diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 7459099..7789e76 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -21,5 +21,5 @@ blank_issues_enabled: false contact_links: - name: Security vulnerability - url: https://github.com/microsoft/sico/security/advisories/new + url: https://github.com/microsoft/Sico/security/advisories/new about: Please report security issues privately instead of opening a public issue. diff --git a/CLAUDE.md b/CLAUDE.md index d4757f7..7343e6b 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -4,14 +4,16 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co ## Project Overview -Sico is an open-source AI agent platform with three main services that communicate via gRPC and a bidirectional "reverse RPC" pattern. The backend handles HTTP APIs and persistence, the core handles AI/LLM orchestration, and the frontend provides a React dashboard (frontend codebase is not opensourced). +Sico is an open-source AI agent platform with three main services that communicate via gRPC and a bidirectional "reverse RPC" pattern. The backend handles HTTP APIs and persistence, the core handles AI/LLM orchestration, and the frontend provides a React dashboard. + +> **Frontend source code is not in this public repository.** In a public checkout, `frontend/` only contains packaged deployment assets (e.g. `frontend-dist.zip`, `deployments/`) — there is no `frontend/package.json` or `src/`, so any `pnpm`/`vite` workflow must be run from a separate frontend source checkout. Do not add or document `pnpm dev`/`pnpm build` instructions in this repo. ## Build & Run Commands ### Full Stack (Docker Compose) ```bash cp .env.example .env # first time only -make compose-up # builds and starts all services (nginx, backend, core, mysql, redis, kafka, seaweedfs) +make compose-up # builds and starts all services (nginx, frontend, backend, core, mysql, redis, kafka, seaweedfs, qdrant) make compose-down # stop and remove containers make compose-logs # tail all service logs ``` diff --git a/README.md b/README.md index f3f0380..70c3b0e 100644 --- a/README.md +++ b/README.md @@ -21,10 +21,11 @@ The idea behind Sico emerged from large-scale operational challenges observed in Through real production workloads, Sico achieved closed-loop validation for Digital Workers operating under continuous execution, evaluation, and human supervision. Through this process, we observed that reliability emerged not from static automation alone, but from the continuous co-evolution between human operators and Digital Workers. -In Sico, three core roles define how work gets done: +In Sico, four core roles define how work gets done: -- Operator: responsible for training, monitoring, and improving Digital Workers - Employer: defines business objectives and outcome standards for Digital Workers +- Operator: responsible for training, monitoring, and improving Digital Workers +- Developer: builds the capability structure and infrastructure (workflows, tools, execution environments) of Digital Workers - Digital Worker: executes tasks through structured capabilities and continuous learning At the center of this system, a Digital Worker is not just a model or an agent, but a structured, executable capability unit. @@ -120,8 +121,8 @@ On top of this runtime, Sico organizes work into **three loops** that together f ### Prepare the configuration (shared by all run modes) ```bash -git clone https://github.com/microsoft/sico.git -cd sico +git clone https://github.com/microsoft/Sico.git +cd Sico cp .env.example .env # edit values as needed ``` @@ -162,7 +163,7 @@ Then pick **one** of the run modes below. ### Run mode A: Docker Compose (recommended for local dev) ```bash -make compose-up # builds and starts nginx, backend, core, mysql, redis +make compose-up # builds and starts nginx, frontend, backend, core, mysql, redis, kafka, seaweedfs, qdrant ``` Then verify the stack: @@ -172,7 +173,7 @@ Then verify the stack: - API docs: [http://localhost:8080/api/sico/docs/index.html](http://localhost:8080/api/sico/docs/index.html) - Health: `curl http://localhost:8080/api/sico/health` -Sign in with the seeded default account: +Sign in with the seeded default account (local development only — rotate or remove before exposing the stack outside your machine): - **Username**: `operator@sico.local` - **Password**: `operator` @@ -239,4 +240,4 @@ This project may contain trademarks or logos for projects, products, or services ## Acknowledgements -Sico stands on the shoulders of the open-source community: Go, Gin, GORM, Wire, Python, asyncio, grpclib, betterproto, React, Vite, and many more. Thank you to everyone who has [contributed](https://github.com/microsoft/sico/graphs/contributors) to Sico. +Sico stands on the shoulders of the open-source community: Go, Gin, GORM, Wire, Python, asyncio, grpclib, betterproto, React, Vite, and many more. Thank you to everyone who has [contributed](https://github.com/microsoft/Sico/graphs/contributors) to Sico. diff --git a/SECURITY.md b/SECURITY.md index a7b5fe2..f4790ff 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -13,7 +13,14 @@ updated to list supported versions. **Please do not file public GitHub issues for security vulnerabilities.** -Instead, report privately via GitHub's [private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) +For Microsoft-owned projects, the preferred reporting channel is the +**Microsoft Security Response Center (MSRC)**: report at +[https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report), +or email [secure@microsoft.com](mailto:secure@microsoft.com). MSRC coordinates +disclosure across Microsoft products and is the canonical channel for issues +with potential cross-product impact. + +As an alternative, you can also report privately via GitHub's [private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) on this repository. Please include: diff --git a/core/README.md b/core/README.md deleted file mode 100644 index 6465786..0000000 --- a/core/README.md +++ /dev/null @@ -1,74 +0,0 @@ -# Sico Core - -The Core service is the Python side of Sico. It runs the agent loop, orchestrates tool execution, talks to LLM providers through the LLM Hub, and calls back into the Backend (via reverse gRPC) to persist state. - -> See the top-level [README](../README.md) for the platform overview and [docs/technical_report.md](../docs/technical_report.md) for how Core fits into the system. - -## Layout - -``` -core/ -├── app/ -│ ├── main.py # async gRPC server entrypoint -│ ├── biz/ -│ │ ├── chat/ # chat orchestration, planning, tool calling -│ │ ├── llm/ # LLM service layer -│ │ └── reverse_grpc/ # client stubs that call back to Backend -│ ├── tools/ # agent tools (read/write/grep/web_search/run_python/...) -│ ├── llmhubs/ # provider adapters (OpenAI, Azure, Anthropic, Gemini, ...) -│ ├── schemas/ # Pydantic request/response models -│ ├── pb/ # generated betterproto2 stubs (do not edit) -│ ├── memory/ # memory subsystem -│ ├── document/ # document parsing / chunking -│ └── utils/ # redis, caching, eventbus, response builders -└── tests/ - ├── chat/ # tests for app.biz.chat - ├── llmhubs/ # tests for app.llmhubs and adapters - ├── sandbox_tools/ # tests for app.tools.sandbox_tools - └── storage/ # tests for app.storage -``` - -## Test Layout - -- Organize tests by the owning module or domain under `tests/`; avoid mixing flat root-level test files with per-domain folders. -- Keep `tests/` root for shared pytest config such as `conftest.py`, or for future cross-domain integration tests. -- Put domain-only helpers in that domain's `conftest.py`; only truly cross-domain fixtures should live at the root. -- Name files after the behavior or unit under test, such as `tests/llmhubs/test_timeout.py`. - -## Requirements - -- Python **3.13+** -- [uv](https://docs.astral.sh/uv/) for dependency management (`pyproject.toml` + `uv.lock`) - -## Develop - -```bash -cd core -uv sync -uv run python -m app.main # start the gRPC server (requires env vars / backend) -uv run pytest # run tests -uv run pytest tests/chat/ # run a subset -uv run ruff check . # lint -uv run ruff format . # format -``` - -Regenerate protobuf stubs from the repo root: - -```bash -bash proto/gen.sh core -``` - -## Configuration - -Core does not own persistent state. It expects: - -- A reachable Backend for reverse gRPC callbacks (`REVERSE_GRPC_ADDRESS`). -- LLM provider credentials resolved through the LLM Hub (see [backend/docs/llmhub.md](../backend/docs/llmhub.md)). - -For the complete environment model, see [`.env.example`](../.env.example) at the repo root. - -## More - -- [Docs home](../docs/README.md) -- [LLM Hub builtin YAML models](app/llmhubs/README.md) -- [Contributing](../CONTRIBUTING.md) diff --git a/core/app/biz/chat/service.py b/core/app/biz/chat/service.py index 084f2c8..c80da6f 100644 --- a/core/app/biz/chat/service.py +++ b/core/app/biz/chat/service.py @@ -524,7 +524,7 @@ async def generate_onboard_recommendation_tasks( knowledge_list=json.dumps(workspace_context.get("knowledge", []), ensure_ascii=False, indent=2), skills_list=json.dumps(workspace_context.get("skills", []), ensure_ascii=False, indent=2), ) - print(prompt) + generation = await app.llmhubs.generate(request=build_llm_request( [{ "role": "user", diff --git a/docs/quickstart.md b/docs/quickstart.md index fbfecfc..f56eca5 100644 --- a/docs/quickstart.md +++ b/docs/quickstart.md @@ -21,8 +21,8 @@ For a developer setup (building services from source, writing code, running test ## 1. Configure the environment ```bash -git clone https://github.com/microsoft/sico.git -cd sico +git clone https://github.com/microsoft/Sico.git +cd Sico cp .env.example .env ``` @@ -210,7 +210,7 @@ curl http://localhost:8080/api/sico/health # Core is internal, but the Backend exposes an aggregated health view. ``` -Sign in with the seeded default account: +Sign in with the seeded default account (local development only — rotate or remove before exposing the stack outside your machine): - **Username**: `operator@sico.local` - **Password**: `operator` diff --git a/docs/roadmap.md b/docs/roadmap.md index 477ffea..87d580b 100644 --- a/docs/roadmap.md +++ b/docs/roadmap.md @@ -2,7 +2,7 @@ Sico is at an early, actively-evolving stage. This roadmap captures our direction, not a commitment to specific dates. Priorities shift based on user feedback and real-world deployment experience. -We track concrete work items as [GitHub Issues](https://github.com/microsoft/sico/issues). This page is the higher-level view. +We track concrete work items as [GitHub Issues](https://github.com/microsoft/Sico/issues). This page is the higher-level view. ## Current scope @@ -41,4 +41,4 @@ Frontend source code is not currently published in this repository. For now, the ## Contributing ideas -Have a use case, a proposal, or an existing tool you think should integrate with Sico? Open a [discussion](https://github.com/microsoft/sico/discussions) or [issue](https://github.com/microsoft/sico/issues). Real workload feedback is the single most valuable input for the roadmap. +Have a use case, a proposal, or an existing tool you think should integrate with Sico? Open a [discussion](https://github.com/microsoft/Sico/discussions) or [issue](https://github.com/microsoft/Sico/issues). Real workload feedback is the single most valuable input for the roadmap. diff --git a/examples/knowledge/create_link_document.py b/examples/knowledge/create_link_document.py index 1677c16..8072b4b 100644 --- a/examples/knowledge/create_link_document.py +++ b/examples/knowledge/create_link_document.py @@ -30,7 +30,7 @@ def main() -> None: token = require_env("TOKEN") project_id = env_int("PROJECT_ID", 1) - link_url = os.environ.get("DOC_URL", "https://github.com/microsoft/sico") + link_url = os.environ.get("DOC_URL", "https://github.com/microsoft/Sico") name = os.environ.get("DOC_NAME", "Sico GitHub Repository") agent_id = os.environ.get("AGENT_ID", "").strip()