[cli] Add dependency import command for multi-ecosystem support

[ShreeJejurikar]

Summary

Implements cortex import command that parses and installs dependencies from multiple package manager files:

• Supported formats: requirements.txt (Python), package.json (Node), Gemfile (Ruby), Cargo.toml (Rust), go.mod (Go)
• Dry-run by default with --execute flag for actual installation
• --dev flag to include dev dependencies
• --all flag to scan directory for all dependency files
• Y/n confirmation when using --all --execute
• 90% test coverage with 80 unit tests

Closes #126

Checklist

• Tests pass (pytest tests/)
• MVP label added if closing MVP issue
• Update "Cortex -h" (if needed)

Summary by CodeRabbit

• New Features

  • Added "import" command to parse and install dependencies from package files
  • Supports Python, Node.js, Ruby, Rust, and Go ecosystems
  • Includes dry-run mode, directory scanning for multiple files, and dev dependency handling

• Documentation

  • Added comprehensive guide for the import feature

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces a comprehensive dependency import feature for CortexCLI. It adds a new DependencyImporter module supporting Python, Node.js, Ruby, Rust, and Go ecosystems; integrates a new CLI command with dry-run and execution modes; provides extensive documentation and a full test suite covering parsing, scanning, and installation workflows.

Changes

Cohort / File(s)	Summary
CLI Import Command Integration cortex/cli.py	Adds import_deps() public method and internal helpers (_import_single_file, _import_all, _display_parse_result, _execute_install, _execute_multi_install) to handle import workflow; imports DependencyImporter, PackageEcosystem, ParseResult, InstallationStep; extends help table and argument parser with new "import" command supporting --all, --execute, --dev flags.
Cross-Ecosystem Dependency Parsing cortex/dependency_importer.py	New module implementing DependencyImporter class with ecosystem-specific parsers for requirements.txt (Python), package.json (Node), Gemfile (Ruby), Cargo.toml (Rust), go.mod (Go); introduces PackageEcosystem enum, Package and ParseResult dataclasses; provides scan_directory(), detect_ecosystem(), get_install_command() methods and format_package_list() helper.
Feature Documentation docs/DEPENDENCY_IMPORT.md	New comprehensive guide documenting cortex import command usage patterns (single/bulk imports, dev dependencies, dry-run vs execute), per-ecosystem formats with examples, error handling, programmatic API usage, and limitations.
Test Coverage tests/test_dependency_importer.py	New test suite covering ecosystem detection, parsing for all five ecosystems (including edge cases, circular includes, git/scoped packages), directory scanning, command generation, formatting, and error scenarios.

Sequence Diagram(s)

sequenceDiagram
    actor User
    participant CLI as cortex/cli.py
    participant Importer as DependencyImporter
    participant Coordinator as InstallationCoordinator
    participant Ecosystem as Package Manager
    
    User->>CLI: cortex import [--all] [--execute] [--dev]
    CLI->>Importer: parse() or scan_directory()
    Importer->>Importer: detect_ecosystem(file_path)
    Importer->>Importer: parse format-specific files
    Importer-->>CLI: ParseResult(packages, dev_packages, errors)
    
    CLI->>CLI: _display_parse_result(ParseResult)
    CLI-->>User: Show parsed packages summary
    
    alt Execute Mode
        User->>CLI: confirm install
        CLI->>Importer: get_install_command(ecosystem)
        Importer-->>CLI: install command string
        CLI->>Coordinator: execute install_command
        Coordinator->>Ecosystem: run pip/npm/bundle/etc.
        Ecosystem-->>Coordinator: installation result
        Coordinator-->>CLI: success/failure status
        CLI-->>User: progress + completion status
    else Dry-run (Default)
        CLI-->>User: (no installation executed)
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested reviewers

• mikejmorgan-ai

Poem

🐰 Hoppy imports, dependencies light,
Five ecosystems parsed just right,
Python, Node, Ruby too—
Rust and Go join the crew,
Package management takes flight! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 23.21% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: adding a dependency import command with multi-ecosystem support, which aligns with the core PR objective.
Description check	✅ Passed	The description covers all required template sections including related issue, summary of features, and a complete checklist with all items marked complete.
Linked Issues check	✅ Passed	All parsing requirements for Python [#126], Node [#126], Ruby [#126], Rust [#126], Go [#126] are implemented with tests and documentation. Installation flow and coverage criteria are met.
Out of Scope Changes check	✅ Passed	All changes directly support the dependency import feature: new CLI command, dependency importer module, tests, and documentation. No unrelated changes detected.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate failed

Failed conditions
3 Security Hotspots

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

tests/test_dependency_importer.py (1)

20-20: Consider removing sys.path manipulation.

While this pattern works, it can cause issues with some test runners. Consider using proper package installation (e.g., pip install -e .) or configuring PYTHONPATH instead.

cortex/cli.py (1)

1183-1188: Consider handling EOFError for input().

The input() call could raise EOFError if stdin is closed (e.g., in automated environments). Consider wrapping in try-except or checking if stdin is a TTY.

🔎 Proposed enhancement

-        # Execute mode - confirm before installing
-        total = total_packages + total_dev_packages
-        confirm = input(f"\nInstall all {total} packages? [Y/n]: ")
-        if confirm.lower() not in ["", "y", "yes"]:
-            cx_print("Installation cancelled", "info")
-            return 0
+        # Execute mode - confirm before installing
+        total = total_packages + total_dev_packages
+        try:
+            confirm = input(f"\nInstall all {total} packages? [Y/n]: ")
+            if confirm.lower() not in ["", "y", "yes"]:
+                cx_print("Installation cancelled", "info")
+                return 0
+        except (EOFError, KeyboardInterrupt):
+            cx_print("\nInstallation cancelled", "info")
+            return 0

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2f01549 and 0d9910a.

📒 Files selected for processing (4)

• cortex/cli.py
• cortex/dependency_importer.py
• docs/DEPENDENCY_IMPORT.md
• tests/test_dependency_importer.py

🧰 Additional context used

📓 Path-based instructions (2)

**/*.py

📄 CodeRabbit inference engine (AGENTS.md)

**/*.py: Follow PEP 8 style guide
Type hints required in Python code
Docstrings required for all public APIs

Files:

• cortex/dependency_importer.py
• tests/test_dependency_importer.py
• cortex/cli.py

tests/**/*.py

📄 CodeRabbit inference engine (AGENTS.md)

Maintain >80% test coverage for pull requests

Files:

• tests/test_dependency_importer.py

🧬 Code graph analysis (2)

tests/test_dependency_importer.py (1)

cortex/dependency_importer.py (13)

• DependencyImporter (101-889)
• Package (30-46)
• PackageEcosystem (18-26)
• ParseResult (50-73)
• format_package_list (892-911)
• prod_count (66-68)
• dev_count (71-73)
• total_count (61-63)
• detect_ecosystem (114-133)
• parse (135-183)
• scan_directory (802-824)
• get_install_command (826-844)
• get_install_commands_for_results (846-889)

cortex/cli.py (1)

cortex/dependency_importer.py (10)

• DependencyImporter (101-889)
• PackageEcosystem (18-26)
• ParseResult (50-73)
• format_package_list (892-911)
• parse (135-183)
• get_install_command (826-844)
• scan_directory (802-824)
• prod_count (66-68)
• dev_count (71-73)
• get_install_commands_for_results (846-889)

🪛 markdownlint-cli2 (0.18.1)

docs/DEPENDENCY_IMPORT.md

359-359: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Test (Python 3.10)
• GitHub Check: Test (Python 3.11)
• GitHub Check: test (3.12)
• GitHub Check: test (3.10)
• GitHub Check: test (3.11)

🔇 Additional comments (17)

tests/test_dependency_importer.py (2)

115-120: LGTM!

The helper method is well-designed with proper encoding handling and clean interface.

---

896-923: Excellent edge case coverage.

This test properly validates that circular includes don't cause infinite loops, which is an important reliability safeguard.

cortex/cli.py (5)

11-18: LGTM!

The new imports are appropriate and well-organized for the dependency import functionality.

---

1073-1098: LGTM!

The method properly handles command routing and provides clear error messages for missing arguments.

---

1100-1132: LGTM!

The single file import flow properly handles errors, empty results, and provides clear dry-run feedback.

---

1229-1268: LGTM!

The install execution properly uses InstallationCoordinator with appropriate timeout and error handling.

---

1270-1306: LGTM!

Multi-install execution is well-structured with clear progress reporting and error handling.

cortex/dependency_importer.py (10)

29-74: LGTM!

The dataclass definitions are clean with proper type hints, default factories for mutable fields, and helpful properties.

---

76-98: LGTM!

The constant mappings are comprehensive and the command templates are safe from injection since they use format strings with controlled inputs.

---

104-112: LGTM!

Path handling is secure using pathlib.Path with proper absolute path resolution and file existence checking.

Also applies to: 145-157

---

201-211: Excellent circular dependency prevention.

The visited files tracking with absolute paths properly prevents infinite loops from circular includes.

---

299-344: LGTM!

The regex patterns are safe from ReDoS and correctly parse Python requirement specifications including extras and version specifiers.

---

346-363: LGTM!

Name extraction from sources properly handles egg fragments, git URLs, and local paths with safe regex patterns.

---

365-454: LGTM!

The package.json parser properly handles JSON errors and correctly categorizes different dependency types.

---

456-566: LGTM!

The Gemfile parser correctly handles various Ruby Bundler syntax patterns with safe regex patterns.

---

568-690: LGTM with note on limitations.

The Cargo.toml parser handles common dependency patterns well. While it doesn't implement full TOML parsing, it's sufficient for typical Cargo.toml files.

---

802-889: LGTM!

The directory scanning and command generation properly handle file discovery and command formatting with appropriate per-ecosystem logic.

[jaysurse]

@Suyashd999 Tested the cortex import command locally. Parsing, dry-run/execute behavior, and CLI UX all work as expected. Looks good to me 👍