evidentia 0.6.0__tar.gz

evidentia-0.6.0/.gitignore

@@ -0,0 +1,95 @@
+# v0.4.0 — frontend build output lands in the Python package's static
+# directory at wheel-assembly time via the hatchling build hook. The
+# .gitkeep file in static/ is tracked; everything else is regenerated.
+packages/evidentia-api/src/evidentia_api/static/assets/
+packages/evidentia-api/src/evidentia_api/static/index.html
+packages/evidentia-api/src/evidentia_api/static/*.js
+packages/evidentia-api/src/evidentia_api/static/*.css
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+# NB: `lib/` and `lib64/` above would otherwise also match
+# packages/evidentia-ui/src/lib/ (TypeScript utils). Scope to top-level
+# only — there's no real Python-venv lib/ we'd fail to ignore because
+# .venv/ and venv/ below cover that case.
+!packages/evidentia-ui/src/lib/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# Virtual environments
+.venv/
+venv/
+ENV/
+env/
+
+# uv
+# NOTE: uv.lock is committed for reproducible builds.
+# https://docs.astral.sh/uv/concepts/projects/sync/#locking-dependencies
+
+# Testing
+.pytest_cache/
+.coverage
+.coverage.*
+htmlcov/
+.tox/
+.cache
+coverage.xml
+*.cover
+.hypothesis/
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Ruff
+.ruff_cache/
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.DS_Store
+
+# Claude Code local state
+.claude/
+
+# Evidentia runtime — user project state (NOT bundled examples).
+# `.controlbridge/` and `/controlbridge.yaml` are kept ignored for the
+# lifetime of the shim (through v0.7.0) so legacy project workspaces
+# authored against v0.1.0 – v0.5.0 don't start leaking into git.
+.evidentia/
+.controlbridge/
+/evidentia.yaml
+/controlbridge.yaml
+*.local.yaml
+evidence/
+reports/
+risks/
+
+# Generated reports from examples (keep source files, ignore generated ones)
+examples/**/report.json
+examples/**/report.csv
+examples/**/report.md
+examples/**/report.oscal.json
+examples/**/risks.json

evidentia-0.6.0/PKG-INFO

@@ -0,0 +1,59 @@
+Metadata-Version: 2.4
+Name: evidentia
+Version: 0.6.0
+Summary: Open-source GRC tool: gap analysis, risk statements, evidence collection, web UI, and compliance automation
+Project-URL: Homepage, https://github.com/allenfbyrd/evidentia
+Project-URL: Documentation, https://evidentia.dev
+Project-URL: Repository, https://github.com/allenfbyrd/evidentia
+Project-URL: Changelog, https://github.com/allenfbyrd/evidentia/blob/main/CHANGELOG.md
+Author-email: Allen Byrd <allen@allenfbyrd.com>
+License-Expression: Apache-2.0
+Keywords: compliance,governance,grc,iso27001,nist,oscal,risk,soc2
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Information Technology
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Typing :: Typed
+Requires-Python: >=3.12
+Requires-Dist: evidentia-ai<0.7.0,>=0.6.0
+Requires-Dist: evidentia-collectors<0.7.0,>=0.6.0
+Requires-Dist: evidentia-core<0.7.0,>=0.6.0
+Requires-Dist: evidentia-integrations<0.7.0,>=0.6.0
+Requires-Dist: rich>=13.0
+Requires-Dist: typer>=0.14
+Provides-Extra: gui
+Requires-Dist: evidentia-api<0.7.0,>=0.6.0; extra == 'gui'
+Description-Content-Type: text/markdown
+
+# evidentia
+
+The Evidentia meta-package: provides the `evidentia` CLI and the optional REST API.
+
+This package depends on `evidentia-core`, `evidentia-ai`, `evidentia-collectors`, and `evidentia-integrations`. Installing it pulls in everything needed for a full Evidentia installation.
+
+## Install
+
+```bash
+pip install evidentia
+```
+
+## CLI
+
+```bash
+evidentia --help
+cb --help                # short alias
+
+evidentia init       # scaffold a new project
+evidentia gap analyze --inventory my-controls.yaml --frameworks soc2-tsc
+evidentia risk generate --context system-context.yaml --gaps report.json
+```
+
+## REST API
+
+```bash
+evidentia serve      # start FastAPI server on port 8000
+```
+
+License: Apache 2.0

evidentia-0.6.0/README.md

@@ -0,0 +1,30 @@
+# evidentia
+
+The Evidentia meta-package: provides the `evidentia` CLI and the optional REST API.
+
+This package depends on `evidentia-core`, `evidentia-ai`, `evidentia-collectors`, and `evidentia-integrations`. Installing it pulls in everything needed for a full Evidentia installation.
+
+## Install
+
+```bash
+pip install evidentia
+```
+
+## CLI
+
+```bash
+evidentia --help
+cb --help                # short alias
+
+evidentia init       # scaffold a new project
+evidentia gap analyze --inventory my-controls.yaml --frameworks soc2-tsc
+evidentia risk generate --context system-context.yaml --gaps report.json
+```
+
+## REST API
+
+```bash
+evidentia serve      # start FastAPI server on port 8000
+```
+
+License: Apache 2.0

evidentia-0.6.0/pyproject.toml

@@ -0,0 +1,56 @@
+[project]
+name = "evidentia"
+version = "0.6.0"
+description = "Open-source GRC tool: gap analysis, risk statements, evidence collection, web UI, and compliance automation"
+readme = "README.md"
+authors = [{name = "Allen Byrd", email = "allen@allenfbyrd.com"}]
+license = "Apache-2.0"
+requires-python = ">=3.12"
+keywords = ["grc", "compliance", "governance", "risk", "oscal", "nist", "soc2", "iso27001"]
+classifiers = [
+    "Development Status :: 3 - Alpha",
+    "Intended Audience :: Information Technology",
+    "License :: OSI Approved :: Apache Software License",
+    "Operating System :: OS Independent",
+    "Programming Language :: Python :: 3.12",
+    "Topic :: Security",
+    "Typing :: Typed",
+]
+dependencies = [
+    "evidentia-core>=0.6.0,<0.7.0",
+    "evidentia-ai>=0.6.0,<0.7.0",
+    "evidentia-collectors>=0.6.0,<0.7.0",
+    "evidentia-integrations>=0.6.0,<0.7.0",
+    "typer>=0.14",
+    "rich>=13.0",
+]
+
+[project.optional-dependencies]
+# Web UI — installs the FastAPI server + bundled React SPA.
+# Usage: `pip install "evidentia[gui]"` or `uv tool install "evidentia[gui]"`,
+# then `evidentia serve` to open the local web UI.
+gui = ["evidentia-api>=0.6.0,<0.7.0"]
+
+[project.scripts]
+evidentia = "evidentia.cli.main:app"
+cb = "evidentia.cli.main:app"
+
+[project.urls]
+Homepage = "https://github.com/allenfbyrd/evidentia"
+Documentation = "https://evidentia.dev"
+Repository = "https://github.com/allenfbyrd/evidentia"
+Changelog = "https://github.com/allenfbyrd/evidentia/blob/main/CHANGELOG.md"
+
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/evidentia"]
+
+[tool.uv.sources]
+evidentia-core = { workspace = true }
+evidentia-ai = { workspace = true }
+evidentia-collectors = { workspace = true }
+evidentia-integrations = { workspace = true }
+evidentia-api = { workspace = true }

evidentia-0.6.0/src/evidentia/__init__.py

@@ -0,0 +1,9 @@
+"""Evidentia: open-source GRC tool for gap analysis, risk statements, and evidence collection."""
+
+from importlib.metadata import PackageNotFoundError
+from importlib.metadata import version as _pkg_version
+
+try:
+    __version__ = _pkg_version("evidentia")
+except PackageNotFoundError:  # pragma: no cover
+    __version__ = "0.0.0+unknown"

evidentia-0.6.0/src/evidentia/cli/__init__.py

@@ -0,0 +1 @@
+"""Evidentia command-line interface."""