@trac3er/oh-my-god 2.0.7 → 2.0.9

package/runtime/artifact_parsers.py

@@ -0,0 +1,161 @@
+from __future__ import annotations
+
+import json
+from pathlib import Path
+from typing import Any
+from xml.etree import ElementTree
+
+
+def parse_junit(path: str) -> dict[str, Any]:
+    file_path = Path(path)
+    if not file_path.exists():
+        return {"valid": False, "summary": {}, "error": "file_not_found"}
+
+    try:
+        root = ElementTree.parse(file_path).getroot()
+    except (ElementTree.ParseError, OSError, ValueError) as exc:
+        return {"valid": False, "summary": {}, "error": f"junit_parse_error:{exc}"}
+
+    root_name = _local_name(root.tag)
+    if root_name not in {"testsuite", "testsuites"}:
+        return {
+            "valid": False,
+            "summary": {"root": root_name},
+            "error": "junit_invalid_root",
+        }
+
+    tests_value = root.attrib.get("tests", "")
+    return {
+        "valid": True,
+        "summary": {"root": root_name, "tests": str(tests_value).strip()},
+        "error": None,
+    }
+
+
+def parse_sarif(path: str) -> dict[str, Any]:
+    payload, error = _load_json(Path(path))
+    if error:
+        return {"valid": False, "summary": {}, "error": error}
+
+    runs = payload.get("runs") if isinstance(payload, dict) else None
+    if not isinstance(runs, list):
+        return {"valid": False, "summary": {}, "error": "sarif_missing_runs"}
+
+    return {
+        "valid": True,
+        "summary": {"runs": len(runs), "version": str(payload.get("version", "")).strip()},
+        "error": None,
+    }
+
+
+def parse_coverage(path: str) -> dict[str, Any]:
+    file_path = Path(path)
+    if not file_path.exists():
+        return {"valid": False, "summary": {}, "error": "file_not_found"}
+
+    xml_result = _parse_coverage_xml(file_path)
+    if xml_result["valid"]:
+        return xml_result
+
+    json_result = _parse_coverage_json(file_path)
+    if json_result["valid"]:
+        return json_result
+
+    return {
+        "valid": False,
+        "summary": {},
+        "error": xml_result.get("error") or json_result.get("error") or "coverage_missing_keys",
+    }
+
+
+def parse_browser_trace(path: str) -> dict[str, Any]:
+    payload, error = _load_json(Path(path))
+    if error:
+        return {"valid": False, "summary": {}, "error": error}
+
+    if not isinstance(payload, dict):
+        return {"valid": False, "summary": {}, "error": "browser_trace_invalid_payload"}
+
+    has_trace = "trace" in payload
+    has_events = isinstance(payload.get("events"), list)
+    if not (has_trace or has_events):
+        return {
+            "valid": False,
+            "summary": {},
+            "error": "browser_trace_missing_trace_or_events",
+        }
+
+    return {
+        "valid": True,
+        "summary": {"has_trace": has_trace, "event_count": len(payload.get("events", [])) if has_events else 0},
+        "error": None,
+    }
+
+
+def parse_diff_hunk(path: str) -> dict[str, Any]:
+    file_path = Path(path)
+    if not file_path.exists():
+        return {"valid": False, "summary": {}, "error": "file_not_found"}
+
+    try:
+        content = file_path.read_text(encoding="utf-8")
+    except (OSError, UnicodeDecodeError) as exc:
+        return {"valid": False, "summary": {}, "error": f"diff_read_error:{exc}"}
+
+    if "@@" not in content:
+        return {"valid": False, "summary": {}, "error": "diff_missing_hunk_marker"}
+
+    hunk_count = content.count("@@") // 2 if content.count("@@") >= 2 else 1
+    return {"valid": True, "summary": {"hunk_count": hunk_count}, "error": None}
+
+
+def _parse_coverage_xml(file_path: Path) -> dict[str, Any]:
+    try:
+        root = ElementTree.parse(file_path).getroot()
+    except (ElementTree.ParseError, OSError, ValueError):
+        return {"valid": False, "summary": {}, "error": "coverage_xml_parse_error"}
+
+    if "line-rate" in root.attrib:
+        return {
+            "valid": True,
+            "summary": {"line-rate": str(root.attrib.get("line-rate", "")).strip()},
+            "error": None,
+        }
+
+    return {"valid": False, "summary": {}, "error": "coverage_missing_line_rate"}
+
+
+def _parse_coverage_json(file_path: Path) -> dict[str, Any]:
+    payload, error = _load_json(file_path)
+    if error:
+        return {"valid": False, "summary": {}, "error": error}
+
+    if not isinstance(payload, dict):
+        return {"valid": False, "summary": {}, "error": "coverage_json_invalid_payload"}
+
+    if "coverage" not in payload:
+        return {"valid": False, "summary": {}, "error": "coverage_missing_coverage_key"}
+
+    return {
+        "valid": True,
+        "summary": {"coverage": payload.get("coverage")},
+        "error": None,
+    }
+
+
+def _load_json(file_path: Path) -> tuple[Any, str | None]:
+    if not file_path.exists():
+        return {}, "file_not_found"
+
+    try:
+        payload = json.loads(file_path.read_text(encoding="utf-8"))
+    except (OSError, UnicodeDecodeError, json.JSONDecodeError) as exc:
+        return {}, f"json_parse_error:{exc}"
+
+    return payload, None
+
+
+def _local_name(tag: str) -> str:
+    if "}" not in tag:
+        return tag
+    return tag.rsplit("}", 1)[-1]

package/runtime/background_verification.py

@@ -0,0 +1,48 @@
+from __future__ import annotations
+
+import json
+from datetime import datetime, timezone
+from pathlib import Path
+from typing import Any
+
+BACKGROUND_VERIFICATION_REL_PATH = Path(".omg") / "state" / "background-verification.json"
+
+_VALID_STATUSES = frozenset({"running", "ok", "error", "blocked"})
+
+
+def publish_verification_state(
+    project_dir: str,
+    run_id: str,
+    status: str,
+    blockers: list[str],
+    evidence_links: list[str],
+    progress: dict[str, Any],
+) -> str:
+    state = {
+        "schema": "BackgroundVerificationState",
+        "schema_version": 2,
+        "run_id": run_id,
+        "status": status if status in _VALID_STATUSES else "error",
+        "blockers": blockers,
+        "evidence_links": evidence_links,
+        "progress": progress,
+        "updated_at": datetime.now(timezone.utc).isoformat(),
+    }
+
+    path = Path(project_dir) / BACKGROUND_VERIFICATION_REL_PATH
+    path.parent.mkdir(parents=True, exist_ok=True)
+    path.write_text(json.dumps(state, indent=2, ensure_ascii=True), encoding="utf-8")
+    return str(path)
+
+
+def read_verification_state(project_dir: str) -> dict[str, Any] | None:
+    path = Path(project_dir) / BACKGROUND_VERIFICATION_REL_PATH
+    if not path.exists():
+        return None
+    try:
+        payload = json.loads(path.read_text(encoding="utf-8"))
+        if isinstance(payload, dict) and payload.get("schema") == "BackgroundVerificationState":
+            return payload
+    except (json.JSONDecodeError, OSError):
+        pass
+    return None

package/runtime/claim_judge.py

@@ -1,15 +1,68 @@
 from __future__ import annotations
 
+import json
+from pathlib import Path
 from typing import Any
 
+from runtime import artifact_parsers
+from runtime.evidence_query import get_evidence_pack
+
+
+def judge_claims(project_dir: str, claims: list[dict[str, Any]]) -> dict[str, Any]:
+    root = Path(project_dir)
+    evidence_dir = root / ".omg" / "evidence"
+    evidence_dir.mkdir(parents=True, exist_ok=True)
+
+    results: list[dict[str, Any]] = []
+    aggregate_tokens: list[str] = []
+
+    for index, claim in enumerate(claims):
+        run_id = str(claim.get("run_id", "")).strip()
+        resolved_claim = dict(claim)
+
+        if run_id:
+            evidence_pack = get_evidence_pack(project_dir, run_id)
+            trace_ids: list[str] = []
+            if isinstance(evidence_pack, dict):
+                trace_ids = _as_non_empty_str_list(evidence_pack.get("trace_ids"))
+            resolved_claim = {
+                **claim,
+                "artifacts": [f".omg/evidence/{run_id}.json"],
+                "trace_ids": trace_ids,
+            }
+
+        result = judge_claim(resolved_claim)
+        result_with_run = {**result, "run_id": run_id}
+        results.append(result_with_run)
+        aggregate_tokens.append(str(result.get("verdict", "")).strip().lower())
+
+        artifact_run_id = run_id or f"unknown-{index + 1}"
+        artifact_path = evidence_dir / f"claim-judge-{_sanitize_run_id(artifact_run_id)}.json"
+        artifact_payload = {
+            "schema": "ClaimJudgeResult",
+            "run_id": run_id,
+            "claim": claim,
+            "result": result,
+        }
+        artifact_path.write_text(json.dumps(artifact_payload, indent=2, sort_keys=True), encoding="utf-8")
+
+    verdict = "pass"
+    if any(token == "fail" for token in aggregate_tokens):
+        verdict = "fail"
+    elif any(token == "block" for token in aggregate_tokens):
+        verdict = "insufficient"
+
+    return {"schema": "ClaimJudgeResults", "verdict": verdict, "results": results}
+
 
 def judge_claim(claim: dict[str, Any]) -> dict[str, Any]:
-    claim_type = str(claim.get("claim_type", "")).strip()
-    subject = str(claim.get("subject", "")).strip()
-    artifacts = _as_non_empty_str_list(claim.get("artifacts"))
-    trace_ids = _as_non_empty_str_list(claim.get("trace_ids"))
-    security_scans = claim.get("security_scans")
-    browser_evidence = claim.get("browser_evidence")
+    normalized_claim = _normalize_claim(claim)
+    claim_type = str(normalized_claim.get("claim_type", "")).strip()
+    subject = str(normalized_claim.get("subject", "")).strip()
+    artifacts = _as_non_empty_str_list(normalized_claim.get("artifacts"))
+    trace_ids = _as_non_empty_str_list(normalized_claim.get("trace_ids"))
+    security_scans = normalized_claim.get("security_scans")
+    browser_evidence = normalized_claim.get("browser_evidence")
 
     reasons: list[dict[str, Any]] = []
 
@@ -49,6 +102,22 @@ def judge_claim(claim: dict[str, Any]) -> dict[str, Any]:
             }
         )
 
+    raw_artifacts = _extract_artifact_dicts(claim)
+    project_dir = str(claim.get("project_dir", "."))
+    for artifact in raw_artifacts:
+        parse_result = parse_artifact_content(artifact=artifact, project_dir=project_dir)
+        if parse_result.get("parsed"):
+            continue
+        kind = str(parse_result.get("kind", "artifact")).strip().lower() or "artifact"
+        error = str(parse_result.get("error", "parse_error")).strip() or "parse_error"
+        reasons.append(
+            {
+                "code": f"artifact_parse_failed_{kind}",
+                "message": f"Artifact content parse failed for {kind}: {error}",
+                "field": "evidence.artifacts",
+            }
+        )
+
     hard_fail_codes = {"missing_artifacts", "missing_trace_ids"}
     if any(reason.get("code") in hard_fail_codes for reason in reasons):
         verdict = "fail"
@@ -66,19 +135,105 @@ def judge_claim(claim: dict[str, Any]) -> dict[str, Any]:
         "evidence": {
             "artifacts": artifacts,
             "trace_ids": trace_ids,
-            "lineage": claim.get("lineage") if isinstance(claim.get("lineage"), dict) else {},
+            "lineage": normalized_claim.get("lineage") if isinstance(normalized_claim.get("lineage"), dict) else {},
             "security_scans": security_scans if isinstance(security_scans, list) else [],
             "browser_evidence": browser_evidence if isinstance(browser_evidence, list) else [],
         },
     }
 
 
+def _normalize_claim(claim: dict[str, Any]) -> dict[str, Any]:
+    evidence = _as_dict(claim.get("evidence"))
+    artifact_refs = _as_non_empty_str_list(claim.get("artifacts"))
+    artifact_refs.extend(_normalize_artifact_records(evidence.get("artifacts")))
+
+    trace_ids = _as_non_empty_str_list(evidence.get("trace_ids"))
+    if not trace_ids:
+        trace_ids = _as_non_empty_str_list(claim.get("trace_ids"))
+
+    claim_lineage = claim.get("lineage")
+    lineage = claim_lineage if isinstance(claim_lineage, dict) else _as_dict(evidence.get("lineage"))
+
+    claim_security_scans = claim.get("security_scans")
+    security_scans = claim_security_scans if isinstance(claim_security_scans, list) else _as_non_empty_dict_list(evidence.get("security_scans"))
+
+    claim_browser_evidence = claim.get("browser_evidence")
+    browser_evidence = claim_browser_evidence if isinstance(claim_browser_evidence, list) else _as_non_empty_dict_list(evidence.get("browser_evidence"))
+
+    return {
+        "schema_version": claim.get("schema_version", 1),
+        "claim_type": claim.get("claim_type", ""),
+        "subject": claim.get("subject", ""),
+        "artifacts": artifact_refs,
+        "trace_ids": trace_ids,
+        "lineage": lineage,
+        "security_scans": security_scans,
+        "browser_evidence": browser_evidence,
+    }
+
+
+def _normalize_artifact_records(value: Any) -> list[str]:
+    if not isinstance(value, list):
+        return []
+
+    refs: list[str] = []
+    for item in value:
+        if isinstance(item, str):
+            cleaned = item.strip()
+            if cleaned:
+                refs.append(cleaned)
+            continue
+        if not isinstance(item, dict):
+            continue
+        for field in ("kind", "path", "sha256", "parser", "summary", "trace_id"):
+            field_value = str(item.get(field, "")).strip()
+            if not field_value:
+                raise ValueError(f"claim_artifact_missing_{field}")
+        refs.append(str(item.get("path", "")).strip())
+    return refs
+
+
+def parse_artifact_content(artifact: dict[str, Any], project_dir: str) -> dict[str, Any]:
+    kind = str(artifact.get("kind", "")).strip().lower()
+    path_value = str(artifact.get("path", "")).strip()
+    if not kind or not path_value:
+        return {"parsed": False, "kind": kind or "unknown", "summary": {}, "error": "missing_kind_or_path"}
+
+    parser = _PARSERS.get(kind)
+    if parser is None:
+        return {"parsed": False, "kind": kind, "summary": {}, "error": "unsupported_artifact_kind"}
+
+    file_path = Path(path_value)
+    if not file_path.is_absolute():
+        file_path = Path(project_dir) / file_path
+
+    parsed = parser(str(file_path))
+    return {
+        "parsed": bool(parsed.get("valid")),
+        "kind": kind,
+        "summary": parsed.get("summary", {}),
+        "error": parsed.get("error"),
+    }
+
+
 def _as_non_empty_str_list(value: Any) -> list[str]:
     if not isinstance(value, list):
         return []
     return [str(item).strip() for item in value if str(item).strip()]
 
 
+def _as_non_empty_dict_list(value: Any) -> list[dict[str, Any]]:
+    if not isinstance(value, list):
+        return []
+    return [item for item in value if isinstance(item, dict)]
+
+
+def _as_dict(value: Any) -> dict[str, Any]:
+    if not isinstance(value, dict):
+        return {}
+    return value
+
+
 def _has_failed_scan(value: Any) -> bool:
     if not isinstance(value, list):
         return False
@@ -93,3 +248,25 @@ def _has_failed_scan(value: Any) -> bool:
         if isinstance(unresolved_risks, list) and unresolved_risks:
             return True
     return False
+
+
+def _extract_artifact_dicts(claim: dict[str, Any]) -> list[dict[str, Any]]:
+    evidence = _as_dict(claim.get("evidence"))
+    raw_artifacts = evidence.get("artifacts")
+    if not isinstance(raw_artifacts, list):
+        return []
+    return [item for item in raw_artifacts if isinstance(item, dict)]
+
+
+_PARSERS: dict[str, Any] = {
+    "junit": artifact_parsers.parse_junit,
+    "sarif": artifact_parsers.parse_sarif,
+    "coverage": artifact_parsers.parse_coverage,
+    "browser_trace": artifact_parsers.parse_browser_trace,
+    "diff_hunk": artifact_parsers.parse_diff_hunk,
+}
+
+
+def _sanitize_run_id(value: str) -> str:
+    cleaned = "".join(ch if ch.isalnum() or ch in {"-", "_", "."} else "-" for ch in value.strip())
+    return cleaned or "unknown"