npm - @trac3er/oh-my-god - Versions diffs - 2.0.0 → 2.0.2 - Mend

@trac3er/oh-my-god 2.0.0 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (243) hide show

package/.claude-plugin/marketplace.json +8 -8
package/.claude-plugin/plugin.json +5 -4
package/.claude-plugin/scripts/uninstall.sh +74 -3
package/.claude-plugin/scripts/update.sh +78 -3
package/.coveragerc +26 -0
package/.mcp.json +4 -4
package/CHANGELOG.md +14 -0
package/CODE_OF_CONDUCT.md +27 -0
package/CONTRIBUTING.md +62 -0
package/OMG-setup.sh +1201 -355
package/README.md +77 -56
package/SECURITY.md +25 -0
package/agents/__init__.py +1 -0
package/agents/model_roles.py +196 -0
package/agents/omg-architect-mode.md +3 -5
package/agents/omg-backend-engineer.md +3 -5
package/agents/omg-database-engineer.md +3 -5
package/agents/omg-frontend-designer.md +4 -5
package/agents/omg-implement-mode.md +4 -5
package/agents/omg-infra-engineer.md +3 -5
package/agents/omg-research-mode.md +4 -6
package/agents/omg-security-auditor.md +3 -5
package/agents/omg-testing-engineer.md +3 -5
package/build/lib/yaml.py +321 -0
package/commands/OMG:ai-commit.md +101 -14
package/commands/OMG:arch.md +302 -19
package/commands/OMG:ccg.md +12 -7
package/commands/OMG:compat.md +25 -17
package/commands/OMG:cost.md +173 -13
package/commands/OMG:crazy.md +1 -1
package/commands/OMG:create-agent.md +170 -20
package/commands/OMG:deps.md +235 -17
package/commands/OMG:domain-init.md +1 -1
package/commands/OMG:escalate.md +41 -12
package/commands/OMG:health-check.md +37 -13
package/commands/OMG:init.md +122 -14
package/commands/OMG:project-init.md +1 -1
package/commands/OMG:session-branch.md +76 -9
package/commands/OMG:session-fork.md +42 -5
package/commands/OMG:session-merge.md +124 -8
package/commands/OMG:setup.md +69 -12
package/commands/OMG:stats.md +215 -14
package/commands/OMG:teams.md +19 -10
package/config/lsp_languages.yaml +8 -0
package/hooks/__init__.py +0 -0
package/hooks/_agent_registry.py +423 -0
package/hooks/_analytics.py +291 -0
package/hooks/_budget.py +31 -0
package/hooks/_common.py +569 -0
package/hooks/_compression_optimizer.py +119 -0
package/hooks/_cost_ledger.py +176 -0
package/hooks/_learnings.py +126 -0
package/hooks/_memory.py +103 -0
package/hooks/_protected_context.py +150 -0
package/hooks/_token_counter.py +221 -0
package/hooks/branch_manager.py +236 -0
package/hooks/budget_governor.py +232 -0
package/hooks/circuit-breaker.py +270 -0
package/hooks/compression_feedback.py +254 -0
package/hooks/config-guard.py +216 -0
package/hooks/context_pressure.py +53 -0
package/hooks/credential_store.py +1020 -0
package/hooks/fetch-rate-limits.py +212 -0
package/hooks/firewall.py +48 -0
package/hooks/hashline-formatter-bridge.py +224 -0
package/hooks/hashline-injector.py +273 -0
package/hooks/hashline-validator.py +216 -0
package/hooks/idle-detector.py +95 -0
package/hooks/intentgate-keyword-detector.py +188 -0
package/hooks/magic-keyword-router.py +195 -0
package/hooks/policy_engine.py +505 -0
package/hooks/post-tool-failure.py +19 -0
package/hooks/post-write.py +219 -0
package/hooks/post_write.py +46 -0
package/hooks/pre-compact.py +398 -0
package/hooks/pre-tool-inject.py +98 -0
package/hooks/prompt-enhancer.py +672 -0
package/hooks/quality-runner.py +191 -0
package/hooks/query.py +512 -0
package/hooks/secret-guard.py +61 -0
package/hooks/secret_audit.py +144 -0
package/hooks/session-end-capture.py +137 -0
package/hooks/session-start.py +277 -0
package/hooks/setup_wizard.py +582 -0
package/hooks/shadow_manager.py +297 -0
package/hooks/state_migration.py +225 -0
package/hooks/stop-gate.py +7 -0
package/hooks/stop_dispatcher.py +945 -0
package/hooks/test-validator.py +361 -0
package/hooks/test_generator_hook.py +123 -0
package/hooks/todo-state-tracker.py +114 -0
package/hooks/tool-ledger.py +149 -0
package/hooks/trust_review.py +585 -0
package/hud/omg-hud.mjs +31 -1
package/lab/__init__.py +1 -0
package/lab/pipeline.py +75 -0
package/lab/policies.py +52 -0
package/package.json +7 -18
package/plugins/README.md +33 -61
package/plugins/advanced/commands/OMG:deep-plan.md +3 -3
package/plugins/advanced/commands/OMG:learn.md +1 -1
package/plugins/advanced/commands/OMG:security-review.md +3 -3
package/plugins/advanced/commands/OMG:ship.md +1 -1
package/plugins/advanced/plugin.json +1 -1
package/plugins/core/plugin.json +8 -3
package/plugins/dephealth/__init__.py +0 -0
package/plugins/dephealth/cve_scanner.py +188 -0
package/plugins/dephealth/license_checker.py +135 -0
package/plugins/dephealth/manifest_detector.py +423 -0
package/plugins/dephealth/vuln_analyzer.py +169 -0
package/plugins/testgen/__init__.py +0 -0
package/plugins/testgen/codamosa_engine.py +402 -0
package/plugins/testgen/edge_case_synthesizer.py +184 -0
package/plugins/testgen/framework_detector.py +271 -0
package/plugins/testgen/skeleton_generator.py +219 -0
package/plugins/viz/__init__.py +0 -0
package/plugins/viz/ast_parser.py +139 -0
package/plugins/viz/diagram_generator.py +192 -0
package/plugins/viz/graph_builder.py +444 -0
package/plugins/viz/native_parsers.py +259 -0
package/plugins/viz/regex_parser.py +112 -0
package/pyproject.toml +81 -0
package/rules/contextual/write-verify.md +2 -2
package/rules/core/00-truth.md +1 -1
package/rules/core/01-surgical.md +1 -1
package/rules/core/02-circuit-breaker.md +2 -2
package/rules/core/03-ensemble.md +3 -3
package/rules/core/04-testing.md +3 -3
package/runtime/__init__.py +32 -0
package/runtime/adapters/__init__.py +13 -0
package/runtime/adapters/claude.py +60 -0
package/runtime/adapters/gpt.py +53 -0
package/runtime/adapters/local.py +53 -0
package/runtime/adoption.py +212 -0
package/runtime/business_workflow.py +220 -0
package/runtime/cli_provider.py +85 -0
package/runtime/compat.py +1299 -0
package/runtime/custom_agent_loader.py +366 -0
package/runtime/dispatcher.py +47 -0
package/runtime/ecosystem.py +371 -0
package/runtime/legacy_compat.py +7 -0
package/runtime/mcp_config_writers.py +115 -0
package/runtime/mcp_lifecycle.py +153 -0
package/runtime/mcp_memory_server.py +135 -0
package/runtime/memory_parsers/__init__.py +0 -0
package/runtime/memory_parsers/chatgpt_parser.py +257 -0
package/runtime/memory_parsers/claude_import.py +107 -0
package/runtime/memory_parsers/export.py +97 -0
package/runtime/memory_parsers/gemini_import.py +91 -0
package/runtime/memory_parsers/kimi_import.py +91 -0
package/runtime/memory_store.py +215 -0
package/runtime/omc_compat.py +7 -0
package/runtime/providers/__init__.py +0 -0
package/runtime/providers/codex_provider.py +112 -0
package/runtime/providers/gemini_provider.py +128 -0
package/runtime/providers/kimi_provider.py +151 -0
package/runtime/providers/opencode_provider.py +144 -0
package/runtime/subagent_dispatcher.py +362 -0
package/runtime/team_router.py +1167 -0
package/runtime/tmux_session_manager.py +169 -0
package/scripts/check-omg-compat-contract-snapshot.py +137 -0
package/scripts/check-omg-contract-snapshot.py +12 -0
package/scripts/check-omg-public-ready.py +193 -0
package/scripts/check-omg-standalone-clean.py +103 -0
package/scripts/legacy_to_omg_migrate.py +29 -0
package/scripts/migrate-legacy.py +464 -0
package/scripts/omc_to_omg_migrate.py +12 -0
package/scripts/omg.py +492 -0
package/scripts/settings-merge.py +283 -0
package/scripts/verify-standalone.sh +8 -4
package/settings.json +126 -29
package/templates/profile.yaml +1 -1
package/tools/__init__.py +2 -0
package/tools/browser_consent.py +289 -0
package/tools/browser_stealth.py +481 -0
package/tools/browser_tool.py +448 -0
package/tools/changelog_generator.py +347 -0
package/tools/commit_splitter.py +746 -0
package/tools/config_discovery.py +151 -0
package/tools/config_merger.py +449 -0
package/tools/dashboard_generator.py +300 -0
package/tools/git_inspector.py +298 -0
package/tools/lsp_client.py +275 -0
package/tools/lsp_discovery.py +231 -0
package/tools/lsp_operations.py +392 -0
package/tools/pr_generator.py +404 -0
package/tools/python_repl.py +656 -0
package/tools/python_sandbox.py +609 -0
package/tools/search_providers/__init__.py +77 -0
package/tools/search_providers/brave.py +115 -0
package/tools/search_providers/exa.py +116 -0
package/tools/search_providers/jina.py +104 -0
package/tools/search_providers/perplexity.py +139 -0
package/tools/search_providers/synthetic.py +74 -0
package/tools/session_snapshot.py +736 -0
package/tools/ssh_manager.py +912 -0
package/tools/theme_engine.py +294 -0
package/tools/theme_selector.py +137 -0
package/tools/web_search.py +622 -0
package/yaml.py +321 -0
package/.claude-plugin/scripts/install.sh +0 -9
package/bun.lock +0 -23
package/bunfig.toml +0 -3
package/hooks/_budget.ts +0 -1
package/hooks/_common.ts +0 -63
package/hooks/circuit-breaker.ts +0 -101
package/hooks/config-guard.ts +0 -4
package/hooks/firewall.ts +0 -20
package/hooks/policy_engine.ts +0 -156
package/hooks/post-tool-failure.ts +0 -22
package/hooks/post-write.ts +0 -4
package/hooks/pre-tool-inject.ts +0 -4
package/hooks/prompt-enhancer.ts +0 -46
package/hooks/quality-runner.ts +0 -24
package/hooks/secret-guard.ts +0 -4
package/hooks/session-end-capture.ts +0 -19
package/hooks/session-start.ts +0 -19
package/hooks/shadow_manager.ts +0 -81
package/hooks/stop-gate.ts +0 -22
package/hooks/stop_dispatcher.ts +0 -147
package/hooks/test-generator-hook.ts +0 -4
package/hooks/tool-ledger.ts +0 -27
package/hooks/trust_review.ts +0 -175
package/lab/pipeline.ts +0 -75
package/lab/policies.ts +0 -68
package/runtime/common.ts +0 -111
package/runtime/compat.ts +0 -174
package/runtime/dispatcher.ts +0 -25
package/runtime/ecosystem.ts +0 -186
package/runtime/provider_bootstrap.ts +0 -99
package/runtime/provider_smoke.ts +0 -34
package/runtime/release_readiness.ts +0 -186
package/runtime/team_router.ts +0 -144
package/scripts/check-omg-compat-contract-snapshot.ts +0 -20
package/scripts/check-omg-standalone-clean.ts +0 -12
package/scripts/check-runtime-clean.ts +0 -94
package/scripts/omg.ts +0 -352
package/scripts/settings-merge.ts +0 -93
package/tools/commit_splitter.ts +0 -23
package/tools/git_inspector.ts +0 -18
package/tools/session_snapshot.ts +0 -47
package/trac3er-oh-my-god-2.0.0.tgz +0 -0
package/tsconfig.json +0 -15

package/plugins/dephealth/manifest_detector.py ADDED Viewed

@@ -0,0 +1,423 @@
+"""Package manifest detector — scans project directories for dependency manifests.
+Supports: package.json, requirements.txt, Cargo.toml, go.mod, Gemfile, pyproject.toml.
+Returns a unified DependencyList with all discovered packages.
+stdlib only — no external dependencies.
+"""
+from __future__ import annotations
+import json
+import os
+import re
+import sys
+from dataclasses import dataclass, field
+from pathlib import Path
+from typing import Any
+# ─── Data Classes ─────────────────────────────────────────────────────────────
+@dataclass
+class ManifestFile:
+    """Represents a discovered manifest file."""
+    path: str
+    format: str
+@dataclass
+class Package:
+    """Represents a single dependency package."""
+    name: str
+    version: str
+    dev: bool
+    source_manifest: str
+@dataclass
+class DependencyList:
+    """Unified result of manifest detection."""
+    manifests: list[ManifestFile] = field(default_factory=list)
+    packages: list[Package] = field(default_factory=list)
+# ─── Known manifest filenames ────────────────────────────────────────────────
+_MANIFEST_FILES: list[tuple[str, str]] = [
+    ("package.json", "package.json"),
+    ("requirements.txt", "requirements.txt"),
+    ("Cargo.toml", "Cargo.toml"),
+    ("go.mod", "go.mod"),
+    ("Gemfile", "Gemfile"),
+    ("pyproject.toml", "pyproject.toml"),
+]
+# ─── Parsers ─────────────────────────────────────────────────────────────────
+def _parse_package_json(file_path: str) -> list[Package]:
+    """Parse package.json for dependencies and devDependencies."""
+    packages: list[Package] = []
+    try:
+        with open(file_path, "r") as f:
+            data = json.load(f)
+    except (json.JSONDecodeError, OSError):
+        return packages
+    deps = data.get("dependencies", {})
+    if isinstance(deps, dict):
+        for name, version in deps.items():
+            packages.append(Package(
+                name=name,
+                version=str(version),
+                dev=False,
+                source_manifest=file_path,
+            ))
+    dev_deps = data.get("devDependencies", {})
+    if isinstance(dev_deps, dict):
+        for name, version in dev_deps.items():
+            packages.append(Package(
+                name=name,
+                version=str(version),
+                dev=True,
+                source_manifest=file_path,
+            ))
+    return packages
+def _parse_requirements_txt(file_path: str) -> list[Package]:
+    """Parse requirements.txt (name==version, name>=version, or bare name)."""
+    packages: list[Package] = []
+    try:
+        with open(file_path, "r") as f:
+            lines = f.readlines()
+    except OSError:
+        return packages
+    # Matches: name==version, name>=version, name<=version, name~=version, name!=version
+    req_re = re.compile(r"^([A-Za-z0-9_][A-Za-z0-9._-]*)\s*(?:[><=!~]+\s*(.+))?$")
+    for line in lines:
+        line = line.strip()
+        if not line or line.startswith("#") or line.startswith("-"):
+            continue
+        m = req_re.match(line)
+        if m:
+            name = m.group(1)
+            version = m.group(2) or ""
+            packages.append(Package(
+                name=name,
+                version=version.strip(),
+                dev=False,
+                source_manifest=file_path,
+            ))
+    return packages
+def _parse_cargo_toml(file_path: str) -> list[Package]:
+    """Parse Cargo.toml [dependencies] and [dev-dependencies] via regex."""
+    packages: list[Package] = []
+    try:
+        with open(file_path, "r") as f:
+            content = f.read()
+    except OSError:
+        return packages
+    # Split into sections by [header]
+    section_re = re.compile(r"^\[([^\]]+)\]\s*$", re.MULTILINE)
+    sections: dict[str, str] = {}
+    positions = [(m.group(1).strip(), m.end()) for m in section_re.finditer(content)]
+    for i, (name, start) in enumerate(positions):
+        end = positions[i + 1][1] if i + 1 < len(positions) else len(content)
+        # Adjust end to be the start of the next section header line
+        if i + 1 < len(positions):
+            # Find the start of the next header line
+            next_header_start = content.rfind("[", start, end)
+            if next_header_start >= 0:
+                end = next_header_start
+        sections[name] = content[start:end]
+    # Parse dependency lines: name = "version" or name = { version = "ver", ... }
+    dep_line_re = re.compile(
+        r'^([A-Za-z0-9_][A-Za-z0-9_-]*)\s*=\s*(?:"([^"]+)"|'
+        r'\{[^}]*version\s*=\s*"([^"]+)"[^}]*\})',
+        re.MULTILINE,
+    )
+    for section_name, section_body in sections.items():
+        is_dev = "dev-dependencies" in section_name.lower()
+        is_dep = "dependencies" in section_name.lower()
+        if not is_dep:
+            continue
+        for m in dep_line_re.finditer(section_body):
+            name = m.group(1)
+            version = m.group(2) or m.group(3) or ""
+            packages.append(Package(
+                name=name,
+                version=version,
+                dev=is_dev,
+                source_manifest=file_path,
+            ))
+    return packages
+def _parse_go_mod(file_path: str) -> list[Package]:
+    """Parse go.mod require block."""
+    packages: list[Package] = []
+    try:
+        with open(file_path, "r") as f:
+            content = f.read()
+    except OSError:
+        return packages
+    # Match require ( ... ) block
+    require_block_re = re.compile(r"require\s*\(\s*(.*?)\s*\)", re.DOTALL)
+    for block_m in require_block_re.finditer(content):
+        block = block_m.group(1)
+        for line in block.strip().splitlines():
+            line = line.strip()
+            if not line or line.startswith("//"):
+                continue
+            parts = line.split()
+            if len(parts) >= 2:
+                packages.append(Package(
+                    name=parts[0],
+                    version=parts[1],
+                    dev=False,
+                    source_manifest=file_path,
+                ))
+    # Also match single-line require: require github.com/foo/bar v1.0.0
+    single_re = re.compile(r"^require\s+(\S+)\s+(\S+)", re.MULTILINE)
+    for m in single_re.finditer(content):
+        packages.append(Package(
+            name=m.group(1),
+            version=m.group(2),
+            dev=False,
+            source_manifest=file_path,
+        ))
+    return packages
+def _parse_gemfile(file_path: str) -> list[Package]:
+    """Parse Gemfile gem declarations."""
+    packages: list[Package] = []
+    try:
+        with open(file_path, "r") as f:
+            lines = f.readlines()
+    except OSError:
+        return packages
+    # gem "name", "version" or gem 'name', 'version' or gem "name"
+    gem_re = re.compile(
+        r"""gem\s+['"]([^'"]+)['"]\s*(?:,\s*['"]([^'"]+)['"])?"""
+    )
+    for line in lines:
+        line = line.strip()
+        if not line or line.startswith("#"):
+            continue
+        m = gem_re.search(line)
+        if m:
+            name = m.group(1)
+            version = m.group(2) or ""
+            packages.append(Package(
+                name=name,
+                version=version,
+                dev=False,
+                source_manifest=file_path,
+            ))
+    return packages
+def _parse_pyproject_toml(file_path: str) -> list[Package]:
+    """Parse pyproject.toml for [project.dependencies] and optional-dependencies."""
+    packages: list[Package] = []
+    try:
+        with open(file_path, "r") as f:
+            content = f.read()
+    except OSError:
+        return packages
+    # Extract PEP 508 name and version from dependency string like "fastapi>=0.100.0"
+    pep508_re = re.compile(r"^([A-Za-z0-9_][A-Za-z0-9._-]*)\s*(.*)$")
+    def _extract_deps_from_array(text: str, is_dev: bool) -> list[Package]:
+        """Extract packages from a TOML array literal."""
+        result: list[Package] = []
+        # Match quoted strings inside brackets
+        str_re = re.compile(r'["\']([^"\']+)["\']')
+        for m in str_re.finditer(text):
+            dep_str = m.group(1).strip()
+            pm = pep508_re.match(dep_str)
+            if pm:
+                name = pm.group(1)
+                version = pm.group(2).strip()
+                result.append(Package(
+                    name=name,
+                    version=version,
+                    dev=is_dev,
+                    source_manifest=file_path,
+                ))
+        return result
+    # Find dependencies = [...] under [project]
+    # Simple approach: find "dependencies = [" after [project] section
+    project_deps_re = re.compile(
+        r"\[project\].*?^dependencies\s*=\s*\[(.*?)\]",
+        re.MULTILINE | re.DOTALL,
+    )
+    pm = project_deps_re.search(content)
+    if pm:
+        packages.extend(_extract_deps_from_array(pm.group(1), is_dev=False))
+    # Find [project.optional-dependencies] sections
+    opt_deps_re = re.compile(
+        r"\[project\.optional-dependencies\].*?$",
+        re.MULTILINE,
+    )
+    om = opt_deps_re.search(content)
+    if om:
+        # Extract the section body until next [section] or end of file
+        start = om.end()
+        next_section = re.search(r"^\[", content[start:], re.MULTILINE)
+        end = start + next_section.start() if next_section else len(content)
+        section_body = content[start:end]
+        # Find key = [...] arrays (e.g., dev = ["pytest>=7.4.0"])
+        array_re = re.compile(r"^\w+\s*=\s*\[(.*?)\]", re.MULTILINE | re.DOTALL)
+        for am in array_re.finditer(section_body):
+            packages.extend(_extract_deps_from_array(am.group(1), is_dev=True))
+    # Also support [tool.poetry.dependencies] pattern
+    poetry_deps_re = re.compile(
+        r"\[tool\.poetry\.dependencies\](.*?)(?=\[|$)",
+        re.DOTALL,
+    )
+    pm = poetry_deps_re.search(content)
+    if pm:
+        section_body = pm.group(1)
+        # Poetry deps: name = "version" or name = {version = "ver"}
+        dep_line_re = re.compile(
+            r'^([A-Za-z0-9_][A-Za-z0-9._-]*)\s*=\s*(?:"([^"]+)"|'
+            r"\{[^}]*version\s*=\s*\"([^\"]+)\"[^}]*\})",
+            re.MULTILINE,
+        )
+        for dm in dep_line_re.finditer(section_body):
+            name = dm.group(1)
+            if name.lower() == "python":
+                continue  # Skip python version constraint
+            version = dm.group(2) or dm.group(3) or ""
+            packages.append(Package(
+                name=name,
+                version=version,
+                dev=False,
+                source_manifest=file_path,
+            ))
+    # [tool.poetry.dev-dependencies]
+    poetry_dev_re = re.compile(
+        r"\[tool\.poetry\.dev-dependencies\](.*?)(?=\[|$)",
+        re.DOTALL,
+    )
+    pm = poetry_dev_re.search(content)
+    if pm:
+        section_body = pm.group(1)
+        dep_line_re = re.compile(
+            r'^([A-Za-z0-9_][A-Za-z0-9._-]*)\s*=\s*(?:"([^"]+)"|'
+            r"\{[^}]*version\s*=\s*\"([^\"]+)\"[^}]*\})",
+            re.MULTILINE,
+        )
+        for dm in dep_line_re.finditer(section_body):
+            name = dm.group(1)
+            version = dm.group(2) or dm.group(3) or ""
+            packages.append(Package(
+                name=name,
+                version=version,
+                dev=True,
+                source_manifest=file_path,
+            ))
+    return packages
+# ─── Parser dispatch ─────────────────────────────────────────────────────────
+_PARSERS: dict[str, Any] = {
+    "package.json": _parse_package_json,
+    "requirements.txt": _parse_requirements_txt,
+    "Cargo.toml": _parse_cargo_toml,
+    "go.mod": _parse_go_mod,
+    "Gemfile": _parse_gemfile,
+    "pyproject.toml": _parse_pyproject_toml,
+}
+# ─── Public API ──────────────────────────────────────────────────────────────
+def _dep_health_enabled() -> bool:
+    env_val = os.environ.get("OMG_DEP_HEALTH_ENABLED", "").lower()
+    if env_val in ("1", "true", "yes"):
+        return True
+    if env_val in ("0", "false", "no"):
+        return False
+    try:
+        sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))
+        from hooks._common import get_feature_flag
+        return get_feature_flag("DEP_HEALTH", default=False)
+    except Exception:
+        return False
+def detect_manifests(project_dir: str) -> DependencyList:
+    """Scan project_dir for manifest files and return a unified DependencyList.
+    Supports: package.json, requirements.txt, Cargo.toml, go.mod, Gemfile, pyproject.toml.
+    Gracefully handles missing/malformed files (skips, no crash).
+    """
+    if not _dep_health_enabled():
+        return DependencyList()
+    result = DependencyList()
+    project_path = Path(project_dir)
+    if not project_path.is_dir():
+        return result
+    for filename, fmt in _MANIFEST_FILES:
+        file_path = project_path / filename
+        if not file_path.is_file():
+            continue
+        parser = _PARSERS.get(fmt)
+        if not parser:
+            continue
+        try:
+            packages = parser(str(file_path))
+            if packages:
+                result.manifests.append(ManifestFile(
+                    path=str(file_path),
+                    format=fmt,
+                ))
+                result.packages.extend(packages)
+        except Exception:
+            # Graceful degradation: skip malformed files
+            continue
+    return result

package/plugins/dephealth/vuln_analyzer.py ADDED Viewed

@@ -0,0 +1,169 @@
+import ast
+import re
+from pathlib import Path
+from typing import Any
+_CRITICAL_PATTERN = re.compile(r"\bcritical\b", re.IGNORECASE)
+_HIGH_PATTERN = re.compile(r"\bhigh\b", re.IGNORECASE)
+def analyze_reachability(cve_result: dict[str, Any], project_dir: str) -> dict[str, Any]:
+    package = str(cve_result.get("package", "")).strip()
+    cve_id = str(cve_result.get("id", "")).strip()
+    summary = str(cve_result.get("summary", "")).strip()
+    fixed_version = str(cve_result.get("fixed_version", "")).strip()
+    imported_files: list[str] = []
+    usage_found = False
+    for py_file in Path(project_dir).rglob("*.py"):
+        try:
+            source = py_file.read_text(encoding="utf-8")
+        except Exception:
+            continue
+        imported, used = _inspect_python_file(source, package)
+        if imported:
+            imported_files.append(py_file.relative_to(project_dir).as_posix())
+        if used:
+            usage_found = True
+    reachability = _classify_reachability(imported_files, usage_found)
+    risk_level = _classify_risk(reachability, summary)
+    recommendation = _build_recommendation(package, fixed_version, reachability)
+    return {
+        "package": package,
+        "cve_id": cve_id,
+        "reachability": reachability,
+        "import_locations": sorted(imported_files),
+        "risk_level": risk_level,
+        "recommendation": recommendation,
+    }
+def _inspect_python_file(source: str, package: str) -> tuple[bool, bool]:
+    imported, module_aliases, imported_symbols = _grep_like_import_scan(source, package)
+    try:
+        tree = ast.parse(source)
+    except SyntaxError:
+        return imported, False
+    ast_imported, ast_module_aliases, ast_imported_symbols = _ast_import_scan(tree, package)
+    imported = imported or ast_imported
+    module_aliases.update(ast_module_aliases)
+    imported_symbols.update(ast_imported_symbols)
+    used = _ast_usage_scan(tree, module_aliases, imported_symbols)
+    return imported, used
+def _grep_like_import_scan(source: str, package: str) -> tuple[bool, set[str], set[str]]:
+    imported = False
+    module_aliases: set[str] = set()
+    imported_symbols: set[str] = set()
+    if not package:
+        return imported, module_aliases, imported_symbols
+    pkg = re.escape(package)
+    import_re = re.compile(rf"^\s*import\s+{pkg}(?:\.|\s|,|$)", re.MULTILINE)
+    from_re = re.compile(rf"^\s*from\s+{pkg}(?:\.|\s)", re.MULTILINE)
+    alias_re = re.compile(rf"^\s*import\s+{pkg}\s+as\s+([A-Za-z_][A-Za-z0-9_]*)", re.MULTILINE)
+    from_names_re = re.compile(rf"^\s*from\s+{pkg}(?:\.[A-Za-z0-9_\.]+)?\s+import\s+(.+)$", re.MULTILINE)
+    if import_re.search(source) or from_re.search(source):
+        imported = True
+    module_aliases.add(package.split(".")[0])
+    for match in alias_re.findall(source):
+        module_aliases.add(match)
+    for line in from_names_re.findall(source):
+        for item in line.split(","):
+            part = item.strip()
+            if not part:
+                continue
+            if " as " in part:
+                imported_symbols.add(part.rsplit(" as ", 1)[1].strip())
+            else:
+                imported_symbols.add(part)
+    return imported, module_aliases, imported_symbols
+def _ast_import_scan(tree: ast.AST, package: str) -> tuple[bool, set[str], set[str]]:
+    imported = False
+    module_aliases: set[str] = set()
+    imported_symbols: set[str] = set()
+    if not package:
+        return imported, module_aliases, imported_symbols
+    root = package.split(".")[0]
+    for node in ast.walk(tree):
+        if isinstance(node, ast.Import):
+            for alias in node.names:
+                if alias.name == package or alias.name.startswith(f"{package}."):
+                    imported = True
+                    module_aliases.add(alias.asname or alias.name.split(".")[0])
+                elif alias.name.split(".")[0] == root:
+                    imported = True
+                    module_aliases.add(alias.asname or alias.name.split(".")[0])
+        elif isinstance(node, ast.ImportFrom) and node.module:
+            if node.module == package or node.module.startswith(f"{package}."):
+                imported = True
+                for alias in node.names:
+                    imported_symbols.add(alias.asname or alias.name)
+            elif node.module.split(".")[0] == root:
+                imported = True
+                for alias in node.names:
+                    imported_symbols.add(alias.asname or alias.name)
+    return imported, module_aliases, imported_symbols
+def _ast_usage_scan(tree: ast.AST, module_aliases: set[str], imported_symbols: set[str]) -> bool:
+    for node in ast.walk(tree):
+        if not isinstance(node, ast.Call):
+            continue
+        func = node.func
+        if isinstance(func, ast.Attribute) and isinstance(func.value, ast.Name):
+            if func.value.id in module_aliases or func.value.id in imported_symbols:
+                return True
+        elif isinstance(func, ast.Name) and func.id in imported_symbols:
+            return True
+    return False
+def _classify_reachability(imported_files: list[str], usage_found: bool) -> str:
+    if usage_found:
+        return "REACHABLE"
+    if imported_files:
+        return "POTENTIALLY_REACHABLE"
+    return "UNREACHABLE"
+def _classify_risk(reachability: str, summary: str) -> str:
+    if reachability == "UNREACHABLE":
+        return "LOW"
+    if reachability == "POTENTIALLY_REACHABLE":
+        return "MEDIUM"
+    if _CRITICAL_PATTERN.search(summary):
+        return "CRITICAL"
+    if _HIGH_PATTERN.search(summary):
+        return "HIGH"
+    return "HIGH"
+def _build_recommendation(package: str, fixed_version: str, reachability: str) -> str:
+    if reachability == "UNREACHABLE":
+        return "No action needed (unreachable)"
+    if fixed_version:
+        return f"Upgrade {package} to {fixed_version}"
+    return f"Upgrade {package} to a fixed version"

package/plugins/testgen/__init__.py ADDED Viewed

File without changes