Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
4d4e88b
feat(voice): scaffold voice module skeleton
May 6, 2026
b144f2b
chore(voice): add voice optional-dependency and package-data
May 6, 2026
d1f36c9
feat(voice): Pydantic I/O models for tool inputs and outputs
May 6, 2026
6f62b92
test(voice): seeded SQLite fixture for store and tool tests
May 6, 2026
01e8d2c
feat(voice): store facade with read methods over ShastaDB + complianc…
May 6, 2026
382ccd5
feat(voice): risk-register write methods on store facade
May 6, 2026
5f6ff6d
feat(voice): findings tool functions
May 6, 2026
fa3d391
feat(voice): scores/controls/risks/scans tool functions
May 6, 2026
d9a0d0d
feat(voice): realtime session config — Distiller prompt + 14 tool sch…
May 6, 2026
bc41a71
feat(voice): structured logging + ephemeral OpenAI token endpoint
May 6, 2026
a3fd632
feat(voice): tool endpoints, FastAPI app, and CLI entry point
May 6, 2026
beba20c
feat(voice): React + Vite scaffold for voice console
May 6, 2026
db92460
feat(voice): brand tokens and global styles (dark Transilience theme)
May 6, 2026
19dffbb
feat(voice): TypeScript types mirroring backend models + Zustand store
May 6, 2026
f845e62
feat(voice): WebRTC connection + event parser + tool relay
May 6, 2026
32e5589
feat(voice): reused UI chrome — Header (text-only), MicChrome, Transc…
May 6, 2026
84a9d59
feat(voice): FindingsList and FindingDetail cards with framework chips
May 6, 2026
4856975
feat(voice): ComplianceScore and MultiFrameworkScore cards
May 6, 2026
d382a72
feat(voice): ControlSummary, RiskList, RiskDetail cards
May 6, 2026
1afa086
feat(voice): wire end-to-end — App, CardSlot, cardDispatcher, ActionT…
May 6, 2026
1568149
build(voice): pre-built React bundle for zero-Node distribution
May 6, 2026
fc9f5a2
docs(voice): CI workflow + README section for voice console
May 6, 2026
37a23fa
style(voice): apply ruff auto-fixes + fix E741 ambiguous names
May 6, 2026
f905564
docs(voice): update TRUST.md test count and add CHANGELOG entry
May 6, 2026
bae24a1
chore(voice): release 1.9.0 — bump version, add demo video, update CL…
May 6, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
2 changes: 2 additions & 0 deletions .gitattributes
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
src/shasta/voice/web/dist/** linguist-generated=true
src/shasta/voice/web/dist/** -diff
34 changes: 34 additions & 0 deletions .github/workflows/voice-bundle.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: voice-bundle

on:
pull_request:
paths:
- 'src/shasta/voice/web/src/**'
- 'src/shasta/voice/web/package.json'
- 'src/shasta/voice/web/package-lock.json'
- 'src/shasta/voice/web/vite.config.ts'

jobs:
rebuild-and-diff:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
cache-dependency-path: 'src/shasta/voice/web/package-lock.json'
- name: Install
working-directory: src/shasta/voice/web
run: npm ci
- name: Build
working-directory: src/shasta/voice/web
run: npm run build
- name: Verify committed bundle is up to date
run: |
if ! git diff --quiet src/shasta/voice/web/dist/; then
echo "::error::The committed React bundle is out of date. Run 'npm run build' in src/shasta/voice/web/ and commit the result."
git status src/shasta/voice/web/dist/
git diff src/shasta/voice/web/dist/ | head -100
exit 1
fi
34 changes: 34 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,40 @@ All notable changes to Shasta are documented here. Format follows
[Keep a Changelog](https://keepachangelog.com/en/1.1.0/) and the project
adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [1.9.0] — 2026-05-05 — Voice console (opt-in)

### Added
- **Voice-driven compliance console** — opt-in module at `src/shasta/voice/`
delivering a hands-free, conversational interface to your scan data.
Run `python -m shasta.voice` after a scan to open a browser-based
voice console at `localhost:8090` and talk to your compliance posture
across SOC 2, ISO 27001, HIPAA, ISO 42001, and EU AI Act.
- Browser-direct WebRTC to OpenAI Realtime API; FastAPI backend mints
ephemeral tokens and serves 14 tool endpoints. Backend never handles
audio.
- Voice-driven dashboard: dashboard cards (FindingsList, FindingDetail,
ComplianceScore, MultiFrameworkScore, ControlSummary, RiskList,
RiskDetail, ActionToast) mount in response to assistant tool calls.
- Read-only over `ShastaDB` for findings/scores/controls/scans, plus
light writes for risk-register operations (`add_risk_item`,
`update_risk`). Heavy ops (scans, reports, Terraform generation,
policy generation) remain in the Claude Code skills — voice
redirects to them.
- Pre-built React bundle ships in the wheel, so users do not need
Node.js installed at runtime.
- Install with `pip install shasta[voice]`. Requires `OPENAI_API_KEY`.
- 74 voice-specific tests (~85% coverage on `src/shasta/voice/`).
- CI workflow (`.github/workflows/voice-bundle.yml`) verifies the
committed React bundle stays in sync with `web/src/`.
- Spec: `docs/superpowers/specs/2026-05-05-shastavoice-design.md`.
- Plan: `docs/superpowers/plans/2026-05-05-shastavoice.md`.

### Changed
- `ShastaDB._conn` now opens its SQLite connection with
`check_same_thread=False` so the voice console's FastAPI app can share
the connection across the request worker pool. Behavior is unchanged
for the existing single-threaded dashboard. (`src/shasta/db/schema.py`)

## [1.6.1] — 2026-04-11 — Prod-scan bug sweep

Five bugs surfaced during a live SOC 2 / ISO 27001 / HIPAA / Whitney scan
Expand Down
12 changes: 8 additions & 4 deletions CLAUDE.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Shasta — Multi-Cloud Compliance Automation

## What is this?
Shasta is a Claude Code-native SOC 2 and ISO 27001 compliance platform. It scans AWS and Azure environments, maps findings to compliance controls, generates remediation guidance (with Terraform), and produces compliance policies and reports.
Shasta is a Claude Code-native multi-cloud compliance platform. It scans AWS and Azure environments, maps findings to compliance controls (SOC 2, ISO 27001, HIPAA, ISO 42001, EU AI Act), generates remediation guidance (with Terraform), produces compliance policies and reports, and ships an optional voice-driven dashboard (`python -m shasta.voice`) for hands-free posture queries.

## Tech stack
- Python 3.11+, boto3, azure-identity, azure-mgmt-*, msgraph-sdk, rich, pydantic, jinja2, weasyprint
Expand All @@ -15,15 +15,19 @@ Shasta is a Claude Code-native SOC 2 and ISO 27001 compliance platform. It scans
- `src/shasta/compliance/ai/` — AI governance frameworks (ISO 42001, EU AI Act, NIST AI RMF)
- `src/shasta/aws/ai_checks.py` — AWS AI service checks (Bedrock, SageMaker)
- `src/shasta/azure/ai_checks.py` — Azure AI service checks (Azure OpenAI, Azure ML)
- `src/shasta/dashboard/` — read-only HTML compliance dashboard (FastAPI + Jinja, port 8080)
- `src/shasta/voice/` — opt-in voice console (FastAPI + React + OpenAI Realtime, port 8090); install with `pip install -e ".[voice]"`
- `.claude/skills/` — Claude Code skill definitions
- `tests/` — pytest test suite (uses moto for AWS mocking, unittest.mock for Azure)
- `tests/` — pytest test suite (uses moto for AWS mocking, unittest.mock for Azure); voice-specific tests live under `tests/voice/`
- `data/` — runtime data (gitignored)

## Commands
- Install: `pip install -e ".[dev]"` (core) or `pip install -e ".[dev,azure]"` (with Azure)
- Test: `pytest`
- Install: `pip install -e ".[dev]"` (core), `pip install -e ".[dev,azure]"` (with Azure), or `pip install -e ".[dev,azure,voice]"` (with voice console)
- Test: `pytest` (or `pytest tests/voice/` for voice-only)
- Lint: `ruff check src/ tests/`
- Format: `ruff format src/ tests/`
- Run dashboard: `python -m shasta.dashboard` (HTML, port 8080)
- Run voice console: `python -m shasta.voice` (requires `OPENAI_API_KEY` and a populated `data/shasta.db`; port 8090)

## Conventions
- Use pydantic models for all data structures
Expand Down
14 changes: 14 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -296,6 +296,20 @@ See [docs/DEPLOYMENT.md](./docs/DEPLOYMENT.md) for the complete setup guide incl

> **You don't need to memorize slash commands.** Shasta and Whitney are AI-native — just describe what you need in plain English inside Claude Code. Say *"Connect to my AWS and run a full SOC 2 gap analysis with remediation Terraform"* and Claude orchestrates everything. See **[docs/CONVERSATIONS.md](./docs/CONVERSATIONS.md)** for 15 real conversation examples.

### Voice Console (optional)

Talk to your compliance posture instead of clicking through dashboards.

```bash
pip install shasta[voice] # adds FastAPI + uvicorn + httpx
export OPENAI_API_KEY=sk-... # required for OpenAI Realtime API
python -m shasta.voice # opens browser at http://localhost:8090
```

Requires a recent scan in `data/shasta.db` (run `/scan` in Claude Code first). The voice assistant has read access to all your findings, compliance scores (SOC 2, ISO 27001, HIPAA, ISO 42001, EU AI Act), and risk register, plus light writes for adding/updating risk-register items. Heavy operations (scans, reports, Terraform generation) remain in the Claude Code skills — voice will redirect you to them.

📹 **Demo:** [`docs/media/shasta-voice-demo.mp4`](./docs/media/shasta-voice-demo.mp4) — 60-second walkthrough showing posture queries, finding drilldowns, and risk-register writes against a real scan.

---

## Skills Reference
Expand Down
2 changes: 1 addition & 1 deletion TRUST.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Shasta and Whitney together ship the following, all integrity-tested:

- **221 check functions** (221 cloud compliance + 0 AI governance — Whitney now ships as a separate repo at [github.com/transilienceai/whitney](https://github.com/transilienceai/whitney); install with `pip install whitney` for source-code scanning)
- **112 Terraform remediation templates** (81 AWS + 31 Azure)
- **632 tests** that all pass on every commit
- **706 tests** that all pass on every commit

None of the claims in this README are written by hand and hoped-for —
every numeric claim is AST-counted from source by an integrity test
Expand Down
Binary file added docs/media/shasta-voice-demo.mp4
Binary file not shown.
Loading
Loading