kekkai-cli 1.0.5__py3-none-any.whl → 1.1.1__py3-none-any.whl

kekkai/triage/loader.py

@@ -0,0 +1,196 @@
+"""Triage findings loader with scanner format detection.
+
+Supports loading findings from:
+- Native triage JSON (list or {"findings": [...]})
+- Raw scanner outputs (Semgrep/Trivy/Gitleaks)
+- Run directories (aggregates all *-results.json)
+"""
+
+from __future__ import annotations
+
+import json
+from pathlib import Path
+from typing import TYPE_CHECKING, Any
+
+if TYPE_CHECKING:
+    from ..scanners.base import Finding
+    from ..scanners.base import Severity as ScannerSeverity
+
+from .models import FindingEntry
+from .models import Severity as TriageSeverity
+
+__all__ = [
+    "load_findings_from_path",
+]
+
+# Size limits for DoS mitigation (ASVS V10.3.3)
+MAX_FILE_SIZE_MB = 200
+WARN_FILE_SIZE_MB = 50
+
+
+def load_findings_from_path(
+    path: Path,
+) -> tuple[list[FindingEntry], list[str]]:
+    """Load findings from file or directory.
+
+    Supports:
+    - Unified report (kekkai-report.json) - PREFERRED
+    - Native triage JSON (list or {"findings": [...]})
+    - Raw scanner outputs (Semgrep/Trivy/Gitleaks)
+    - Run directories (aggregates all *-results.json)
+
+    Priority:
+    1. kekkai-report.json (unified report)
+    2. *-results.json (individual scanner outputs)
+    3. Any other JSON files (excluding metadata)
+
+    Args:
+        path: Path to findings file or run directory.
+
+    Returns:
+        Tuple of (findings, error_messages).
+        Error messages include filename only (no full paths) per ASVS V7.4.1.
+    """
+    errors: list[str] = []
+
+    # Determine input type
+    if path.is_dir():
+        # Priority 1: Check for unified report first
+        unified_report = path / "kekkai-report.json"
+        if unified_report.exists():
+            files = [unified_report]
+        else:
+            # Priority 2: Prefer canonical scan outputs
+            files = sorted(path.glob("*-results.json"))
+            if not files:
+                # Priority 3: Fallback to all JSON (excluding metadata files)
+                files = sorted(
+                    [
+                        p
+                        for p in path.glob("*.json")
+                        if p.name not in ("run.json", "policy-result.json")
+                    ]
+                )
+    else:
+        files = [path]
+
+    findings: list[FindingEntry] = []
+    for file in files:
+        # Check if file exists first
+        if not file.exists():
+            errors.append(f"{file.name}: OSError")
+            continue
+
+        # Size check (DoS mitigation per ASVS V10.3.3)
+        size_mb = file.stat().st_size / (1024 * 1024)
+        if size_mb > MAX_FILE_SIZE_MB:
+            msg = f"{file.name}: file too large ({size_mb:.1f} MB, max {MAX_FILE_SIZE_MB} MB)"
+            errors.append(msg)
+            continue
+
+        try:
+            content = file.read_text(encoding="utf-8")
+            if not content.strip():
+                continue
+            data = json.loads(content)
+        except (OSError, json.JSONDecodeError) as exc:
+            # ASVS V7.4.1: Don't leak full path, only filename
+            errors.append(f"{file.name}: {type(exc).__name__}")
+            continue
+
+        # Detect format and parse
+        try:
+            batch = _parse_findings(data, file.stem)
+            findings.extend(batch)
+        except Exception as exc:
+            errors.append(f"{file.name}: unsupported format ({str(exc)[:50]})")
+
+    # Deduplicate by stable key
+    seen: set[str] = set()
+    deduped: list[FindingEntry] = []
+    for f in findings:
+        key = f"{f.scanner}:{f.rule_id}:{f.file_path}:{f.line}"
+        if key not in seen:
+            seen.add(key)
+            deduped.append(f)
+
+    return deduped, errors
+
+
+def _parse_findings(data: Any, stem: str) -> list[FindingEntry]:
+    """Parse findings from JSON data.
+
+    Args:
+        data: Parsed JSON data.
+        stem: File stem (used to detect scanner type).
+
+    Returns:
+        List of FindingEntry objects.
+
+    Raises:
+        ValueError: If format is unknown or scanner not found.
+    """
+    # Try native triage format first (ASVS V5.1.2: strongly typed validation)
+    if isinstance(data, list) and data and isinstance(data[0], dict) and "scanner" in data[0]:
+        return [FindingEntry.from_dict(item) for item in data]
+
+    if isinstance(data, dict) and "findings" in data:
+        findings_data = data["findings"]
+        if isinstance(findings_data, list):
+            return [FindingEntry.from_dict(item) for item in findings_data]
+
+    # Try scanner-specific format
+    scanner_name = stem.replace("-results", "")
+
+    # Lazy import to avoid circular dependency
+    from ..cli import _create_scanner
+
+    scanner = _create_scanner(scanner_name)
+    if not scanner:
+        raise ValueError(f"Unknown scanner: {scanner_name}")
+
+    # Use canonical scanner parser (reuses validated logic)
+    raw_json = json.dumps(data)
+    canonical_findings = scanner.parse(raw_json)
+
+    # Convert to triage format
+    return [_finding_to_entry(f) for f in canonical_findings]
+
+
+def _finding_to_entry(f: Finding) -> FindingEntry:
+    """Convert scanner Finding to triage FindingEntry.
+
+    Args:
+        f: Scanner Finding object.
+
+    Returns:
+        Triage FindingEntry object.
+    """
+    return FindingEntry(
+        id=f.dedupe_hash(),
+        title=f.title,
+        severity=_map_severity(f.severity),
+        scanner=f.scanner,
+        file_path=f.file_path or "",
+        line=f.line,
+        description=f.description,
+        rule_id=f.rule_id or "",
+    )
+
+
+def _map_severity(s: ScannerSeverity) -> TriageSeverity:
+    """Map scanner Severity to triage Severity.
+
+    Both use the same enum values, just different type namespaces.
+
+    Args:
+        s: Scanner severity enum.
+
+    Returns:
+        Triage severity enum.
+    """
+    try:
+        return TriageSeverity(s.value)
+    except ValueError:
+        # Fallback to INFO for unknown severities
+        return TriageSeverity.INFO

kekkai_cli-1.1.1.dist-info/METADATA

@@ -0,0 +1,379 @@
+Metadata-Version: 2.4
+Name: kekkai-cli
+Version: 1.1.1
+Summary: Kekkai monorepo (local-first AppSec orchestration + compliance checker)
+Requires-Python: >=3.12
+Description-Content-Type: text/markdown
+Requires-Dist: rich>=13.0.0
+Requires-Dist: jsonschema>=4.20.0
+Requires-Dist: textual>=0.50.0
+Requires-Dist: httpx>=0.24.0
+
+<p align="center">
+  <img src="https://raw.githubusercontent.com/kademoslabs/assets/main/logos/kekkai-slim.png" alt="Kekkai CLI Logo" width="250"/>
+</p>
+
+<p align="center"><strong>Security orchestration at developer speed.</strong></p>
+<p align="center"><i>One tool for the entire AppSec lifecycle: Predict, Detect, Triage, Manage.</i></p>
+
+<p align="center">
+  <img src="https://img.shields.io/github/actions/workflow/status/kademoslabs/kekkai/docker-publish.yml?logo=github"/>
+  <img src="https://img.shields.io/circleci/build/github/kademoslabs/kekkai?logo=circleci"/>
+  <img src="https://img.shields.io/pypi/v/kekkai-cli?pypiBaseUrl=https%3A%2F%2Fpypi.org&logo=pypi"/>
+</p>
+
+---
+
+# Kekkai
+
+Stop juggling security tools. **Kekkai orchestrates your entire AppSec lifecycle** — from AI-powered threat modeling to vulnerability management — in a single CLI.
+
+![Hero GIF](https://raw.githubusercontent.com/kademoslabs/assets/main/screenshots/kekkai-start.gif)
+
+---
+
+## The Five Pillars
+
+| Pillar | Feature | Command | Description |
+|--------|---------|---------|-------------|
+| 🔮 **Predict** | AI Threat Modeling | `kekkai threatflow` | Generate STRIDE threat models before writing code |
+| 🔍 **Detect** | Unified Scanning | `kekkai scan` | Run Trivy, Semgrep, Gitleaks in isolated containers |
+| ✅ **Triage** | Interactive Review | `kekkai triage` | Review findings in a terminal UI, mark false positives |
+| 🚦 **Gate** | CI/CD Policy | `kekkai scan --ci` | Break builds on severity thresholds |
+| 📊 **Manage** | DefectDojo | `kekkai dojo up` | Spin up vulnerability management in 60 seconds |
+
+---
+
+## Quick Start (60 Seconds)
+
+### 1. Install
+
+```bash
+pipx install kekkai-cli
+```
+
+### 2. Predict (Threat Model)
+
+```bash
+kekkai threatflow --repo . --model-mode local
+# Generates THREATS.md with STRIDE analysis and Data Flow Diagram
+```
+
+### 3. Detect (Scan)
+
+```bash
+kekkai scan
+# Runs Trivy (CVEs), Semgrep (code), Gitleaks (secrets)
+# Outputs unified kekkai-report.json
+```
+
+### 4. Triage (Review)
+
+```bash
+kekkai triage
+# Interactive TUI to accept, reject, or ignore findings
+```
+
+### 5. Manage (DefectDojo)
+
+```bash
+kekkai dojo up --wait
+kekkai upload
+# Full vulnerability management platform + automated import
+```
+
+---
+
+## Why Kekkai?
+
+| Capability | Manual Approach | Kekkai |
+|------------|-----------------|--------|
+| **Tooling** | Install/update 5+ tools individually | One binary, auto-pulls scanner containers |
+| **Output** | Parse 5 different JSON formats | Unified `kekkai-report.json` |
+| **Threat Modeling** | Expensive consultants or whiteboarding | AI-generated `THREATS.md` locally |
+| **DefectDojo** | 200-line docker-compose + debugging | `kekkai dojo up` (one command) |
+| **Triage** | Read JSON files manually | Interactive terminal UI |
+| **CI/CD** | Complex bash scripts | `kekkai scan --ci --fail-on high` |
+| **PR Feedback** | Manual security review comments | Auto-comments on GitHub PRs |
+
+---
+
+## Feature Deep Dives
+
+### 🔮 ThreatFlow — AI-Powered Threat Modeling
+
+Generate STRIDE-aligned threat models and Mermaid.js Data Flow Diagrams from your codebase.
+
+![Hero GIF](https://raw.githubusercontent.com/kademoslabs/assets/main/screenshots/kekkai-threatflow.gif)
+
+```bash
+# Ollama (recommended - easy setup, privacy-preserving)
+ollama pull mistral
+kekkai threatflow --repo . --model-mode ollama --model-name mistral
+
+# Local GGUF model (requires llama-cpp-python)
+kekkai threatflow --repo . --model-mode local --model-path ./mistral-7b.gguf
+
+# Remote API (faster, requires API key)
+export KEKKAI_THREATFLOW_API_KEY="sk-..."
+kekkai threatflow --repo . --model-mode openai
+```
+
+**Output:** `THREATS.md` containing:
+- Attack surface analysis
+- STRIDE threat classification
+- Mermaid.js architecture diagram
+- Recommended mitigations
+
+[Full ThreatFlow Documentation →](docs/threatflow/README.md)
+
+---
+
+### 🔍 Unified Scanning
+
+Run industry-standard scanners without installing them individually. Each scanner runs in an isolated Docker container with security hardening.
+
+```bash
+kekkai scan                          # Scan current directory
+kekkai scan --repo /path/to/project  # Scan specific path
+kekkai scan --output results.json    # Custom output path
+```
+
+**Scanners Included:**
+| Scanner | Finds | Image |
+|---------|-------|-------|
+| Trivy | CVEs in dependencies | `aquasec/trivy:latest` |
+| Semgrep | Code vulnerabilities | `semgrep/semgrep:latest` |
+| Gitleaks | Hardcoded secrets | `zricethezav/gitleaks:latest` |
+
+**Container Security:**
+- Read-only filesystem
+- No network access
+- Memory limited (2GB)
+- No privilege escalation
+
+---
+
+### ✅ Interactive Triage TUI
+
+Stop reading JSON. Review security findings in your terminal.
+
+```bash
+kekkai triage
+```
+
+**Features:**
+- Navigate findings with keyboard
+- Mark as: Accept, Reject, False Positive, Ignore
+- Filter by severity, scanner, or status
+- Persist decisions in `.kekkai-ignore`
+- Export triaged results
+
+<!-- Screenshot placeholder: ![Triage TUI](https://raw.githubusercontent.com/kademoslabs/assets/main/screenshots/triage-tui.png) -->
+
+[Full Triage Documentation →](docs/triage/README.md)
+
+---
+
+### 🚦 CI/CD Policy Gate
+
+Automate security enforcement in your pipelines.
+
+<p align="center">
+  <img src="https://raw.githubusercontent.com/kademoslabs/assets/main/screenshots/kekkai-scan.png" alt="Kekkai Scanning" width="650"/>
+</p>
+
+```bash
+# Fail on any critical or high findings
+kekkai scan --ci --fail-on high
+
+# Fail only on critical
+kekkai scan --ci --fail-on critical
+
+# Custom threshold: fail on 5+ medium findings
+kekkai scan --ci --fail-on medium --max-findings 5
+```
+
+**Exit Codes:**
+| Code | Meaning |
+|------|---------|
+| 0 | No findings above threshold |
+| 1 | Findings exceed threshold |
+| 2 | Scanner error |
+
+**GitHub Actions Example:**
+
+```yaml
+- name: Security Scan
+  run: |
+    pipx install kekkai-cli
+    kekkai scan --ci --fail-on high
+```
+
+[Full CI Documentation →](docs/ci/ci-mode.md)
+
+---
+
+### 📊 DefectDojo Integration
+
+Spin up a complete vulnerability management platform locally.
+
+<p align="center">
+  <img src="https://raw.githubusercontent.com/kademoslabs/assets/main/screenshots/kekkai-dojo.png" alt="Kekkai Dojo" width="650"/>
+</p>
+
+```bash
+kekkai dojo up --wait    # Start DefectDojo (Nginx, Postgres, Redis, Celery)
+kekkai dojo status       # Check service health
+kekkai upload            # Import scan results
+kekkai dojo down         # Stop and clean up (removes volumes)
+```
+
+**What You Get:**
+- DefectDojo web UI at `http://localhost:8080`
+- Automatic credential generation
+- Pre-configured for Kekkai imports
+- Clean teardown (no orphaned volumes)
+
+<p align="center">
+  <img src="https://raw.githubusercontent.com/kademoslabs/assets/main/screenshots/Active-Engagements-kekkai-dojo.png" alt="Kekkai Dojo" width="850"/>
+</p>
+
+<p align="center">
+  <img src="https://raw.githubusercontent.com/kademoslabs/assets/main/screenshots/kekkai-dojo-dashboard-findings.png" alt="Kekkai Dojo" width="850"/>
+</p
+
+[Full Dojo Documentation →](docs/dojo/dojo.md)
+
+---
+
+### 🔔 GitHub PR Comments
+
+Get security feedback directly in pull requests.
+
+```bash
+export GITHUB_TOKEN="ghp_..."
+kekkai scan --github-comment
+```
+
+Kekkai will:
+1. Run all scanners
+2. Post findings as PR review comments
+3. Annotate specific lines with inline comments
+
+---
+
+## Installation
+
+### pipx (Recommended)
+
+Isolated environment, no conflicts with system Python.
+
+```bash
+pipx install kekkai-cli
+```
+
+### Homebrew (macOS/Linux)
+
+```bash
+brew install kademoslabs/tap/kekkai
+```
+
+### Scoop (Windows)
+
+```bash
+scoop bucket add kademoslabs https://github.com/kademoslabs/scoop-bucket
+scoop install kekkai
+```
+
+### Docker (No Python Required)
+
+```bash
+docker pull kademoslabs/kekkai:latest
+alias kekkai='docker run --rm -v "$(pwd):/repo" kademoslabs/kekkai:latest'
+```
+
+### pip (Traditional)
+
+```bash
+pip install kekkai-cli
+```
+
+---
+
+## Enterprise Features
+
+For organizations that need advanced capabilities, **Kekkai Enterprise** provides:
+
+| Feature | Description |
+|---------|-------------|
+| **Multi-Tenant Portal** | Web dashboard for managing multiple teams/projects ([Learn More](docs/portal/README.md)) |
+| **SAML 2.0 SSO** | Integrate with Okta, Azure AD, Google Workspace |
+| **Role-Based Access Control** | Fine-grained permissions per team/project |
+| **Advanced Operations** | Automated backup/restore, monitoring, zero-downtime upgrades ([Learn More](docs/ops/README.md)) |
+| **Compliance Reporting** | Map findings to OWASP, PCI-DSS, HIPAA, SOC 2 |
+| **Audit Logging** | Cryptographically signed compliance trails |
+
+**Architecture:**
+- Open-source CLI remains fully functional standalone
+- Enterprise features available in separate private repository for licensed customers
+- Optional integration: CLI can sync results to enterprise portal
+- Self-hosted or Kademos-managed deployment options
+
+[Contact us for enterprise access →](mailto:sales@kademos.org)
+
+---
+
+## Security
+
+Kekkai is designed with security as a core principle:
+
+- **Container Isolation**: Scanners run in hardened Docker containers
+- **No Network Access**: Containers cannot reach external networks
+- **Local-First AI**: ThreatFlow can run entirely on your machine
+- **SLSA Level 3**: Release artifacts include provenance attestations
+- **Signed Images**: Docker images are Cosign-signed
+
+For vulnerability reports, see [SECURITY.md](SECURITY.md).
+
+---
+
+## Documentation
+
+| Guide | Description |
+|-------|-------------|
+| [Installation](docs/README.md#installation-methods) | All installation methods |
+| [ThreatFlow](docs/threatflow/README.md) | AI threat modeling setup |
+| [Dojo Quick Start](docs/dojo/dojo-quickstart.md) | DefectDojo in 5 minutes |
+| [CI Mode](docs/ci/ci-mode.md) | Pipeline integration |
+| [Portal](docs/portal/README.md) | Enterprise features overview |
+| [Portal SSO](docs/portal/saml-setup.md) | SAML 2.0 SSO configuration |
+| [Portal RBAC](docs/portal/rbac.md) | Role-based access control |
+| [Portal Deployment](docs/portal/deployment.md) | Self-hosted deployment |
+| [Security](docs/security/slsa-provenance.md) | SLSA provenance verification |
+
+---
+
+## CI/CD Status
+
+[![Kekkai Security Scan](https://github.com/kademoslabs/kekkai/actions/workflows/kekkai-pr-scan.yml/badge.svg)](https://github.com/kademoslabs/kekkai/actions/workflows/kekkai-pr-scan.yml)
+[![Docker Image Publish](https://github.com/kademoslabs/kekkai/actions/workflows/docker-publish.yml/badge.svg)](https://github.com/kademoslabs/kekkai/actions/workflows/docker-publish.yml)
+[![Docker Security Scan](https://github.com/kademoslabs/kekkai/actions/workflows/docker-security-scan.yml/badge.svg)](https://github.com/kademoslabs/kekkai/actions/workflows/docker-security-scan.yml)
+[![Cross-Platform Tests](https://github.com/kademoslabs/kekkai/actions/workflows/test-cross-platform.yml/badge.svg)](https://github.com/kademoslabs/kekkai/actions/workflows/test-cross-platform.yml)
+[![Release with SLSA Provenance](https://github.com/kademoslabs/kekkai/actions/workflows/release-slsa.yml/badge.svg)](https://github.com/kademoslabs/kekkai/actions/workflows/release-slsa.yml)
+
+---
+
+## Contributing
+
+We welcome contributions! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+
+---
+
+## License
+
+Apache-2.0 — See [LICENSE](LICENSE) for details.
+
+---
+
+<p align="center"><i>Built by <a href="https://kademos.org">Kademos Labs</a></i></p>

{kekkai_cli-1.0.5.dist-info → kekkai_cli-1.1.1.dist-info}/RECORD

@@ -1,13 +1,25 @@
 kekkai/__init__.py,sha256=_VrBvJRyqHiXs31S8HOhATk_O2iy-ac0_9X7rHH75j8,143
-kekkai/cli.py,sha256=f_IsxjlmzYKwl_x_BNIlVYBnBnSNfKskwclJdGwhWAo,35705
+kekkai/cli.py,sha256=-Kix3HMEsroCgtOLu-QCtPwi7OqOSi3YzXzboT5tGvU,63529
 kekkai/config.py,sha256=LE7bKsmv5dim5KnZya0V7_LtviNQ1V0pMN_6FyAsMpc,13084
-kekkai/dojo.py,sha256=DchLaTnDBwX0D14lTRdCtwql_II8aDEZ0JEq9F-n4MI,15887
-kekkai/dojo_import.py,sha256=oI-vwpLITA7-U2_MxhaTp_PYfr5HqvcFy3VzKsWA6IY,6911
+kekkai/dojo.py,sha256=erLdTMOioTyzVhXYW8xgdbU5Ro-KQx1OcTQN7_zemmY,18634
+kekkai/dojo_import.py,sha256=D0ZQM_0JYHqUqJA3l4nKD-RkpvcOcgj-4zv59HRcQ6k,7274
 kekkai/manifest.py,sha256=Ph5xGDKuVxMW1GVIisRhxUelaiVZQe-W5sZWsq4lHqs,1887
-kekkai/output.py,sha256=x-snLSv4qKG1r4n1cSWzORbqfsAjCov9XfkdXHvU_uA,5572
+kekkai/output.py,sha256=nPKsf3FjWtWf_nHj4HVpgqeZtLpPOtZoLJElVLSyPK4,5500
 kekkai/paths.py,sha256=EcyG3CEOQFQygowu7O5Mp85dKkXWWvnm1h0j_BetGxY,1190
 kekkai/policy.py,sha256=0XCUH-SbnO1PsM-exjSFHYHRnLkiNa50QfkyPakwNko,9792
 kekkai/runner.py,sha256=MBFUiJ4sSVEGNbJ6cv-8p1WHaHqjio6yWEfr_K4GuTs,2037
+kekkai/compliance/__init__.py,sha256=FLcAb9Jr7AWwoesX8m8DlkZjdziVHWAB7iQLKEa4rmQ,1888
+kekkai/compliance/hipaa.py,sha256=-lWOeV0kZcbz7-5o76vW6VIS73vC3WsniLO7QUw-W7E,8470
+kekkai/compliance/mappings.py,sha256=Ky8lGnqvkHn2WpUFmMNg4bHvmtRSPWGHRbcXe9B54kM,4202
+kekkai/compliance/owasp.py,sha256=E0JxaW_w3abc8kBRz0dJohF1871RQY0k8EoJn1tV_Kk,13606
+kekkai/compliance/owasp_agentic.py,sha256=4GgjkiVOZ54ifg9xa_PBwHIanEDYe8WJDRARQGVd_Eg,8940
+kekkai/compliance/pci_dss.py,sha256=rQIhuO-ArcSUfxBs1O-eohMImaA5Q-kOIZoppJGuDwc,7789
+kekkai/compliance/soc2.py,sha256=Cj6UPSU-G1Wit36sa-zkIgLE5jUSV3u56mYKfz6TT-0,7435
+kekkai/fix/__init__.py,sha256=pjYo-9NACM6uX5K5ridTC6U1ZQ4P-arRd4VHbayHWyY,1305
+kekkai/fix/audit.py,sha256=3kch_5mUsMWRSqkhCADnmsQ0OFBJTpj1EiDl3nMXfI0,8747
+kekkai/fix/differ.py,sha256=RA-zQMdX7f8nK5fq7Blz498TghYEKz0c9leq7_bfBVE,13283
+kekkai/fix/engine.py,sha256=iQEP-MIrGUu95zda-ip9Cjj-O7wmK3UXMDsNByblD8M,16860
+kekkai/fix/prompts.py,sha256=oByag-PrQTwWh1FMTflUNIO9y0hr2cQL0zqLyueHu6s,7965
 kekkai/github/__init__.py,sha256=3EQ7LkRqgQwr5uTt7hNvVXLiKTpzE47woc8lZQjy5cE,386
 kekkai/github/commenter.py,sha256=v19pEctYJvUvA7e-t6eOA5dZaNIt16ocCxC92IUxQeM,5906
 kekkai/github/models.py,sha256=baW5prDEVncKrfC8aLoKjaTpPKYtRzZOBOg4Zje3qug,1340
@@ -18,13 +30,19 @@ kekkai/installer/extract.py,sha256=r4wYGCZ7zV2lIki5kns7t9bFRV1fahqOral8Jl7LZcQ,5
 kekkai/installer/manager.py,sha256=FqHTmHvTc2YkWWISvdS1uW7IZV6bHqyEg33TDb4Ldtc,7881
 kekkai/installer/manifest.py,sha256=oZFquI9pUtgtB4ZXontQND5D7m4WzjjJuybhlePk3k4,5544
 kekkai/installer/verify.py,sha256=ThtWfKnjrdx90_XBJclBGiw4yzTFs5HKoFJ0IyVPsMM,2186
+kekkai/report/__init__.py,sha256=TTjXFMAKSboWTLBiQ_kkarfneHwNY4nsjjXfjtRn5Ag,1036
+kekkai/report/compliance_matrix.py,sha256=WOz7Fr6Hkfl7agY2DKea7Ir0z6PtC2qT0RQgfUy_A_Q,3305
+kekkai/report/generator.py,sha256=E1hMqUm_tB1jFLa6yWQFytukl4w-LIgTQ9gsA1LpCsc,11893
+kekkai/report/html.py,sha256=6VJoyW08qPUWotzA0pDoO3s1Ll8E-2ypA7ldwBD_Pig,2363
+kekkai/report/pdf.py,sha256=zGwfEQo6419MpNz2TeB5sgLG_bsLsok0v6ellCMd0FA,1751
+kekkai/report/unified.py,sha256=2MaqwTuNRAQtGl-CtSXmsaxSLjuxh7aN1kTe7eD0mRM,6623
 kekkai/scanners/__init__.py,sha256=uKJqnBgcf47eJlDB3mvHpLsobR6M6N6uO2L0Dor1MaE,1552
 kekkai/scanners/base.py,sha256=uy7HgOaQxNcp6-X1gfXAecSYpKXaEsuVeluf6SwkbwM,2678
-kekkai/scanners/container.py,sha256=OhD0Meld_Zm4YcTuON91kx08Cj5h4R1FR0ABGbx7kQI,4197
+kekkai/scanners/container.py,sha256=A_qBZkUNVAowWeEQUVn8VPW4obRM8KtOk9rSqX7GQUA,5328
 kekkai/scanners/falco.py,sha256=Y0kjg9QArIZnXw8Q-EEZv8o7iUOehOY3jTKh3AMR1yU,7384
-kekkai/scanners/gitleaks.py,sha256=8hRWXsH_EMhkqGcP2AtJdaMWHmQa91XdG2oVnq8g-kI,7159
-kekkai/scanners/semgrep.py,sha256=v4RDV_mHv1UXqdhV7FSyQUCu0EUCOoERGzDVowqwgVA,6758
-kekkai/scanners/trivy.py,sha256=E0B31eomyNF0k3ULnDkqfFoQM54UtrIIFPm3jqgE9VA,7788
+kekkai/scanners/gitleaks.py,sha256=grm15elwFl9rtPFHImowxUTA72qnR24pqPIBIoujebY,7285
+kekkai/scanners/semgrep.py,sha256=0qE3F6kwfxvd3PsYqXBF2NCqz15IY4f3ZS9i3eQiEDE,6756
+kekkai/scanners/trivy.py,sha256=D8l7BnGc2GUKI2ykr7lTRmRXYM5W1rt0yOWD6CHS05w,7786
 kekkai/scanners/url_policy.py,sha256=0V4ESDd2R1MSyI1bs_WtFZxZpKX33O154qFIrD6uk5U,5209
 kekkai/scanners/zap.py,sha256=64NHzM-GF3oOV4UZ_W9N2v55mz91FPPg_k6hgcwlX1I,10932
 kekkai/scanners/backends/__init__.py,sha256=Rdo17FeCPGTI-1QeKtBSkg4NrW26RnvX9vgzdsxY5fg,372
@@ -36,14 +54,15 @@ kekkai/threatflow/artifacts.py,sha256=8h3IGk798U4Wkco4x0uKgzUsZCh7VfTOufwrxs7rTT
 kekkai/threatflow/chunking.py,sha256=0FNVnaQoU3FEmtjYHVaiLsKBSzHx6Vo4oozVwwWkOHM,9981
 kekkai/threatflow/core.py,sha256=CYLUI38n30zEq3DbUNI_H9mqBwwlPoL7TtFOiiwC3wI,15421
 kekkai/threatflow/mermaid.py,sha256=Brp-x-LUHMRjC7OBh4Vxzlk3NeCcdmWfWXlv7WL1ZdE,11579
-kekkai/threatflow/model_adapter.py,sha256=xqVPYc0rDys5RgvqJwR2VULJyzx8eToLQsOtKO1fKRE,15394
+kekkai/threatflow/model_adapter.py,sha256=Vl0wBWvBUxEGTmFghjwpp-N7Zt3qkpUSxrPVjKC5QgA,20647
 kekkai/threatflow/prompts.py,sha256=lgbj7FJ1c3UYj4ofGnlLoRmywYBfdAKY0QEHmIB_JFw,8525
 kekkai/threatflow/redaction.py,sha256=mGUcNQB6YPVKArtMrEYcXCWslgUiCkloiowY9IlZ1iY,7622
 kekkai/threatflow/sanitizer.py,sha256=uQsxYZ5VDXutZoj-WMl7fo5T07uHuQZqgVzoVMoaKec,22688
-kekkai/triage/__init__.py,sha256=5La5HUnO6ehoUoRbOfZ_QvRj0U4ud4W2o79oraBhpCg,798
+kekkai/triage/__init__.py,sha256=gYf4XPIYZTthU0Q0kaptbgMKulkjLxWQWG0HQvtlu-o,2182
 kekkai/triage/app.py,sha256=MU2tBI50d8sOdDKESGNrWYiREG9bBtrSccaMoiMv5gM,5027
 kekkai/triage/audit.py,sha256=UVaSKKC6tZkHxEoMcnIZkMOT_ngj7QzHWYuDAHas_sc,5842
 kekkai/triage/ignore.py,sha256=uBKM7zKyzORj9LJ5AAnoYWZQTRy57P0ZofSapiDWcfI,7305
+kekkai/triage/loader.py,sha256=vywhS8fcre7PiBX3H2CpKXFxzvO7LcDnIHIB0kzG3R4,5850
 kekkai/triage/models.py,sha256=nRmWtELMqHWHX1NqZ2upH2ZAJVeBxa3Wh8f3kkB9WYo,5384
 kekkai/triage/screens.py,sha256=6eEiHvuuS_gGESS_K3NjPiQx8G7CR18-j9upU1p5nRg,11004
 kekkai/triage/widgets.py,sha256=eOF6Qoo5uBqjxiEkbpgcO1tbIOGBQBKn75wP9Jw_AaE,4733
@@ -65,26 +84,8 @@ kekkai_core/windows/chocolatey.py,sha256=tF5S5eN-HeENRt6yQ4TZgwng0oRMX_ScskQ3-eb
 kekkai_core/windows/installer.py,sha256=MePAywHH3JTIAENv52XtkUMOGqmYqZqkH77VW5PST8o,6945
 kekkai_core/windows/scoop.py,sha256=lvothICrAoB3lGfkvhqVeNTB50eMmVGA0BE7JNCfHdI,5284
 kekkai_core/windows/validators.py,sha256=45xUuAbHcKc0WLIZ-0rByPeDD88MAV8KvopngyYBHpQ,6525
-portal/__init__.py,sha256=vLjCqUgIqzHbT-oIMMWuWQ-lDA5jvuOOEa9qdBRLcIY,507
-portal/api.py,sha256=4_hQwkUnP8P3EjCdB5Tb7uRcuH3H7M6GxTvwTTmhLv4,4066
-portal/auth.py,sha256=4K_Ya9W_2sZl2MF0FNVr9QASjTOKAO3CMdgGUuYbb9s,3102
-portal/tenants.py,sha256=91SOqzjGefcHXodfN8LIHER8boeSB-Jb-WoHPTWI5GI,11394
-portal/uploads.py,sha256=WhosreaTKFYHNKXW9F4jOmB_OwUl1YGtT5DeaXnRMqk,7352
-portal/web.py,sha256=nW9ShBI18TitVFxaN0OmGgqtMdUnv5UPZcBMT12VuvM,14173
-portal/enterprise/__init__.py,sha256=djxFlSUZ5-YwhT9SXJsAOaD1rRHDL14BXigh6l4WDC4,763
-portal/enterprise/audit.py,sha256=VTm-M4gVKOxcBREqIJBs4r5wyqqqf1eCOsHi3FFiDcI,13772
-portal/enterprise/licensing.py,sha256=M8PFfE_v73UJL6Lfr4qhqfAGrvtJyPwDPb4SMRMGfV0,11002
-portal/enterprise/rbac.py,sha256=vrZoyIVmWM0C90CIgZaprwqhiDbAM-ggNNg36Zu-5lU,8548
-portal/enterprise/saml.py,sha256=TXHBbILI7qMe0ertcFPnuSUSPbJzEeBiHmZzhY9-Ix8,20367
-portal/ops/__init__.py,sha256=ZyEYmFM_4LFWfQfgp9Kh2vqmolSjVKFdk1vX1vkhjqc,1391
-portal/ops/backup.py,sha256=eLUnZcUtS0svEoagb0jQQmT7TcAGjBA3fUlM2YoCfLg,20102
-portal/ops/log_shipper.py,sha256=Age3YfvsJ5YWrPQYdHELr4Qa9jJCATHiwv3Q-rMJwJs,15237
-portal/ops/monitoring.py,sha256=xhLbKjVaob709K4x0dEsOo4lh7Ddm2A4UE2ZmhfmMtI,17908
-portal/ops/restore.py,sha256=rgzKoBIilgoPPv5gZhSSBuLKG1skKw5ryoCRR3d7CPQ,17058
-portal/ops/secrets.py,sha256=wu2bUfJGctbGjyuGUgvUc_Y6IH1SCW16dExtqcKu_kg,14338
-portal/ops/upgrade.py,sha256=fXsIXCJYYABdWDECDXkt7F2PidzNtO6Zr-g0Y5PLlVU,20106
-kekkai_cli-1.0.5.dist-info/METADATA,sha256=S6I2wrKWDsKlwRR6ZEmEcFbFj7SAC3nMbzzeRmivHG0,3652
-kekkai_cli-1.0.5.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-kekkai_cli-1.0.5.dist-info/entry_points.txt,sha256=WUEX6IISnRcwlQAdhisPfIIV3Us2MYCwtJoyPpLJO44,75
-kekkai_cli-1.0.5.dist-info/top_level.txt,sha256=u0J4T-Rnb0cgs0LfzZAUNt6nx1d5l7wKn8vOuo9FBEY,26
-kekkai_cli-1.0.5.dist-info/RECORD,,
+kekkai_cli-1.1.1.dist-info/METADATA,sha256=_Wt5_uAwnvnEK-Hmc7RxwZozkiwU_6JpLFD_xTpgDTM,11667
+kekkai_cli-1.1.1.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+kekkai_cli-1.1.1.dist-info/entry_points.txt,sha256=MBV1OIfxJmT2oJvzeeFKIH1eh8M9kKAn7JqFBeuMfWA,43
+kekkai_cli-1.1.1.dist-info/top_level.txt,sha256=wWwh7GGPaUjcaCRmt70ueL3WQoQbeGa5L0T0hgOh-MY,19
+kekkai_cli-1.1.1.dist-info/RECORD,,

{kekkai_cli-1.0.5.dist-info → kekkai_cli-1.1.1.dist-info}/entry_points.txt

@@ -1,3 +1,2 @@
 [console_scripts]
 kekkai = kekkai.cli:main
-kekkai-portal = portal.web:main

{kekkai_cli-1.0.5.dist-info → kekkai_cli-1.1.1.dist-info}/top_level.txt

@@ -1,3 +1,2 @@
 kekkai
 kekkai_core
-portal