docs improvements + repo fixes

Author: taladari

.idea/misc.xml

@@ -0,0 +1,62 @@
+# Contributing to RAG Integrity Firewall
+
+Thank you for your interest in contributing!  
+We welcome bug reports, feature requests, new scanners, policy examples, and integrations with other frameworks.
+
+---
+
+## Ways to contribute
+
+- **Bug reports:** Open an issue with clear steps to reproduce.  
+- **Feature requests:** Suggest enhancements or new scanners in [GitHub Issues](https://github.com/taladari/rag-firewall/issues).  
+- **Code contributions:** Submit a pull request (PR).  
+- **Docs/examples:** Improve the README, examples, or add tutorials.  
+
+---
+
+## Development setup
+
+1. Fork and clone the repo:
+   ```bash
+   git clone https://github.com/<your-fork>/rag-firewall.git
+   cd rag-firewall
+   ```
+
+2. Install in editable mode:
+   ```bash
+   python -m venv .venv && source .venv/bin/activate
+   pip install -e .
+   pip install -r requirements-dev.txt
+   ```
+
+3. Run the test suite:
+   ```bash
+   pytest -q
+   ```
+
+---
+
+## Coding guidelines
+
+- Follow existing project style (PEP8, docstrings for public methods).  
+- Add unit tests for new functionality (`tests/`).  
+- Keep scanners modular (one file per scanner under `rag_firewall/scanners/`).  
+- Include example usage if adding a new integration or CLI command.  
+
+---
+
+## Security issues
+
+If you discover a security vulnerability, please **do not file a public issue**.  
+Instead, email us at **[email protected]**.
+We will respond promptly and coordinate a fix.
+
+---
+
+## Roadmap
+
+See [ROADMAP.md](ROADMAP.md) for planned features and enterprise enhancements.
+
+---
+
+Thanks for helping improve RAG Integrity Firewall!

.idea/rag-firewall 2.iml

@@ -1,9 +1,23 @@
 # RAG Integrity Firewall
 
-A retrieval-time trust layer for RAG systems.  
-The firewall scans chunks before they reach your LLM, detects and blocks risks such as prompt injection or secret leaks, enforces policies, and re-ranks content by trustworthiness.  
+RAG Integrity Firewall is a lightweight, client-side security layer for retrieval-augmented generation (RAG) systems.  
+It scans retrieved chunks before they reach your LLM, blocks high-risk inputs such as prompt injection and secret leaks, and applies policies to down-rank stale or untrusted content.  
 
-It runs entirely client-side: no data leaves your environment.
+See the [ROADMAP.md](ROADMAP.md) for planned enhancements and upcoming enterprise features. 
+
+---
+
+## Who is this for?
+
+- **Teams building RAG/LLM applications** who want to reduce risk before adoption.
+- **Platform engineers** adding guardrails without rewriting their pipelines.
+- **Security-conscious organizations** (finance, government, healthcare) where data must stay inside.
+
+## What this is not
+
+- Not a SaaS or cloud service — the firewall runs **entirely client-side**, no data leaves your environment.
+- Not an LLM output filter — it focuses on retrieval-time risks, not response moderation.
+- Not a silver bullet — it complements other security layers like authentication, RBAC, and output review.
 
 ---
 
@@ -150,3 +164,14 @@ Patterns and policies will evolve. Contributions and red-team tests are welcome.
 ## License
 
 [Apache 2.0](LICENSE)
+
+---
+
+## Next Steps
+
+- Read the [ROADMAP](ROADMAP.md) to see planned features and enterprise enhancements.  
+- Check the [examples](examples/) folder for quick integration demos.  
+- File issues or feature requests in [GitHub Issues](https://github.com/taladari/rag-firewall/issues).  
+- Contribute scanners, policy examples, or framework adapters via pull requests.  
+
+For organizations interested in enterprise features (dashboard, centralized audit, compliance mapping), please reach out to discuss early access.

CONTRIBUTING.md

@@ -0,0 +1,89 @@
+# RAG Integrity Firewall Roadmap
+
+This roadmap outlines where the project is headed.  
+It covers **open-source milestones** as well as **enterprise features** we plan to explore for organizations with stricter requirements.
+
+---
+
+## Open Source (Community Edition)
+
+These features will remain free and open:
+
+- **Core scanners**  
+  - Prompt injection (regex)  
+  - Secrets & API keys  
+  - PII (emails, phones, SSNs)  
+  - Encoded/Base64 detection  
+  - URL/domain allow & deny lists  
+  - Conflict/staleness detection  
+
+- **Policy engine**  
+  - Allow, deny, rerank decisions  
+  - Weighting for recency, provenance, relevance  
+
+- **Provenance**  
+  - SHA256 hashing of chunks  
+  - Optional SQLite store  
+
+- **Audit logs**  
+  - JSONL audit trail for each decision  
+
+- **Integrations**  
+  - LangChain retrievers (`FirewallRetriever`)  
+  - LlamaIndex retrievers (`TrustyRetriever`)  
+
+- **CLI**  
+  - `ragfw index` — index and hash documents  
+  - `ragfw query` — run queries with firewall checks  
+
+---
+
+## Short-Term Enhancements (OSS)
+
+- Additional regex/signature patterns (prompt injection & secrets)  
+- Expanded test suite and benchmarks  
+- Config schema validation  
+- Examples with more frameworks (Haystack, OpenAI RAG SDK)  
+
+---
+
+## Enterprise Features (Planned)
+
+These are under active design and may be offered as part of a **paid Enterprise Edition**:
+
+- **Policy Management Dashboard**  
+  Web UI for managing firewall policies, roles, and configs without YAML editing.
+
+- **Centralized Audit & Alerts**  
+  Aggregated audit logs with dashboards, Slack/email/SIEM integration for high-severity findings.
+
+- **Threat Intelligence Feeds**  
+  Regular updates with new prompt injection patterns, API key formats, and risk signatures.
+
+- **Enterprise Connectors**  
+  Pre-built ingestion + firewall adapters for platforms like SharePoint, Confluence, and Google Workspace.
+
+- **Compliance Mapping**  
+  Exportable reports mapping firewall policies to frameworks such as:  
+  - EU AI Act  
+  - NIST AI Risk Management Framework  
+  - ISO/IEC 42001  
+
+---
+
+## Longer-Term Ideas
+
+- ML-based classifiers for sophisticated prompt injection patterns (optional, local-only).  
+- Policy simulation mode (dry-run audits without enforcement).  
+- “Red team” testing harness to evaluate RAG pipelines automatically.  
+- Multi-tenant support for large organizations.  
+
+---
+
+## How to Contribute
+
+- Use the [Issues](https://github.com/taladari/rag-firewall/issues) tab for bug reports and feature requests.  
+- Pull requests are welcome — especially for new scanners, policy examples, or framework integrations.  
+- For enterprise features, please [contact us](mailto:[email protected]) if you’d like to be an early design partner.
+
+---

README.md

@@ -4,8 +4,8 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "rag-firewall"
-version = "0.2.0"
-description = "Retrieval-time trust layer for RAG: poisoning detection, policies, provenance, and audit."
+version = "0.3.0"
+description = "Client-side retrieval firewall for RAG systems — blocks prompt injection and secret leaks, re-ranks stale or untrusted content, and keeps all data inside your environment."
 readme = { file = "README.md", content-type = "text/markdown" }
 requires-python = ">=3.9"
 authors = [{ name = "RAG Firewall Maintainers" }]
@@ -16,8 +16,8 @@ dependencies = [
 ]
 
 [project.urls]
-Homepage = "https://github.com/your-org/rag-firewall"
-Repository = "https://github.com/your-org/rag-firewall"
+Homepage = "https://github.com/taladari/rag-firewall"
+Repository = "https://github.com/taladari/rag-firewall"
 
 [project.scripts]
 ragfw = "rag_firewall.cli:main"

ROADMAP.md

@@ -1,4 +1,5 @@
--r requirements.txt
+# Development and testing dependencies
 pytest>=7.0
 build>=1.0.3
-twine>=5.0.0
+twine>=4.0.2
+tomli>=2.0.1