Metadata-Version: 2.4
Name: ose-auditor
Version: 1.0.1
Summary: OSE Auditor: a financial-logic security scanner for Node.js/TypeScript projects.
Author: Crestsek
License-Expression: MIT
Project-URL: Homepage, https://ose.crestsek.com
Project-URL: Repository, https://github.com/crestseklogistics/ose-auditor
Project-URL: Issues, https://github.com/crestseklogistics/ose-auditor/issues
Keywords: security,audit,sast,vulnerability-scanner,nodejs,typescript,fintech
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Quality Assurance
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: ose-auditor-fsa>=1.0.0
Provides-Extra: http
Requires-Dist: httpx>=0.27; extra == "http"
Provides-Extra: analysis
Requires-Dist: tree-sitter>=0.21; extra == "analysis"
Requires-Dist: tree-sitter-javascript>=0.21; extra == "analysis"
Requires-Dist: tree-sitter-typescript>=0.21; extra == "analysis"
Provides-Extra: mcp
Provides-Extra: dev
Requires-Dist: pytest>=7.0; extra == "dev"
Requires-Dist: pytest-asyncio>=0.21; extra == "dev"
Dynamic: license-file

# OSE Auditor

**OSE Auditor** is an autonomous financial and logic exploit detection engine that uses deterministic code analysis and AI remediation to discover money‑losing vulnerabilities before deployment.

## Installation

```bash
pip install ose-auditor
Usage
bash
ose audit ./your-project
Quick Example
bash
# Install OSE Auditor
pip install ose-auditor

# Run an audit on your Node.js project
ose audit /path/to/your/nodejs/project --debug
What OSE Audits
OSE detects financial and business logic vulnerabilities including:

Broken Authorization – functions that mutate financial state without authentication checks

Broken Access Control – resource access without ownership verification

Privilege Escalation – user-controlled input in authorization decisions

Double Spend – race conditions that allow duplicate transactions

Unchecked External Calls – external API calls without error handling

Invalid State Transitions – state changes without prerequisite validation

Settlement Bypass – order completion without payment confirmation

Requirements
Python 3.9 or higher

Node.js project (JavaScript/TypeScript)

License
MIT License

Links
Homepage

Documentation

GitHub Repository

Issue Tracker
