feat: implement smart, project-aware gitignore generator with user permission control

Author: Edge-Explorer

devguardian/server.py

@@ -36,7 +36,7 @@ async def _run_sync(func, *args, **kwargs):
 from devguardian.tools.code_helper import explain_code, review_code, generate_code, improve_code
 from devguardian.tools.tdd import test_and_fix
 from devguardian.tools.github_review import review_pull_request
-from devguardian.tools.infra import dockerize, generate_ci
+from devguardian.tools.infra import dockerize, generate_ci, generate_gitignore
 from devguardian.tools.mass_refactor import mass_refactor
 from devguardian.tools.git_ops import (
     git_status,
@@ -245,6 +245,24 @@ async def list_tools() -> list[types.Tool]:
                 "required": ["project_path"],
             },
         ),
+        types.Tool(
+            name="generate_gitignore",
+            description=(
+                "🛡️ Smart .gitignore Generator: analyzes the project structure and "
+                "generates a tailored .gitignore file via AI."
+            ),
+            inputSchema={
+                "type": "object",
+                "properties": {
+                    "project_path": {"type": "string"},
+                    "include_env": {
+                        "type": "boolean",
+                        "description": "If true, explicitly include .env and credentials in the ignore list. (User Permission)",
+                    },
+                },
+                "required": ["project_path"],
+            },
+        ),
         types.Tool(
             name="mass_refactor",
             description=(
@@ -455,6 +473,8 @@ def text(result) -> list[types.TextContent]:
             return text(await _run_sync(dockerize, **arguments))
         elif name == "generate_ci":
             return text(await _run_sync(generate_ci, **arguments))
+        elif name == "generate_gitignore":
+            return text(await _run_sync(generate_gitignore, **arguments))
         elif name == "mass_refactor":
             return text(await _run_sync(mass_refactor, **arguments))
 

devguardian/tools/infra.py

@@ -115,3 +115,30 @@ def generate_ci(project_path: str, deploy_target: str = "") -> str:
         f"```yaml\n{yaml_content[:1200]}\n```\n"
         + ("*(truncated — see file for full content)*" if len(yaml_content) > 1200 else "")
     )
+
+
+def generate_gitignore(project_path: str, include_env: bool = False) -> str:
+    """
+    Analyze the project and generate a tailored .gitignore.
+    """
+    from devguardian.utils.security import generate_smart_gitignore
+
+    content = generate_smart_gitignore(project_path, include_env=include_env)
+    root = Path(project_path)
+    gitignore_path = root / ".gitignore"
+
+    # Backup if it exists
+    if gitignore_path.exists():
+        backup = gitignore_path.with_suffix(".gitignore.bak")
+        gitignore_path.rename(backup)
+
+    gitignore_path.write_text(content, encoding="utf-8")
+
+    return (
+        f"## 🛡️ Smart .gitignore Generated!\n\n"
+        f"Project: `{project_path}`\n"
+        f"- ✅ Tailored to project structure\n"
+        f"- ✅ Sensitive file check: {'Enabled' if include_env else 'Manual review requested'}\n\n"
+        f"```text\n{content[:800]}\n```\n"
+        + ("*(truncated — see file for full content)*" if len(content) > 800 else "")
+    )

devguardian/utils/security.py

@@ -225,19 +225,49 @@ def scan_content_for_secrets(content: str, filename: str = "") -> list[str]:
 
 
 # ---------------------------------------------------------------------------
-# 4. .gitignore coverage checker
+# 4. .gitignore coverage checker & generator
 # ---------------------------------------------------------------------------
 
 
+def generate_smart_gitignore(project_path: str, include_env: bool = False) -> str:
+    """
+    Generate a tailored .gitignore for the project using Gemini and local context.
+    """
+    from devguardian.utils.file_reader import build_project_context
+    from devguardian.utils.gemini_client import ask_gemini
+
+    ctx = build_project_context(project_path)
+    env_msg = (
+        "ALWAYS include .env and credentials patterns."
+        if include_env
+        else "DO NOT explicitly include .env unless the user confirms (ask for permission). "
+        "Actually, for safety, suggest it but mark it with a comment."
+    )
+
+    prompt = (
+        f"{ctx}\n\n"
+        "Generate a professional, tailored .gitignore for this project. "
+        "1. Identify the programming language and frameworks.\n"
+        "2. Include common ignore patterns for that stack (e.g., __pycache__, node_modules, .venv, etc.).\n"
+        "3. Look at the file structure above and identify any specific large folders or temp files to ignore.\n"
+        f"4. Regarding .env: {env_msg}\n"
+        "\nReturn ONLY the content of the .gitignore file. No markdown fences, no explanations."
+    )
+
+    system_instr = (
+        "You are a DevOps architect. Generate a clean, well-organized .gitignore file. "
+        "Group patterns by category (e.g., # IDEs, # Environment, # Build artifacts)."
+    )
+
+    result = ask_gemini(prompt, system_instruction=system_instr)
+    # Strip fences if present
+    lines = [l for l in result.splitlines() if not l.strip().startswith("```")]
+    return "\n".join(lines).strip()
+
+
 def check_gitignore(repo_path: str) -> dict:
     """
     Check that .gitignore properly covers sensitive file patterns.
-
-    Returns:
-        ok       : bool  — True if all critical patterns are covered
-        covered  : list  — patterns that ARE in .gitignore
-        missing  : list  — patterns that should be in .gitignore but aren't
-        warnings : list  — human-readable warnings
     """
     root = Path(repo_path)
     gitignore_path = root / ".gitignore"
@@ -257,6 +287,7 @@ def check_gitignore(repo_path: str) -> dict:
         line.strip() for line in gitignore_content.splitlines() if line.strip() and not line.strip().startswith("#")
     }
 
+    # First check the high-priority "MUST IGNORE" list
     for pattern in _MUST_IGNORE:
         # Check exact match or wildcard coverage
         covered = (
@@ -272,7 +303,7 @@ def check_gitignore(repo_path: str) -> dict:
     if result["missing"]:
         result["ok"] = False
         result["warnings"].append(
-            "These patterns are missing from .gitignore: " + ", ".join(f"`{p}`" for p in result["missing"])
+            "These critical patterns are missing from .gitignore: " + ", ".join(f"`{p}`" for p in result["missing"])
         )
 
     return result