code-analyser 1.0.2__tar.gz → 1.1.0__tar.gz

{code_analyser-1.0.2 → code_analyser-1.1.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: code-analyser
-Version: 1.0.2
+Version: 1.1.0
 Summary: Source code analyser — part of the analyser family
 License-File: LICENSE
 Requires-Python: >=3.10

{code_analyser-1.0.2 → code_analyser-1.1.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "code-analyser"
-version = "1.0.2"
+version = "1.1.0"
 description = "Source code analyser — part of the analyser family"
 readme = "README.md"
 requires-python = ">=3.10"
@@ -44,7 +44,10 @@ python_files = ["test_*.py"]
 python_classes = ["Test*"]
 python_functions = ["test_*"]
 pythonpath = ["src", "tests"]
-addopts = ["--cov=src/code_analyser", "--cov-report=term-missing", "--strict-markers"]
+addopts = "--cov=src/code_analyser --cov-report=term-missing --strict-markers -m 'not slow'"
+markers = [
+    "slow: tests that invoke external tools (ruff, html5lib parse, w3c) — opt-in with `pytest -m slow`",
+]
 
 [tool.ruff]
 target-version = "py310"

code_analyser-1.1.0/src/code_analyser/__init__.py

@@ -0,0 +1,10 @@
+from importlib.metadata import version as _v
+
+from .manifest import MANIFEST
+from .models import CodeAnalysis
+from .pipeline import CodeAnalyser
+
+__version__ = _v("code-analyser")
+del _v
+
+__all__ = ["CodeAnalyser", "CodeAnalysis", "MANIFEST"]

{code_analyser-1.0.2 → code_analyser-1.1.0}/src/code_analyser/api.py

@@ -6,19 +6,29 @@ from pathlib import Path
 from importlib.metadata import version
 from fastapi import FastAPI, File, HTTPException, UploadFile
 
+from .manifest import MANIFEST
 from .models import CodeAnalysis
 from .pipeline import CodeAnalyser
 
 _start_time = time.time()
 
-app = FastAPI(title="code-analyser", version="1.0.0")
+app = FastAPI(title="code-analyser", version=version("code-analyser"))
 
 _analyser = CodeAnalyser()
 
 
 @app.get("/health")
 def health() -> dict:
-    return {"status": "ok", "uptime": round(time.time() - _start_time, 1)}
+    return {
+        "status": "ok",
+        "uptime": round(time.time() - _start_time, 1),
+        "version": version("code-analyser"),
+    }
+
+
+@app.get("/manifest")
+def manifest() -> dict:
+    return MANIFEST
 
 
 @app.post("/analyse", response_model=CodeAnalysis)

{code_analyser-1.0.2 → code_analyser-1.1.0}/src/code_analyser/cli.py

@@ -12,6 +12,12 @@ def main() -> None:
         _serve(sys.argv[2:])
         return
 
+    if len(sys.argv) > 1 and sys.argv[1] == "manifest":
+        import json
+        from .manifest import MANIFEST
+        print(json.dumps(MANIFEST, indent=2))
+        return
+
     parser = argparse.ArgumentParser(
         prog="code-analyser",
         description="Source code signals analyser",

{code_analyser-1.0.2 → code_analyser-1.1.0}/src/code_analyser/core/javascript_.py

@@ -14,10 +14,17 @@ _COMMENT_LINE_RE = re.compile(r"^\s*(?://|/\*|\*)", re.MULTILINE)
 
 
 def analyse_javascript(source: str, *, jsx: bool = False) -> JSMetrics:
+    """Analyse a JavaScript source string and return structural metrics.
+
+    When ``jsx=True``, esprima parses JSX expressions (e.g.
+    ``<Component prop={value}/>``).
+    """
     if not _ESPRIMA_AVAILABLE:
         return _fallback_metrics(source)
 
     opts = {"tolerant": True, "comment": True}
+    if jsx:
+        opts["jsx"] = True
     tree = None
     parse_failed = False
     try:

code_analyser-1.1.0/src/code_analyser/core/sql_.py

@@ -0,0 +1,91 @@
+# src/code_analyser/core/sql_.py
+from __future__ import annotations
+import re
+
+import sqlparse
+from sqlparse.sql import Parenthesis, Where
+from sqlparse.tokens import DML, Punctuation
+
+from ..models import SQLMetrics
+
+_JOIN_RE = re.compile(r"\bJOIN\b", re.IGNORECASE)
+_SELECT_STAR_RE = re.compile(r"\bSELECT\s+\*", re.IGNORECASE)
+
+
+def analyse_sql(source: str) -> SQLMetrics:
+    statements = [s for s in sqlparse.parse(source) if str(s).strip()]
+
+    query_types: dict[str, int] = {}
+    join_count = 0
+    unsafe: list[str] = []
+
+    for stmt in statements:
+        stype = (stmt.get_type() or "UNKNOWN").upper()
+        query_types[stype] = query_types.get(stype, 0) + 1
+
+        stmt_str = str(stmt)
+        join_count += len(_JOIN_RE.findall(stmt_str))
+
+        if stype == "UPDATE" and not any(isinstance(tok, Where) for tok in stmt.tokens):
+            unsafe.append("UPDATE without WHERE")
+        elif stype == "DELETE" and not any(isinstance(tok, Where) for tok in stmt.tokens):
+            unsafe.append("DELETE without WHERE")
+        if _SELECT_STAR_RE.search(stmt_str):
+            unsafe.append("SELECT *")
+
+    subquery_depth = _max_subquery_depth(source)
+
+    return SQLMetrics(
+        statement_count=len(statements),
+        query_types=query_types,
+        join_count=join_count,
+        subquery_depth=subquery_depth,
+        unsafe_patterns=list(dict.fromkeys(unsafe)),
+    )
+
+
+def _paren_starts_with_select(token: Parenthesis) -> bool:
+    """True iff the first non-whitespace token after ``(`` is a SELECT DML."""
+    for t in token.flatten():
+        if t.is_whitespace:
+            continue
+        if t.ttype is Punctuation and t.value == "(":
+            continue
+        return t.ttype is DML and t.value.upper() == "SELECT"
+    return False
+
+
+def _walk(token, current_depth: int, current_max: int) -> int:
+    if isinstance(token, Parenthesis) and _paren_starts_with_select(token):
+        current_depth += 1
+        current_max = max(current_max, current_depth)
+    if hasattr(token, "tokens"):
+        for child in token.tokens:
+            current_max = _walk(child, current_depth, current_max)
+    return current_max
+
+
+def _max_subquery_depth(source: str) -> int:
+    """Return the maximum nesting depth of SELECT statements.
+
+    A top-level SELECT is depth 1. A subquery (a ``Parenthesis`` whose
+    first non-whitespace token is a SELECT keyword) inside another
+    SELECT is depth 2. Subquery-in-subquery is depth 3. Etc.
+
+    Walks the sqlparse token tree so that non-subquery parens — e.g.
+    ``VALUES (...)``, ``CAST(x AS y)``, or arithmetic ``(a + (b + c))`` —
+    do NOT inflate the count.
+    """
+    parsed = sqlparse.parse(source)
+    max_depth = 0
+    for stmt in parsed:
+        # Top-level SELECT counts as depth 1.
+        for t in stmt.flatten():
+            if t.is_whitespace:
+                continue
+            if t.ttype is DML and t.value.upper() == "SELECT":
+                max_depth = max(max_depth, 1)
+            break
+        for tok in stmt.tokens:
+            max_depth = max(max_depth, _walk(tok, 1, max_depth))
+    return max_depth

{code_analyser-1.0.2 → code_analyser-1.1.0}/src/code_analyser/core/typescript_.py

@@ -26,6 +26,25 @@ _RETURN_TYPE_RE = re.compile(
 
 
 def analyse_typescript(source: str, *, tsx: bool = False) -> TSMetrics:
+    """Extract regex-based stats from a TypeScript source string.
+
+    This is a HEURISTIC analyser, not a real TS parser. It counts
+    declarations (functions, interfaces, type aliases, imports), notes
+    annotations and arrow expressions, and reports a coarse "looks like
+    syntactically balanced" check via brace counting.
+
+    For real TypeScript semantic analysis (proper type checking,
+    accurate syntax validity, JSX/TSX-aware parsing), a future release
+    will offer an optional [parser] extra using tree-sitter-typescript.
+    For now, the regex stats are useful as stats — they're not pretending
+    to be parsing.
+
+    The ``tsx`` parameter is currently unused (TSX requires a real
+    parser; the brace heuristic doesn't change with TSX).
+    """
+    # Heuristic: source is "structurally balanced" if open/close braces match
+    # within ±3. Not a real parse — a real parser would catch many things this
+    # misses (e.g. `function foo() { if (x { return; } }` passes).
     syntax_valid = abs(source.count("{") - source.count("}")) <= 3
 
     function_count = len(_FUNC_RE.findall(source))

code_analyser-1.1.0/src/code_analyser/manifest.py

@@ -0,0 +1,22 @@
+"""Capability manifest for the lens family (consumed by auto-analyser)."""
+from __future__ import annotations
+
+from importlib.metadata import PackageNotFoundError, version
+
+
+def _version() -> str:
+    try:
+        return version("code-analyser")
+    except PackageNotFoundError:
+        return "0.0.0"
+
+
+MANIFEST: dict = {
+    "name": "code-analyser",
+    "version": _version(),
+    "role": "analyser",
+    "accepts": ["code"],
+    "extensions": [".py", ".js", ".ts", ".tsx", ".jsx", ".html", ".css", ".scss", ".sql", ".ipynb"],
+    "auto_routable": True,
+    "produces": "CodeAnalysis",
+}

{code_analyser-1.0.2 → code_analyser-1.1.0}/src/code_analyser/models.py

@@ -128,6 +128,13 @@ class JSMetrics(BaseModel):
 
 
 class TSMetrics(JSMetrics):
+    syntax_valid: bool = Field(
+        description=(
+            "For TypeScript, this is a brace-balance heuristic "
+            "(open vs close `{}` within ±3), NOT parser-based. "
+            "A real TS parser would catch syntax errors this misses."
+        ),
+    )
     type_annotation_coverage: Annotated[float, Field(ge=0.0)]
     interface_count: Annotated[int, Field(ge=0)]
     type_alias_count: Annotated[int, Field(ge=0)]

{code_analyser-1.0.2 → code_analyser-1.1.0}/tests/api/test_api.py

@@ -1,5 +1,7 @@
 import io
 import zipfile
+from importlib.metadata import version
+
 import pytest
 from fastapi.testclient import TestClient
 from conftest import VALID_PYTHON, VALID_HTML
@@ -17,6 +19,7 @@ def test_health(client):
     data = r.json()
     assert data["status"] == "ok"
     assert "uptime" in data
+    assert data["version"] == version("code-analyser")
 
 
 def test_analyse_python(client):

{code_analyser-1.0.2 → code_analyser-1.1.0}/tests/conftest.py

@@ -77,6 +77,18 @@ const double = (x) => x * 2;
 const asyncLoad = async () => { return await fetch('/api'); };
 """
 
+VALID_JSX = """\
+import React from 'react';
+
+const App = () => (
+  <div className="app">
+    <h1>Hello, world</h1>
+  </div>
+);
+
+export default App;
+"""
+
 VALID_TS = """\
 import { Component } from '@angular/core';
 

{code_analyser-1.0.2 → code_analyser-1.1.0}/tests/integration/test_full_pipeline.py

@@ -14,6 +14,7 @@ def no_network(monkeypatch):
     monkeypatch.setattr("httpx.post", _raise)
 
 
+@pytest.mark.slow
 def test_full_zip_integration(tmp_path):
     buf = io.BytesIO()
     with zipfile.ZipFile(buf, "w") as zf:

{code_analyser-1.0.2 → code_analyser-1.1.0}/tests/integration/test_pipeline.py

@@ -2,7 +2,7 @@ import io
 import zipfile
 import pytest
 from pathlib import Path
-from conftest import VALID_PYTHON, VALID_HTML, VALID_CSS
+from conftest import VALID_PYTHON, VALID_HTML, VALID_CSS, VALID_JSX
 from code_analyser.pipeline import CodeAnalyser
 from code_analyser.models import CodeAnalysis
 
@@ -66,6 +66,22 @@ def test_unsupported_single_file_raises(tmp_path):
         CodeAnalyser().analyse(p)
 
 
+def test_jsx_file_analyses_cleanly(tmp_path):
+    """End-to-end: a .jsx file routes through the pipeline with jsx=True
+    so esprima parses the JSX without error."""
+    p = tmp_path / "App.jsx"
+    p.write_text(VALID_JSX)
+    result = CodeAnalyser().analyse(p)
+    assert result.file_count == 1
+    f = result.files[0]
+    assert f.language == "javascript"
+    assert f.metrics is not None
+    assert f.metrics.syntax_valid is True
+    assert f.metrics.parse_error_count == 0
+    # The arrow `() => (...)` should be counted.
+    assert f.metrics.arrow_function_count >= 1
+
+
 def test_cross_file_has_package_json(tmp_path):
     zip_bytes = _make_zip(
         ("app.js", "console.log('hi')"),
@@ -75,10 +91,3 @@ def test_cross_file_has_package_json(tmp_path):
     p.write_bytes(zip_bytes)
     result = CodeAnalyser().analyse(p)
     assert result.cross_file.has_package_json is True
-
-
-def test_languages_detected(tmp_path):
-    p = tmp_path / "app.py"
-    p.write_text(VALID_PYTHON)
-    result = CodeAnalyser().analyse(p)
-    assert "python" in result.cross_file.languages_detected

code_analyser-1.1.0/tests/test_invariants.py

@@ -0,0 +1,57 @@
+"""Invariant tests — fast, run by default."""
+
+from importlib.metadata import version
+
+import pytest
+
+
+def test_package_imports_cleanly() -> None:
+    """The package must import. Smoke alarm for packaging bugs."""
+    import code_analyser  # noqa: F401
+    from code_analyser.api import app  # noqa: F401
+    from code_analyser.cli import main  # noqa: F401
+
+
+def test_package_exposes_version() -> None:
+    """code_analyser.__version__ must equal the installed package metadata."""
+    import code_analyser
+    assert code_analyser.__version__ == version("code-analyser")
+
+
+def test_health_version_matches_installed_package() -> None:
+    """/health must report the actual installed package version."""
+    from fastapi.testclient import TestClient
+    from code_analyser.api import app
+
+    client = TestClient(app)
+    response = client.get("/health")
+    assert response.status_code == 200
+    assert response.json()["version"] == version("code-analyser")
+
+
+def test_unsupported_extension_raises_loudly(tmp_path) -> None:
+    """Pipeline must raise on unsupported single-file input — not silently skip."""
+    from code_analyser.pipeline import CodeAnalyser
+
+    p = tmp_path / "image.png"
+    p.write_bytes(b"\x89PNG fake")
+    with pytest.raises(ValueError, match="Unsupported"):
+        CodeAnalyser().analyse(p)
+
+
+def test_llm_signals_none_without_extra(monkeypatch) -> None:
+    """Without [llm] extra installed, LLM signal calls return None — not crash.
+
+    Family pattern: optional features fail gracefully (return None) rather
+    than raising ImportError when the user didn't ask for them.
+
+    The local analyse_llm signature takes ``list[tuple[str, str]]`` and short-
+    circuits to ``([None]*N, None)`` when either anthropic isn't importable
+    or ``ANTHROPIC_API_KEY`` is missing — exercise the env-missing path.
+    """
+    from code_analyser.llm import analyse_llm
+
+    monkeypatch.delenv("ANTHROPIC_API_KEY", raising=False)
+    file_signals, top_signal = analyse_llm([("app.py", "print('hi')")])
+    assert file_signals == [None]
+    assert top_signal is None

{code_analyser-1.0.2 → code_analyser-1.1.0}/tests/unit/test_css_.py

@@ -59,9 +59,3 @@ def test_important_count(monkeypatch):
     css = "a{color:red!important}.b{font-size:12px!important}"
     m = analyse_css(css)
     assert m.important_count == 2
-
-
-def test_w3c_fallback(monkeypatch):
-    _no_network(monkeypatch)
-    m = analyse_css(VALID_CSS, timeout=1.0)
-    assert m.validator == "local"

code_analyser-1.1.0/tests/unit/test_javascript_.py

@@ -0,0 +1,59 @@
+from conftest import VALID_JS
+from code_analyser.core.javascript_ import analyse_javascript
+
+
+def test_function_count():
+    m = analyse_javascript(VALID_JS)
+    assert m.function_count == 1  # greet
+    assert m.arrow_function_count == 2  # double, asyncLoad
+
+
+def test_async_count():
+    m = analyse_javascript(VALID_JS)
+    assert m.async_function_count == 1  # asyncLoad
+
+
+def test_console_log():
+    m = analyse_javascript(VALID_JS)
+    assert m.console_log_count == 1
+
+
+def test_import_count():
+    m = analyse_javascript(VALID_JS)
+    assert m.import_count == 1  # the single `import { helper } from './utils.js';`
+
+
+def test_todo_count():
+    js = "// TODO: fix this\nfunction foo(){}"
+    m = analyse_javascript(js)
+    assert m.todo_count == 1
+
+
+def test_invalid_js():
+    m = analyse_javascript("function foo( {")
+    assert m.syntax_valid is False
+    assert m.parse_error_count == 1
+
+
+def test_comment_coverage():
+    # VALID_JS has 1 function (greet) + 2 arrows (double, asyncLoad) = 3 callable units.
+    # Exactly 1 line matches the comment-line regex (`// say hello`), so
+    # coverage = 1/3 ≈ 0.333. Anchor against the actual ratio rather than `>= 0.0`.
+    m = analyse_javascript(VALID_JS)
+    assert 0.30 < m.comment_coverage < 0.40
+
+
+def test_jsx_parsing_when_enabled():
+    """JSX expressions parse cleanly when jsx=True."""
+    src = "const App = () => <div>hello</div>;"
+    result = analyse_javascript(src, jsx=True)
+    assert result.syntax_valid is True
+    assert result.parse_error_count == 0
+    assert result.arrow_function_count == 1
+
+
+def test_jsx_fails_without_flag():
+    """JSX without jsx=True fails to parse (proves the flag actually does something)."""
+    src = "const App = () => <div>hello</div>;"
+    result = analyse_javascript(src, jsx=False)
+    assert result.syntax_valid is False

code_analyser-1.1.0/tests/unit/test_models.py

@@ -0,0 +1,144 @@
+"""Validation-focused tests for the public Pydantic models.
+
+This file used to be wall-to-wall echo-constructor tests ("construct with
+literal X, assert literal X back") — those are tautological because Pydantic
+already round-trips literals by definition. The trimmed file below keeps a
+couple of shape-validation cases and adds two real validator tests that
+exercise the constraints in models.py.
+"""
+
+import pytest
+from pydantic import ValidationError
+
+from code_analyser.models import (
+    CSSMetrics,
+    HTMLMetrics,
+    NotebookMetrics,
+    PythonMetrics,
+)
+
+
+def _python_metrics_kwargs(**overrides) -> dict:
+    """Minimal valid PythonMetrics kwargs; override any field per-test."""
+    base = dict(
+        syntax_valid=True,
+        lint_error_count=0,
+        lint_warning_count=0,
+        lint_violations=[],
+        cyclomatic_complexity=1.0,
+        max_nesting_depth=0,
+        loc=10,
+        comment_lines=2,
+        blank_lines=1,
+        function_count=1,
+        class_count=0,
+        docstring_coverage=1.0,
+        naming_convention="snake_case",
+        imports=["os"],
+        todo_count=0,
+        print_count=0,
+        type_annotation_coverage=1.0,
+        has_main_guard=False,
+        bare_except_count=0,
+        comprehension_count=0,
+    )
+    base.update(overrides)
+    return base
+
+
+def _html_metrics_kwargs(**overrides) -> dict:
+    base = dict(
+        syntax_valid=True,
+        parse_error_count=0,
+        validator="local",
+        w3c_errors=[],
+        has_doctype=True,
+        semantic_elements_used=[],
+        semantic_element_count=0,
+        div_count=0,
+        span_count=0,
+        div_to_semantic_ratio=None,
+        inline_script_count=0,
+        inline_style_count=0,
+        inline_event_handler_count=0,
+        comment_count=0,
+        external_scripts=[],
+        external_stylesheets=[],
+        cdn_count=0,
+        frameworks_detected=[],
+        img_alt_coverage=1.0,
+        form_label_coverage=1.0,
+        has_lang_attr=True,
+        has_title=True,
+        heading_hierarchy_valid=True,
+        aria_attribute_count=0,
+        ambiguous_link_count=0,
+    )
+    base.update(overrides)
+    return base
+
+
+def test_python_metrics_default_values():
+    """A valid construction round-trips and naming_convention enum holds."""
+    m = PythonMetrics(**_python_metrics_kwargs())
+    # Spot-check a handful of fields — not the full echo battery.
+    assert m.syntax_valid is True
+    assert m.naming_convention == "snake_case"
+    assert m.lint_violations == []  # list default preserved
+
+
+def test_notebook_metrics_default_python_metrics_is_none():
+    """NotebookMetrics.python_metrics defaults to None when omitted."""
+    n = NotebookMetrics(
+        code_cell_count=2,
+        markdown_cell_count=1,
+        has_outputs=False,
+        output_cell_count=0,
+        execution_order_valid=True,
+        magic_command_count=1,
+    )
+    assert n.python_metrics is None
+    assert n.code_cell_count == 2
+
+
+def test_html_metrics_default_construction():
+    """HTMLMetrics constructs with a valid 'local' validator and minimal fields."""
+    m = HTMLMetrics(**_html_metrics_kwargs())
+    assert m.validator == "local"
+    assert m.div_to_semantic_ratio is None
+
+
+def test_python_metrics_rejects_negative_loc():
+    """PythonMetrics.loc has Field(ge=0); negative values must be rejected."""
+    with pytest.raises(ValidationError):
+        PythonMetrics(**_python_metrics_kwargs(loc=-1))
+
+
+def test_html_metrics_rejects_invalid_validator_literal():
+    """HTMLMetrics.validator is Literal["w3c", "local"]; bogus values rejected."""
+    with pytest.raises(ValidationError):
+        HTMLMetrics(**_html_metrics_kwargs(validator="bogus"))
+
+
+def test_css_metrics_rejects_invalid_dominant_layout():
+    """CSSMetrics.dominant_layout is a closed Literal; bogus values rejected."""
+    with pytest.raises(ValidationError):
+        CSSMetrics(
+            syntax_valid=True,
+            parse_error_count=0,
+            validator="local",
+            w3c_errors=[],
+            w3c_warnings=[],
+            rule_count=0,
+            selector_count=0,
+            important_count=0,
+            duplicate_selector_count=0,
+            media_query_count=0,
+            custom_property_count=0,
+            comment_count=0,
+            float_count=0,
+            flexbox_count=0,
+            grid_count=0,
+            dominant_layout="bogus",  # invalid Literal
+            float_used_for_layout=False,
+        )

{code_analyser-1.0.2 → code_analyser-1.1.0}/tests/unit/test_python_.py

@@ -1,9 +1,12 @@
 # tests/unit/test_python_.py
+import shutil
+
 import pytest
 from conftest import VALID_PYTHON, PYTHON_WITH_ISSUES
 from code_analyser.core.python_ import analyse_python
 
 
+@pytest.mark.slow
 def test_valid_python_signals():
     m = analyse_python(VALID_PYTHON)
     assert m.syntax_valid is True
@@ -66,9 +69,17 @@ def test_comprehensions():
     assert m.comprehension_count == 3
 
 
+@pytest.mark.slow
 def test_ruff_violations_shape():
-    # ruff may or may not be installed; if it is, violations have code/line/message
+    """ruff is invoked as a subprocess in python_._run_ruff; skip when the
+    binary is not on PATH. PYTHON_WITH_ISSUES has bare except / unused
+    imports / etc., so when ruff IS available we expect at least one
+    violation — without that assertion the for-loop is vacuous.
+    """
+    if shutil.which("ruff") is None:
+        pytest.skip("ruff binary not on PATH; cannot exercise lint subprocess")
     m = analyse_python(PYTHON_WITH_ISSUES)
+    assert len(m.lint_violations) > 0
     for v in m.lint_violations:
         assert isinstance(v.code, str)
         assert isinstance(v.line, int)

code_analyser-1.1.0/tests/unit/test_sql_.py

@@ -0,0 +1,73 @@
+from conftest import VALID_SQL, UNSAFE_SQL
+from code_analyser.core.sql_ import analyse_sql
+
+
+def test_statement_count():
+    m = analyse_sql(VALID_SQL)
+    assert m.statement_count == 5
+
+
+def test_query_types():
+    m = analyse_sql(VALID_SQL)
+    assert m.query_types.get("SELECT", 0) >= 1
+    assert m.query_types.get("INSERT", 0) == 1
+    assert m.query_types.get("UPDATE", 0) == 1
+    assert m.query_types.get("DELETE", 0) == 1
+
+
+def test_join_count():
+    m = analyse_sql(VALID_SQL)
+    assert m.join_count == 1
+
+
+def test_no_unsafe_patterns():
+    m = analyse_sql(VALID_SQL)
+    assert m.unsafe_patterns == []
+
+
+def test_unsafe_patterns():
+    """UNSAFE_SQL fixture: UPDATE-without-WHERE, DELETE-without-WHERE, SELECT *
+    — assert each pattern fired explicitly rather than hiding behind an or-chain.
+    """
+    m = analyse_sql(UNSAFE_SQL)
+    assert len(m.unsafe_patterns) == 3
+    assert "UPDATE without WHERE" in m.unsafe_patterns
+    assert "DELETE without WHERE" in m.unsafe_patterns
+    assert "SELECT *" in m.unsafe_patterns
+
+
+def test_subquery_depth():
+    """`subquery_depth` counts real SELECT-statement nesting via sqlparse.
+    Three nested SELECTs -> depth 3.
+    """
+    sql = "SELECT * FROM (SELECT id FROM (SELECT id FROM users) t1) t2;"
+    m = analyse_sql(sql)
+    assert m.subquery_depth == 3
+
+
+def test_no_subquery_with_nested_parens():
+    """Nested parens that DO NOT contain SELECT must not inflate depth.
+
+    Pins the bug in the previous paren-counting implementation:
+    `SELECT (a + (b + c)) FROM t` had three levels of parens but zero
+    nested subqueries, so the correct depth is 1.
+    """
+    m = analyse_sql("SELECT (a + (b + c)) FROM t")
+    assert m.subquery_depth == 1
+
+
+def test_three_level_subquery():
+    """Three real SELECTs nested via IN (...) clauses -> depth 3."""
+    sql = (
+        "SELECT id FROM users WHERE x IN "
+        "(SELECT y FROM t WHERE z IN (SELECT a FROM u))"
+    )
+    m = analyse_sql(sql)
+    assert m.subquery_depth == 3
+
+
+def test_unsafe_sql_subquery_depth():
+    """UNSAFE_SQL fixture is three flat statements (UPDATE, DELETE, SELECT *) —
+    no nested SELECTs, so depth is 1 (the top-level SELECT)."""
+    m = analyse_sql(UNSAFE_SQL)
+    assert m.subquery_depth == 1

code_analyser-1.1.0/tests/unit/test_typescript_.py

@@ -0,0 +1,59 @@
+from conftest import VALID_TS
+from code_analyser.core.typescript_ import analyse_typescript
+
+
+def test_function_count():
+    m = analyse_typescript(VALID_TS)
+    assert m.function_count == 1  # greet
+
+
+def test_interface_count():
+    m = analyse_typescript(VALID_TS)
+    assert m.interface_count == 1  # User
+
+
+def test_type_alias_count():
+    m = analyse_typescript(VALID_TS)
+    assert m.type_alias_count == 1  # ID
+
+
+def test_type_annotation_coverage_positive():
+    m = analyse_typescript(VALID_TS)
+    assert m.type_annotation_coverage > 0.0
+
+
+def test_import_count():
+    m = analyse_typescript(VALID_TS)
+    assert m.import_count == 1
+
+
+def test_arrow_function_count():
+    m = analyse_typescript(VALID_TS)
+    assert m.arrow_function_count == 1  # add
+
+
+def test_typescript_unmatched_braces():
+    """Brace-balance heuristic flags clearly unbalanced braces as not-balanced."""
+    # typescript_.analyse_typescript: syntax_valid = abs(open - close) <= 3.
+    # Source below has 5 `{` and 0 `}`, so the diff is 5 → syntax_valid is False.
+    result = analyse_typescript(
+        "function foo() { if (a) { if (b) { if (c) { if (d) { return 42"
+    )
+    assert result.syntax_valid is False
+
+
+def test_brace_heuristic_misses_real_syntax_errors():
+    """The brace heuristic is NOT a real TS parser.
+
+    This source is syntactically invalid TypeScript (missing `)` after `(x`)
+    but the open and close braces are balanced, so the heuristic reports
+    `syntax_valid=True`. This test pins the documented limitation: brace
+    balance is not parsing. Its existence is the contract — when (if) we
+    ever add a real parser via the [parser] extra, this test will need
+    to be updated, and that's the signal.
+    """
+    src = "function foo() { if (x { return; } }"
+    # Sanity: braces ARE balanced (3 open, 3 close).
+    assert src.count("{") == src.count("}")
+    result = analyse_typescript(src)
+    assert result.syntax_valid is True

{code_analyser-1.0.2 → code_analyser-1.1.0}/uv.lock

@@ -68,7 +68,7 @@ wheels = [
 
 [[package]]
 name = "code-analyser"
-version = "1.0.2"
+version = "1.0.3"
 source = { editable = "." }
 dependencies = [
     { name = "esprima" },

code_analyser-1.0.2/src/code_analyser/__init__.py

@@ -1,4 +0,0 @@
-from .models import CodeAnalysis
-from .pipeline import CodeAnalyser
-
-__all__ = ["CodeAnalyser", "CodeAnalysis"]

code_analyser-1.0.2/src/code_analyser/core/sql_.py

@@ -1,55 +0,0 @@
-# src/code_analyser/core/sql_.py
-from __future__ import annotations
-import re
-
-import sqlparse
-from sqlparse.sql import Where
-
-from ..models import SQLMetrics
-
-_JOIN_RE = re.compile(r"\bJOIN\b", re.IGNORECASE)
-_SELECT_STAR_RE = re.compile(r"\bSELECT\s+\*", re.IGNORECASE)
-
-
-def analyse_sql(source: str) -> SQLMetrics:
-    statements = [s for s in sqlparse.parse(source) if str(s).strip()]
-
-    query_types: dict[str, int] = {}
-    join_count = 0
-    unsafe: list[str] = []
-
-    for stmt in statements:
-        stype = (stmt.get_type() or "UNKNOWN").upper()
-        query_types[stype] = query_types.get(stype, 0) + 1
-
-        stmt_str = str(stmt)
-        join_count += len(_JOIN_RE.findall(stmt_str))
-
-        if stype == "UPDATE" and not any(isinstance(tok, Where) for tok in stmt.tokens):
-            unsafe.append("UPDATE without WHERE")
-        elif stype == "DELETE" and not any(isinstance(tok, Where) for tok in stmt.tokens):
-            unsafe.append("DELETE without WHERE")
-        if _SELECT_STAR_RE.search(stmt_str):
-            unsafe.append("SELECT *")
-
-    subquery_depth = _max_subquery_depth(source)
-
-    return SQLMetrics(
-        statement_count=len(statements),
-        query_types=query_types,
-        join_count=join_count,
-        subquery_depth=subquery_depth,
-        unsafe_patterns=list(dict.fromkeys(unsafe)),
-    )
-
-
-def _max_subquery_depth(source: str) -> int:
-    depth = 0
-    max_depth = 0
-    for ch in source:
-        if ch == "(":
-            depth += 1
-            max_depth = max(max_depth, depth)
-        elif ch == ")":
-            depth = max(0, depth - 1)
-    return max_depth

code_analyser-1.0.2/tests/unit/test_javascript_.py

@@ -1,46 +0,0 @@
-from conftest import VALID_JS
-from code_analyser.core.javascript_ import analyse_javascript
-
-
-def test_function_count():
-    m = analyse_javascript(VALID_JS)
-    assert m.function_count == 1  # greet
-    assert m.arrow_function_count == 2  # double, asyncLoad
-
-
-def test_async_count():
-    m = analyse_javascript(VALID_JS)
-    assert m.async_function_count == 1  # asyncLoad
-
-
-def test_console_log():
-    m = analyse_javascript(VALID_JS)
-    assert m.console_log_count == 1
-
-
-def test_import_count():
-    m = analyse_javascript(VALID_JS)
-    assert m.import_count >= 1
-
-
-def test_todo_count():
-    js = "// TODO: fix this\nfunction foo(){}"
-    m = analyse_javascript(js)
-    assert m.todo_count == 1
-
-
-def test_invalid_js():
-    m = analyse_javascript("function foo( {")
-    assert m.syntax_valid is False
-    assert m.parse_error_count == 1
-
-
-def test_comment_coverage():
-    m = analyse_javascript(VALID_JS)
-    assert m.comment_coverage >= 0.0
-
-
-def test_jsx_mode():
-    jsx = "const el = <div className='foo'>Hello</div>;"
-    m = analyse_javascript(jsx, jsx=True)
-    assert isinstance(m.syntax_valid, bool)

code_analyser-1.0.2/tests/unit/test_models.py

@@ -1,116 +0,0 @@
-from code_analyser.models import (
-    LintViolation, PythonMetrics, NotebookMetrics,
-    W3CError, W3CCSSError, ExternalResource,
-    HTMLMetrics, CSSMetrics, JSMetrics, TSMetrics, SQLMetrics,
-    CrossFileSignals, FileLLMSignals, TopLevelLLMSignals,
-    FileAnalysis, CodeAnalysis,
-)
-
-
-def test_python_metrics_defaults():
-    m = PythonMetrics(
-        syntax_valid=True, lint_error_count=0, lint_warning_count=0,
-        lint_violations=[], cyclomatic_complexity=1.0, max_nesting_depth=0,
-        loc=10, comment_lines=2, blank_lines=1, function_count=1,
-        class_count=0, docstring_coverage=1.0, naming_convention="snake_case",
-        imports=["os"], todo_count=0, print_count=0,
-        type_annotation_coverage=1.0, has_main_guard=False,
-        bare_except_count=0, comprehension_count=0,
-    )
-    assert m.syntax_valid is True
-    assert m.naming_convention == "snake_case"
-
-
-def test_notebook_metrics():
-    from code_analyser.models import PythonMetrics
-    pm = PythonMetrics(
-        syntax_valid=True, lint_error_count=0, lint_warning_count=0,
-        lint_violations=[], cyclomatic_complexity=1.0, max_nesting_depth=0,
-        loc=5, comment_lines=0, blank_lines=0, function_count=0,
-        class_count=0, docstring_coverage=0.0, naming_convention="unknown",
-        imports=[], todo_count=0, print_count=1, type_annotation_coverage=0.0,
-        has_main_guard=False, bare_except_count=0, comprehension_count=0,
-    )
-    n = NotebookMetrics(
-        code_cell_count=2, markdown_cell_count=1, has_outputs=False,
-        output_cell_count=0, execution_order_valid=True, magic_command_count=1,
-        python_metrics=pm,
-    )
-    assert n.code_cell_count == 2
-    assert n.python_metrics is not None
-
-
-def test_html_metrics():
-    m = HTMLMetrics(
-        syntax_valid=True, parse_error_count=0, validator="local", w3c_errors=[],
-        has_doctype=True, semantic_elements_used=["header", "main"],
-        semantic_element_count=2, div_count=0, span_count=0,
-        div_to_semantic_ratio=None, inline_script_count=0,
-        inline_style_count=0, inline_event_handler_count=0, comment_count=0,
-        external_scripts=[], external_stylesheets=[], cdn_count=0,
-        frameworks_detected=[], img_alt_coverage=1.0, form_label_coverage=1.0,
-        has_lang_attr=True, has_title=True, heading_hierarchy_valid=True,
-        aria_attribute_count=0, ambiguous_link_count=0,
-    )
-    assert m.validator == "local"
-    assert m.div_to_semantic_ratio is None
-
-
-def test_css_metrics():
-    m = CSSMetrics(
-        syntax_valid=True, parse_error_count=0, validator="local",
-        w3c_errors=[], w3c_warnings=[], rule_count=3, selector_count=3,
-        important_count=0, duplicate_selector_count=0, media_query_count=1,
-        custom_property_count=1, comment_count=0, float_count=0,
-        flexbox_count=1, grid_count=1, dominant_layout="mixed",
-        float_used_for_layout=False,
-    )
-    assert m.dominant_layout == "mixed"
-
-
-def test_js_metrics():
-    m = JSMetrics(
-        syntax_valid=True, parse_error_count=0, function_count=1,
-        arrow_function_count=1, async_function_count=1, console_log_count=1,
-        import_count=1, comment_coverage=1.0, todo_count=0,
-    )
-    assert m.function_count == 1
-
-
-def test_ts_metrics_extends_js():
-    m = TSMetrics(
-        syntax_valid=True, parse_error_count=0, function_count=2,
-        arrow_function_count=1, async_function_count=0, console_log_count=0,
-        import_count=1, comment_coverage=0.5, todo_count=0,
-        type_annotation_coverage=0.8, interface_count=1, type_alias_count=1,
-    )
-    assert m.interface_count == 1
-
-
-def test_sql_metrics():
-    m = SQLMetrics(
-        statement_count=3, query_types={"SELECT": 2, "INSERT": 1},
-        join_count=1, subquery_depth=0, unsafe_patterns=[],
-    )
-    assert m.query_types["SELECT"] == 2
-
-
-def test_code_analysis_structure():
-    from code_analyser.models import PythonMetrics, FileAnalysis, CrossFileSignals, CodeAnalysis
-    pm = PythonMetrics(
-        syntax_valid=True, lint_error_count=0, lint_warning_count=0,
-        lint_violations=[], cyclomatic_complexity=1.0, max_nesting_depth=0,
-        loc=10, comment_lines=2, blank_lines=1, function_count=1,
-        class_count=0, docstring_coverage=1.0, naming_convention="snake_case",
-        imports=[], todo_count=0, print_count=0, type_annotation_coverage=1.0,
-        has_main_guard=False, bare_except_count=0, comprehension_count=0,
-    )
-    fa = FileAnalysis(filename="app.py", language="python", metrics=pm, llm_signals=None)
-    cf = CrossFileSignals(
-        file_count=1, languages_detected=["python"], import_graph={},
-        unrecognised_files=[], has_package_json=False, frameworks_detected=[],
-    )
-    ca = CodeAnalysis(input="app.py", file_count=1, languages_detected=["python"],
-                      files=[fa], cross_file=cf, llm_signals=None)
-    assert ca.file_count == 1
-    assert ca.files[0].language == "python"

code_analyser-1.0.2/tests/unit/test_sql_.py

@@ -1,38 +0,0 @@
-from conftest import VALID_SQL, UNSAFE_SQL
-from code_analyser.core.sql_ import analyse_sql
-
-
-def test_statement_count():
-    m = analyse_sql(VALID_SQL)
-    assert m.statement_count == 5
-
-
-def test_query_types():
-    m = analyse_sql(VALID_SQL)
-    assert m.query_types.get("SELECT", 0) >= 1
-    assert m.query_types.get("INSERT", 0) == 1
-    assert m.query_types.get("UPDATE", 0) == 1
-    assert m.query_types.get("DELETE", 0) == 1
-
-
-def test_join_count():
-    m = analyse_sql(VALID_SQL)
-    assert m.join_count == 1
-
-
-def test_no_unsafe_patterns():
-    m = analyse_sql(VALID_SQL)
-    assert m.unsafe_patterns == []
-
-
-def test_unsafe_patterns():
-    m = analyse_sql(UNSAFE_SQL)
-    assert len(m.unsafe_patterns) > 0
-    patterns_str = " ".join(m.unsafe_patterns)
-    assert "UPDATE" in patterns_str or "DELETE" in patterns_str or "SELECT *" in patterns_str
-
-
-def test_subquery_depth():
-    sql = "SELECT * FROM (SELECT id FROM (SELECT id FROM users) t1) t2;"
-    m = analyse_sql(sql)
-    assert m.subquery_depth >= 2

code_analyser-1.0.2/tests/unit/test_typescript_.py

@@ -1,37 +0,0 @@
-from conftest import VALID_TS
-from code_analyser.core.typescript_ import analyse_typescript
-
-
-def test_function_count():
-    m = analyse_typescript(VALID_TS)
-    assert m.function_count >= 1  # greet
-
-
-def test_interface_count():
-    m = analyse_typescript(VALID_TS)
-    assert m.interface_count == 1  # User
-
-
-def test_type_alias_count():
-    m = analyse_typescript(VALID_TS)
-    assert m.type_alias_count == 1  # ID
-
-
-def test_type_annotation_coverage_positive():
-    m = analyse_typescript(VALID_TS)
-    assert m.type_annotation_coverage > 0.0
-
-
-def test_import_count():
-    m = analyse_typescript(VALID_TS)
-    assert m.import_count >= 1
-
-
-def test_arrow_function_count():
-    m = analyse_typescript(VALID_TS)
-    assert m.arrow_function_count >= 1  # add
-
-
-def test_syntax_valid_flag():
-    m = analyse_typescript(VALID_TS)
-    assert isinstance(m.syntax_valid, bool)