PyPI - aina-scan - Versions diffs - 2.0.0__py3-none-any.whl - Mend

aina-scan 2.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

aina_scan/__init__.py +5 -0
aina_scan/cli.py +570 -0
aina_scan-2.0.0.dist-info/METADATA +267 -0
aina_scan-2.0.0.dist-info/RECORD +7 -0
aina_scan-2.0.0.dist-info/WHEEL +4 -0
aina_scan-2.0.0.dist-info/entry_points.txt +2 -0
aina_scan-2.0.0.dist-info/licenses/LICENSE +21 -0

aina_scan/__init__.py ADDED Viewed

@@ -0,0 +1,5 @@
+"""aina-scan — AI-powered Python security scanner CLI."""
+__version__ = "2.0.0"
+__author__  = "AINA Sovereign"
+API_BASE    = "https://pleasing-transformation-production-90c2.up.railway.app"

aina_scan/cli.py ADDED Viewed

@@ -0,0 +1,570 @@
+"""aina-scan CLI — scan Python files against the AINA Scan API."""
+from __future__ import annotations
+import argparse
+import hashlib
+import json
+import os
+import pathlib
+import sys
+import urllib.error
+import urllib.request
+import zipfile
+import io
+from . import API_BASE, __version__
+CONFIG_FILE = pathlib.Path.home() / ".aina_scan" / "config.json"
+_LEGACY_CONFIG = pathlib.Path.home() / ".aina_vibeguard" / "config.json"
+# ── config helpers ──────────────────────────────────────────────
+def _load_config() -> dict:
+    for cfg in (CONFIG_FILE, _LEGACY_CONFIG):
+        if cfg.exists():
+            try:
+                return json.loads(cfg.read_text(encoding="utf-8"))
+            except Exception:
+                pass
+    return {}
+def _save_config(data: dict) -> None:
+    CONFIG_FILE.parent.mkdir(parents=True, exist_ok=True)
+    CONFIG_FILE.write_text(json.dumps(data, indent=2), encoding="utf-8")
+def _api_key() -> str:
+    # Support both env var names for backward compat
+    key = (
+        os.environ.get("AINA_SCAN_API_KEY")
+        or os.environ.get("VIBEGUARD_API_KEY")
+        or _load_config().get("api_key", "")
+    )
+    if not key:
+        print("❌  API key not set.\n"
+              "    Run:  aina-scan config --key YOUR_KEY\n"
+              "    Or:   export AINA_SCAN_API_KEY=YOUR_KEY", file=sys.stderr)
+        sys.exit(1)
+    return key
+# ── HTTP helpers ─────────────────────────────────────────────────
+def _get(path: str, api_key: str) -> dict:
+    req = urllib.request.Request(
+        API_BASE + path,
+        headers={"X-API-Key": api_key},
+    )
+    try:
+        with urllib.request.urlopen(req, timeout=20) as r:
+            return json.loads(r.read())
+    except urllib.error.HTTPError as e:
+        return json.loads(e.read())
+def _post_json(path: str, body: dict, api_key: str) -> dict:
+    req = urllib.request.Request(
+        API_BASE + path,
+        data=json.dumps(body).encode(),
+        headers={"Content-Type": "application/json", "X-API-Key": api_key},
+        method="POST",
+    )
+    try:
+        with urllib.request.urlopen(req, timeout=20) as r:
+            return json.loads(r.read())
+    except urllib.error.HTTPError as e:
+        return json.loads(e.read())
+def _scan_file_bytes(filename: str, data: bytes, api_key: str) -> dict:
+    boundary = b"----AINAScanBoundary"
+    body = (
+        b"--" + boundary +
+        b"\r\nContent-Disposition: form-data; name=\"file\"; filename=\"" +
+        filename.encode() + b"\"\r\n"
+        b"Content-Type: text/plain\r\n\r\n" +
+        data +
+        b"\r\n--" + boundary + b"--\r\n"
+    )
+    req = urllib.request.Request(
+        API_BASE + "/v1/scan", data=body,
+        headers={
+            "X-API-Key": api_key,
+            "Content-Type": "multipart/form-data; boundary=----AINAScanBoundary",
+        },
+        method="POST",
+    )
+    try:
+        with urllib.request.urlopen(req, timeout=30) as r:
+            return json.loads(r.read())
+    except urllib.error.HTTPError as e:
+        return json.loads(e.read())
+# ── result printer ───────────────────────────────────────────────
+def _print_result(d: dict, verbose: bool = False) -> int:
+    tier  = d.get("tier", "?")
+    fname = d.get("filename", "?")
+    blk   = d.get("blocks", 0)
+    wrn   = d.get("warns", 0)
+    sid   = d.get("scan_id", "")
+    tier_badge = {"free": "🆓", "pro": "💎", "premium": "👑"}.get(tier, "❓")
+    status_icon = "🔴 BLOCKED" if blk > 0 else ("🟡 WARN" if wrn > 0 else "🟢 CLEAN")
+    print(f"\n{tier_badge} [{tier.upper()}]  {fname}")
+    print(f"  {status_icon}  blocks={blk}  warns={wrn}")
+    if sid:
+        print(f"  scan_id: {sid}")
+    # hash proof
+    rh = d.get("result_hash")
+    if rh:
+        bt = d.get("block_types", {})
+        payload = f"{sid}|{blk}|{json.dumps(bt, sort_keys=True)}"
+        local_hash = hashlib.sha256(payload.encode()).hexdigest()[:32].upper()
+        match = "✅" if local_hash == rh else "❌"
+        print(f"  hash: {rh}  {match}")
+    # free tier limits
+    if tier == "free":
+        rem   = d.get("remaining", "?")
+        limit = d.get("daily_limit", 50)
+        print(f"  quota: {rem}/{limit} remaining today")
+    # issues (pro/premium)
+    issues = d.get("issues", [])
+    if issues:
+        print(f"\n  {'─'*50}")
+        print(f"  {'KIND':<22} {'SEVERITY':<8} {'LINE':<6} DETAIL")
+        print(f"  {'─'*50}")
+        for i in issues[:30]:
+            kind = i.get("kind", "?")[:22]
+            sev  = i.get("severity", "?")
+            line = str(i.get("line", "?"))
+            det  = str(i.get("detail", ""))[:60]
+            fp_marker = " [FP suppressed]" if i.get("fp_suppressed") else ""
+            icon = "🔴" if sev == "BLOCK" else "🟡"
+            print(f"  {icon} {kind:<22} {sev:<8} {line:<6} {det}{fp_marker}")
+        if len(issues) > 30:
+            print(f"  ... (+{len(issues)-30} more)")
+    # advisory (pro/premium)
+    adv = d.get("advisory", {})
+    if adv and verbose:
+        chains = adv.get("l3_causal_chains", [])
+        l1     = adv.get("l1_knowledge", [])
+        if chains:
+            print(f"\n  🧠 AINA L3 Causal Chains ({len(chains)}):")
+            for c in chains:
+                prob = int(c.get("probability", 0) * 100)
+                depth = c.get("depth", 1)
+                indent = "  " * depth
+                print(f"    {indent}[L{depth} p={prob}%] "
+                      f"{c.get('cause','?')} → {c.get('effect','?')}")
+                evid = c.get("evidence", "")
+                if evid:
+                    print(f"    {indent}   ↳ {evid}")
+        if l1:
+            print(f"\n  💡 Mitigations:")
+            for m in l1:
+                print(f"    • {m.get('subject','?')}: {m.get('object','?')}")
+    # locked (free)
+    locked = d.get("_locked", [])
+    if locked:
+        print(f"\n  🔒 Locked: {', '.join(locked[:4])}")
+        print(f"     Upgrade at: https://github.com/Moonsehwan/aina-scan")
+    if blk > 0:
+        return 1
+    return 0
+# ── commands ─────────────────────────────────────────────────────
+def cmd_config(args: argparse.Namespace) -> int:
+    cfg = _load_config()
+    if args.key:
+        cfg["api_key"] = args.key
+        _save_config(cfg)
+        print(f"✅  API key saved to {CONFIG_FILE}")
+    elif args.show:
+        key = cfg.get("api_key", "")
+        print(f"API key: {key[:8]}...{key[-4:]}" if len(key) > 12 else f"API key: {key or '(not set)'}")
+    elif args.clear:
+        cfg.pop("api_key", None)
+        _save_config(cfg)
+        print("✅  API key cleared")
+    return 0
+def _agent_friendly_report(d: dict, path: str) -> int:
+    """--agent-friendly: JSON + Markdown 에이전트 최적화 리포트."""
+    blocks = [i for i in d.get("issues", []) if i.get("severity") == "BLOCK"]
+    warns  = [i for i in d.get("issues", []) if i.get("severity") == "WARN"]
+    adv    = d.get("advisory", {})
+    chains = adv.get("l3_causal_chains", [])
+    chain_by_vuln: dict[str, str] = {}
+    for c in chains:
+        key_c = c.get("cause", "")
+        effect = c.get("effect", "")
+        prob   = int(c.get("probability", 0) * 100)
+        if key_c not in chain_by_vuln:
+            chain_by_vuln[key_c] = f"{key_c} → {effect} (p={prob}%)"
+    FIX_HINTS: dict[str, tuple[str, str]] = {
+        "COMMAND_INJECTION":  ("subprocess.run(cmd, shell=True)",   "subprocess.run(cmd.split(), shell=False)"),
+        "PATH_TRAVERSAL":     ("open(user_path)",                    "pathlib.Path(user_path).resolve() then open()"),
+        "INSECURE_RANDOM":    ("random.choices(chars, k=n)",         "secrets.choice(chars) for _ in range(n)"),
+        "WEAK_CRYPTO":        ("hashlib.md5()",                      "hashlib.sha256()"),
+        "HARDCODED_SECRET":   ("api_key = 'sk-...'",                 "api_key = os.environ['API_KEY']"),
+        "SQL_INJECTION_RISK": ("f\"SELECT ... WHERE x='{val}'\"",    "cursor.execute('SELECT ... WHERE x=?', (val,))"),
+        "EVAL_EXEC_RISK":     ("eval(code_string)",                  "ast.literal_eval(code_string) or safe sandbox"),
+        "GOD_OBJECT":         ("class X: # 50+ methods",             "split into focused sub-classes (SRP)"),
+        "STUB_SKELETON":      ("def fn(): pass",                     "implement actual logic"),
+        "UNIFORM_RETURN":     ("all paths return same constant",     "return meaningful computed value"),
+        "DEEP_NESTING":       ("if: if: if: if: ...",                "extract helper functions, use early return"),
+        "TRIVIAL_IF_CHAIN":   ("if x=='a': ... elif x=='b': ...",    "use a dict dispatch table or DB lookup"),
+    }
+    block_json = []
+    for issue in blocks:
+        kind = issue.get("kind", "?")
+        hint = FIX_HINTS.get(kind, ("?", "see AINA Scan docs"))
+        chain_str = next((v for k, v in chain_by_vuln.items() if kind.lower().replace("_", "") in k.lower().replace("_", "")), "")
+        entry = {
+            "type":       kind,
+            "severity":   "CRITICAL" if kind in ("COMMAND_INJECTION", "PATH_TRAVERSAL", "INSECURE_RANDOM", "SQL_INJECTION_RISK") else "HIGH",
+            "file":       str(path),
+            "line":       issue.get("line", "?"),
+            "detail":     issue.get("detail", ""),
+            "before_code":   hint[0],
+            "after_code":    hint[1],
+            "verify":     f"aina-scan scan {pathlib.Path(path).name} → 0 {kind}",
+        }
+        if chain_str:
+            entry["l3_chain"] = chain_str
+        block_json.append(entry)
+    report = {
+        "scan_id":     d.get("scan_id", ""),
+        "file":        str(path),
+        "tier":        d.get("tier", "?"),
+        "blocks":      d.get("blocks", 0),
+        "warns":       d.get("warns", 0),
+        "result_hash": d.get("result_hash", ""),
+        "block_items": block_json,
+        "warn_count":  len(warns),
+        "agent_instruction": (
+            "Fix all BLOCK items below in order. "
+            "After fixing each file, run: aina-scan scan <file>. "
+            "If a BLOCK is intentional, add: # aina-scan: ignore (reason). "
+            "Report when all blocks are 0."
+        ),
+    }
+    print(json.dumps(report, indent=2, ensure_ascii=False))
+    print()
+    print("---")
+    print(f"## AINA Scan Agent Report — {pathlib.Path(path).name}")
+    print(f"**Blocks: {len(blocks)}** | Warns: {len(warns)} | Hash: `{d.get('result_hash','')}`")
+    print()
+    for i, b in enumerate(block_json, 1):
+        sev = b["severity"]
+        print(f"### [{i}] 🔴 {b['type']} ({sev}) — L{b['line']}")
+        print(f"**Detail**: {b['detail']}")
+        print()
+        print("**Before:**")
+        print(f"```python\n{b['before_code']}\n```")
+        print("**After:**")
+        print(f"```python\n{b['after_code']}\n```")
+        if b.get("l3_chain"):
+            print(f"**Attack path**: {b['l3_chain']}")
+        print(f"**Verify**: `{b['verify']}`")
+        print()
+    return 1 if blocks else 0
+def cmd_scan(args: argparse.Namespace) -> int:
+    key  = _api_key()
+    path = pathlib.Path(args.file)
+    if not path.exists():
+        print(f"❌  File not found: {path}", file=sys.stderr)
+        return 1
+    data = path.read_bytes()
+    print(f"🔍  Scanning {path.name} ({len(data):,} bytes) …")
+    d = _scan_file_bytes(path.name, data, key)
+    if "error" in d or d.get("detail"):
+        print(f"❌  {d.get('error') or d.get('detail')}", file=sys.stderr)
+        return 1
+    if getattr(args, "report", None):
+        pathlib.Path(args.report).write_text(
+            json.dumps(d, indent=2, ensure_ascii=False), encoding="utf-8"
+        )
+        print(f"📄  Report saved → {args.report}")
+    if getattr(args, "agent_friendly", False):
+        return _agent_friendly_report(d, str(path))
+    return _print_result(d, verbose=args.verbose)
+def cmd_scan_project(args: argparse.Namespace) -> int:
+    key     = _api_key()
+    project = pathlib.Path(args.directory)
+    if not project.is_dir():
+        print(f"❌  Directory not found: {project}", file=sys.stderr)
+        return 1
+    py_files = list(project.rglob("*.py"))
+    if not py_files:
+        print("⚠️   No .py files found.")
+        return 0
+    print(f"📦  Zipping {len(py_files)} Python files …")
+    buf = io.BytesIO()
+    with zipfile.ZipFile(buf, "w", zipfile.ZIP_DEFLATED) as zf:
+        for f in py_files:
+            zf.write(f, f.relative_to(project.parent))
+    zip_bytes = buf.getvalue()
+    print(f"    ZIP size: {len(zip_bytes):,} bytes")
+    boundary = b"----AINAScanBoundary"
+    body = (
+        b"--" + boundary +
+        b"\r\nContent-Disposition: form-data; name=\"file\"; filename=\"project.zip\"\r\n"
+        b"Content-Type: application/zip\r\n\r\n" +
+        zip_bytes +
+        b"\r\n--" + boundary + b"--\r\n"
+    )
+    req = urllib.request.Request(
+        API_BASE + "/v1/scan/project", data=body,
+        headers={
+            "X-API-Key": key,
+            "Content-Type": "multipart/form-data; boundary=----AINAScanBoundary",
+        },
+        method="POST",
+    )
+    print("🔬  Running Premium project scan …")
+    try:
+        with urllib.request.urlopen(req, timeout=60) as r:
+            d = json.loads(r.read())
+    except urllib.error.HTTPError as e:
+        d = json.loads(e.read())
+    if "error" in d or d.get("detail"):
+        print(f"❌  {d.get('error') or d.get('detail')}", file=sys.stderr)
+        return 1
+    print(f"\n👑  [PREMIUM] Project scan: {project.name}")
+    print(f"    files={d.get('files_scanned',0)}  blocks={d.get('blocks',0)}  warns={d.get('warns',0)}")
+    taint_flows = d.get("taint_flows", [])
+    if taint_flows:
+        print(f"\n  🔗 Taint Flows ({len(taint_flows)}):")
+        for t in taint_flows[:5]:
+            print(f"    • {t}")
+    return 1 if d.get("blocks", 0) > 0 else 0
+def cmd_status(args: argparse.Namespace) -> int:
+    key = _api_key()
+    d   = _get("/v1/status", key)
+    ok  = "✅" if d.get("ok") or d.get("status") == "ok" else "❌"
+    print(f"🔍  AINA Scan API  {ok}")
+    chains = d.get("chains", {})
+    print(f"  Expert chains : {chains.get('expert', '?')}")
+    print(f"  Learned chains: {chains.get('learned', '?')}")
+    learning = d.get("learning", {})
+    print(f"  Total scans   : {learning.get('total_scans', '?')}")
+    print(f"  FP reports    : {learning.get('fp_reports', '?')}")
+    top = d.get("top_vuln_types", learning.get("top_vuln_types", []))
+    if top:
+        print(f"  Top findings:")
+        for t in top[:5]:
+            print(f"    • {t.get('type','?'):<30} {t.get('count',0):>3}x")
+    return 0
+def cmd_slots(args: argparse.Namespace) -> int:
+    d  = urllib.request.urlopen(urllib.request.Request(API_BASE + "/v1/slots"), timeout=10)
+    d  = json.loads(d.read())
+    eb = d.get("earlybird", {})
+    if eb:
+        print("🎫  Early Bird Slots")
+        for plan, info in eb.items():
+            sold = info.get("sold", 0)
+            total = info.get("total", 0)
+            pct  = int(sold / total * 100) if total else 0
+            bar  = "█" * (pct // 10) + "░" * (10 - pct // 10)
+            print(f"  {plan.upper():8}  [{bar}] {sold}/{total} sold  ({pct}%)")
+    else:
+        print(f"  Tier: {d.get('tier','?')}  Remaining: {d.get('remaining','?')}")
+    return 0
+def cmd_history(args: argparse.Namespace) -> int:
+    key = _api_key()
+    d   = _get(f"/v1/report/history?limit={args.limit}", key)
+    history = d.get("history", [])
+    if not history:
+        print("No scan history.")
+        return 0
+    print(f"📋  Recent scans ({len(history)}):")
+    print(f"  {'SCAN ID':<36} {'FILE':<30} {'BLKS':>4} {'WRNS':>4}  DATE")
+    for h in history:
+        print(f"  {h.get('scan_id','?'):<36} {h.get('filename','?')[:30]:<30} "
+              f"{h.get('blocks',0):>4} {h.get('warns',0):>4}  {h.get('scanned_at','?')[:19]}")
+    return 0
+def cmd_feedback(args: argparse.Namespace) -> int:
+    key = _api_key()
+    is_fp = getattr(args, "verdict", None) == "fp" or not getattr(args, "confirm", True)
+    scan_id = args.scan_id
+    if not scan_id and getattr(args, "file", None):
+        hist = _get("/v1/report/history?limit=20", key).get("history", [])
+        fname = pathlib.Path(args.file).name
+        match = next((h for h in hist if h.get("filename", "").endswith(fname)), None)
+        if match:
+            scan_id = match.get("scan_id", "")
+            print(f"    scan_id auto-matched: {scan_id[:16]}…  ({fname})")
+    body = {
+        "scan_id":         scan_id or "",
+        "vuln_type":       args.kind,
+        "is_false_positive": is_fp,
+        "note":            getattr(args, "note", "") or "",
+    }
+    d = _post_json("/v1/feedback", body, key)
+    verdict_str = "FALSE POSITIVE" if is_fp else "TRUE POSITIVE"
+    status = d.get("status", "?")
+    fp_reg = d.get("fp_registered", False)
+    print(f"✅  Feedback recorded: {verdict_str}  pattern={args.kind}")
+    print(f"    status={status}  fp_registered={fp_reg}")
+    if is_fp and fp_reg:
+        fname_matched = d.get("filename", "")
+        print(f"    → {fname_matched} × {args.kind} → next scan will downgrade BLOCK → WARN")
+    elif is_fp and not fp_reg:
+        print(f"    ⚠️  FP not registered (scan_id not found in history).")
+        print(f"       Re-scan the file first, then run feedback again.")
+    return 0
+def cmd_stats(args: argparse.Namespace) -> int:
+    key = _api_key()
+    d   = _get("/v1/stats", key)
+    print("📊  AINA Scan Pattern Statistics")
+    learning = d.get("learning", {})
+    print(f"  Total scans : {learning.get('total_scans', d.get('total_scans', '?'))}")
+    print(f"  Total issues: {learning.get('total_findings', d.get('total_issues', '?'))}")
+    print(f"  FP reports  : {learning.get('fp_reports', '?')}")
+    print()
+    rows_raw = d.get("top_vuln_types", d.get("patterns", d.get("by_pattern", [])))
+    if isinstance(rows_raw, dict):
+        rows = [(k, v.get("found", v) if isinstance(v, dict) else v, 0) for k, v in rows_raw.items()]
+    elif isinstance(rows_raw, list):
+        rows = [(p.get("type", p.get("pattern", "?")), p.get("count", 0), p.get("fp_reports", 0)) for p in rows_raw]
+    else:
+        rows = []
+    if rows:
+        rows.sort(key=lambda x: x[1], reverse=True)
+        max_cnt = max((r[1] for r in rows), default=1)
+        print(f"  {'PATTERN':<30} {'FOUND':>6}  {'FP REPORTS':>10}  {'FP%':>5}")
+        print(f"  {'─'*58}")
+        for name, cnt, fp_cnt in rows[:15]:
+            fp_pct = f"{fp_cnt/cnt*100:.0f}%" if cnt else "—"
+            bar = "█" * min(20, int(cnt / max(1, max_cnt) * 20))
+            print(f"  {name:<30} {cnt:>6}  {fp_cnt:>10}  {fp_pct:>5}  {bar}")
+    fp_store = d.get("fp_store", {})
+    if fp_store:
+        print(f"\n  🗂️  Your FP store ({len(fp_store)} entries):")
+        for key_str, count in list(fp_store.items())[:10]:
+            print(f"    • {key_str}  (×{count})")
+    return 0
+def cmd_docs(args: argparse.Namespace) -> int:
+    key = _api_key()
+    d   = _get("/v1/export/learned", key)
+    out = json.dumps(d, indent=2, ensure_ascii=False)
+    if args.output:
+        pathlib.Path(args.output).write_text(out, encoding="utf-8")
+        print(f"✅  Saved to {args.output}")
+    else:
+        print(out)
+    return 0
+# ── entry point ──────────────────────────────────────────────────
+def main() -> None:
+    p = argparse.ArgumentParser(
+        prog="aina-scan",
+        description=f"AINA Scan v{__version__} — AI-powered Python security scanner",
+    )
+    p.add_argument("--version", action="version", version=f"aina-scan {__version__}")
+    sub = p.add_subparsers(dest="cmd", required=True)
+    # config
+    c = sub.add_parser("config", help="Set or show API key")
+    c.add_argument("--key",   help="Your AINA Scan API key")
+    c.add_argument("--show",  action="store_true", help="Show current key")
+    c.add_argument("--clear", action="store_true", help="Remove stored key")
+    # scan
+    s = sub.add_parser("scan", help="Scan a single Python file")
+    s.add_argument("file", help="Path to .py file")
+    s.add_argument("-v", "--verbose", action="store_true", help="Show L3 causal chains")
+    s.add_argument("--report", metavar="FILE", help="Save full JSON result to file")
+    s.add_argument("--agent-friendly", action="store_true",
+                   help="Output JSON+Markdown with before/after code and fix instructions (for AI agents)")
+    # scan-project (Premium)
+    sp = sub.add_parser("scan-project", help="[Premium] Scan entire project directory")
+    sp.add_argument("directory", help="Project root directory")
+    # status
+    sub.add_parser("status", help="Show API status and chain info")
+    # slots
+    sub.add_parser("slots", help="Show early bird slot availability")
+    # history
+    h = sub.add_parser("history", help="View your scan history")
+    h.add_argument("--limit", type=int, default=20)
+    # feedback
+    fb = sub.add_parser("feedback", help="Report false positive / confirm finding")
+    fb.add_argument("kind", help="Pattern kind, e.g. STUB_SKELETON")
+    fb.add_argument("--scan-id", dest="scan_id", default="", help="Scan ID (optional, auto-looked up from history)")
+    fb.add_argument("--file", help="Scanned file path (used for auto scan_id lookup)")
+    fb.add_argument("--verdict", choices=["fp", "tp"], default="fp",
+                    help="fp = false positive (default), tp = true positive")
+    fb.add_argument("--confirm", action="store_true", help="Confirm as real TRUE positive")
+    fb.add_argument("--note", help="Optional note")
+    # stats
+    sub.add_parser("stats", help="[Pro] Show per-pattern FP statistics")
+    # docs / export
+    d = sub.add_parser("docs", help="Export learned patterns as JSON")
+    d.add_argument("-o", "--output", help="Output file path")
+    args = p.parse_args()
+    dispatch = {
+        "config":        cmd_config,
+        "scan":          cmd_scan,
+        "scan-project":  cmd_scan_project,
+        "status":        cmd_status,
+        "slots":         cmd_slots,
+        "history":       cmd_history,
+        "feedback":      cmd_feedback,
+        "stats":         cmd_stats,
+        "docs":          cmd_docs,
+    }
+    sys.exit(dispatch[args.cmd](args))
+if __name__ == "__main__":
+    main()

aina_scan-2.0.0.dist-info/METADATA ADDED Viewed

@@ -0,0 +1,267 @@
+Metadata-Version: 2.4
+Name: aina-scan
+Version: 2.0.0
+Summary: AI-powered Python security scanner — 13 vuln types, AINA L3 causal chains, 100% recall
+Project-URL: Homepage, https://github.com/Moonsehwan/aina-scan
+Project-URL: Repository, https://github.com/Moonsehwan/aina-scan
+Project-URL: Issues, https://github.com/Moonsehwan/aina-scan/issues
+Author-email: AINA Sovereign <shanyshany3528@gmail.com>
+License: MIT
+License-File: LICENSE
+Keywords: linter,python,sast,security,static-analysis,vulnerability
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Requires-Python: >=3.9
+Requires-Dist: requests>=2.28.0
+Description-Content-Type: text/markdown
+# aina-scan
+[![PyPI](https://img.shields.io/pypi/v/aina-scan)](https://pypi.org/project/aina-scan/)
+[![Python](https://img.shields.io/pypi/pyversions/aina-scan)](https://pypi.org/project/aina-scan/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
+**AST-based security scanner for AI-generated Python code.**
+> May flag false positives. Never misses a real one.
+![AINA Scan Demo](demo/demo_en.gif)
+[한국어](README.ko.md) · [日本語](README.ja.md) · [中文](README.zh.md) · [Español](README.es.md) · [Deutsch](README.de.md)
+---
+## Real Findings
+Scanned top open-source AI coding tools. Found what others missed.
+**serena** (25K ⭐) — AI coding assistant:
+```
+CRITICAL  COMMAND_INJECTION  agent.py:1222
+          subprocess.Popen(cmd, shell=True)
+          Attack path: config_tamper → shell_injection → server_compromise (p=97%)
+```
+**aider** (27K ⭐) — AI pair programmer:
+```
+CRITICAL  COMMAND_INJECTION  commands.py:974
+          subprocess.run("git " + user_input, shell=True)
+          Attack path: user_input → shell_injection → repo_compromise (p=94%)
+```
+**35 true positives. 0 false positives.**
+Missed by Semgrep. Missed by the maintainers.
+---
+## Install
+```bash
+pip install aina-scan
+aina-scan config --key YOUR_KEY
+aina-scan scan agent.py
+```
+Get a free API key → **[github.com/Moonsehwan/aina-scan](https://github.com/Moonsehwan/aina-scan)**
+---
+## Usage
+```bash
+# Scan a file
+aina-scan scan agent.py
+# Agent-friendly output — paste into Claude Code to auto-fix
+aina-scan scan agent.py --agent-friendly
+# Save full JSON report
+aina-scan scan agent.py --report report.json
+# Verify a fix worked
+aina-scan scan agent.py
+# ✅ 0 blocks found
+# View scan history
+aina-scan history
+# Report false positive (auto-suppressed in next scan)
+aina-scan feedback STUB_SKELETON --verdict fp --file agent.py
+# Pattern statistics
+aina-scan stats
+```
+### `--agent-friendly` output
+```json
+{
+  "blocks": [{
+    "type": "COMMAND_INJECTION",
+    "severity": "CRITICAL",
+    "file": "agent.py",
+    "line": 1222,
+    "before_code": "subprocess.Popen(cmd, shell=True)",
+    "after_code": "subprocess.Popen(cmd.split(), shell=False)",
+    "verify": "aina-scan scan agent.py → 0 COMMAND_INJECTION",
+    "l3_chain": "config_tamper → shell_injection → server_compromise (p=97%)"
+  }],
+  "agent_instruction": "Fix all BLOCK items above. After each fix, verify. Report when all blocks are 0."
+}
+```
+Paste into Claude Code → automated fix loop. No manual steps.
+---
+## FP Feedback Loop
+Report a false positive once → suppressed in all future scans for that file:
+```bash
+# 1. Scan → BLOCK found
+aina-scan scan token_usage.py
+#  🔴 BLOCKED  HARDCODED_SECRET  L47
+# 2. Report as FP (e.g. it's a test fixture, not a real secret)
+aina-scan feedback HARDCODED_SECRET --verdict fp --file token_usage.py
+#  ✅ Feedback recorded: FALSE POSITIVE
+#  → token_usage.py × HARDCODED_SECRET → next scan will downgrade BLOCK → WARN
+# 3. Re-scan → BLOCK gone
+aina-scan scan token_usage.py
+#  🟡 WARN  HARDCODED_SECRET [FP suppressed]
+```
+Per-user learning. Your FP profile stays with your API key.
+---
+## What It Detects
+### Security (13 patterns)
+| Pattern | Severity |
+|---------|----------|
+| `COMMAND_INJECTION` | CRITICAL |
+| `PATH_TRAVERSAL` | CRITICAL |
+| `SQL_INJECTION_RISK` | CRITICAL |
+| `INSECURE_RANDOM` | CRITICAL |
+| `WEAK_CRYPTO` | HIGH |
+| `HARDCODED_SECRET` | HIGH |
+| `EVAL_EXEC_RISK` | HIGH |
+| `GOD_OBJECT` | HIGH |
+| `BOUNDARY_MISSING` | MEDIUM |
+| `STUB_SKELETON` | MEDIUM |
+| `UNIFORM_RETURN` | MEDIUM |
+| `DEEP_NESTING` | MEDIUM |
+| `TRIVIAL_IF_CHAIN` | MEDIUM |
+### Code Quality (7 patterns)
+`DUPLICATE_FUNCTION` · `CIRCULAR_DEPENDENCY` · `N_PLUS_ONE_QUERY` · `MAGIC_NUMBER` · `MUTABLE_DEFAULT` · `EMPTY_EXCEPT` · `SHORT_PASSTHROUGH`
+### Architecture (6 patterns — Pro)
+`TAINT_FLOW` · `CROSS_FILE_INJECTION` · `UNSAFE_DESERIALIZATION` · `MISSING_ERROR_HANDLING` · `LOGIC_BOMB` · `RACE_CONDITION`
+---
+## vs Semgrep vs Claude
+| | aina-scan | Semgrep (free) | Claude (inline) |
+|--|:---:|:---:|:---:|
+| serena COMMAND_INJECTION | ✅ | ❌ | ❌ |
+| aider COMMAND_INJECTION | ✅ | ❌ | ❌ |
+| gpt-engineer PATH_TRAVERSAL | ✅ | ⚠️ partial | ❌ |
+| Zero dependencies | ✅ | ❌ | ❌ |
+| CI exit code | ✅ | ✅ | ❌ |
+| Causal attack chain | ✅ | ❌ | ❌ |
+| Agent-friendly output | ✅ | ❌ | ❌ |
+| FP feedback loop | ✅ | ❌ | ❌ |
+---
+## GitHub Actions
+```yaml
+# .github/workflows/aina-scan.yml
+name: AINA Scan Security Check
+on: [pull_request]
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install aina-scan
+        run: pip install aina-scan
+      - name: Scan Python files
+        env:
+          AINA_SCAN_API_KEY: ${{ secrets.AINA_SCAN_KEY }}
+        run: |
+          find . -name "*.py" | head -20 | while read f; do
+            aina-scan scan "$f" || exit 1
+          done
+```
+Add `AINA_SCAN_KEY` to **Settings → Secrets → Actions**.
+PR fails automatically if security blocks are found.
+---
+## Pricing
+| | Free | Pro | Premium |
+|--|:---:|:---:|:---:|
+| Price | $0 | $19/mo Early Bird | $99/mo Early Bird |
+| Files/day | 50 | Unlimited | Unlimited |
+| Security patterns | 13 | 13 | 13 |
+| Causal attack chains | ❌ | ✅ | ✅ |
+| Scan history | ❌ | ✅ | ✅ |
+| FP feedback | ❌ | ✅ | ✅ |
+| Project scan | ❌ | ❌ | ✅ |
+| Taint flow analysis | ❌ | ❌ | ✅ |
+---
+## FAQ
+**Q: Does it send my code to a server?**
+A: Only the scanned file is sent. No code is stored permanently.
+**Q: False positive rate?**
+A: ~3% on abstract base class patterns. The FP feedback loop (`--verdict fp`) suppresses them per-user immediately.
+**Q: How is it different from `bandit`?**
+A: bandit uses regex patterns. aina-scan uses AST analysis with causal chain tracing. Bandit missed both serena and aider findings.
+**Q: Works offline?**
+A: Requires API call. Free tier: 50 files/day.
+**Q: How does detection work?**
+A: Black-box API. Core logic runs server-side.
+**Q: Migrating from aina-vibeguard?**
+A: `pip install aina-scan`. Your old `VIBEGUARD_API_KEY` env var still works. Config key is auto-migrated.
+---
+## Contact
+- Issues: [github.com/Moonsehwan/aina-scan/issues](https://github.com/Moonsehwan/aina-scan/issues)
+- Email: shanyshany3528@gmail.com
+---
+MIT License · CLI source only · Core engine proprietary (server-side)

aina_scan-2.0.0.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,7 @@
+aina_scan/__init__.py,sha256=j9fbsORSj8l66lV2-F9w83LFMl1LEvkzjJlPekYLluI,193
+aina_scan/cli.py,sha256=S_AgGYN67pbWfVEKOg2Tk5Yh5OzROt65wq1tUXBF9F4,22712
+aina_scan-2.0.0.dist-info/METADATA,sha256=TNrNsQxLyknQ_3-f9OKgrqDMMAq71lUvuAbbUEM4gAI,7610
+aina_scan-2.0.0.dist-info/WHEEL,sha256=mffPy8wBnZQn2VnJUU5jE99KsxaSfiyMHV9Yt0aLVxs,87
+aina_scan-2.0.0.dist-info/entry_points.txt,sha256=NFYn5yYQHSSfSwnXkR8gdyUZU01vxeLJf7AJW3YZKUo,49
+aina_scan-2.0.0.dist-info/licenses/LICENSE,sha256=xmTuwXUr3LNKNz0ctTLq9SrJsJfMcbqNUNZ0E_oxmB0,1071
+aina_scan-2.0.0.dist-info/RECORD,,

aina_scan-2.0.0.dist-info/WHEEL ADDED Viewed

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.30.1
+Root-Is-Purelib: true
+Tag: py3-none-any

aina_scan-2.0.0.dist-info/entry_points.txt ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ [console_scripts]
2	+ aina-scan = aina_scan.cli:main

aina_scan-2.0.0.dist-info/licenses/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 AINA Sovereign
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.