nomos 0.1.0

data/examples/.nomos/rules.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+rule "no_debugger" do
+  changed_files.grep(/\.rb$/).each do |file|
+    if diff(file).include?("binding.pry")
+      fail "binding.pry detected", file: file
+    end
+  end
+end

data/examples/nomos.yml

@@ -0,0 +1,30 @@
+version: 1
+
+reporter:
+  github: true
+  console: true
+  json:
+    path: nomos-report.json
+
+performance:
+  concurrency: 4
+  cache: true
+  lazy_diff: true
+  timing: false
+
+rules:
+  - name: no_large_pr
+    type: builtin.no_large_pr
+    params:
+      max_changed_lines: 800
+
+  - name: require_changelog
+    type: builtin.require_file_change
+    params:
+      patterns:
+        - CHANGELOG.md
+
+  - name: custom_rules
+    type: ruby.file
+    params:
+      path: .nomos/rules.rb

data/exe/nomos

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "nomos"
+
+exit Nomos::CLI.run(ARGV)

data/lib/nomos/cache.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require "json"
+
+module Nomos
+  class Cache
+    def initialize(path:, enabled: true)
+      @path = path
+      @enabled = enabled
+      @data = enabled ? load_data : {}
+    end
+
+    def fetch(key)
+      return yield unless @enabled
+      return @data[key] if @data.key?(key)
+
+      value = yield
+      @data[key] = value
+      persist
+      value
+    end
+
+    private
+
+    def load_data
+      return {} unless File.exist?(@path)
+
+      JSON.parse(File.read(@path))
+    rescue JSON::ParserError
+      {}
+    end
+
+    def persist
+      dir = File.dirname(@path)
+      Dir.mkdir(dir) unless Dir.exist?(dir)
+      File.write(@path, JSON.pretty_generate(@data))
+    end
+  end
+end

data/lib/nomos/cli.rb

@@ -0,0 +1,220 @@
+# frozen_string_literal: true
+
+require "optparse"
+
+require_relative "config"
+require_relative "context_loader"
+require_relative "github_client"
+require_relative "runner"
+require_relative "reporters/console"
+require_relative "reporters/github"
+require_relative "timing"
+
+module Nomos
+  class CLI
+    def self.run(argv)
+      command = argv.shift || "run"
+
+      case command
+      when "run"
+        new.run(argv)
+      when "init"
+        new.init(argv)
+      when "doctor"
+        new.doctor(argv)
+      else
+        warn "Unknown command: #{command}"
+        1
+      end
+    end
+
+    def run(argv)
+      options = {
+        config: Config::DEFAULT_PATH,
+        strict: false,
+        debug: false,
+        reporter: nil,
+        no_cache: false
+      }
+
+      parser = OptionParser.new do |opts|
+        opts.banner = "Usage: nomos run [options]"
+        opts.on("--config PATH", "Config path (default: nomos.yml)") { |path| options[:config] = path }
+        opts.on("--strict", "Treat warns as failures") { options[:strict] = true }
+        opts.on("--debug", "Show debug details") { options[:debug] = true }
+        opts.on("--no-cache", "Disable cache and lazy diff for this run") { options[:no_cache] = true }
+        opts.on("--reporter LIST", "Comma-separated reporters (github,console,json)") do |list|
+          options[:reporter] = list.split(",").map(&:strip)
+        end
+      end
+
+      parser.parse!(argv)
+
+      timing = Timing.new
+      config = timing.measure("config") { Config.load(options[:config]) }
+      performance = config.performance
+      if options[:no_cache]
+        performance = performance.merge(cache: false, lazy_diff: false)
+      end
+      context = timing.measure("context") { ContextLoader.load(performance: performance) }
+      findings = timing.measure("rules") { Runner.new(config, context).run }
+      findings = upgrade_warnings(findings) if options[:strict]
+
+      reporters = timing.measure("reporters") { build_reporters(config, context, options[:reporter]) }
+      timing.measure("report_outputs") { reporters.each { |reporter| reporter.report(findings) } }
+
+      timing.report if config.performance.fetch(:timing, false)
+
+      exit_code(findings, options[:strict])
+    rescue Nomos::Error => e
+      warn e.message
+      raise if options[:debug]
+
+      1
+    end
+
+    def init(_argv)
+      config_path = Config::DEFAULT_PATH
+      rules_path = ".nomos/rules.rb"
+
+      if File.exist?(config_path)
+        warn "#{config_path} already exists"
+      else
+        File.write(config_path, default_config)
+        puts "Created #{config_path}"
+      end
+
+      unless File.exist?(File.dirname(rules_path))
+        Dir.mkdir(File.dirname(rules_path))
+      end
+
+      if File.exist?(rules_path)
+        warn "#{rules_path} already exists"
+      else
+        File.write(rules_path, default_rules)
+        puts "Created #{rules_path}"
+      end
+
+      0
+    end
+
+    def doctor(_argv)
+      config_path = Config::DEFAULT_PATH
+      ok = true
+
+      unless File.exist?(config_path)
+        warn "Missing config: #{config_path}"
+        ok = false
+      end
+
+      if ENV["GITHUB_TOKEN"].to_s.empty?
+        warn "Missing GITHUB_TOKEN"
+        ok = false
+      end
+
+      if ENV["GITHUB_EVENT_PATH"].to_s.empty? && (ENV["NOMOS_PR_NUMBER"].to_s.empty? || ENV["NOMOS_REPOSITORY"].to_s.empty?)
+        warn "Missing PR context (GITHUB_EVENT_PATH or NOMOS_PR_NUMBER/NOMOS_REPOSITORY)"
+        ok = false
+      end
+
+      puts ok ? "Nomos doctor: OK" : "Nomos doctor: issues found"
+      ok ? 0 : 1
+    end
+
+    private
+
+    def build_reporters(config, context, override)
+      enabled = if override
+                  override.map(&:downcase)
+                else
+                  config.reporters.map { |name, value| name.to_s if value }.compact
+                end
+
+      enabled = ["console"] if enabled.empty?
+
+      enabled.map do |name|
+        case name
+        when "console"
+          Reporters::Console.new
+        when "github"
+          client = GitHubClient.new(token: ENV["GITHUB_TOKEN"], api_url: ENV["GITHUB_API_URL"] || "https://api.github.com")
+          Reporters::GitHub.new(
+            client: client,
+            repo: context.repo,
+            pr_number: context.pull_request.fetch("number"),
+            pull_request: context.pull_request,
+            context: context
+          )
+        when "json"
+          Reporters::Json.new(path: json_report_path(config))
+        else
+          raise Nomos::Error, "Unknown reporter: #{name}"
+        end
+      end
+    end
+
+    def exit_code(findings, strict)
+      return 1 if findings.any? { |finding| finding.severity == :fail }
+
+      0
+    end
+
+    def upgrade_warnings(findings)
+      findings.map do |finding|
+        finding.severity == :warn ? finding.with_severity(:fail) : finding
+      end
+    end
+
+    def default_config
+      <<~YAML
+        version: 1
+
+        reporter:
+          github: true
+          console: true
+          json:
+            path: nomos-report.json
+
+        performance:
+          concurrency: 4
+          cache: true
+          lazy_diff: true
+          timing: false
+
+        rules:
+          - name: no_large_pr
+            type: builtin.no_large_pr
+            params:
+              max_changed_lines: 800
+
+          - name: require_changelog
+            type: builtin.require_file_change
+            params:
+              patterns:
+                - CHANGELOG.md
+      YAML
+    end
+
+    def default_rules
+      <<~RUBY
+        # frozen_string_literal: true
+
+        # Custom rules will be supported in Phase 2.
+      RUBY
+    end
+
+    def json_report_path(config)
+      json = config.reporters[:json]
+      case json
+      when Hash
+        json[:path] || "nomos-report.json"
+      when String
+        json
+      when true
+        "nomos-report.json"
+      else
+        "nomos-report.json"
+      end
+    end
+  end
+end

data/lib/nomos/config.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+require "yaml"
+
+module Nomos
+  class Config
+    DEFAULT_PATH = "nomos.yml"
+
+    attr_reader :path, :data
+
+    def self.load(path = DEFAULT_PATH)
+      raw = read_yaml(path)
+      new(path, raw)
+    end
+
+    def initialize(path, raw)
+      @path = path
+      @data = symbolize_keys(raw || {})
+    end
+
+    def reporters
+      data.fetch(:reporter, {})
+    end
+
+    def performance
+      data.fetch(:performance, {})
+    end
+
+    def rules
+      Array(data[:rules])
+    end
+
+    private
+
+    def self.read_yaml(path)
+      unless File.exist?(path)
+        raise Nomos::Error, "Config not found: #{path}"
+      end
+
+      YAML.safe_load(File.read(path), permitted_classes: [], aliases: false) || {}
+    rescue Psych::SyntaxError => e
+      raise Nomos::Error, "Invalid YAML in #{path}: #{e.message}"
+    end
+
+    def symbolize_keys(obj)
+      case obj
+      when Hash
+        obj.each_with_object({}) do |(key, value), memo|
+          memo[key.to_sym] = symbolize_keys(value)
+        end
+      when Array
+        obj.map { |value| symbolize_keys(value) }
+      else
+        obj
+      end
+    end
+  end
+end

data/lib/nomos/context.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module Nomos
+  class Context
+    attr_reader :pull_request, :changed_files, :repo, :base_branch, :ci, :changed_lines
+
+    def initialize(pull_request:, changed_files:, patches:, repo:, base_branch:, ci:, changed_lines:, patch_fetcher: nil)
+      @pull_request = pull_request
+      @changed_files = changed_files
+      @patches = patches
+      @patch_fetcher = patch_fetcher
+      @repo = repo
+      @base_branch = base_branch
+      @ci = ci
+      @changed_lines = changed_lines
+      freeze
+    end
+
+    def diff(file)
+      return @patches[file] if @patches.key?(file)
+      return unless @patch_fetcher
+
+      @patches[file] = @patch_fetcher.call(file)
+    end
+  end
+end

data/lib/nomos/context_loader.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+require "json"
+
+require_relative "cache"
+require_relative "context"
+require_relative "github_client"
+
+module Nomos
+  class ContextLoader
+    def self.load(env: ENV, performance: {})
+      event = read_event(env["GITHUB_EVENT_PATH"])
+      pr_number = event.dig("pull_request", "number") || event["number"] || env["NOMOS_PR_NUMBER"]
+      repo = env["GITHUB_REPOSITORY"] || env["NOMOS_REPOSITORY"]
+
+      unless pr_number && repo
+        raise Nomos::Error, "Missing PR context. Set GITHUB_EVENT_PATH/GITHUB_REPOSITORY or NOMOS_PR_NUMBER/NOMOS_REPOSITORY."
+      end
+
+      token = env["GITHUB_TOKEN"]
+      api_url = env["GITHUB_API_URL"] || "https://api.github.com"
+
+      client = GitHubClient.new(token: token, api_url: api_url)
+
+      cache_enabled = performance.fetch(:cache, false)
+      cache_path = performance.fetch(:cache_path, ".nomos/cache.json")
+      cache = Cache.new(path: cache_path, enabled: cache_enabled)
+
+      pr_cache_key = "pr:#{repo}##{pr_number}"
+      files_cache_key = "files:#{repo}##{pr_number}"
+
+      pr = cache.fetch(pr_cache_key) { client.pull_request(repo, pr_number) }
+      files = cache.fetch(files_cache_key) { client.pull_request_files(repo, pr_number) }
+
+      changed_files = files.map { |file| file.fetch("filename") }
+      lazy_diff = performance.fetch(:lazy_diff, false)
+      patches = lazy_diff ? {} : files.each_with_object({}) { |file, memo| memo[file["filename"]] = file["patch"] }
+      patch_fetcher = lazy_diff ? lambda { |filename| files.find { |file| file["filename"] == filename }&.fetch("patch", nil) } : nil
+      changed_lines = files.sum { |file| file.fetch("additions", 0) + file.fetch("deletions", 0) }
+
+      Context.new(
+        pull_request: pr,
+        changed_files: changed_files,
+        patches: patches,
+        patch_fetcher: patch_fetcher,
+        repo: repo,
+        base_branch: pr.dig("base", "ref"),
+        ci: {
+          "workflow" => env["GITHUB_WORKFLOW"],
+          "run_id" => env["GITHUB_RUN_ID"],
+          "actor" => env["GITHUB_ACTOR"]
+        },
+        changed_lines: changed_lines
+      )
+    end
+
+    def self.read_event(path)
+      return {} unless path && File.exist?(path)
+
+      JSON.parse(File.read(path))
+    rescue JSON::ParserError => e
+      raise Nomos::Error, "Invalid event JSON at #{path}: #{e.message}"
+    end
+    private_class_method :read_event
+  end
+end

data/lib/nomos/finding.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+module Nomos
+  class Finding
+    SEVERITIES = %i[message warn fail].freeze
+    LEVEL_MAP = {
+      "note" => :message,
+      "warning" => :warn,
+      "caution" => :fail
+    }.freeze
+
+    attr_reader :severity, :text, :file, :line, :code, :source
+
+    def self.message(text, **opts)
+      new(:message, text, **opts)
+    end
+
+    def self.warn(text, **opts)
+      new(:warn, text, **opts)
+    end
+
+    def self.fail(text, **opts)
+      new(:fail, text, **opts)
+    end
+
+    def initialize(severity, text, file: nil, line: nil, code: nil, source: "")
+      unless SEVERITIES.include?(severity)
+        raise ArgumentError, "Unknown severity: #{severity}"
+      end
+
+      @severity = severity
+      @text = text
+      @file = file
+      @line = line
+      @code = code
+      @source = source
+      freeze
+    end
+
+    def self.severity_for_level(level)
+      key = level.to_s.strip.downcase
+      severity = LEVEL_MAP[key]
+      raise ArgumentError, "Unknown level: #{level}" unless severity
+
+      severity
+    end
+
+    def with_severity(new_severity)
+      return self if new_severity == severity
+
+      self.class.new(new_severity, text, file: file, line: line, code: code, source: source)
+    end
+
+    def to_h
+      {
+        severity: severity,
+        text: text,
+        file: file,
+        line: line,
+        code: code,
+        source: source
+      }
+    end
+  end
+end

data/lib/nomos/github_client.rb

@@ -0,0 +1,98 @@
+# frozen_string_literal: true
+
+require "json"
+require "net/http"
+require "uri"
+
+module Nomos
+  class GitHubClient
+    def initialize(token:, api_url:)
+      @token = token
+      @api_url = api_url
+    end
+
+    def pull_request(repo, number)
+      get_json("/repos/#{repo}/pulls/#{number}")
+    end
+
+    def pull_request_files(repo, number)
+      get_paginated("/repos/#{repo}/pulls/#{number}/files")
+    end
+
+    def list_issue_comments(repo, number)
+      get_paginated("/repos/#{repo}/issues/#{number}/comments")
+    end
+
+    def create_comment(repo, number, body)
+      post_json("/repos/#{repo}/issues/#{number}/comments", body: body)
+    end
+
+    def update_comment(repo, comment_id, body)
+      patch_json("/repos/#{repo}/issues/comments/#{comment_id}", body: body)
+    end
+
+    def create_review(repo, number, body:, event: "COMMENT", comments: [], commit_id: nil)
+      payload = { body: body, event: event, comments: comments }
+      payload[:commit_id] = commit_id if commit_id
+      post_json("/repos/#{repo}/pulls/#{number}/reviews", payload)
+    end
+
+    private
+
+    def get_paginated(path)
+      results = []
+      page = 1
+
+      loop do
+        data, headers = request(:get, "#{path}?per_page=100&page=#{page}")
+        results.concat(data)
+        break unless headers["link"]&.include?("rel=\"next\"")
+
+        page += 1
+      end
+
+      results
+    end
+
+    def get_json(path)
+      data, = request(:get, path)
+      data
+    end
+
+    def post_json(path, payload)
+      data, = request(:post, path, payload)
+      data
+    end
+
+    def patch_json(path, payload)
+      data, = request(:patch, path, payload)
+      data
+    end
+
+    def request(method, path, payload = nil)
+      uri = URI.join(@api_url, path)
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = uri.scheme == "https"
+
+      request_class = Net::HTTP.const_get(method.to_s.capitalize)
+      request = request_class.new(uri)
+      request["Accept"] = "application/vnd.github+json"
+      request["User-Agent"] = "nomos"
+      request["Authorization"] = "Bearer #{@token}" if @token
+      request["Content-Type"] = "application/json" if payload
+      request.body = JSON.generate(payload) if payload
+
+      response = http.request(request)
+      data = response.body.to_s.empty? ? {} : JSON.parse(response.body)
+
+      unless response.is_a?(Net::HTTPSuccess)
+        message = data.is_a?(Hash) ? data["message"] : response.message
+        raise Nomos::Error, "GitHub API error (#{response.code}): #{message}"
+      end
+
+      [data, response.each_header.to_h]
+    rescue JSON::ParserError => e
+      raise Nomos::Error, "GitHub API JSON error: #{e.message}"
+    end
+  end
+end

data/lib/nomos/reporters/console.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Nomos
+  module Reporters
+    class Console
+      def report(findings)
+        if findings.empty?
+          puts "Nomos: no findings"
+          return
+        end
+
+        findings.each do |finding|
+          location = if finding.file
+                       " (#{finding.file}#{finding.line ? ":#{finding.line}" : ""})"
+                     else
+                       ""
+                     end
+
+          puts "[#{finding.severity}] #{finding.text}#{location}"
+        end
+      end
+    end
+  end
+end