minor changes

internal/guidedremediation/client/client.go → internal/guidedremediation/matcher/matcher.go

@@ -12,8 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// Package client provides interfaces for the clients used by guided remediation.
-package client
+// Package matcher provides the interface for the vulnerability matcher used by guided remediation.
+package matcher
 
 import (
 	"context"

internal/guidedremediation/clienttest/mock_vulnerability_matcher.go → internal/guidedremediation/matchertest/mock_vulnerability_matcher.go

@@ -12,8 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// Package clienttest provides mock clients for testing.
-package clienttest
+// Package matchertest provides mock matcher for testing.
+package matchertest
 
 import (
 	"context"
@@ -23,14 +23,14 @@ import (
 
 	"deps.dev/util/resolve"
 	"github.com/google/osv-scalibr/extractor"
-	"github.com/google/osv-scalibr/internal/guidedremediation/client"
+	"github.com/google/osv-scalibr/internal/guidedremediation/matcher"
 	"gopkg.in/yaml.v3"
 )
 
-type mockVulnerabilityMatcher []*client.OSVRecord
+type mockVulnerabilityMatcher []*matcher.OSVRecord
 
-func (mvc mockVulnerabilityMatcher) MatchVulnerabilities(ctx context.Context, invs []*extractor.Inventory) ([][]*client.OSVRecord, error) {
-	result := make([][]*client.OSVRecord, len(invs))
+func (mvc mockVulnerabilityMatcher) MatchVulnerabilities(ctx context.Context, invs []*extractor.Inventory) ([][]*matcher.OSVRecord, error) {
+	result := make([][]*matcher.OSVRecord, len(invs))
 	for i, inv := range invs {
 		for _, vuln := range mvc {
 			if vulnAffectsInv(vuln, inv) {
@@ -42,7 +42,7 @@ func (mvc mockVulnerabilityMatcher) MatchVulnerabilities(ctx context.Context, in
 }
 
 type mockVulns struct {
-	Vulns []*client.OSVRecord `yaml:"vulns"`
+	Vulns []*matcher.OSVRecord `yaml:"vulns"`
 }
 
 // NewMockVulnerabilityMatcher creates a mock vulnerability matcher for testing.
@@ -64,7 +64,7 @@ func NewMockVulnerabilityMatcher(t *testing.T, vulnsYAML string) mockVulnerabili
 }
 
 // TODO: similar logic will need to be used elsewhere in guided remediation.
-func vulnAffectsInv(vuln *client.OSVRecord, inv *extractor.Inventory) bool {
+func vulnAffectsInv(vuln *matcher.OSVRecord, inv *extractor.Inventory) bool {
 	resolveSys, ok := inv.Metadata.(resolve.System)
 	if !ok {
 		return false
@@ -84,7 +84,7 @@ func vulnAffectsInv(vuln *client.OSVRecord, inv *extractor.Inventory) bool {
 				continue
 			}
 			events := slices.Clone(r.Events)
-			eventVersion := func(e client.OSVEvent) string {
+			eventVersion := func(e matcher.OSVEvent) string {
 				if e.Introduced != "" {
 					return e.Introduced
 				}
@@ -93,7 +93,7 @@ func vulnAffectsInv(vuln *client.OSVRecord, inv *extractor.Inventory) bool {
 				}
 				return e.LastAffected
 			}
-			slices.SortFunc(events, func(a, b client.OSVEvent) int {
+			slices.SortFunc(events, func(a, b matcher.OSVEvent) int {
 				aVer := eventVersion(a)
 				bVer := eventVersion(b)
 				if aVer == "0" {
@@ -108,7 +108,7 @@ func vulnAffectsInv(vuln *client.OSVRecord, inv *extractor.Inventory) bool {
 				// sys.Compare on strings is expensive, should consider precomputing sys.Parse
 				return sys.Compare(aVer, bVer)
 			})
-			idx, exact := slices.BinarySearchFunc(events, inv.Version, func(e client.OSVEvent, v string) int {
+			idx, exact := slices.BinarySearchFunc(events, inv.Version, func(e matcher.OSVEvent, v string) int {
 				eVer := eventVersion(e)
 				if eVer == "0" {
 					return -1

internal/guidedremediation/resolution/vulnerabilities.go

@@ -22,15 +22,15 @@ import (
 
 	"deps.dev/util/resolve"
 	"github.com/google/osv-scalibr/extractor"
-	"github.com/google/osv-scalibr/internal/guidedremediation/client"
 	"github.com/google/osv-scalibr/internal/guidedremediation/manifest"
+	"github.com/google/osv-scalibr/internal/guidedremediation/matcher"
 	"github.com/google/osv-scalibr/plugin"
 	"github.com/google/osv-scalibr/purl"
 )
 
 // Vulnerability represents a vulnerability found in a dependency graph.
 type Vulnerability struct {
-	OSV     *client.OSVRecord
+	OSV     *matcher.OSVRecord
 	DevOnly bool
 	// Subgraphs are the collections of nodes and edges that reach the vulnerable node.
 	// Subgraphs all contain the root node (NodeID 0) with no incoming edges (Parents),
@@ -40,19 +40,19 @@ type Vulnerability struct {
 
 // FindVulnerabilities scans for vulnerabilities in a resolved graph.
 // One Vulnerability is created per unique ID, which may affect multiple graph nodes.
-func FindVulnerabilities(ctx context.Context, cl client.VulnerabilityMatcher, m manifest.Manifest, graph *resolve.Graph) ([]Vulnerability, error) {
+func FindVulnerabilities(ctx context.Context, cl matcher.VulnerabilityMatcher, m manifest.Manifest, graph *resolve.Graph) ([]Vulnerability, error) {
 	nodeVulns, err := cl.MatchVulnerabilities(ctx, graphToInventory(graph))
 	if err != nil {
 		return nil, err
 	}
 
 	// The root node is of the graph is excluded from the vulnerability results.
 	// Prepend an element to nodeVulns so that the indices line up with graph.Nodes[i] <=> nodeVulns[i]
-	nodeVulns = append([][]*client.OSVRecord{nil}, nodeVulns...)
+	nodeVulns = append([][]*matcher.OSVRecord{nil}, nodeVulns...)
 
 	// Find the dependency subgraphs of the vulnerable dependencies.
 	var vulnerableNodes []resolve.NodeID
-	uniqueVulns := make(map[string]*client.OSVRecord)
+	uniqueVulns := make(map[string]*matcher.OSVRecord)
 	for i, vulns := range nodeVulns {
 		if len(vulns) > 0 {
 			vulnerableNodes = append(vulnerableNodes, resolve.NodeID(i))

internal/guidedremediation/resolution/vulnerabilities_test.go

@@ -1,3 +1,17 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package resolution_test
 
 import (
@@ -9,9 +23,9 @@ import (
 	"deps.dev/util/resolve/schema"
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
-	"github.com/google/osv-scalibr/internal/guidedremediation/clienttest"
 	"github.com/google/osv-scalibr/internal/guidedremediation/manifest"
 	"github.com/google/osv-scalibr/internal/guidedremediation/manifest/npm"
+	"github.com/google/osv-scalibr/internal/guidedremediation/matchertest"
 	"github.com/google/osv-scalibr/internal/guidedremediation/resolution"
 )
 
@@ -66,7 +80,7 @@ test 1.0.0
 		charlieNode resolve.NodeID = 4
 	)
 
-	vulnMatcher := clienttest.NewMockVulnerabilityMatcher(t, "testdata/vulnerabilities.yaml")
+	vulnMatcher := matchertest.NewMockVulnerabilityMatcher(t, "testdata/vulnerabilities.yaml")
 	type vuln struct {
 		ID    string
 		Nodes []resolve.NodeID

internal/resolution/clienttest/mock_resolution_client.go

@@ -30,10 +30,6 @@ type ResolutionUniverse struct {
 	Schema string `yaml:"schema"`
 }
 
-type mockDependencyClient struct {
-	*resolve.LocalClient
-}
-
 // NewMockResolutionClient creates a new mock resolution client from the given universe YAML.
 func NewMockResolutionClient(t *testing.T, universeYAML string) resolve.Client {
 	t.Helper()
@@ -67,5 +63,5 @@ func NewMockResolutionClient(t *testing.T, universeYAML string) resolve.Client {
 		t.Fatalf("failed parsing schema: %v", err)
 	}
 
-	return mockDependencyClient{sch.NewClient()}
+	return sch.NewClient()
 }