@rigour-labs/core 1.6.0 → 2.0.0

package/src/gates/ast-handlers/universal.ts

@@ -0,0 +1,184 @@
+import * as _Parser from 'web-tree-sitter';
+const Parser = (_Parser as any).default || _Parser;
+import { ASTHandler, ASTHandlerContext } from './base.js';
+import { Failure } from '../../types/index.js';
+import path from 'path';
+import { fileURLToPath } from 'url';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+interface LanguageConfig {
+    grammarPath: string;
+    extensions: string[];
+    queries: {
+        methods: string;
+        parameters: string;
+        complexity: string; // Cyclomatic
+        nesting: string;    // For Cognitive Complexity
+        securitySinks?: string;
+        resourceLeaks?: string;
+        nPlusOne?: string;
+        ecosystemBlunders?: string;
+    }
+}
+
+export class UniversalASTHandler extends ASTHandler {
+    private parser?: any;
+    private languages: Record<string, LanguageConfig> = {
+        '.go': {
+            grammarPath: '../../vendor/grammars/tree-sitter-go.wasm',
+            extensions: ['.go'],
+            queries: {
+                complexity: '(if_statement) (for_statement) (select_statement) (case_clause)',
+                nesting: '(if_statement (block . (if_statement))) (for_statement (block . (for_statement)))',
+                parameters: '(parameter_list (parameter_declaration) @param)',
+                methods: '(method_declaration) @method (function_declaration) @method',
+                securitySinks: '(call_expression function: (selector_expression field: (field_identifier) @id (#match? @id "^(Command|exec|System)$")))',
+                ecosystemBlunders: '(if_statement !condition: (binary_expression left: (identifier) @err (#eq? @err "err")))' // Missing err check
+            }
+        },
+        '.py': {
+            grammarPath: '../../vendor/grammars/tree-sitter-python.wasm',
+            extensions: ['.py'],
+            queries: {
+                complexity: '(if_statement) (for_statement) (while_statement) (with_statement)',
+                nesting: '(if_statement (block (if_statement)))',
+                parameters: '(parameters (identifier) @param)',
+                methods: '(function_definition) @method',
+                securitySinks: '(call_expression function: (identifier) @func (#match? @func "^(eval|exec|os\\.system)$"))',
+                ecosystemBlunders: '(parameters (default_parameter value: (list) @mutable))' // Mutable default
+            }
+        },
+        '.java': {
+            grammarPath: '../../vendor/grammars/tree-sitter-java.wasm',
+            extensions: ['.java'],
+            queries: {
+                complexity: '(if_statement) (for_statement) (while_statement) (switch_label)',
+                nesting: '(if_statement (block (if_statement))) (for_statement (block (for_statement)))',
+                parameters: '(formal_parameters (formal_parameter) @param)',
+                methods: '(method_declaration) @method',
+                securitySinks: '(method_declaration (modifiers (native))) @native (method_invocation name: (identifier) @name (#match? @name "^(exec|System\\.load)$"))',
+                ecosystemBlunders: '(catch_clause body: (block . ))' // Empty catch
+            }
+        },
+        '.rs': {
+            grammarPath: '../../vendor/grammars/tree-sitter-rust.wasm',
+            extensions: ['.rs'],
+            queries: {
+                complexity: '(if_expression) (for_expression) (while_expression) (loop_expression) (match_arm)',
+                nesting: '(if_expression (block (if_expression))) (for_expression (block (for_expression)))',
+                parameters: '(parameters (parameter) @param)',
+                methods: '(impl_item (function_item)) @method (function_item) @method',
+                securitySinks: '(unsafe_block) @unsafe',
+                ecosystemBlunders: '(call_expression function: (field_expression field: (field_identifier) @id (#eq? @id "unwrap")))' // .unwrap()
+            }
+        },
+        '.cs': {
+            grammarPath: '../../vendor/grammars/tree-sitter-c_sharp.wasm',
+            extensions: ['.cs'],
+            queries: {
+                complexity: '(if_statement) (for_statement) (foreach_statement) (while_statement) (switch_section)',
+                nesting: '(if_statement (block (if_statement))) (for_statement (block (for_statement)))',
+                parameters: '(parameter_list (parameter) @param)',
+                methods: '(method_declaration) @method',
+                securitySinks: '(attribute name: (identifier) @attr (#eq? @attr "DllImport")) @violation'
+            }
+        },
+        '.cpp': {
+            grammarPath: '../../vendor/grammars/tree-sitter-cpp.wasm',
+            extensions: ['.cpp', '.cc', '.cxx', '.h', '.hpp'],
+            queries: {
+                complexity: '(if_statement) (for_statement) (while_statement) (case_statement)',
+                nesting: '(if_statement (compound_statement (if_statement)))',
+                parameters: '(parameter_list (parameter_declaration) @param)',
+                methods: '(function_definition) @method',
+                securitySinks: '(call_expression function: (identifier) @name (#match? @name "^(malloc|free|system|popen)$"))'
+            }
+        }
+    };
+
+    supports(file: string): boolean {
+        const ext = path.extname(file).toLowerCase();
+        return ext in this.languages;
+    }
+
+    async run(context: ASTHandlerContext): Promise<Failure[]> {
+        const failures: Failure[] = [];
+        const ext = path.extname(context.file).toLowerCase();
+        const config = this.languages[ext];
+        if (!config) return [];
+
+        if (!this.parser) {
+            await (Parser as any).init();
+            this.parser = new (Parser as any)();
+        }
+
+        try {
+            const Lang = await Parser.Language.load(path.resolve(__dirname, config.grammarPath));
+            this.parser.setLanguage(Lang);
+            const tree = this.parser.parse(context.content);
+            const astConfig = this.config.ast || {};
+
+            // 1. Structural Methods Audit
+            const methodQuery = (Lang as any).query(config.queries.methods);
+            const methodMatches = methodQuery.matches(tree.rootNode);
+
+            for (const match of methodMatches) {
+                for (const capture of match.captures) {
+                    const node = capture.node;
+                    const name = node.childForFieldName('name')?.text || 'anonymous';
+
+                    // SME: Cognitive Complexity (Nesting depth + Cyclomatic)
+                    const nesting = (Lang as any).query(config.queries.nesting).captures(node).length;
+                    const cyclomatic = (Lang as any).query(config.queries.complexity).captures(node).length + 1;
+                    const cognitive = cyclomatic + (nesting * 2);
+
+                    if (cognitive > (astConfig.complexity || 10)) {
+                        failures.push({
+                            id: 'SME_COGNITIVE_LOAD',
+                            title: `Method '${name}' has high cognitive load (${cognitive})`,
+                            details: `Deeply nested or complex logic detected in ${context.file}.`,
+                            files: [context.file],
+                            hint: `Flatten logical branches and extract nested loops.`
+                        });
+                    }
+                }
+            }
+
+            // 2. Security Sinks
+            if (config.queries.securitySinks) {
+                const securityQuery = (Lang as any).query(config.queries.securitySinks);
+                const sinks = securityQuery.captures(tree.rootNode);
+                for (const capture of sinks) {
+                    failures.push({
+                        id: 'SME_SECURITY_SINK',
+                        title: `Unsafe function call detected: ${capture.node.text}`,
+                        details: `Potentially dangerous execution in ${context.file}.`,
+                        files: [context.file],
+                        hint: `Avoid using shell execution or eval. Use safe alternatives.`
+                    });
+                }
+            }
+
+            // 3. Ecosystem Blunders
+            if (config.queries.ecosystemBlunders) {
+                const blunderQuery = (Lang as any).query(config.queries.ecosystemBlunders);
+                const blunders = blunderQuery.captures(tree.rootNode);
+                for (const capture of blunders) {
+                    failures.push({
+                        id: 'SME_BEST_PRACTICE',
+                        title: `Ecosystem anti-pattern detected`,
+                        details: `Violation of ${ext} best practices in ${context.file}.`,
+                        files: [context.file],
+                        hint: `Review language-specific best practices (e.g., error handling or mutable defaults).`
+                    });
+                }
+            }
+
+        } catch (e) {
+            // Parser skip
+        }
+
+        return failures;
+    }
+}

package/src/gates/ast.ts

@@ -1,150 +1,50 @@
-import ts from 'typescript';
 import fs from 'fs-extra';
 import path from 'path';
 import { globby } from 'globby';
 import { Gate, GateContext } from './base.js';
 import { Failure, Gates } from '../types/index.js';
-import micromatch from 'micromatch';
+import { ASTHandler } from './ast-handlers/base.js';
+import { TypeScriptHandler } from './ast-handlers/typescript.js';
+import { PythonHandler } from './ast-handlers/python.js';
+import { UniversalASTHandler } from './ast-handlers/universal.js';
 
 export class ASTGate extends Gate {
+    private handlers: ASTHandler[] = [];
+
     constructor(private config: Gates) {
         super('ast-analysis', 'AST Structural Analysis');
+        this.handlers.push(new TypeScriptHandler(config));
+        this.handlers.push(new PythonHandler(config));
+        this.handlers.push(new UniversalASTHandler(config));
     }
 
     async run(context: GateContext): Promise<Failure[]> {
         const failures: Failure[] = [];
-        const files = await globby(['**/*.{ts,js,tsx,jsx}'], {
+
+        // Find all supported files
+        const files = await globby(['**/*.{ts,js,tsx,jsx,py,go,rs,cs,java,rb,c,cpp,php,swift,kt}'], {
             cwd: context.cwd,
-            ignore: ['node_modules/**', 'dist/**', 'build/**', '**/*.test.*', '**/*.spec.*'],
+            ignore: ['node_modules/**', 'dist/**', 'build/**', '**/*.test.*', '**/*.spec.*', '**/__pycache__/**'],
         });
 
         for (const file of files) {
-            const fullPath = path.join(context.cwd, file);
-            const content = await fs.readFile(fullPath, 'utf-8');
-            const sourceFile = ts.createSourceFile(file, content, ts.ScriptTarget.Latest, true);
-
-            this.analyzeSourceFile(sourceFile, file, failures);
-        }
-
-        return failures;
-    }
+            const handler = this.handlers.find(h => h.supports(file));
+            if (!handler) continue;
 
-    private analyzeSourceFile(sourceFile: ts.SourceFile, relativePath: string, failures: Failure[]) {
-        const astConfig = this.config.ast || {};
-        const maxComplexity = astConfig.complexity || 10;
-        const maxMethods = astConfig.max_methods || 10;
-        const maxParams = astConfig.max_params || 5;
-
-        const visit = (node: ts.Node) => {
-            // 1. Complexity & Params for functions
-            if (ts.isFunctionDeclaration(node) || ts.isMethodDeclaration(node) || ts.isArrowFunction(node)) {
-                const name = this.getNodeName(node);
-
-                // Parameter count
-                if (node.parameters.length > maxParams) {
-                    failures.push(this.createFailure(
-                        `Function '${name}' has ${node.parameters.length} parameters (max: ${maxParams})`,
-                        [relativePath],
-                        `Reduce number of parameters or use an options object.`
-                    ));
-                    // Update: Failures in Runner will be mapped to FixPacket
-                    (failures[failures.length - 1] as any).metrics = { count: node.parameters.length, max: maxParams };
-                }
-
-                // Cyclomatic Complexity (Simplified: nodes that cause branching)
-                let complexity = 1;
-                const countComplexity = (n: ts.Node) => {
-                    if (ts.isIfStatement(n) || ts.isCaseClause(n) || ts.isDefaultClause(n) ||
-                        ts.isForStatement(n) || ts.isForInStatement(n) || ts.isForOfStatement(n) ||
-                        ts.isWhileStatement(n) || ts.isDoStatement(n) || ts.isConditionalExpression(n)) {
-                        complexity++;
-                    }
-                    if (ts.isBinaryExpression(n)) {
-                        if (n.operatorToken.kind === ts.SyntaxKind.AmpersandAmpersandToken ||
-                            n.operatorToken.kind === ts.SyntaxKind.BarBarToken) {
-                            complexity++;
-                        }
-                    }
-                    ts.forEachChild(n, countComplexity);
-                };
-                ts.forEachChild(node, countComplexity);
-
-                if (complexity > maxComplexity) {
-                    failures.push(this.createFailure(
-                        `Function '${name}' has cyclomatic complexity of ${complexity} (max: ${maxComplexity})`,
-                        [relativePath],
-                        `Refactor '${name}' into smaller, more focused functions.`
-                    ));
-                    (failures[failures.length - 1] as any).metrics = { complexity, max: maxComplexity };
-                }
-            }
-
-            // 2. Class metrics
-            if (ts.isClassDeclaration(node)) {
-                const name = node.name?.text || 'Anonymous Class';
-                const methods = node.members.filter(ts.isMethodDeclaration);
-
-                if (methods.length > maxMethods) {
-                    failures.push(this.createFailure(
-                        `Class '${name}' has ${methods.length} methods (max: ${maxMethods})`,
-                        [relativePath],
-                        `Class '${name}' is becoming a 'God Object'. Split it into smaller services.`
-                    ));
-                    (failures[failures.length - 1] as any).metrics = { methodCount: methods.length, max: maxMethods };
-                }
-            }
-
-            // 3. Import check for Layer Boundaries
-            if (ts.isImportDeclaration(node)) {
-                const importPath = (node.moduleSpecifier as ts.StringLiteral).text;
-                this.checkBoundary(importPath, relativePath, failures);
-            }
-
-            ts.forEachChild(node, visit);
-        };
-
-        ts.forEachChild(sourceFile, visit);
-    }
-
-    private checkBoundary(importPath: string, relativePath: string, failures: Failure[]) {
-        const boundaries = (this.config as any).architecture?.boundaries || [];
-        if (boundaries.length === 0) return;
-
-        for (const rule of boundaries) {
-            const isFromMatch = micromatch.isMatch(relativePath, rule.from);
-            if (isFromMatch) {
-                // Approximate resolution (simplified for now)
-                // Real implementation would need to handle alias and absolute path resolution
-                const resolved = importPath.startsWith('.')
-                    ? path.join(path.dirname(relativePath), importPath)
-                    : importPath;
-
-                const isToMatch = micromatch.isMatch(resolved, rule.to);
-
-                if (rule.mode === 'deny' && isToMatch) {
-                    failures.push(this.createFailure(
-                        `Architectural Violation: '${relativePath}' is forbidden from importing '${importPath}' (denied by boundary rule).`,
-                        [relativePath],
-                        `Remove this import to maintain architectural layering.`
-                    ));
-                } else if (rule.mode === 'allow' && !isToMatch && importPath.startsWith('.')) {
-                    // Complexity: Allow rules are trickier to implement strictly without full resolution
-                }
+            const fullPath = path.join(context.cwd, file);
+            try {
+                const content = await fs.readFile(fullPath, 'utf-8');
+                const gateFailures = await handler.run({
+                    cwd: context.cwd,
+                    file: file,
+                    content
+                });
+                failures.push(...gateFailures);
+            } catch (error: any) {
+                // Individual file read failures shouldn't crash the whole run
             }
         }
-    }
 
-    private getNodeName(node: ts.Node): string {
-        if (ts.isFunctionDeclaration(node) || ts.isMethodDeclaration(node)) {
-            return node.name?.getText() || 'anonymous';
-        }
-        if (ts.isArrowFunction(node)) {
-            const parent = node.parent;
-            if (ts.isVariableDeclaration(parent)) {
-                return parent.name.getText();
-            }
-            return 'anonymous arrow';
-        }
-        return 'unknown';
+        return failures;
     }
 }

package/src/gates/coverage.ts

@@ -0,0 +1,70 @@
+import fs from 'fs-extra';
+import path from 'path';
+import { Gate, GateContext } from './base.js';
+import { Failure, Gates } from '../types/index.js';
+import { globby } from 'globby';
+
+export class CoverageGate extends Gate {
+    constructor(private config: Gates) {
+        super('coverage-guard', 'Dynamic Coverage Guard');
+    }
+
+    async run(context: GateContext): Promise<Failure[]> {
+        const failures: Failure[] = [];
+
+        // 1. Locate coverage report (lcov.info is standard)
+        const reports = await globby(['**/lcov.info', '**/coverage-final.json'], {
+            cwd: context.cwd,
+            ignore: ['node_modules/**']
+        });
+
+        if (reports.length === 0) {
+            // If no reports found, and coverage is required, we could flag it.
+            // But for now, we'll just skip silently if not configured.
+            return [];
+        }
+
+        // 2. Parse coverage (Simplified LCOV parser for demonstration)
+        const coverageData = await this.parseLcov(path.join(context.cwd, reports[0]));
+
+        // 3. Quality Handshake: SME SME LOGIC
+        // We look for files that have high complexity but low coverage.
+        // In a real implementation, we would share data between ASTGate and CoverageGate.
+        // For this demo, we'll implement a standalone check.
+
+        for (const [file, stats] of Object.entries(coverageData)) {
+            const coverage = (stats.hit / stats.found) * 100;
+            const threshold = stats.isComplex ? 80 : 50; // SME logic: Complex files need higher coverage
+
+            if (coverage < threshold) {
+                failures.push({
+                    id: 'DYNAMIC_COVERAGE_LOW',
+                    title: `Low coverage for high-risk file: ${file}`,
+                    details: `Current coverage: ${coverage.toFixed(2)}%. Required: ${threshold}% due to structural risk.`,
+                    files: [file],
+                    hint: `Add dynamic tests to cover complex logical branches in this file.`
+                });
+            }
+        }
+
+        return failures;
+    }
+
+    private async parseLcov(reportPath: string): Promise<Record<string, { found: number, hit: number, isComplex: boolean }>> {
+        const content = await fs.readFile(reportPath, 'utf-8');
+        const results: Record<string, { found: number, hit: number, isComplex: boolean }> = {};
+        let currentFile = '';
+
+        for (const line of content.split('\n')) {
+            if (line.startsWith('SF:')) {
+                currentFile = line.substring(3);
+                results[currentFile] = { found: 0, hit: 0, isComplex: false };
+            } else if (line.startsWith('LF:')) {
+                results[currentFile].found = parseInt(line.substring(3));
+            } else if (line.startsWith('LH:')) {
+                results[currentFile].hit = parseInt(line.substring(3));
+            }
+        }
+        return results;
+    }
+}

package/src/gates/runner.ts

@@ -6,6 +6,7 @@ import { StructureGate } from './structure.js';
 import { ASTGate } from './ast.js';
 import { SafetyGate } from './safety.js';
 import { DependencyGate } from './dependency.js';
+import { CoverageGate } from './coverage.js';
 import { execa } from 'execa';
 import { Logger } from '../utils/logger.js';
 
@@ -32,6 +33,7 @@ export class GateRunner {
         this.gates.push(new ASTGate(this.config.gates));
         this.gates.push(new DependencyGate(this.config));
         this.gates.push(new SafetyGate(this.config.gates));
+        this.gates.push(new CoverageGate(this.config.gates));
     }
 
     /**
@@ -94,6 +96,7 @@ export class GateRunner {
         }
 
         const status: Status = failures.length > 0 ? 'FAIL' : 'PASS';
+        const score = Math.max(0, 100 - (failures.length * 5)); // Basic SME scoring logic
 
         return {
             status,
@@ -101,6 +104,7 @@ export class GateRunner {
             failures,
             stats: {
                 duration_ms: Date.now() - start,
+                score,
             },
         };
     }

package/src/types/index.ts

@@ -78,6 +78,7 @@ export const ReportSchema = z.object({
     failures: z.array(FailureSchema),
     stats: z.object({
         duration_ms: z.number(),
+        score: z.number().optional(),
     }),
 });
 export type Report = z.infer<typeof ReportSchema>;