feat(enrichment): unsafe-any (TS) counter analyzer (#2017)#3457
feat(enrichment): unsafe-any (TS) counter analyzer (#2017)#3457nickmopen wants to merge 1 commit into
any (TS) counter analyzer (#2017)#3457Conversation
New REES LOCAL analyzer (no network): counts and locates explicit `any` usages
newly added in TypeScript diffs — `: any` annotations, `as any` casts, and `<any>`
assertions — a type-safety-erosion signal. Structural regex only, fail-safe.
- types.ts: UnsafeAnyFinding ({ file, line, kind: annotation|cast|assertion }) +
unsafeAny key.
- analyzers/unsafe-any.ts: stripStringsAndComments() (drop string/comment-only
occurrences), findUnsafeAnyOnLine(), scanPatchForUnsafeAny() (new-file line
tracking), scanUnsafeAny() — scans added lines of .ts/.tsx (skips .d.ts), bounded
by maxFindings (50).
- registry.ts: descriptor (category quality, cost local, requires files) with inline
render() summarizing counts by kind.
- render.ts: dispatch the unsafeAny section.
- Regenerated analyzer-metadata.json, .env.example, UI metadata; added unsafeAny to
the registry meta-test's expected list.
- test/unsafe-any.test.ts: annotation/cast/assertion, string+comment false-positive
avoidance, non-TS/.d.ts skip, line numbers, and the cap.
review-enrichment: 1001/1001 pass.
|
Superagent didn't find any vulnerabilities or security issues in this PR. |
|
Caution 🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥 🛑 Gittensory review result - reject/close recommendedReview updated: 2026-07-05 07:44:34 UTC
🛑 Suggested Action - Reject/Close
Review summary Blockers
Nits — 6 non-blocking
Why this is blocked
Review context
Contributor next steps
Signal definitions
🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed 💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →. Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.
|
|
Gittensory is closing this pull request on the maintainer's behalf (AI reviewers agree on a likely critical defect: review-enrichment/src/analyzers/unsafe-any.ts:52 treats every added line starting with `+++` as a file header, so a real added TypeScript line like `++(x as any);` is skipped and the new-line cursor is not advanced; change the guard to only skip actual diff headers, e.g. `if (!raw.startsWith("+++ ")) { ... }`, and add the regression test already modeled by `parseAddedExports` for `+++x;`.). This is an automated maintenance action — to pursue this change, please open a new pull request with the issues resolved. Closed PRs may be analyzed later to improve review accuracy, but they are not automatically reopened or re-reviewed. |
Closes #2017 (part of #1499).
New REES local analyzer (no network): counts and locates explicit
anyusages newly added in TypeScript diffs —: anyannotations,as anycasts, and<any>assertions — a type-safety-erosion signal a reviewer can weigh. Structural regex only (no type-checker), fail-safe.Deliverables
types.ts—UnsafeAnyFinding({ file, line, kind: 'annotation' | 'cast' | 'assertion' }) +unsafeAny?onBriefFindings.analyzers/unsafe-any.ts:stripStringsAndComments(line)— blanks string literals, inline/* */,//tails, and comment-only lines so ananyinside a string/comment isn't counted.findUnsafeAnyOnLine(line)— one entry per occurrence, classified by pattern.scanPatchForUnsafeAny(path, patch)— walks the diff, reporting each added-lineanywith its new-file line number.scanUnsafeAny(req)— scans added lines of changed.ts/.tsxfiles (skips ambient.d.ts), bounded bymaxFindings(50).registry.ts— descriptor (category: quality,cost: local,requires: ['files']) with an inlinerender()summarizing counts by kind.render.ts— dispatches theunsafeAnysection.analyzer-metadata.json,.env.example, and UI metadata; addedunsafeAnyto the registry meta-test's expected list.test/unsafe-any.test.ts— annotation vs cast vs assertion (+ multiples per line), string/comment false-positive avoidance, non-TS /.d.tsskip, new-file line numbers, and the cap.Validation
Full
review-enrichmentsuite (build + sourcemaps +metadata --check+node:test):Includes the new unit tests and the "generated analyzer metadata matches the runtime registry" check, so the metadata/
.env/UI regeneration stays consistent with the descriptor.