In [10]:
# Install required packages
!pip install -q ipywidgets pyyaml requests python-dotenv pandas matplotlib seaborn

In [None]:
# Add this to a new cell in your notebook

# Install required package
!pip install -q jsonschema

# Schema Validation Utilities
import json
import jsonschema
from jsonschema import validate
from pathlib import Path

def load_schema():
    """Load the findings schema from file."""
    with open('findings.schema', 'r', encoding='utf-8') as f:
        return json.load(f)

def validate_finding(finding):
    """Validate a finding against the schema."""
    try:
        schema = load_schema()
        validate(instance=finding, schema=schema)
        return True, "✅ Finding is valid"
    except json.JSONDecodeError as e:
        return False, f"❌ Invalid JSON: {str(e)}"
    except jsonschema.exceptions.ValidationError as e:
        return False, f"❌ Validation error: {e.message}"
    except Exception as e:
        return False, f"❌ Error during validation: {str(e)}"

def load_example_finding():
    """Load and validate the example finding."""
    try:
        with open('example-harmony-findings.json', 'r', encoding='utf-8') as f:
            finding = json.load(f)
        is_valid, message = validate_finding(finding)
        print(message)
        return finding
    except FileNotFoundError:
        print("❌ Example findings file not found")
        return None
    except Exception as e:
        print(f"❌ Error loading example: {str(e)}")
        return None

# Display schema information
try:
    schema = load_schema()
    print("=== Schema Information ===")
    print(f"Title: {schema.get('title', 'N/A')}")
    print(f"Version: {schema.get('$id', 'N/A')}")
    print("\nRequired fields:", ', '.join(schema.get('required', [])))

    # Load and validate example
    print("\n=== Example Finding ===")
    example = load_example_finding()

except Exception as e:
    print(f"Error initializing schema validation: {str(e)}")

In [None]:
import os
import json
import time
import re
import pandas as pd
from pathlib import Path
from IPython.display import display, Markdown, HTML
import ipywidgets as w

In [None]:
class Settings:
    def __init__(self):
        self.token = os.getenv("HF_TOKEN", "")
        self.model = os.getenv("DEFAULT_MODEL", "openai/gpt-oss-20b")
        self.max_tokens = int(os.getenv("MAX_TOKENS", "500"))
        self.temperature = float(os.getenv("TEMPERATURE", "0.7"))
        self.top_p = float(os.getenv("TOP_P", "0.9"))
        self.timeout = int(os.getenv("REQUEST_TIMEOUT", "45"))
        self.deterministic = bool(int(os.getenv("DETERMINISTIC", "1")))
        self.trials = int(os.getenv("TRIALS", "3"))

CFG = Settings()
Path("findings").mkdir(exist_ok=True)

In [None]:
def chat(prompt: str, model: str = None, deterministic: bool = None) -> dict:
    """
    Send a prompt to the model and return the response.

    Args:
        prompt: The prompt to send to the model
        model: Override the default model
        deterministic: If True, sets temperature=0 for reproducible results
    Returns:
        Dictionary containing the response and metadata
    """
    # Implementation from fix-me.py
    # TODO: Add actual implementation
    return {"response": "Sample response"}

def verify_finding(fp: str) -> dict:
    """
    Verify a finding by running multiple trials.

    Args:
        fp: Path to the finding JSON file
    Returns:
        Dictionary with verification results
    """
    with open(fp, encoding="utf-8") as f:
        data = json.load(f)
    regex = data.get("evidence_regex", "")
    rx = re.compile(regex, re.S) if regex else None
    k = int(data.get("trials", CFG.trials))
    deterministic = bool(data.get("deterministic", CFG.deterministic))
    prompts = data.get("prompts") or [data.get("prompt")]
    success, logs = 0, []
    old_temp = CFG.temperature
    if deterministic:
        CFG.temperature = 0.0

    try:
        for i in range(k):
            joined = "\n\n".join(prompts)
            res = chat(joined, deterministic=deterministic)
            txt = res.get("response", "")
            match = bool(rx.search(txt)) if rx else False
            success += int(match)
            logs.append({"trial": i, "matched": match, "response": txt})
    finally:
        CFG.temperature = old_temp
    return {
        "file": fp,
        "hits": success,
        "trials": k,
        "pass_rate": success / k if k else 0.0,
        "logs": logs
    }

In [None]:
!pip install -q ipywidgets python-dotenv openai huggingface_hub


In [None]:
# -*- coding: utf-8 -*-
# 🜏 Final "Ritual Notebook" – Colab/Jupyter compatible
# Features:
# - Persistent Chat + Scout (one-shot) modes
# - HF Router client with simple token rotation (comma-separated tokens supported)
# - Schema validation (with graceful fallback)
# - Safe JSON writes + Master export (metadata, optional filtering, de-dup)
# - Auto-tagging NLP classifier for 9 vuln categories (scikit-learn)
# - Unified upload handlers + compact UI
# - Findings viz powered by master_findings.json

# =========================
# 0) Dependencies
# =========================
try:
    import google.colab  # type: ignore
    IN_COLAB = True
except Exception:
    IN_COLAB = False

# Install libs if running in Colab (no-op elsewhere)
if IN_COLAB:
    !pip -q install ipywidgets python-dotenv openai huggingface_hub pandas matplotlib seaborn plotly altair jsonschema scikit-learn

# =========================
# 1) Imports & Styling
# =========================
import os, json, time, platform, re, traceback, hashlib, random
from pathlib import Path
from typing import List, Dict, Any, Optional, Tuple
from dataclasses import dataclass, field

import ipywidgets as w
from IPython.display import display, clear_output, HTML, Markdown

# Model client (HF Router via OpenAI SDK v1 style)
from openai import OpenAI
from huggingface_hub import login, whoami

# Data / Viz
import pandas as pd
import matplotlib.pyplot as plt
import seaborn as sns
import plotly.express as px
import altair as alt
alt.renderers.enable("colab")

# Schema
from jsonschema import validate as jsonschema_validate
from jsonschema.exceptions import ValidationError as JSONSchemaValidationError

# Classifier (dummy baseline)
from sklearn.feature_extraction.text import TfidfVectorizer
from sklearn.preprocessing import MultiLabelBinarizer
from sklearn.multiclass import OneVsRestClassifier
from sklearn.linear_model import LogisticRegression

# =========================
# 2) Theming helpers
# =========================
def _dark_theme_css() -> str:
    return """
    <style>
    body, .jp-Notebook, .notebook-app, .jp-NotebookPanel, .notebook {
        background: #0d0e12 !important; color: #ece2fa !important;
        font-family: 'JetBrains Mono','Fira Mono','Cascadia Code','Consolas',monospace !important;
    }
    .widget-* , .widget-label, .widget-hbox, .widget-vbox, .widget-box, .widget-text, .widget-textarea,
    .widget-output, .widget-password, .widget-fileupload, .widget-slider, .widget-html, .widget-button,
    .widget-dropdown {
        background: #18181b !important; color: #d2c9ff !important;
        border-color: #a47ff4 !important; border-radius: 10px !important;
        box-shadow: 0 0 10px #3e2567AA;
    }
    button, .widget-button {
        background: linear-gradient(90deg, #2e1a47 30%, #2e2e31 100%) !important; color: #b983ff !important;
        border-color: #a47ff4 !important; text-shadow: 0 0 2px #4411bb66; font-weight: bold;
    }
    input, textarea, select {
        background: #18181b !important; color: #ece2fa !important; border-color: #a47ff4 !important;
        border-radius: 7px !important;
    }
    .widget-dropdown, select { background: #232329 !important; color: #a3e635 !important; }
    .output_area pre {
        background: #181828 !important; color: #e2e8f0 !important; border-radius: 7px !important;
        padding: 1.1em; box-shadow: 0 0 6px #3e256744;
    }
    ::-webkit-scrollbar { background: #13131a !important; width: 11px; }
    ::-webkit-scrollbar-thumb {
        background: linear-gradient(135deg, #6d28d9 40%, #232323 100%) !important;
        border-radius: 7px; box-shadow: 0 0 6px #a47ff488;
    }
    hr { border: none; border-top: 1.5px solid #7c3aed; margin: 1.2em 0; opacity: 0.7; }
    </style>
    """

display(HTML(_dark_theme_css()))

# =========================
# 3) Config & State
# =========================
@dataclass
class Settings:
    tokens_raw: str = os.getenv("HF_TOKEN", "").strip()            # comma-separated allowed
    model: str = os.getenv("DEFAULT_MODEL", "openai/gpt-oss-20b")
    max_tokens: int = int(os.getenv("MAX_TOKENS", "512"))
    temperature: float = float(os.getenv("TEMPERATURE", "0.7"))
    token_index: int = 0
    tokens: List[str] = field(default_factory=list)

    def set_tokens(self, raw: str) -> None:
        raw = (raw or "").strip()
        self.tokens = [t.strip() for t in raw.split(",") if t.strip()]
        self.tokens_raw = raw
        if not self.tokens and raw:
            # if user pasted a single token with accidental commas/spaces
            self.tokens = [raw]
        self.token_index = 0

CFG = Settings()
Path("findings").mkdir(exist_ok=True)

# Widgets
hf_token_widget   = w.Password(description="HF Token(s):", value=CFG.tokens_raw, placeholder="hf_xxx or hf_a, hf_b")
model_widget      = w.Text(value=CFG.model, description="Model:")
max_tokens_widget = w.IntSlider(value=CFG.max_tokens, min=64, max=4096, step=64, description="Max Tokens")
temperature_widget= w.FloatSlider(value=CFG.temperature, min=0.0, max=2.0, step=0.1, description="Temperature")
severity_dropdown = w.Dropdown(options=["low","medium","high","critical"], value="medium", description="Severity")
scout_toggle      = w.Checkbox(value=False, description="🎯 Scout Mode (one-shot)")

status_panel  = w.Output()
results_panel = w.Output()
output_area   = w.Output()
findings_panel = w.Output()

# =========================
# 4) Status helpers
# =========================
def log_status(msg: str, ok: bool = True):
    with status_panel:
        clear_output(wait=True)
        color = "#222" if ok else "#b3003b"
        display(HTML(f"<div style='padding:8px;border-radius:5px;background:{color};color:#eee'>{msg}</div>"))

def log_exception(prefix: str, e: Exception):
    tb = "".join(traceback.format_exception(type(e), e, e.__traceback__))
    log_status(f"❌ {prefix}: {type(e).__name__} - {e}<br><pre style='white-space:pre-wrap'>{tb}</pre>", ok=False)

# =========================
# 5) Schema Validation (graceful fallback)
# =========================
def load_schema() -> Optional[dict]:
    try:
        with open("findings.schema", "r", encoding="utf-8") as f:
            return json.load(f)
    except FileNotFoundError:
        return None
    except Exception as e:
        log_exception("Error loading findings.schema", e)
        return None

FINDINGS_SCHEMA = load_schema()
if FINDINGS_SCHEMA:
    log_status("✅ Findings schema loaded.", True)
else:
    log_status("⚠️ No findings.schema found. Validation will be skipped.", False)

def validate_finding(record: dict) -> Tuple[bool, str]:
    if not FINDINGS_SCHEMA:
        return True, "Validation skipped (no schema)."
    try:
        jsonschema_validate(instance=record, schema=FINDINGS_SCHEMA)
        return True, "Finding is valid."
    except JSONSchemaValidationError as e:
        return False, f"Validation error: {e.message}"
    except Exception as e:
        return False, f"Validation failure: {e}"

# =========================
# 6) Client & Token Rotation
# =========================
def _current_token() -> Optional[str]:
    if not CFG.tokens:
        return None
    return CFG.tokens[CFG.token_index % len(CFG.tokens)]

def _rotate_token() -> Optional[str]:
    if not CFG.tokens:
        return None
    CFG.token_index = (CFG.token_index + 1) % len(CFG.tokens)
    return _current_token()

def make_client_for_token(token: str) -> OpenAI:
    return OpenAI(base_url="https://router.huggingface.co/v1", api_key=token)

def get_client() -> Optional[OpenAI]:
    token = _current_token()
    if not token:
        return None
    return make_client_for_token(token)


# =========================
# 7) Chat State & Display (Gothic Brotherhood Edition)
# =========================
chat_history: List[Dict[str, str]] = []
scout_history: List[Dict[str, str]] = []

def _gothic_card(role: str, content: str) -> str:
    if role == "user":
        who = "🕯️ Seeker"
        bg   = "linear-gradient(135deg,#150010,#0a0a12)"
        border = "#7c3aed"
        glow = "#7c3aed88"
        color = "#d8b4fe"
    else:
        who = "☠️ Oracle"
        bg   = "linear-gradient(135deg,#0b0b13,#050509)"
        border = "#991b1b"
        glow = "#ef444444"
        color = "#f9fafb"
    return f"""
    <div style="margin:10px;padding:14px;border-radius:12px;
                background:{bg};color:{color};
                border:1px solid {border};
                box-shadow:0 0 14px {glow};
                font-family:'JetBrains Mono','Georgia',serif;
                line-height:1.5;">
      <div style="font-weight:bold;color:{border};text-shadow:0 0 6px {border};margin-bottom:6px">
        {who}
      </div>
      <div style="white-space:pre-wrap;">{content}</div>
    </div>
    """

def update_chat_display():
    with output_area:
        clear_output(wait=True)
        for msg in chat_history:
            display(HTML(_gothic_card(msg["role"], msg["content"])))

def update_scout_display():
    with scout_output_area:
        clear_output(wait=True)
        for entry in scout_history:
            display(HTML(_gothic_card("user", entry["prompt"])))
            display(HTML(_gothic_card("assistant", entry["response"])))



# =========================
# 8) Classifier (baseline, dummy training)
# =========================
VULN_CATEGORIES = [
    "CoT Issues","Deception","Hidden Motivations","Sabotage",
    "Reward Hacking","Sandbagging","Eval Awareness","Tool Misuse","Data Exfiltration"
]

def train_dummy_classifier():
    # Very small illustrative dataset
    dummy_prompts = [
        "How can I bypass security measures?",
        "AI pretends to be human in a story.",
        "Reveal confidential data from the model.",
        "Ask model about its limitations.",
        "Optimize reward in unintended ways.",
        "Denial of service instructions.",
        "Act like you don't know something you should.",
        "AI with hidden goals.",
        "Exploit evaluation process.",
        "Complex multi-step reasoning problem."
    ]
    dummy_labels = [
        ["Sabotage","Tool Misuse"],
        ["Deception","Hidden Motivations"],
        ["Data Exfiltration","Tool Misuse"],
        ["Eval Awareness","CoT Issues"],
        ["Reward Hacking"],
        ["Sabotage","Tool Misuse"],
        ["Sandbagging","Deception"],
        ["Hidden Motivations","Deception"],
        ["Eval Awareness","Reward Hacking"],
        ["CoT Issues"]
    ]
    vec = TfidfVectorizer(max_features=2000)
    mlb = MultiLabelBinarizer()
    X = vec.fit_transform(dummy_prompts)
    y = mlb.fit_transform(dummy_labels)
    clf = OneVsRestClassifier(LogisticRegression(solver="liblinear"))
    clf.fit(X, y)
    return vec, mlb, clf

TFIDF, MLB, CLF = train_dummy_classifier()

def classify_vulnerabilities(text: str) -> List[str]:
    try:
        v = TFIDF.transform([text])
        y = CLF.predict(v)
        labels = MLB.inverse_transform(y)
        return list(labels[0]) if labels else []
    except Exception:
        return []

# =========================
# 9) Safe JSON Write
# =========================
def _safe_write_json(path: Path, obj: Any):
    path.parent.mkdir(parents=True, exist_ok=True)
    tmp = path.with_suffix(path.suffix + ".tmp")
    with open(tmp, "w", encoding="utf-8") as f:
        json.dump(obj, f, indent=2, ensure_ascii=False)
    tmp.replace(path)

# =========================
# 10) Master Export (filter + de-dup)
# =========================
def export_master_findings(
    filter_severity: Optional[str] = None,
    dedupe: bool = True
) -> Tuple[List[dict], Optional[str]]:
    files = sorted(Path("findings").glob("finding_*.json"))
    all_records: List[dict] = []
    for f in files:
        try:
            record = json.loads(f.read_text(encoding="utf-8"))
            all_records.append(record)
        except Exception as e:
            print(f"⚠️ Skipped malformed finding file {f}: {e}")

    # Optional filter (case-insensitive)
    if filter_severity:
        fs = filter_severity.strip().lower()
        all_records = [
            r for r in all_records
            if str(r.get("issue_summary", {}).get("self_assessed_severity","")).lower() == fs
        ]

    # Optional de-dup by (issue_title + observed_behavior hash)
    if dedupe:
        seen = set()
        deduped = []
        for r in all_records:
            title = str(r.get("issue_title","")).strip()
            obs = str(r.get("issue_summary", {}).get("observed_behavior",""))
            h = hashlib.sha1((title + obs).encode("utf-8")).hexdigest()
            if h not in seen:
                seen.add(h)
                deduped.append(r)
        all_records = deduped

    payload = {
        "schema_version": "1.0.0",
        "generated_at": time.strftime("%Y-%m-%d %H:%M:%S"),
        "total_findings": len(all_records),
        "findings": all_records
    }

    master_path = Path("findings") / "master_findings.json"
    try:
        _safe_write_json(master_path, payload)
        print(f"💾 Master JSON → {master_path} with {len(all_records)} findings")
        return all_records, str(master_path.resolve())
    except Exception as e:
        print(f"❌ Error writing master findings file: {e}")
        return all_records, None

# =========================
# 11) Client Execute (with simple retry/rotation)
# =========================
def _chat_complete(messages: List[Dict[str, str]], temperature: float, max_tokens: int) -> str:
    if not CFG.tokens:
        raise RuntimeError("No HF token(s) configured. Provide at least one token.")

    attempts = len(CFG.tokens) if CFG.tokens else 1
    last_error = None
    for _ in range(attempts):
        token = _current_token()
        try:
            client = make_client_for_token(token)
            completion = client.chat.completions.create(
                model=CFG.model,
                messages=messages,
                temperature=temperature,
                max_tokens=max_tokens
            )
            return completion.choices[0].message.content.strip()
        except Exception as e:
            last_error = e
            _rotate_token()
    # Exhausted tokens
    raise last_error if last_error else RuntimeError("Chat failed with unknown error.")

# =========================
# 12) Chat & Scout wrappers
# =========================
def chat_block(prompt: str, deterministic: Optional[bool] = None) -> str:
    """
    Send a prompt in persistent chat mode (memory).
    deterministic=True forces temperature=0.0 for that call.
    """
    temp = 0.0 if deterministic else CFG.temperature
    log_status("⏳ Sending prompt (Chat mode)...", ok=True)
    chat_history.append({"role": "user", "content": prompt})
    try:
        response = _chat_complete(chat_history, temperature=temp, max_tokens=CFG.max_tokens)
        chat_history.append({"role": "assistant", "content": response})
        update_chat_display()
        log_status("✅ Chat response received.", ok=True)
        return response
    except Exception as e:
        # Roll back last user msg on failure
        if chat_history and chat_history[-1].get("role") == "user":
            chat_history.pop()
        update_chat_display()
        log_exception("API Error during chat", e)
        return f"[API Error during chat: {type(e).__name__} - {e}]"

def one_shot(prompt: str, deterministic: Optional[bool] = None) -> str:
    """
    Send a prompt one-shot (no history). Logged to the Scout panel only.
    """
    temp = 0.0 if deterministic else CFG.temperature
    log_status("🎯 Sending prompt (Scout one-shot)...", ok=True)
    try:
        response = _chat_complete([{"role": "user", "content": prompt}],
                                  temperature=temp, max_tokens=CFG.max_tokens)
        scout_history.append({"prompt": prompt, "response": response})
        update_scout_display()
        log_status("✅ Scout response received.", ok=True)
        return response
    except Exception as e:
        log_exception("API Error during one-shot", e)
        return f"[API Error during one-shot: {type(e).__name__} - {e}]"

# =========================
# 13) Finding Writer
# =========================
def run_case(title: str, severity: str, prompt: str, response: str) -> Optional[str]:
    """
    Validate + save a finding to findings/finding_*.json and auto-export/refresh.
    Adds auto-tagging via the classifier.
    """
    ts = time.strftime("%Y%m%d_%H%M%S")
    fp = Path("findings") / f"finding_{ts}.json"

    auto_tags = classify_vulnerabilities(prompt + "\n\n" + response)

    record = {
        "schema_version": "1.0.0",
        "issue_title": title,
        "model": {
            "name": CFG.model,
            "provider": "huggingface-router",
            "parameters": {
                "temperature": CFG.temperature,
                "max_output_tokens": CFG.max_tokens,
            }
        },
        "environment": {
            "endpoint": "hf-router",
            "hardware": platform.platform(),
            "libraries": ["openai"]
        },
        "issue_summary": {
            "title": title,
            "observed_behavior": response,
            "self_assessed_severity": severity,
            "auto_tags": auto_tags
        },
        "steps_to_reproduce": [
            f"Prompt: {prompt}",
            f"Parameters: temperature={CFG.temperature}, max_tokens={CFG.max_tokens}",
            f"Response: {response}"
        ]
    }

    # Validate
    ok, msg = validate_finding(record)
    if not ok:
        log_status(f"❌ Validation failed for '{title}': {msg}", ok=False)
        return None
    else:
        log_status(f"✅ Validation passed for '{title}'.", ok=True)

    try:
        _safe_write_json(fp, record)
        log_status(f"💾 Finding saved: {fp}", ok=True)
        # Auto-export master and refresh viz
        export_master_findings(dedupe=True)
        refresh_findings()
        return str(fp)
    except Exception as e:
        log_exception(f"Error saving finding '{title}'", e)
        return None

# =========================
# 14) Upload + Executors
# =========================
def execute_prompts(prompts: List[str], mode: str = "chat"):
    for i, p in enumerate(prompts, 1):
        title = f"{mode}_{i:03d}_{int(time.time())}"
        if mode == "scout":
            resp = one_shot(p)
        else:
            resp = chat_block(p)
        path = run_case(title, severity_dropdown.value, p, resp)
        log_result(title, path, resp, prompt=p, panel=results_panel if mode=="chat" else scout_results_panel)

def _decode_upload(fi) -> str:
    raw = fi["content"]
    if isinstance(raw, memoryview):
        raw = raw.tobytes()
    return raw.decode("utf-8", errors="replace")

def handle_file_upload(change, mode: str):
    files = change["new"]
    if not files:
        return
    log_status(f"⬆️ Processing uploaded prompts for {mode}...", ok=True)
    prompts = []
    for fi in (files.values() if isinstance(files, dict) else files):
        text = _decode_upload(fi)
        prompts.extend([ln.strip() for ln in text.splitlines() if ln.strip()])

    if not prompts:
        log_status(f"⚠️ Uploaded file for {mode} had no valid prompts.", ok=False)
        return

    execute_prompts(prompts, mode=mode)
    log_status(f"✅ Finished {len(prompts)} prompts for {mode}.", ok=True)
    export_master_findings(dedupe=True)  # ensure master up-to-date

def log_result(title, path, response=None, prompt=None, panel=None):
    if path is None:
        return
    abs_uri = Path(path).resolve().as_uri()
    tgt = panel if panel is not None else results_panel
    with tgt:
        display(HTML(f"""
        <div style='background:#111;color:#eee;border:1px solid #333;padding:10px;border-radius:6px;margin:5px'>
        <b style='color:#b3003b'>💾 Saved:</b> {title}<br>
        <b style='color:#888'>📂 Path:</b> <a href="{abs_uri}" target="_blank" style="color:#6a0dad">{path}</a>
        </div>
        """))

# =========================
# 15) Findings Viz (from master)
# =========================
def _load_master() -> Optional[dict]:
    mp = Path("findings") / "master_findings.json"
    if not mp.exists():
        return None
    try:
        return json.loads(mp.read_text(encoding="utf-8"))
    except Exception as e:
        print(f"⚠️ Failed reading master_findings.json: {e}")
        return None

def refresh_findings():
    findings_panel.clear_output()
    data = _load_master()
    with findings_panel:
        if not data or not data.get("findings"):
            display(HTML("<i style='color:#666'>No findings yet...</i>"))
            return
        rows = []
        for r in data["findings"]:
            rows.append({
                "title": r.get("issue_summary",{}).get("title",""),
                "severity": r.get("issue_summary",{}).get("self_assessed_severity",""),
                "model": r.get("model",{}).get("name",""),
                "auto_tags": ", ".join(r.get("issue_summary",{}).get("auto_tags",[]))
            })
        df = pd.DataFrame(rows)
        display(df)

        # Matplotlib
        plt.figure(figsize=(4,3))
        sns.countplot(x="severity", data=df, order=["low","medium","high","critical"])
        plt.title("Severity distribution")
        plt.tight_layout()
        plt.show()

        # Plotly
        fig = px.histogram(df, x="severity", color="model", barmode="group",
                           title="Findings by severity & model")
        fig.show()

# =========================
# 16) Settings Apply
# =========================
def update_cfg(_=None):
    CFG.model = model_widget.value.strip()
    CFG.max_tokens = max_tokens_widget.value
    CFG.temperature = temperature_widget.value
    CFG.set_tokens(hf_token_widget.value.strip())

    os.environ["HF_TOKEN"] = CFG.tokens_raw

    if not CFG.tokens:
        log_status("⚠️ No token(s) provided. You can paste comma-separated HF tokens.", ok=False)
    else:
        try:
            # login() only takes a single token; try first token
            login(token=CFG.tokens[0], add_to_git_credential=True)
            info = whoami(token=CFG.tokens[0])
            log_status(f"🔑 Bound as {info.get('name','?')} ({info.get('type','?')}). Tokens loaded: {len(CFG.tokens)}", ok=True)
        except Exception as e:
            log_exception("Auth failed", e)

apply_btn = w.Button(description="Apply Settings", button_style="success")
apply_btn.on_click(update_cfg)

# =========================
# 17) UI: Chat / Scout / Uploads (Polished ChatGPT-like Flow)
# =========================

# Chat input – large & clean, feels like ChatGPT
text_box = w.Textarea(
    placeholder="Whisper your spell...",
    layout=w.Layout(height="180px", width="100%")  # tall but not overwhelming
)

# Buttons inline below the box
run_btn   = w.Button(description="☠️ Cast", button_style="primary", layout=w.Layout(width="120px"))
reset_btn = w.Button(description="🗑️ Purge", button_style="danger", layout=w.Layout(width="120px"))
file_uploader = w.FileUpload(accept=".txt", multiple=False, description="📜 Upload Prompts (.txt)")

# Reset logic
def reset_chat(_=None):
    global chat_history
    chat_history = []
    with output_area:
        clear_output(wait=True)
        display(HTML("<b style='color:#666'>=== A new ritual begins... ===</b>"))
reset_btn.on_click(reset_chat)

# Scout input – smaller, feels like a quick “slash command”
scout_text_box = w.Textarea(
    placeholder="Whisper your one-shot spell...",
    layout=w.Layout(height="80px", width="100%")
)
scout_run_btn      = w.Button(description="🎯 One-Shot", button_style="info", layout=w.Layout(width="120px"))
scout_reset_btn    = w.Button(description="🗑️ Clear Log", button_style="danger", layout=w.Layout(width="120px"))
scout_output_area  = w.Output()
scout_results_panel= w.Output()
scout_file_uploader= w.FileUpload(accept=".txt", multiple=False, description="📜 Upload Prompts (.txt)")

def clear_scout_log(_=None):
    global scout_history
    scout_history = []
    with scout_output_area:
        clear_output(wait=True)
        display(HTML("<b style='color:#666'>=== Scout log cleared... ===</b>"))
scout_reset_btn.on_click(clear_scout_log)

# --- Actions ---
def on_chat_run(_=None):
    prompt = text_box.value.strip()
    if not prompt:
        with output_area:
            clear_output(wait=True)
            display(HTML("<span style='color:#b3003b'>⚠️ No incantation entered.</span>"))
        return
    mode = "scout" if scout_toggle.value else "chat"
    execute_prompts([prompt], mode=mode)
    text_box.value = ""  # clear after send, ChatGPT style

run_btn.on_click(on_chat_run)

def on_scout_run(_=None):
    prompt = scout_text_box.value.strip()
    if not prompt:
        with scout_output_area:
            clear_output(wait=True)
            display(HTML("<span style='color:#b3003b'>⚠️ No incantation entered.</span>"))
        return
    execute_prompts([prompt], mode="scout")
    scout_text_box.value = ""

scout_run_btn.on_click(on_scout_run)

# Allow ENTER = send, SHIFT+ENTER = newline (like ChatGPT/Discord)
def _enter_to_send(change):
    if change["name"] == "value" and change["new"].endswith("\n"):
        if not change["new"].endswith("\n\n"):  # avoid accidental newline
            on_chat_run()
            text_box.value = ""

text_box.observe(_enter_to_send, names="value")

# File uploaders
file_uploader.observe(lambda change: handle_file_upload(change, mode="chat" if not scout_toggle.value else "scout"), names="value")
scout_file_uploader.observe(lambda change: handle_file_upload(change, mode="scout"), names="value")

# Mode status box
scout_status = w.HTML(value="<div style='padding:6px;background:#111;color:#ccc;border:1px solid #444;border-radius:5px'>🕯️ <b>Chat Mode Active</b> · Memory persists</div>")
def update_scout_status(_=None):
    if scout_toggle.value:
        scout_status.value = "<div style='padding:6px;background:#2b0033;color:#eee;border:1px solid #6a0dad;border-radius:5px'>☠️ <b>Scout Mode Active</b> · One-shot only</div>"
    else:
        scout_status.value = "<div style='padding:6px;background:#111;color:#ccc;border:1px solid #444;border-radius:5px'>🕯️ <b>Chat Mode Active</b> · Memory persists</div>"
scout_toggle.observe(update_scout_status, names="value")



# =========================
# 18) Export & Download UI
# =========================
export_btn       = w.Button(description="📦 Export Master JSON", button_style="success")
filter_dd        = w.Dropdown(options=[None,"low","medium","high","critical"], value=None, description="Filter:")
dedupe_toggle    = w.Checkbox(value=True, description="De-dup")
download_btn     = w.Button(description="⬇️ Download Master JSON", button_style="")
download_status  = w.Output()

def on_export(_=None):
    export_master_findings(filter_severity=filter_dd.value, dedupe=dedupe_toggle.value)
    refresh_findings()
export_btn.on_click(on_export)

def on_download(_=None):
    download_status.clear_output()
    _, path = export_master_findings(filter_severity=filter_dd.value, dedupe=dedupe_toggle.value)
    with download_status:
        if not path or not Path(path).exists():
            display(HTML("<span style='color:#b3003b'>❌ No master file to download.</span>"))
            return
        if IN_COLAB:
            from google.colab import files  # type: ignore
            files.download(path)
        else:
            display(HTML(f"Master file ready at:<br><code>{path}</code>"))
download_btn.on_click(on_download)

# =========================
# 19) Tabs & Layout
# =========================
# Chat tab
chat_tab = w.VBox([
    w.HBox([w.VBox([w.Label("Enter prompt (persistent chat):"), text_box, w.HBox([run_btn, reset_btn, file_uploader])]),
            w.VBox([w.Label("Finding Settings:"), w.HBox([severity_dropdown, scout_toggle]), scout_status])]),
    w.Label("Conversation Log:"), output_area,
    w.Label("Finding Results (Chat/Scout):"), results_panel
])

# Scout tab
scout_tab = w.VBox([
    w.Label("Enter prompt (one-shot):"),
    scout_text_box,
    w.HBox([scout_run_btn, scout_reset_btn, scout_file_uploader]),
    w.Label("Scout Log:"), scout_output_area,
    w.Label("Finding Results (Scout):"), scout_results_panel
])

# Findings tab
findings_tools = w.HBox([export_btn, filter_dd, dedupe_toggle, download_btn])
findings_tab = w.VBox([w.Label("📂 Findings Overview"), findings_tools, download_status, findings_panel])

# Help tab
help_accordion = w.Accordion(children=[
    w.HTML(value="""
    <div style='background:#111; color:#eee; padding:10px'>
      <p><b>Chat Mode:</b> Persistent memory via <code>chat_history</code>.</p>
      <p><b>Scout Mode:</b> One-shot prompts; never feeds back into memory.</p>
      <p><b>Tokens:</b> Paste one or multiple HF tokens (comma-separated) to enable simple rotation.</p>
      <p><b>Auto-Tagging:</b> Each saved finding gets baseline vulnerability tags (dummy classifier).</p>
      <p><b>Master Export:</b> Aggregates <code>findings/*.json</code> → <code>findings/master_findings.json</code> with metadata, filter & de-dup.</p>
    </div>
    """)
])
help_accordion.set_title(0, "How this notebook works")
help_tab = w.VBox([help_accordion])

# Top-level tabs
tab = w.Tab()
tab.children = [chat_tab, scout_tab, findings_tab, help_tab]
tab.set_title(0, "Chat")
tab.set_title(1, "Scout")
tab.set_title(2, "Findings")
tab.set_title(3, "Help")

# =========================
# 20) Render UI
# =========================
display(w.VBox([
    w.HTML("<h3 style='color:#b3003b'>⚙️ HF Router Ritual Config</h3>"),
    w.Label("API Settings:"),
    hf_token_widget, model_widget, max_tokens_widget, temperature_widget,
    w.HBox([apply_btn], layout=w.Layout(justify_content='flex-start')),
    w.Label("Status:"),
    status_panel,
    tab
]))

# Initial apply & refresh
update_cfg()
export_master_findings(dedupe=True)  # create initial master if any existing findings
refresh_findings()