feat(callgraph): Add remote stdlib registry with lazy loading #340
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Implements remote HTTP-based stdlib registry loading with automatic Python version detection and on-demand module caching. Changes: - Add Python version detector (.python-version, pyproject.toml) - Implement remote stdlib registry with lazy module loading - Add in-memory caching with mutex protection - Update builder to use remote CDN instead of local files - Add comprehensive unit tests with mocked HTTP responses 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Updates Cloudflare Pages deployment to generate Python 3.14 stdlib registries before building the docs site. Registries are generated fresh on every deployment to ensure they stay up-to-date. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #340 +/- ##
==========================================
+ Coverage 74.16% 74.85% +0.68%
==========================================
Files 45 47 +2
Lines 5291 5448 +157
==========================================
+ Hits 3924 4078 +154
+ Misses 1201 1194 -7
- Partials 166 176 +10 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
shivasurya
added
enhancement
- Use http.NewRequestWithContext instead of http.NewRequest (noctx) - Add //nolint:nilnil directive for valid nil,nil return (nilnil) - Replace if-else chains with switch statements (ifElseChain) All tests passing, coverage maintained at 95.8%/98.6%. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
SafeDep Report Summary
No dependency changes detected. Nothing to scan. This report is generated by SafeDep Github App |
shivasurya
added a commit
that referenced
this pull request
Nov 4, 2025
… dataflow Implements statement-level extraction from Python AST to support intra-procedural dataflow analysis and taint propagation. This is PR #2 of the intra-procedural dataflow feature implementation. **Key Features:** - Extract assignments, augmented assignments, calls, and returns - Build def-use information for each statement - Conservative identifier extraction for security analysis - Handle Python AST node wrapping (expression_statement) - Filter Python keywords and 'self' references - Extract method names from chained calls (obj.a.b.method) **Implementation Details:** - `ExtractStatements`: Main entry point, iterates function body - `extractAssignment`: Handles simple assignments (x = expr) - Stores RHS expression in CallTarget field - Skips tuple unpacking (requires multiple defs) - Skips attribute/subscript assignments (no local defs) - `extractAugmentedAssignment`: Handles x += expr (def and use) - `extractCall`: Extracts function/method calls - CallTarget contains method name (not full chain) - CallArgs contains literal argument values - Uses contains all identifiers (recursive extraction) - `extractReturn`: Handles return statements - Stores expression in CallTarget - `extractIdentifiers`: Recursive identifier extraction - Filters Python keywords and 'self' - Deduplicates results **Test Coverage:** - 20+ comprehensive tests covering all statement types - 87.3% overall coverage - Edge cases: empty functions, control flow skipped, nested calls - Tests for keyword filtering, deduplication, self references **Compliance:** - All tests passing - Build successful - Linter clean (nolint comments for false-positive unconvert warnings) Related to #340 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
shivasurya
added a commit
that referenced
this pull request
Nov 4, 2025
… dataflow Implements statement-level extraction from Python AST to support intra-procedural dataflow analysis and taint propagation. This is PR #2 of the intra-procedural dataflow feature implementation. **Key Features:** - Extract assignments, augmented assignments, calls, and returns - Build def-use information for each statement - Conservative identifier extraction for security analysis - Handle Python AST node wrapping (expression_statement) - Filter Python keywords and 'self' references - Extract method names from chained calls (obj.a.b.method) **Implementation Details:** - `ExtractStatements`: Main entry point, iterates function body - `extractAssignment`: Handles simple assignments (x = expr) - Stores RHS expression in CallTarget field - Skips tuple unpacking (requires multiple defs) - Skips attribute/subscript assignments (no local defs) - `extractAugmentedAssignment`: Handles x += expr (def and use) - `extractCall`: Extracts function/method calls - CallTarget contains method name (not full chain) - CallArgs contains literal argument values - Uses contains all identifiers (recursive extraction) - `extractReturn`: Handles return statements - Stores expression in CallTarget - `extractIdentifiers`: Recursive identifier extraction - Filters Python keywords and 'self' - Deduplicates results **Test Coverage:** - 20+ comprehensive tests covering all statement types - 87.3% overall coverage - Edge cases: empty functions, control flow skipped, nested calls - Tests for keyword filtering, deduplication, self references **Compliance:** - All tests passing - Build successful - Linter clean (nolint comments for false-positive unconvert warnings) Related to #340 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Adds remote HTTP-based stdlib registry loading with automatic Python version detection and lazy module downloads.
Changes
.python-version,pyproject.toml)Testing
All tests passing with mocked HTTP responses.
🤖 Generated with Claude Code