Skip to content

Build proactive custom AI bot with VM testing and vision capabilities #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
amazon-q-developer wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Build proactive custom AI bot with VM testing and vision capabilities #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
150 changes: 150 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,150 @@
# OmniBlocks Proactive AI Bot

A groundbreaking proactive AI bot with VM testing and vision capabilities for the OmniBlocks organization.

## Overview

This bot represents a new paradigm in AI development tools - instead of being reactive (waiting for mentions/triggers), it operates proactively by:

- **Always monitoring** repository activity autonomously
- **Testing code** in real, isolated VM environments
- **Providing visual feedback** with screenshots and UI interaction
- **Managing resources** intelligently with smart wake/sleep cycles

## Key Features

### 🤖 Proactive Operation
- Continuous repository monitoring and engagement
- Intelligent sleep/wake scheduling to optimize token usage
- Smart pattern recognition for proactive intervention
- Event-driven architecture with real-time processing

### 🔬 VM Testing Environment
- Isolated Docker containers for safe code execution
- Automated testing workflows with comprehensive reporting
- Security sandboxing to prevent malicious code execution
- Resource cleanup and management

### 👁️ Vision & Multimodal Capabilities
- Screenshot capture and visual analysis
- UI element detection and interaction
- Visual debugging and change detection
- Integration with vision-enabled LLM models

### 🔧 Advanced Integration
- GitHub Actions and Octokit API integration
- Multi-provider LLM support (OpenAI, Anthropic, etc.)
- Webhook processing for real-time events
- Comprehensive logging and monitoring

## Architecture

```
omniblocks-ai-bot/
├── src/
│ ├── core/ # Core bot engine and orchestration
│ ├── monitoring/ # Repository monitoring and event processing
│ ├── testing/ # VM testing environment and execution
│ ├── vision/ # Computer vision and UI interaction
│ ├── github/ # GitHub API integration and webhooks
│ ├── llm/ # LLM integration and intelligence
│ └── utils/ # Shared utilities and helpers
├── config/ # Configuration files and templates
├── docker/ # Docker configurations for VM testing
├── workflows/ # GitHub Actions workflows
├── tests/ # Comprehensive test suite
└── docs/ # Documentation and guides
```

## Quick Start

1. **Clone and Setup**
```bash
git clone <repository-url>
cd omniblocks-ai-bot
pip install -r requirements.txt
```

2. **Configure Environment**
```bash
cp config/env.example .env
# Edit .env with your API keys and settings
```

3. **Run the Bot**
```bash
python -m src.main
```

## Configuration

The bot uses environment variables for configuration:

- `GITHUB_TOKEN` - GitHub API token with appropriate permissions
- `OPENAI_API_KEY` - OpenAI API key for LLM integration
- `ANTHROPIC_API_KEY` - Anthropic API key (optional)
- `BOT_MODE` - Operation mode: `proactive`, `reactive`, or `hybrid`
- `SLEEP_SCHEDULE` - Sleep/wake schedule configuration
- `VM_RESOURCE_LIMITS` - Resource limits for VM testing

## Development

### Prerequisites
- Python 3.9+
- Docker and Docker Compose
- Git

### Setup Development Environment
```bash
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
pip install -r requirements-dev.txt
pre-commit install
```

### Running Tests
```bash
pytest tests/
```

### Code Quality
```bash
black src/ tests/
flake8 src/ tests/
mypy src/
```

## Security

This bot handles sensitive operations including:
- Code execution in isolated environments
- API key management
- Repository access and modifications

Security measures include:
- Sandboxed VM execution with resource limits
- Encrypted API key storage
- Audit logging of all operations
- Rate limiting and abuse prevention

## Contributing

1. Fork the repository
2. Create a feature branch
3. Make your changes with tests
4. Submit a pull request

## License

This project is licensed under the GNU General Public License v3.0 - see the [LICENSE](LICENSE) file for details.

## Support

For questions, issues, or contributions:
- Open an issue on GitHub
- Contact @supervoidcoder
- Reference: OmniBlocks/scratch-gui#249

---

**Note**: This is a groundbreaking implementation of proactive AI bot technology. Most existing bots are reactive, but this system actively monitors and engages with repositories autonomously while maintaining intelligent resource management.
63 changes: 63 additions & 0 deletions config/env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
# OmniBlocks Proactive AI Bot Configuration
# Copy this file to .env and fill in your values

# GitHub Configuration
GITHUB_TOKEN=your_github_token_here
GITHUB_WEBHOOK_SECRET=your_webhook_secret_here
GITHUB_REPOSITORY=owner/repo-name
GITHUB_ORGANIZATION=your-org-name
GITHUB_API_BASE_URL=https://api.github.com

# LLM Configuration
OPENAI_API_KEY=your_openai_api_key_here
ANTHROPIC_API_KEY=your_anthropic_api_key_here
LLM_DEFAULT_PROVIDER=openai
LLM_MAX_TOKENS=4000
LLM_TEMPERATURE=0.7
LLM_VISION_MODEL=gpt-4-vision-preview

# VM Testing Configuration
VM_DOCKER_IMAGE=python:3.9-slim
VM_MEMORY_LIMIT=512m
VM_CPU_LIMIT=0.5
VM_TIMEOUT_SECONDS=300
VM_NETWORK_MODE=none
VM_ENABLE_GPU=false

# Monitoring Configuration
MONITORING_POLL_INTERVAL=60
MONITORING_MAX_EVENTS=10
MONITORING_EVENT_TYPES=push,pull_request,issues,issue_comment,pull_request_review
MONITORING_IGNORE_BOTS=true

# Scheduling Configuration
SCHEDULING_ENABLE_SLEEP=true
SCHEDULING_SLEEP_DURATION=30
SCHEDULING_WAKE_TRIGGERS=high_priority_event,mention,scheduled_time
SCHEDULING_QUIET_START=22:00
SCHEDULING_QUIET_END=06:00
SCHEDULING_TIMEZONE=UTC

# Vision Configuration
VISION_SCREENSHOT_QUALITY=85
VISION_MAX_SCREENSHOT_SIZE=1920,1080
VISION_UI_TIMEOUT=30
VISION_DIFF_THRESHOLD=0.1
VISION_ENABLE_OCR=true

# Security Configuration
SECURITY_ENABLE_SCANNING=true
SECURITY_ALLOWED_EXTENSIONS=.py,.js,.ts,.json,.yaml,.yml,.md,.txt
SECURITY_BLOCKED_COMMANDS=rm -rf,sudo,curl,wget,nc,netcat
SECURITY_MAX_FILE_SIZE_MB=10

# Logging Configuration
LOG_LEVEL=INFO
LOG_DIR=logs
LOG_JSON=false

# State Management
STATE_DIR=state

# Bot Mode
BOT_MODE=proactive
30 changes: 30 additions & 0 deletions docker/Dockerfile.testing
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# Dockerfile for secure testing environment
FROM python:3.9-slim

# Install system dependencies
RUN apt-get update && apt-get install -y \
git \
curl \
wget \
build-essential \
&& rm -rf /var/lib/apt/lists/*

# Create non-root user for security
RUN useradd -m -u 1000 testuser

# Set up working directory
WORKDIR /workspace
Comment on lines +12 to +16
Copy link

@coderabbitai coderabbitai bot Oct 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

Ensure workspace permissions for non-root and align PYTHONPATH with src layout.

Without chown, testuser may lack write access to /workspace. Also, imports come from src/, so expose that path.

 # Create non-root user for security
 RUN useradd -m -u 1000 testuser
-
-# Set up working directory
-WORKDIR /workspace
+# Set up working directory and permissions
+WORKDIR /workspace
+RUN mkdir -p /workspace && chown -R testuser:testuser /workspace
@@
-ENV PYTHONPATH=/workspace
+ENV PYTHONPATH=/workspace/src

Python 3.9 reaches/has reached EOL around October 2025. Consider python:3.11-slim to stay in support windows.

Also applies to: 23-27

🤖 Prompt for AI Agents 
In docker/Dockerfile.testing around lines 12 to 16 (and similarly 23 to 27), the
Dockerfile creates a non-root user but does not ensure /workspace is writable
and does not expose the src path for Python imports; change the Dockerfile to
(1) ensure the base image targets a supported Python version (e.g.,
python:3.11-slim) instead of python:3.9, (2) create the testuser as done but run
a chown -R testuser:testuser /workspace (or create /workspace then chown) so the
non-root user has write permissions, (3) set WORKDIR /workspace and add an
environment variable PYTHONPATH=/workspace/src (or update PATH) so imports
resolve from src, and (4) make sure the chown and ENV lines are placed before
USER testuser so permissions and env are effective for the non-root user.


# Copy requirements and install Python dependencies
COPY requirements-testing.txt .
RUN pip install --no-cache-dir -r requirements-testing.txt

Comment on lines +19 to +21
Copy link

@coderabbitai coderabbitai bot Oct 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

COPY source path is wrong for typical build context (breaks build).

When building with -f docker/Dockerfile.testing ., the file lives at docker/requirements-testing.txt, not at repo root. Fix to avoid “no such file” errors.

Apply this diff:

-# Copy requirements and install Python dependencies
-COPY requirements-testing.txt .
-RUN pip install --no-cache-dir -r requirements-testing.txt
+# Copy requirements and install Python dependencies
+COPY docker/requirements-testing.txt /tmp/requirements-testing.txt
+RUN python -m pip install --no-cache-dir -r /tmp/requirements-testing.txt

🏁 Script executed:

#!/bin/bash
# Verify file location and absence at repo root
set -euo pipefail
echo "Listing matches for requirements-testing.txt:"
fd -a --hidden --no-ignore -g "*requirements-testing.txt"
echo
if [ -f "requirements-testing.txt" ]; then
  echo "Found requirements-testing.txt at repo root (unexpected)."
else
  echo "No requirements-testing.txt at repo root (expected)."
fi

Length of output: 150

COPY path is incorrect and breaks the build—apply the fix.

The file is located at docker/requirements-testing.txt, not at the repo root. When building with -f docker/Dockerfile.testing . (build context: .), the current COPY requirements-testing.txt . will fail with a "no such file or directory" error. Verified: file exists only at docker/requirements-testing.txt.

-COPY requirements-testing.txt .
-RUN pip install --no-cache-dir -r requirements-testing.txt
+COPY docker/requirements-testing.txt /tmp/requirements-testing.txt
+RUN python -m pip install --no-cache-dir -r /tmp/requirements-testing.txt
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
COPY requirements-testing.txt .
RUN pip install --no-cache-dir -r requirements-testing.txt
COPY docker/requirements-testing.txt /tmp/requirements-testing.txt
RUN python -m pip install --no-cache-dir -r /tmp/requirements-testing.txt
🤖 Prompt for AI Agents 
In docker/Dockerfile.testing around lines 19 to 21, the Dockerfile attempts to
COPY requirements-testing.txt from the build context root but the file resides
at docker/requirements-testing.txt; update the COPY to reference the correct
relative path (e.g., COPY docker/requirements-testing.txt
./requirements-testing.txt) so the file is found during build, then leave the
RUN pip install line unchanged.

# Switch to non-root user
USER testuser

# Set environment variables
ENV PYTHONPATH=/workspace
ENV PYTHONUNBUFFERED=1

# Default command
CMD ["python", "-c", "print('Testing environment ready')"]
19 changes: 19 additions & 0 deletions docker/requirements-testing.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Testing environment requirements
pytest>=7.4.0
pytest-asyncio>=0.21.0
pytest-cov>=4.1.0
pytest-mock>=3.11.0

# Common testing libraries
requests>=2.31.0
numpy>=1.24.0
pandas>=2.0.0

# Code analysis
flake8>=6.0.0
black>=23.7.0
mypy>=1.5.0

# Security scanning
bandit>=1.7.5
safety>=2.3.0
45 changes: 45 additions & 0 deletions requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
# Core dependencies
asyncio
Copy link

@coderabbitai coderabbitai bot Oct 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Remove asyncio from dependencies.

asyncio is part of Python's standard library (since 3.4) and should not be listed in requirements.txt. Including it may cause confusion or pip installation issues.

Apply this diff:

 # Core dependencies
-asyncio
 aiohttp>=3.8.0
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
asyncio
# Core dependencies
aiohttp>=3.8.0
🤖 Prompt for AI Agents 
In requirements.txt around lines 2 to 2, remove the listed dependency "asyncio"
because asyncio is part of the Python standard library and must not be included
in requirements.txt; edit the file to delete that line so only external
installable packages remain.

aiohttp>=3.8.0
aiofiles>=0.8.0

# GitHub integration
PyGithub>=1.58.0

# LLM integrations
openai>=1.0.0
anthropic>=0.7.0

# Computer vision and image processing
opencv-python>=4.8.0
Pillow>=10.0.0
pytesseract>=0.3.10

# Docker integration
docker>=6.0.0

# Data processing
pandas>=2.0.0
numpy>=1.24.0

# Configuration and utilities
python-dotenv>=1.0.0
pydantic>=2.0.0
pytz>=2023.3

# Logging and monitoring
structlog>=23.1.0

# Testing
pytest>=7.4.0
pytest-asyncio>=0.21.0
pytest-mock>=3.11.0

# Code quality
black>=23.7.0
flake8>=6.0.0
mypy>=1.5.0
pre-commit>=3.3.0

# Security
cryptography>=41.0.0
Comment on lines +1 to +45
Copy link

@coderabbitai coderabbitai bot Oct 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify dependency versions for security vulnerabilities.

Several dependencies are specified with minimum versions from 2023-2024. Ensure these versions are free from known security vulnerabilities and consider updating to the latest stable versions.

🏁 Script executed:

#!/bin/bash
# Check for security vulnerabilities in specified dependencies

echo "Checking for security advisories..."

# Key dependencies to check
packages=("Pillow" "cryptography" "opencv-python" "PyGithub" "openai" "anthropic" "aiohttp")

for package in "${packages[@]}"; do
  echo "=== Checking $package ==="
  gh api graphql -f query="
  {
    securityVulnerabilities(first: 5, ecosystem: PIP, package: \"$package\") {
      nodes {
        advisory {
          summary
          severity
          publishedAt
        }
        vulnerableVersionRange
        firstPatchedVersion {
          identifier
        }
      }
    }
  }"
  echo ""
done

Length of output: 5202

Update minimum versions to patch known security vulnerabilities.

Security advisory checks reveal active vulnerabilities in four dependencies:

  • cryptography>=41.0.0: Update to >=41.0.2 to resolve HIGH severity SSH certificate handling issue (CVE affecting 40.0.0-41.0.1)
  • opencv-python>=4.8.0: Update to >=4.8.1.78 to patch HIGH severity libwebp vulnerability (CVE-2023-4863)
  • aiohttp>=3.8.0: Update to >=3.12.14 to address HIGH severity DoS parsing issue (affecting <3.9.4) and recent HTTP smuggling vulnerabilities
  • Pillow>=10.0.0: Consider updating to >=11.3.0 or higher to avoid buffer overflow vulnerability in 11.2.x series (published July 2025)
🤖 Prompt for AI Agents 
In requirements.txt lines 1 to 45, several packages have known security
vulnerabilities; update the minimum versions to secure releases: change
cryptography to >=41.0.2, opencv-python to >=4.8.1.78, aiohttp to >=3.12.14, and
Pillow to >=11.3.0 (or newer); then run your test suite and dependency checks
(and update any lockfiles) to ensure compatibility and that CI passes.

9 changes: 9 additions & 0 deletions src/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
"""
OmniBlocks Proactive AI Bot

A groundbreaking proactive AI bot with VM testing and vision capabilities.
"""

__version__ = "1.0.0"
__author__ = "OmniBlocks Organization"
__description__ = "Proactive AI Bot with VM Testing and Vision Capabilities"
6 changes: 6 additions & 0 deletions src/core/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
"""
Core module for the OmniBlocks Proactive AI Bot.

This module contains the core bot engine, configuration management,
and orchestration components.
"""
Loading