ao-kernel

v4.1.0 safe
2.0
Low Risk

Governed AI orchestration runtime — policy-driven, fail-closed, evidence-trail

🤖 AI Analysis

Final verdict: SAFE

The ao-kernel package has minimal risks with no network calls and shell executions primarily for git operations. There's no indication of a supply-chain attack.

  • No network calls detected.
  • Shell executions are limited to git operations.
Per-check LLM notes
  • Network: No network calls detected.
  • Shell: Shell executions appear to be related to git operations and likely serve to check the repository state during development or testing.

📦 Package Quality Overall: Medium (5.6/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (12769 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 398 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 100 commits in Halildeu/ao-kernel
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • ool]: try: proc = subprocess.run( ["git", "rev-parse", "--is-inside-work-tree"],
  • ty = False commit_proc = subprocess.run(["git", "rev-parse", "HEAD"], cwd=workspace, text=True, capt
  • commit = c status_proc = subprocess.run(["git", "status", "--porcelain"], cwd=workspace, text=True,
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Halil Kocoglu" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ao-kernel 
Create a mini-application called 'SecureAIWorkflow' that leverages the 'ao-kernel' package to manage and secure a series of AI tasks in a workflow. This application should allow users to define workflows consisting of multiple AI tasks, each governed by specific policies and rules. The application will ensure that these tasks run securely, with fail-closed mechanisms, and maintain an evidence trail for auditing purposes.

### Features:
1. **User Interface**: Develop a simple web interface using Flask where users can create, edit, and delete workflows.
2. **Task Definition**: Users should be able to define tasks within a workflow, specifying inputs, outputs, and the AI model to use.
3. **Policy Management**: Implement a system where users can assign policies to each task, ensuring compliance with organizational guidelines.
4. **Execution Control**: Use 'ao-kernel' to execute these workflows, ensuring tasks only proceed if all conditions are met according to their assigned policies.
5. **Audit Logs**: Maintain logs for each execution, detailing actions taken, decisions made, and any deviations from expected behavior.
6. **Fail-Closed Mechanism**: If any task fails due to a policy violation or unexpected error, the workflow should halt, and an alert should be sent to the user.

### Steps:
1. **Setup Environment**: Install Flask and 'ao-kernel'.
2. **Define Workflow Models**: Create models in your application to represent workflows and tasks.
3. **Develop User Interface**: Build the Flask app with forms for creating/editing workflows and viewing audit logs.
4. **Implement Policy Engine**: Integrate 'ao-kernel' to enforce policies during workflow execution.
5. **Execute Workflows**: Write scripts to trigger workflow execution based on user input.
6. **Logging and Alerts**: Set up logging to record every action and implement alert systems for failures.
7. **Testing**: Thoroughly test the application with various scenarios to ensure reliability and security.