Conversation
…if error Fixes M9nx#12 and M9nx#13. - quality/hotspots: accept an optional positional DIRECTORY argument so 'codexa quality .' and 'codexa hotspots .' work without --path. Previously Click rejected the bare '.' with 'Got unexpected extra argument (.)'. - hotspots: deduplicate callable_symbols by (file_path, name) before scoring so that re-indexed or multiply-parsed symbols do not produce repeated entries in the hotspot list with identical scores. - quality: suppress the 'Could not load sarif: No module named sarif_om' ERROR that bandit logs on every import when the optional sarif_om package is not installed. The filter is applied only during bandit's import and removed immediately after, so genuine bandit errors are still surfaced.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes codexa quality / codexa hotspots CLI ergonomics and reduces noisy output by accepting a positional directory argument, deduplicating hotspot symbol entries, and suppressing an optional Bandit SARIF import log.
Changes:
- Add optional positional
DIRECTORYargument tocodexa qualityandcodexa hotspots(while keeping--path). - Deduplicate hotspot scoring inputs to avoid repeated entries for the same symbol.
- Suppress Bandit’s “Could not load 'sarif'” log during import when
sarif_omis not installed.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
| semantic_code_intelligence/cli/commands/quality_cmd.py | Adds optional positional directory arg and uses it to select the analysis root. |
| semantic_code_intelligence/cli/commands/hotspots_cmd.py | Adds optional positional directory arg and uses it to select the analysis root. |
| semantic_code_intelligence/ci/quality.py | Adds a temporary logging filter around Bandit import to suppress SARIF optional-dependency noise. |
| semantic_code_intelligence/ci/hotspots.py | Deduplicates callable symbols before scoring to prevent repeated hotspot entries. |
Owner
|
Hi @nandanadileep , Appreciate the fix and improvements here. Changes look solid and tested — proceeding to close this PR. Thanks! |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
M9nx
approved these changes
Apr 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #12 and #13.
Changes
codexa quality ./codexa hotspots .now work (fixes #13)Both commands previously defined
--pathas the only way to set the project root. Passing a bare path like.caused Click to reject it withGot unexpected extra argument (.).Each command now accepts an optional positional
DIRECTORYargument. Both of these are equivalent:Duplicate hotspot entries de-duplicated (fixes #13)
analyze_hotspotswas scoring everySymbolobject fromget_all_symbols()independently. If the same function was parsed or indexed more than once, it appeared multiple times in the output with identical scores (e.g.test_to_dictrepeated intests/test_phase20.py).Symbols are now deduplicated by
(file_path, name)before scoring, so each unique symbol appears exactly once.Spurious SARIF error suppressed (fixes #12)
Bandit eagerly loads all its formatters at import time, including a SARIF formatter that requires the optional
sarif_ompackage. Whensarif_omis absent, bandit emits:This appeared on every
codexa quality/codexa hotspotsrun regardless of whether SARIF output was requested.The fix adds a temporary
logging.Filterto thebanditlogger around the import, removing it immediately after. Genuine bandit errors are still surfaced; only this specific optional-dependency message is suppressed.Test plan
codexa quality .runs without "Got unexpected extra argument" errorcodexa hotspots .runs without "Got unexpected extra argument" errorcodexa quality --path .still works (backward compatible)codexa hotspotsoutput shows each symbol at most onceERROR Could not load 'sarif'message oncodexa qualitywithoutsarif_ominstalledcodexa quality --sarif(if/when added) still shows a clear hint whensarif_omis missing