Merged AI Integration Into Fuzzilli

* modified file structure, fixed grammatical errors

* modified tools

* added tools for lifting/compiling JS/FuzzIL programs and small changes to rest of tools

* fix name

* updated rg and fzf desc

* more updates

* applied tools and subagents to agents

* filled rag_tools. Not targeted and imports don't wokr:

* things

* added a way to start agent isolated, haven't testsed

* fixed immediate build issues

* stfu

* debug msg

* Reordered argument checks

* started run script. Need to add multi-arg passing

* changed /bin/python to .venv/python

* path

* path

* path

* vrag

* knowlage_base

* tools

* redefined d8 flags. many FoG and EBG tools have crossover, still have to revamp. Thanos is in charge of building cfg for internal d8 execution

* made a venv

* .venv

* push working cfg

* some woke python bs

* capture stdout,stderr from d8 to file

* some logging, litellm wrapping, dependency fix

* path issue

* path issue

* capture stdout,stderr from run_command

* added simple picker

* added simple picker

* imports

* updated cfgbuilder path

* updated tool version

* updated tool version

* fix label

* small fixes

* updated tool args to match reqs

* a

* remove pychache and update gitignore

* remove .venv

* start requirements.txt

* pushing

* working requirments

* fu

* pushing fixed

* regreissions folder

* tool update

* json maker

* import issue

* file load issue. Added to requirementst.xt

* removed sys prompt from agent inits

* removed sys prompt from agent inits

* fixed typo in agent name

* changing import

* changing import

* changing import

* changing import

* changing path to fog_logs

* changing path to fog_logs

* changing path to ebg

* fixed dependencies in ebg

* fixed dependencies in ebg

* fixed dependencies in ebg

* fixed dependencies in ebg

* pushing a mistake

* regression.json

* Remove large regressions.json from repo and ignore it

* templates json

* whoops

* small changes

* pycache lol

* revert previous commit

* pushing tool calls

* pushing cur

* ignore regressions

* pick selection prompt

* rag

* fixing too calls

* fixing too calls

* pushign working

* log

* logging working

* trying cope

* regression final

* pushing my current env

* comment out web_search, should use internal openai one?

* push to rag_tools

* web search

* push pick_section

* pushing curr

* working pick_seciton

* get v8 path from env

* pushing updated fixed pathing

* small pick selection update

* puhsing smolagent fork

* fixing format string

* update pick selector prompt

* update steps

* pushing read

* updated v8_search prompt

* small change to root_manager prompt

* updates

* pushing prompt fix

* update rag db id

* saveing

* move env variables to common_tools

* update v8 search

* fuck me

* pushing 1k limit

* defined v8 src macro

* no clue

* fuck you

* removed dynamic path resolution in ripgrep

* I hate kam

* I hate kam

* we are stupid

* id fix

* push

* modified tree prompt

* modified tree prompt

* aleksi is shzio

* pushing god

* pushing god

* pushing god

* modified tree prompt

* allegedly fixed web search

* Added 'testing' prompt to reviwer_of_code

* changed regressions file type

* changed where the websearch testing prompt resides. modified tree prompt to prevent it from searching for a directory that it is already inside of

* Finished root_manager prompt

* move web to common tools

* pushing updated tool calls

* addded proper program builder prompt

* updated templates and regression d8 flags

* updated test template engine

* saving wtf

* updated templates and move engine selection to after lifter is initialized for template engine

* regressions with updated flags

* update template.json

* pushing updated web search

* filename change

* web search updates, testing prompt

* add george foreman prompt back

* spelling issues

* adding files

* vrag tool calls

* web search updates, testing prompt

* pushing code

* fixes

* web search updates, testing prompt

* web search updates, testing prompt

* web search updates, testing prompt

* web search updates, testing prompt

* web search updates, testing prompt

* saving fixes and repriceing

* add program template execution tool call

* pushing local

* local sync

* small refactor to program template execution

* update build_program_template

* code updates

* prompt addition

* make sure chromadb imports

* docs for how to run fog

* local nealry working

* help

* pushing my live

* rag data

* logging

* added datetime time stamping to agentic tasks.

* removed some logs

* changed timestamping

* modified python package imports

* modified get_knowledge_doc tool prompt

* beefed up EBG, cannot confirm if it works

* modified swift interaction tools for more verbose output and more structured prompts

* modified imports

* stubbed ebg tools

* stubbed ebg

* pydantic warning ignore

* putting ebg on pause

* modify ripgrep tool args to account for paths

* successful run log

* removed some logs

* updated README with agentic workflow and descriptions

* removing init_rag_db

* remove init/fixed merge conflits

* compiler agent should basically work + pushing local

* small change to compile_program_template

* pushing local

* pushing ragdb stuff

* pushing local

* separate removing program templates and program template weights

* update remove program template and pushing local

* pushing local

* edits

* update george foreman prompt

* da aleski goat

* small update

* gods work

* pushing local

* add tool call for removing old generated js programs that failed to execute

* update D8_COMMON_FLAGS

* update D8_COMMON_FLAGS

* saving the tool cll edit for regex to diff

* pushing local

* regex to diff

* pushing edits

* pushing stable

* pushing setup simple

* fixed some simple warnings

* removed logs

* done

* done

---------

Co-authored-by: Zia-Rashid <kamdinomaribembry>
Co-authored-by: hl4x <aleksik151@gmail.com>
Co-authored-by: Zia-Rashid <kamdinomaribembry@gmail.com>
Co-authored-by: tarun <tarun@taruns-MacBook-Pro.local>

Author: 4 people

.gitignore

@@ -7,6 +7,15 @@ Package.resolved
 .*.sw?
 .swiftpm
 /Corpus
+.venv
+*pycache*
+Sources/Agentic_System/keys.cfg
+regressions*.json
+*.fzil
+generated_templates/
+ProgramTemplates.swift
+ProgramTemplateWeights.swift
+fog_logs/
 
 # custom GCE configuration
 Cloud/GCE/config.sh

Sources/Agentic_System/.gitignore

@@ -0,0 +1 @@
+Sources/Agentic_System/regressions.json

Sources/Agentic_System/README.md

@@ -0,0 +1,61 @@
+### How to run FoG
+1. Install the `requirements.txt`, make sure you're in a venv
+2. export the required environment variables
+- `V8_PATH` => points to V8 src directory
+- `D8_PATH` => points to the d8 binary
+- `FUZZILLI_TOOL_BIN` => points to the FuzzILTool binary, typically under .build in Fuzzilli's root
+- `FUZZILLI_PATH` => points to Fuzzilli's root directory, where you land after cloning and cd'ing into the repo
+3. Put your OpenAI key into a `keys.cfg` in Sources/Agentic_System
+4. Replace the smolagents site-packaged located in `.venv/lib/python3.12/site-packages` or similar with the provided fork of smolagents<br>
+    You can simply remove the existing smolagents in site-packages and move + rename the fork as `smolagents`
+5. run `python3 rises-the-fog.py (--debug)`
+
+### Technical flow
+#### The first multi agent system is implemented and starts by initializing a root manager whose goal is to actually orchestrate the creation of program templates. It starts by selecting a "code region" that it determines to be interesting; this is done by querying a RAG DB (json file) that contains over 8000 regression tests, their FuzzIL form, and execution data via trace flags.  We instruct the system to select a code region by using the execution data. On top of that, the system has access to a vector RAG DB with: V8 docs, JS MDM docs, C++ docs, and various research papers that it can query to gather more information. The vectorization library we use is META’s FAISS -"Facebook AI Similarity Search". After this is done it will select a code region such as: "Keyed array element access & elements-kind transitions (KeyedStoreIC/KeyedLoadIC, ElementsTransition, GrowElements/CopyElements, and Array builtin fast paths)".
+
+
+#### From there we run a code analysis agent whose goal is to actually figure out what the code region looks like in the V8 code base and give back an in depth analysis of the code region - functions / files that are deemed "interesting". We give the V8 search agent, who is responsible for querying and searching through the source code, a variety of tools like ripgrep, fuzzyfinder, and sed in order to read files.  This agent will create a run-time RAG in order to store interesting code chunks. We use tool calls that create controlled, structured json in order to create the runtime RAG that gets used between agents. After V8 search completes and generates a list of relevant database entries linked to the initial code region, the code analysis stage compiles a comprehensive summary of the codebase and its functions. It then sends a detailed explanation - along with supporting code snippets - to the verification agent. Once the response is verified, the finalized version is returned to the root manager.
+
+
+#### From here our system will define a task to literally create swift program templates. This will be sent to an agentic ‘program template builder’, which itself has a RAG json filled with program templates, their FuzzIL equivalence, and JS which we got by dumping runtime info via a Fuzzilli patch. This stage also has a verification agent, and if all goes well, we have tools to ensure compilation and test that target code paths are being hit, namely by looking at d8 trace output.
+
+```
+>> Start Initializaiton
+-> PickSection -> FoG -> CodeAnalyzer: Reviewer_of_Code, V8_Search -> FoG 
+-> ProgramBuilder: Corpus_Generator, Runtime_Analyzer, Corpus_Validator, DB_Analyzer, George_Foreman, Compiler 
+>> End Initialization []
+```
+
+- PickSection: chooses a component of V8 that targets/interfaces with JIT.
+- FoG : Init root agent (similar to an IPC).
+- CodeAnalyzer: Manager agent to Reviewer_of_Code and V8_Search. Makes overall decisions regarding target.
+    - Reviewer_of_Code: references design docs, whitepapers, and regressions regarding the selected V8 
+            component, build context, and select a region of code within that component to target.
+    - V8_Search: Uses tools to analyze source code and pull entire functions and files related to the target
+            and contextual functions related to those selected functions. The agents tend to target places with 
+            DCHECKS as this is an indicator of where state can be potentially corrupt. 
+- ProgramBuilder: Manages construction of program templates that target the code paths found by CodeAnalyzer.
+    - Corpus_Generator:
+    - Corpus_Validator:
+    - Runtime_Analyzer:
+    - Corpus_Validator:
+    - Compiler:
+- George Foreman: Verification agent used to validate that results and 
+        trajectory of other agents are inline with their goals.
+
+
+```
+The below is wrong for now btw
+
+FatherOfGeorge (L0 Manager)
+├── CodeAnalyzer (L1 Manager)
+│   ├── RetrieverOfCode (L2 Worker) → GeorgeForeman
+│   └── V8Search (L2 Worker)
+└── ProgramBuilder (L1 Manager)
+    └── GeorgeForeman (L1 Manager)
+        ├── CorpusGenerator (L2 Worker)
+        ├── RuntimeAnalyzer (L2 Manager)
+        │   └── CodeAnalyzer (L3 Worker)
+        ├── CorpusValidator (L2 Worker)
+        └── DBAnalyzer (L2 Worker)
+```

Sources/Agentic_System/__init__.py

@@ -0,0 +1,14 @@
+import importlib.util
+import sys
+from pathlib import Path
+
+_module_dir = Path(__file__).parent
+_module_path = _module_dir / "rises-the-fog.py"
+
+if str(_module_dir) not in sys.path:
+    sys.path.insert(0, str(_module_dir))
+
+_spec = importlib.util.spec_from_file_location("rises_the_fog", _module_path)
+rises_the_fog = importlib.util.module_from_spec(_spec)
+_spec.loader.exec_module(rises_the_fog)
+