A Bring Your Own Key chat interface powered by the Anthropic Messages API (Claude) with a bundled Knowledge Base loaded from _AI_CONTEXT_INDEX/.
Users supply their own Anthropic API key in the browser — the server never stores keys on disk, and no server-side API key is required.
| Priority | Source | Description |
|---|---|---|
| 1 | Knowledge Base | Markdown files in _AI_CONTEXT_INDEX/ are injected into the system prompt at startup |
| 2 | Training Data | Claude's built-in knowledge is used as a fallback |
| 3 | Explicit caveat | If neither source has the answer, The Speaker says so clearly |
A system prompt is injected server-side to reinforce this priority order on every request.
# 1. Clone & enter the repo
git clone <this-repo> && cd OSINT_ChatBot
# 2. Create a virtual environment
python -m venv .venv && source .venv/bin/activate
# 3. Install dependencies
pip install -r requirements.txt
# 4. (Optional) Configure environment variables
cp .env.example .env
# → edit .env if you want to override the Claude model, etc.
# 5. Run the app
python app.pyOpen http://localhost:5000, enter your Anthropic API key, and start chatting.
- Push this repo to GitHub (private recommended).
- In the Render Dashboard, create a New Web Service and connect this repo.
- Render will auto-detect
render.yaml. The only environment variable set automatically is:
| Variable | Description |
|---|---|
FLASK_SECRET_KEY |
Auto-generated by render.yaml — encrypts session cookies |
No APP_PASSWORD or ANTHROPIC_API_KEY is needed — users bring their own key.
- Deploy. The health-check at
/healthconfirms the service is running.
There may be a ~50 second cold-start on the free tier if the app has been inactive.
├── app.py # Flask application (routes + Anthropic API proxy, BYOK)
├── knowledge_base.py # Loads _AI_CONTEXT_INDEX/ markdown into memory
├── _AI_CONTEXT_INDEX/ # Knowledge Base markdown files (loaded at startup)
│ ├── 00_START_HERE.md # Navigation & quick-reference
│ ├── Node_Dossiers/ # Individual actor profiles
│ └── sources/ # Source material & references
├── templates/
│ ├── login.html # API key entry page (BYOK)
│ └── chat.html # Chat UI with markdown rendering
├── requirements.txt # Python dependencies
├── render.yaml # Render deployment blueprint
├── .env.example # Environment variable template
└── README.md
- BYOK model — each user provides their own Anthropic API key. The key is held only in the encrypted Flask session cookie and is never written to disk or logged.
- API key format is validated on entry (
sk-ant-…prefix required). - On authentication failure the session is cleared immediately, forcing re-entry.
- API error responses are sanitized — raw exception details and keys are never exposed to the client.
- Session cookies are
HttpOnly,SameSite=Lax, andSecure(HTTPS only). - Sessions expire automatically after 2 hours.
- Security headers on every response: CSP, HSTS, X-Frame-Options DENY, X-Content-Type-Options nosniff, Referrer-Policy, Permissions-Policy.
- Rate limiting: 10 login attempts/min, 30 chat requests/min.
- CSRF protection on all form endpoints.
- Input validation: messages are type-checked, role-whitelisted, and length-capped before reaching the API.
- DOMPurify sanitizes all rendered HTML in the chat UI.