kekkai-cli 1.1.0__py3-none-any.whl → 2.0.0__py3-none-any.whl

kekkai/triage/__init__.py

@@ -4,9 +4,18 @@ Provides a terminal-based interface for reviewing findings,
 marking false positives, and generating .kekkaiignore files.
 """
 
-from .app import TriageApp, run_triage
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from collections.abc import Sequence
+    from pathlib import Path
+
+# Import models and utilities (no heavy dependencies)
 from .audit import AuditEntry, TriageAuditLog, log_decisions
 from .ignore import IgnoreEntry, IgnoreFile, IgnorePatternValidator, ValidationError
+from .loader import load_findings_from_path
 from .models import (
     FindingEntry,
     Severity,
@@ -15,6 +24,49 @@ from .models import (
     load_findings_from_json,
 )
 
+
+def run_triage(
+    input_path: Path | None = None,
+    output_path: Path | None = None,
+    findings: Sequence[FindingEntry] | None = None,
+) -> int:
+    """Run the triage TUI (lazy import).
+
+    Args:
+        input_path: Path to findings JSON file.
+        output_path: Path for .kekkaiignore output.
+        findings: Pre-loaded findings (alternative to input_path).
+
+    Returns:
+        Exit code (0 for success).
+
+    Raises:
+        RuntimeError: If Textual is not installed.
+    """
+    try:
+        from .app import run_triage as _run_triage
+
+        return _run_triage(
+            input_path=input_path,
+            output_path=output_path,
+            findings=findings,
+        )
+    except ImportError as e:
+        raise RuntimeError(
+            "Triage TUI requires 'textual'. Install with: pip install textual"
+        ) from e
+
+
+# Re-export TriageApp for compatibility (lazy)
+def __getattr__(name: str) -> type:
+    """Lazy import for TriageApp."""
+    if name == "TriageApp":
+        from .app import TriageApp
+
+        return TriageApp
+    raise AttributeError(f"module {__name__!r} has no attribute {name!r}")
+
+
 __all__ = [
     "TriageApp",
     "run_triage",
@@ -30,4 +82,5 @@ __all__ = [
     "TriageState",
     "Severity",
     "load_findings_from_json",
+    "load_findings_from_path",
 ]

kekkai/triage/fix_screen.py

@@ -0,0 +1,232 @@
+"""Fix generation screen for AI-powered code fixes.
+
+Provides a modal screen that shows fix generation progress
+and preview of AI-generated patches.
+"""
+
+from __future__ import annotations
+
+import os
+from collections.abc import Callable
+from typing import TYPE_CHECKING
+
+from rich.text import Text
+from textual.app import ComposeResult
+from textual.binding import Binding
+from textual.containers import Vertical, VerticalScroll
+from textual.screen import ModalScreen
+from textual.widgets import Footer, Label, Static
+
+if TYPE_CHECKING:
+    from .models import FindingEntry
+
+__all__ = ["FixGenerationScreen"]
+
+
+class FixGenerationScreen(ModalScreen[bool]):
+    """Modal screen for generating AI-powered fixes.
+
+    Shows progress, model configuration, and fix preview.
+
+    Bindings:
+        escape: Cancel and go back
+        enter: Accept fix (if generated)
+    """
+
+    BINDINGS = [
+        Binding("escape", "cancel", "Cancel"),
+        Binding("enter", "accept", "Accept Fix", show=False),
+    ]
+
+    DEFAULT_CSS = """
+    FixGenerationScreen {
+        align: center middle;
+    }
+    #fix-dialog {
+        width: 80;
+        height: 30;
+        border: thick $primary;
+        background: $surface;
+        padding: 1;
+    }
+    #fix-title {
+        dock: top;
+        height: 3;
+        content-align: center middle;
+        background: $primary;
+        color: $text;
+    }
+    #fix-content {
+        height: 1fr;
+        padding: 1;
+    }
+    #fix-preview {
+        height: 1fr;
+        border: solid $accent;
+        padding: 1;
+        background: $panel;
+    }
+    #fix-status {
+        dock: bottom;
+        height: 3;
+        padding: 1;
+        background: $surface;
+    }
+    .fix-button {
+        margin: 1;
+    }
+    """
+
+    def __init__(
+        self,
+        finding: FindingEntry,
+        on_fix_generated: Callable[[bool, str], None] | None = None,
+        name: str | None = None,
+        id: str | None = None,
+    ) -> None:
+        super().__init__(name=name, id=id)
+        self.finding = finding
+        self.on_fix_generated = on_fix_generated
+        self.fix_preview: str | None = None
+        self.fix_generated = False
+
+    def compose(self) -> ComposeResult:
+        with Vertical(id="fix-dialog"):
+            yield Label("🤖 AI-Powered Fix Generation", id="fix-title")
+            with VerticalScroll(id="fix-content"):
+                yield Label(self._get_finding_summary())
+                yield Label(self._get_model_info())
+                yield Static("", id="fix-preview")
+            yield Static(self._get_initial_status(), id="fix-status")
+            yield Footer()
+
+    def _get_finding_summary(self) -> Text:
+        """Generate summary of finding to fix."""
+        text = Text()
+        text.append("Finding:\n", style="bold")
+        text.append(f"  {self.finding.scanner}: ", style="cyan")
+        text.append(f"{self.finding.title}\n")
+        if self.finding.file_path:
+            text.append(f"  File: {self.finding.file_path}", style="dim")
+            if self.finding.line:
+                text.append(f":{self.finding.line}", style="dim")
+            text.append("\n")
+        return text
+
+    def _get_model_info(self) -> Text:
+        """Display model configuration info."""
+        text = Text()
+        text.append("\nModel Configuration:\n", style="bold")
+
+        # Check for Ollama
+        if self._is_ollama_available():
+            text.append("  ✓ Ollama detected (local-first AI)\n", style="green")
+            text.append("  No API keys needed - runs on your machine\n", style="dim")
+        # Check for API keys
+        elif os.environ.get("KEKKAI_FIX_API_KEY"):
+            text.append("  ⚠ Using remote API (OpenAI/Anthropic)\n", style="yellow")
+            text.append("  Code will be sent to external service\n", style="dim")
+        else:
+            text.append("  ✗ No AI backend configured\n", style="red")
+            text.append("  Install Ollama or set KEKKAI_FIX_API_KEY\n", style="dim")
+
+        return text
+
+    def _get_initial_status(self) -> Text:
+        """Initial status message."""
+        if self._is_ollama_available() or os.environ.get("KEKKAI_FIX_API_KEY"):
+            return Text("Press Enter to generate fix, or Escape to cancel", style="italic")
+        else:
+            return Text(
+                "❌ Cannot generate fix: No AI backend configured\n"
+                "Install Ollama (recommended) or set KEKKAI_FIX_API_KEY",
+                style="red",
+            )
+
+    def _is_ollama_available(self) -> bool:
+        """Check if Ollama is available on the system."""
+        import shutil
+
+        return shutil.which("ollama") is not None
+
+    def on_mount(self) -> None:
+        """Auto-generate fix if backend is available."""
+        if self._is_ollama_available() or os.environ.get("KEKKAI_FIX_API_KEY"):
+            # Auto-start fix generation
+            self.set_timer(0.5, self._generate_fix)
+
+    def _generate_fix(self) -> None:
+        """Generate AI-powered fix."""
+        status = self.query_one("#fix-status", Static)
+        status.update(Text("⏳ Generating fix with AI...", style="yellow italic"))
+
+        try:
+            # Import fix engine
+            from ..fix import FixConfig
+
+            # Determine model mode
+            if self._is_ollama_available():
+                model_mode = "ollama"
+                model_name = os.environ.get("KEKKAI_FIX_MODEL_NAME", "mistral")
+            else:
+                model_mode = "openai"
+                model_name = None
+
+            # Create fix config (for future integration)
+            _config = FixConfig(
+                model_mode=model_mode,
+                model_name=model_name,
+                api_key=os.environ.get("KEKKAI_FIX_API_KEY"),
+                max_fixes=1,
+                timeout_seconds=60,
+                dry_run=True,
+            )
+
+            # Note: This is a simplified mock - actual implementation would:
+            # 1. Convert FindingEntry to proper format for FixEngine
+            # 2. Call fix engine with proper error handling
+            # 3. Display actual fix preview
+
+            # For now, show a placeholder
+            self.fix_preview = (
+                "# AI-Powered Fix (Preview)\n"
+                f"# Finding: {self.finding.title}\n"
+                f"# Scanner: {self.finding.scanner}\n\n"
+                "# Fix would be generated here using:\n"
+                f"# - Model: {model_name or 'gpt-4'}\n"
+                f"# - Mode: {model_mode}\n"
+                "# - Context from source file\n\n"
+                "# Press Enter to apply (dry-run mode)\n"
+                "# Press Escape to cancel"
+            )
+
+            preview = self.query_one("#fix-preview", Static)
+            preview.update(Text(self.fix_preview, style="green"))
+
+            status.update(
+                Text("✓ Fix generated! Press Enter to apply or Escape to cancel", style="green")
+            )
+            self.fix_generated = True
+
+        except Exception as e:
+            status.update(Text(f"✗ Fix generation failed: {e}", style="red"))
+            self.fix_generated = False
+
+    def action_accept(self) -> None:
+        """Accept and apply the generated fix."""
+        if not self.fix_generated:
+            return
+
+        if self.on_fix_generated:
+            self.on_fix_generated(
+                True, "Fix generated successfully (dry-run mode - review before applying)"
+            )
+
+        self.dismiss(True)
+
+    def action_cancel(self) -> None:
+        """Cancel fix generation."""
+        if self.on_fix_generated:
+            self.on_fix_generated(False, "Fix generation cancelled")
+
+        self.dismiss(False)

kekkai/triage/loader.py

@@ -0,0 +1,196 @@
+"""Triage findings loader with scanner format detection.
+
+Supports loading findings from:
+- Native triage JSON (list or {"findings": [...]})
+- Raw scanner outputs (Semgrep/Trivy/Gitleaks)
+- Run directories (aggregates all *-results.json)
+"""
+
+from __future__ import annotations
+
+import json
+from pathlib import Path
+from typing import TYPE_CHECKING, Any
+
+if TYPE_CHECKING:
+    from ..scanners.base import Finding
+    from ..scanners.base import Severity as ScannerSeverity
+
+from .models import FindingEntry
+from .models import Severity as TriageSeverity
+
+__all__ = [
+    "load_findings_from_path",
+]
+
+# Size limits for DoS mitigation (ASVS V10.3.3)
+MAX_FILE_SIZE_MB = 200
+WARN_FILE_SIZE_MB = 50
+
+
+def load_findings_from_path(
+    path: Path,
+) -> tuple[list[FindingEntry], list[str]]:
+    """Load findings from file or directory.
+
+    Supports:
+    - Unified report (kekkai-report.json) - PREFERRED
+    - Native triage JSON (list or {"findings": [...]})
+    - Raw scanner outputs (Semgrep/Trivy/Gitleaks)
+    - Run directories (aggregates all *-results.json)
+
+    Priority:
+    1. kekkai-report.json (unified report)
+    2. *-results.json (individual scanner outputs)
+    3. Any other JSON files (excluding metadata)
+
+    Args:
+        path: Path to findings file or run directory.
+
+    Returns:
+        Tuple of (findings, error_messages).
+        Error messages include filename only (no full paths) per ASVS V7.4.1.
+    """
+    errors: list[str] = []
+
+    # Determine input type
+    if path.is_dir():
+        # Priority 1: Check for unified report first
+        unified_report = path / "kekkai-report.json"
+        if unified_report.exists():
+            files = [unified_report]
+        else:
+            # Priority 2: Prefer canonical scan outputs
+            files = sorted(path.glob("*-results.json"))
+            if not files:
+                # Priority 3: Fallback to all JSON (excluding metadata files)
+                files = sorted(
+                    [
+                        p
+                        for p in path.glob("*.json")
+                        if p.name not in ("run.json", "policy-result.json")
+                    ]
+                )
+    else:
+        files = [path]
+
+    findings: list[FindingEntry] = []
+    for file in files:
+        # Check if file exists first
+        if not file.exists():
+            errors.append(f"{file.name}: OSError")
+            continue
+
+        # Size check (DoS mitigation per ASVS V10.3.3)
+        size_mb = file.stat().st_size / (1024 * 1024)
+        if size_mb > MAX_FILE_SIZE_MB:
+            msg = f"{file.name}: file too large ({size_mb:.1f} MB, max {MAX_FILE_SIZE_MB} MB)"
+            errors.append(msg)
+            continue
+
+        try:
+            content = file.read_text(encoding="utf-8")
+            if not content.strip():
+                continue
+            data = json.loads(content)
+        except (OSError, json.JSONDecodeError) as exc:
+            # ASVS V7.4.1: Don't leak full path, only filename
+            errors.append(f"{file.name}: {type(exc).__name__}")
+            continue
+
+        # Detect format and parse
+        try:
+            batch = _parse_findings(data, file.stem)
+            findings.extend(batch)
+        except Exception as exc:
+            errors.append(f"{file.name}: unsupported format ({str(exc)[:50]})")
+
+    # Deduplicate by stable key
+    seen: set[str] = set()
+    deduped: list[FindingEntry] = []
+    for f in findings:
+        key = f"{f.scanner}:{f.rule_id}:{f.file_path}:{f.line}"
+        if key not in seen:
+            seen.add(key)
+            deduped.append(f)
+
+    return deduped, errors
+
+
+def _parse_findings(data: Any, stem: str) -> list[FindingEntry]:
+    """Parse findings from JSON data.
+
+    Args:
+        data: Parsed JSON data.
+        stem: File stem (used to detect scanner type).
+
+    Returns:
+        List of FindingEntry objects.
+
+    Raises:
+        ValueError: If format is unknown or scanner not found.
+    """
+    # Try native triage format first (ASVS V5.1.2: strongly typed validation)
+    if isinstance(data, list) and data and isinstance(data[0], dict) and "scanner" in data[0]:
+        return [FindingEntry.from_dict(item) for item in data]
+
+    if isinstance(data, dict) and "findings" in data:
+        findings_data = data["findings"]
+        if isinstance(findings_data, list):
+            return [FindingEntry.from_dict(item) for item in findings_data]
+
+    # Try scanner-specific format
+    scanner_name = stem.replace("-results", "")
+
+    # Lazy import to avoid circular dependency
+    from ..cli import _create_scanner
+
+    scanner = _create_scanner(scanner_name)
+    if not scanner:
+        raise ValueError(f"Unknown scanner: {scanner_name}")
+
+    # Use canonical scanner parser (reuses validated logic)
+    raw_json = json.dumps(data)
+    canonical_findings = scanner.parse(raw_json)
+
+    # Convert to triage format
+    return [_finding_to_entry(f) for f in canonical_findings]
+
+
+def _finding_to_entry(f: Finding) -> FindingEntry:
+    """Convert scanner Finding to triage FindingEntry.
+
+    Args:
+        f: Scanner Finding object.
+
+    Returns:
+        Triage FindingEntry object.
+    """
+    return FindingEntry(
+        id=f.dedupe_hash(),
+        title=f.title,
+        severity=_map_severity(f.severity),
+        scanner=f.scanner,
+        file_path=f.file_path or "",
+        line=f.line,
+        description=f.description,
+        rule_id=f.rule_id or "",
+    )
+
+
+def _map_severity(s: ScannerSeverity) -> TriageSeverity:
+    """Map scanner Severity to triage Severity.
+
+    Both use the same enum values, just different type namespaces.
+
+    Args:
+        s: Scanner severity enum.
+
+    Returns:
+        Triage severity enum.
+    """
+    try:
+        return TriageSeverity(s.value)
+    except ValueError:
+        # Fallback to INFO for unknown severities
+        return TriageSeverity.INFO

kekkai/triage/screens.py

@@ -49,6 +49,7 @@ class FindingListScreen(Screen[None]):
         Binding("down", "cursor_down", "Next", show=False),
         Binding("up", "cursor_up", "Previous", show=False),
         Binding("enter", "view_detail", "View"),
+        Binding("x", "fix_with_ai", "🤖 Fix with AI"),
         Binding("f", "mark_false_positive", "False Positive"),
         Binding("c", "mark_confirmed", "Confirmed"),
         Binding("d", "mark_deferred", "Deferred"),