release: dorian v1.0.1 — hardening, DX, interop + first real cross-PR catch

[ajaysurya1221]

Patch release on top of v1.0.0 (origin/main's tree == v1.0.0; this branch adds 16 commits). No breaking changes — additive only.

Headline: first documented real catch

docs/REAL_CATCH_LOG.md — one reproducible cross-PR catch on a public repo (encode/httpx, BSD-3): a load-bearing claim sealed when requires-python was ">=3.8" flips WARRANTED → REVOKED (exit 4) under a real later upstream PR (#3592, "Drop Python 3.8 support") while httpx's own tests stay green and no stateless per-PR review would re-open the claim. One documented catch, honest scope — not a validation claim.

Security

• C4: reject option-like pytest: nodeids (-pevil/--collect-only) before any spawn (red/green).
• C5: bound sqlite reconcile: by a per-query timeout → ERROR(query_timeout), closing a DoS that survived --deny-exec (red/green).
• Supply chain: pin all Actions to verified SHAs; add security.yml (pip-audit + bandit) and Dependabot.

Performance

• Build the symbol/config indexes once per verify (byte-identical output, spy-tested).

Features (additive, opt-in)

• dorian suggest-claims <file.py> — deterministic, born-verifiable C3 claim scaffolding.
• dorian export --in-toto <artifact> — experimental in-toto ClaimVerification predicate.

Docs / DX

• Runnable hero demo promoted + Demo badge repointed; WRITING_GOOD_CLAIMS.md (gutted-body ceiling); SECURITY_AND_SAFE_RUNNERS.md; sharpened Claude Code recipe; public benchmark protocol reconciled with what shipped.

Gates

• ruff check + ruff format --check clean; 867 tests pass (full suite, exit 0).
• Fresh-venv wheel install: hero demo reaches REVOKED/exit 4; both new commands work.
• Independent second-pass review: APPROVE (no HIGH/MEDIUM findings).

Honesty notes preserved throughout: reproducibility on frozen SHAs ≠ validation; trigger ≠ truth; ERROR ≠ BROKEN; --deny-exec/checker_trust: base are policies, not sandboxes; the warrant id is tamper-evident but timestamped (not reproducible). PyPI publishing is a separate step.

🤖 Generated with Claude Code

Summary by CodeRabbit

Release Notes: v1.0.1

• New Features

  • Added dorian suggest-claims command to generate deterministic C3 claim suggestions from Python files.
  • Added dorian export --in-toto command for experimental in-toto Statement interoperability.

• Bug Fixes

  • Hardened C4 pytest checker to reject malicious nodeids before subprocess execution.
  • Added SQLite query timeout protection to prevent reconciliation hangs.

• Documentation

  • Expanded guides on safe public-fork execution, writing strong claims, and using Claude with dorian.
  • Published real-world catch log demonstrating packaging revocation detection.

• Chores

  • Supply-chain hardening: GitHub Actions pinned to commit SHAs; added automated security scanning.

[coderabbitai]

Warning

Review limit reached

@ajaysurya1221, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 38 minutes and 10 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: bf9c74ed-7c55-44c4-8448-1fb402437e49

📥 Commits

Reviewing files that changed from the base of the PR and between 81cebbc and 814b046.

📒 Files selected for processing (1)

• docs/BENCHMARK_CURRENT.md

📝 Walkthrough

Walkthrough

This PR releases dorian v1.0.1, adding two new CLI commands (dorian suggest-claims and dorian export --in-toto), hardening checkers against malicious inputs (C4 nodeid leading-dash rejection, C5 SQLite query timeout), deduplicating symbol/config index construction in verify, pinning all GitHub Actions to commit SHAs, adding a security.yml workflow, and updating extensive documentation.

Changes

dorian v1.0.1 Release

Layer / File(s)	Summary
Version bump and bandit config pyproject.toml, src/dorian/__init__.py	Bumps version from 1.0.0 to 1.0.1 and adds a [tool.bandit] block with an explicit skips list for by-design Bandit rule IDs.
Supply-chain hardening: SHA pins, security workflow, Dependabot .github/dependabot.yml, .github/workflows/security.yml, .github/workflows/ci.yml, .github/workflows/publish*.yml, .github/workflows/release-gate.yml, .github/workflows/public-microbench.yml	Pins all third-party action uses: references to commit SHAs; adds a sca-sast job running pip-audit and bandit; adds Dependabot weekly checks for github-actions and pip.
C4 nodeid leading-dash rejection and C5 SQLite timeout src/dorian/checkers/c4_test.py, src/dorian/checkers/c5_data.py, tests/test_c4.py, tests/test_c5.py	C4 rejects empty or dash-prefixed pytest nodeids as bad_program before spawning any subprocess. C5 adds a 5-second wall-clock deadline to SQLite reconcile queries via a SQLite progress handler, surfacing overruns as Verdict.ERROR. Tests for both are included.
symbol_index: precomputed-index threading and verify deduplication src/dorian/symbol_index.py, src/dorian/commands.py, tests/test_symbol_index.py	Five symbol_index functions gain optional definers/config_index parameters to accept precomputed maps; cmd_verify builds each index once and threads it through all callers. A test asserts each index is built exactly once per verify run.
dorian suggest-claims: engine, CLI wiring, and tests src/dorian/suggestclaims.py, src/dorian/cli.py, src/dorian/commands.py, tests/test_suggest_claims.py, docs/design/SUGGEST_CLAIMS.md	New suggestclaims.py parses Python files via ast, probes each non-private symbol and primitive-literal constant with the C3 checker, and emits only passing claims. CLI adds suggest-claims subparser with --out. Tests cover proposal content, conservativeness, sealing, determinism, and non-Python rejection.
dorian export --in-toto: warrant projection, CLI wiring, and tests src/dorian/intoto.py, src/dorian/cli.py, src/dorian/commands.py, tests/test_intoto_export.py, docs/ATTESTATION_INTEROP.md	New intoto.py defines warrant_to_statement() projecting a sealed Warrant into a deterministic in-toto v1 Statement dict. CLI adds export subparser with --in-toto. cmd_export validates sidecar presence, loads the warrant, converts it, and prints JSON. Tests cover statement shape, byte-identical determinism, and error cases.
Documentation, README, action docs, and release notes README.md, action/README.md, action/action.yml, bench/public/README.md, docs/*, tests/test_readme_example.py, tests/test_version_sync.py	README gains a "Try it in 30 seconds" demo, real-catch narrative, and updated command-surface/roadmap. New docs: SECURITY_AND_SAFE_RUNNERS.md, WRITING_GOOD_CLAIMS.md, REAL_CATCH_LOG.md (first entry), design/BENCHMARK_C4_C5.md. Existing docs updated for v1.0.1. Release notes filled in. Version-sync and README badge tests added.

Sequence Diagram(s)

sequenceDiagram
  participant User
  participant CLI as dorian CLI
  participant suggestclaims as suggestclaims.suggest()
  participant ast_parser as ast (Python file parser)
  participant symbol_index as symbol_index (ambiguity filter)
  participant c3_checker as C3 checker

  User->>CLI: dorian suggest-claims app.py
  CLI->>suggestclaims: repo, normalized URI
  suggestclaims->>ast_parser: parse app.py for defs/literals
  ast_parser-->>suggestclaims: candidate symbols and constants
  suggestclaims->>symbol_index: filter ambiguous cross-file symbols
  symbol_index-->>suggestclaims: unambiguous candidates
  loop each candidate
    suggestclaims->>c3_checker: probe candidate
    c3_checker-->>suggestclaims: PASS or skip
  end
  suggestclaims-->>CLI: {claims: [...], skipped: [...]}
  CLI-->>User: JSON fragment (+ optional --out file)

Loading

sequenceDiagram
  participant User
  participant CLI as dorian CLI
  participant cmd_export
  participant warrantio as warrant sidecar loader
  participant intoto as intoto.warrant_to_statement()

  User->>CLI: dorian export app.py --in-toto
  CLI->>cmd_export: args (artifact, --in-toto)
  cmd_export->>warrantio: verify sidecar exists, load warrant
  warrantio-->>cmd_export: Warrant object
  cmd_export->>intoto: warrant + dorian_version
  intoto-->>cmd_export: in-toto v1 Statement dict
  cmd_export-->>User: deterministic JSON (stdout)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• ajaysurya1221/dorian#3: Introduced the verify command whose cmd_verify flow in commands.py is directly modified in this PR to thread precomputed symbol/config indices.
• ajaysurya1221/dorian#4: Touched symbol_index.py binding/ambiguous-mention logic that this PR extends with optional precomputed-index parameters.
• ajaysurya1221/dorian#6: Introduced multi-index config binding and watch-path logic in symbol_index.py and commands.py that this PR further optimizes by deduplicating index construction.

Poem

🐇 A rabbit hops through SHA-pinned gates,
Suggesting claims, no model debates.
In-toto stamps seal what was true,
Timeouts guard SQLite queries too.
Dash-prefixed nodeids? Firmly denied!
v1.0.1 ships with nothing to hide. ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 44.23% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: a v1.0.1 release with specific focus on hardening, DX improvements, and interoperability features, plus the key headline of the first real cross-PR catch.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch week1-public-microbench

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 5

🧹 Nitpick comments (5)

.github/workflows/security.yml (2)

14-14: ⚡ Quick win

Disable credential persistence for checkout in this PR-triggered workflow.

Line 14 uses default persist-credentials: true; set it to false to avoid leaving GITHUB_TOKEN in local git config for later steps.

Suggested patch

-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        with:
+          persist-credentials: false

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/security.yml at line 14, The actions/checkout action on
line 14 is using the default persist-credentials setting which leaves the
GITHUB_TOKEN in the local git config. Add the persist-credentials input
parameter set to false to the checkout action step to disable credential
persistence and prevent the GITHUB_TOKEN from being stored in git config for
subsequent steps in the workflow.

Source: Linters/SAST tools

---

21-21: ⚡ Quick win

Verify uvx pip-audit is auditing the project dependency set.

Line 21 may run pip-audit in an isolated tool environment. Please verify it is auditing the dependencies resolved by uv sync --all-extras; otherwise switch to a project-env invocation (e.g., uv run ...) so SCA coverage matches the workflow intent.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/security.yml at line 21, The `uvx pip-audit` command on
line 21 runs pip-audit in an isolated tool environment, which means it is not
auditing the actual project dependencies resolved by `uv sync --all-extras`.
Replace the `uvx pip-audit` invocation with `uv run pip-audit` to ensure that
the security audit covers the project's dependency set as intended by the
workflow.

.github/workflows/ci.yml (1)

16-16: ⚡ Quick win

Harden checkout by disabling persisted credentials.

Line 16 should set persist-credentials: false to avoid persisting GITHUB_TOKEN into repo git config during CI.

Suggested patch

-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10  # v6.0.3
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10  # v6.0.3
+        with:
+          persist-credentials: false

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/ci.yml at line 16, The actions/checkout action on line 16
is missing the persist-credentials configuration option, which allows the
GITHUB_TOKEN to be persisted in the git config during CI. Add a with section to
the actions/checkout action and configure persist-credentials to false to
prevent the GITHUB_TOKEN from being stored in the repository's git
configuration.

Source: Linters/SAST tools

.github/workflows/release-gate.yml (2)

34-37: Set persist-credentials: false on both checkout steps.

Lines 34 and 53 currently persist the repository token for Git operations. Since this workflow executes project code (pytest, python -m build), disabling credential persistence follows the principle of least privilege and prevents potential unauthorized Git operations by other steps.

In actions/checkout v6, credentials are stored in a separate file rather than in .git/config, but persist-credentials: false remains the recommended approach for workflows that don't require authenticated Git operations.

Suggested hardening diff

      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10  # v6.0.3
         with:
           ref: ${{ inputs.ref || github.ref }}
           fetch-depth: 0
+          persist-credentials: false

Also applies to: 53-56

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/release-gate.yml around lines 34 - 37, Add
persist-credentials: false to the with section of both checkout steps in the
workflow (the actions/checkout step around line 34 and the one around line 53).
This disables repository token persistence and follows the principle of least
privilege since the workflow executes project code like pytest and python build
commands that don't require authenticated Git operations.

Source: Linters/SAST tools

---

38-39: Explicitly configure setup-uv cache behavior for release gate determinism.

Since this job validates releases destined for publication and attestation, relying on implicit cache defaults introduces unnecessary ambiguity. The default enable-cache: auto enables caching on GitHub-hosted runners, which could interfere with reproducibility. Add enable-cache: "false" to ensure deterministic verification.

Suggested change

       - uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39  # v8.2.0
-        with: { python-version: "${{ matrix.python }}" }
+        with:
+          python-version: "${{ matrix.python }}"
+          enable-cache: "false"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/release-gate.yml around lines 38 - 39, The setup-uv action
in the release-gate workflow currently relies on implicit cache defaults which
can compromise reproducibility. Add the explicit configuration enable-cache:
"false" to the with block of the astral-sh/setup-uv action to ensure
deterministic verification behavior and prevent cache-related interference with
release validation and attestation processes.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/ATTESTATION_INTEROP.md`:
- Line 37: The dorianVersion field in the example JSON object is set to an
outdated version string. Update the dorianVersion value from "1.0.0" to "1.0.1"
to reflect the current patch release being documented.

In `@src/dorian/commands.py`:
- Around line 404-416: The issue is that removesuffix(".warrant") is applied
unconditionally to args.artifact before determining whether the user provided an
artifact name or a sidecar path. For an artifact named foo.warrant, this
incorrectly strips it to foo, resulting in a wrong sidecar lookup. Instead, only
apply removesuffix(".warrant") when the provided path is actually a sidecar file
(check if it ends in .warrant and corresponds to an actual file), otherwise use
args.artifact as-is for the artifact name. This way the correct sidecar path
artifact_uri + ".warrant" will be derived properly for all artifact names
including those that naturally end in .warrant.

In `@src/dorian/suggestclaims.py`:
- Around line 63-65: The current code uses read_text(encoding="utf-8") which
forces UTF-8 decoding and ignores PEP 263 encoding cookies in Python files.
Replace read_text(encoding="utf-8") with read_bytes() and pass the bytes
directly to ast.parse(). Since read_bytes() is used instead of read_text(),
UnicodeDecodeError will no longer be raised and should be removed from the
exception handler tuple, leaving only OSError and SyntaxError to catch.

In `@src/dorian/symbol_index.py`:
- Around line 204-210: The code has a vulnerability where when a precomputed
index is provided (definers is not None), it bypasses the error handling and
calls pyproject_script_definers on line 210, which internally calls
gitio.ls_files and can raise a GitError for non-git repos. Even though the
caller supplied a fallback value to avoid errors, the function still fails. Wrap
the pyproject_script_definers call in a try-except block to catch gitio.GitError
and return an empty dict on failure, ensuring both the python_symbol_definers
and pyproject_script_definers paths handle non-git repos gracefully.

In `@tests/test_intoto_export.py`:
- Around line 70-74: The determinism test calls cli.main() twice on lines 70 and
72 without checking if the commands succeeded, so two failed runs could still
produce identical output and pass the assertion. Add assertions to verify that
both cli.main() calls return a success indicator (typically exit code 0 or a
truthy value) before comparing the out1 and out2 outputs. This ensures the
export operations actually succeeded before validating byte-identical output.

---

Nitpick comments:
In @.github/workflows/ci.yml:
- Line 16: The actions/checkout action on line 16 is missing the
persist-credentials configuration option, which allows the GITHUB_TOKEN to be
persisted in the git config during CI. Add a with section to the
actions/checkout action and configure persist-credentials to false to prevent
the GITHUB_TOKEN from being stored in the repository's git configuration.

In @.github/workflows/release-gate.yml:
- Around line 34-37: Add persist-credentials: false to the with section of both
checkout steps in the workflow (the actions/checkout step around line 34 and the
one around line 53). This disables repository token persistence and follows the
principle of least privilege since the workflow executes project code like
pytest and python build commands that don't require authenticated Git
operations.
- Around line 38-39: The setup-uv action in the release-gate workflow currently
relies on implicit cache defaults which can compromise reproducibility. Add the
explicit configuration enable-cache: "false" to the with block of the
astral-sh/setup-uv action to ensure deterministic verification behavior and
prevent cache-related interference with release validation and attestation
processes.

In @.github/workflows/security.yml:
- Line 14: The actions/checkout action on line 14 is using the default
persist-credentials setting which leaves the GITHUB_TOKEN in the local git
config. Add the persist-credentials input parameter set to false to the checkout
action step to disable credential persistence and prevent the GITHUB_TOKEN from
being stored in git config for subsequent steps in the workflow.
- Line 21: The `uvx pip-audit` command on line 21 runs pip-audit in an isolated
tool environment, which means it is not auditing the actual project dependencies
resolved by `uv sync --all-extras`. Replace the `uvx pip-audit` invocation with
`uv run pip-audit` to ensure that the security audit covers the project's
dependency set as intended by the workflow.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 61f843d5-d350-45df-83db-59b69fa7a9a1

📥 Commits

Reviewing files that changed from the base of the PR and between 86ef812 and 81cebbc.

📒 Files selected for processing (38)

• .github/dependabot.yml
• .github/workflows/ci.yml
• .github/workflows/public-microbench.yml
• .github/workflows/publish-testpypi.yml
• .github/workflows/publish.yml
• .github/workflows/release-gate.yml
• .github/workflows/security.yml
• README.md
• action/README.md
• action/action.yml
• bench/public/README.md
• docs/ATTESTATION_INTEROP.md
• docs/BENCHMARK_CURRENT.md
• docs/PUBLIC_BENCHMARK_PROTOCOL.md
• docs/REAL_CATCH_LOG.md
• docs/ROADMAP_BACKLOG.md
• docs/SECURITY_AND_SAFE_RUNNERS.md
• docs/USE_WITH_CLAUDE_CODE.md
• docs/WRITING_GOOD_CLAIMS.md
• docs/design/BENCHMARK_C4_C5.md
• docs/design/SUGGEST_CLAIMS.md
• docs/releases/v1.0.1.md
• pyproject.toml
• src/dorian/__init__.py
• src/dorian/checkers/c4_test.py
• src/dorian/checkers/c5_data.py
• src/dorian/cli.py
• src/dorian/commands.py
• src/dorian/intoto.py
• src/dorian/suggestclaims.py
• src/dorian/symbol_index.py
• tests/test_c4.py
• tests/test_c5.py
• tests/test_intoto_export.py
• tests/test_readme_example.py
• tests/test_suggest_claims.py
• tests/test_symbol_index.py
• tests/test_version_sync.py

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Update the example dorianVersion to match this release.

Line 37 still shows 1.0.0; this patch release is 1.0.1, so the sample is stale.

Suggested fix

-    "dorianVersion": "1.0.0",
+    "dorianVersion": "1.0.1",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"dorianVersion": "1.0.0",
	"dorianVersion": "1.0.1",

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/ATTESTATION_INTEROP.md` at line 37, The dorianVersion field in the
example JSON object is set to an outdated version string. Update the
dorianVersion value from "1.0.0" to "1.0.1" to reflect the current patch release
being documented.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Don’t strip .warrant before checking the artifact sidecar.

Line 404 treats any artifact whose real filename ends in .warrant as if the user supplied its sidecar. For an artifact like foo.warrant, the valid sidecar is foo.warrant.warrant, but this code looks for or loads foo.warrant instead.

🐛 Suggested fix

-    raw = args.artifact.removesuffix(".warrant")  # accept the artifact or its sidecar path
     try:
-        artifact_uri = _artifact_uri(repo, raw)
+        input_uri = _artifact_uri(repo, args.artifact)
     except ValueError as exc:
         print(f"dorian export: {exc}", file=sys.stderr)
         return EXIT_USAGE
-    sidecar = repo / (artifact_uri + ".warrant")
+    artifact_sidecar = repo / (input_uri + ".warrant")
+    if artifact_sidecar.is_file():
+        artifact_uri = input_uri
+        sidecar = artifact_sidecar
+    else:
+        artifact_uri = input_uri.removesuffix(".warrant")
+        sidecar = repo / (artifact_uri + ".warrant")
     if not sidecar.is_file():

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/dorian/commands.py` around lines 404 - 416, The issue is that
removesuffix(".warrant") is applied unconditionally to args.artifact before
determining whether the user provided an artifact name or a sidecar path. For an
artifact named foo.warrant, this incorrectly strips it to foo, resulting in a
wrong sidecar lookup. Instead, only apply removesuffix(".warrant") when the
provided path is actually a sidecar file (check if it ends in .warrant and
corresponds to an actual file), otherwise use args.artifact as-is for the
artifact name. This way the correct sidecar path artifact_uri + ".warrant" will
be derived properly for all artifact names including those that naturally end in
.warrant.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify whether the repo contains .py files with non-UTF8 declared encodings.
python - <<'PY'
import pathlib, tokenize
for p in pathlib.Path('.').rglob('*.py'):
    try:
        with p.open('rb') as f:
            enc, _ = tokenize.detect_encoding(f.readline)
        if enc.lower() not in ('utf-8', 'utf8'):
            print(f"{p}\t{enc}")
    except Exception:
        pass
PY

Repository: ajaysurya1221/dorian

Length of output: 46

---

🏁 Script executed:

cat -n src/dorian/suggestclaims.py | sed -n '55,75p'

Repository: ajaysurya1221/dorian

Length of output: 1107

---

🏁 Script executed:

python - <<'PY'
import ast
import tempfile
import pathlib

# Test 1: Verify ast.parse handles PEP 263 with bytes
test_code_with_encoding = b"""# -*- coding: iso-8859-1 -*-
print('hello')
"""

try:
    tree = ast.parse(test_code_with_encoding)
    print("✓ ast.parse(bytes) with PEP 263 cookie: SUCCESS")
except Exception as e:
    print(f"✗ ast.parse(bytes) with PEP 263 cookie: {type(e).__name__}: {e}")

# Test 2: Verify what exceptions are raised with invalid encoding
test_code_invalid = b"""# -*- coding: invalid-encoding -*-
print('hello')
"""

try:
    tree = ast.parse(test_code_invalid)
    print("✓ ast.parse(bytes) with invalid encoding: SUCCESS")
except Exception as e:
    print(f"✗ ast.parse(bytes) with invalid encoding: {type(e).__name__}: {e}")

# Test 3: Verify UnicodeDecodeError with read_text(encoding='utf-8') on non-UTF8 content
try:
    # Simulate ISO-8859-1 encoded file
    iso_content = "café".encode('iso-8859-1')
    iso_content.decode('utf-8')
except UnicodeDecodeError as e:
    print(f"✓ UnicodeDecodeError occurs with mismatched encoding: {type(e).__name__}")

PY

Repository: ajaysurya1221/dorian

Length of output: 295

---

Use bytes input to ast.parse() for proper PEP 263 encoding cookie handling.

The current code forces UTF-8 decoding via read_text(encoding="utf-8"), which rejects valid .py files declaring other encodings via PEP 263 cookies. Passing bytes directly to ast.parse() respects encoding declarations, making the code more robust. Additionally, UnicodeDecodeError becomes unreachable when using read_bytes().

Suggested fix

-    try:
-        tree = ast.parse(p.read_text(encoding="utf-8"))
-    except (OSError, UnicodeDecodeError, SyntaxError) as exc:
+    try:
+        tree = ast.parse(p.read_bytes())
+    except (OSError, SyntaxError) as exc:
         raise ValueError(f"unparseable python: {path}: {exc}") from None

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/dorian/suggestclaims.py` around lines 63 - 65, The current code uses
read_text(encoding="utf-8") which forces UTF-8 decoding and ignores PEP 263
encoding cookies in Python files. Replace read_text(encoding="utf-8") with
read_bytes() and pass the bytes directly to ast.parse(). Since read_bytes() is
used instead of read_text(), UnicodeDecodeError will no longer be raised and
should be removed from the exception handler tuple, leaving only OSError and
SyntaxError to catch.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Keep the optional-index path non-fatal for non-git repos.

Line 210 still calls pyproject_script_definers, which calls gitio.ls_files. If a caller supplies a precomputed fallback like {} after python_symbol_definers failed, the new definers is not None path bypasses the guard on Lines 204-208 and can raise instead of returning {}.

🛡️ Suggested fix

-    scripts = pyproject_script_definers(repo, index)  # console-script name -> target file
+    try:
+        scripts = pyproject_script_definers(repo, index)  # console-script name -> target file
+    except gitio.GitError:
+        scripts = {}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if definers is None:
	try:
	definers = python_symbol_definers(repo)
	except gitio.GitError:
	return {}
	index = definers
	scripts = pyproject_script_definers(repo, index) # console-script name -> target file
	if definers is None:
	try:
	definers = python_symbol_definers(repo)
	except gitio.GitError:
	return {}
	index = definers
	try:
	scripts = pyproject_script_definers(repo, index) # console-script name -> target file
	except gitio.GitError:
	scripts = {}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/dorian/symbol_index.py` around lines 204 - 210, The code has a
vulnerability where when a precomputed index is provided (definers is not None),
it bypasses the error handling and calls pyproject_script_definers on line 210,
which internally calls gitio.ls_files and can raise a GitError for non-git
repos. Even though the caller supplied a fallback value to avoid errors, the
function still fails. Wrap the pyproject_script_definers call in a try-except
block to catch gitio.GitError and return an empty dict on failure, ensuring both
the python_symbol_definers and pyproject_script_definers paths handle non-git
repos gracefully.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Assert export succeeds in the determinism test before comparing bytes.

Lines 70 and 72 currently ignore the CLI exit code, so two failed runs can still satisfy out1 == out2.

Suggested fix

-    cli.main(["--repo", str(repo), "export", "note.md", "--in-toto"])
+    assert cli.main(["--repo", str(repo), "export", "note.md", "--in-toto"]) == 0
     out1 = capsys.readouterr().out
-    cli.main(["--repo", str(repo), "export", "note.md", "--in-toto"])
+    assert cli.main(["--repo", str(repo), "export", "note.md", "--in-toto"]) == 0
     out2 = capsys.readouterr().out

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/test_intoto_export.py` around lines 70 - 74, The determinism test calls
cli.main() twice on lines 70 and 72 without checking if the commands succeeded,
so two failed runs could still produce identical output and pass the assertion.
Add assertions to verify that both cli.main() calls return a success indicator
(typically exit code 0 or a truthy value) before comparing the out1 and out2
outputs. This ensures the export operations actually succeeded before validating
byte-identical output.