Release 1.1.0#3
Merged
Merged
Conversation
Owner
Author
|
@copilot resolve the merge conflicts in this pull request |
There was a problem hiding this comment.
Pull request overview
Release 1.1.0 focuses the repository on a VS Code–first workflow by adding an extension that runs the Python analyzers out-of-process via a machine-readable bridge, while removing the legacy web UI / CSV analyzer surface area.
Changes:
- Added a VS Code extension (tree view, diagnostics, status bar score, SARIF export) and TypeScript build/packaging setup.
- Introduced a unified Python scanning API (
contractguard.scan) plus acontractguard.bridgeCLI for JSON/SARIF output consumed by the extension. - Updated tests, docs, samples, and CI to reflect the new extension-centric release (and removed CSV/web UI components).
Reviewed changes
Copilot reviewed 27 out of 32 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| vscode-src/types.ts | Adds TS types matching the Python bridge scan payload. |
| vscode-src/pythonBridge.ts | Spawns python -m contractguard.bridge and wires env/args for scans + runtime install. |
| vscode-src/findingsTree.ts | Implements findings explorer tree grouped by severity. |
| vscode-src/extension.ts | Main VS Code extension controller (scan orchestration, diagnostics, SARIF export, status bar). |
| tsconfig.json | TypeScript compiler configuration for building the extension into dist/. |
| tests/test_secrets_analyzer.py | Adjusts secrets tests to avoid hardcoding real-looking token strings. |
| tests/test_scan.py | Adds tests for analyzer listing and the new scan/serialization API. |
| tests/test_csv_analyzer.py | Removes CSV analyzer tests. |
| tests/test_bridge.py | Adds an integration-style test for the bridge JSON output. |
| src/contractguard/web.py | Removes the FastAPI web UI. |
| src/contractguard/scan.py | Adds scan orchestration API (ScanTarget, scan_target, serialization helpers). |
| src/contractguard/reporter.py | Updates HTML theme and revises SARIF output metadata/shape. |
| src/contractguard/cli.py | Refactors CLI to use shared scan helpers; removes serve command. |
| src/contractguard/bridge.py | Adds Typer-based machine-readable bridge CLI for the VS Code extension. |
| src/contractguard/analyzers/csv_analyzer.py | Removes the CSV analyzer implementation. |
| src/contractguard/init.py | Updates package description + version to 1.1.0. |
| samples/secrets/leaked.env | Replaces provider-like secrets with demo placeholder values. |
| samples/csv/users.csv | Removes CSV sample data. |
| samples/config/dangerous.env | Replaces leaked credential-like entries with placeholders. |
| rules/csv_rules.yaml | Removes CSV rules. |
| README.md | Rewrites README around the VS Code extension workflow and settings/commands. |
| python-requirements.txt | Adds a runtime requirements list for the extension’s “install runtime” command. |
| pyproject.toml | Updates package metadata/version and registers contractguard-bridge script; removes web deps. |
| package.json | Adds VS Code extension manifest, commands/configuration, scripts, and packaging settings. |
| media/icon.svg | Adds extension icon asset. |
| INSTRUCTIONS.md | Rewrites usage docs for CLI + bridge + VS Code flows. |
| DEPLOYMENT.md | Updates deployment notes for VSIX packaging and runtime model. |
| CAPABILITIES.md | Updates capabilities to reflect removed web/CSV and extension integration. |
| .gitignore | Adds dist-vsix/ and node_modules/. |
| .github/workflows/contractguard-ci.yml | Updates CI to build/package the extension and upload the VSIX artifact. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+35
to
+37
| constructor(public readonly finding: Finding) { | ||
| const basename = finding.location ? path.basename(finding.location.split(':')[0]) : finding.rule_id; | ||
| super(`${finding.rule_id} ${basename}`, vscode.TreeItemCollapsibleState.None); |
| warning_count: findings.filter((item) => item.severity === 'warning').length, | ||
| info_count: findings.filter((item) => item.severity === 'info').length | ||
| }; | ||
| const attackSurface = [...new Set(findings.flatMap((item) => score.attack_surface.includes(item.attack_vector) ? [item.attack_vector] : []))]; |
Comment on lines
+326
to
+342
| const grade = | ||
| counts.block_count > 0 ? 'F' | ||
| : scoreValue >= 90 ? 'A' | ||
| : scoreValue >= 75 ? 'B' | ||
| : scoreValue >= 55 ? 'C' | ||
| : scoreValue >= 35 ? 'D' | ||
| : 'F'; | ||
|
|
||
| return { | ||
| ...score, | ||
| grade, | ||
| score: counts.block_count > 0 ? Math.min(scoreValue, 15) : scoreValue, | ||
| ...counts, | ||
| total_findings: findings.length, | ||
| attack_surface: attackSurface, | ||
| top_risks: topRisks | ||
| }; |
Comment on lines
176
to
184
| rules.append(rule_def) | ||
|
|
||
| file_path = f.location.split(":")[0] if f.location else "" | ||
| file_path = finding.location.split(":")[0] if finding.location else "" | ||
| line = 1 | ||
| if ":" in f.location: | ||
| parts = f.location.rsplit(":", 1) | ||
| if ":" in finding.location: | ||
| parts = finding.location.rsplit(":", 1) | ||
| try: | ||
| line = int(parts[1]) | ||
| except ValueError: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.