PyPI - kekkai-cli - Versions diffs - 2.0.0__tar.gz → 2.2.0__tar.gz - Mend

kekkai-cli 2.0.0tar.gz → 2.2.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (147) hide show

{kekkai_cli-2.0.0 → kekkai_cli-2.2.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: kekkai-cli
-Version: 2.0.0
+Version: 2.2.0
 Summary: Terminal UI for Trivy/Semgrep/Gitleaks. Local-first security triage.
 Requires-Python: >=3.12
 Description-Content-Type: text/markdown
@@ -8,30 +8,32 @@ Requires-Dist: rich>=13.0.0
 Requires-Dist: jsonschema>=4.20.0
 Requires-Dist: textual>=0.50.0
 Requires-Dist: httpx>=0.24.0
+Requires-Dist: jinja2>=3.1.6
 <p align="center">
   <img src="https://raw.githubusercontent.com/kademoslabs/assets/main/logos/kekkai-slim.png" alt="Kekkai CLI Logo" width="250"/>
 </p>
-<p align="center"><strong>Stop parsing JSON. Security triage in your terminal.</strong></p>
+<p align="center"><strong>Interactive security triage in the terminal.</strong></p>
 <p align="center">
   <img src="https://img.shields.io/github/actions/workflow/status/kademoslabs/kekkai/docker-publish.yml?logo=github"/>
   <img src="https://img.shields.io/circleci/build/github/kademoslabs/kekkai?logo=circleci"/>
-  <img src="https://img.shields.io/pypi/v/kekkai-cli?pypiBaseUrl=https%3A%2F%2Fpypi.org&logo=pypi"/>
+  <img alt="PyPI - Version" src="https://img.shields.io/pypi/v/kekkai-cli">
 </p>
 ---
 # Kekkai
-**Interactive security triage in the terminal.**
+**Stop parsing JSON.**
 Kekkai is a small open-source CLI that wraps existing security scanners (Trivy, Semgrep, Gitleaks) and focuses on the part that tends to be slow and frustrating: reviewing and triaging results.
 Running scanners is easy. Interpreting noisy output, dealing with false positives, and making CI usable is not. Kekkai exists to make that part tolerable..
-![Hero GIF](https://raw.githubusercontent.com/kademoslabs/assets/main/screenshots/kekkai-start.gif)
+![Hero GIF](https://raw.githubusercontent.com/kademoslabs/assets/main/screenshots/kekkai.gif)
 ---
@@ -72,6 +74,17 @@ kekkai triage
 # Interactive TUI to review findings with keyboard navigation
 ```
+### ⚡️ Auto-Install (Pre-commit)
+Add this to your `.pre-commit-config.yaml` to scan on every commit:
+```yaml
+  - repo: [https://github.com/kademoslabs/kekkai](https://github.com/kademoslabs/kekkai)
+    rev: v2.0.1
+    hooks:
+      - id: kekkai-scan
+```
 No signup, no cloud service required.
 ---
@@ -107,40 +120,17 @@ kekkai triage
 - `Ctrl+S`: Save decisions
 - `q`: Quit
-<!-- Screenshot placeholder: ![Triage TUI](https://raw.githubusercontent.com/kademoslabs/assets/main/screenshots/triage-tui.png) -->
+![Triage TUI](https://raw.githubusercontent.com/kademoslabs/assets/main/screenshots/kekkai-triage.png)
 [Full Triage Documentation →](docs/triage/README.md)
 ---
-### CI/CD Policy Gate
-Break builds on severity thresholds.
-Kekkai can be used as a CI gate based on severity thresholds.
+### 🚦 CI/CD in 1 Second
+Don't write YAML. Run this in your repo:
 ```bash
-# Fail on any critical or high findings
-kekkai scan --ci --fail-on high
-# Fail only on critical
-kekkai scan --ci --fail-on critical
-```
-**Exit Codes:**
-| Code | Meaning |
-|------|---------|
-| 0 | No findings above threshold |
-| 1 | Findings exceed threshold |
-| 2 | Scanner error |
-**GitHub Actions Example:**
-```yaml
-- name: Security Scan
-  run: |
-    pipx install kekkai-cli
-    kekkai scan --ci --fail-on high
+kekkai init --ci
 ```
 [Full CI Documentation →](docs/ci/ci-mode.md)

{kekkai_cli-2.0.0 → kekkai_cli-2.2.0}/README.md RENAMED Viewed

@@ -2,25 +2,26 @@
   <img src="https://raw.githubusercontent.com/kademoslabs/assets/main/logos/kekkai-slim.png" alt="Kekkai CLI Logo" width="250"/>
 </p>
-<p align="center"><strong>Stop parsing JSON. Security triage in your terminal.</strong></p>
+<p align="center"><strong>Interactive security triage in the terminal.</strong></p>
 <p align="center">
   <img src="https://img.shields.io/github/actions/workflow/status/kademoslabs/kekkai/docker-publish.yml?logo=github"/>
   <img src="https://img.shields.io/circleci/build/github/kademoslabs/kekkai?logo=circleci"/>
-  <img src="https://img.shields.io/pypi/v/kekkai-cli?pypiBaseUrl=https%3A%2F%2Fpypi.org&logo=pypi"/>
+  <img alt="PyPI - Version" src="https://img.shields.io/pypi/v/kekkai-cli">
 </p>
 ---
 # Kekkai
-**Interactive security triage in the terminal.**
+**Stop parsing JSON.**
 Kekkai is a small open-source CLI that wraps existing security scanners (Trivy, Semgrep, Gitleaks) and focuses on the part that tends to be slow and frustrating: reviewing and triaging results.
 Running scanners is easy. Interpreting noisy output, dealing with false positives, and making CI usable is not. Kekkai exists to make that part tolerable..
-![Hero GIF](https://raw.githubusercontent.com/kademoslabs/assets/main/screenshots/kekkai-start.gif)
+![Hero GIF](https://raw.githubusercontent.com/kademoslabs/assets/main/screenshots/kekkai.gif)
 ---
@@ -61,6 +62,17 @@ kekkai triage
 # Interactive TUI to review findings with keyboard navigation
 ```
+### ⚡️ Auto-Install (Pre-commit)
+Add this to your `.pre-commit-config.yaml` to scan on every commit:
+```yaml
+  - repo: [https://github.com/kademoslabs/kekkai](https://github.com/kademoslabs/kekkai)
+    rev: v2.0.1
+    hooks:
+      - id: kekkai-scan
+```
 No signup, no cloud service required.
 ---
@@ -96,40 +108,17 @@ kekkai triage
 - `Ctrl+S`: Save decisions
 - `q`: Quit
-<!-- Screenshot placeholder: ![Triage TUI](https://raw.githubusercontent.com/kademoslabs/assets/main/screenshots/triage-tui.png) -->
+![Triage TUI](https://raw.githubusercontent.com/kademoslabs/assets/main/screenshots/kekkai-triage.png)
 [Full Triage Documentation →](docs/triage/README.md)
 ---
-### CI/CD Policy Gate
-Break builds on severity thresholds.
-Kekkai can be used as a CI gate based on severity thresholds.
+### 🚦 CI/CD in 1 Second
+Don't write YAML. Run this in your repo:
 ```bash
-# Fail on any critical or high findings
-kekkai scan --ci --fail-on high
-# Fail only on critical
-kekkai scan --ci --fail-on critical
-```
-**Exit Codes:**
-| Code | Meaning |
-|------|---------|
-| 0 | No findings above threshold |
-| 1 | Findings exceed threshold |
-| 2 | Scanner error |
-**GitHub Actions Example:**
-```yaml
-- name: Security Scan
-  run: |
-    pipx install kekkai-cli
-    kekkai scan --ci --fail-on high
+kekkai init --ci
 ```
 [Full CI Documentation →](docs/ci/ci-mode.md)

{kekkai_cli-2.0.0 → kekkai_cli-2.2.0}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [project]
 name = "kekkai-cli"
-version = "2.0.0"
+version = "2.2.0"
 description = "Terminal UI for Trivy/Semgrep/Gitleaks. Local-first security triage."
 readme = "README.md"
 requires-python = ">=3.12"
@@ -9,6 +9,7 @@ dependencies = [
     "jsonschema>=4.20.0",
     "textual>=0.50.0",
     "httpx>=0.24.0",
+    "jinja2>=3.1.6",
 ]
 [project.scripts]
@@ -20,7 +21,7 @@ line-length = 100
 extend-exclude = ["dist", "build", ".venv"]
 lint.select = ["E", "F", "I", "B", "UP", "S", "SIM"]
 lint.ignore = ["S101"]  # allow asserts in tests
-lint.per-file-ignores = { "tests/**" = ["S"], "src/kekkai_core/docker/**" = ["S603"], "src/kekkai_core/slsa/**" = ["S603", "S607"], "src/kekkai/github/**" = ["S105"] }
+lint.per-file-ignores = { "tests/**" = ["S", "SIM117"], "src/kekkai_core/docker/**" = ["S603"], "src/kekkai_core/slsa/**" = ["S603", "S607"], "src/kekkai/github/**" = ["S105"] }
 [tool.mypy]
 python_version = "3.12"

{kekkai_cli-2.0.0 → kekkai_cli-2.2.0}/src/kekkai/cli.py RENAMED Viewed

@@ -221,6 +221,17 @@ def main(argv: Sequence[str] | None = None) -> int:
         type=str,
         help="Path for .kekkaiignore output (default: .kekkaiignore)",
     )
+    triage_parser.add_argument(
+        "--repo",
+        type=str,
+        help="Repository root path (default: auto-detect from run.json)",
+    )
+    triage_parser.add_argument(
+        "--context-lines",
+        type=int,
+        default=10,
+        help="Context lines before/after line (default: 10, range: 5-100)",
+    )
     # Fix subcommand - AI-powered remediation
     fix_parser = subparsers.add_parser("fix", help="generate AI-powered code fixes for findings")
@@ -1186,6 +1197,11 @@ def _command_triage(parsed: argparse.Namespace) -> int:
     input_path_str = cast(str | None, getattr(parsed, "input", None))
     output_path_str = cast(str | None, getattr(parsed, "output", None))
+    repo_path_str = cast(str | None, getattr(parsed, "repo", None))
+    context_lines = cast(int, getattr(parsed, "context_lines", 10))
+    # Validate context_lines range
+    context_lines = max(5, min(100, context_lines))
     # Default to latest run if no input specified
     if not input_path_str:
@@ -1232,7 +1248,36 @@ def _command_triage(parsed: argparse.Namespace) -> int:
     console.print(f"[info]Loaded {len(findings)} finding(s)[/info]\n")
-    return run_triage(findings=findings, output_path=output_path)
+    # Auto-detect repo_path from run.json if not explicitly provided
+    repo_path: Path | None = None
+    if repo_path_str:
+        repo_path = Path(repo_path_str).expanduser().resolve()
+    elif input_path.is_dir():
+        # Try to read repo_path from run.json
+        manifest_path = input_path / "run.json"
+        if manifest_path.exists():
+            try:
+                import json
+                with manifest_path.open() as f:
+                    manifest_data = json.load(f)
+                stored_repo = manifest_data.get("repo_path")
+                if stored_repo:
+                    repo_path = Path(stored_repo).expanduser().resolve()
+                    console.print(f"[dim]Using repo path from run metadata: {repo_path}[/dim]\n")
+            except (OSError, json.JSONDecodeError, KeyError):
+                pass
+    # Fall back to current directory if still not set
+    if repo_path is None:
+        repo_path = Path.cwd()
+    return run_triage(
+        findings=findings,
+        output_path=output_path,
+        repo_path=repo_path,
+        context_lines=context_lines,
+    )
 def _command_fix(parsed: argparse.Namespace) -> int:

{kekkai_cli-2.0.0 → kekkai_cli-2.2.0}/src/kekkai/output.py RENAMED Viewed

@@ -57,7 +57,7 @@ BANNER_ASCII = r"""
 /_/\_\\___/_/\_/_/\_\\_,_/_/
 """
-VERSION = "2.0.0"
+VERSION = "2.2.0"
 def print_dashboard() -> None:

{kekkai_cli-2.0.0 → kekkai_cli-2.2.0}/src/kekkai/triage/__init__.py RENAMED Viewed

@@ -29,6 +29,8 @@ def run_triage(
     input_path: Path | None = None,
     output_path: Path | None = None,
     findings: Sequence[FindingEntry] | None = None,
+    repo_path: Path | None = None,
+    context_lines: int = 10,
 ) -> int:
     """Run the triage TUI (lazy import).
@@ -36,6 +38,8 @@ def run_triage(
         input_path: Path to findings JSON file.
         output_path: Path for .kekkaiignore output.
         findings: Pre-loaded findings (alternative to input_path).
+        repo_path: Repository root path for code context display.
+        context_lines: Number of lines to show before/after vulnerable line.
     Returns:
         Exit code (0 for success).
@@ -50,6 +54,8 @@ def run_triage(
             input_path=input_path,
             output_path=output_path,
             findings=findings,
+            repo_path=repo_path,
+            context_lines=context_lines,
         )
     except ImportError as e:
         raise RuntimeError(

{kekkai_cli-2.0.0 → kekkai_cli-2.2.0}/src/kekkai/triage/app.py RENAMED Viewed

@@ -51,6 +51,8 @@ class TriageApp(App[None]):
         input_path: Path | None = None,
         output_path: Path | None = None,
         audit_path: Path | None = None,
+        repo_path: Path | None = None,
+        context_lines: int = 10,
     ) -> None:
         """Initialize triage application.
@@ -59,6 +61,8 @@ class TriageApp(App[None]):
             input_path: Path to findings JSON file.
             output_path: Path for .kekkaiignore output.
             audit_path: Path for audit log.
+            repo_path: Repository root path for code context display.
+            context_lines: Number of lines to show before/after vulnerable line.
         """
         super().__init__()
         self._input_path = input_path
@@ -66,6 +70,8 @@ class TriageApp(App[None]):
         self.ignore_file = IgnoreFile(output_path)
         self.audit_log = TriageAuditLog(audit_path)
         self._decisions: dict[str, TriageDecision] = {}
+        self.repo_path = repo_path or Path.cwd()
+        self.context_lines = context_lines
     @property
     def findings(self) -> list[FindingEntry]:
@@ -148,6 +154,8 @@ def run_triage(
     input_path: Path | None = None,
     output_path: Path | None = None,
     findings: Sequence[FindingEntry] | None = None,
+    repo_path: Path | None = None,
+    context_lines: int = 10,
 ) -> int:
     """Run the triage TUI.
@@ -155,6 +163,8 @@ def run_triage(
         input_path: Path to findings JSON file.
         output_path: Path for .kekkaiignore output.
         findings: Pre-loaded findings (alternative to input_path).
+        repo_path: Repository root path for code context display.
+        context_lines: Number of lines to show before/after vulnerable line.
     Returns:
         Exit code (0 for success).
@@ -163,6 +173,8 @@ def run_triage(
         findings=findings,
         input_path=input_path,
         output_path=output_path,
+        repo_path=repo_path,
+        context_lines=context_lines,
     )
     app.run()
     return 0

kekkai-cli 2.0.0__tar.gz → 2.2.0__tar.gz

kekkai-cli 2.0.0tar.gz → 2.2.0tar.gz