Skip to content

feat(enrichment): unsafe-any (TS) counter analyzer (#2017)#3457

Closed
nickmopen wants to merge 1 commit into
JSONbored:mainfrom
nickmopen:feat/unsafe-any-analyzer
Closed

feat(enrichment): unsafe-any (TS) counter analyzer (#2017)#3457
nickmopen wants to merge 1 commit into
JSONbored:mainfrom
nickmopen:feat/unsafe-any-analyzer

Conversation

@nickmopen

Copy link
Copy Markdown
Contributor

Closes #2017 (part of #1499).

New REES local analyzer (no network): counts and locates explicit any usages newly added in TypeScript diffs — : any annotations, as any casts, and <any> assertions — a type-safety-erosion signal a reviewer can weigh. Structural regex only (no type-checker), fail-safe.

Deliverables

  • types.tsUnsafeAnyFinding ({ file, line, kind: 'annotation' | 'cast' | 'assertion' }) + unsafeAny? on BriefFindings.
  • analyzers/unsafe-any.ts:
    • stripStringsAndComments(line) — blanks string literals, inline /* */, // tails, and comment-only lines so an any inside a string/comment isn't counted.
    • findUnsafeAnyOnLine(line) — one entry per occurrence, classified by pattern.
    • scanPatchForUnsafeAny(path, patch) — walks the diff, reporting each added-line any with its new-file line number.
    • scanUnsafeAny(req) — scans added lines of changed .ts/.tsx files (skips ambient .d.ts), bounded by maxFindings (50).
  • registry.ts — descriptor (category: quality, cost: local, requires: ['files']) with an inline render() summarizing counts by kind.
  • render.ts — dispatches the unsafeAny section.
  • Regenerated analyzer-metadata.json, .env.example, and UI metadata; added unsafeAny to the registry meta-test's expected list.
  • test/unsafe-any.test.ts — annotation vs cast vs assertion (+ multiples per line), string/comment false-positive avoidance, non-TS / .d.ts skip, new-file line numbers, and the cap.

Validation

Full review-enrichment suite (build + sourcemaps + metadata --check + node:test):

ℹ tests 1001
ℹ pass 1001
ℹ fail 0

Includes the new unit tests and the "generated analyzer metadata matches the runtime registry" check, so the metadata/.env/UI regeneration stays consistent with the descriptor.

New REES LOCAL analyzer (no network): counts and locates explicit `any` usages
newly added in TypeScript diffs — `: any` annotations, `as any` casts, and `<any>`
assertions — a type-safety-erosion signal. Structural regex only, fail-safe.

- types.ts: UnsafeAnyFinding ({ file, line, kind: annotation|cast|assertion }) +
  unsafeAny key.
- analyzers/unsafe-any.ts: stripStringsAndComments() (drop string/comment-only
  occurrences), findUnsafeAnyOnLine(), scanPatchForUnsafeAny() (new-file line
  tracking), scanUnsafeAny() — scans added lines of .ts/.tsx (skips .d.ts), bounded
  by maxFindings (50).
- registry.ts: descriptor (category quality, cost local, requires files) with inline
  render() summarizing counts by kind.
- render.ts: dispatch the unsafeAny section.
- Regenerated analyzer-metadata.json, .env.example, UI metadata; added unsafeAny to
  the registry meta-test's expected list.
- test/unsafe-any.test.ts: annotation/cast/assertion, string+comment false-positive
  avoidance, non-TS/.d.ts skip, line numbers, and the cap.

review-enrichment: 1001/1001 pass.
@nickmopen nickmopen requested a review from JSONbored as a code owner July 5, 2026 07:41
@superagent-security

Copy link
Copy Markdown

Superagent didn't find any vulnerabilities or security issues in this PR.

@gittensory-orb gittensory-orb Bot added the gittensor:bug Gittensor-scored bug fix — scores a 0.5x multiplier. label Jul 5, 2026
@gittensory-orb

gittensory-orb Bot commented Jul 5, 2026

Copy link
Copy Markdown

Caution

🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥

🛑 Gittensory review result - reject/close recommended

Review updated: 2026-07-05 07:44:34 UTC

9 files · 1 AI reviewer · 1 blocker · readiness 62/100 · CI green · clean

🛑 Suggested Action - Reject/Close

  • AI reviewers agree on a likely critical defect: review-enrichment/src/analyzers/unsafe-any.ts:52 treats every added line starting with `+++` as a file header, so a real added TypeScript line like `++(x as any)
  • ` is skipped and the new-line cursor is not advanced
  • change the guard to only skip actual diff headers, e.g. `if (!raw.startsWith("+++ ")) { ... }`, and add the regression test already modeled by `parseAddedExports` for `+++x
  • `. — Resolve the flagged defect, or override if the AI reviewers are mistaken, then re-run the gate.

Review summary
The PR adds a local unsafe-`any` analyzer, wires it into rendering and generated metadata, and covers the main annotation/cast/assertion paths. The core scanner is mostly scoped and bounded, but it repeats a known diff-header parsing bug: an added source line whose content begins with `++` is treated as the `+++` file header and skipped, which also misnumbers later findings. The issue link is present (`Closes #2017`).

Blockers

  • review-enrichment/src/analyzers/unsafe-any.ts:52 treats every added line starting with `+++` as a file header, so a real added TypeScript line like `++(x as any);` is skipped and the new-line cursor is not advanced; change the guard to only skip actual diff headers, e.g. `if (!raw.startsWith("+++ ")) { ... }`, and add the regression test already modeled by `parseAddedExports` for `+++x;`.
Nits — 6 non-blocking
  • nit: review-enrichment/src/analyzers/unsafe-any.ts:8 only matches `.ts`/`.tsx`, so `.mts` and `.cts` TypeScript files are silently skipped; either include them or document why this analyzer intentionally differs from the existing TypeScript analyzers that cover those extensions.
  • nit: review-enrichment/src/analyzers/unsafe-any.ts:25 is line-local and can still count `any` inside multi-line block comments whose middle line does not start with `*`; add a small stateful block-comment strip or explicitly test/document that limitation.
  • nit: review-enrichment/test/unsafe-any.test.ts:15 sorts only the actual array before comparing multiple findings, which mutates the returned value in the assertion path; prefer comparing in scanner order or sorting both sides for clarity.
  • Add a regression test in `review-enrichment/test/unsafe-any.test.ts` with a patch containing `+++x as any;` followed by another added `: any` line, asserting the first line is counted and the second line number remains correct.
  • Consider changing `TS_RE` in `review-enrichment/src/analyzers/unsafe-any.ts` to cover `\.([cm]?ts|tsx)$` if this should scan all TypeScript source extensions.
  • Readiness score is below the configured threshold — Use the readiness panel as advisory maintainer context; the score does not block this PR.

Why this is blocked

  • review-enrichment/src/analyzers/unsafe-any.ts:52 treats every added line starting with `+++` as a file header, so a real added TypeScript line like `++(x as any);` is skipped and the new-line cursor is not advanced; change the guard to only skip actual diff headers, e.g. `if (!raw.startsWith("+++ ")) { ... }`, and add the regression test already modeled by `parseAddedExports` for `+++x;`.
Signal Result Evidence
Code review ❌ 1 blocker 1 reviewer
Linked issue ✅ Linked #2017
Related work ⚠️ 3 scoped overlaps Top overlaps are listed below; lower-confidence bulk is hidden.
Change scope ❌ 8/20 High review scope from cached public metadata (1 linked issue).
Validation posture ❌ 5/25 Preflight is holding this PR: the review lane is unavailable, so it is not ready for automated review.
Contributor workload ✅ 10/10 Author activity: 112 registered-repo PR(s), 76 merged, 0 issue(s).
Contributor context ✅ Confirmed Gittensor contributor nickmopen; Gittensor profile; 112 PR(s), 0 issue(s).
Gate result ❌ Blocking Repo-configured hard blocker found.
Review context
  • Author: nickmopen
  • Role context: outside_contributor
  • Public audience mode: oss maintainer
  • Lane context: Repository registration is not available in the local Gittensory cache.
  • Public profile languages: not available
  • Official Gittensor activity: 112 PR(s), 0 issue(s).
  • Related work: Titles/paths share 6 meaningful terms. (issue #2015, issue #2017)
  • Related work: Titles/paths share 7 meaningful terms. (issue #2017, issue #2025)
  • Related work: Titles/paths share 7 meaningful terms. (issue #2017, issue #2029)
  • Additional title-only matches omitted; title-only overlap does not block.
Contributor next steps
  • Review top overlaps.
  • Add a concise scope and risk note.
  • Await review-lane availability.
  • Refresh registry data or choose a registered active repo.
  • Check active issues and PRs before submitting.
Signal definitions
  • Related work = same linked issue, overlapping active PRs, or title/path similarity.
  • Change scope = cached public metadata such as size labels, draft state, and review-burden hints.
  • Validation posture = whether the PR provides enough public validation/test evidence for maintainer review.
  • Contributor workload = public contributor activity and cleanup pressure, not a repo-wide quality failure.
  • Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.

🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed


💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

  • Re-run Gittensory review

@gittensory-orb

gittensory-orb Bot commented Jul 5, 2026

Copy link
Copy Markdown

Gittensory is closing this pull request on the maintainer's behalf (AI reviewers agree on a likely critical defect: review-enrichment/src/analyzers/unsafe-any.ts:52 treats every added line starting with `+++` as a file header, so a real added TypeScript line like `++(x as any);` is skipped and the new-line cursor is not advanced; change the guard to only skip actual diff headers, e.g. `if (!raw.startsWith("+++ ")) { ... }`, and add the regression test already modeled by `parseAddedExports` for `+++x;`.). This is an automated maintenance action — to pursue this change, please open a new pull request with the issues resolved. Closed PRs may be analyzed later to improve review accuracy, but they are not automatically reopened or re-reviewed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

gittensor:bug Gittensor-scored bug fix — scores a 0.5x multiplier.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feat(enrichment): unsafe-any (TS) counter analyzer

1 participant