Support new QPX format and fix warnings

[Shen-YuFei]

Support new QPX format and fix Bandit security warnings

Summary

Adapt mokume to the latest QPX parquet schema and fix Bandit warnings across the codebase.

Changes

New QPX format support

• Detect and handle pg_accessions as list<struct> via list_transform(x -> x.accession)
• Support is_decoy (bool) for optimized decoy filtering in SQLFilterBuilder
• Support anchor_protein for protein-level grouping in get_low_frequency_peptides
• Handle unique as bool (previously int), charge/run_file_name column detection
• Add comprehensive compatibility test suite (test_qpx_format_compat.py, 13 tests)

Bandit B608 — SQL injection prevention

• Refactor SQLFilterBuilder.build_where_clause() to return (clause, params) tuple
• Replace all f-string/.format() SQL construction with "".join() + parameterized execute(sql, params)
• Convert HTML template in interactive.py from f-string to string.Template

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5f353513-c323-4e08-9617-ebf506525186

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

Flake8 can be used to improve the quality of Python code reviews.

Flake8 is a Python linter that wraps PyFlakes, pycodestyle and Ned Batchelder's McCabe script.

To configure Flake8, add a '.flake8' or 'setup.cfg' file to your project root.

See Flake8 Documentation for more details.

[Copilot]

Pull request overview

This PR updates mokume’s DuckDB/parquet ingestion and filtering to be compatible with the latest QPX schema (including pg_accessions as list<struct>, is_decoy, anchor_protein, and new column names), while refactoring query construction to address Bandit SQL-injection warnings via parameterized execution. It also adds/updates tests to cover compatibility across legacy and new QPX formats.

Changes:

• Extend QPX parsing to normalize pg_accessions (list<struct> → list<string>), support anchor_protein, and surface is_decoy.
• Refactor SQLFilterBuilder.build_where_clause() to return (clause, params) and update call sites to execute parameterized queries.
• Add a new QPX format compatibility test suite and update existing tests for the new filter builder API.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
mokume/io/feature.py	Adds new/legacy QPX detection and normalization, parameterized filtering, and exposes optional new columns (is_decoy, anchor_protein).
mokume/quantification/ratio.py	Updates QPX schema handling and switches to parameterized execution when appending filter clauses.
mokume/pipeline/stages.py	Replaces f-string SQL with parameterized execute(sql, params) for filtered parquet view queries.
mokume/reports/interactive.py	Replaces HTML f-string generation with string.Template substitution.
tests/test_qpx_format_compat.py	Adds a new test suite covering both QPX schemas and deep-compat scenarios.
tests/test_peptide_normalize.py	Updates tests to the new (clause, params) API and adjusts assertions.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.