Security Demo: Authentication Module (Test)

.devcontainer/devcontainer.json

@@ -0,0 +1,27 @@
+{
+    "name": "PatchPro CI Demo Environment",
+    "image": "mcr.microsoft.com/devcontainers/python:3.11",
+    "features": {
+        "ghcr.io/devcontainers/features/github-cli:1": {},
+        "ghcr.io/devcontainers/features/git:1": {},
+        "ghcr.io/devcontainers/features/common-utils:2": {
+            "installZsh": true,
+            "configureZshAsDefaultShell": true,
+            "installOhMyZsh": true
+        }
+    },
+    "customizations": {
+        "vscode": {
+            "extensions": [
+                "ms-python.python",
+                "ms-python.pylint",
+                "ms-python.flake8",
+                "GitHub.copilot",
+                "GitHub.copilot-chat"
+            ]
+        }
+    },
+    "postCreateCommand": "bash .devcontainer/setup.sh",
+    "remoteUser": "vscode",
+    "workspaceFolder": "/workspaces/patchpro-demo-repo-waigi-ci-test-demo"
+}

.devcontainer/setup.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# PatchPro CI Demo Environment Setup
+echo "🚀 Setting up PatchPro CI Demo environment..."
+
+# Install PatchPro (from source since not on PyPI)
+echo "📦 Installing PatchPro..."
+pip install git+https://github.com/A3copilotprogram/patchpro-bot.git
+
+# Verify installation
+echo "✅ Verifying PatchPro installation..."
+patchpro version
+
+# Configure git (required for CI demos)
+echo "🔧 Configuring git..."
+git config --global user.name "Judge Demo User"
+git config --global user.email "judge@demo.patchpro"
+git config --global init.defaultBranch main
+
+# Set up GitHub CLI authentication hint
+echo "🔑 GitHub CLI setup:"
+echo "Run 'gh auth login' to authenticate with GitHub for PR demos"
+
+# Make demo scripts executable
+echo "🎬 Making demo scripts executable..."
+chmod +x *.sh 2>/dev/null || true
+
+echo "✨ Setup complete! Ready for PatchPro CI demos."
+echo ""
+echo "Available demo scripts:"
+echo "  • ./create-judge-demo.sh - Quick CI trigger demo"
+echo "  • ./demo-complete-pr-workflow.sh - Full PR workflow demo"
+echo ""
+echo "📖 See JUDGES_DEMO_GUIDE.md for detailed instructions"

.patchpro.toml

@@ -0,0 +1,31 @@
+[analysis]
+tools = ["ruff", "semgrep"]
+exclude_patterns = ["tests/", "__pycache__/", ".venv/", ".git/"]
+max_findings_per_file = 50
+severity_threshold = "info"
+
+[ruff]
+config_file = "pyproject.toml"
+select = ["E", "F", "W", "C90", "I", "N", "UP", "B", "A", "C4", "SIM", "ARG", "PTH"]
+line_length = 88
+target_version = "py312"
+
+[semgrep]
+config = ".semgrep.yml"
+
+[llm]
+model = "gpt-4o-mini"
+max_tokens = 4000
+temperature = 0.1
+api_key_env = "OPENAI_API_KEY"
+
+[output]
+artifacts_dir = ".patchpro"
+format = "table"
+include_patches = true
+verbose = false
+
+[agent]
+enable_agentic_mode = true
+agentic_max_retries = 3
+agentic_enable_planning = true

JUDGES_DEMO_GUIDE.md

@@ -0,0 +1,85 @@
+# 🛡️ PatchPro: See It in Action
+
+## 🎯 Quick Demo Options
+
+### Option 1: Watch Real CI/CD in Action (Recommended)
+**See PatchPro running live in GitHub Actions:**
+
+📋 **Step-by-step:**
+1. 🔗 **[View Live Workflow Runs](https://github.com/A3copilotprogram/patchpro-demo-repo-waigi-ci-test-demo/actions)**
+2. Click any recent "PatchPro Agent-Dev" workflow
+3. Click "Run PatchPro analyze-pr" step to see full output
+4. Scroll through to see:
+   - ✅ Code analysis with Ruff + Semgrep  
+   - ✅ AI patch generation with GPT-4o-mini
+   - ✅ Git validation and telemetry
+   - ✅ PR comment posting
+
+**What you'll see:**
+- Real vulnerability detection 
+- AI-powered patch generation
+- Self-correction attempts
+- Comprehensive telemetry
+- PR integration
+
+### Option 2: Interactive Demo (Zero Setup)
+**Try it yourself in browser:**
+
+[![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/A3copilotprogram/patchpro-demo-repo-waigi-ci-test-demo?quickstart=1)
+
+1. Click the button above
+2. Wait 2-3 minutes for setup
+3. Run: `./demo-real-workflow.sh`
+
+### Option 3: Create Your Own PR
+**Trigger PatchPro yourself:**
+
+1. 🍴 Fork this repository
+2. 🔧 Edit any `.py` file (introduce a security issue)
+3. 📝 Create a Pull Request
+4. 🤖 Watch PatchPro analyze and comment automatically
+
+## 🎬 Recent Demo Runs
+
+**Live examples you can view right now:**
+
+- 🔗 [Latest Workflow Run](https://github.com/A3copilotprogram/patchpro-demo-repo-waigi-ci-test-demo/actions/runs/latest) 
+- 🔗 [Example PR with PatchPro Comments](https://github.com/A3copilotprogram/patchpro-demo-repo-waigi-ci-test-demo/pulls)
+- 🔗 [Download Artifacts](https://github.com/A3copilotprogram/patchpro-demo-repo-waigi-ci-test-demo/actions) (patches, traces, reports)
+
+## 📊 What PatchPro Does
+
+**In the GitHub Action, you'll see:**
+
+1. **Code Analysis** 
+   ```bash
+   python -m patchpro_bot.cli analyze-pr --base origin/main --head HEAD --with-llm
+   ```
+
+2. **AI Patch Generation**
+   - GPT-4o-mini analyzes findings
+   - Generates production-ready unified diffs
+   - Validates with `git apply --check`
+
+3. **PR Integration**
+   - Posts detailed analysis comment
+   - Uploads artifacts (patches, traces, reports)
+   - Shows telemetry and performance metrics
+
+4. **Self-Learning**
+   - Captures traces in SQLite database
+   - Records prompt/response pairs for ML training
+   - Tracks success/failure patterns
+
+## 🚀 Key Features Demonstrated
+
+- ✅ **Multi-Tool Analysis**: Ruff + Semgrep integration
+- ✅ **AI-Powered Patches**: GPT-4o-mini generates fixes
+- ✅ **Git Validation**: Every patch tested before delivery
+- ✅ **Self-Learning**: SQLite traces for continuous improvement
+- ✅ **CI/CD Integration**: Seamless GitHub Actions workflow
+- ✅ **PR Comments**: Actionable insights posted automatically
+
+## 🏆 Built for Andela GenAI Mastery Program 2025
+
+**Team PLG_5** | [patchpro.ai](https://patchpro.ai) | [Documentation](https://github.com/A3copilotprogram/patchpro-bot)

create-judge-demo.sh

@@ -0,0 +1,127 @@
+#!/bin/bash
+# Trigger Real PatchPro CI Demo
+# Creates a PR with security issues and lets judges watch the real CI workflow
+
+set -e
+
+echo "🛡️ Creating Real PatchPro CI Demo..."
+echo ""
+
+# Create a branch with timestamp
+DEMO_BRANCH="demo/judge-test-$(date +%s)"
+echo "📝 Creating branch: $DEMO_BRANCH"
+git checkout -b "$DEMO_BRANCH"
+
+# Add a file with real security vulnerabilities
+echo "🔴 Adding vulnerable code..."
+cat > judge_demo_vulnerable.py << 'EOF'
+# PatchPro Judge Demo - Vulnerable Code
+# This file contains REAL security issues that PatchPro will detect and fix
+
+import sqlite3
+import hashlib
+
+# SECURITY ISSUE: Hardcoded database password
+DB_PASSWORD = "super_secret_admin_password_123"
+
+def authenticate_user(username, password):
+    """VULNERABLE: SQL Injection"""
+    conn = sqlite3.connect("users.db")
+    # SECURITY ISSUE: Direct string interpolation = SQL injection
+    query = f"SELECT * FROM users WHERE username='{username}' AND password='{password}'"
+    cursor = conn.execute(query)
+    return cursor.fetchone() is not None
+
+def hash_password(password):
+    """VULNERABLE: Weak hashing"""
+    # SECURITY ISSUE: MD5 is cryptographically broken
+    return hashlib.md5(password.encode()).hexdigest()
+
+# SECURITY ISSUE: Hardcoded API key
+API_KEY = "sk-1234567890abcdef"
+API_SECRET = "secret-key-please-dont-share"
+
+class UserSession:
+    def __init__(self):
+        # SECURITY ISSUE: Predictable session tokens
+        self.session_token = "user_session_" + str(hash("admin"))
+
+    def validate_input(self, user_input):
+        """VULNERABLE: No input sanitization"""
+        # SECURITY ISSUE: Direct eval() execution
+        return eval(user_input)
+
+# SECURITY ISSUE: Debug mode with sensitive info
+DEBUG = True
+if DEBUG:
+    print(f"Database password: {DB_PASSWORD}")
+    print(f"API key: {API_KEY}")
+EOF
+
+# Commit the vulnerable code
+git add judge_demo_vulnerable.py
+git commit -m "feat: add user authentication system (JUDGE DEMO)
+
+This commit introduces authentication functionality but contains
+deliberate security vulnerabilities for PatchPro to detect:
+
+- SQL injection in authenticate_user()
+- Hardcoded credentials (DB_PASSWORD, API_KEY)
+- Weak MD5 hashing
+- Dangerous eval() usage
+- Debug info leakage
+
+PatchPro should detect and fix all these issues automatically."
+
+# Push the branch
+echo "📤 Pushing branch to trigger CI..."
+git push origin "$DEMO_BRANCH"
+
+# Create the PR
+echo "📝 Creating Pull Request..."
+PR_URL=$(gh pr create \
+  --title "🔴 JUDGE DEMO: Security vulnerabilities for PatchPro to fix" \
+  --body "## 🛡️ PatchPro Judge Demonstration
+
+This PR contains **real security vulnerabilities** for demonstration purposes.
+
+### 🔴 Security Issues Included:
+- **SQL Injection** (line 13): Direct string interpolation in SQL query
+- **Hardcoded Credentials** (lines 8, 27-28): Database password and API keys in plaintext
+- **Weak Hashing** (line 19): MD5 instead of secure hashing
+- **Code Injection** (line 37): Dangerous \`eval()\` usage
+- **Information Disclosure** (lines 42-44): Debug mode leaking sensitive data
+
+### 🤖 Watch PatchPro in Action:
+
+1. **Check the 'Actions' tab** to see PatchPro CI running
+2. **View this PR** for automated comment with analysis
+3. **Download artifacts** to see generated patches and telemetry
+
+### ⏱️ Expected Timeline:
+- **Analysis**: 30-60 seconds
+- **AI Patch Generation**: 1-2 minutes  
+- **PR Comment**: Within 3 minutes
+
+PatchPro will automatically:
+✅ Detect all security issues
+✅ Generate production-ready patches
+✅ Validate patches with git apply
+✅ Post comprehensive analysis report
+✅ Capture telemetry for self-learning
+
+**This demonstrates the complete CI/CD integration that judges need to see!**" 2>/dev/null)
+
+echo ""
+echo "🎉 SUCCESS! Real PatchPro demo created:"
+echo ""
+echo "📋 What to do next:"
+echo "1. 🔗 View PR: $PR_URL"
+echo "2. 🔗 Watch CI: https://github.com/A3copilotprogram/patchpro-demo-repo-waigi-ci-test-demo/actions"
+echo "3. ⏱️  Wait 2-3 minutes for PatchPro to analyze and comment"
+echo "4. 📊 Download artifacts to see patches and telemetry"
+echo ""
+echo "🎯 This shows the REAL PatchPro workflow that judges need to see!"
+
+# Return to original branch
+git checkout main 2>/dev/null || git checkout -