Metadata-Version: 2.4
Name: logomesh
Version: 0.1.0
Summary: Reproduce Sentry crashes as failing pytest tests — sandbox execution, verified evidence
Project-URL: Repository, https://github.com/logomesh/logomesh-Dev
License: MIT
Keywords: crash-reproduction,debugging,pytest,sentry,testing
Classifier: Development Status :: 3 - Alpha
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Software Development :: Testing
Requires-Python: >=3.11
Requires-Dist: docker>=7.0.0
Requires-Dist: fastapi>=0.100.0
Requires-Dist: httpx>=0.24.0
Requires-Dist: hypothesis>=6.0.0
Requires-Dist: langchain-core>=0.3
Requires-Dist: langchain-openai>=0.2
Requires-Dist: langgraph>=0.2
Requires-Dist: openai>=2.8.1
Requires-Dist: pydantic>=2.11.9
Requires-Dist: pyjwt[crypto]>=2.8.0
Requires-Dist: python-dotenv>=1.1.1
Requires-Dist: rank-bm25>=0.2.2
Requires-Dist: sentry-sdk[fastapi]>=2.0.0
Requires-Dist: uvicorn>=0.35.0
Provides-Extra: anthropic
Requires-Dist: anthropic>=0.40.0; extra == 'anthropic'
Provides-Extra: capture
Provides-Extra: cloud
Requires-Dist: supabase>=2.30.0; extra == 'cloud'
Provides-Extra: embed
Requires-Dist: numpy>=1.24.0; extra == 'embed'
Requires-Dist: voyageai>=0.2.0; extra == 'embed'
Description-Content-Type: text/markdown

# logomesh

**The repro layer for backend code.**

When your service crashes in production, logomesh reproduces the failure deterministically in an isolated sandbox, writes a failing test against your current branch, and opens a draft PR. Zero LLM in the test bytes. Silence when we can't verify.

*Python today. Node, Java, Go, C# shipping through 2027.*

---

## How it works

1. **Sentry fires.** You point a Sentry webhook at us.
2. **We fetch the frame.** Innermost in-app frame, locals, breadcrumbs, trace id.
3. **We synthesize the test.** Deterministic Python — no LLM touches the test bytes.
4. **We run it in Docker.** Airgapped, `nobody` user, read-only rootfs, 128 MB cap, no network.
5. **We verify.** Sandbox must raise the same exception type Sentry captured. If it doesn't, we refuse to ship evidence.
6. **We open a PR.** Failing test attached. Optional: sealed audit artifact with SHA-256 stamp and control mapping.

Everything outside the test bytes — which tool to call, when to give up, how to recover from a source-not-found — is handled by a LangGraph agent layer. The agent is advisory; the sealed evidence path is contract-enforced.

```
Sentry webhook  →  Agent (LangGraph, 10 tools)  →  Deterministic synth  →  Docker sandbox
                                ↓                                              ↓
                    Advisory reasoning (audited)              Sealed test + verdict artifact
                                                              → draft PR + Sentry comment + optional Slack
```

## Why it's different

Every other "AI for bugs" tool hands you LLM-generated output and hopes it's right. Good for velocity, useless for an auditor.

logomesh's contract:

- **Sealed evidence path.** `evidence_path_seal.llm_in_evidence_path: false`. The pytest in the artifact is a pure function of `(frame, source, sandbox_image)`.
- **Verified exception match.** The sandbox must raise the exact exception type Sentry captured. Anything else refuses to ship as evidence.
- **Silence on mismatch.** When the agent can't reproduce at fidelity, we flag for human review. We never claim a verdict the seal doesn't support.
- **No opaque test bytes.** Every byte in the artifact traces to a deterministic source.

You get the repro, the PR, the proof — or an honest "we can't reproduce this cleanly" with a structured reason.

---

## Pricing

Three tiers. Published. No "contact us" unless you're Enterprise.

### Starter — $9,000/yr
For engineering teams that want repro + draft PRs for every Sentry crash.

- 1 Sentry project, 1 GitHub repo
- Unlimited events (fair-use cap 50/day)
- Repro artifact + draft PR
- Community support
- Self-serve signup

### Core — $27,000/yr
For teams that want sealed artifacts and compliance-ready output.

- 3 Sentry projects, 3 GitHub repos
- **Sealed artifact** (SHA-256 stamped, deterministic, refusal-on-mismatch)
- Slack + Sentry + GitHub comment integrations
- Priority support (4-hour SLA)
- Drata / Vanta integration (read-only evidence push)

### Compliance Pro — $54,000/yr
For teams in active SOC2 Type 2 or PCI DSS 4.0 cycles.

- Everything in Core
- **SOC2 CC7.3 + CC7.4 and PCI DSS 12.10.5** control mapping on every artifact
- QSA letter-of-alignment for your named auditor
- Custom control narrative per organization
- Dedicated customer-success contact
- Annual audit-cycle support

### Enterprise — custom
VPC deploy, SSO, HIPAA BAA, custom SLAs, multi-region. [Talk to us.](mailto:founders@logomesh.dev)

---

## What it reproduces well

Input-validation bugs. `NoneType` mismatches. Decimal precision errors. Off-by-one. Type-coercion bugs. Ordering / idempotency issues. Anything where the inputs that crashed the call are captured in the Sentry frame.

## What it doesn't

- Race conditions (frame locals don't capture thread interleaving)
- Distributed-transaction failures spanning services
- Bugs that depend on specific DB row state or Redis content
- External-API behavior (sandbox auto-mocks Stripe/Redis/etc. for isolation)
- Timezone/DST (sandbox runs `TZ=UTC`)

When we can't reproduce, we say so. The refusal is logged in the audit trail with a structured reason. We publish hit rate by category; we don't guess.

---

## Roadmap — languages

| Language | Status | Notes |
|---|---|---|
| **Python** | GA | FastAPI, Django, Flask, SQLAlchemy, Celery, Stripe |
| **Node / TypeScript** | Q2 2026 | Jest + Vitest; source-map-aware |
| **Java** | Q3 2026 | JUnit 5 + Spring Boot + Maven/Gradle |
| **Go** | Q4 2026 | Requires optional capture SDK for full locals |
| **C# / .NET** | Q1 2027 | xUnit + .NET 8 + ASP.NET Core |

The agent layer is language-agnostic. Each language port is the synthesizer + sandbox image + AST parser — roughly 3-6 weeks per language.

---

## Quick start (self-serve, Starter)

```bash
# 1. Sign up at logomesh.dev/start  →  get an installation_id and client_secret
# 2. Add the webhook in Sentry:
#    Settings → Custom Integrations → New → Webhook URL:
#    https://api.logomesh.dev/webhooks/sentry/{installation_id}
#    Client Secret: {client_secret from signup}
# 3. Paste your GitHub PAT (repo scope) and target repo in the dashboard.
# 4. Trigger a test event. Watch the verdict land as a comment.
```

## Quick start (self-host, advanced)

```bash
uv sync
docker build -t logomesh-startup-sandbox:latest -f Dockerfile.sandbox .
cp .env.example .env  # fill in keys
LOGOMESH_ENV=production uv run uvicorn src.server.app:app --port 8080
```

See [`docs/pipeline.md`](docs/pipeline.md) for the full walkthrough.

---

## Under the hood

- `logomesh_orchestrator.py` — LangGraph supervisor + 10 typed tools (fetch / repro / critic / context / web / rag / artifact / PR / env / hypothesis)
- `src/oracles/sentry_replay_v2.py` — deterministic frame-locals → pytest synthesizer (no LLM)
- `src/business_logic/sandbox/` — Docker runner, hardened, production-only (no subprocess fallback)
- `src/core/installation_secrets.py` — AES-256-GCM per-installation secret store
- `src/core/pii_redactor.py` — PAN (Luhn-validated), SSN, email, JWT, API keys, field-name scrubbing — runs before any LLM call and before any byte lands in the artifact
- `src/core/usage_tracker.py` — per-run token budget + cost cap + Supabase usage logging
- `src/server/` — FastAPI app, multi-tenant webhook routing, output-channel posters

---

## Privacy & security

- **No code training.** LLM calls go to your configured provider under their zero-retention API terms.
- **PII redaction at source.** Runs before any LLM call and before any byte is stamped. See `src/core/pii_redactor.py`.
- **Sandbox isolation.** Airgapped Docker, `nobody` user, read-only rootfs, no network, 128 MB cap. Production refuses to boot without Docker — no subprocess fallback.
- **Per-installation encrypted secrets.** AES-256-GCM, migration-ready for Supabase Vault.
- **Sub-processors** (public): OpenAI, Anthropic, Tavily, Sentry, GitHub, Supabase, AWS. Listed at [logomesh.dev/sub-processors](https://logomesh.dev/sub-processors).
- **SOC2 Type 1** targeted Q4 2026. **Type 2** targeted Q3 2027. **PCI responsibility matrix** available on request.

## Compliance

On Compliance Pro, every artifact carries:

- Control mapping: `SOC2-CC7.3`, `SOC2-CC7.4`, `PCI-DSS-4.0-12.10.5`
- Deterministic test hash (SHA-256)
- Sandbox image digest
- `llm_in_evidence_path: false` attestation
- Evidence chain narrative auto-generated from the incident

We do not claim PCI DSS 6.3.2 (pre-release code review). logomesh fires post-incident; that's a different control.

---

## Status

**Pilot**, taking design partners. First 5 customers get 20% off year 1 + named-design-partner status. Email [founders@logomesh.dev](mailto:founders@logomesh.dev) or book a demo at [logomesh.dev/demo](https://logomesh.dev/demo).

## License

Proprietary. Source available for design-partner due diligence.
