fix: Add test harness, CLI options, risk tests, Docker sidecars, legacy API bridge, and real-time UI

.github/workflows/ci.yml

@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: ["**"]
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -22,6 +25,7 @@ jobs:
           python -m pip install --upgrade pip
           pip install -r requirements.txt
           if [ -f requirements.dev.txt ]; then pip install -r requirements.dev.txt; fi
+          if [ -f requirements-test.txt ]; then pip install -r requirements-test.txt; fi
           pip install black==23.7.0 isort==5.12.0 flake8 pytest pytest-cov
       - name: Run format check
         run: |

.github/workflows/fixops-ci.yml

@@ -4,6 +4,9 @@ on:
   push:
   pull_request:
 
+permissions:
+  contents: read
+
 jobs:
   e2e:
     runs-on: ubuntu-latest

.github/workflows/fixops_pipeline.yml

@@ -10,6 +10,11 @@ on:
     - cron: '0 2 * * *'
   workflow_dispatch:
 
+permissions:
+  contents: read
+  pull-requests: write
+  security-events: write
+
 jobs:
   fixops-scan:
     runs-on: ubuntu-latest

.github/workflows/qa.yml

@@ -38,6 +38,7 @@ jobs:
         env:
           PYTHONPATH: .
           FIXOPS_DISABLE_TELEMETRY: "1"
+          FIXOPS_API_TOKEN: "demo-token"
         run: |
           mkdir -p reports/coverage
           # TODO: Ratchet coverage threshold upward as tests are added (target: +5% increments toward 75%)
@@ -51,8 +52,9 @@ jobs:
             tests/test_graph_worker.py \
             tests/test_telemetry_runtime.py \
             tests/test_threat_intelligence_comprehensive_coverage.py \
+            tests/risk/ \
             -q --override-ini testpaths='' \
-            --override-ini "addopts=--cov=services.provenance --cov=services.graph --cov=services.repro --cov=lib4sbom --cov=risk --cov=evidence --cov=telemetry --cov=scripts.graph_worker --cov-report=term-missing --cov-report=xml:reports/coverage/coverage.xml --cov-fail-under=54"
+            --override-ini "addopts=--cov=services.provenance --cov=services.graph --cov=services.repro --cov=lib4sbom --cov=risk --cov=evidence --cov=telemetry --cov=scripts.graph_worker --cov=core --cov-report=term-missing --cov-report=xml:reports/coverage/coverage.xml --cov-fail-under=54"
       - name: Coverage summary
         run: |
           python - <<'PY'

DOCKER_SETUP.md

@@ -0,0 +1,219 @@
+# FixOps Docker Setup Instructions
+
+This guide explains how to run FixOps locally using Docker.
+
+## Prerequisites
+
+- Docker installed and running
+- Docker Hub account (optional, for pulling the pre-built image)
+
+## Quick Start
+
+### Option 1: Pull from Docker Hub (Recommended)
+
+```bash
+# Pull the latest image
+docker pull devopsaico/fixops:latest
+
+# Run the container
+docker run -d \
+  --name fixops \
+  -p 8000:8000 \
+  -e FIXOPS_API_TOKEN="your-api-token" \
+  -e FIXOPS_DISABLE_TELEMETRY=1 \
+  devopsaico/fixops:latest
+```
+
+### Option 2: Build from Source
+
+```bash
+# Clone the repository
+git clone https://github.com/DevOpsMadDog/Fixops.git
+cd Fixops
+
+# Build the Docker image
+docker build -t fixops:local .
+
+# Run the container
+docker run -d \
+  --name fixops \
+  -p 8000:8000 \
+  -e FIXOPS_API_TOKEN="your-api-token" \
+  -e FIXOPS_DISABLE_TELEMETRY=1 \
+  fixops:local
+```
+
+## Configuration
+
+### Environment Variables
+
+| Variable | Description | Default |
+|----------|-------------|---------|
+| `FIXOPS_API_TOKEN` | API authentication token | `demo-token` |
+| `FIXOPS_DISABLE_TELEMETRY` | Disable OpenTelemetry metrics | `0` |
+| `OTEL_EXPORTER_OTLP_ENDPOINT` | OpenTelemetry collector endpoint | `http://collector:4318` |
+
+### Volume Mounts (Optional)
+
+Mount local directories for persistent data:
+
+```bash
+docker run -d \
+  --name fixops \
+  -p 8000:8000 \
+  -v $(pwd)/data:/app/data \
+  -v $(pwd)/config:/app/config \
+  -e FIXOPS_API_TOKEN="your-api-token" \
+  devopsaico/fixops:latest
+```
+
+## Verifying the Installation
+
+Once the container is running, verify it's working:
+
+```bash
+# Check container status
+docker ps
+
+# Check health endpoint
+curl http://localhost:8000/health
+
+# Check API documentation
+open http://localhost:8000/docs
+```
+
+## API Usage Examples
+
+### Upload Security Artifacts
+
+```bash
+# Set your API token
+export FIXOPS_API_TOKEN="your-api-token"
+
+# Upload design document
+curl -H "X-API-Key: $FIXOPS_API_TOKEN" \
+  -F "file=@samples/design.csv;type=text/csv" \
+  http://localhost:8000/inputs/design
+
+# Upload SBOM
+curl -H "X-API-Key: $FIXOPS_API_TOKEN" \
+  -F "file=@samples/sbom.json;type=application/json" \
+  http://localhost:8000/inputs/sbom
+
+# Upload CVE data
+curl -H "X-API-Key: $FIXOPS_API_TOKEN" \
+  -F "file=@samples/cve.json;type=application/json" \
+  http://localhost:8000/inputs/cve
+
+# Upload SARIF scan results
+curl -H "X-API-Key: $FIXOPS_API_TOKEN" \
+  -F "file=@samples/scan.sarif;type=application/json" \
+  http://localhost:8000/inputs/sarif
+```
+
+### Run the Pipeline
+
+```bash
+# Execute the security pipeline
+curl -H "X-API-Key: $FIXOPS_API_TOKEN" \
+  http://localhost:8000/pipeline/run | jq
+
+# Get enhanced capabilities
+curl -H "X-API-Key: $FIXOPS_API_TOKEN" \
+  http://localhost:8000/api/v1/enhanced/capabilities | jq
+```
+
+### Compare LLM Providers
+
+```bash
+curl -H "X-API-Key: $FIXOPS_API_TOKEN" \
+  -X POST \
+  -H 'Content-Type: application/json' \
+  -d '{
+    "service_name": "demo-app",
+    "security_findings": [
+      {"rule_id": "SAST001", "severity": "high", "description": "SQL injection"}
+    ],
+    "business_context": {
+      "environment": "demo",
+      "criticality": "high"
+    }
+  }' \
+  http://localhost:8000/api/v1/enhanced/compare-llms | jq
+```
+
+## Docker Compose (Optional)
+
+For a more complete setup with additional services:
+
+```yaml
+version: '3.8'
+
+services:
+  fixops:
+    image: devopsaico/fixops:latest
+    ports:
+      - "8000:8000"
+    environment:
+      - FIXOPS_API_TOKEN=your-api-token
+      - FIXOPS_DISABLE_TELEMETRY=1
+    volumes:
+      - ./data:/app/data
+      - ./config:/app/config
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+```
+
+Save as `docker-compose.yml` and run:
+
+```bash
+docker-compose up -d
+```
+
+## Stopping the Container
+
+```bash
+# Stop the container
+docker stop fixops
+
+# Remove the container
+docker rm fixops
+```
+
+## Troubleshooting
+
+### Container won't start
+
+Check the logs:
+```bash
+docker logs fixops
+```
+
+### Port already in use
+
+Use a different port:
+```bash
+docker run -d --name fixops -p 9000:8000 devopsaico/fixops:latest
+```
+
+### Permission issues with volumes
+
+Ensure the mounted directories have correct permissions:
+```bash
+chmod -R 755 ./data ./config
+```
+
+## Image Details
+
+- **Base Image**: python:3.11-slim
+- **Size**: ~1.6GB (optimized with multi-stage build)
+- **PyTorch**: CPU-only version (reduces size from 15GB)
+- **Exposed Port**: 8000
+
+## Support
+
+For issues or questions, please open an issue on GitHub:
+https://github.com/DevOpsMadDog/Fixops/issues

Dockerfile

@@ -1,18 +1,73 @@
-FROM python:3.12-slim
+# ============================================
+# FixOps Docker Image - Optimized for Size
+# ============================================
+# This image is optimized for easy distribution
+# to customers with a smaller footprint.
+# ============================================
 
-WORKDIR /app
+FROM python:3.11-slim as builder
+
+WORKDIR /build
 
-# Install system dependencies
+# Install build dependencies
 RUN apt-get update && apt-get install -y --no-install-recommends \
+    build-essential \
     git \
     && rm -rf /var/lib/apt/lists/*
 
-# Copy requirements and install Python dependencies
+# Create virtual environment
+RUN python -m venv /opt/venv
+ENV PATH="/opt/venv/bin:$PATH"
+
+# Install CPU-only PyTorch first (much smaller than GPU version)
+RUN pip install --no-cache-dir torch --index-url https://download.pytorch.org/whl/cpu
+
+# Copy and install requirements
 COPY requirements.txt .
+# Install remaining requirements (pgmpy will use the CPU torch we installed)
 RUN pip install --no-cache-dir -r requirements.txt
 
-# Copy application code
-COPY . .
+# ============================================
+# Final stage - minimal runtime image
+# ============================================
+FROM python:3.11-slim
+
+WORKDIR /app
+
+# Install only runtime dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    curl \
+    && rm -rf /var/lib/apt/lists/* \
+    && apt-get clean
+
+# Copy virtual environment from builder
+COPY --from=builder /opt/venv /opt/venv
+ENV PATH="/opt/venv/bin:$PATH"
+
+# Copy application code (exclude unnecessary files)
+COPY apps/ ./apps/
+COPY core/ ./core/
+COPY risk/ ./risk/
+COPY integrations/ ./integrations/
+COPY config/ ./config/
+COPY samples/ ./samples/
+COPY simulations/ ./simulations/
+COPY data/ ./data/
+COPY backend/ ./backend/
+COPY agents/ ./agents/
+COPY scripts/ ./scripts/
+COPY services/ ./services/
+COPY telemetry/ ./telemetry/
+COPY fixops/ ./fixops/
+COPY domain/ ./domain/
+COPY new_apps/ ./new_apps/
+COPY new_backend/ ./new_backend/
+COPY *.py ./
+COPY *.txt ./
+COPY *.yml ./
+COPY *.yaml ./
+COPY *.md ./
 
 # Create data directory
 RUN mkdir -p /app/.fixops_data
@@ -25,6 +80,11 @@ ENV FIXOPS_MODE=demo
 ENV FIXOPS_DATA_DIR=/app/.fixops_data
 ENV FIXOPS_API_TOKEN=demo-token-12345
 ENV PYTHONUNBUFFERED=1
+ENV FIXOPS_DISABLE_TELEMETRY=1
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+    CMD curl -f http://localhost:8000/health || exit 1
 
 # Run the API
 CMD ["uvicorn", "apps.api.app:app", "--host", "0.0.0.0", "--port", "8000"]

agents/core/agent_framework.py

@@ -84,17 +84,14 @@ def __init__(self, config: AgentConfig, fixops_api_url: str, fixops_api_key: str
     @abstractmethod
     async def connect(self) -> bool:
         """Connect to target system."""
-        pass
 
     @abstractmethod
     async def disconnect(self):
         """Disconnect from target system."""
-        pass
 
     @abstractmethod
     async def collect_data(self) -> List[AgentData]:
         """Collect data from target system."""
-        pass
 
     async def push_data(self, data: List[AgentData]) -> bool:
         """Push data to FixOps API."""