PyPI - riskforge - Versions diffs - 0.1.0__tar.gz - Mend

riskforge 0.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (109) hide show

riskforge-0.1.0/.github/workflows/ci.yml +124 -0
riskforge-0.1.0/.github/workflows/release.yml +64 -0
riskforge-0.1.0/.gitignore +39 -0
riskforge-0.1.0/.pre-commit-config.yaml +17 -0
riskforge-0.1.0/CHANGELOG.md +35 -0
riskforge-0.1.0/HLD-RiskForge-v1.0.md +389 -0
riskforge-0.1.0/LLD-RiskForge-v1.0.md +1484 -0
riskforge-0.1.0/Makefile +37 -0
riskforge-0.1.0/PKG-INFO +217 -0
riskforge-0.1.0/PRD-RiskForge-v1.0.md +832 -0
riskforge-0.1.0/README.md +163 -0
riskforge-0.1.0/docker/Dockerfile +46 -0
riskforge-0.1.0/docker/docker-compose.enterprise.yml +42 -0
riskforge-0.1.0/docker/docker-compose.yml +38 -0
riskforge-0.1.0/docs/adr/ADR-01-file-based-storage.md +28 -0
riskforge-0.1.0/docs/adr/ADR-02-import-boundaries.md +27 -0
riskforge-0.1.0/docs/contributing/add-exporter.md +44 -0
riskforge-0.1.0/docs/contributing/add-pattern.md +40 -0
riskforge-0.1.0/docs/contributing/add-question.md +49 -0
riskforge-0.1.0/pyproject.toml +102 -0
riskforge-0.1.0/src/riskforge/__init__.py +2 -0
riskforge-0.1.0/src/riskforge/_data/__init__.py +0 -0
riskforge-0.1.0/src/riskforge/_data/patterns/__init__.py +0 -0
riskforge-0.1.0/src/riskforge/_data/patterns/patterns.yaml +147 -0
riskforge-0.1.0/src/riskforge/_data/question_bank/__init__.py +0 -0
riskforge-0.1.0/src/riskforge/_data/question_bank/data_governance.yaml +57 -0
riskforge-0.1.0/src/riskforge/_data/question_bank/discrimination.yaml +46 -0
riskforge-0.1.0/src/riskforge/_data/question_bank/fundamental_rights.yaml +46 -0
riskforge-0.1.0/src/riskforge/_data/question_bank/health_safety.yaml +68 -0
riskforge-0.1.0/src/riskforge/_data/question_bank/human_oversight.yaml +46 -0
riskforge-0.1.0/src/riskforge/_data/question_bank/privacy.yaml +57 -0
riskforge-0.1.0/src/riskforge/_data/question_bank/robustness.yaml +57 -0
riskforge-0.1.0/src/riskforge/_data/question_bank/transparency.yaml +46 -0
riskforge-0.1.0/src/riskforge/_data/schemas/__init__.py +0 -0
riskforge-0.1.0/src/riskforge/_data/schemas/rmf.schema.json +184 -0
riskforge-0.1.0/src/riskforge/_data/templates/__init__.py +0 -0
riskforge-0.1.0/src/riskforge/adapters/__init__.py +1 -0
riskforge-0.1.0/src/riskforge/adapters/base.py +24 -0
riskforge-0.1.0/src/riskforge/adapters/rag_benchmarking.py +68 -0
riskforge-0.1.0/src/riskforge/adapters/traceforge.py +82 -0
riskforge-0.1.0/src/riskforge/cli/__init__.py +1 -0
riskforge-0.1.0/src/riskforge/cli/commands/__init__.py +1 -0
riskforge-0.1.0/src/riskforge/cli/commands/assess.py +32 -0
riskforge-0.1.0/src/riskforge/cli/commands/diff.py +37 -0
riskforge-0.1.0/src/riskforge/cli/commands/export.py +73 -0
riskforge-0.1.0/src/riskforge/cli/commands/import_cmd.py +51 -0
riskforge-0.1.0/src/riskforge/cli/commands/init.py +60 -0
riskforge-0.1.0/src/riskforge/cli/commands/risk.py +72 -0
riskforge-0.1.0/src/riskforge/cli/commands/serve.py +48 -0
riskforge-0.1.0/src/riskforge/cli/commands/system.py +28 -0
riskforge-0.1.0/src/riskforge/cli/commands/tests_cmd.py +34 -0
riskforge-0.1.0/src/riskforge/cli/commands/validate.py +57 -0
riskforge-0.1.0/src/riskforge/cli/commands/verify.py +36 -0
riskforge-0.1.0/src/riskforge/cli/main.py +55 -0
riskforge-0.1.0/src/riskforge/engine/__init__.py +1 -0
riskforge-0.1.0/src/riskforge/engine/assess.py +89 -0
riskforge-0.1.0/src/riskforge/engine/audit.py +71 -0
riskforge-0.1.0/src/riskforge/engine/export.py +100 -0
riskforge-0.1.0/src/riskforge/engine/migrations.py +42 -0
riskforge-0.1.0/src/riskforge/engine/risk.py +111 -0
riskforge-0.1.0/src/riskforge/engine/tests.py +106 -0
riskforge-0.1.0/src/riskforge/engine/validate.py +145 -0
riskforge-0.1.0/src/riskforge/exporters/__init__.py +1 -0
riskforge-0.1.0/src/riskforge/exporters/base.py +19 -0
riskforge-0.1.0/src/riskforge/exporters/json_exporter.py +19 -0
riskforge-0.1.0/src/riskforge/exporters/markdown_exporter.py +71 -0
riskforge-0.1.0/src/riskforge/exporters/pdf/__init__.py +1 -0
riskforge-0.1.0/src/riskforge/exporters/pdf/pdf_exporter.py +50 -0
riskforge-0.1.0/src/riskforge/exporters/pdf/templates/report.css +291 -0
riskforge-0.1.0/src/riskforge/exporters/pdf/templates/report.html +192 -0
riskforge-0.1.0/src/riskforge/migrations/__init__.py +0 -0
riskforge-0.1.0/src/riskforge/migrations/m0001_initial.py +22 -0
riskforge-0.1.0/src/riskforge/models/__init__.py +15 -0
riskforge-0.1.0/src/riskforge/models/audit.py +31 -0
riskforge-0.1.0/src/riskforge/models/register.py +52 -0
riskforge-0.1.0/src/riskforge/models/risk.py +139 -0
riskforge-0.1.0/src/riskforge/models/rmf.py +58 -0
riskforge-0.1.0/src/riskforge/models/system.py +48 -0
riskforge-0.1.0/src/riskforge/plugins/__init__.py +1 -0
riskforge-0.1.0/src/riskforge/plugins/builtin.py +48 -0
riskforge-0.1.0/src/riskforge/plugins/loader.py +46 -0
riskforge-0.1.0/src/riskforge/plugins/registry.py +64 -0
riskforge-0.1.0/src/riskforge/server/__init__.py +1 -0
riskforge-0.1.0/src/riskforge/server/app.py +57 -0
riskforge-0.1.0/src/riskforge/server/auth.py +31 -0
riskforge-0.1.0/src/riskforge/server/config.py +14 -0
riskforge-0.1.0/src/riskforge/server/metrics.py +20 -0
riskforge-0.1.0/src/riskforge/server/middleware.py +30 -0
riskforge-0.1.0/src/riskforge/server/routers/__init__.py +1 -0
riskforge-0.1.0/src/riskforge/server/routers/exports.py +14 -0
riskforge-0.1.0/src/riskforge/server/routers/health.py +18 -0
riskforge-0.1.0/src/riskforge/server/routers/registers.py +20 -0
riskforge-0.1.0/src/riskforge/server/routers/risks.py +20 -0
riskforge-0.1.0/src/riskforge/server/routers/webhooks.py +20 -0
riskforge-0.1.0/src/riskforge/storage/__init__.py +4 -0
riskforge-0.1.0/src/riskforge/storage/base.py +235 -0
riskforge-0.1.0/src/riskforge/storage/filesystem.py +486 -0
riskforge-0.1.0/tests/boundary/__init__.py +0 -0
riskforge-0.1.0/tests/boundary/test_import_boundaries.py +99 -0
riskforge-0.1.0/tests/conftest.py +16 -0
riskforge-0.1.0/tests/contract/__init__.py +0 -0
riskforge-0.1.0/tests/contract/test_schema_validation.py +83 -0
riskforge-0.1.0/tests/fixtures/upstream/sample_rag_benchmarking_report.json +13 -0
riskforge-0.1.0/tests/fixtures/upstream/sample_traceforge_report.json +24 -0
riskforge-0.1.0/tests/integration/__init__.py +0 -0
riskforge-0.1.0/tests/integration/test_cli_pipeline.py +17 -0
riskforge-0.1.0/tests/unit/__init__.py +0 -0
riskforge-0.1.0/tests/unit/test_risk_scoring.py +72 -0
riskforge-0.1.0/tests/unit/test_validate_engine.py +100 -0

riskforge-0.1.0/.github/workflows/ci.yml ADDED Viewed

@@ -0,0 +1,124 @@
+name: CI
+on:
+  push:
+    branches: ["main", "develop"]
+  pull_request:
+    branches: ["main"]
+permissions:
+  contents: read
+jobs:
+  lint:
+    name: Lint & Format
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+          cache: pip
+      - name: Install ruff
+        run: pip install ruff==0.4.4
+      - name: Lint
+        run: ruff check src/ tests/
+      - name: Format check
+        run: ruff format --check src/ tests/
+  test:
+    name: Test (Python ${{ matrix.python-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.11", "3.12"]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: pip
+      - name: Install WeasyPrint system dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libpango-1.0-0 libpangocairo-1.0-0 libcairo2 \
+            libgdk-pixbuf2.0-0 libffi-dev shared-mime-info
+      - name: Install RiskForge with dev extras
+        run: pip install -e ".[dev]"
+      - name: Run test suite
+        run: pytest --cov --cov-report=xml --cov-report=term-missing
+      - name: Upload coverage to Codecov
+        if: matrix.python-version == '3.11'
+        uses: codecov/codecov-action@v4
+        with:
+          files: ./coverage.xml
+          fail_ci_if_error: false
+  schema-validate:
+    name: Schema Validation
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+          cache: pip
+      - name: Install jsonschema
+        run: pip install jsonschema
+      - name: Validate rmf.schema.json is valid JSON Schema
+        run: |
+          python -c "
+          import json, jsonschema
+          schema = json.load(open('src/riskforge/_data/schemas/rmf.schema.json'))
+          jsonschema.Draft202012Validator.check_schema(schema)
+          print('Schema valid:', schema.get('\$id'))
+          "
+  security:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+          cache: pip
+      - name: Install security tools
+        run: pip install bandit pip-audit
+      - name: Static security analysis
+        run: bandit -ll -r src/ --exit-zero
+      - name: Dependency vulnerability audit
+        run: pip install -e ".[dev]" && pip-audit --strict || true
+  boundary-test:
+    name: Import Boundary Enforcement (ADR-02)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+          cache: pip
+      - name: Install RiskForge
+        run: pip install -e ".[test]"
+      - name: Run boundary tests
+        run: pytest tests/boundary/ -v

riskforge-0.1.0/.github/workflows/release.yml ADDED Viewed

@@ -0,0 +1,64 @@
+name: Release to PyPI
+on:
+  push:
+    tags: ["v*.*.*"]
+permissions:
+  id-token: write    # PyPI OIDC trusted publishing
+  contents: write    # GitHub Release creation
+  attestations: write
+jobs:
+  release:
+    name: Build & Publish
+    runs-on: ubuntu-latest
+    environment: pypi-publish
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: Install dev dependencies + build frontend
+        run: |
+          pip install build pip-audit bandit
+          pip install -e ".[dev]"
+      - name: Security gates (advisory)
+        run: |
+          bandit -ll -r src/ --exit-zero
+          pip-audit --strict || true
+      - name: Run full test suite
+        run: pytest --cov
+      - name: Build wheel + sdist
+        run: python -m build
+      - name: List built artifacts
+        run: ls -lh dist/
+      - name: Generate CycloneDX SBOM
+        run: |
+          pip install "cyclonedx-bom<5"
+          cyclonedx-py environment -o sbom.cdx.json --format json || \
+          cyclonedx-py environment > sbom.cdx.json || true
+      - name: Attest build provenance (GitHub + Sigstore)
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-path: dist/*
+      - name: Publish to PyPI (OIDC trusted publisher)
+        uses: pypa/gh-action-pypi-publish@v1.12.4
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          generate_release_notes: true
+          files: |
+            dist/*.whl
+            dist/*.tar.gz
+            sbom.cdx.json

riskforge-0.1.0/.gitignore ADDED Viewed

@@ -0,0 +1,39 @@
+# Python
+__pycache__/
+*.py[cod]
+*.egg-info/
+dist/
+build/
+.eggs/
+*.egg
+# Virtual environments
+.venv/
+venv/
+env/
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/
+coverage.xml
+# RiskForge project files (sensitive — never commit)
+.riskforge/
+riskforge.yaml
+systems/
+*.riskforge
+# IDE
+.vscode/
+.idea/
+*.swp
+# OS
+.DS_Store
+Thumbs.db
+# Secrets
+.env
+*.pem
+*.key

riskforge-0.1.0/.pre-commit-config.yaml ADDED Viewed

@@ -0,0 +1,17 @@
+repos:
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.4.4
+    hooks:
+      - id: ruff
+        args: [--fix]
+      - id: ruff-format
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      - id: check-yaml
+      - id: check-json
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-merge-conflict
+      - id: check-added-large-files
+        args: [--maxkb=500]

riskforge-0.1.0/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,35 @@
+# Changelog
+All notable changes to RiskForge are documented here.
+Format: [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+Versioning: [Semantic Versioning](https://semver.org/)
+## [Unreleased]
+## [0.1.0] - 2026-04-12
+### Added
+- Initial release of RiskForge
+- Article 9 risk management system CLI
+- 8 risk dimensions with 50+ questions
+- 5x5 likelihood x severity scoring matrix
+- JSON, PDF, and Markdown export formats
+- SHA-256 hash-chain audit trail
+- Integration adapters for rag-benchmarking and TraceForge
+- `riskforge init`, `assess`, `validate`, `export`, `verify` commands
+- `riskforge risk list/add/edit/accept/score` subcommands
+- `riskforge system show/edit` subcommands
+- `riskforge tests generate/list` subcommands
+- `riskforge diff` and `riskforge import` commands
+- Optional FastAPI server (`pip install riskforge[server]`)
+- 8 export readiness gates (G1-G8)
+- Plugin system via Python entry points (question banks, exporters, adapters)
+- WeasyPrint PDF rendering with Jinja2 HTML templates
+- `rmf.schema.json` (JSON Schema draft-2020-12) as versioned output contract
+- FileStore storage backend (YAML + JSONL, git-friendly)
+- Exit code 2 for `riskforge verify` failures (CI-detectable)
+- Zero-telemetry guarantee enforced via pytest-socket in CI
+- Docker Compose setup for team deployment
+- Sigstore OIDC signing on all PyPI releases
+- CycloneDX SBOM attached to every GitHub Release
+- Build provenance attestation via GitHub Actions