@sentry/warden 0.14.0 → 0.15.0

package/skills/warden-sweep/scripts/create_issue.py

@@ -0,0 +1,189 @@
+#!/usr/bin/env python3
+# /// script
+# requires-python = ">=3.9"
+# ///
+"""
+Warden Sweep: Create tracking issue.
+
+Creates a GitHub issue summarizing the sweep results after verification
+but before patching. Gives every PR a parent to reference and gives
+reviewers a single place to see the full picture.
+
+Usage:
+    uv run create_issue.py <sweep-dir>
+
+Stdout: JSON with issueUrl and issueNumber
+Stderr: Progress lines
+
+Idempotent: if issueUrl already exists in manifest, skips creation.
+"""
+from __future__ import annotations
+
+import argparse
+import json
+import os
+import subprocess
+import sys
+from typing import Any
+
+sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
+from _utils import (  # noqa: E402
+    ensure_github_label,
+    pr_number_from_url,
+    read_json,
+    read_jsonl,
+    severity_badge,
+    write_json,
+)
+
+
+def build_issue_body(
+    run_id: str,
+    scan_index: list[dict[str, Any]],
+    all_findings: list[dict[str, Any]],
+    verified: list[dict[str, Any]],
+    rejected: list[dict[str, Any]],
+) -> str:
+    """Build the GitHub issue body markdown."""
+    files_scanned = sum(1 for e in scan_index if e.get("status") == "complete")
+    files_timed_out = sum(
+        1 for e in scan_index
+        if e.get("status") == "error" and e.get("error") == "timeout"
+    )
+    files_errored = sum(
+        1 for e in scan_index
+        if e.get("status") == "error" and e.get("error") != "timeout"
+    )
+
+    # Collect unique skills from scan index
+    skills: set[str] = set()
+    for entry in scan_index:
+        for skill in entry.get("skills", []):
+            skills.add(skill)
+
+    lines = [
+        f"## Warden Sweep `{run_id}`",
+        "",
+        "| Metric | Count |",
+        "|--------|-------|",
+        f"| Files scanned | {files_scanned} |",
+        f"| Files timed out | {files_timed_out} |",
+        f"| Files errored | {files_errored} |",
+        f"| Total findings | {len(all_findings)} |",
+        f"| Verified | {len(verified)} |",
+        f"| Rejected | {len(rejected)} |",
+        "",
+    ]
+
+    if verified:
+        lines.append("### Verified Findings")
+        lines.append("")
+        lines.append("| Severity | Skill | File | Title |")
+        lines.append("|----------|-------|------|-------|")
+        for f in verified:
+            sev = severity_badge(f.get("severity", "info"))
+            skill = f.get("skill", "")
+            file_path = f.get("file", "")
+            start_line = f.get("startLine")
+            location = f"{file_path}:{start_line}" if start_line else file_path
+            title = f.get("title", "")
+            lines.append(f"| {sev} | {skill} | `{location}` | {title} |")
+        lines.append("")
+
+    if skills:
+        lines.append("### Skills Run")
+        lines.append("")
+        lines.append(", ".join(sorted(skills)))
+        lines.append("")
+
+    lines.append("> Generated by Warden Sweep. PRs referencing this issue will appear below.")
+
+    return "\n".join(lines) + "\n"
+
+
+def create_github_issue(title: str, body: str) -> dict[str, Any]:
+    """Create a GitHub issue with the warden label. Returns issueUrl and issueNumber."""
+    ensure_github_label("warden", "5319E7", "Automated fix from Warden Sweep")
+
+    result = subprocess.run(
+        [
+            "gh", "issue", "create",
+            "--label", "warden",
+            "--title", title,
+            "--body", body,
+        ],
+        capture_output=True,
+        text=True,
+        timeout=30,
+    )
+
+    if result.returncode != 0:
+        raise RuntimeError(f"gh issue create failed: {result.stderr.strip()}")
+
+    issue_url = result.stdout.strip()
+    try:
+        issue_number = int(pr_number_from_url(issue_url))
+    except (ValueError, IndexError):
+        raise RuntimeError(f"Could not parse issue number from gh output: {issue_url}")
+
+    return {"issueUrl": issue_url, "issueNumber": issue_number}
+
+
+def main() -> None:
+    parser = argparse.ArgumentParser(
+        description="Warden Sweep: Create tracking issue"
+    )
+    parser.add_argument("sweep_dir", help="Path to the sweep directory")
+    args = parser.parse_args()
+
+    sweep_dir = args.sweep_dir
+    data_dir = os.path.join(sweep_dir, "data")
+    manifest_path = os.path.join(data_dir, "manifest.json")
+
+    if not os.path.isdir(sweep_dir):
+        print(
+            json.dumps({"error": f"Sweep directory not found: {sweep_dir}"}),
+            file=sys.stdout,
+        )
+        sys.exit(1)
+
+    manifest = read_json(manifest_path) or {}
+
+    # Idempotency: if issue already exists, return existing values
+    if manifest.get("issueUrl"):
+        output = {
+            "issueUrl": manifest["issueUrl"],
+            "issueNumber": manifest.get("issueNumber", 0),
+        }
+        print(json.dumps(output))
+        return
+
+    run_id = manifest.get("runId", "unknown")
+
+    # Read sweep data
+    scan_index = read_jsonl(os.path.join(data_dir, "scan-index.jsonl"))
+    all_findings = read_jsonl(os.path.join(data_dir, "all-findings.jsonl"))
+    verified = read_jsonl(os.path.join(data_dir, "verified.jsonl"))
+    rejected = read_jsonl(os.path.join(data_dir, "rejected.jsonl"))
+
+    files_scanned = sum(1 for e in scan_index if e.get("status") == "complete")
+
+    # Build issue
+    title = f"Warden Sweep {run_id}: {len(verified)} findings across {files_scanned} files"
+    body = build_issue_body(run_id, scan_index, all_findings, verified, rejected)
+
+    print("Creating tracking issue...", file=sys.stderr)
+    result = create_github_issue(title, body)
+    print(f"Created issue: {result['issueUrl']}", file=sys.stderr)
+
+    # Write issueUrl and issueNumber to manifest
+    manifest["issueUrl"] = result["issueUrl"]
+    manifest["issueNumber"] = result["issueNumber"]
+    manifest.setdefault("phases", {})["issue"] = "complete"
+    write_json(manifest_path, manifest)
+
+    print(json.dumps(result))
+
+
+if __name__ == "__main__":
+    main()

package/skills/warden-sweep/scripts/find_reviewers.py

@@ -20,22 +20,11 @@ from __future__ import annotations
 
 import argparse
 import json
-import subprocess
+import os
 import sys
 
-
-def run_cmd(args: list[str], timeout: int = 30) -> str | None:
-    """Run a command and return stdout, or None on failure."""
-    try:
-        result = subprocess.run(
-            args,
-            capture_output=True,
-            text=True,
-            timeout=timeout,
-        )
-        return result.stdout.strip() if result.returncode == 0 else None
-    except (subprocess.TimeoutExpired, FileNotFoundError):
-        return None
+sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
+from _utils import run_cmd_stdout as run_cmd  # noqa: E402
 
 
 def get_top_authors(file_path: str, count: int = 2) -> list[str]:
@@ -86,6 +75,12 @@ def email_to_github_username(email: str) -> str | None:
     return output if output else None
 
 
+def get_current_github_user() -> str | None:
+    """Get the currently authenticated GitHub username."""
+    output = run_cmd(["gh", "api", "/user", "--jq", ".login"])
+    return output if output else None
+
+
 def main():
     parser = argparse.ArgumentParser(
         description="Find top git contributors for PR reviewer assignment"
@@ -97,7 +92,11 @@ def main():
     )
     args = parser.parse_args()
 
-    emails = get_top_authors(args.file_path, args.count)
+    current_user = get_current_github_user()
+
+    # Request extra candidates to compensate for self-exclusion
+    fetch_count = args.count + 1 if current_user else args.count
+    emails = get_top_authors(args.file_path, fetch_count)
     if not emails:
         print(json.dumps({"reviewers": [], "note": "No recent authors found"}))
         return
@@ -105,10 +104,10 @@ def main():
     reviewers: list[str] = []
     for email in emails:
         username = email_to_github_username(email)
-        if username:
+        if username and username != current_user:
             reviewers.append(username)
 
-    print(json.dumps({"reviewers": reviewers}))
+    print(json.dumps({"reviewers": reviewers[:args.count]}))
 
 
 if __name__ == "__main__":

package/skills/warden-sweep/scripts/generate_report.py

@@ -23,30 +23,7 @@ from datetime import datetime, timezone
 from typing import Any
 
 sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
-from _utils import read_jsonl  # noqa: E402
-
-
-def read_json(path: str) -> dict[str, Any] | None:
-    """Read a JSON file and return parsed object."""
-    if not os.path.exists(path):
-        return None
-    try:
-        with open(path) as f:
-            return json.load(f)
-    except (json.JSONDecodeError, OSError):
-        return None
-
-
-def severity_badge(severity: str) -> str:
-    """Return a markdown-friendly severity indicator."""
-    badges = {
-        "critical": "**CRITICAL**",
-        "high": "**HIGH**",
-        "medium": "MEDIUM",
-        "low": "LOW",
-        "info": "info",
-    }
-    return badges.get(severity, severity)
+from _utils import read_json, read_jsonl, severity_badge  # noqa: E402
 
 
 def generate_summary_md(
@@ -65,7 +42,14 @@ def generate_summary_md(
     completed_at = datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
 
     files_scanned = sum(1 for e in scan_index if e.get("status") == "complete")
-    files_errored = sum(1 for e in scan_index if e.get("status") == "error")
+    files_timed_out = sum(
+        1 for e in scan_index
+        if e.get("status") == "error" and e.get("error") == "timeout"
+    )
+    files_errored = sum(
+        1 for e in scan_index
+        if e.get("status") == "error" and e.get("error") != "timeout"
+    )
 
     prs_created = sum(1 for p in patches if p.get("status") == "created")
     prs_failed = sum(1 for p in patches if p.get("status") == "error")
@@ -88,6 +72,7 @@ def generate_summary_md(
         f"| Metric | Count |",
         f"|--------|-------|",
         f"| Files scanned | {files_scanned} |",
+        f"| Files timed out | {files_timed_out} |",
         f"| Files errored | {files_errored} |",
         f"| Total findings | {len(all_findings)} |",
         f"| Verified | {len(verified)} |",
@@ -176,6 +161,14 @@ def generate_report_json(
     completed_at = datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
 
     files_scanned = sum(1 for e in scan_index if e.get("status") == "complete")
+    files_timed_out = sum(
+        1 for e in scan_index
+        if e.get("status") == "error" and e.get("error") == "timeout"
+    )
+    files_errored = sum(
+        1 for e in scan_index
+        if e.get("status") == "error" and e.get("error") != "timeout"
+    )
     prs_created = sum(1 for p in patches if p.get("status") == "created")
     prs_failed = sum(1 for p in patches if p.get("status") == "error")
 
@@ -190,6 +183,8 @@ def generate_report_json(
         "completedAt": completed_at,
         "scan": {
             "filesScanned": files_scanned,
+            "filesTimedOut": files_timed_out,
+            "filesErrored": files_errored,
             "totalFindings": len(all_findings),
         },
         "verify": {

package/skills/warden-sweep/scripts/organize.py

@@ -36,7 +36,7 @@ from datetime import datetime, timezone
 from typing import Any
 
 sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
-from _utils import read_jsonl  # noqa: E402
+from _utils import ensure_github_label, pr_number_from_url, read_json, read_jsonl, write_json  # noqa: E402
 
 
 SECURITY_SKILL_PATTERNS = [
@@ -54,6 +54,15 @@ def is_security_skill(skill_name: str) -> bool:
     return name_lower in SECURITY_SKILL_PATTERNS
 
 
+def severity_label(severity: str) -> str:
+    """Format a severity string for inline display in issue comments."""
+    if not severity:
+        return ""
+    if severity in ("critical", "high"):
+        return f" (**{severity.upper()}**)"
+    return f" ({severity.upper()})"
+
+
 def identify_security_findings(
     sweep_dir: str,
 ) -> list[dict[str, Any]]:
@@ -101,18 +110,7 @@ def copy_security_findings(
 
 def create_security_label() -> None:
     """Create the security label on GitHub (idempotent)."""
-    try:
-        subprocess.run(
-            [
-                "gh", "label", "create", "security",
-                "--color", "D93F0B",
-                "--description", "Security-related changes",
-            ],
-            capture_output=True,
-            timeout=15,
-        )
-    except (subprocess.TimeoutExpired, FileNotFoundError):
-        pass
+    ensure_github_label("security", "D93F0B", "Security-related changes")
 
 
 def label_security_prs(
@@ -156,6 +154,115 @@ def label_security_prs(
     return labeled
 
 
+def _has_sweep_complete_comment(issue_url: str) -> bool:
+    """Check if the tracking issue already has a 'Sweep Complete' comment."""
+    try:
+        result = subprocess.run(
+            ["gh", "issue", "view", issue_url, "--json", "comments", "--jq",
+             '.comments[].body | select(startswith("## Sweep Complete"))'],
+            capture_output=True,
+            text=True,
+            timeout=15,
+        )
+        return result.returncode == 0 and result.stdout.strip() != ""
+    except (subprocess.TimeoutExpired, FileNotFoundError):
+        return False
+
+
+def update_tracking_issue(sweep_dir: str) -> None:
+    """Post a comment on the tracking issue with final PR results. Idempotent."""
+    manifest = read_json(os.path.join(sweep_dir, "data", "manifest.json"))
+    if not manifest:
+        return
+
+    issue_url = manifest.get("issueUrl")
+    if not issue_url:
+        return
+
+    if _has_sweep_complete_comment(issue_url):
+        print("Tracking issue already has completion comment, skipping.", file=sys.stderr)
+        return
+
+    patches = read_jsonl(os.path.join(sweep_dir, "data", "patches.jsonl"))
+    verified = read_jsonl(os.path.join(sweep_dir, "data", "verified.jsonl"))
+    security_index = read_jsonl(os.path.join(sweep_dir, "security", "index.jsonl"))
+
+    # Build lookup from findingId to verified finding
+    verified_lookup: dict[str, dict[str, Any]] = {}
+    for f in verified:
+        fid = f.get("findingId", "")
+        if fid:
+            verified_lookup[fid] = f
+
+    security_ids = {f.get("findingId", "") for f in security_index}
+
+    created = sum(1 for p in patches if p.get("status") == "created")
+    existing = sum(1 for p in patches if p.get("status") == "existing")
+    failed = sum(1 for p in patches if p.get("status") == "error")
+
+    lines = [
+        "## Sweep Complete",
+        "",
+        "| PRs Created | PRs Skipped (existing) | PRs Failed | Security Findings |",
+        "|-------------|------------------------|------------|-------------------|",
+        f"| {created} | {existing} | {failed} | {len(security_index)} |",
+        "",
+    ]
+
+    # PR task list
+    pr_entries = [p for p in patches if p.get("status") == "created" and p.get("prUrl")]
+    if pr_entries:
+        lines.append("### PRs")
+        lines.append("")
+        for p in pr_entries:
+            fid = p.get("findingId", "")
+            pr_number = pr_number_from_url(p.get("prUrl", ""))
+            finding = verified_lookup.get(fid, {})
+            title = finding.get("title", fid)
+            sev = severity_label(finding.get("severity", ""))
+            lines.append(f"- [ ] #{pr_number} - fix: {title}{sev}")
+        lines.append("")
+
+    # Security findings section
+    security_prs = [
+        p for p in patches
+        if p.get("status") == "created"
+        and p.get("findingId", "") in security_ids
+        and p.get("prUrl")
+    ]
+    if security_prs:
+        lines.append("### Security Findings")
+        lines.append("")
+        for p in security_prs:
+            fid = p.get("findingId", "")
+            pr_number = pr_number_from_url(p.get("prUrl", ""))
+            finding = verified_lookup.get(fid, {})
+            title = finding.get("title", fid)
+            sev = severity_label(finding.get("severity", ""))
+            lines.append(f"- #{pr_number} - {title}{sev}")
+        lines.append("")
+
+    body = "\n".join(lines)
+
+    try:
+        result = subprocess.run(
+            ["gh", "issue", "comment", issue_url, "--body", body],
+            capture_output=True,
+            text=True,
+            timeout=30,
+        )
+        if result.returncode != 0:
+            print(
+                f"Warning: Failed to comment on tracking issue: {result.stderr.strip()}",
+                file=sys.stderr,
+            )
+    except (subprocess.TimeoutExpired, FileNotFoundError) as e:
+        print(
+            f"Warning: Failed to comment on tracking issue: {e}",
+            file=sys.stderr,
+        )
+
+
 def update_findings_with_pr_links(sweep_dir: str) -> None:
     """Append PR links to findings/*.md for created PRs."""
     patches = read_jsonl(os.path.join(sweep_dir, "data", "patches.jsonl"))
@@ -218,20 +325,16 @@ def run_generate_report(sweep_dir: str, script_dir: str) -> None:
 def update_manifest(sweep_dir: str) -> None:
     """Mark organize phase complete and add completedAt timestamp."""
     manifest_path = os.path.join(sweep_dir, "data", "manifest.json")
-    if not os.path.exists(manifest_path):
+    manifest = read_json(manifest_path)
+    if not manifest:
         return
 
-    with open(manifest_path) as f:
-        manifest = json.load(f)
-
     manifest.setdefault("phases", {})["organize"] = "complete"
     manifest["completedAt"] = datetime.now(timezone.utc).strftime(
         "%Y-%m-%dT%H:%M:%SZ"
     )
 
-    with open(manifest_path, "w") as f:
-        json.dump(manifest, f, indent=2)
-        f.write("\n")
+    write_json(manifest_path, manifest)
 
 
 def main() -> None:
@@ -279,7 +382,11 @@ def main() -> None:
     print("Generating summary and report...", file=sys.stderr)
     run_generate_report(sweep_dir, script_dir)
 
-    # Step 6: Update manifest
+    # Step 6: Update tracking issue with PR results
+    print("Updating tracking issue...", file=sys.stderr)
+    update_tracking_issue(sweep_dir)
+
+    # Step 7: Update manifest
     update_manifest(sweep_dir)
 
     # Gather stats for output