llmcode-cli 1.0.0__py3-none-any.whl

llm_code/analysis/python_rules.py

@@ -0,0 +1,311 @@
+"""Python AST-based code analysis rules."""
+from __future__ import annotations
+
+import ast
+from pathlib import PurePosixPath
+
+from llm_code.analysis.rules import Rule, RuleRegistry, Violation
+
+
+def check_bare_except(
+    file_path: str, content: str, tree: ast.Module | None = None
+) -> list[Violation]:
+    """Detect bare except clauses (except without a type)."""
+    if tree is None:
+        return []
+    violations: list[Violation] = []
+    for node in ast.walk(tree):
+        if isinstance(node, ast.ExceptHandler) and node.type is None:
+            violations.append(
+                Violation(
+                    rule_key="bare-except",
+                    severity="high",
+                    file_path=file_path,
+                    line=node.lineno,
+                    message="Bare except clause",
+                )
+            )
+    return violations
+
+
+def check_empty_except(
+    file_path: str, content: str, tree: ast.Module | None = None
+) -> list[Violation]:
+    """Detect except blocks with only pass or ellipsis."""
+    if tree is None:
+        return []
+    violations: list[Violation] = []
+    for node in ast.walk(tree):
+        if isinstance(node, ast.ExceptHandler):
+            body = node.body
+            if len(body) == 1:
+                stmt = body[0]
+                is_pass = isinstance(stmt, ast.Pass)
+                is_ellipsis = (
+                    isinstance(stmt, ast.Expr)
+                    and isinstance(stmt.value, ast.Constant)
+                    and stmt.value.value is ...
+                )
+                if is_pass or is_ellipsis:
+                    violations.append(
+                        Violation(
+                            rule_key="empty-except",
+                            severity="medium",
+                            file_path=file_path,
+                            line=node.lineno,
+                            message="Empty except block",
+                        )
+                    )
+    return violations
+
+
+def check_unused_import(
+    file_path: str, content: str, tree: ast.Module | None = None
+) -> list[Violation]:
+    """Detect imported names that are never referenced in the file."""
+    if tree is None:
+        return []
+    # Skip __init__.py files (re-exports)
+    if PurePosixPath(file_path).name == "__init__.py":
+        return []
+
+    # Collect imported names -> line numbers
+    imported: dict[str, int] = {}
+    for node in ast.walk(tree):
+        if isinstance(node, ast.Import):
+            for alias in node.names:
+                name = alias.asname or alias.name.split(".")[0]
+                imported[name] = node.lineno
+        elif isinstance(node, ast.ImportFrom):
+            for alias in node.names:
+                if alias.name == "*":
+                    continue
+                name = alias.asname or alias.name
+                imported[name] = node.lineno
+
+    if not imported:
+        return []
+
+    # Collect all Name references
+    used_names: set[str] = set()
+    for node in ast.walk(tree):
+        if isinstance(node, ast.Name):
+            used_names.add(node.id)
+
+    violations: list[Violation] = []
+    for name, lineno in sorted(imported.items(), key=lambda x: x[1]):
+        if name not in used_names:
+            violations.append(
+                Violation(
+                    rule_key="unused-import",
+                    severity="low",
+                    file_path=file_path,
+                    line=lineno,
+                    message=f"Unused import: {name}",
+                )
+            )
+    return violations
+
+
+def check_star_import(
+    file_path: str, content: str, tree: ast.Module | None = None
+) -> list[Violation]:
+    """Detect wildcard imports (from x import *)."""
+    if tree is None:
+        return []
+    violations: list[Violation] = []
+    for node in ast.walk(tree):
+        if isinstance(node, ast.ImportFrom) and node.names:
+            if node.names[0].name == "*":
+                module = node.module or ""
+                violations.append(
+                    Violation(
+                        rule_key="star-import",
+                        severity="low",
+                        file_path=file_path,
+                        line=node.lineno,
+                        message=f"Wildcard import: from {module} import *",
+                    )
+                )
+    return violations
+
+
+def check_print_in_prod(
+    file_path: str, content: str, tree: ast.Module | None = None
+) -> list[Violation]:
+    """Detect print() calls in non-test files."""
+    if tree is None:
+        return []
+    # Skip test files
+    parts = PurePosixPath(file_path).parts
+    if any(p in ("tests", "test") for p in parts):
+        return []
+
+    violations: list[Violation] = []
+    for node in ast.walk(tree):
+        if (
+            isinstance(node, ast.Call)
+            and isinstance(node.func, ast.Name)
+            and node.func.id == "print"
+        ):
+            violations.append(
+                Violation(
+                    rule_key="print-in-prod",
+                    severity="low",
+                    file_path=file_path,
+                    line=node.lineno,
+                    message="print() in production code",
+                )
+            )
+    return violations
+
+
+def check_circular_import(files: dict[str, str]) -> list[Violation]:
+    """Detect circular import chains across multiple Python files.
+
+    Args:
+        files: Mapping of relative file paths to their source content.
+
+    Returns:
+        A list of Violation for each detected cycle.
+    """
+    # Build module name -> set of imported module names
+    graph: dict[str, set[str]] = {}
+    file_modules: set[str] = set()
+
+    for file_path, content in files.items():
+        module_name = PurePosixPath(file_path).stem
+        file_modules.add(module_name)
+        graph.setdefault(module_name, set())
+
+        try:
+            tree = ast.parse(content, filename=file_path)
+        except SyntaxError:
+            continue
+
+        for node in ast.walk(tree):
+            if isinstance(node, ast.Import):
+                for alias in node.names:
+                    dep = alias.name.split(".")[0]
+                    graph[module_name].add(dep)
+            elif isinstance(node, ast.ImportFrom):
+                if node.module:
+                    dep = node.module.split(".")[0]
+                    graph[module_name].add(dep)
+
+    # Filter graph to only include project-internal modules
+    for mod in graph:
+        graph[mod] = graph[mod] & file_modules
+
+    # DFS cycle detection
+    visited: set[str] = set()
+    on_stack: set[str] = set()
+    cycles: list[list[str]] = []
+
+    def _dfs(node: str, path: list[str]) -> None:
+        visited.add(node)
+        on_stack.add(node)
+        path.append(node)
+        for neighbor in sorted(graph.get(node, set())):
+            if neighbor not in visited:
+                _dfs(neighbor, path)
+            elif neighbor in on_stack:
+                # Found a cycle: extract it
+                cycle_start = path.index(neighbor)
+                cycle = path[cycle_start:] + [neighbor]
+                cycles.append(cycle)
+        path.pop()
+        on_stack.discard(node)
+
+    for mod in sorted(graph):
+        if mod not in visited:
+            _dfs(mod, [])
+
+    # Deduplicate cycles by their canonical form (sorted rotation)
+    seen_cycles: set[tuple[str, ...]] = set()
+    violations: list[Violation] = []
+
+    for cycle in cycles:
+        # Normalize: rotate so smallest element is first
+        min_idx = cycle[:-1].index(min(cycle[:-1]))
+        canonical = tuple(cycle[min_idx:-1]) + (cycle[min_idx],)
+        if canonical in seen_cycles:
+            continue
+        seen_cycles.add(canonical)
+
+        chain = " → ".join(canonical)
+        # Report on the first module in the cycle
+        first_mod = canonical[0]
+        first_file = next(
+            (fp for fp in files if PurePosixPath(fp).stem == first_mod),
+            f"{first_mod}.py",
+        )
+        violations.append(
+            Violation(
+                rule_key="circular-import",
+                severity="high",
+                file_path=first_file,
+                line=0,
+                message=f"Circular import: {chain}",
+            )
+        )
+
+    return violations
+
+
+def register_python_rules(registry: RuleRegistry) -> None:
+    """Register all Python rules with the given registry."""
+    registry.register(
+        Rule(
+            key="bare-except",
+            name="Bare except clause",
+            severity="high",
+            languages=("python",),
+            check=check_bare_except,
+        )
+    )
+    registry.register(
+        Rule(
+            key="empty-except",
+            name="Empty except block",
+            severity="medium",
+            languages=("python",),
+            check=check_empty_except,
+        )
+    )
+    registry.register(
+        Rule(
+            key="unused-import",
+            name="Unused import",
+            severity="low",
+            languages=("python",),
+            check=check_unused_import,
+        )
+    )
+    registry.register(
+        Rule(
+            key="star-import",
+            name="Wildcard import",
+            severity="low",
+            languages=("python",),
+            check=check_star_import,
+        )
+    )
+    registry.register(
+        Rule(
+            key="print-in-prod",
+            name="print() in production code",
+            severity="low",
+            languages=("python",),
+            check=check_print_in_prod,
+        )
+    )
+    registry.register(
+        Rule(
+            key="circular-import",
+            name="Circular import chain",
+            severity="high",
+            languages=("python",),
+            check=check_circular_import,  # type: ignore[arg-type]  # cross-file signature
+        )
+    )

llm_code/analysis/rules.py

@@ -0,0 +1,140 @@
+"""Core types and rule registry for code analysis."""
+from __future__ import annotations
+
+from collections.abc import Callable
+from dataclasses import dataclass
+from typing import Any
+
+
+_SEVERITY_ORDER = ("critical", "high", "medium", "low")
+
+
+@dataclass(frozen=True)
+class Violation:
+    """A single code analysis violation."""
+
+    rule_key: str
+    severity: str
+    file_path: str
+    line: int
+    message: str
+    end_line: int = 0
+
+    def to_dict(self) -> dict[str, Any]:
+        return {
+            "rule_key": self.rule_key,
+            "severity": self.severity,
+            "file_path": self.file_path,
+            "line": self.line,
+            "message": self.message,
+            "end_line": self.end_line,
+        }
+
+    @classmethod
+    def from_dict(cls, data: dict[str, Any]) -> Violation:
+        return cls(
+            rule_key=data["rule_key"],
+            severity=data["severity"],
+            file_path=data["file_path"],
+            line=data["line"],
+            message=data["message"],
+            end_line=data.get("end_line", 0),
+        )
+
+
+@dataclass(frozen=True)
+class Rule:
+    """A deterministic code analysis rule."""
+
+    key: str
+    name: str
+    severity: str
+    languages: tuple[str, ...]
+    check: Callable[..., list[Violation]]
+
+
+@dataclass(frozen=True)
+class AnalysisResult:
+    """Immutable result of a code analysis run."""
+
+    violations: tuple[Violation, ...]
+    file_count: int
+    duration_ms: float
+
+    def summary_counts(self) -> dict[str, int]:
+        counts = {s: 0 for s in _SEVERITY_ORDER}
+        for v in self.violations:
+            if v.severity in counts:
+                counts[v.severity] += 1
+        return counts
+
+    def format_chat(self) -> str:
+        """Render violations for chat display."""
+        counts = self.summary_counts()
+        total = len(self.violations)
+        header = f"## Code Analysis — {self.file_count} files, {total} violations\n"
+        if total == 0:
+            return header + "\nNo violations found."
+
+        lines: list[str] = [header]
+        severity_key = {s: i for i, s in enumerate(_SEVERITY_ORDER)}
+        sorted_violations = sorted(
+            self.violations,
+            key=lambda v: (severity_key.get(v.severity, 99), v.file_path, v.line),
+        )
+        for v in sorted_violations:
+            label = v.severity.upper().ljust(8)
+            loc = f"{v.file_path}:{v.line}" if v.line > 0 else v.file_path
+            lines.append(f"  {label}  {loc:<30}  {v.message}")
+
+        parts = [f"{c} {s}" for s, c in counts.items() if c > 0]
+        lines.append(f"\nSummary: {', '.join(parts)}")
+        return "\n".join(lines)
+
+    def format_context(self, max_tokens: int = 1000) -> str:
+        """Render compressed violations for agent context injection."""
+        max_chars = max_tokens * 4
+        total = len(self.violations)
+        lines = [f"[Code Analysis] {total} violations found:"]
+
+        severity_key = {s: i for i, s in enumerate(_SEVERITY_ORDER)}
+        sorted_violations = sorted(
+            self.violations,
+            key=lambda v: (severity_key.get(v.severity, 99), v.file_path, v.line),
+        )
+
+        char_count = len(lines[0])
+        for v in sorted_violations:
+            loc = f"{v.file_path}:{v.line}" if v.line > 0 else v.file_path
+            line = f"- {v.severity.upper()} {loc} {v.message}"
+            if char_count + len(line) + 1 > max_chars:
+                if v.severity not in ("critical", "high"):
+                    break
+            lines.append(line)
+            char_count += len(line) + 1
+
+        return "\n".join(lines)
+
+
+class RuleRegistry:
+    """Registry of analysis rules."""
+
+    def __init__(self) -> None:
+        self._rules: dict[str, Rule] = {}
+
+    def register(self, rule: Rule) -> None:
+        if rule.key in self._rules:
+            raise ValueError(f"Rule '{rule.key}' already registered")
+        self._rules[rule.key] = rule
+
+    def get(self, key: str) -> Rule | None:
+        return self._rules.get(key)
+
+    def all_rules(self) -> list[Rule]:
+        return list(self._rules.values())
+
+    def rules_for_language(self, language: str) -> list[Rule]:
+        return [
+            r for r in self._rules.values()
+            if "*" in r.languages or language in r.languages
+        ]

llm_code/analysis/rust_rules.py

@@ -0,0 +1,108 @@
+"""Rust regex-based code analysis rules."""
+from __future__ import annotations
+
+import re
+from pathlib import PurePosixPath
+
+from llm_code.analysis.rules import Rule, RuleRegistry, Violation
+
+_UNWRAP_PATTERN = re.compile(r"\.(unwrap|expect)\s*\(")
+_TODO_MACRO_PATTERN = re.compile(r"\b(todo|unimplemented)!\s*\(")
+_UNSAFE_BLOCK_PATTERN = re.compile(r"\bunsafe\s*\{")
+
+_TEST_DIR_NAMES = frozenset({"tests", "test"})
+_TEST_SUFFIXES = ("_test.rs",)
+
+
+def _is_test_file(file_path: str) -> bool:
+    parts = PurePosixPath(file_path).parts
+    if any(p in _TEST_DIR_NAMES for p in parts):
+        return True
+    return any(file_path.endswith(s) for s in _TEST_SUFFIXES)
+
+
+def check_unwrap(file_path: str, content: str, tree: object = None) -> list[Violation]:
+    """Detect .unwrap() and .expect() in non-test Rust files."""
+    if _is_test_file(file_path):
+        return []
+
+    violations: list[Violation] = []
+    for match in _UNWRAP_PATTERN.finditer(content):
+        line = content[: match.start()].count("\n") + 1
+        method = match.group(1)
+        violations.append(
+            Violation(
+                rule_key="rust-unwrap",
+                severity="medium",
+                file_path=file_path,
+                line=line,
+                message=f".{method}() in production code — prefer ? or explicit error handling",
+            )
+        )
+    return violations
+
+
+def check_todo_macro(file_path: str, content: str, tree: object = None) -> list[Violation]:
+    """Detect todo!() and unimplemented!() macros."""
+    violations: list[Violation] = []
+    for match in _TODO_MACRO_PATTERN.finditer(content):
+        line = content[: match.start()].count("\n") + 1
+        macro = match.group(1)
+        violations.append(
+            Violation(
+                rule_key="rust-todo-macro",
+                severity="medium",
+                file_path=file_path,
+                line=line,
+                message=f"{macro}!() macro — incomplete implementation",
+            )
+        )
+    return violations
+
+
+def check_unsafe_block(file_path: str, content: str, tree: object = None) -> list[Violation]:
+    """Detect unsafe blocks for review."""
+    violations: list[Violation] = []
+    for match in _UNSAFE_BLOCK_PATTERN.finditer(content):
+        line = content[: match.start()].count("\n") + 1
+        violations.append(
+            Violation(
+                rule_key="rust-unsafe-block",
+                severity="high",
+                file_path=file_path,
+                line=line,
+                message="unsafe block — requires safety review",
+            )
+        )
+    return violations
+
+
+def register_rust_rules(registry: RuleRegistry) -> None:
+    """Register all Rust rules with the given registry."""
+    registry.register(
+        Rule(
+            key="rust-unwrap",
+            name=".unwrap() in production",
+            severity="medium",
+            languages=("rust",),
+            check=check_unwrap,
+        )
+    )
+    registry.register(
+        Rule(
+            key="rust-todo-macro",
+            name="todo!/unimplemented! macro",
+            severity="medium",
+            languages=("rust",),
+            check=check_todo_macro,
+        )
+    )
+    registry.register(
+        Rule(
+            key="rust-unsafe-block",
+            name="unsafe block",
+            severity="high",
+            languages=("rust",),
+            check=check_unsafe_block,
+        )
+    )

llm_code/analysis/universal_rules.py

@@ -0,0 +1,111 @@
+"""Universal code analysis rules — language-agnostic checks."""
+from __future__ import annotations
+
+import re
+
+from llm_code.analysis.rules import Rule, RuleRegistry, Violation
+
+# Files to skip for hardcoded-secret detection
+_SECRET_SKIP_SUFFIXES = (".md", ".txt")
+_SECRET_SKIP_NAMES = {".env.example"}
+
+# Regex patterns
+_SECRET_PATTERN = re.compile(
+    r"(api[_\-]?key|secret|password|token)\s*[:=]\s*[\"'][a-zA-Z0-9]{16,}[\"']",
+    re.IGNORECASE,
+)
+_TODO_PATTERN = re.compile(r"(#|//)\s*(TODO|FIXME|HACK|XXX)\b")
+
+
+def check_hardcoded_secret(file_path: str, content: str) -> list[Violation]:
+    """Detect hardcoded secrets (API keys, passwords, tokens) in source code."""
+    import os
+
+    basename = os.path.basename(file_path)
+
+    # Skip excluded file types
+    if basename in _SECRET_SKIP_NAMES:
+        return []
+    for suffix in _SECRET_SKIP_SUFFIXES:
+        if file_path.endswith(suffix):
+            return []
+
+    violations: list[Violation] = []
+    for line_no, line in enumerate(content.splitlines(), start=1):
+        if _SECRET_PATTERN.search(line):
+            violations.append(
+                Violation(
+                    rule_key="hardcoded-secret",
+                    severity="critical",
+                    file_path=file_path,
+                    line=line_no,
+                    message=f"Hardcoded secret detected on line {line_no}",
+                )
+            )
+    return violations
+
+
+def check_todo_fixme(file_path: str, content: str) -> list[Violation]:
+    """Detect TODO, FIXME, HACK, and XXX comment markers."""
+    violations: list[Violation] = []
+    for line_no, line in enumerate(content.splitlines(), start=1):
+        m = _TODO_PATTERN.search(line)
+        if m:
+            matched_keyword = m.group(2)
+            violations.append(
+                Violation(
+                    rule_key="todo-fixme",
+                    severity="low",
+                    file_path=file_path,
+                    line=line_no,
+                    message=f"{matched_keyword} comment found",
+                )
+            )
+    return violations
+
+
+def check_god_module(file_path: str, content: str) -> list[Violation]:
+    """Detect files exceeding 800 lines (god modules)."""
+    line_count = len(content.splitlines())
+    if line_count > 800:
+        return [
+            Violation(
+                rule_key="god-module",
+                severity="medium",
+                file_path=file_path,
+                line=0,
+                message=f"File has {line_count} lines (limit: 800)",
+            )
+        ]
+    return []
+
+
+def register_universal_rules(registry: RuleRegistry) -> None:
+    """Register all universal rules into the given registry."""
+    registry.register(
+        Rule(
+            key="hardcoded-secret",
+            name="Hardcoded Secret",
+            severity="critical",
+            languages=("*",),
+            check=check_hardcoded_secret,
+        )
+    )
+    registry.register(
+        Rule(
+            key="todo-fixme",
+            name="TODO / FIXME Comment",
+            severity="low",
+            languages=("*",),
+            check=check_todo_fixme,
+        )
+    )
+    registry.register(
+        Rule(
+            key="god-module",
+            name="God Module",
+            severity="medium",
+            languages=("*",),
+            check=check_god_module,
+        )
+    )