nomos 0.1.0

data/lib/nomos/reporters/github.rb

@@ -0,0 +1,168 @@
+# frozen_string_literal: true
+
+require "set"
+
+module Nomos
+  module Reporters
+    class GitHub
+      MARKER = "<!-- nomos:report -->"
+      INLINE_MARKER = "<!-- nomos:inline -->"
+      INLINE_SEVERITIES = %i[warn fail].freeze
+
+      def initialize(client:, repo:, pr_number:, pull_request: nil, context: nil)
+        @client = client
+        @repo = repo
+        @pr_number = pr_number
+        @pull_request = pull_request
+        @context = context
+      end
+
+      def report(findings)
+        body = build_body(findings)
+        existing = find_existing_comment
+
+        if existing
+          @client.update_comment(@repo, existing.fetch("id"), body)
+        else
+          @client.create_comment(@repo, @pr_number, body)
+        end
+
+        create_inline_comments(findings)
+      end
+
+      private
+
+      def find_existing_comment
+        comments = @client.list_issue_comments(@repo, @pr_number)
+        comments.find { |comment| comment.fetch("body", "").include?(MARKER) }
+      end
+
+      def build_body(findings)
+        lines = [MARKER, "## Nomos Report", ""]
+
+        if findings.empty?
+          lines << "No issues found."
+        else
+          blocks = findings.map { |finding| format_finding_block(finding) }
+          lines << blocks.join("\n\n")
+        end
+
+        lines.join("\n")
+      end
+
+      def create_inline_comments(findings)
+        inline_findings = findings.select { |finding| INLINE_SEVERITIES.include?(finding.severity) }
+        return if inline_findings.empty?
+
+        comments = inline_findings.filter_map do |finding|
+          next unless finding.file && finding.line
+
+          diff_lines = diff_lines_for(finding.file)
+          next unless diff_lines.include?(finding.line)
+
+          {
+            path: finding.file,
+            line: finding.line,
+            side: "RIGHT",
+            body: build_inline_body(finding)
+          }
+        end
+
+        return if comments.empty?
+
+        pr = @pull_request || @context&.pull_request || @client.pull_request(@repo, @pr_number)
+        commit_id = pr.dig("head", "sha")
+
+        @client.create_review(
+          @repo,
+          @pr_number,
+          body: "Nomos inline review comments",
+          event: "COMMENT",
+          comments: comments,
+          commit_id: commit_id
+        )
+      rescue Nomos::Error => e
+        warn "Nomos inline review comment failed: #{e.message}"
+      end
+
+      def build_inline_body(finding)
+        "#{INLINE_MARKER}\n#{format_alert_block(finding, include_location: false)}"
+      end
+
+      def format_finding_block(finding)
+        format_alert_block(finding, include_location: true)
+      end
+
+      def format_alert_block(finding, include_location:)
+        alert = severity_alert(finding.severity)
+        location = if include_location && finding.file
+                     " (`#{finding.file}#{finding.line ? ":#{finding.line}" : ""}`)"
+                   else
+                     ""
+                   end
+        source = finding.source.to_s.empty? ? "" : " (#{finding.source})"
+        text = "#{finding.text}#{source}#{location}"
+        "> [!#{alert}]\n> #{text}"
+      end
+
+      def severity_alert(severity)
+        case severity
+        when :fail
+          "CAUTION"
+        when :warn
+          "WARNING"
+        else
+          "NOTE"
+        end
+      end
+
+      def diff_lines_for(file)
+        @diff_lines_by_file ||= {}
+        return @diff_lines_by_file[file] if @diff_lines_by_file.key?(file)
+
+        patch = patch_for(file)
+        @diff_lines_by_file[file] = right_side_lines(patch)
+      end
+
+      def patch_for(file)
+        return @context.diff(file) if @context
+
+        @pr_files ||= @client.pull_request_files(@repo, @pr_number)
+        @pr_files.find { |entry| entry["filename"] == file }&.fetch("patch", nil)
+      end
+
+      def right_side_lines(patch)
+        return Set.new unless patch
+
+        lines = Set.new
+        right_line = nil
+
+        patch.each_line do |line|
+          if line.start_with?("@@")
+            match = line.match(/\@\@ -\d+(?:,\d+)? \+(\d+)(?:,\d+)? \@\@/)
+            right_line = match ? match[1].to_i : nil
+            next
+          end
+
+          next unless right_line
+
+          case line[0]
+          when "+"
+            next if line.start_with?("+++")
+            lines << right_line
+            right_line += 1
+          when "-"
+            next if line.start_with?("---")
+          when " "
+            lines << right_line
+            right_line += 1
+          when "\\"
+            # no newline at end of file; ignore
+          end
+        end
+
+        lines
+      end
+    end
+  end
+end

data/lib/nomos/reporters/json.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require "json"
+require "time"
+
+module Nomos
+  module Reporters
+    class Json
+      def initialize(path:)
+        @path = path
+      end
+
+      def report(findings)
+        data = {
+          generated_at: Time.now.utc.iso8601,
+          counts: count_findings(findings),
+          findings: findings.map(&:to_h)
+        }
+
+        File.write(@path, JSON.pretty_generate(data))
+      end
+
+      private
+
+      def count_findings(findings)
+        counts = Hash.new(0)
+        findings.each { |finding| counts[finding.severity] += 1 }
+        counts
+      end
+    end
+  end
+end

data/lib/nomos/rules/base.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Nomos
+  module Rules
+    class Base
+      attr_reader :name, :params
+
+      def initialize(name:, params: {})
+        @name = name
+        @params = params
+      end
+
+      def run(_context)
+        raise NotImplementedError, "Rules must implement #run"
+      end
+    end
+  end
+end

data/lib/nomos/rules/builtin/forbid_paths.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require_relative "../base"
+require_relative "../../finding"
+
+module Nomos
+  module Rules
+    module Builtin
+      class ForbidPaths < Base
+        def run(context)
+          patterns = Array(params[:patterns])
+          return [] if patterns.empty?
+
+          matches = context.changed_files.select do |file|
+            patterns.any? { |pattern| File.fnmatch?(pattern, file) }
+          end
+
+          return [] if matches.empty?
+
+          message = [
+            "Restricted paths changed",
+            "- Files: #{matches.join(", ")}",
+            "- Impact: Changes in protected paths require extra review.",
+            "- Action: Revert these changes or update the rule."
+          ].join("\n")
+
+          [Finding.fail(message, source: name)]
+        end
+      end
+    end
+  end
+end

data/lib/nomos/rules/builtin/no_large_pr.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require_relative "../base"
+require_relative "../../finding"
+
+module Nomos
+  module Rules
+    module Builtin
+      class NoLargePr < Base
+        def run(context)
+          max = params.fetch(:max_changed_lines, 0)
+          return [] if max <= 0
+
+          return [] if context.changed_lines <= max
+
+          message = [
+            "PR size exceeds limit",
+            "- Reason: #{context.changed_lines} lines changed (max #{max}).",
+            "- Impact: Large PRs are harder to review and riskier to merge.",
+            "- Action: Split this PR or raise the limit."
+          ].join("\n")
+
+          [Finding.fail(message, source: name)]
+        end
+      end
+    end
+  end
+end

data/lib/nomos/rules/builtin/require_file_change.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require_relative "../base"
+require_relative "../../finding"
+
+module Nomos
+  module Rules
+    module Builtin
+      class RequireFileChange < Base
+        def run(context)
+          patterns = Array(params[:patterns])
+          return [] if patterns.empty?
+
+          matched = patterns.any? do |pattern|
+            context.changed_files.any? { |file| File.fnmatch?(pattern, file) }
+          end
+
+          return [] if matched
+
+          message = [
+            "Required file update missing",
+            "- Reason: None of these patterns were changed: #{patterns.join(", ")}.",
+            "- Action: Update at least one matching file or adjust the rule."
+          ].join("\n")
+
+          [Finding.fail(message, source: name)]
+        end
+      end
+    end
+  end
+end

data/lib/nomos/rules/builtin/require_labels.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require_relative "../base"
+require_relative "../../finding"
+
+module Nomos
+  module Rules
+    module Builtin
+      class RequireLabels < Base
+        def run(context)
+          required = Array(params[:labels]).map(&:to_s).reject(&:empty?)
+          return [] if required.empty?
+
+          labels = Array(context.pull_request["labels"]).map { |label| label["name"] }.compact
+          missing = required - labels
+
+          return [] if missing.empty?
+
+          message = [
+            "Missing required labels",
+            "- Missing: #{missing.join(", ")}",
+            "- Action: Add the label(s) to the PR."
+          ].join("\n")
+
+          [Finding.fail(message, source: name)]
+        end
+      end
+    end
+  end
+end

data/lib/nomos/rules/builtin/todo_guard.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require_relative "../base"
+require_relative "../../finding"
+
+module Nomos
+  module Rules
+    module Builtin
+      class TodoGuard < Base
+        def run(context)
+          patterns = Array(params[:patterns])
+          patterns = ["TODO"] if patterns.empty?
+
+          matches = context.changed_files.select do |file|
+            diff = context.diff(file).to_s
+            patterns.any? { |pattern| diff.include?(pattern) }
+          end
+
+          return [] if matches.empty?
+
+          message = [
+            "TODO markers in diff",
+            "- Files: #{matches.join(", ")}",
+            "- Action: Resolve or remove TODOs, or update the patterns."
+          ].join("\n")
+
+          [Finding.fail(message, source: name)]
+        end
+      end
+    end
+  end
+end

data/lib/nomos/rules/ruby_dsl.rb

@@ -0,0 +1,102 @@
+# frozen_string_literal: true
+
+require_relative "../finding"
+
+module Nomos
+  module Rules
+    module RubyDSL
+      class RuleContext
+        def initialize(context, rule_name)
+          @context = context
+          @rule_name = rule_name
+          @findings = []
+        end
+
+        def changed_files
+          @context.changed_files
+        end
+
+        def diff(file)
+          @context.diff(file).to_s
+        end
+
+        def pr_title
+          @context.pull_request["title"]
+        end
+
+        def pr_body
+          @context.pull_request["body"]
+        end
+
+        def pr_number
+          @context.pull_request["number"]
+        end
+
+        def pr_author
+          @context.pull_request.dig("user", "login")
+        end
+
+        def pr_labels
+          Array(@context.pull_request["labels"]).map { |label| label["name"] }.compact
+        end
+
+        def repo
+          @context.repo
+        end
+
+        def base_branch
+          @context.base_branch
+        end
+
+        def ci
+          @context.ci
+        end
+
+        def message(text, **opts)
+          @findings << Finding.message(text, **opts, source: @rule_name)
+        end
+
+        def warn(text, **opts)
+          @findings << Finding.warn(text, **opts, source: @rule_name)
+        end
+
+        def fail(text, **opts)
+          @findings << Finding.fail(text, **opts, source: @rule_name)
+        end
+
+        def findings
+          @findings.dup
+        end
+      end
+
+      class RuleDefinition
+        def initialize(name, block)
+          @name = name
+          @block = block
+        end
+
+        def run(context)
+          rule_context = RuleContext.new(context, @name)
+          rule_context.instance_eval(&@block)
+          rule_context.findings
+        end
+      end
+
+      class RuleSet
+        def initialize
+          @rules = []
+        end
+
+        def rule(name, &block)
+          raise ArgumentError, "Rule name is required" if name.to_s.empty?
+
+          @rules << RuleDefinition.new(name, block)
+        end
+
+        def run(context)
+          @rules.flat_map { |rule| rule.run(context) }
+        end
+      end
+    end
+  end
+end

data/lib/nomos/rules/ruby_file.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require_relative "base"
+require_relative "ruby_dsl"
+
+module Nomos
+  module Rules
+    class RubyFile < Base
+      def run(context)
+        path = params.fetch(:path)
+        raise Nomos::Error, "Rule file not found: #{path}" unless File.exist?(path)
+
+        ruleset = RubyDSL::RuleSet.new
+        ruleset.instance_eval(File.read(path), path)
+        ruleset.run(context)
+      end
+    end
+  end
+end

data/lib/nomos/rules.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require_relative "finding"
+require_relative "rules/base"
+require_relative "rules/builtin/no_large_pr"
+require_relative "rules/builtin/require_file_change"
+require_relative "rules/builtin/forbid_paths"
+require_relative "rules/builtin/require_labels"
+require_relative "rules/builtin/todo_guard"
+require_relative "rules/ruby_file"
+
+module Nomos
+  module Rules
+    class LevelOverride
+      attr_reader :name
+
+      def initialize(rule, severity)
+        @rule = rule
+        @severity = severity
+        @name = rule.name
+      end
+
+      def run(context)
+        Array(@rule.run(context)).map { |finding| finding.with_severity(@severity) }
+      end
+    end
+
+    BUILTIN_MAP = {
+      "builtin.no_large_pr" => Builtin::NoLargePr,
+      "builtin.require_file_change" => Builtin::RequireFileChange,
+      "builtin.forbid_paths" => Builtin::ForbidPaths,
+      "builtin.require_labels" => Builtin::RequireLabels,
+      "builtin.todo_guard" => Builtin::TodoGuard,
+      "ruby.file" => RubyFile
+    }.freeze
+
+    def self.build(rule_config)
+      name = rule_config.fetch(:name)
+      type = rule_config.fetch(:type)
+      params = rule_config.fetch(:params, {})
+      level = rule_config[:level]
+
+      klass = BUILTIN_MAP[type]
+      raise Nomos::Error, "Unknown rule type: #{type}" unless klass
+
+      rule = klass.new(name: name, params: params)
+      return rule unless level
+
+      severity = Finding.severity_for_level(level)
+      LevelOverride.new(rule, severity)
+    rescue ArgumentError => e
+      raise Nomos::Error, e.message
+    end
+  end
+end

data/lib/nomos/runner.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+require_relative "finding"
+require_relative "rules"
+
+module Nomos
+  class Runner
+    def initialize(config, context)
+      @config = config
+      @context = context
+    end
+
+    def run
+      rules = @config.rules.map { |rule_config| Rules.build(rule_config) }
+      return [] if rules.empty?
+
+      concurrency = @config.performance.fetch(:concurrency, 1).to_i
+      return run_sequential(rules) if concurrency <= 1 || rules.length == 1
+
+      run_parallel(rules, concurrency)
+    end
+
+    private
+
+    def run_sequential(rules)
+      findings = []
+
+      rules.each do |rule|
+        begin
+          findings.concat(Array(rule.run(@context)))
+        rescue StandardError => e
+          findings << Finding.fail("Rule #{rule.name} failed: #{e.message}", source: rule.name)
+        end
+      end
+
+      findings
+    end
+
+    def run_parallel(rules, concurrency)
+      queue = Queue.new
+      rules.each { |rule| queue << rule }
+
+      findings = []
+      mutex = Mutex.new
+      threads = Array.new([concurrency, rules.length].min) do
+        Thread.new do
+          loop do
+            rule = queue.pop(true)
+            begin
+              result = Array(rule.run(@context))
+              mutex.synchronize { findings.concat(result) }
+            rescue StandardError => e
+              mutex.synchronize do
+                findings << Finding.fail("Rule #{rule.name} failed: #{e.message}", source: rule.name)
+              end
+            end
+          end
+        rescue ThreadError
+          # queue empty
+        end
+      end
+
+      threads.each(&:join)
+      findings
+    end
+  end
+end

data/lib/nomos/timing.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Nomos
+  class Timing
+    Entry = Struct.new(:label, :duration_ms, keyword_init: true)
+
+    def initialize
+      @entries = []
+    end
+
+    def measure(label)
+      start = Process.clock_gettime(Process::CLOCK_MONOTONIC)
+      result = yield
+      finish = Process.clock_gettime(Process::CLOCK_MONOTONIC)
+      duration_ms = ((finish - start) * 1000).round(2)
+      @entries << Entry.new(label: label, duration_ms: duration_ms)
+      result
+    end
+
+    def entries
+      @entries.dup
+    end
+
+    def report(io = $stderr)
+      return if @entries.empty?
+
+      io.puts "Nomos timing (ms):"
+      @entries.each do |entry|
+        io.puts "- #{entry.label}: #{entry.duration_ms}"
+      end
+    end
+  end
+end

data/lib/nomos/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Nomos
+  VERSION = "0.1.0"
+end

data/lib/nomos.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require_relative "nomos/version"
+require_relative "nomos/cli"
+require_relative "nomos/cache"
+require_relative "nomos/config"
+require_relative "nomos/context"
+require_relative "nomos/context_loader"
+require_relative "nomos/finding"
+require_relative "nomos/github_client"
+require_relative "nomos/rules"
+require_relative "nomos/rules/ruby_file"
+require_relative "nomos/runner"
+require_relative "nomos/reporters/console"
+require_relative "nomos/reporters/github"
+require_relative "nomos/reporters/json"
+require_relative "nomos/timing"
+
+module Nomos
+  class Error < StandardError; end
+end

data/sig/nomos.rbs

@@ -0,0 +1,4 @@
+module Nomos
+  VERSION: String
+  # See the writing guide of rbs: https://github.com/ruby/rbs#guides
+end