Metadata-Version: 2.4
Name: codesecure-core
Version: 1.0.11
Summary: Enterprise-grade security analysis core engine
License: MIT
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: pydantic>=2.0.0
Requires-Dist: jinja2>=3.1.0
Requires-Dist: asyncio>=3.4.3
Requires-Dist: rich>=13.0.0
Requires-Dist: mermaid-py>=0.1.0
Requires-Dist: markdown>=3.5.2
Requires-Dist: pygments>=2.17.2
Requires-Dist: packaging>=24.0
Requires-Dist: bandit>=1.7.0
Requires-Dist: semgrep>=1.0.0; sys_platform != "win32"
Requires-Dist: checkov>=3.0.0
Requires-Dist: detect-secrets>=1.4.0
Requires-Dist: pip-audit>=2.0.0
Requires-Dist: pip-licenses>=4.0.0
Requires-Dist: pyyaml>=6.0
Provides-Extra: google
Requires-Dist: google-genai>=1.0.0; extra == "google"
Provides-Extra: openai
Requires-Dist: openai>=1.0.0; extra == "openai"
Provides-Extra: anthropicai
Requires-Dist: anthropic>=0.40.0; extra == "anthropicai"
Provides-Extra: aws
Provides-Extra: all
Requires-Dist: codesecure-core[anthropicai,google,openai]; extra == "all"
Dynamic: license-file

# CodeSecure Core (`codesecure-core`)

The `codesecure-core` package is the programmatic orchestration brain of the CodeSecure platform. It provides the centralized, stateless logic for executing security scanners, managing asynchronous jobs, and enriching findings with AI models.

## 🎯 Module Purpose

This package encapsulates the strict business logic of the platform, adhering to a "Thin Client" architecture. It does not export command-line (CLI) applications or MCP Transport interfaces directly. Instead, it provides a stable Python API (Singletons) designed to be consumed by other packages in the CodeSecure monorepo, such as `codesecure-cli` and `codesecure-mcp`.

## 📦 Local Installation

Because `core` has no dependency on the UI/CLI layer, it can be installed natively for programmatic API usage.

```bash
cd packages/core
python -m venv .venv

# Install the core logic with basic SAST scanners
pip install -e .

# [Optional] Install AI providers (Google Gemini or Kiro CLI dependencies)
pip install -e .[google,aws]
```

## 🔌 Exported APIs & Features

The Core package exposes Manager classes via the Singleton pattern:

1. **`ScannerEngine`**: Orchestrates local/container execution for Bandit, Semgrep, Checkov, detect-secrets, npm-audit, pip-audit, etc.
   ```python
   from codesecure.scanners.engine import get_scanner_engine
   ```
2. **`JobManager`**: Async execution tracking, lock management, TTL limits, and progress percentages.
   ```python
   from codesecure.jobs.manager import get_job_manager
   ```
3. **`AIProviderManager`**: Abstracts batch prompting against Gemini and Kiro. Calculates False Positive tracking dynamically.
   ```python
   from codesecure.ai_providers.manager import get_ai_manager
   ```

## 🛠️ Integration Example

Here is how a downstream module (like the MCP server) imports and utilizes the core library programmatically:

```python
import asyncio
from pathlib import Path
from codesecure.common.models import ScanMode, CloudProvider
from codesecure.scanners.engine import get_scanner_engine

async def programmatically_scan(target_dir: str):
    scan_path = Path(target_dir).resolve()
    engine = get_scanner_engine()
    
    # Check available scanners
    available = engine.get_available_scanners(ScanMode.LOCAL)
    print(f"Scanners ready: {available}")
    
    # Run a unified scan seamlessly combining multiple tools
    result = await engine.run_scan(
        path=scan_path,
        mode=ScanMode.LOCAL,
        cloud_provider=CloudProvider.NONE
    )
    
    print(f"Total findings discovered: {len(result.findings)}")

asyncio.run(programmatically_scan("./my_project"))
```
