mirror of
https://github.com/FuzzingLabs/fuzzforge_ai.git
synced 2026-02-12 21:12:56 +00:00
a2c760ea2b
* feat: seed governance config and responses routing * Add env-configurable timeout for proxy providers * Integrate LiteLLM OTEL collector and update docs * Make .env.litellm optional for LiteLLM proxy * Add LiteLLM proxy integration with model-agnostic virtual keys Changes: - Bootstrap generates 3 virtual keys with individual budgets (CLI: $100, Task-Agent: $25, Cognee: $50) - Task-agent loads config at runtime via entrypoint script to wait for bootstrap completion - All keys are model-agnostic by default (no LITELLM_DEFAULT_MODELS restrictions) - Bootstrap handles database/env mismatch after docker prune by deleting stale aliases - CLI and Cognee configured to use LiteLLM proxy with virtual keys - Added comprehensive documentation in volumes/env/README.md Technical details: - task-agent entrypoint waits for keys in .env file before starting uvicorn - Bootstrap creates/updates TASK_AGENT_API_KEY, COGNEE_API_KEY, and OPENAI_API_KEY - Removed hardcoded API keys from docker-compose.yml - All services route through http://localhost:10999 proxy * Fix CLI not loading virtual keys from global .env Project .env files with empty OPENAI_API_KEY values were overriding the global virtual keys. Updated _load_env_file_if_exists to only override with non-empty values. * Fix agent executor not passing API key to LiteLLM The agent was initializing LiteLlm without api_key or api_base, causing authentication errors when using the LiteLLM proxy. Now reads from OPENAI_API_KEY/LLM_API_KEY and LLM_ENDPOINT environment variables and passes them to LiteLlm constructor. * Auto-populate project .env with virtual key from global config When running 'ff init', the command now checks for a global volumes/env/.env file and automatically uses the OPENAI_API_KEY virtual key if found. This ensures projects work with LiteLLM proxy out of the box without manual key configuration. * docs: Update README with LiteLLM configuration instructions Add note about LITELLM_GEMINI_API_KEY configuration and clarify that OPENAI_API_KEY default value should not be changed as it's used for the LLM proxy. * Refactor workflow parameters to use JSON Schema defaults Consolidates parameter defaults into JSON Schema format, removing the separate default_parameters field. Adds extract_defaults_from_json_schema() helper to extract defaults from the standard schema structure. Updates LiteLLM proxy config to use LITELLM_OPENAI_API_KEY environment variable. * Remove .env.example from task_agent * Fix MDX syntax error in llm-proxy.md * fix: apply default parameters from metadata.yaml automatically Fixed TemporalManager.run_workflow() to correctly apply default parameter values from workflow metadata.yaml files when parameters are not provided by the caller. Previous behavior: - When workflow_params was empty {}, the condition `if workflow_params and 'parameters' in metadata` would fail - Parameters would not be extracted from schema, resulting in workflows receiving only target_id with no other parameters New behavior: - Removed the `workflow_params and` requirement from the condition - Now explicitly checks for defaults in parameter spec - Applies defaults from metadata.yaml automatically when param not provided - Workflows receive all parameters with proper fallback: provided value > metadata default > None This makes metadata.yaml the single source of truth for parameter defaults, removing the need for workflows to implement defensive default handling. Affected workflows: - llm_secret_detection (was failing with KeyError) - All other workflows now benefit from automatic default application Co-authored-by: tduhamel42 <tduhamel@fuzzinglabs.com>
312 lines
4.7 KiB
Plaintext
312 lines
4.7 KiB
Plaintext
# ========================================
|
|
# FuzzForge Platform .gitignore
|
|
# ========================================
|
|
|
|
# -------------------- Python --------------------
|
|
# Byte-compiled / optimized / DLL files
|
|
__pycache__/
|
|
*.py[cod]
|
|
*$py.class
|
|
|
|
# C extensions
|
|
*.so
|
|
|
|
# Distribution / packaging
|
|
.Python
|
|
build/
|
|
develop-eggs/
|
|
dist/
|
|
downloads/
|
|
eggs/
|
|
.eggs/
|
|
lib/
|
|
lib64/
|
|
parts/
|
|
sdist/
|
|
var/
|
|
wheels/
|
|
pip-wheel-metadata/
|
|
share/python-wheels/
|
|
*.egg-info/
|
|
.installed.cfg
|
|
*.egg
|
|
MANIFEST
|
|
|
|
# PyInstaller
|
|
*.manifest
|
|
*.spec
|
|
|
|
# Installer logs
|
|
pip-log.txt
|
|
pip-delete-this-directory.txt
|
|
|
|
# Unit test / coverage reports
|
|
htmlcov/
|
|
.tox/
|
|
.nox/
|
|
.coverage
|
|
.coverage.*
|
|
.cache
|
|
nosetests.xml
|
|
coverage.xml
|
|
*.cover
|
|
*.py,cover
|
|
.hypothesis/
|
|
.pytest_cache/
|
|
|
|
# Environments
|
|
.env
|
|
.venv
|
|
env/
|
|
venv/
|
|
ENV/
|
|
env.bak/
|
|
venv.bak/
|
|
.python-version
|
|
|
|
# UV package manager
|
|
uv.lock
|
|
# But allow uv.lock in CLI and SDK for reproducible builds
|
|
!cli/uv.lock
|
|
!sdk/uv.lock
|
|
!backend/uv.lock
|
|
|
|
# MyPy
|
|
.mypy_cache/
|
|
.dmypy.json
|
|
dmypy.json
|
|
|
|
# Pyre type checker
|
|
.pyre/
|
|
|
|
# pytype static type analyzer
|
|
.pytype/
|
|
|
|
# Cython debug symbols
|
|
cython_debug/
|
|
|
|
# -------------------- IDE / Editor --------------------
|
|
# VSCode
|
|
.vscode/
|
|
*.code-workspace
|
|
|
|
# PyCharm
|
|
.idea/
|
|
|
|
# Vim
|
|
*.swp
|
|
*.swo
|
|
*~
|
|
|
|
# Emacs
|
|
*~
|
|
\#*\#
|
|
/.emacs.desktop
|
|
/.emacs.desktop.lock
|
|
*.elc
|
|
auto-save-list
|
|
tramp
|
|
.\#*
|
|
|
|
# Sublime Text
|
|
*.sublime-project
|
|
*.sublime-workspace
|
|
|
|
# -------------------- Operating System --------------------
|
|
# macOS
|
|
.DS_Store
|
|
.AppleDouble
|
|
.LSOverride
|
|
Icon
|
|
._*
|
|
.DocumentRevisions-V100
|
|
.fseventsd
|
|
.Spotlight-V100
|
|
.TemporaryItems
|
|
.Trashes
|
|
.VolumeIcon.icns
|
|
.com.apple.timemachine.donotpresent
|
|
.AppleDB
|
|
.AppleDesktop
|
|
Network Trash Folder
|
|
Temporary Items
|
|
.apdisk
|
|
|
|
# Windows
|
|
Thumbs.db
|
|
Thumbs.db:encryptable
|
|
ehthumbs.db
|
|
ehthumbs_vista.db
|
|
*.stackdump
|
|
[Dd]esktop.ini
|
|
$RECYCLE.BIN/
|
|
*.cab
|
|
*.msi
|
|
*.msix
|
|
*.msm
|
|
*.msp
|
|
*.lnk
|
|
|
|
# Linux
|
|
*~
|
|
.fuse_hidden*
|
|
.directory
|
|
.Trash-*
|
|
.nfs*
|
|
|
|
# -------------------- Docker --------------------
|
|
# Docker volumes and data
|
|
docker-volumes/
|
|
.dockerignore.bak
|
|
|
|
# Docker Compose override files
|
|
docker-compose.override.yml
|
|
docker-compose.override.yaml
|
|
|
|
# -------------------- Database --------------------
|
|
# SQLite
|
|
*.sqlite
|
|
*.sqlite3
|
|
*.db
|
|
*.db-journal
|
|
*.db-shm
|
|
*.db-wal
|
|
|
|
# PostgreSQL
|
|
*.sql.backup
|
|
|
|
# -------------------- Logs --------------------
|
|
# General logs
|
|
*.log
|
|
logs/
|
|
*.log.*
|
|
|
|
# -------------------- FuzzForge Specific --------------------
|
|
# FuzzForge project directories (user projects should manage their own .gitignore)
|
|
.fuzzforge/
|
|
|
|
# Docker volume configs (keep .env.example but ignore actual .env)
|
|
volumes/env/.env
|
|
|
|
# Vendored proxy sources (kept locally for reference)
|
|
ai/proxy/bifrost/
|
|
ai/proxy/litellm/
|
|
|
|
# Test project databases and configurations
|
|
test_projects/*/.fuzzforge/
|
|
test_projects/*/findings.db*
|
|
test_projects/*/config.yaml
|
|
test_projects/*/.gitignore
|
|
|
|
# Local development configurations
|
|
local_config.yaml
|
|
dev_config.yaml
|
|
.env.local
|
|
.env.development
|
|
|
|
# Generated reports and outputs
|
|
reports/
|
|
output/
|
|
findings/
|
|
*.sarif
|
|
*.sarif.json
|
|
*.html.report
|
|
security_report.*
|
|
|
|
# Temporary files
|
|
tmp/
|
|
temp/
|
|
*.tmp
|
|
*.temp
|
|
|
|
# Backup files
|
|
*.bak
|
|
*.backup
|
|
*~
|
|
|
|
# -------------------- Node.js (for any JS tooling) --------------------
|
|
node_modules/
|
|
npm-debug.log*
|
|
yarn-debug.log*
|
|
yarn-error.log*
|
|
.npm
|
|
|
|
# -------------------- Security --------------------
|
|
# Never commit these files
|
|
*.pem
|
|
*.key
|
|
*.p12
|
|
*.pfx
|
|
|
|
# Exception: Secret detection benchmark test files (not real secrets)
|
|
!test_projects/secret_detection_benchmark/
|
|
!test_projects/secret_detection_benchmark/**
|
|
!**/secret_detection_benchmark_GROUND_TRUTH.json
|
|
!**/secret_detection/results/
|
|
|
|
# Exception: Allow workers/secrets/ directory (secrets detection worker)
|
|
!workers/secrets/
|
|
!workers/secrets/**
|
|
|
|
secret*
|
|
secrets/
|
|
credentials*
|
|
api_keys*
|
|
.env.production
|
|
.env.staging
|
|
|
|
# AWS credentials
|
|
.aws/
|
|
|
|
# -------------------- Build Artifacts --------------------
|
|
# Python builds
|
|
build/
|
|
dist/
|
|
*.wheel
|
|
|
|
# Documentation builds
|
|
docs/_build/
|
|
site/
|
|
|
|
# -------------------- Miscellaneous --------------------
|
|
# Jupyter Notebook checkpoints
|
|
.ipynb_checkpoints
|
|
|
|
# IPython history
|
|
.ipython/
|
|
|
|
# Rope project settings
|
|
.ropeproject
|
|
|
|
# spyderproject
|
|
.spyderproject
|
|
.spyproject
|
|
|
|
# mkdocs documentation
|
|
/site
|
|
|
|
# Local Netlify folder
|
|
.netlify
|
|
|
|
# -------------------- Project Specific Overrides --------------------
|
|
# Allow specific test project files that should be tracked
|
|
!test_projects/*/src/
|
|
!test_projects/*/scripts/
|
|
!test_projects/*/config/
|
|
!test_projects/*/data/
|
|
!test_projects/*/README.md
|
|
!test_projects/*/*.py
|
|
!test_projects/*/*.js
|
|
!test_projects/*/*.php
|
|
!test_projects/*/*.java
|
|
|
|
# But exclude their sensitive content
|
|
test_projects/*/.env
|
|
test_projects/*/private_key.pem
|
|
test_projects/*/wallet.json
|
|
test_projects/*/.npmrc
|
|
test_projects/*/.git-credentials
|
|
test_projects/*/credentials.*
|
|
test_projects/*/api_keys.*
|
|
test_projects/*/ci-*.sh
|