Conversation
- Add Dockerfile with Python 3.11 and FastAPI - Add docker-compose.yml with PostgreSQL, Redis, and backend - Configure health checks for all services - Add .env.example with all required variables - Configure separate port (5433) to avoid conflicts Related to: CGAI-22"
Correct test passed
Configure code quality checks with GitHub Actions: - Black formatter validation (line-length: 100) - isort import sorting check - Flake8 linting (PEP 8 compliance) Workflow configuration: - Triggers on push to main/develop/feature branches - Triggers on PRs to main/develop - Runs only on Python files changes in backend/ Fixes: - Format main.py according to PEP 8 standards - Configure Black with compatible Python targets Related: CGAI-23
## GitHub Actions - Lint & Format Workflow (CGAI-23) ### Changes - GitHub Actions workflow: `.github/workflows/lint.yml` - Black formatter configuration (line-length: 100) - isort configuration (black profile) - Flake8 linting configuration - Code formatting fixes in main.py ### Workflow Details **Triggers on:** - Push to: `main`, `develop`, `feature/**` branches - Pull requests to: `main`, `develop` - Only on Python file changes in `backend/` **Checks Performed:** 1. **Black**: Code formatting consistency 2. **isort**: Import statement organization 3. **Flake8**: PEP 8 linting ### Testing cd backend/ black src/ --line-length=100 isort src/ --profile=black flake8 src/ --max-line-length=100 All checks pass locally ### Status - [x] Code review approved - [x] Tests pass - [x] No conflicts - [x] Documentation updated **Closes:** CGAI-23 **Epic:** CGAI-8 (DevOps) **Sprint:** Sprint 1
- GitHub Actions workflow for pytest with coverage - Basic tests for FastAPI endpoints - Coverage threshold set to 75% - Upload coverage artifacts and Codecov integration - Add pytest fixtures for testing Related: CGAI-24
feat(ci): Add tests and coverage workflow - CGAI-24
- Validate Dockerfile builds without errors - Test Docker image with Python version check - Validate docker-compose.yml syntax - Runs on push to main/develop Related: CGAI-25
feat(ci): Add Docker build validation workflow - CGAI-25 - Validate Dockerfile builds without errors - Test Docker image with Python version check - Validate docker-compose.yml syntax - Runs on push to main/develop Related: CGAI-25
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
feat(docs): Add comprehensive project documentation - CGAI-27 Add CONTRIBUTING.md with contribution guidelines Enhance README.md with project overview and setup Add docs/ci-cd-setup.md with CI/CD documentation Related: CGAI-27
… CGAI-25 - Install docker-compose before running docker-compose config validation - Resolve "command not found" error in GitHub Actions runner - Ensures CI/CD pipeline can validate docker-compose.yml syntax Related: CGAI-25
…vements - CGAI-25 - Fix Dockerfile healthcheck to use curl instead of Python requests - Fix Redis healthcheck and URL authentication in docker-compose.yml - Change lint workflow to check formatting instead of modifying code - Separate development dependencies into requirements-dev.txt - Remove unused pytest import from test_main.py Related: CGAI-25
Container & Infrastructure Fixes Fix Dockerfile healthcheck: use curl instead of Python requests dependency Add curl to system dependencies in Docker image Fix Redis healthcheck command in docker-compose.yml Update Redis URL to include password authentication CI/CD Workflow Improvements Change lint workflow to check formatting instead of modifying code Fix Black: use --check flag for validation only Fix isort: use --check-only flag for validation only Add docker-compose installation to GitHub Actions workflow Dependency Management Create requirements-dev.txt for development dependencies Move black, isort, mypy, pytest, pytest-asyncio, pytest-cov to dev requirements Update requirements.txt to contain only production dependencies Code Quality Remove unused pytest import from test_main.py Related: CGAI-25
- Add BaseAgent abstract class with logging and metadata - Add AnalysisContext schema for analysis workflow - Add Finding and Severity models - Implement all required properties and methods - Add comprehensive unit tests (85%+ coverage) - Add Pydantic validation for all schemas - All tests passing, all standards met Related: CGAI-12
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
- Add error handling to fix_code_quality.sh (set -e, exit codes) - Use PrivateAttr() for cache attributes in AnalysisContext (Pydantic v2 best practice) - Fix trailing comma in finding.py to_dict() method - Preserve exception chain in get_ast() using 'raise ... from e' - Add defensive validation in Finding.from_dict() for missing detected_at Addresses review comments from @jpastor1649 and Copilot AI"
…sis-context Feature/cgai 12 base agent analysis context
…AI-19 - Add SecurityAgent class inheriting from BaseAgent - Implement dangerous functions detection (eval, exec, pickle) - Implement SQL injection pattern detection with regex - Implement hardcoded credentials detection with entropy analysis - Implement weak cryptography detection (MD5, SHA1) - Add comprehensive unit tests (27 test cases, 95% coverage) - Add integration tests with realistic vulnerable code - All findings sorted by severity (CRITICAL first) - Graceful handling of syntax errors - Ignore placeholders to avoid false positives Related: CGAI-19
- refactor security agent to split SQL detection and wrap long strings - harden finding schema serialization to silence pylint no-member - add base agent and schema tests to push coverage over threshold - fix quality script so linting and formatting run cleanly in CI Related: CGAI-19 SecurityAgent v1 — detección de eval/exec y SQL injection
Related: CGAI-19 SecurityAgent v1 — detección de eval/exec y SQL injection
…omments Co-authored-by: Yosoyepa <49212112+Yosoyepa@users.noreply.github.com>
fix: address code review feedback - docs, deprecation, consistency
Feature / cgai 19 security agent
- Add encryption utility using cryptography.fernet - Implement CodeReviewRepository with create/find_by_id methods - Ensure code_content is encrypted at rest (RN16) - Add unit tests for repository encryption logic - Add comprehensive unit tests (8 passed) - Fix circular imports and duplicate table definitions" Related to CGAI-20
- Reformat files to pass CI/CD linting checks - Fix indentation and spacing in models and repositories Related CGAI-20
Related CGAI-20
- Create AnalysisEventType enum - Implement AnalysisService file validation and scoring - Add unit tests for service logic (7 passed) - Prepare service for agent orchestration Related CGAI-20
- Use 'event' variable in logger to fix unused variable warning - Rename ambiguous variable 'l' to 'line' in list comprehension
- Add analysis router with file upload validation (RN4) - Implement AnalysisService with SecurityAgent integration - Add JWT authentication dependency stub for Sprint 1 - Add CodeReviewRepository with AES-256 encryption (RN16) - Add integration tests for endpoint validation - Calculate quality score based on finding severity (RN8) Related to CGAI-20
feat(requirements): add email-validator dependency style: format code and fix minor inconsistencies in multiple files
- Implement token-based auth for Swagger UI - Skip auth validation in development environment - Return 401 in production without valid token
- Add EventBus unit tests with MockObserver - Add auth dependency async tests - Add AnalysisService edge case tests - Coverage: 94.34%
- Add clear() method for test isolation - Handle observer exceptions gracefully - Support Enum event types
- Remove unnecessary try/except fallback - Add proper type hints for Generator
- Add EventBus unit tests with MockObserver - Add auth dependency async tests - Add AnalysisService edge case tests - Coverage: 94.34%
- Fix _validate_file to expect tuple return - Add required fields to AnalysisResponse test
- Update README with correct org (Yosoyepa/CodeGuardAI) - Add v1.0.0 release badge and 96% coverage badge - Update API example with working file upload curl command - Mark CGAI-12, CGAI-19, CGAI-20 as completed - Update SPRINT1 guide status to COMPLETADO - Complete all CGAI-20 checklist items - Update Criterios de Éxito: all 7 criteria completed feat(api): implement POST /api/v1/analyze endpoint with auth - Add OAuth2PasswordBearer for Swagger UI with optional dev auth - Implement AnalysisService with SecurityAgent integration - Add CodeReviewRepository with AES-256 encryption (RN16) - Configure EventBus for analysis event notifications - Add comprehensive unit and integration tests (94%+ coverage) Features: - File validation: .py extension, <10MB, UTF-8, min 5 lines - SecurityAgent: dangerous functions, SQL injection, hardcoded creds - Quality score calculation based on finding severity - PostgreSQL persistence with encrypted code storage Tests: - 116 tests passing (unit + integration) - Coverage: 96% (exceeds 75% threshold) Closes CGAI-20
feat(api): implement POST /api/v1/analyze endpoint with auth (#20) - Add OAuth2PasswordBearer for Swagger UI (optional in dev mode) - Implement AnalysisService with SecurityAgent integration - Add CodeReviewRepository with AES-256 encryption (RN16) - Configure EventBus for analysis event notifications - Add file validation (size <10MB, .py extension, UTF-8) - Add comprehensive unit and integration tests (94% coverage) Features: - SecurityAgent: dangerous functions, SQL injection, hardcoded creds - Quality score calculation based on finding severity - PostgreSQL persistence with encrypted code storage Tests: 116 passing (94.34% coverage) Closes CGAI-20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📝 Descripción
Merge de develop a main para release v1.0.0 - Sprint 1 completado.
Implementa el endpoint POST /api/v1/analyze con:
🎯 Historia de Usuario Relacionada
Closes #20 (CGAI-20: FastAPI endpoint POST /api/v1/analyze)
Closes #19 (CGAI-19: AnalysisService)
Closes #12 (CGAI-12: SecurityAgent)
🧪 Cómo se Probó
✅ Checklist Previo al Merge
🚀 Release Notes v1.0.0
Features
Technical
📚 Notas Adicionales
Este PR prepara el código para el tag v1.0.0 y el release en GitHub.