codetrust 1.5.0__py3-none-any.whl

codetrust-1.5.0.dist-info/METADATA

@@ -0,0 +1,265 @@
+Metadata-Version: 2.4
+Name: codetrust
+Version: 1.5.0
+Summary: AI code verification platform — MCP server + cloud API that catches hallucinated packages, broken configs, and code anti-patterns
+Project-URL: Homepage, https://github.com/S-Borna/codetrust
+Project-URL: Repository, https://github.com/S-Borna/codetrust
+Project-URL: Documentation, https://github.com/S-Borna/codetrust#readme
+Project-URL: Bug Tracker, https://github.com/S-Borna/codetrust/issues
+Author-email: Said Borna <codetrust@users.noreply.github.com>
+License-Expression: MIT
+License-File: LICENSE
+Keywords: claude-code,code-quality,devops,hallucination,mcp,verification
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Software Development :: Quality Assurance
+Requires-Python: >=3.12
+Requires-Dist: alembic>=1.13.0
+Requires-Dist: asyncpg>=0.29.0
+Requires-Dist: fastapi>=0.115.0
+Requires-Dist: httpx>=0.27.0
+Requires-Dist: mcp[cli]>=1.0.0
+Requires-Dist: psycopg2-binary>=2.9.0
+Requires-Dist: pydantic-settings>=2.0.0
+Requires-Dist: pydantic>=2.0.0
+Requires-Dist: pyjwt>=2.8.0
+Requires-Dist: redis[hiredis]>=5.0.0
+Requires-Dist: sqlalchemy[asyncio]>=2.0.0
+Requires-Dist: stripe>=7.0.0
+Requires-Dist: structlog>=24.0.0
+Requires-Dist: tree-sitter-go>=0.23.0
+Requires-Dist: tree-sitter-javascript>=0.23.0
+Requires-Dist: tree-sitter-python>=0.23.0
+Requires-Dist: tree-sitter-rust>=0.23.0
+Requires-Dist: tree-sitter-typescript>=0.23.0
+Requires-Dist: tree-sitter>=0.23.0
+Requires-Dist: uvicorn[standard]>=0.30.0
+Provides-Extra: dev
+Requires-Dist: aiosqlite>=0.20.0; extra == 'dev'
+Requires-Dist: fakeredis[json]>=2.20.0; extra == 'dev'
+Requires-Dist: httpx[cli]>=0.27.0; extra == 'dev'
+Requires-Dist: pytest-asyncio>=0.24.0; extra == 'dev'
+Requires-Dist: pytest-httpx>=0.30.0; extra == 'dev'
+Requires-Dist: pytest>=8.0.0; extra == 'dev'
+Requires-Dist: ruff>=0.5.0; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# CodeTrust
+
+AI code verification platform — MCP server + cloud API that catches hallucinated packages, broken configs, and code anti-patterns before they hit production.
+
+## What It Does
+
+| Layer | Capability | How |
+|-------|-----------|-----|
+| **Static Analysis** | Detect anti-patterns, secrets, eval/exec, SQL injection, etc. | Regex engine, 35+ rules |
+| **Package Verification** | Verify imports exist in real registries | PyPI, npm, Docker Hub |
+| **Docker Verification** | Verify base images and tags exist | Docker Hub API |
+| **Enterprise Checks** | Validate repo structure | README, LICENSE, tests, etc. |
+| **Deep Scan** | All layers combined in one pass | Orchestrated scan |
+
+## Quick Start
+
+### Install
+
+```bash
+# Clone and install
+git clone https://github.com/yourorg/codetrust.git
+cd codetrust
+pip install -e ".[dev]"
+
+# Or use the setup script
+chmod +x setup.sh && ./setup.sh --all
+```
+
+### Run MCP Server (for Claude Code)
+
+```bash
+python -m src.server
+```
+
+### Run HTTP API
+
+```bash
+# Local (no Redis required — degrades gracefully)
+uvicorn src.api:app --host 0.0.0.0 --port 8000
+
+# With Redis (recommended for caching)
+docker compose up -d
+```
+
+## MCP Configuration for Claude Code
+
+Add to your Claude Code MCP settings (`~/.claude/claude_desktop_config.json`):
+
+```json
+{
+  "mcpServers": {
+    "codetrust": {
+      "command": "python",
+      "args": ["-m", "src.server"],
+      "cwd": "/path/to/codetrust"
+    }
+  }
+}
+```
+
+## MCP Tools
+
+| Tool | Description |
+|------|-------------|
+| `codetrust_static_scan` | Scan code for anti-patterns and security issues |
+| `codetrust_pre_action` | Validate plan before writing code |
+| `codetrust_post_action` | Validate completed work against enterprise standards |
+| `codetrust_list_rules` | List all rules and their severities |
+| `codetrust_verify_imports` | Verify package imports exist in registries |
+| `codetrust_verify_dockerfile` | Verify Docker base images and tags exist |
+| `codetrust_deep_scan` | Run all validation layers in a single pass |
+
+## API Endpoints
+
+All endpoints require `X-API-Key` header when `CODETRUST_API_KEY` is set. In local dev (no key set), auth is skipped.
+
+### `GET /v1/status`
+
+Health check. Returns version and cache status.
+
+```bash
+curl http://localhost:8000/v1/status
+# {"status":"ok","version":"1.0.0","cache_connected":true}
+```
+
+### `POST /v1/scan/static`
+
+Static anti-pattern analysis.
+
+```bash
+curl -X POST http://localhost:8000/v1/scan/static \
+  -H "Content-Type: application/json" \
+  -d '{"code": "import os\neval(input())", "filename": "app.py"}'
+```
+
+### `POST /v1/verify/imports`
+
+Verify package imports exist in registries.
+
+```bash
+curl -X POST http://localhost:8000/v1/verify/imports \
+  -H "Content-Type: application/json" \
+  -d '{"language": "python", "imports": ["fastapi", "nonexistent_xyz"]}'
+```
+
+### `POST /v1/verify/dockerfile`
+
+Verify Docker images and tags.
+
+```bash
+curl -X POST http://localhost:8000/v1/verify/dockerfile \
+  -H "Content-Type: application/json" \
+  -d '{"images": [{"image": "python", "tag": "3.12-slim"}]}'
+```
+
+### `POST /v1/scan/deep`
+
+Full deep scan combining all layers.
+
+```bash
+curl -X POST http://localhost:8000/v1/scan/deep \
+  -H "Content-Type: application/json" \
+  -d '{
+    "code": "import fastapi\nimport nonexistent_xyz",
+    "filename": "app.py",
+    "language": "python",
+    "verify_imports": true,
+    "verify_docker": false
+  }'
+```
+
+## Configuration
+
+All settings via environment variables prefixed with `CODETRUST_`:
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `CODETRUST_HOST` | `0.0.0.0` | API bind host |
+| `CODETRUST_PORT` | `8000` | API bind port |
+| `CODETRUST_DEBUG` | `false` | Enable debug/reload mode |
+| `CODETRUST_API_KEY` | `""` | API key (empty = no auth) |
+| `CODETRUST_REDIS_URL` | `redis://localhost:6379` | Redis connection URL |
+| `CODETRUST_HTTP_TIMEOUT` | `10.0` | HTTP client timeout (seconds) |
+| `CODETRUST_CACHE_TTL_PACKAGE_EXISTS` | `86400` | Cache TTL for package existence |
+| `CODETRUST_CACHE_TTL_DOCKER_TAG` | `86400` | Cache TTL for Docker tags |
+
+See [.env.example](.env.example) for all available options.
+
+## Docker
+
+```bash
+# Build
+docker build -t codetrust .
+
+# Run API server
+docker run -p 8000:8000 codetrust
+
+# Run MCP server
+docker run codetrust python -m src.server
+
+# Full stack with Redis
+docker compose up -d
+```
+
+## Deployment (Railway)
+
+1. Connect your GitHub repo to [Railway](https://railway.app)
+2. Add a Redis service
+3. Set environment variables: `CODETRUST_API_KEY`, `CODETRUST_REDIS_URL`
+4. Deploy — Railway uses the included `railway.toml`
+
+## Development
+
+```bash
+# Install dev dependencies
+pip install -e ".[dev]"
+
+# Run tests
+pytest tests/ -v
+
+# Lint
+ruff check src/ tests/
+
+# Run with pre-commit hooks
+./setup.sh --hooks
+```
+
+## Architecture
+
+```
+┌─────────────────────────────────────┐
+│         Claude Code / Client        │
+└──────────┬──────────────────────────┘
+           │ MCP Protocol
+┌──────────▼──────────────────────────┐
+│       MCP Server (server.py)        │
+│  7 tools: scan, verify, deep_scan   │
+└──────────┬──────────────────────────┘
+           │
+┌──────────▼──────────────────────────┐
+│       FastAPI (api.py)              │
+│  5 endpoints, X-API-Key auth        │
+└──────────┬──────────────────────────┘
+           │
+┌──────────▼──────────────────────────┐
+│          Services Layer             │
+│  StaticAnalyzer │ Registry │ Docker │
+└──────────┬──────────────────────────┘
+           │
+┌──────────▼──────────────────────────┐
+│    Redis Cache (graceful degrade)   │
+└─────────────────────────────────────┘
+```
+
+## License
+
+MIT

codetrust-1.5.0.dist-info/RECORD

@@ -0,0 +1,39 @@
+src/__init__.py,sha256=hOoezw2EDW92bI4Egr94pazUsCBVaqWKH9o14KsRjmg,51
+src/api.py,sha256=rLJCSGqo9Mh7FGz_4odsgs72C7_o2MYftGA_xyyaz9M,37449
+src/cli.py,sha256=ICPg-Nqq3EA4MYebLUc-n52LYtAD7myMqINov1VVZUQ,15635
+src/config.py,sha256=jwxmAJk3roejIwfVZT4pbcITO9VIz3Ar5167WC00l2I,3265
+src/server.py,sha256=OIiIJCf43C53ytqljYRmHoBB4yBB0kiB3WHku5EXr4Q,23985
+src/formatters/__init__.py,sha256=MJ3WkijQqmqW5-u8eBMlrau0Av3ZpM5MSjn0rAbOfM0,52
+src/formatters/sarif.py,sha256=TCuf5u_6paGiZoVGVMbi5G4coNKbvjE1YVa3LEcUDEI,4924
+src/models/__init__.py,sha256=ASuYj68yAkYHjARrzmkEXYbZ0EXr1-LUYYRkWM82prc,58
+src/models/database.py,sha256=I1k4d0YO34_rv8DFM5kicE2eYz-oUInbnDt1K7ZkOgE,4793
+src/models/enums.py,sha256=Qni9PinACvX7W07DOUXw7M2Q0NcoAOUkqvfhhgLdWXA,1481
+src/models/requests.py,sha256=P1TOlOb6BDEm9buipsrfpJHfUntH7JW04SacwuTiIWo,6476
+src/models/responses.py,sha256=12Zy2E5IGPI_Ef5b1YmvTVj9hoUFrw6XYESKXM77U1g,6272
+src/rules/__init__.py,sha256=22_zuPoT89YX4soRkzMzFj0a8lD4e8YRahPaBQRIO8U,58
+src/rules/anti_patterns.py,sha256=hgsEgTWN0As1lLew3CGFH4dYQ1ir_9OWx0TZmWs-zRM,3775
+src/rules/enterprise.py,sha256=0quEeQ8GvXLFAR_bOHcUPk3Tkd-7N_n--McF2myHwCI,721
+src/services/__init__.py,sha256=v_MeSazS_GlaJQ0wxtokQLtIivikisxdHCo6oWKkzfk,31
+src/services/ast_analyzer.py,sha256=Uyi1cUP2Gl3omPB_8XStWkut1xnjBu5Ha1yEIwuu_f0,20397
+src/services/auth.py,sha256=QJwKLyJcKjiMYfza6Uc-pU014nDu2q4InvxXGjXkovU,4291
+src/services/billing.py,sha256=2kR5Q2yPuiQmTjXGFosRFO3Xqyic2qECD9s9Kud-2IM,5265
+src/services/cache.py,sha256=3dK1WulqK-xAtdNqHjAKii80kw2EiXn-So9Zfv4W3pQ,3464
+src/services/database.py,sha256=dAqyIunTZ4C_WNrb2Q5gQMqobVkwyRXVkPxboOlOcWQ,11957
+src/services/docker_verify.py,sha256=p4IHBD12irsAMy_yL0JBtQwlVk8m3A8hzu-BYGx6qcg,7723
+src/services/rate_limiter.py,sha256=yYbbp_eEb8LE6HZjOZu4xy-jPR3QRS-h2B7qIMvGua0,1921
+src/services/registry.py,sha256=dQg5tWIY041AStyrWhS9FzCI-x59aN6g_Wy797LAa2I,26302
+src/services/sandbox.py,sha256=j-qWoGuUe2t2QFVltPbJFzqNNfQxn0Uqj1GQNstyhis,8879
+src/services/static_analyzer.py,sha256=_yk9hQpilICar7Kb2PTXzbf1qEk4GFd71AMSwrS35VM,12272
+src/templates/CLAUDE.md,sha256=UdtKaKR8zFY03ujQmEGcc07Gd4Evws1WHmKwLq3MIAc,1650
+src/templates/__init__.py,sha256=d4bYhY9vUHes1lGXwIq0x-SWFD7kvzMqpfqzLmURR_A,69
+src/templates/codetrust-scan.yml,sha256=Wc1LmkKULrn-ZCq8ALpjjRgrv6tVTdQvLBQv_g3uhK8,864
+src/templates/cursorrules,sha256=TAn--nnO-Qw72-ayO-_jpRcaymqJpCtonmaa3XcMZ4s,329
+src/templates/pre-commit,sha256=NvBbxMhv2GHyl3CNgmD-OES0vwvbPrfscByx0tEA3ps,2141
+src/utils/__init__.py,sha256=lZOrjvEX5t8bpUCtXBbvTTPb4j4kNd3XQi-pgabZ5yU,57
+src/utils/parsers.py,sha256=vUjiMKgULEDE-VbPgSwbRYounp4bBjk25-Xour6kFbA,16986
+src/utils/similarity.py,sha256=U7b5r3NKqn9x3tg1GCK0beM6hLjjUMDam0OHYLO-jxU,13908
+codetrust-1.5.0.dist-info/METADATA,sha256=_Gu2xDFWLCfni0SWSpG1Y0E5uBkevlkAI245CtR5Xmw,8490
+codetrust-1.5.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+codetrust-1.5.0.dist-info/entry_points.txt,sha256=S_2VGPq51l4hOxTgmsJzjLugXJiF07Wm0JfNcGe4qZk,106
+codetrust-1.5.0.dist-info/licenses/LICENSE,sha256=HG04cnVUHVbydCK4eBBRh-4CldmqIZ1k7bRKLUMUPX8,1066
+codetrust-1.5.0.dist-info/RECORD,,

codetrust-1.5.0.dist-info/WHEEL

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.28.0
+Root-Is-Purelib: true
+Tag: py3-none-any

codetrust-1.5.0.dist-info/entry_points.txt

@@ -0,0 +1,4 @@
+[console_scripts]
+codetrust = src.cli:main
+codetrust-api = src.api:run
+codetrust-mcp = src.server:mcp.run

codetrust-1.5.0.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 CodeTrust
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

src/__init__.py

@@ -0,0 +1 @@
+"""CodeTrust — AI code verification platform."""