fix: validate build_mode in CodeQL plan repair loop and CLI check

[pruiz]

Problem

Phase 1 failed because the model wrote build_mode: "none" for c-cpp in itemdb/notes/codeql-plan.yml, which is not a valid build mode for C/C++ (only autobuild and manual are supported).

The root cause: _validate_codeql_plan_for_repair() — called by both the phase retry loop and the check-codeql-plan CLI command — only validated build_command portability but never checked whether build_mode was supported for the target language. The gate check correctly caught the error, but only after the retry loop had already exited.

Changes

tools/codecome/phase_1.py

1. _validate_codeql_plan_for_repair() — Added build_mode validation against supported_build_modes(language_id) for each language entry. Now:

   • Rejects unsupported build_modes (e.g., none for c-cpp)
   • Rejects manual without a build_command
   • This runs both during the model retry loop and as the check-codeql-plan self-validation command

2. _codeql_repair_needed() — Added plan-level detection of unsupported build_modes as a trigger for the CodeQL repair loop (defense-in-depth: covers the case where the runner catches the error instead of the validator).

tests/test_phase_1_codeql_plan_repair.py

• Updated _write_valid_plan to include build_mode: autobuild for c-cpp, since the old fixture had no build_mode (which now correctly fails validation).

Summary by CodeRabbit

• Bug Fixes

  • Stricter CodeQL plan validation for per-language build modes, including rejecting unsupported or missing build modes and requiring a build command when manual mode is selected.
  • Repair behavior broadened to trigger on unsupported build-mode configurations as well as on repairable build-mode failures.

• Tests

  • Added tests covering unsupported build modes, missing build modes, and manual mode without a build command.
  • Updated invalid-plan fixture used by repair/resume tests.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 298644c0-e764-4178-911a-fe2c2e917d1a

📥 Commits

Reviewing files that changed from the base of the PR and between 58a1c85 and 53d8d91.

📒 Files selected for processing (2)

• tests/test_phase_1_codeql_plan_repair.py
• tools/codecome/phase_1.py

🚧 Files skipped from review as they are similar to previous changes (1)

• tools/codecome/phase_1.py

---

📝 Walkthrough

Walkthrough

Phase 1 adds CodeQL capability-aware validation to enforce per-language build_mode semantics and expands repair triggers to request rewrites when plans contain unsupported modes or database creation fails with repairable build modes.

Changes

CodeQL Plan Validation and Repair Trigger

Layer / File(s)	Summary
CodeQL capability helper imports tools/codecome/phase_1.py	Adds imports for is_supported_language and supported_build_modes capability helpers used by validation and repair trigger logic.
Enhanced CodeQL plan validation tools/codecome/phase_1.py	_validate_codeql_plan_for_repair validates each language's build_mode against supported modes, rejects missing/unsupported modes, requires build_command for build_mode: manual, and runs build-command portability checks when applicable.
Expanded CodeQL repair trigger tools/codecome/phase_1.py	_codeql_repair_needed now treats a plan as repair-worthy when the build_mode is unsupported for a language or when database creation failed with repairable modes (autobuild or manual).
Test fixtures and validation tests tests/test_phase_1_codeql_plan_repair.py	Updates _write_invalid_plan to include build_mode: autobuild, adds _write_plan_with_build_mode helper, and three tests that assert validation rejects unsupported/missing build_mode and manual without build_command.

Estimated Code Review Effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰
I nibble through YAML, checking each mode,
Autobuild, manual — each rule I decode,
When modes don't align I thump the ground,
A repair is triggered, logic sound,
Hopping off, code tidy and in mode.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 22.22% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main fix: validation of build_mode in CodeQL plan repair and CLI check, which is the core change across both modified files.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/validate-build_mode-in-codeql-plan-repair

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Coverage Report

Metric	Value
Line Coverage	73.9%
Lines Covered	0 / 0

Download detailed HTML coverage reports per OS/Python from the workflow artifacts.

Generated by pytest-cov on 2026-06-04T20:13:33.666Z

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

tests/test_phase_1_codeql_plan_repair.py (1)

44-44: ⚡ Quick win

Add a focused regression test for the new build_mode checks.

This fixture update keeps the existing resume-path test valid, but this file still doesn't directly assert the new behavior from the PR: rejecting unsupported/blank build_mode values and rejecting manual without a build_command. A dedicated test for those cases would pin the exact regression this change is fixing.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/test_phase_1_codeql_plan_repair.py` at line 44, Add a focused
regression test in tests/test_phase_1_codeql_plan_repair.py that asserts the new
build_mode checks: create two tests (e.g.,
test_reject_unsupported_or_blank_build_mode and
test_reject_manual_without_build_command) that construct minimal plan YAMLs
modifying the build_mode field and verify the validator/repair function rejects
unsupported or blank build_mode values and that setting build_mode: manual
without a build_command triggers an error; reference the build_mode and
build_command fields and call the same validation/repair entrypoint used by
existing tests to assert an exception or error message is produced.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tools/codecome/phase_1.py`:
- Around line 277-291: The code currently lets missing, blank or non-string
build_mode values slip through; update the validation around build_mode in
phase_1.py so you normalize and validate language["build_mode"] once (e.g.,
coerce to a single variable like build_mode = language.get("build_mode") and
treat None, non-str, or str.strip() == "" as invalid) before calling
is_supported_language(language_id) or supported_build_modes(language_id); if
invalid, append an error using the existing context message (same style as the
other errors) and ensure this normalized check is used consistently wherever
build_mode is validated (including the other similar block around lines 411-419
and any callers like _codeql_repair_needed()).

---

Nitpick comments:
In `@tests/test_phase_1_codeql_plan_repair.py`:
- Line 44: Add a focused regression test in
tests/test_phase_1_codeql_plan_repair.py that asserts the new build_mode checks:
create two tests (e.g., test_reject_unsupported_or_blank_build_mode and
test_reject_manual_without_build_command) that construct minimal plan YAMLs
modifying the build_mode field and verify the validator/repair function rejects
unsupported or blank build_mode values and that setting build_mode: manual
without a build_command triggers an error; reference the build_mode and
build_command fields and call the same validation/repair entrypoint used by
existing tests to assert an exception or error message is produced.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: d2cdaeef-ef82-4d09-bfcc-162ffe10ee53

📥 Commits

Reviewing files that changed from the base of the PR and between da1eb4a and 58a1c85.

📒 Files selected for processing (2)

• tests/test_phase_1_codeql_plan_repair.py
• tools/codecome/phase_1.py

[pruiz]

Addressed review comments in 53d8d91:

Re: blank/non-string build_mode (Major, tools/codecome/phase_1.py)

• _validate_codeql_plan_for_repair(): Extracts build_mode without a default, explicitly rejects None/blank/non-string values for supported languages before checking supported_build_modes().
• _codeql_repair_needed(): Uses the effective build_mode (defaulting to "none" as the runner does via _lookup_build) so missing/blank values also trigger repair for unsupported languages.

Re: Regression tests (Nitpick, tests/test_phase_1_codeql_plan_repair.py)
Added three focused tests:

• test_codeql_plan_validation_rejects_unsupported_build_mode — build_mode: "none" for c-cpp → rc=1, 'unsupported build_mode' in output
• test_codeql_plan_validation_rejects_missing_build_mode — no build_mode → rc=1, 'missing or invalid build_mode' in output
• test_codeql_plan_validation_rejects_manual_without_build_command — build_mode: "manual" without build_command → rc=1, 'no build_command provided' in output

All 621 tests pass.