crackerjack 0.32.0__py3-none-any.whl → 0.33.0__py3-none-any.whl

crackerjack/models/protocols.py

@@ -144,6 +144,75 @@ class SecurityAwareHookManager(HookManager, t.Protocol):
         ...
 
 
+@t.runtime_checkable
+class CoverageRatchetProtocol(t.Protocol):
+    """Protocol for coverage ratchet service."""
+
+    def get_baseline_coverage(self) -> float: ...
+
+    def update_baseline_coverage(self, new_coverage: float) -> bool: ...
+
+    def is_coverage_regression(self, current_coverage: float) -> bool: ...
+
+    def get_coverage_improvement_needed(self) -> float: ...
+
+    def get_status_report(self) -> dict[str, t.Any]: ...
+
+    def get_coverage_report(self) -> str | None: ...
+
+    def check_and_update_coverage(self) -> dict[str, t.Any]: ...
+
+
+@t.runtime_checkable
+class ConfigurationServiceProtocol(t.Protocol):
+    """Protocol for configuration service."""
+
+    def update_precommit_config(self, options: OptionsProtocol) -> bool: ...
+
+    def update_pyproject_config(self, options: OptionsProtocol) -> bool: ...
+
+    def get_temp_config_path(self) -> str | None: ...
+
+
+@t.runtime_checkable
+class SecurityServiceProtocol(t.Protocol):
+    """Protocol for security service."""
+
+    def validate_file_safety(self, path: str | Path) -> bool: ...
+
+    def check_hardcoded_secrets(self, content: str) -> list[dict[str, t.Any]]: ...
+
+    def is_safe_subprocess_call(self, cmd: list[str]) -> bool: ...
+
+    def create_secure_command_env(self) -> dict[str, str]: ...
+
+    def mask_tokens(self, text: str) -> str: ...
+
+    def validate_token_format(self, token: str, token_type: str) -> bool: ...
+
+
+@t.runtime_checkable
+class InitializationServiceProtocol(t.Protocol):
+    """Protocol for initialization service."""
+
+    def initialize_project(self, project_path: str | Path) -> bool: ...
+
+    def validate_project_structure(self) -> bool: ...
+
+    def setup_git_hooks(self) -> bool: ...
+
+
+@t.runtime_checkable
+class UnifiedConfigurationServiceProtocol(t.Protocol):
+    """Protocol for unified configuration service."""
+
+    def merge_configurations(self) -> dict[str, t.Any]: ...
+
+    def validate_configuration(self, config: dict[str, t.Any]) -> bool: ...
+
+    def get_merged_config(self) -> dict[str, t.Any]: ...
+
+
 @t.runtime_checkable
 class TestManagerProtocol(t.Protocol):
     def run_tests(self, options: OptionsProtocol) -> bool: ...

crackerjack/models/task.py

@@ -56,10 +56,13 @@ class TaskStatusData:
     details: str | None = None
     error_message: str | None = None
     files_changed: list[str] | None = None
+    hook_results: list[t.Any] | None = None
 
     def __post_init__(self) -> None:
         if self.files_changed is None:
             self.files_changed = []
+        if self.hook_results is None:
+            self.hook_results = []
         if self.start_time is not None and self.end_time is not None:
             self.duration = self.end_time - self.start_time
 

crackerjack/security/__init__.py

@@ -1 +1 @@
-"""Security utilities for Crackerjack."""
+"""Security utilities for Crackerjack."""

crackerjack/security/audit.py

@@ -2,7 +2,6 @@
 
 import typing as t
 from dataclasses import dataclass
-from enum import Enum
 
 from crackerjack.config.hooks import SecurityLevel
 
@@ -10,7 +9,7 @@ from crackerjack.config.hooks import SecurityLevel
 @dataclass
 class SecurityCheckResult:
     """Result of a security check."""
-    
+
     hook_name: str
     security_level: SecurityLevel
     passed: bool
@@ -18,74 +17,72 @@ class SecurityCheckResult:
     details: dict[str, t.Any] | None = None
 
 
-@dataclass  
+@dataclass
 class SecurityAuditReport:
     """Comprehensive security audit report for publishing decisions."""
-    
+
     critical_failures: list[SecurityCheckResult]
-    high_failures: list[SecurityCheckResult] 
+    high_failures: list[SecurityCheckResult]
     medium_failures: list[SecurityCheckResult]
     low_failures: list[SecurityCheckResult]
-    
+
     allows_publishing: bool
     security_warnings: list[str]
     recommendations: list[str]
-    
+
     @property
     def has_critical_failures(self) -> bool:
         """Check if there are any critical security failures."""
         return len(self.critical_failures) > 0
-    
+
     @property
     def total_failures(self) -> int:
         """Get total number of failed checks."""
         return (
-            len(self.critical_failures) + 
-            len(self.high_failures) + 
-            len(self.medium_failures) + 
-            len(self.low_failures)
+            len(self.critical_failures)
+            + len(self.high_failures)
+            + len(self.medium_failures)
+            + len(self.low_failures)
         )
 
 
 class SecurityAuditor:
     """Security auditor for hook results following OWASP secure SDLC practices."""
-    
+
     # Security-critical hooks that CANNOT be bypassed for publishing
     CRITICAL_HOOKS = {
-        'bandit': 'Security vulnerability detection (OWASP A09)',
-        'pyright': 'Type safety prevents runtime security holes (OWASP A04)', 
-        'gitleaks': 'Secret/credential detection (OWASP A07)',
+        "bandit": "Security vulnerability detection (OWASP A09)",
+        "pyright": "Type safety prevents runtime security holes (OWASP A04)",
+        "gitleaks": "Secret/credential detection (OWASP A07)",
     }
-    
+
     # High-importance security hooks that can be bypassed with warnings
     HIGH_SECURITY_HOOKS = {
-        'validate-regex-patterns': 'Regex vulnerability detection',
-        'creosote': 'Dependency vulnerability analysis',
-        'check-added-large-files': 'Large file security analysis',
-        'uv-lock': 'Dependency lock security',
+        "validate-regex-patterns": "Regex vulnerability detection",
+        "creosote": "Dependency vulnerability analysis",
+        "check-added-large-files": "Large file security analysis",
+        "uv-lock": "Dependency lock security",
     }
-    
+
     def audit_hook_results(
-        self, 
-        fast_results: list[t.Any], 
-        comprehensive_results: list[t.Any]
+        self, fast_results: list[t.Any], comprehensive_results: list[t.Any]
     ) -> SecurityAuditReport:
         """Audit hook results and generate security report.
-        
+
         Args:
             fast_results: Results from fast hooks
             comprehensive_results: Results from comprehensive hooks
-            
+
         Returns:
             SecurityAuditReport with security analysis
         """
         all_results = fast_results + comprehensive_results
-        
+
         critical_failures = []
-        high_failures = []  
+        high_failures = []
         medium_failures = []
         low_failures = []
-        
+
         for result in all_results:
             check_result = self._analyze_hook_result(result)
             if not check_result.passed:
@@ -97,18 +94,18 @@ class SecurityAuditor:
                     medium_failures.append(check_result)
                 else:
                     low_failures.append(check_result)
-        
+
         # Publishing is allowed only if no critical failures exist
         allows_publishing = len(critical_failures) == 0
-        
+
         security_warnings = self._generate_security_warnings(
             critical_failures, high_failures, medium_failures
         )
-        
+
         recommendations = self._generate_security_recommendations(
             critical_failures, high_failures, medium_failures
         )
-        
+
         return SecurityAuditReport(
             critical_failures=critical_failures,
             high_failures=high_failures,
@@ -118,95 +115,112 @@ class SecurityAuditor:
             security_warnings=security_warnings,
             recommendations=recommendations,
         )
-    
+
     def _analyze_hook_result(self, result: t.Any) -> SecurityCheckResult:
         """Analyze a single hook result for security implications."""
-        hook_name = getattr(result, 'name', 'unknown')
-        is_failed = getattr(result, 'status', 'unknown') in ('failed', 'error', 'timeout')
-        error_message = getattr(result, 'output', None) or getattr(result, 'error', None)
-        
+        hook_name = getattr(result, "name", "unknown")
+        is_failed = getattr(result, "status", "unknown") in (
+            "failed",
+            "error",
+            "timeout",
+        )
+        error_message = getattr(result, "output", None) or getattr(
+            result, "error", None
+        )
+
         # Determine security level
         security_level = self._get_hook_security_level(hook_name)
-        
+
         return SecurityCheckResult(
             hook_name=hook_name,
             security_level=security_level,
             passed=not is_failed,
             error_message=error_message,
-            details={'status': getattr(result, 'status', 'unknown')},
+            details={"status": getattr(result, "status", "unknown")},
         )
-    
+
     def _get_hook_security_level(self, hook_name: str) -> SecurityLevel:
         """Get security level for a hook name."""
         hook_name_lower = hook_name.lower()
-        
+
         if hook_name_lower in [name.lower() for name in self.CRITICAL_HOOKS]:
             return SecurityLevel.CRITICAL
         elif hook_name_lower in [name.lower() for name in self.HIGH_SECURITY_HOOKS]:
             return SecurityLevel.HIGH
-        elif hook_name_lower in ['ruff-check', 'vulture', 'refurb', 'complexipy']:
+        elif hook_name_lower in ("ruff-check", "vulture", "refurb", "complexipy"):
             return SecurityLevel.MEDIUM
-        else:
-            return SecurityLevel.LOW
-    
+        return SecurityLevel.LOW
+
     def _generate_security_warnings(
-        self, 
+        self,
         critical: list[SecurityCheckResult],
-        high: list[SecurityCheckResult], 
-        medium: list[SecurityCheckResult]
+        high: list[SecurityCheckResult],
+        medium: list[SecurityCheckResult],
     ) -> list[str]:
         """Generate security warnings based on failed checks."""
         warnings = []
-        
+
         if critical:
             warnings.append(
                 f"🔒 CRITICAL: {len(critical)} security-critical checks failed - publishing BLOCKED"
             )
             for failure in critical:
-                reason = self.CRITICAL_HOOKS.get(failure.hook_name.lower(), "Security-critical check")
+                reason = self.CRITICAL_HOOKS.get(
+                    failure.hook_name.lower(), "Security-critical check"
+                )
                 warnings.append(f"   • {failure.hook_name}: {reason}")
-        
+
         if high:
             warnings.append(
                 f"⚠️ HIGH: {len(high)} high-security checks failed - review recommended"
             )
-        
+
         if medium:
-            warnings.append(
-                f"ℹ️ MEDIUM: {len(medium)} standard quality checks failed"
-            )
-        
+            warnings.append(f"ℹ️ MEDIUM: {len(medium)} standard quality checks failed")
+
         return warnings
-    
+
     def _generate_security_recommendations(
         self,
         critical: list[SecurityCheckResult],
         high: list[SecurityCheckResult],
-        medium: list[SecurityCheckResult]
+        medium: list[SecurityCheckResult],
     ) -> list[str]:
         """Generate security recommendations based on OWASP best practices."""
         recommendations = []
-        
+
         if critical:
-            recommendations.append("🔧 Fix all CRITICAL security issues before publishing")
-            
+            recommendations.append(
+                "🔧 Fix all CRITICAL security issues before publishing"
+            )
+
             # Specific recommendations based on failed checks
             critical_names = [f.hook_name.lower() for f in critical]
-            
-            if 'bandit' in critical_names:
-                recommendations.append("   • Review bandit security findings - may indicate vulnerabilities")
-            if 'pyright' in critical_names:
-                recommendations.append("   • Fix type errors - type safety prevents runtime security holes")
-            if 'gitleaks' in critical_names:
-                recommendations.append("   • Remove secrets/credentials from code - use environment variables")
-        
+
+            if "bandit" in critical_names:
+                recommendations.append(
+                    "   • Review bandit security findings - may indicate vulnerabilities"
+                )
+            if "pyright" in critical_names:
+                recommendations.append(
+                    "   • Fix type errors - type safety prevents runtime security holes"
+                )
+            if "gitleaks" in critical_names:
+                recommendations.append(
+                    "   • Remove secrets/credentials from code - use environment variables"
+                )
+
         if high:
-            recommendations.append("🔍 Review HIGH-security findings before production deployment")
-        
-        if len(critical) == 0 and len(high) == 0:
+            recommendations.append(
+                "🔍 Review HIGH-security findings before production deployment"
+            )
+
+        if not critical and not high:
             recommendations.append("✅ Security posture is acceptable for publishing")
-        
+
         # Add OWASP best practices reference
-        recommendations.append("📖 Follow OWASP Secure Coding Practices for comprehensive security")
-        
-        return recommendations
+        recommendations.append(
+            "📖 Follow OWASP Secure Coding Practices for comprehensive security"
+        )
+
+        return recommendations

crackerjack/services/config.py

@@ -53,8 +53,9 @@ class ConfigurationService:
             )
             return False
 
-    def get_temp_config_path(self) -> Path | None:
-        return getattr(self, "_temp_config_path", None)
+    def get_temp_config_path(self) -> str | None:
+        path = getattr(self, "_temp_config_path", None)
+        return str(path) if path else None
 
     def _determine_config_mode(self, options: OptionsProtocol) -> str:
         if options.experimental_hooks:

crackerjack/services/config_merge.py

@@ -8,9 +8,11 @@ import tomli_w
 import yaml
 from rich.console import Console
 
-from crackerjack.models.protocols import ConfigMergeServiceProtocol
-from crackerjack.services.filesystem import FileSystemService
-from crackerjack.services.git import GitService
+from crackerjack.models.protocols import (
+    ConfigMergeServiceProtocol,
+    FileSystemInterface,
+    GitInterface,
+)
 from crackerjack.services.logging import get_logger
 
 
@@ -29,8 +31,8 @@ class ConfigMergeService(ConfigMergeServiceProtocol):
     def __init__(
         self,
         console: Console,
-        filesystem: FileSystemService,
-        git_service: GitService,
+        filesystem: FileSystemInterface,
+        git_service: GitInterface,
     ) -> None:
         self.console = console
         self.filesystem = filesystem
@@ -323,6 +325,8 @@ class ConfigMergeService(ConfigMergeServiceProtocol):
         content = buffer.getvalue().decode("utf-8")
 
         # Clean trailing whitespace
+        from crackerjack.services.filesystem import FileSystemService
+
         content = FileSystemService.clean_trailing_whitespace_and_newlines(content)
 
         with target_path.open("w", encoding="utf-8") as f:
@@ -350,6 +354,8 @@ class ConfigMergeService(ConfigMergeServiceProtocol):
         content = content or ""
 
         # Clean trailing whitespace
+        from crackerjack.services.filesystem import FileSystemService
+
         content = FileSystemService.clean_trailing_whitespace_and_newlines(content)
 
         with target_path.open("w") as f:

crackerjack/services/coverage_ratchet.py

@@ -52,6 +52,28 @@ class CoverageRatchetService:
     def get_baseline(self) -> float:
         return self.get_ratchet_data().get("baseline", 0.0)
 
+    def get_baseline_coverage(self) -> float:
+        """Protocol method: Get baseline coverage."""
+        return self.get_baseline()
+
+    def update_baseline_coverage(self, new_coverage: float) -> bool:
+        """Protocol method: Update baseline coverage."""
+        return self.update_coverage(new_coverage).get("success", False)
+
+    def is_coverage_regression(self, current_coverage: float) -> bool:
+        """Protocol method: Check if coverage is a regression."""
+        baseline = self.get_baseline()
+        return current_coverage < (baseline - self.TOLERANCE_MARGIN)
+
+    def get_coverage_improvement_needed(self) -> float:
+        """Protocol method: Get coverage improvement needed."""
+        data = self.get_ratchet_data()
+        baseline = data.get("baseline", 0.0)
+        next_milestone = data.get("next_milestone")
+        if next_milestone:
+            return next_milestone - baseline
+        return 100.0 - baseline
+
     def update_coverage(self, new_coverage: float) -> dict[str, t.Any]:
         """Update coverage with 2% tolerance margin to prevent test flakiness.
 

crackerjack/services/git.py

@@ -6,6 +6,22 @@ from rich.console import Console
 from .secure_subprocess import execute_secure_subprocess
 from .security_logger import get_security_logger
 
+# Centralized Git command registry for security validation
+GIT_COMMANDS = {
+    "git_dir": ["rev-parse", "--git-dir"],
+    "staged_files": ["diff", "--cached", "--name-only", "--diff-filter=ACMRT"],
+    "unstaged_files": ["diff", "--name-only", "--diff-filter=ACMRT"],
+    "untracked_files": ["ls-files", "--others", "--exclude-standard"],
+    "staged_files_simple": ["diff", "--cached", "--name-only"],
+    "add_file": ["add"],  # File path will be appended
+    "add_all": ["add", "-A", "."],
+    "commit": ["commit", "-m"],  # Message will be appended
+    "add_updated": ["add", "-u"],
+    "push_porcelain": ["push", "--porcelain"],
+    "current_branch": ["branch", "--show-current"],
+    "commits_ahead": ["rev-list", "--count", "@{u}..HEAD"],
+}
+
 
 class FailedGitResult:
     """A Git result object compatible with subprocess.CompletedProcess."""
@@ -51,34 +67,28 @@ class GitService:
 
     def is_git_repo(self) -> bool:
         try:
-            result = self._run_git_command(["rev-parse", "- - git-dir"])
+            result = self._run_git_command(GIT_COMMANDS["git_dir"])
             return result.returncode == 0
         except (subprocess.SubprocessError, OSError, FileNotFoundError):
             return False
 
     def get_changed_files(self) -> list[str]:
         try:
-            staged_result = self._run_git_command(
-                ["diff", "--cached", "- - name-only", "- - diff-filter=ACMRT"]
-            )
+            staged_result = self._run_git_command(GIT_COMMANDS["staged_files"])
             staged_files = (
                 staged_result.stdout.strip().split("\n")
                 if staged_result.stdout.strip()
                 else []
             )
 
-            unstaged_result = self._run_git_command(
-                ["diff", "- - name-only", "- - diff-filter=ACMRT"]
-            )
+            unstaged_result = self._run_git_command(GIT_COMMANDS["unstaged_files"])
             unstaged_files = (
                 unstaged_result.stdout.strip().split("\n")
                 if unstaged_result.stdout.strip()
                 else []
             )
 
-            untracked_result = self._run_git_command(
-                ["ls-files", "--others", "- - exclude-standard"],
-            )
+            untracked_result = self._run_git_command(GIT_COMMANDS["untracked_files"])
             untracked_files = (
                 untracked_result.stdout.strip().split("\n")
                 if untracked_result.stdout.strip()
@@ -93,7 +103,7 @@ class GitService:
 
     def get_staged_files(self) -> list[str]:
         try:
-            result = self._run_git_command(["diff", "--cached", "- - name-only"])
+            result = self._run_git_command(GIT_COMMANDS["staged_files_simple"])
             return result.stdout.strip().split("\n") if result.stdout.strip() else []
         except Exception as e:
             self.console.print(f"[yellow]⚠️[/ yellow] Error getting staged files: {e}")
@@ -102,7 +112,8 @@ class GitService:
     def add_files(self, files: list[str]) -> bool:
         try:
             for file in files:
-                result = self._run_git_command(["add", file])
+                cmd = GIT_COMMANDS["add_file"] + [file]
+                result = self._run_git_command(cmd)
                 if result.returncode != 0:
                     self.console.print(
                         f"[red]❌[/ red] Failed to add {file}: {result.stderr}",
@@ -116,7 +127,7 @@ class GitService:
     def add_all_files(self) -> bool:
         """Stage all changes including new, modified, and deleted files."""
         try:
-            result = self._run_git_command(["add", "-A", "."])
+            result = self._run_git_command(GIT_COMMANDS["add_all"])
             if result.returncode == 0:
                 self.console.print("[green]✅[/ green] Staged all changes")
                 return True
@@ -130,7 +141,8 @@ class GitService:
 
     def commit(self, message: str) -> bool:
         try:
-            result = self._run_git_command(["commit", "- m", message])
+            cmd = GIT_COMMANDS["commit"] + [message]
+            result = self._run_git_command(cmd)
             if result.returncode == 0:
                 self.console.print(f"[green]✅[/ green] Committed: {message}")
                 return True
@@ -153,14 +165,15 @@ class GitService:
             "[yellow]🔄[/ yellow] Pre - commit hooks modified files - attempting to re-stage and retry commit"
         )
 
-        add_result = self._run_git_command(["add", "- u"])
+        add_result = self._run_git_command(GIT_COMMANDS["add_updated"])
         if add_result.returncode != 0:
             self.console.print(
                 f"[red]❌[/ red] Failed to re-stage files: {add_result.stderr}"
             )
             return False
 
-        retry_result = self._run_git_command(["commit", "- m", message])
+        cmd = GIT_COMMANDS["commit"] + [message]
+        retry_result = self._run_git_command(cmd)
         if retry_result.returncode == 0:
             self.console.print(
                 f"[green]✅[/ green] Committed after re-staging: {message}"
@@ -188,7 +201,7 @@ class GitService:
     def push(self) -> bool:
         try:
             # Get detailed push information
-            result = self._run_git_command(["push", "--porcelain"])
+            result = self._run_git_command(GIT_COMMANDS["push_porcelain"])
             if result.returncode == 0:
                 self._display_push_success(result.stdout)
                 return True
@@ -241,7 +254,7 @@ class GitService:
         """Fallback method to show commit count information."""
         try:
             # Get commits ahead of remote
-            result = self._run_git_command(["rev-list", "--count", "@{u}..HEAD"])
+            result = self._run_git_command(GIT_COMMANDS["commits_ahead"])
             if result.returncode == 0 and result.stdout.strip().isdigit():
                 commit_count = int(result.stdout.strip())
                 if commit_count > 0:
@@ -260,17 +273,17 @@ class GitService:
 
     def get_current_branch(self) -> str | None:
         try:
-            result = self._run_git_command(["branch", "- - show-current"])
+            result = self._run_git_command(GIT_COMMANDS["current_branch"])
             return result.stdout.strip() if result.returncode == 0 else None
         except (subprocess.SubprocessError, OSError, FileNotFoundError):
             return None
 
-    def get_commit_message_suggestions(self, files: list[str]) -> list[str]:
-        if not files:
+    def get_commit_message_suggestions(self, changed_files: list[str]) -> list[str]:
+        if not changed_files:
             return ["Update project files"]
-        file_categories = self._categorize_files(files)
+        file_categories = self._categorize_files(changed_files)
         messages = self._generate_category_messages(file_categories)
-        messages.extend(self._generate_specific_messages(files))
+        messages.extend(self._generate_specific_messages(changed_files))
 
         return messages[:5]
 
@@ -326,7 +339,7 @@ class GitService:
         from contextlib import suppress
 
         with suppress(ValueError, Exception):
-            result = self._run_git_command(["rev-list", "--count", "@{u}..HEAD"])
+            result = self._run_git_command(GIT_COMMANDS["commits_ahead"])
             if result.returncode == 0 and result.stdout.strip().isdigit():
                 return int(result.stdout.strip())
         return 0