https://github.com/edycutjong/docdrift
π AI-powered CodeβDocs Drift Detector and Security-first Auditing Pipeline built for the Anna Hackathon
https://github.com/edycutjong/docdrift
anna-app documentation-drift hackathon security
Last synced: 2 days ago
JSON representation
π AI-powered CodeβDocs Drift Detector and Security-first Auditing Pipeline built for the Anna Hackathon
- Host: GitHub
- URL: https://github.com/edycutjong/docdrift
- Owner: edycutjong
- License: mit
- Created: 2026-06-21T18:30:32.000Z (27 days ago)
- Default Branch: main
- Last Pushed: 2026-06-28T03:12:29.000Z (20 days ago)
- Last Synced: 2026-07-16T08:33:45.811Z (2 days ago)
- Topics: anna-app, documentation-drift, hackathon, security
- Language: Python
- Homepage: https://edycutjong.github.io/docdrift/public/pitch.html
- Size: 12.6 MB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
DocDrift π
AI-powered CodeβDocs Drift Detector and Security-first Auditing Pipeline
[](https://github.com/edycutjong/docdrift)
[](https://youtu.be/J8bCZnAEpNI)
[](https://edycutjong.github.io/docdrift/public/pitch.html)
[](https://dorahacks.io/hackathon/2204)





[](https://github.com/edycutjong/docdrift/actions)
---
## πΈ See it in Action
Interactive Audit Walkthrough
1. Workspace Config & Setup
2. Analysis Dashboard
3. Side-by-Side Drift Viewer
4. AI Auditor Chat
5. Accepted Fix Status
6. Exported R2 Signed Bundle
> **The Audit Lifecycle**: 1. Scans repository exports -> 2. Checks document mentions -> 3. Classifies drift & suggests corrections -> 4. Persists scan history to Anna KV -> 5. Exports signed `.patch` bundles to Cloudflare R2.
---
## π‘ The Problem & Solution
Documentation rots silently. As APIs evolve, README guides and comment blocks drift, leading to onboarding failures and broken integrations.
**DocDrift** solves this by walking local codebases inside a secure sandbox to parse symbols (functions, classes, endpoints), hashing signatures via SHA-256, and cross-referencing them against Markdown files. Sensitive code snippets are encrypted under **AES-GCM-256** prior to LLM drift classification.
### Key Features:
- β‘ **Local Walkers**: Lightweight Python Executa process directory scans in <10ms.
- π **IP Protection**: Ephemeral local AES keys encrypt snippets in transit and KV storage.
- π€ **Auditor Agent**: Interactive `agent.session.*` chatbot to explain and review signature drift.
- π¦ **R2 Export**: Generates unified `.patch` bundles and uploads to R2 via `host/uploadFile` reverse-RPC.
- πΎ **Persistent History**: Scan history persisted to Anna Persistent Storage (APS KV) via `storage/set` β no external database needed.
---
## ποΈ Architecture & Tech Stack
```mermaid
graph TD
UI[HTML/CSS/JS Iframe] -->|window.open_view| DV[Drift Viewer View]
UI -->|tools.invoke| EX[Python Executa Process]
EX -->|SHA-256| HASH[Symbol Hash Verification]
EX -->|AES-GCM-256| CRYP[Local Snippet Encryptor]
CRYP -->|sampling/createMessage| LLM[Host LLM Reverse-RPC]
EX -->|host/uploadFile| R2[Anna R2 Object Storage]
EX -->|storage/set + storage/get| APS[Anna Persistent Storage KV]
UI -->|storage.set/get| APS
```
---
## π Anna Platform Integration
DocDrift exercises the full Anna SDK capability surface:
### Reverse-RPC Methods (Plugin β Host)
| Method | Purpose | Implementation |
|---|---|---|
| `sampling/createMessage` | LLM inference for drift classification | `_sample()` in plugin.py |
| `storage/get` | Read persistent scan history from APS KV | `_storage_get()` in plugin.py |
| `storage/set` | Write scan history entries to APS KV | `_storage_set()` in plugin.py |
| `storage/delete` | Remove scan entries from APS KV | `_storage_delete()` in plugin.py |
| `storage/list` | List all past scan keys in APS KV | `_storage_list()` in plugin.py |
| `host/uploadFile` (inline) | Upload generated `.diff` patches to R2 | `_host_upload_inline()` in plugin.py |
| `host/uploadFile` (negotiate+confirm) | Stream large reports to R2 | `_host_upload_negotiate()` and `_host_upload_confirm()` |
| `embeddings/create` | Compute dense vectors for code and docs | `_embed()` in plugin.py |
| `image/generate` | Generate visual architecture illustrations | `_image_generate()` in plugin.py |
| `files/upload_begin + complete` | Durable artifact uploads (2-phase) | `_files_upload()` in plugin.py |
| `files/download_url` | Mint presigned links for archived reports | `_files_download_url()` in plugin.py |
| `files/list` | List archived report files | `_files_list()` in plugin.py |
| `files/delete` | Purge archived files | `_files_delete()` in plugin.py |
| `agent/complete` | Stateless L1 completion | `_agent_complete()` in plugin.py |
| `agent/session.create + run + history + cancel + delete` | Stateful L2 multi-turn agent sessions | `_agent_session_create()`, `_agent_session_run()`, etc. |
### Host Capabilities Declared
| Capability | Usage |
|---|---|
| `llm.sample` | Host-brokered LLM for drift classification & stateless completion |
| `llm.embed` | Vector embedding compute for semantic search |
| `llm.image` | DALL-E visual diagram generation |
| `llm.agent.auto` | Stateful multi-turn L2 agent sessions |
| `aps.kv` | Persistent scan history (last 50 scans) |
| `host.upload` | R2 artifact upload for generated patches |
### Manifest Features (Schema 2)
| Feature | Status |
|---|---|
| `schema: 2` | β
|
| `host_capabilities` | β
`llm.sample`, `llm.embed`, `llm.image`, `llm.agent.auto`, `host.upload` |
| `user_message_prefix_template` | β
|
| `system_prompt_addendum` | β
|
| `optional_executas` | β
|
| `csp_overrides` | β
|
| `state_merge` | β
|
| `dev.fixtures` | β
|
| `dev.seed_storage` | β
|
| `host_api.upload` (negotiate + confirm) | β
|
| `host_api.chat` (write_message + append_artifact) | β
|
| `host_api.storage` (get/set/delete/list) | β
|
| `host_api.window` (set_title/open_view/close) | β
|
| `host_api.llm` (complete/embed) | β
|
| `host_api.image` (generate) | β
|
| `host_api.agent` (session) | β
|
| Multiple views with `min_size`/`max_size` | β
2 views |
| Developer Console | β
Interactive SDK playground & live log console |
| `tags` | β
|
### Cryptographic Security
| Layer | Algorithm |
|---|---|
| Snippet encryption | AES-GCM-256 (ephemeral session keys) |
| Symbol hashing | SHA-256 |
---
## π Sponsor Tracks Targeted
- **Winner Takes All β $300**: Deep, *real* Anna integration β host LLM `sampling/createMessage`, APS KV storage (`get`/`set`/`list`/`delete`), durable APS Files, R2 uploads, `embeddings/create` semantic search, and `image/generate` diagrams β all driven through real Executa tools, a multi-view UI (`main` + `drift_viewer`), and `chat.append_artifact` cards, with local AES-GCM-256 cryptography. A sandboxed Developer Console lets you exercise the Host-API surface live (calls return labeled mock responses when run outside the Anna host).
---
## π Project Structure
```
dorahacks-anna-docdrift/
βββ app.json # App listing metadata
βββ manifest.json # Anna App manifest (schema: 2)
βββ LICENSE # MIT License
βββ DECISIONS.md # Architectural decisions log
βββ SPONSOR_DEFENSE.md # SDK integration citations
βββ package.json # Project script definitions
βββ bundle/
β βββ index.html # Frontend SPA structure
β βββ styles.css # Modern dark theme styles
β βββ tokens.css # Design tokens
β βββ app.js # State engine, SDK bridge & fallback mocks
β βββ anna-tool-ids.js # Auto-generated tool bindings
β βββ apple-touch-icon.png # Mobile browser bookmark icon
β βββ icon.svg # Embedded app icon
βββ executas/
β βββ docdrift/
β βββ pyproject.toml # Executa package configuration
β βββ executa.json # Executa config (host_capabilities, distribution)
β βββ plugin.py # Stdio JSON-RPC handler + APS KV + R2 upload
βββ fixtures/
β βββ drift_seed.jsonl # Dev fixture data for offline testing
βββ data/
β βββ fixtures/ # Additional seed data
βββ docs/
β βββ AUDIT_REPORT.md # Threat model and invariants
β βββ friction-log.md # Integration friction log
β βββ icon.svg # Document icon
β βββ readme-hero.svg # Tactical vector header SVG
β βββ assets/ # HTML templates and asset generators
β βββ screenshots/ # Step-by-step UX walkthrough screenshots
βββ public/
β βββ icon.svg # Standalone app icon SVG
β βββ og-image.png # Open Graph banner PNG
β βββ pitch.html # Standalone marketing pitch deck HTML
βββ scripts/
β βββ bench.py # Latency and recall benchmarks
β βββ verify_offline.py # Air-gapped container test
β βββ record-docdrift.mjs # Puppeteer demo recording
βββ tests/
βββ test_plugin.py # Complete unit tests (100% offline coverage)
```
---
## π Getting Started
### Prerequisites
- Python β₯ 3.10
- Node.js β₯ 20
- `uv` (Python packaging tool)
### Installation & Run
1. Clone the repository:
```bash
git clone https://github.com/edycutjong/docdrift.git
```
2. Navigate to codebase:
```bash
cd docdrift
```
3. Install npm dependencies:
Installs the required `@anna-ai/cli` devDependency locally:
```bash
npm install
```
5. Run the development harness:
```bash
npm run dev
# or
npx anna-app dev
```
---
## π§ͺ Testing & CI
DocDrift includes a full verification harness with unit tests, offline air-gap audits, and benchmarks:
```bash
# ββ Run Unit Tests (105+ assertions) ββββββββ
PYTHONPATH=. python3 tests/test_plugin.py
# ββ Run Air-Gapped Offline Verification ββββββ
PYTHONPATH=. python3 scripts/verify_offline.py
# ββ Run Performance Benchmarks ββββββββββββββ
PYTHONPATH=. python3 scripts/bench.py
```
| Layer | Tool | Status |
|---|---|---|
| Code Quality | Pytest + Local Assertions | β
|
| Unit Testing | 100+ parameterized assertions | β
|
| Air-Gap Scan | Mock socket offline check | β
|
| Latency Audit | bench.py latency analysis | β
|
---
## π License
Licensed under [MIT](LICENSE). Copyright Β© 2026 Edy Cu.