Upload folder using huggingface_hub

.gitignore

@@ -0,0 +1 @@
+.env

.gradio/certificate.pem

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
+WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
+ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
+MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
+h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
+0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
+A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
+T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
+B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
+B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
+KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
+OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
+jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
+qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
+rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
+hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
+ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
+3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
+NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
+ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
+TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
+jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
+oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
+4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
+mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
+emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
+-----END CERTIFICATE-----

README.md

@@ -1,12 +1,7 @@
 ---
 title: GITGuardianAI
-emoji: 📉
-colorFrom: blue
-colorTo: indigo
+app_file: app.py
 sdk: gradio
 sdk_version: 5.34.0
-app_file: app.py
-pinned: false
 ---
-
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
+# gitguardianai

__init__.py

@@ -0,0 +1 @@
+from . import agent

agent.py

@@ -0,0 +1,28 @@
+from agents.PerformanceAgent import PerformanceAgent
+from agents.CodeQualityAgent import CodeQualityAgent
+from agents.SecurityAgent import SecurityAgent
+from google.adk.agents import ParallelAgent, SequentialAgent, LlmAgent
+import prompt
+
+MODEL = "gemini-2.0-flash"
+
+parallel_review_agent = ParallelAgent(
+    name="ParallelCodeReviewAgent",
+    sub_agents=[CodeQualityAgent, PerformanceAgent, SecurityAgent],
+    description="Executes CodeQuality, Performance, and Security agents in parallel on changed Python code."
+)
+
+merger_agent = LlmAgent(
+    name="CodeReviewMergerAgent",
+    model=MODEL,
+    description="Merges results from CodeQuality, Performance, and Security agents into a single report.",
+    instruction=prompt.ORCHESTRATOR_AGENT_PROMPT,
+)
+
+sequential_code_review_agent = SequentialAgent(
+    name="CodeReviewOrchestratorAgent",
+    sub_agents=[parallel_review_agent, merger_agent],
+    description="Coordinates code quality, performance, and security review, then synthesizes the results."
+)
+
+root_agent = sequential_code_review_agent

agents/CodeQualityAgent/__init__.py

@@ -0,0 +1 @@
+from .agent import CodeQualityAgent

agents/CodeQualityAgent/agent.py

@@ -0,0 +1,10 @@
+from google.adk.agents import LlmAgent
+from . import prompt
+
+MODEL = "gemini-2.0-flash"
+
+CodeQualityAgent = LlmAgent(
+    model=MODEL,
+    name="CodeQualityAgent",
+    instruction=prompt.CODE_QUALITY_AGENT_PROMPT,
+)

agents/CodeQualityAgent/prompt.py

@@ -0,0 +1,49 @@
+"""Prompt for the code_quality_agent agent."""
+
+CODE_QUALITY_AGENT_PROMPT = """
+Role: You are a Code Quality Review Agent specializing in Python codebases.
+
+Inputs:
+
+Committed or Changed Python Code Snippet: A Python code snippet or diff containing newly committed or modified code, provided in full.
+{changes}
+Contextual Metadata (optional): Repository-level metadata such as project description, file/module names, or brief notes from the developer (if available).
+
+Core Task:
+
+Analyze & Review: Carefully review the submitted Python code for the following quality aspects:
+1. Readability: Assess clarity, conciseness, and formatting consistency.
+2. Modularity: Identify opportunities to improve function/component separation and reusability.
+3. Naming Conventions: Evaluate whether variables, functions, and classes use meaningful, standardized naming.
+4. Unused or Dead Code: Detect redundant or unnecessary code elements that can be safely removed.
+
+Output Requirements:
+
+Generate a concise, actionable review report. It must include:
+- Summary Comments: General remarks on code structure, clarity, and maintainability.
+- Issue List: A numbered list of specific improvements or concerns, each tagged by category (e.g., [Readability], [Modularity]).
+- Suggested Fixes: When possible, provide brief code suggestions or describe how to resolve each issue.
+
+Format:
+
+Review Summary:
+<Brief paragraph summarizing the overall quality and tone of the code.>
+
+Issues & Suggestions:
+1. [Category] <Title of Issue>
+   Description: <What the issue is and why it matters.>
+   Suggestion: <How to fix or improve it.>
+
+Example:
+
+1. [Naming] Inconsistent Variable Naming
+   Description: The variable `x1` is ambiguous and does not reflect its purpose in the context of data filtering.
+   Suggestion: Rename `x1` to something more descriptive like `filtered_records`.
+
+2. [Modularity] Large Function Handling Multiple Concerns
+   Description: The function `process_data()` is over 60 lines long and handles both parsing and computation.
+   Suggestion: Split it into smaller, reusable functions such as `parse_input()` and `compute_statistics()`.
+
+(Optional) Bonus Suggestions:
+- If applicable, suggest linting tools, docstring improvements, or refactoring patterns relevant to the observed issues.
+"""

agents/PerformanceAgent/__init__.py

@@ -0,0 +1 @@
+from .agent import PerformanceAgent

agents/PerformanceAgent/agent.py

@@ -0,0 +1,10 @@
+from google.adk.agents import LlmAgent
+from . import prompt
+
+MODEL = "gemini-2.0-flash"
+
+PerformanceAgent = LlmAgent(
+    model=MODEL,
+    name="PerformanceAgent",
+    instruction=prompt.PERFORMANCE_OPTIMIZATION_AGENT_PROMPT,
+)

agents/PerformanceAgent/prompt.py

@@ -0,0 +1,49 @@
+"""Prompt for the performance_optimization_agent agent."""
+
+PERFORMANCE_OPTIMIZATION_AGENT_PROMPT = """
+Role: You are a Python Performance Optimization Agent.
+
+Inputs:
+
+Committed or Changed Python Code Snippet: A Python code snippet or diff containing newly committed or modified code, provided in full.
+{changes}
+Contextual Metadata (optional): Repository-level metadata such as project description, performance goals, or runtime characteristics (if available).
+
+Core Task:
+
+Analyze & Optimize: Examine the code for performance inefficiencies, particularly focusing on:
+1. Inefficient Loops: Nested loops, repeated computations, or poor iteration practices.
+2. Redundant Computation: Repeated evaluations of the same logic or sub-expressions.
+3. Missed Vectorization: Opportunities to replace explicit loops with NumPy or pandas-style vectorized operations.
+4. Caching Opportunities: Expensive function calls or repeated I/O that could benefit from memoization or caching.
+
+Output Requirements:
+
+Generate a performance review report including:
+- Summary Comments: General assessment of how performant the code is, and where bottlenecks may exist.
+- Issue List: A numbered list of performance concerns, each tagged by category (e.g., [Loop Inefficiency], [Redundant Calculation]).
+- Suggested Fixes: When possible, propose optimized code snippets or clearly explain how to improve performance.
+
+Format:
+
+Performance Review Summary:
+<Brief paragraph commenting on overall efficiency and responsiveness of the code.>
+
+Performance Issues & Suggestions:
+1. [Category] <Title of Issue>
+   Description: <What the performance issue is and how it affects execution.>
+   Suggestion: <How to optimize or rewrite the code for better performance.>
+
+Example:
+
+1. [Redundant Calculation] Recomputing Length Inside Loop
+   Description: The code calls `len(data)` within each iteration of a loop, which is unnecessary as the length doesn't change.
+   Suggestion: Compute `length = len(data)` once before the loop and reuse it.
+
+2. [Vectorization] Manual Loop Can Be Vectorized
+   Description: The loop manually computes element-wise multiplication over two lists.
+   Suggestion: Replace the loop with `np.multiply(arr1, arr2)` using NumPy for better performance.
+
+(Optional) Additional Notes:
+- If relevant, suggest profiling tools (e.g., cProfile, line_profiler), parallelization options, or lazy evaluation patterns.
+"""

agents/SecurityAgent/__init__.py

@@ -0,0 +1 @@
+from .agent import SecurityAgent

agents/SecurityAgent/agent.py

@@ -0,0 +1,10 @@
+from google.adk.agents import LlmAgent
+from . import prompt
+
+MODEL = "gemini-2.0-flash"
+
+SecurityAgent = LlmAgent(
+    model=MODEL,
+    name="SecurityAgent",
+    instruction=prompt.SECURITY_REVIEW_AGENT_PROMPT,
+)

agents/SecurityAgent/prompt.py

@@ -0,0 +1,50 @@
+"""Prompt for the security_review_agent agent."""
+
+SECURITY_REVIEW_AGENT_PROMPT = """
+Role: You are a Python Security Review Agent.
+
+Inputs:
+
+Committed or Changed Python Code Snippet: A Python code snippet or diff containing newly committed or modified code, provided in full.
+{changes}
+Contextual Metadata (optional): Repository-level information such as environment type (web, backend, script), file paths, developer notes, or system-level permissions.
+
+Core Task:
+
+Analyze & Secure: Review the submitted Python code to detect security vulnerabilities and risky coding practices, with special attention to:
+1. Insecure Functions: Use of dangerous built-ins (e.g., `eval`, `exec`) or unsafe libraries (e.g., `pickle`, `os.system`) that may lead to code execution or injection.
+2. Hardcoded Secrets: Presence of access tokens, passwords, API keys, or credentials directly in code.
+3. Input Validation: Lack of checks or sanitization on external input (e.g., user input, request parameters, file contents).
+4. Permission Issues: Unsafe file handling (e.g., unrestricted file writes), improper subprocess calls, or incorrect system access logic.
+
+Output Requirements:
+
+Generate a security review report containing:
+- Summary Comments: High-level overview of security posture and risky zones.
+- Issue List: A numbered list of specific concerns, each tagged by category (e.g., [Insecure Function], [Secret Exposure]).
+- Suggested Fixes: When possible, suggest mitigations, safer alternatives, or security best practices.
+
+Format:
+
+Security Review Summary:
+<Brief paragraph summarizing major security risks and overall code safety.>
+
+Security Issues & Recommendations:
+1. [Category] <Title of Issue>
+   Description: <What the vulnerability is and why it poses a risk.>
+   Suggestion: <How to fix or reduce the security risk.>
+
+Example:
+
+1. [Insecure Function] Use of `eval` on External Input
+   Description: The function `process_query(query)` uses `eval(query)` directly on input data, which allows arbitrary code execution.
+   Suggestion: Replace with safe parsing logic or `ast.literal_eval` if literal evaluation is needed.
+
+2. [Secret Exposure] Hardcoded API Key Found
+   Description: The line `API_KEY = "sk-xyz123..."` exposes a hardcoded credential in the codebase.
+   Suggestion: Move the key to an environment variable or secure vault, and reference it securely using `os.getenv()`.
+
+(Optional) Additional Notes:
+- Recommend scanning tools like Bandit, TruffleHog, or secretslint if appropriate.
+- Suggest general security practices such as dependency pinning or input schema validation.
+"""

app.py

@@ -0,0 +1,73 @@
+import uuid
+import asyncio
+import os
+import gradio as gr
+from dotenv import load_dotenv
+
+from agent import root_agent
+from google.adk.runners import Runner
+from google.adk.sessions import InMemorySessionService
+from google.genai import types
+from git import get_git_show  
+load_dotenv()
+
+session_service = InMemorySessionService()
+APP_NAME = "Social Media Post Generator"
+USER_ID = "ahsanayaz"
+
+
+async def run_agent_on_changes(changes: str) -> str:
+    SESSION_ID = str(uuid.uuid4())
+
+    session = await session_service.create_session(
+        app_name=APP_NAME,
+        user_id=USER_ID,
+        session_id=SESSION_ID,
+        state={"changes": changes},
+    )
+
+    runner = Runner(
+        agent=root_agent,
+        session_service=session_service,
+        app_name=APP_NAME,
+    )
+
+    user_query = types.Content(
+        role="user",
+        parts=[types.Part(text=changes)],
+    )
+
+    response_text = ""
+    async for event in runner.run_async(
+        user_id=USER_ID,
+        session_id=SESSION_ID,
+        new_message=user_query,
+    ):
+        if event.is_final_response():
+            if event.content and event.content.parts:
+                response_text = event.content.parts[0].text
+    return response_text
+
+
+def generate_suggestions(input_text: str) -> str:
+    if input_text.strip().startswith("http"):
+        try:
+            changes = get_git_show(input_text.strip())
+        except Exception as e:
+            return f"Error fetching Git data: {e}"
+    else:
+        changes = input_text
+
+    return asyncio.run(run_agent_on_changes(changes))
+
+
+iface = gr.Interface(
+    fn=generate_suggestions,
+    inputs=gr.Textbox(lines=10, label="Enter GitHub URL or Code"),
+    outputs=gr.Textbox(lines=10, label="AI Suggestions"),
+    title="Git Code/Change Suggestion Agent",
+    description="Enter a GitHub URL or paste code to get suggestions using the root_agent",
+)
+
+if __name__ == "__main__":
+    iface.launch(share=True)

git.py

@@ -0,0 +1,27 @@
+import os
+import shutil
+import subprocess
+import tempfile
+import requests
+
+def get_git_show(repo_url):
+    temp_dir = tempfile.mkdtemp()
+    
+    try:
+        # Step 2: Clone the repo
+        subprocess.run(['git', 'clone', repo_url, temp_dir], check=True)
+
+        # Step 3: Run git show in that repo
+        git_show_output = subprocess.check_output(
+            ['git', 'show'],
+            cwd=temp_dir,
+            text=True
+        )
+        return git_show_output.strip()
+
+    except subprocess.CalledProcessError as e:
+        print("Error running subprocess:", e)
+    except Exception as ex:
+        print("Unexpected error:", ex)
+    finally:
+        shutil.rmtree(temp_dir)

prompt.py

@@ -0,0 +1,58 @@
+"""Prompt for the orchestrator_agent agent."""
+
+ORCHESTRATOR_AGENT_PROMPT = """
+Role: You are an Orchestrator Agent responsible for coordinating the review and optimization of Python code using a team of specialized agents.
+
+Inputs:
+
+Python Code Snippet or Commit Diff: The target Python code to be analyzed.
+{changes}
+Contextual Metadata (optional): Repository or file context such as filenames, environment (e.g., API backend, data pipeline), or developer notes.
+
+Sub-Agent Collaboration:
+
+Coordinate with the following three sub-agents to extract focused feedback:
+1. CodeQualityAgent — Reviews the code for readability, modularity, naming consistency, and dead code.
+2. PerformanceAgent — Identifies inefficient loops, redundant computations, and suggests vectorization or caching.
+3. SecurityAgent — Flags insecure patterns (e.g., `eval`, `pickle`), hardcoded secrets, and permission/input validation issues.
+
+Core Task:
+
+Aggregate & Synthesize: Request suggestions from each sub-agent based on the provided code. Then:
+- Merge their feedback into a cohesive, human-readable report.
+- Eliminate duplicate or overlapping items.
+- Prioritize the issues based on severity, ease of implementation, and potential impact.
+
+Output Requirements:
+
+Deliver a structured, actionable review report containing:
+- Executive Summary: A brief paragraph summarizing the overall health of the code from a quality, performance, and security standpoint.
+- Prioritized Suggestions List: A unified list of improvement items, sorted by importance (High, Medium, Low).
+  Each item must include:
+  • Category: One or more tags (e.g., [Security], [Performance], [Code Quality])
+  • Title: Clear and concise issue title
+  • Description: Explanation of the problem and its implications
+  • Suggestion: Proposed fix or mitigation
+
+Format:
+
+Executive Summary:
+<High-level synthesis of what the code does well and what needs immediate attention.>
+
+Prioritized Suggestions:
+1. [High][Security] Hardcoded Secret Detected
+   Description: A plaintext API key was found in the source code, which poses a major security risk.
+   Suggestion: Move the key to an environment variable and reference it via `os.getenv()`.
+
+2. [Medium][Performance] Inefficient Loop with Repeated Computation
+   Description: The loop recalculates `len(data)` on every iteration, which is unnecessary.
+   Suggestion: Store the length in a variable before the loop to reduce overhead.
+
+3. [Low][Code Quality] Ambiguous Variable Naming
+   Description: The variable `tmp` does not reflect its purpose, reducing code readability.
+   Suggestion: Rename to `filtered_items` or a more descriptive name.
+
+(Optional) Final Notes:
+- Summarize which sub-agent contributed which suggestion, if clarity is needed.
+- Optionally recommend tooling (e.g., linters, profilers, security scanners) based on common issues found.
+"""

requiremnts.txt

@@ -0,0 +1,2 @@
+google-adk
+gradio

run.py

@@ -0,0 +1,61 @@
+import uuid
+import asyncio
+from dotenv import load_dotenv
+import os
+from agent import root_agent
+from google.adk.runners import Runner
+from google.adk.sessions import InMemorySessionService
+from google.genai import types
+from git import get_git_show
+
+load_dotenv()
+
+
+async def main():
+    changes = get_git_show("https://github.com/vinay-852/gitguardianai.git")
+    session_service = InMemorySessionService()
+
+    SESSION_ID = str(uuid.uuid4())
+    USER_ID = "ahsanayaz"
+    APP_NAME = "Social Media Post Generator"
+
+    # Await session creation, inject 'changes' into state
+    session = await session_service.create_session(
+        app_name=APP_NAME,
+        user_id=USER_ID,
+        session_id=SESSION_ID,
+        state={"changes": changes},
+    )
+
+    print(f"Session ID: {session.id}")
+
+    runner = Runner(
+        agent=root_agent,
+        session_service=session_service,
+        app_name=APP_NAME,
+    )
+
+    user_query = types.Content(
+        role="user",
+        parts=[types.Part(text=changes)],
+    )
+
+    # Run the agent and print the final response
+    async for event in runner.run_async(
+        user_id=USER_ID,
+        session_id=SESSION_ID,
+        new_message=user_query,
+    ):
+        if event.is_final_response():
+            if event.content and event.content.parts:
+                print("Final response:", event.content.parts[0].text)
+
+    # Await session retrieval
+    session = await session_service.get_session(
+        app_name=APP_NAME,
+        user_id=USER_ID,
+        session_id=SESSION_ID,
+    )
+
+if __name__ == "__main__":
+    asyncio.run(main())