Metadata-Version: 2.4
Name: hikaflow
Version: 2.2.3
Summary: Find and fix bugs in Python and TypeScript with one command
Author-email: Hikaflow <hello@hikaflow.dev>
License-Expression: LicenseRef-Proprietary
Project-URL: Homepage, https://hikaflow.dev
Project-URL: Documentation, https://hikaflow.dev/docs
Keywords: linter,scanner,security,bugs,typescript,python,ai,code-quality
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Software Development :: Debuggers
Classifier: Topic :: Software Development :: Testing
Requires-Python: >=3.9
Description-Content-Type: text/markdown
Requires-Dist: typer>=0.12
Requires-Dist: click>=8.0
Requires-Dist: rich>=13.0
Requires-Dist: questionary>=2.0
Requires-Dist: httpx>=0.27
Requires-Dist: requests>=2.32.4
Requires-Dist: prompt_toolkit>=3.0
Requires-Dist: zstandard>=0.21
Requires-Dist: patch-ng>=1.18
Requires-Dist: watchfiles>=1.0
Requires-Dist: python-dotenv>=1.0
Requires-Dist: ruff>=0.4
Requires-Dist: bandit>=1.7
Requires-Dist: vulture>=2.10
Requires-Dist: pip-audit>=2.7
Requires-Dist: tree-sitter>=0.23
Requires-Dist: tree-sitter-javascript>=0.23
Requires-Dist: tree-sitter-typescript>=0.23
Requires-Dist: claude-agent-sdk>=0.1
Requires-Dist: langgraph>=0.2
Requires-Dist: langchain-core>=0.3
Requires-Dist: langchain-anthropic>=0.3
Requires-Dist: langchain-openai>=0.3
Provides-Extra: probe
Requires-Dist: psycopg2-binary>=2.9; extra == "probe"
Requires-Dist: redis>=4.5.4; extra == "probe"
Requires-Dist: aiohttp>=3.9.4; extra == "probe"
Requires-Dist: grpcio>=1.50; extra == "probe"
Requires-Dist: boto3>=1.28; extra == "probe"
Requires-Dist: pymongo>=4.0; extra == "probe"
Provides-Extra: llm
Requires-Dist: anthropic>=0.40; extra == "llm"
Requires-Dist: openai>=1.50; extra == "llm"
Requires-Dist: instructor>=1.0; extra == "llm"
Provides-Extra: interactive
Requires-Dist: ghapi>=1.0; extra == "interactive"
Requires-Dist: semgrep; extra == "interactive"
Provides-Extra: pydantic-ai-legacy
Requires-Dist: pydantic-ai!=1.30.0,>=1.30.1; extra == "pydantic-ai-legacy"
Requires-Dist: openai>=1.50; extra == "pydantic-ai-legacy"
Provides-Extra: recording
Requires-Dist: playwright>=1.40; extra == "recording"
Requires-Dist: zstandard>=0.22; extra == "recording"
Provides-Extra: api
Requires-Dist: fastapi>=0.115; extra == "api"
Requires-Dist: uvicorn>=0.22; extra == "api"
Requires-Dist: pyjwt>=2.8; extra == "api"
Requires-Dist: httpx>=0.27; extra == "api"
Provides-Extra: dev
Requires-Dist: pytest>=7.0; extra == "dev"
Requires-Dist: pytest-cov>=4.0; extra == "dev"
Requires-Dist: pytest-asyncio>=0.21; extra == "dev"
Requires-Dist: pytest-timeout>=2.2; extra == "dev"
Requires-Dist: black>=23.0; extra == "dev"
Requires-Dist: ruff>=0.1; extra == "dev"
Requires-Dist: mypy>=1.0; extra == "dev"
Requires-Dist: fakeredis>=2.0; extra == "dev"
Requires-Dist: mongomock>=4.0; extra == "dev"
Requires-Dist: moto>=4.0; extra == "dev"
Requires-Dist: hypothesis>=6.92; extra == "dev"
Provides-Extra: observability
Requires-Dist: logfire>=0.40; extra == "observability"
Provides-Extra: otel
Requires-Dist: opentelemetry-sdk>=1.20.0; extra == "otel"
Requires-Dist: opentelemetry-exporter-otlp>=1.20.0; extra == "otel"
Requires-Dist: opentelemetry-instrumentation-asyncpg>=0.44b0; extra == "otel"
Requires-Dist: opentelemetry-instrumentation-aiohttp-client>=0.44b0; extra == "otel"
Requires-Dist: opentelemetry-instrumentation-redis>=0.44b0; extra == "otel"
Requires-Dist: opentelemetry-instrumentation-requests>=0.44b0; extra == "otel"
Requires-Dist: opentelemetry-instrumentation-httpx>=0.44b0; extra == "otel"
Requires-Dist: opentelemetry-instrumentation-sqlalchemy>=0.44b0; extra == "otel"
Provides-Extra: jobs
Requires-Dist: taskiq>=0.11; extra == "jobs"
Requires-Dist: taskiq-redis>=1.0; extra == "jobs"
Provides-Extra: retry
Requires-Dist: tenacity>=8.2; extra == "retry"
Provides-Extra: validation
Requires-Dist: libcst>=1.0; extra == "validation"
Requires-Dist: autopep8>=2.0; extra == "validation"
Requires-Dist: mypy>=1.0; extra == "validation"
Provides-Extra: transcript
Requires-Dist: fastjsonschema>=2.19; extra == "transcript"
Provides-Extra: analysis
Requires-Dist: mypy>=1.0; extra == "analysis"
Requires-Dist: ruff>=0.1; extra == "analysis"
Provides-Extra: dataflow
Requires-Dist: networkx>=3.0; extra == "dataflow"
Provides-Extra: learning
Requires-Dist: river>=0.21; extra == "learning"
Provides-Extra: impact
Requires-Dist: pytest-testmon>=2.1; extra == "impact"
Provides-Extra: integrations
Requires-Dist: slack-sdk>=3.27; extra == "integrations"
Requires-Dist: linear-api>=0.3; extra == "integrations"
Provides-Extra: optimization
Requires-Dist: dspy>=2.4; extra == "optimization"
Provides-Extra: mcp
Requires-Dist: fastmcp>=2.0; extra == "mcp"
Provides-Extra: all
Requires-Dist: autodebug[analysis,api,dataflow,dev,interactive,jobs,learning,llm,mcp,observability,optimization,otel,probe,retry,transcript,validation]; extra == "all"

# Hikaflow

**Find and fix bugs in Python and TypeScript with one command.**

Hikaflow scans your code with 6 engines (Ruff, Bandit, ESLint, Vulture, npm audit, AST), finds real bugs, and fixes them with AI — syntax-checked and linted before applying.

```bash
pip install hikaflow
hikaflow scan
```

No config needed. No login required for scanning.

## What it finds

- Security vulnerabilities (SQL injection, XSS, hardcoded secrets, eval usage)
- Bugs (missing await, unchecked None, loose equality, empty catch blocks)
- Dead code and unused imports
- Dependency vulnerabilities (pip-audit, npm audit)
- Code smells (bare except, mutable defaults, type coercion)

## Quick start

### Scan your project

```bash
cd your-project
hikaflow scan
```

Output:

```
Scanning 142 files...

 CRITICAL  api/auth.py:47       SQL injection via string formatting
 HIGH      payments.ts:23       Missing await on async call
 HIGH      app.tsx:91           User input in dangerouslySetInnerHTML
 MEDIUM    utils.py:12          Bare except clause hides errors
 LOW       config.py:8          Unused import: os

Found 5 issues (1 critical, 2 high, 1 medium, 1 low)
```

### Fix issues with AI

```bash
hikaflow scan --fix
```

Select issues with arrow keys, preview the diff, and apply. Fixes are syntax-checked and linted before applying.

### Fix everything at once

```bash
hikaflow scan --fix-all
```

### Only scan changed files

```bash
hikaflow scan --changed
```

### Generate an HTML report

```bash
hikaflow scan --html report.html
```

## Supported languages

| Language | Engines |
|----------|---------|
| Python | Ruff, Bandit, Vulture, pip-audit, 13 AST specialists |
| TypeScript / JavaScript | ESLint, npm audit, 6 tree-sitter specialists |

## Configuration

Create `.hikaflow.yml` in your project root to suppress rules or paths:

```yaml
ignore_rules:
  - hardcoded-secret    # Suppress specific rules
  - unused-import

ignore_paths:
  - "vendor/*"          # Skip vendored code
  - "*.test.ts"         # Skip test files
  - "migrations/*"
```

## CI integration

```bash
hikaflow ci-setup
```

This generates:
- `.github/workflows/hikaflow.yml` — GitHub Action that runs on every PR
- `.hikaflow.yml` — default config
- Pre-commit hook (optional)

Or add manually to your workflow:

```yaml
- name: Install Hikaflow
  run: pip install hikaflow

- name: Scan for bugs
  run: hikaflow scan --json > hikaflow-results.json

- name: Fail on critical issues
  run: hikaflow scan --exit-code
```

## AI fixes (free tier)

Scanning is free and unlimited. AI fixes require a free account:

```bash
hikaflow login
hikaflow scan --fix
```

| Plan | AI fixes / month | Price |
|------|-----------------|-------|
| Free | 5 | $0 |
| Pro | 100 | $19/mo |
| Team | 1,000 | $49/mo |

Sign up at [debug.hikaflow.com](https://debug.hikaflow.com).

## Commands

| Command | Description |
|---------|-------------|
| `hikaflow scan` | Scan code for bugs and security issues |
| `hikaflow scan --fix` | Interactive AI fix mode |
| `hikaflow scan --fix-all` | Fix all issues automatically |
| `hikaflow scan --changed` | Only scan git-changed files |
| `hikaflow scan --html out.html` | Generate HTML report |
| `hikaflow ci-setup` | Generate CI config and pre-commit hooks |
| `hikaflow login` | Authenticate (required for AI fixes) |
| `hikaflow doctor` | Check environment and dependencies |

## Requirements

- Python 3.9+
- Node.js (optional, for ESLint/npm audit on JS/TS projects)

## Links

- [Website](https://debug.hikaflow.com)
- [PyPI](https://pypi.org/project/hikaflow/)
- [Issues](https://github.com/hikaflow-debug/hikaflow-debugger/issues)

## License

Proprietary - All rights reserved.
