invar-tools 1.17.12__py3-none-any.whl → 1.17.21__py3-none-any.whl

invar/mcp/handlers.py

@@ -427,11 +427,24 @@ async def _execute_command(
             timeout=timeout,
         )
 
+        stdout = result.stdout.strip()
+
+        # Try to parse as JSON
         try:
-            parsed = json.loads(result.stdout)
+            parsed = json.loads(stdout)
             return ([TextContent(type="text", text=json.dumps(parsed, indent=2))], parsed)
         except json.JSONDecodeError:
-            output = result.stdout
+            # Try to fix unescaped newlines in JSON strings
+            # Guard/map commands may output multiline JSON with literal newlines
+            fixed = _fix_json_newlines(stdout)
+            try:
+                parsed = json.loads(fixed)
+                return ([TextContent(type="text", text=json.dumps(parsed, indent=2))], parsed)
+            except json.JSONDecodeError:
+                pass
+
+            # Fall back to text output
+            output = stdout
             if result.stderr:
                 output += f"\n\nStderr:\n{result.stderr}"
             return [TextContent(type="text", text=output)]
@@ -440,3 +453,46 @@ async def _execute_command(
         return [TextContent(type="text", text=f"Error: Command timed out ({timeout}s)")]
     except Exception as e:
         return [TextContent(type="text", text=f"Error: {e}")]
+
+
+# @invar:allow shell_too_complex: Simple state machine, 6 branches is minimal
+# @invar:allow shell_pure_logic: No I/O, but called from shell context
+# @invar:allow shell_result: Pure transformation, returns str not Result
+def _fix_json_newlines(text: str) -> str:
+    """Fix unescaped newlines in JSON strings.
+
+    When subprocess outputs multiline JSON, newlines inside string values
+    are not escaped, causing json.loads() to fail. This function escapes them.
+
+    DX-33: Escape hatch for complex pure logic helper.
+    """
+    result = []
+    i = 0
+    while i < len(text):
+        if text[i] == '"':
+            # Inside a string - collect until closing quote
+            result.append('"')
+            i += 1
+            while i < len(text):
+                c = text[i]
+                if c == "\\" and i + 1 < len(text):
+                    # Escaped character - keep as is
+                    result.append("\\")
+                    result.append(text[i + 1])
+                    i += 2
+                elif c == '"':
+                    # End of string
+                    result.append('"')
+                    i += 1
+                    break
+                elif c == "\n" or c == "\r":
+                    # Unescaped newline - escape it
+                    result.append("\\n")
+                    i += 1
+                else:
+                    result.append(c)
+                    i += 1
+        else:
+            result.append(text[i])
+            i += 1
+    return "".join(result)

invar/node_tools/eslint-plugin/cli.js

@@ -16,11 +16,61 @@
 import { ESLint } from 'eslint';
 import { resolve, dirname } from 'path';
 import { statSync, realpathSync } from 'fs';
+import { spawnSync } from 'child_process';
 import { fileURLToPath } from 'url';
+import { createRequire } from 'module';
 import plugin from './index.js';
 // Get the directory where this CLI script is located (embedded in site-packages)
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
+
+const require = createRequire(import.meta.url);
+
+function resolveTsParser(projectPath) {
+    try {
+        const tseslintEntry = require.resolve('typescript-eslint', { paths: [projectPath] });
+        if (tseslintEntry) {
+            const tseslintRoot = dirname(dirname(tseslintEntry));
+            return require.resolve('@typescript-eslint/parser', { paths: [tseslintRoot] });
+        }
+    }
+    catch {
+    }
+
+    try {
+        return require.resolve('@typescript-eslint/parser', { paths: [projectPath] });
+    }
+    catch {
+    }
+
+    try {
+        return require.resolve('@typescript-eslint/parser', { paths: [__dirname] });
+    }
+    catch {
+        return null;
+    }
+}
+function _gitLsFiles(projectPath) {
+    const check = spawnSync('git', ['-C', projectPath, 'rev-parse', '--is-inside-work-tree'], {
+        encoding: 'utf8',
+        timeout: 2000,
+    });
+    if (check.status !== 0) {
+        return null;
+    }
+
+    const ls = spawnSync('git', ['-C', projectPath, 'ls-files', '-z', '--', '*.ts', '*.tsx'], {
+        encoding: 'utf8',
+        timeout: 15000,
+    });
+    if (ls.status !== 0 || !ls.stdout) {
+        return null;
+    }
+
+    const files = ls.stdout.split('\0').filter(Boolean);
+    return files.length > 0 ? files : null;
+}
+
 function parseArgs(args) {
     const projectPath = args.find(arg => !arg.startsWith('--')) || '.';
     const configArg = args.find(arg => arg.startsWith('--config='));
@@ -93,44 +143,35 @@ async function main() {
             console.error(`Config "${args.config}" not found or invalid`);
             process.exit(1);
         }
-        // Create ESLint instance with programmatic configuration
-        // Use __dirname (where CLI is located) for module resolution
-        // This allows ESLint to find embedded node_modules in site-packages
-        const eslint = new ESLint({
-            useEslintrc: false, // Don't load .eslintrc files
-            cwd: __dirname, // Use CLI location for module resolution (embedded node_modules)
-            resolvePluginsRelativeTo: __dirname, // Resolve plugins from embedded location
-            baseConfig: {
-                parser: '@typescript-eslint/parser', // Will resolve from __dirname/node_modules
-                parserOptions: {
-                    ecmaVersion: 2022,
-                    sourceType: 'module',
-                },
-                plugins: ['@invar'],
-                rules: selectedConfig.rules,
-            },
-            plugins: {
-                '@invar': plugin, // Register plugin directly
-            },
-        }); // Type assertion for ESLint config complexity
-        // Lint the project - detect if path is a file or directory
-        // ESLint defaults to .js only, so we need glob patterns for .ts/.tsx
+        const tsParser = resolveTsParser(projectPath);
+        if (!tsParser) {
+            console.error("ESLint failed: Failed to load TypeScript parser.");
+            console.error("Install either 'typescript-eslint' or '@typescript-eslint/parser' in your project.");
+            process.exit(1);
+        }
+
         let filesToLint;
+        let lintCwd = projectPath;
+        let globInputPaths = true;
         try {
             const stats = statSync(projectPath);
-            // Note: Advisory check for optimization - TOCTOU race condition is acceptable
-            // because ESLint will handle file system changes gracefully during actual linting
             if (stats.isFile()) {
-                // Single file - lint it directly
+                lintCwd = dirname(projectPath);
                 filesToLint = [projectPath];
+                globInputPaths = false;
             }
             else if (stats.isDirectory()) {
-                // Directory - use glob patterns for TypeScript files primarily
-                // Note: Focus on TypeScript files as this is a TypeScript Guard tool
-                filesToLint = [
-                    `${projectPath}/**/*.ts`,
-                    `${projectPath}/**/*.tsx`,
-                ];
+                const gitFiles = _gitLsFiles(projectPath);
+                if (gitFiles) {
+                    filesToLint = gitFiles;
+                    globInputPaths = false;
+                }
+                else {
+                    filesToLint = [
+                        "**/*.ts",
+                        "**/*.tsx",
+                    ];
+                }
             }
             else {
                 console.error(`Error: Path is neither a file nor a directory: ${projectPath}`);
@@ -142,6 +183,39 @@ async function main() {
             console.error(`Error: Cannot access path: ${errorMessage}`);
             process.exit(1);
         }
+
+        const eslint = new ESLint({
+            useEslintrc: false,
+            cwd: lintCwd,
+            resolvePluginsRelativeTo: __dirname,
+            errorOnUnmatchedPattern: false,
+            globInputPaths,
+            baseConfig: {
+                parser: tsParser,
+                parserOptions: {
+                    ecmaVersion: 2022,
+                    sourceType: 'module',
+                },
+                plugins: ['@invar'],
+                rules: selectedConfig.rules,
+                ignorePatterns: [
+                    '**/node_modules/**',
+                    '**/.next/**',
+                    '**/dist/**',
+                    '**/build/**',
+                    '**/.cache/**',
+                    '**/coverage/**',
+                    '**/.turbo/**',
+                    '**/.vercel/**',
+                    '**/playwright-report/**',
+                    '**/test-results/**',
+                ],
+            },
+            plugins: {
+                '@invar': plugin, // Register plugin directly
+            },
+        });
+
         const results = await eslint.lintFiles(filesToLint);
         // Output in standard ESLint JSON format (compatible with guard_ts.py)
         const formatter = await eslint.loadFormatter('json');

invar/node_tools/eslint-plugin/rules/require-schema-validation.js

@@ -77,49 +77,58 @@ function matchesEnforcePattern(filePath, patterns) {
 function isZodType(typeAnnotation) {
     return ZOD_TYPE_PATTERNS.some(pattern => pattern.test(typeAnnotation));
 }
-function hasParseCall(body, paramName) {
+function collectParseArgs(body, visitorKeys) {
+    const parsed = new Set();
     if (!body)
-        return false;
-    let found = false;
-    const MAX_DEPTH = 50; // Prevent stack overflow on deeply nested types
-    const visit = (node, depth = 0) => {
-        if (found)
-            return;
+        return parsed;
+
+    const MAX_DEPTH = 50;
+    const stack = [{ node: body, depth: 0 }];
+
+    while (stack.length > 0) {
+        const current = stack.pop();
+        if (!current)
+            continue;
+        const node = current.node;
+        const depth = current.depth;
+        if (!node || typeof node !== 'object')
+            continue;
         if (depth > MAX_DEPTH)
-            return; // Depth limit to prevent stack overflow
+            continue;
+
         if (node.type === 'CallExpression') {
             const callee = node.callee;
-            if (callee.type === 'MemberExpression') {
+            if (callee && callee.type === 'MemberExpression') {
                 const property = callee.property;
-                if (property.type === 'Identifier' &&
-                    (property.name === 'parse' || property.name === 'safeParse')) {
-                    // Check if argument is our param
-                    if (node.arguments.some(arg => arg.type === 'Identifier' && arg.name === paramName)) {
-                        found = true;
-                        return;
+                if (property && property.type === 'Identifier' && (property.name === 'parse' || property.name === 'safeParse')) {
+                    for (const arg of node.arguments || []) {
+                        if (arg && arg.type === 'Identifier') {
+                            parsed.add(arg.name);
+                        }
                     }
                 }
             }
         }
-        // Recursively visit children with depth tracking
-        for (const key of Object.keys(node)) {
+
+        const keys = (visitorKeys && node.type && visitorKeys[node.type]) || [];
+        for (const key of keys) {
             const value = node[key];
-            if (value && typeof value === 'object') {
-                if (Array.isArray(value)) {
-                    for (const item of value) {
-                        if (item && typeof item === 'object' && 'type' in item) {
-                            visit(item, depth + 1);
-                        }
+            if (!value)
+                continue;
+            if (Array.isArray(value)) {
+                for (const item of value) {
+                    if (item && typeof item === 'object' && item.type) {
+                        stack.push({ node: item, depth: depth + 1 });
                     }
                 }
-                else if ('type' in value) {
-                    visit(value, depth + 1);
-                }
+            }
+            else if (typeof value === 'object' && value.type) {
+                stack.push({ node: value, depth: depth + 1 });
             }
         }
-    };
-    visit(body);
-    return found;
+    }
+
+    return parsed;
 }
 export const requireSchemaValidation = {
     meta: {
@@ -206,49 +215,54 @@ export const requireSchemaValidation = {
         }
         function checkFunction(node, params) {
             const functionName = getFunctionName(node);
-            // Skip if shouldn't check based on mode
             if (!shouldCheck(functionName)) {
                 return;
             }
+
             const body = 'body' in node ? node.body : null;
+            const zodParams = params.filter((p) => p.typeAnnotation && isZodType(p.typeAnnotation) && p.name && p.name !== '{...}' && p.name !== '[...]');
+            if (zodParams.length === 0) {
+                return;
+            }
+
+            const parsedArgs = collectParseArgs(body, sourceCode.visitorKeys);
             const isRiskFunction = isHighRiskFunction(functionName, filename);
-            for (const param of params) {
-                if (param.typeAnnotation && isZodType(param.typeAnnotation)) {
-                    if (!hasParseCall(body, param.name)) {
-                        // Extract schema name from type annotation (e.g., "z.infer<typeof UserSchema>" -> "UserSchema")
-                        const schemaMatch = param.typeAnnotation.match(/typeof\s+(\w+)/);
-                        const schemaName = schemaMatch ? schemaMatch[1] : 'Schema';
-                        const validatedVarName = `validated${param.name.charAt(0).toUpperCase()}${param.name.slice(1)}`;
-                        context.report({
-                            node: node,
-                            messageId: isRiskFunction ? 'missingValidationRisk' : 'missingValidation',
-                            data: {
-                                name: param.name,
-                                functionName: functionName,
-                            },
-                            suggest: [
-                                {
-                                    messageId: 'addParseCall',
-                                    data: { name: param.name },
-                                    fix(fixer) {
-                                        // Find the opening brace of the function body
-                                        if (!body || body.type !== 'BlockStatement')
-                                            return null;
-                                        const blockBody = body;
-                                        if (!blockBody.body || blockBody.body.length === 0)
-                                            return null;
-                                        const firstStatement = blockBody.body[0];
-                                        // Detect indentation from the first statement
-                                        const firstStatementStart = firstStatement.loc?.start.column ?? 2;
-                                        const indent = ' '.repeat(firstStatementStart);
-                                        const parseCode = `const ${validatedVarName} = ${schemaName}.parse(${param.name});\n${indent}`;
-                                        return fixer.insertTextBefore(firstStatement, parseCode);
-                                    },
-                                },
-                            ],
-                        });
-                    }
+
+            for (const param of zodParams) {
+                if (parsedArgs.has(param.name)) {
+                    continue;
                 }
+
+                const schemaMatch = param.typeAnnotation.match(/typeof\s+(\w+)/);
+                const schemaName = schemaMatch ? schemaMatch[1] : 'Schema';
+                const validatedVarName = `validated${param.name.charAt(0).toUpperCase()}${param.name.slice(1)}`;
+
+                context.report({
+                    node: node,
+                    messageId: isRiskFunction ? 'missingValidationRisk' : 'missingValidation',
+                    data: {
+                        name: param.name,
+                        functionName: functionName,
+                    },
+                    suggest: [
+                        {
+                            messageId: 'addParseCall',
+                            data: { name: param.name },
+                            fix(fixer) {
+                                if (!body || body.type !== 'BlockStatement')
+                                    return null;
+                                const blockBody = body;
+                                if (!blockBody.body || blockBody.body.length === 0)
+                                    return null;
+                                const firstStatement = blockBody.body[0];
+                                const firstStatementStart = firstStatement.loc?.start.column ?? 2;
+                                const indent = ' '.repeat(firstStatementStart);
+                                const parseCode = `const ${validatedVarName} = ${schemaName}.parse(${param.name});\n${indent}`;
+                                return fixer.insertTextBefore(firstStatement, parseCode);
+                            },
+                        },
+                    ],
+                });
             }
         }
         /**

invar/shell/commands/guard.py

@@ -6,6 +6,8 @@ Shell module: handles user interaction and file I/O.
 
 from __future__ import annotations
 
+import os
+import sys
 from pathlib import Path
 
 import typer
@@ -17,7 +19,7 @@ from invar import __version__
 from invar.core.models import GuardReport, RuleConfig
 from invar.core.rules import check_all_rules
 from invar.core.utils import get_exit_code
-from invar.shell.config import find_project_root, load_config
+from invar.shell.config import find_project_root, find_pyproject_root, load_config
 from invar.shell.fs import scan_project
 from invar.shell.guard_output import output_agent, output_rich
 
@@ -190,12 +192,28 @@ def guard(
         ts_result = run_typescript_guard(path if path.is_dir() else find_project_root(path))
         match ts_result:
             case Success(result):
-                import json as json_mod
+                if human:
+                    # Human-readable Rich output
+                    from invar.shell.prove.guard_ts import format_typescript_guard_v2
+
+                    output = format_typescript_guard_v2(result)
+                    console.print(f"[bold]TypeScript Guard[/bold] ({project_language})")
+                    if result.status == "passed":
+                        console.print("[green]✓ PASSED[/green]")
+                    elif result.status == "skipped":
+                        console.print("[yellow]⚠ SKIPPED[/yellow] (no TypeScript tools available)")
+                    else:
+                        console.print(f"[red]✗ FAILED[/red] ({result.error_count} errors)")
+                        for v in result.violations[:10]:  # Show first 10
+                            console.print(f"  {v.file}:{v.line}: [{v.severity}] {v.message}")
+                else:
+                    # JSON output for agents
+                    import json as json_mod
 
-                from invar.shell.prove.guard_ts import format_typescript_guard_v2
+                    from invar.shell.prove.guard_ts import format_typescript_guard_v2
 
-                output = format_typescript_guard_v2(result)
-                console.print(json_mod.dumps(output, indent=2))
+                    output = format_typescript_guard_v2(result)
+                    console.print(json_mod.dumps(output, indent=2))
                 raise typer.Exit(0 if result.status == "passed" else 1)
             case Failure(err):
                 console.print(f"[red]Error:[/red] {err}")
@@ -209,7 +227,27 @@ def guard(
             console.print(f"[red]Error:[/red] {path} is not a Python file")
             raise typer.Exit(1)
         single_file = path.resolve()
-        path = find_project_root(path)
+
+    pyproject_root = find_pyproject_root(single_file if single_file else path)
+    if pyproject_root is None:
+        console.print(
+            "[red]Error:[/red] pyproject.toml not found (searched upward from the target path)"
+        )
+        raise typer.Exit(1)
+    path = pyproject_root
+
+    from invar.shell.subprocess_env import get_uvx_respawn_command
+
+    cmd = get_uvx_respawn_command(
+        project_root=path,
+        argv=sys.argv[1:],
+        tool_name=Path(sys.argv[0]).name,
+        invar_tools_version=__version__,
+    )
+    if cmd is not None:
+        env = os.environ.copy()
+        env["INVAR_UVX_RESPAWNED"] = "1"
+        os.execvpe(cmd[0], cmd, env)
 
     # Load and configure
     config_result = load_config(path)
@@ -357,6 +395,7 @@ def guard(
 
         # Phase 1: Doctests (DX-37: with optional coverage)
         doctest_passed, doctest_output, doctest_coverage = run_doctests_phase(
+            path,
             checked_files,
             explain,
             timeout=config.timeout_doctest,
@@ -377,6 +416,7 @@ def guard(
 
         # Phase 3: Hypothesis property tests (DX-37: with optional coverage)
         property_passed, property_output, property_coverage = run_property_tests_phase(
+            path,
             checked_files,
             doctest_passed,
             static_exit_code,

invar/shell/config.py

@@ -39,11 +39,27 @@ class ModuleType(Enum):
 
 
 # I/O libraries that indicate Shell module (for AST import checking)
-_IO_LIBRARIES = frozenset([
-    "os", "sys", "subprocess", "pathlib", "shutil", "io", "socket",
-    "requests", "aiohttp", "httpx", "urllib", "sqlite3", "psycopg2",
-    "pymongo", "sqlalchemy", "typer", "click",
-])
+_IO_LIBRARIES = frozenset(
+    [
+        "os",
+        "sys",
+        "subprocess",
+        "pathlib",
+        "shutil",
+        "io",
+        "socket",
+        "requests",
+        "aiohttp",
+        "httpx",
+        "urllib",
+        "sqlite3",
+        "psycopg2",
+        "pymongo",
+        "sqlalchemy",
+        "typer",
+        "click",
+    ]
+)
 
 # Contract decorator names
 _CONTRACT_DECORATORS = frozenset(["pre", "post", "invariant"])
@@ -226,6 +242,7 @@ def auto_detect_module_type(source: str, file_path: str = "") -> ModuleType:
     # Unknown: neither clear pattern
     return ModuleType.UNKNOWN
 
+
 if TYPE_CHECKING:
     from pathlib import Path
 
@@ -268,6 +285,20 @@ def _find_config_source(project_root: Path) -> Result[tuple[Path | None, ConfigS
 
 
 # @shell_complexity: Project root discovery requires checking multiple markers
+def find_pyproject_root(start_path: "Path") -> "Path | None":  # noqa: UP037
+    from pathlib import Path
+
+    current = Path(start_path).resolve()
+    if current.is_file():
+        current = current.parent
+
+    for parent in [current, *current.parents]:
+        if (parent / "pyproject.toml").exists():
+            return parent
+
+    return None
+
+
 def find_project_root(start_path: "Path") -> "Path":  # noqa: UP037
     """
     Find project root by walking up from start_path looking for config files.
@@ -492,6 +523,7 @@ def classify_file(
     else:
         # Log warning about config error, use defaults
         import logging
+
         logging.getLogger(__name__).debug(
             "Pattern classification failed: %s, using defaults", pattern_result.failure()
         )
@@ -503,6 +535,7 @@ def classify_file(
     else:
         # Log warning about config error, use defaults
         import logging
+
         logging.getLogger(__name__).debug(
             "Path classification failed: %s, using defaults", path_result.failure()
         )

invar/shell/git.py

@@ -7,13 +7,10 @@ Shell module: handles git I/O for changed file detection.
 from __future__ import annotations
 
 import subprocess
-from typing import TYPE_CHECKING
+from pathlib import Path
 
 from returns.result import Failure, Result, Success
 
-if TYPE_CHECKING:
-    from pathlib import Path
-
 
 def _run_git(args: list[str], cwd: Path) -> Result[str, str]:
     """Run a git command and return stdout."""
@@ -49,27 +46,29 @@ def get_changed_files(project_root: Path) -> Result[set[Path], str]:
         >>> isinstance(result, (Success, Failure))
         True
     """
-    # Verify git repo
     check = _run_git(["rev-parse", "--git-dir"], project_root)
     if isinstance(check, Failure):
         return Failure(f"Not a git repository: {project_root}")
 
+    repo_root_result = _run_git(["rev-parse", "--show-toplevel"], project_root)
+    if isinstance(repo_root_result, Failure):
+        return Failure(repo_root_result.failure())
+
+    repo_root = Path(repo_root_result.unwrap().strip())
+
     changed: set[Path] = set()
 
-    # Staged changes
     staged = _run_git(["diff", "--cached", "--name-only"], project_root)
     if isinstance(staged, Success):
-        changed.update(_parse_py_files(staged.unwrap(), project_root))
+        changed.update(_parse_py_files(staged.unwrap(), repo_root))
 
-    # Unstaged changes
     unstaged = _run_git(["diff", "--name-only"], project_root)
     if isinstance(unstaged, Success):
-        changed.update(_parse_py_files(unstaged.unwrap(), project_root))
+        changed.update(_parse_py_files(unstaged.unwrap(), repo_root))
 
-    # Untracked files
     untracked = _run_git(["ls-files", "--others", "--exclude-standard"], project_root)
     if isinstance(untracked, Success):
-        changed.update(_parse_py_files(untracked.unwrap(), project_root))
+        changed.update(_parse_py_files(untracked.unwrap(), repo_root))
 
     return Success(changed)