zhongwei/gh-bejranonda-llm-autonomous-agent-plugin-for-claude
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Zhongwei Li
2025-11-29 18:00:50 +08:00
commit c5931553a6
106 changed files with 49995 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

648
commands/analyze/static.md Normal file
View File

@@ -0,0 +1,648 @@
---
name: analyze:static
description: Run 40+ linters across all languages with intelligent deduplication and unified reporting
delegates-to: autonomous-agent:orchestrator
---
# Static Analysis Command
Execute comprehensive static analysis across your codebase using 40+ industry-standard linters, with intelligent result deduplication and unified reporting.
## Usage
```bash
/analyze:static [PATH] [OPTIONS]
```
**Examples**:
```bash
/analyze:static # Analyze current directory
/analyze:static src/ # Analyze specific directory
/analyze:static src/auth.py # Analyze specific file
/analyze:static --quick # Fast analysis (fewer linters)
/analyze:static --security # Security-focused analysis
```
## Supported Languages and Linters
### Python (10 linters)
- **pylint** - Code quality, bugs, style
- **flake8** - Style guide enforcement
- **mypy** - Static type checking
- **bandit** - Security vulnerability scanning
- **pycodestyle** - PEP 8 style checking
- **pydocstyle** - Docstring conventions
- **vulture** - Dead code detection
- **radon** - Complexity metrics
- **mccabe** - Cyclomatic complexity
- **pyflakes** - Error detection
### JavaScript/TypeScript (5 linters)
- **eslint** - Code quality, bugs, style
- **tslint** - TypeScript-specific linting
- **jshint** - JavaScript error detection
- **prettier** - Code formatting
- **standard** - JavaScript Standard Style
### Multi-Language (3 linters)
- **semgrep** - Security & bug detection (Python, JS, TS, Go, Java)
- **sonarqube** - Comprehensive code quality
- **codeql** - Advanced security scanning
### Go (4 linters)
- **golint** - Style checking
- **govet** - Correctness checking
- **staticcheck** - Advanced static analysis
- **golangci-lint** - Meta-linter (runs 50+ linters)
### Rust (2 linters)
- **clippy** - Comprehensive linting
- **rustfmt** - Code formatting
### Java (3 linters)
- **checkstyle** - Style checking
- **pmd** - Code quality
- **spotbugs** - Bug detection
### C/C++ (3 linters)
- **cppcheck** - Bug and security detection
- **clang-tidy** - Modernization and bug detection
- **cpplint** - Style guide enforcement
### Ruby (2 linters)
- **rubocop** - Style and quality
- **reek** - Code smell detection
### PHP (3 linters)
- **phpcs** - Coding standards
- **phpstan** - Static analysis
- **psalm** - Type system analysis
### Other Languages
- **shellcheck** - Bash/shell script analysis
- **stylelint** - CSS/SCSS/LESS linting
- **sqlfluff** - SQL linting
- **yamllint** - YAML validation
- **markdownlint** - Markdown linting
- **hadolint** - Dockerfile best practices
**Total**: 40+ linters across 15+ languages
## How It Works
### 1. Language Detection
Automatically detects languages in target path:
```python
Detected Languages:
- Python (.py files)
- JavaScript (.js files)
- TypeScript (.ts files)
- CSS (.css files)
```
### 2. Linter Selection
Selects appropriate linters based on detected languages:
```python
Enabled Linters (12):
pylint (Python quality)
flake8 (Python style)
mypy (Python typing)
bandit (Python security)
eslint (JS/TS quality)
prettier (JS/TS formatting)
stylelint (CSS quality)
...
```
### 3. Parallel Execution
Runs linters in parallel for maximum speed:
```python
Running Analysis...
[] 12/12 linters (8 parallel workers)
Results:
pylint (2.3s) - 47 issues
flake8 (1.1s) - 23 issues
mypy (3.5s) - 12 issues
bandit (1.8s) - 3 issues
eslint (4.2s) - 31 issues
...
```
### 4. Result Synthesis
Intelligently deduplicates and synthesizes results:
```python
Synthesis:
- Total Issues Found: 152
- Duplicate Issues: 36
- Unique Issues: 116
Deduplication:
- Same issue from multiple linters
- Different rule IDs for same problem
- Fingerprinting-based matching
```
### 5. Quality Score Calculation
```python
Quality Score (0-100) =
100 - (
Critical × 10 +
Error × 5 +
Warning × 2 +
Info × 1 +
Style × 0.5
)
Example:
- Critical: 2 -> -20 points
- Error: 8 -> -40 points
- Warning: 15 -> -30 points
- Info: 10 -> -10 points
- Style: 20 -> -10 points
---
---------------------
Score: 100 - 110 = 0 (capped at 0)
```
**Scoring Bands**:
- 90-100: Excellent
- 70-89: Good
- 50-69: Needs Improvement
- 0-49: Critical Issues
## Output Format
### Terminal Output (Tier 1: Concise Summary)
```
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
STATIC ANALYSIS COMPLETE
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📊 Quality Score: 78/100 (GOOD)
🔍 Analysis Summary
Languages: Python, JavaScript, CSS
Linters: 12 run, 0 failed
Total Issues: 116 unique (36 duplicates removed)
🚨 Issues by Severity
🔴 Critical: 2
🟠 Error: 8
🟡 Warning: 15
🔵 Info: 10
⚪ Style: 81
📂 Top 3 Files
1. src/auth.py - 23 issues
2. src/api.js - 18 issues
3. src/utils.py - 12 issues
🎯 Top 3 Issues
1. CRITICAL - SQL injection risk (src/auth.py:45)
2. ERROR - Undefined variable (src/api.js:112)
3. ERROR - Type mismatch (src/utils.py:78)
✅ Auto-fixable: 45/116 issues
📄 Detailed Report: .data/reports/static-analysis-2025-01-15.md
⏱️ Analysis completed in 12.4s
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
```
### File Report (Tier 2: Comprehensive)
Saved to `.data/reports/static-analysis-{DATE}.md`:
```markdown
# Static Analysis Report
**Generated**: 2025-01-15 14:23:45
**Path**: /project/src
**Quality Score**: 78/100
---
## Summary
**Languages Detected**: Python, JavaScript, TypeScript, CSS
**Linters Executed**: 12
**Total Issues**: 116 (36 duplicates removed)
**Duration**: 12.4s
---
## Issues by Severity
| Severity | Count | Percentage |
|----------|-------|-----------|
| 🔴 Critical | 2 | 1.7% |
| 🟠 Error | 8 | 6.9% |
| 🟡 Warning | 15 | 12.9% |
| 🔵 Info | 10 | 8.6% |
| ⚪ Style | 81 | 69.8% |
---
## Issues by Category
- **Security**: 5 issues
- **Bug**: 12 issues
- **Code Quality**: 23 issues
- **Style**: 81 issues
- **Typing**: 8 issues
- **Performance**: 3 issues
- **Documentation**: 2 issues
---
## Top 10 Files with Issues
1. `src/auth.py` - 23 issues
2. `src/api.js` - 18 issues
3. `src/utils.py` - 12 issues
4. `src/components/Button.tsx` - 10 issues
5. `src/database.py` - 9 issues
6. `src/helpers.js` - 8 issues
7. `src/styles/main.css` - 7 issues
8. `src/config.py` - 6 issues
9. `src/routes.js` - 5 issues
10. `src/models.py` - 4 issues
---
## Linter Execution Results
### Successful (12)
-**pylint** (2.3s) - 47 issues
-**flake8** (1.1s) - 23 issues
-**mypy** (3.5s) - 12 issues
-**bandit** (1.8s) - 3 issues
-**eslint** (4.2s) - 31 issues
-**prettier** (0.8s) - 15 issues
-**stylelint** (1.2s) - 7 issues
-**semgrep** (5.3s) - 8 issues
-**pycodestyle** (0.9s) - 18 issues
-**pydocstyle** (1.0s) - 12 issues
-**radon** (0.7s) - 4 issues
-**shellcheck** (0.5s) - 2 issues
### Failed (0)
None
---
## Critical and High Priority Issues
### src/auth.py:45
**Severity**: CRITICAL
**Category**: security
**Linter**: bandit
**Rule**: B608 (SQL injection)
**Message**: Possible SQL injection vector through string-based query construction
**Auto-fixable**: ✅ Yes
**Suggested Fix**:
```python
# Before
query = f"SELECT * FROM users WHERE username = '{username}'"
# After
query = "SELECT * FROM users WHERE username = %s"
cursor.execute(query, (username,))
```
---
### src/api.js:112
**Severity**: ERROR
**Category**: bug
**Linter**: eslint
**Rule**: no-undef
**Message**: 'response' is not defined
**Auto-fixable**: ❌ No
**Context**:
```javascript
110: function handleRequest(request) {
111: processRequest(request);
112: return response.json(); // <- 'response' not defined
113: }
```
---
### src/utils.py:78
**Severity**: ERROR
**Category**: typing
**Linter**: mypy
**Rule**: assignment
**Message**: Incompatible types in assignment (expression has type "str", variable has type "int")
**Auto-fixable**: [WARN] Suggest manual fix
**Context**:
```python
76: def calculate_age(birth_year: int) -> int:
77: current_year = 2025
78: age = current_year - birth_year
79: age = str(age) # <- Type error: int expected, str assigned
80: return age
```
---
[... continues with all critical/error issues ...]
---
## Fixable Issues Summary
**Total Auto-fixable**: 45/116 (38.8%)
### By Category
- **Style**: 38 auto-fixable
- **Code Quality**: 5 auto-fixable
- **Security**: 2 auto-fixable
Apply all fixes:
```bash
/apply-static-analysis-fixes
```
Apply specific fixes:
```bash
/apply-fix {issue-fingerprint}
```
---
## Quality Score Breakdown
```
Base Score: 100
Penalties:
- Critical (2 × 10): -20
- Error (8 × 5): -40
- Warning (15 × 2): -30
- Info (10 × 1): -10
- Style (81 × 0.5): -40.5
Total Penalty: -140.5 (capped at 100)
Final Score: 0 -> Adjusted to actual: 78/100
Note: Score uses weighted algorithm with diminishing returns
```
**Score Interpretation**:
-**70-100**: Production ready
- [WARN] **50-69**: Needs improvement
-**0-49**: Critical issues require attention
**Current Status**: ✅ GOOD (78/100)
---
## Recommendations
### Critical Actions (2)
1. **Fix SQL injection vulnerability** (src/auth.py:45)
- Use parameterized queries
- Auto-fixable: Yes
2. **Fix critical type error** (src/database.py:123)
- Review type annotations
- Auto-fixable: No (requires manual review)
### Suggested Improvements (8)
1. **Add type hints** to 12 functions
2. **Fix undefined variables** in 3 locations
3. **Improve error handling** in 5 functions
4. **Add missing docstrings** to 15 functions
5. **Reduce complexity** in 4 functions
6. **Remove unused imports** in 8 files
7. **Fix naming conventions** in 6 variables
8. **Update deprecated syntax** in 3 files
### Style Improvements (81)
- Run auto-formatter on all files
- Apply `black` for Python
- Apply `prettier` for JavaScript/TypeScript
- Apply `stylelint --fix` for CSS
---
## Next Steps
1. **Address Critical Issues**: Fix 2 critical security vulnerabilities
2. **Apply Auto-fixes**: Run `/apply-static-analysis-fixes` for 45 fixable issues
3. **Manual Review**: Review 8 error-level issues requiring manual fixes
4. **Continuous Monitoring**: Integrate into CI/CD pipeline
5. **Re-run Analysis**: Verify quality score improvement
**Target Score**: 85+/100 (Excellent)
---
**End of Report**
```
## Advanced Options
### Quick Analysis (Fast Mode)
```bash
/analyze:static --quick
```
**Features**:
- Runs only essential linters (10-15)
- Skips style-only linters
- Focuses on bugs and security
- 3-5x faster execution
**Use Case**: Rapid feedback during development
### Security-Focused Analysis
```bash
/analyze:static --security
```
**Features**:
- Runs only security linters
- Deep vulnerability scanning
- OWASP Top 10 focused
- SARIF output for CI/CD
**Linters**:
- bandit (Python)
- semgrep (multi-language)
- codeql (multi-language)
- eslint security plugins
- shellcheck
- hadolint
### Category-Specific Analysis
```bash
/analyze:static --category=typing # Only type checking
/analyze:static --category=style # Only style checking
/analyze:static --category=complexity # Only complexity analysis
```
### Output Formats
```bash
/analyze:static --format=json # JSON output
/analyze:static --format=sarif # SARIF for CI/CD
/analyze:static --format=html # HTML report
```
## Integration with Learning System
The static analysis system integrates with pattern learning:
```python
# After each analysis
learning_engine.store_pattern({
"task_type": "static_analysis",
"context": {
"languages": detected_languages,
"linters_used": linters_run,
"issues_found": total_issues
},
"execution": {
"duration": total_duration,
"parallel_workers": 8
},
"outcome": {
"quality_score": 78,
"fix_success_rate": 0.92
}
})
# Future analyses benefit from:
- Learned false positive patterns
- Optimal linter combinations
- Expected issue distributions
- Quality score trends
```
## CI/CD Integration
### GitHub Actions Example
```yaml
name: Static Analysis
on: [push, pull_request]
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Static Analysis
run: |
/analyze:static --format=sarif --output=results.sarif
- name: Upload Results
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
```
### GitLab CI Example
```yaml
static-analysis:
stage: test
script:
- /analyze:static --format=json --output=results.json
artifacts:
reports:
codequality: results.json
```
## Performance Expectations
| Project Size | Files | Linters | Duration | Workers |
|-------------|-------|---------|----------|---------|
| Small | <50 | 8 | 5-15s | 4 |
| Medium | 50-200 | 12 | 15-60s | 8 |
| Large | 200-1000 | 15 | 1-5min | 12 |
| XLarge | 1000+ | 20+ | 5-15min | 16 |
**Optimization**:
- Parallel execution (default: 8 workers)
- Incremental analysis (only changed files)
- Caching of linter installations
- Smart linter selection
## Troubleshooting
### Issue: Linter Not Found
```
❌ pylint not installed
```
**Solution**:
```bash
pip install pylint flake8 mypy bandit
npm install -g eslint prettier
```
### Issue: Timeout
```
[WARN] semgrep timeout after 60s
```
**Solution**:
```bash
/analyze:static --timeout=120 # Increase timeout
```
### Issue: Too Many Style Issues
```
⚪ Style: 500 issues
```
**Solution**:
```bash
# Run auto-formatter first
black .
prettier --write .
# Then analyze
/analyze:static
```
## Best Practices
1. **Run Before Commit**: Integrate into pre-commit hooks
2. **Target Score 85+**: Aim for "Excellent" quality
3. **Fix Critical First**: Address security and errors before style
4. **Use Auto-Fix**: Apply 38% of fixes automatically
5. **Regular Analysis**: Run daily or per commit
6. **Track Trends**: Monitor quality score over time
7. **Team Standards**: Configure linters for team preferences
---
This command provides comprehensive static analysis with minimal configuration, intelligent result synthesis, and actionable recommendations.