gitgalaxy 1.0.6__tar.gz → 1.0.7__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (27) hide show
  1. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/PKG-INFO +30 -8
  2. gitgalaxy-1.0.7/README.md +104 -0
  3. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/gitgalaxy/aperture.py +20 -18
  4. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/gitgalaxy/audit_recorder.py +107 -4
  5. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/gitgalaxy/detector.py +5 -13
  6. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/gitgalaxy/galaxyscope.py +100 -6
  7. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/gitgalaxy/gitgalaxy_standards_v011.py +181 -230
  8. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/gitgalaxy/gpu_recorder.py +15 -42
  9. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/gitgalaxy/language_lens.py +35 -1
  10. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/gitgalaxy/llm_recorder.py +116 -20
  11. gitgalaxy-1.0.7/gitgalaxy/security_lens.py +181 -0
  12. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/gitgalaxy/signal_processor.py +211 -26
  13. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/gitgalaxy/spectral_auditor.py +33 -2
  14. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/gitgalaxy.egg-info/PKG-INFO +30 -8
  15. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/gitgalaxy.egg-info/SOURCES.txt +1 -0
  16. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/pyproject.toml +1 -1
  17. gitgalaxy-1.0.6/README.md +0 -82
  18. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/LICENSE +0 -0
  19. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/gitgalaxy/__init__.py +0 -0
  20. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/gitgalaxy/chronometer.py +0 -0
  21. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/gitgalaxy/guidestar_lens.py +0 -0
  22. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/gitgalaxy/prism.py +0 -0
  23. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/gitgalaxy/record_keeper.py +0 -0
  24. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/gitgalaxy.egg-info/dependency_links.txt +0 -0
  25. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/gitgalaxy.egg-info/entry_points.txt +0 -0
  26. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/gitgalaxy.egg-info/top_level.txt +0 -0
  27. {gitgalaxy-1.0.6 → gitgalaxy-1.0.7}/setup.cfg +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: gitgalaxy
3
- Version: 1.0.6
3
+ Version: 1.0.7
4
4
  Summary: Visualizes codebase complexity as explorable 3D galaxies.
5
5
  Author: Joe Esquibel
6
6
  License: PolyForm Noncommercial License 1.0.0
@@ -20,14 +20,24 @@ Dynamic: license-file
20
20
  [![PyPI version](https://badge.fury.io/py/gitgalaxy.svg)](https://badge.fury.io/py/gitgalaxy)
21
21
  [![Python 3.8+](https://img.shields.io/badge/python-3.8+-blue.svg)](https://www.python.org/downloads/)
22
22
  [![License: PolyForm Noncommercial](https://img.shields.io/badge/License-PolyForm%20Noncommercial-blue.svg)](https://polyformproject.org/licenses/noncommercial/1.0.0/)
23
+
24
+ [![Engine](https://img.shields.io/badge/Engine-blAST-8A2BE2.svg)](#)
25
+ [![Velocity](https://img.shields.io/badge/Velocity-100k+_LOC%2Fs-00C957.svg)](#)
26
+ [![Analysis](https://img.shields.io/badge/Analysis-Code_Bioinformatics-00BFFF.svg)](#)
27
+ [![Threat Hunting](https://img.shields.io/badge/Threat_Hunting-Behavioral-FF4500.svg)](#)
28
+ [![Architecture](https://img.shields.io/badge/Architecture-Zero__Trust-teal.svg)](#)
29
+
23
30
  [![Zero Dependencies](https://img.shields.io/badge/Dependencies-0-brightgreen.svg)](https://pypi.org/project/gitgalaxy/)
24
31
  [![Airgap Ready](https://img.shields.io/badge/Security-Airgap_Ready-teal.svg)](#)
25
- [![Local Processing](https://img.shields.io/badge/Telemetry-100%25_Local-blueviolet.svg)](#)
26
- [![Hardware Accelerated](https://img.shields.io/badge/Render-WebGPU_|_WebGL2-ff69b4.svg)](#)
32
+
27
33
 
28
34
  Code is art. Logic is art. Systems engineering is art.
29
35
 
30
- GitGalaxy reveals the complexity of codebases as explorable 3D galaxies by using source code as a seed for procedural generative art. It acts as a Rosetta Stone for code complexity, allowing you to visually compare the scale and risk exposure of different projects—from Apollo 11 to the Linux Kernel—under the same set of rules. GitGalaxy visualizes the non-visual architecture of massive software repositories, translating codebases into color based non-numeric dashboard, where files are rendered as stars (for humans), low-token markdown summaries of deep tech patterns the entire code base (for AI agents), and full audit of both Software Bill of Materials and internal file metrics (for lawyers). Code never leaves your machine, zero dependencies. Analyses based on BLAST and bioinformatic algorithms ported to coding languages. Currently handles ~40 languages and ~250 file extensions. Average scan rates at ~100,000 LOC/second, allowing for CI/CD pipeline integration. CLI based for AI-agent workflow, visualization system optional.
36
+ GitGalaxy is a two-part ecosystem connected by a universal JSON contract. It is designed to extract the structural DNA of massive software repositories and render their non-visual architecture into measurable, explorable 3D galaxies.
37
+
38
+ **1. The blAST Engine - The galaxyscope (Backend):** A hyper-scale, language-agnostic static analysis CLI. Based on 50 years of bioinformatics and genetic sequencing algorithms, it parses code at ~100,000 LOC/second. It outputs rich JSON telemetry, SQLite databases, and low-token Markdown briefs optimized for AI-agent workflows.
39
+
40
+ **2. The Observatory (Frontend):** Drop your galaxy.json into the free viewer at [GitGalaxy.io](https://gitgalaxy.io/) or use the repo's airgap_observatory, a standalone, zero-telemetry WebGPU visualizer. Both visualizers read the JSON contract and renders the entire code base as a procedural 3D galaxy where files are stars, allowing humans to visually map scale and risk exposure instantly.
31
41
 
32
42
  **Live Demo:** View 3D galaxy examples of Apollo-11, Linux, Tensorflow and more at [GitGalaxy.io](https://gitgalaxy.io/)
33
43
 
@@ -74,13 +84,17 @@ Open your web browser and go to http://localhost:8000.
74
84
 
75
85
  Drag and drop your newly generated _galaxy.json file to instantly render your architecture.
76
86
 
77
- ## How & What Does it Measure?
87
+ ## 🧬 The blAST Paradigm: Sequencing the DNA of Software
78
88
 
79
- Accomplished by scanning codebases with the same tech used to scan strings of DNA when I was a scientist. By employing a BLAST-like algorithm, a taxonomic language feature map, and DNA fingerprinting algorithms, GitGalaxy brings 50-ish years of bioinformatics to code analysis. We parse our resulting DNA/code fingerprint into a series of risk exposure metrics (genotype to phenotype associations).
89
+ Traditional computer science treats software like a rigid blueprint, using slow, language-specific Abstract Syntax Trees (ASTs) to analyze code. GitGalaxy treats code as a living, mutating organism using **blAST (Broad Lexical Abstract Syntax Tracker)**.
80
90
 
81
- GitGalaxy does not measure "Code Quality", which feels like a judgment, but instead measures Risk Exposure. Our measurements do not judge; they highlight. We do not assess "Bad Code"; we measure Cognitive Load Exposurehow hard it is for a human to work through the logic—because teams should be aware which files are the hardest to work on.
91
+ By applying the principles of biological sequence alignment to software, blAST hunts for the universal structural markers of logic across ~40 languages and ~250 file extensions. We translate this genetic code into "phenotypes"measurable risk exposures.
82
92
 
83
- Risk Exposures identify general trends (this file has high API exposure) instead of providing an absolute ranking over tiny differences (this file is better than that one because it scored 6% higher in the tech debt equation). These are general guides to give engineers, managers and CTOs a visual estimate on code status. It allows a team to agree on standards and instantly see—without reading a single line of text—where their architecture might be drifting into dangerous territory.
93
+ ### Sequencing at Hyper-Scale
94
+ By abandoning the compiler bottleneck, blAST achieves processing velocities that traditional ASTs simply cannot comprehend. In live telemetry tracking across the largest open-source ecosystems, blAST demonstrated its absolute scale:
95
+ * **Peak Velocity:** Sequenced the 141,445 lines of the original **Apollo-11** Guidance Computer assembly code in **0.28 seconds** (an alignment rate of **513,298 LOC/s**).
96
+ * **Massive Monoliths:** Chewed through the **3.2 million lines of OpenCV in just 11.11 seconds** (288,594 LOC/s).
97
+ * **Planetary Scale:** Effortlessly mapped the architectural DNA of planetary-scale repositories like **TensorFlow (7.8M LOC)**, **Kubernetes (5.5M LOC)**, and **FreeBSD (24.4M LOC)** in a fraction of the time required to compile them.
84
98
 
85
99
  ## Zero-Trust Architecture
86
100
 
@@ -90,6 +104,14 @@ Your code never leaves your machine. GitGalaxy performs 100% of its scanning and
90
104
  * **Ephemeral Memory Processing:** Repositories are unpacked into a volatile memory buffer (RAM) and are automatically purged when the browser tab is closed.
91
105
  * **Privacy-by-Design:** Even when using the web-based viewer, the data remains behind the user's firewall at all times.
92
106
 
107
+ ### The Viral Security Lens: Behavioral Threat Hunting
108
+ Traditional security scanners rely on rigid, outdated virus signatures. blAST acts like an immune system, hunting for the *behavioral genetic markers* of a threat. By analyzing the structural density of I/O hits, execution triggers, and security bypasses, blAST is perfectly engineered to stop modern attack vectors:
109
+
110
+ * **Supply-Chain Poisoning:** Instantly flags seemingly innocent setup scripts that possess an anomalous density of network I/O and dynamic execution (`eval`/`exec`).
111
+ * **Logic Bombs & Sabotage:** Identifies code designed to destroy infrastructure by catching dense concentrations of catastrophic OS commands and raw hardware aborts.
112
+ * **Steganography & Obfuscated Malware:** Mathematically exposes evasion techniques, flagging Unicode Smuggling (homoglyph imports) and sub-atomic custom XOR decryption loops.
113
+ * **Credential Hemorrhaging:** Acts as a ruthless data vault scanner, isolating hardcoded cryptographic assets (`.pem`, `.pfx`, `.jks` files) buried deep within massive repositories.
114
+
93
115
  ## License & Copyright
94
116
 
95
117
  Copyright (c) 2026 Joe Esquibel
@@ -0,0 +1,104 @@
1
+ # GitGalaxy
2
+
3
+ [![PyPI version](https://badge.fury.io/py/gitgalaxy.svg)](https://badge.fury.io/py/gitgalaxy)
4
+ [![Python 3.8+](https://img.shields.io/badge/python-3.8+-blue.svg)](https://www.python.org/downloads/)
5
+ [![License: PolyForm Noncommercial](https://img.shields.io/badge/License-PolyForm%20Noncommercial-blue.svg)](https://polyformproject.org/licenses/noncommercial/1.0.0/)
6
+
7
+ [![Engine](https://img.shields.io/badge/Engine-blAST-8A2BE2.svg)](#)
8
+ [![Velocity](https://img.shields.io/badge/Velocity-100k+_LOC%2Fs-00C957.svg)](#)
9
+ [![Analysis](https://img.shields.io/badge/Analysis-Code_Bioinformatics-00BFFF.svg)](#)
10
+ [![Threat Hunting](https://img.shields.io/badge/Threat_Hunting-Behavioral-FF4500.svg)](#)
11
+ [![Architecture](https://img.shields.io/badge/Architecture-Zero__Trust-teal.svg)](#)
12
+
13
+ [![Zero Dependencies](https://img.shields.io/badge/Dependencies-0-brightgreen.svg)](https://pypi.org/project/gitgalaxy/)
14
+ [![Airgap Ready](https://img.shields.io/badge/Security-Airgap_Ready-teal.svg)](#)
15
+
16
+
17
+ Code is art. Logic is art. Systems engineering is art.
18
+
19
+ GitGalaxy is a two-part ecosystem connected by a universal JSON contract. It is designed to extract the structural DNA of massive software repositories and render their non-visual architecture into measurable, explorable 3D galaxies.
20
+
21
+ **1. The blAST Engine - The galaxyscope (Backend):** A hyper-scale, language-agnostic static analysis CLI. Based on 50 years of bioinformatics and genetic sequencing algorithms, it parses code at ~100,000 LOC/second. It outputs rich JSON telemetry, SQLite databases, and low-token Markdown briefs optimized for AI-agent workflows.
22
+
23
+ **2. The Observatory (Frontend):** Drop your galaxy.json into the free viewer at [GitGalaxy.io](https://gitgalaxy.io/) or use the repo's airgap_observatory, a standalone, zero-telemetry WebGPU visualizer. Both visualizers read the JSON contract and renders the entire code base as a procedural 3D galaxy where files are stars, allowing humans to visually map scale and risk exposure instantly.
24
+
25
+ **Live Demo:** View 3D galaxy examples of Apollo-11, Linux, Tensorflow and more at [GitGalaxy.io](https://gitgalaxy.io/)
26
+
27
+ > **Note:** This is a condensed version of the full documentation. For more info, please visit: [https://github.com/squid-protocol/gitgalaxy](https://github.com/squid-protocol/gitgalaxy)
28
+
29
+ ---
30
+
31
+ ## Quickstart
32
+
33
+ ### 1. Install
34
+
35
+ ```bash
36
+ pip install gitgalaxy
37
+ ```
38
+
39
+ ### 2. Scan a Repository
40
+
41
+ Point the GalaxyScope at any local repository or ZIP archive. The engine runs entirely on your local machine—zero data is transmitted.
42
+
43
+ ```bash
44
+ galaxyscope /path/to/your/local/repo
45
+ ```
46
+
47
+ ### 3. View the Galaxy
48
+
49
+ GitGalaxy offers two ways to visualize your 3D architecture, both built on a strict Zero-Trust Privacy Model where your code never leaves your machine.
50
+
51
+ **Option A: The Web Viewer (Frictionless)**
52
+ Simply drag and drop your generated "your_repo_galaxy.json" file (or a .zip of your raw repository) directly into GitGalaxy.io. All rendering and scanning happens entirely in your browser's local memory.
53
+
54
+ **Option B: The Local Server (Enterprise & Offline)**
55
+ For teams operating under strict compliance rules or behind corporate firewalls, GitGalaxy includes a 100% static, zero-telemetry local viewer called the Airgap Observatory.
56
+
57
+ There is no backend, no database, and no external API calls. It is a completely closed-box system built on static HTML and JavaScript, you just need to spin up a basic local server to view it.
58
+
59
+ Navigate into the visualizer folder and start Python's built-in static web server:
60
+
61
+ ```bash
62
+ git clone https://github.com/squid-protocol/gitgalaxy.git
63
+ cd gitgalaxy/airgap_observatory
64
+ python3 -m http.server 8000
65
+ ```
66
+ Open your web browser and go to http://localhost:8000.
67
+
68
+ Drag and drop your newly generated _galaxy.json file to instantly render your architecture.
69
+
70
+ ## 🧬 The blAST Paradigm: Sequencing the DNA of Software
71
+
72
+ Traditional computer science treats software like a rigid blueprint, using slow, language-specific Abstract Syntax Trees (ASTs) to analyze code. GitGalaxy treats code as a living, mutating organism using **blAST (Broad Lexical Abstract Syntax Tracker)**.
73
+
74
+ By applying the principles of biological sequence alignment to software, blAST hunts for the universal structural markers of logic across ~40 languages and ~250 file extensions. We translate this genetic code into "phenotypes"—measurable risk exposures.
75
+
76
+ ### Sequencing at Hyper-Scale
77
+ By abandoning the compiler bottleneck, blAST achieves processing velocities that traditional ASTs simply cannot comprehend. In live telemetry tracking across the largest open-source ecosystems, blAST demonstrated its absolute scale:
78
+ * **Peak Velocity:** Sequenced the 141,445 lines of the original **Apollo-11** Guidance Computer assembly code in **0.28 seconds** (an alignment rate of **513,298 LOC/s**).
79
+ * **Massive Monoliths:** Chewed through the **3.2 million lines of OpenCV in just 11.11 seconds** (288,594 LOC/s).
80
+ * **Planetary Scale:** Effortlessly mapped the architectural DNA of planetary-scale repositories like **TensorFlow (7.8M LOC)**, **Kubernetes (5.5M LOC)**, and **FreeBSD (24.4M LOC)** in a fraction of the time required to compile them.
81
+
82
+ ## Zero-Trust Architecture
83
+
84
+ Your code never leaves your machine. GitGalaxy performs 100% of its scanning and vectorization locally.
85
+
86
+ * **No Data Transmission:** Source code is never transmitted to any API, cloud database, or third-party service.
87
+ * **Ephemeral Memory Processing:** Repositories are unpacked into a volatile memory buffer (RAM) and are automatically purged when the browser tab is closed.
88
+ * **Privacy-by-Design:** Even when using the web-based viewer, the data remains behind the user's firewall at all times.
89
+
90
+ ### The Viral Security Lens: Behavioral Threat Hunting
91
+ Traditional security scanners rely on rigid, outdated virus signatures. blAST acts like an immune system, hunting for the *behavioral genetic markers* of a threat. By analyzing the structural density of I/O hits, execution triggers, and security bypasses, blAST is perfectly engineered to stop modern attack vectors:
92
+
93
+ * **Supply-Chain Poisoning:** Instantly flags seemingly innocent setup scripts that possess an anomalous density of network I/O and dynamic execution (`eval`/`exec`).
94
+ * **Logic Bombs & Sabotage:** Identifies code designed to destroy infrastructure by catching dense concentrations of catastrophic OS commands and raw hardware aborts.
95
+ * **Steganography & Obfuscated Malware:** Mathematically exposes evasion techniques, flagging Unicode Smuggling (homoglyph imports) and sub-atomic custom XOR decryption loops.
96
+ * **Credential Hemorrhaging:** Acts as a ruthless data vault scanner, isolating hardcoded cryptographic assets (`.pem`, `.pfx`, `.jks` files) buried deep within massive repositories.
97
+
98
+ ## License & Copyright
99
+
100
+ Copyright (c) 2026 Joe Esquibel
101
+
102
+ GitGalaxy is released under the PolyForm Noncommercial License 1.0.0. It is completely free for personal use, research, experiment, testing, and hobby projects. Use by educational or charitable organizations is also permitted.
103
+
104
+ Any commercial use or integration into commercial SaaS products or corporate CI/CD pipelines requires a separate commercial license. Please reach out via gitgalaxy.io to discuss commercial integration.
@@ -104,14 +104,6 @@ class ApertureFilter:
104
104
  """
105
105
  [PHASE 0 ENTRY POINT]
106
106
  Fast path-only check to build the CensusArray (Radar Walk).
107
- Now safely fetches file size to prevent the 0-Byte Dark Matter telemetry bug.
108
-
109
- Args:
110
- file_path: The artifact's path.
111
- has_intent: True if the GuideStar mapped this file in a manifest or priority list.
112
-
113
- Returns:
114
- Tuple: (is_valid: bool, size_bytes: int, reason: str)
115
107
  """
116
108
  path_obj = Path(file_path)
117
109
  normalized_path = path_obj.as_posix()
@@ -122,20 +114,28 @@ class ApertureFilter:
122
114
  except ValueError:
123
115
  relative_path = normalized_path
124
116
 
125
- # Safely fetch size before making drop decisions to ensure accurate Dark Matter telemetry
126
117
  try:
127
118
  size_bytes = path_obj.stat().st_size if path_obj.exists() else 0
128
119
  except OSError:
129
120
  size_bytes = 0
130
121
 
131
- # 0. TIER 0.5: THE ABSOLUTE EXTENSION SHIELD (Impervious to Intent)
132
- # Drops SVGs, 3D Models, PDFs, and PGP keys before disk I/O ever happens.
122
+ # ======================================================================
123
+ # 0.1 TIER 0.1: THE SECRETS RADAR (Highest Priority Security Check)
124
+ # Checks for leaked credentials, databases, and private keys.
125
+ # ======================================================================
126
+ if path_obj.name in self.config.get("SECRETS_EXACT", set()) or ext.lower() in self.config.get("SECRETS_EXTENSIONS", set()):
127
+ reason = f"CRITICAL LEAK (Exposed Secret / Key Detected: '{path_obj.name}')"
128
+ self.logger.critical(f"🛡️ SECURITY BREACH: {reason} at {relative_path}")
129
+ return False, size_bytes, reason
130
+
131
+ # ======================================================================
132
+ # 0.5 TIER 0.5: THE ABSOLUTE EXTENSION SHIELD (Impervious to Intent)
133
+ # ======================================================================
133
134
  if ext.lower() in self.black_hole_exts:
134
135
  reason = f"Blocked (Explicitly Blacklisted Media/Binary Extension: '{ext}')"
135
136
  self.logger.debug(f"{reason}: {relative_path}")
136
137
  return False, size_bytes, reason
137
138
 
138
- # Resolve intent status against cache
139
139
  active_intent = has_intent or (normalized_path in self._intent_cache)
140
140
  if active_intent:
141
141
  self._intent_cache.add(normalized_path)
@@ -147,21 +147,17 @@ class ApertureFilter:
147
147
  return False, size_bytes, reason
148
148
 
149
149
  # --- INTENT BYPASS ---
150
- # If the file has a GuideStar lock, it bypasses linguistic whitelisting entirely.
151
150
  if active_intent:
152
151
  reason = "Passed (GuideStar Intent Lock Bypassed Tier 2)"
153
152
  self.logger.debug(f"{reason}: {relative_path}")
154
153
  return True, size_bytes, reason
155
154
 
156
155
  # 2. TIER 2: THE VISIBLE SPECTRUM (Linguistic Whitelisting)
157
- # Rule 2.1: Deep Space Remnants (Spec 2.3.3.B)
158
- # We allow extensionless files through without intent to be evaluated by the Shebang Scanner
159
156
  if not ext:
160
157
  reason = "Passed (Extensionless -> Shebang scan required)"
161
158
  self.logger.debug(f"{reason}: {relative_path}")
162
159
  return True, size_bytes, reason
163
160
 
164
- # Rule 2.2: Known Ecosystem Anchor or Whitelisted Extension
165
161
  if path_obj.name in self.ecosystem_anchors or ext.lower() in self.whitelisted_extensions:
166
162
  reason = "Passed (Ecosystem Anchor or Whitelisted Ext)"
167
163
  return True, size_bytes, reason
@@ -169,7 +165,7 @@ class ApertureFilter:
169
165
  reason = f"Blocked (Unsupported or Unrecognized Extension: '{ext}')"
170
166
  self.logger.debug(f"{reason}: {relative_path}")
171
167
  return False, size_bytes, reason
172
-
168
+
173
169
  def is_in_scope(self, file_path: Union[str, Path], content: Optional[str] = None, has_intent: bool = False) -> FilterResult:
174
170
  """Runs the 5-tier perimeter gate to validate maintainable code matter."""
175
171
  path_obj = Path(file_path)
@@ -211,7 +207,13 @@ class ApertureFilter:
211
207
  # --- TIER 1 & 2: PATH VALIDATION ---
212
208
  is_valid, size_bytes, reason = self.evaluate_path_integrity(path_obj, has_intent=active_intent)
213
209
  if not is_valid:
214
- result["band"] = self.bands.get("RADIO", "radio_noise")
210
+ # --- SECRETS RADAR CHECK ---
211
+ if reason and "CRITICAL LEAK" in reason:
212
+ # Uses the new QUARANTINE band and aligned terminology
213
+ result["band"] = self.bands.get("QUARANTINE", "critical_secret_leak")
214
+ else:
215
+ result["band"] = self.bands.get("RADIO", "ignored_system_or_hidden_file")
216
+
215
217
  result["reason"] = reason
216
218
  result["size_bytes"] = size_bytes
217
219
  return result
@@ -252,14 +252,117 @@ class AuditRecorder:
252
252
  "Discovery Proof": "Logic Splicer Shielding"
253
253
  })
254
254
 
255
- # 4. Final Mission Archive Packaging
255
+ # ==========================================================
256
+ # 4. FORENSIC SECURITY & VULNERABILITY AUDIT (Section 3)
257
+ # ==========================================================
258
+ sec_risk_mapping = {
259
+ "secrets_risk": {"label": "Secrets Risk Exposure", "threshold": 0.1},
260
+ "obscured_payload": {"label": "Hidden Malware Risk Exposure", "threshold": 60.0},
261
+ "logic_bomb": {"label": "Logic Bomb / Sabotage Risk Exposure", "threshold": 50.0},
262
+ "injection_surface": {"label": "Injection Surface Risk Exposure", "threshold": 65.0},
263
+ "memory_corruption": {"label": "Memory Corruption Risk Exposure", "threshold": 60.0}
264
+ }
265
+
266
+ sec_hit_mapping = {
267
+ "sec_danger": "Dangerous Code Execution (Eval/Exec)",
268
+ "sec_safety_neg": "Security Rule Bypasses",
269
+ "sec_io": "Suspicious Network Connections",
270
+ "sec_flux": "Global Environment Tampering",
271
+ "sec_heat_triggers": "Scrambled / Obfuscated Code",
272
+ "sec_graveyard": "Shadow Logic (Hidden Code)",
273
+ "sec_bitwise_hits": "Sub-Atomic Decryption (Custom XOR)",
274
+ "sec_shadow_imports": "Steganographic Execution (Shadow Imports)",
275
+ "sec_homoglyphs": "Unicode Smuggling (Homoglyph Imports)"
276
+ }
277
+
278
+ quarantined_files = []
279
+ vuln_exposures = {
280
+ data["label"]: {
281
+ "Alert Threshold": f">= {data['threshold']}%",
282
+ "Artifacts Flagged": 0,
283
+ "Critical Files": []
284
+ } for key, data in sec_risk_mapping.items()
285
+ }
286
+
287
+ raw_threat_hits = {
288
+ "_description": "The total number of times these specific malicious regex patterns were triggered across all scanned files.",
289
+ **{label: 0 for label in sec_hit_mapping.values()}
290
+ }
291
+
292
+ # Safe index lookups
293
+ risk_indices = {k: self.RISK_SCHEMA.index(k) for k in sec_risk_mapping.keys() if k in self.RISK_SCHEMA}
294
+ hit_indices = {k: self.HIT_SCHEMA.index(k) for k in sec_hit_mapping.keys() if k in self.HIT_SCHEMA}
295
+
296
+ # Sweep the stars for security anomalies
297
+ for star in stars:
298
+ path = star.get("path", "Unknown")
299
+ band = star.get("band", "")
300
+
301
+ if band == "critical_secret_leak":
302
+ quarantined_files.append({
303
+ "Path": path,
304
+ "Diagnostic": star.get("telemetry", {}).get("domain_context", {}).get("warning", "CRITICAL LEAK (Exposed Secret / Key Detected)")
305
+ })
306
+
307
+ risk_vector = star.get("risk_vector", [])
308
+ if len(risk_vector) == len(self.RISK_SCHEMA):
309
+ for r_key, r_idx in risk_indices.items():
310
+ score = risk_vector[r_idx]
311
+ mapping = sec_risk_mapping[r_key]
312
+ if score >= mapping["threshold"]:
313
+ label = mapping["label"]
314
+ vuln_exposures[label]["Critical Files"].append({"Path": path, "Score": f"{score:.1f}%"})
315
+ vuln_exposures[label]["Artifacts Flagged"] += 1
316
+
317
+ # Aggregate the raw threat hits
318
+ hit_vector = star.get("hit_vector")
319
+ if isinstance(hit_vector, list) and len(hit_vector) == len(self.HIT_SCHEMA):
320
+ for h_key, h_idx in hit_indices.items():
321
+ hits = hit_vector[h_idx]
322
+ if hits > 0:
323
+ label = sec_hit_mapping[h_key]
324
+ raw_threat_hits[label] += hits
325
+
326
+ # --- THE FALSE POSITIVE FIX: Decouple Active Threats from Surface Risks ---
327
+ # 1. Count actual malicious regex hits (ignoring the _description string)
328
+ malicious_hits_total = sum(v for k, v in raw_threat_hits.items() if isinstance(v, int))
329
+
330
+ # 2. Check for explicit malware
331
+ has_malware = vuln_exposures["Hidden Malware Risk Exposure"]["Artifacts Flagged"] > 0
332
+ has_secrets = vuln_exposures["Secrets Risk Exposure"]["Artifacts Flagged"] > 0
333
+
334
+ # 3. Tiered Status Routing
335
+ if quarantined_files or has_malware or has_secrets or malicious_hits_total > 0:
336
+ audit_status = "CRITICAL_THREATS_DETECTED"
337
+ elif any(v["Artifacts Flagged"] > 0 for v in vuln_exposures.values()):
338
+ # DOOM lands here. High architectural risk, but no active malicious intent.
339
+ audit_status = "ELEVATED_SURFACE_RISK"
340
+ else:
341
+ audit_status = "SECURE"
342
+
343
+ security_audit = {
344
+ "Audit Status": audit_status,
345
+ "Scope": {
346
+ "Artifacts Evaluated": len(stars),
347
+ "Threat Signatures Monitored": len(sec_hit_mapping),
348
+ "Vulnerability Vectors Calculated": len(sec_risk_mapping)
349
+ },
350
+ "Exposed Secrets & Credentials (Quarantined Files)": quarantined_files,
351
+ "Vulnerability Exposures (Threshold Breaches)": vuln_exposures,
352
+ "Raw Threat Signature Hits (Total Repository Occurrences)": raw_threat_hits
353
+ }
354
+
355
+ # ==========================================================
356
+ # 5. Final Mission Archive Packaging
357
+ # ==========================================================
256
358
  mission_audit = {
257
359
  "Audit Protocol": "GitGalaxy v6.2.0-Audit",
258
360
  "1. Forensic Trail (Traceability)": forensic_trail,
259
361
  "2. Global Synthesis Summary": summary,
260
- "3. High-Value Forensic Report": forensic_report,
261
- "4. Dark Matter (Excluded Artifacts)": pretty_singularity,
262
- "5. Visible Matter (Scanned Artifacts)": pretty_constellations
362
+ "3. Forensic Security & Vulnerability Audit": security_audit,
363
+ "4. High-Value Forensic Report": forensic_report,
364
+ "5. Dark Matter (Excluded Artifacts)": pretty_singularity,
365
+ "6. Visible Matter (Scanned Artifacts)": pretty_constellations
263
366
  }
264
367
 
265
368
  # --- ABSOLUTE ROUTING LOGIC ---
@@ -13,6 +13,8 @@ import hashlib
13
13
  import logging
14
14
  import time
15
15
  from typing import Dict, List, Any, TypedDict, Optional, Tuple
16
+ from . import gitgalaxy_standards_v011 as config
17
+
16
18
 
17
19
  # ==============================================================================
18
20
  # GitGalaxy Phase 2.5 & 7.5: Logic Splicer & Cartographer
@@ -214,19 +216,9 @@ class LogicSplicer:
214
216
  3. Integration Modes: Labels (A), Braces (B), Indentation (C), Keywords (D), Terminators (E).
215
217
  """
216
218
 
217
- # --- ADD THE SCHEMA HERE ---
218
- UNIVERSAL_METRICS_SCHEMA = [
219
- "branch", "linear", "args", "func_start", "class_start", "safety",
220
- "safety_neg", "danger", "io", "api", "flux", "graveyard", "doc",
221
- "test", "concurrency", "ui_framework", "closures", "globals",
222
- "decorators", "generics", "comprehensions", "scientific", "heat_triggers",
223
- "import", "ownership", "planned_debt", "fragile_debt", "private_info",
224
- "spec_exposure", "civil_war", "ssr_boundaries", "events",
225
- "dependency_injection", "macros", "pointers", "memory_alloc",
226
- "inline_asm", "telemetry", "print_hits", "cast_hits", "bailout_hits",
227
- "halt_hits", "bitwise_hits", "sync_locks", "freeze_hits", "cleanup",
228
- "encapsulation", "listeners", "test_skip", "indent_tabs", "indent_spaces"
229
- ]
219
+ # --- DYNAMIC SCHEMA FETCH ---
220
+ # Directly mirrors the central registry to prevent schema drift
221
+ UNIVERSAL_METRICS_SCHEMA = config.RECORDING_SCHEMAS.get("SIGNAL_SCHEMA", [])
230
222
 
231
223
  HANDSHAKE_REGISTRY = [
232
224
  {"trigger": re.compile(r'<script', re.I), "end": re.compile(r'</script>', re.I), "target": "javascript", "pair": None},
@@ -34,6 +34,7 @@ from .spectral_auditor import SpectralAuditor
34
34
  from .gpu_recorder import GPURecorder
35
35
  from .audit_recorder import AuditRecorder
36
36
  from .llm_recorder import LLMRecorder
37
+ from .security_lens import SecurityLens
37
38
  # Load Universal Laws from config
38
39
  from . import gitgalaxy_standards_v011 as scanning_config
39
40
 
@@ -111,13 +112,22 @@ def _process_file_worker(rel_path: str) -> Dict[str, Any]:
111
112
  """Processes a single file path using the worker's cached hardware modules."""
112
113
  global _worker_state
113
114
 
115
+ # ---> START THE CLOCK FOR THE MICRO-PROFILER <---
116
+ t_start = time.time()
117
+
114
118
  root = _worker_state['root']
115
119
  full_path_str = str(root / rel_path)
116
120
 
117
121
  # --- NEW: PARALLEL PHANTOM CHECK ---
118
122
  # Silently evaporates files missing on disk to prevent main-thread anomaly logging
119
123
  if not Path(full_path_str).is_file():
120
- return {"rel_path": rel_path, "status": "phantom", "reason": "Phantom file (missing on disk)", "data": {}}
124
+ return {
125
+ "rel_path": rel_path,
126
+ "status": "phantom",
127
+ "reason": "Phantom file (missing on disk)",
128
+ "data": {},
129
+ "processing_time": time.time() - t_start
130
+ }
121
131
 
122
132
  logger = _worker_state['worker_logger']
123
133
  aperture = _worker_state['filter']
@@ -139,19 +149,28 @@ def _process_file_worker(rel_path: str) -> Dict[str, Any]:
139
149
  observation["status"] = "singularity"
140
150
  observation["reason"] = reason
141
151
  observation["size_bytes"] = size_bytes
152
+ observation["processing_time"] = time.time() - t_start
142
153
  return observation
143
154
 
144
155
  try:
145
156
  with open(full_path_str, 'r', encoding='utf-8', errors='ignore') as f:
146
157
  content_buffer = f.read()
158
+ except FileNotFoundError:
159
+ # Replaces the Phantom Check! Fast, zero-overhead disk failure routing.
160
+ observation["status"] = "phantom"
161
+ observation["reason"] = "Phantom file (missing on disk)"
162
+ observation["processing_time"] = time.time() - t_start
163
+ return observation
147
164
  except Exception as e:
148
165
  observation["reason"] = f"I/O Error: {str(e)}"
166
+ observation["processing_time"] = time.time() - t_start
149
167
  return observation
150
168
 
151
169
  filter_res = aperture.is_in_scope(full_path_str, content=content_buffer, has_intent=has_prior)
152
170
  if not filter_res["is_in_scope"]:
153
171
  observation["status"] = "singularity"
154
172
  observation["reason"] = filter_res["reason"]
173
+ observation["processing_time"] = time.time() - t_start
155
174
  return observation
156
175
 
157
176
  detection_result = detector.inspect(
@@ -169,6 +188,7 @@ def _process_file_worker(rel_path: str) -> Dict[str, Any]:
169
188
  observation["status"] = "singularity"
170
189
  observation["reason"] = f"Unsupported Format (.{lang_id})"
171
190
  observation["identity_confidence"] = detection_result.get("intensity", 0.0)
191
+ observation["processing_time"] = time.time() - t_start
172
192
  return observation
173
193
 
174
194
  refraction = prism.refract(content_buffer, lang_id)
@@ -218,12 +238,12 @@ def _process_file_worker(rel_path: str) -> Dict[str, Any]:
218
238
  "prior_lock": has_prior,
219
239
  "coding_loc": refraction["coding_loc"],
220
240
  "doc_loc": refraction["doc_loc"],
221
- "raw_imports": raw_imports, # <-- ADDED
222
- "popularity_hits": popularity_hits # <-- ADDED
241
+ "raw_imports": raw_imports,
242
+ "popularity_hits": popularity_hits
223
243
  }
224
244
 
225
245
  data_payload.update(logic_data)
226
- data_payload["raw_imports"] = list(raw_imports) # <-- Cast to list!
246
+ data_payload["raw_imports"] = list(raw_imports)
227
247
  data_payload["control_flow_ratio"] = logic_data.get("total_control_flow_ratio", 0.0)
228
248
  data_payload["file_impact"] = logic_data.get("sum_fxn_impact", 0.0)
229
249
 
@@ -232,6 +252,17 @@ def _process_file_worker(rel_path: str) -> Dict[str, Any]:
232
252
  except Exception as e:
233
253
  observation["status"] = "anomaly"
234
254
  observation["reason"] = f"Hardware failure: {str(e)}"
255
+
256
+ # ---> RECORD THE FINAL TIME <---
257
+ total_time = time.time() - t_start
258
+ observation["processing_time"] = total_time
259
+
260
+ # ---> NEW: REAL-TIME SLOW FILE ALERT <---
261
+ if total_time > 10.0:
262
+ logger.warning(f"🐌 SLOW PARSE DETECTED: '{rel_path}' took {total_time:.2f} seconds.")
263
+
264
+ # ---> RECORD THE FINAL TIME <---
265
+ observation["processing_time"] = time.time() - t_start
235
266
 
236
267
  return observation
237
268
 
@@ -638,8 +669,13 @@ class Orchestrator:
638
669
  if not clean_path:
639
670
  continue
640
671
 
672
+ # THE FIX: Don't turn file extensions into folders!
673
+ # If the string has a dot but no slash, we only replace '.' with '/'
674
+ # if it is NOT a recognized file extension.
641
675
  if "." in clean_path and "/" not in clean_path:
642
- clean_path = clean_path.replace(".", "/")
676
+ ext_guess = "." + clean_path.rsplit('.', 1)[-1].lower()
677
+ if ext_guess not in self.ext_tally:
678
+ clean_path = clean_path.replace(".", "/")
643
679
 
644
680
  # Strip leading relative markers so it aligns with our suffix map
645
681
  clean_path = clean_path.lstrip("./")
@@ -792,6 +828,52 @@ class Orchestrator:
792
828
  "file_impact": forensic_result["file_impact"],
793
829
  "telemetry": telemetry_payload
794
830
  })
831
+
832
+ # ==================================================================
833
+ # THE SECRETS SUPERNOVA INJECTION (Synthetic Visualization)
834
+ # Pull critical leaks out of Dark Matter and force them onto the map
835
+ # ==================================================================
836
+ leaks = [cand for cand in self.singularity_candidates if "CRITICAL LEAK" in cand.get("reason", "")]
837
+
838
+ # Remove them from Dark Matter so they aren't double-counted in the summary
839
+ self.singularity_candidates = [cand for cand in self.singularity_candidates if "CRITICAL LEAK" not in cand.get("reason", "")]
840
+
841
+ from .signal_processor import SignalProcessor
842
+
843
+ for leak in leaks:
844
+ rel_path = leak["path"]
845
+ logger.critical(f"Supernova Injection: Forcing {rel_path} onto the 3D Map!")
846
+
847
+ synthetic_star = {
848
+ "name": Path(rel_path).name,
849
+ "path": rel_path,
850
+ "lang_id": "plaintext", # <-- Bypasses the Spectral Auditor as Inert Matter
851
+ "coding_loc": 1,
852
+ "total_loc": 1,
853
+ "band": "critical_secret_leak",
854
+
855
+ # 18-point risk vector. Index 17 is secrets_risk. Peg it to 100%.
856
+ "risk_vector": [0.0] * 13 + [0.0, 0.0, 0.0, 0.0, 100.0],
857
+ "hit_vector": [0] * len(SignalProcessor.SIGNAL_SCHEMA),
858
+
859
+ # ---> CARTOGRAPHER GRAVITY <---
860
+ # This makes the radius massive and pushes all other files away
861
+ "file_impact": 5000.0,
862
+
863
+ "telemetry": {
864
+ "ownership": "Secrets Radar",
865
+ "domain_context": {"warning": "CRITICAL CREDENTIAL LEAK DETECTED"},
866
+ "identity_source_proof": "Aperture Security Override",
867
+ "identity_lock_tier": 0
868
+ }
869
+ }
870
+
871
+ # Manually flag the private_info hit so UI tooltips show the exact trigger
872
+ if "private_info" in SignalProcessor.SIGNAL_SCHEMA:
873
+ idx = SignalProcessor.SIGNAL_SCHEMA.index("private_info")
874
+ synthetic_star["hit_vector"][idx] = 1
875
+
876
+ self.stars.append(synthetic_star)
795
877
 
796
878
  def _prepare_target(self, target_input: Union[str, Path]) -> Path:
797
879
  """Prepares the filesystem for analysis."""
@@ -929,6 +1011,7 @@ def main():
929
1011
  parser.add_argument("target", help="Path to repo or ZIP")
930
1012
  parser.add_argument("--output", default=None, help="Optional output filename override")
931
1013
  parser.add_argument("--debug", action="store_true", help="Turn on verbose Analytical logging")
1014
+ parser.add_argument("--paranoid", action="store_true", help="Lower security thresholds to flag more potential threats.")
932
1015
 
933
1016
  args = parser.parse_args()
934
1017
 
@@ -977,6 +1060,16 @@ def main():
977
1060
  merged_langs[lang]['rules'].update(rules_patch)
978
1061
  logging.debug(f" -> Patched '{lang}' geometry rules.")
979
1062
 
1063
+ # =========================================================
1064
+ # --- NEW: SECURITY LENS INTEGRATION ---
1065
+ # =========================================================
1066
+ logging.info("🛡️ SECURITY LENS ACTIVE: Passively monitoring for Threat Signatures.")
1067
+ lens = SecurityLens(parent_logger=logging.getLogger())
1068
+
1069
+ # Unconditionally inject the 'sec_' prefixed observers into the registry
1070
+ merged_langs = lens.arm_lens(merged_langs)
1071
+ # =========================================================
1072
+
980
1073
  # ---------------------------------------------------------
981
1074
  # 3. Assemble the Final Configuration
982
1075
  # ---------------------------------------------------------
@@ -986,7 +1079,8 @@ def main():
986
1079
  "APERTURE_CONFIG": getattr(scanning_config, "APERTURE_CONFIG", {}),
987
1080
  "PATH_MODIFIERS": getattr(scanning_config, "PATH_MODIFIERS", {}),
988
1081
  "PRIORITY_WHITELIST": getattr(scanning_config, "PRIORITY_WHITELIST", []),
989
- "DOCUMENTATION_LANGUAGES": getattr(scanning_config, "DOCUMENTATION_LANGUAGES", set())
1082
+ "DOCUMENTATION_LANGUAGES": getattr(scanning_config, "DOCUMENTATION_LANGUAGES", set()),
1083
+ "PARANOID_MODE": args.paranoid # ---> 2. INJECT INTO CONFIG <---
990
1084
  }
991
1085
 
992
1086
  # ---------------------------------------------------------