@sentry/warden 0.0.0

package/src/output/github-issues.ts

@@ -0,0 +1,329 @@
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import type { Octokit } from '@octokit/rest';
+import type { SkillReport, Finding } from '../types/index.js';
+import { renderIssueBody, renderNoFindingsUpdate } from './issue-renderer.js';
+import { parsePatch } from '../diff/parser.js';
+
+export interface IssueResult {
+  issueNumber: number;
+  issueUrl: string;
+  created: boolean; // true if new, false if updated
+}
+
+export interface CreateIssueOptions {
+  title: string;
+  commitSha: string;
+}
+
+/**
+ * Create or update a GitHub issue with findings.
+ * Searches for existing open issue by title prefix, updates if found.
+ */
+export async function createOrUpdateIssue(
+  octokit: Octokit,
+  owner: string,
+  repo: string,
+  reports: SkillReport[],
+  options: CreateIssueOptions
+): Promise<IssueResult | null> {
+  const { title, commitSha } = options;
+  const allFindings = reports.flatMap((r) => r.findings);
+  const now = new Date();
+
+  // Search for existing open issue with matching title
+  const existingIssue = await findExistingIssue(octokit, owner, repo, title);
+
+  // Render the issue body
+  const body = allFindings.length > 0
+    ? renderIssueBody(reports, {
+        commitSha,
+        runTimestamp: now,
+        repoOwner: owner,
+        repoName: repo,
+      })
+    : renderNoFindingsUpdate(commitSha, now);
+
+  if (existingIssue) {
+    // Update existing issue
+    await octokit.issues.update({
+      owner,
+      repo,
+      issue_number: existingIssue.number,
+      body,
+    });
+
+    return {
+      issueNumber: existingIssue.number,
+      issueUrl: existingIssue.html_url,
+      created: false,
+    };
+  }
+
+  // Skip creating new issue if no findings
+  if (allFindings.length === 0) {
+    return null;
+  }
+
+  // Create new issue
+  const { data: newIssue } = await octokit.issues.create({
+    owner,
+    repo,
+    title,
+    body,
+  });
+
+  return {
+    issueNumber: newIssue.number,
+    issueUrl: newIssue.html_url,
+    created: true,
+  };
+}
+
+async function findExistingIssue(
+  octokit: Octokit,
+  owner: string,
+  repo: string,
+  title: string
+): Promise<{ number: number; html_url: string } | null> {
+  try {
+    // Search for open issues with exact title match
+    const { data: issues } = await octokit.issues.listForRepo({
+      owner,
+      repo,
+      state: 'open',
+      per_page: 100,
+    });
+
+    const matching = issues.find((issue) => issue.title === title);
+    return matching ? { number: matching.number, html_url: matching.html_url } : null;
+  } catch {
+    return null;
+  }
+}
+
+export interface FixPRResult {
+  prNumber: number;
+  prUrl: string;
+  branch: string;
+  fixCount: number;
+}
+
+export interface CreateFixPROptions {
+  branchPrefix: string;
+  baseBranch: string;
+  baseSha: string;
+  repoPath: string;
+  triggerName: string;
+}
+
+/**
+ * Create a PR with fixes applied.
+ * Uses GitHub Git API to create branch, apply changes, and open PR.
+ */
+export async function createFixPR(
+  octokit: Octokit,
+  owner: string,
+  repo: string,
+  findings: Finding[],
+  options: CreateFixPROptions
+): Promise<FixPRResult | null> {
+  const { branchPrefix, baseBranch, baseSha, repoPath, triggerName } = options;
+
+  // Collect fixable findings (have suggestedFix.diff and location.path)
+  const fixable = findings.filter(
+    (f) => f.suggestedFix?.diff && f.location?.path
+  );
+
+  if (fixable.length === 0) {
+    return null;
+  }
+
+  // Group fixes by file
+  const fixesByFile = new Map<string, Finding[]>();
+  for (const finding of fixable) {
+    // We know location exists because of the filter above
+    const path = finding.location?.path;
+    if (!path) continue;
+    const existing = fixesByFile.get(path) ?? [];
+    existing.push(finding);
+    fixesByFile.set(path, existing);
+  }
+
+  // Generate branch name with timestamp
+  const timestamp = Date.now();
+  const safeTriggerName = triggerName.replace(/[^a-zA-Z0-9-]/g, '-');
+  const branchName = `${branchPrefix}/${safeTriggerName}-${timestamp}`;
+
+  // Apply fixes and create blobs for modified files
+  const treeItems: {
+    path: string;
+    mode: '100644';
+    type: 'blob';
+    sha: string;
+  }[] = [];
+
+  let fixCount = 0;
+
+  for (const [filePath, fileFindings] of fixesByFile) {
+    try {
+      // Read current file content
+      const fullPath = join(repoPath, filePath);
+      let content = readFileSync(fullPath, 'utf-8');
+
+      // Sort findings by line number descending to apply from bottom to top
+      const sortedFindings = [...fileFindings].sort((a, b) => {
+        const aLine = a.location?.startLine ?? 0;
+        const bLine = b.location?.startLine ?? 0;
+        return bLine - aLine;
+      });
+
+      // Apply each fix
+      for (const finding of sortedFindings) {
+        const diff = finding.suggestedFix?.diff;
+        if (!diff) continue;
+        try {
+          content = applyDiffToContent(content, diff);
+          fixCount++;
+        } catch (err) {
+          console.error(`Failed to apply fix for ${finding.title}: ${err}`);
+        }
+      }
+
+      // Create blob with modified content
+      const { data: blob } = await octokit.git.createBlob({
+        owner,
+        repo,
+        content: Buffer.from(content).toString('base64'),
+        encoding: 'base64',
+      });
+
+      treeItems.push({
+        path: filePath,
+        mode: '100644',
+        type: 'blob',
+        sha: blob.sha,
+      });
+    } catch (err) {
+      console.error(`Failed to process fixes for ${filePath}: ${err}`);
+    }
+  }
+
+  if (treeItems.length === 0 || fixCount === 0) {
+    return null;
+  }
+
+  // Create tree with new blobs
+  const { data: tree } = await octokit.git.createTree({
+    owner,
+    repo,
+    base_tree: baseSha,
+    tree: treeItems,
+  });
+
+  // Create commit
+  const { data: commit } = await octokit.git.createCommit({
+    owner,
+    repo,
+    message: `fix: Apply ${fixCount} automated ${fixCount === 1 ? 'fix' : 'fixes'} from Warden\n\nTrigger: ${triggerName}\n\nCo-Authored-By: Warden <noreply@getsentry.com>`,
+    tree: tree.sha,
+    parents: [baseSha],
+  });
+
+  // Create branch
+  await octokit.git.createRef({
+    owner,
+    repo,
+    ref: `refs/heads/${branchName}`,
+    sha: commit.sha,
+  });
+
+  // Create PR
+  const { data: pr } = await octokit.pulls.create({
+    owner,
+    repo,
+    title: `fix: Warden automated fixes for ${triggerName}`,
+    head: branchName,
+    base: baseBranch,
+    body: [
+      '## Summary',
+      '',
+      `This PR contains ${fixCount} automated ${fixCount === 1 ? 'fix' : 'fixes'} generated by Warden.`,
+      '',
+      '### Applied Fixes',
+      '',
+      ...fixable.map((f) => {
+        const path = f.location?.path ?? 'unknown';
+        const line = f.location?.startLine ?? 0;
+        return `- **${f.title}** (${path}:${line})`;
+      }),
+      '',
+      '---',
+      '*Generated by [Warden](https://github.com/getsentry/warden)*',
+    ].join('\n'),
+  });
+
+  return {
+    prNumber: pr.number,
+    prUrl: pr.html_url,
+    branch: branchName,
+    fixCount,
+  };
+}
+
+/**
+ * Apply a unified diff to file content.
+ * Returns the modified content.
+ */
+function applyDiffToContent(content: string, diff: string): string {
+  const hunks = parsePatch(diff);
+  if (hunks.length === 0) {
+    throw new Error('No valid hunks found in diff');
+  }
+
+  const lines = content.split('\n');
+
+  // Sort hunks by oldStart in descending order to apply from bottom to top
+  const sortedHunks = [...hunks].sort((a, b) => b.oldStart - a.oldStart);
+
+  for (const hunk of sortedHunks) {
+    // Parse hunk lines into operations
+    const oldLines: string[] = [];
+    const newLines: string[] = [];
+
+    for (const line of hunk.lines) {
+      if (line.startsWith('-')) {
+        oldLines.push(line.slice(1));
+      } else if (line.startsWith('+')) {
+        newLines.push(line.slice(1));
+      } else if (line.startsWith(' ') || line === '') {
+        // Context line - should match in both
+        const contextLine = line.startsWith(' ') ? line.slice(1) : line;
+        oldLines.push(contextLine);
+        newLines.push(contextLine);
+      }
+    }
+
+    // The start index is 0-based (hunk.oldStart is 1-based)
+    const startIndex = hunk.oldStart - 1;
+
+    // Verify the old lines match (context check)
+    for (let i = 0; i < oldLines.length; i++) {
+      const lineIndex = startIndex + i;
+      if (lineIndex >= lines.length) {
+        throw new Error(`Hunk context mismatch: line ${lineIndex + 1} doesn't exist`);
+      }
+      if (lines[lineIndex] !== oldLines[i]) {
+        throw new Error(
+          `Hunk context mismatch at line ${lineIndex + 1}: ` +
+          `expected "${oldLines[i]}", got "${lines[lineIndex]}"`
+        );
+      }
+    }
+
+    // Replace the old lines with new lines
+    lines.splice(startIndex, oldLines.length, ...newLines);
+  }
+
+  return lines.join('\n');
+}

package/src/output/index.ts

@@ -0,0 +1,5 @@
+export * from './types.js';
+export * from './renderer.js';
+export * from './issue-renderer.js';
+export * from './github-issues.js';
+export * from './github-checks.js';

package/src/output/issue-renderer.ts

@@ -0,0 +1,197 @@
+import { SEVERITY_ORDER } from '../types/index.js';
+import type { SkillReport, Finding, Severity } from '../types/index.js';
+import { countBySeverity } from '../cli/output/formatters.js';
+import { escapeHtml } from '../utils/index.js';
+
+const SEVERITY_EMOJI: Record<Severity, string> = {
+  critical: ':rotating_light:',
+  high: ':warning:',
+  medium: ':orange_circle:',
+  low: ':large_blue_circle:',
+  info: ':information_source:',
+};
+
+export interface IssueRenderOptions {
+  /** Commit SHA for linking to code */
+  commitSha: string;
+  /** When the scan was run */
+  runTimestamp: Date;
+  /** Repository owner for constructing file links */
+  repoOwner?: string;
+  /** Repository name for constructing file links */
+  repoName?: string;
+}
+
+/**
+ * Render skill reports as a GitHub issue body.
+ */
+export function renderIssueBody(
+  reports: SkillReport[],
+  options: IssueRenderOptions
+): string {
+  const { commitSha, runTimestamp, repoOwner, repoName } = options;
+  const lines: string[] = [];
+
+  // Header with timestamp and commit
+  const shortSha = commitSha.slice(0, 7);
+  const timestamp = runTimestamp.toISOString();
+
+  lines.push('## Warden Scheduled Scan Results');
+  lines.push('');
+  lines.push(`**Run:** ${timestamp}`);
+  lines.push(`**Commit:** \`${shortSha}\``);
+  lines.push('');
+
+  // Collect all findings
+  const allFindings = reports.flatMap((r) => r.findings);
+
+  if (allFindings.length === 0) {
+    lines.push(':white_check_mark: **No issues found**');
+    lines.push('');
+    lines.push('The scheduled scan completed without finding any issues.');
+    lines.push('');
+    lines.push('---');
+    lines.push('*Generated by [Warden](https://github.com/getsentry/warden)*');
+    return lines.join('\n');
+  }
+
+  // Severity summary table
+  const counts = countBySeverity(allFindings);
+  lines.push('### Summary');
+  lines.push('');
+  lines.push('| Severity | Count |');
+  lines.push('|----------|-------|');
+
+  for (const severity of ['critical', 'high', 'medium', 'low', 'info'] as Severity[]) {
+    if (counts[severity] > 0) {
+      lines.push(`| ${SEVERITY_EMOJI[severity]} ${severity} | ${counts[severity]} |`);
+    }
+  }
+  lines.push('');
+
+  // Findings grouped by file
+  lines.push('### Findings');
+  lines.push('');
+
+  // Sort findings by severity, then by file
+  const sortedFindings = [...allFindings].sort((a, b) => {
+    const severityDiff = SEVERITY_ORDER[a.severity] - SEVERITY_ORDER[b.severity];
+    if (severityDiff !== 0) return severityDiff;
+    const aPath = a.location?.path ?? '';
+    const bPath = b.location?.path ?? '';
+    return aPath.localeCompare(bPath);
+  });
+
+  const byFile = groupFindingsByFile(sortedFindings);
+  const canLink = repoOwner && repoName;
+
+  for (const [file, fileFindings] of Object.entries(byFile)) {
+    if (canLink) {
+      lines.push(`#### [\`${file}\`](https://github.com/${repoOwner}/${repoName}/blob/${commitSha}/${file})`);
+    } else {
+      lines.push(`#### \`${file}\``);
+    }
+    lines.push('');
+
+    for (const finding of fileFindings) {
+      lines.push(renderFindingItem(finding, { commitSha, repoOwner, repoName }));
+    }
+    lines.push('');
+  }
+
+  // General findings (no location)
+  const noLocation = sortedFindings.filter((f) => !f.location);
+  if (noLocation.length > 0) {
+    lines.push('#### General');
+    lines.push('');
+    for (const finding of noLocation) {
+      lines.push(renderFindingItem(finding, { commitSha, repoOwner, repoName }));
+    }
+    lines.push('');
+  }
+
+  // Per-skill summaries if multiple skills
+  if (reports.length > 1) {
+    lines.push('### Skill Summaries');
+    lines.push('');
+    for (const report of reports) {
+      lines.push(`**${report.skill}:** ${escapeHtml(report.summary)}`);
+      lines.push('');
+    }
+  }
+
+  // Footer
+  lines.push('---');
+  lines.push('*Generated by [Warden](https://github.com/getsentry/warden)*');
+
+  return lines.join('\n');
+}
+
+function groupFindingsByFile(findings: Finding[]): Record<string, Finding[]> {
+  const groups: Record<string, Finding[]> = {};
+  for (const finding of findings) {
+    if (finding.location) {
+      const path = finding.location.path;
+      groups[path] ??= [];
+      groups[path].push(finding);
+    }
+  }
+  return groups;
+}
+
+function formatLineRange(loc: { startLine: number; endLine?: number }): string {
+  if (loc.endLine && loc.endLine !== loc.startLine) {
+    return `L${loc.startLine}-L${loc.endLine}`;
+  }
+  return `L${loc.startLine}`;
+}
+
+interface LinkContext {
+  commitSha: string;
+  repoOwner?: string;
+  repoName?: string;
+}
+
+function renderFindingItem(finding: Finding, ctx: LinkContext): string {
+  const { commitSha, repoOwner, repoName } = ctx;
+  const canLink = repoOwner && repoName && finding.location;
+
+  let locationStr = '';
+  if (finding.location) {
+    const lineRange = formatLineRange(finding.location);
+    if (canLink) {
+      const lineAnchor = finding.location.endLine
+        ? `L${finding.location.startLine}-L${finding.location.endLine}`
+        : `L${finding.location.startLine}`;
+      locationStr = ` ([${lineRange}](https://github.com/${repoOwner}/${repoName}/blob/${commitSha}/${finding.location.path}#${lineAnchor}))`;
+    } else {
+      locationStr = ` (${lineRange})`;
+    }
+  }
+
+  let line = `- ${SEVERITY_EMOJI[finding.severity]} **${escapeHtml(finding.title)}**${locationStr}`;
+  line += `\n  ${escapeHtml(finding.description)}`;
+
+  if (finding.suggestedFix) {
+    line += `\n  *Suggested fix:* ${escapeHtml(finding.suggestedFix.description)}`;
+  }
+
+  return line;
+}
+
+/**
+ * Render a brief status update for when no new findings are found.
+ */
+export function renderNoFindingsUpdate(commitSha: string, runTimestamp: Date): string {
+  const shortSha = commitSha.slice(0, 7);
+  const timestamp = runTimestamp.toISOString();
+
+  return [
+    '## Latest Scan: No Issues Found',
+    '',
+    `:white_check_mark: Scan completed at ${timestamp} (commit \`${shortSha}\`) with no issues.`,
+    '',
+    '---',
+    '*Generated by [Warden](https://github.com/getsentry/warden)*',
+  ].join('\n');
+}