merge: incorporate upstream parallelization, Zig parser, and report overhaul#29
Merged
joshbouncesecurity merged 6 commits intomasterfrom Apr 19, 2026
Merged
Conversation
Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
… hardening (#23) Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
…rt overhaul) Merge upstream commits #22 (CI security fix) and #23 (parallelization, HTML report overhaul, Zig parser, dynamic test hardening) into fork. Conflict resolution strategy: - Accept upstream's --workers/--backoff parallelization (replaces fork's --concurrency/--fresh) - Accept upstream's StepCheckpoint system (replaces fork's single-file checkpoints) - Accept upstream's rate limiter and thread-safe progress - Preserve fork's generate-context CLI command - Preserve fork's Agent SDK in llm_client.py with upstream's thread-safety additions - Accept upstream's Zig parser, report templates, and checkpoint CLI Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
- Rewrite test_resume_stage2 for StepCheckpoint directory-based system - Rewrite test_resume_stage3 to remove fork's --fresh/resumed_steps tests - Rewrite test_skip_errors for upstream's checkpoint retry behavior - Update test_resume_stage1 enhance tests for --workers API - Update test_local_claude FindingVerifier tests to mock Anthropic client - Fix test_parser_adapter for upstream's detect_language behavior - Fix agentic_enhancer __init__ to remove deleted apply_enhance_patch - Fix finding_verifier.py corruption from merge (take upstream version) - Add missing read_json import in enhancer.py - Add insufficient_context back to AnalysisMetrics (needed by analyzer) All 206 tests pass. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Upstream PR #23 implemented ThreadPoolExecutor parallelization directly in each file (context_enhancer, finding_verifier, analyzer, reporter). The fork's run_parallel() helper was never adopted and has zero imports in production code. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
The --skip-errors flag no longer exists. The tests now cover StepCheckpoint-based error retry behavior, so the filename should reflect that. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Merges upstream commits #22 (CI gitleaks fix) and #23 (parallelization, HTML report overhaul, Zig parser, dynamic test hardening) into the fork. Resolves 21 merge conflicts across Go CLI, Python core, and utilities.
Fork features rendered redundant by upstream
These fork features were removed or replaced because upstream PR #23 implemented equivalent functionality:
--concurrency/-jflag (default 4)--workers(default 8) +--backoff(default 30s)--freshflag on enhance/analyze/verifyStepCheckpoint)--skip-errorsflagStepCheckpoint.load_ids(skip_errors=True)utilities/parallel_executor.py(run_parallel)ThreadPoolExecutorin each filecore/utils.pycheckpoint helpers)core/checkpoint.pywithStepCheckpointclass_save_analyze_checkpoint/_save_verify_checkpointStepCheckpoint.save()per-unit filesFork features preserved (not in upstream)
claude-agent-sdk)utilities/llm_client.py— kept fork's SDK architecture, added upstream's thread-safety and rate limiter importgenerate-contextCLI commandopenant/cli.py,apps/openant-cli/cmd/generatecontext.goopenant/cli.py,context/application_context.pyutilities/model_config.pyutilities/file_io.py— still used across ~37 production filescore/utils.py(atomic_write_json) — still used in analyzer, enhancer, verifier--freshflag for parse onlyopenant/cli.py,apps/openant-cli/cmd/parse.goFork features modified to match upstream
utilities/llm_client.pythreading.LocktoTokenTrackerandfrom .rate_limiter import get_rate_limiterfrom upstreamutilities/agentic_enhancer/__init__.pyapply_enhance_patchexport (function deleted in upstream'sagent.py)utilities/finding_verifier.pyanthropicclient directly with tool-use loop instead of fork's Agent SDK path)utilities/context_enhancer.pyThreadPoolExecutor+StepCheckpointinstead of fork'srun_parallel)utilities/agentic_enhancer/agent.pyanthropicdirectly, rate limiter, in-place mutation)core/analyzer.py_run_detectionparallelization; kept fork'smodel_configandfile_ioimportscore/schemas.pyinsufficient_contextfromAnalysisMetrics, removedresumed_stepsfromScanResult, accepted upstream'sReportResult.to_dict()core/enhancer.py,core/verifier.py,core/scanner.py,core/progress.py--workers/--backoff/StepCheckpointAPI--workers/--backoffflags, report overhaul, checkpoint support)Tests updated
test_resume_stage1.pyStepCheckpointAPI,workers=1instead ofconcurrency=1, removed--freshteststest_resume_stage2.pyStepCheckpointdirectory-based checkpoints, addedTestStepCheckpointUnitteststest_resume_stage3.pyTestScanResumeIntegration(depended onresumed_stepsand--fresh), kept unit tests for resume helperstest_skip_errors.py→test_checkpoint_retry.pyStepCheckpoint.load_idserror filtering and_run_detectionretry behaviortest_local_claude.pyTestVerifyWithNativeClaudeto mockanthropic.Anthropicclient directly instead of Agent SDK's_run_query_synctest_parser_adapter.pytest_empty_dir_raises— upstream'sdetect_languageno longer raises on empty dirstest_parallel_executor.pyTest plan
pytest tests/— 193 passed, 0 failedruff check . --select F821,F811— all checks passedgo build ./...)openant generate-context --helpstill works🤖 Generated with Claude Code