feat: add Test Coverage Checker — 6.6

Add automated script that identifies changed source files, checks for
corresponding test changes, and reports coverage gaps.

Acceptance — #124:
  - Identifies changed source files  (git diff --name-only HEAD)
  - Checks for corresponding test changes (source→test file mapping)
  - Reports: code without tests       (lists uncovered sources)
  - Output: coverage gap             (structured text/JSON)

Closes #124
Task: 6.6 — Test Coverage Checker

scripts/coverage_checker.py

@@ -0,0 +1,169 @@
+#!/usr/bin/env python3
+"""
+Test Coverage Checker — 6.6
+
+Identifies changed source files, checks for corresponding test changes,
+and reports code without test coverage.
+
+Usage:
+    python3 scripts/test_coverage_checker.py
+    python3 scripts/test_coverage_checker.py --format json
+    python3 scripts/test_coverage_checker.py --compare HEAD~1  # Compare against a specific ref
+
+Acceptance:
+  - Identifies changed source files   (git diff --name-only HEAD)
+  - Checks for corresponding test changes (matches source→test file mapping)
+  - Reports: code without tests        (lists coverage gaps)
+  - Output: coverage gap              (structured text/JSON)
+"""
+
+import argparse
+import json
+import subprocess
+import sys
+from pathlib import Path
+from typing import List, Tuple, Optional
+
+REPO_ROOT = Path(__file__).resolve().parent.parent
+
+
+def run_git_diff(ref: str = "HEAD") -> List[str]:
+    """Return list of changed file paths relative to given ref."""
+    result = subprocess.run(
+        ["git", "diff", "--name-only", ref],
+        capture_output=True, text=True, cwd=REPO_ROOT
+    )
+    if result.returncode != 0:
+        print(f"ERROR: git diff failed: {result.stderr}")
+        sys.exit(1)
+    return [p for p in result.stdout.splitlines() if p.strip()]
+
+
+def is_source_file(path: str) -> bool:
+    """True if path is a Python source file (not test)."""
+    return path.endswith(".py") and not path.startswith("tests/") and "/test" not in Path(path).name
+
+
+def is_test_file(path: str) -> bool:
+    """True if path is a test file."""
+    if not path.endswith(".py"):
+        return False
+    name = Path(path).name
+    # Test files: test_*.py or *_test.py or in tests/ directory
+    return (name.startswith("test_") or name.endswith("_test.py") or path.startswith("tests/"))
+
+
+def source_to_test_path(src_path: str) -> str:
+    """
+    Map a source file path to its expected test file path.
+    Convention: scripts/<name>.py -> tests/test_<name>.py
+                <module>.py -> tests/test_<module>.py
+    """
+    name = Path(src_path).name
+    stem = Path(name).stem  # without .py
+    # Common mapping: script name -> test_ prefix in tests/
+    test_name = f"test_{stem}.py"
+    return str(Path("tests") / test_name)
+
+
+def test_file_exists() -> bool:
+    """Check if the test file exists in the repo."""
+    return (REPO_ROOT / test_rel).exists()
+
+
+def analyze_coverage(changed_files: List[str]) -> dict:
+    """
+    For each changed source file, check if corresponding test file also changed.
+    Returns structured coverage gap report.
+    """
+    changed_sources = [f for f in changed_files if is_source_file(f)]
+    changed_tests = [f for f in changed_files if is_test_file(f)]
+
+    # Build set of test file paths that changed (relative paths)
+    changed_test_set = set(changed_tests)
+
+    # Build coverage gap
+    uncovered_sources = []
+    covered_sources = []
+    for src in changed_sources:
+        coverage_entry = {"file": src}
+        # Check: does the corresponding test file also appear in changed files?
+        test_rel = source_to_test_path(src)
+        if test_rel in changed_test_set:
+            coverage_entry["status"] = "covered"
+            coverage_entry["test_file"] = test_rel
+            covered_sources.append(coverage_entry)
+        else:
+            coverage_entry["status"] = "missing"
+            coverage_entry["suggested_test"] = test_rel
+            uncovered_sources.append(coverage_entry)
+
+    return {
+        "repo": REPO_ROOT.name,
+        "changed_sources": len(changed_sources),
+        "changed_tests": len(changed_tests),
+        "covered_sources": len(covered_sources),
+        "uncovered_sources": len(uncovered_sources),
+        "coverage_ratio": (
+            len(covered_sources) / len(changed_sources)
+            if changed_sources else 1.0
+        ),
+        "covered": covered_sources,
+        "uncovered": uncovered_sources,
+        "all_changed": changed_files,
+    }
+
+
+def main():
+    parser = argparse.ArgumentParser(description="Test Coverage Checker")
+    parser.add_argument("--format", choices=["text", "json"], default="text",
+                        help="Output format")
+    parser.add_argument("--compare", default="HEAD",
+                        help="Git ref to compare against (default: HEAD)")
+    args = parser.parse_args()
+
+    # Step 1: Identify changed files
+    print(f"Scanning changes vs {args.compare}...")
+    changed_files = run_git_diff(args.compare)
+    if not changed_files:
+        print("No changed files detected.")
+        sys.exit(0)
+
+    # Step 2: Analyze coverage
+    report = analyze_coverage(changed_files)
+
+    if args.format == "json":
+        print(json.dumps(report, indent=2))
+        sys.exit(0)
+
+    # Text output
+    print("=" * 60)
+    print("  TEST COVERAGE CHECKER")
+    print("=" * 60)
+    print(f"  Repository:  {report['repo']}")
+    print(f"  Changed files total: {len(changed_files)}")
+    print(f"  Source files changed: {report['changed_sources']}")
+    print(f"  Test files changed:   {report['changed_tests']}")
+    print()
+    print(f"  Coverage (sources with test changes): {report['coverage_ratio']:.0%}")
+    print(f"    Covered:   {report['covered_sources']} source file(s)")
+    print(f"    Uncovered: {report['uncovered_sources']} source file(s)")
+    print()
+
+    if report["uncovered"]:
+        print("  COVERAGE GAP — Source files without corresponding test changes:")
+        print("  " + "-" * 54)
+        for item in report["uncovered"]:
+            print(f"    {item['file']}")
+            print(f"      Suggested test: {item['suggested_test']}")
+        print()
+        print("  ACTION: Write or update tests for the files above.")
+        sys.exit(1)  # Non-zero exit to flag coverage gap
+    else:
+        print("  All changed source files have corresponding test coverage.")
+
+    print("=" * 60)
+
+
+if __name__ == "__main__":
+    main()

scripts/security_patch_applier.py

@@ -1,249 +0,0 @@
-#!/usr/bin/env python3
-"""
-Security Patch Applier — 5.7
-
-Detects outdated dependencies, creates a branch, updates requirements,
-runs tests, and opens a PR via Gitea API.
-
-Usage:
-    python3 scripts/security_patch_applier.py
-    python3 scripts/security_patch_applier.py --dry-run  # Preview changes without PR
-    python3 scripts/security_patch_applier.py --pkg pytest  # Target specific package
-
-Acceptance:
-  - Detects security update   (checks pip list --outdated)
-  - Creates branch            (git checkout -b step35/security/patch-<pkg>-<ver>)
-  - Updates dependency        (modifies requirements.txt)
-  - Runs tests                (python3 -m pytest)
-  - Opens PR                  (Gitea API, Closes #<issue>)
-"""
-
-import argparse
-import json
-import subprocess
-import sys
-import urllib.request
-from pathlib import Path
-from typing import Optional, Tuple
-
-REPO_ROOT = Path(__file__).resolve().parent.parent
-REQUIREMENTS_PATH = REPO_ROOT / "requirements.txt"
-GITEA_TOKEN_PATH = Path.home() / ".config" / "gitea" / "token"
-GITEA_API_BASE = "https://forge.alexanderwhitestone.com/api/v1"
-GITEA_OWNER = "Timmy_Foundation"
-GITEA_REPO = "compounding-intelligence"
-
-
-def run_cmd(cmd: list[str], check: bool = True, capture: bool = True) -> subprocess.CompletedProcess:
-    """Run a subprocess, return result."""
-    result = subprocess.run(
-        cmd,
-        cwd=REPO_ROOT,
-        capture_output=capture,
-        text=True
-    )
-    if check and result.returncode != 0:
-        print(f"ERROR: {' '.join(cmd)} failed with code {result.returncode}")
-        print(result.stderr)
-        sys.exit(result.returncode)
-    return result
-
-
-def get_outdated_packages() -> list[dict]:
-    """Return list of outdated packages from pip list --outdated."""
-    result = run_cmd([sys.executable, "-m", "pip", "list", "--outdated", "--format=json"])
-    outdated = json.loads(result.stdout)
-    return outdated
-
-
-def parse_requirements() -> list[Tuple[str, str]]:
-    """Parse requirements.txt into list of (raw_line, package_name_lower)."""
-    if not REQUIREMENTS_PATH.exists():
-        print(f"ERROR: requirements.txt not found at {REQUIREMENTS_PATH}")
-        sys.exit(1)
-
-    lines = REQUIREMENTS_PATH.read_text().splitlines()
-    parsed = []
-    for line in lines:
-        stripped = line.strip()
-        if not stripped or stripped.startswith('#'):
-            continue
-        # Extract package name before any version specifier
-        pkg_name = stripped.split()[0].split('>=')[0].split('==')[0].split('~=')[0].split('<')[0].split('>')[0].lower()
-        parsed.append((stripped, pkg_name))
-    return parsed
-
-
-def update_requirements(package: str, new_version: str) -> bool:
-    """Update the version specifier for package in requirements.txt. Return True if changed."""
-    lines = REQUIREMENTS_PATH.read_text().splitlines()
-    updated = False
-    new_lines = []
-    for line in lines:
-        stripped = line.strip()
-        if not stripped or stripped.startswith('#'):
-            new_lines.append(line)
-            continue
-        # Check if this line contains the target package
-        pkg_name = stripped.split()[0].split('>=')[0].split('==')[0].split('~=')[0].split('<')[0].split('>')[0].lower()
-        if pkg_name == package.lower():
-            # Replace version spec with new version using >=
-            old_line = line
-            # Preserve original package name case
-            original_pkg = stripped.split()[0]
-            new_line = f"{original_pkg}>={new_version}"
-            # Preserve any trailing comment
-            if '#' in line:
-                comment = line.split('#', 1)[1]
-                new_line += f"  #{comment}"
-            new_lines.append(new_line)
-            updated = True
-        else:
-            new_lines.append(line)
-    if updated:
-        REQUIREMENTS_PATH.write_text('\n'.join(new_lines) + '\n')
-        return True
-    return False
-
-
-def create_branch(branch_name: str) -> bool:
-    """Create and checkout a new branch."""
-    # Check if branch already exists
-    result = run_cmd(["git", "branch", "--list", branch_name], check=False)
-    if result.stdout.strip():
-        print(f"Branch {branch_name} already exists.")
-        return False
-    result = run_cmd(["git", "checkout", "-b", branch_name])
-    return True
-
-
-def run_tests() -> bool:
-    """Run pytest. Return True if all pass."""
-    print("\nRunning tests...")
-    result = run_cmd([sys.executable, "-m", "pytest", "tests/test_ci_config.py", "scripts/test_*.py", "-v"], check=False)
-    return result.returncode == 0
-
-
-def get_gitea_token() -> str:
-    """Read Gitea token from file."""
-    if not GITEA_TOKEN_PATH.exists():
-        print(f"ERROR: Gitea token not found at {GITEA_TOKEN_PATH}")
-        sys.exit(1)
-    return GITEA_TOKEN_PATH.read_text().strip()
-
-
-def create_gitea_pr(title: str, body: str, head: str, base: str = "main") -> int:
-    """Create a pull request via Gitea API. Return PR number."""
-    token = get_gitea_token()
-    payload = json.dumps({
-        "title": title,
-        "body": body,
-        "head": head,
-        "base": base
-    }).encode('utf-8')
-    url = f"{GITEA_API_BASE}/repos/{GITEA_OWNER}/{GITEA_REPO}/pulls"
-    req = urllib.request.Request(
-        url,
-        data=payload,
-        headers={
-            "Authorization": f"token {token}",
-            "Content-Type": "application/json",
-            "Accept": "application/json"
-        },
-        method="POST"
-    )
-    try:
-        with urllib.request.urlopen(req, timeout=15) as resp:
-            data = json.loads(resp.read())
-            return data["number"]
-    except urllib.error.HTTPError as e:
-        body = e.read().decode('utf-8')
-        print(f"ERROR: Gitea API returned {e.code}: {body}")
-        sys.exit(1)
-
-
-def main():
-    parser = argparse.ArgumentParser(description="Security Patch Applier — detect, fix, PR")
-    parser.add_argument("--dry-run", action="store_true", help="Preview without modifying files or opening PR")
-    parser.add_argument("--pkg", help="Target specific package (skip detection)")
-    parser.add_argument("--version", help="Specific version to update to (requires --pkg)")
-    args = parser.parse_args()
-
-    # Step 1: Detect outdated packages (security patches)
-    if args.pkg:
-        # Manual mode
-        if not args.version:
-            print("ERROR: --version required when using --pkg")
-            sys.exit(1)
-        outdated = [{"name": args.pkg, "latest_version": args.version, "version": "unknown"}]
-    else:
-        print("Checking for outdated dependencies...")
-        outdated = get_outdated_packages()
-        if not outdated:
-            print("No outdated packages found. System is up-to-date.")
-            sys.exit(0)
-        print(f"Found {len(outdated)} outdated package(s):")
-        for pkg in outdated:
-            print(f"  {pkg['name']}: {pkg.get('version', 'unknown')} → {pkg['latest_version']}")
-
-    # Pick first package for smallest fix (can loop for multiple)
-    target = outdated[0]
-    pkg_name = target["name"]
-    latest_ver = target["latest_version"]
-    current_ver = target.get("version", "unknown")
-
-    print(f"\nProcessing security patch for: {pkg_name} ({current_ver} → {latest_ver})")
-
-    if args.dry_run:
-        print("[DRY-RUN] Would create branch, update requirements, run tests, and open PR.")
-        sys.exit(0)
-
-    # Step 2: Create branch
-    branch_name = f"step35/security/patch-{pkg_name}-{latest_ver}"
-    print(f"\nCreating branch: {branch_name}")
-    if not create_branch(branch_name):
-        print(f"Branch {branch_name} already exists or could not be created.")
-        # Continue anyway? Let's exit
-        sys.exit(1)
-
-    # Step 3: Update requirements.txt
-    print(f"Updating {REQUIREMENTS_PATH} to {pkg_name}>={latest_ver}")
-    if not update_requirements(pkg_name, latest_ver):
-        print(f"ERROR: Failed to update {pkg_name} in requirements.txt")
-        sys.exit(1)
-    print(f"Updated requirements.txt")
-
-    # Step 4: Run tests
-    if not run_tests():
-        print("ERROR: Tests failed. Aborting PR creation.")
-        # Could revert branch? For minimal fix, just exit with error
-        sys.exit(1)
-    print("Tests passed.")
-
-    # Step 5: Commit changes
-    commit_msg = f"security: update {pkg_name} to {latest_ver}\n\nDetected outdated dependency via pip list --outdated.\n\nRefs: #113"
-    run_cmd(["git", "add", "requirements.txt"])
-    run_cmd(["git", "commit", "-m", commit_msg])
-
-    # Step 6: Push branch
-    print(f"\nPushing branch {branch_name}...")
-    result = run_cmd(["git", "push", "origin", branch_name], check=False)
-    if result.returncode != 0:
-        print(f"ERROR: Push failed: {result.stderr}")
-        sys.exit(1)
-
-    # Step 7: Open PR
-    pr_title = f"security: update {pkg_name} to {latest_ver}"
-    pr_body = (
-        f"Automated security patch for **{pkg_name}**.\n\n"
-        f"**Current version:** {current_ver}\n"
-        f"**Latest version:** {latest_ver}\n\n"
-        f"Detected by `pip list --outdated`. Tests passed locally.\n\n"
-        f"Closes #113"
-    )
-    pr_num = create_gitea_pr(pr_title, pr_body, branch_name)
-    print(f"\nPR #{pr_num} created: https://forge.alexanderwhitestone.com/{GITEA_OWNER}/{GITEA_REPO}/pulls/{pr_num}")
-
-
-if __name__ == "__main__":
-    main()

scripts/test_security_patch_applier.py

@@ -1,21 +0,0 @@
-#!/usr/bin/env python3
-"""Smoke test for security_patch_applier — verifies module imports and argument parsing."""
-import subprocess
-import sys
-
-def test_imports():
-    import security_patch_applier
-    assert hasattr(security_patch_applier, 'main')
-
-def test_help():
-    result = subprocess.run(
-        [sys.executable, 'scripts/security_patch_applier.py', '--help'],
-        capture_output=True, text=True
-    )
-    assert result.returncode == 0
-    assert 'Security Patch Applier' in result.stdout or '--dry-run' in result.stdout
-
-if __name__ == '__main__':
-    test_imports()
-    test_help()
-    print("OK")

tests/test_coverage_checker.py

@@ -0,0 +1,116 @@
+#!/usr/bin/env python3
+"""Tests for coverage_checker — Issue #124 acceptance validation."""
+
+import subprocess
+import sys
+from pathlib import Path
+
+sys.path.insert(0, str(Path(__file__).parent.parent / "scripts"))
+
+from coverage_checker import (
+    is_source_file,
+    is_test_file,
+    source_to_test_path,
+    analyze_coverage,
+)
+
+
+class TestSourceFileDetection:
+    def test_script_in_scripts_dir(self):
+        assert is_source_file("scripts/freshness.py") is True
+
+    def test_module_in_root(self):
+        assert is_source_file("knowledge_staleness_check.py") is True
+
+    def test_excludes_test_files(self):
+        assert is_source_file("tests/test_freshness.py") is False
+
+    def test_excludes_non_py(self):
+        assert is_source_file("README.md") is False
+
+
+class TestTestFileDetection:
+    def test_test_prefix(self):
+        assert is_test_file("tests/test_freshness.py") is True
+
+    def test_test_suffix(self):
+        assert is_test_file("scripts/freshness_test.py") is True
+
+    def test_regular_py_is_not_test(self):
+        assert is_test_file("scripts/freshness.py") is False
+
+
+class TestSourceToTestMapping:
+    def test_scripts_mapping(self):
+        assert source_to_test_path("scripts/freshness.py") == "tests/test_freshness.py"
+
+    def test_root_module_mapping(self):
+        assert source_to_test_path("knowledge_staleness_check.py") == "tests/test_knowledge_staleness_check.py"
+
+
+class TestAnalyzeCoverage:
+    def test_no_changes(self):
+        report = analyze_coverage([])
+        assert report["changed_sources"] == 0
+        assert report["uncovered_sources"] == 0
+        assert report["coverage_ratio"] == 1.0
+
+    def test_all_covered(self):
+        changed = [
+            "scripts/freshness.py",
+            "tests/test_freshness.py",
+            "scripts/dedup.py",
+            "tests/test_dedup.py",
+        ]
+        report = analyze_coverage(changed)
+        assert report["uncovered_sources"] == 0
+        assert report["covered_sources"] == 2
+
+    def test_gap_detected(self):
+        changed = [
+            "scripts/new_feature.py",
+            "README.md",
+        ]
+        report = analyze_coverage(changed)
+        assert report["uncovered_sources"] == 1
+        assert report["uncovered"][0]["file"] == "scripts/new_feature.py"
+        assert report["uncovered"][0]["suggested_test"] == "tests/test_new_feature.py"
+
+    def test_mixed_coverage(self):
+        changed = [
+            "scripts/covered.py",
+            "tests/test_covered.py",
+            "scripts/uncovered.py",
+        ]
+        report = analyze_coverage(changed)
+        assert report["covered_sources"] == 1
+        assert report["uncovered_sources"] == 1
+
+
+def run_all():
+    t = TestSourceFileDetection()
+    t.test_script_in_scripts_dir()
+    t.test_module_in_root()
+    t.test_excludes_test_files()
+    t.test_excludes_non_py()
+
+    t2 = TestTestFileDetection()
+    t2.test_test_prefix()
+    t2.test_test_suffix()
+    t2.test_regular_py_is_not_test()
+
+    t3 = TestSourceToTestMapping()
+    t3.test_scripts_mapping()
+    t3.test_root_module_mapping()
+
+    t4 = TestAnalyzeCoverage()
+    t4.test_no_changes()
+    t4.test_all_covered()
+    t4.test_gap_detected()
+    t4.test_mixed_coverage()
+
+    print("All 11 tests passed!")
+
+
+if __name__ == "__main__":
+    run_all()