Metadata-Version: 2.4
Name: moyan-security-audit
Version: 1.0.0
Summary: Agent-native security audit SDK for Python
Home-page: https://github.com/sixu-ai/moyan-security-audit-py
Author: Sixu AI
License: MIT
Keywords: security audit code-review agent sast sast moyan sixu
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Topic :: Security
Classifier: Intended Audience :: Developers
Requires-Python: >=3.9
Description-Content-Type: text/markdown
Requires-Dist: requests>=2.31
Requires-Dist: pydantic>=2.0
Dynamic: author
Dynamic: classifier
Dynamic: description
Dynamic: description-content-type
Dynamic: home-page
Dynamic: keywords
Dynamic: license
Dynamic: requires-dist
Dynamic: requires-python
Dynamic: summary

# moyan-security-audit

Agent-native security audit SDK for Python — send source code to the Moyan audit engine and receive structured vulnerability reports with PMI trust scoring.

## Installation

```bash
pip install moyan-security-audit
```

Requires Python >= 3.9.

## Prerequisites

Set your API key via one of:

1. Environment variable:
   ```bash
   export MOYAN_API_KEY="your-api-key"
   ```
2. Config file `~/.moyan/config.json`:
   ```json
   { "apiKey": "your-api-key" }
   ```

If neither is set, the SDK raises `RuntimeError` with a descriptive message.

## Usage

```python
from moyan_audit import audit, AuditOptions

options = AuditOptions(
    code="SELECT * FROM users WHERE id = " + user_id,
    language="sql",
    audit_level="L2",
    timeout=30,
    retries=2,
)

result = audit(options)

print(f"Audit ID: {result.audit_id}")
print(f"PMI Score: {result.pmi_score}")
print(f"Severity: {result.severity}")
print(f"Violations: {len(result.violations)}")
for v in result.violations:
    print(f"  [{v.rule_id}] {v.severity.upper()} — line {v.line}: {v.message}")
print(f"Recommendation: {result.recommendation}")
```

## API Reference

### `audit(options: AuditOptions) -> AuditResult`

| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
| `code` | `str` | Yes | — | Source code to audit |
| `language` | `AuditLanguage` | Yes | — | sql / python / javascript / typescript / java / go / rust / solidity |
| `audit_level` | `AuditLevel` | No | `'L1'` | L1 (quick scan), L2 (deep), L3 (full) |
| `timeout` | `int` | No | `30` | Request timeout in seconds |
| `retries` | `int` | No | `2` | Retry count with exponential backoff (1s, 2s, 4s, ...) |

### AuditResult

| Field | Type | Description |
|---|---|---|
| `audit_id` | `str` | Unique identifier for this audit run |
| `pmi_score` | `float` | PMI trust score (0-100) |
| `severity` | `Literal['pass', 'warn', 'fail']` | Overall verdict |
| `violations` | `list[AuditViolation]` | Detected rule violations |
| `recommendation` | `str` | High-level remediation guidance |

### AuditViolation

| Field | Type | Description |
|---|---|---|
| `rule_id` | `str` | Rule identifier (e.g. SQLI-001) |
| `severity` | `Literal['critical', 'high', 'medium', 'low', 'info']` | Violation severity |
| `message` | `str` | Human-readable description |
| `line` | `int` | Source line number (1-based) |
| `snippet` | `str` | Violating code snippet |
| `fix` | `str` | Suggested remediation |

## API Endpoint

```
POST https://sixu-ai.net.cn/api/v1/audit
Authorization: Bearer <MOYAN_API_KEY>
Content-Type: application/json

{ "code": "...", "language": "sql", "audit_level": "L2" }
```

## License

MIT
