audit-test 0.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. audit_test-0.1.0/LICENSE +26 -0
  2. audit_test-0.1.0/PKG-INFO +239 -0
  3. audit_test-0.1.0/README.md +229 -0
  4. audit_test-0.1.0/pyproject.toml +27 -0
  5. audit_test-0.1.0/setup.cfg +4 -0
  6. audit_test-0.1.0/src/audit_code/__init__.py +3 -0
  7. audit_test-0.1.0/src/audit_code/__main__.py +5 -0
  8. audit_test-0.1.0/src/audit_code/adapters/__init__.py +34 -0
  9. audit_test-0.1.0/src/audit_code/adapters/base.py +202 -0
  10. audit_test-0.1.0/src/audit_code/adapters/cpp/__init__.py +1 -0
  11. audit_test-0.1.0/src/audit_code/adapters/cpp/adapter.py +114 -0
  12. audit_test-0.1.0/src/audit_code/adapters/csharp/__init__.py +1 -0
  13. audit_test-0.1.0/src/audit_code/adapters/csharp/adapter.py +85 -0
  14. audit_test-0.1.0/src/audit_code/adapters/go/__init__.py +1 -0
  15. audit_test-0.1.0/src/audit_code/adapters/go/adapter.py +53 -0
  16. audit_test-0.1.0/src/audit_code/adapters/html/__init__.py +1 -0
  17. audit_test-0.1.0/src/audit_code/adapters/html/adapter.py +177 -0
  18. audit_test-0.1.0/src/audit_code/adapters/java/__init__.py +1 -0
  19. audit_test-0.1.0/src/audit_code/adapters/java/adapter.py +101 -0
  20. audit_test-0.1.0/src/audit_code/adapters/javascript/__init__.py +1 -0
  21. audit_test-0.1.0/src/audit_code/adapters/javascript/adapter.py +128 -0
  22. audit_test-0.1.0/src/audit_code/adapters/python/__init__.py +1 -0
  23. audit_test-0.1.0/src/audit_code/adapters/python/adapter.py +40 -0
  24. audit_test-0.1.0/src/audit_code/adapters/rust/__init__.py +1 -0
  25. audit_test-0.1.0/src/audit_code/adapters/rust/adapter.py +60 -0
  26. audit_test-0.1.0/src/audit_code/adapters/sql/__init__.py +1 -0
  27. audit_test-0.1.0/src/audit_code/adapters/sql/adapter.py +71 -0
  28. audit_test-0.1.0/src/audit_code/audit_config.py +21 -0
  29. audit_test-0.1.0/src/audit_code/audit_deps.py +426 -0
  30. audit_test-0.1.0/src/audit_code/audit_gate.py +596 -0
  31. audit_test-0.1.0/src/audit_code/audit_phd.py +1478 -0
  32. audit_test-0.1.0/src/audit_code/audit_quality.py +574 -0
  33. audit_test-0.1.0/src/audit_code/audit_runtime.py +1262 -0
  34. audit_test-0.1.0/src/audit_code/audit_shared.py +63 -0
  35. audit_test-0.1.0/src/audit_code/audit_suite.py +322 -0
  36. audit_test-0.1.0/src/audit_code/audit_wiring.py +998 -0
  37. audit_test-0.1.0/src/audit_code/cli.py +353 -0
  38. audit_test-0.1.0/src/audit_code/config.py +107 -0
  39. audit_test-0.1.0/src/audit_code/deps.py +49 -0
  40. audit_test-0.1.0/src/audit_code/gate.py +52 -0
  41. audit_test-0.1.0/src/audit_code/integrations/__init__.py +15 -0
  42. audit_test-0.1.0/src/audit_code/integrations/codeql.py +27 -0
  43. audit_test-0.1.0/src/audit_code/integrations/dependency_scan.py +27 -0
  44. audit_test-0.1.0/src/audit_code/integrations/megalinter.py +27 -0
  45. audit_test-0.1.0/src/audit_code/integrations/secret_scan.py +27 -0
  46. audit_test-0.1.0/src/audit_code/integrations/semgrep.py +27 -0
  47. audit_test-0.1.0/src/audit_code/models.py +73 -0
  48. audit_test-0.1.0/src/audit_code/phd.py +84 -0
  49. audit_test-0.1.0/src/audit_code/profiles/__init__.py +10 -0
  50. audit_test-0.1.0/src/audit_code/profiles/agent_engine/__init__.py +1 -0
  51. audit_test-0.1.0/src/audit_code/profiles/agent_engine/config_checks.py +14 -0
  52. audit_test-0.1.0/src/audit_code/profiles/agent_engine/profile.py +16 -0
  53. audit_test-0.1.0/src/audit_code/profiles/agent_engine/prompt_checks.py +14 -0
  54. audit_test-0.1.0/src/audit_code/profiles/agent_engine/stdout_checks.py +14 -0
  55. audit_test-0.1.0/src/audit_code/profiles/agent_engine/tool_registry_checks.py +14 -0
  56. audit_test-0.1.0/src/audit_code/project.py +28 -0
  57. audit_test-0.1.0/src/audit_code/quality.py +748 -0
  58. audit_test-0.1.0/src/audit_code/reporting/__init__.py +19 -0
  59. audit_test-0.1.0/src/audit_code/reporting/json_report.py +42 -0
  60. audit_test-0.1.0/src/audit_code/reporting/junit.py +47 -0
  61. audit_test-0.1.0/src/audit_code/reporting/sarif.py +50 -0
  62. audit_test-0.1.0/src/audit_code/run_all_audits.py +121 -0
  63. audit_test-0.1.0/src/audit_code/runner.py +343 -0
  64. audit_test-0.1.0/src/audit_code/runtime.py +74 -0
  65. audit_test-0.1.0/src/audit_code/suite.py +337 -0
  66. audit_test-0.1.0/src/audit_code/wiring.py +90 -0
  67. audit_test-0.1.0/src/audit_test.egg-info/PKG-INFO +239 -0
  68. audit_test-0.1.0/src/audit_test.egg-info/SOURCES.txt +77 -0
  69. audit_test-0.1.0/src/audit_test.egg-info/dependency_links.txt +1 -0
  70. audit_test-0.1.0/src/audit_test.egg-info/entry_points.txt +4 -0
  71. audit_test-0.1.0/src/audit_test.egg-info/top_level.txt +1 -0
  72. audit_test-0.1.0/tests/test_adapters.py +253 -0
  73. audit_test-0.1.0/tests/test_base.py +122 -0
  74. audit_test-0.1.0/tests/test_cli.py +167 -0
  75. audit_test-0.1.0/tests/test_config.py +104 -0
  76. audit_test-0.1.0/tests/test_coverage.py +97 -0
  77. audit_test-0.1.0/tests/test_reporting.py +106 -0
  78. audit_test-0.1.0/tests/test_runner.py +220 -0
  79. audit_test-0.1.0/tests/test_smoke.py +6 -0
@@ -0,0 +1,26 @@
1
+ Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License (CC BY-NC-ND 4.0)
2
+
3
+ © Yosef Bunick. All rights reserved.
4
+
5
+ You are free to:
6
+
7
+ Share — copy and redistribute the material in any medium or format
8
+
9
+ Under the following terms:
10
+
11
+ Attribution — You must give appropriate credit, provide a link to the
12
+ license, and indicate if changes were made.
13
+
14
+ NonCommercial — You may not use the material for commercial purposes.
15
+
16
+ NoDerivatives — If you remix, transform, or build upon the material,
17
+ you may not distribute the modified material.
18
+
19
+ License details: https://creativecommons.org/licenses/by-nc-nd/4.0/
20
+
21
+ This license applies unless otherwise explicitly stated within specific
22
+ files or directories of this repository.
23
+
24
+ For permission to monetize, distribute modified versions, remix,
25
+ sublicense, or commercially use this repository, please contact the
26
+ creator directly.
@@ -0,0 +1,239 @@
1
+ Metadata-Version: 2.4
2
+ Name: audit-test
3
+ Version: 0.1.0
4
+ Summary: Code and test verification orchestrator — interrogates code quality AND whether tests genuinely prove correctness
5
+ License: MIT
6
+ Requires-Python: >=3.10
7
+ Description-Content-Type: text/markdown
8
+ License-File: LICENSE
9
+ Dynamic: license-file
10
+
11
+ # audit-test
12
+
13
+ **One command. One policy. One report. One fail-closed verdict.**
14
+
15
+ Interrogates the quality of a repo's code *and* its tests — answers the hard
16
+ question: **does the code work, do the tests prove it, and did my change
17
+ break anything?**
18
+
19
+ ## Install
20
+
21
+ ```powershell
22
+ pip install audit-test
23
+ ```
24
+
25
+ Three CLI commands available after install (all identical):
26
+
27
+ ```powershell
28
+ audit-test high
29
+ audit-test high
30
+ audit-code high
31
+ ```
32
+
33
+ Or from source:
34
+
35
+ ```powershell
36
+ git clone https://github.com/Yosef-Bunick/AUDIT-TEST.git
37
+ cd AUDIT-TEST
38
+ pip install -e .
39
+ ```
40
+
41
+ ## Usage
42
+
43
+ Bare words or flags — both work:
44
+
45
+ ```powershell
46
+ audit-test # full audit
47
+ audit-test min # fast: wiring + phd + quality
48
+ audit-test full # complete: all checks + raw output
49
+ audit-test fix # auto-format (~1s)
50
+ audit-test phd high # PHD only, HIGH only
51
+ audit-test phd wiring medium # PHD + wiring, HIGH+MEDIUM
52
+ audit-test -p <dir> # audit a specific project
53
+ audit-test -s "suite lint" # skip suite + lint
54
+ ```
55
+
56
+ ### Flags quick reference
57
+
58
+ | Short | Long | Does |
59
+ |---|---|---|
60
+ | `-h` | `--high` | HIGH severity only (default) |
61
+ | `-m` | `--medium` | HIGH + MEDIUM severity |
62
+ | | `--info` | HIGH + MEDIUM + INFO |
63
+ | | `--all` | all findings |
64
+ | `-v` | `--verbose` | full detail output |
65
+ | `-f` | `--fix` | auto-format |
66
+ | `-F` | `--full` | complete analysis |
67
+ | `-p` | `--path` | project directory |
68
+ | `-s` | `--skip` | skip modules (comma/space) |
69
+ | `-H` | `--help` | show help |
70
+
71
+ ### Modules
72
+
73
+ Any combination, bare words or `--flag`:
74
+
75
+ ```powershell
76
+ audit-test phd # PHD static audit
77
+ audit-test wiring # wiring audit
78
+ audit-test runtime # runtime audit
79
+ audit-test suite # test suite audit
80
+ audit-test quality # quality gates
81
+ audit-test syntax # all language syntax checks
82
+ audit-test python # Python syntax only
83
+ audit-test tests # non-Python test suites
84
+ audit-test lint # ruff check
85
+ audit-test black # black format
86
+ audit-test lint fix # ruff --fix
87
+ audit-test black fix # black format
88
+ audit-test phd wiring medium # mix any modules + severity
89
+ ```
90
+
91
+ ### Change gate
92
+
93
+ ```powershell
94
+ audit-test gate # judge working-tree diff vs HEAD
95
+ audit-test gate high # block on new HIGH findings (default)
96
+ audit-test gate medium # block on new HIGH+MEDIUM
97
+ audit-test gate fast # skip mutation (G4)
98
+ audit-test gate -p <dir> # gate a specific project
99
+ ```
100
+
101
+ ### Standalone scripts
102
+
103
+ The original audit scripts also work standalone — no pip install needed.
104
+ Copy them into any project and run directly:
105
+
106
+ ```powershell
107
+ python audit_wiring.py # dead symbols, config drift
108
+ python audit_phd.py # exception discipline, security patterns
109
+ python audit_phd.py --min-severity=HIGH # HIGH findings only
110
+ python audit_runtime.py # timeouts, log hygiene, prompt contracts
111
+ python audit_suite.py # run pytest, classify failures
112
+ python audit_quality.py # black, ruff, mypy, CVE, coverage
113
+ python audit_gate.py # judge working-tree diff vs HEAD
114
+ python run_all_audits.py # orchestrate all five into one report
115
+ ```
116
+
117
+ ## The stack
118
+
119
+ | Audit | Question it answers |
120
+ |---|---|
121
+ | wiring | **Is it connected?** Dead symbols, test-only code, config key drift |
122
+ | phd | **Does it meet the bar?** Exception discipline, security patterns, state bugs |
123
+ | runtime | **Will it hang or crash?** Unbounded loops, missing timeouts, secrets in logs |
124
+ | suite | **Is the test suite healthy?** Runs pytest, classifies real vs pollution failures |
125
+ | quality | **External gates + execution truth.** Black, ruff, mypy, CVE scan, coverage |
126
+
127
+ ## Languages
128
+
129
+ Auto-detects 9 languages (marker files or source files anywhere in the tree,
130
+ root included). Python runs the full five-audit stack. Every other language
131
+ gets a **real** syntax check plus its native test suite — and when the
132
+ required toolchain is missing, the result is an honest `SKIP` with the
133
+ install hint, never a fake pass:
134
+
135
+ | Language | Detection | Syntax check | Test suite |
136
+ |---|---|---|---|
137
+ | Python | `pyproject.toml`, `setup.py`, `*.py` | `ast.parse` per file (built-in) | pytest (via `suite` audit) |
138
+ | JS / TS | `package.json`, `*.js`, `*.ts` | `node --check`; TS via `tsc --noEmit` (TS1xxx only) | `npm test` (real script only) |
139
+ | Java | `pom.xml`, `build.gradle`, `*.java` | `javac -proc:none` (parse errors only; classpath noise not judged) | `mvn test` / `gradlew test` |
140
+ | Go | `go.mod`, `*.go` | `gofmt -l -e` (parse + format drift) | `go test ./...` |
141
+ | Rust | `Cargo.toml`, `*.rs` | `cargo check` | `cargo test` |
142
+ | C# | `*.cs` | `dotnet build` (SKIP if restore fails) | `dotnet test` |
143
+ | C / C++ | `CMakeLists.txt`, `Makefile`, `*.c(pp)` | `gcc/clang -fsyntax-only` or `cl /Zs` per unit | `ctest` (if `build/` exists) |
144
+ | HTML / CSS | `*.html`, `*.css`, `*.scss` | tag-balance / brace-balance (structural, stdlib) | — |
145
+ | SQL | `*.sql` | `sqlfluff parse` (ANSI; SKIP if not installed) | — |
146
+
147
+ Restrict detection with `[audit] languages = ["python", "go"]` in
148
+ `audit-code.toml` (empty list = auto-detect all).
149
+
150
+ ## Exit codes
151
+
152
+ | Code | Meaning |
153
+ |---|---|
154
+ | 0 | Audits completed, passed |
155
+ | 1 | Completed but blocking problems found |
156
+ | 2 | Setup or configuration error |
157
+ | 3 | Required audit or tool crashed |
158
+ | 4 | No supported language detected |
159
+
160
+ ### Severity levels
161
+
162
+ Every finding has a severity: **HIGH**, **MEDIUM**, or **INFO**. Default reports
163
+ HIGH only. Use `--medium`, `--info`, or `--all` to expand. The `phd` audit
164
+ supports `--min-severity=HIGH` when run standalone.
165
+
166
+ ## The gate
167
+
168
+ `audit-test gate` judges **only your working-tree diff vs HEAD**, inside a
169
+ disposable git worktree:
170
+
171
+ - **G0** syntax — changed files must parse
172
+ - **G1** static regression — no new HIGH findings vs HEAD
173
+ - **G2** suite green — full test suite passes
174
+ - **G3** execution proof — every changed def + line executes under tests
175
+ - **G4** mutation kill — injected bugs in changed lines must be caught
176
+
177
+ ## Design
178
+
179
+ - **Fail-closed.** Crash, missing summary, unparseable file — all failures, never passes.
180
+ - **Name-level vs execution-level.** "Test mentions this" and "body ran" are different facts.
181
+ - **Judge the diff, not the history.** Legacy findings are baseline; only regressions fail.
182
+ - **Honest limits.** No static tool promises semantic correctness — this stack narrows the gap.
183
+
184
+ ## Configuration
185
+
186
+ ### `.audit-test-ignore`
187
+
188
+ Skip directories or files from all scans. Drop this file in your project root.
189
+ One pattern per line, `#` for comments. Patterns are merged with built-in defaults
190
+ (`.venv`, `node_modules`, `.git`, `__pycache__`, `dist`, `build`, etc.):
191
+
192
+ ```
193
+ # .audit-test-ignore
194
+ generated/
195
+ third_party/
196
+ *.pb2.py
197
+ ```
198
+
199
+ Patterns match directory/file name parts (exact match, not substring).
200
+
201
+ ### `# audit: ok`
202
+
203
+ Add `# audit: ok` to the end of any line to suppress a finding on that line.
204
+ Use sparingly — every suppression is counted in the summary.
205
+
206
+ Applies to `wiring`, `phd`, and `runtime` audits. Example:
207
+
208
+ ```python
209
+ except Exception: # audit: ok (intentional swallow — benign)
210
+ TOOL_TIMEOUT = 600 # audit: ok (tool config, not a tuning knob)
211
+ subprocess.run(cmd) # audit: ok (audit tools ARE subprocess runners)
212
+ ```
213
+
214
+ ## Requirements
215
+
216
+ Python 3.10+, git, pytest
217
+ Optional (auto-detected): `coverage`, `black`, `ruff`, `mypy`, `pip-audit`, `mutmut`
218
+
219
+ ## License
220
+
221
+ This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License (CC BY-NC-ND 4.0).
222
+
223
+ © Yosef Bunick. All rights reserved.
224
+
225
+ You are free to:
226
+
227
+ Share — copy and redistribute the material in any medium or format
228
+
229
+ Under the following terms:
230
+
231
+ Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made.
232
+ NonCommercial — You may not use the material for commercial purposes.
233
+ NoDerivatives — If you remix, transform, or build upon the material, you may not distribute the modified material.
234
+
235
+ License details: https://creativecommons.org/licenses/by-nc-nd/4.0/
236
+
237
+ This license applies unless otherwise explicitly stated within specific files or directories of this repository.
238
+
239
+ For permission to monetize, distribute modified versions, remix, sublicense, or commercially use this repository, please contact the creator directly.
@@ -0,0 +1,229 @@
1
+ # audit-test
2
+
3
+ **One command. One policy. One report. One fail-closed verdict.**
4
+
5
+ Interrogates the quality of a repo's code *and* its tests — answers the hard
6
+ question: **does the code work, do the tests prove it, and did my change
7
+ break anything?**
8
+
9
+ ## Install
10
+
11
+ ```powershell
12
+ pip install audit-test
13
+ ```
14
+
15
+ Three CLI commands available after install (all identical):
16
+
17
+ ```powershell
18
+ audit-test high
19
+ audit-test high
20
+ audit-code high
21
+ ```
22
+
23
+ Or from source:
24
+
25
+ ```powershell
26
+ git clone https://github.com/Yosef-Bunick/AUDIT-TEST.git
27
+ cd AUDIT-TEST
28
+ pip install -e .
29
+ ```
30
+
31
+ ## Usage
32
+
33
+ Bare words or flags — both work:
34
+
35
+ ```powershell
36
+ audit-test # full audit
37
+ audit-test min # fast: wiring + phd + quality
38
+ audit-test full # complete: all checks + raw output
39
+ audit-test fix # auto-format (~1s)
40
+ audit-test phd high # PHD only, HIGH only
41
+ audit-test phd wiring medium # PHD + wiring, HIGH+MEDIUM
42
+ audit-test -p <dir> # audit a specific project
43
+ audit-test -s "suite lint" # skip suite + lint
44
+ ```
45
+
46
+ ### Flags quick reference
47
+
48
+ | Short | Long | Does |
49
+ |---|---|---|
50
+ | `-h` | `--high` | HIGH severity only (default) |
51
+ | `-m` | `--medium` | HIGH + MEDIUM severity |
52
+ | | `--info` | HIGH + MEDIUM + INFO |
53
+ | | `--all` | all findings |
54
+ | `-v` | `--verbose` | full detail output |
55
+ | `-f` | `--fix` | auto-format |
56
+ | `-F` | `--full` | complete analysis |
57
+ | `-p` | `--path` | project directory |
58
+ | `-s` | `--skip` | skip modules (comma/space) |
59
+ | `-H` | `--help` | show help |
60
+
61
+ ### Modules
62
+
63
+ Any combination, bare words or `--flag`:
64
+
65
+ ```powershell
66
+ audit-test phd # PHD static audit
67
+ audit-test wiring # wiring audit
68
+ audit-test runtime # runtime audit
69
+ audit-test suite # test suite audit
70
+ audit-test quality # quality gates
71
+ audit-test syntax # all language syntax checks
72
+ audit-test python # Python syntax only
73
+ audit-test tests # non-Python test suites
74
+ audit-test lint # ruff check
75
+ audit-test black # black format
76
+ audit-test lint fix # ruff --fix
77
+ audit-test black fix # black format
78
+ audit-test phd wiring medium # mix any modules + severity
79
+ ```
80
+
81
+ ### Change gate
82
+
83
+ ```powershell
84
+ audit-test gate # judge working-tree diff vs HEAD
85
+ audit-test gate high # block on new HIGH findings (default)
86
+ audit-test gate medium # block on new HIGH+MEDIUM
87
+ audit-test gate fast # skip mutation (G4)
88
+ audit-test gate -p <dir> # gate a specific project
89
+ ```
90
+
91
+ ### Standalone scripts
92
+
93
+ The original audit scripts also work standalone — no pip install needed.
94
+ Copy them into any project and run directly:
95
+
96
+ ```powershell
97
+ python audit_wiring.py # dead symbols, config drift
98
+ python audit_phd.py # exception discipline, security patterns
99
+ python audit_phd.py --min-severity=HIGH # HIGH findings only
100
+ python audit_runtime.py # timeouts, log hygiene, prompt contracts
101
+ python audit_suite.py # run pytest, classify failures
102
+ python audit_quality.py # black, ruff, mypy, CVE, coverage
103
+ python audit_gate.py # judge working-tree diff vs HEAD
104
+ python run_all_audits.py # orchestrate all five into one report
105
+ ```
106
+
107
+ ## The stack
108
+
109
+ | Audit | Question it answers |
110
+ |---|---|
111
+ | wiring | **Is it connected?** Dead symbols, test-only code, config key drift |
112
+ | phd | **Does it meet the bar?** Exception discipline, security patterns, state bugs |
113
+ | runtime | **Will it hang or crash?** Unbounded loops, missing timeouts, secrets in logs |
114
+ | suite | **Is the test suite healthy?** Runs pytest, classifies real vs pollution failures |
115
+ | quality | **External gates + execution truth.** Black, ruff, mypy, CVE scan, coverage |
116
+
117
+ ## Languages
118
+
119
+ Auto-detects 9 languages (marker files or source files anywhere in the tree,
120
+ root included). Python runs the full five-audit stack. Every other language
121
+ gets a **real** syntax check plus its native test suite — and when the
122
+ required toolchain is missing, the result is an honest `SKIP` with the
123
+ install hint, never a fake pass:
124
+
125
+ | Language | Detection | Syntax check | Test suite |
126
+ |---|---|---|---|
127
+ | Python | `pyproject.toml`, `setup.py`, `*.py` | `ast.parse` per file (built-in) | pytest (via `suite` audit) |
128
+ | JS / TS | `package.json`, `*.js`, `*.ts` | `node --check`; TS via `tsc --noEmit` (TS1xxx only) | `npm test` (real script only) |
129
+ | Java | `pom.xml`, `build.gradle`, `*.java` | `javac -proc:none` (parse errors only; classpath noise not judged) | `mvn test` / `gradlew test` |
130
+ | Go | `go.mod`, `*.go` | `gofmt -l -e` (parse + format drift) | `go test ./...` |
131
+ | Rust | `Cargo.toml`, `*.rs` | `cargo check` | `cargo test` |
132
+ | C# | `*.cs` | `dotnet build` (SKIP if restore fails) | `dotnet test` |
133
+ | C / C++ | `CMakeLists.txt`, `Makefile`, `*.c(pp)` | `gcc/clang -fsyntax-only` or `cl /Zs` per unit | `ctest` (if `build/` exists) |
134
+ | HTML / CSS | `*.html`, `*.css`, `*.scss` | tag-balance / brace-balance (structural, stdlib) | — |
135
+ | SQL | `*.sql` | `sqlfluff parse` (ANSI; SKIP if not installed) | — |
136
+
137
+ Restrict detection with `[audit] languages = ["python", "go"]` in
138
+ `audit-code.toml` (empty list = auto-detect all).
139
+
140
+ ## Exit codes
141
+
142
+ | Code | Meaning |
143
+ |---|---|
144
+ | 0 | Audits completed, passed |
145
+ | 1 | Completed but blocking problems found |
146
+ | 2 | Setup or configuration error |
147
+ | 3 | Required audit or tool crashed |
148
+ | 4 | No supported language detected |
149
+
150
+ ### Severity levels
151
+
152
+ Every finding has a severity: **HIGH**, **MEDIUM**, or **INFO**. Default reports
153
+ HIGH only. Use `--medium`, `--info`, or `--all` to expand. The `phd` audit
154
+ supports `--min-severity=HIGH` when run standalone.
155
+
156
+ ## The gate
157
+
158
+ `audit-test gate` judges **only your working-tree diff vs HEAD**, inside a
159
+ disposable git worktree:
160
+
161
+ - **G0** syntax — changed files must parse
162
+ - **G1** static regression — no new HIGH findings vs HEAD
163
+ - **G2** suite green — full test suite passes
164
+ - **G3** execution proof — every changed def + line executes under tests
165
+ - **G4** mutation kill — injected bugs in changed lines must be caught
166
+
167
+ ## Design
168
+
169
+ - **Fail-closed.** Crash, missing summary, unparseable file — all failures, never passes.
170
+ - **Name-level vs execution-level.** "Test mentions this" and "body ran" are different facts.
171
+ - **Judge the diff, not the history.** Legacy findings are baseline; only regressions fail.
172
+ - **Honest limits.** No static tool promises semantic correctness — this stack narrows the gap.
173
+
174
+ ## Configuration
175
+
176
+ ### `.audit-test-ignore`
177
+
178
+ Skip directories or files from all scans. Drop this file in your project root.
179
+ One pattern per line, `#` for comments. Patterns are merged with built-in defaults
180
+ (`.venv`, `node_modules`, `.git`, `__pycache__`, `dist`, `build`, etc.):
181
+
182
+ ```
183
+ # .audit-test-ignore
184
+ generated/
185
+ third_party/
186
+ *.pb2.py
187
+ ```
188
+
189
+ Patterns match directory/file name parts (exact match, not substring).
190
+
191
+ ### `# audit: ok`
192
+
193
+ Add `# audit: ok` to the end of any line to suppress a finding on that line.
194
+ Use sparingly — every suppression is counted in the summary.
195
+
196
+ Applies to `wiring`, `phd`, and `runtime` audits. Example:
197
+
198
+ ```python
199
+ except Exception: # audit: ok (intentional swallow — benign)
200
+ TOOL_TIMEOUT = 600 # audit: ok (tool config, not a tuning knob)
201
+ subprocess.run(cmd) # audit: ok (audit tools ARE subprocess runners)
202
+ ```
203
+
204
+ ## Requirements
205
+
206
+ Python 3.10+, git, pytest
207
+ Optional (auto-detected): `coverage`, `black`, `ruff`, `mypy`, `pip-audit`, `mutmut`
208
+
209
+ ## License
210
+
211
+ This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License (CC BY-NC-ND 4.0).
212
+
213
+ © Yosef Bunick. All rights reserved.
214
+
215
+ You are free to:
216
+
217
+ Share — copy and redistribute the material in any medium or format
218
+
219
+ Under the following terms:
220
+
221
+ Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made.
222
+ NonCommercial — You may not use the material for commercial purposes.
223
+ NoDerivatives — If you remix, transform, or build upon the material, you may not distribute the modified material.
224
+
225
+ License details: https://creativecommons.org/licenses/by-nc-nd/4.0/
226
+
227
+ This license applies unless otherwise explicitly stated within specific files or directories of this repository.
228
+
229
+ For permission to monetize, distribute modified versions, remix, sublicense, or commercially use this repository, please contact the creator directly.
@@ -0,0 +1,27 @@
1
+ [build-system]
2
+ requires = ["setuptools>=68"]
3
+ build-backend = "setuptools.build_meta"
4
+
5
+ [project]
6
+ name = "audit-test"
7
+ version = "0.1.0"
8
+ description = "Code and test verification orchestrator — interrogates code quality AND whether tests genuinely prove correctness"
9
+ requires-python = ">=3.10"
10
+ license = {text = "MIT"}
11
+ readme = "README.md"
12
+
13
+ [project.scripts]
14
+ audit-code = "audit_code.cli:main"
15
+ audit-test = "audit_code.cli:main"
16
+ audit-tests = "audit_code.cli:main"
17
+
18
+ [tool.setuptools.packages.find]
19
+ where = ["src"]
20
+
21
+ [tool.ruff.lint]
22
+ ignore = [
23
+ "S101", "S105", "S110", "S112", "S603", "S607",
24
+ "B007", # unused loop variable (legitimate in AST walkers)
25
+ "B023", # function binding loop variable
26
+ "B905", # zip() without strict (pre-3.10 compat)
27
+ ]
@@ -0,0 +1,4 @@
1
+ [egg_info]
2
+ tag_build =
3
+ tag_date = 0
4
+
@@ -0,0 +1,3 @@
1
+ """audit-code: code and test verification orchestrator."""
2
+
3
+ __version__ = "0.1.0"
@@ -0,0 +1,5 @@
1
+ """Allow `python -m audit_code`."""
2
+
3
+ from audit_code.cli import main
4
+
5
+ main()
@@ -0,0 +1,34 @@
1
+ """Language adapters — one per supported language."""
2
+
3
+ from pathlib import Path
4
+
5
+ from audit_code.adapters.cpp.adapter import CppAdapter
6
+ from audit_code.adapters.csharp.adapter import CsharpAdapter
7
+ from audit_code.adapters.go.adapter import GoAdapter
8
+ from audit_code.adapters.html.adapter import HtmlAdapter
9
+ from audit_code.adapters.java.adapter import JavaAdapter
10
+ from audit_code.adapters.javascript.adapter import JavaScriptAdapter
11
+ from audit_code.adapters.python.adapter import PythonAdapter
12
+ from audit_code.adapters.rust.adapter import RustAdapter
13
+ from audit_code.adapters.sql.adapter import SqlAdapter
14
+
15
+ ALL = [
16
+ PythonAdapter,
17
+ JavaScriptAdapter,
18
+ JavaAdapter,
19
+ GoAdapter,
20
+ RustAdapter,
21
+ CsharpAdapter,
22
+ CppAdapter,
23
+ HtmlAdapter,
24
+ SqlAdapter,
25
+ ]
26
+
27
+
28
+ def discover(target_root: Path) -> list:
29
+ """Return the adapter classes for every language detected in the target.
30
+
31
+ Detection only — the runner decides when to run syntax checks and test
32
+ suites so their results land in the report.
33
+ """
34
+ return [a for a in ALL if a.detect(target_root)]