PyPI - codejury - Versions diffs - 0.3.0__tar.gz → 0.4.0__tar.gz - Mend

codejury 0.3.0tar.gz → 0.4.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (112) hide show

{codejury-0.3.0 → codejury-0.4.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codejury
-Version: 0.3.0
+Version: 0.4.0
 Summary: General-purpose Application Security AI audit framework -- five-layer architecture, capabilities as first-class data
 Author: 4234288
 License-Expression: MIT
@@ -154,6 +154,12 @@ independently.
 - **Prompts are a first pass.** Expect false positives and misses on real code.
   Tune by editing the capability YAML and growing the golden set; measure the
   effect with `codejury eval`.
+- **Local-pattern checks are sharper than data-flow ones.** Capabilities judged
+  from one spot (weak crypto, hardcoded secrets) are reliable; taint / data-flow
+  ones like path traversal over-flag in single-file review because the verifier
+  can't see whether a value is attacker-controlled. `scan --callers` adds
+  cross-file call sites for provenance (helps some cases, not a full fix); also
+  scope with `--only` or challenge findings with `--orchestrator debate`.
 - **`scan` cost scales as files x capabilities.** It is a periodic deep audit,
   not a quick check -- scope it with `--only`. Day to day, audit the diff.

{codejury-0.3.0 → codejury-0.4.0}/README.md RENAMED Viewed

@@ -125,6 +125,12 @@ independently.
 - **Prompts are a first pass.** Expect false positives and misses on real code.
   Tune by editing the capability YAML and growing the golden set; measure the
   effect with `codejury eval`.
+- **Local-pattern checks are sharper than data-flow ones.** Capabilities judged
+  from one spot (weak crypto, hardcoded secrets) are reliable; taint / data-flow
+  ones like path traversal over-flag in single-file review because the verifier
+  can't see whether a value is attacker-controlled. `scan --callers` adds
+  cross-file call sites for provenance (helps some cases, not a full fix); also
+  scope with `--only` or challenge findings with `--orchestrator debate`.
 - **`scan` cost scales as files x capabilities.** It is a periodic deep audit,
   not a quick check -- scope it with `--only`. Day to day, audit the diff.

{codejury-0.3.0 → codejury-0.4.0}/codejury/agents/verifier.py RENAMED Viewed

@@ -44,7 +44,7 @@ class VerifierAgent(Agent):
     def run(self, ctx: AnalysisContext) -> list[Observation]:
         verdicts: list[Observation] = []
         for cap in ctx.capabilities:
-            prompt = _build_prompt(ctx.artifact.path, ctx.artifact.content, cap)
+            prompt = _build_prompt(ctx.artifact.path, ctx.artifact.content, cap, ctx.artifact.context)
             result = self._provider.complete(
                 system=_SYSTEM,
                 messages=[Message(role="user", content=prompt)],
@@ -70,14 +70,25 @@ def _render_capability(cap: Capability) -> str:
     return "\n".join(lines)
-def _build_prompt(path: str, content: str, cap: Capability) -> str:
+def _build_prompt(path: str, content: str, cap: Capability, context: str = "") -> str:
     sub_names = ", ".join(cap.sub_capabilities) or "(none)"
+    context_block = (
+        f"Related code (call sites / usages elsewhere -- for tracing where values come from, "
+        f"NOT under review):\n```\n{context}\n```\n\n"
+        if context
+        else ""
+    )
     return (
         "Check the code below against this capability.\n\n"
         f"{_render_capability(cap)}\n\n"
         f"Code under review ({path}):\n```\n{content}\n```\n\n"
+        f"{context_block}"
         f"For EVERY sub_capability ({sub_names}) output one verdict, even if SECURE "
-        "or NOT_PRESENT. Cite matched pattern ids and evidence lines.\n\n"
+        "or NOT_PRESENT. Cite matched pattern ids and evidence lines.\n"
+        "For input-driven issues (injection, path traversal, SSRF), mark VULNERABLE only when "
+        "untrusted/external input could plausibly reach the sink in the code shown. A constant, "
+        "a stored data field, a value from trusted config, or a path or argument the operator "
+        "supplies (e.g. a CLI argument) is not attacker-controlled -- do not flag it.\n\n"
         "Respond with a single JSON object exactly like:\n" + _JSON_SHAPE
     )

{codejury-0.3.0 → codejury-0.4.0}/codejury/cli.py RENAMED Viewed

@@ -81,10 +81,13 @@ def scan(
     max_tokens: int = 2048,
     strategy: str = "pipeline",
     extensions: tuple[str, ...] = (".py",),
-    max_chars: int = 8000,
+    max_chars: int = 200_000,
+    with_callers: bool = False,
 ) -> list[tuple[str, AnalysisResult]]:
     """Audit every matching file in a directory tree, returning (path, result) per artifact."""
-    source = RepoSource(directory, extensions=extensions, chunker=Chunker(max_chars=max_chars))
+    source = RepoSource(
+        directory, extensions=extensions, chunker=Chunker(max_chars=max_chars), with_callers=with_callers
+    )
     artifacts = source.list_artifacts()
     calls = len(artifacts) * len(capabilities)
     print(
@@ -176,7 +179,10 @@ def main(argv: list[str] | None = None) -> int:
     scan_p.add_argument("--format", choices=_FORMATS, default="text", dest="fmt")
     scan_p.add_argument("--model", default=DEFAULT_MODEL)
     scan_p.add_argument("--max-tokens", type=int, default=2048)
-    scan_p.add_argument("--max-chars", type=int, default=8000, help="chunk budget for large files")
+    scan_p.add_argument("--max-chars", type=int, default=200_000, help="chunk budget; default keeps whole files")
+    scan_p.add_argument(
+        "--callers", action="store_true", help="add cross-file call sites as context (cuts taint false positives)"
+    )
     scan_p.add_argument("--api-base", default=DEFAULT_API_BASE, help="provider base URL (env: CODEJURY_API_BASE)")
     scan_p.add_argument("--api-key", default=DEFAULT_API_KEY, help="provider API key (env: CODEJURY_API_KEY)")
@@ -226,6 +232,7 @@ def main(argv: list[str] | None = None) -> int:
             strategy=args.orchestrator,
             extensions=extensions,
             max_chars=args.max_chars,
+            with_callers=args.callers,
         )
         print(_render_results(args.fmt, results))
         return 0

{codejury-0.3.0 → codejury-0.4.0}/codejury/data/capabilities/input_validation.yaml RENAMED Viewed

@@ -44,13 +44,19 @@ sub_capabilities:
       - id: CMDI-OK-1
         description: Run subprocesses with an argument list and shell=False
         signals: ["subprocess.run([", "subprocess.Popen(["]
-        why_ok: Arguments are passed directly to execve, so the shell never parses input
+        why_ok: >-
+          Arguments are passed directly to execve, so the shell never parses input. This
+          only applies to code that actually spawns a process; an ordinary function,
+          method, or library/API call (e.g. provider.complete) is not command execution.
     anti_patterns:
       - id: CMDI-BAD-1
         cwe: CWE-78
         severity: CRITICAL
-        description: Invoke a shell with an interpolated command string
+        description: >-
+          Pass interpolated input to an OS shell or subprocess -- os.system, os.popen,
+          subprocess(..., shell=True), or eval/exec. A normal function, method, or
+          library/API call is NOT this; flag only an actual shell or process invocation.
         signals: ["os.system(", "shell=True", "os.popen("]
         why_bad: Shell metacharacters in input let an attacker run arbitrary commands
         example_bad: |
@@ -72,15 +78,28 @@ sub_capabilities:
         signals: ["os.path.realpath", "Path(...).resolve()", "is_relative_to("]
         why_ok: A resolved path outside the base is rejected before any file access
+      - id: PATH-OK-2
+        description: >-
+          Use a path that is not attacker-controlled -- a data field, a directory read from
+          trusted config, or a path the operator passes on the command line
+        why_ok: >-
+          Traversal needs an external attacker to control the path. A path stored as a
+          field, a trusted/configured directory, or an operator-supplied CLI argument is
+          not a finding; neither is merely declaring a `path` attribute.
     anti_patterns:
       - id: PATH-BAD-1
         cwe: CWE-22
         severity: HIGH
-        description: Join user input into a filesystem path without containment checks
-        signals: ["os.path.join(", "open(", "Path("]
-        why_bad: Sequences like ../ let input escape the intended directory
+        description: >-
+          Take an externally controlled value (HTTP request, upload, form, query, or message
+          field) and use it in a filesystem open/read/write without resolving it and confirming
+          it stays in an allowed base. NOT this: a path kept as a data field, a directory from
+          trusted config, or a path the operator passes on the CLI.
+        signals: ["request.", "upload", "filename", "os.path.join("]
+        why_bad: Sequences like ../ let attacker input escape the intended directory
         example_bad: |
-          open(os.path.join(UPLOAD_DIR, filename))
+          open(os.path.join(UPLOAD_DIR, request.args["filename"]))
         example_good: |
           target = (UPLOAD_DIR / filename).resolve()
           if not target.is_relative_to(UPLOAD_DIR):

{codejury-0.3.0 → codejury-0.4.0}/codejury/domain/artifact.py RENAMED Viewed

@@ -18,3 +18,6 @@ class CodeArtifact:
     kind: ArtifactKind
     path: str       # identifier used when building Evidence references
     content: str    # the diff/file/function text the agent analyzes
+    # related code (e.g. cross-file call sites) shown to help trace data flow,
+    # but not itself under review
+    context: str = ""

codejury-0.4.0/codejury/sources/callers.py ADDED Viewed

@@ -0,0 +1,46 @@
+"""Lightweight cross-file caller context.
+For a file under review, find where the functions and classes it defines are
+called elsewhere in the repository. Showing those call sites lets the verifier
+trace where an argument comes from -- which is exactly what single-file review
+lacks for taint-style issues (a path/command that is operator-supplied vs
+attacker-controlled). This is a textual usage finder, not a full call graph.
+"""
+from __future__ import annotations
+import ast
+import re
+def defined_names(content: str) -> set[str]:
+    """Top-level function and class names defined in `content`."""
+    try:
+        tree = ast.parse(content)
+    except SyntaxError:
+        return set()
+    return {
+        node.name
+        for node in tree.body
+        if isinstance(node, (ast.FunctionDef, ast.AsyncFunctionDef, ast.ClassDef))
+    }
+def caller_context(target_path: str, files: dict[str, str], *, max_lines: int = 30) -> str:
+    """Lines elsewhere in `files` that call the names defined in `target_path`."""
+    names = defined_names(files.get(target_path, ""))
+    if not names:
+        return ""
+    # word-boundary call: `name(` not preceded/followed by other identifier chars
+    call = re.compile(r"\b(?:" + "|".join(re.escape(n) for n in names) + r")\s*\(")
+    hits: list[str] = []
+    for path in sorted(files):
+        if path == target_path:
+            continue
+        for lineno, line in enumerate(files[path].splitlines(), 1):
+            if call.search(line):
+                hits.append(f"{path}:{lineno}: {line.strip()}")
+                if len(hits) >= max_lines:
+                    return "\n".join(hits)
+    return "\n".join(hits)

{codejury-0.3.0 → codejury-0.4.0}/codejury/sources/chunker.py RENAMED Viewed

@@ -4,13 +4,16 @@ Splits on line boundaries into pieces of at most ``max_chars``. Small content is
 returned unchanged as a single chunk keeping its path; split content gets a
 ``path#N`` suffix per chunk. A single line longer than the budget becomes its own
 (over-budget) chunk rather than being cut mid-line.
+The default budget is large so a whole file stays in one artifact -- the verifier
+needs the full file to trace where a value comes from. Only very large files split.
 """
 from __future__ import annotations
 class Chunker:
-    def __init__(self, max_chars: int = 8000) -> None:
+    def __init__(self, max_chars: int = 200_000) -> None:
         self._max_chars = max_chars
     def split(self, path: str, content: str) -> list[tuple[str, str]]:

{codejury-0.3.0 → codejury-0.4.0}/codejury/sources/repo.py RENAMED Viewed

@@ -11,6 +11,7 @@ from pathlib import Path
 from codejury.domain.artifact import CodeArtifact
 from codejury.sources.base import Source
+from codejury.sources.callers import caller_context
 from codejury.sources.chunker import Chunker
 _SKIP_DIRS = frozenset({".git", ".venv", "venv", "node_modules", "__pycache__", ".mypy_cache", ".pytest_cache"})
@@ -24,21 +25,32 @@ class RepoSource(Source):
         extensions: tuple[str, ...] = (".py",),
         chunker: Chunker | None = None,
         skip_dirs: frozenset[str] = _SKIP_DIRS,
+        with_callers: bool = False,
     ) -> None:
         self._root = Path(root)
         self._extensions = extensions
         self._chunker = chunker or Chunker()
         self._skip_dirs = skip_dirs
+        self._with_callers = with_callers
     def list_artifacts(self) -> list[CodeArtifact]:
+        files = self._read_files()
         artifacts: list[CodeArtifact] = []
-        for path in sorted(self._root.rglob("*")):
+        for rel, content in sorted(files.items()):
+            context = caller_context(rel, files) if self._with_callers else ""
+            for chunk_path, chunk_content in self._chunker.split(rel, content):
+                artifacts.append(
+                    CodeArtifact(kind="repo", path=chunk_path, content=chunk_content, context=context)
+                )
+        return artifacts
+    def _read_files(self) -> dict[str, str]:
+        files: dict[str, str] = {}
+        for path in self._root.rglob("*"):
             if not path.is_file() or path.suffix not in self._extensions:
                 continue
             if any(part in self._skip_dirs for part in path.relative_to(self._root).parts):
                 continue
             rel = path.relative_to(self._root).as_posix()
-            content = path.read_text(encoding="utf-8", errors="replace")
-            for chunk_path, chunk_content in self._chunker.split(rel, content):
-                artifacts.append(CodeArtifact(kind="repo", path=chunk_path, content=chunk_content))
-        return artifacts
+            files[rel] = path.read_text(encoding="utf-8", errors="replace")
+        return files

{codejury-0.3.0 → codejury-0.4.0}/codejury.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codejury
-Version: 0.3.0
+Version: 0.4.0
 Summary: General-purpose Application Security AI audit framework -- five-layer architecture, capabilities as first-class data
 Author: 4234288
 License-Expression: MIT
@@ -154,6 +154,12 @@ independently.
 - **Prompts are a first pass.** Expect false positives and misses on real code.
   Tune by editing the capability YAML and growing the golden set; measure the
   effect with `codejury eval`.
+- **Local-pattern checks are sharper than data-flow ones.** Capabilities judged
+  from one spot (weak crypto, hardcoded secrets) are reliable; taint / data-flow
+  ones like path traversal over-flag in single-file review because the verifier
+  can't see whether a value is attacker-controlled. `scan --callers` adds
+  cross-file call sites for provenance (helps some cases, not a full fix); also
+  scope with `--only` or challenge findings with `--orchestrator debate`.
 - **`scan` cost scales as files x capabilities.** It is a periodic deep audit,
   not a quick check -- scope it with `--only`. Day to day, audit the diff.

{codejury-0.3.0 → codejury-0.4.0}/codejury.egg-info/SOURCES.txt RENAMED Viewed

@@ -76,6 +76,7 @@ codejury/providers/openai_format.py
 codejury/providers/retry.py
 codejury/sources/__init__.py
 codejury/sources/base.py
+codejury/sources/callers.py
 codejury/sources/chunker.py
 codejury/sources/diff.py
 codejury/sources/function.py
@@ -87,6 +88,7 @@ codejury/tasks/registry.py
 tests/test_anthropic_provider.py
 tests/test_assembly.py
 tests/test_audit_pipeline.py
+tests/test_callers.py
 tests/test_capability.py
 tests/test_cli_audit.py
 tests/test_context.py

{codejury-0.3.0 → codejury-0.4.0}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [project]
 name = "codejury"
-version = "0.3.0"
+version = "0.4.0"
 description = "General-purpose Application Security AI audit framework -- five-layer architecture, capabilities as first-class data"
 readme = "README.md"
 requires-python = ">=3.12"

codejury-0.4.0/tests/test_callers.py ADDED Viewed

@@ -0,0 +1,43 @@
+from codejury.sources.callers import caller_context, defined_names
+from codejury.sources.chunker import Chunker
+from codejury.sources.repo import RepoSource
+def test_defined_names_top_level_only():
+    code = "def a():\n    def inner(): pass\nclass B: pass\nx = 1\n"
+    assert defined_names(code) == {"a", "B"}
+def test_defined_names_tolerates_syntax_error():
+    assert defined_names("def broken(:\n") == set()
+def test_caller_context_finds_cross_file_call_sites():
+    files = {
+        "lib.py": "def load_capability(path):\n    return open(path)\n",
+        "cli.py": "from lib import load_capability\nload_capability(args.cap_dir)\n",
+        "other.py": "y = 2\n",
+    }
+    ctx = caller_context("lib.py", files)
+    assert "cli.py:2: load_capability(args.cap_dir)" in ctx
+    assert "other.py" not in ctx
+def test_caller_context_word_boundary_avoids_prefix_matches():
+    # load_capability must NOT match load_capabilities(
+    files = {
+        "lib.py": "def load_capability(path): ...\n",
+        "caller.py": "load_capabilities(dirpath)\n",
+    }
+    assert caller_context("lib.py", files) == ""
+def test_repo_source_attaches_caller_context_when_enabled(tmp_path):
+    (tmp_path / "lib.py").write_text("def helper(p):\n    return open(p)\n", encoding="utf-8")
+    (tmp_path / "cli.py").write_text("from lib import helper\nhelper(args.path)\n", encoding="utf-8")
+    arts = {a.path: a for a in RepoSource(tmp_path, with_callers=True, chunker=Chunker()).list_artifacts()}
+    assert "cli.py:2: helper(args.path)" in arts["lib.py"].context
+    # without the flag, no context
+    arts_off = {a.path: a for a in RepoSource(tmp_path).list_artifacts()}
+    assert arts_off["lib.py"].context == ""