PyPI - kekkai-cli - Versions diffs - 1.0.4__py3-none-any.whl → 1.1.0__py3-none-any.whl - Mend

kekkai-cli 1.0.4py3-none-any.whl → 1.1.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

kekkai/cli.py +693 -14
kekkai/compliance/__init__.py +68 -0
kekkai/compliance/hipaa.py +235 -0
kekkai/compliance/mappings.py +136 -0
kekkai/compliance/owasp.py +517 -0
kekkai/compliance/owasp_agentic.py +267 -0
kekkai/compliance/pci_dss.py +205 -0
kekkai/compliance/soc2.py +209 -0
kekkai/dojo.py +91 -14
kekkai/fix/__init__.py +47 -0
kekkai/fix/audit.py +278 -0
kekkai/fix/differ.py +427 -0
kekkai/fix/engine.py +500 -0
kekkai/fix/prompts.py +251 -0
kekkai/output.py +10 -12
kekkai/report/__init__.py +41 -0
kekkai/report/compliance_matrix.py +98 -0
kekkai/report/generator.py +365 -0
kekkai/report/html.py +69 -0
kekkai/report/pdf.py +63 -0
kekkai/scanners/container.py +33 -3
kekkai/scanners/gitleaks.py +3 -1
kekkai/scanners/semgrep.py +1 -1
kekkai/scanners/trivy.py +1 -1
kekkai/threatflow/model_adapter.py +143 -1
kekkai_cli-1.1.0.dist-info/METADATA +359 -0
{kekkai_cli-1.0.4.dist-info → kekkai_cli-1.1.0.dist-info}/RECORD +33 -16
portal/enterprise/__init__.py +15 -2
portal/enterprise/licensing.py +88 -22
portal/web.py +9 -0
kekkai_cli-1.0.4.dist-info/METADATA +0 -135
{kekkai_cli-1.0.4.dist-info → kekkai_cli-1.1.0.dist-info}/WHEEL +0 -0
{kekkai_cli-1.0.4.dist-info → kekkai_cli-1.1.0.dist-info}/entry_points.txt +0 -0
{kekkai_cli-1.0.4.dist-info → kekkai_cli-1.1.0.dist-info}/top_level.txt +0 -0

kekkai/threatflow/model_adapter.py CHANGED Viewed

@@ -396,6 +396,143 @@ class RemoteModelAdapter(ModelAdapter):
             )
+class OllamaModelAdapter(ModelAdapter):
+    """Adapter for Ollama local LLM server.
+    Ollama provides an easy way to run local models with a simple API.
+    Install: curl -fsSL https://ollama.ai/install.sh | sh
+    Pull model: ollama pull tinyllama
+    """
+    def __init__(
+        self,
+        model_name: str = "tinyllama",
+        api_base: str | None = None,
+    ) -> None:
+        self._model_name = model_name
+        self._api_base = api_base or os.environ.get("OLLAMA_HOST") or "http://localhost:11434"
+    @property
+    def name(self) -> str:
+        return f"ollama:{self._model_name}"
+    @property
+    def is_local(self) -> bool:
+        return True  # Ollama runs locally
+    def generate(
+        self,
+        system_prompt: str,
+        user_prompt: str,
+        config: ModelConfig | None = None,
+    ) -> ModelResponse:
+        """Generate using Ollama API."""
+        import urllib.error
+        import urllib.request
+        config = config or ModelConfig()
+        start_time = time.time()
+        url = f"{self._api_base.rstrip('/')}/api/chat"
+        model = config.model_name or self._model_name
+        data = {
+            "model": model,
+            "messages": [
+                {"role": "system", "content": system_prompt},
+                {"role": "user", "content": user_prompt},
+            ],
+            "stream": False,
+            "options": {
+                "temperature": config.temperature,
+                "num_predict": config.max_tokens,
+            },
+        }
+        headers = {"Content-Type": "application/json"}
+        req = urllib.request.Request(  # noqa: S310  # nosec B310
+            url,
+            data=json.dumps(data).encode("utf-8"),
+            headers=headers,
+            method="POST",
+        )
+        try:
+            with urllib.request.urlopen(  # noqa: S310  # nosec B310
+                req, timeout=config.timeout_seconds
+            ) as resp:
+                response_data: dict[str, Any] = json.loads(resp.read().decode("utf-8"))
+            content = response_data.get("message", {}).get("content", "")
+            latency_ms = int((time.time() - start_time) * 1000)
+            # Ollama provides token counts in some responses
+            prompt_tokens = response_data.get("prompt_eval_count", 0)
+            completion_tokens = response_data.get("eval_count", 0)
+            return ModelResponse(
+                content=content,
+                model_name=response_data.get("model", model),
+                prompt_tokens=prompt_tokens,
+                completion_tokens=completion_tokens,
+                total_tokens=prompt_tokens + completion_tokens,
+                latency_ms=latency_ms,
+                raw_response=response_data,
+            )
+        except urllib.error.URLError as e:
+            error_msg = str(e)
+            if "Connection refused" in error_msg:
+                logger.error("Ollama not running. Start with: ollama serve")
+                return ModelResponse(
+                    content="[OLLAMA NOT RUNNING - Start with: ollama serve]",
+                    model_name=model,
+                    latency_ms=int((time.time() - start_time) * 1000),
+                )
+            logger.error("Ollama API error: %s", e)
+            return ModelResponse(
+                content="",
+                model_name=model,
+                latency_ms=int((time.time() - start_time) * 1000),
+            )
+        except Exception as e:
+            logger.error("Ollama request failed: %s", e)
+            return ModelResponse(
+                content="",
+                model_name=model,
+                latency_ms=int((time.time() - start_time) * 1000),
+            )
+    def health_check(self) -> bool:
+        """Check if Ollama is running and model is available."""
+        import urllib.request
+        try:
+            url = f"{self._api_base.rstrip('/')}/api/tags"
+            req = urllib.request.Request(url, method="GET")  # noqa: S310  # nosec B310
+            with urllib.request.urlopen(req, timeout=5) as resp:  # noqa: S310  # nosec B310
+                data: dict[str, list[dict[str, str]]] = json.loads(resp.read().decode())
+                models = [m.get("name", "") for m in data.get("models", [])]
+                # Check if our model is available (with or without :latest tag)
+                model_base = self._model_name.split(":")[0]
+                return any(model_base in m for m in models)
+        except Exception:
+            return False
+    def list_models(self) -> list[str]:
+        """List available models in Ollama."""
+        import urllib.request
+        try:
+            url = f"{self._api_base.rstrip('/')}/api/tags"
+            req = urllib.request.Request(url, method="GET")  # noqa: S310  # nosec B310
+            with urllib.request.urlopen(req, timeout=5) as resp:  # noqa: S310  # nosec B310
+                data: dict[str, list[dict[str, str]]] = json.loads(resp.read().decode())
+                return [m.get("name", "") for m in data.get("models", [])]
+        except Exception:
+            return []
 class MockModelAdapter(ModelAdapter):
     """Mock adapter for testing."""
@@ -461,7 +598,7 @@ def create_adapter(
     """Create a model adapter based on mode.
     Args:
-        mode: "local", "openai", "anthropic", or "mock"
+        mode: "local", "ollama", "openai", "anthropic", or "mock"
         config: Configuration for the adapter
     Returns:
@@ -473,6 +610,11 @@ def create_adapter(
         return MockModelAdapter()
     elif mode == "local":
         return LocalModelAdapter(model_path=config.model_path)
+    elif mode == "ollama":
+        return OllamaModelAdapter(
+            model_name=config.model_name or "tinyllama",
+            api_base=config.api_base,
+        )
     elif mode == "openai":
         return RemoteModelAdapter(
             api_key=config.api_key,

kekkai_cli-1.1.0.dist-info/METADATA ADDED Viewed

@@ -0,0 +1,359 @@
+Metadata-Version: 2.4
+Name: kekkai-cli
+Version: 1.1.0
+Summary: Kekkai monorepo (local-first AppSec orchestration + compliance checker)
+Requires-Python: >=3.12
+Description-Content-Type: text/markdown
+Requires-Dist: rich>=13.0.0
+Requires-Dist: jsonschema>=4.20.0
+Requires-Dist: textual>=0.50.0
+Requires-Dist: httpx>=0.24.0
+<p align="center">
+  <img src="https://raw.githubusercontent.com/kademoslabs/assets/main/logos/kekkai-slim.png" alt="Kekkai CLI Logo" width="250"/>
+</p>
+<p align="center"><strong>Security orchestration at developer speed.</strong></p>
+<p align="center"><i>One tool for the entire AppSec lifecycle: Predict, Detect, Triage, Manage.</i></p>
+<p align="center">
+  <img src="https://img.shields.io/github/actions/workflow/status/kademoslabs/kekkai/docker-publish.yml?logo=github"/>
+  <img src="https://img.shields.io/circleci/build/github/kademoslabs/kekkai?logo=circleci"/>
+  <img src="https://img.shields.io/pypi/v/kekkai-cli?pypiBaseUrl=https%3A%2F%2Fpypi.org&logo=pypi"/>
+</p>
+---
+# Kekkai
+Stop juggling security tools. **Kekkai orchestrates your entire AppSec lifecycle** — from AI-powered threat modeling to vulnerability management — in a single CLI.
+![Hero GIF](https://raw.githubusercontent.com/kademoslabs/assets/main/screenshots/kekkai-demo.gif)
+---
+## The Five Pillars
+| Pillar | Feature | Command | Description |
+|--------|---------|---------|-------------|
+| 🔮 **Predict** | AI Threat Modeling | `kekkai threatflow` | Generate STRIDE threat models before writing code |
+| 🔍 **Detect** | Unified Scanning | `kekkai scan` | Run Trivy, Semgrep, Gitleaks in isolated containers |
+| ✅ **Triage** | Interactive Review | `kekkai triage` | Review findings in a terminal UI, mark false positives |
+| 🚦 **Gate** | CI/CD Policy | `kekkai scan --ci` | Break builds on severity thresholds |
+| 📊 **Manage** | DefectDojo | `kekkai dojo up` | Spin up vulnerability management in 60 seconds |
+---
+## Quick Start (60 Seconds)
+### 1. Install
+```bash
+pipx install kekkai-cli
+```
+### 2. Predict (Threat Model)
+```bash
+kekkai threatflow --repo . --model-mode local
+# Generates THREATS.md with STRIDE analysis and Data Flow Diagram
+```
+### 3. Detect (Scan)
+```bash
+kekkai scan
+# Runs Trivy (CVEs), Semgrep (code), Gitleaks (secrets)
+# Outputs unified kekkai-report.json
+```
+### 4. Triage (Review)
+```bash
+kekkai triage
+# Interactive TUI to accept, reject, or ignore findings
+```
+### 5. Manage (DefectDojo)
+```bash
+kekkai dojo up --wait
+kekkai upload
+# Full vulnerability management platform + automated import
+```
+---
+## Why Kekkai?
+| Capability | Manual Approach | Kekkai |
+|------------|-----------------|--------|
+| **Tooling** | Install/update 5+ tools individually | One binary, auto-pulls scanner containers |
+| **Output** | Parse 5 different JSON formats | Unified `kekkai-report.json` |
+| **Threat Modeling** | Expensive consultants or whiteboarding | AI-generated `THREATS.md` locally |
+| **DefectDojo** | 200-line docker-compose + debugging | `kekkai dojo up` (one command) |
+| **Triage** | Read JSON files manually | Interactive terminal UI |
+| **CI/CD** | Complex bash scripts | `kekkai scan --ci --fail-on high` |
+| **PR Feedback** | Manual security review comments | Auto-comments on GitHub PRs |
+---
+## Feature Deep Dives
+### 🔮 ThreatFlow — AI-Powered Threat Modeling
+Generate STRIDE-aligned threat models and Mermaid.js Data Flow Diagrams from your codebase.
+```bash
+# Ollama (recommended - easy setup, privacy-preserving)
+ollama pull mistral
+kekkai threatflow --repo . --model-mode ollama --model-name mistral
+# Local GGUF model (requires llama-cpp-python)
+kekkai threatflow --repo . --model-mode local --model-path ./mistral-7b.gguf
+# Remote API (faster, requires API key)
+export KEKKAI_THREATFLOW_API_KEY="sk-..."
+kekkai threatflow --repo . --model-mode openai
+```
+**Output:** `THREATS.md` containing:
+- Attack surface analysis
+- STRIDE threat classification
+- Mermaid.js architecture diagram
+- Recommended mitigations
+[Full ThreatFlow Documentation →](docs/threatflow/README.md)
+---
+### 🔍 Unified Scanning
+Run industry-standard scanners without installing them individually. Each scanner runs in an isolated Docker container with security hardening.
+```bash
+kekkai scan                          # Scan current directory
+kekkai scan --repo /path/to/project  # Scan specific path
+kekkai scan --output results.json    # Custom output path
+```
+**Scanners Included:**
+| Scanner | Finds | Image |
+|---------|-------|-------|
+| Trivy | CVEs in dependencies | `aquasec/trivy:latest` |
+| Semgrep | Code vulnerabilities | `semgrep/semgrep:latest` |
+| Gitleaks | Hardcoded secrets | `zricethezav/gitleaks:latest` |
+**Container Security:**
+- Read-only filesystem
+- No network access
+- Memory limited (2GB)
+- No privilege escalation
+---
+### ✅ Interactive Triage TUI
+Stop reading JSON. Review security findings in your terminal.
+```bash
+kekkai triage
+```
+**Features:**
+- Navigate findings with keyboard
+- Mark as: Accept, Reject, False Positive, Ignore
+- Filter by severity, scanner, or status
+- Persist decisions in `.kekkai-ignore`
+- Export triaged results
+<!-- Screenshot placeholder: ![Triage TUI](https://raw.githubusercontent.com/kademoslabs/assets/main/screenshots/triage-tui.png) -->
+[Full Triage Documentation →](docs/triage/README.md)
+---
+### 🚦 CI/CD Policy Gate
+Automate security enforcement in your pipelines.
+```bash
+# Fail on any critical or high findings
+kekkai scan --ci --fail-on high
+# Fail only on critical
+kekkai scan --ci --fail-on critical
+# Custom threshold: fail on 5+ medium findings
+kekkai scan --ci --fail-on medium --max-findings 5
+```
+**Exit Codes:**
+| Code | Meaning |
+|------|---------|
+| 0 | No findings above threshold |
+| 1 | Findings exceed threshold |
+| 2 | Scanner error |
+**GitHub Actions Example:**
+```yaml
+- name: Security Scan
+  run: |
+    pipx install kekkai-cli
+    kekkai scan --ci --fail-on high
+```
+[Full CI Documentation →](docs/ci/ci-mode.md)
+---
+### 📊 DefectDojo Integration
+Spin up a complete vulnerability management platform locally.
+```bash
+kekkai dojo up --wait    # Start DefectDojo (Nginx, Postgres, Redis, Celery)
+kekkai dojo status       # Check service health
+kekkai upload            # Import scan results
+kekkai dojo down         # Stop and clean up (removes volumes)
+```
+**What You Get:**
+- DefectDojo web UI at `http://localhost:8080`
+- Automatic credential generation
+- Pre-configured for Kekkai imports
+- Clean teardown (no orphaned volumes)
+[Full Dojo Documentation →](docs/dojo/dojo.md)
+---
+### 🔔 GitHub PR Comments
+Get security feedback directly in pull requests.
+```bash
+export GITHUB_TOKEN="ghp_..."
+kekkai scan --github-comment
+```
+Kekkai will:
+1. Run all scanners
+2. Post findings as PR review comments
+3. Annotate specific lines with inline comments
+---
+## Installation
+### pipx (Recommended)
+Isolated environment, no conflicts with system Python.
+```bash
+pipx install kekkai-cli
+```
+### Homebrew (macOS/Linux)
+```bash
+brew install kademoslabs/tap/kekkai
+```
+### Scoop (Windows)
+```bash
+scoop bucket add kademoslabs https://github.com/kademoslabs/scoop-bucket
+scoop install kekkai
+```
+### Docker (No Python Required)
+```bash
+docker pull kademoslabs/kekkai:latest
+alias kekkai='docker run --rm -v "$(pwd):/repo" kademoslabs/kekkai:latest'
+```
+### pip (Traditional)
+```bash
+pip install kekkai-cli
+```
+---
+## Enterprise Features — Kekkai Portal
+For teams that need centralized management, **Kekkai Portal** provides:
+| Feature | Description |
+|---------|-------------|
+| **SAML 2.0 SSO** | Integrate with Okta, Azure AD, Google Workspace ([Setup Guide](docs/portal/saml-setup.md)) |
+| **Role-Based Access Control** | Fine-grained permissions per team/project ([RBAC Guide](docs/portal/rbac.md)) |
+| **Multi-Tenant Architecture** | Isolated environments per organization ([Architecture](docs/portal/multi-tenant.md)) |
+| **Aggregated Dashboards** | Centralized view of all CLI scan results |
+| **Audit Logging** | Cryptographically signed compliance trails |
+**Upgrade Path:**
+- CLI users can sync results to Portal: `kekkai upload` ([Sync Guide](docs/portal/cli-sync.md))
+- Portal provides dashboards for security managers
+- Self-hosted or Kademos-managed options ([Deployment Guide](docs/portal/deployment.md))
+[Contact us for Portal access →](mailto:sales@kademos.org)
+---
+## Security
+Kekkai is designed with security as a core principle:
+- **Container Isolation**: Scanners run in hardened Docker containers
+- **No Network Access**: Containers cannot reach external networks
+- **Local-First AI**: ThreatFlow can run entirely on your machine
+- **SLSA Level 3**: Release artifacts include provenance attestations
+- **Signed Images**: Docker images are Cosign-signed
+For vulnerability reports, see [SECURITY.md](SECURITY.md).
+---
+## Documentation
+| Guide | Description |
+|-------|-------------|
+| [Installation](docs/README.md#installation-methods) | All installation methods |
+| [ThreatFlow](docs/threatflow/README.md) | AI threat modeling setup |
+| [Dojo Quick Start](docs/dojo/dojo-quickstart.md) | DefectDojo in 5 minutes |
+| [CI Mode](docs/ci/ci-mode.md) | Pipeline integration |
+| [Portal](docs/portal/README.md) | Enterprise features overview |
+| [Portal SSO](docs/portal/saml-setup.md) | SAML 2.0 SSO configuration |
+| [Portal RBAC](docs/portal/rbac.md) | Role-based access control |
+| [Portal Deployment](docs/portal/deployment.md) | Self-hosted deployment |
+| [Security](docs/security/slsa-provenance.md) | SLSA provenance verification |
+---
+## CI/CD Status
+[![Kekkai Security Scan](https://github.com/kademoslabs/kekkai/actions/workflows/kekkai-pr-scan.yml/badge.svg)](https://github.com/kademoslabs/kekkai/actions/workflows/kekkai-pr-scan.yml)
+[![Docker Image Publish](https://github.com/kademoslabs/kekkai/actions/workflows/docker-publish.yml/badge.svg)](https://github.com/kademoslabs/kekkai/actions/workflows/docker-publish.yml)
+[![Docker Security Scan](https://github.com/kademoslabs/kekkai/actions/workflows/docker-security-scan.yml/badge.svg)](https://github.com/kademoslabs/kekkai/actions/workflows/docker-security-scan.yml)
+[![Cross-Platform Tests](https://github.com/kademoslabs/kekkai/actions/workflows/test-cross-platform.yml/badge.svg)](https://github.com/kademoslabs/kekkai/actions/workflows/test-cross-platform.yml)
+[![Release with SLSA Provenance](https://github.com/kademoslabs/kekkai/actions/workflows/release-slsa.yml/badge.svg)](https://github.com/kademoslabs/kekkai/actions/workflows/release-slsa.yml)
+---
+## Contributing
+We welcome contributions! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+---
+## License
+Apache-2.0 — See [LICENSE](LICENSE) for details.
+---
+<p align="center"><i>Built by <a href="https://kademos.org">Kademos Labs</a></i></p>

{kekkai_cli-1.0.4.dist-info → kekkai_cli-1.1.0.dist-info}/RECORD RENAMED Viewed

@@ -1,13 +1,25 @@
 kekkai/__init__.py,sha256=_VrBvJRyqHiXs31S8HOhATk_O2iy-ac0_9X7rHH75j8,143
-kekkai/cli.py,sha256=f_IsxjlmzYKwl_x_BNIlVYBnBnSNfKskwclJdGwhWAo,35705
+kekkai/cli.py,sha256=uCqs5KBqmOjNn9dCkj04H3Vq2lixQRsy2R4lCf_TJv8,60141
 kekkai/config.py,sha256=LE7bKsmv5dim5KnZya0V7_LtviNQ1V0pMN_6FyAsMpc,13084
-kekkai/dojo.py,sha256=DchLaTnDBwX0D14lTRdCtwql_II8aDEZ0JEq9F-n4MI,15887
+kekkai/dojo.py,sha256=erLdTMOioTyzVhXYW8xgdbU5Ro-KQx1OcTQN7_zemmY,18634
 kekkai/dojo_import.py,sha256=oI-vwpLITA7-U2_MxhaTp_PYfr5HqvcFy3VzKsWA6IY,6911
 kekkai/manifest.py,sha256=Ph5xGDKuVxMW1GVIisRhxUelaiVZQe-W5sZWsq4lHqs,1887
-kekkai/output.py,sha256=IJUZJK_Txhs7WPtSjtAR1eLes5Oqv2X7M8E3wmTO35M,5572
+kekkai/output.py,sha256=R-yyJm6tdD_uTA_8LoD6JHHO518vsQqZc4_jT7mGV-I,5500
 kekkai/paths.py,sha256=EcyG3CEOQFQygowu7O5Mp85dKkXWWvnm1h0j_BetGxY,1190
 kekkai/policy.py,sha256=0XCUH-SbnO1PsM-exjSFHYHRnLkiNa50QfkyPakwNko,9792
 kekkai/runner.py,sha256=MBFUiJ4sSVEGNbJ6cv-8p1WHaHqjio6yWEfr_K4GuTs,2037
+kekkai/compliance/__init__.py,sha256=FLcAb9Jr7AWwoesX8m8DlkZjdziVHWAB7iQLKEa4rmQ,1888
+kekkai/compliance/hipaa.py,sha256=-lWOeV0kZcbz7-5o76vW6VIS73vC3WsniLO7QUw-W7E,8470
+kekkai/compliance/mappings.py,sha256=Ky8lGnqvkHn2WpUFmMNg4bHvmtRSPWGHRbcXe9B54kM,4202
+kekkai/compliance/owasp.py,sha256=E0JxaW_w3abc8kBRz0dJohF1871RQY0k8EoJn1tV_Kk,13606
+kekkai/compliance/owasp_agentic.py,sha256=4GgjkiVOZ54ifg9xa_PBwHIanEDYe8WJDRARQGVd_Eg,8940
+kekkai/compliance/pci_dss.py,sha256=rQIhuO-ArcSUfxBs1O-eohMImaA5Q-kOIZoppJGuDwc,7789
+kekkai/compliance/soc2.py,sha256=Cj6UPSU-G1Wit36sa-zkIgLE5jUSV3u56mYKfz6TT-0,7435
+kekkai/fix/__init__.py,sha256=pjYo-9NACM6uX5K5ridTC6U1ZQ4P-arRd4VHbayHWyY,1305
+kekkai/fix/audit.py,sha256=3kch_5mUsMWRSqkhCADnmsQ0OFBJTpj1EiDl3nMXfI0,8747
+kekkai/fix/differ.py,sha256=RA-zQMdX7f8nK5fq7Blz498TghYEKz0c9leq7_bfBVE,13283
+kekkai/fix/engine.py,sha256=iQEP-MIrGUu95zda-ip9Cjj-O7wmK3UXMDsNByblD8M,16860
+kekkai/fix/prompts.py,sha256=oByag-PrQTwWh1FMTflUNIO9y0hr2cQL0zqLyueHu6s,7965
 kekkai/github/__init__.py,sha256=3EQ7LkRqgQwr5uTt7hNvVXLiKTpzE47woc8lZQjy5cE,386
 kekkai/github/commenter.py,sha256=v19pEctYJvUvA7e-t6eOA5dZaNIt16ocCxC92IUxQeM,5906
 kekkai/github/models.py,sha256=baW5prDEVncKrfC8aLoKjaTpPKYtRzZOBOg4Zje3qug,1340
@@ -18,13 +30,18 @@ kekkai/installer/extract.py,sha256=r4wYGCZ7zV2lIki5kns7t9bFRV1fahqOral8Jl7LZcQ,5
 kekkai/installer/manager.py,sha256=FqHTmHvTc2YkWWISvdS1uW7IZV6bHqyEg33TDb4Ldtc,7881
 kekkai/installer/manifest.py,sha256=oZFquI9pUtgtB4ZXontQND5D7m4WzjjJuybhlePk3k4,5544
 kekkai/installer/verify.py,sha256=ThtWfKnjrdx90_XBJclBGiw4yzTFs5HKoFJ0IyVPsMM,2186
+kekkai/report/__init__.py,sha256=TTjXFMAKSboWTLBiQ_kkarfneHwNY4nsjjXfjtRn5Ag,1036
+kekkai/report/compliance_matrix.py,sha256=WOz7Fr6Hkfl7agY2DKea7Ir0z6PtC2qT0RQgfUy_A_Q,3305
+kekkai/report/generator.py,sha256=E1hMqUm_tB1jFLa6yWQFytukl4w-LIgTQ9gsA1LpCsc,11893
+kekkai/report/html.py,sha256=6VJoyW08qPUWotzA0pDoO3s1Ll8E-2ypA7ldwBD_Pig,2363
+kekkai/report/pdf.py,sha256=zGwfEQo6419MpNz2TeB5sgLG_bsLsok0v6ellCMd0FA,1751
 kekkai/scanners/__init__.py,sha256=uKJqnBgcf47eJlDB3mvHpLsobR6M6N6uO2L0Dor1MaE,1552
 kekkai/scanners/base.py,sha256=uy7HgOaQxNcp6-X1gfXAecSYpKXaEsuVeluf6SwkbwM,2678
-kekkai/scanners/container.py,sha256=OhD0Meld_Zm4YcTuON91kx08Cj5h4R1FR0ABGbx7kQI,4197
+kekkai/scanners/container.py,sha256=A_qBZkUNVAowWeEQUVn8VPW4obRM8KtOk9rSqX7GQUA,5328
 kekkai/scanners/falco.py,sha256=Y0kjg9QArIZnXw8Q-EEZv8o7iUOehOY3jTKh3AMR1yU,7384
-kekkai/scanners/gitleaks.py,sha256=8hRWXsH_EMhkqGcP2AtJdaMWHmQa91XdG2oVnq8g-kI,7159
-kekkai/scanners/semgrep.py,sha256=v4RDV_mHv1UXqdhV7FSyQUCu0EUCOoERGzDVowqwgVA,6758
-kekkai/scanners/trivy.py,sha256=E0B31eomyNF0k3ULnDkqfFoQM54UtrIIFPm3jqgE9VA,7788
+kekkai/scanners/gitleaks.py,sha256=grm15elwFl9rtPFHImowxUTA72qnR24pqPIBIoujebY,7285
+kekkai/scanners/semgrep.py,sha256=0qE3F6kwfxvd3PsYqXBF2NCqz15IY4f3ZS9i3eQiEDE,6756
+kekkai/scanners/trivy.py,sha256=D8l7BnGc2GUKI2ykr7lTRmRXYM5W1rt0yOWD6CHS05w,7786
 kekkai/scanners/url_policy.py,sha256=0V4ESDd2R1MSyI1bs_WtFZxZpKX33O154qFIrD6uk5U,5209
 kekkai/scanners/zap.py,sha256=64NHzM-GF3oOV4UZ_W9N2v55mz91FPPg_k6hgcwlX1I,10932
 kekkai/scanners/backends/__init__.py,sha256=Rdo17FeCPGTI-1QeKtBSkg4NrW26RnvX9vgzdsxY5fg,372
@@ -36,7 +53,7 @@ kekkai/threatflow/artifacts.py,sha256=8h3IGk798U4Wkco4x0uKgzUsZCh7VfTOufwrxs7rTT
 kekkai/threatflow/chunking.py,sha256=0FNVnaQoU3FEmtjYHVaiLsKBSzHx6Vo4oozVwwWkOHM,9981
 kekkai/threatflow/core.py,sha256=CYLUI38n30zEq3DbUNI_H9mqBwwlPoL7TtFOiiwC3wI,15421
 kekkai/threatflow/mermaid.py,sha256=Brp-x-LUHMRjC7OBh4Vxzlk3NeCcdmWfWXlv7WL1ZdE,11579
-kekkai/threatflow/model_adapter.py,sha256=xqVPYc0rDys5RgvqJwR2VULJyzx8eToLQsOtKO1fKRE,15394
+kekkai/threatflow/model_adapter.py,sha256=Vl0wBWvBUxEGTmFghjwpp-N7Zt3qkpUSxrPVjKC5QgA,20647
 kekkai/threatflow/prompts.py,sha256=lgbj7FJ1c3UYj4ofGnlLoRmywYBfdAKY0QEHmIB_JFw,8525
 kekkai/threatflow/redaction.py,sha256=mGUcNQB6YPVKArtMrEYcXCWslgUiCkloiowY9IlZ1iY,7622
 kekkai/threatflow/sanitizer.py,sha256=uQsxYZ5VDXutZoj-WMl7fo5T07uHuQZqgVzoVMoaKec,22688
@@ -70,10 +87,10 @@ portal/api.py,sha256=4_hQwkUnP8P3EjCdB5Tb7uRcuH3H7M6GxTvwTTmhLv4,4066
 portal/auth.py,sha256=4K_Ya9W_2sZl2MF0FNVr9QASjTOKAO3CMdgGUuYbb9s,3102
 portal/tenants.py,sha256=91SOqzjGefcHXodfN8LIHER8boeSB-Jb-WoHPTWI5GI,11394
 portal/uploads.py,sha256=WhosreaTKFYHNKXW9F4jOmB_OwUl1YGtT5DeaXnRMqk,7352
-portal/web.py,sha256=nW9ShBI18TitVFxaN0OmGgqtMdUnv5UPZcBMT12VuvM,14173
-portal/enterprise/__init__.py,sha256=djxFlSUZ5-YwhT9SXJsAOaD1rRHDL14BXigh6l4WDC4,763
+portal/web.py,sha256=_9td07YYRiuCZZTpTzeKeoZzRBIwCXfWrjA7RBtJ5_8,14495
+portal/enterprise/__init__.py,sha256=V_JYiIaVv46MynUAhXs_w2aWjfY9x_WZ9tjOqUESaeQ,1000
 portal/enterprise/audit.py,sha256=VTm-M4gVKOxcBREqIJBs4r5wyqqqf1eCOsHi3FFiDcI,13772
-portal/enterprise/licensing.py,sha256=M8PFfE_v73UJL6Lfr4qhqfAGrvtJyPwDPb4SMRMGfV0,11002
+portal/enterprise/licensing.py,sha256=RSs_gPrJ33a3DDfAQY8VDJj51uXg4av43AgNsaGl-1Q,13775
 portal/enterprise/rbac.py,sha256=vrZoyIVmWM0C90CIgZaprwqhiDbAM-ggNNg36Zu-5lU,8548
 portal/enterprise/saml.py,sha256=TXHBbILI7qMe0ertcFPnuSUSPbJzEeBiHmZzhY9-Ix8,20367
 portal/ops/__init__.py,sha256=ZyEYmFM_4LFWfQfgp9Kh2vqmolSjVKFdk1vX1vkhjqc,1391
@@ -83,8 +100,8 @@ portal/ops/monitoring.py,sha256=xhLbKjVaob709K4x0dEsOo4lh7Ddm2A4UE2ZmhfmMtI,1790
 portal/ops/restore.py,sha256=rgzKoBIilgoPPv5gZhSSBuLKG1skKw5ryoCRR3d7CPQ,17058
 portal/ops/secrets.py,sha256=wu2bUfJGctbGjyuGUgvUc_Y6IH1SCW16dExtqcKu_kg,14338
 portal/ops/upgrade.py,sha256=fXsIXCJYYABdWDECDXkt7F2PidzNtO6Zr-g0Y5PLlVU,20106
-kekkai_cli-1.0.4.dist-info/METADATA,sha256=1pSlurcZ2U9rmTL-lu0cZwDrr8v0eWJZwQKlBXxIW7s,3652
-kekkai_cli-1.0.4.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-kekkai_cli-1.0.4.dist-info/entry_points.txt,sha256=WUEX6IISnRcwlQAdhisPfIIV3Us2MYCwtJoyPpLJO44,75
-kekkai_cli-1.0.4.dist-info/top_level.txt,sha256=u0J4T-Rnb0cgs0LfzZAUNt6nx1d5l7wKn8vOuo9FBEY,26
-kekkai_cli-1.0.4.dist-info/RECORD,,
+kekkai_cli-1.1.0.dist-info/METADATA,sha256=-5dvVJg243pTFzu4MPaQQPICRaWzIwZTPXMH0h9hvC0,10828
+kekkai_cli-1.1.0.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+kekkai_cli-1.1.0.dist-info/entry_points.txt,sha256=WUEX6IISnRcwlQAdhisPfIIV3Us2MYCwtJoyPpLJO44,75
+kekkai_cli-1.1.0.dist-info/top_level.txt,sha256=u0J4T-Rnb0cgs0LfzZAUNt6nx1d5l7wKn8vOuo9FBEY,26
+kekkai_cli-1.1.0.dist-info/RECORD,,

portal/enterprise/__init__.py CHANGED Viewed

@@ -4,22 +4,34 @@ Provides:
 - RBAC (Role-Based Access Control)
 - SAML 2.0 SSO integration
 - Audit logging
-- Enterprise license gating
+- Enterprise license gating (ECDSA asymmetric signing)
 """
 from __future__ import annotations
 from .audit import AuditEvent, AuditEventType, AuditLog
-from .licensing import EnterpriseLicense, LicenseStatus, LicenseValidator
+from .licensing import (
+    EnterpriseLicense,
+    LicenseCheckResult,
+    LicenseSigner,
+    LicenseStatus,
+    LicenseValidator,
+    generate_keypair,
+)
 from .rbac import AuthorizationResult, Permission, RBACManager, Role
 from .saml import SAMLAssertion, SAMLConfig, SAMLError, SAMLProcessor
+ENTERPRISE_AVAILABLE = True
 __all__ = [
+    "ENTERPRISE_AVAILABLE",
     "AuditEvent",
     "AuditEventType",
     "AuditLog",
     "AuthorizationResult",
     "EnterpriseLicense",
+    "LicenseCheckResult",
+    "LicenseSigner",
     "LicenseStatus",
     "LicenseValidator",
     "Permission",
@@ -29,4 +41,5 @@ __all__ = [
     "SAMLConfig",
     "SAMLError",
     "SAMLProcessor",
+    "generate_keypair",
 ]

kekkai-cli 1.0.4__py3-none-any.whl → 1.1.0__py3-none-any.whl

kekkai-cli 1.0.4py3-none-any.whl → 1.1.0py3-none-any.whl