kaos-source v0.1.4

License: Apache-2.0 Runtime: Python 3.13+ Released: 2026-06-23 Repository

Changes since last sweep

2026-06-23 → 2026-06-24

  • Commits (90d): 104 → 103

Trust scorecard

Composite: 8/8 green
Build passing
Latest CI conclusion: success
Tests + coverage
Latest CI conclusion: success
No critical CVEs
Latest Security workflow conclusion: success
Signed release artifacts
PEP 740 attestation verified for 2/2 artifacts
License clean
Wheel license: Apache-2.0
SBOM published
SBOM published — 59 components
Branch protection
GitHub reports main as protected; admin-only rule details were not available to the sweep token
SECURITY.md + CODEOWNERS
SECURITY.md + CODEOWNERS present

CI matrix

Environment pytestruff tybandit pip-audit
linux-x64 / py3.14
linux-x64 / py3.14t
linux-x64 / py3.15
macos-arm64 / py3.13
windows-x64 / py3.13

Security

Open advisories
0
Fixed in 90d
0
Dependabot alerts
Suppressions (total)
not inspected (sibling clone absent)

Suppressions are markers that silence a linter, type-checker, or security scanner. See security.html for the full ledger across the org.

Supply chain

Direct deps
Transitive deps
SBOM
CycloneDX (mirror) · CycloneDX (GitHub Release)

Governance + velocity

Maintainers
2
Commits 90d
103
Releases 90d
16

Code surface area

Python source (LoC)
9,910 across 93 files
Python tests (LoC)
6,417 across 34 files
Rust source (LoC)
Rust tests (LoC)
Source lines of code
16,327 LoC

Counts non-blank, non-comment lines (sloc). Excludes .venv, target, dist, build, __pycache__, _site, and lockfiles (uv.lock, Cargo.lock). Tests are paths whose ancestors contain tests, test, or benches. Authorship: this codebase is AI-assisted — lines were generated with Claude (Anthropic) and human-reviewed before commit. We count what's in git; we do not claim humans typed every character.

Evidence

Download JSON

Methodology

How these eight checks are scored Each check is collected by an automated workflow against public sources only (GitHub API, OSV, Sigstore transparency log, package registry metadata). No self-attestation is accepted. A check is green when the underlying signal is present and meets a documented threshold, yellow when partial, red when failing, and gray when the collector has not yet implemented the probe. See methodology.html for thresholds and source URLs.