Metadata-Version: 2.4
Name: apisec-code-bolt
Version: 0.1.1
Summary: Static analysis probe for extracting architectural metadata from codebases
Project-URL: Homepage, https://apisec.ai
Project-URL: Documentation, https://docs.apisec.ai/code-bolt
Project-URL: Repository, https://github.com/apisec-inc/apisec-code-bolt
Author-email: APIsec <engineering@apisec.ai>
License: Proprietary
Keywords: api,security,static-analysis,vulnerability
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Quality Assurance
Classifier: Typing :: Typed
Requires-Python: >=3.11
Requires-Dist: click>=8.1.0
Requires-Dist: httpx>=0.26.0
Requires-Dist: javalang>=0.13.0
Requires-Dist: libcst>=1.1.0
Requires-Dist: networkx>=3.2
Requires-Dist: pathspec>=0.12.0
Requires-Dist: pydantic-settings>=2.1.0
Requires-Dist: pydantic>=2.5.0
Requires-Dist: pyyaml>=6.0
Requires-Dist: rich>=13.7.0
Requires-Dist: tree-sitter-c-sharp>=0.23
Requires-Dist: tree-sitter-javascript>=0.23
Requires-Dist: tree-sitter-typescript>=0.23
Requires-Dist: tree-sitter>=0.23
Requires-Dist: typing-extensions>=4.9.0
Provides-Extra: dev
Requires-Dist: mypy>=1.8.0; extra == 'dev'
Requires-Dist: pytest-asyncio>=0.23.0; extra == 'dev'
Requires-Dist: pytest-cov>=4.1.0; extra == 'dev'
Requires-Dist: pytest>=7.4.0; extra == 'dev'
Requires-Dist: ruff>=0.6; extra == 'dev'
Provides-Extra: semgrep
Requires-Dist: semgrep>=1.50.0; extra == 'semgrep'
Description-Content-Type: text/markdown

# apisec-code-bolt

Static analysis probe for extracting architectural metadata from codebases.

## Overview

apisec-code-bolt analyzes source code to extract:

- **Routes/Endpoints** — HTTP routes, parameters, request/response types
- **Data Flows** — How data moves from entry points to sinks
- **Authentication** — Auth schemes, dependencies, role requirements
- **Integrations** — External services, databases, APIs
- **Dependencies** — Package dependencies and versions

The output is a structured **manifest** that can be uploaded to the APIsec cloud
for vulnerability analysis. **Raw source code never leaves your environment.**

## Installation

```bash
pip install apisec-code-bolt
```

## Quick Start

```bash
# Analyze a project and upload to cloud
apisec-code-bolt analyze /path/to/project

# Analyze and save manifest locally
apisec-code-bolt analyze . --output manifest.json --no-upload

# With framework hints
apisec-code-bolt analyze . --frameworks fastapi,sqlalchemy
```

## Supported Languages & Frameworks

### Currently Supported

| Language | Frameworks |
|----------|-----------|
| Python | FastAPI |
| Java | Spring Boot |

### Planned

| Language | Frameworks |
|----------|-----------|
| Python | Flask, Django |
| Java | Micronaut, Quarkus |
| Kotlin | Spring Boot, Ktor |
| JavaScript/TypeScript | Express, NestJS |

## Configuration

Create a `.codebolt.yaml` file in your project root:

```yaml
analysis:
  file_discovery:
    exclude_patterns:
      - "tests/**"
      - "**/migrations/**"
    max_files: 10000
  
  data_flow:
    mode: inter_procedural
    max_depth: 10

cloud:
  enabled: true
  api_url: https://api.apisec.ai

output:
  format: json
```

## Commands

### analyze

Analyze a codebase and generate a manifest.

```bash
apisec-code-bolt analyze [PATH] [OPTIONS]

Options:
  -o, --output FILE     Save manifest to file
  --no-upload           Skip uploading to cloud
  --format [json|yaml]  Output format
  --config FILE         Path to config file
  --frameworks TEXT     Comma-separated framework hints
  --exclude TEXT        Glob patterns to exclude
  --max-files INTEGER   Maximum files to analyze
  --timeout INTEGER     Analysis timeout in seconds
```

### auth

Authenticate with the APIsec cloud.

```bash
apisec-code-bolt auth [API_KEY] [OPTIONS]

Options:
  --check   Check if already authenticated
  --logout  Remove stored credentials
```

### answer

Answer verification queries (for air-gapped environments).

```bash
apisec-code-bolt answer [OPTIONS]

Options:
  -q, --questions FILE  Input questions file (required)
  -o, --output FILE     Output answers file
  -r, --repo PATH       Repository path
  --timeout INTEGER     Query timeout in seconds
```

## Architecture

```
apisec-code-bolt/
├── cli/                 # Command-line interface
├── core/                # Types, config, manifest schema
├── parsing/             # Language-specific parsers
│   ├── python/          # LibCST-based Python parser
│   └── jvm/             # Java/Kotlin via subprocess
├── frameworks/          # Framework plugins
│   ├── python/          # FastAPI, Flask, Django
│   └── java/            # Spring Boot, Micronaut
├── analysis/            # Call graph, data flow
├── fingerprinting/      # Integration detection
├── query/               # Query API executor
└── cloud/               # Cloud communication
```

## Development

### Setup

```bash
# Clone and install in development mode
git clone https://github.com/apisec-inc/apisec-code-bolt.git
cd apisec-code-bolt
pip install -e ".[dev]"
```

### Running Tests

```bash
pytest
```

### Type Checking

```bash
mypy src/apisec_code_bolt
```

### Linting

```bash
ruff check src/
black --check src/
```

## Privacy

apisec-code-bolt is designed with privacy as a core principle:

- **No raw code egress** — Source code never leaves your environment
- **Metadata only** — The manifest contains structural information, not code
- **Outbound only** — Only makes outbound HTTPS calls to upload manifests
- **Air-gapped support** — Can run completely offline with file-based workflow

## License

Proprietary. Copyright © APIsec.
