pwnguard 0.2.4__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (62) hide show
  1. pwnguard-0.2.4/.github/workflows/publish.yml +44 -0
  2. pwnguard-0.2.4/.gitignore +44 -0
  3. pwnguard-0.2.4/.gitlab-ci.example.yml +44 -0
  4. pwnguard-0.2.4/.pwnguard.env.example +46 -0
  5. pwnguard-0.2.4/LICENSE +34 -0
  6. pwnguard-0.2.4/PKG-INFO +692 -0
  7. pwnguard-0.2.4/README.md +633 -0
  8. pwnguard-0.2.4/SECURITY.md +19 -0
  9. pwnguard-0.2.4/audit.py +77 -0
  10. pwnguard-0.2.4/demo/fixed.php +75 -0
  11. pwnguard-0.2.4/demo/hard_test.diff +139 -0
  12. pwnguard-0.2.4/demo/vulnerable.php +56 -0
  13. pwnguard-0.2.4/demo/vulnerable_lab.py +160 -0
  14. pwnguard-0.2.4/docs/architecture.md +59 -0
  15. pwnguard-0.2.4/docs/development.md +50 -0
  16. pwnguard-0.2.4/docs/monitor-mode.md +161 -0
  17. pwnguard-0.2.4/docs/ollama-guide.md +90 -0
  18. pwnguard-0.2.4/docs/review-tui.md +31 -0
  19. pwnguard-0.2.4/install-hook.py +23 -0
  20. pwnguard-0.2.4/pwnguard/__init__.py +8 -0
  21. pwnguard-0.2.4/pwnguard/__main__.py +4 -0
  22. pwnguard-0.2.4/pwnguard/anchors.py +192 -0
  23. pwnguard-0.2.4/pwnguard/backends/__init__.py +73 -0
  24. pwnguard-0.2.4/pwnguard/backends/claude_api.py +74 -0
  25. pwnguard-0.2.4/pwnguard/backends/claude_code.py +73 -0
  26. pwnguard-0.2.4/pwnguard/backends/ollama.py +201 -0
  27. pwnguard-0.2.4/pwnguard/backends/openai_compat.py +343 -0
  28. pwnguard-0.2.4/pwnguard/cli.py +543 -0
  29. pwnguard-0.2.4/pwnguard/config.py +147 -0
  30. pwnguard-0.2.4/pwnguard/constants.py +109 -0
  31. pwnguard-0.2.4/pwnguard/data/__init__.py +0 -0
  32. pwnguard-0.2.4/pwnguard/data/pre-commit +65 -0
  33. pwnguard-0.2.4/pwnguard/diff.py +366 -0
  34. pwnguard-0.2.4/pwnguard/fetchers.py +413 -0
  35. pwnguard-0.2.4/pwnguard/installer.py +136 -0
  36. pwnguard-0.2.4/pwnguard/models.py +100 -0
  37. pwnguard-0.2.4/pwnguard/monitor.py +1086 -0
  38. pwnguard-0.2.4/pwnguard/parser.py +271 -0
  39. pwnguard-0.2.4/pwnguard/prompts.py +252 -0
  40. pwnguard-0.2.4/pwnguard/render.py +720 -0
  41. pwnguard-0.2.4/pwnguard/report.py +195 -0
  42. pwnguard-0.2.4/pwnguard/review.py +260 -0
  43. pwnguard-0.2.4/pwnguard/runtime.py +61 -0
  44. pwnguard-0.2.4/pwnguard/scan.py +404 -0
  45. pwnguard-0.2.4/pwnguard/security.py +44 -0
  46. pwnguard-0.2.4/pwnguard/tui.py +239 -0
  47. pwnguard-0.2.4/pwnguard/ui.py +523 -0
  48. pwnguard-0.2.4/pwnguard.yaml +96 -0
  49. pwnguard-0.2.4/pyproject.toml +42 -0
  50. pwnguard-0.2.4/tests/__init__.py +0 -0
  51. pwnguard-0.2.4/tests/conftest.py +64 -0
  52. pwnguard-0.2.4/tests/test_anchors.py +324 -0
  53. pwnguard-0.2.4/tests/test_audit_result.py +130 -0
  54. pwnguard-0.2.4/tests/test_diff_helpers.py +265 -0
  55. pwnguard-0.2.4/tests/test_fetch_url.py +241 -0
  56. pwnguard-0.2.4/tests/test_list_commits.py +197 -0
  57. pwnguard-0.2.4/tests/test_monitor_cycle.py +501 -0
  58. pwnguard-0.2.4/tests/test_monitor_state.py +181 -0
  59. pwnguard-0.2.4/tests/test_parse_response.py +244 -0
  60. pwnguard-0.2.4/tests/test_rendering.py +134 -0
  61. pwnguard-0.2.4/tests/test_security.py +98 -0
  62. pwnguard-0.2.4/tests/test_tui.py +193 -0
@@ -0,0 +1,44 @@
1
+ name: Publish to PyPI
2
+
3
+ on:
4
+ push:
5
+ tags:
6
+ - "v*"
7
+
8
+ jobs:
9
+ build-and-publish:
10
+ name: Build and publish PwnGuard to PyPI
11
+ runs-on: ubuntu-latest
12
+ environment:
13
+ name: pypi
14
+ url: https://pypi.org/p/pwnguard
15
+ permissions:
16
+ id-token: write
17
+
18
+ steps:
19
+ - name: Checkout
20
+ uses: actions/checkout@v4
21
+
22
+ - name: Set up Python
23
+ uses: actions/setup-python@v5
24
+ with:
25
+ python-version: "3.12"
26
+
27
+ - name: Install build tooling
28
+ run: python -m pip install --upgrade build
29
+
30
+ - name: Verify tag matches package version
31
+ run: |
32
+ TAG="${GITHUB_REF_NAME#v}"
33
+ PKG_VERSION=$(grep -E '^__version__' pwnguard/__init__.py | cut -d'"' -f2)
34
+ if [ "$TAG" != "$PKG_VERSION" ]; then
35
+ echo "::error::Tag $TAG does not match pwnguard/__init__.py version $PKG_VERSION"
36
+ exit 1
37
+ fi
38
+ echo "Tag and package version both at $TAG"
39
+
40
+ - name: Build wheel + sdist
41
+ run: python -m build
42
+
43
+ - name: Publish to PyPI via Trusted Publishing
44
+ uses: pypa/gh-action-pypi-publish@release/v1
@@ -0,0 +1,44 @@
1
+ # Secrets / local config
2
+ .env
3
+ .env.*
4
+ .pwnguard.env
5
+ !.env.example
6
+ !.pwnguard.env.example
7
+ pwnguard.local.yaml
8
+ .pwnguard.local.yaml
9
+ *.pem
10
+ *.key
11
+ credentials*
12
+ .netrc
13
+
14
+ # Python
15
+ __pycache__/
16
+ *.py[cod]
17
+ *$py.class
18
+ .venv/
19
+ venv/
20
+ env/
21
+ .pytest_cache/
22
+ .mypy_cache/
23
+ .ruff_cache/
24
+ *.egg-info/
25
+ build/
26
+ dist/
27
+
28
+ # Editors / OS
29
+ .DS_Store
30
+ .idea/
31
+ .vscode/
32
+ *.swp
33
+ *.swo
34
+
35
+ # Tool output
36
+ audit-report.*
37
+ *.log
38
+
39
+ # Monitor mode cache (per-cwd state file, never to be committed)
40
+ .pwnguard-monitor.json
41
+
42
+ # TUI export files (timestamped findings dumps from --review / --monitor)
43
+ pwnguard-findings-*.md
44
+ pwnguard-monitor-findings-*.md
@@ -0,0 +1,44 @@
1
+ # .gitlab-ci.yml (add this stage to your existing pipeline)
2
+ #
3
+ # Option A: Ollama on self-hosted runner (no API key needed)
4
+ # Option B: Claude API (requires ANTHROPIC_API_KEY CI/CD variable)
5
+ #
6
+ # For MR comments, set GITLAB_TOKEN (personal access token, api scope)
7
+ # in Settings > CI/CD > Variables (masked, protected)
8
+
9
+ stages:
10
+ # ... your existing stages ...
11
+ - security
12
+
13
+ # --- Option A: Self-hosted runner with Ollama (recommended) ---
14
+ pwnguard:
15
+ stage: security
16
+ tags:
17
+ - security-runner # your self-hosted runner tag
18
+ rules:
19
+ - if: $CI_MERGE_REQUEST_IID
20
+ before_script:
21
+ - pip install pwnguard --quiet
22
+ # Ensure Ollama is running on the runner
23
+ - ollama list || echo "Warning: Ollama not available"
24
+ script:
25
+ - pwnguard --mode ci --mr-diff --backend ollama
26
+ allow_failure: false
27
+
28
+ # --- Option B: Claude API (if org has API access) ---
29
+ # pwnguard:
30
+ # stage: security
31
+ # image: python:3.12-slim
32
+ # rules:
33
+ # - if: $CI_MERGE_REQUEST_IID
34
+ # variables:
35
+ # PIP_CACHE_DIR: "$CI_PROJECT_DIR/.pip-cache"
36
+ # cache:
37
+ # key: pwnguard-pip
38
+ # paths:
39
+ # - .pip-cache/
40
+ # before_script:
41
+ # - pip install "pwnguard[claude-api]" --quiet
42
+ # script:
43
+ # - pwnguard --mode ci --mr-diff --backend claude-api
44
+ # allow_failure: false
@@ -0,0 +1,46 @@
1
+ # PwnGuard environment file (example)
2
+ #
3
+ # Copy this file to .pwnguard.env in the same directory and fill in the
4
+ # values you need. PwnGuard auto-loads .pwnguard.env (and .env) from
5
+ # the current working directory at startup. Process env vars exported
6
+ # in your shell always take precedence over what's loaded from a file.
7
+ #
8
+ # IMPORTANT: never commit a populated .pwnguard.env to git - it's
9
+ # already in .gitignore for this repo. Only this *.example file
10
+ # should ever be in version control.
11
+
12
+ # --- Backend tokens -------------------------------------------------------
13
+
14
+ # Required for --backend claude-api. Get one from the Anthropic console:
15
+ # https://console.anthropic.com/settings/keys
16
+ ANTHROPIC_API_KEY=
17
+
18
+ # Required for --backend openai-compat. Bearer token sent to any
19
+ # OpenAI-compatible Chat Completions endpoint (LiteLLM, vLLM, OpenRouter,
20
+ # Groq, Together, Fireworks, llama.cpp server, LM Studio, etc.). The
21
+ # env var name can be overridden via openai.api_key_env in pwnguard.yaml.
22
+ OPENAI_API_KEY=
23
+
24
+ # --- Remote diff fetching --------------------------------------------------
25
+
26
+ # Required for --from-url against GitLab MRs / commits.
27
+ # Personal Access Token with the `read_api` scope is enough.
28
+ # https://gitlab.com/-/user_settings/personal_access_tokens
29
+ GITLAB_TOKEN=
30
+
31
+ # Optional for --from-url against GitHub PRs / commits on public repos
32
+ # (lifts the anonymous rate limit). Required for private repos.
33
+ # https://github.com/settings/tokens
34
+ GITHUB_TOKEN=
35
+
36
+ # --- Behaviour toggles -----------------------------------------------------
37
+
38
+ # Set to 1 to bypass PwnGuard for a single commit without skipping all
39
+ # git hooks. Usually set inline at the commit ("PWNGUARD_SKIP=1 git commit")
40
+ # rather than persisted here, but the option exists.
41
+ # PWNGUARD_SKIP=
42
+
43
+ # Set to 1 to suppress the "large prompt" confirmation that --backend
44
+ # claude-api shows when a scan would exceed ~50k tokens. Useful for
45
+ # automated/scripted runs.
46
+ # PWNGUARD_NO_PROMPT=
pwnguard-0.2.4/LICENSE ADDED
@@ -0,0 +1,34 @@
1
+ PwnGuard License
2
+
3
+ Copyright (c) 2026 Power to Logic. All rights reserved.
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy of
6
+ this software and associated documentation files (the "Software"), to use the
7
+ Software for personal, educational, and internal business purposes.
8
+
9
+ The following conditions apply:
10
+
11
+ 1. Redistribution of the Software, in whole or in part, in original or modified
12
+ form, requires prior written consent from the copyright holder.
13
+
14
+ 2. Where redistribution is authorized, the following attribution must be
15
+ included in all copies or substantial portions of the Software and in any
16
+ accompanying documentation or distribution materials:
17
+
18
+ "PwnGuard by Power to Logic (https://powertologic.com)"
19
+
20
+ 3. The Software may not be sold, sublicensed, or offered as a paid product or
21
+ service without prior written consent from the copyright holder.
22
+
23
+ 4. Contributions submitted to the official repository (via pull requests,
24
+ patches, or other means) are granted to the copyright holder under the same
25
+ terms as this license, unless otherwise agreed in writing.
26
+
27
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
28
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
29
+ FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
30
+ COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
31
+ IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
32
+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
33
+
34
+ For redistribution inquiries, contact: privacy@powertologic.com