archrisk-engine 1.0.0

package/src/analyzer.ts

@@ -0,0 +1,124 @@
+import { spawn } from 'child_process';
+import * as path from 'path';
+import * as fs from 'fs';
+import { tmpdir } from 'os';
+import { randomBytes } from 'crypto';
+
+/**
+ * [The Eye] Error Capture Engine (TypeScript Version)
+ * 
+ * Intercepts Python syntax/runtime errors.
+ */
+
+export interface AnalysisResult {
+    hasError: boolean;
+    error?: string;
+    line?: number;
+    type?: string;
+    file?: string;
+}
+
+/**
+ * Analyze Python code string for syntax errors and security risks
+ * @param code - Python source code
+ * @param fileName - Original filename for context
+ */
+export async function analyzePythonCode(code: string, fileName: string): Promise<AnalysisResult> {
+    // 1. Architecture Health Scan (God Module / Large File)
+    const lines = code.split('\n');
+    if (lines.length > 800) {
+        return {
+            hasError: true,
+            error: `Large File Risk: ${lines.length} lines. 이 파일의 수정은 시스템 전반에 예측 불가능한 영향을 미칠 수 있습니다.`,
+            line: 1,
+            type: 'ProductionRisk',
+            file: fileName
+        };
+    }
+
+    // 2. Risk Scan (Operational & Production Readiness)
+    const riskResult = scanForRisks(code, fileName);
+    if (riskResult.hasError) {
+        return riskResult;
+    }
+
+    // 3. Syntax Check
+    const flatFileName = fileName.replace(/[\/\\]/g, '_');
+    const tempFilePath = path.join(tmpdir(), `arch_risk_${randomBytes(4).toString('hex')}_${flatFileName}`);
+
+    try {
+        fs.writeFileSync(tempFilePath, code);
+
+        return new Promise((resolve) => {
+            const proc = spawn('python3', ['-m', 'py_compile', tempFilePath]);
+
+            let stderr = '';
+            proc.stderr.on('data', (data) => {
+                stderr += data.toString();
+            });
+
+            proc.on('close', (code) => {
+                if (code !== 0) {
+                    const errorInfo = parseErrorMessage(stderr, fileName);
+                    resolve({
+                        hasError: true,
+                        ...errorInfo
+                    });
+                } else {
+                    resolve({ hasError: false });
+                }
+
+                // Cleanup temp file
+                if (fs.existsSync(tempFilePath)) fs.unlinkSync(tempFilePath);
+            });
+
+            setTimeout(() => {
+                proc.kill();
+                resolve({ hasError: false, error: 'Analysis timeout' });
+                if (fs.existsSync(tempFilePath)) fs.unlinkSync(tempFilePath);
+            }, 5000);
+        });
+    } catch (error: any) {
+        return { hasError: true, error: error.message };
+    }
+}
+
+function scanForRisks(code: string, fileName: string): AnalysisResult {
+    const risks = [
+        { pattern: /os\.system\(/, type: 'SecurityRisk', message: '[보안] os.system() 사용이 감지되었습니다. 외부 공격에 노출될 위험이 있습니다.' },
+        { pattern: /subprocess\.(popen|run|call|check_output)\(.*shell\s*=\s*True/, type: 'SecurityRisk', message: '[보안] shell=True 옵션은 명령어 주입 공격의 통로가 될 수 있습니다.' },
+        { pattern: /eval\(|exec\(/, type: 'SecurityRisk', message: '[보안] 동적 코드 실행 함수 사용은 잠재적인 보안 홀을 형성합니다.' },
+        { pattern: /requests\.(get|post|put|delete|patch)\((?!.*timeout=)/, type: 'ProductionRisk', message: '[운영] 외부 API 호출 시 timeout 설정이 없습니다. 장애 발생 시 서비스가 무한 대기에 빠질 수 있습니다.' },
+        { pattern: /aiohttp\.ClientSession\(\).*(get|post|put|delete|patch)\((?!.*timeout=)/, type: 'ProductionRisk', message: '[운영] 비동기 호출 시 timeout 설정이 없습니다. 시스템 리소스 고갈의 원인이 됩니다.' },
+        { pattern: /(?:api_key|password|secret|token)\s*=\s*['"][a-zA-Z0-9_-]{10,}['"]/, type: 'ProductionRisk', message: '[운영] 민감 정보(API Key/Password)가 코드 내에 하드코딩 되어 있습니다. 보안 사고의 직접적인 원인입니다.' },
+    ];
+
+    const lines = code.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        for (const risk of risks) {
+            if (risk.pattern.test(lines[i])) {
+                return {
+                    hasError: true,
+                    error: risk.message,
+                    line: i + 1,
+                    type: risk.type,
+                    file: fileName
+                };
+            }
+        }
+    }
+
+    return { hasError: false };
+}
+
+function parseErrorMessage(stderr: string, fileName: string) {
+    const lineMatch = stderr.match(/line (\d+)/);
+    const typeMatch = stderr.match(/(\w+Error):/);
+
+    return {
+        error: stderr.trim(),
+        line: lineMatch ? parseInt(lineMatch[1]) : undefined,
+        type: typeMatch ? typeMatch[1] : 'SyntaxError',
+        file: fileName
+    };
+}

package/src/archScanner.ts

@@ -0,0 +1,227 @@
+import * as fs from 'fs';
+import * as path from 'path';
+
+/**
+ * [Phase 8] Architecture Scanner - Ported from Code Observatory
+ */
+
+export interface ArchIssue {
+    id: string;
+    severity: 'WARN' | 'ERROR';
+    ruleId: string;
+    title: string;
+    details: string;
+    relatedPaths?: string[];
+    metrics?: any;
+}
+
+export interface ArchNode {
+    id: string;
+    kind: 'project' | 'folder' | 'file' | 'hotspot' | 'cycle';
+    label: string;
+    health: 'OK' | 'WARN' | 'ERROR';
+    path: string;
+    metrics: any;
+    issues?: string[];
+}
+
+export interface ArchEdge {
+    id: string;
+    source: string;
+    target: string;
+    type: 'contains' | 'imports';
+}
+
+export interface ArchScanResult {
+    scanId: string;
+    rootPath: string;
+    createdAt: number;
+    health: 'OK' | 'WARN' | 'ERROR';
+    nodes: ArchNode[];
+    edges: ArchEdge[];
+    issues: ArchIssue[];
+    phase: 'FAST' | 'DEPS' | 'DONE';
+}
+
+function safeId(prefix = 'id') {
+    return `${prefix}_${Date.now()}_${Math.random().toString(16).slice(2)}`;
+}
+
+function isTextFile(p: string) {
+    const ext = path.extname(p).toLowerCase();
+    return ['.js', '.jsx', '.ts', '.tsx', '.mjs', '.cjs', '.json', '.py'].includes(ext);
+}
+
+function isSkippableDir(name: string) {
+    return ['node_modules', '.git', '.next', 'dist', 'build', 'out', '.turbo', '__pycache__', 'venv', '.venv'].includes(name);
+}
+
+function suspiciousFolderName(name: string) {
+    const n = name.toLowerCase();
+    return ['temp', 'tmp', 'backup', 'bak', 'old', 'new', 'new2', 'final', 'final_final', 'copy'].some(k => n.includes(k));
+}
+
+function countLOC(text: string) {
+    return text.split(/\r?\n/).length;
+}
+
+export function fastScan(rootPath: string): ArchScanResult {
+    const start = Date.now();
+    let fileCount = 0;
+    let dirCount = 0;
+    let rootFiles = 0;
+    let maxDepth = 0;
+    let suspiciousDirs: string[] = [];
+    const hotspots: { filePath: string; loc: number }[] = [];
+
+    function walk(dir: string, depth: number) {
+        maxDepth = Math.max(maxDepth, depth);
+        let entries;
+        try {
+            entries = fs.readdirSync(dir, { withFileTypes: true });
+        } catch { return; }
+
+        for (const ent of entries) {
+            const full = path.join(dir, ent.name);
+            if (ent.isDirectory()) {
+                if (isSkippableDir(ent.name)) continue;
+                dirCount++;
+                if (suspiciousFolderName(ent.name)) suspiciousDirs.push(full);
+                walk(full, depth + 1);
+            } else if (ent.isFile()) {
+                fileCount++;
+                if (dir === rootPath) rootFiles++;
+                if (isTextFile(full)) {
+                    try {
+                        const txt = fs.readFileSync(full, 'utf8');
+                        const loc = countLOC(txt);
+                        if (loc >= 800) hotspots.push({ filePath: full, loc });
+                    } catch { }
+                }
+            }
+        }
+    }
+
+    walk(rootPath, 0);
+
+    const scanId = safeId('scan');
+    const issues: ArchIssue[] = [];
+    const nodes: ArchNode[] = [];
+    const edges: ArchEdge[] = [];
+    let overall: 'OK' | 'WARN' | 'ERROR' = 'OK';
+
+    if (rootFiles > 60) {
+        overall = 'WARN';
+        issues.push({ id: safeId('issue'), severity: 'WARN', ruleId: 'root-files', title: 'Root is cluttered', details: `Root directory has ${rootFiles} files. Consider moving code under src/.`, metrics: { rootFiles } });
+    }
+    if (maxDepth > 10) {
+        if (overall === 'OK') overall = 'WARN';
+        issues.push({ id: safeId('issue'), severity: 'WARN', ruleId: 'deep-nesting', title: 'Deep directory nesting', details: `Max directory depth is ${maxDepth}.`, metrics: { maxDepth } });
+    }
+    if (suspiciousDirs.length >= 2) {
+        if (overall === 'OK') overall = 'WARN';
+        issues.push({ id: safeId('issue'), severity: 'WARN', ruleId: 'suspicious-folders', title: 'Suspicious folders found', details: `Found folders like temp/backup/etc.`, relatedPaths: suspiciousDirs.slice(0, 10).map(p => path.relative(rootPath, p)), metrics: { count: suspiciousDirs.length } });
+    }
+    if (hotspots.length >= 3) {
+        if (overall === 'OK') overall = 'WARN';
+        issues.push({ id: safeId('issue'), severity: 'WARN', ruleId: 'hotspots', title: 'Large files (hotspots)', details: `Found ${hotspots.length} files with LOC >= 800.`, relatedPaths: hotspots.slice(0, 10).map(h => path.relative(rootPath, h.filePath)), metrics: { hotspots: hotspots.length } });
+    }
+
+    nodes.push({ id: 'ARCH_PROJECT', kind: 'project', label: path.basename(rootPath) || 'PROJECT', health: overall, path: rootPath, metrics: { fileCount, dirCount, rootFiles, maxDepth, ms: Date.now() - start }, issues: issues.map(i => i.id) });
+
+    return { scanId, rootPath, createdAt: Date.now(), health: overall, nodes, edges, issues, phase: 'FAST' };
+}
+
+// --- DEPS SCAN ---
+function parseRelativeImports(fileText: string) {
+    const imports: string[] = [];
+    const re1 = /import\s+[^'"]*['"]([^'"]+)['"]/g;
+    const re2 = /require\(\s*['"]([^'"]+)['"]\s*\)/g;
+    const re3 = /from\s+['"]([^'"]+)['"]\s+import/g; // Python style
+    let m;
+    while ((m = re1.exec(fileText))) imports.push(m[1]);
+    while ((m = re2.exec(fileText))) imports.push(m[1]);
+    while ((m = re3.exec(fileText))) imports.push(m[1]);
+    return imports.filter(s => s.startsWith('./') || s.startsWith('../') || s.includes('.'));
+}
+
+function resolveImport(fromFile: string, spec: string) {
+    const base = path.resolve(path.dirname(fromFile), spec);
+    const candidates = [
+        base,
+        base + '.py', base + '.ts', base + '.tsx', base + '.js', base + '.jsx',
+        path.join(base, '__init__.py'), path.join(base, 'index.ts'), path.join(base, 'index.js')
+    ];
+    for (const c of candidates) {
+        if (fs.existsSync(c) && fs.statSync(c).isFile()) return c;
+    }
+    return null;
+}
+
+export function depsScan(rootPath: string): { adj: Map<string, Set<string>>, cycles: string[][] } {
+    const files: string[] = [];
+    function walk(dir: string) {
+        let entries;
+        try { entries = fs.readdirSync(dir, { withFileTypes: true }); } catch { return; }
+        for (const ent of entries) {
+            const full = path.join(dir, ent.name);
+            if (ent.isDirectory()) { if (isSkippableDir(ent.name)) continue; walk(full); }
+            else if (ent.isFile() && isTextFile(full)) files.push(full);
+        }
+    }
+    walk(rootPath);
+
+    const adj = new Map<string, Set<string>>();
+    for (const f of files) {
+        let txt;
+        try { txt = fs.readFileSync(f, 'utf8'); } catch { continue; }
+        const specs = parseRelativeImports(txt);
+        for (const spec of specs) {
+            const resolved = resolveImport(f, spec);
+            if (!resolved) continue;
+            if (!adj.has(f)) adj.set(f, new Set());
+            adj.get(f)!.add(resolved);
+        }
+    }
+
+    const visited = new Set<string>();
+    const stack = new Set<string>();
+    const parent = new Map<string, string>();
+    const cycles: string[][] = [];
+
+    function dfs(u: string) {
+        visited.add(u);
+        stack.add(u);
+        const nbrs = adj.get(u);
+        if (nbrs) {
+            for (const v of nbrs) {
+                if (!visited.has(v)) {
+                    parent.set(v, u);
+                    dfs(v);
+                } else if (stack.has(v)) {
+                    const cycle = [v];
+                    let cur: string | undefined = u;
+                    while (cur && cur !== v && cycle.length < 50) {
+                        cycle.push(cur);
+                        cur = parent.get(cur);
+                    }
+                    cycle.push(v);
+                    cycle.reverse();
+                    cycles.push(cycle);
+                }
+            }
+        }
+        stack.delete(u);
+    }
+
+    for (const f of adj.keys()) {
+        if (!visited.has(f)) dfs(f);
+    }
+
+    return { adj, cycles };
+}
+
+/**
+ * Note: Full DEPS scan requires complex dependency resolution logic.
+ * For now, we provide the FAST scan as the baseline for the GitHub App.
+ */

package/src/deepAnalysis.ts

@@ -0,0 +1,85 @@
+import { GoogleGenerativeAI } from '@google/generative-ai';
+import * as fs from 'fs-extra';
+import * as path from 'path';
+
+export interface DeepAnalysisResult {
+    summary: string;
+    refactoringGuides: {
+        file: string;
+        description: string;
+        suggestion: string;
+    }[];
+    techDebtScore: number;
+}
+
+export async function runDeepAnalysis(
+    repoDir: string,
+    provider: string,
+    apiKey: string
+): Promise<DeepAnalysisResult> {
+    if (provider !== 'GEMINI') {
+        throw new Error(`Provider ${provider} is not yet supported in Deep Analysis.`);
+    }
+
+    const genAI = new GoogleGenerativeAI(apiKey);
+    const model = genAI.getGenerativeModel({ model: 'gemini-1.5-flash' });
+
+    // Gather some context (simplified for MVP)
+    const files = await getRelevantFiles(repoDir);
+    const codeContext = await Promise.all(files.map(async f => {
+        const content = await fs.readFile(f, 'utf8');
+        return `File: ${path.relative(repoDir, f)}\nContent:\n${content.substring(0, 1000)}...`;
+    }));
+
+    const prompt = `
+    You are an expert Software Architect. Analyze the following project for:
+    1. Code smells and anti-patterns.
+    2. Specific refactoring suggestions.
+    3. Technical debt estimation.
+
+    Project Context:
+    ${codeContext.join('\n\n')}
+
+    Return JSON format:
+    {
+      "summary": "High level overview",
+      "refactoringGuides": [
+        {"file": "filename", "description": "why it needs refactoring", "suggestion": "how to refactor"}
+      ],
+      "techDebtScore": 0-100
+    }
+  `;
+
+    const result = await model.generateContent(prompt);
+    const response = await result.response;
+    const text = response.text();
+
+    try {
+        const jsonStr = text.match(/\{[\s\S]*\}/)?.[0] || '{}';
+        return JSON.parse(jsonStr);
+    } catch (e) {
+        return {
+            summary: "AI analysis completed but failed to parse structured data.",
+            refactoringGuides: [],
+            techDebtScore: 50
+        };
+    }
+}
+
+async function getRelevantFiles(dir: string): Promise<string[]> {
+    const allFiles: string[] = [];
+    const items = await fs.readdir(dir);
+
+    for (const item of items) {
+        if (item === 'node_modules' || item.startsWith('.')) continue;
+        const fullPath = path.join(dir, item);
+        const stat = await fs.stat(fullPath);
+        if (stat.isDirectory()) {
+            allFiles.push(...await getRelevantFiles(fullPath));
+        } else if (item.endsWith('.py') || item.endsWith('.ts') || item.endsWith('.js')) {
+            allFiles.push(fullPath);
+        }
+    }
+
+    return allFiles.slice(0, 5); // MVP: Limit to 5 files for context
+}

package/src/index.ts

@@ -0,0 +1,5 @@
+export * from './analyzer.js';
+export * from './aiDiagnosis.js';
+export * from './archScanner.js';
+export * from './repoAnalyzer.js';
+export * from './deepAnalysis.js';