v0.1 — actively developed

Open source pet screening, built for AI-native property platforms.

AI-powered pet screening — log in and your assistant is ready to brief you on what needs attention. A self-hostable screening backend with a first-class REST API and native MCP support, audit-grade by design, opinionated about Fair Housing compliance, and built so an agent can drive the entire workflow without any custom integration glue.

A border collie sitting calmly next to an open laptop on a clean workspace
Apache 2.0 licensed
Self-hostable
MCP-native
FHA/HUD-aware

Build on infrastructure you control.

Pet screening sits in the regulated path between a leasing decision and a tenant. Owning the system that makes those decisions matters — for compliance review, for cost, and for product flexibility.

Ownership

Run LeashPass on your own infra. Your tenant data, your audit trail, your pricing. No per-screening fees, no usage limits, no vendor that can change terms next quarter.

Transparency

The scoring rubric is published YAML in this repo. Every state change writes an audit event. Auditors can read the code that made a decision — not a black-box score.

Customizability

Fork the rubric. Embed the API in your existing PMS. Extend the schema with property-specific fields. The point of open source is that it bends to your shape.

Native MCP. First-class REST. Built for agents from day one.

MCP — the Model Context Protocol — lets an LLM call your APIs as tools, with structured input schemas and rich descriptions written for AI consumption. LeashPass ships an MCP server alongside its REST API so agents can drive the whole screening workflow directly.

Every endpoint is built for non-human callers:

  • Idempotency keys on every state-changing endpoint
  • RFC 9457 problem-details errors with stable types
  • Opaque API keys with fine-grained scopes
  • On-behalf-of headers map agent calls to humans
  • Deterministic responses — same input, same output
Read the developer docs →
# MCP tool call from a Claude session
tool: transition_profile
input:
  profile_id:  "petprof_01HG3K..."
  to_status:   "approved"
  note:        "vaccinations current; no incidents"

# Result — structured, idempotent, audit-logged
result:
  status:      "approved"
  reviewed_at: "2025-01-14T17:42:31Z"
  reviewed_by: "user_01HG2X..."

View the full MCP tool catalog →

A code editor showing source code in a dark theme

One binary. SQLite for dev. Postgres for production. Deploy anywhere.

LeashPass is a single Go binary with embedded migrations and templates. Run it on your laptop with SQLite, run it on a $5 VPS with Postgres, or run it in Kubernetes behind your existing ingress. No background workers, no Redis, no message queue required for the v0.1 surface.

$ docker run -p 8080:8080 ghcr.io/leashpass/leashpass:latest

$ curl -X POST http://localhost:8080/bootstrap \
    -d '{"email":"you@example.com"}'

Deploys cleanly to Fly.io, Hetzner, AWS, GCP, or a Raspberry Pi in your basement. Self-hosting is the default, not an afterthought.

Audit-grade by design.

Pet screening intersects Fair Housing law and assistance-animal accommodation. Most tools in this space hide their decision logic behind opaque scores. LeashPass takes the opposite position.

  • Every state change writes an immutable audit event with actor, on-behalf-of, IP, and user-agent.
  • The scoring rubric is published YAML, versioned in git, replayable from any point in history.
  • Breed-based scoring is explicitly excluded — the rubric scores behavior and documentation, not labels.
  • Document attachments are soft-deleted and audited; deletes leave a record. Versioning and OCR pipelines arrive in Phase 1c.
  • Service-animal accommodation requests are routed separately from normal screening and require an explicit human review step.

LeashPass does not provide legal advice. Compliance with FHA/HUD and your local ordinances is your responsibility — but the data model is built so that producing evidence on demand is straightforward.

Transparent, FHA-aware scoring.

Every submitted profile gets a 1–5 LP-Score with an action label — "Approve", "Review", "Decline" — computed from a published YAML rubric. No black box.

  • Rule-based, not ML-based. The rubric is a YAML file anyone can read. Same input + same rubric = same score, every time.
  • Breed is explicitly excluded. The rubric scores vaccination, training, temperament, and owner readiness — the signals that actually predict tenancy outcomes — in line with HUD/FHA guidance.
  • Service animals and ESAs bypass scoring. They route through a separate accommodation review path per the Fair Housing Act.
  • Every score is reproducible. The rubric version and SHA-256 hash are stored on every profile, so a historical decision can be replayed years later.
  • Action-oriented labels. "Approve" and "Review" beat "low_risk" and "high_risk" — managers act on these strings, and risk-language reads as liability advice we can't legally give.

Read the rubric: v0.1.0.yaml on GitHub .

Three ways to use LeashPass.

For property platforms

Drop-in screening API for your existing PMS or leasing app. Multi-tenant from day one, scoped API keys per integration, webhooks for status changes.

REST integration →

For agent builders

Connect Claude, GPT, or any MCP-compatible client to a real screening backend. Agents drive the workflow; on-behalf-of headers preserve human accountability.

MCP server →

For self-hosters

One binary, your data, no SaaS dependency. Run it on a Pi for a single property, or behind your existing ingress for a portfolio of thousands.

Self-host guide →

What's working today (v0.1).

An honest accounting of what ships in the binary you can run right now — and what is in active development.

  • Authentication and tenancy — sessions, scoped API keys, multi-org isolation, on-behalf-of headers
  • Properties and RBAC — properties, manager assignments, role-based access control
  • Resident invitations and accounts — email invitations for staff and residents, password reset
  • Pet profiles with review workflow — pets, screening profiles with state machine, manager review queue, audit trail
  • Document upload — vet records, vaccination certificates, photos (PDF, JPEG, PNG, HEIC, up to 10 MB, 5 per profile); pluggable local-FS or S3-compatible storage
  • MCP server — SSE transport, 18 tools (12 reads + 2 workflow + 3 manager write-back + score-explanation), templated resident-notification emails, audit-grade dual-event logging on every write
  • Chat-first onboarding — every role lands in /chat immediately after sign-in. A Claude Sonnet assistant auto-fires a personalized briefing within seconds: who you are, what you can access, the 2–3 highest-priority items in your queue, and a concrete next action. Same tool catalog the MCP server exposes, scope-filtered per role. Streaming SSE, inline tool-call pills, full audit trail. No browser extension or external client needed.
  • Operator-configurable agent behavior — tone (formal / neutral / casual), terminology overrides (call residents tenants), additional instructions, and site-wide policy notes adjust the LLM's responses without code changes or restarts. Edit at /admin/site-settings, hit save, the next chat turn reflects the change. Every save is audited with a before/after diff.
  • Honest permission model — managers see role-appropriate capabilities; the agent communicates clearly when permission is insufficient instead of pretending. Every MCP write tool runs through one gate, and a structured permission_denied response carries the reason, who can act, and concrete alternatives — so the chat agent surfaces the truth (“Diane isn’t assigned to Acme West”) instead of inventing a technical-sounding excuse. Operator-only /admin/permission-audit page lists historical writes by managers at properties they aren’t currently assigned to.
  • Manager-initiated pet applications with conversational walkthroughs — the manager opens chat and says “send Maria an application request for her new pet at Acme East,” and the agent does the rest: creates the request, emails the resident, surfaces it in the resident’s next-login briefing. The resident’s chat assistant then walks them through pet basics and screening questions one at a time, capturing explicit-absence narratives (“will renew next week,” “no vet yet, will establish within 30 days”) as audit-quality reviewer context. On submit the application converts into a real pet + scored profile and the manager gets a notification email with the score — no forms, no PDFs, no copying between systems. Resident dashboard surfaces pending requests with a one-click “Continue in chat” CTA; the property page lists every request across its lifecycle with a manager-side Revoke action.
  • Drag-and-drop document uploads in chat with conversational follow-up — residents drop a vaccination PDF or vet letter directly into the chat textarea; a paperclip chip shows what's staged. The agent picks up the upload, asks which profile it should attach to (or infers from context when the resident is mid–needs-info resolution), and calls the new attach_document_to_profile tool. Same 10 MB / PDF · JPEG · PNG · HEIC validation as the REST surface, with a 24-hour TTL on staged-but-unattached uploads and a per-hour janitor sweep. Closes the needs-info loop entirely in chat: manager says “please upload current rabies vaccination,” resident drops the file, agent attaches it, resident says “done,” agent resubmits the profile in a single tool call.
  • Visual approval pipeline with milestone-by-milestone status indicators — every destructive action requires confirmation against the canonical workflow — when a manager says “approve Buddy,” the agent doesn't just call transition_profile and report success. It calls preview_transition_profile first; the chat renders a vertical canonical pipeline showing each milestone (Submitted → Under Review → optionally Needs Info if the profile ever entered it → the proposed terminal step) with a green ✓ for completed steps, a filled blue dot for the current step, and a dashed-border arrow for the proposed step (red-tinted when destructive and terminal). Each completed step shows the date it was reached and who acted; needs_info shows entry and resolution dates plus a brief synthesised resolution context. Then a Confirm button. Only on Confirm does the action fire. Same flow for outbound emails: the agent drafts via preview_notification, the chat renders the message as an email card with the rendered subject + body, the manager clicks Send. The contract is enforced server-side — an agent that skips the preview gets a structured permission_denied with reason=preview_required and no profile state changes / no emails send. Every confirmed action's audit row carries the originating preview_id so six-months-later forensic queries can reconstruct exactly what the manager saw before each terminal decision.
  • Profile workflow view available on demand — managers can ask “where is Buddy?” and see the canonical pipeline of approval milestones rendered visually, with completed steps marked and current state highlightedget_profile_workflow is the read-only sibling of the preview tools. Same vertical pipeline widget the destructive-action flow renders, just without a Confirm button. Active profiles show the current step as a filled blue dot; terminal profiles (approved, rejected) show the terminal step as a completed green ✓. Permission gate stricter than the existing read: only admin / property-assigned manager / resident-on-profile / operator-with-pin can render a profile's workflow — a structured permission_denied response carries alternatives naming people who CAN view it, so the agent's failure narrative is honest rather than masked as NotFound.
  • Visual review surface with scannable profile cards, urgency indicators, status badges, and the canonical approval pipeline rendered the same way everywhere — property managers see priorities at a glance — Phase 2.3 codifies a small set of structured visual patterns the chat agent emits as markdown blocks, which the frontend renders as styled components: a review-queue-table showing 2+ profiles with urgency-colored left edges and a 12-day “ready for approval” cell next to a 1-day fresh-submission, a single priority-callout for the top item (red · amber · green tier per waiting age), an action-prompt yes/no card at the end of each turn (red-tinted for destructive transitions), and a compact summary-card for single-profile context with score chip, status badge, and highlights/concerns columns. The vertical pipeline widget always shows the canonical 4-step skeleton (Submitted → Under Review → Needs Info → terminal) so every profile’s journey has the same visual rhythm — un-visited milestones render as de-emphasised “Not required” gray dots. Status references in prose like 🔍 under_review upgrade to colored pills automatically. All components share a unified LeashPass design-token system; see docs/styling.md.
  • Property managers see scannable review queues, priority callouts, and profile summaries rendered server-side — the agent calls structured-data tools instead of formatting JSON, eliminating an entire class of UI bugs — Phase 2.4 moves structured-data authorship out of the LLM and into three new MCP tools: list_review_queue returns the caller's scoped queue with per-row urgency tiers and write-permission flags, get_priority_item returns the single highest-priority lead (with a friendly “queue clear” positive callout when nothing's waiting), and get_profile_summary returns the highlights / concerns card derived directly from screening fields (no LLM inference — bullets always match reality). The chat handler detects each tool by name and wraps the JSON response in the same fenced widget block format the Phase 2.3 patterns use; the frontend renderer stays unchanged. The LLM’s instructions become simpler too — one rule per visual (“call this tool”) instead of a JSON-shape spec the LLM had to author correctly under streaming pressure. Same visual outcome as Phase 2.3, far fewer failure modes (wrong tag spelling, empty payloads, info-string variants, streaming flicker — all gone). The defensive LLM-emit path stays in place so historical conversations render unchanged.
  • LP-Score engine — rule-based, breed-blind, FHA-aware pet screening with published YAML rubric, deterministic scoring, and exempt-by-default service animals / ESAs
  • Document duplicate detection — every upload is SHA-256 hashed in-stream; collisions emit an audit event and a reviewer-UI badge
  • Realistic demo dataset for evaluation — one command (or one button click in the operator UI for hosted deploys) populates 17 pets across 2 properties, 7 staff, 15 residents, profiles in every workflow state, plus optional 6 months of deterministic synthetic audit history so MCP timeline queries return meaningful answers. Operator accounts persist across seed runs.

Version v0.1 is a working backend you can run and integrate against today. It is not yet recommended as the sole system of record for production leasing decisions — check the repo for current status.

Frequently asked questions.

Why open source?

Pet screening sits in a regulated decisioning path. The choice was either to build a closed system the operator can't audit, or an open one anyone can read, fork, and verify. The second option scales better and ages better.

Is this production-ready?

v0.1 is a working backend with full tenancy, RBAC, the screening workflow, document upload, the LP-Score engine, and the MCP server. It's appropriate for pilots and small portfolios. For larger production use, the operational envelope (HA Postgres, observability, on-call playbook) is still being filled in — check the status board on GitHub for current state.

Does it require an LLM?

No. The scoring engine is rule-based and deterministic. LLM integration is optional — the MCP server lets agents drive the workflow if you want it, but every endpoint also works as plain REST.

How does LP-Score work? Is it accurate?

LP-Score is a deterministic, rule-based engine over a published YAML rubric (internal/scoring/rubric/v0.1.0.yaml). Eleven weighted criteria sum to 100 points; the percentage maps to a 1–5 score with an action label (Approve / Review / Decline).

Honest answer on accuracy: the score reflects what the resident attests, not what we can verify. There's no OCR, no breed-detection ML, no behavioral inference. It's a triage signal designed to surface profiles that warrant a closer look — not a substitute for documentation review or manager judgment. The "right" score is the one a manager can defend by pointing to the rubric and the resident's answers, not one optimized against a hidden ground truth we don't have.

Service animals and emotional support animals bypass scoring entirely per the FHA. Breed is not an input.

What about Fair Housing compliance?

The data model and audit trail are designed to make compliance evidence straightforward to produce. Breed-based scoring is explicitly excluded. Service-animal accommodation requests follow a separate review path. LeashPass does not provide legal advice — talk to your counsel before going live.

Can I self-host without paying for any service?

Yes. SQLite for dev, Postgres on a single VPS for production. No required third-party services. Email and file storage have console-mode fallbacks for local development.

Who is an "operator" vs an "admin"?

The operator runs the LeashPass instance — one person (or team) deploying the binary on their infra. Operators are instance-wide superusers with no organization of their own.

Each customer is a separate organization on that same instance, with its own admins, managers, and residents. An admin can only see and act on data inside their organization; a manager only sees their assigned properties.

One LeashPass instance, one operator, multiple organizations — the right shape if you're a property-management group hosting screening for several portfolios you operate, or a platform offering it to multiple clients.

How does it integrate with my existing platform?

Three ways: scoped API keys for direct REST calls, MCP server for agents, and webhooks for event notifications. The OpenAPI spec ships when the API surface stabilizes in Phase 1c.

Where do I report security issues?

Use GitHub's private vulnerability reporting on the repo, or follow the policy in SECURITY.md. Please do not open public issues for vulnerabilities.

Who maintains this?

LeashPass is an open project — all contributors are listed on the contributors page. Bug reports, feature requests, and pull requests welcome.

Spin up the demo in 60 seconds.

Single-command Docker run, sample data, working REST API, working web UI. Kick the tires before reading any more docs.