daai-console 0.1.0a2__tar.gz

daai_console-0.1.0a2/LICENSE

@@ -0,0 +1,17 @@
+DAAI Console Alpha SDK License
+
+Copyright (c) 2026 DAAI Console.
+
+This SDK is provided for alpha evaluation of DAAI Console. You may use, copy,
+and modify this SDK for the purpose of evaluating, testing, and integrating
+DAAI Console during the alpha period.
+
+Redistribution, resale, or production use outside an active DAAI Console alpha
+or written agreement requires prior written permission from DAAI Console.
+
+THE SDK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE, AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES, OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT, OR OTHERWISE, ARISING FROM, OUT OF, OR IN
+CONNECTION WITH THE SDK OR THE USE OR OTHER DEALINGS IN THE SDK.

daai_console-0.1.0a2/MANIFEST.in

@@ -0,0 +1,7 @@
+include LICENSE
+include README.md
+include pyproject.toml
+recursive-include docs *.md
+recursive-include examples *.py
+recursive-include tests *.py
+recursive-include src/daai_console py.typed

daai_console-0.1.0a2/PKG-INFO

@@ -0,0 +1,241 @@
+Metadata-Version: 2.4
+Name: daai-console
+Version: 0.1.0a2
+Summary: Python SDK for DAAI Console cooperative action governance.
+Author: DAAI Console
+License-Expression: LicenseRef-DAAI-Alpha
+Project-URL: Homepage, https://github.com/sanyAlam/daai-console-python
+Project-URL: Repository, https://github.com/sanyAlam/daai-console-python
+Project-URL: Issues, https://github.com/sanyAlam/daai-console-python/issues
+Keywords: ai,governance,approval,audit,sdk
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Typing :: Typed
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: httpx<1.0.0,>=0.28.0
+Provides-Extra: dev
+Requires-Dist: build<2.0.0,>=1.2.0; extra == "dev"
+Requires-Dist: pytest<9.0.0,>=8.4.0; extra == "dev"
+Dynamic: license-file
+
+# DAAI Console Python SDK
+
+DAAI Console is a governance layer for AI automations. It lets developers intercept risky registered agent actions before execution, route them through policy and approval, and produce audit receipts.
+
+This repository contains the public alpha Python SDK for DAAI Console.
+
+## What DAAI Console Is Not
+
+DAAI Console is intentionally narrow in alpha. It is not:
+
+- Magic interception of arbitrary code
+- A browser automation framework
+- A replacement for MCP
+- An OS-wide agent scanner
+- A full enterprise security platform
+
+## Execution Boundary
+
+DAAI Console governs proposal, policy, approval, status, and receipts.
+
+The developer application owns real business execution, local business logic, executor functions, external integrations, and worker or cron triggers. Place this SDK before risky functions. The SDK does not execute callbacks inside `intercept()`.
+
+## Install
+
+From PyPI:
+
+```bash
+pip install daai-console
+```
+
+Alpha pinning:
+
+```bash
+pip install daai-console==0.1.0a2
+```
+
+## Environment
+
+Set these values in your server-side environment:
+
+```bash
+export DAAI_API_KEY="..."
+export DAAI_WORKSPACE_KEY="..."
+export DAAI_BASE_URL="https://your-daai-api.example.com"
+```
+
+Do not expose these values in browser code or frontend bundles.
+
+## Minimal Client Example
+
+```python
+import os
+
+from daai_console import DaaiClient
+
+client = DaaiClient(
+    base_url=os.environ["DAAI_BASE_URL"],
+    api_key=os.environ["DAAI_API_KEY"],
+    workspace_key=os.environ["DAAI_WORKSPACE_KEY"],
+)
+
+payload = {
+    "invoice_id": "INV-1025",
+    "customer_name": "Acme Finance",
+    "amount": 1250,
+}
+
+proposal = client.intercept(
+    action="send_invoice_reminder",
+    payload=payload,
+    idempotency_key="invoice-reminder:INV-1025",
+)
+
+print(proposal.governance_status.value)
+print(proposal.executable)
+
+status = client.status(proposal.action_run_id)
+
+if status.executable:
+    try:
+        # Your app owns the real business execution.
+        provider_result = send_invoice_reminder(payload)
+        client.report_executed(
+            proposal.action_run_id,
+            execution_result={"provider_id": provider_result["id"]},
+        )
+    except Exception as exc:
+        client.report_failed(
+            proposal.action_run_id,
+            execution_error=f"{type(exc).__name__}: {exc}",
+        )
+else:
+    print("Not executable yet. Wait for approval or policy decision.")
+```
+
+## Runtime Helper Example
+
+The runtime helpers make the safe path easier: propose once, persist pending approvals locally, and run only after DAAI Console reports `executable=true`.
+
+```python
+import os
+
+from daai_console import (
+    DaaiActionRunner,
+    DaaiClient,
+    PendingActionManager,
+    SQLitePendingStore,
+)
+
+client = DaaiClient(
+    base_url=os.environ["DAAI_BASE_URL"],
+    api_key=os.environ["DAAI_API_KEY"],
+    workspace_key=os.environ["DAAI_WORKSPACE_KEY"],
+)
+store = SQLitePendingStore("daai_pending_actions.sqlite3")
+manager = PendingActionManager(client=client, pending_store=store)
+
+manager.propose(
+    action="send_invoice_reminder",
+    payload={"invoice_id": "INV-1025", "amount": 1250},
+    idempotency_key="invoice-reminder:INV-1025",
+)
+
+
+def send_invoice_reminder_executor(payload: dict) -> dict:
+    # Keep your existing execution function here.
+    return {"message_id": "example-local-result"}
+
+
+runner = DaaiActionRunner(client=client, pending_store=store)
+runner.when_executable(
+    action="send_invoice_reminder",
+    run=send_invoice_reminder_executor,
+)
+
+executed_count = runner.run_pending_once()
+print(f"Executed {executed_count} approved action(s).")
+```
+
+## Live Alpha Smoke Tests
+
+The unit tests in `tests/` are mocked SDK-internal tests. They do not call DAAI Console and should remain safe for normal local runs and CI.
+
+The scripts in `examples/live_*.py` are opt-in live smoke tests for alpha testers with real DAAI Console credentials. They call the configured API and should be run manually against a staging or alpha workspace.
+
+Before running live scripts, make sure the action is already registered in your DAAI Console workspace. The default expected action is `send_invoice_reminder`. You can override it with `DAAI_TEST_ACTION_NAME`.
+
+Set required environment variables:
+
+```bash
+export DAAI_API_KEY="..."
+export DAAI_WORKSPACE_KEY="..."
+export DAAI_BASE_URL="https://stage.api.daaihq.com"
+```
+
+`DAAI_BASE_URL` must point to the API, not the dashboard. For staging, use `https://stage.api.daaihq.com`, not `https://stage.daaihq.com`.
+
+Optional environment variables:
+
+```bash
+export DAAI_TEST_ACTION_NAME="send_invoice_reminder"
+export DAAI_PENDING_DB_PATH="./daai_alpha_pending.db"
+```
+
+Run the low-level client smoke test:
+
+```bash
+python examples/live_client_smoke.py
+```
+
+Run the runtime smoke flow:
+
+```bash
+python examples/live_runtime_smoke.py propose
+python examples/live_runtime_smoke.py list-pending
+```
+
+If the proposal returns `pending_approval`, approve it from the approval email or dashboard. The SDK does not auto-approve and does not bypass governance. After approval, run:
+
+```bash
+python examples/live_runtime_smoke.py run-pending
+```
+
+`run-pending` uses `DaaiActionRunner` and a fake executor. It only simulates execution, and only runs when DAAI Console reports `executable=true`.
+
+If the API returns `blocked` or `unknown_action`, it usually means the action is not registered in the workspace, the API/workspace key belongs to another workspace, or the action name does not match exactly. Register the action in the dashboard first, then rerun the script with the same action name.
+
+## Security Notes
+
+- Store `DAAI_API_KEY` and `DAAI_WORKSPACE_KEY` server-side only.
+- Do not expose keys in browser or frontend code.
+- Approval links should not contain sensitive payload data.
+- Local pending stores may contain business payloads; treat them as sensitive.
+- The SDK does not execute callbacks inside `intercept()`.
+- Rejected and blocked actions should not execute.
+
+## Known Limitations
+
+- Python SDK first.
+- Cooperative interception only.
+- Developers must register and gate actions explicitly.
+- No automatic arbitrary-code interception.
+- Staging alpha APIs may change.
+- No enterprise RBAC in alpha.
+
+## Alpha Docs
+
+- [Alpha test checklist](docs/alpha-test-checklist.md)
+- [Security model](docs/security-model.md)
+- [Agency adoption prompt](docs/agency-adoption-prompt.md)
+- [Known limitations](docs/known-limitations.md)
+- [Staging alpha guide](docs/staging-alpha-guide.md)

daai_console-0.1.0a2/README.md

@@ -0,0 +1,212 @@
+# DAAI Console Python SDK
+
+DAAI Console is a governance layer for AI automations. It lets developers intercept risky registered agent actions before execution, route them through policy and approval, and produce audit receipts.
+
+This repository contains the public alpha Python SDK for DAAI Console.
+
+## What DAAI Console Is Not
+
+DAAI Console is intentionally narrow in alpha. It is not:
+
+- Magic interception of arbitrary code
+- A browser automation framework
+- A replacement for MCP
+- An OS-wide agent scanner
+- A full enterprise security platform
+
+## Execution Boundary
+
+DAAI Console governs proposal, policy, approval, status, and receipts.
+
+The developer application owns real business execution, local business logic, executor functions, external integrations, and worker or cron triggers. Place this SDK before risky functions. The SDK does not execute callbacks inside `intercept()`.
+
+## Install
+
+From PyPI:
+
+```bash
+pip install daai-console
+```
+
+Alpha pinning:
+
+```bash
+pip install daai-console==0.1.0a2
+```
+
+## Environment
+
+Set these values in your server-side environment:
+
+```bash
+export DAAI_API_KEY="..."
+export DAAI_WORKSPACE_KEY="..."
+export DAAI_BASE_URL="https://your-daai-api.example.com"
+```
+
+Do not expose these values in browser code or frontend bundles.
+
+## Minimal Client Example
+
+```python
+import os
+
+from daai_console import DaaiClient
+
+client = DaaiClient(
+    base_url=os.environ["DAAI_BASE_URL"],
+    api_key=os.environ["DAAI_API_KEY"],
+    workspace_key=os.environ["DAAI_WORKSPACE_KEY"],
+)
+
+payload = {
+    "invoice_id": "INV-1025",
+    "customer_name": "Acme Finance",
+    "amount": 1250,
+}
+
+proposal = client.intercept(
+    action="send_invoice_reminder",
+    payload=payload,
+    idempotency_key="invoice-reminder:INV-1025",
+)
+
+print(proposal.governance_status.value)
+print(proposal.executable)
+
+status = client.status(proposal.action_run_id)
+
+if status.executable:
+    try:
+        # Your app owns the real business execution.
+        provider_result = send_invoice_reminder(payload)
+        client.report_executed(
+            proposal.action_run_id,
+            execution_result={"provider_id": provider_result["id"]},
+        )
+    except Exception as exc:
+        client.report_failed(
+            proposal.action_run_id,
+            execution_error=f"{type(exc).__name__}: {exc}",
+        )
+else:
+    print("Not executable yet. Wait for approval or policy decision.")
+```
+
+## Runtime Helper Example
+
+The runtime helpers make the safe path easier: propose once, persist pending approvals locally, and run only after DAAI Console reports `executable=true`.
+
+```python
+import os
+
+from daai_console import (
+    DaaiActionRunner,
+    DaaiClient,
+    PendingActionManager,
+    SQLitePendingStore,
+)
+
+client = DaaiClient(
+    base_url=os.environ["DAAI_BASE_URL"],
+    api_key=os.environ["DAAI_API_KEY"],
+    workspace_key=os.environ["DAAI_WORKSPACE_KEY"],
+)
+store = SQLitePendingStore("daai_pending_actions.sqlite3")
+manager = PendingActionManager(client=client, pending_store=store)
+
+manager.propose(
+    action="send_invoice_reminder",
+    payload={"invoice_id": "INV-1025", "amount": 1250},
+    idempotency_key="invoice-reminder:INV-1025",
+)
+
+
+def send_invoice_reminder_executor(payload: dict) -> dict:
+    # Keep your existing execution function here.
+    return {"message_id": "example-local-result"}
+
+
+runner = DaaiActionRunner(client=client, pending_store=store)
+runner.when_executable(
+    action="send_invoice_reminder",
+    run=send_invoice_reminder_executor,
+)
+
+executed_count = runner.run_pending_once()
+print(f"Executed {executed_count} approved action(s).")
+```
+
+## Live Alpha Smoke Tests
+
+The unit tests in `tests/` are mocked SDK-internal tests. They do not call DAAI Console and should remain safe for normal local runs and CI.
+
+The scripts in `examples/live_*.py` are opt-in live smoke tests for alpha testers with real DAAI Console credentials. They call the configured API and should be run manually against a staging or alpha workspace.
+
+Before running live scripts, make sure the action is already registered in your DAAI Console workspace. The default expected action is `send_invoice_reminder`. You can override it with `DAAI_TEST_ACTION_NAME`.
+
+Set required environment variables:
+
+```bash
+export DAAI_API_KEY="..."
+export DAAI_WORKSPACE_KEY="..."
+export DAAI_BASE_URL="https://stage.api.daaihq.com"
+```
+
+`DAAI_BASE_URL` must point to the API, not the dashboard. For staging, use `https://stage.api.daaihq.com`, not `https://stage.daaihq.com`.
+
+Optional environment variables:
+
+```bash
+export DAAI_TEST_ACTION_NAME="send_invoice_reminder"
+export DAAI_PENDING_DB_PATH="./daai_alpha_pending.db"
+```
+
+Run the low-level client smoke test:
+
+```bash
+python examples/live_client_smoke.py
+```
+
+Run the runtime smoke flow:
+
+```bash
+python examples/live_runtime_smoke.py propose
+python examples/live_runtime_smoke.py list-pending
+```
+
+If the proposal returns `pending_approval`, approve it from the approval email or dashboard. The SDK does not auto-approve and does not bypass governance. After approval, run:
+
+```bash
+python examples/live_runtime_smoke.py run-pending
+```
+
+`run-pending` uses `DaaiActionRunner` and a fake executor. It only simulates execution, and only runs when DAAI Console reports `executable=true`.
+
+If the API returns `blocked` or `unknown_action`, it usually means the action is not registered in the workspace, the API/workspace key belongs to another workspace, or the action name does not match exactly. Register the action in the dashboard first, then rerun the script with the same action name.
+
+## Security Notes
+
+- Store `DAAI_API_KEY` and `DAAI_WORKSPACE_KEY` server-side only.
+- Do not expose keys in browser or frontend code.
+- Approval links should not contain sensitive payload data.
+- Local pending stores may contain business payloads; treat them as sensitive.
+- The SDK does not execute callbacks inside `intercept()`.
+- Rejected and blocked actions should not execute.
+
+## Known Limitations
+
+- Python SDK first.
+- Cooperative interception only.
+- Developers must register and gate actions explicitly.
+- No automatic arbitrary-code interception.
+- Staging alpha APIs may change.
+- No enterprise RBAC in alpha.
+
+## Alpha Docs
+
+- [Alpha test checklist](docs/alpha-test-checklist.md)
+- [Security model](docs/security-model.md)
+- [Agency adoption prompt](docs/agency-adoption-prompt.md)
+- [Known limitations](docs/known-limitations.md)
+- [Staging alpha guide](docs/staging-alpha-guide.md)

daai_console-0.1.0a2/docs/agency-adoption-prompt.md

@@ -0,0 +1,69 @@
+# Agency Adoption Prompt
+
+Use this prompt inside Codex, Claude, or another coding assistant when adapting an existing client project to DAAI Console. It is intentionally scoped: adopt DAAI Console one risky action at a time, without broad rewrites.
+
+## Copy-Paste Prompt
+
+````text
+You are helping me evaluate and integrate DAAI Console into an existing software project.
+
+DAAI Console is a governance layer for AI automations. It lets developers intercept risky registered agent actions before execution, route them through deterministic policy and client approval, and produce audit receipts.
+
+Important boundary:
+- DAAI Console performs cooperative pre-execution interception for registered actions.
+- DAAI Console does not magically intercept all AI activity.
+- DAAI Console does not execute my business callback inside intercept().
+- My application still owns real execution, local business logic, executor functions, external integrations, and worker or cron triggers.
+- The SDK must be placed before the risky function.
+
+Your job:
+1. Explain DAAI Console clearly in simple terms with real Python code snippets.
+2. Explain how the runtime helpers manage pending approvals:
+   - PendingActionManager proposes and stores pending approvals.
+   - SQLitePendingStore persists pending action state across restarts.
+   - DaaiActionRunner polls DAAI Console and only runs executors when executable=true.
+3. Do not refactor the whole project.
+4. Do not inspect my project files until I explicitly approve that step.
+5. Identify one risky action at a time.
+6. Ask a follow-up question before changing code.
+7. Preserve existing code stability.
+8. Add DAAI Console as a gate before one selected risky action.
+9. Keep my existing execution function unchanged where possible.
+10. Add tests around the single adapted action.
+
+When showing code, use the public package name and import path:
+
+```python
+from daai_console import DaaiClient
+```
+
+Use these environment variables:
+- DAAI_API_KEY
+- DAAI_WORKSPACE_KEY
+- DAAI_BASE_URL
+
+Show examples for:
+- client.intercept(...)
+- client.status(...)
+- client.report_executed(...)
+- client.report_failed(...)
+- PendingActionManager
+- SQLitePendingStore
+- DaaiActionRunner
+- runner.when_executable(...)
+- runner.run_pending_once()
+
+Your first response must do exactly this:
+1. Explain DAAI Console in simple terms.
+2. State that DAAI Console performs cooperative pre-execution interception for registered actions.
+3. State that it does not magically intercept all AI activity.
+4. Explain that adoption should happen one critical action at a time.
+5. Ask me what I want to do next with these numbered options:
+   1. Learn DAAI Console deeper
+   2. Identify risky actions in this project
+   3. Integrate DAAI Console around one selected action
+   4. Understand policy/approval flow
+   5. Add a worker/runner for approved actions
+
+Do not change files until I choose an option and explicitly approve inspection or edits.
+````

daai_console-0.1.0a2/docs/alpha-test-checklist.md

@@ -0,0 +1,81 @@
+# Alpha Test Checklist
+
+This checklist is written for cybersecurity-minded alpha testers evaluating the DAAI Console Python SDK.
+
+## Before Running The Live Scripts
+
+- Sign up or log in to DAAI Console.
+- Create or select a workspace.
+- Copy a server-side API key.
+- Copy the workspace key.
+- Register an action named `send_invoice_reminder`.
+- Set the action policy to `always_require_approval` for the first smoke test.
+- Set the approver email for the workspace/action.
+- Export `DAAI_API_KEY`, `DAAI_WORKSPACE_KEY`, and `DAAI_BASE_URL`.
+- Confirm `DAAI_BASE_URL` points to the API, for example `https://stage.api.daaihq.com`, not the dashboard.
+- Run `python examples/live_client_smoke.py`.
+- Approve the action from the approval email or dashboard.
+- Run `python examples/live_runtime_smoke.py propose`.
+- Run `python examples/live_runtime_smoke.py run-pending` after approval.
+
+## Setup Verification
+
+- Install the SDK from the local wheel: `pip install ./dist/daai_console-0.1.0a2-py3-none-any.whl`
+- Configure `DAAI_BASE_URL` in a server-side environment.
+- Configure `DAAI_API_KEY` in a server-side environment.
+- Configure `DAAI_WORKSPACE_KEY` in a server-side environment.
+- Run `python examples/staging_alpha_test.py --dry-run` to confirm the example can load safely without making API calls.
+- Run `python examples/staging_alpha_test.py` against the staging API when ready.
+
+## Happy Path
+
+- Propose a registered risky action with `intercept()` or `PendingActionManager.propose()`.
+- Observe `governance_status=pending_approval` and `executable=false`.
+- Receive the approval email at the configured approver address.
+- Approve the action from the email approval link.
+- Confirm `status()` returns `executable=true`.
+- Run the local executor through `DaaiActionRunner.run_pending_once()` or your own guarded worker.
+- Report successful execution with `report_executed()`.
+- Verify the receipt in the dashboard action-run detail view.
+
+## Negative Path
+
+- Confirm a wrong API key fails clearly and does not expose secrets.
+- Confirm a wrong workspace key fails clearly and does not expose secrets.
+- Confirm an unknown action is blocked or rejected by the API.
+- Confirm a pending action does not execute.
+- Confirm a rejected action does not execute.
+- Confirm a blocked action does not execute.
+
+## Local Persistence Test
+
+- Propose an action that requires approval using `SQLitePendingStore`.
+- Confirm the pending run persists in the SQLite database.
+- Stop and restart the worker process.
+- Confirm the worker can resume later from the same SQLite file.
+- Confirm the runner only executes when `executable=true`.
+
+## Security Review Questions
+
+- Are API keys and workspace keys handled safely?
+- Does the SDK ever execute before approval?
+- Are payloads unnecessarily exposed to DAAI Console or logs?
+- Is the local SQLite store safe enough for the expected use case?
+- Are errors clear without leaking secrets?
+- Are audit receipts clear enough for the client or auditor?
+- Is the approval boundary understandable to developers and approvers?
+- Can a developer accidentally misuse the SDK and execute a risky action anyway?
+- What should be made stricter before public release?
+
+## Feedback Format
+
+Please report findings with this structure:
+
+```text
+Security concern:
+Severity:
+Reproduction steps:
+Expected behavior:
+Actual behavior:
+Suggested fix:
+```

daai_console-0.1.0a2/docs/known-limitations.md

@@ -0,0 +1,14 @@
+# Known Limitations
+
+- Python SDK first.
+- Cooperative interception only.
+- Developers must register and gate actions explicitly.
+- No automatic arbitrary-code interception.
+- Staging alpha APIs may change.
+- No enterprise RBAC in alpha.
+- No MCP integration in alpha.
+- No Slack, WhatsApp, or webhook continuation in alpha.
+- Live examples require a registered action.
+- Unknown actions are blocked by design.
+- Approval email is only sent for registered actions whose policy requires approval.
+- The SDK does not auto-approve or bypass governance.

daai_console-0.1.0a2/docs/security-model.md

@@ -0,0 +1,50 @@
+# Security Model
+
+DAAI Console alpha is a cooperative governance layer for registered agent actions. It is designed to help developers pause risky actions before execution, route those actions through deterministic policy and approval, and preserve an audit trail.
+
+## Threat Model For Alpha
+
+The alpha assumes a developer intentionally integrates the SDK before selected risky actions. The developer app is trusted to call DAAI Console before executing those actions and to respect `executable=false` decisions.
+
+The alpha is mainly concerned with accidental execution before approval, unclear audit trails, local loss of pending approval state, and ambiguous execution reporting.
+
+## What The SDK Protects Against
+
+- Accidental execution before approval when developers use the SDK/runtime as intended.
+- Missing approval audit trail for registered actions governed by DAAI Console.
+- Loss of pending action state when `SQLitePendingStore` is used.
+- Unclear execution reporting by providing explicit `report_executed()` and `report_failed()` calls.
+
+## What The SDK Does Not Protect Against
+
+- A malicious developer bypassing the SDK.
+- Compromised API keys or workspace keys.
+- A compromised host machine.
+- A malicious external integration called by the developer app.
+- A developer storing payloads insecurely.
+- Arbitrary code execution that was never registered or gated through DAAI Console.
+
+## Trust Boundary
+
+The trust boundary has five parts:
+
+- SDK: proposes actions, checks status, reports execution, and optionally stores pending actions locally.
+- DAAI Console API: validates keys, evaluates deterministic policy, manages approval state, and records receipts.
+- Developer application: decides where to place the gate and owns business logic.
+- Local executor: performs the real external action only after approval or allow decision.
+- Approval email recipient: reviews the approval context and approves or rejects the action.
+
+## Key Handling Rules
+
+- Keep API keys and workspace keys server-side only.
+- Never place keys in browser JavaScript, mobile apps, public repositories, or logs.
+- Rotate or revoke keys immediately if leaked.
+- Use separate keys per environment when possible.
+
+## Payload Handling
+
+- Send only what is needed for approval and audit.
+- Avoid unnecessary secrets, tokens, credentials, and sensitive PII in payloads.
+- Approval links should not contain sensitive payload data.
+- Local pending stores can contain sensitive business payloads.
+- Protect SQLite files with normal server file permissions, disk encryption where appropriate, and environment-specific retention policies.