Hugging Face's logo

Spaces:
S-Dreamer
/
codewatcher
Running

App Files Community
codewatcher / index.html
S-Dreamer's picture
S-Dreamer
Creating a GitHub Actions bot named CodeWatcher, inspired by Copal, that runs static analysis tools (pylint, bandit, semgrep), comments inline suggestions on pull requests (PRs), and adopts a mentor-like or red-team assistant tone is a solid idea for improving code quality and security in a supportive way. Below is a step-by-step guide to build this bot, ensuring actionable output aligned with offensive security workflows and real-world methodologies. CodeWatcher GitHub Actions Bot Overview CodeWatcher will: • Trigger on pull request events. • Run pylint (code style), bandit (security issues), and semgrep (advanced static analysis) on Python code. • Parse tool outputs and post inline comments on PRs with a mentor-like or red-team tone (e.g., constructive, slightly probing, encouraging critical thinking). • Use GitHub Actions to automate the workflow and the GitHub API to post comments. - Initial Deployment
b0a728d verified
raw
history blame contribute delete
29.6 kB
 <!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>CodeWatcher - Security Mentor Bot</title>
<script src="https://cdn.tailwindcss.com"></script>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">
<style>
.sidebar {
transition: all 0.3s ease;
}
.bot-message {
animation: fadeIn 0.5s ease-in-out;
}
@keyframes fadeIn {
from { opacity: 0; transform: translateY(10px); }
to { opacity: 1; transform: translateY(0); }
}
.highlight {
position: relative;
z-index: 1;
}
.highlight::after {
content: '';
position: absolute;
left: 0;
right: 0;
bottom: 2px;
height: 30%;
background-color: rgba(236, 253, 245, 0.6);
z-index: -1;
}
</style>
</head>
<body class="bg-gray-50 min-h-screen">
<div class="flex h-screen">
<!-- Sidebar navigation -->
<div class="sidebar bg-indigo-900 text-white w-64 flex-shrink-0 hidden md:block">
<div class="p-4">
<h1 class="text-xl font-bold flex items-center">
<span class="bg-green-400 rounded-full w-6 h-6 mr-2 flex items-center justify-center">
<i class="fas fa-robot text-indigo-900 text-xs"></i>
</span>
CodeWatcher
</h1>
<p class="text-indigo-200 text-sm mt-2">Your security mentor bot</p>
</div>
<nav class="mt-6">
<a href="#" class="block py-2 px-4 bg-indigo-800 text-white font-medium">
<i class="fas fa-chart-line mr-2"></i> Dashboard
</a>
<a href="#" class="block py-2 px-4 hover:bg-indigo-800 text-white">
<i class="fas fa-list-check mr-2"></i> PR Analysis
</a>
<a href="#" class="block py-2 px-4 hover:bg-indigo-800 text-white">
<i class="fas fa-shield-virus mr-2"></i> Security Findings
</a>
<a href="#" class="block py-2 px-4 hover:bg-indigo-800 text-white">
<i class="fas fa-gear mr-2"></i> Configuration
</a>
<div class="border-t border-indigo-800 mt-4 pt-4 mx-4">
<div class="flex items-center pb-4">
<div class="w-10 h-10 rounded-full bg-indigo-700 flex items-center justify-center">
<i class="fas fa-user text-lg"></i>
</div>
<div class="ml-3">
<p class="font-medium">Developer</p>
<p class="text-xs text-indigo-300">admin</p>
</div>
</div>
<button class="bg-indigo-700 hover:bg-indigo-600 text-white py-2 px-4 rounded-full w-full text-sm font-medium">
<i class="fas fa-sign-out-alt mr-2"></i> Sign out
</button>
</div>
</nav>
</div>
<!-- Mobile sidebar toggle -->
<button id="sidebarToggle" class="md:hidden fixed top-4 left-4 bg-indigo-900 text-white p-2 rounded-lg z-50">
<i class="fas fa-bars"></i>
</button>
<!-- Mobile sidebar (hidden by default) -->
<div id="mobileSidebar" class="sidebar fixed inset-0 bg-indigo-900 text-white z-40 transform -translate-x-full md:hidden">
<div class="p-4">
<div class="flex justify-between items-center">
<h1 class="text-xl font-bold flex items-center">
<span class="bg-green-400 rounded-full w-6 h-6 mr-2 flex items-center justify-center">
<i class="fas fa-robot text-indigo-900 text-xs"></i>
</span>
CodeWatcher
</h1>
<button id="closeSidebar" class="text-white p-2">
<i class="fas fa-times"></i>
</button>
</div>
<p class="text-indigo-200 text-sm mt-2">Your security mentor bot</p>
</div>
<nav class="mt-6">
<a href="#" class="block py-2 px-4 bg-indigo-800 text-white font-medium">
<i class="fas fa-chart-line mr-2"></i> Dashboard
</a>
<a href="#" class="block py-2 px-4 hover:bg-indigo-800 text-white">
<i class="fas fa-list-check mr-2"></i> PR Analysis
</a>
<a href="#" class="block py-2 px-4 hover:bg-indigo-800 text-white">
<i class="fas fa-shield-virus mr-2"></i> Security Findings
</a>
<a href="#" class="block py-2 px-4 hover:bg-indigo-800 text-white">
<i class="fas fa-gear mr-2"></i> Configuration
</a>
<div class="border-t border-indigo-800 mt-12 pt-4 mx-4">
<button class="bg-indigo-700 hover:bg-indigo-600 text-white py-2 px-4 rounded-full w-full text-sm font-medium">
<i class="fas fa-sign-out-alt mr-2"></i> Sign out
</button>
</div>
</nav>
</div>
<!-- Main content -->
<div class="flex-1 overflow-y-auto">
<div class="max-w-6xl mx-auto p-6">
<!-- Header -->
<header class="bg-white rounded-xl shadow-sm p-6 mb-6">
<div class="flex justify-between items-start">
<div>
<h2 class="text-2xl font-bold text-gray-800">Pull Request Analysis</h2>
<p class="text-gray-600 mt-1">See CodeWatcher's automated reviews and suggestions</p>
</div>
<div class="flex space-x-3">
<button class="bg-indigo-600 hover:bg-indigo-700 text-white px-4 py-2 rounded-lg flex items-center">
<i class="fas fa-sync-alt mr-2"></i> Refresh
</button>
<button class="bg-green-600 hover:bg-green-700 text-white px-4 py-2 rounded-lg flex items-center">
<i class="fas fa-plus mr-2"></i> New Review
</button>
</div>
</div>
</header>
<!-- PR Info Card -->
<div class="bg-white rounded-xl shadow-sm p-6 mb-6">
<div class="flex flex-col md:flex-row md:items-center md:justify-between">
<div>
<div class="flex items-center">
<h3 class="text-xl font-semibold text-gray-800">PR #42: Implement auth middleware</h3>
<span class="ml-3 bg-yellow-100 text-yellow-800 text-xs px-2 py-1 rounded-full">Open</span>
</div>
<p class="text-gray-600 mt-1">Repository: <span class="font-medium">acme/webapp</span> • Author: <span class="font-medium">dev1</span></p>
</div>
<div class="mt-3 md:mt-0">
<div class="flex space-x-2">
<span class="bg-blue-100 text-blue-800 text-xs px-2 py-1 rounded-full">+327 −158</span>
<span class="bg-purple-100 text-purple-800 text-xs px-2 py-1 rounded-full">Python</span>
<span class="bg-green-100 text-green-800 text-xs px-2 py-1 rounded-full">3 Checks</span>
</div>
</div>
</div>
</div>
<!-- Analysis Results -->
<div class="mb-6">
<div class="flex items-center mb-4">
<h3 class="text-lg font-semibold text-gray-800">Static Analysis Results</h3>
<span class="ml-3 bg-indigo-100 text-indigo-800 text-xs px-2 py-1 rounded-full">3 Tools Run</span>
</div>
<!-- Tool Stats -->
<div class="grid grid-cols-1 md:grid-cols-3 gap-4 mb-6">
<div class="bg-white rounded-xl shadow-sm p-4">
<div class="flex justify-between items-center mb-2">
<div class="flex items-center">
<div class="w-8 h-8 bg-red-100 rounded-full flex items-center justify-center mr-2">
<i class="fas fa-exclamation-triangle text-red-500"></i>
</div>
<h4 class="font-medium">Pylint</h4>
</div>
<span class="text-sm text-gray-500">Style Guide</span>
</div>
<div class="mt-4">
<div class="flex items-center justify-between mb-1">
<span class="text-sm text-gray-600">Issues identified</span>
<span class="font-medium">12</span>
</div>
<div class="w-full bg-gray-200 rounded-full h-1.5">
<div class="bg-red-500 h-1.5 rounded-full" style="width: 80%"></div>
</div>
</div>
</div>
<div class="bg-white rounded-xl shadow-sm p-4">
<div class="flex justify-between items-center mb-2">
<div class="flex items-center">
<div class="w-8 h-8 bg-yellow-100 rounded-full flex items-center justify-center mr-2">
<i class="fas fa-shield-alt text-yellow-500"></i>
</div>
<h4 class="font-medium">Bandit</h4>
</div>
<span class="text-sm text-gray-500">Security</span>
</div>
<div class="mt-4">
<div class="flex items-center justify-between mb-1">
<span class="text-sm text-gray-600">Vulnerabilities</span>
<span class="font-medium">4</span>
</div>
<div class="w-full bg-gray-200 rounded-full h-1.5">
<div class="bg-yellow-500 h-1.5 rounded-full" style="width: 30%"></div>
</div>
</div>
</div>
<div class="bg-white rounded-xl shadow-sm p-4">
<div class="flex justify-between items-center mb-2">
<div class="flex items-center">
<div class="w-8 h-8 bg-blue-100 rounded-full flex items-center justify-center mr-2">
<i class="fas fa-search text-blue-500"></i>
</div>
<h4 class="font-medium">Semgrep</h4>
</div>
<span class="text-sm text-gray-500">Deep Analysis</span>
</div>
<div class="mt-4">
<div class="flex items-center justify-between mb-1">
<span class="text-sm text-gray-600">Pattern matches</span>
<span class="font-medium">7</span>
</div>
<div class="w-full bg-gray-200 rounded-full h-1.5">
<div class="bg-blue-500 h-1.5 rounded-full" style="width: 45%"></div>
</div>
</div>
</div>
</div>
</div>
<!-- Code Review Section -->
<div class="bg-white rounded-xl shadow-sm p-6 mb-6">
<div class="flex items-center justify-between mb-4">
<h3 class="text-lg font-semibold text-gray-800">Inline Comments</h3>
<div class="flex items-center space-x-2">
<select class="bg-gray-100 border-0 text-gray-700 rounded-lg px-3 py-2 text-sm focus:ring-indigo-500 focus:border-indigo-500">
<option>All Tools</option>
<option>Pylint</option>
<option>Bandit</option>
<option>Semgrep</option>
</select>
<select class="bg-gray-100 border-0 text-gray-700 rounded-lg px-3 py-2 text-sm focus:ring-indigo-500 focus:border-indigo-500">
<option>All Severity</option>
<option>Critical</option>
<option>High</option>
<option>Medium</option>
<option>Low</option>
</select>
</div>
</div>
<!-- Comment cards -->
<div class="space-y-4">
<!-- Critical issue -->
<div class="p-4 bg-red-50 rounded-lg border-l-4 border-red-500">
<div class="flex items-start">
<div class="w-10 h-10 rounded-full bg-red-100 flex items-center justify-center flex-shrink-0">
<i class="fas fa-exclamation-triangle text-red-500"></i>
</div>
<div class="ml-3">
<div class="flex items-center">
<h4 class="font-medium text-gray-800">Hard-coded secret</h4>
<span class="ml-3 bg-red-500 text-white text-xs px-2 py-0.5 rounded-full">Critical</span>
</div>
<p class="text-gray-600 mt-1">Bandit identified a hard-coded API key in auth.py line 42</p>
<div class="mt-2 bg-white p-3 rounded-lg border border-gray-200">
<div class="flex items-start">
<span class="text-gray-500 font-mono text-sm mr-2">42:</span>
<pre class="text-gray-800 text-sm font-mono overflow-x-auto">api_key = "sk_live_1234567890abcdef" # <span class="highlight text-red-500">Consider using environment variables instead</span></pre>
</div>
</div>
<div class="mt-3 text-sm flex items-center">
<span class="text-gray-500"><i class="fas fa-file-alt mr-1"></i> auth.py • Bandit (B105)</span>
<button class="ml-3 text-indigo-600 hover:text-indigo-800">
<i class="fas fa-reply mr-1"></i> Resolve
</button>
</div>
</div>
</div>
</div>
<!-- High severity issue -->
<div class="p-4 bg-orange-50 rounded-lg border-l-4 border-orange-500">
<div class="flex items-start">
<div class="w-10 h-10 rounded-full bg-orange-100 flex items-center justify-center flex-shrink-0">
<i class="fas fa-shield-alt text-orange-500"></i>
</div>
<div class="ml-3">
<div class="flex items-center">
<h4 class="font-medium text-gray-800">SQL injection risk</h4>
<span class="ml-3 bg-orange-500 text-white text-xs px-2 py-0.5 rounded-full">High</span>
</div>
<p class="text-gray-600 mt-1">Semgrep detected potential SQL injection in db_utils.py line 15</p>
<div class="mt-2 bg-white p-3 rounded-lg border border-gray-200">
<div class="flex items-start">
<span class="text-gray-500 font-mono text-sm mr-2">15:</span>
<pre class="text-gray-800 text-sm font-mono">query = f"SELECT * FROM users WHERE username = {user_input}" # <span class="highlight text-red-500">Use parameterized queries</span></pre>
</div>
</div>
<div class="mt-3">
<button class="text-sm bg-indigo-600 hover:bg-indigo-700 text-white px-3 py-1 rounded-full mr-2">
<i class="fas fa-lightbulb mr-1"></i> Show fix
</button>
</div>
<div class="mt-2 text-sm">
<span class="text-gray-500"><i class="fas fa-file-alt mr-1"></i> db_utils.py • Semgrep (python.sqlalchemy.security.sql-injection)</span>
</div>
</div>
</div>
</div>
<!-- Medium severity issue -->
<div class="p-4 bg-yellow-50 rounded-lg border-l-4 border-yellow-500">
<div class="flex items-start">
<div class="w-10 h-10 rounded-full bg-yellow-100 flex items-center justify-center flex-shrink-0">
<i class="fas fa-comment-dots text-yellow-500"></i>
</div>
<div class="ml-3">
<div class="flex items-center">
<h4 class="font-medium text-gray-800">Missing type hints</h4>
<span class="ml-3 bg-yellow-500 text-white text-xs px-2 py-0.5 rounded-full">Medium</span>
</div>
<p class="text-gray-600 mt-1">Pylint suggests adding type annotations to improve code clarity (utils.py)</p>
<div class="mt-2 bg-white p-3 rounded-lg border border-gray-200">
<div class="flex items-start">
<span class="text-gray-500 font-mono text-sm mr-2">32:</span>
<pre class="text-gray-800 text-sm font-mono">def process_data(data): # <span class="highlight text-yellow-700">Consider adding type hints here</span>
return data.upper()</pre>
</div>
</div>
<div class="mt-3 text-sm flex items-center space-x-3">
<button class="text-indigo-600 hover:text-indigo-800">
<i class="far fa-thumbs-up mr-1"></i> Will fix
</button>
<button class="text-indigo-600 hover:text-indigo-800">
<i class="far fa-comment mr-1"></i> Discuss
</button>
<button class="text-indigo-600 hover:text-indigo-800">
<i class="far fa-flag mr-1"></i> Flag
</button>
</div>
</div>
</div>
</div>
<!-- Low severity issue -->
<div class="p-4 bg-blue-50 rounded-lg border-l-4 border-blue-500">
<div class="flex items-start">
<div class="w-10 h-10 rounded-full bg-blue-100 flex items-center justify-center flex-shrink-0">
<i class="fas fa-info-circle text-blue-500"></i>
</div>
<div class="ml-3">
<div class="flex items-center">
<h4 class="font-medium text-gray-800">Unused import</h4>
<span class="ml-3 bg-blue-500 text-white text-xs px-2 py-0.5 rounded-full">Low</span>
</div>
<p class="text-gray-600 mt-1">Pylint found an unused import in middleware.py</p>
<div class="mt-2 bg-white p-3 rounded-lg border border-gray-200">
<div class="flex items-start">
<span class="text-gray-500 font-mono text-sm mr-2">3:</span>
<pre class="text-gray-800 text-sm font-mono">import hashlib # <span class="highlight text-blue-700">This import is unused</span>
import json</pre>
</div>
</div>
<div class="mt-3 text-sm flex items-center">
<button class="text-sm bg-indigo-600 hover:bg-indigo-700 text-white px-3 py-1 rounded-full">
<i class="fas fa-bolt mr-1"></i> Auto-fix
</button>
<button class="ml-3 text-gray-500 hover:text-gray-700">
<i class="fas fa-times mr-1"></i> Dismiss
</button>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- Summary Card -->
<div class="bg-white rounded-xl shadow-sm p-6 mb-6">
<h3 class="text-lg font-semibold text-gray-800 mb-4">CodeWatcher's Summary</h3>
<div class="grid grid-cols-1 md:grid-cols-2 gap-6">
<div>
<div class="bg-indigo-50 rounded-lg p-4">
<h4 class="font-medium text-indigo-800 mb-2">General Feedback</h4>
<div class="text-gray-700 bot-message">
<p class="mb-2">👋 Hello there! I've reviewed your PR and overall, you're doing great work! Just a few constructive observations from my security mentor perspective:</p>
<ul class="list-disc pl-5 space-y-1">
<li>The auth middleware structure is well-designed, but we need to address a critical security issue with the hard-coded secret.</li>
<li>I notice you've implemented proper error handling in most places - that's excellent!</li>
<li>The SQL injection vulnerability in db_utils.py is a high-priority fix - let's collaborate on the solution.</li>
</ul>
</div>
</div>
</div>
<div>
<div class="bg-green-50 rounded-lg p-4">
<h4 class="font-medium text-green-800 mb-2">Security Score</h4>
<div class="flex items-center justify-between mb-3">
<span class="text-gray-700">Code Quality</span>
<span class="font-medium">72/100</span>
</div>
<div class="w-full bg-gray-200 rounded-full h-2 mb-4">
<div class="bg-green-500 h-2 rounded-full" style="width: 72%"></div>
</div>
<div class="flex items-center justify-between mb-3">
<span class="text-gray-700">Security</span>
<span class="font-medium">58/100</span>
</div>
<div class="w-full bg-gray-200 rounded-full h-2 mb-6">
<div class="bg-green-500 h-2 rounded-full" style="width: 58%"></div>
</div>
<p class="text-green-700 text-sm">
<i class="fas fa-lightbulb mr-1"></i> Addressing the critical and high severity issues could improve your security score significantly.
</p>
</div>
</div>
</div>
</div>
<!-- Action Buttons -->
<div class="flex justify-end space-x-4 mb-16">
<button class="border border-gray-300 bg-white hover:bg-gray-50 text-gray-700 px-6 py-2 rounded-lg">
Request Changes
</button>
<button class="bg-green-600 hover:bg-green-700 text-white px-6 py-2 rounded-lg">
Approve PR
</button>
</div>
</div>
</div>
</div>
<!-- Bottom mobile navigation (mobile only) -->
<div class="md:hidden fixed bottom-0 left-0 right-0 bg-white border-t border-gray-200 flex justify-around py-2">
<a href="#" class="text-indigo-600 p-2 flex flex-col items-center">
<i class="fas fa-home text-lg"></i>
<span class="text-xs mt-1">Home</span>
</a>
<a href="#" class="text-gray-500 p-2 flex flex-col items-center">
<i class="fas fa-list-check text-lg"></i>
<span class="text-xs mt-1">PRs</span>
</a>
<a href="#" class="text-gray-500 p-2 flex flex-col items-center">
<i class="fas fa-shield-virus text-lg"></i>
<span class="text-xs mt-1">Security</span>
</a>
<a href="#" class="text-gray-500 p-2 flex flex-col items-center">
<i class="fas fa-cog text-lg"></i>
<span class="text-xs mt-1">Settings</span>
</a>
</div>
<script>
// Mobile sidebar toggle
const sidebarToggle = document.getElementById('sidebarToggle');
const closeSidebar = document.getElementById('closeSidebar');
const mobileSidebar = document.getElementById('mobileSidebar');
sidebarToggle.addEventListener('click', () => {
mobileSidebar.classList.remove('-translate-x-full');
mobileSidebar.classList.add('translate-x-0');
});
closeSidebar.addEventListener('click', () => {
mobileSidebar.classList.remove('translate-x-0');
mobileSidebar.classList.add('-translate-x-full');
});
// Theme switcher (could be implemented)
// document.getElementById('themeToggle').addEventListener('click', () => {
// document.documentElement.classList.toggle('dark');
// });
</script>
<p style="border-radius: 8px; text-align: center; font-size: 12px; color: #fff; margin-top: 16px;position: fixed; left: 8px; bottom: 8px; z-index: 10; background: rgba(0, 0, 0, 0.8); padding: 4px 8px;">Made with <img src="https://enzostvs-deepsite.hf.space/logo.svg" alt="DeepSite Logo" style="width: 16px; height: 16px; vertical-align: middle;display:inline-block;margin-right:3px;filter:brightness(0) invert(1);"><a href="https://enzostvs-deepsite.hf.space" style="color: #fff;text-decoration: underline;" target="_blank" >DeepSite</a> - 🧬 <a href="https://enzostvs-deepsite.hf.space?remix=S-Dreamer/codewatcher" style="color: #fff;text-decoration: underline;" target="_blank" >Remix</a></p></body>
</html>