fix: [FEATURE] AI-powered dependency conflict prediction

[jeffmarcilliat]

Summary

This PR implements the solution for #428.

Changes

matting

Files Modified:

1. cortex/llm_router.py

   • Added CONFLICT_PREDICTION to TaskType enum
   • Added routing rule for conflict prediction tasks

2. cortex/cli.py

   • Added --predict and --no-predict flags to install command
   • Added _run_conflict_prediction() method to CortexCLI class
   • Added predict() method for standalone cortex predict command
   • Added predict subcommand parser
   • Updated help table to show predict command
   • Updated install command routing

3. tests/test_cli.py

   • Updated existing tests for new install signature
   • Added tests for --predict flag
   • Added tests for --no-predict flag
   • Added tests for standalone predict command

Feature Implementation:

The feature meets all acceptance criteria from the bounty:

1. Dependency graph analysis before install - The system analyzes installed packages from dpkg/pip before installation starts

2. Conflict prediction with confidence scores - Each predicted conflict includes a confidence score (0.0-1.0)

3. Resolution suggestions ranked by safety - Suggestions are generated and sorted by safety score, with recommended options clearly marked

4. Integration with apt/dpkg dependency data - Parses /var/lib/dpkg/status and uses apt-cache depends for APT packages

5. Works with pip packages too - Full support for Python pip packages with known conflict patterns for popular packages like TensorFlow, PyTorch, Pandas, etc.

6. CLI output shows prediction and suggestions - Rich CLI output with color-coded severity levels and formatted suggestions

Example Usage:

# Standalone prediction
$ cortex predict tensorflow
$ cortex predict tensorflow --json
$ cortex predict numpy pandas torch

# Install with prediction
$ cortex install tensorflow --predict
$ cortex install tensorflow --execute  # Auto-runs prediction before execution
$ cortex install tensorflow --execute --no-predict  # Skip prediction

Files Modified

• cortex/conflict_predictor.py
• cortex/llm_router.py
• tests/test_cli.py
• tests/test_conflict_predictor.py
• ortex/cli.py

---

This PR was generated by Freelance Agent using Claude Code

Summary by CodeRabbit

• New Features

  • AI-powered dependency conflict prediction analyzes packages before installation, blocking critical conflicts and prompting users on high-risk findings.
  • New predict command detects package conflicts with JSON and verbose output options.
  • Enhanced install command with --predict and --no-predict flags to control conflict checking behavior.

• Tests

  • Added comprehensive test coverage for conflict prediction engine and CLI integration.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR introduces an AI-powered dependency conflict predictor for Cortex. It adds a new conflict_predictor.py module that analyzes package dependencies and detects potential conflicts, integrates conflict prediction into the CLI with new predict command and flags on install, routes conflict-prediction tasks to the Kimi K2 LLM provider, and includes comprehensive test coverage for both the predictor and CLI.

Changes

Cohort / File(s)	Summary
CLI Integration cortex/cli.py	Added _run_conflict_prediction() internal method to execute prediction and handle results (blocking on critical, prompting on high-risk). Added predict() command for standalone conflict analysis with JSON/human-readable output. Extended install() signature with predict and no_predict parameters to automatically run predictions before installation.
Conflict Prediction Engine cortex/conflict_predictor.py	New 933-line module implementing DependencyConflictPredictor class with local conflict analysis (known patterns, transitive dependencies), resolution suggestion generation, ecosystem detection (PIP, APT, SYSTEM), LLM augmentation support, and dual output formats (JSON/human-readable). Defines data models: ConflictPrediction, PredictedConflict, ResolutionSuggestion, and supporting dataclasses/enums.
LLM Routing cortex/llm_router.py	Added TaskType.CONFLICT_PREDICTION enum member and routed it to LLMProvider.KIMI_K2 for technical analysis.
CLI Tests tests/test_cli.py	Extended test cases to verify install() accepts predict and no_predict flags, added tests for predict command invocation, and ensured correct parameter propagation through CLI routing.
Predictor Tests tests/test_conflict_predictor.py	Added 640-line comprehensive test suite covering version parsing/comparison, constraint satisfaction, known/transitive conflict detection, resolution generation, risk assessment, ecosystem detection, output formatting, JSON export, and dataclass/enum integrity.

Sequence Diagram(s)

sequenceDiagram
    participant User as User/CLI
    participant CortexCLI as CortexCLI
    participant Predictor as DependencyConflictPredictor
    participant System as System (apt/pip)
    participant LLMRouter as LLM Router

    User->>CortexCLI: install(package, predict=True)
    CortexCLI->>CortexCLI: _run_conflict_prediction(package)
    
    CortexCLI->>Predictor: predict_conflicts(package)
    Predictor->>System: refresh_caches() (apt/pip)
    System-->>Predictor: installed packages
    
    Predictor->>Predictor: _detect_ecosystem(package)
    Predictor->>Predictor: _analyze_known_conflicts()
    Predictor->>Predictor: _analyze_transitive_conflicts()
    
    alt LLM Available
        Predictor->>LLMRouter: route(CONFLICT_PREDICTION)
        LLMRouter-->>Predictor: analysis_details
    end
    
    Predictor->>Predictor: _generate_resolutions()
    Predictor->>Predictor: _determine_overall_risk()
    Predictor-->>CortexCLI: ConflictPrediction (risk level, conflicts)
    
    alt Critical Risk
        CortexCLI->>User: ❌ Block installation (exit code)
    else High Risk
        CortexCLI->>User: ⚠️ Prompt to proceed/cancel
    else No Risk
        CortexCLI->>User: ✓ Proceed with installation
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related issues

• [FEATURE] AI-powered dependency conflict prediction #428: The PR directly implements AI-powered dependency conflict prediction with local analysis and LLM augmentation, fully addressing this feature request.

Possibly related PRs

• feat : add Parallel Task Execution for Multi-Step Installs #288: Both PRs modify the CortexCLI.install() signature in cortex/cli.py and extend its CLI integration with new parameters.
• Added multi-step structured installation coordinator with plan support fixes #8 #190: Both PRs enhance the CortexCLI class and its install() method flow, with this PR building on the CLI foundation by adding prediction-driven installation control.

Suggested labels

MVP

Suggested reviewers

• mikejmorgan-ai
• Suyashd999

Poem

🐰 Hops with glee through dep trees tall,
Predicting conflicts before they fall!
With wisdom from the LLM's mind,
Safe resolutions we now shall find! ✨

🚥 Pre-merge checks | ❌ 3

❌ Failed checks (3 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title incorrectly uses 'fix:' prefix for a feature implementation, which contradicts the prefix convention. The content '[FEATURE]' clarifies intent but the format violates standard commit conventions.	Change title to 'feat: AI-powered dependency conflict prediction' to align with conventional commit format, where 'feat:' indicates new features.
Description check	⚠️ Warning	The PR description is missing the required 'Related Issue' section with issue number, lacks AI disclosure checkbox selections, lacks testing/checklist confirmation, and contains a typo ('matting' as orphaned text).	Add 'Closes #428' to Related Issue section, select appropriate AI disclosure checkbox, confirm tests pass, and remove the 'matting' typo. Complete all template checklist items.
Docstring Coverage	⚠️ Warning	Docstring coverage is 79.07% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

CLA Verification Failed

The following contributors have not signed the Contributor License Agreement:

• SF Hodl (agent@freelance-agent.local)

How to Sign

1. Read the CLA document
2. Open a CLA signature request
3. A maintainer will add you to the signers list
4. Comment recheck on this PR to re-run verification

---

This check runs automatically. Maintainers can update .github/cla-signers.json to add signers.

[gemini-code-assist]

Summary of Changes

Hello @jeffmarcilliat, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request delivers a crucial new feature: an AI-powered dependency conflict prediction system for the 'cortex' CLI. Its primary goal is to proactively identify and mitigate potential package conflicts before they disrupt installations or system stability. By analyzing the current system state and package requirements, it offers detailed conflict reports, confidence scores, and actionable resolution strategies, significantly improving the reliability of package management operations.

Highlights

• AI-Powered Conflict Prediction: Implemented a new system to predict dependency conflicts before package installation, leveraging local dependency graph analysis and AI for enhanced insights.
• CLI Integration: Introduced new 'cortex predict' command for standalone conflict analysis and integrated prediction into the 'cortex install' command with '--predict' and '--no-predict' flags.
• Comprehensive Analysis: The predictor analyzes both APT and Pip packages, checks for known conflict patterns, and identifies transitive dependency issues.
• Resolution Suggestions: Provides ranked resolution suggestions with safety scores and commands to help users resolve identified conflicts.
• LLM Enhancement: The system can optionally use an LLM (KIMI_K2) for deeper analysis and risk assessment of complex conflict scenarios.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sonarqubecloud]

Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 6

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

cortex/llm_router.py (1)

32-44: Use TaskType.CONFLICT_PREDICTION in the predictor’s LLM call (currently unused).

You added the routing, but cortex/conflict_predictor.py:predict_conflicts_async() still sends the LLM request as TaskType.DEPENDENCY_RESOLUTION, so this new rule may never be exercised. Consider switching that call to TaskType.CONFLICT_PREDICTION.

Also applies to: 106-117

🤖 Fix all issues with AI agents

In @cortex/cli.py:
- Around line 709-713: The CLI is double-printing " [RECOMMENDED]" because
_run_conflict_prediction() appends rec_tag when printing but the predictor also
mutates ResolutionSuggestion.description to include " [RECOMMENDED]"; remove the
mutation inside the predictor (stop modifying ResolutionSuggestion.description)
and let the CLI add rec_tag based on res.recommended (in
_run_conflict_prediction()), ensuring the predictor sets only the boolean flag
(ResolutionSuggestion.recommended) and not the description text.

In @cortex/conflict_predictor.py:
- Around line 255-320: _parse_version_constraint currently only handles a single
specifier despite the docstring example, and _check_version_satisfies implements
"~=" incompletely; fix by either adjusting the docstring to state
single-specifier support or (preferred) implement proper PEP 440 compatible
handling: update _parse_version_constraint to accept only one comma-separated
specifier (or return multiple constraints if you choose multi-specifier
support), and modify _check_version_satisfies to implement "~=" correctly by
parsing constraint.version into numeric parts, computing the upper bound per PEP
440 (if constraint has one component bump the major; if multiple components
increment the penultimate component and zero following parts), then return True
only if installed_version >= lower_bound and installed_version < upper_bound
using the existing _compare_versions helper.
- Around line 179-190: The constructor __init__ incorrectly types and routes LLM
tasks: change the llm_router parameter to have a proper type hint (llm_router:
Optional[LLMRouter] = None) and update any routing usage so conflict analysis
uses TaskType.CONFLICT_PREDICTION instead of TaskType.DEPENDENCY_RESOLUTION
(ensure calls that pass the task enum to the llm_router or to its route method
reference TaskType.CONFLICT_PREDICTION); keep the rest of initialization
(_installed_apt_cache, _installed_pip_cache, _refresh_caches) intact.

In @tests/test_conflict_predictor.py:
- Around line 229-282: Tests are flaky because
DependencyConflictPredictor.predict_conflicts calls _refresh_caches which
overwrites injected _installed_pip_cache/_installed_apt_cache; update the
failing tests (test_predict_with_conflicts and test_predict_multiple_packages)
to prevent cache refresh by patching or stubbing
DependencyConflictPredictor._refresh_caches to a no-op before calling
predict_conflicts/predict_multiple (e.g., use
patch.object(DependencyConflictPredictor, "_refresh_caches", return_value=None)
or assign predictor._refresh_caches = lambda: None) so the injected cache state
remains intact for assertions.

🧹 Nitpick comments (3)

tests/test_cli.py (1)

215-278: Add a test for --predict + --no-predict conflict (and enforce mutual exclusion).

Right now tests cover pass-through, but don’t lock in behavior for contradictory flags. Once CLI enforces mutual exclusivity (recommended), add a test asserting argparse rejects the combination.

cortex/cli.py (1)

635-762: Avoid N× cache refresh in prediction loops (install/predict can get very slow).

DependencyConflictPredictor.__init__() refreshes caches, and predict_conflicts() refreshes again; looping over packages multiplies that cost. Consider refreshing once per command and reusing the snapshot (e.g., predict_conflicts(..., refresh=False) or a predict_multiple() path that refreshes once).

Also applies to: 763-912

cortex/conflict_predictor.py (1)

739-820: Don’t refresh caches per package (predict_multiple becomes O(N) external scans).

predict_conflicts() refreshes caches every call; predict_multiple() should refresh once then analyze many. Consider a refresh: bool = True flag on predict_conflicts() and call it with False from predict_multiple() after one refresh.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fd7922b and 116d0a3.

📒 Files selected for processing (5)

• cortex/cli.py
• cortex/conflict_predictor.py
• cortex/llm_router.py
• tests/test_cli.py
• tests/test_conflict_predictor.py

🧰 Additional context used

📓 Path-based instructions (2)

**/*.py

📄 CodeRabbit inference engine (AGENTS.md)

**/*.py: Follow PEP 8 style guide
Type hints required in Python code
Docstrings required for all public APIs

Files:

• tests/test_cli.py
• cortex/llm_router.py
• tests/test_conflict_predictor.py
• cortex/conflict_predictor.py
• cortex/cli.py

tests/**/*.py

📄 CodeRabbit inference engine (AGENTS.md)

Maintain >80% test coverage for pull requests

Files:

• tests/test_cli.py
• tests/test_conflict_predictor.py

🧠 Learnings (1)

📚 Learning: 2025-12-11T12:03:24.071Z

Learnt from: CR
Repo: cortexlinux/cortex PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-11T12:03:24.071Z
Learning: Applies to **/*install*.py : Dry-run by default for all installations in command execution

Applied to files:

• cortex/cli.py

🧬 Code graph analysis (3)

tests/test_conflict_predictor.py (1)

cortex/conflict_predictor.py (19)

• ConflictPrediction (113-123)
• ConflictSeverity (25-31)
• InstalledPackage (56-62)
• PackageEcosystem (46-52)
• PredictedConflict (85-97)
• ResolutionStrategy (34-43)
• ResolutionSuggestion (101-109)
• VersionConstraint (66-71)
• _parse_version_constraint (255-269)
• _compare_versions (271-299)
• _check_version_satisfies (301-320)
• _analyze_known_conflicts (372-465)
• predict_conflicts (739-803)
• _generate_resolutions (510-620)
• _determine_overall_risk (622-635)
• _detect_ecosystem (637-681)
• format_prediction (821-868)
• export_prediction_json (870-903)
• _analyze_transitive_conflicts (467-508)

cortex/conflict_predictor.py (1)

cortex/llm_router.py (2)

• TaskType (32-43)
• acomplete (545-611)

cortex/cli.py (1)

cortex/conflict_predictor.py (4)

• ConflictSeverity (25-31)
• DependencyConflictPredictor (126-903)
• predict_conflicts (739-803)
• export_prediction_json (870-903)

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Make --predict and --no-predict mutually exclusive (and define precedence).

Right now users can pass both; argparse will accept it and your should_predict logic will silently prefer --predict. Use a mutually-exclusive group for install flags.

Also applies to: 913-935, 2426-2459

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Don’t double-print “[RECOMMENDED]”.

_run_conflict_prediction() adds rec_tag, but the predictor also mutates ResolutionSuggestion.description to include [RECOMMENDED] for the “safest” option, so you can end up with duplicated tags in output. Prefer leaving description unmodified and only styling in the CLI.

🤖 Prompt for AI Agents

In @cortex/cli.py around lines 709 - 713, The CLI is double-printing "
[RECOMMENDED]" because _run_conflict_prediction() appends rec_tag when printing
but the predictor also mutates ResolutionSuggestion.description to include "
[RECOMMENDED]"; remove the mutation inside the predictor (stop modifying
ResolutionSuggestion.description) and let the CLI add rec_tag based on
res.recommended (in _run_conflict_prediction()), ensuring the predictor sets
only the boolean flag (ResolutionSuggestion.recommended) and not the description
text.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

find . -name "conflict_predictor.py" -type f

Repository: cortexlinux/cortex

Length of output: 92

---

🏁 Script executed:

head -50 cortex/conflict_predictor.py

Repository: cortexlinux/cortex

Length of output: 1674

---

🏁 Script executed:

sed -n '175,195p' cortex/conflict_predictor.py

Repository: cortexlinux/cortex

Length of output: 912

---

🏁 Script executed:

# Check for TaskType imports and usage
rg "TaskType\.(CONFLICT_PREDICTION|DEPENDENCY_RESOLUTION)" cortex/conflict_predictor.py -A 2 -B 2

Repository: cortexlinux/cortex

Length of output: 281

---

🏁 Script executed:

# Check all TaskType definitions
fd -e py | xargs rg "class TaskType|TaskType\s*=" | head -20

Repository: cortexlinux/cortex

Length of output: 381

---

🏁 Script executed:

# Get the complete TaskType enum definition
rg "class TaskType" -A 30 cortex/llm_router.py

Repository: cortexlinux/cortex

Length of output: 1041

---

🏁 Script executed:

# Verify the exact line numbers and context of predict_conflicts_async usage
sed -n '700,740p' cortex/conflict_predictor.py

Repository: cortexlinux/cortex

Length of output: 1518

---

🏁 Script executed:

# Check if CONFLICT_PREDICTION exists anywhere in the codebase
rg "CONFLICT_PREDICTION" --type py

Repository: cortexlinux/cortex

Length of output: 266

---

🏁 Script executed:

# Check the type hint on llm_router parameter in __init__
sed -n '179,180p' cortex/conflict_predictor.py

Repository: cortexlinux/cortex

Length of output: 114

---

🏁 Script executed:

# Look for LLMRouter class and its type
rg "class LLMRouter" -A 5 cortex/

Repository: cortexlinux/cortex

Length of output: 358

---

🏁 Script executed:

# Check imports at top of conflict_predictor.py
sed -n '1,30p' cortex/conflict_predictor.py | grep -E "^import|^from"

Repository: cortexlinux/cortex

Length of output: 210

---

🏁 Script executed:

# Verify the line numbers for the "Also applies to: 683-737" claim
sed -n '683,737p' cortex/conflict_predictor.py | grep -n "task_type\|TaskType"

Repository: cortexlinux/cortex

Length of output: 184

---

🏁 Script executed:

# Check for all instances of task_type=TaskType.DEPENDENCY_RESOLUTION in the range 683-737
sed -n '683,737p' cortex/conflict_predictor.py | cat -n

Repository: cortexlinux/cortex

Length of output: 2497

---

🏁 Script executed:

# Get more context around line 725 to understand the method
sed -n '683,745p' cortex/conflict_predictor.py

Repository: cortexlinux/cortex

Length of output: 2321

---

🏁 Script executed:

# Check if there are any other instances of TaskType.DEPENDENCY_RESOLUTION in conflict_predictor.py besides the one already found
rg "task_type=TaskType.DEPENDENCY_RESOLUTION" cortex/conflict_predictor.py -n

Repository: cortexlinux/cortex

Length of output: 127

---

Use TaskType.CONFLICT_PREDICTION (not DEPENDENCY_RESOLUTION) for LLM routing.

The current code routes conflict analysis to the wrong LLM provider. TaskType.CONFLICT_PREDICTION exists in the enum and is configured to use KIMI_K2, while DEPENDENCY_RESOLUTION routes elsewhere. This mismatch defeats the purpose of the router integration.

Additionally, the llm_router parameter in __init__ (line 179) lacks a type hint; should be llm_router: Optional[LLMRouter] = None per the type hints requirement.

Proposed fix

                response = await self.llm_router.acomplete(
                    messages=[
                        {"role": "system", "content": "You are a Linux package dependency expert."},
                        {"role": "user", "content": prompt},
                    ],
-                   task_type=TaskType.DEPENDENCY_RESOLUTION,
+                   task_type=TaskType.CONFLICT_PREDICTION,
                    temperature=0.3,
                    max_tokens=1000,
                )

🤖 Prompt for AI Agents

In @cortex/conflict_predictor.py around lines 179 - 190, The constructor
__init__ incorrectly types and routes LLM tasks: change the llm_router parameter
to have a proper type hint (llm_router: Optional[LLMRouter] = None) and update
any routing usage so conflict analysis uses TaskType.CONFLICT_PREDICTION instead
of TaskType.DEPENDENCY_RESOLUTION (ensure calls that pass the task enum to the
llm_router or to its route method reference TaskType.CONFLICT_PREDICTION); keep
the rest of initialization (_installed_apt_cache, _installed_pip_cache,
_refresh_caches) intact.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, let's understand the context - find where _parse_version_constraint is called
rg "_parse_version_constraint" --type py -B 2 -A 2

Repository: cortexlinux/cortex

Length of output: 180

---

🏁 Script executed:

# Check if there are any test files for conflict_predictor
fd "test.*conflict" --type f

Repository: cortexlinux/cortex

Length of output: 94

---

🏁 Script executed:

# Search for usage patterns of version constraints in the codebase
rg ">=.*,<|~=" --type py -B 1 -A 1 | head -50

Repository: cortexlinux/cortex

Length of output: 2377

---

🏁 Script executed:

# Look at the full context of the conflict_predictor.py file around the methods in question
wc -l cortex/conflict_predictor.py

Repository: cortexlinux/cortex

Length of output: 94

---

🏁 Script executed:

# Check if there are imports or dependencies that suggest version parsing libraries
grep -n "import\|from" cortex/conflict_predictor.py | head -20

Repository: cortexlinux/cortex

Length of output: 426

---

🏁 Script executed:

# Read the full test file to understand expected behavior
cat -n tests/test_conflict_predictor.py

Repository: cortexlinux/cortex

Length of output: 27984

---

🏁 Script executed:

# Search for all calls to _parse_version_constraint to understand how it's used
rg "parse_version_constraint" --type py -B 3 -A 3

Repository: cortexlinux/cortex

Length of output: 2950

---

🏁 Script executed:

# Check how dependency_importer.py handles version constraints
sed -n '1,100p' cortex/dependency_importer.py

Repository: cortexlinux/cortex

Length of output: 2941

---

🏁 Script executed:

# Look at the section where version specs are extracted in dependency_importer.py
grep -n "version_spec\|version_match" cortex/dependency_importer.py -B 2 -A 2

Repository: cortexlinux/cortex

Length of output: 1262

---

Fix misleading docstring and incomplete ~= operator implementation.

_parse_version_constraint() cannot handle multi-specifier constraints like ">=1.0,<2.0" (it would parse version as "1.0,<2.0"), contradicting the docstring example. Additionally, ~= operator is incomplete—it only checks >= but should enforce compatible release semantics per PEP 440 (e.g., ~=1.4.2 requires >=1.4.2, <1.5.0). Either implement proper multi-specifier parsing and complete ~= semantics, or update the docstring to accurately describe single-specifier support and the simplified ~= behavior.

🤖 Prompt for AI Agents

In @cortex/conflict_predictor.py around lines 255 - 320,
_parse_version_constraint currently only handles a single specifier despite the
docstring example, and _check_version_satisfies implements "~=" incompletely;
fix by either adjusting the docstring to state single-specifier support or
(preferred) implement proper PEP 440 compatible handling: update
_parse_version_constraint to accept only one comma-separated specifier (or
return multiple constraints if you choose multi-specifier support), and modify
_check_version_satisfies to implement "~=" correctly by parsing
constraint.version into numeric parts, computing the upper bound per PEP 440 (if
constraint has one component bump the major; if multiple components increment
the penultimate component and zero following parts), then return True only if
installed_version >= lower_bound and installed_version < upper_bound using the
existing _compare_versions helper.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Resolution suggestions: avoid data/presentation mixing + fix “downgrade” command correctness.

• Appending [RECOMMENDED] into ResolutionSuggestion.description couples model data to a specific UI.
• pip install X<{conflicting_version} uses the installed version as the upper bound, which is often not the real compatible max.

At minimum, keep recommended as a boolean only, and consider carrying an explicit required constraint/range on PredictedConflict so commands can be accurate.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Fix flaky tests: predict_conflicts() refreshes caches and will overwrite injected state.

test_predict_with_conflicts and test_predict_multiple_packages set _installed_pip_cache but don’t prevent _refresh_caches() from running inside predict_conflicts(), so expectations can fail depending on the runner environment.

Proposed fix (patch refresh to no-op for these tests)

 class TestConflictPrediction(unittest.TestCase):
@@
     def test_predict_with_conflicts(self):
         """Test prediction when conflicts exist"""
         # Set up conflicting state
         self.predictor._installed_pip_cache = {
@@
         }
-
-        prediction = self.predictor.predict_conflicts("tensorflow")
+        with patch.object(self.predictor, "_refresh_caches", return_value=None):
+            prediction = self.predictor.predict_conflicts("tensorflow")
@@
 
     def test_predict_multiple_packages(self):
         """Test predicting conflicts for multiple packages"""
         self.predictor._installed_pip_cache = {}
         self.predictor._installed_apt_cache = {}
-
-        predictions = self.predictor.predict_multiple(["flask", "django", "numpy"])
+        with patch.object(self.predictor, "_refresh_caches", return_value=None):
+            predictions = self.predictor.predict_multiple(["flask", "django", "numpy"])

🤖 Prompt for AI Agents

In @tests/test_conflict_predictor.py around lines 229 - 282, Tests are flaky
because DependencyConflictPredictor.predict_conflicts calls _refresh_caches
which overwrites injected _installed_pip_cache/_installed_apt_cache; update the
failing tests (test_predict_with_conflicts and test_predict_multiple_packages)
to prevent cache refresh by patching or stubbing
DependencyConflictPredictor._refresh_caches to a no-op before calling
predict_conflicts/predict_multiple (e.g., use
patch.object(DependencyConflictPredictor, "_refresh_caches", return_value=None)
or assign predictor._refresh_caches = lambda: None) so the injected cache state
remains intact for assertions.

[gemini-code-assist]

Code Review

This pull request introduces a significant new feature: AI-powered dependency conflict prediction. The changes are extensive, adding a new cortex/conflict_predictor.py module, updating the CLI in cortex/cli.py with new commands and flags, and adding corresponding tests. Overall, the implementation is well-structured. My main feedback focuses on improving the correctness and robustness of the dependency analysis, which is currently based on some simplifications that could lead to inaccurate predictions. I've also included suggestions to improve code maintainability by removing dead code and refactoring.

[gemini-code-assist]

The custom version comparison logic in _compare_versions does not fully adhere to PEP 440 standards, particularly for pre-release versions (e.g., 1.0.0-alpha, 2.0.0rc1). This can lead to incorrect conflict detection where pre-releases are not ordered correctly against final releases.

For robust and accurate version comparison, it's highly recommended to use the packaging library, which is the standard for this in the Python ecosystem. This will ensure that all version comparisons are PEP 440 compliant.

You'll need to add packaging as a project dependency.

Suggested change

	def _compare_versions(self, v1: str, v2: str) -> int:
	"""
	Compare two version strings.
	Returns: -1 if v1 < v2, 0 if equal, 1 if v1 > v2
	"""
	def normalize(v: str) -> list[int]:
	parts = []
	for part in re.split(r"[.\-+]", v):
	# Extract numeric prefix
	match = re.match(r"(\d+)", part)
	if match:
	parts.append(int(match.group(1)))
	return parts
	v1_parts = normalize(v1)
	v2_parts = normalize(v2)
	# Pad shorter version with zeros
	max_len = max(len(v1_parts), len(v2_parts))
	v1_parts.extend([0] * (max_len - len(v1_parts)))
	v2_parts.extend([0] * (max_len - len(v2_parts)))
	for p1, p2 in zip(v1_parts, v2_parts):
	if p1 < p2:
	return -1
	if p1 > p2:
	return 1
	return 0
	def _compare_versions(self, v1: str, v2: str) -> int:
	"""
	Compare two version strings using PEP 440 semantics.
	Returns: -1 if v1 < v2, 0 if equal, 1 if v1 > v2
	"""
	from packaging.version import parse as parse_version
	v1_parsed = parse_version(v1)
	v2_parsed = parse_version(v2)
	if v1_parsed < v2_parsed:
	return -1
	if v1_parsed > v2_parsed:
	return 1
	return 0

[gemini-code-assist]

The _check_version_satisfies method appears to be unused within the application code. Maintaining and testing dead code increases the maintenance burden and can lead to confusion. If it's not needed, it should be removed. The corresponding tests in tests/test_conflict_predictor.py should also be removed.

[gemini-code-assist]

Using chr(10) to represent a newline character is less common and less readable than using the \n string literal. For better code clarity and maintainability, it's recommended to use \n.

                prompt = f"""Analyze these potential dependency conflicts for installing {package_name}:

{"
".join(conflict_descriptions)}

Installed packages context:
- Pip packages: {len(self._installed_pip_cache)}
- Apt packages: {len(self._installed_apt_cache)}

Provide:
1. Risk assessment (low/medium/high/critical)
2. Most likely cause of conflicts
3. Best resolution approach
4. Any additional conflicts I might have missed

Be concise and actionable."""

[gemini-code-assist]

The code for displaying conflict predictions here is very similar to the code in the predict method (lines 810-874). This duplication can make future changes more difficult, as they would need to be applied in two places.

Consider refactoring this display logic into a separate helper function that takes a prediction object and handles the formatting and printing. This would improve maintainability and reduce code duplication.

[gemini-code-assist]

This test class, TestVersionConstraintSatisfaction, is testing the _check_version_satisfies method. However, this method appears to be dead code as it's not called from anywhere in the application logic. Tests for dead code should be removed along with the unused method to keep the codebase clean and focused.

[Anshgrover23]

@jeffmarcilliat Someone is already assigned to this Issue before, Feel free to choose any other Issue, thanks.