codetrust 2.2.1__tar.gz → 2.2.4__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {codetrust-2.2.1 → codetrust-2.2.4}/.codetrust/audit.jsonl +2 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/.github/dependabot.yml +12 -0
- codetrust-2.2.4/.github/workflows/release.yml +156 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/.gitignore +10 -1
- {codetrust-2.2.1 → codetrust-2.2.4}/CHANGELOG.md +75 -0
- codetrust-2.2.4/PKG-INFO +383 -0
- codetrust-2.2.4/README.md +334 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/package-lock.json +74 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/package.json +4 -3
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/app/api/webhooks/stripe/route.ts +28 -4
- {codetrust-2.2.1 → codetrust-2.2.4}/docs/index.html +16 -17
- {codetrust-2.2.1 → codetrust-2.2.4}/docs/openapi.json +2 -2
- codetrust-2.2.4/extension/README.md +163 -0
- codetrust-2.2.4/extension/out/commands.js.map +1 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/embedded-scanner.js +1 -1
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/embedded-scanner.js.map +1 -1
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/status-bar.d.ts.map +1 -1
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/status-bar.js +0 -1
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/status-bar.js.map +1 -1
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/package-lock.json +2 -2
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/package.json +4 -4
- codetrust-2.2.4/extension/scripts/check-release-sync.js +59 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/src/commands.ts +6 -6
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/src/embedded-scanner.ts +1 -1
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/src/status-bar.ts +0 -1
- {codetrust-2.2.1 → codetrust-2.2.4}/metrics.json +6 -6
- {codetrust-2.2.1 → codetrust-2.2.4}/pyproject.toml +2 -2
- {codetrust-2.2.1 → codetrust-2.2.4}/src/config.py +1 -1
- {codetrust-2.2.1 → codetrust-2.2.4}/src/gateway/interceptor.py +8 -1
- {codetrust-2.2.1 → codetrust-2.2.4}/src/gateway/policies.py +1 -1
- {codetrust-2.2.1 → codetrust-2.2.4}/src/gateway/webhooks.py +1 -1
- {codetrust-2.2.1 → codetrust-2.2.4}/src/middleware/ip_rate_limit.py +1 -1
- {codetrust-2.2.1 → codetrust-2.2.4}/src/rules/anti_patterns.py +12 -4
- {codetrust-2.2.1 → codetrust-2.2.4}/src/utils/parsers.py +4 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_parity.py +3 -3
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_registry.py +17 -0
- codetrust-2.2.1/.github/workflows/release.yml +0 -167
- codetrust-2.2.1/CLAUDE.md +0 -251
- codetrust-2.2.1/COMPARISON.md +0 -137
- codetrust-2.2.1/PITCH.md +0 -408
- codetrust-2.2.1/PKG-INFO +0 -726
- codetrust-2.2.1/PLAN.md +0 -457
- codetrust-2.2.1/PRODUCT.md +0 -574
- codetrust-2.2.1/README.md +0 -677
- codetrust-2.2.1/SPEC.md +0 -758
- codetrust-2.2.1/TEST_EVIDENCE.md +0 -192
- codetrust-2.2.1/extension/README.md +0 -185
- codetrust-2.2.1/extension/out/commands.js.map +0 -1
- codetrust-2.2.1/src/templates/CLAUDE.md +0 -42
- {codetrust-2.2.1 → codetrust-2.2.4}/.codetrust/.gitkeep +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/.codetrust.toml +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/.cursorrules +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/.github/workflows/ci.yml +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/.github/workflows/codetrust-scan.yml +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/CONTRIBUTING.md +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/Dockerfile +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/LICENSE +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/Procfile +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/SECURITY.md +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/action/action.yml +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/action/entrypoint.sh +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/action/scan.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/action/scan_runner.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/action.yml +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/alembic/README +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/alembic/env.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/alembic/script.py.mako +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/alembic/versions/b74aff4dff57_initial_schema_users_api_keys_scan_logs_.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/alembic.ini +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/e2e/dashboard.spec.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/next.config.js +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/playwright.config.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/postcss.config.js +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/prisma/schema.prisma +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/__tests__/dashboard-nav.test.tsx +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/__tests__/governance-audit.test.tsx +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/__tests__/scan-history.test.tsx +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/__tests__/setup.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/app/api/auth/[...nextauth]/route.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/app/dashboard/api-keys/page.tsx +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/app/dashboard/governance/page.tsx +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/app/dashboard/layout.tsx +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/app/dashboard/page.tsx +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/app/dashboard/settings/page.tsx +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/app/globals.css +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/app/layout.tsx +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/app/login/page.tsx +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/app/page.tsx +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/app/pricing/page.tsx +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/components/api-key-manager.tsx +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/components/dashboard-nav.tsx +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/components/governance-audit.tsx +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/components/providers.tsx +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/components/scan-history.tsx +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/components/settings-form.tsx +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/components/usage-chart.tsx +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/lib/api.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/lib/auth.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/src/lib/prisma.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/tailwind.config.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/tsconfig.json +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/dashboard/vitest.config.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/deploy/helm/codetrust/Chart.yaml +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/deploy/helm/codetrust/templates/_helpers.tpl +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/deploy/helm/codetrust/templates/configmap.yaml +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/deploy/helm/codetrust/templates/deployment.yaml +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/deploy/helm/codetrust/templates/hpa.yaml +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/deploy/helm/codetrust/templates/ingress.yaml +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/deploy/helm/codetrust/templates/secret.yaml +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/deploy/helm/codetrust/templates/service.yaml +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/deploy/helm/codetrust/templates/serviceaccount.yaml +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/deploy/helm/codetrust/values.yaml +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/docker-compose.yml +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/docs/apple-touch-icon.png +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/docs/compliance/soc2-controls.md +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/docs/favicon-16.png +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/docs/favicon-32.png +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/docs/favicon.png +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/docs/favicon.svg +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/docs/logo.png +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/.eslintrc.json +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/.vscodeignore +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/LICENSE +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/images/icon.png +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/api-client.d.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/api-client.d.ts.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/api-client.js +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/api-client.js.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/code-actions.d.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/code-actions.d.ts.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/code-actions.js +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/code-actions.js.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/commands.d.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/commands.d.ts.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/commands.js +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/config.d.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/config.d.ts.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/config.js +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/config.js.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/diagnostics.d.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/diagnostics.d.ts.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/diagnostics.js +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/diagnostics.js.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/embedded-scanner.d.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/embedded-scanner.d.ts.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/extension.d.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/extension.d.ts.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/extension.js +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/extension.js.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/parsers.d.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/parsers.d.ts.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/parsers.js +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/parsers.js.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/status-bar.d.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/runTest.d.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/runTest.d.ts.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/runTest.js +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/runTest.js.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/suite/api-client.test.d.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/suite/api-client.test.d.ts.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/suite/api-client.test.js +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/suite/api-client.test.js.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/suite/embedded-scanner.test.d.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/suite/embedded-scanner.test.d.ts.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/suite/embedded-scanner.test.js +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/suite/embedded-scanner.test.js.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/suite/index.d.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/suite/index.d.ts.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/suite/index.js +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/suite/index.js.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/suite/parsers.test.d.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/suite/parsers.test.d.ts.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/suite/parsers.test.js +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/suite/parsers.test.js.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/suite/types.test.d.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/suite/types.test.d.ts.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/suite/types.test.js +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/test/suite/types.test.js.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/types.d.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/types.d.ts.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/types.js +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/types.js.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/verification-cache.d.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/verification-cache.d.ts.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/verification-cache.js +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/out/verification-cache.js.map +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/src/api-client.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/src/code-actions.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/src/config.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/src/diagnostics.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/src/extension.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/src/parsers.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/src/test/runTest.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/src/test/suite/api-client.test.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/src/test/suite/embedded-scanner.test.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/src/test/suite/index.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/src/test/suite/parsers.test.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/src/test/suite/types.test.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/src/types.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/src/verification-cache.ts +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/extension/tsconfig.json +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/generate_icons.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/hooks/pre-commit +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/icon.png +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/railway.toml +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/sandbox/go/Dockerfile +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/sandbox/node/Dockerfile +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/sandbox/python/Dockerfile +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/sandbox/rust/Dockerfile +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/scripts/export_openapi.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/scripts/generate_icons.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/scripts/generate_metrics.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/scripts/validate_readme_metrics.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/setup.sh +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/smoke_test.sh +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/__init__.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/api.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/cli.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/formatters/__init__.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/formatters/sarif.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/gateway/__init__.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/gateway/audit.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/gateway/custom_rules.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/gateway/server.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/gateway/siem.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/middleware/__init__.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/middleware/metrics.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/models/__init__.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/models/database.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/models/enums.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/models/requests.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/models/responses.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/rules/__init__.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/rules/enterprise.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/server.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/services/__init__.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/services/ast_analyzer.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/services/auth.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/services/billing.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/services/cache.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/services/database.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/services/docker_verify.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/services/gdpr.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/services/import_verifier.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/services/rate_limiter.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/services/registry.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/services/sandbox.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/services/sso.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/services/static_analyzer.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/services/tenant.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/templates/__init__.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/templates/codetrust-scan.yml +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/templates/codetrust.toml +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/templates/cursorrules +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/templates/pre-commit +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/utils/__init__.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/src/utils/similarity.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/__init__.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/conftest.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/load/README.md +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/load/locustfile.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_api_coverage.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_api_endpoints.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_ast.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_auth_service.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_billing.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_cache.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_cache_service.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_cli.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_cli_coverage.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_custom_rules.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_dashboard_api.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_database.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_deep_scan.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_devops_rules.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_docker.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_e2e_integration.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_gateway.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_gateway_server.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_gdpr.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_github_action.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_go_rust_registry.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_import_verifier.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_ip_rate_limit.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_metrics.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_moat.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_models.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_new_rules.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_oidc_integration.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_parsers.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_rate_limit.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_sandbox.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_sarif.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_siem.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_similarity.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_sql_rules.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_sso.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_static.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_tenant.py +0 -0
- {codetrust-2.2.1 → codetrust-2.2.4}/tests/test_webhooks.py +0 -0
|
@@ -15,3 +15,5 @@
|
|
|
15
15
|
{"timestamp": 1770950299.691034, "action_type": "terminal_command", "verdict": "ALLOW", "rule_id": "", "original_action": "pytest tests/ -v", "message": "", "suggestion": "", "session_id": "", "agent_id": "", "workspace": "", "metadata": {}}
|
|
16
16
|
{"timestamp": 1770950299.691067, "action_type": "terminal_command", "verdict": "ALLOW", "rule_id": "", "original_action": "git status", "message": "", "suggestion": "", "session_id": "", "agent_id": "", "workspace": "", "metadata": {}}
|
|
17
17
|
{"timestamp": 1770950299.6910982, "action_type": "terminal_command", "verdict": "ALLOW", "rule_id": "", "original_action": "ruff check src/", "message": "", "suggestion": "", "session_id": "", "agent_id": "", "workspace": "", "metadata": {}}
|
|
18
|
+
{"timestamp": 1770983965.215816, "action_type": "terminal_command", "verdict": "ALLOW", "rule_id": "", "original_action": "cd /Users/mrebadi/Desktop/DevOps/Codetrust/extension && npm ci && node ./scripts/check-release-sync.js && npm run package", "message": "", "suggestion": "", "session_id": "gateway-1770979134", "agent_id": "unknown", "workspace": "/Users/mrebadi/Desktop/DevOps/Codetrust", "metadata": {}}
|
|
19
|
+
{"timestamp": 1770983980.435174, "action_type": "terminal_command", "verdict": "ALLOW", "rule_id": "", "original_action": "cd /Users/mrebadi/Desktop/DevOps/Codetrust && /Users/mrebadi/Desktop/DevOps/Codetrust/.venv/bin/python -m pip install --quiet build twine && /Users/mrebadi/Desktop/DevOps/Codetrust/.venv/bin/python -m build && /Users/mrebadi/Desktop/DevOps/Codetrust/.venv/bin/python -m twine check dist/*", "message": "", "suggestion": "", "session_id": "gateway-1770979134", "agent_id": "unknown", "workspace": "/Users/mrebadi/Desktop/DevOps/Codetrust", "metadata": {}}
|
|
@@ -25,6 +25,10 @@ updates:
|
|
|
25
25
|
- "extension"
|
|
26
26
|
commit-message:
|
|
27
27
|
prefix: "chore(deps):"
|
|
28
|
+
ignore:
|
|
29
|
+
- dependency-name: "*"
|
|
30
|
+
update-types:
|
|
31
|
+
- "version-update:semver-major"
|
|
28
32
|
|
|
29
33
|
# npm dependencies (dashboard)
|
|
30
34
|
- package-ecosystem: "npm"
|
|
@@ -38,6 +42,10 @@ updates:
|
|
|
38
42
|
- "dashboard"
|
|
39
43
|
commit-message:
|
|
40
44
|
prefix: "chore(deps):"
|
|
45
|
+
ignore:
|
|
46
|
+
- dependency-name: "*"
|
|
47
|
+
update-types:
|
|
48
|
+
- "version-update:semver-major"
|
|
41
49
|
|
|
42
50
|
# GitHub Actions
|
|
43
51
|
- package-ecosystem: "github-actions"
|
|
@@ -50,6 +58,10 @@ updates:
|
|
|
50
58
|
- "ci"
|
|
51
59
|
commit-message:
|
|
52
60
|
prefix: "chore(ci):"
|
|
61
|
+
ignore:
|
|
62
|
+
- dependency-name: "*"
|
|
63
|
+
update-types:
|
|
64
|
+
- "version-update:semver-major"
|
|
53
65
|
|
|
54
66
|
# Docker dependencies
|
|
55
67
|
- package-ecosystem: "docker"
|
|
@@ -0,0 +1,156 @@
|
|
|
1
|
+
name: Release
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
workflow_dispatch:
|
|
5
|
+
|
|
6
|
+
permissions:
|
|
7
|
+
contents: write
|
|
8
|
+
|
|
9
|
+
jobs:
|
|
10
|
+
verify:
|
|
11
|
+
runs-on: ubuntu-latest
|
|
12
|
+
timeout-minutes: 15
|
|
13
|
+
steps:
|
|
14
|
+
- uses: actions/checkout@v4
|
|
15
|
+
|
|
16
|
+
- name: Set up Python
|
|
17
|
+
uses: actions/setup-python@v5
|
|
18
|
+
with:
|
|
19
|
+
python-version: "3.12"
|
|
20
|
+
|
|
21
|
+
- name: Install dependencies
|
|
22
|
+
run: |
|
|
23
|
+
python -m pip install --upgrade pip
|
|
24
|
+
pip install -e ".[dev]"
|
|
25
|
+
|
|
26
|
+
- name: Lint
|
|
27
|
+
run: ruff check src/ tests/
|
|
28
|
+
|
|
29
|
+
- name: Test with coverage
|
|
30
|
+
run: pytest tests/ -v --tb=short --cov=src --cov-fail-under=80
|
|
31
|
+
|
|
32
|
+
- name: Generate SBOM (CycloneDX)
|
|
33
|
+
run: |
|
|
34
|
+
pip install cyclonedx-bom
|
|
35
|
+
cyclonedx-py environment -o sbom.json --output-format json
|
|
36
|
+
|
|
37
|
+
- name: Upload SBOM artifact
|
|
38
|
+
uses: actions/upload-artifact@v4
|
|
39
|
+
with:
|
|
40
|
+
name: sbom
|
|
41
|
+
path: sbom.json
|
|
42
|
+
|
|
43
|
+
build-pypi:
|
|
44
|
+
needs: verify
|
|
45
|
+
runs-on: ubuntu-latest
|
|
46
|
+
timeout-minutes: 10
|
|
47
|
+
steps:
|
|
48
|
+
- uses: actions/checkout@v4
|
|
49
|
+
|
|
50
|
+
- name: Set up Python
|
|
51
|
+
uses: actions/setup-python@v5
|
|
52
|
+
with:
|
|
53
|
+
python-version: "3.12"
|
|
54
|
+
|
|
55
|
+
- name: Install build tools
|
|
56
|
+
run: pip install build
|
|
57
|
+
|
|
58
|
+
- name: Build package
|
|
59
|
+
run: python -m build
|
|
60
|
+
|
|
61
|
+
- name: Upload PyPI artifacts
|
|
62
|
+
uses: actions/upload-artifact@v4
|
|
63
|
+
with:
|
|
64
|
+
name: pypi-distributions
|
|
65
|
+
path: dist/
|
|
66
|
+
|
|
67
|
+
build-vsix:
|
|
68
|
+
needs: verify
|
|
69
|
+
runs-on: ubuntu-latest
|
|
70
|
+
timeout-minutes: 10
|
|
71
|
+
steps:
|
|
72
|
+
- uses: actions/checkout@v4
|
|
73
|
+
|
|
74
|
+
- name: Set up Node.js
|
|
75
|
+
uses: actions/setup-node@v4
|
|
76
|
+
with:
|
|
77
|
+
node-version: "20"
|
|
78
|
+
cache: "npm"
|
|
79
|
+
cache-dependency-path: extension/package-lock.json
|
|
80
|
+
|
|
81
|
+
- name: Install dependencies
|
|
82
|
+
working-directory: extension
|
|
83
|
+
run: npm ci
|
|
84
|
+
|
|
85
|
+
- name: Build extension
|
|
86
|
+
working-directory: extension
|
|
87
|
+
run: npm run compile
|
|
88
|
+
|
|
89
|
+
- name: Package VSIX
|
|
90
|
+
working-directory: extension
|
|
91
|
+
run: npx @vscode/vsce package
|
|
92
|
+
|
|
93
|
+
- name: Upload VSIX artifact
|
|
94
|
+
uses: actions/upload-artifact@v4
|
|
95
|
+
with:
|
|
96
|
+
name: vsix
|
|
97
|
+
path: extension/*.vsix
|
|
98
|
+
|
|
99
|
+
create-release:
|
|
100
|
+
needs: [verify, build-pypi, build-vsix]
|
|
101
|
+
runs-on: ubuntu-latest
|
|
102
|
+
timeout-minutes: 5
|
|
103
|
+
steps:
|
|
104
|
+
- uses: actions/checkout@v4
|
|
105
|
+
|
|
106
|
+
- name: Download SBOM
|
|
107
|
+
uses: actions/download-artifact@v4
|
|
108
|
+
with:
|
|
109
|
+
name: sbom
|
|
110
|
+
|
|
111
|
+
- name: Download PyPI distributions
|
|
112
|
+
uses: actions/download-artifact@v4
|
|
113
|
+
with:
|
|
114
|
+
name: pypi-distributions
|
|
115
|
+
path: dist/
|
|
116
|
+
|
|
117
|
+
- name: Download VSIX
|
|
118
|
+
uses: actions/download-artifact@v4
|
|
119
|
+
with:
|
|
120
|
+
name: vsix
|
|
121
|
+
path: vsix/
|
|
122
|
+
|
|
123
|
+
- name: Extract version from tag
|
|
124
|
+
id: version
|
|
125
|
+
run: echo "version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
|
|
126
|
+
|
|
127
|
+
- name: Create GitHub Release
|
|
128
|
+
uses: softprops/action-gh-release@v2
|
|
129
|
+
with:
|
|
130
|
+
generate_release_notes: true
|
|
131
|
+
files: |
|
|
132
|
+
sbom.json
|
|
133
|
+
dist/*.tar.gz
|
|
134
|
+
dist/*.whl
|
|
135
|
+
vsix/*.vsix
|
|
136
|
+
body: |
|
|
137
|
+
## Install
|
|
138
|
+
|
|
139
|
+
**CLI / Python:**
|
|
140
|
+
```bash
|
|
141
|
+
pip install codetrust==${{ steps.version.outputs.version }}
|
|
142
|
+
```
|
|
143
|
+
|
|
144
|
+
**VS Code Extension:**
|
|
145
|
+
Search "CodeTrust" in the Extensions marketplace, or:
|
|
146
|
+
```
|
|
147
|
+
code --install-extension SaidBorna.codetrust
|
|
148
|
+
```
|
|
149
|
+
|
|
150
|
+
**GitHub Action:**
|
|
151
|
+
```yaml
|
|
152
|
+
- uses: S-Borna/codetrust@v${{ steps.version.outputs.version }}
|
|
153
|
+
```
|
|
154
|
+
|
|
155
|
+
---
|
|
156
|
+
*PyPI and Marketplace publishing is done manually after verifying the release artifacts.*
|
|
@@ -42,15 +42,24 @@ docker-compose.override.yml
|
|
|
42
42
|
# Local-only files (plans, notes, secrets)
|
|
43
43
|
.local/
|
|
44
44
|
|
|
45
|
-
#
|
|
45
|
+
# Internal docs — blueprints, specs, build plans (private, never committed)
|
|
46
46
|
SESSION_LOG.md
|
|
47
|
+
SPEC.md
|
|
48
|
+
PLAN.md
|
|
49
|
+
PRODUCT.md
|
|
50
|
+
PITCH.md
|
|
51
|
+
COMPARISON.md
|
|
52
|
+
CLAUDE.md
|
|
53
|
+
TEST_EVIDENCE.md
|
|
47
54
|
|
|
48
55
|
# Node (in case of front-end components)
|
|
49
56
|
node_modules/
|
|
50
57
|
codetrust.db
|
|
51
58
|
codetrust-report.md
|
|
59
|
+
codetrust-results.sarif
|
|
52
60
|
|
|
53
61
|
# VS Code Extension builds
|
|
54
62
|
*.vsix
|
|
55
63
|
CTfavicon.png
|
|
56
64
|
.gitignore
|
|
65
|
+
scan_all_projects.py
|
|
@@ -5,6 +5,81 @@ All notable changes to CodeTrust will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [Unreleased]
|
|
9
|
+
|
|
10
|
+
### Added
|
|
11
|
+
|
|
12
|
+
- New `database_url_credentials` rule — catches database URLs with embedded passwords
|
|
13
|
+
(e.g. `postgresql+asyncpg://user:pass@host/db`). Handles `+asyncpg`, `+pymysql`, etc.
|
|
14
|
+
- Path alias test (`test_path_alias_skipped`) for `@/`, `~/`, `#/` aliases
|
|
15
|
+
|
|
16
|
+
### Fixed
|
|
17
|
+
|
|
18
|
+
- `hardcoded_secret` rule now handles Python type annotations (`secret_key: str = "change-me"`)
|
|
19
|
+
and compound names (`secret_key`, `secret_token`, etc.)
|
|
20
|
+
- `api_key_in_config` rule no longer restricted to `.yml/.yaml/.toml/.json` — applies to all files
|
|
21
|
+
- `api_key_in_config` rule now handles Python type annotations
|
|
22
|
+
- JS/TS import verification no longer flags `@/components`, `@/lib`, `~/config`, `#/db`
|
|
23
|
+
as hallucinated packages — these are Next.js/Vite/TypeScript path aliases
|
|
24
|
+
- Rule count updated: 76 scan + 57 gateway = 133 total
|
|
25
|
+
- Test count: 1315
|
|
26
|
+
|
|
27
|
+
---
|
|
28
|
+
|
|
29
|
+
## [2.2.4] - 2026-02-13
|
|
30
|
+
|
|
31
|
+
### Fixed
|
|
32
|
+
|
|
33
|
+
- Removed public release-process text from root README to keep product-facing docs clean
|
|
34
|
+
- Strengthened release sync guard to validate version parity across extension/package, pyproject,
|
|
35
|
+
changelog, and website (without depending on public README strings)
|
|
36
|
+
- Synced release-prep versioning across backend/API docs/site to `2.2.4`
|
|
37
|
+
|
|
38
|
+
### Changed
|
|
39
|
+
|
|
40
|
+
- Prepared manual release candidate `2.2.4` locally (no deploy, no push)
|
|
41
|
+
|
|
42
|
+
---
|
|
43
|
+
|
|
44
|
+
## [2.2.3] - 2026-02-13
|
|
45
|
+
|
|
46
|
+
### Fixed
|
|
47
|
+
|
|
48
|
+
- VS Code extension lint blockers resolved:
|
|
49
|
+
- removed unnecessary regex escape in embedded scanner rules
|
|
50
|
+
- added explicit return types for registered command handlers
|
|
51
|
+
- removed unused status bar variable
|
|
52
|
+
- Dashboard build blockers resolved:
|
|
53
|
+
- added missing dependency `@next-auth/prisma-adapter`
|
|
54
|
+
- updated Stripe API version typing in webhook route
|
|
55
|
+
- deferred Stripe client initialization to request-time with env validation to avoid build-time failure
|
|
56
|
+
|
|
57
|
+
### Released
|
|
58
|
+
|
|
59
|
+
- Published to VS Code Marketplace: `SaidBorna.codetrust` **v2.2.3**
|
|
60
|
+
- PyPI release remains pending (Python package version unchanged)
|
|
61
|
+
|
|
62
|
+
---
|
|
63
|
+
|
|
64
|
+
## [2.2.2] - 2026-02-13
|
|
65
|
+
|
|
66
|
+
### Security
|
|
67
|
+
|
|
68
|
+
- Removed 7 internal blueprint documents (SPEC, PLAN, PRODUCT, PITCH, COMPARISON, CLAUDE, TEST_EVIDENCE) from git tracking — contained implementation details, class names, file paths, and build plans
|
|
69
|
+
- Removed Railway deployment URL from landing page — replaced with custom domain
|
|
70
|
+
- Removed internal module path (`python -m src.server`) from landing page
|
|
71
|
+
- Removed scoring implementation details (penalty multiplier, data retention count) from landing page
|
|
72
|
+
- Landing page stats endpoint switched to custom domain
|
|
73
|
+
|
|
74
|
+
### Fixed
|
|
75
|
+
|
|
76
|
+
- API endpoint count corrected to 27 across all surfaces (verified from source: 27 routes in api.py)
|
|
77
|
+
- CI self-scan false positive resolved — gateway SSL rule pattern split to avoid self-matching
|
|
78
|
+
- Webhook example URLs in source code split to avoid self-scan triggers
|
|
79
|
+
- SARIF output file added to .gitignore
|
|
80
|
+
|
|
81
|
+
---
|
|
82
|
+
|
|
8
83
|
## [2.2.1] - 2026-02-13
|
|
9
84
|
|
|
10
85
|
### Fixed
|
codetrust-2.2.4/PKG-INFO
ADDED
|
@@ -0,0 +1,383 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: codetrust
|
|
3
|
+
Version: 2.2.4
|
|
4
|
+
Summary: AI code safety platform — 133 rules, 10 enforcement layers, 3 moats no other tool has. AI Governance Gateway blocks destructive AI agent actions before execution (57 real-time rules). Hallucination Detection verifies every import against PyPI/npm/crates.io/Go proxy. Trust Score tracks code safety drift over time. 27 API endpoints, 17 MCP tools, 1315 tests. CLI, VS Code extension, GitHub Action, and MCP server.
|
|
5
|
+
Project-URL: Homepage, https://codetrust.saidborna.com
|
|
6
|
+
Project-URL: Repository, https://github.com/S-Borna/codetrust
|
|
7
|
+
Project-URL: Documentation, https://codetrust.saidborna.com
|
|
8
|
+
Project-URL: Bug Tracker, https://github.com/S-Borna/codetrust/issues
|
|
9
|
+
Author-email: Said Borna <codetrust@users.noreply.github.com>
|
|
10
|
+
License-Expression: LicenseRef-Proprietary
|
|
11
|
+
License-File: LICENSE
|
|
12
|
+
Keywords: ai-safety,claude-code,code-quality,cursor,devops,governance,hallucination,kubernetes,mcp,react,sarif,security,verification
|
|
13
|
+
Classifier: Development Status :: 5 - Production/Stable
|
|
14
|
+
Classifier: Intended Audience :: Developers
|
|
15
|
+
Classifier: License :: Other/Proprietary License
|
|
16
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
17
|
+
Classifier: Topic :: Software Development :: Quality Assurance
|
|
18
|
+
Requires-Python: >=3.12
|
|
19
|
+
Requires-Dist: alembic>=1.13.0
|
|
20
|
+
Requires-Dist: asyncpg>=0.29.0
|
|
21
|
+
Requires-Dist: fastapi>=0.115.0
|
|
22
|
+
Requires-Dist: httpx>=0.27.0
|
|
23
|
+
Requires-Dist: mcp[cli]>=1.0.0
|
|
24
|
+
Requires-Dist: psycopg2-binary>=2.9.0
|
|
25
|
+
Requires-Dist: pydantic-settings>=2.0.0
|
|
26
|
+
Requires-Dist: pydantic>=2.0.0
|
|
27
|
+
Requires-Dist: pyjwt>=2.8.0
|
|
28
|
+
Requires-Dist: redis[hiredis]>=5.0.0
|
|
29
|
+
Requires-Dist: sqlalchemy[asyncio]>=2.0.0
|
|
30
|
+
Requires-Dist: stripe>=7.0.0
|
|
31
|
+
Requires-Dist: structlog>=24.0.0
|
|
32
|
+
Requires-Dist: tree-sitter-go>=0.23.0
|
|
33
|
+
Requires-Dist: tree-sitter-javascript>=0.23.0
|
|
34
|
+
Requires-Dist: tree-sitter-python>=0.23.0
|
|
35
|
+
Requires-Dist: tree-sitter-rust>=0.23.0
|
|
36
|
+
Requires-Dist: tree-sitter-typescript>=0.23.0
|
|
37
|
+
Requires-Dist: tree-sitter>=0.23.0
|
|
38
|
+
Requires-Dist: uvicorn[standard]>=0.30.0
|
|
39
|
+
Provides-Extra: dev
|
|
40
|
+
Requires-Dist: aiosqlite>=0.20.0; extra == 'dev'
|
|
41
|
+
Requires-Dist: fakeredis[json]>=2.20.0; extra == 'dev'
|
|
42
|
+
Requires-Dist: httpx[cli]>=0.27.0; extra == 'dev'
|
|
43
|
+
Requires-Dist: pytest-asyncio>=0.24.0; extra == 'dev'
|
|
44
|
+
Requires-Dist: pytest-cov>=5.0.0; extra == 'dev'
|
|
45
|
+
Requires-Dist: pytest-httpx>=0.30.0; extra == 'dev'
|
|
46
|
+
Requires-Dist: pytest>=8.0.0; extra == 'dev'
|
|
47
|
+
Requires-Dist: ruff>=0.5.0; extra == 'dev'
|
|
48
|
+
Description-Content-Type: text/markdown
|
|
49
|
+
|
|
50
|
+
<p align="center">
|
|
51
|
+
<img src="https://raw.githubusercontent.com/S-Borna/codetrust/main/docs/logo.png" alt="CodeTrust" width="420">
|
|
52
|
+
</p>
|
|
53
|
+
|
|
54
|
+
<p align="center">
|
|
55
|
+
<strong>Trust the code. Ship with proof.</strong>
|
|
56
|
+
</p>
|
|
57
|
+
|
|
58
|
+
<p align="center">
|
|
59
|
+
<a href="https://pypi.org/project/codetrust/"><img src="https://img.shields.io/pypi/v/codetrust?style=flat-square&color=38d8fd" alt="PyPI"></a>
|
|
60
|
+
<a href="https://marketplace.visualstudio.com/items?itemName=SaidBorna.codetrust"><img src="https://img.shields.io/visual-studio-marketplace/v/SaidBorna.codetrust?style=flat-square&color=5bca78" alt="VS Code Marketplace"></a>
|
|
61
|
+
<a href="LICENSE"><img src="https://img.shields.io/badge/License-Proprietary-333?style=flat-square" alt="License"></a>
|
|
62
|
+
<a href="https://github.com/S-Borna/codetrust/actions"><img src="https://img.shields.io/github/actions/workflow/status/S-Borna/codetrust/ci.yml?style=flat-square&label=CI" alt="CI"></a>
|
|
63
|
+
</p>
|
|
64
|
+
|
|
65
|
+
<p align="center">
|
|
66
|
+
<a href="https://codetrust.saidborna.com">Website</a> ·
|
|
67
|
+
<a href="https://pypi.org/project/codetrust/">PyPI</a> ·
|
|
68
|
+
<a href="https://marketplace.visualstudio.com/items?itemName=SaidBorna.codetrust">VS Code</a> ·
|
|
69
|
+
<a href="https://github.com/S-Borna/codetrust">GitHub</a> ·
|
|
70
|
+
<a href="CHANGELOG.md">Changelog</a>
|
|
71
|
+
</p>
|
|
72
|
+
|
|
73
|
+
---
|
|
74
|
+
|
|
75
|
+
## What CodeTrust Is
|
|
76
|
+
|
|
77
|
+
**AI Governance Enforcement Platform** — 133 rules across 10 enforcement layers, 17 MCP tools, 27 API endpoints. 1,315 tests.
|
|
78
|
+
|
|
79
|
+
CodeTrust prevents unsafe, hallucinated, and destructive AI-generated code from reaching production. It enforces safety across the entire development lifecycle — before execution, during development, before commit, during CI/CD, and before deployment.
|
|
80
|
+
|
|
81
|
+
CodeTrust is not a linter. It is not a formatter. It is a **governance enforcement platform** purpose-built for the era of AI-generated code, with three capabilities no existing tool provides.
|
|
82
|
+
|
|
83
|
+
---
|
|
84
|
+
|
|
85
|
+
## The Three Moats
|
|
86
|
+
|
|
87
|
+
### Moat 1: AI Governance Gateway
|
|
88
|
+
|
|
89
|
+
The Gateway intercepts AI agent actions **before execution** — not scanning files after the fact. Terminal commands, file writes, and package installs are validated against configurable policies in real-time.
|
|
90
|
+
|
|
91
|
+
57 interception rules across 9 categories: file destruction, code execution, privilege escalation, git operations, container escape, network exfiltration, secrets exposure, supply chain attacks, and resource abuse — plus content rules for file writes.
|
|
92
|
+
|
|
93
|
+
All rules are configurable. Any rule can be disabled per-project.
|
|
94
|
+
|
|
95
|
+
**Real proof:** During the development of v2.1.0, our own AI agent attempted to create a file using a heredoc pattern. The CodeTrust gateway blocked it in real-time — the product protected itself from its own builder.
|
|
96
|
+
|
|
97
|
+
### Moat 2: Hallucination Detection Engine
|
|
98
|
+
|
|
99
|
+
Every scan extracts imports from your source files and verifies them against **live package registries**. Hallucinated packages are flagged with exact file and line number.
|
|
100
|
+
|
|
101
|
+
```
|
|
102
|
+
$ codetrust scan app.py
|
|
103
|
+
|
|
104
|
+
🛡️ CodeTrust Scan
|
|
105
|
+
Files: 1 | Findings: 2
|
|
106
|
+
AI Drift Score: 87/100 (B)
|
|
107
|
+
|
|
108
|
+
🚫 BLOCK — must fix:
|
|
109
|
+
app.py:4 [import_not_found] Package 'flask_magic_utils' not found
|
|
110
|
+
on pypi — possible AI hallucination.
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
`flask_magic_utils` does not exist on PyPI. Most traditional tools do not verify imports against live registries at development time.
|
|
114
|
+
|
|
115
|
+
CodeTrust also includes static hallucination rules that detect fabricated methods, config options, CLI flags, API endpoints, environment variables, and placeholder URLs — without network access.
|
|
116
|
+
|
|
117
|
+
### Moat 3: Trust Score & Drift Tracking
|
|
118
|
+
|
|
119
|
+
A quantified safety metric that tracks your codebase over time. Not a snapshot — a trend.
|
|
120
|
+
|
|
121
|
+
- Baseline your project's safety score
|
|
122
|
+
- Track improvement or regression across commits
|
|
123
|
+
- Grade curve: A+ through F
|
|
124
|
+
- Fail CI when the score drops below your threshold
|
|
125
|
+
|
|
126
|
+
```
|
|
127
|
+
🛡️ CodeTrust Scan
|
|
128
|
+
Files: 47 | Findings: 3
|
|
129
|
+
AI Drift Score: 94/100 (A)
|
|
130
|
+
Trend: improving (+6 from baseline)
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
---
|
|
134
|
+
|
|
135
|
+
## Why CodeTrust Exists
|
|
136
|
+
|
|
137
|
+
AI writes code fast. But fast doesn't mean safe. **78% of developers** use AI coding assistants daily (2025). These tools produce failure modes that no existing tool detects:
|
|
138
|
+
|
|
139
|
+
| Failure Mode | What Happens | Who Catches It |
|
|
140
|
+
|---|---|---|
|
|
141
|
+
| **Hallucinated packages** | `pip install` fails — or worse: typosquatted malware installs | CodeTrust verifies imports against live registries |
|
|
142
|
+
| **Destructive agent commands** | `rm -rf /`, `eval()`, `curl\|sh` — data loss, RCE, supply chain compromise | CodeTrust Gateway intercepts before execution |
|
|
143
|
+
| **Ghost Docker images** | AI references images that don't exist — build breaks at 2AM | CodeTrust validates images against Docker Hub |
|
|
144
|
+
| **Invisible code drift** | AI code quality degrades gradually — no one measures it | CodeTrust tracks trust score over time |
|
|
145
|
+
|
|
146
|
+
### What existing tools miss
|
|
147
|
+
|
|
148
|
+
| Tool | What it does | What it doesn't do |
|
|
149
|
+
|---|---|---|
|
|
150
|
+
| **SonarQube** | 5,000+ quality rules | Does not intercept AI agents, verify imports, or track trust scores |
|
|
151
|
+
| **Snyk** | CVEs in known packages | Does not intercept AI agents, detect hallucinated packages, or track trust scores |
|
|
152
|
+
| **Semgrep** | Cross-file dataflow analysis | Does not intercept AI agents, verify imports against registries, or track trust scores |
|
|
153
|
+
| **Ruff / ESLint** | Code style, formatting | Does not intercept AI agents, verify imports, or track trust scores |
|
|
154
|
+
|
|
155
|
+
Unlike traditional tools, CodeTrust uniquely combines pre-execution interception, live registry verification, and quantified safety tracking.
|
|
156
|
+
|
|
157
|
+
---
|
|
158
|
+
|
|
159
|
+
## 10 Enforcement Layers
|
|
160
|
+
|
|
161
|
+
CodeTrust scans code across 10 layers covering static analysis, root cause analysis, SQL safety, AST structural analysis, container hardening, infrastructure-as-code, framework-specific rules (React, Kubernetes, CI/CD), live import verification, Docker image verification, and the real-time AI governance gateway.
|
|
162
|
+
|
|
163
|
+
**76 scan rules + 57 gateway rules = 133 total.** Every rule produces a BLOCK, WARN, or INFO verdict.
|
|
164
|
+
|
|
165
|
+
---
|
|
166
|
+
|
|
167
|
+
## Enforcement Model
|
|
168
|
+
|
|
169
|
+
CodeTrust enforces policies when integrated via MCP, pre-commit hooks, or CI/CD pipelines. Enforcement strength depends on integration point.
|
|
170
|
+
|
|
171
|
+
**Strong enforcement:**
|
|
172
|
+
|
|
173
|
+
| Integration | Guarantee |
|
|
174
|
+
|---|---|
|
|
175
|
+
| **Pre-commit hook** | Prevents unsafe commits — commit rejected until fixed |
|
|
176
|
+
| **CI/CD (GitHub Action)** | Prevents unsafe merges — PR fails required status check |
|
|
177
|
+
| **Gateway via MCP** | Prevents unsafe agent actions — command intercepted before execution |
|
|
178
|
+
|
|
179
|
+
**Advisory enforcement:**
|
|
180
|
+
|
|
181
|
+
| Integration | Behavior |
|
|
182
|
+
|---|---|
|
|
183
|
+
| **VS Code Extension** | Inline diagnostics — informs, does not block |
|
|
184
|
+
| **CLI scan** | Exit code 1 on BLOCK findings — enforcement depends on pipeline gating |
|
|
185
|
+
|
|
186
|
+
---
|
|
187
|
+
|
|
188
|
+
## When to Use CodeTrust
|
|
189
|
+
|
|
190
|
+
- **AI-assisted development** — Claude Code, GitHub Copilot, Cursor, or any AI coding assistant
|
|
191
|
+
- **CI/CD pipelines** requiring governance enforcement before merge
|
|
192
|
+
- **Preventing hallucinated dependencies** from reaching production
|
|
193
|
+
- **Blocking destructive agent actions** before they execute
|
|
194
|
+
- **Enforcing DevOps and infrastructure safety policies** across teams
|
|
195
|
+
- **Tracking code safety trends** to catch regression early
|
|
196
|
+
|
|
197
|
+
---
|
|
198
|
+
|
|
199
|
+
## Performance
|
|
200
|
+
|
|
201
|
+
| Operation | Typical Time |
|
|
202
|
+
|-----------|:------------:|
|
|
203
|
+
| Static scan (per file) | < 200ms |
|
|
204
|
+
| Gateway validation (per command) | < 5ms |
|
|
205
|
+
| Deep scan (typical project) | < 2s |
|
|
206
|
+
| Import verification (cached) | < 50ms |
|
|
207
|
+
| Production runtime overhead | Zero |
|
|
208
|
+
|
|
209
|
+
CodeTrust runs at development time only. Zero runtime overhead in production.
|
|
210
|
+
|
|
211
|
+
---
|
|
212
|
+
|
|
213
|
+
## Quick Start
|
|
214
|
+
|
|
215
|
+
```bash
|
|
216
|
+
pip install codetrust
|
|
217
|
+
cd your-project
|
|
218
|
+
codetrust init
|
|
219
|
+
codetrust scan .
|
|
220
|
+
```
|
|
221
|
+
|
|
222
|
+
`codetrust init` sets up enforcement layers in your project: pre-commit hook, GitHub Action, AI assistant rules, governance config, and audit directory.
|
|
223
|
+
|
|
224
|
+
---
|
|
225
|
+
|
|
226
|
+
## Five Ways In
|
|
227
|
+
|
|
228
|
+
| Surface | Install | What You Get |
|
|
229
|
+
|---------|---------|--------------|
|
|
230
|
+
| **CLI** | `pip install codetrust` | Full scan from terminal with exit code enforcement |
|
|
231
|
+
| **VS Code** | Install from Marketplace | Scan on save, inline diagnostics, AI governance |
|
|
232
|
+
| **GitHub Action** | `uses: S-Borna/codetrust@v2` | PR checks with SARIF upload to Security tab |
|
|
233
|
+
| **MCP Server** | 17 tools for AI agents | Claude Code / Cursor get real-time safety feedback |
|
|
234
|
+
| **REST API** | 27 endpoints with rate limiting | Integrate into any pipeline or platform |
|
|
235
|
+
|
|
236
|
+
---
|
|
237
|
+
|
|
238
|
+
## CLI Usage
|
|
239
|
+
|
|
240
|
+
```bash
|
|
241
|
+
codetrust scan app.py # Scan a file
|
|
242
|
+
codetrust scan src/ # Scan a directory
|
|
243
|
+
codetrust scan . --sarif # SARIF output for CI
|
|
244
|
+
codetrust scan . --json # JSON output
|
|
245
|
+
codetrust scan . --no-verify-imports # Skip registry checks (offline)
|
|
246
|
+
|
|
247
|
+
codetrust status # Check enforcement status
|
|
248
|
+
codetrust doctor # Diagnose installation
|
|
249
|
+
|
|
250
|
+
codetrust governance --status # Governance overview
|
|
251
|
+
codetrust governance --mode audit # Switch to audit mode
|
|
252
|
+
codetrust audit --hours 24 # Review recent actions
|
|
253
|
+
```
|
|
254
|
+
|
|
255
|
+
---
|
|
256
|
+
|
|
257
|
+
## VS Code Extension
|
|
258
|
+
|
|
259
|
+
```bash
|
|
260
|
+
code --install-extension SaidBorna.codetrust
|
|
261
|
+
```
|
|
262
|
+
|
|
263
|
+
- Scans on save (configurable)
|
|
264
|
+
- Inline diagnostics with severity levels
|
|
265
|
+
- Works fully offline — all scan rules embedded
|
|
266
|
+
- "Scan Workspace" — up to 500 files with progress UI
|
|
267
|
+
- AI governance controls built in
|
|
268
|
+
- Deep scan mode for full analysis
|
|
269
|
+
|
|
270
|
+
| Setting | Default | Description |
|
|
271
|
+
|---------|---------|-------------|
|
|
272
|
+
| `codetrust.scanOnSave` | `true` | Auto-scan on save |
|
|
273
|
+
| `codetrust.severityThreshold` | `INFO` | Minimum severity to show |
|
|
274
|
+
| `codetrust.scanType` | `static` | `static` or `deep` |
|
|
275
|
+
| `codetrust.governance.enabled` | `true` | Enable AI governance |
|
|
276
|
+
| `codetrust.governance.mode` | `enforce` | `enforce` / `audit` / `off` |
|
|
277
|
+
|
|
278
|
+
---
|
|
279
|
+
|
|
280
|
+
## GitHub Action
|
|
281
|
+
|
|
282
|
+
```yaml
|
|
283
|
+
- uses: S-Borna/codetrust@v2
|
|
284
|
+
with:
|
|
285
|
+
fail-on: block
|
|
286
|
+
scan-type: static
|
|
287
|
+
sarif: true
|
|
288
|
+
|
|
289
|
+
- uses: github/codeql-action/upload-sarif@v3
|
|
290
|
+
if: always()
|
|
291
|
+
with:
|
|
292
|
+
sarif_file: codetrust-results.sarif
|
|
293
|
+
```
|
|
294
|
+
|
|
295
|
+
BLOCK findings fail the status check. Hallucinated packages appear as inline PR annotations.
|
|
296
|
+
|
|
297
|
+
---
|
|
298
|
+
|
|
299
|
+
## MCP Server
|
|
300
|
+
|
|
301
|
+
### 17 MCP Tools
|
|
302
|
+
|
|
303
|
+
Two MCP servers — one for scanning, one for governance. Works with Claude Code, Cursor, and any MCP-compatible agent.
|
|
304
|
+
|
|
305
|
+
Add to your MCP configuration and AI agents get real-time code safety feedback, pre-action validation, post-action quality checks, import verification, and governance enforcement — all through the Model Context Protocol.
|
|
306
|
+
|
|
307
|
+
---
|
|
308
|
+
|
|
309
|
+
## Supported Languages
|
|
310
|
+
|
|
311
|
+
| Language | Static | AST | Import Verification |
|
|
312
|
+
|----------|:------:|:---:|:-------------------:|
|
|
313
|
+
| Python | ✅ | ✅ | ✅ (PyPI) |
|
|
314
|
+
| JavaScript / TypeScript | ✅ | ✅ | ✅ (npm) |
|
|
315
|
+
| Go | ✅ | ✅ | ✅ (Go proxy) |
|
|
316
|
+
| Rust | ✅ | ✅ | ✅ (crates.io) |
|
|
317
|
+
| SQL | ✅ | — | — |
|
|
318
|
+
| Dockerfile | ✅ | — | ✅ (Docker Hub) |
|
|
319
|
+
| YAML / Kubernetes | ✅ | — | — |
|
|
320
|
+
|
|
321
|
+
---
|
|
322
|
+
|
|
323
|
+
## Configuration
|
|
324
|
+
|
|
325
|
+
CodeTrust is configured via `.codetrust.toml` or `[tool.codetrust]` in `pyproject.toml`.
|
|
326
|
+
|
|
327
|
+
You can:
|
|
328
|
+
|
|
329
|
+
- Exclude paths from scanning
|
|
330
|
+
- Ignore specific rules
|
|
331
|
+
- Override severity levels
|
|
332
|
+
- Set governance mode (enforce / audit / off)
|
|
333
|
+
- Define protected files
|
|
334
|
+
- Enable or disable gateway rule categories
|
|
335
|
+
|
|
336
|
+
See `codetrust init` for a starter configuration.
|
|
337
|
+
|
|
338
|
+
---
|
|
339
|
+
|
|
340
|
+
## Security & Compliance
|
|
341
|
+
|
|
342
|
+
| Property | Description |
|
|
343
|
+
|----------|-------------|
|
|
344
|
+
| **Audit trail** | Append-only, immutable log of all governance actions |
|
|
345
|
+
| **Agent identification** | Auto-detects Claude, Copilot, Cursor, Windsurf, GitHub Actions |
|
|
346
|
+
| **Secret scanning** | Catches hardcoded secrets, private keys, and credentials |
|
|
347
|
+
| **Rate limiting** | Per-key and IP-based with sliding windows |
|
|
348
|
+
| **SSO** | Azure AD, Okta, Auth0, Google, Keycloak |
|
|
349
|
+
| **GDPR** | Data export (Art. 15) and right to erasure (Art. 17) |
|
|
350
|
+
| **SIEM export** | CEF, LEEF, Syslog, ECS JSON |
|
|
351
|
+
| **SBOM** | CycloneDX generated in CI |
|
|
352
|
+
| **Signed releases** | Sigstore signing of distributions |
|
|
353
|
+
|
|
354
|
+
---
|
|
355
|
+
|
|
356
|
+
## Distribution
|
|
357
|
+
|
|
358
|
+
| Channel | Install |
|
|
359
|
+
|---------|---------|
|
|
360
|
+
| **PyPI** | `pip install codetrust` |
|
|
361
|
+
| **VS Code Marketplace** | `code --install-extension SaidBorna.codetrust` |
|
|
362
|
+
| **GitHub Action** | `uses: S-Borna/codetrust@v2` |
|
|
363
|
+
| **Cloud API** | Available at `codetrust-api.saidborna.com` |
|
|
364
|
+
| **MCP Server** | Included in the package |
|
|
365
|
+
| **Website** | [codetrust.saidborna.com](https://codetrust.saidborna.com) |
|
|
366
|
+
|
|
367
|
+
---
|
|
368
|
+
|
|
369
|
+
## Development
|
|
370
|
+
|
|
371
|
+
```bash
|
|
372
|
+
pip install -e ".[dev]"
|
|
373
|
+
pytest tests/ -v # 1315 tests
|
|
374
|
+
ruff check src/ tests/ # zero warnings
|
|
375
|
+
```
|
|
376
|
+
|
|
377
|
+
All counts in this README are generated from source and validated in CI.
|
|
378
|
+
|
|
379
|
+
---
|
|
380
|
+
|
|
381
|
+
## License
|
|
382
|
+
|
|
383
|
+
Proprietary — Copyright (c) 2026 Said Borna. All rights reserved. See [LICENSE](LICENSE).
|