@tt-a1i/mco 0.1.2

package/runtime/adapters/parsing.py

@@ -0,0 +1,305 @@
+from __future__ import annotations
+
+import json
+import re
+from typing import Any, Dict, List, Optional, Tuple
+
+from ..contracts import Evidence, NormalizedFinding, NormalizeContext, ProviderId
+
+ALLOWED_SEVERITY = {"critical", "high", "medium", "low"}
+ALLOWED_CATEGORY = {"bug", "security", "performance", "maintainability", "test-gap"}
+
+
+def _decode_json_fragments(text: str) -> List[Any]:
+    decoder = json.JSONDecoder()
+    payloads: List[Any] = []
+    index = 0
+    while index < len(text):
+        match = re.search(r"[\{\[]", text[index:])
+        if not match:
+            break
+        start = index + match.start()
+        try:
+            payload, end = decoder.raw_decode(text, start)
+        except json.JSONDecodeError:
+            index = start + 1
+            continue
+        payloads.append(payload)
+        index = end
+    return payloads
+
+
+def _iter_nested_strings(payload: Any) -> List[str]:
+    nested_strings: List[str] = []
+    stack = [payload]
+    while stack:
+        node = stack.pop()
+        if isinstance(node, dict):
+            for value in node.values():
+                if isinstance(value, str):
+                    nested_strings.append(value)
+                elif isinstance(value, (dict, list)):
+                    stack.append(value)
+        elif isinstance(node, list):
+            for value in node:
+                if isinstance(value, str):
+                    nested_strings.append(value)
+                elif isinstance(value, (dict, list)):
+                    stack.append(value)
+    return nested_strings
+
+
+def _looks_like_nested_json_blob(value: str) -> bool:
+    stripped = value.strip()
+    if not stripped:
+        return False
+    lowered = stripped.lower()
+    if stripped.startswith("{") or stripped.startswith("["):
+        return True
+    if "```json" in lowered:
+        return True
+    if "findings" in lowered and ("{" in stripped or "}" in stripped):
+        return True
+    return False
+
+
+def extract_json_payloads(text: str) -> List[Any]:
+    payloads: List[Any] = []
+    seen_signatures = set()
+
+    def add_payload(payload: Any) -> bool:
+        try:
+            signature = json.dumps(payload, sort_keys=True, ensure_ascii=True)
+        except Exception:
+            signature = repr(payload)
+        if signature in seen_signatures:
+            return False
+        seen_signatures.add(signature)
+        payloads.append(payload)
+        return True
+
+    stripped = text.strip()
+    if not stripped:
+        return payloads
+
+    for payload in _decode_json_fragments(stripped):
+        add_payload(payload)
+
+    for match in re.findall(r"```json\s*(.*?)\s*```", text, flags=re.DOTALL | re.IGNORECASE):
+        for payload in _decode_json_fragments(match):
+            add_payload(payload)
+
+    for line in text.splitlines():
+        candidate = line.strip()
+        if not candidate:
+            continue
+        for payload in _decode_json_fragments(candidate):
+            add_payload(payload)
+
+    # Recursively extract contract payloads from event-stream text fields.
+    index = 0
+    while index < len(payloads):
+        payload = payloads[index]
+        index += 1
+        for nested_text in _iter_nested_strings(payload):
+            if not _looks_like_nested_json_blob(nested_text):
+                continue
+            for nested_payload in _decode_json_fragments(nested_text):
+                add_payload(nested_payload)
+
+    return payloads
+
+
+def _validate_finding_item(item: Any) -> Tuple[bool, Optional[Dict[str, Any]]]:
+    if not isinstance(item, dict):
+        return (False, None)
+    required = {"finding_id", "severity", "category", "title", "evidence", "recommendation", "confidence", "fingerprint"}
+    if not required.issubset(item.keys()):
+        return (False, None)
+    if item.get("severity") not in ALLOWED_SEVERITY:
+        return (False, None)
+    if item.get("category") not in ALLOWED_CATEGORY:
+        return (False, None)
+    if not isinstance(item.get("title"), str):
+        return (False, None)
+    if not isinstance(item.get("recommendation"), str):
+        return (False, None)
+    if not isinstance(item.get("confidence"), (int, float)):
+        return (False, None)
+    evidence = item.get("evidence")
+    if not isinstance(evidence, dict):
+        return (False, None)
+    if not isinstance(evidence.get("file"), str):
+        return (False, None)
+    if not isinstance(evidence.get("snippet"), str):
+        return (False, None)
+    line = evidence.get("line")
+    if line is not None and not isinstance(line, int):
+        return (False, None)
+    symbol = evidence.get("symbol")
+    if symbol is not None and not isinstance(symbol, str):
+        return (False, None)
+    return (True, item)
+
+
+def inspect_contract_output(text: str) -> Dict[str, Any]:
+    """
+    Strict contract validation for output shaped as:
+    {"findings": [ ... ]}.
+    """
+    candidates: List[Dict[str, Any]] = []
+
+    for index, payload in enumerate(extract_json_payloads(text)):
+        if not isinstance(payload, dict):
+            continue
+        if "findings" not in payload:
+            continue
+
+        valid_findings: List[Dict[str, Any]] = []
+        dropped_count = 0
+        findings = payload.get("findings")
+        if not isinstance(findings, list):
+            dropped_count += 1
+        else:
+            for item in findings:
+                ok, normalized = _validate_finding_item(item)
+                if ok and normalized is not None:
+                    valid_findings.append(normalized)
+                else:
+                    dropped_count += 1
+
+        candidates.append(
+            {
+                "index": index,
+                "valid_findings": valid_findings,
+                "valid_count": len(valid_findings),
+                "dropped_count": dropped_count,
+                "parse_ok": dropped_count == 0,
+            }
+        )
+
+    has_contract_envelope = len(candidates) > 0
+    if not has_contract_envelope:
+        return {
+            "parse_ok": False,
+            "has_contract_envelope": False,
+            "schema_valid_count": 0,
+            "dropped_count": 0,
+            "findings": [],
+            "parse_reason": "no_contract_envelope",
+            "candidate_count": 0,
+        }
+
+    best = max(
+        candidates,
+        key=lambda item: (
+            1 if item["parse_ok"] else 0,
+            int(item["valid_count"]),
+            -int(item["dropped_count"]),
+            int(item["index"]),
+        ),
+    )
+    parse_reason = "ok" if best["parse_ok"] else ("schema_invalid" if best["dropped_count"] > 0 else "no_valid_findings")
+
+    return {
+        "parse_ok": bool(best["parse_ok"]),
+        "has_contract_envelope": True,
+        "schema_valid_count": int(best["valid_count"]),
+        "dropped_count": int(best["dropped_count"]),
+        "findings": list(best["valid_findings"]),
+        "parse_reason": parse_reason,
+        "candidate_count": len(candidates),
+    }
+
+
+def _extract_findings(payload: Any) -> List[Dict[str, Any]]:
+    if isinstance(payload, list):
+        return [item for item in payload if isinstance(item, dict)]
+    if isinstance(payload, dict):
+        findings = payload.get("findings")
+        if isinstance(findings, list):
+            return [item for item in findings if isinstance(item, dict)]
+        if all(k in payload for k in ("severity", "category", "title")):
+            return [payload]
+    return []
+
+
+def _as_optional_int(value: Any) -> Optional[int]:
+    if value is None:
+        return None
+    if isinstance(value, int):
+        return value
+    if isinstance(value, str) and value.isdigit():
+        return int(value)
+    return None
+
+
+def normalize_findings_from_text(text: str, ctx: NormalizeContext, provider: ProviderId) -> List[NormalizedFinding]:
+    normalized: List[NormalizedFinding] = []
+    seen_ids = set()
+
+    contract_info = inspect_contract_output(text)
+    findings_source = contract_info["findings"] if contract_info["has_contract_envelope"] else []
+
+    if findings_source:
+        source_items = findings_source
+    else:
+        source_items = []
+        for payload in extract_json_payloads(text):
+            source_items.extend(_extract_findings(payload))
+
+    for item in source_items:
+        severity = item.get("severity")
+        category = item.get("category")
+        title = item.get("title")
+        evidence = item.get("evidence")
+        recommendation = item.get("recommendation")
+        confidence = item.get("confidence")
+
+        if not isinstance(severity, str) or not isinstance(category, str) or not isinstance(title, str):
+            continue
+        if severity not in ALLOWED_SEVERITY or category not in ALLOWED_CATEGORY:
+            continue
+        if not isinstance(evidence, dict):
+            continue
+        if not isinstance(recommendation, str):
+            recommendation = ""
+        if not isinstance(confidence, (int, float)):
+            confidence = 0.0
+
+        file_path = evidence.get("file")
+        snippet = evidence.get("snippet")
+        if not isinstance(file_path, str) or not isinstance(snippet, str):
+            continue
+
+        finding_id = str(item.get("finding_id") or item.get("id") or "")
+        if not finding_id:
+            finding_id = f"{provider}:{len(normalized) + 1}"
+        if finding_id in seen_ids:
+            continue
+        seen_ids.add(finding_id)
+
+        fingerprint = str(item.get("fingerprint") or f"{provider}:{title}:{file_path}:{evidence.get('line')}")
+
+        normalized.append(
+            NormalizedFinding(
+                task_id=ctx.task_id,
+                provider=provider,
+                finding_id=finding_id,
+                severity=severity,  # type: ignore[arg-type]
+                category=category,  # type: ignore[arg-type]
+                title=title,
+                evidence=Evidence(
+                    file=file_path,
+                    line=_as_optional_int(evidence.get("line")),
+                    snippet=snippet,
+                    symbol=evidence.get("symbol") if isinstance(evidence.get("symbol"), str) else None,
+                ),
+                recommendation=recommendation,
+                confidence=max(0.0, min(1.0, float(confidence))),
+                fingerprint=fingerprint,
+                raw_ref=ctx.raw_ref,
+            )
+        )
+
+    return normalized

package/runtime/adapters/qwen.py

@@ -0,0 +1,38 @@
+from __future__ import annotations
+
+from typing import Any, List
+
+from ..contracts import CapabilitySet, NormalizeContext, NormalizedFinding, TaskInput
+from .parsing import normalize_findings_from_text
+from .shim import ShimAdapterBase
+
+
+class QwenAdapter(ShimAdapterBase):
+    def __init__(self) -> None:
+        super().__init__(
+            provider_id="qwen",
+            binary_name="qwen",
+            capability_set=CapabilitySet(
+                tiers=["C0", "C1", "C2", "C3"],
+                supports_native_async=False,
+                supports_poll_endpoint=False,
+                supports_resume_after_restart=True,
+                supports_schema_enforcement=False,
+                min_supported_version="0.10.6",
+                tested_os=["macos"],
+            ),
+        )
+
+    def _auth_check_command(self, binary: str) -> List[str]:
+        return [binary, "Reply with exactly OK", "--output-format", "text", "--auth-type", "qwen-oauth"]
+
+    def _build_command(self, input_task: TaskInput) -> List[str]:
+        return ["qwen", input_task.prompt, "--output-format", "json", "--auth-type", "qwen-oauth"]
+
+    def _build_command_for_record(self) -> List[str]:
+        return ["qwen", "<prompt>", "--output-format", "json", "--auth-type", "qwen-oauth"]
+
+    def normalize(self, raw: Any, ctx: NormalizeContext) -> List[NormalizedFinding]:
+        text = raw if isinstance(raw, str) else ""
+        return normalize_findings_from_text(text, ctx, "qwen")
+

package/runtime/adapters/shim.py

@@ -0,0 +1,251 @@
+from __future__ import annotations
+
+import json
+import os
+import signal
+import subprocess
+import time
+import uuid
+from dataclasses import dataclass
+from datetime import datetime, timezone
+from pathlib import Path
+from typing import Dict, List, Optional, TextIO
+
+from ..artifacts import expected_paths
+from ..contracts import (
+    CapabilitySet,
+    NormalizeContext,
+    NormalizedFinding,
+    ProviderId,
+    ProviderPresence,
+    TaskInput,
+    TaskRunRef,
+    TaskStatus,
+)
+from ..errors import classify_error, detect_warnings
+from ..types import ErrorKind
+
+
+def now_iso() -> str:
+    return datetime.now(timezone.utc).isoformat()
+
+
+@dataclass
+class ShimRunHandle:
+    process: subprocess.Popen[str]
+    stdout_path: Path
+    stderr_path: Path
+    provider_result_path: Path
+    stdout_file: TextIO
+    stderr_file: TextIO
+
+
+class ShimAdapterBase:
+    id: ProviderId
+
+    def __init__(self, provider_id: ProviderId, binary_name: str, capability_set: CapabilitySet) -> None:
+        self.id = provider_id
+        self.binary_name = binary_name
+        self._capability_set = capability_set
+        self._runs: Dict[str, ShimRunHandle] = {}
+
+    def detect(self) -> ProviderPresence:
+        binary = self._resolve_binary()
+        if not binary:
+            return ProviderPresence(
+                provider=self.id,
+                detected=False,
+                binary_path=None,
+                version=None,
+                auth_ok=False,
+                reason="binary_not_found",
+            )
+
+        version = self._probe_version(binary)
+        auth_ok = self._probe_auth(binary)
+        return ProviderPresence(
+            provider=self.id,
+            detected=True,
+            binary_path=binary,
+            version=version,
+            auth_ok=auth_ok,
+            reason="ok" if auth_ok else "auth_check_failed",
+        )
+
+    def capabilities(self) -> CapabilitySet:
+        return self._capability_set
+
+    def supported_permission_keys(self) -> List[str]:
+        return []
+
+    def run(self, input_task: TaskInput) -> TaskRunRef:
+        command_override = input_task.metadata.get("command_override")
+        cmd = command_override if isinstance(command_override, list) else self._build_command(input_task)
+        if not isinstance(cmd, list) or not cmd:
+            raise ValueError("adapter run command is empty")
+
+        artifact_root = str(input_task.metadata.get("artifact_root", "/tmp/mco"))
+        paths = expected_paths(artifact_root, input_task.task_id, (self.id,))
+        root = paths["root"]
+        paths["providers_dir"].mkdir(parents=True, exist_ok=True)
+        paths["raw_dir"].mkdir(parents=True, exist_ok=True)
+
+        stdout_path = paths[f"raw/{self.id}.stdout.log"]
+        stderr_path = paths[f"raw/{self.id}.stderr.log"]
+        provider_result_path = paths[f"providers/{self.id}.json"]
+        run_id = f"{self.id}-{uuid.uuid4().hex[:12]}"
+
+        stdout_file = stdout_path.open("w", encoding="utf-8")
+        stderr_file = stderr_path.open("w", encoding="utf-8")
+        process = subprocess.Popen(
+            cmd,
+            cwd=input_task.repo_root,
+            stdout=stdout_file,
+            stderr=stderr_file,
+            text=True,
+            start_new_session=True,
+        )
+        self._runs[run_id] = ShimRunHandle(
+            process=process,
+            stdout_path=stdout_path,
+            stderr_path=stderr_path,
+            provider_result_path=provider_result_path,
+            stdout_file=stdout_file,
+            stderr_file=stderr_file,
+        )
+        return TaskRunRef(
+            task_id=input_task.task_id,
+            provider=self.id,
+            run_id=run_id,
+            artifact_path=str(root),
+            started_at=now_iso(),
+            pid=process.pid,
+            session_id=None,
+        )
+
+    def poll(self, ref: TaskRunRef) -> TaskStatus:
+        handle = self._runs.get(ref.run_id)
+        if handle is None:
+            return TaskStatus(
+                task_id=ref.task_id,
+                provider=self.id,
+                run_id=ref.run_id,
+                attempt_state="EXPIRED",
+                completed=True,
+                heartbeat_at=None,
+                output_path=None,
+                error_kind=ErrorKind.NON_RETRYABLE_INVALID_INPUT,
+                exit_code=None,
+                message="run_handle_not_found",
+            )
+
+        return_code = handle.process.poll()
+        if return_code is None:
+            return TaskStatus(
+                task_id=ref.task_id,
+                provider=self.id,
+                run_id=ref.run_id,
+                attempt_state="STARTED",
+                completed=False,
+                heartbeat_at=now_iso(),
+                output_path=str(handle.provider_result_path),
+                error_kind=None,
+                exit_code=None,
+                message="running",
+            )
+
+        try:
+            handle.stdout_file.close()
+            handle.stderr_file.close()
+        except Exception:
+            pass
+
+        stdout_text = handle.stdout_path.read_text(encoding="utf-8") if handle.stdout_path.exists() else ""
+        stderr_text = handle.stderr_path.read_text(encoding="utf-8") if handle.stderr_path.exists() else ""
+        success = self._is_success(return_code, stdout_text, stderr_text)
+        error_kind = None if success else classify_error(return_code, stderr_text)
+        warnings = [warning.value for warning in detect_warnings(stderr_text)]
+
+        payload = {
+            "provider": self.id,
+            "task_id": ref.task_id,
+            "run_id": ref.run_id,
+            "pid": ref.pid,
+            "command": self._build_command_for_record(),
+            "started_at": ref.started_at,
+            "completed_at": now_iso(),
+            "exit_code": return_code,
+            "success": success,
+            "error_kind": error_kind.value if error_kind else None,
+            "warnings": warnings,
+            "stdout_path": str(handle.stdout_path),
+            "stderr_path": str(handle.stderr_path),
+        }
+        handle.provider_result_path.write_text(json.dumps(payload, ensure_ascii=True, indent=2), encoding="utf-8")
+
+        return TaskStatus(
+            task_id=ref.task_id,
+            provider=self.id,
+            run_id=ref.run_id,
+            attempt_state="SUCCEEDED" if success else "FAILED",
+            completed=True,
+            heartbeat_at=now_iso(),
+            output_path=str(handle.provider_result_path),
+            error_kind=error_kind,
+            exit_code=return_code,
+            message="completed",
+        )
+
+    def cancel(self, ref: TaskRunRef) -> None:
+        handle = self._runs.get(ref.run_id)
+        if handle is None:
+            return
+        if handle.process.poll() is not None:
+            return
+        try:
+            os.killpg(os.getpgid(handle.process.pid), signal.SIGTERM)
+        except ProcessLookupError:
+            return
+        time.sleep(0.2)
+        if handle.process.poll() is None:
+            try:
+                os.killpg(os.getpgid(handle.process.pid), signal.SIGKILL)
+            except ProcessLookupError:
+                return
+
+    def normalize(self, raw: object, ctx: NormalizeContext) -> List[NormalizedFinding]:
+        raise NotImplementedError
+
+    def _resolve_binary(self) -> Optional[str]:
+        result = subprocess.run(
+            ["bash", "-lc", f"command -v {self.binary_name}"],
+            capture_output=True,
+            text=True,
+            check=False,
+        )
+        value = result.stdout.strip()
+        return value if value else None
+
+    def _probe_version(self, binary: str) -> Optional[str]:
+        result = subprocess.run([binary, "--version"], capture_output=True, text=True, check=False)
+        lines = (result.stdout or result.stderr).splitlines()
+        return lines[-1].strip() if lines else None
+
+    def _probe_auth(self, binary: str) -> bool:
+        cmd = self._auth_check_command(binary)
+        result = subprocess.run(cmd, capture_output=True, text=True, check=False)
+        return result.returncode == 0
+
+    def _auth_check_command(self, binary: str) -> List[str]:
+        raise NotImplementedError
+
+    def _build_command(self, input_task: TaskInput) -> List[str]:
+        raise NotImplementedError
+
+    def _build_command_for_record(self) -> List[str]:
+        return []
+
+    def _is_success(self, return_code: int, stdout_text: str, stderr_text: str) -> bool:
+        _ = stdout_text
+        _ = stderr_text
+        return return_code == 0

package/runtime/artifacts.py

@@ -0,0 +1,40 @@
+from __future__ import annotations
+
+from pathlib import Path
+from typing import Dict, Iterable
+
+from .contracts import ProviderId
+
+
+ARTIFACT_LAYOUT_VERSION = "stage-a-v1"
+ROOT_FILES = ("summary.md", "decision.md", "findings.json", "run.json")
+ROOT_DIRS = ("providers", "raw")
+
+
+def task_artifact_root(base_dir: str, task_id: str) -> Path:
+    return Path(base_dir) / task_id
+
+
+def provider_artifact_name(provider: ProviderId) -> str:
+    return f"{provider}.json"
+
+
+def expected_paths(base_dir: str, task_id: str, providers: Iterable[ProviderId]) -> Dict[str, Path]:
+    root = task_artifact_root(base_dir, task_id)
+    paths: Dict[str, Path] = {"root": root}
+
+    for filename in ROOT_FILES:
+        paths[filename] = root / filename
+
+    providers_dir = root / "providers"
+    raw_dir = root / "raw"
+    paths["providers_dir"] = providers_dir
+    paths["raw_dir"] = raw_dir
+
+    for provider in providers:
+        paths[f"providers/{provider}.json"] = providers_dir / provider_artifact_name(provider)
+        paths[f"raw/{provider}.stdout.log"] = raw_dir / f"{provider}.stdout.log"
+        paths[f"raw/{provider}.stderr.log"] = raw_dir / f"{provider}.stderr.log"
+
+    return paths
+