gitgalaxy 2.3.8__tar.gz → 2.3.10__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- gitgalaxy-2.3.10/.galaxyscope.yaml +13 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/.github/workflows/deploy-docs.yml +1 -1
- gitgalaxy-2.3.10/.github/workflows/gitgalaxy-artifacts.yml +72 -0
- gitgalaxy-2.3.10/.github/workflows/gitgalaxy-audit.yml +50 -0
- gitgalaxy-2.3.10/.github/workflows/gitgalaxy.yml +53 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/.github/workflows/golden-crucible.yml +1 -1
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/.github/workflows/publish.yml +1 -1
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/.github/workflows/smoke-test.yml +1 -1
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/PKG-INFO +1 -1
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/action.yml +1 -1
- gitgalaxy-2.3.10/bitbucket-pipelines.yml +24 -0
- gitgalaxy-2.3.10/cd pipeline strategy.md +33 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/cobol_refractor_controller.py +19 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/cobol_to_java_controller.py +7 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/core/detector.py +55 -5
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/core/guidestar_lens.py +28 -1
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/core/network_risk_sensor.py +7 -4
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/core/prism.py +12 -0
- gitgalaxy-2.3.10/gitgalaxy/core/state_rehydrator.py +171 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/galaxyscope.py +265 -39
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/metrics/chronometer.py +11 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/metrics/signal_processor.py +22 -5
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/metrics/statistical_auditor.py +11 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/metrics/tensor_scanner.py +8 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/recorders/audit_recorder.py +16 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/recorders/gpu_recorder.py +27 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/recorders/llm_recorder.py +40 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/recorders/record_keeper.py +21 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/recorders/sarif_recorder.py +18 -6
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/recorders/sbom_recorder.py +7 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/security/security_auditor.py +14 -1
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/standards/analysis_lens.py +3 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/standards/language_standards.py +3 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_java/cobol_to_java_decoder_forge.py +2 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_java/cobol_to_java_service_forge.py +3 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_java/cobol_to_java_spring_forge.py +3 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_java/cobol_to_java_test_forge.py +4 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/network_auditing/full_api_network_map.py +99 -22
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/supply_chain_security/binary_anomaly_detector.py +9 -1
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/supply_chain_security/supply_chain_firewall.py +58 -18
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/supply_chain_security/vault_sentinel.py +3 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/terabyte_log_scanning/pii_leak_hunter.py +3 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/terabyte_log_scanning/terabyte_log_scanner.py +3 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy.egg-info/PKG-INFO +1 -1
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy.egg-info/SOURCES.txt +10 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy.egg-info/scm_file_list.json +11 -1
- gitgalaxy-2.3.10/gitgalaxy.egg-info/scm_version.json +8 -0
- gitgalaxy-2.3.10/templates/bitbucket/bitbucket-pipelines.yml +24 -0
- gitgalaxy-2.3.10/templates/github/gitgalaxy-pipeline.yml +37 -0
- gitgalaxy-2.3.10/templates/scan.yml +11 -0
- gitgalaxy-2.3.10/tests/core_engine/test_delta_scanner.py +134 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/core_engine/test_detector.py +32 -2
- gitgalaxy-2.3.10/tests/core_engine/test_galaxyscope.py +1334 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/core_engine/test_prism.py +65 -1
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/core_engine/test_signal_processor.py +100 -1
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/core_engine/test_state_rehydrator.py +73 -1
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/core_engine/test_zero_dependency.py +115 -1
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/security_auditing/test_api_network_map.py +67 -103
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/security_auditing/test_supply_chain_firewall.py +227 -82
- gitgalaxy-2.3.8/.github/workflows/gitgalaxy.yml +0 -82
- gitgalaxy-2.3.8/gitgalaxy/core/state_rehydrator.py +0 -104
- gitgalaxy-2.3.8/gitgalaxy.egg-info/scm_version.json +0 -8
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/.flake8 +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/.github/CODEOWNERS +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/.github/ISSUE_TEMPLATE/parsing_discrepancy.yml +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/.github/dependabot.yml +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/.github/pull_request_template.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/.github/workflows/codeql.yml +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/.github/workflows/muninn.yml +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/.gitignore +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/.gitlab-ci.yml +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/CONTRIBUTING.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/LICENSE +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/MANIFEST.in +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/README.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/SECURITY.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/README.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/__init__.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/core/README.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/core/__init__.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/core/aperture.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/core/spatial_mapper.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/licensing.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/metrics/README.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/metrics/__init__.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/recorders/README.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/recorders/__init__.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/requirements.txt +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/security/README.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/security/__init__.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/security/manifest_parser.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/security/security_lens.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/standards/README.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/standards/__init__.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/standards/gitgalaxy_config.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/standards/how_to_add_a_language.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/standards/language_lens.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/README.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/__init__.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/ai_guardrails/README.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/ai_guardrails/ai_appsec_sensor.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/ai_guardrails/dev_agent_firewall.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_cobol/README.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_cobol/cobol_agent_task_forge.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_cobol/cobol_compiler_forge.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_cobol/cobol_dag_architect.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_cobol/cobol_etl_unpacker.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_cobol/cobol_graveyard_finder.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_cobol/cobol_jcl_auditor.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_cobol/cobol_jcl_forge.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_cobol/cobol_lexical_patcher.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_cobol/cobol_microservice_slicer.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_cobol/cobol_schema_forge.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_cobol/cobol_system_limits_reporter.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_java/README.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_java/batch_test_harness.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_java/cobol_to_java_agent_forge.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_java/cobol_to_java_api_contract_forge.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/cobol_to_java/cobol_to_java_build_forge.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/network_auditing/README.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/supply_chain_security/README.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy/tools/terabyte_log_scanning/README.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy.egg-info/dependency_links.txt +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy.egg-info/entry_points.txt +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy.egg-info/requires.txt +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/gitgalaxy.egg-info/top_level.txt +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/github-action-readme.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/mkdocs.yml +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/muninn.yml +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/pyproject.toml +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/setup.cfg +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/templates/azure/azure-pipelines.yml +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/templates/gitlab/scan.yml +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/README.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/cobol_mainframe/readme.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/cobol_mainframe/test_cobol_agent_task_forge.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/cobol_mainframe/test_cobol_compiler_forge.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/cobol_mainframe/test_cobol_dag_architect.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/cobol_mainframe/test_cobol_etl_unpacker.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/cobol_mainframe/test_cobol_graveyard_finder.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/cobol_mainframe/test_cobol_jcl_auditor.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/cobol_mainframe/test_cobol_jcl_forge.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/cobol_mainframe/test_cobol_lexical_patcher.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/cobol_mainframe/test_cobol_microservice_slicer.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/cobol_mainframe/test_cobol_refractor_controller.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/cobol_mainframe/test_cobol_schema_forge.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/cobol_mainframe/test_cobol_system_limits_reporter.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/core_engine/readme.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/core_engine/test_aperture.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/core_engine/test_chronometer.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/core_engine/test_chronometer_timeout.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/core_engine/test_guidestar_lens.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/core_engine/test_language_lens.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/core_engine/test_language_standards_strict.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/core_engine/test_licensing.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/core_engine/test_manifest_parser.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/extraction/readme.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/extraction/test_args_extraction_strict.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/extraction/test_class_extraction_strict.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/extraction/test_dependency_extraction_strict.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/extraction/test_function_extraction_strict.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/golden_diff.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/golden_master_audit.json +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/golden_master_zero_dep_audit.json +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/security_auditing/readme.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/security_auditing/test_ai_appsec_sensor.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/security_auditing/test_binary_anomaly_detector.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/security_auditing/test_dev_agent_firewall.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/security_auditing/test_network_risk_sensor.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/security_auditing/test_pii_leak_hunter.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/security_auditing/test_redos_poison.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/security_auditing/test_security_auditor.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/security_auditing/test_security_lens.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/security_auditing/test_statistical_auditor.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/security_auditing/test_tensor_auditor.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/security_auditing/test_terabyte_log_scanner.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/security_auditing/test_vault_sentinel.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/tools_recorders/readme.md +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/tools_recorders/test_agent_forge.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/tools_recorders/test_audit_recorder.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/tools_recorders/test_batch_test_harness.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/tools_recorders/test_decoder_forge.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/tools_recorders/test_golden_forge.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/tools_recorders/test_gpu_recorder.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/tools_recorders/test_llm_recorder.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/tools_recorders/test_record_keeper.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/tools_recorders/test_sbom_generator.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/tests/tools_recorders/test_service_forge.py +0 -0
- {gitgalaxy-2.3.8 → gitgalaxy-2.3.10}/zizmor.yml +0 -0
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
galaxyscope:
|
|
2
|
+
SARIF_IGNORED_PATHS:
|
|
3
|
+
- "tests/"
|
|
4
|
+
- "mocks/"
|
|
5
|
+
- "vendor/"
|
|
6
|
+
- "gitgalaxy/standards/"
|
|
7
|
+
- "gitgalaxy/security/"
|
|
8
|
+
- "gitgalaxy/tools/"
|
|
9
|
+
- "templates/"
|
|
10
|
+
- ".github/workflows/"
|
|
11
|
+
SARIF_IGNORED_RULES:
|
|
12
|
+
- "GH-1022"
|
|
13
|
+
- "squid-protocol"
|
|
@@ -27,7 +27,7 @@ jobs:
|
|
|
27
27
|
git config user.email 41898282+github-actions[bot]@users.noreply.github.com
|
|
28
28
|
|
|
29
29
|
- name: Set up Python
|
|
30
|
-
uses: actions/setup-python@
|
|
30
|
+
uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
|
|
31
31
|
with:
|
|
32
32
|
python-version: "3.x"
|
|
33
33
|
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
name: Generate GitGalaxy Artifacts (Post-Gate)
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches:
|
|
6
|
+
- main
|
|
7
|
+
pull_request:
|
|
8
|
+
branches:
|
|
9
|
+
- main
|
|
10
|
+
|
|
11
|
+
permissions:
|
|
12
|
+
contents: write
|
|
13
|
+
security-events: write
|
|
14
|
+
|
|
15
|
+
jobs:
|
|
16
|
+
generate-compliance-artifacts:
|
|
17
|
+
runs-on: ubuntu-latest
|
|
18
|
+
steps:
|
|
19
|
+
- name: Checkout Repository
|
|
20
|
+
uses: actions/checkout@v4
|
|
21
|
+
with:
|
|
22
|
+
fetch-depth: 0
|
|
23
|
+
|
|
24
|
+
- name: Setup Python 3.12
|
|
25
|
+
uses: actions/setup-python@v5
|
|
26
|
+
with:
|
|
27
|
+
python-version: "3.12"
|
|
28
|
+
cache: "pip"
|
|
29
|
+
|
|
30
|
+
- name: Install GitGalaxy & Dependencies
|
|
31
|
+
run: |
|
|
32
|
+
python -m pip install --upgrade pip
|
|
33
|
+
pip install . networkx tiktoken xgboost pandas numpy
|
|
34
|
+
|
|
35
|
+
- name: Generate SARIF, SBOM, and LLM Brief
|
|
36
|
+
env:
|
|
37
|
+
GITGALAXY_LICENSE_KEY: "COMMUNITY_FREE_TIER"
|
|
38
|
+
run: |
|
|
39
|
+
# Execute galaxyscope
|
|
40
|
+
galaxyscope . --config .galaxyscope.yaml --sarif-only
|
|
41
|
+
galaxyscope . --config .galaxyscope.yaml --sbom-only
|
|
42
|
+
galaxyscope . --config .galaxyscope.yaml --llm-only
|
|
43
|
+
|
|
44
|
+
# Debug: Print the exact files generated
|
|
45
|
+
echo "=== FILES GENERATED BY GALAXYSC ==="
|
|
46
|
+
ls -la *_sarif* *.sarif *_sbom* *.json *_llm* || true
|
|
47
|
+
|
|
48
|
+
# Force rename them so the next steps can find them reliably
|
|
49
|
+
mv *_sarif* gitgalaxy-results_sarif.json 2>/dev/null || mv *.sarif gitgalaxy-results_sarif.json 2>/dev/null || true
|
|
50
|
+
mv *_sbom* gitgalaxy-sbom.json 2>/dev/null || true
|
|
51
|
+
mv *_llm.md gitgalaxy_architecture_brief.md 2>/dev/null || true
|
|
52
|
+
|
|
53
|
+
- name: Upload SARIF to GitHub Security Tab
|
|
54
|
+
uses: github/codeql-action/upload-sarif@v4
|
|
55
|
+
with:
|
|
56
|
+
sarif_file: gitgalaxy-results_sarif.json
|
|
57
|
+
|
|
58
|
+
- name: Upload SBOM as Build Artifact
|
|
59
|
+
uses: actions/upload-artifact@v4
|
|
60
|
+
with:
|
|
61
|
+
name: gitgalaxy-sbom
|
|
62
|
+
path: gitgalaxy-sbom.json
|
|
63
|
+
|
|
64
|
+
- name: Commit LLM Brief to Docs
|
|
65
|
+
if: github.event_name == 'push'
|
|
66
|
+
run: |
|
|
67
|
+
mkdir -p docs
|
|
68
|
+
mv gitgalaxy_architecture_brief.md docs/ || true
|
|
69
|
+
git config --global user.name "github-actions[bot]"
|
|
70
|
+
git config --global user.email "github-actions[bot]@users.noreply.github.com"
|
|
71
|
+
git add docs/gitgalaxy_architecture_brief.md
|
|
72
|
+
git diff --quiet && git diff --staged --quiet || (git commit -m "docs: auto-update LLM architectural brief" && git push)
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
name: GitGalaxy Zero-Trust Audit
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches: [ "feature/*" ]
|
|
6
|
+
pull_request:
|
|
7
|
+
branches: [ "main" ]
|
|
8
|
+
|
|
9
|
+
# REQUIRED: Grants the action permission to post to the Security tab
|
|
10
|
+
permissions:
|
|
11
|
+
contents: read
|
|
12
|
+
security-events: write
|
|
13
|
+
|
|
14
|
+
jobs:
|
|
15
|
+
spectral-audit:
|
|
16
|
+
runs-on: ubuntu-latest
|
|
17
|
+
steps:
|
|
18
|
+
- name: Checkout Repository
|
|
19
|
+
uses: actions/checkout@v4
|
|
20
|
+
with:
|
|
21
|
+
fetch-depth: 0
|
|
22
|
+
|
|
23
|
+
- name: Setup Python
|
|
24
|
+
uses: actions/setup-python@v5
|
|
25
|
+
with:
|
|
26
|
+
python-version: "3.12"
|
|
27
|
+
cache: "pip"
|
|
28
|
+
|
|
29
|
+
- name: Install GitGalaxy & Dependencies
|
|
30
|
+
run: |
|
|
31
|
+
python -m pip install --upgrade pip
|
|
32
|
+
pip install . networkx tiktoken xgboost pandas numpy
|
|
33
|
+
|
|
34
|
+
- name: Execute Spectral Audit
|
|
35
|
+
run: |
|
|
36
|
+
# Relaxed thresholds until --incremental or --ignore are implemented
|
|
37
|
+
galaxyscope . --config .galaxyscope.yaml --max-risk-exposure 120 --fail-on-malware --sarif-only --output gitgalaxy-results.json
|
|
38
|
+
|
|
39
|
+
- name: Upload SARIF to GitHub Security Tab
|
|
40
|
+
if: always()
|
|
41
|
+
uses: github/codeql-action/upload-sarif@v4
|
|
42
|
+
with:
|
|
43
|
+
sarif_file: gitgalaxy-results_sarif.json
|
|
44
|
+
|
|
45
|
+
- name: Upload SARIF as Build Artifact (Backup)
|
|
46
|
+
if: always()
|
|
47
|
+
uses: actions/upload-artifact@v4
|
|
48
|
+
with:
|
|
49
|
+
name: gitgalaxy-sarif-report
|
|
50
|
+
path: gitgalaxy-results_sarif.json
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
name: GitGalaxy Zero-Trust Pipeline
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches: [main]
|
|
6
|
+
pull_request:
|
|
7
|
+
branches: [main]
|
|
8
|
+
|
|
9
|
+
permissions:
|
|
10
|
+
contents: read
|
|
11
|
+
|
|
12
|
+
jobs:
|
|
13
|
+
vault-sentinel:
|
|
14
|
+
name: Vault Sentinel
|
|
15
|
+
runs-on: ubuntu-latest
|
|
16
|
+
steps:
|
|
17
|
+
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
|
18
|
+
with:
|
|
19
|
+
persist-credentials: false
|
|
20
|
+
|
|
21
|
+
- uses: ./
|
|
22
|
+
with:
|
|
23
|
+
tool: vault-sentinel
|
|
24
|
+
target: .
|
|
25
|
+
version: local
|
|
26
|
+
|
|
27
|
+
xray-inspector:
|
|
28
|
+
name: X-Ray Inspector
|
|
29
|
+
runs-on: ubuntu-latest
|
|
30
|
+
steps:
|
|
31
|
+
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
|
32
|
+
with:
|
|
33
|
+
persist-credentials: false
|
|
34
|
+
|
|
35
|
+
- uses: ./
|
|
36
|
+
with:
|
|
37
|
+
tool: xray-inspector
|
|
38
|
+
target: .
|
|
39
|
+
version: local
|
|
40
|
+
|
|
41
|
+
supply-chain-firewall:
|
|
42
|
+
name: Supply Chain Firewall
|
|
43
|
+
runs-on: ubuntu-latest
|
|
44
|
+
steps:
|
|
45
|
+
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
|
46
|
+
with:
|
|
47
|
+
persist-credentials: false
|
|
48
|
+
|
|
49
|
+
- uses: ./
|
|
50
|
+
with:
|
|
51
|
+
tool: supply-chain-firewall
|
|
52
|
+
target: .
|
|
53
|
+
version: local
|
|
@@ -26,7 +26,7 @@ jobs:
|
|
|
26
26
|
persist-credentials: false
|
|
27
27
|
|
|
28
28
|
- name: Set up Python ${{ matrix.python-version }}
|
|
29
|
-
uses: actions/setup-python@
|
|
29
|
+
uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
|
|
30
30
|
with:
|
|
31
31
|
python-version: ${{ matrix.python-version }}
|
|
32
32
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: gitgalaxy
|
|
3
|
-
Version: 2.3.
|
|
3
|
+
Version: 2.3.10
|
|
4
4
|
Summary: An AST-free, LLM-free zero-trust static analysis engine for mapping architectural risk, securing CI/CD pipelines, and modernizing legacy monoliths.
|
|
5
5
|
Author: Joe Esquibel
|
|
6
6
|
Project-URL: Homepage, https://gitgalaxy.io
|
|
@@ -32,7 +32,7 @@ runs:
|
|
|
32
32
|
using: "composite"
|
|
33
33
|
steps:
|
|
34
34
|
- name: Set up Python
|
|
35
|
-
uses: actions/setup-python@
|
|
35
|
+
uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
|
|
36
36
|
with:
|
|
37
37
|
python-version: '3.10'
|
|
38
38
|
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# GitGalaxy Enterprise Security Scanner
|
|
2
|
+
# Integration: Bitbucket Pipelines
|
|
3
|
+
|
|
4
|
+
image: python:3.12-slim
|
|
5
|
+
|
|
6
|
+
pipelines:
|
|
7
|
+
default:
|
|
8
|
+
- step:
|
|
9
|
+
name: 'GitGalaxy Zero-Trust Spectral Audit'
|
|
10
|
+
caches:
|
|
11
|
+
- pip
|
|
12
|
+
script:
|
|
13
|
+
# 1. Initialize Python Environment & Install GitGalaxy CLI Engine
|
|
14
|
+
# Added heavy physics engines for full precision (networkx, tiktoken, etc.)
|
|
15
|
+
- pip install --upgrade pip
|
|
16
|
+
- pip install gitgalaxy>=2.4.0 networkx tiktoken xgboost pandas numpy
|
|
17
|
+
|
|
18
|
+
# 2. Execute Zero-Trust Spectral Audit with Enterprise Gates
|
|
19
|
+
# Added --ignore tests/ to prevent mock data from tripping the secrets firewall
|
|
20
|
+
- galaxyscope gitgalaxy/ --max-risk-exposure ${GITGALAXY_MAX_RISK:-95} --fail-on-secrets --fail-on-malware --sarif-only --output gitgalaxy-results_sarif.json
|
|
21
|
+
|
|
22
|
+
artifacts:
|
|
23
|
+
# 3. Publish SARIF telemetry for Bitbucket Code Insights
|
|
24
|
+
- gitgalaxy-results_sarif.json
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
# GitGalaxy: CI/CD Distribution & Architecture Context
|
|
2
|
+
|
|
3
|
+
## 1. Architectural Overview (The Hub and Spoke Model)
|
|
4
|
+
GitGalaxy utilizes a centralized distribution architecture to maintain a single source of truth while achieving maximum cross-platform compatibility.
|
|
5
|
+
|
|
6
|
+
* **The Hub (PyPI):** The compiled Python codebase (the blAST engine) is hosted exclusively on the Python Package Index.
|
|
7
|
+
* **The Spokes (GitHub, GitLab, Jenkins, etc.):** Enterprise CI/CD platforms do not host the engine natively. Instead, they use lightweight YAML wrappers to dynamically pull the engine via `pip install gitgalaxy` and execute it within their isolated runners.
|
|
8
|
+
|
|
9
|
+
This allows us to instantly push updates to Azure DevOps, Bitbucket, GitLab, and GitHub Actions simultaneously just by tagging a new release.
|
|
10
|
+
|
|
11
|
+
## 2. Core CI/CD Configurations & Files
|
|
12
|
+
|
|
13
|
+
### GitHub Actions (The Orchestrator)
|
|
14
|
+
GitHub acts as the central command center for the project's source code and deployment triggers.
|
|
15
|
+
* **`.github/workflows/publish.yml`**: The release pipeline. Triggered strictly by Git tags (e.g., `v2.4.1`). It builds the Python wheel/sdist and authenticates with PyPI via OIDC to publish the package.
|
|
16
|
+
* **`.github/workflows/gitlab-sync.yml`**: The mirror pipeline. Fires alongside the PyPI publish workflow. It securely pushes the latest code and tags directly to the `squid-protocol1/gitgalaxy` repository on GitLab, keeping both platforms in perfect sync.
|
|
17
|
+
* **`action.yml`**: The native GitHub Action wrapper. Allows GitHub users to invoke GitGalaxy using standard `uses: squid-protocol/gitgalaxy@v2` syntax.
|
|
18
|
+
|
|
19
|
+
### GitLab CI/CD Catalog (The Enterprise Gate)
|
|
20
|
+
* **`scan.yml`**: The native GitLab CI/CD Component definition. This file defines the `gitgalaxy_scan` job, pulling the `python:3.12-slim` image, installing the engine from PyPI, and executing the Zero-Trust Spectral Audit with enterprise failure ratchets (`--max-risk-exposure`, `--fail-on-secrets`). It automatically exposes the generated `gitgalaxy-results_sarif.json` to GitLab's security dashboards.
|
|
21
|
+
|
|
22
|
+
### Project Build & Versioning
|
|
23
|
+
* **`pyproject.toml`**: The modern Python build configuration. It defines dependencies, CLI entry points (like `galaxyscope` and `supply-chain-firewall`), and uses `setuptools_scm` to dynamically generate the package version directly from Git tags (e.g., matching the `v2.4.1` regex).
|
|
24
|
+
|
|
25
|
+
## 3. Recent Engine Hardening & Security Patches
|
|
26
|
+
|
|
27
|
+
To support enterprise CI/CD environments, several critical stability and security patches were recently integrated:
|
|
28
|
+
|
|
29
|
+
* **CLI Pipeline Gates (`galaxyscope.py`)**: Added native `argparse` flags (`--fail-on-secrets`, `--fail-on-malware`, `--max-risk-exposure`) to allow CI/CD runners to programmatically fail builds when strict security thresholds are breached.
|
|
30
|
+
* **Regex ReDoS Armor (`language_standards.py`)**:
|
|
31
|
+
* Mitigated Catastrophic Backtracking (ReDoS) vulnerabilities in the C/C++ parser when handling massive, malformed K&R payload blocks by enforcing strict lazy consumers (`[^;{]*?;`).
|
|
32
|
+
* Patched the `_dependency_capture` regex for Python and JavaScript to strip line anchors, allowing the Supply Chain Firewall to accurately detect inline, dynamic, and comma-separated dependency imports (e.g., `import os, requests`).
|
|
33
|
+
* **Dependency Auditing (`requirements.txt`)**: Bumped `mistune>=3.2.2` to resolve a high-severity CPU exhaustion vulnerability (CVE-2026-49851) flagged by the Muninn Security Scanner in our documentation build chain.
|
|
@@ -1,10 +1,17 @@
|
|
|
1
1
|
#!/usr/bin/env python3
|
|
2
2
|
# ==============================================================================
|
|
3
|
+
|
|
4
|
+
# galaxyscope:ignore sec_db_hooks, sec_io, sec_high_risk_execution
|
|
3
5
|
# GitGalaxy: COBOL Refractor Controller (v4.0 - Hybrid Enterprise Scale)
|
|
4
6
|
# Purpose: Orchestrates the Universal Translator suite using a Hybrid
|
|
5
7
|
# Intermediate Representation (IR) State Manager. Dynamically toggles
|
|
6
8
|
# between high-speed RAM and SQLite3 to prevent OOM crashes.
|
|
7
9
|
# ==============================================================================
|
|
10
|
+
|
|
11
|
+
# galaxyscope:ignore sec_db_hooks, sec_io, sec_high_risk_execution
|
|
12
|
+
|
|
13
|
+
# galaxyscope:ignore sec_db_hooks, sec_io, sec_high_risk_execution
|
|
14
|
+
|
|
8
15
|
import argparse
|
|
9
16
|
import sys
|
|
10
17
|
import json
|
|
@@ -31,9 +38,13 @@ from gitgalaxy.tools.cobol_to_cobol.cobol_jcl_auditor import audit_zero_trust_jc
|
|
|
31
38
|
from gitgalaxy.tools.cobol_to_cobol.cobol_agent_task_forge import forge_agent_jobs
|
|
32
39
|
|
|
33
40
|
# ==============================================================================
|
|
41
|
+
|
|
42
|
+
# galaxyscope:ignore sec_db_hooks, sec_io, sec_high_risk_execution
|
|
34
43
|
# THE SCALE SENSOR & HYBRID STATE MANAGER
|
|
35
44
|
# ==============================================================================
|
|
36
45
|
|
|
46
|
+
# galaxyscope:ignore sec_db_hooks, sec_io, sec_high_risk_execution
|
|
47
|
+
|
|
37
48
|
|
|
38
49
|
def calibrate_ir_medium(target_path: Path, max_files=2000, max_mb=200) -> tuple:
|
|
39
50
|
"""Scouts the repository to determine the safest IR storage medium."""
|
|
@@ -129,9 +140,13 @@ class IRStateManager:
|
|
|
129
140
|
|
|
130
141
|
|
|
131
142
|
# ==============================================================================
|
|
143
|
+
|
|
144
|
+
# galaxyscope:ignore sec_db_hooks, sec_io, sec_high_risk_execution
|
|
132
145
|
# THE PROCESSING PIPELINE
|
|
133
146
|
# ==============================================================================
|
|
134
147
|
|
|
148
|
+
# galaxyscope:ignore sec_db_hooks, sec_io, sec_high_risk_execution
|
|
149
|
+
|
|
135
150
|
|
|
136
151
|
def process_payload(filepath: Path, state_manager: IRStateManager, target_var: str = None) -> dict:
|
|
137
152
|
"""Processes a single COBOL payload through the enriched, shared-state pipeline."""
|
|
@@ -230,9 +245,13 @@ def process_payload(filepath: Path, state_manager: IRStateManager, target_var: s
|
|
|
230
245
|
|
|
231
246
|
|
|
232
247
|
# ==============================================================================
|
|
248
|
+
|
|
249
|
+
# galaxyscope:ignore sec_db_hooks, sec_io, sec_high_risk_execution
|
|
233
250
|
# MAIN ORCHESTRATION LOOP
|
|
234
251
|
# ==============================================================================
|
|
235
252
|
|
|
253
|
+
# galaxyscope:ignore sec_db_hooks, sec_io, sec_high_risk_execution
|
|
254
|
+
|
|
236
255
|
|
|
237
256
|
def main():
|
|
238
257
|
from gitgalaxy.licensing import enforce_licensing_guard
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
#!/usr/bin/env python3
|
|
2
2
|
# ==============================================================================
|
|
3
|
+
|
|
4
|
+
# galaxyscope:ignore sec_io
|
|
3
5
|
# GitGalaxy Tool: COBOL to Java Translation Controller
|
|
4
6
|
#
|
|
5
7
|
# PURPOSE:
|
|
@@ -17,6 +19,11 @@
|
|
|
17
19
|
# the internal business logic to the AI agent, ensuring architectural integrity
|
|
18
20
|
# and guaranteed compilability out-of-the-box.
|
|
19
21
|
# ==============================================================================
|
|
22
|
+
|
|
23
|
+
# galaxyscope:ignore sec_io
|
|
24
|
+
|
|
25
|
+
# galaxyscope:ignore sec_io
|
|
26
|
+
|
|
20
27
|
import argparse
|
|
21
28
|
import sys
|
|
22
29
|
import json
|
|
@@ -1,4 +1,6 @@
|
|
|
1
1
|
# ==============================================================================
|
|
2
|
+
|
|
3
|
+
# galaxyscope:ignore sec_high_risk_execution
|
|
2
4
|
# GitGalaxy
|
|
3
5
|
# Copyright (c) 2026 Joe Esquibel
|
|
4
6
|
#
|
|
@@ -7,6 +9,11 @@
|
|
|
7
9
|
# A copy of the license can be found in the LICENSE file in the root directory
|
|
8
10
|
# of this project, or at https://polyformproject.org/licenses/noncommercial/1.0.0/
|
|
9
11
|
# ==============================================================================
|
|
12
|
+
|
|
13
|
+
# galaxyscope:ignore sec_high_risk_execution
|
|
14
|
+
|
|
15
|
+
# galaxyscope:ignore sec_high_risk_execution
|
|
16
|
+
|
|
10
17
|
import re
|
|
11
18
|
import math
|
|
12
19
|
import logging
|
|
@@ -36,10 +43,14 @@ def get_token_mass(text: str, deep_scan: bool = False) -> Optional[int]:
|
|
|
36
43
|
|
|
37
44
|
|
|
38
45
|
# ==============================================================================
|
|
46
|
+
|
|
47
|
+
# galaxyscope:ignore sec_high_risk_execution
|
|
39
48
|
# GitGalaxy Phase 2.5 & 7.5: Logic Splicer & Topological Mapper
|
|
40
49
|
# Strategy v6.3.0 Protocol: Fluid-State Counters, Language Sliding & Semantic Modes
|
|
41
50
|
# ==============================================================================
|
|
42
51
|
|
|
52
|
+
# galaxyscope:ignore sec_high_risk_execution
|
|
53
|
+
|
|
43
54
|
|
|
44
55
|
class FunctionNode(TypedDict, total=False):
|
|
45
56
|
"""Metadata for a surgically extracted functional logic block."""
|
|
@@ -97,9 +108,13 @@ class LogicData(TypedDict, total=False):
|
|
|
97
108
|
|
|
98
109
|
|
|
99
110
|
# ==============================================================================
|
|
111
|
+
|
|
112
|
+
# galaxyscope:ignore sec_high_risk_execution
|
|
100
113
|
# THE STRUCTURAL SIGNATURE CONFIGURATION MATRIX
|
|
101
114
|
# ==============================================================================
|
|
102
115
|
|
|
116
|
+
# galaxyscope:ignore sec_high_risk_execution
|
|
117
|
+
|
|
103
118
|
|
|
104
119
|
class ScopeParsingRegistry:
|
|
105
120
|
"""
|
|
@@ -419,7 +434,7 @@ class StructuralExtractor:
|
|
|
419
434
|
# --- EXISTING STRUCTURAL PIPELINE ---
|
|
420
435
|
segments = self._partition_segments(code_stream, self.primary_lang_id)
|
|
421
436
|
|
|
422
|
-
equations, mitigation_telemetry, segment_spatial_maps, extracted_parents = self.coding_analysis(
|
|
437
|
+
equations, mitigation_telemetry, segment_spatial_maps, extracted_parents, threat_locations = self.coding_analysis(
|
|
423
438
|
segments, regex_telemetry if profile_regex else None
|
|
424
439
|
)
|
|
425
440
|
|
|
@@ -549,6 +564,7 @@ class StructuralExtractor:
|
|
|
549
564
|
"financial_read_cost": (
|
|
550
565
|
round((file_token_mass / 1000000) * 3.00, 5) if file_token_mass is not None else None
|
|
551
566
|
),
|
|
567
|
+
"threat_locations": threat_locations,
|
|
552
568
|
}
|
|
553
569
|
if profile_regex:
|
|
554
570
|
result_payload["regex_telemetry"] = regex_telemetry
|
|
@@ -837,7 +853,7 @@ class StructuralExtractor:
|
|
|
837
853
|
|
|
838
854
|
def coding_analysis(
|
|
839
855
|
self, segments: List[Tuple[str, str, int]], regex_telemetry: dict = None
|
|
840
|
-
) -> Tuple[Dict[str, int], Dict[str, int], List[Dict[str, List[int]]], List[str]]:
|
|
856
|
+
) -> Tuple[Dict[str, int], Dict[str, int], List[Dict[str, List[int]]], List[str], Dict[str, List[int]]]:
|
|
841
857
|
counts: Dict[str, int] = {key: 0 for key in self.UNIVERSAL_METRICS_SCHEMA}
|
|
842
858
|
|
|
843
859
|
# --- THE FIX: INJECT APPSEC SENSORS ---
|
|
@@ -855,8 +871,9 @@ class StructuralExtractor:
|
|
|
855
871
|
}
|
|
856
872
|
segment_spatial_maps = []
|
|
857
873
|
extracted_parents = []
|
|
874
|
+
threat_locations: Dict[str, List[int]] = {}
|
|
858
875
|
|
|
859
|
-
for seg_lang, seg_code,
|
|
876
|
+
for seg_lang, seg_code, current_line_offset in segments:
|
|
860
877
|
# 1. Grab the language-specific rules
|
|
861
878
|
rules = self.languages.get(seg_lang, {}).get("rules", {}).copy()
|
|
862
879
|
|
|
@@ -892,6 +909,11 @@ class StructuralExtractor:
|
|
|
892
909
|
if hasattr(pattern, "finditer"):
|
|
893
910
|
matches = list(pattern.finditer(seg_code))
|
|
894
911
|
hit_indices = [m.start() for m in matches]
|
|
912
|
+
|
|
913
|
+
# ---> NEW: Offset to LOC Conversion <---
|
|
914
|
+
for m in matches:
|
|
915
|
+
line_number = current_line_offset + seg_code.count("\n", 0, m.start()) + 1
|
|
916
|
+
threat_locations.setdefault(mapped_key, []).append(line_number)
|
|
895
917
|
|
|
896
918
|
# ---> THE LINEAGE EXTRACTOR <---
|
|
897
919
|
# If the regex has 2+ capture groups, group 2 contains the inheritance mapping
|
|
@@ -900,7 +922,13 @@ class StructuralExtractor:
|
|
|
900
922
|
if m.group(2):
|
|
901
923
|
extracted_parents.append(m.group(2).strip())
|
|
902
924
|
else:
|
|
903
|
-
|
|
925
|
+
matches = list(re.finditer(str(pattern), seg_code))
|
|
926
|
+
hit_indices = [m.start() for m in matches]
|
|
927
|
+
|
|
928
|
+
# ---> NEW: Offset to LOC Conversion <---
|
|
929
|
+
for m in matches:
|
|
930
|
+
line_number = current_line_offset + seg_code.count("\n", 0, m.start()) + 1
|
|
931
|
+
threat_locations.setdefault(mapped_key, []).append(line_number)
|
|
904
932
|
|
|
905
933
|
c = len(hit_indices)
|
|
906
934
|
|
|
@@ -927,8 +955,12 @@ class StructuralExtractor:
|
|
|
927
955
|
# ---> NEW: SPATIAL CORRELATION (Runs once per segment) <---
|
|
928
956
|
|
|
929
957
|
# ==============================================================================
|
|
958
|
+
|
|
959
|
+
# galaxyscope:ignore sec_high_risk_execution
|
|
930
960
|
# PHASE 4: AI APPSEC & ZERO-TRUST SENSORS (The Checkmarx/Bitwarden Defense)
|
|
931
961
|
# ==============================================================================
|
|
962
|
+
|
|
963
|
+
# galaxyscope:ignore sec_high_risk_execution
|
|
932
964
|
# 0a. The Exfiltration Distance Check
|
|
933
965
|
if "memory_scraping" in spatial_map and "exfiltration_camouflage" in spatial_map:
|
|
934
966
|
# Measures the physical call-path distance between the memory read and the socket
|
|
@@ -946,6 +978,8 @@ class StructuralExtractor:
|
|
|
946
978
|
counts["rce_funnel"] += len(spatial_map["rce_funnel"]) * 50
|
|
947
979
|
# ==============================================================================
|
|
948
980
|
|
|
981
|
+
# galaxyscope:ignore sec_high_risk_execution
|
|
982
|
+
|
|
949
983
|
# 1. Taint Tracking (RCE Weaponization)
|
|
950
984
|
if "sec_high_risk_execution" in spatial_map and ("sec_io" in spatial_map or "io" in spatial_map):
|
|
951
985
|
io_hits = sorted(spatial_map.get("sec_io", []) + spatial_map.get("io", []))
|
|
@@ -1023,7 +1057,7 @@ class StructuralExtractor:
|
|
|
1023
1057
|
counts["indent_spaces"] += len(re.findall(r"^[ ]{2,}(?=\S)", seg_code, flags=re.MULTILINE))
|
|
1024
1058
|
segment_spatial_maps.append(spatial_map)
|
|
1025
1059
|
|
|
1026
|
-
return counts, mitigations, segment_spatial_maps, extracted_parents
|
|
1060
|
+
return counts, mitigations, segment_spatial_maps, extracted_parents, threat_locations
|
|
1027
1061
|
|
|
1028
1062
|
def comment_analysis(self, comment_stream: str, lang_id: str, counts: Dict[str, int]) -> Dict[str, int]:
|
|
1029
1063
|
"""
|
|
@@ -1065,9 +1099,13 @@ class StructuralExtractor:
|
|
|
1065
1099
|
return counts
|
|
1066
1100
|
|
|
1067
1101
|
# ==============================================================================
|
|
1102
|
+
|
|
1103
|
+
# galaxyscope:ignore sec_high_risk_execution
|
|
1068
1104
|
# PRE-PROCESSING HELPERS
|
|
1069
1105
|
# ==============================================================================
|
|
1070
1106
|
|
|
1107
|
+
# galaxyscope:ignore sec_high_risk_execution
|
|
1108
|
+
|
|
1071
1109
|
def _apply_literal_shield(self, text: str, lang_id: str = None) -> str:
|
|
1072
1110
|
"""
|
|
1073
1111
|
The Smarter Atomic Literal Shield: Handles C++ Raw Strings, Python Triple Quotes,
|
|
@@ -1185,9 +1223,13 @@ class StructuralExtractor:
|
|
|
1185
1223
|
return "Anonymous_Block"
|
|
1186
1224
|
|
|
1187
1225
|
# ==============================================================================
|
|
1226
|
+
|
|
1227
|
+
# galaxyscope:ignore sec_high_risk_execution
|
|
1188
1228
|
# THE MASTER DISPATCHER
|
|
1189
1229
|
# ==============================================================================
|
|
1190
1230
|
|
|
1231
|
+
# galaxyscope:ignore sec_high_risk_execution
|
|
1232
|
+
|
|
1191
1233
|
def _function_slice(
|
|
1192
1234
|
self,
|
|
1193
1235
|
segments: List[Tuple[str, str, int]],
|
|
@@ -1255,9 +1297,13 @@ class StructuralExtractor:
|
|
|
1255
1297
|
return all_satellites, global_impact
|
|
1256
1298
|
|
|
1257
1299
|
# ==============================================================================
|
|
1300
|
+
|
|
1301
|
+
# galaxyscope:ignore sec_high_risk_execution
|
|
1258
1302
|
# INTEGRATION MODES (Slicers)
|
|
1259
1303
|
# ==============================================================================
|
|
1260
1304
|
|
|
1305
|
+
# galaxyscope:ignore sec_high_risk_execution
|
|
1306
|
+
|
|
1261
1307
|
def _slice_by_labels(
|
|
1262
1308
|
self,
|
|
1263
1309
|
code: str,
|
|
@@ -1864,9 +1910,13 @@ class StructuralExtractor:
|
|
|
1864
1910
|
return satellites, sum_fxn_impact
|
|
1865
1911
|
|
|
1866
1912
|
# ==============================================================================
|
|
1913
|
+
|
|
1914
|
+
# galaxyscope:ignore sec_high_risk_execution
|
|
1867
1915
|
# SHARED FUNCTIONAL METRICS ENGINE
|
|
1868
1916
|
# ==============================================================================
|
|
1869
1917
|
|
|
1918
|
+
# galaxyscope:ignore sec_high_risk_execution
|
|
1919
|
+
|
|
1870
1920
|
def _calculate_block_metrics(
|
|
1871
1921
|
self,
|
|
1872
1922
|
name: str,
|
|
@@ -1,12 +1,19 @@
|
|
|
1
1
|
# ==============================================================================
|
|
2
|
+
|
|
3
|
+
# galaxyscope:ignore sec_io, llm_hooks
|
|
2
4
|
# GitGalaxy
|
|
3
5
|
# Copyright (c) 2026 Joe Esquibel
|
|
4
6
|
#
|
|
5
7
|
# This source code is licensed under the PolyForm Noncommercial License 1.0.0.
|
|
6
8
|
# You may not use this file except in compliance with the License.
|
|
7
9
|
# A copy of the license can be found in the LICENSE file in the root directory
|
|
8
|
-
# of this project, or at
|
|
10
|
+
# of this project, or at https://polyformproject.org/licenses/noncommercial/1.0.0/
|
|
9
11
|
# ==============================================================================
|
|
12
|
+
|
|
13
|
+
# galaxyscope:ignore sec_io, llm_hooks
|
|
14
|
+
|
|
15
|
+
# galaxyscope:ignore sec_io, llm_hooks
|
|
16
|
+
|
|
10
17
|
import re
|
|
11
18
|
import os
|
|
12
19
|
import json
|
|
@@ -17,10 +24,14 @@ from typing import Dict, Any, Optional, List, Tuple, Union
|
|
|
17
24
|
from gitgalaxy.standards.gitgalaxy_config import GUIDESTAR_CONFIG
|
|
18
25
|
|
|
19
26
|
# ==============================================================================
|
|
27
|
+
|
|
28
|
+
# galaxyscope:ignore sec_io, llm_hooks
|
|
20
29
|
# GitGalaxy Phase 0.5: Sector Intelligence (The GuideStar Lens)
|
|
21
30
|
# Strategy: v6.3.0 (Deep Manifest Inspection & Evidence Hierarchy)
|
|
22
31
|
# ==============================================================================
|
|
23
32
|
|
|
33
|
+
# galaxyscope:ignore sec_io, llm_hooks
|
|
34
|
+
|
|
24
35
|
|
|
25
36
|
class GuideStarLens:
|
|
26
37
|
"""
|
|
@@ -174,9 +185,13 @@ class GuideStarLens:
|
|
|
174
185
|
}
|
|
175
186
|
|
|
176
187
|
# ==============================================================================
|
|
188
|
+
|
|
189
|
+
# galaxyscope:ignore sec_io, llm_hooks
|
|
177
190
|
# DEEP MANIFEST INSPECTION
|
|
178
191
|
# ==============================================================================
|
|
179
192
|
|
|
193
|
+
# galaxyscope:ignore sec_io, llm_hooks
|
|
194
|
+
|
|
180
195
|
def _scan_package_manifests(self):
|
|
181
196
|
"""Identifies authoritative project contextual baselines and parses their internal logic."""
|
|
182
197
|
# Dynamically inject requirements.txt if it wasn't in the global config
|
|
@@ -316,9 +331,13 @@ class GuideStarLens:
|
|
|
316
331
|
self._inject_intent_lock(filename, predicted_lang, 0.85, f"Execution Trigger ({prefix_clean})")
|
|
317
332
|
|
|
318
333
|
# ==============================================================================
|
|
334
|
+
|
|
335
|
+
# galaxyscope:ignore sec_io, llm_hooks
|
|
319
336
|
# EXPLICIT AUTHORITY
|
|
320
337
|
# ==============================================================================
|
|
321
338
|
|
|
339
|
+
# galaxyscope:ignore sec_io, llm_hooks
|
|
340
|
+
|
|
322
341
|
def _scan_gitattributes(self):
|
|
323
342
|
"""
|
|
324
343
|
Parses .gitattributes for explicit linguist-language overrides.
|
|
@@ -370,9 +389,13 @@ class GuideStarLens:
|
|
|
370
389
|
self.logger.debug(f"GuideStar: Deep inspection failed for .gitattributes: {e}")
|
|
371
390
|
|
|
372
391
|
# ==============================================================================
|
|
392
|
+
|
|
393
|
+
# galaxyscope:ignore sec_io, llm_hooks
|
|
373
394
|
# SECURITY EVASION DETECTION
|
|
374
395
|
# ==============================================================================
|
|
375
396
|
|
|
397
|
+
# galaxyscope:ignore sec_io, llm_hooks
|
|
398
|
+
|
|
376
399
|
def _scan_gitignore_evasion(self):
|
|
377
400
|
"""
|
|
378
401
|
Scans .gitignore for hostile force-includes (e.g., !payload.so).
|
|
@@ -415,9 +438,13 @@ class GuideStarLens:
|
|
|
415
438
|
self.logger.debug(f"GuideStar: Evasion inspection failed for .gitignore: {e}")
|
|
416
439
|
|
|
417
440
|
# ==============================================================================
|
|
441
|
+
|
|
442
|
+
# galaxyscope:ignore sec_io, llm_hooks
|
|
418
443
|
# DOCUMENTATION COVERAGE MAP
|
|
419
444
|
# ==============================================================================
|
|
420
445
|
|
|
446
|
+
# galaxyscope:ignore sec_io, llm_hooks
|
|
447
|
+
|
|
421
448
|
def _calculate_documentation_coverage(self):
|
|
422
449
|
"""
|
|
423
450
|
Scans the repository for high-value architectural literature.
|