shipwright-kit 0.6.0__py3-none-any.whl

shipwright_kit/__init__.py

@@ -0,0 +1,3 @@
+"""Shipwright — design-token + tooling library."""
+
+__version__ = "0.6.0"

shipwright_kit/cli.py

@@ -0,0 +1,36 @@
+"""Typer application factory for Shipwright CLI tools.
+
+Thin, opinionated defaults so every scaffolded CLI is consistent
+(``add_completion=False``, ``no_args_is_help=True``) plus an optional
+``version`` command. Imports Typer at module load, so this submodule is NOT
+imported by ``shipwright_kit/__init__`` — ``import shipwright_kit`` stays
+typer-free (import-light). Consumers that import ``shipwright_kit.cli`` already
+depend on Typer.
+"""
+
+from __future__ import annotations
+
+import typer
+
+__all__ = ["build_typer"]
+
+
+def build_typer(name: str, help: str, *, version: str | None = None) -> typer.Typer:
+    """Return a Typer app with Shipwright's standard defaults. If ``version`` is
+    given, register a ``version`` command that prints it."""
+    app = typer.Typer(
+        name=name,
+        help=help,
+        add_completion=False,
+        no_args_is_help=True,
+    )
+    if version is not None:
+
+        @app.command()
+        def version_() -> None:  # registered as "version"
+            """Print the version."""
+            typer.echo(version)
+
+        version_.__name__ = "version"
+
+    return app

shipwright_kit/config.py

@@ -0,0 +1,53 @@
+"""Import-light config mechanism shared by Shipwright CLI tools.
+
+Owns the *mechanism* only — a secure per-tool app directory, ordered-candidate
+config-file resolution, and a resolve->load->validate skeleton. The consumer
+injects its own yaml ``loader`` and (pydantic) ``validator`` callables, so this
+module stays stdlib-only and ``import shipwright_kit.config`` pulls no
+pyyaml/pydantic/typer. Each tool keeps its own config *schema*, env-override
+step, ``save_config`` and ``.env`` handling.
+"""
+
+from __future__ import annotations
+
+from collections.abc import Callable, Iterable
+from pathlib import Path
+from typing import TypeVar
+
+__all__ = ["app_dir", "load_config", "resolve_config_file"]
+
+T = TypeVar("T")
+
+_OWNER_ONLY = 0o700
+
+
+def app_dir(name: str, *, create: bool = False, mode: int = _OWNER_ONLY) -> Path:
+    """Return ``~/.{name}``. With ``create=True`` make it owner-only (mkdir + chmod,
+    so a pre-existing loose-permission dir is hardened too)."""
+    d = Path.home() / f".{name}"
+    if create:
+        d.mkdir(mode=mode, parents=True, exist_ok=True)
+        d.chmod(mode)
+    return d
+
+
+def resolve_config_file(candidates: Iterable[Path | None]) -> Path | None:
+    """Return the first candidate that exists (``None`` entries skipped)."""
+    for c in candidates:
+        if c is not None and c.exists():
+            return c
+    return None
+
+
+def load_config(
+    candidates: Iterable[Path | None],
+    *,
+    loader: Callable[[Path], dict],
+    validator: Callable[[dict], T],
+) -> T:
+    """Resolve the first existing candidate, ``loader`` it to a dict, and
+    ``validator`` that dict into a config object. If no candidate exists, the
+    loader is NOT called and ``validator({})`` is returned."""
+    path = resolve_config_file(candidates)
+    data = loader(path) if path is not None else {}
+    return validator(data)

shipwright_kit/design/__init__.py

@@ -0,0 +1,24 @@
+"""Design tokens: tiers, glyphs, palette, console, output."""
+
+from .console import get_console, supports_color, supports_unicode
+from .glyphs import glyph, tier_label
+from .output import OUTPUT_SCHEMA_VERSION, VALID_FORMATS, Renderable, render
+from .palette import ColorblindTheme, DefaultTheme, Theme
+from .tiers import Severity, TierMappable
+
+__all__ = [
+    "Severity",
+    "TierMappable",
+    "glyph",
+    "tier_label",
+    "Theme",
+    "DefaultTheme",
+    "ColorblindTheme",
+    "get_console",
+    "supports_color",
+    "supports_unicode",
+    "VALID_FORMATS",
+    "Renderable",
+    "render",
+    "OUTPUT_SCHEMA_VERSION",
+]

shipwright_kit/design/banner.py

@@ -0,0 +1,21 @@
+"""Plain ASCII banner generator (dep-free). Optional figlet via the `banner`
+extra is imported lazily, with a plain fallback if it is absent."""
+
+from __future__ import annotations
+
+
+def _figlet(name: str) -> str:
+    try:
+        from pyfiglet import figlet_format
+    except (ModuleNotFoundError, ImportError, TypeError):
+        return name.upper()
+    return figlet_format(name).rstrip("\n")
+
+
+def make_banner(name: str, version: str, tagline: str = "", *, figlet: bool = False, ascii_only: bool = False) -> str:
+    """Return a banner string. Caller decides where to print it (typically stderr)."""
+    title = _figlet(name) if figlet else name.upper()
+    info = f"v{version}" + (f" | {tagline}" if tagline else "")
+    width = max([len(line) for line in title.splitlines()] + [len(info), 12])
+    rule = ("-" if ascii_only else "─") * width
+    return "\n".join([title, rule, info])

shipwright_kit/design/console.py

@@ -0,0 +1,33 @@
+"""Accessibility-aware console helpers. Rich is imported lazily inside
+`get_console` so `import shipwright_kit` stays light."""
+
+from __future__ import annotations
+
+import os
+import sys
+
+
+def supports_color(stream=None) -> bool:
+    stream = stream if stream is not None else sys.stdout
+    if os.environ.get("NO_COLOR"):
+        return False
+    isatty = getattr(stream, "isatty", None)
+    return bool(isatty and isatty())
+
+
+def supports_unicode(stream=None) -> bool:
+    stream = stream if stream is not None else sys.stdout
+    enc = (getattr(stream, "encoding", "") or "").lower()
+    if "utf" in enc:
+        return True
+    return bool(os.environ.get("WT_SESSION") or os.environ.get("ANSICON"))
+
+
+def get_console(*, no_color: bool = False, force_terminal: bool | None = None):
+    """Return a configured Rich Console (lazy import). Requires the `rich` extra."""
+    try:
+        from rich.console import Console
+    except ModuleNotFoundError as exc:  # pragma: no cover
+        raise RuntimeError("rich output requires `pip install shipwright-kit[rich]`") from exc
+    use_color = supports_color() and not no_color
+    return Console(no_color=not use_color, force_terminal=force_terminal, safe_box=not supports_unicode())

shipwright_kit/design/glyphs.py

@@ -0,0 +1,30 @@
+"""Per-tier glyphs with an ASCII fallback. Rule: a tier indicator always
+renders symbol + label, never color alone (the #1 colorblind fix)."""
+
+from __future__ import annotations
+
+from .tiers import Severity
+
+_UNICODE: dict[Severity, str] = {
+    Severity.OK: "✓",
+    Severity.INFO: "ℹ",
+    Severity.NOTICE: "•",
+    Severity.WARN: "⚠",
+    Severity.CRITICAL: "✗",
+}
+_ASCII: dict[Severity, str] = {
+    Severity.OK: "OK",
+    Severity.INFO: "i",
+    Severity.NOTICE: "*",
+    Severity.WARN: "!",
+    Severity.CRITICAL: "XX",
+}
+
+
+def glyph(tier: Severity, *, ascii_only: bool = False) -> str:
+    return (_ASCII if ascii_only else _UNICODE)[tier]
+
+
+def tier_label(tier: Severity, *, ascii_only: bool = False) -> str:
+    """Symbol + label — never color/symbol alone."""
+    return f"{glyph(tier, ascii_only=ascii_only)} {tier.label}"

shipwright_kit/design/output.py

@@ -0,0 +1,60 @@
+"""Output-format contract. Core formats are stdlib-only; `rich` is lazy.
+`console` is a distinct reduced-density plain formatter (not Rich-no-color)."""
+
+from __future__ import annotations
+
+import csv as _csv
+import io
+import json
+from typing import Protocol, runtime_checkable
+
+from .glyphs import tier_label
+from .tiers import Severity
+
+VALID_FORMATS = ("rich", "console", "json", "ndjson", "csv")
+
+# render(fmt="json") envelope contract version (G10). Bump = structural break;
+# update the golden test + a migration note (docs/release-policy.md).
+OUTPUT_SCHEMA_VERSION = 1
+
+
+@runtime_checkable
+class Renderable(Protocol):
+    def rows(self) -> list[dict]: ...
+
+    def tier(self) -> Severity: ...
+
+
+def render(obj: Renderable, fmt: str = "console", *, ascii_only: bool = False) -> str:
+    if fmt not in VALID_FORMATS:
+        raise ValueError(f"unknown format {fmt!r}; valid: {', '.join(VALID_FORMATS)}")
+    rows = list(obj.rows())
+    if fmt == "json":
+        return json.dumps({"schema_version": OUTPUT_SCHEMA_VERSION, "tier": obj.tier().label, "rows": rows}, indent=2)
+    if fmt == "ndjson":
+        return "\n".join(json.dumps(r) for r in rows)
+    if fmt == "csv":
+        if not rows:
+            return ""
+        buf = io.StringIO()
+        writer = _csv.DictWriter(buf, fieldnames=list(rows[0].keys()))
+        writer.writeheader()
+        writer.writerows(rows)
+        return buf.getvalue()
+    if fmt == "console":
+        head = tier_label(obj.tier(), ascii_only=ascii_only)
+        body = ["  " + " ".join(f"{k}={v}" for k, v in r.items()) for r in rows]
+        return "\n".join([head, *body])
+    # fmt == "rich" — lazy import
+    from rich.console import Console
+    from rich.table import Table
+
+    table = Table()
+    if rows:
+        for key in rows[0]:
+            table.add_column(str(key))
+        for r in rows:
+            table.add_row(*[str(v) for v in r.values()])
+    buf = io.StringIO()
+    Console(file=buf, force_terminal=False, no_color=True).print(table)
+    return buf.getvalue()

shipwright_kit/design/palette.py

@@ -0,0 +1,46 @@
+"""Themeable palette: maps a tier to a style token (a plain string the rich
+renderer later consumes). Stdlib-only — no Rich import here."""
+
+from __future__ import annotations
+
+from typing import Protocol, runtime_checkable
+
+from .tiers import Severity
+
+
+@runtime_checkable
+class Theme(Protocol):
+    name: str
+
+    def style(self, tier: Severity) -> str: ...
+
+
+class DefaultTheme:
+    name = "default"
+    _STYLES = {
+        Severity.OK: "green",
+        Severity.INFO: "cyan",
+        Severity.NOTICE: "blue",
+        Severity.WARN: "yellow",
+        Severity.CRITICAL: "bold red",
+    }
+
+    def style(self, tier: Severity) -> str:
+        return self._STYLES[tier]
+
+
+class ColorblindTheme:
+    """Blue/orange-leaning, avoids red/green reliance (deuteranopia-safe).
+    Colour is never the sole signal — see glyphs.tier_label."""
+
+    name = "colorblind"
+    _STYLES = {
+        Severity.OK: "blue",
+        Severity.INFO: "cyan",
+        Severity.NOTICE: "white",
+        Severity.WARN: "yellow",
+        Severity.CRITICAL: "bold magenta",
+    }
+
+    def style(self, tier: Severity) -> str:
+        return self._STYLES[tier]

shipwright_kit/design/tiers.py

@@ -0,0 +1,33 @@
+"""Generic severity tiers + a domain-overlay protocol."""
+
+from __future__ import annotations
+
+from enum import IntEnum
+from typing import Protocol, runtime_checkable
+
+
+class Severity(IntEnum):
+    """Generic 5-tier severity ladder. Tools map their own enums onto it."""
+
+    OK = 0
+    INFO = 1
+    NOTICE = 2
+    WARN = 3
+    CRITICAL = 4
+
+    @property
+    def label(self) -> str:
+        return self.name
+
+    @property
+    def role(self) -> str:
+        """Color-role key resolved by a Theme (see palette.py)."""
+        return self.name.lower()
+
+
+@runtime_checkable
+class TierMappable(Protocol):
+    """A domain enum maps to the base ladder via `base_tier()`. May map fewer
+    than 5 tiers; off-axis states map explicitly."""
+
+    def base_tier(self) -> Severity: ...

shipwright_kit/eval/__init__.py

@@ -0,0 +1,7 @@
+"""Generic classification eval harness: corpus, metrics, evaluate + gate."""
+
+from .corpus import Sample, load_corpus
+from .harness import EvalGateError, evaluate, gate
+from .metrics import EVAL_SCHEMA_VERSION, EvalResult
+
+__all__ = ["Sample", "load_corpus", "EvalResult", "EVAL_SCHEMA_VERSION", "EvalGateError", "evaluate", "gate"]

shipwright_kit/eval/corpus.py

@@ -0,0 +1,34 @@
+"""Labeled-sample corpus loader (CSV/JSON). Trusted local fixture data → STRICT:
+a malformed row raises ValueError (unlike liberal external-API parsing)."""
+
+from __future__ import annotations
+
+import csv
+import json
+from dataclasses import dataclass
+from pathlib import Path
+
+
+@dataclass(frozen=True)
+class Sample:
+    input: str
+    label: str
+
+
+def _make(row: dict, input_col: str, label_col: str, idx: int) -> Sample:
+    try:
+        inp, lab = row[input_col], row[label_col]
+    except (KeyError, TypeError) as exc:
+        raise ValueError(f"corpus row {idx}: missing column {exc}") from exc
+    if not inp or not lab:
+        raise ValueError(f"corpus row {idx}: empty {input_col!r}/{label_col!r}")
+    return Sample(str(inp), str(lab))
+
+
+def load_corpus(path, *, input_col: str = "input", label_col: str = "label") -> list[Sample]:
+    p = Path(path)
+    if p.suffix == ".json":
+        data = json.loads(p.read_text())
+        return [_make(d, input_col, label_col, i) for i, d in enumerate(data)]
+    lines = [ln for ln in p.read_text().splitlines() if ln.strip() and not ln.lstrip().startswith("#")]
+    return [_make(row, input_col, label_col, i) for i, row in enumerate(csv.DictReader(lines))]

shipwright_kit/eval/harness.py

@@ -0,0 +1,50 @@
+"""Run a predict function over a corpus and gate the result. Count-and-skip on a
+predict-time exception (faithful to barb — a bad row must not abort the run)."""
+
+from __future__ import annotations
+
+from collections.abc import Callable
+
+from .corpus import Sample
+from .metrics import EvalResult
+
+
+class EvalGateError(AssertionError):
+    """Raised when an eval result is below the required thresholds."""
+
+
+def evaluate(
+    predict_fn: Callable[[str], str],
+    corpus: list[Sample],
+    *,
+    positive_pred: Callable[[str], bool],
+    positive_expected: Callable[[str], bool] | None = None,
+) -> EvalResult:
+    binarize_expected = positive_expected or positive_pred  # default = same-space (Phase B)
+    tp = fp = tn = fn = errors = 0
+    for sample in corpus:
+        try:
+            pred = predict_fn(sample.input)
+        except Exception:  # count-and-skip, surfaced via errors
+            errors += 1
+            continue
+        exp = binarize_expected(sample.label)
+        got = positive_pred(pred)
+        if exp and got:
+            tp += 1
+        elif got and not exp:
+            fp += 1
+        elif exp and not got:
+            fn += 1
+        else:
+            tn += 1
+    return EvalResult(tp, fp, tn, fn, errors)
+
+
+def gate(result: EvalResult, *, min_precision: float, min_recall: float) -> None:
+    if result.precision < min_precision:
+        raise EvalGateError(f"precision {result.precision:.3f} < {min_precision}")
+    if result.recall < min_recall:
+        raise EvalGateError(f"recall {result.recall:.3f} < {min_recall}")
+    if (result.tp + result.fn) > 0 and result.recall == 0.0:
+        raise EvalGateError("zero recall with positives present")

shipwright_kit/eval/metrics.py

@@ -0,0 +1,66 @@
+"""Binary-classification metrics, faithful to barb's EvalMetrics. Stdlib-only."""
+
+from __future__ import annotations
+
+from dataclasses import dataclass
+
+# Serialized EvalResult contract version (G10). Bump = structural break to the
+# `to_dict()` shape; requires updating the golden test + a migration note (see
+# docs/release-policy.md). Independent of the package version.
+EVAL_SCHEMA_VERSION = 1
+
+
+def _safe_div(num: float, den: float) -> float:
+    return num / den if den else 0.0
+
+
+@dataclass(frozen=True)
+class EvalResult:
+    tp: int = 0
+    fp: int = 0
+    tn: int = 0
+    fn: int = 0
+    errors: int = 0  # predict-time failures (count-and-skip)
+
+    @property
+    def precision(self) -> float:
+        return _safe_div(self.tp, self.tp + self.fp)
+
+    @property
+    def recall(self) -> float:
+        return _safe_div(self.tp, self.tp + self.fn)
+
+    @property
+    def f1(self) -> float:
+        p, r = self.precision, self.recall
+        return _safe_div(2 * p * r, p + r)
+
+    @property
+    def accuracy(self) -> float:
+        return _safe_div(self.tp + self.tn, self.tp + self.fp + self.tn + self.fn)
+
+    @property
+    def false_positive_rate(self) -> float:
+        return _safe_div(self.fp, self.fp + self.tn)
+
+    @property
+    def confusion(self) -> dict[str, int]:
+        return {"tp": self.tp, "fp": self.fp, "tn": self.tn, "fn": self.fn}
+
+    def to_dict(self) -> dict[str, int | float]:
+        """Canonical, versioned serialization (schema v1). RAW floats — consumers
+        round for display. `confusion` is omitted (it is just tp/fp/tn/fn, already
+        top-level keys)."""
+        return {
+            "schema_version": EVAL_SCHEMA_VERSION,
+            "tp": self.tp,
+            "fp": self.fp,
+            "tn": self.tn,
+            "fn": self.fn,
+            "errors": self.errors,
+            "precision": self.precision,
+            "recall": self.recall,
+            "f1": self.f1,
+            "accuracy": self.accuracy,
+            "false_positive_rate": self.false_positive_rate,
+        }

shipwright_kit/security/__init__.py

@@ -0,0 +1,17 @@
+"""Security pack: threat-verdict theme + labels + shared injection defense."""
+
+from shipwright_kit.security.injection import (
+    INJECTION_PATTERNS_VERSION,
+    InjectionFinding,
+    PromptInjectionDetector,
+    SeverityLevel,
+    scan,
+)
+
+__all__ = [
+    "INJECTION_PATTERNS_VERSION",
+    "InjectionFinding",
+    "PromptInjectionDetector",
+    "SeverityLevel",
+    "scan",
+]

shipwright_kit/security/eval.py

@@ -0,0 +1,26 @@
+"""Security-pack eval helpers: threat binarization + barb's baseline thresholds
++ a per-tier breakdown. Stdlib-only (no rich import)."""
+
+from __future__ import annotations
+
+from collections import Counter
+
+from shipwright_kit.design.tiers import Severity
+
+SECURITY_MIN_PRECISION = 1.0
+SECURITY_MIN_RECALL = 0.70
+
+
+def is_alert(tier: Severity, *, alert_at: Severity = Severity.NOTICE) -> bool:
+    """A verdict at/above the alert threshold counts as a positive prediction.
+    Default NOTICE reproduces barb's positive set {SUSPICIOUS, HIGH_RISK, PHISHING}."""
+    return tier >= alert_at
+
+
+def tier_breakdown(items: list[tuple[Severity, str]]) -> str:
+    """Plain-text benign-vs-malicious counts per tier (no rich → import-light)."""
+    counts: Counter = Counter(items)
+    lines = ["tier | label | count"]
+    for (tier, label), n in sorted(counts.items(), key=lambda kv: (int(kv[0][0]), kv[0][1])):
+        lines.append(f"{tier.label} | {label} | {n}")
+    return "\n".join(lines)

shipwright_kit/security/injection.py

@@ -0,0 +1,206 @@
+"""Shared prompt-injection detector for attacker-influenced strings.
+
+Single source of truth for the regex pattern set + detection engine used by
+every consumer (vex, sift). A bypass fixed here propagates to all of them.
+
+Import-light: stdlib only (no pydantic), so ``import
+shipwright_kit.security.injection`` stays dependency-free. The finding type is a
+frozen dataclass; consumers serialize via ``dataclasses.asdict`` at their JSON
+boundary.
+
+Operates on plain string values. Tool-specific I/O — vex's ``sanitize`` (str ->
+marker) and sift's ``redact_alert`` (Alert -> Alert) — stays in each tool.
+"""
+
+from __future__ import annotations
+
+import re
+import unicodedata
+from dataclasses import dataclass
+from enum import Enum
+
+__all__ = [
+    "INJECTION_PATTERNS_VERSION",
+    "InjectionFinding",
+    "PromptInjectionDetector",
+    "SeverityLevel",
+    "scan",
+]
+
+# Bump when the pattern SET changes (added/removed/retuned pattern). Lets
+# consumers assert they are matching against a known engine version, mirroring
+# the EVAL_SCHEMA_VERSION / OUTPUT_SCHEMA_VERSION contract discipline (G10).
+INJECTION_PATTERNS_VERSION = 1
+
+
+class SeverityLevel(str, Enum):
+    """Severity of an injection finding."""
+
+    WARNING = "WARNING"
+    CRITICAL = "CRITICAL"
+
+
+@dataclass(frozen=True)
+class InjectionFinding:
+    """A detected injection pattern in a string value.
+
+    Attribute names match the prior pydantic models in vex/sift so consumer
+    call sites and ``.field`` / ``.pattern_type`` / ``.severity`` access are
+    unchanged.
+    """
+
+    field: str
+    pattern_type: str
+    severity: SeverityLevel
+    redaction: str
+    value_preview: str | None = None
+
+
+class PromptInjectionDetector:
+    """Detects prompt-injection patterns in plain string values.
+
+    Args:
+        case_insensitive: case-insensitive matching when True (default).
+        whitelist_patterns: regex strings; a value matching any one is exempt
+            from all checks (operator-defined known-safe templates).
+    """
+
+    def __init__(
+        self,
+        case_insensitive: bool = True,
+        whitelist_patterns: list[str] | None = None,
+    ) -> None:
+        self.case_insensitive = case_insensitive
+        flags = re.IGNORECASE if case_insensitive else 0
+        self._whitelist: list[re.Pattern[str]] = [re.compile(p, flags) for p in (whitelist_patterns or [])]
+        self._compile_patterns()
+
+    def _compile_patterns(self) -> None:
+        flags = re.IGNORECASE if self.case_insensitive else 0
+
+        # Pattern 1: "ignore previous instructions" variants.
+        self.pattern_ignore_instructions = re.compile(
+            r"(ignore|disregard|forget|dismiss|bypass|override)[\s\S]{0,40}?"
+            r"(previous|prior|earlier|above|preceding)[\s\S]{0,40}?"
+            r"(instruction|directive|prompt|command|context|system)",
+            flags | re.DOTALL,
+        )
+
+        # Pattern 2: LLM-redirection via "instead" / "rather than".
+        self.pattern_instead_output = re.compile(
+            r"(?:"
+            r"(output|respond|return|generate|create|print|write)\s+instead"
+            r"|instead[\s,;.]+(?:of\s+)?(output|respond|return|generate|create|print|write)"
+            r"|rather\s+than\s+(?:summariz|analyz|triag|the\s+above)"
+            r")",
+            flags,
+        )
+
+        # Pattern 3: JSON escape sequences.
+        self.pattern_json_escapes = re.compile(
+            r'\\(?:["\\/bfnrtu]|u[0-9a-fA-F]{4})',
+            flags,
+        )
+
+        # Pattern 4: Base64 / hex encoded payloads (thresholds tuned to exclude
+        # common security terms like "Exfiltration"/"Configuration").
+        self.pattern_base64_hex = re.compile(
+            r"(?:"
+            r"(?=[A-Za-z0-9+/]*[+/])[A-Za-z0-9+/]{12,}"
+            r"|[A-Za-z0-9+/]{4,}=="
+            r"|[A-Za-z0-9+/]{8,}="
+            r"|(?:[0-9a-fA-F]{2}){10,}"
+            r"|[A-Za-z0-9]{20,}"
+            r")",
+            flags,
+        )
+
+        # Pattern 5: Shell command injection.
+        self.pattern_shell_commands = re.compile(
+            r"(?:\$\([^)]*\)|`[^`]*`|\$\w+)",
+            flags,
+        )
+
+        # Pattern 6: Jailbreak / role override — role verb + (restriction
+        # adjective bound to an AI-context noun | known idiom). Bare markers are
+        # rejected to avoid FP on real SOC text.
+        self.pattern_jailbreak = re.compile(
+            r"(?:act as|you are now|pretend to be|roleplay as|behave as)[\s\S]{0,40}?"
+            r"(?:"
+            r"(?:unrestricted|unfiltered|jailbroken|uncensored|unaligned)\s+"
+            r"(?:assistant|ai|model|chatbot|llm|gpt|bot|agent|persona|mode|version)"
+            r"|jailbroken"
+            r"|dan\b"
+            r"|do\s+anything\s+now"
+            r")",
+            flags | re.DOTALL,
+        )
+
+        # Pattern 7: System-prompt exfiltration — exfil verb + high-signal prompt
+        # noun only (system prompt / your [system] prompt / system instructions).
+        self.pattern_prompt_exfil = re.compile(
+            r"(?:reveal|print|show|output|repeat|leak|disclose|dump|expose|contents?\s+of)"
+            r"[\s\S]{0,40}?"
+            r"(?:system\s*prompt|system\s+instructions?"
+            r"|your\s+(?:system\s+)?prompt|your\s+system\s+instructions?)",
+            flags | re.DOTALL,
+        )
+
+    def detect(
+        self,
+        value: str,
+        field_name: str = "",
+        *,
+        is_ioc_field: bool = False,
+    ) -> list[InjectionFinding]:
+        """Scan a single string value. Empty list means clean."""
+        if not isinstance(value, str):
+            return []
+
+        normalized = unicodedata.normalize("NFKC", value)
+
+        if self._whitelist and any(p.search(normalized) for p in self._whitelist):
+            return []
+
+        findings: list[InjectionFinding] = []
+        preview = self._truncate(value)
+
+        def add(pattern_type: str, severity: SeverityLevel, redaction: str) -> None:
+            findings.append(
+                InjectionFinding(
+                    field=field_name,
+                    pattern_type=pattern_type,
+                    severity=severity,
+                    redaction=redaction,
+                    value_preview=preview,
+                )
+            )
+
+        # if (not elif) so all patterns in a value are reported.
+        if self.pattern_ignore_instructions.search(normalized):
+            add("instruction_override", SeverityLevel.CRITICAL, "[REDACTED: instruction override attempt]")
+        if self.pattern_instead_output.search(normalized):
+            add("output_manipulation", SeverityLevel.CRITICAL, "[REDACTED: output manipulation attempt]")
+        if self.pattern_json_escapes.search(normalized):
+            add("json_escape_sequence", SeverityLevel.WARNING, "[REDACTED: JSON escape sequences]")
+        if not is_ioc_field and self.pattern_base64_hex.search(normalized):
+            add("encoded_payload", SeverityLevel.WARNING, "[REDACTED: encoded payload]")
+        if self.pattern_shell_commands.search(normalized):
+            add("shell_injection", SeverityLevel.CRITICAL, "[REDACTED: shell command attempt]")
+        if self.pattern_jailbreak.search(normalized):
+            add("jailbreak", SeverityLevel.CRITICAL, "[REDACTED: jailbreak / role-override attempt]")
+        if self.pattern_prompt_exfil.search(normalized):
+            add("prompt_exfiltration", SeverityLevel.CRITICAL, "[REDACTED: system-prompt exfiltration attempt]")
+
+        return findings
+
+    @staticmethod
+    def _truncate(value: str, max_len: int = 80) -> str:
+        if len(value) <= max_len:
+            return value
+        return value[:max_len] + "..."
+
+
+def scan(value: str) -> list[InjectionFinding]:
+    """Scan a single string value with a default detector."""
+    return PromptInjectionDetector().detect(value)

shipwright_kit/security/theme.py

@@ -0,0 +1,34 @@
+"""Security pack default theme — maps the generic Severity tiers to threat
+verdict labels (CLEAN→MALICIOUS) and a green→red palette. Tools keep their own
+verdict enums and map them to Severity via TierMappable (see tests for barb/vex
+worked examples). Stdlib-only."""
+
+from __future__ import annotations
+
+from shipwright_kit.design.tiers import Severity
+
+SECURITY_LABELS: dict[Severity, str] = {
+    Severity.OK: "CLEAN",
+    Severity.INFO: "LOW",
+    Severity.NOTICE: "SUSPICIOUS",
+    Severity.WARN: "HIGH",
+    Severity.CRITICAL: "MALICIOUS",
+}
+
+
+class SecurityTheme:
+    name = "security"
+    _STYLES = {
+        Severity.OK: "green",
+        Severity.INFO: "cyan",
+        Severity.NOTICE: "yellow",
+        Severity.WARN: "dark_orange",
+        Severity.CRITICAL: "bold red",
+    }
+
+    def style(self, tier: Severity) -> str:
+        return self._STYLES[tier]
+
+
+def label(tier: Severity) -> str:
+    return SECURITY_LABELS[tier]

shipwright_kit-0.6.0.dist-info/METADATA

@@ -0,0 +1,164 @@
+Metadata-Version: 2.4
+Name: shipwright-kit
+Version: 0.6.0
+Summary: Shipwright — AI-agent dev framework + import-light design/eval/security library
+Author: Christian Huhn
+License-Expression: MIT
+Project-URL: Homepage, https://github.com/duathron/shipwright
+Project-URL: Repository, https://github.com/duathron/shipwright
+Project-URL: Documentation, https://github.com/duathron/shipwright/blob/main/docs/library.md
+Project-URL: Changelog, https://github.com/duathron/shipwright/blob/main/CHANGELOG.md
+Project-URL: Issues, https://github.com/duathron/shipwright/issues
+Keywords: ci,dev-tooling,eval,design-tokens,severity,quality-gates
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Software Development :: Quality Assurance
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Typing :: Typed
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Provides-Extra: rich
+Requires-Dist: rich>=13.7; extra == "rich"
+Provides-Extra: banner
+Requires-Dist: pyfiglet>=1.0; extra == "banner"
+Dynamic: license-file
+
+# Shipwright
+
+![CI](https://github.com/duathron/shipwright/actions/workflows/ci.yml/badge.svg)
+![CodeQL](https://github.com/duathron/shipwright/actions/workflows/codeql.yml/badge.svg)
+![Coverage](https://img.shields.io/badge/coverage-%E2%89%A590%25-brightgreen.svg)
+![Types](https://img.shields.io/badge/types-mypy-blue.svg)
+![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)
+![Python](https://img.shields.io/badge/python-3.11%2B-blue.svg)
+
+Shipwright is two things that share one repo:
+
+- an installable, **import-light Python library** of shared dev-tooling runtime —
+  `shipwright_kit.design` (severity tiers + accessible output), `shipwright_kit.eval`
+  (detection-quality eval harness), `shipwright_kit.security` (a security pack);
+- an **AI-agent-operated development framework** — reusable CI/CD, a Copier
+  scaffolder, quality gates, and bundled agent skills + personas — that **dogfoods**
+  the library and the gates it hands to the projects built with it.
+
+The library is consumed today by two real tools: **barb** and **sift** both import
+`shipwright_kit.eval` to run their detection-quality gates.
+
+## Install
+
+The library is **not on PyPI** — the bare name `shipwright` belongs to an unrelated
+project, so the published distribution is **`shipwright-kit`** and the import name is
+**`shipwright_kit`**. For now, install from git:
+
+```bash
+uv pip install "git+https://github.com/duathron/shipwright@main"
+# then: import shipwright_kit
+```
+
+> [!NOTE]
+> Pin a release tag instead of `@main` for reproducible builds once a tagged
+> release of the `shipwright-kit` distribution is cut. Do **not** `pip install
+> shipwright` from PyPI — that is a different, unrelated package.
+
+The security pack needs no extra — it ships with the base install and registers
+through the `shipwright_kit.packs` entry point.
+
+## Library quickstart
+
+**Run an eval gate** — score a classifier against a labeled corpus and fail if it
+misses a floor (the exact pattern barb and sift use):
+
+```python
+from shipwright_kit.eval import Sample, evaluate, gate
+
+corpus = [Sample("phish-login", "phishing"),
+          Sample("example.com", "benign"),
+          Sample("secure-phish", "phishing")]
+
+result = evaluate(
+    lambda text: "phishing" if "phish" in text else "benign",
+    corpus,
+    positive_pred=lambda pred: pred == "phishing",
+    positive_expected=lambda label: label == "phishing",
+)
+print(result.precision, result.recall)        # 1.0 1.0
+gate(result, min_precision=1.0, min_recall=0.9)  # raises EvalGateError if below
+```
+
+**Use the shared severity tiers** — one generic scale tools map their own verdicts
+onto, with accessible (Unicode-or-ASCII) labels:
+
+```python
+from shipwright_kit.design import Severity, tier_label
+
+Severity.OK, Severity.INFO, Severity.NOTICE, Severity.WARN, Severity.CRITICAL  # IntEnum 0..4
+print(tier_label(Severity.CRITICAL))  # ✗ CRITICAL
+print(tier_label(Severity.OK))        # ✓ OK
+```
+
+`import shipwright_kit` pulls in no `rich` or `pyfiglet` — the heavy deps load lazily only
+when you actually render. Full API: **[docs/library.md](docs/library.md)**.
+
+## The framework
+
+The repo contains **no project code**. Projects stay their own Git repositories and
+their own packages; locally you clone each into the **gitignored** `projects/`
+directory, where a [uv](https://docs.astral.sh/uv/) workspace ties them together for
+development:
+
+```
+shipwright/
+├─ shipwright_kit/          # the importable library (design / eval / security)
+├─ tooling/ruff-base.toml   # single source of truth for lint rules
+├─ templates/               # Copier scaffolder (python-cli) + release config
+├─ skills/ · personas/      # the agent operating layer (scaffold, onboard, review …)
+├─ .github/workflows/       # reusable python-ci.yml + python-release.yml (SHA-pinned)
+└─ projects/                # GITIGNORED, local-only — your projects plug in here
+```
+
+Work is promoted through gates; failing a rung blocks promotion:
+
+```
+commit → lint + unit (auto) → build → dogfood + eval (auto) →
+QM gate (manual) → beta sign-off (manual) → release
+```
+
+The reusable CI/CD that wires these gates, the Copier scaffolder (`templates/`), and
+the agent skills (`skills/`) and personas (`personas/`) all ship now. This repo runs
+the exact gates it gives the projects built with it.
+
+## Framework quickstart
+
+Requires Python 3.11+, [uv](https://docs.astral.sh/uv/), and
+[just](https://github.com/casey/just).
+
+```bash
+uv sync --dev              # create the dev environment
+uv run pre-commit install  # install the local gate
+just lint                  # ruff check + format-check
+just test                  # pytest
+```
+
+The local `pre-commit` gate runs the same lint/format/secret checks as CI; add
+`just test` (and `uv build`) for the test and build rungs CI also enforces.
+
+## Docs
+
+- **[docs/library.md](docs/library.md)** — per-module API reference (design / eval / security)
+- **[docs/release-policy.md](docs/release-policy.md)** — SemVer + release policy
+- **[docs/ci-cd.md](docs/ci-cd.md)** — the reusable CI/CD workflows
+- **[CHANGELOG.md](CHANGELOG.md)**
+
+## Security
+
+Report vulnerabilities privately via GitHub's
+[private vulnerability reporting](https://github.com/duathron/shipwright/security/advisories/new)
+(repo **Security** tab → **Report a vulnerability**). See [SECURITY.md](SECURITY.md).
+
+## License
+
+[MIT](LICENSE) © 2026 Christian Huhn

shipwright_kit-0.6.0.dist-info/RECORD

@@ -0,0 +1,25 @@
+shipwright_kit/__init__.py,sha256=crYIU7Ldr3xF7iH10pVwuW3gaaLVuTo3Vtsc_D5cdKU,76
+shipwright_kit/cli.py,sha256=IlqKFJ5pPvl0OM9WYR9sSRML4BTwE3uNLaC6EEAEZ2w,1112
+shipwright_kit/config.py,sha256=PjaX7jI1piPawCXERqwK8JOBgLS3eFYJWXzuiCWHyL4,1848
+shipwright_kit/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+shipwright_kit/design/__init__.py,sha256=Rf0rRPczgfowaQJWQLGrNVk24Gh-ayNyCaEGnx2Sh30,630
+shipwright_kit/design/banner.py,sha256=tvV8_CCWpjQWr8GH2HLrDpsF23CONEbkaPcgJ9y0RyA,892
+shipwright_kit/design/console.py,sha256=uB_l73JY5mAecoGJrP-d1u0-CKac9J49fbBuR0DHFu4,1230
+shipwright_kit/design/glyphs.py,sha256=lBBVDjn9tteHwxeUZ1WxCrjndYuvorDgNgRSPT9gy5A,847
+shipwright_kit/design/output.py,sha256=Y3UPJR1CNjvKV13NepI9G4l9ZE_FcYNsaIRFqGFZS1E,2025
+shipwright_kit/design/palette.py,sha256=RMHHqafwGPysdZ1RYQya5S3L9rAN42NWZ-W6AzoQtV4,1134
+shipwright_kit/design/tiers.py,sha256=Hob_a97QvWxVBj_v3rQ0qXS4GKRpCrO66V1Y-RxwTKc,775
+shipwright_kit/eval/__init__.py,sha256=cNK4usAQVam19nFB8LSgLJWd9ma9KkEgqlm5Sq-GjZI,333
+shipwright_kit/eval/corpus.py,sha256=UGQBR0tcw0R94Ai-IHB_eAcZq-MdJ7waPO9yaalCopA,1210
+shipwright_kit/eval/harness.py,sha256=XmnD3kcuEsbR1VYpx_cSYqkHCnczhsQ1QCMmgrIp4g4,1683
+shipwright_kit/eval/metrics.py,sha256=GpS0aioWDOx5XPDSCcj9aL1yphm3qkZo_Qeuyy3qgnc,2031
+shipwright_kit/security/__init__.py,sha256=MWwHA7CcZgjqb9PC9-sjPneQbywe7Q6cHQvF-FtyTvo,379
+shipwright_kit/security/eval.py,sha256=QhSkCTaeYjZDRlkRneE-ASIspMZWxinKlzp4oAVUlLU,988
+shipwright_kit/security/injection.py,sha256=MJT4fwqqEQU56yJRhcYVb9wFo8raYGiyIL5N0OEEOes,7772
+shipwright_kit/security/theme.py,sha256=gJItxCwRhshuSgCoePqazAcXGK4s78qMnFcT6Jd95rI,942
+shipwright_kit-0.6.0.dist-info/licenses/LICENSE,sha256=BVf5pqest078hZ5byAbwbvGWuPUYGwdeNp7gnRaJebU,1071
+shipwright_kit-0.6.0.dist-info/METADATA,sha256=eb8elL21kepIQ9A2zl0eWLt9NYhJ_Qbs9oqz4fvu124,6724
+shipwright_kit-0.6.0.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
+shipwright_kit-0.6.0.dist-info/entry_points.txt,sha256=AK97I8ybvBfmqBuhHbHWjiCZB1aRdVQbiGIuhaQuvuw,78
+shipwright_kit-0.6.0.dist-info/top_level.txt,sha256=IeyPm8RS7fJO8sk7Z26EsSiPhWlnmwxm3f1KSTsxsaQ,15
+shipwright_kit-0.6.0.dist-info/RECORD,,

shipwright_kit-0.6.0.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (82.0.1)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

shipwright_kit-0.6.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[shipwright_kit.packs]
+security = shipwright_kit.security.theme:SecurityTheme

shipwright_kit-0.6.0.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Christian Huhn
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

shipwright_kit-0.6.0.dist-info/top_level.txt

@@ -0,0 +1 @@
+shipwright_kit