crucible-mcp 0.3.0__py3-none-any.whl → 0.4.0__py3-none-any.whl

crucible/__init__.py

@@ -1,3 +1,3 @@
 """crucible: Code review orchestration MCP server."""
 
-__version__ = "0.1.0"
+__version__ = "0.4.0"

crucible/cli.py

@@ -442,11 +442,13 @@ def cmd_review(args: argparse.Namespace) -> int:
     import json as json_mod
 
     from crucible.models import Domain, Severity, ToolFinding
-    from crucible.tools.delegation import (
-        delegate_bandit,
-        delegate_ruff,
-        delegate_semgrep,
-        delegate_slither,
+    from crucible.review.core import (
+        compute_severity_counts,
+        deduplicate_findings,
+        detect_domain_for_file,
+        filter_findings_to_changes,
+        get_tools_for_domain,
+        run_static_analysis,
     )
     from crucible.tools.git import (
         get_branch_diff,
@@ -457,92 +459,6 @@ def cmd_review(args: argparse.Namespace) -> int:
         is_git_repo,
     )
 
-    # Helper functions (inline to avoid circular imports)
-    def get_semgrep_config(domain: Domain) -> str:
-        if domain == Domain.SMART_CONTRACT:
-            return "p/smart-contracts"
-        elif domain == Domain.BACKEND:
-            return "p/python"
-        elif domain == Domain.FRONTEND:
-            return "p/typescript"
-        return "auto"
-
-    def detect_domain(filename: str) -> tuple[Domain, list[str]]:
-        """Detect domain from file extension."""
-        ext = Path(filename).suffix.lower()
-        if ext == ".sol":
-            return Domain.SMART_CONTRACT, ["solidity", "smart_contract", "web3"]
-        elif ext in (".py", ".pyw"):
-            return Domain.BACKEND, ["python", "backend"]
-        elif ext in (".ts", ".tsx", ".js", ".jsx"):
-            return Domain.FRONTEND, ["typescript", "frontend", "javascript"]
-        elif ext == ".rs":
-            return Domain.BACKEND, ["rust", "backend"]
-        elif ext == ".go":
-            return Domain.BACKEND, ["go", "backend"]
-        return Domain.UNKNOWN, []
-
-    def get_changed_files(changes: list) -> list[str]:
-        """Get list of changed files (excluding deleted)."""
-        return [c.path for c in changes if c.status != "D"]
-
-    def parse_location_line(location: str) -> int | None:
-        """Extract line number from location string like 'file.py:10'."""
-        if ":" in location:
-            try:
-                return int(location.split(":")[1].split(":")[0])
-            except (ValueError, IndexError):
-                return None
-        return None
-
-    def filter_findings_to_changes(
-        findings: list[ToolFinding],
-        changes: list,
-        include_context: bool = False,
-    ) -> list[ToolFinding]:
-        """Filter findings to only those in changed lines."""
-        # Build a lookup of file -> changed line ranges
-        changed_ranges: dict[str, list[tuple[int, int]]] = {}
-        for change in changes:
-            if change.status == "D":
-                continue  # Skip deleted files
-            ranges = [(r.start, r.end) for r in change.added_lines]
-            changed_ranges[change.path] = ranges
-
-        context_lines = 5 if include_context else 0
-        filtered: list[ToolFinding] = []
-
-        for finding in findings:
-            # Parse location: "path:line" or "path:line:col"
-            parts = finding.location.split(":")
-            if len(parts) < 2:
-                continue
-
-            file_path = parts[0]
-            try:
-                line_num = int(parts[1])
-            except ValueError:
-                continue
-
-            # Check if file is in changes
-            # Handle both absolute and relative paths
-            matching_file = None
-            for changed_file in changed_ranges:
-                if file_path.endswith(changed_file) or changed_file.endswith(file_path):
-                    matching_file = changed_file
-                    break
-
-            if not matching_file:
-                continue
-
-            # Check if line is in changed ranges (with context)
-            for start, end in changed_ranges[matching_file]:
-                if start - context_lines <= line_num <= end + context_lines:
-                    filtered.append(finding)
-                    break
-
-        return filtered
-
     path = args.path or "."
     mode = args.mode
 
@@ -638,7 +554,7 @@ def cmd_review(args: argparse.Namespace) -> int:
             print("No changes found.")
         return 0
 
-    changed_files = get_changed_files(context.changes)
+    changed_files = [c.path for c in context.changes if c.status != "D"]
     if not changed_files:
         print("No files to analyze (only deletions).")
         return 0
@@ -656,77 +572,24 @@ def cmd_review(args: argparse.Namespace) -> int:
 
     for file_path in changed_files:
         full_path = f"{repo_path}/{file_path}"
-        domain, domain_tags = detect_domain(file_path)
+        domain, domain_tags = detect_domain_for_file(file_path)
         domains_detected.add(domain)
         all_domain_tags.update(domain_tags)
 
-        # Select tools based on domain
-        if domain == Domain.SMART_CONTRACT:
-            tools = ["slither", "semgrep"]
-        elif domain == Domain.BACKEND and "python" in domain_tags:
-            tools = ["ruff", "bandit", "semgrep"]
-        elif domain == Domain.FRONTEND:
-            tools = ["semgrep"]
-        else:
-            tools = ["semgrep"]
-
-        # Apply skip_tools from config
+        # Get tools for this domain, applying skip_tools from config
+        tools = get_tools_for_domain(domain, domain_tags)
         tools = [t for t in tools if t not in skip_tools]
 
-        # Run tools
-        if "semgrep" in tools:
-            semgrep_config = get_semgrep_config(domain)
-            result = delegate_semgrep(full_path, semgrep_config)
-            if result.is_ok:
-                all_findings.extend(result.value)
-            elif result.is_err:
-                tool_errors.append(f"semgrep ({file_path}): {result.error}")
-
-        if "ruff" in tools:
-            result = delegate_ruff(full_path)
-            if result.is_ok:
-                all_findings.extend(result.value)
-            elif result.is_err:
-                tool_errors.append(f"ruff ({file_path}): {result.error}")
-
-        if "slither" in tools:
-            result = delegate_slither(full_path)
-            if result.is_ok:
-                all_findings.extend(result.value)
-            elif result.is_err:
-                tool_errors.append(f"slither ({file_path}): {result.error}")
-
-        if "bandit" in tools:
-            result = delegate_bandit(full_path)
-            if result.is_ok:
-                all_findings.extend(result.value)
-            elif result.is_err:
-                tool_errors.append(f"bandit ({file_path}): {result.error}")
-
-    # Filter findings to changed lines
+        # Run static analysis
+        findings, errors = run_static_analysis(full_path, domain, domain_tags, tools)
+        all_findings.extend(findings)
+        for err in errors:
+            tool_errors.append(f"{err} ({file_path})")
+
+    # Filter findings to changed lines and deduplicate
     filtered_findings = filter_findings_to_changes(
-        all_findings, context.changes, args.include_context
+        all_findings, context, args.include_context
     )
-
-    # Deduplicate findings
-    def deduplicate_findings(findings: list[ToolFinding]) -> list[ToolFinding]:
-        """Deduplicate findings by location and message."""
-        seen: dict[tuple[str, str], ToolFinding] = {}
-        severity_order = [Severity.CRITICAL, Severity.HIGH, Severity.MEDIUM, Severity.LOW, Severity.INFO]
-
-        for f in findings:
-            norm_msg = f.message.lower().strip()
-            key = (f.location, norm_msg)
-
-            if key not in seen:
-                seen[key] = f
-            else:
-                existing = seen[key]
-                if severity_order.index(f.severity) < severity_order.index(existing.severity):
-                    seen[key] = f
-
-        return list(seen.values())
-
     filtered_findings = deduplicate_findings(filtered_findings)
 
     # Match skills and load knowledge based on detected domains
@@ -761,10 +624,7 @@ def cmd_review(args: argparse.Namespace) -> int:
             knowledge_content[filename] = result.value
 
     # Compute severity summary
-    severity_counts: dict[str, int] = {}
-    for f in filtered_findings:
-        sev = f.severity.value
-        severity_counts[sev] = severity_counts.get(sev, 0) + 1
+    severity_counts = compute_severity_counts(filtered_findings)
 
     # Determine pass/fail using per-domain thresholds
     # Use the strictest applicable threshold
@@ -964,6 +824,281 @@ def cmd_review(args: argparse.Namespace) -> int:
     return 0 if passed else 1
 
 
+# --- Assertions commands ---
+
+# Assertions directories
+ASSERTIONS_BUNDLED = Path(__file__).parent / "enforcement" / "bundled"
+ASSERTIONS_USER = Path.home() / ".claude" / "crucible" / "assertions"
+ASSERTIONS_PROJECT = Path(".crucible") / "assertions"
+
+
+def cmd_assertions_validate(args: argparse.Namespace) -> int:
+    """Validate assertion files."""
+    from crucible.enforcement.assertions import (
+        clear_assertion_cache,
+        get_all_assertion_files,
+        load_assertion_file,
+    )
+
+    clear_assertion_cache()
+
+    files = get_all_assertion_files()
+    if not files:
+        print("No assertion files found.")
+        print("\nCreate assertion files in:")
+        print(f"  Project: {ASSERTIONS_PROJECT}/")
+        print(f"  User:    {ASSERTIONS_USER}/")
+        return 0
+
+    valid_count = 0
+    error_count = 0
+
+    for filename in sorted(files):
+        result = load_assertion_file(filename)
+        if result.is_ok:
+            assertion_count = len(result.value.assertions)
+            print(f"  ✓ {filename}: {assertion_count} assertion(s) valid")
+            valid_count += 1
+        else:
+            print(f"  ✗ {filename}: {result.error}")
+            error_count += 1
+
+    print()
+    if error_count == 0:
+        print(f"All {valid_count} file(s) valid.")
+        return 0
+    else:
+        print(f"{error_count} file(s) with errors, {valid_count} valid.")
+        return 1
+
+
+def cmd_assertions_list(args: argparse.Namespace) -> int:
+    """List available assertion files."""
+    print("Bundled assertions:")
+    if ASSERTIONS_BUNDLED.exists():
+        found = False
+        for file_path in sorted(ASSERTIONS_BUNDLED.iterdir()):
+            if file_path.is_file() and file_path.suffix in (".yaml", ".yml"):
+                print(f"  - {file_path.name}")
+                found = True
+        if not found:
+            print("  (none)")
+    else:
+        print("  (none)")
+
+    print("\nUser assertions (~/.claude/crucible/assertions/):")
+    if ASSERTIONS_USER.exists():
+        found = False
+        for file_path in sorted(ASSERTIONS_USER.iterdir()):
+            if file_path.is_file() and file_path.suffix in (".yaml", ".yml"):
+                print(f"  - {file_path.name}")
+                found = True
+        if not found:
+            print("  (none)")
+    else:
+        print("  (none)")
+
+    print("\nProject assertions (.crucible/assertions/):")
+    if ASSERTIONS_PROJECT.exists():
+        found = False
+        for file_path in sorted(ASSERTIONS_PROJECT.iterdir()):
+            if file_path.is_file() and file_path.suffix in (".yaml", ".yml"):
+                print(f"  - {file_path.name}")
+                found = True
+        if not found:
+            print("  (none)")
+    else:
+        print("  (none)")
+
+    return 0
+
+
+def cmd_assertions_test(args: argparse.Namespace) -> int:
+    """Test assertions against a file or directory."""
+    import os
+
+    from crucible.enforcement.assertions import load_assertions
+    from crucible.enforcement.patterns import run_pattern_assertions
+
+    target_path = Path(args.file)
+    if not target_path.exists():
+        print(f"Error: Path '{target_path}' not found")
+        return 1
+
+    assertions, errors = load_assertions()
+
+    if errors:
+        print("Assertion loading errors:")
+        for error in errors:
+            print(f"  - {error}")
+        print()
+
+    if not assertions:
+        print("No assertions loaded.")
+        return 0
+
+    # Collect files to test
+    files_to_test: list[tuple[str, str]] = []  # (display_path, content)
+
+    if target_path.is_file():
+        try:
+            content = target_path.read_text()
+            files_to_test.append((str(target_path), content))
+        except UnicodeDecodeError:
+            print(f"Error: Cannot read '{target_path}' (binary file?)")
+            return 1
+    else:
+        # Directory mode
+        for root, _, files in os.walk(target_path):
+            for fname in files:
+                fpath = Path(root) / fname
+                rel_path = fpath.relative_to(target_path)
+                try:
+                    content = fpath.read_text()
+                    files_to_test.append((str(rel_path), content))
+                except (UnicodeDecodeError, OSError):
+                    pass  # Skip binary/unreadable files
+
+    # Run assertions on all files
+    all_findings = []
+    checked = 0
+    skipped = 0
+
+    for display_path, content in files_to_test:
+        findings, c, s = run_pattern_assertions(display_path, content, assertions)
+        all_findings.extend(findings)
+        checked = max(checked, c)
+        skipped = max(skipped, s)
+
+    # Separate suppressed and active findings
+    active = [f for f in all_findings if not f.suppressed]
+    suppressed = [f for f in all_findings if f.suppressed]
+
+    print(f"Testing {target_path}")
+    print(f"  Files scanned: {len(files_to_test)}")
+    print(f"  Assertions checked: {checked}")
+    print(f"  Assertions skipped (LLM): {skipped}")
+    print()
+
+    if active:
+        print(f"Findings ({len(active)}):")
+        for f in active:
+            sev = f.severity.upper()
+            print(f"  [{sev}] {f.assertion_id}: {f.location}")
+            print(f"    {f.message}")
+            if f.match_text:
+                print(f"    Matched: {f.match_text!r}")
+            print()
+
+    if suppressed:
+        print(f"Suppressed ({len(suppressed)}):")
+        for f in suppressed:
+            reason = f" -- {f.suppression_reason}" if f.suppression_reason else ""
+            print(f"  {f.assertion_id}: {f.location}{reason}")
+
+    if not active and not suppressed:
+        print("No matches found.")
+
+    return 0
+
+
+def cmd_assertions_explain(args: argparse.Namespace) -> int:
+    """Explain what a rule does."""
+    from crucible.enforcement.assertions import load_assertions
+
+    rule_id = args.rule.lower()
+    assertions, errors = load_assertions()
+
+    for assertion in assertions:
+        if assertion.id.lower() == rule_id:
+            print(f"Rule: {assertion.id}")
+            print(f"Type: {assertion.type.value}")
+            if assertion.pattern:
+                print(f"Pattern: {assertion.pattern}")
+            print(f"Message: {assertion.message}")
+            print(f"Severity: {assertion.severity}")
+            print(f"Priority: {assertion.priority.value}")
+            if assertion.languages:
+                print(f"Languages: {', '.join(assertion.languages)}")
+            if assertion.applicability:
+                if assertion.applicability.glob:
+                    print(f"Applies to: {assertion.applicability.glob}")
+                if assertion.applicability.exclude:
+                    print(f"Excludes: {', '.join(assertion.applicability.exclude)}")
+            if assertion.compliance:
+                print(f"Compliance: {assertion.compliance}")
+            return 0
+
+    print(f"Rule '{rule_id}' not found.")
+    print("\nAvailable rules:")
+    for a in assertions[:10]:
+        print(f"  - {a.id}")
+    if len(assertions) > 10:
+        print(f"  ... and {len(assertions) - 10} more")
+    return 1
+
+
+def cmd_assertions_debug(args: argparse.Namespace) -> int:
+    """Debug applicability for a rule and file."""
+    from crucible.enforcement.assertions import load_assertions
+    from crucible.enforcement.patterns import matches_glob, matches_language
+
+    rule_id = args.rule.lower()
+    file_path = args.file
+
+    assertions, errors = load_assertions()
+
+    for assertion in assertions:
+        if assertion.id.lower() == rule_id:
+            print(f"Applicability check for '{assertion.id}':")
+            print()
+
+            # Language check
+            if assertion.languages:
+                lang_match = matches_language(file_path, assertion.languages)
+                lang_status = "MATCH" if lang_match else "NO MATCH"
+                print(f"  Languages: {', '.join(assertion.languages)}")
+                print(f"    File: {file_path} → {lang_status}")
+            else:
+                print("  Languages: (any)")
+
+            # Glob check
+            if assertion.applicability:
+                if assertion.applicability.glob:
+                    glob_match = matches_glob(
+                        file_path,
+                        assertion.applicability.glob,
+                        assertion.applicability.exclude,
+                    )
+                    glob_status = "MATCH" if glob_match else "NO MATCH"
+                    print(f"  Glob: {assertion.applicability.glob}")
+                    if assertion.applicability.exclude:
+                        print(f"  Exclude: {', '.join(assertion.applicability.exclude)}")
+                    print(f"    File: {file_path} → {glob_status}")
+                else:
+                    print("  Glob: (any)")
+            else:
+                print("  Applicability: (none)")
+
+            # Overall result
+            print()
+            lang_ok = matches_language(file_path, assertion.languages)
+            glob_ok = True
+            if assertion.applicability and assertion.applicability.glob:
+                glob_ok = matches_glob(
+                    file_path,
+                    assertion.applicability.glob,
+                    assertion.applicability.exclude,
+                )
+            overall = lang_ok and glob_ok
+            result = "APPLICABLE" if overall else "NOT APPLICABLE"
+            print(f"  Result: {result}")
+            return 0
+
+    print(f"Rule '{rule_id}' not found.")
+    return 1
+
+
 # --- Hooks commands ---
 
 PRECOMMIT_HOOK_SCRIPT = """\
@@ -1526,6 +1661,38 @@ def main() -> int:
         help="Project path (default: current directory)"
     )
 
+    # === assertions command ===
+    assertions_parser = subparsers.add_parser("assertions", help="Manage pattern assertions")
+    assertions_sub = assertions_parser.add_subparsers(dest="assertions_command")
+
+    # assertions validate
+    assertions_sub.add_parser("validate", help="Validate assertion files")
+
+    # assertions list
+    assertions_sub.add_parser("list", help="List assertion files from all sources")
+
+    # assertions test
+    assertions_test_parser = assertions_sub.add_parser(
+        "test",
+        help="Test assertions against a file"
+    )
+    assertions_test_parser.add_argument("file", help="File to test")
+
+    # assertions explain
+    assertions_explain_parser = assertions_sub.add_parser(
+        "explain",
+        help="Explain what a rule does"
+    )
+    assertions_explain_parser.add_argument("rule", help="Rule ID to explain")
+
+    # assertions debug
+    assertions_debug_parser = assertions_sub.add_parser(
+        "debug",
+        help="Debug applicability for a rule and file"
+    )
+    assertions_debug_parser.add_argument("--rule", "-r", required=True, help="Rule ID")
+    assertions_debug_parser.add_argument("--file", "-f", required=True, help="File to check")
+
     # === ci command ===
     ci_parser = subparsers.add_parser(
         "ci",
@@ -1593,6 +1760,20 @@ def main() -> int:
         else:
             hooks_parser.print_help()
             return 0
+    elif args.command == "assertions":
+        if args.assertions_command == "validate":
+            return cmd_assertions_validate(args)
+        elif args.assertions_command == "list":
+            return cmd_assertions_list(args)
+        elif args.assertions_command == "test":
+            return cmd_assertions_test(args)
+        elif args.assertions_command == "explain":
+            return cmd_assertions_explain(args)
+        elif args.assertions_command == "debug":
+            return cmd_assertions_debug(args)
+        else:
+            assertions_parser.print_help()
+            return 0
     elif args.command == "review":
         return cmd_review(args)
     elif args.command == "pre-commit":
@@ -1619,6 +1800,12 @@ def main() -> int:
         print("  crucible hooks uninstall        Remove pre-commit hook")
         print("  crucible hooks status           Show hook installation status")
         print()
+        print("  crucible assertions list        List assertion files from all sources")
+        print("  crucible assertions validate    Validate assertion files")
+        print("  crucible assertions test <file> Test assertions against a file")
+        print("  crucible assertions explain <r> Explain what a rule does")
+        print("  crucible assertions debug       Debug applicability for a rule")
+        print()
         print("  crucible review                 Review git changes")
         print("    --mode <mode>                 staged/unstaged/branch/commits (default: staged)")
         print("    --base <ref>                  Base branch or commit count")

crucible/enforcement/__init__.py

@@ -0,0 +1,40 @@
+"""Enforcement module for pattern assertions and applicability checking."""
+
+from crucible.enforcement.assertions import (
+    get_all_assertion_files,
+    load_assertion_file,
+    load_assertions,
+    resolve_assertion_file,
+)
+from crucible.enforcement.models import (
+    Assertion,
+    AssertionFile,
+    AssertionType,
+    PatternMatch,
+    Priority,
+    Suppression,
+)
+from crucible.enforcement.patterns import (
+    find_pattern_matches,
+    parse_suppressions,
+    run_pattern_assertions,
+)
+
+__all__ = [
+    # Models
+    "Assertion",
+    "AssertionFile",
+    "AssertionType",
+    "PatternMatch",
+    "Priority",
+    "Suppression",
+    # Assertions
+    "get_all_assertion_files",
+    "load_assertion_file",
+    "load_assertions",
+    "resolve_assertion_file",
+    # Patterns
+    "find_pattern_matches",
+    "parse_suppressions",
+    "run_pattern_assertions",
+]