Enforce SonarQube/Codacy rules; split platform_wrapper backends

- CLAUDE.md: add Static Analysis Compliance section covering complexity,
  exception chaining, Bandit security, resource management, and naming.
- Replace print() in library code with autocontrol_logger across utils,
  wrapper, osx, and linux backends to satisfy python:S4792.
- Narrow bare `except Exception` to specific exception tuples and add
  `raise ... from error` for chain preservation (python:S5655).
- Remove shell=True from ShellManager; normalize commands via shlex to
  argv list, eliminating Bandit B602.
- Replace wildcard Cocoa/Foundation imports in osx_listener with
  explicit symbols (python:S2208).
- Drop sys.argv side effects from start_autocontrol_socket_server; bind
  default host to 127.0.0.1 for least privilege.
- Split platform_wrapper monolith into _platform_linux / _platform_osx /
  _platform_windows to satisfy the 750-line file limit.

Author: JE-Chen

CLAUDE.md

@@ -133,3 +133,83 @@ python -m build
 - JSON action command names use `AC_` prefix (e.g., `AC_click_mouse`).
 - Platform backends follow naming: `{platform}_{function}.py` (e.g., `win32_ctype_mouse_control.py`).
 - Virtual key mappings are in `core/utils/*_vk.py` per platform.
+
+## Static Analysis Compliance (SonarQube / Codacy / Pylint / Bandit)
+
+All code must satisfy the following rules so automated scanners (SonarQube, Codacy, Pylint, Bandit, Radon, Prospector) report zero new issues.
+
+### Complexity & Size Limits
+
+- **Cyclomatic complexity** per function ≤ 10. Refactor with early returns, extracted helpers, or lookup dicts when exceeded.
+- **Cognitive complexity** per function ≤ 15 (SonarQube `python:S3776`).
+- **Function length** ≤ 75 lines. Long procedural flows must be split into named helpers.
+- **Parameter count** ≤ 7 (`python:S107`). Group related parameters into a dataclass or config object when exceeded.
+- **Nesting depth** ≤ 4 (`python:S134`). Flatten with guard clauses.
+- **File length** ≤ 750 lines. Split large modules along responsibility lines.
+- **Identical branches**: `if`/`elif`/`else` branches must not have identical bodies (`python:S3923`).
+- **Duplicated code**: no duplicated blocks ≥ 10 lines across the project (Sonar default). Extract to a shared helper.
+
+### Bug & Correctness Rules
+
+- **No bare `except:`** — always catch a specific exception type (`python:S5754`, Bandit `B001`).
+- **No empty `except` blocks** (`python:S2737`). At minimum log the error or re-raise.
+- **Preserve exception chain**: inside `except`, raising a new exception must use `raise NewError(...) from exc` (`python:S5655`).
+- **No mutable default arguments** (`python:S5727`): never use `def f(x=[])` or `{}`. Use `None` + lazy init.
+- **No unused imports, variables, parameters, or assignments** (`python:S1481`, `S1854`, `S1172`). Remove them; do not rename to `_unused`.
+- **No dead / unreachable code** (`python:S1763`).
+- **No commented-out code blocks** (`python:S125`) — delete instead; git history preserves it.
+- **No `TODO`/`FIXME`/`XXX`** without an issue-tracker reference in the same comment (`python:S1135`).
+- **No `print()`** in library code (`je_auto_control/` outside `gui/` stdout tooling). Use the project logger.
+- **No `assert` for runtime checks** in non-test code (Bandit `B101`) — `assert` is stripped with `-O`. Raise explicit exceptions.
+- **String formatting**: prefer f-strings over `%` or `.format()` for readability; never interpolate untrusted data into shell/SQL.
+- **Equality with `None`/`True`/`False`**: use `is` / `is not`, never `==` (`python:S2589`).
+- **Boolean simplification**: no `if cond: return True else: return False` — return the expression directly (`python:S1126`).
+- **Identical expressions on both sides** of `and`/`or`/`==`/`!=` are forbidden (`python:S1764`).
+
+### Security Rules (Bandit / Sonar Security Hotspots)
+
+- **No `eval`, `exec`, `compile`** on any runtime-sourced string (Bandit `B307`, `B102`).
+- **No `pickle`, `marshal`, `shelve`, `dill`** on data from disk, network, or user input (Bandit `B301`, `B302`). Use JSON with schema validation.
+- **No `subprocess` with `shell=True`** or string-built command lines (Bandit `B602`, `B605`). Pass argv lists and validate against allowlists.
+- **No `os.system`, `os.popen`, `commands.*`** (Bandit `B605`, `B607`).
+- **No insecure hash** (`md5`, `sha1`) for security purposes (Bandit `B303`, `B324`). Use `hashlib.sha256` or better.
+- **No `tempfile.mktemp`** — use `NamedTemporaryFile` / `mkstemp` (Bandit `B306`).
+- **No hardcoded passwords, tokens, or secrets** (Bandit `B105`–`B107`, `python:S2068`).
+- **No `yaml.load`** without `SafeLoader` (Bandit `B506`).
+- **`requests`/`urllib` calls** must set explicit `timeout=` (`python:S5332`, Bandit `B113`).
+- **No `ssl._create_unverified_context` / `verify=False`** (Bandit `B501`).
+- **Path traversal**: validate and `os.path.realpath` user-supplied paths before I/O.
+- **Socket binds** must default to `127.0.0.1`; `0.0.0.0` requires an explicit, documented opt-in.
+
+### Resource & Concurrency
+
+- **Always use `with`** for files, sockets, locks, and OpenCV `VideoCapture`/`VideoWriter` (`python:S5720`). No manual `close()` in normal flow.
+- **Release platform resources** (GDI handles, Quartz event sources, X display) in `finally` or `__exit__`.
+- **Thread-safety**: shared mutable state between the socket server, recording thread, and callback executor must be guarded by `threading.Lock` / `queue.Queue`.
+
+### Style & Naming
+
+- **snake_case** for functions, methods, variables, modules; **PascalCase** for classes; **UPPER_SNAKE_CASE** for module-level constants (`python:S117`, Pylint `C0103`).
+- **Max line length**: 120 chars (`python:S103`).
+- **Docstrings** on every public module, class, and function (`python:S1720`, Pylint `C0114`–`C0116`) — one-line summary minimum; type hints replace parameter-type prose.
+- **Import order**: stdlib → third-party → first-party, separated by blank lines; no wildcard imports except in `__init__.py` façade (`python:S2208`).
+- **No `global`** statements outside module initialization (`python:S2208`).
+
+### Test Hygiene
+
+- Tests must avoid `assert` against object identity of mutable literals and must not depend on execution order (Pylint / Sonar `python:S5914`).
+- No `time.sleep` > 1s in unit tests; use fakes / event signals.
+
+### Automated Verification
+
+Run before every commit; fix all new findings:
+
+```bash
+pip install ruff pylint bandit radon
+ruff check je_auto_control/
+pylint je_auto_control/
+bandit -r je_auto_control/ -x je_auto_control/test
+radon cc je_auto_control/ -a -nc   # flags functions with CC >= C (>10)
+```
+
+If a rule must be suppressed, add an inline justification: `# noqa: <code>  # reason: <why>` or `# nosec B404  # reason: <why>`. Blanket suppressions at file/module level are forbidden.

je_auto_control/__main__.py

@@ -12,6 +12,7 @@
 from je_auto_control.utils.file_process.get_dir_file_list import \
     get_dir_files_as_list
 from je_auto_control.utils.json.json_file import read_action_json
+from je_auto_control.utils.logging.logging_instance import autocontrol_logger
 from je_auto_control.utils.project.create_project_structure import create_project_dir
 
 if __name__ == "__main__":
@@ -61,6 +62,9 @@ def preprocess_read_str_execute_action(execute_str: str):
                 argparse_event_dict.get(key)(value)
         if all(value is None for value in args.values()):
             raise AutoControlArgparseException(argparse_get_wrong_data_error_message)
-    except Exception as error:
-        print(repr(error), file=sys.stderr)
+    except AutoControlArgparseException as error:
+        autocontrol_logger.error("argparse failure: %r", error)
+        sys.exit(1)
+    except (OSError, ValueError, RuntimeError) as error:
+        autocontrol_logger.error("cli execution failed: %r", error)
         sys.exit(1)

je_auto_control/gui/_auto_click_tab.py

@@ -0,0 +1,263 @@
+from PySide6.QtGui import QIntValidator
+from PySide6.QtWidgets import (
+    QWidget, QLineEdit, QComboBox, QPushButton, QVBoxLayout, QLabel,
+    QGridLayout, QHBoxLayout, QRadioButton, QButtonGroup, QMessageBox,
+    QGroupBox,
+)
+
+from je_auto_control.gui.language_wrapper.multi_language_wrapper import language_wrapper
+from je_auto_control.wrapper.auto_control_keyboard import (
+    type_keyboard, hotkey, write, get_keyboard_keys_table,
+)
+from je_auto_control.wrapper.auto_control_mouse import (
+    click_mouse, get_mouse_position, mouse_scroll,
+    mouse_keys_table, special_mouse_keys_table,
+)
+
+
+def _t(key: str) -> str:
+    return language_wrapper.language_word_dict.get(key, key)
+
+
+class AutoClickTabMixin:
+    """
+    Mixin that provides the auto-click tab UI and handlers.
+    Requires the host widget to expose `self.timer`, `self.repeat_count`,
+    `self.repeat_max` attributes set in its __init__.
+    """
+
+    def _build_auto_click_tab(self) -> QWidget:
+        tab = QWidget()
+        outer = QVBoxLayout()
+
+        click_group = QGroupBox(_t("tab_auto_click"))
+        grid = QGridLayout()
+        row = 0
+
+        grid.addWidget(QLabel(_t("input_method")), row, 0)
+        self.mouse_radio = QRadioButton(_t("mouse_radio"))
+        self.keyboard_radio = QRadioButton(_t("keyboard_radio"))
+        self.mouse_radio.setChecked(True)
+        self._input_group = QButtonGroup()
+        self._input_group.addButton(self.mouse_radio)
+        self._input_group.addButton(self.keyboard_radio)
+        h = QHBoxLayout()
+        h.addWidget(self.mouse_radio)
+        h.addWidget(self.keyboard_radio)
+        grid.addLayout(h, row, 1)
+
+        row += 1
+        grid.addWidget(QLabel(_t("interval_time")), row, 0)
+        self.interval_input = QLineEdit("1000")
+        self.interval_input.setValidator(QIntValidator(1, 999999999))
+        grid.addWidget(self.interval_input, row, 1)
+
+        row += 1
+        grid.addWidget(QLabel(_t("cursor_x")), row, 0)
+        self.cursor_x_input = QLineEdit()
+        self.cursor_x_input.setValidator(QIntValidator())
+        grid.addWidget(self.cursor_x_input, row, 1)
+
+        row += 1
+        grid.addWidget(QLabel(_t("cursor_y")), row, 0)
+        self.cursor_y_input = QLineEdit()
+        self.cursor_y_input.setValidator(QIntValidator())
+        grid.addWidget(self.cursor_y_input, row, 1)
+
+        row += 1
+        grid.addWidget(QLabel(_t("mouse_button")), row, 0)
+        self.mouse_button_combo = QComboBox()
+        self.mouse_button_combo.addItems(
+            list(mouse_keys_table.keys()) if isinstance(mouse_keys_table, dict) else list(mouse_keys_table)
+        )
+        grid.addWidget(self.mouse_button_combo, row, 1)
+
+        row += 1
+        grid.addWidget(QLabel(_t("keyboard_button")), row, 0)
+        self.keyboard_button_combo = QComboBox()
+        self.keyboard_button_combo.addItems(list(get_keyboard_keys_table().keys()))
+        grid.addWidget(self.keyboard_button_combo, row, 1)
+
+        row += 1
+        grid.addWidget(QLabel(_t("click_type")), row, 0)
+        self.click_type_combo = QComboBox()
+        self.click_type_combo.addItems([_t("single_click"), _t("double_click")])
+        grid.addWidget(self.click_type_combo, row, 1)
+
+        row += 1
+        self.repeat_until_stopped = QRadioButton(_t("repeat_until_stopped_radio"))
+        self.repeat_count_times = QRadioButton(_t("repeat_radio"))
+        self.repeat_count_input = QLineEdit()
+        self.repeat_count_input.setValidator(QIntValidator(1, 999999999))
+        self.repeat_count_input.setPlaceholderText(_t("times"))
+        rg = QButtonGroup(tab)
+        rg.addButton(self.repeat_until_stopped)
+        rg.addButton(self.repeat_count_times)
+        self.repeat_until_stopped.setChecked(True)
+        rh = QHBoxLayout()
+        rh.addWidget(self.repeat_until_stopped)
+        rh.addWidget(self.repeat_count_times)
+        rh.addWidget(self.repeat_count_input)
+        grid.addLayout(rh, row, 0, 1, 2)
+
+        row += 1
+        btn_h = QHBoxLayout()
+        self.start_button = QPushButton(_t("start"))
+        self.start_button.clicked.connect(self._start_auto_click)
+        self.stop_button = QPushButton(_t("stop"))
+        self.stop_button.clicked.connect(self._stop_auto_click)
+        btn_h.addWidget(self.start_button)
+        btn_h.addWidget(self.stop_button)
+        grid.addLayout(btn_h, row, 0, 1, 2)
+
+        click_group.setLayout(grid)
+        outer.addWidget(click_group)
+
+        pos_group = QGroupBox(_t("get_position"))
+        pos_layout = QHBoxLayout()
+        self.pos_btn = QPushButton(_t("get_position"))
+        self.pos_btn.clicked.connect(self._get_mouse_pos)
+        self.pos_label = QLabel(_t("current_position") + " --")
+        pos_layout.addWidget(self.pos_btn)
+        pos_layout.addWidget(self.pos_label)
+        pos_group.setLayout(pos_layout)
+        outer.addWidget(pos_group)
+
+        hotkey_group = QGroupBox(_t("hotkey_label"))
+        hk_layout = QHBoxLayout()
+        self.hotkey_input = QLineEdit()
+        self.hotkey_input.setPlaceholderText("ctrl,a")
+        self.hotkey_btn = QPushButton(_t("hotkey_send"))
+        self.hotkey_btn.clicked.connect(self._send_hotkey)
+        hk_layout.addWidget(self.hotkey_input)
+        hk_layout.addWidget(self.hotkey_btn)
+        hotkey_group.setLayout(hk_layout)
+        outer.addWidget(hotkey_group)
+
+        write_group = QGroupBox(_t("write_label"))
+        wr_layout = QHBoxLayout()
+        self.write_input = QLineEdit()
+        self.write_btn = QPushButton(_t("write_send"))
+        self.write_btn.clicked.connect(self._send_write)
+        wr_layout.addWidget(self.write_input)
+        wr_layout.addWidget(self.write_btn)
+        write_group.setLayout(wr_layout)
+        outer.addWidget(write_group)
+
+        scroll_group = QGroupBox(_t("mouse_scroll_label"))
+        sc_layout = QHBoxLayout()
+        self.scroll_value_input = QLineEdit("3")
+        self.scroll_value_input.setValidator(QIntValidator())
+        sc_layout.addWidget(QLabel(_t("mouse_scroll_label")))
+        sc_layout.addWidget(self.scroll_value_input)
+        if special_mouse_keys_table:
+            self.scroll_dir_combo = QComboBox()
+            self.scroll_dir_combo.addItems(list(special_mouse_keys_table.keys()))
+            sc_layout.addWidget(self.scroll_dir_combo)
+        else:
+            self.scroll_dir_combo = None
+        self.scroll_btn = QPushButton(_t("scroll_send"))
+        self.scroll_btn.clicked.connect(self._send_scroll)
+        sc_layout.addWidget(self.scroll_btn)
+        scroll_group.setLayout(sc_layout)
+        outer.addWidget(scroll_group)
+
+        outer.addStretch()
+
+        self.mouse_radio.toggled.connect(self._update_click_mode)
+        self._update_click_mode()
+
+        tab.setLayout(outer)
+        return tab
+
+    def _update_click_mode(self):
+        use_mouse = self.mouse_radio.isChecked()
+        self.cursor_x_input.setEnabled(use_mouse)
+        self.cursor_y_input.setEnabled(use_mouse)
+        self.mouse_button_combo.setEnabled(use_mouse)
+        self.keyboard_button_combo.setEnabled(not use_mouse)
+
+    def _start_auto_click(self):
+        try:
+            interval = int(self.interval_input.text())
+        except ValueError:
+            QMessageBox.warning(self, "Warning", "Interval must be a number")
+            return
+        self.repeat_count = 0
+        try:
+            self.repeat_max = int(self.repeat_count_input.text())
+        except ValueError:
+            self.repeat_max = 0
+        self.timer.setInterval(interval)
+        try:
+            self.timer.timeout.disconnect(self._timer_tick)
+        except RuntimeError:
+            pass
+        self.timer.timeout.connect(self._timer_tick)
+        self.timer.start()
+
+    def _stop_auto_click(self):
+        self.timer.stop()
+
+    def _timer_tick(self):
+        if self.repeat_until_stopped.isChecked():
+            self._do_click()
+        elif self.repeat_count_times.isChecked():
+            self.repeat_count += 1
+            if self.repeat_count <= self.repeat_max:
+                self._do_click()
+            else:
+                self.repeat_count = 0
+                self.timer.stop()
+
+    def _do_click(self):
+        try:
+            is_double = self.click_type_combo.currentIndex() == 1
+            if self.mouse_radio.isChecked():
+                btn = self.mouse_button_combo.currentText()
+                x = int(self.cursor_x_input.text() or "0")
+                y = int(self.cursor_y_input.text() or "0")
+                click_mouse(btn, x, y)
+                if is_double:
+                    click_mouse(btn, x, y)
+            else:
+                key = self.keyboard_button_combo.currentText()
+                type_keyboard(key)
+                if is_double:
+                    type_keyboard(key)
+        except (OSError, ValueError, TypeError, RuntimeError) as error:
+            self.timer.stop()
+            QMessageBox.warning(self, "Error", str(error))
+
+    def _get_mouse_pos(self):
+        try:
+            x, y = get_mouse_position()
+            self.pos_label.setText(_t("current_position") + f" ({x}, {y})")
+            self.cursor_x_input.setText(str(x))
+            self.cursor_y_input.setText(str(y))
+        except (OSError, ValueError, TypeError, RuntimeError) as error:
+            QMessageBox.warning(self, "Error", str(error))
+
+    def _send_hotkey(self):
+        try:
+            keys = [k.strip() for k in self.hotkey_input.text().split(",") if k.strip()]
+            if keys:
+                hotkey(keys)
+        except (OSError, ValueError, TypeError, RuntimeError) as error:
+            QMessageBox.warning(self, "Error", str(error))
+
+    def _send_write(self):
+        try:
+            text = self.write_input.text()
+            if text:
+                write(text)
+        except (OSError, ValueError, TypeError, RuntimeError) as error:
+            QMessageBox.warning(self, "Error", str(error))
+
+    def _send_scroll(self):
+        try:
+            val = int(self.scroll_value_input.text() or "3")
+            direction = self.scroll_dir_combo.currentText() if self.scroll_dir_combo else "scroll_down"
+            mouse_scroll(val, scroll_direction=direction)
+        except (OSError, ValueError, TypeError, RuntimeError) as error:
+            QMessageBox.warning(self, "Error", str(error))