Skip to content

Ai domain #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Tuntii merged 2 commits into from
Dec 21, 2025
Merged

Ai domain #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bbfcd4e
!
Tuntii Dec 21, 2025
dd7dac1
!
Tuntii Dec 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,3 +163,8 @@ test.env
# Misc
.DS_Store
memory_bank.md
/openaudit.egg-info
/dist
*.whl
/openaudit.egg-info
openaudit.egg-info/PKG-INFO
162 changes: 79 additions & 83 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,100 +1,91 @@
# OpenAuditKit
<div align="center">

OpenAuditKit is an open-source CLI security audit tool designed to scan your codebase for secrets and configuration vulnerabilities. It emphasizes offline capability, modular design, and secure handling of sensitive data (secret masking).
<img src="https://raw.githubusercontent.com/neuralforgeone/OpenAuditKit/main/assets/logo1.png" alt="OpenAuditKit Logo" width="200" height="auto" />

## Features
- **Secret Scanning**: Detects API keys and secrets using regex and entropy checks.
- **Config Scanning**: Identifies misconfigurations in deployment files (e.g., .env, Dockerfile).
- **Secure**: Secrets are masked in outputs; offline-first design.
- **Backend Ready**: Feature-based architecture with Pydantic models for easy integration into dashboards or APIs.
- **Customizable**: Add your own rules! See [Rule Documentation](openopenaudit/rules/README.md).
# OpenAuditKit

## 🛡️ Why OpenAuditKit?
[![PyPI version](https://badge.fury.io/py/openaudit.svg)](https://badge.fury.io/py/openaudit)
[![Python Versions](https://img.shields.io/pypi/pyversions/openaudit.svg)](https://pypi.org/project/openaudit/)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![Powered by NeuralForge](https://img.shields.io/badge/Powered%20by-NeuralForge.one-dark)](https://neuralforge.one)
Copy link

Copilot AI Dec 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The badge URL appears to use an unusual domain extension. The badge links to "NeuralForge.1" which seems incorrect - it should likely be "NeuralForge.one" (matching the website URL on line 15). The ".1" extension doesn't exist as a valid TLD.

Copilot uses AI. Check for mistakes.

**Next-Gen Security Audit Tool for Modern Codebases.**
*Powered by AI. Secure by Design. Offline First.*

## 🎥 Usage Demo
[🌐 Website](https://neuralforge.one) • [📚 Documentation](https://github.com/neuralforgeone/OpenAuditKit) • [🐛 Report Bug](https://github.com/neuralforgeone/OpenAuditKit/issues)

![OpenAuditKit Demo](path/to/demo.gif)
*(Replace this with your actual usage GIF)*
</div>

## Usage
---

### Basic Scan
```bash
openaudit scan .
```
## � What is OpenAuditKit?
Copy link

Copilot AI Dec 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The emoji appears to be corrupted or missing. The text shows "## � What is OpenAuditKit?" where the � indicates a character encoding issue or a missing/unsupported emoji. This also appears in the PKG-INFO file. Verify that the emoji renders correctly across different terminals and platforms, or replace it with a text-safe alternative.

Suggested change
## What is OpenAuditKit?
## What is OpenAuditKit?

Copilot uses AI. Check for mistakes.

### 🧠 AI-Powered Analysis
Unlock advanced capabilities by configuring your OpenAI API key:
**OpenAuditKit** is not just another linter. It's an intelligent security companion that lives in your terminal. Unlike traditional tools that drown you in false positives, OpenAuditKit combines robust pattern matching (Regex & Entropy) with **Context-Aware AI Agents** to understand *why* a piece of code might be dangerous.

```bash
# 1. Configure API Key
openaudit config set-key sk-your-key-here
Whether you are a solo developer or part of a large enterprise, OpenAuditKit helps you ship secure code faster.

# 2. Run Scan with AI Agents
openaudit scan . --ai
## ✨ Key Features

# 3. Explain a specific file
openaudit explain openaudit/main.py
```
| Feature | Description |
| :--- | :--- |
| **🕵️ Secret Scanning** | Detects API keys, tokens, and credentials with high-entropy validation. |
| **⚙️ Config Audit** | Discovers misconfigurations in `Dockerfile`, `.env`, `Kubernetes`, and more. |
| **🧠 AI Advisory** | **(New)** Integrated AI Agents explain vulnerabilities and suggest fixes. |
| **🏗️ Architecture Analysis** | AI agents analyze your project structure for design flaws. |
| **🛡️ Threat Modeling** | auto-generates STRIDE threat models based on your codebase. |
Copy link

Copilot AI Dec 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Inconsistent capitalization: "auto-generates" should be capitalized consistently with the rest of the table entries. The other feature descriptions start with capital letters after the emoji ("Detects", "Discovers", "Integrated", "AI agents analyze"), so this should be "Auto-generates" or "Automatically generates".

Suggested change
| **🛡️ Threat Modeling** | auto-generates STRIDE threat models based on your codebase. |
| **🛡️ Threat Modeling** | Auto-generates STRIDE threat models based on your codebase. |

Copilot uses AI. Check for mistakes.
| **🔌 Integrations** | Native support for CI/CD pipelines (GitHub Actions, GitLab CI). |
| **📝 JSON Reporting** | Export findings for easy integration with dashboards like DefectDojo. |

## 🚀 Installation

**AI Agents:**
- **Architecture Agent**: Reviews modularity and dependencies.
- **Cross-File Agent**: Traces dangerous data flows across modules.
- **Explain Agent**: Provides detailed code explanations.
- **Secret Agent**: Validates if found secrets are likely real or test data.
- **Threat Model Agent**: Generates a STRIDE threat model for your project structure.
Install simply via pip:

### JSON Output
```bash
openaudit scan . --format json --output report.json
pip install openaudit
```

## 🛠 Features
## ⚡ Quick Start

- **Secret Scanning**: Detects API keys and secrets using regex and entropy checks.
- **Config Scanning**: Identifies misconfigurations in deployment files (e.g., .env, Dockerfile).
- **Secure**: Secrets are masked in outputs; offline-first design (unless AI is enabled).
- **Backend Ready**: Feature-based architecture with Pydantic models for easy integration into dashboards or APIs.
- **Customizable**: Add your own rules! See [Rule Documentation](openaudit/rules/README.md).
### 1. Basic Scan
Run a security scan on your current directory:

## 🛡️ Why OpenAuditKit?
```bash
openaudit scan .
```

Often, security tools are either too simple (grep) or too complex (enterprise SAST). OpenAuditKit bridges the gap:
### 2. Enable AI Superpowers 🧠
Unlock the full potential with AI agents that analyze architecture and data flow:

| Feature | OpenAuditKit | Gitleaks | TruffleHog |
| :--- | :---: | :---: | :---: |
| **Secret Scanning** | ✅ | ✅ | ✅ |
| **Config Scanning** | ✅ | ❌ | ❌ |
| **Offline First** | ✅ | ✅ | ❌ (Often requires API) |
| **AI Analysis** | ✅ (Optional) | ❌ | ❌ |
| **Custom Rules** | ✅ (YAML) | ✅ (TOML) | ✅ (Detectors) |
| **Backend Integration** | ✅ (Pydantic Models) | ❌ | ❌ |
```bash
# Set your OpenAI API Key
openaudit config set-key sk-your-api-key

### Security Philosophy
1. **Offline First**: No data leaves your machine unless you explicitly enable AI features.
2. **Confidence > Noise**: We use entropy checks and specific regexes to minimize false positives.
3. **Actionable**: Every finding comes with a remediation step.
# Run an AI-enhanced scan
openaudit scan . --ai
```

## Installation
### 3. Ask Your Code
Don't understand a complex file? Let the **Explain Agent** break it down:

```bash
# From PyPI
pip install openaudit

# From Source
git clone https://github.com/neuralforgeone/OpenAuditKit.git
cd OpenAuditKit
pip install .
openaudit explain src/complex_logic.py
```

## 🚀 CI/CD Integration
## 📊 Comparison

OpenAuditKit is designed to run in CI/CD pipelines. Use the `--ci` flag to enable CI mode (exit code 1 on failure, no interactive elements).
| Feature | OpenAuditKit | Gitleaks | TruffleHog |
| :--- | :---: | :---: | :---: |
| **Finding Secrets** | ✅ | ✅ | ✅ |
| **Config Analysis** | ✅ | ❌ | ❌ |
| **AI Context Analysis** | ✅ | ❌ | ❌ |
| **Architecture Review** | ✅ | ❌ | ❌ |
| **Offline Capabilities** | ✅ | ✅ | ❌* |

*\*TruffleHog often requires API connectivity for verification.*

### GitHub Actions Example
## 🤖 CI/CD Integration

Create `.github/workflows/audit.yml`:
Secure your pipeline with zero effort. Add this to your `.github/workflows/security.yml`:

```yaml
name: Security Audit
Expand All @@ -104,24 +95,29 @@ jobs:
openaudit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: '3.10'
- run: pip install openaudit
- run: openaudit scan . --ci --fail-on high
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: '3.10'
- run: pip install openaudit
- run: openaudit scan . --ci --fail-on high --ai
env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} # Optional for AI features
```

### Exit Codes
- `0`: No issues found (or issues below threshold).
- `1`: Issues found matching or exceeding severity threshold.
## 🛡️ Security Philosophy

## 🛠 Development & Testing
At **NeuralForge**, we believe security tools should be:
1. **Silent but Deadly:** Only alert on real issues (Low False Positives).
2. **Educational:** Don't just find bugs, explain them.
3. **Private:** Your code never leaves your machine unless you explicitly opt-in to AI features (which are redacted by default).

Run the test suite with coverage:
```bash
pip install -e .[dev]
pytest tests --cov=openaudit
```
## 🤝 Contributing

We love contributions! Please check out our [Contributing Guide](CONTRIBUTING.md) to get started.

---

We enforce a 90% test coverage threshold.
<div align="center">
<sub>Built with ❤️ by the <a href="https://neuralforge.one">NeuralForge</a> Team.</sub>
</div>
1 change: 0 additions & 1 deletion build/lib/openaudit/__init__.py
View file
Open in desktop

This file was deleted.

9 changes: 0 additions & 9 deletions build/lib/openaudit/main.py
View file
Open in desktop

This file was deleted.

67 changes: 0 additions & 67 deletions build/lib/openaudit/rules/config.yaml
View file
Open in desktop

This file was deleted.

18 changes: 0 additions & 18 deletions build/lib/openaudit/rules/secrets.yaml
View file
Open in desktop

This file was deleted.

Binary file removed dist/openaudit-0.1.0-py3-none-any.whl
View file
Open in desktop
Binary file not shown.
Binary file removed dist/openaudit-0.1.0.tar.gz
View file
Open in desktop
Binary file not shown.
Loading
Loading