Metadata-Version: 2.4
Name: shersec
Version: 0.1.0
Summary: AI-ready security audit agent for mobile, web, and backend projects, starting with mobile apps.
Project-URL: Homepage, https://github.com/isshort/shersec
Project-URL: Repository, https://github.com/isshort/shersec
Project-URL: Issues, https://github.com/isshort/shersec/issues
Author: SherSec Contributors
License-Expression: MIT
License-File: LICENSE
Keywords: android,ios,masvs,mobile,owasp,security,static-analysis
Classifier: Development Status :: 2 - Pre-Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Quality Assurance
Requires-Python: >=3.11
Description-Content-Type: text/markdown

# SherSec

SherSec is an AI-ready security audit agent for modern application projects.

Short purpose:

> SherSec is a security scanner and AI audit agent for modern application projects.

The first milestone focuses on mobile application security. It detects common
mobile project types, runs static checks against Android and cross-platform app
files, and produces actionable reports that can later be enriched by an AI agent.

## Current scope

- Detect Android, iOS, Flutter, and React Native project signals.
- Scan Android manifests for dangerous permissions and insecure configuration.
- Scan source and configuration files for hardcoded secrets and risky patterns.
- Generate terminal, JSON, Markdown, and HTML reports.
- Keep the core scanner independent from any single UI or AI provider.

## Quick start

Install directly from GitHub:

```bash
python -m pip install "shersec @ git+https://github.com/isshort/shersec.git"
shersec scan /path/to/mobile/project --format markdown --output report.md
```

Or install from a local checkout:

```bash
python -m venv .venv
source .venv/bin/activate
pip install -e .
shersec scan ../todo --format markdown --output report.md
```

You can also run the CLI without installing the package:

```bash
PYTHONPATH=src python -m shersec scan ../todo
```

## Python API

```python
from pathlib import Path

from shersec import scan_project

report = scan_project(Path("/path/to/mobile/project"))
print(report.finding_count)
```

## Build package

```bash
python -m pip install build
python -m build
```

The build creates a source distribution and wheel in `dist/`.

## Development checks

```bash
PYTHONPATH=src python -m unittest discover -s tests
PYTHONPYCACHEPREFIX=/tmp/shersec-pycache python -m compileall src tests
```

## Example

```bash
shersec scan /path/to/mobile/project --format json --output shersec-report.json
```

```bash
shersec scan /path/to/mobile/project --format html --output shersec-report.html
```

## Roadmap

1. Android static checks.
2. iOS static checks.
3. OWASP MASVS mapping and richer remediation guidance.
4. AI agent planner for project-specific scan strategy.
5. CI integrations and package releases.

## Development documentation

- [Agent handoff](docs/AGENT_HANDOFF.md)
- [Architecture](docs/ARCHITECTURE.md)
- [Product vision](docs/PRODUCT_VISION.md)
- [Roadmap](docs/ROADMAP.md)
- [Rule authoring](docs/RULE_AUTHORING.md)
