Phase 2 Python backend: local JWT auth, multi-model council, redline parser, MCP stub

A single "Phase 2" commit fleshes out the Python backend with four new modules. The concepts are sound - local JWT auth, concurrent multi-model analysis, DOCX tracked-changes parsing. The implementations are mostly scaffolding and stubs.

compliancesecurity

4fecd8f adds api/auth.py (SovereigntyAuth), reasoning/council.py (MultiModelCouncil), retrieval/redline_parser.py, and retrieval/mcp_connector.py, all wired into api/main.py.

SovereigntyAuth uses python-jose + bcrypt for local JWT issuance, bypassing Supabase. The framing is "zero data leaves Canadian infrastructure." The problem: SECRET_KEY = "super-secret-local-sovereignty-key-change-in-prod" is hardcoded in the source file. That's a real security issue, not a placeholder oversight - the auth endpoint at /api/v1/auth/token calls SovereigntyAuth.create_access_token({"sub": "lawyer_demo"}) with no credential validation at all, returning a token for anyone who hits it.

MultiModelCouncil is pure simulation. Both procedural_analysis and substantive_analysis are asyncio.sleep(1) returning hardcoded dicts: ["Limitation period may be expired", "Form T2 required"] and "High likelihood of Vavilov judicial review standard applying". The interface sketch is reasonable for a council pattern, but there's no actual LLM routing.

redline_parser.py admits in its own comments that proper parsing "requires diving into the lxml elements." The actual implementation does a shallow '<w:ins' in run._r.xml string check. Better than nothing, but not the same as extracting structured <w:ins>/<w:del> data from the DOCX XML tree.

The MCP connector at this stage is also a stub, later evolved into the MikeOSS_MCP_Manager covered separately.

So what Skip unless you're looking at the council pattern as a design reference. The `SovereigntyAuth` code has a hardcoded secret and no real credential check - do not import as-is. The redline parser concept is valid but the implementation is too shallow to rely on. Watch the MCP connector topic for the more developed version.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

1 commit from jrklaus8/mike-Canada, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
4fecd8ff Implement Phase 2 features: Sovereignty Auth, MCP, Redline Parser, and Multi-Model Council MikeOSS Bot 2026-05-22 ↗ GitHub

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-542.md from inside the repo you want the changes in.

⬇ Download capture-thread-542.md