Metadata-Version: 2.4
Name: lex-align
Version: 2.2.2
Summary: Enterprise governance platform for AI-generated code: legal, security, and architectural alignment
Project-URL: Homepage, https://github.com/dlfelps/lex-align
Project-URL: Documentation, https://dlfelps.github.io/lex-align/
Project-URL: Repository, https://github.com/dlfelps/lex-align
Project-URL: Issues, https://github.com/dlfelps/lex-align/issues
Author-email: dlfelps <dlfelps@gmail.com>
License-Expression: MIT
License-File: LICENSE
Keywords: agents,ai,claude,compliance,cve,dependencies,governance,license,security,supply-chain
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Legal Industry
Classifier: Intended Audience :: System Administrators
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: Software Development
Classifier: Topic :: Software Development :: Quality Assurance
Requires-Python: >=3.11
Requires-Dist: click>=8.0
Requires-Dist: httpx>=0.27
Requires-Dist: tomli-w>=1.0
Provides-Extra: server
Requires-Dist: aiosqlite>=0.20; extra == 'server'
Requires-Dist: click>=8.0; extra == 'server'
Requires-Dist: fastapi>=0.115; extra == 'server'
Requires-Dist: httpx>=0.27; extra == 'server'
Requires-Dist: jinja2>=3.1; extra == 'server'
Requires-Dist: pydantic-settings>=2.0; extra == 'server'
Requires-Dist: pydantic>=2.0; extra == 'server'
Requires-Dist: pyyaml>=6.0; extra == 'server'
Requires-Dist: redis>=5.0; extra == 'server'
Requires-Dist: uvicorn[standard]>=0.30; extra == 'server'
Description-Content-Type: text/markdown

<p align="center">
  <img src="https://raw.githubusercontent.com/dlfelps/lex-align/main/lex-align-logo.png" alt="lex-align" width="520">
</p>

<h1 align="center">lex-align</h1>

<p align="center">
  <a href="https://dlfelps.github.io/lex-align/">Docs</a> ·
  <a href="https://dlfelps.github.io/lex-align/getting-started/">Getting started</a> ·
  <a href="https://dlfelps.github.io/lex-align/agent-support/">Agent support</a> ·
  <a href="https://dlfelps.github.io/lex-align/for-agents/">For agents</a>
</p>

`lex-align` enforces your dependency policy before AI agents or developers can
commit it. Every package gets checked against your approved registry, OSV CVE
scores, and license rules — returning one of three deterministic verdicts so
agents can act without ambiguity. Full docs at
[dlfelps.github.io/lex-align](https://dlfelps.github.io/lex-align/).

---

## Why

Your AI coding agent adds packages to `pyproject.toml` faster than anyone can
review them. By the time legal notices the AGPL dep, or security spots the
critical CVE, it's already in `main`. You need the check to happen *before*
the bytes are written, not after the PR is open.

---

## How it works

A FastAPI server is the source of truth. The client is thin: a CLI plus hooks.

- **Three gates per check:** internal registry → OSV CVE → PyPI license.
- **Three-verdict vocabulary:** `ALLOWED`, `PROVISIONALLY_ALLOWED`, `DENIED` —
  small, deterministic, easy for an agent to branch on.
- **Two enforcement points:** a git `pre-commit` hook (universal backstop,
  fires for every agent and every human committing to a governed repo) and a
  Claude Code `PreToolUse` hook that intercepts `pyproject.toml` edits before
  the file is written.
- **Use first, approve in parallel:** an unknown package that passes CVE and
  license checks comes back `PROVISIONALLY_ALLOWED`. The agent uses it, calls
  `request-approval`, and keeps moving — formal review runs async.

Python and `pyproject.toml` only. Self-hosted via Docker Compose. Single-user
mode is the default.

---

## Quickstart

```bash
# Server (host you control)
pip install "lex-align[server]"
lex-align-server init && cd lexalign
lex-align-server registry compile registry.yml registry.json
docker compose up -d

# Client (per-project)
pip install lex-align
cd /path/to/your/project
lex-align-client init
lex-align-client check --package httpx
```

For server tuning, registry authoring, hook layout, and Claude Code wiring,
see the
[full Getting Started guide](https://dlfelps.github.io/lex-align/getting-started/).

---

## Agent support

Primary target is **Claude Code** — pre-commit hook, `PreToolUse` edit-time
intercept, and an auto-written `CLAUDE.md` so every session knows how to use
`check` and `request-approval`. Cursor, Aider, and anything else committing to
a governed repo are backstopped by the pre-commit hook. Full matrix:
[agent support](https://dlfelps.github.io/lex-align/agent-support/).

---

## Project status

| Phase | Status |
|---|---|
| **1.** Server core (registry, license, CVE, audit, evaluate) | ✅ shipped |
| **2.** Thin client (init, check, request-approval, pre-commit, Claude hooks) | ✅ shipped |
| **3.** Approval workflow UI + reporting endpoints | 🟡 stubbed |
| **4.** Dashboards, PR-creation workflow, org-mode auth | ⏸ deferred |

`request-approval` persists each submission today, but the reviewer UI and
the PR-creation workflow against the registry repo are not here yet. If you
need a polished triage dashboard, this isn't that tool — yet.

---

## Contributing

```bash
uv sync --all-extras --all-groups
uv run pytest
```

Tests live under `tests/client/` and `tests/server/`. PRs welcome — file
issues for bugs, license-policy edge cases, or agent-integration gaps.

---

## License

See [LICENSE](./LICENSE).
