Initial import of codecrucible + config-loadable model registry#2
Open
ccarpene-blk wants to merge 5 commits intomainfrom
Open
Initial import of codecrucible + config-loadable model registry#2ccarpene-blk wants to merge 5 commits intomainfrom
ccarpene-blk wants to merge 5 commits intomainfrom
Conversation
LLM-based static analyzer that ingests a Git repository, runs a recall-tuned first-pass plus an adversarial audit, and emits SARIF v2.1.0 for GitHub Code Scanning. Ships with per-phase provider selection (Anthropic, OpenAI, Google, Databricks, Ollama, OpenAI-compat), token-budget-aware chunking, and a set of language-specific prompt packs (Go / Java / JS / Python / Rust / C / Solidity, plus the language-agnostic default and carlini-style CTF variants). Retains the Block OSS template files (LICENSE, CODEOWNERS, GOVERNANCE.md, .github/, renovate.json) unchanged and replaces the stub README with project documentation. Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
Previously the model registry was compiled into the binary; adding or adjusting a model required a code change and a rebuild. Users can now declare model entries under a top-level `models:` key in `.codecrucible.yaml` (or supply them via env / flags through Viper). Entries sharing a built-in name replace it wholesale (case-insensitive), new names extend the registry, and an empty `endpoint` defaults to `<name>/invocations` to match the built-in convention. Missing `name` surfaces as a Load error with the offending index. The config template written by `codecrucible init` now includes a commented `models:` block, and the README picks up a worked-example section so the capability is discoverable. Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| -o codecrucible ./cmd/codecrucible | ||
|
|
||
| # Stage 2: Runtime | ||
| FROM gcr.io/distroless/static-debian12:nonroot |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Lands the codecrucible LLM-based security scanner on top of the Block OSS
template and adds config-driven model registry support.
11e8d0c): Go CLI that ingests a Git repo, runs arecall-tuned first pass plus an adversarial audit, and emits SARIF
v2.1.0 for GitHub Code Scanning. Per-phase provider selection
(Anthropic, OpenAI, Google, Databricks, Ollama, OpenAI-compat),
token-budget-aware chunking, and language-specific prompt packs
(Go / Java / JS / Python / Rust / C / Solidity, plus default and
carlini-style CTF variants). Block OSS template files (LICENSE,
CODEOWNERS, GOVERNANCE.md, .github/, renovate.json) kept intact;
stub README replaced with project documentation.
856442c): adding or retuning a model nolonger requires recompiling. Operators declare entries under a
top-level
models:key in.codecrucible.yaml; same-name entriesoverride built-ins wholesale, new names extend the registry, empty
endpointdefaults to<name>/invocations, missingnamesurfacesa Load error.
Test plan
go build ./...go vet ./...go test -race ./...(all packages pass)make docker-buildon merge./codecrucible scan ./some/repo --dry-runagainst aknown target
.codecrucible.yamlwith a custommodels:entryresolves on scan (
list-models+ a dry-run against that model)🤖 Generated with Claude Code