Skip to content

Commit 84bf46e

Browse files
committed
feat(security): implement API key authentication and prompt safety
- Added X-API-Key header authentication (configurable via AUTH_ENABLED) - Refactored monolithic main.py into modular src/api/routes.py - Mitigated prompt injection via XML tagging in CommitmentExtractor - Removed hardcoded database credentials from config defaults - Updated all documentation with /api/v1 prefix and auth headers - Updated docs/guides with uv commands and auth configuration steps
1 parent 7df3917 commit 84bf46e

40 files changed

Lines changed: 859 additions & 577 deletions

DOCUMENTATION.md

Lines changed: 0 additions & 58 deletions
This file was deleted.

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ COPY --from=builder /usr/local/bin /usr/local/bin
2626
COPY . .
2727

2828
# Ensure the database file is writable by the non-root user if using SQLite
29-
RUN touch commitguard.db && chown commitguard:commitguard commitguard.db && chmod 666 commitguard.db
29+
RUN touch commitguard.db && chown commitguard:commitguard commitguard.db && chmod 600 commitguard.db
3030
RUN chown -R commitguard:commitguard /app
3131

3232
USER commitguard

README.md

Lines changed: 16 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -34,34 +34,42 @@ CommitGuard AI is a multi-agent system designed for high-stakes enforcement. It
3434

3535
---
3636

37-
## 🏗️ The Three-Stage Autonomous Pipeline
37+
## 🏗️ The Four-Stage Autonomous Pipeline
3838
Every commitment—whether from Slack or a Git Commit—passes through a deterministic reasoning loop:
3939

4040
1. **Excuse Detection (`ExcuseDetector`)**: Classifies sentiment (Legitimate vs. Deflection vs. Burnout).
4141
2. **Predictive Risk Assessment (`RiskScorer`)**: Quantifies failure probability based on historical reliability.
42-
3. **Adaptive Pressure (`ToneAdapter`)**: Selects the psychological tone (Supportive → Firm → Confrontational) to ensure delivery.
42+
3. **Safety Supervisor (`Overwatch`)**: Audits final communications for HR/Legal ethics and tone drift.
43+
4. **Adaptive Pressure (`ToneAdapter`)**: Selects the psychological tone to ensure delivery.
4344

4445
---
4546

4647
## 🛠️ Core Tech Stack
4748
- **Framework**: FastAPI (Python 3.12+)
4849
- **LLM Orchestration**: Instructor + Pydantic (Deterministic JSON)
50+
- **Quality**: Strict MyPy typing + Ruff
4951
- **Infrastructure**: PostgreSQL + Redis + ARQ
5052
- **Observability**: Prometheus + Structlog
5153

5254
---
5355

5456
## 🚀 API Showcase
57+
58+
> **Note:** All API endpoints require authentication via the `X-API-Key` header.
59+
5560
### Raw Extraction (Slack/Commit/PR)
5661
```bash
5762
curl -X 'POST' \
58-
'http://localhost:8000/ingest/raw?user_id=dev_alpha&raw_text=Fixing%20auth%20logic.%20I%20promise%20to%20refactor%20the%20DB%20connector%20by%20Friday'
63+
-H 'X-API-Key: YOUR_API_KEY' \
64+
'http://localhost:8000/api/v1/ingest/raw?user_id=dev_alpha&raw_text=Fixing%20auth%20logic.%20I%20promise%20to%20refactor%20the%20DB%20connector%20by%20Friday'
5965
```
6066

6167
### Behavioral Evaluation
6268
```bash
6369
curl -X 'POST' \
64-
'http://localhost:8000/evaluate' \
70+
-H 'X-API-Key: YOUR_API_KEY' \
71+
-H 'Content-Type: application/json' \
72+
'http://localhost:8000/api/v1/evaluate' \
6573
-d '{
6674
"user_id": "dev_alpha",
6775
"commitment": "refactor the DB connector",
@@ -72,9 +80,12 @@ curl -X 'POST' \
7280
### Performance Integrity Audit (The Deliverable)
7381
Generate a high-value summary of a developer's communication-vs-technical reality.
7482
```bash
75-
curl -X 'GET' 'http://localhost:8000/reports/audit/dev_alpha'
83+
curl -X 'GET' \
84+
-H 'X-API-Key: YOUR_API_KEY' \
85+
'http://localhost:8000/api/v1/reports/audit/dev_alpha'
7686
```
7787

7888

89+
7990
---
8091
*Built for High-Performance Teams and Elite Portfolios.*

docs/guides/gitops.md

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,9 +14,15 @@ These promises "vanish" because no project management tool monitors them.
1414
CommitGuard monitors your repository at the source level.
1515

1616
### 1. Extraction from Commits
17-
If a commit message contains a promise (Who/What/When), the **CommitmentExtractor** identifying it as a formal obligation.
17+
If a commit message contains a promise (Who/What/When), the **CommitmentExtractor** identifies it as a formal obligation.
18+
19+
> [!NOTE]
20+
> The extractor uses a `commitment_found` flag to identify messages with NO clear task, preventing the agent from hallucinating promises.
21+
1822
```bash
19-
POST /ingest/git
23+
POST /api/v1/ingest/git
24+
Headers: X-API-Key: YOUR_API_KEY
25+
Body:
2026
{
2127
"author_email": "dev@company.com",
2228
"message": "Fixing CSS. I promise to refactor the login logic by Friday."

docs/guides/quickstart.md

Lines changed: 14 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -9,26 +9,32 @@ The fastest way to spin up the full stack (API + Worker + Redis + Postgres):
99
docker-compose up --build
1010
```
1111

12-
## 🏗️ Local Poetry Setup
12+
## 🏗️ Local Setup
1313
1. **Install dependencies**:
1414
```bash
15-
poetry install
15+
uv sync
1616
```
1717
2. **Configure Environment**:
18-
Create a `.env` file based on `.env.example`.
18+
Create a `.env` file based on `.env.example`.
19+
> **Important**: Set `API_KEY_SECRET` to a secure value for production. Set `AUTH_ENABLED=False` for local testing without auth.
1920
3. **Run the API**:
2021
```bash
21-
poetry run uvicorn src.main:app --reload
22+
uv run uvicorn src.main:app --reload
2223
```
2324
4. **Run the Worker**:
2425
```bash
25-
poetry run arq src.worker.WorkerSettings
26+
uv run arq src.worker.WorkerSettings
2627
```
2728

2829
---
2930

30-
## 🧪 Running the Test Suite
31-
Standardized tests are enforced with 90%+ coverage.
31+
## 🧪 Quality and Stability
32+
CommitGuard AI enforces military-grade engineering standards:
33+
- **Mock Mode**: Set `LLM_PROVIDER="mock"` in `.env` to run the entire system with zero token cost.
34+
- **Strict Typing**: The system is fully compliant with `mypy` strict type checking. Run `poetry run mypy src/` to verify correctness.
35+
- **Coverage**: All critical agents maintain a high test coverage threshold.
36+
3237
```bash
33-
poetry run pytest
38+
# Run tests with clean output
39+
uv run pytest
3440
```

docs/guides/slack.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,8 @@ CommitGuard can ping users directly using their **Slack Member ID**.
2222
Call the configuration endpoint with the user's Slack ID (found in their Slack Profile -> More -> Copy Member ID):
2323

2424
```bash
25-
POST /users/config/slack?user_id=john_dev&slack_id=U12345678
25+
POST /api/v1/users/config/slack?user_id=john_dev&slack_id=U12345678
26+
Headers: X-API-Key: YOUR_API_KEY
2627
```
2728

2829
### The Result

docs/index.md

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -9,17 +9,18 @@
99
In modern distributed teams, the **"Slack Stall"** is the #1 drain on project velocity. Project Managers are overwhelmed by vague promises like *"I'll get to it soon,"* which are often forgotten, leading to missed sprints and "bad guy" escalations.
1010

1111
## ✅ The Solution
12-
CommitGuard AI is a standalone, agentic service designed to monitor and enforce professional commitments. It doesn't just "track tasks"; it acts as a proactive collaborator that:
12+
CommitGuard AI is a standalone, agentic service designed to monitor and enforce professional commitments. Every commitment passes through a **4-Stage Reasoning Pipeline**:
1313

14-
1. **Extracts Vague Promises**: Automatically parses Slack threads to create structured commitment records.
15-
2. **Predicts Failure**: Uses behavioral sentiment to flag burnout or deflection *before* the deadline passes.
16-
3. **Automates Calibration**: Adjusts its tone—Supportive for burnout, Firm for repeat offenders—saving the PM from having to chase updates.
14+
1. **Extraction**: Automatically parses Slack threads or Git commits to identify {who, what, when}.
15+
2. **Excuse Analysis**: Categorizes sentiment (Legitimate vs. Deflection vs. Burnout).
16+
3. **Risk Scoring**: Quantifies failure probability based on historical reliability.
17+
4. **Safety Overwatch**: Audits interventions for ethics, tone drift, and HR compliance.
1718

1819
---
1920

2021
## 🏗️ Architecture at a Glance
2122
CommitGuard AI is built on a **Decoupled Event-Driven Architecture**:
22-
- **FastAPI Entrypoint**: High-speed ingestion.
23-
- **Redis & ARQ**: Distributed background processing.
24-
- **The Brain**: Pluggable LLM reasoning loop.
25-
- **PostgreSQL**: Industrial-grade persistence.
23+
- **FastAPI Entrypoint**: High-speed ingestion for Slack and Git webhooks.
24+
- **Redis & ARQ**: Distributed background processing for high-volume orchestration.
25+
- **The Brain**: Multi-agent LLM reasoning loop.
26+
- **PostgreSQL**: Industrial-grade persistence with atomic row-locking for score integrity.

docs/overviews/agents.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,13 @@ The final decision is a personalized intervention:
1919
- **Tone: Supportive** - If risk is high but burnout is detected.
2020
- **Tone: Firm** - If risk is high and the user has a history of deflection.
2121
- **Tone: Neutral** - For standard updates.
22+
- **Tone: Confrontational** - For repeat deflection.
23+
24+
## 4. Safety Audit (`SafetySupervisor`)
25+
The "Overwatch" layer acts as a final sanity check before any intervention is sent. It prevents:
26+
- **HR Violations**: Blocking discussions on salary or firing.
27+
- **Tone Drift**: Catching if an agent accidentally becomes too aggressive.
28+
- **Ambiguity**: Flagging if the agent's confidence in its own verdict is low.
2229

2330
---
2431

docs/overviews/concept.md

Lines changed: 0 additions & 15 deletions
This file was deleted.

docs/overviews/customization.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,8 +29,8 @@ The "Secret Sauce" of CommitGuard is in the **System Prompts**. You can find and
2929

3030
---
3131

32-
## 3. Message Lifecycle & "Overwatch" Architecture 🛰️
33-
The Safety Supervisor follows a **Post-Generation Overwatch** pattern. This ensures that the system is self-healing without entering infinite regeneration loops.
32+
## 3. Message Lifecycle & "Safety Overwatch" 🛰️
33+
The **Safety Supervisor** follows a **Post-Generation Overwatch** pattern. This ensures that the system is self-healing without entering infinite regeneration loops.
3434

3535
```mermaid
3636
graph TD

0 commit comments

Comments
 (0)