# my-tool — OpenLatch detection tool (Python)
A FastAPI starter for an OpenLatch detection tool.
## Quick start
```bash
# 1. Install dependencies (uv recommended, pip works too)
uv sync
# or: pip install -e '.[dev]'
# 2. Run the tool server locally
uv run uvicorn my_tool.main:app --port 8081
# 3. (Separately) start the OpenLatch runtime daemon in front of it
openlatch-provider listen --no-tls --port 8443
# 4. Send a synthetic event
openlatch-provider trigger pre_tool_use --tool=Bash --input='ls'
```
## Layout
```
src/my_tool/main.py FastAPI app + detector route
tests/test_main.py Round-trip pytest cases
openlatch.yaml Editor / tool / provider / binding manifest
Dockerfile Multi-stage distroless build
.github/workflows/ CI (lint + test + manifest dry-run validate)
```
## Replacing the detector
Edit `src/my_tool/main.py`:
- The example detects AWS access keys via a regex.
- Replace the body of `detect()` with your real logic. Returning a
`Verdict`-shaped dict (camelCase fields) is all the runtime needs.
## Deploy
Two deployment patterns:
1. **Behind the OpenLatch runtime daemon** (recommended):
`openlatch-provider listen` does HMAC verify, replay cache, and
localhost proxying. Your tool only needs to honour the `Verdict` shape.
2. **Standalone**: expose the FastAPI app publicly. You're responsible for
verifying inbound `webhook-signature` headers — install the
`openlatch-tool-sdk` package and use the `@tool(secret=...)` decorator.