aicode-verify 0.1.0

Semantic checker for AI-generated Python code.

aicode-verify

aicode-verify is a semantic checker for AI-generated Python. It parses code without executing it, verifies imported symbols against the current environment, checks direct-call signatures, and scans for common security hazards.

It is intentionally not a style linter. It answers questions like:

• Is this module installed here?
• Does from package import name actually exist?
• Does this callable accept the keyword arguments the code uses?
• Did the generated code introduce obvious injection or secret-handling risks?

Install

pip install aicode-verify

For local development:

pip install -e ".[dev]"

CLI

aicode-verify path/to/file.py
aicode-verify src/**/*.py --fail-on high
aicode-verify script.py --format json

--fail-on accepts error, high, or medium. The default is error.

Python API

from aicode_verify import format_report, verify

source = "import math\nmath.sqrt(value=4)\n"
findings = verify(source)
print(format_report(findings, source))

Pre-commit

Add this to .pre-commit-config.yaml:

repos:
  - repo: https://github.com/Github-Rajesh/AiCode-Verify
    rev: v0.1.0
    hooks:
      - id: aicode-verify

What it checks today

• Missing top-level imports.
• Missing symbols in from ... import ....
• Direct imported calls such as pd.read_csv(...), Path(...), and json.loads(...).
• Unknown keyword arguments and simple missing required argument cases.
• Security patterns including eval, exec, compile, shell=True, os.system, unsafe pickle usage, weak hashes, hardcoded secrets, and SQL f-strings.

Limitations

The checker does not perform full type inference. Chained calls like df.groupby("x").agg(...) are only checked where the root object can be resolved statically. That keeps the first release fast and practical while leaving room for future stub-based inference.