Metadata-Version: 2.4
Name: anchor-audit
Version: 2.1.1
Summary: The Federated Governance Engine for AI (FINOS/OSFF Compliant)
Home-page: https://github.com/Tanishq1030/anchor
Author: Tanishq
Author-email: your.email@example.com
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Topic :: Software Development :: Quality Assurance
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Requires-Python: >=3.8
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: click
Requires-Dist: pyyaml
Requires-Dist: tree-sitter>=0.22.0
Requires-Dist: tree-sitter-python
Requires-Dist: requests
Dynamic: author
Dynamic: author-email
Dynamic: classifier
Dynamic: description
Dynamic: description-content-type
Dynamic: home-page
Dynamic: license-file
Dynamic: requires-dist
Dynamic: requires-python
Dynamic: summary

# Anchor
**The Semantic Firewall for AI Code Generation**

[![PyPI version](https://badge.fury.io/py/anchor-audit.svg)](https://badge.fury.io/py/anchor-audit)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![Python 3.10+](https://img.shields.io/badge/python-3.10+-blue.svg)](https://www.python.org/downloads/)
[![Status: Hybrid](https://img.shields.io/badge/Status-Hybrid-orange.svg)]()

> "Code drifts. Intent shouldn't."

Anchor is an autonomous governance platform designed for the AI-Native era. It prevents codebase degradation by enforcing **Architecture** (v1) and **Security** (v2) constraints that AI Agents often ignore.

It operates in two modes:
1. **The Historian (v1):** Prevents "Architectural Drift" by analyzing Git history to find the original intent of a symbol.
2. **The Enforcer (v2):** Prevents "Security Drift" by turning GenAI Threat Models into executable CI/CD blockers.

---

## Anchor v2: GenAI Governance Engine (New)
*Currently in Experimental Beta.*

Anchor v2 bridges the gap between **Risk Identification** (LLMs) and **Code Enforcement** (CI/CD). It parses Markdown Threat Models generated by AI and uses AST analysis (`tree-sitter`) to strictly enforce those constraints on the codebase.

### Key Capabilities
* **Dynamic Policy:** Reads "Risk IDs" (e.g., `RI-24`) directly from Markdown files.
* **Deep Analysis:** Uses `tree-sitter` (v0.25+) to detect semantic violations (e.g., bypassing MCP clients).
* **The "Bridge":** Turns a text-based Threat Model into a hard build failure.

### Quick Start (v2)
You can test the governance engine using the included test fixtures:

```bash
# 1. Inspect the "Risk Model" (Input)
# This file mimics an LLM output identifying "RI-24" (Raw Network Access)
type tests/fixtures/risk_model.md

# 2. Run the Anchor v2 Enforcement
# The tool reads the markdown, configures the engine, and scans the code.
python -m anchor.cli_v2 check --context tests/fixtures/risk_model.md --target tests/fixtures

# Expected Output:
# [!] VIOLATIONS FOUND:
#    [ERROR] RI-24 in tests/fixtures/bad_agent.py
#    Reason: Direct network access is forbidden. Use MCP Client.
```

---

## Anchor v1: Architecture Drift Prevention
The proven engine for preventing "Zombie Abstractions."

AI Agents (Cursor, Copilot, Devin) operate at the Syntax Level, not the Intent Level. When they encounter architectural constraints, they often enter a "Fixing Loop" that results in "God Objects" or "Zombie Abstractions."

Anchor v1 stops this by injecting a hard `<directive>` into the AI's context window, forcing it to stop hacking and start refactoring.

### Usage (v1)

#### 1. The Human Audit (CLI)
Use this to check a specific symbol in your codebase.

```bash
# Audit the Django Form class
anchor audit /path/to/django --symbol django.forms.forms:Form --format human
```

Output:

```
ANCHOR LOCKED: 2012-04-30
Intent: A collection of Fields, plus their associated data.

VERDICT: INTENT_VIOLATION
Rationale: Primary usage (100.0%) is Data Validation, displacing HTML rendering.

ARCHITECTURAL HALT: Form
You are attempting to modify `Form`. Stop and read this...
```

#### 2. The AI Governor (Agent Mode)
Use this to stop your AI Assistant from writing bad code.

```bash
anchor audit . --symbol Form --format agent
```

---

## Installation

```bash
git clone https://github.com/Tanishq1030/anchor
cd anchor
pip install -e .
```

**Note:** Anchor v2 requires `tree-sitter` binaries. The installation script handles the Python bindings.

---

## Supported Patterns

| Engine | Verdict | Description | Remediation |
|--------|---------|-------------|-------------|
| v2 | SECURITY_VIOLATION | Code violates a GenAI-identified risk (e.g., `RI-24`). | Rewrite to use approved abstraction (e.g., MCP Client). |
| v1 | INTENT_VIOLATION | "The Zombie." A class does X, but was built for Y. | Extract the active logic into a new, lighter class. |
| v1 | SEMANTIC_OVERLOAD | "The God Object." Used by API, UI, CLI, and Tests. | Split into domain-specific utilities. |
| v1 | DEPENDENCY_INERTIA | Logic kept only because old imports exist. | Deprecate and shim. |

---

## License
MIT License. Built for the era of AI-Assisted Engineering.
