zhongwei/gh-bejranonda-llm-autonomous-agent-plugin-for-claude
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c5931553a6d2a912d65193a92024e9c1a689f60a
gh-bejranonda-llm-autonomou…/commands/analyze/static.md
Zhongwei Li c5931553a6 Initial commit
2025-11-29 18:00:50 +08:00

649 lines
14 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
name: analyze:static
description: Run 40+ linters across all languages with intelligent deduplication and unified reporting
delegates-to: autonomous-agent:orchestrator
---
# Static Analysis Command
Execute comprehensive static analysis across your codebase using 40+ industry-standard linters, with intelligent result deduplication and unified reporting.
## Usage
```bash
/analyze:static [PATH] [OPTIONS]
```
**Examples**:
```bash
/analyze:static # Analyze current directory
/analyze:static src/ # Analyze specific directory
/analyze:static src/auth.py # Analyze specific file
/analyze:static --quick # Fast analysis (fewer linters)
/analyze:static --security # Security-focused analysis
```
## Supported Languages and Linters
### Python (10 linters)
- **pylint** - Code quality, bugs, style
- **flake8** - Style guide enforcement
- **mypy** - Static type checking
- **bandit** - Security vulnerability scanning
- **pycodestyle** - PEP 8 style checking
- **pydocstyle** - Docstring conventions
- **vulture** - Dead code detection
- **radon** - Complexity metrics
- **mccabe** - Cyclomatic complexity
- **pyflakes** - Error detection
### JavaScript/TypeScript (5 linters)
- **eslint** - Code quality, bugs, style
- **tslint** - TypeScript-specific linting
- **jshint** - JavaScript error detection
- **prettier** - Code formatting
- **standard** - JavaScript Standard Style
### Multi-Language (3 linters)
- **semgrep** - Security & bug detection (Python, JS, TS, Go, Java)
- **sonarqube** - Comprehensive code quality
- **codeql** - Advanced security scanning
### Go (4 linters)
- **golint** - Style checking
- **govet** - Correctness checking
- **staticcheck** - Advanced static analysis
- **golangci-lint** - Meta-linter (runs 50+ linters)
### Rust (2 linters)
- **clippy** - Comprehensive linting
- **rustfmt** - Code formatting
### Java (3 linters)
- **checkstyle** - Style checking
- **pmd** - Code quality
- **spotbugs** - Bug detection
### C/C++ (3 linters)
- **cppcheck** - Bug and security detection
- **clang-tidy** - Modernization and bug detection
- **cpplint** - Style guide enforcement
### Ruby (2 linters)
- **rubocop** - Style and quality
- **reek** - Code smell detection
### PHP (3 linters)
- **phpcs** - Coding standards
- **phpstan** - Static analysis
- **psalm** - Type system analysis
### Other Languages
- **shellcheck** - Bash/shell script analysis
- **stylelint** - CSS/SCSS/LESS linting
- **sqlfluff** - SQL linting
- **yamllint** - YAML validation
- **markdownlint** - Markdown linting
- **hadolint** - Dockerfile best practices
**Total**: 40+ linters across 15+ languages
## How It Works
### 1. Language Detection
Automatically detects languages in target path:
```python
Detected Languages:
- Python (.py files)
- JavaScript (.js files)
- TypeScript (.ts files)
- CSS (.css files)
```
### 2. Linter Selection
Selects appropriate linters based on detected languages:
```python
Enabled Linters (12):
pylint (Python quality)
flake8 (Python style)
mypy (Python typing)
bandit (Python security)
eslint (JS/TS quality)
prettier (JS/TS formatting)
stylelint (CSS quality)
...
```
### 3. Parallel Execution
Runs linters in parallel for maximum speed:
```python
Running Analysis...
[] 12/12 linters (8 parallel workers)
Results:
pylint (2.3s) - 47 issues
flake8 (1.1s) - 23 issues
mypy (3.5s) - 12 issues
bandit (1.8s) - 3 issues
eslint (4.2s) - 31 issues
...
```
### 4. Result Synthesis
Intelligently deduplicates and synthesizes results:
```python
Synthesis:
- Total Issues Found: 152
- Duplicate Issues: 36
- Unique Issues: 116
Deduplication:
- Same issue from multiple linters
- Different rule IDs for same problem
- Fingerprinting-based matching
```
### 5. Quality Score Calculation
```python
Quality Score (0-100) =
100 - (
Critical × 10 +
Error × 5 +
Warning × 2 +
Info × 1 +
Style × 0.5
)
Example:
- Critical: 2 -> -20 points
- Error: 8 -> -40 points
- Warning: 15 -> -30 points
- Info: 10 -> -10 points
- Style: 20 -> -10 points
---
---------------------
Score: 100 - 110 = 0 (capped at 0)
```
**Scoring Bands**:
- 90-100: Excellent
- 70-89: Good
- 50-69: Needs Improvement
- 0-49: Critical Issues
## Output Format
### Terminal Output (Tier 1: Concise Summary)
```
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
STATIC ANALYSIS COMPLETE
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📊 Quality Score: 78/100 (GOOD)
🔍 Analysis Summary
Languages: Python, JavaScript, CSS
Linters: 12 run, 0 failed
Total Issues: 116 unique (36 duplicates removed)
🚨 Issues by Severity
🔴 Critical: 2
🟠 Error: 8
🟡 Warning: 15
🔵 Info: 10
⚪ Style: 81
📂 Top 3 Files
1. src/auth.py - 23 issues
2. src/api.js - 18 issues
3. src/utils.py - 12 issues
🎯 Top 3 Issues
1. CRITICAL - SQL injection risk (src/auth.py:45)
2. ERROR - Undefined variable (src/api.js:112)
3. ERROR - Type mismatch (src/utils.py:78)
✅ Auto-fixable: 45/116 issues
📄 Detailed Report: .data/reports/static-analysis-2025-01-15.md
⏱️ Analysis completed in 12.4s
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
```
### File Report (Tier 2: Comprehensive)
Saved to `.data/reports/static-analysis-{DATE}.md`:
```markdown
# Static Analysis Report
**Generated**: 2025-01-15 14:23:45
**Path**: /project/src
**Quality Score**: 78/100
---
## Summary
**Languages Detected**: Python, JavaScript, TypeScript, CSS
**Linters Executed**: 12
**Total Issues**: 116 (36 duplicates removed)
**Duration**: 12.4s
---
## Issues by Severity
| Severity | Count | Percentage |
|----------|-------|-----------|
| 🔴 Critical | 2 | 1.7% |
| 🟠 Error | 8 | 6.9% |
| 🟡 Warning | 15 | 12.9% |
| 🔵 Info | 10 | 8.6% |
| ⚪ Style | 81 | 69.8% |
---
## Issues by Category
- **Security**: 5 issues
- **Bug**: 12 issues
- **Code Quality**: 23 issues
- **Style**: 81 issues
- **Typing**: 8 issues
- **Performance**: 3 issues
- **Documentation**: 2 issues
---
## Top 10 Files with Issues
1. `src/auth.py` - 23 issues
2. `src/api.js` - 18 issues
3. `src/utils.py` - 12 issues
4. `src/components/Button.tsx` - 10 issues
5. `src/database.py` - 9 issues
6. `src/helpers.js` - 8 issues
7. `src/styles/main.css` - 7 issues
8. `src/config.py` - 6 issues
9. `src/routes.js` - 5 issues
10. `src/models.py` - 4 issues
---
## Linter Execution Results
### Successful (12)
-**pylint** (2.3s) - 47 issues
-**flake8** (1.1s) - 23 issues
-**mypy** (3.5s) - 12 issues
-**bandit** (1.8s) - 3 issues
-**eslint** (4.2s) - 31 issues
-**prettier** (0.8s) - 15 issues
-**stylelint** (1.2s) - 7 issues
-**semgrep** (5.3s) - 8 issues
-**pycodestyle** (0.9s) - 18 issues
-**pydocstyle** (1.0s) - 12 issues
-**radon** (0.7s) - 4 issues
-**shellcheck** (0.5s) - 2 issues
### Failed (0)
None
---
## Critical and High Priority Issues
### src/auth.py:45
**Severity**: CRITICAL
**Category**: security
**Linter**: bandit
**Rule**: B608 (SQL injection)
**Message**: Possible SQL injection vector through string-based query construction
**Auto-fixable**: ✅ Yes
**Suggested Fix**:
```python
# Before
query = f"SELECT * FROM users WHERE username = '{username}'"
# After
query = "SELECT * FROM users WHERE username = %s"
cursor.execute(query, (username,))
```
---
### src/api.js:112
**Severity**: ERROR
**Category**: bug
**Linter**: eslint
**Rule**: no-undef
**Message**: 'response' is not defined
**Auto-fixable**: ❌ No
**Context**:
```javascript
110: function handleRequest(request) {
111: processRequest(request);
112: return response.json(); // <- 'response' not defined
113: }
```
---
### src/utils.py:78
**Severity**: ERROR
**Category**: typing
**Linter**: mypy
**Rule**: assignment
**Message**: Incompatible types in assignment (expression has type "str", variable has type "int")
**Auto-fixable**: [WARN] Suggest manual fix
**Context**:
```python
76: def calculate_age(birth_year: int) -> int:
77: current_year = 2025
78: age = current_year - birth_year
79: age = str(age) # <- Type error: int expected, str assigned
80: return age
```
---
[... continues with all critical/error issues ...]
---
## Fixable Issues Summary
**Total Auto-fixable**: 45/116 (38.8%)
### By Category
- **Style**: 38 auto-fixable
- **Code Quality**: 5 auto-fixable
- **Security**: 2 auto-fixable
Apply all fixes:
```bash
/apply-static-analysis-fixes
```
Apply specific fixes:
```bash
/apply-fix {issue-fingerprint}
```
---
## Quality Score Breakdown
```
Base Score: 100
Penalties:
- Critical (2 × 10): -20
- Error (8 × 5): -40
- Warning (15 × 2): -30
- Info (10 × 1): -10
- Style (81 × 0.5): -40.5
Total Penalty: -140.5 (capped at 100)
Final Score: 0 -> Adjusted to actual: 78/100
Note: Score uses weighted algorithm with diminishing returns
```
**Score Interpretation**:
-**70-100**: Production ready
- [WARN] **50-69**: Needs improvement
-**0-49**: Critical issues require attention
**Current Status**: ✅ GOOD (78/100)
---
## Recommendations
### Critical Actions (2)
1. **Fix SQL injection vulnerability** (src/auth.py:45)
- Use parameterized queries
- Auto-fixable: Yes
2. **Fix critical type error** (src/database.py:123)
- Review type annotations
- Auto-fixable: No (requires manual review)
### Suggested Improvements (8)
1. **Add type hints** to 12 functions
2. **Fix undefined variables** in 3 locations
3. **Improve error handling** in 5 functions
4. **Add missing docstrings** to 15 functions
5. **Reduce complexity** in 4 functions
6. **Remove unused imports** in 8 files
7. **Fix naming conventions** in 6 variables
8. **Update deprecated syntax** in 3 files
### Style Improvements (81)
- Run auto-formatter on all files
- Apply `black` for Python
- Apply `prettier` for JavaScript/TypeScript
- Apply `stylelint --fix` for CSS
---
## Next Steps
1. **Address Critical Issues**: Fix 2 critical security vulnerabilities
2. **Apply Auto-fixes**: Run `/apply-static-analysis-fixes` for 45 fixable issues
3. **Manual Review**: Review 8 error-level issues requiring manual fixes
4. **Continuous Monitoring**: Integrate into CI/CD pipeline
5. **Re-run Analysis**: Verify quality score improvement
**Target Score**: 85+/100 (Excellent)
---
**End of Report**
```
## Advanced Options
### Quick Analysis (Fast Mode)
```bash
/analyze:static --quick
```
**Features**:
- Runs only essential linters (10-15)
- Skips style-only linters
- Focuses on bugs and security
- 3-5x faster execution
**Use Case**: Rapid feedback during development
### Security-Focused Analysis
```bash
/analyze:static --security
```
**Features**:
- Runs only security linters
- Deep vulnerability scanning
- OWASP Top 10 focused
- SARIF output for CI/CD
**Linters**:
- bandit (Python)
- semgrep (multi-language)
- codeql (multi-language)
- eslint security plugins
- shellcheck
- hadolint
### Category-Specific Analysis
```bash
/analyze:static --category=typing # Only type checking
/analyze:static --category=style # Only style checking
/analyze:static --category=complexity # Only complexity analysis
```
### Output Formats
```bash
/analyze:static --format=json # JSON output
/analyze:static --format=sarif # SARIF for CI/CD
/analyze:static --format=html # HTML report
```
## Integration with Learning System
The static analysis system integrates with pattern learning:
```python
# After each analysis
learning_engine.store_pattern({
"task_type": "static_analysis",
"context": {
"languages": detected_languages,
"linters_used": linters_run,
"issues_found": total_issues
},
"execution": {
"duration": total_duration,
"parallel_workers": 8
},
"outcome": {
"quality_score": 78,
"fix_success_rate": 0.92
}
})
# Future analyses benefit from:
- Learned false positive patterns
- Optimal linter combinations
- Expected issue distributions
- Quality score trends
```
## CI/CD Integration
### GitHub Actions Example
```yaml
name: Static Analysis
on: [push, pull_request]
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Static Analysis
run: |
/analyze:static --format=sarif --output=results.sarif
- name: Upload Results
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
```
### GitLab CI Example
```yaml
static-analysis:
stage: test
script:
- /analyze:static --format=json --output=results.json
artifacts:
reports:
codequality: results.json
```
## Performance Expectations
| Project Size | Files | Linters | Duration | Workers |
|-------------|-------|---------|----------|---------|
| Small | <50 | 8 | 5-15s | 4 |
| Medium | 50-200 | 12 | 15-60s | 8 |
| Large | 200-1000 | 15 | 1-5min | 12 |
| XLarge | 1000+ | 20+ | 5-15min | 16 |
**Optimization**:
- Parallel execution (default: 8 workers)
- Incremental analysis (only changed files)
- Caching of linter installations
- Smart linter selection
## Troubleshooting
### Issue: Linter Not Found
```
❌ pylint not installed
```
**Solution**:
```bash
pip install pylint flake8 mypy bandit
npm install -g eslint prettier
```
### Issue: Timeout
```
[WARN] semgrep timeout after 60s
```
**Solution**:
```bash
/analyze:static --timeout=120 # Increase timeout
```
### Issue: Too Many Style Issues
```
⚪ Style: 500 issues
```
**Solution**:
```bash
# Run auto-formatter first
black .
prettier --write .
# Then analyze
/analyze:static
```
## Best Practices
1. **Run Before Commit**: Integrate into pre-commit hooks
2. **Target Score 85+**: Aim for "Excellent" quality
3. **Fix Critical First**: Address security and errors before style
4. **Use Auto-Fix**: Apply 38% of fixes automatically
5. **Regular Analysis**: Run daily or per commit
6. **Track Trends**: Monitor quality score over time
7. **Team Standards**: Configure linters for team preferences
---
This command provides comprehensive static analysis with minimal configuration, intelligent result synthesis, and actionable recommendations.
Reference in New Issue View Git Blame Copy Permalink