audnet 0.1.2__tar.gz

audnet-0.1.2/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,28 @@
+---
+name: Bug report
+about: Create a report to help us improve
+labels: bug
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Run `audnet ...`
+2. ...
+3. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots.
+
+**Environment:**
+- OS: [e.g. Ubuntu 24.04]
+- Python: [e.g. 3.12]
+- audnet: [e.g. v0.1.0]
+
+**Additional context**
+Add any other context about the problem here.

audnet-0.1.2/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,17 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+labels: enhancement
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

audnet-0.1.2/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,24 @@
+## Description
+
+<!-- What does this PR do? -->
+
+## Related Issues
+
+<!-- Link issues that this PR closes. Use one of: -->
+<!-- Closes #123, Fixes #456, Resolves #789 -->
+
+## Type of Change
+
+- [ ] Bug fix (non-breaking change that fixes an issue)
+- [ ] New feature (non-breaking change that adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to change)
+- [ ] Documentation update
+- [ ] CI / tooling
+
+## Checklist
+
+- [ ] Tests added or updated
+- [ ] Lint + type checks pass (`ruff check src/ tests/`, `mypy src/`)
+- [ ] Full test suite passes
+- [ ] CHANGELOG.md updated if applicable
+- [ ] README.md updated if applicable

audnet-0.1.2/.github/labeler.yml

@@ -0,0 +1,72 @@
+# Auto-label configuration for PRs based on changed paths
+# Format for actions/labeler@v5
+
+enhancement:
+  - changed-files:
+      - any-glob-to-any-file:
+          - src/**/*
+          - '!src/**/.github/**/*'
+
+bug:
+  - changed-files:
+      - any-glob-to-any-file:
+          - src/**/*
+          - '!src/**/.github/**/*'
+          - '**/fix*'
+          - '**/bug*'
+
+chore:
+  - changed-files:
+      - any-glob-to-any-file:
+          - .github/**/*
+          - '*.lock'
+          - uv.lock
+
+documentation:
+  - changed-files:
+      - any-glob-to-any-file:
+          - '**/*.md'
+          - docs/**/*
+          - .github/ISSUE_TEMPLATE/**/*
+
+security:
+  - changed-files:
+      - any-glob-to-any-file:
+          - src/audnet/reporter.py
+          - src/audnet/collector.py
+          - pyproject.toml
+
+collector:
+  - changed-files:
+      - any-glob-to-any-file:
+          - src/audnet/collector.py
+
+cli:
+  - changed-files:
+      - any-glob-to-any-file:
+          - src/audnet/cli.py
+
+compliance:
+  - changed-files:
+      - any-glob-to-any-file:
+          - src/audnet/compliance.py
+
+parser:
+  - changed-files:
+      - any-glob-to-any-file:
+          - src/audnet/parser.py
+
+models:
+  - changed-files:
+      - any-glob-to-any-file:
+          - src/audnet/models.py
+
+config:
+  - changed-files:
+      - any-glob-to-any-file:
+          - src/audnet/config.py
+
+tests:
+  - changed-files:
+      - any-glob-to-any-file:
+          - tests/**/*

audnet-0.1.2/.github/workflows/auto-close-issues.yml

@@ -0,0 +1,43 @@
+name: Auto Close Issues
+
+on:
+  pull_request:
+    types: [closed]
+
+jobs:
+  close-linked-issues:
+    if: github.event.pull_request.merged == true
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: read
+    steps:
+      - uses: actions/github-script@v7
+        with:
+          script: |
+            const pr = context.payload.pull_request;
+            const body = pr.body || '';
+
+            const issueRegex = /(?:close[sd]?|fix(?:es|ed)?|resolve[sd]?)\s+#(\d+)/gi;
+            const matches = [...body.matchAll(issueRegex)];
+
+            if (matches.length === 0) {
+              console.log('No linked issues found in PR body.');
+              return;
+            }
+
+            for (const match of matches) {
+              const issueNumber = parseInt(match[1]);
+              try {
+                await github.rest.issues.update({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  issue_number: issueNumber,
+                  state: 'closed',
+                  state_reason: 'completed'
+                });
+                console.log(`Closed issue #${issueNumber}`);
+              } catch (e) {
+                console.log(`Could not close #${issueNumber}: ${e.message}`);
+              }
+            }

audnet-0.1.2/.github/workflows/ci.yml

@@ -0,0 +1,101 @@
+name: CI
+
+on:
+  push:
+    branches: [master, main]
+  pull_request:
+    branches: [master, main]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.14"
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+        with:
+          version: "latest"
+
+      - name: Create venv and install dependencies
+        run: |
+          uv venv
+          uv pip install -e ".[dev]"
+
+      - name: Lint with ruff
+        run: uv run ruff check src/ tests/
+
+      - name: Type check with mypy
+        run: uv run mypy src/
+
+  security:
+    needs: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.14"
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+        with:
+          version: "latest"
+
+      - name: Create venv and install dependencies
+        run: |
+          uv venv
+          uv pip install -e ".[dev]"
+
+      - name: Run Bandit security scan
+        run: uv run bandit -r src/ -c pyproject.toml
+
+      - name: Run pip-audit dependency check
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 5
+          max_attempts: 3
+          retry_wait_seconds: 30
+          command: uv run pip-audit --ignore-vuln CVE-2026-44405 --ignore-vuln PYSEC-2026-196
+
+  test:
+    needs: security
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.12", "3.13", "3.14"]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+        with:
+          version: "latest"
+
+      - name: Create venv and install dependencies
+        run: |
+          uv venv
+          uv pip install -e ".[dev]"
+
+      - name: Run tests
+        run: uv run pytest tests/ -v --tb=short
+
+      - name: Coverage report
+        run: uv run pytest tests/ --cov=audnet --cov-report=term-missing --cov-fail-under=90

audnet-0.1.2/.github/workflows/issue-labeler.yml

@@ -0,0 +1,74 @@
+name: Auto Label Issues
+
+on:
+  issues:
+    types: [opened, edited]
+
+jobs:
+  label:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+    steps:
+      - uses: actions/github-script@v7
+        with:
+          script: |
+            const issue = context.payload.issue;
+            const title = issue.title.toLowerCase();
+            const body = (issue.body || '').toLowerCase();
+            let labelsToAdd = [];
+
+            // Keyword-based labeling (production pattern)
+            if (title.includes('fix') || title.includes('bug') || body.includes('bug')) {
+              labelsToAdd.push('bug');
+            }
+            if (title.includes('feat') || title.includes('enhance') || body.includes('feature')) {
+              labelsToAdd.push('enhancement');
+            }
+            if (title.includes('docs') || title.includes('documentation') || body.includes('readme')) {
+              labelsToAdd.push('documentation');
+            }
+            if (title.includes('security') || body.includes('secret') || body.includes('password')) {
+              labelsToAdd.push('security');
+            }
+            if (title.includes('performance') || title.includes('slow')) {
+              labelsToAdd.push('performance');
+            }
+            if (title.includes('refactor') || title.includes('clean')) {
+              labelsToAdd.push('refactor');
+            }
+            if (title.includes('chore') || title.includes('ci') || title.includes('test')) {
+              labelsToAdd.push('chore');
+            }
+
+            // Remove duplicates
+            labelsToAdd = [...new Set(labelsToAdd)];
+
+            if (labelsToAdd.length > 0) {
+              // Ensure each label exists (create if missing) - robust production fix
+              for (const label of labelsToAdd) {
+                try {
+                  await github.rest.issues.getLabel({
+                    owner: context.repo.owner,
+                    repo: context.repo.repo,
+                    name: label
+                  });
+                } catch (error) {
+                  if (error.status === 404) {
+                    await github.rest.issues.createLabel({
+                      owner: context.repo.owner,
+                      repo: context.repo.repo,
+                      name: label,
+                      color: '0366d6'  // GitHub blue
+                    });
+                  }
+                }
+              }
+
+              await github.rest.issues.addLabels({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: issue.number,
+                labels: labelsToAdd
+              });
+            }

audnet-0.1.2/.github/workflows/labeler.yml

@@ -0,0 +1,21 @@
+name: Auto Labeler
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  label:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Label PR based on changed files
+        uses: actions/labeler@v5
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"
+          configuration-path: .github/labeler.yml
+          sync-labels: true

audnet-0.1.2/.github/workflows/publish.yml

@@ -0,0 +1,68 @@
+name: Publish to PyPI
+
+on:
+  push:
+    tags: ['v*']
+
+permissions:
+  contents: write  # needed for creating GitHub Releases
+
+jobs:
+  build-and-publish:
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/audnet
+    permissions:
+      id-token: write  # required for PyPI Trusted Publishing (OIDC)
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # required for hatch-vcs to determine version from tags
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.14"
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+        with:
+          version: "latest"
+
+      - name: Build wheel and sdist
+        run: uv build
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+      - name: Extract changelog section for this version
+        id: changelog
+        run: |
+          VERSION="${GITHUB_REF_NAME#v}"
+          # Extract the section for this version from CHANGELOG.md
+          NOTES=$(python3 -c "
+          import re, sys
+          version = '${VERSION}'
+          with open('CHANGELOG.md') as f:
+              content = f.read()
+          # Find the section for this version
+          pattern = rf'## \[{re.escape(version)}\].*?(?=\n## \[|\Z)'
+          match = re.search(pattern, content, re.DOTALL)
+          if match:
+              print(match.group(0).strip())
+          else:
+              print(f'Version {version} release.')
+          ")
+          echo "notes<<EOF" >> "$GITHUB_OUTPUT"
+          echo "$NOTES" >> "$GITHUB_OUTPUT"
+          echo "EOF" >> "$GITHUB_OUTPUT"
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          body: ${{ steps.changelog.outputs.notes }}
+          files: dist/*
+          draft: false
+          prerelease: false

audnet-0.1.2/.github/workflows/size-label.yml

@@ -0,0 +1,26 @@
+name: Size Label
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  size-label:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: write
+    steps:
+      - uses: pascalgn/size-label-action@v0.5.5
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+        with:
+          sizes: >
+            {
+              "size/XS": 0,
+              "size/S": 10,
+              "size/M": 50,
+              "size/L": 200,
+              "size/XL": 500
+            }

audnet-0.1.2/.gitignore

@@ -0,0 +1,27 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.egg-info/
+.eggs/
+dist/
+build/
+*.egg
+
+# Virtual environments
+.venv/
+
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/
+
+# Generated reports (created by running audnet)
+audit_report.*
+
+# User data — never commit real device inventories or baselines with credentials
+inventories/
+baselines/
+
+# Agent working files
+.hermes/

audnet-0.1.2/.pre-commit-config.yaml

@@ -0,0 +1,36 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-toml
+      - id: check-added-large-files
+        args: ['--maxkb=500']
+      - id: debug-statements
+      - id: mixed-line-ending
+
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.11.7
+    hooks:
+      - id: ruff
+        args: [--fix]
+      - id: ruff-format
+
+  - repo: https://github.com/pre-commit/mirrors-mypy
+    rev: v1.15.0
+    hooks:
+      - id: mypy
+        pass_filenames: false
+        args: [src/]
+        additional_dependencies:
+          - netmiko>=4.3.0
+          - textfsm>=1.1.0
+          - jinja2>=3.1.0
+          - pyyaml>=6.0
+          - pydantic>=2.0
+          - typer>=0.12.0
+          - rich>=13.0
+          - structlog>=24.0
+          - tenacity>=8.5.0

audnet-0.1.2/CHANGELOG.md

@@ -0,0 +1,86 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.1.0] - 2026-06-11
+
+### Added
+
+- Initial release: network security & compliance auditor with SSH-based device collection
+- Parallel SSH collector (`collector.py`) using Netmiko + ThreadPoolExecutor with configurable concurrency
+- Async collector prototype (`collector_async.py`) using asyncio + asyncssh for large-scale performance
+- TextFSM parser with vendor-aware template selection for structured CLI output
+- Pattern-based compliance engine with 4 security rules (SSH, NTP, syslog, interface) and per-vendor overrides
+- Vendor registry/dispatch pattern (`VendorProfile`, `register_vendor()`) for multi-vendor support
+- Jinja2 report generator producing Markdown and HTML audit reports
+- Typer CLI with `--device`, `--check`, `--json`, `--dry-run`, `--strict`, `--verbose`, `--version` flags
+- YAML inventory loader with environment variable resolution for credential management
+- Pydantic models for baseline schema validation
+- Structured exception hierarchy with retry logic for transient SSH failures
+- SSH key-based authentication support
+- `structlog` with secret redaction for safe logging
+- Plaintext password detection with `--strict` mode for CI/CD pipelines
+- Pre-commit hooks: ruff, mypy strict, bandit, and formatting checks
+- GitHub Actions CI: lint, security scan (bandit + pip-audit), and multi-version testing (3.12/3.13/3.14)
+- GitHub Actions auto-close workflow for linked issues on PR merge
+- Comprehensive test suite: 208 tests, 98.61% coverage
+- Sample device inventory and security baseline configuration
+- Documentation: README with usage examples, SECURITY.md, CONTRIBUTING.md, CHANGELOG.md
+
+### Security
+
+- Passwords stored as `SecretStr` (Pydantic), never rendered in logs or output
+- Structlog processor redacts sensitive keys (`password`, `key_file`, `secret`, `passwd`, `token`)
+- `--strict` mode enforces env-var-only passwords in CI/CD pipelines
+
+## [0.1.2] - 2026-06-12
+
+### Changed
+
+- Renamed package from `net-audit` / `net_audit` to `audnet` everywhere: Python package, CLI entry point, PyPI project name, env vars (`AUDNET_PASSWORD`), docs, badges (#108, #109)
+- Renamed GitHub repository from `islam666/net-audit` to `islam666/Audnet`
+
+### Fixed
+
+- CI badge URL updated to match renamed repo
+- Release badge URL updated to match renamed repo
+- Labeler config paths updated from `src/net_audit/` to `src/audnet/`
+- Sample SSH key filename in inventory updated to `audnet_id_ed25519`
+
+## [Unreleased]
+
+## [0.1.1] - 2026-06-12
+
+### Added
+
+- `--async` flag for asyncio-based collector (asyncssh) — recommended for >20 devices (#88)
+- `--no-fail` flag to exit with code 0 even when compliance checks fail (default: exit code 1 on failures) (#78)
+- Hostname parsing from `show version` output (#73)
+- Serial number parsing from `show version` output (#72)
+- PyPI publish workflow — automated build and publish to PyPI on `v*` tags via Trusted Publishing (OIDC) (#90)
+- PyPI version and Python version badges in README (#90)
+
+### Fixed
+
+- Strict mode now also checks `secret`, `passwd`, and `token` fields for plaintext passwords (#76)
+- `CheckConfig` model missing `vendor_patterns` field — added with proper validation (#85)
+- SSH host key verification not configurable in async collector (#84)
+- Invalid device entries in inventory no longer abort entire load — skipped with warning (#83)
+- Device order not preserved in `collect_all` results — now maintains insertion order (#82)
+- Missing vendor TextFSM templates silently returned empty results — now raises `ParseError` (#81)
+- `connect_timeout` passed as string instead of int in async collector (#79)
+- Report templates not lazy-loaded — now loaded on demand with proper error handling (#77)
+- Extra TextFSM fields in `ParsedVersion` caused validation errors — now ignored (#75)
+- Baseline `check_name` not propagated to `ComplianceResult` — now correctly set (#74)
+- `_check_no_open_ports` backward walk logic replaced with forward-scan interface tracking for correctness (#87)
+- Magic slot indices in parser replaced with `Slot` enum for type safety (#86)
+
+### Documentation
+
+- Added quick-install section to README (#53)
+- Added quick start guide (#80)
+- Added GitHub Release badge to README (#51)
+- Updated CONTRIBUTING.md release process to reflect automated PyPI publish (#90)