Phase 7 Week 1 Day 2 COMPLETE: Commit Builder

Date: November 12, 2025 Version: 20251112.16:38 Status: ✅ COMPLETE

Summary

Successfully implemented CommitBuilder component for Phase 7 (Auto-Fix PR Creation). This component generates commit messages, PR titles, and descriptions for automated fix PRs.

Deliverables

1. src/lib/github/commit-builder.ts (320 lines)

Core features: - buildCommits(): Creates one commit per file containing all fixes for that file - generatePRTitle(): Creates PR titles like "🔒 CodeSlick Auto-Fix: 2 files, 5 issues" - generatePRDescription(): Creates markdown PR descriptions with file lists and review instructions - validateCommits(): Validates all required fields and detects dangerous paths - fromApplyFixesResult(): Helper to bridge fix-applier output to commit-builder input

Commit message format:

Fix: 2 issues in index.js

Applied fixes:
- Missing semicolon (2 instances)
  - Line 1
  - Line 2

Manual review required (1 issue):
- SQL injection (line 5)

🤖 Auto-fixed by CodeSlick

2. src/lib/github/tests/commit-builder.test.ts (340 lines, 22 tests)

Test Categories: - buildCommits: 3 tests (one commit per file, skip empty, include counts) - generatePRTitle: 3 tests (single/multiple files, singular/plural) - generatePRDescription: 3 tests (file list, attribution, review instructions) - validateCommits: 7 tests (valid commits, missing fields, dangerous paths) - fromApplyFixesResult: 1 test (conversion helper) - commit message formatting: 5 tests (single fix, multiple fixes, skipped fixes, truncation)

Test Results: ✅ 22/22 tests passing (100%)

Interfaces

CommitData

export interface CommitData {
  message: string;        // Full commit message
  filePath: string;       // File to commit
  fileContent: string;    // Fixed content
  fixCount: number;       // Number of fixes applied
  fixSummary: string;     // One-line summary
}

FileFixResult

export interface FileFixResult {
  path: string;
  originalContent: string;
  fixedContent: string;
  appliedFixes: FixDetail[];
  skippedFixes: FixDetail[];
  language: string;
}

BuildCommitsInput

export interface BuildCommitsInput {
  fixes: FileFixResult[];
  branchName: string;
}

Integration Points

1. Input from FixApplier (Day 1):
2. Uses FileFixResult format from fromApplyFixesResult() helper

3. Receives applied and skipped fixes

4. Output to PR Creator (Day 3):

5. CommitData array ready for GitHub Git Data API
6. PR title and description ready for PR creation

Key Design Decisions

1. One Commit Per File

Rationale: Clean git history, easier to review, allows partial rollback

Example:

✅ Fix: 2 issues in index.js
✅ Fix: 3 issues in utils.js
✅ Fix: 1 issue in auth.py

Instead of:

❌ Fix: 6 issues across 3 files (messy, hard to review)

2. Grouped Fix Messages

Rationale: Reduces noise when same fix type applied multiple times

Example:

- Missing semicolon (5 instances)
  - Line 1
  - Line 2
  - Line 3
  - ... and 2 more

Instead of:

❌ - Missing semicolon (line 1)
❌ - Missing semicolon (line 2)
❌ - Missing semicolon (line 3)
❌ - Missing semicolon (line 4)
❌ - Missing semicolon (line 5)

3. Validation Before Creation

Rationale: Prevent creating invalid commits or dangerous file paths

Validates: - All required fields present - Fix count > 0 - File paths don't contain .. or ~ (path traversal protection) - Content not empty

4. Explicit Skipped Fixes

Rationale: Users need to know what couldn't be auto-fixed

Example:

Manual review required (2 issues):
- SQL injection (line 15)
- XSS vulnerability (line 23)

Test Results

Before Day 2: Unknown (new component) After Day 2: 22/22 tests passing (100%) Total New Tests: +22

Test Coverage Breakdown

1. Basic Functionality (3 tests):
2. One commit per file ✅
3. Skip files with no fixes ✅

4. Include fix counts ✅

5. PR Title Generation (3 tests):

6. Single file format ✅
7. Multiple files format ✅

8. Singular/plural grammar ✅

9. PR Description Generation (3 tests):

10. File list and summaries ✅
11. CodeSlick attribution ✅

12. Review instructions ✅

13. Validation (7 tests):

14. Valid commits pass ✅
15. Empty list rejected ✅
16. Missing message rejected ✅
17. Missing path rejected ✅
18. Missing content rejected ✅
19. Invalid fix count rejected ✅

20. Dangerous paths rejected ✅

21. Conversion Helper (1 test):

22. fromApplyFixesResult works ✅

23. Message Formatting (5 tests):

24. Single fix format ✅
25. Multiple fixes grouped ✅
26. Skipped fixes included ✅
27. Long lists truncated ✅

Known Limitations

1. No Multi-Commit Strategy: Currently creates one commit per file. Future: Allow grouping by severity or vulnerability type.

2. Fixed Message Format: Commit message format is hardcoded. Future: Allow customization via team settings.

3. No Emoji Customization: Uses 🔒 emoji in PR titles. Future: Allow team-specific emoji preferences.

4. English Only: All messages in English. Future: i18n support for commit messages.

Next Steps

Day 3: PR Creator (next) - Create branches via GitHub Git Data API - Create commits using GitHub API - Create pull requests - Handle merge conflicts - Post comment on original PR

Estimated: 1 day Files: pr-creator.ts + 12+ tests

Files Modified

• ✅ src/lib/github/commit-builder.ts (created, 320 lines)
• ✅ src/lib/github/tests/commit-builder.test.ts (created, 340 lines, 22 tests)
• ✅ version.json (updated with Day 2 changes)

Git Commit

commit 6f33e36
Phase 7 Week 1 Day 2 COMPLETE: Commit Builder

🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>

Milestone Progress

Phase 7 Week 1: Auto-Fix PR Creation Foundation - ✅ Day 1: Fix Applier (330 lines, 19 tests) - ✅ Day 2: Commit Builder (320 lines, 22 tests) - ⏳ Day 3: PR Creator - ⏳ Day 4: Integration testing - ⏳ Day 5: Job queue + database

Total Progress: 40% (⅖ days complete) Lines Written: 650 lines Tests Added: 41 tests Pass Rate: 100% ✅

---

End of Day 2 Report