deepsweep-ai 1.0.0__tar.gz

deepsweep_ai-1.0.0/.gitignore

@@ -0,0 +1,421 @@
+# ============================================================================
+# DeepSweep .gitignore
+# Comprehensive Python project gitignore - 30-year veteran edition
+# ============================================================================
+
+# ============================================================================
+# Python
+# ============================================================================
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+pip-wheel-metadata/
+
+# PyInstaller
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+.coverage.*
+coverage/
+*.lcov
+.nyc_output/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+docs/_static/
+docs/_templates/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+*.ipynb
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+Pipfile.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+poetry.lock
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+.pdm.toml
+.pdm-python
+.pdm-build/
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.env.local
+.env.*.local
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+.envrc
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+.idea/
+
+# ============================================================================
+# Ruff
+# ============================================================================
+.ruff_cache/
+
+# ============================================================================
+# IDEs and Editors
+# ============================================================================
+
+# Visual Studio Code
+.vscode/
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+!.vscode/*.code-snippets
+*.code-workspace
+.history/
+
+# Sublime Text
+*.sublime-project
+*.sublime-workspace
+*.tmlanguage.cache
+*.tmPreferences.cache
+*.stTheme.cache
+*.sublime_session
+*.sublime_metrics
+*.sublime_workspace
+
+# Vim
+[._]*.s[a-v][a-z]
+[._]*.sw[a-p]
+[._]s[a-rt-v][a-z]
+[._]ss[a-gi-z]
+[._]sw[a-p]
+Session.vim
+Sessionx.vim
+.netrwhist
+*~
+tags
+[._]*.un~
+
+# Emacs
+*~
+\#*\#
+/.emacs.desktop
+/.emacs.desktop.lock
+*.elc
+auto-save-list
+tramp
+.\#*
+.org-id-locations
+*_archive
+*_flymake.*
+/eshell/history
+/eshell/lastdir
+/elpa/
+*.rel
+/auto/
+.cask/
+flycheck_*.el
+
+# ============================================================================
+# Operating Systems
+# ============================================================================
+
+# macOS
+.DS_Store
+.AppleDouble
+.LSOverride
+._*
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+# Windows
+Thumbs.db
+Thumbs.db:encryptable
+ehthumbs.db
+ehthumbs_vista.db
+*.stackdump
+[Dd]esktop.ini
+$RECYCLE.BIN/
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+*.lnk
+
+# Linux
+.fuse_hidden*
+.directory
+.Trash-*
+.nfs*
+
+# ============================================================================
+# Project Specific
+# ============================================================================
+
+# DeepSweep validation outputs
+*.sarif
+results.sarif
+deepsweep-results.json
+deepsweep-report.html
+badge.svg
+.cursorrules
+
+# Logs
+*.log
+logs/
+*.log.*
+
+# Temporary files
+*.tmp
+*.temp
+*.swp
+*.swo
+.deepsweep/
+.deepsweep-cache/
+
+# Security sensitive files (should never be committed)
+*.pem
+*.key
+*.cert
+*.crt
+*.p12
+*.pfx
+secrets.yml
+secrets.yaml
+.secrets
+
+# Database files
+*.db
+*.sqlite
+*.sqlite3
+
+# Backup files
+*.bak
+*.backup
+*.old
+*.orig
+
+# Archives (usually build artifacts)
+*.zip
+*.tar
+*.tar.gz
+*.tgz
+*.tar.bz2
+*.7z
+*.rar
+
+# ============================================================================
+# CI/CD and Build Tools
+# ============================================================================
+
+# GitHub Actions
+.github/workflows/*.log
+
+# Docker
+.dockerignore
+docker-compose.override.yml
+.docker/
+
+# Terraform
+*.tfstate
+*.tfstate.*
+.terraform/
+.terraform.lock.hcl
+
+# ============================================================================
+# Security and Audit
+# ============================================================================
+
+# npm audit
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+.npm
+
+# Safety database
+.safety-policy.yml
+
+# Bandit
+.bandit
+
+# ============================================================================
+# Miscellaneous
+# ============================================================================
+
+# Patches
+*.patch
+*.diff
+
+# Node (if used for tooling)
+node_modules/
+package-lock.json
+
+# GPG
+*.asc
+
+# ctags
+.tags
+.tags1
+TAGS
+
+# direnv
+.direnv/
+
+# asdf
+.tool-versions
+
+# Local configuration
+local_config.py
+local_settings.py
+.local/
+
+# Benchmarks
+benchmarks/results/
+*.bench
+
+# macOS
+.DS_Store
+
+# Python
+__pycache__/
+*.pyc
+.pytest_cache/
+.coverage
+coverage.xml
+htmlcov/
+
+# Security validation artifacts
+*.sarif
+mcp.json

deepsweep_ai-1.0.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 DeepSweep
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

deepsweep_ai-1.0.0/PKG-INFO

@@ -0,0 +1,224 @@
+Metadata-Version: 2.4
+Name: deepsweep-ai
+Version: 1.0.0
+Summary: Security validation for AI coding assistants. You don't need to understand the code to secure it.
+Project-URL: Homepage, https://deepsweep.ai
+Project-URL: Documentation, https://docs.deepsweep.ai
+Project-URL: Repository, https://github.com/deepsweep-ai/deepsweep
+Project-URL: Changelog, https://github.com/deepsweep-ai/deepsweep/blob/main/CHANGELOG.md
+Project-URL: Issues, https://github.com/deepsweep-ai/deepsweep/issues
+Author-email: DeepSweep <security@deepsweep.ai>
+Maintainer-email: DeepSweep <security@deepsweep.ai>
+License: MIT
+License-File: LICENSE
+Keywords: ai,claude,copilot,cursor,linting,mcp,security,validation,vibe-coding,windsurf
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Classifier: Typing :: Typed
+Requires-Python: >=3.10
+Requires-Dist: click>=8.1.0
+Requires-Dist: posthog>=3.0.0
+Requires-Dist: pydantic>=2.0.0
+Requires-Dist: pyyaml>=6.0
+Requires-Dist: rich>=13.0.0
+Provides-Extra: dev
+Requires-Dist: mypy>=1.0.0; extra == 'dev'
+Requires-Dist: pre-commit>=3.0.0; extra == 'dev'
+Requires-Dist: pytest-cov>=4.0.0; extra == 'dev'
+Requires-Dist: pytest-xdist>=3.0.0; extra == 'dev'
+Requires-Dist: pytest>=8.0.0; extra == 'dev'
+Requires-Dist: ruff>=0.1.0; extra == 'dev'
+Provides-Extra: docs
+Requires-Dist: mkdocs-material>=9.0.0; extra == 'docs'
+Requires-Dist: mkdocs>=1.5.0; extra == 'docs'
+Description-Content-Type: text/markdown
+
+# DeepSweep
+
+**Security validation for AI coding assistants**
+
+[![PyPI version](https://badge.fury.io/py/deepsweep-ai.svg)](https://pypi.org/project/deepsweep-ai/)
+[![Python 3.8+](https://img.shields.io/badge/python-3.8+-blue.svg)](https://www.python.org/downloads/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+DeepSweep validates your AI assistant configurations (Cursor, Windsurf, GitHub Copilot, Claude Code) for security vulnerabilities before they can cause harm.
+
+## Quick Start
+```bash
+pip install deepsweep-ai
+deepsweep validate
+```
+
+DeepSweep automatically finds and validates:
+
+- `.cursorrules` / `.windsurfrules` / `AGENTS.md`
+- MCP configurations (`mcp.json`, `claude_desktop_config.json`)
+- 46 security patterns including prompt injection, MCP attacks, and data exfiltration
+
+## What's New in v0.2.0
+
+- **MCP Security Validation** - 7 new patterns for Model Context Protocol configs
+- **deepsweep mcp list** - Discover all MCP configurations on your system
+- **deepsweep mcp validate** - Dedicated MCP security scanning
+- **deepsweep init** - Create secure starter templates
+- **deepsweep doctor** - Check installation health
+- **deepsweep badge** - Generate repository security badges
+
+## Example Output
+DEEPSWEEP Security Report
+──────────────────────────────────────────────────────
+Score: ████████████████████████░░░░░░ 80/100
+Grade: B
+Found 2 issue(s):
+[HIGH] DS-MCP-001: Unverified MCP server: @random/untrusted
+> Use @modelcontextprotocol/* servers or verify source
+[MEDIUM] DS-MCP-003: Unpinned MCP server version
+> Pin version: @server@1.2.3
+──────────────────────────────────────────────────────
+Run with --fix to see remediation suggestions
+
+## Security Patterns
+
+### Rules File Patterns (39)
+
+| ID | Severity | Description |
+|----|----------|-------------|
+| DS-PI-001 | Critical | Prompt injection attempt |
+| DS-PI-002 | Critical | System prompt extraction |
+| DS-DATA-001 | High | Sensitive data exposure |
+| DS-EXEC-001 | Critical | Arbitrary code execution |
+
+See full list at https://deepsweep.ai/patterns
+
+### MCP Patterns (7)
+
+| ID | Severity | Description |
+|----|----------|-------------|
+| DS-MCP-001 | High | Unverified MCP server source |
+| DS-MCP-002 | Critical | Dangerous command arguments |
+| DS-MCP-003 | Medium | Unpinned server version |
+| DS-MCP-004 | High | Using @latest tag |
+| DS-MCP-005 | High | Auto-approve enabled |
+| DS-MCP-006 | Critical | Shell command execution |
+| DS-MCP-007 | Critical | Network exfiltration risk |
+
+## Commands
+
+### deepsweep validate [PATH]
+```bash
+deepsweep validate                    # Current directory
+deepsweep validate /path/to/project   # Specific path
+deepsweep validate --include-mcp      # Include MCP validation
+deepsweep validate --fix              # Show fix suggestions
+deepsweep validate --format json      # JSON output for CI/CD
+```
+
+### deepsweep mcp list
+```bash
+deepsweep mcp list
+```
+
+### deepsweep mcp validate
+```bash
+deepsweep mcp validate
+deepsweep mcp validate --fix
+deepsweep mcp validate --format json
+```
+
+### deepsweep init
+```bash
+deepsweep init                    # Create .cursorrules
+deepsweep init --type python      # Project type
+deepsweep init --include-mcp      # Include MCP template
+deepsweep init --force            # Overwrite existing
+```
+
+### deepsweep doctor
+```bash
+deepsweep doctor
+```
+
+### deepsweep badge
+```bash
+deepsweep badge
+deepsweep badge --format markdown
+deepsweep badge --format html
+```
+
+## Security Badges
+
+Add a DeepSweep badge to your README:
+```markdown
+[![DeepSweep Validated](https://img.shields.io/badge/DeepSweep-A%20100%2F100-brightgreen)](https://deepsweep.ai)
+```
+
+Generate yours:
+```bash
+deepsweep validate && deepsweep badge
+```
+
+## CI/CD Integration
+
+### GitHub Actions
+```yaml
+name: AI Security Check
+on: [push, pull_request]
+
+jobs:
+  deepsweep:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      - run: pip install deepsweep-ai
+      - run: deepsweep validate --include-mcp --format json
+```
+
+### Pre-commit Hook
+```yaml
+repos:
+  - repo: local
+    hooks:
+      - id: deepsweep
+        name: DeepSweep Security Check
+        entry: deepsweep validate
+        language: system
+        pass_filenames: false
+```
+
+## Privacy
+
+- **Your code never leaves your machine** - Only pattern IDs and scores transmitted
+- **Anonymous by default** - No personal information collected
+- **Opt-out anytime** - Set `DO_NOT_TRACK=1`
+- **Offline mode** - Set `DEEPSWEEP_OFFLINE=1`
+
+Learn more: https://deepsweep.ai/privacy
+
+## Contributing
+
+See CONTRIBUTING.md for guidelines.
+
+- Report bugs: GitHub Issues
+- Request features: GitHub Discussions
+- Security issues: security@deepsweep.ai
+
+## License
+
+MIT License - see LICENSE for details.
+
+---
+
+**Made by DeepSweep** | https://deepsweep.ai