gitgalaxy 2.3.9__tar.gz → 2.3.12__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (188) hide show
  1. gitgalaxy-2.3.12/.galaxyscope.yaml +13 -0
  2. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/.github/workflows/deploy-docs.yml +1 -1
  3. gitgalaxy-2.3.12/.github/workflows/gitgalaxy-artifacts.yml +72 -0
  4. gitgalaxy-2.3.12/.github/workflows/gitgalaxy-audit.yml +50 -0
  5. gitgalaxy-2.3.12/.github/workflows/gitgalaxy.yml +53 -0
  6. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/.github/workflows/golden-crucible.yml +1 -1
  7. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/.github/workflows/publish.yml +17 -1
  8. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/.github/workflows/smoke-test.yml +1 -1
  9. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/PKG-INFO +1 -1
  10. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/action.yml +1 -1
  11. gitgalaxy-2.3.12/cd pipeline strategy.md +33 -0
  12. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/cobol_refractor_controller.py +19 -0
  13. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/cobol_to_java_controller.py +7 -0
  14. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/core/detector.py +55 -5
  15. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/core/guidestar_lens.py +28 -1
  16. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/core/network_risk_sensor.py +7 -4
  17. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/core/prism.py +12 -0
  18. gitgalaxy-2.3.12/gitgalaxy/core/state_rehydrator.py +171 -0
  19. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/galaxyscope.py +265 -39
  20. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/metrics/chronometer.py +11 -0
  21. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/metrics/signal_processor.py +22 -5
  22. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/metrics/statistical_auditor.py +11 -0
  23. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/metrics/tensor_scanner.py +8 -0
  24. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/recorders/audit_recorder.py +16 -0
  25. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/recorders/gpu_recorder.py +27 -0
  26. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/recorders/llm_recorder.py +40 -0
  27. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/recorders/record_keeper.py +21 -0
  28. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/recorders/sarif_recorder.py +18 -6
  29. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/recorders/sbom_recorder.py +7 -0
  30. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/security/security_auditor.py +14 -1
  31. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/standards/analysis_lens.py +3 -0
  32. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/standards/language_standards.py +3 -0
  33. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_java/cobol_to_java_decoder_forge.py +2 -0
  34. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_java/cobol_to_java_service_forge.py +3 -0
  35. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_java/cobol_to_java_spring_forge.py +3 -0
  36. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_java/cobol_to_java_test_forge.py +4 -0
  37. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/network_auditing/full_api_network_map.py +99 -22
  38. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/supply_chain_security/binary_anomaly_detector.py +9 -1
  39. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/supply_chain_security/supply_chain_firewall.py +58 -18
  40. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/supply_chain_security/vault_sentinel.py +3 -0
  41. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/terabyte_log_scanning/pii_leak_hunter.py +3 -0
  42. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/terabyte_log_scanning/terabyte_log_scanner.py +3 -0
  43. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy.egg-info/PKG-INFO +1 -1
  44. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy.egg-info/SOURCES.txt +8 -0
  45. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy.egg-info/scm_file_list.json +9 -1
  46. gitgalaxy-2.3.12/gitgalaxy.egg-info/scm_version.json +8 -0
  47. gitgalaxy-2.3.12/templates/bitbucket/bitbucket-pipelines.yml +24 -0
  48. gitgalaxy-2.3.12/templates/github/gitgalaxy-pipeline.yml +37 -0
  49. gitgalaxy-2.3.12/tests/core_engine/test_delta_scanner.py +134 -0
  50. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/core_engine/test_detector.py +32 -2
  51. gitgalaxy-2.3.12/tests/core_engine/test_galaxyscope.py +1334 -0
  52. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/core_engine/test_prism.py +65 -1
  53. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/core_engine/test_signal_processor.py +100 -1
  54. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/core_engine/test_state_rehydrator.py +73 -1
  55. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/core_engine/test_zero_dependency.py +115 -1
  56. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/security_auditing/test_api_network_map.py +67 -103
  57. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/security_auditing/test_supply_chain_firewall.py +227 -82
  58. gitgalaxy-2.3.9/.github/workflows/gitgalaxy.yml +0 -82
  59. gitgalaxy-2.3.9/gitgalaxy/core/state_rehydrator.py +0 -104
  60. gitgalaxy-2.3.9/gitgalaxy.egg-info/scm_version.json +0 -8
  61. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/.flake8 +0 -0
  62. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/.github/CODEOWNERS +0 -0
  63. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/.github/ISSUE_TEMPLATE/parsing_discrepancy.yml +0 -0
  64. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/.github/dependabot.yml +0 -0
  65. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/.github/pull_request_template.md +0 -0
  66. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/.github/workflows/codeql.yml +0 -0
  67. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/.github/workflows/muninn.yml +0 -0
  68. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/.gitignore +0 -0
  69. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/.gitlab-ci.yml +0 -0
  70. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/CONTRIBUTING.md +0 -0
  71. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/LICENSE +0 -0
  72. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/MANIFEST.in +0 -0
  73. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/README.md +0 -0
  74. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/SECURITY.md +0 -0
  75. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/README.md +0 -0
  76. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/__init__.py +0 -0
  77. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/core/README.md +0 -0
  78. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/core/__init__.py +0 -0
  79. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/core/aperture.py +0 -0
  80. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/core/spatial_mapper.py +0 -0
  81. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/licensing.py +0 -0
  82. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/metrics/README.md +0 -0
  83. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/metrics/__init__.py +0 -0
  84. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/recorders/README.md +0 -0
  85. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/recorders/__init__.py +0 -0
  86. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/requirements.txt +0 -0
  87. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/security/README.md +0 -0
  88. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/security/__init__.py +0 -0
  89. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/security/manifest_parser.py +0 -0
  90. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/security/security_lens.py +0 -0
  91. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/standards/README.md +0 -0
  92. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/standards/__init__.py +0 -0
  93. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/standards/gitgalaxy_config.py +0 -0
  94. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/standards/how_to_add_a_language.md +0 -0
  95. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/standards/language_lens.py +0 -0
  96. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/README.md +0 -0
  97. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/__init__.py +0 -0
  98. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/ai_guardrails/README.md +0 -0
  99. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/ai_guardrails/ai_appsec_sensor.py +0 -0
  100. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/ai_guardrails/dev_agent_firewall.py +0 -0
  101. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_cobol/README.md +0 -0
  102. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_cobol/cobol_agent_task_forge.py +0 -0
  103. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_cobol/cobol_compiler_forge.py +0 -0
  104. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_cobol/cobol_dag_architect.py +0 -0
  105. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_cobol/cobol_etl_unpacker.py +0 -0
  106. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_cobol/cobol_graveyard_finder.py +0 -0
  107. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_cobol/cobol_jcl_auditor.py +0 -0
  108. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_cobol/cobol_jcl_forge.py +0 -0
  109. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_cobol/cobol_lexical_patcher.py +0 -0
  110. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_cobol/cobol_microservice_slicer.py +0 -0
  111. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_cobol/cobol_schema_forge.py +0 -0
  112. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_cobol/cobol_system_limits_reporter.py +0 -0
  113. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_java/README.md +0 -0
  114. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_java/batch_test_harness.py +0 -0
  115. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_java/cobol_to_java_agent_forge.py +0 -0
  116. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_java/cobol_to_java_api_contract_forge.py +0 -0
  117. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/cobol_to_java/cobol_to_java_build_forge.py +0 -0
  118. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/network_auditing/README.md +0 -0
  119. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/supply_chain_security/README.md +0 -0
  120. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy/tools/terabyte_log_scanning/README.md +0 -0
  121. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy.egg-info/dependency_links.txt +0 -0
  122. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy.egg-info/entry_points.txt +0 -0
  123. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy.egg-info/requires.txt +0 -0
  124. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/gitgalaxy.egg-info/top_level.txt +0 -0
  125. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/github-action-readme.md +0 -0
  126. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/mkdocs.yml +0 -0
  127. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/muninn.yml +0 -0
  128. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/pyproject.toml +0 -0
  129. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/setup.cfg +0 -0
  130. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/templates/azure/azure-pipelines.yml +0 -0
  131. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/templates/gitlab/scan.yml +0 -0
  132. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/templates/scan.yml +0 -0
  133. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/README.md +0 -0
  134. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/cobol_mainframe/readme.md +0 -0
  135. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/cobol_mainframe/test_cobol_agent_task_forge.py +0 -0
  136. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/cobol_mainframe/test_cobol_compiler_forge.py +0 -0
  137. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/cobol_mainframe/test_cobol_dag_architect.py +0 -0
  138. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/cobol_mainframe/test_cobol_etl_unpacker.py +0 -0
  139. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/cobol_mainframe/test_cobol_graveyard_finder.py +0 -0
  140. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/cobol_mainframe/test_cobol_jcl_auditor.py +0 -0
  141. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/cobol_mainframe/test_cobol_jcl_forge.py +0 -0
  142. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/cobol_mainframe/test_cobol_lexical_patcher.py +0 -0
  143. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/cobol_mainframe/test_cobol_microservice_slicer.py +0 -0
  144. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/cobol_mainframe/test_cobol_refractor_controller.py +0 -0
  145. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/cobol_mainframe/test_cobol_schema_forge.py +0 -0
  146. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/cobol_mainframe/test_cobol_system_limits_reporter.py +0 -0
  147. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/core_engine/readme.md +0 -0
  148. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/core_engine/test_aperture.py +0 -0
  149. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/core_engine/test_chronometer.py +0 -0
  150. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/core_engine/test_chronometer_timeout.py +0 -0
  151. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/core_engine/test_guidestar_lens.py +0 -0
  152. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/core_engine/test_language_lens.py +0 -0
  153. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/core_engine/test_language_standards_strict.py +0 -0
  154. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/core_engine/test_licensing.py +0 -0
  155. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/core_engine/test_manifest_parser.py +0 -0
  156. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/extraction/readme.md +0 -0
  157. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/extraction/test_args_extraction_strict.py +0 -0
  158. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/extraction/test_class_extraction_strict.py +0 -0
  159. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/extraction/test_dependency_extraction_strict.py +0 -0
  160. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/extraction/test_function_extraction_strict.py +0 -0
  161. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/golden_diff.py +0 -0
  162. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/golden_master_audit.json +0 -0
  163. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/golden_master_zero_dep_audit.json +0 -0
  164. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/security_auditing/readme.md +0 -0
  165. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/security_auditing/test_ai_appsec_sensor.py +0 -0
  166. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/security_auditing/test_binary_anomaly_detector.py +0 -0
  167. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/security_auditing/test_dev_agent_firewall.py +0 -0
  168. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/security_auditing/test_network_risk_sensor.py +0 -0
  169. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/security_auditing/test_pii_leak_hunter.py +0 -0
  170. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/security_auditing/test_redos_poison.py +0 -0
  171. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/security_auditing/test_security_auditor.py +0 -0
  172. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/security_auditing/test_security_lens.py +0 -0
  173. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/security_auditing/test_statistical_auditor.py +0 -0
  174. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/security_auditing/test_tensor_auditor.py +0 -0
  175. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/security_auditing/test_terabyte_log_scanner.py +0 -0
  176. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/security_auditing/test_vault_sentinel.py +0 -0
  177. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/tools_recorders/readme.md +0 -0
  178. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/tools_recorders/test_agent_forge.py +0 -0
  179. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/tools_recorders/test_audit_recorder.py +0 -0
  180. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/tools_recorders/test_batch_test_harness.py +0 -0
  181. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/tools_recorders/test_decoder_forge.py +0 -0
  182. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/tools_recorders/test_golden_forge.py +0 -0
  183. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/tools_recorders/test_gpu_recorder.py +0 -0
  184. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/tools_recorders/test_llm_recorder.py +0 -0
  185. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/tools_recorders/test_record_keeper.py +0 -0
  186. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/tools_recorders/test_sbom_generator.py +0 -0
  187. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/tests/tools_recorders/test_service_forge.py +0 -0
  188. {gitgalaxy-2.3.9 → gitgalaxy-2.3.12}/zizmor.yml +0 -0
@@ -0,0 +1,13 @@
1
+ galaxyscope:
2
+ SARIF_IGNORED_PATHS:
3
+ - "tests/"
4
+ - "mocks/"
5
+ - "vendor/"
6
+ - "gitgalaxy/standards/"
7
+ - "gitgalaxy/security/"
8
+ - "gitgalaxy/tools/"
9
+ - "templates/"
10
+ - ".github/workflows/"
11
+ SARIF_IGNORED_RULES:
12
+ - "GH-1022"
13
+ - "squid-protocol"
@@ -27,7 +27,7 @@ jobs:
27
27
  git config user.email 41898282+github-actions[bot]@users.noreply.github.com
28
28
 
29
29
  - name: Set up Python
30
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
30
+ uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
31
31
  with:
32
32
  python-version: "3.x"
33
33
 
@@ -0,0 +1,72 @@
1
+ name: Generate GitGalaxy Artifacts (Post-Gate)
2
+
3
+ on:
4
+ push:
5
+ branches:
6
+ - main
7
+ pull_request:
8
+ branches:
9
+ - main
10
+
11
+ permissions:
12
+ contents: write
13
+ security-events: write
14
+
15
+ jobs:
16
+ generate-compliance-artifacts:
17
+ runs-on: ubuntu-latest
18
+ steps:
19
+ - name: Checkout Repository
20
+ uses: actions/checkout@v4
21
+ with:
22
+ fetch-depth: 0
23
+
24
+ - name: Setup Python 3.12
25
+ uses: actions/setup-python@v5
26
+ with:
27
+ python-version: "3.12"
28
+ cache: "pip"
29
+
30
+ - name: Install GitGalaxy & Dependencies
31
+ run: |
32
+ python -m pip install --upgrade pip
33
+ pip install . networkx tiktoken xgboost pandas numpy
34
+
35
+ - name: Generate SARIF, SBOM, and LLM Brief
36
+ env:
37
+ GITGALAXY_LICENSE_KEY: "COMMUNITY_FREE_TIER"
38
+ run: |
39
+ # Execute galaxyscope
40
+ galaxyscope . --config .galaxyscope.yaml --sarif-only
41
+ galaxyscope . --config .galaxyscope.yaml --sbom-only
42
+ galaxyscope . --config .galaxyscope.yaml --llm-only
43
+
44
+ # Debug: Print the exact files generated
45
+ echo "=== FILES GENERATED BY GALAXYSC ==="
46
+ ls -la *_sarif* *.sarif *_sbom* *.json *_llm* || true
47
+
48
+ # Force rename them so the next steps can find them reliably
49
+ mv *_sarif* gitgalaxy-results_sarif.json 2>/dev/null || mv *.sarif gitgalaxy-results_sarif.json 2>/dev/null || true
50
+ mv *_sbom* gitgalaxy-sbom.json 2>/dev/null || true
51
+ mv *_llm.md gitgalaxy_architecture_brief.md 2>/dev/null || true
52
+
53
+ - name: Upload SARIF to GitHub Security Tab
54
+ uses: github/codeql-action/upload-sarif@v4
55
+ with:
56
+ sarif_file: gitgalaxy-results_sarif.json
57
+
58
+ - name: Upload SBOM as Build Artifact
59
+ uses: actions/upload-artifact@v4
60
+ with:
61
+ name: gitgalaxy-sbom
62
+ path: gitgalaxy-sbom.json
63
+
64
+ - name: Commit LLM Brief to Docs
65
+ if: github.event_name == 'push'
66
+ run: |
67
+ mkdir -p docs
68
+ mv gitgalaxy_architecture_brief.md docs/ || true
69
+ git config --global user.name "github-actions[bot]"
70
+ git config --global user.email "github-actions[bot]@users.noreply.github.com"
71
+ git add docs/gitgalaxy_architecture_brief.md
72
+ git diff --quiet && git diff --staged --quiet || (git commit -m "docs: auto-update LLM architectural brief" && git push)
@@ -0,0 +1,50 @@
1
+ name: GitGalaxy Zero-Trust Audit
2
+
3
+ on:
4
+ push:
5
+ branches: [ "feature/*" ]
6
+ pull_request:
7
+ branches: [ "main" ]
8
+
9
+ # REQUIRED: Grants the action permission to post to the Security tab
10
+ permissions:
11
+ contents: read
12
+ security-events: write
13
+
14
+ jobs:
15
+ spectral-audit:
16
+ runs-on: ubuntu-latest
17
+ steps:
18
+ - name: Checkout Repository
19
+ uses: actions/checkout@v4
20
+ with:
21
+ fetch-depth: 0
22
+
23
+ - name: Setup Python
24
+ uses: actions/setup-python@v5
25
+ with:
26
+ python-version: "3.12"
27
+ cache: "pip"
28
+
29
+ - name: Install GitGalaxy & Dependencies
30
+ run: |
31
+ python -m pip install --upgrade pip
32
+ pip install . networkx tiktoken xgboost pandas numpy
33
+
34
+ - name: Execute Spectral Audit
35
+ run: |
36
+ # Relaxed thresholds until --incremental or --ignore are implemented
37
+ galaxyscope . --config .galaxyscope.yaml --max-risk-exposure 120 --fail-on-malware --sarif-only --output gitgalaxy-results.json
38
+
39
+ - name: Upload SARIF to GitHub Security Tab
40
+ if: always()
41
+ uses: github/codeql-action/upload-sarif@v4
42
+ with:
43
+ sarif_file: gitgalaxy-results_sarif.json
44
+
45
+ - name: Upload SARIF as Build Artifact (Backup)
46
+ if: always()
47
+ uses: actions/upload-artifact@v4
48
+ with:
49
+ name: gitgalaxy-sarif-report
50
+ path: gitgalaxy-results_sarif.json
@@ -0,0 +1,53 @@
1
+ name: GitGalaxy Zero-Trust Pipeline
2
+
3
+ on:
4
+ push:
5
+ branches: [main]
6
+ pull_request:
7
+ branches: [main]
8
+
9
+ permissions:
10
+ contents: read
11
+
12
+ jobs:
13
+ vault-sentinel:
14
+ name: Vault Sentinel
15
+ runs-on: ubuntu-latest
16
+ steps:
17
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
18
+ with:
19
+ persist-credentials: false
20
+
21
+ - uses: ./
22
+ with:
23
+ tool: vault-sentinel
24
+ target: .
25
+ version: local
26
+
27
+ xray-inspector:
28
+ name: X-Ray Inspector
29
+ runs-on: ubuntu-latest
30
+ steps:
31
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
32
+ with:
33
+ persist-credentials: false
34
+
35
+ - uses: ./
36
+ with:
37
+ tool: xray-inspector
38
+ target: .
39
+ version: local
40
+
41
+ supply-chain-firewall:
42
+ name: Supply Chain Firewall
43
+ runs-on: ubuntu-latest
44
+ steps:
45
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
46
+ with:
47
+ persist-credentials: false
48
+
49
+ - uses: ./
50
+ with:
51
+ tool: supply-chain-firewall
52
+ target: .
53
+ version: local
@@ -18,7 +18,7 @@ jobs:
18
18
  persist-credentials: false
19
19
 
20
20
  - name: Setup Python 3.11
21
- uses: actions/setup-python@v5
21
+ uses: actions/setup-python@v6
22
22
  with:
23
23
  python-version: '3.11'
24
24
  cache: 'pip'
@@ -26,7 +26,7 @@ jobs:
26
26
  fetch-depth: 0
27
27
 
28
28
  - name: Set up Python
29
- uses: actions/setup-python@v5
29
+ uses: actions/setup-python@v6
30
30
  with:
31
31
  python-version: "3.10"
32
32
 
@@ -54,3 +54,19 @@ jobs:
54
54
  git remote add gitlab https://oauth2:${{ secrets.GITLAB_SYNC_TOKEN }}@gitlab.com/squid-protocol1/gitgalaxy.git
55
55
  git push -f gitlab HEAD:main
56
56
  git push -f --tags gitlab
57
+
58
+ bitbucket-sync:
59
+ name: Sync to Bitbucket Repository
60
+ needs: pypi-publish
61
+ runs-on: ubuntu-latest
62
+ steps:
63
+ - name: Checkout GitHub Repository
64
+ uses: actions/checkout@v4
65
+ with:
66
+ fetch-depth: 0
67
+
68
+ - name: Sync Code and Tags to Bitbucket
69
+ run: |
70
+ git remote add bitbucket https://${{ secrets.BITBUCKET_USERNAME }}:${{ secrets.BITBUCKET_SYNC_TOKEN }}@bitbucket.org/squid-protocol/gitgalaxy.git
71
+ git push -f bitbucket HEAD:main
72
+ git push -f --tags bitbucket
@@ -26,7 +26,7 @@ jobs:
26
26
  persist-credentials: false
27
27
 
28
28
  - name: Set up Python ${{ matrix.python-version }}
29
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
29
+ uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
30
30
  with:
31
31
  python-version: ${{ matrix.python-version }}
32
32
 
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: gitgalaxy
3
- Version: 2.3.9
3
+ Version: 2.3.12
4
4
  Summary: An AST-free, LLM-free zero-trust static analysis engine for mapping architectural risk, securing CI/CD pipelines, and modernizing legacy monoliths.
5
5
  Author: Joe Esquibel
6
6
  Project-URL: Homepage, https://gitgalaxy.io
@@ -32,7 +32,7 @@ runs:
32
32
  using: "composite"
33
33
  steps:
34
34
  - name: Set up Python
35
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
35
+ uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
36
36
  with:
37
37
  python-version: '3.10'
38
38
 
@@ -0,0 +1,33 @@
1
+ # GitGalaxy: CI/CD Distribution & Architecture Context
2
+
3
+ ## 1. Architectural Overview (The Hub and Spoke Model)
4
+ GitGalaxy utilizes a centralized distribution architecture to maintain a single source of truth while achieving maximum cross-platform compatibility.
5
+
6
+ * **The Hub (PyPI):** The compiled Python codebase (the blAST engine) is hosted exclusively on the Python Package Index.
7
+ * **The Spokes (GitHub, GitLab, Jenkins, etc.):** Enterprise CI/CD platforms do not host the engine natively. Instead, they use lightweight YAML wrappers to dynamically pull the engine via `pip install gitgalaxy` and execute it within their isolated runners.
8
+
9
+ This allows us to instantly push updates to Azure DevOps, Bitbucket, GitLab, and GitHub Actions simultaneously just by tagging a new release.
10
+
11
+ ## 2. Core CI/CD Configurations & Files
12
+
13
+ ### GitHub Actions (The Orchestrator)
14
+ GitHub acts as the central command center for the project's source code and deployment triggers.
15
+ * **`.github/workflows/publish.yml`**: The release pipeline. Triggered strictly by Git tags (e.g., `v2.4.1`). It builds the Python wheel/sdist and authenticates with PyPI via OIDC to publish the package.
16
+ * **`.github/workflows/gitlab-sync.yml`**: The mirror pipeline. Fires alongside the PyPI publish workflow. It securely pushes the latest code and tags directly to the `squid-protocol1/gitgalaxy` repository on GitLab, keeping both platforms in perfect sync.
17
+ * **`action.yml`**: The native GitHub Action wrapper. Allows GitHub users to invoke GitGalaxy using standard `uses: squid-protocol/gitgalaxy@v2` syntax.
18
+
19
+ ### GitLab CI/CD Catalog (The Enterprise Gate)
20
+ * **`scan.yml`**: The native GitLab CI/CD Component definition. This file defines the `gitgalaxy_scan` job, pulling the `python:3.12-slim` image, installing the engine from PyPI, and executing the Zero-Trust Spectral Audit with enterprise failure ratchets (`--max-risk-exposure`, `--fail-on-secrets`). It automatically exposes the generated `gitgalaxy-results_sarif.json` to GitLab's security dashboards.
21
+
22
+ ### Project Build & Versioning
23
+ * **`pyproject.toml`**: The modern Python build configuration. It defines dependencies, CLI entry points (like `galaxyscope` and `supply-chain-firewall`), and uses `setuptools_scm` to dynamically generate the package version directly from Git tags (e.g., matching the `v2.4.1` regex).
24
+
25
+ ## 3. Recent Engine Hardening & Security Patches
26
+
27
+ To support enterprise CI/CD environments, several critical stability and security patches were recently integrated:
28
+
29
+ * **CLI Pipeline Gates (`galaxyscope.py`)**: Added native `argparse` flags (`--fail-on-secrets`, `--fail-on-malware`, `--max-risk-exposure`) to allow CI/CD runners to programmatically fail builds when strict security thresholds are breached.
30
+ * **Regex ReDoS Armor (`language_standards.py`)**:
31
+ * Mitigated Catastrophic Backtracking (ReDoS) vulnerabilities in the C/C++ parser when handling massive, malformed K&R payload blocks by enforcing strict lazy consumers (`[^;{]*?;`).
32
+ * Patched the `_dependency_capture` regex for Python and JavaScript to strip line anchors, allowing the Supply Chain Firewall to accurately detect inline, dynamic, and comma-separated dependency imports (e.g., `import os, requests`).
33
+ * **Dependency Auditing (`requirements.txt`)**: Bumped `mistune>=3.2.2` to resolve a high-severity CPU exhaustion vulnerability (CVE-2026-49851) flagged by the Muninn Security Scanner in our documentation build chain.
@@ -1,10 +1,17 @@
1
1
  #!/usr/bin/env python3
2
2
  # ==============================================================================
3
+
4
+ # galaxyscope:ignore sec_db_hooks, sec_io, sec_high_risk_execution
3
5
  # GitGalaxy: COBOL Refractor Controller (v4.0 - Hybrid Enterprise Scale)
4
6
  # Purpose: Orchestrates the Universal Translator suite using a Hybrid
5
7
  # Intermediate Representation (IR) State Manager. Dynamically toggles
6
8
  # between high-speed RAM and SQLite3 to prevent OOM crashes.
7
9
  # ==============================================================================
10
+
11
+ # galaxyscope:ignore sec_db_hooks, sec_io, sec_high_risk_execution
12
+
13
+ # galaxyscope:ignore sec_db_hooks, sec_io, sec_high_risk_execution
14
+
8
15
  import argparse
9
16
  import sys
10
17
  import json
@@ -31,9 +38,13 @@ from gitgalaxy.tools.cobol_to_cobol.cobol_jcl_auditor import audit_zero_trust_jc
31
38
  from gitgalaxy.tools.cobol_to_cobol.cobol_agent_task_forge import forge_agent_jobs
32
39
 
33
40
  # ==============================================================================
41
+
42
+ # galaxyscope:ignore sec_db_hooks, sec_io, sec_high_risk_execution
34
43
  # THE SCALE SENSOR & HYBRID STATE MANAGER
35
44
  # ==============================================================================
36
45
 
46
+ # galaxyscope:ignore sec_db_hooks, sec_io, sec_high_risk_execution
47
+
37
48
 
38
49
  def calibrate_ir_medium(target_path: Path, max_files=2000, max_mb=200) -> tuple:
39
50
  """Scouts the repository to determine the safest IR storage medium."""
@@ -129,9 +140,13 @@ class IRStateManager:
129
140
 
130
141
 
131
142
  # ==============================================================================
143
+
144
+ # galaxyscope:ignore sec_db_hooks, sec_io, sec_high_risk_execution
132
145
  # THE PROCESSING PIPELINE
133
146
  # ==============================================================================
134
147
 
148
+ # galaxyscope:ignore sec_db_hooks, sec_io, sec_high_risk_execution
149
+
135
150
 
136
151
  def process_payload(filepath: Path, state_manager: IRStateManager, target_var: str = None) -> dict:
137
152
  """Processes a single COBOL payload through the enriched, shared-state pipeline."""
@@ -230,9 +245,13 @@ def process_payload(filepath: Path, state_manager: IRStateManager, target_var: s
230
245
 
231
246
 
232
247
  # ==============================================================================
248
+
249
+ # galaxyscope:ignore sec_db_hooks, sec_io, sec_high_risk_execution
233
250
  # MAIN ORCHESTRATION LOOP
234
251
  # ==============================================================================
235
252
 
253
+ # galaxyscope:ignore sec_db_hooks, sec_io, sec_high_risk_execution
254
+
236
255
 
237
256
  def main():
238
257
  from gitgalaxy.licensing import enforce_licensing_guard
@@ -1,5 +1,7 @@
1
1
  #!/usr/bin/env python3
2
2
  # ==============================================================================
3
+
4
+ # galaxyscope:ignore sec_io
3
5
  # GitGalaxy Tool: COBOL to Java Translation Controller
4
6
  #
5
7
  # PURPOSE:
@@ -17,6 +19,11 @@
17
19
  # the internal business logic to the AI agent, ensuring architectural integrity
18
20
  # and guaranteed compilability out-of-the-box.
19
21
  # ==============================================================================
22
+
23
+ # galaxyscope:ignore sec_io
24
+
25
+ # galaxyscope:ignore sec_io
26
+
20
27
  import argparse
21
28
  import sys
22
29
  import json
@@ -1,4 +1,6 @@
1
1
  # ==============================================================================
2
+
3
+ # galaxyscope:ignore sec_high_risk_execution
2
4
  # GitGalaxy
3
5
  # Copyright (c) 2026 Joe Esquibel
4
6
  #
@@ -7,6 +9,11 @@
7
9
  # A copy of the license can be found in the LICENSE file in the root directory
8
10
  # of this project, or at https://polyformproject.org/licenses/noncommercial/1.0.0/
9
11
  # ==============================================================================
12
+
13
+ # galaxyscope:ignore sec_high_risk_execution
14
+
15
+ # galaxyscope:ignore sec_high_risk_execution
16
+
10
17
  import re
11
18
  import math
12
19
  import logging
@@ -36,10 +43,14 @@ def get_token_mass(text: str, deep_scan: bool = False) -> Optional[int]:
36
43
 
37
44
 
38
45
  # ==============================================================================
46
+
47
+ # galaxyscope:ignore sec_high_risk_execution
39
48
  # GitGalaxy Phase 2.5 & 7.5: Logic Splicer & Topological Mapper
40
49
  # Strategy v6.3.0 Protocol: Fluid-State Counters, Language Sliding & Semantic Modes
41
50
  # ==============================================================================
42
51
 
52
+ # galaxyscope:ignore sec_high_risk_execution
53
+
43
54
 
44
55
  class FunctionNode(TypedDict, total=False):
45
56
  """Metadata for a surgically extracted functional logic block."""
@@ -97,9 +108,13 @@ class LogicData(TypedDict, total=False):
97
108
 
98
109
 
99
110
  # ==============================================================================
111
+
112
+ # galaxyscope:ignore sec_high_risk_execution
100
113
  # THE STRUCTURAL SIGNATURE CONFIGURATION MATRIX
101
114
  # ==============================================================================
102
115
 
116
+ # galaxyscope:ignore sec_high_risk_execution
117
+
103
118
 
104
119
  class ScopeParsingRegistry:
105
120
  """
@@ -419,7 +434,7 @@ class StructuralExtractor:
419
434
  # --- EXISTING STRUCTURAL PIPELINE ---
420
435
  segments = self._partition_segments(code_stream, self.primary_lang_id)
421
436
 
422
- equations, mitigation_telemetry, segment_spatial_maps, extracted_parents = self.coding_analysis(
437
+ equations, mitigation_telemetry, segment_spatial_maps, extracted_parents, threat_locations = self.coding_analysis(
423
438
  segments, regex_telemetry if profile_regex else None
424
439
  )
425
440
 
@@ -549,6 +564,7 @@ class StructuralExtractor:
549
564
  "financial_read_cost": (
550
565
  round((file_token_mass / 1000000) * 3.00, 5) if file_token_mass is not None else None
551
566
  ),
567
+ "threat_locations": threat_locations,
552
568
  }
553
569
  if profile_regex:
554
570
  result_payload["regex_telemetry"] = regex_telemetry
@@ -837,7 +853,7 @@ class StructuralExtractor:
837
853
 
838
854
  def coding_analysis(
839
855
  self, segments: List[Tuple[str, str, int]], regex_telemetry: dict = None
840
- ) -> Tuple[Dict[str, int], Dict[str, int], List[Dict[str, List[int]]], List[str]]:
856
+ ) -> Tuple[Dict[str, int], Dict[str, int], List[Dict[str, List[int]]], List[str], Dict[str, List[int]]]:
841
857
  counts: Dict[str, int] = {key: 0 for key in self.UNIVERSAL_METRICS_SCHEMA}
842
858
 
843
859
  # --- THE FIX: INJECT APPSEC SENSORS ---
@@ -855,8 +871,9 @@ class StructuralExtractor:
855
871
  }
856
872
  segment_spatial_maps = []
857
873
  extracted_parents = []
874
+ threat_locations: Dict[str, List[int]] = {}
858
875
 
859
- for seg_lang, seg_code, _ in segments:
876
+ for seg_lang, seg_code, current_line_offset in segments:
860
877
  # 1. Grab the language-specific rules
861
878
  rules = self.languages.get(seg_lang, {}).get("rules", {}).copy()
862
879
 
@@ -892,6 +909,11 @@ class StructuralExtractor:
892
909
  if hasattr(pattern, "finditer"):
893
910
  matches = list(pattern.finditer(seg_code))
894
911
  hit_indices = [m.start() for m in matches]
912
+
913
+ # ---> NEW: Offset to LOC Conversion <---
914
+ for m in matches:
915
+ line_number = current_line_offset + seg_code.count("\n", 0, m.start()) + 1
916
+ threat_locations.setdefault(mapped_key, []).append(line_number)
895
917
 
896
918
  # ---> THE LINEAGE EXTRACTOR <---
897
919
  # If the regex has 2+ capture groups, group 2 contains the inheritance mapping
@@ -900,7 +922,13 @@ class StructuralExtractor:
900
922
  if m.group(2):
901
923
  extracted_parents.append(m.group(2).strip())
902
924
  else:
903
- hit_indices = [m.start() for m in re.finditer(str(pattern), seg_code)]
925
+ matches = list(re.finditer(str(pattern), seg_code))
926
+ hit_indices = [m.start() for m in matches]
927
+
928
+ # ---> NEW: Offset to LOC Conversion <---
929
+ for m in matches:
930
+ line_number = current_line_offset + seg_code.count("\n", 0, m.start()) + 1
931
+ threat_locations.setdefault(mapped_key, []).append(line_number)
904
932
 
905
933
  c = len(hit_indices)
906
934
 
@@ -927,8 +955,12 @@ class StructuralExtractor:
927
955
  # ---> NEW: SPATIAL CORRELATION (Runs once per segment) <---
928
956
 
929
957
  # ==============================================================================
958
+
959
+ # galaxyscope:ignore sec_high_risk_execution
930
960
  # PHASE 4: AI APPSEC & ZERO-TRUST SENSORS (The Checkmarx/Bitwarden Defense)
931
961
  # ==============================================================================
962
+
963
+ # galaxyscope:ignore sec_high_risk_execution
932
964
  # 0a. The Exfiltration Distance Check
933
965
  if "memory_scraping" in spatial_map and "exfiltration_camouflage" in spatial_map:
934
966
  # Measures the physical call-path distance between the memory read and the socket
@@ -946,6 +978,8 @@ class StructuralExtractor:
946
978
  counts["rce_funnel"] += len(spatial_map["rce_funnel"]) * 50
947
979
  # ==============================================================================
948
980
 
981
+ # galaxyscope:ignore sec_high_risk_execution
982
+
949
983
  # 1. Taint Tracking (RCE Weaponization)
950
984
  if "sec_high_risk_execution" in spatial_map and ("sec_io" in spatial_map or "io" in spatial_map):
951
985
  io_hits = sorted(spatial_map.get("sec_io", []) + spatial_map.get("io", []))
@@ -1023,7 +1057,7 @@ class StructuralExtractor:
1023
1057
  counts["indent_spaces"] += len(re.findall(r"^[ ]{2,}(?=\S)", seg_code, flags=re.MULTILINE))
1024
1058
  segment_spatial_maps.append(spatial_map)
1025
1059
 
1026
- return counts, mitigations, segment_spatial_maps, extracted_parents
1060
+ return counts, mitigations, segment_spatial_maps, extracted_parents, threat_locations
1027
1061
 
1028
1062
  def comment_analysis(self, comment_stream: str, lang_id: str, counts: Dict[str, int]) -> Dict[str, int]:
1029
1063
  """
@@ -1065,9 +1099,13 @@ class StructuralExtractor:
1065
1099
  return counts
1066
1100
 
1067
1101
  # ==============================================================================
1102
+
1103
+ # galaxyscope:ignore sec_high_risk_execution
1068
1104
  # PRE-PROCESSING HELPERS
1069
1105
  # ==============================================================================
1070
1106
 
1107
+ # galaxyscope:ignore sec_high_risk_execution
1108
+
1071
1109
  def _apply_literal_shield(self, text: str, lang_id: str = None) -> str:
1072
1110
  """
1073
1111
  The Smarter Atomic Literal Shield: Handles C++ Raw Strings, Python Triple Quotes,
@@ -1185,9 +1223,13 @@ class StructuralExtractor:
1185
1223
  return "Anonymous_Block"
1186
1224
 
1187
1225
  # ==============================================================================
1226
+
1227
+ # galaxyscope:ignore sec_high_risk_execution
1188
1228
  # THE MASTER DISPATCHER
1189
1229
  # ==============================================================================
1190
1230
 
1231
+ # galaxyscope:ignore sec_high_risk_execution
1232
+
1191
1233
  def _function_slice(
1192
1234
  self,
1193
1235
  segments: List[Tuple[str, str, int]],
@@ -1255,9 +1297,13 @@ class StructuralExtractor:
1255
1297
  return all_satellites, global_impact
1256
1298
 
1257
1299
  # ==============================================================================
1300
+
1301
+ # galaxyscope:ignore sec_high_risk_execution
1258
1302
  # INTEGRATION MODES (Slicers)
1259
1303
  # ==============================================================================
1260
1304
 
1305
+ # galaxyscope:ignore sec_high_risk_execution
1306
+
1261
1307
  def _slice_by_labels(
1262
1308
  self,
1263
1309
  code: str,
@@ -1864,9 +1910,13 @@ class StructuralExtractor:
1864
1910
  return satellites, sum_fxn_impact
1865
1911
 
1866
1912
  # ==============================================================================
1913
+
1914
+ # galaxyscope:ignore sec_high_risk_execution
1867
1915
  # SHARED FUNCTIONAL METRICS ENGINE
1868
1916
  # ==============================================================================
1869
1917
 
1918
+ # galaxyscope:ignore sec_high_risk_execution
1919
+
1870
1920
  def _calculate_block_metrics(
1871
1921
  self,
1872
1922
  name: str,
@@ -1,12 +1,19 @@
1
1
  # ==============================================================================
2
+
3
+ # galaxyscope:ignore sec_io, llm_hooks
2
4
  # GitGalaxy
3
5
  # Copyright (c) 2026 Joe Esquibel
4
6
  #
5
7
  # This source code is licensed under the PolyForm Noncommercial License 1.0.0.
6
8
  # You may not use this file except in compliance with the License.
7
9
  # A copy of the license can be found in the LICENSE file in the root directory
8
- # of this project, or at [https://polyformproject.org/licenses/noncommercial/1.0.0/](https://polyformproject.org/licenses/noncommercial/1.0.0/)
10
+ # of this project, or at https://polyformproject.org/licenses/noncommercial/1.0.0/
9
11
  # ==============================================================================
12
+
13
+ # galaxyscope:ignore sec_io, llm_hooks
14
+
15
+ # galaxyscope:ignore sec_io, llm_hooks
16
+
10
17
  import re
11
18
  import os
12
19
  import json
@@ -17,10 +24,14 @@ from typing import Dict, Any, Optional, List, Tuple, Union
17
24
  from gitgalaxy.standards.gitgalaxy_config import GUIDESTAR_CONFIG
18
25
 
19
26
  # ==============================================================================
27
+
28
+ # galaxyscope:ignore sec_io, llm_hooks
20
29
  # GitGalaxy Phase 0.5: Sector Intelligence (The GuideStar Lens)
21
30
  # Strategy: v6.3.0 (Deep Manifest Inspection & Evidence Hierarchy)
22
31
  # ==============================================================================
23
32
 
33
+ # galaxyscope:ignore sec_io, llm_hooks
34
+
24
35
 
25
36
  class GuideStarLens:
26
37
  """
@@ -174,9 +185,13 @@ class GuideStarLens:
174
185
  }
175
186
 
176
187
  # ==============================================================================
188
+
189
+ # galaxyscope:ignore sec_io, llm_hooks
177
190
  # DEEP MANIFEST INSPECTION
178
191
  # ==============================================================================
179
192
 
193
+ # galaxyscope:ignore sec_io, llm_hooks
194
+
180
195
  def _scan_package_manifests(self):
181
196
  """Identifies authoritative project contextual baselines and parses their internal logic."""
182
197
  # Dynamically inject requirements.txt if it wasn't in the global config
@@ -316,9 +331,13 @@ class GuideStarLens:
316
331
  self._inject_intent_lock(filename, predicted_lang, 0.85, f"Execution Trigger ({prefix_clean})")
317
332
 
318
333
  # ==============================================================================
334
+
335
+ # galaxyscope:ignore sec_io, llm_hooks
319
336
  # EXPLICIT AUTHORITY
320
337
  # ==============================================================================
321
338
 
339
+ # galaxyscope:ignore sec_io, llm_hooks
340
+
322
341
  def _scan_gitattributes(self):
323
342
  """
324
343
  Parses .gitattributes for explicit linguist-language overrides.
@@ -370,9 +389,13 @@ class GuideStarLens:
370
389
  self.logger.debug(f"GuideStar: Deep inspection failed for .gitattributes: {e}")
371
390
 
372
391
  # ==============================================================================
392
+
393
+ # galaxyscope:ignore sec_io, llm_hooks
373
394
  # SECURITY EVASION DETECTION
374
395
  # ==============================================================================
375
396
 
397
+ # galaxyscope:ignore sec_io, llm_hooks
398
+
376
399
  def _scan_gitignore_evasion(self):
377
400
  """
378
401
  Scans .gitignore for hostile force-includes (e.g., !payload.so).
@@ -415,9 +438,13 @@ class GuideStarLens:
415
438
  self.logger.debug(f"GuideStar: Evasion inspection failed for .gitignore: {e}")
416
439
 
417
440
  # ==============================================================================
441
+
442
+ # galaxyscope:ignore sec_io, llm_hooks
418
443
  # DOCUMENTATION COVERAGE MAP
419
444
  # ==============================================================================
420
445
 
446
+ # galaxyscope:ignore sec_io, llm_hooks
447
+
421
448
  def _calculate_documentation_coverage(self):
422
449
  """
423
450
  Scans the repository for high-value architectural literature.