Code review, API testing, and security audit CLI tool
Project description
code-t — Code Review + API Testing + Security Audit Tool
code-t is a local-first CLI for reviewing code quality, discovering APIs, auditing security risk, and producing actionable reports.
Features
- Code review for maintainability, structure, naming, complexity, and error handling.
- Security audit checks for secrets, injection risks, unsafe configuration, path traversal, weak randomness, and dependency risk.
- API discovery across common backend frameworks and route declaration styles.
- Multi-format reports for humans, automation, CI systems, and security platforms.
- Rule registry with categorized rule packs, severity metadata, and CWE/OWASP mapping.
- Safe project scanning that skips irrelevant directories and binary content.
Installation
Install from PyPI:
pip install code-t
Install from GitHub as an alternative:
pip install "git+https://github.com/Lxsky-i/code-t.git"
Install for local development:
pip install -e ".[dev]"
Quick Start
Analyze a project:
code-t analyze /path/to/project
Generate a JSON report:
code-t analyze . --format json
Generate a SARIF report:
code-t analyze . --format sarif
Architecture
code-t runs a five-stage analysis pipeline:
- Scan: collect source files, metadata, and project structure.
- Analyze: identify languages, frameworks, dependencies, metrics, and APIs.
- Review: apply code-quality and maintainability rules.
- Security: apply security-focused rules with CWE and OWASP context.
- Report: render findings and summaries in the requested output format.
Report Formats
- Markdown (
md) for readable local reports. - JSON (
json) for automation and downstream processing. - HTML (
html) for browsable dashboards. - SARIF (
sarif) for GitHub code scanning and security tooling. - Terminal (
terminal) for concise CLI output.
Rules
code-t includes 105+ rules across 7 rule packs, covering code quality, maintainability, security, API design, configuration, dependencies, and project hygiene. Security rules include CWE and OWASP metadata where applicable.
Development
Set up the development environment:
pip install -e ".[dev]"
Run the full local CI suite before committing:
bash scripts/ci.sh
On Windows PowerShell:
.\scripts\ci.ps1
The local CI script runs linting, type checking, unit tests, coverage, and a code-t self-analysis pass. GitHub CI workflows are kept for manual multi-OS validation.
Run the test suite:
python -m pytest tests/ -q --tb=short
Run coverage:
python -m pytest tests/ --cov=src/codet --cov-report=term-missing -q
Run code quality checks:
ruff check src/ tests/
mypy src/codet/ --ignore-missing-imports
Contributions should include focused tests for changed behavior, keep public CLI output stable unless intentionally changed, and preserve the local-first safety model.
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file codet_cli-0.5.0-py3-none-any.whl.
File metadata
- Download URL: codet_cli-0.5.0-py3-none-any.whl
- Upload date:
- Size: 127.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b86e9bc7f4e65c862a20c93c894a607423631e198069f55fcef1b010e60f56e5
|
|
| MD5 |
3d194cf7c5fd4102a0aca89da7c602e0
|
|
| BLAKE2b-256 |
9418a2a6e28f9bb0c3c332617954ad87e1c9915905d0cd915aad1fee28bda147
|