Merge pull request #31 from Danielpeter-99/main

fix: update import to new path

CODE_OF_CONDUCT.md

@@ -0,0 +1,128 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+contato@evolution-api.com.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

CONTRIBUTING.md

@@ -0,0 +1,141 @@
+# Contributing to Evo AI
+
+We welcome contributions from the community! Please follow the guidelines below to help us maintain a high-quality, consistent, and secure project.
+
+---
+
+## 📋 Prerequisites
+
+- **Backend**: Python 3.10+, PostgreSQL 13+, Redis 6+, Git, Make
+- **Frontend**: Node.js 18+, pnpm (recommended), or npm/yarn
+
+---
+
+## 🚀 Setting Up the Development Environment
+
+### 1. Clone the Repository
+
+```bash
+git clone https://github.com/EvolutionAPI/evo-ai.git
+cd evo-ai
+````
+
+### 2. Backend Setup
+
+```bash
+make venv
+source venv/bin/activate  # On Linux/Mac
+# Or: venv\Scripts\activate  # On Windows
+
+make install-dev
+
+cp .env.example .env
+# Edit .env with your local settings
+
+make alembic-upgrade
+make seed-all
+```
+
+### 3. Frontend Setup
+
+```bash
+cd frontend
+pnpm install           # Or: npm install / yarn install
+
+cp .env.example .env
+# Edit .env with your API URL, e.g., NEXT_PUBLIC_API_URL=http://localhost:8000
+```
+
+### 4. Running the Application
+
+* **Backend**:
+
+  ```bash
+  make run
+  # Backend: http://localhost:8000
+  ```
+
+* **Frontend**:
+
+  ```bash
+  cd frontend
+  pnpm dev
+  # Frontend: http://localhost:3000
+  ```
+
+---
+
+## 📝 Issue and Pull Request Guidelines
+
+* **Check for existing issues** before creating a new one.
+* **Describe bugs or feature requests** clearly with steps to reproduce (if applicable).
+* **Pull Requests** should:
+
+  * Reference relevant issues (e.g., `Fixes #123`)
+  * Focus on one change at a time
+  * Include tests where applicable
+  * Pass linting and formatting checks
+
+---
+
+## 🧑‍💻 Code Standards
+
+* **All code comments, docstrings, and log messages must be in English**
+* **Variable, function, and class names**: English only
+* **API error messages and documentation**: English
+* **Commit messages**: English and follow [Conventional Commits](https://www.conventionalcommits.org/)
+
+  * Example: `feat(auth): add password reset functionality`
+* **Indentation**: 4 spaces
+* **Max line length**: 79 characters
+
+---
+
+## 📂 Project Structure and Best Practices
+
+* Follow the directory structure and naming conventions described in `.cursorrules`.
+* **Tests** should be placed under `tests/` and follow the `test_*` naming convention.
+* All routes require input validation using Pydantic schemas.
+* Use transactions for database operations affecting multiple records.
+* Document all public functions and classes.
+* Keep `.env.example` updated when adding environment variables.
+* Sensitive values must be set via environment variables and never hard-coded.
+
+---
+
+## 🐳 Docker Development
+
+* **Build and start stack:**
+
+  ```bash
+  make docker-build
+  make docker-up
+  ```
+* **Seed database:**
+
+  ```bash
+  make docker-seed
+  ```
+* **Stop stack:**
+
+  ```bash
+  make docker-down
+  ```
+
+---
+
+## 🔐 Contributor License
+
+By contributing to this repository, you agree that your contributions will be licensed under the [Apache License 2.0](./LICENSE).
+
+---
+
+## 💬 Community and Support
+
+* [WhatsApp Group](https://evolution-api.com/whatsapp)
+* [Discord Community](https://evolution-api.com/discord)
+* [Official Documentation](https://doc.evolution-api.com)
+
+---
+
+Thank you for contributing to Evo AI!

SECURITY.md

@@ -0,0 +1,75 @@
+# Security Policy
+
+## Supported Versions
+
+We aim to support the latest stable release of Evo AI and apply security updates as soon as possible. Please use the most recent version for the best security.
+
+---
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in Evo AI, **please report it privately** and responsibly. Do **not** open a public issue.
+
+**To report a vulnerability:**
+
+- Email: [contato@evolution-api.com](mailto:contato@evolution-api.com)
+- Include as much detail as possible, including:
+  - Steps to reproduce the issue
+  - Potential impact
+  - Your suggestions (if any) for remediation
+
+You will receive a response as soon as possible. We may request additional information to fully understand and address the issue.
+
+---
+
+## Security Best Practices
+
+- **Keep your installation up to date.**  
+  Always use the latest stable version and regularly check for updates.
+
+- **Environment Variables:**  
+  Store all secrets, credentials, and keys in environment variables or secrets managers.  
+  Never commit sensitive information to the repository.
+
+- **Authentication:**  
+  Evo AI uses JWT authentication with expiration, email verification, and account lockout for brute-force protection.
+
+- **Passwords:**  
+  All passwords are securely hashed with bcrypt and random salt.
+
+- **Access Control:**  
+  Access to sensitive endpoints is protected via role-based checks and resource ownership verification.
+
+- **Audit Logs:**  
+  Important administrative actions are logged for traceability.
+
+- **Input Validation:**  
+  All inputs are validated using Pydantic schemas to prevent injection attacks.
+
+---
+
+## Responsible Disclosure
+
+Please give us a reasonable time to investigate and address any reported security issues before any public disclosure.
+
+---
+
+## Project Security Features
+
+- JWT tokens with limited lifetime
+- Secure password hashing (bcrypt)
+- Email verification with one-time tokens
+- Account lockout after multiple failed login attempts
+- Resource-based access control
+- Strict input validation for all APIs
+- Separation between regular and administrative users
+
+---
+
+## License
+
+All security contributions are made under the [Apache License 2.0](./LICENSE).
+
+---
+
+Thank you for helping keep Evo AI and its users safe!

docker-compose.yml

@@ -2,12 +2,15 @@ version: "3.8"
 
 services:
   api:
-    image: evoapicloud/evo-ai:latest
+  # image: evoapicloud/evo-ai:latest Use this image to pull from the repo
+    image: evoai-api:latest # Use this image for local builds
     depends_on:
       - postgres
       - redis
     ports:
       - "8000:8000"
+    env_file:
+      - .env
     environment:
       POSTGRES_CONNECTION_STRING: postgresql://postgres:${POSTGRES_PASSWORD:-postgres}@postgres:5432/evo_ai
       REDIS_HOST: redis

src/utils/mcp_discovery.py

@@ -31,8 +31,7 @@ import asyncio
 
 async def _discover_async(config_json: Dict[str, Any]) -> List[Dict[str, Any]]:
     """Return a list[dict] with the tool metadata advertised by the MCP server."""
-
+    from src.services.adk.mcp_service import MCPService
-    from src.services.mcp_service import MCPService
 
     service = MCPService()
     tools, exit_stack = await service._connect_to_mcp_server(config_json)