fix: integrate semgrep with tool detection system and fix initializat…#167
Open
suung wants to merge 6 commits into
Open
fix: integrate semgrep with tool detection system and fix initializat…#167suung wants to merge 6 commits into
suung wants to merge 6 commits into
Conversation
…ion reload - Fix #166: Integrate semgrep with existing tool detection/installation system - Update tools.json: change semgrep from built-in to pip installation - Add Python 3.7+ prerequisite checking - Add semgrep installation detection using command-based method - Show consistent error messages with installation instructions - Support pip installation in tools-tree-provider - Fix #156: Fix initialization reload issue - Explicitly update context variable before refreshing trees - Add small delay to ensure context updates propagate - UI now updates immediately without requiring window reload - Add test coverage for both fixes - Unit tests for Python/semgrep detection - Unit tests for pip installation handling - E2E tests for initialization reload - E2E tests for semgrep error messages - Fix execa import issue in prerequisites.js
…on-reload - Bring in prerequisites infrastructure from main - Resolve conflicts in tools-tree-provider.ts (combine semgrep special handling with comprehensive contextValue logic)
…cs loading - Add database storage for Semgrep results with one entry per scan per file - Load diagnostics from database on file open/focus (works even if Semgrep not installed) - Separate flow for loading diagnostics vs running live analysis - Add integration tests for database storage and retrieval - Handle parsing errors as non-fatal warnings when matches exist - Add DEFAULT_SEMGREP_EXCLUSIONS to skip non-code files - Improve e2e tests with venv setup and Problems panel verification - Add unit tests for installation check and database flow
- .test-venv is created dynamically during e2e tests (not a fixture) - test-results contains Playwright test output - Both should not be committed
- Fix severity mapping: ERROR -> Error, WARNING -> Warning, INFO -> Information - Diagnostics now appear in Problems panel with proper red markers for errors - Enhance e2e tests to verify Problems panel visibility and Semgrep-specific entries
…irement - Create shared installToolWithLogging() function in packages/cli/src/utils/tool-installer.ts - Handles installation, logging, and config marking in one place - Update CLI command to use shared function (DRYed up) - Update VSCode extension to use shared function directly (no CLI required) - Eliminates 'CLI not found' error when installing tools from VSCode - Add comprehensive tests for shared installation function (7 tests) - Add activation guard to prevent duplicate command registration - Fix diagnostic collection name test (make test async) - Skip VSCode installation tests (covered in CLI tests) All installation-related tests passing: - CLI tool-installer tests: 7/7 passing - CLI tools-command tests: 4/4 passing - Semgrep E2E tests: 4/4 passing
4 tasks
Collaborator
verification is missing |
Collaborator
Author
We went over it, on some machine, there are a bunch of problems, it's not pip, it's pip3, and after installation it's not in the path we need a solution for this This could be one And it works when passed as a custom command, but another problem the problem is that if there is still an error, then the custom command cancels the error notification and we also need cross platform installation |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…ion reload
Fix Semgrep is not bundled #166: Integrate semgrep with existing tool detection/installation system
Fix Data not refreshed after project initialization (needs #156: Fix initialization reload issue
Add test coverage for both fixes
Fix execa import issue in prerequisites.js
Pull Request Checklist
Legal Requirements
Code Quality
Description
Type of Change
Testing
Additional Notes