codejury 0.5.0__tar.gz → 0.5.1__tar.gz

{codejury-0.5.0 → codejury-0.5.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codejury
-Version: 0.5.0
+Version: 0.5.1
 Summary: General-purpose Application Security AI audit framework -- five-layer architecture, capabilities as first-class data
 Author: AISecLabs
 License-Expression: MIT
@@ -167,11 +167,14 @@ independently.
 - **Local-pattern checks are sharper than data-flow ones.** Capabilities judged
   from one spot (weak crypto, hardcoded secrets) are reliable; taint / data-flow
   ones like path traversal over-flag in single-file review because the verifier
-  can't see whether a value is attacker-controlled. Mitigations that help but do
-  not fully solve it: `scan --callers` (cross-file call sites for provenance),
-  `--orchestrator challenge` (a recall-safe refutation pass that drops only
-  provably-safe flags), `--only` to scope, or `--orchestrator debate`. Real taint
-  precision needs data-flow analysis, not model skepticism.
+  can't see whether a value is attacker-controlled. Mitigations that add context
+  but do not fully solve it: `scan --callers` (where this file's functions are
+  called) and `scan --callees` (the called code it delegates to, so a sink in
+  another file is visible) -- pair them for both directions; `--orchestrator
+  challenge` (a recall-safe
+  refutation pass that drops only provably-safe flags); `--only` to scope; or
+  `--orchestrator debate`. Real taint precision still needs data-flow analysis,
+  not model skepticism.
 - **`scan` cost scales as files x capabilities.** It is a periodic deep audit,
   not a quick check -- scope it with `--only`. Day to day, audit the diff.
 

{codejury-0.5.0 → codejury-0.5.1}/README.md

@@ -138,11 +138,14 @@ independently.
 - **Local-pattern checks are sharper than data-flow ones.** Capabilities judged
   from one spot (weak crypto, hardcoded secrets) are reliable; taint / data-flow
   ones like path traversal over-flag in single-file review because the verifier
-  can't see whether a value is attacker-controlled. Mitigations that help but do
-  not fully solve it: `scan --callers` (cross-file call sites for provenance),
-  `--orchestrator challenge` (a recall-safe refutation pass that drops only
-  provably-safe flags), `--only` to scope, or `--orchestrator debate`. Real taint
-  precision needs data-flow analysis, not model skepticism.
+  can't see whether a value is attacker-controlled. Mitigations that add context
+  but do not fully solve it: `scan --callers` (where this file's functions are
+  called) and `scan --callees` (the called code it delegates to, so a sink in
+  another file is visible) -- pair them for both directions; `--orchestrator
+  challenge` (a recall-safe
+  refutation pass that drops only provably-safe flags); `--only` to scope; or
+  `--orchestrator debate`. Real taint precision still needs data-flow analysis,
+  not model skepticism.
 - **`scan` cost scales as files x capabilities.** It is a periodic deep audit,
   not a quick check -- scope it with `--only`. Day to day, audit the diff.
 

{codejury-0.5.0 → codejury-0.5.1}/codejury/cli.py

@@ -86,10 +86,15 @@ def scan(
     extensions: tuple[str, ...] = (".py",),
     max_chars: int = 200_000,
     with_callers: bool = False,
+    with_callees: bool = False,
 ) -> list[tuple[str, AnalysisResult]]:
     """Audit every matching file in a directory tree, returning (path, result) per artifact."""
     source = RepoSource(
-        directory, extensions=extensions, chunker=Chunker(max_chars=max_chars), with_callers=with_callers
+        directory,
+        extensions=extensions,
+        chunker=Chunker(max_chars=max_chars),
+        with_callers=with_callers,
+        with_callees=with_callees,
     )
     artifacts = source.list_artifacts()
     calls = len(artifacts) * len(capabilities)
@@ -231,7 +236,10 @@ def main(argv: list[str] | None = None) -> int:
     scan_p.add_argument("--max-tokens", type=int, default=2048)
     scan_p.add_argument("--max-chars", type=int, default=200_000, help="chunk budget; default keeps whole files")
     scan_p.add_argument(
-        "--callers", action="store_true", help="add cross-file call sites as context (cuts taint false positives)"
+        "--callers", action="store_true", help="add cross-file context: where this file's functions are called"
+    )
+    scan_p.add_argument(
+        "--callees", action="store_true", help="add cross-file context: the called code this file delegates to"
     )
     scan_p.add_argument("--api-base", default=DEFAULT_API_BASE, help="provider base URL (env: CODEJURY_API_BASE)")
     scan_p.add_argument("--api-key", default=DEFAULT_API_KEY, help="provider API key (env: CODEJURY_API_KEY)")
@@ -289,6 +297,7 @@ def main(argv: list[str] | None = None) -> int:
             extensions=extensions,
             max_chars=args.max_chars,
             with_callers=args.callers,
+            with_callees=args.callees,
         )
         results = _maybe_suppress(results, not args.no_suppress)
         print(_render_results(args.fmt, results))

codejury-0.5.1/codejury/sources/callers.py

@@ -0,0 +1,104 @@
+"""Lightweight cross-file caller context.
+
+For a file under review, find where the functions and classes it defines are
+called elsewhere in the repository. Showing those call sites lets the verifier
+trace where an argument comes from -- which is exactly what single-file review
+lacks for taint-style issues (a path/command that is operator-supplied vs
+attacker-controlled). This is a textual usage finder, not a full call graph.
+"""
+
+from __future__ import annotations
+
+import ast
+import re
+
+
+def defined_names(content: str) -> set[str]:
+    """Top-level function and class names defined in `content`."""
+    try:
+        tree = ast.parse(content)
+    except SyntaxError:
+        return set()
+    return {
+        node.name
+        for node in tree.body
+        if isinstance(node, (ast.FunctionDef, ast.AsyncFunctionDef, ast.ClassDef))
+    }
+
+
+def _symbol_sources(files: dict[str, str]) -> dict[str, list[tuple[str, str]]]:
+    """Map each defined function/class/method name to its (path, source) definitions."""
+    out: dict[str, list[tuple[str, str]]] = {}
+    for path, content in files.items():
+        try:
+            tree = ast.parse(content)
+        except SyntaxError:
+            continue
+        for node in ast.walk(tree):
+            if isinstance(node, (ast.FunctionDef, ast.AsyncFunctionDef, ast.ClassDef)):
+                src = ast.get_source_segment(content, node)
+                if src:
+                    out.setdefault(node.name, []).append((path, src))
+    return out
+
+
+def _called_names(content: str) -> set[str]:
+    try:
+        tree = ast.parse(content)
+    except SyntaxError:
+        return set()
+    names: set[str] = set()
+    for node in ast.walk(tree):
+        if isinstance(node, ast.Call):
+            func = node.func
+            if isinstance(func, ast.Name):
+                names.add(func.id)
+            elif isinstance(func, ast.Attribute):
+                names.add(func.attr)
+    return names
+
+
+def callee_context(target_path: str, files: dict[str, str], *, max_chars: int = 12_000) -> str:
+    """Source of functions that `target_path` calls but that are defined in other files.
+
+    This is the forward direction -- it puts the called code (where a vulnerability
+    often lives, e.g. a manager a view delegates to) in front of the verifier, which
+    single-file review cannot see.
+    """
+    symbols = _symbol_sources(files)
+    own = defined_names(files.get(target_path, ""))
+    blocks: list[str] = []
+    total = 0
+    for name in sorted(_called_names(files.get(target_path, ""))):
+        if name in own:
+            continue
+        for path, src in symbols.get(name, []):
+            if path == target_path:
+                continue
+            block = f"# {path} -> {name}\n{src}"
+            if total + len(block) > max_chars:
+                return "\n\n".join(blocks)
+            blocks.append(block)
+            total += len(block)
+            break  # one definition per called name is enough context
+    return "\n\n".join(blocks)
+
+
+def caller_context(target_path: str, files: dict[str, str], *, max_lines: int = 30) -> str:
+    """Lines elsewhere in `files` that call the names defined in `target_path`."""
+    names = defined_names(files.get(target_path, ""))
+    if not names:
+        return ""
+    # word-boundary call: `name(` not preceded/followed by other identifier chars
+    call = re.compile(r"\b(?:" + "|".join(re.escape(n) for n in names) + r")\s*\(")
+
+    hits: list[str] = []
+    for path in sorted(files):
+        if path == target_path:
+            continue
+        for lineno, line in enumerate(files[path].splitlines(), 1):
+            if call.search(line):
+                hits.append(f"{path}:{lineno}: {line.strip()}")
+                if len(hits) >= max_lines:
+                    return "\n".join(hits)
+    return "\n".join(hits)

{codejury-0.5.0 → codejury-0.5.1}/codejury/sources/repo.py

@@ -11,7 +11,7 @@ from pathlib import Path
 
 from codejury.domain.artifact import CodeArtifact
 from codejury.sources.base import Source
-from codejury.sources.callers import caller_context
+from codejury.sources.callers import caller_context, callee_context
 from codejury.sources.chunker import Chunker
 
 _SKIP_DIRS = frozenset({".git", ".venv", "venv", "node_modules", "__pycache__", ".mypy_cache", ".pytest_cache"})
@@ -26,24 +26,38 @@ class RepoSource(Source):
         chunker: Chunker | None = None,
         skip_dirs: frozenset[str] = _SKIP_DIRS,
         with_callers: bool = False,
+        with_callees: bool = False,
     ) -> None:
         self._root = Path(root)
         self._extensions = extensions
         self._chunker = chunker or Chunker()
         self._skip_dirs = skip_dirs
         self._with_callers = with_callers
+        self._with_callees = with_callees
 
     def list_artifacts(self) -> list[CodeArtifact]:
         files = self._read_files()
         artifacts: list[CodeArtifact] = []
         for rel, content in sorted(files.items()):
-            context = caller_context(rel, files) if self._with_callers else ""
+            context = self._context(rel, files)
             for chunk_path, chunk_content in self._chunker.split(rel, content):
                 artifacts.append(
                     CodeArtifact(kind="repo", path=chunk_path, content=chunk_content, context=context)
                 )
         return artifacts
 
+    def _context(self, rel: str, files: dict[str, str]) -> str:
+        parts = []
+        if self._with_callers:
+            callers = caller_context(rel, files)
+            if callers:
+                parts.append("Callers (where this file's functions are used):\n" + callers)
+        if self._with_callees:
+            callees = callee_context(rel, files)
+            if callees:
+                parts.append("Callees (functions this file calls, defined elsewhere):\n" + callees)
+        return "\n\n".join(parts)
+
     def _read_files(self) -> dict[str, str]:
         files: dict[str, str] = {}
         for path in self._root.rglob("*"):

{codejury-0.5.0 → codejury-0.5.1}/codejury.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codejury
-Version: 0.5.0
+Version: 0.5.1
 Summary: General-purpose Application Security AI audit framework -- five-layer architecture, capabilities as first-class data
 Author: AISecLabs
 License-Expression: MIT
@@ -167,11 +167,14 @@ independently.
 - **Local-pattern checks are sharper than data-flow ones.** Capabilities judged
   from one spot (weak crypto, hardcoded secrets) are reliable; taint / data-flow
   ones like path traversal over-flag in single-file review because the verifier
-  can't see whether a value is attacker-controlled. Mitigations that help but do
-  not fully solve it: `scan --callers` (cross-file call sites for provenance),
-  `--orchestrator challenge` (a recall-safe refutation pass that drops only
-  provably-safe flags), `--only` to scope, or `--orchestrator debate`. Real taint
-  precision needs data-flow analysis, not model skepticism.
+  can't see whether a value is attacker-controlled. Mitigations that add context
+  but do not fully solve it: `scan --callers` (where this file's functions are
+  called) and `scan --callees` (the called code it delegates to, so a sink in
+  another file is visible) -- pair them for both directions; `--orchestrator
+  challenge` (a recall-safe
+  refutation pass that drops only provably-safe flags); `--only` to scope; or
+  `--orchestrator debate`. Real taint precision still needs data-flow analysis,
+  not model skepticism.
 - **`scan` cost scales as files x capabilities.** It is a periodic deep audit,
   not a quick check -- scope it with `--only`. Day to day, audit the diff.
 

{codejury-0.5.0 → codejury-0.5.1}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "codejury"
-version = "0.5.0"
+version = "0.5.1"
 description = "General-purpose Application Security AI audit framework -- five-layer architecture, capabilities as first-class data"
 readme = "README.md"
 requires-python = ">=3.12"

{codejury-0.5.0 → codejury-0.5.1}/tests/test_callers.py

@@ -1,4 +1,4 @@
-from codejury.sources.callers import caller_context, defined_names
+from codejury.sources.callers import callee_context, caller_context, defined_names
 from codejury.sources.chunker import Chunker
 from codejury.sources.repo import RepoSource
 
@@ -32,6 +32,32 @@ def test_caller_context_word_boundary_avoids_prefix_matches():
     assert caller_context("lib.py", files) == ""
 
 
+def test_callee_context_pulls_in_called_code_from_other_files():
+    files = {
+        "views.py": "from m import bind\ndef handler(req):\n    return bind(req.user_handle, req.node)\n",
+        "m.py": "def bind(user_handle, node):\n    Dao.update(user_handle, node)  # no ownership check\n",
+        "unrelated.py": "def other(): pass\n",
+    }
+    ctx = callee_context("views.py", files)
+    assert "m.py -> bind" in ctx
+    assert "Dao.update(user_handle, node)" in ctx   # the called code is surfaced
+    assert "other" not in ctx                        # uncalled code is not
+
+
+def test_callee_context_excludes_same_file_definitions():
+    files = {"a.py": "def helper(): pass\ndef main():\n    helper()\n"}
+    assert callee_context("a.py", files) == ""  # helper is local, not cross-file
+
+
+def test_repo_source_full_review_attaches_callers_and_callees(tmp_path):
+    (tmp_path / "views.py").write_text("from m import bind\ndef handler(r):\n    return bind(r.h)\n", encoding="utf-8")
+    (tmp_path / "m.py").write_text("def bind(h):\n    return open(h)\n", encoding="utf-8")
+    arts = {a.path: a for a in RepoSource(tmp_path, with_callers=True, with_callees=True).list_artifacts()}
+    # the view's artifact should now contain the called bind() source from m.py
+    assert "Callees" in arts["views.py"].context
+    assert "def bind(h)" in arts["views.py"].context
+
+
 def test_repo_source_attaches_caller_context_when_enabled(tmp_path):
     (tmp_path / "lib.py").write_text("def helper(p):\n    return open(p)\n", encoding="utf-8")
     (tmp_path / "cli.py").write_text("from lib import helper\nhelper(args.path)\n", encoding="utf-8")

codejury-0.5.0/codejury/sources/callers.py

@@ -1,46 +0,0 @@
-"""Lightweight cross-file caller context.
-
-For a file under review, find where the functions and classes it defines are
-called elsewhere in the repository. Showing those call sites lets the verifier
-trace where an argument comes from -- which is exactly what single-file review
-lacks for taint-style issues (a path/command that is operator-supplied vs
-attacker-controlled). This is a textual usage finder, not a full call graph.
-"""
-
-from __future__ import annotations
-
-import ast
-import re
-
-
-def defined_names(content: str) -> set[str]:
-    """Top-level function and class names defined in `content`."""
-    try:
-        tree = ast.parse(content)
-    except SyntaxError:
-        return set()
-    return {
-        node.name
-        for node in tree.body
-        if isinstance(node, (ast.FunctionDef, ast.AsyncFunctionDef, ast.ClassDef))
-    }
-
-
-def caller_context(target_path: str, files: dict[str, str], *, max_lines: int = 30) -> str:
-    """Lines elsewhere in `files` that call the names defined in `target_path`."""
-    names = defined_names(files.get(target_path, ""))
-    if not names:
-        return ""
-    # word-boundary call: `name(` not preceded/followed by other identifier chars
-    call = re.compile(r"\b(?:" + "|".join(re.escape(n) for n in names) + r")\s*\(")
-
-    hits: list[str] = []
-    for path in sorted(files):
-        if path == target_path:
-            continue
-        for lineno, line in enumerate(files[path].splitlines(), 1):
-            if call.search(line):
-                hits.append(f"{path}:{lineno}: {line.strip()}")
-                if len(hits) >= max_lines:
-                    return "\n".join(hits)
-    return "\n".join(hits)