picosentry 0.16.0__tar.gz

picosentry-0.16.0/.editorconfig

@@ -0,0 +1,21 @@
+# EditorConfig for PicoSentry
+# https://editorconfig.org
+
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.{yml,yaml}]
+indent_size = 2
+
+[*.md]
+trim_trailing_whitespace = false
+
+[Makefile]
+indent_style = tab

picosentry-0.16.0/.pre-commit-hooks.yaml

@@ -0,0 +1,60 @@
+# PicoSentry pre-commit hooks
+# Registered at: https://pre-commit.com/hooks.html
+#
+# Usage in your .pre-commit-config.yaml:
+#   repos:
+#     - repo: https://github.com/KirkForge/PicoSentry
+#       rev: v0.15.0
+#       hooks:
+#         - id: picosentry-scan
+#         - id: picosentry-check
+#         - id: picosentry-workspace
+#
+# All hooks are deterministic — same inputs = same output, every time.
+# No network calls at scan time. Safe for offline/air-gapped environments.
+# Requires: Python 3.10+
+
+# ── Full supply-chain scan (all 21 rules) ──
+- id: picosentry-scan
+  name: "PicoSentry — full scan"
+  description: "Deterministic npm/pnpm supply-chain scan (21 rules, fail on MEDIUM+)"
+  entry: picosentry scan . --format json --quiet --exit-code --fail-on medium --fail-on-rule-error
+  language: python
+  language_version: python3.10
+  additional_dependencies:
+    - pyyaml>=6.0
+  minimum_pre_commit_version: 2.9.0
+  types: [json, yaml]
+  files: ^(package\.json|pnpm-lock\.yaml|yarn\.lock|package-lock\.json|pnpm-workspace\.yaml|\.picosentry\.yml)$
+  pass_filenames: false
+  always_run: true
+
+# ── CI-optimized fast check ──
+- id: picosentry-check
+  name: "PicoSentry — CI check"
+  description: "Quick health check (fail only on HIGH or CRITICAL findings, fail-closed on rule errors)"
+  entry: picosentry check --fail-on high --fail-on-rule-error
+  language: python
+  language_version: python3.10
+  additional_dependencies:
+    - pyyaml>=6.0
+  minimum_pre_commit_version: 2.9.0
+  types: [json, yaml]
+  files: ^(package\.json|pnpm-lock\.yaml|yarn\.lock|package-lock\.json)$
+  pass_filenames: false
+  always_run: true
+
+# ── Monorepo workspace scan ──
+- id: picosentry-workspace
+  name: "PicoSentry — workspace scan"
+  description: "Scan entire monorepo workspace (all npm/pnpm projects, fail-closed)"
+  entry: picosentry workspace --format summary --fail-on medium
+  language: python
+  language_version: python3.10
+  additional_dependencies:
+    - pyyaml>=6.0
+  minimum_pre_commit_version: 2.9.0
+  types: [json, yaml]
+  files: ^(pnpm-workspace\.yaml|nx\.json|lerna\.json|turbo\.json)$
+  pass_filenames: false
+  always_run: true

picosentry-0.16.0/CHANGELOG.md

@@ -0,0 +1,193 @@
+# Changelog
+
+## [0.15.1] - 2026-05-21
+
+### Fixed
+- **action.yml: exit-code enforcement bug** — composite action caught PicoSentry's nonzero exit but never propagated it. `exit-code: true` with findings now correctly fails the step with `::error::` annotation
+- **release.yml: merge-conflict markers** — removed stray `>>>>>>> origin/main` lines that broke YAML parsing
+- **Determinism claim corrected** — default JSON output includes audit timestamps and timing; `--deterministic-output` flag added for byte-identical output across runs. README updated to reflect this honestly
+- **CI security theater** — removed `|| true` from pip-audit and self-scan steps in ci.yml; pip-audit no longer silently passes on vulnerability findings
+- **ScanResult.to_dict() key ordering** — top-level keys now always sorted, matching the "sorted keys" guarantee
+
+### Added
+- **`--deterministic-output` flag** — omits audit timestamps, `duration_ms`, `rule_timings_ms`, and per-rule `duration_ms` from JSON output for byte-stable reproducible CI artifacts. `--verify-determinism` implies this flag
+- **`.github/workflows/test-action.yml`** — CI workflow testing the GitHub Action exit-code contract, deterministic output byte-identity, and `--verify-determinism`
+- **Release workflow: test installed wheel** — `release.yml` now runs `pytest` against the built wheel before publishing
+- **`tests/test_action_exit_code.py`** — 19 tests proving action enforcement, shell logic replication, and exit-code behavior
+- **`tests/test_deterministic_output.py`** — 11 tests proving byte-identical JSON, audit/timing omission, config loading, and key ordering
+- **`tests/test_realistic_fixtures.py`** — 33 tests: realistic npm project (lockfile + node_modules), all-fixture smoke tests
+- **`tests/fixtures/realistic_npm/`** — realistic fixture with `package.json`, `package-lock.json`, and `node_modules/` (express, axios)
+
+### Changed
+- **STATE.md** — rewritten from inflated self-scoring to honest maturity assessment
+- **CONTRIBUTING.md** — documented `pip install -e ".[dev]"` requirement; updated determinism verification to show `--deterministic-output`
+- **`ScanResult.to_dict()`** and **`RuleExecution.to_dict()`** — accept `deterministic_output` parameter; when true, timing fields are omitted
+- **`format_json()`** — passes `deterministic_output` through to `ScanResult.to_json()`
+
+## [0.14.0] - Unreleased (enterprise-ready)
+
+### Added
+- **Workspace/monorepo scanning** — `picosentry workspace` discovers and scans all npm/pnpm projects in a monorepo (Nx, Turborepo, Lerna, pnpm workspaces)
+- **Custom IoC registry** — register organization-specific indicators of compromise (`picosentry ioc register`)
+- **Enterprise Docker image** — multi-stage build with non-root user, health check, venv isolation
+- **Full CycloneDX SBOM** — walks node_modules for complete component inventory with purl and hashes
+- **Structured JSON logging** — `--log-format json` for SIEM integration (Splunk, ELK, Datadog)
+- **CI type checking** — mypy --strict enforced on every push
+- **CI coverage reporting** — pytest-cov with XML report upload
+- **CI linting** — ruff check + format enforcement in CI
+- **Python 3.13** in CI test matrix
+- **Release workflow** — automated PyPI publish + GitHub Release on tag push
+- **Dependabot** configuration for pip and GitHub Actions
+- **CODEOWNERS** file for code review routing
+- **.editorconfig** for consistent formatting across contributors
+- **Pre-commit hooks** — 3 hooks: full scan, fast CI check, workspace scan
+- **Performance benchmark suite** — cold start, rule timing, format throughput targets
+- **Self-SBOM generation** — scripts/generate_sbom.py for dogfooding
+
+### Changed
+- CycloneDX timestamp is now deterministic (derived from scan_id, not wall-clock time)
+- CycloneDX vulnerability IDs use descriptive `PICOSENTRY-` prefix
+- Credential scanner excludes `dist/`, `build/`, `out/` directories and `.min.*` files
+- CI pre-push script rewritten for Python (was Node.js-centric)
+- CI scan-self SARIF upload gated to public repos only
+- Rules documentation: corrected "15" → "19" detector rules
+- Dockerfile: multi-stage build with non-root user and health check
+- State.md: enterprise readiness score updated to 94/100
+
+### Fixed
+- LICENSE copyright holder: fixed to "KirkForge" (was "55N10E")
+- Rules documentation rule count now matches actual RULE_INFO (19)
+
+
+### Added
+- **CycloneDX 1.5 SBOM output** (`--format cyclonedx`) — enterprise standard SBOM compatible with OWASP Dependency-Track
+- **`picosentry check` command** — CI-optimized health gate with exit-code only
+- **Symlink traversal guards** — `rglob` calls now skip symlinks to prevent scanning outside project boundaries
+- **`__all__` exports** on all 15 rule modules for explicit public API
+- **`py.typed` marker** (PEP 561) for type-checker compatibility
+- **`mypy.ini`** with strict type checking configuration
+
+### Changed
+- Lockfile v1 parser: strips version suffix from keys for correct package name matching
+- Provenance path detection: uses `Path.parts` instead of fragile `str()` comparison
+- Config merge: uses `getattr` with safe defaults instead of direct attribute access
+- Engine version detection: prefers `importlib.metadata` over regex source parsing
+- CLI eliminates double config load — config loaded once and passed through
+- Typosquat optimized with length and first-char pruning (~90% fewer computations)
+
+### Fixed
+- `merge_cli()` no longer crashes on minimal test Namespaces
+- Symlink traversal prevented in obfuscation, credential_read, and engine scans
+- All references migrated from `55N10E/SecDev_kimi` to `KirkForge/PicoSentry`
+
+
+All notable changes to PicoSentry are documented here.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.12.0] - 2026-05-16
+
+### Added
+- **All 19 rule IDs now registered in engine** (was 15): sub-rules L2-OBFS-002/003/004 and L2-MANI-002 are individually registered
+- **Sub-rule filtering**: `--rules L2-OBFS-002` now returns only OBFS-002 findings (engine deduplicates shared functions, filters findings by requested rule_ids)
+- 3 new tests for sub-rule filtering behavior
+
+### Changed
+- `picosentry rules` now correctly shows 19 rules (was 15)
+- `RULE_COUNT` = 19 (was 15)
+- Engine scan loop deduplicates function calls when multiple rule_ids share the same detector
+- Documented immutability contract for `apply_severity_overrides` and `apply_overrides`
+
+### Fixed
+- Removed stray `finding missing file` line in `DeterministicGuard.check()` stats verification block
+- Rule count inconsistency resolved: RULE_INFO (19) matches engine registration (19)
+
+## [0.11.0] - 2026-05-16
+
+### Added
+- **Deterministic guard stack** (`guards.py`): `DeterministicGuard`, `deterministic_hash()`, `fingerprint_scan()`, `verify_determinism()`, `diff_scans()`, `DeterminismViolation`
+- **`--verify-determinism` CLI flag**: Runs scan twice, compares SHA-256 of deterministic fields. Exit 0 if match, 4 if violation
+- **SECURITY.md**: Vulnerability disclosure policy (90-day coordinated disclosure)
+- **CI determinism gate**: GitHub Actions step that verifies determinism on every push
+- Stats consistency guard: `DeterministicGuard.check()` now verifies `findings_by_severity` and `findings_by_rule` match actual findings
+- **`ScanResult.apply_overrides()`**: Clean API for replacing findings + recomputing stats
+- **`user_corpus_dir()`**: XDG-aware corpus directory (`~/.local/share/picosentry/corpus/` or `$PICOCORPUS_DIR`)
+- **Response size limit** on `update` command (10MB per page) — prevents OOM from oversized responses
+- **Response format validation** on `update` command — rejects non-JSON and missing `objects` key
+- Typosquat corpus fallback logging: warns on corrupt file, info on missing file
+- Python 3.13 classifier in pyproject.toml
+
+### Changed
+- `picosentry update` now writes to user corpus dir instead of package install dir (fixes PEP 668 compatibility)
+- `ScanEngine` resolves corpus: explicit `--corpus` > user dir (`~/.local/share/picosentry/corpus/`) > built-in
+- `picosentry rules` now shows all 19 rule IDs from `RULE_INFO` (not just 15 engine-registered functions)
+- `picosentry version` shows "19 (15 detector functions)"
+- `files_scanned` now counts only relevant file types and skips `.git`, `__pycache__`, `.cache`
+- `packages_scanned` now counts scoped packages (`@scope/pkg`) individually
+- Removed `Typing :: Typed` classifier (no `.pyi` stub files yet)
+
+### Fixed
+- `update` command no longer writes inside installed package directory
+- `update` command validates response format before processing
+- Rule count inconsistency between `RULE_INFO` (19) and engine (15) resolved
+
+## [0.10.0] - 2026-05-16
+
+### Added
+- **`--verify-determinism` flag**: Runs scan twice, compares SHA-256 of deterministic fields
+- **SECURITY.md**: Vulnerability disclosure policy
+- **CI determinism gate**: GitHub Actions step for determinism verification
+- 4 new tests for determinism verification
+
+### Fixed
+- `format_json` included `duration_ms`/`rule_timings_ms` in determinism hash — now excluded
+- Missing `tempfile` import in violation path
+
+## [0.9.1] - 2026-05-15
+
+### Added
+- `--version` flag
+- Baseline update optimization
+- CONTRIBUTING.md
+
+### Changed
+- 19 rules, 291 tests, 5 output formats
+
+## [0.1.0] - 2026-05-14
+
+### Added
+- Initial release: 10 detector rules, 27 tests
+- Scanner module extracted from Iron Dome
+- 4 output formats: json, sarif, table, ml-context
+- Determinism enforced: `sha256(findings_a) == sha256(findings_b)` on identical inputs
+
+[0.12.0]: https://github.com/KirkForge/PicoSentry/compare/v0.11.0...v0.12.0
+[0.11.0]: https://github.com/KirkForge/PicoSentry/compare/v0.10.0...v0.11.0
+[0.10.0]: https://github.com/KirkForge/PicoSentry/compare/v0.9.1...v0.10.0
+[0.9.1]: https://github.com/KirkForge/PicoSentry/releases/tag/v0.9.1
+[0.1.0]: https://github.com/KirkForge/PicoSentry/releases/tag/v0.1.0
+## [0.16.1] - 2026-05-29
+
+### Security
+
+- **§1.1 Typosquat FP rate** — short package names (≤4 chars) no longer emit HIGH-severity typosquat findings. Distance-2 short names → LOW, distance-1 short → MEDIUM. Normal-length names use length-ratio scoring for appropriate severity. Prevents CI breakage from common packages like `swr`, `ky`, `clsx`
+- **§1.4 Arbitrary scan paths** — `/scan` endpoint now rejects absolute paths and `..`, resolves targets against `PICOSENTRY_SCAN_ROOT` (or CWD), and verifies the resolved path stays within the workspace root. Prefix-confusion attack (e.g. `/app-sekrit` passing `/app` check) is also blocked
+- **§1.5 Missing authz on /metrics and /dashboard** — `check_authorization()` is now enforced on `/metrics`, `/metrics/json`, and `/dashboard`. Previously only `_check_auth()` (authentication) was called, allowing any authenticated low-privilege token to read cross-tenant data
+- **§2.1 Default bind address** — `DEFAULT_HOST` changed from `0.0.0.0` to `127.0.0.1`. Non-loopback bind with `auth=off` now prints a CRITICAL warning. Prevents accidental exposure of admin access on network interfaces
+- **§2.2 Token scope dead code** — scope lookup in `check_token_auth` now checks `identity in config.scopes` (preserving empty scope lists = no permissions) before falling through to `token_default` → `default_scopes`. Previously `or` chain treated empty lists as falsy, silently escalating permissions
+- **§2.5 Fail-open verify** — `verify_content()` now returns `False` for unsigned bundles (fail-closed). Callers that need to accept unsigned bundles should pass `allow_unsigned=True`. `corpus_require_signature` defaults to `True` across both `Config` and `Policy` classes
+- **§3.4 Silent symlink fallback** — `engine.py` now logs a warning when symlinked corpus files are skipped and the version hash changes, instead of silently degrading to the builtin top-100 list
+
+### Changed
+
+- Typosquat severity now reflects match quality: short-name matches at LOW/MEDIUM, distance-1 matches with ≥0.8 length ratio at HIGH, distance-2 with low ratio at LOW
+- `Policy` dataclass `corpus_require_signature` default changed from `False` to `True` (fail-closed)
+
+### Documentation
+
+- Updated `docs/security/threat-model.md` — added attack surfaces for scan path traversal, default bind exposure, authz enforcement, corpus signature verification, typosquat FP noise
+- Updated `docs/security/access-control-policy.md` — added token-mode scope resolution, authz enforcement on all endpoints, scan path restrictions, fail-closed defaults table
+- Updated `docs/runbooks/daemon-auth-failures.md` — added scope resolution troubleshooting, authz enforcement note, bind address change, scan path restrictions
+- Updated `docs/ENTERPRISE_DEPLOYMENT.md` — added v0.16.1 security defaults section, dashboard endpoints to scope-enforced table, scan path restriction note, token scope resolution warning
+- Updated `SECURITY.md` — added fail-closed defaults table, typosquat detection section, supported versions bump

picosentry-0.16.0/CITATION.cff

@@ -0,0 +1,35 @@
+cff-version: 1.2.0
+message: "If you use PicoSentry in your research or security pipeline, please cite it as below."
+title: "PicoSentry: Deterministic Supply-Chain Scanner for npm/pnpm"
+authors:
+  - given-names: Henrik
+    family-names: Kirk
+    name: "Henrik Kirk"
+  - given-names: GLM
+    family-names: "5.1"
+    name: "GLM-5.1"
+  - given-names: PicoClaw
+    family-names: "🦞"
+    name: "PicoClaw"
+url: "https://github.com/KirkForge/PicoSentry"
+repository-code: "https://github.com/KirkForge/PicoSentry"
+version: "0.16.0"
+date-released: "2026-05-28"
+license: PolyForm-Noncommercial-1.0.0
+abstract: >-
+  PicoSentry is a deterministic, offline supply-chain scanner for npm
+  and pnpm ecosystems, designed to be safe for ML pipelines and
+  enterprise CI/CD. Same inputs + same corpus version = same output,
+  every time. 21 detector rules, 6 output formats (JSON, SARIF, table,
+  ml-context, GitHub, CycloneDX SBOM), and a 4-layer determinism guard
+  stack.
+keywords:
+  - supply-chain-security
+  - npm
+  - pnpm
+  - deterministic-scanner
+  - sbom
+  - cyclonedx
+  - sarif
+  - devsecops
+type: software

picosentry-0.16.0/COMMERCIAL-LICENSE.md

@@ -0,0 +1,20 @@
+# Commercial License
+
+Commercial use that competes with KirkForge's paid offerings requires a separate commercial license from KirkForge.
+
+Under the Business Source License 1.1 (BUSL-1.1), you may use the software for non-production purposes and internal production use without a commercial license. However, offering the software to third parties on a hosted or embedded basis as a competitive offering requires a commercial license.
+
+Examples of use requiring a commercial license:
+
+- offering the software as a hosted/managed service that competes with KirkForge's products
+- embedding the software in a paid product that competes with KirkForge's products
+- packaging the software so it must be accessed or downloaded for your competitive offering to operate
+
+Examples of use **not** requiring a commercial license:
+
+- internal use within your organization
+- non-production use (development, testing, evaluation)
+- academic or educational use
+- personal/hobby projects
+
+For commercial licensing, contact: kirk@kirkforge.dev

picosentry-0.16.0/CONTRIBUTING.md

@@ -0,0 +1,168 @@
+# Contributing to PicoSentry
+
+Thanks for your interest in PicoSentry! This guide covers how to contribute effectively.
+
+## Quick Start
+
+```bash
+git clone https://github.com/KirkForge/PicoSentry.git
+cd PicoSentry
+python3 -m pip install -e ".[dev]"   # Required: CLI tests need the package importable
+python3 -m pytest
+```
+
+> **Important:** You must install the package in editable mode before running tests.
+> CLI integration tests use `subprocess` to invoke `picosentry`, which requires the
+> package to be importable. Raw `pytest` from a clean checkout will fail at CLI tests
+> without `pip install -e ".[dev]"`.
+
+## Development
+
+### Running Tests
+
+```bash
+python3 -m pytest                          # All tests
+python3 -m pytest tests/test_cli.py        # CLI tests only
+python3 -m pytest -x                       # Stop on first failure
+python3 -m pytest -m "not slow"            # Skip benchmark tests
+python3 -m pytest tests/test_benchmark.py  # Performance benchmarks
+```
+
+### Linting & Type Checking
+
+```bash
+ruff check src/ tests/                     # Lint
+ruff format --check src/ tests/            # Format check
+mypy src/picosentry --strict               # Type check
+```
+
+### Pre-push CI
+
+```bash
+bash scripts/ci.sh                         # Run all checks: mypy, ruff, pytest, determinism
+```
+
+### Adding a New Rule
+
+1. Create detector in `src/picosentry/rules/` (e.g., `my_rule.py`)
+2. Register in `src/picosentry/rules/__init__.py` → `RULE_INFO`
+3. Register in `src/picosentry/engine.py` → `create_default_engine()`
+4. Add fixture in `tests/fixtures/`
+5. Write tests in `tests/test_my_rule.py`
+6. Create rule doc in `src/picosentry/docs/rules/`
+7. Update `SCAAT.md` with the new attack vector coverage
+8. Run: `python3 -m pytest`
+
+### Rule Requirements
+
+Every rule **must** be deterministic:
+- Same target + same corpus = same findings, every time
+- No network calls at scan time
+- No `uuid4()`, `random()`, or timestamps in findings
+- Output sorted by `(rule_id, package, file, line)`
+
+### Adding a Custom IoC
+
+Register known-bad packages in the built-in corpus:
+
+1. Create `src/picosentry/corpus/ioc/<package>.json` following the existing format
+2. Reference the attack vector, indicators, and expected detection rules
+3. Add a test fixture that exercises the detection
+
+Or use the CLI for custom IoCs (these stay local, not in the repo):
+
+```bash
+picosentry corpus export ./my-iocs.json
+# Edit my-iocs.json, add entries
+picosentry corpus import ./my-iocs.json --force
+```
+
+### Code Style
+
+- Type hints on all public functions
+- Docstrings on all public functions
+- `dataclass(frozen=True)` for immutable data (Findings, etc.)
+- Sorted keys in all JSON output
+- 120-char line limit (ruff enforced)
+
+## Project Structure
+
+```
+src/picosentry/
+├── cli.py               # CLI entry point — all subcommands
+├── engine.py            # ScanEngine — orchestrates rules
+├── models.py            # Frozen dataclasses (Finding, ScanResult)
+├── config.py            # .picosentry.yml loader
+├── guards.py            # Determinism enforcement
+├── logging.py           # Structured JSON logging
+├── workspace.py         # Monorepo scanning
+├── ioc_registry.py      # Custom IoC management
+├── corpus_share.py      # Corpus pack import/export
+├── rules/               # 19 detector rules (pure functions)
+├── formatters/          # 6 output formatters
+└── corpus/              # Built-in IoC database
+```
+
+## Determinism Verification
+
+After any scan logic change, verify determinism (including CycloneDX output):
+
+```bash
+# Run two scans and compare (byte-identical output)
+picosentry scan ./my-project --format json --deterministic-output -o scan_a.json
+picosentry scan ./my-project --format json --deterministic-output -o scan_b.json
+diff scan_a.json scan_b.json  # should produce no output
+
+# Or use built-in verification (runs twice, compares SHA-256)
+picosentry scan ./my-project --verify-determinism
+# Should output: "✓ DETERMINISM VERIFIED — scans are deterministic"
+
+# Note: without --deterministic-output, JSON includes timestamps and timing.
+# The --verify-determinism flag automatically enables deterministic output mode.
+```
+
+## Commit Messages
+
+Format: `type: description`
+
+Types: `feat`, `fix`, `docs`, `test`, `refactor`, `chore`
+
+Examples:
+- `feat: L2-SIDELOAD-001 protocol sideloading detector`
+- `feat: workspace scanning for monorepos`
+- `fix: engine_version now reads from __version__ dynamically`
+- `docs: add SCAAT attestation and corpus marketplace docs`
+
+## Reporting Issues
+
+- Include: PicoSentry version, Python version, OS, target project
+- Include: `picosentry version` output
+- Include: `--verbose` output if possible
+
+## Security
+
+See [SECURITY.md](SECURITY.md) for vulnerability reporting policy.
+
+## AI-Assisted Development
+
+PicoSentry is developed with AI assistance. All AI-generated contributions are
+reviewed, tested, and approved by a human maintainer before merge.
+
+### Co-Authorship
+
+When AI tools produce substantive contributions (features, bug fixes, documentation),
+they receive co-author credit:
+
+```
+Co-authored-by: GLM-5.1 <glm@z.ai>
+Co-authored-by: PicoClaw <picoclaw@kirkforge.dev>
+```
+
+- **GLM-5.1** — Code generation, refactoring, test writing
+- **PicoClaw** — Review, analysis, documentation, security auditing
+
+AI co-authors are credited because they did real work. This is transparent and honest.
+
+## License
+
+By contributing, you agree that your contributions will be licensed under the same public license as the project, currently PolyForm Noncommercial License 1.0.0, and may also be used by KirkForge under separate commercial licensing terms.

picosentry-0.16.0/Dockerfile

@@ -0,0 +1,79 @@
+# PicoSentry — Enterprise Docker Image
+# Multi-stage build with pinned digests for secure, reproducible CI/CD pipeline scanning.
+#
+# Build:
+#   docker build -t picosentry:latest .
+#   docker build --build-arg VERSION=0.15.0 -t picosentry:0.15.0 .
+#
+# Run:
+#   docker run --rm -v $(pwd):/scan picosentry scan /scan
+#   docker run --rm -v $(pwd):/scan picosentry workspace /scan --format json
+#   docker run --rm -v $(pwd):/scan picosentry check /scan --fail-on high --fail-on-rule-error
+#
+# Security: runs as non-root, no network at scan time, read-only scan dir.
+# Base images pinned by digest for supply-chain integrity.
+
+# ── Stage 1: Builder ──────────────────────────────────
+# python:3.12-slim (bookworm) — digest varies; update periodically.
+# Verify: docker pull python:3.12-slim@sha256:...
+FROM python:3.12-slim@sha256:9d3abd9fc11d06998ccdbdd93b4dd49b5ad7d67fcbbc11c016eb0eb2c2194891 AS builder
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /build
+
+# Copy only what's needed for install
+COPY pyproject.toml README.md LICENSE ./
+COPY src/ ./src/
+
+# Install into a clean venv
+RUN python3 -m venv /opt/venv && \
+    /opt/venv/bin/pip install --no-cache-dir -e . && \
+    # Install pyyaml for pnpm workspace support
+    /opt/venv/bin/pip install --no-cache-dir pyyaml
+
+# Verify installation
+RUN /opt/venv/bin/picosentry --version
+
+# ── Stage 2: Runner ───────────────────────────────────
+FROM python:3.12-slim@sha256:9d3abd9fc11d06998ccdbdd93b4dd49b5ad7d67fcbbc11c016eb0eb2c2194891 AS runner
+
+LABEL org.opencontainers.image.title="PicoSentry"
+LABEL org.opencontainers.image.description="Deterministic supply-chain scanner for npm/pnpm — enterprise CI/CD"
+LABEL org.opencontainers.image.url="https://github.com/KirkForge/PicoSentry"
+LABEL org.opencontainers.image.vendor="KirkForge"
+LABEL org.opencontainers.image.licenses="MIT"
+LABEL org.opencontainers.image.authors="KirkForge"
+LABEL org.opencontainers.image.documentation="https://github.com/KirkForge/PicoSentry"
+LABEL org.opencontainers.image.source="https://github.com/KirkForge/PicoSentry"
+LABEL org.opencontainers.image.version="0.15.0"
+
+# Create non-root user
+RUN groupadd -r picosentry && useradd -r -g picosentry -d /home/picosentry -s /bin/bash picosentry && \
+    mkdir -p /home/picosentry/.local/share/picosentry/corpus && \
+    mkdir -p /scan && \
+    chown -R picosentry:picosentry /home/picosentry /scan
+
+# Copy venv from builder
+COPY --from=builder /opt/venv /opt/venv
+
+# Set PATH to use venv binaries
+ENV PATH="/opt/venv/bin:$PATH"
+ENV PYTHONUNBUFFERED=1
+ENV PYTHONDONTWRITEBYTECODE=1
+
+# Drop to non-root user
+USER picosentry
+WORKDIR /home/picosentry
+
+# Default scan directory
+VOLUME ["/scan"]
+
+# Health check: verify scanner works
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+    CMD picosentry --version || exit 1
+
+ENTRYPOINT ["picosentry"]
+CMD ["--help"]

picosentry-0.16.0/LICENSE

@@ -0,0 +1,91 @@
+License text copyright (c) 2020 MariaDB Corporation Ab, All Rights Reserved.
+"Business Source License" is a trademark of MariaDB Corporation Ab.
+
+Parameters
+
+Licensor:             KirkForge
+Licensed Work:        PicoSentry Version 0.16.0 or later. The Licensed Work is (c) 2025
+                      KirkForge.
+Additional Use Grant: You may make production use of the Licensed Work provided
+                      You do not offer the Licensed Work to third parties on a
+                      hosted or embedded basis as a competitive offering. For
+                      purposes of this license:
+
+                      A "competitive offering" is a Product that is offered to
+                      third parties on a paid basis, including through paid
+                      support arrangements, that significantly overlaps with the
+                      capabilities of KirkForge's paid version(s) of the Licensed
+                      Work. If Your Product is not a competitive offering when You
+                      first make it generally available, it will not become a
+                      competitive offering later due to KirkForge releasing a new
+                      version of the Licensed Work with additional capabilities.
+                      In addition, Products that are not provided on a paid basis
+                      are not competitive.
+
+                      "Product" means software that is offered to end users to
+                      manage in their own environments or offered as a service on
+                      a hosted basis.
+
+                      "Embedded" means including the source code or executable code
+                      from the Licensed Work in a competitive offering. "Embedded"
+                      also means packaging the competitive offering in such a way
+                      that the Licensed Work must be accessed or downloaded for
+                      the competitive offering to operate.
+
+                      Hosting or using the Licensed Work(s) for internal purposes
+                      within an organization is not considered a competitive
+                      offering. KirkForge considers your organization to include
+                      all of your affiliates under common control.
+
+                      For commercial licensing arrangements, contact
+                      kirk@kirkforge.dev or see COMMERCIAL-LICENSE.md.
+Change Date:           Three years from the date the Licensed Work is published.
+Change License:        Apache-2.0
+
+For information about alternative licensing arrangements for the Licensed Work,
+please contact kirk@kirkforge.dev.
+
+Notice
+
+Business Source License 1.1
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative
+works, redistribute, and make non-production use of the Licensed Work. The
+Licensor may make an Additional Use Grant, above, permitting limited production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly
+available distribution of a specific version of the Licensed Work under this
+License, whichever comes first, the Licensor hereby grants you rights under
+the terms of the Change License, and the rights granted in the paragraph
+above terminate.
+
+If your use of the Licensed Work does not comply with the requirements
+currently in effect as described in this License, you must purchase a
+commercial license from the Licensor, its affiliated entities, or authorized
+resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works
+of the Licensed Work, are subject to this License. This License applies
+separately for each version of the Licensed Work and the Change Date may vary
+for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy
+of the Licensed Work. If you receive the Licensed Work in original or
+modified form from a third party, the terms and conditions set forth in this
+License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically
+terminate your rights under this License for the current and all other
+versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of
+Licensor or its affiliates (provided that you may use a trademark or logo of
+Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
+AN "AS IS" BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
+EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
+TITLE.