Metadata-Version: 2.4
Name: xelo
Version: 0.1.2
Summary: AI SBOM generator with portable schema
Author: NuGuardAI
License-Expression: Apache-2.0
Project-URL: Homepage, https://nuguard.ai
Keywords: sbom,aibom,cyclonedx,security,llm,agent
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Build Tools
Requires-Python: >=3.11
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: pydantic<3,>=2.7.0
Requires-Dist: structlog<26,>=24.0
Requires-Dist: tree-sitter<1,>=0.23
Requires-Dist: tree-sitter-javascript<1,>=0.23
Requires-Dist: tree-sitter-typescript<1,>=0.23
Requires-Dist: cyclonedx-bom<8,>=4.4
Requires-Dist: litellm<2,>=1.40
Provides-Extra: ts
Requires-Dist: tree-sitter<1,>=0.23; extra == "ts"
Requires-Dist: tree-sitter-javascript<1,>=0.23; extra == "ts"
Requires-Dist: tree-sitter-typescript<1,>=0.23; extra == "ts"
Provides-Extra: cdx
Requires-Dist: cyclonedx-bom<8,>=4.4; extra == "cdx"
Provides-Extra: llm
Requires-Dist: litellm<2,>=1.40; extra == "llm"
Provides-Extra: all
Requires-Dist: tree-sitter<1,>=0.23; extra == "all"
Requires-Dist: tree-sitter-javascript<1,>=0.23; extra == "all"
Requires-Dist: tree-sitter-typescript<1,>=0.23; extra == "all"
Requires-Dist: cyclonedx-bom<8,>=4.4; extra == "all"
Requires-Dist: litellm<2,>=1.40; extra == "all"
Provides-Extra: dev
Requires-Dist: pytest>=8.0.0; extra == "dev"
Requires-Dist: pytest-cov>=5.0.0; extra == "dev"
Requires-Dist: ruff>=0.8.0; extra == "dev"
Requires-Dist: mypy>=1.10.0; extra == "dev"
Requires-Dist: cyclonedx-bom<8,>=4.4; extra == "dev"
Requires-Dist: tree-sitter<1,>=0.23; extra == "dev"
Requires-Dist: tree-sitter-javascript<1,>=0.23; extra == "dev"
Requires-Dist: tree-sitter-typescript<1,>=0.23; extra == "dev"
Requires-Dist: litellm<2,>=1.40; extra == "dev"
Dynamic: license-file

# Xelo

Xelo is an open-source AI SBOM generator for agentic and LLM-powered applications.
It scans code and configuration, produces AI-BOM JSON, and can export CycloneDX-compatible output for security and compliance workflows.

## Why Xelo

- Detects AI-specific components (agents, models, tools, prompts, datastores, guardrails, auth, deployment artifacts).
- Works on mixed Python and TypeScript repositories.
- Recursively scans `requirements.txt`, `pyproject.toml`, and `package.json` files at any depth in the project tree.
- Uses deterministic extraction by default.
- Supports optional LLM enrichment when you explicitly enable it.

## Supported Frameworks

Xelo detects components from the following AI/agent frameworks out of the box:

**Python:** LangChain, LangGraph, OpenAI Agents SDK, CrewAI (code + YAML configs), AutoGen (code + YAML configs), Google ADK, LlamaIndex, Agno, AWS BedrockAgentCore, Azure AI Agent Service, Guardrails AI, MCP Server, Semantic Kernel

**TypeScript / JavaScript:** LangChain.js, LangGraph.js, OpenAI Agents (TS), Azure AI Agents (TS), Agno (TS), MCP Server (TS)

## Installation

```bash
pip install xelo
```

Install for development:

```bash
pip install -e ".[dev]"
```

## Quickstart

Generate an AI-BOM from a local path:

```bash
xelo scan path ./my-repo --format json --output sbom.json
```

CLI alias: `ai-sbom`.

## CLI Commands

| Command | Description |
| --- | --- |
| `xelo scan path <PATH>` | Scan a local repository path |
| `xelo scan repo <URL>` | Clone and scan a remote repository |

Run `xelo --help` or `xelo <command> --help` for all flags.

## Configuration

`xelo scan` can be configured via `.env` values and CLI flags. CLI flags take precedence.

Environment variables:

- `AISBOM_ENABLE_LLM=true|false`
- `AISBOM_LLM_MODEL=<litellm model string>`
- `AISBOM_LLM_BUDGET_TOKENS=<int>`
- `AISBOM_LLM_API_KEY=<optional key>`

Example enabling enrichment:

```bash
xelo scan path ./my-repo --enable-llm --llm-model gpt-4o-mini --output sbom.json
```

## Development

```bash
pip install -e ".[dev]"
ruff check src tests
mypy src
pytest
```

## Project Docs

- [Documentation Index](./docs/README.md)
- [Getting Started](./docs/getting-started.md)
- [CLI Reference](./docs/cli-reference.md)
- [Developer Guide](./docs/developer-guide.md)
- [Troubleshooting](./docs/troubleshooting.md)
- [Documentation Changelog](./docs/CHANGELOG.md)
- [Contributing](./CONTRIBUTING.md)
- [Security Policy](./SECURITY.md)
- [Support](./SUPPORT.md)
- [Governance](./GOVERNANCE.md)
- [Roadmap](./ROADMAP.md)
- [Code of Conduct](./CODE_OF_CONDUCT.md)

## License

Apache-2.0. See [LICENSE](./LICENSE).
