Compliance & security SDK for Leo smart contracts with PCI-DSS support
Project description
๐ Comp-LEO SDK
Compliance & Security for Leo Smart Contracts | 100% Local | Zero Network Calls | PCI-DSS Support
Comp-LEO brings shift-left compliance to the Aleo ecosystem. Check your Leo smart contracts for security vulnerabilities and compliance issues in seconds, not months. Find issues during development, not after deployment.
๐ v0.3.0: Now includes PCI-DSS compliance checks for payment and DeFi contracts!
โจ Features
Core Capabilities
๐ Static Analysis - Parse Leo code with regex-based AST extraction
๐ก๏ธ 17+ Security Rules - Access control, input validation, overflow risks
๐ณ PCI-DSS Compliance - 7 payment security checks for DeFi contracts (NEW!)
๐ Smart Scoring - Severity-weighted compliance scores (0-100)
๐จ Beautiful CLI - Interactive menu with auto-scan and selection
๐ Multiple Formats - Export reports as JSON, HTML, or Markdown
Security Checks
โ
Missing access control checks
โ
Unvalidated inputs in transitions
โ
Unprotected state mutations
โ
Integer overflow risks
โ
Missing event logging
โ
Hardcoded credentials
โ
Weak randomness
โ
Reentrancy patterns
Payment Compliance (NEW in v0.3.0)
๐ณ Forbidden data detection (CVV, PIN, track data)
๐ Cardholder data visibility checks
โ
Payment input validation
๐ Access control on payment functions
๐ Audit logging verification
๐ Transaction limit validation
โฉ๏ธ Refund mechanism checks
Developer Experience
๐ค CI/CD Ready - GitHub Actions, GitLab CI, pre-commit hooks
๐ 100% Private - Code never leaves your machine
โก Blazing Fast - <10ms per file
๐ Free & Open Source - Apache 2.0 license
๐ Quick Start
Installation
pip install comp-leo
# With interactive menu mode
pip install comp-leo[interactive]
# With file watching
pip install comp-leo[watch]
# Full install
pip install comp-leo[all]
Usage
๐จ Interactive Menu Mode (Recommended)
The interactive menu mode provides a beautiful, user-friendly interface with auto-scanning:
comp-leo --interactive
Features:
- ๐ Auto-scans for
.leofiles in current directory, parent, andprograms/folders - ๐ Shows up to 5 files directly in the main menu for quick access
- โจ๏ธ Navigate with arrow keys, select with Enter
- ๐ Rescan on demand to find new files
- ๐ View detailed results and statistics
- ๐พ Export reports in multiple formats
Example Session:
โโโโโโโ โโโโโโโ โโโโ โโโโโโโโโโโ โโโ โโโโโโโโ โโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโ โโโ โโโโโโโโโโโโโโโโโ
โโโ โโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโโโโโ โโโ โโโ
โโโ โโโ โโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโ โโโโโโ โโโ โโโ
โโโโโโโโโโโโโโโโโโโโ โโโ โโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโ โโโโโโโ โโโ โโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโ
Compliance & Security for Leo Smart Contracts
v0.1.1 | Zero-Knowledge Compliance | 100% Local
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ Interactive Menu Mode
Use arrow keys to navigate, Enter to select
๐ Scanning for Leo files...
โ Found 8 Leo file(s)
โบ What would you like to do?
โโโ Quick Check โโโ
โธ โ programs/sbom_registry/src/main.leo
โ programs/compliance_oracle/src/main.leo
โ programs/token/src/main.leo
... and 5 more files
โโโ More Options โโโ
๐ Browse & Check File
๐ Check Directory
๐ Rescan for Leo Files
๐ List Available Policies
๐ง Change Policy Pack
โ Help
โ Exit
Menu Navigation:
- Use โ/โ arrow keys to move
- Press Enter to select
- Press Ctrl+C to cancel (returns to menu)
- Select "โ Exit" to quit
Quick Check: Select any file from the "Quick Check" section to instantly analyze it. Results show violations, severity, and compliance score.
After Running a Check: The menu dynamically updates to show additional options:
๐ View Last Results # See all violations with details
๐ Show Statistics # View detailed metrics
๐พ Export Report # Save as JSON/HTML/Markdown
Browse Mode: When you select "๐ Browse & Check File":
- Enter a path (defaults to current directory)
- If it's a directory, see all
.leofiles - Select a file to check
- See up to 30 files, with option to show all
๐ป Command Line Mode
For scripting and CI/CD, use direct commands:
# Check a single file
comp-leo check programs/my_contract/src/main.leo
# Check entire directory
comp-leo check programs/
# Check with custom threshold
comp-leo check programs/ --threshold 90
# Fail on any high severity issues
comp-leo check programs/ --fail-on-high
# Generate HTML report
comp-leo report programs/ --format html -o report.html
# Generate Markdown report
comp-leo report programs/ --format markdown -o COMPLIANCE.md
# List available policies
comp-leo list-policies
# Generate CI/CD configs
comp-leo init-ci
# Watch mode (auto-check on file changes)
comp-leo watch programs/
๐ณ PCI-DSS Payment Compliance (NEW!)
Check your payment and DeFi contracts for PCI-DSS compliance:
# Run PCI-DSS compliance check
comp-leo check payment_contract.leo --policy pci-dss-basic
# Generate PCI compliance report
comp-leo report defi_app/ --policy pci-dss-basic --format html
# Fail build on critical payment violations
comp-leo check payment.leo --policy pci-dss-basic --fail-on-critical
Example Output:
โญโโโโโโโโโโโโโโโโโโโโโโ โ ๏ธ 7 Violation(s) Found โโโโโโโโโโโโโโโโโโโโโโโฎ
โ ๐ด CRITICAL: 3 issue(s) โ
โ โข Forbidden to store CVV data (PCI-DSS 3.2) โ
โ โข Cardholder data must be private (PCI-DSS 3.4) โ
โ โข Missing access control (PCI-DSS 7.1) โ
โ โ
โ โ ๏ธ HIGH: 4 issue(s) โ
โ โข Payment amount not validated (PCI-DSS 6.5.1) โ
โ โข Missing audit logging (PCI-DSS 10.2) โ
โ โ
โ Score: 45/100 - NON COMPLIANT โ โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
What PCI-DSS checks include:
- โ No CVV/PIN storage (Req 3.2)
- โ Private cardholder data (Req 3.4)
- โ Input validation (Req 6.5.1)
- โ Access control (Req 7.1)
- โ Audit logging (Req 10.2)
- โ Transaction limits (Req 11.3.4)
- โ Refund mechanisms (Req 12.10.6)
See PCI-DSS Guide for complete documentation.
## ๐ Commands
| Command | Description |
|---------|-------------|
| `comp-leo` | Show banner and help |
| `comp-leo --interactive` | Launch interactive menu mode |
| `comp-leo check <path>` | Check Leo file or directory |
| `comp-leo report <path>` | Generate compliance report |
| `comp-leo list-policies` | List available policy packs |
| `comp-leo init-ci` | Generate CI/CD configurations |
| `comp-leo watch <path>` | Watch files for changes (requires `[watch]`) |
| `comp-leo --version` | Show version |
| `comp-leo --help` | Show full help |
## ๐ฏ Use Cases
### Pre-Commit Hook
```bash
# .git/hooks/pre-commit
#!/bin/bash
comp-leo check programs/ --threshold 75 --fail-on-critical || exit 1
GitHub Actions
# .github/workflows/compliance.yml
name: Compliance Check
on: [pull_request]
jobs:
compliance:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: '3.10'
- run: pip install comp-leo
- run: comp-leo check programs/ --fail-on-critical
Python API
from comp_leo.analyzer.checker import ComplianceChecker
checker = ComplianceChecker(policy_pack="aleo-baseline")
result = checker.check_file("programs/my_contract/src/main.leo")
print(f"Score: {result.score}/100")
print(f"Violations: {len(result.violations)}")
for v in result.violations:
print(f"{v.severity}: {v.message} at line {v.line_number}")
๐ Policy Packs
| Pack | Status | Controls | Focus Area |
|---|---|---|---|
| aleo-baseline | โ Available | 10+ | Leo security best practices |
| pci-dss-basic | โ Available (NEW!) | 7 | Payment & DeFi security |
| nist-800-53 | ๐ง v0.4.0 | 1,200+ | Federal security baseline |
| iso-27001 | ๐ง v0.5.0 | 114 | Information security |
| gdpr | ๐ง v0.6.0 | 99 | Data protection & privacy |
๐ณ PCI-DSS Basic (v0.3.0+)
For payment processors and DeFi contracts:
# Check payment contract for PCI compliance
comp-leo check payment_contract.leo --policy pci-dss-basic
# Generate PCI compliance report
comp-leo report defi_app/ --policy pci-dss-basic --format html
Covered Requirements:
- โ 3.2 - No CVV/PIN storage
- โ 3.4 - Cardholder data must be private
- โ 6.5.1 - Input validation on payment amounts
- โ 7.1 - Access control on payment functions
- โ 10.2 - Audit logging for transactions
- โ 11.3.4 - Transaction limits
- โ 12.10.6 - Refund mechanism
๐ Full PCI-DSS Guide | Example Contract
Current Rules (aleo-baseline)
- โ Missing access control checks
- โ Unvalidated inputs in transitions
- โ Unprotected state mutations
- โ Integer overflow risks
- โ Missing event logging
- โ Hardcoded credentials
- โ Weak randomness
- โ Reentrancy patterns
- โ Gas optimization issues
- โ Documentation gaps
Architecture
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Comp-LEO SDK โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ CLI Tool API Service CI Integration โ
โ comp-leo check /v1/check GitHub Actions โ
โ comp-leo fix /v1/report GitLab CI โ
โ comp-leo report Authentication PR Comments โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Static Analysis Engine โ
โ Leo Parser โ AST โ Pattern Matcher โ Scorer โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Policy Engine โ
โ Rules | Severity | Evidence | Control Mapping โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Remediation Engine (Future) โ
โ Fix Generator โ AI Agent โ PR Creator โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Example Output
โ ๏ธ Compliance Check: 3 issues found
HIGH: Missing input validation [AC-3.1, NIST 800-53]
โ programs/payment/src/main.leo:45
๐ก Add assertion: assert(amount > 0u64);
MEDIUM: Insufficient logging [AU-2, NIST 800-53]
โ programs/payment/src/main.leo:78
๐ก Log transaction hash before state mutation
LOW: Public field exposure [privacy-001]
โ programs/payment/src/main.leo:12
๐ก Consider using private modifier for sensitive data
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
47 checks passed โ ๏ธ 3 warnings โ 0 critical
Score: 85/100 (Threshold: 75)
๐ What's New in v0.1.1
โจ Interactive Menu Mode - Beautiful TUI with auto-scanning
๐ Smart File Discovery - Auto-finds Leo files in current/parent directories
๐ฏ Quick Check - One-click checking from scanned files
๐ Rescan on Demand - Refresh file list without restarting
๐ Dynamic Menus - Context-aware options based on state
๐จ Enhanced CLI - Improved error messages and help
๐ฆ Optional Dependencies - Install only what you need ([interactive], [watch], [all])
๐ Why 100% Local?
Your code never leaves your machine. No AI APIs. No network calls. True privacy for ZK blockchain development.
- No Data Leakage - Code stays on your machine
- Works Offline - Zero network dependency
- Deterministic - Same code = same results always
- Fast - <100ms vs 2-5s with cloud AI
- Free Forever - No per-check costs
- Auditable - Open source, verify everything
See WHY_LOCAL.md for full philosophy.
Pricing
| Tier | Checks/Month | Price | Features |
|---|---|---|---|
| Freemium | 100 | Free | Core policies, CLI access |
| Pro | 1,000 | $99/mo | All policies, API access, CI integration |
| Enterprise | Unlimited | $999/mo | Custom rules, SLA, white-label |
Project Structure
comp-leo-sdk/
โโ cli/ # Command-line tool
โโ api/ # FastAPI service
โโ analyzer/ # Static analysis engine
โ โโ parser.py # Leo AST parser
โ โโ checker.py # Pattern matcher
โ โโ scorer.py # Severity & scoring
โโ policies/ # Compliance rule definitions
โ โโ nist_800_53.json
โ โโ iso_27001.json
โ โโ pci_dss.json
โ โโ aleo_baseline.json
โโ integrations/ # CI/CD plugins
โ โโ github/
โ โโ gitlab/
โโ tests/ # Test suite
Development Roadmap
Phase 1: Foundation (Weeks 1-4)
- Leo parser & AST builder
- Core static analysis patterns
- NIST 800-53 baseline (80% of ISO overlap)
- CLI tool with local checks
- Unit test suite (>80% coverage)
Phase 2: API & Monetization (Weeks 5-8)
- FastAPI service with authentication
- Rate limiting & usage tracking
- API key management portal
- Stripe integration for paid tiers
Phase 3: CI/CD & Ecosystem (Weeks 9-12)
- GitHub Actions integration
- PR comment bot
- Policy pack expansion (PCI, GDPR)
- VS Code extension
Phase 4: AI Auto-Fix (Weeks 13-16)
- Fix suggestion engine
- LLM integration (GPT-4/Claude)
- Automated PR generation
- Confidence scoring for fixes
Contributing
See CONTRIBUTING.md for development setup and guidelines.
License
Apache 2.0 for core SDK (open-source) Proprietary for API service & enterprise features
Built for the Aleo ecosystem | Website |
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file comp_leo-0.3.0.tar.gz.
File metadata
- Download URL: comp_leo-0.3.0.tar.gz
- Upload date:
- Size: 111.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cb285cf4646e6d6e025939366b533b53556eb7b312d31d884da0ba6abea96d7c
|
|
| MD5 |
b679c3e8037dc6ef2f9fe001ac6b53b7
|
|
| BLAKE2b-256 |
d53e22c5d935a95037369edafd5abfb3837541b2e89a757799a82dde03962ddc
|
File details
Details for the file comp_leo-0.3.0-py3-none-any.whl.
File metadata
- Download URL: comp_leo-0.3.0-py3-none-any.whl
- Upload date:
- Size: 55.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ad8e0421e57d73b8c5958d6f9723e34a34f31c05cbb505a054d0d9fe2e7ec4c7
|
|
| MD5 |
a4e763ff7aa75693c946fd8d904b037f
|
|
| BLAKE2b-256 |
793b478d3e6f9eca1a88dd555f0f135d6e2b60ec83205c556fc76ddd0ae84f4f
|
