attune-ai 2.1.5__py3-none-any.whl → 2.2.0__py3-none-any.whl

attune/workflows/parsing_mixin.py

@@ -0,0 +1,427 @@
+"""Response parsing mixin for workflow classes.
+
+This module provides methods for parsing and extracting structured data
+from LLM responses, including XML parsing, regex-based extraction, and
+finding inference.
+
+Extracted from base.py for improved maintainability and import performance.
+
+Copyright 2025 Smart-AI-Memory
+Licensed under Fair Source License 0.9
+"""
+
+from __future__ import annotations
+
+import re
+import uuid
+from typing import TYPE_CHECKING, Any
+
+if TYPE_CHECKING:
+    pass
+
+
+class ResponseParsingMixin:
+    """Mixin providing response parsing capabilities for workflows.
+
+    This mixin adds methods for extracting structured findings from
+    LLM responses, including XML parsing and regex-based extraction.
+
+    Methods:
+        _parse_xml_response: Parse XML-formatted LLM responses
+        _extract_findings_from_response: Extract findings using multiple strategies
+        _enrich_finding_with_location: Add location details to findings
+        _parse_location_string: Parse location strings to file/line/column
+        _infer_severity: Infer severity level from text
+        _infer_category: Infer category from text
+
+    Note:
+        This mixin expects the class to have a _get_xml_config() method
+        that returns XML configuration settings.
+    """
+
+    def _parse_xml_response(self, response: str) -> dict[str, Any]:
+        """Parse an XML response if XML enforcement is enabled.
+
+        Args:
+            response: The LLM response text.
+
+        Returns:
+            Dictionary with parsed fields or raw response data.
+        """
+        from attune.prompts import XmlResponseParser
+
+        config = self._get_xml_config()
+
+        if not config.get("enforce_response_xml", False):
+            # No parsing needed, return as-is
+            return {
+                "_parsed_response": None,
+                "_raw": response,
+            }
+
+        fallback = config.get("fallback_on_parse_error", True)
+        parser = XmlResponseParser(fallback_on_error=fallback)
+        parsed = parser.parse(response)
+
+        return {
+            "_parsed_response": parsed,
+            "_raw": response,
+            "summary": parsed.summary,
+            "findings": [f.to_dict() for f in parsed.findings],
+            "checklist": parsed.checklist,
+            "xml_parsed": parsed.success,
+            "parse_errors": parsed.errors,
+        }
+
+    def _extract_findings_from_response(
+        self,
+        response: str,
+        files_changed: list[str],
+        code_context: str = "",
+    ) -> list[dict[str, Any]]:
+        """Extract structured findings from LLM response.
+
+        Tries multiple strategies in order:
+        1. XML parsing (if XML tags present)
+        2. Regex-based extraction for file:line patterns
+        3. Returns empty list if no findings extractable
+
+        Args:
+            response: Raw LLM response text
+            files_changed: List of files being analyzed (for context)
+            code_context: Original code being reviewed (optional)
+
+        Returns:
+            List of findings matching WorkflowFinding schema:
+            [
+                {
+                    "id": "unique-id",
+                    "file": "relative/path.py",
+                    "line": 42,
+                    "column": 10,
+                    "severity": "high",
+                    "category": "security",
+                    "message": "Brief message",
+                    "details": "Extended explanation",
+                    "recommendation": "Fix suggestion"
+                }
+            ]
+        """
+        findings: list[dict[str, Any]] = []
+
+        # Strategy 1: Try XML parsing first
+        response_lower = response.lower()
+        if (
+            "<finding>" in response_lower
+            or "<issue>" in response_lower
+            or "<findings>" in response_lower
+        ):
+            # Parse XML directly (bypass config checks)
+            from attune.prompts import XmlResponseParser
+
+            parser = XmlResponseParser(fallback_on_error=True)
+            parsed = parser.parse(response)
+
+            if parsed.success and parsed.findings:
+                for raw_finding in parsed.findings:
+                    enriched = self._enrich_finding_with_location(
+                        raw_finding.to_dict(),
+                        files_changed,
+                    )
+                    findings.append(enriched)
+                return findings
+
+        # Strategy 2: Regex-based extraction for common patterns
+        # Match patterns like:
+        # - "src/auth.py:42: SQL injection found"
+        # - "In file src/auth.py line 42"
+        # - "auth.py (line 42, column 10)"
+        patterns = [
+            # Pattern 1: file.py:line:column: message
+            r"([^\s:]+\.(?:py|ts|tsx|js|jsx|java|go|rb|php)):(\d+):(\d+):\s*(.+)",
+            # Pattern 2: file.py:line: message
+            r"([^\s:]+\.(?:py|ts|tsx|js|jsx|java|go|rb|php)):(\d+):\s*(.+)",
+            # Pattern 3: in file X line Y
+            r"(?:in file|file)\s+([^\s]+\.(?:py|ts|tsx|js|jsx|java|go|rb|php))\s+line\s+(\d+)",
+            # Pattern 4: file.py (line X)
+            r"([^\s]+\.(?:py|ts|tsx|js|jsx|java|go|rb|php))\s*\(line\s+(\d+)(?:,\s*col(?:umn)?\s+(\d+))?\)",
+        ]
+
+        for pattern in patterns:
+            matches = re.findall(pattern, response, re.IGNORECASE)
+            for match in matches:
+                if len(match) >= 2:
+                    file_path = match[0]
+                    line = int(match[1])
+
+                    # Handle different pattern formats
+                    if len(match) == 4 and match[2].isdigit():
+                        # Pattern 1: file:line:col:message
+                        column = int(match[2])
+                        message = match[3]
+                    elif len(match) == 3 and match[2] and not match[2].isdigit():
+                        # Pattern 2: file:line:message
+                        column = 1
+                        message = match[2]
+                    elif len(match) == 3 and match[2].isdigit():
+                        # Pattern 4: file (line col)
+                        column = int(match[2])
+                        message = ""
+                    else:
+                        # Pattern 3: in file X line Y (no message)
+                        column = 1
+                        message = ""
+
+                    # Determine severity from keywords in message
+                    severity = self._infer_severity(message)
+                    category = self._infer_category(message)
+
+                    findings.append(
+                        {
+                            "id": str(uuid.uuid4())[:8],
+                            "file": file_path,
+                            "line": line,
+                            "column": column,
+                            "severity": severity,
+                            "category": category,
+                            "message": message.strip() if message else "",
+                            "details": "",
+                            "recommendation": "",
+                        },
+                    )
+
+        # Deduplicate by file:line
+        seen: set[tuple[str, int]] = set()
+        unique_findings = []
+        for finding in findings:
+            key = (finding["file"], finding["line"])
+            if key not in seen:
+                seen.add(key)
+                unique_findings.append(finding)
+
+        return unique_findings
+
+    def _enrich_finding_with_location(
+        self,
+        raw_finding: dict[str, Any],
+        files_changed: list[str],
+    ) -> dict[str, Any]:
+        """Enrich a finding from XML parser with file/line/column fields.
+
+        Args:
+            raw_finding: Finding dict from XML parser (has 'location' string field)
+            files_changed: List of files being analyzed
+
+        Returns:
+            Enriched finding dict with file, line, column fields
+        """
+        location_str = raw_finding.get("location", "")
+        file_path, line, column = self._parse_location_string(location_str, files_changed)
+
+        # Map category from severity or title keywords
+        category = self._infer_category(
+            raw_finding.get("title", "") + " " + raw_finding.get("details", ""),
+        )
+
+        return {
+            "id": str(uuid.uuid4())[:8],
+            "file": file_path,
+            "line": line,
+            "column": column,
+            "severity": raw_finding.get("severity", "medium"),
+            "category": category,
+            "message": raw_finding.get("title", ""),
+            "details": raw_finding.get("details", ""),
+            "recommendation": raw_finding.get("fix", ""),
+        }
+
+    def _parse_location_string(
+        self,
+        location: str,
+        files_changed: list[str],
+    ) -> tuple[str, int, int]:
+        """Parse a location string to extract file, line, column.
+
+        Handles formats like:
+        - "src/auth.py:42:10"
+        - "src/auth.py:42"
+        - "auth.py line 42"
+        - "line 42 in auth.py"
+
+        Args:
+            location: Location string from finding
+            files_changed: List of files being analyzed (for fallback)
+
+        Returns:
+            Tuple of (file_path, line_number, column_number)
+            Defaults: ("", 1, 1) if parsing fails
+        """
+        if not location:
+            # Fallback: use first file if available
+            return (files_changed[0] if files_changed else "", 1, 1)
+
+        # Try colon-separated format: file.py:line:col
+        match = re.search(
+            r"([^\s:]+\.(?:py|ts|tsx|js|jsx|java|go|rb|php)):(\d+)(?::(\d+))?",
+            location,
+        )
+        if match:
+            file_path = match.group(1)
+            line = int(match.group(2))
+            column = int(match.group(3)) if match.group(3) else 1
+            return (file_path, line, column)
+
+        # Try "line X in file.py" format
+        match = re.search(
+            r"line\s+(\d+)\s+(?:in|of)\s+([^\s]+\.(?:py|ts|tsx|js|jsx|java|go|rb|php))",
+            location,
+            re.IGNORECASE,
+        )
+        if match:
+            line = int(match.group(1))
+            file_path = match.group(2)
+            return (file_path, line, 1)
+
+        # Try "file.py line X" format
+        match = re.search(
+            r"([^\s]+\.(?:py|ts|tsx|js|jsx|java|go|rb|php))\s+line\s+(\d+)",
+            location,
+            re.IGNORECASE,
+        )
+        if match:
+            file_path = match.group(1)
+            line = int(match.group(2))
+            return (file_path, line, 1)
+
+        # Extract just line number if present
+        match = re.search(r"line\s+(\d+)", location, re.IGNORECASE)
+        if match:
+            line = int(match.group(1))
+            # Use first file from files_changed as fallback
+            file_path = files_changed[0] if files_changed else ""
+            return (file_path, line, 1)
+
+        # Couldn't parse - return defaults
+        return (files_changed[0] if files_changed else "", 1, 1)
+
+    def _infer_severity(self, text: str) -> str:
+        """Infer severity from keywords in text.
+
+        Args:
+            text: Message or title text
+
+        Returns:
+            Severity level: critical, high, medium, low, or info
+        """
+        text_lower = text.lower()
+
+        if any(
+            word in text_lower
+            for word in [
+                "critical",
+                "severe",
+                "exploit",
+                "vulnerability",
+                "injection",
+                "remote code execution",
+                "rce",
+            ]
+        ):
+            return "critical"
+
+        if any(
+            word in text_lower
+            for word in [
+                "high",
+                "security",
+                "unsafe",
+                "dangerous",
+                "xss",
+                "csrf",
+                "auth",
+                "password",
+                "secret",
+            ]
+        ):
+            return "high"
+
+        if any(
+            word in text_lower
+            for word in [
+                "warning",
+                "issue",
+                "problem",
+                "bug",
+                "error",
+                "deprecated",
+                "leak",
+            ]
+        ):
+            return "medium"
+
+        if any(word in text_lower for word in ["low", "minor", "style", "format", "typo"]):
+            return "low"
+
+        return "info"
+
+    def _infer_category(self, text: str) -> str:
+        """Infer finding category from keywords.
+
+        Args:
+            text: Message or title text
+
+        Returns:
+            Category: security, performance, maintainability, style, or correctness
+        """
+        text_lower = text.lower()
+
+        if any(
+            word in text_lower
+            for word in [
+                "security",
+                "vulnerability",
+                "injection",
+                "xss",
+                "csrf",
+                "auth",
+                "encrypt",
+                "password",
+                "secret",
+                "unsafe",
+            ]
+        ):
+            return "security"
+
+        if any(
+            word in text_lower
+            for word in [
+                "performance",
+                "slow",
+                "memory",
+                "leak",
+                "inefficient",
+                "optimization",
+                "cache",
+            ]
+        ):
+            return "performance"
+
+        if any(
+            word in text_lower
+            for word in [
+                "complex",
+                "refactor",
+                "duplicate",
+                "maintainability",
+                "readability",
+                "documentation",
+            ]
+        ):
+            return "maintainability"
+
+        if any(
+            word in text_lower for word in ["style", "format", "lint", "convention", "whitespace"]
+        ):
+            return "style"
+
+        return "correctness"

attune/workflows/perf_audit.py

@@ -649,7 +649,9 @@ def create_perf_audit_workflow_report(result: dict, input_data: dict) -> Workflo
     top_issues = result.get("top_issues", [])
     if top_issues:
         issues_content = {
-            issue.get("type", "unknown").replace("_", " ").title(): f"{issue.get('count', 0)} occurrences"
+            issue.get("type", "unknown")
+            .replace("_", " ")
+            .title(): f"{issue.get('count', 0)} occurrences"
             for issue in top_issues
         }
         report.add_section("Top Performance Issues", issues_content)

attune/workflows/progress.py

@@ -483,7 +483,9 @@ class ConsoleProgressReporter:
             tokens_str = f" | {update.tokens_so_far:,} tokens"
 
         # Format: [100%] ✓ Completed optimize [PREMIUM] ($0.0279) [12.3s]
-        output = f"[{percent}] {status_icon} {update.message}{tier_info} ({cost}{tokens_str}){elapsed}"
+        output = (
+            f"[{percent}] {status_icon} {update.message}{tier_info} ({cost}{tokens_str}){elapsed}"
+        )
         print(output)
 
         # Verbose output
@@ -508,7 +510,9 @@ class ConsoleProgressReporter:
         for stage in update.stages:
             if stage.status == ProgressStatus.COMPLETED:
                 duration_ms = stage.duration_ms or self._stage_times.get(stage.name, 0)
-                duration_str = f"{duration_ms}ms" if duration_ms < 1000 else f"{duration_ms/1000:.1f}s"
+                duration_str = (
+                    f"{duration_ms}ms" if duration_ms < 1000 else f"{duration_ms/1000:.1f}s"
+                )
                 cost_str = f"${stage.cost:.4f}" if stage.cost > 0 else "—"
                 print(f"  {stage.name}: {duration_str} | {cost_str}")
             elif stage.status == ProgressStatus.SKIPPED:
@@ -590,8 +594,7 @@ class RichProgressReporter:
         """
         if not RICH_AVAILABLE:
             raise RuntimeError(
-                "Rich library required for RichProgressReporter. "
-                "Install with: pip install rich"
+                "Rich library required for RichProgressReporter. " "Install with: pip install rich"
             )
 
         self.workflow_name = workflow_name
@@ -652,9 +655,7 @@ class RichProgressReporter:
 
         # Update progress bar
         if self._progress is not None and self._task_id is not None:
-            completed = sum(
-                1 for s in update.stages if s.status == ProgressStatus.COMPLETED
-            )
+            completed = sum(1 for s in update.stages if s.status == ProgressStatus.COMPLETED)
             self._progress.update(
                 self._task_id,
                 completed=completed,
@@ -676,10 +677,7 @@ class RichProgressReporter:
             Rich Panel containing progress information
         """
         if not RICH_AVAILABLE or Panel is None or Table is None:
-            raise RuntimeError(
-                "Rich library not available. "
-                "Install with: pip install rich"
-            )
+            raise RuntimeError("Rich library not available. " "Install with: pip install rich")
 
         # Build metrics table
         metrics = Table(show_header=False, box=None, padding=(0, 2))

attune/workflows/release_prep.py

@@ -153,6 +153,7 @@ class ReleasePreparationWorkflow(BaseWorkflow):
                     get_auth_strategy,
                     get_module_size_category,
                 )
+
                 logger = logging.getLogger(__name__)
 
                 # Calculate total LOC for project/directory
@@ -173,7 +174,9 @@ class ReleasePreparationWorkflow(BaseWorkflow):
                     self._auth_mode_used = recommended_mode.value
 
                     size_category = get_module_size_category(total_lines)
-                    logger.info(f"Release prep target: {target_path} ({total_lines:,} LOC, {size_category})")
+                    logger.info(
+                        f"Release prep target: {target_path} ({total_lines:,} LOC, {size_category})"
+                    )
                     logger.info(f"Recommended auth mode: {recommended_mode.value}")
 
                     cost_estimate = strategy.estimate_cost(total_lines, recommended_mode)
@@ -184,6 +187,7 @@ class ReleasePreparationWorkflow(BaseWorkflow):
 
             except Exception as e:
                 import logging
+
                 logger = logging.getLogger(__name__)
                 logger.warning(f"Auth strategy detection failed: {e}")
 

attune/workflows/routing.py

@@ -164,5 +164,3 @@ class BalancedRouting(TierRoutingStrategy):
     def can_fallback(self, tier: ModelTier) -> bool:
         """Allow fallback when budget-constrained."""
         return True
-
-

attune/workflows/secure_release.py

@@ -170,7 +170,8 @@ class SecureReleasePipeline:
             adapters_available = True
         except ImportError:
             adapters_available = False
-            _check_crew_available = lambda: False
+            def _check_crew_available():
+                return False
             _get_crew_audit = None
             crew_report_to_workflow_format = None
 

attune/workflows/security_audit.py

@@ -344,9 +344,7 @@ class SecurityAuditWorkflow(BaseWorkflow):
                             for match in matches:
                                 # Find line number and get the line content
                                 line_num = content[: match.start()].count("\n") + 1
-                                line_content = (
-                                    lines[line_num - 1] if line_num <= len(lines) else ""
-                                )
+                                line_content = lines[line_num - 1] if line_num <= len(lines) else ""
 
                                 # Skip if file is a security example/test file
                                 file_name = str(file_path)
@@ -471,9 +469,7 @@ class SecurityAuditWorkflow(BaseWorkflow):
                     size_category = get_module_size_category(codebase_lines)
 
                     # Log recommendation
-                    logger.info(
-                        f"Codebase: {target} ({codebase_lines} LOC, {size_category})"
-                    )
+                    logger.info(f"Codebase: {target} ({codebase_lines} LOC, {size_category})")
                     logger.info(f"Recommended auth mode: {recommended_mode.value}")
 
                     # Get cost estimate
@@ -486,8 +482,7 @@ class SecurityAuditWorkflow(BaseWorkflow):
                         )
                     else:  # API
                         logger.info(
-                            f"Cost: ~${cost_estimate['monetary_cost']:.4f} "
-                            f"(1M context window)"
+                            f"Cost: ~${cost_estimate['monetary_cost']:.4f} " f"(1M context window)"
                         )
 
             except Exception as e:
@@ -619,7 +614,12 @@ class SecurityAuditWorkflow(BaseWorkflow):
         line = line_content.strip()
 
         # Check if line is a comment or documentation
-        if line.startswith("#") or line.startswith("//") or line.startswith("*") or line.startswith("-"):
+        if (
+            line.startswith("#")
+            or line.startswith("//")
+            or line.startswith("*")
+            or line.startswith("-")
+        ):
             return True
 
         # Check if inside a docstring (triple quotes)
@@ -655,7 +655,9 @@ class SecurityAuditWorkflow(BaseWorkflow):
 
         return False
 
-    def _is_safe_sql_parameterization(self, line_content: str, match_text: str, file_content: str) -> bool:
+    def _is_safe_sql_parameterization(
+        self, line_content: str, match_text: str, file_content: str
+    ) -> bool:
         """Check if SQL query uses safe parameterization despite f-string usage.
 
         Phase 2 Enhancement: Detects safe patterns like:
@@ -682,7 +684,7 @@ class SecurityAuditWorkflow(BaseWorkflow):
                 return False
 
         # Extract a larger context (next 200 chars after match)
-        context = file_content[match_pos:match_pos + 200]
+        context = file_content[match_pos : match_pos + 200]
 
         # Also get lines before the match for placeholder detection
         lines_before = file_content[:match_pos].split("\n")
@@ -701,12 +703,14 @@ class SecurityAuditWorkflow(BaseWorkflow):
                 if "placeholders" in prev_line and '"?"' in prev_line and "join" in prev_line:
                     # Found placeholder construction
                     # Now check if the execute has separate parameters
-                    if "," in context and any(param in context for param in ["run_ids", "ids", "params", "values", ")"]):
+                    if "," in context and any(
+                        param in context for param in ["run_ids", "ids", "params", "values", ")"]
+                    ):
                         return True
 
         # Pattern 2: Check if f-string only builds SQL structure with constants
         # Example: f"SELECT * FROM {TABLE_NAME}" where TABLE_NAME is a constant
-        f_string_vars = re.findall(r'\{(\w+)\}', context)
+        f_string_vars = re.findall(r"\{(\w+)\}", context)
         if f_string_vars:
             # Check if all variables are constants (UPPERCASE or table/column names)
             all_constants = all(
@@ -940,7 +944,8 @@ class SecurityAuditWorkflow(BaseWorkflow):
             adapters_available = True
         except ImportError:
             adapters_available = False
-            _check_crew_available = lambda: False
+            def _check_crew_available():
+                return False
 
         assessment = input_data.get("assessment", {})
         critical = assessment.get("critical_findings", [])