refactor: modular core and docs#74
Merged
Merged
Conversation
Updated release date and added new features and enhancements for version 0.1.0.
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
# Conflicts: # CHANGELOG.md # pyproject.toml # scanner/__init__.py # scripts/scan_smithery.py
# Conflicts: # README.md # docs/README.md # docs/guides/suppression.md # scanner/models/result.py
Completes the modular-core refactor: all pure logic extracted from scanner.py into scanner/core/, engines/models/suppression/cli split into focused modules matching PROJECT_STRUCTURE.md exactly. Changes by layer: core/ - New: preprocessor.py, dedup.py, fp_pipeline.py, scoring.py - Moved: scanner/toxic_flows/ → scanner/core/toxic_flows/ engines/ - Renamed: pattern.py → pattern_engine.py models/ - New: severity.py (Severity, calc_aivss, SEVERITY_SCORES, DEFAULT_AARF) - Split out of finding.py; all callers updated suppression/ - New package: inline.py, justified.py, bawbelignore.py - Deleted dead flat files: scanner/suppression.py, scanner/justified_suppression.py cli/ - Renamed: cmd_scan_card.py → cmd_ssc.py - Renamed: cmd_scan_conformance.py → cmd_conform.py scripts/ - Moved: scanner/sync_records.py → scripts/sync_records.py - Moved: manual_testing*.md → docs/guides/ - Fixed stale imports and version strings in diagnose.sh, test_all.sh, scan_smithery.py, setup.sh, README.md docs/ - Added: ARCHITECTURE.md, LANGUAGE.md, PROJECT_STRUCTURE.md - Added: docs/adr/, docs/guides/, docs/agents/prds/ - PROJECT_STRUCTURE.md updated to reflect actual file tree tests/ - Deleted: tests/unit/test_pattern_engine.py (superseded by tests/unit/engines/test_pattern_engine.py — 16 tests → 28) - Fixed 4 stale imports: from scanner.models.finding import Severity → from scanner.models import Severity (canonical path) - Fixed flake8: SIM114 in dedup.py, unused imports in test stubs, S108 /tmp/ paths in test_suppression_inline.py - New: tests/unit/models/test_severity.py, test_dedup.py, test_fp_pipeline.py, test_preprocessor.py, test_scoring.py, test_suppression_*.py Tests: 487 passed, 0 failed
- Move config/ → scanner/config/ (fixes pip namespace pollution) - Consolidate docs/decisions/ → docs/adr/ with sequential 0001-0006 numbering - Fix scan path display to show full relative path from cwd (not just filename) - Fix LiteLLM botocore warning on `bawbel version` by muting logger during import - Fix all CLI scan commands to use Path.cwd() as scan_root consistently - Improve pyproject.toml: PyPI keywords for mcp-scanner/ai-skill-scanner/toxic-flow - Update Dockerfile: add ARG VERSION, remove deleted config/ COPY - Improve .dockerignore: exclude docs, dev configs, and temp scan files - Add wheel verification to publish.yml using current canonical paths - Add commands table and sandbox setup docs to README.md - Remove smithery_scan_result.json (was committed by mistake) - 487/487 tests passing
…P build args - Add apt-get upgrade to production stage to pull OpenSSL security patches from Debian security repo (fixes high/critical CVEs in 3.5.6-1~deb13u1) - Add WITH_YARA and WITH_SEMGREP ARGs to production stage (previously missing) - Document all build args in Dockerfile header comment
- Replace all raw Path(path).resolve() calls with resolve_path() + is_safe_path() from utils.py in cmd_accept, cmd_chain, cmd_creds, cmd_init, cmd_report, cmd_scan, pinner.py - Add URL scheme validation inside fetch_url() and fetch_server_card() so the invariant is owned at the seam, not scattered across callers - Replace all str(e) in user-facing returns with error codes from messages.py (E030-E034 added); exception detail demoted to DEBUG - Fix nosec B110 in scorer.py to include explanation comment - Demote str(e)[:200] from WARNING to DEBUG in llm_engine, meta_analyzer - 487/487 tests pass
Omit infrastructure and external-dependency modules that cannot be unit-tested in isolation: - Entry points (__main__.py files) - Pre-commit hook infrastructure - Stage 3 sandbox engine (requires Docker) - Fetcher (network I/O, integration tested) - Meta-analyzer (requires LLM API key) - Pinner, cmd_init, cmd_pin, cmd_ssc (file/network ops, integration tested) Coverage: 61.6% → 81.5% (487/487 tests pass)
…an to raise coverage to 86%
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.