Skip to content

WIP: CodeQL integration — Phase 1 subphases + harness cleanup + CodeQL install scaffold #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
pruiz wants to merge 47 commits into
base: master
Choose a base branch
from
Open

WIP: CodeQL integration — Phase 1 subphases + harness cleanup + CodeQL install scaffold #29

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
47 commits
Select commit Hold shift + click to select a range
e4ff714
docs: add CodeQL integration implementation plan
pruiz May 28, 2026
dd01009
refactor: remove CODECOME_USE_WRAPPER bypass, rename venv -> init, ad…
pruiz May 29, 2026
a209c98
feat: split Phase 1 into subphases 1a/1b/1c with gates
pruiz May 29, 2026
00a113a
feat: add CodeQL install scaffold
pruiz May 29, 2026
2a22ad8
refactor: flatten CodeQL install layout and add verbose init output
pruiz May 29, 2026
2b133ad
fix: use shutil.move in _extract to correctly flatten CodeQL bundle
pruiz May 29, 2026
e2caf7a
fix: extract CodeQL bundle without post-processing
pruiz May 29, 2026
a9d5d42
refactor: move gate checks into phase modules
pruiz May 29, 2026
b9c55cf
fix: authenticate CodeQL release API requests
pruiz May 30, 2026
221bc5d
refactor: keep one canonical CodeQL config path
pruiz May 30, 2026
b24099f
fix: tighten CodeQL follow-up checks and CI
pruiz May 30, 2026
396e6fe
feat: add CodeQL pack catalog resolver
pruiz May 30, 2026
e900054
fix: record raw transcripts and split phase-1 logs
pruiz May 30, 2026
bad575a
fix: review bot follow-up cleanups
pruiz May 30, 2026
81c1eee
fix: correct subphase phase label in step output + normalize unknown …
pruiz May 30, 2026
a5b4d67
feat: add FileEditedRenderer and FileWatcherRenderer with inflight tr…
pruiz May 30, 2026
8345775
fix: review bot cleanups — 8 fixes across codebase
pruiz May 30, 2026
79d37d3
refactor: move CodeQL artifacts from itemdb/evidence/codeql to itemdb…
pruiz May 30, 2026
97002c1
feat: implement CodeQL run, SARIF normalization, and file-risk enrich…
pruiz May 30, 2026
5d92fc6
PR 6: Phase 1 CodeQL integration + address review comments
pruiz May 30, 2026
c6cd680
Fix bugs and deviations from integration plan
pruiz May 30, 2026
3538558
fix: create CodeQL database directory
pruiz May 30, 2026
9ea504e
feat: harden CodeQL phase integration
pruiz May 30, 2026
523e8c2
fix: mark unused runner test session id
pruiz May 30, 2026
11e9674
feat: stream CodeQL stderr live, add configurable timeouts with plan …
pruiz May 31, 2026
34e6615
fix: return skipped when no CodeQL languages resolve, skip artifact c…
pruiz May 31, 2026
549de46
fix: add Recording tools header separator in make check output
pruiz May 31, 2026
6564ab5
feat: add Phase progress summary to make check output
pruiz May 31, 2026
bc49575
fix: address unresolved PR #29 review comments
pruiz May 31, 2026
8944337
fix: respect fail_policy for unsupported CodeQL languages
pruiz May 31, 2026
a254751
fix: add CodeQL build repair retry
pruiz May 31, 2026
4267c57
fix: address CodeQL review findings
pruiz May 31, 2026
58ab5a6
fix: skip non-CodeQL analysis units
pruiz May 31, 2026
861e113
fix: auto-repair invalid CodeQL plans
pruiz May 31, 2026
815e6da
fix: retry CodeQL manual build repairs
pruiz May 31, 2026
68ffd9e
fix: remove duplicate CodeQL hard-fail branch
pruiz May 31, 2026
67c0834
fix(phase-1): correctly handle codeql repair loop and hard-fail gate
pruiz May 31, 2026
e24502b
refactor: make _run_codeql return None, remove dead rc checks
pruiz May 31, 2026
13d29ce
fix: let soft CodeQL repair failures continue
pruiz May 31, 2026
fe95ab5
feat: rename venv-check to env-check, add sandbox status to make chec…
pruiz May 31, 2026
4357645
fix(codeql): prevent early abort on soft policy and rename misleading…
pruiz May 31, 2026
7027bf4
feat(codeql): expose check-codeql-plan in cli to fix agent validation…
pruiz May 31, 2026
531bfe6
feat(codeql): isolate CodeQL package cache to workspace .cache/codeql
pruiz May 31, 2026
426f2c1
Address PR #29 review feedback
pruiz May 31, 2026
d2caf0d
fix: report fresh sandbox as pending
pruiz May 31, 2026
c40491c
fix(phase-1): accept completed subphase artifacts without finish event
pruiz May 31, 2026
7d22780
fix(phase-1): preserve retry transcripts and guard resume
pruiz May 31, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions .github/workflows/tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,18 @@ jobs:
python -m pip install --upgrade pip
pip install -r requirements.txt

- name: Run make init (full CodeQL install)
if: matrix.python-version == '3.14'
env:
GITHUB_TOKEN: ${{ github.token }}
run: make init

- name: Run make init (skip CodeQL install)
if: matrix.python-version != '3.14'
env:
CODEQL_SKIP_INSTALL: 1
run: make init

- name: Run pytest with coverage
id: pytest
run: |
Expand Down
7 changes: 7 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -220,6 +220,13 @@ __marimo__/
tmp/*
!tmp/.gitkeep

# CodeQL managed install and cache
.tools/
.cache/codeql/

# CodeQL runtime artifacts
itemdb/codeql/*

# CodeCome runtime artifacts
itemdb/index.md

Expand Down
Loading
Loading