codetrust 2.3.0__tar.gz → 2.3.2__tar.gz

{codetrust-2.3.0 → codetrust-2.3.2}/CHANGELOG.md

@@ -13,7 +13,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ---
 
-## [2.3.0] - 2026-02-16
+## [2.3.2] - 2026-02-16
+
+### Fixed
+
+- Release surfaces synced: docs/README/action snippets updated to a single tag
+- VS Code extension settings/help text clarified (no "localhost" in public-facing descriptions)
+
+## [2.3.1] - 2026-02-16
 
 ### Added
 

{codetrust-2.3.0 → codetrust-2.3.2}/CONTRIBUTING.md

@@ -20,8 +20,8 @@ interactions.
 ### Development Setup
 
 ```bash
-# Clone the repository
-git clone https://github.com/S-Borna/codetrust.git
+# Clone the repository (private)
+# Request access via the website, then clone using your internal remote URL
 cd codetrust
 
 # Create virtual environment
@@ -51,13 +51,13 @@ npm run compile
 
 ### Reporting Bugs
 
-1. Check existing [issues](https://github.com/S-Borna/codetrust/issues) first
-2. Use the bug report template
-3. Include: Python version, OS, steps to reproduce, expected vs actual behavior
+1. Report issues privately (the repository is not public)
+2. Include: Python version, OS, steps to reproduce, expected vs actual behavior
+3. Website: <https://codetrust.saidborna.com>
 
 ### Suggesting Features
 
-1. Open a [discussion](https://github.com/S-Borna/codetrust/discussions) first
+1. Send feature requests privately (the repository is not public)
 2. Describe the use case, not just the solution
 3. Be specific about which component (CLI, API, Extension, Gateway)
 
@@ -154,5 +154,5 @@ contributions will be licensed under the same terms as the project.
 
 ## Questions?
 
-- Open a [GitHub Discussion](https://github.com/S-Borna/codetrust/discussions)
+- Website: <https://codetrust.saidborna.com>
 - Email: <codetrust@saidborna.com>

{codetrust-2.3.0 → codetrust-2.3.2}/PKG-INFO

@@ -1,12 +1,11 @@
 Metadata-Version: 2.4
 Name: codetrust
-Version: 2.3.0
+Version: 2.3.2
 Summary: AI code safety platform — 133 rules, 10 enforcement layers, 3 moats no other tool has. AI Governance Gateway blocks destructive AI agent actions before execution (57 real-time rules). Hallucination Detection verifies every import against PyPI/npm/crates.io/Go proxy. Trust Score tracks code safety drift over time. 27 API endpoints, 17 MCP tools, 1358 tests. CLI, VS Code extension, GitHub Action, and MCP server.
 Project-URL: Homepage, https://codetrust.saidborna.com
-Project-URL: Repository, https://github.com/S-Borna/codetrust
 Project-URL: Documentation, https://codetrust.saidborna.com
-Project-URL: Bug Tracker, https://github.com/S-Borna/codetrust/issues
-Author-email: Said Borna <codetrust@users.noreply.github.com>
+Project-URL: Support, https://codetrust.saidborna.com
+Author-email: Said Borna <codetrust@saidborna.com>
 License-Expression: LicenseRef-Proprietary
 License-File: LICENSE
 Keywords: ai-safety,claude-code,code-quality,cursor,devops,governance,hallucination,kubernetes,mcp,react,sarif,security,verification
@@ -56,21 +55,19 @@ Description-Content-Type: text/markdown
 </p>
 
 <p align="center">
-  <code>Current: v2.3.0</code> &middot; <code>1358 tests</code> &middot; <code>133 rules</code> &middot; <code>10 layers</code>
+  <code>Current: v2.3.2</code> &middot; <code>1358 tests</code> &middot; <code>133 rules</code> &middot; <code>10 layers</code>
 </p>
 
 <p align="center">
   <a href="https://pypi.org/project/codetrust/"><img src="https://img.shields.io/pypi/v/codetrust?style=flat-square&color=38d8fd" alt="PyPI"></a>
   <a href="https://marketplace.visualstudio.com/items?itemName=SaidBorna.codetrust"><img src="https://img.shields.io/visual-studio-marketplace/v/SaidBorna.codetrust?style=flat-square&color=5bca78" alt="VS Code Marketplace"></a>
   <a href="LICENSE"><img src="https://img.shields.io/badge/License-Proprietary-333?style=flat-square" alt="License"></a>
-  <a href="https://github.com/S-Borna/codetrust/actions"><img src="https://img.shields.io/github/actions/workflow/status/S-Borna/codetrust/ci.yml?style=flat-square&label=CI" alt="CI"></a>
 </p>
 
 <p align="center">
   <a href="https://codetrust.saidborna.com">Website</a> &middot;
   <a href="https://pypi.org/project/codetrust/">PyPI</a> &middot;
   <a href="https://marketplace.visualstudio.com/items?itemName=SaidBorna.codetrust">VS Code</a> &middot;
-  <a href="https://github.com/S-Borna/codetrust">GitHub</a> &middot;
   <a href="CHANGELOG.md">Changelog</a>
 </p>
 
@@ -233,7 +230,7 @@ codetrust scan .
 |---------|---------|--------------|
 | **CLI** | `pip install codetrust` | Full scan from terminal with exit code enforcement |
 | **VS Code** | Install from Marketplace | Scan on save, inline diagnostics, AI governance |
-| **GitHub Action** | `uses: S-Borna/codetrust@v2.3.0` | PR checks with SARIF upload to Security tab |
+| **GitHub Action** | `uses: S-Borna/codetrust@v2.3.2` | PR checks with SARIF upload to Security tab |
 | **MCP Server** | 17 tools for AI agents | Claude Code / Cursor get real-time safety feedback |
 | **REST API** | 27 endpoints with rate limiting | Integrate into any pipeline or platform |
 
@@ -286,8 +283,8 @@ code --install-extension SaidBorna.codetrust
 
 | Setting | Default | Description |
 |---------|---------|-------------|
-| `codetrust.apiUrl` | `https://codetrust-api-production.up.railway.app` | API server URL (or `http://localhost:8000` self-hosted) |
-| `codetrust.apiKey` | `""` | API key for authentication (`X-API-Key`) |
+| `codetrust.apiUrl` | `https://codetrust-api.saidborna.com` | API server URL |
+| `codetrust.apiKey` | `""` | Deprecated: stored in VS Code Secret Storage. Use Guided Onboarding to set it |
 | `codetrust.scanOnSave` | `true` | Auto-scan on save |
 | `codetrust.scanOnType` | `false` | Scan while typing (embedded offline scanner) |
 | `codetrust.scanOnTypeDebounceMs` | `600` | Debounce delay for scan while typing |
@@ -299,6 +296,8 @@ code --install-extension SaidBorna.codetrust
 | `codetrust.governance.enabled` | `true` | Enable AI governance |
 | `codetrust.governance.mode` | `enforce` | `enforce` / `audit` / `off` |
 
+Self-hosting: set `codetrust.apiUrl` to your own API base URL.
+
 ---
 
 ## GitHub Action
@@ -314,7 +313,7 @@ permissions:
 ```
 
 ```yaml
-- uses: S-Borna/codetrust@v2.3.0
+- uses: S-Borna/codetrust@v2.3.2
   with:
     fail-on: block
     scan-type: static
@@ -396,7 +395,7 @@ See `codetrust init` for a starter configuration.
 |---------|---------|
 | **PyPI** | `pip install codetrust` |
 | **VS Code Marketplace** | `code --install-extension SaidBorna.codetrust` |
-| **GitHub Action** | `uses: S-Borna/codetrust@v2.3.0` |
+| **GitHub Action** | `uses: S-Borna/codetrust@v2.3.2` |
 | **Cloud API** | Available at `codetrust-api.saidborna.com` |
 | **MCP Server** | Included in the package |
 | **Website** | [codetrust.saidborna.com](https://codetrust.saidborna.com) |

{codetrust-2.3.0 → codetrust-2.3.2}/README.md

@@ -7,21 +7,19 @@
 </p>
 
 <p align="center">
-  <code>Current: v2.3.0</code> &middot; <code>1358 tests</code> &middot; <code>133 rules</code> &middot; <code>10 layers</code>
+  <code>Current: v2.3.2</code> &middot; <code>1358 tests</code> &middot; <code>133 rules</code> &middot; <code>10 layers</code>
 </p>
 
 <p align="center">
   <a href="https://pypi.org/project/codetrust/"><img src="https://img.shields.io/pypi/v/codetrust?style=flat-square&color=38d8fd" alt="PyPI"></a>
   <a href="https://marketplace.visualstudio.com/items?itemName=SaidBorna.codetrust"><img src="https://img.shields.io/visual-studio-marketplace/v/SaidBorna.codetrust?style=flat-square&color=5bca78" alt="VS Code Marketplace"></a>
   <a href="LICENSE"><img src="https://img.shields.io/badge/License-Proprietary-333?style=flat-square" alt="License"></a>
-  <a href="https://github.com/S-Borna/codetrust/actions"><img src="https://img.shields.io/github/actions/workflow/status/S-Borna/codetrust/ci.yml?style=flat-square&label=CI" alt="CI"></a>
 </p>
 
 <p align="center">
   <a href="https://codetrust.saidborna.com">Website</a> &middot;
   <a href="https://pypi.org/project/codetrust/">PyPI</a> &middot;
   <a href="https://marketplace.visualstudio.com/items?itemName=SaidBorna.codetrust">VS Code</a> &middot;
-  <a href="https://github.com/S-Borna/codetrust">GitHub</a> &middot;
   <a href="CHANGELOG.md">Changelog</a>
 </p>
 
@@ -184,7 +182,7 @@ codetrust scan .
 |---------|---------|--------------|
 | **CLI** | `pip install codetrust` | Full scan from terminal with exit code enforcement |
 | **VS Code** | Install from Marketplace | Scan on save, inline diagnostics, AI governance |
-| **GitHub Action** | `uses: S-Borna/codetrust@v2.3.0` | PR checks with SARIF upload to Security tab |
+| **GitHub Action** | `uses: S-Borna/codetrust@v2.3.2` | PR checks with SARIF upload to Security tab |
 | **MCP Server** | 17 tools for AI agents | Claude Code / Cursor get real-time safety feedback |
 | **REST API** | 27 endpoints with rate limiting | Integrate into any pipeline or platform |
 
@@ -237,8 +235,8 @@ code --install-extension SaidBorna.codetrust
 
 | Setting | Default | Description |
 |---------|---------|-------------|
-| `codetrust.apiUrl` | `https://codetrust-api-production.up.railway.app` | API server URL (or `http://localhost:8000` self-hosted) |
-| `codetrust.apiKey` | `""` | API key for authentication (`X-API-Key`) |
+| `codetrust.apiUrl` | `https://codetrust-api.saidborna.com` | API server URL |
+| `codetrust.apiKey` | `""` | Deprecated: stored in VS Code Secret Storage. Use Guided Onboarding to set it |
 | `codetrust.scanOnSave` | `true` | Auto-scan on save |
 | `codetrust.scanOnType` | `false` | Scan while typing (embedded offline scanner) |
 | `codetrust.scanOnTypeDebounceMs` | `600` | Debounce delay for scan while typing |
@@ -250,6 +248,8 @@ code --install-extension SaidBorna.codetrust
 | `codetrust.governance.enabled` | `true` | Enable AI governance |
 | `codetrust.governance.mode` | `enforce` | `enforce` / `audit` / `off` |
 
+Self-hosting: set `codetrust.apiUrl` to your own API base URL.
+
 ---
 
 ## GitHub Action
@@ -265,7 +265,7 @@ permissions:
 ```
 
 ```yaml
-- uses: S-Borna/codetrust@v2.3.0
+- uses: S-Borna/codetrust@v2.3.2
   with:
     fail-on: block
     scan-type: static
@@ -347,7 +347,7 @@ See `codetrust init` for a starter configuration.
 |---------|---------|
 | **PyPI** | `pip install codetrust` |
 | **VS Code Marketplace** | `code --install-extension SaidBorna.codetrust` |
-| **GitHub Action** | `uses: S-Borna/codetrust@v2.3.0` |
+| **GitHub Action** | `uses: S-Borna/codetrust@v2.3.2` |
 | **Cloud API** | Available at `codetrust-api.saidborna.com` |
 | **MCP Server** | Included in the package |
 | **Website** | [codetrust.saidborna.com](https://codetrust.saidborna.com) |

{codetrust-2.3.0 → codetrust-2.3.2}/SECURITY.md

@@ -39,7 +39,7 @@ vulnerability, please report it responsibly.
 The following are in scope:
 
 - **CodeTrust CLI** (`pip install codetrust`)
-- **CodeTrust API** (codetrust-api-production.up.railway.app)
+- **CodeTrust API** (codetrust-api.saidborna.com)
 - **CodeTrust VS Code Extension** (SaidBorna.codetrust)
 - **CodeTrust MCP Server** (codetrust-mcp)
 - **AI Governance Gateway** (src/gateway/)

{codetrust-2.3.0 → codetrust-2.3.2}/action/action.yml

@@ -10,7 +10,7 @@ inputs:
   api-url:
     description: "CodeTrust API URL"
     required: false
-    default: "https://codetrust-api-production.up.railway.app"
+    default: "https://codetrust-api.saidborna.com"
   api-key:
     description: "CodeTrust API key for cloud scanning"
     required: false

{codetrust-2.3.0 → codetrust-2.3.2}/action/scan_runner.py

@@ -168,7 +168,7 @@ def parse_args() -> argparse.Namespace:
         help="Hard gate: auto (default), always, or never. When enabled on PRs, gates only on new findings vs base SHA.",
     )
     parser.add_argument("--api-key", default="")
-    parser.add_argument("--api-url", default="https://codetrust-api-production.up.railway.app")
+    parser.add_argument("--api-url", default="https://codetrust-api.saidborna.com")
     return parser.parse_args()
 
 

{codetrust-2.3.0 → codetrust-2.3.2}/metrics.json

@@ -1,5 +1,5 @@
 {
-  "version": "2.3.0",
+  "version": "2.3.2",
   "generated_at": "2026-02-16T00:04:20.995682+00:00",
   "scan_rules": 76,
   "enterprise_rule_ids": 4,

{codetrust-2.3.0 → codetrust-2.3.2}/pyproject.toml

@@ -4,13 +4,13 @@ build-backend = "hatchling.build"
 
 [project]
 name = "codetrust"
-version = "2.3.0"
+version = "2.3.2"
 description = "AI code safety platform — 133 rules, 10 enforcement layers, 3 moats no other tool has. AI Governance Gateway blocks destructive AI agent actions before execution (57 real-time rules). Hallucination Detection verifies every import against PyPI/npm/crates.io/Go proxy. Trust Score tracks code safety drift over time. 27 API endpoints, 17 MCP tools, 1358 tests. CLI, VS Code extension, GitHub Action, and MCP server."
 readme = "README.md"
 license = "LicenseRef-Proprietary"
 requires-python = ">=3.12"
 authors = [
-    { name = "Said Borna", email = "codetrust@users.noreply.github.com" },
+    { name = "Said Borna", email = "codetrust@saidborna.com" },
 ]
 keywords = ["mcp", "ai-safety", "governance", "code-quality", "verification", "hallucination", "claude-code", "cursor", "devops", "react", "kubernetes", "sarif", "security"]
 classifiers = [
@@ -57,9 +57,8 @@ dependencies = [
 
 [project.urls]
 Homepage = "https://codetrust.saidborna.com"
-Repository = "https://github.com/S-Borna/codetrust"
 Documentation = "https://codetrust.saidborna.com"
-"Bug Tracker" = "https://github.com/S-Borna/codetrust/issues"
+Support = "https://codetrust.saidborna.com"
 
 [project.optional-dependencies]
 dev = [

{codetrust-2.3.0 → codetrust-2.3.2}/src/config.py

@@ -13,7 +13,7 @@ class Settings(BaseSettings):
     host: str = "0.0.0.0"
     port: int = 8000
     debug: bool = False
-    version: str = "2.3.0"
+    version: str = "2.3.2"
 
     # --- Auth ---
     api_key: str = ""  # Empty = no auth required (local dev)
@@ -97,7 +97,7 @@ class Settings(BaseSettings):
 
     # --- SARIF ---
     sarif_schema_url: str = "https://json.schemastore.org/sarif-2.1.0.json"
-    tool_info_uri: str = "https://github.com/codetrust-ai/codetrust"
+    tool_info_uri: str = "https://codetrust.saidborna.com"
 
 
 settings = Settings()