Refactor project structure and enhance documentation

Av7danger · Av7danger · commit 0e06cbfb46ce · 2026-03-08T09:51:37.000+05:30
- Removed `ai_engine.py` file and migrated its functionalities to a modular `AI/` package.
- Added `pyproject.toml` for improved dependency management and build configuration.
- Updated `.gitignore` to exclude egg-info files.
- Revised `CONTRIBUTING.md` and `README.md` to reflect changes in installation instructions and usage.
- Enhanced GitHub Actions workflow to include development dependencies during installation.
- Introduced new modules for schema fetching, test execution, and report generation, improving overall organization and maintainability.
diff --git a/.github/workflows/secnode-pentest.yml b/.github/workflows/secnode-pentest.yml
@@ -15,7 +15,7 @@ jobs:
           python-version: '3.10'
 
       - name: Install dependencies
-        run: pip install -r requirements.txt
+        run: pip install -r requirements.txt && pip install -e .[dev]
 
       - name: Run tests
         run: pytest
@@ -32,11 +32,11 @@ jobs:
           python-version: '3.10'
 
       - name: Install SecNode
-        run: pip install -r requirements.txt
+        run: pip install -r requirements.txt && pip install -e .
 
       - name: Run SecNode Scan
         env:
           SECNODE_LLM: ${{ secrets.SECNODE_LLM }}
           OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
           ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
-        run: python3 secnodeapi.py --target https://staging-api.example.com/swagger.json
+        run: secnodeapi --target https://staging-api.example.com/swagger.json
diff --git a/.gitignore b/.gitignore
@@ -15,6 +15,7 @@ __pycache__/
 .pytest_cache/
 .coverage
 htmlcov/
+*.egg-info/
 
 # macOS
 .DS_Store
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -26,6 +26,7 @@ Thank you for your interest in contributing to SecNode API! This guide will help
 3. **Install dependencies**
    ```bash
    pip install -r requirements.txt
+   pip install -e .[dev]
    ```
 
 4. **Configure your LLM provider**
@@ -41,7 +42,7 @@ Thank you for your interest in contributing to SecNode API! This guide will help
 
 5. **Run SecNode in development mode**
    ```bash
-   python3 secnodeapi.py --target https://api.example.com/swagger.json
+   secnodeapi --target https://api.example.com/swagger.json
    ```
 
 ##  Enhancing the AI Engine
diff --git a/README.md b/README.md
@@ -49,13 +49,14 @@ cd secnodeapi
 python3 -m venv venv
 source venv/bin/activate
 pip install -r requirements.txt
+pip install -e .
 
 # Configure your AI provider
 export SECNODE_LLM="openai/gpt-4o"
 export OPENAI_API_KEY="your-api-key"
 
 # Run your first security assessment
-python3 secnodeapi.py --target https://api.your-app.com/swagger.yaml
+secnodeapi --target https://api.your-app.com/swagger.yaml
 ```
 
 > [!NOTE]
@@ -89,28 +90,28 @@ SecNode rigorously hunts for:
 ### Basic Usage
 ```bash
 # Scan an API using a remote Swagger JSON
-python3 secnodeapi.py --target http://vulnapi.your-app.com/swagger.json
+secnodeapi --target http://vulnapi.your-app.com/swagger.json
 
 # Scan an API using a local OpenAPI YAML file
-python3 secnodeapi.py --target ./docs/openapi.yaml
+secnodeapi --target ./docs/openapi.yaml
 ```
 
 ### Advanced Testing Scenarios
 ```bash
 # Authenticated Testing (using inline Bearer token)
-python3 secnodeapi.py --target https://api.your-app.com/docs \
+secnodeapi --target https://api.your-app.com/docs \
   --auth-header "Authorization: Bearer my-jwt-token"
 
 # Authenticated Testing (using a JSON auth file)
-python3 secnodeapi.py --target https://api.your-app.com/docs \
+secnodeapi --target https://api.your-app.com/docs \
   --auth-file ./config/auth.json
 
 # Proxy Traffic (e.g. send traffic through Burp Suite/ZAP for manual review)
-python3 secnodeapi.py --target https://api.your-app.com/docs \
+secnodeapi --target https://api.your-app.com/docs \
   --proxy http://127.0.0.1:8080
 
 # Control Concurrency (Scale execution speed)
-python3 secnodeapi.py --target https://api.your-app.com/docs \
+secnodeapi --target https://api.your-app.com/docs \
   --concurrency 10
 ```
 
@@ -135,14 +136,14 @@ jobs:
           python-version: '3.10'
 
       - name: Install SecNode
-        run: pip install -r requirements.txt
+        run: pip install -r requirements.txt && pip install -e .
 
       - name: Run SecNode Scan
         env:
           SECNODE_LLM: ${{ secrets.SECNODE_LLM }}
           OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
           ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
-        run: python3 secnodeapi.py --target https://staging-api.example.com/swagger.json
+        run: secnodeapi --target https://staging-api.example.com/swagger.json
 ```
 
 ### Configuration
diff --git a/ai_engine.py b/ai_engine.py
diff --git a/pyproject.toml b/pyproject.toml
@@ -0,0 +1,38 @@
+[build-system]
+requires = ["setuptools>=69", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "secnodeapi"
+version = "0.1.0"
+description = "Autonomous, AI-augmented API penetration testing framework."
+readme = "README.md"
+requires-python = ">=3.9"
+dependencies = [
+  "httpx==0.27.0",
+  "pydantic==2.6.3",
+  "structlog==24.1.0",
+  "litellm==1.34.0",
+  "PyYAML==6.0.1",
+]
+
+[project.optional-dependencies]
+dev = [
+  "pytest==8.3.5",
+  "pytest-asyncio==0.25.3",
+]
+
+[project.scripts]
+secnodeapi = "secnodeapi.cli:entrypoint"
+
+[tool.setuptools]
+package-dir = {"" = "src"}
+
+[tool.setuptools.packages.find]
+where = ["src"]
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+python_files = ["test_*.py"]
+asyncio_mode = "strict"
+asyncio_default_fixture_loop_scope = "function"
diff --git a/pytest.ini b/pytest.ini
diff --git a/src/secnodeapi/__init__.py b/src/secnodeapi/__init__.py
@@ -0,0 +1,5 @@
+"""
+SecNode API package.
+"""
+
+__all__ = []
diff --git a/src/secnodeapi/__main__.py b/src/secnodeapi/__main__.py
@@ -0,0 +1,5 @@
+from .cli import entrypoint
+
+
+if __name__ == "__main__":
+    entrypoint()
diff --git a/src/secnodeapi/ai/__init__.py b/src/secnodeapi/ai/__init__.py
diff --git a/src/secnodeapi/ai/generate.py b/src/secnodeapi/ai/generate.py
@@ -6,7 +6,7 @@
 
 import structlog
 
-from vulnerability_models import APIUnderstanding, SchemaStructure, TestCase
+from ..vulnerability_models import APIUnderstanding, SchemaStructure, TestCase
 
 from .llm_client import call_llm
 
diff --git a/src/secnodeapi/ai/llm_client.py b/src/secnodeapi/ai/llm_client.py
diff --git a/src/secnodeapi/ai/understand.py b/src/secnodeapi/ai/understand.py
@@ -5,7 +5,7 @@
 
 import structlog
 
-from vulnerability_models import APIUnderstanding, SchemaStructure
+from ..vulnerability_models import APIUnderstanding, SchemaStructure
 
 from .llm_client import call_llm
 
diff --git a/src/secnodeapi/ai/validate.py b/src/secnodeapi/ai/validate.py
@@ -7,7 +7,7 @@
 
 import structlog
 
-from vulnerability_models import Finding, TestResult
+from ..vulnerability_models import Finding, TestResult
 
 from .llm_client import call_llm
 
diff --git a/src/secnodeapi/cli.py b/src/secnodeapi/cli.py
@@ -29,11 +29,11 @@
 )
 logger = structlog.get_logger(__name__)
 
-from schema_fetcher import fetch_schema, analyze_api_structure
-from ai import understand_api_with_ai, generate_test_cases, validate_findings_with_ai
-from test_executor import execute_proactive_tests
-from report_generator import generate_reports
-from vulnerability_models import Report
+from .schema_fetcher import fetch_schema, analyze_api_structure
+from .ai import understand_api_with_ai, generate_test_cases, validate_findings_with_ai
+from .test_executor import execute_proactive_tests
+from .report_generator import generate_reports
+from .vulnerability_models import Report
 
 
 def parse_auth(auth_header: str, auth_file: str) -> dict:
@@ -59,7 +59,24 @@ def parse_args():
     parser.add_argument("--auth-header", help="Inline header e.g. 'Authorization: Bearer <token>'")
     parser.add_argument("--auth-file", help="Path to JSON file with auth headers")
     parser.add_argument("--proxy", help="HTTP proxy to route traffic through")
-    return parser.parse_args()
+    parser.add_argument(
+        "--schema-only",
+        action="store_true",
+        help="Fetch and output schema structure, then exit",
+    )
+    parser.add_argument(
+        "--dry-run",
+        action="store_true",
+        help="Generate tests but do not execute",
+    )
+    parser.add_argument(
+        "--dry-run-output",
+        help="Write generated tests to JSON file (use with --dry-run)",
+    )
+    args = parser.parse_args()
+    if args.dry_run_output and not args.dry_run:
+        parser.error("--dry-run-output requires --dry-run")
+    return args
 
 
 async def validate_and_retest(results: list, base_url: str, concurrency: int, auth_headers: dict, proxy: str = None) -> list:
@@ -93,7 +110,11 @@ async def main():
     auth_headers = parse_auth(args.auth_header, args.auth_file)
     
     # Require a supported provider key for LiteLLM.
-    if not os.getenv("OPENAI_API_KEY") and not os.getenv("ANTHROPIC_API_KEY"):
+    if (
+        not args.schema_only
+        and not os.getenv("OPENAI_API_KEY")
+        and not os.getenv("ANTHROPIC_API_KEY")
+    ):
         logger.error(
             "Provider API key required. Set OPENAI_API_KEY or ANTHROPIC_API_KEY "
             "to match SECNODE_LLM."
@@ -106,6 +127,11 @@ async def main():
         # 1-2. Ingest and parse schema
         raw_schema = await fetch_schema(args.target, proxy=args.proxy)
         api_structure = analyze_api_structure(raw_schema)
+
+        if args.schema_only:
+            print(api_structure.model_dump_json(indent=2))
+            logger.info("Schema-only mode complete")
+            return
         
         # 3. AI Understanding
         understanding = await understand_api_with_ai(api_structure)
@@ -115,6 +141,19 @@ async def main():
         if not tests:
             logger.error("No tests generated. Aborting.")
             sys.exit(1)
+
+        if args.dry_run:
+            print(f"Generated {len(tests)} test cases (dry-run).")
+            if args.dry_run_output:
+                output_path = Path(args.dry_run_output)
+                output_path.parent.mkdir(parents=True, exist_ok=True)
+                output_path.write_text(
+                    json.dumps([test.model_dump() for test in tests], indent=2),
+                    encoding="utf-8",
+                )
+                logger.info("Dry-run tests written", output=str(output_path))
+            logger.info("Dry-run mode complete", generated_tests=len(tests))
+            return
             
         # 5. Execute Tests
         results = await execute_proactive_tests(
@@ -156,5 +195,10 @@ async def main():
         sys.exit(1)
 
 
-if __name__ == "__main__":
+def entrypoint() -> None:
+    """Console script entrypoint."""
     asyncio.run(main())
+
+
+if __name__ == "__main__":
+    entrypoint()
diff --git a/src/secnodeapi/report_generator.py b/src/secnodeapi/report_generator.py
@@ -3,12 +3,11 @@
 Produces actionable human-readable Markdown and machine-readable JSON reports.
 """
 import json
-import os
 from datetime import datetime
 import structlog
 from pathlib import Path
 
-from vulnerability_models import Report
+from .vulnerability_models import Report
 
 logger = structlog.get_logger(__name__)
 
diff --git a/src/secnodeapi/schema_fetcher.py b/src/secnodeapi/schema_fetcher.py
@@ -2,15 +2,13 @@
 Schema Fetcher module for SecNode API Pentester.
 Retrieves and parses OpenAPI/Swagger schemas into normalized structures.
 """
-import ssl
-import json
 import httpx
 import yaml
 from typing import Dict, Any, List
 from pathlib import Path
 import structlog
 
-from vulnerability_models import SchemaStructure, APIEndpoint, APIParameter
+from .vulnerability_models import SchemaStructure, APIEndpoint, APIParameter
 
 logger = structlog.get_logger(__name__)
 
diff --git a/src/secnodeapi/test_executor.py b/src/secnodeapi/test_executor.py
@@ -5,10 +5,10 @@
 import time
 import asyncio
 import httpx
-from typing import List, Dict, Any, Optional
+from typing import List, Dict, Optional
 import structlog
 
-from vulnerability_models import TestCase, TestResult
+from .vulnerability_models import TestCase, TestResult
 
 logger = structlog.get_logger(__name__)
 
diff --git a/src/secnodeapi/vulnerability_models.py b/src/secnodeapi/vulnerability_models.py
diff --git a/tests/conftest.py b/tests/conftest.py
@@ -1,11 +1,6 @@
-import sys
-from pathlib import Path
-
 import pytest
 
-sys.path.insert(0, str(Path(__file__).resolve().parents[1]))
-
-from vulnerability_models import Finding, Report
+from secnodeapi.vulnerability_models import Finding, Report
 
 
 @pytest.fixture
diff --git a/tests/test_report_generator.py b/tests/test_report_generator.py
@@ -1,6 +1,6 @@
 import json
 
-from report_generator import _generate_markdown, generate_reports
+from secnodeapi.report_generator import _generate_markdown, generate_reports
 
 
 def test_generate_markdown_contains_key_sections(sample_report) -> None:
diff --git a/tests/test_schema_fetcher.py b/tests/test_schema_fetcher.py
@@ -1,6 +1,6 @@
 import pytest
 
-from schema_fetcher import analyze_api_structure, fetch_schema
+from secnodeapi.schema_fetcher import analyze_api_structure, fetch_schema
 
 
 @pytest.mark.asyncio
diff --git a/tests/test_vulnerability_models.py b/tests/test_vulnerability_models.py
@@ -1,4 +1,9 @@
-from vulnerability_models import APIEndpoint, APIParameter, SchemaStructure, TestCase as VulnTestCase
+from secnodeapi.vulnerability_models import (
+    APIEndpoint,
+    APIParameter,
+    SchemaStructure,
+    TestCase as VulnTestCase,
+)
 
 
 def test_api_parameter_alias_and_serialization() -> None:

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +"""
 +SecNode API package.
 +"""
++
 +__all__ = []