Metadata-Version: 2.4
Name: crucible-gym
Version: 0.1.0
Summary: Adversarial Intelligence Engine for CI/CD Pipelines
Author-email: Rudra Patra <rudran.patra@gmail.com>
License: Apache-2.0
Project-URL: Homepage, https://github.com/rudranpatra/crucible
Project-URL: Repository, https://github.com/rudranpatra/crucible
Project-URL: Issues, https://github.com/rudranpatra/crucible/issues
Project-URL: Documentation, https://github.com/rudranpatra/crucible#readme
Keywords: ci-cd,adversarial,testing,devops,chaos-engineering,resilience
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Software Development :: Testing
Classifier: Topic :: System :: Systems Administration
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: pyyaml>=6.0
Requires-Dist: rich>=13.0.0
Provides-Extra: web
Requires-Dist: fastapi>=0.100.0; extra == "web"
Requires-Dist: uvicorn>=0.22.0; extra == "web"
Provides-Extra: dev
Requires-Dist: pytest>=7.0.0; extra == "dev"
Requires-Dist: pytest-asyncio>=0.21.0; extra == "dev"
Requires-Dist: black>=23.0.0; extra == "dev"
Requires-Dist: mypy>=1.0.0; extra == "dev"
Requires-Dist: ruff>=0.1.0; extra == "dev"
Requires-Dist: pip-audit>=2.6.0; extra == "dev"
Dynamic: license-file

# Crucible

> Your CI/CD pipeline has failure modes it has never encountered.  
> Crucible finds them before production does.

Adversarial agents attack your workflows. The ones that find failures survive. The ones that don't, die.
Every run produces a replayable trace. Every trace compounds into operational foresight.

**This is not a testing framework. It is evolutionary pressure applied to your infrastructure.**

[![Tests](https://img.shields.io/badge/tests-93%20passing-brightgreen)](crucible/tests/)
[![Python](https://img.shields.io/badge/python-3.9%2B-blue)](https://python.org)
[![License](https://img.shields.io/badge/license-Apache%202.0-blue)](LICENSE)

---

## What Crucible found

Attacked the **official GitHub Actions Node.js CI starter workflow** — the template used by millions of repos.

Score: **75.9/100 (B)**. Four weaknesses found:

| # | Finding | Attack | Blast radius |
|---|---------|--------|--------------|
| 1 | `DATABASE_URL=null` caused silent pipeline crash | `env` | checkout → install → deploy |
| 2 | `API_KEY` has no validation — null injection propagates past 3 steps | `env` | all authenticated steps |
| 3 | No retry logic on `git checkout` — one connection reset kills the run | `network` | entire pipeline |
| 4 | `node` version unpinned — any major bump breaks the build silently | `dependency` | install → build → test |

Timing agent found nothing. **It went extinct.**

```
💀 AGENT OBITUARY
   Species: timing   Agent: agent_timing_cef5f0e0
   Mutations: 5 | Failures triggered: 0 | Fitness: 2.5
   Cause: FITNESS COLLAPSE
```

---

## See it

![Crucible demo — kill screen, agent obituary, report card](demo.svg)

---

## Quick start

```bash
pip install crucible-gym

# Demo (no workflow file needed)
crucible attack --demo --rich

# Attack a real workflow
crucible attack --target .github/workflows/ci.yml --rich
```

---

## Attack types

| Attack | What it targets |
|--------|----------------|
| `timing` | Delays, race conditions, timeout assumptions |
| `env` | Environment variable validation |
| `reorder` | Hidden step dependency order |
| `network` | Retry logic, timeout handling |
| `dependency` | Version pinning, lockfile coverage |

---

## Full documentation

See [crucible/README.md](crucible/README.md) for the complete reference: all commands, resilience scoring breakdown, evolutionary mechanics, shadow agents, replayable traces, GitHub PR integration, web dashboard, and architecture.

---

## License

Apache 2.0 — see [LICENSE](LICENSE)
