Metadata-Version: 2.4
Name: codet-cli
Version: 0.5.0
Summary: Code review, API testing, and security audit CLI tool
Author: code-t contributors
License: MIT
Project-URL: Homepage, https://github.com/Lxsky-i/code-t
Project-URL: Repository, https://github.com/Lxsky-i/code-t
Project-URL: Issues, https://github.com/Lxsky-i/code-t/issues
Keywords: code-review,security-audit,api-testing,static-analysis
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Typing :: Typed
Classifier: Topic :: Software Development :: Quality Assurance
Classifier: Topic :: Security
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: typer>=0.9.0
Requires-Dist: rich>=13.0.0
Requires-Dist: pydantic>=2.0.0
Requires-Dist: pyyaml>=6.0
Provides-Extra: dev
Requires-Dist: pytest>=7.0.0; extra == "dev"
Requires-Dist: pytest-cov>=4.0.0; extra == "dev"
Requires-Dist: black>=23.0.0; extra == "dev"
Requires-Dist: ruff>=0.1.0; extra == "dev"
Requires-Dist: mypy>=1.0.0; extra == "dev"
Requires-Dist: pyinstaller>=6.0; extra == "dev"
Dynamic: license-file

# code-t — Code Review + API Testing + Security Audit Tool

[![Tests](https://img.shields.io/badge/tests-passing-brightgreen.svg)](#development)
[![Coverage](https://img.shields.io/badge/coverage-95%25-brightgreen.svg)](#development)
[![Python](https://img.shields.io/badge/Python-3.10+-blue.svg)](https://www.python.org/)
[![License](https://img.shields.io/badge/License-MIT-green.svg)](#license)

code-t is a local-first CLI for reviewing code quality, discovering APIs, auditing security risk, and producing actionable reports.

## Features

- Code review for maintainability, structure, naming, complexity, and error handling.
- Security audit checks for secrets, injection risks, unsafe configuration, path traversal, weak randomness, and dependency risk.
- API discovery across common backend frameworks and route declaration styles.
- Multi-format reports for humans, automation, CI systems, and security platforms.
- Rule registry with categorized rule packs, severity metadata, and CWE/OWASP mapping.
- Safe project scanning that skips irrelevant directories and binary content.

## Installation

Install from PyPI:

```bash
pip install code-t
```

Install from GitHub as an alternative:

```bash
pip install "git+https://github.com/Lxsky-i/code-t.git"
```

Install for local development:

```bash
pip install -e ".[dev]"
```

## Quick Start

Analyze a project:

```bash
code-t analyze /path/to/project
```

Generate a JSON report:

```bash
code-t analyze . --format json
```

Generate a SARIF report:

```bash
code-t analyze . --format sarif
```

## Architecture

code-t runs a five-stage analysis pipeline:

1. Scan: collect source files, metadata, and project structure.
2. Analyze: identify languages, frameworks, dependencies, metrics, and APIs.
3. Review: apply code-quality and maintainability rules.
4. Security: apply security-focused rules with CWE and OWASP context.
5. Report: render findings and summaries in the requested output format.

## Report Formats

- Markdown (`md`) for readable local reports.
- JSON (`json`) for automation and downstream processing.
- HTML (`html`) for browsable dashboards.
- SARIF (`sarif`) for GitHub code scanning and security tooling.
- Terminal (`terminal`) for concise CLI output.

## Rules

code-t includes 105+ rules across 7 rule packs, covering code quality, maintainability, security, API design, configuration, dependencies, and project hygiene. Security rules include CWE and OWASP metadata where applicable.

## Development

Set up the development environment:

```bash
pip install -e ".[dev]"
```

Run the full local CI suite before committing:

```bash
bash scripts/ci.sh
```

On Windows PowerShell:

```powershell
.\scripts\ci.ps1
```

The local CI script runs linting, type checking, unit tests, coverage, and a code-t self-analysis pass. GitHub CI workflows are kept for manual multi-OS validation.

Run the test suite:

```bash
python -m pytest tests/ -q --tb=short
```

Run coverage:

```bash
python -m pytest tests/ --cov=src/codet --cov-report=term-missing -q
```

Run code quality checks:

```bash
ruff check src/ tests/
mypy src/codet/ --ignore-missing-imports
```

Contributions should include focused tests for changed behavior, keep public CLI output stable unless intentionally changed, and preserve the local-first safety model.

## License

MIT
