reviewer 0.1.4 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9223e406b7f957249c7d39ba4c56e3fbdabe323e52b270af076de0a530b51b9f
-  data.tar.gz: afb2714ed785bd91b2fe3d3d7b6f75fa8826f9387609ba6eb21ed21960883e10
+  metadata.gz: 91c7ece2434c770297548056ba752092b0cc16427e0b94c35f58acb29efd304b
+  data.tar.gz: b303dd4164e6181f9bb8c583a6eb55836018c17e5361fadecdcd95efab09f3aa
 SHA512:
-  metadata.gz: 7f56b586b5bea303b4dab387ba4c66535caf2f1cdbc0d8ff3b2a8e092b54d0a3bc340ae864a0ae90729bb89a2925294c51c8bab9476cb2a34f886b429efb3694
-  data.tar.gz: 71da282037c2f26c339afe21ddb71ff0713ff7bf652bb0787f74df3b16bf12cd9aea86a7bf7625c0ee43d8d80e6d1e0ca03315e6cf9c1e8eee33cb6082415558
+  metadata.gz: 47aa07e5a1e72001bcaa3f3b95319c0ca8c110ce894e99b731300f948e38139f8d807235a0be17e894763031e87c3a0a1459e91713cb31c9388b5494df200b25
+  data.tar.gz: dcddd952084467bcfcd6ad1d09edd9b8eea87352bc8ef5aae6e0655c77349cc99f6def176c65f7bfe1936f2371251e8a183e345e85a45d6dc95764415efea2a1

data/.alexignore

@@ -0,0 +1 @@
+CODE_OF_CONDUCT.md

data/.github/FUNDING.yml

@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+github: garrettdimon

data/.github/workflows/main.yml

@@ -1,24 +1,94 @@
-name: Ruby
+name: CI
 
-on: [push,pull_request]
+on:
+  push:
+    branches: [main]
+    tags-ignore:
+      - 'v*'
+  pull_request:
+
+env:
+  CI: true
 
 jobs:
-  build:
+  security:
+    name: Security
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: '3.4'
+        bundler-cache: true
+    - name: Update vulnerability database
+      run: bundle exec bundle-audit update
+    - name: Run security audit
+      run: bundle exec bundle-audit check
+
+  test:
+    name: Test (Ruby ${{ matrix.ruby }})
     strategy:
+      fail-fast: false
       matrix:
-        ruby: [2.5.9, 2.6.8, 2.7.4, 3.0.2]
+        ruby: ['3.2', '3.3', '3.4', '4.0']
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:
         ruby-version: ${{ matrix.ruby }}
         bundler-cache: true
-    - name: Bundle Audit
-      run: bundle exec ./exe/rvw bundle_audit
-    - name: Test Review
-      run: bundle exec ./exe/rvw tests
-    - name: Multiple Command Review
-      run: bundle exec ./exe/rvw bundle_audit tests
+        bundler: '2.7'
+    - name: Run tests
+      run: bundle exec rake test
+
+  changelog:
+    name: Changelog
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Validate changelog format
+      run: |
+        # Check [Unreleased] section exists
+        if ! grep -q '## \[Unreleased\]' CHANGELOG.md; then
+          echo "::error::CHANGELOG.md missing [Unreleased] section"
+          exit 1
+        fi
+
+        # Check version entries have dates (## [X.Y.Z] - YYYY-MM-DD)
+        bad_entries=$(grep -E '## \[[0-9]+\.[0-9]+\.[0-9]+\]' CHANGELOG.md | grep -v ' - [0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}' || true)
+        if [ -n "$bad_entries" ]; then
+          echo "::error::Version entries must have dates (## [X.Y.Z] - YYYY-MM-DD)"
+          echo "$bad_entries"
+          exit 1
+        fi
+
+        echo "Changelog format valid"
+
+  version:
+    name: Version
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: '3.4'
+        bundler-cache: true
+    - name: Check version consistency
+      run: |
+        VERSION=$(ruby -r./lib/reviewer/version -e "puts Reviewer::VERSION")
 
+        # If version has a CHANGELOG entry, it should have a date
+        if grep -q "\[${VERSION}\]" CHANGELOG.md; then
+          # Verify the version entry includes a date (YYYY-MM-DD)
+          if ! grep "\[${VERSION}\]" CHANGELOG.md | grep -q ' - [0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}'; then
+            echo "::error::Version ${VERSION} in CHANGELOG is missing release date"
+            exit 1
+          fi
+          echo "Version ${VERSION} has dated changelog entry"
+        else
+          echo "Version ${VERSION} not yet released (under Unreleased section)"
+        fi

data/.github/workflows/release.yml

@@ -0,0 +1,98 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  validate:
+    name: Validate
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: Verify tag is on main branch
+      run: |
+        TAG_COMMIT=$(git rev-list -n 1 ${{ github.ref }})
+        if ! git merge-base --is-ancestor $TAG_COMMIT origin/main; then
+          echo "::error::Release tags must point to a commit on the main branch."
+          echo "::error::This ensures the code has passed CI before release."
+          exit 1
+        fi
+        echo "Tag points to commit on main branch"
+
+  publish:
+    name: Publish
+    needs: validate
+    runs-on: ubuntu-latest
+    environment: rubygems
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: '3.4'
+        bundler-cache: true
+    - name: Build gem
+      run: gem build reviewer.gemspec
+    - name: Push to RubyGems
+      uses: rubygems/release-gem@v1
+
+  github-release:
+    name: GitHub Release
+    needs: publish
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+    - uses: actions/checkout@v4
+    - name: Extract version from tag
+      id: version
+      run: echo "version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
+    - name: Extract changelog for version
+      id: changelog
+      run: |
+        # Extract the section for this version from CHANGELOG.md
+        version="${{ steps.version.outputs.version }}"
+        changelog=$(awk -v ver="$version" '
+          /^## \[/ {
+            if (found) exit
+            if ($0 ~ "\\[" ver "\\]") found=1
+            next
+          }
+          found { print }
+        ' CHANGELOG.md)
+
+        # Handle multi-line output
+        {
+          echo "content<<EOF"
+          echo "$changelog"
+          echo "EOF"
+        } >> $GITHUB_OUTPUT
+    - name: Create GitHub Release
+      uses: softprops/action-gh-release@v2
+      with:
+        name: v${{ steps.version.outputs.version }}
+        body: |
+          ## Changes
+
+          ${{ steps.changelog.outputs.content }}
+
+          ## Installation
+
+          ```bash
+          gem install reviewer -v ${{ steps.version.outputs.version }}
+          ```
+
+          Or add to your Gemfile:
+
+          ```ruby
+          gem 'reviewer', '~> ${{ steps.version.outputs.version }}'
+          ```
+        draft: false
+        prerelease: false

data/.gitignore

@@ -10,4 +10,4 @@
 .reviewer_history.yml
 .reviewer_history_test.yml
 coverage
-Gemfile.lock
+/Gemfile.lock

data/.inch.yml

@@ -1,4 +1,6 @@
 files:
-  # define files included in the analysis (defaults to ["{app,lib}/**/*.rb"])
   included:
     - lib/**/*.rb
+  excluded:
+    # Data.define classes are not properly recognized by YARD/inch
+    - lib/reviewer/runner/result.rb

data/.reek.yml

@@ -0,0 +1,175 @@
+# Reek configuration for Reviewer gem
+# https://github.com/troessner/reek/blob/master/docs/defaults.reek.yml
+#
+# Policy: every detector enabled. Exclusions are method- or class-level
+# with justification. New code is always checked against defaults.
+
+detectors:
+
+  # --- Targeted exclusions: writable attributes ---
+
+  # Mutable command type for re-execution and strategy swappable for
+  # test injection / rerun_via_passthrough.
+  Attribute:
+    exclude:
+      - 'Reviewer::Arguments::Keywords'    # Tools wired post-construction to break circular dependency
+      - 'Reviewer::Command'               # Mutable command type for re-execution
+      - 'Reviewer::Configuration'          # Writable for Reviewer.configure block and tests
+      - 'Reviewer::Runner'                # Strategy swappable for test injection
+      - 'Reviewer::Shell::Result'          # Shell rescue paths set exit_status when no Process::Status exists
+
+  # --- Targeted exclusions: control parameters ---
+
+  # DI fallback patterns (arg || default) and boolean->value mapping.
+  ControlParameter:
+    exclude:
+      - 'Reviewer::Arguments#runner_strategy'                               # Strategy selection from boolean
+      - 'Reviewer::Batch#strategy'                                           # Boolean -> strategy mapping
+      - 'Reviewer::Output::Formatting#status_mark'                          # Boolean -> symbol mapping
+      - 'Reviewer::Output::Formatting#status_style'                         # Boolean -> symbol mapping
+      - 'Reviewer::Doctor::OpportunityCheck#catalog_supports?'              # Type-based capability query
+      - 'Reviewer::Tool::Settings#initialize'                               # DI: optional config hash
+      - 'Reviewer::Runner::Strategies::Captured#finish_progress_bar'        # Timed/untimed display
+
+  # --- Targeted exclusions: repeated conditionals ---
+
+  # TTY guard checks are inherent to progress bar styling — each method
+  # independently decides whether to emit ANSI codes.
+  RepeatedConditional:
+    exclude:
+      - 'Reviewer::Runner::Strategies::Captured'                              # style_enabled? TTY guard
+
+  # --- Targeted exclusions: nil checks ---
+
+  # IO.console genuinely returns nil in non-TTY environments.
+  NilCheck:
+    exclude:
+      - 'Reviewer::Output#console_width'                                    # IO.console returns nil in non-TTY
+
+  # --- Targeted exclusions: test classes ---
+
+  # Test classes are self-documenting via test method names.
+  IrresponsibleModule:
+    exclude:
+      - 'Reviewer::Doctor::KeywordCheckTest'
+      - 'Reviewer::Session::FormatterTest'
+
+  # --- Targeted exclusions: utility functions ---
+
+  # Private helpers that logically belong to their class despite not
+  # referencing self. Moving these to separate classes would be
+  # over-engineering for one-use helpers.
+  UtilityFunction:
+    exclude:
+      - 'Reviewer::Arguments#configure_input_options'                       # Slop DSL config block
+      - 'Reviewer::Arguments#configure_output_options'                      # Slop DSL config block
+      - 'Reviewer::Capabilities#tool_data'                                  # Tool -> hash transform
+      - 'Reviewer::Command::String::Env#needs_quotes?'                     # String analysis helper
+      - 'Reviewer::Command::String::Flags#needs_quotes?'                   # String analysis helper
+      - 'Reviewer::Doctor::OpportunityCheck#catalog_supports?'              # Catalog query helper
+      - 'Reviewer::Doctor::ToolInventory#command_summary'                   # Formatting helper
+      - 'Reviewer::Output#console_width'                                    # IO.console query
+      - 'Reviewer::Output::Formatting#format_duration'                      # Number formatting
+      - 'Reviewer::Output::Formatting#pluralize'                            # String formatting
+      - 'Reviewer::Setup::GemfileLock#process_line'                         # Lockfile line parser
+      - 'Reviewer::Setup::ToolBlock#needs_quoting?'                         # YAML string analysis
+      - 'Reviewer::Runner::Strategies::Captured#update_progress'            # Progress bar update
+      - 'Reviewer::Shell::Timer#record'                                     # Benchmark.realtime wrapper
+
+  # --- Targeted exclusions: feature envy and dispatch ---
+
+  # Methods whose purpose IS to operate on their inputs.
+  FeatureEnvy:
+    exclude:
+      - 'Reviewer::Command::String::Env#env'                               # Key-value formatting
+      - 'Reviewer::Doctor::OpportunityCheck#check_missing_files_config'     # Tool property inspection
+      - 'Reviewer::Doctor::OpportunityCheck#check_missing_format_command'   # Tool property inspection
+      - 'Reviewer::Output::Printer#write_raw'                              # Stream pass-through
+      - 'Reviewer::Session#build_suggestions'                               # each_with_object iteration
+      - 'Reviewer::Session#show_missing_tools'                              # Guard + formatter delegation
+      - 'Reviewer::Setup::ToolBlock#apply_js_runner'                        # String substitution on input
+      - 'Reviewer::Setup::ToolBlock#quote'                                  # YAML quoting on input string
+      - 'Reviewer::Tool::Timing#average_time'                               # Array computation
+      - 'Reviewer::Runner::Strategies::Captured#finish_progress_bar'        # Operates on bar parameter
+
+
+  # Intentional dynamic dispatch via respond_to?/send.
+  ManualDispatch:
+    exclude:
+      - 'Reviewer::Arguments::Files#from_keywords'                          # Maps keyword strings to git methods
+      - 'Reviewer::Output::Printer#initialize'                              # Defensive sync= guard for non-IO streams
+      - 'Reviewer::Prompt#interactive?'                                     # TTY availability check
+
+  # --- Targeted exclusions: size metrics ---
+
+  # Printer's (style, content) parameters co-travel by design --
+  # "what to display" and "how to display it" are not a missing abstraction.
+  DataClump:
+    exclude:
+      - 'Reviewer::Output::Printer'
+
+  # DI constructors store each dependency as an ivar.
+  TooManyInstanceVariables:
+    exclude:
+      - 'Reviewer::Batch'                                                   # 5: command_type + tools + strategy + context + report
+      - 'Reviewer::Command'                                                 # 5: tool + type + seed + arguments + history
+      - 'Reviewer::Runner'                                                  # 6: command + strategy + shell + context + skipped + missing
+      - 'Reviewer::Tools'                                                   # 5: tags + tool_names + arguments + history + config_file
+
+  # ANSI escape sequence module -- 6 constants is the natural decomposition.
+  TooManyConstants:
+    exclude:
+      - 'Reviewer::Output::AnsiStyles'
+
+  # Classes with cohesive accessor/query interfaces that exceed default (15).
+  TooManyMethods:
+    exclude:
+      - 'Reviewer::Output'                                                  # 20: delegation hub
+      - 'Reviewer::Runner'                                                  # 21: execution host + queries
+      - 'Reviewer::Session'                                                 # 19: lifecycle orchestrator
+      - 'Reviewer::Tool'                                                    # 18: settings + history + files
+      - 'Reviewer::Tool::Settings'                                          # 22: config accessor layer
+      - 'Reviewer::Tools'                                                   # 16: collection with filters
+
+  # Orchestration methods that exceed default (5) but are clear and linear.
+  TooManyStatements:
+    max_statements: 7
+    exclude:
+      - 'Reviewer::Batch::Formatter#missing_tools'                          # 8: iterate tools with header/footer
+      - 'Reviewer::Doctor::Formatter#print_finding'                         # 8: extract 3 fields + format 3 lines
+      - 'Reviewer::Session#run_json'                                        # 8: early exits + lifecycle steps
+      - 'Reviewer::Session#run_text'                                        # 9: lifecycle steps
+      - 'Reviewer::Setup'                                                   # 9: setup orchestrator
+      - 'Reviewer::Shell#direct'                                            # 10: Open3 wrapper + error handling
+      - 'Reviewer::Runner::Strategies::Captured#create_progress_bar'        # 9: timed/untimed bar with TTY format
+
+  # Formatter spacing (output.newline 3x).
+  DuplicateMethodCall:
+    max_calls: 2
+    exclude:
+      - 'Reviewer::Runner::Strategies::Captured#show_captured_stdout'       # runner.output 3x — caching obscures origin
+      - 'Reviewer::Setup::Formatter'                                        # output.newline 3x for visual spacing
+
+  # --- Targeted exclusions: parameter counts ---
+
+  # DI constructors accept injected dependencies. Default max_params (3)
+  # is too low for classes with 5-6 dependencies. Reek has a separate
+  # default for initialize (5); override to accommodate DI constructors.
+  LongParameterList:
+    max_params: 5
+    overrides:
+      initialize:
+        max_params: 7
+
+  # --- Name exclusions ---
+
+  # Tool() follows Ruby's kernel conversion convention (Integer(), Array()).
+  UncommunicativeMethodName:
+    exclude:
+      - 'Reviewer::Tool::Conversions'
+
+  # RuboCop enforces `e` for rescue variables. `_` is a standard discard.
+  UncommunicativeVariableName:
+    accept:
+      - e
+      - _

data/.reviewer.example.yml

@@ -2,13 +2,15 @@
 # It can be handy to leave this section in your configuration file as a convenient reference.
 #
 # <command_key>:                // ex. 'rubocop', 'bundler-audit', etc.
-#  disabled: true               // Optional. Tools are enabled by default
+#  skip_in_batch: true           // Optional. Tools run in batch by default. Set to true to only run when explicitly named.
+#  disabled: true               // Deprecated. Use skip_in_batch instead. Still supported as fallback.
 #  name:                        // Optional. Will use the `command_key` if name isn't provided.
 #  description:                 // Optional. Serves as a handy reminder for the purpose of the command.
 #  tags: [ruby, dependencies]   // Optional. Lets you run commands tagged with the same word.
 #  links:
 #    home:                      // Optional. A link to the home page for the tool.
 #    install:                   // Optional. A link to the installation instructions for the tool.
+#    usage:                     // Optional. A link to the general usage instructions for the tool.
 #    ignore_syntax:             // Optional. A link to the syntax for ignoring some rules for small sections of code.
 #    disable_syntax:            // Optional. A link to the syntax for disabling entire rules for a tool.
 #  commands:
@@ -16,20 +18,28 @@
 #    prepare:                   // Optional. Command to run prior to the review phase. ex. 'bundle exec bundle-audit update'
 #    review:                    // Required. The only truly required field because this is the whole point.
 #    format:                    // Optional. Command to auto-update rule violations when possible.
-#    quiet_option:              // Optional, but strongly suggested. Helps keep output under control when running multiple tools.
+#    serve:                     // Optional. Command to start a local server with reports generated by the tool.
+#    generate:                  // Optional. Command to generate artifacts from the tool for viewing separately.
 #    max_exit_status:           // Optional, defaults to 0. Some tools like Yarn Audit essentially won't return less than a 3. This specifies the threshold that's still considered passing.
-#    files_flag:                // Optional, defaults to '' (empty string). The name of the flag used to pass subsets of files to the command.
-#    files_separator:           // Optional, defaults to ' ' (single space). The character used to separate lists of files and directories.
+#  files:
+#    flag:                      // Optional, defaults to '' (empty string). The name of the flag used to pass subsets of files to the command.
+#    separator:                 // Optional, defaults to ' ' (single space). The character used to separate lists of files and directories.
+#    pattern:                   // Optional. Glob pattern to filter files (e.g., '*.rb'). Only files matching this pattern are passed to the tool.
+#    map_to_tests:              // Optional. Maps source files to test files. Values: 'minitest' (test/*_test.rb) or 'rspec' (spec/*_spec.rb).
 #  env:                         // Optional. A way to specify necessary environment variables for the tools commands. The key is the variable name, and the value is, well, the value.
 #    example_one: value         //           - The names will automatically be capitalized, so you can freely use lower-case here.
 #    example_one: value         //           - Reviewer is smart enough to handle string values with spaces and automatically quote them.
 #  flags:                       // Optional. A way to specify flags *only for the review command*. The key is the flag name, and the value is, well, the value.
 #    example_one: value         //           - Reviewer is smart enough to handle single-letter (-f) and multi-letter (--format) flags.
 #    example_two: value         //           - It's highly-recommended to use the longer-name format for flags when possible to serve as self-documentation.
+#    example_three:             //           - If the flag doesn't need or have a value, leaving it blank will translate it to a flag without a value.
+#  other:                       // Optional. A way to specify paramters that don't follow the standard flags conventions.
+#    description: value         //           - The key (ex. 'description') only serves as documentation and won't be used. Instead, the raw value will be applied
+
 
 # In practice, a configuration block would look something like the block below.
 tool-name-key:
-  disabled: true
+  skip_in_batch: true
   name: Tool
   description: A tool that finds issues and fixes code.
   tags: [syntax, security]
@@ -43,11 +53,16 @@ tool-name-key:
     prepare: 'bundle exec tool update'
     review: 'bundle exec tool'
     format: 'bundle exec tool --format'
-    quiet_option: '--quiet'
     max_exit_status: 1
-    files_flag: 'files'
-    files_separator: ','
-   env:
-     report: false
-   flags:
-     format: json
+  files:
+    flag: 'files'
+    separator: ','
+    pattern: '*.rb'
+    map_to_tests: minitest
+  env:
+    report: false
+  flags:
+    format: json
+    verbose:
+  other:
+    example: '--example | other'