From 216563b0bffe2741c2cf78dfe94678048cb62ffc Mon Sep 17 00:00:00 2001 From: 7000pctAUTO Date: Thu, 29 Jan 2026 23:07:40 +0000 Subject: [PATCH] Add project configuration files: LICENSE, README, pyproject.toml, requirements --- README.md | 240 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 238 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d297546..f9e4df3 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,239 @@ -# ai-code-refactor-cli +# AI Code Refactor CLI -Create Gitea repository for ai-code-refactor-cli \ No newline at end of file +A CLI tool that analyzes AI-generated code for security vulnerabilities, anti-patterns, and performance issues while offering automatic refactoring. Supports Python, JavaScript, and TypeScript with configurable rule sets and a `--fix` flag for auto-remediation. + +## Features + +- **Security Vulnerability Scanning**: Detect SQL injection, eval/exec usage, path traversal, and more +- **Anti-Pattern Detection**: Identify exception swallowing, magic numbers, deep nesting, long functions +- **Hardcoded Secret Detection**: Find API keys, passwords, tokens hardcoded in source files +- **Performance Issue Detection**: Identify inefficient loops, redundant operations, unnecessary copies +- **Auto-Refactoring**: Automatically fix detected issues with the `--fix` flag +- **Multi-Language Support**: Python, JavaScript, and TypeScript analysis +- **Configurable Rules**: Enable/disable rules via YAML configuration files +- **Rich Output**: Colorful terminal output with severity levels and JSON export for CI/CD + +## Installation + +### From Source + +```bash +git clone https://github.com/yourusername/ai-code-refactor-cli.git +cd ai-code-refactor-cli +pip install -e . +``` + +### Using pip + +```bash +pip install ai-code-refactor-cli +``` + +## Quick Start + +### Analyze a file + +```bash +aicoderef analyze path/to/your/code.py +``` + +### Analyze a directory + +```bash +aicoderef analyze path/to/your/project/ +``` + +### Auto-fix issues + +```bash +aicoderef analyze path/to/your/code.py --fix +``` + +### JSON output for CI/CD + +```bash +aicoderef analyze path/to/your/code.py --json +``` + +## Configuration + +Create a `.aicoderc.yaml` file in your project root or `~/.aicoderc.yaml` for user-level settings: + +```yaml +version: "1.0" +name: "custom-rules" + +rules: + security.sql_injection: + enabled: true + severity: critical + + security.eval_usage: + enabled: true + severity: critical + + secret.hardcoded_secret: + enabled: true + severity: critical + + antipattern.magic_number: + enabled: true + severity: low + +output: + format: "rich" + show_summary: true +``` + +## Usage + +### Commands + +#### `analyze` + +Analyze code for issues: + +```bash +aicoderef analyze [OPTIONS] PATH + +Options: + --json Output results as JSON + --config FILE Path to config file + --fix Automatically fix detected issues +``` + +#### `fix` + +Automatically fix detected issues: + +```bash +aicoderef fix [OPTIONS] PATH + +Options: + --config FILE Path to config file +``` + +#### `rules` + +List all available rules: + +```bash +aicoderef rules +``` + +#### `languages` + +List supported languages: + +```bash +aicoderef languages +``` + +## Rules + +### Security Rules (Critical/High) + +| Rule ID | Description | Severity | +|---------|-------------|----------| +| `security.sql_injection` | Detect SQL injection patterns | Critical | +| `security.eval_usage` | Detect eval/exec usage | Critical | +| `security.path_traversal` | Detect path traversal | High | + +### Anti-Pattern Rules (Medium/Low) + +| Rule ID | Description | Severity | +|---------|-------------|----------| +| `antipattern.exception_swallow` | Empty except clause | Medium | +| `antipattern.magic_number` | Magic numbers in code | Low | +| `antipattern.deep_nesting` | Deep code nesting | Medium | +| `antipattern.long_function` | Functions too long | Medium | + +### Secret Detection Rules (Critical) + +| Rule ID | Description | Severity | +|---------|-------------|----------| +| `secret.hardcoded_secret` | Hardcoded API keys, passwords | Critical | + +### Performance Rules (Medium/Low) + +| Rule ID | Description | Severity | +|---------|-------------|----------| +| `performance.inefficient_loop` | Inefficient loop patterns | Medium | +| `performance.redundant_operation` | Redundant type conversions | Low | +| `performance.unnecessary_copy` | Unnecessary list copies | Low | + +## Auto-Fixing + +When using `--fix`, the tool will: + +1. Create a backup of the original file (`.bak` extension) +2. Apply safe fixes for detected issues +3. Report what was fixed + +### Fixable Rules + +- `security.sql_injection` - Converts to parameterized queries +- `security.eval_usage` - Comments out dangerous calls +- `antipattern.exception_swallow` - Adds exception logging +- `antipattern.magic_number` - Replaces with named constants +- `performance.redundant_operation` - Removes redundant calls + +## Examples + +### Security Scanning + +```bash +$ aicoderef analyze suspicious_code.py +╭─ suspicious_code.py ───────────────────────────────────────╮ +│ Severity │ Line │ Rule │ Message │ +├──────────┼──────┼───────────────────┼──────────────────────┼ +│ critical │ 3 │ sql_injection │ SQL injection... │ +│ critical │ 5 │ eval_usage │ Dangerous eval... │ +│ critical │ 7 │ hardcoded_secret │ AWS key found... │ +╰────────────────────────────────────────────────────────────╯ + +Analysis Summary + Files analyzed: 1 + Files with issues: 1 + Total issues: 3 + Critical: 3 + High: 0 + Medium: 0 + Low: 0 +``` + +### JSON Output + +```bash +$ aicoderef analyze code.py --json +{ + "files_analyzed": 1, + "files_with_issues": 1, + "results": [ + { + "file": "code.py", + "findings_count": 2, + "summary": { + "critical": 1, + "high": 0, + "medium": 1, + "low": 0, + "total": 2 + }, + "findings": [...] + } + ] +} +``` + +## Contributing + +1. Fork the repository +2. Create a feature branch (`git checkout -b feature/amazing-feature`) +3. Commit your changes (`git commit -m 'Add amazing feature'`) +4. Push to the branch (`git push origin feature/amazing-feature`) +5. Open a Pull Request + +## License + +This project is licensed under the MIT License - see the LICENSE file for details.