deadpush 0.2.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- deadpush-0.2.0/.github/workflows/ci.yml +36 -0
- deadpush-0.2.0/.github/workflows/python-publish.yml +57 -0
- deadpush-0.2.0/.gitignore +221 -0
- deadpush-0.2.0/AGENT.md +106 -0
- deadpush-0.2.0/CHANGELOG.md +16 -0
- deadpush-0.2.0/CODE_OF_CONDUCT.md +43 -0
- deadpush-0.2.0/CONTRIBUTING.md +38 -0
- deadpush-0.2.0/LICENSE +21 -0
- deadpush-0.2.0/PKG-INFO +230 -0
- deadpush-0.2.0/README.md +188 -0
- deadpush-0.2.0/action.yml +34 -0
- deadpush-0.2.0/deadpush/__init__.py +1 -0
- deadpush-0.2.0/deadpush/churn.py +189 -0
- deadpush-0.2.0/deadpush/cli.py +1584 -0
- deadpush-0.2.0/deadpush/comments.py +265 -0
- deadpush-0.2.0/deadpush/complexity.py +254 -0
- deadpush-0.2.0/deadpush/config.py +284 -0
- deadpush-0.2.0/deadpush/crawler.py +133 -0
- deadpush-0.2.0/deadpush/deadness.py +477 -0
- deadpush-0.2.0/deadpush/debris.py +729 -0
- deadpush-0.2.0/deadpush/deps.py +323 -0
- deadpush-0.2.0/deadpush/deps_guard.py +382 -0
- deadpush-0.2.0/deadpush/entrypoints.py +193 -0
- deadpush-0.2.0/deadpush/graph.py +401 -0
- deadpush-0.2.0/deadpush/guard.py +1386 -0
- deadpush-0.2.0/deadpush/hooks.py +369 -0
- deadpush-0.2.0/deadpush/importgraph.py +122 -0
- deadpush-0.2.0/deadpush/imports.py +239 -0
- deadpush-0.2.0/deadpush/intercept.py +995 -0
- deadpush-0.2.0/deadpush/languages/__init__.py +143 -0
- deadpush-0.2.0/deadpush/languages/base.py +70 -0
- deadpush-0.2.0/deadpush/languages/cpp.py +150 -0
- deadpush-0.2.0/deadpush/languages/go_.py +177 -0
- deadpush-0.2.0/deadpush/languages/java.py +185 -0
- deadpush-0.2.0/deadpush/languages/javascript.py +202 -0
- deadpush-0.2.0/deadpush/languages/python_.py +278 -0
- deadpush-0.2.0/deadpush/languages/rust.py +147 -0
- deadpush-0.2.0/deadpush/languages/typescript.py +192 -0
- deadpush-0.2.0/deadpush/layers.py +197 -0
- deadpush-0.2.0/deadpush/mcp_server.py +1061 -0
- deadpush-0.2.0/deadpush/reachability.py +183 -0
- deadpush-0.2.0/deadpush/registration.py +280 -0
- deadpush-0.2.0/deadpush/report.py +113 -0
- deadpush-0.2.0/deadpush/rules.py +190 -0
- deadpush-0.2.0/deadpush/sarif.py +123 -0
- deadpush-0.2.0/deadpush/scorer.py +151 -0
- deadpush-0.2.0/deadpush/security.py +187 -0
- deadpush-0.2.0/deadpush/session.py +224 -0
- deadpush-0.2.0/deadpush/tests.py +333 -0
- deadpush-0.2.0/deadpush/ui.py +156 -0
- deadpush-0.2.0/deadpush/verifier.py +168 -0
- deadpush-0.2.0/deadpush/watch.py +103 -0
- deadpush-0.2.0/pyproject.toml +60 -0
- deadpush-0.2.0/scripts/full_e2e_test.py +510 -0
- deadpush-0.2.0/tests/__init__.py +0 -0
- deadpush-0.2.0/tests/conftest.py +32 -0
- deadpush-0.2.0/tests/test_comments.py +169 -0
- deadpush-0.2.0/tests/test_deps_guard.py +352 -0
- deadpush-0.2.0/tests/test_exhaustive.py +953 -0
- deadpush-0.2.0/tests/test_intercept_guardrails.py +381 -0
- deadpush-0.2.0/tests/test_layers.py +90 -0
- deadpush-0.2.0/tests/test_mcp.py +617 -0
- deadpush-0.2.0/tests/test_real_repo_e2e.py +517 -0
- deadpush-0.2.0/tests/test_rules.py +120 -0
- deadpush-0.2.0/tests/test_tests_analyzer.py +114 -0
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
name: CI
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches: [main]
|
|
6
|
+
pull_request:
|
|
7
|
+
branches: [main]
|
|
8
|
+
|
|
9
|
+
env:
|
|
10
|
+
PYTHONUTF8: "1"
|
|
11
|
+
|
|
12
|
+
jobs:
|
|
13
|
+
test:
|
|
14
|
+
runs-on: ubuntu-latest
|
|
15
|
+
strategy:
|
|
16
|
+
fail-fast: false
|
|
17
|
+
matrix:
|
|
18
|
+
python-version: ["3.11", "3.12", "3.13"]
|
|
19
|
+
|
|
20
|
+
steps:
|
|
21
|
+
- uses: actions/checkout@v4
|
|
22
|
+
|
|
23
|
+
- name: Install uv
|
|
24
|
+
uses: astral-sh/setup-uv@v5
|
|
25
|
+
with:
|
|
26
|
+
python-version: ${{ matrix.python-version }}
|
|
27
|
+
enable-cache: true
|
|
28
|
+
|
|
29
|
+
- name: Install dependencies
|
|
30
|
+
run: uv sync --extra dev
|
|
31
|
+
|
|
32
|
+
- name: Lint with ruff (non-blocking)
|
|
33
|
+
run: uv run ruff check deadpush/ tests/ || true
|
|
34
|
+
|
|
35
|
+
- name: Run tests
|
|
36
|
+
run: uv run pytest
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
# This workflow will upload a Python Package to PyPI when a release is created.
|
|
2
|
+
# Requires a PyPI trusted publisher configured for the project.
|
|
3
|
+
# See: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries
|
|
4
|
+
|
|
5
|
+
name: Upload Python Package
|
|
6
|
+
|
|
7
|
+
on:
|
|
8
|
+
release:
|
|
9
|
+
types: [published]
|
|
10
|
+
|
|
11
|
+
permissions:
|
|
12
|
+
contents: read
|
|
13
|
+
|
|
14
|
+
jobs:
|
|
15
|
+
release-build:
|
|
16
|
+
runs-on: ubuntu-latest
|
|
17
|
+
|
|
18
|
+
steps:
|
|
19
|
+
- uses: actions/checkout@v4
|
|
20
|
+
|
|
21
|
+
- uses: actions/setup-python@v5
|
|
22
|
+
with:
|
|
23
|
+
python-version: "3.x"
|
|
24
|
+
|
|
25
|
+
- name: Build release distributions
|
|
26
|
+
run: |
|
|
27
|
+
python -m pip install build
|
|
28
|
+
python -m build
|
|
29
|
+
|
|
30
|
+
- name: Upload distributions
|
|
31
|
+
uses: actions/upload-artifact@v4
|
|
32
|
+
with:
|
|
33
|
+
name: release-dists
|
|
34
|
+
path: dist/
|
|
35
|
+
|
|
36
|
+
pypi-publish:
|
|
37
|
+
runs-on: ubuntu-latest
|
|
38
|
+
needs:
|
|
39
|
+
- release-build
|
|
40
|
+
permissions:
|
|
41
|
+
id-token: write
|
|
42
|
+
|
|
43
|
+
environment:
|
|
44
|
+
name: pypi
|
|
45
|
+
url: https://pypi.org/project/deadpush/
|
|
46
|
+
|
|
47
|
+
steps:
|
|
48
|
+
- name: Retrieve release distributions
|
|
49
|
+
uses: actions/download-artifact@v4
|
|
50
|
+
with:
|
|
51
|
+
name: release-dists
|
|
52
|
+
path: dist/
|
|
53
|
+
|
|
54
|
+
- name: Publish release distributions to PyPI
|
|
55
|
+
uses: pypa/gh-action-pypi-publish@release/v1
|
|
56
|
+
with:
|
|
57
|
+
packages-dir: dist/
|
|
@@ -0,0 +1,221 @@
|
|
|
1
|
+
# Byte-compiled / optimized / DLL files
|
|
2
|
+
__pycache__/
|
|
3
|
+
*.py[codz]
|
|
4
|
+
*$py.class
|
|
5
|
+
|
|
6
|
+
# C extensions
|
|
7
|
+
*.so
|
|
8
|
+
|
|
9
|
+
# Distribution / packaging
|
|
10
|
+
.Python
|
|
11
|
+
build/
|
|
12
|
+
develop-eggs/
|
|
13
|
+
dist/
|
|
14
|
+
downloads/
|
|
15
|
+
eggs/
|
|
16
|
+
.eggs/
|
|
17
|
+
lib/
|
|
18
|
+
lib64/
|
|
19
|
+
parts/
|
|
20
|
+
sdist/
|
|
21
|
+
var/
|
|
22
|
+
wheels/
|
|
23
|
+
share/python-wheels/
|
|
24
|
+
*.egg-info/
|
|
25
|
+
.installed.cfg
|
|
26
|
+
*.egg
|
|
27
|
+
MANIFEST
|
|
28
|
+
|
|
29
|
+
# PyInstaller
|
|
30
|
+
# Usually these files are written by a python script from a template
|
|
31
|
+
# before PyInstaller builds the exe, so as to inject date/other infos into it.
|
|
32
|
+
*.manifest
|
|
33
|
+
*.spec
|
|
34
|
+
|
|
35
|
+
# Installer logs
|
|
36
|
+
pip-log.txt
|
|
37
|
+
pip-delete-this-directory.txt
|
|
38
|
+
|
|
39
|
+
# Unit test / coverage reports
|
|
40
|
+
htmlcov/
|
|
41
|
+
.tox/
|
|
42
|
+
.nox/
|
|
43
|
+
.coverage
|
|
44
|
+
.coverage.*
|
|
45
|
+
.cache
|
|
46
|
+
nosetests.xml
|
|
47
|
+
coverage.xml
|
|
48
|
+
*.cover
|
|
49
|
+
*.py.cover
|
|
50
|
+
.hypothesis/
|
|
51
|
+
.pytest_cache/
|
|
52
|
+
cover/
|
|
53
|
+
|
|
54
|
+
# Translations
|
|
55
|
+
*.mo
|
|
56
|
+
*.pot
|
|
57
|
+
|
|
58
|
+
# Django stuff:
|
|
59
|
+
*.log
|
|
60
|
+
local_settings.py
|
|
61
|
+
db.sqlite3
|
|
62
|
+
db.sqlite3-journal
|
|
63
|
+
|
|
64
|
+
# Flask stuff:
|
|
65
|
+
instance/
|
|
66
|
+
.webassets-cache
|
|
67
|
+
|
|
68
|
+
# Scrapy stuff:
|
|
69
|
+
.scrapy
|
|
70
|
+
|
|
71
|
+
# Sphinx documentation
|
|
72
|
+
docs/_build/
|
|
73
|
+
|
|
74
|
+
# PyBuilder
|
|
75
|
+
.pybuilder/
|
|
76
|
+
target/
|
|
77
|
+
|
|
78
|
+
# Jupyter Notebook
|
|
79
|
+
.ipynb_checkpoints
|
|
80
|
+
|
|
81
|
+
# IPython
|
|
82
|
+
profile_default/
|
|
83
|
+
ipython_config.py
|
|
84
|
+
|
|
85
|
+
# pyenv
|
|
86
|
+
# For a library or package, you might want to ignore these files since the code is
|
|
87
|
+
# intended to run in multiple environments; otherwise, check them in:
|
|
88
|
+
# .python-version
|
|
89
|
+
|
|
90
|
+
# pipenv
|
|
91
|
+
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
|
|
92
|
+
# However, in case of collaboration, if having platform-specific dependencies or dependencies
|
|
93
|
+
# having no cross-platform support, pipenv may install dependencies that don't work, or not
|
|
94
|
+
# install all needed dependencies.
|
|
95
|
+
# Pipfile.lock
|
|
96
|
+
|
|
97
|
+
# UV
|
|
98
|
+
# Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
|
|
99
|
+
# This is especially recommended for binary packages to ensure reproducibility, and is more
|
|
100
|
+
# commonly ignored for libraries.
|
|
101
|
+
uv.lock
|
|
102
|
+
|
|
103
|
+
# poetry
|
|
104
|
+
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
|
|
105
|
+
# This is especially recommended for binary packages to ensure reproducibility, and is more
|
|
106
|
+
# commonly ignored for libraries.
|
|
107
|
+
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
|
|
108
|
+
# poetry.lock
|
|
109
|
+
# poetry.toml
|
|
110
|
+
|
|
111
|
+
# pdm
|
|
112
|
+
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
|
|
113
|
+
# pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
|
|
114
|
+
# https://pdm-project.org/en/latest/usage/project/#working-with-version-control
|
|
115
|
+
# pdm.lock
|
|
116
|
+
# pdm.toml
|
|
117
|
+
.pdm-python
|
|
118
|
+
.pdm-build/
|
|
119
|
+
|
|
120
|
+
# pixi
|
|
121
|
+
# Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
|
|
122
|
+
# pixi.lock
|
|
123
|
+
# Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
|
|
124
|
+
# in the .venv directory. It is recommended not to include this directory in version control.
|
|
125
|
+
.pixi
|
|
126
|
+
|
|
127
|
+
# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
|
|
128
|
+
__pypackages__/
|
|
129
|
+
|
|
130
|
+
# Celery stuff
|
|
131
|
+
celerybeat-schedule
|
|
132
|
+
celerybeat.pid
|
|
133
|
+
|
|
134
|
+
# Redis
|
|
135
|
+
*.rdb
|
|
136
|
+
*.aof
|
|
137
|
+
*.pid
|
|
138
|
+
|
|
139
|
+
# RabbitMQ
|
|
140
|
+
mnesia/
|
|
141
|
+
rabbitmq/
|
|
142
|
+
rabbitmq-data/
|
|
143
|
+
|
|
144
|
+
# ActiveMQ
|
|
145
|
+
activemq-data/
|
|
146
|
+
|
|
147
|
+
# SageMath parsed files
|
|
148
|
+
*.sage.py
|
|
149
|
+
|
|
150
|
+
# Environments
|
|
151
|
+
.env
|
|
152
|
+
.envrc
|
|
153
|
+
.venv
|
|
154
|
+
.deadpush/
|
|
155
|
+
.deadpush-quarantine/
|
|
156
|
+
.deadpush-archive/
|
|
157
|
+
env/
|
|
158
|
+
venv/
|
|
159
|
+
ENV/
|
|
160
|
+
env.bak/
|
|
161
|
+
venv.bak/
|
|
162
|
+
|
|
163
|
+
# Spyder project settings
|
|
164
|
+
.spyderproject
|
|
165
|
+
.spyproject
|
|
166
|
+
|
|
167
|
+
# Rope project settings
|
|
168
|
+
.ropeproject
|
|
169
|
+
|
|
170
|
+
# mkdocs documentation
|
|
171
|
+
/site
|
|
172
|
+
|
|
173
|
+
# mypy
|
|
174
|
+
.mypy_cache/
|
|
175
|
+
.dmypy.json
|
|
176
|
+
dmypy.json
|
|
177
|
+
|
|
178
|
+
# Pyre type checker
|
|
179
|
+
.pyre/
|
|
180
|
+
|
|
181
|
+
# pytype static type analyzer
|
|
182
|
+
.pytype/
|
|
183
|
+
|
|
184
|
+
# Cython debug symbols
|
|
185
|
+
cython_debug/
|
|
186
|
+
|
|
187
|
+
# PyCharm
|
|
188
|
+
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
|
|
189
|
+
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
|
|
190
|
+
# and can be added to the global gitignore or merged into this file. For a more nuclear
|
|
191
|
+
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
|
|
192
|
+
# .idea/
|
|
193
|
+
|
|
194
|
+
# Abstra
|
|
195
|
+
# Abstra is an AI-powered process automation framework.
|
|
196
|
+
# Ignore directories containing user credentials, local state, and settings.
|
|
197
|
+
# Learn more at https://abstra.io/docs
|
|
198
|
+
.abstra/
|
|
199
|
+
|
|
200
|
+
# Visual Studio Code
|
|
201
|
+
# Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore
|
|
202
|
+
# that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
|
|
203
|
+
# and can be added to the global gitignore or merged into this file. However, if you prefer,
|
|
204
|
+
# you could uncomment the following to ignore the entire vscode folder
|
|
205
|
+
# .vscode/
|
|
206
|
+
# Temporary file for partial code execution
|
|
207
|
+
tempCodeRunnerFile.py
|
|
208
|
+
|
|
209
|
+
# Ruff stuff:
|
|
210
|
+
.ruff_cache/
|
|
211
|
+
|
|
212
|
+
# PyPI configuration file
|
|
213
|
+
.pypirc
|
|
214
|
+
|
|
215
|
+
# Marimo
|
|
216
|
+
marimo/_static/
|
|
217
|
+
marimo/_lsp/
|
|
218
|
+
__marimo__/
|
|
219
|
+
|
|
220
|
+
# Streamlit
|
|
221
|
+
.streamlit/secrets.toml
|
deadpush-0.2.0/AGENT.md
ADDED
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
# deadpush — Agent Onboarding
|
|
2
|
+
|
|
3
|
+
This project uses **deadpush**: an agent-native guardrail system that intercepts risky file writes in real time.
|
|
4
|
+
|
|
5
|
+
## Quick Start
|
|
6
|
+
|
|
7
|
+
- Write files normally via MCP (`write_file` tool). Guardrails run automatically.
|
|
8
|
+
- If blocked → read the feedback file → fix the issue → retry.
|
|
9
|
+
- If you hit a false positive → `add_allowed_pattern` to whitelist the code.
|
|
10
|
+
|
|
11
|
+
## MCP Tools (24 available)
|
|
12
|
+
|
|
13
|
+
Connect via `deadpush mcp` (stdio JSON-RPC on `2024-11-05` protocol).
|
|
14
|
+
|
|
15
|
+
### Write / Check
|
|
16
|
+
| Tool | What it does |
|
|
17
|
+
|---|---|
|
|
18
|
+
| `write_file(path, content)` | Write through guardrails. Blocked files go to quarantine + feedback. |
|
|
19
|
+
| `check_file(path, content)` | Preview: would the file pass? Returns violations without writing. |
|
|
20
|
+
|
|
21
|
+
### Scan
|
|
22
|
+
| Tool | What it does |
|
|
23
|
+
|---|---|
|
|
24
|
+
| `scan` | Full analysis summary (dead symbols, debris, test issues, etc.) |
|
|
25
|
+
| `get_dead_symbols` | Unreachable code |
|
|
26
|
+
| `get_debris` | AI artifacts, stale files |
|
|
27
|
+
| `get_test_issues` | No-assertion / tautology / empty tests |
|
|
28
|
+
| `get_stale_docs` | Docstring-param mismatches |
|
|
29
|
+
| `get_layer_violations` | Architectural import violations |
|
|
30
|
+
| `get_security_boundaries` | Untested security-sensitive ops |
|
|
31
|
+
| `get_complexity_alerts` | Complexity spikes |
|
|
32
|
+
|
|
33
|
+
### Clean / Quarantine
|
|
34
|
+
| Tool | What it does |
|
|
35
|
+
|---|---|
|
|
36
|
+
| `clean(mode)` | Remove dead code / debris (safe, dry_run, force) |
|
|
37
|
+
| `quarantine_list(limit)` | List quarantined files |
|
|
38
|
+
| `quarantine_restore(name)` | Restore from quarantine |
|
|
39
|
+
|
|
40
|
+
### Feedback
|
|
41
|
+
| Tool | What it does |
|
|
42
|
+
|---|---|
|
|
43
|
+
| `get_feedback(limit)` | Read recent guardrail feedback |
|
|
44
|
+
| `get_status` | Current paths + available tools |
|
|
45
|
+
| `get_safety_score` | Latest guardian score |
|
|
46
|
+
|
|
47
|
+
### Config (agent self-service)
|
|
48
|
+
| Tool | What it does |
|
|
49
|
+
|---|---|
|
|
50
|
+
| `get_runtime_config` | View all current rules |
|
|
51
|
+
| `add_allowed_pattern(pattern, desc)` | Whitelist a regex pattern |
|
|
52
|
+
| `remove_allowed_pattern(pattern)` | Remove from allowlist |
|
|
53
|
+
| `ignore_path(path)` | Skip a file entirely |
|
|
54
|
+
| `set_guardrail_level(category, level)` | Set severity: `off`, `warn`, or `block` |
|
|
55
|
+
| `reset_runtime_config` | Clear all overrides to defaults |
|
|
56
|
+
|
|
57
|
+
All tools return `{"success": bool, "data": ..., "summary": "..."}`.
|
|
58
|
+
|
|
59
|
+
### Diff / Preview
|
|
60
|
+
| Tool | What it does |
|
|
61
|
+
|---|---|
|
|
62
|
+
| `get_write_diff(path, content)` | Preview diff + guardrail violations before writing |
|
|
63
|
+
| `allow_sensitive_write(path)` | Opt in to writing a sensitive config file (CI/CD, Docker, etc.) |
|
|
64
|
+
|
|
65
|
+
## Guardrail Categories
|
|
66
|
+
|
|
67
|
+
| Category | Default level | What it catches |
|
|
68
|
+
|---|---|---|
|
|
69
|
+
| `prompt_injection` | `block` | System prompt remnants, AI identity overrides, chat markup tokens |
|
|
70
|
+
| `secret` | `block` | API keys, tokens, passwords, AWS keys, GitHub tokens |
|
|
71
|
+
| `security` | `block` | eval/exec, subprocess, pickle, SQL injection, file deletion |
|
|
72
|
+
| `layer` | `block` | Imports violating architecture layer rules |
|
|
73
|
+
| `sensitive` | `block` | Writes to CI/CD, deployment, Docker, and other sensitive config files |
|
|
74
|
+
| `destructive` | `warn` | Near-empty rewrites of substantial files, >50% line reduction |
|
|
75
|
+
| `debris` | `warn` | TODO stubs, FIXME markers, bare `pass` statements |
|
|
76
|
+
| `dependency` | `warn` | Typosquat packages, suspicious package names in dep files |
|
|
77
|
+
|
|
78
|
+
## Self-Correction Flow
|
|
79
|
+
|
|
80
|
+
```
|
|
81
|
+
write_file("src/api.py", content)
|
|
82
|
+
├─ ✅ Allowed → file appears at src/api.py
|
|
83
|
+
└─ ❌ Blocked → file quarantined, feedback written to .deadpush/feedback/
|
|
84
|
+
|
|
85
|
+
Read feedback: get_feedback(5)
|
|
86
|
+
Fix the issue in your code
|
|
87
|
+
Retry: write_file("src/api.py", new_content)
|
|
88
|
+
|
|
89
|
+
False positive? add_allowed_pattern("the_regex_that_matched")
|
|
90
|
+
Then retry — it will pass.
|
|
91
|
+
```
|
|
92
|
+
|
|
93
|
+
## Runtime Config
|
|
94
|
+
|
|
95
|
+
Persisted in `.deadpush/rules.json`. Survives server restarts.
|
|
96
|
+
Modify via MCP tools above. Do NOT edit the file directly.
|
|
97
|
+
|
|
98
|
+
Use `set_guardrail_level("prompt_injection", "warn")` to downgrade a category to warning-only (doesn't block, just reports).
|
|
99
|
+
|
|
100
|
+
## What NOT To Do
|
|
101
|
+
|
|
102
|
+
- Do NOT bypass guardrails by writing directly to the filesystem.
|
|
103
|
+
- Do NOT edit `.deadpush/rules.json` directly — use the MCP tools.
|
|
104
|
+
- Do NOT delete `.deadpush/` directory contents unless you understand the consequences.
|
|
105
|
+
- Do NOT add `ignore all previous instructions` or similar prompt injection patterns to any file.
|
|
106
|
+
- Do NOT commit secrets, API keys, or tokens to the repository.
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
## 0.2.0 (2026-06-22)
|
|
4
|
+
|
|
5
|
+
- Initial public release.
|
|
6
|
+
- MCP server with 20+ tools for AI coding agents.
|
|
7
|
+
- 7-category guardrail pipeline: security, secrets, prompt injection, debris, layer violations, destructive changes, sensitive writes.
|
|
8
|
+
- Multi-factor dead code detection using 8 signals (call graph, registration, imports, reachability, git freshness, etc.).
|
|
9
|
+
- Real-time filesystem guardian daemon (`deadpush protect --daemon`).
|
|
10
|
+
- Staging-based write interception with quarantine + structured feedback.
|
|
11
|
+
- Agent-as-adjudicator learning loop (adjudicate findings, learn false positives).
|
|
12
|
+
- Path-aware severity lowering for test/mock files.
|
|
13
|
+
- Runtime config system with per-category guardrail levels.
|
|
14
|
+
- CLI: scan, clean, verify, quarantine, status, hooks, deps, init.
|
|
15
|
+
- JSON-RPC 2.0 protocol compliance.
|
|
16
|
+
- 300+ tests across 11 test files.
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
# Contributor Covenant Code of Conduct
|
|
2
|
+
|
|
3
|
+
## Our Pledge
|
|
4
|
+
|
|
5
|
+
We as members, contributors, and leaders pledge to make participation in our
|
|
6
|
+
community a harassment-free experience for everyone, regardless of age, body
|
|
7
|
+
size, visible or invisible disability, ethnicity, sex characteristics, gender
|
|
8
|
+
identity and expression, level of experience, education, socio-economic status,
|
|
9
|
+
nationality, personal appearance, race, religion, or sexual identity
|
|
10
|
+
and orientation.
|
|
11
|
+
|
|
12
|
+
## Our Standards
|
|
13
|
+
|
|
14
|
+
Examples of behavior that contributes to a positive environment:
|
|
15
|
+
|
|
16
|
+
- Demonstrating empathy and kindness toward other people
|
|
17
|
+
- Being respectful of differing opinions, viewpoints, and experiences
|
|
18
|
+
- Giving and gracefully accepting constructive feedback
|
|
19
|
+
- Accepting responsibility and apologizing to those affected by our mistakes
|
|
20
|
+
- Focusing on what is best for the overall community
|
|
21
|
+
|
|
22
|
+
Examples of unacceptable behavior:
|
|
23
|
+
|
|
24
|
+
- The use of sexualized language or imagery, and sexual attention or advances
|
|
25
|
+
- Trolling, insulting or derogatory comments, and personal or political attacks
|
|
26
|
+
- Public or private harassment
|
|
27
|
+
- Publishing others' private information without explicit permission
|
|
28
|
+
- Other conduct which could reasonably be considered inappropriate
|
|
29
|
+
|
|
30
|
+
## Enforcement
|
|
31
|
+
|
|
32
|
+
Project maintainers are responsible for clarifying and enforcing our standards.
|
|
33
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
|
34
|
+
reported to the project team at harris@deadpush.dev. All complaints will be
|
|
35
|
+
reviewed and investigated promptly and fairly.
|
|
36
|
+
|
|
37
|
+
## Attribution
|
|
38
|
+
|
|
39
|
+
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
|
|
40
|
+
version 2.1, available at
|
|
41
|
+
https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.
|
|
42
|
+
|
|
43
|
+
[homepage]: https://www.contributor-covenant.org
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
# Contributing
|
|
2
|
+
|
|
3
|
+
Thanks for your interest in deadpush.
|
|
4
|
+
|
|
5
|
+
## Getting Started
|
|
6
|
+
|
|
7
|
+
```bash
|
|
8
|
+
git clone https://github.com/harris-ahmad/deadpush
|
|
9
|
+
cd deadpush
|
|
10
|
+
python -m venv .venv
|
|
11
|
+
source .venv/bin/activate
|
|
12
|
+
pip install -e ".[dev,watch,rich]"
|
|
13
|
+
```
|
|
14
|
+
|
|
15
|
+
## Running Tests
|
|
16
|
+
|
|
17
|
+
```bash
|
|
18
|
+
pytest
|
|
19
|
+
```
|
|
20
|
+
|
|
21
|
+
## Code Style
|
|
22
|
+
|
|
23
|
+
We use ruff. Run before committing:
|
|
24
|
+
|
|
25
|
+
```bash
|
|
26
|
+
ruff check .
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
## Pull Requests
|
|
30
|
+
|
|
31
|
+
- Keep changes focused. One PR = one concern.
|
|
32
|
+
- Add tests for new functionality.
|
|
33
|
+
- Run the full test suite before submitting.
|
|
34
|
+
- Update CHANGELOG.md if the change is user-facing.
|
|
35
|
+
|
|
36
|
+
## Questions?
|
|
37
|
+
|
|
38
|
+
Open an issue at https://github.com/harris-ahmad/deadpush/issues
|
deadpush-0.2.0/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 Harris Ahmad
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|