gdmcode 0.1.0__py3-none-any.whl

src/integrations/github_actions.py

@@ -0,0 +1,106 @@
+"""GitHub Actions integration — post review comments on PRs."""
+from __future__ import annotations
+
+import json
+import os
+import urllib.error
+import urllib.request
+from dataclasses import dataclass
+
+_GH_API = "https://api.github.com"
+
+
+@dataclass
+class PRReviewComment:
+    body: str
+    path: str | None = None
+    line: int | None = None
+
+
+class GitHubActionsClient:
+    """Post review comments to GitHub PRs using the GH REST API."""
+
+    def __init__(self, token: str | None = None, repo: str | None = None):
+        self._token = token or os.environ.get("GITHUB_TOKEN", "")
+        self._repo = repo or os.environ.get("GITHUB_REPOSITORY", "")
+
+    # ------------------------------------------------------------------
+    # Public API
+    # ------------------------------------------------------------------
+
+    def post_pr_comment(self, pr_number: int, body: str) -> bool:
+        """Post a general comment on a PR. Returns True on success."""
+        if not self._token or not self._repo:
+            return False
+        url = f"{_GH_API}/repos/{self._repo}/issues/{pr_number}/comments"
+        payload = json.dumps({"body": body}).encode()
+        req = self._build_request(url, data=payload, method="POST")
+        return self._send(req)
+
+    def post_review(
+        self,
+        pr_number: int,
+        comments: list[PRReviewComment],
+        summary: str,
+    ) -> bool:
+        """Post a full review with inline comments."""
+        if not self._token or not self._repo:
+            return False
+        url = f"{_GH_API}/repos/{self._repo}/pulls/{pr_number}/reviews"
+        inline = []
+        for c in comments:
+            item: dict[str, object] = {"body": c.body}
+            if c.path is not None:
+                item["path"] = c.path
+            if c.line is not None:
+                item["line"] = c.line
+            inline.append(item)
+        payload = json.dumps(
+            {"body": summary, "event": "COMMENT", "comments": inline}
+        ).encode()
+        req = self._build_request(url, data=payload, method="POST")
+        return self._send(req)
+
+    def get_pr_diff(self, pr_number: int) -> str:
+        """Fetch the unified diff for a PR."""
+        if not self._token or not self._repo:
+            return ""
+        url = f"{_GH_API}/repos/{self._repo}/pulls/{pr_number}"
+        req = self._build_request(url)
+        req.add_header("Accept", "application/vnd.github.diff")
+        try:
+            with urllib.request.urlopen(req) as resp:
+                return resp.read().decode("utf-8", errors="replace")
+        except (urllib.error.HTTPError, urllib.error.URLError, OSError):
+            return ""
+
+    @staticmethod
+    def is_ci_environment() -> bool:
+        """Return True when running inside GitHub Actions."""
+        return os.environ.get("GITHUB_ACTIONS") == "true"
+
+    # ------------------------------------------------------------------
+    # Helpers
+    # ------------------------------------------------------------------
+
+    def _build_request(
+        self,
+        url: str,
+        *,
+        data: bytes | None = None,
+        method: str = "GET",
+    ) -> urllib.request.Request:
+        req = urllib.request.Request(url, data=data, method=method)
+        req.add_header("Authorization", f"Bearer {self._token}")
+        req.add_header("Accept", "application/vnd.github+json")
+        req.add_header("X-GitHub-Api-Version", "2022-11-28")
+        if data is not None:
+            req.add_header("Content-Type", "application/json")
+        return req
+
+    def _send(self, req: urllib.request.Request) -> bool:
+        try:
+            with urllib.request.urlopen(req) as resp:
+                return resp.status in (200, 201)
+        except (urllib.error.HTTPError, urllib.error.URLError, OSError):
+            return False

src/integrations/mcp_server.py

@@ -0,0 +1,333 @@
+"""MCP server -- exposes gdm tools via Model Context Protocol (stdio transport).
+
+Protocol reference: https://spec.modelcontextprotocol.io/
+Transport: newline-delimited JSON-RPC 2.0 over stdin/stdout.
+"""
+from __future__ import annotations
+
+import json
+import sys
+from dataclasses import dataclass, field
+from typing import Any, Callable
+
+__all__ = ["MCPServer", "MCPTool", "MCPResource"]
+
+# ---------------------------------------------------------------------------
+# Data structures
+# ---------------------------------------------------------------------------
+
+@dataclass
+class MCPTool:
+    name: str
+    description: str
+    input_schema: dict
+    handler: Callable[..., Any]
+
+
+@dataclass
+class MCPResource:
+    uri: str
+    name: str
+    description: str
+    mime_type: str = "text/plain"
+    reader: Callable[[], str] = field(default_factory=lambda: (lambda: ""))
+
+
+# ---------------------------------------------------------------------------
+# JSON-RPC error codes (MCP-compatible subset)
+# ---------------------------------------------------------------------------
+
+_PARSE_ERROR      = -32700
+_INVALID_REQUEST  = -32600
+_METHOD_NOT_FOUND = -32601
+_INVALID_PARAMS   = -32602
+_INTERNAL_ERROR   = -32603
+
+
+# ---------------------------------------------------------------------------
+# MCPServer
+# ---------------------------------------------------------------------------
+
+class MCPServer:
+    """Minimal MCP server with stdio transport."""
+
+    def __init__(self, name: str = "gdm-code", version: str = "0.1.0") -> None:
+        self._name = name
+        self._version = version
+        self._tools: dict[str, MCPTool] = {}
+        self._resources: dict[str, MCPResource] = {}
+
+    def register_tool(self, tool: MCPTool) -> None:
+        self._tools[tool.name] = tool
+
+    def register_resource(self, resource: MCPResource) -> None:
+        self._resources[resource.uri] = resource
+
+    def handle_message(self, msg: dict) -> dict | None:
+        """Route a JSON-RPC message and return a response dict.
+
+        Returns None for notifications (messages without an id field).
+        """
+        msg_id = msg.get("id")
+        method = msg.get("method")
+
+        if not method:
+            if msg_id is None:
+                return None
+            return self._make_error(msg_id, _INVALID_REQUEST, "Missing 'method'")
+
+        is_notification = msg_id is None
+        params = msg.get("params") or {}
+
+        try:
+            result = self._dispatch(method, params)
+        except _MCPError as exc:
+            if is_notification:
+                return None
+            return self._make_error(msg_id, exc.code, exc.message)
+        except Exception as exc:  # noqa: BLE001
+            if is_notification:
+                return None
+            return self._make_error(msg_id, _INTERNAL_ERROR, str(exc))
+
+        if is_notification:
+            return None
+        return self._make_result(msg_id, result)
+
+    def _dispatch(self, method: str, params: dict) -> Any:
+        match method:
+            case "initialize":
+                return self._handle_initialize(params)
+            case "tools/list":
+                return self._handle_tools_list()
+            case "tools/call":
+                return self._handle_tools_call(params)
+            case "resources/list":
+                return self._handle_resources_list()
+            case "resources/read":
+                return self._handle_resources_read(params)
+            case _:
+                raise _MCPError(_METHOD_NOT_FOUND, f"Method not found: {method!r}")
+
+    def _handle_initialize(self, params: dict) -> dict:
+        return {
+            "protocolVersion": "2024-11-05",
+            "serverInfo": {"name": self._name, "version": self._version},
+            "capabilities": {"tools": {}, "resources": {}},
+        }
+
+    def _handle_tools_list(self) -> dict:
+        return {
+            "tools": [
+                {"name": t.name, "description": t.description, "inputSchema": t.input_schema}
+                for t in self._tools.values()
+            ]
+        }
+
+    def _handle_tools_call(self, params: dict) -> dict:
+        tool_name = params.get("name")
+        if not tool_name:
+            raise _MCPError(_INVALID_PARAMS, "Missing 'name' in tools/call params")
+        tool = self._tools.get(tool_name)
+        if tool is None:
+            raise _MCPError(_METHOD_NOT_FOUND, f"Unknown tool: {tool_name!r}")
+        arguments = params.get("arguments") or {}
+        try:
+            result = tool.handler(**arguments)
+        except Exception as exc:  # noqa: BLE001
+            return {"isError": True, "content": [{"type": "text", "text": str(exc)}]}
+        text = result if isinstance(result, str) else json.dumps(result)
+        return {"isError": False, "content": [{"type": "text", "text": text}]}
+
+    def _handle_resources_list(self) -> dict:
+        return {
+            "resources": [
+                {"uri": r.uri, "name": r.name, "description": r.description, "mimeType": r.mime_type}
+                for r in self._resources.values()
+            ]
+        }
+
+    def _handle_resources_read(self, params: dict) -> dict:
+        uri = params.get("uri")
+        if not uri:
+            raise _MCPError(_INVALID_PARAMS, "Missing 'uri' in resources/read params")
+        resource = self._resources.get(uri)
+        if resource is None:
+            raise _MCPError(_METHOD_NOT_FOUND, f"Unknown resource URI: {uri!r}")
+        try:
+            content = resource.reader()
+        except Exception as exc:  # noqa: BLE001
+            raise _MCPError(_INTERNAL_ERROR, f"Resource read error: {exc}") from exc
+        return {"contents": [{"uri": uri, "mimeType": resource.mime_type, "text": content}]}
+
+    def run(self) -> None:
+        """Read newline-delimited JSON from stdin; write responses to stdout."""
+        for raw_line in sys.stdin:
+            raw_line = raw_line.strip()
+            if not raw_line:
+                continue
+            try:
+                msg = json.loads(raw_line)
+            except json.JSONDecodeError as exc:
+                resp = self._make_error(None, _PARSE_ERROR, f"Parse error: {exc}")
+                self._write(resp)
+                continue
+            response = self.handle_message(msg)
+            if response is not None:
+                self._write(response)
+
+    def _write(self, obj: dict) -> None:
+        sys.stdout.write(json.dumps(obj) + "\n")
+        sys.stdout.flush()
+
+    def _make_error(self, id: Any, code: int, message: str) -> dict:
+        return {"jsonrpc": "2.0", "id": id, "error": {"code": code, "message": message}}
+
+    def _make_result(self, id: Any, result: Any) -> dict:
+        return {"jsonrpc": "2.0", "id": id, "result": result}
+
+
+# ---------------------------------------------------------------------------
+# Internal exception for structured error propagation
+# ---------------------------------------------------------------------------
+
+class _MCPError(Exception):
+    def __init__(self, code: int, message: str) -> None:
+        super().__init__(message)
+        self.code = code
+        self.message = message
+
+
+# ---------------------------------------------------------------------------
+# Default gdm tool handlers
+# ---------------------------------------------------------------------------
+
+def _make_read_file_handler() -> Callable[[str], str]:
+    from pathlib import Path
+
+    def _read_file(path: str) -> str:
+        p = Path(path)
+        if not p.exists():
+            raise FileNotFoundError(f"File not found: {path}")
+        return p.read_text(encoding="utf-8", errors="replace")
+
+    return _read_file
+
+
+def _make_write_file_handler() -> Callable[[str, str], str]:
+    from pathlib import Path
+
+    def _write_file(path: str, content: str) -> str:
+        p = Path(path)
+        p.parent.mkdir(parents=True, exist_ok=True)
+        p.write_text(content, encoding="utf-8")
+        return f"Written {len(content)} bytes to {path}"
+
+    return _write_file
+
+
+def _make_run_shell_handler() -> Callable[[str], str]:
+    import subprocess
+
+    def _run_shell(command: str) -> str:
+        result = subprocess.run(command, shell=True, capture_output=True, text=True, timeout=60)
+        out = result.stdout
+        if result.stderr:
+            out += "\n[stderr]\n" + result.stderr
+        return out or f"(exit code {result.returncode})"
+
+    return _run_shell
+
+
+def _make_search_code_handler() -> Callable[[str, str], str]:
+    import subprocess
+    from pathlib import Path
+
+    def _search_code(pattern: str, path: str = ".") -> str:
+        try:
+            result = subprocess.run(
+                ["rg", "--line-number", "--no-heading", pattern, path],
+                capture_output=True, text=True, timeout=30,
+            )
+            return result.stdout or "(no matches)"
+        except FileNotFoundError:
+            import re
+            matches: list[str] = []
+            root = Path(path)
+            try:
+                rx = re.compile(pattern)
+            except re.error as exc:
+                return f"Invalid pattern: {exc}"
+            for fp in root.rglob("*"):
+                if not fp.is_file():
+                    continue
+                try:
+                    for i, line in enumerate(fp.read_text(encoding="utf-8", errors="ignore").splitlines(), 1):
+                        if rx.search(line):
+                            matches.append(f"{fp}:{i}:{line}")
+                            if len(matches) >= 500:
+                                break
+                except OSError:
+                    continue
+                if len(matches) >= 500:
+                    break
+            return "\n".join(matches) or "(no matches)"
+
+    return _search_code
+
+
+def build_default_server() -> MCPServer:
+    """Return an MCPServer pre-loaded with the standard gdm tools."""
+    server = MCPServer()
+
+    server.register_tool(MCPTool(
+        name="read_file",
+        description="Read the contents of a file from the project.",
+        input_schema={
+            "type": "object",
+            "properties": {"path": {"type": "string", "description": "Path to the file to read."}},
+            "required": ["path"],
+        },
+        handler=_make_read_file_handler(),
+    ))
+
+    server.register_tool(MCPTool(
+        name="write_file",
+        description="Write content to a file (creates or overwrites).",
+        input_schema={
+            "type": "object",
+            "properties": {
+                "path": {"type": "string", "description": "Destination file path."},
+                "content": {"type": "string", "description": "File content to write."},
+            },
+            "required": ["path", "content"],
+        },
+        handler=_make_write_file_handler(),
+    ))
+
+    server.register_tool(MCPTool(
+        name="run_shell",
+        description="Run a shell command and return its output.",
+        input_schema={
+            "type": "object",
+            "properties": {"command": {"type": "string", "description": "Shell command to execute."}},
+            "required": ["command"],
+        },
+        handler=_make_run_shell_handler(),
+    ))
+
+    server.register_tool(MCPTool(
+        name="search_code",
+        description="Search the codebase for a regex pattern using ripgrep.",
+        input_schema={
+            "type": "object",
+            "properties": {
+                "pattern": {"type": "string", "description": "Regex pattern to search for."},
+                "path": {"type": "string", "description": "Root directory to search (default: '.').", "default": "."},
+            },
+            "required": ["pattern"],
+        },
+        handler=_make_search_code_handler(),
+    ))
+
+    return server

src/integrations/sentry_integration.py

@@ -0,0 +1,100 @@
+"""Sentry webhook payload parsing and task building for gdm."""
+from __future__ import annotations
+
+import datetime
+import hashlib
+import hmac
+import json
+from dataclasses import dataclass, field
+from pathlib import Path
+from typing import Optional
+
+REQUIRED_FIELDS = frozenset({"action", "data", "installation"})
+KNOWN_ACTIONS = frozenset({"triggered"})
+
+
+@dataclass
+class SentryFrame:
+    path: str
+    lineno: int
+    function: str
+
+
+@dataclass
+class SentryTask:
+    type: str = "fix-from-prod"
+    source: str = "sentry"
+    issue_id: str = ""
+    error_message: str = ""
+    culprit: str = ""
+    frames: list[SentryFrame] = field(default_factory=list)
+    tags: dict = field(default_factory=dict)
+    auto_fix: bool = True
+    created_at: str = ""
+    reopen: bool = False
+
+
+class SentryPayloadParser:
+    def __init__(self, repo_root: Path = None):
+        self.repo_root = (repo_root or Path.cwd()).resolve()
+
+    def validate_payload(self, raw: dict, quarantine_dir: Path = None) -> dict:
+        """Validate envelope. Quarantine unknown actions. Raise ValueError on missing fields."""
+        missing = REQUIRED_FIELDS - raw.keys()
+        if missing:
+            raise ValueError(f"Missing fields: {missing}")
+        if raw["action"] not in KNOWN_ACTIONS:
+            if quarantine_dir:
+                quarantine_dir.mkdir(parents=True, exist_ok=True)
+                ts = datetime.datetime.utcnow().strftime("%Y%m%d%H%M%S%f")
+                (quarantine_dir / f"sentry-{ts}.json").write_text(json.dumps(raw))
+            raise ValueError(f"Unknown action: {raw['action']}")
+        return raw
+
+    def resolve_frame_path(self, frame: dict) -> Optional[Path]:
+        """Resolve frame path to repo-relative path. Returns None if outside repo or nonexistent."""
+        raw = frame.get("filename") or frame.get("abs_path", "")
+        if not raw:
+            return None
+        try:
+            candidate = (self.repo_root / raw).resolve()
+            if not candidate.is_relative_to(self.repo_root):
+                return None
+            # Note: in tests we don't require the file to exist on disk
+            return candidate.relative_to(self.repo_root)
+        except (ValueError, OSError):
+            return None
+
+    def extract_frames(self, data: dict) -> list[SentryFrame]:
+        """Extract and sanitize frames from Sentry event data."""
+        frames = []
+        event = data.get("data", {}).get("event", {})
+        exc = event.get("exception", {}).get("values", [])
+        for exc_val in exc:
+            for frame in exc_val.get("stacktrace", {}).get("frames", []):
+                resolved = self.resolve_frame_path(frame)
+                if resolved:
+                    frames.append(SentryFrame(
+                        path=str(resolved),
+                        lineno=frame.get("lineno", 0),
+                        function=frame.get("function", ""),
+                    ))
+        return frames
+
+
+class SentryTaskBuilder:
+    def build(self, payload: dict, frames: list[SentryFrame], auto_fix: bool = True) -> SentryTask:
+        event = payload.get("data", {}).get("event", {})
+        issue_id = str(
+            event.get("issue", {}).get("id", "")
+            or payload.get("data", {}).get("issue", {}).get("id", "unknown")
+        )
+        return SentryTask(
+            issue_id=issue_id,
+            error_message=event.get("title", event.get("message", "")),
+            culprit=event.get("culprit", ""),
+            frames=frames,
+            tags=event.get("tags", {}),
+            auto_fix=auto_fix,
+            created_at=datetime.datetime.utcnow().isoformat() + "Z",
+        )

src/integrations/sentry_server.py

@@ -0,0 +1,82 @@
+"""
+FastAPI webhook server for Sentry events.
+Requires: pip install gdm-code[sentry]
+Start with: gdm sentry-server --port 9322
+"""
+from __future__ import annotations
+
+import dataclasses
+import json
+import os
+from pathlib import Path
+
+# Guard: FastAPI is optional
+try:
+    from fastapi import FastAPI, HTTPException, Request
+    from fastapi.responses import JSONResponse
+    HAS_FASTAPI = True
+except ImportError:
+    HAS_FASTAPI = False
+
+from src.integrations.sentry_integration import SentryPayloadParser, SentryTaskBuilder
+from src.integrations.webhook_security import verify_sentry_signature
+
+INBOX_DIR = Path(os.environ.get("GDM_SENTRY_INBOX", ".context-memory/inbox"))
+QUARANTINE_DIR = Path(".context-memory/quarantine")
+
+
+def _get_secret() -> str:
+    return os.environ.get("SENTRY_WEBHOOK_SECRET", "")
+
+
+def create_app():
+    if not HAS_FASTAPI:
+        raise ImportError("FastAPI not installed. Run: pip install gdm-code[sentry]")
+
+    app = FastAPI(title="gdm Sentry Webhook")
+    parser = SentryPayloadParser()
+    builder = SentryTaskBuilder()
+
+    @app.post("/webhook")
+    async def webhook(request: Request):
+        body = await request.body()
+        secret = _get_secret()
+        sig = request.headers.get("sentry-hook-signature", "")
+
+        if not verify_sentry_signature(body, sig, secret):
+            raise HTTPException(status_code=403, detail="Invalid signature")
+
+        raw = json.loads(body)
+
+        try:
+            payload = parser.validate_payload(raw, quarantine_dir=QUARANTINE_DIR)
+        except ValueError as e:
+            return JSONResponse({"status": "quarantined", "detail": str(e)}, status_code=200)
+
+        event = payload.get("data", {}).get("event", {})
+        issue_id = str(event.get("issue", {}).get("id", "unknown"))
+
+        INBOX_DIR.mkdir(parents=True, exist_ok=True)
+        inbox_file = INBOX_DIR / f"sentry-{issue_id}.json"
+
+        # Deduplication
+        if inbox_file.exists():
+            return JSONResponse({"status": "duplicate", "issue_id": issue_id})
+
+        frames = parser.extract_frames(payload)
+        auto_fix = os.environ.get("GDM_SENTRY_AUTO_FIX", "true").lower() == "true"
+        task = builder.build(payload, frames, auto_fix=auto_fix)
+
+        inbox_file.write_text(json.dumps(dataclasses.asdict(task), indent=2))
+
+        return JSONResponse({"status": "enqueued", "issue_id": issue_id})
+
+    return app
+
+
+app = create_app() if HAS_FASTAPI else None
+
+
+def main(port: int = 9322):
+    import uvicorn
+    uvicorn.run(create_app(), host="127.0.0.1", port=port)

src/integrations/webhook_security.py

@@ -0,0 +1,19 @@
+"""HMAC signature verification helpers for webhook integrations."""
+from __future__ import annotations
+
+import hashlib
+import hmac
+
+
+def verify_github_signature(payload: bytes, header: str, secret: str) -> bool:
+    """Verify GitHub webhook HMAC-SHA256 signature."""
+    expected = "sha256=" + hmac.new(secret.encode(), payload, hashlib.sha256).hexdigest()
+    return hmac.compare_digest(expected, header)
+
+
+def verify_sentry_signature(payload: bytes, header: str, secret: str) -> bool:
+    """Verify Sentry webhook HMAC-SHA256 signature (constant-time)."""
+    if not header:
+        return False
+    expected = hmac.new(secret.encode(), payload, hashlib.sha256).hexdigest()
+    return hmac.compare_digest(expected, header)

src/main.py

@@ -0,0 +1,27 @@
+"""CLI entry point for gdm code.
+
+All subcommands live in src/cli.py. This thin shim calls the app so
+pyproject.toml's `gdm = "src.main:main"` script works.
+"""
+from __future__ import annotations
+
+from importlib.metadata import version as _pkg_version, PackageNotFoundError
+
+from src.cli import app
+
+
+def _get_version() -> str:
+    try:
+        return _pkg_version("gdm-code")
+    except PackageNotFoundError:
+        from src import __version__
+        return __version__
+
+
+def main() -> None:
+    """Entry point for the `gdm` CLI command."""
+    app()
+
+
+if __name__ == "__main__":
+    main()