PyPI - autoai-codetrust - Versions diffs - 0.1.0__py3-none-any.whl - Mend

autoai-codetrust 0.1.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

aicodetrustcore/__init__.py +8 -0
aicodetrustcore/analyzers/__init__.py +29 -0
aicodetrustcore/analyzers/consistency.py +255 -0
aicodetrustcore/analyzers/correctness.py +330 -0
aicodetrustcore/analyzers/dependency.py +249 -0
aicodetrustcore/analyzers/hallucination.py +607 -0
aicodetrustcore/analyzers/safety.py +253 -0
aicodetrustcore/analyzers/test_coverage.py +222 -0
aicodetrustcore/api.py +348 -0
aicodetrustcore/cli.py +462 -0
aicodetrustcore/server.py +476 -0
aicodetrustcore/store.py +182 -0
aicodetrustcore/types.py +158 -0
autoai_codetrust-0.1.0.dist-info/METADATA +64 -0
autoai_codetrust-0.1.0.dist-info/RECORD +17 -0
autoai_codetrust-0.1.0.dist-info/WHEEL +4 -0
autoai_codetrust-0.1.0.dist-info/entry_points.txt +4 -0

aicodetrustcore/__init__.py ADDED Viewed

@@ -0,0 +1,8 @@
+"""AICodeTrustScore -- Continuous trust scoring for AI-generated code.
+Analyzes code produced by Cursor, Copilot, Claude, and other AI tools,
+assigning a 0-100 trust score based on correctness, safety, test coverage,
+dependency risk, consistency, and hallucination detection.
+"""
+__version__ = "0.1.0"

aicodetrustcore/analyzers/__init__.py ADDED Viewed

@@ -0,0 +1,29 @@
+"""AICodeTrustScore analyzers -- each module detects a specific class of trust issue."""
+from __future__ import annotations
+from .correctness import CorrectnessAnalyzer
+from .safety import SafetyAnalyzer
+from .test_coverage import TestCoverageAnalyzer
+from .dependency import DependencyAnalyzer
+from .consistency import ConsistencyAnalyzer
+from .hallucination import HallucinationAnalyzer
+ALL_ANALYZERS = [
+    CorrectnessAnalyzer,
+    SafetyAnalyzer,
+    TestCoverageAnalyzer,
+    DependencyAnalyzer,
+    ConsistencyAnalyzer,
+    HallucinationAnalyzer,
+]
+__all__ = [
+    "CorrectnessAnalyzer",
+    "SafetyAnalyzer",
+    "TestCoverageAnalyzer",
+    "DependencyAnalyzer",
+    "ConsistencyAnalyzer",
+    "HallucinationAnalyzer",
+    "ALL_ANALYZERS",
+]

aicodetrustcore/analyzers/consistency.py ADDED Viewed

@@ -0,0 +1,255 @@
+"""Consistency analyzer -- checks if AI code matches existing project style.
+Checks:
+- Naming convention mismatch with existing code
+- Different error handling patterns than the project uses
+- Import style inconsistency
+- Comment style mismatch
+- Architecture layer violations
+"""
+from __future__ import annotations
+import re
+from pathlib import Path
+from ..types import TrustIssue, IssueCategory, Severity
+_CODE_EXTENSIONS = {".py", ".ts", ".tsx", ".js", ".jsx", ".go"}
+class ConsistencyAnalyzer:
+    """Detects style and pattern inconsistencies in AI-generated code."""
+    name = "consistency"
+    @classmethod
+    def analyze_file(cls, file_path: Path, content: str) -> list[TrustIssue]:
+        """Analyse a file for consistency issues."""
+        findings: list[TrustIssue] = []
+        if file_path.suffix not in _CODE_EXTENSIONS:
+            return findings
+        lines = content.splitlines()
+        rel_path = str(file_path)
+        is_python = file_path.suffix == ".py"
+        is_js_ts = file_path.suffix in {".ts", ".tsx", ".js", ".jsx"}
+        # Naming convention checks
+        if is_python:
+            findings.extend(cls._check_python_naming(rel_path, lines))
+            findings.extend(cls._check_python_import_style(rel_path, lines))
+            findings.extend(cls._check_python_string_style(rel_path, lines))
+        if is_js_ts:
+            findings.extend(cls._check_js_naming(rel_path, lines))
+            findings.extend(cls._check_js_import_style(rel_path, lines))
+        # Mixed tab/space indentation
+        findings.extend(cls._check_indentation(rel_path, lines))
+        return findings
+    @classmethod
+    def _check_python_naming(cls, rel_path: str, lines: list[str]) -> list[TrustIssue]:
+        """Check Python naming conventions (PEP 8)."""
+        findings: list[TrustIssue] = []
+        camel_case_var = re.compile(r'^\s*([a-z]+[A-Z]\w*)\s*=')
+        camel_count = 0
+        for i, line in enumerate(lines, 1):
+            m = camel_case_var.match(line)
+            if m:
+                var_name = m.group(1)
+                # Exclude common abbreviations
+                if not re.match(r'^(is|has|can|should|will)', var_name):
+                    camel_count += 1
+                    if camel_count <= 3:  # Report first few only
+                        findings.append(TrustIssue(
+                            analyzer=cls.name,
+                            category=IssueCategory.CONSISTENCY,
+                            severity=Severity.LOW,
+                            title=f"camelCase variable '{var_name}' in Python",
+                            description="Python convention is snake_case for variables and functions (PEP 8).",
+                            file_path=rel_path,
+                            line_start=i,
+                            suggestion=f"Rename to '{cls._to_snake_case(var_name)}'.",
+                            code_snippet=line.strip()[:200],
+                        ))
+        # Classes not in PascalCase
+        class_pattern = re.compile(r'^\s*class\s+(\w+)')
+        for i, line in enumerate(lines, 1):
+            m = class_pattern.match(line)
+            if m:
+                name = m.group(1)
+                if "_" in name and not name.startswith("_"):
+                    findings.append(TrustIssue(
+                        analyzer=cls.name,
+                        category=IssueCategory.CONSISTENCY,
+                        severity=Severity.LOW,
+                        title=f"Class '{name}' uses snake_case instead of PascalCase",
+                        description="Python convention is PascalCase for class names (PEP 8).",
+                        file_path=rel_path,
+                        line_start=i,
+                        suggestion=f"Rename to PascalCase.",
+                        code_snippet=line.strip()[:200],
+                    ))
+        return findings
+    @classmethod
+    def _check_python_import_style(cls, rel_path: str, lines: list[str]) -> list[TrustIssue]:
+        """Check for inconsistent import styles."""
+        findings: list[TrustIssue] = []
+        has_wildcard = False
+        wildcard_line = 0
+        for i, line in enumerate(lines, 1):
+            stripped = line.strip()
+            if re.match(r'from\s+\w+\s+import\s+\*', stripped):
+                has_wildcard = True
+                wildcard_line = i
+        if has_wildcard:
+            findings.append(TrustIssue(
+                analyzer=cls.name,
+                category=IssueCategory.CONSISTENCY,
+                severity=Severity.MEDIUM,
+                title="Wildcard import (from x import *)",
+                description="Wildcard imports pollute the namespace and make it unclear what's available.",
+                file_path=rel_path,
+                line_start=wildcard_line,
+                suggestion="Import specific names: from module import Class1, func1",
+            ))
+        return findings
+    @classmethod
+    def _check_python_string_style(cls, rel_path: str, lines: list[str]) -> list[TrustIssue]:
+        """Check for mixed single/double quotes (inconsistency indicator)."""
+        findings: list[TrustIssue] = []
+        single_count = 0
+        double_count = 0
+        for line in lines:
+            stripped = line.strip()
+            if stripped.startswith("#"):
+                continue
+            # Count string literal starts (simple heuristic)
+            single_count += len(re.findall(r"(?<![\"\\])'(?!'')", stripped))
+            double_count += len(re.findall(r'(?<![\'\\])"(?!"")', stripped))
+        total = single_count + double_count
+        if total > 10:  # Only check if there are enough strings
+            ratio = min(single_count, double_count) / max(single_count, double_count, 1)
+            if 0.3 < ratio < 0.7:
+                findings.append(TrustIssue(
+                    analyzer=cls.name,
+                    category=IssueCategory.CONSISTENCY,
+                    severity=Severity.INFO,
+                    title="Inconsistent string quote style",
+                    description=f"Mixed use of single ({single_count}) and double ({double_count}) quotes. "
+                                "Pick one style and use it consistently.",
+                    file_path=rel_path,
+                    line_start=1,
+                    suggestion="Use a formatter like black (Python) or prettier (JS) to enforce consistent quotes.",
+                ))
+        return findings
+    @classmethod
+    def _check_js_naming(cls, rel_path: str, lines: list[str]) -> list[TrustIssue]:
+        """Check JS/TS naming conventions."""
+        findings: list[TrustIssue] = []
+        snake_case_var = re.compile(r'^\s*(?:const|let|var)\s+([a-z]+_[a-z_]+)\s*=')
+        snake_count = 0
+        for i, line in enumerate(lines, 1):
+            m = snake_case_var.match(line)
+            if m:
+                var_name = m.group(1)
+                snake_count += 1
+                if snake_count <= 3:
+                    findings.append(TrustIssue(
+                        analyzer=cls.name,
+                        category=IssueCategory.CONSISTENCY,
+                        severity=Severity.LOW,
+                        title=f"snake_case variable '{var_name}' in JS/TS",
+                        description="JavaScript/TypeScript convention is camelCase for variables.",
+                        file_path=rel_path,
+                        line_start=i,
+                        suggestion=f"Rename to '{cls._to_camel_case(var_name)}'.",
+                        code_snippet=line.strip()[:200],
+                    ))
+        return findings
+    @classmethod
+    def _check_js_import_style(cls, rel_path: str, lines: list[str]) -> list[TrustIssue]:
+        """Check for mixed require/import in JS/TS."""
+        findings: list[TrustIssue] = []
+        has_import = False
+        has_require = False
+        for line in lines:
+            stripped = line.strip()
+            if re.match(r'import\s+', stripped):
+                has_import = True
+            if re.search(r'require\s*\(', stripped):
+                has_require = True
+        if has_import and has_require:
+            findings.append(TrustIssue(
+                analyzer=cls.name,
+                category=IssueCategory.CONSISTENCY,
+                severity=Severity.LOW,
+                title="Mixed import and require() statements",
+                description="File uses both ES module imports and CommonJS require() -- pick one style.",
+                file_path=rel_path,
+                line_start=1,
+                suggestion="Use ES modules (import/export) consistently in modern JS/TS projects.",
+            ))
+        return findings
+    @classmethod
+    def _check_indentation(cls, rel_path: str, lines: list[str]) -> list[TrustIssue]:
+        """Check for mixed tabs and spaces."""
+        findings: list[TrustIssue] = []
+        has_tabs = False
+        has_spaces = False
+        for line in lines:
+            if line.startswith("\t"):
+                has_tabs = True
+            elif line.startswith("  "):
+                has_spaces = True
+        if has_tabs and has_spaces:
+            findings.append(TrustIssue(
+                analyzer=cls.name,
+                category=IssueCategory.CONSISTENCY,
+                severity=Severity.MEDIUM,
+                title="Mixed tabs and spaces for indentation",
+                description="File uses both tabs and spaces for indentation -- this causes subtle bugs.",
+                file_path=rel_path,
+                line_start=1,
+                suggestion="Configure your editor to use consistent indentation (spaces recommended).",
+            ))
+        return findings
+    @staticmethod
+    def _to_snake_case(name: str) -> str:
+        """Convert camelCase to snake_case."""
+        s = re.sub(r'([A-Z])', r'_\1', name).lower()
+        return s.lstrip("_")
+    @staticmethod
+    def _to_camel_case(name: str) -> str:
+        """Convert snake_case to camelCase."""
+        parts = name.split("_")
+        return parts[0] + "".join(p.capitalize() for p in parts[1:])

aicodetrustcore/analyzers/correctness.py ADDED Viewed

@@ -0,0 +1,330 @@
+"""Correctness analyzer -- detects common AI-generated code bugs.
+Checks:
+- Off-by-one patterns (loop bounds, array indexing)
+- Null/undefined checks missing
+- Type mismatches (comparing string to int)
+- Unreachable conditions (always-true/false)
+- Return type inconsistencies
+- Error handling gaps (try without catch, catch without handling)
+"""
+from __future__ import annotations
+import re
+from pathlib import Path
+from ..types import TrustIssue, IssueCategory, Severity
+_CODE_EXTENSIONS = {".py", ".ts", ".tsx", ".js", ".jsx", ".go"}
+# Off-by-one patterns
+_OFF_BY_ONE_PATTERNS = [
+    # range(len(x)) when should be range(len(x) - 1) or vice versa
+    (re.compile(r'for\s+\w+\s+in\s+range\s*\(\s*len\s*\(\s*\w+\s*\)\s*\+\s*1\s*\)'),
+     "range(len(x) + 1) likely off-by-one -- will index past end of list"),
+    # arr[len(arr)] -- always out of bounds
+    (re.compile(r'\w+\[\s*len\s*\(\s*\w+\s*\)\s*\]'),
+     "Indexing at len(x) is always out of bounds -- last valid index is len(x)-1"),
+    # <= in range-based for loop (JS/TS/Go)
+    (re.compile(r'for\s*\(.*;\s*\w+\s*<=\s*\w+\.length\s*;'),
+     "Loop condition uses <= length instead of < length -- off-by-one error"),
+]
+# Missing null/undefined checks
+_NULL_CHECK_PATTERNS = [
+    # Chained property access without optional chaining (JS/TS)
+    (re.compile(r'(?<![\?\.])\.\w+\.\w+\.\w+\.\w+'),
+     "Deep property access without null checks -- may throw on undefined intermediate"),
+    # .get() result used without None check (Python)
+    (re.compile(r'(\w+)\.get\([^)]+\)\.\w+'),
+     "Calling method on .get() result without None check -- .get() can return None"),
+]
+# Type mismatch patterns
+_TYPE_MISMATCH_PATTERNS = [
+    # Comparing string to number without conversion
+    (re.compile(r'==\s*["\'][0-9]+["\']'),
+     "Comparing with string-encoded number -- may need int() or parseInt() conversion"),
+    # parseInt without radix
+    (re.compile(r'parseInt\s*\(\s*\w+\s*\)(?!\s*,)'),
+     "parseInt() without radix parameter -- always specify radix (e.g., parseInt(x, 10))"),
+]
+# Unreachable code patterns
+_UNREACHABLE_PATTERNS = [
+    # if True / if False
+    (re.compile(r'if\s+True\s*:'),
+     "Condition is always True -- dead code branch or debugging leftover"),
+    (re.compile(r'if\s+False\s*:'),
+     "Condition is always False -- code block is unreachable"),
+    # while True without break (simple heuristic)
+    (re.compile(r'if\s+\w+\s*(?:==|!=)\s*\w+\s*and\s+\w+\s*(?:==|!=)\s*\w+.*:\s*$'),
+     None),  # placeholder, checked by _check_tautology
+]
+# Error handling gaps
+_ERROR_HANDLING_PATTERNS_PY = [
+    # bare except
+    (re.compile(r'except\s*:'),
+     "Bare except catches all exceptions including SystemExit and KeyboardInterrupt"),
+    # except Exception: pass
+    (re.compile(r'except\s+\w+.*:\s*\n\s*pass\s*$', re.MULTILINE),
+     "Exception caught but silently ignored with pass -- errors will be hidden"),
+    # try without except (Python)
+    (re.compile(r'try\s*:\s*\n(?:(?!\s*except|\s*finally).)*\n\s*finally', re.MULTILINE),
+     None),  # try/finally is valid, skip
+]
+_ERROR_HANDLING_PATTERNS_JS = [
+    # empty catch block
+    (re.compile(r'catch\s*\([^)]*\)\s*\{\s*\}'),
+     "Empty catch block -- errors are silently swallowed"),
+    # catch with only console.log
+    (re.compile(r'catch\s*\([^)]*\)\s*\{\s*console\.log'),
+     "Catch block only logs the error but does not handle or re-throw it"),
+]
+# Return type inconsistency
+_RETURN_PATTERNS = [
+    # Function with both return value and bare return
+    (re.compile(r'def\s+\w+[^:]*:.*?\n(?:.*\n)*?\s+return\s+\S+.*\n(?:.*\n)*?\s+return\s*$', re.MULTILINE),
+     "Function has both value-returning and bare return statements -- inconsistent return type"),
+]
+class CorrectnessAnalyzer:
+    """Detects correctness issues common in AI-generated code."""
+    name = "correctness"
+    @classmethod
+    def analyze_file(cls, file_path: Path, content: str) -> list[TrustIssue]:
+        """Analyse a single file for correctness issues."""
+        findings: list[TrustIssue] = []
+        if file_path.suffix not in _CODE_EXTENSIONS:
+            return findings
+        lines = content.splitlines()
+        rel_path = str(file_path)
+        is_python = file_path.suffix == ".py"
+        is_js_ts = file_path.suffix in {".ts", ".tsx", ".js", ".jsx"}
+        for i, line in enumerate(lines, 1):
+            stripped = line.strip()
+            # Skip comments
+            if stripped.startswith("#") or stripped.startswith("//") or stripped.startswith("*"):
+                continue
+            # Off-by-one patterns
+            for pattern, desc in _OFF_BY_ONE_PATTERNS:
+                if pattern.search(line):
+                    findings.append(TrustIssue(
+                        analyzer=cls.name,
+                        category=IssueCategory.CORRECTNESS,
+                        severity=Severity.HIGH,
+                        title="Potential off-by-one error",
+                        description=desc,
+                        file_path=rel_path,
+                        line_start=i,
+                        line_end=i,
+                        suggestion="Check array/list bounds carefully. Last valid index is length-1.",
+                        code_snippet=stripped[:200],
+                    ))
+                    break
+            # Null check patterns
+            for pattern, desc in _NULL_CHECK_PATTERNS:
+                if pattern.search(line):
+                    findings.append(TrustIssue(
+                        analyzer=cls.name,
+                        category=IssueCategory.CORRECTNESS,
+                        severity=Severity.MEDIUM,
+                        title="Missing null/undefined check",
+                        description=desc,
+                        file_path=rel_path,
+                        line_start=i,
+                        line_end=i,
+                        suggestion="Add null checks or use optional chaining (?.) before accessing nested properties.",
+                        code_snippet=stripped[:200],
+                    ))
+                    break
+            # Type mismatch patterns
+            for pattern, desc in _TYPE_MISMATCH_PATTERNS:
+                if pattern.search(line):
+                    findings.append(TrustIssue(
+                        analyzer=cls.name,
+                        category=IssueCategory.CORRECTNESS,
+                        severity=Severity.MEDIUM,
+                        title="Potential type mismatch",
+                        description=desc,
+                        file_path=rel_path,
+                        line_start=i,
+                        line_end=i,
+                        suggestion="Ensure types match before comparison. Use explicit conversion.",
+                        code_snippet=stripped[:200],
+                    ))
+                    break
+            # Unreachable code (if True / if False)
+            if re.search(r'if\s+True\s*:', stripped):
+                findings.append(TrustIssue(
+                    analyzer=cls.name,
+                    category=IssueCategory.CORRECTNESS,
+                    severity=Severity.LOW,
+                    title="Always-true condition",
+                    description="Condition is always True -- dead code branch or debugging leftover",
+                    file_path=rel_path,
+                    line_start=i,
+                    line_end=i,
+                    suggestion="Remove the always-true condition or replace with the actual logic.",
+                    code_snippet=stripped[:200],
+                ))
+            elif re.search(r'if\s+False\s*:', stripped):
+                findings.append(TrustIssue(
+                    analyzer=cls.name,
+                    category=IssueCategory.CORRECTNESS,
+                    severity=Severity.MEDIUM,
+                    title="Unreachable code block",
+                    description="Condition is always False -- code block is unreachable",
+                    file_path=rel_path,
+                    line_start=i,
+                    line_end=i,
+                    suggestion="Remove the dead code block.",
+                    code_snippet=stripped[:200],
+                ))
+            # Error handling -- Python
+            if is_python:
+                if re.match(r'except\s*:', stripped):
+                    findings.append(TrustIssue(
+                        analyzer=cls.name,
+                        category=IssueCategory.CORRECTNESS,
+                        severity=Severity.HIGH,
+                        title="Bare except clause",
+                        description="Bare except catches all exceptions including SystemExit and KeyboardInterrupt",
+                        file_path=rel_path,
+                        line_start=i,
+                        line_end=i,
+                        suggestion="Use 'except Exception:' to avoid catching system-level exceptions.",
+                        code_snippet=stripped[:200],
+                    ))
+            # Error handling -- JS/TS
+            if is_js_ts:
+                for pattern, desc in _ERROR_HANDLING_PATTERNS_JS:
+                    if pattern.search(line):
+                        findings.append(TrustIssue(
+                            analyzer=cls.name,
+                            category=IssueCategory.CORRECTNESS,
+                            severity=Severity.MEDIUM,
+                            title="Error handling gap",
+                            description=desc,
+                            file_path=rel_path,
+                            line_start=i,
+                            line_end=i,
+                            suggestion="Handle errors properly: log, re-throw, or return an error state.",
+                            code_snippet=stripped[:200],
+                        ))
+                        break
+        # Multi-line checks: except ... pass pattern
+        if is_python:
+            findings.extend(cls._check_swallowed_exceptions(rel_path, content, lines))
+        # Return type consistency
+        if is_python:
+            findings.extend(cls._check_return_consistency(rel_path, content, lines))
+        return findings
+    @classmethod
+    def _check_swallowed_exceptions(
+        cls, rel_path: str, content: str, lines: list[str]
+    ) -> list[TrustIssue]:
+        """Detect except blocks that silently swallow errors with pass."""
+        findings: list[TrustIssue] = []
+        for i, line in enumerate(lines, 1):
+            stripped = line.strip()
+            if re.match(r'except\s+\w+', stripped) and i < len(lines):
+                next_line = lines[i].strip() if i < len(lines) else ""
+                if next_line == "pass":
+                    findings.append(TrustIssue(
+                        analyzer=cls.name,
+                        category=IssueCategory.CORRECTNESS,
+                        severity=Severity.MEDIUM,
+                        title="Swallowed exception",
+                        description="Exception caught but silently ignored with pass -- errors will be hidden",
+                        file_path=rel_path,
+                        line_start=i,
+                        line_end=i + 1,
+                        suggestion="At minimum, log the exception. Consider re-raising or returning an error.",
+                        code_snippet=stripped[:200],
+                    ))
+        return findings
+    @classmethod
+    def _check_return_consistency(
+        cls, rel_path: str, content: str, lines: list[str]
+    ) -> list[TrustIssue]:
+        """Detect functions with inconsistent return types (value + bare return)."""
+        findings: list[TrustIssue] = []
+        func_pattern = re.compile(r'^(\s*)def\s+(\w+)')
+        in_func = False
+        func_name = ""
+        func_indent = ""
+        func_line = 0
+        has_value_return = False
+        has_bare_return = False
+        for i, line in enumerate(lines, 1):
+            m = func_pattern.match(line)
+            if m:
+                # Evaluate previous function
+                if in_func and has_value_return and has_bare_return:
+                    findings.append(TrustIssue(
+                        analyzer=cls.name,
+                        category=IssueCategory.CORRECTNESS,
+                        severity=Severity.MEDIUM,
+                        title="Inconsistent return type",
+                        description=f"Function '{func_name}' has both value-returning and bare return statements",
+                        file_path=rel_path,
+                        line_start=func_line,
+                        line_end=i - 1,
+                        suggestion="Ensure all return paths return the same type or use Optional.",
+                    ))
+                in_func = True
+                func_name = m.group(2)
+                func_indent = m.group(1)
+                func_line = i
+                has_value_return = False
+                has_bare_return = False
+                continue
+            if in_func:
+                stripped = line.strip()
+                if stripped.startswith("return ") and stripped != "return":
+                    has_value_return = True
+                elif stripped == "return":
+                    has_bare_return = True
+        # Check last function
+        if in_func and has_value_return and has_bare_return:
+            findings.append(TrustIssue(
+                analyzer=cls.name,
+                category=IssueCategory.CORRECTNESS,
+                severity=Severity.MEDIUM,
+                title="Inconsistent return type",
+                description=f"Function '{func_name}' has both value-returning and bare return statements",
+                file_path=rel_path,
+                line_start=func_line,
+                line_end=len(lines),
+                suggestion="Ensure all return paths return the same type or use Optional.",
+            ))
+        return findings