PyPI - code-review-forge - Versions diffs - 2.0.0a1__py3-none-any.whl - Mend

code-review-forge 2.0.0a1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (62) hide show

code_forge/__init__.py +14 -0
code_forge/__main__.py +8 -0
code_forge/autofix.py +78 -0
code_forge/baseline.py +216 -0
code_forge/cli.py +983 -0
code_forge/delta.py +65 -0
code_forge/diagnose.py +109 -0
code_forge/diff.py +82 -0
code_forge/disposition.py +32 -0
code_forge/e2e_check.py +641 -0
code_forge/env_resolver.py +91 -0
code_forge/errors.py +34 -0
code_forge/exit_codes.py +37 -0
code_forge/factories.py +191 -0
code_forge/falsify.py +85 -0
code_forge/gate_check.py +466 -0
code_forge/git.py +351 -0
code_forge/hold.py +126 -0
code_forge/install_hooks.py +331 -0
code_forge/lock.py +162 -0
code_forge/machine.py +792 -0
code_forge/mode_resolver.py +60 -0
code_forge/mutation.py +380 -0
code_forge/parsers/__init__.py +56 -0
code_forge/parsers/_sarif.py +77 -0
code_forge/parsers/base.py +65 -0
code_forge/parsers/checkpatch.py +66 -0
code_forge/parsers/clippy.py +85 -0
code_forge/parsers/non_ascii.py +47 -0
code_forge/parsers/ruff.py +18 -0
code_forge/parsers/semgrep.py +18 -0
code_forge/parsers/shellcheck.py +56 -0
code_forge/registry.py +153 -0
code_forge/reporter.py +133 -0
code_forge/runner.py +205 -0
code_forge/sarif.py +226 -0
code_forge/skills/adversarial-qe/SKILL.md +272 -0
code_forge/skills/code-forge/SKILL.md +1193 -0
code_forge/skills/code-review-expert/SKILL.md +162 -0
code_forge/skills/code-review-expert/references/code-quality-checklist.md +130 -0
code_forge/skills/code-review-expert/references/removal-plan.md +52 -0
code_forge/skills/code-review-expert/references/security-checklist.md +118 -0
code_forge/skills/code-review-expert/references/solid-checklist.md +65 -0
code_forge/skills/kernel-fp-verify/SKILL.md +101 -0
code_forge/skills/qodo-review/SKILL.md +135 -0
code_forge/skills/smoke-test/SKILL.md +253 -0
code_forge/skills/smoke-test/references/boundary-cases.md +114 -0
code_forge/skills/smoke-test/references/concurrency-patterns.md +306 -0
code_forge/skills/smoke-test/references/injection-payloads.md +124 -0
code_forge/skills/smoke-test/test-library/shell/README.md +271 -0
code_forge/skills/smoke-test/test-library/shell/primitives.sh +352 -0
code_forge/skills/smoke-test/test-library/shell/primitives_test.sh +324 -0
code_forge/snapshot.py +196 -0
code_forge/source.py +64 -0
code_forge/state.py +246 -0
code_forge/verdict.py +43 -0
code_review_forge-2.0.0a1.dist-info/METADATA +237 -0
code_review_forge-2.0.0a1.dist-info/RECORD +62 -0
code_review_forge-2.0.0a1.dist-info/WHEEL +5 -0
code_review_forge-2.0.0a1.dist-info/entry_points.txt +2 -0
code_review_forge-2.0.0a1.dist-info/licenses/LICENSE +179 -0
code_review_forge-2.0.0a1.dist-info/top_level.txt +1 -0

code_forge/parsers/checkpatch.py ADDED Viewed

@@ -0,0 +1,66 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2026, Minxi Hou <houminxi@gmail.com>
+"""Parse checkpatch.pl emacs-format output into Finding objects."""
+import re
+from code_forge.parsers.base import Finding, ToolError
+# checkpatch --emacs --show-types output format:
+# file.c:42: WARNING:LONG_LINE: line length 82 exceeds 80 columns
+_CHECKPATCH_RE = re.compile(
+    r"^(.+):(\d+):\s+(WARNING|ERROR|CHECK):(\S+):\s+(.+)$"
+)
+_SUMMARY_RE = re.compile(r"^total:\s+", re.IGNORECASE)
+def parse_checkpatch(
+    output: str,
+    tool_name: str = "checkpatch",
+    exit_code: int = 0,
+) -> list[Finding | ToolError]:
+    """Parse checkpatch.pl --emacs output.
+    Returns:
+        [] on empty string (clean run).
+        [Finding, ...] on valid output with violations.
+        [ToolError] if non-empty input has no regex matches AND no
+                    summary line (indicates corrupt output).
+    """
+    if not output.strip():
+        return []
+    findings = []
+    has_summary = False
+    for line in output.splitlines():
+        stripped = line.strip()
+        if not stripped:
+            continue
+        if _SUMMARY_RE.match(stripped):
+            has_summary = True
+            continue
+        m = _CHECKPATCH_RE.match(stripped)
+        if m:
+            findings.append(Finding(
+                file=m.group(1),
+                line=int(m.group(2)),
+                end_line=int(m.group(2)),
+                column=0,
+                rule_id=m.group(4),
+                level=m.group(3).lower(),
+                message=m.group(5),
+                tool_name=tool_name,
+            ))
+    # Non-empty input, zero matches, no summary -> corrupt
+    if not findings and not has_summary:
+        return [ToolError(
+            tool_name=tool_name,
+            exit_code=exit_code,
+            stderr="",
+            message=f"Failed to parse {tool_name} output: no matches",
+        )]
+    return findings

code_forge/parsers/clippy.py ADDED Viewed

@@ -0,0 +1,85 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2026, Minxi Hou <houminxi@gmail.com>
+"""Parse cargo clippy JSON diagnostic output into Finding objects."""
+import json
+from code_forge.parsers.base import Finding, ToolError
+def parse_clippy(
+    output: str,
+    tool_name: str = "clippy",
+    exit_code: int = 0,
+) -> list[Finding | ToolError]:
+    """Parse cargo clippy --message-format=json output.
+    Cargo emits one JSON object per line.  Only lines with
+    reason="compiler-message" and level in (warning, error) are
+    relevant.  Non-diagnostic lines (build-script-executed, etc.)
+    are silently skipped.
+    Returns:
+        [] on empty string (clean run).
+        [Finding, ...] on valid output with diagnostics.
+        [ToolError] if ALL lines fail JSON parse and input is non-empty.
+    """
+    if not output.strip():
+        return []
+    findings = []
+    parse_failures = 0
+    total_lines = 0
+    for raw_line in output.splitlines():
+        stripped = raw_line.strip()
+        if not stripped:
+            continue
+        total_lines += 1
+        try:
+            obj = json.loads(stripped)
+        except (json.JSONDecodeError, ValueError):
+            parse_failures += 1
+            continue
+        if obj.get("reason") != "compiler-message":
+            continue
+        msg = obj.get("message", {})
+        level = msg.get("level", "")
+        if level not in ("warning", "error"):
+            continue
+        spans = msg.get("spans")
+        if not spans:
+            continue  # empty spans -- no file location
+        span = spans[0]
+        code_obj = msg.get("code")
+        if code_obj is not None:
+            rule_id = code_obj.get("code", "unknown")
+        else:
+            rule_id = "unknown"
+        line_start = span.get("line_start", 0)
+        findings.append(Finding(
+            file=span.get("file_name", ""),
+            line=line_start,
+            end_line=(span.get("line_end") or line_start),
+            column=(span.get("column_start") or 0),
+            rule_id=rule_id,
+            level=level,
+            message=msg.get("message", ""),
+            tool_name=tool_name,
+        ))
+    # If all lines failed JSON parse, output is corrupt
+    if total_lines > 0 and parse_failures == total_lines:
+        return [ToolError(
+            tool_name=tool_name,
+            exit_code=exit_code,
+            stderr="",
+            message=f"Failed to parse {tool_name} output: no valid JSON",
+        )]
+    return findings

code_forge/parsers/non_ascii.py ADDED Viewed

@@ -0,0 +1,47 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2026, Minxi Hou <houminxi@gmail.com>
+"""Parse grep -Pn non-ASCII output into Finding objects."""
+import re
+from code_forge.parsers.base import Finding, ToolError
+# grep -Pn output: filename:lineno:content
+_GREP_LINE_RE = re.compile(r"^(.+?):(\d+):(.+)$")
+def parse_non_ascii(
+    output: str,
+    tool_name: str = "non_ascii",
+    exit_code: int = 0,
+) -> list[Finding | ToolError]:
+    """Parse grep -Pn '[^\\x00-\\x7F]' output.
+    Returns:
+        [] on empty string (clean run).
+        [Finding, ...] on valid grep output with matches.
+        [] on non-matching lines (grep found nothing parseable).
+    """
+    if not output.strip():
+        return []
+    findings = []
+    for line in output.splitlines():
+        stripped = line.strip()
+        if not stripped:
+            continue
+        m = _GREP_LINE_RE.match(stripped)
+        if m:
+            content = m.group(3).strip()
+            findings.append(Finding(
+                file=m.group(1),
+                line=int(m.group(2)),
+                end_line=int(m.group(2)),
+                column=0,
+                rule_id="NON_ASCII",
+                level="error",
+                message=f"non-ASCII character found: {content}",
+                tool_name=tool_name,
+            ))
+    return findings

code_forge/parsers/ruff.py ADDED Viewed

@@ -0,0 +1,18 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2026, Minxi Hou <houminxi@gmail.com>
+"""Parse ruff SARIF output into Finding objects."""
+from code_forge.parsers.base import Finding, ToolError
+from code_forge.parsers._sarif import _parse_sarif
+def parse_ruff(
+    output: str,
+    tool_name: str = "ruff",
+    exit_code: int = 0,
+) -> list[Finding | ToolError]:
+    """Parse ruff --output-format sarif output.
+    Thin wrapper around shared SARIF parser with tool_name="ruff".
+    """
+    return _parse_sarif(output, tool_name=tool_name, exit_code=exit_code)

code_forge/parsers/semgrep.py ADDED Viewed

@@ -0,0 +1,18 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2026, Minxi Hou <houminxi@gmail.com>
+"""Parse semgrep SARIF output into Finding objects."""
+from code_forge.parsers.base import Finding, ToolError
+from code_forge.parsers._sarif import _parse_sarif
+def parse_semgrep(
+    output: str,
+    tool_name: str = "semgrep",
+    exit_code: int = 0,
+) -> list[Finding | ToolError]:
+    """Parse semgrep --sarif output.
+    Thin wrapper around shared SARIF parser with tool_name="semgrep".
+    """
+    return _parse_sarif(output, tool_name=tool_name, exit_code=exit_code)

code_forge/parsers/shellcheck.py ADDED Viewed

@@ -0,0 +1,56 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2026, Minxi Hou <houminxi@gmail.com>
+"""Parse shellcheck JSON output into Finding objects."""
+import json
+from code_forge.parsers.base import Finding, ToolError
+def parse_shellcheck(
+    output: str,
+    tool_name: str = "shellcheck",
+    exit_code: int = 0,
+) -> list[Finding | ToolError]:
+    """Parse shellcheck -f json output.
+    Returns:
+        [] on empty string (clean run).
+        [Finding, ...] on valid output with findings.
+        [ToolError] on malformed/unparseable output.
+    """
+    if not output.strip():
+        return []
+    try:
+        raw = json.loads(output)
+    except (json.JSONDecodeError, ValueError):
+        return [ToolError(
+            tool_name=tool_name,
+            exit_code=exit_code,
+            stderr="",
+            message=f"Failed to parse {tool_name} JSON output",
+        )]
+    findings = []
+    try:
+        for item in raw:
+            findings.append(Finding(
+                file=item["file"],
+                line=item["line"],
+                # Round 3 H-1: use `or` to handle JSON null values
+                end_line=(item.get("endLine") or item["line"]),
+                column=(item.get("column") or 0),
+                rule_id=f"SC{item['code']}",
+                level=item.get("level", "warning"),
+                message=item["message"],
+                tool_name=tool_name,
+                fix=None,
+            ))
+    except (KeyError, TypeError, AttributeError):
+        return [ToolError(
+            tool_name=tool_name,
+            exit_code=exit_code,
+            stderr="",
+            message=f"Failed to parse {tool_name} output: missing fields",
+        )]
+    return findings

code_forge/registry.py ADDED Viewed

@@ -0,0 +1,153 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2026, Minxi Hou <houminxi@gmail.com>
+"""YAML tool registry loader and file matcher.
+Reads .code-forge/tools.yaml and returns structured ToolConfig objects.
+Validates required fields and filters disabled entries (Round 3 C-4).
+"""
+import logging
+from dataclasses import dataclass, field
+from fnmatch import fnmatch
+from typing import Optional
+import yaml
+logger = logging.getLogger(__name__)
+# Known parser keys -- warn on unknown but do not reject
+_KNOWN_FORMATS = frozenset({
+    "shellcheck_json",
+    "ruff_json",
+    "semgrep_json",
+    "checkpatch",
+    "pylint_json",
+    "clippy_json",
+    "golangci_json",
+})
+# Fields that must be present in each tool entry
+_REQUIRED_FIELDS = ("command", "output_format", "file_patterns")
+@dataclass
+class ToolConfig:
+    """Configuration for a single tool in the registry."""
+    name: str
+    command: str
+    args: list[str]
+    output_format: str          # parser dispatch key
+    file_patterns: list[str]    # glob patterns (e.g. ["*.sh", "*.bash"])
+    required: bool = False
+    timeout: int = 30
+    exclude_patterns: list[str] = field(default_factory=list)
+    working_dir: Optional[str] = None  # e.g. "cargo_root"
+    enabled: bool = True        # Round 3 C-4: allows disabling tools
+def load_registry(yaml_path: str) -> dict[str, ToolConfig]:
+    """Load .code-forge/tools.yaml, validate, return {name: ToolConfig}.
+    Filters out entries where enabled=False (Round 3 C-4).
+    Raises:
+        FileNotFoundError: if yaml_path does not exist
+        ValueError: if a tool entry is missing required fields
+    """
+    with open(yaml_path, "r", encoding="utf-8") as f:
+        try:
+            data = yaml.safe_load(f)
+        except yaml.YAMLError as e:
+            raise ValueError(f"Invalid YAML in {yaml_path}: {e}") from e
+    if data is None or "tools" not in data:
+        return {}
+    tools = data["tools"]
+    if not tools:
+        return {}
+    if not isinstance(tools, dict):
+        raise ValueError(
+            f"{yaml_path}: 'tools' must be a mapping, got {type(tools).__name__}"
+        )
+    registry = {}
+    for name, entry in tools.items():
+        if not isinstance(entry, dict):
+            raise ValueError(
+                "Tool '%s': entry must be a mapping, got %s"
+                % (name, type(entry).__name__)
+            )
+        # Validate required fields
+        for req in _REQUIRED_FIELDS:
+            if req not in entry:
+                raise ValueError(
+                    "Tool '%s': missing required field '%s'" % (name, req)
+                )
+        for list_field in ("args", "file_patterns", "exclude_patterns"):
+            val = entry.get(list_field)
+            if val is None and list_field in _REQUIRED_FIELDS:
+                raise ValueError(
+                    "Tool '%s': required field '%s' cannot be null"
+                    % (name, list_field)
+                )
+            if val is not None and not isinstance(val, list):
+                raise ValueError(
+                    "Tool '%s': '%s' must be a list, got %s"
+                    % (name, list_field, type(val).__name__)
+                )
+        fmt = entry["output_format"]
+        if fmt not in _KNOWN_FORMATS:
+            logger.warning(
+                "Tool '%s': unknown output_format '%s'", name, fmt
+            )
+        tc = ToolConfig(
+            name=name,
+            command=entry["command"],
+            args=entry.get("args", []),
+            output_format=fmt,
+            file_patterns=entry["file_patterns"],
+            required=entry.get("required", False),
+            timeout=entry.get("timeout", 30),
+            exclude_patterns=entry.get("exclude_patterns", []),
+            working_dir=entry.get("working_dir"),
+            enabled=entry.get("enabled", True),
+        )
+        # Filter disabled entries (Round 3 C-4)
+        if not tc.enabled:
+            continue
+        registry[name] = tc
+    return registry
+def match_tools(
+    registry: dict[str, ToolConfig],
+    files: list[str],
+) -> dict[str, list[str]]:
+    """Return {tool_name: [matching_files]} for given file list.
+    Only considers enabled tools (registry already filtered by
+    load_registry). Files matching exclude_patterns are removed.
+    """
+    result = {}
+    for name, tc in registry.items():
+        matched = []
+        for filepath in files:
+            # Check if file matches any include pattern
+            if not any(fnmatch(filepath, p) for p in tc.file_patterns):
+                continue
+            # Check if file matches any exclude pattern
+            if any(fnmatch(filepath, p) for p in tc.exclude_patterns):
+                continue
+            matched.append(filepath)
+        result[name] = matched
+    return result

code_forge/reporter.py ADDED Viewed

@@ -0,0 +1,133 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2026, Minxi Hou <houminxi@gmail.com>
+"""Terminal output formatting, cargo-check style.
+Plain text output per D-05. Shows delta findings prominently,
+pre-existing violation count for context, tool versions for
+reproducibility.
+Addresses:
+- Mimo: all_findings preserved for pre-existing count
+- Round 3 C-1: tools_failed parameter for silent-miss visibility
+- DeepSeek F-4: optional tool failure warning
+"""
+from code_forge.parsers.base import Finding, ToolError
+def format_report(
+    delta_findings: list[Finding | ToolError],
+    all_findings: list[Finding | ToolError],
+    tool_versions: dict[str, str],
+    tools_skipped: list[str],
+    tools_failed: list[str],
+) -> str:
+    """Format findings into terminal-friendly report.
+    Args:
+        delta_findings: findings on changed lines (drive verdict)
+        all_findings: all findings including pre-existing
+        tool_versions: {tool_name: version_string} for reproducibility
+        tools_skipped: tools not installed or no matching files
+        tools_failed: tools that ran but returned ToolError (separate
+            from tools_skipped -- different messaging)
+    Returns:
+        Formatted report string
+    """
+    lines: list[str] = []
+    # Separate ToolErrors from Findings in delta
+    delta_errors = [f for f in delta_findings if isinstance(f, ToolError)]
+    delta_violations = [
+        f for f in delta_findings if isinstance(f, Finding)
+    ]
+    has_errors = len(delta_errors) > 0
+    has_violations = len(delta_violations) > 0
+    if has_violations or has_errors:
+        # FAIL output
+        if has_violations and has_errors:
+            lines.append(
+                "forge: FAIL -- %d new violation(s) and tool error(s)"
+                % len(delta_violations)
+            )
+        elif has_violations:
+            lines.append(
+                "forge: FAIL -- %d new violation(s)"
+                % len(delta_violations)
+            )
+        else:
+            lines.append("forge: FAIL -- tool error(s)")
+        lines.append("")
+        # Show violations
+        for f in delta_violations:
+            lines.append(
+                "  %s:%d: [%s/%s] %s: %s"
+                % (f.file, f.line, f.tool_name, f.rule_id, f.level, f.message)
+            )
+        # Show tool errors
+        for e in delta_errors:
+            lines.append(
+                "  [%s] ERROR: %s" % (e.tool_name, e.message)
+            )
+        lines.append("")
+        if has_violations and has_errors:
+            lines.append(
+                "forge: fix %d violation(s) and resolve tool errors before commit"
+                % len(delta_violations)
+            )
+        elif has_violations:
+            lines.append(
+                "forge: fix %d violation(s) before commit"
+                % len(delta_violations)
+            )
+        else:
+            lines.append("forge: resolve tool errors before commit")
+    else:
+        # PASS output
+        # Count pre-existing violations (all minus delta, Findings only)
+        all_finding_count = sum(
+            1 for f in all_findings if isinstance(f, Finding)
+        )
+        delta_finding_count = sum(
+            1 for f in delta_findings if isinstance(f, Finding)
+        )
+        pre_existing = all_finding_count - delta_finding_count
+        lines.append("forge: PASS -- no new violations")
+        if pre_existing > 0:
+            lines.append(
+                "  (%d pre-existing violation(s) in unchanged code,"
+                " not blocking)"
+                % pre_existing
+            )
+    # Tools failed warning (always shown, even on PASS -- Round 3 C-1)
+    if tools_failed:
+        lines.append(
+            "  WARNING: %d optional tool(s) failed: %s"
+            " -- results may be incomplete"
+            % (len(tools_failed), ", ".join(tools_failed))
+        )
+    # Tools skipped
+    if tools_skipped:
+        lines.append(
+            "  (tools skipped: %s)" % ", ".join(tools_skipped)
+        )
+    # Tool versions for reproducibility
+    if tool_versions:
+        lines.append("")
+        lines.append("tool versions:")
+        for name in sorted(tool_versions.keys()):
+            lines.append("  %s: %s" % (name, tool_versions[name]))
+    return "\n".join(lines)