gitgalaxy 2.0.7__tar.gz → 2.0.8__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- gitgalaxy-2.0.8/.github/workflows/deploy-docs.yml +37 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/PKG-INFO +1 -1
- gitgalaxy-2.0.8/gitgalaxy/README.md +72 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/recorders/record_keeper.py +4 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/ai_guardrails/README.md +13 -13
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/cobol_to_cobol/README.md +18 -17
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/cobol_to_cobol/cobol_jcl_auditor.py +60 -4
- gitgalaxy-2.0.8/gitgalaxy/tools/cobol_to_cobol/cobol_jcl_forge.py +185 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/cobol_to_java/README.md +15 -15
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/compliance/README.md +12 -12
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/network_auditing/README.md +7 -6
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/supply_chain_security/README.md +56 -73
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/terabyte_log_scanning/README.md +8 -8
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy.egg-info/PKG-INFO +1 -1
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy.egg-info/SOURCES.txt +1 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/mkdocs.yml +19 -28
- gitgalaxy-2.0.7/gitgalaxy/README.md +0 -62
- gitgalaxy-2.0.7/gitgalaxy/tools/cobol_to_cobol/cobol_jcl_forge.py +0 -119
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/.github/ISSUE_TEMPLATE/parsing_discrepancy.yml +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/.github/dependabot.yml +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/.github/pull_request_template.md +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/.github/workflows/codeql.yml +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/.github/workflows/publish.yml +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/.github/workflows/smoke-test.yml +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/.gitignore +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/CONTRIBUTING.md +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/LICENSE +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/MANIFEST.in +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/README.md +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/action.yml +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/__init__.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/cobol_refractor_controller.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/cobol_to_java_controller.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/core/README.md +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/core/__init__.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/core/aperture.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/core/detector.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/core/guidestar_lens.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/core/network_risk_sensor.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/core/prism.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/core/state_rehydrator.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/galaxyscope.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/physics/README.md +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/physics/__init__.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/physics/chronometer.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/physics/neural_auditor.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/physics/signal_processor.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/physics/spectral_auditor.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/recorders/README.md +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/recorders/__init__.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/recorders/audit_recorder.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/recorders/gpu_recorder.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/recorders/llm_recorder.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/security/README.md +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/security/__init__.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/security/security_auditor.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/security/security_lens.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/standards/README.md +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/standards/__init__.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/standards/analysis_lens.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/standards/gitgalaxy_config.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/standards/how_to_add_a_language.md +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/standards/language_lens.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/standards/language_standards.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/README.md +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/__init__.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/ai_guardrails/ai_appsec_sensor.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/ai_guardrails/dev_agent_firewall.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/cobol_to_cobol/cobol_agent_task_forge.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/cobol_to_cobol/cobol_compiler_forge.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/cobol_to_cobol/cobol_dag_architect.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/cobol_to_cobol/cobol_etl_unpacker.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/cobol_to_cobol/cobol_graveyard_finder.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/cobol_to_cobol/cobol_lexical_patcher.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/cobol_to_cobol/cobol_microservice_slicer.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/cobol_to_cobol/cobol_schema_forge.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/cobol_to_cobol/cobol_system_limits_reporter.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/cobol_to_java/batch_test_harness.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/cobol_to_java/cobol_to_java_agent_forge.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/cobol_to_java/cobol_to_java_api_contract_forge.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/cobol_to_java/cobol_to_java_build_forge.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/cobol_to_java/cobol_to_java_decoder_forge.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/cobol_to_java/cobol_to_java_service_forge.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/cobol_to_java/cobol_to_java_spring_forge.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/compliance/sbom_generator.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/network_auditing/full_api_network_map.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/supply_chain_security/binary_anomaly_detector.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/supply_chain_security/supply_chain_firewall.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/supply_chain_security/vault_sentinel.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/terabyte_log_scanning/pii_leak_hunter.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy/tools/terabyte_log_scanning/terabyte_log_scanner.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy.egg-info/dependency_links.txt +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy.egg-info/entry_points.txt +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/gitgalaxy.egg-info/top_level.txt +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/pyproject.toml +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/setup.cfg +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/.gitattributes +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/.gitignore +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/LICENSE +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/Makefile +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/README.md +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/bufio/bufio.go +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/bufio/bufio_test.go +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/bufio/example_test.go +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/bufio/export_test.go +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/bufio/net_test.go +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/bufio/scan.go +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/bufio/scan_test.go +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/config.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/convert_em.F +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/dnn_converters.cpp +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/dnn_converters.hpp +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/insert_pinyin_to_db.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/iwubi.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/iwubi.svg +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/iwubi.xml +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/logconfig.py +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/logconfig.yaml +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/pinyin_simp.dict.csv +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/screenshot/add.png +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/screenshot/iwubi.gif +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/screenshot/set_ibus.png +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/fixtures/iwubi_frankenstein_test/wubi-jidian86.db +0 -0
- {gitgalaxy-2.0.7 → gitgalaxy-2.0.8}/tests/test_galaxyscope.py +0 -0
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
name: Deploy Museum of Code Docs
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches:
|
|
6
|
+
- main # Triggers the action when you push to the main branch
|
|
7
|
+
workflow_dispatch: # Allows you to manually trigger the build from the GitHub UI
|
|
8
|
+
|
|
9
|
+
# Grants the action permission to push the built site to the gh-pages branch
|
|
10
|
+
permissions:
|
|
11
|
+
contents: write
|
|
12
|
+
|
|
13
|
+
jobs:
|
|
14
|
+
deploy:
|
|
15
|
+
runs-on: ubuntu-latest
|
|
16
|
+
steps:
|
|
17
|
+
- name: Checkout Repository
|
|
18
|
+
uses: actions/checkout@v4
|
|
19
|
+
with:
|
|
20
|
+
fetch-depth: 0 # Required for git info/history (like last updated timestamps)
|
|
21
|
+
|
|
22
|
+
- name: Configure Git Credentials
|
|
23
|
+
run: |
|
|
24
|
+
git config user.name github-actions[bot]
|
|
25
|
+
git config user.email 41898282+github-actions[bot]@users.noreply.github.com
|
|
26
|
+
|
|
27
|
+
- name: Set up Python
|
|
28
|
+
uses: actions/setup-python@v5
|
|
29
|
+
with:
|
|
30
|
+
python-version: 3.x
|
|
31
|
+
|
|
32
|
+
- name: Install Dependencies
|
|
33
|
+
# Installs Material theme and the PyMdown extensions required by your mkdocs.yml
|
|
34
|
+
run: pip install mkdocs-material pymdown-extensions
|
|
35
|
+
|
|
36
|
+
- name: Build and Deploy Docs
|
|
37
|
+
run: mkdocs gh-deploy --force
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: gitgalaxy
|
|
3
|
-
Version: 2.0.
|
|
3
|
+
Version: 2.0.8
|
|
4
4
|
Summary: An AST-free, LLM-free zero-trust static analysis engine for mapping architectural risk, securing CI/CD pipelines, and modernizing legacy monoliths.
|
|
5
5
|
Author: Joe Esquibel
|
|
6
6
|
Project-URL: Homepage, https://gitgalaxy.io
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
# GitGalaxy: The Core Engine & GalaxyScope Orchestrator
|
|
2
|
+
|
|
3
|
+
[](#)
|
|
4
|
+
[](#)
|
|
5
|
+
[](#)
|
|
6
|
+
|
|
7
|
+
Welcome to the internal source code for the **GitGalaxy Core Engine**.
|
|
8
|
+
|
|
9
|
+
This directory contains the central orchestrator—**GalaxyScope**—alongside the core physics, optical routing, and mathematical heuristics that power the entire system. If you are a developer looking to contribute, understand the pipeline, or run the primary CLI, here is your architectural map.
|
|
10
|
+
|
|
11
|
+
### 🗺️ The Developer Map (How the Pipeline Flows)
|
|
12
|
+
|
|
13
|
+
When you trigger the `galaxyscope` command, the data flows through these five physical directories:
|
|
14
|
+
|
|
15
|
+
* **`/core/` (The Frontline):** The optical routing layer. Contains the [Aperture Filter](https://squid-protocol.github.io/gitgalaxy/02-03-aperture-filter/) and [The Prism](https://squid-protocol.github.io/gitgalaxy/02-07-the-prism/), which break down source code into structural signals, separating executable logic from ghost mass (comments) and inert binaries.
|
|
16
|
+
* **`/physics/` (The Math):** The heuristics engine. Contains the [Signal Processor](https://squid-protocol.github.io/gitgalaxy/02-09-signal-processing/) and [Neural Auditor](https://squid-protocol.github.io/gitgalaxy/02-19-neural-auditor/), which apply GitGalaxy mathematics to score O(N) complexity, topological blast radius, and state flux without using ASTs.
|
|
17
|
+
* **`/recorders/` (The Exporters):** The translation layer. Converts the internal state maps into highly relational [SQLite Databases](https://squid-protocol.github.io/gitgalaxy/02-21-record-keeper/), AI-agent JSON tickets, and the final 3D WebGPU payload.
|
|
18
|
+
* **`/security/` (The Sentinel):** The zero-trust validation layer. Contains the [Security Lens](https://squid-protocol.github.io/gitgalaxy/02-06-security-lens/) responsible for intercepting embedded malware, hardcoded secrets, and logic bombs on the fly.
|
|
19
|
+
* **`/tools/` (The Spokes):** The enterprise automation layer. Contains specialized controllers for CI/CD pipelines—like the [Supply Chain Firewall](https://squid-protocol.github.io/gitgalaxy/04-03-supply-chain-firewall/) and [PII Leak Hunter](https://squid-protocol.github.io/gitgalaxy/04-06-pii-leak-hunter/)—that consume the core engine's telemetry.
|
|
20
|
+
|
|
21
|
+
---
|
|
22
|
+
|
|
23
|
+
### ⚡ Performance Showcase: NVDA (NonVisual Desktop Access)
|
|
24
|
+
|
|
25
|
+
To demonstrate the GalaxyScope orchestrator's capability on complex, cross-language system architecture, we unleashed it on **NVDA**, the open-source Windows screen reader.
|
|
26
|
+
|
|
27
|
+
Because NVDA relies heavily on bridging Python application logic with low-level C++ system hooks, it requires advanced polyglot dependency mapping. The blAST engine successfully parsed the mixed-language architecture, analyzing **236,754 lines of code** in just **5.59 seconds** (a velocity of 42,357 LOC/sec).
|
|
28
|
+
|
|
29
|
+
Crucially, during the import resolution phase, the Air-Gapped Dependency Radar successfully intercepted a structural naming collision (`fstream` vs `sstream`), proving the real-time typosquatting defenses are fully operational without relying on cloud APIs.
|
|
30
|
+
|
|
31
|
+
> **Note on False Positives:** Because `fstream` and `sstream` are both standard C++ libraries, this specific flag is a false positive. To prevent the engine from halting on trusted internal libraries, contributors can whitelist them by adding them to the global `approved_imports.json` registry (see [GitGalaxy Config](https://squid-protocol.github.io/gitgalaxy/06-01-gitgalaxy-config/)).
|
|
32
|
+
|
|
33
|
+

|
|
34
|
+
|
|
35
|
+
```text
|
|
36
|
+
[INFO] PASS_1.5: Running Air-Gapped Typosquatting & Dependency Confusion Radar...
|
|
37
|
+
[CRITICAL] 🚨 TYPOSQUATTING DETECTED: 'fstream' in nvdaHelper/vbufBase/storage.cpp closely matches anchor 'sstream'!
|
|
38
|
+
[WARNING] Intercepted 1 typosquatting attempts via repository baseline analysis.
|
|
39
|
+
...
|
|
40
|
+
[INFO] --- MISSION_SUCCESS: 849 files mapped in 5.59s ---
|
|
41
|
+
[INFO] --- ENGINE_TELEMETRY: Processed 236,754 lines of code at 42,357 LOC/s ---
|
|
42
|
+
```
|
|
43
|
+
|
|
44
|
+
---
|
|
45
|
+
|
|
46
|
+
### 🛠️ Local Development & GalaxyScope Execution
|
|
47
|
+
|
|
48
|
+
If you are modifying the internal physics or optical routing, it is highly recommended to install the package in editable mode so your CLI commands instantly reflect your local code changes.
|
|
49
|
+
|
|
50
|
+
From the **root directory** of the repository, run:
|
|
51
|
+
```bash
|
|
52
|
+
pip install -e .
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
Once installed, you can trigger the main orchestrator globally from your terminal. This command runs the full [Data Pipeline](https://squid-protocol.github.io/gitgalaxy/02-01-pipeline-overview/) and outputs the final artifact.
|
|
56
|
+
```bash
|
|
57
|
+
galaxyscope /path/to/test/repo --debug
|
|
58
|
+
```
|
|
59
|
+
|
|
60
|
+
Before submitting a Pull Request, ensure your changes do not skew the core baseline risk equations by running the test suite:
|
|
61
|
+
```bash
|
|
62
|
+
python3 -m unittest discover tests/
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
---
|
|
66
|
+
### 🌌 Deep Dive into the Pipeline Architecture
|
|
67
|
+
To fully understand how GalaxyScope processes data, maps files, and applies risk exposures, explore the official documentation:
|
|
68
|
+
|
|
69
|
+
* 📖 **[GalaxyScope CLI Reference](https://squid-protocol.github.io/gitgalaxy/01-02-galaxyscope-cli-reference/)** (Flags, outputs, and behaviors)
|
|
70
|
+
* 📖 **[The Data Pipeline Overview](https://squid-protocol.github.io/gitgalaxy/02-01-pipeline-overview/)** (Step-by-step breakdown of the runtime)
|
|
71
|
+
* 📖 **[Risk Exposures & Methodology](https://squid-protocol.github.io/gitgalaxy/08-01-methodology/)** (The math behind the heuristics)
|
|
72
|
+
* 🪐 **[Return to the Main GitGalaxy Hub](https://github.com/squid-protocol/gitgalaxy)**
|
|
@@ -215,6 +215,10 @@ class RecordKeeper:
|
|
|
215
215
|
)
|
|
216
216
|
''')
|
|
217
217
|
|
|
218
|
+
# ---> NEW: INDEXES TO PREVENT CASCADE DELETE HANGS <---
|
|
219
|
+
cursor.execute("CREATE INDEX IF NOT EXISTS idx_class_file_id ON class_data(file_id);")
|
|
220
|
+
cursor.execute("CREATE INDEX IF NOT EXISTS idx_function_file_id ON function_data(file_id);")
|
|
221
|
+
|
|
218
222
|
cursor.execute('''
|
|
219
223
|
CREATE TABLE IF NOT EXISTS dark_matter_data (
|
|
220
224
|
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
@@ -8,38 +8,38 @@ Welcome to the **GitGalaxy AI Guardrails Suite**.
|
|
|
8
8
|
|
|
9
9
|
The adoption of Generative AI has created two massive security blind spots for modern enterprise teams. First, developers are building AI features that grant LLMs dangerous levels of system access (The AppSec Threat). Second, developers are utilizing autonomous coding agents that can silently introduce architectural degradation into complex codebases (The DevSec Threat).
|
|
10
10
|
|
|
11
|
-
Legacy security scanners cannot fix this. They look for traditional SQL injection, not Prompt Injection. They rely on slow compilation cycles that fail to keep pace with AI development.
|
|
11
|
+
Legacy security scanners ([like SonarQube or Checkmarx](https://squid-protocol.github.io/gitgalaxy/04-00-security_landscape/)) cannot fix this. They look for traditional SQL injection, not Prompt Injection. They rely on slow compilation cycles that fail to keep pace with AI development, leaving you completely blind to Agentic logic loops and context shredders.
|
|
12
12
|
|
|
13
|
-
GitGalaxy maps the architectural reality of your code in seconds. We use AST-free mathematical heuristics to generate deep, contextual reports, allowing you to block dangerous AI behavior before it hits production.
|
|
13
|
+
GitGalaxy maps the architectural reality of your code in seconds. We use AST-free mathematical heuristics to generate deep, contextual reports, allowing you to block dangerous AI behavior before it ever hits production.
|
|
14
14
|
|
|
15
15
|
---
|
|
16
16
|
|
|
17
17
|
### 🛡️ Side 1: The AI AppSec Sensor (`AIAppSecSensor`)
|
|
18
18
|
*Protects your application from the AI features you build.*
|
|
19
19
|
|
|
20
|
-
Standard AST scanners frequently miss "Weaponized AI Architectures." This sensor
|
|
20
|
+
Standard AST scanners frequently miss "Weaponized AI Architectures." This sensor acts as a physical boundary, mapping the physical call-path distance between an LLM API execution and your critical system functions.
|
|
21
21
|
|
|
22
|
-
* **The RCE Funnel:** Detects LLMs wired directly to OS commands or shell executions.
|
|
23
|
-
* **The "God-Mode" Agent:** Flags autonomous tools with raw, unfiltered database access. Blocks autonomous data corruption.
|
|
24
|
-
* **The Exfiltration Vector:** Identifies LLMs accessing network sockets and cryptographic secrets
|
|
22
|
+
* **The RCE Funnel:** Detects LLMs wired directly to OS commands or shell executions. This allows you to aggressively [block Prompt-Injection-to-RCE attacks](https://squid-protocol.github.io/gitgalaxy/cookbook/prevent-agentic-rce/) in your CI/CD pipeline.
|
|
23
|
+
* **The "God-Mode" Agent:** Flags autonomous tools with raw, unfiltered database access. Blocks autonomous data corruption before it can wipe a production table.
|
|
24
|
+
* **The Exfiltration Vector:** Identifies LLMs accessing network sockets and cryptographic secrets, stopping SSRF and key exfiltration vulnerabilities cold.
|
|
25
25
|
|
|
26
26
|
---
|
|
27
27
|
|
|
28
28
|
### 🤖 Side 2: The Dev Agent Firewall (`DevAgentFirewall`)
|
|
29
29
|
*Protects your codebase from the autonomous AI tools you use.*
|
|
30
30
|
|
|
31
|
-
Not all legacy code is safe for an AI coding assistant (like Cursor, Copilot, or Claude) to modify. This firewall evaluates the structural complexity, cognitive load, and entropy of a file to determine if an AI agent will succeed, hallucinate, or silently destroy your system logic.
|
|
31
|
+
Not all legacy code is safe for an AI coding assistant (like Cursor, Copilot, or Claude) to modify. This firewall evaluates the structural complexity, cognitive load, and entropy of a file to determine if an AI agent will succeed, hallucinate, or silently destroy your system logic. By running this sensor, you can safely [sandbox autonomous agents](https://squid-protocol.github.io/gitgalaxy/cookbook/sandbox-autonomous-agents/) to only work on verified, low-complexity files.
|
|
32
32
|
|
|
33
33
|
* **Context Window Shredders:** Identifies massive files with extreme algorithmic complexity. Prevents AI context collapse and logic truncation.
|
|
34
|
-
* **The Hallucination Zone:** Highlights heavy metaprogramming with zero documentation
|
|
34
|
+
* **The Hallucination Zone:** Highlights heavy metaprogramming with zero documentation, preventing AI method hallucination and fabricated syntax.
|
|
35
35
|
* **Silent Mutation Risk:** Flags logic with a high blast radius and zero test coverage. Blocks unverifiable AI modifications.
|
|
36
|
-
* **HITL Mandate:** Detects severe technical debt. Forces a Human-In-The-Loop (HITL) code review requirement for PRs generated by AI agents.
|
|
36
|
+
* **HITL Mandate:** Detects severe technical debt. Forces a strict Human-In-The-Loop (HITL) code review requirement for PRs generated by AI agents.
|
|
37
37
|
|
|
38
38
|
---
|
|
39
39
|
|
|
40
40
|
### 🚀 Quickstart: CI/CD & Pipeline Integration
|
|
41
41
|
|
|
42
|
-
Currently, the AI Guardrails operate as deep-inspection middleware. Instead of running as standalone
|
|
42
|
+
Currently, the AI Guardrails operate as deep-inspection middleware. Instead of running as standalone commands, these sensors seamlessly inject themselves into the primary `galaxyscope` analysis pipeline to evaluate project telemetry in real-time.
|
|
43
43
|
|
|
44
44
|
#### 1. Local CLI Execution
|
|
45
45
|
Run a standard scan using the global PyPI package. The guardrails will automatically evaluate the ecosystem and report critical Agentic vulnerabilities.
|
|
@@ -75,7 +75,7 @@ jobs:
|
|
|
75
75
|
### 🌌 Powered by the blAST Engine (Bypassing LLMs and ASTs)
|
|
76
76
|
This tool is a modular enterprise integration within the broader GitGalaxy architecture. It is driven by our custom mathematical heuristics engine, capable of mapping multi-dimensional relationships at extreme velocity without requiring rigid ASTs. Read the official documentation to see the structural methodologies powering these guardrails:
|
|
77
77
|
|
|
78
|
-
* 📖 **[AI AppSec Sensor Architecture](
|
|
79
|
-
* 📖 **[Dev Agent Firewall Mechanics](
|
|
80
|
-
* 📖 **[Logic Bomb & Injection Surface Risk Equations](
|
|
78
|
+
* 📖 **[AI AppSec Sensor Architecture](https://squid-protocol.github.io/gitgalaxy/02-17-ai-appsec-sensor/)**
|
|
79
|
+
* 📖 **[Dev Agent Firewall Mechanics](https://squid-protocol.github.io/gitgalaxy/02-18-dev-agent-firewall/)**
|
|
80
|
+
* 📖 **[Logic Bomb & Injection Surface Risk Equations](https://squid-protocol.github.io/gitgalaxy/08-20-logic-bomb-exposure/)**
|
|
81
81
|
* 🪐 **[Return to the Main GitGalaxy Hub](https://github.com/squid-protocol/gitgalaxy)**
|
|
@@ -4,16 +4,16 @@
|
|
|
4
4
|
[](#)
|
|
5
5
|
[](#)
|
|
6
6
|
|
|
7
|
-
Welcome to the **GitGalaxy Mainframe Modernization Suite**. This is a deterministic, high-speed static analysis suite designed to safely slice, sanitize, and
|
|
7
|
+
Welcome to the **GitGalaxy Mainframe Modernization Suite**. This is a deterministic, high-speed static analysis suite designed to safely slice, sanitize, and [map monolithic legacy systems](https://squid-protocol.github.io/gitgalaxy/cookbook/map-cobol-monoliths/).
|
|
8
8
|
|
|
9
9
|
**Mainframe Proven:** The outputs of these architectural tools natively compile against raw MVS 3.8j operating systems (1974 Hercules Mainframe), while simultaneously scaffolding modern cloud environments.
|
|
10
10
|
|
|
11
11
|
### 🔄 The Modernization Pipeline
|
|
12
12
|
|
|
13
|
-
You point the
|
|
13
|
+
You point the [Legacy Refraction Controller](https://squid-protocol.github.io/gitgalaxy/05-01-legacy-refraction-controller/) at a massive, undocumented COBOL repository. It translates a chaotic folder of `.cbl` files into a deterministic execution pipeline:
|
|
14
14
|
|
|
15
15
|
* **The Assessment:** Dynamically scales between high-speed RAM and SQLite3.
|
|
16
|
-
* **Dead Code Extraction:** Uses structural heuristics to mathematically map and extract orphaned memory and dead code bloat. *(AST-Free)*
|
|
16
|
+
* **Dead Code Extraction:** Uses structural heuristics to mathematically map and [extract orphaned memory and dead code bloat](https://squid-protocol.github.io/gitgalaxy/cookbook/identifying-dead-code-in-cobol/). *(AST-Free)*
|
|
17
17
|
* **Dependency Mapping:** Maps data lineage to deflect dead dependencies.
|
|
18
18
|
* **Asset Generation:** Generates pristine PostgreSQL schemas, JSON APIs, and compile-ready JCLs.
|
|
19
19
|
|
|
@@ -24,28 +24,29 @@ You point the Migration Controller at a massive, undocumented COBOL repository.
|
|
|
24
24
|
This suite is built on a modular Hub-and-Spoke architecture. Every Python script acts as an independent CLI tool or is orchestrated centrally.
|
|
25
25
|
|
|
26
26
|
#### 1. Pre-Processors & Sensors
|
|
27
|
-
* **Lexical Patcher (`cobol_lexical_patcher.py`):** Safely neutralizes legacy compiler traps.
|
|
28
|
-
* **System Limits Reporter (`cobol_system_limits_reporter.py`):** Flags non-deterministic routing logic and system constraint breaches.
|
|
27
|
+
* **[Lexical Patcher](https://squid-protocol.github.io/gitgalaxy/05-13-lexical-patcher/) (`cobol_lexical_patcher.py`):** Safely neutralizes legacy compiler traps.
|
|
28
|
+
* **[System Limits Reporter](https://squid-protocol.github.io/gitgalaxy/05-17-system-limits-reporter/) (`cobol_system_limits_reporter.py`):** Flags non-deterministic routing logic and system constraint breaches.
|
|
29
29
|
<br>
|
|
30
30
|
|
|
31
31
|
#### 2. Extractors & Slicers
|
|
32
|
-
* **Graveyard
|
|
32
|
+
* **[Graveyard Reaper](https://squid-protocol.github.io/gitgalaxy/05-10-graveyard-reaper/) (`cobol_graveyard_finder.py`):** Expands copybooks to calculate dead code bloat.
|
|
33
33
|
<br>
|
|
34
|
-
* **DAG Architect (`cobol_dag_architect.py`):** Maps data lineage to mathematically calculate zero-trust execution topology.
|
|
34
|
+
* **[DAG Architect](https://squid-protocol.github.io/gitgalaxy/05-08-dag-architect/) (`cobol_dag_architect.py`):** Maps data lineage to [mathematically calculate zero-trust execution topology](https://squid-protocol.github.io/gitgalaxy/cookbook/creating-dag-from-cobol-files/).
|
|
35
35
|
<br>
|
|
36
|
-
* **Microservice Slicer (`cobol_microservice_slicer.py`):** Executes 3-pass recursive variable taint-tracking.
|
|
36
|
+
* **[Microservice Slicer](https://squid-protocol.github.io/gitgalaxy/05-14-microservice-slicer/) (`cobol_microservice_slicer.py`):** Executes 3-pass recursive variable taint-tracking for safe [business logic extraction](https://squid-protocol.github.io/gitgalaxy/cookbook/cobol-microservice-slicing/).
|
|
37
37
|
<br>
|
|
38
|
-
* **ETL Unpacker (`cobol_etl_unpacker.py`):** Translates binary EBCDIC and Packed Decimal to CSVs.
|
|
38
|
+
* **[ETL Unpacker](https://squid-protocol.github.io/gitgalaxy/05-09-etl-unpacker/) (`cobol_etl_unpacker.py`):** Translates binary EBCDIC and Packed Decimal to CSVs to [unpack hidden ETL flows](https://squid-protocol.github.io/gitgalaxy/cookbook/unpacking-etl-from-cbl-files/).
|
|
39
39
|
|
|
40
40
|
#### 3. Cloud & Mainframe Forges
|
|
41
|
-
* **Compiler Forge (`cobol_compiler_forge.py`):** Flattens copybooks and generates era-aware build JCLs.
|
|
41
|
+
* **[Compiler Forge](https://squid-protocol.github.io/gitgalaxy/05-07-mainframe-compiler-forge/) (`cobol_compiler_forge.py`):** Flattens copybooks and generates era-aware build JCLs.
|
|
42
42
|
<br>
|
|
43
|
-
* **Cloud Schema Forge (`cobol_schema_forge.py`):** Translates `PIC` clauses to strict PostgreSQL
|
|
43
|
+
* **[Cloud Schema Forge](https://squid-protocol.github.io/gitgalaxy/05-15-cloud-schema-forge/) (`cobol_schema_forge.py`):** Translates `PIC` clauses to [strict PostgreSQL DDL schemas](https://squid-protocol.github.io/gitgalaxy/cookbook/creating-schema-from-cobol-files/).
|
|
44
44
|
<br>
|
|
45
|
-
* **Zero-Trust JCL Forge (`cobol_jcl_forge.py`):** Extracts `SELECT` mappings to auto-generate strict, least-privilege JCL emulators.
|
|
46
|
-
|
|
45
|
+
* **[Zero-Trust JCL Forge](https://squid-protocol.github.io/gitgalaxy/05-12-zero-trust-jcl-forge/) (`cobol_jcl_forge.py`):** Extracts `SELECT` mappings to [auto-generate strict, least-privilege JCL emulators](https://squid-protocol.github.io/gitgalaxy/cookbook/creating-jcl-from-cobol-files/).
|
|
46
|
+
<br>
|
|
47
|
+
|
|
47
48
|
#### 4. The AI Remediation Boundary
|
|
48
|
-
* **Anomaly Task Forge (`cobol_agent_task_forge.py`):** Isolates structural anomalies into bounded JSON job tickets for LLM remediation.
|
|
49
|
+
* **[Anomaly Task Forge](https://squid-protocol.github.io/gitgalaxy/05-16-anomaly-agent-task-forge/) (`cobol_agent_task_forge.py`):** Isolates structural anomalies into bounded JSON job tickets for LLM remediation.
|
|
49
50
|
|
|
50
51
|
---
|
|
51
52
|
|
|
@@ -165,7 +166,7 @@ The controller generates a timestamped `_gitgalaxy_clean` directory containing:
|
|
|
165
166
|
### 🌌 Powered by the blAST Engine (Bypassing LLMs and ASTs)
|
|
166
167
|
This tool is a modular enterprise integration within the broader GitGalaxy architecture. It is driven by our custom mathematical heuristics engine, capable of mapping multi-dimensional relationships at extreme velocity without requiring rigid ASTs. Read the official documentation to explore the architecture of the modernization controllers:
|
|
167
168
|
|
|
168
|
-
* 📖 **[The Legacy
|
|
169
|
-
* 📖 **[Dead Code Extraction Mathematics](
|
|
170
|
-
* 📖 **[Zero-Trust JCL Forge Mechanics](
|
|
169
|
+
* 📖 **[The Legacy Refraction Controller](https://squid-protocol.github.io/gitgalaxy/05-01-legacy-refraction-controller/)**
|
|
170
|
+
* 📖 **[Dead Code Extraction Mathematics](https://squid-protocol.github.io/gitgalaxy/05-10-graveyard-reaper/)**
|
|
171
|
+
* 📖 **[Zero-Trust JCL Forge Mechanics](https://squid-protocol.github.io/gitgalaxy/05-12-zero-trust-jcl-forge/)**
|
|
171
172
|
* 🪐 **[Return to the Main GitGalaxy Hub](https://github.com/squid-protocol/gitgalaxy)**
|
|
@@ -1,10 +1,13 @@
|
|
|
1
1
|
#!/usr/bin/env python3
|
|
2
2
|
# ==============================================================================
|
|
3
|
-
# GitGalaxy Spoke: Zero-Trust Meta Auditor (
|
|
3
|
+
# GitGalaxy Spoke: Zero-Trust Meta Auditor (v5 - CLI Enabled)
|
|
4
4
|
# Purpose: Compares forged JCLs against original IBM legacy JCLs to calculate
|
|
5
5
|
# exact code bloat reduction and over-permissioned I/O shedding.
|
|
6
6
|
# ==============================================================================
|
|
7
|
+
import argparse
|
|
8
|
+
import json
|
|
7
9
|
import re
|
|
10
|
+
import sys
|
|
8
11
|
from pathlib import Path
|
|
9
12
|
|
|
10
13
|
SYSTEM_DDS = {"STEPLIB", "SYSOUT", "SYSPRINT", "SYSUDUMP", "SYSIN", "CEEDUMP", "DFHCSD", "IGZDDOP"}
|
|
@@ -39,7 +42,7 @@ def parse_jcl_intent(filepath: Path) -> dict:
|
|
|
39
42
|
return metrics
|
|
40
43
|
|
|
41
44
|
def audit_zero_trust_jcls(forged_dir: Path, original_dir: Path) -> dict:
|
|
42
|
-
"""
|
|
45
|
+
"""Core logic to fetch bloat metrics."""
|
|
43
46
|
legacy_jcls = list(original_dir.rglob("*.[jJ][cC][lL]")) + list(original_dir.rglob("*.txt"))
|
|
44
47
|
legacy_map = {}
|
|
45
48
|
|
|
@@ -48,7 +51,7 @@ def audit_zero_trust_jcls(forged_dir: Path, original_dir: Path) -> dict:
|
|
|
48
51
|
if forged_dir in lj.parents: continue
|
|
49
52
|
metrics = parse_jcl_intent(lj)
|
|
50
53
|
for pgm in metrics["exec_pgms"]:
|
|
51
|
-
# If multiple legacy JCLs call the same program, keep the biggest one
|
|
54
|
+
# If multiple legacy JCLs call the same program, keep the biggest one
|
|
52
55
|
if pgm not in legacy_map or metrics.get("lines_of_code", 0) > legacy_map[pgm].get("lines_of_code", 0):
|
|
53
56
|
legacy_map[pgm] = {"file": lj, "metrics": metrics}
|
|
54
57
|
|
|
@@ -90,4 +93,57 @@ def audit_zero_trust_jcls(forged_dir: Path, original_dir: Path) -> dict:
|
|
|
90
93
|
else:
|
|
91
94
|
report["bloat_reduction_pct"] = 0.0
|
|
92
95
|
|
|
93
|
-
return report
|
|
96
|
+
return report
|
|
97
|
+
|
|
98
|
+
def main():
|
|
99
|
+
parser = argparse.ArgumentParser(description="GitGalaxy Zero-Trust Meta Auditor (v5)")
|
|
100
|
+
parser.add_argument("forged", help="Directory containing the forged GitGalaxy JCLs")
|
|
101
|
+
parser.add_argument("legacy", help="Directory containing the original legacy IBM JCLs")
|
|
102
|
+
parser.add_argument("--json", action="store_true", help="Output raw JSON instead of a formatted terminal report")
|
|
103
|
+
|
|
104
|
+
args = parser.parse_args()
|
|
105
|
+
forged_path = Path(args.forged).resolve()
|
|
106
|
+
legacy_path = Path(args.legacy).resolve()
|
|
107
|
+
|
|
108
|
+
if not forged_path.exists() or not legacy_path.exists():
|
|
109
|
+
print("\n[!] ERROR: One or both directories do not exist.")
|
|
110
|
+
sys.exit(1)
|
|
111
|
+
|
|
112
|
+
# Run the audit
|
|
113
|
+
report = audit_zero_trust_jcls(forged_path, legacy_path)
|
|
114
|
+
|
|
115
|
+
# Output routing
|
|
116
|
+
if args.json:
|
|
117
|
+
print(json.dumps(report, indent=2))
|
|
118
|
+
sys.exit(0)
|
|
119
|
+
|
|
120
|
+
# CLI Terminal Vibe
|
|
121
|
+
print("\n==============================================================")
|
|
122
|
+
print(" 🛡️ GitGalaxy Spoke: Zero-Trust Meta Auditor (v5)")
|
|
123
|
+
print("==============================================================")
|
|
124
|
+
print(f" [*] Forged Dir : {forged_path.name}")
|
|
125
|
+
print(f" [*] Legacy Root : {legacy_path.name}")
|
|
126
|
+
print("--------------------------------------------------------------")
|
|
127
|
+
|
|
128
|
+
if report["audited"] == 0:
|
|
129
|
+
print(" [!] No matching execution intents found between the directories.")
|
|
130
|
+
print(" Ensure your forged JCLs share PROGRAM-IDs with the legacy corpus.")
|
|
131
|
+
else:
|
|
132
|
+
print(" PROGRAM BREAKDOWN:")
|
|
133
|
+
for pgm, data in report["program_breakdown"].items():
|
|
134
|
+
loc = str(data['loc_saved']).rjust(4)
|
|
135
|
+
io = str(data['io_blocked']).rjust(2)
|
|
136
|
+
print(f" [+] {pgm.ljust(10)} | LOC Saved: {loc} | I/O Blocked: {io} | Ref: {data['legacy_file']}")
|
|
137
|
+
|
|
138
|
+
print("--------------------------------------------------------------")
|
|
139
|
+
print(" 📊 FINAL AUDIT METRICS:")
|
|
140
|
+
print(f" > Programs Audited : {report['audited']}")
|
|
141
|
+
print(f" > Original Legacy LOC : {report['original_loc']}")
|
|
142
|
+
print(f" > GitGalaxy Forged LOC : {report['forged_loc']}")
|
|
143
|
+
print(f" > Bloat Reduction : {report['bloat_reduction_pct']}%")
|
|
144
|
+
print(f" > Over-Permissioned I/O : {report['excess_dds_blocked']} Boundaries Shed")
|
|
145
|
+
|
|
146
|
+
print("==============================================================\n")
|
|
147
|
+
|
|
148
|
+
if __name__ == "__main__":
|
|
149
|
+
main()
|
|
@@ -0,0 +1,185 @@
|
|
|
1
|
+
#!/usr/bin/env python3
|
|
2
|
+
# ==============================================================================
|
|
3
|
+
# GitGalaxy Spoke: Zero-Trust JCL Forge (v5 - Hygienic Defaults)
|
|
4
|
+
# ==============================================================================
|
|
5
|
+
import argparse
|
|
6
|
+
import sys
|
|
7
|
+
import re
|
|
8
|
+
from pathlib import Path
|
|
9
|
+
from datetime import datetime
|
|
10
|
+
|
|
11
|
+
def analyze_cobol_intent(filepath: Path) -> dict:
|
|
12
|
+
intent = {
|
|
13
|
+
"program_id": "UNKNOWN",
|
|
14
|
+
"files_requested": [],
|
|
15
|
+
"is_cics": False,
|
|
16
|
+
"is_db2": False,
|
|
17
|
+
"cics_calls": 0,
|
|
18
|
+
"sql_calls": 0
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
try:
|
|
22
|
+
raw_content = filepath.read_text(encoding='utf-8', errors='ignore')
|
|
23
|
+
|
|
24
|
+
# 1. THE FLATTENER: Strip punch-card formatting
|
|
25
|
+
clean_lines = []
|
|
26
|
+
for line in raw_content.splitlines():
|
|
27
|
+
if len(line) > 6 and line[6] in ('*', '/'):
|
|
28
|
+
continue
|
|
29
|
+
clean_lines.append(line[7:] if len(line) > 7 else line)
|
|
30
|
+
|
|
31
|
+
monolith_code = " ".join(clean_lines)
|
|
32
|
+
|
|
33
|
+
# 2. EXTRACT PROGRAM-ID (With fallback to file name)
|
|
34
|
+
prog_id_match = re.search(r'PROGRAM-ID\.\s+[\'"]?([A-Z0-9\-]+)[\'"]?', monolith_code, re.IGNORECASE)
|
|
35
|
+
if prog_id_match:
|
|
36
|
+
intent["program_id"] = prog_id_match.group(1).strip()
|
|
37
|
+
else:
|
|
38
|
+
intent["program_id"] = filepath.stem.upper()
|
|
39
|
+
|
|
40
|
+
# 3. BATCH I/O: Extract all File Assignments
|
|
41
|
+
file_assign_pattern = re.compile(r'SELECT\s+([A-Z0-9\-]+)\s+ASSIGN\s+(?:TO\s+)?([A-Z0-9\-]+)[^.]*\.', re.IGNORECASE)
|
|
42
|
+
for match in file_assign_pattern.finditer(monolith_code):
|
|
43
|
+
internal_name = match.group(1).strip()
|
|
44
|
+
raw_dd = match.group(2).strip()
|
|
45
|
+
clean_dd = re.sub(r'^(?:UT|UR)-S-', '', raw_dd)
|
|
46
|
+
intent["files_requested"].append({"internal": internal_name, "dd_name": clean_dd})
|
|
47
|
+
|
|
48
|
+
# 4. TRANSACTIONAL I/O: Detect EXEC CICS blocks
|
|
49
|
+
cics_matches = re.findall(r'EXEC\s+CICS.*?END-EXEC\.', monolith_code, re.IGNORECASE)
|
|
50
|
+
if cics_matches:
|
|
51
|
+
intent["is_cics"] = True
|
|
52
|
+
intent["cics_calls"] = len(cics_matches)
|
|
53
|
+
|
|
54
|
+
# 5. DATABASE I/O: Detect EXEC SQL blocks
|
|
55
|
+
sql_matches = re.findall(r'EXEC\s+SQL.*?END-EXEC\.', monolith_code, re.IGNORECASE)
|
|
56
|
+
if sql_matches:
|
|
57
|
+
intent["is_db2"] = True
|
|
58
|
+
intent["sql_calls"] = len(sql_matches)
|
|
59
|
+
|
|
60
|
+
except Exception as e:
|
|
61
|
+
print(f" [!] Intent Forge Error on {filepath.name}: {e}")
|
|
62
|
+
|
|
63
|
+
return intent
|
|
64
|
+
|
|
65
|
+
def generate_zero_trust_jcl(intent: dict, job_name: str, account_code: str, lineage: dict = None, corporate_header: str = "") -> str:
|
|
66
|
+
if lineage is None: lineage = {"inputs": set(), "outputs": set()}
|
|
67
|
+
prog_name = intent["program_id"]
|
|
68
|
+
jcl = []
|
|
69
|
+
|
|
70
|
+
jcl.append(f"//{job_name} JOB ({account_code}),'GITGALAXY FORGE',")
|
|
71
|
+
jcl.append(f"// CLASS=A,MSGCLASS=A,MSGLEVEL=(1,1),")
|
|
72
|
+
jcl.append(f"// USER=HERC01,PASSWORD=CUL8TR,")
|
|
73
|
+
jcl.append(f"// TIME=10,REGION=4M")
|
|
74
|
+
jcl.append(f"//* ==========================================================")
|
|
75
|
+
jcl.append(f"//* AUTOGENERATED BY GITGALAXY ZERO-TRUST FORGE")
|
|
76
|
+
|
|
77
|
+
arch_flags = []
|
|
78
|
+
if intent["is_cics"]: arch_flags.append("CICS")
|
|
79
|
+
if intent["is_db2"]: arch_flags.append("DB2")
|
|
80
|
+
if arch_flags:
|
|
81
|
+
jcl.append(f"//* ARCHITECTURE REQUIRES: {' + '.join(arch_flags)}")
|
|
82
|
+
|
|
83
|
+
jcl.append(f"//* ==========================================================")
|
|
84
|
+
jcl.append(f"//STEP01 EXEC PGM={prog_name}")
|
|
85
|
+
jcl.append(f"//STEPLIB DD DSN=HERC01.LOADLIB,DISP=SHR")
|
|
86
|
+
jcl.append(f"//SYSOUT DD SYSOUT=*")
|
|
87
|
+
jcl.append(f"//SYSPRINT DD SYSOUT=*")
|
|
88
|
+
jcl.append(f"//SYSUDUMP DD SYSOUT=*")
|
|
89
|
+
|
|
90
|
+
if intent["files_requested"]:
|
|
91
|
+
jcl.append(f"//* --- EXTRACTED FILE INTENT BOUNDARIES ---")
|
|
92
|
+
for file in intent["files_requested"]:
|
|
93
|
+
raw_dd = file["dd_name"]
|
|
94
|
+
dd = re.sub(r'[^A-Z0-9]', '', raw_dd.upper())
|
|
95
|
+
if len(dd) > 8: dd = dd[-8:]
|
|
96
|
+
|
|
97
|
+
if raw_dd in lineage.get('outputs', set()): disp = "(NEW,CATLG,DELETE)"
|
|
98
|
+
elif raw_dd in lineage.get('inputs', set()): disp = "SHR"
|
|
99
|
+
else: disp = "SHR"
|
|
100
|
+
|
|
101
|
+
jcl.append(f"//{dd.ljust(8)} DD DSN=HERC01.DATA.{dd},")
|
|
102
|
+
if "NEW" in disp:
|
|
103
|
+
jcl.append(f"// DISP={disp},")
|
|
104
|
+
jcl.append(f"// UNIT=SYSDA,")
|
|
105
|
+
jcl.append(f"// SPACE=(CYL,(5,1),RLSE),")
|
|
106
|
+
jcl.append(f"// DCB=(LRECL=80,RECFM=FB,BLKSIZE=800)")
|
|
107
|
+
else:
|
|
108
|
+
jcl.append(f"// DISP={disp}")
|
|
109
|
+
if "SHR" in disp and raw_dd not in lineage.get('inputs', set()):
|
|
110
|
+
jcl.append(f"//* WARNING: NO EXPLICIT OPEN INTENT FOR {dd}")
|
|
111
|
+
jcl.append("//")
|
|
112
|
+
return "\n".join(jcl)
|
|
113
|
+
|
|
114
|
+
def main():
|
|
115
|
+
parser = argparse.ArgumentParser(description="GitGalaxy Zero-Trust JCL Forge (v5)")
|
|
116
|
+
parser.add_argument("target", help="Target directory or specific COBOL file")
|
|
117
|
+
parser.add_argument("--job", default="GITGJOB", help="Job name for the generated JCL")
|
|
118
|
+
parser.add_argument("--acct", default="12345", help="Account code for the generated JCL")
|
|
119
|
+
parser.add_argument("--out", type=str, help="Output directory (default: hygienic timestamped folder)")
|
|
120
|
+
args = parser.parse_args()
|
|
121
|
+
|
|
122
|
+
target_path = Path(args.target).resolve()
|
|
123
|
+
|
|
124
|
+
if target_path.is_dir():
|
|
125
|
+
extensions = ("*.cbl", "*.CBL", "*.cob", "*.COB", "*.ccp", "*.CCP")
|
|
126
|
+
cobol_files = []
|
|
127
|
+
for ext in extensions:
|
|
128
|
+
cobol_files.extend(target_path.rglob(ext))
|
|
129
|
+
else:
|
|
130
|
+
cobol_files = [target_path]
|
|
131
|
+
|
|
132
|
+
if not cobol_files:
|
|
133
|
+
print(f"\n[!] ERROR: No COBOL source files found in: {target_path}")
|
|
134
|
+
sys.exit(1)
|
|
135
|
+
|
|
136
|
+
# --- THE HYGIENIC DEFAULT LOGIC ---
|
|
137
|
+
if args.out:
|
|
138
|
+
out_dir = Path(args.out).resolve()
|
|
139
|
+
else:
|
|
140
|
+
timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
|
|
141
|
+
if target_path.is_dir():
|
|
142
|
+
# e.g., cics-genapp -> cics-genapp_forged_20260425_161559
|
|
143
|
+
out_dir = target_path.parent / f"{target_path.name}_forged_{timestamp}"
|
|
144
|
+
else:
|
|
145
|
+
out_dir = target_path.parent / f"forged_jcls_{timestamp}"
|
|
146
|
+
|
|
147
|
+
# Create the directory
|
|
148
|
+
out_dir.mkdir(parents=True, exist_ok=True)
|
|
149
|
+
|
|
150
|
+
print("\n==============================================================")
|
|
151
|
+
print(" 🚀 GitGalaxy Spoke: Zero-Trust JCL Forge (v5)")
|
|
152
|
+
print("==============================================================")
|
|
153
|
+
print(f" [*] Target Path : {target_path}")
|
|
154
|
+
print(f" [*] Output Dir : {out_dir}")
|
|
155
|
+
print(f" [*] Files Found : {len(cobol_files)}")
|
|
156
|
+
print("--------------------------------------------------------------")
|
|
157
|
+
|
|
158
|
+
success_count = 0
|
|
159
|
+
for file_path in cobol_files:
|
|
160
|
+
intent = analyze_cobol_intent(file_path)
|
|
161
|
+
jcl_output = generate_zero_trust_jcl(intent, args.job[:8].upper(), args.acct)
|
|
162
|
+
|
|
163
|
+
# Output strictly locked to the designated hygienic folder
|
|
164
|
+
out_path = out_dir / f"{intent['program_id']}.jcl"
|
|
165
|
+
out_path.write_text(jcl_output, encoding='utf-8')
|
|
166
|
+
|
|
167
|
+
io_parts = []
|
|
168
|
+
if len(intent['files_requested']) > 0:
|
|
169
|
+
io_parts.append(f"{len(intent['files_requested'])} Batch I/O")
|
|
170
|
+
if intent['cics_calls'] > 0:
|
|
171
|
+
io_parts.append(f"{intent['cics_calls']} CICS")
|
|
172
|
+
if intent['sql_calls'] > 0:
|
|
173
|
+
io_parts.append(f"{intent['sql_calls']} SQL")
|
|
174
|
+
|
|
175
|
+
io_str = f"({', '.join(io_parts)})" if io_parts else "(No I/O)"
|
|
176
|
+
|
|
177
|
+
print(f" [+] Forged: {file_path.name.ljust(15)} -> {out_path.name.ljust(15)} {io_str}")
|
|
178
|
+
success_count += 1
|
|
179
|
+
|
|
180
|
+
print("--------------------------------------------------------------")
|
|
181
|
+
print(f" [✓] Done! Successfully forged {success_count} JCL(s).")
|
|
182
|
+
print("==============================================================\n")
|
|
183
|
+
|
|
184
|
+
if __name__ == "__main__":
|
|
185
|
+
main()
|
|
@@ -4,15 +4,15 @@
|
|
|
4
4
|
[](#)
|
|
5
5
|
[](#)
|
|
6
6
|
|
|
7
|
-
Most legacy modernization efforts fail because they feed raw, monolithic COBOL directly into an LLM.
|
|
7
|
+
Most legacy modernization efforts fail because they feed raw, monolithic COBOL directly into an LLM. As seen across the [DevSecOps Competitive Landscape](https://squid-protocol.github.io/gitgalaxy/04-00-security_landscape/), relying purely on AI or generic ASTs leads to hallucinations, memory leaks, and broken architectures.
|
|
8
8
|
|
|
9
|
-
GitGalaxy flips the paradigm. We use deterministic mathematical
|
|
9
|
+
GitGalaxy flips the paradigm. We use the deterministic, mathematical [blAST Engine](https://squid-protocol.github.io/gitgalaxy/01-03-the-blast-paradigm/) to build a structurally perfect, 100% compiling Java Spring Boot architecture *first*, and only use AI for the final isolated logic.
|
|
10
10
|
|
|
11
11
|
This pipeline has been stress-tested across a randomized corpus of 27 distinct legacy COBOL repositories (including complex IBM CICS applications), generating structurally sound, Maven-compilable Spring Boot systems without human intervention.
|
|
12
12
|
|
|
13
13
|
### 🧪 The Ultimate CI/CD Stress Test
|
|
14
14
|
|
|
15
|
-
To prove the viability of this deterministic approach, the Java Forge was subjected to an
|
|
15
|
+
To prove the viability of this deterministic approach, the Java Forge was subjected to an [Automated Batch Test](https://squid-protocol.github.io/gitgalaxy/05-06-batch-test-harness/) across 27 diverse repositories.
|
|
16
16
|
|
|
17
17
|
<br>
|
|
18
18
|
|
|
@@ -33,40 +33,40 @@ We do not claim to magically translate entire enterprise systems with zero human
|
|
|
33
33
|
|
|
34
34
|
* **What We Automate:** Exact memory mapping, JPA entities, REST controllers, and complete Maven build systems.
|
|
35
35
|
* **What We Delegate:** Highly specific, isolated internal business logic.
|
|
36
|
-
* **How We Scale:** We generate strict JSON
|
|
36
|
+
* **How We Scale:** We generate [strict JSON Autonomous Agent Tickets](https://squid-protocol.github.io/gitgalaxy/05-05-autonomous-agent-tickets/) containing isolated logic slices.
|
|
37
37
|
* **Zero Hallucinations:** AI agents are restricted to filling in the pre-wired methods, preventing architectural hallucinations.
|
|
38
38
|
|
|
39
39
|
---
|
|
40
40
|
|
|
41
41
|
### 🏗️ How It Works: Deterministic Scaffolding
|
|
42
42
|
|
|
43
|
-
The `cobol_to_java_controller.py` ingests the JSON Intermediate Representation (IR) generated by the Mainframe Modernization Suite. It then orchestrates a suite of specialized architectural forges.
|
|
43
|
+
The `cobol_to_java_controller.py` ingests the JSON Intermediate Representation (IR) generated by the Mainframe Modernization Suite. It then orchestrates a suite of specialized architectural forges to seamlessly [Scaffold Java Spring Boot](https://squid-protocol.github.io/gitgalaxy/cookbook/scaffold-spring-boot/).
|
|
44
44
|
|
|
45
|
-
#### 1. Entity & Memory Mapping Forge
|
|
46
|
-
Translates legacy schema boundaries into strict Spring Boot `@Entity` classes.
|
|
45
|
+
#### 1. [Entity & Memory Mapping Forge](https://squid-protocol.github.io/gitgalaxy/05-03-entity-and-memory-mapping/)
|
|
46
|
+
Translates legacy schema boundaries into strict Spring Boot `@Entity` classes. Read the [Entity Forge Cookbook Recipe](https://squid-protocol.github.io/gitgalaxy/cookbook/cobol-to-java-spring-boot-entity-forge/).
|
|
47
47
|
* **Precision Mapping:** Translates complex `PIC` clauses to `BigDecimal`.
|
|
48
48
|
* **Array Resolution:** Resolves `OCCURS` arrays into `List` collections.
|
|
49
49
|
* **Memory Overlays:** Maps `REDEFINES` memory overlays as transient aliases.
|
|
50
50
|
|
|
51
|
-
#### 2. The API Contract & Service Forge
|
|
52
|
-
Translates the DAG lineage intent into modern REST Controllers and auto-wires the `@Service` layer.
|
|
51
|
+
#### 2. [The API Contract & Service Forge](https://squid-protocol.github.io/gitgalaxy/05-04-api-and-service-contracts/)
|
|
52
|
+
Translates the DAG lineage intent into modern REST Controllers and auto-wires the `@Service` layer. View the [REST API](https://squid-protocol.github.io/gitgalaxy/cookbook/cobol-to-java-REST-API-generation/) and [Service Forge](https://squid-protocol.github.io/gitgalaxy/cookbook/cobol-to-java-spring-boot-service-forge/) recipes.
|
|
53
53
|
* **Paradigm Detection:** Detects batch vs. transactional data paradigms.
|
|
54
54
|
* **Controller Generation:** Builds specific REST controller endpoints.
|
|
55
55
|
* **Mock Service Shield:** Generates mock services for missing external dependencies.
|
|
56
56
|
|
|
57
|
-
#### 3. EBCDIC Decoder Forge
|
|
57
|
+
#### 3. [EBCDIC Decoder Forge (Data Serialization)](https://squid-protocol.github.io/gitgalaxy/cookbook/cobol-to-java-mainframe-data-serialization-forge/)
|
|
58
58
|
Automatically generates the utility classes necessary to read raw mainframe byte streams.
|
|
59
59
|
* **Legacy Unpacking:** Safely unpacks Packed Decimal (`COMP-3`) data.
|
|
60
60
|
* **Boundary Validation:** Validates hex-boundaries to prevent runtime crashes.
|
|
61
61
|
* **Format Translation:** Decodes raw EBCDIC strings to standard UTF-8.
|
|
62
62
|
|
|
63
|
-
#### 4. The Build System Forge
|
|
63
|
+
#### 4. [The Build System Forge](https://squid-protocol.github.io/gitgalaxy/cookbook/cobol-to-java-automated-spring-boot-build-system/)
|
|
64
64
|
Generates the configuration files required for instant compilation.
|
|
65
65
|
* **Dependency Management:** Generates production-ready Maven `pom.xml`.
|
|
66
66
|
* **Environment Config:** Configures Spring Boot `application.yml`.
|
|
67
67
|
* **Instant Verification:** Ensures instant out-of-the-box compilation.
|
|
68
68
|
|
|
69
|
-
#### 5. The AI Boundary (Agent Task Forge)
|
|
69
|
+
#### 5. [The AI Boundary (Anomaly Agent Task Forge)](https://squid-protocol.github.io/gitgalaxy/05-16-anomaly-agent-task-forge/)
|
|
70
70
|
Packages the remaining logic into strict JSON tickets for LLMs or human engineers.
|
|
71
71
|
* **Logic Extraction:** Extracts isolated business rules from the monolith.
|
|
72
72
|
* **Ticket Generation:** Packages strict JSON tickets with required inputs/outputs.
|
|
@@ -101,7 +101,7 @@ Don't just take our word for it. We have published the raw, unedited artifacts g
|
|
|
101
101
|
### 🌌 Powered by the blAST Engine (Bypassing LLMs and ASTs)
|
|
102
102
|
This tool is a modular enterprise integration within the broader GitGalaxy architecture. It is driven by our custom mathematical heuristics engine, capable of mapping multi-dimensional relationships at extreme velocity. Dive into the official wiki to understand the exact translation mechanics and memory-mapping heuristics:
|
|
103
103
|
|
|
104
|
-
* 📖 **[Spring Boot Scaffolding Logic](
|
|
105
|
-
* 📖 **[Entity & Memory Mapping Rules](
|
|
106
|
-
* 📖 **[API & Service Contract Generation](
|
|
104
|
+
* 📖 **[Spring Boot Scaffolding Logic](https://squid-protocol.github.io/gitgalaxy/05-02-spring-boot-scaffolding/)**
|
|
105
|
+
* 📖 **[Entity & Memory Mapping Rules](https://squid-protocol.github.io/gitgalaxy/05-03-entity-and-memory-mapping/)**
|
|
106
|
+
* 📖 **[API & Service Contract Generation](https://squid-protocol.github.io/gitgalaxy/05-04-api-and-service-contracts/)**
|
|
107
107
|
* 🪐 **[Return to the Main GitGalaxy Hub](https://github.com/squid-protocol/gitgalaxy)**
|