yobitsugi 0.1.0__tar.gz

yobitsugi-0.1.0/.gitignore

@@ -0,0 +1,174 @@
+# ---------- Python ----------
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+*.pyd
+*.pyo
+
+# Build artifacts
+build/
+dist/
+sdist/
+wheels/
+*.egg
+*.egg-info/
+.eggs/
+MANIFEST
+pip-wheel-metadata/
+share/python-wheels/
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# ---------- Virtual environments ----------
+.venv/
+venv/
+env/
+ENV/
+.env/
+.python-version
+.tool-versions
+
+# ---------- Test / type / lint caches ----------
+.pytest_cache/
+.mypy_cache/
+.dmypy.json
+dmypy.json
+.ruff_cache/
+.pyre/
+.pytype/
+.cache/
+
+# Coverage
+.coverage
+.coverage.*
+coverage.xml
+htmlcov/
+.hypothesis/
+nosetests.xml
+*.cover
+*.py,cover
+
+# ---------- Node / npm wrapper ----------
+node_modules/
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+.pnpm-debug.log*
+.npm/
+.yarn-integrity
+# Note: package-lock.json / yarn.lock / pnpm-lock.yaml are committed on purpose.
+
+# ---------- Editors / IDEs ----------
+.vscode/
+!.vscode/settings.json.example
+.idea/
+*.iml
+*.swp
+*.swo
+*~
+.project
+.pydevproject
+.spyderproject
+.spyproject
+.ropeproject
+*.sublime-project
+*.sublime-workspace
+.vim/
+
+# ---------- OS metadata ----------
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+Desktop.ini
+
+# ---------- Secrets / env files (NEVER commit these) ----------
+.env
+.env.*
+!.env.example
+*.pem
+*.key
+*.p12
+*.pfx
+.netrc
+credentials.json
+secrets.yaml
+.secrets/
+
+# Local-only LLM/API key config
+.api_keys
+api_keys.txt
+*.token
+
+# ---------- Yobitsugi runtime artifacts ----------
+# Workspaces created by `yobitsugi run` / `yobitsugi scan`
+.yobitsugi/
+yobitsugi_workspace/
+
+# Per-file backups written by `apply` before patching
+*.yobitsugi.bak
+
+# Local LLM provider config (lives in ~/.yobitsugi/ but guard against accidental commits)
+config.yaml
+!yobitsugi/data/*.yaml
+
+# Generated scanner outputs accidentally placed in repo
+findings.json
+applied.json
+languages.json
+scan_report.json
+validation.json
+raw/
+
+# ---------- Documentation builds ----------
+docs/_build/
+docs/_static/
+docs/_templates/
+site/
+
+# ---------- Jupyter / notebooks ----------
+.ipynb_checkpoints/
+*.ipynb_checkpoints
+
+# ---------- Logs / temp ----------
+*.log
+*.tmp
+*.bak
+*.orig
+*.rej
+
+# ---------- Tool-specific ----------
+# Hatch
+.hatch/
+
+# pyenv
+.python-version
+
+# PEP 582
+__pypackages__/
+
+# Direnv
+.envrc
+
+# Celery
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath
+*.sage.py
+
+# Translations
+*.mo
+*.pot
+
+# ---------- IDE / Claude Code workspace ----------
+.claude/cache/
+.claude/logs/
+.claude/sessions/
+# keep .claude/settings.json + skills, ignore caches

yobitsugi-0.1.0/CHANGELOG.md

@@ -0,0 +1,44 @@
+# Changelog
+
+## Unreleased
+
+### Changed
+- **Python 3.11+ is now required.** Python 3.10 is no longer supported.
+- The pipeline orchestrator now runs **in-process**. Stages are imported and called as Python functions instead of being forked as subprocesses. Each stage is still a standalone CLI entrypoint, and the JSON-file workspace contract between stages is preserved.
+- `core.fix.generate_fix(finding, root, ...)` is now a public pure function that returns the diff string. `core.fix.main()` is a thin CLI wrapper around it.
+- `core.apply.apply_diff(diff_text, root, workspace, ...)` is now a public pure function. `core.apply.main()` is a thin CLI wrapper around it.
+- Each `core.<stage>.main()` accepts an optional `argv: list[str] | None` parameter so it can be invoked from Python without mutating `sys.argv`.
+
+### Fixed
+- `cli.cmd_config` was passing an `argparse.Namespace` to `llm.resolve_config()` which expects positional strings — this raised a `TypeError` at runtime. The CLI now calls `resolve_config()` correctly.
+- `cli.cmd_run` no longer mutates `sys.argv`; it calls `pipeline.run_pipeline()` directly.
+- `cli.cmd_scan` and `cli.cmd_rollback` no longer spawn Python subprocesses; they call the relevant `main([...])` in-process.
+
+### Added
+- **Unit test suite** (`tests/`) — 147 hermetic pytest tests covering `detect`, `parse`, `apply`, `llm`, `pipeline`, `cli`, and all platform installers. Runs in ~2 seconds. Tested against Python 3.11, 3.12, 3.13.
+- **GitHub Actions CI** (`.github/workflows/ci.yml`) — runs ruff, mypy, and pytest on every push and PR across Python 3.11 / 3.12 / 3.13.
+- **GitHub Actions release + publish workflow** (`.github/workflows/publish.yml`) — fully automates tagging, GitHub Release creation, and PyPI publishing. Five jobs:
+  - **prep** — reads the version from `pyproject.toml`, compares against existing tags, decides whether to release on this run.
+  - **tag** — when a push to `main` bumps `pyproject.toml`'s version above any existing tag, verifies `yobitsugi/__init__.py` matches, then creates and pushes the `v<version>` git tag. Bumping the version in one place is the **only** action a maintainer needs to take to cut a release.
+  - **build** — produces sdist + wheel from the tagged commit, validates with `twine check --strict`.
+  - **release** — creates a GitHub Release at https://github.com/FiNiX-GaMmA/yobitsugi/releases with notes extracted from the matching `## <version>` section of `CHANGELOG.md` (auto-generated from commits as a fallback) and the wheel + sdist attached as assets. Tags containing `-rc`, `-alpha`, or `-beta` are marked as pre-releases.
+  - **publish** — uploads the same artifacts to PyPI, gated behind the `pypi` GitHub Environment. Authenticated by a single `PYPI_TOKEN` repository secret (the workflow passes `__token__` as the username, per PyPI's API-token convention).
+  - Alternative triggers still work: a manual `v*` tag push, a manually-published GitHub Release, or a `workflow_dispatch` from the Actions tab.
+- `pyproject.toml` now includes `[tool.pytest.ini_options]`, `[tool.mypy]`, and an expanded `[tool.ruff.lint]` configuration.
+- `Changelog` URL in project metadata.
+- **Comprehensive `.gitignore`** covering Python build/cache artifacts, virtual environments, lint/type/test caches, IDE files, OS metadata, every common secret/credential filename (`.env`, `*.pem`, `*.key`, `*.token`, `credentials.json`, etc.), `yobitsugi` runtime outputs (workspaces, `.yobitsugi.bak` backups, accidental root-level `findings.json`/`applied.json`/`languages.json`/`scan_report.json`/`validation.json`/`raw/`), and documentation builds — with a negation rule (`!yobitsugi/data/*.yaml`) so the shipped scanner registry is never accidentally swallowed.
+
+### Removed
+- The redundant `yobitsugi/yobitsugi/yobitsugi/` wrapper folder layer. The Python package now sits directly under the repo root.
+- Phantom `yobitsugi/{core,data,installers,templates,viz}` directory (created accidentally by a failed shell brace expansion).
+
+## 0.1.0 — initial release
+
+- Pipeline: detect → scan → parse → fix → apply → tests → validate.
+- Unified Finding schema across 17 SAST/SCA scanner parsers.
+- LLM provider abstraction: OpenAI, Anthropic, Google, Ollama, and any OpenAI-compatible endpoint (Groq, Together, Fireworks, vLLM, LM Studio, OpenRouter).
+- Platform installers: Claude Code, Codex, Cursor, Gemini CLI, Aider, OpenCode, GitHub Copilot CLI.
+- Three install paths: Python (`pipx`/`uv`/`pip`), npm/npx (delegates to `uvx`), or manual git-clone into `~/.claude/skills/`.
+- Canonical `SKILL.md` at repo root, bundled inside the wheel so the Claude installer writes the exact same file you'd get from a manual drop-in.
+- CLI: `install`, `uninstall`, `list-platforms`, `detect-platforms`, `run`, `scan`, `findings`, `rollback`, `config`, `version`.
+- Safety: dirty-tree guard, `.yobitsugi.bak` per modified file, `applied.json` rollback log, prompt-injection wrapping of untrusted snippets, unified-diff-only model output.

yobitsugi-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 yobitsugi contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.