codetrust 2.2.1__tar.gz → 2.2.2__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (297) hide show
  1. {codetrust-2.2.1 → codetrust-2.2.2}/.github/workflows/release.yml +25 -34
  2. {codetrust-2.2.1 → codetrust-2.2.2}/.gitignore +9 -1
  3. {codetrust-2.2.1 → codetrust-2.2.2}/CHANGELOG.md +19 -0
  4. codetrust-2.2.2/PKG-INFO +385 -0
  5. codetrust-2.2.2/README.md +336 -0
  6. {codetrust-2.2.1 → codetrust-2.2.2}/docs/index.html +10 -10
  7. {codetrust-2.2.1 → codetrust-2.2.2}/docs/openapi.json +2 -2
  8. codetrust-2.2.2/extension/README.md +163 -0
  9. {codetrust-2.2.1 → codetrust-2.2.2}/extension/package.json +1 -1
  10. {codetrust-2.2.1 → codetrust-2.2.2}/metrics.json +2 -2
  11. {codetrust-2.2.1 → codetrust-2.2.2}/pyproject.toml +1 -1
  12. {codetrust-2.2.1 → codetrust-2.2.2}/src/config.py +1 -1
  13. {codetrust-2.2.1 → codetrust-2.2.2}/src/gateway/interceptor.py +8 -1
  14. {codetrust-2.2.1 → codetrust-2.2.2}/src/gateway/policies.py +1 -1
  15. {codetrust-2.2.1 → codetrust-2.2.2}/src/gateway/webhooks.py +1 -1
  16. codetrust-2.2.1/CLAUDE.md +0 -251
  17. codetrust-2.2.1/COMPARISON.md +0 -137
  18. codetrust-2.2.1/PITCH.md +0 -408
  19. codetrust-2.2.1/PKG-INFO +0 -726
  20. codetrust-2.2.1/PLAN.md +0 -457
  21. codetrust-2.2.1/PRODUCT.md +0 -574
  22. codetrust-2.2.1/README.md +0 -677
  23. codetrust-2.2.1/SPEC.md +0 -758
  24. codetrust-2.2.1/TEST_EVIDENCE.md +0 -192
  25. codetrust-2.2.1/extension/README.md +0 -185
  26. codetrust-2.2.1/src/templates/CLAUDE.md +0 -42
  27. {codetrust-2.2.1 → codetrust-2.2.2}/.codetrust/.gitkeep +0 -0
  28. {codetrust-2.2.1 → codetrust-2.2.2}/.codetrust/audit.jsonl +0 -0
  29. {codetrust-2.2.1 → codetrust-2.2.2}/.codetrust.toml +0 -0
  30. {codetrust-2.2.1 → codetrust-2.2.2}/.cursorrules +0 -0
  31. {codetrust-2.2.1 → codetrust-2.2.2}/.github/dependabot.yml +0 -0
  32. {codetrust-2.2.1 → codetrust-2.2.2}/.github/workflows/ci.yml +0 -0
  33. {codetrust-2.2.1 → codetrust-2.2.2}/.github/workflows/codetrust-scan.yml +0 -0
  34. {codetrust-2.2.1 → codetrust-2.2.2}/CONTRIBUTING.md +0 -0
  35. {codetrust-2.2.1 → codetrust-2.2.2}/Dockerfile +0 -0
  36. {codetrust-2.2.1 → codetrust-2.2.2}/LICENSE +0 -0
  37. {codetrust-2.2.1 → codetrust-2.2.2}/Procfile +0 -0
  38. {codetrust-2.2.1 → codetrust-2.2.2}/SECURITY.md +0 -0
  39. {codetrust-2.2.1 → codetrust-2.2.2}/action/action.yml +0 -0
  40. {codetrust-2.2.1 → codetrust-2.2.2}/action/entrypoint.sh +0 -0
  41. {codetrust-2.2.1 → codetrust-2.2.2}/action/scan.py +0 -0
  42. {codetrust-2.2.1 → codetrust-2.2.2}/action/scan_runner.py +0 -0
  43. {codetrust-2.2.1 → codetrust-2.2.2}/action.yml +0 -0
  44. {codetrust-2.2.1 → codetrust-2.2.2}/alembic/README +0 -0
  45. {codetrust-2.2.1 → codetrust-2.2.2}/alembic/env.py +0 -0
  46. {codetrust-2.2.1 → codetrust-2.2.2}/alembic/script.py.mako +0 -0
  47. {codetrust-2.2.1 → codetrust-2.2.2}/alembic/versions/b74aff4dff57_initial_schema_users_api_keys_scan_logs_.py +0 -0
  48. {codetrust-2.2.1 → codetrust-2.2.2}/alembic.ini +0 -0
  49. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/e2e/dashboard.spec.ts +0 -0
  50. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/next.config.js +0 -0
  51. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/package-lock.json +0 -0
  52. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/package.json +0 -0
  53. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/playwright.config.ts +0 -0
  54. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/postcss.config.js +0 -0
  55. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/prisma/schema.prisma +0 -0
  56. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/__tests__/dashboard-nav.test.tsx +0 -0
  57. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/__tests__/governance-audit.test.tsx +0 -0
  58. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/__tests__/scan-history.test.tsx +0 -0
  59. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/__tests__/setup.ts +0 -0
  60. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/app/api/auth/[...nextauth]/route.ts +0 -0
  61. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/app/api/webhooks/stripe/route.ts +0 -0
  62. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/app/dashboard/api-keys/page.tsx +0 -0
  63. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/app/dashboard/governance/page.tsx +0 -0
  64. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/app/dashboard/layout.tsx +0 -0
  65. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/app/dashboard/page.tsx +0 -0
  66. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/app/dashboard/settings/page.tsx +0 -0
  67. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/app/globals.css +0 -0
  68. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/app/layout.tsx +0 -0
  69. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/app/login/page.tsx +0 -0
  70. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/app/page.tsx +0 -0
  71. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/app/pricing/page.tsx +0 -0
  72. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/components/api-key-manager.tsx +0 -0
  73. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/components/dashboard-nav.tsx +0 -0
  74. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/components/governance-audit.tsx +0 -0
  75. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/components/providers.tsx +0 -0
  76. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/components/scan-history.tsx +0 -0
  77. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/components/settings-form.tsx +0 -0
  78. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/components/usage-chart.tsx +0 -0
  79. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/lib/api.ts +0 -0
  80. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/lib/auth.ts +0 -0
  81. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/src/lib/prisma.ts +0 -0
  82. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/tailwind.config.ts +0 -0
  83. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/tsconfig.json +0 -0
  84. {codetrust-2.2.1 → codetrust-2.2.2}/dashboard/vitest.config.ts +0 -0
  85. {codetrust-2.2.1 → codetrust-2.2.2}/deploy/helm/codetrust/Chart.yaml +0 -0
  86. {codetrust-2.2.1 → codetrust-2.2.2}/deploy/helm/codetrust/templates/_helpers.tpl +0 -0
  87. {codetrust-2.2.1 → codetrust-2.2.2}/deploy/helm/codetrust/templates/configmap.yaml +0 -0
  88. {codetrust-2.2.1 → codetrust-2.2.2}/deploy/helm/codetrust/templates/deployment.yaml +0 -0
  89. {codetrust-2.2.1 → codetrust-2.2.2}/deploy/helm/codetrust/templates/hpa.yaml +0 -0
  90. {codetrust-2.2.1 → codetrust-2.2.2}/deploy/helm/codetrust/templates/ingress.yaml +0 -0
  91. {codetrust-2.2.1 → codetrust-2.2.2}/deploy/helm/codetrust/templates/secret.yaml +0 -0
  92. {codetrust-2.2.1 → codetrust-2.2.2}/deploy/helm/codetrust/templates/service.yaml +0 -0
  93. {codetrust-2.2.1 → codetrust-2.2.2}/deploy/helm/codetrust/templates/serviceaccount.yaml +0 -0
  94. {codetrust-2.2.1 → codetrust-2.2.2}/deploy/helm/codetrust/values.yaml +0 -0
  95. {codetrust-2.2.1 → codetrust-2.2.2}/docker-compose.yml +0 -0
  96. {codetrust-2.2.1 → codetrust-2.2.2}/docs/apple-touch-icon.png +0 -0
  97. {codetrust-2.2.1 → codetrust-2.2.2}/docs/compliance/soc2-controls.md +0 -0
  98. {codetrust-2.2.1 → codetrust-2.2.2}/docs/favicon-16.png +0 -0
  99. {codetrust-2.2.1 → codetrust-2.2.2}/docs/favicon-32.png +0 -0
  100. {codetrust-2.2.1 → codetrust-2.2.2}/docs/favicon.png +0 -0
  101. {codetrust-2.2.1 → codetrust-2.2.2}/docs/favicon.svg +0 -0
  102. {codetrust-2.2.1 → codetrust-2.2.2}/docs/logo.png +0 -0
  103. {codetrust-2.2.1 → codetrust-2.2.2}/extension/.eslintrc.json +0 -0
  104. {codetrust-2.2.1 → codetrust-2.2.2}/extension/.vscodeignore +0 -0
  105. {codetrust-2.2.1 → codetrust-2.2.2}/extension/LICENSE +0 -0
  106. {codetrust-2.2.1 → codetrust-2.2.2}/extension/images/icon.png +0 -0
  107. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/api-client.d.ts +0 -0
  108. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/api-client.d.ts.map +0 -0
  109. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/api-client.js +0 -0
  110. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/api-client.js.map +0 -0
  111. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/code-actions.d.ts +0 -0
  112. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/code-actions.d.ts.map +0 -0
  113. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/code-actions.js +0 -0
  114. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/code-actions.js.map +0 -0
  115. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/commands.d.ts +0 -0
  116. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/commands.d.ts.map +0 -0
  117. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/commands.js +0 -0
  118. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/commands.js.map +0 -0
  119. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/config.d.ts +0 -0
  120. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/config.d.ts.map +0 -0
  121. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/config.js +0 -0
  122. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/config.js.map +0 -0
  123. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/diagnostics.d.ts +0 -0
  124. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/diagnostics.d.ts.map +0 -0
  125. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/diagnostics.js +0 -0
  126. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/diagnostics.js.map +0 -0
  127. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/embedded-scanner.d.ts +0 -0
  128. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/embedded-scanner.d.ts.map +0 -0
  129. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/embedded-scanner.js +0 -0
  130. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/embedded-scanner.js.map +0 -0
  131. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/extension.d.ts +0 -0
  132. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/extension.d.ts.map +0 -0
  133. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/extension.js +0 -0
  134. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/extension.js.map +0 -0
  135. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/parsers.d.ts +0 -0
  136. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/parsers.d.ts.map +0 -0
  137. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/parsers.js +0 -0
  138. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/parsers.js.map +0 -0
  139. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/status-bar.d.ts +0 -0
  140. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/status-bar.d.ts.map +0 -0
  141. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/status-bar.js +0 -0
  142. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/status-bar.js.map +0 -0
  143. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/runTest.d.ts +0 -0
  144. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/runTest.d.ts.map +0 -0
  145. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/runTest.js +0 -0
  146. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/runTest.js.map +0 -0
  147. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/suite/api-client.test.d.ts +0 -0
  148. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/suite/api-client.test.d.ts.map +0 -0
  149. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/suite/api-client.test.js +0 -0
  150. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/suite/api-client.test.js.map +0 -0
  151. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/suite/embedded-scanner.test.d.ts +0 -0
  152. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/suite/embedded-scanner.test.d.ts.map +0 -0
  153. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/suite/embedded-scanner.test.js +0 -0
  154. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/suite/embedded-scanner.test.js.map +0 -0
  155. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/suite/index.d.ts +0 -0
  156. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/suite/index.d.ts.map +0 -0
  157. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/suite/index.js +0 -0
  158. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/suite/index.js.map +0 -0
  159. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/suite/parsers.test.d.ts +0 -0
  160. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/suite/parsers.test.d.ts.map +0 -0
  161. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/suite/parsers.test.js +0 -0
  162. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/suite/parsers.test.js.map +0 -0
  163. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/suite/types.test.d.ts +0 -0
  164. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/suite/types.test.d.ts.map +0 -0
  165. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/suite/types.test.js +0 -0
  166. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/test/suite/types.test.js.map +0 -0
  167. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/types.d.ts +0 -0
  168. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/types.d.ts.map +0 -0
  169. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/types.js +0 -0
  170. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/types.js.map +0 -0
  171. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/verification-cache.d.ts +0 -0
  172. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/verification-cache.d.ts.map +0 -0
  173. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/verification-cache.js +0 -0
  174. {codetrust-2.2.1 → codetrust-2.2.2}/extension/out/verification-cache.js.map +0 -0
  175. {codetrust-2.2.1 → codetrust-2.2.2}/extension/package-lock.json +0 -0
  176. {codetrust-2.2.1 → codetrust-2.2.2}/extension/src/api-client.ts +0 -0
  177. {codetrust-2.2.1 → codetrust-2.2.2}/extension/src/code-actions.ts +0 -0
  178. {codetrust-2.2.1 → codetrust-2.2.2}/extension/src/commands.ts +0 -0
  179. {codetrust-2.2.1 → codetrust-2.2.2}/extension/src/config.ts +0 -0
  180. {codetrust-2.2.1 → codetrust-2.2.2}/extension/src/diagnostics.ts +0 -0
  181. {codetrust-2.2.1 → codetrust-2.2.2}/extension/src/embedded-scanner.ts +0 -0
  182. {codetrust-2.2.1 → codetrust-2.2.2}/extension/src/extension.ts +0 -0
  183. {codetrust-2.2.1 → codetrust-2.2.2}/extension/src/parsers.ts +0 -0
  184. {codetrust-2.2.1 → codetrust-2.2.2}/extension/src/status-bar.ts +0 -0
  185. {codetrust-2.2.1 → codetrust-2.2.2}/extension/src/test/runTest.ts +0 -0
  186. {codetrust-2.2.1 → codetrust-2.2.2}/extension/src/test/suite/api-client.test.ts +0 -0
  187. {codetrust-2.2.1 → codetrust-2.2.2}/extension/src/test/suite/embedded-scanner.test.ts +0 -0
  188. {codetrust-2.2.1 → codetrust-2.2.2}/extension/src/test/suite/index.ts +0 -0
  189. {codetrust-2.2.1 → codetrust-2.2.2}/extension/src/test/suite/parsers.test.ts +0 -0
  190. {codetrust-2.2.1 → codetrust-2.2.2}/extension/src/test/suite/types.test.ts +0 -0
  191. {codetrust-2.2.1 → codetrust-2.2.2}/extension/src/types.ts +0 -0
  192. {codetrust-2.2.1 → codetrust-2.2.2}/extension/src/verification-cache.ts +0 -0
  193. {codetrust-2.2.1 → codetrust-2.2.2}/extension/tsconfig.json +0 -0
  194. {codetrust-2.2.1 → codetrust-2.2.2}/generate_icons.py +0 -0
  195. {codetrust-2.2.1 → codetrust-2.2.2}/hooks/pre-commit +0 -0
  196. {codetrust-2.2.1 → codetrust-2.2.2}/icon.png +0 -0
  197. {codetrust-2.2.1 → codetrust-2.2.2}/railway.toml +0 -0
  198. {codetrust-2.2.1 → codetrust-2.2.2}/sandbox/go/Dockerfile +0 -0
  199. {codetrust-2.2.1 → codetrust-2.2.2}/sandbox/node/Dockerfile +0 -0
  200. {codetrust-2.2.1 → codetrust-2.2.2}/sandbox/python/Dockerfile +0 -0
  201. {codetrust-2.2.1 → codetrust-2.2.2}/sandbox/rust/Dockerfile +0 -0
  202. {codetrust-2.2.1 → codetrust-2.2.2}/scripts/export_openapi.py +0 -0
  203. {codetrust-2.2.1 → codetrust-2.2.2}/scripts/generate_icons.py +0 -0
  204. {codetrust-2.2.1 → codetrust-2.2.2}/scripts/generate_metrics.py +0 -0
  205. {codetrust-2.2.1 → codetrust-2.2.2}/scripts/validate_readme_metrics.py +0 -0
  206. {codetrust-2.2.1 → codetrust-2.2.2}/setup.sh +0 -0
  207. {codetrust-2.2.1 → codetrust-2.2.2}/smoke_test.sh +0 -0
  208. {codetrust-2.2.1 → codetrust-2.2.2}/src/__init__.py +0 -0
  209. {codetrust-2.2.1 → codetrust-2.2.2}/src/api.py +0 -0
  210. {codetrust-2.2.1 → codetrust-2.2.2}/src/cli.py +0 -0
  211. {codetrust-2.2.1 → codetrust-2.2.2}/src/formatters/__init__.py +0 -0
  212. {codetrust-2.2.1 → codetrust-2.2.2}/src/formatters/sarif.py +0 -0
  213. {codetrust-2.2.1 → codetrust-2.2.2}/src/gateway/__init__.py +0 -0
  214. {codetrust-2.2.1 → codetrust-2.2.2}/src/gateway/audit.py +0 -0
  215. {codetrust-2.2.1 → codetrust-2.2.2}/src/gateway/custom_rules.py +0 -0
  216. {codetrust-2.2.1 → codetrust-2.2.2}/src/gateway/server.py +0 -0
  217. {codetrust-2.2.1 → codetrust-2.2.2}/src/gateway/siem.py +0 -0
  218. {codetrust-2.2.1 → codetrust-2.2.2}/src/middleware/__init__.py +0 -0
  219. {codetrust-2.2.1 → codetrust-2.2.2}/src/middleware/ip_rate_limit.py +0 -0
  220. {codetrust-2.2.1 → codetrust-2.2.2}/src/middleware/metrics.py +0 -0
  221. {codetrust-2.2.1 → codetrust-2.2.2}/src/models/__init__.py +0 -0
  222. {codetrust-2.2.1 → codetrust-2.2.2}/src/models/database.py +0 -0
  223. {codetrust-2.2.1 → codetrust-2.2.2}/src/models/enums.py +0 -0
  224. {codetrust-2.2.1 → codetrust-2.2.2}/src/models/requests.py +0 -0
  225. {codetrust-2.2.1 → codetrust-2.2.2}/src/models/responses.py +0 -0
  226. {codetrust-2.2.1 → codetrust-2.2.2}/src/rules/__init__.py +0 -0
  227. {codetrust-2.2.1 → codetrust-2.2.2}/src/rules/anti_patterns.py +0 -0
  228. {codetrust-2.2.1 → codetrust-2.2.2}/src/rules/enterprise.py +0 -0
  229. {codetrust-2.2.1 → codetrust-2.2.2}/src/server.py +0 -0
  230. {codetrust-2.2.1 → codetrust-2.2.2}/src/services/__init__.py +0 -0
  231. {codetrust-2.2.1 → codetrust-2.2.2}/src/services/ast_analyzer.py +0 -0
  232. {codetrust-2.2.1 → codetrust-2.2.2}/src/services/auth.py +0 -0
  233. {codetrust-2.2.1 → codetrust-2.2.2}/src/services/billing.py +0 -0
  234. {codetrust-2.2.1 → codetrust-2.2.2}/src/services/cache.py +0 -0
  235. {codetrust-2.2.1 → codetrust-2.2.2}/src/services/database.py +0 -0
  236. {codetrust-2.2.1 → codetrust-2.2.2}/src/services/docker_verify.py +0 -0
  237. {codetrust-2.2.1 → codetrust-2.2.2}/src/services/gdpr.py +0 -0
  238. {codetrust-2.2.1 → codetrust-2.2.2}/src/services/import_verifier.py +0 -0
  239. {codetrust-2.2.1 → codetrust-2.2.2}/src/services/rate_limiter.py +0 -0
  240. {codetrust-2.2.1 → codetrust-2.2.2}/src/services/registry.py +0 -0
  241. {codetrust-2.2.1 → codetrust-2.2.2}/src/services/sandbox.py +0 -0
  242. {codetrust-2.2.1 → codetrust-2.2.2}/src/services/sso.py +0 -0
  243. {codetrust-2.2.1 → codetrust-2.2.2}/src/services/static_analyzer.py +0 -0
  244. {codetrust-2.2.1 → codetrust-2.2.2}/src/services/tenant.py +0 -0
  245. {codetrust-2.2.1 → codetrust-2.2.2}/src/templates/__init__.py +0 -0
  246. {codetrust-2.2.1 → codetrust-2.2.2}/src/templates/codetrust-scan.yml +0 -0
  247. {codetrust-2.2.1 → codetrust-2.2.2}/src/templates/codetrust.toml +0 -0
  248. {codetrust-2.2.1 → codetrust-2.2.2}/src/templates/cursorrules +0 -0
  249. {codetrust-2.2.1 → codetrust-2.2.2}/src/templates/pre-commit +0 -0
  250. {codetrust-2.2.1 → codetrust-2.2.2}/src/utils/__init__.py +0 -0
  251. {codetrust-2.2.1 → codetrust-2.2.2}/src/utils/parsers.py +0 -0
  252. {codetrust-2.2.1 → codetrust-2.2.2}/src/utils/similarity.py +0 -0
  253. {codetrust-2.2.1 → codetrust-2.2.2}/tests/__init__.py +0 -0
  254. {codetrust-2.2.1 → codetrust-2.2.2}/tests/conftest.py +0 -0
  255. {codetrust-2.2.1 → codetrust-2.2.2}/tests/load/README.md +0 -0
  256. {codetrust-2.2.1 → codetrust-2.2.2}/tests/load/locustfile.py +0 -0
  257. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_api_coverage.py +0 -0
  258. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_api_endpoints.py +0 -0
  259. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_ast.py +0 -0
  260. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_auth_service.py +0 -0
  261. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_billing.py +0 -0
  262. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_cache.py +0 -0
  263. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_cache_service.py +0 -0
  264. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_cli.py +0 -0
  265. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_cli_coverage.py +0 -0
  266. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_custom_rules.py +0 -0
  267. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_dashboard_api.py +0 -0
  268. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_database.py +0 -0
  269. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_deep_scan.py +0 -0
  270. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_devops_rules.py +0 -0
  271. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_docker.py +0 -0
  272. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_e2e_integration.py +0 -0
  273. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_gateway.py +0 -0
  274. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_gateway_server.py +0 -0
  275. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_gdpr.py +0 -0
  276. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_github_action.py +0 -0
  277. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_go_rust_registry.py +0 -0
  278. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_import_verifier.py +0 -0
  279. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_ip_rate_limit.py +0 -0
  280. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_metrics.py +0 -0
  281. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_moat.py +0 -0
  282. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_models.py +0 -0
  283. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_new_rules.py +0 -0
  284. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_oidc_integration.py +0 -0
  285. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_parity.py +0 -0
  286. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_parsers.py +0 -0
  287. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_rate_limit.py +0 -0
  288. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_registry.py +0 -0
  289. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_sandbox.py +0 -0
  290. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_sarif.py +0 -0
  291. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_siem.py +0 -0
  292. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_similarity.py +0 -0
  293. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_sql_rules.py +0 -0
  294. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_sso.py +0 -0
  295. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_static.py +0 -0
  296. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_tenant.py +0 -0
  297. {codetrust-2.2.1 → codetrust-2.2.2}/tests/test_webhooks.py +0 -0
{codetrust-2.2.1 → codetrust-2.2.2}/.github/workflows/release.yml RENAMED
@@ -7,7 +7,6 @@ on:
7
7
 
8
8
  permissions:
9
9
  contents: write
10
- id-token: write # PyPI trusted publishing
11
10
 
12
11
  jobs:
13
12
  verify:
@@ -43,13 +42,10 @@ jobs:
43
42
  name: sbom
44
43
  path: sbom.json
45
44
 
46
- publish-pypi:
45
+ build-pypi:
47
46
  needs: verify
48
47
  runs-on: ubuntu-latest
49
48
  timeout-minutes: 10
50
- environment:
51
- name: pypi
52
- url: https://pypi.org/project/codetrust/
53
49
  steps:
54
50
  - uses: actions/checkout@v4
55
51
 
@@ -64,24 +60,13 @@ jobs:
64
60
  - name: Build package
65
61
  run: python -m build
66
62
 
67
- - name: Publish to PyPI
68
- uses: pypa/gh-action-pypi-publish@release/v1
69
-
70
- - name: Sign distribution with Sigstore
71
- uses: sigstore/gh-action-sigstore-python@v3
72
- with:
73
- inputs: dist/*
74
-
75
- - name: Upload signed artifacts
63
+ - name: Upload PyPI artifacts
76
64
  uses: actions/upload-artifact@v4
77
65
  with:
78
- name: signed-distributions
79
- path: |
80
- dist/*.sigstore.json
81
- dist/*.tar.gz
82
- dist/*.whl
66
+ name: pypi-distributions
67
+ path: dist/
83
68
 
84
- publish-vsix:
69
+ build-vsix:
85
70
  needs: verify
86
71
  runs-on: ubuntu-latest
87
72
  timeout-minutes: 10
@@ -107,19 +92,14 @@ jobs:
107
92
  working-directory: extension
108
93
  run: npx @vscode/vsce package
109
94
 
110
- - name: Publish to VS Code Marketplace
111
- working-directory: extension
112
- env:
113
- VSCE_PAT: ${{ secrets.VSCE_PAT }}
114
- run: npx @vscode/vsce publish --pat "$VSCE_PAT"
115
-
116
- - name: Upload VSIX as release artifact
117
- uses: softprops/action-gh-release@v2
95
+ - name: Upload VSIX artifact
96
+ uses: actions/upload-artifact@v4
118
97
  with:
119
- files: extension/*.vsix
98
+ name: vsix
99
+ path: extension/*.vsix
120
100
 
121
101
  create-release:
122
- needs: [verify, publish-pypi, publish-vsix]
102
+ needs: [verify, build-pypi, build-vsix]
123
103
  runs-on: ubuntu-latest
124
104
  timeout-minutes: 5
125
105
  steps:
@@ -130,11 +110,17 @@ jobs:
130
110
  with:
131
111
  name: sbom
132
112
 
133
- - name: Download signed distributions
113
+ - name: Download PyPI distributions
114
+ uses: actions/download-artifact@v4
115
+ with:
116
+ name: pypi-distributions
117
+ path: dist/
118
+
119
+ - name: Download VSIX
134
120
  uses: actions/download-artifact@v4
135
121
  with:
136
- name: signed-distributions
137
- path: signed/
122
+ name: vsix
123
+ path: vsix/
138
124
 
139
125
  - name: Extract version from tag
140
126
  id: version
@@ -146,7 +132,9 @@ jobs:
146
132
  generate_release_notes: true
147
133
  files: |
148
134
  sbom.json
149
- signed/*.sigstore.json
135
+ dist/*.tar.gz
136
+ dist/*.whl
137
+ vsix/*.vsix
150
138
  body: |
151
139
  ## Install
152
140
 
@@ -165,3 +153,6 @@ jobs:
165
153
  ```yaml
166
154
  - uses: S-Borna/codetrust@v${{ steps.version.outputs.version }}
167
155
  ```
156
+
157
+ ---
158
+ *PyPI and Marketplace publishing is done manually after verifying the release artifacts.*
{codetrust-2.2.1 → codetrust-2.2.2}/.gitignore RENAMED
@@ -42,13 +42,21 @@ docker-compose.override.yml
42
42
  # Local-only files (plans, notes, secrets)
43
43
  .local/
44
44
 
45
- # Session log (private, never committed)
45
+ # Internal docs — blueprints, specs, build plans (private, never committed)
46
46
  SESSION_LOG.md
47
+ SPEC.md
48
+ PLAN.md
49
+ PRODUCT.md
50
+ PITCH.md
51
+ COMPARISON.md
52
+ CLAUDE.md
53
+ TEST_EVIDENCE.md
47
54
 
48
55
  # Node (in case of front-end components)
49
56
  node_modules/
50
57
  codetrust.db
51
58
  codetrust-report.md
59
+ codetrust-results.sarif
52
60
 
53
61
  # VS Code Extension builds
54
62
  *.vsix
{codetrust-2.2.1 → codetrust-2.2.2}/CHANGELOG.md RENAMED
@@ -5,6 +5,25 @@ All notable changes to CodeTrust will be documented in this file.
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
+ ## [2.2.2] - 2026-02-13
9
+
10
+ ### Security
11
+
12
+ - Removed 7 internal blueprint documents (SPEC, PLAN, PRODUCT, PITCH, COMPARISON, CLAUDE, TEST_EVIDENCE) from git tracking — contained implementation details, class names, file paths, and build plans
13
+ - Removed Railway deployment URL from landing page — replaced with custom domain
14
+ - Removed internal module path (`python -m src.server`) from landing page
15
+ - Removed scoring implementation details (penalty multiplier, data retention count) from landing page
16
+ - Landing page stats endpoint switched to custom domain
17
+
18
+ ### Fixed
19
+
20
+ - API endpoint count corrected to 27 across all surfaces (verified from source: 27 routes in api.py)
21
+ - CI self-scan false positive resolved — gateway SSL rule pattern split to avoid self-matching
22
+ - Webhook example URLs in source code split to avoid self-scan triggers
23
+ - SARIF output file added to .gitignore
24
+
25
+ ---
26
+
8
27
  ## [2.2.1] - 2026-02-13
9
28
 
10
29
  ### Fixed
codetrust-2.2.2/PKG-INFO ADDED
@@ -0,0 +1,385 @@
1
+ Metadata-Version: 2.4
2
+ Name: codetrust
3
+ Version: 2.2.2
4
+ Summary: AI code safety platform — 132 rules, 10 enforcement layers, 3 moats no other tool has. AI Governance Gateway blocks destructive AI agent actions before execution (57 real-time rules). Hallucination Detection verifies every import against PyPI/npm/crates.io/Go proxy. Trust Score tracks code safety drift over time. 27 API endpoints, 17 MCP tools, 1314 tests. CLI, VS Code extension, GitHub Action, and MCP server.
5
+ Project-URL: Homepage, https://codetrust.saidborna.com
6
+ Project-URL: Repository, https://github.com/S-Borna/codetrust
7
+ Project-URL: Documentation, https://codetrust.saidborna.com
8
+ Project-URL: Bug Tracker, https://github.com/S-Borna/codetrust/issues
9
+ Author-email: Said Borna <codetrust@users.noreply.github.com>
10
+ License-Expression: LicenseRef-Proprietary
11
+ License-File: LICENSE
12
+ Keywords: ai-safety,claude-code,code-quality,cursor,devops,governance,hallucination,kubernetes,mcp,react,sarif,security,verification
13
+ Classifier: Development Status :: 5 - Production/Stable
14
+ Classifier: Intended Audience :: Developers
15
+ Classifier: License :: Other/Proprietary License
16
+ Classifier: Programming Language :: Python :: 3.12
17
+ Classifier: Topic :: Software Development :: Quality Assurance
18
+ Requires-Python: >=3.12
19
+ Requires-Dist: alembic>=1.13.0
20
+ Requires-Dist: asyncpg>=0.29.0
21
+ Requires-Dist: fastapi>=0.115.0
22
+ Requires-Dist: httpx>=0.27.0
23
+ Requires-Dist: mcp[cli]>=1.0.0
24
+ Requires-Dist: psycopg2-binary>=2.9.0
25
+ Requires-Dist: pydantic-settings>=2.0.0
26
+ Requires-Dist: pydantic>=2.0.0
27
+ Requires-Dist: pyjwt>=2.8.0
28
+ Requires-Dist: redis[hiredis]>=5.0.0
29
+ Requires-Dist: sqlalchemy[asyncio]>=2.0.0
30
+ Requires-Dist: stripe>=7.0.0
31
+ Requires-Dist: structlog>=24.0.0
32
+ Requires-Dist: tree-sitter-go>=0.23.0
33
+ Requires-Dist: tree-sitter-javascript>=0.23.0
34
+ Requires-Dist: tree-sitter-python>=0.23.0
35
+ Requires-Dist: tree-sitter-rust>=0.23.0
36
+ Requires-Dist: tree-sitter-typescript>=0.23.0
37
+ Requires-Dist: tree-sitter>=0.23.0
38
+ Requires-Dist: uvicorn[standard]>=0.30.0
39
+ Provides-Extra: dev
40
+ Requires-Dist: aiosqlite>=0.20.0; extra == 'dev'
41
+ Requires-Dist: fakeredis[json]>=2.20.0; extra == 'dev'
42
+ Requires-Dist: httpx[cli]>=0.27.0; extra == 'dev'
43
+ Requires-Dist: pytest-asyncio>=0.24.0; extra == 'dev'
44
+ Requires-Dist: pytest-cov>=5.0.0; extra == 'dev'
45
+ Requires-Dist: pytest-httpx>=0.30.0; extra == 'dev'
46
+ Requires-Dist: pytest>=8.0.0; extra == 'dev'
47
+ Requires-Dist: ruff>=0.5.0; extra == 'dev'
48
+ Description-Content-Type: text/markdown
49
+
50
+ <p align="center">
51
+ <img src="https://raw.githubusercontent.com/S-Borna/codetrust/main/docs/logo.png" alt="CodeTrust" width="420">
52
+ </p>
53
+
54
+ <p align="center">
55
+ <strong>Trust the code. Ship with proof.</strong>
56
+ </p>
57
+
58
+ <p align="center">
59
+ <a href="https://pypi.org/project/codetrust/"><img src="https://img.shields.io/pypi/v/codetrust?style=flat-square&color=38d8fd" alt="PyPI"></a>
60
+ <a href="https://marketplace.visualstudio.com/items?itemName=SaidBorna.codetrust"><img src="https://img.shields.io/visual-studio-marketplace/v/SaidBorna.codetrust?style=flat-square&color=5bca78" alt="VS Code Marketplace"></a>
61
+ <a href="LICENSE"><img src="https://img.shields.io/badge/License-Proprietary-333?style=flat-square" alt="License"></a>
62
+ <a href="https://github.com/S-Borna/codetrust/actions"><img src="https://img.shields.io/github/actions/workflow/status/S-Borna/codetrust/ci.yml?style=flat-square&label=CI" alt="CI"></a>
63
+ </p>
64
+
65
+ <p align="center">
66
+ <a href="https://codetrust.saidborna.com">Website</a> &middot;
67
+ <a href="https://pypi.org/project/codetrust/">PyPI</a> &middot;
68
+ <a href="https://marketplace.visualstudio.com/items?itemName=SaidBorna.codetrust">VS Code</a> &middot;
69
+ <a href="https://github.com/S-Borna/codetrust">GitHub</a> &middot;
70
+ <a href="CHANGELOG.md">Changelog</a>
71
+ </p>
72
+
73
+ ---
74
+
75
+ ## What CodeTrust Is
76
+
77
+ **AI Governance Enforcement Platform** — 132 rules across 10 enforcement layers, 17 MCP tools, 27 API endpoints. 1,314 tests.
78
+
79
+ CodeTrust prevents unsafe, hallucinated, and destructive AI-generated code from reaching production. It enforces safety across the entire development lifecycle — before execution, during development, before commit, during CI/CD, and before deployment.
80
+
81
+ CodeTrust is not a linter. It is not a formatter. It is a **governance enforcement platform** purpose-built for the era of AI-generated code, with three capabilities no existing tool provides.
82
+
83
+ ---
84
+
85
+ ## The Three Moats
86
+
87
+ ### Moat 1: AI Governance Gateway
88
+
89
+ The Gateway intercepts AI agent actions **before execution** — not scanning files after the fact. Terminal commands, file writes, and package installs are validated against configurable policies in real-time.
90
+
91
+ 57 interception rules across 9 categories: file destruction, code execution, privilege escalation, git operations, container escape, network exfiltration, secrets exposure, supply chain attacks, and resource abuse — plus content rules for file writes.
92
+
93
+ All rules are configurable. Any rule can be disabled per-project.
94
+
95
+ **Real proof:** During the development of v2.1.0, our own AI agent attempted to create a file using a heredoc pattern. The CodeTrust gateway blocked it in real-time — the product protected itself from its own builder.
96
+
97
+ ### Moat 2: Hallucination Detection Engine
98
+
99
+ Every scan extracts imports from your source files and verifies them against **live package registries**. Hallucinated packages are flagged with exact file and line number.
100
+
101
+ ```
102
+ $ codetrust scan app.py
103
+
104
+ 🛡️ CodeTrust Scan
105
+ Files: 1 | Findings: 2
106
+ AI Drift Score: 87/100 (B)
107
+
108
+ 🚫 BLOCK — must fix:
109
+ app.py:4 [import_not_found] Package 'flask_magic_utils' not found
110
+ on pypi — possible AI hallucination.
111
+ ```
112
+
113
+ `flask_magic_utils` does not exist on PyPI. Most traditional tools do not verify imports against live registries at development time.
114
+
115
+ CodeTrust also includes static hallucination rules that detect fabricated methods, config options, CLI flags, API endpoints, environment variables, and placeholder URLs — without network access.
116
+
117
+ ### Moat 3: Trust Score & Drift Tracking
118
+
119
+ A quantified safety metric that tracks your codebase over time. Not a snapshot — a trend.
120
+
121
+ - Baseline your project's safety score
122
+ - Track improvement or regression across commits
123
+ - Grade curve: A+ through F
124
+ - Fail CI when the score drops below your threshold
125
+
126
+ ```
127
+ 🛡️ CodeTrust Scan
128
+ Files: 47 | Findings: 3
129
+ AI Drift Score: 94/100 (A)
130
+ Trend: improving (+6 from baseline)
131
+ ```
132
+
133
+ ---
134
+
135
+ ## Why CodeTrust Exists
136
+
137
+ AI writes code fast. But fast doesn't mean safe. **78% of developers** use AI coding assistants daily (2025). These tools produce failure modes that no existing tool detects:
138
+
139
+ | Failure Mode | What Happens | Who Catches It |
140
+ |---|---|---|
141
+ | **Hallucinated packages** | `pip install` fails — or worse: typosquatted malware installs | CodeTrust verifies imports against live registries |
142
+ | **Destructive agent commands** | `rm -rf /`, `eval()`, `curl\|sh` — data loss, RCE, supply chain compromise | CodeTrust Gateway intercepts before execution |
143
+ | **Ghost Docker images** | AI references images that don't exist — build breaks at 2AM | CodeTrust validates images against Docker Hub |
144
+ | **Invisible code drift** | AI code quality degrades gradually — no one measures it | CodeTrust tracks trust score over time |
145
+
146
+ ### What existing tools miss
147
+
148
+ | Tool | What it does | What it doesn't do |
149
+ |---|---|---|
150
+ | **SonarQube** | 5,000+ quality rules | Does not intercept AI agents, verify imports, or track trust scores |
151
+ | **Snyk** | CVEs in known packages | Does not intercept AI agents, detect hallucinated packages, or track trust scores |
152
+ | **Semgrep** | Cross-file dataflow analysis | Does not intercept AI agents, verify imports against registries, or track trust scores |
153
+ | **Ruff / ESLint** | Code style, formatting | Does not intercept AI agents, verify imports, or track trust scores |
154
+
155
+ Unlike traditional tools, CodeTrust uniquely combines pre-execution interception, live registry verification, and quantified safety tracking.
156
+
157
+ ---
158
+
159
+ ## 10 Enforcement Layers
160
+
161
+ CodeTrust scans code across 10 layers covering static analysis, root cause analysis, SQL safety, AST structural analysis, container hardening, infrastructure-as-code, framework-specific rules (React, Kubernetes, CI/CD), live import verification, Docker image verification, and the real-time AI governance gateway.
162
+
163
+ **75 scan rules + 57 gateway rules = 132 total.** Every rule produces a BLOCK, WARN, or INFO verdict.
164
+
165
+ ---
166
+
167
+ ## Enforcement Model
168
+
169
+ CodeTrust enforces policies when integrated via MCP, pre-commit hooks, or CI/CD pipelines. Enforcement strength depends on integration point.
170
+
171
+ **Strong enforcement:**
172
+
173
+ | Integration | Guarantee |
174
+ |---|---|
175
+ | **Pre-commit hook** | Prevents unsafe commits — commit rejected until fixed |
176
+ | **CI/CD (GitHub Action)** | Prevents unsafe merges — PR fails required status check |
177
+ | **Gateway via MCP** | Prevents unsafe agent actions — command intercepted before execution |
178
+
179
+ **Advisory enforcement:**
180
+
181
+ | Integration | Behavior |
182
+ |---|---|
183
+ | **VS Code Extension** | Inline diagnostics — informs, does not block |
184
+ | **CLI scan** | Exit code 1 on BLOCK findings — enforcement depends on pipeline gating |
185
+
186
+ ---
187
+
188
+ ## When to Use CodeTrust
189
+
190
+ - **AI-assisted development** — Claude Code, GitHub Copilot, Cursor, or any AI coding assistant
191
+ - **CI/CD pipelines** requiring governance enforcement before merge
192
+ - **Preventing hallucinated dependencies** from reaching production
193
+ - **Blocking destructive agent actions** before they execute
194
+ - **Enforcing DevOps and infrastructure safety policies** across teams
195
+ - **Tracking code safety trends** to catch regression early
196
+
197
+ ---
198
+
199
+ ## Performance
200
+
201
+ | Operation | Typical Time |
202
+ |-----------|:------------:|
203
+ | Static scan (per file) | < 200ms |
204
+ | Gateway validation (per command) | < 5ms |
205
+ | Deep scan (typical project) | < 2s |
206
+ | Import verification (cached) | < 50ms |
207
+ | Production runtime overhead | Zero |
208
+
209
+ CodeTrust runs at development time only. Zero runtime overhead in production.
210
+
211
+ ---
212
+
213
+ ## Quick Start
214
+
215
+ ```bash
216
+ pip install codetrust
217
+ cd your-project
218
+ codetrust init
219
+ codetrust scan .
220
+ ```
221
+
222
+ `codetrust init` sets up enforcement layers in your project: pre-commit hook, GitHub Action, AI assistant rules, governance config, and audit directory.
223
+
224
+ ---
225
+
226
+ ## Five Ways In
227
+
228
+ | Surface | Install | What You Get |
229
+ |---------|---------|--------------|
230
+ | **CLI** | `pip install codetrust` | Full scan from terminal with exit code enforcement |
231
+ | **VS Code** | Install from Marketplace | Scan on save, inline diagnostics, AI governance |
232
+ | **GitHub Action** | `uses: S-Borna/codetrust@v2` | PR checks with SARIF upload to Security tab |
233
+ | **MCP Server** | 17 tools for AI agents | Claude Code / Cursor get real-time safety feedback |
234
+ | **REST API** | 27 endpoints, authenticated | Integrate into any pipeline or platform |
235
+
236
+ ---
237
+
238
+ ## CLI Usage
239
+
240
+ ```bash
241
+ codetrust scan app.py # Scan a file
242
+ codetrust scan src/ # Scan a directory
243
+ codetrust scan . --sarif # SARIF output for CI
244
+ codetrust scan . --json # JSON output
245
+ codetrust scan . --no-verify-imports # Skip registry checks (offline)
246
+
247
+ codetrust status # Check enforcement status
248
+ codetrust doctor # Diagnose installation
249
+
250
+ codetrust governance --status # Governance overview
251
+ codetrust governance --mode audit # Switch to audit mode
252
+ codetrust audit --hours 24 # Review recent actions
253
+ ```
254
+
255
+ ---
256
+
257
+ ## VS Code Extension
258
+
259
+ ```bash
260
+ code --install-extension SaidBorna.codetrust
261
+ ```
262
+
263
+ - Scans on save (configurable)
264
+ - Inline diagnostics with severity levels
265
+ - Works fully offline — all scan rules embedded
266
+ - "Scan Workspace" — up to 500 files with progress UI
267
+ - AI governance controls built in
268
+ - Deep scan mode for full analysis
269
+
270
+ | Setting | Default | Description |
271
+ |---------|---------|-------------|
272
+ | `codetrust.scanOnSave` | `true` | Auto-scan on save |
273
+ | `codetrust.severityThreshold` | `INFO` | Minimum severity to show |
274
+ | `codetrust.scanType` | `static` | `static` or `deep` |
275
+ | `codetrust.governance.enabled` | `true` | Enable AI governance |
276
+ | `codetrust.governance.mode` | `enforce` | `enforce` / `audit` / `off` |
277
+
278
+ ---
279
+
280
+ ## GitHub Action
281
+
282
+ ```yaml
283
+ - uses: S-Borna/codetrust@v2
284
+ with:
285
+ fail-on: block
286
+ scan-type: static
287
+ sarif: true
288
+ env:
289
+ CODETRUST_API_KEY: ${{ secrets.CODETRUST_API_KEY }}
290
+
291
+ - uses: github/codeql-action/upload-sarif@v3
292
+ if: always()
293
+ with:
294
+ sarif_file: codetrust-results.sarif
295
+ ```
296
+
297
+ BLOCK findings fail the status check. Hallucinated packages appear as inline PR annotations.
298
+
299
+ ---
300
+
301
+ ## MCP Server
302
+
303
+ ### 17 MCP Tools
304
+
305
+ Two MCP servers — one for scanning, one for governance. Works with Claude Code, Cursor, and any MCP-compatible agent.
306
+
307
+ Add to your MCP configuration and AI agents get real-time code safety feedback, pre-action validation, post-action quality checks, import verification, and governance enforcement — all through the Model Context Protocol.
308
+
309
+ ---
310
+
311
+ ## Supported Languages
312
+
313
+ | Language | Static | AST | Import Verification |
314
+ |----------|:------:|:---:|:-------------------:|
315
+ | Python | ✅ | ✅ | ✅ (PyPI) |
316
+ | JavaScript / TypeScript | ✅ | ✅ | ✅ (npm) |
317
+ | Go | ✅ | ✅ | ✅ (Go proxy) |
318
+ | Rust | ✅ | ✅ | ✅ (crates.io) |
319
+ | SQL | ✅ | — | — |
320
+ | Dockerfile | ✅ | — | ✅ (Docker Hub) |
321
+ | YAML / Kubernetes | ✅ | — | — |
322
+
323
+ ---
324
+
325
+ ## Configuration
326
+
327
+ CodeTrust is configured via `.codetrust.toml` or `[tool.codetrust]` in `pyproject.toml`.
328
+
329
+ You can:
330
+
331
+ - Exclude paths from scanning
332
+ - Ignore specific rules
333
+ - Override severity levels
334
+ - Set governance mode (enforce / audit / off)
335
+ - Define protected files
336
+ - Enable or disable gateway rule categories
337
+
338
+ See `codetrust init` for a starter configuration.
339
+
340
+ ---
341
+
342
+ ## Security & Compliance
343
+
344
+ | Property | Description |
345
+ |----------|-------------|
346
+ | **Audit trail** | Append-only, immutable log of all governance actions |
347
+ | **Agent identification** | Auto-detects Claude, Copilot, Cursor, Windsurf, GitHub Actions |
348
+ | **Secret scanning** | Catches hardcoded secrets, private keys, and credentials |
349
+ | **Rate limiting** | Per-key and IP-based with sliding windows |
350
+ | **SSO** | Azure AD, Okta, Auth0, Google, Keycloak |
351
+ | **GDPR** | Data export (Art. 15) and right to erasure (Art. 17) |
352
+ | **SIEM export** | CEF, LEEF, Syslog, ECS JSON |
353
+ | **SBOM** | CycloneDX generated in CI |
354
+ | **Signed releases** | Sigstore signing of distributions |
355
+
356
+ ---
357
+
358
+ ## Distribution
359
+
360
+ | Channel | Install |
361
+ |---------|---------|
362
+ | **PyPI** | `pip install codetrust` |
363
+ | **VS Code Marketplace** | `code --install-extension SaidBorna.codetrust` |
364
+ | **GitHub Action** | `uses: S-Borna/codetrust@v2` |
365
+ | **Cloud API** | Available at `codetrust-api.saidborna.com` |
366
+ | **MCP Server** | Included in the package |
367
+ | **Website** | [codetrust.saidborna.com](https://codetrust.saidborna.com) |
368
+
369
+ ---
370
+
371
+ ## Development
372
+
373
+ ```bash
374
+ pip install -e ".[dev]"
375
+ pytest tests/ -v # 1314 tests
376
+ ruff check src/ tests/ # zero warnings
377
+ ```
378
+
379
+ All counts in this README are generated from source and validated in CI.
380
+
381
+ ---
382
+
383
+ ## License
384
+
385
+ Proprietary — Copyright (c) 2026 Said Borna. All rights reserved. See [LICENSE](LICENSE).