# Context Analysis and Risk Analysis Features ## Overview WizardMerge now includes intelligent context analysis and risk assessment features for merge conflicts, as outlined in ROADMAP.md Phase 3 (AI-Assisted Merging). ## Features ### Context Analysis Context analysis examines the code surrounding merge conflicts to provide better understanding of the changes. **Extracted Information:** - **Function/Method Name**: Identifies which function contains the conflict - **Class/Struct Name**: Identifies which class contains the conflict - **Import/Include Statements**: Lists dependencies at the top of the file - **Surrounding Lines**: Provides configurable context window (default: 5 lines) **Supported Languages:** - C/C++ - Python - JavaScript/TypeScript (enhanced with TypeScript-specific patterns) - Java **TypeScript-Specific Features:** - Detects interfaces, types, and enums - Recognizes arrow functions and async functions - Identifies export statements - Extracts type imports and re-exports ### Risk Analysis Risk analysis assesses different resolution strategies and provides recommendations. **Risk Levels:** - **LOW**: Safe to merge, minimal risk - **MEDIUM**: Some risk, review recommended - **HIGH**: High risk, careful review required - **CRITICAL**: Critical risk, requires expert review **Resolution Strategies Analyzed:** 1. **Accept OURS**: Use our version 2. **Accept THEIRS**: Use their version 3. **Accept BOTH**: Concatenate both versions **Risk Factors Detected:** - Large number of changes (>10 lines) - Critical code patterns (delete, eval, system calls, security operations) - API signature changes - TypeScript interface/type definition changes - TypeScript type safety bypasses (as any, @ts-ignore, @ts-nocheck) - XSS vulnerabilities (dangerouslySetInnerHTML, innerHTML) - Insecure storage of sensitive data - Discarding significant changes from other branch **Package Lock File Handling:** - Detects package-lock.json, yarn.lock, pnpm-lock.yaml, and bun.lockb files - Can be used to apply special merge strategies for dependency files **Provided Information:** - Risk level (low/medium/high/critical) - Confidence score (0.0 to 1.0) - List of risk factors - Actionable recommendations ## API Usage ### HTTP API When calling the `/api/merge` endpoint, conflict responses now include `context` and risk assessment fields: ```json { "merged": [...], "has_conflicts": true, "conflicts": [ { "start_line": 5, "end_line": 5, "base_lines": ["..."], "our_lines": ["..."], "their_lines": ["..."], "context": { "function_name": "myFunction", "class_name": "MyClass", "imports": ["#include ", "import sys"] }, "risk_ours": { "level": "low", "confidence_score": 0.65, "risk_factors": [], "recommendations": ["Changes appear safe to accept"] }, "risk_theirs": { "level": "low", "confidence_score": 0.60, "risk_factors": [], "recommendations": ["Changes appear safe to accept"] }, "risk_both": { "level": "medium", "confidence_score": 0.30, "risk_factors": [ "Concatenating both versions may cause duplicates or conflicts" ], "recommendations": [ "Manual review required - automatic concatenation is risky", "Consider merging logic manually instead of concatenating", "Test thoroughly for duplicate or conflicting code" ] } } ] } ``` ### C++ API ```cpp #include "wizardmerge/merge/three_way_merge.h" #include "wizardmerge/analysis/context_analyzer.h" #include "wizardmerge/analysis/risk_analyzer.h" using namespace wizardmerge::merge; using namespace wizardmerge::analysis; // Perform merge auto result = three_way_merge(base, ours, theirs); // Access analysis for each conflict for (const auto& conflict : result.conflicts) { // Context information std::cout << "Function: " << conflict.context.function_name << std::endl; std::cout << "Class: " << conflict.context.class_name << std::endl; // Risk assessment for "ours" std::cout << "Risk (ours): " << risk_level_to_string(conflict.risk_ours.level) << std::endl; std::cout << "Confidence: " << conflict.risk_ours.confidence_score << std::endl; // Recommendations for (const auto& rec : conflict.risk_ours.recommendations) { std::cout << " - " << rec << std::endl; } } ``` ## Implementation Details ### Context Analyzer **Header:** `backend/include/wizardmerge/analysis/context_analyzer.h` **Implementation:** `backend/src/analysis/context_analyzer.cpp` Key functions: - `analyze_context()`: Main analysis function - `extract_function_name()`: Extract function/method name - `extract_class_name()`: Extract class/struct name - `extract_imports()`: Extract import statements ### Risk Analyzer **Header:** `backend/include/wizardmerge/analysis/risk_analyzer.h` **Implementation:** `backend/src/analysis/risk_analyzer.cpp` Key functions: - `analyze_risk_ours()`: Assess risk of accepting ours - `analyze_risk_theirs()`: Assess risk of accepting theirs - `analyze_risk_both()`: Assess risk of concatenation - `contains_critical_patterns()`: Detect security-critical code - `has_api_signature_changes()`: Detect API changes - `has_typescript_interface_changes()`: Detect TypeScript type definition changes - `is_package_lock_file()`: Identify package lock files ### TypeScript Support The analyzers now include comprehensive TypeScript support: **Context Analyzer:** - Recognizes TypeScript function patterns (async, export, arrow functions) - Detects TypeScript type structures (interface, type, enum) - Extracts TypeScript imports (import type, export) **Risk Analyzer:** - Detects TypeScript-specific risks: - Type safety bypasses: `as any`, `@ts-ignore`, `@ts-nocheck` - React security issues: `dangerouslySetInnerHTML` - XSS vulnerabilities: `innerHTML` - Insecure storage: storing passwords in `localStorage` - Identifies interface/type definition changes - Recognizes package lock file conflicts **Example: TypeScript Interface Change Detection** ```cpp std::vector base = { "interface User {", " name: string;", "}" }; std::vector modified = { "interface User {", " name: string;", " email: string;", "}" }; if (has_typescript_interface_changes(base, modified)) { std::cout << "TypeScript interface changed!" << std::endl; } ``` **Example: Package Lock File Detection** ```cpp std::string filename = "package-lock.json"; if (is_package_lock_file(filename)) { std::cout << "Applying special merge strategy for lock file" << std::endl; } ``` ## Testing Comprehensive test coverage with 46 unit tests: - 13 tests for context analyzer (including 6 TypeScript tests) - 16 tests for risk analyzer (including 7 TypeScript tests) - 8 tests for three-way merge - 9 tests for Git CLI Run tests: ```bash cd backend/build ./wizardmerge-tests ``` TypeScript-specific tests verify: - Arrow function detection - Interface, type, and enum extraction - TypeScript import patterns - Type definition change detection - Critical pattern detection (as any, @ts-ignore, etc.) - Package lock file identification ## Security All code has been scanned with CodeQL: - **0 vulnerabilities found** - Safe for production use ## Configuration Risk analysis weights are configurable via constants in `risk_analyzer.cpp`: - `BASE_CONFIDENCE`: Base confidence level (default: 0.5) - `SIMILARITY_WEIGHT`: Weight for code similarity (default: 0.3) - `CHANGE_RATIO_WEIGHT`: Weight for change ratio (default: 0.2) Context analysis configuration: - `IMPORT_SCAN_LIMIT`: Lines to scan for imports (default: 50) ## Future Enhancements Potential improvements outlined in ROADMAP.md: - ML-based confidence scoring - Language-specific pattern detection - Integration with LSP for deeper semantic analysis - Historical conflict resolution learning - Custom risk factor rules ## References - ROADMAP.md: Phase 3, Section 3.1 (AI-Assisted Merging) - Research Paper: docs/PAPER.md (dependency analysis methodology)