zwischen-cli 0.1.0__tar.gz

zwischen_cli-0.1.0/PKG-INFO

@@ -0,0 +1,108 @@
+Metadata-Version: 2.4
+Name: zwischen-cli
+Version: 0.1.0
+Summary: AI-augmented security scanning for vibe coders. Zero-config secrets detection and vulnerability scanning.
+Author-email: Conner Jordan <connercharlesjordan@gmail.com>
+License: MIT
+Project-URL: Homepage, https://github.com/cjordan223/zwischen
+Project-URL: Repository, https://github.com/cjordan223/zwischen.git
+Project-URL: Issues, https://github.com/cjordan223/Zwischen/issues
+Keywords: security,scanner,secrets,gitleaks,semgrep,ai,vulnerability,sast
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+Requires-Dist: click>=8.0.0
+Requires-Dist: pyyaml>=6.0
+Requires-Dist: requests>=2.28.0
+
+# Zwischen Python Package
+
+Python wrapper for Zwischen, an AI-augmented security scanning CLI. This package exposes a Python implementation of the core workflow for Python users.
+
+The Ruby gem in the repository root is currently the canonical implementation. This wrapper has a smaller command surface and may not match every Ruby feature.
+
+## Installation
+
+```bash
+pip install zwischen-cli
+```
+
+The PyPI distribution is named `zwischen-cli` (the bare `zwischen` name is taken by an unrelated project), but the installed command is still `zwischen`.
+
+For local development:
+
+```bash
+cd packages/pip
+python -m pip install -e .
+zwischen --help
+```
+
+## Commands
+
+```bash
+zwischen init
+zwischen scan
+zwischen scan --ai ollama
+zwischen scan --ai openai --api-key "$OPENAI_API_KEY"
+zwischen scan --format json
+zwischen scan --pre-push
+zwischen doctor
+```
+
+Supported scan flags:
+
+- `--ai`: `ollama`, `openai`, or `anthropic`
+- `--api-key`: provider API key
+- `--format`: `terminal` or `json`
+- `--pre-push`: compact hook mode
+
+Not currently supported in this wrapper:
+
+- `zwischen uninstall`
+- `zwischen scan --only ...`
+- Ruby's changed-file filtering for `--pre-push`
+
+## Behavior
+
+`zwischen init` tries to install Gitleaks into `~/.zwischen/bin`, creates `.zwischen.yml`, checks whether Semgrep is available, and installs or appends a Git `pre-push` hook when run inside a Git repository.
+
+Semgrep is optional:
+
+```bash
+pip install semgrep
+```
+
+## Configuration
+
+The Python wrapper creates this shape:
+
+```yaml
+ai:
+  enabled: true
+  pre_push_enabled: false
+  provider: ollama
+  model: llama3
+
+blocking:
+  severity: high
+
+scanners:
+  gitleaks: true
+  semgrep: true
+```
+
+Blocking severities are `high`, `critical`, or `none`.
+
+## License
+
+MIT

zwischen_cli-0.1.0/README.md

@@ -0,0 +1,81 @@
+# Zwischen Python Package
+
+Python wrapper for Zwischen, an AI-augmented security scanning CLI. This package exposes a Python implementation of the core workflow for Python users.
+
+The Ruby gem in the repository root is currently the canonical implementation. This wrapper has a smaller command surface and may not match every Ruby feature.
+
+## Installation
+
+```bash
+pip install zwischen-cli
+```
+
+The PyPI distribution is named `zwischen-cli` (the bare `zwischen` name is taken by an unrelated project), but the installed command is still `zwischen`.
+
+For local development:
+
+```bash
+cd packages/pip
+python -m pip install -e .
+zwischen --help
+```
+
+## Commands
+
+```bash
+zwischen init
+zwischen scan
+zwischen scan --ai ollama
+zwischen scan --ai openai --api-key "$OPENAI_API_KEY"
+zwischen scan --format json
+zwischen scan --pre-push
+zwischen doctor
+```
+
+Supported scan flags:
+
+- `--ai`: `ollama`, `openai`, or `anthropic`
+- `--api-key`: provider API key
+- `--format`: `terminal` or `json`
+- `--pre-push`: compact hook mode
+
+Not currently supported in this wrapper:
+
+- `zwischen uninstall`
+- `zwischen scan --only ...`
+- Ruby's changed-file filtering for `--pre-push`
+
+## Behavior
+
+`zwischen init` tries to install Gitleaks into `~/.zwischen/bin`, creates `.zwischen.yml`, checks whether Semgrep is available, and installs or appends a Git `pre-push` hook when run inside a Git repository.
+
+Semgrep is optional:
+
+```bash
+pip install semgrep
+```
+
+## Configuration
+
+The Python wrapper creates this shape:
+
+```yaml
+ai:
+  enabled: true
+  pre_push_enabled: false
+  provider: ollama
+  model: llama3
+
+blocking:
+  severity: high
+
+scanners:
+  gitleaks: true
+  semgrep: true
+```
+
+Blocking severities are `high`, `critical`, or `none`.
+
+## License
+
+MIT

zwischen_cli-0.1.0/pyproject.toml

@@ -0,0 +1,44 @@
+[build-system]
+requires = ["setuptools>=61.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "zwischen-cli"
+version = "0.1.0"
+description = "AI-augmented security scanning for vibe coders. Zero-config secrets detection and vulnerability scanning."
+readme = "README.md"
+license = {text = "MIT"}
+authors = [
+    {name = "Conner Jordan", email = "connercharlesjordan@gmail.com"}
+]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Environment :: Console",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Topic :: Security",
+    "Topic :: Software Development :: Quality Assurance",
+]
+keywords = ["security", "scanner", "secrets", "gitleaks", "semgrep", "ai", "vulnerability", "sast"]
+requires-python = ">=3.9"
+dependencies = [
+    "click>=8.0.0",
+    "pyyaml>=6.0",
+    "requests>=2.28.0",
+]
+
+[project.scripts]
+zwischen = "zwischen.cli:main"
+
+[project.urls]
+Homepage = "https://github.com/cjordan223/zwischen"
+Repository = "https://github.com/cjordan223/zwischen.git"
+Issues = "https://github.com/cjordan223/Zwischen/issues"
+
+[tool.setuptools.packages.find]
+where = ["."]

zwischen_cli-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

zwischen_cli-0.1.0/zwischen/__init__.py

@@ -0,0 +1,22 @@
+"""Zwischen - AI-augmented security scanning for vibe coders."""
+
+__version__ = "0.1.0"
+
+from .scanner import scan, run_gitleaks, run_semgrep
+from .installer import install_gitleaks, get_gitleaks_path, is_gitleaks_installed
+from .config import load_config, create_config
+from .ai import analyze_with_ai
+from .detector import detect_project
+
+__all__ = [
+    "scan",
+    "run_gitleaks",
+    "run_semgrep",
+    "install_gitleaks",
+    "get_gitleaks_path",
+    "is_gitleaks_installed",
+    "load_config",
+    "create_config",
+    "analyze_with_ai",
+    "detect_project",
+]

zwischen_cli-0.1.0/zwischen/ai.py

@@ -0,0 +1,180 @@
+"""AI provider clients for Zwischen."""
+
+import json
+import os
+import re
+from typing import Any
+
+import requests
+
+
+def _build_prompt(findings: list[dict]) -> str:
+    """Build AI analysis prompt."""
+    def format_finding(i: int, f: dict) -> str:
+        code_line = f"   Code: {f['code_snippet']}" if f.get('code_snippet') else ""
+        return (
+            f"{i + 1}. [{(f.get('severity') or 'medium').upper()}] {f['file']}:{f['line']}\n"
+            f"   Rule: {f.get('rule_id', 'unknown')}\n"
+            f"   Message: {f.get('message', '')}\n"
+            f"{code_line}"
+        )
+
+    findings_text = "\n\n".join(format_finding(i, f) for i, f in enumerate(findings))
+
+    return f"""You are a senior security engineer reviewing security scan findings. Analyze the following findings and provide:
+
+1. Prioritization: Which findings are most critical and should be addressed first?
+2. False positives: Are any of these false positives that can be safely ignored?
+3. Fix suggestions: For each real finding, provide a clear, actionable fix suggestion.
+
+Findings:
+{findings_text}
+
+Please respond in the following JSON format for each finding (by index number):
+{{
+  "1": {{
+    "priority": "high|medium|low",
+    "is_false_positive": false,
+    "fix_suggestion": "Clear explanation of how to fix this issue",
+    "risk_explanation": "Why this is a security risk"
+  }}
+}}
+
+If a finding is a false positive, set is_false_positive to true and explain why."""
+
+
+def _call_ollama(prompt: str, config: dict) -> str:
+    """Call Ollama API."""
+    base_url = config.get("url", "http://localhost:11434")
+    model = config.get("model", "llama3")
+
+    response = requests.post(
+        f"{base_url}/api/chat",
+        json={
+            "model": model,
+            "messages": [{"role": "user", "content": prompt}],
+            "stream": False,
+        },
+        timeout=120,
+    )
+
+    if response.status_code != 200:
+        raise Exception(f"Ollama error: {response.text}")
+
+    data = response.json()
+    if "error" in data:
+        raise Exception(f"Ollama error: {data['error']}")
+
+    return data.get("message", {}).get("content", "")
+
+
+def _call_openai(prompt: str, config: dict) -> str:
+    """Call OpenAI API."""
+    api_key = config.get("api_key") or os.environ.get("OPENAI_API_KEY")
+    if not api_key:
+        raise Exception("OpenAI API key not found. Set OPENAI_API_KEY or provide --api-key")
+
+    model = config.get("model", "gpt-4o-mini")
+
+    response = requests.post(
+        "https://api.openai.com/v1/chat/completions",
+        headers={
+            "Authorization": f"Bearer {api_key}",
+            "Content-Type": "application/json",
+        },
+        json={
+            "model": model,
+            "messages": [{"role": "user", "content": prompt}],
+        },
+        timeout=120,
+    )
+
+    if response.status_code != 200:
+        raise Exception(f"OpenAI error: {response.text}")
+
+    data = response.json()
+    if "error" in data:
+        raise Exception(f"OpenAI error: {data['error']['message']}")
+
+    return data.get("choices", [{}])[0].get("message", {}).get("content", "")
+
+
+def _call_anthropic(prompt: str, config: dict) -> str:
+    """Call Anthropic API."""
+    api_key = config.get("api_key") or os.environ.get("ANTHROPIC_API_KEY")
+    if not api_key:
+        raise Exception("Anthropic API key not found. Set ANTHROPIC_API_KEY or provide --api-key")
+
+    model = config.get("model", "claude-3-haiku-20240307")
+
+    response = requests.post(
+        "https://api.anthropic.com/v1/messages",
+        headers={
+            "x-api-key": api_key,
+            "anthropic-version": "2023-06-01",
+            "Content-Type": "application/json",
+        },
+        json={
+            "model": model,
+            "max_tokens": 4096,
+            "messages": [{"role": "user", "content": prompt}],
+        },
+        timeout=120,
+    )
+
+    if response.status_code != 200:
+        raise Exception(f"Anthropic error: {response.text}")
+
+    data = response.json()
+    if "error" in data:
+        raise Exception(f"Anthropic error: {data['error']['message']}")
+
+    return data.get("content", [{}])[0].get("text", "")
+
+
+def analyze_with_ai(
+    findings: list[dict],
+    provider: str = "ollama",
+    api_key: str | None = None,
+    **config,
+) -> list[dict]:
+    """Analyze findings with AI."""
+    if not findings:
+        return findings
+
+    prompt = _build_prompt(findings)
+    config["api_key"] = api_key
+
+    provider = provider.lower()
+    if provider == "ollama":
+        response = _call_ollama(prompt, config)
+    elif provider == "openai":
+        response = _call_openai(prompt, config)
+    elif provider in ("anthropic", "claude"):
+        response = _call_anthropic(prompt, config)
+    else:
+        raise Exception(f"Unknown AI provider: {provider}")
+
+    # Parse AI response
+    try:
+        json_match = re.search(r"\{[\s\S]*\}", response)
+        if not json_match:
+            return findings
+
+        analysis = json.loads(json_match.group())
+
+        return [
+            {
+                **f,
+                "ai_priority": analysis.get(str(i + 1), {}).get("priority"),
+                "ai_false_positive": analysis.get(str(i + 1), {}).get("is_false_positive", False),
+                "ai_fix_suggestion": analysis.get(str(i + 1), {}).get("fix_suggestion"),
+                "ai_risk_explanation": analysis.get(str(i + 1), {}).get("risk_explanation"),
+            }
+            for i, f in enumerate(findings)
+        ]
+
+    except (json.JSONDecodeError, Exception) as e:
+        if os.environ.get("DEBUG"):
+            print(f"Failed to parse AI response: {e}")
+        return findings

zwischen_cli-0.1.0/zwischen/cli.py

@@ -0,0 +1,39 @@
+"""Command-line interface for Zwischen."""
+
+import click
+from .scanner import scan as do_scan
+from .init import init as do_init
+from .doctor import doctor as do_doctor
+
+
+@click.group()
+@click.version_option()
+def main():
+    """AI-augmented security scanning for vibe coders."""
+    pass
+
+
+@main.command()
+def init():
+    """Initialize Zwischen in your project."""
+    do_init()
+
+
+@main.command()
+@click.option("--ai", help="AI provider (ollama, openai, anthropic)")
+@click.option("--api-key", help="API key for AI provider")
+@click.option("--format", "output_format", default="terminal", help="Output format (terminal, json)")
+@click.option("--pre-push", is_flag=True, help="Pre-push mode (compact output)")
+def scan(ai, api_key, output_format, pre_push):
+    """Run security scan."""
+    do_scan(ai=ai, api_key=api_key, output_format=output_format, pre_push=pre_push)
+
+
+@main.command()
+def doctor():
+    """Check if required tools are installed."""
+    do_doctor()
+
+
+if __name__ == "__main__":
+    main()

zwischen_cli-0.1.0/zwischen/config.py

@@ -0,0 +1,103 @@
+"""Configuration handling for Zwischen."""
+
+from pathlib import Path
+from typing import Any
+import yaml
+
+DEFAULT_CONFIG = {
+    "ai": {
+        "enabled": True,
+        "pre_push_enabled": False,
+        "provider": "ollama",
+        "model": "llama3",
+    },
+    "blocking": {
+        "severity": "high",
+    },
+    "scanners": {
+        "gitleaks": {"enabled": True},
+        "semgrep": {"enabled": True, "config": "p/security-audit"},
+    },
+    "ignore": [
+        "**/node_modules/**",
+        "**/vendor/**",
+        "**/.git/**",
+        "**/dist/**",
+        "**/build/**",
+        "**/test/fixtures/**",
+    ],
+}
+
+EXAMPLE_CONFIG = """# Zwischen Configuration
+
+# AI Provider Configuration
+ai:
+  enabled: true
+  pre_push_enabled: false  # Disable AI in pre-push hooks (performance)
+  provider: ollama         # Options: ollama, openai, anthropic
+  model: llama3            # Model name for your provider
+  # url: http://localhost:11434  # For Ollama (default)
+  # api_key: null          # For OpenAI/Anthropic (or use env vars)
+
+# What blocks a push
+blocking:
+  severity: high  # block on high or critical (default)
+  # severity: critical  # only block on critical
+  # severity: none  # never block, just warn
+
+# Scanner Configuration
+scanners:
+  gitleaks: true  # Auto-installed if missing
+  semgrep: true   # Optional, install with: pip install semgrep
+
+# Ignored Paths (glob patterns)
+ignore:
+  - "**/node_modules/**"
+  - "**/vendor/**"
+  - "**/.git/**"
+  - "**/dist/**"
+  - "**/build/**"
+"""
+
+
+def deep_merge(base: dict, override: dict) -> dict:
+    """Deep merge two dictionaries."""
+    result = base.copy()
+    for key, value in override.items():
+        if (
+            key in result
+            and isinstance(result[key], dict)
+            and isinstance(value, dict)
+        ):
+            result[key] = deep_merge(result[key], value)
+        else:
+            result[key] = value
+    return result
+
+
+def load_config(project_root: str | Path = ".") -> dict:
+    """Load configuration from .zwischen.yml."""
+    config_path = Path(project_root) / ".zwischen.yml"
+
+    if not config_path.exists():
+        return DEFAULT_CONFIG.copy()
+
+    try:
+        with open(config_path) as f:
+            user_config = yaml.safe_load(f) or {}
+        return deep_merge(DEFAULT_CONFIG, user_config)
+    except Exception as e:
+        print(f"Warning: Could not parse .zwischen.yml: {e}")
+        return DEFAULT_CONFIG.copy()
+
+
+def create_config(project_root: str | Path = ".") -> bool:
+    """Create configuration file."""
+    config_path = Path(project_root) / ".zwischen.yml"
+
+    if config_path.exists():
+        return False
+
+    with open(config_path, "w") as f:
+        f.write(EXAMPLE_CONFIG)
+    return True