vexa-core 1.0.35__tar.gz

vexa_core-1.0.35/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 noviqtechnologies
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

vexa_core-1.0.35/PKG-INFO

@@ -0,0 +1,81 @@
+Metadata-Version: 2.4
+Name: vexa-core
+Version: 1.0.35
+Summary: Enterprise-grade security analysis core engine — air-gapped scanning with AI-powered fixes
+Author-email: Noviq Technologies <support@noviqtechnologies.com>
+License: MIT
+Project-URL: Homepage, https://codesecure.dev
+Project-URL: Repository, https://github.com/noviqtechnologies/vexa
+Project-URL: Documentation, https://github.com/noviqtechnologies/vexa/blob/main/docs/QUICKSTART.md
+Project-URL: Issues, https://github.com/noviqtechnologies/vexa/issues
+Keywords: security,sast,vulnerability,scanner,privacy,ai,bandit,semgrep,checkov
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: pydantic>=2.0.0
+Requires-Dist: jinja2>=3.1.0
+Requires-Dist: asyncio>=3.4.3
+Requires-Dist: rich>=13.0.0
+Requires-Dist: mermaid-py>=0.1.0
+Requires-Dist: markdown>=3.5.2
+Requires-Dist: pygments>=2.17.2
+Requires-Dist: packaging>=24.0
+Requires-Dist: bandit>=1.7.0
+Requires-Dist: semgrep>=1.0.0; sys_platform != "win32"
+Requires-Dist: checkov>=3.0.0
+Requires-Dist: detect-secrets>=1.4.0
+Requires-Dist: pip-audit>=2.0.0
+Requires-Dist: pip-licenses>=4.0.0
+Requires-Dist: pyyaml>=6.0
+Provides-Extra: google
+Requires-Dist: google-genai>=1.0.0; extra == "google"
+Provides-Extra: openai
+Requires-Dist: openai>=1.0.0; extra == "openai"
+Provides-Extra: anthropicai
+Requires-Dist: anthropic>=0.40.0; extra == "anthropicai"
+Provides-Extra: aws
+Provides-Extra: all
+Requires-Dist: vexa-core[anthropicai,google,openai]; extra == "all"
+Dynamic: license-file
+
+# Vexa Core SDK
+![Vexa Logo](logo.png)
+The fundamental engine powering AI-native security analysis.
+
+Vexa Core provides the underlying logic for multi-scanner orchestration, AI-powered remediation, and security audit logging.
+
+### Installation
+```bash
+pip install vexa-core
+```
+
+### Getting Started
+```python
+from vexa.core.engine import ScanEngine
+from vexa.ai_providers import AIManager
+
+# Initialize engine with default scanners
+engine = ScanEngine(scanners=['bandit', 'semgrep'])
+
+# Run analysis
+findings = engine.scan_file("insecure.py")
+
+for finding in findings:
+    print(f"[{finding.severity}] {finding.title}: {finding.description}")
+```
+
+### Requirements
+- Python 3.9+
+- Security Scanners (Bandit, Semgrep, etc.) installed on PATH.
+
+### License
+MIT License.

vexa_core-1.0.35/README.md

@@ -0,0 +1,32 @@
+# Vexa Core SDK
+![Vexa Logo](logo.png)
+The fundamental engine powering AI-native security analysis.
+
+Vexa Core provides the underlying logic for multi-scanner orchestration, AI-powered remediation, and security audit logging.
+
+### Installation
+```bash
+pip install vexa-core
+```
+
+### Getting Started
+```python
+from vexa.core.engine import ScanEngine
+from vexa.ai_providers import AIManager
+
+# Initialize engine with default scanners
+engine = ScanEngine(scanners=['bandit', 'semgrep'])
+
+# Run analysis
+findings = engine.scan_file("insecure.py")
+
+for finding in findings:
+    print(f"[{finding.severity}] {finding.title}: {finding.description}")
+```
+
+### Requirements
+- Python 3.9+
+- Security Scanners (Bandit, Semgrep, etc.) installed on PATH.
+
+### License
+MIT License.

vexa_core-1.0.35/pyproject.toml

@@ -0,0 +1,62 @@
+[build-system]
+requires = ["setuptools>=61.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "vexa-core"
+version = "1.0.35"
+description = "Enterprise-grade security analysis core engine — air-gapped scanning with AI-powered fixes"
+readme = "README.md"
+requires-python = ">=3.10"
+license = {text = "MIT"}
+authors = [{name = "Noviq Technologies", email = "support@noviqtechnologies.com"}]
+keywords = ["security", "sast", "vulnerability", "scanner", "privacy", "ai", "bandit", "semgrep", "checkov"]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Topic :: Security",
+    "Topic :: Software Development :: Quality Assurance",
+]
+
+
+dependencies = [
+    "pydantic>=2.0.0",
+    "jinja2>=3.1.0",
+    "asyncio>=3.4.3",
+    "rich>=13.0.0",
+    "mermaid-py>=0.1.0",
+    "markdown>=3.5.2",
+    "pygments>=2.17.2",
+    "packaging>=24.0",
+    # Scanners
+    "bandit>=1.7.0",
+    "semgrep>=1.0.0; sys_platform != 'win32'",
+    "checkov>=3.0.0",
+    "detect-secrets>=1.4.0",
+    "pip-audit>=2.0.0",
+    "pip-licenses>=4.0.0",
+    "pyyaml>=6.0",
+]
+
+[project.optional-dependencies]
+google = ["google-genai>=1.0.0"]
+openai = ["openai>=1.0.0"]
+anthropicai = ["anthropic>=0.40.0"]
+# aws = ["kiro-cli>=1.0.0"] # Disabled: not on PyPI, CLI provider disabled
+aws = []
+all = ["vexa-core[google,openai,anthropicai]"]
+
+[tool.setuptools.packages.find]
+where = ["src"]
+include = ["vexa*"]
+
+[project.urls]
+Homepage = "https://codesecure.dev"
+Repository = "https://github.com/noviqtechnologies/vexa"
+Documentation = "https://github.com/noviqtechnologies/vexa/blob/main/docs/QUICKSTART.md"
+Issues = "https://github.com/noviqtechnologies/vexa/issues"

vexa_core-1.0.35/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

vexa_core-1.0.35/setup.py

@@ -0,0 +1,5 @@
+from setuptools import setup
+
+# Delegate to pyproject.toml
+if __name__ == "__main__":
+    setup()

vexa_core-1.0.35/src/vexa/__init__.py

@@ -0,0 +1,19 @@
+"""
+Vexa - Enterprise Security Analysis Platform.
+"""
+
+try:
+    from importlib.metadata import version, PackageNotFoundError
+except ImportError:
+    # Fallback for Python < 3.8
+    try:
+        from importlib_metadata import version, PackageNotFoundError
+    except ImportError:
+        version = lambda _: "unknown"
+        PackageNotFoundError = Exception
+
+try:
+    __version__ = version("vexa-core")
+except (PackageNotFoundError, NameError, ImportError):
+    # Fallback for development where the package is not installed
+    __version__ = "1.0.35"

vexa_core-1.0.35/src/vexa/ai_providers/anthropic_provider.py

@@ -0,0 +1,144 @@
+import asyncio
+from typing import List, Dict, Any, Optional
+
+from vexa.common.models import Finding, EnhancedFinding
+from vexa.common.logging import get_logger
+from vexa.ai_providers.base import (
+    BaseAIProvider, 
+    AIProviderType, 
+    AIProviderStatus,
+)
+from vexa.ai_providers.prompts import GenericPromptBuilder, GenericMarkdownParser
+from vexa.common.config import get_env
+
+logger = get_logger(__name__)
+
+
+class AnthropicWrapper(BaseAIProvider):
+    """Anthropic Provider Implementation"""
+    
+    PROVIDER_TYPE = AIProviderType.ANTHROPIC
+    
+    def __init__(self):
+        self.prompt_builder = GenericPromptBuilder()
+        self.parser = GenericMarkdownParser()
+        self._api_key = get_env("VEXA_ANTHROPIC_API_KEY", "")
+        self._model = get_env("VEXA_ANTHROPIC_MODEL", "claude-sonnet-4-20250514")
+        
+    def _get_client(self):
+        try:
+             import anthropic
+             return anthropic.AsyncAnthropic(api_key=self._api_key)
+        except ImportError:
+             raise RuntimeError("anthropic SDK not installed")
+
+    def set_api_key(self, api_key: str):
+        self._api_key = api_key
+
+    def set_model(self, model: str):
+        self._model = model
+             
+    @property
+    def is_available(self) -> bool:
+        try:
+            import anthropic
+            return bool(self._api_key)
+        except ImportError:
+            return False
+            
+    async def check_availability(self) -> tuple[AIProviderStatus, str]:
+        try:
+            import anthropic
+        except ImportError:
+            return AIProviderStatus.UNAVAILABLE, "Anthropic SDK not found (install with 'pip install anthropic')"
+            
+        if not self._api_key:
+             return AIProviderStatus.UNAVAILABLE, "VEXA_ANTHROPIC_API_KEY is not set"
+             
+        return AIProviderStatus.AVAILABLE, "Ready"
+
+    def _classify_error(self, err_msg: str, status_code: Optional[int] = None) -> str:
+        err_lower = err_msg.lower()
+        if status_code in (401, 403) or any(w in err_lower for w in ["invalid x-api-key", "authentication"]):
+             return "auth"
+        if status_code == 429 or any(w in err_lower for w in ["rate_limit", "too many requests"]):
+             return "rate_limit"
+        return "other"
+
+    async def test_connection(self) -> tuple[AIProviderStatus, str]:
+        status, msg = await self.check_availability()
+        if status != AIProviderStatus.AVAILABLE:
+             return status, msg
+             
+        try:
+            client = self._get_client()
+            logger.info("Validating Anthropic API key with model %s...", self._model)
+            await client.messages.create(
+                model=self._model,
+                messages=[{"role": "user", "content": "Reply with 'ok'"}],
+                max_tokens=5,
+            )
+            return AIProviderStatus.AVAILABLE, "Ready"
+        except Exception as e:
+            err_type = self._classify_error(str(e), getattr(e, "status_code", None))
+            if err_type == "auth":
+                 return AIProviderStatus.ERROR, f"Anthropic Auth Error: {e}"
+            if err_type == "rate_limit":
+                 return AIProviderStatus.ERROR, f"Anthropic Rate Limit Error: {e}"
+            return AIProviderStatus.ERROR, f"Anthropic Connection Failed: {str(e)}"
+
+    async def analyze_findings_batch(
+        self, 
+        findings: List[Finding], 
+        code_contexts: Dict[str, str],
+        batch_size: int = 10,
+        app_context: Optional[Dict[str, Any]] = None,
+        is_workspace_scan: bool = False
+    ) -> List[EnhancedFinding]:
+        
+        if not findings:
+            return []
+            
+        client = self._get_client()
+        prompt = self.prompt_builder.build_batch_prompt(findings, app_context=app_context, is_workspace_scan=is_workspace_scan)
+        
+        system_prompt = (
+            "You are Vexa, an expert AI security assistant. "
+            "Analyze security findings and provide remediation in Markdown format. "
+            "Follow the ZERO-CHATTER RULE: remediation code blocks must contain "
+            "ONLY pure source code, no explanations."
+        )
+        
+        try:
+            logger.info("Sending batch of %d findings to Anthropic (%s)...", len(findings), self._model)
+            
+            response = await client.messages.create(
+                model=self._model,
+                system=system_prompt,
+                messages=[
+                    {"role": "user", "content": prompt}
+                ],
+                temperature=0.2,
+                max_tokens=4096,
+            )
+            
+            text = response.content[0].text if response.content else ""
+            logger.debug("Received AI response length: %d characters", len(text))
+            
+            return self.parser.parse(text, findings)
+            
+        except Exception as e:
+            err_type = self._classify_error(str(e), getattr(e, "status_code", None))
+            if err_type == "rate_limit":
+                 raise RuntimeError(f"Anthropic Rate Limit Exceeded: {e}")
+            logger.exception("Anthropic Analysis failed: %s", e)
+            raise e
+
+    def enhance_finding(self, finding: Finding, analysis: Any) -> EnhancedFinding:
+        pass
+        
+    async def generate_stride_analysis(self, repo_path: Any, category: str) -> Dict[str, Any]:
+        return {"error": "Not implemented"}
+
+def get_anthropic_wrapper() -> AnthropicWrapper:
+    return AnthropicWrapper()