codeshift 0.4.0__py3-none-any.whl → 0.5.0__py3-none-any.whl

codeshift/utils/credential_store.py

@@ -0,0 +1,393 @@
+"""Secure credential storage with encryption.
+
+This module provides encrypted storage for sensitive credentials like API keys.
+Credentials are encrypted using Fernet (AES-128-CBC) with a key derived from
+a machine-specific identifier using PBKDF2-SHA256.
+
+Security features:
+- AES-128 encryption via Fernet
+- Machine-bound encryption key (prevents credential theft across machines)
+- PBKDF2-SHA256 key derivation with 100,000 iterations
+- File permissions restricted to owner only (0o600)
+- Automatic migration from plaintext credentials with secure deletion
+"""
+
+import base64
+import hashlib
+import json
+import logging
+import os
+import platform
+import secrets
+import uuid
+from pathlib import Path
+from typing import Any, cast
+
+logger = logging.getLogger(__name__)
+
+# Try to import cryptography, provide helpful error if not installed
+try:
+    from cryptography.fernet import Fernet, InvalidToken
+    from cryptography.hazmat.backends import default_backend
+    from cryptography.hazmat.primitives import hashes
+    from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+
+    CRYPTOGRAPHY_AVAILABLE = True
+except ImportError:
+    CRYPTOGRAPHY_AVAILABLE = False
+    Fernet = None  # type: ignore
+    InvalidToken = Exception  # type: ignore
+
+
+class CredentialDecryptionError(Exception):
+    """Raised when credentials cannot be decrypted.
+
+    This typically occurs when:
+    - Credentials were created on a different machine
+    - The machine identifier has changed
+    - The credential file is corrupted
+    """
+
+    def __init__(self, message: str | None = None):
+        default_msg = (
+            "Failed to decrypt credentials. This may happen if credentials were "
+            "created on a different machine. Please run 'codeshift login' to "
+            "re-authenticate."
+        )
+        super().__init__(message or default_msg)
+
+
+class CredentialStore:
+    """Secure encrypted credential storage.
+
+    Credentials are encrypted using a key derived from a machine-specific
+    identifier, making them non-portable between machines for security.
+
+    Example:
+        store = CredentialStore()
+        store.save({"api_key": "secret123", "email": "user@example.com"})
+        creds = store.load()
+    """
+
+    # Default paths
+    DEFAULT_CONFIG_DIR = Path.home() / ".config" / "codeshift"
+    CREDENTIALS_FILE = "credentials.enc"
+    LEGACY_CREDENTIALS_FILE = "credentials.json"
+    SALT_FILE = ".salt"
+
+    # PBKDF2 parameters
+    PBKDF2_ITERATIONS = 100_000
+    KEY_LENGTH = 32  # 256 bits for Fernet
+
+    def __init__(self, config_dir: Path | None = None):
+        """Initialize the credential store.
+
+        Args:
+            config_dir: Directory for storing credentials. Defaults to ~/.config/codeshift
+        """
+        self.config_dir = config_dir or self.DEFAULT_CONFIG_DIR
+        self.credentials_path = self.config_dir / self.CREDENTIALS_FILE
+        self.legacy_path = self.config_dir / self.LEGACY_CREDENTIALS_FILE
+        self.salt_path = self.config_dir / self.SALT_FILE
+
+        # Check if cryptography is available
+        if not CRYPTOGRAPHY_AVAILABLE:
+            logger.warning(
+                "cryptography package not installed. "
+                "Credentials will be stored in plaintext. "
+                "Install with: pip install cryptography"
+            )
+
+    def _get_machine_identifier(self) -> str:
+        """Get a stable machine identifier for key derivation.
+
+        Combines multiple system attributes to create a stable identifier
+        that persists across reboots but changes between machines.
+
+        Returns:
+            A string identifier unique to this machine.
+        """
+        components = []
+
+        # Platform info (stable)
+        components.append(platform.node())
+        components.append(platform.system())
+        components.append(platform.machine())
+
+        # Try to get hardware UUID (most stable)
+        try:
+            if platform.system() == "Darwin":
+                # macOS: Use IOPlatformUUID
+                import subprocess
+
+                result = subprocess.run(
+                    ["ioreg", "-rd1", "-c", "IOPlatformExpertDevice"],
+                    capture_output=True,
+                    text=True,
+                    timeout=5,
+                )
+                for line in result.stdout.split("\n"):
+                    if "IOPlatformUUID" in line:
+                        uuid_str = line.split('"')[-2]
+                        components.append(uuid_str)
+                        break
+            elif platform.system() == "Linux":
+                # Linux: Try machine-id
+                for path in ["/etc/machine-id", "/var/lib/dbus/machine-id"]:
+                    try:
+                        with open(path) as f:
+                            components.append(f.read().strip())
+                            break
+                    except (OSError, PermissionError):
+                        continue
+            elif platform.system() == "Windows":
+                # Windows: Use MachineGuid from registry
+                try:
+                    import winreg
+
+                    key = winreg.OpenKey(  # type: ignore[attr-defined]
+                        winreg.HKEY_LOCAL_MACHINE,  # type: ignore[attr-defined]
+                        r"SOFTWARE\Microsoft\Cryptography",
+                    )
+                    machine_guid = winreg.QueryValueEx(key, "MachineGuid")[0]  # type: ignore[attr-defined]
+                    components.append(machine_guid)
+                except Exception:
+                    pass
+        except Exception as e:
+            logger.debug(f"Could not get hardware UUID: {e}")
+
+        # Fallback to UUID based on hostname (less stable but better than nothing)
+        if len(components) < 4:
+            components.append(str(uuid.getnode()))
+
+        # Create hash of all components
+        combined = "|".join(components)
+        return hashlib.sha256(combined.encode()).hexdigest()
+
+    def _get_or_create_salt(self) -> bytes:
+        """Get or create a random salt for key derivation.
+
+        The salt is stored alongside credentials and is required for decryption.
+
+        Returns:
+            32-byte random salt.
+        """
+        if self.salt_path.exists():
+            try:
+                return self.salt_path.read_bytes()
+            except OSError as e:
+                logger.warning(f"Could not read salt file: {e}")
+
+        # Generate new salt
+        salt = secrets.token_bytes(32)
+
+        # Save salt with restricted permissions
+        self.config_dir.mkdir(parents=True, exist_ok=True)
+        self.salt_path.write_bytes(salt)
+        os.chmod(self.salt_path, 0o600)
+
+        return salt
+
+    def _derive_key(self, salt: bytes) -> bytes:
+        """Derive an encryption key from the machine identifier.
+
+        Uses PBKDF2-SHA256 with 100,000 iterations for key derivation.
+
+        Args:
+            salt: Random salt for key derivation.
+
+        Returns:
+            32-byte encryption key suitable for Fernet.
+        """
+        if not CRYPTOGRAPHY_AVAILABLE:
+            raise ImportError(
+                "cryptography package required for encryption. "
+                "Install with: pip install cryptography"
+            )
+
+        machine_id = self._get_machine_identifier()
+
+        kdf = PBKDF2HMAC(
+            algorithm=hashes.SHA256(),
+            length=self.KEY_LENGTH,
+            salt=salt,
+            iterations=self.PBKDF2_ITERATIONS,
+            backend=default_backend(),
+        )
+
+        key = kdf.derive(machine_id.encode())
+        return base64.urlsafe_b64encode(key)
+
+    def _encrypt(self, data: dict) -> bytes:
+        """Encrypt credential data.
+
+        Args:
+            data: Dictionary of credentials to encrypt.
+
+        Returns:
+            Encrypted bytes.
+        """
+        if not CRYPTOGRAPHY_AVAILABLE:
+            # Fallback to plaintext (with warning logged in __init__)
+            return json.dumps(data).encode()
+
+        salt = self._get_or_create_salt()
+        key = self._derive_key(salt)
+        f = Fernet(key)
+
+        plaintext = json.dumps(data).encode()
+        return f.encrypt(plaintext)
+
+    def _decrypt(self, ciphertext: bytes) -> dict:
+        """Decrypt credential data.
+
+        Args:
+            ciphertext: Encrypted bytes.
+
+        Returns:
+            Dictionary of credentials.
+
+        Raises:
+            CredentialDecryptionError: If decryption fails.
+        """
+        if not CRYPTOGRAPHY_AVAILABLE:
+            # Assume plaintext if cryptography not available
+            try:
+                return cast(dict[Any, Any], json.loads(ciphertext.decode()))
+            except (json.JSONDecodeError, UnicodeDecodeError) as e:
+                raise CredentialDecryptionError(f"Invalid credential format: {e}") from e
+
+        try:
+            salt = self._get_or_create_salt()
+            key = self._derive_key(salt)
+            f = Fernet(key)
+
+            plaintext = f.decrypt(ciphertext)
+            return cast(dict[Any, Any], json.loads(plaintext.decode()))
+        except InvalidToken as e:
+            raise CredentialDecryptionError(
+                "Failed to decrypt credentials. The encryption key may have changed "
+                "(different machine or hardware change). Please run 'codeshift login' "
+                "to re-authenticate."
+            ) from e
+        except (json.JSONDecodeError, UnicodeDecodeError) as e:
+            raise CredentialDecryptionError(f"Corrupted credential data: {e}") from e
+
+    def save(self, credentials: dict[str, Any]) -> None:
+        """Save credentials securely.
+
+        Args:
+            credentials: Dictionary containing credentials (api_key, email, etc.)
+        """
+        self.config_dir.mkdir(parents=True, exist_ok=True)
+
+        # Encrypt and save
+        encrypted = self._encrypt(credentials)
+        self.credentials_path.write_bytes(encrypted)
+
+        # Set restrictive permissions (owner read/write only)
+        os.chmod(self.credentials_path, 0o600)
+
+        logger.debug("Credentials saved securely")
+
+    def load(self) -> dict[str, Any] | None:
+        """Load credentials from secure storage.
+
+        Automatically migrates from plaintext storage if found.
+
+        Returns:
+            Dictionary of credentials, or None if not found.
+
+        Raises:
+            CredentialDecryptionError: If credentials exist but cannot be decrypted.
+        """
+        # Check for encrypted credentials first
+        if self.credentials_path.exists():
+            try:
+                ciphertext = self.credentials_path.read_bytes()
+                return self._decrypt(ciphertext)
+            except OSError as e:
+                logger.error(f"Could not read credentials file: {e}")
+                return None
+
+        # Check for legacy plaintext credentials and migrate
+        if self.legacy_path.exists():
+            logger.info("Migrating credentials from plaintext to encrypted storage")
+            try:
+                plaintext = self.legacy_path.read_text()
+                credentials: dict[str, Any] = json.loads(plaintext)
+
+                # Save encrypted
+                self.save(credentials)
+
+                # Securely delete legacy file
+                self._secure_delete(self.legacy_path)
+
+                return credentials
+            except (OSError, json.JSONDecodeError) as e:
+                logger.warning(f"Could not migrate legacy credentials: {e}")
+                return None
+
+        return None
+
+    def delete(self) -> None:
+        """Delete stored credentials securely."""
+        # Delete encrypted credentials
+        if self.credentials_path.exists():
+            self._secure_delete(self.credentials_path)
+
+        # Also delete legacy file if it exists
+        if self.legacy_path.exists():
+            self._secure_delete(self.legacy_path)
+
+        # Delete salt file
+        if self.salt_path.exists():
+            self._secure_delete(self.salt_path)
+
+        logger.debug("Credentials deleted")
+
+    def _secure_delete(self, path: Path) -> None:
+        """Securely delete a file by overwriting before unlinking.
+
+        Args:
+            path: Path to the file to delete.
+        """
+        try:
+            if path.exists():
+                # Overwrite with random data
+                size = path.stat().st_size
+                if size > 0:
+                    with open(path, "wb") as f:
+                        f.write(secrets.token_bytes(size))
+                        f.flush()
+                        os.fsync(f.fileno())
+
+                # Then delete
+                path.unlink()
+        except OSError as e:
+            logger.warning(f"Could not securely delete {path}: {e}")
+            # Try regular delete as fallback
+            try:
+                path.unlink()
+            except OSError:
+                pass
+
+    def exists(self) -> bool:
+        """Check if credentials exist.
+
+        Returns:
+            True if credentials file exists (encrypted or legacy).
+        """
+        return self.credentials_path.exists() or self.legacy_path.exists()
+
+
+# Default credential store instance
+_default_store: CredentialStore | None = None
+
+
+def get_credential_store() -> CredentialStore:
+    """Get the default credential store instance."""
+    global _default_store
+    if _default_store is None:
+        _default_store = CredentialStore()
+    return _default_store

codeshift/utils/llm_client.py

@@ -1,10 +1,38 @@
-"""Anthropic Claude client wrapper for LLM-based migrations."""
+"""Anthropic Claude client wrapper for LLM-based migrations.
 
+SECURITY NOTE: This module is intended for internal use only.
+Direct access to the LLM client bypasses quota and billing controls.
+Use the Codeshift API client (api_client.py) for all LLM operations.
+"""
+
+import logging
 import os
+import sys
 from dataclasses import dataclass
 
 from anthropic import Anthropic
 
+# Prevent any exports from this module
+__all__: list[str] = []
+
+logger = logging.getLogger(__name__)
+
+
+class DirectLLMAccessError(Exception):
+    """Raised when code attempts to bypass the Codeshift API and access LLM directly.
+
+    The LLMClient is for internal server-side use only. Client applications
+    should use the Codeshift API which enforces quotas, billing, and access control.
+    """
+
+    def __init__(self, message: str | None = None):
+        default_msg = (
+            "Direct LLM access is not permitted. "
+            "Use the Codeshift API client for LLM operations. "
+            "Run 'codeshift login' to authenticate."
+        )
+        super().__init__(message or default_msg)
+
 
 @dataclass
 class LLMResponse:
@@ -17,8 +45,54 @@ class LLMResponse:
     error: str | None = None
 
 
-class LLMClient:
-    """Client for interacting with Anthropic's Claude API."""
+def _check_direct_access_attempt() -> None:
+    """Check if this is an unauthorized direct access attempt.
+
+    Raises:
+        DirectLLMAccessError: If direct access is detected from external code.
+    """
+    # Check if ANTHROPIC_API_KEY is set by the user (potential bypass attempt)
+    # This is allowed only for internal server use or development
+    if os.environ.get("ANTHROPIC_API_KEY"):
+        # Check if this is being called from within the codeshift package
+        frame = sys._getframe(2)  # Caller's caller
+        caller_file = frame.f_code.co_filename
+
+        # Allow internal codeshift modules and tests
+        allowed_paths = (
+            "codeshift/",
+            "codeshift\\",  # Windows path
+            "tests/",
+            "tests\\",
+            "<stdin>",  # Interactive Python
+            "<string>",  # exec/eval
+        )
+
+        is_internal = any(path in caller_file for path in allowed_paths)
+
+        # Also check for environment flag indicating authorized server use
+        is_authorized_server = os.environ.get("CODESHIFT_SERVER_MODE") == "true"
+
+        if not is_internal and not is_authorized_server:
+            logger.warning(
+                "Direct LLM access attempt detected from: %s. "
+                "This bypasses quota and billing controls.",
+                caller_file,
+            )
+            raise DirectLLMAccessError(
+                "Direct use of ANTHROPIC_API_KEY detected. "
+                "This bypasses Codeshift's quota and billing system. "
+                "Use 'codeshift upgrade' commands which route through the API."
+            )
+
+
+class _LLMClient:
+    """Internal client for interacting with Anthropic's Claude API.
+
+    SECURITY: This class is private (prefixed with _) and should not be
+    instantiated directly by external code. All LLM operations should go
+    through the Codeshift API which enforces access controls.
+    """
 
     DEFAULT_MODEL = "claude-sonnet-4-20250514"
     MAX_TOKENS = 4096
@@ -27,13 +101,19 @@ class LLMClient:
         self,
         api_key: str | None = None,
         model: str | None = None,
+        _bypass_check: bool = False,
     ):
         """Initialize the LLM client.
 
         Args:
             api_key: Anthropic API key. Defaults to ANTHROPIC_API_KEY env var.
             model: Model to use. Defaults to claude-sonnet-4-20250514.
+            _bypass_check: Internal flag to bypass access check (for server use).
         """
+        # Security check for unauthorized direct access
+        if not _bypass_check:
+            _check_direct_access_attempt()
+
         self.api_key = api_key or os.environ.get("ANTHROPIC_API_KEY")
         self.model = model or self.DEFAULT_MODEL
         self._client: Anthropic | None = None
@@ -45,7 +125,7 @@ class LLMClient:
             if not self.api_key:
                 raise ValueError(
                     "Anthropic API key not found. Set ANTHROPIC_API_KEY environment variable "
-                    "or pass api_key to LLMClient."
+                    "or pass api_key to _LLMClient."
                 )
             self._client = Anthropic(api_key=self.api_key)
         return self._client
@@ -209,13 +289,35 @@ Provide a brief explanation (2-3 sentences) of what changed and why:"""
         return self.generate(prompt, system_prompt=system_prompt, max_tokens=500)
 
 
-# Singleton instance for convenience
-_default_client: LLMClient | None = None
+# Keep backward compatibility alias but mark as deprecated
+# This will be removed in a future version
+LLMClient = _LLMClient
+
+
+# Singleton instance for internal use only
+_default_client: _LLMClient | None = None
 
 
-def get_llm_client() -> LLMClient:
-    """Get the default LLM client instance."""
+def _get_llm_client(_bypass_check: bool = False) -> _LLMClient:
+    """Get the default LLM client instance.
+
+    INTERNAL USE ONLY: This function is for internal codeshift server use.
+    External code should use the Codeshift API client.
+
+    Args:
+        _bypass_check: Internal flag to bypass access check (for server use).
+    """
     global _default_client
     if _default_client is None:
-        _default_client = LLMClient()
+        _default_client = _LLMClient(_bypass_check=_bypass_check)
     return _default_client
+
+
+# Keep backward compatibility but with security check
+def get_llm_client() -> _LLMClient:
+    """Get the default LLM client instance.
+
+    DEPRECATED: Use the Codeshift API client (api_client.py) instead.
+    This function will be removed in a future version.
+    """
+    return _get_llm_client(_bypass_check=False)

{codeshift-0.4.0.dist-info → codeshift-0.5.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codeshift
-Version: 0.4.0
+Version: 0.5.0
 Summary: AI-powered CLI tool that migrates Python code to handle breaking dependency changes
 Author: Ragab Technologies
 License: MIT
@@ -27,6 +27,9 @@ Requires-Dist: rich>=13.0
 Requires-Dist: toml>=0.10
 Requires-Dist: packaging>=23.0
 Requires-Dist: httpx>=0.25
+Requires-Dist: black>=24.10.0
+Requires-Dist: cryptography>=41.0
+Requires-Dist: nox>=2025.11.12
 Provides-Extra: dev
 Requires-Dist: pytest>=7.0; extra == "dev"
 Requires-Dist: pytest-cov>=4.0; extra == "dev"

{codeshift-0.4.0.dist-info → codeshift-0.5.0.dist-info}/RECORD

@@ -7,33 +7,33 @@ codeshift/cli/package_manager.py,sha256=K7spYHSQ6VoHlrzM3L9B2JoxBTe_9gLd57P6ME0P
 codeshift/cli/quota.py,sha256=zBiY3zqCGEyxbS3vnoQdgBld1emMQzLc0_5cUOWy9U8,5989
 codeshift/cli/commands/__init__.py,sha256=Kbs7DFUWOXkw5-9jiiR03cuUJeo5byusLr_Y3cKFE3E,218
 codeshift/cli/commands/apply.py,sha256=JqUiu6I5WD25677SXpOejKxLWNIUQUKrbOQ_JbpoEak,11213
-codeshift/cli/commands/auth.py,sha256=FO60p545yxYySw6v6CcJPUh-Q5byM_AUz1pxypccrUA,28066
+codeshift/cli/commands/auth.py,sha256=bCGF9aEz-5PLsp1rOkHZ8A3GRtd9NtpC3tePlJ3ZO6M,28638
 codeshift/cli/commands/diff.py,sha256=4LjrVRu4lhj-aOBvClOnEnN0l2nZEU5S1_qzYoXL4dQ,6357
 codeshift/cli/commands/scan.py,sha256=Eia3xW6sVZSiKtxd7JXyjIcOUsxduLGOuFjBhhp1ut0,11373
-codeshift/cli/commands/upgrade.py,sha256=JjPKbjMNDzBDZuz39JYas48Ch4vgrrtyc6AEoPq6Q6Q,15853
+codeshift/cli/commands/upgrade.py,sha256=15SPmu09oi7Gu7KLvyDLbcF-YndkEoa0sPhlMZ-zsuo,15853
 codeshift/cli/commands/upgrade_all.py,sha256=FimS7SYJeYkQvhrWACLQG4QiyyynCgi9SapUb8Ax0Ik,18964
 codeshift/knowledge/__init__.py,sha256=_YwrLgjvsJQuYajfnIhUQqFeircF0MfkI9zJBPZTupc,1221
 codeshift/knowledge/cache.py,sha256=aEx9aNDfrzCYMzlPRBzBOYiFIAGDcZJfQvcXroa5vsA,4837
-codeshift/knowledge/generator.py,sha256=WVCF0ULYmVQRHBiK6BTyS6FuArSCj-UDWzPJLujVbxU,7304
+codeshift/knowledge/generator.py,sha256=t30Rf8ByFxjz3wUk8Dq5fWGcL2MLS_rP4Xik4OspAUs,7386
 codeshift/knowledge/models.py,sha256=tvM6dnZJ00nJttIDMYxKlc8fYadgCdP2bqMVTA7o3HY,5157
 codeshift/knowledge/parser.py,sha256=uWm8IjOYoV06Sx5_odyrLB93XL1GNRHdzuNVSFM-fMA,8493
 codeshift/knowledge/sources.py,sha256=4GA4z4gHADCAfeBTF3dAO2S6H4s9leUKoxKPK2Vcopk,12280
 codeshift/knowledge_base/__init__.py,sha256=-xiDpdKrizX-5FeA8NjnHxASkkv44BwiMORTYF29Vj4,368
 codeshift/knowledge_base/loader.py,sha256=xMOSJEtnlzA1sGHGqeWdwzv2rF-LvVfSgEx9Q5WMTGk,3484
-codeshift/knowledge_base/models.py,sha256=OwA9ts14aMW-PfWBi8GFcwHIGls5ERur7FCQXYcIU7k,3816
-codeshift/knowledge_base/libraries/aiohttp.yaml,sha256=0JjP5BQdW172MmUE0U-xeCeavO0PN8_a1hM6W7zqQLI,6469
+codeshift/knowledge_base/models.py,sha256=YQ-Voe3y6O4Pge88YBsqM0Q64797-_7_lkyvmXArTeU,3836
+codeshift/knowledge_base/libraries/aiohttp.yaml,sha256=LB-uyxpgghc6n4I7hKctvIvKsW-bbXo8HQQORCkDBFs,6472
 codeshift/knowledge_base/libraries/attrs.yaml,sha256=iih_l9GaETP-FTy0ktqgOHlcUIiXaIT7TInfquV8XHo,5776
 codeshift/knowledge_base/libraries/celery.yaml,sha256=jE0gvUv5VpzgIp8Pmgh_pL64SJoXpMZojTuxtczMgQg,8455
 codeshift/knowledge_base/libraries/click.yaml,sha256=JoGFDVzV_49ZWp0It0VTPjrfQOXBoDJXlEzuJxwUSFQ,6689
 codeshift/knowledge_base/libraries/django.yaml,sha256=F5FGfiZBOBAiHcTrUhNfjt4DUoa8MaNZCPCyFgSeFu8,12224
 codeshift/knowledge_base/libraries/fastapi.yaml,sha256=i6dXGbEP1bn2k06XgqzgvqE2Wle_NZRhUBTk06KhW3Y,6419
 codeshift/knowledge_base/libraries/flask.yaml,sha256=HETNUj5nrsCMH8sFwN1zPmUXGfcGWo5KhCDY4-hilR0,9401
-codeshift/knowledge_base/libraries/httpx.yaml,sha256=Pgr13Vs3O8jKNu0Ttga9cfaQpYwPkjNHzvCbAvu-itg,6516
+codeshift/knowledge_base/libraries/httpx.yaml,sha256=goeaxr40vYglOIjHtm1M8zmzw8SafJhX77KA6kVAKRI,6520
 codeshift/knowledge_base/libraries/marshmallow.yaml,sha256=1K3VrNGsjka7bfHMOwUrlvBv-j2tgLOg7MDGflWDDZM,8307
 codeshift/knowledge_base/libraries/numpy.yaml,sha256=kpV1BNXTmLE9Lbki6caLHKpRzLYpPDkc-e3NtELtH1Y,13020
 codeshift/knowledge_base/libraries/pandas.yaml,sha256=cgu-dAaXIVyZivRr7swh3Df-GEpVfcxh5-J-6ow_pLc,10366
 codeshift/knowledge_base/libraries/pydantic.yaml,sha256=nTleM2JaabzrcJoMPrIYhPbV93Gl3GZ1uQnQSeHBw_w,8150
-codeshift/knowledge_base/libraries/pytest.yaml,sha256=I9_hz3_nqFxZVFoRJL2x7AP30bQxXHM1T6aU0PyEvQs,6601
+codeshift/knowledge_base/libraries/pytest.yaml,sha256=6mSeeETC4yF4s1J22UIhhhplvYUOIGkDWo5ZSuq4nCw,6602
 codeshift/knowledge_base/libraries/requests.yaml,sha256=8Msjlt8v4mCEmTIdyvlpgtWsCXarpPqXNMPFlFd_Ojc,9035
 codeshift/knowledge_base/libraries/sqlalchemy.yaml,sha256=qEk1Nc2ovgCiBLPLsBrcsWM_KZaJn8MlHotDyZkzX9w,9717
 codeshift/migrator/__init__.py,sha256=V5ATKxw4hV6Ec3g78IeHkP92-VM4l6OzH0gi-lnU09w,467
@@ -49,27 +49,28 @@ codeshift/migrator/transforms/django_transformer.py,sha256=21gHStxJNHRj8x_pVfRB8
 codeshift/migrator/transforms/fastapi_transformer.py,sha256=axFZhCdMo3gAtHPxboSDhx56RasMjREcfaI5aweivfA,7495
 codeshift/migrator/transforms/flask_transformer.py,sha256=VcBlXDlhwgsk_1S2fyi3QsRSOUeE_DohMPjXbp4DY_A,20031
 codeshift/migrator/transforms/httpx_transformer.py,sha256=fxqmnJhWdUHuY0a9uXQZ2MFdF9kdxjm6c3UDgeMiFP0,16952
-codeshift/migrator/transforms/marshmallow_transformer.py,sha256=tLXX7Vko8OJQ9E1oSDooqGU-bjIgaC7-ZsK_aixPhrk,18339
+codeshift/migrator/transforms/marshmallow_transformer.py,sha256=1XLd_KRU3QDs4HAs_L-w0UEqDOTChYhbmf1-3OJfVF4,20827
 codeshift/migrator/transforms/numpy_transformer.py,sha256=y4lJcAiT3UK8ZtZptCoSkli0UGNzhAyfUIf_I1F7WSE,15165
 codeshift/migrator/transforms/pandas_transformer.py,sha256=93WoeY9FOLChAWKr9xTbkQCpOS1kwajzNfWqfrNE-bY,8905
-codeshift/migrator/transforms/pydantic_v1_to_v2.py,sha256=J89WJF_gOeg0FUB0G2X5OCUt31zbCrGmhsBojqDgqX0,26879
+codeshift/migrator/transforms/pydantic_v1_to_v2.py,sha256=Zo-KiQwyShowD2m0X1kiohtvbxpafRIsXxdFmvCm6Pk,35260
 codeshift/migrator/transforms/pytest_transformer.py,sha256=zcNoY0HWONvT2jpAoP01Nk-N-drwVLttTHbOZgb6HlM,13724
 codeshift/migrator/transforms/requests_transformer.py,sha256=r2hqawzdvsjblUHPoYU1tQ-miVqi1EEVsBPLXpzZz_s,12537
 codeshift/migrator/transforms/sqlalchemy_transformer.py,sha256=rgoIk4_iDCuydZhy9svdiNlZPnmI0sQuJB5F3f7LH3Y,34286
 codeshift/scanner/__init__.py,sha256=GFx9yMPZVuxBC8mGOPZoINsCsJgHV4TSjiV4KSF3fPU,300
-codeshift/scanner/code_scanner.py,sha256=YGuHVI1FN0h8cGSARFlF5duFd8WBCJUSVMcqCbsjqEQ,12859
+codeshift/scanner/code_scanner.py,sha256=YBbmUrFn8Qyep4A52iqLcgySMvYQr49GsnmV8kpdxEw,13935
 codeshift/scanner/dependency_parser.py,sha256=Vd-wbgcG2trgLN7wntbNrGwuXvamn3u7B5SGvORdPiY,15372
 codeshift/utils/__init__.py,sha256=8G28m1UBDdEqF_G8GN6qRFWhpjDhiXJmFd9gSgIvkQc,148
-codeshift/utils/api_client.py,sha256=W6Us-eSqk3jl9l29lnEVa0QfuddZiFwA3D6FPmShRQw,8010
+codeshift/utils/api_client.py,sha256=PupRgfFrfXFfAG44s7p32XhtvYUxwmKucPhFKt5-kIE,12641
 codeshift/utils/cache.py,sha256=9vPjU54S48iKy4CDvcjgz0u9eeIx7aUAHCdk3coRF6w,8793
 codeshift/utils/config.py,sha256=8x-rEh4q99K0HvT4ZQHDQAeUT8Tc_HATkZOomBGVyIA,2454
-codeshift/utils/llm_client.py,sha256=WkT3KftJi7rsj8MXH4MVJvznugicb2XpkKqnqRET1eo,6369
+codeshift/utils/credential_store.py,sha256=Yq5UDrYSwEYN5sXsNNoFxX3BG3V2qVMNrY4bNAJHapM,13366
+codeshift/utils/llm_client.py,sha256=NNVBJIl0dbxU9PMOJuSdDCTvRZFNetgJIkmjVSjEM0c,10115
 codeshift/validator/__init__.py,sha256=WRQSfJ7eLJdjR2_f_dXSaBtfawkvu1Dlu20Gh76D12c,280
 codeshift/validator/syntax_checker.py,sha256=FJeLIqhNhV7_Xj2RskHScJZks6A9fybaqv5Z1-MGDfo,5343
 codeshift/validator/test_runner.py,sha256=VX0OqkuI3AJxOUzRW2_BEjdDsMw1N4a0od-pPbSF6O8,6760
-codeshift-0.4.0.dist-info/licenses/LICENSE,sha256=mHKnse9JK19WRK76lYEwKB9nJWyzMzRpG4gkUtbTyac,1066
-codeshift-0.4.0.dist-info/METADATA,sha256=UDI4FyXLTM0c8C03CCOZQ4SSC3_F_kyrNpkrE8ePrac,16746
-codeshift-0.4.0.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-codeshift-0.4.0.dist-info/entry_points.txt,sha256=AlJ8V7a2pNyu-9UiRKUWiTMIJtaYAUnlg53Y-wFHiK0,53
-codeshift-0.4.0.dist-info/top_level.txt,sha256=Ct42mtGs5foZ4MyYSksd5rXP0qFhWSZz8Y8mON0EEds,10
-codeshift-0.4.0.dist-info/RECORD,,
+codeshift-0.5.0.dist-info/licenses/LICENSE,sha256=mHKnse9JK19WRK76lYEwKB9nJWyzMzRpG4gkUtbTyac,1066
+codeshift-0.5.0.dist-info/METADATA,sha256=xzJZhOOKl7VZMhw-2qQBXfVhSAVmGJIcbpWoZFt_xOw,16841
+codeshift-0.5.0.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+codeshift-0.5.0.dist-info/entry_points.txt,sha256=AlJ8V7a2pNyu-9UiRKUWiTMIJtaYAUnlg53Y-wFHiK0,53
+codeshift-0.5.0.dist-info/top_level.txt,sha256=Ct42mtGs5foZ4MyYSksd5rXP0qFhWSZz8Y8mON0EEds,10
+codeshift-0.5.0.dist-info/RECORD,,