devnog 0.1.0__tar.gz

devnog-0.1.0/.github/workflows/publish.yml

@@ -0,0 +1,55 @@
+name: Publish to PyPI
+
+on:
+  release:
+    types: [published]
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: Build distribution
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install build dependencies
+        run: python -m pip install --upgrade pip build
+
+      - name: Build package
+        run: python -m build
+
+      - name: Upload distribution artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+  publish:
+    name: Publish to PyPI
+    needs: build
+    runs-on: ubuntu-latest
+
+    environment:
+      name: pypi
+      url: https://pypi.org/p/devnog
+
+    permissions:
+      id-token: write  # Required for Trusted Publishers (OIDC)
+
+    steps:
+      - name: Download distribution artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1

devnog-0.1.0/.gitignore

@@ -0,0 +1,14 @@
+__pycache__/
+*.py[cod]
+*$py.class
+*.egg-info/
+dist/
+build/
+.eggs/
+*.egg
+.devnog/
+.pytest_cache/
+.coverage
+htmlcov/
+*.bak
+.env

devnog-0.1.0/CLAUDE.md

@@ -0,0 +1,188 @@
+# CLAUDE.md — Contributor Guide for DevNog
+
+## Project Overview
+
+DevNog is a Python CLI + localhost dashboard + lightweight SDK for code analysis and fixing. It scans Python codebases, finds issues, and generates fixes.
+
+## Project Structure
+
+```
+src/devnog/
+├── __init__.py              # Public API: checkpoint, healable, capture, guard, guardian_context, guardian_config
+├── _version.py              # Version string (0.1.0)
+├── core/                    # Shared utilities
+│   ├── models.py            # Data models: Finding, ScanReport, FixProposal, QAVerdict, etc.
+│   ├── config.py            # DevNogConfig, load_config(), devnog.toml parsing
+│   ├── license.py           # Tier enum, LicenseManager, tier gating
+│   ├── crypto.py            # Fernet encryption for captures
+│   ├── output.py            # Rich terminal formatting (print_scan_report, etc.)
+│   └── input_resolver.py    # Resolve directory/zip/GitHub URL inputs
+├── scanner/                 # Static analysis engine
+│   ├── engine.py            # Scanner orchestrator
+│   ├── scoring.py           # Weighted scoring algorithm
+│   └── checks/              # All 38 scanner checks
+│       ├── base.py          # BaseCheck and DependencyCheck ABCs
+│       ├── code_quality.py  # CQ-001 through CQ-010
+│       ├── security.py      # SEC-001 through SEC-012
+│       ├── error_handling.py # ERR-001 through ERR-008
+│       └── dependencies.py  # DEP-001 through DEP-008
+├── fix/                     # Fix engine
+│   ├── engine.py            # FixEngine orchestrator
+│   ├── rule_fixer.py        # 13 rule-based fix handlers
+│   ├── ai_fixer.py          # Claude-powered fixes
+│   ├── applier.py           # Apply fixes with backup
+│   ├── undo.py              # UndoManager
+│   └── models.py            # FixProposalConfidence, UndoRecord
+├── qa/                      # QA Gate (production readiness)
+│   ├── engine.py            # QAGate orchestrator
+│   └── checks/              # 25 QA checks (QA-001 through QA-025)
+│       ├── base.py          # QACheck ABC
+│       ├── error_handling.py # QA-001 to QA-003
+│       ├── timeouts.py      # QA-004 to QA-006
+│       ├── infrastructure.py # QA-007 to QA-011
+│       ├── data_safety.py   # QA-012 to QA-013
+│       ├── config.py        # QA-014 to QA-016
+│       ├── resilience.py    # QA-017 to QA-019
+│       ├── performance.py   # QA-020 to QA-021
+│       └── observability.py # QA-022 to QA-025
+├── capture/                 # Failure capture/replay
+│   ├── decorators.py        # @checkpoint, @healable, @capture
+│   ├── models.py            # FailureCapture, CheckpointState
+│   ├── serializer.py        # Safe serialization + redaction
+│   ├── store.py             # Encrypted SQLite capture store
+│   └── replayer.py          # Replay from checkpoint
+├── guardian/                # Runtime protection
+│   ├── middleware.py        # ASGI middleware + guard()
+│   ├── context.py           # guardian_context async context manager
+│   ├── config.py            # GuardianConfig
+│   ├── patterns.py          # FailurePatternDetector (Pro)
+│   └── audit.py             # HealingAuditLog (Pro)
+├── dashboard/               # Localhost web dashboard
+│   └── server.py            # HTTP server with embedded HTML SPA
+├── enterprise/              # Enterprise features
+│   ├── team_config.py       # TeamConfigEnforcer
+│   ├── ci_gate.py           # CIScanDiff for CI/CD
+│   ├── trending.py          # HistoryTracker (SQLite)
+│   └── compliance.py        # OWASP/SOC2 compliance reports
+└── cli/                     # Click CLI commands
+    ├── main.py              # CLI entry point (click.Group)
+    ├── scan_cmd.py          # devnog scan
+    ├── fix_cmd.py           # devnog fix
+    ├── qa_cmd.py            # devnog qa
+    ├── dashboard_cmd.py     # devnog dashboard
+    ├── guardian_cmd.py      # devnog guardian
+    ├── undo_cmd.py          # devnog undo
+    ├── history_cmd.py       # devnog history (Enterprise)
+    └── compliance_cmd.py    # devnog compliance (Enterprise)
+```
+
+## Running Tests
+
+```bash
+# Run all tests
+python -m pytest tests/ -v
+
+# Run a specific test module
+python -m pytest tests/test_scanner/test_security.py -v
+
+# Run tests for a specific check
+python -m pytest tests/test_scanner/test_code_quality.py::TestCQ001FunctionTooLong -v
+
+# Run with coverage
+python -m pytest tests/ --cov=devnog --cov-report=term-missing
+```
+
+## How to Add a New Scanner Check
+
+1. **Choose an ID** following the pattern: `{CATEGORY}-{NNN}` (e.g., `SEC-013`, `CQ-011`)
+
+2. **Create the check class** in the appropriate file under `src/devnog/scanner/checks/`:
+
+```python
+class SEC013NewCheck(BaseCheck):
+    """Detect the new security issue."""
+
+    check_id = "SEC-013"
+    category = Category.SECURITY
+    severity = Severity.WARNING       # CRITICAL, WARNING, or INFO
+    fix_type = FixType.RULE_BASED     # RULE_BASED, AI_GENERATED, or MANUAL
+    description = "Description of what this detects"
+
+    def run(self, file_path: Path, source: str, tree: ast.Module) -> list[Finding]:
+        findings = []
+        # Walk the AST and look for the pattern
+        for node in ast.walk(tree):
+            if self._is_problematic(node):
+                findings.append(self._make_finding(
+                    message="Human-readable description of the issue",
+                    file_path=file_path,
+                    line=node.lineno,
+                    suggestion="How to fix this",
+                ))
+        return findings
+```
+
+3. **Register the check** in `src/devnog/scanner/checks/__init__.py`:
+
+```python
+from devnog.scanner.checks.security import SEC013NewCheck
+
+ALL_CHECKS: list[type] = [
+    # ... existing checks ...
+    SEC013NewCheck,
+]
+```
+
+4. **Add a rule-based fix** (optional) in `src/devnog/fix/rule_fixer.py`:
+
+```python
+# In the __init__ method, add to self._handlers:
+self._handlers["SEC-013"] = self._fix_sec013
+
+def _fix_sec013(self, finding: Finding) -> FixProposal | None:
+    # Generate the fix
+    ...
+```
+
+5. **Write tests** in `tests/test_scanner/test_security.py`:
+
+```python
+class TestSEC013NewCheck:
+    def test_detects_issue(self, tmp_path):
+        code = '''problematic code here'''
+        # ... test that it produces findings
+
+    def test_clean_code(self, tmp_path):
+        code = '''clean code here'''
+        # ... test that it produces no findings
+```
+
+6. **Run the tests**:
+
+```bash
+python -m pytest tests/test_scanner/test_security.py::TestSEC013NewCheck -v
+```
+
+## Key Design Decisions
+
+- **AST-only analysis**: All checks use Python's `ast` module. No code execution.
+- **No external services**: Everything runs locally. No accounts or cloud dependencies.
+- **Three required deps**: click, rich, cryptography. Everything else is optional.
+- **Tier gating**: Use `LicenseManager.require_pro()` / `require_enterprise()` for gated features.
+- **Weighted scoring**: security 25%, error_handling 25%, code_quality 20%, dependencies 15%, test_coverage 15%.
+
+## Common Development Tasks
+
+```bash
+# Install in development mode
+pip install -e ".[dev]"
+
+# Run the CLI locally
+devnog scan examples/sample_project/
+
+# Run DevNog on itself
+devnog scan src/
+
+# Start dashboard for testing
+devnog dashboard --no-open --port 7654
+```

devnog-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Luke H / X: @kinggablim
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

devnog-0.1.0/PKG-INFO

@@ -0,0 +1,369 @@
+Metadata-Version: 2.4
+Name: devnog
+Version: 0.1.0
+Summary: Developer's Bulletproofing Toolkit — scan, fix, and ship with confidence
+Project-URL: Homepage, https://github.com/mintingpressbuilds/DevNog
+Project-URL: Repository, https://github.com/mintingpressbuilds/DevNog
+Project-URL: Issues, https://github.com/mintingpressbuilds/DevNog/issues
+Project-URL: Changelog, https://github.com/mintingpressbuilds/DevNog/releases
+Author: Luke H
+License: MIT
+License-File: LICENSE
+Keywords: code-quality,developer-tools,fixer,linter,security
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Classifier: Topic :: Software Development :: Testing
+Requires-Python: >=3.10
+Requires-Dist: click>=8.0
+Requires-Dist: cryptography>=41.0
+Requires-Dist: rich>=13.0
+Provides-Extra: ai
+Requires-Dist: anthropic>=0.40.0; extra == 'ai'
+Provides-Extra: all
+Requires-Dist: anthropic>=0.40.0; extra == 'all'
+Requires-Dist: pytest-asyncio>=0.21; extra == 'all'
+Requires-Dist: pytest-cov>=4.0; extra == 'all'
+Requires-Dist: pytest>=7.0; extra == 'all'
+Requires-Dist: reportlab>=4.0; extra == 'all'
+Requires-Dist: starlette>=0.27; extra == 'all'
+Provides-Extra: dev
+Requires-Dist: pytest-asyncio>=0.21; extra == 'dev'
+Requires-Dist: pytest-cov>=4.0; extra == 'dev'
+Requires-Dist: pytest>=7.0; extra == 'dev'
+Provides-Extra: enterprise
+Requires-Dist: reportlab>=4.0; extra == 'enterprise'
+Provides-Extra: guardian
+Requires-Dist: starlette>=0.27; extra == 'guardian'
+Description-Content-Type: text/markdown
+
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
+
+# DevNog — Developer's Bulletproofing Toolkit
+
+**One scan. One click. One fix. Ship with confidence.**
+
+DevNog is a Python CLI + localhost dashboard + lightweight SDK that makes any codebase bulletproof. It doesn't just find problems — it fixes them.
+
+```bash
+pip install devnog
+```
+
+No accounts. No hosting. No cloud. Everything runs locally.
+
+---
+
+## Quick Start (under 60 seconds)
+
+```bash
+# Install
+pip install devnog
+
+# Scan your project
+cd your-project
+devnog scan
+
+# See the report → fix everything safe → score goes up
+devnog fix --all
+
+# Rescan to see your new score
+devnog scan
+```
+
+That's it. Your codebase just got safer.
+
+---
+
+## All CLI Commands
+
+### `devnog scan` — Find every issue
+
+```bash
+devnog scan                        # Scan current directory
+devnog scan ./src                  # Scan specific directory
+devnog scan project.zip            # Scan a zip file
+devnog scan https://github.com/user/repo  # Scan a GitHub repo
+devnog scan --fail-under 70        # CI mode: fail if score below threshold
+devnog scan --export json          # Export report as JSON
+devnog scan --export html          # Export report as HTML
+devnog scan --only security        # Scan only specific categories
+devnog scan --fix                  # Scan and auto-fix in one step
+devnog scan --dashboard            # Scan and open dashboard
+```
+
+38 built-in checks across 4 categories:
+
+| Category | Checks | What It Finds |
+|----------|--------|---------------|
+| **Security** | SEC-001 to SEC-012 | Hardcoded secrets, SQL injection, eval(), weak hashing, open CORS, DEBUG=True, subprocess shell=True |
+| **Code Quality** | CQ-001 to CQ-010 | Long functions, deep nesting, unused imports, duplicate code, missing type hints, star imports, dead code |
+| **Error Handling** | ERR-001 to ERR-008 | Bare except, silent errors, missing timeouts, unhandled I/O, no global handler |
+| **Dependencies** | DEP-001 to DEP-008 | Known CVEs, abandoned packages, unpinned deps, unused packages, outdated versions |
+
+### `devnog fix` — Fix every issue
+
+```bash
+devnog fix SEC-001                 # Fix a specific issue
+devnog fix SEC-001 --preview       # Preview without applying
+devnog fix --all                   # Fix all auto-fixable issues
+devnog fix --all -y                # Fix all without confirmation
+devnog fix --category security     # Fix all security issues
+devnog fix ERR-004 --ai            # Use AI for complex fix (requires ANTHROPIC_API_KEY)
+devnog fix --target ./src          # Fix issues in specific directory
+```
+
+Every fix shows a diff before applying. All fixes are reversible.
+
+### `devnog undo` — Reverse any fix
+
+```bash
+devnog undo SEC-001                # Undo a specific fix
+devnog undo --last                 # Undo all fixes from last session
+devnog undo --list                 # List all undoable fixes
+```
+
+### `devnog qa` — Validate production readiness
+
+```bash
+devnog qa                          # Full readiness check (25 checks)
+devnog qa ./src                    # Check specific directory
+devnog qa --fix                    # Auto-fix readiness gaps
+devnog qa --strict                 # CI mode: fail if not ready
+```
+
+Checks what tests don't cover: timeouts, retry logic, circuit breakers, transaction handling, structured logging, and more.
+
+### `devnog dashboard` — Visual web UI
+
+```bash
+devnog dashboard                   # Opens http://localhost:7654
+devnog dashboard --port 8080       # Custom port
+devnog dashboard --no-open         # Start without opening browser
+```
+
+The dashboard provides:
+- **Report Card** tab — Overall score with category breakdown, clickable [FIX] buttons on every issue
+- **QA Gate** tab — Production readiness verdict (PASS / CONDITIONAL PASS / FAIL)
+- **Runtime** tab — Captured failures from Guardian decorators
+- **History** tab — Fix history with [UNDO] buttons
+- **Fix modal** — Diff view with confidence indicator, side effects, and manual steps
+- **Fix All** button — One click to apply all safe fixes
+- **URL scanner** — Paste a GitHub URL to scan any public repo
+
+### `devnog guardian` — Runtime protection status
+
+```bash
+devnog guardian                    # Show Guardian status
+devnog guardian --status           # Same as above
+devnog guardian --audit            # Show healing audit log (Pro)
+devnog guardian --report           # Show runtime failure report
+```
+
+### `devnog history` — Historical trending (Enterprise)
+
+```bash
+devnog history                     # Show score history
+devnog history --days 30           # Last 30 days
+devnog history --json              # JSON output
+```
+
+### `devnog compliance` — Compliance reports (Enterprise)
+
+```bash
+devnog compliance                         # Generate OWASP Top 10 report
+devnog compliance --framework soc2        # SOC2 compliance report
+devnog compliance --export pdf            # Export as PDF
+```
+
+---
+
+## Decorator Usage
+
+### `@capture` — Lightweight failure capture
+
+```python
+from devnog import capture
+
+@capture
+def risky_calculation(data):
+    return sum(d / normalize(d) for d in data)
+```
+
+When `risky_calculation` fails, DevNog saves a complete snapshot — args, local variables, stack trace, timestamp — to `.devnog/captures.db`. Sensitive data is automatically redacted.
+
+### `@checkpoint` — Resume from last successful step
+
+```python
+from devnog import checkpoint
+
+@checkpoint
+def long_pipeline(data, _ckpt=None):
+    step1_result = expensive_step_1(data)
+    _ckpt.save("step1", {"result": step1_result})
+
+    step2_result = expensive_step_2(step1_result)
+    _ckpt.save("step2", {"result": step2_result})
+
+    return step2_result
+```
+
+If the function fails mid-way, DevNog can replay from the last checkpoint. Accept `_ckpt` as a parameter to save intermediate state.
+
+### `@healable` — Self-healing functions (Pro)
+
+```python
+from devnog import healable
+
+@healable(retries=3, backoff=True, fallback="skip")
+async def call_external_api(payload):
+    response = await httpx.post(url, json=payload)
+    return response.json()
+```
+
+On **Free tier**, `@healable` captures failures but re-raises them (observe-only mode).
+On **Pro tier**, it adds retry with exponential backoff, fallback strategies, and pattern detection.
+
+---
+
+## Guardian Setup
+
+### FastAPI / Starlette
+
+```python
+from fastapi import FastAPI
+from devnog import guard
+
+app = FastAPI()
+guard(app)  # Adds ASGI middleware for request failure capture
+```
+
+### Context manager
+
+```python
+from devnog import guardian_context
+
+async with guardian_context():
+    await do_something_risky()
+```
+
+### Configuration
+
+```python
+from devnog import guardian_config
+
+guardian_config(
+    capture_args=True,
+    capture_locals=True,
+    max_captures=1000,
+    redact_patterns=["password", "token", "secret"],
+)
+```
+
+---
+
+## Configuration
+
+Create `devnog.toml` in your project root. Everything is optional — sensible defaults are built in:
+
+```toml
+[scan]
+fail_under = 70                    # CI threshold
+categories = ["code_quality", "security", "error_handling", "dependencies"]
+exclude = ["tests/", "migrations/", "venv/"]
+
+[scan.code_quality]
+max_function_length = 75           # Lines per function
+max_nesting_depth = 5              # Max nesting levels
+max_complexity = 15                # Cyclomatic complexity
+
+[fix]
+backup_before_fix = true           # Save backups to .devnog/backups/
+
+[dashboard]
+port = 7654
+
+[guardian]
+capture_args = true
+capture_locals = true
+redact_patterns = ["password", "token", "secret", "key", "auth"]
+```
+
+---
+
+## Tiers
+
+| Tier | Price | What's Included |
+|------|-------|-----------------|
+| **Free** | $0 forever | Scanner (38 checks), rule-based fixes, QA Gate (25 checks), observe-only Guardian, capture decorators, dashboard |
+| **Pro** | Coming soon | Everything Free + Guardian auto-healing, pattern detection, healing audit log, `@healable` retry/backoff |
+| **Enterprise** | Coming soon | Everything Pro + enforced team config, CI/CD scan diffs, historical trending, OWASP/SOC2 compliance reports |
+
+Set your license key:
+
+```bash
+export DEVNOG_LICENSE_KEY="your-key-here"
+# Or save to .devnog/license.key
+```
+
+---
+
+## AI-Powered Fixes
+
+For complex issues that can't be fixed by rules alone, DevNog uses Claude:
+
+```bash
+pip install devnog[ai]
+export ANTHROPIC_API_KEY="sk-ant-..."
+devnog fix SEC-002 --ai
+```
+
+AI fixes include confidence scores, side effect warnings, and manual follow-up steps.
+
+---
+
+## Safety
+
+- DevNog **never modifies code** without showing you the diff first
+- All fixes are **reversible** via `devnog undo`
+- **Backups** saved to `.devnog/backups/` before every fix
+- First time running fixes? DevNog shows **preview-only mode** with no changes applied
+- The `.devnog/` directory is auto-added to `.gitignore`
+
+---
+
+## Dependencies
+
+Only 3 required dependencies:
+
+- `click` — CLI framework
+- `rich` — Terminal formatting
+- `cryptography` — Fernet encryption for capture storage
+
+Optional extras:
+
+```bash
+pip install devnog[ai]          # anthropic — AI-powered fixes
+pip install devnog[guardian]     # starlette — ASGI middleware
+pip install devnog[enterprise]  # reportlab — PDF compliance reports
+pip install devnog[all]         # Everything
+```
+
+---
+
+## DevNog Pro — Coming Soon
+
+Auto-healing runtime protection. Pattern detection across failures. Full healing audit trail.
+
+Sign up for early access: https://devnog.dev/pro
+
+---
+
+## License
+
+MIT License. See [LICENSE](LICENSE) for details.