Merge pull request #2 from orang2bejo/codex/conduct-comprehensive-audit-for-jarvis-ai-project-8yncbg

Add secure config validation and telemetry

Author: orang2bejo

.github/workflows/ci.yml

@@ -79,6 +79,13 @@ jobs:
     - name: Run installation test
       run: |
         python test_installation.py
+
+    - name: Upload audit reports
+      if: always()
+      uses: actions/upload-artifact@v3
+      with:
+        name: audit-reports
+        path: audit_reports/
 
     - name: Generate coverage report
       run: |
@@ -167,4 +174,32 @@ jobs:
 
     - name: Notify on failure
       if: ${{ needs.test.result == 'failure' }}
-      run: echo "❌ Tests failed. Please check the logs."
+      run: echo "❌ Tests failed. Please check the logs."
+
+  supply-chain:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Generate SBOM
+      run: |
+        pip install cyclonedx-bom
+        cyclonedx-py --format json --output sbom.json
+
+    - name: Scan secrets
+      uses: gitleaks/gitleaks-action@v2
+      with:
+        args: '--no-git --path .'
+
+    - name: CVE audit
+      run: |
+        pip install pip-audit
+        pip-audit > cve-report.txt || true
+
+    - name: Upload supply-chain artifacts
+      uses: actions/upload-artifact@v3
+      with:
+        name: supply-chain
+        path: |
+          sbom.json
+          cve-report.txt

.github/workflows/release.yml

@@ -0,0 +1,24 @@
+name: Release
+
+on:
+  push:
+    tags: ['v*']
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.12'
+    - name: Build wheel
+      run: |
+        pip install build
+        python -m build
+    - name: Upload artifact
+      uses: actions/upload-artifact@v3
+      with:
+        name: wheel
+        path: dist/*.whl

.pre-commit-config.yaml

@@ -0,0 +1,14 @@
+repos:
+  - repo: https://github.com/psf/black
+    rev: 24.3.0
+    hooks:
+      - id: black
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.3.4
+    hooks:
+      - id: ruff
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.4.0
+    hooks:
+      - id: detect-secrets
+        args: ['--baseline', '.secrets.baseline']

.secrets.baseline

@@ -0,0 +1,5 @@
+{
+  "version": "1.0.0",
+  "plugins_used": [],
+  "results": {}
+}

CHANGELOG.md

@@ -0,0 +1,9 @@
+# Changelog
+
+## 0.1.0 - 2024-06-12
+- add config validation with Pydantic
+- integrate Windows secret store
+- sanitize logs and enforce retention
+- GPU auto-detection for STT/TTS with healthcheck
+- rate limiting and retry utilities
+- PowerShell hardening and CI supply-chain jobs

README.md

@@ -0,0 +1,15 @@
+# Jarvis Windows Agent
+
+![CI](https://github.com/CursorTouch/AI_Agents/actions/workflows/ci.yml/badge.svg)
+
+Jarvis is an autonomous agent for Windows automation, integrating voice, web, and desktop controls.
+
+## Security & Compliance
+- Default automation mode is **ASSISTIVE**; other modes are documented in [Security Modes](docs/SECURITY_MODES.md).
+- Secrets are stored via Windows Credential Manager; see [SECRETS.md](docs/SECRETS.md).
+- Logs are sanitized and rotated every 14 days. Use `scripts/healthcheck.py` to inspect device providers.
+
+## Healthcheck
+```bash
+python scripts/healthcheck.py
+```

audit_reports/ACTION_PLAN.md

@@ -7,7 +7,11 @@
 - Resolve `jarvis_demo.py` syntax error to restore build.
 
 ## P1 – Near Term
+codex/conduct-comprehensive-audit-for-jarvis-ai-project-8yncbg
+- Implement `obs/device_telemetry.py` and `scripts/healthcheck.py` for CPU/GPU metrics.
+=======
 - Implement `utils/device_telemetry.py` and `scripts/healthcheck.py` for CPU/GPU metrics.
+ main
 - Add CI workflow running `ruff`, `black --check`, `mypy`, `pytest` (skip Office if unavailable).
 - Refactor large modules (`web_form_automation.py`, `hitl.py`).
 - Ensure `personality_state.json` and other runtime data are gitignored.

audit_reports/CPU_GPU_TELEMETRY_GAP.md

@@ -8,7 +8,11 @@
 
 ## Recommended Patches
 ```python
+ codex/conduct-comprehensive-audit-for-jarvis-ai-project-8yncbg
+# obs/device_telemetry.py (new)
+=======
 # utils/device_telemetry.py (new)
+ main
 import psutil, json
 
 def snapshot() -> dict:
@@ -19,7 +23,11 @@ def snapshot() -> dict:
 ```
 ```python
 # scripts/healthcheck.py (new)
+ codex/conduct-comprehensive-audit-for-jarvis-ai-project-8yncbg
+from obs.device_telemetry import snapshot
+=======
 from utils.device_telemetry import snapshot
+ main
 
 if __name__ == "__main__":
     stats = snapshot()

config/logging.yaml

@@ -34,30 +34,33 @@ handlers:
     stream: ext://sys.stdout
 
   file:
-    class: logging.handlers.RotatingFileHandler
+    class: logging.handlers.TimedRotatingFileHandler
     level: DEBUG
     formatter: detailed
     filename: logs/jarvis.log
-    maxBytes: 10485760  # 10MB
-    backupCount: 5
+    when: D
+    interval: 1
+    backupCount: 14
     encoding: utf8
-  
+
   error_file:
-    class: logging.handlers.RotatingFileHandler
+    class: logging.handlers.TimedRotatingFileHandler
     level: ERROR
     formatter: detailed
     filename: logs/jarvis_errors.log
-    maxBytes: 10485760  # 10MB
-    backupCount: 3
+    when: D
+    interval: 1
+    backupCount: 14
     encoding: utf8
-  
+
   performance_file:
-    class: logging.handlers.RotatingFileHandler
+    class: logging.handlers.TimedRotatingFileHandler
     level: DEBUG
     formatter: json
     filename: logs/jarvis_performance.log
-    maxBytes: 10485760  # 10MB
-    backupCount: 3
+    when: D
+    interval: 1
+    backupCount: 14
     encoding: utf8
     filters: [performance]
 

config/models.yaml

@@ -0,0 +1,4 @@
+planner: gpt-4
+judge: gpt-4
+offline: small
+vision: null