draft-protocol 0.1.0__tar.gz

draft_protocol-0.1.0/.dockerignore

@@ -0,0 +1,30 @@
+.git
+.github
+__pycache__
+*.pyc
+*.pyo
+*.egg-info
+dist
+build
+.pytest_cache
+.mypy_cache
+.ruff_cache
+*.db
+*.log
+.env
+.secrets-baseline.json
+extension/
+docs/
+examples/
+tests/
+Makefile
+.pre-commit-config.yaml
+.editorconfig
+AGENTS.md
+RULES.md
+STRUCTURE.md
+CONTRIBUTING.md
+CODE_OF_CONDUCT.md
+SECURITY.md
+CHANGELOG.md
+docker-compose.example.yml

draft_protocol-0.1.0/.editorconfig

@@ -0,0 +1,27 @@
+# .editorconfig — consistent formatting across editors
+# https://editorconfig.org
+
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.md]
+trim_trailing_whitespace = false
+
+[*.yml]
+indent_size = 2
+
+[*.yaml]
+indent_size = 2
+
+[*.toml]
+indent_size = 4
+
+[Makefile]
+indent_style = tab

draft_protocol-0.1.0/.github/CODEOWNERS

@@ -0,0 +1,10 @@
+# CODEOWNERS — automatically request reviews
+# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+
+# Default: founder reviews everything
+* @georgegoytia
+
+# Governance-critical files require explicit review
+src/draft_protocol/engine.py @georgegoytia
+src/draft_protocol/storage.py @georgegoytia
+src/draft_protocol/config.py @georgegoytia

draft_protocol-0.1.0/.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,83 @@
+name: Bug Report
+description: Report a bug in DRAFT Protocol
+title: "[Bug]: "
+labels: ["bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for reporting! If this is a **governance bypass** (gate passed when it shouldn't have), please mark it as critical.
+
+  - type: textarea
+    id: description
+    attributes:
+      label: What happened?
+      description: Clear description of the bug.
+      placeholder: "When I called draft_gate after confirming all fields, it still returned BLOCKED..."
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected behavior
+      description: What should have happened instead?
+    validations:
+      required: true
+
+  - type: textarea
+    id: reproduce
+    attributes:
+      label: Steps to reproduce
+      description: Minimal steps to trigger the bug.
+      placeholder: |
+        1. `pip install draft-protocol`
+        2. `python -c "from draft_protocol import classify_tier; print(classify_tier('...'))"` 
+        3. See error...
+    validations:
+      required: true
+
+  - type: dropdown
+    id: transport
+    attributes:
+      label: Transport
+      options:
+        - stdio (MCP)
+        - SSE
+        - streamable-http
+        - REST API
+        - Library (import)
+    validations:
+      required: true
+
+  - type: dropdown
+    id: severity
+    attributes:
+      label: Severity
+      description: Is this a governance bypass?
+      options:
+        - Normal bug
+        - Governance bypass (gate failed to block)
+        - Security issue (see SECURITY.md instead)
+    validations:
+      required: true
+
+  - type: input
+    id: version
+    attributes:
+      label: Version
+      description: Output of `python -c "import draft_protocol; print(draft_protocol.__version__)"`
+      placeholder: "0.1.0"
+
+  - type: input
+    id: python
+    attributes:
+      label: Python version
+      placeholder: "3.13"
+
+  - type: textarea
+    id: logs
+    attributes:
+      label: Logs / error output
+      description: Paste any relevant error messages.
+      render: shell

draft_protocol-0.1.0/.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,55 @@
+name: Feature Request
+description: Suggest a new feature or enhancement
+title: "[Feature]: "
+labels: ["enhancement"]
+body:
+  - type: textarea
+    id: problem
+    attributes:
+      label: What problem does this solve?
+      description: What gap or limitation are you hitting?
+      placeholder: "I need DRAFT to support X because currently I have to..."
+    validations:
+      required: true
+
+  - type: textarea
+    id: solution
+    attributes:
+      label: Proposed solution
+      description: How should this work?
+    validations:
+      required: true
+
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives considered
+      description: Other approaches you've thought about.
+
+  - type: dropdown
+    id: area
+    attributes:
+      label: Area
+      options:
+        - MCP server (tools)
+        - REST API
+        - Chrome extension
+        - Engine (classification/mapping)
+        - Providers (LLM/embedding)
+        - Storage
+        - Documentation
+        - Docker/deployment
+        - Other
+    validations:
+      required: true
+
+  - type: dropdown
+    id: breaking
+    attributes:
+      label: Would this be a breaking change?
+      options:
+        - "No"
+        - "Yes"
+        - "Not sure"
+    validations:
+      required: true

draft_protocol-0.1.0/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,25 @@
+## What does this PR do?
+
+<!-- Brief description of the change. -->
+
+## Type of change
+
+- [ ] Bug fix (non-breaking change that fixes an issue)
+- [ ] New feature (non-breaking change that adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to change)
+- [ ] Documentation update
+- [ ] Security fix (governance bypass or vulnerability)
+
+## Checklist
+
+- [ ] Tests added/updated for this change
+- [ ] `make lint` passes
+- [ ] `make test` passes
+- [ ] Documentation updated if needed
+- [ ] CHANGELOG.md updated under `[Unreleased]`
+
+## Security considerations
+
+<!-- If this touches the gate, classification, or confirmation logic: what governance implications does it have? -->
+
+None / Describe below:

draft_protocol-0.1.0/.github/dependabot.yml

@@ -0,0 +1,25 @@
+# Dependabot — automated dependency updates
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates
+
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "deps:"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    labels:
+      - "dependencies"
+      - "ci"
+    commit-message:
+      prefix: "ci:"

draft_protocol-0.1.0/.github/workflows/ci.yml

@@ -0,0 +1,62 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v6
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+
+      - name: Lint
+        run: ruff check src/ tests/
+
+      - name: Test with coverage
+        run: pytest tests/ -v --tb=short --cov=draft_protocol --cov-report=term-missing --cov-report=xml
+
+      - name: Upload coverage
+        if: matrix.python-version == '3.12'
+        uses: codecov/codecov-action@v5
+        with:
+          file: coverage.xml
+          fail_ci_if_error: false
+
+  type-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: "3.12"
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+
+      - name: Type check
+        run: mypy src/draft_protocol/ --ignore-missing-imports --no-strict-optional

draft_protocol-0.1.0/.github/workflows/release.yml

@@ -0,0 +1,71 @@
+name: Release to PyPI
+
+on:
+  push:
+    tags:
+      - "v*"
+
+permissions:
+  contents: write
+  id-token: write
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v6
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+
+      - name: Lint
+        run: ruff check src/ tests/
+
+      - name: Test
+        run: pytest tests/ -v --tb=short
+
+  publish:
+    needs: test
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/project/draft-protocol/
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: "3.12"
+
+      - name: Install build tools
+        run: pip install build
+
+      - name: Build package
+        run: python -m build
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+  github-release:
+    needs: publish
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          generate_release_notes: true

draft_protocol-0.1.0/.gitignore

@@ -0,0 +1,46 @@
+# Python
+__pycache__/
+*.pyc
+*.pyo
+*.egg-info/
+*.egg
+dist/
+build/
+.eggs/
+
+# Virtual environments
+.venv/
+venv/
+env/
+
+# Testing
+*.db
+.pytest_cache/
+.coverage
+coverage.xml
+htmlcov/
+.mypy_cache/
+
+# Linting
+.ruff_cache/
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Distribution
+*.tar.gz
+*.whl
+
+# Security
+.secrets-baseline.json
+
+# Logs
+*.log

draft_protocol-0.1.0/.pre-commit-config.yaml

@@ -0,0 +1,24 @@
+# Pre-commit hooks — run before every commit
+# Install: pre-commit install
+# Run all: pre-commit run --all-files
+# https://pre-commit.com
+
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-toml
+      - id: check-added-large-files
+        args: ["--maxkb=500"]
+      - id: check-merge-conflict
+      - id: debug-statements
+
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.9.6
+    hooks:
+      - id: ruff
+        args: [--fix]
+      - id: ruff-format

draft_protocol-0.1.0/AGENTS.md

@@ -0,0 +1,49 @@
+# AGENTS.md — AI Agent Instructions
+
+> For AI coding assistants (Copilot, Cursor, Claude, etc.) working in this repo.
+
+## Project Overview
+
+**DRAFT Protocol** is an open-source intake governance layer for AI tool calls. It ensures AI understands human intent before execution begins, using a structured 5-dimension elicitation protocol with three tiers of rigor.
+
+**License:** Apache 2.0  
+**Language:** Python 3.10+  
+**Transport:** MCP (stdio, SSE, streamable-http) + REST API  
+
+## Key Directories
+
+```
+src/draft_protocol/     # Core library
+  engine.py             # Classification + mapping logic
+  server.py             # MCP server (FastMCP)
+  rest.py               # REST API (FastAPI)
+  storage.py            # SQLite persistence + audit trail
+  config.py             # Environment config + LLM provider setup
+  providers.py          # LLM provider abstraction (Ollama, OpenAI, Anthropic)
+extension/              # Chrome extension (works on 8 AI chat platforms)
+tests/                  # pytest suite (46+ tests)
+docs/                   # Product documentation
+```
+
+## Conventions
+
+- **Commits:** Conventional Commits (`feat:`, `fix:`, `docs:`, `chore:`, `test:`)
+- **Style:** ruff for linting + formatting, mypy for type checking
+- **Line length:** 120 characters
+- **Tests:** pytest. Run `make test` before committing
+- **Pre-commit:** Installed via `make dev`. Runs ruff + trailing whitespace + detect-secrets
+
+## What NOT to Do
+
+- Do not commit secrets, API keys, or `.env` files
+- Do not add dependencies without updating `pyproject.toml`
+- Do not modify `engine.py` or `storage.py` without running the full test suite
+- Do not bypass the DRAFT elicitation protocol in code — it's the product
+- Do not add files larger than 5MB
+
+## Related Repos
+
+| Repo | Purpose | Platform |
+|------|---------|----------|
+| vector-gate | Three-gate pipeline (product repo) | GitLab (private) |
+| draft-protocol | This repo — Gate 1 intake governance | GitHub (Apache 2.0) |

draft_protocol-0.1.0/CHANGELOG.md

@@ -0,0 +1,54 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+### Added
+- `docs/architecture.md` — system design, pipeline flow, security model, file layout
+- `docs/api.md` — REST API reference with all endpoints, request/response examples
+- `examples/basic_usage.py` — library usage example (no server needed)
+- `tests/test_security.py` — prompt injection, bypass, input validation tests
+- `tests/test_rest.py` — REST API endpoint tests with mock handler
+- `Dockerfile` — production container (Python 3.13-slim, non-root, SSE default)
+- `docker-compose.example.yml` — example stack with DRAFT + Ollama
+- `.dockerignore` — keep Docker image clean
+- `.github/ISSUE_TEMPLATE/bug_report.yml` — structured bug report template
+- `.github/ISSUE_TEMPLATE/feature_request.yml` — structured feature request template
+- `.github/PULL_REQUEST_TEMPLATE.md` — PR checklist
+
+### Fixed
+- `rest.py` `/status` endpoint called nonexistent `storage.get_session_state()` — replaced with inline session + gate query
+
+### Changed
+- `docs/README.md` updated to documentation index linking all docs
+- `STRUCTURE.md` updated to reflect all new files
+
+## [0.1.0] - 2025-02-21
+
+### Added
+- 15 MCP tools for structured intent elicitation via FastMCP
+- Three-tier automatic classification: Casual, Standard, Consequential
+- Five-dimension mapping: Define, Rules, Artifacts, Flex, Test
+- Confirmation gate blocks execution until all fields verified
+- Assumptions surfacing with Devil's Advocate support
+- Dimension screening for non-mandatory dimensions (R, A, F)
+- Gate override with audit trail for founder use
+- Elicitation review with quality self-assessment
+- Multi-provider LLM support: Ollama, OpenAI, Anthropic, any OpenAI-compatible API
+- Auto-detection of provider from model name
+- Graceful degradation to keyword heuristics without LLM
+- Prompt extraction attack detection (OWASP LLM07)
+- Empty/whitespace input rejection at all entry points
+- Full SQLite audit trail
+- REST API with CORS for Chrome extension and HTTP clients
+- Chrome extension for any AI chat (ChatGPT, Claude, Gemini, etc.)
+- 46 tests covering security, lifecycle, governance, and provider configuration
+- AGENTS.md, RULES.md, STRUCTURE.md for AI agent compatibility
+- Professional repo infrastructure: CONTRIBUTING, SECURITY, CODE_OF_CONDUCT
+
+[Unreleased]: https://github.com/georgegoytia/draft-protocol/compare/v0.1.0...HEAD
+[0.1.0]: https://github.com/georgegoytia/draft-protocol/releases/tag/v0.1.0

draft_protocol-0.1.0/CODE_OF_CONDUCT.md

@@ -0,0 +1,40 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior:
+
+* The use of sexualized language or imagery, and sexual attention or advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the project maintainers. All complaints will be reviewed and
+investigated promptly and fairly.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org/),
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html](https://www.contributor-covenant.org/version/2/1/code_of_conduct.html).