- Fix TypeError when linters return null instead of missing fields
- Use 'or' operator to safely convert null to 0
- Affects only JSON-based parsers (ESLint, Bandit)
- Line 0 indicates file-level or configuration issues
Fixes GitHub issue: "TypeError: '<' not supported between instances of 'str' and 'NoneType'"
- Replace hardcoded 300s (5 min) timeout that was killing taint-analyze and detect-patterns
- Add COMMAND_TIMEOUTS dictionary with appropriate timeouts per command type:
* taint-analyze, detect-patterns: 2 hours (can take 10-60 min on large codebases)
* lint: 15 minutes (ESLint/ruff on monorepos)
* fce: 30 minutes (correlation analysis)
* graph operations: 10 minutes
* Quick operations (deps, docs, workset): 5 minutes
- Add get_command_timeout() function to determine timeout based on command name
- Support environment variable overrides:
* Global: THEAUDITOR_TIMEOUT_SECONDS (default 30 min)
* Per-command: THEAUDITOR_TIMEOUT_TAINT_ANALYZE_SECONDS, etc.
- Update all 3 run_subprocess_with_interrupt calls to use adaptive timeouts
- Add automatic detection of package.json in common monorepo patterns (backend/, frontend/, packages/*/, apps/*/,
services/*/)
- Fix pipeline deps.json path mismatch - deps writes to .pf/raw/deps.json but docs fetch was looking in
.pf/deps.json
- Add _parse_standalone_package_json() to handle subdirectory packages without workspace detection
- Properly track workspace_package field with relative paths for all discovered package.json files
Fixes PlantPro and similar monorepos where deps were not being detected (only finding 1 Docker dep instead of 100+
npm deps)
Increased timeouts from 120s to 300s (5 minutes) for pip installations
in venv_install.py to handle:
- Tree-sitter C extension compilation on Linux
- Slower internet connections downloading packages
- Lower-spec machines taking longer to compile
- Multiple large packages in [linters,ast] groups
Affected operations:
- deps --upgrade-all: Now 5 minutes (was 2 minutes)
- pip install [linters,ast]: Now 5 minutes (was 2 minutes)
Fixes timeout errors on Linux systems where tree-sitter compilation
exceeds the previous 2-minute limit.
User reports are starting to come in which is amazing and invaluable feedback for me to fix errors outside "it works on my machine"
Include tree-sitter and AST tools in default setup
Modified venv_install.py to install both [linters] and [ast] groups
Tree-sitter is critical for accurate pattern detection but was missing
Users on Linux/Mac were getting regex-only fallback detection
Now all users get full AST-based vulnerability scanning
Fix: Create .pf directory before writing files in indexer
Commit Description:
Fixed critical bug where `aud init` would fail on clean projects with:
"Failed to write manifest: [Errno 2] No such file or directory"
Cause:
- The indexer tried to write to .pf/manifest.json without creating parent directory
- `aud init` calls indexer directly, which had no directory creation logic
- `aud full` worked because pipelines.py creates .pf/ before calling indexer
Effect:
- Users running `aud init` on fresh projects would get immediate failure
- Only affected first-time users following README instructions
- Did not affect `aud full` users or existing projects with .pf/ directory
Solution:
- Added Path().parent.mkdir(parents=True, exist_ok=True) before writing manifest
- Added same logic before creating database file
- Ensures .pf directory structure is created regardless of entry point
This fix ensures both `aud init` and `aud full` work on clean projects.
