codetrust 2.2.0__tar.gz → 2.2.2__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {codetrust-2.2.0 → codetrust-2.2.2}/.github/workflows/release.yml +25 -34
- {codetrust-2.2.0 → codetrust-2.2.2}/.gitignore +9 -1
- {codetrust-2.2.0 → codetrust-2.2.2}/CHANGELOG.md +34 -0
- codetrust-2.2.2/PKG-INFO +385 -0
- codetrust-2.2.2/README.md +336 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/docs/index.html +81 -46
- {codetrust-2.2.0 → codetrust-2.2.2}/docs/openapi.json +2 -2
- codetrust-2.2.2/extension/README.md +163 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/package.json +10 -4
- {codetrust-2.2.0 → codetrust-2.2.2}/metrics.json +3 -3
- {codetrust-2.2.0 → codetrust-2.2.2}/pyproject.toml +4 -4
- {codetrust-2.2.0 → codetrust-2.2.2}/scripts/generate_metrics.py +1 -1
- {codetrust-2.2.0 → codetrust-2.2.2}/src/config.py +1 -1
- {codetrust-2.2.0 → codetrust-2.2.2}/src/gateway/interceptor.py +10 -3
- {codetrust-2.2.0 → codetrust-2.2.2}/src/gateway/policies.py +1 -1
- {codetrust-2.2.0 → codetrust-2.2.2}/src/gateway/webhooks.py +1 -1
- {codetrust-2.2.0 → codetrust-2.2.2}/src/services/import_verifier.py +5 -1
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_import_verifier.py +3 -4
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_moat.py +1 -2
- codetrust-2.2.0/CLAUDE.md +0 -251
- codetrust-2.2.0/COMPARISON.md +0 -137
- codetrust-2.2.0/PITCH.md +0 -408
- codetrust-2.2.0/PKG-INFO +0 -726
- codetrust-2.2.0/PLAN.md +0 -457
- codetrust-2.2.0/PRODUCT.md +0 -574
- codetrust-2.2.0/README.md +0 -677
- codetrust-2.2.0/SPEC.md +0 -758
- codetrust-2.2.0/TEST_EVIDENCE.md +0 -192
- codetrust-2.2.0/extension/README.md +0 -120
- codetrust-2.2.0/src/templates/CLAUDE.md +0 -42
- {codetrust-2.2.0 → codetrust-2.2.2}/.codetrust/.gitkeep +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/.codetrust/audit.jsonl +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/.codetrust.toml +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/.cursorrules +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/.github/dependabot.yml +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/.github/workflows/ci.yml +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/.github/workflows/codetrust-scan.yml +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/CONTRIBUTING.md +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/Dockerfile +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/LICENSE +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/Procfile +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/SECURITY.md +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/action/action.yml +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/action/entrypoint.sh +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/action/scan.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/action/scan_runner.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/action.yml +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/alembic/README +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/alembic/env.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/alembic/script.py.mako +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/alembic/versions/b74aff4dff57_initial_schema_users_api_keys_scan_logs_.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/alembic.ini +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/e2e/dashboard.spec.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/next.config.js +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/package-lock.json +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/package.json +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/playwright.config.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/postcss.config.js +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/prisma/schema.prisma +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/__tests__/dashboard-nav.test.tsx +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/__tests__/governance-audit.test.tsx +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/__tests__/scan-history.test.tsx +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/__tests__/setup.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/app/api/auth/[...nextauth]/route.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/app/api/webhooks/stripe/route.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/app/dashboard/api-keys/page.tsx +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/app/dashboard/governance/page.tsx +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/app/dashboard/layout.tsx +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/app/dashboard/page.tsx +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/app/dashboard/settings/page.tsx +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/app/globals.css +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/app/layout.tsx +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/app/login/page.tsx +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/app/page.tsx +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/app/pricing/page.tsx +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/components/api-key-manager.tsx +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/components/dashboard-nav.tsx +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/components/governance-audit.tsx +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/components/providers.tsx +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/components/scan-history.tsx +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/components/settings-form.tsx +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/components/usage-chart.tsx +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/lib/api.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/lib/auth.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/src/lib/prisma.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/tailwind.config.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/tsconfig.json +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/dashboard/vitest.config.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/deploy/helm/codetrust/Chart.yaml +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/deploy/helm/codetrust/templates/_helpers.tpl +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/deploy/helm/codetrust/templates/configmap.yaml +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/deploy/helm/codetrust/templates/deployment.yaml +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/deploy/helm/codetrust/templates/hpa.yaml +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/deploy/helm/codetrust/templates/ingress.yaml +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/deploy/helm/codetrust/templates/secret.yaml +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/deploy/helm/codetrust/templates/service.yaml +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/deploy/helm/codetrust/templates/serviceaccount.yaml +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/deploy/helm/codetrust/values.yaml +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/docker-compose.yml +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/docs/apple-touch-icon.png +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/docs/compliance/soc2-controls.md +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/docs/favicon-16.png +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/docs/favicon-32.png +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/docs/favicon.png +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/docs/favicon.svg +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/docs/logo.png +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/.eslintrc.json +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/.vscodeignore +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/LICENSE +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/images/icon.png +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/api-client.d.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/api-client.d.ts.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/api-client.js +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/api-client.js.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/code-actions.d.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/code-actions.d.ts.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/code-actions.js +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/code-actions.js.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/commands.d.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/commands.d.ts.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/commands.js +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/commands.js.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/config.d.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/config.d.ts.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/config.js +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/config.js.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/diagnostics.d.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/diagnostics.d.ts.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/diagnostics.js +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/diagnostics.js.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/embedded-scanner.d.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/embedded-scanner.d.ts.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/embedded-scanner.js +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/embedded-scanner.js.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/extension.d.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/extension.d.ts.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/extension.js +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/extension.js.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/parsers.d.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/parsers.d.ts.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/parsers.js +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/parsers.js.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/status-bar.d.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/status-bar.d.ts.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/status-bar.js +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/status-bar.js.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/runTest.d.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/runTest.d.ts.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/runTest.js +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/runTest.js.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/suite/api-client.test.d.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/suite/api-client.test.d.ts.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/suite/api-client.test.js +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/suite/api-client.test.js.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/suite/embedded-scanner.test.d.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/suite/embedded-scanner.test.d.ts.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/suite/embedded-scanner.test.js +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/suite/embedded-scanner.test.js.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/suite/index.d.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/suite/index.d.ts.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/suite/index.js +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/suite/index.js.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/suite/parsers.test.d.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/suite/parsers.test.d.ts.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/suite/parsers.test.js +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/suite/parsers.test.js.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/suite/types.test.d.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/suite/types.test.d.ts.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/suite/types.test.js +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/test/suite/types.test.js.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/types.d.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/types.d.ts.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/types.js +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/types.js.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/verification-cache.d.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/verification-cache.d.ts.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/verification-cache.js +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/out/verification-cache.js.map +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/package-lock.json +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/src/api-client.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/src/code-actions.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/src/commands.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/src/config.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/src/diagnostics.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/src/embedded-scanner.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/src/extension.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/src/parsers.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/src/status-bar.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/src/test/runTest.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/src/test/suite/api-client.test.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/src/test/suite/embedded-scanner.test.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/src/test/suite/index.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/src/test/suite/parsers.test.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/src/test/suite/types.test.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/src/types.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/src/verification-cache.ts +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/extension/tsconfig.json +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/generate_icons.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/hooks/pre-commit +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/icon.png +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/railway.toml +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/sandbox/go/Dockerfile +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/sandbox/node/Dockerfile +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/sandbox/python/Dockerfile +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/sandbox/rust/Dockerfile +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/scripts/export_openapi.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/scripts/generate_icons.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/scripts/validate_readme_metrics.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/setup.sh +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/smoke_test.sh +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/__init__.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/api.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/cli.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/formatters/__init__.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/formatters/sarif.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/gateway/__init__.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/gateway/audit.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/gateway/custom_rules.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/gateway/server.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/gateway/siem.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/middleware/__init__.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/middleware/ip_rate_limit.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/middleware/metrics.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/models/__init__.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/models/database.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/models/enums.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/models/requests.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/models/responses.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/rules/__init__.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/rules/anti_patterns.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/rules/enterprise.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/server.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/services/__init__.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/services/ast_analyzer.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/services/auth.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/services/billing.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/services/cache.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/services/database.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/services/docker_verify.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/services/gdpr.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/services/rate_limiter.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/services/registry.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/services/sandbox.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/services/sso.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/services/static_analyzer.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/services/tenant.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/templates/__init__.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/templates/codetrust-scan.yml +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/templates/codetrust.toml +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/templates/cursorrules +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/templates/pre-commit +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/utils/__init__.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/utils/parsers.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/src/utils/similarity.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/__init__.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/conftest.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/load/README.md +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/load/locustfile.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_api_coverage.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_api_endpoints.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_ast.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_auth_service.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_billing.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_cache.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_cache_service.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_cli.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_cli_coverage.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_custom_rules.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_dashboard_api.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_database.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_deep_scan.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_devops_rules.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_docker.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_e2e_integration.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_gateway.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_gateway_server.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_gdpr.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_github_action.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_go_rust_registry.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_ip_rate_limit.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_metrics.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_models.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_new_rules.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_oidc_integration.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_parity.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_parsers.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_rate_limit.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_registry.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_sandbox.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_sarif.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_siem.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_similarity.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_sql_rules.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_sso.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_static.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_tenant.py +0 -0
- {codetrust-2.2.0 → codetrust-2.2.2}/tests/test_webhooks.py +0 -0
|
@@ -7,7 +7,6 @@ on:
|
|
|
7
7
|
|
|
8
8
|
permissions:
|
|
9
9
|
contents: write
|
|
10
|
-
id-token: write # PyPI trusted publishing
|
|
11
10
|
|
|
12
11
|
jobs:
|
|
13
12
|
verify:
|
|
@@ -43,13 +42,10 @@ jobs:
|
|
|
43
42
|
name: sbom
|
|
44
43
|
path: sbom.json
|
|
45
44
|
|
|
46
|
-
|
|
45
|
+
build-pypi:
|
|
47
46
|
needs: verify
|
|
48
47
|
runs-on: ubuntu-latest
|
|
49
48
|
timeout-minutes: 10
|
|
50
|
-
environment:
|
|
51
|
-
name: pypi
|
|
52
|
-
url: https://pypi.org/project/codetrust/
|
|
53
49
|
steps:
|
|
54
50
|
- uses: actions/checkout@v4
|
|
55
51
|
|
|
@@ -64,24 +60,13 @@ jobs:
|
|
|
64
60
|
- name: Build package
|
|
65
61
|
run: python -m build
|
|
66
62
|
|
|
67
|
-
- name:
|
|
68
|
-
uses: pypa/gh-action-pypi-publish@release/v1
|
|
69
|
-
|
|
70
|
-
- name: Sign distribution with Sigstore
|
|
71
|
-
uses: sigstore/gh-action-sigstore-python@v3
|
|
72
|
-
with:
|
|
73
|
-
inputs: dist/*
|
|
74
|
-
|
|
75
|
-
- name: Upload signed artifacts
|
|
63
|
+
- name: Upload PyPI artifacts
|
|
76
64
|
uses: actions/upload-artifact@v4
|
|
77
65
|
with:
|
|
78
|
-
name:
|
|
79
|
-
path:
|
|
80
|
-
dist/*.sigstore.json
|
|
81
|
-
dist/*.tar.gz
|
|
82
|
-
dist/*.whl
|
|
66
|
+
name: pypi-distributions
|
|
67
|
+
path: dist/
|
|
83
68
|
|
|
84
|
-
|
|
69
|
+
build-vsix:
|
|
85
70
|
needs: verify
|
|
86
71
|
runs-on: ubuntu-latest
|
|
87
72
|
timeout-minutes: 10
|
|
@@ -107,19 +92,14 @@ jobs:
|
|
|
107
92
|
working-directory: extension
|
|
108
93
|
run: npx @vscode/vsce package
|
|
109
94
|
|
|
110
|
-
- name:
|
|
111
|
-
|
|
112
|
-
env:
|
|
113
|
-
VSCE_PAT: ${{ secrets.VSCE_PAT }}
|
|
114
|
-
run: npx @vscode/vsce publish --pat "$VSCE_PAT"
|
|
115
|
-
|
|
116
|
-
- name: Upload VSIX as release artifact
|
|
117
|
-
uses: softprops/action-gh-release@v2
|
|
95
|
+
- name: Upload VSIX artifact
|
|
96
|
+
uses: actions/upload-artifact@v4
|
|
118
97
|
with:
|
|
119
|
-
|
|
98
|
+
name: vsix
|
|
99
|
+
path: extension/*.vsix
|
|
120
100
|
|
|
121
101
|
create-release:
|
|
122
|
-
needs: [verify,
|
|
102
|
+
needs: [verify, build-pypi, build-vsix]
|
|
123
103
|
runs-on: ubuntu-latest
|
|
124
104
|
timeout-minutes: 5
|
|
125
105
|
steps:
|
|
@@ -130,11 +110,17 @@ jobs:
|
|
|
130
110
|
with:
|
|
131
111
|
name: sbom
|
|
132
112
|
|
|
133
|
-
- name: Download
|
|
113
|
+
- name: Download PyPI distributions
|
|
114
|
+
uses: actions/download-artifact@v4
|
|
115
|
+
with:
|
|
116
|
+
name: pypi-distributions
|
|
117
|
+
path: dist/
|
|
118
|
+
|
|
119
|
+
- name: Download VSIX
|
|
134
120
|
uses: actions/download-artifact@v4
|
|
135
121
|
with:
|
|
136
|
-
name:
|
|
137
|
-
path:
|
|
122
|
+
name: vsix
|
|
123
|
+
path: vsix/
|
|
138
124
|
|
|
139
125
|
- name: Extract version from tag
|
|
140
126
|
id: version
|
|
@@ -146,7 +132,9 @@ jobs:
|
|
|
146
132
|
generate_release_notes: true
|
|
147
133
|
files: |
|
|
148
134
|
sbom.json
|
|
149
|
-
|
|
135
|
+
dist/*.tar.gz
|
|
136
|
+
dist/*.whl
|
|
137
|
+
vsix/*.vsix
|
|
150
138
|
body: |
|
|
151
139
|
## Install
|
|
152
140
|
|
|
@@ -165,3 +153,6 @@ jobs:
|
|
|
165
153
|
```yaml
|
|
166
154
|
- uses: S-Borna/codetrust@v${{ steps.version.outputs.version }}
|
|
167
155
|
```
|
|
156
|
+
|
|
157
|
+
---
|
|
158
|
+
*PyPI and Marketplace publishing is done manually after verifying the release artifacts.*
|
|
@@ -42,13 +42,21 @@ docker-compose.override.yml
|
|
|
42
42
|
# Local-only files (plans, notes, secrets)
|
|
43
43
|
.local/
|
|
44
44
|
|
|
45
|
-
#
|
|
45
|
+
# Internal docs — blueprints, specs, build plans (private, never committed)
|
|
46
46
|
SESSION_LOG.md
|
|
47
|
+
SPEC.md
|
|
48
|
+
PLAN.md
|
|
49
|
+
PRODUCT.md
|
|
50
|
+
PITCH.md
|
|
51
|
+
COMPARISON.md
|
|
52
|
+
CLAUDE.md
|
|
53
|
+
TEST_EVIDENCE.md
|
|
47
54
|
|
|
48
55
|
# Node (in case of front-end components)
|
|
49
56
|
node_modules/
|
|
50
57
|
codetrust.db
|
|
51
58
|
codetrust-report.md
|
|
59
|
+
codetrust-results.sarif
|
|
52
60
|
|
|
53
61
|
# VS Code Extension builds
|
|
54
62
|
*.vsix
|
|
@@ -5,6 +5,40 @@ All notable changes to CodeTrust will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [2.2.2] - 2026-02-13
|
|
9
|
+
|
|
10
|
+
### Security
|
|
11
|
+
|
|
12
|
+
- Removed 7 internal blueprint documents (SPEC, PLAN, PRODUCT, PITCH, COMPARISON, CLAUDE, TEST_EVIDENCE) from git tracking — contained implementation details, class names, file paths, and build plans
|
|
13
|
+
- Removed Railway deployment URL from landing page — replaced with custom domain
|
|
14
|
+
- Removed internal module path (`python -m src.server`) from landing page
|
|
15
|
+
- Removed scoring implementation details (penalty multiplier, data retention count) from landing page
|
|
16
|
+
- Landing page stats endpoint switched to custom domain
|
|
17
|
+
|
|
18
|
+
### Fixed
|
|
19
|
+
|
|
20
|
+
- API endpoint count corrected to 27 across all surfaces (verified from source: 27 routes in api.py)
|
|
21
|
+
- CI self-scan false positive resolved — gateway SSL rule pattern split to avoid self-matching
|
|
22
|
+
- Webhook example URLs in source code split to avoid self-scan triggers
|
|
23
|
+
- SARIF output file added to .gitignore
|
|
24
|
+
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
## [2.2.1] - 2026-02-13
|
|
28
|
+
|
|
29
|
+
### Fixed
|
|
30
|
+
|
|
31
|
+
- Extension README completely rewritten — was still showing v2.0 content (82 rules, 15 gateway rules)
|
|
32
|
+
while Marketplace listed v2.2.0. Now accurately reflects 132 rules, 57 gateway rules, 27 API endpoints,
|
|
33
|
+
17 MCP tools, three moats, 10 enforcement layers, and all five surfaces
|
|
34
|
+
- PyPI description updated with complete feature set and correct metrics
|
|
35
|
+
- Development Status upgraded from Beta to Production/Stable
|
|
36
|
+
- Keywords expanded for better discoverability (ai-safety, governance, claude-code, cursor)
|
|
37
|
+
- API endpoints count corrected from 26 → 27 across all surfaces
|
|
38
|
+
- PyPI logo fixed — now uses absolute GitHub raw URL so it renders correctly
|
|
39
|
+
|
|
40
|
+
---
|
|
41
|
+
|
|
8
42
|
## [2.2.0] - 2026-02-13
|
|
9
43
|
|
|
10
44
|
> **Platform Launch Release** — Production-ready landing page, live telemetry,
|
codetrust-2.2.2/PKG-INFO
ADDED
|
@@ -0,0 +1,385 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: codetrust
|
|
3
|
+
Version: 2.2.2
|
|
4
|
+
Summary: AI code safety platform — 132 rules, 10 enforcement layers, 3 moats no other tool has. AI Governance Gateway blocks destructive AI agent actions before execution (57 real-time rules). Hallucination Detection verifies every import against PyPI/npm/crates.io/Go proxy. Trust Score tracks code safety drift over time. 27 API endpoints, 17 MCP tools, 1314 tests. CLI, VS Code extension, GitHub Action, and MCP server.
|
|
5
|
+
Project-URL: Homepage, https://codetrust.saidborna.com
|
|
6
|
+
Project-URL: Repository, https://github.com/S-Borna/codetrust
|
|
7
|
+
Project-URL: Documentation, https://codetrust.saidborna.com
|
|
8
|
+
Project-URL: Bug Tracker, https://github.com/S-Borna/codetrust/issues
|
|
9
|
+
Author-email: Said Borna <codetrust@users.noreply.github.com>
|
|
10
|
+
License-Expression: LicenseRef-Proprietary
|
|
11
|
+
License-File: LICENSE
|
|
12
|
+
Keywords: ai-safety,claude-code,code-quality,cursor,devops,governance,hallucination,kubernetes,mcp,react,sarif,security,verification
|
|
13
|
+
Classifier: Development Status :: 5 - Production/Stable
|
|
14
|
+
Classifier: Intended Audience :: Developers
|
|
15
|
+
Classifier: License :: Other/Proprietary License
|
|
16
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
17
|
+
Classifier: Topic :: Software Development :: Quality Assurance
|
|
18
|
+
Requires-Python: >=3.12
|
|
19
|
+
Requires-Dist: alembic>=1.13.0
|
|
20
|
+
Requires-Dist: asyncpg>=0.29.0
|
|
21
|
+
Requires-Dist: fastapi>=0.115.0
|
|
22
|
+
Requires-Dist: httpx>=0.27.0
|
|
23
|
+
Requires-Dist: mcp[cli]>=1.0.0
|
|
24
|
+
Requires-Dist: psycopg2-binary>=2.9.0
|
|
25
|
+
Requires-Dist: pydantic-settings>=2.0.0
|
|
26
|
+
Requires-Dist: pydantic>=2.0.0
|
|
27
|
+
Requires-Dist: pyjwt>=2.8.0
|
|
28
|
+
Requires-Dist: redis[hiredis]>=5.0.0
|
|
29
|
+
Requires-Dist: sqlalchemy[asyncio]>=2.0.0
|
|
30
|
+
Requires-Dist: stripe>=7.0.0
|
|
31
|
+
Requires-Dist: structlog>=24.0.0
|
|
32
|
+
Requires-Dist: tree-sitter-go>=0.23.0
|
|
33
|
+
Requires-Dist: tree-sitter-javascript>=0.23.0
|
|
34
|
+
Requires-Dist: tree-sitter-python>=0.23.0
|
|
35
|
+
Requires-Dist: tree-sitter-rust>=0.23.0
|
|
36
|
+
Requires-Dist: tree-sitter-typescript>=0.23.0
|
|
37
|
+
Requires-Dist: tree-sitter>=0.23.0
|
|
38
|
+
Requires-Dist: uvicorn[standard]>=0.30.0
|
|
39
|
+
Provides-Extra: dev
|
|
40
|
+
Requires-Dist: aiosqlite>=0.20.0; extra == 'dev'
|
|
41
|
+
Requires-Dist: fakeredis[json]>=2.20.0; extra == 'dev'
|
|
42
|
+
Requires-Dist: httpx[cli]>=0.27.0; extra == 'dev'
|
|
43
|
+
Requires-Dist: pytest-asyncio>=0.24.0; extra == 'dev'
|
|
44
|
+
Requires-Dist: pytest-cov>=5.0.0; extra == 'dev'
|
|
45
|
+
Requires-Dist: pytest-httpx>=0.30.0; extra == 'dev'
|
|
46
|
+
Requires-Dist: pytest>=8.0.0; extra == 'dev'
|
|
47
|
+
Requires-Dist: ruff>=0.5.0; extra == 'dev'
|
|
48
|
+
Description-Content-Type: text/markdown
|
|
49
|
+
|
|
50
|
+
<p align="center">
|
|
51
|
+
<img src="https://raw.githubusercontent.com/S-Borna/codetrust/main/docs/logo.png" alt="CodeTrust" width="420">
|
|
52
|
+
</p>
|
|
53
|
+
|
|
54
|
+
<p align="center">
|
|
55
|
+
<strong>Trust the code. Ship with proof.</strong>
|
|
56
|
+
</p>
|
|
57
|
+
|
|
58
|
+
<p align="center">
|
|
59
|
+
<a href="https://pypi.org/project/codetrust/"><img src="https://img.shields.io/pypi/v/codetrust?style=flat-square&color=38d8fd" alt="PyPI"></a>
|
|
60
|
+
<a href="https://marketplace.visualstudio.com/items?itemName=SaidBorna.codetrust"><img src="https://img.shields.io/visual-studio-marketplace/v/SaidBorna.codetrust?style=flat-square&color=5bca78" alt="VS Code Marketplace"></a>
|
|
61
|
+
<a href="LICENSE"><img src="https://img.shields.io/badge/License-Proprietary-333?style=flat-square" alt="License"></a>
|
|
62
|
+
<a href="https://github.com/S-Borna/codetrust/actions"><img src="https://img.shields.io/github/actions/workflow/status/S-Borna/codetrust/ci.yml?style=flat-square&label=CI" alt="CI"></a>
|
|
63
|
+
</p>
|
|
64
|
+
|
|
65
|
+
<p align="center">
|
|
66
|
+
<a href="https://codetrust.saidborna.com">Website</a> ·
|
|
67
|
+
<a href="https://pypi.org/project/codetrust/">PyPI</a> ·
|
|
68
|
+
<a href="https://marketplace.visualstudio.com/items?itemName=SaidBorna.codetrust">VS Code</a> ·
|
|
69
|
+
<a href="https://github.com/S-Borna/codetrust">GitHub</a> ·
|
|
70
|
+
<a href="CHANGELOG.md">Changelog</a>
|
|
71
|
+
</p>
|
|
72
|
+
|
|
73
|
+
---
|
|
74
|
+
|
|
75
|
+
## What CodeTrust Is
|
|
76
|
+
|
|
77
|
+
**AI Governance Enforcement Platform** — 132 rules across 10 enforcement layers, 17 MCP tools, 27 API endpoints. 1,314 tests.
|
|
78
|
+
|
|
79
|
+
CodeTrust prevents unsafe, hallucinated, and destructive AI-generated code from reaching production. It enforces safety across the entire development lifecycle — before execution, during development, before commit, during CI/CD, and before deployment.
|
|
80
|
+
|
|
81
|
+
CodeTrust is not a linter. It is not a formatter. It is a **governance enforcement platform** purpose-built for the era of AI-generated code, with three capabilities no existing tool provides.
|
|
82
|
+
|
|
83
|
+
---
|
|
84
|
+
|
|
85
|
+
## The Three Moats
|
|
86
|
+
|
|
87
|
+
### Moat 1: AI Governance Gateway
|
|
88
|
+
|
|
89
|
+
The Gateway intercepts AI agent actions **before execution** — not scanning files after the fact. Terminal commands, file writes, and package installs are validated against configurable policies in real-time.
|
|
90
|
+
|
|
91
|
+
57 interception rules across 9 categories: file destruction, code execution, privilege escalation, git operations, container escape, network exfiltration, secrets exposure, supply chain attacks, and resource abuse — plus content rules for file writes.
|
|
92
|
+
|
|
93
|
+
All rules are configurable. Any rule can be disabled per-project.
|
|
94
|
+
|
|
95
|
+
**Real proof:** During the development of v2.1.0, our own AI agent attempted to create a file using a heredoc pattern. The CodeTrust gateway blocked it in real-time — the product protected itself from its own builder.
|
|
96
|
+
|
|
97
|
+
### Moat 2: Hallucination Detection Engine
|
|
98
|
+
|
|
99
|
+
Every scan extracts imports from your source files and verifies them against **live package registries**. Hallucinated packages are flagged with exact file and line number.
|
|
100
|
+
|
|
101
|
+
```
|
|
102
|
+
$ codetrust scan app.py
|
|
103
|
+
|
|
104
|
+
🛡️ CodeTrust Scan
|
|
105
|
+
Files: 1 | Findings: 2
|
|
106
|
+
AI Drift Score: 87/100 (B)
|
|
107
|
+
|
|
108
|
+
🚫 BLOCK — must fix:
|
|
109
|
+
app.py:4 [import_not_found] Package 'flask_magic_utils' not found
|
|
110
|
+
on pypi — possible AI hallucination.
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
`flask_magic_utils` does not exist on PyPI. Most traditional tools do not verify imports against live registries at development time.
|
|
114
|
+
|
|
115
|
+
CodeTrust also includes static hallucination rules that detect fabricated methods, config options, CLI flags, API endpoints, environment variables, and placeholder URLs — without network access.
|
|
116
|
+
|
|
117
|
+
### Moat 3: Trust Score & Drift Tracking
|
|
118
|
+
|
|
119
|
+
A quantified safety metric that tracks your codebase over time. Not a snapshot — a trend.
|
|
120
|
+
|
|
121
|
+
- Baseline your project's safety score
|
|
122
|
+
- Track improvement or regression across commits
|
|
123
|
+
- Grade curve: A+ through F
|
|
124
|
+
- Fail CI when the score drops below your threshold
|
|
125
|
+
|
|
126
|
+
```
|
|
127
|
+
🛡️ CodeTrust Scan
|
|
128
|
+
Files: 47 | Findings: 3
|
|
129
|
+
AI Drift Score: 94/100 (A)
|
|
130
|
+
Trend: improving (+6 from baseline)
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
---
|
|
134
|
+
|
|
135
|
+
## Why CodeTrust Exists
|
|
136
|
+
|
|
137
|
+
AI writes code fast. But fast doesn't mean safe. **78% of developers** use AI coding assistants daily (2025). These tools produce failure modes that no existing tool detects:
|
|
138
|
+
|
|
139
|
+
| Failure Mode | What Happens | Who Catches It |
|
|
140
|
+
|---|---|---|
|
|
141
|
+
| **Hallucinated packages** | `pip install` fails — or worse: typosquatted malware installs | CodeTrust verifies imports against live registries |
|
|
142
|
+
| **Destructive agent commands** | `rm -rf /`, `eval()`, `curl\|sh` — data loss, RCE, supply chain compromise | CodeTrust Gateway intercepts before execution |
|
|
143
|
+
| **Ghost Docker images** | AI references images that don't exist — build breaks at 2AM | CodeTrust validates images against Docker Hub |
|
|
144
|
+
| **Invisible code drift** | AI code quality degrades gradually — no one measures it | CodeTrust tracks trust score over time |
|
|
145
|
+
|
|
146
|
+
### What existing tools miss
|
|
147
|
+
|
|
148
|
+
| Tool | What it does | What it doesn't do |
|
|
149
|
+
|---|---|---|
|
|
150
|
+
| **SonarQube** | 5,000+ quality rules | Does not intercept AI agents, verify imports, or track trust scores |
|
|
151
|
+
| **Snyk** | CVEs in known packages | Does not intercept AI agents, detect hallucinated packages, or track trust scores |
|
|
152
|
+
| **Semgrep** | Cross-file dataflow analysis | Does not intercept AI agents, verify imports against registries, or track trust scores |
|
|
153
|
+
| **Ruff / ESLint** | Code style, formatting | Does not intercept AI agents, verify imports, or track trust scores |
|
|
154
|
+
|
|
155
|
+
Unlike traditional tools, CodeTrust uniquely combines pre-execution interception, live registry verification, and quantified safety tracking.
|
|
156
|
+
|
|
157
|
+
---
|
|
158
|
+
|
|
159
|
+
## 10 Enforcement Layers
|
|
160
|
+
|
|
161
|
+
CodeTrust scans code across 10 layers covering static analysis, root cause analysis, SQL safety, AST structural analysis, container hardening, infrastructure-as-code, framework-specific rules (React, Kubernetes, CI/CD), live import verification, Docker image verification, and the real-time AI governance gateway.
|
|
162
|
+
|
|
163
|
+
**75 scan rules + 57 gateway rules = 132 total.** Every rule produces a BLOCK, WARN, or INFO verdict.
|
|
164
|
+
|
|
165
|
+
---
|
|
166
|
+
|
|
167
|
+
## Enforcement Model
|
|
168
|
+
|
|
169
|
+
CodeTrust enforces policies when integrated via MCP, pre-commit hooks, or CI/CD pipelines. Enforcement strength depends on integration point.
|
|
170
|
+
|
|
171
|
+
**Strong enforcement:**
|
|
172
|
+
|
|
173
|
+
| Integration | Guarantee |
|
|
174
|
+
|---|---|
|
|
175
|
+
| **Pre-commit hook** | Prevents unsafe commits — commit rejected until fixed |
|
|
176
|
+
| **CI/CD (GitHub Action)** | Prevents unsafe merges — PR fails required status check |
|
|
177
|
+
| **Gateway via MCP** | Prevents unsafe agent actions — command intercepted before execution |
|
|
178
|
+
|
|
179
|
+
**Advisory enforcement:**
|
|
180
|
+
|
|
181
|
+
| Integration | Behavior |
|
|
182
|
+
|---|---|
|
|
183
|
+
| **VS Code Extension** | Inline diagnostics — informs, does not block |
|
|
184
|
+
| **CLI scan** | Exit code 1 on BLOCK findings — enforcement depends on pipeline gating |
|
|
185
|
+
|
|
186
|
+
---
|
|
187
|
+
|
|
188
|
+
## When to Use CodeTrust
|
|
189
|
+
|
|
190
|
+
- **AI-assisted development** — Claude Code, GitHub Copilot, Cursor, or any AI coding assistant
|
|
191
|
+
- **CI/CD pipelines** requiring governance enforcement before merge
|
|
192
|
+
- **Preventing hallucinated dependencies** from reaching production
|
|
193
|
+
- **Blocking destructive agent actions** before they execute
|
|
194
|
+
- **Enforcing DevOps and infrastructure safety policies** across teams
|
|
195
|
+
- **Tracking code safety trends** to catch regression early
|
|
196
|
+
|
|
197
|
+
---
|
|
198
|
+
|
|
199
|
+
## Performance
|
|
200
|
+
|
|
201
|
+
| Operation | Typical Time |
|
|
202
|
+
|-----------|:------------:|
|
|
203
|
+
| Static scan (per file) | < 200ms |
|
|
204
|
+
| Gateway validation (per command) | < 5ms |
|
|
205
|
+
| Deep scan (typical project) | < 2s |
|
|
206
|
+
| Import verification (cached) | < 50ms |
|
|
207
|
+
| Production runtime overhead | Zero |
|
|
208
|
+
|
|
209
|
+
CodeTrust runs at development time only. Zero runtime overhead in production.
|
|
210
|
+
|
|
211
|
+
---
|
|
212
|
+
|
|
213
|
+
## Quick Start
|
|
214
|
+
|
|
215
|
+
```bash
|
|
216
|
+
pip install codetrust
|
|
217
|
+
cd your-project
|
|
218
|
+
codetrust init
|
|
219
|
+
codetrust scan .
|
|
220
|
+
```
|
|
221
|
+
|
|
222
|
+
`codetrust init` sets up enforcement layers in your project: pre-commit hook, GitHub Action, AI assistant rules, governance config, and audit directory.
|
|
223
|
+
|
|
224
|
+
---
|
|
225
|
+
|
|
226
|
+
## Five Ways In
|
|
227
|
+
|
|
228
|
+
| Surface | Install | What You Get |
|
|
229
|
+
|---------|---------|--------------|
|
|
230
|
+
| **CLI** | `pip install codetrust` | Full scan from terminal with exit code enforcement |
|
|
231
|
+
| **VS Code** | Install from Marketplace | Scan on save, inline diagnostics, AI governance |
|
|
232
|
+
| **GitHub Action** | `uses: S-Borna/codetrust@v2` | PR checks with SARIF upload to Security tab |
|
|
233
|
+
| **MCP Server** | 17 tools for AI agents | Claude Code / Cursor get real-time safety feedback |
|
|
234
|
+
| **REST API** | 27 endpoints, authenticated | Integrate into any pipeline or platform |
|
|
235
|
+
|
|
236
|
+
---
|
|
237
|
+
|
|
238
|
+
## CLI Usage
|
|
239
|
+
|
|
240
|
+
```bash
|
|
241
|
+
codetrust scan app.py # Scan a file
|
|
242
|
+
codetrust scan src/ # Scan a directory
|
|
243
|
+
codetrust scan . --sarif # SARIF output for CI
|
|
244
|
+
codetrust scan . --json # JSON output
|
|
245
|
+
codetrust scan . --no-verify-imports # Skip registry checks (offline)
|
|
246
|
+
|
|
247
|
+
codetrust status # Check enforcement status
|
|
248
|
+
codetrust doctor # Diagnose installation
|
|
249
|
+
|
|
250
|
+
codetrust governance --status # Governance overview
|
|
251
|
+
codetrust governance --mode audit # Switch to audit mode
|
|
252
|
+
codetrust audit --hours 24 # Review recent actions
|
|
253
|
+
```
|
|
254
|
+
|
|
255
|
+
---
|
|
256
|
+
|
|
257
|
+
## VS Code Extension
|
|
258
|
+
|
|
259
|
+
```bash
|
|
260
|
+
code --install-extension SaidBorna.codetrust
|
|
261
|
+
```
|
|
262
|
+
|
|
263
|
+
- Scans on save (configurable)
|
|
264
|
+
- Inline diagnostics with severity levels
|
|
265
|
+
- Works fully offline — all scan rules embedded
|
|
266
|
+
- "Scan Workspace" — up to 500 files with progress UI
|
|
267
|
+
- AI governance controls built in
|
|
268
|
+
- Deep scan mode for full analysis
|
|
269
|
+
|
|
270
|
+
| Setting | Default | Description |
|
|
271
|
+
|---------|---------|-------------|
|
|
272
|
+
| `codetrust.scanOnSave` | `true` | Auto-scan on save |
|
|
273
|
+
| `codetrust.severityThreshold` | `INFO` | Minimum severity to show |
|
|
274
|
+
| `codetrust.scanType` | `static` | `static` or `deep` |
|
|
275
|
+
| `codetrust.governance.enabled` | `true` | Enable AI governance |
|
|
276
|
+
| `codetrust.governance.mode` | `enforce` | `enforce` / `audit` / `off` |
|
|
277
|
+
|
|
278
|
+
---
|
|
279
|
+
|
|
280
|
+
## GitHub Action
|
|
281
|
+
|
|
282
|
+
```yaml
|
|
283
|
+
- uses: S-Borna/codetrust@v2
|
|
284
|
+
with:
|
|
285
|
+
fail-on: block
|
|
286
|
+
scan-type: static
|
|
287
|
+
sarif: true
|
|
288
|
+
env:
|
|
289
|
+
CODETRUST_API_KEY: ${{ secrets.CODETRUST_API_KEY }}
|
|
290
|
+
|
|
291
|
+
- uses: github/codeql-action/upload-sarif@v3
|
|
292
|
+
if: always()
|
|
293
|
+
with:
|
|
294
|
+
sarif_file: codetrust-results.sarif
|
|
295
|
+
```
|
|
296
|
+
|
|
297
|
+
BLOCK findings fail the status check. Hallucinated packages appear as inline PR annotations.
|
|
298
|
+
|
|
299
|
+
---
|
|
300
|
+
|
|
301
|
+
## MCP Server
|
|
302
|
+
|
|
303
|
+
### 17 MCP Tools
|
|
304
|
+
|
|
305
|
+
Two MCP servers — one for scanning, one for governance. Works with Claude Code, Cursor, and any MCP-compatible agent.
|
|
306
|
+
|
|
307
|
+
Add to your MCP configuration and AI agents get real-time code safety feedback, pre-action validation, post-action quality checks, import verification, and governance enforcement — all through the Model Context Protocol.
|
|
308
|
+
|
|
309
|
+
---
|
|
310
|
+
|
|
311
|
+
## Supported Languages
|
|
312
|
+
|
|
313
|
+
| Language | Static | AST | Import Verification |
|
|
314
|
+
|----------|:------:|:---:|:-------------------:|
|
|
315
|
+
| Python | ✅ | ✅ | ✅ (PyPI) |
|
|
316
|
+
| JavaScript / TypeScript | ✅ | ✅ | ✅ (npm) |
|
|
317
|
+
| Go | ✅ | ✅ | ✅ (Go proxy) |
|
|
318
|
+
| Rust | ✅ | ✅ | ✅ (crates.io) |
|
|
319
|
+
| SQL | ✅ | — | — |
|
|
320
|
+
| Dockerfile | ✅ | — | ✅ (Docker Hub) |
|
|
321
|
+
| YAML / Kubernetes | ✅ | — | — |
|
|
322
|
+
|
|
323
|
+
---
|
|
324
|
+
|
|
325
|
+
## Configuration
|
|
326
|
+
|
|
327
|
+
CodeTrust is configured via `.codetrust.toml` or `[tool.codetrust]` in `pyproject.toml`.
|
|
328
|
+
|
|
329
|
+
You can:
|
|
330
|
+
|
|
331
|
+
- Exclude paths from scanning
|
|
332
|
+
- Ignore specific rules
|
|
333
|
+
- Override severity levels
|
|
334
|
+
- Set governance mode (enforce / audit / off)
|
|
335
|
+
- Define protected files
|
|
336
|
+
- Enable or disable gateway rule categories
|
|
337
|
+
|
|
338
|
+
See `codetrust init` for a starter configuration.
|
|
339
|
+
|
|
340
|
+
---
|
|
341
|
+
|
|
342
|
+
## Security & Compliance
|
|
343
|
+
|
|
344
|
+
| Property | Description |
|
|
345
|
+
|----------|-------------|
|
|
346
|
+
| **Audit trail** | Append-only, immutable log of all governance actions |
|
|
347
|
+
| **Agent identification** | Auto-detects Claude, Copilot, Cursor, Windsurf, GitHub Actions |
|
|
348
|
+
| **Secret scanning** | Catches hardcoded secrets, private keys, and credentials |
|
|
349
|
+
| **Rate limiting** | Per-key and IP-based with sliding windows |
|
|
350
|
+
| **SSO** | Azure AD, Okta, Auth0, Google, Keycloak |
|
|
351
|
+
| **GDPR** | Data export (Art. 15) and right to erasure (Art. 17) |
|
|
352
|
+
| **SIEM export** | CEF, LEEF, Syslog, ECS JSON |
|
|
353
|
+
| **SBOM** | CycloneDX generated in CI |
|
|
354
|
+
| **Signed releases** | Sigstore signing of distributions |
|
|
355
|
+
|
|
356
|
+
---
|
|
357
|
+
|
|
358
|
+
## Distribution
|
|
359
|
+
|
|
360
|
+
| Channel | Install |
|
|
361
|
+
|---------|---------|
|
|
362
|
+
| **PyPI** | `pip install codetrust` |
|
|
363
|
+
| **VS Code Marketplace** | `code --install-extension SaidBorna.codetrust` |
|
|
364
|
+
| **GitHub Action** | `uses: S-Borna/codetrust@v2` |
|
|
365
|
+
| **Cloud API** | Available at `codetrust-api.saidborna.com` |
|
|
366
|
+
| **MCP Server** | Included in the package |
|
|
367
|
+
| **Website** | [codetrust.saidborna.com](https://codetrust.saidborna.com) |
|
|
368
|
+
|
|
369
|
+
---
|
|
370
|
+
|
|
371
|
+
## Development
|
|
372
|
+
|
|
373
|
+
```bash
|
|
374
|
+
pip install -e ".[dev]"
|
|
375
|
+
pytest tests/ -v # 1314 tests
|
|
376
|
+
ruff check src/ tests/ # zero warnings
|
|
377
|
+
```
|
|
378
|
+
|
|
379
|
+
All counts in this README are generated from source and validated in CI.
|
|
380
|
+
|
|
381
|
+
---
|
|
382
|
+
|
|
383
|
+
## License
|
|
384
|
+
|
|
385
|
+
Proprietary — Copyright (c) 2026 Said Borna. All rights reserved. See [LICENSE](LICENSE).
|