entrygraph 0.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (165) hide show
  1. entrygraph-0.1.0/.github/workflows/ci.yml +27 -0
  2. entrygraph-0.1.0/.github/workflows/release.yml +92 -0
  3. entrygraph-0.1.0/.gitignore +227 -0
  4. entrygraph-0.1.0/LICENSE +21 -0
  5. entrygraph-0.1.0/PKG-INFO +204 -0
  6. entrygraph-0.1.0/README.md +157 -0
  7. entrygraph-0.1.0/RELEASING.md +83 -0
  8. entrygraph-0.1.0/pyproject.toml +57 -0
  9. entrygraph-0.1.0/src/entrygraph/__init__.py +87 -0
  10. entrygraph-0.1.0/src/entrygraph/__main__.py +8 -0
  11. entrygraph-0.1.0/src/entrygraph/_version.py +24 -0
  12. entrygraph-0.1.0/src/entrygraph/api.py +549 -0
  13. entrygraph-0.1.0/src/entrygraph/cli/__init__.py +0 -0
  14. entrygraph-0.1.0/src/entrygraph/cli/main.py +387 -0
  15. entrygraph-0.1.0/src/entrygraph/cli/render.py +136 -0
  16. entrygraph-0.1.0/src/entrygraph/data/sinks/csharp.toml +106 -0
  17. entrygraph-0.1.0/src/entrygraph/data/sinks/go.toml +87 -0
  18. entrygraph-0.1.0/src/entrygraph/data/sinks/java.toml +92 -0
  19. entrygraph-0.1.0/src/entrygraph/data/sinks/javascript.toml +112 -0
  20. entrygraph-0.1.0/src/entrygraph/data/sinks/lib_javascript.toml +34 -0
  21. entrygraph-0.1.0/src/entrygraph/data/sinks/lib_python.toml +39 -0
  22. entrygraph-0.1.0/src/entrygraph/data/sinks/php.toml +125 -0
  23. entrygraph-0.1.0/src/entrygraph/data/sinks/python.toml +160 -0
  24. entrygraph-0.1.0/src/entrygraph/data/sinks/ruby.toml +102 -0
  25. entrygraph-0.1.0/src/entrygraph/data/sinks/rust.toml +68 -0
  26. entrygraph-0.1.0/src/entrygraph/db/__init__.py +0 -0
  27. entrygraph-0.1.0/src/entrygraph/db/engine.py +34 -0
  28. entrygraph-0.1.0/src/entrygraph/db/meta.py +70 -0
  29. entrygraph-0.1.0/src/entrygraph/db/models.py +176 -0
  30. entrygraph-0.1.0/src/entrygraph/db/queries.py +155 -0
  31. entrygraph-0.1.0/src/entrygraph/detect/__init__.py +0 -0
  32. entrygraph-0.1.0/src/entrygraph/detect/entrypoints/__init__.py +22 -0
  33. entrygraph-0.1.0/src/entrygraph/detect/entrypoints/base.py +124 -0
  34. entrygraph-0.1.0/src/entrygraph/detect/entrypoints/configs.py +139 -0
  35. entrygraph-0.1.0/src/entrygraph/detect/entrypoints/csharp.py +156 -0
  36. entrygraph-0.1.0/src/entrygraph/detect/entrypoints/golang.py +158 -0
  37. entrygraph-0.1.0/src/entrygraph/detect/entrypoints/java.py +187 -0
  38. entrygraph-0.1.0/src/entrygraph/detect/entrypoints/javascript.py +211 -0
  39. entrygraph-0.1.0/src/entrygraph/detect/entrypoints/php.py +133 -0
  40. entrygraph-0.1.0/src/entrygraph/detect/entrypoints/python.py +335 -0
  41. entrygraph-0.1.0/src/entrygraph/detect/entrypoints/ruby.py +147 -0
  42. entrygraph-0.1.0/src/entrygraph/detect/entrypoints/rust.py +153 -0
  43. entrygraph-0.1.0/src/entrygraph/detect/frameworks.py +369 -0
  44. entrygraph-0.1.0/src/entrygraph/detect/manifests.py +234 -0
  45. entrygraph-0.1.0/src/entrygraph/detect/taint.py +224 -0
  46. entrygraph-0.1.0/src/entrygraph/errors.py +27 -0
  47. entrygraph-0.1.0/src/entrygraph/extract/__init__.py +0 -0
  48. entrygraph-0.1.0/src/entrygraph/extract/base.py +51 -0
  49. entrygraph-0.1.0/src/entrygraph/extract/csharp.py +502 -0
  50. entrygraph-0.1.0/src/entrygraph/extract/golang.py +342 -0
  51. entrygraph-0.1.0/src/entrygraph/extract/ir.py +105 -0
  52. entrygraph-0.1.0/src/entrygraph/extract/java.py +329 -0
  53. entrygraph-0.1.0/src/entrygraph/extract/javascript.py +400 -0
  54. entrygraph-0.1.0/src/entrygraph/extract/php.py +426 -0
  55. entrygraph-0.1.0/src/entrygraph/extract/python.py +390 -0
  56. entrygraph-0.1.0/src/entrygraph/extract/registry.py +43 -0
  57. entrygraph-0.1.0/src/entrygraph/extract/ruby.py +321 -0
  58. entrygraph-0.1.0/src/entrygraph/extract/rust.py +482 -0
  59. entrygraph-0.1.0/src/entrygraph/fs/__init__.py +0 -0
  60. entrygraph-0.1.0/src/entrygraph/fs/hashing.py +78 -0
  61. entrygraph-0.1.0/src/entrygraph/fs/lang.py +134 -0
  62. entrygraph-0.1.0/src/entrygraph/fs/walker.py +167 -0
  63. entrygraph-0.1.0/src/entrygraph/graph/__init__.py +0 -0
  64. entrygraph-0.1.0/src/entrygraph/graph/adjacency.py +146 -0
  65. entrygraph-0.1.0/src/entrygraph/graph/cte.py +123 -0
  66. entrygraph-0.1.0/src/entrygraph/graph/scoring.py +101 -0
  67. entrygraph-0.1.0/src/entrygraph/kinds.py +51 -0
  68. entrygraph-0.1.0/src/entrygraph/parsing/__init__.py +0 -0
  69. entrygraph-0.1.0/src/entrygraph/parsing/parsers.py +49 -0
  70. entrygraph-0.1.0/src/entrygraph/parsing/queries.py +39 -0
  71. entrygraph-0.1.0/src/entrygraph/pipeline/__init__.py +0 -0
  72. entrygraph-0.1.0/src/entrygraph/pipeline/scanner.py +506 -0
  73. entrygraph-0.1.0/src/entrygraph/pipeline/worker.py +49 -0
  74. entrygraph-0.1.0/src/entrygraph/pipeline/writer.py +41 -0
  75. entrygraph-0.1.0/src/entrygraph/py.typed +0 -0
  76. entrygraph-0.1.0/src/entrygraph/queries/csharp/calls.scm +4 -0
  77. entrygraph-0.1.0/src/entrygraph/queries/csharp/definitions.scm +29 -0
  78. entrygraph-0.1.0/src/entrygraph/queries/csharp/imports.scm +4 -0
  79. entrygraph-0.1.0/src/entrygraph/queries/go/calls.scm +2 -0
  80. entrygraph-0.1.0/src/entrygraph/queries/go/definitions.scm +24 -0
  81. entrygraph-0.1.0/src/entrygraph/queries/go/imports.scm +1 -0
  82. entrygraph-0.1.0/src/entrygraph/queries/java/calls.scm +2 -0
  83. entrygraph-0.1.0/src/entrygraph/queries/java/definitions.scm +14 -0
  84. entrygraph-0.1.0/src/entrygraph/queries/java/imports.scm +2 -0
  85. entrygraph-0.1.0/src/entrygraph/queries/javascript/calls.scm +4 -0
  86. entrygraph-0.1.0/src/entrygraph/queries/javascript/definitions.scm +4 -0
  87. entrygraph-0.1.0/src/entrygraph/queries/javascript/imports.scm +6 -0
  88. entrygraph-0.1.0/src/entrygraph/queries/php/calls.scm +8 -0
  89. entrygraph-0.1.0/src/entrygraph/queries/php/definitions.scm +24 -0
  90. entrygraph-0.1.0/src/entrygraph/queries/php/imports.scm +1 -0
  91. entrygraph-0.1.0/src/entrygraph/queries/python/calls.scm +2 -0
  92. entrygraph-0.1.0/src/entrygraph/queries/python/definitions.scm +11 -0
  93. entrygraph-0.1.0/src/entrygraph/queries/python/imports.scm +2 -0
  94. entrygraph-0.1.0/src/entrygraph/queries/ruby/calls.scm +4 -0
  95. entrygraph-0.1.0/src/entrygraph/queries/ruby/definitions.scm +20 -0
  96. entrygraph-0.1.0/src/entrygraph/queries/ruby/imports.scm +7 -0
  97. entrygraph-0.1.0/src/entrygraph/queries/rust/calls.scm +5 -0
  98. entrygraph-0.1.0/src/entrygraph/queries/rust/definitions.scm +26 -0
  99. entrygraph-0.1.0/src/entrygraph/queries/rust/imports.scm +4 -0
  100. entrygraph-0.1.0/src/entrygraph/resolve/__init__.py +0 -0
  101. entrygraph-0.1.0/src/entrygraph/resolve/externals.py +61 -0
  102. entrygraph-0.1.0/src/entrygraph/resolve/hierarchy.py +152 -0
  103. entrygraph-0.1.0/src/entrygraph/resolve/resolver.py +275 -0
  104. entrygraph-0.1.0/src/entrygraph/resolve/symbol_table.py +48 -0
  105. entrygraph-0.1.0/src/entrygraph/results.py +138 -0
  106. entrygraph-0.1.0/tests/conftest.py +40 -0
  107. entrygraph-0.1.0/tests/fixtures/csharp/aspnet_app/Controllers/ReportsController.cs +22 -0
  108. entrygraph-0.1.0/tests/fixtures/csharp/aspnet_app/Program.cs +6 -0
  109. entrygraph-0.1.0/tests/fixtures/csharp/aspnet_app/Services/ReportService.cs +11 -0
  110. entrygraph-0.1.0/tests/fixtures/csharp/aspnet_app/app.csproj +13 -0
  111. entrygraph-0.1.0/tests/fixtures/go/gin_app/go.mod +5 -0
  112. entrygraph-0.1.0/tests/fixtures/go/gin_app/main.go +44 -0
  113. entrygraph-0.1.0/tests/fixtures/go/gin_app/service.go +20 -0
  114. entrygraph-0.1.0/tests/fixtures/java/spring_app/pom.xml +24 -0
  115. entrygraph-0.1.0/tests/fixtures/java/spring_app/src/main/java/com/example/Application.java +8 -0
  116. entrygraph-0.1.0/tests/fixtures/java/spring_app/src/main/java/com/example/ReportRunner.java +15 -0
  117. entrygraph-0.1.0/tests/fixtures/java/spring_app/src/main/java/com/example/ReportService.java +10 -0
  118. entrygraph-0.1.0/tests/fixtures/java/spring_app/src/main/java/com/example/UserController.java +23 -0
  119. entrygraph-0.1.0/tests/fixtures/javascript/express_app/package.json +7 -0
  120. entrygraph-0.1.0/tests/fixtures/javascript/express_app/src/routes.js +23 -0
  121. entrygraph-0.1.0/tests/fixtures/javascript/express_app/src/services.js +20 -0
  122. entrygraph-0.1.0/tests/fixtures/php/laravel_app/app/Http/Controllers/ReportController.php +11 -0
  123. entrygraph-0.1.0/tests/fixtures/php/laravel_app/artisan +0 -0
  124. entrygraph-0.1.0/tests/fixtures/php/laravel_app/composer.json +1 -0
  125. entrygraph-0.1.0/tests/fixtures/php/laravel_app/routes/web.php +5 -0
  126. entrygraph-0.1.0/tests/fixtures/python/flask_app/app/__init__.py +0 -0
  127. entrygraph-0.1.0/tests/fixtures/python/flask_app/app/db.py +10 -0
  128. entrygraph-0.1.0/tests/fixtures/python/flask_app/app/routes.py +25 -0
  129. entrygraph-0.1.0/tests/fixtures/python/flask_app/app/services.py +31 -0
  130. entrygraph-0.1.0/tests/fixtures/python/flask_app/cli.py +16 -0
  131. entrygraph-0.1.0/tests/fixtures/python/flask_app/requirements.txt +4 -0
  132. entrygraph-0.1.0/tests/fixtures/ruby/sinatra_app/Gemfile +4 -0
  133. entrygraph-0.1.0/tests/fixtures/ruby/sinatra_app/app.rb +13 -0
  134. entrygraph-0.1.0/tests/fixtures/ruby/sinatra_app/services/runner.rb +16 -0
  135. entrygraph-0.1.0/tests/fixtures/rust/axum_app/Cargo.toml +8 -0
  136. entrygraph-0.1.0/tests/fixtures/rust/axum_app/src/handlers.rs +11 -0
  137. entrygraph-0.1.0/tests/fixtures/rust/axum_app/src/main.rs +16 -0
  138. entrygraph-0.1.0/tests/test_api.py +133 -0
  139. entrygraph-0.1.0/tests/test_cli.py +86 -0
  140. entrygraph-0.1.0/tests/test_engine_pragmas.py +53 -0
  141. entrygraph-0.1.0/tests/test_entrypoint_expansion.py +158 -0
  142. entrygraph-0.1.0/tests/test_entrypoints.py +89 -0
  143. entrygraph-0.1.0/tests/test_extract_csharp.py +286 -0
  144. entrygraph-0.1.0/tests/test_extract_go.py +217 -0
  145. entrygraph-0.1.0/tests/test_extract_java.py +304 -0
  146. entrygraph-0.1.0/tests/test_extract_javascript.py +146 -0
  147. entrygraph-0.1.0/tests/test_extract_php.py +192 -0
  148. entrygraph-0.1.0/tests/test_extract_python.py +143 -0
  149. entrygraph-0.1.0/tests/test_extract_ruby.py +232 -0
  150. entrygraph-0.1.0/tests/test_extract_rust.py +214 -0
  151. entrygraph-0.1.0/tests/test_frameworks.py +82 -0
  152. entrygraph-0.1.0/tests/test_hardening.py +67 -0
  153. entrygraph-0.1.0/tests/test_incremental.py +153 -0
  154. entrygraph-0.1.0/tests/test_indexer.py +100 -0
  155. entrygraph-0.1.0/tests/test_lang.py +48 -0
  156. entrygraph-0.1.0/tests/test_manifests.py +124 -0
  157. entrygraph-0.1.0/tests/test_models.py +110 -0
  158. entrygraph-0.1.0/tests/test_reachability.py +106 -0
  159. entrygraph-0.1.0/tests/test_render.py +48 -0
  160. entrygraph-0.1.0/tests/test_resolver.py +224 -0
  161. entrygraph-0.1.0/tests/test_scoring.py +61 -0
  162. entrygraph-0.1.0/tests/test_sink_catalog.py +51 -0
  163. entrygraph-0.1.0/tests/test_taint.py +74 -0
  164. entrygraph-0.1.0/tests/test_walker.py +68 -0
  165. entrygraph-0.1.0/uv.lock +480 -0
@@ -0,0 +1,27 @@
1
+ name: CI
2
+
3
+ # Test pull requests and non-main branch pushes. main is covered by the test
4
+ # gate in release.yml, so it's excluded here to avoid duplicate runs.
5
+ on:
6
+ pull_request: {}
7
+ push:
8
+ branches-ignore: [main]
9
+
10
+ concurrency:
11
+ group: ci-${{ github.ref }}
12
+ cancel-in-progress: true
13
+
14
+ jobs:
15
+ test:
16
+ runs-on: ubuntu-latest
17
+ strategy:
18
+ fail-fast: false
19
+ matrix:
20
+ python-version: ["3.11", "3.12", "3.13"]
21
+ steps:
22
+ - uses: actions/checkout@v4
23
+ - uses: astral-sh/setup-uv@v5
24
+ with:
25
+ python-version: ${{ matrix.python-version }}
26
+ - name: Run test suite
27
+ run: uv run --extra dev pytest -q
@@ -0,0 +1,92 @@
1
+ name: Release
2
+
3
+ # Every merge/push to main auto-bumps the patch version (via a new git tag) and
4
+ # publishes the built package to PyPI using Trusted Publishing (OIDC — no tokens).
5
+ on:
6
+ push:
7
+ branches: [main]
8
+ workflow_dispatch: {} # allow a manual release from the Actions tab
9
+
10
+ # Serialize releases so two quick merges can't race on the tag / version.
11
+ concurrency:
12
+ group: release
13
+ cancel-in-progress: false
14
+
15
+ jobs:
16
+ test:
17
+ runs-on: ubuntu-latest
18
+ steps:
19
+ - uses: actions/checkout@v4
20
+ - uses: astral-sh/setup-uv@v5
21
+ with:
22
+ python-version: "3.12"
23
+ - name: Run test suite
24
+ run: uv run --extra dev pytest -q
25
+
26
+ release:
27
+ needs: test
28
+ runs-on: ubuntu-latest
29
+ permissions:
30
+ contents: write # push the new version tag
31
+ id-token: write # PyPI Trusted Publishing (OIDC)
32
+ steps:
33
+ - uses: actions/checkout@v4
34
+ with:
35
+ fetch-depth: 0 # full history + all tags so hatch-vcs can resolve the version
36
+
37
+ - name: Compute next version
38
+ id: ver
39
+ run: |
40
+ set -euo pipefail
41
+ git fetch --tags --force --quiet
42
+ # Idempotency: if this commit is already released, do nothing.
43
+ if git describe --exact-match --tags HEAD >/dev/null 2>&1; then
44
+ echo "HEAD is already tagged — nothing to release."
45
+ echo "release=false" >> "$GITHUB_OUTPUT"
46
+ exit 0
47
+ fi
48
+ latest="$(git tag --list 'v[0-9]*' --sort=-v:refname | head -n1)"
49
+ if [ -z "$latest" ]; then
50
+ next="0.1.0" # first release
51
+ else
52
+ v="${latest#v}"
53
+ IFS=. read -r major minor patch <<< "$v"
54
+ next="${major}.${minor}.$((patch + 1))" # bump patch on every merge
55
+ fi
56
+ echo "Releasing v${next} (previous: ${latest:-none})"
57
+ echo "release=true" >> "$GITHUB_OUTPUT"
58
+ echo "version=${next}" >> "$GITHUB_OUTPUT"
59
+
60
+ - name: Create and push tag
61
+ if: steps.ver.outputs.release == 'true'
62
+ run: |
63
+ set -euo pipefail
64
+ git config user.name "github-actions[bot]"
65
+ git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
66
+ git tag -a "v${{ steps.ver.outputs.version }}" -m "Release v${{ steps.ver.outputs.version }}"
67
+ git push origin "v${{ steps.ver.outputs.version }}"
68
+
69
+ - uses: astral-sh/setup-uv@v5
70
+ if: steps.ver.outputs.release == 'true'
71
+ with:
72
+ python-version: "3.12"
73
+
74
+ - name: Build sdist + wheel
75
+ if: steps.ver.outputs.release == 'true'
76
+ run: uv build # hatch-vcs reads the tag we just created -> clean X.Y.Z version
77
+
78
+ - name: Publish to PyPI
79
+ if: steps.ver.outputs.release == 'true'
80
+ uses: pypa/gh-action-pypi-publish@release/v1
81
+ # No password/token: uses OIDC. Configure a Trusted Publisher on PyPI
82
+ # (see RELEASING.md) that maps this repo + workflow to the project.
83
+
84
+ - name: Create GitHub Release
85
+ if: steps.ver.outputs.release == 'true'
86
+ env:
87
+ GH_TOKEN: ${{ github.token }}
88
+ run: |
89
+ gh release create "v${{ steps.ver.outputs.version }}" \
90
+ --title "v${{ steps.ver.outputs.version }}" \
91
+ --generate-notes \
92
+ dist/*
@@ -0,0 +1,227 @@
1
+ # Byte-compiled / optimized / DLL files
2
+ __pycache__/
3
+ *.py[codz]
4
+ *$py.class
5
+
6
+ # C extensions
7
+ *.so
8
+
9
+ # Distribution / packaging
10
+ .Python
11
+ build/
12
+ develop-eggs/
13
+ dist/
14
+ downloads/
15
+ eggs/
16
+ .eggs/
17
+ lib/
18
+ lib64/
19
+ parts/
20
+ sdist/
21
+ var/
22
+ wheels/
23
+ share/python-wheels/
24
+ *.egg-info/
25
+ .installed.cfg
26
+ *.egg
27
+ MANIFEST
28
+
29
+ # PyInstaller
30
+ # Usually these files are written by a python script from a template
31
+ # before PyInstaller builds the exe, so as to inject date/other infos into it.
32
+ *.manifest
33
+ *.spec
34
+
35
+ # Installer logs
36
+ pip-log.txt
37
+ pip-delete-this-directory.txt
38
+
39
+ # Unit test / coverage reports
40
+ htmlcov/
41
+ .tox/
42
+ .nox/
43
+ .coverage
44
+ .coverage.*
45
+ .cache
46
+ nosetests.xml
47
+ coverage.xml
48
+ *.cover
49
+ *.py.cover
50
+ .hypothesis/
51
+ .pytest_cache/
52
+ cover/
53
+
54
+ # Translations
55
+ *.mo
56
+ *.pot
57
+
58
+ # Django stuff:
59
+ *.log
60
+ local_settings.py
61
+ db.sqlite3
62
+ db.sqlite3-journal
63
+
64
+ # Flask stuff:
65
+ instance/
66
+ .webassets-cache
67
+
68
+ # Scrapy stuff:
69
+ .scrapy
70
+
71
+ # Sphinx documentation
72
+ docs/_build/
73
+
74
+ # PyBuilder
75
+ .pybuilder/
76
+ target/
77
+
78
+ # Jupyter Notebook
79
+ .ipynb_checkpoints
80
+
81
+ # IPython
82
+ profile_default/
83
+ ipython_config.py
84
+
85
+ # pyenv
86
+ # For a library or package, you might want to ignore these files since the code is
87
+ # intended to run in multiple environments; otherwise, check them in:
88
+ # .python-version
89
+
90
+ # pipenv
91
+ # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
92
+ # However, in case of collaboration, if having platform-specific dependencies or dependencies
93
+ # having no cross-platform support, pipenv may install dependencies that don't work, or not
94
+ # install all needed dependencies.
95
+ # Pipfile.lock
96
+
97
+ # UV
98
+ # Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
99
+ # This is especially recommended for binary packages to ensure reproducibility, and is more
100
+ # commonly ignored for libraries.
101
+ # uv.lock
102
+
103
+ # poetry
104
+ # Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
105
+ # This is especially recommended for binary packages to ensure reproducibility, and is more
106
+ # commonly ignored for libraries.
107
+ # https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
108
+ # poetry.lock
109
+ # poetry.toml
110
+
111
+ # pdm
112
+ # Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
113
+ # pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
114
+ # https://pdm-project.org/en/latest/usage/project/#working-with-version-control
115
+ # pdm.lock
116
+ # pdm.toml
117
+ .pdm-python
118
+ .pdm-build/
119
+
120
+ # pixi
121
+ # Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
122
+ # pixi.lock
123
+ # Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
124
+ # in the .venv directory. It is recommended not to include this directory in version control.
125
+ .pixi
126
+
127
+ # PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
128
+ __pypackages__/
129
+
130
+ # Celery stuff
131
+ celerybeat-schedule
132
+ celerybeat.pid
133
+
134
+ # Redis
135
+ *.rdb
136
+ *.aof
137
+ *.pid
138
+
139
+ # RabbitMQ
140
+ mnesia/
141
+ rabbitmq/
142
+ rabbitmq-data/
143
+
144
+ # ActiveMQ
145
+ activemq-data/
146
+
147
+ # SageMath parsed files
148
+ *.sage.py
149
+
150
+ # Environments
151
+ .env
152
+ .envrc
153
+ .venv
154
+ env/
155
+ venv/
156
+ ENV/
157
+ env.bak/
158
+ venv.bak/
159
+
160
+ # Spyder project settings
161
+ .spyderproject
162
+ .spyproject
163
+
164
+ # Rope project settings
165
+ .ropeproject
166
+
167
+ # mkdocs documentation
168
+ /site
169
+
170
+ # mypy
171
+ .mypy_cache/
172
+ .dmypy.json
173
+ dmypy.json
174
+
175
+ # Pyre type checker
176
+ .pyre/
177
+
178
+ # pytype static type analyzer
179
+ .pytype/
180
+
181
+ # Cython debug symbols
182
+ cython_debug/
183
+
184
+ # PyCharm
185
+ # JetBrains specific template is maintained in a separate JetBrains.gitignore that can
186
+ # be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
187
+ # and can be added to the global gitignore or merged into this file. For a more nuclear
188
+ # option (not recommended) you can uncomment the following to ignore the entire idea folder.
189
+ # .idea/
190
+
191
+ # Abstra
192
+ # Abstra is an AI-powered process automation framework.
193
+ # Ignore directories containing user credentials, local state, and settings.
194
+ # Learn more at https://abstra.io/docs
195
+ .abstra/
196
+
197
+ # Visual Studio Code
198
+ # Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore
199
+ # that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
200
+ # and can be added to the global gitignore or merged into this file. However, if you prefer,
201
+ # you could uncomment the following to ignore the entire vscode folder
202
+ # .vscode/
203
+ # Temporary file for partial code execution
204
+ tempCodeRunnerFile.py
205
+
206
+ # Ruff stuff:
207
+ .ruff_cache/
208
+
209
+ # PyPI configuration file
210
+ .pypirc
211
+
212
+ # Marimo
213
+ marimo/_static/
214
+ marimo/_lsp/
215
+ __marimo__/
216
+
217
+ # Streamlit
218
+ .streamlit/secrets.toml
219
+
220
+ # entrygraph build artifacts
221
+ dist/
222
+ build/
223
+ *.egg-info/
224
+ .entrygraph.db
225
+ *.entrygraph.db
226
+ # generated by hatch-vcs at build time
227
+ src/entrygraph/_version.py
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Brett Bergin
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
@@ -0,0 +1,204 @@
1
+ Metadata-Version: 2.4
2
+ Name: entrygraph
3
+ Version: 0.1.0
4
+ Summary: Language-agnostic code graph: query symbols, entrypoints, and source-to-sink call paths from a SQLite index
5
+ Project-URL: Repository, https://github.com/brettbergin/entrygraph
6
+ Author-email: Brett Bergin <brettberginbc@yahoo.com>
7
+ License: MIT License
8
+
9
+ Copyright (c) 2026 Brett Bergin
10
+
11
+ Permission is hereby granted, free of charge, to any person obtaining a copy
12
+ of this software and associated documentation files (the "Software"), to deal
13
+ in the Software without restriction, including without limitation the rights
14
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
15
+ copies of the Software, and to permit persons to whom the Software is
16
+ furnished to do so, subject to the following conditions:
17
+
18
+ The above copyright notice and this permission notice shall be included in all
19
+ copies or substantial portions of the Software.
20
+
21
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
22
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
23
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
24
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
25
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
26
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
27
+ SOFTWARE.
28
+ License-File: LICENSE
29
+ Keywords: call-graph,code-analysis,entrypoints,static-analysis,tree-sitter
30
+ Classifier: Development Status :: 3 - Alpha
31
+ Classifier: Intended Audience :: Developers
32
+ Classifier: Programming Language :: Python :: 3
33
+ Classifier: Programming Language :: Python :: 3.11
34
+ Classifier: Programming Language :: Python :: 3.12
35
+ Classifier: Programming Language :: Python :: 3.13
36
+ Classifier: Topic :: Software Development :: Quality Assurance
37
+ Requires-Python: >=3.11
38
+ Requires-Dist: pathspec<1.0,>=0.12
39
+ Requires-Dist: rich>=13.0
40
+ Requires-Dist: sqlalchemy<3.0,>=2.0.30
41
+ Requires-Dist: tree-sitter-language-pack>=1.10
42
+ Requires-Dist: tree-sitter<0.26,>=0.25
43
+ Provides-Extra: dev
44
+ Requires-Dist: pytest-cov; extra == 'dev'
45
+ Requires-Dist: pytest>=8.0; extra == 'dev'
46
+ Description-Content-Type: text/markdown
47
+
48
+ # entrygraph
49
+
50
+ Query your codebase like a graph. `entrygraph` indexes a repository into a
51
+ SQLite database (through the SQLAlchemy ORM) and answers questions about
52
+ **symbols**, **classes/methods**, **entrypoints** (HTTP routes, CLI commands,
53
+ main functions, tasks, lambda handlers), and **source → sink call-graph
54
+ reachability** ("can any HTTP route reach `subprocess.run`?").
55
+
56
+ Language-agnostic via [tree-sitter](https://tree-sitter.github.io/); first-class
57
+ support for **Python, JavaScript/TypeScript, Go, Java, Ruby, C#, PHP, and
58
+ Rust**, with language *and* framework detection.
59
+
60
+ Reachability is a heuristic taint tier, not just call-edge closure: paths are
61
+ **risk-ranked**, **sanitizers** prune or discount them, **class-hierarchy
62
+ analysis** recovers virtual dispatch, and confidence flags trade recall for
63
+ precision. Entrypoints include decorator/attribute routes, call-based route
64
+ registration, middleware, and config-file handlers (serverless, SAM, Procfile,
65
+ Dockerfile).
66
+
67
+ ## Install
68
+
69
+ ```bash
70
+ pip install entrygraph # or: uv pip install entrygraph
71
+ ```
72
+
73
+ Requires Python ≥ 3.11. Depends on `sqlalchemy`, `tree-sitter`,
74
+ `tree-sitter-language-pack`, and `pathspec`.
75
+
76
+ ## Python API
77
+
78
+ ```python
79
+ from entrygraph import CodeGraph
80
+
81
+ # Index a repo (creates <repo>/.entrygraph.db by default)
82
+ graph = CodeGraph.index("/path/to/repo")
83
+
84
+ # ...or open an existing index
85
+ graph = CodeGraph.open("graph.db")
86
+
87
+ # Symbols — glob on name or qualified name, filter by kind or file
88
+ graph.symbols(kind="class", name="User*")
89
+ graph.symbol("app.services.Runner.execute") # exact; raises if missing
90
+
91
+ # Detection
92
+ report = graph.detect()
93
+ report.languages # -> [DetectedLanguage(name="python", percent=96.7, ...), ...]
94
+ report.frameworks # -> [DetectedFramework(name="flask", confidence=0.94, ...), ...]
95
+
96
+ # Entrypoints
97
+ graph.entrypoints(framework="flask")
98
+ graph.entrypoints(kind="http_route", route="/api/*")
99
+
100
+ # Call graph
101
+ graph.callers("app.services.run_report") # who calls it
102
+ graph.callees("app.services.run_report", depth=3) # what it (transitively) calls
103
+ graph.references("app.models.CONST") # inbound edges of any kind
104
+
105
+ # Source -> sink reachability (paths are risk-ranked, highest first)
106
+ paths = graph.paths(source="app.routes.*", sink_category="command_exec")
107
+ for p in paths:
108
+ print(p.risk_score, p.render(), "(+may continue)" if p.may_continue else "")
109
+ # 0.72 app.routes.create_report -> app.services.run_report (line 20)
110
+ # -> ...ReportRunner.render_and_execute (line 17) -> py:subprocess.run (line 22)
111
+
112
+ graph.reachable(source="app.routes.upload", sink="py:subprocess.run") # -> bool
113
+
114
+ # Precision/recall dial. By default only EXACT/IMPORT and unique-name FUZZY
115
+ # edges are traversed. Opt into wider (noisier) traversal:
116
+ graph.paths(source="app.routes.*", sink_category="sql",
117
+ include_unresolved=True) # follow py:*.execute wildcard-sink guesses
118
+ graph.paths(source="app.routes.*", sink_category="command_exec",
119
+ include_fuzzy=True) # follow speculative class-hierarchy (CHA) edges
120
+ graph.paths(source="app.routes.*", sink_category="command_exec",
121
+ prune_sanitized=True) # drop paths neutralized by a shlex.quote etc.
122
+
123
+ # Incremental re-index (only changed/added/deleted files are reparsed)
124
+ graph.refresh()
125
+
126
+ # Escape hatches
127
+ graph.session() # raw SQLAlchemy Session
128
+ graph.sql("SELECT ...") # textual query -> list[dict]
129
+ ```
130
+
131
+ Every result is a frozen, immutable dataclass detached from the DB session, so
132
+ results are safe to hold and trivial to serialize.
133
+
134
+ ## CLI
135
+
136
+ Human-readable output is rendered with [Rich](https://github.com/Textualize/rich) —
137
+ colored tables, language/confidence bars, a progress spinner while indexing, and
138
+ risk-ranked reachability rendered as call trees (sink nodes highlighted, per-hop
139
+ confidence, sanitizer/const-arg badges). Piped or `--json` output stays plain.
140
+
141
+ ```bash
142
+ entrygraph index PATH [--full] [--paranoid] # incremental by default
143
+ entrygraph detect
144
+ entrygraph symbols --kind class --name 'User*'
145
+ entrygraph entrypoints --framework flask
146
+ entrygraph callers app.services.run_report --depth 2
147
+ entrygraph callees app.services.run_report
148
+ entrygraph paths --source 'app.routes.*' --sink-category command_exec
149
+ entrygraph stats
150
+ ```
151
+
152
+ Add `--json` to any query command for machine-readable output. `entrygraph paths`
153
+ exits 0 when a path is found and 1 when none is — handy in CI:
154
+
155
+ ```bash
156
+ entrygraph paths --source '*' --sink-category command_exec && echo "reachable!"
157
+ ```
158
+
159
+ ## How it works
160
+
161
+ 1. **Walk** — `os.scandir` with hard-pruned junk dirs (`node_modules`, `.venv`,
162
+ …), `.gitignore` rules, and size/binary/minified gates. Every skip is recorded
163
+ with a reason.
164
+ 2. **Extract** — tree-sitter `.scm` queries harvest definitions/imports/calls;
165
+ small per-language "shaper" modules build qualified names, import maps, and
166
+ receiver info. Parsing runs across a process pool for large repos.
167
+ 3. **Resolve** — a two-pass resolver binds references to symbols with a
168
+ confidence level (`exact` / `import` / `fuzzy` / `unresolved`). External
169
+ callees (`subprocess.run`, `child_process.exec`, …) become placeholder nodes
170
+ so sinks are real graph terminals.
171
+ 4. **Detect** — frameworks are scored from manifest dependencies plus code
172
+ signals (noisy-or); entrypoint rules map framework patterns to route/command
173
+ records.
174
+ 5. **Store** — everything persists to SQLite via the SQLAlchemy 2.0 ORM with
175
+ bulk inserts and app-assigned keys. Re-indexing is incremental and
176
+ content-hash driven.
177
+ 6. **Query** — reachability runs over an in-memory adjacency cache (BFS/DFS with
178
+ cycle handling); a recursive-CTE SQL engine is available as a fallback
179
+ (`engine="sql"`).
180
+
181
+ ## Extending
182
+
183
+ - **Custom sinks/sources/sanitizers** — drop an `entrygraph.toml` in the repo
184
+ root with `[[sink]]` / `[[source]]` / `[[sanitizer]]` tables (same schema as
185
+ the built-in `data/sinks/*.toml`), or call
186
+ `entrygraph.detect.taint.register_sink(...)` / `register_sanitizer(...)`. A
187
+ `[[sanitizer]]` with `effect = "neutralizes"` prunes a path for its category;
188
+ `effect = "reduces"` only discounts the risk score. Third-party wrapper
189
+ libraries that reach a sink internally are covered by `data/sinks/lib_*.toml`
190
+ "library summaries" (same schema, with a `library = "..."` tag).
191
+ - **New frameworks / entrypoints** — register a `FrameworkSpec` and an
192
+ `EntrypointRule`; adding a framework is usually a few lines.
193
+ - **New languages** — add a `<lang>/{definitions,imports,calls}.scm` query set
194
+ and a shaper implementing the `LanguageExtractor` protocol.
195
+
196
+ ## Releasing
197
+
198
+ Merging to `main` auto-bumps the patch version (via a git tag) and publishes to
199
+ PyPI through Trusted Publishing — see [RELEASING.md](RELEASING.md). The package
200
+ version is derived from git tags by `hatch-vcs`, so it's never hand-edited.
201
+
202
+ ## License
203
+
204
+ MIT