pysentry-rs 0.2.1__cp39-cp39-macosx_11_0_arm64.whl → 0.2.3__cp39-cp39-macosx_11_0_arm64.whl

pysentry/__init__.py

@@ -1,287 +1,19 @@
-"""pysentry: Security vulnerability auditing tool for Python packages."""
+"""pysentry-rs: Security vulnerability auditing tool for Python packages."""
 
-from ._internal import audit_python, audit_with_options, check_resolvers, check_version
+from ._internal import get_version, run_cli
 
-__version__ = "0.2.1"
-__all__ = [
-    "audit_python",
-    "audit_with_options",
-    "check_resolvers",
-    "check_version",
-    "main",
-]
-
-
-def resolve_sources(source, sources_list):
-    import sys
-
-    resolved_sources = []
-
-    if sources_list:
-        for source_arg in sources_list:
-            for source_str in source_arg.split(","):
-                source_str = source_str.strip()
-                if not source_str:
-                    continue
-                if source_str not in ["pypa", "pypi", "osv"]:
-                    print(
-                        f"Error: Invalid vulnerability source: '{source_str}'. Valid sources: pypa, pypi, osv",
-                        file=sys.stderr,
-                    )
-                    sys.exit(1)
-                resolved_sources.append(source_str)
-
-    if not resolved_sources:
-        if source != "pypa":
-            print(
-                "Warning: --source flag is deprecated and will be removed in a future version. Use --sources instead.",
-                file=sys.stderr,
-            )
-            resolved_sources.append(source)
-        else:
-            resolved_sources.append("pypa")
-
-    unique_sources = []
-    for src in resolved_sources:
-        if src not in unique_sources:
-            unique_sources.append(src)
-
-    return unique_sources
+__version__ = get_version()
+__all__ = ["get_version", "run_cli", "main"]
 
 
 def main():
-    """CLI entry point."""
+    """CLI entry point that provides the exact same interface as the Rust binary."""
     import sys
-    import argparse
-
-    # Global flag to track if deprecation warning has been shown
-    _deprecation_warning_shown = False
-
-    def handle_all_flags(args):
-        """Handle the deprecated --all flag and new --all-extras flag with appropriate warnings."""
-        nonlocal _deprecation_warning_shown
-
-        if args.all and getattr(args, "all_extras", False):
-            if not _deprecation_warning_shown:
-                print(
-                    "Warning: Both --all and --all-extras flags are specified. Using --all-extras only. The --all flag is deprecated.",
-                    file=sys.stderr,
-                )
-                _deprecation_warning_shown = True
-            return True
-        elif args.all:
-            if not _deprecation_warning_shown:
-                print(
-                    "Warning: --all flag is deprecated and will be removed in a future version. Use --all-extras instead.",
-                    file=sys.stderr,
-                )
-                _deprecation_warning_shown = True
-            return True
-        else:
-            return getattr(args, "all_extras", False)
-
-    # Handle subcommands manually to match Rust CLI structure exactly
-    if len(sys.argv) > 1:
-        if sys.argv[1] == "resolvers":
-            # Resolvers subcommand
-            parser = argparse.ArgumentParser(
-                prog="pysentry resolvers",
-                description="Check available dependency resolvers",
-            )
-            parser.add_argument(
-                "-v", "--verbose", action="store_true", help="Enable verbose output"
-            )
-
-            args = parser.parse_args(sys.argv[2:])
-            try:
-                result = check_resolvers(args.verbose)
-                print(result)
-            except Exception as e:
-                print(f"Error: {e}", file=sys.stderr)
-                sys.exit(1)
-            return
-
-        elif sys.argv[1] == "check-version":
-            # Check-version subcommand
-            parser = argparse.ArgumentParser(
-                prog="pysentry-rs check-version",
-                description="Check if a newer version is available",
-            )
-            parser.add_argument(
-                "-v", "--verbose", action="store_true", help="Enable verbose output"
-            )
-
-            args = parser.parse_args(sys.argv[2:])
-            try:
-                result = check_version(args.verbose)
-                print(result)
-            except Exception as e:
-                print(f"Error: {e}", file=sys.stderr)
-                sys.exit(1)
-            return
-        elif sys.argv[1] in ["-h", "--help"]:
-            # Show main help
-            pass
-        elif sys.argv[1] in ["-V", "--version"]:
-            print(f"pysentry-rs {__version__}")
-            return
-
-    # Main parser for audit command (default) and help
-    parser = argparse.ArgumentParser(
-        prog="pysentry-rs",
-        description="Security vulnerability auditing for Python packages",
-        usage="pysentry-rs [OPTIONS] [PATH] [COMMAND]",
-    )
-
-    # Add version argument
-    parser.add_argument(
-        "-V", "--version", action="version", version=f"pysentry-rs {__version__}"
-    )
-
-    # Main audit arguments
-    parser.add_argument(
-        "path",
-        nargs="?",
-        default=".",
-        metavar="PATH",
-        help="Path to the project directory to audit [default: .]",
-    )
-    parser.add_argument(
-        "--format",
-        choices=["human", "json", "sarif", "markdown"],
-        default="human",
-        help="Output format [default: human] [possible values: human, json, sarif, markdown]",
-    )
-    parser.add_argument(
-        "--severity",
-        choices=["low", "medium", "high", "critical"],
-        default="low",
-        help="Minimum severity level to report [default: low] [possible values: low, medium, high, critical]",
-    )
-    parser.add_argument(
-        "--fail-on",
-        choices=["low", "medium", "high", "critical"],
-        default="medium",
-        help="Fail (exit non-zero) if vulnerabilities of this severity or higher are found [default: medium] [possible values: low, medium, high, critical]",
-    )
-    parser.add_argument(
-        "--ignore",
-        action="append",
-        dest="ignore_ids",
-        metavar="ID",
-        help="Vulnerability IDs to ignore (can be specified multiple times)",
-    )
-    parser.add_argument(
-        "-o", "--output", metavar="FILE", help="Output file path (defaults to stdout)"
-    )
-    parser.add_argument(
-        "--all",
-        action="store_true",
-        help=argparse.SUPPRESS,  # Hide deprecated flag from help
-    )
-    parser.add_argument(
-        "--all-extras",
-        action="store_true",
-        help="Include ALL extra dependencies (main + dev, optional, etc)",
-    )
-    parser.add_argument(
-        "--direct-only",
-        action="store_true",
-        help="Only check direct dependencies (exclude transitive)",
-    )
-    parser.add_argument("--no-cache", action="store_true", help="Disable caching")
-    parser.add_argument("--cache-dir", metavar="DIR", help="Custom cache directory")
-    parser.add_argument(
-        "--source",
-        choices=["pypa", "pypi", "osv"],
-        default="pypa",
-        help="Vulnerability data source [DEPRECATED: use --sources instead] [default: pypa] [possible values: pypa, pypi, osv]",
-    )
-    parser.add_argument(
-        "--sources",
-        action="append",
-        help="Vulnerability data sources (can be specified multiple times or comma-separated)",
-    )
-    parser.add_argument(
-        "--resolver",
-        choices=["uv", "pip-tools"],
-        default="uv",
-        help="Dependency resolver for requirements.txt files [default: uv] [possible values: uv, pip-tools]",
-    )
-    parser.add_argument(
-        "--requirements-files",
-        nargs="+",
-        metavar="FILE",
-        help="Specific requirements files to audit (disables auto-discovery)",
-    )
-    parser.add_argument(
-        "-v", "--verbose", action="store_true", help="Enable verbose output"
-    )
-    parser.add_argument(
-        "-q", "--quiet", action="store_true", help="Suppress non-error output"
-    )
-
-    # Add custom help text for commands
-    parser.epilog = """
-Commands:
-  resolvers      Check available dependency resolvers
-  check-version  Check if a newer version is available
-  help           Print this message or the help of the given subcommand(s)
-"""
-
-    args = parser.parse_args()
 
     try:
-        # Main audit functionality - handle deprecated --all flag and new --all-extras flag
-        include_all = handle_all_flags(args)
-        dev = include_all
-        optional = include_all
-
-        resolved_sources = resolve_sources(
-            args.source, getattr(args, "sources", None) or []
-        )
-
-        result = audit_with_options(
-            path=args.path,
-            format=args.format,
-            sources=resolved_sources,
-            min_severity=args.severity,
-            ignore_ids=args.ignore_ids,
-            output=args.output,
-            dev=dev,
-            optional=optional,
-            direct_only=args.direct_only,
-            no_cache=args.no_cache,
-            cache_dir=args.cache_dir,
-            resolver=args.resolver,
-            requirements_files=args.requirements_files,
-            verbose=args.verbose,
-            quiet=args.quiet,
-        )
-
-        if not args.output:
-            print(result)
-
-        if args.format == "json":
-            import json
-
-            try:
-                report_data = json.loads(result)
-                vulnerabilities = report_data.get("vulnerabilities", [])
-
-                severity_levels = {"low": 1, "medium": 2, "high": 3, "critical": 4}
-                fail_on_level = severity_levels.get(args.fail_on, 2)  # default medium
-
-                for vuln in vulnerabilities:
-                    vuln_severity = vuln.get("severity", "low").lower()
-                    vuln_level = severity_levels.get(vuln_severity, 1)
-                    if vuln_level >= fail_on_level:
-                        sys.exit(1)
-
-            except (json.JSONDecodeError, KeyError):
-                pass
-        else:
-            pass
+        # Pass all arguments directly to the Rust CLI - this ensures perfect compatibility
+        exit_code = run_cli(sys.argv)
+        sys.exit(exit_code)
 
     except Exception as e:
         print(f"Error: {e}", file=sys.stderr)

{pysentry_rs-0.2.1.dist-info → pysentry_rs-0.2.3.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pysentry-rs
-Version: 0.2.1
+Version: 0.2.3
 Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
@@ -48,7 +48,7 @@ PySentry audits Python projects for known security vulnerabilities by analyzing
 - **Performance Focused**:
   - Written in Rust for speed
   - Async/concurrent processing
-  - Intelligent caching system
+  - Multi-tier intelligent caching (vulnerability data + resolved dependencies)
 - **Comprehensive Filtering**:
   - Severity levels (low, medium, high, critical)
   - Dependency scopes (main only vs all [optional, dev, prod, etc] dependencies)
@@ -254,6 +254,12 @@ pysentry /path/to/project
 
 # Debug requirements.txt resolution
 pysentry --verbose --resolver uv /path/to/project
+
+# Use longer resolution cache TTL (48 hours)
+pysentry --resolution-cache-ttl 48 /path/to/project
+
+# Clear resolution cache before scanning
+pysentry --clear-resolution-cache /path/to/project
 ```
 
 ### CI/CD Integration Examples
@@ -273,42 +279,115 @@ pysentry --format markdown --output SECURITY-REPORT.md
 
 # Comprehensive audit with all sources and full reporting
 pysentry --sources pypa,pypi,osv --all-extras --format json --fail-on low
+
+# CI environment with fresh resolution cache
+pysentry --clear-resolution-cache --sources pypa,osv --format sarif
+
+# CI with resolution cache disabled
+pysentry --no-resolution-cache --format json --output security-report.json
 ```
 
 ## Configuration
 
 ### Command Line Options
 
-| Option           | Description                                             | Default             |
-| ---------------- | ------------------------------------------------------- | ------------------- |
-| `--format`       | Output format: `human`, `json`, `sarif`, `markdown`     | `human`             |
-| `--severity`     | Minimum severity: `low`, `medium`, `high`, `critical`   | `low`               |
-| `--fail-on`      | Fail (exit non-zero) on vulnerabilities ≥ severity      | `medium`            |
-| `--sources`      | Vulnerability sources: `pypa`, `pypi`, `osv` (multiple) | `pypa`              |
-| `--all-extras`   | Include all dependencies (main + dev + optional)        | `false`             |
-| `--direct-only`  | Check only direct dependencies                          | `false`             |
-| `--ignore`       | Vulnerability IDs to ignore (repeatable)                | `[]`                |
-| `--output`       | Output file path                                        | `stdout`            |
-| `--no-cache`     | Disable caching                                         | `false`             |
-| `--cache-dir`    | Custom cache directory                                  | `~/.cache/pysentry` |
-| `--verbose`      | Enable verbose output                                   | `false`             |
-| `--quiet`        | Suppress non-error output                               | `false`             |
-| `--resolver`     | Dependency resolver: `auto`, `uv`, `pip-tools`          | `auto`              |
-| `--requirements` | Additional requirements files (repeatable)              | `[]`                |
+| Option                     | Description                                             | Default           |
+| -------------------------- | ------------------------------------------------------- | ----------------- |
+| `--format`                 | Output format: `human`, `json`, `sarif`, `markdown`     | `human`           |
+| `--severity`               | Minimum severity: `low`, `medium`, `high`, `critical`   | `low`             |
+| `--fail-on`                | Fail (exit non-zero) on vulnerabilities ≥ severity      | `medium`          |
+| `--sources`                | Vulnerability sources: `pypa`, `pypi`, `osv` (multiple) | `pypa`            |
+| `--all-extras`             | Include all dependencies (main + dev + optional)        | `false`           |
+| `--direct-only`            | Check only direct dependencies                          | `false`           |
+| `--ignore`                 | Vulnerability IDs to ignore (repeatable)                | `[]`              |
+| `--output`                 | Output file path                                        | `stdout`          |
+| `--no-cache`               | Disable all caching                                     | `false`           |
+| `--cache-dir`              | Custom cache directory                                  | Platform-specific |
+| `--resolution-cache-ttl`   | Resolution cache TTL in hours                           | `24`              |
+| `--no-resolution-cache`    | Disable resolution caching only                         | `false`           |
+| `--clear-resolution-cache` | Clear resolution cache on startup                       | `false`           |
+| `--verbose`                | Enable verbose output                                   | `false`           |
+| `--quiet`                  | Suppress non-error output                               | `false`           |
+| `--resolver`               | Dependency resolver: `auto`, `uv`, `pip-tools`          | `auto`            |
+| `--requirements`           | Additional requirements files (repeatable)              | `[]`              |
 
 ### Cache Management
 
-PySentry uses an intelligent caching system to avoid redundant API calls:
+PySentry uses an intelligent multi-tier caching system for optimal performance:
+
+#### Vulnerability Data Cache
+
+- **Location**: `{CACHE_DIR}/pysentry/vulnerability-db/`
+- **Purpose**: Caches vulnerability databases from PyPA, PyPI, OSV
+- **TTL**: 24 hours (configurable per source)
+- **Benefits**: Avoids redundant API calls and downloads
+
+#### Resolution Cache
+
+- **Location**: `{CACHE_DIR}/pysentry/dependency-resolution/`
+- **Purpose**: Caches resolved dependencies from `uv`/`pip-tools`
+- **TTL**: 24 hours (configurable via `--resolution-cache-ttl`)
+- **Benefits**: Dramatically speeds up repeated scans of requirements.txt files
+- **Cache Key**: Based on requirements content, resolver version, Python version, platform
+
+#### Platform-Specific Cache Locations
+
+- **Linux**: `~/.cache/pysentry/`
+- **macOS**: `~/Library/Caches/pysentry/`
+- **Windows**: `%LOCALAPPDATA%\pysentry\`
+
+**Finding Your Cache Location**: Run with `--verbose` to see the actual cache directory path being used.
+
+#### Cache Features
 
-- **Default Location**: `~/.cache/pysentry/` (or system temp directory)
-- **TTL-based Expiration**: Separate expiration for each vulnerability source
 - **Atomic Updates**: Prevents cache corruption during concurrent access
 - **Custom Location**: Use `--cache-dir` to specify alternative location
+- **Selective Clearing**: Control caching behavior per cache type
+- **Content-based Invalidation**: Automatic cache invalidation on content changes
 
-To clear the cache:
+#### Cache Control Examples
 
 ```bash
+# Disable all caching
+pysentry --no-cache
+
+# Disable only resolution caching (keep vulnerability cache)
+pysentry --no-resolution-cache
+
+# Set resolution cache TTL to 48 hours
+pysentry --resolution-cache-ttl 48
+
+# Clear resolution cache on startup (useful for CI)
+pysentry --clear-resolution-cache
+
+# Custom cache directory
+pysentry --cache-dir /tmp/my-pysentry-cache
+```
+
+To manually clear all caches:
+
+```bash
+# Linux
 rm -rf ~/.cache/pysentry/
+
+# macOS
+rm -rf ~/Library/Caches/pysentry/
+
+# Windows (PowerShell)
+Remove-Item -Recurse -Force "$env:LOCALAPPDATA\pysentry"
+```
+
+To clear only resolution cache:
+
+```bash
+# Linux
+rm -rf ~/.cache/pysentry/dependency-resolution/
+
+# macOS
+rm -rf ~/Library/Caches/pysentry/dependency-resolution/
+
+# Windows (PowerShell)
+Remove-Item -Recurse -Force "$env:LOCALAPPDATA\pysentry\dependency-resolution"
 ```
 
 ## Supported Project Formats
@@ -437,26 +516,28 @@ Compatible with GitHub Security tab, VS Code, and other security tools.
 
 PySentry is designed for speed and efficiency:
 
-- **Concurrent Processing**: Vulnerability data fetched in parallel
-- **Smart Caching**: Reduces API calls and parsing overhead
+- **Concurrent Processing**: Vulnerability data fetched in parallel from multiple sources
+- **Multi-tier Caching**: Intelligent caching for both vulnerability data and resolved dependencies
 - **Efficient Matching**: In-memory indexing for fast vulnerability lookups
 - **Streaming**: Large databases processed without excessive memory usage
 
+### Resolution Cache Performance
+
+The resolution cache provides dramatic performance improvements for requirements.txt files:
+
+- **First scan**: Standard resolution time using `uv` or `pip-tools`
+- **Subsequent scans**: Near-instantaneous when cache is fresh (>90% time savings)
+- **Cache invalidation**: Automatic when requirements content, resolver, or environment changes
+- **Content-aware**: Different cache entries for different Python versions and platforms
+
 ### Requirements.txt Resolution Performance
 
-PySentry leverages external resolvers for optimal performance:
+PySentry leverages external resolvers with intelligent caching:
 
 - **uv resolver**: 2-10x faster than pip-tools, handles large dependency trees efficiently
 - **pip-tools resolver**: Reliable fallback, slower but widely compatible
 - **Isolated execution**: Prevents project pollution while maintaining security
-
-### Benchmarks
-
-Typical performance on a project with 100+ dependencies:
-
-- **Cold cache**: 15-30 seconds
-- **Warm cache**: 2-5 seconds
-- **Memory usage**: ~50MB peak
+- **Resolution caching**: Eliminates repeated resolver calls for unchanged requirements
 
 ## Development
 
@@ -581,12 +662,43 @@ ls uv.lock poetry.lock pyproject.toml
 **Performance Issues**
 
 ```bash
-# Clear cache and retry
-rm -rf ~/.cache/pysentry
+# Clear all caches and retry
+rm -rf ~/.cache/pysentry      # Linux
+rm -rf ~/Library/Caches/pysentry  # macOS
+pysentry
+
+# Clear only resolution cache (if vulnerability cache is working)
+rm -rf ~/.cache/pysentry/dependency-resolution/      # Linux
+rm -rf ~/Library/Caches/pysentry/dependency-resolution/  # macOS
 pysentry
 
+# Clear resolution cache via CLI
+pysentry --clear-resolution-cache
+
 # Use verbose mode to identify bottlenecks
 pysentry --verbose
+
+# Disable caching to isolate issues
+pysentry --no-cache
+```
+
+**Resolution Cache Issues**
+
+```bash
+# Clear stale resolution cache after environment changes
+pysentry --clear-resolution-cache
+
+# Disable resolution cache if causing issues
+pysentry --no-resolution-cache
+
+# Extend cache TTL for stable environments
+pysentry --resolution-cache-ttl 168  # 1 week
+
+# Check cache usage with verbose output
+pysentry --verbose  # Shows cache hits/misses
+
+# Force fresh resolution (ignores cache)
+pysentry --clear-resolution-cache --no-resolution-cache
 ```
 
 ## Acknowledgments

pysentry_rs-0.2.3.dist-info/RECORD

@@ -0,0 +1,7 @@
+pysentry/__init__.py,sha256=uSo2bKZNbcRd1bEXOzF3MuxrEapECowrIHG0t_DERa8,611
+pysentry/_internal.cpython-39-darwin.so,sha256=jpiDtpeBQphk8rWxLxpUg0ZXxI8t0D4aJdo4zSzEbAg,9933760
+pysentry_rs-0.2.3.dist-info/METADATA,sha256=M4mpNvGbc6jGKlNISGy8uSCNu6YP5Dhtj0zCqItW4XU,23331
+pysentry_rs-0.2.3.dist-info/WHEEL,sha256=XNDUDUieSorG-Y7wZ8qiKEUDK0umKv3PscUlyjQeFKE,102
+pysentry_rs-0.2.3.dist-info/entry_points.txt,sha256=3bJguekVEbXTn-ceDCWJaSIZScquPPP1Ux9TPVHHanE,44
+pysentry_rs-0.2.3.dist-info/licenses/LICENSE,sha256=TAMtDCoJuavXz7pCEklrzjH55sdvsy5gKsXY9NsImwY,34878
+pysentry_rs-0.2.3.dist-info/RECORD,,

pysentry/__main__.py

@@ -1,6 +0,0 @@
-"""Main entry point for pysentry when run as a module."""
-
-from . import main
-
-if __name__ == "__main__":
-    main()

pysentry_rs-0.2.1.dist-info/RECORD

@@ -1,8 +0,0 @@
-pysentry/__init__.py,sha256=7j3_zsnLLnKCaLgYXDrW3xm4AkmbE-ofoa5PX-79rGY,9792
-pysentry/__main__.py,sha256=FJdFFQuSE8TYsZtY_vb00oCE2nvq9hB6MhMLBxnn7Ns,117
-pysentry/_internal.cpython-39-darwin.so,sha256=IiQAoVDgDhvpe_Kqo4tOt1QVyRl3pkPMeBLbVSVHO_c,6395008
-pysentry_rs-0.2.1.dist-info/METADATA,sha256=4_2U3eoQuhETKDwaZVXbCqW9OGpUmzWhDTx2ppNn-Vw,19333
-pysentry_rs-0.2.1.dist-info/WHEEL,sha256=XNDUDUieSorG-Y7wZ8qiKEUDK0umKv3PscUlyjQeFKE,102
-pysentry_rs-0.2.1.dist-info/entry_points.txt,sha256=3bJguekVEbXTn-ceDCWJaSIZScquPPP1Ux9TPVHHanE,44
-pysentry_rs-0.2.1.dist-info/licenses/LICENSE,sha256=TAMtDCoJuavXz7pCEklrzjH55sdvsy5gKsXY9NsImwY,34878
-pysentry_rs-0.2.1.dist-info/RECORD,,