{"id":50454118,"url":"https://github.com/mizcausevic-dev/procurement-decision-api","last_synced_at":"2026-06-01T01:05:43.945Z","repository":{"id":358080919,"uuid":"1239224031","full_name":"mizcausevic-dev/procurement-decision-api","owner":"mizcausevic-dev","description":"FastAPI service that drafts AI Procurement Decision Cards (Kinetic Gain Protocol Suite spec #11) from a buyer rubric and vendor Suite documents. First cross-ecosystem bridge: Suite x Decision Intelligence.","archived":false,"fork":false,"pushed_at":"2026-05-15T17:10:14.000Z","size":27,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-15T18:16:54.398Z","etag":null,"topics":["ai-governance","decision-intelligence","fastapi","httpx","kinetic-gain-protocol-suite","nist-ai-rmf","procurement","pydantic","python"],"latest_commit_sha":null,"homepage":"https://kineticgain.com/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mizcausevic-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-14T22:12:31.000Z","updated_at":"2026-05-15T15:51:31.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/mizcausevic-dev/procurement-decision-api","commit_stats":null,"previous_names":["mizcausevic-dev/procurement-decision-api"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/mizcausevic-dev/procurement-decision-api","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fprocurement-decision-api","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fprocurement-decision-api/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fprocurement-decision-api/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fprocurement-decision-api/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mizcausevic-dev","download_url":"https://codeload.github.com/mizcausevic-dev/procurement-decision-api/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fprocurement-decision-api/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33755379,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-31T02:00:06.040Z","response_time":95,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-governance","decision-intelligence","fastapi","httpx","kinetic-gain-protocol-suite","nist-ai-rmf","procurement","pydantic","python"],"created_at":"2026-06-01T01:05:39.870Z","updated_at":"2026-06-01T01:05:43.939Z","avatar_url":"https://github.com/mizcausevic-dev.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# procurement-decision-api\n\n[![CI](https://github.com/mizcausevic-dev/procurement-decision-api/actions/workflows/ci.yml/badge.svg)](https://github.com/mizcausevic-dev/procurement-decision-api/actions/workflows/ci.yml)\n[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://opensource.org/licenses/MIT)\n[![Python](https://img.shields.io/badge/python-3.11+-blue.svg)](https://www.python.org/downloads/)\n[![Framework: FastAPI](https://img.shields.io/badge/framework-FastAPI-009688.svg)](https://fastapi.tiangolo.com/)\n\n\u003e The machine that produces buyer-side AI procurement decisions, schema-conformant and ready to publish.\n\nA FastAPI service that ingests a buyer's evaluation rubric plus a set of vendor [Kinetic Gain Protocol Suite](https://suite.kineticgain.com/) declarations and returns a draft [AI Procurement Decision Card](https://github.com/mizcausevic-dev/ai-procurement-decision-spec) (spec #11 of the Suite). The Decision Card is the canonical machine-readable carrier for NIST AI RMF-aligned procurement outcomes under OMB M-24-10 — see the [crosswalk doc](https://suite.kineticgain.com/docs/nist-rmf-crosswalk.md).\n\n## The cross-ecosystem bridge\n\nThis is the first repo that **composes** the [Kinetic Gain Protocol Suite](https://suite.kineticgain.com/) with the [Decision Intelligence Engines](https://github.com/mizcausevic-dev?tab=repositories) portfolio:\n\n```\nVendor publishes:                Buyer publishes (this service produces):\n─────────────────────────        ────────────────────────────────────────\nAEO Protocol Card           ┐\nTool Disclosure             │\nClinical AI Card            ├──\u003e AI Procurement Decision Card\nStudent AI Disclosure       │       (status / rubric / conditions /\nAgent Card                  │        documents reviewed / rationale)\n…the other six specs…       ┘\n```\n\n## Quick start\n\n```bash\npip install procurement-decision-api\nprocurement-decision-api  # listens on http://0.0.0.0:8088\n```\n\nOr via Docker:\n\n```bash\ndocker run -p 8088:8088 ghcr.io/mizcausevic-dev/procurement-decision-api:latest\n```\n\nThen draft a decision:\n\n```bash\ncurl -s http://localhost:8088/decisions/draft \\\n  -H 'content-type: application/json' \\\n  -d '{\n    \"decision_id\": \"SPRINGFIELD-DEC-2026-001\",\n    \"buyer\": {\n      \"name\": \"Springfield Unified School District\",\n      \"type\": \"school-district\",\n      \"jurisdiction\": \"US-CA\"\n    },\n    \"decision_maker\": {\n      \"role\": \"Director of Educational Technology\",\n      \"name\": \"Dr. Jane Doe\",\n      \"authority\": \"Board Resolution 2026-04\"\n    },\n    \"vendor_name\": \"AcmeTutor Inc.\",\n    \"product_name\": \"AcmeTutor 3.0\",\n    \"vendor_id\": \"https://acmetutor.example/.well-known/aeo.json\",\n    \"fetch_targets\": [\n      { \"type\": \"aeo\",                    \"url\": \"https://acmetutor.example/.well-known/aeo.json\" },\n      { \"type\": \"tutor-card\",             \"url\": \"https://acmetutor.example/.well-known/tutor-card.json\" },\n      { \"type\": \"student-ai-disclosure\",  \"url\": \"https://acmetutor.example/.well-known/student-ai-disclosure.json\" }\n    ],\n    \"policy_uris\": [\n      \"https://springfield.edu/.well-known/aup.json\"\n    ],\n    \"rubric\": [\n      { \"id\": \"ferpa-compliance\",         \"result\": \"pass\", \"weight\": 1.0 },\n      { \"id\": \"coppa-compliance\",         \"result\": \"pass\", \"weight\": 1.0 },\n      { \"id\": \"no-training-on-student-data\", \"result\": \"pass-with-condition\", \"weight\": 1.0,\n        \"notes\": \"Disclosure asserts no-training; require contractual confirmation.\" },\n      { \"id\": \"bias-audit-completed\",     \"result\": \"partial\", \"weight\": 0.8,\n        \"notes\": \"Audit current but due for refresh by 2026-09.\" }\n    ],\n    \"conditions\": [\n      { \"id\": \"no-training-restriction\",\n        \"description\": \"Vendor SHALL NOT use Springfield USD student-provided content for model training.\",\n        \"enforcement\": \"contractual\" },\n      { \"id\": \"bias-audit-refresh\",\n        \"description\": \"Vendor SHALL deliver a refreshed third-party bias audit by 2026-12-01.\",\n        \"enforcement\": \"audit\" }\n    ]\n  }' | jq\n```\n\nThe response includes:\n- `draft` — the full, schema-conformant Decision Card (ready to sign + publish at `/.well-known/decisions/\u003cid\u003e.json`)\n- `documents_fetched[]` — each vendor URL with its retrieval timestamp + sha256 content hash\n- `fetch_errors[]` — per-target retrieval errors (the draft doesn't fail wholesale on one missing URL)\n- `inferred_status` — `true` if the service inferred the decision status from the rubric\n\n## What the service does\n\n1. **Fetches** every URL in `fetch_targets` concurrently with httpx, capped at 2 MB / 10 s per document, and computes a canonical sha256 hash over each (sorted keys, no whitespace).\n2. **Infers** `decision.status` from the rubric if you didn't supply `proposed_status`. The inference rules:\n   - Any `fail` → `rejected-with-remediation`\n   - Any `partial` or `pass-with-condition` → `approved-with-conditions`\n   - All `pass` → `approved`\n   - Empty / all `n/a` → `pending`\n3. **Composes** a default rationale from the rubric results if you didn't supply `rationale_template`.\n4. **Validates** the Decision Card against the same conditional rules the upstream zod schema enforces:\n   - `status` ∈ {`approved-with-conditions`, `rejected-with-remediation`} → `conditions` must be non-empty\n   - `status` = `withdrawn` → `withdrawal` block required\n   - `publication.is_public` = `true` → `publication_uri` required\n5. **Returns** the Draft Decision Card. Review, edit, sign, publish.\n\n## Endpoints\n\n| Method | Path                       | Purpose |\n|--------|----------------------------|---------|\n| GET    | `/`                        | Service info + relevant links |\n| GET    | `/healthz`                 | Liveness probe (always 200 if the process is running) |\n| POST   | `/decisions/draft`         | Produce a Draft Decision Card |\n| POST   | `/decisions/validate`      | Validate an existing Decision Card against the v0.1 schema |\n| GET    | `/docs`                    | Interactive OpenAPI documentation (Swagger UI) |\n| GET    | `/openapi.json`            | Machine-readable API schema |\n\n## Why this matters\n\nAI procurement under OMB M-24-10 and NIST AI RMF requires agencies to publish reviewable decisions about vendor AI systems. Today, those decisions sit in PDFs and procurement databases — invisible to vendors trying to win future RFPs and invisible to citizens whose data is being processed.\n\nThe AI Procurement Decision Card spec defines a machine-readable carrier for those decisions. This service is the tool that produces them at scale: a reviewer fills in the rubric, points at the vendor's published declarations, and gets back a schema-valid card ready to publish at `/.well-known/decisions/\u003cdecision_id\u003e.json`.\n\nFor procurement teams, this means a decision becomes a queryable, searchable, audit-friendly artifact — and the vendor's published declarations are cited by URL and content hash, so any drift after the decision is detectable.\n\n## Architecture\n\n```\n┌────────────────────────────────────────────────────────────┐\n│                  FastAPI app (lifespan-managed)            │\n│                                                            │\n│   POST /decisions/draft                                    │\n│       │                                                    │\n│       ▼                                                    │\n│   ┌────────────────────────────────────────────────┐       │\n│   │ fetcher.fetch_documents (async, httpx)         │       │\n│   │   - timeout 10s per doc                        │       │\n│   │   - 2 MB size cap                              │       │\n│   │   - canonical sha256 hash                      │       │\n│   │   - per-target error collection                │       │\n│   └────────────────────────────────────────────────┘       │\n│       │                                                    │\n│       ▼                                                    │\n│   ┌────────────────────────────────────────────────┐       │\n│   │ rubric.infer_status                            │       │\n│   │ rubric.compose_rationale                       │       │\n│   │ rubric.weighted_score                          │       │\n│   └────────────────────────────────────────────────┘       │\n│       │                                                    │\n│       ▼                                                    │\n│   ┌────────────────────────────────────────────────┐       │\n│   │ drafter.draft_decision_card                    │       │\n│   │   - validates conditional rules                │       │\n│   │   - assembles history events                   │       │\n│   └────────────────────────────────────────────────┘       │\n│       │                                                    │\n│       ▼                                                    │\n│   DraftResponse                                            │\n└────────────────────────────────────────────────────────────┘\n```\n\nPydantic v2 models mirror the JSON Schema 2020-12 spec exactly, including the conditional rules (which run as `@model_validator(mode=\"after\")` hooks).\n\n## Development\n\n```bash\ngit clone https://github.com/mizcausevic-dev/procurement-decision-api\ncd procurement-decision-api\npip install -e \".[dev]\"\n\n# Run the test suite (mocks the vendor HTTP layer; no internet required)\npytest -q\n\n# Lint, format, typecheck\nruff check src tests\nruff format src tests\nmypy src\n\n# Run the service\npython -m procurement_decision_api\n# or\nuvicorn procurement_decision_api.app:app --reload --port 8088\n```\n\n## Composability\n\nThis service composes naturally with the rest of the Kinetic Gain ecosystem:\n\n- **Input documents** can be fetched directly from any vendor's `/.well-known/` paths, or validated first via [`kg-validate-action`](https://github.com/mizcausevic-dev/kg-validate-action) in your CI.\n- **Output Decision Cards** can be inspected by [`mcp-kinetic-gain`](https://github.com/mizcausevic-dev/mcp-kinetic-gain) (tools: `decision_card_inspect`, `decision_card_validate`).\n- **Inline validation** in the browser is available at [validator.kineticgain.com](https://validator.kineticgain.com/) — paste the produced draft, get inline error markers.\n\n## License\n\nMIT. The Kinetic Gain Protocol Suite specifications this service produces are also MIT; reference implementations like [`mcp-kinetic-gain`](https://github.com/mizcausevic-dev/mcp-kinetic-gain) are AGPL-3.0.\n\n## Related\n\n- **Spec repo:** [`ai-procurement-decision-spec`](https://github.com/mizcausevic-dev/ai-procurement-decision-spec)\n- **Hosted validator:** [validator.kineticgain.com](https://validator.kineticgain.com/)\n- **MCP server:** [`mcp-kinetic-gain`](https://github.com/mizcausevic-dev/mcp-kinetic-gain) — install with `npx -y mcp-kinetic-gain`\n- **GitHub Action:** [`kg-validate-action`](https://github.com/mizcausevic-dev/kg-validate-action)\n- **NIST AI RMF crosswalk:** [suite.kineticgain.com/docs/nist-rmf-crosswalk.md](https://suite.kineticgain.com/docs/nist-rmf-crosswalk.md)\n- **Apex:** [kineticgain.com](https://kineticgain.com/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmizcausevic-dev%2Fprocurement-decision-api","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmizcausevic-dev%2Fprocurement-decision-api","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmizcausevic-dev%2Fprocurement-decision-api/lists"}