expunct-cli 0.1.0__py3-none-any.whl

expunct_cli/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.1.0"

expunct_cli/client.py

@@ -0,0 +1,49 @@
+from __future__ import annotations
+
+import json
+import os
+from pathlib import Path
+
+from expunct import Expunct
+from rich.console import Console
+
+CONFIG_DIR = Path.home() / ".expunct"
+CONFIG_FILE = CONFIG_DIR / "config.json"
+
+console = Console(stderr=True)
+
+
+def load_config() -> dict:
+    if CONFIG_FILE.exists():
+        with open(CONFIG_FILE) as f:
+            return json.load(f)
+    return {}
+
+
+def save_config(config: dict) -> None:
+    CONFIG_DIR.mkdir(parents=True, exist_ok=True)
+    with open(CONFIG_FILE, "w") as f:
+        json.dump(config, f, indent=2)
+
+
+def get_client() -> Expunct:
+    config = load_config()
+
+    api_key = os.environ.get("EXPUNCT_API_KEY") or config.get("api_key")
+    base_url = os.environ.get("EXPUNCT_BASE_URL") or config.get("base_url")
+    tenant_id = os.environ.get("EXPUNCT_TENANT_ID") or config.get("tenant_id")
+
+    if not api_key:
+        console.print(
+            "[bold red]Error:[/] No API key found. "
+            "Set EXPUNCT_API_KEY or run: expunct config set api_key YOUR_KEY"
+        )
+        raise SystemExit(1)
+
+    kwargs: dict = {"api_key": api_key}
+    if base_url:
+        kwargs["base_url"] = base_url
+    if tenant_id:
+        kwargs["tenant_id"] = tenant_id
+
+    return Expunct(**kwargs)

expunct_cli/commands/audit.py

@@ -0,0 +1,56 @@
+from __future__ import annotations
+
+import typer
+from expunct import (
+    ApiError,
+    AuthenticationError,
+    RateLimitError,
+    ValidationError,
+)
+
+from expunct_cli.client import get_client
+from expunct_cli.output import print_error, print_json
+
+app = typer.Typer(no_args_is_help=True)
+
+
+@app.command("list")
+def list_audit(
+    page: int = typer.Option(1, "--page", help="Page number."),
+    page_size: int = typer.Option(20, "--page-size", help="Results per page."),
+    event_type: str | None = typer.Option(None, "--event-type", "-e", help="Filter by event type."),
+    json_output: bool = typer.Option(False, "--json", help="Output raw JSON."),
+) -> None:
+    """List audit log entries."""
+    try:
+        client = get_client()
+        result = client.audit.list(page=page, page_size=page_size, event_type=event_type)
+
+        if json_output:
+            print_json(result)
+        else:
+            from rich.console import Console
+            from rich.table import Table
+
+            console = Console()
+            items = getattr(result, "items", getattr(result, "events", []))
+            total = getattr(result, "total", len(items))
+
+            table = Table(title=f"Audit Log (page {page}, {total} total)")
+            table.add_column("Timestamp", style="dim")
+            table.add_column("Event Type", style="cyan")
+            table.add_column("User", style="bold")
+            table.add_column("Details", style="dim")
+
+            for item in items:
+                timestamp = str(getattr(item, "timestamp", getattr(item, "created_at", "")))
+                event = str(getattr(item, "event_type", ""))
+                user = str(getattr(item, "user", getattr(item, "user_id", "")))
+                details = str(getattr(item, "details", getattr(item, "description", "")))
+                table.add_row(timestamp, event, user, details)
+
+            console.print(table)
+
+    except (ApiError, AuthenticationError, RateLimitError, ValidationError) as e:
+        print_error(str(e))
+        raise typer.Exit(1)

expunct_cli/commands/config_cmd.py

@@ -0,0 +1,80 @@
+from __future__ import annotations
+
+import typer
+from rich.console import Console
+from rich.table import Table
+
+from expunct_cli.client import CONFIG_FILE, load_config, save_config
+
+app = typer.Typer(no_args_is_help=True)
+
+console = Console()
+
+VALID_KEYS = {"api_key", "base_url", "tenant_id"}
+
+
+@app.command("set")
+def config_set(
+    key: str = typer.Argument(help="Config key (api_key, base_url, tenant_id)."),
+    value: str = typer.Argument(help="Config value."),
+) -> None:
+    """Set a configuration value."""
+    if key not in VALID_KEYS:
+        valid = ", ".join(sorted(VALID_KEYS))
+        console.print(
+            f"[bold red]Error:[/] Invalid key '{key}'."
+            f" Valid keys: {valid}"
+        )
+        raise typer.Exit(1)
+
+    config = load_config()
+    config[key] = value
+    save_config(config)
+    display_value = _mask(value) if key == "api_key" else value
+    console.print(f"[green]✓[/] Set {key} = {display_value}")
+
+
+@app.command("get")
+def config_get(
+    key: str = typer.Argument(help="Config key to read."),
+) -> None:
+    """Get a configuration value."""
+    config = load_config()
+    value = config.get(key)
+    if value is None:
+        console.print(f"[dim]Key '{key}' is not set.[/]")
+        raise typer.Exit(1)
+
+    display_value = _mask(value) if key == "api_key" else value
+    typer.echo(display_value)
+
+
+@app.command("show")
+def config_show() -> None:
+    """Show all configuration values."""
+    config = load_config()
+    if not config:
+        console.print("[dim]No configuration set. Run: expunct config set api_key YOUR_KEY[/]")
+        return
+
+    table = Table(title="Configuration")
+    table.add_column("Key", style="cyan")
+    table.add_column("Value")
+
+    for key in sorted(config):
+        value = _mask(config[key]) if key == "api_key" else config[key]
+        table.add_row(key, str(value))
+
+    console.print(table)
+
+
+@app.command("path")
+def config_path() -> None:
+    """Print the config file path."""
+    typer.echo(str(CONFIG_FILE))
+
+
+def _mask(value: str) -> str:
+    if len(value) <= 8:
+        return "****"
+    return value[:4] + "****" + value[-4:]

expunct_cli/commands/detect.py

@@ -0,0 +1,106 @@
+from __future__ import annotations
+
+import sys
+import tempfile
+from pathlib import Path
+
+import typer
+from expunct import (
+    ApiError,
+    AuthenticationError,
+    NotFoundError,
+    PollingTimeoutError,
+    RateLimitError,
+    ValidationError,
+)
+
+from expunct_cli.client import get_client
+from expunct_cli.output import print_error, print_findings, print_json
+
+app = typer.Typer(no_args_is_help=False, invoke_without_command=True)
+
+
+@app.callback(invoke_without_command=True)
+def detect(
+    ctx: typer.Context,
+    file: Path | None = typer.Argument(None, help="File to scan for PII."),
+    text: str | None = typer.Option(None, "--text", "-t", help="Inline text to scan."),
+    uri: str | None = typer.Option(None, "--uri", "-u", help="URI to scan (e.g., gs://bucket/file.txt)."),
+    language: str = typer.Option("en", "--language", "-l", help="Language code."),
+    json_output: bool = typer.Option(False, "--json", help="Output raw JSON."),
+    timeout: int = typer.Option(300, "--timeout", help="Timeout in seconds for waiting."),
+) -> None:
+    """Detect PII entities in text, files, or URIs."""
+    if ctx.invoked_subcommand is not None:
+        return
+
+    try:
+        client = get_client()
+
+        if text is not None:
+            _detect_text(client, text, language, json_output, timeout)
+        elif uri is not None:
+            _detect_uri(client, uri, language, json_output, timeout)
+        elif file is not None:
+            _detect_file(client, file, language, json_output, timeout)
+        elif not sys.stdin.isatty():
+            stdin_text = sys.stdin.read()
+            _detect_text(client, stdin_text, language, json_output, timeout)
+        else:
+            typer.echo(ctx.get_help())
+            raise typer.Exit()
+
+    except (
+        ApiError, AuthenticationError, NotFoundError,
+        RateLimitError, ValidationError, PollingTimeoutError,
+    ) as e:
+        print_error(str(e))
+        raise typer.Exit(1)
+
+
+def _detect_text(client, text: str, language: str, json_output: bool, timeout: int) -> None:
+    with tempfile.NamedTemporaryFile(mode="w", suffix=".txt", delete=False) as tmp:
+        tmp.write(text)
+        tmp.flush()
+        tmp_path = tmp.name
+
+    with open(tmp_path, "rb") as f:
+        job = client.redact.file(f, language=language)
+
+    result = client.wait_for_job(job.id, timeout=timeout)
+    _output_findings(result, json_output)
+    Path(tmp_path).unlink(missing_ok=True)
+
+
+def _detect_file(client, file: Path, language: str, json_output: bool, timeout: int) -> None:
+    if not file.exists():
+        print_error(f"File not found: {file}")
+        raise typer.Exit(1)
+
+    with open(file, "rb") as f:
+        job = client.redact.file(f, language=language)
+
+    result = client.wait_for_job(job.id, timeout=timeout)
+    _output_findings(result, json_output)
+
+
+def _detect_uri(client, uri: str, language: str, json_output: bool, timeout: int) -> None:
+    job = client.redact.uri(uri, language=language)
+    result = client.wait_for_job(job.id, timeout=timeout)
+    _output_findings(result, json_output)
+
+
+def _output_findings(result, json_output: bool) -> None:
+    findings = getattr(result, "findings", []) or []
+    if json_output:
+        findings_data = []
+        for f in findings:
+            if hasattr(f, "model_dump"):
+                findings_data.append(f.model_dump())
+            elif hasattr(f, "__dict__"):
+                findings_data.append(f.__dict__)
+            else:
+                findings_data.append(f)
+        print_json({"findings": findings_data, "count": len(findings_data)})
+    else:
+        print_findings(findings)

expunct_cli/commands/jobs.py

@@ -0,0 +1,108 @@
+from __future__ import annotations
+
+from pathlib import Path
+
+import typer
+from expunct import (
+    ApiError,
+    AuthenticationError,
+    NotFoundError,
+    PollingTimeoutError,
+    RateLimitError,
+    ValidationError,
+)
+
+from expunct_cli.client import get_client
+from expunct_cli.output import print_error, print_job, print_jobs_table, print_json
+
+app = typer.Typer(no_args_is_help=True)
+
+
+@app.command("list")
+def list_jobs(
+    page: int = typer.Option(1, "--page", help="Page number."),
+    page_size: int = typer.Option(20, "--page-size", help="Results per page."),
+    status: str | None = typer.Option(None, "--status", "-s", help="Filter by status."),
+    json_output: bool = typer.Option(False, "--json", help="Output raw JSON."),
+) -> None:
+    """List redaction jobs."""
+    try:
+        client = get_client()
+        result = client.jobs.list(page=page, page_size=page_size, status=status)
+
+        if json_output:
+            print_json(result)
+        else:
+            jobs = getattr(result, "items", getattr(result, "jobs", []))
+            total = getattr(result, "total", len(jobs))
+            print_jobs_table(jobs, total, page, page_size)
+
+    except (ApiError, AuthenticationError, RateLimitError, ValidationError) as e:
+        print_error(str(e))
+        raise typer.Exit(1)
+
+
+@app.command("get")
+def get_job(
+    job_id: str = typer.Argument(help="Job ID."),
+    json_output: bool = typer.Option(False, "--json", help="Output raw JSON."),
+) -> None:
+    """Get details of a specific job."""
+    try:
+        client = get_client()
+        result = client.jobs.get(job_id)
+
+        if json_output:
+            print_json(result)
+        else:
+            print_job(result)
+
+    except (ApiError, AuthenticationError, NotFoundError, RateLimitError, ValidationError) as e:
+        print_error(str(e))
+        raise typer.Exit(1)
+
+
+@app.command("download")
+def download_job(
+    job_id: str = typer.Argument(help="Job ID."),
+    output: Path = typer.Option(..., "--output", "-o", help="Output file path."),
+    json_output: bool = typer.Option(False, "--json", help="Output raw JSON."),
+) -> None:
+    """Download the redacted result of a job."""
+    try:
+        client = get_client()
+        client.jobs.download(job_id, dest=str(output))
+
+        if json_output:
+            print_json({"job_id": job_id, "output": str(output), "size": output.stat().st_size})
+        else:
+            typer.echo(f"Downloaded to {output} ({output.stat().st_size} bytes)")
+
+    except (ApiError, AuthenticationError, NotFoundError, RateLimitError, ValidationError) as e:
+        print_error(str(e))
+        raise typer.Exit(1)
+
+
+@app.command("wait")
+def wait_job(
+    job_id: str = typer.Argument(help="Job ID."),
+    timeout: int = typer.Option(300, "--timeout", help="Timeout in seconds."),
+    interval: int = typer.Option(2, "--interval", help="Polling interval in seconds."),
+    json_output: bool = typer.Option(False, "--json", help="Output raw JSON."),
+) -> None:
+    """Wait for a job to complete, then show details."""
+    try:
+        client = get_client()
+        result = client.wait_for_job(job_id, interval=interval, timeout=timeout)
+
+        if json_output:
+            print_json(result)
+        else:
+            print_job(result)
+
+    except (
+        ApiError, AuthenticationError, NotFoundError,
+        RateLimitError, ValidationError, PollingTimeoutError,
+    ) as e:
+        print_error(str(e))
+        raise typer.Exit(1)

expunct_cli/commands/policies.py

@@ -0,0 +1,189 @@
+from __future__ import annotations
+
+import typer
+from expunct import (
+    ApiError,
+    AuthenticationError,
+    NotFoundError,
+    RateLimitError,
+    ValidationError,
+)
+
+from expunct_cli.client import get_client
+from expunct_cli.output import print_error, print_json, print_policies_table
+
+app = typer.Typer(no_args_is_help=True)
+
+
+@app.command("list")
+def list_policies(
+    json_output: bool = typer.Option(False, "--json", help="Output raw JSON."),
+) -> None:
+    """List all redaction policies."""
+    try:
+        client = get_client()
+        result = client.policies.list()
+
+        if json_output:
+            print_json(result)
+        else:
+            policies = result if isinstance(result, list) else getattr(result, "items", [])
+            print_policies_table(policies)
+
+    except (ApiError, AuthenticationError, RateLimitError, ValidationError) as e:
+        print_error(str(e))
+        raise typer.Exit(1)
+
+
+@app.command("get")
+def get_policy(
+    policy_id: str = typer.Argument(help="Policy ID."),
+    json_output: bool = typer.Option(False, "--json", help="Output raw JSON."),
+) -> None:
+    """Get details of a specific policy."""
+    try:
+        client = get_client()
+        result = client.policies.get(policy_id)
+
+        if json_output:
+            print_json(result)
+        else:
+            from rich.console import Console
+            from rich.panel import Panel
+            from rich.table import Table
+
+            console = Console()
+            table = Table(show_header=False, box=None, padding=(0, 2))
+            table.add_column("Field", style="bold cyan")
+            table.add_column("Value")
+
+            for field in [
+                "id", "name", "redaction_method",
+                "confidence_threshold", "languages",
+                "pii_categories",
+            ]:
+                value = getattr(result, field, None)
+                if value is not None:
+                    table.add_row(field, str(value))
+
+            console.print(Panel(table, title="Policy Details", border_style="blue"))
+
+    except (ApiError, AuthenticationError, NotFoundError, RateLimitError, ValidationError) as e:
+        print_error(str(e))
+        raise typer.Exit(1)
+
+
+@app.command("create")
+def create_policy(
+    name: str = typer.Option(..., "--name", "-n", help="Policy name."),
+    redaction_method: str | None = typer.Option(
+        None, "--redaction-method", help="Redaction method.",
+    ),
+    confidence_threshold: float | None = typer.Option(
+        None, "--confidence-threshold",
+        help="Confidence threshold (0.0-1.0).",
+    ),
+    languages: list[str] | None = typer.Option(
+        None, "--languages", help="Supported languages.",
+    ),
+    pii_categories: list[str] | None = typer.Option(
+        None, "--pii-categories",
+        help="PII categories to detect.",
+    ),
+    json_output: bool = typer.Option(False, "--json", help="Output raw JSON."),
+) -> None:
+    """Create a new redaction policy."""
+    try:
+        client = get_client()
+
+        kwargs: dict = {"name": name}
+        if redaction_method is not None:
+            kwargs["redaction_method"] = redaction_method
+        if confidence_threshold is not None:
+            kwargs["confidence_threshold"] = confidence_threshold
+        if languages is not None:
+            kwargs["languages"] = languages
+        if pii_categories is not None:
+            kwargs["pii_categories"] = pii_categories
+
+        result = client.policies.create(**kwargs)
+
+        if json_output:
+            print_json(result)
+        else:
+            typer.echo(f"Policy created: {getattr(result, 'id', result)}")
+
+    except (ApiError, AuthenticationError, RateLimitError, ValidationError) as e:
+        print_error(str(e))
+        raise typer.Exit(1)
+
+
+@app.command("update")
+def update_policy(
+    policy_id: str = typer.Argument(help="Policy ID."),
+    name: str | None = typer.Option(
+        None, "--name", "-n", help="Policy name.",
+    ),
+    redaction_method: str | None = typer.Option(
+        None, "--redaction-method", help="Redaction method.",
+    ),
+    confidence_threshold: float | None = typer.Option(
+        None, "--confidence-threshold",
+        help="Confidence threshold (0.0-1.0).",
+    ),
+    languages: list[str] | None = typer.Option(
+        None, "--languages", help="Supported languages.",
+    ),
+    pii_categories: list[str] | None = typer.Option(
+        None, "--pii-categories",
+        help="PII categories to detect.",
+    ),
+    json_output: bool = typer.Option(False, "--json", help="Output raw JSON."),
+) -> None:
+    """Update an existing redaction policy."""
+    try:
+        client = get_client()
+
+        kwargs: dict = {}
+        if name is not None:
+            kwargs["name"] = name
+        if redaction_method is not None:
+            kwargs["redaction_method"] = redaction_method
+        if confidence_threshold is not None:
+            kwargs["confidence_threshold"] = confidence_threshold
+        if languages is not None:
+            kwargs["languages"] = languages
+        if pii_categories is not None:
+            kwargs["pii_categories"] = pii_categories
+
+        result = client.policies.update(policy_id, **kwargs)
+
+        if json_output:
+            print_json(result)
+        else:
+            typer.echo(f"Policy updated: {policy_id}")
+
+    except (ApiError, AuthenticationError, NotFoundError, RateLimitError, ValidationError) as e:
+        print_error(str(e))
+        raise typer.Exit(1)
+
+
+@app.command("delete")
+def delete_policy(
+    policy_id: str = typer.Argument(help="Policy ID."),
+    yes: bool = typer.Option(False, "--yes", "-y", help="Skip confirmation prompt."),
+) -> None:
+    """Delete a redaction policy."""
+    try:
+        if not yes:
+            confirm = typer.confirm(f"Delete policy {policy_id}?")
+            if not confirm:
+                raise typer.Abort()
+
+        client = get_client()
+        client.policies.delete(policy_id)
+        typer.echo(f"Policy deleted: {policy_id}")
+
+    except (ApiError, AuthenticationError, NotFoundError, RateLimitError, ValidationError) as e:
+        print_error(str(e))
+        raise typer.Exit(1)

expunct_cli/commands/redact.py

@@ -0,0 +1,120 @@
+from __future__ import annotations
+
+import sys
+from pathlib import Path
+
+import typer
+from expunct import (
+    ApiError,
+    AuthenticationError,
+    NotFoundError,
+    PollingTimeoutError,
+    RateLimitError,
+    ValidationError,
+)
+
+from expunct_cli.client import get_client
+from expunct_cli.output import print_error, print_job, print_json, print_redacted
+
+app = typer.Typer(no_args_is_help=False, invoke_without_command=True)
+
+BINARY_EXTENSIONS = {
+    ".pdf", ".docx", ".xlsx", ".pptx", ".png", ".jpg",
+    ".jpeg", ".gif", ".bmp", ".tiff", ".mp4", ".avi",
+    ".mov", ".mkv", ".wav", ".mp3", ".flac", ".ogg",
+    ".zip",
+}
+
+
+@app.callback(invoke_without_command=True)
+def redact(
+    ctx: typer.Context,
+    file: Path | None = typer.Argument(None, help="File to redact. Omit to read from stdin."),
+    text: str | None = typer.Option(None, "--text", "-t", help="Inline text to redact."),
+    uri: str | None = typer.Option(None, "--uri", "-u", help="URI to redact (e.g., gs://bucket/file.txt)."),
+    output: Path | None = typer.Option(None, "--output", "-o", help="Output file path."),
+    language: str = typer.Option("en", "--language", "-l", help="Language code."),
+    policy_id: str | None = typer.Option(None, "--policy-id", "-p", help="Policy ID to use."),
+    json_output: bool = typer.Option(False, "--json", help="Output raw JSON."),
+    wait: bool = typer.Option(True, "--wait/--no-wait", help="Wait for URI job to complete."),
+    timeout: int = typer.Option(300, "--timeout", help="Timeout in seconds for waiting."),
+) -> None:
+    """Redact PII from text, files, or URIs."""
+    if ctx.invoked_subcommand is not None:
+        return
+
+    try:
+        client = get_client()
+
+        if text is not None:
+            _redact_text(client, text, language, json_output)
+        elif uri is not None:
+            _redact_uri(client, uri, language, json_output, wait, timeout)
+        elif file is not None:
+            _redact_file(client, file, output, language, json_output)
+        elif not sys.stdin.isatty():
+            stdin_text = sys.stdin.read()
+            _redact_text(client, stdin_text, language, json_output)
+        else:
+            typer.echo(ctx.get_help())
+            raise typer.Exit()
+
+    except (
+        ApiError, AuthenticationError, NotFoundError,
+        RateLimitError, ValidationError, PollingTimeoutError,
+    ) as e:
+        print_error(str(e))
+        raise typer.Exit(1)
+
+
+def _redact_text(client, text: str, language: str, json_output: bool) -> None:
+    redacted = client.sanitize_text(text, language=language)
+    if json_output:
+        print_json({"original": text, "redacted": redacted})
+    else:
+        if sys.stdout.isatty():
+            print_redacted(text, redacted)
+        else:
+            sys.stdout.write(redacted)
+
+
+def _redact_file(client, file: Path, output: Path | None, language: str, json_output: bool) -> None:
+    if not file.exists():
+        print_error(f"File not found: {file}")
+        raise typer.Exit(1)
+
+    is_binary = file.suffix.lower() in BINARY_EXTENSIONS
+    if is_binary and output is None:
+        print_error(f"Binary file type ({file.suffix}) requires --output/-o flag.")
+        raise typer.Exit(1)
+
+    with open(file, "rb") as f:
+        result = client.sanitize_file(f, language=language, dest=str(output) if output else None)
+
+    if output:
+        typer.echo(f"Redacted file written to {output}", err=True)
+    else:
+        if isinstance(result, bytes):
+            text = result.decode("utf-8")
+        else:
+            text = str(result)
+        if json_output:
+            print_json({"redacted": text})
+        else:
+            sys.stdout.write(text)
+            if sys.stdout.isatty() and not text.endswith("\n"):
+                sys.stdout.write("\n")
+
+
+def _redact_uri(
+    client, uri: str, language: str,
+    json_output: bool, wait: bool, timeout: int,
+) -> None:
+    if wait:
+        result = client.sanitize_uri(uri, language=language)
+    else:
+        result = client.redact.uri(uri, language=language)
+    if json_output:
+        print_json(result)
+    else:
+        print_job(result)

expunct_cli/main.py

@@ -0,0 +1,46 @@
+from __future__ import annotations
+
+import typer
+
+from expunct_cli import __version__
+from expunct_cli.commands.audit import app as audit_app
+from expunct_cli.commands.config_cmd import app as config_app
+from expunct_cli.commands.detect import app as detect_app
+from expunct_cli.commands.jobs import app as jobs_app
+from expunct_cli.commands.policies import app as policies_app
+from expunct_cli.commands.redact import app as redact_app
+
+app = typer.Typer(
+    name="expunct",
+    help="Expunct CLI — PII redaction from the command line.",
+    no_args_is_help=True,
+)
+
+
+def version_callback(value: bool) -> None:
+    if value:
+        typer.echo(f"expunct-cli {__version__}")
+        raise typer.Exit()
+
+
+@app.callback()
+def main(
+    version: bool = typer.Option(
+        False, "--version", "-v",
+        help="Show version and exit.",
+        callback=version_callback,
+        is_eager=True
+    ),
+) -> None:
+    """Expunct CLI — PII redaction from the command line."""
+
+
+app.add_typer(redact_app, name="redact", help="Redact PII from text, files, or URIs.")
+app.add_typer(detect_app, name="detect", help="Detect PII entities without redacting.")
+app.add_typer(jobs_app, name="jobs", help="Manage redaction jobs.")
+app.add_typer(policies_app, name="policies", help="Manage redaction policies.")
+app.add_typer(audit_app, name="audit", help="View audit logs.")
+app.add_typer(config_app, name="config", help="Manage CLI configuration.")
+
+if __name__ == "__main__":
+    app()

expunct_cli/output.py

@@ -0,0 +1,140 @@
+from __future__ import annotations
+
+import json
+import sys
+from typing import Any
+
+from rich.console import Console
+from rich.panel import Panel
+from rich.table import Table
+from rich.text import Text
+
+console = Console()
+error_console = Console(stderr=True)
+
+
+def print_json(data: Any) -> None:
+    if hasattr(data, "model_dump"):
+        data = data.model_dump()
+    elif hasattr(data, "__dict__") and not isinstance(data, dict):
+        data = data.__dict__
+    json.dump(data, sys.stdout, indent=2, default=str)
+    sys.stdout.write("\n")
+
+
+def print_redacted(original: str, redacted: str) -> None:
+    console.print(Panel(original, title="Original", border_style="dim"))
+    console.print(Panel(redacted, title="Redacted", border_style="green"))
+
+
+def print_findings(findings: list) -> None:
+    if not findings:
+        console.print("[dim]No PII entities detected.[/]")
+        return
+
+    table = Table(title="PII Findings")
+    table.add_column("Entity Type", style="cyan")
+    table.add_column("Entity Value", style="red")
+    table.add_column("Confidence", justify="right", style="yellow")
+    table.add_column("Location", style="dim")
+
+    for f in findings:
+        if isinstance(f, dict):
+            entity_type = f.get("entity_type", "")
+            entity_value = f.get("entity_value", "")
+            confidence = f.get("confidence", "")
+            location = f.get("location", "")
+        else:
+            entity_type = f.entity_type
+            entity_value = f.entity_value
+            confidence = f.confidence
+            location = f.location
+
+        table.add_row(
+            str(entity_type),
+            str(entity_value),
+            f"{confidence:.2f}" if isinstance(confidence, float) else str(confidence),
+            str(location),
+        )
+
+    console.print(table)
+
+
+def print_job(job: Any) -> None:
+    table = Table(show_header=False, box=None, padding=(0, 2))
+    table.add_column("Field", style="bold cyan")
+    table.add_column("Value")
+
+    fields = ["id", "status", "language", "created_at", "updated_at", "input_uri", "output_uri"]
+    for field in fields:
+        value = getattr(job, field, None)
+        if value is not None:
+            table.add_row(field, str(value))
+
+    console.print(Panel(table, title="Job Details", border_style="blue"))
+
+    findings = getattr(job, "findings", None)
+    if findings:
+        print_findings(findings)
+
+
+def print_jobs_table(jobs: list, total: int, page: int, page_size: int) -> None:
+    table = Table(title=f"Jobs (page {page}, {total} total)")
+    table.add_column("ID", style="cyan")
+    table.add_column("Status", style="bold")
+    table.add_column("Language", style="dim")
+    table.add_column("Created At", style="dim")
+
+    for job in jobs:
+        if isinstance(job, dict):
+            job_id = job.get("id", "")
+            status = job.get("status", "")
+            language = job.get("language", "")
+            created_at = job.get("created_at", "")
+        else:
+            job_id = getattr(job, "id", "")
+            status = getattr(job, "status", "")
+            language = getattr(job, "language", "")
+            created_at = getattr(job, "created_at", "")
+
+        status_style = {
+            "completed": "green",
+            "failed": "red",
+            "processing": "yellow",
+        }.get(str(status), "")
+        table.add_row(
+            str(job_id),
+            Text(str(status), style=status_style),
+            str(language),
+            str(created_at),
+        )
+
+    console.print(table)
+
+
+def print_policies_table(policies: list) -> None:
+    table = Table(title="Policies")
+    table.add_column("ID", style="cyan")
+    table.add_column("Name", style="bold")
+    table.add_column("Redaction Method", style="dim")
+    table.add_column("Confidence Threshold", justify="right", style="yellow")
+
+    for p in policies:
+        if isinstance(p, dict):
+            pid = p.get("id", "")
+            name = p.get("name", "")
+            method = p.get("redaction_method", "")
+            threshold = p.get("confidence_threshold", "")
+        else:
+            pid = getattr(p, "id", "")
+            name = getattr(p, "name", "")
+            method = getattr(p, "redaction_method", "")
+            threshold = getattr(p, "confidence_threshold", "")
+
+        table.add_row(str(pid), str(name), str(method), str(threshold))
+
+    console.print(table)
+
+
+def print_error(message: str) -> None:
+    error_console.print(Panel(f"[bold red]{message}[/]", title="Error", border_style="red"))

expunct_cli-0.1.0.dist-info/METADATA

@@ -0,0 +1,349 @@
+Metadata-Version: 2.4
+Name: expunct-cli
+Version: 0.1.0
+Summary: CLI for the Expunct PII redaction API — redact, detect, and manage sensitive data from the command line.
+Project-URL: Homepage, https://expunct.ai
+Project-URL: Documentation, https://docs.expunct.ai
+Project-URL: Repository, https://github.com/expunct/cli
+Author: Expunct
+License-Expression: MIT
+Keywords: cli,pii,privacy,redaction,security
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries
+Requires-Python: >=3.10
+Requires-Dist: expunct>=0.1.1
+Requires-Dist: rich>=13.0
+Requires-Dist: typer>=0.15
+Provides-Extra: dev
+Requires-Dist: pytest>=8.0; extra == 'dev'
+Requires-Dist: ruff>=0.8; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# Expunct CLI
+
+**Privacy infrastructure for modern applications.**
+
+Redact PII, secrets, and sensitive data from text, logs, and files — before it reaches AI, analytics, or external APIs.
+
+---
+
+## 🚀 Quick Start
+
+```bash
+pip install expunct-cli
+```
+
+```bash
+export EXPUNCT_API_KEY=your_api_key
+```
+
+```bash
+expunct redact --text "John Smith email john@gmail.com"
+```
+
+**Output:**
+
+```
+PERSON_1 email EMAIL_1
+```
+
+---
+
+## ✨ Why Expunct?
+
+Modern applications constantly handle sensitive data:
+
+* AI prompts sent to LLMs
+* application logs
+* customer support tickets
+* analytics pipelines
+
+Expunct helps you:
+
+* 🔒 Detect PII (emails, phone numbers, names, etc.)
+* 🧠 Detect secrets (API keys, tokens, credentials)
+* 🧩 Apply policies (redact, mask, pseudonymize)
+* ⚡ Sanitize data before it leaves your system
+
+---
+
+## 🧪 Examples
+
+### Redact sensitive data
+
+```bash
+expunct redact --text "Contact me at john@gmail.com"
+```
+
+### Detect entities without modifying text
+
+```bash
+expunct detect --text "My email is john@gmail.com"
+```
+
+### Process a file
+
+```bash
+expunct redact logs.txt
+```
+
+### Redact binary files (PDF, DOCX, images, video, audio)
+
+```bash
+expunct redact report.pdf --output redacted_report.pdf
+```
+
+### Use with pipes (great for scripts & agents)
+
+```bash
+cat logs.txt | expunct redact
+echo "My SSN is 123-45-6789" | expunct detect
+```
+
+### Cloud URI redaction
+
+```bash
+expunct redact --uri "gs://my-bucket/file.txt"
+expunct redact --uri "s3://my-bucket/file.txt" --no-wait
+```
+
+### JSON output (for scripting & AI agents)
+
+```bash
+expunct redact --text "My SSN is 123-45-6789" --json
+expunct detect --text "Jane Doe" --json | jq '.findings[] | .entity_type'
+```
+
+---
+
+## 🧱 How It Works
+
+```
+Your App / Logs / Files
+           ↓
+        Expunct
+           ↓
+   Clean, safe data
+           ↓
+AI / APIs / Analytics
+```
+
+Expunct acts as a **privacy layer** that removes sensitive data before it leaves your system.
+
+---
+
+## 📖 Commands
+
+### `expunct redact`
+
+Redact PII from text, files, or URIs.
+
+```bash
+expunct redact --text "Call me at 555-1234"
+expunct redact notes.txt
+expunct redact scan.pdf -o redacted_scan.pdf
+expunct redact --uri "gs://my-bucket/file.txt"
+cat file.txt | expunct redact
+```
+
+| Flag | Description |
+|------|-------------|
+| `--text, -t` | Inline text to redact |
+| `--uri, -u` | Cloud URI to redact |
+| `--output, -o` | Output file path (required for binary formats) |
+| `--language, -l` | Language code (default: `en`) |
+| `--policy-id, -p` | Policy ID to apply |
+| `--json` | Raw JSON output |
+| `--wait/--no-wait` | Wait for URI jobs (default: `--wait`) |
+| `--timeout` | Wait timeout in seconds (default: `300`) |
+
+### `expunct detect`
+
+Detect PII entities without redacting. Shows entity type, value, confidence, and location.
+
+```bash
+expunct detect --text "My name is Jane Doe and my SSN is 123-45-6789"
+expunct detect document.txt
+expunct detect --uri "gs://bucket/file.txt"
+echo "test@email.com" | expunct detect
+```
+
+### `expunct jobs`
+
+Manage redaction jobs.
+
+```bash
+expunct jobs list
+expunct jobs list --status completed --page 2
+expunct jobs get JOB_ID
+expunct jobs download JOB_ID -o output.pdf
+expunct jobs wait JOB_ID --timeout 600
+```
+
+### `expunct policies`
+
+Manage redaction policies.
+
+```bash
+expunct policies list
+expunct policies create --name "strict" --confidence-threshold 0.9
+expunct policies get POLICY_ID
+expunct policies update POLICY_ID --name "updated-name"
+expunct policies delete POLICY_ID --yes
+```
+
+### `expunct audit`
+
+View audit logs.
+
+```bash
+expunct audit list
+expunct audit list --event-type redaction --page-size 50
+expunct audit list --json
+```
+
+### `expunct config`
+
+Manage CLI configuration.
+
+```bash
+expunct config set api_key YOUR_API_KEY
+expunct config set base_url https://api.expunct.ai
+expunct config get base_url
+expunct config show
+expunct config path
+```
+
+---
+
+## 🔑 Authentication
+
+**Option A: Environment variable** (recommended for CI/scripts)
+
+```bash
+export EXPUNCT_API_KEY=your_api_key
+```
+
+**Option B: Config file**
+
+```bash
+expunct config set api_key YOUR_API_KEY
+```
+
+Stored in `~/.expunct/config.json`:
+
+```json
+{
+  "api_key": "your_api_key",
+  "base_url": "https://api.expunct.ai",
+  "tenant_id": "your-tenant-id"
+}
+```
+
+| Variable | Description |
+|----------|-------------|
+| `EXPUNCT_API_KEY` | API key (overrides config file) |
+| `EXPUNCT_BASE_URL` | API base URL (overrides config file) |
+| `EXPUNCT_TENANT_ID` | Tenant ID (overrides config file) |
+
+---
+
+## ⚙️ Output Modes
+
+```bash
+# Default: human-readable with rich formatting
+expunct redact --text "My email is john@gmail.com"
+
+# JSON: machine-readable for piping and scripting
+expunct redact --text "My email is john@gmail.com" --json
+```
+
+---
+
+## 🤖 Agent-Friendly Design
+
+The CLI is designed to work well with AI agents and automation:
+
+* **Deterministic output** with `--json` flag
+* **Stdin piping** for chaining commands
+* **Non-interactive** — no prompts in `--json` mode
+* **Exit codes** — 0 for success, 1 for errors
+
+```bash
+# Pipe redacted text
+expunct redact --text "My phone is 555-0100" --json | jq .redacted
+
+# Chain with other tools
+cat logs.txt | expunct redact | grep "ERROR"
+
+# Use in scripts
+expunct jobs list --json | jq '.jobs[].id'
+```
+
+---
+
+## 🖥️ Platform Support
+
+The CLI is pure Python and works on **macOS**, **Linux**, and **Windows**:
+
+```bash
+# All platforms via pip
+pip install expunct-cli
+
+# macOS via Homebrew (coming soon)
+brew install expunct/tap/expunct-cli
+```
+
+---
+
+## 🔒 Built for Developers
+
+Expunct is built on top of proven detection tools like Microsoft Presidio, with added:
+
+* policy control
+* hosted API
+* scalable processing
+* multi-format support (text, PDF, DOCX, images, video, audio)
+
+---
+
+## 📚 Documentation
+
+👉 [https://docs.expunct.ai](https://docs.expunct.ai)
+
+## 🌐 Platform
+
+👉 [https://expunct.ai](https://expunct.ai)
+
+---
+
+## 💡 Roadmap
+
+* Pseudonymization (reversible identity masking)
+* Secret detection expansion
+* Batch processing via CLI
+* Directory processing
+* Streaming mode
+* Self-hosted / VPC deployment
+
+---
+
+## 🤝 Contributing
+
+Contributions welcome. Feel free to open issues or PRs.
+
+---
+
+## 📄 License
+
+MIT

expunct_cli-0.1.0.dist-info/RECORD

@@ -0,0 +1,15 @@
+expunct_cli/__init__.py,sha256=kUR5RAFc7HCeiqdlX36dZOHkUI5wI6V_43RpEcD8b-0,22
+expunct_cli/client.py,sha256=tBrCA3knYZayFD5x5li1XfZ7NmlwmmaatMBnkeslL_A,1250
+expunct_cli/main.py,sha256=3frt6VH8Asbbx6q676IrBa7E96v5JAA9GBnt6GUzzR0,1479
+expunct_cli/output.py,sha256=1Cafvo4go7pcsLj91Dy-pFBp3BBgKD71USGuPeNxlHQ,4502
+expunct_cli/commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+expunct_cli/commands/audit.py,sha256=P8N6PBgCT1jZtlI6j8VgpleAG50iWOj56AFB0UJDkBo,2036
+expunct_cli/commands/config_cmd.py,sha256=MoBJ0h0nuyYILsJwq3HpIvLictqDwzNDSLl0fiF4aXI,2126
+expunct_cli/commands/detect.py,sha256=tg8iiUbcGh-Oq1rJAJPwpp3AfAcUoOuIB_NlnkVRO3k,3611
+expunct_cli/commands/jobs.py,sha256=GXRSF4NnSVQCCZqHW_bVHYY8O1_g3qrG_Q33cszDaGY,3455
+expunct_cli/commands/policies.py,sha256=HrqQevnO0trx-bvJd4ITy_fMr4y3aZSIIge3fp_8TEA,6136
+expunct_cli/commands/redact.py,sha256=2yh9wnM2HiNqcWJAUvkPdQ7CwdsxBG4h_mmpOClCoWc,4104
+expunct_cli-0.1.0.dist-info/METADATA,sha256=GcxviZB88Az7V4UXYLDoyHdUc_QpF8G-PLZjzrnKxUg,7418
+expunct_cli-0.1.0.dist-info/WHEEL,sha256=QccIxa26bgl1E6uMy58deGWi-0aeIkkangHcxk2kWfw,87
+expunct_cli-0.1.0.dist-info/entry_points.txt,sha256=2GZLHMBftAnGc89oaGekw4MIuXXxfUWEUVW8nhiDQXE,49
+expunct_cli-0.1.0.dist-info/RECORD,,

expunct_cli-0.1.0.dist-info/WHEEL

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.29.0
+Root-Is-Purelib: true
+Tag: py3-none-any

expunct_cli-0.1.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+expunct = expunct_cli.main:app