(feat): Implement Contract Repo, VCS, Signing (#24)

* feat: contracts repo [WIP]

* refactor: encryption to file wise

* feat: vcs support for contracts

* chore: dump this shit cause it works

* fix: lint errors

* feat: implement key management

* feat: add UserPublicKey model and update related methods

* chore: trying to fix casing

* chore: `bruno` is finally lower case

* chore: Remove files

Author: HarshPatel5940

.gitignore

@@ -7,6 +7,8 @@ yarn-error.log*
 pnpm-debug.log*
 lerna-debug.log*
 
+*.pem
+/data/
 node_modules
 dist
 dist-ssr
@@ -49,4 +51,4 @@ __pycache__/
 
 # swarm
 swarm.egg-info
-marai_agents.egg-info
+marai_agents.egg-info

CODE_OF_CONDUCT.md

@@ -0,0 +1,61 @@
+# Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Enforcement Responsibilities
+
+Project maintainers are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is representing the community in public spaces. Examples of
+representing a community include using an official project e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the project team. All complaints will be reviewed and investigated
+promptly and fairly.
+
+All project team members are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org),
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html](https://www.contributor-covenant.org/version/2/1/code_of_conduct.html).

README.md

@@ -92,6 +92,47 @@ The system consists of multiple AWS and Azure services interacting to form a rob
 5. Configure Azure OpenAI API for AI-driven processing.
 6. Monitor performance using AWS CloudWatch.
 
+## Contract Management and Security
+
+Marai ensures secure and efficient contract management through the following measures:
+
+### Security Measures
+- **Role-Based Access Control (RBAC):**
+  - Permissions are enforced based on user roles (e.g., owner, admin, member).
+  - Only authorized users can create, update, delete, or view contracts.
+
+- **Data Encryption:**
+  - Contract files are encrypted using server-side encryption before being stored in the MinIO object storage.
+  - SHA-256 hashing is used to ensure file integrity.
+
+- **Audit Trails:**
+  - All actions on contracts (e.g., signing, viewing) are logged as signature events.
+  - These logs include metadata such as IP address, user agent, and timestamps.
+
+- **Soft Deletion:**
+  - Contracts are soft-deleted to prevent accidental data loss.
+  - Deleted contracts are marked with a `is_deleted` flag and retain their metadata for auditing purposes.
+
+- **Status Transitions:**
+  - Contracts follow a strict lifecycle (e.g., draft → pending_signature → signed → void).
+  - Invalid status transitions are rejected to maintain data integrity.
+
+### Features
+- **File Uploads:**
+  - Users can upload files to draft contracts.
+  - Uploaded files are securely stored and accessible only to authorized users.
+
+- **Party Management:**
+  - Parties can be added or removed from draft contracts.
+  - Each party has attributes like name, email, mobile, and role.
+
+- **Digital Signatures:**
+  - Parties can digitally sign contracts.
+  - Once all parties have signed, the contract status is updated to `signed`.
+
+- **Pagination and Filtering:**
+  - Contracts can be listed with filters (e.g., status, isTemplate) and pagination for efficient retrieval.
+
 ## Future Improvements
 - Implement serverless functions (AWS Lambda) for improved scalability.
 - Enhance AI models for better legal text processing.

apps/server/.air.toml

@@ -7,7 +7,7 @@ pre_cmd = []
 cmd = "make build"
 post_cmd = ["make clean"]
 delay = 0
-exclude_dir = ["public", "tmp", "vendor", "testdata"]
+exclude_dir = ["public", "tmp", "vendor", "testdata", "Bruno"]
 exclude_file = []
 exclude_regex = ["_test.go", "._templ.go", "._tmpl.go"]
 exclude_unchanged = false
@@ -41,4 +41,4 @@ clean_on_exit = true
 
 [screen]
 clear_on_rebuild = false
-keep_scroll = true
+keep_scroll = true

apps/server/.env.example

@@ -1 +1,16 @@
-DATABASE_URL="postgresql://postgres:postgres@localhost:5432/marai"
+PORT = "8080"
+DEBUG = "true"
+ENV = "development"
+CLIENT_URL = "http://localhost:3000"
+DATABASE_URL = nil
+GORILLA_SESSIONS_MAXAGE = "604800"
+GORILLA_SESSIONS_KEY = "NotSoSecretKey-ChangeMe-Please"
+TWILIO_ACCOUNT_SID = nil
+TWILIO_AUTH_TOKEN = nil
+TWILIO_VERIFY_SERVICE_ID = nil
+MINIO_ACCESS_KEY = nil
+MINIO_ACCESS_SECRET = nil
+MINIO_SSL_POLICY = "false"
+MINIO_BUCKET_NAME = "codeflick"
+MINIO_ENDPOINT = "localhost:9000"
+ENCRYPTION_MASTER_KEY = "replace_with_generated_key"

apps/server/Bruno/Create Lawfirm.bru

@@ -1,71 +1,29 @@
-# syntax=docker/dockerfile:1
+ARG GO_VERSION=1.24
+FROM golang:${GO_VERSION}-alpine AS build
 
-# Comments are provided throughout this file to help you get started.
-# If you need more help, visit the Dockerfile reference guide at
-# https://docs.docker.com/go/dockerfile-reference/
-
-# Want to help us make this template better? Share your feedback here: https://forms.gle/ybq9Krt8jtBL3iCk7
-
-################################################################################
-# Create a stage for building the application.
-ARG GO_VERSION=1.23.6
-FROM --platform=$BUILDPLATFORM golang:${GO_VERSION} AS build
 WORKDIR /src
 
-# Download dependencies as a separate step to take advantage of Docker's caching.
-# Leverage a cache mount to /go/pkg/mod/ to speed up subsequent builds.
-# Leverage bind mounts to go.sum and go.mod to avoid having to copy them into
-# the container.
+COPY go.mod go.sum ./
 RUN --mount=type=cache,target=/go/pkg/mod/ \
-    --mount=type=bind,source=go.sum,target=go.sum \
-    --mount=type=bind,source=go.mod,target=go.mod \
-    go mod download -x
+    go mod download || \
+    go mod download
 
-# This is the architecture you’re building for, which is passed in by the builder.
-# Placing it here allows the previous steps to be cached across architectures.
-ARG TARGETARCH
+COPY api/ ./api
+COPY cmd/ ./cmd
+COPY internal/ ./internal
+COPY go.mod .
+COPY go.sum .
 
-# Build the application.
-# Leverage a cache mount to /go/pkg/mod/ to speed up subsequent builds.
-# Leverage a bind mount to the current directory to avoid having to copy the
-# source code into the container.
-RUN --mount=type=cache,target=/go/pkg/mod/ \
-    --mount=type=bind,target=. \
+ARG TARGETARCH
+RUN --mount=type=cache,target=/root/.cache/go-build/ \
+    CGO_ENABLED=0 GOARCH=$TARGETARCH go build -o /bin/server cmd/main.go || \
     CGO_ENABLED=0 GOARCH=$TARGETARCH go build -o /bin/server cmd/main.go
 
-FROM alpine:latest AS final
-
-# Install any runtime dependencies that are needed to run your application.
-# Leverage a cache mount to /var/cache/apk/ to speed up subsequent builds.
-RUN --mount=type=cache,target=/var/cache/apk \
-    apk --update add \
-    ca-certificates \
-    tzdata \
-    curl \
-    && \
-    update-ca-certificates
-
-# Create a non-privileged user that the app will run under.
-# See https://docs.docker.com/go/dockerfile-user-best-practices/
-ARG UID=10001
-RUN adduser \
-    --disabled-password \
-    --gecos "" \
-    --home "/nonexistent" \
-    --shell "/sbin/nologin" \
-    --no-create-home \
-    --uid "${UID}" \
-    appuser
-USER appuser
-
-# copy the env file from .env
-COPY .env.local .env
-
-# Copy the executable from the "build" stage.
-COPY --from=build /bin/server /bin/
+FROM alpine:latest
+WORKDIR /app
+COPY --from=build /bin/server /app/server
+COPY .env.local /app/.env
 
-# Expose the port that the application listens on.
 EXPOSE 8080
 
-# What the container should run when it is started.
-ENTRYPOINT [ "/bin/server" ]
+ENTRYPOINT ["/app/server"]