codejury 0.23.0__tar.gz → 1.0.1__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- codejury-1.0.1/PKG-INFO +279 -0
- codejury-1.0.1/README.md +242 -0
- {codejury-0.23.0 → codejury-1.0.1}/codejury/__init__.py +2 -2
- codejury-1.0.1/codejury/cli.py +326 -0
- {codejury-0.23.0 → codejury-1.0.1}/codejury/detection.py +7 -7
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury}/detection.yaml +1 -5
- {codejury-0.23.0/codejury/domain → codejury-1.0.1/codejury}/finding.py +8 -9
- {codejury-0.23.0 → codejury-1.0.1}/codejury/guides.py +14 -14
- {codejury-0.23.0 → codejury-1.0.1}/codejury/json_parse.py +22 -2
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge/guides}/frameworks/python/celery.md +7 -4
- codejury-1.0.1/codejury/knowledge/guides/languages/python.md +31 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge/guides}/protocols/oauth.md +2 -2
- codejury-0.23.0/codejury/data/vulnerabilities/SKILL.md → codejury-1.0.1/codejury/knowledge/index.md +4 -9
- codejury-1.0.1/codejury/knowledge/vulnerabilities/cross-site-request-forgery.md +40 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/improper-authentication.md +1 -1
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/information-exposure.md +2 -1
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/insecure-cryptography.md +4 -0
- codejury-0.23.0/codejury/data/vulnerabilities/session-fixation.md → codejury-1.0.1/codejury/knowledge/vulnerabilities/insecure-session-management.md +5 -6
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/insecure-transport.md +4 -0
- codejury-1.0.1/codejury/knowledge/vulnerabilities/jwt-validation.md +29 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/missing-authorization.md +1 -1
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/path-traversal.md +3 -2
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/race-condition.md +8 -2
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/replay-attack.md +4 -0
- codejury-1.0.1/codejury/knowledge/vulnerabilities/server-side-request-forgery.md +29 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/xml-external-entity.md +7 -2
- codejury-0.23.0/codejury/mddoc.py → codejury-1.0.1/codejury/markdown_docs.py +17 -6
- codejury-1.0.1/codejury/playbook/false-positive-traps.md +78 -0
- codejury-1.0.1/codejury/playbook/methodology.md +223 -0
- codejury-1.0.1/codejury/playbook/severity-rubric.md +58 -0
- codejury-1.0.1/codejury/playbook/slash-command.md +110 -0
- codejury-1.0.1/codejury/playbook/unit-review.md +82 -0
- {codejury-0.23.0 → codejury-1.0.1}/codejury/providers/anthropic.py +39 -9
- {codejury-0.23.0 → codejury-1.0.1}/codejury/providers/factory.py +0 -1
- {codejury-0.23.0 → codejury-1.0.1}/codejury/providers/litellm.py +2 -2
- {codejury-0.23.0 → codejury-1.0.1}/codejury/providers/mock.py +0 -2
- {codejury-0.23.0 → codejury-1.0.1}/codejury/providers/openai.py +2 -2
- {codejury-0.23.0 → codejury-1.0.1}/codejury/providers/retry.py +0 -5
- {codejury-0.23.0 → codejury-1.0.1}/codejury/report.py +9 -14
- codejury-1.0.1/codejury/resources.py +28 -0
- codejury-0.23.0/codejury/review/diff/debate.py → codejury-1.0.1/codejury/review/diff/adversarial.py +104 -27
- codejury-0.23.0/codejury/review/diff/engine.py → codejury-1.0.1/codejury/review/diff/audit.py +11 -11
- codejury-0.23.0/codejury/review/diff/runner.py → codejury-1.0.1/codejury/review/diff/engine.py +21 -13
- codejury-0.23.0/codejury/review/diff/findings_filter.py → codejury-1.0.1/codejury/review/diff/filter.py +1 -1
- {codejury-0.23.0 → codejury-1.0.1}/codejury/review/diff/vulnerabilities.py +2 -2
- codejury-1.0.1/codejury/review/repo/agent.py +196 -0
- codejury-1.0.1/codejury/review/repo/engine.py +497 -0
- codejury-1.0.1/codejury/review/repo/gate.py +96 -0
- {codejury-0.23.0 → codejury-1.0.1}/codejury/review/repo/model.py +2 -3
- codejury-1.0.1/codejury/review/repo/pass_loop.py +80 -0
- codejury-1.0.1/codejury/review/repo/paths.py +37 -0
- codejury-1.0.1/codejury/review/repo/reviewer.py +152 -0
- codejury-1.0.1/codejury/review/repo/scaffold.py +320 -0
- codejury-1.0.1/codejury/review/repo/severity.py +69 -0
- codejury-1.0.1/codejury/review/repo/shapes.py +23 -0
- codejury-1.0.1/codejury/review/repo/union.py +124 -0
- codejury-1.0.1/codejury/review/repo/verifier.py +174 -0
- codejury-1.0.1/codejury/severity.py +29 -0
- codejury-1.0.1/codejury.egg-info/PKG-INFO +279 -0
- codejury-1.0.1/codejury.egg-info/SOURCES.txt +121 -0
- {codejury-0.23.0 → codejury-1.0.1}/codejury.egg-info/requires.txt +5 -0
- {codejury-0.23.0 → codejury-1.0.1}/pyproject.toml +6 -3
- codejury-1.0.1/tests/test_anthropic_provider.py +108 -0
- codejury-0.23.0/tests/test_openai_format.py → codejury-1.0.1/tests/test_chat_format.py +1 -1
- codejury-1.0.1/tests/test_cli.py +183 -0
- {codejury-0.23.0 → codejury-1.0.1}/tests/test_detection.py +6 -6
- codejury-0.23.0/tests/test_diff_debate.py → codejury-1.0.1/tests/test_diff_adversarial.py +42 -27
- codejury-0.23.0/tests/test_diff_engine.py → codejury-1.0.1/tests/test_diff_audit.py +21 -30
- codejury-1.0.1/tests/test_evals.py +392 -0
- {codejury-0.23.0 → codejury-1.0.1}/tests/test_guides.py +5 -9
- codejury-1.0.1/tests/test_json_parse.py +79 -0
- {codejury-0.23.0 → codejury-1.0.1}/tests/test_litellm_provider.py +32 -1
- codejury-0.23.0/tests/test_mddoc.py → codejury-1.0.1/tests/test_markdown_docs.py +4 -4
- {codejury-0.23.0 → codejury-1.0.1}/tests/test_openai_provider.py +40 -1
- codejury-1.0.1/tests/test_provider_factory.py +31 -0
- codejury-1.0.1/tests/test_repo_agent.py +110 -0
- codejury-1.0.1/tests/test_repo_engine.py +353 -0
- codejury-1.0.1/tests/test_repo_gate.py +99 -0
- {codejury-0.23.0 → codejury-1.0.1}/tests/test_repo_model.py +15 -6
- codejury-1.0.1/tests/test_repo_pass_loop.py +141 -0
- codejury-1.0.1/tests/test_repo_paths.py +42 -0
- codejury-1.0.1/tests/test_repo_scaffold.py +188 -0
- codejury-1.0.1/tests/test_repo_severity.py +37 -0
- codejury-1.0.1/tests/test_repo_union.py +104 -0
- codejury-1.0.1/tests/test_repo_verifier.py +96 -0
- {codejury-0.23.0 → codejury-1.0.1}/tests/test_report.py +5 -5
- {codejury-0.23.0 → codejury-1.0.1}/tests/test_retry_provider.py +3 -3
- {codejury-0.23.0 → codejury-1.0.1}/tests/test_vulnerabilities.py +32 -20
- codejury-0.23.0/PKG-INFO +0 -183
- codejury-0.23.0/README.md +0 -152
- codejury-0.23.0/codejury/cli.py +0 -190
- codejury-0.23.0/codejury/data/commands/codejury-review-repo.md +0 -42
- codejury-0.23.0/codejury/data/languages/python.md +0 -24
- codejury-0.23.0/codejury/data/methodologies/memory-template.md +0 -30
- codejury-0.23.0/codejury/data/methodologies/repo-review.md +0 -275
- codejury-0.23.0/codejury/data/vulnerabilities/cross-site-request-forgery.md +0 -21
- codejury-0.23.0/codejury/data/vulnerabilities/jwt-validation.md +0 -22
- codejury-0.23.0/codejury/data/vulnerabilities/server-side-request-forgery.md +0 -23
- codejury-0.23.0/codejury/domain/__init__.py +0 -5
- codejury-0.23.0/codejury/resources.py +0 -17
- codejury-0.23.0/codejury/review/diff/debate_prompts.py +0 -116
- codejury-0.23.0/codejury/review/repo/scaffold.py +0 -247
- codejury-0.23.0/codejury.egg-info/PKG-INFO +0 -183
- codejury-0.23.0/codejury.egg-info/SOURCES.txt +0 -100
- codejury-0.23.0/tests/test_anthropic_provider.py +0 -54
- codejury-0.23.0/tests/test_cli_audit.py +0 -110
- codejury-0.23.0/tests/test_json_parse.py +0 -43
- codejury-0.23.0/tests/test_repo_scaffold.py +0 -175
- {codejury-0.23.0 → codejury-1.0.1}/LICENSE +0 -0
- {codejury-0.23.0 → codejury-1.0.1}/codejury/__main__.py +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge/guides}/frameworks/go/echo.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge/guides}/frameworks/go/gin.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge/guides}/frameworks/javascript/express.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge/guides}/frameworks/javascript/nestjs.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge/guides}/frameworks/python/django.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge/guides}/frameworks/python/fastapi.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge/guides}/frameworks/python/flask.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge/guides}/languages/go.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge/guides}/languages/javascript.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge/guides}/languages/typescript.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/business-logic.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/code-injection.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/command-injection.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/cross-site-scripting.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/hardcoded-secrets.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/http-response-splitting.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/insecure-deserialization.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/insecure-direct-object-reference.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/mass-assignment.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/open-redirect.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/server-side-template-injection.md +0 -0
- {codejury-0.23.0/codejury/data → codejury-1.0.1/codejury/knowledge}/vulnerabilities/sql-injection.md +0 -0
- {codejury-0.23.0 → codejury-1.0.1}/codejury/providers/__init__.py +0 -0
- {codejury-0.23.0 → codejury-1.0.1}/codejury/providers/base.py +0 -0
- /codejury-0.23.0/codejury/providers/openai_format.py → /codejury-1.0.1/codejury/providers/chat_format.py +0 -0
- {codejury-0.23.0 → codejury-1.0.1}/codejury/review/__init__.py +0 -0
- {codejury-0.23.0 → codejury-1.0.1}/codejury/review/diff/__init__.py +0 -0
- {codejury-0.23.0 → codejury-1.0.1}/codejury/review/diff/prompts.py +0 -0
- {codejury-0.23.0 → codejury-1.0.1}/codejury/review/repo/__init__.py +0 -0
- {codejury-0.23.0 → codejury-1.0.1}/codejury.egg-info/dependency_links.txt +0 -0
- {codejury-0.23.0 → codejury-1.0.1}/codejury.egg-info/entry_points.txt +0 -0
- {codejury-0.23.0 → codejury-1.0.1}/codejury.egg-info/top_level.txt +0 -0
- {codejury-0.23.0 → codejury-1.0.1}/setup.cfg +0 -0
codejury-1.0.1/PKG-INFO
ADDED
|
@@ -0,0 +1,279 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: codejury
|
|
3
|
+
Version: 1.0.1
|
|
4
|
+
Summary: AI-assisted security review for code diffs and whole repositories.
|
|
5
|
+
Author: AISecLabs
|
|
6
|
+
License-Expression: MIT
|
|
7
|
+
Project-URL: Homepage, https://github.com/aiseclabs/codejury
|
|
8
|
+
Project-URL: Repository, https://github.com/aiseclabs/codejury
|
|
9
|
+
Project-URL: Issues, https://github.com/aiseclabs/codejury/issues
|
|
10
|
+
Project-URL: Changelog, https://github.com/aiseclabs/codejury/releases
|
|
11
|
+
Keywords: security,appsec,static analysis,llm,owasp,asvs,code review
|
|
12
|
+
Classifier: Development Status :: 4 - Beta
|
|
13
|
+
Classifier: Intended Audience :: Developers
|
|
14
|
+
Classifier: Topic :: Security
|
|
15
|
+
Classifier: Topic :: Software Development :: Quality Assurance
|
|
16
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
17
|
+
Classifier: Operating System :: OS Independent
|
|
18
|
+
Requires-Python: >=3.12
|
|
19
|
+
Description-Content-Type: text/markdown
|
|
20
|
+
License-File: LICENSE
|
|
21
|
+
Requires-Dist: pyyaml>=6.0
|
|
22
|
+
Requires-Dist: json-repair>=0.30
|
|
23
|
+
Provides-Extra: anthropic
|
|
24
|
+
Requires-Dist: anthropic>=0.40; extra == "anthropic"
|
|
25
|
+
Provides-Extra: openai
|
|
26
|
+
Requires-Dist: openai>=1.0; extra == "openai"
|
|
27
|
+
Provides-Extra: litellm
|
|
28
|
+
Requires-Dist: litellm>=1.0; extra == "litellm"
|
|
29
|
+
Provides-Extra: all
|
|
30
|
+
Requires-Dist: anthropic>=0.40; extra == "all"
|
|
31
|
+
Requires-Dist: openai>=1.0; extra == "all"
|
|
32
|
+
Requires-Dist: litellm>=1.0; extra == "all"
|
|
33
|
+
Provides-Extra: dev
|
|
34
|
+
Requires-Dist: pytest>=8.0; extra == "dev"
|
|
35
|
+
Requires-Dist: jsonschema>=4.0; extra == "dev"
|
|
36
|
+
Dynamic: license-file
|
|
37
|
+
|
|
38
|
+
```text
|
|
39
|
+
██████╗ ██████╗ ██████╗ ███████╗ ██╗██╗ ██╗██████╗ ██╗ ██╗
|
|
40
|
+
██╔════╝██╔═══██╗██╔══██╗██╔════╝ ██║██║ ██║██╔══██╗╚██╗ ██╔╝
|
|
41
|
+
██║ ██║ ██║██║ ██║█████╗ ██║██║ ██║██████╔╝ ╚████╔╝
|
|
42
|
+
██║ ██║ ██║██║ ██║██╔══╝ ██ ██║██║ ██║██╔══██╗ ╚██╔╝
|
|
43
|
+
╚██████╗╚██████╔╝██████╔╝███████╗╚█████╔╝╚██████╔╝██║ ██║ ██║
|
|
44
|
+
╚═════╝ ╚═════╝ ╚═════╝ ╚══════╝ ╚════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
[](https://pypi.org/project/codejury/)
|
|
48
|
+
[](https://pypi.org/project/codejury/)
|
|
49
|
+
[](https://github.com/aiseclabs/codejury/blob/master/LICENSE)
|
|
50
|
+
|
|
51
|
+
AI-assisted security review for code diffs and whole repositories.
|
|
52
|
+
|
|
53
|
+
The tool has two review paths:
|
|
54
|
+
|
|
55
|
+
- **Diff Review** audits a pull request or unified diff in one command.
|
|
56
|
+
- **Repo Review** fans out across a whole repository, reviews focused units, deduplicates
|
|
57
|
+
candidates, verifies findings, and checks coverage with a gate.
|
|
58
|
+
|
|
59
|
+
Security knowledge is data. Vulnerability classes, language guides, framework guides, and
|
|
60
|
+
protocol guides live in markdown under `codejury/knowledge/`, so adding a stack or class is
|
|
61
|
+
usually a data change rather than a Python code change.
|
|
62
|
+
|
|
63
|
+
## Install
|
|
64
|
+
|
|
65
|
+
Install the core package and one model backend:
|
|
66
|
+
|
|
67
|
+
```bash
|
|
68
|
+
pip install codejury
|
|
69
|
+
pip install "codejury[anthropic]" # or "codejury[openai]" or "codejury[litellm]"
|
|
70
|
+
```
|
|
71
|
+
|
|
72
|
+
Install the Repo Review slash command for an agent:
|
|
73
|
+
|
|
74
|
+
```bash
|
|
75
|
+
codejury install-slash-command # Claude Code
|
|
76
|
+
codejury install-slash-command --agent codex # Codex
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
`install-slash-command` copies `/codejury-review-repo` into the selected agent's command
|
|
80
|
+
directory. Pass `--dir` to install it somewhere else.
|
|
81
|
+
|
|
82
|
+
## Configure a Model Backend
|
|
83
|
+
|
|
84
|
+
Set a provider key through flags or environment variables:
|
|
85
|
+
|
|
86
|
+
```bash
|
|
87
|
+
export CODEJURY_API_KEY=...
|
|
88
|
+
export CODEJURY_MODEL=claude-sonnet-4-6
|
|
89
|
+
export CODEJURY_API_BASE=... # optional gateway or proxy
|
|
90
|
+
```
|
|
91
|
+
|
|
92
|
+
The tool does not auto-load `.env`.
|
|
93
|
+
|
|
94
|
+
Useful flags:
|
|
95
|
+
|
|
96
|
+
- `--provider anthropic|openai|litellm`
|
|
97
|
+
- `--model <model>`
|
|
98
|
+
- `--api-key <key>`
|
|
99
|
+
- `--api-base <url>`
|
|
100
|
+
- `--retries <n>`
|
|
101
|
+
|
|
102
|
+
## Data Boundary
|
|
103
|
+
|
|
104
|
+
The tool sends code-derived content to the model provider you configure, so know what
|
|
105
|
+
leaves the machine before reviewing a proprietary repository:
|
|
106
|
+
|
|
107
|
+
- Diff Review sends the unified diff under review.
|
|
108
|
+
- Repo Review with `--reviewer model` sends bounded source snippets, the detected stack
|
|
109
|
+
notes, the vulnerability guidance, and the findings.
|
|
110
|
+
- Verification with `--reviewer model` sends the cited source file and the finding
|
|
111
|
+
details. With `--reviewer claude-cli`, Claude Code receives the finding details and
|
|
112
|
+
reads the code itself through its read-only tools.
|
|
113
|
+
- `--reviewer claude-cli` does not use the configured provider key. It runs Claude Code
|
|
114
|
+
with read-only file tools, and Claude Code may send prompts and the code it reads
|
|
115
|
+
through your Claude Code account, so the code does not stay local.
|
|
116
|
+
|
|
117
|
+
A custom `--api-base` or a LiteLLM proxy becomes part of the trust boundary, so the data
|
|
118
|
+
above also reaches that gateway. Prefer the `CODEJURY_API_KEY` environment variable over
|
|
119
|
+
`--api-key`, since a flag can leak through shell history and process listings. The review
|
|
120
|
+
workspace and the generated reports hold exploit paths, sensitive file locations, and
|
|
121
|
+
PoCs, so treat them as sensitive. The workspace is created private, mode `0700`.
|
|
122
|
+
|
|
123
|
+
## Diff Review
|
|
124
|
+
|
|
125
|
+
Diff Review is the fast coded path. It audits a unified diff with either a standard
|
|
126
|
+
single model call or an adversarial Finder, Challenger, and Judge pass.
|
|
127
|
+
|
|
128
|
+
```bash
|
|
129
|
+
# Review a diff file
|
|
130
|
+
codejury review diff --file changes.diff
|
|
131
|
+
|
|
132
|
+
# Review a git range
|
|
133
|
+
codejury review diff --repo /path/to/app --git-range origin/main...HEAD
|
|
134
|
+
|
|
135
|
+
# Review stdin
|
|
136
|
+
git diff HEAD~1 | codejury review diff
|
|
137
|
+
|
|
138
|
+
# Use adversarial mode for extra recall on subtle cross-file logic
|
|
139
|
+
codejury review diff --file changes.diff --mode adversarial
|
|
140
|
+
|
|
141
|
+
# Emit SARIF and fail on HIGH or CRITICAL findings
|
|
142
|
+
codejury review diff --file changes.diff --format sarif --fail-on high
|
|
143
|
+
```
|
|
144
|
+
|
|
145
|
+
`codejury review diff --dry-run` uses a mock provider and a built-in demo diff, so it needs
|
|
146
|
+
no API key.
|
|
147
|
+
|
|
148
|
+
## Repo Review
|
|
149
|
+
|
|
150
|
+
Repo Review is the recall-first path for whole repositories. A whole codebase is too large
|
|
151
|
+
for one useful model call, so the tool creates a workspace, builds a unit worklist, and
|
|
152
|
+
reviews focused units instead of doing one shallow pass.
|
|
153
|
+
|
|
154
|
+
Start by scaffolding a workspace:
|
|
155
|
+
|
|
156
|
+
```bash
|
|
157
|
+
codejury review repo /path/to/repo
|
|
158
|
+
```
|
|
159
|
+
|
|
160
|
+
The workspace contains:
|
|
161
|
+
|
|
162
|
+
```text
|
|
163
|
+
inventory/ attack surface, authorization model, seeded entrypoints, severity rubric
|
|
164
|
+
units/ one review unit per candidate entrypoint
|
|
165
|
+
candidates/ agent proposals, one write-up per candidate finding
|
|
166
|
+
findings/ confirmed findings, written by finalize
|
|
167
|
+
pocs/ runnable PoCs, when available
|
|
168
|
+
findings.json ranked machine-readable findings
|
|
169
|
+
METHODOLOGY.md full review process
|
|
170
|
+
_stack.md detected stack notes
|
|
171
|
+
_refuted.md refuted candidates and why
|
|
172
|
+
_pocs.md PoC reconciliation, planned versus delivered
|
|
173
|
+
```
|
|
174
|
+
|
|
175
|
+
Then run the interactive slash command in Claude Code or Codex:
|
|
176
|
+
|
|
177
|
+
```text
|
|
178
|
+
/codejury-review-repo /path/to/repo
|
|
179
|
+
```
|
|
180
|
+
|
|
181
|
+
The agent maps the attack surface, fills the authorization model, runs one focused
|
|
182
|
+
sub-review per unit, records findings, and leaves deterministic post-processing to code.
|
|
183
|
+
PoCs must run only against sandbox or dev environments, never production.
|
|
184
|
+
|
|
185
|
+
After the fan-out review, run the coded finalization and gate:
|
|
186
|
+
|
|
187
|
+
```bash
|
|
188
|
+
codejury review repo /path/to/repo --finalize
|
|
189
|
+
codejury review repo /path/to/repo --gate
|
|
190
|
+
```
|
|
191
|
+
|
|
192
|
+
`--finalize` deduplicates candidate files, verifies survivors, writes the confirmed
|
|
193
|
+
`findings/`, records refuted candidates in `_refuted.md` and PoC reconciliation in
|
|
194
|
+
`_pocs.md`, and writes ranked `findings.json`. `--gate` fails until the workspace has an
|
|
195
|
+
enumerated surface, reviewed units, and calibrated candidates.
|
|
196
|
+
|
|
197
|
+
For a headless run, use:
|
|
198
|
+
|
|
199
|
+
```bash
|
|
200
|
+
codejury review repo /path/to/repo --run
|
|
201
|
+
```
|
|
202
|
+
|
|
203
|
+
Use `--reviewer claude-cli` only when you want the Claude Code backend to run unit reviews
|
|
204
|
+
and verification through local Claude CLI access.
|
|
205
|
+
|
|
206
|
+
## Supported Knowledge
|
|
207
|
+
|
|
208
|
+
Current guide coverage includes:
|
|
209
|
+
|
|
210
|
+
- Python: Django, Flask, FastAPI, Celery
|
|
211
|
+
- Go: Gin, Echo
|
|
212
|
+
- JavaScript and TypeScript: Express, NestJS
|
|
213
|
+
- Protocols: OAuth and OIDC
|
|
214
|
+
|
|
215
|
+
Unguided stacks still work, but the agent relies more on general methodology and model
|
|
216
|
+
knowledge.
|
|
217
|
+
|
|
218
|
+
## Findings
|
|
219
|
+
|
|
220
|
+
Every reportable finding should have:
|
|
221
|
+
|
|
222
|
+
- file and line
|
|
223
|
+
- severity
|
|
224
|
+
- category
|
|
225
|
+
- exploit scenario
|
|
226
|
+
- recommendation
|
|
227
|
+
- confidence or verification status
|
|
228
|
+
|
|
229
|
+
The tool is intentionally scoped to real exploitable application security issues. It should
|
|
230
|
+
not report dependency CVEs, style notes, generic best practices, speculation, or risks that
|
|
231
|
+
only matter if production configuration leaks.
|
|
232
|
+
|
|
233
|
+
## Model and Mode Guidance
|
|
234
|
+
|
|
235
|
+
Detection quality is dominated by model quality first, then mode.
|
|
236
|
+
|
|
237
|
+
- Use standard mode with a strong model by default.
|
|
238
|
+
- Use adversarial mode when you want extra recall on subtle cross-file logic.
|
|
239
|
+
- Do not use adversarial mode as a false-positive reducer. False positives are controlled
|
|
240
|
+
by the do-not-report guidance, deterministic filtering, and verification.
|
|
241
|
+
|
|
242
|
+
## GitHub Actions
|
|
243
|
+
|
|
244
|
+
Use the example workflow:
|
|
245
|
+
|
|
246
|
+
```bash
|
|
247
|
+
cp examples/codejury-pr-review.yml .github/workflows/codejury-pr-review.yml
|
|
248
|
+
```
|
|
249
|
+
|
|
250
|
+
Add `CODEJURY_API_KEY` as a repository secret. The workflow reviews the pull request diff,
|
|
251
|
+
uploads SARIF to code scanning, and fails on HIGH or CRITICAL findings.
|
|
252
|
+
|
|
253
|
+
## Extend the Knowledge
|
|
254
|
+
|
|
255
|
+
Add security knowledge as markdown:
|
|
256
|
+
|
|
257
|
+
- Vulnerability class:
|
|
258
|
+
`codejury/knowledge/vulnerabilities/<id>.md`
|
|
259
|
+
- Language guide:
|
|
260
|
+
`codejury/knowledge/guides/languages/<language>.md`
|
|
261
|
+
- Framework guide:
|
|
262
|
+
`codejury/knowledge/guides/frameworks/<language>/<framework>.md`
|
|
263
|
+
- Protocol guide:
|
|
264
|
+
`codejury/knowledge/guides/protocols/<protocol>.md`
|
|
265
|
+
|
|
266
|
+
Keep frontmatter and detection signals data-driven. Avoid adding language, framework, or
|
|
267
|
+
vulnerability-specific detection logic to Python unless the engine itself needs a generic
|
|
268
|
+
capability.
|
|
269
|
+
|
|
270
|
+
## Development
|
|
271
|
+
|
|
272
|
+
Run tests in a virtual environment:
|
|
273
|
+
|
|
274
|
+
```bash
|
|
275
|
+
python -m venv .venv
|
|
276
|
+
. .venv/bin/activate
|
|
277
|
+
pip install -e ".[dev]"
|
|
278
|
+
pytest
|
|
279
|
+
```
|
codejury-1.0.1/README.md
ADDED
|
@@ -0,0 +1,242 @@
|
|
|
1
|
+
```text
|
|
2
|
+
██████╗ ██████╗ ██████╗ ███████╗ ██╗██╗ ██╗██████╗ ██╗ ██╗
|
|
3
|
+
██╔════╝██╔═══██╗██╔══██╗██╔════╝ ██║██║ ██║██╔══██╗╚██╗ ██╔╝
|
|
4
|
+
██║ ██║ ██║██║ ██║█████╗ ██║██║ ██║██████╔╝ ╚████╔╝
|
|
5
|
+
██║ ██║ ██║██║ ██║██╔══╝ ██ ██║██║ ██║██╔══██╗ ╚██╔╝
|
|
6
|
+
╚██████╗╚██████╔╝██████╔╝███████╗╚█████╔╝╚██████╔╝██║ ██║ ██║
|
|
7
|
+
╚═════╝ ╚═════╝ ╚═════╝ ╚══════╝ ╚════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝
|
|
8
|
+
```
|
|
9
|
+
|
|
10
|
+
[](https://pypi.org/project/codejury/)
|
|
11
|
+
[](https://pypi.org/project/codejury/)
|
|
12
|
+
[](https://github.com/aiseclabs/codejury/blob/master/LICENSE)
|
|
13
|
+
|
|
14
|
+
AI-assisted security review for code diffs and whole repositories.
|
|
15
|
+
|
|
16
|
+
The tool has two review paths:
|
|
17
|
+
|
|
18
|
+
- **Diff Review** audits a pull request or unified diff in one command.
|
|
19
|
+
- **Repo Review** fans out across a whole repository, reviews focused units, deduplicates
|
|
20
|
+
candidates, verifies findings, and checks coverage with a gate.
|
|
21
|
+
|
|
22
|
+
Security knowledge is data. Vulnerability classes, language guides, framework guides, and
|
|
23
|
+
protocol guides live in markdown under `codejury/knowledge/`, so adding a stack or class is
|
|
24
|
+
usually a data change rather than a Python code change.
|
|
25
|
+
|
|
26
|
+
## Install
|
|
27
|
+
|
|
28
|
+
Install the core package and one model backend:
|
|
29
|
+
|
|
30
|
+
```bash
|
|
31
|
+
pip install codejury
|
|
32
|
+
pip install "codejury[anthropic]" # or "codejury[openai]" or "codejury[litellm]"
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
Install the Repo Review slash command for an agent:
|
|
36
|
+
|
|
37
|
+
```bash
|
|
38
|
+
codejury install-slash-command # Claude Code
|
|
39
|
+
codejury install-slash-command --agent codex # Codex
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
`install-slash-command` copies `/codejury-review-repo` into the selected agent's command
|
|
43
|
+
directory. Pass `--dir` to install it somewhere else.
|
|
44
|
+
|
|
45
|
+
## Configure a Model Backend
|
|
46
|
+
|
|
47
|
+
Set a provider key through flags or environment variables:
|
|
48
|
+
|
|
49
|
+
```bash
|
|
50
|
+
export CODEJURY_API_KEY=...
|
|
51
|
+
export CODEJURY_MODEL=claude-sonnet-4-6
|
|
52
|
+
export CODEJURY_API_BASE=... # optional gateway or proxy
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
The tool does not auto-load `.env`.
|
|
56
|
+
|
|
57
|
+
Useful flags:
|
|
58
|
+
|
|
59
|
+
- `--provider anthropic|openai|litellm`
|
|
60
|
+
- `--model <model>`
|
|
61
|
+
- `--api-key <key>`
|
|
62
|
+
- `--api-base <url>`
|
|
63
|
+
- `--retries <n>`
|
|
64
|
+
|
|
65
|
+
## Data Boundary
|
|
66
|
+
|
|
67
|
+
The tool sends code-derived content to the model provider you configure, so know what
|
|
68
|
+
leaves the machine before reviewing a proprietary repository:
|
|
69
|
+
|
|
70
|
+
- Diff Review sends the unified diff under review.
|
|
71
|
+
- Repo Review with `--reviewer model` sends bounded source snippets, the detected stack
|
|
72
|
+
notes, the vulnerability guidance, and the findings.
|
|
73
|
+
- Verification with `--reviewer model` sends the cited source file and the finding
|
|
74
|
+
details. With `--reviewer claude-cli`, Claude Code receives the finding details and
|
|
75
|
+
reads the code itself through its read-only tools.
|
|
76
|
+
- `--reviewer claude-cli` does not use the configured provider key. It runs Claude Code
|
|
77
|
+
with read-only file tools, and Claude Code may send prompts and the code it reads
|
|
78
|
+
through your Claude Code account, so the code does not stay local.
|
|
79
|
+
|
|
80
|
+
A custom `--api-base` or a LiteLLM proxy becomes part of the trust boundary, so the data
|
|
81
|
+
above also reaches that gateway. Prefer the `CODEJURY_API_KEY` environment variable over
|
|
82
|
+
`--api-key`, since a flag can leak through shell history and process listings. The review
|
|
83
|
+
workspace and the generated reports hold exploit paths, sensitive file locations, and
|
|
84
|
+
PoCs, so treat them as sensitive. The workspace is created private, mode `0700`.
|
|
85
|
+
|
|
86
|
+
## Diff Review
|
|
87
|
+
|
|
88
|
+
Diff Review is the fast coded path. It audits a unified diff with either a standard
|
|
89
|
+
single model call or an adversarial Finder, Challenger, and Judge pass.
|
|
90
|
+
|
|
91
|
+
```bash
|
|
92
|
+
# Review a diff file
|
|
93
|
+
codejury review diff --file changes.diff
|
|
94
|
+
|
|
95
|
+
# Review a git range
|
|
96
|
+
codejury review diff --repo /path/to/app --git-range origin/main...HEAD
|
|
97
|
+
|
|
98
|
+
# Review stdin
|
|
99
|
+
git diff HEAD~1 | codejury review diff
|
|
100
|
+
|
|
101
|
+
# Use adversarial mode for extra recall on subtle cross-file logic
|
|
102
|
+
codejury review diff --file changes.diff --mode adversarial
|
|
103
|
+
|
|
104
|
+
# Emit SARIF and fail on HIGH or CRITICAL findings
|
|
105
|
+
codejury review diff --file changes.diff --format sarif --fail-on high
|
|
106
|
+
```
|
|
107
|
+
|
|
108
|
+
`codejury review diff --dry-run` uses a mock provider and a built-in demo diff, so it needs
|
|
109
|
+
no API key.
|
|
110
|
+
|
|
111
|
+
## Repo Review
|
|
112
|
+
|
|
113
|
+
Repo Review is the recall-first path for whole repositories. A whole codebase is too large
|
|
114
|
+
for one useful model call, so the tool creates a workspace, builds a unit worklist, and
|
|
115
|
+
reviews focused units instead of doing one shallow pass.
|
|
116
|
+
|
|
117
|
+
Start by scaffolding a workspace:
|
|
118
|
+
|
|
119
|
+
```bash
|
|
120
|
+
codejury review repo /path/to/repo
|
|
121
|
+
```
|
|
122
|
+
|
|
123
|
+
The workspace contains:
|
|
124
|
+
|
|
125
|
+
```text
|
|
126
|
+
inventory/ attack surface, authorization model, seeded entrypoints, severity rubric
|
|
127
|
+
units/ one review unit per candidate entrypoint
|
|
128
|
+
candidates/ agent proposals, one write-up per candidate finding
|
|
129
|
+
findings/ confirmed findings, written by finalize
|
|
130
|
+
pocs/ runnable PoCs, when available
|
|
131
|
+
findings.json ranked machine-readable findings
|
|
132
|
+
METHODOLOGY.md full review process
|
|
133
|
+
_stack.md detected stack notes
|
|
134
|
+
_refuted.md refuted candidates and why
|
|
135
|
+
_pocs.md PoC reconciliation, planned versus delivered
|
|
136
|
+
```
|
|
137
|
+
|
|
138
|
+
Then run the interactive slash command in Claude Code or Codex:
|
|
139
|
+
|
|
140
|
+
```text
|
|
141
|
+
/codejury-review-repo /path/to/repo
|
|
142
|
+
```
|
|
143
|
+
|
|
144
|
+
The agent maps the attack surface, fills the authorization model, runs one focused
|
|
145
|
+
sub-review per unit, records findings, and leaves deterministic post-processing to code.
|
|
146
|
+
PoCs must run only against sandbox or dev environments, never production.
|
|
147
|
+
|
|
148
|
+
After the fan-out review, run the coded finalization and gate:
|
|
149
|
+
|
|
150
|
+
```bash
|
|
151
|
+
codejury review repo /path/to/repo --finalize
|
|
152
|
+
codejury review repo /path/to/repo --gate
|
|
153
|
+
```
|
|
154
|
+
|
|
155
|
+
`--finalize` deduplicates candidate files, verifies survivors, writes the confirmed
|
|
156
|
+
`findings/`, records refuted candidates in `_refuted.md` and PoC reconciliation in
|
|
157
|
+
`_pocs.md`, and writes ranked `findings.json`. `--gate` fails until the workspace has an
|
|
158
|
+
enumerated surface, reviewed units, and calibrated candidates.
|
|
159
|
+
|
|
160
|
+
For a headless run, use:
|
|
161
|
+
|
|
162
|
+
```bash
|
|
163
|
+
codejury review repo /path/to/repo --run
|
|
164
|
+
```
|
|
165
|
+
|
|
166
|
+
Use `--reviewer claude-cli` only when you want the Claude Code backend to run unit reviews
|
|
167
|
+
and verification through local Claude CLI access.
|
|
168
|
+
|
|
169
|
+
## Supported Knowledge
|
|
170
|
+
|
|
171
|
+
Current guide coverage includes:
|
|
172
|
+
|
|
173
|
+
- Python: Django, Flask, FastAPI, Celery
|
|
174
|
+
- Go: Gin, Echo
|
|
175
|
+
- JavaScript and TypeScript: Express, NestJS
|
|
176
|
+
- Protocols: OAuth and OIDC
|
|
177
|
+
|
|
178
|
+
Unguided stacks still work, but the agent relies more on general methodology and model
|
|
179
|
+
knowledge.
|
|
180
|
+
|
|
181
|
+
## Findings
|
|
182
|
+
|
|
183
|
+
Every reportable finding should have:
|
|
184
|
+
|
|
185
|
+
- file and line
|
|
186
|
+
- severity
|
|
187
|
+
- category
|
|
188
|
+
- exploit scenario
|
|
189
|
+
- recommendation
|
|
190
|
+
- confidence or verification status
|
|
191
|
+
|
|
192
|
+
The tool is intentionally scoped to real exploitable application security issues. It should
|
|
193
|
+
not report dependency CVEs, style notes, generic best practices, speculation, or risks that
|
|
194
|
+
only matter if production configuration leaks.
|
|
195
|
+
|
|
196
|
+
## Model and Mode Guidance
|
|
197
|
+
|
|
198
|
+
Detection quality is dominated by model quality first, then mode.
|
|
199
|
+
|
|
200
|
+
- Use standard mode with a strong model by default.
|
|
201
|
+
- Use adversarial mode when you want extra recall on subtle cross-file logic.
|
|
202
|
+
- Do not use adversarial mode as a false-positive reducer. False positives are controlled
|
|
203
|
+
by the do-not-report guidance, deterministic filtering, and verification.
|
|
204
|
+
|
|
205
|
+
## GitHub Actions
|
|
206
|
+
|
|
207
|
+
Use the example workflow:
|
|
208
|
+
|
|
209
|
+
```bash
|
|
210
|
+
cp examples/codejury-pr-review.yml .github/workflows/codejury-pr-review.yml
|
|
211
|
+
```
|
|
212
|
+
|
|
213
|
+
Add `CODEJURY_API_KEY` as a repository secret. The workflow reviews the pull request diff,
|
|
214
|
+
uploads SARIF to code scanning, and fails on HIGH or CRITICAL findings.
|
|
215
|
+
|
|
216
|
+
## Extend the Knowledge
|
|
217
|
+
|
|
218
|
+
Add security knowledge as markdown:
|
|
219
|
+
|
|
220
|
+
- Vulnerability class:
|
|
221
|
+
`codejury/knowledge/vulnerabilities/<id>.md`
|
|
222
|
+
- Language guide:
|
|
223
|
+
`codejury/knowledge/guides/languages/<language>.md`
|
|
224
|
+
- Framework guide:
|
|
225
|
+
`codejury/knowledge/guides/frameworks/<language>/<framework>.md`
|
|
226
|
+
- Protocol guide:
|
|
227
|
+
`codejury/knowledge/guides/protocols/<protocol>.md`
|
|
228
|
+
|
|
229
|
+
Keep frontmatter and detection signals data-driven. Avoid adding language, framework, or
|
|
230
|
+
vulnerability-specific detection logic to Python unless the engine itself needs a generic
|
|
231
|
+
capability.
|
|
232
|
+
|
|
233
|
+
## Development
|
|
234
|
+
|
|
235
|
+
Run tests in a virtual environment:
|
|
236
|
+
|
|
237
|
+
```bash
|
|
238
|
+
python -m venv .venv
|
|
239
|
+
. .venv/bin/activate
|
|
240
|
+
pip install -e ".[dev]"
|
|
241
|
+
pytest
|
|
242
|
+
```
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
Two paths matched to their nature: a coded diff-audit engine, a standard single
|
|
4
4
|
call or an adversarial Finder/Challenger/Judge pass, and a whole-repo review run
|
|
5
5
|
as a methodology by an interactive agent. Security knowledge lives in rich
|
|
6
|
-
markdown vulnerability classes under
|
|
6
|
+
markdown vulnerability classes under knowledge/vulnerabilities, injected into the
|
|
7
7
|
audit prompt, not in a rendered schema.
|
|
8
8
|
"""
|
|
9
9
|
|
|
@@ -11,5 +11,5 @@ from importlib.metadata import PackageNotFoundError, version
|
|
|
11
11
|
|
|
12
12
|
try:
|
|
13
13
|
__version__ = version("codejury")
|
|
14
|
-
except PackageNotFoundError:
|
|
14
|
+
except PackageNotFoundError:
|
|
15
15
|
__version__ = "0.0.0"
|