gitgalaxy 2.0.3__tar.gz → 2.0.5__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {gitgalaxy-2.0.3/gitgalaxy.egg-info → gitgalaxy-2.0.5}/PKG-INFO +40 -31
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/README.md +37 -28
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/cobol_refractor_controller.py +9 -9
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/cobol_to_java_controller.py +6 -6
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/core/aperture.py +1 -1
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/galaxyscope.py +21 -10
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/physics/spectral_auditor.py +1 -1
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/recorders/audit_recorder.py +1 -1
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/recorders/llm_recorder.py +2 -2
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/security/security_lens.py +2 -28
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/compliance/sbom_generator.py +68 -1
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/supply_chain_security/supply_chain_firewall.py +2 -2
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/terabyte_log_scanning/terabyte_log_scanner.py +15 -3
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5/gitgalaxy.egg-info}/PKG-INFO +40 -31
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy.egg-info/SOURCES.txt +2 -1
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/pyproject.toml +3 -5
- gitgalaxy-2.0.5/tests/test_galaxyscope.py +61 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/LICENSE +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/MANIFEST.in +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/__init__.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/core/__init__.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/core/detector.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/core/guidestar_lens.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/core/network_risk_sensor.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/core/prism.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/core/state_rehydrator.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/physics/__init__.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/physics/chronometer.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/physics/neural_auditor.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/physics/signal_processor.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/recorders/__init__.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/recorders/gpu_recorder.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/recorders/record_keeper.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/security/__init__.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/security/security_auditor.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/standards/__init__.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/standards/analysis_lens.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/standards/gitgalaxy_config.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/standards/language_lens.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/standards/language_standards.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/__init__.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/ai_guardrails/ai_appsec_sensor.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/ai_guardrails/dev_agent_firewall.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_cobol/cobol_agent_task_forge.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_cobol/cobol_compiler_forge.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_cobol/cobol_dag_architect.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_cobol/cobol_etl_unpacker.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_cobol/cobol_graveyard_finder.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_cobol/cobol_jcl_auditor.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_cobol/cobol_jcl_forge.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_cobol/cobol_lexical_patcher.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_cobol/cobol_microservice_slicer.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_cobol/cobol_schema_forge.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_cobol/cobol_system_limits_reporter.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_java/batch_test_harness.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_java/cobol_to_java_agent_forge.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_java/cobol_to_java_api_contract_forge.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_java/cobol_to_java_build_forge.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_java/cobol_to_java_decoder_forge.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_java/cobol_to_java_service_forge.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_java/cobol_to_java_spring_forge.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/network_auditing/full_api_network_map.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/supply_chain_security/binary_anomaly_detector.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/supply_chain_security/vault_sentinel.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/terabyte_log_scanning/pii_leak_hunter.py +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy.egg-info/dependency_links.txt +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy.egg-info/entry_points.txt +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy.egg-info/top_level.txt +0 -0
- {gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/setup.cfg +0 -0
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: gitgalaxy
|
|
3
|
-
Version: 2.0.
|
|
3
|
+
Version: 2.0.5
|
|
4
4
|
Summary: An AST-free, zero-trust static analysis engine for mapping architectural risk, securing CI/CD pipelines, and modernizing legacy monoliths.
|
|
5
|
-
Author:
|
|
5
|
+
Author: Joe Esquibel
|
|
6
6
|
Project-URL: Homepage, https://gitgalaxy.io
|
|
7
7
|
Project-URL: Documentation, https://squid-protocol.github.io/gitgalaxy/
|
|
8
8
|
Project-URL: Source, https://github.com/squid-protocol/gitgalaxy
|
|
@@ -16,7 +16,7 @@ Classifier: Topic :: Software Development :: Quality Assurance
|
|
|
16
16
|
Classifier: Topic :: Scientific/Engineering :: Visualization
|
|
17
17
|
Classifier: Intended Audience :: Developers
|
|
18
18
|
Classifier: Intended Audience :: Information Technology
|
|
19
|
-
Requires-Python: >=3.
|
|
19
|
+
Requires-Python: >=3.9
|
|
20
20
|
Description-Content-Type: text/markdown
|
|
21
21
|
License-File: LICENSE
|
|
22
22
|
Dynamic: license-file
|
|
@@ -38,32 +38,36 @@ Dynamic: license-file
|
|
|
38
38
|
[](https://pypi.org/project/gitgalaxy/)
|
|
39
39
|
[](#)
|
|
40
40
|
|
|
41
|
-
### **
|
|
41
|
+
### **AST-Free Static Analysis & Knowledge Graph Engine**
|
|
42
42
|
|
|
43
|
-
The blAST (Bypassing LLMs and ASTs) engine is a custom-made knowledge graph engine that resolves repositories at the function level. It scores each function based on 50 unique metrics, rolls that data up to score the file, and finally summarizes the entire repository.
|
|
43
|
+
The blAST (Bypassing LLMs and ASTs) engine is a custom-made knowledge graph engine that resolves repositories at the function level. It scores each function based on 50 unique metrics, rolls that data up to score the file, and finally summarizes the entire repository.
|
|
44
44
|
|
|
45
|
-
|
|
45
|
+
### Scanning Apollo-11 with the blAST Engine
|
|
46
46
|
|
|
47
|
-
|
|
47
|
+

|
|
48
|
+
|
|
49
|
+
By utilizing a custom engine, we retain full control over the search space. We built it to be exceptionally fast, capable of assessing your entire repository without requiring compilable code—a fundamental limitation of standard Abstract Syntax Trees (ASTs). ASTs are great for finding missing commas and memory overflows, but they miss the forest for the trees when generating knowledge graphs. LLMs, on the other hand, suffer from hallucination during large context windows and yield probabilistic, fluctuating answers.
|
|
50
|
+
|
|
51
|
+
The blAST engine solves this. Because all programming languages utilize keywords and functions, our engine treats code files as text, scanning for these structural anchors to build a deterministic 3D knowledge graph. It seamlessly handles mid-file language switching, assesses the architectural ratio of test files to logic, and extracts invaluable project structure data that ASTs ignore.
|
|
48
52
|
|
|
49
53
|
Every assumption our system makes has been abstracted into over 300 tunable variables. Think of GitGalaxy as a highly calibrated telescope. You can query the number of active API network nodes, isolate unique external imports, or highlight functions exhibiting extreme cognitive load—all adjusted via custom whitelists and blacklists to eliminate false-positive fatigue. Field-tested on over 1,000 repositories spanning 50+ languages and 250+ extensions, the engine comes equipped with smart defaults ready for immediate deployment.
|
|
50
54
|
|
|
51
|
-
**Core Technology**
|
|
55
|
+
**Core Codebase Mapping Technology**
|
|
52
56
|
* Bypasses LLMs and rigid ASTs.
|
|
53
57
|
* Doesn't require code to compile (AST-free).
|
|
54
58
|
* Produces full function-to-function call chains.
|
|
55
59
|
* Deterministically maps code by 60+ keyword regex profiles (Structural markers, I/O intents, state mutations).
|
|
56
|
-
* Regex keyword profiles allow us to classify functions, files, classes, folders and repos.
|
|
60
|
+
* Regex keyword profiles allow us to classify functions, files, classes, folders and repos.
|
|
57
61
|
* Eliminates LLM architectural hallucinations and context window limits.
|
|
58
62
|
* Scans 50+ languages, 250+ extensions, fully folder-aware. **([How to add a language in 1 minute and 1 prompt](gitgalaxy/standards/HOW_TO_ADD_LANGUAGE.md))**
|
|
59
63
|
|
|
60
|
-
**
|
|
64
|
+
**Enterprise Scale & Performance Metrics**
|
|
61
65
|
* 100,000 LOC/sec code analysis.
|
|
62
66
|
* 0.07 GB/sec raw log ingestion.
|
|
63
67
|
* Full-system scans in minutes without data sampling.
|
|
64
68
|
* 100% daily system coverage.
|
|
65
69
|
|
|
66
|
-
**
|
|
70
|
+
**Methodology & Comparative Benchmarks**
|
|
67
71
|
GitGalaxy is backed by an academic-grade thesis detailing the equations powering the blAST engine.
|
|
68
72
|
|
|
69
73
|
* **[Optimum Search Strategies Evolve](https://squid-protocol.github.io/gitgalaxy/03-01-claim-1-search-strategies/):** AST-free mapping. Outperforms rigid parsers and LLM context windows.
|
|
@@ -71,15 +75,14 @@ GitGalaxy is backed by an academic-grade thesis detailing the equations powering
|
|
|
71
75
|
* **[All languages have keywords that roughly do the same thing, these can be grouped to make cross-language keyword maps](https://squid-protocol.github.io/gitgalaxy/03-03-claim-3-taxonomy-map/):** Standardizes 50+ languages into a single universal physical framework.
|
|
72
76
|
* **[Cross-Language Comparisons of over 1000 repos](https://squid-protocol.github.io/gitgalaxy/03-04-claim-4-comparing-languages/):** Deterministic 1:1 benchmarking of distinct syntax architectures.
|
|
73
77
|
* **[Universal File Archetypes by k-means clustering](https://squid-protocol.github.io/gitgalaxy/03-05-claim-5-file-archetypes/):** ML isolation of files into K-means clusters (e.g., "The God Nodes," "Declarative Glue").
|
|
74
|
-
* **[
|
|
75
|
-
* **Mainframe Proven:** Successful from-scratch translation of legacy COBOL monoliths to compiling Spring Boot architectures.
|
|
78
|
+
* **[Mainframe Proven: 100% CI/CD Translation Success Rate](https://github.com/squid-protocol/gitgalaxy/tree/main/examples/ibm_cics_translation):** Flawless architectural translation of 27 distinct legacy COBOL repositories (including IBM CICS benchmark apps) into compiling Java Spring Boot environments.
|
|
76
79
|
|
|
77
|
-
**
|
|
80
|
+
**Data Privacy & On-Premise Deployment**
|
|
78
81
|
* 100% air-gapped execution.
|
|
79
82
|
* On-premise deployment with zero IP exfiltration risk.
|
|
80
83
|
* Zero-trust processing model.
|
|
81
84
|
|
|
82
|
-
**
|
|
85
|
+
**Installation & Usage**
|
|
83
86
|
* Python-based: `pip install gitgalaxy`
|
|
84
87
|
* CLI execution
|
|
85
88
|
* Outputs forensic JSONs (optimized for AI-agent summary reports) and a native SQLite3 database for robust querying and storage.
|
|
@@ -88,7 +91,7 @@ GitGalaxy is backed by an academic-grade thesis detailing the equations powering
|
|
|
88
91
|
|
|
89
92
|
---
|
|
90
93
|
|
|
91
|
-
## Quickstart
|
|
94
|
+
## Quickstart Guide
|
|
92
95
|
|
|
93
96
|
### 1. Install
|
|
94
97
|
|
|
@@ -107,39 +110,45 @@ galaxyscope /path/to/your/local/repo
|
|
|
107
110
|
|
|
108
111
|
---
|
|
109
112
|
|
|
110
|
-
### [
|
|
113
|
+
### [GitGalaxy Core Analysis Engine](docs/wiki/01-project-overview.md)
|
|
111
114
|
The central blAST engine. It bypasses rigid ASTs using mathematical heuristics to map O(N) multi-dimensional relationships across 50+ languages, managing signal processing, spatial layout, and high-speed SQLite telemetry recording.
|
|
112
115
|
|
|
113
116
|
|
|
114
117
|
|
|
115
|
-
##
|
|
118
|
+
## Enterprise Codebase Tools & Use Cases
|
|
116
119
|
|
|
117
|
-
GitGalaxy operates on a modular Hub-and-Spoke architecture. While the core engine provides the overarching physics and cartography, our specialized toolsets leverage that deterministic graph to execute enterprise-grade operations.
|
|
120
|
+
GitGalaxy operates on a modular Hub-and-Spoke architecture. While the core engine provides the overarching physics and cartography, our specialized toolsets leverage that deterministic graph to execute enterprise-grade operations.
|
|
118
121
|
|
|
119
|
-
### [Legacy
|
|
122
|
+
### [Automated Legacy Migration: COBOL to Java Spring Boot](gitgalaxy/tools/cobol_to_java/)
|
|
120
123
|
A deterministic, high-fidelity translation pipeline. It converts legacy COBOL into fully compiling, modern Spring Boot architectures, mapping memory exactly and scaffolding JPA entities, REST controllers, and Maven builds before utilizing AI to translate isolated business logic.
|
|
124
|
+
* **Proven Metric:** Achieved a perfect 27/27 Maven compile success rate across a batch test of distinct legacy repos.
|
|
125
|
+
* **Verify for Yourself:** [Inspect the raw outputs of the IBM CICS Application Translation here.](examples/ibm_cics_translation/)
|
|
121
126
|
|
|
122
|
-
|
|
127
|
+

|
|
128
|
+
|
|
129
|
+
### [Mainframe Refactoring: COBOL & JCL Optimization](gitgalaxy/tools/cobol_to_cobol/)
|
|
123
130
|
A mathematical x-ray suite for sanitizing mainframe monoliths. It safely neutralizes legacy lexical traps, extracts dead "Graveyard" memory, maps topological DAG execution orders, and generates Zero-Trust JCL configurations for modern cloud deployments.
|
|
131
|
+
* **Proven Metric:** The Graveyard Reaper engine extracted over 6,700 lines of dead execution blocks and orphaned variables from the standard IBM CICS benchmark app in seconds.
|
|
124
132
|
|
|
125
|
-
### [Supply Chain Security](gitgalaxy/tools/supply_chain_security/)
|
|
133
|
+
### [Software Supply Chain Security & Pre-Commit Firewalls](gitgalaxy/tools/supply_chain_security/)
|
|
126
134
|
Extreme-velocity pre-commit firewalls. Instead of trusting manifest files, it scans physical internals to block steganography, sub-atomic XOR decryption loops, homoglyph typosquatting, and exposed cryptographic vaults before they ever enter your CI/CD pipeline.
|
|
127
135
|
|
|
128
|
-
### [
|
|
136
|
+
### [Zero-Trust SBOM Generation & Dependency Auditing](gitgalaxy/tools/compliance/)
|
|
137
|
+
A Zero-Trust Software Bill of Materials (SBOM) generator. It refuses to blindly trust `package.json` or `requirements.txt` files, instead locating the physical dependencies on disk, mathematically verifying their entropy and linguistic identity, and generating strict CycloneDX 1.4 JSON reports.
|
|
138
|
+
* **Proven Metric:** Successfully mapped and mathematically verified the physical internals of 170 unique Go modules inside the local Kubernetes repository.
|
|
139
|
+
|
|
140
|
+
### [API Security & Shadow API Detection](gitgalaxy/tools/network_auditing/)
|
|
129
141
|
A deterministic mapping tool that hunts undocumented vulnerabilities. It uses structural regex to find active physical routing logic (Express, Spring Boot, FastAPI) and applies set theory against official OpenAPI/Swagger documentation to isolate critical Shadow APIs and outdated Ghost APIs.
|
|
130
142
|
|
|
131
|
-
### [
|
|
143
|
+
### [High-Speed PII Detection & Log Analysis](gitgalaxy/tools/terabyte_log_scanning/)
|
|
132
144
|
Unindexed, tactical log analysis operating at 0.07 GB/sec. It streams massive database dumps to deterministically hunt and mask PII (Credit Cards, SSNs, AWS Keys) and uses static architecture maps to prove exact runtime execution frequencies with ASCII time-series histograms.
|
|
133
145
|
|
|
134
|
-
### [
|
|
135
|
-
A Zero-Trust Software Bill of Materials (SBOM) generator. It refuses to blindly trust `package.json` or `requirements.txt` files, instead locating the physical dependencies on disk, mathematically verifying their entropy and linguistic identity, and generating strict CycloneDX 1.4 JSON reports.
|
|
136
|
-
|
|
137
|
-
### [AI Guardrails](gitgalaxy/tools/ai_guardrails/)
|
|
146
|
+
### [AI Agent Guardrails & Codebase Protection](gitgalaxy/tools/ai_guardrails/)
|
|
138
147
|
Specialized keyword sensors protecting both your application and your codebase. The AppSec Sensor detects weaponized LLM features (RCE funnels, exfiltration risks), while the Dev Agent Firewall evaluates token mass and blast radius to restrict autonomous coding agents from modifying dangerous over context token-draining files. Helps identify which files need to be chunked to reduce context overload.
|
|
139
148
|
|
|
140
|
-
##
|
|
149
|
+
## Local Browser-Based 3D Codebase Visualization
|
|
141
150
|
|
|
142
|
-
If you prefer visual analytics, we've built a non-numerical dashboard where each file represents a star, sized and colored according to specific risk metrics.
|
|
151
|
+
If you prefer visual analytics, we've built a non-numerical dashboard where each file represents a star, sized and colored according to specific risk metrics.
|
|
143
152
|
|
|
144
153
|
Simply drag and drop your generated `your_repo_GPU_galaxy.json` file (or a `.zip` of your raw repository) directly into [GitGalaxy.io](https://gitgalaxy.io/). All rendering and scanning happens entirely in your browser's local memory.
|
|
145
154
|
|
|
@@ -147,7 +156,7 @@ Simply drag and drop your generated `your_repo_GPU_galaxy.json` file (or a `.zip
|
|
|
147
156
|
|
|
148
157
|

|
|
149
158
|
|
|
150
|
-
## Zero-Trust
|
|
159
|
+
## Zero-Trust Data Security
|
|
151
160
|
|
|
152
161
|
Your code never leaves your machine. GitGalaxy performs 100% of its scanning and vectorization locally.
|
|
153
162
|
|
|
@@ -15,32 +15,36 @@
|
|
|
15
15
|
[](https://pypi.org/project/gitgalaxy/)
|
|
16
16
|
[](#)
|
|
17
17
|
|
|
18
|
-
### **
|
|
18
|
+
### **AST-Free Static Analysis & Knowledge Graph Engine**
|
|
19
19
|
|
|
20
|
-
The blAST (Bypassing LLMs and ASTs) engine is a custom-made knowledge graph engine that resolves repositories at the function level. It scores each function based on 50 unique metrics, rolls that data up to score the file, and finally summarizes the entire repository.
|
|
20
|
+
The blAST (Bypassing LLMs and ASTs) engine is a custom-made knowledge graph engine that resolves repositories at the function level. It scores each function based on 50 unique metrics, rolls that data up to score the file, and finally summarizes the entire repository.
|
|
21
21
|
|
|
22
|
-
|
|
22
|
+
### Scanning Apollo-11 with the blAST Engine
|
|
23
23
|
|
|
24
|
-
|
|
24
|
+

|
|
25
|
+
|
|
26
|
+
By utilizing a custom engine, we retain full control over the search space. We built it to be exceptionally fast, capable of assessing your entire repository without requiring compilable code—a fundamental limitation of standard Abstract Syntax Trees (ASTs). ASTs are great for finding missing commas and memory overflows, but they miss the forest for the trees when generating knowledge graphs. LLMs, on the other hand, suffer from hallucination during large context windows and yield probabilistic, fluctuating answers.
|
|
27
|
+
|
|
28
|
+
The blAST engine solves this. Because all programming languages utilize keywords and functions, our engine treats code files as text, scanning for these structural anchors to build a deterministic 3D knowledge graph. It seamlessly handles mid-file language switching, assesses the architectural ratio of test files to logic, and extracts invaluable project structure data that ASTs ignore.
|
|
25
29
|
|
|
26
30
|
Every assumption our system makes has been abstracted into over 300 tunable variables. Think of GitGalaxy as a highly calibrated telescope. You can query the number of active API network nodes, isolate unique external imports, or highlight functions exhibiting extreme cognitive load—all adjusted via custom whitelists and blacklists to eliminate false-positive fatigue. Field-tested on over 1,000 repositories spanning 50+ languages and 250+ extensions, the engine comes equipped with smart defaults ready for immediate deployment.
|
|
27
31
|
|
|
28
|
-
**Core Technology**
|
|
32
|
+
**Core Codebase Mapping Technology**
|
|
29
33
|
* Bypasses LLMs and rigid ASTs.
|
|
30
34
|
* Doesn't require code to compile (AST-free).
|
|
31
35
|
* Produces full function-to-function call chains.
|
|
32
36
|
* Deterministically maps code by 60+ keyword regex profiles (Structural markers, I/O intents, state mutations).
|
|
33
|
-
* Regex keyword profiles allow us to classify functions, files, classes, folders and repos.
|
|
37
|
+
* Regex keyword profiles allow us to classify functions, files, classes, folders and repos.
|
|
34
38
|
* Eliminates LLM architectural hallucinations and context window limits.
|
|
35
39
|
* Scans 50+ languages, 250+ extensions, fully folder-aware. **([How to add a language in 1 minute and 1 prompt](gitgalaxy/standards/HOW_TO_ADD_LANGUAGE.md))**
|
|
36
40
|
|
|
37
|
-
**
|
|
41
|
+
**Enterprise Scale & Performance Metrics**
|
|
38
42
|
* 100,000 LOC/sec code analysis.
|
|
39
43
|
* 0.07 GB/sec raw log ingestion.
|
|
40
44
|
* Full-system scans in minutes without data sampling.
|
|
41
45
|
* 100% daily system coverage.
|
|
42
46
|
|
|
43
|
-
**
|
|
47
|
+
**Methodology & Comparative Benchmarks**
|
|
44
48
|
GitGalaxy is backed by an academic-grade thesis detailing the equations powering the blAST engine.
|
|
45
49
|
|
|
46
50
|
* **[Optimum Search Strategies Evolve](https://squid-protocol.github.io/gitgalaxy/03-01-claim-1-search-strategies/):** AST-free mapping. Outperforms rigid parsers and LLM context windows.
|
|
@@ -48,15 +52,14 @@ GitGalaxy is backed by an academic-grade thesis detailing the equations powering
|
|
|
48
52
|
* **[All languages have keywords that roughly do the same thing, these can be grouped to make cross-language keyword maps](https://squid-protocol.github.io/gitgalaxy/03-03-claim-3-taxonomy-map/):** Standardizes 50+ languages into a single universal physical framework.
|
|
49
53
|
* **[Cross-Language Comparisons of over 1000 repos](https://squid-protocol.github.io/gitgalaxy/03-04-claim-4-comparing-languages/):** Deterministic 1:1 benchmarking of distinct syntax architectures.
|
|
50
54
|
* **[Universal File Archetypes by k-means clustering](https://squid-protocol.github.io/gitgalaxy/03-05-claim-5-file-archetypes/):** ML isolation of files into K-means clusters (e.g., "The God Nodes," "Declarative Glue").
|
|
51
|
-
* **[
|
|
52
|
-
* **Mainframe Proven:** Successful from-scratch translation of legacy COBOL monoliths to compiling Spring Boot architectures.
|
|
55
|
+
* **[Mainframe Proven: 100% CI/CD Translation Success Rate](https://github.com/squid-protocol/gitgalaxy/tree/main/examples/ibm_cics_translation):** Flawless architectural translation of 27 distinct legacy COBOL repositories (including IBM CICS benchmark apps) into compiling Java Spring Boot environments.
|
|
53
56
|
|
|
54
|
-
**
|
|
57
|
+
**Data Privacy & On-Premise Deployment**
|
|
55
58
|
* 100% air-gapped execution.
|
|
56
59
|
* On-premise deployment with zero IP exfiltration risk.
|
|
57
60
|
* Zero-trust processing model.
|
|
58
61
|
|
|
59
|
-
**
|
|
62
|
+
**Installation & Usage**
|
|
60
63
|
* Python-based: `pip install gitgalaxy`
|
|
61
64
|
* CLI execution
|
|
62
65
|
* Outputs forensic JSONs (optimized for AI-agent summary reports) and a native SQLite3 database for robust querying and storage.
|
|
@@ -65,7 +68,7 @@ GitGalaxy is backed by an academic-grade thesis detailing the equations powering
|
|
|
65
68
|
|
|
66
69
|
---
|
|
67
70
|
|
|
68
|
-
## Quickstart
|
|
71
|
+
## Quickstart Guide
|
|
69
72
|
|
|
70
73
|
### 1. Install
|
|
71
74
|
|
|
@@ -84,39 +87,45 @@ galaxyscope /path/to/your/local/repo
|
|
|
84
87
|
|
|
85
88
|
---
|
|
86
89
|
|
|
87
|
-
### [
|
|
90
|
+
### [GitGalaxy Core Analysis Engine](docs/wiki/01-project-overview.md)
|
|
88
91
|
The central blAST engine. It bypasses rigid ASTs using mathematical heuristics to map O(N) multi-dimensional relationships across 50+ languages, managing signal processing, spatial layout, and high-speed SQLite telemetry recording.
|
|
89
92
|
|
|
90
93
|
|
|
91
94
|
|
|
92
|
-
##
|
|
95
|
+
## Enterprise Codebase Tools & Use Cases
|
|
93
96
|
|
|
94
|
-
GitGalaxy operates on a modular Hub-and-Spoke architecture. While the core engine provides the overarching physics and cartography, our specialized toolsets leverage that deterministic graph to execute enterprise-grade operations.
|
|
97
|
+
GitGalaxy operates on a modular Hub-and-Spoke architecture. While the core engine provides the overarching physics and cartography, our specialized toolsets leverage that deterministic graph to execute enterprise-grade operations.
|
|
95
98
|
|
|
96
|
-
### [Legacy
|
|
99
|
+
### [Automated Legacy Migration: COBOL to Java Spring Boot](gitgalaxy/tools/cobol_to_java/)
|
|
97
100
|
A deterministic, high-fidelity translation pipeline. It converts legacy COBOL into fully compiling, modern Spring Boot architectures, mapping memory exactly and scaffolding JPA entities, REST controllers, and Maven builds before utilizing AI to translate isolated business logic.
|
|
101
|
+
* **Proven Metric:** Achieved a perfect 27/27 Maven compile success rate across a batch test of distinct legacy repos.
|
|
102
|
+
* **Verify for Yourself:** [Inspect the raw outputs of the IBM CICS Application Translation here.](examples/ibm_cics_translation/)
|
|
98
103
|
|
|
99
|
-
|
|
104
|
+

|
|
105
|
+
|
|
106
|
+
### [Mainframe Refactoring: COBOL & JCL Optimization](gitgalaxy/tools/cobol_to_cobol/)
|
|
100
107
|
A mathematical x-ray suite for sanitizing mainframe monoliths. It safely neutralizes legacy lexical traps, extracts dead "Graveyard" memory, maps topological DAG execution orders, and generates Zero-Trust JCL configurations for modern cloud deployments.
|
|
108
|
+
* **Proven Metric:** The Graveyard Reaper engine extracted over 6,700 lines of dead execution blocks and orphaned variables from the standard IBM CICS benchmark app in seconds.
|
|
101
109
|
|
|
102
|
-
### [Supply Chain Security](gitgalaxy/tools/supply_chain_security/)
|
|
110
|
+
### [Software Supply Chain Security & Pre-Commit Firewalls](gitgalaxy/tools/supply_chain_security/)
|
|
103
111
|
Extreme-velocity pre-commit firewalls. Instead of trusting manifest files, it scans physical internals to block steganography, sub-atomic XOR decryption loops, homoglyph typosquatting, and exposed cryptographic vaults before they ever enter your CI/CD pipeline.
|
|
104
112
|
|
|
105
|
-
### [
|
|
113
|
+
### [Zero-Trust SBOM Generation & Dependency Auditing](gitgalaxy/tools/compliance/)
|
|
114
|
+
A Zero-Trust Software Bill of Materials (SBOM) generator. It refuses to blindly trust `package.json` or `requirements.txt` files, instead locating the physical dependencies on disk, mathematically verifying their entropy and linguistic identity, and generating strict CycloneDX 1.4 JSON reports.
|
|
115
|
+
* **Proven Metric:** Successfully mapped and mathematically verified the physical internals of 170 unique Go modules inside the local Kubernetes repository.
|
|
116
|
+
|
|
117
|
+
### [API Security & Shadow API Detection](gitgalaxy/tools/network_auditing/)
|
|
106
118
|
A deterministic mapping tool that hunts undocumented vulnerabilities. It uses structural regex to find active physical routing logic (Express, Spring Boot, FastAPI) and applies set theory against official OpenAPI/Swagger documentation to isolate critical Shadow APIs and outdated Ghost APIs.
|
|
107
119
|
|
|
108
|
-
### [
|
|
120
|
+
### [High-Speed PII Detection & Log Analysis](gitgalaxy/tools/terabyte_log_scanning/)
|
|
109
121
|
Unindexed, tactical log analysis operating at 0.07 GB/sec. It streams massive database dumps to deterministically hunt and mask PII (Credit Cards, SSNs, AWS Keys) and uses static architecture maps to prove exact runtime execution frequencies with ASCII time-series histograms.
|
|
110
122
|
|
|
111
|
-
### [
|
|
112
|
-
A Zero-Trust Software Bill of Materials (SBOM) generator. It refuses to blindly trust `package.json` or `requirements.txt` files, instead locating the physical dependencies on disk, mathematically verifying their entropy and linguistic identity, and generating strict CycloneDX 1.4 JSON reports.
|
|
113
|
-
|
|
114
|
-
### [AI Guardrails](gitgalaxy/tools/ai_guardrails/)
|
|
123
|
+
### [AI Agent Guardrails & Codebase Protection](gitgalaxy/tools/ai_guardrails/)
|
|
115
124
|
Specialized keyword sensors protecting both your application and your codebase. The AppSec Sensor detects weaponized LLM features (RCE funnels, exfiltration risks), while the Dev Agent Firewall evaluates token mass and blast radius to restrict autonomous coding agents from modifying dangerous over context token-draining files. Helps identify which files need to be chunked to reduce context overload.
|
|
116
125
|
|
|
117
|
-
##
|
|
126
|
+
## Local Browser-Based 3D Codebase Visualization
|
|
118
127
|
|
|
119
|
-
If you prefer visual analytics, we've built a non-numerical dashboard where each file represents a star, sized and colored according to specific risk metrics.
|
|
128
|
+
If you prefer visual analytics, we've built a non-numerical dashboard where each file represents a star, sized and colored according to specific risk metrics.
|
|
120
129
|
|
|
121
130
|
Simply drag and drop your generated `your_repo_GPU_galaxy.json` file (or a `.zip` of your raw repository) directly into [GitGalaxy.io](https://gitgalaxy.io/). All rendering and scanning happens entirely in your browser's local memory.
|
|
122
131
|
|
|
@@ -124,7 +133,7 @@ Simply drag and drop your generated `your_repo_GPU_galaxy.json` file (or a `.zip
|
|
|
124
133
|
|
|
125
134
|

|
|
126
135
|
|
|
127
|
-
## Zero-Trust
|
|
136
|
+
## Zero-Trust Data Security
|
|
128
137
|
|
|
129
138
|
Your code never leaves your machine. GitGalaxy performs 100% of its scanning and vectorization locally.
|
|
130
139
|
|
|
@@ -13,15 +13,15 @@ from pathlib import Path
|
|
|
13
13
|
from datetime import datetime
|
|
14
14
|
|
|
15
15
|
# Import the core logic functions directly
|
|
16
|
-
from tools.cobol_jcl_forge import analyze_cobol_intent, generate_zero_trust_jcl
|
|
17
|
-
from tools.cobol_dag_architect import extract_lineage
|
|
18
|
-
from tools.cobol_graveyard_finder import x_ray_dead_code
|
|
19
|
-
from tools.cobol_schema_forge import forge_schemas
|
|
20
|
-
from tools.cobol_microservice_slicer import slice_business_logic
|
|
21
|
-
from tools.cobol_system_limits_reporter import scan_system_limits
|
|
22
|
-
from tools.cobol_lexical_patcher import patch_lexical_traps
|
|
23
|
-
from tools.cobol_jcl_auditor import audit_zero_trust_jcls
|
|
24
|
-
from tools.cobol_agent_task_forge import forge_agent_jobs
|
|
16
|
+
from gitgalaxy.tools.cobol_to_cobol.cobol_jcl_forge import analyze_cobol_intent, generate_zero_trust_jcl
|
|
17
|
+
from gitgalaxy.tools.cobol_to_cobol.cobol_dag_architect import extract_lineage
|
|
18
|
+
from gitgalaxy.tools.cobol_to_cobol.cobol_graveyard_finder import x_ray_dead_code
|
|
19
|
+
from gitgalaxy.tools.cobol_to_cobol.cobol_schema_forge import forge_schemas
|
|
20
|
+
from gitgalaxy.tools.cobol_to_cobol.cobol_microservice_slicer import slice_business_logic
|
|
21
|
+
from gitgalaxy.tools.cobol_to_cobol.cobol_system_limits_reporter import scan_system_limits
|
|
22
|
+
from gitgalaxy.tools.cobol_to_cobol.cobol_lexical_patcher import patch_lexical_traps
|
|
23
|
+
from gitgalaxy.tools.cobol_to_cobol.cobol_jcl_auditor import audit_zero_trust_jcls
|
|
24
|
+
from gitgalaxy.tools.cobol_to_cobol.cobol_agent_task_forge import forge_agent_jobs
|
|
25
25
|
|
|
26
26
|
# ==============================================================================
|
|
27
27
|
# THE SCALE SENSOR & HYBRID STATE MANAGER
|
|
@@ -13,12 +13,12 @@ import shutil
|
|
|
13
13
|
from pathlib import Path
|
|
14
14
|
|
|
15
15
|
# Current Imports
|
|
16
|
-
from tools.cobol_to_java_spring_forge import generate_java_entity
|
|
17
|
-
from tools.cobol_to_java_api_contract_forge import generate_rest_controller
|
|
18
|
-
from tools.cobol_to_java_agent_forge import generate_java_agent_ticket
|
|
19
|
-
from tools.cobol_to_java_build_forge import generate_pom_xml, generate_application_yml, generate_main_class
|
|
20
|
-
from tools.cobol_to_java_service_forge import generate_service_skeleton
|
|
21
|
-
from tools.cobol_to_java_decoder_forge import generate_decoder_util
|
|
16
|
+
from gitgalaxy.tools.cobol_to_java.cobol_to_java_spring_forge import generate_java_entity
|
|
17
|
+
from gitgalaxy.tools.cobol_to_java.cobol_to_java_api_contract_forge import generate_rest_controller
|
|
18
|
+
from gitgalaxy.tools.cobol_to_java.cobol_to_java_agent_forge import generate_java_agent_ticket
|
|
19
|
+
from gitgalaxy.tools.cobol_to_java.cobol_to_java_build_forge import generate_pom_xml, generate_application_yml, generate_main_class
|
|
20
|
+
from gitgalaxy.tools.cobol_to_java.cobol_to_java_service_forge import generate_service_skeleton
|
|
21
|
+
from gitgalaxy.tools.cobol_to_java.cobol_to_java_decoder_forge import generate_decoder_util
|
|
22
22
|
|
|
23
23
|
def build_spring_boot_scaffold(output_dir: Path, package_name: str) -> dict:
|
|
24
24
|
"""Creates the standard Spring Boot directory architecture."""
|
|
@@ -443,7 +443,7 @@ class ApertureFilter:
|
|
|
443
443
|
|
|
444
444
|
return True
|
|
445
445
|
|
|
446
|
-
def _load_gitignore_patterns(self) ->
|
|
446
|
+
def _load_gitignore_patterns(self) -> List[str]:
|
|
447
447
|
"""Reads local .gitignore files to identify Radio Noise."""
|
|
448
448
|
patterns = []
|
|
449
449
|
ignore_file = self.root / ".gitignore"
|
|
@@ -75,7 +75,6 @@ def _init_worker(root_str: str, config: Dict[str, Any], ext_tally: Dict[str, int
|
|
|
75
75
|
Force-warms pseudo-languages (plaintext/markdown) to kill the 'Plaintext Stutter'.
|
|
76
76
|
This prevents [AUTO-HEAL] log spam and redundant regex compilation.
|
|
77
77
|
"""
|
|
78
|
-
global _worker_state
|
|
79
78
|
|
|
80
79
|
logging.getLogger().setLevel(log_level)
|
|
81
80
|
worker_logger = logging.getLogger("GalaxyScope.Worker")
|
|
@@ -139,7 +138,6 @@ def _init_worker(root_str: str, config: Dict[str, Any], ext_tally: Dict[str, int
|
|
|
139
138
|
|
|
140
139
|
def _process_file_worker(rel_path: str) -> Dict[str, Any]:
|
|
141
140
|
"""Processes a single file path using the worker's cached hardware modules."""
|
|
142
|
-
global _worker_state
|
|
143
141
|
|
|
144
142
|
# ---> START THE CLOCK FOR THE MICRO-PROFILER <---
|
|
145
143
|
t_start = time.time()
|
|
@@ -271,12 +269,18 @@ def _process_file_worker(rel_path: str) -> Dict[str, Any]:
|
|
|
271
269
|
observation["processing_time"] = time.time() - t_start
|
|
272
270
|
return observation
|
|
273
271
|
|
|
274
|
-
# =========================================================================
|
|
272
|
+
# =========================================================================
|
|
275
273
|
# THE HARDWARE GUILLOTINE (GLOBAL ReDoS Protection)
|
|
276
274
|
# =========================================================================
|
|
277
|
-
import signal
|
|
278
|
-
|
|
279
|
-
|
|
275
|
+
import signal
|
|
276
|
+
import sys
|
|
277
|
+
|
|
278
|
+
# Check if the operating system is not Windows
|
|
279
|
+
is_posix = sys.platform != "win32"
|
|
280
|
+
|
|
281
|
+
if is_posix:
|
|
282
|
+
signal.signal(signal.SIGALRM, redos_guillotine)
|
|
283
|
+
signal.alarm(15) # 15-second fuse for POSIX systems
|
|
280
284
|
|
|
281
285
|
try:
|
|
282
286
|
# Phase 3: Linguistic Detector
|
|
@@ -408,7 +412,8 @@ def _process_file_worker(rel_path: str) -> Dict[str, Any]:
|
|
|
408
412
|
return observation
|
|
409
413
|
finally:
|
|
410
414
|
# IMPORTANT: Defuse the bomb immediately upon success!
|
|
411
|
-
|
|
415
|
+
if is_posix:
|
|
416
|
+
signal.alarm(0)
|
|
412
417
|
# =========================================================================
|
|
413
418
|
|
|
414
419
|
data_payload = {
|
|
@@ -721,8 +726,8 @@ class Orchestrator:
|
|
|
721
726
|
logger.info(f"SQLITE: Generating repository-specific database -> {db_output}")
|
|
722
727
|
|
|
723
728
|
self.db_recorder.record_mission(
|
|
724
|
-
parsed_files=repository_graph,
|
|
725
|
-
unparsable_files=total_unparsable,
|
|
729
|
+
parsed_files=list(repository_graph) if repository_graph else [], # <--- PASS A COPY
|
|
730
|
+
unparsable_files=list(total_unparsable) if total_unparsable else [], # <--- PASS A COPY
|
|
726
731
|
summary=summary,
|
|
727
732
|
session_meta=session_meta,
|
|
728
733
|
output_path=db_output
|
|
@@ -764,7 +769,13 @@ class Orchestrator:
|
|
|
764
769
|
|
|
765
770
|
# --- THE FINAL CALL TO ACTION (CLI BILLBOARD) ---
|
|
766
771
|
print("\n" + "="*75)
|
|
767
|
-
|
|
772
|
+
|
|
773
|
+
# Windows command prompts crash on emojis, so we strip it for them
|
|
774
|
+
if sys.platform == "win32":
|
|
775
|
+
print(" READY FOR VISUALIZATION (100% LOCAL / ZERO UPLOAD)")
|
|
776
|
+
else:
|
|
777
|
+
print(" 🌌 READY FOR VISUALIZATION (100% LOCAL / ZERO UPLOAD)")
|
|
778
|
+
|
|
768
779
|
print("="*75)
|
|
769
780
|
print(" 1. Open your browser to: \033[94m\033[4mhttps://gitgalaxy.io/\033[0m")
|
|
770
781
|
print(f" 2. Drag and drop '{output_file}'")
|
|
@@ -187,7 +187,7 @@ class SpectralAuditor:
|
|
|
187
187
|
for lid, group in by_lang.items():
|
|
188
188
|
if lid in ("undeterminable", "unknown"):
|
|
189
189
|
for s in group:
|
|
190
|
-
|
|
190
|
+
unparsable_files.append(self._format_for_singularity(s, "Already Dark Matter (Pre-Audit)"))
|
|
191
191
|
self.logger.debug(f"[{lid}] Bypassed {len(group)} artifacts (already Dark Matter).")
|
|
192
192
|
continue
|
|
193
193
|
|
|
@@ -13,7 +13,7 @@ import os
|
|
|
13
13
|
import re
|
|
14
14
|
from datetime import datetime
|
|
15
15
|
from pathlib import Path
|
|
16
|
-
from typing import Any
|
|
16
|
+
from typing import Any, Dict, Tuple
|
|
17
17
|
from gitgalaxy.standards import analysis_lens as config
|
|
18
18
|
|
|
19
19
|
# ==============================================================================
|
|
@@ -12,7 +12,7 @@ import logging
|
|
|
12
12
|
import statistics
|
|
13
13
|
from pathlib import Path
|
|
14
14
|
from datetime import datetime
|
|
15
|
-
from typing import List, Dict, Any, Optional
|
|
15
|
+
from typing import List, Dict, Any, Optional, Tuple
|
|
16
16
|
from gitgalaxy.standards import analysis_lens as config
|
|
17
17
|
|
|
18
18
|
# ==============================================================================
|
|
@@ -45,7 +45,7 @@ class LLMRecorder:
|
|
|
45
45
|
self.RISK_SCHEMA = schemas.get("RISK_SCHEMA", [])
|
|
46
46
|
self.SIGNAL_SCHEMA = schemas.get("SIGNAL_SCHEMA", [])
|
|
47
47
|
|
|
48
|
-
def _parse_threat_score(self, star: Dict) ->
|
|
48
|
+
def _parse_threat_score(self, star: Dict) -> Tuple[float, str]:
|
|
49
49
|
"""Safely extracts and converts the AI threat score string to a float."""
|
|
50
50
|
score_str = star.get("telemetry", {}).get("domain_context", {}).get("AI Threat Score", "0.0%")
|
|
51
51
|
try:
|
|
@@ -131,10 +131,10 @@ class SecurityLens:
|
|
|
131
131
|
r'\b(?:import|from|require|include|require_once|fetch|XMLHttpRequest)\b'
|
|
132
132
|
r'[^\n]*?(?:[\u0400-\u04FF]|'
|
|
133
133
|
r'[\u0370-\u03FF]|'
|
|
134
|
-
r'[\
|
|
134
|
+
r'[\U0001D400-\U0001D7FF]|'
|
|
135
135
|
r'\u3164)',
|
|
136
136
|
re.I
|
|
137
|
-
),
|
|
137
|
+
),
|
|
138
138
|
|
|
139
139
|
# 10. THE VAULT DOOR (Credential & Secret Leaks)
|
|
140
140
|
"private_info": re.compile(
|
|
@@ -374,32 +374,6 @@ class SecurityLens:
|
|
|
374
374
|
|
|
375
375
|
return exposures
|
|
376
376
|
|
|
377
|
-
# 2. Logic Bomb / Sabotage Risk
|
|
378
|
-
sabotage_hits = aggregated_hits.get("graveyard", 0) + (aggregated_hits.get("danger", 0) * 1.5)
|
|
379
|
-
sabotage_density = sabotage_hits / loc_safe
|
|
380
|
-
if sabotage_density >= self.policy["logic_bomb_threshold"]:
|
|
381
|
-
exposures["Logic Bomb Risk"] = sabotage_density
|
|
382
|
-
|
|
383
|
-
# 3. Data Injection Risk
|
|
384
|
-
injection_hits = aggregated_hits.get("io", 0) + aggregated_hits.get("danger", 0) + aggregated_hits.get("flux", 0)
|
|
385
|
-
injection_density = injection_hits / loc_safe
|
|
386
|
-
if injection_density >= self.policy["injection_surface_threshold"]:
|
|
387
|
-
exposures["Data Injection Risk"] = injection_density
|
|
388
|
-
|
|
389
|
-
# 4. Memory Corruption Risk
|
|
390
|
-
memory_hits = aggregated_hits.get("memory_corruption", 0)
|
|
391
|
-
memory_density = memory_hits / loc_safe
|
|
392
|
-
if memory_density >= self.policy["memory_corruption_threshold"]:
|
|
393
|
-
exposures["Memory Corruption Risk"] = memory_density
|
|
394
|
-
|
|
395
|
-
# 5. Secrets Risk
|
|
396
|
-
secrets_hits = aggregated_hits.get("private_info", 0)
|
|
397
|
-
secrets_density = secrets_hits / loc_safe
|
|
398
|
-
if secrets_density >= self.policy["secrets_risk_threshold"]:
|
|
399
|
-
exposures["Secrets Leak Risk"] = secrets_density
|
|
400
|
-
|
|
401
|
-
return exposures
|
|
402
|
-
|
|
403
377
|
def scan_binary(self, raw_bytes: bytes, ext: str) -> dict:
|
|
404
378
|
"""
|
|
405
379
|
X-Rays binary chunks for embedded execution headers, magic byte mismatches,
|
|
@@ -68,8 +68,52 @@ class UniversalManifestSlicer:
|
|
|
68
68
|
for line in block.splitlines():
|
|
69
69
|
line = line.strip()
|
|
70
70
|
if line and not line.startswith('#') and '=' in line:
|
|
71
|
+
pkg_name = line.split('=')[0].strip()
|
|
71
72
|
pkg_name = line.split('=')[0].strip()
|
|
72
73
|
deps[pkg_name] = "latest" # Simplified version extraction
|
|
74
|
+
|
|
75
|
+
elif filename == "go.mod":
|
|
76
|
+
ecosystem = "golang"
|
|
77
|
+
with open(manifest_path, 'r', encoding='utf-8') as f:
|
|
78
|
+
in_require_block = False
|
|
79
|
+
for line in f:
|
|
80
|
+
line = line.strip()
|
|
81
|
+
if line.startswith('require ('):
|
|
82
|
+
in_require_block = True
|
|
83
|
+
continue
|
|
84
|
+
if line == ')':
|
|
85
|
+
in_require_block = False
|
|
86
|
+
continue
|
|
87
|
+
if in_require_block and line and not line.startswith('//'):
|
|
88
|
+
parts = line.split()
|
|
89
|
+
if len(parts) >= 2:
|
|
90
|
+
deps[parts[0]] = parts[1]
|
|
91
|
+
elif line.startswith('require ') and not in_require_block:
|
|
92
|
+
parts = line.split()
|
|
93
|
+
if len(parts) >= 3:
|
|
94
|
+
deps[parts[1]] = parts[2]
|
|
95
|
+
|
|
96
|
+
elif filename == "Gemfile":
|
|
97
|
+
ecosystem = "rubygems"
|
|
98
|
+
with open(manifest_path, 'r', encoding='utf-8') as f:
|
|
99
|
+
for line in f:
|
|
100
|
+
line = line.strip()
|
|
101
|
+
# Extract: gem 'nokogiri', '~> 1.11'
|
|
102
|
+
if line.startswith("gem "):
|
|
103
|
+
parts = line.split(',')
|
|
104
|
+
pkg_name = parts[0].replace("gem", "").strip(" '\"")
|
|
105
|
+
version = parts[1].strip(" '\"") if len(parts) > 1 else "latest"
|
|
106
|
+
deps[pkg_name] = version
|
|
107
|
+
|
|
108
|
+
elif filename == "pom.xml":
|
|
109
|
+
ecosystem = "maven"
|
|
110
|
+
with open(manifest_path, 'r', encoding='utf-8') as f:
|
|
111
|
+
content = f.read()
|
|
112
|
+
# Extract artifactId and version from XML blocks
|
|
113
|
+
deps_raw = re.findall(r'<dependency>.*?<artifactId>([^<]+)</artifactId>(?:.*?<version>([^<]+)</version>)?.*?</dependency>', content, re.DOTALL)
|
|
114
|
+
for artifact, version in deps_raw:
|
|
115
|
+
deps[artifact] = version if version else "latest"
|
|
116
|
+
|
|
73
117
|
except Exception:
|
|
74
118
|
pass
|
|
75
119
|
|
|
@@ -99,6 +143,29 @@ class UniversalManifestSlicer:
|
|
|
99
143
|
for d in dirs:
|
|
100
144
|
if d.lower() == safe_pkg_name or d.lower().startswith(f"{safe_pkg_name}-"):
|
|
101
145
|
return Path(root) / d
|
|
146
|
+
|
|
147
|
+
elif ecosystem == "golang":
|
|
148
|
+
# Go packages are often vendored in the project's root 'vendor/' directory
|
|
149
|
+
target = target_path / 'vendor' / pkg_name
|
|
150
|
+
return target if target.exists() else None
|
|
151
|
+
|
|
152
|
+
elif ecosystem == "rubygems":
|
|
153
|
+
# Ruby often vendors gems locally here
|
|
154
|
+
target = target_path / 'vendor' / 'bundle'
|
|
155
|
+
if target.exists():
|
|
156
|
+
for root, dirs, _ in os.walk(target):
|
|
157
|
+
if pkg_name in dirs: return Path(root) / pkg_name
|
|
158
|
+
return None
|
|
159
|
+
|
|
160
|
+
elif ecosystem == "maven":
|
|
161
|
+
# Java local dependency pulls usually land here
|
|
162
|
+
target = target_path / 'target' / 'dependency'
|
|
163
|
+
if target.exists():
|
|
164
|
+
# Just verifying the jar/folder exists loosely
|
|
165
|
+
for file in target.iterdir():
|
|
166
|
+
if pkg_name.lower() in file.name.lower(): return file
|
|
167
|
+
return None
|
|
168
|
+
|
|
102
169
|
return None
|
|
103
170
|
|
|
104
171
|
def main():
|
|
@@ -124,7 +191,7 @@ def main():
|
|
|
124
191
|
total_verified = 0
|
|
125
192
|
|
|
126
193
|
# 1. Harvest Manifests Universally
|
|
127
|
-
manifest_targets = ["package.json", "composer.json", "requirements.txt", "Cargo.toml"]
|
|
194
|
+
manifest_targets = ["package.json", "composer.json", "requirements.txt", "Cargo.toml", "go.mod", "Gemfile", "pom.xml"]
|
|
128
195
|
found_manifests = [target_path / m for m in manifest_targets if (target_path / m).exists()]
|
|
129
196
|
|
|
130
197
|
if not found_manifests:
|
{gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/supply_chain_security/supply_chain_firewall.py
RENAMED
|
@@ -140,8 +140,8 @@ def main():
|
|
|
140
140
|
loc = max(len(content.splitlines()), 1)
|
|
141
141
|
sec_results = security.scan_content(content, loc)
|
|
142
142
|
|
|
143
|
-
# THE INERT DATA SHIELD
|
|
144
|
-
if ext in ['.json', '.md', '.txt', '.csv', '.yaml', '.yml', '.css', '.less']:
|
|
143
|
+
# THE INERT DATA SHIELD & MINIFIED BYPASS
|
|
144
|
+
if ext in ['.json', '.md', '.txt', '.csv', '.yaml', '.yml', '.css', '.less', '.h'] or '.d.ts' in file_path.name or '.min.' in file_path.name or '.umd.' in file_path.name:
|
|
145
145
|
for key in sec_results["counts"].keys():
|
|
146
146
|
sec_results["counts"][key] = 0
|
|
147
147
|
|
{gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/terabyte_log_scanning/terabyte_log_scanner.py
RENAMED
|
@@ -81,13 +81,21 @@ def main():
|
|
|
81
81
|
keyword_patterns = {}
|
|
82
82
|
for kw in search_targets:
|
|
83
83
|
# Example: looking for "PGM=NAME" or "STARTED NAME"
|
|
84
|
-
pattern_str = fr"
|
|
84
|
+
pattern_str = fr"{kw}"
|
|
85
85
|
keyword_patterns[kw] = re.compile(pattern_str.encode('utf-8'), re.IGNORECASE)
|
|
86
86
|
|
|
87
87
|
ts_pattern = re.compile(br'(\d{4}-\d{2}-\d{2}[T\s]\d{2}|\b[A-Z][a-z]{2}\s+\d{1,2}\s\d{2})')
|
|
88
88
|
histograms = {kw: defaultdict(int) for kw in search_targets}
|
|
89
89
|
|
|
90
|
-
|
|
90
|
+
if args.out:
|
|
91
|
+
out_dir = Path(args.out).resolve()
|
|
92
|
+
out_dir.mkdir(parents=True, exist_ok=True)
|
|
93
|
+
results_path = out_dir / f"{target_path.stem}_results.txt"
|
|
94
|
+
else:
|
|
95
|
+
results_path = target_path.parent / f"{target_path.stem}_results.txt"
|
|
96
|
+
|
|
97
|
+
start_time = time.time()
|
|
98
|
+
print(f"🚀 Scanning {target_path.name} for {len(search_targets)} keywords...")
|
|
91
99
|
|
|
92
100
|
# 2. The Memory Shield
|
|
93
101
|
with open(target_path, 'rb') as f_in, open(results_path, 'w', encoding='utf-8') as f_out:
|
|
@@ -103,7 +111,11 @@ def main():
|
|
|
103
111
|
|
|
104
112
|
time_elapsed = time.time() - start_time
|
|
105
113
|
|
|
106
|
-
|
|
114
|
+
for kw, buckets in histograms.items():
|
|
115
|
+
draw_ascii_histogram(buckets, kw)
|
|
116
|
+
|
|
117
|
+
print(f"\n✅ Scan completed in {time_elapsed:.2f} seconds.")
|
|
118
|
+
print(f"📄 Filtered results saved to: {results_path}")
|
|
107
119
|
|
|
108
120
|
total_counts = {kw: sum(buckets.values()) for kw, buckets in histograms.items()}
|
|
109
121
|
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: gitgalaxy
|
|
3
|
-
Version: 2.0.
|
|
3
|
+
Version: 2.0.5
|
|
4
4
|
Summary: An AST-free, zero-trust static analysis engine for mapping architectural risk, securing CI/CD pipelines, and modernizing legacy monoliths.
|
|
5
|
-
Author:
|
|
5
|
+
Author: Joe Esquibel
|
|
6
6
|
Project-URL: Homepage, https://gitgalaxy.io
|
|
7
7
|
Project-URL: Documentation, https://squid-protocol.github.io/gitgalaxy/
|
|
8
8
|
Project-URL: Source, https://github.com/squid-protocol/gitgalaxy
|
|
@@ -16,7 +16,7 @@ Classifier: Topic :: Software Development :: Quality Assurance
|
|
|
16
16
|
Classifier: Topic :: Scientific/Engineering :: Visualization
|
|
17
17
|
Classifier: Intended Audience :: Developers
|
|
18
18
|
Classifier: Intended Audience :: Information Technology
|
|
19
|
-
Requires-Python: >=3.
|
|
19
|
+
Requires-Python: >=3.9
|
|
20
20
|
Description-Content-Type: text/markdown
|
|
21
21
|
License-File: LICENSE
|
|
22
22
|
Dynamic: license-file
|
|
@@ -38,32 +38,36 @@ Dynamic: license-file
|
|
|
38
38
|
[](https://pypi.org/project/gitgalaxy/)
|
|
39
39
|
[](#)
|
|
40
40
|
|
|
41
|
-
### **
|
|
41
|
+
### **AST-Free Static Analysis & Knowledge Graph Engine**
|
|
42
42
|
|
|
43
|
-
The blAST (Bypassing LLMs and ASTs) engine is a custom-made knowledge graph engine that resolves repositories at the function level. It scores each function based on 50 unique metrics, rolls that data up to score the file, and finally summarizes the entire repository.
|
|
43
|
+
The blAST (Bypassing LLMs and ASTs) engine is a custom-made knowledge graph engine that resolves repositories at the function level. It scores each function based on 50 unique metrics, rolls that data up to score the file, and finally summarizes the entire repository.
|
|
44
44
|
|
|
45
|
-
|
|
45
|
+
### Scanning Apollo-11 with the blAST Engine
|
|
46
46
|
|
|
47
|
-
|
|
47
|
+

|
|
48
|
+
|
|
49
|
+
By utilizing a custom engine, we retain full control over the search space. We built it to be exceptionally fast, capable of assessing your entire repository without requiring compilable code—a fundamental limitation of standard Abstract Syntax Trees (ASTs). ASTs are great for finding missing commas and memory overflows, but they miss the forest for the trees when generating knowledge graphs. LLMs, on the other hand, suffer from hallucination during large context windows and yield probabilistic, fluctuating answers.
|
|
50
|
+
|
|
51
|
+
The blAST engine solves this. Because all programming languages utilize keywords and functions, our engine treats code files as text, scanning for these structural anchors to build a deterministic 3D knowledge graph. It seamlessly handles mid-file language switching, assesses the architectural ratio of test files to logic, and extracts invaluable project structure data that ASTs ignore.
|
|
48
52
|
|
|
49
53
|
Every assumption our system makes has been abstracted into over 300 tunable variables. Think of GitGalaxy as a highly calibrated telescope. You can query the number of active API network nodes, isolate unique external imports, or highlight functions exhibiting extreme cognitive load—all adjusted via custom whitelists and blacklists to eliminate false-positive fatigue. Field-tested on over 1,000 repositories spanning 50+ languages and 250+ extensions, the engine comes equipped with smart defaults ready for immediate deployment.
|
|
50
54
|
|
|
51
|
-
**Core Technology**
|
|
55
|
+
**Core Codebase Mapping Technology**
|
|
52
56
|
* Bypasses LLMs and rigid ASTs.
|
|
53
57
|
* Doesn't require code to compile (AST-free).
|
|
54
58
|
* Produces full function-to-function call chains.
|
|
55
59
|
* Deterministically maps code by 60+ keyword regex profiles (Structural markers, I/O intents, state mutations).
|
|
56
|
-
* Regex keyword profiles allow us to classify functions, files, classes, folders and repos.
|
|
60
|
+
* Regex keyword profiles allow us to classify functions, files, classes, folders and repos.
|
|
57
61
|
* Eliminates LLM architectural hallucinations and context window limits.
|
|
58
62
|
* Scans 50+ languages, 250+ extensions, fully folder-aware. **([How to add a language in 1 minute and 1 prompt](gitgalaxy/standards/HOW_TO_ADD_LANGUAGE.md))**
|
|
59
63
|
|
|
60
|
-
**
|
|
64
|
+
**Enterprise Scale & Performance Metrics**
|
|
61
65
|
* 100,000 LOC/sec code analysis.
|
|
62
66
|
* 0.07 GB/sec raw log ingestion.
|
|
63
67
|
* Full-system scans in minutes without data sampling.
|
|
64
68
|
* 100% daily system coverage.
|
|
65
69
|
|
|
66
|
-
**
|
|
70
|
+
**Methodology & Comparative Benchmarks**
|
|
67
71
|
GitGalaxy is backed by an academic-grade thesis detailing the equations powering the blAST engine.
|
|
68
72
|
|
|
69
73
|
* **[Optimum Search Strategies Evolve](https://squid-protocol.github.io/gitgalaxy/03-01-claim-1-search-strategies/):** AST-free mapping. Outperforms rigid parsers and LLM context windows.
|
|
@@ -71,15 +75,14 @@ GitGalaxy is backed by an academic-grade thesis detailing the equations powering
|
|
|
71
75
|
* **[All languages have keywords that roughly do the same thing, these can be grouped to make cross-language keyword maps](https://squid-protocol.github.io/gitgalaxy/03-03-claim-3-taxonomy-map/):** Standardizes 50+ languages into a single universal physical framework.
|
|
72
76
|
* **[Cross-Language Comparisons of over 1000 repos](https://squid-protocol.github.io/gitgalaxy/03-04-claim-4-comparing-languages/):** Deterministic 1:1 benchmarking of distinct syntax architectures.
|
|
73
77
|
* **[Universal File Archetypes by k-means clustering](https://squid-protocol.github.io/gitgalaxy/03-05-claim-5-file-archetypes/):** ML isolation of files into K-means clusters (e.g., "The God Nodes," "Declarative Glue").
|
|
74
|
-
* **[
|
|
75
|
-
* **Mainframe Proven:** Successful from-scratch translation of legacy COBOL monoliths to compiling Spring Boot architectures.
|
|
78
|
+
* **[Mainframe Proven: 100% CI/CD Translation Success Rate](https://github.com/squid-protocol/gitgalaxy/tree/main/examples/ibm_cics_translation):** Flawless architectural translation of 27 distinct legacy COBOL repositories (including IBM CICS benchmark apps) into compiling Java Spring Boot environments.
|
|
76
79
|
|
|
77
|
-
**
|
|
80
|
+
**Data Privacy & On-Premise Deployment**
|
|
78
81
|
* 100% air-gapped execution.
|
|
79
82
|
* On-premise deployment with zero IP exfiltration risk.
|
|
80
83
|
* Zero-trust processing model.
|
|
81
84
|
|
|
82
|
-
**
|
|
85
|
+
**Installation & Usage**
|
|
83
86
|
* Python-based: `pip install gitgalaxy`
|
|
84
87
|
* CLI execution
|
|
85
88
|
* Outputs forensic JSONs (optimized for AI-agent summary reports) and a native SQLite3 database for robust querying and storage.
|
|
@@ -88,7 +91,7 @@ GitGalaxy is backed by an academic-grade thesis detailing the equations powering
|
|
|
88
91
|
|
|
89
92
|
---
|
|
90
93
|
|
|
91
|
-
## Quickstart
|
|
94
|
+
## Quickstart Guide
|
|
92
95
|
|
|
93
96
|
### 1. Install
|
|
94
97
|
|
|
@@ -107,39 +110,45 @@ galaxyscope /path/to/your/local/repo
|
|
|
107
110
|
|
|
108
111
|
---
|
|
109
112
|
|
|
110
|
-
### [
|
|
113
|
+
### [GitGalaxy Core Analysis Engine](docs/wiki/01-project-overview.md)
|
|
111
114
|
The central blAST engine. It bypasses rigid ASTs using mathematical heuristics to map O(N) multi-dimensional relationships across 50+ languages, managing signal processing, spatial layout, and high-speed SQLite telemetry recording.
|
|
112
115
|
|
|
113
116
|
|
|
114
117
|
|
|
115
|
-
##
|
|
118
|
+
## Enterprise Codebase Tools & Use Cases
|
|
116
119
|
|
|
117
|
-
GitGalaxy operates on a modular Hub-and-Spoke architecture. While the core engine provides the overarching physics and cartography, our specialized toolsets leverage that deterministic graph to execute enterprise-grade operations.
|
|
120
|
+
GitGalaxy operates on a modular Hub-and-Spoke architecture. While the core engine provides the overarching physics and cartography, our specialized toolsets leverage that deterministic graph to execute enterprise-grade operations.
|
|
118
121
|
|
|
119
|
-
### [Legacy
|
|
122
|
+
### [Automated Legacy Migration: COBOL to Java Spring Boot](gitgalaxy/tools/cobol_to_java/)
|
|
120
123
|
A deterministic, high-fidelity translation pipeline. It converts legacy COBOL into fully compiling, modern Spring Boot architectures, mapping memory exactly and scaffolding JPA entities, REST controllers, and Maven builds before utilizing AI to translate isolated business logic.
|
|
124
|
+
* **Proven Metric:** Achieved a perfect 27/27 Maven compile success rate across a batch test of distinct legacy repos.
|
|
125
|
+
* **Verify for Yourself:** [Inspect the raw outputs of the IBM CICS Application Translation here.](examples/ibm_cics_translation/)
|
|
121
126
|
|
|
122
|
-
|
|
127
|
+

|
|
128
|
+
|
|
129
|
+
### [Mainframe Refactoring: COBOL & JCL Optimization](gitgalaxy/tools/cobol_to_cobol/)
|
|
123
130
|
A mathematical x-ray suite for sanitizing mainframe monoliths. It safely neutralizes legacy lexical traps, extracts dead "Graveyard" memory, maps topological DAG execution orders, and generates Zero-Trust JCL configurations for modern cloud deployments.
|
|
131
|
+
* **Proven Metric:** The Graveyard Reaper engine extracted over 6,700 lines of dead execution blocks and orphaned variables from the standard IBM CICS benchmark app in seconds.
|
|
124
132
|
|
|
125
|
-
### [Supply Chain Security](gitgalaxy/tools/supply_chain_security/)
|
|
133
|
+
### [Software Supply Chain Security & Pre-Commit Firewalls](gitgalaxy/tools/supply_chain_security/)
|
|
126
134
|
Extreme-velocity pre-commit firewalls. Instead of trusting manifest files, it scans physical internals to block steganography, sub-atomic XOR decryption loops, homoglyph typosquatting, and exposed cryptographic vaults before they ever enter your CI/CD pipeline.
|
|
127
135
|
|
|
128
|
-
### [
|
|
136
|
+
### [Zero-Trust SBOM Generation & Dependency Auditing](gitgalaxy/tools/compliance/)
|
|
137
|
+
A Zero-Trust Software Bill of Materials (SBOM) generator. It refuses to blindly trust `package.json` or `requirements.txt` files, instead locating the physical dependencies on disk, mathematically verifying their entropy and linguistic identity, and generating strict CycloneDX 1.4 JSON reports.
|
|
138
|
+
* **Proven Metric:** Successfully mapped and mathematically verified the physical internals of 170 unique Go modules inside the local Kubernetes repository.
|
|
139
|
+
|
|
140
|
+
### [API Security & Shadow API Detection](gitgalaxy/tools/network_auditing/)
|
|
129
141
|
A deterministic mapping tool that hunts undocumented vulnerabilities. It uses structural regex to find active physical routing logic (Express, Spring Boot, FastAPI) and applies set theory against official OpenAPI/Swagger documentation to isolate critical Shadow APIs and outdated Ghost APIs.
|
|
130
142
|
|
|
131
|
-
### [
|
|
143
|
+
### [High-Speed PII Detection & Log Analysis](gitgalaxy/tools/terabyte_log_scanning/)
|
|
132
144
|
Unindexed, tactical log analysis operating at 0.07 GB/sec. It streams massive database dumps to deterministically hunt and mask PII (Credit Cards, SSNs, AWS Keys) and uses static architecture maps to prove exact runtime execution frequencies with ASCII time-series histograms.
|
|
133
145
|
|
|
134
|
-
### [
|
|
135
|
-
A Zero-Trust Software Bill of Materials (SBOM) generator. It refuses to blindly trust `package.json` or `requirements.txt` files, instead locating the physical dependencies on disk, mathematically verifying their entropy and linguistic identity, and generating strict CycloneDX 1.4 JSON reports.
|
|
136
|
-
|
|
137
|
-
### [AI Guardrails](gitgalaxy/tools/ai_guardrails/)
|
|
146
|
+
### [AI Agent Guardrails & Codebase Protection](gitgalaxy/tools/ai_guardrails/)
|
|
138
147
|
Specialized keyword sensors protecting both your application and your codebase. The AppSec Sensor detects weaponized LLM features (RCE funnels, exfiltration risks), while the Dev Agent Firewall evaluates token mass and blast radius to restrict autonomous coding agents from modifying dangerous over context token-draining files. Helps identify which files need to be chunked to reduce context overload.
|
|
139
148
|
|
|
140
|
-
##
|
|
149
|
+
## Local Browser-Based 3D Codebase Visualization
|
|
141
150
|
|
|
142
|
-
If you prefer visual analytics, we've built a non-numerical dashboard where each file represents a star, sized and colored according to specific risk metrics.
|
|
151
|
+
If you prefer visual analytics, we've built a non-numerical dashboard where each file represents a star, sized and colored according to specific risk metrics.
|
|
143
152
|
|
|
144
153
|
Simply drag and drop your generated `your_repo_GPU_galaxy.json` file (or a `.zip` of your raw repository) directly into [GitGalaxy.io](https://gitgalaxy.io/). All rendering and scanning happens entirely in your browser's local memory.
|
|
145
154
|
|
|
@@ -147,7 +156,7 @@ Simply drag and drop your generated `your_repo_GPU_galaxy.json` file (or a `.zip
|
|
|
147
156
|
|
|
148
157
|

|
|
149
158
|
|
|
150
|
-
## Zero-Trust
|
|
159
|
+
## Zero-Trust Data Security
|
|
151
160
|
|
|
152
161
|
Your code never leaves your machine. GitGalaxy performs 100% of its scanning and vectorization locally.
|
|
153
162
|
|
|
@@ -63,4 +63,5 @@ gitgalaxy/tools/supply_chain_security/binary_anomaly_detector.py
|
|
|
63
63
|
gitgalaxy/tools/supply_chain_security/supply_chain_firewall.py
|
|
64
64
|
gitgalaxy/tools/supply_chain_security/vault_sentinel.py
|
|
65
65
|
gitgalaxy/tools/terabyte_log_scanning/pii_leak_hunter.py
|
|
66
|
-
gitgalaxy/tools/terabyte_log_scanning/terabyte_log_scanner.py
|
|
66
|
+
gitgalaxy/tools/terabyte_log_scanning/terabyte_log_scanner.py
|
|
67
|
+
tests/test_galaxyscope.py
|
|
@@ -4,15 +4,13 @@ build-backend = "setuptools.build_meta"
|
|
|
4
4
|
|
|
5
5
|
[project]
|
|
6
6
|
name = "gitgalaxy"
|
|
7
|
-
version = "2.0.
|
|
7
|
+
version = "2.0.5"
|
|
8
8
|
authors = [
|
|
9
|
-
{ name="
|
|
9
|
+
{ name="Joe Esquibel" },
|
|
10
10
|
]
|
|
11
11
|
description = "An AST-free, zero-trust static analysis engine for mapping architectural risk, securing CI/CD pipelines, and modernizing legacy monoliths."
|
|
12
12
|
readme = "README.md"
|
|
13
|
-
requires-python = ">=3.
|
|
14
|
-
|
|
15
|
-
license-files = ["LICENSE"]
|
|
13
|
+
requires-python = ">=3.9"
|
|
16
14
|
|
|
17
15
|
keywords = [
|
|
18
16
|
"static-analysis",
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
import subprocess
|
|
2
|
+
import json
|
|
3
|
+
from pathlib import Path
|
|
4
|
+
|
|
5
|
+
def test_galaxyscope_python_fixture(tmp_path):
|
|
6
|
+
"""
|
|
7
|
+
Tests that GalaxyScope can parse a micro-repo (iwubi),
|
|
8
|
+
complete its mission, and trigger all 4 recorders successfully.
|
|
9
|
+
"""
|
|
10
|
+
# 1. Dynamically get the absolute path to the GitGalaxy root
|
|
11
|
+
test_dir = Path(__file__).parent
|
|
12
|
+
project_root = test_dir.parent
|
|
13
|
+
|
|
14
|
+
# 2. Build absolute paths for the script and the fixture
|
|
15
|
+
script_path = project_root / "gitgalaxy" / "galaxyscope.py"
|
|
16
|
+
fixture_path = test_dir / "fixtures" / "iwubi_frankenstein_test"
|
|
17
|
+
|
|
18
|
+
# Force output to a temporary directory
|
|
19
|
+
output_dir = tmp_path / "test_run"
|
|
20
|
+
|
|
21
|
+
# 3. Pass the absolute paths to the subprocess
|
|
22
|
+
result = subprocess.run(
|
|
23
|
+
["python", str(script_path), str(fixture_path), "--output", str(output_dir)],
|
|
24
|
+
capture_output=True,
|
|
25
|
+
text=True
|
|
26
|
+
)
|
|
27
|
+
|
|
28
|
+
# INVARIANT 1: CLI Exit Code & Billboard Output
|
|
29
|
+
assert result.returncode == 0, f"GalaxyScope crashed! Stderr: {result.stderr}"
|
|
30
|
+
assert "MISSION_SUCCESS" in result.stdout, "CLI did not print the success billboard."
|
|
31
|
+
|
|
32
|
+
# The engine uses the target folder name to build the filenames automatically
|
|
33
|
+
target_name = "iwubi_frankenstein_test"
|
|
34
|
+
|
|
35
|
+
gpu_file = output_dir / f"{target_name}_galaxy_gpu.json"
|
|
36
|
+
audit_file = output_dir / f"{target_name}_galaxy_audit.json"
|
|
37
|
+
llm_file = output_dir / f"{target_name}_galaxy_llm.md"
|
|
38
|
+
db_file = output_dir / f"{target_name}_galaxy_master.db"
|
|
39
|
+
|
|
40
|
+
# INVARIANT 2: File Generation (Did all 4 recorders fire?)
|
|
41
|
+
assert gpu_file.exists(), f"GPU Recorder failed to output JSON at {gpu_file}"
|
|
42
|
+
assert audit_file.exists(), f"Audit Recorder failed to output JSON at {audit_file}"
|
|
43
|
+
assert llm_file.exists(), f"LLM Recorder failed to output Markdown at {llm_file}"
|
|
44
|
+
assert db_file.exists(), f"SQLite Recorder failed to output DB at {db_file}"
|
|
45
|
+
|
|
46
|
+
# INVARIANT 3: GPU Recorder Internals (Non-blank structural check)
|
|
47
|
+
with open(gpu_file, "r", encoding="utf-8") as f:
|
|
48
|
+
gpu_data = json.load(f)
|
|
49
|
+
assert "meta" in gpu_data, "GPU JSON missing 'meta' object"
|
|
50
|
+
assert "galaxy" in gpu_data, "GPU JSON missing 'galaxy' object"
|
|
51
|
+
assert len(gpu_data["galaxy"]["names"]) >= 1, "GPU Recorder found 0 files"
|
|
52
|
+
assert "iwubi.py" in gpu_data["galaxy"]["names"], "Failed to identify iwubi.py"
|
|
53
|
+
|
|
54
|
+
# INVARIANT 4: LLM Recorder Internals (Text check)
|
|
55
|
+
with open(llm_file, "r", encoding="utf-8") as f:
|
|
56
|
+
md_content = f.read()
|
|
57
|
+
assert "# ARCHITECTURAL_BRIEF" in md_content, "LLM Markdown missing main header"
|
|
58
|
+
assert "MACRO STATE" in md_content, "LLM Markdown missing MACRO STATE section"
|
|
59
|
+
|
|
60
|
+
# INVARIANT 5: SQLite Database (Byte check)
|
|
61
|
+
assert db_file.stat().st_size > 1000, "SQLite database appears to be empty"
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_cobol/cobol_agent_task_forge.py
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_cobol/cobol_graveyard_finder.py
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_cobol/cobol_microservice_slicer.py
RENAMED
|
File without changes
|
|
File without changes
|
{gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_cobol/cobol_system_limits_reporter.py
RENAMED
|
File without changes
|
|
File without changes
|
{gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_java/cobol_to_java_agent_forge.py
RENAMED
|
File without changes
|
|
File without changes
|
{gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_java/cobol_to_java_build_forge.py
RENAMED
|
File without changes
|
{gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_java/cobol_to_java_decoder_forge.py
RENAMED
|
File without changes
|
{gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_java/cobol_to_java_service_forge.py
RENAMED
|
File without changes
|
{gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/cobol_to_java/cobol_to_java_spring_forge.py
RENAMED
|
File without changes
|
{gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/network_auditing/full_api_network_map.py
RENAMED
|
File without changes
|
{gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/supply_chain_security/binary_anomaly_detector.py
RENAMED
|
File without changes
|
|
File without changes
|
{gitgalaxy-2.0.3 → gitgalaxy-2.0.5}/gitgalaxy/tools/terabyte_log_scanning/pii_leak_hunter.py
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|