repopilot 0.4.0

Local-first CLI for repository audit, architecture risk detection, baseline tracking, and CI-friendly code review.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141

use serde_json::Value;
use std::fs;
use std::process::Command;
use tempfile::tempdir;

fn repopilot() -> Command {
    Command::new(env!("CARGO_BIN_EXE_repopilot"))
}

#[test]
fn baseline_create_creates_default_file_and_parent_directory() {
    let temp = tempdir().expect("failed to create temp dir");
    write_project_with_secret(temp.path(), "config");

    let output = repopilot()
        .args(["baseline", "create", "."])
        .current_dir(temp.path())
        .output()
        .expect("failed to run baseline create");

    assert!(output.status.success());
    assert!(temp.path().join(".repopilot").is_dir());
    assert!(temp.path().join(".repopilot/baseline.json").is_file());

    let stdout = String::from_utf8_lossy(&output.stdout);
    assert!(stdout.contains("RepoPilot Baseline"));
    assert!(stdout.contains("Scanned path: ."));
    assert!(stdout.contains("Baseline written to: .repopilot/baseline.json"));
    assert!(stdout.contains("- High: 1"));
}

#[test]
fn baseline_create_does_not_overwrite_existing_file_without_force() {
    let temp = tempdir().expect("failed to create temp dir");
    write_project_with_secret(temp.path(), "config");
    fs::create_dir_all(temp.path().join(".repopilot")).expect("failed to create baseline dir");
    let baseline_path = temp.path().join(".repopilot/baseline.json");
    fs::write(&baseline_path, "sentinel\n").expect("failed to write sentinel baseline");

    let output = repopilot()
        .args(["baseline", "create", "."])
        .current_dir(temp.path())
        .output()
        .expect("failed to run baseline create");

    assert!(output.status.success());
    assert_eq!(
        fs::read_to_string(&baseline_path).expect("failed to read baseline"),
        "sentinel\n"
    );
}

#[test]
fn baseline_create_overwrites_existing_file_with_force() {
    let temp = tempdir().expect("failed to create temp dir");
    write_project_with_secret(temp.path(), "config");
    fs::create_dir_all(temp.path().join(".repopilot")).expect("failed to create baseline dir");
    let baseline_path = temp.path().join(".repopilot/baseline.json");
    fs::write(&baseline_path, "sentinel\n").expect("failed to write sentinel baseline");

    let output = repopilot()
        .args(["baseline", "create", ".", "--force"])
        .current_dir(temp.path())
        .output()
        .expect("failed to run baseline create");

    assert!(output.status.success());
    let baseline: Value =
        serde_json::from_str(&fs::read_to_string(&baseline_path).expect("failed to read baseline"))
            .expect("baseline should be JSON");
    assert_eq!(baseline["schema_version"], 1);
    assert_ne!(baseline, Value::String("sentinel\n".to_string()));
}

#[test]
fn baseline_create_supports_explicit_output_path() {
    let temp = tempdir().expect("failed to create temp dir");
    write_project_with_secret(temp.path(), "config");
    let baseline_path = temp.path().join("baseline.json");

    let output = repopilot()
        .args(["baseline", "create", ".", "--output"])
        .arg(&baseline_path)
        .current_dir(temp.path())
        .output()
        .expect("failed to run baseline create");

    assert!(output.status.success());
    assert!(baseline_path.is_file());
}

#[test]
fn baseline_create_stores_stable_keys_and_repo_relative_paths() {
    let temp = tempdir().expect("failed to create temp dir");
    write_project_with_secret(temp.path(), "config");

    let output = repopilot()
        .args(["baseline", "create", "."])
        .current_dir(temp.path())
        .output()
        .expect("failed to run baseline create");

    assert!(output.status.success());

    let baseline: Value = serde_json::from_str(
        &fs::read_to_string(temp.path().join(".repopilot/baseline.json"))
            .expect("failed to read baseline"),
    )
    .expect("baseline should be JSON");
    let findings = baseline["findings"]
        .as_array()
        .expect("findings should be an array");
    let secret = findings
        .iter()
        .find(|finding| finding["rule_id"] == "security.secret-candidate")
        .expect("expected secret finding");

    assert_eq!(secret["key"], "security.secret-candidate:src/config.rs:1");
    assert_eq!(secret["path"], "src/config.rs");
    assert!(
        !secret["key"]
            .as_str()
            .unwrap()
            .contains(temp.path().to_str().unwrap())
    );
}

fn write_project_with_secret(root: &std::path::Path, module: &str) {
    fs::create_dir_all(root.join("src")).expect("failed to create src dir");
    fs::create_dir_all(root.join("tests")).expect("failed to create tests dir");
    fs::write(
        root.join(format!("src/{module}.rs")),
        "const API_KEY: &str = \"abc12345\";\n",
    )
    .expect("failed to write source file");
    fs::write(
        root.join(format!("tests/{module}.rs")),
        "fn covers_module() {}\n",
    )
    .expect("failed to write test file");
}