codeshift 0.4.0__py3-none-any.whl → 0.5.0__py3-none-any.whl

codeshift/cli/commands/auth.py

@@ -1,11 +1,10 @@
 """Authentication commands for Codeshift CLI."""
 
-import json
 import os
 import time
 import webbrowser
 from pathlib import Path
-from typing import Any, cast
+from typing import Any
 
 import click
 import httpx
@@ -15,11 +14,16 @@ from rich.progress import Progress, SpinnerColumn, TextColumn
 from rich.prompt import Confirm, Prompt
 from rich.table import Table
 
+from codeshift.utils.credential_store import (
+    CredentialDecryptionError,
+    get_credential_store,
+)
+
 console = Console()
 
-# Config directory for storing credentials
+# Config directory for storing credentials (kept for backward compatibility reference)
 CONFIG_DIR = Path.home() / ".config" / "codeshift"
-CREDENTIALS_FILE = CONFIG_DIR / "credentials.json"
+CREDENTIALS_FILE = CONFIG_DIR / "credentials.json"  # Legacy path
 
 
 def get_api_url() -> str:
@@ -28,28 +32,38 @@ def get_api_url() -> str:
 
 
 def load_credentials() -> dict[str, Any] | None:
-    """Load saved credentials from disk."""
-    if not CREDENTIALS_FILE.exists():
-        return None
+    """Load saved credentials from secure storage.
+
+    Automatically handles migration from plaintext to encrypted storage.
+
+    Returns:
+        Dictionary of credentials, or None if not found.
+    """
+    store = get_credential_store()
     try:
-        return cast(dict[str, Any], json.loads(CREDENTIALS_FILE.read_text()))
-    except (OSError, json.JSONDecodeError):
+        return store.load()
+    except CredentialDecryptionError as e:
+        console.print(
+            Panel(
+                f"[red]Could not decrypt credentials:[/] {e}\n\n"
+                "This may happen if credentials were created on a different machine.\n"
+                "Please run [cyan]codeshift login[/] to re-authenticate.",
+                title="Credential Error",
+            )
+        )
         return None
 
 
 def save_credentials(credentials: dict) -> None:
-    """Save credentials to disk."""
-    CONFIG_DIR.mkdir(parents=True, exist_ok=True)
-
-    # Set restrictive permissions
-    CREDENTIALS_FILE.write_text(json.dumps(credentials, indent=2))
-    os.chmod(CREDENTIALS_FILE, 0o600)
+    """Save credentials to secure encrypted storage."""
+    store = get_credential_store()
+    store.save(credentials)
 
 
 def delete_credentials() -> None:
-    """Delete saved credentials."""
-    if CREDENTIALS_FILE.exists():
-        CREDENTIALS_FILE.unlink()
+    """Delete saved credentials securely."""
+    store = get_credential_store()
+    store.delete()
 
 
 def get_api_key() -> str | None:
@@ -107,7 +121,8 @@ def login(
     2. API key: codeshift login -k pyr_xxxxx
     3. Device flow: codeshift login --device
 
-    Your credentials are stored in ~/.config/codeshift/credentials.json
+    Your credentials are stored securely in ~/.config/codeshift/credentials.enc
+    using AES encryption.
 
     Don't have an account? Run: codeshift register
     """
@@ -154,7 +169,8 @@ def register(
     Example:
       codeshift register -e user@example.com -p yourpassword
 
-    Your credentials are stored in ~/.config/codeshift/credentials.json
+    Your credentials are stored securely in ~/.config/codeshift/credentials.enc
+    using AES encryption.
     """
     # Check if already logged in
     existing = load_credentials()
@@ -211,7 +227,7 @@ def _register_account(email: str, password: str, full_name: str | None) -> None:
             if response.status_code == 200:
                 data = response.json()
 
-                # Save credentials
+                # Save credentials securely
                 save_credentials(
                     {
                         "api_key": data["api_key"],
@@ -275,7 +291,7 @@ def _login_with_api_key(api_key: str) -> None:
             if response.status_code == 200:
                 user = response.json()
 
-                # Save credentials
+                # Save credentials securely
                 save_credentials(
                     {
                         "api_key": api_key,
@@ -327,7 +343,7 @@ def _login_with_password(email: str, password: str) -> None:
             if response.status_code == 200:
                 data = response.json()
 
-                # Save credentials
+                # Save credentials securely
                 save_credentials(
                     {
                         "api_key": data["api_key"],
@@ -422,7 +438,7 @@ def _login_with_device_code() -> None:
                     if response.status_code == 200:
                         data = response.json()
 
-                        # Save credentials
+                        # Save credentials securely
                         save_credentials(
                             {
                                 "api_key": data["api_key"],
@@ -487,7 +503,7 @@ def logout() -> None:
         except httpx.RequestError:
             pass
 
-    # Delete local credentials
+    # Delete local credentials securely
     delete_credentials()
 
     console.print("[green]Successfully logged out[/]")

codeshift/cli/commands/upgrade.py

@@ -18,12 +18,8 @@ from codeshift.knowledge import (
     is_tier_1_library,
 )
 from codeshift.knowledge_base import KnowledgeBaseLoader
-from codeshift.migrator.ast_transforms import TransformChange, TransformResult, TransformStatus
-from codeshift.migrator.transforms.fastapi_transformer import transform_fastapi
-from codeshift.migrator.transforms.pandas_transformer import transform_pandas
-from codeshift.migrator.transforms.pydantic_v1_to_v2 import transform_pydantic_v1_to_v2
-from codeshift.migrator.transforms.requests_transformer import transform_requests
-from codeshift.migrator.transforms.sqlalchemy_transformer import transform_sqlalchemy
+from codeshift.knowledge_base.models import LibraryKnowledge
+from codeshift.migrator.ast_transforms import TransformResult, TransformStatus
 from codeshift.scanner import CodeScanner, DependencyParser
 from codeshift.utils.config import ProjectConfig
 
@@ -81,6 +77,11 @@ def save_state(project_path: Path, state: dict) -> None:
     is_flag=True,
     help="Show detailed output",
 )
+@click.option(
+    "--force-llm",
+    is_flag=True,
+    help="Force LLM migration even for libraries with AST transforms",
+)
 def upgrade(
     library: str,
     target: str,
@@ -88,6 +89,7 @@ def upgrade(
     file: str | None,
     dry_run: bool,
     verbose: bool,
+    force_llm: bool,
 ) -> None:
     """Analyze your codebase and propose changes for a library upgrade.
 
@@ -100,34 +102,44 @@ def upgrade(
     project_path = Path(path).resolve()
     project_config = ProjectConfig.from_pyproject(project_path)
 
-    # Check quota before starting (allow offline for Tier 1 libraries)
+    # Check quota before starting (allow offline for Tier 1 libraries unless force-llm)
     is_tier1 = is_tier_1_library(library)
     try:
-        check_quota("file_migrated", quantity=1, allow_offline=is_tier1)
+        check_quota("file_migrated", quantity=1, allow_offline=is_tier1 and not force_llm)
     except QuotaError as e:
         show_quota_exceeded_message(e)
         raise SystemExit(1) from e
 
-    # Load knowledge base
+    # Load knowledge base (optional - YAML may not exist for all libraries)
     loader = KnowledgeBaseLoader()
+    knowledge: LibraryKnowledge | None = None
 
     try:
         knowledge = loader.load(library)
-    except FileNotFoundError as e:
-        console.print(f"[red]Error:[/] {e}")
-        console.print(f"\nSupported libraries: {', '.join(loader.get_supported_libraries())}")
-        raise SystemExit(1) from e
+    except FileNotFoundError:
+        if verbose:
+            console.print(
+                f"[dim]No knowledge base YAML for {library} - using generated knowledge[/]"
+            )
 
-    # Check if migration is supported
-    # For now, we'll allow any version since we're doing a general migration
-    console.print(
-        Panel(
-            f"[bold]Upgrading {knowledge.display_name}[/] to version [cyan]{target}[/]\n\n"
-            f"{knowledge.description}\n"
-            f"Migration guide: {knowledge.migration_guide_url or 'N/A'}",
-            title="Codeshift Migration",
+    # Display migration info with fallback for missing YAML
+    if knowledge:
+        console.print(
+            Panel(
+                f"[bold]Upgrading {knowledge.display_name}[/] to version [cyan]{target}[/]\n\n"
+                f"{knowledge.description}\n"
+                f"Migration guide: {knowledge.migration_guide_url or 'N/A'}",
+                title="Codeshift Migration",
+            )
+        )
+    else:
+        console.print(
+            Panel(
+                f"[bold]Upgrading {library}[/] to version [cyan]{target}[/]\n\n"
+                "Using AI-powered migration (no static knowledge base available)",
+                title="Codeshift Migration",
+            )
         )
-    )
 
     # Step 1: Parse dependencies
     with Progress(
@@ -271,7 +283,25 @@ def upgrade(
         console.print(f"\n[yellow]No {library} imports found in the codebase.[/]")
         return
 
-    # Step 4: Apply transforms
+    # Step 4: Apply transforms using MigrationEngine
+    # Import here to avoid circular dependency (upgrade.py -> migrator -> llm_migrator -> api_client -> auth -> cli -> upgrade.py)
+    from codeshift.migrator import get_migration_engine
+
+    engine = get_migration_engine()
+
+    # Check auth for non-Tier1 libraries or force-llm mode
+    llm_required = force_llm or not is_tier1
+    if llm_required and not engine.llm_migrator.is_available:
+        console.print(
+            Panel(
+                f"[yellow]LLM migration required for {library}[/]\n\n"
+                "Run [cyan]codeshift login[/] and upgrade to Pro tier for LLM features.",
+                title="Authentication Required",
+            )
+        )
+        if not is_tier1:
+            raise SystemExit(1)
+
     with Progress(
         SpinnerColumn(),
         TextColumn("[progress.description]{task.description}"),
@@ -286,45 +316,28 @@ def upgrade(
 
         results: list[TransformResult] = []
 
+        def migration_progress(msg: str) -> None:
+            progress.update(task, description=msg)
+
         for file_path in files_to_transform:
             try:
                 source_code = file_path.read_text()
 
-                # Select transformer based on library
-                transform_func = {
-                    "pydantic": transform_pydantic_v1_to_v2,
-                    "fastapi": transform_fastapi,
-                    "sqlalchemy": transform_sqlalchemy,
-                    "pandas": transform_pandas,
-                    "requests": transform_requests,
-                }.get(library)
-
-                if transform_func:
-                    transformed_code, changes = transform_func(source_code)
-                    # Create TransformResult from the function output
-                    result = TransformResult(
-                        file_path=file_path,
-                        status=TransformStatus.SUCCESS if changes else TransformStatus.NO_CHANGES,
-                        original_code=source_code,
-                        transformed_code=transformed_code,
-                        changes=[
-                            TransformChange(
-                                description=c.description,
-                                line_number=c.line_number,
-                                original=c.original,
-                                replacement=c.replacement,
-                                transform_name=c.transform_name,
-                                confidence=getattr(c, "confidence", 1.0),
-                            )
-                            for c in changes
-                        ],
-                    )
-                else:
-                    console.print(f"[yellow]Warning:[/] No transformer available for {library}")
-                    continue
+                result = engine.run_migration(
+                    code=source_code,
+                    file_path=file_path,
+                    library=library,
+                    old_version=current_version or "1.0",
+                    new_version=target,
+                    knowledge_base=generated_kb,
+                    progress_callback=migration_progress if verbose else None,
+                )
 
                 if result.has_changes:
                     results.append(result)
+                elif result.errors:
+                    for error in result.errors:
+                        console.print(f"[yellow]Warning ({file_path.name}):[/] {error}")
 
             except Exception as e:
                 console.print(f"[red]Error processing {file_path}:[/] {e}")

codeshift/knowledge/generator.py

@@ -172,6 +172,12 @@ TIER_1_LIBRARIES = {
     "pytest",
     "marshmallow",
     "flask",
+    "celery",
+    "httpx",
+    "aiohttp",
+    "click",
+    "attrs",
+    "django",
 }
 
 

codeshift/knowledge_base/libraries/aiohttp.yaml

@@ -69,7 +69,7 @@ breaking_changes:
 
   # connector_owner default change
   - symbol: "ClientSession(connector=..., connector_owner=None)"
-    change_type: behavior_change
+    change_type: behavior_changed
     severity: medium
     from_version: "3.7"
     to_version: "3.9"
@@ -133,7 +133,7 @@ breaking_changes:
 
   # Middleware signature changes (old-style to new-style)
   - symbol: "@middleware"
-    change_type: signature_change
+    change_type: signature_changed
     severity: high
     from_version: "3.7"
     to_version: "3.9"
@@ -154,7 +154,7 @@ breaking_changes:
     transform_name: ws_connect_timeout_rename
 
   - symbol: "ws_connect(receive_timeout=...)"
-    change_type: behavior_change
+    change_type: behavior_changed
     severity: low
     from_version: "3.7"
     to_version: "3.9"

codeshift/knowledge_base/libraries/httpx.yaml

@@ -119,7 +119,7 @@ breaking_changes:
 
   # Response.iter_lines() behavior change
   - symbol: "Response.iter_lines()"
-    change_type: behavior_change
+    change_type: behavior_changed
     severity: medium
     from_version: "0.23"
     to_version: "0.24"
@@ -130,7 +130,7 @@ breaking_changes:
 
   # NetRC authentication change
   - symbol: "trust_env=True"
-    change_type: behavior_change
+    change_type: behavior_changed
     severity: medium
     from_version: "0.23"
     to_version: "0.24"
@@ -141,7 +141,7 @@ breaking_changes:
 
   # Query parameter encoding change
   - symbol: "params encoding"
-    change_type: behavior_change
+    change_type: behavior_changed
     severity: low
     from_version: "0.23"
     to_version: "0.24"
@@ -173,7 +173,7 @@ breaking_changes:
 
   # Follow redirects default change
   - symbol: "follow_redirects"
-    change_type: behavior_change
+    change_type: behavior_changed
     severity: high
     from_version: "0.19"
     to_version: "0.20"

codeshift/knowledge_base/libraries/pytest.yaml

@@ -182,7 +182,7 @@ breaking_changes:
 
   # pytest.importorskip exc_type
   - symbol: "pytest.importorskip()"
-    change_type: behavior_change
+    change_type: behavior_changed
     severity: low
     from_version: "8.0"
     to_version: "8.2"

codeshift/knowledge_base/models.py

@@ -9,6 +9,7 @@ class ChangeType(Enum):
 
     RENAMED = "renamed"
     REMOVED = "removed"
+    MOVED = "moved"
     SIGNATURE_CHANGED = "signature_changed"
     BEHAVIOR_CHANGED = "behavior_changed"
     DEPRECATED = "deprecated"

codeshift/migrator/transforms/marshmallow_transformer.py

@@ -191,6 +191,10 @@ class MarshmallowTransformer(BaseTransformer):
         - default -> dump_default
         - load_from -> data_key
         - dump_to -> data_key
+
+        Special handling: When both load_from and dump_to are present, only one data_key
+        is kept (preferring load_from) and a warning comment is added about the removed
+        dump_to value.
         """
         # Check if this is a fields.* call or a Field-like call
         func_name = self._get_call_func_name(node.func)
@@ -232,6 +236,27 @@ class MarshmallowTransformer(BaseTransformer):
         if func_name not in field_types:
             return node
 
+        # First pass: detect if both load_from and dump_to are present
+        load_from_arg = None
+        dump_to_arg = None
+        load_from_value = None
+        dump_to_value = None
+
+        for arg in node.args:
+            if isinstance(arg.keyword, cst.Name):
+                if arg.keyword.value == "load_from":
+                    load_from_arg = arg
+                    # Extract the value for comparison/warning
+                    if isinstance(arg.value, cst.SimpleString):
+                        load_from_value = arg.value.value
+                elif arg.keyword.value == "dump_to":
+                    dump_to_arg = arg
+                    # Extract the value for comparison/warning
+                    if isinstance(arg.value, cst.SimpleString):
+                        dump_to_value = arg.value.value
+
+        has_both_load_from_and_dump_to = load_from_arg is not None and dump_to_arg is not None
+
         new_args = []
         changed = False
         param_mappings = {
@@ -245,6 +270,31 @@ class MarshmallowTransformer(BaseTransformer):
             if isinstance(arg.keyword, cst.Name) and arg.keyword.value in param_mappings:
                 old_name = arg.keyword.value
                 new_name = param_mappings[old_name]
+
+                # Special case: skip dump_to when both load_from and dump_to exist
+                if old_name == "dump_to" and has_both_load_from_and_dump_to:
+                    changed = True
+                    # Record that dump_to was removed due to conflict
+                    self.record_change(
+                        description=(
+                            f"Remove '{old_name}' parameter - Marshmallow 3.x uses single "
+                            f"data_key for both load/dump. load_from value kept, dump_to="
+                            f"{dump_to_value} removed. Manual review may be needed if "
+                            f"load_from ({load_from_value}) != dump_to ({dump_to_value})."
+                        ),
+                        line_number=1,
+                        original=f"{func_name}(load_from=..., dump_to=...)",
+                        replacement=f"{func_name}(data_key=...)",
+                        transform_name="remove_dump_to_conflict",
+                        notes=(
+                            f"dump_to={dump_to_value} was removed because load_from="
+                            f"{load_from_value} was also present. In Marshmallow 3.x, "
+                            "data_key serves both purposes."
+                        ),
+                    )
+                    # Skip adding this arg
+                    continue
+
                 new_arg = arg.with_changes(keyword=cst.Name(new_name))
                 new_args.append(new_arg)
                 changed = True