feat: Add pip-audit fallback and refactor test suite

- Implemented pip-audit as a security scanner for Python 3.14+ where safety is incompatible.
- Fixed interpreter registration bugs for Python 3.13 and 3.14.
- Refactored and relocated test files from the main package directory into the /tests directory for better project structure.

Author: 1minds3t

omnipkg/cli.py

@@ -513,8 +513,9 @@ def main():
             safe_print(_('6. Flask test (under construction)'))
             safe_print(_('7. Auto-healing Test (omnipkg run)')) # <--- ADD THIS
             safe_print(_('8. 🌠 Quantum Multiverse Warp (Concurrent Python Installations)'))
+            safe_print(_('9. Flask Port Finder Test (auto-healing with Flask)')) # <--- ADD THIS
             try:
-                response = input(_('Enter your choice (1-8): ')).strip()
+                response = input(_('Enter your choice (1-9): ')).strip()
             except EOFError:
                 response = ''
             test_file = None
@@ -533,7 +534,7 @@ def main():
             elif response == '3':
                 if not handle_python_requirement('3.11', pkg_instance, parser.prog):
                     return 1
-                test_file = DEMO_DIR / 'stress_test.py'
+                test_file = TESTS_DIR / 'test_version_combos.py'
                 demo_name = 'numpy_scipy'
             elif response == '4':
                 if not handle_python_requirement('3.11', pkg_instance, parser.prog):
@@ -548,7 +549,8 @@ def main():
                 safe_print('!'*60)
 
                 # 1. Find the source script.
-                source_script_path = TESTS_DIR / 'multiverse_healing.py'
+                source_script_path = TESTS_DIR / 'test_multiverse_healing.py'
+
                 if not source_script_path.exists():
                     safe_print(_('❌ Error: Source test file {} not found.').format(source_script_path))
                     return 1
@@ -642,8 +644,28 @@ def main():
                     temp_script_path.unlink(missing_ok=True)
 
                 return returncode
+            elif response == '9':
+                demo_name = 'flask_port_finder'
+                test_file = TESTS_DIR / 'test_flask_port_finder.py'
+                if not test_file.exists():
+                    safe_print(_('❌ Error: Test file {} not found.').format(test_file))
+                    return 1
+                # This demo is best run via 'omnipkg run' to showcase auto-healing
+                safe_print(_('🚀 This demo uses "omnipkg run" to showcase auto-healing of missing modules.'))
+                cmd = [parser.prog, 'run', str(test_file)]
+                process = subprocess.Popen(cmd, text=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, encoding='utf-8', errors='replace')
+                for line in process.stdout:
+                    safe_print(line, end='')
+                returncode = process.wait()
+
+                safe_print('-' * 60)
+                if returncode == 0:
+                    safe_print(_('🎉 Demo completed successfully!'))
+                else:
+                    safe_print(_('❌ Demo failed with return code {}').format(returncode))
+                return returncode
             else:
-                safe_print(_('❌ Invalid choice. Please select 1, 2, 3, 4, 5, 6, 7, or 8.'))
+                safe_print(_('❌ Invalid choice. Please select 1, 2, 3, 4, 5, 6, 7, 8, or 9.'))
                 return 1
             if not test_file.exists():
                 safe_print(_('❌ Error: Test file {} not found.').format(test_file))

omnipkg/core.py

@@ -459,7 +459,7 @@ def _register_all_interpreters(self, venv_path: Path):
             safe_print(_('   -> Scanning directory: {}').format(interp_dir.name))
             found_exe_path = None
             search_locations = [interp_dir / 'bin', interp_dir / 'Scripts', interp_dir]
-            possible_exe_names = ['python3.12', 'python3.11', 'python3.10', 'python3.9', 'python3', 'python', 'python.exe']
+            possible_exe_names = ['python3.14', 'python3.13', 'python3.12', 'python3.11', 'python3.10', 'python3.8', 'python3.9', 'python3', 'python', 'python.exe']
             for location in search_locations:
                 if location.is_dir():
                     for exe_name in possible_exe_names:
@@ -553,6 +553,27 @@ def run_verbose(cmd: List[str], error_msg: str):
                 safe_print('   ----------------')
                 raise
         try:
+            safe_print('   - Attempting bootstrap with built-in ensurepip (most reliable)...')
+            ensurepip_cmd = [str(python_exe), '-m', 'ensurepip', '--upgrade']
+            run_verbose(ensurepip_cmd, "ensurepip bootstrap failed.")
+            safe_print('   ✅ Pip bootstrap complete via ensurepip.')
+            core_deps = _get_core_dependencies()
+            if core_deps:
+                safe_print(_('   - Installing omnipkg core dependencies...'))
+                deps_install_cmd = [str(python_exe), '-m', 'pip', 'install', '--no-cache-dir'] + sorted(list(core_deps))
+                run_verbose(deps_install_cmd, 'Failed to install omnipkg dependencies.')
+                safe_print(_('   ✅ Core dependencies installed.'))
+            safe_print(_('   - Installing omnipkg application layer...'))
+            project_root = self._find_project_root()
+            if project_root:
+                safe_print(_('     (Developer mode detected: performing editable install)'))
+                install_cmd = [str(python_exe), '-m', 'pip', 'install', '--no-cache-dir', '--no-deps', '-e', str(project_root)]
+            else:
+                safe_print('     (Standard mode detected: installing from PyPI)')
+                install_cmd = [str(python_exe), '-m', 'pip', 'install', '--no-cache-dir', '--no-deps', 'omnipkg']
+            run_verbose(install_cmd, 'Failed to install omnipkg application.')
+            safe_print(_('   ✅ Omnipkg bootstrapped successfully!'))
+        except Exception as e:
             safe_print(_('   - Bootstrapping pip, setuptools, wheel...'))
             with tempfile.NamedTemporaryFile(suffix='.py', delete=False, mode='w', encoding='utf-8') as tmp_file:
                 script_path = tmp_file.name
@@ -790,7 +811,8 @@ def _install_managed_python(self, venv_path: Path, full_version: str) -> Path:
         py_arch = py_arch_map.get(arch)
         if not py_arch:
             raise OSError(_('Unsupported architecture: {}').format(arch))
-        VERSION_TO_RELEASE_TAG_MAP = {'3.13.7': '20250818', '3.13.6': '20250807', '3.13.1': '20241211', '3.13.0': '20241016', '3.12.11': '20250818', '3.12.8': '20241211', '3.12.7': '20241008', '3.12.6': '20240814', '3.12.5': '20240726', '3.12.4': '20240726', '3.12.3': '20240415', '3.11.13': '20250603', '3.11.12': '20241211', '3.11.10': '20241008', '3.11.9': '20240726', '3.11.6': '20231002', '3.10.18': '20250818', '3.10.15': '20241008', '3.10.14': '20240726', '3.10.13': '20231002', '3.9.23': '20250818', '3.9.21': '20241211', '3.9.20': '20241008', '3.9.19': '20240726', '3.9.18': '20231002'}
+        VERSION_TO_RELEASE_TAG_MAP = {'3.8.20': '20241002',
+            '3.14.0': '20251014','3.13.7': '20250818', '3.13.6': '20250807', '3.13.1': '20241211', '3.13.0': '20241016', '3.12.11': '20250818', '3.12.8': '20241211', '3.12.7': '20241008', '3.12.6': '20240814', '3.12.5': '20240726', '3.12.4': '20240726', '3.12.3': '20240415', '3.11.13': '20250603', '3.11.12': '20241211', '3.11.10': '20241008', '3.11.9': '20240726', '3.11.6': '20231002', '3.10.18': '20250818', '3.10.15': '20241008', '3.10.14': '20240726', '3.10.13': '20231002', '3.9.23': '20250818', '3.9.21': '20241211', '3.9.20': '20241008', '3.9.19': '20240726', '3.9.18': '20231002'}
         release_tag = VERSION_TO_RELEASE_TAG_MAP.get(full_version)
         if not release_tag:
             available_versions = list(VERSION_TO_RELEASE_TAG_MAP.keys())
@@ -2994,7 +3016,7 @@ def redis_key_prefix(self) -> str:
             py_ver_str = f'py{match.group(1)}'
         else:
             try:
-                result = subprocess.run([python_exe_path, '-c', "import sys; safe_print(f'py{sys.version_info.major}.{sys.version_info.minor}')"], capture_output=True, text=True, check=True, timeout=2)
+                result = subprocess.run([python_exe_path, '-c', "import sys; print(f'py{sys.version_info.major}.{sys.version_info.minor}')"], capture_output=True, text=True, check=True, timeout=2)
                 py_ver_str = result.stdout.strip()
             except Exception:
                 py_ver_str = f'py{sys.version_info.major}.{sys.version_info.minor}'
@@ -4635,7 +4657,7 @@ def _is_interpreter_directory_valid(self, path: Path) -> bool:
             return False
         bin_dir = path / 'bin'
         if bin_dir.is_dir():
-            for name in ['python', 'python3', 'python3.9', 'python3.10', 'python3.11', 'python3.12']:
+            for name in ['python3.14', 'python3.13', 'python3.12', 'python3.11', 'python3.10', 'python3.9', 'python3.8', 'python3', 'python', 'python.exe']:
                 exe_path = bin_dir / name
                 if exe_path.is_file() and os.access(exe_path, os.X_OK):
                     try:
@@ -4673,7 +4695,7 @@ def _fallback_to_download(self, version: str) -> int:
         """
         safe_print(_('\n--- Running robust download strategy ---'))
         try:
-            full_versions = {'3.13': '3.13.7', '3.12': '3.12.11', '3.11': '3.11.9', '3.10': '3.10.18', '3.9': '3.9.23'}
+            full_versions = {'3.14': '3.14.0', '3.13': '3.13.7', '3.12': '3.12.11', '3.11': '3.11.9', '3.10': '3.10.18', '3.9': '3.9.23', '3.8': '3.8.20'}
             full_version = full_versions.get(version)
             if not full_version:
                 safe_print(f'❌ Error: No known standalone build for Python {version}.')
@@ -5652,7 +5674,6 @@ def _heal_conda_environment(self, also_run_clean: bool = True):
         if not conda_meta_path.is_dir():
             return  # No metadata directory
 
-        safe_print('\n' + '─' * 60)
         safe_print("🛡️  AUTO-HEAL: Scanning conda environment for corruption...")
 
         # Proactive scan for corrupted files
@@ -5687,7 +5708,6 @@ def _heal_conda_environment(self, also_run_clean: bool = True):
 
         if not corrupted_files_found:
             safe_print("   - ✅ No corruption detected in conda metadata")
-            safe_print('─' * 60)
             return
 
         # Healing process

omnipkg/package_meta_builder.py

@@ -33,7 +33,11 @@
 import subprocess
 import json
 import re
-
+try:
+    import safety
+    SAFETY_AVAILABLE = True
+except ImportError:
+    SAFETY_AVAILABLE = False
 # Add this global recursion tracking code at module level (after imports, before class definition)
 _security_scan_depth = threading.local()
 _max_depth = 10  # Adjust as needed
@@ -584,6 +588,23 @@ def _perform_security_scan(self, packages: Dict[str, str]):
         Runs a security check using a dedicated, isolated 'safety' tool bubble,
         created on-demand by the bubble_manager to guarantee isolation.
         """
+        is_incompatible_with_safety = False
+        if self.target_context_version:
+            try:
+                major, minor = map(int, self.target_context_version.split('.'))
+                if (major, minor) >= (3, 14):
+                    is_incompatible_with_safety = True
+            except (ValueError, TypeError):
+                pass
+
+        if is_incompatible_with_safety:
+            safe_print("🛡️  'safety' is incompatible with Python 3.14+. Using 'pip audit' as a fallback.")
+            self._run_pip_audit_fallback(packages)
+            return
+        if not SAFETY_AVAILABLE:
+            safe_print("⚠️  Security scan skipped: 'safety' package is not installed or is incompatible with the current Python version.")
+            self.security_report = {}
+            return
         safe_print(f'🛡️ Performing security scan for {len(packages)} active package(s) using isolated tool...')
         if not packages:
             safe_print(_(' - No active packages found to scan.'))
@@ -639,6 +660,60 @@ def _perform_security_scan(self, packages: Dict[str, str]):
             issue_count = len(self.security_report['vulnerabilities'])
         safe_print(_('✅ Security scan complete. Found {} potential issues.').format(issue_count))
 
+    def _run_pip_audit_fallback(self, packages: Dict[str, str]):
+        """Runs `pip audit` as a fallback security scanner."""
+        if not packages:
+            safe_print(_(' - No active packages found to scan.'))
+            self.security_report = {}
+            return
+
+        reqs_file_path = None
+        try:
+            with tempfile.NamedTemporaryFile(mode='w', delete=False, suffix='.txt') as reqs_file:
+                reqs_file_path = reqs_file.name
+                for name, version in packages.items():
+                    reqs_file.write(f'{name}=={version}\n')
+
+            python_exe = self.config.get('python_executable', sys.executable)
+            cmd = [python_exe, '-m', 'pip', 'audit', '--json', '-r', reqs_file_path]
+            result = subprocess.run(cmd, capture_output=True, text=True, timeout=180)
+
+            if result.returncode == 0 and result.stdout:
+                audit_data = json.loads(result.stdout)
+                self.security_report = self._parse_pip_audit_output(audit_data)
+            else:
+                self.security_report = [] # No issues found or error occurred
+
+            issue_count = len(self.security_report)
+            safe_print(_('✅ Security scan complete (via pip audit). Found {} potential issues.').format(issue_count))
+
+        except (json.JSONDecodeError, subprocess.SubprocessError, FileNotFoundError) as e:
+            safe_print(_(' ⚠️ An error occurred during the pip audit fallback scan: {}').format(e))
+            self.security_report = {}
+        finally:
+            if reqs_file_path and os.path.exists(reqs_file_path):
+                os.unlink(reqs_file_path)
+
+    def _parse_pip_audit_output(self, audit_data: List[Dict]) -> List[Dict]:
+        """
+        Parses the JSON output from `pip audit` and transforms it into the same
+        format used by the `safety` tool for consistency.
+        """
+        report = []
+        for item in audit_data:
+            package_name = item.get('name')
+            installed_version = item.get('version')
+            for vuln in item.get('vulns', []):
+                report.append({
+                    "package_name": package_name,
+                    "vulnerable_spec": f"<{','.join(vuln.get('fixed_in', []))}",
+                    "analyzed_version": installed_version,
+                    "advisory": vuln.get('summary', 'N/A'),
+                    "vulnerability_id": vuln.get('id', 'N/A'),
+                    "fixed_in": vuln.get('fixed_in', []),
+                })
+        return report
+
     def run(self, targeted_packages: Optional[List[str]]=None, newly_active_packages: Optional[Dict[str, str]]=None):
         """
         (V5.3 - Robust Path Fix) The main execution loop. Now uses robust logic
@@ -728,12 +803,8 @@ def run(self, targeted_packages: Optional[List[str]]=None, newly_active_packages
         total_packages = len(distributions_to_process)
         pkgs_per_sec = total_packages / total_time if total_time > 0 else float('inf')
 
-        print("\n" + "="*60)
         print("🚀 KNOWLEDGE BASE BUILD - PERFORMANCE SUMMARY 🚀")
-        print("="*60)
-        print(f"   - Processed {total_packages} packages in {total_time:.2f} seconds.")
         print(f"   - 🔥 Average Throughput: {pkgs_per_sec:.2f} pkg/s")
-        print("="*60 + "\n")
 
         safe_print(_('🎉 Metadata building complete! Updated {} package(s) for this context.').format(updated_count))
         return distributions_to_process

pyproject.toml

@@ -1,16 +1,16 @@
 [build-system]
-requires = ["setuptools>=61.0", "pip==25.1.1"]
+requires = ["setuptools>=61.0"]
 build-backend = "setuptools.build_meta"
 
 [project]
 name = "omnipkg"
-version = "1.5.5"
+version = "1.5.6"
 authors = [
   { name = "1minds3t", email = "1minds3t@proton.me" },
 ]
 description = "The Ultimate Python Dependency Resolver. One environment. Infinite packages. Zero conflicts."
 readme = "README.md"
-requires-python = ">=3.9, <3.14"
+requires-python = ">=3.7, <3.16"
 license = { text = "AGPL-3.0-only OR LicenseRef-Proprietary" }
 classifiers = [
     "Development Status :: 5 - Production/Stable",
@@ -19,11 +19,14 @@ classifiers = [
     "License :: OSI Approved :: GNU Affero General Public License v3 or later (AGPLv3+)",
     "Operating System :: OS Independent",
     "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.8",
     "Programming Language :: Python :: 3.9",
     "Programming Language :: Python :: 3.10",
     "Programming Language :: Python :: 3.11",
     "Programming Language :: Python :: 3.12",
     "Programming Language :: Python :: 3.13",
+    "Programming Language :: Python :: 3.14",
+    "Programming Language :: Python :: 3.15",
     "Environment :: Console",
     "Topic :: Software Development :: Build Tools",
     "Topic :: System :: Software Distribution",
@@ -38,9 +41,9 @@ dependencies = [
     "authlib>=1.6.5",
     "filelock>=3.9",
     "tomli; python_version < '3.11'",
-    "safety>=2.3.5,<3.0; python_version < '3.10'",
-    "safety>=3.0; python_version >= '3.10'",
+    "safety>=3.0; python_version >= '3.10' and python_version < '3.14'",
     "aiohttp", 
+    "pip-audit>=2.6.0; python_version >= '3.14'",
     "uv" 
 ]