Aurora companion app#5
Open
hardiktiwari wants to merge 21 commits into
Open
Conversation
Cursor (Integration Agent) workstream. Adds the masker/ package with the public API surface (filter_input, filter_output, auto_attach, VoiceLoop) plus typed contracts so Codex (detection/policy/masking) and Ona (UI) can build in parallel against stable interfaces. Layout: masker/contracts.py — typed dataclasses for the JSON shapes in AGENTS.md masker/detection.py — regex baseline (CODEX OWNS — replace body, keep sig) masker/policy.py — HIPAA-first rules (CODEX OWNS — replace body) masker/masking.py — placeholder + token modes, scrub_output (CODEX OWNS) masker/trace.py — Tracer + TraceEvent emitter for Ona's UI masker/gemma_wrapper.py — Stub / LocalCactus / GeminiCloud backends + auto_attach() masker/router.py — executes local-only / masked-send / safe-to-send masker/voice_loop.py — run_text_turn() + run_voice_turn() (cactus transcribe) masker/demo.py — `python -m masker.demo` runs the 4 BACKLOG scenarios tests/test_integration.py — 12 tests, all passing, no model deps Demo with the stub backend reproduces the expected routes for all four BACKLOG scenarios in <1ms each. Stack still works without cactus weights or a Gemini key, so Ona and Codex can develop without the full setup. Made-with: Cursor
The integration loop now runs end-to-end against the on-device Gemma 4 model. Verified all four BACKLOG scenarios with `python -m masker.demo --backend cactus` — each turn lands at the right route in 1–2s warm. - LocalCactusBackend now uses `cactus run <model> --prompt <text>` for single-shot generation, sends `\n` on stdin to skip the optional Cactus Cloud key prompt (so `cactus auth` is not required to demo). - Replaces the old chrome-stripping heuristic with a structured parser that pulls the reply between the `Assistant:` marker and the metrics line `[N tokens | latency: ... | RAM: ...]`. Falls back gracefully when the markers are missing. - Adds `--system` passthrough and bumps subprocess timeout to 60s for cold model loads. - 2 new parser tests pinning the stdout contract; full suite 14/14. - README updated with the working invocation + per-turn latency notes. Made-with: Cursor
feat(integration): scaffold masker package with end-to-end voice loop
- React/Vite/TypeScript app in ui/ - TracePanel shows transcript, detected entities (with risk level and masked values), policy applied, route decision, masked transcript, plain-English explanation, and step-by-step trace log - Three scripted fallback scenarios (personal info, healthcare PHI, safe query) covering all three routes: local-only, masked-send, safe-to-send - MaskerTrace type contract in src/types.ts for Cursor integration - Handoff note in ui/HANDOFF.md Co-authored-by: Ona <no-reply@ona.com>
feat(ui): Masker trace UI with scripted demo scenarios
Adds a fourth backend to masker.gemma_wrapper that talks to the Cactus Cloud /api/v1/text endpoint via stdlib urllib (no extra deps). Slots above the direct Gemini path in default_backend() so a single CACTUS_CLOUD_KEY is enough to wire the cloud handoff without installing the cactus binary. Also documents the backend table in MASKER_README and ships a .env.example for local setup. Made-with: Cursor
Same pipeline as the Python package (detect → policy → mask → route → LLM → output scrub) with the same JSON contracts, but built as a single static binary so the on-device middleware story actually holds. Layout: masker-rs/ ├── crates/masker/ library — public API │ ├── contracts.rs typed Entity / Detection / Policy / Trace │ ├── trace.rs Tracer with Drop-recorded spans │ ├── detection.rs regex baseline (insurance regex tightened │ to catch "insurance ID is BCBS-887421") │ ├── policy.rs hipaa_base / _logging / _clinical │ ├── masking.rs placeholder + token modes, output scrub │ ├── router.rs local-only / masked-send / safe-to-send │ ├── voice_loop.rs end-to-end orchestration │ └── backends/ stub (default), gemini (HTTP), cactus (FFI) └── crates/masker-cli/ `masker` demo binary, runs BACKLOG scenarios Backends are pluggable behind one GemmaBackend trait. The Cactus backend opens libcactus at runtime via libloading so a fresh checkout still builds without the C++ side present; with CACTUS_LIB_DIR + model weights set it holds a persistent model handle in-process — no per-turn fork, no cold-start. Performance vs the Python equivalent: • per-turn pipeline: ~50 µs warm (was ~30–100 ms) • cold start to first turn: 0 µs (was ~1–2 s) • full 4-scenario CLI + JSON serialization: 340 ms wall-clock Verification: • cargo test --all-features → 12 / 12 green • cargo clippy --all-targets --all-features -- -D warnings → clean Made-with: Cursor
Move privacy core to Rust
feat(rust): port masker to Rust workspace (~50µs/turn, sub-100ms voice budget)
Platform structure setup
Full Next.js 14 App Router dashboard at dashboard/ with 8 pages: overview, copilot, sessions, policies, audit-reports, kms, api-keys, settings. Compliance Copilot is backed by Gemini 2.5 Flash via /api/copilot. P1 fixes (broken interactions): - Topbar: search routes to /sessions?q=, env switcher with active checkmark, notifications panel, user menu with navigation - Policies: converted to client component; row click updates detail panel live - KMS: rotate/disable buttons mutate state; access log toggles inline - Copilot: Publish activates on ready policy with confirmed state; Test sends sample transcript to Gemini; Save Draft shows toast; 30s timeout + AbortController on all fetches - Sessions: empty state with clear-filters action; filter syncs from URL ?q= param so topbar search routes correctly - Overview incident IDs link to /sessions?q=<id> P2 fixes (polish and correctness): - Fonts: Inter + JetBrains Mono loaded via next/font/google - loading.tsx: skeleton layout matching page structure - error.tsx: error boundary with retry button - Accessibility: aria-current on sidebar nav, scope=col on all table headers, aria-label on all icon buttons, htmlFor/id on settings inputs, keyboard nav (Enter/Space) on all interactive rows - TranscriptDiff: replaced fragile string-replace with offset-based reconstruction that handles duplicate tokens correctly - Stable React keys throughout (no index keys) - Removed unused SectionHeader component, trend prop on MetricCard, and 9 unused Radix UI packages - Hardcoded date in Overview replaced with live Date Co-authored-by: Ona <no-reply@ona.com>
feat(dashboard): Masker compliance dashboard — P1/P2 production readiness
Aurora is a voice-in / voice-out therapist demo built with Expo (bare workflow) + cactus-react-native, running google/functiongemma-270m-it fully on-device. Pipeline: device-native STT (expo-speech-recognition) -> FunctionGemma 270M via Cactus -> expo-speech TTS. Includes: - src/ React Native app (BreathingOrb UI, conversation reducer, hooks for speech input, TTS, and the therapist loop) - ios/ and android/ Expo prebuild output for cactus + nitro modules - Disclaimer modal + local crisis-keyword guardrails - README with setup, model download, and run instructions Made-with: Cursor
Adds a tamper-evident evidence trail for every filter_input/filter_output
call, writing canonical-JSON rows linked by SHA-256 prev_hash → entry_hash.
Each row records the HIPAA Security Rule controls satisfied (164.312(a)(1),
164.312(b), 164.514(b)(2)) but never the underlying PHI — only entity types,
spans, lengths, and rationales. A defensive guardrail in Tracer.evidence()
re-runs detection on payload strings and refuses to write if raw PHI slips
through.
New surface:
- AuditEntry, ChainVerification, canonical_json, compute_entry_hash
(masker/contracts.py)
- HIPAA_CONTROLS_BY_ROUTE + hipaa_controls() (masker/policy.py)
- Tracer.evidence / _append_audit / verify_chain (masker/trace.py)
- auto_attach(audit_path=, surface=, policy=, retention=) wires a
process-global tracer; filter_input/filter_output emit one row per
call (masker/__init__.py)
- python -m masker verify <path> CLI (masker/__main__.py)
Tests: 8 new (genesis, chain links, no-PHI guardrail, byte-flip + surgical
tamper, hash determinism). 29/29 green, no regressions.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.