Skip to main content

Code review, API testing, and security audit CLI tool

Project description

code-t — Code Review + API Testing + Security Audit Tool

Tests Coverage Python License

code-t is a local-first CLI for reviewing code quality, discovering APIs, auditing security risk, and producing actionable reports.

Features

  • Code review for maintainability, structure, naming, complexity, and error handling.
  • Security audit checks for secrets, injection risks, unsafe configuration, path traversal, weak randomness, and dependency risk.
  • API discovery across common backend frameworks and route declaration styles.
  • Multi-format reports for humans, automation, CI systems, and security platforms.
  • Rule registry with categorized rule packs, severity metadata, and CWE/OWASP mapping.
  • Safe project scanning that skips irrelevant directories and binary content.

Installation

Install from PyPI:

pip install code-t

Install from GitHub as an alternative:

pip install "git+https://github.com/Lxsky-i/code-t.git"

Install for local development:

pip install -e ".[dev]"

Quick Start

Analyze a project:

code-t analyze /path/to/project

Generate a JSON report:

code-t analyze . --format json

Generate a SARIF report:

code-t analyze . --format sarif

Architecture

code-t runs a five-stage analysis pipeline:

  1. Scan: collect source files, metadata, and project structure.
  2. Analyze: identify languages, frameworks, dependencies, metrics, and APIs.
  3. Review: apply code-quality and maintainability rules.
  4. Security: apply security-focused rules with CWE and OWASP context.
  5. Report: render findings and summaries in the requested output format.

Report Formats

  • Markdown (md) for readable local reports.
  • JSON (json) for automation and downstream processing.
  • HTML (html) for browsable dashboards.
  • SARIF (sarif) for GitHub code scanning and security tooling.
  • Terminal (terminal) for concise CLI output.

Rules

code-t includes 105+ rules across 7 rule packs, covering code quality, maintainability, security, API design, configuration, dependencies, and project hygiene. Security rules include CWE and OWASP metadata where applicable.

Development

Set up the development environment:

pip install -e ".[dev]"

Run the full local CI suite before committing:

bash scripts/ci.sh

On Windows PowerShell:

.\scripts\ci.ps1

The local CI script runs linting, type checking, unit tests, coverage, and a code-t self-analysis pass. GitHub CI workflows are kept for manual multi-OS validation.

Run the test suite:

python -m pytest tests/ -q --tb=short

Run coverage:

python -m pytest tests/ --cov=src/codet --cov-report=term-missing -q

Run code quality checks:

ruff check src/ tests/
mypy src/codet/ --ignore-missing-imports

Contributions should include focused tests for changed behavior, keep public CLI output stable unless intentionally changed, and preserve the local-first safety model.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

codet_cli-0.5.0-py3-none-any.whl (127.4 kB view details)

Uploaded Python 3

File details

Details for the file codet_cli-0.5.0-py3-none-any.whl.

File metadata

  • Download URL: codet_cli-0.5.0-py3-none-any.whl
  • Upload date:
  • Size: 127.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.14

File hashes

Hashes for codet_cli-0.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 b86e9bc7f4e65c862a20c93c894a607423631e198069f55fcef1b010e60f56e5
MD5 3d194cf7c5fd4102a0aca89da7c602e0
BLAKE2b-256 9418a2a6e28f9bb0c3c332617954ad87e1c9915905d0cd915aad1fee28bda147

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page