licit-ai-cli 0.1.0__py3-none-any.whl

licit/__init__.py

@@ -0,0 +1,3 @@
+"""licit — Regulatory compliance for AI-powered development teams."""
+
+__version__ = "0.1.0"

licit/__main__.py

@@ -0,0 +1,5 @@
+"""Allow running licit as a module: python -m licit."""
+
+from licit.cli import main
+
+main()

licit/cli.py

@@ -0,0 +1,555 @@
+"""licit CLI — regulatory compliance for AI-powered development teams."""
+
+from __future__ import annotations
+
+import sys
+from pathlib import Path
+from typing import Any
+
+import click
+import structlog
+
+from licit import __version__
+from licit.config.loader import load_config, save_config
+from licit.config.schema import FrameworkConfig, LicitConfig
+from licit.core.evidence import EvidenceCollector
+from licit.core.models import ComplianceStatus, ControlResult
+from licit.core.project import ProjectDetector
+from licit.logging.setup import setup_logging
+
+logger = structlog.get_logger()
+
+
+@click.group()
+@click.version_option(version=__version__)
+@click.option("--config", "config_path", type=click.Path(), help="Path to .licit.yaml")
+@click.option("--verbose", "-v", is_flag=True, help="Verbose output")
+@click.pass_context
+def main(ctx: click.Context, config_path: str | None, verbose: bool) -> None:
+    """licit — Regulatory compliance for AI-powered development teams."""
+    setup_logging(verbose)
+    ctx.ensure_object(dict)
+    ctx.obj["config_path"] = config_path
+    ctx.obj["verbose"] = verbose
+
+
+@main.command()
+@click.option(
+    "--framework",
+    type=click.Choice(["eu-ai-act", "owasp", "all"]),
+    default="all",
+    help="Pre-configure for a specific framework",
+)
+@click.pass_context
+def init(ctx: click.Context, framework: str) -> None:
+    """Initialize licit in the current project.
+
+    Detects project characteristics, creates .licit.yaml,
+    and sets up the .licit/ directory.
+
+    Examples:
+      licit init
+      licit init --framework eu-ai-act
+    """
+    root = str(Path.cwd())
+    detector = ProjectDetector()
+    context = detector.detect(root)
+
+    click.echo(f"\n  Project: {context.name}")
+    click.echo(f"  Languages: {', '.join(context.languages) or 'none detected'}")
+    click.echo(f"  Agent configs: {len(context.agent_configs)} detected")
+    click.echo(f"  CI/CD: {context.cicd.platform}")
+    click.echo(f"  Testing: {context.test_framework or 'none detected'}")
+
+    tools: list[str] = []
+    if context.security.has_vigil:
+        tools.append("vigil")
+    if context.security.has_semgrep:
+        tools.append("semgrep")
+    if context.security.has_snyk:
+        tools.append("snyk")
+    click.echo(f"  Security tools: {', '.join(tools) if tools else 'none detected'}")
+
+    if context.agent_configs:
+        click.echo("\n  Agent configurations found:")
+        for cfg in context.agent_configs:
+            click.echo(f"    - {cfg.path} ({cfg.agent_type})")
+
+    # Build config
+    config = LicitConfig()
+    if framework == "eu-ai-act":
+        config.frameworks = FrameworkConfig(eu_ai_act=True, owasp_agentic=False)
+    elif framework == "owasp":
+        config.frameworks = FrameworkConfig(eu_ai_act=False, owasp_agentic=True)
+
+    # Auto-configure connectors
+    if context.has_architect:
+        config.connectors.architect.enabled = True
+        if context.architect_config_path:
+            config.connectors.architect.config_path = context.architect_config_path
+    if context.security.has_vigil:
+        config.connectors.vigil.enabled = True
+
+    config_file = save_config(config, ctx.obj.get("config_path"))
+
+    # Create .licit directory
+    (Path(root) / ".licit").mkdir(exist_ok=True)
+
+    click.echo(f"\n  Created {config_file.name}")
+    click.echo("  Created .licit/ directory")
+    click.echo("\n  Next steps:")
+    click.echo("    licit trace          Track code provenance")
+    click.echo("    licit fria           Complete FRIA assessment")
+    click.echo("    licit report         Generate compliance report")
+    click.echo("    licit gaps           Check compliance gaps")
+
+
+@main.command()
+@click.option("--since", help="Analyze commits since date (YYYY-MM-DD) or tag")
+@click.option("--report", "gen_report", is_flag=True, help="Generate provenance report")
+@click.option("--stats", is_flag=True, help="Show provenance statistics")
+@click.pass_context
+def trace(ctx: click.Context, since: str | None, gen_report: bool, stats: bool) -> None:
+    """Track code provenance — who (human/AI) wrote what.
+
+    Analyzes git history to infer which code was generated by AI agents.
+    Results are stored in .licit/provenance.jsonl.
+
+    Examples:
+      licit trace                     Analyze full git history
+      licit trace --since 2026-01-01  Analyze since January 2026
+      licit trace --stats             Show provenance statistics
+      licit trace --report            Generate full provenance report
+    """
+    config = load_config(ctx.obj.get("config_path"))
+
+    if stats:
+        from licit.provenance.store import ProvenanceStore  # type: ignore[import-not-found]
+
+        store: Any = ProvenanceStore(config.provenance.store_path)
+        s: dict[str, Any] = store.get_stats()
+        click.echo("\n  Provenance Statistics")
+        click.echo(f"  {'─' * 40}")
+        click.echo(f"  Total files tracked: {s['total_files']}")
+        click.echo(f"  AI-generated:        {s['ai_files']} ({s['ai_percentage']:.1f}%)")
+        click.echo(f"  Human-written:       {s['human_files']}")
+        click.echo(f"  Mixed:               {s.get('mixed_files', 0)}")
+        return
+
+    click.echo("  Analyzing git history for AI provenance...")
+
+    from licit.provenance.tracker import ProvenanceTracker  # type: ignore[import-not-found]
+
+    root = str(Path.cwd())
+    tracker: Any = ProvenanceTracker(root, config.provenance)
+    records: list[Any] = tracker.analyze(since=since)
+
+    ai_count = sum(1 for r in records if r.source == "ai")
+    human_count = sum(1 for r in records if r.source == "human")
+    click.echo(f"  Analyzed {len(records)} file records")
+    click.echo(f"  AI-generated: {ai_count} files")
+    click.echo(f"  Human-written: {human_count} files")
+
+    if gen_report:
+        from licit.provenance.report import (  # type: ignore[import-not-found]
+            generate_provenance_report,
+        )
+
+        report_path = ".licit/provenance-report.md"
+        generate_provenance_report(records, report_path)
+        click.echo(f"  Report saved to: {report_path}")
+
+
+@main.command()
+@click.option("--since", help="Show changes since date or tag")
+@click.option(
+    "--format",
+    "fmt",
+    type=click.Choice(["markdown", "json"]),
+    default="markdown",
+)
+@click.pass_context
+def changelog(ctx: click.Context, since: str | None, fmt: str) -> None:
+    """Generate changelog of agent configuration changes.
+
+    Monitors CLAUDE.md, .cursorrules, AGENTS.md, architect config,
+    and other agent configuration files for changes across git history.
+
+    Examples:
+      licit changelog
+      licit changelog --since v1.0.0
+      licit changelog --format json
+    """
+    config = load_config(ctx.obj.get("config_path"))
+    root = str(Path.cwd())
+
+    from licit.changelog.classifier import ChangeClassifier  # type: ignore[import-not-found]
+    from licit.changelog.renderer import ChangelogRenderer  # type: ignore[import-not-found]
+    from licit.changelog.watcher import ConfigWatcher  # type: ignore[import-not-found]
+
+    watcher: Any = ConfigWatcher(root, config.changelog.watch_files)
+    history: dict[str, list[Any]] = watcher.get_config_history(since=since)
+
+    if not history:
+        click.echo("  No agent configuration changes found.")
+        return
+
+    classifier: Any = ChangeClassifier()
+    all_changes: list[Any] = []
+    for file_path, snapshots in history.items():
+        for i in range(len(snapshots) - 1):
+            changes = classifier.classify_changes(
+                old_content=snapshots[i + 1].content,
+                new_content=snapshots[i].content,
+                file_path=file_path,
+                commit_sha=snapshots[i].commit_sha,
+            )
+            all_changes.extend(changes)
+
+    renderer: Any = ChangelogRenderer()
+    output: str = renderer.render(all_changes, fmt=fmt)
+
+    output_path = config.changelog.output_path
+    Path(output_path).parent.mkdir(parents=True, exist_ok=True)
+    Path(output_path).write_text(output, encoding="utf-8")
+
+    click.echo(output)
+    click.echo(f"\n  Changelog saved to {output_path}")
+
+
+@main.command()
+@click.option("--update", is_flag=True, help="Update existing FRIA")
+@click.pass_context
+def fria(ctx: click.Context, update: bool) -> None:
+    """Complete the Fundamental Rights Impact Assessment (Art. 27).
+
+    Interactive questionnaire that generates a FRIA document.
+    Auto-detects answers from project configuration where possible.
+
+    Examples:
+      licit fria             Start new FRIA
+      licit fria --update    Update existing FRIA
+    """
+    root = str(Path.cwd())
+    config = load_config(ctx.obj.get("config_path"))
+    detector = ProjectDetector()
+    context = detector.detect(root)
+    evidence = EvidenceCollector(root, context).collect()
+
+    from licit.frameworks.eu_ai_act.fria import FRIAGenerator  # type: ignore[import-not-found]
+
+    generator: Any = FRIAGenerator(context, evidence)
+
+    if update and Path(config.fria.data_path).exists():
+        import json
+
+        existing = json.loads(Path(config.fria.data_path).read_text(encoding="utf-8"))
+        click.echo("  Updating existing FRIA...")
+        responses: dict[str, Any] = generator.run_interactive()
+        for key, value in existing.items():
+            if key not in responses or not responses[key]:
+                responses[key] = value
+    else:
+        responses = generator.run_interactive()
+
+    generator.save_data(responses, config.fria.data_path)
+    generator.generate_report(responses, config.fria.output_path)
+
+    click.echo(f"\n  FRIA data saved to: {config.fria.data_path}")
+    click.echo(f"  FRIA report saved to: {config.fria.output_path}")
+
+
+@main.command("annex-iv")
+@click.option("--organization", help="Organization name")
+@click.option("--product", help="Product name")
+@click.pass_context
+def annex_iv(ctx: click.Context, organization: str | None, product: str | None) -> None:
+    """Generate Annex IV Technical Documentation.
+
+    Auto-populates from project metadata (pyproject.toml, package.json,
+    CI/CD configs, agent configs, test frameworks).
+
+    Examples:
+      licit annex-iv
+      licit annex-iv --organization "ACME Corp" --product "WebApp"
+    """
+    root = str(Path.cwd())
+    config = load_config(ctx.obj.get("config_path"))
+    detector = ProjectDetector()
+    context = detector.detect(root)
+    evidence = EvidenceCollector(root, context).collect()
+
+    from licit.frameworks.eu_ai_act.annex_iv import (  # type: ignore[import-not-found]
+        AnnexIVGenerator,
+    )
+
+    generator: Any = AnnexIVGenerator(context, evidence)
+
+    org = organization or config.annex_iv.organization or context.name
+    prod = product or config.annex_iv.product_name or context.name
+
+    generator.generate(
+        output_path=config.annex_iv.output_path,
+        organization=org,
+        product_name=prod,
+    )
+
+    click.echo(f"\n  Annex IV documentation saved to: {config.annex_iv.output_path}")
+
+
+@main.command()
+@click.option(
+    "--framework",
+    type=click.Choice(["eu-ai-act", "owasp", "all"]),
+    default="all",
+)
+@click.option(
+    "--format",
+    "fmt",
+    type=click.Choice(["markdown", "json", "html"]),
+    default="markdown",
+)
+@click.option("--output", "-o", type=click.Path(), help="Output file path")
+@click.pass_context
+def report(ctx: click.Context, framework: str, fmt: str, output: str | None) -> None:
+    """Generate unified compliance report.
+
+    Evaluates project against configured frameworks and generates
+    a report with evidence, status, and recommendations.
+
+    Examples:
+      licit report
+      licit report --framework eu-ai-act
+      licit report --format json -o compliance.json
+      licit report --format html -o compliance.html
+    """
+    root = str(Path.cwd())
+    config = load_config(ctx.obj.get("config_path"))
+    detector = ProjectDetector()
+    context = detector.detect(root)
+    evidence = EvidenceCollector(root, context).collect()
+
+    from licit.reports.unified import UnifiedReportGenerator  # type: ignore[import-not-found]
+
+    generator: Any = UnifiedReportGenerator(context, evidence, config)
+    frameworks_to_eval = _get_frameworks(framework, config)
+    report_data: Any = generator.generate(frameworks_to_eval)
+
+    from licit.reports import html as html_reporter  # type: ignore[attr-defined]
+    from licit.reports import json_fmt  # type: ignore[attr-defined]
+    from licit.reports import markdown as md_reporter  # type: ignore[attr-defined]
+
+    if fmt == "json":
+        content: str = json_fmt.render(report_data)
+    elif fmt == "html":
+        content = html_reporter.render(report_data)
+    else:
+        content = md_reporter.render(report_data)
+
+    ext = {"markdown": "md", "json": "json", "html": "html"}[fmt]
+    output_path = output or f".licit/reports/compliance-report.{ext}"
+    Path(output_path).parent.mkdir(parents=True, exist_ok=True)
+    Path(output_path).write_text(content, encoding="utf-8")
+
+    from licit.reports.summary import print_summary  # type: ignore[import-not-found]
+
+    print_summary(report_data)
+
+    click.echo(f"\n  Report saved to: {output_path}")
+
+
+@main.command()
+@click.option(
+    "--framework",
+    type=click.Choice(["eu-ai-act", "owasp", "all"]),
+    default="all",
+)
+@click.pass_context
+def gaps(ctx: click.Context, framework: str) -> None:
+    """Identify compliance gaps with actionable recommendations.
+
+    Shows what's missing for compliance and suggests specific
+    actions and tools to close each gap.
+
+    Examples:
+      licit gaps
+      licit gaps --framework eu-ai-act
+    """
+    root = str(Path.cwd())
+    config = load_config(ctx.obj.get("config_path"))
+    detector = ProjectDetector()
+    context = detector.detect(root)
+    evidence = EvidenceCollector(root, context).collect()
+
+    from licit.reports.gap_analyzer import GapAnalyzer  # type: ignore[import-not-found]
+
+    analyzer: Any = GapAnalyzer(context, evidence, config)
+    frameworks_to_eval = _get_frameworks(framework, config)
+    gap_items: list[Any] = analyzer.analyze(frameworks_to_eval)
+
+    if not gap_items:
+        click.echo("\n  No compliance gaps found! All requirements met.")
+        return
+
+    click.echo(f"\n  {len(gap_items)} compliance gap(s) found:\n")
+    for i, gap in enumerate(gap_items, 1):
+        icon = "X" if gap.status == ComplianceStatus.NON_COMPLIANT else "!"
+        click.echo(f"  {i}. [{icon}] [{gap.requirement.id}] {gap.requirement.name}")
+        click.echo(f"     {gap.gap_description}")
+        click.echo(f"     -> {gap.recommendation}")
+        if gap.tools_suggested:
+            click.echo(f"     Tools: {', '.join(gap.tools_suggested)}")
+        click.echo()
+
+
+@main.command()
+@click.option(
+    "--framework",
+    type=click.Choice(["eu-ai-act", "owasp", "all"]),
+    default="all",
+)
+@click.pass_context
+def verify(ctx: click.Context, framework: str) -> None:
+    """Verify compliance and return exit code for CI/CD.
+
+    Exit code 0 if all critical requirements are met.
+    Exit code 1 if any critical requirement is non-compliant.
+    Exit code 2 if requirements are partially met.
+
+    Examples:
+      licit verify
+      licit verify --framework eu-ai-act
+    """
+    root = str(Path.cwd())
+    config = load_config(ctx.obj.get("config_path"))
+    detector = ProjectDetector()
+    context = detector.detect(root)
+    evidence = EvidenceCollector(root, context).collect()
+
+    frameworks_to_eval = _get_frameworks(framework, config)
+
+    all_results: list[ControlResult] = []
+    for fw in frameworks_to_eval:
+        results: list[ControlResult] = fw.evaluate(context, evidence)
+        all_results.extend(results)
+
+    non_compliant = [r for r in all_results if r.status == ComplianceStatus.NON_COMPLIANT]
+    partial = [r for r in all_results if r.status == ComplianceStatus.PARTIAL]
+    compliant = [r for r in all_results if r.status == ComplianceStatus.COMPLIANT]
+
+    click.echo("\n  Compliance Verification")
+    click.echo(f"  Compliant:     {len(compliant)}")
+    click.echo(f"  Partial:       {len(partial)}")
+    click.echo(f"  Non-compliant: {len(non_compliant)}")
+
+    if non_compliant:
+        click.echo("\n  Non-compliant controls:")
+        for r in non_compliant:
+            click.echo(f"    [X] {r.requirement.id}: {r.requirement.name}")
+        sys.exit(1)
+    elif partial:
+        sys.exit(2)
+    else:
+        click.echo("\n  All requirements met.")
+        sys.exit(0)
+
+
+@main.command()
+@click.pass_context
+def status(ctx: click.Context) -> None:
+    """Show licit status and connected sources.
+
+    Examples:
+      licit status
+    """
+    root = str(Path.cwd())
+    config = load_config(ctx.obj.get("config_path"))
+    detector = ProjectDetector()
+    context = detector.detect(root)
+    evidence = EvidenceCollector(root, context).collect()
+
+    click.echo("\n  licit Status")
+    click.echo(f"  {'─' * 40}")
+    click.echo(f"  Project: {context.name}")
+    config_exists = Path(".licit.yaml").exists()
+    click.echo(f"  Config: {'.licit.yaml' if config_exists else 'not found'}")
+
+    click.echo("\n  Frameworks:")
+    click.echo(f"    {'[x]' if config.frameworks.eu_ai_act else '[ ]'} EU AI Act")
+    click.echo(
+        f"    {'[x]' if config.frameworks.owasp_agentic else '[ ]'} OWASP Agentic Top 10"
+    )
+    click.echo("    [ ] NIST AI RMF (V1)")
+    click.echo("    [ ] ISO 42001 (V1)")
+
+    click.echo("\n  Data Sources:")
+    click.echo(
+        f"    {'[x]' if context.git_initialized else '[ ]'} "
+        f"Git history ({context.total_commits} commits)"
+    )
+    click.echo(f"    {'[x]' if evidence.has_provenance else '[ ]'} Provenance tracking")
+    click.echo(f"    {'[x]' if evidence.has_changelog else '[ ]'} Config changelog")
+    click.echo(f"    {'[x]' if evidence.has_fria else '[ ]'} FRIA document")
+    click.echo(f"    {'[x]' if evidence.has_annex_iv else '[ ]'} Annex IV documentation")
+
+    click.echo("\n  Connectors:")
+    click.echo(
+        f"    {'[x]' if context.has_architect else '[ ]'} "
+        f"architect ({context.architect_config_path or 'not detected'})"
+    )
+    click.echo(
+        f"    {'[x]' if context.security.has_vigil else '[ ]'} "
+        f"vigil ({context.security.vigil_config_path or 'not detected'})"
+    )
+
+    click.echo(f"\n  Agent Configs ({len(context.agent_configs)}):")
+    for cfg in context.agent_configs:
+        click.echo(f"    - {cfg.path} ({cfg.agent_type})")
+    if not context.agent_configs:
+        click.echo("    (none detected)")
+
+
+@main.command()
+@click.argument("connector", type=click.Choice(["architect", "vigil"]))
+@click.option("--enable/--disable", default=True, help="Enable or disable the connector")
+@click.pass_context
+def connect(ctx: click.Context, connector: str, enable: bool) -> None:
+    """Configure optional connectors (architect, vigil).
+
+    Examples:
+      licit connect architect
+      licit connect vigil --enable
+      licit connect architect --disable
+    """
+    config = load_config(ctx.obj.get("config_path"))
+
+    if connector == "architect":
+        config.connectors.architect.enabled = enable
+    elif connector == "vigil":
+        config.connectors.vigil.enabled = enable
+
+    save_config(config, ctx.obj.get("config_path"))
+    state = "enabled" if enable else "disabled"
+    click.echo(f"  Connector '{connector}' {state}.")
+
+
+def _get_frameworks(framework: str, config: LicitConfig) -> list[Any]:
+    """Build list of framework evaluators based on selection and config.
+
+    Returns evaluators that implement .evaluate(context, evidence) -> list[ControlResult].
+    Actual types come from Phase 4+ modules.
+    """
+    frameworks: list[Any] = []
+    if framework in ("eu-ai-act", "all") and config.frameworks.eu_ai_act:
+        from licit.frameworks.eu_ai_act.evaluator import (  # type: ignore[import-not-found]
+            EUAIActEvaluator,
+        )
+
+        frameworks.append(EUAIActEvaluator())
+    if framework in ("owasp", "all") and config.frameworks.owasp_agentic:
+        from licit.frameworks.owasp_agentic.evaluator import (  # type: ignore[import-not-found]
+            OWASPAgenticEvaluator,
+        )
+
+        frameworks.append(OWASPAgenticEvaluator())
+    return frameworks

licit/config/defaults.py

@@ -0,0 +1,12 @@
+"""Default configuration values for licit."""
+
+from licit.config.schema import LicitConfig
+
+# Canonical default config instance
+DEFAULTS = LicitConfig()
+
+# Default config file name
+CONFIG_FILENAME = ".licit.yaml"
+
+# Default licit data directory
+DATA_DIR = ".licit"

licit/config/loader.py

@@ -0,0 +1,80 @@
+"""Load and merge configuration from YAML file, defaults, and CLI overrides."""
+
+from pathlib import Path
+
+import structlog
+import yaml
+
+from licit.config.defaults import CONFIG_FILENAME
+from licit.config.schema import LicitConfig
+
+logger = structlog.get_logger()
+
+
+def load_config(config_path: str | None = None) -> LicitConfig:
+    """Load configuration from YAML file, falling back to defaults.
+
+    Resolution order:
+    1. Explicit path (--config flag)
+    2. .licit.yaml in current directory
+    3. Default values from schema
+    """
+    path = _resolve_config_path(config_path)
+
+    if path is not None:
+        return _load_from_file(path)
+
+    logger.debug("config_not_found", msg="Using default configuration")
+    return LicitConfig()
+
+
+def _resolve_config_path(explicit_path: str | None) -> Path | None:
+    """Find the config file to load."""
+    if explicit_path:
+        p = Path(explicit_path)
+        if p.exists():
+            return p
+        logger.warning("config_path_not_found", path=explicit_path)
+        return None
+
+    default = Path.cwd() / CONFIG_FILENAME
+    if default.exists():
+        return default
+
+    return None
+
+
+def _load_from_file(path: Path) -> LicitConfig:
+    """Parse YAML config file into LicitConfig."""
+    try:
+        raw = yaml.safe_load(path.read_text(encoding="utf-8"))
+    except yaml.YAMLError as exc:
+        logger.error("config_parse_error", path=str(path), error=str(exc))
+        return LicitConfig()
+
+    if not isinstance(raw, dict):
+        logger.warning("config_not_dict", path=str(path))
+        return LicitConfig()
+
+    try:
+        config = LicitConfig.model_validate(raw)
+    except Exception as exc:
+        logger.error("config_validation_error", path=str(path), error=str(exc))
+        return LicitConfig()
+
+    logger.debug("config_loaded", path=str(path))
+    return config
+
+
+def save_config(config: LicitConfig, path: str | None = None) -> Path:
+    """Save config to YAML file."""
+    target = Path(path) if path else Path.cwd() / CONFIG_FILENAME
+    target.parent.mkdir(parents=True, exist_ok=True)
+
+    data = config.model_dump(exclude_defaults=False)
+    target.write_text(
+        yaml.dump(data, default_flow_style=False, sort_keys=False),
+        encoding="utf-8",
+    )
+    logger.debug("config_saved", path=str(target))
+    return target