codejury 0.13.2__tar.gz → 0.13.3__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (81) hide show
  1. {codejury-0.13.2 → codejury-0.13.3}/PKG-INFO +1 -1
  2. {codejury-0.13.2 → codejury-0.13.3}/codejury/diff/engine.py +7 -5
  3. {codejury-0.13.2 → codejury-0.13.3}/codejury.egg-info/PKG-INFO +1 -1
  4. {codejury-0.13.2 → codejury-0.13.3}/pyproject.toml +1 -1
  5. {codejury-0.13.2 → codejury-0.13.3}/tests/test_diff_engine.py +11 -0
  6. {codejury-0.13.2 → codejury-0.13.3}/LICENSE +0 -0
  7. {codejury-0.13.2 → codejury-0.13.3}/README.md +0 -0
  8. {codejury-0.13.2 → codejury-0.13.3}/codejury/__init__.py +0 -0
  9. {codejury-0.13.2 → codejury-0.13.3}/codejury/analysis/__init__.py +0 -0
  10. {codejury-0.13.2 → codejury-0.13.3}/codejury/analysis/repo_model.py +0 -0
  11. {codejury-0.13.2 → codejury-0.13.3}/codejury/cli.py +0 -0
  12. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/agent/full-review.md +0 -0
  13. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/agent/security-review-memory.md +0 -0
  14. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/entrypoints.yaml +0 -0
  15. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/SKILL.md +0 -0
  16. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/business-logic.md +0 -0
  17. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/code-injection.md +0 -0
  18. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/command-injection.md +0 -0
  19. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/cross-site-request-forgery.md +0 -0
  20. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/cross-site-scripting.md +0 -0
  21. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/hardcoded-secrets.md +0 -0
  22. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/http-response-splitting.md +0 -0
  23. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/improper-authentication.md +0 -0
  24. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/information-exposure.md +0 -0
  25. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/insecure-cryptography.md +0 -0
  26. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/insecure-deserialization.md +0 -0
  27. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/insecure-direct-object-reference.md +0 -0
  28. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/insecure-transport.md +0 -0
  29. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/jwt-validation.md +0 -0
  30. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/mass-assignment.md +0 -0
  31. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/missing-authorization.md +0 -0
  32. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/open-redirect.md +0 -0
  33. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/path-traversal.md +0 -0
  34. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/race-condition.md +0 -0
  35. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/replay-attack.md +0 -0
  36. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/server-side-request-forgery.md +0 -0
  37. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/server-side-template-injection.md +0 -0
  38. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/session-fixation.md +0 -0
  39. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/sql-injection.md +0 -0
  40. {codejury-0.13.2 → codejury-0.13.3}/codejury/data/rules/xml-external-entity.md +0 -0
  41. {codejury-0.13.2 → codejury-0.13.3}/codejury/diff/__init__.py +0 -0
  42. {codejury-0.13.2 → codejury-0.13.3}/codejury/diff/debate.py +0 -0
  43. {codejury-0.13.2 → codejury-0.13.3}/codejury/diff/debate_prompts.py +0 -0
  44. {codejury-0.13.2 → codejury-0.13.3}/codejury/diff/findings_filter.py +0 -0
  45. {codejury-0.13.2 → codejury-0.13.3}/codejury/diff/prompts.py +0 -0
  46. {codejury-0.13.2 → codejury-0.13.3}/codejury/diff/report.py +0 -0
  47. {codejury-0.13.2 → codejury-0.13.3}/codejury/diff/rules.py +0 -0
  48. {codejury-0.13.2 → codejury-0.13.3}/codejury/domain/__init__.py +0 -0
  49. {codejury-0.13.2 → codejury-0.13.3}/codejury/domain/finding.py +0 -0
  50. {codejury-0.13.2 → codejury-0.13.3}/codejury/fullreview/__init__.py +0 -0
  51. {codejury-0.13.2 → codejury-0.13.3}/codejury/fullreview/scaffold.py +0 -0
  52. {codejury-0.13.2 → codejury-0.13.3}/codejury/infrastructure/__init__.py +0 -0
  53. {codejury-0.13.2 → codejury-0.13.3}/codejury/infrastructure/json_parse.py +0 -0
  54. {codejury-0.13.2 → codejury-0.13.3}/codejury/providers/__init__.py +0 -0
  55. {codejury-0.13.2 → codejury-0.13.3}/codejury/providers/anthropic.py +0 -0
  56. {codejury-0.13.2 → codejury-0.13.3}/codejury/providers/base.py +0 -0
  57. {codejury-0.13.2 → codejury-0.13.3}/codejury/providers/factory.py +0 -0
  58. {codejury-0.13.2 → codejury-0.13.3}/codejury/providers/litellm.py +0 -0
  59. {codejury-0.13.2 → codejury-0.13.3}/codejury/providers/mock.py +0 -0
  60. {codejury-0.13.2 → codejury-0.13.3}/codejury/providers/openai.py +0 -0
  61. {codejury-0.13.2 → codejury-0.13.3}/codejury/providers/openai_format.py +0 -0
  62. {codejury-0.13.2 → codejury-0.13.3}/codejury/providers/retry.py +0 -0
  63. {codejury-0.13.2 → codejury-0.13.3}/codejury/resources.py +0 -0
  64. {codejury-0.13.2 → codejury-0.13.3}/codejury.egg-info/SOURCES.txt +0 -0
  65. {codejury-0.13.2 → codejury-0.13.3}/codejury.egg-info/dependency_links.txt +0 -0
  66. {codejury-0.13.2 → codejury-0.13.3}/codejury.egg-info/entry_points.txt +0 -0
  67. {codejury-0.13.2 → codejury-0.13.3}/codejury.egg-info/requires.txt +0 -0
  68. {codejury-0.13.2 → codejury-0.13.3}/codejury.egg-info/top_level.txt +0 -0
  69. {codejury-0.13.2 → codejury-0.13.3}/setup.cfg +0 -0
  70. {codejury-0.13.2 → codejury-0.13.3}/tests/test_anthropic_provider.py +0 -0
  71. {codejury-0.13.2 → codejury-0.13.3}/tests/test_cli_audit.py +0 -0
  72. {codejury-0.13.2 → codejury-0.13.3}/tests/test_diff_debate.py +0 -0
  73. {codejury-0.13.2 → codejury-0.13.3}/tests/test_diff_report.py +0 -0
  74. {codejury-0.13.2 → codejury-0.13.3}/tests/test_full_review_scaffold.py +0 -0
  75. {codejury-0.13.2 → codejury-0.13.3}/tests/test_json_parse.py +0 -0
  76. {codejury-0.13.2 → codejury-0.13.3}/tests/test_litellm_provider.py +0 -0
  77. {codejury-0.13.2 → codejury-0.13.3}/tests/test_openai_format.py +0 -0
  78. {codejury-0.13.2 → codejury-0.13.3}/tests/test_openai_provider.py +0 -0
  79. {codejury-0.13.2 → codejury-0.13.3}/tests/test_repo_model.py +0 -0
  80. {codejury-0.13.2 → codejury-0.13.3}/tests/test_retry_provider.py +0 -0
  81. {codejury-0.13.2 → codejury-0.13.3}/tests/test_rules.py +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: codejury
3
- Version: 0.13.2
3
+ Version: 0.13.3
4
4
  Summary: AI code security review: an adversarial diff-audit engine and an agent-driven whole-repo review methodology, with security knowledge as rich rules
5
5
  Author: AISecLabs
6
6
  License-Expression: MIT
@@ -19,8 +19,9 @@ class AuditError(RuntimeError):
19
19
 
20
20
  Raised instead of returning an empty findings list, so a failed or blank
21
21
  call is never reported as a clean audit. The prompt requires a JSON object
22
- (an empty ``{"findings": []}`` when there is nothing to report), so a reply
23
- that yields no object is a failure, not a pass."""
22
+ carrying a ``findings`` key (an empty ``{"findings": []}`` when there is
23
+ nothing to report), so a reply that yields no object, or an object without
24
+ that key, is a failure, not a pass."""
24
25
 
25
26
 
26
27
  class AuditRunner:
@@ -39,9 +40,10 @@ class AuditRunner:
39
40
  max_tokens=self._max_tokens,
40
41
  )
41
42
  obj = extract_json_object(result.text)
42
- if obj is None:
43
+ if obj is None or "findings" not in obj:
43
44
  raise AuditError(
44
- "could not parse a JSON audit result from the model reply; "
45
- "treating it as a failed audit rather than a clean pass"
45
+ "the model reply was not a valid audit result (no JSON object, or a "
46
+ "JSON object without a `findings` key); treating it as a failed "
47
+ "audit rather than a clean pass"
46
48
  )
47
49
  return findings_from_list(obj.get("findings"))
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: codejury
3
- Version: 0.13.2
3
+ Version: 0.13.3
4
4
  Summary: AI code security review: an adversarial diff-audit engine and an agent-driven whole-repo review methodology, with security knowledge as rich rules
5
5
  Author: AISecLabs
6
6
  License-Expression: MIT
@@ -1,6 +1,6 @@
1
1
  [project]
2
2
  name = "codejury"
3
- version = "0.13.2"
3
+ version = "0.13.3"
4
4
  description = "AI code security review: an adversarial diff-audit engine and an agent-driven whole-repo review methodology, with security knowledge as rich rules"
5
5
  readme = "README.md"
6
6
  requires-python = ">=3.12"
@@ -73,6 +73,17 @@ def test_engine_raises_on_unparseable_reply():
73
73
  AuditRunner(provider=MockProvider(default=""), model="m").run(_DIFF)
74
74
 
75
75
 
76
+ def test_engine_raises_on_wrong_shape_json():
77
+ # valid JSON but no `findings` key is a malformed reply, not a clean audit
78
+ import pytest
79
+
80
+ from codejury.diff.engine import AuditError
81
+
82
+ for bad in ("{}", '{"result": "ok"}'):
83
+ with pytest.raises(AuditError):
84
+ AuditRunner(provider=MockProvider(default=bad), model="m").run(_DIFF)
85
+
86
+
76
87
  def test_prompt_carries_diff_focus_and_do_not_report():
77
88
  p = standard_audit_prompt(_DIFF, rules="RULE-X", context="def caller(): ...")
78
89
  assert "SELECT * FROM u" in p # the diff
File without changes
File without changes
File without changes
File without changes
File without changes