Metadata-Version: 2.4
Name: OceanCrow_PDG
Version: 0.1.1
Summary: A Python dependency governance tool
Home-page: https://github.com/OceanCrow-TT/OceanCrow_PDG
Author: Sheldon K Salmon
Author-email: Sheldon K Salmon <OceanCrowtt@gmail.com>
License: # MIT License
        Copyright (c) 2025 Created by Sheldon Kenny Salmon of OceanCrow with assistance from Grok, built by xAI
        
        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the 'Software'), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:
        
        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.
        
        THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
Requires-Python: >=3.7
Description-Content-Type: text/markdown
License-File: LICENSE.txt
Requires-Dist: click
Requires-Dist: cryptography
Requires-Dist: requests==2.31.0
Requires-Dist: pip-tools
Requires-Dist: safety
Dynamic: author
Dynamic: home-page
Dynamic: license-file
Dynamic: requires-python

# OceanCrow_PDG - Python Dependency Governance Tool

## Overview

**OceanCrow_PDG** is a Python package designed to revolutionize dependency management for developers. It combines dependency installation, security vulnerability scanning, license compliance checking, and a unique dependency governance system with digital signing. Inspired by the secure collaboration features of **OceanCrow-RedPill**, this tool ensures that only approved and secure dependencies are integrated into your Python projects.

## Key Features

- **Dependency Management**: Install and resolve dependencies with ease.
- **Security Scanning**: Detect vulnerabilities using the `safety` tool.
- **License Compliance**: Verify licenses against a configurable allowlist.
- **Dependency Governance**: Require dependencies to be reviewed, approved, and digitally signed using RSA key pairs, preventing unvetted packages from being used.
- **Strict Mode**: Enforce approval checks before installation.

## Installation

1. Ensure you have Python 3.7+ installed.
2. Install **OceanCrow_PDG** via PyPI:
   ```bash
   pip install OceanCrow_PDG
   ```

Alternatively, clone the repository and install locally:
```bash
git clone https://github.com/OceanCrow-TT/OceanCrow_PDG.git
cd OceanCrow_PDG
pip install .
```

## Usage

### Initialize the Project

Set up the project with a key pair and configuration:
```bash
pdg init
```
Enter a passphrase when prompted to generate RSA keys and initialize the approval list.

### Review a Package

Check a package and its dependencies for security and license issues:
```bash
pdg review requests==2.25.1
```
Outputs a report on vulnerabilities and license compliance.

### Approve a Package

Sign and approve a package and its dependencies:
```bash
pdg approve requests==2.25.1
```
Enter the passphrase to sign the dependencies.

### Install a Package

Install a package only if all dependencies are approved:
```bash
pdg install requests==2.25.1
```
In strict mode, unapproved dependencies block installation unless reviewed and approved.

## Configuration

The tool uses a `.pdg/pdg_config.json` file to store settings:

- `allowed_licenses`: List of acceptable licenses (e.g., `["MIT", "Apache-2.0"]`).
- `strict_mode`: Boolean to enforce approval checks (default: `True`).

Edit this file to customize your project's policies.

## Dependencies

- `click`: For the command-line interface.
- `cryptography`: For digital signing.
- `requests`: To fetch PyPI metadata.
- `pip-tools`: For dependency resolution.
- `safety`: For security scanning.

Install them via requirements.txt:
```bash
pip install -r requirements.txt
```

## Development

1. Clone the repo: `git clone https://github.com/OceanCrow-TT/OceanCrow_PDG.git`
2. Install development dependencies: `pip install -r requirements.txt`
3. Run tests: `python -m unittest discover tests`

## Contributing

See `CONTRIBUTING.md` for guidelines on how to contribute.

## License

This project is licensed under the MIT License. See `LICENSE.txt` for details.

## Author

Sheldon K Salmon (OceanCrowtt@gmail.com)

## Acknowledgments

- Built with assistance from Grok 3 by xAI.
- Inspired by the success of OceanCrow-RedPill.

## Version

Current: 0.1.1
