# KYLO π‘οΈ
[](https://badge.fury.io/py/kylo)
[](https://pypi.org/project/kylo/)
[](https://opensource.org/licenses/MIT)
[](https://pepy.tech/project/kylo)
**KYLO** is an AI-powered security code auditor that helps developers ship safer code. It performs static analysis, detects vulnerabilities, and aligns your codebase with your project goalsβall from the command line.
## β¨ Features
- π **AST-Based Security Scanning** β Detects dangerous functions (`eval`, `exec`), SQL injection risks, and common vulnerabilities
- π‘οΈ **Advanced Security Checks** β Finds hardcoded secrets, weak crypto, auth risks, and more
- π **Project Alignment** β Validates code against your README goals and requirements
- π **Privacy-First** β Encrypted local storage for sensitive data
- π¨ **Beautiful Terminal UI** β Rich, colorful output with progress indicators
- π **Usage Tracking** β Monitor audits and scans with built-in analytics
- β‘ **Zero-Config** β Works out of the box, no API keys required for basic scanning
## π Installation
### Via pip (Recommended)
```bash
pip install kylo
```
### From source
```bash
git clone https://github.com/Shizzysagacious/kylo.git
cd kylo
pip install -e .
```
## π Quick Start
### 1. Initialize KYLO in your project
```bash
cd your-project
kylo init
```
This creates:
- `.kylo/` directory for state and configuration
- `README.md` template (if missing)
- Project goals tracking
### 2. Run a security audit
```bash
# Audit current directory
kylo audit
# Audit specific file or folder
kylo audit backend/api.py
kylo audit src/
```
### 3. Get security hardening recommendations
```bash
kylo secure backend/
```
### 4. View usage statistics
```bash
kylo stats
```
## π§ Configuration
### Setting an Admin Token
Protect sensitive operations with an admin token:
```bash
kylo config set-admin-token
```
### Storing API Keys (Optional)
For advanced features, you can store API keys securely:
```bash
kylo config set-api-key gemini
```
All keys are encrypted using hardware-bound encryption and stored in `.kylo/secure/`.
### Environment Variables
Customize KYLO's behavior with environment variables:
```bash
# Rate limits (requests per hour)
export KYLO_RATE_LIMIT_AUDITS=100
export KYLO_RATE_LIMIT_SECURE=50
# CLI colors
export KYLO_CLI_PRIMARY_COLOR=magenta
export KYLO_CLI_ACCENT_COLOR=purple
# Logging
export KYLO_LOG_LEVEL=INFO # DEBUG, INFO, WARNING, ERROR
```
## π‘οΈ Security Checks
KYLO performs comprehensive security analysis:
### Basic Checks
- Dangerous function usage (`eval`, `exec`, `pickle.loads`)
- SQL injection vulnerabilities (f-strings in queries)
- Insecure file operations
- Weak cryptographic functions (MD5, SHA1)
### Advanced Checks (Aggressive Mode)
- Hardcoded secrets and credentials
- Authentication and session management risks
- Network operation vulnerabilities
- Data deserialization issues
- Security-relevant code comments (TODO, FIXME, HACK)
## π Usage Examples
### Audit with verbose output
```bash
kylo -v audit backend/
```
### Check specific security concerns
```bash
kylo secure api/auth.py
```
### List stored API keys
```bash
kylo config list-keys
```
## π¨ Terminal UI
KYLO features a beautiful, modern terminal interface:
```
βββ ββββββ ββββββ βββββββ
βββ ββββββββ βββββββ βββββββββ
βββββββ βββββββ βββ βββ βββ
βββββββ βββββ βββ βββ βββ
βββ βββ βββ βββββββββββββββββ
βββ βββ βββ ββββββββ βββββββ
AI-Powered Security Code Auditor v1.0.0
π Scanning files...
π Reading project structure...
π‘οΈ Running security checks...
β Audit complete!
Files scanned: 45
Issues found: 3
```
## ποΈ Project Structure
```
your-project/
βββ .kylo/
β βββ state.json # Audit results and history
β βββ goals.json # Project goals for alignment
β βββ secure/ # Encrypted API keys (if configured)
β β βββ humanwhocodes.enc
β βββ stats/ # Usage statistics
β βββ usage.json
βββ README.md # Your project documentation
```
## π Privacy & Security
- **Local-First**: All scanning happens on your machine
- **Encrypted Storage**: API keys and sensitive data are encrypted using hardware-bound keys
- **Privacy-Preserving**: Usage tracking uses SHA256 hashes, not actual code
- **No Telemetry**: KYLO doesn't send your code anywhere (unless you explicitly use AI features)
## π€ Contributing
Contributions are welcome! Here's how:
1. Fork the repository
2. Create a feature branch (`git checkout -b feature/amazing-feature`)
3. Commit your changes (`git commit -m 'Add amazing feature'`)
4. Push to the branch (`git push origin feature/amazing-feature`)
5. Open a Pull Request
## π Development
### Setup
```bash
git clone https://github.com/yourusername/kylo.git
cd kylo
python -m venv .venv
source .venv/bin/activate # On Windows: .venv\Scripts\activate
pip install -r requirements.txt
pip install -e .
```
### Running Tests
```bash
python tests/run_tests.py
```
## πΊοΈ Roadmap
- [ ] Multi-language support (JavaScript, Go, Rust, TypeScript)
- [ ] CI/CD integrations (GitHub Actions, GitLab CI, CircleCI)
- [ ] Live monitoring dashboard
- [ ] AI-powered deep analysis (via optional proxy service)
- [ ] Custom rule definitions
- [ ] Team collaboration features
## π License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## π Acknowledgments
- Built with [Click](https://click.palletsprojects.com/) for CLI
- Beautiful terminal UI powered by [Rich](https://rich.readthedocs.io/)
- Encryption using [Cryptography](https://cryptography.io/)
## π¬ Support
- π Website: [kylo.pxxl.click](https://kylo.pxxl.click)
- π§ Email: kylodotai@gmail.com
- π¬ Discussions: [GitHub Discussions](https://github.com/Shizzysagacous/kylo/discussions)
**Made with β€οΈ by the KYLO team**
*Ship safer code, faster.*
Raw data
{
"_id": null,
"home_page": null,
"name": "kylo",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "security, code-audit, vulnerability-scanner, static-analysis",
"author": null,
"author_email": "Leon Musk <alabimuiz0@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/a8/ad/0be09915c9041d32f2b51cd217f957995d9e18ed12a64da23c788a00f7ac/kylo-1.0.0.tar.gz",
"platform": null,
"description": "# KYLO \ud83d\udee1\ufe0f\r\n\r\n[](https://badge.fury.io/py/kylo)\r\n[](https://pypi.org/project/kylo/)\r\n[](https://opensource.org/licenses/MIT)\r\n[](https://pepy.tech/project/kylo)\r\n\r\n**KYLO** is an AI-powered security code auditor that helps developers ship safer code. It performs static analysis, detects vulnerabilities, and aligns your codebase with your project goals\u2014all from the command line.\r\n\r\n## \u2728 Features\r\n\r\n- \ud83d\udd0d **AST-Based Security Scanning** \u2014 Detects dangerous functions (`eval`, `exec`), SQL injection risks, and common vulnerabilities\r\n- \ud83d\udee1\ufe0f **Advanced Security Checks** \u2014 Finds hardcoded secrets, weak crypto, auth risks, and more\r\n- \ud83d\udcca **Project Alignment** \u2014 Validates code against your README goals and requirements\r\n- \ud83d\udd12 **Privacy-First** \u2014 Encrypted local storage for sensitive data\r\n- \ud83c\udfa8 **Beautiful Terminal UI** \u2014 Rich, colorful output with progress indicators\r\n- \ud83d\udcc8 **Usage Tracking** \u2014 Monitor audits and scans with built-in analytics\r\n- \u26a1 **Zero-Config** \u2014 Works out of the box, no API keys required for basic scanning\r\n\r\n## \ud83d\ude80 Installation\r\n\r\n### Via pip (Recommended)\r\n\r\n```bash\r\npip install kylo\r\n```\r\n\r\n### From source\r\n\r\n```bash\r\ngit clone https://github.com/Shizzysagacious/kylo.git\r\ncd kylo\r\npip install -e .\r\n```\r\n\r\n## \ud83d\udcd6 Quick Start\r\n\r\n### 1. Initialize KYLO in your project\r\n\r\n```bash\r\ncd your-project\r\nkylo init\r\n```\r\n\r\nThis creates:\r\n- `.kylo/` directory for state and configuration\r\n- `README.md` template (if missing)\r\n- Project goals tracking\r\n\r\n### 2. Run a security audit\r\n\r\n```bash\r\n# Audit current directory\r\nkylo audit\r\n\r\n# Audit specific file or folder\r\nkylo audit backend/api.py\r\nkylo audit src/\r\n```\r\n\r\n### 3. Get security hardening recommendations\r\n\r\n```bash\r\nkylo secure backend/\r\n```\r\n\r\n### 4. View usage statistics\r\n\r\n```bash\r\nkylo stats\r\n```\r\n\r\n## \ud83d\udd27 Configuration\r\n\r\n### Setting an Admin Token\r\n\r\nProtect sensitive operations with an admin token:\r\n\r\n```bash\r\nkylo config set-admin-token\r\n```\r\n\r\n### Storing API Keys (Optional)\r\n\r\nFor advanced features, you can store API keys securely:\r\n\r\n```bash\r\nkylo config set-api-key gemini\r\n```\r\n\r\nAll keys are encrypted using hardware-bound encryption and stored in `.kylo/secure/`.\r\n\r\n### Environment Variables\r\n\r\nCustomize KYLO's behavior with environment variables:\r\n\r\n```bash\r\n# Rate limits (requests per hour)\r\nexport KYLO_RATE_LIMIT_AUDITS=100\r\nexport KYLO_RATE_LIMIT_SECURE=50\r\n\r\n# CLI colors\r\nexport KYLO_CLI_PRIMARY_COLOR=magenta\r\nexport KYLO_CLI_ACCENT_COLOR=purple\r\n\r\n# Logging\r\nexport KYLO_LOG_LEVEL=INFO # DEBUG, INFO, WARNING, ERROR\r\n```\r\n\r\n## \ud83d\udee1\ufe0f Security Checks\r\n\r\nKYLO performs comprehensive security analysis:\r\n\r\n### Basic Checks\r\n- Dangerous function usage (`eval`, `exec`, `pickle.loads`)\r\n- SQL injection vulnerabilities (f-strings in queries)\r\n- Insecure file operations\r\n- Weak cryptographic functions (MD5, SHA1)\r\n\r\n### Advanced Checks (Aggressive Mode)\r\n- Hardcoded secrets and credentials\r\n- Authentication and session management risks\r\n- Network operation vulnerabilities\r\n- Data deserialization issues\r\n- Security-relevant code comments (TODO, FIXME, HACK)\r\n\r\n## \ud83d\udcca Usage Examples\r\n\r\n### Audit with verbose output\r\n\r\n```bash\r\nkylo -v audit backend/\r\n```\r\n\r\n### Check specific security concerns\r\n\r\n```bash\r\nkylo secure api/auth.py\r\n```\r\n\r\n### List stored API keys\r\n\r\n```bash\r\nkylo config list-keys\r\n```\r\n\r\n## \ud83c\udfa8 Terminal UI\r\n\r\nKYLO features a beautiful, modern terminal interface:\r\n\r\n```\r\n\u2588\u2588\u2557 \u2588\u2588\u2557\u2588\u2588\u2557 \u2588\u2588\u2557\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \r\n\u2588\u2588\u2551 \u2588\u2588\u2554\u255d\u255a\u2588\u2588\u2557 \u2588\u2588\u2554\u255d\u2588\u2588\u2551 \u2588\u2588\u2554\u2550\u2550\u2550\u2588\u2588\u2557\r\n\u2588\u2588\u2588\u2588\u2588\u2554\u255d \u255a\u2588\u2588\u2588\u2588\u2554\u255d \u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2551\r\n\u2588\u2588\u2554\u2550\u2588\u2588\u2557 \u255a\u2588\u2588\u2554\u255d \u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2551\r\n\u2588\u2588\u2551 \u2588\u2588\u2557 \u2588\u2588\u2551 \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u255a\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\r\n\u255a\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u255d \r\n\r\nAI-Powered Security Code Auditor v1.0.0\r\n\r\n\ud83d\udd0d Scanning files...\r\n\ud83d\udcc2 Reading project structure...\r\n\ud83d\udee1\ufe0f Running security checks...\r\n\u2713 Audit complete!\r\n\r\nFiles scanned: 45\r\nIssues found: 3\r\n```\r\n\r\n## \ud83c\udfd7\ufe0f Project Structure\r\n\r\n```\r\nyour-project/\r\n\u251c\u2500\u2500 .kylo/\r\n\u2502 \u251c\u2500\u2500 state.json # Audit results and history\r\n\u2502 \u251c\u2500\u2500 goals.json # Project goals for alignment\r\n\u2502 \u251c\u2500\u2500 secure/ # Encrypted API keys (if configured)\r\n\u2502 \u2502 \u2514\u2500\u2500 humanwhocodes.enc\r\n\u2502 \u2514\u2500\u2500 stats/ # Usage statistics\r\n\u2502 \u2514\u2500\u2500 usage.json\r\n\u2514\u2500\u2500 README.md # Your project documentation\r\n```\r\n\r\n## \ud83d\udd10 Privacy & Security\r\n\r\n- **Local-First**: All scanning happens on your machine\r\n- **Encrypted Storage**: API keys and sensitive data are encrypted using hardware-bound keys\r\n- **Privacy-Preserving**: Usage tracking uses SHA256 hashes, not actual code\r\n- **No Telemetry**: KYLO doesn't send your code anywhere (unless you explicitly use AI features)\r\n\r\n## \ud83e\udd1d Contributing\r\n\r\nContributions are welcome! Here's how:\r\n\r\n1. Fork the repository\r\n2. Create a feature branch (`git checkout -b feature/amazing-feature`)\r\n3. Commit your changes (`git commit -m 'Add amazing feature'`)\r\n4. Push to the branch (`git push origin feature/amazing-feature`)\r\n5. Open a Pull Request\r\n\r\n## \ud83d\udcdd Development\r\n\r\n### Setup\r\n\r\n```bash\r\ngit clone https://github.com/yourusername/kylo.git\r\ncd kylo\r\npython -m venv .venv\r\nsource .venv/bin/activate # On Windows: .venv\\Scripts\\activate\r\npip install -r requirements.txt\r\npip install -e .\r\n```\r\n\r\n### Running Tests\r\n\r\n```bash\r\npython tests/run_tests.py\r\n```\r\n\r\n## \ud83d\uddfa\ufe0f Roadmap\r\n\r\n- [ ] Multi-language support (JavaScript, Go, Rust, TypeScript)\r\n- [ ] CI/CD integrations (GitHub Actions, GitLab CI, CircleCI)\r\n- [ ] Live monitoring dashboard\r\n- [ ] AI-powered deep analysis (via optional proxy service)\r\n- [ ] Custom rule definitions\r\n- [ ] Team collaboration features\r\n\r\n## \ud83d\udcc4 License\r\n\r\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\r\n\r\n## \ud83d\ude4f Acknowledgments\r\n\r\n- Built with [Click](https://click.palletsprojects.com/) for CLI\r\n- Beautiful terminal UI powered by [Rich](https://rich.readthedocs.io/)\r\n- Encryption using [Cryptography](https://cryptography.io/)\r\n\r\n## \ud83d\udcac Support\r\n\r\n- \ud83c\udf10 Website: [kylo.pxxl.click](https://kylo.pxxl.click)\r\n- \ud83d\udce7 Email: kylodotai@gmail.com\r\n- \ud83d\udcac Discussions: [GitHub Discussions](https://github.com/Shizzysagacous/kylo/discussions)\r\n**Made with \u2764\ufe0f by the KYLO team**\r\n\r\n*Ship safer code, faster.*\r\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "AI-powered security code auditor and project alignment validator",
"version": "1.0.0",
"project_urls": {
"Documentation": "https://kylo.pxxl.click",
"Homepage": "https://kylo.pxxl.click",
"Issues": "https://github.com/Shizzysagacious/kylo/issues",
"Repository": "https://github.com/Shizzysagacious/kylo"
},
"split_keywords": [
"security",
" code-audit",
" vulnerability-scanner",
" static-analysis"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "4af971f1413a6786bbce160366be0a5b532277037539a8778ddaa795fda7a340",
"md5": "c7db2877faea7dd7c43e0ab4b3f22911",
"sha256": "485060eb671f8d061a2eaa3a7dea36d765c687f5e0f30482dc2e16c4e06101b2"
},
"downloads": -1,
"filename": "kylo-1.0.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "c7db2877faea7dd7c43e0ab4b3f22911",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 23486,
"upload_time": "2025-10-25T00:23:43",
"upload_time_iso_8601": "2025-10-25T00:23:43.665624Z",
"url": "https://files.pythonhosted.org/packages/4a/f9/71f1413a6786bbce160366be0a5b532277037539a8778ddaa795fda7a340/kylo-1.0.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "a8ad0be09915c9041d32f2b51cd217f957995d9e18ed12a64da23c788a00f7ac",
"md5": "4675c39cb119975885a13e4f6614835b",
"sha256": "14cb893eb44c8f44c071adbf198e0bdc2370801d179693a54980abbda69b4081"
},
"downloads": -1,
"filename": "kylo-1.0.0.tar.gz",
"has_sig": false,
"md5_digest": "4675c39cb119975885a13e4f6614835b",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 23407,
"upload_time": "2025-10-25T00:23:46",
"upload_time_iso_8601": "2025-10-25T00:23:46.872702Z",
"url": "https://files.pythonhosted.org/packages/a8/ad/0be09915c9041d32f2b51cd217f957995d9e18ed12a64da23c788a00f7ac/kylo-1.0.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-10-25 00:23:46",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "Shizzysagacious",
"github_project": "kylo",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [
{
"name": "click",
"specs": [
[
">=",
"8.0"
]
]
},
{
"name": "rich",
"specs": [
[
">=",
"13.0.0"
]
]
},
{
"name": "python-dotenv",
"specs": [
[
">=",
"1.0.0"
]
]
},
{
"name": "google-generativeai",
"specs": [
[
">=",
"0.3.0"
]
]
},
{
"name": "cryptography",
"specs": [
[
">=",
"42.0.0"
]
]
},
{
"name": "pynacl",
"specs": [
[
">=",
"1.5.0"
]
]
},
{
"name": "python-jose",
"specs": [
[
">=",
"3.3.0"
]
]
},
{
"name": "ratelimit",
"specs": [
[
">=",
"2.2.1"
]
]
},
{
"name": "requests",
"specs": [
[
">=",
"2.30.0"
]
]
},
{
"name": "fastapi",
"specs": [
[
">=",
"0.95.0"
]
]
},
{
"name": "uvicorn",
"specs": [
[
">=",
"0.22.0"
]
]
},
{
"name": "gunicorn",
"specs": [
[
">=",
"21.2.0"
]
]
},
{
"name": "redis",
"specs": [
[
">=",
"5.0.0"
]
]
},
{
"name": "python-json-logger",
"specs": [
[
">=",
"2.0.7"
]
]
}
],
"lcname": "kylo"
}
JSON
