codeshift 0.4.0__py3-none-any.whl → 0.7.0__py3-none-any.whl

codeshift/health/metrics/migration_readiness.py

@@ -0,0 +1,142 @@
+"""Migration readiness metric calculator."""
+
+import logging
+from pathlib import Path
+from typing import Any
+
+from codeshift.health.metrics import BaseMetricCalculator
+from codeshift.health.models import DependencyHealth, MetricCategory, MetricResult
+from codeshift.knowledge_base import KnowledgeBaseLoader
+from codeshift.scanner.dependency_parser import DependencyParser
+
+logger = logging.getLogger(__name__)
+
+
+class MigrationReadinessCalculator(BaseMetricCalculator):
+    """Calculates migration readiness score (20% weight).
+
+    Score based on Tier 1/2 support coverage:
+    - Tier 1 (deterministic AST): 100% score contribution
+    - Tier 2 (knowledge base + LLM): 50% score contribution
+    - No support: 0% score contribution
+    """
+
+    @property
+    def category(self) -> MetricCategory:
+        return MetricCategory.MIGRATION_READINESS
+
+    @property
+    def weight(self) -> float:
+        return 0.20
+
+    def calculate(
+        self,
+        project_path: Path,
+        dependencies: list[DependencyHealth] | None = None,
+        **kwargs: Any,
+    ) -> MetricResult:
+        """Calculate the migration readiness score.
+
+        Args:
+            project_path: Path to the project
+            dependencies: Pre-populated dependency health list (optional)
+
+        Returns:
+            MetricResult with migration readiness score
+        """
+        if dependencies is None:
+            dependencies = self._analyze_dependencies(project_path)
+
+        if not dependencies:
+            return self._create_result(
+                score=100,
+                description="No dependencies to analyze",
+                details={"dependency_count": 0},
+                recommendations=[],
+            )
+
+        tier1_count = sum(1 for d in dependencies if d.has_tier1_support)
+        tier2_count = sum(
+            1 for d in dependencies if d.has_tier2_support and not d.has_tier1_support
+        )
+        no_support_count = len(dependencies) - tier1_count - tier2_count
+
+        total = len(dependencies)
+        # Score: Tier 1 gets full points, Tier 2 gets half points
+        score = ((tier1_count * 100) + (tier2_count * 50)) / total if total > 0 else 100
+
+        # Build recommendations
+        recommendations: list[str] = []
+
+        if no_support_count > 0:
+            unsupported = [
+                d.name for d in dependencies if not d.has_tier1_support and not d.has_tier2_support
+            ]
+            recommendations.append(
+                f"Consider requesting Tier 1 support for: {', '.join(unsupported[:3])}"
+                + (f" (+{len(unsupported) - 3} more)" if len(unsupported) > 3 else "")
+            )
+
+        if tier2_count > 0:
+            tier2_deps = [
+                d.name for d in dependencies if d.has_tier2_support and not d.has_tier1_support
+            ]
+            recommendations.append(
+                f"Libraries with Tier 2 (LLM) support: {', '.join(tier2_deps[:3])}"
+            )
+
+        return self._create_result(
+            score=score,
+            description=f"{tier1_count} Tier 1, {tier2_count} Tier 2, {no_support_count} unsupported",
+            details={
+                "total_dependencies": total,
+                "tier1_count": tier1_count,
+                "tier2_count": tier2_count,
+                "unsupported_count": no_support_count,
+                "tier1_ratio": tier1_count / total if total > 0 else 0,
+                "tier2_ratio": tier2_count / total if total > 0 else 0,
+            },
+            recommendations=recommendations,
+        )
+
+    def _analyze_dependencies(self, project_path: Path) -> list[DependencyHealth]:
+        """Analyze project dependencies for migration support.
+
+        Args:
+            project_path: Path to the project
+
+        Returns:
+            List of DependencyHealth objects with tier support info
+        """
+        parser = DependencyParser(project_path)
+        dependencies = parser.parse_all()
+
+        loader = KnowledgeBaseLoader()
+        supported_libraries = loader.get_supported_libraries()
+
+        results: list[DependencyHealth] = []
+
+        # Tier 1 supported libraries (have AST transformers)
+        tier1_libraries = {"pydantic", "fastapi", "sqlalchemy", "pandas", "requests"}
+
+        for dep in dependencies:
+            dep_name_lower = dep.name.lower()
+
+            # Check Tier 1 support (deterministic AST transforms)
+            has_tier1 = dep_name_lower in tier1_libraries
+
+            # Check Tier 2 support (knowledge base exists)
+            has_tier2 = dep_name_lower in [lib.lower() for lib in supported_libraries]
+
+            results.append(
+                DependencyHealth(
+                    name=dep.name,
+                    current_version=str(dep.min_version) if dep.min_version else None,
+                    latest_version=None,
+                    is_outdated=False,
+                    has_tier1_support=has_tier1,
+                    has_tier2_support=has_tier2,
+                )
+            )
+
+        return results

codeshift/health/metrics/security.py

@@ -0,0 +1,225 @@
+"""Security vulnerabilities metric calculator."""
+
+import logging
+from pathlib import Path
+from typing import Any
+
+import httpx
+
+from codeshift.health.metrics import BaseMetricCalculator
+from codeshift.health.models import (
+    DependencyHealth,
+    MetricCategory,
+    MetricResult,
+    SecurityVulnerability,
+    VulnerabilitySeverity,
+)
+from codeshift.scanner.dependency_parser import DependencyParser
+
+logger = logging.getLogger(__name__)
+
+# PyPI API timeout
+PYPI_TIMEOUT = 5.0
+
+
+class SecurityCalculator(BaseMetricCalculator):
+    """Calculates security score based on known vulnerabilities (25% weight).
+
+    Penalties:
+    - Critical: -25 points
+    - High: -15 points
+    - Medium: -8 points
+    - Low: -3 points
+    """
+
+    @property
+    def category(self) -> MetricCategory:
+        return MetricCategory.SECURITY
+
+    @property
+    def weight(self) -> float:
+        return 0.25
+
+    def calculate(
+        self,
+        project_path: Path,
+        dependencies: list[DependencyHealth] | None = None,
+        **kwargs: Any,
+    ) -> MetricResult:
+        """Calculate the security score.
+
+        Args:
+            project_path: Path to the project
+            dependencies: Pre-populated dependency health list (optional)
+
+        Returns:
+            MetricResult with security score
+        """
+        if dependencies is None:
+            dependencies = self._analyze_dependencies(project_path)
+
+        if not dependencies:
+            return self._create_result(
+                score=100,
+                description="No dependencies to analyze",
+                details={"dependency_count": 0, "vulnerability_count": 0},
+                recommendations=[],
+            )
+
+        # Collect all vulnerabilities
+        all_vulns: list[SecurityVulnerability] = []
+        vuln_counts = {
+            VulnerabilitySeverity.CRITICAL: 0,
+            VulnerabilitySeverity.HIGH: 0,
+            VulnerabilitySeverity.MEDIUM: 0,
+            VulnerabilitySeverity.LOW: 0,
+        }
+
+        for dep in dependencies:
+            for vuln in dep.vulnerabilities:
+                all_vulns.append(vuln)
+                vuln_counts[vuln.severity] += 1
+
+        # Calculate penalty
+        total_penalty = sum(count * severity.penalty for severity, count in vuln_counts.items())
+        score = max(0, 100 - total_penalty)
+
+        # Build recommendations
+        recommendations: list[str] = []
+        if vuln_counts[VulnerabilitySeverity.CRITICAL] > 0:
+            critical_pkgs = list(
+                {v.package for v in all_vulns if v.severity == VulnerabilitySeverity.CRITICAL}
+            )
+            recommendations.append(
+                f"URGENT: Fix critical vulnerabilities in: {', '.join(critical_pkgs)}"
+            )
+
+        if vuln_counts[VulnerabilitySeverity.HIGH] > 0:
+            high_pkgs = list(
+                {v.package for v in all_vulns if v.severity == VulnerabilitySeverity.HIGH}
+            )
+            recommendations.append(
+                f"Address high severity vulnerabilities in: {', '.join(high_pkgs)}"
+            )
+
+        if vuln_counts[VulnerabilitySeverity.MEDIUM] > 0:
+            recommendations.append(
+                f"Review {vuln_counts[VulnerabilitySeverity.MEDIUM]} medium severity vulnerabilities"
+            )
+
+        return self._create_result(
+            score=score,
+            description=(
+                f"{len(all_vulns)} vulnerabilities found"
+                if all_vulns
+                else "No known vulnerabilities"
+            ),
+            details={
+                "total_vulnerabilities": len(all_vulns),
+                "critical": vuln_counts[VulnerabilitySeverity.CRITICAL],
+                "high": vuln_counts[VulnerabilitySeverity.HIGH],
+                "medium": vuln_counts[VulnerabilitySeverity.MEDIUM],
+                "low": vuln_counts[VulnerabilitySeverity.LOW],
+                "total_penalty": total_penalty,
+            },
+            recommendations=recommendations,
+        )
+
+    def _analyze_dependencies(self, project_path: Path) -> list[DependencyHealth]:
+        """Analyze project dependencies for security vulnerabilities.
+
+        Args:
+            project_path: Path to the project
+
+        Returns:
+            List of DependencyHealth objects with vulnerability data
+        """
+        parser = DependencyParser(project_path)
+        dependencies = parser.parse_all()
+
+        results: list[DependencyHealth] = []
+
+        for dep in dependencies:
+            vulns = self._get_vulnerabilities(dep.name)
+            results.append(
+                DependencyHealth(
+                    name=dep.name,
+                    current_version=str(dep.min_version) if dep.min_version else None,
+                    latest_version=None,
+                    is_outdated=False,
+                    vulnerabilities=vulns,
+                )
+            )
+
+        return results
+
+    def _get_vulnerabilities(self, package_name: str) -> list[SecurityVulnerability]:
+        """Get known vulnerabilities for a package from PyPI.
+
+        Args:
+            package_name: Name of the package
+
+        Returns:
+            List of SecurityVulnerability objects
+        """
+        vulns: list[SecurityVulnerability] = []
+
+        try:
+            response = httpx.get(
+                f"https://pypi.org/pypi/{package_name}/json",
+                timeout=PYPI_TIMEOUT,
+            )
+            if response.status_code == 200:
+                data = response.json()
+                vulnerabilities = data.get("vulnerabilities", [])
+
+                for vuln_data in vulnerabilities:
+                    severity_str = self._parse_severity(vuln_data)
+                    try:
+                        severity = VulnerabilitySeverity(severity_str.lower())
+                    except ValueError:
+                        severity = VulnerabilitySeverity.MEDIUM
+
+                    fixed_in = None
+                    if vuln_data.get("fixed_in"):
+                        fixed_versions = vuln_data.get("fixed_in", [])
+                        if fixed_versions:
+                            fixed_in = fixed_versions[0]
+
+                    vulns.append(
+                        SecurityVulnerability(
+                            package=package_name,
+                            vulnerability_id=vuln_data.get("id", "unknown"),
+                            severity=severity,
+                            description=vuln_data.get("summary", vuln_data.get("details", ""))[
+                                :200
+                            ],
+                            fixed_in=fixed_in,
+                            url=vuln_data.get("link"),
+                        )
+                    )
+
+        except Exception as e:
+            logger.debug(f"Failed to get vulnerabilities for {package_name}: {e}")
+
+        return vulns
+
+    def _parse_severity(self, vuln_data: dict) -> str:
+        """Parse severity from vulnerability data.
+
+        Args:
+            vuln_data: Vulnerability data dictionary
+
+        Returns:
+            Severity string (critical, high, medium, low)
+        """
+        # Try to get severity from aliases (e.g., CVE data)
+        aliases = vuln_data.get("aliases", [])
+        for alias in aliases:
+            if "CRITICAL" in alias.upper():
+                return "critical"
+            elif "HIGH" in alias.upper():
+                return "high"
+
+        # Default to medium if not specified
+        return "medium"

codeshift/health/metrics/test_coverage.py

@@ -0,0 +1,191 @@
+"""Test coverage metric calculator."""
+
+import json
+import logging
+from pathlib import Path
+from typing import Any
+
+from codeshift.health.metrics import BaseMetricCalculator
+from codeshift.health.models import MetricCategory, MetricResult
+
+logger = logging.getLogger(__name__)
+
+
+class TestCoverageCalculator(BaseMetricCalculator):
+    """Calculates test coverage score (15% weight).
+
+    Score is directly mapped from coverage percentage.
+    Returns 50 (neutral) if no coverage data is found.
+    """
+
+    @property
+    def category(self) -> MetricCategory:
+        return MetricCategory.TEST_COVERAGE
+
+    @property
+    def weight(self) -> float:
+        return 0.15
+
+    def calculate(self, project_path: Path, **kwargs: Any) -> MetricResult:
+        """Calculate the test coverage score.
+
+        Args:
+            project_path: Path to the project
+
+        Returns:
+            MetricResult with test coverage score
+        """
+        coverage, source = self._get_coverage(project_path)
+
+        if coverage is None:
+            return self._create_result(
+                score=50,  # Neutral score when no data
+                description="No coverage data found",
+                details={"coverage_found": False},
+                recommendations=[
+                    "Run tests with coverage: pytest --cov",
+                    "Generate coverage report: coverage run -m pytest && coverage report",
+                ],
+            )
+
+        # Direct mapping: coverage % = score
+        score = coverage * 100
+
+        recommendations: list[str] = []
+        if coverage < 0.5:
+            recommendations.append("Increase test coverage to at least 50%")
+        elif coverage < 0.8:
+            recommendations.append("Consider increasing test coverage to 80% or higher")
+
+        return self._create_result(
+            score=score,
+            description=f"{coverage:.0%} test coverage",
+            details={
+                "coverage_found": True,
+                "coverage_percentage": coverage * 100,
+                "source": source,
+            },
+            recommendations=recommendations,
+        )
+
+    def _get_coverage(self, project_path: Path) -> tuple[float | None, str]:
+        """Get test coverage from available sources.
+
+        Args:
+            project_path: Path to the project
+
+        Returns:
+            Tuple of (coverage percentage as 0-1 or None, source description)
+        """
+        # Try coverage.json first (pytest-cov JSON output)
+        coverage_json = project_path / "coverage.json"
+        if coverage_json.exists():
+            try:
+                data = json.loads(coverage_json.read_text())
+                totals = data.get("totals", {})
+                percent = totals.get("percent_covered", 0)
+                return percent / 100, "coverage.json"
+            except Exception as e:
+                logger.debug(f"Failed to parse coverage.json: {e}")
+
+        # Try .coverage SQLite database
+        coverage_db = project_path / ".coverage"
+        if coverage_db.exists():
+            coverage = self._read_coverage_db(coverage_db)
+            if coverage is not None:
+                return coverage, ".coverage database"
+
+        # Try htmlcov/index.html for percentage
+        htmlcov_index = project_path / "htmlcov" / "index.html"
+        if htmlcov_index.exists():
+            coverage = self._parse_htmlcov(htmlcov_index)
+            if coverage is not None:
+                return coverage, "htmlcov"
+
+        # Try pytest-cov XML format
+        coverage_xml = project_path / "coverage.xml"
+        if coverage_xml.exists():
+            coverage = self._parse_coverage_xml(coverage_xml)
+            if coverage is not None:
+                return coverage, "coverage.xml"
+
+        return None, ""
+
+    def _read_coverage_db(self, db_path: Path) -> float | None:
+        """Read coverage from SQLite database.
+
+        Args:
+            db_path: Path to .coverage database
+
+        Returns:
+            Coverage percentage as 0-1 or None
+        """
+        try:
+            import sqlite3
+
+            conn = sqlite3.connect(db_path)
+            cursor = conn.cursor()
+
+            # Get total lines and covered lines
+            cursor.execute(
+                """
+                SELECT SUM(num_lines), SUM(num_hits)
+                FROM line_counts
+                """
+            )
+            row = cursor.fetchone()
+            conn.close()
+
+            if row and row[0] and row[0] > 0:
+                total_lines = row[0]
+                covered_lines = row[1] or 0
+                return float(covered_lines / total_lines) if total_lines > 0 else None
+
+        except Exception as e:
+            logger.debug(f"Failed to read .coverage database: {e}")
+
+        return None
+
+    def _parse_htmlcov(self, index_path: Path) -> float | None:
+        """Parse coverage percentage from htmlcov index.
+
+        Args:
+            index_path: Path to htmlcov/index.html
+
+        Returns:
+            Coverage percentage as 0-1 or None
+        """
+        try:
+            import re
+
+            content = index_path.read_text()
+            # Look for patterns like "85%" or "coverage: 85"
+            match = re.search(r"(\d+(?:\.\d+)?)\s*%", content)
+            if match:
+                return float(match.group(1)) / 100
+        except Exception as e:
+            logger.debug(f"Failed to parse htmlcov: {e}")
+
+        return None
+
+    def _parse_coverage_xml(self, xml_path: Path) -> float | None:
+        """Parse coverage from Cobertura XML format.
+
+        Args:
+            xml_path: Path to coverage.xml
+
+        Returns:
+            Coverage percentage as 0-1 or None
+        """
+        try:
+            import re
+
+            content = xml_path.read_text()
+            # Look for line-rate="0.85" attribute
+            match = re.search(r'line-rate="(\d+(?:\.\d+)?)"', content)
+            if match:
+                return float(match.group(1))
+        except Exception as e:
+            logger.debug(f"Failed to parse coverage.xml: {e}")
+
+        return None