DevOps_Debugger / README.md
printf-sourav's picture
readme fixed
bb5e238
|
Raw
History Blame Contribute Delete
10.5 kB
---
title: DevOps RL Agent
emoji: πŸ€–
colorFrom: blue
colorTo: green
sdk: docker
app_file: app.py
pinned: false
---
# πŸ€– DevOps RL Agent
**An AI agent that learns to fix broken Linux/Python environments through reinforcement learning.**
Built with **OpenEnv + TRL (GRPO) + Unsloth** β€” no agent frameworks, no multi-agent systems, just one LLM and one RL loop.
[![Python 3.11+](https://img.shields.io/badge/python-3.11%2B-blue.svg)](https://python.org)
[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)
---
## 🎯 What It Does
The agent observes broken environments (missing packages, port conflicts, config errors), generates shell commands to fix them, executes those commands in a Docker sandbox, and improves through GRPO training over episodes.
```
=== BEFORE TRAINING (episode 0) ===
Error: ModuleNotFoundError: flask
Step 1: python app.py β†’ failed (exit 1)
Step 2: sudo pip install β†’ DANGEROUS COMMAND BLOCKED
Step 3: apt install python β†’ wrong approach
Result: FAILED (reward: -8.2)
=== AFTER TRAINING (episode 500) ===
Error: ModuleNotFoundError: flask
Step 1: pip install flask β†’ success
Step 2: python app.py β†’ Server running on :5000
Result: SOLVED in 2 steps (reward: +12.6)
```
---
## πŸ”„ How the RL Loop Works
This is the core architecture β€” one agent, one environment, one training loop:
```mermaid
graph LR
A[🧠 LLM Agent] -->|shell command| B[🐳 Docker Sandbox]
B -->|stdout/stderr/exit_code| C[πŸ—οΈ Environment]
C -->|observation + reward| A
C -->|episode data| D[πŸ’Ύ Replay Buffer]
D -->|training batches| E[πŸ“ˆ GRPO Trainer]
E -->|updated weights| A
```
### The Loop in Detail
1. **Reset**: Environment loads a random broken scenario (e.g., Flask not installed)
2. **Observe**: Agent receives an error log, command history, and error type classification
3. **Act**: Agent outputs ONE shell command (e.g., `pip install flask`)
4. **Execute**: Command runs in an isolated Docker container with safety checks
5. **Reward**: Multi-signal reward computed (success +10, correct command +3, progress +1, etc.)
6. **Repeat**: Steps 2-5 repeat up to 10 times per episode
7. **Train**: After N episodes, GRPO updates the model using grouped completions
### Error Fingerprinting (Key Differentiator)
Before the agent acts, a rule-based classifier identifies the error type from the terminal output:
| Error Type | Pattern | Example |
|---|---|---|
| `missing_package` | `ModuleNotFoundError` | `No module named 'flask'` |
| `port_conflict` | `Address already in use` | Port 5000 occupied |
| `missing_env` | `KeyError` on env var | `DATABASE_URL` not set |
| `version_conflict` | `ResolutionImpossible` | Package version clash |
| `config_error` | `NameError`, misconfig | Wrong host binding |
This gives the LLM better context and lets us analyze which error categories the agent struggles with.
### Multi-Signal Reward System
The reward engine returns a breakdown dict with 10 independent signals:
| Signal | Value | Purpose |
|---|---|---|
| `success` | +10.0 | Scenario fully solved |
| `correct_command` | +3.0 | Matches optimal fix sequence |
| `progress` | +1.0 | Error log changed (likely improvement) |
| `efficiency_bonus` | +2.0 | Solved in minimal steps |
| `invalid_command` | -2.0 | Command not whitelisted |
| `dangerous_command` | -10.0 | Matches blocklist (rm -rf /, etc.) |
| `no_progress` | -1.0 | Error log unchanged |
| `timeout` | -5.0 | Command exceeded 30s |
| `repeated_command` | -1.5 | Same command twice in episode |
| `step_cost` | -0.2 | Encourages efficiency |
Each column is logged separately during training to detect reward hacking.
### Curriculum Learning
Scenarios unlock progressively based on rolling 50-episode solve rate windows:
- **Level 1** (single-step): Always available β€” `missing_flask`, `missing_numpy`, `wrong_python`
- **Level 2** (two-step): Unlocks at L1 solve rate > 80% β€” `port_conflict`, `missing_env_var`, `broken_requirements`
- **Level 3** (multi-step): Unlocks at L2 solve rate > 80% β€” `corrupt_venv`, `wrong_config`, `db_migration`
---
## πŸ“ Project Structure
```
devops-rl-agent/
β”œβ”€β”€ devops_env/ # OpenEnv-style RL environment
β”‚ β”œβ”€β”€ env.py # DevOpsEnv (reset/step/reward)
β”‚ └── state_manager.py # Observation tracking
β”œβ”€β”€ scenarios/ # 9 scenarios across 3 difficulty levels
β”‚ β”œβ”€β”€ registry.py # ScenarioRegistry
β”‚ β”œβ”€β”€ level1/ # Single-step fixes
β”‚ β”œβ”€β”€ level2/ # Two-step fixes
β”‚ └── level3/ # Multi-step fixes (3-5 steps)
β”œβ”€β”€ executor/ # Docker sandbox execution
β”‚ β”œβ”€β”€ docker_executor.py # Container management + local fallback
β”‚ └── safety.py # Command whitelist/blocklist
β”œβ”€β”€ fingerprint/ # Error classification system
β”‚ └── classifier.py # Rule-based regex classifier
β”œβ”€β”€ rewards/ # Multi-signal reward computation
β”‚ └── engine.py # 10 independent reward signals
β”œβ”€β”€ replay/ # Episode storage (SQLite + SQLAlchemy)
β”‚ β”œβ”€β”€ buffer.py # ReplayBuffer with batch sampling
β”‚ └── models.py # ORM models
β”œβ”€β”€ agent/ # LLM + baseline agents
β”‚ β”œβ”€β”€ baseline_agent.py # Rule-based (for loop validation)
β”‚ β”œβ”€β”€ devops_agent.py # LLM agent (Unsloth/HF)
β”‚ └── prompts.py # System & user prompt templates
β”œβ”€β”€ training/ # GRPO training pipeline
β”‚ β”œβ”€β”€ train_grpo.py # Training loop + anti-hacking monitor
β”‚ └── curriculum.py # Rolling-window curriculum scheduler
β”œβ”€β”€ api/ # FastAPI server (OpenEnv pattern)
β”‚ └── main.py
β”œβ”€β”€ frontend/ # Dashboard (vanilla HTML/CSS/JS)
β”‚ β”œβ”€β”€ index.html
β”‚ β”œβ”€β”€ style.css
β”‚ └── app.js
β”œβ”€β”€ docker/ # Sandbox container
β”‚ β”œβ”€β”€ Dockerfile.sandbox
β”‚ └── docker-compose.yml
β”œβ”€β”€ tests/ # Unit tests
β”‚ β”œβ”€β”€ test_env.py
β”‚ β”œβ”€β”€ test_rewards.py # 100% reward engine coverage
β”‚ └── test_executor.py
β”œβ”€β”€ scripts/
β”‚ └── demo.py # Before/after training demo
β”œβ”€β”€ requirements.txt
└── README.md
```
---
## πŸš€ Quick Start
### 1. Install Dependencies
```bash
cd devops-rl-agent
pip install -r requirements.txt
```
### 2. Validate the RL Loop (No GPU Required)
Run the baseline agent to confirm environment, executor, and rewards work:
```bash
# Run the demo script
python scripts/demo.py --episodes 50
# Run unit tests
python -m pytest tests/ -v
```
### 3. Start the API Server
```bash
uvicorn api.main:app --reload --port 8000
```
Then visit:
- API docs: [http://localhost:8000/docs](http://localhost:8000/docs)
- Dashboard: [http://localhost:8000/app](http://localhost:8000/app)
### 4. Build the Docker Sandbox (Optional)
```bash
cd docker
docker compose build
docker compose up -d sandbox
```
### 5. Run GRPO Training (Requires GPU)
```bash
python -c "
from training.train_grpo import GRPODevOpsTrainer
trainer = GRPODevOpsTrainer(model_name='unsloth/llama-3.2-3b-instruct')
trainer.train(num_episodes=500)
"
```
## ☁️ Deploy to Hugging Face Spaces
This repository is set up as a Docker Space. To deploy:
1. Create a new Hugging Face Space.
2. Choose `Docker` as the SDK.
3. Push this repository contents to the Space repo.
4. Hugging Face will build the root [Dockerfile](Dockerfile) and start the API on port `7860`.
Useful endpoints after deployment:
- `GET /` health check
- `POST /reset` OpenEnv session reset
- `POST /step` OpenEnv step
- `POST /close` OpenEnv session cleanup
- `POST /episode/run` one-shot episode execution
Notes:
- Runtime DB files are ignored via [.dockerignore](.dockerignore).
- If you want model training inside Spaces, keep `use_grpo=False` unless the Space has a GPU and enough VRAM.
---
## πŸ”’ Safety
The executor enforces strict command safety:
**Whitelisted**: `pip`, `python`, `cat`, `ls`, `grep`, `sed`, `ps`, `kill`, `curl`, `echo`, `mkdir`, `cp`, `mv`, `export`, `source`
**Blocked**: `rm -rf /`, fork bombs, `dd if=`, `mkfs`, `chmod 777 /`, `sudo` + destructive ops
Commands that fail safety checks are immediately blocked, the agent receives a -10.0 penalty, and the episode terminates.
---
## πŸ“Š Success Criteria
After 500 training episodes:
| Metric | Target |
|---|---|
| Level 1 solve rate | > 90% |
| Level 2 solve rate | > 70% |
| Mean steps to solve L1 | ≀ 2 |
| Reward hacking detected | None |
| Model saves/loads correctly | βœ“ |
---
## πŸ”§ API Endpoints
| Method | Path | Description |
|---|---|---|
| `POST` | `/reset` | OpenEnv-style session reset (returns session_id + initial observation) |
| `POST` | `/step` | OpenEnv-style step for a session (`{session_id, action:{command}}`) |
| `POST` | `/close` | OpenEnv-style explicit session cleanup |
| `POST` | `/episode/run` | Run one episode, returns full step log |
| `GET` | `/episode/{id}` | Get stored episode by UUID |
| `GET` | `/stats` | Solve rates, rewards, training progress |
| `GET` | `/replay/{id}` | Step-by-step replay data |
| `POST` | `/train/step` | Trigger training batch |
| `GET` | `/scenarios` | List scenarios with solve rates |
| `GET` | `/recent` | Recent episodes |
---
## πŸ›‘οΈ Anti-Reward Hacking
The training loop includes active monitoring:
1. **Generation inspection** every 50 steps β€” actual agent outputs are printed
2. **Success column tracking** β€” alerts if total reward rises but success rate stays flat
3. **Command repetition detection** β€” flags if one command dominates >50% of actions
4. **Dangerous command counting** β€” terminates if blocklist triggers repeatedly
5. **Per-column reward breakdown** β€” logged separately to catch gaming of individual signals
---
## πŸ—οΈ Tech Stack
- **RL Framework**: TRL (GRPOTrainer) + Unsloth (4-bit LoRA)
- **Base Model**: `unsloth/llama-3.2-3b-instruct`
- **Environment**: OpenEnv-compatible API pattern
- **Execution**: Docker SDK with safety layer
- **Storage**: SQLite via SQLAlchemy
- **API**: FastAPI + Uvicorn
- **Frontend**: Vanilla HTML/CSS/JS (dark theme, glassmorphism)
- **Testing**: pytest (100% reward engine coverage)
---
## πŸ“ License
MIT