gdmcode 0.1.0__py3-none-any.whl

src/agent/review_gate.py

@@ -0,0 +1,648 @@
+"""Multi-agent review gate — uses Grok Debate model to review security-sensitive changes.
+
+Triggered automatically by the agent loop before:
+  - Multi-file changes touching auth/session/crypto/permissions/SQL/file I/O
+  - Architectural decisions (3+ files affected)
+  - After a debug loop that needed 3+ iterations
+
+Uses the Debate model tier (Grok) or Reasoner tier (other providers) for review.
+Falls back to a single-model review if the Debate model is unavailable.
+
+Output: ReviewReport (Pydantic, from src.models.schemas).
+  - CRITICAL findings: agent loop BLOCKS until resolved
+  - HIGH findings: show to user with "Fix automatically? [Y/n]"
+  - LOW findings: logged silently
+"""
+from __future__ import annotations
+
+import logging
+import subprocess
+from concurrent.futures import ThreadPoolExecutor
+from concurrent.futures import TimeoutError as FutureTimeoutError
+from concurrent.futures import as_completed
+from dataclasses import dataclass
+from pathlib import Path
+from typing import Any
+
+import openai
+
+from src.models.definitions import ModelTier, Provider, get_model
+from src.models.schemas import ReviewReport, Severity
+
+__all__ = ["ReviewGate", "ReviewTrigger", "ReviewGateResult", "DisagreementDetector",
+           "ConfidenceSignals", "aggregate_confidence"]
+
+log = logging.getLogger(__name__)
+
+_REVIEW_MAX_TOKENS: int = 1_500
+_DIFF_MAX_CHARS: int = 6_000
+
+
+# ---------------------------------------------------------------------------
+# Confidence scoring (ide-003)
+# ---------------------------------------------------------------------------
+
+@dataclass
+class ConfidenceSignals:
+    """Raw boolean signals used to compute a confidence score for a code hunk."""
+
+    tests_pass: bool
+    review_approved: bool
+    lint_clean: bool
+    no_security_findings: bool
+
+
+def aggregate_confidence(signals: ConfidenceSignals) -> int:
+    """Return a 0–100 confidence score from *signals*.
+
+    Scoring rubric:
+    - Base score: 40
+    - tests_pass: +30
+    - review_approved: +20
+    - lint_clean: +5
+    - no_security_findings: +5
+    Any combination is valid; result is always clamped to [0, 100].
+    """
+    score = 40
+    if signals.tests_pass:
+        score += 30
+    if signals.review_approved:
+        score += 20
+    if signals.lint_clean:
+        score += 5
+    if signals.no_security_findings:
+        score += 5
+    return max(0, min(100, score))
+
+
+# ---------------------------------------------------------------------------
+# Disagreement detector (cheap pre-filter — no LLM call)
+# ---------------------------------------------------------------------------
+
+class DisagreementDetector:
+    """Cheap keyword + diff-size heuristic to decide whether a full 4-agent debate is needed."""
+
+    _DEBATE_TRIGGERS: frozenset[str] = frozenset({
+        "security", "auth", "crypto", "architecture", "migration",
+        "trade-off", "tradeoff", "breaking change", "performance",
+    })
+
+    def needs_debate(self, question: str, diff_text: str) -> bool:
+        """Return True if the change warrants a full multi-agent debate."""
+        combined = (question + diff_text).lower()
+        keyword_hit = any(kw in combined for kw in self._DEBATE_TRIGGERS)
+        large_diff = len(diff_text) > 2_000
+        return keyword_hit or large_diff
+
+
+# ---------------------------------------------------------------------------
+# Trigger classification
+# ---------------------------------------------------------------------------
+
+class ReviewTrigger:
+    """Determines whether a code change should trigger a review gate."""
+
+    # File patterns / imports that flag security-sensitive code
+    _SECURITY_PATTERNS: frozenset[str] = frozenset({
+        "auth", "session", "password", "token", "secret", "crypto",
+        "permission", "sql", "query", "database", "file_io", "subprocess",
+        "exec", "eval", "pickle",
+    })
+
+    def should_review(
+        self,
+        files_changed: list[Path],
+        trigger_reason: str = "",
+    ) -> bool:
+        """Return True if this change warrants multi-agent review."""
+        if len(files_changed) >= 3:
+            return True
+        for path in files_changed:
+            name_lower = path.name.lower()
+            if any(p in name_lower for p in self._SECURITY_PATTERNS):
+                return True
+        return bool(trigger_reason)
+
+    def classify(self, files_changed: list[Path]) -> str:
+        """Return a short reason string explaining why review was triggered."""
+        if len(files_changed) >= 3:
+            return f"architectural change ({len(files_changed)} files)"
+        for path in files_changed:
+            name_lower = path.name.lower()
+            matched = [p for p in self._SECURITY_PATTERNS if p in name_lower]
+            if matched:
+                return f"security-sensitive file: {path.name} ({', '.join(matched)})"
+        return "manual trigger"
+
+
+# ---------------------------------------------------------------------------
+# Review result
+# ---------------------------------------------------------------------------
+
+@dataclass
+class ReviewGateResult:
+    """Output of a review gate run."""
+
+    report: ReviewReport
+    trigger_reason: str
+    model_used: str
+    files_reviewed: list[Path]
+
+    @property
+    def blocks_merge(self) -> bool:
+        """True if there are CRITICAL findings that must be resolved."""
+        return any(f.severity == Severity.CRITICAL for f in self.report.findings)
+
+    def critical_findings(self) -> list[str]:
+        return [
+            f.message for f in self.report.findings
+            if f.severity == Severity.CRITICAL
+        ]
+
+    def high_findings(self) -> list[str]:
+        return [
+            f.message for f in self.report.findings
+            if f.severity == Severity.HIGH
+        ]
+
+    def format_for_user(self) -> str:
+        """Rich-markup string for display in the REPL."""
+        lines: list[str] = []
+        icon = "❌" if self.blocks_merge else "⚠" if self.high_findings() else "✓"
+        lines.append(f"{icon} [bold]Review Gate:[/bold] {self.trigger_reason}")
+        for f in self.report.findings:
+            color = {
+                Severity.CRITICAL: "red",
+                Severity.HIGH: "yellow",
+                Severity.MEDIUM: "cyan",
+                Severity.LOW: "dim",
+                Severity.INFO: "dim",
+            }.get(f.severity, "white")
+            loc = f" ({f.file}:{f.line})" if f.file and f.line else ""
+            lines.append(f"  [{color}]{f.severity.value.upper()}[/{color}]{loc}: {f.message}")
+        return "\n".join(lines)
+
+
+# ---------------------------------------------------------------------------
+# ReviewGate
+# ---------------------------------------------------------------------------
+
+class ReviewGate:
+    """Runs the multi-agent review gate on a set of changes.
+
+    Uses the Debate model tier when available (Grok only).
+    Falls back to Reasoner for other providers.
+
+    Usage::
+
+        gate = ReviewGate(cfg)
+        result = gate.review(
+            files_changed=[Path("src/auth.py")],
+            diff_text="...",
+            trigger_reason="security-sensitive file: auth.py",
+        )
+        if result.blocks_merge:
+            # Surface critical findings before proceeding
+    """
+
+    def __init__(self, cfg: Any, vg: Any = None) -> None:  # cfg: GdmConfig
+        self._cfg = cfg
+        self._vg = vg
+        self._trigger = ReviewTrigger()
+        self._model = self._pick_model()
+        self._client = openai.OpenAI(
+            api_key=cfg.api_key,
+            base_url=_base_url(cfg.provider),
+        )
+
+    def review(
+        self,
+        files_changed: list[Path],
+        diff_text: str,
+        trigger_reason: str = "",
+        node_id: "str | None" = None,
+    ) -> ReviewGateResult:
+        """Run the review gate. Never raises — returns a safe result on failure."""
+        if not trigger_reason:
+            trigger_reason = self._trigger.classify(files_changed)
+
+        truncated_diff = _truncate_diff(diff_text, _DIFF_MAX_CHARS)
+        prompt = _build_review_prompt(files_changed, truncated_diff, trigger_reason)
+
+        try:
+            report = self._call_model(prompt)
+        except Exception as exc:  # noqa: BLE001
+            log.warning("Review gate failed: %s — returning empty report", exc)
+            from src.models.schemas import ReviewReport
+            report = ReviewReport(approved=True, confidence=0.5, findings=[], summary="")
+
+        return ReviewGateResult(
+            report=report,
+            trigger_reason=trigger_reason,
+            model_used=self._model.id,
+            files_reviewed=files_changed,
+        )
+
+    # run is an alias for review (backward compat)
+    run = review
+
+    def debate_adr(
+        self,
+        task_description: str,
+        planned_files: list[Path],
+    ) -> Any:  # -> ADRReport
+        """Generate an Architecture Decision Record for a large planned change."""
+        from src.models.schemas import ADRReport
+        try:
+            model_id = self._cfg.debate_model or self._model.id
+            file_list = ", ".join(str(p) for p in planned_files)
+            messages = [
+                {"role": "system", "content": _ADR_SYSTEM_PROMPT},
+                {"role": "user", "content": (
+                    f"Task: {task_description}\nFiles planned: {file_list}"
+                )},
+            ]
+            response = self._client.beta.chat.completions.parse(
+                model=model_id,
+                messages=messages,
+                response_format=ADRReport,
+                max_tokens=_REVIEW_MAX_TOKENS,
+            )
+            parsed = response.choices[0].message.parsed
+            if parsed is None:
+                raise ValueError("Model returned no parsed output")
+            return parsed
+        except Exception as exc:  # noqa: BLE001
+            log.warning("debate_adr failed: %s — returning empty report", exc)
+            return ADRReport(decision="", rationale="", alternatives_rejected=[], risks=[])
+
+    def debate_security(
+        self,
+        file_path: Path,
+        diff_text: str,
+    ) -> Any:  # -> ThreatModelReport
+        """Run security threat modeling on a changed file and its diff."""
+        from src.models.schemas import ThreatModelReport
+        try:
+            model_id = self._cfg.debate_model or self._model.id
+            truncated_diff = _truncate_diff(diff_text, _DIFF_MAX_CHARS)
+            messages = [
+                {"role": "system", "content": _SECURITY_SYSTEM_PROMPT},
+                {"role": "user", "content": (
+                    f"File: {file_path}\n\nDiff:\n```\n{truncated_diff}\n```"
+                )},
+            ]
+            response = self._client.beta.chat.completions.parse(
+                model=model_id,
+                messages=messages,
+                response_format=ThreatModelReport,
+                max_tokens=_REVIEW_MAX_TOKENS,
+            )
+            parsed = response.choices[0].message.parsed
+            if parsed is None:
+                raise ValueError("Model returned no parsed output")
+            return parsed
+        except Exception as exc:  # noqa: BLE001
+            log.warning("debate_security failed: %s — returning empty report", exc)
+            return ThreatModelReport(attack_surfaces=[], mitigations=[], severity="low")
+
+    def debate_debug(
+        self,
+        error: str,
+        attempts_history: list[str],
+    ) -> Any:  # -> DebugHypotheses
+        """Generate fresh debug hypotheses after the ensemble loop is exhausted."""
+        from src.models.schemas import DebugHypotheses
+        try:
+            model_id = self._cfg.debate_model or self._model.id
+            history_text = "\n".join(f"- {a}" for a in attempts_history)
+            messages = [
+                {"role": "system", "content": _DEBUG_SYSTEM_PROMPT},
+                {"role": "user", "content": (
+                    f"Error:\n{error}\n\nPrevious fix attempts:\n{history_text}"
+                )},
+            ]
+            response = self._client.beta.chat.completions.parse(
+                model=model_id,
+                messages=messages,
+                response_format=DebugHypotheses,
+                max_tokens=_REVIEW_MAX_TOKENS,
+            )
+            parsed = response.choices[0].message.parsed
+            if parsed is None:
+                raise ValueError("Model returned no parsed output")
+            return parsed
+        except Exception as exc:  # noqa: BLE001
+            log.warning("debate_debug failed: %s — returning empty report", exc)
+            return DebugHypotheses(
+                hypotheses=[], suggested_next_action="", dead_ends_identified=[]
+            )
+
+    def _call_model(self, prompt: str) -> ReviewReport:
+        """Call the review model using structured output (parse)."""
+        messages = [
+            {"role": "system", "content": _REVIEW_SYSTEM_PROMPT},
+            {"role": "user", "content": prompt},
+        ]
+        response = self._client.beta.chat.completions.parse(
+            model=self._model.id,
+            messages=messages,
+            response_format=ReviewReport,
+            max_tokens=_REVIEW_MAX_TOKENS,
+        )
+        parsed = response.choices[0].message.parsed
+        if parsed is None:
+            raise ValueError("Model returned no parsed output")
+        return parsed
+
+    def _pick_model(self) -> Any:  # -> ModelDef
+        """Pick review model: Debate for Grok, Reasoner for others."""
+        tier = ModelTier.DEBATE if self._cfg.provider == Provider.GROK else ModelTier.REASONER
+        return get_model(tier, self._cfg.provider)
+
+    # ------------------------------------------------------------------
+    # 4-agent debate
+    # ------------------------------------------------------------------
+
+    def run_debate(
+        self,
+        question: str,
+        context: str,
+        *,
+        agent_count: int = 4,
+        timeout_secs: float = 30.0,
+    ) -> Any:  # -> DebateReport
+        """Run a 4-agent parallel debate and return a synthesised DebateReport.
+
+        Returns a ``debate_skipped=True`` report immediately when
+        :class:`DisagreementDetector` decides no debate is needed.
+        Falls back to a single-model review when fewer than 2 agents respond.
+        """
+        from src.models.schemas import DebateReport
+
+        detector = DisagreementDetector()
+        if not detector.needs_debate(question, context):
+            return DebateReport(
+                perspectives=[],
+                consensus_points=[],
+                disagreements=[],
+                missing_evidence=[],
+                recommendation="Debate skipped — no disagreement triggers detected",
+                approved=True,
+                confidence=0.5,
+                debate_skipped=True,
+            )
+
+        from src.agent.system_prompt import (
+            _ARCHITECT_PROMPT,
+            _DEVIL_ADVOCATE_PROMPT,
+            _PERFORMANCE_PROMPT,
+            _SECURITY_PROMPT,
+        )
+
+        prompts: list[tuple[str, str]] = [
+            ("architect", _ARCHITECT_PROMPT),
+            ("security", _SECURITY_PROMPT),
+            ("performance", _PERFORMANCE_PROMPT),
+            ("devil_advocate", _DEVIL_ADVOCATE_PROMPT),
+        ][:agent_count]
+
+        user_content = f"{question}\n\nContext/Diff:\n{context}"
+        results = self._run_agents_parallel(prompts, user_content, timeout_secs=timeout_secs)
+
+        active = [r for r in results if r is not None]
+        if len(active) < 2:
+            log.warning(
+                "Only %d/%d debate agents responded — falling back to single-model review",
+                len(active),
+                len(prompts),
+            )
+            return self._single_model_review(question, context)
+
+        return self._synthesize(active)
+
+    def _run_agents_parallel(
+        self,
+        prompts: list[tuple[str, str]],
+        user_content: str,
+        timeout_secs: float = 30.0,
+    ) -> list[Any]:
+        """Submit all agent calls in parallel via ThreadPoolExecutor and collect results."""
+        results: list[Any] = [None] * len(prompts)
+        with ThreadPoolExecutor(max_workers=4) as pool:
+            futures = {
+                pool.submit(self._call_single_agent, role, sys_prompt, user_content): i
+                for i, (role, sys_prompt) in enumerate(prompts)
+            }
+            try:
+                for future in as_completed(futures, timeout=timeout_secs):
+                    i = futures[future]
+                    try:
+                        results[i] = future.result()
+                    except Exception as exc:  # noqa: BLE001
+                        log.warning(
+                            "Debate agent %d (%s) failed: %s",
+                            i,
+                            prompts[i][0],
+                            exc,
+                        )
+            except FutureTimeoutError:
+                log.warning(
+                    "Debate agent pool timed out after %.1fs; collecting partial results",
+                    timeout_secs,
+                )
+        return results
+
+    def _call_single_agent(
+        self,
+        role: str,
+        sys_prompt: str,
+        user_content: str,
+    ) -> Any:  # -> AgentPerspective
+        """Call one debate agent and return its AgentPerspective."""
+        from src.models.schemas import AgentPerspective
+
+        messages = [
+            {"role": "system", "content": sys_prompt},
+            {"role": "user", "content": user_content},
+        ]
+        response = self._client.beta.chat.completions.parse(
+            model=self._model.id,
+            messages=messages,
+            response_format=AgentPerspective,
+            max_tokens=_REVIEW_MAX_TOKENS,
+        )
+        parsed = response.choices[0].message.parsed
+        if parsed is None:
+            raise ValueError(f"Debate agent '{role}' returned no parsed output")
+        return parsed
+
+    def _synthesize(self, perspectives: list[Any]) -> Any:  # -> DebateReport
+        """Aggregate multiple AgentPerspective results into a DebateReport (rule-based, no LLM)."""
+        from collections import Counter
+
+        from src.models.schemas import DebateReport, Severity
+
+        all_findings = [f for p in perspectives for f in p.findings]
+
+        # Consensus: findings whose message appears in 2+ perspectives
+        msg_counts: Counter[str] = Counter(f.message for f in all_findings)
+        consensus_points = [msg for msg, cnt in msg_counts.items() if cnt > 1]
+
+        # Disagreements: identify confidence-level splits between agents
+        disagreements: list[str] = []
+        confident = [p.role for p in perspectives if p.confidence > 0.6]
+        skeptical = [p.role for p in perspectives if p.confidence <= 0.4]
+        if confident and skeptical:
+            disagreements.append(
+                f"Confidence split — {', '.join(confident)} are confident vs "
+                f"{', '.join(skeptical)} are skeptical"
+            )
+
+        # Missing evidence: roles absent from this debate
+        represented = {p.role for p in perspectives}
+        all_roles = {"architect", "security", "performance", "devil_advocate"}
+        missing_evidence = [
+            f"No perspective from: {r}" for r in sorted(all_roles - represented)
+        ]
+
+        # Approval: block on any CRITICAL finding, or 3+ HIGH findings
+        critical = sum(1 for f in all_findings if f.severity == Severity.CRITICAL)
+        high = sum(1 for f in all_findings if f.severity == Severity.HIGH)
+        approved = critical == 0 and high < 3
+
+        avg_confidence = sum(p.confidence for p in perspectives) / len(perspectives)
+        avg_confidence = min(1.0, max(0.0, avg_confidence))
+
+        role_summaries = "; ".join(f"{p.role}: {p.summary}" for p in perspectives)
+        recommendation = (
+            f"Multi-agent synthesis ({len(perspectives)} agents). {role_summaries}"
+        )
+
+        return DebateReport(
+            perspectives=perspectives,
+            consensus_points=consensus_points,
+            disagreements=disagreements,
+            missing_evidence=missing_evidence,
+            recommendation=recommendation,
+            approved=approved,
+            confidence=avg_confidence,
+        )
+
+    def _single_model_review(self, question: str, context: str) -> Any:  # -> DebateReport
+        """Fallback: run the existing single-model review and wrap it in a DebateReport."""
+        from src.models.schemas import DebateReport
+
+        try:
+            report = self._call_model(f"{question}\n\nContext:\n{context}")
+            return DebateReport(
+                perspectives=[],
+                consensus_points=[],
+                disagreements=[],
+                missing_evidence=[],
+                recommendation=report.summary,
+                approved=report.approved,
+                confidence=report.confidence,
+                debate_skipped=True,
+            )
+        except Exception as exc:  # noqa: BLE001
+            log.warning("Single-model review fallback also failed: %s", exc)
+            return DebateReport(
+                perspectives=[],
+                consensus_points=[],
+                disagreements=[],
+                missing_evidence=[],
+                recommendation="Review failed — no agents responded",
+                approved=True,
+                confidence=0.0,
+                debate_skipped=True,
+            )
+
+
+# ---------------------------------------------------------------------------
+# Helpers
+# ---------------------------------------------------------------------------
+
+def _collect_diff(files: list[Path], project_root: Path) -> str:
+    """Collect git diff output for the given files. Returns empty string on failure."""
+    parts: list[str] = []
+    for p in files[:5]:
+        try:
+            r = subprocess.run(
+                ["git", "diff", "HEAD", "--", str(p)],
+                capture_output=True,
+                text=True,
+                timeout=10,
+                cwd=str(project_root),
+            )
+            if r.stdout.strip():
+                parts.append(r.stdout)
+        except Exception:  # noqa: BLE001
+            pass
+    return "\n".join(parts)
+
+
+def _base_url(provider: str) -> str:
+    from src.models.definitions import PROVIDER_BASE_URLS
+    return PROVIDER_BASE_URLS.get(provider, PROVIDER_BASE_URLS[Provider.GROK])
+
+
+def _truncate_diff(diff: str, max_chars: int) -> str:
+    if len(diff) <= max_chars:
+        return diff
+    return diff[:max_chars] + "\n...(diff truncated)"
+
+
+def _build_review_prompt(
+    files: list[Path], diff: str, reason: str
+) -> str:
+    file_list = ", ".join(f.name for f in files)
+    return (
+        f"Review trigger: {reason}\n"
+        f"Files changed: {file_list}\n\n"
+        f"Diff:\n```\n{diff}\n```\n\n"
+        "Identify all security vulnerabilities, logic errors, and architectural issues. "
+        "Be precise about file:line locations."
+    )
+
+
+_REVIEW_SYSTEM_PROMPT = """You are a senior security engineer reviewing code changes.
+Your job is to find REAL bugs, security vulnerabilities, and architectural flaws.
+Do NOT comment on style, formatting, or cosmetic issues.
+
+CRITICAL: SQL injection, XSS, auth bypass, path traversal, insecure deserialization
+HIGH: Race conditions, memory leaks, incorrect error handling, missing validation
+MEDIUM: Missing tests, inconsistent naming, unclear logic
+LOW: Minor improvements, alternative approaches
+
+Return a JSON object matching the ReviewReport schema exactly.
+approved=true means the code can proceed (findings may still exist at LOW/MEDIUM level).
+approved=false means CRITICAL or multiple HIGH findings block the merge.
+"""
+
+_ADR_SYSTEM_PROMPT = """You are an architecture review expert.
+Analyze the planned task and the files that will be changed.
+Provide an Architecture Decision Record with:
+- A clear, concise decision statement
+- Rationale for this approach
+- Alternatives that were considered and rejected
+- Known risks of this decision
+
+Return a JSON object matching the ADRReport schema exactly.
+"""
+
+_SECURITY_SYSTEM_PROMPT = """You are a security threat modeling expert.
+Analyze this code diff for security vulnerabilities and attack surfaces.
+Focus on concrete, exploitable threats — not hypothetical ones.
+Identify practical mitigations for each attack surface found.
+
+Return a JSON object matching the ThreatModelReport schema exactly.
+"""
+
+_DEBUG_SYSTEM_PROMPT = """You are a debugging expert with deep knowledge of Python.
+Given this error and the previous failed fix attempts, generate ranked hypotheses
+about the root cause. Focus on causes, not symptoms.
+Identify dead ends from the previous attempts to avoid repeating them.
+
+Return a JSON object matching the DebugHypotheses schema exactly.
+"""