gdmcode 0.1.0__py3-none-any.whl

src/artifacts/artifact_store.py

@@ -0,0 +1,456 @@
+"""ArtifactStore — persist, version, and search complex agent outputs.
+
+Artifact types: diagram, report, plan, coverage, diff, custom.
+
+All mutations are wrapped in explicit SQLite transactions.
+ArtifactStore is deliberately a thin wrapper around GdmDatabase, following
+the same internal pattern as GdmDatabase typed methods (direct _conn access
+under _lock) rather than using the auto-committing execute() helper.
+"""
+from __future__ import annotations
+
+import difflib
+import hashlib
+import re
+import uuid
+from dataclasses import dataclass, field
+from datetime import datetime, timezone
+from typing import TYPE_CHECKING, Any
+
+if TYPE_CHECKING:
+    import sqlite3 as _sqlite3
+    from src.memory.db import GdmDatabase
+
+__all__ = [
+    "Artifact",
+    "ArtifactDiff",
+    "ArtifactNotFoundError",
+    "ArtifactStore",
+    "ArtifactVersion",
+]
+
+# ---------------------------------------------------------------------------
+# Secret redaction patterns
+# ---------------------------------------------------------------------------
+
+_SECRET_PATTERNS: list[tuple[re.Pattern[str], str]] = [
+    (re.compile(r"xai-[A-Za-z0-9]{32,}"),          "[REDACTED:xai-key]"),
+    (re.compile(r"sk-[A-Za-z0-9]{40,}"),            "[REDACTED:openai-key]"),
+    (re.compile(r"AIza[A-Za-z0-9\-_]{35}"),         "[REDACTED:gcp-key]"),
+    (re.compile(r"ghp_[A-Za-z0-9]{36}"),            "[REDACTED:gh-token]"),
+    (re.compile(r"(?i)(password\s*[:=]\s*)\S+"),    r"\1[REDACTED]"),
+]
+
+_VALID_TYPES = frozenset({"diagram", "report", "plan", "coverage", "diff", "custom"})
+_VALID_VISIBILITY = frozenset({"private", "project", "public"})
+
+
+def _redact_secrets(text: str) -> str:
+    for pattern, replacement in _SECRET_PATTERNS:
+        text = pattern.sub(replacement, text)
+    return text
+
+
+def _render_html(artifact: "Artifact", content: str) -> str:
+    import html as _html
+    escaped = _html.escape(content)
+    return (
+        f"<!DOCTYPE html><html><head>"
+        f"<title>{_html.escape(artifact.name)}</title>"
+        f"</head><body><pre>{escaped}</pre></body></html>"
+    )
+
+
+# ---------------------------------------------------------------------------
+# Data classes
+# ---------------------------------------------------------------------------
+
+
+@dataclass
+class ArtifactVersion:
+    version_id: str
+    artifact_id: str
+    version_num: int
+    content: str
+    content_hash: str
+    byte_size: int
+    event_id: str | None
+    created_at: str
+
+
+@dataclass
+class Artifact:
+    artifact_id: str
+    name: str
+    type: str
+    description: str | None
+    session_id: str | None
+    created_at: str
+    updated_at: str
+    visibility: str
+    # Latest version fields (populated by queries that JOIN artifact_versions)
+    version_id: str = ""
+    version_num: int = 1
+    content: str = ""
+    content_hash: str = ""
+    byte_size: int = 0
+    event_id: str | None = None
+    version_ts: str = ""
+
+    @classmethod
+    def from_row(cls, row: "_sqlite3.Row") -> "Artifact":
+        d = dict(row)
+        return cls(
+            artifact_id=d["artifact_id"],
+            name=d["name"],
+            type=d["type"],
+            description=d.get("description"),
+            session_id=d.get("session_id"),
+            created_at=d["created_at"],
+            updated_at=d["updated_at"],
+            visibility=d.get("visibility", "private"),
+            version_id=d.get("version_id", ""),
+            version_num=d.get("version_num", 1),
+            content=d.get("content", ""),
+            content_hash=d.get("content_hash", ""),
+            byte_size=d.get("byte_size", 0),
+            event_id=d.get("event_id"),
+            version_ts=d.get("version_ts", ""),
+        )
+
+
+@dataclass
+class ArtifactDiff:
+    artifact_a: Artifact
+    artifact_b: Artifact
+    unified_diff: str
+
+
+class ArtifactNotFoundError(KeyError):
+    pass
+
+
+# ---------------------------------------------------------------------------
+# ArtifactStore
+# ---------------------------------------------------------------------------
+
+
+class ArtifactStore:
+    """Persist, version, and search structured artifact outputs.
+
+    Example::
+
+        store = ArtifactStore(db)
+        art = store.save("arch-diagram", "diagram", "```mermaid\\n...```")
+        art2 = store.get("arch-diagram")      # by name
+        diff = store.diff(art.artifact_id, art2.artifact_id)
+        results = store.search("mermaid")
+        raw = store.export(art.artifact_id)
+    """
+
+    def __init__(self, db: "GdmDatabase") -> None:
+        self._db = db
+
+    # ------------------------------------------------------------------
+    # Save (create or version)
+    # ------------------------------------------------------------------
+
+    def save(
+        self,
+        name: str,
+        type: str,
+        content: str,
+        *,
+        description: str | None = None,
+        session_id: str | None = None,
+        event_id: str | None = None,
+        links: list[dict[str, str]] | None = None,
+        visibility: str = "private",
+    ) -> "Artifact":
+        """Create or add a new version of an artifact.
+
+        If an artifact with *name* already exists, a new version row is added.
+        Returns the Artifact populated with the new version's fields.
+
+        Args:
+            name: human-readable slug (unique across the DB)
+            type: one of diagram / report / plan / coverage / diff / custom
+            content: artifact body text
+            description: optional summary
+            session_id: originating session
+            event_id: which turn event produced this version
+            links: list of {link_type, ref_value} dicts
+            visibility: private | project | public
+        """
+        if type not in _VALID_TYPES:
+            raise ValueError(f"Invalid artifact type {type!r}. Choose from: {sorted(_VALID_TYPES)}")
+        if visibility not in _VALID_VISIBILITY:
+            raise ValueError(f"Invalid visibility {visibility!r}.")
+
+        content_hash = hashlib.sha256(content.encode()).hexdigest()
+        now = datetime.now(timezone.utc).isoformat()
+
+        with self._db._lock:
+            conn = self._db._conn
+            try:
+                conn.execute("BEGIN")
+
+                # Upsert artifact metadata
+                row = conn.execute(
+                    "SELECT artifact_id FROM artifacts WHERE name=?", (name,)
+                ).fetchone()
+                if row:
+                    artifact_id = row["artifact_id"]
+                    conn.execute(
+                        "UPDATE artifacts SET type=?, description=?, updated_at=?"
+                        " WHERE artifact_id=?",
+                        (type, description, now, artifact_id),
+                    )
+                else:
+                    artifact_id = str(uuid.uuid4())
+                    conn.execute(
+                        "INSERT INTO artifacts"
+                        " (artifact_id, name, type, description, session_id, visibility)"
+                        " VALUES (?, ?, ?, ?, ?, ?)",
+                        (artifact_id, name, type, description, session_id, visibility),
+                    )
+
+                # Next version number
+                vrow = conn.execute(
+                    "SELECT COALESCE(MAX(version_num), 0) AS v"
+                    " FROM artifact_versions WHERE artifact_id=?",
+                    (artifact_id,),
+                ).fetchone()
+                next_v = (vrow["v"] if vrow else 0) + 1
+                version_id = str(uuid.uuid4())
+
+                conn.execute(
+                    "INSERT INTO artifact_versions"
+                    " (version_id, artifact_id, version_num, content,"
+                    "  content_hash, byte_size, event_id)"
+                    " VALUES (?, ?, ?, ?, ?, ?, ?)",
+                    (
+                        version_id,
+                        artifact_id,
+                        next_v,
+                        content,
+                        content_hash,
+                        len(content.encode()),
+                        event_id,
+                    ),
+                )
+
+                for link in links or []:
+                    conn.execute(
+                        "INSERT INTO artifact_links (artifact_id, link_type, ref_value)"
+                        " VALUES (?, ?, ?)",
+                        (artifact_id, link["link_type"], link["ref_value"]),
+                    )
+
+                conn.commit()
+            except Exception:
+                try:
+                    conn.execute("ROLLBACK")
+                except Exception:
+                    pass
+                raise
+
+        return self.get(artifact_id)
+
+    # ------------------------------------------------------------------
+    # Get
+    # ------------------------------------------------------------------
+
+    def get(self, artifact_id_or_name: str) -> "Artifact":
+        """Return the artifact (with latest version content) by ID or name.
+
+        Raises:
+            ArtifactNotFoundError: if no artifact matches.
+        """
+        row = self._db.execute_one(
+            """
+            SELECT a.*, av.version_id, av.version_num, av.content, av.content_hash,
+                   av.byte_size, av.event_id, av.created_at AS version_ts
+            FROM artifacts a
+            JOIN artifact_versions av ON av.artifact_id = a.artifact_id
+            WHERE (a.artifact_id=? OR a.name=?)
+            ORDER BY av.version_num DESC LIMIT 1
+            """,
+            (artifact_id_or_name, artifact_id_or_name),
+        )
+        if row is None:
+            raise ArtifactNotFoundError(
+                f"No artifact found: {artifact_id_or_name!r}"
+            )
+        return Artifact.from_row(row)
+
+    # ------------------------------------------------------------------
+    # List
+    # ------------------------------------------------------------------
+
+    def list(
+        self,
+        *,
+        type: str | None = None,
+        session_id: str | None = None,
+        limit: int = 50,
+    ) -> list["Artifact"]:
+        """List artifacts (latest version of each) with optional filters."""
+        where_clauses: list[str] = []
+        params: list[Any] = []
+        if type:
+            where_clauses.append("a.type=?")
+            params.append(type)
+        if session_id:
+            where_clauses.append("a.session_id=?")
+            params.append(session_id)
+        clause = ("WHERE " + " AND ".join(where_clauses)) if where_clauses else ""
+        rows = self._db.execute_all(
+            f"""
+            SELECT a.*, av.version_num, av.content, av.content_hash,
+                   av.byte_size, av.event_id, av.created_at AS version_ts
+            FROM artifacts a
+            JOIN artifact_versions av ON av.artifact_id = a.artifact_id
+                AND av.version_num = (
+                    SELECT MAX(v2.version_num)
+                    FROM artifact_versions v2
+                    WHERE v2.artifact_id = a.artifact_id
+                )
+            {clause}
+            ORDER BY a.updated_at DESC LIMIT ?
+            """,
+            tuple(params) + (limit,),
+        )
+        return [Artifact.from_row(r) for r in rows]
+
+    # ------------------------------------------------------------------
+    # Diff
+    # ------------------------------------------------------------------
+
+    def diff(self, artifact_id_a: str, artifact_id_b: str) -> "ArtifactDiff":
+        """Return a unified diff of two artifacts' latest versions.
+
+        Raises:
+            TypeError: if the two artifacts have different types.
+        """
+        a = self.get(artifact_id_a)
+        b = self.get(artifact_id_b)
+        if a.type != b.type:
+            raise TypeError(
+                f"Cannot diff artifacts of different types: "
+                f"{a.name!r} is {a.type!r} but {b.name!r} is {b.type!r}. "
+                f"Use 'raw' export to compare content manually."
+            )
+        lines_a = a.content.splitlines(keepends=True)
+        lines_b = b.content.splitlines(keepends=True)
+        unified = "".join(
+            difflib.unified_diff(
+                lines_a,
+                lines_b,
+                fromfile=f"{a.name} v{a.version_num}",
+                tofile=f"{b.name} v{b.version_num}",
+            )
+        )
+        return ArtifactDiff(artifact_a=a, artifact_b=b, unified_diff=unified)
+
+    # ------------------------------------------------------------------
+    # Search (FTS5)
+    # ------------------------------------------------------------------
+
+    def search(self, query: str, limit: int = 20) -> list["Artifact"]:
+        """Full-text search across artifact name, description, and content.
+
+        Returns an empty list when no results match (never raises).
+        """
+        try:
+            # Sanitize query for FTS5: special chars like '-' are FTS5 operators
+            # (e.g. auth-architecture = "auth NOT architecture"). Wrap in phrase.
+            if re.search(r"[^\w\s]", query):
+                fts_query = '"' + query.replace('"', '""') + '"'
+            else:
+                fts_query = query
+            rows = self._db.execute_all(
+                """
+                SELECT a.*, av.version_num, av.content, av.content_hash,
+                       av.byte_size, av.event_id, av.created_at AS version_ts
+                FROM artifact_fts fts
+                JOIN artifact_versions av ON av.rowid = fts.rowid
+                JOIN artifacts a ON a.artifact_id = av.artifact_id
+                WHERE artifact_fts MATCH ?
+                ORDER BY rank LIMIT ?
+                """,
+                (fts_query, limit),
+            )
+        except Exception:
+            return []
+        return [Artifact.from_row(r) for r in rows]
+
+    # ------------------------------------------------------------------
+    # Export
+    # ------------------------------------------------------------------
+
+    def export(
+        self,
+        artifact_id: str,
+        fmt: str = "raw",
+        *,
+        redact_secrets: bool = True,
+    ) -> str:
+        """Export artifact content with provenance header.
+
+        Args:
+            artifact_id: stable artifact UUID or name
+            fmt: "raw" (default) or "html"
+            redact_secrets: scan content for secret patterns (default True)
+
+        Raises:
+            ValueError: if fmt is not "raw" or "html".
+        """
+        artifact = self.get(artifact_id)
+        content = artifact.content
+        if redact_secrets:
+            content = _redact_secrets(content)
+
+        now_iso = datetime.now(timezone.utc).isoformat(timespec="seconds")
+        provenance = (
+            f"# gdm artifact export\n"
+            f"# artifact_id: {artifact.artifact_id}\n"
+            f"# name:        {artifact.name}\n"
+            f"# type:        {artifact.type}\n"
+            f"# version:     {artifact.version_num}\n"
+            f"# session:     {artifact.session_id or 'n/a'}\n"
+            f"# exported_at: {now_iso}\n"
+            f"# redacted:    {str(redact_secrets).lower()}\n"
+        )
+
+        if fmt == "raw":
+            return provenance + "\n" + content
+        if fmt == "html":
+            return _render_html(artifact, provenance + "\n" + content)
+        raise ValueError(f"Unknown export format {fmt!r}. Use 'raw' or 'html'.")
+
+    # ------------------------------------------------------------------
+    # Helpers
+    # ------------------------------------------------------------------
+
+    def version_history(self, artifact_id_or_name: str) -> list["ArtifactVersion"]:
+        """Return all versions of an artifact ordered oldest-first."""
+        art = self.get(artifact_id_or_name)
+        rows = self._db.execute_all(
+            "SELECT * FROM artifact_versions"
+            " WHERE artifact_id=? ORDER BY version_num ASC",
+            (art.artifact_id,),
+        )
+        return [
+            ArtifactVersion(
+                version_id=r["version_id"],
+                artifact_id=r["artifact_id"],
+                version_num=r["version_num"],
+                content=r["content"],
+                content_hash=r["content_hash"],
+                byte_size=r["byte_size"],
+                event_id=r["event_id"],
+                created_at=r["created_at"],
+            )
+            for r in rows
+        ]

src/artifacts/verification_graph.py

@@ -0,0 +1,75 @@
+"""Verification evidence graph for edit confidence."""
+from __future__ import annotations
+import dataclasses
+from enum import Enum
+from typing import TYPE_CHECKING, Any
+if TYPE_CHECKING:
+    from src.memory.db import GdmDatabase
+
+class EvidenceKind(str, Enum):
+    TEST = "TEST"; LINT = "LINT"; TYPE_CHECK = "TYPE_CHECK"; REVIEW = "REVIEW"
+    RUN = "RUN"; SECURITY = "SECURITY"; PERF = "PERF"; COVERAGE = "COVERAGE"
+
+class Verdict(str, Enum):
+    PASS = "PASS"; FAIL = "FAIL"; SKIPPED = "SKIPPED"; PENDING = "PENDING"; WARNING = "WARNING"
+
+_DEFAULT_REQUIRED: frozenset = frozenset({EvidenceKind.TEST, EvidenceKind.LINT})
+_SAFE: frozenset = frozenset({Verdict.PASS, Verdict.SKIPPED})
+
+@dataclasses.dataclass
+class EditNode:
+    node_id: str; session_id: str; turn_index: int; file_path: str; patch_ref: Any; created_at: Any
+
+@dataclasses.dataclass
+class EvidenceNode:
+    evidence_id: str; node_id: str; kind: EvidenceKind; verdict: Verdict
+    detail: Any; tool: str | None; duration_ms: int | None; created_at: Any
+
+class VerificationGraph:
+    def __init__(self, db: "GdmDatabase") -> None:
+        self._db = db
+
+    def add_edit(self, session_id, turn_index, file_path, *, patch_ref=None, depends_on=None):
+        n = self._db.add_edit_node(session_id=session_id, turn_index=turn_index,
+                                    file_path=file_path, patch_ref=patch_ref)
+        if depends_on:
+            seen: set = set()
+            for pid in depends_on:
+                if pid not in seen:
+                    self._db.add_graph_edge(pid, n.node_id); seen.add(pid)
+        return n
+
+    def add_evidence(self, node_id, kind, verdict, *, detail=None, tool=None, duration_ms=None):
+        return self._db.add_evidence_node(node_id=node_id, kind=kind, verdict=verdict,
+                                           detail=detail, tool=tool, duration_ms=duration_ms)
+
+    def verdict_summary(self, node_id):
+        latest = {}
+        for ev in self._db.get_evidence_for_node(node_id):
+            latest[ev.kind] = ev.verdict
+        return {k: latest.get(k, Verdict.PENDING) for k in EvidenceKind}
+
+    def is_safe_to_build_on(self, node_id, required_kinds=None):
+        rk = required_kinds if required_kinds is not None else _DEFAULT_REQUIRED
+        s = self.verdict_summary(node_id)
+        return all(s.get(k, Verdict.PENDING) in _SAFE for k in rk)
+
+    def check_edit_preconditions(self, session_id, file_path, required_kinds=None):
+        return [n.node_id
+                for n in self._db.get_edit_nodes_for_session_file(session_id, file_path)
+                if not self.is_safe_to_build_on(n.node_id, required_kinds=required_kinds)]
+
+    def invalidate_dependents(self, node_id, reason=None):
+        detail = {"reason": reason} if reason else {"source": node_id}
+        visited, queue, affected = {node_id}, [node_id], []
+        while queue:
+            for dep in self._db.get_dependents(queue.pop()):
+                if dep not in visited:
+                    visited.add(dep)
+                    self._db.add_evidence_node(node_id=dep, kind=EvidenceKind.TEST,
+                                               verdict=Verdict.FAIL, detail=detail)
+                    affected.append(dep); queue.append(dep)
+        return affected
+
+    def get_node(self, node_id):
+        return self._db.get_edit_node(node_id)