gitgalaxy 1.1.2__tar.gz → 1.1.3__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/PKG-INFO +8 -3
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/gitgalaxy/galaxyscope.py +62 -50
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/gitgalaxy/gitgalaxy_standards_v1.py +25 -25
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/gitgalaxy/gpu_recorder.py +9 -2
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/gitgalaxy/llm_recorder.py +14 -9
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/gitgalaxy/signal_processor.py +18 -6
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/gitgalaxy.egg-info/PKG-INFO +8 -3
- gitgalaxy-1.1.3/gitgalaxy.egg-info/entry_points.txt +2 -0
- gitgalaxy-1.1.3/pyproject.toml +56 -0
- gitgalaxy-1.1.2/gitgalaxy.egg-info/entry_points.txt +0 -2
- gitgalaxy-1.1.2/pyproject.toml +0 -33
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/LICENSE +0 -0
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/README.md +0 -0
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/gitgalaxy/__init__.py +0 -0
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/gitgalaxy/aperture.py +0 -0
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/gitgalaxy/audit_recorder.py +0 -0
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/gitgalaxy/chronometer.py +0 -0
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/gitgalaxy/detector.py +0 -0
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/gitgalaxy/guidestar_lens.py +0 -0
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/gitgalaxy/language_lens.py +0 -0
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/gitgalaxy/prism.py +0 -0
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/gitgalaxy/record_keeper.py +0 -0
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/gitgalaxy/security_lens.py +0 -0
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/gitgalaxy/spectral_auditor.py +0 -0
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/gitgalaxy.egg-info/SOURCES.txt +0 -0
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/gitgalaxy.egg-info/dependency_links.txt +0 -0
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/gitgalaxy.egg-info/top_level.txt +0 -0
- {gitgalaxy-1.1.2 → gitgalaxy-1.1.3}/setup.cfg +0 -0
|
@@ -1,15 +1,20 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: gitgalaxy
|
|
3
|
-
Version: 1.1.
|
|
3
|
+
Version: 1.1.3
|
|
4
4
|
Summary: A high-speed static analysis engine that sequences source code like DNA to map architectural risk and security threats.
|
|
5
5
|
Author: Joe Esquibel
|
|
6
|
-
License: PolyForm Noncommercial License 1.0.0
|
|
7
6
|
Project-URL: Homepage, https://gitgalaxy.io
|
|
8
7
|
Project-URL: Source, https://github.com/squid-protocol/gitgalaxy
|
|
8
|
+
Project-URL: Tracker, https://github.com/squid-protocol/gitgalaxy/issues
|
|
9
|
+
Keywords: static-analysis,security,threat-hunting,visualization,ast,zero-trust,webgpu,architecture
|
|
9
10
|
Classifier: Programming Language :: Python :: 3
|
|
10
|
-
Classifier: License :: Other/Proprietary License
|
|
11
11
|
Classifier: Operating System :: OS Independent
|
|
12
|
+
Classifier: Environment :: Console
|
|
13
|
+
Classifier: Topic :: Security
|
|
14
|
+
Classifier: Topic :: Software Development :: Quality Assurance
|
|
15
|
+
Classifier: Topic :: Scientific/Engineering :: Visualization
|
|
12
16
|
Classifier: Intended Audience :: Developers
|
|
17
|
+
Classifier: Intended Audience :: Information Technology
|
|
13
18
|
Requires-Python: >=3.8
|
|
14
19
|
Description-Content-Type: text/markdown
|
|
15
20
|
License-File: LICENSE
|
|
@@ -91,7 +91,7 @@ def _init_worker(root_str: str, config: Dict[str, Any], ext_tally: Dict[str, int
|
|
|
91
91
|
splicer_cache[lang_id] = LogicSplicer(lang_id, lang_defs, parent_logger=worker_logger)
|
|
92
92
|
|
|
93
93
|
# --- NEW: Decide the Rules of Engagement before booting the engines ---
|
|
94
|
-
if
|
|
94
|
+
if config.get("PARANOID_MODE", False):
|
|
95
95
|
active_policy = scanning_config.ThreatPolicy.get_policy("paranoid")
|
|
96
96
|
else:
|
|
97
97
|
active_policy = scanning_config.ThreatPolicy.get_policy("baseline")
|
|
@@ -331,8 +331,7 @@ class Orchestrator:
|
|
|
331
331
|
self.llm_recorder = LLMRecorder(parent_logger=logger)
|
|
332
332
|
|
|
333
333
|
# --- NEW: THE SMART THREAT SWITCH (MAIN THREAD) ---
|
|
334
|
-
if
|
|
335
|
-
logger.info("☣️ HAZMAT SANDBOX DETECTED: Engaging PARANOID threat thresholds.")
|
|
334
|
+
if self.config.get("PARANOID_MODE", False):
|
|
336
335
|
active_policy = scanning_config.ThreatPolicy.get_policy("paranoid")
|
|
337
336
|
else:
|
|
338
337
|
active_policy = scanning_config.ThreatPolicy.get_policy("baseline")
|
|
@@ -406,58 +405,66 @@ class Orchestrator:
|
|
|
406
405
|
mission_dir = resolve_mission_control(self.root.name)
|
|
407
406
|
output_file = str(mission_dir / Path(output_file).name)
|
|
408
407
|
# ----------------------
|
|
408
|
+
|
|
409
|
+
# --- CHECK EXCLUSIVE MODE FLAGS ---
|
|
410
|
+
exclusive_mode = self.config.get("LLM_ONLY") or self.config.get("GPU_ONLY") or self.config.get("AUDIT_ONLY")
|
|
411
|
+
audit_output = "Skipped"
|
|
409
412
|
|
|
410
413
|
# ==========================================================
|
|
411
414
|
# PHASE 8: AUDIT RECORDER (Non-Destructive Forensic Fork)
|
|
412
415
|
# ==========================================================
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
416
|
+
if not exclusive_mode or self.config.get("AUDIT_ONLY"):
|
|
417
|
+
try:
|
|
418
|
+
out_path = Path(output_file)
|
|
419
|
+
audit_output = str(out_path.with_name(f"{out_path.stem}_audit{out_path.suffix}"))
|
|
420
|
+
logger.info(f"AUDIT: Generating comprehensive human-readable forensic log -> {audit_output}")
|
|
421
|
+
|
|
422
|
+
self.audit_recorder.generate_report(
|
|
423
|
+
stars=visible_galaxy,
|
|
424
|
+
singularity=total_singularity,
|
|
425
|
+
summary=summary,
|
|
426
|
+
forensic_report=report,
|
|
427
|
+
session_meta=session_meta,
|
|
428
|
+
output_path=audit_output
|
|
429
|
+
)
|
|
430
|
+
except Exception as e:
|
|
431
|
+
logger.error(f"AUDIT_FAILURE: Could not generate forensic log. {e}", exc_info=True)
|
|
428
432
|
|
|
429
433
|
# ==========================================================
|
|
430
434
|
# PHASE 8.5: LLM RECORDER (The AI Translation Layer)
|
|
431
435
|
# ==========================================================
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
436
|
+
if not exclusive_mode or self.config.get("LLM_ONLY"):
|
|
437
|
+
try:
|
|
438
|
+
output_dir = str(Path(output_file).parent)
|
|
439
|
+
logger.info(f"LLM: Generating AI translation artifacts -> {output_dir}")
|
|
440
|
+
|
|
441
|
+
self.llm_recorder.generate_artifacts(
|
|
442
|
+
stars=visible_galaxy,
|
|
443
|
+
singularity=total_singularity,
|
|
444
|
+
summary=summary,
|
|
445
|
+
session_meta=session_meta,
|
|
446
|
+
output_dir=output_dir,
|
|
447
|
+
forensic_report=report
|
|
448
|
+
)
|
|
449
|
+
except Exception as e:
|
|
450
|
+
logger.error(f"LLM_FAILURE: Could not generate AI artifacts. {e}", exc_info=True)
|
|
446
451
|
|
|
447
452
|
# ==========================================================
|
|
448
453
|
# PHASE 9: GPU RECORDER (Destructive Columnar Pivot)
|
|
449
454
|
# ==========================================================
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
455
|
+
if not exclusive_mode or self.config.get("GPU_ONLY"):
|
|
456
|
+
logger.info(f"GPU: Generating minified payload -> {output_file}")
|
|
457
|
+
# record_mission destructively clears RAM as it pivots
|
|
458
|
+
payload = self.gpu_recorder.record_mission(
|
|
459
|
+
stars=visible_galaxy,
|
|
460
|
+
singularity=total_singularity,
|
|
461
|
+
summary=summary,
|
|
462
|
+
forensic_report=report,
|
|
463
|
+
repo_name=self.root.name
|
|
464
|
+
)
|
|
465
|
+
|
|
466
|
+
payload["meta"]["session"] = session_meta
|
|
467
|
+
self.gpu_recorder.save_minified(payload, output_file)
|
|
461
468
|
|
|
462
469
|
logger.info(f"--- MISSION_SUCCESS: {stars_mapped_count} stars mapped in {duration}s ---")
|
|
463
470
|
logger.info(f"--- ENGINE_TELEMETRY: Processed {total_loc:,} lines of code at {loc_per_sec:,} LOC/s ---")
|
|
@@ -1088,6 +1095,11 @@ def main():
|
|
|
1088
1095
|
parser.add_argument("--debug", action="store_true", help="Turn on verbose Analytical logging")
|
|
1089
1096
|
parser.add_argument("--paranoid", action="store_true", help="Lower security thresholds to flag more potential threats.")
|
|
1090
1097
|
|
|
1098
|
+
# --- NEW: EXCLUSIVE RECORDER FLAGS ---
|
|
1099
|
+
parser.add_argument("--llm-only", action="store_true", help="Run ONLY the LLM recorder")
|
|
1100
|
+
parser.add_argument("--gpu-only", action="store_true", help="Run ONLY the GPU recorder")
|
|
1101
|
+
parser.add_argument("--audit-only", action="store_true", help="Run ONLY the Audit recorder")
|
|
1102
|
+
|
|
1091
1103
|
args = parser.parse_args()
|
|
1092
1104
|
|
|
1093
1105
|
log_level = logging.DEBUG if args.debug else logging.INFO
|
|
@@ -1136,14 +1148,10 @@ def main():
|
|
|
1136
1148
|
logging.debug(f" -> Patched '{lang}' geometry rules.")
|
|
1137
1149
|
|
|
1138
1150
|
# --- THE SMART THREAT SWITCH ---
|
|
1139
|
-
|
|
1140
|
-
if os.environ.get("GITGALAXY_DATA_DIR"):
|
|
1141
|
-
# We are in the sandbox. Engage Paranoid Mode.
|
|
1151
|
+
if args.paranoid:
|
|
1142
1152
|
active_policy = scanning_config.ThreatPolicy.get_policy("paranoid")
|
|
1143
|
-
|
|
1144
|
-
logging.getLogger("GalaxyScope").info("☣️ HAZMAT SANDBOX DETECTED: Engaging PARANOID threat thresholds.")
|
|
1153
|
+
logging.getLogger("GalaxyScope").info("🔒 ZERO-TRUST MODE: Security Lens thresholds set to maximum sensitivity.")
|
|
1145
1154
|
else:
|
|
1146
|
-
# Normal developer scan. Engage Baseline Mode.
|
|
1147
1155
|
active_policy = scanning_config.ThreatPolicy.get_policy("baseline")
|
|
1148
1156
|
|
|
1149
1157
|
# Boot the lens with the chosen policy
|
|
@@ -1160,7 +1168,11 @@ def main():
|
|
|
1160
1168
|
"PATH_MODIFIERS": getattr(scanning_config, "PATH_MODIFIERS", {}),
|
|
1161
1169
|
"PRIORITY_WHITELIST": getattr(scanning_config, "PRIORITY_WHITELIST", []),
|
|
1162
1170
|
"DOCUMENTATION_LANGUAGES": getattr(scanning_config, "DOCUMENTATION_LANGUAGES", set()),
|
|
1163
|
-
"PARANOID_MODE": args.paranoid
|
|
1171
|
+
"PARANOID_MODE": args.paranoid,
|
|
1172
|
+
# --- NEW: PASS EXCLUSIVE FLAGS TO ORCHESTRATOR ---
|
|
1173
|
+
"LLM_ONLY": args.llm_only,
|
|
1174
|
+
"GPU_ONLY": args.gpu_only,
|
|
1175
|
+
"AUDIT_ONLY": args.audit_only
|
|
1164
1176
|
}
|
|
1165
1177
|
|
|
1166
1178
|
# ---------------------------------------------------------
|
|
@@ -10137,7 +10137,7 @@ PATH_MODIFIERS = {
|
|
|
10137
10137
|
# data that affects the entire application, requiring massive mental overhead to edit safely.
|
|
10138
10138
|
(re.compile(r'(?:^|/)(?:stores?|states?|reducers?|contexts?)/', re.I), 1.15)
|
|
10139
10139
|
],
|
|
10140
|
-
'
|
|
10140
|
+
'Error & Exception Exposure': [
|
|
10141
10141
|
# 1. The Sentinel (Core Security & Auth)
|
|
10142
10142
|
# Highly secure zones dedicated to authentication, authorization, and cryptography.
|
|
10143
10143
|
# Massive reduction in risk exposure because this is explicit defensive mass.
|
|
@@ -10517,8 +10517,8 @@ RECORDING_SCHEMAS = {
|
|
|
10517
10517
|
"lang_ids": "Detected Languages", "lang_id": "Primary Language",
|
|
10518
10518
|
"mass": "Structural Complexity Mass", "author_distribution": "Author Distribution",
|
|
10519
10519
|
"control_flow_ratio": "Control Flow Ratio",
|
|
10520
|
-
"verification": "
|
|
10521
|
-
"safety_score": "
|
|
10520
|
+
"verification": "Testing & Verification Exposure", "cognitive_load": "Cognitive Load Exposure",
|
|
10521
|
+
"safety_score": "Error & Exception Exposure", "tech_debt": "Technical Debt Exposure",
|
|
10522
10522
|
"spec_match": "Specification Audit Alignment", "churn": "Code Volatility (Churn)",
|
|
10523
10523
|
"documentation": "Documentation Risk Exposure", "api_exposure": "Public API Surface Area",
|
|
10524
10524
|
"state_flux": "State Mutation Exposure", "branch": "Control Flow Branches",
|
|
@@ -10547,28 +10547,27 @@ RECORDING_SCHEMAS = {
|
|
|
10547
10547
|
"cleanup": "Resource Deallocation & Cleanup", "encapsulation": "Private / Encapsulated Scopes",
|
|
10548
10548
|
"listeners": "Event Listeners & Subscribers", "test_skip": "Bypassed / Skipped Tests",
|
|
10549
10549
|
"indent_tabs": "Structural Tab Indentations", "indent_spaces": "Structural Space Indentations",
|
|
10550
|
-
|
|
10551
10550
|
# --- SECURITY LENS UI MAPPINGS (Plain English) ---
|
|
10552
|
-
"sec_heat_triggers": "
|
|
10553
|
-
"sec_safety_neg": "
|
|
10554
|
-
"sec_io": "
|
|
10555
|
-
"sec_danger": "
|
|
10556
|
-
"sec_flux": "Global Environment
|
|
10557
|
-
"sec_graveyard": "Executable
|
|
10558
|
-
"sec_bitwise_hits": "
|
|
10559
|
-
"sec_shadow_imports": "
|
|
10560
|
-
"sec_homoglyphs": "
|
|
10561
|
-
"sec_private_info": "
|
|
10551
|
+
"sec_heat_triggers": "High-Entropy / Obfuscated Logic",
|
|
10552
|
+
"sec_safety_neg": "Safety & Constraint Bypasses",
|
|
10553
|
+
"sec_io": "External Network & I/O Hooks",
|
|
10554
|
+
"sec_danger": "Dynamic Code Execution (Eval/Exec)",
|
|
10555
|
+
"sec_flux": "Global Environment Mutation",
|
|
10556
|
+
"sec_graveyard": "Commented-Out Executable Logic",
|
|
10557
|
+
"sec_bitwise_hits": "Low-Level Bitwise / Cryptographic Math",
|
|
10558
|
+
"sec_shadow_imports": "Non-Standard / Steganographic Imports",
|
|
10559
|
+
"sec_homoglyphs": "Non-Standard Unicode / Homoglyphs",
|
|
10560
|
+
"sec_private_info": "Embedded Credentials & Keys",
|
|
10562
10561
|
|
|
10563
10562
|
# --- VULNERABILITY EXPOSURE MAPPINGS (Plain English) ---
|
|
10564
|
-
"obscured_payload": "
|
|
10565
|
-
"logic_bomb": "
|
|
10566
|
-
"injection_surface": "
|
|
10567
|
-
"memory_corruption": "Memory
|
|
10568
|
-
"secrets_risk": "
|
|
10563
|
+
"obscured_payload": "Obfuscation & Evasion Surface",
|
|
10564
|
+
"logic_bomb": "Exploit Generation Surface",
|
|
10565
|
+
"injection_surface": "Weaponized Injection Vectors",
|
|
10566
|
+
"memory_corruption": "Raw Memory Manipulation",
|
|
10567
|
+
"secrets_risk": "Hardcoded Payload Artifacts"
|
|
10569
10568
|
},
|
|
10570
10569
|
"EXPOSURE_LABELS": {
|
|
10571
|
-
"cognitive_load": "Cognitive Load Exposure", "safety_score": "
|
|
10570
|
+
"cognitive_load": "Cognitive Load Exposure", "safety_score": "Error & Exception Exposure",
|
|
10572
10571
|
"tech_debt": "Tech Debt Exposure", "verification": "Testing Exposure",
|
|
10573
10572
|
"api_exposure": "API Exposure", "concurrency": "Concurrency Exposure",
|
|
10574
10573
|
"state_flux": "State Flux Exposure", "graveyard": "Graveyard Exposure",
|
|
@@ -10577,13 +10576,14 @@ RECORDING_SCHEMAS = {
|
|
|
10577
10576
|
"civil_war": "Civil War Exposure",
|
|
10578
10577
|
|
|
10579
10578
|
# --- SECURITY LENS UI LABELS (Plain English) ---
|
|
10580
|
-
"obscured_payload": "
|
|
10581
|
-
"logic_bomb": "
|
|
10582
|
-
"injection_surface": "
|
|
10583
|
-
"memory_corruption": "Memory
|
|
10584
|
-
"secrets_risk": "
|
|
10579
|
+
"obscured_payload": "Obfuscation & Evasion Surface",
|
|
10580
|
+
"logic_bomb": "Exploit Generation Surface",
|
|
10581
|
+
"injection_surface": "Weaponized Injection Vectors",
|
|
10582
|
+
"memory_corruption": "Raw Memory Manipulation",
|
|
10583
|
+
"secrets_risk": "Hardcoded Payload Artifacts"
|
|
10585
10584
|
}
|
|
10586
10585
|
}
|
|
10586
|
+
|
|
10587
10587
|
# ------------------------------------------------------------------------------
|
|
10588
10588
|
# 6. DIALECTS (Project-Specific Overrides)
|
|
10589
10589
|
# ------------------------------------------------------------------------------
|
|
@@ -248,15 +248,22 @@ class GPURecorder:
|
|
|
248
248
|
project_stories = getattr(config, "PROJECT_STORIES", {})
|
|
249
249
|
|
|
250
250
|
# Grab the specific story, OR generate the blank template
|
|
251
|
+
# Explicitly defining the empty artifacts schema so the external merge script can target the keys
|
|
251
252
|
story_payload = project_stories.get(repo_name, {
|
|
252
253
|
"status": "",
|
|
253
254
|
"why": "",
|
|
254
255
|
"who": "",
|
|
255
256
|
"significance": "",
|
|
256
257
|
"link": "",
|
|
257
|
-
"artifacts": [
|
|
258
|
+
"artifacts": [
|
|
259
|
+
{
|
|
260
|
+
"title": "",
|
|
261
|
+
"url": "",
|
|
262
|
+
"description": ""
|
|
263
|
+
}
|
|
264
|
+
]
|
|
258
265
|
})
|
|
259
|
-
|
|
266
|
+
|
|
260
267
|
return {
|
|
261
268
|
"meta": {
|
|
262
269
|
"schemas": {
|
|
@@ -192,7 +192,7 @@ class LLMRecorder:
|
|
|
192
192
|
lines.append("> * **Structure & Mass:** `branch` (splits), `linear` (paths), `args` (coupling), `func_start` (entry points).")
|
|
193
193
|
lines.append("> * **Risk & Volatility:** `danger` (catastrophic triggers), `flux` (state mutation), `graveyard` (dead code), `safety_neg` (bypassing types).")
|
|
194
194
|
lines.append("> * **Architecture & Domain:** `io` (external latency), `concurrency` (async orchestration), `api` (public surface), `import` (dependencies).")
|
|
195
|
-
lines.append("> * **Defensive Guardrails:** `
|
|
195
|
+
lines.append("> * **Defensive Guardrails:** `Error & Exception handling, `freeze_hits` (immutability), `cleanup` (state destruction).")
|
|
196
196
|
|
|
197
197
|
# --- 2. 13-POINT RISK PHYSICS (THE EQUATIONS) ---
|
|
198
198
|
lines.append("## 2. THE 13-POINT RISK EXPOSURE PHYSICS (EQUATIONS & CONTEXT)")
|
|
@@ -200,7 +200,7 @@ class LLMRecorder:
|
|
|
200
200
|
lines.append("> Most scores use a Sigmoid curve based on density (Hits / LOC) to prevent massive files from mathematically hiding their flaws.")
|
|
201
201
|
lines.append("> ")
|
|
202
202
|
lines.append("> 1. **Cognitive Load Exposure:** Measures the mental effort required for a developer to read and understand the file. `Density(Branches + (Flux * 2) + Async/Danger)` mitigated by `Doc Coverage`. High scores indicate a high density of decision-making, conditional branching, and complex state management packed into a small area.")
|
|
203
|
-
lines.append("> 2. **
|
|
203
|
+
lines.append("> 2. **Error & Exception Risk Exposure:** Measures structural integrity and resilience against runtime errors. `Net Exposure = (Danger + Safety_Neg + Flux) - (Safety + Tests + Docs)`. High scores mean risky operations (dynamic execution, type bypasses, unhandled mutations) exceed defensive guardrails (try/catch blocks, type checks, assertions). **Breach Cap:** If danger density is too high, the score is mathematically floored to a high-risk state regardless of defense. A value of near 30 is near minimum floor as gitgalaxy tests for testing file pairs, testing folders but not actually their contents.")
|
|
204
204
|
lines.append("> 3. **Tech Debt Exposure:** Measures the density of developer-annotated structural stress. `Density(TODOs [1x] + FIXMEs/Hacks [3x] + Empty Stubs [0.5x])`. High scores indicate a high volume of temporary workarounds, fragile logic, and incomplete implementations relative to the file size.")
|
|
205
205
|
lines.append("> 4. **Verification (Testing) Risk Exposure:** Measures the density of unit testing and programmatic assertions. Evaluates `Test Density` + `Sibling Bonus` (if a dedicated test file exists). High scores (100% risk) mean the logic lacks internal test coverage and has no dedicated sibling test file, increasing the risk of silent failures during refactoring. **Mass Penalty:** Files over 300 LOC get an automatic risk penalty because massive files are inherently harder to test completely.")
|
|
206
206
|
lines.append("> 5. **API Risk Exposure:** Measures the public surface area of a module. `Ratio(API Hits / Total Functions & Classes)`. Weighted by logarithmic volume. High scores indicate that a large percentage of the file's functions and classes are explicitly exported or publicly accessible by external systems.")
|
|
@@ -220,7 +220,9 @@ class LLMRecorder:
|
|
|
220
220
|
lines.append("> 17. **Memory Corruption Risk Exposure (memory_corruption):** Measures the density of raw pointer math, manual memory allocations, and forceful casts without mitigations (Buffer Overflows, UAF). Primarily affects C/C++/Rust.")
|
|
221
221
|
lines.append("> 18. **Secrets Risk Exposure (secrets_risk):** Measures the presence of hardcoded credentials (RHS assignments) exposed to logs, globals, or graveyard code. Any score > 0 is a critical alert.")
|
|
222
222
|
lines.append("> ")
|
|
223
|
-
lines.append(">
|
|
223
|
+
lines.append("> **--- STRUCTURAL MAGNITUDE (NOT RISK) ---**")
|
|
224
|
+
lines.append("> **19. Function Magnitude (Impact Score):** Measures the physical footprint and 'heaviness' of a specific function. `((BranchHits + 1) * (Args + 1) + (0.05 * LOC)) * 10`. **This is NOT a risk score.** It measures the volume of decision-making, parameter coupling, and length. High impact means the function is a load-bearing 'Main Character' in the logic.")
|
|
225
|
+
lines.append("> **20. File Magnitude (Total Mass):** Measures the total gravitational pull of a file. `Sum(Function Impacts) + API + Concurrency + Flux + (LOC / 50)`. **This is NOT a risk score.** A massive file simply means it is a heavily connected, structurally dense hub, whereas a lightweight file is a simple utility or config.")
|
|
224
226
|
lines.append("")
|
|
225
227
|
|
|
226
228
|
|
|
@@ -336,7 +338,8 @@ class LLMRecorder:
|
|
|
336
338
|
lines.append("")
|
|
337
339
|
|
|
338
340
|
# --- 8. GOD FUNCTIONS (THE SATELLITES) ---
|
|
339
|
-
lines.append("## 8. SATELLITE HITLIST (
|
|
341
|
+
lines.append("## 8. SATELLITE HITLIST (Heaviest Functions)")
|
|
342
|
+
lines.append("> *Note: The 'Impact' metric below represents Structural Magnitude (complexity, arguments, and length), NOT operational risk. These are the load-bearing pillars of the logic.*\n")
|
|
340
343
|
func_impacts = forensic_report.get("function_impact", {}).get("highest", [])
|
|
341
344
|
if func_impacts:
|
|
342
345
|
for f in func_impacts[:10]:
|
|
@@ -467,9 +470,10 @@ class LLMRecorder:
|
|
|
467
470
|
lines.append("")
|
|
468
471
|
|
|
469
472
|
# ==============================================================================
|
|
470
|
-
# --- 12. VISIBLE MATTER HITLIST (
|
|
473
|
+
# --- 12. VISIBLE MATTER HITLIST (Top 25 Heaviest Files) ---
|
|
471
474
|
# ==============================================================================
|
|
472
475
|
lines.append("## 12. VISIBLE MATTER HITLIST (Top 25 Heaviest Files)")
|
|
476
|
+
lines.append("> *Note: 'Mass' represents the file's total Structural Magnitude and gravitational pull within the system. It is independent of its Risk Profile. High mass implies high structural importance and centralization.*\n")
|
|
473
477
|
sorted_stars = sorted(stars, key=lambda x: x.get("file_impact", 0.0), reverse=True)[:25]
|
|
474
478
|
|
|
475
479
|
# DNA Bucketing Sets
|
|
@@ -610,7 +614,7 @@ class LLMRecorder:
|
|
|
610
614
|
file_count INTEGER,
|
|
611
615
|
total_mass REAL,
|
|
612
616
|
avg_cognitive_load REAL,
|
|
613
|
-
|
|
617
|
+
avg_error_score REAL,
|
|
614
618
|
avg_tech_debt REAL,
|
|
615
619
|
avg_verification REAL
|
|
616
620
|
)
|
|
@@ -658,17 +662,18 @@ class LLMRecorder:
|
|
|
658
662
|
''')
|
|
659
663
|
|
|
660
664
|
const_meta = summary.get("constellations", {})
|
|
665
|
+
|
|
661
666
|
for c_name, c_data in const_meta.items():
|
|
662
667
|
exps = c_data.get("avg_exposures", {})
|
|
663
668
|
cursor.execute('''
|
|
664
|
-
INSERT INTO constellations (name, file_count, total_mass, avg_cognitive_load,
|
|
669
|
+
INSERT INTO constellations (name, file_count, total_mass, avg_cognitive_load, avg_error_score, avg_tech_debt, avg_verification)
|
|
665
670
|
VALUES (?, ?, ?, ?, ?, ?, ?)
|
|
666
671
|
''', (
|
|
667
672
|
c_name,
|
|
668
673
|
c_data.get("file_count", 0),
|
|
669
674
|
c_data.get("total_mass", 0.0),
|
|
670
|
-
exps.get("cognitive_load", 0.0),
|
|
671
|
-
exps.get("safety_score", 0.0),
|
|
675
|
+
exps.get("cognitive_load", 0.0),
|
|
676
|
+
exps.get("safety_score", 0.0), # Keep this as "safety_score" unless you've also renamed the internal dictionary keys upstream
|
|
672
677
|
exps.get("tech_debt", 0.0),
|
|
673
678
|
exps.get("verification", 0.0)
|
|
674
679
|
))
|
|
@@ -989,12 +989,24 @@ class SignalProcessor:
|
|
|
989
989
|
"""Matches path against regex configurations and extracts applicable Modifiers."""
|
|
990
990
|
active_multipliers = {}
|
|
991
991
|
bridge = {
|
|
992
|
-
'Cognitive Load Exposure': 'cog',
|
|
993
|
-
'
|
|
994
|
-
'
|
|
995
|
-
'
|
|
996
|
-
'
|
|
997
|
-
'
|
|
992
|
+
'Cognitive Load Exposure': 'cog',
|
|
993
|
+
'Error & Exception Exposure': 'safety',
|
|
994
|
+
'Tech Debt Exposure': 'debt',
|
|
995
|
+
'Documentation Exposure': 'doc',
|
|
996
|
+
'Testing Exposure': 'test',
|
|
997
|
+
'Dead Code Exposure': 'dead',
|
|
998
|
+
'API Exposure': 'api',
|
|
999
|
+
'Concurrency Exposure': 'async',
|
|
1000
|
+
'State Flux Exposure': 'flux',
|
|
1001
|
+
'Specification Exposure': 'spec',
|
|
1002
|
+
'Churn Exposure': 'churn',
|
|
1003
|
+
|
|
1004
|
+
# --- SECURITY LENSES ---
|
|
1005
|
+
'Obscured Payload Exposure': 'obscured',
|
|
1006
|
+
'Logic Bomb Exposure': 'logic_bomb',
|
|
1007
|
+
'Injection Vector Exposure': 'injection',
|
|
1008
|
+
'Memory Corruption Exposure': 'memory',
|
|
1009
|
+
'Hardcoded Secrets Exposure': 'secrets'
|
|
998
1010
|
}
|
|
999
1011
|
|
|
1000
1012
|
for category, modifiers in self.path_modifiers.items():
|
|
@@ -1,15 +1,20 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: gitgalaxy
|
|
3
|
-
Version: 1.1.
|
|
3
|
+
Version: 1.1.3
|
|
4
4
|
Summary: A high-speed static analysis engine that sequences source code like DNA to map architectural risk and security threats.
|
|
5
5
|
Author: Joe Esquibel
|
|
6
|
-
License: PolyForm Noncommercial License 1.0.0
|
|
7
6
|
Project-URL: Homepage, https://gitgalaxy.io
|
|
8
7
|
Project-URL: Source, https://github.com/squid-protocol/gitgalaxy
|
|
8
|
+
Project-URL: Tracker, https://github.com/squid-protocol/gitgalaxy/issues
|
|
9
|
+
Keywords: static-analysis,security,threat-hunting,visualization,ast,zero-trust,webgpu,architecture
|
|
9
10
|
Classifier: Programming Language :: Python :: 3
|
|
10
|
-
Classifier: License :: Other/Proprietary License
|
|
11
11
|
Classifier: Operating System :: OS Independent
|
|
12
|
+
Classifier: Environment :: Console
|
|
13
|
+
Classifier: Topic :: Security
|
|
14
|
+
Classifier: Topic :: Software Development :: Quality Assurance
|
|
15
|
+
Classifier: Topic :: Scientific/Engineering :: Visualization
|
|
12
16
|
Classifier: Intended Audience :: Developers
|
|
17
|
+
Classifier: Intended Audience :: Information Technology
|
|
13
18
|
Requires-Python: >=3.8
|
|
14
19
|
Description-Content-Type: text/markdown
|
|
15
20
|
License-File: LICENSE
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
[build-system]
|
|
2
|
+
requires = ["setuptools>=61.0"]
|
|
3
|
+
build-backend = "setuptools.build_meta"
|
|
4
|
+
|
|
5
|
+
[project]
|
|
6
|
+
name = "gitgalaxy"
|
|
7
|
+
version = "1.1.3"
|
|
8
|
+
authors = [
|
|
9
|
+
{ name="Joe Esquibel" },
|
|
10
|
+
]
|
|
11
|
+
description = "A high-speed static analysis engine that sequences source code like DNA to map architectural risk and security threats."
|
|
12
|
+
readme = "README.md"
|
|
13
|
+
requires-python = ">=3.8"
|
|
14
|
+
|
|
15
|
+
# THE FIX: Point directly to the file instead of using the deprecated dictionary table.
|
|
16
|
+
# This clears the first massive Setuptools warning.
|
|
17
|
+
license-files = ["LICENSE"]
|
|
18
|
+
|
|
19
|
+
keywords = [
|
|
20
|
+
"static-analysis",
|
|
21
|
+
"security",
|
|
22
|
+
"threat-hunting",
|
|
23
|
+
"visualization",
|
|
24
|
+
"ast",
|
|
25
|
+
"zero-trust",
|
|
26
|
+
"webgpu",
|
|
27
|
+
"architecture"
|
|
28
|
+
]
|
|
29
|
+
|
|
30
|
+
# THE FIX: Removed the deprecated "License :: Other/Proprietary License" classifier.
|
|
31
|
+
# This clears the second massive Setuptools warning.
|
|
32
|
+
classifiers = [
|
|
33
|
+
"Programming Language :: Python :: 3",
|
|
34
|
+
"Operating System :: OS Independent",
|
|
35
|
+
"Environment :: Console",
|
|
36
|
+
"Topic :: Security",
|
|
37
|
+
"Topic :: Software Development :: Quality Assurance",
|
|
38
|
+
"Topic :: Scientific/Engineering :: Visualization",
|
|
39
|
+
"Intended Audience :: Developers",
|
|
40
|
+
"Intended Audience :: Information Technology",
|
|
41
|
+
]
|
|
42
|
+
|
|
43
|
+
dependencies = []
|
|
44
|
+
|
|
45
|
+
[project.urls]
|
|
46
|
+
"Homepage" = "https://gitgalaxy.io"
|
|
47
|
+
"Source" = "https://github.com/squid-protocol/gitgalaxy"
|
|
48
|
+
"Tracker" = "https://github.com/squid-protocol/gitgalaxy/issues"
|
|
49
|
+
|
|
50
|
+
[project.scripts]
|
|
51
|
+
# THE RENAME: Updated the CLI command from 'galaxyscope' to 'blast'
|
|
52
|
+
# to align with your new engine branding.
|
|
53
|
+
blast = "gitgalaxy.galaxyscope:main"
|
|
54
|
+
|
|
55
|
+
[tool.setuptools.packages.find]
|
|
56
|
+
include = ["gitgalaxy*"]
|
gitgalaxy-1.1.2/pyproject.toml
DELETED
|
@@ -1,33 +0,0 @@
|
|
|
1
|
-
[build-system]
|
|
2
|
-
requires = ["setuptools>=61.0"]
|
|
3
|
-
build-backend = "setuptools.build_meta"
|
|
4
|
-
|
|
5
|
-
[project]
|
|
6
|
-
name = "gitgalaxy"
|
|
7
|
-
version = "1.1.2"
|
|
8
|
-
authors = [
|
|
9
|
-
{ name="Joe Esquibel" },
|
|
10
|
-
]
|
|
11
|
-
description = "A high-speed static analysis engine that sequences source code like DNA to map architectural risk and security threats."
|
|
12
|
-
readme = "README.md"
|
|
13
|
-
requires-python = ">=3.8"
|
|
14
|
-
# Updated to standard license text format to clear the warning
|
|
15
|
-
license = {text = "PolyForm Noncommercial License 1.0.0"}
|
|
16
|
-
classifiers = [
|
|
17
|
-
"Programming Language :: Python :: 3",
|
|
18
|
-
"License :: Other/Proprietary License",
|
|
19
|
-
"Operating System :: OS Independent",
|
|
20
|
-
"Intended Audience :: Developers",
|
|
21
|
-
]
|
|
22
|
-
dependencies = []
|
|
23
|
-
|
|
24
|
-
[project.urls]
|
|
25
|
-
"Homepage" = "https://gitgalaxy.io"
|
|
26
|
-
"Source" = "https://github.com/squid-protocol/gitgalaxy"
|
|
27
|
-
|
|
28
|
-
[project.scripts]
|
|
29
|
-
galaxyscope = "gitgalaxy.galaxyscope:main"
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
[tool.setuptools.packages.find]
|
|
33
|
-
include = ["gitgalaxy*"] # Tells the builder to ONLY grab this folder
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|