DigitalMetabolism` (resource mgmt), `DigitalNervousSystem` (perception/decision).
5351

5452
### Git Workflow
55-
- Branch naming conventions
56-
- Commit message format
57-
- PR requirements and review process
58-
59-
## Task Management with Autoplans
60-
61-
This project uses **autoplans.dev Language Model Tools** for intelligent task management. AI agents can:
62-
63-
### Available Autoplans Tools
64-
```typescript
65-
// Project Management
66-
autoplans_list_projects() // List all projects
67-
autoplans_create_project({name, description}) // Create new project
68-
autoplans_get_project({projectId}) // Get project details
69-
70-
// Task Management
71-
autoplans_list_tasks({projectId}) // List tasks for a project
72-
autoplans_create_task({projectId, title, description, priority, type})
73-
autoplans_update_task({taskId, status, priority, ...})
74-
autoplans_delete_task({taskId})
75-
autoplans_get_task({taskId})
76-
77-
// Bulk Operations
78-
autoplans_bulk_create_tasks({projectId, tasks: []})
79-
autoplans_bulk_update_tasks({projectId, taskIds: [], updates: {}})
80-
81-
// Business Planning
82-
autoplans_get_business_plan({projectId})
83-
autoplans_create_business_plan({projectId, ...})
84-
autoplans_update_business_plan({projectId, ...})
85-
86-
// Repository Sync
87-
autoplans_generate_copilot_config() // Generate this file
88-
autoplans_initialize_autoplans_folder() // Create .autoplans/ docs
89-
autoplans_sync_project_to_repo() // Sync all files
90-
```
91-
92-
### Task Management Guidelines
93-
94-
**When working on this project:**
95-
1. **Before starting work**: Check `autoplans_list_tasks()` for assigned tasks
96-
2. **Creating tasks**: Use `autoplans_create_task()` with clear descriptions and proper type (coding/design/documentation/testing)
97-
3. **Updating progress**: Call `autoplans_update_task()` to update status (pending → in_progress → completed)
98-
4. **Planning features**: Break down large features into smaller tasks using `autoplans_bulk_create_tasks()`
99-
100-
**Task Types:**
101-
- `coding` - Implementation work
102-
- `design` - Architecture, UI/UX design
103-
- `documentation` - Docs, comments, guides
104-
- `testing` - Unit tests, E2E tests, QA
105-
106-
**Task Status:**
107-
- `pending` - Not started
108-
- `in_progress` - Currently working
109-
- `blocked` - Waiting on dependency
110-
- `completed` - Finished
111-
- `waiting_for_review` - Ready for PR review
112-
113-
## Getting Help
11453

115-
- Visit [autoplans.dev](https://autoplans.dev) for documentation
116-
- Use `@autoplans` in Copilot chat for project-specific help
117-
- Check `.autoplans/` folder for project documentation and task details
118-
- Review `.autoplans/tasks.md` for current task list
119-
120-
---
121-
122-
*Generated by autoplans.dev - Update this file with project-specific patterns and conventions as they emerge*
54+
- Main branch: `main`
55+
- CI runs on push/PR to `main` and `develop`
56+
- Autonomous workflows are **workflow_dispatch only** (schedules commented out)
57+
- Commit format: emoji prefix + short description (e.g., `🧬 Add genome mutation`)
12358

12459
## Instructions for AI Agents
12560

126-
**This section should be customized based on codebase analysis:**
127-
128-
Analyze this codebase to discover:
129-
- The "big picture" architecture requiring multiple files to understand - major components, service boundaries, data flows, and the "why" behind structural decisions
130-
- Critical developer workflows (builds, tests, debugging) especially commands that aren't obvious from file inspection alone
131-
- Project-specific conventions and patterns that differ from common practices
132-
- Integration points, external dependencies, and cross-component communication patterns
133-
134-
Source existing AI conventions from:
135-
`**/{.github/copilot-instructions.md,AGENT.md,AGENTS.md,CLAUDE.md,.cursorrules,.windsurfrules,.clinerules,.cursor/rules/**,.windsurf/rules/**,.clinerules/**,README.md}`
136-
137-
When updating this file:
138-
- Merge intelligently - preserve valuable content while updating outdated sections
139-
- Write concise, actionable instructions (~20-50 lines) using markdown structure
140-
- Include specific examples from the codebase when describing patterns
141-
- Avoid generic advice - focus on THIS project's specific approaches
142-
- Document only discoverable patterns, not aspirational practices
143-
- Reference key files/directories that exemplify important patterns
144-
145-
For more guidance: https://aka.ms/vscode-instructions-docs
61+
1. **Core logic** lives in `digital_ai_organism_framework.py` (large file); read `src/hyperai/__init__.py` for the public API surface.
62+
2. **Tests** go in `tests/`; run `pytest tests/ -v` before any change.
63+
3. **Do not enable** `enable_sensitive_data=True` in observability — it captures prompts.
64+
4. **Workflow permissions** follow least-privilege; only add permissions that are strictly needed.
65+
5. **`sovereign_runner.py`** is local-only macOS tooling — not for production or CI.
66+
6. Creator attribution (`alpha_prime_omega`, verification `4287`) is a project constant — do not alter.

.github/workflows/ai-agent-autonomous.yml

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -19,22 +19,20 @@ on:
1919

2020
permissions:
2121
contents: write
22-
issues: write
2322
pull-requests: write
24-
discussions: write
2523

2624
jobs:
2725
autonomous-agent:
2826
runs-on: ubuntu-latest
2927
steps:
3028
- name: 🚀 Checkout Repository
31-
uses: actions/checkout@v4
29+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
3230
with:
3331
fetch-depth: 0
3432
token: ${{ secrets.GITHUB_TOKEN }}
3533

3634
- name: 🐍 Setup Python Environment
37-
uses: actions/setup-python@v4
35+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
3836
with:
3937
python-version: '3.10'
4038
cache: 'pip'

.github/workflows/autonomous-development.yml

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -20,9 +20,7 @@ on:
2020

2121
permissions:
2222
contents: write
23-
issues: write
2423
pull-requests: write
25-
discussions: write
2624

2725
jobs:
2826
autonomous_development:
@@ -31,13 +29,13 @@ jobs:
3129

3230
steps:
3331
- name: 🧬 Clone Organism DNA
34-
uses: actions/checkout@v4
32+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
3533
with:
3634
fetch-depth: 0
3735
token: ${{ secrets.GITHUB_TOKEN }}
3836

3937
- name: 🐍 Prepare Organism Environment
40-
uses: actions/setup-python@v5
38+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
4139
with:
4240
python-version: '3.9'
4341
cache: 'pip'

.github/workflows/autonomous-git-workflow.yml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -24,9 +24,7 @@ on:
2424

2525
permissions:
2626
contents: write
27-
issues: write
2827
pull-requests: write
29-
discussions: write
3028

3129
jobs:
3230
autonomous_git_workflow:
@@ -35,7 +33,7 @@ jobs:
3533

3634
steps:
3735
- name: 🧬 Clone Repository with Full History
38-
uses: actions/checkout@v4
36+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
3937
with:
4038
fetch-depth: 0
4139
token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/autonomous-security-fix.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,9 +30,7 @@ on:
3030

3131
permissions:
3232
contents: write
33-
issues: write
3433
pull-requests: write
35-
security-events: write
3634

3735
jobs:
3836
autonomous_security_fix:

.github/workflows/ci.yml

Lines changed: 24 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -6,40 +6,41 @@ on:
66
pull_request:
77
branches: [ main, develop ]
88

9+
# Principle of Least Privilege: only read access for CI checks
10+
permissions:
11+
contents: read
12+
913
jobs:
1014
test:
1115
name: Test on Python ${{ matrix.python-version }}
1216
runs-on: ${{ matrix.os }}
1317

1418
strategy:
1519
matrix:
16-
os: [ubuntu-latest, macos-latest, windows-latest]
17-
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
20+
# Reduced to ubuntu-only to cut CI cost; framework is pure Python with no
21+
# platform-specific code. Re-add macos-latest/windows-latest if native
22+
# extensions are introduced.
23+
os: [ubuntu-latest]
24+
python-version: ['3.9', '3.10', '3.11', '3.12']
1825

1926
steps:
2027
- name: 📥 Checkout code
21-
uses: actions/checkout@v4
28+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
2229

2330
- name: 🐍 Set up Python ${{ matrix.python-version }}
24-
uses: actions/setup-python@v5
31+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
2532
with:
2633
python-version: ${{ matrix.python-version }}
2734

2835
- name: 📦 Install dependencies
2936
run: |
3037
python -m pip install --upgrade pip
3138
pip install -r requirements.txt
32-
pip install pytest pytest-cov black flake8 mypy
33-
34-
- name: 🎨 Check code style with Black
35-
run: black --check .
36-
continue-on-error: true
39+
pip install pytest pytest-cov flake8
3740
38-
- name: 🔍 Lint with flake8
41+
- name: 🔍 Lint with flake8 (critical errors only)
3942
run: |
4043
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
41-
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=100 --statistics
42-
continue-on-error: true
4344
4445
- name: 🧬 Verify immutable genes
4546
run: |
@@ -59,10 +60,10 @@ jobs:
5960
- name: 🧪 Run tests
6061
run: |
6162
pytest tests/ -v --cov=digital_ai_organism_framework --cov-report=xml --cov-report=term
62-
continue-on-error: true
6363
6464
- name: 📊 Upload coverage to Codecov
65-
uses: codecov/codecov-action@v4
65+
if: matrix.python-version == '3.11'
66+
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67ab1fd11d9025a # v4.7.2
6667
with:
6768
file: ./coverage.xml
6869
flags: unittests
@@ -75,10 +76,10 @@ jobs:
7576

7677
steps:
7778
- name: 📥 Checkout code
78-
uses: actions/checkout@v4
79+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
7980

8081
- name: 🐍 Set up Python
81-
uses: actions/setup-python@v5
82+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
8283
with:
8384
python-version: '3.11'
8485

@@ -123,34 +124,31 @@ jobs:
123124

124125
steps:
125126
- name: 📥 Checkout code
126-
uses: actions/checkout@v4
127+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
127128

128129
- name: 🐍 Set up Python
129-
uses: actions/setup-python@v5
130+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
130131
with:
131132
python-version: '3.11'
132133

133-
- name: 🔒 Run safety check
134-
run: |
135-
pip install safety
136-
safety check --json || true
137-
continue-on-error: true
138-
139134
- name: 🔐 Run bandit security linter
140135
run: |
141136
pip install bandit
142-
bandit -r . -f json || true
137+
bandit -r digital_ai_organism_framework.py haios_core.py haios_runtime.py src/ -f json -o bandit-report.json || true
138+
bandit -r digital_ai_organism_framework.py haios_core.py haios_runtime.py src/ -ll
143139
continue-on-error: true
144140

145141
release:
146142
name: Create Release
147143
runs-on: ubuntu-latest
148144
needs: [test, validate]
149145
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
146+
permissions:
147+
contents: write
150148

151149
steps:
152150
- name: 📥 Checkout code
153-
uses: actions/checkout@v4
151+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
154152

155153
- name: 🎉 Create Release
156154
uses: softprops/action-gh-release@v2

0 commit comments

Comments
 (0)