From 48f0e0ae7ead52d54b730e20d46a96514086217a Mon Sep 17 00:00:00 2001
From: Rishabh Mishra <rishabhmishra0510@gmail.com>
Date: Sun, 17 May 2026 13:56:20 +0530
Subject: [PATCH 1/2] Add env example and config; secure admin token

Add a .env.example with LLM API placeholders and optional overrides to document environment variables. Add a project-level humane_proxy.yaml containing server, safety, heuristics, trajectory, and escalation default settings. Improve admin auth by importing hmac and using hmac.compare_digest for token comparison to avoid timing-attack risk.
---
 humane_proxy/.env.example      | 13 +++++
 humane_proxy/api/admin.py      |  3 +-
 humane_proxy/humane_proxy.yaml | 86 ++++++++++++++++++++++++++++++++++
 3 files changed, 101 insertions(+), 1 deletion(-)
 create mode 100644 humane_proxy/.env.example
 create mode 100644 humane_proxy/humane_proxy.yaml

diff --git a/humane_proxy/.env.example b/humane_proxy/.env.example
new file mode 100644
index 0000000..87c4c65
--- /dev/null
+++ b/humane_proxy/.env.example
@@ -0,0 +1,13 @@
+# HumaneProxy environment variables.
+# Rename this file to .env and fill in your values.
+
+LLM_API_KEY=
+LLM_API_URL=
+
+# Optional overrides (uncomment to use):
+# HUMANE_PROXY_PORT=8000
+# HUMANE_PROXY_RISK_THRESHOLD=0.7
+# HUMANE_PROXY_SLACK_URL=https://hooks.slack.com/services/...
+# HUMANE_PROXY_DISCORD_URL=https://discord.com/api/webhooks/...
+# HUMANE_PROXY_PAGERDUTY_KEY=your-routing-key
+# HUMANE_PROXY_DB_PATH=/path/to/escalations.db
diff --git a/humane_proxy/api/admin.py b/humane_proxy/api/admin.py
index f83dea1..ecd174c 100644
--- a/humane_proxy/api/admin.py
+++ b/humane_proxy/api/admin.py
@@ -19,6 +19,7 @@
 from __future__ import annotations
 
 import csv
+import hmac
 import io
 import json
 import logging
@@ -60,7 +61,7 @@ def _require_admin(
                 "environment variable to enable it."
             ),
         )
-    if credentials is None or credentials.credentials != admin_key:
+    if credentials is None or not hmac.compare_digest(credentials.credentials, admin_key):
         raise HTTPException(
             status_code=401,
             detail="Invalid or missing Bearer token.",
diff --git a/humane_proxy/humane_proxy.yaml b/humane_proxy/humane_proxy.yaml
new file mode 100644
index 0000000..7a23a9d
--- /dev/null
+++ b/humane_proxy/humane_proxy.yaml
@@ -0,0 +1,86 @@
+# HumaneProxy — project-level configuration.
+# Values here override the package defaults.
+# See: https://github.com/your-org/humane-proxy#configuration
+
+server:
+  host: "0.0.0.0"
+  port: 8000
+  reload: true          # auto-reload on code changes (dev mode)
+
+safety:
+  risk_threshold: 0.7
+  spike_boost: 0.25
+
+heuristics:
+  self_harm_keywords:
+    - "want to die"
+    - "kill myself"
+    - "end my life"
+    - "suicide"
+    - "suicidal"
+    - "want to kill myself"
+    - "can't go on"
+    - "no reason to live"
+    - "overdose on"
+    - "slit my wrists"
+    - "hang myself"
+    - "cutting myself"
+    - "hurt myself"
+    - "self harm"
+    - "self-harm"
+    # Add your own keywords below:
+
+  criminal_keywords:
+    - "how to make a bomb"
+    - "how to build a bomb"
+    - "how to poison someone"
+    - "how to make poison"
+    - "how to kill someone"
+    - "how to get away with murder"
+    - "how to make meth"
+    - "how to synthesize fentanyl"
+    - "how to cook meth"
+    - "child pornography"
+    - "explosive device"
+    - "how to make ricin"
+    # Add your own keywords below:
+
+  self_harm_keyword_score: 0.7
+  criminal_keyword_score: 0.6
+  intent_pattern_score: 0.7
+
+  context_reducers:
+    - "laughing"
+    - "of laughter"
+    - "of embarrassment"
+    - "of boredom"
+    - "in the game"
+    - "in minecraft"
+    - "for my character"
+    - "in fiction"
+    - "the villain"
+    - "the character"
+    - "in a novel"
+    - "in a movie"
+    - "in a book"
+    - "in a story"
+    - "my character"
+    - "warning signs"
+    - "prevent"
+    - "prevention"
+    - "how to help"
+    - "help someone"
+    - "help a friend"
+    - "awareness"
+
+trajectory:
+  window_size: 5
+  spike_delta: 0.35
+
+escalation:
+  rate_limit_max: 3
+  rate_limit_window_hours: 1
+  webhooks:
+    slack_url: ""
+    discord_url: ""
+    pagerduty_routing_key: ""

From f17583c07dfbbd1e193fd672d50f68513ec25297 Mon Sep 17 00:00:00 2001
From: Rishabh Mishra <rishabhmishra0510@gmail.com>
Date: Mon, 18 May 2026 22:43:00 +0530
Subject: [PATCH 2/2] Remove accidental duplicate config files from package
 directory

---
 humane_proxy/.env.example      | 13 -----
 humane_proxy/humane_proxy.yaml | 86 ----------------------------------
 2 files changed, 99 deletions(-)
 delete mode 100644 humane_proxy/.env.example
 delete mode 100644 humane_proxy/humane_proxy.yaml

diff --git a/humane_proxy/.env.example b/humane_proxy/.env.example
deleted file mode 100644
index 87c4c65..0000000
--- a/humane_proxy/.env.example
+++ /dev/null
@@ -1,13 +0,0 @@
-# HumaneProxy environment variables.
-# Rename this file to .env and fill in your values.
-
-LLM_API_KEY=
-LLM_API_URL=
-
-# Optional overrides (uncomment to use):
-# HUMANE_PROXY_PORT=8000
-# HUMANE_PROXY_RISK_THRESHOLD=0.7
-# HUMANE_PROXY_SLACK_URL=https://hooks.slack.com/services/...
-# HUMANE_PROXY_DISCORD_URL=https://discord.com/api/webhooks/...
-# HUMANE_PROXY_PAGERDUTY_KEY=your-routing-key
-# HUMANE_PROXY_DB_PATH=/path/to/escalations.db
diff --git a/humane_proxy/humane_proxy.yaml b/humane_proxy/humane_proxy.yaml
deleted file mode 100644
index 7a23a9d..0000000
--- a/humane_proxy/humane_proxy.yaml
+++ /dev/null
@@ -1,86 +0,0 @@
-# HumaneProxy — project-level configuration.
-# Values here override the package defaults.
-# See: https://github.com/your-org/humane-proxy#configuration
-
-server:
-  host: "0.0.0.0"
-  port: 8000
-  reload: true          # auto-reload on code changes (dev mode)
-
-safety:
-  risk_threshold: 0.7
-  spike_boost: 0.25
-
-heuristics:
-  self_harm_keywords:
-    - "want to die"
-    - "kill myself"
-    - "end my life"
-    - "suicide"
-    - "suicidal"
-    - "want to kill myself"
-    - "can't go on"
-    - "no reason to live"
-    - "overdose on"
-    - "slit my wrists"
-    - "hang myself"
-    - "cutting myself"
-    - "hurt myself"
-    - "self harm"
-    - "self-harm"
-    # Add your own keywords below:
-
-  criminal_keywords:
-    - "how to make a bomb"
-    - "how to build a bomb"
-    - "how to poison someone"
-    - "how to make poison"
-    - "how to kill someone"
-    - "how to get away with murder"
-    - "how to make meth"
-    - "how to synthesize fentanyl"
-    - "how to cook meth"
-    - "child pornography"
-    - "explosive device"
-    - "how to make ricin"
-    # Add your own keywords below:
-
-  self_harm_keyword_score: 0.7
-  criminal_keyword_score: 0.6
-  intent_pattern_score: 0.7
-
-  context_reducers:
-    - "laughing"
-    - "of laughter"
-    - "of embarrassment"
-    - "of boredom"
-    - "in the game"
-    - "in minecraft"
-    - "for my character"
-    - "in fiction"
-    - "the villain"
-    - "the character"
-    - "in a novel"
-    - "in a movie"
-    - "in a book"
-    - "in a story"
-    - "my character"
-    - "warning signs"
-    - "prevent"
-    - "prevention"
-    - "how to help"
-    - "help someone"
-    - "help a friend"
-    - "awareness"
-
-trajectory:
-  window_size: 5
-  spike_delta: 0.35
-
-escalation:
-  rate_limit_max: 3
-  rate_limit_window_hours: 1
-  webhooks:
-    slack_url: ""
-    discord_url: ""
-    pagerduty_routing_key: ""