commiter-cli 0.3.0__py3-none-any.whl

commiter/adapters/raw_sql.py

@@ -0,0 +1,191 @@
+"""Raw SQL adapter — detects database operations from raw SQL execution calls.
+
+Detects patterns like:
+  Python:  cursor.execute("SELECT * FROM users"), db.execute(text("INSERT INTO ..."))
+  JS/TS:   pool.query("SELECT * FROM orders"), knex.raw("DELETE FROM sessions")
+"""
+
+from __future__ import annotations
+
+import re
+from typing import TYPE_CHECKING
+
+from commiter.adapters.base import DBAdapter, DBOpMatch
+
+if TYPE_CHECKING:
+    from tree_sitter import Tree
+
+# Regex for SQL execution method calls across Python and JS
+# Matches: cursor.execute(, db.execute(, pool.query(, client.query(, knex.raw(, etc.
+_SQL_EXEC_RE = re.compile(
+    r'(?:cursor|stmt|db|conn|connection|pool|client|session|knex)'
+    r'\s*\.\s*'
+    r'(?:execute|query|raw|all|run|get|fetchall|fetchone|fetchmany)'
+    r'\s*\(',
+    re.IGNORECASE,
+)
+
+# SQL operation classification
+_SQL_OP_RE = re.compile(
+    r'^\s*(SELECT|INSERT|UPDATE|DELETE|CREATE|ALTER|DROP|TRUNCATE)',
+    re.IGNORECASE,
+)
+
+# Table name extraction patterns
+_TABLE_FROM_RE = re.compile(r'\bFROM\s+[`"\']?(\w+)[`"\']?', re.IGNORECASE)
+_TABLE_INTO_RE = re.compile(r'\bINTO\s+[`"\']?(\w+)[`"\']?', re.IGNORECASE)
+_TABLE_UPDATE_RE = re.compile(r'\bUPDATE\s+[`"\']?(\w+)[`"\']?', re.IGNORECASE)
+_TABLE_JOIN_RE = re.compile(r'\bJOIN\s+[`"\']?(\w+)[`"\']?', re.IGNORECASE)
+_TABLE_TRUNCATE_RE = re.compile(r'\bTRUNCATE\s+(?:TABLE\s+)?[`"\']?(\w+)[`"\']?', re.IGNORECASE)
+
+
+class RawSQLAdapter(DBAdapter):
+    """Detects database operations from raw SQL strings in execute/query calls."""
+
+    orm_name = "raw_sql"
+    language = "python"  # works for both Python and JS via regex on source text
+
+    def find_db_operations(self, tree: "Tree", source: bytes) -> list[DBOpMatch]:
+        ops = []
+        text = source.decode("utf-8", errors="replace")
+
+        for match in _SQL_EXEC_RE.finditer(text):
+            line = text[:match.start()].count("\n") + 1
+
+            # Extract the SQL string from the first argument
+            sql = self._extract_sql_string(text, match.end())
+            if not sql:
+                continue
+
+            # Classify the operation
+            op_type = self._classify_sql(sql)
+            if not op_type:
+                continue
+
+            # Extract table names
+            tables = self._extract_table_names(sql)
+            if not tables:
+                # We found SQL but couldn't parse a table name
+                ops.append(DBOpMatch(
+                    operation_type=op_type,
+                    table_name="<dynamic>",
+                    call_node=tree.root_node,
+                    line=line,
+                ))
+                continue
+
+            # Create an operation for each table found
+            for table in tables:
+                filters = self._extract_where_fields(sql)
+                ops.append(DBOpMatch(
+                    operation_type=op_type,
+                    table_name=table,
+                    call_node=tree.root_node,
+                    line=line,
+                    filters=filters,
+                ))
+
+        return ops
+
+    def _extract_sql_string(self, text: str, start: int) -> str | None:
+        """Extract the SQL string from the first argument after an opening paren.
+
+        Handles:
+          execute("SELECT ...")
+          execute(text("SELECT ..."))
+          execute(`SELECT ...`)
+          query('SELECT ...')
+        """
+        remaining = text[start:start + 1000]  # look ahead
+
+        # Skip whitespace
+        remaining = remaining.lstrip()
+
+        # Handle text() wrapper: execute(text("SELECT ..."))
+        if remaining.startswith("text("):
+            remaining = remaining[5:].lstrip()
+
+        # Find the string delimiter
+        if not remaining:
+            return None
+
+        delimiter = None
+        if remaining[0] in ("'", '"', "`"):
+            delimiter = remaining[0]
+        elif remaining[0] == 'f' and len(remaining) > 1 and remaining[1] in ("'", '"'):
+            # Python f-string: f"SELECT ..."
+            delimiter = remaining[1]
+            remaining = remaining[1:]
+        else:
+            return None
+
+        # Handle triple quotes
+        if remaining[:3] in ('"""', "'''"):
+            end_delim = remaining[:3]
+            content_start = 3
+            end_idx = remaining.find(end_delim, content_start)
+            if end_idx != -1:
+                return remaining[content_start:end_idx].strip()
+            return None
+
+        # Single delimiter
+        content_start = 1
+        i = content_start
+        while i < len(remaining):
+            if remaining[i] == "\\" :
+                i += 2  # skip escaped char
+                continue
+            if remaining[i] == delimiter:
+                return remaining[content_start:i].strip()
+            i += 1
+
+        return None
+
+    def _classify_sql(self, sql: str) -> str | None:
+        """Classify SQL statement type."""
+        match = _SQL_OP_RE.match(sql)
+        if not match:
+            return None
+
+        op = match.group(1).upper()
+        if op == "SELECT":
+            return "select"
+        elif op == "INSERT":
+            return "insert"
+        elif op == "UPDATE":
+            return "update"
+        elif op in ("DELETE", "TRUNCATE"):
+            return "delete"
+        elif op in ("CREATE", "ALTER", "DROP"):
+            return "ddl"
+        return "query"
+
+    def _extract_table_names(self, sql: str) -> list[str]:
+        """Extract table names from a SQL statement."""
+        tables = []
+        seen = set()
+
+        for pattern in (_TABLE_FROM_RE, _TABLE_INTO_RE, _TABLE_UPDATE_RE, _TABLE_JOIN_RE, _TABLE_TRUNCATE_RE):
+            for match in pattern.finditer(sql):
+                table = match.group(1)
+                # Filter out SQL keywords that might match
+                if table.upper() not in ("SELECT", "WHERE", "SET", "VALUES", "AND", "OR",
+                                          "NOT", "NULL", "TABLE", "INDEX", "VIEW", "AS",
+                                          "ON", "IN", "EXISTS", "LIKE", "BETWEEN"):
+                    if table not in seen:
+                        seen.add(table)
+                        tables.append(table)
+
+        return tables
+
+    def _extract_where_fields(self, sql: str) -> list[str]:
+        """Extract column names from WHERE clause."""
+        filters = []
+        where_match = re.search(r'\bWHERE\b(.+?)(?:ORDER|GROUP|LIMIT|HAVING|$)', sql, re.IGNORECASE)
+        if where_match:
+            where_clause = where_match.group(1)
+            for col_match in re.finditer(r'(\w+)\s*(?:=|!=|<>|>|<|>=|<=|LIKE|IN|IS)\s', where_clause, re.IGNORECASE):
+                col = col_match.group(1)
+                if col.upper() not in ("AND", "OR", "NOT"):
+                    filters.append(col)
+        return filters

commiter/adapters/react.py

@@ -0,0 +1,129 @@
+"""React frontend adapter — detects fetch/axios API calls in components."""
+
+from __future__ import annotations
+
+import re
+from pathlib import Path
+from typing import TYPE_CHECKING
+
+from tree_sitter import Node
+
+from commiter.adapters.base import FrontendAdapter, APICallMatch
+from commiter.parser import node_text, find_nodes_by_type, resolve_url_from_node
+
+if TYPE_CHECKING:
+    from tree_sitter import Tree
+
+# HTTP methods for axios
+AXIOS_METHODS = {"get", "post", "put", "delete", "patch", "request"}
+
+
+class ReactAdapter(FrontendAdapter):
+    framework_name = "react"
+    language = "javascript"  # handles JS/TS/JSX/TSX
+
+    def find_api_calls(self, tree: Tree, source: bytes, file_path: str = "",
+                       constants: dict[str, str] | None = None) -> list[APICallMatch]:
+        calls: list[APICallMatch] = []
+        calls.extend(self._find_fetch_calls(tree.root_node, source, constants))
+        calls.extend(self._find_axios_calls(tree.root_node, source, constants))
+        return calls
+
+    def _find_fetch_calls(self, root_node: Node, source: bytes,
+                          constants: dict[str, str] | None = None) -> list[APICallMatch]:
+        """Find fetch() calls with static, template, and concatenated URLs."""
+        results = []
+        call_nodes = find_nodes_by_type(root_node, "call_expression")
+
+        for call in call_nodes:
+            func = call.child_by_field_name("function")
+            if not func:
+                continue
+
+            func_text = node_text(func, source)
+            if func_text != "fetch":
+                continue
+
+            args = call.child_by_field_name("arguments")
+            if not args:
+                continue
+
+            url = None
+            method = "GET"
+
+            for arg in args.children:
+                if arg.type in ("string", "template_string", "binary_expression", "identifier", "member_expression"):
+                    if url is None:  # first matching arg is the URL
+                        url = resolve_url_from_node(arg, source, constants)
+                elif arg.type == "object":
+                    obj_text = node_text(arg, source)
+                    method_match = re.search(r'method\s*:\s*["\'](\w+)["\']', obj_text)
+                    if method_match:
+                        method = method_match.group(1).upper()
+
+            if url:
+                results.append(APICallMatch(
+                    http_method=method,
+                    url_pattern=url,
+                    call_node=call,
+                    line=call.start_point[0] + 1,
+                ))
+
+        return results
+
+    def _find_axios_calls(self, root_node: Node, source: bytes,
+                          constants: dict[str, str] | None = None) -> list[APICallMatch]:
+        """Find axios.get(), axios.post(), etc. with dynamic URL resolution."""
+        results = []
+        call_nodes = find_nodes_by_type(root_node, "call_expression")
+
+        for call in call_nodes:
+            func = call.child_by_field_name("function")
+            if not func or func.type != "member_expression":
+                continue
+
+            func_text = node_text(func, source)
+
+            match = re.match(r"(\w+)\.(get|post|put|delete|patch|request)", func_text)
+            if not match:
+                continue
+
+            obj_name = match.group(1)
+            if obj_name not in ("axios", "api", "client", "http", "axiosInstance", "apiClient"):
+                continue
+
+            method = match.group(2).upper()
+            if method == "REQUEST":
+                method = "GET"
+
+            args = call.child_by_field_name("arguments")
+            if not args:
+                continue
+
+            url = None
+            for arg in args.children:
+                if arg.type in ("string", "template_string", "binary_expression", "identifier", "member_expression"):
+                    url = resolve_url_from_node(arg, source, constants)
+                    if url:
+                        break
+
+            if url:
+                response_type = self._extract_generic_type(call, source)
+                results.append(APICallMatch(
+                    http_method=method,
+                    url_pattern=url,
+                    call_node=call,
+                    line=call.start_point[0] + 1,
+                    response_type=response_type,
+                ))
+
+        return results
+
+    def _extract_generic_type(self, call_node: Node, source: bytes) -> str | None:
+        """Extract generic type parameter from calls like axios.post<UserResponse>(...)."""
+        for child in call_node.children:
+            if child.type == "type_arguments":
+                for sub in child.children:
+                    if sub.type not in ("<", ">", ","):
+                        return node_text(sub, source).strip()
+        return None

commiter/adapters/sqlalchemy.py

@@ -0,0 +1,99 @@
+"""SQLAlchemy adapter — detects SQLAlchemy ORM database operations."""
+
+from __future__ import annotations
+
+import re
+from typing import TYPE_CHECKING
+
+from commiter.adapters.base import DBAdapter, DBOpMatch
+
+if TYPE_CHECKING:
+    from tree_sitter import Tree
+
+# SQLAlchemy session methods to operation types
+SA_OP_MAP = {
+    "query": "select",
+    "add": "insert",
+    "add_all": "insert",
+    "merge": "upsert",
+    "delete": "delete",
+    "execute": "query",
+}
+
+
+class SQLAlchemyAdapter(DBAdapter):
+    orm_name = "sqlalchemy"
+    language = "python"
+
+    def find_db_operations(self, tree: Tree, source: bytes) -> list[DBOpMatch]:
+        ops = []
+        text = source.decode("utf-8", errors="replace")
+
+        # Pattern 1: session.query(Model).filter_by(...) / session.query(Model).filter(...)
+        for match in re.finditer(
+            r'(?:session|db)\s*\.\s*query\s*\(\s*(\w+)\s*\)',
+            text,
+        ):
+            model_name = match.group(1)
+            line = text[:match.start()].count("\n") + 1
+            filters = self._extract_sa_filters(text, match.end())
+
+            ops.append(DBOpMatch(
+                operation_type="select",
+                table_name=model_name,
+                call_node=tree.root_node,
+                line=line,
+                filters=filters,
+            ))
+
+        # Pattern 2: session.add(instance), session.delete(instance)
+        for match in re.finditer(
+            r'(?:session|db)\s*\.\s*(add|add_all|delete|merge)\s*\(',
+            text,
+        ):
+            method = match.group(1)
+            op_type = SA_OP_MAP.get(method, "unknown")
+            line = text[:match.start()].count("\n") + 1
+
+            ops.append(DBOpMatch(
+                operation_type=op_type,
+                table_name="<from_instance>",
+                call_node=tree.root_node,
+                line=line,
+            ))
+
+        # Pattern 3: Model.query.filter_by(...) (Flask-SQLAlchemy style)
+        for match in re.finditer(
+            r'(\b[A-Z]\w+)\s*\.\s*query\s*\.',
+            text,
+        ):
+            model_name = match.group(1)
+            line = text[:match.start()].count("\n") + 1
+            filters = self._extract_sa_filters(text, match.end())
+
+            ops.append(DBOpMatch(
+                operation_type="select",
+                table_name=model_name,
+                call_node=tree.root_node,
+                line=line,
+                filters=filters,
+            ))
+
+        return ops
+
+    def _extract_sa_filters(self, text: str, start: int) -> list[str]:
+        """Extract filter field names from .filter_by(field=...) or .filter(Model.field == ...)."""
+        filters = []
+        remaining = text[start:start + 500]
+
+        # filter_by(field=value)
+        fb_match = re.search(r'\.filter_by\s*\(([^)]+)\)', remaining)
+        if fb_match:
+            for field in re.finditer(r'(\w+)\s*=', fb_match.group(1)):
+                filters.append(field.group(1))
+
+        # filter(Model.field == value)
+        for match in re.finditer(r'\.filter\s*\([^)]*?\.(\w+)\s*[=!<>]', remaining):
+            filters.append(match.group(1))
+
+        return filters

commiter/adapters/supabase.py

@@ -0,0 +1,68 @@
+"""Supabase adapter — detects Supabase client DB operations (Python + JS)."""
+
+from __future__ import annotations
+
+import re
+from typing import TYPE_CHECKING
+
+from commiter.adapters.base import DBAdapter, DBOpMatch
+from commiter.parser import node_text, find_nodes_by_type
+
+if TYPE_CHECKING:
+    from tree_sitter import Tree
+
+# Operation method names in Supabase client chain
+OPERATION_MAP = {
+    "select": "select",
+    "insert": "insert",
+    "update": "update",
+    "delete": "delete",
+    "upsert": "upsert",
+}
+
+
+class SupabaseAdapter(DBAdapter):
+    orm_name = "supabase"
+    language = "python"  # works for both Python and JS
+
+    def find_db_operations(self, tree: Tree, source: bytes) -> list[DBOpMatch]:
+        ops = []
+        call_nodes = find_nodes_by_type(tree.root_node, "call_expression" if b"supabase" in source else "call")
+
+        # Use regex on source for reliability across both Python and JS ASTs
+        text = source.decode("utf-8", errors="replace")
+
+        # Match patterns like:
+        #   supabase.table("users").select(...)
+        #   supabase.from("users").select(...)
+        #   supabase.from_("users").select(...)   (Python client)
+        for match in re.finditer(
+            r'(?:supabase|db|client)\s*\.\s*(?:table|from_?)\s*\(\s*["\'](\w+)["\']\s*\)\s*\.\s*(\w+)',
+            text,
+        ):
+            table_name = match.group(1)
+            method = match.group(2)
+            op_type = OPERATION_MAP.get(method)
+            if not op_type:
+                continue
+
+            line = text[:match.start()].count("\n") + 1
+            filters = self._extract_filters(text, match.end())
+
+            ops.append(DBOpMatch(
+                operation_type=op_type,
+                table_name=table_name,
+                call_node=tree.root_node,  # placeholder
+                line=line,
+                filters=filters,
+            ))
+
+        return ops
+
+    def _extract_filters(self, text: str, start: int) -> list[str]:
+        """Extract .eq(), .neq(), .gt() etc. filter calls after the operation."""
+        filters = []
+        remaining = text[start:start + 500]  # look ahead
+        for match in re.finditer(r'\.\s*(eq|neq|gt|gte|lt|lte|in_|like|ilike|is_|contains)\s*\(\s*["\'](\w+)["\']', remaining):
+            filters.append(f"{match.group(1)}({match.group(2)})")
+        return filters

commiter/auth.py

@@ -0,0 +1,130 @@
+"""Browser-based CLI authentication for Commiter."""
+
+from __future__ import annotations
+
+import json
+import socket
+import threading
+import webbrowser
+from http.server import HTTPServer, BaseHTTPRequestHandler
+from pathlib import Path
+from urllib.parse import urlparse, parse_qs
+
+FRONTEND_URL = "https://commiter-three.vercel.app"
+CREDENTIALS_DIR = Path.home() / ".config" / "commiter"
+CREDENTIALS_FILE = CREDENTIALS_DIR / "credentials.json"
+
+
+def _find_free_port() -> int:
+    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+        s.bind(("127.0.0.1", 0))
+        return s.getsockname()[1]
+
+
+def login() -> bool:
+    """Run the browser-based login flow.
+
+    Opens the browser to the Commiter consent page. A temporary local
+    HTTP server receives the callback with the CLI token.
+
+    Returns True on success, False on failure/timeout.
+    """
+    # Check if already logged in
+    existing = get_saved_token()
+    if existing:
+        creds = _read_credentials()
+        email = creds.get("email", "unknown")
+        print(f"Already logged in as {email}")
+        print("Run commiter --logout first to switch accounts.")
+        return True
+
+    port = _find_free_port()
+    result: dict = {}
+
+    class CallbackHandler(BaseHTTPRequestHandler):
+        def do_GET(self):
+            parsed = urlparse(self.path)
+            if parsed.path == "/callback":
+                params = parse_qs(parsed.query)
+                token = params.get("token", [None])[0]
+                email = params.get("email", [""])[0]
+                if token:
+                    result["token"] = token
+                    result["email"] = email
+                    self.send_response(200)
+                    self.send_header("Content-Type", "text/html")
+                    self.end_headers()
+                    self.wfile.write(
+                        b"<html><body><h2>Login successful!</h2>"
+                        b"<p>You can close this window and return to your terminal.</p>"
+                        b"</body></html>"
+                    )
+                else:
+                    self.send_response(400)
+                    self.send_header("Content-Type", "text/html")
+                    self.end_headers()
+                    self.wfile.write(b"<html><body><h2>Login failed</h2><p>No token received.</p></body></html>")
+            else:
+                self.send_response(404)
+                self.end_headers()
+
+        def log_message(self, format, *args):
+            pass  # Suppress request logs
+
+    server = HTTPServer(("127.0.0.1", port), CallbackHandler)
+    server.timeout = 120  # 2 minute timeout
+
+    authorize_url = f"{FRONTEND_URL}/cli/authorize?port={port}"
+    print(f"Opening browser to log in...")
+    print(f"If the browser doesn't open, visit: {authorize_url}")
+    webbrowser.open(authorize_url)
+
+    # Wait for the callback
+    def serve():
+        while not result and server.timeout > 0:
+            server.handle_request()
+
+    thread = threading.Thread(target=serve, daemon=True)
+    thread.start()
+    thread.join(timeout=120)
+    server.server_close()
+
+    if result.get("token"):
+        _save_credentials(result["token"], result.get("email", ""))
+        print(f"Logged in as {result.get('email', 'unknown')}")
+        return True
+    else:
+        print("Login timed out or was denied.")
+        return False
+
+
+def logout() -> None:
+    """Remove saved credentials."""
+    if CREDENTIALS_FILE.exists():
+        CREDENTIALS_FILE.unlink()
+        print("Logged out successfully.")
+    else:
+        print("Not currently logged in.")
+
+
+def get_saved_token() -> str | None:
+    """Read the saved CLI token. Returns None if missing or expired."""
+    creds = _read_credentials()
+    return creds.get("token") if creds else None
+
+
+def _read_credentials() -> dict | None:
+    if not CREDENTIALS_FILE.exists():
+        return None
+    try:
+        return json.loads(CREDENTIALS_FILE.read_text())
+    except (json.JSONDecodeError, OSError):
+        return None
+
+
+def _save_credentials(token: str, email: str) -> None:
+    CREDENTIALS_DIR.mkdir(parents=True, exist_ok=True)
+    CREDENTIALS_FILE.write_text(json.dumps({
+        "token": token,
+        "email": email,
+    }, indent=2))