Summary
Run ast-grep YAML rules during graph indexing to detect design patterns, code smells, and security issues, then store them as new node types and relationships in the knowledge graph.
Motivation
This enables queries like "find all Singleton classes" or "show functions with SQL injection risk." It adds a quality/security dimension to the graph that pure structure analysis misses. Rules are YAML files, easy to maintain and extend, and detection is deterministic (unlike LLM-based analysis).
Implementation
New Graph Schema
- New node types added to
NodeLabel enum: Pattern, CodeSmell, SecurityIssue
- New relationships added to
RelationshipType enum: IMPLEMENTS_PATTERN, HAS_SMELL, HAS_VULNERABILITY
New Analyzer
codebase_rag/analyzers/ast_grep_analyzer.py (~200 lines) running YAML rules via CLI or Python API
.ast-grep-rules/ directory with categorized YAML rules:
patterns/ (Singleton, Factory, Observer, etc.)
smells/ (long method, deeply nested, unused imports, etc.)
security/ (SQL injection, XSS, hardcoded secrets, etc.)
Integration Points
- Post-processing step in
graph_updater.py after tree-sitter indexing
- Update
cypher_queries.py with query templates for new node types
Acceptance Criteria
Related
Part of the ast-grep integration initiative:
Summary
Run ast-grep YAML rules during graph indexing to detect design patterns, code smells, and security issues, then store them as new node types and relationships in the knowledge graph.
Motivation
This enables queries like "find all Singleton classes" or "show functions with SQL injection risk." It adds a quality/security dimension to the graph that pure structure analysis misses. Rules are YAML files, easy to maintain and extend, and detection is deterministic (unlike LLM-based analysis).
Implementation
New Graph Schema
NodeLabelenum:Pattern,CodeSmell,SecurityIssueRelationshipTypeenum:IMPLEMENTS_PATTERN,HAS_SMELL,HAS_VULNERABILITYNew Analyzer
codebase_rag/analyzers/ast_grep_analyzer.py(~200 lines) running YAML rules via CLI or Python API.ast-grep-rules/directory with categorized YAML rules:patterns/(Singleton, Factory, Observer, etc.)smells/(long method, deeply nested, unused imports, etc.)security/(SQL injection, XSS, hardcoded secrets, etc.)Integration Points
graph_updater.pyafter tree-sitter indexingcypher_queries.pywith query templates for new node typesAcceptance Criteria
Related
Part of the ast-grep integration initiative: