DEL

todos/001-completed-p1-security-exception-handling.md

@@ -0,0 +1,73 @@
+---
+status: pending
+priority: p1
+issue_id: "001"
+tags: ["security", "refactor", "python"]
+dependencies: []
+---
+
+# Fix S110 Security Issue in Extractor
+
+Replace `try-except-pass` block in `src/helia/analysis/extractor.py` with specific exception handling and logging.
+
+## Problem Statement
+
+The Security Sentinel identified a distinct security risk (S110) in `src/helia/analysis/extractor.py`. A `try-except-pass` block silently suppresses errors, making debugging impossible and potentially hiding security-critical failures or data corruption issues.
+
+## Findings
+
+- **File:** `src/helia/analysis/extractor.py`
+- **Issue:** S110 - `try-except-pass` detected.
+- **Impact:** Critical for visibility and system stability. Silent failures can lead to unpredictable application states.
+
+## Proposed Solutions
+
+### Option 1: Log and Re-raise
+
+**Approach:** Catch the specific exception, log the error with a traceback, and optionally re-raise it if the application cannot recover.
+
+**Pros:**
+- Full visibility into errors.
+- Prevents silent failures.
+
+**Cons:**
+- May require error handling changes upstream if exceptions are raised.
+
+### Option 2: Log and Continue (Safe Fallback)
+
+**Approach:** Catch specific exception, log it as an error/warning, and set a safe default value or continue processing if appropriate.
+
+**Pros:**
+- Prevents application crash while maintaining visibility.
+
+**Cons:**
+- Might mask severity if logs aren't monitored.
+
+## Recommended Action
+
+**To be filled during triage.**
+
+## Technical Details
+
+**Affected files:**
+- `src/helia/analysis/extractor.py`
+
+## Resources
+
+- **Source:** Security Sentinel Report
+
+## Acceptance Criteria
+
+- [ ] `try-except-pass` block removed.
+- [ ] Specific exception type caught (not bare `except:`).
+- [ ] Error logged using `logging` module (not `print`).
+- [ ] Unit tests added to verify exception handling behavior.
+
+## Work Log
+
+### 2025-12-20 - Initial Creation
+
+**By:** Claude Code
+
+**Actions:**
+- Created todo based on Security Sentinel findings.

todos/002-completed-p2-magic-numbers-refactor.md

@@ -0,0 +1,62 @@
+---
+status: pending
+priority: p2
+issue_id: "002"
+tags: ["refactor", "maintainability", "python"]
+dependencies: []
+---
+
+# Refactor PHQ-8 Scoring Magic Numbers
+
+Extract PHQ-8 scoring constants in `src/helia/assessment/core.py` to improve maintainability and readability.
+
+## Problem Statement
+
+The Kieran Python Reviewer and Pattern Recognition Specialist identified "magic numbers" in the PHQ-8 scoring logic within `src/helia/assessment/core.py`. Hardcoded values make the code difficult to understand and risky to modify.
+
+## Findings
+
+- **File:** `src/helia/assessment/core.py`
+- **Issue:** Hardcoded integers representing PHQ-8 scoring thresholds or values.
+- **Recommendation:** Extract these into named constants.
+
+## Proposed Solutions
+
+### Option 1: Class-level Constants
+
+**Approach:** Define capitalized constants (e.g., `MIN_SCORE`, `SEVERE_THRESHOLD`) at the top of the class or module.
+
+**Pros:**
+- Improves readability (intent is clear).
+- Single source of truth for changes.
+
+**Cons:**
+- None significant.
+
+## Recommended Action
+
+**To be filled during triage.**
+
+## Technical Details
+
+**Affected files:**
+- `src/helia/assessment/core.py`
+
+## Resources
+
+- **Source:** Kieran Python Reviewer / Pattern Recognition Specialist
+
+## Acceptance Criteria
+
+- [ ] All magic numbers in PHQ-8 logic replaced with named constants.
+- [ ] Constants defined at module or class level.
+- [ ] Logic remains functionally identical (verify with tests if available).
+
+## Work Log
+
+### 2025-12-20 - Initial Creation
+
+**By:** Claude Code
+
+**Actions:**
+- Created todo based on code review findings.

todos/003-completed-p2-logging-migration.md

@@ -0,0 +1,62 @@
+---
+status: pending
+priority: p2
+issue_id: "003"
+tags: ["ops", "quality", "python"]
+dependencies: []
+---
+
+# Switch to Logging in Main
+
+Replace `print` statements with the standard `logging` module in `src/helia/main.py`.
+
+## Problem Statement
+
+`src/helia/main.py` uses `print` statements for output. This prevents proper log level management, timestamping, and integration with monitoring systems.
+
+## Findings
+
+- **File:** `src/helia/main.py`
+- **Issue:** Use of `print` for logging information.
+- **Impact:** Ops/Visibility reduced.
+
+## Proposed Solutions
+
+### Option 1: Standard Logging
+
+**Approach:** Import `logging`, configure a basic logger, and replace `print()` calls with `logger.info()`, `logger.error()`, etc.
+
+**Pros:**
+- Standard practice.
+- Configurable output levels and formats.
+
+**Cons:**
+- Slight initial setup overhead.
+
+## Recommended Action
+
+**To be filled during triage.**
+
+## Technical Details
+
+**Affected files:**
+- `src/helia/main.py`
+
+## Resources
+
+- **Source:** Kieran Python Reviewer
+
+## Acceptance Criteria
+
+- [ ] `logging` module imported and configured.
+- [ ] All diagnostic `print` statements replaced with `logger` calls.
+- [ ] Import organization fixed in `src/helia/main.py` (mentioned in findings).
+
+## Work Log
+
+### 2025-12-20 - Initial Creation
+
+**By:** Claude Code
+
+**Actions:**
+- Created todo based on code review findings.

todos/004-completed-p2-namespace-packages.md

@@ -0,0 +1,61 @@
+---
+status: pending
+priority: p2
+issue_id: "004"
+tags: ["security", "reliability", "python"]
+dependencies: []
+---
+
+# Add __init__.py to Namespace Packages
+
+Add `__init__.py` files to implicit namespace packages to prevent import hijacking and ensure correct package resolution.
+
+## Problem Statement
+
+Both Security Sentinel (INP001) and Kieran Python Reviewer identified missing `__init__.py` files. While Python 3 supports implicit namespace packages, omitting `__init__.py` in standard packages can lead to ambiguity and potential security risks (import hijacking).
+
+## Findings
+
+- **Issue:** Missing `__init__.py` files.
+- **Impact:** Security/Reliability. INP001 warning.
+
+## Proposed Solutions
+
+### Option 1: Add Empty __init__.py
+
+**Approach:** Create empty `__init__.py` files in all directory levels that function as packages.
+
+**Pros:**
+- Explicitly defines packages.
+- Resolves INP001.
+
+**Cons:**
+- Adds file clutter (minor).
+
+## Recommended Action
+
+**To be filled during triage.**
+
+## Technical Details
+
+**Likely locations:**
+- `src/helia` (check if present)
+- Subdirectories in `src/helia` where they are missing.
+
+## Resources
+
+- **Source:** Security Sentinel / Kieran Python Reviewer
+
+## Acceptance Criteria
+
+- [ ] `__init__.py` files added to all relevant source directories.
+- [ ] Package imports verify correctly.
+
+## Work Log
+
+### 2025-12-20 - Initial Creation
+
+**By:** Claude Code
+
+**Actions:**
+- Created todo based on code review findings.

todos/005-completed-p3-code-cleanup.md

@@ -0,0 +1,69 @@
+---
+status: pending
+priority: p3
+issue_id: "005"
+tags: ["cleanup", "quality", "python"]
+dependencies: []
+---
+
+# General Code Quality Cleanup
+
+Address various code quality issues including unused arguments, type ignores, and list optimizations.
+
+## Problem Statement
+
+Multiple reviewers identified smaller code quality issues that accumulate to technical debt. These include unused arguments in `workflow.py`, specific type ignores in `db.py`, and list comprehension optimizations in `core.py`.
+
+## Findings
+
+1. **`src/helia/assessment/core.py`**:
+   - Optimize list comprehension.
+2. **`src/helia/agent/workflow.py`**:
+   - Rename unused `state` arguments to `_state`.
+3. **`src/helia/assessment/core.py`**:
+   - Use dependency injection for `PHQ8Evaluator`.
+4. **`src/helia/db.py`**:
+   - PGH003: Narrow `type: ignore` to `type: ignore[arg-type]`.
+5. **General**:
+   - Recommends generator expression for join operations.
+
+## Proposed Solutions
+
+### Option 1: Batch Cleanup
+
+**Approach:** Go through each file and apply the specific fix.
+
+**Pros:**
+- Cleans up "broken windows".
+- Improves linting scores.
+
+## Recommended Action
+
+**To be filled during triage.**
+
+## Technical Details
+
+**Affected files:**
+- `src/helia/assessment/core.py`
+- `src/helia/agent/workflow.py`
+- `src/helia/db.py`
+
+## Resources
+
+- **Source:** Kieran Python Reviewer, Security Sentinel, Pattern Recognition Specialist
+
+## Acceptance Criteria
+
+- [ ] `src/helia/assessment/core.py`: List comprehension optimized.
+- [ ] `src/helia/agent/workflow.py`: Unused args renamed to `_state`.
+- [ ] `src/helia/db.py`: `type: ignore` narrowed.
+- [ ] `src/helia/assessment/core.py`: Dependency injection pattern reviewed/applied.
+
+## Work Log
+
+### 2025-12-20 - Initial Creation
+
+**By:** Claude Code
+
+**Actions:**
+- Created todo based on aggregated code review findings.