falsegreen-robot 0.1.0__tar.gz

falsegreen_robot-0.1.0/.github/workflows/ci.yml

@@ -0,0 +1,28 @@
+name: ci
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.9", "3.11", "3.13"]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+      - name: Lint
+        run: ruff check src tests
+      - name: Test
+        run: pytest -q
+      - name: Self-scan (must not error)
+        run: python -m falsegreen_robot src tests

falsegreen_robot-0.1.0/.github/workflows/release.yml

@@ -0,0 +1,47 @@
+name: release
+
+# Builds the package and publishes it to PyPI via Trusted Publishing (OIDC).
+# No API token: the publish job exchanges a short-lived OIDC identity with PyPI.
+# Fires on a published GitHub release, or manually for an existing tag.
+#
+# One-time setup (see RELEASE notes): on PyPI add a Trusted Publisher for project
+# `falsegreen-robot` (owner vinicq, repo falsegreen-robot, workflow release.yml,
+# environment pypi); create a GitHub environment named `pypi`.
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.13"
+      - name: Build sdist and wheel
+        run: |
+          python -m pip install --upgrade build
+          python -m build
+      - uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+  publish:
+    needs: build
+    runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      id-token: write   # OIDC trusted publishing
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+      - uses: pypa/gh-action-pypi-publish@release/v1

falsegreen_robot-0.1.0/.gitignore

@@ -0,0 +1,17 @@
+__pycache__/
+*.py[cod]
+.pytest_cache/
+.ruff_cache/
+.mypy_cache/
+*.egg-info/
+build/
+dist/
+.venv/
+venv/
+.env
+output.xml
+log.html
+report.html
+
+# pointer to private audit hub - never commit
+CLAUDE.local.md

falsegreen_robot-0.1.0/CHANGELOG.md

@@ -0,0 +1,34 @@
+# Changelog
+
+All notable changes to this project are documented here. The format is based on
+[Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to
+[Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [0.1.0] - 2026-06-22
+
+### Added
+
+- `.resource` files and `*** Keywords ***` definitions are now scanned (in both `.robot`
+  and `.resource`). New code R2: a user keyword named like a verifier (Verify/Assert/Should)
+  whose body contains no verification — a hollow oracle, the root cause of missed C2b.
+  Call-level smells (C5/C7/C16) are also detected inside user keywords.
+- Three groups (`false-positive` / `diagnostic` / `coupling`), like the sibling scanners.
+  Opt-in maintainability group (default off, `--diagnostics`): D2 (control flow at the
+  test/task level), M2 (too many steps).
+- RPA support: scans `*** Tasks ***` in addition to `*** Test Cases ***`.
+- Initial release. Deterministic static scanner for false-positive Robot Framework
+  tests, built on the official `robot.api.get_model` parser (no execution).
+- Detection codes: C2 (empty test), C2b (no verification keyword), C3 (swallowed
+  `Run Keyword And Ignore Error`/`Return Status`), C5 (always-true), C7 (self-compare),
+  C16 (`Sleep` as synchronization), C21 (conditional-only verification), C32 (skipped), R1 (Pass Execution forced green). C3 also covers native TRY/EXCEPT swallow. Codes share ids with the sibling
+  scanners where the concept matches.
+- Verification-keyword recognition across libraries: the `Should` convention plus
+  SeleniumLibrary/AppiumLibrary, Browser's assertion engine (`Get ... == expected`),
+  RESTinstance schema keywords, DatabaseLibrary, RequestsLibrary, and custom
+  `Verify*`/`Assert*`/`Validate*`/`Check *` keywords.
+- CLI: paths, `--json`, `--disable`, `--version`. Exit codes 0/10/20.
+
+[Unreleased]: https://github.com/vinicq/falsegreen-robot/compare/v0.1.0...HEAD
+[0.1.0]: https://github.com/vinicq/falsegreen-robot/releases/tag/v0.1.0

falsegreen_robot-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Vinicius Queiroz
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

falsegreen_robot-0.1.0/PKG-INFO

@@ -0,0 +1,116 @@
+Metadata-Version: 2.4
+Name: falsegreen-robot
+Version: 0.1.0
+Summary: Find Robot Framework tests that pass green without protecting anything: tests with no verification keyword, swallowed failures, always-true checks. Deterministic static scan, sibling of falsegreen (Python) and falsegreen-js (JS/TS).
+Project-URL: Homepage, https://github.com/vinicq/falsegreen-robot
+Project-URL: Issues, https://github.com/vinicq/falsegreen-robot/issues
+Author: Vinicius Queiroz
+License-Expression: MIT
+License-File: LICENSE
+Keywords: code-quality,false-positive,robot-framework,robotframework,static-analysis,test-smells,testing
+Classifier: Development Status :: 3 - Alpha
+Classifier: Framework :: Robot Framework
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Software Development :: Quality Assurance
+Classifier: Topic :: Software Development :: Testing
+Requires-Python: >=3.8
+Requires-Dist: robotframework>=4.0
+Provides-Extra: dev
+Requires-Dist: pytest>=7; extra == 'dev'
+Requires-Dist: ruff>=0.5; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# falsegreen-robot
+
+**One problem, one tool: the false positive.** falsegreen-robot finds Robot Framework
+tests that pass green without protecting anything - tests that let broken behavior
+through because no keyword verifies anything, the failure is swallowed, the check is
+always true, or the test is skipped.
+
+Deterministic static scan over the official Robot Framework parser
+(`robot.api.get_model`) - no execution. Sibling of
+[falsegreen](https://github.com/vinicq/falsegreen) (Python/pytest) and
+[falsegreen-js](https://github.com/vinicq/falsegreen-js) (JS/TS). The semantic,
+intent-based pass lives in [falsegreen-skill](https://github.com/vinicq/falsegreen-skill).
+
+## Why
+
+A green Robot suite is not proof of correctness. A test case can run keywords and never
+call a verification keyword; a `Run Keyword And Ignore Error` can absorb the failure; a
+`Should Be True    ${TRUE}` can never fail. This tool flags the patterns a parser can
+prove, before they reach review.
+
+## Install
+
+```bash
+pip install falsegreen-robot
+```
+
+## Usage
+
+```bash
+falsegreen-robot                  # scan cwd
+falsegreen-robot tests/           # scan a path
+falsegreen-robot --json           # machine-readable output
+falsegreen-robot --disable C16    # turn off specific codes
+```
+
+Exit code: `0` clean, `10` low-confidence only, `20` high-confidence present. Wire exit
+`20` into CI to block the merge.
+
+## What it detects
+
+The oracle in Robot is the **verification keyword**. The scanner recognizes them across
+libraries (the `Should` convention plus library-specific forms: SeleniumLibrary
+`Element Should Be Visible`, Browser's assertion engine `Get Text  sel  ==  expected`,
+RESTinstance schema keywords, DatabaseLibrary `Row Count Should Be Equal`, custom
+`Verify*`/`Assert*` keywords). A test with none of them verifies nothing.
+
+| Code | Confidence | What it flags |
+|---|---|---|
+| C2  | high | empty test case (no keywords run) |
+| C2b | low  | runs keywords but no verification keyword (no oracle) |
+| C3  | high | `Run Keyword And Ignore Error`/`Return Status` swallows the failure, status never asserted |
+| C5  | high | always-true (`Should Be True  ${TRUE}`, `Should Be Equal` with equal literals) |
+| C7  | high | self-compare (`Should Be Equal  ${x}  ${x}`) |
+| C16 | low  | `Sleep` used as synchronization (timing dependence) |
+| C21 | low  | verification only runs conditionally (inside `IF` / `Run Keyword If`) — it may never execute |
+| C32 | low  | skipped test (`robot:skip` / `Skip`) |
+| R1  | high | `Pass Execution` forces the test green regardless of any check |
+| R2  | low  | user keyword named like a verifier (`Verify`/`Assert`/`Should`...) but its body verifies nothing — a hollow oracle |
+
+Scans `*** Test Cases ***`, `*** Tasks ***` (RPA), and `*** Keywords ***` definitions in
+both `.robot` and `.resource` files. R2 catches the root cause of a missed C2b: a test
+calls `Verify Login` and looks protected, but that keyword never asserts anything.
+
+### Opt-in: maintainability group (default off)
+
+Not false-green - the test still verifies - so off by default. Enable with `--diagnostics`.
+Three groups, mirroring `falsegreen` and `falsegreen-js`: `false-positive` (C*/R*, on),
+`diagnostic` (D*, opt-in), `coupling` (M*, opt-in).
+
+| Code | Group | What it flags |
+|---|---|---|
+| D2 | diagnostic | control flow (`IF`/`FOR`/`WHILE`/`TRY`) at the test/task level (the guide advises against it) |
+| M2 | coupling | test/task with too many steps (guide suggests max ~10) |
+
+```bash
+falsegreen-robot --diagnostics    # include D*/M* as warnings
+```
+
+Codes share ids with the sibling scanners where the concept matches (C2/C2b/C3/C5/C7/C16/C21/C32).
+A Browser `Get` keyword with no assertion operator is a plain getter, so a test whose only
+step is `Get Text  h1` surfaces as no-verification (C2b).
+
+## Scope and honesty
+
+Static scan: it owns what the keyword structure proves. It does not run the suite, so it
+cannot see runtime-only smells (Test Run War, order dependence across suites). Whether the
+expected value contradicts the intended behavior is semantic and belongs to
+`falsegreen-skill`. Precision over recall: `C2b` is low-confidence because a custom keyword
+may assert internally without `Should` in its name.
+
+## License
+
+MIT, Vinicius Queiroz.

falsegreen_robot-0.1.0/README.md

@@ -0,0 +1,93 @@
+# falsegreen-robot
+
+**One problem, one tool: the false positive.** falsegreen-robot finds Robot Framework
+tests that pass green without protecting anything - tests that let broken behavior
+through because no keyword verifies anything, the failure is swallowed, the check is
+always true, or the test is skipped.
+
+Deterministic static scan over the official Robot Framework parser
+(`robot.api.get_model`) - no execution. Sibling of
+[falsegreen](https://github.com/vinicq/falsegreen) (Python/pytest) and
+[falsegreen-js](https://github.com/vinicq/falsegreen-js) (JS/TS). The semantic,
+intent-based pass lives in [falsegreen-skill](https://github.com/vinicq/falsegreen-skill).
+
+## Why
+
+A green Robot suite is not proof of correctness. A test case can run keywords and never
+call a verification keyword; a `Run Keyword And Ignore Error` can absorb the failure; a
+`Should Be True    ${TRUE}` can never fail. This tool flags the patterns a parser can
+prove, before they reach review.
+
+## Install
+
+```bash
+pip install falsegreen-robot
+```
+
+## Usage
+
+```bash
+falsegreen-robot                  # scan cwd
+falsegreen-robot tests/           # scan a path
+falsegreen-robot --json           # machine-readable output
+falsegreen-robot --disable C16    # turn off specific codes
+```
+
+Exit code: `0` clean, `10` low-confidence only, `20` high-confidence present. Wire exit
+`20` into CI to block the merge.
+
+## What it detects
+
+The oracle in Robot is the **verification keyword**. The scanner recognizes them across
+libraries (the `Should` convention plus library-specific forms: SeleniumLibrary
+`Element Should Be Visible`, Browser's assertion engine `Get Text  sel  ==  expected`,
+RESTinstance schema keywords, DatabaseLibrary `Row Count Should Be Equal`, custom
+`Verify*`/`Assert*` keywords). A test with none of them verifies nothing.
+
+| Code | Confidence | What it flags |
+|---|---|---|
+| C2  | high | empty test case (no keywords run) |
+| C2b | low  | runs keywords but no verification keyword (no oracle) |
+| C3  | high | `Run Keyword And Ignore Error`/`Return Status` swallows the failure, status never asserted |
+| C5  | high | always-true (`Should Be True  ${TRUE}`, `Should Be Equal` with equal literals) |
+| C7  | high | self-compare (`Should Be Equal  ${x}  ${x}`) |
+| C16 | low  | `Sleep` used as synchronization (timing dependence) |
+| C21 | low  | verification only runs conditionally (inside `IF` / `Run Keyword If`) — it may never execute |
+| C32 | low  | skipped test (`robot:skip` / `Skip`) |
+| R1  | high | `Pass Execution` forces the test green regardless of any check |
+| R2  | low  | user keyword named like a verifier (`Verify`/`Assert`/`Should`...) but its body verifies nothing — a hollow oracle |
+
+Scans `*** Test Cases ***`, `*** Tasks ***` (RPA), and `*** Keywords ***` definitions in
+both `.robot` and `.resource` files. R2 catches the root cause of a missed C2b: a test
+calls `Verify Login` and looks protected, but that keyword never asserts anything.
+
+### Opt-in: maintainability group (default off)
+
+Not false-green - the test still verifies - so off by default. Enable with `--diagnostics`.
+Three groups, mirroring `falsegreen` and `falsegreen-js`: `false-positive` (C*/R*, on),
+`diagnostic` (D*, opt-in), `coupling` (M*, opt-in).
+
+| Code | Group | What it flags |
+|---|---|---|
+| D2 | diagnostic | control flow (`IF`/`FOR`/`WHILE`/`TRY`) at the test/task level (the guide advises against it) |
+| M2 | coupling | test/task with too many steps (guide suggests max ~10) |
+
+```bash
+falsegreen-robot --diagnostics    # include D*/M* as warnings
+```
+
+Codes share ids with the sibling scanners where the concept matches (C2/C2b/C3/C5/C7/C16/C21/C32).
+A Browser `Get` keyword with no assertion operator is a plain getter, so a test whose only
+step is `Get Text  h1` surfaces as no-verification (C2b).
+
+## Scope and honesty
+
+Static scan: it owns what the keyword structure proves. It does not run the suite, so it
+cannot see runtime-only smells (Test Run War, order dependence across suites). Whether the
+expected value contradicts the intended behavior is semantic and belongs to
+`falsegreen-skill`. Precision over recall: `C2b` is low-confidence because a custom keyword
+may assert internally without `Should` in its name.
+
+## License
+
+MIT, Vinicius Queiroz.

falsegreen_robot-0.1.0/pyproject.toml

@@ -0,0 +1,39 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "falsegreen-robot"
+version = "0.1.0"
+description = "Find Robot Framework tests that pass green without protecting anything: tests with no verification keyword, swallowed failures, always-true checks. Deterministic static scan, sibling of falsegreen (Python) and falsegreen-js (JS/TS)."
+readme = "README.md"
+requires-python = ">=3.8"
+license = "MIT"
+license-files = ["LICENSE"]
+authors = [{ name = "Vinicius Queiroz" }]
+keywords = ["robot-framework", "robotframework", "testing", "test-smells", "false-positive", "static-analysis", "code-quality"]
+classifiers = [
+    "Development Status :: 3 - Alpha",
+    "Framework :: Robot Framework",
+    "Intended Audience :: Developers",
+    "Programming Language :: Python :: 3",
+    "Topic :: Software Development :: Quality Assurance",
+    "Topic :: Software Development :: Testing",
+]
+dependencies = ["robotframework>=4.0"]
+
+[project.optional-dependencies]
+dev = ["pytest>=7", "ruff>=0.5"]
+
+[project.urls]
+Homepage = "https://github.com/vinicq/falsegreen-robot"
+Issues = "https://github.com/vinicq/falsegreen-robot/issues"
+
+[project.scripts]
+falsegreen-robot = "falsegreen_robot.scanner:main"
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/falsegreen_robot"]
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]

falsegreen_robot-0.1.0/src/falsegreen_robot/__init__.py

@@ -0,0 +1,3 @@
+from .scanner import main, scan, analyze_file, CASES, __version__
+
+__all__ = ["main", "scan", "analyze_file", "CASES", "__version__"]

falsegreen_robot-0.1.0/src/falsegreen_robot/__main__.py

@@ -0,0 +1,6 @@
+import sys
+
+from .scanner import main
+
+if __name__ == "__main__":
+    sys.exit(main())

falsegreen_robot-0.1.0/src/falsegreen_robot/scanner.py

@@ -0,0 +1,408 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""
+falsegreen-robot: deterministic false-positive scanner for Robot Framework tests.
+
+Parses .robot files with the official Robot Framework parser (robot.api.get_model)
+- no execution - and flags test cases that pass green without protecting anything:
+a test with no verification keyword, a swallowed Run Keyword And Ignore Error, an
+always-true Should Be True ${TRUE}, a self-compare, Sleep used as a wait, a skipped
+test. Sibling of falsegreen (Python/pytest) and falsegreen-js (JS/TS).
+
+Output: readable text (default) or JSON (--json).
+Exit: 0 clean, 10 low-confidence only, 20 high-confidence present.
+"""
+import argparse
+import json
+import os
+import sys
+
+__version__ = "0.1.0"
+TOOL_URI = "https://github.com/vinicq/falsegreen-robot"
+
+# --- case catalog. code -> (title, confidence, judgment J1-J6) -------------
+JUDGMENTS = {
+    "J1": "does the verification run?",
+    "J2": "is the oracle independent of the code?",
+    "J4": "does it check enough, and the right thing?",
+    "J5": "is it coupled / hard to maintain?",
+}
+CASES = {
+    "C2":  ("empty test case (no keywords run)", "high", "J1"),
+    "C2b": ("runs keywords but no verification keyword (no oracle)", "low", "J1"),
+    "C3":  ("Run Keyword And Ignore Error/Return Status swallows the failure and the status is never asserted", "high", "J1"),
+    "C5":  ("always-true check (Should Be True ${TRUE} / Should Be Equal with equal literals)", "high", "J2"),
+    "C7":  ("self-compare (Should Be Equal ${x} ${x})", "high", "J2"),
+    "C16": ("Sleep used as synchronization (result depends on timing)", "low", "J1"),
+    "C21": ("verification only runs conditionally (inside IF / Run Keyword If) — it may never execute", "low", "J1"),
+    "C32": ("skipped test (robot:skip / Skip) never runs", "low", "J1"),
+    "R1":  ("Pass Execution forces the test to pass regardless of any check (forced green)", "high", "J1"),
+    "R2":  ("user keyword named like a verifier (Verify/Assert/Should...) but its body contains no verification — a hollow oracle", "low", "J1"),
+    # --- diagnostic group (maintainability; default off, opt-in via --diagnostics) ---
+    "D2":  ("control flow (IF/FOR/WHILE/TRY) at the test/task level — the guide advises against it", "off", "J4"),
+    # --- coupling group (structure; default off, opt-in) ----------------------
+    "M2":  ("test/task has too many steps (the guide suggests max ~10)", "off", "J5"),
+}
+
+# Default thresholds for the opt-in groups (overridable later via config).
+DIAGNOSTIC_THRESHOLDS = {"long_test_steps": 10}
+
+
+def group_of(code):
+    """false-positive (C*/R*) / diagnostic (D*) / coupling (M*) — mirrors the siblings."""
+    if code.startswith("D"):
+        return "diagnostic"
+    if code.startswith("M"):
+        return "coupling"
+    return "false-positive"
+
+# --- verification vocabulary (the oracle), across Robot libraries ----------
+# Dominant convention: the word "Should". Plus library-specific forms.
+REST_SCHEMA = {"Integer", "Number", "String", "Boolean", "Object", "Array", "Null", "Missing"}
+BROWSER_OPS = {"==", "!=", "contains", "not contains", "validate", "matches",
+               ">", "<", ">=", "<=", "*=", "^=", "$=", "then"}
+VERIFY_PREFIXES = ("verify", "assert", "validate", "check ")
+SWALLOW_KEYWORDS = {"run keyword and ignore error", "run keyword and return status"}
+
+
+def _norm(name):
+    return (name or "").strip().lower()
+
+
+def is_verification(keyword, args):
+    """True if this keyword call verifies an expected result (is an oracle)."""
+    if keyword is None:
+        return False
+    n = _norm(keyword)
+    if "should" in n:
+        return True                              # BuiltIn/Collections/String/Selenium/...
+    if keyword in REST_SCHEMA:
+        return True                              # RESTinstance schema assertions
+    if n.startswith(VERIFY_PREFIXES):
+        return True                              # custom Verify*/Assert*/Validate*/Check *
+    if n.startswith("wait until") and any(w in n for w in ("contain", "visible", "present")):
+        return True                              # Selenium/Appium waits that fail on timeout
+    if n.startswith("get ") and any(a in BROWSER_OPS for a in (args or ())):
+        return True                              # Browser assertion engine: Get ... == expected
+    return False
+
+
+def is_swallow(keyword):
+    return _norm(keyword) in SWALLOW_KEYWORDS
+
+
+def _looks_constant_true(arg):
+    return _norm(arg) in ("${true}", "true", "1", "${1}")
+
+
+# --- AST walk over the Robot model -----------------------------------------
+def _keyword_calls(node):
+    """Yield every KeywordCall in a block, descending into IF/FOR/TRY/WHILE."""
+    for item in getattr(node, "body", None) or []:
+        cls = type(item).__name__
+        if cls == "KeywordCall":
+            yield item
+        if hasattr(item, "body"):
+            yield from _keyword_calls(item)
+
+
+def _top_level_keyword_calls(testcase):
+    """KeywordCalls directly in the test body (not nested in IF/FOR/TRY/WHILE)."""
+    return [i for i in (getattr(testcase, "body", None) or [])
+            if type(i).__name__ == "KeywordCall"]
+
+
+def _has_control_block(testcase):
+    return any(type(i).__name__ in ("If", "For", "While", "Try")
+               for i in (getattr(testcase, "body", None) or []))
+
+
+def _rkif_verifies(call):
+    """A `Run Keyword If`/`Unless` whose arguments name a verification keyword -
+    that is a conditional verification (may not run)."""
+    if _norm(getattr(call, "keyword", None)) in ("run keyword if", "run keyword unless"):
+        return any("should" in _norm(a) for a in (getattr(call, "args", None) or ()))
+    return False
+
+
+def _try_blocks(node):
+    """Yield native TRY blocks (RF 5+) anywhere in the test body."""
+    for item in getattr(node, "body", None) or []:
+        if type(item).__name__ == "Try" and _norm(getattr(item, "type", "")) == "try":
+            yield item
+        if hasattr(item, "body"):
+            yield from _try_blocks(item)
+
+
+def _except_swallows(try_node):
+    """True if any EXCEPT branch of this TRY swallows the failure: its body has no
+    Fail, no verification keyword, and no re-raise - only logging / no-op / empty."""
+    branch = getattr(try_node, "next", None)
+    while branch is not None:
+        if _norm(getattr(branch, "type", "")) == "except":
+            harmless = True
+            for st in getattr(branch, "body", None) or []:
+                if type(st).__name__ != "KeywordCall":
+                    continue
+                kw = _norm(st.keyword)
+                if kw in ("fail", "fatal error") or "should" in kw or kw.startswith(VERIFY_PREFIXES):
+                    harmless = False
+                    break
+            if harmless:
+                return True
+        branch = getattr(branch, "next", None)
+    return False
+
+
+def _try_body_has_keyword(try_node):
+    return any(type(st).__name__ == "KeywordCall" for st in (getattr(try_node, "body", None) or []))
+
+
+def _tags(testcase):
+    tags = []
+    for item in getattr(testcase, "body", None) or []:
+        if type(item).__name__ == "Tags":
+            tags += [str(v) for v in getattr(item, "values", []) or []]
+    return tags
+
+
+class Finding:
+    __slots__ = ("file", "line", "test", "code", "detail")
+
+    def __init__(self, file, line, test, code, detail=""):
+        self.file = file
+        self.line = line
+        self.test = test
+        self.code = code
+        self.detail = detail
+
+    def dict(self):
+        title, conf, judg = CASES[self.code]
+        return {"file": self.file, "line": self.line, "test": self.test,
+                "code": self.code, "confidence": conf, "judgment": judg,
+                "title": title, "detail": self.detail}
+
+
+def _name_implies_verification(name):
+    """A user-keyword name that promises to verify. 'Check' is excluded - it often
+    names a getter that returns a status for the caller to assert."""
+    n = _norm(name)
+    return "should" in n or n.startswith(("verify", "assert", "validate"))
+
+
+def _call_level_smells(file, owner, calls, findings):
+    """Per-call false-green checks shared by test cases, tasks, and user keywords:
+    C5 (always-true), C7 (self-compare), C16 (Sleep). Returns whether any keyword
+    call verifies something."""
+    has_verification = False
+    for c in calls:
+        kw, args = c.keyword, list(getattr(c, "args", []) or [])
+        ln = getattr(c, "lineno", 0) or 0
+        if _norm(kw) == "should be true" and args and _looks_constant_true(args[0]):
+            findings.append(Finding(file, ln, owner, "C5", "Should Be True on a constant"))
+            has_verification = True
+            continue
+        if _norm(kw) == "should be equal" and len(args) >= 2:
+            if args[0] == args[1]:
+                code = "C7" if args[0].startswith("${") else "C5"
+                findings.append(Finding(file, ln, owner, code, "both sides are identical"))
+            has_verification = True
+            continue
+        if _norm(kw) == "sleep":
+            findings.append(Finding(file, ln, owner, "C16"))
+        if is_verification(kw, args) or _rkif_verifies(c):
+            has_verification = True
+    return has_verification
+
+
+def analyze_keyword(file, kw, findings):
+    """Analyze a User Keyword definition (.robot Keywords section or .resource).
+    Flags call-level smells inside the body, and R2 when the keyword is named like a
+    verifier but verifies nothing (a hollow oracle used by tests)."""
+    name = getattr(kw, "name", "") or ""
+    line = getattr(kw, "lineno", 0) or 0
+    calls = list(_keyword_calls(kw))
+    has_verification = _call_level_smells(file, name, calls, findings)
+    if _name_implies_verification(name) and not has_verification:
+        findings.append(Finding(file, line, name, "R2"))
+
+
+def analyze_testcase(file, tc, findings):
+    name = getattr(tc, "name", "") or ""
+    line = getattr(tc, "lineno", 0) or 0
+    calls = list(_keyword_calls(tc))
+    tags = [_norm(t) for t in _tags(tc)]
+
+    # C32: skipped
+    if any("robot:skip" in t for t in tags) or any(_norm(c.keyword) in ("skip",) for c in calls):
+        findings.append(Finding(file, line, name, "C32"))
+        return
+
+    # R1: Pass Execution at the top level forces the test green regardless of checks
+    if any(_norm(c.keyword) == "pass execution" for c in _top_level_keyword_calls(tc)):
+        findings.append(Finding(file, line, name, "R1"))
+        return
+
+    # C2: empty (no keyword calls at all)
+    if not calls:
+        findings.append(Finding(file, line, name, "C2"))
+        return
+
+    has_verification = _call_level_smells(file, name, calls, findings)
+
+    # diagnostic/coupling group (off by default; emitted always, filtered in scan)
+    if _has_control_block(tc):
+        findings.append(Finding(file, line, name, "D2"))
+    if len(calls) > DIAGNOSTIC_THRESHOLDS["long_test_steps"]:
+        findings.append(Finding(file, line, name, "M2", "%d steps" % len(calls)))
+
+    # C3: native TRY/EXCEPT whose EXCEPT swallows the failure
+    for tb in _try_blocks(tc):
+        if _try_body_has_keyword(tb) and _except_swallows(tb):
+            findings.append(Finding(file, getattr(tb, "lineno", line), name, "C3",
+                                    "TRY failure is swallowed by EXCEPT"))
+            return
+
+    # C3: swallow without an asserted status
+    if not has_verification and any(is_swallow(c.keyword) for c in calls):
+        findings.append(Finding(file, line, name, "C3"))
+        return
+
+    # C2b: keywords ran but nothing verified
+    if not has_verification:
+        findings.append(Finding(file, line, name, "C2b"))
+        return
+
+    # C21: a verification exists, but none runs unconditionally — the only
+    # verification lives inside an IF/FOR block or a Run Keyword If. The guide is
+    # explicit: no if/else/for at the test-case level.
+    top = _top_level_keyword_calls(tc)
+    has_unconditional = any(
+        is_verification(c.keyword, list(getattr(c, "args", []) or []))
+        for c in top
+        if _norm(c.keyword) not in ("run keyword if", "run keyword unless")
+    )
+    if not has_unconditional and (_has_control_block(tc) or any(_rkif_verifies(c) for c in calls)):
+        findings.append(Finding(file, line, name, "C21"))
+
+
+def analyze_file(path):
+    findings = []
+    try:
+        from robot.api import get_model
+        from robot.parsing import ModelVisitor
+    except Exception as exc:  # pragma: no cover
+        sys.stderr.write("falsegreen-robot: robotframework is required (%s)\n" % exc)
+        return findings
+    try:
+        model = get_model(path)
+    except Exception:
+        return findings
+    self_findings = findings
+
+    class _V(ModelVisitor):
+        def visit_TestCase(self, node):
+            analyze_testcase(path, node, self_findings)
+
+        def visit_Task(self, node):  # RPA suites use *** Tasks ***, not *** Test Cases ***
+            analyze_testcase(path, node, self_findings)
+
+        def visit_Keyword(self, node):  # user keyword defs in .robot Keywords + .resource
+            analyze_keyword(path, node, self_findings)
+
+    _V().visit(model)
+    return findings
+
+
+# --- discovery + CLI -------------------------------------------------------
+IGNORED_DIRS = {".git", ".tox", "venv", ".venv", "node_modules", "results", "output"}
+
+
+def is_robot_file(path):
+    return path.endswith((".robot", ".resource"))
+
+
+def discover(paths):
+    files = []
+    for root in paths:
+        if os.path.isfile(root):
+            if is_robot_file(root):
+                files.append(root)
+            continue
+        for dirpath, dirnames, filenames in os.walk(root):
+            dirnames[:] = [d for d in dirnames if d not in IGNORED_DIRS]
+            for f in filenames:
+                if is_robot_file(f):
+                    files.append(os.path.join(dirpath, f))
+    return sorted(set(files))
+
+
+def _eff_conf(code):
+    """Effective confidence: an off-by-default (D*/M*) code shows as 'low' when enabled."""
+    c = CASES[code][1]
+    return "low" if c == "off" else c
+
+
+def scan(paths, disable=None, diagnostics=False):
+    disable = disable or set()
+    out = []
+    for f in discover(paths):
+        for finding in analyze_file(f):
+            conf = CASES[finding.code][1]
+            if finding.code in disable:
+                continue
+            if conf == "off" and not diagnostics:
+                continue
+            out.append(finding)
+    return out
+
+
+def _render_text(findings):
+    if not findings:
+        return "falsegreen-robot: no false-positive patterns found."
+    lines, high, low = [], 0, 0
+    by_file = {}
+    for f in findings:
+        by_file.setdefault(f.file, []).append(f)
+    for file, fs in by_file.items():
+        lines.append("\n" + file)
+        for f in sorted(fs, key=lambda x: x.line):
+            title = CASES[f.code][0]
+            conf = _eff_conf(f.code)
+            tag = "HIGH" if conf == "high" else "low "
+            high += conf == "high"
+            low += conf == "low"
+            lines.append("  %s %-4s L%-4d %s  %s" % (tag, f.code, f.line, f.test, title))
+            if f.detail:
+                lines.append("           " + f.detail)
+    lines.append("\n%d high, %d low. %s" % (high, low, TOOL_URI))
+    return "\n".join(lines)
+
+
+def main(argv=None):
+    p = argparse.ArgumentParser(prog="falsegreen-robot",
+                                description="Find false-positive Robot Framework tests (static).")
+    p.add_argument("paths", nargs="*", default=["."], help="files or directories (default: cwd)")
+    p.add_argument("--json", action="store_true", help="JSON output")
+    p.add_argument("--disable", default="", help="comma-separated codes to turn off")
+    p.add_argument("--diagnostics", action="store_true",
+                   help="also report the opt-in maintainability group (D*/M*)")
+    p.add_argument("--version", action="version", version=__version__)
+    args = p.parse_args(argv)
+    disable = {c.strip() for c in args.disable.split(",") if c.strip()}
+    findings = scan(args.paths or ["."], disable=disable, diagnostics=args.diagnostics)
+    if args.json:
+        print(json.dumps({"tool": "falsegreen-robot", "version": __version__,
+                          "judgments": JUDGMENTS,
+                          "findings": [f.dict() for f in findings]}, indent=2))
+    else:
+        print(_render_text(findings))
+    if any(_eff_conf(f.code) == "high" for f in findings):
+        return 20
+    if findings:
+        return 10
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main())

falsegreen_robot-0.1.0/tests/test_scanner.py

@@ -0,0 +1,282 @@
+"""Tests for falsegreen-robot. Each fixture is a tiny .robot file."""
+from falsegreen_robot.scanner import analyze_file, scan, group_of
+
+
+def codes(tmp_path, body, name="t.robot"):
+    f = tmp_path / name
+    f.write_text(body, encoding="utf-8")
+    return {x.code for x in analyze_file(str(f))}
+
+
+def test_clean_test_has_no_findings(tmp_path):
+    body = """\
+*** Test Cases ***
+Adds Two Numbers
+    ${r}=    Evaluate    2 + 2
+    Should Be Equal As Integers    ${r}    4
+"""
+    assert codes(tmp_path, body) == set()
+
+
+def test_c2_empty_test(tmp_path):
+    body = """\
+*** Test Cases ***
+Empty
+    [Documentation]    nothing here
+"""
+    assert "C2" in codes(tmp_path, body)
+
+
+def test_c2b_no_verification(tmp_path):
+    body = """\
+*** Test Cases ***
+No Oracle
+    Log    hello
+    Open Browser    http://x
+"""
+    assert "C2b" in codes(tmp_path, body)
+
+
+def test_c3_swallowed_failure(tmp_path):
+    body = """\
+*** Test Cases ***
+Swallow
+    Run Keyword And Ignore Error    Do Risky Thing
+"""
+    assert "C3" in codes(tmp_path, body)
+
+
+def test_c5_always_true(tmp_path):
+    body = """\
+*** Test Cases ***
+Tautology
+    Should Be True    ${TRUE}
+"""
+    assert "C5" in codes(tmp_path, body)
+
+
+def test_c7_self_compare(tmp_path):
+    body = """\
+*** Test Cases ***
+Self
+    Should Be Equal    ${value}    ${value}
+"""
+    assert "C7" in codes(tmp_path, body)
+
+
+def test_c16_sleep(tmp_path):
+    body = """\
+*** Test Cases ***
+Sleepy
+    Sleep    2s
+    Should Be Equal    ${a}    ${b}
+"""
+    assert "C16" in codes(tmp_path, body)
+
+
+def test_c32_skip(tmp_path):
+    body = """\
+*** Test Cases ***
+Skipped
+    [Tags]    robot:skip
+    Should Be Equal    ${a}    ${b}
+"""
+    assert "C32" in codes(tmp_path, body)
+
+
+def test_c21_verification_only_inside_if(tmp_path):
+    body = """\
+*** Test Cases ***
+Conditional Check
+    Do Something
+    IF    ${ready}
+        Should Be Equal    ${a}    ${b}
+    END
+"""
+    assert "C21" in codes(tmp_path, body)
+
+
+def test_c21_run_keyword_if_verification(tmp_path):
+    body = """\
+*** Test Cases ***
+Guarded
+    Run Keyword If    ${ready}    Should Be Equal    ${a}    ${b}
+"""
+    assert "C21" in codes(tmp_path, body)
+
+
+def test_no_c21_when_an_unconditional_verification_exists(tmp_path):
+    body = """\
+*** Test Cases ***
+Mixed
+    Should Be Equal    ${a}    ${b}
+    IF    ${ready}
+        Should Contain    ${x}    y
+    END
+"""
+    assert "C21" not in codes(tmp_path, body)
+
+
+def test_r1_pass_execution_forces_green(tmp_path):
+    body = """\
+*** Test Cases ***
+Forced
+    Pass Execution    skip the real check
+    Should Be Equal    ${a}    ${b}
+"""
+    assert "R1" in codes(tmp_path, body)
+
+
+def test_c3_native_try_except_swallows(tmp_path):
+    body = """\
+*** Test Cases ***
+Swallowed
+    TRY
+        Do Risky Thing
+        Should Be Equal    ${a}    ${b}
+    EXCEPT    AS    ${e}
+        Log    ${e}
+    END
+"""
+    assert "C3" in codes(tmp_path, body)
+
+
+def test_no_c3_when_except_reraises_with_fail(tmp_path):
+    body = """\
+*** Test Cases ***
+Proper
+    TRY
+        Do Risky Thing
+    EXCEPT    AS    ${e}
+        Fail    unexpected: ${e}
+    END
+    Should Be Equal    ${a}    ${b}
+"""
+    assert "C3" not in codes(tmp_path, body)
+
+
+def test_browser_get_without_operator_is_no_verification(tmp_path):
+    body = """\
+*** Test Cases ***
+Getter Only
+    Get Text    h1
+"""
+    assert "C2b" in codes(tmp_path, body)
+
+
+def test_browser_get_with_operator_is_clean(tmp_path):
+    body = """\
+*** Test Cases ***
+Browser Assert
+    Get Text    h1    ==    Welcome
+"""
+    assert codes(tmp_path, body) == set()
+
+
+def test_rpa_task_is_scanned(tmp_path):
+    body = """\
+*** Tasks ***
+Process Invoice
+    Open Application
+    Read Invoice Data
+"""
+    assert "C2b" in codes(tmp_path, body)  # tasks (RPA) are analyzed like test cases
+
+
+def test_d2_control_flow_diagnostic(tmp_path):
+    body = """\
+*** Test Cases ***
+Has Logic
+    Should Be Equal    ${a}    ${b}
+    IF    ${cond}
+        Log    branch
+    END
+"""
+    assert "D2" in codes(tmp_path, body)
+
+
+def test_m2_long_task(tmp_path):
+    steps = "\n".join("    Log    step %d" % i for i in range(12))
+    body = "*** Test Cases ***\nLong\n%s\n    Should Be Equal    ${a}    ${b}\n" % steps
+    assert "M2" in codes(tmp_path, body)
+
+
+def test_groups_by_prefix(tmp_path):
+    assert group_of("C2") == "false-positive"
+    assert group_of("R1") == "false-positive"
+    assert group_of("D2") == "diagnostic"
+    assert group_of("M2") == "coupling"
+
+
+def test_scan_hides_diagnostics_by_default(tmp_path):
+    body = """\
+*** Test Cases ***
+Has Logic
+    Should Be Equal    ${a}    ${b}
+    IF    ${cond}
+        Log    x
+    END
+"""
+    f = tmp_path / "s.robot"
+    f.write_text(body, encoding="utf-8")
+    off = {x.code for x in scan([str(f)])}
+    on = {x.code for x in scan([str(f)], diagnostics=True)}
+    assert "D2" not in off          # diagnostic group off by default
+    assert "D2" in on               # surfaced with --diagnostics
+
+
+def test_r2_hollow_verifier_keyword(tmp_path):
+    body = """\
+*** Keywords ***
+Verify Login Succeeded
+    Log    checking login
+    Click    id:next
+"""
+    assert "R2" in codes(tmp_path, body)
+
+
+def test_no_r2_when_verifier_keyword_asserts(tmp_path):
+    body = """\
+*** Keywords ***
+Verify Login Succeeded
+    Should Be Equal    ${status}    ok
+"""
+    assert "R2" not in codes(tmp_path, body)
+
+
+def test_action_keyword_not_flagged_as_r2(tmp_path):
+    body = """\
+*** Keywords ***
+Open The Application
+    Log    opening
+    Click    id:start
+"""
+    assert "R2" not in codes(tmp_path, body)
+
+
+def test_c5_inside_user_keyword(tmp_path):
+    body = """\
+*** Keywords ***
+Check Result
+    Should Be True    ${TRUE}
+"""
+    assert "C5" in codes(tmp_path, body)
+
+
+def test_resource_file_is_scanned(tmp_path):
+    body = """\
+*** Keywords ***
+Validate Order
+    Log    pretending to validate
+"""
+    assert "R2" in codes(tmp_path, body, name="keywords.resource")
+
+
+def test_custom_verify_keyword_counts_as_oracle(tmp_path):
+    body = """\
+*** Test Cases ***
+Delegates
+    Do Login
+    Verify Dashboard Loaded
+"""
+    assert "C2b" not in codes(tmp_path, body)