Multi-language code and config file analyzer and fixer
Project description
Pactfix
Multi-language code and config file analyzer and fixer with Docker sandbox support.
Installation
pip install -e .
Test Projects
The test-projects/ directory contains minimal projects for testing pactfix:
python-project/- Python code with common issues (print statements, bare except, etc.)go-project/- Go code usinginterface{}that should be changed toanynodejs-project/- Node.js with var usage and eval()bash-project/- Bash script with shellcheck issuesdockerfile-project/- Dockerfile with ADD instead of COPY, etc.
Each project has _fixtures/faulty/ with baseline code for deterministic testing.
Commands
1. Fix Files In Place (with comments)
pactfix --path ./my-project --comment
pactfix --path ./my-project --comment -v # verbose
What it does:
- Scans all files in the project
- Fixes issues directly in original files
- Adds comment above each changed line explaining the fix
- Does NOT create
.pactfix/directory - Excludes
_fixtures/directories from scanning
Example output in file:
# pactfix: Dodano nawiasy do print() (was: print "hello")
print("hello")
2. Sandbox Mode (Docker)
pactfix --path ./my-project --sandbox
pactfix --path ./pactfix-py/test-projects/nodejs-project --sandbox --test # also run tests
What it does:
- Scans all files in the project
- Creates
.pactfix/directory with:fixed/- copy of fixed filesDockerfile- auto-generated for detected languagedocker-compose.yml- ready to runreport.json- analysis reportsandbox_status.json- sandbox execution status
- Builds and runs Docker container
- Original files are NOT modified
- Excludes
_fixtures/from copying to sandbox - With
--test: runs tests inside container and reports results
Directory structure:
my-project/
├── .pactfix/
│ ├── Dockerfile
│ ├── docker-compose.yml
│ ├── fixed/
│ │ └── (fixed files)
│ ├── report.json
│ ├── sandbox_status.json
│ └── sandbox_output.txt
└── (original files unchanged)
3. Single File Analysis
pactfix input.py # analyze only
pactfix input.py -o output.py # save fixed file
pactfix input.py --comment -o output.py # with comments
pactfix input.py --json # JSON output
4. Batch Processing
pactfix --batch ./src # analyze directory
pactfix --fix-all # fix all examples/
5. Sandbox Setup Only
pactfix --sandbox-only ./my-project
Creates .pactfix/ with Dockerfile but doesn't analyze/fix files.
6. Generate Dockerfiles
pactfix --init-dockerfiles ./dockerfiles/
Creates Dockerfiles for all supported languages.
Command Reference
| Command | Mode | Modifies Original Files | Creates .pactfix/ |
|---|---|---|---|
--path ./dir --comment |
In-place fix | ✅ Yes | ❌ No |
--path ./dir --sandbox |
Sandbox | ❌ No | ✅ Yes |
--sandbox-only ./dir |
Setup only | ❌ No | ✅ Yes |
input.py -o output.py |
Single file | ❌ No | ❌ No |
Supported Languages
Code
- Bash, Python, PHP, JavaScript, Node.js
- TypeScript, Go, Rust, Java, C#, Ruby
Config Files
- Dockerfile, docker-compose.yml
- SQL, Terraform, Kubernetes YAML
- nginx, GitHub Actions, Ansible
- Apache, Systemd, Makefile
- Helm charts, GitLab CI, Jenkinsfile
Auto-Fix Features
Docker Compose
The Docker Compose analyzer provides automatic fixes for:
- Image tags: Replaces
:latestor missing tags with specific versions
# Before
image: nginx:latest
image: redis
# After
image: nginx:1.25
image: redis:7.2
- Security: Removes
privileged: trueconfigurations - Networking: Adds default networks block for multi-service setups
- Secrets detection: Flags hardcoded passwords and API keys
Example:
pactfix docker-compose.yml -l docker-compose -v --comment
Kubernetes
The Kubernetes analyzer automatically fixes:
- Image tags: Updates to specific versions
- Resource limits: Adds skeleton resource limits for containers
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi
- Health checks: Adds liveness and readiness probe skeletons
- Security context: Adds pod-level and container security contexts
- Privileged containers: Removes or comments out privileged settings
Example:
pactfix deployment.yml -l kubernetes -v --comment
Terraform
The Terraform analyzer provides comprehensive auto-fixes:
- Secrets interpolation: Converts hardcoded credentials to variables
# Before
access_key = "AKIAIOSFODNN7EXAMPLE"
# After
access_key = var.access_key_var
variable "access_key_var" {
description = "access_key for general"
type = string
sensitive = true
}
- Security settings: Enables encryption by default
- Network security: Replaces 0.0.0.0/0 with corporate CIDR ranges
- S3 permissions: Changes public ACLs to private
- Resource tagging: Adds tags blocks to AWS resources
- Version constraints: Adds required_version and provider versions
Example:
pactfix main.tf -l terraform -v --comment
Sandbox Docker Images
| Language | Base Image |
|---|---|
| Python | python:3.11-slim |
| Node.js | node:20-slim |
| TypeScript | node:20-slim |
| Go | golang:1.21-alpine |
| Rust | rust:1.75-slim |
| Java | eclipse-temurin:21-jdk |
| PHP | php:8.3-cli |
| Ruby | ruby:3.3-slim |
| C# | dotnet/sdk:8.0 |
| Bash | ubuntu:22.04 |
| Terraform | hashicorp/terraform:1.6 |
| Ansible | python:3.11-slim |
Examples
# Fix Python project in place with comments
pactfix --path ./my-python-app --comment -v
# Test fixes in Docker sandbox
pactfix --path ./my-node-app --sandbox --test
# Analyze without modifying
pactfix --batch ./src -v
# Auto-fix Docker Compose with versioned images and security improvements
pactfix docker-compose.yml -l docker-compose --comment -o fixed-compose.yml
# Fix Kubernetes deployment with resource limits and probes
pactfix deployment.yaml -l kubernetes --comment -v
# Secure Terraform configuration - interpolate secrets and enable encryption
pactfix main.tf -l terraform --comment -o secure.tf
```bash
# Process all Terraform files in a directory
pactfix --batch ./infrastructure --comment
# JSON output for CI/CD integration
pactfix k8s/ -l kubernetes --json > security-report.json
Real-world Auto-fix Examples
Docker Compose Security Hardening
$ pactfix docker-compose.yml -l docker-compose -v
✅ docker-compose.yml: 5 errors, 8 warnings, 9 fixes [docker-compose]
❌ Line 24: [COMPOSE002] privileged: true jest niebezpieczne
⚠️ Line 7: [COMPOSE001] Użyj konkretnego tagu wersji
📋 Line 7: Zmieniono image na wersjonowany tag
Before: image: nginx:latest
After: image: nginx:1.25
Kubernetes Best Practices
$ pactfix deployment.yaml -l kubernetes --comment
✅ deployment.yaml: 3 errors, 15 warnings, 12 fixes [kubernetes]
📋 Line 25: Dodano resource limits
📋 Line 26: Dodano liveness probe
📋 Line 56: Dodano pod securityContext
Terraform Security
$ pactfix main.tf -l terraform -v
✅ main.tf: 4 errors, 3 warnings, 9 fixes [terraform]
❌ Line 10: [TF001] Hardcoded access_key
📋 Line 10: Zamieniono access_key na zmienną
📋 Line 76: Dodano zmienną access_key_var
Testing
Running Tests
# Run all tests
make test
# Run sandbox tests (without running tests in containers)
make test-sandbox
# Run sandbox tests with tests in containers
make test-sandbox-tests
Test Script
The scripts/test-sandboxes.sh script:
- Copies
_fixtures/faulty/to temporary directory for each test - Runs pactfix in sandbox mode
- Validates that files were fixed
- Optionally runs tests with
--testflag - Reports results for each project
Fixture Reset
Each test project has _fixtures/faulty/ with baseline code. The test script:
- Copies faulty fixtures to temp directory
- Runs pactfix on the copy
- Validates fixes
- Cleans up
This ensures deterministic, repeatable tests.
API Server
python -m pactfix.server
PORT=8000 python -m pactfix.server
Endpoints
GET /api/health- Health checkPOST /api/analyze- Analyze codePOST /api/detect- Detect languageGET /api/languages- List supported languages
Documentation
- EXAMPLES.md - Detailed examples and use cases
- QUICK_REFERENCE.md - Quick command reference
- CHANGELOG.md - Version history and changes
Contributing
Contributions are welcome! Please see the contributing guidelines for:
- Adding new analyzers
- Improving auto-fix rules
- Extending language support
- Reporting issues
License
MIT License - see LICENSE file for details.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pactfix-1.0.3.tar.gz
(66.4 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
pactfix-1.0.3-py3-none-any.whl
(79.9 kB
view details)
File details
Details for the file pactfix-1.0.3.tar.gz.
File metadata
- Download URL: pactfix-1.0.3.tar.gz
- Upload date:
- Size: 66.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6e132bddd3c3b0b30ca3a33c3cc8091784a64a3d48cd63eca4ec43b317542d66
|
|
| MD5 |
0d77df6277dbbc135fe2ba85970a612f
|
|
| BLAKE2b-256 |
e1232721fcaa7287d9d9536b9c853d3ebb1c789ae7adae95e2cb6a20085b59ef
|
File details
Details for the file pactfix-1.0.3-py3-none-any.whl.
File metadata
- Download URL: pactfix-1.0.3-py3-none-any.whl
- Upload date:
- Size: 79.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a439c96d9e613c36e2b8c2487daec0dd790977d9ef23e7b4e36b6c5eab68a6cf
|
|
| MD5 |
449072587287cb89fef2163ce480949f
|
|
| BLAKE2b-256 |
6366dbf679469fb3d2d1e1e1f711a6d182e424e2f0a10c14d930ba66af941efe
|
