@sentry/warden 0.0.0

package/src/output/renderer.ts

@@ -0,0 +1,217 @@
+import { SEVERITY_ORDER, filterFindingsBySeverity } from '../types/index.js';
+import type { SkillReport, Finding, Severity } from '../types/index.js';
+import type { RenderResult, RenderOptions, GitHubReview, GitHubComment } from './types.js';
+import { formatStatsCompact, countBySeverity, pluralize } from '../cli/output/formatters.js';
+import { generateContentHash, generateMarker } from './dedup.js';
+import { escapeHtml } from '../utils/index.js';
+
+const SEVERITY_EMOJI: Record<Severity, string> = {
+  critical: ':rotating_light:',
+  high: ':warning:',
+  medium: ':orange_circle:',
+  low: ':large_blue_circle:',
+  info: ':information_source:',
+};
+
+export function renderSkillReport(report: SkillReport, options: RenderOptions = {}): RenderResult {
+  const { includeSuggestions = true, maxFindings, groupByFile = true, commentOn, checkRunUrl, totalFindings } = options;
+
+  // Filter by commentOn threshold first, then apply maxFindings limit
+  const filteredFindings = filterFindingsBySeverity(report.findings, commentOn);
+  const findings = maxFindings ? filteredFindings.slice(0, maxFindings) : filteredFindings;
+  const sortedFindings = [...findings].sort(
+    (a, b) => SEVERITY_ORDER[a.severity] - SEVERITY_ORDER[b.severity]
+  );
+
+  // Calculate how many findings were filtered out
+  const total = totalFindings ?? report.findings.length;
+  const hiddenCount = total - sortedFindings.length;
+
+  const review = renderReview(sortedFindings, report, includeSuggestions);
+  const summaryComment = renderSummaryComment(report, sortedFindings, groupByFile, checkRunUrl, hiddenCount);
+
+  return { review, summaryComment };
+}
+
+function renderReview(
+  findings: Finding[],
+  report: SkillReport,
+  includeSuggestions: boolean
+): GitHubReview | undefined {
+  const findingsWithLocation = findings.filter((f) => f.location);
+
+  if (findingsWithLocation.length === 0) {
+    return undefined;
+  }
+
+  const comments: GitHubComment[] = findingsWithLocation.map((finding) => {
+    const location = finding.location;
+    if (!location) {
+      throw new Error('Unexpected: finding without location in filtered list');
+    }
+    const confidenceNote = finding.confidence ? ` (${finding.confidence} confidence)` : '';
+    let body = `**${SEVERITY_EMOJI[finding.severity]} ${escapeHtml(finding.title)}**${confidenceNote}\n\n${escapeHtml(finding.description)}`;
+
+    if (includeSuggestions && finding.suggestedFix) {
+      body += `\n\n${renderSuggestion(finding.suggestedFix.description, finding.suggestedFix.diff)}`;
+    }
+
+    // Add attribution footnote
+    body += `\n\n---\n<sub>warden: ${report.skill}</sub>`;
+
+    // Add deduplication marker
+    const contentHash = generateContentHash(finding.title, finding.description);
+    const line = location.endLine ?? location.startLine;
+    body += `\n${generateMarker(location.path, line, contentHash)}`;
+
+    const isMultiLine = location.endLine && location.startLine !== location.endLine;
+
+    return {
+      body,
+      path: location.path,
+      line: location.endLine ?? location.startLine,
+      side: 'RIGHT' as const,
+      start_line: isMultiLine ? location.startLine : undefined,
+      start_side: isMultiLine ? ('RIGHT' as const) : undefined,
+    };
+  });
+
+  const hasBlockingSeverity = findings.some(
+    (f) => f.severity === 'critical' || f.severity === 'high'
+  );
+  const event: GitHubReview['event'] = hasBlockingSeverity ? 'REQUEST_CHANGES' : 'COMMENT';
+
+  return {
+    event,
+    body: '',
+    comments,
+  };
+}
+
+function renderSuggestion(description: string, diff: string): string {
+  const suggestionLines = diff
+    .split('\n')
+    .filter((line) => line.startsWith('+') && !line.startsWith('+++'))
+    .map((line) => line.slice(1));
+
+  if (suggestionLines.length === 0) {
+    return `**Suggested fix:** ${escapeHtml(description)}`;
+  }
+
+  return `**Suggested fix:** ${escapeHtml(description)}\n\n\`\`\`suggestion\n${suggestionLines.join('\n')}\n\`\`\``;
+}
+
+function renderHiddenFindingsLink(hiddenCount: number, checkRunUrl: string): string {
+  return `[View ${hiddenCount} additional ${pluralize(hiddenCount, 'finding')} in Checks](${checkRunUrl})`;
+}
+
+function renderSummaryComment(
+  report: SkillReport,
+  findings: Finding[],
+  groupByFile: boolean,
+  checkRunUrl?: string,
+  hiddenCount?: number
+): string {
+  const lines: string[] = [];
+
+  lines.push(`## ${report.skill}`);
+  lines.push('');
+  lines.push(escapeHtml(report.summary));
+  lines.push('');
+
+  if (findings.length === 0) {
+    lines.push('No findings to report.');
+    // Add link to full report if there are hidden findings
+    if (hiddenCount && hiddenCount > 0 && checkRunUrl) {
+      lines.push('');
+      lines.push(renderHiddenFindingsLink(hiddenCount, checkRunUrl));
+    }
+    // Add stats footer even when there are no findings
+    const statsLine = formatStatsCompact(report.durationMs, report.usage);
+    if (statsLine) {
+      lines.push('', '---', `<sub>${statsLine}</sub>`);
+    }
+    return lines.join('\n');
+  }
+
+  const counts = countBySeverity(findings);
+  lines.push('### Summary');
+  lines.push('');
+  lines.push(
+    `| Severity | Count |
+|----------|-------|
+${Object.entries(counts)
+  .filter(([, count]) => count > 0)
+  .sort(([a], [b]) => SEVERITY_ORDER[a as Severity] - SEVERITY_ORDER[b as Severity])
+  .map(([severity, count]) => `| ${SEVERITY_EMOJI[severity as Severity]} ${severity} | ${count} |`)
+  .join('\n')}`
+  );
+  lines.push('');
+
+  lines.push('### Findings');
+  lines.push('');
+
+  if (groupByFile) {
+    const byFile = groupFindingsByFile(findings);
+    for (const [file, fileFindings] of Object.entries(byFile)) {
+      lines.push(`#### \`${file}\``);
+      lines.push('');
+      for (const finding of fileFindings) {
+        lines.push(renderFindingItem(finding));
+      }
+      lines.push('');
+    }
+
+    const noLocation = findings.filter((f) => !f.location);
+    if (noLocation.length > 0) {
+      lines.push('#### General');
+      lines.push('');
+      for (const finding of noLocation) {
+        lines.push(renderFindingItem(finding));
+      }
+    }
+  } else {
+    for (const finding of findings) {
+      lines.push(renderFindingItem(finding));
+    }
+  }
+
+  // Add link to full report if there are hidden findings
+  if (hiddenCount && hiddenCount > 0 && checkRunUrl) {
+    lines.push('');
+    lines.push(renderHiddenFindingsLink(hiddenCount, checkRunUrl));
+  }
+
+  // Add stats footer
+  const statsLine = formatStatsCompact(report.durationMs, report.usage);
+  if (statsLine) {
+    lines.push('', '---', `<sub>${statsLine}</sub>`);
+  }
+
+  return lines.join('\n');
+}
+
+function formatLineRange(loc: { startLine: number; endLine?: number }): string {
+  if (loc.endLine) {
+    return `L${loc.startLine}-${loc.endLine}`;
+  }
+  return `L${loc.startLine}`;
+}
+
+function renderFindingItem(finding: Finding): string {
+  const location = finding.location ? ` (${formatLineRange(finding.location)})` : '';
+  const confidence = finding.confidence ? ` [${finding.confidence} confidence]` : '';
+  return `- ${SEVERITY_EMOJI[finding.severity]} **${escapeHtml(finding.title)}**${location}${confidence}: ${escapeHtml(finding.description)}`;
+}
+
+function groupFindingsByFile(findings: Finding[]): Record<string, Finding[]> {
+  const groups: Record<string, Finding[]> = {};
+  for (const finding of findings) {
+    if (finding.location) {
+      const path = finding.location.path;
+      groups[path] ??= [];
+      groups[path].push(finding);
+    }
+  }
+  return groups;
+}

package/src/output/stale.test.ts

@@ -0,0 +1,375 @@
+import { describe, it, expect } from 'vitest';
+import { buildAnalyzedScope, isInAnalyzedScope, findStaleComments } from './stale.js';
+import { generateContentHash } from './dedup.js';
+import type { ExistingComment } from './dedup.js';
+import type { Finding, FileChange } from '../types/index.js';
+
+describe('buildAnalyzedScope', () => {
+  it('creates scope from file changes', () => {
+    const files: FileChange[] = [
+      { filename: 'src/db.ts', status: 'modified', additions: 10, deletions: 5 },
+      { filename: 'src/api.ts', status: 'added', additions: 50, deletions: 0 },
+    ];
+
+    const scope = buildAnalyzedScope(files);
+    expect(scope.files.has('src/db.ts')).toBe(true);
+    expect(scope.files.has('src/api.ts')).toBe(true);
+    expect(scope.files.has('src/other.ts')).toBe(false);
+  });
+
+  it('handles empty file list', () => {
+    const scope = buildAnalyzedScope([]);
+    expect(scope.files.size).toBe(0);
+  });
+});
+
+describe('isInAnalyzedScope', () => {
+  const scope = buildAnalyzedScope([
+    { filename: 'src/db.ts', status: 'modified', additions: 10, deletions: 5 },
+    { filename: 'src/api.ts', status: 'added', additions: 50, deletions: 0 },
+  ]);
+
+  it('returns true for comment on analyzed file', () => {
+    const comment: ExistingComment = {
+      id: 1,
+      path: 'src/db.ts',
+      line: 42,
+      title: 'SQL Injection',
+      description: 'User input passed to query',
+      contentHash: 'abc12345',
+      threadId: 'thread-1',
+    };
+
+    expect(isInAnalyzedScope(comment, scope)).toBe(true);
+  });
+
+  it('returns false for comment on non-analyzed file', () => {
+    const comment: ExistingComment = {
+      id: 2,
+      path: 'src/other.ts',
+      line: 100,
+      title: 'Some Issue',
+      description: 'Description',
+      contentHash: 'def67890',
+      threadId: 'thread-2',
+    };
+
+    expect(isInAnalyzedScope(comment, scope)).toBe(false);
+  });
+});
+
+describe('findStaleComments', () => {
+  const scope = buildAnalyzedScope([
+    { filename: 'src/db.ts', status: 'modified', additions: 10, deletions: 5 },
+    { filename: 'src/api.ts', status: 'added', additions: 50, deletions: 0 },
+  ]);
+
+  it('returns empty array when no existing comments', () => {
+    const findings: Finding[] = [
+      {
+        id: 'f1',
+        severity: 'high',
+        title: 'SQL Injection',
+        description: 'User input passed to query',
+        location: { path: 'src/db.ts', startLine: 42 },
+      },
+    ];
+
+    const stale = findStaleComments([], findings, scope);
+    expect(stale).toHaveLength(0);
+  });
+
+  it('returns empty array when all comments have matching findings', () => {
+    const comments: ExistingComment[] = [
+      {
+        id: 1,
+        path: 'src/db.ts',
+        line: 42,
+        title: 'SQL Injection',
+        description: 'User input passed to query',
+        contentHash: generateContentHash('SQL Injection', 'User input passed to query'),
+        threadId: 'thread-1',
+      },
+    ];
+
+    const findings: Finding[] = [
+      {
+        id: 'f1',
+        severity: 'high',
+        title: 'SQL Injection',
+        description: 'User input passed to query',
+        location: { path: 'src/db.ts', startLine: 42 },
+      },
+    ];
+
+    const stale = findStaleComments(comments, findings, scope);
+    expect(stale).toHaveLength(0);
+  });
+
+  it('identifies stale comment when finding is removed', () => {
+    const comments: ExistingComment[] = [
+      {
+        id: 1,
+        path: 'src/db.ts',
+        line: 42,
+        title: 'SQL Injection',
+        description: 'User input passed to query',
+        contentHash: generateContentHash('SQL Injection', 'User input passed to query'),
+        threadId: 'thread-1',
+      },
+    ];
+
+    // No matching findings - the issue was fixed
+    const findings: Finding[] = [];
+
+    const stale = findStaleComments(comments, findings, scope);
+    expect(stale).toHaveLength(1);
+    expect(stale[0]!.id).toBe(1);
+  });
+
+  it('skips comments without threadId', () => {
+    const comments: ExistingComment[] = [
+      {
+        id: 1,
+        path: 'src/db.ts',
+        line: 42,
+        title: 'SQL Injection',
+        description: 'User input passed to query',
+        contentHash: generateContentHash('SQL Injection', 'User input passed to query'),
+        // No threadId
+      },
+    ];
+
+    const findings: Finding[] = [];
+
+    const stale = findStaleComments(comments, findings, scope);
+    expect(stale).toHaveLength(0);
+  });
+
+  it('skips already-resolved comments', () => {
+    const comments: ExistingComment[] = [
+      {
+        id: 1,
+        path: 'src/db.ts',
+        line: 42,
+        title: 'SQL Injection',
+        description: 'User input passed to query',
+        contentHash: generateContentHash('SQL Injection', 'User input passed to query'),
+        threadId: 'thread-1',
+        isResolved: true, // Already resolved by user
+      },
+    ];
+
+    const findings: Finding[] = [];
+
+    const stale = findStaleComments(comments, findings, scope);
+    expect(stale).toHaveLength(0);
+  });
+
+  it('marks comments on files not in analyzed scope as orphaned', () => {
+    const comments: ExistingComment[] = [
+      {
+        id: 1,
+        path: 'src/other.ts', // Not in scope - orphaned (file renamed, reverted, etc.)
+        line: 42,
+        title: 'Some Issue',
+        description: 'Description',
+        contentHash: 'abc12345',
+        threadId: 'thread-1',
+      },
+    ];
+
+    const findings: Finding[] = [];
+
+    const stale = findStaleComments(comments, findings, scope);
+    expect(stale).toHaveLength(1);
+    expect(stale[0]!.id).toBe(1);
+  });
+
+  it('matches findings within 5 lines of comment', () => {
+    const comments: ExistingComment[] = [
+      {
+        id: 1,
+        path: 'src/db.ts',
+        line: 42,
+        title: 'SQL Injection',
+        description: 'User input passed to query',
+        contentHash: generateContentHash('SQL Injection', 'User input passed to query'),
+        threadId: 'thread-1',
+      },
+    ];
+
+    // Finding at line 45 (3 lines away) - should still match
+    const findings: Finding[] = [
+      {
+        id: 'f1',
+        severity: 'high',
+        title: 'SQL Injection',
+        description: 'User input passed to query',
+        location: { path: 'src/db.ts', startLine: 45 },
+      },
+    ];
+
+    const stale = findStaleComments(comments, findings, scope);
+    expect(stale).toHaveLength(0);
+  });
+
+  it('does not match findings more than 5 lines away', () => {
+    const comments: ExistingComment[] = [
+      {
+        id: 1,
+        path: 'src/db.ts',
+        line: 42,
+        title: 'SQL Injection',
+        description: 'User input passed to query',
+        contentHash: generateContentHash('SQL Injection', 'User input passed to query'),
+        threadId: 'thread-1',
+      },
+    ];
+
+    // Finding at line 50 (8 lines away) - should not match
+    const findings: Finding[] = [
+      {
+        id: 'f1',
+        severity: 'high',
+        title: 'SQL Injection',
+        description: 'User input passed to query',
+        location: { path: 'src/db.ts', startLine: 50 },
+      },
+    ];
+
+    const stale = findStaleComments(comments, findings, scope);
+    expect(stale).toHaveLength(1);
+  });
+
+  it('matches by title when content hash differs slightly', () => {
+    const comments: ExistingComment[] = [
+      {
+        id: 1,
+        path: 'src/db.ts',
+        line: 42,
+        title: 'SQL Injection',
+        description: 'User input passed to query',
+        contentHash: generateContentHash('SQL Injection', 'User input passed to query'),
+        threadId: 'thread-1',
+      },
+    ];
+
+    // Same title but slightly different description
+    const findings: Finding[] = [
+      {
+        id: 'f1',
+        severity: 'high',
+        title: 'SQL Injection',
+        description: 'User input is passed directly to the database query',
+        location: { path: 'src/db.ts', startLine: 42 },
+      },
+    ];
+
+    const stale = findStaleComments(comments, findings, scope);
+    expect(stale).toHaveLength(0);
+  });
+
+  it('handles multiple comments and findings correctly', () => {
+    const comments: ExistingComment[] = [
+      {
+        id: 1,
+        path: 'src/db.ts',
+        line: 42,
+        title: 'SQL Injection',
+        description: 'User input passed to query',
+        contentHash: generateContentHash('SQL Injection', 'User input passed to query'),
+        threadId: 'thread-1',
+      },
+      {
+        id: 2,
+        path: 'src/api.ts',
+        line: 100,
+        title: 'Missing Error Handling',
+        description: 'No try-catch block',
+        contentHash: generateContentHash('Missing Error Handling', 'No try-catch block'),
+        threadId: 'thread-2',
+      },
+      {
+        id: 3,
+        path: 'src/db.ts',
+        line: 80,
+        title: 'XSS Vulnerability',
+        description: 'Unescaped output',
+        contentHash: generateContentHash('XSS Vulnerability', 'Unescaped output'),
+        threadId: 'thread-3',
+      },
+    ];
+
+    // Only SQL Injection still exists, others were fixed
+    const findings: Finding[] = [
+      {
+        id: 'f1',
+        severity: 'high',
+        title: 'SQL Injection',
+        description: 'User input passed to query',
+        location: { path: 'src/db.ts', startLine: 42 },
+      },
+    ];
+
+    const stale = findStaleComments(comments, findings, scope);
+    expect(stale).toHaveLength(2);
+    expect(stale.map((c) => c.id).sort()).toEqual([2, 3]);
+  });
+
+  it('does not match findings in different files', () => {
+    const comments: ExistingComment[] = [
+      {
+        id: 1,
+        path: 'src/db.ts',
+        line: 42,
+        title: 'SQL Injection',
+        description: 'User input passed to query',
+        contentHash: generateContentHash('SQL Injection', 'User input passed to query'),
+        threadId: 'thread-1',
+      },
+    ];
+
+    // Same issue but in different file
+    const findings: Finding[] = [
+      {
+        id: 'f1',
+        severity: 'high',
+        title: 'SQL Injection',
+        description: 'User input passed to query',
+        location: { path: 'src/api.ts', startLine: 42 },
+      },
+    ];
+
+    const stale = findStaleComments(comments, findings, scope);
+    expect(stale).toHaveLength(1);
+  });
+
+  it('does not match findings without location', () => {
+    const comments: ExistingComment[] = [
+      {
+        id: 1,
+        path: 'src/db.ts',
+        line: 42,
+        title: 'SQL Injection',
+        description: 'User input passed to query',
+        contentHash: generateContentHash('SQL Injection', 'User input passed to query'),
+        threadId: 'thread-1',
+      },
+    ];
+
+    // Finding without location
+    const findings: Finding[] = [
+      {
+        id: 'f1',
+        severity: 'high',
+        title: 'SQL Injection',
+        description: 'User input passed to query',
+        // No location
+      },
+    ];
+
+    const stale = findStaleComments(comments, findings, scope);
+    expect(stale).toHaveLength(1);
+  });
+});