robotframework-falsegreen 0.2.0__tar.gz

robotframework_falsegreen-0.2.0/.all-contributorsrc

@@ -0,0 +1,41 @@
+{
+  "projectName": "robotframework-falsegreen",
+  "projectOwner": "vinicq",
+  "repoType": "github",
+  "repoHost": "https://github.com",
+  "files": [
+    "README.md"
+  ],
+  "imageSize": 100,
+  "commit": false,
+  "commitConvention": "angular",
+  "contributorsSortAlphabetically": false,
+  "contributorsPerLine": 7,
+  "skipCi": true,
+  "contributors": [
+    {
+      "login": "vinicq",
+      "name": "Vinicius Queiroz",
+      "avatar_url": "https://avatars.githubusercontent.com/u/78210890?v=4",
+      "profile": "https://vinicq.github.io/md-bridge/",
+      "contributions": [
+        "code",
+        "doc",
+        "ideas",
+        "maintenance",
+        "infra",
+        "test",
+        "research"
+      ]
+    },
+    {
+      "login": "homesellerq-coder",
+      "name": "Home Seller",
+      "avatar_url": "https://avatars.githubusercontent.com/u/294912019?v=4",
+      "profile": "https://github.com/homesellerq-coder",
+      "contributions": [
+        "code"
+      ]
+    }
+  ]
+}

robotframework_falsegreen-0.2.0/.github/workflows/ci.yml

@@ -0,0 +1,28 @@
+name: ci
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.9", "3.11", "3.13"]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+      - name: Lint
+        run: ruff check src tests
+      - name: Test
+        run: pytest -q
+      - name: Self-scan (must not error)
+        run: python -m falsegreen_robot src tests

robotframework_falsegreen-0.2.0/.github/workflows/codex-review-gate.yml

@@ -0,0 +1,42 @@
+name: codex-review-gate
+
+# Blocks a PR while the Codex reviewer has unresolved review threads on the
+# CURRENT diff. It does NOT require Codex to have reviewed (that belongs in
+# branch protection): with zero open threads the job is green, so a PR Codex has
+# not touched still passes.
+#
+# - Re-runs on review, comment, and thread resolve/unresolve events, so the gate
+#   clears as soon as a thread is resolved and re-fires if one is reopened.
+# - Outdated threads (their line changed in a newer push) are ignored: each push
+#   re-baselines the review, and Codex posts fresh threads if an issue remains.
+# - If a PR has more than 100 threads the gate fails closed and asks for a manual
+#   review rather than risk passing on an unread page.
+#
+# A 👍 reaction is not a resolution signal; resolve the thread to clear the gate.
+
+on:
+  pull_request:
+  pull_request_review:
+  pull_request_review_comment:
+  pull_request_review_thread:
+
+permissions:
+  pull-requests: read
+
+jobs:
+  gate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fail on unresolved Codex review threads (current diff)
+        env:
+          GH_TOKEN: ${{ github.token }}
+          OWNER: ${{ github.repository_owner }}
+          REPO: ${{ github.event.repository.name }}
+          PR: ${{ github.event.pull_request.number }}
+        run: |
+          n=$(gh api graphql -f query='query($o:String!,$r:String!,$p:Int!){repository(owner:$o,name:$r){pullRequest(number:$p){reviewThreads(first:100){nodes{isResolved isOutdated comments(first:1){nodes{author{login}}}}}}}}' -F o="$OWNER" -F r="$REPO" -F p="$PR" --jq '[.data.repository.pullRequest.reviewThreads.nodes[] | select(.isResolved == false and .isOutdated == false) | select(.comments.nodes[0].author.login | startswith("chatgpt-codex"))] | length')
+          echo "Open Codex review threads on the current diff: $n"
+          if [ "$n" -ne 0 ]; then
+            echo "::error::$n unresolved Codex review thread(s) on the current diff. Resolve them before merging."
+            exit 1
+          fi

robotframework_falsegreen-0.2.0/.github/workflows/credit-contributor.yml

@@ -0,0 +1,135 @@
+name: Credit contributor on merge
+
+# Runs after every merged pull request from an external contributor. Infers
+# which contribution categories the change touched (code, doc, test, infra),
+# updates `.all-contributorsrc` via all-contributors-cli, regenerates the
+# README block, and opens a `chore(docs): credit @<author>` PR.
+#
+# Maintainer PRs (vinicq) and bot PRs are skipped at the job-level `if`. PRs
+# that close without merging never reach this workflow (the `merged == true`
+# guard). Mirrors the credit-contributor workflow used in md-bridge.
+#
+# The credit PR opens through `gh pr create`, so the repo setting
+# Settings -> Actions -> General -> Workflow permissions ->
+# "Allow GitHub Actions to create and approve pull requests" must be ON.
+
+on:
+  pull_request_target:
+    types: [closed]
+
+permissions:
+  contents: read
+
+concurrency:
+  group: credit-contributor
+  cancel-in-progress: false
+
+jobs:
+  credit:
+    name: Credit @${{ github.event.pull_request.user.login }}
+    if: >-
+      github.event.pull_request.merged == true &&
+      github.event.pull_request.user.login != 'vinicq' &&
+      github.event.pull_request.user.type != 'Bot'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - name: Check out the default branch
+        uses: actions/checkout@v4
+        with:
+          ref: main
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+
+      - name: Determine contribution types from the merged diff
+        id: types
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          set -euo pipefail
+          files=$(gh pr diff "$PR_NUMBER" -R "$GITHUB_REPOSITORY" --name-only)
+          echo "Changed files:"; echo "$files"; echo "---"
+
+          types=()
+          src_re='\.(py|ts|tsx|js|jsx|mjs|cjs|mts|cts|robot|resource)$'
+          if echo "$files" | grep -qE "$src_re"; then
+            non_test=$(echo "$files" | grep -E "$src_re" \
+              | grep -vE '(^|/)tests?/|(^|/)test_|_test\.|\.(test|spec)\.' || true)
+            [ -n "$non_test" ] && types+=("code")
+          fi
+          if echo "$files" | grep -qE '(^|/)tests?/|(^|/)test_|_test\.py$|\.(test|spec)\.(ts|tsx|js|jsx|mjs)$'; then
+            types+=("test")
+          fi
+          if echo "$files" | grep -qE '(\.md$|(^|/)docs/|(^|/)(README|CONTRIBUTING|CHANGELOG|SECURITY|CODE_OF_CONDUCT|CREDITS))'; then
+            types+=("doc")
+          fi
+          if echo "$files" | grep -qE '(^|/)\.github/|Dockerfile|(^|/)pyproject\.toml$|(^|/)package\.json$|(^|/)tsconfig|\.pre-commit-config'; then
+            types+=("infra")
+          fi
+          [ ${#types[@]} -eq 0 ] && types+=("code")
+          joined=$(printf "%s\n" "${types[@]}" | sort -u | paste -sd, -)
+          echo "Inferred categories: $joined"
+          echo "types=$joined" >> "$GITHUB_OUTPUT"
+
+      - name: Add contributor and regenerate the README block
+        env:
+          AUTHOR: ${{ github.event.pull_request.user.login }}
+          TYPES: ${{ steps.types.outputs.types }}
+        run: |
+          set -euo pipefail
+          # all-contributors-cli `add` is declarative, not additive: it narrows
+          # the entry to exactly the types passed. Read existing types, union
+          # with the inferred ones, and pass the full set.
+          existing=$(node -e "const c=JSON.parse(require('fs').readFileSync('.all-contributorsrc','utf8')).contributors||[];const u=process.env.AUTHOR.toLowerCase();const m=c.find(x=>x.login.toLowerCase()===u);process.stdout.write(m?(m.contributions||[]).join(','):'')")
+          combined=$(printf '%s,%s' "$existing" "$TYPES" | tr ',' '\n' | sed '/^$/d' | sort -u | paste -sd, -)
+          echo "Existing: ${existing:-<none>}"; echo "Combined: $combined"
+          npx -y all-contributors-cli@latest add "$AUTHOR" "$combined"
+          npx -y all-contributors-cli@latest generate
+
+      - name: Check whether anything changed
+        id: changes
+        run: |
+          if git diff --quiet -- .all-contributorsrc README.md; then
+            echo "changed=false" >> "$GITHUB_OUTPUT"
+          else
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Open the credit PR
+        if: steps.changes.outputs.changed == 'true'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          AUTHOR: ${{ github.event.pull_request.user.login }}
+          TYPES: ${{ steps.types.outputs.types }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          set -euo pipefail
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          branch="chore/credit-${AUTHOR}-${PR_NUMBER}"
+          git checkout -b "$branch"
+          git add .all-contributorsrc README.md
+          git commit -m "chore(docs): credit @${AUTHOR} for ${TYPES} (PR #${PR_NUMBER})"
+          git push -u origin "$branch" --force-with-lease
+          body_file=$(mktemp)
+          cat > "$body_file" <<EOF
+          Automated post-merge credit update for #${PR_NUMBER}.
+
+          Categories inferred from the merged diff: \`${TYPES}\`. The categories come from the all-contributors specification: <https://allcontributors.org/docs/en/emoji-key>. Edit \`.all-contributorsrc\` here if a category is off.
+          EOF
+          if existing=$(gh pr list -R "$GITHUB_REPOSITORY" --head "$branch" --json number --jq '.[0].number' 2>/dev/null) && [ -n "$existing" ]; then
+            gh pr comment "$existing" -R "$GITHUB_REPOSITORY" --body "Re-ran auto-credit. Categories: \`${TYPES}\`."
+          else
+            gh pr create -R "$GITHUB_REPOSITORY" --base main \
+              --title "chore(docs): credit @${AUTHOR}" \
+              --body-file "$body_file" --assignee "vinicq"
+          fi
+          rm -f "$body_file"

robotframework_falsegreen-0.2.0/.github/workflows/release.yml

@@ -0,0 +1,47 @@
+name: release
+
+# Builds the package and publishes it to PyPI via Trusted Publishing (OIDC).
+# No API token: the publish job exchanges a short-lived OIDC identity with PyPI.
+# Fires on a published GitHub release, or manually for an existing tag.
+#
+# One-time setup (see RELEASE notes): on PyPI add a Trusted Publisher for project
+# `robotframework-falsegreen` (owner vinicq, repo robotframework-falsegreen, workflow release.yml,
+# environment pypi); create a GitHub environment named `pypi`.
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.13"
+      - name: Build sdist and wheel
+        run: |
+          python -m pip install --upgrade build
+          python -m build
+      - uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+  publish:
+    needs: build
+    runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      id-token: write   # OIDC trusted publishing
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+      - uses: pypa/gh-action-pypi-publish@release/v1

robotframework_falsegreen-0.2.0/.gitignore

@@ -0,0 +1,17 @@
+__pycache__/
+*.py[cod]
+.pytest_cache/
+.ruff_cache/
+.mypy_cache/
+*.egg-info/
+build/
+dist/
+.venv/
+venv/
+.env
+output.xml
+log.html
+report.html
+
+# pointer to private audit hub - never commit
+CLAUDE.local.md

robotframework_falsegreen-0.2.0/ARCHITECTURE.md

@@ -0,0 +1,85 @@
+# Architecture
+
+robotframework-falsegreen is a deterministic static scanner for Robot Framework tests. It reads
+`.robot` and `.resource` files, parses them with the official Robot Framework parser, and
+flags the patterns that let a test pass green without protecting anything. It never imports
+keyword libraries, starts a browser, or runs the suite.
+
+## The pipeline
+
+```
+paths ──▶ discover ──▶ get_model ──▶ ModelVisitor ──▶ findings ──▶ report / exit code
+```
+
+1. **Discover.** Walk the paths. A file counts when its extension is `.robot` or
+   `.resource`; build and vendor directories are skipped.
+2. **Parse.** `robot.api.get_model` builds the same parse tree Robot itself uses. Using the
+   official parser, not a regex, means the scanner reads the file the way the runner does:
+   sections, settings, control structures, RPA tasks. No keyword is imported and nothing
+   executes.
+3. **Visit.** A `robot.parsing.ModelVisitor` subclass walks the tree. `visit_TestCase`,
+   `visit_Task` (RPA), and `visit_Keyword` apply the case catalog. The shared call-level
+   checks (always-true, self-compare, `Sleep`, weak truthiness) run over every keyword call;
+   the structural checks (empty, no-oracle, swallowed failure, conditional-only
+   verification, forced green) run per test or task.
+4. **Report.** Readable text or JSON (`--json`). The exit code is the CI contract.
+
+## Why Robot needs its own scanner
+
+Robot Framework is a keyword DSL, not Python source, so the `ast` module that powers
+[falsegreen](https://github.com/vinicq/falsegreen) cannot read it. The correct parse comes
+from `robot.api.get_model`, which is why this is a separate repository that depends on
+`robotframework`, rather than a module inside the zero-dependency Python scanner.
+
+## The oracle problem
+
+In pytest the oracle is `assert`; in Jest it is `expect`. In Robot there is no single
+keyword. Verification is spread across libraries. The scanner recognizes the oracle by
+convention and by library form, in `is_verification`:
+
+- the **`Should`** convention (`Should Be Equal`, `Element Should Be Visible`) - BuiltIn,
+  Collections, String, SeleniumLibrary, and most others;
+- the **Browser** assertion engine, where the operator carries the assertion
+  (`Get Text  sel  ==  expected`);
+- **RESTinstance** schema keywords;
+- custom **`Verify*`/`Assert*`/`Validate*`** keywords, and `Wait Until ...` keywords that
+  fail on timeout.
+
+A test with none of these verifies nothing (C2b). The convention is documented; a custom
+keyword that asserts without `Should` in its name is the reason C2b is low-confidence, and
+the reason R2 exists: a keyword named like a verifier whose body asserts nothing is a hollow
+oracle.
+
+## Output contract
+
+| Exit | Meaning |
+|------|---------|
+| `0`  | clean |
+| `10` | low-confidence findings only |
+| `20` | at least one high-confidence finding |
+
+Each finding carries code, confidence (`high`/`low`), file, line, and judgment (J1-J6).
+`--disable C16` turns off specific codes. Groups split by prefix: `false-positive` (C*/R*,
+on), `diagnostic` (D*, opt-in via `--diagnostics`), `coupling` (M*, opt-in).
+
+## The boundary: static, semantic, runtime
+
+The scanner owns what the keyword structure proves. Outside that line:
+
+- **Semantic** (the expected value contradicts the intended behavior) belongs to
+  [falsegreen-skill](https://github.com/vinicq/falsegreen-skill), the LLM pass.
+- **Runtime** (a Test Run War, order dependence across suites) needs execution, which the
+  scanner does not do.
+- **Style and naming** belong to [Robocop](https://github.com/MarketSquare/robotframework-robocop),
+  which is complementary, not a competitor.
+
+Precision over recall: `C2b`/`R2` are low-confidence because a custom keyword can verify
+without `Should` in its name. A softened heuristic that misses a case beats one that flags
+correct code.
+
+## Siblings
+
+[falsegreen](https://github.com/vinicq/falsegreen) (Python, `ast`) and
+[falsegreen-js](https://github.com/vinicq/falsegreen-js) (JS/TS, TypeScript compiler API).
+Codes share an id across the family where the smell is the same concept (C2, C2b, C3, C5,
+C7, C16, C21, C32).

robotframework_falsegreen-0.2.0/CHANGELOG.md

@@ -0,0 +1,68 @@
+# Changelog
+
+All notable changes to this project are documented here. The format is based on
+[Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to
+[Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [0.2.0] - 2026-06-23
+
+### Changed
+
+- **Renamed to `robotframework-falsegreen`** to fit the Robot Framework ecosystem. The PyPI
+  package and the GitHub repo are now `robotframework-falsegreen` (the `robotframework-`
+  prefix convention), and the package carries the `Framework :: Robot Framework :: Tool`
+  classifier. The CLI command is `rffalsegreen` (short, mirroring `rfbrowser`); the import
+  package stays `falsegreen_robot`. Pre-release, so there is no PyPI migration; the old
+  GitHub URL redirects.
+
+### Added
+
+- `--config-audit` mode (project layer): reads the Robot run config (`robot.toml`,
+  `pyproject.toml` `[tool.robot]`, `*.args` argument files) and reports PL9 - a
+  `--skiponfailure`/`--noncritical` option that turns a failing test into a non-fatal pass
+  (legacy, removed in RF 4+). Findings carry level `project` and a fix hint. TOML sources need
+  a TOML reader (`tomllib` on 3.11+, else `tomli`); the `*.args` scan works on every version.
+  README notes that Robot has no standard mutation tester, so the F7 layer is manual review.
+- New codes: R3 (`*** Test Cases ***` inside a `.resource` file), R4 (`No Operation` as the
+  only step), R5 (`[Template]` with no data rows). C2 now also flags an empty user keyword
+  (only settings, no steps). C23 (low): a hard-coded IP-address URL in test data, restricted
+  to IP literals so hostname URLs common in E2E are not flagged.
+- Documented test-pyramid coverage: unit, integration (API and database), and E2E. The
+  scanner is level-agnostic; some codes are interpreted per level to keep precision.
+- Status report output: every finding now carries its pyramid level (unit / integration /
+  e2e, detected from the suite's imported libraries: SeleniumLibrary/Browser/AppiumLibrary
+  are e2e, RequestsLibrary/RESTinstance/DatabaseLibrary are integration) and a one-line fix
+  hint. The text summary adds a per-level breakdown and the top fixes by frequency; JSON
+  gains `level` and `fix` fields.
+- `--output` flag: write to a file, or pass a directory (e.g. `.falsegreen/`) to get
+  `report.<ext>` for the chosen format. Parent directories are created as needed.
+
+## [0.1.0] - 2026-06-22
+
+### Added
+
+- `.resource` files and `*** Keywords ***` definitions are now scanned (in both `.robot`
+  and `.resource`). New code R2: a user keyword named like a verifier (Verify/Assert/Should)
+  whose body contains no verification — a hollow oracle, the root cause of missed C2b.
+  Call-level smells (C5/C7/C16) are also detected inside user keywords.
+- Three groups (`false-positive` / `diagnostic` / `coupling`), like the sibling scanners.
+  Opt-in maintainability group (default off, `--diagnostics`): D2 (control flow at the
+  test/task level), M2 (too many steps).
+- RPA support: scans `*** Tasks ***` in addition to `*** Test Cases ***`.
+- Initial release. Deterministic static scanner for false-positive Robot Framework
+  tests, built on the official `robot.api.get_model` parser (no execution).
+- Detection codes: C2 (empty test), C2b (no verification keyword), C3 (swallowed
+  `Run Keyword And Ignore Error`/`Return Status`), C5 (always-true), C7 (self-compare),
+  C6 (weak Should Be True on a bare variable), C16 (`Sleep` as synchronization), C21 (conditional-only verification), C32 (skipped), R1 (Pass Execution forced green). C3 also covers native TRY/EXCEPT swallow. Codes share ids with the sibling
+  scanners where the concept matches.
+- Verification-keyword recognition across libraries: the `Should` convention plus
+  SeleniumLibrary/AppiumLibrary, Browser's assertion engine (`Get ... == expected`),
+  RESTinstance schema keywords, DatabaseLibrary, RequestsLibrary, and custom
+  `Verify*`/`Assert*`/`Validate*`/`Check *` keywords.
+- CLI: paths, `--json`, `--disable`, `--version`. Exit codes 0/10/20.
+
+[Unreleased]: https://github.com/vinicq/robotframework-falsegreen/compare/v0.2.0...HEAD
+[0.2.0]: https://github.com/vinicq/robotframework-falsegreen/compare/v0.1.0...v0.2.0
+[0.1.0]: https://github.com/vinicq/robotframework-falsegreen/releases/tag/v0.1.0

robotframework_falsegreen-0.2.0/CODE_OF_CONDUCT.md

@@ -0,0 +1,29 @@
+# Code of Conduct
+
+## Our pledge
+
+We pledge to make participation in this project a harassment-free experience for
+everyone, regardless of age, body size, disability, ethnicity, gender identity and
+expression, level of experience, nationality, personal appearance, race, religion, or
+sexual identity and orientation.
+
+## Our standards
+
+Examples of behavior that contributes to a positive environment:
+
+- Using welcoming and inclusive language.
+- Respecting differing viewpoints and experiences.
+- Accepting constructive criticism gracefully.
+- Focusing on what is best for the project and the community.
+
+Unacceptable behavior includes harassment, insulting or derogatory comments, public or
+private harassment, and publishing others' private information without permission.
+
+## Enforcement
+
+Instances of abusive or unacceptable behavior may be reported to the maintainer at
+`vinicq@gmail.com`. All complaints will be reviewed and investigated and will result in a
+response appropriate to the circumstances.
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org),
+version 2.1.

robotframework_falsegreen-0.2.0/CONTRIBUTING.md

@@ -0,0 +1,49 @@
+# Contributing to robotframework-falsegreen
+
+Thanks for helping. robotframework-falsegreen has one job: flag Robot Framework tests that pass
+green without protecting anything. Keep contributions inside that scope.
+
+## Scope
+
+In scope: a test (or task) that can stay green while the behavior is wrong - no
+verification keyword, a swallowed `Run Keyword And Ignore Error` or `TRY/EXCEPT`, an
+always-true `Should Be True ${TRUE}`, `Pass Execution`, a verification reachable only
+through an `IF`. Out of scope: style, naming, length, and convention, unless they make a
+passing test unable to fail. Those belong to [Robocop](https://github.com/MarketSquare/robotframework-robocop),
+which is complementary, not a competitor. When in doubt, ask: *is there a way for the code
+to be wrong and this test to stay green?* If no, it is not a robotframework-falsegreen code.
+
+## Setup
+
+```bash
+pip install -e ".[dev]"
+pytest -q
+ruff check src tests
+python -m falsegreen_robot src tests   # self-scan: the tool must not error
+```
+
+## Adding a detection code
+
+1. Add the entry to `CASES` in `src/falsegreen_robot/scanner.py` (id, title, confidence,
+   judgment J1-J6). Reuse a `C*` id when the smell matches the Python/JS concept; use `R*`
+   for Robot-specific patterns; `D*`/`M*` for the opt-in diagnostic/coupling groups.
+2. Implement the check over the Robot model (`robot.api.get_model` + `ModelVisitor`). It
+   must be provable from the parse tree - no execution.
+3. Add a test in `tests/test_scanner.py`: a `.robot` snippet that must flag and a clean
+   look-alike that must not.
+4. Document it in the README catalog, `docs/guide.md`, and `CHANGELOG.md`.
+
+Precision over recall. `C2b`/`R2` are `low` because a custom keyword can verify without
+`Should` in its name. A softened heuristic that misses a case is preferred to one that
+flags correct code.
+
+## Recognizing verification keywords
+
+The oracle in Robot is a verification keyword. The scanner recognizes them across libraries
+(the `Should` convention plus the Browser assertion engine and RESTinstance schema). If you
+add support for a new library, extend `is_verification` and add a test.
+
+## Commit and PR
+
+Small, focused commits. Run pytest + ruff + self-scan before opening the PR. Reference the
+issue. Match the surrounding code; keep `robotframework` as the only runtime dependency.

robotframework_falsegreen-0.2.0/CREDITS.md

@@ -0,0 +1,58 @@
+# References
+
+robotframework-falsegreen detects false-green test smells in Robot Framework. Its catalog draws on
+the academic test-smell literature, on the Robot Framework documentation that defines what
+a verification keyword is, and on the existing Robot linter. This file credits those
+sources and maps each to the codes it informs.
+
+## Founding and conceptual
+
+- **van Deursen, Moonen, van den Bergh, Kok (2001).** "Refactoring Test Code." XP 2001.
+  The original catalog of 11 test smells. Source of the general vocabulary that the
+  sibling scanners share.
+- **Delplanque, Ducasse, Polito, Black, Etien (2019).** "Rotten Green Tests." ICSE 2019.
+  Green tests whose assertions never execute. The conceptual origin of the "false-green"
+  framing and of the codes where a check is present but cannot run: C21 (verification
+  guarded by `IF`) and R2 (a verifier keyword whose body asserts nothing). Cross-language
+  extension: EMSE 2021.
+
+## Robot Framework specific
+
+- **Robot Framework User Guide** (robotframework.org). Defines the test/task/keyword
+  structure the scanner walks, the `*** Tasks ***` section for RPA, `.resource` files, and
+  control structures (`IF`, `TRY/EXCEPT`, `FOR`, `WHILE`). Source for what D2 treats as
+  test-level control flow.
+- **BuiltIn library (libdoc).** The `Should` naming convention for verification keywords
+  (`Should Be Equal`, `Should Be True`, `Should Contain`), plus `Pass Execution`,
+  `Run Keyword And Ignore Error`, `Run Keyword And Return Status`, and `Skip`. This is the
+  authoritative basis for the oracle vocabulary in `is_verification` and for C3, C5, C7,
+  R1, and C32.
+- **Library assertion forms beyond `Should`.** SeleniumLibrary (`Element Should Be
+  Visible`, `Wait Until ... Visible`), the Browser library assertion engine
+  (`Get Text  sel  ==  expected`), RESTinstance schema keywords, and DatabaseLibrary
+  (`Row Count Should Be Equal`). These define the cross-library oracle set so C2b does not
+  fire on a test that verifies through a non-`Should` keyword.
+
+## Tooling baseline
+
+- **Robocop** (MarketSquare/robotframework-robocop). The Robot Framework linter for style,
+  naming, and convention. Complementary, not a competitor: Robocop checks how the code
+  reads; robotframework-falsegreen checks whether a passing test can still fail. The boundary
+  between the two is the scope line in CONTRIBUTING.
+
+## Code-to-source map
+
+| Code | Primary source(s) |
+|---|---|
+| C2, C2b | van Deursen 2001 (Empty/Unknown Test); BuiltIn oracle vocabulary |
+| C3 | BuiltIn `Run Keyword And Ignore Error` / `Return Status`; native `TRY/EXCEPT` |
+| C5, C7 | Redundant/always-true assertion (van Deursen 2001; BuiltIn) |
+| C6 | weak truthiness check on a bare variable (BuiltIn `Should Be True`) |
+| C16 | Sleepy Test (van Deursen 2001) applied to BuiltIn `Sleep` |
+| C21, R2 | Rotten Green Tests (Delplanque 2019): assertion present but unreachable or hollow |
+| C32 | BuiltIn `Skip` / `robot:skip` tag |
+| R1 | BuiltIn `Pass Execution` (forced green) |
+| D2 | test-level control flow (Robot Framework User Guide) |
+| M2 | long test / too many steps (style guidance) |
+
+Detailed per-source notes and the running research live in a separate private study.

robotframework_falsegreen-0.2.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Vinicius Queiroz
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.