Add AI/Web3 integration bundle with multi-language SDK adapters and deployment workflow

[Copilot]

Description

Adds comprehensive AI/Web3 integration infrastructure with SDK adapters across Node.js, Python, Go, and Rust. Includes optional dependencies for AI providers (OpenAI, HuggingFace, LangChain, LlamaIndex), vector stores (Pinecone, Weaviate, Chroma), Web3 chains (Ethereum/Solana), messaging (Slack/Discord), and data storage (Postgres/Redis/S3/IPFS). Container deployment workflow targets ghcr.io with dev/stage/prod environments.

Type of Change

• ✨ New feature (non-breaking change which adds functionality)
• 📚 Documentation update
• 🔨 Build/CI updates

Changes Made

Dependency Manifests (Additive Only)

• Node/TypeScript: Optional dependencies in root and backend package.json
• Python: Commented dependencies in requirements.txt + pyproject.toml with extras ([ai], [vector], [web3], [messaging], [data])
• Go: go.mod with core deps, optional deps commented
• Rust: Cargo.toml with feature flags for optional components
• Security: Updated transformers to 4.48.0 (patches deserialization CVE)

SDK Adapters (sdk/)

Factory/config pattern for provider management across languages:

// Node.js (@lippytm/ai-sdk)
const sdk = new AITimesMachinesSDK({
  ai: { provider: 'openai', apiKey: process.env.OPENAI_API_KEY },
  vectorStore: { provider: 'pinecone', apiKey: process.env.PINECONE_API_KEY },
  web3: { chain: 'ethereum', rpcUrl: process.env.ETH_RPC_URL },
  messaging: { provider: 'slack', token: process.env.SLACK_TOKEN },
  dataStorage: { type: 'postgres', connectionString: process.env.DATABASE_URL }
});

Equivalent implementations in Python, Go, and Rust with idiomatic patterns. All include validation, environment-based configuration, and TODO markers for secret manager integration.

GitHub Actions Deploy Workflow

• Container build/push to ghcr.io for backend, frontend, python-service
• Manual dispatch with environment selection (dev/stage/prod)
• Automated on main branch merges
• Environment variable documentation in workflow output

Documentation

• README section covering all providers with enablement instructions
• Complete environment variable reference in .env.example
• Linux compatibility notes for heavy dependencies (TensorFlow, vector stores)
• SDK-specific README with cross-language examples

Placeholder Services

• Go service stub in go-service/main.go
• Rust service stub in src-rust/main.rs
• Both compile successfully, ready for implementation

Testing

• Unit tests pass (17 new SDK config tests, 24 total passing)
• Manual testing completed (verified builds: Node, Go 1.24, Rust 1.92, Python 3.12)
• No breaking changes (all dependencies optional, no existing code modified)

Checklist

• My code follows the code style of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published

Additional Context

All dependencies are optional/peer dependencies to prevent bloat. Install selectively:

# Node.js
npm install openai @pinecone-database/pinecone ethers

# Python
pip install ".[ai,vector,web3]"  # From pyproject.toml

Extension points documented for additional Web3 chains beyond Ethereum/Solana.

---

Original prompt

Add a full AI/Web3 integration bundle with adapters and deployment hooks.

Scope:

• Languages: Node/TypeScript, Python, Go, Rust (add deps/manifests where applicable without breaking builds; keep changes additive and minimal).
• AI stack deps: OpenAI SDK, Hugging Face transformers + inference client, LangChain, LlamaIndex, vector stores Pinecone + Weaviate + Chroma (document optional installs if heavy), and Linux compatibility notes.
• Web3 stack deps: EVM (ethers.js, web3.py), Solana (@solana/web3.js, anchor), plus placeholder support for additional chains (document extension points).
• Messaging deps: Slack SDK, Discord SDK.
• Data deps: Postgres client (pg/asyncpg), Redis, S3 client, IPFS client.
• Container deploy hook: add GitHub Actions job to build and push container images to ghcr.io (stubbed registry/repo/image tags) and wire required env/secret placeholders.
• Add adapter stubs under a new sdk/ (or appropriate) folder that import the shared package name @lippytm/ai-sdk (Node) and note Python/Go/Rust equivalents; include simple factory/config pattern and TODOs for secrets.
• Update deploy workflow to include container build/push step guarded by manual dispatch and on main merges; include env matrix dev/stage/prod; no real secrets.
• Update README with a short section describing available adapters and how to enable providers (OpenAI/HF/vector stores/Web3 chains/messaging/storage), including required env vars; keep concise.
• Ensure existing tests still pass; add minimal smoke tests if possible for config loaders.

Deliverables:

• Updated dependency manifests (package.json/requirements.txt/pyproject/go.mod/Cargo.toml) with the above bundles as optional/extra if needed.
• New adapter stubs in repo (Node/TS primary) referencing @lippytm/ai-sdk.
• Updated GitHub Actions deploy workflow for container build/push to ghcr.io with placeholders.
• README section documenting adapters and env vars.

Notes:

• Base branch main. Additive only; do not remove existing code.

This pull request was created from Copilot chat.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Copilot]

Pull request overview

This PR adds comprehensive AI/Web3 integration infrastructure with SDK adapters for Node.js, Python, Go, and Rust. It includes optional dependencies for AI providers (OpenAI, HuggingFace, LangChain, LlamaIndex), vector stores (Pinecone, Weaviate, Chroma), Web3 chains (Ethereum/Solana), messaging services (Slack/Discord), and data storage options (Postgres/Redis/S3/IPFS). A GitHub Actions workflow enables container deployment to ghcr.io with dev/stage/prod environments.

Changes:

• Added multi-language SDK adapters with factory/config pattern for provider management across Node.js, Python, Go, and Rust
• Added optional dependencies to package manifests (package.json, pyproject.toml, go.mod, Cargo.toml) for AI/Web3/messaging/data integrations
• Added GitHub Actions deployment workflow for automated container builds and pushes to ghcr.io with environment matrix support
• Updated documentation with integration adapter guides, environment variable references, and deployment instructions

Reviewed changes

Copilot reviewed 19 out of 21 changed files in this pull request and generated 14 comments.

Show a summary per file

File	Description
tests/sdk-config.test.js	Unit tests for SDK configuration loaders covering all config classes and validation logic
sdk/node/index.js	Node.js SDK implementation with config classes for AI, vector stores, Web3, messaging, and data storage
sdk/node/package.json	Package manifest for Node.js SDK with optional peer dependencies
sdk/python/init.py	Python SDK implementation with equivalent config classes following Python conventions
sdk/python/setup.py	Python package setup with extras_require for optional dependency bundles
sdk/go/sdk.go	Go SDK implementation with idiomatic Go patterns and error handling
sdk/rust/lib.rs	Rust SDK implementation with Result types and Option handling
sdk/README.md	Cross-language SDK documentation with usage examples and security notes
go-service/main.go	Placeholder Go service stub for future implementation
src-rust/main.rs	Placeholder Rust service stub for future implementation
package.json	Root package manifest with optional AI/Web3 dependencies and concurrently dev dependency
backend/package.json	Backend package manifest with optional AI/Web3 dependencies
python-service/requirements.txt	Python service requirements with commented optional dependencies
python-service/pyproject.toml	Python service project configuration with optional dependency extras
go.mod	Go module file with commented optional dependencies
Cargo.toml	Rust package manifest with feature flags for optional components
.github/workflows/deploy.yml	Container deployment workflow with multi-service builds and environment matrix
README.md	Updated with AI/Web3 integration section, provider documentation, and deployment instructions
.env.example	Added environment variable examples for AI/Web3 integrations
.gitignore	Added Go and Rust build artifacts to ignore list
package-lock.json	Updated lock file with concurrently and related dependencies

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The Python SDK uses from lippytm_ai_sdk import AITimesMachinesSDK but the package name in setup.py is lippytm-ai-sdk with a hyphen. Python package names with hyphens are converted to underscores for imports, so the import statement in README.md should be from lippytm_ai_sdk import AITimesMachinesSDK which is correct. However, for consistency with the actual module structure in sdk/python/__init__.py, the package directory should either be named lippytm_ai_sdk or the import path needs adjustment. The current implementation has the code in sdk/python/__init__.py without an explicit package directory structure.

Suggested change

	packages=find_packages(),
	packages=['lippytm_ai_sdk'],
	package_dir={'lippytm_ai_sdk': '.'},

[Copilot]

The os module is imported within the validate_all method at line 152, but it's already imported at the module level on line 8. This redundant import should be removed to avoid confusion and follow Python best practices.

Suggested change

import os

[Copilot]

Storing Web3 private keys in environment variables (WEB3_PRIVATE_KEY) is a security risk, even in development. The TODO comments mention using a secure secret manager, but the current implementation allows direct reading from environment variables. Consider adding a warning when private keys are loaded from environment variables, or better yet, require the use of a key management service or encrypted storage for private keys. The private_key field is accessible as a plain string property which could be accidentally logged or exposed.

[Copilot]

Storing Web3 private keys in environment variables (WEB3_PRIVATE_KEY) is a security risk, even in development. The TODO comments mention using a secure secret manager, but the current implementation allows direct reading from environment variables. Consider adding a warning when private keys are loaded from environment variables, or better yet, require the use of a key management service or encrypted storage for private keys. The PrivateKey field is accessible as a plain string property which could be accidentally logged or exposed.

[Copilot]

Storing Web3 private keys in environment variables (WEB3_PRIVATE_KEY) is a security risk, even in development. The TODO comments mention using a secure secret manager, but the current implementation allows direct reading from environment variables. Consider adding a warning when private keys are loaded from environment variables, or better yet, require the use of a key management service or encrypted storage for private keys. The private_key field is accessible as a plain string property which could be accidentally logged or exposed.

[Copilot]

The "## 📚 Resources" section header appears twice in the README - once at line 328 (before the AI/Web3 Integration section) and again at line 480 (after the Container Deployment section). The first occurrence at line 328 seems out of place and creates a duplicate heading. This appears to be missing the "## 🎯 Roadmap" header that was referenced in the diff context. The section starting at line 483 with roadmap items should have the "## 🎯 Roadmap" header instead of the duplicate "## 📚 Resources" at line 480.

Suggested change

	## 📚 Resources
	## 🎯 Roadmap

[Copilot]

Storing Web3 private keys in environment variables (WEB3_PRIVATE_KEY) is a security risk, even in development. The TODO comments mention using a secure secret manager, but the current implementation allows direct reading from environment variables. Consider adding a warning log when private keys are loaded from environment variables, or better yet, require the use of a key management service or encrypted storage for private keys. The privateKey field is accessible as a plain string property which could be accidentally logged or exposed.

Suggested change

	this.privateKey = config.privateKey || process.env.WEB3_PRIVATE_KEY;
	const resolvedPrivateKey = config.privateKey || process.env.WEB3_PRIVATE_KEY;
	if (!config.privateKey && process.env.WEB3_PRIVATE_KEY) {
	// Warning: using environment variables for private keys is discouraged.
	// Prefer a dedicated secret manager or key management service.
	// This warning is logged once per Web3Config instantiation using the env var.
	// eslint-disable-next-line no-console
	console.warn(
	'[Web3Config] WARNING: Loaded WEB3_PRIVATE_KEY from environment variables. ' +
	'This is insecure and intended only for development. ' +
	'Use a secret manager or key management service for production.'
	);
	}
	Object.defineProperty(this, 'privateKey', {
	configurable: false,
	enumerable: false, // reduce risk of accidental logging/serialization
	get() {
	return resolvedPrivateKey;
	},
	});

[Copilot]

There's an inconsistency in environment variable naming for the AI provider API key. The SDK code loads from AI_API_KEY environment variable, but the README examples and documentation all reference OPENAI_API_KEY. The .env.example file also only includes OPENAI_API_KEY. This will cause the SDK to fail to load the API key from environment variables when users follow the documentation. Either update the SDK to use OPENAI_API_KEY for OpenAI provider, or update all documentation to use AI_API_KEY and add it to .env.example.

Suggested change

	self.api_key = config.get('api_key', os.getenv('AI_API_KEY'))
	self.model = config.get('model', 'gpt-4')
	# TODO: Load from secure secret manager
	def validate(self) -> bool:
	if not self.api_key:
	raise ValueError('AI_API_KEY not configured. Set via environment or constructor.')
	env_api_key = os.getenv('OPENAI_API_KEY') or os.getenv('AI_API_KEY')
	self.api_key = config.get('api_key', env_api_key)
	self.model = config.get('model', 'gpt-4')
	# TODO: Load from secure secret manager
	def validate(self) -> bool:
	if not self.api_key:
	raise ValueError('OPENAI_API_KEY (or AI_API_KEY) not configured. Set via environment or constructor.')

[Copilot]

There's an inconsistency in environment variable naming for the AI provider API key. The SDK code loads from AI_API_KEY environment variable, but the README examples and documentation all reference OPENAI_API_KEY. The .env.example file also only includes OPENAI_API_KEY. This will cause the SDK to fail to load the API key from environment variables when users follow the documentation. Either update the SDK to use OPENAI_API_KEY for OpenAI provider, or update all documentation to use AI_API_KEY and add it to .env.example.

[Copilot]

The SDK supports PostgreSQL as documented in the DataStorageConfig class and README, but the pg package is not listed in the peerDependencies. While the backend package.json includes pg as a dependency, the SDK package should list it as an optional peerDependency for completeness and to avoid confusion. Users installing the SDK standalone would not have PostgreSQL client support without explicitly knowing to install pg separately.