feat: add generate-context CLI command with auto-discovery#41
Draft
joshbouncesecurity wants to merge 5 commits intoknostic:masterfrom
Draft
feat: add generate-context CLI command with auto-discovery#41joshbouncesecurity wants to merge 5 commits intoknostic:masterfrom
joshbouncesecurity wants to merge 5 commits intoknostic:masterfrom
Conversation
Add a standalone `openant generate-context` command so users can generate application_context.json as a discrete pipeline step when running individual commands (parse → generate-context → analyze → verify). Also wire up auto-discovery of application_context.json in both the Go CLI (project scan dir) and Python CLI (output dir, repo path, input file dir) so `analyze` and `verify` pick it up automatically without requiring `--app-context` every time. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: update PIPELINE_MANUAL.md for generate-context CLI command Update Step 4 to document the new `openant generate-context` command as the primary way to generate application context. Add note about auto-discovery in analyze/verify. Update examples and quick reference. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: update remaining docs for generate-context CLI command Update CURRENT_IMPLEMENTATION.md, README.md, and DOCUMENTATION.md to reference `openant generate-context` as the primary command and note the auto-discovery behavior in analyze/verify. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Cover the `_find_app_context` helper used by `analyze` and `verify` to locate application_context.json automatically when --app-context is not provided. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
7 tasks
The previous text started with "Generate analyzes a repository..." which read as a grammar error. Reword the opening sentence so the Long help output is intelligible without changing the documented behaviour or any flags. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Auto-format the var declaration so gofmt -l no longer flags the file. No behaviour change — only field-name alignment whitespace. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
Author
Manual verificationRequires
|
Contributor
Author
Local test resultsBuilt and reinstalled openant-core from this branch, then ran Commands run: Output: Generated {
"application_type": "web_app",
"intended_behaviors": [
"Serves HTTP requests through Flask or similar web framework",
"Performs database operations for data persistence",
...
],
"trust_boundaries": {
"http_request_parameters": "untrusted",
"http_request_body": "untrusted",
"http_headers": "untrusted",
"database_content": "semi_trusted",
"configuration_files": "trusted"
},
"not_a_vulnerability": [...],
"confidence": 0.75,
...
}Auto-discovery sanity-check (without firing analyze itself, to control cost): if analyzeAppContext == "" {
analyzeAppContext = ctx.scanFile("application_context.json")
}so when the flag is omitted, both commands fall back to the scan-dir copy that Outcome:
Reported cost on the run: $0.00 (Sonnet, ~6.6s). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
openant generate-context [repo-path]as a standalone pipeline step that producesapplication_context.json. Integrated with the project system (openant init/project switch); defaults its output to the project''s scan directory.Also wires up auto-discovery of
application_context.jsoninanalyzeandverify(both Go and Python CLIs) so--app-contextis no longer required when the file already exists in the scan directory.Includes documentation updates for
PIPELINE_MANUAL.md,CURRENT_IMPLEMENTATION.md,README.md, andDOCUMENTATION.md.Addresses item 17 from #16 (does not close the issue). Item 18 (override merge mode) builds on this and will be submitted as a separate PR.
Test plan
openant generate-context <path>writesapplication_context.jsonin the scan directory.openant analyzediscoversapplication_context.jsonautomatically when present.openant verifydiscoversapplication_context.jsonautomatically when present.--app-context <other.json>overrides auto-discovery.--show-promptand--jsonflags work as documented.generate-contexterrors clearly when no API key is configured.tests/test_go_cli.pycovers help output and API key validation; auto-discovery covered by added Python test.