DevOps_Debugger / README.md
printf-sourav's picture
readme fixed
bb5e238
|
Raw
History Blame Contribute Delete
10.5 kB
metadata
title: DevOps RL Agent
emoji: πŸ€–
colorFrom: blue
colorTo: green
sdk: docker
app_file: app.py
pinned: false

πŸ€– DevOps RL Agent

An AI agent that learns to fix broken Linux/Python environments through reinforcement learning.

Built with OpenEnv + TRL (GRPO) + Unsloth β€” no agent frameworks, no multi-agent systems, just one LLM and one RL loop.

Python 3.11+ License: MIT


🎯 What It Does

The agent observes broken environments (missing packages, port conflicts, config errors), generates shell commands to fix them, executes those commands in a Docker sandbox, and improves through GRPO training over episodes.

=== BEFORE TRAINING (episode 0) ===
Error: ModuleNotFoundError: flask
Step 1: python app.py       β†’ failed (exit 1)
Step 2: sudo pip install    β†’ DANGEROUS COMMAND BLOCKED
Step 3: apt install python  β†’ wrong approach
Result: FAILED (reward: -8.2)

=== AFTER TRAINING (episode 500) ===
Error: ModuleNotFoundError: flask
Step 1: pip install flask   β†’ success
Step 2: python app.py       β†’ Server running on :5000
Result: SOLVED in 2 steps (reward: +12.6)

πŸ”„ How the RL Loop Works

This is the core architecture β€” one agent, one environment, one training loop:

graph LR
    A[🧠 LLM Agent] -->|shell command| B[🐳 Docker Sandbox]
    B -->|stdout/stderr/exit_code| C[πŸ—οΈ Environment]
    C -->|observation + reward| A
    C -->|episode data| D[πŸ’Ύ Replay Buffer]
    D -->|training batches| E[πŸ“ˆ GRPO Trainer]
    E -->|updated weights| A

The Loop in Detail

  1. Reset: Environment loads a random broken scenario (e.g., Flask not installed)
  2. Observe: Agent receives an error log, command history, and error type classification
  3. Act: Agent outputs ONE shell command (e.g., pip install flask)
  4. Execute: Command runs in an isolated Docker container with safety checks
  5. Reward: Multi-signal reward computed (success +10, correct command +3, progress +1, etc.)
  6. Repeat: Steps 2-5 repeat up to 10 times per episode
  7. Train: After N episodes, GRPO updates the model using grouped completions

Error Fingerprinting (Key Differentiator)

Before the agent acts, a rule-based classifier identifies the error type from the terminal output:

Error Type Pattern Example
missing_package ModuleNotFoundError No module named 'flask'
port_conflict Address already in use Port 5000 occupied
missing_env KeyError on env var DATABASE_URL not set
version_conflict ResolutionImpossible Package version clash
config_error NameError, misconfig Wrong host binding

This gives the LLM better context and lets us analyze which error categories the agent struggles with.

Multi-Signal Reward System

The reward engine returns a breakdown dict with 10 independent signals:

Signal Value Purpose
success +10.0 Scenario fully solved
correct_command +3.0 Matches optimal fix sequence
progress +1.0 Error log changed (likely improvement)
efficiency_bonus +2.0 Solved in minimal steps
invalid_command -2.0 Command not whitelisted
dangerous_command -10.0 Matches blocklist (rm -rf /, etc.)
no_progress -1.0 Error log unchanged
timeout -5.0 Command exceeded 30s
repeated_command -1.5 Same command twice in episode
step_cost -0.2 Encourages efficiency

Each column is logged separately during training to detect reward hacking.

Curriculum Learning

Scenarios unlock progressively based on rolling 50-episode solve rate windows:

  • Level 1 (single-step): Always available β€” missing_flask, missing_numpy, wrong_python
  • Level 2 (two-step): Unlocks at L1 solve rate > 80% β€” port_conflict, missing_env_var, broken_requirements
  • Level 3 (multi-step): Unlocks at L2 solve rate > 80% β€” corrupt_venv, wrong_config, db_migration

πŸ“ Project Structure

devops-rl-agent/
β”œβ”€β”€ devops_env/              # OpenEnv-style RL environment
β”‚   β”œβ”€β”€ env.py               # DevOpsEnv (reset/step/reward)
β”‚   └── state_manager.py     # Observation tracking
β”œβ”€β”€ scenarios/               # 9 scenarios across 3 difficulty levels
β”‚   β”œβ”€β”€ registry.py          # ScenarioRegistry
β”‚   β”œβ”€β”€ level1/              # Single-step fixes
β”‚   β”œβ”€β”€ level2/              # Two-step fixes
β”‚   └── level3/              # Multi-step fixes (3-5 steps)
β”œβ”€β”€ executor/                # Docker sandbox execution
β”‚   β”œβ”€β”€ docker_executor.py   # Container management + local fallback
β”‚   └── safety.py            # Command whitelist/blocklist
β”œβ”€β”€ fingerprint/             # Error classification system
β”‚   └── classifier.py        # Rule-based regex classifier
β”œβ”€β”€ rewards/                 # Multi-signal reward computation
β”‚   └── engine.py            # 10 independent reward signals
β”œβ”€β”€ replay/                  # Episode storage (SQLite + SQLAlchemy)
β”‚   β”œβ”€β”€ buffer.py            # ReplayBuffer with batch sampling
β”‚   └── models.py            # ORM models
β”œβ”€β”€ agent/                   # LLM + baseline agents
β”‚   β”œβ”€β”€ baseline_agent.py    # Rule-based (for loop validation)
β”‚   β”œβ”€β”€ devops_agent.py      # LLM agent (Unsloth/HF)
β”‚   └── prompts.py           # System & user prompt templates
β”œβ”€β”€ training/                # GRPO training pipeline
β”‚   β”œβ”€β”€ train_grpo.py        # Training loop + anti-hacking monitor
β”‚   └── curriculum.py        # Rolling-window curriculum scheduler
β”œβ”€β”€ api/                     # FastAPI server (OpenEnv pattern)
β”‚   └── main.py
β”œβ”€β”€ frontend/                # Dashboard (vanilla HTML/CSS/JS)
β”‚   β”œβ”€β”€ index.html
β”‚   β”œβ”€β”€ style.css
β”‚   └── app.js
β”œβ”€β”€ docker/                  # Sandbox container
β”‚   β”œβ”€β”€ Dockerfile.sandbox
β”‚   └── docker-compose.yml
β”œβ”€β”€ tests/                   # Unit tests
β”‚   β”œβ”€β”€ test_env.py
β”‚   β”œβ”€β”€ test_rewards.py      # 100% reward engine coverage
β”‚   └── test_executor.py
β”œβ”€β”€ scripts/
β”‚   └── demo.py              # Before/after training demo
β”œβ”€β”€ requirements.txt
└── README.md

πŸš€ Quick Start

1. Install Dependencies

cd devops-rl-agent
pip install -r requirements.txt

2. Validate the RL Loop (No GPU Required)

Run the baseline agent to confirm environment, executor, and rewards work:

# Run the demo script
python scripts/demo.py --episodes 50

# Run unit tests
python -m pytest tests/ -v

3. Start the API Server

uvicorn api.main:app --reload --port 8000

Then visit:

4. Build the Docker Sandbox (Optional)

cd docker
docker compose build
docker compose up -d sandbox

5. Run GRPO Training (Requires GPU)

python -c "
from training.train_grpo import GRPODevOpsTrainer
trainer = GRPODevOpsTrainer(model_name='unsloth/llama-3.2-3b-instruct')
trainer.train(num_episodes=500)
"

☁️ Deploy to Hugging Face Spaces

This repository is set up as a Docker Space. To deploy:

  1. Create a new Hugging Face Space.
  2. Choose Docker as the SDK.
  3. Push this repository contents to the Space repo.
  4. Hugging Face will build the root Dockerfile and start the API on port 7860.

Useful endpoints after deployment:

  • GET / health check
  • POST /reset OpenEnv session reset
  • POST /step OpenEnv step
  • POST /close OpenEnv session cleanup
  • POST /episode/run one-shot episode execution

Notes:

  • Runtime DB files are ignored via .dockerignore.
  • If you want model training inside Spaces, keep use_grpo=False unless the Space has a GPU and enough VRAM.

πŸ”’ Safety

The executor enforces strict command safety:

Whitelisted: pip, python, cat, ls, grep, sed, ps, kill, curl, echo, mkdir, cp, mv, export, source

Blocked: rm -rf /, fork bombs, dd if=, mkfs, chmod 777 /, sudo + destructive ops

Commands that fail safety checks are immediately blocked, the agent receives a -10.0 penalty, and the episode terminates.


πŸ“Š Success Criteria

After 500 training episodes:

Metric Target
Level 1 solve rate > 90%
Level 2 solve rate > 70%
Mean steps to solve L1 ≀ 2
Reward hacking detected None
Model saves/loads correctly βœ“

πŸ”§ API Endpoints

Method Path Description
POST /reset OpenEnv-style session reset (returns session_id + initial observation)
POST /step OpenEnv-style step for a session ({session_id, action:{command}})
POST /close OpenEnv-style explicit session cleanup
POST /episode/run Run one episode, returns full step log
GET /episode/{id} Get stored episode by UUID
GET /stats Solve rates, rewards, training progress
GET /replay/{id} Step-by-step replay data
POST /train/step Trigger training batch
GET /scenarios List scenarios with solve rates
GET /recent Recent episodes

πŸ›‘οΈ Anti-Reward Hacking

The training loop includes active monitoring:

  1. Generation inspection every 50 steps β€” actual agent outputs are printed
  2. Success column tracking β€” alerts if total reward rises but success rate stays flat
  3. Command repetition detection β€” flags if one command dominates >50% of actions
  4. Dangerous command counting β€” terminates if blocklist triggers repeatedly
  5. Per-column reward breakdown β€” logged separately to catch gaming of individual signals

πŸ—οΈ Tech Stack

  • RL Framework: TRL (GRPOTrainer) + Unsloth (4-bit LoRA)
  • Base Model: unsloth/llama-3.2-3b-instruct
  • Environment: OpenEnv-compatible API pattern
  • Execution: Docker SDK with safety layer
  • Storage: SQLite via SQLAlchemy
  • API: FastAPI + Uvicorn
  • Frontend: Vanilla HTML/CSS/JS (dark theme, glassmorphism)
  • Testing: pytest (100% reward engine coverage)

πŸ“ License

MIT