spurline-core 0.3.0

data/lib/spurline/cartographer/repo_profile.rb

@@ -0,0 +1,140 @@
+# frozen_string_literal: true
+
+require "json"
+require "time"
+
+module Spurline
+  module Cartographer
+    # Immutable, serializable analysis output for a repository.
+    class RepoProfile
+      CURRENT_VERSION = "1.0"
+
+      attr_reader :version, :analyzed_at, :repo_path,
+                  :languages, :frameworks, :ruby_version, :node_version,
+                  :ci, :entry_points, :environment_vars_required,
+                  :security_findings, :confidence, :metadata
+
+      def initialize(**attrs)
+        @version = CURRENT_VERSION
+        @analyzed_at = normalize_time(attrs.fetch(:analyzed_at, Time.now.utc.iso8601))
+        @repo_path = attrs.fetch(:repo_path)
+        @languages = deep_copy(attrs.fetch(:languages, {}))
+        @frameworks = deep_copy(attrs.fetch(:frameworks, {}))
+        @ruby_version = attrs.fetch(:ruby_version, nil)
+        @node_version = attrs.fetch(:node_version, nil)
+        @ci = deep_copy(attrs.fetch(:ci, {}))
+        @entry_points = deep_copy(attrs.fetch(:entry_points, {}))
+        @environment_vars_required = deep_copy(attrs.fetch(:environment_vars_required, []))
+        @security_findings = deep_copy(attrs.fetch(:security_findings, []))
+        @confidence = deep_copy(attrs.fetch(:confidence, {}))
+        @metadata = deep_copy(attrs.fetch(:metadata, {}))
+
+        deep_freeze(@languages)
+        deep_freeze(@frameworks)
+        deep_freeze(@ci)
+        deep_freeze(@entry_points)
+        deep_freeze(@environment_vars_required)
+        deep_freeze(@security_findings)
+        deep_freeze(@confidence)
+        deep_freeze(@metadata)
+        freeze
+      end
+
+      def to_h
+        {
+          version: version,
+          analyzed_at: analyzed_at,
+          repo_path: repo_path,
+          languages: deep_copy(languages),
+          frameworks: deep_copy(frameworks),
+          ruby_version: ruby_version,
+          node_version: node_version,
+          ci: deep_copy(ci),
+          entry_points: deep_copy(entry_points),
+          environment_vars_required: deep_copy(environment_vars_required),
+          security_findings: deep_copy(security_findings),
+          confidence: deep_copy(confidence),
+          metadata: deep_copy(metadata),
+        }
+      end
+
+      def self.from_h(hash)
+        data = deep_symbolize(hash || {})
+        new(
+          analyzed_at: data[:analyzed_at],
+          repo_path: data.fetch(:repo_path),
+          languages: data[:languages] || {},
+          frameworks: data[:frameworks] || {},
+          ruby_version: data[:ruby_version],
+          node_version: data[:node_version],
+          ci: data[:ci] || {},
+          entry_points: data[:entry_points] || {},
+          environment_vars_required: data[:environment_vars_required] || [],
+          security_findings: data[:security_findings] || [],
+          confidence: data[:confidence] || {},
+          metadata: data[:metadata] || {}
+        )
+      end
+
+      def to_json(*)
+        JSON.generate(to_h)
+      end
+
+      def secure?
+        security_findings.empty?
+      end
+
+      private
+
+      def normalize_time(value)
+        return value.utc.iso8601 if value.respond_to?(:utc) && value.respond_to?(:iso8601)
+
+        value.to_s
+      end
+
+      def deep_copy(value)
+        case value
+        when Hash
+          value.each_with_object({}) do |(key, item), copy|
+            copy[key] = deep_copy(item)
+          end
+        when Array
+          value.map { |item| deep_copy(item) }
+        else
+          value
+        end
+      end
+
+      def deep_freeze(value)
+        case value
+        when Hash
+          value.each do |key, item|
+            deep_freeze(key)
+            deep_freeze(item)
+          end
+        when Array
+          value.each { |item| deep_freeze(item) }
+        end
+
+        value.freeze
+      end
+
+      class << self
+        private
+
+        def deep_symbolize(value)
+          case value
+          when Hash
+            value.each_with_object({}) do |(key, item), hash|
+              hash[key.to_sym] = deep_symbolize(item)
+            end
+          when Array
+            value.map { |item| deep_symbolize(item) }
+          else
+            value
+          end
+        end
+      end
+    end
+  end
+end

data/lib/spurline/cartographer/runner.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+module Spurline
+  module Cartographer
+    class Runner
+      ANALYZERS = [
+        Analyzers::FileSignatures,
+        Analyzers::Manifests,
+        Analyzers::CIConfig,
+        Analyzers::Dotfiles,
+        Analyzers::EntryPoints,
+        Analyzers::SecurityScan,
+      ].freeze
+
+      # ASYNC-READY:
+      def analyze(repo_path:, scheduler: Spurline::Adapters::Scheduler::Sync.new)
+        expanded_path = File.expand_path(repo_path)
+        validate_path!(expanded_path)
+
+        results = {}
+        confidences = {}
+        active_scheduler = scheduler.is_a?(Class) ? scheduler.new : scheduler
+
+        ANALYZERS.each do |klass|
+          analyzer = klass.new(repo_path: expanded_path)
+          layer_result = active_scheduler.run { analyzer.analyze }
+
+          unless layer_result.is_a?(Hash)
+            raise Spurline::AnalyzerError,
+              "#{klass.name} returned #{layer_result.class} instead of Hash"
+          end
+
+          results = deep_merge(results, layer_result)
+          confidences[analyzer_key(klass)] = analyzer.confidence
+        rescue StandardError => e
+          confidences[analyzer_key(klass)] = 0.0
+          results[:metadata] ||= {}
+          (results[:metadata][:analyzer_errors] ||= []) << {
+            analyzer: klass.name,
+            error: e.message,
+          }
+        end
+
+        results = deep_merge(results, confidence: build_confidence(confidences))
+
+        RepoProfile.new(repo_path: expanded_path, **results)
+      end
+
+      private
+
+      def validate_path!(path)
+        return if File.directory?(path)
+
+        raise Spurline::CartographerAccessError,
+          "Repository path '#{path}' does not exist or is not a directory. " \
+          "Provide an absolute path to a valid repository."
+      end
+
+      def analyzer_key(klass)
+        name = klass.name || "AnonymousAnalyzer#{klass.object_id}"
+        name = name.split("::").last
+        name = name.gsub(/([A-Z]+)([A-Z][a-z])/, "\\1_\\2")
+        name = name.gsub(/([a-z\\d])([A-Z])/, "\\1_\\2")
+        name.downcase.to_sym
+      end
+
+      def build_confidence(layer_confidences)
+        scores = layer_confidences.values
+        {
+          overall: scores.empty? ? 0.0 : (scores.sum / scores.size).round(2),
+          per_layer: layer_confidences,
+        }
+      end
+
+      def deep_merge(left, right)
+        left.merge(right) do |_key, left_value, right_value|
+          if left_value.is_a?(Hash) && right_value.is_a?(Hash)
+            deep_merge(left_value, right_value)
+          elsif left_value.is_a?(Array) && right_value.is_a?(Array)
+            (left_value + right_value).uniq
+          else
+            right_value
+          end
+        end
+      end
+    end
+  end
+end

data/lib/spurline/cartographer.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module Spurline
+  module Cartographer
+  end
+end

data/lib/spurline/channels/base.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module Spurline
+  module Channels
+    # Abstract interface for channel adapters. Each channel parses events from
+    # a specific external source and resolves session affinity.
+    #
+    # Subclasses must implement:
+    #   #channel_name   - Symbol identifying this channel
+    #   #route(payload) - Parse payload, resolve session, return Event or nil
+    #   #supported_events - Array of event type symbols this channel handles
+    class Base
+      # Symbol identifying this channel (e.g., :github, :slack).
+      def channel_name
+        raise NotImplementedError, "#{self.class.name} must implement #channel_name"
+      end
+
+      # Parses a raw payload hash and returns a routed Event, or nil if the
+      # payload is not recognized or not relevant.
+      #
+      # @param payload [Hash] The raw event payload (e.g., parsed webhook JSON)
+      # @param headers [Hash] Optional HTTP headers for signature verification
+      # @return [Spurline::Channels::Event, nil]
+      # ASYNC-READY:
+      def route(payload, headers: {})
+        raise NotImplementedError, "#{self.class.name} must implement #route"
+      end
+
+      # Returns the event types this channel can handle.
+      # @return [Array<Symbol>]
+      def supported_events
+        raise NotImplementedError, "#{self.class.name} must implement #supported_events"
+      end
+
+      # Whether this channel handles the given event type.
+      def handles?(event_type)
+        supported_events.include?(event_type.to_sym)
+      end
+    end
+  end
+end

data/lib/spurline/channels/event.rb

@@ -0,0 +1,136 @@
+# frozen_string_literal: true
+
+require "time"
+
+module Spurline
+  module Channels
+    # Immutable value object representing an external event routed through a channel.
+    # Events are the universal internal representation regardless of which channel
+    # produced them. Frozen on creation.
+    #
+    # Attributes:
+    #   channel     - Symbol identifying the source channel (e.g., :github)
+    #   event_type  - Symbol for the event kind (e.g., :issue_comment, :pr_review)
+    #   payload     - Hash of parsed event data (channel-specific)
+    #   trust       - Symbol trust level (default :external)
+    #   session_id  - String session ID if routing resolved, nil otherwise
+    #   received_at - Time the event was received
+    class Event
+      attr_reader :channel, :event_type, :payload, :trust, :session_id, :received_at
+
+      def initialize(channel:, event_type:, payload:, trust: :external, session_id: nil, received_at: nil)
+        validate_channel!(channel)
+        validate_event_type!(event_type)
+        validate_payload!(payload)
+        validate_trust!(trust)
+
+        @channel = channel.to_sym
+        @event_type = event_type.to_sym
+        @payload = deep_freeze(payload)
+        @trust = trust.to_sym
+        @session_id = session_id&.to_s&.freeze
+        @received_at = (received_at || Time.now).freeze
+        freeze
+      end
+
+      # Whether this event was matched to a specific session.
+      def routed?
+        !@session_id.nil?
+      end
+
+      # Serializes the event to a plain hash suitable for JSON serialization.
+      def to_h
+        {
+          channel: @channel,
+          event_type: @event_type,
+          payload: unfreeze_hash(@payload),
+          trust: @trust,
+          session_id: @session_id,
+          received_at: @received_at.iso8601(6),
+        }
+      end
+
+      # Reconstructs an Event from a hash (e.g., from JSON deserialization).
+      def self.from_h(hash)
+        h = symbolize_keys(hash)
+        new(
+          channel: h[:channel],
+          event_type: h[:event_type],
+          payload: symbolize_keys(h[:payload] || {}),
+          trust: h[:trust] || :external,
+          session_id: h[:session_id],
+          received_at: h[:received_at] ? Time.parse(h[:received_at].to_s) : nil
+        )
+      end
+
+      def ==(other)
+        other.is_a?(Event) &&
+          channel == other.channel &&
+          event_type == other.event_type &&
+          payload == other.payload &&
+          trust == other.trust &&
+          session_id == other.session_id
+      end
+
+      def inspect
+        "#<Spurline::Channels::Event channel=#{channel} type=#{event_type} " \
+          "session=#{session_id || 'unrouted'} trust=#{trust}>"
+      end
+
+      private
+
+      def validate_channel!(channel)
+        raise ArgumentError, "channel must be a Symbol or String" unless channel.respond_to?(:to_sym)
+      end
+
+      def validate_event_type!(event_type)
+        raise ArgumentError, "event_type must be a Symbol or String" unless event_type.respond_to?(:to_sym)
+      end
+
+      def validate_payload!(payload)
+        raise ArgumentError, "payload must be a Hash, got #{payload.class}" unless payload.is_a?(Hash)
+      end
+
+      def validate_trust!(trust)
+        level = trust.to_sym
+        unless Spurline::Security::Content::TRUST_LEVELS.include?(level)
+          raise Spurline::ConfigurationError,
+            "Invalid trust level for channel event: #{trust.inspect}. " \
+            "Must be one of: #{Spurline::Security::Content::TRUST_LEVELS.inspect}."
+        end
+      end
+
+      def deep_freeze(obj)
+        case obj
+        when Hash
+          obj.each_with_object({}) { |(k, v), h| h[k.freeze] = deep_freeze(v) }.freeze
+        when Array
+          obj.map { |v| deep_freeze(v) }.freeze
+        when String
+          obj.dup.freeze
+        else
+          obj.freeze
+        end
+      end
+
+      def unfreeze_hash(obj)
+        case obj
+        when Hash
+          obj.each_with_object({}) { |(k, v), h| h[k] = unfreeze_hash(v) }
+        when Array
+          obj.map { |v| unfreeze_hash(v) }
+        else
+          obj
+        end
+      end
+
+      def self.symbolize_keys(hash)
+        return {} unless hash.is_a?(Hash)
+
+        hash.each_with_object({}) do |(k, v), h|
+          h[k.to_sym] = v.is_a?(Hash) ? symbolize_keys(v) : v
+        end
+      end
+    end
+  end
+end

data/lib/spurline/channels/github.rb

@@ -0,0 +1,205 @@
+# frozen_string_literal: true
+
+module Spurline
+  module Channels
+    # GitHub webhook channel. Parses issue_comment, pull_request_review_comment,
+    # and pull_request_review events. Routes to sessions whose metadata contains
+    # a matching channel_context.
+    #
+    # Session affinity is resolved by matching:
+    #   session.metadata[:channel_context] == { channel: :github, identifier: "owner/repo#123" }
+    #
+    # All GitHub webhook data enters at trust level :external.
+    class GitHub < Base
+      SUPPORTED_EVENTS = %i[
+        issue_comment
+        pull_request_review_comment
+        pull_request_review
+      ].freeze
+
+      # Maps GitHub webhook X-GitHub-Event header values to internal event types.
+      EVENT_MAP = {
+        "issue_comment" => :issue_comment,
+        "pull_request_review_comment" => :pull_request_review_comment,
+        "pull_request_review" => :pull_request_review,
+      }.freeze
+
+      attr_reader :store
+
+      def initialize(store:)
+        @store = store
+      end
+
+      def channel_name
+        :github
+      end
+
+      def supported_events
+        SUPPORTED_EVENTS
+      end
+
+      # Parses a GitHub webhook payload and routes to a matching session.
+      #
+      # @param payload [Hash] Parsed JSON body of the webhook
+      # @param headers [Hash] HTTP headers, expects "X-GitHub-Event" key
+      # @return [Spurline::Channels::Event, nil]
+      # ASYNC-READY:
+      def route(payload, headers: {})
+        event_header = headers["X-GitHub-Event"] || headers["x-github-event"]
+        return nil unless event_header
+
+        event_type = EVENT_MAP[event_header]
+        return nil unless event_type
+
+        action = payload_value(payload, :action)
+        return nil unless actionable?(event_type, action)
+
+        parsed = parse_event(event_type, payload)
+        return nil unless parsed
+
+        identifier = build_identifier(parsed)
+        session_id = find_session_by_context(identifier)
+
+        Event.new(
+          channel: :github,
+          event_type: event_type,
+          payload: parsed,
+          trust: :external,
+          session_id: session_id,
+          received_at: Time.now
+        )
+      end
+
+      private
+
+      # Determines if the action is one we care about.
+      def actionable?(event_type, action)
+        case event_type
+        when :issue_comment
+          %w[created edited].include?(action)
+        when :pull_request_review_comment
+          %w[created edited].include?(action)
+        when :pull_request_review
+          %w[submitted edited].include?(action)
+        else
+          false
+        end
+      end
+
+      # Extracts relevant fields from the webhook payload.
+      def parse_event(event_type, payload)
+        case event_type
+        when :issue_comment
+          parse_issue_comment(payload)
+        when :pull_request_review_comment
+          parse_pr_review_comment(payload)
+        when :pull_request_review
+          parse_pr_review(payload)
+        end
+      end
+
+      def parse_issue_comment(payload)
+        comment = payload_value(payload, :comment) || {}
+        issue = payload_value(payload, :issue) || {}
+        repo = payload_value(payload, :repository) || {}
+        pr = payload_value(issue, :pull_request)
+
+        # Only handle comments on pull requests, not issues
+        return nil unless pr
+
+        {
+          action: payload_value(payload, :action),
+          body: payload_value(comment, :body),
+          author: dig_value(comment, :user, :login),
+          pr_number: payload_value(issue, :number),
+          repo_full_name: payload_value(repo, :full_name),
+          comment_id: payload_value(comment, :id),
+          html_url: payload_value(comment, :html_url),
+        }
+      end
+
+      def parse_pr_review_comment(payload)
+        comment = payload_value(payload, :comment) || {}
+        pr = payload_value(payload, :pull_request) || {}
+        repo = payload_value(payload, :repository) || {}
+
+        {
+          action: payload_value(payload, :action),
+          body: payload_value(comment, :body),
+          author: dig_value(comment, :user, :login),
+          pr_number: payload_value(pr, :number),
+          repo_full_name: payload_value(repo, :full_name),
+          comment_id: payload_value(comment, :id),
+          path: payload_value(comment, :path),
+          diff_hunk: payload_value(comment, :diff_hunk),
+          html_url: payload_value(comment, :html_url),
+        }
+      end
+
+      def parse_pr_review(payload)
+        review = payload_value(payload, :review) || {}
+        pr = payload_value(payload, :pull_request) || {}
+        repo = payload_value(payload, :repository) || {}
+
+        {
+          action: payload_value(payload, :action),
+          body: payload_value(review, :body),
+          author: dig_value(review, :user, :login),
+          state: payload_value(review, :state),
+          pr_number: payload_value(pr, :number),
+          repo_full_name: payload_value(repo, :full_name),
+          review_id: payload_value(review, :id),
+          html_url: payload_value(review, :html_url),
+        }
+      end
+
+      # Builds the channel_context identifier string: "owner/repo#pr_number"
+      def build_identifier(parsed)
+        repo = parsed[:repo_full_name]
+        pr = parsed[:pr_number]
+        return nil unless repo && pr
+
+        "#{repo}##{pr}"
+      end
+
+      # Searches the session store for a suspended session with matching channel_context.
+      def find_session_by_context(identifier)
+        return nil unless identifier
+        return nil unless @store.respond_to?(:ids)
+
+        @store.ids.each do |id|
+          session = @store.load(id)
+          next unless session
+          next unless session.state == :suspended
+
+          context = session.metadata[:channel_context]
+          next unless context.is_a?(Hash)
+          next unless context[:channel]&.to_sym == :github
+          next unless context[:identifier] == identifier
+
+          return session.id
+        end
+
+        nil
+      end
+
+      # Safe hash value access supporting both symbol and string keys.
+      def payload_value(hash, key)
+        return nil unless hash.is_a?(Hash)
+
+        hash[key] || hash[key.to_s]
+      end
+
+      # Safe nested hash access.
+      def dig_value(hash, *keys)
+        result = hash
+        keys.each do |key|
+          return nil unless result.is_a?(Hash)
+
+          result = result[key] || result[key.to_s]
+        end
+        result
+      end
+    end
+  end
+end