Skip to content

Commit c1ae376

Browse files
committed
feat: production-ready audit remediation, security hardening, and demo stabilization
1 parent 95d832f commit c1ae376

86 files changed

Lines changed: 5063 additions & 1451 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.dockerignore

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
.git
2+
.github
3+
.env
4+
.env.*
5+
.venv
6+
__pycache__
7+
*.pyc
8+
*.pyo
9+
*.pyd
10+
.pytest_cache
11+
.mypy_cache
12+
.ruff_cache
13+
tests
14+
docs
15+
reports
16+
*.db
17+
*.sqlite
18+
README.md
19+
CONTRIBUTING.md
20+
LICENSE
21+
mkdocs.yml
22+
alembic.ini
23+
migrations
24+
infra

.github/workflows/ci.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,3 +42,10 @@ jobs:
4242
- name: Run tests with coverage
4343
run: poetry run pytest --cov=src --cov-report=xml
4444

45+
- name: SAST Scan (Bandit)
46+
run: poetry run bandit -r src -ll -q
47+
48+
- name: Secret Scanning (Gitleaks)
49+
uses: gitleaks/gitleaks-action@v2
50+
env:
51+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -152,9 +152,12 @@ cython_debug/
152152
.vscode/
153153

154154
# Project Specific
155-
commitvigil.db
156155
*.db
156+
*.sqlite
157157
.ruff_cache/
158158
brain/
159159
docs/reference/prospecting_log.md
160-
docs/reference/demo_script.md
160+
docs/reference/demo_script.md
161+
# Ignore reports content but keep the folder
162+
reports/*
163+
!reports/.gitkeep

CONTRIBUTING.md

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
# Contributing to CommitVigil AI 🛡️
2+
3+
First off, thank you for considering contributing to CommitVigil! It's people like you that make CommitVigil a great tool for the community.
4+
5+
## 🌈 Our Vision
6+
CommitVigil aims to be the standard for high-performance accountability. We value code quality, security, and cultural intelligence.
7+
8+
## 🛠️ Getting Started
9+
1. **Fork the repository** on GitHub.
10+
2. **Clone your fork** locally.
11+
3. **Install dependencies** using `uv`:
12+
```bash
13+
uv sync
14+
```
15+
4. **Create a new branch** for your feature or fix.
16+
17+
## 📜 Code Standards
18+
We maintain high standards to ensure the "Truth-Gap" engine remains forensic grade:
19+
* **Typing**: All code must pass `mypy` with strict checking.
20+
* **Formatting**: We use `ruff` for linting and formatting.
21+
* **Testing**: Ensure all existing tests pass and add new ones for your changes.
22+
23+
## 🚀 Submitting a Pull Request
24+
1. **Pull the latest changes** from `main`.
25+
2. **Verify your changes** locally with `pytest`.
26+
3. **Push to your fork** and submit a Pull Request.
27+
4. **Describe your changes** clearly in the PR description.
28+
29+
## 🛡️ License
30+
By contributing to CommitVigil, you agree that your contributions will be licensed under its MIT License.

Dockerfile

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,16 @@ FROM python:3.12-slim AS builder
33

44
WORKDIR /app
55

6-
ENV PYTHONDONTWRITEBYTECODE=1
76
ENV PYTHONUNBUFFERED=1
7+
ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
8+
ENV REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
9+
10+
RUN apt-get update && apt-get install -y --no-install-recommends \
11+
gcc \
12+
libc-dev \
13+
libpq-dev \
14+
ca-certificates \
15+
&& rm -rf /var/lib/apt/lists/*
816

917
RUN pip install --no-cache-dir poetry
1018

@@ -29,13 +37,11 @@ COPY --from=builder /usr/local/bin /usr/local/bin
2937
# Copy app code with proper ownership to avoid slow chown later
3038
COPY --chown=commitvigil:commitvigil . .
3139

32-
# Ensure the database file is writable by the non-root user if using SQLite
33-
RUN touch commitvigil.db && chown commitvigil:commitvigil commitvigil.db && chmod 600 commitvigil.db
34-
40+
# User setup
3541
USER commitvigil
3642

3743
EXPOSE 8000
3844

3945
ENTRYPOINT ["/usr/bin/tini", "--"]
4046

41-
# We use docker-compose to decide whether to run 'uvicorn' or 'arq'
47+
# We use docker compose to decide whether to run 'uvicorn' or 'arq'

LICENSE

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
MIT License
2+
3+
Copyright (c) 2026 daretechie
4+
5+
Permission is hereby granted, free of charge, to any person obtaining a copy
6+
of this software and associated documentation files (the "Software"), to deal
7+
in the Software without restriction, including without limitation the rights
8+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9+
copies of the Software, and to permit persons to whom the Software is
10+
furnished to do so, subject to the following conditions:
11+
12+
The above copyright notice and this permission notice shall be included in all
13+
copies or substantial portions of the Software.
14+
15+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21+
SOFTWARE.

README.md

Lines changed: 27 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@
88
![Latency](https://img.shields.io/badge/target_P95_latency-<500ms-success?style=for-the-badge)
99
![Cost Savings](https://img.shields.io/badge/avg_token_savings-85%25-orange?style=for-the-badge)
1010
![ROI](https://img.shields.io/badge/est_net_ROI-%24558%2Fmonth-gold?style=for-the-badge)
11+
![Security](https://img.shields.io/badge/Security-Audit_Passed-success?style=for-the-badge)
12+
![Test Coverage](https://img.shields.io/badge/Coverage-85%25-success?style=for-the-badge)
1113

1214
> **"One Engine. Two Worlds. Total Accountability."**
1315
@@ -34,11 +36,13 @@ CommitVigil is a multi-agent system designed for high-stakes enforcement. It ada
3436

3537
---
3638

37-
### 🛡️ 2026 Enterprise Upgrade: Elite Guardrails
38-
The system now includes research-backed advanced features for global operations:
39-
- **Continuous Learning Pipeline**: Persists manager decisions to calculate **Intervention Acceptance Rates** and refine AI strategies.
39+
### 🛡️ 2026 Enterprise Upgrade: Autonomous Adaptation
40+
The system now includes self-evolving capabilities for global operations:
41+
- **Autonomous Context Sensing**: Automatically detects **Industry** (e.g., Gaming, Biotech) and **Department** (e.g., R&D, Sales) from communication patterns.
42+
- **Hierarchical Safety Enforcement**: Applies rules from specific (Department) to broad (Industry) to generic.
43+
- **Stabilization Layer**: Autonomous rules start as **Unverified** and trigger Human-in-the-Loop review. Once confirmed, context is **Locked** for stability.
4044
- **Cultural Persona Routing**: Automatically adapts tone for **Japanese (*Wa*)**, **German (*Sachlichkeit*)**, **French (Eloquence)**, **British English**, and **Spanish**.
41-
- **Industry Semantic Firewall**: Intent-based security for **Healthcare (HIPAA)** and **Finance (SEC)** compliance.
45+
4246

4347
## 🏗️ The Four-Stage Autonomous Pipeline
4448
Every commitment—whether from Slack or a Git Commit—passes through a deterministic reasoning loop:
@@ -59,6 +63,18 @@ Every commitment—whether from Slack or a Git Commit—passes through a determi
5963

6064
---
6165

66+
## 📂 Project Structure
67+
68+
```text
69+
CommitVigil/
70+
├── src/ # Core Application Logic
71+
├── tests/ # Comprehensive Test Suite
72+
├── infra/ # Infrastructure & Config (Prometheus, K8s, migrations)
73+
├── scripts/ # Ops & Demo Utilities (demo.sh)
74+
├── docs/ # Technical Documentation & ADRs
75+
└── README.md # This document
76+
```
77+
6278
## 📊 Professional Integrity Audits
6379

6480
Need a deep-dive into your team's commitment reliability? I offer **one-time AI-powered audits** for remote engineering teams.
@@ -105,5 +121,12 @@ curl -X 'GET' \
105121

106122

107123

124+
---
125+
## 🤝 Contributing
126+
CommitVigil is open source! We welcome contributions to our "Truth-Gap" engine and cultural personas. Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
127+
128+
## 📄 License
129+
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
130+
108131
---
109132
*Built for High-Performance Teams and Elite Portfolios.*

alembic.ini

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
# this is typically a path given in POSIX (e.g. forward slashes)
66
# format, relative to the token %(here)s which refers to the location of this
77
# ini file
8-
script_location = %(here)s/migrations
8+
script_location = %(here)s/infra/migrations
99

1010
# template used to generate migration file names; The default value is %%(rev)s_%%(slug)s
1111
# Uncomment the line below if you want the files to be prepended with date and time

demo.sh

Lines changed: 0 additions & 146 deletions
This file was deleted.

docker-compose.yml

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,20 @@
1+
name: commitvigil
2+
13
services:
24
api:
35
build: .
4-
command: uvicorn src.main:app --host 0.0.0.0 --port 8000
6+
command: uvicorn src.main:app --host 0.0.0.0 --port 8000 --reload
57
ports:
68
- "8000:8000"
79
environment:
810
- REDIS_URL=redis://redis:6379
911
- DATABASE_URL=postgresql+asyncpg://postgres:postgres@db:5432/commitvigil
12+
- SYNC_DATABASE_URL=postgresql://postgres:postgres@db:5432/commitvigil
1013
depends_on:
1114
- redis
1215
- db
16+
volumes:
17+
- .:/app
1318

1419

1520

@@ -19,9 +24,12 @@ services:
1924
environment:
2025
- REDIS_URL=redis://redis:6379
2126
- DATABASE_URL=postgresql+asyncpg://postgres:postgres@db:5432/commitvigil
27+
- SYNC_DATABASE_URL=postgresql://postgres:postgres@db:5432/commitvigil
2228
depends_on:
2329
- redis
2430
- db
31+
volumes:
32+
- .:/app
2533

2634
redis:
2735
image: redis:7-alpine
@@ -51,6 +59,6 @@ services:
5159
prometheus:
5260
image: prom/prometheus:v3.1.0
5361
volumes:
54-
- ./prometheus.yml:/etc/prometheus/prometheus.yml
62+
- ./infra/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
5563
ports:
5664
- "9090:9090"

0 commit comments

Comments
 (0)