Metadata-Version: 2.4
Name: aicode-verify
Version: 0.1.0
Summary: Semantic checker for AI-generated Python code.
Author: Shrajesh
License: MIT
License-File: LICENSE
Keywords: ai,lint,security,semantic-checker,static-analysis
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Software Development :: Quality Assurance
Requires-Python: >=3.9
Provides-Extra: dev
Requires-Dist: build>=1.2; extra == 'dev'
Requires-Dist: hatchling>=1.21; extra == 'dev'
Requires-Dist: pytest>=8.0; extra == 'dev'
Requires-Dist: twine>=5.0; extra == 'dev'
Description-Content-Type: text/markdown

# aicode-verify

`aicode-verify` is a semantic checker for AI-generated Python. It parses code without executing it, verifies imported symbols against the current environment, checks direct-call signatures, and scans for common security hazards.

It is intentionally not a style linter. It answers questions like:

- Is this module installed here?
- Does `from package import name` actually exist?
- Does this callable accept the keyword arguments the code uses?
- Did the generated code introduce obvious injection or secret-handling risks?

## Install

```bash
pip install aicode-verify
```

For local development:

```bash
pip install -e ".[dev]"
```

## CLI

```bash
aicode-verify path/to/file.py
aicode-verify src/**/*.py --fail-on high
aicode-verify script.py --format json
```

`--fail-on` accepts `error`, `high`, or `medium`. The default is `error`.

## Python API

```python
from aicode_verify import format_report, verify

source = "import math\nmath.sqrt(value=4)\n"
findings = verify(source)
print(format_report(findings, source))
```

## Pre-commit

Add this to `.pre-commit-config.yaml`:

```yaml
repos:
  - repo: https://github.com/Github-Rajesh/AiCode-Verify
    rev: v0.1.0
    hooks:
      - id: aicode-verify
```

## What it checks today

- Missing top-level imports.
- Missing symbols in `from ... import ...`.
- Direct imported calls such as `pd.read_csv(...)`, `Path(...)`, and `json.loads(...)`.
- Unknown keyword arguments and simple missing required argument cases.
- Security patterns including `eval`, `exec`, `compile`, `shell=True`, `os.system`, unsafe pickle usage, weak hashes, hardcoded secrets, and SQL f-strings.

## Limitations

The checker does not perform full type inference. Chained calls like `df.groupby("x").agg(...)` are only checked where the root object can be resolved statically. That keeps the first release fast and practical while leaving room for future stub-based inference.
