codetrust 2.3.2__tar.gz → 2.4.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (103) hide show
  1. {codetrust-2.3.2 → codetrust-2.4.0}/.env.example +18 -0
  2. {codetrust-2.3.2 → codetrust-2.4.0}/.gitignore +9 -0
  3. {codetrust-2.3.2 → codetrust-2.4.0}/CHANGELOG.md +251 -172
  4. {codetrust-2.3.2 → codetrust-2.4.0}/CONTRIBUTING.md +22 -33
  5. {codetrust-2.3.2 → codetrust-2.4.0}/PKG-INFO +295 -52
  6. {codetrust-2.3.2 → codetrust-2.4.0}/README.md +284 -46
  7. {codetrust-2.3.2 → codetrust-2.4.0}/SECURITY.md +6 -9
  8. {codetrust-2.3.2 → codetrust-2.4.0}/action/action.yml +6 -1
  9. {codetrust-2.3.2 → codetrust-2.4.0}/action/entrypoint.sh +1 -1
  10. {codetrust-2.3.2 → codetrust-2.4.0}/action/scan.py +49 -1
  11. {codetrust-2.3.2 → codetrust-2.4.0}/action/scan_runner.py +1 -1
  12. {codetrust-2.3.2 → codetrust-2.4.0}/action.yml +1 -1
  13. codetrust-2.4.0/alembic/versions/7e0e30d20d6a_add_telemetry_events.py +76 -0
  14. codetrust-2.4.0/alembic/versions/9c1f6d1a2b44_add_telemetry_raw_and_metrics_counters.py +67 -0
  15. {codetrust-2.3.2 → codetrust-2.4.0}/dashboard/.env.example +1 -1
  16. codetrust-2.4.0/metrics.json +16 -0
  17. {codetrust-2.3.2 → codetrust-2.4.0}/pyproject.toml +13 -7
  18. {codetrust-2.3.2 → codetrust-2.4.0}/scripts/validate_readme_metrics.py +1 -1
  19. {codetrust-2.3.2 → codetrust-2.4.0}/setup.sh +1 -1
  20. {codetrust-2.3.2 → codetrust-2.4.0}/smoke_test.sh +16 -0
  21. {codetrust-2.3.2 → codetrust-2.4.0}/src/api.py +1071 -117
  22. codetrust-2.4.0/src/cli.py +4039 -0
  23. {codetrust-2.3.2 → codetrust-2.4.0}/src/config.py +10 -3
  24. {codetrust-2.3.2 → codetrust-2.4.0}/src/gateway/audit.py +71 -75
  25. {codetrust-2.3.2 → codetrust-2.4.0}/src/gateway/custom_rules.py +34 -36
  26. {codetrust-2.3.2 → codetrust-2.4.0}/src/gateway/interceptor.py +278 -53
  27. {codetrust-2.3.2 → codetrust-2.4.0}/src/gateway/policies.py +102 -83
  28. {codetrust-2.3.2 → codetrust-2.4.0}/src/gateway/server.py +107 -49
  29. {codetrust-2.3.2 → codetrust-2.4.0}/src/gateway/webhooks.py +55 -44
  30. {codetrust-2.3.2 → codetrust-2.4.0}/src/middleware/ip_rate_limit.py +43 -19
  31. {codetrust-2.3.2 → codetrust-2.4.0}/src/middleware/metrics.py +50 -41
  32. codetrust-2.4.0/src/models/database.py +278 -0
  33. {codetrust-2.3.2 → codetrust-2.4.0}/src/models/enums.py +13 -0
  34. {codetrust-2.3.2 → codetrust-2.4.0}/src/models/requests.py +161 -0
  35. {codetrust-2.3.2 → codetrust-2.4.0}/src/models/responses.py +181 -0
  36. codetrust-2.4.0/src/rules/anti_patterns.py +1637 -0
  37. {codetrust-2.3.2 → codetrust-2.4.0}/src/server.py +477 -71
  38. {codetrust-2.3.2 → codetrust-2.4.0}/src/services/ast_analyzer.py +134 -1
  39. codetrust-2.4.0/src/services/autofix.py +518 -0
  40. {codetrust-2.3.2 → codetrust-2.4.0}/src/services/cache.py +7 -0
  41. codetrust-2.4.0/src/services/cross_file_analyzer.py +668 -0
  42. {codetrust-2.3.2 → codetrust-2.4.0}/src/services/database.py +189 -6
  43. codetrust-2.4.0/src/services/gdpr.py +278 -0
  44. codetrust-2.4.0/src/services/import_verifier.py +441 -0
  45. codetrust-2.4.0/src/services/license_checker.py +484 -0
  46. codetrust-2.4.0/src/services/public_stats.py +271 -0
  47. {codetrust-2.3.2 → codetrust-2.4.0}/src/services/registry.py +566 -0
  48. {codetrust-2.3.2 → codetrust-2.4.0}/src/services/sso.py +27 -22
  49. {codetrust-2.3.2 → codetrust-2.4.0}/src/services/static_analyzer.py +225 -156
  50. codetrust-2.4.0/src/services/team.py +677 -0
  51. codetrust-2.4.0/src/services/telemetry.py +715 -0
  52. codetrust-2.4.0/src/services/vulnerability.py +461 -0
  53. codetrust-2.4.0/src/telemetry_client.py +111 -0
  54. {codetrust-2.3.2 → codetrust-2.4.0}/src/utils/parsers.py +400 -0
  55. {codetrust-2.3.2 → codetrust-2.4.0}/src/utils/similarity.py +188 -0
  56. codetrust-2.3.2/metrics.json +0 -16
  57. codetrust-2.3.2/src/cli.py +0 -3052
  58. codetrust-2.3.2/src/models/database.py +0 -127
  59. codetrust-2.3.2/src/rules/anti_patterns.py +0 -639
  60. codetrust-2.3.2/src/services/gdpr.py +0 -278
  61. codetrust-2.3.2/src/services/import_verifier.py +0 -315
  62. {codetrust-2.3.2 → codetrust-2.4.0}/.codetrust.toml +0 -0
  63. {codetrust-2.3.2 → codetrust-2.4.0}/.cursorrules +0 -0
  64. {codetrust-2.3.2 → codetrust-2.4.0}/Dockerfile +0 -0
  65. {codetrust-2.3.2 → codetrust-2.4.0}/LICENSE +0 -0
  66. {codetrust-2.3.2 → codetrust-2.4.0}/Procfile +0 -0
  67. {codetrust-2.3.2 → codetrust-2.4.0}/alembic/README +0 -0
  68. {codetrust-2.3.2 → codetrust-2.4.0}/alembic/env.py +0 -0
  69. {codetrust-2.3.2 → codetrust-2.4.0}/alembic/script.py.mako +0 -0
  70. {codetrust-2.3.2 → codetrust-2.4.0}/alembic/versions/b74aff4dff57_initial_schema_users_api_keys_scan_logs_.py +0 -0
  71. {codetrust-2.3.2 → codetrust-2.4.0}/alembic.ini +0 -0
  72. {codetrust-2.3.2 → codetrust-2.4.0}/docker-compose.yml +0 -0
  73. {codetrust-2.3.2 → codetrust-2.4.0}/hooks/pre-commit +0 -0
  74. {codetrust-2.3.2 → codetrust-2.4.0}/icon.png +0 -0
  75. {codetrust-2.3.2 → codetrust-2.4.0}/railway.toml +0 -0
  76. {codetrust-2.3.2 → codetrust-2.4.0}/scripts/export_openapi.py +0 -0
  77. {codetrust-2.3.2 → codetrust-2.4.0}/scripts/generate_icons.py +0 -0
  78. {codetrust-2.3.2 → codetrust-2.4.0}/scripts/generate_metrics.py +0 -0
  79. {codetrust-2.3.2 → codetrust-2.4.0}/src/__init__.py +0 -0
  80. {codetrust-2.3.2 → codetrust-2.4.0}/src/formatters/__init__.py +0 -0
  81. {codetrust-2.3.2 → codetrust-2.4.0}/src/formatters/sarif.py +0 -0
  82. {codetrust-2.3.2 → codetrust-2.4.0}/src/gateway/__init__.py +0 -0
  83. {codetrust-2.3.2 → codetrust-2.4.0}/src/gateway/siem.py +0 -0
  84. {codetrust-2.3.2 → codetrust-2.4.0}/src/middleware/__init__.py +0 -0
  85. {codetrust-2.3.2 → codetrust-2.4.0}/src/models/__init__.py +0 -0
  86. {codetrust-2.3.2 → codetrust-2.4.0}/src/rules/__init__.py +0 -0
  87. {codetrust-2.3.2 → codetrust-2.4.0}/src/rules/enterprise.py +0 -0
  88. {codetrust-2.3.2 → codetrust-2.4.0}/src/services/__init__.py +0 -0
  89. {codetrust-2.3.2 → codetrust-2.4.0}/src/services/auth.py +0 -0
  90. {codetrust-2.3.2 → codetrust-2.4.0}/src/services/billing.py +0 -0
  91. {codetrust-2.3.2 → codetrust-2.4.0}/src/services/docker_verify.py +0 -0
  92. {codetrust-2.3.2 → codetrust-2.4.0}/src/services/rate_limiter.py +0 -0
  93. {codetrust-2.3.2 → codetrust-2.4.0}/src/services/sandbox.py +0 -0
  94. {codetrust-2.3.2 → codetrust-2.4.0}/src/services/tenant.py +0 -0
  95. {codetrust-2.3.2 → codetrust-2.4.0}/src/templates/CLAUDE.md +0 -0
  96. {codetrust-2.3.2 → codetrust-2.4.0}/src/templates/__init__.py +0 -0
  97. {codetrust-2.3.2 → codetrust-2.4.0}/src/templates/codetrust-scan.yml +0 -0
  98. {codetrust-2.3.2 → codetrust-2.4.0}/src/templates/codetrust.schema.json +0 -0
  99. {codetrust-2.3.2 → codetrust-2.4.0}/src/templates/codetrust.toml +0 -0
  100. {codetrust-2.3.2 → codetrust-2.4.0}/src/templates/cursorrules +0 -0
  101. {codetrust-2.3.2 → codetrust-2.4.0}/src/templates/pre-commit +0 -0
  102. {codetrust-2.3.2 → codetrust-2.4.0}/src/templates/taplo.toml +0 -0
  103. {codetrust-2.3.2 → codetrust-2.4.0}/src/utils/__init__.py +0 -0
{codetrust-2.3.2 → codetrust-2.4.0}/.env.example RENAMED
@@ -69,6 +69,24 @@ CODETRUST_JWT_EXPIRE_MINUTES=1440
69
69
  # --- Dashboard ---
70
70
  CODETRUST_DASHBOARD_URL=http://localhost:3000
71
71
 
72
+ # --- External Stats ---
73
+ # Pepy.tech API key for PyPI download stats (https://pepy.tech/account)
74
+ CODETRUST_PEPY_API_KEY=
75
+
72
76
  # --- SARIF ---
73
77
  CODETRUST_SARIF_SCHEMA_URL=https://json.schemastore.org/sarif-2.1.0.json
74
78
  CODETRUST_TOOL_INFO_URI=https://github.com/codetrust-ai/codetrust
79
+
80
+ # --- OIDC / SSO (Azure AD, Okta, Auth0, Google, Keycloak) ---
81
+ CODETRUST_OIDC_ISSUER=
82
+ CODETRUST_OIDC_CLIENT_ID=
83
+ CODETRUST_OIDC_CLIENT_SECRET=
84
+ CODETRUST_OIDC_REDIRECT_URI=
85
+ CODETRUST_OIDC_SCOPES=openid profile email
86
+
87
+ # --- IP Rate Limiting ---
88
+ CODETRUST_IP_RATE_LIMIT=600
89
+ CODETRUST_IP_BURST_LIMIT=200
90
+ CODETRUST_IP_BURST_WINDOW=10
91
+ CODETRUST_IP_BAN_THRESHOLD=10
92
+ CODETRUST_IP_BAN_DURATION=120
{codetrust-2.3.2 → codetrust-2.4.0}/.gitignore RENAMED
@@ -61,3 +61,12 @@ codetrust-results.sarif
61
61
  # VS Code Extension builds
62
62
  *.vsix
63
63
  CTfavicon.png
64
+
65
+ # Generated docs
66
+ docs/CODETRUST_OVERVIEW.md
67
+ docs/CODETRUST_OVERVIEW.pdf
68
+ docs/_generate_pdf.py
69
+
70
+ # Internal docs — not part of published product
71
+ docs/CODETRUST_OVERVIEW.md
72
+ docs/RELEASE_CHECKLIST.md