Developer experience: CLI, privacy heartbeat, design partners, contribution model

.github/workflows/cli-e2e.yml

@@ -0,0 +1,17 @@
+name: cli-e2e
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  cli-e2e:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - run: python -m pip install --upgrade pip
+      - run: pip install -e ".[dev,cli]"
+      - run: pytest tests/cli/

CONTRIBUTING.md

@@ -1,76 +1,34 @@
 # Contributing to AgentMint
 
-AgentMint is early-stage and actively developed. Contributions are welcome — whether that's a bug fix, a new pattern for the shield, a framework integration, or a docs improvement.
+Four contribution paths exist, each with its own process.
 
-## Getting started
+## Library contributions
 
-```bash
-git clone https://github.com/aniketh-maddipati/agentmint-python.git
-cd agentmint-python
-uv sync
-uv run pytest tests/ -v
-```
-
-All 184 tests should pass. If they don't, open an issue.
+Bug reports, bug fixes, documentation improvements, and small features go through this repo. Open an issue or PR. CI runs tests, mypy, ruff, AERF conformance, and examples. Every PR should add tests for the behavior it changes. Sign commits with DCO using `git commit -s`.
 
-## What we're looking for
+## Profile contributions
 
-- **Framework integrations** — MCP, CrewAI, OpenAI Agents SDK, LangChain, AutoGen. Working examples that show AgentMint plugged into a real agent loop.
-- **Shield patterns** — New regex patterns for the content scanner. If you've seen a prompt injection or data exfiltration technique in the wild that the shield misses, submit it.
-- **Bug reports** — Especially around scope intersection edge cases, receipt chain integrity, and concurrent access.
-- **Documentation** — Clearer explanations, better examples, typo fixes. All useful.
-- **Performance** — Benchmarks, profiling, or optimisations. AgentMint is currently single-threaded (see [LIMITS.md](LIMITS.md)).
+Vertical profiles for new domains are the highest-leverage external contribution. Open a discussion first to validate the domain need. Then submit a separate package named `agentmint-{domain}` that registers through entry points. A profile should include an action catalog, evidence schemas, a redactor, a default policy, compliance mappings, and tests that emit AERF v0.1 compliant receipts.
 
-## How to contribute
+Profiles stay in their own packages. Core AgentMint should not absorb domain logic.
 
-1. **Check existing issues** before starting work. If there's no issue for what you want to do, open one first so we can discuss the approach.
-2. **Fork and branch** from `main`. Use a descriptive branch name (`feat/crewai-integration`, `fix/scope-intersection-edge-case`).
-3. **Write tests.** If you're adding a feature, add tests. If you're fixing a bug, add a test that reproduces it.
-4. **Run the full suite** before opening a PR:
-   ```bash
-   uv run pytest tests/ -v
-   ```
-5. **Open a pull request** against `main`. Describe what changed and why. Link the issue.
+## Protocol implementations
 
-## Code style
+New providers for keys, sinks, timestampers, and related protocols may ship here or as separate packages. Cloud providers such as KMS, S3, GCS, or Vault should usually live outside the core package to keep installs lightweight. Document trust assumptions and threat model. Test against the protocol contract.
 
-- Python 3.10+.
-- Type hints on public APIs.
-- Docstrings on public classes and functions.
-- No additional dependencies without discussion — AgentMint ships with two (`pynacl`, `requests`) and we intend to keep it minimal.
+## Security disclosures
 
-## Commit messages
+Security findings follow `SECURITY.md`. Never file security issues publicly. Researchers are credited in release notes unless they prefer anonymity.
 
-Use conventional commits:
+## Local development
 
+```bash
+git clone https://github.com/aniketh-maddipati/agentmint-python
+cd agentmint-python
+pip install -e ".[dev,cli]"
+pytest
 ```
-feat: add CrewAI integration example
-fix: scope intersection fails with empty parent scope
-docs: clarify checkpoint gate behaviour in README
-test: add receipt chain tamper detection tests
-chore: update CI to test Python 3.12
-```
-
-## Pull request guidelines
-
-- One logical change per PR. Don't bundle unrelated fixes.
-- Keep PRs reviewable — under 400 lines of diff when possible.
-- If your change affects the public API, update the README.
-- If your change affects security behaviour (shield patterns, scope enforcement, receipt signing), call that out explicitly in the PR description.
-
-## Reporting bugs
-
-Open an issue with:
-
-- What you expected to happen
-- What actually happened
-- A minimal code snippet that reproduces it
-- Python version and OS
-
-## Security vulnerabilities
-
-**Do not open a public issue for security vulnerabilities.** See [SECURITY.md](SECURITY.md) for responsible disclosure instructions.
 
-## License
+Review timeline: small PRs within a week, larger PRs within two weeks. This is a solo-maintainer project, so patience helps.
 
-By contributing, you agree that your contributions will be licensed under the [MIT License](LICENSE).
+Before opening a PR, make sure the relevant test suite passes locally.

DESIGN_PARTNERS.md

@@ -0,0 +1,23 @@
+# Design partners
+
+AgentMint develops as a primitive alongside founders shipping AI into regulated markets. The partnership model is direct: two days per week for three months, embedded in your repo, working on your production flows.
+
+## Who we partner with
+
+Founders building agentic systems in healthcare, finance, legal, or other domains where customers and auditors ask hard questions about what the agent did and why. You ship soon. Your buyers care about evidence. Your compliance team is real.
+
+## What the engagement looks like
+
+We co-author the vertical profile for your domain. We instrument your production flows. We sit in on buyer, auditor, and security conversations. The evidence we produce together is evidence your customers and their auditors can verify on their own, offline, forever.
+
+## What you get
+
+A working evidence story before your next enterprise conversation. A vertical profile co-authored in your domain that can ship as an open-source package. Direct work with the maintainer of the primitive your product depends on. Reference architecture you keep regardless of what happens next.
+
+## What we ask
+
+Candor about what works and what does not. Permission to cite you as a reference once the work is shipping. A scoped monthly fee that reflects the engagement and stays direct and straightforward.
+
+## Starting a conversation
+
+Email `aniketh@agent-mint.dev` with a paragraph on what you are building and the buyer-facing evidence problem you are running into. A 20-minute call usually clarifies whether the work fits.