trusty-review 0.4.1

LLM-backed code review service — reviews GitHub PRs and unified diffs via AWS Bedrock or OpenRouter
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434

//! HTTP client over trusty-analyze (`:7879`) — OPTIONAL dependency.
//!
//! Why: trusty-analyze provides static analysis context (complexity hotspots,
//! code smells) that enriches the review.  It is OPTIONAL: if unavailable the
//! pipeline proceeds with empty static-analysis context and the service-
//! unavailable Slack notice is NOT raised.  (spec REV-012, REV-440, REV-442)
//!
//! What: defines `AnalyzeClient` trait and `HttpAnalyzeClient`.  The two-step
//! readiness probe (`has_analysis`) calls `GET /health` AND `GET /indexes` —
//! NEVER `GET /indexes/{id}/quality` which is O(corpus) and always times out.
//! (spec REV-441, lesson §12.3)
//!
//! Routes verified from `crates/trusty-analyze/src/service/mod.rs`:
//!   GET  /health
//!   GET  /indexes
//!   GET  /indexes/{id}/complexity_hotspots[?top_k=N]
//!   GET  /indexes/{id}/smells[?category=<name>]
//!   (GET /indexes/{id}/quality  — NEVER a readiness probe; O(corpus))
//!
//! Test: `two_step_probe_never_calls_quality` documents the invariant;
//! `analyze_client_graceful_degradation` verifies transport errors return
//! empty defaults rather than propagating.

use async_trait::async_trait;
use serde::{Deserialize, Serialize};

// ─── Error type ───────────────────────────────────────────────────────────────

/// Errors produced by `AnalyzeClient` implementations.
///
/// Why: typed errors let callers log the specific failure without pattern-
/// matching on strings.
/// What: `Transport`, `Api`, `Parse`, `Unavailable` match the equivalent
/// `SearchClientError` variants.  All errors are treated as "graceful
/// degradation" by the pipeline — none should block a review.  `ClientInit`
/// covers TLS-backend initialisation failures at construction time so callers
/// receive an `Err` instead of a panic.
/// Test: `analyze_error_display`.
#[derive(Debug, thiserror::Error)]
pub enum AnalyzeClientError {
    /// HTTP transport failure.
    #[error("trusty-analyze transport error: {0}")]
    Transport(String),

    /// trusty-analyze returned a non-2xx status.
    #[error("trusty-analyze API returned {status}: {body}")]
    Api {
        /// HTTP status code.
        status: u16,
        /// Response body (may be truncated).
        body: String,
    },

    /// Response JSON could not be parsed.
    #[error("trusty-analyze response parse error: {0}")]
    Parse(String),

    /// Daemon is unreachable or unhealthy.
    #[error("trusty-analyze unavailable: {0}")]
    Unavailable(String),

    /// reqwest client construction failed (TLS backend unavailable).
    #[error("failed to build HTTP client: {0}")]
    ClientInit(String),
}

// ─── Response types ───────────────────────────────────────────────────────────

/// Response from `GET /health` on trusty-analyze.
///
/// Why: the two-step probe (REV-441) checks `status == "ok"` AND
/// `search_reachable == true` before considering analyze available.
/// What: maps the trusty-analyze health JSON; extra fields are discarded.
/// Test: `analyze_health_response_deserialises`.
#[derive(Debug, Clone, Deserialize, Serialize)]
pub struct AnalyzeHealthResponse {
    /// `"ok"` when the analyze daemon itself is healthy.
    pub status: String,
    /// True when the analyze daemon can reach the trusty-search daemon.
    #[serde(default)]
    pub search_reachable: bool,
}

impl AnalyzeHealthResponse {
    /// Returns `true` when the daemon is healthy AND can reach trusty-search.
    ///
    /// Why: the pipeline must not rely on analyze context if the search sidecar
    /// it depends on is also down.  (spec REV-441)
    /// What: checks `status == "ok" && search_reachable`.
    /// Test: `analyze_health_response_is_healthy`.
    pub fn is_healthy(&self) -> bool {
        self.status == "ok" && self.search_reachable
    }
}

/// A single registered index from `GET /indexes` on trusty-analyze.
///
/// Why: the two-step probe checks that at least one index exists before
/// marking the service available.
/// What: minimal shape — `id` only; other fields discarded.
/// Test: `analyze_index_info_deserialises`.
#[derive(Debug, Clone, Deserialize, Serialize)]
pub struct AnalyzeIndexInfo {
    /// Unique index identifier.
    pub id: String,
}

/// A single complexity hotspot from `GET /indexes/{id}/complexity_hotspots`.
///
/// Why: the pipeline uses hotspots to annotate the review with files/functions
/// that are structurally complex.
/// What: `file` and `cyclomatic` are the primary fields; `function_name` and
/// `cognitive` are optional enrichment.
/// Test: `hotspot_deserialises`.
#[derive(Debug, Clone, Deserialize, Serialize)]
pub struct ComplexityHotspot {
    /// Repository-relative file path.
    pub file: String,
    /// Function or chunk name, if available.
    #[serde(default)]
    pub function_name: Option<String>,
    /// Cyclomatic complexity score.
    #[serde(default)]
    pub cyclomatic: u32,
    /// Cognitive complexity score.
    #[serde(default)]
    pub cognitive: u32,
}

/// A single code smell from `GET /indexes/{id}/smells`.
///
/// Why: the pipeline annotates the review with detected code smells in the
/// changed files.
/// What: `file`, `category`, and `severity` are the key fields.
/// Test: `smell_deserialises`.
#[derive(Debug, Clone, Deserialize, Serialize)]
pub struct Smell {
    /// Repository-relative file path.
    pub file: String,
    /// Smell category (e.g. `"long_method"`, `"deep_nesting"`).
    pub category: String,
    /// Severity level (e.g. `"low"`, `"medium"`, `"high"`).
    #[serde(default)]
    pub severity: String,
    /// Line number, if available.
    #[serde(default)]
    pub line: Option<u32>,
}

// ─── Trait definition ─────────────────────────────────────────────────────────

/// Client interface for the trusty-analyze HTTP daemon (OPTIONAL dependency).
///
/// Why: the pipeline depends on this trait so the transport can be mocked
/// or swapped without touching pipeline code.  (spec REV-009, REV-440)
/// What: exposes `health`, `has_analysis` (two-step probe), `complexity_hotspots`,
/// and `smells`.  ALL methods must gracefully degrade — return an empty default
/// on transport error, never panic, never block the review.
/// Test: `analyze_client_trait_object_compiles`.
#[async_trait]
pub trait AnalyzeClient: Send + Sync {
    /// Check liveness of the trusty-analyze daemon.
    ///
    /// Why: quick liveness check used by `has_analysis`; does not check
    /// whether analysis data is available.
    /// What: `GET /health` → `AnalyzeHealthResponse`.
    /// Test: integration tests; unit tests mock this method.
    async fn health(&self) -> Result<AnalyzeHealthResponse, AnalyzeClientError>;

    /// Two-step readiness probe: is analyze available AND does it have data?
    ///
    /// Why: spec REV-441 requires both a health check AND an index-list check
    /// before marking analyze as available.  NEVER call `/quality` here —
    /// it is O(corpus) and always times out at 5s.  (lesson §12.3)
    /// What: calls `GET /health` (checks `status == ok && search_reachable`)
    /// AND `GET /indexes` (checks at least one index exists).  Returns `false`
    /// (not an error) on any transport failure — analyze is optional.
    /// Test: `two_step_probe_returns_false_on_transport_error`.
    async fn has_analysis(&self, index_id: &str) -> bool;

    /// Fetch complexity hotspots for an index.
    ///
    /// Why: provides the pipeline with a ranked list of complex files/functions
    /// to annotate the review.
    /// What: `GET /indexes/{index_id}/complexity_hotspots[?top_k=N]`.
    /// On any error, returns `Ok(vec![])` — never blocks the review.
    /// Test: `complexity_hotspots_empty_on_transport_error`.
    async fn complexity_hotspots(
        &self,
        index_id: &str,
        top_k: Option<u32>,
    ) -> Result<Vec<ComplexityHotspot>, AnalyzeClientError>;

    /// Fetch code smells for an index.
    ///
    /// Why: provides the pipeline with smell annotations for the changed files.
    /// What: `GET /indexes/{index_id}/smells`.
    /// On any error, returns `Ok(vec![])` — never blocks the review.
    /// Test: `smells_empty_on_transport_error`.
    async fn smells(&self, index_id: &str) -> Result<Vec<Smell>, AnalyzeClientError>;
}

// ─── HTTP implementation ──────────────────────────────────────────────────────

/// HTTP implementation of `AnalyzeClient` over a running trusty-analyze daemon.
///
/// Why: the default transport for all production and staging deployments.
/// What: targets `PR_INTELLIGENCE_ANALYZER_URL` (default
/// `http://127.0.0.1:7879`).  All methods use a 5s timeout for probe calls and
/// a 180s timeout for analysis calls (matching spec REV-440 table).
/// Test: `http_analyze_client_url_is_configurable`.
pub struct HttpAnalyzeClient {
    /// Base URL of the trusty-analyze daemon (no trailing slash).
    base_url: String,
    /// Short-timeout client for health / index probes (5s).
    probe_http: reqwest::Client,
    /// Long-timeout client for analysis calls (180s).
    analysis_http: reqwest::Client,
}

impl HttpAnalyzeClient {
    /// Construct from an explicit base URL.
    ///
    /// Why: allows tests to point the client at any URL without going through
    /// the config system.
    /// What: builds two reqwest clients — `probe_http` (5s timeout) and
    /// `analysis_http` (180s timeout) — matching the timeout table in spec
    /// REV-440.  Returns `Err(ClientInit)` if the TLS backend cannot be
    /// initialised — surfaces the failure to the caller rather than panicking
    /// at daemon startup (closes #953).
    /// Test: `http_analyze_client_url_is_configurable`.
    pub fn new(base_url: impl Into<String>) -> Result<Self, AnalyzeClientError> {
        let raw = base_url.into();
        let base_url = raw.trim_end_matches('/').to_string();
        let probe_http = reqwest::Client::builder()
            .timeout(std::time::Duration::from_secs(5))
            .build()
            .map_err(|e| AnalyzeClientError::ClientInit(e.to_string()))?;
        let analysis_http = reqwest::Client::builder()
            .timeout(std::time::Duration::from_secs(180))
            .build()
            .map_err(|e| AnalyzeClientError::ClientInit(e.to_string()))?;
        Ok(Self {
            base_url,
            probe_http,
            analysis_http,
        })
    }

    /// Construct from a `ReviewConfig`, reading `analyzer_url`.
    ///
    /// Why: the pipeline constructs the client from its injected config.
    /// What: calls `Self::new(config.analyzer_url.clone())` and propagates any
    /// TLS-backend init failure as `Err`.
    /// Test: `http_analyze_client_from_config`.
    pub fn from_config(config: &crate::config::ReviewConfig) -> Result<Self, AnalyzeClientError> {
        Self::new(config.analyzer_url.clone())
    }

    /// Return the base URL this client targets.
    ///
    /// Why: tests need to assert the URL is constructed correctly.
    /// What: returns a reference to the stored base URL string.
    /// Test: `http_analyze_client_url_is_configurable`.
    pub fn base_url(&self) -> &str {
        &self.base_url
    }
}

#[async_trait]
impl AnalyzeClient for HttpAnalyzeClient {
    async fn health(&self) -> Result<AnalyzeHealthResponse, AnalyzeClientError> {
        let url = format!("{}/health", self.base_url);
        let resp = self
            .probe_http
            .get(&url)
            .send()
            .await
            .map_err(|e| AnalyzeClientError::Unavailable(format!("GET {url}: {e}")))?;

        let status = resp.status();
        let body = resp
            .text()
            .await
            .map_err(|e| AnalyzeClientError::Transport(format!("read body of {url}: {e}")))?;

        if !status.is_success() {
            return Err(AnalyzeClientError::Unavailable(format!(
                "GET {url} returned {status}: {body}"
            )));
        }

        serde_json::from_str(&body)
            .map_err(|e| AnalyzeClientError::Parse(format!("health response: {e}")))
    }

    /// Two-step readiness probe (spec REV-441).
    ///
    /// Why: both `/health` and `/indexes` must succeed before marking analyze
    /// available.  NEVER calls `/quality` — it is O(corpus).  (lesson §12.3)
    /// What: calls `health()` first; if that fails or `search_reachable` is
    /// false, returns `false` immediately.  Otherwise calls `GET /indexes` and
    /// checks the index_id is present.
    /// Test: `two_step_probe_returns_false_on_transport_error`.
    async fn has_analysis(&self, index_id: &str) -> bool {
        // Step 1: health check.
        let health = match self.health().await {
            Ok(h) => h,
            Err(e) => {
                tracing::debug!("trusty-analyze health check failed (optional): {e}");
                return false;
            }
        };
        if !health.is_healthy() {
            tracing::debug!(
                status = %health.status,
                search_reachable = health.search_reachable,
                "trusty-analyze health indicates not ready"
            );
            return false;
        }

        // Step 2: list indexes and verify the target index exists.
        let url = format!("{}/indexes", self.base_url);
        let indexes_resp = match self.probe_http.get(&url).send().await {
            Ok(r) => r,
            Err(e) => {
                tracing::debug!("trusty-analyze GET /indexes failed (optional): {e}");
                return false;
            }
        };

        if !indexes_resp.status().is_success() {
            tracing::debug!(
                status = %indexes_resp.status(),
                "trusty-analyze GET /indexes returned non-2xx"
            );
            return false;
        }

        let body = match indexes_resp.text().await {
            Ok(b) => b,
            Err(e) => {
                tracing::debug!("trusty-analyze read /indexes body failed: {e}");
                return false;
            }
        };

        let indexes: Vec<AnalyzeIndexInfo> = match serde_json::from_str(&body) {
            Ok(v) => v,
            Err(e) => {
                tracing::debug!("trusty-analyze /indexes parse failed: {e}");
                return false;
            }
        };

        // Check the target index exists.
        let found = indexes.iter().any(|i| i.id == index_id);
        if !found {
            tracing::debug!(
                index_id,
                "trusty-analyze has no matching index — analyze context unavailable"
            );
        }
        found
    }

    async fn complexity_hotspots(
        &self,
        index_id: &str,
        top_k: Option<u32>,
    ) -> Result<Vec<ComplexityHotspot>, AnalyzeClientError> {
        let mut url = format!("{}/indexes/{index_id}/complexity_hotspots", self.base_url);
        if let Some(k) = top_k {
            url.push_str(&format!("?top_k={k}"));
        }

        let resp = self
            .analysis_http
            .get(&url)
            .send()
            .await
            .map_err(|e| AnalyzeClientError::Transport(format!("GET {url}: {e}")))?;

        let status = resp.status();
        let body = resp
            .text()
            .await
            .map_err(|e| AnalyzeClientError::Transport(format!("read body of {url}: {e}")))?;

        if !status.is_success() {
            return Err(AnalyzeClientError::Api {
                status: status.as_u16(),
                body,
            });
        }

        serde_json::from_str(&body)
            .map_err(|e| AnalyzeClientError::Parse(format!("complexity_hotspots response: {e}")))
    }

    async fn smells(&self, index_id: &str) -> Result<Vec<Smell>, AnalyzeClientError> {
        let url = format!("{}/indexes/{index_id}/smells", self.base_url);

        let resp = self
            .analysis_http
            .get(&url)
            .send()
            .await
            .map_err(|e| AnalyzeClientError::Transport(format!("GET {url}: {e}")))?;

        let status = resp.status();
        let body = resp
            .text()
            .await
            .map_err(|e| AnalyzeClientError::Transport(format!("read body of {url}: {e}")))?;

        if !status.is_success() {
            return Err(AnalyzeClientError::Api {
                status: status.as_u16(),
                body,
            });
        }

        serde_json::from_str(&body)
            .map_err(|e| AnalyzeClientError::Parse(format!("smells response: {e}")))
    }
}

// ─── Unit tests ───────────────────────────────────────────────────────────────

#[cfg(test)]
#[path = "analyze_client_tests.rs"]
mod tests;