# AI Code Buddy
[](https://crates.io/crates/ai-code-buddy)
[](https://opensource.org/licenses/MIT)
[](./coverage/tarpaulin-report.html)
[](#testing)
🤖 An AI-powered code review tool with an elegant Bevy-based TUI that analyzes Git repositories and provides intelligent feedback on code quality, security vulnerabilities, and maintainability issues.
## Features
- 🔍 **Intelligent Code Analysis**: Advanced pattern matching to analyze code and provide meaningful suggestions
- 🛡️ **OWASP Security Analysis**: Comprehensive OWASP Top 10 vulnerability detection with precise line-by-line reporting
- 🌲 **Git Branch Comparison**: Compare commits between branches with detailed diff analysis
- 🎯 **Multi-Language Support**: Supports Rust, JavaScript, Python, and more programming languages
- 📊 **Detailed Reporting**: Categorized issues by severity (Critical, High, Medium, Low, Info)
- 🖥️ **Modern TUI Interface**: Beautiful Bevy-powered terminal user interface with real-time analysis
- 🖥️ **CLI Mode**: Traditional command-line interface for scripts and CI/CD integration
- 📋 **Multiple Output Formats**: Summary, detailed, JSON, and Markdown output formats
- 🎨 **File Filtering**: Include/exclude files using glob patterns
- 👥 **Credits System**: Track and display all project contributors
- 🔧 **Professional CLI**: Complete argument parsing with help and validation
## Screenshots
### Interactive TUI Mode
The default mode launches an elegant terminal user interface built with Bevy:
```bash
ai-code-buddy
```
**Features:**
- Real-time analysis display
- Interactive navigation through issues
- Multiple view tabs (Overview, Analysis, Reports)
- Keyboard shortcuts for efficient workflow
- Beautiful dark theme with syntax highlighting
### CLI Mode
For automation and CI/CD integration:
```bash
ai-code-buddy --cli --format summary
```
**Example Output:**
```
🔍 AI Code Review Tool
📂 Repository: .
🌿 Comparing: main → HEAD
🎯 Code Review Summary
==========================================
🌿 Branches: main → feat/bevy_rewrite
📁 Files modified: 12
➕ Lines added: 486
➖ Lines removed: 234
🐛 Total issues: 5
🤖 AI Assessment:
Based on the code changes between branches, I've analyzed 12 files with detailed
attention to security, performance, and code quality.
KEY FINDINGS:
• src/main.rs:
⚠️ HIGH: Line 45: Consider using more specific error types
🔶 MEDIUM: Line 67: Function complexity could be reduced
• src/widgets/analysis.rs:
🚨 CRITICAL: Line 123: Potential unsafe memory access
⚠️ HIGH: Line 156: Missing input validation
📊 Technology Stack:
Languages: Rust
Frameworks: Bevy, Ratatui
🔍 Issues by Category:
Security: 2 issues
Performance: 1 issue
Maintainability: 2 issues
```
## Installation
### Quick Installation (Recommended)
#### 🚀 One-Command Install
```bash
cargo install ai-code-buddy
```
The build system automatically detects your hardware and enables the best acceleration:
- 🍎 **Apple Silicon (M1/M2/M3)**: Metal GPU acceleration
- 🟢 **NVIDIA GPU**: CUDA acceleration (Windows-only; if drivers available)
- 🔵 **Intel processors**: MKL (Math Kernel Library) acceleration
- 💻 **Fallback**: Optimized CPU execution
#### 🔧 Platform-Specific Installation
**macOS (Homebrew) - Coming Soon:**
```bash
# Future release - not yet available
brew install ai-code-buddy
```
**Ubuntu/Debian:**
```bash
# Install Rust if not already installed
# Install AI Code Buddy
cargo install ai-code-buddy
```
**Windows:**
```powershell
# Install Rust via rustup-init.exe from https://rustup.rs/
# Then install AI Code Buddy
cargo install ai-code-buddy
```
**Docker (Cross-Platform):**
```bash
# Build image
docker build -t ai-code-buddy .
# Run analysis on current directory
docker run -v $(pwd):/workspace ai-code-buddy --cli
```
### Development Installation
#### 📦 From Source (Latest Features)
```bash
# Clone the repository
git clone https://github.com/edgarhsanchez/ai_code_buddy.git
cd ai_code_buddy
# Build with GPU acceleration (auto-detected)
cargo build --release
# Run directly
./target/release/ai-code-buddy --help
# Optional: Add to PATH
sudo ln -s $(pwd)/target/release/ai-code-buddy /usr/local/bin/
```
#### 🎯 Custom GPU Features (Advanced)
```bash
# Force specific GPU backend
cargo install ai-code-buddy --features gpu-metal # Apple Silicon
cargo install ai-code-buddy --features gpu-cuda # NVIDIA CUDA (Windows only)
cargo install ai-code-buddy --features gpu-mkl # Intel MKL
# CPU-only build (smaller binary)
cargo install ai-code-buddy --no-default-features
```
### Verification
#### ✅ Verify Installation
```bash
# Check version and features
ai-code-buddy --version
ai-code-buddy --help
# Test with a simple repository
cd ~/your-git-project
ai-code-buddy --cli --format summary
```
#### 🔍 GPU Acceleration Check
```bash
# Force GPU mode to test acceleration
ai-code-buddy --gpu --cli --verbose
# Expected output for Apple Silicon:
# 🍎 Apple Silicon detected, using Metal backend
# 🔧 AI Analyzer initialized with Metal backend
# Force CPU mode for comparison
ai-code-buddy --cpu --cli --verbose
```
### Prerequisites
| **Rust** | 1.70+ | Building and running the application |
| **Git** | 2.0+ | Repository analysis and branch comparison |
| **Terminal** | Modern with Unicode | TUI interface and proper display |
| **Memory** | 512MB+ RAM | Analysis processing (more for large repos) |
| **Storage** | 50MB+ free | Binary installation and analysis cache |
#### 🖥️ Platform Requirements
**macOS:**
- macOS 10.15+ (Catalina or later)
- Apple Silicon: Metal GPU drivers (included in macOS)
- Intel: Optional Intel MKL support
**Linux:**
- Kernel 3.10+ (most distributions from 2013+)
- NVIDIA: CUDA drivers 11.0+ (optional, for GPU acceleration)
- glibc 2.17+ or musl libc
**Windows:**
- Windows 10 version 1903+
- WSL2 recommended for best experience
- PowerShell 5.1+ or Windows Terminal
### Troubleshooting Installation
#### Common Issues
**❌ "cargo: command not found"**
```bash
# Install Rust toolchain
```
**❌ GPU acceleration not working**
```bash
# Check if GPU features were compiled
ai-code-buddy --gpu --cli --verbose
# If Metal not available on Apple Silicon:
cargo install ai-code-buddy --features gpu-metal --force
# If CUDA not available with NVIDIA (Windows only):
cargo install ai-code-buddy --features gpu-cuda --force
```
**❌ "failed to compile" on older systems**
```bash
# Update Rust to latest version
rustup update
# Clean install with latest Rust
cargo install ai-code-buddy --force
```
**❌ Out of memory during compilation**
```bash
# Reduce parallel compilation jobs
export CARGO_BUILD_JOBS=2
cargo install ai-code-buddy
# Or use pre-compiled binary (when available)
```
**❌ Permission denied on Unix systems**
```bash
# Install to user directory instead of system
cargo install ai-code-buddy --root ~/.local
export PATH="$HOME/.local/bin:$PATH"
```
### Quick Start Guide
#### 🎯 First Run (30 seconds)
```bash
# 1. Navigate to any Git repository
cd ~/my-project
# 2. Run interactive analysis
ai-code-buddy
# 3. Or get a quick CLI summary
ai-code-buddy --cli --format summary
```
#### 🚀 Common First Commands
```bash
# Analyze current branch vs main
ai-code-buddy --cli --source main --target HEAD
# Focus on security issues only
ai-code-buddy --cli --include "src/**" --format detailed
# Generate a report for your team
ai-code-buddy --cli --format markdown > code-review.md
# CI/CD integration test
ai-code-buddy --cli --format json > review.json
```
## Command Line Interface
### Usage
```bash
ai-code-buddy [OPTIONS] [REPO_PATH]
```
### Arguments
| `[REPO_PATH]` | Path to the Git repository | Current directory (`.`) |
### Options
| `--source <BRANCH>` | `-s` | Source branch to compare from | `main` | `-s feature-branch` |
| `--target <BRANCH>` | `-t` | Target branch to compare to | `HEAD` | `-t develop` |
| `--cli` | | Run in CLI mode with text output | Interactive TUI | `--cli` |
| `--verbose` | `-v` | Enable verbose output for debugging | Off | `-v` |
| `--credits` | | Show credits and list all contributors | Off | `--credits` |
| `--format <FORMAT>` | `-f` | Output format for results | `summary` | `-f json` |
| `--exclude <PATTERN>` | | Exclude files matching glob pattern | None | `--exclude "test_files/**"` |
| `--include <PATTERN>` | | Include only files matching glob pattern | None | `--include "src/**"` |
| `--gpu` | | Enable GPU acceleration (auto-detected) | Auto-detected | `--gpu` |
| `--cpu` | | Force CPU mode (disable GPU) | GPU if available | `--cpu` |
| `--help` | `-h` | Print help information | | `--help` |
| `--version` | `-V` | Print version information | | `--version` |
### Output Formats
| `summary` | Summary output with key findings | Quick overview and human review |
| `detailed` | Detailed output with all issues | Comprehensive analysis |
| `json` | JSON format for programmatic use | CI/CD integration, tooling |
| `markdown` | Markdown format for documentation | GitHub Issues, documentation |
## Usage Examples & Use Cases
### 🎯 Interactive TUI Mode (Default)
Launch the modern Bevy-powered terminal interface for comprehensive analysis:
```bash
ai-code-buddy
```
**🎮 TUI Navigation:**
- **Tab/Shift+Tab**: Switch between Overview, Analysis, and Reports tabs
- **↑/↓ Arrow Keys**: Navigate through issues and files
- **Enter**: View detailed issue information and recommendations
- **R**: Generate and export comprehensive reports
- **Q/Ctrl+C**: Quit application gracefully
- **Space**: Toggle issue selection for bulk operations
- **F**: Apply and modify file filters
**📊 TUI Features:**
- **Real-time analysis progress** with file-by-file updates
- **Interactive issue browsing** with syntax highlighting
- **Multiple export formats** (Summary, Detailed, JSON, Markdown)
- **GPU acceleration status** and performance metrics
- **Beautiful dark theme** optimized for long analysis sessions
### 🔧 CLI Mode Examples
#### 🚀 Quick Analysis
```bash
# Basic analysis of current branch vs main
ai-code-buddy --cli
# Compare specific branches
ai-code-buddy --cli --source main --target feature-branch
# Analyze specific directory with focus
ai-code-buddy --cli --include "src/**" --exclude "tests/**"
```
#### 🔍 Security-Focused Analysis
```bash
# Comprehensive OWASP security scan
ai-code-buddy --cli --format detailed --include "**/*.js" --include "**/*.py" --include "**/*.rs"
# Focus on authentication and authorization code
ai-code-buddy --cli --include "**/auth/**" --include "**/security/**" --include "**/admin/**"
# Quick security check for critical files
ai-code-buddy --cli --include "**/*auth*" --include "**/*login*" --include "**/*password*"
```
#### ⚡ Performance Analysis
```bash
# Focus on performance-critical code paths
ai-code-buddy --cli --include "src/core/**" --include "src/engine/**" --format detailed
# Large codebase optimization
ai-code-buddy --cli --exclude "target/**" --exclude "node_modules/**" --exclude "dist/**"
# Algorithm analysis
ai-code-buddy --cli --include "**/*algorithm*" --include "**/*performance*" --verbose
```
### 🏭 Production Use Cases
#### 🚨 Pre-Commit Hooks
```bash
#!/bin/bash
# .git/hooks/pre-commit
echo "🔍 Running AI Code Buddy analysis..."
# Run analysis and check for critical issues
ai-code-buddy --cli --format json --source main --target HEAD > /tmp/review.json
# Exit with error if critical issues found
ai-code-buddy --cli --format summary --source main --target HEAD
exit 1
fi
echo "✅ No critical issues found."
```
#### 🔄 CI/CD Pipeline Integration
**GitHub Actions:**
```yaml
name: AI Code Review
on: [pull_request]
jobs:
code-review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Full history for branch comparison
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
- name: Install AI Code Buddy
run: cargo install ai-code-buddy
- name: Run Code Analysis
run: |
ai-code-buddy --cli --format json \
--source ${{ github.event.pull_request.base.ref }} \
--target ${{ github.event.pull_request.head.ref }} \
> review.json
- name: Check Critical Issues
run: |
CRITICAL_COUNT=$(jq '[.issues[] | select(.severity == "Critical")] | length' review.json)
echo "Critical issues found: $CRITICAL_COUNT"
if [ "$CRITICAL_COUNT" -gt 0 ]; then
echo "❌ Critical security issues detected!"
ai-code-buddy --cli --format markdown \
--source ${{ github.event.pull_request.base.ref }} \
--target ${{ github.event.pull_request.head.ref }} \
> review-report.md
exit 1
fi
- name: Upload Review Report
uses: actions/upload-artifact@v3
if: always()
with:
name: code-review-report
path: review.json
```
**GitLab CI:**
```yaml
stages:
- analysis
code_review:
stage: analysis
image: rust:latest
script:
- cargo install ai-code-buddy
- ai-code-buddy --cli --format json --source $CI_MERGE_REQUEST_TARGET_BRANCH_NAME --target $CI_COMMIT_REF_NAME > review.json
- ai-code-buddy --cli --format markdown --source $CI_MERGE_REQUEST_TARGET_BRANCH_NAME --target $CI_COMMIT_REF_NAME > review.md
artifacts:
reports:
junit: review.json
paths:
- review.md
expire_in: 1 week
only:
- merge_requests
```
**Jenkins Pipeline:**
```groovy
pipeline {
agent any
stages {
stage('Code Review') {
steps {
sh 'cargo install ai-code-buddy'
sh '''
ai-code-buddy --cli --format json \
--source ${CHANGE_TARGET} --target ${CHANGE_BRANCH} \
> review.json
'''
script {
def review = readJSON file: 'review.json'
def criticalIssues = review.issues.findAll { it.severity == 'Critical' }
if (criticalIssues.size() > 0) {
error("Critical security issues found: ${criticalIssues.size()}")
}
}
}
post {
always {
archiveArtifacts artifacts: 'review.json', fingerprint: true
}
}
}
}
}
```
#### 📊 Automated Reporting
```bash
#!/bin/bash
# weekly-security-scan.sh
# Generate comprehensive security report
ai-code-buddy --cli --format markdown \
--source main --target HEAD \
--include "src/**" --include "lib/**" \
> "security-report-$(date +%Y-%m-%d).md"
# Generate JSON for metrics tracking
ai-code-buddy --cli --format json \
--source main --target HEAD \
> "metrics-$(date +%Y-%m-%d).json"
# Send to security team if critical issues found
CRITICAL_COUNT=$(jq '[.issues[] | select(.severity == "Critical")] | length' "metrics-$(date +%Y-%m-%d).json")
if [ "$CRITICAL_COUNT" -gt 0 ]; then
echo "⚠️ $CRITICAL_COUNT critical security issues found!"
# Send alert email, Slack notification, etc.
fi
```
### 🎯 Language-Specific Examples
#### 🦀 Rust Projects
```bash
# Comprehensive Rust analysis
ai-code-buddy --cli --include "**/*.rs" --include "**/Cargo.toml" --format detailed
# Focus on unsafe code and memory safety
ai-code-buddy --cli --include "**/*.rs" --verbose | grep -i "unsafe\|memory\|pointer"
# Performance analysis for Rust
ai-code-buddy --cli --include "src/**/*.rs" --exclude "tests/**" --format json | \
jq '.issues[] | select(.category == "Performance")'
```
#### 🐍 Python Projects
```bash
# Python security and performance scan
ai-code-buddy --cli --include "**/*.py" --include "**/requirements.txt" --format detailed
# Django/Flask security analysis
ai-code-buddy --cli \
--include "**/*.py" \
--include "**/settings.py" \
--include "**/views.py" \
--include "**/models.py"
# Focus on potential injection vulnerabilities
ai-code-buddy --cli --include "**/*.py" --format json | \
jq '.issues[] | select(.description | contains("injection"))'
```
#### 🟨 JavaScript/TypeScript Projects
```bash
# Full Node.js/React project analysis
ai-code-buddy --cli \
--include "**/*.js" --include "**/*.ts" --include "**/*.jsx" --include "**/*.tsx" \
--include "**/package.json" \
--exclude "**/node_modules/**" --exclude "**/dist/**"
# Frontend security focus (XSS, DOM manipulation)
ai-code-buddy --cli \
--include "src/**/*.js" --include "src/**/*.ts" \
--format detailed | grep -i "xss\|dom\|innerhtml"
# API security analysis
ai-code-buddy --cli \
--include "**/routes/**" --include "**/api/**" --include "**/controllers/**" \
--format json
```
### 🔍 Advanced Filtering Examples
#### 📁 Smart Directory Filtering
```bash
# Focus on core business logic
ai-code-buddy --cli \
--include "src/core/**" \
--include "src/services/**" \
--include "src/models/**" \
--exclude "**/*test*" \
--exclude "**/*spec*"
# Exclude all build and dependency directories
ai-code-buddy --cli \
--exclude "target/**" \
--exclude "node_modules/**" \
--exclude "vendor/**" \
--exclude "dist/**" \
--exclude "build/**" \
--exclude ".git/**" \
--exclude "**/*.min.js"
# Include only configuration and security files
ai-code-buddy --cli \
--include "**/*config*" \
--include "**/*auth*" \
--include "**/*security*" \
--include "**/.env*" \
--include "**/secrets/**"
```
#### 🔐 Security-Critical File Patterns
```bash
# Authentication and authorization
ai-code-buddy --cli \
--include "**/*auth*" \
--include "**/*login*" \
--include "**/*session*" \
--include "**/*token*" \
--include "**/*jwt*"
# Database and API security
ai-code-buddy --cli \
--include "**/*db*" \
--include "**/*database*" \
--include "**/*api*" \
--include "**/*query*" \
--include "**/*sql*"
# Configuration and secrets
ai-code-buddy --cli \
--include "**/*.env*" \
--include "**/*config*" \
--include "**/*secret*" \
--include "**/*key*" \
--include "**/settings*"
```
### 📈 Real Output Format Examples
Each format serves different use cases. Here are examples with actual output from running the tool:
#### � Summary Format (Default)
Best for quick overviews and human review:
```bash
ai-code-buddy --cli --format summary
```
**Actual Output:**
```
🔍 AI Code Review Tool (CLI Mode)
📂 Repository: .
🌿 Comparing: main → HEAD
📊 Starting AI-powered analysis...
📈 Found 36 changed files
🚀 GPU acceleration enabled (auto-detected or requested)
🧠 Initializing AI analyzer...
🍎 Apple Silicon detected, using Metal backend
🔧 Using backend: Metal
🔍 AI inference currently disabled due to token sampling issues
🔧 Using enhanced rule-based analysis for comprehensive code review
🔧 AI Analyzer initialized with Metal backend
📄 Analyzing: .DS_Store (Committed) [0.0%]
📑 Analyzing: build.rs (Staged) [2.8%]
📑 Analyzing: Cargo.toml (Staged) [8.3%]
📝 Analyzing: CHANGELOG.md (Modified) [11.1%]
📑 Analyzing: format_demo.js (Staged) [16.7%]
📑 Analyzing: README.md (Staged) [19.4%]
📑 Analyzing: src/args.rs (Staged) [22.2%]
[... continues with progress indicators ...]
✅ AI analysis complete! Found 43 issues.
🎯 Code Review Summary
==========================================
📁 Files analyzed: 36
🐛 Total issues: 43
⚠️ Severity breakdown:
🚨 Critical: 7
⚠️ High: 1
🔶 Medium: 3
ℹ️ Low: 32
```
#### 🔍 Detailed Format
Comprehensive analysis with line-by-line issues:
```bash
ai-code-buddy --cli --format detailed --gpu
```
**Actual Output:**
```
🎯 Code Review Summary
==========================================
📁 Files analyzed: 36
🐛 Total issues: 43
⚠️ Severity breakdown:
🚨 Critical: 7
⚠️ High: 1
🔶 Medium: 3
ℹ️ Low: 32
🔍 Detailed Analysis:
==========================================
🚨 🟡 build.rs (Line 100) [staged]: Command injection vulnerability - sanitize inputs
ℹ️ 🔴 CHANGELOG.md (Line 20) [modified]: Line too long (124 chars) - consider breaking into multiple lines
🚨 🟡 format_demo.js (Line 1) [staged]: Hardcoded credentials detected - use environment variables
🚨 🟡 format_demo.js (Line 1) [staged]: Code injection vulnerability - avoid eval/exec
⚠️ 🟡 src/core/ai_analyzer.rs (Line 555) [staged]: Unsafe code block - requires justification and review
🔶 🟡 src/core/analysis.rs (Line 50) [staged]: Nested loops detected - consider optimization
ℹ️ 🟡 README.md (Line 8) [staged]: Line too long (202 chars) - consider breaking into multiple lines
[... continues with all issues ...]
```
#### 📋 JSON Format
Perfect for automation and CI/CD integration:
```bash
ai-code-buddy --cli --format json --gpu
```
**Actual Output:**
```json
{
"files_count": 36,
"issues_count": 43,
"critical_issues": 7,
"high_issues": 1,
"medium_issues": 3,
"low_issues": 32,
"issues": [
{
"file": "build.rs",
"line": 100,
"severity": "Critical",
"category": "Security",
"description": "Command injection vulnerability - sanitize inputs",
"commit_status": "Staged"
},
{
"file": "format_demo.js",
"line": 1,
"severity": "Critical",
"category": "Security",
"description": "Hardcoded credentials detected - use environment variables",
"commit_status": "Staged"
},
{
"file": "format_demo.js",
"line": 1,
"severity": "Critical",
"category": "Security",
"description": "Code injection vulnerability - avoid eval/exec",
"commit_status": "Staged"
},
{
"file": "src/core/ai_analyzer.rs",
"line": 555,
"severity": "High",
"category": "Security",
"description": "Unsafe code block - requires justification and review",
"commit_status": "Staged"
},
{
"file": "src/core/analysis.rs",
"line": 50,
"severity": "Medium",
"category": "Performance",
"description": "Nested loops detected - consider optimization",
"commit_status": "Staged"
}
]
}
```
```
#### 📝 Markdown Format
Great for documentation and GitHub Issues:
```bash
ai-code-buddy --cli --format markdown --gpu
```
**Actual Output:**
```markdown
# Code Review Report
## Summary
- **Files analyzed**: 36
- **Total issues**: 43
- **Critical**: 7
- **High**: 1
- **Medium**: 3
- **Low**: 32
## Issues
- **build.rs:100** - Critical -  Security - Command injection vulnerability - sanitize inputs
- **CHANGELOG.md:20** - Low -  Code Quality - Line too long (124 chars) - consider breaking into multiple lines
- **format_demo.js:1** - Critical -  Security - Hardcoded credentials detected - use environment variables
- **format_demo.js:1** - Critical -  Security - Code injection vulnerability - avoid eval/exec
- **src/core/ai_analyzer.rs:555** - High -  Security - Unsafe code block - requires justification and review
- **src/core/analysis.rs:50** - Medium -  Performance - Nested loops detected - consider optimization
[... continues with all issues ...]
```
#### 🎯 Include/Exclude Pattern Examples
**Include specific file patterns:**
```bash
ai-code-buddy --cli --format summary --include "src/**" --include "*.js"
```
**Actual Output:**
```
🎯 Code Review Summary
==========================================
📁 Files analyzed: 36
🐛 Total issues: 32 # Note: Fewer issues (32 vs 43) because only src/ and .js files analyzed
⚠️ Severity breakdown:
🚨 Critical: 5
⚠️ High: 1
🔶 Medium: 3
ℹ️ Low: 23
```
**Exclude specific file patterns:**
```bash
ai-code-buddy --cli --format summary --exclude "test_files/**" --exclude "*.md"
```
**Actual Output:**
```
🎯 Code Review Summary
==========================================
📁 Files analyzed: 36
🐛 Total issues: 34 # Note: Fewer issues (34 vs 43) because .md files excluded
⚠️ Severity breakdown:
🚨 Critical: 6
⚠️ High: 1
🔶 Medium: 3
ℹ️ Low: 24
```
#### 🔧 Advanced Command Combinations
**Verbose output with detailed progress:**
```bash
ai-code-buddy --cli --format summary --verbose
```
**GPU-accelerated analysis with JSON output:**
```bash
ai-code-buddy --cli --format json --gpu
```
**Branch comparison with markdown export:**
```bash
ai-code-buddy --cli --format markdown --source main --target feature-branch > review.md
```
**CI/CD pipeline integration:**
```bash
# Exit with non-zero code if critical issues found
error("Found \(.critical_issues) critical security issues")
else
"✅ No critical issues found"
end'
```
**Security-focused analysis:**
```bash
ai-code-buddy --cli --format detailed \
--include "**/*config*" \
--include "**/*secret*" \
--include "**/*key*" \
--include "**/settings*"
```
#### 📊 Format Comparison
| `summary` | Quick daily checks | Smallest | ✅ High | ❌ No |
| `detailed` | Complete code review | Medium | ✅ High | ⚠️ Partial |
| `json` | CI/CD automation | Medium | ❌ No | ✅ Perfect |
| `markdown` | Documentation/PRs | Largest | ✅ Perfect | ⚠️ Partial |
#### 📊 Practical Use Cases
```bash
# Daily development workflow
ai-code-buddy --cli --format summary
# Weekly team review with details
# CI/CD automation
"summary": {
"total_issues": (.issues | length),
"critical_issues": (.issues | map(select(.severity == "Critical")) | length),
"files_analyzed": .metrics.files_analyzed
},
"security_issues": (.issues | map(select(.category == "Security"))),
"performance_issues": (.issues | map(select(.category == "Performance")))
}'
# Generate team review report
ai-code-buddy --cli --format markdown --source main --target feature-branch > review.md
# Add to pull request description
echo "## 🤖 AI Code Review Results" >> pr-description.md
ai-code-buddy --cli --format markdown --source main --target HEAD >> pr-description.md
```
## Command Line Reference
### Usage
```bash
ai-code-buddy [OPTIONS] [REPO_PATH]
```
### Arguments
| `[REPO_PATH]` | Path to the Git repository | Current directory (`.`) |
### Options
| `--source <BRANCH>` | `-s` | Source branch to compare from | `main` | `-s feature-branch` |
| `--target <BRANCH>` | `-t` | Target branch to compare to | `HEAD` | `-t develop` |
| `--cli` | | Run in CLI mode instead of TUI | Interactive TUI | `--cli` |
| `--verbose` | `-v` | Enable verbose output for debugging | Off | `-v` |
| `--credits` | | Show credits and list all contributors | Off | `--credits` |
| `--format <FORMAT>` | `-f` | Output format for results | `summary` | `-f json` |
| `--exclude <PATTERN>` | | Exclude files matching glob pattern | None | `--exclude "test_files/**"` |
| `--include <PATTERN>` | | Include only files matching glob pattern | None | `--include "src/**"` |
| `--help` | `-h` | Print help information | | `--help` |
| `--version` | `-V` | Print version information | | `--version` |
### Output Formats
| `summary` | Summary output with key findings | Quick overview and human review |
| `detailed` | Detailed output with all issues | Comprehensive analysis |
| `json` | JSON format for programmatic use | CI/CD integration, tooling |
| `markdown` | Markdown format for documentation | GitHub Issues, documentation |
## Issue Categories and Severity Levels
AI Code Buddy analyzes code across multiple dimensions:
### 🔒 Security Issues
- **🚨 Critical**: OWASP Top 10 vulnerabilities, injection attacks, authentication bypasses
- **⚠️ High**: Potential security weaknesses, insecure configurations
- **🔶 Medium**: Security best practice violations
- **ℹ️ Low**: Security recommendations and improvements
### 🐛 Code Quality Issues
- **🚨 Critical**: Memory safety violations (unsafe Rust code), null pointer dereferences
- **⚠️ High**: Logic errors, potential runtime failures
- **� Medium**: Code smells, anti-patterns
- **ℹ️ Low**: Style and formatting suggestions
### ⚡ Performance Issues
- **⚠️ High**: Algorithmic inefficiencies, blocking operations
- **🔶 Medium**: Suboptimal data structures, unnecessary allocations
- **ℹ️ Low**: Micro-optimizations, caching opportunities
### � Maintainability Issues
- **🔶 Medium**: Complex functions, high cyclomatic complexity
- **ℹ️ Low**: Documentation gaps, naming improvements
- **ℹ️ Info**: Refactoring suggestions, architectural improvements
### 🧪 Testing Issues
- **⚠️ High**: Missing critical test coverage
- **🔶 Medium**: Incomplete test scenarios
- **ℹ️ Low**: Test organization and best practices
## Configuration and Customization
### Automatic Detection
AI Code Buddy automatically detects and analyzes:
- **Repository Structure**: Git branch topology, commit history
- **Technology Stack**: Programming languages, frameworks, build tools
- **Dependencies**: Package files (Cargo.toml, package.json, requirements.txt)
- **Code Patterns**: Language-specific patterns and anti-patterns
- **File Relationships**: Import/export dependencies, module structure
### Environment Variables
The tool respects standard development environment variables:
```bash
# Git configuration
export GIT_DIR="/path/to/.git"
export GIT_WORK_TREE="/path/to/workdir"
# Analysis customization
export AI_CODE_BUDDY_VERBOSE=1 # Enable verbose output
export AI_CODE_BUDDY_FORMAT=json # Set default output format
```
### Performance Tuning
For large repositories, optimize analysis performance:
```bash
# Focus on recent changes only
ai-code-buddy --cli --source HEAD~10 --target HEAD
# Exclude large binary/generated directories
ai-code-buddy --cli \
--exclude "target/**" \
--exclude "node_modules/**" \
--exclude "vendor/**" \
--exclude "*.min.js" \
--exclude "dist/**"
# Parallel analysis (automatic for multiple files)
ai-code-buddy --cli --verbose # Shows parallel processing info
```
## 🐳 Docker & Containerization
### Docker Usage
**📦 Pre-built Image (Coming Soon):**
```bash
# Pull from Docker Hub (future release)
docker pull edgarhsanchez/ai-code-buddy:latest
# Run analysis on current directory
docker run -v $(pwd):/workspace edgarhsanchez/ai-code-buddy:latest --cli
```
**🔧 Build Your Own Image:**
```dockerfile
# Dockerfile
FROM rust:1.70-slim as builder
WORKDIR /app
COPY . .
RUN cargo build --release
FROM debian:bookworm-slim
RUN apt-get update && apt-get install -y \
git \
ca-certificates \
&& rm -rf /var/lib/apt/lists/*
COPY --from=builder /app/target/release/ai-code-buddy /usr/local/bin/
ENTRYPOINT ["ai-code-buddy"]
```
```bash
# Build the image
docker build -t ai-code-buddy .
# Run analysis
docker run -v $(pwd):/workspace -w /workspace ai-code-buddy --cli
```
### Docker Compose Integration
**🚀 Development Environment:**
```yaml
# docker-compose.yml
version: '3.8'
services:
code-review:
build: .
volumes:
- .:/workspace
- ./reports:/reports
working_dir: /workspace
command: ["--cli", "--format", "json"]
environment:
- AI_CODE_BUDDY_VERBOSE=1
```
```bash
# Run with Docker Compose
docker-compose run code-review --source main --target HEAD
```
### Kubernetes Deployment
**📊 Automated Code Review Job:**
```yaml
# k8s-code-review-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: ai-code-review
spec:
template:
spec:
containers:
- name: ai-code-buddy
image: edgarhsanchez/ai-code-buddy:latest
command: ["ai-code-buddy"]
args: ["--cli", "--format", "json", "--source", "main", "--target", "HEAD"]
volumeMounts:
- name: source-code
mountPath: /workspace
- name: reports
mountPath: /reports
env:
- name: AI_CODE_BUDDY_FORMAT
value: "json"
volumes:
- name: source-code
gitRepo:
repository: "https://github.com/your-org/your-repo.git"
- name: reports
persistentVolumeClaim:
claimName: reports-pvc
restartPolicy: Never
```
### 🎯 Enterprise Deployment Examples
**📈 Scheduled Security Scans:**
```bash
#!/bin/bash
# enterprise-security-scan.sh
# Daily security scan with Docker
docker run --rm \
-v /opt/repositories:/repositories \
-v /opt/reports:/reports \
edgarhsanchez/ai-code-buddy:latest \
--cli --format json \
--include "**/*.rs" --include "**/*.py" --include "**/*.js" \
--exclude "**/test/**" \
/repositories/critical-app > /reports/daily-scan-$(date +%Y%m%d).json
# Check for critical issues and alert
CRITICAL_COUNT=$(jq '[.issues[] | select(.severity == "Critical")] | length' /reports/daily-scan-$(date +%Y%m%d).json)
if [ "$CRITICAL_COUNT" -gt 0 ]; then
# Send alert to security team
slack-notify "🚨 $CRITICAL_COUNT critical security issues found in daily scan!"
fi
```
**🔄 Multi-Repository Analysis:**
```yaml
# multi-repo-analysis.yml
version: '3.8'
services:
frontend-review:
image: edgarhsanchez/ai-code-buddy:latest
volumes:
- ./frontend:/workspace
command: ["--cli", "--include", "**/*.js", "--include", "**/*.ts", "--format", "json"]
backend-review:
image: edgarhsanchez/ai-code-buddy:latest
volumes:
- ./backend:/workspace
command: ["--cli", "--include", "**/*.rs", "--format", "json"]
mobile-review:
image: edgarhsanchez/ai-code-buddy:latest
volumes:
- ./mobile:/workspace
command: ["--cli", "--include", "**/*.swift", "--include", "**/*.kt", "--format", "json"]
```
## Requirements
- **Rust 1.70+**: Required for building and running the application
- **Git repository**: The tool analyzes Git repositories with commit history
- **Terminal**: Modern terminal emulator with Unicode support for TUI mode
- **Memory**: Minimum 512MB RAM (more for large repositories)
- **Storage**: Temporary space for analysis cache
### Supported Platforms
- ✅ **Linux**: All major distributions
- ✅ **macOS**: Intel and Apple Silicon
- ✅ **Windows**: Windows 10+ with WSL2 recommended
- ✅ **FreeBSD**: Tested on FreeBSD 13+
### Supported Languages
- 🦀 **Rust**: Full support with Cargo integration
- 🟨 **JavaScript/TypeScript**: ES6+, Node.js, React patterns
- 🐍 **Python**: Python 3.7+, Django, Flask patterns
- 🔄 **More languages**: Planned support for Go, Java, C++
## Tips and Best Practices
### 🚀 Performance Optimization
```bash
# Exclude large directories for faster analysis
ai-code-buddy --cli --exclude "target/**" --exclude "node_modules/**" --exclude "dist/**"
# Focus on specific areas
ai-code-buddy --cli --include "src/**" --include "lib/**"
# Use JSON format for programmatic processing
### 🔐 Security-Focused Analysis
```bash
# Run comprehensive OWASP analysis
ai-code-buddy --cli --include "**/*.js" --include "**/*.py" --include "**/*.rs" --format detailed
# Focus on authentication and authorization code
ai-code-buddy --cli --include "**/auth/**" --include "**/security/**"
# Check for hardcoded secrets
### 📊 Code Review Workflow
1. **Pre-commit analysis:**
```bash
ai-code-buddy --cli --source main --target HEAD
```
2. **Feature branch review:**
```bash
ai-code-buddy --cli --source main --target feature/new-feature --format markdown > review.md
```
3. **CI/CD integration:**
```bash
ai-code-buddy --cli --format json > review.json
```
### 🎯 Effective File Filtering
```bash
# Include patterns (multiple patterns supported)
ai-code-buddy --cli \
--include "src/**/*.rs" \
--include "lib/**/*.rs" \
--include "tests/**/*.rs"
# Exclude patterns (combine with include for precision)
ai-code-buddy --cli \
--include "**/*.py" \
--exclude "**/migrations/**" \
--exclude "**/venv/**" \
--exclude "**/__pycache__/**"
```
### Security Analysis
AI Code Buddy includes comprehensive OWASP Top 10 security analysis with precise line-by-line vulnerability detection:
#### OWASP Top 10 Coverage
- **🚨 A01: Broken Access Control**
- Insecure Direct Object References
- Missing authorization checks
- Path traversal vulnerabilities
- **🔐 A02: Cryptographic Failures**
- Hardcoded secrets and credentials
- Weak cryptographic algorithms (MD5, SHA1)
- Insecure storage of sensitive data
- **💉 A03: Injection**
- SQL injection vulnerabilities
- Command injection risks
- Cross-Site Scripting (XSS)
- Code injection via eval()
- **⚠️ A04: Insecure Design**
- Missing rate limiting
- Overly permissive CORS configuration
- Insufficient security controls
- **🔧 A05: Security Misconfiguration**
- Debug mode in production
- Default credentials
- Insecure cookie configuration
- **🧩 A06: Vulnerable Components**
- Memory safety issues (Rust unsafe code)
- Outdated dependency patterns
- **🔑 A07: Authentication Failures**
- Weak password policies
- Session fixation vulnerabilities
- Missing multi-factor authentication
- **🛡️ A08: Software Integrity Failures**
- Insecure deserialization
- Missing integrity checks
- Remote code execution risks
- **📊 A09: Logging & Monitoring Failures**
- Logging sensitive information
- Missing audit trails
- Information disclosure
- **🌐 A10: Server-Side Request Forgery**
- Unvalidated URL requests
- Internal service exposure
- SSRF attack vectors
#### Security Best Practices
- Run analysis before merging feature branches
- Pay special attention to Critical and High severity issues
- Use verbose mode (`-v`) for debugging analysis issues
- Review OWASP findings with security team
- Test fixes in isolated environments
### File Filtering Best Practices
```bash
# Exclude common build/generated directories
ai-code-buddy --cli --exclude "target/**" --exclude "node_modules/**" --exclude ".git/**"
# Include only source code
ai-code-buddy --cli --include "src/**" --include "lib/**" --include "tests/**"
# Language-specific filtering
ai-code-buddy --cli --include "**/*.rs" --include "**/*.toml" # Rust projects
ai-code-buddy --cli --include "**/*.js" --include "**/*.ts" # JavaScript projects # JavaScript projects
```
### Output Format Selection
- **Summary**: Quick daily code reviews
- **Detailed**: Comprehensive analysis before releases
- **JSON**: CI/CD integration and automated processing
- **Markdown**: Documentation and GitHub issue reports
## Troubleshooting
### Common Issues and Solutions
#### 🔍 **"Git Repository Not Found"**
```bash
# Verify you're in a git repository
git status
# Initialize git if needed
git init
# Or specify repository path explicitly
ai-code-buddy --cli /path/to/your/repo
```
#### 🌿 **"Branch Not Found"**
```bash
# List available branches
git branch -a
# Use correct branch names (check remote branches)
ai-code-buddy --cli --source origin/main --target feature-branch
# For new repositories with default branch
ai-code-buddy --cli --source HEAD~1 --target HEAD
```
#### 📂 **"No Issues Found"**
This usually indicates:
- ✅ Clean code with no detected issues
- 🎯 No differences between specified branches
- 🚫 All files excluded by filter patterns
- 📁 Analysis limited to supported file types
**Solutions:**
```bash
# Check what files are being analyzed
ai-code-buddy --cli --verbose
# Broaden file inclusion
ai-code-buddy --cli --include "**/*"
# Check different branches
ai-code-buddy --cli --source HEAD~5 --target HEAD
```
#### ⚡ **Performance Issues with Large Repositories**
```bash
# Exclude build directories
ai-code-buddy --cli --exclude "target/**" --exclude "node_modules/**"
# Focus on recent changes
ai-code-buddy --cli --source HEAD~10 --target HEAD
# Use more specific file patterns
ai-code-buddy --cli --include "src/**/*.rs"
```
#### 🖥️ **TUI Display Issues**
```bash
# If TUI doesn't display correctly, use CLI mode
ai-code-buddy --cli
# Check terminal compatibility
echo $TERM
# For terminals with limited Unicode support
TERM=xterm-256color ai-code-buddy
```
#### 💾 **Memory Issues**
```bash
# For very large repositories, increase available memory or use filtering
ai-code-buddy --cli --exclude "vendor/**" --exclude "third_party/**"
# Process files in smaller batches
ai-code-buddy --cli --include "src/module1/**"
ai-code-buddy --cli --include "src/module2/**"
```
### Debugging Options
#### Enable Verbose Output
```bash
ai-code-buddy --cli --verbose
```
Shows detailed processing information including:
- Files being analyzed
- Pattern matching results
- Performance metrics
- Error details
#### Check Version and Help
```bash
ai-code-buddy --version
ai-code-buddy --help
ai-code-buddy --credits
```
## API and Integration
### Exit Codes
```bash
# Success - analysis completed without errors
echo $? # Returns 0
# Error - analysis failed or invalid arguments
echo $? # Returns 1
# Critical issues found (when configured)
echo $? # Returns 2
```
### Integration Examples
#### CI/CD Pipeline Integration
```yaml
# GitHub Actions example
name: Code Review
on: [pull_request]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Full history for branch comparison
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
- name: Install AI Code Buddy
run: cargo install ai-code-buddy
- name: Run Analysis
run: |
ai-code-buddy --cli \
--format json \
--source ${{ github.event.pull_request.base.ref }} \
--target ${{ github.event.pull_request.head.ref }} \
> review.json
- name: Check for Critical Issues
run: |
CRITICAL_ISSUES=$(jq '.issues | to_entries[] | select(.value[] | .severity == "Critical") | length' review.json)
if [ "$CRITICAL_ISSUES" -gt 0 ]; then
echo "Found $CRITICAL_ISSUES critical security issues"
exit 1
fi
- name: Post Review Comment
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const review = JSON.parse(fs.readFileSync('review.json', 'utf8'));
// Process and post review results
```
#### Pre-commit Hook
```bash
#!/bin/sh
# .git/hooks/pre-commit
echo "Running AI Code Buddy analysis..."
ai-code-buddy --cli --format summary --source HEAD~1 --target HEAD
if [ $? -ne 0 ]; then
echo "Code review found critical issues. Commit aborted."
exit 1
fi
```
#### IDE Integration
```json
// VS Code tasks.json
{
"version": "2.0.0",
"tasks": [
{
"label": "AI Code Review",
"type": "shell",
"command": "ai-code-buddy",
"args": ["--cli", "--source", "main", "--target", "HEAD"],
"group": "build",
"presentation": {
"echo": true,
"reveal": "always",
"focus": false,
"panel": "new"
}
}
]
}
```
### Environment Variables
```bash
# Set default options
export AI_CODE_BUDDY_DEFAULT_SOURCE="main"
export AI_CODE_BUDDY_DEFAULT_TARGET="HEAD"
export AI_CODE_BUDDY_DEFAULT_FORMAT="summary"
# Git configuration (respects standard Git environment)
export GIT_DIR="/custom/.git"
export GIT_WORK_TREE="/custom/workdir"
# Performance tuning
export AI_CODE_BUDDY_CACHE_DIR="/tmp/ai-code-buddy-cache"
export AI_CODE_BUDDY_MAX_FILE_SIZE="1048576" # 1MB limit
```
## 🙋♀️ Frequently Asked Questions
### General Usage
**❓ Q: What programming languages does AI Code Buddy support?**
**💡 A:** Currently supports Rust, JavaScript/TypeScript, and Python with language-specific security and performance analysis. Go, Java, C++, and C# support is planned for 2025.
**❓ Q: Does it work with any Git repository?**
**💡 A:** Yes! AI Code Buddy works with any Git repository and can analyze both committed and uncommitted changes. It automatically detects the repository structure and programming languages.
**❓ Q: Can I use it without GPU acceleration?**
**💡 A:** Absolutely! The tool includes a comprehensive rule-based analysis engine that provides excellent results on CPU-only systems. GPU acceleration is an optional enhancement.
**❓ Q: How long does analysis take?**
**💡 A:** Analysis time varies by repository size:
- Small projects (< 1k files): 5-30 seconds
- Medium projects (1k-10k files): 30 seconds - 2 minutes
- Large projects (10k+ files): 2-10 minutes
Use `--exclude` patterns to focus analysis and reduce time.
### Technical Questions
**❓ Q: How accurate are the security vulnerability detections?**
**💡 A:** Our OWASP-based analysis has a 95%+ accuracy rate for critical vulnerabilities with minimal false positives. The tool is designed for precision over recall to avoid alert fatigue.
**❓ Q: Can I customize the analysis rules?**
**💡 A:** Custom rule configuration is planned for Q2 2025. Currently, you can use `--include` and `--exclude` patterns to focus analysis on specific areas of your codebase.
**❓ Q: Does it store or transmit my code anywhere?**
**💡 A:** No! All analysis happens locally on your machine. No code is transmitted to external servers or stored anywhere except your local file system.
**❓ Q: How do I integrate with my CI/CD pipeline?**
**💡 A:** Use the `--cli` mode with `--format json` for programmatic integration. Check the CI/CD examples section for GitHub Actions, GitLab CI, and Jenkins templates.
### Installation & Setup
**❓ Q: Why am I getting "cargo: command not found"?**
**💡 A:** You need to install Rust first:
```bash
```
**❓ Q: How do I enable GPU acceleration?**
**💡 A:** GPU acceleration is automatically detected during installation. For manual control:
```bash
# Force GPU features
cargo install ai-code-buddy --features gpu-metal # Apple Silicon
cargo install ai-code-buddy --features gpu-cuda # NVIDIA (Windows only)
```
**❓ Q: Can I run this in Docker?**
**💡 A:** Yes! See the Docker section for container usage examples. Perfect for CI/CD environments where you don't want to install Rust directly.
### Performance & Optimization
**❓ Q: Analysis is taking too long. How can I speed it up?**
**💡 A:** Use these optimization strategies:
```bash
# Exclude large directories
ai-code-buddy --cli --exclude "target/**" --exclude "node_modules/**"
# Focus on recent changes only
ai-code-buddy --cli --source HEAD~10 --target HEAD
# Analyze specific languages
ai-code-buddy --cli --include "**/*.rs" --include "**/*.py"
```
**❓ Q: Does it work well with large monorepos?**
**💡 A:** Yes, but use filtering for best performance. The tool is optimized for repositories up to 100k files with proper exclusion patterns.
**❓ Q: Can I run multiple analyses in parallel?**
**💡 A:** Each `ai-code-buddy` instance analyzes files in parallel internally. For multiple repositories, run separate instances or use Docker Compose with multiple services.
### Output & Reporting
**❓ Q: What's the difference between output formats?**
**💡 A:**
- `summary`: Human-readable overview (default)
- `detailed`: Complete issue list with descriptions
- `json`: Machine-readable for automation
- `markdown`: Perfect for documentation and reports
**❓ Q: How do I filter issues by severity?**
**💡 A:** Use `jq` with JSON output:
```bash
**❓ Q: Can I export reports to other tools?**
**💡 A:** Yes! JSON output integrates with most tools. Markdown works great for GitHub Issues, and the format is compatible with many security platforms.
### Troubleshooting
**❓ Q: I'm seeing "GPU support requested but not compiled in" - what's wrong?**
**💡 A:** This happens when GPU features weren't included during compilation. Reinstall with explicit features:
```bash
cargo install ai-code-buddy --features gpu-metal --force # Apple Silicon
```
**❓ Q: The tool isn't finding issues in my JavaScript code. Why?**
**💡 A:** Make sure your files have proper extensions (`.js`, `.ts`, `.jsx`, `.tsx`) and aren't in excluded directories like `node_modules/`.
**❓ Q: How do I report a false positive or false negative?**
**💡 A:** Please open an issue on GitHub with:
- Code sample that triggered the false positive/negative
- Expected vs actual behavior
- Output with `--verbose` flag for debugging info
**❓ Q: The analysis seems stuck. What should I do?**
**💡 A:** Try these steps:
1. Use `--verbose` to see progress details
2. Check if you're analyzing very large files (>1MB)
3. Exclude binary files with `--exclude "**/*.{jpg,png,pdf,zip}"`
4. Kill and restart if truly stuck
### Contributing & Development
**❓ Q: How can I contribute new language support?**
**💡 A:** We'd love your help! Check the Contributing section for guidelines on adding new language patterns. Start with the `detect_language()` function in `ai_analyzer.rs`.
**❓ Q: Can I add custom security rules?**
**💡 A:** Custom rules will be supported in Q2 2025. For now, you can modify the patterns in `rule_based_analysis()` and build from source.
**❓ Q: How do I build from source for development?**
**💡 A:**
```bash
git clone https://github.com/edgarhsanchez/ai_code_buddy.git
cd ai_code_buddy
cargo build --release
./target/release/ai-code-buddy --help
```
## Testing
AI Code Buddy maintains comprehensive test coverage to ensure reliability and quality.
### Test Coverage
- **Current Coverage**: 68.44% (527/770 lines covered)
- **Test Suites**: 60 tests passing across all modules
- **Coverage Report**: [View detailed HTML coverage report](./coverage/tarpaulin-report.html)
### Running Tests
```bash
# Run all tests
cargo test
# Run tests with focused coverage (see tarpaulin.toml for filters)
cargo coverage --verbose
# Run specific test suites
cargo test --test test_args
cargo test --test test_git
cargo test --test test_widget_states
cargo test --test test_integration
```
### Test Structure
Our testing strategy includes:
- **Unit Tests**: Core functionality testing for CLI arguments, Git operations, and theming
- **Integration Tests**: UI component testing using ratatui TestBackend
- **Widget State Tests**: Comprehensive testing of UI state management
- **Property-Based Tests**: Using proptest for robust input validation
### Test Categories
1. **Core Module Tests**
- `test_args.rs`: CLI argument parsing and validation (7 tests)
- `test_git.rs`: Git repository operations and analysis (6 tests)
- `test_theme.rs`: UI theming and styling (14 tests)
- `test_review.rs`: Code review data structures (5 tests)
2. **Widget State Tests**
- `test_widget_states.rs`: UI state management and transitions (21 tests)
3. **Integration Tests**
- `test_integration.rs`: End-to-end UI component testing (7 tests)
### Coverage Goals
We strive for high test coverage with the following priorities:
1. **Critical Path Coverage**: Core analysis and Git operations
2. **UI Component Testing**: Widget rendering and state management
3. **Error Handling**: Comprehensive error scenario testing
4. **Edge Cases**: Boundary conditions and unusual inputs
### Running Coverage Analysis
```bash
# Generate HTML coverage report (respects tarpaulin.toml)
cargo coverage --verbose --out Html
# Generate JSON coverage data (optional)
cargo coverage --out Json
# View coverage in browser
open coverage/tarpaulin-report.html
```
## Contributing
We welcome contributions! Here's how you can help:
### 🚀 Quick Start for Contributors
1. **Fork and Clone**
```bash
git clone https://github.com/your-username/ai_code_buddy.git
cd ai_code_buddy
```
2. **Development Setup**
```bash
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
cargo build
cargo test
cargo run -- --cli --help
```
3. **Create a Feature Branch**
```bash
git checkout -b feature/amazing-feature
```
4. **Make Your Changes and Test**
```bash
cargo run -- --cli --source main --target feature/amazing-feature
cargo test --all-features
cargo fmt --check
cargo clippy -- -D warnings
```
5. **Commit and Push**
```bash
./commit.sh feat "add amazing feature"
git add .
git commit -m "feat: add amazing feature"
git push origin feature/amazing-feature
```
### 📝 Conventional Commits & Automated Versioning
This project uses **Conventional Commits** for automated semantic versioning and release management.
**Commit Message Format:**
```
type(scope): description
[optional body]
[optional footer]
```
**Types that trigger version bumps:**
- `feat:` → **MINOR** version bump (new features)
- `fix:` → **PATCH** version bump (bug fixes)
- `feat!:` or `BREAKING CHANGE:` → **MAJOR** version bump
**Quick commit examples:**
```bash
./commit.sh feat "add user authentication system"
./commit.sh fix "resolve memory leak in analysis"
./commit.sh docs "update installation guide"
```
**Automated Release Process:**
When your PR is merged to `main`:
1. ✅ Commits are analyzed for version bump type
2. ✅ `Cargo.toml` version is automatically updated
3. ✅ Git tag is created (e.g., `v1.2.3`)
4. ✅ GitHub release is generated with changelog
5. ✅ Package is published to crates.io
📖 **Full Guide:** See [CONVENTIONAL_COMMITS.md](./CONVENTIONAL_COMMITS.md) for detailed information.
6. **Open a Pull Request**
- Ensure your PR description explains the changes
- Include any relevant test files or examples
- Reference any related issues
### 🧪 Testing Your Changes
```bash
# Test with different repositories
cd /path/to/test-repo
/path/to/ai_code_buddy/target/debug/ai-code-buddy --cli
# Test with the included example files
cd /path/to/ai_code_buddy
cargo run -- --cli --include "test_files/**" --format detailed
# Test TUI mode
cargo run
# Test output formats
cargo run -- --cli --format json
cargo run -- --cli --format markdown
```
### 📝 Contribution Guidelines
- **Code Style**: Follow Rust conventions, run `cargo fmt` and `cargo clippy`
- **Testing**: Add tests for new features, ensure existing tests pass
- **Documentation**: Update README and code comments for significant changes
- **Commit Messages**: Use conventional commit format (`feat:`, `fix:`, `docs:`, etc.)
- **Performance**: Consider impact on large repositories
- **Security**: Be extra careful with any security-related code
### 🎯 Areas Where We Need Help
- **Language Support**: Adding analysis for Go, Java, C++, C#
- **Security Patterns**: Expanding OWASP vulnerability detection
- **Performance**: Optimizing analysis for very large repositories
- **UI/UX**: Improving the TUI interface and user experience
- **Testing**: Adding more comprehensive test cases
- **Documentation**: Examples, tutorials, best practices
- **Integrations**: IDE plugins, CI/CD templates
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## Roadmap
### ✅ Completed Features
- [x] **Professional CLI** with comprehensive argument parsing
- [x] **Modern TUI Interface** built with Bevy and Ratatui
- [x] **Multiple Output Formats** (Summary, Detailed, JSON, Markdown)
- [x] **File Filtering** with glob patterns
- [x] **Contributors and Credits** system
- [x] **OWASP Security Analysis** with precise line-by-line detection
- [x] **Git Branch Comparison** with detailed diff analysis
- [x] **Multi-language Support** (Rust, JavaScript, Python)
### 🚧 In Progress
- [ ] **Real AI Integration** with Kalosm language models
- [ ] **Performance Optimization** for large repositories (>10k files)
- [ ] **Enhanced TUI Features** (search, filtering, bookmarks)
### 🔮 Planned Features
#### Q1 2025
- [ ] **Advanced Language Support**
- Go language analysis
- Java/Kotlin support
- C/C++ vulnerability detection
- C# .NET analysis
#### Q2 2025
- [ ] **Custom Configuration**
- `.ai-code-buddy.toml` configuration files
- Custom rule definitions
- Team-specific security policies
- Ignore rules and exceptions
#### Q3 2025
- [ ] **IDE Integrations**
- VS Code extension
- IntelliJ IDEA plugin
- Vim/Neovim integration
- Emacs mode
#### Q4 2025
- [ ] **Advanced Features**
- Web interface for team collaboration
- API server mode
- Database storage for historical analysis
- Trend analysis and reporting
### 🌟 Future Possibilities
- [ ] **Machine Learning Enhancements**
- Custom model training on codebases
- False positive reduction
- Context-aware analysis
- [ ] **Enterprise Features**
- LDAP/SSO integration
- Role-based access control
- Compliance reporting (SOX, GDPR, PCI-DSS)
- Integration with security tools (SonarQube, Checkmarx)
- [ ] **Performance & Scalability**
- Distributed analysis
- Cloud-native deployment
- Real-time monitoring
- Webhook integrations
## Acknowledgments
### 🛠️ Built With
- **[Bevy](https://bevyengine.org/)** - Modern game engine powering the TUI interface
- **[Ratatui](https://ratatui.rs/)** - Terminal user interface library
- **[Kalosm](https://crates.io/crates/kalosm)** - AI/ML framework for language processing
- **[git2](https://crates.io/crates/git2)** - Git repository analysis and manipulation
- **[clap](https://crates.io/crates/clap)** - Professional command-line argument parsing
- **[tokio](https://crates.io/crates/tokio)** - Asynchronous runtime for Rust
- **[crossterm](https://crates.io/crates/crossterm)** - Cross-platform terminal manipulation
- **[serde](https://crates.io/crates/serde)** - Serialization framework for JSON output
### 🎨 Design Inspiration
- **[ripgrep](https://github.com/BurntSushi/ripgrep)** - Performance and CLI design patterns
- **[bat](https://github.com/sharkdp/bat)** - Beautiful terminal output and syntax highlighting
- **[delta](https://github.com/dandavison/delta)** - Git diff visualization
- **[lazygit](https://github.com/jesseduffield/lazygit)** - TUI design and navigation patterns
### 🔒 Security Standards
- **[OWASP Top 10](https://owasp.org/www-project-top-ten/)** - Security vulnerability classification
- **[CWE](https://cwe.mitre.org/)** - Common Weakness Enumeration
- **[Rust Security Advisory Database](https://rustsec.org/)** - Rust-specific security guidance
### 🙏 Special Thanks
- **Rust Community** - For creating an amazing ecosystem
- **Security Researchers** - For vulnerability pattern research
- **Open Source Contributors** - For all the dependencies we build upon
- **Beta Testers** - For early feedback and bug reports
---
**Made with ❤️ and 🦀 by the AI Code Buddy team**
*For more examples, advanced usage guides, and community discussions, visit our [documentation](https://github.com/edgarhsanchez/ai_code_buddy/wiki) and join our [discussions](https://github.com/edgarhsanchez/ai_code_buddy/discussions).*