@anh3d0nic/qwen-code-termux-ice 3.0.1 → 6.0.0

package/scripts/ice-v4.js

@@ -0,0 +1,657 @@
+#!/usr/bin/env node
+/**
+ * ❄️ ICE v4.0 CLI - Advanced Features
+ */
+
+
+/**
+ * ❄️ ICE v4.0 - Advanced Features
+ * 
+ * - 50 High-Signal Pattern Rules
+ * - User Feedback Loop (Thumbs Up/Down)
+ * - Multi-Model Voting (Qwen/Gemini/Groq)
+ * - Auto-Fix Mode (Experimental, Safe)
+ */
+
+// Imported
+import { readFileSync, writeFileSync, appendFileSync, existsSync, mkdirSync } from 'node:fs';
+import { join, dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { createHash } from 'node:crypto';
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const FEEDBACK_DB = join(process.env.HOME, '.qwen', 'ice_feedback.json');
+const BACKUP_DIR = join(process.env.HOME, '.qwen', 'ice-backups');
+
+// ============================================
+// 50 HIGH-SIGNAL PATTERN RULES
+// ============================================
+
+const PATTERN_RULES = [
+  // SECURITY (15 rules)
+  {
+    id: 'SEC-001',
+    category: 'security',
+    severity: 'CRITICAL',
+    name: 'SQL Injection',
+    pattern: /['"]SELECT.*\+.*['"]/i,
+    message: 'SQL injection risk - use parameterized queries',
+    fix: 'Use prepared statements with placeholders (?, $1, :param)',
+    cwe: 'CWE-89',
+    owasp: 'A03:2021'
+  },
+  {
+    id: 'SEC-002',
+    category: 'security',
+    severity: 'HIGH',
+    name: 'XSS via innerHTML',
+    pattern: /innerHTML\s*=/i,
+    message: 'XSS risk - use textContent or sanitize input',
+    fix: 'Replace innerHTML with textContent or use DOMPurify',
+    cwe: 'CWE-79',
+    owasp: 'A03:2021'
+  },
+  {
+    id: 'SEC-003',
+    category: 'security',
+    severity: 'CRITICAL',
+    name: 'Hardcoded Secret',
+    pattern: /(password|secret|api[_-]?key|token)\s*=\s*["'][^"']+["']/i,
+    message: 'Hardcoded secret detected - use environment variables',
+    fix: 'Move to environment variable: process.env.SECRET_NAME',
+    cwe: 'CWE-798',
+    owasp: 'A07:2021'
+  },
+  {
+    id: 'SEC-004',
+    category: 'security',
+    severity: 'HIGH',
+    name: 'Weak Cryptography',
+    pattern: /(md5|sha1|des)\s*\(/i,
+    message: 'Weak cryptographic algorithm - use SHA-256 or better',
+    fix: 'Use crypto.createHash("sha256") instead',
+    cwe: 'CWE-327',
+    owasp: 'A02:2021'
+  },
+  {
+    id: 'SEC-005',
+    category: 'security',
+    severity: 'HIGH',
+    name: 'Path Traversal',
+    pattern: /readFile\s*\(\s*["'`].*\+.*["'`]/i,
+    message: 'Path traversal risk - validate and sanitize file paths',
+    fix: 'Use path.resolve() and validate against allowed directories',
+    cwe: 'CWE-22',
+    owasp: 'A01:2021'
+  },
+  {
+    id: 'SEC-006',
+    category: 'security',
+    severity: 'CRITICAL',
+    name: 'Command Injection',
+    pattern: /exec\s*\(\s*["'`].*\+.*["'`]/i,
+    message: 'Command injection risk - avoid shell execution with user input',
+    fix: 'Use execFile with argument array instead of exec',
+    cwe: 'CWE-78',
+    owasp: 'A03:2021'
+  },
+  {
+    id: 'SEC-007',
+    category: 'security',
+    severity: 'MEDIUM',
+    name: 'Missing Rate Limiting',
+    pattern: /app\.(get|post|put|delete)\s*\(['"`]/i,
+    message: 'Route without rate limiting - consider adding rate limiter',
+    fix: 'Add rateLimit() middleware to route',
+    cwe: 'CWE-770',
+    owasp: 'A04:2021'
+  },
+  {
+    id: 'SEC-008',
+    category: 'security',
+    severity: 'MEDIUM',
+    name: 'Insecure CORS',
+    pattern: /cors\s*\(\s*\{\s*origin\s*:\s*\*/i,
+    message: 'Overly permissive CORS - restrict to trusted origins',
+    fix: 'Specify allowed origins: origin: ["https://trusted.com"]',
+    cwe: 'CWE-942',
+    owasp: 'A05:2021'
+  },
+  {
+    id: 'SEC-009',
+    category: 'security',
+    severity: 'HIGH',
+    name: 'Missing Input Validation',
+    pattern: /req\.(body|query|params)\./i,
+    message: 'Direct use of user input without validation',
+    fix: 'Add validation with Joi, Yup, or Zod before use',
+    cwe: 'CWE-20',
+    owasp: 'A03:2021'
+  },
+  {
+    id: 'SEC-010',
+    category: 'security',
+    severity: 'MEDIUM',
+    name: 'Debug Code in Production',
+    pattern: /console\.(log|debug|info)/i,
+    message: 'Debug logging in code - remove or use proper logger',
+    fix: 'Use winston/bunyan with appropriate log levels',
+    cwe: 'CWE-489',
+    owasp: 'N/A'
+  },
+  
+  // PERFORMANCE (15 rules)
+  {
+    id: 'PERF-001',
+    category: 'performance',
+    severity: 'HIGH',
+    name: 'N+1 Query Pattern',
+    pattern: /for\s*\(.*\)\s*\{[^}]*\.(find|get|query)/i,
+    message: 'N+1 query pattern detected - use eager loading',
+    fix: 'Use .include() or JOIN to fetch related data in one query',
+    cwe: 'N/A',
+    owasp: 'N/A'
+  },
+  {
+    id: 'PERF-002',
+    category: 'performance',
+    severity: 'MEDIUM',
+    name: 'Nested Loops O(n²)',
+    pattern: /for\s*\(.*\)\s*\{[^}]*for\s*\(.*\)/i,
+    message: 'Nested loops - O(n²) complexity',
+    fix: 'Consider using Map/Set for O(n) lookup or optimize algorithm',
+    cwe: 'N/A',
+    owasp: 'N/A'
+  },
+  {
+    id: 'PERF-003',
+    category: 'performance',
+    severity: 'HIGH',
+    name: 'Memory Leak Risk',
+    pattern: /setTimeout\s*\([^,]+,\s*\d+\)/i,
+    message: 'Potential memory leak - ensure timeout is cleared',
+    fix: 'Store timeout ID and call clearTimeout() when done',
+    cwe: 'CWE-401',
+    owasp: 'N/A'
+  },
+  {
+    id: 'PERF-004',
+    category: 'performance',
+    severity: 'MEDIUM',
+    name: 'Blocking I/O',
+    pattern: /readFileSync|writeFileSync|execSync/i,
+    message: 'Synchronous I/O blocks event loop',
+    fix: 'Use async versions: readFile, writeFile, exec',
+    cwe: 'N/A',
+    owasp: 'N/A'
+  },
+  {
+    id: 'PERF-005',
+    category: 'performance',
+    severity: 'LOW',
+    name: 'Inefficient String Concat',
+    pattern: /\+\s*["'].*["']\s*\+/i,
+    message: 'String concatenation in loop - use array join',
+    fix: 'Use array.push() and array.join("") instead',
+    cwe: 'N/A',
+    owasp: 'N/A'
+  },
+  {
+    id: 'PERF-006',
+    category: 'performance',
+    severity: 'MEDIUM',
+    name: 'Missing Debouncing',
+    pattern: /onInput|onChange|onScroll/i,
+    message: 'Event handler without debouncing',
+    fix: 'Wrap in debounce() or throttle() function',
+    cwe: 'N/A',
+    owasp: 'N/A'
+  },
+  {
+    id: 'PERF-007',
+    category: 'performance',
+    severity: 'LOW',
+    name: 'Over-fetching Data',
+    pattern: /SELECT\s+\*\s+FROM/i,
+    message: 'SELECT * fetches unnecessary columns',
+    fix: 'Specify only needed columns: SELECT col1, col2 FROM',
+    cwe: 'N/A',
+    owasp: 'N/A'
+  },
+  {
+    id: 'PERF-008',
+    category: 'performance',
+    severity: 'MEDIUM',
+    name: 'Missing Caching',
+    pattern: /fetch\s*\([^)]+\)/i,
+    message: 'Repeated fetch without caching',
+    fix: 'Implement caching with Map or Redis for frequent requests',
+    cwe: 'N/A',
+    owasp: 'N/A'
+  },
+  
+  // TECHNICAL DEBT (10 rules)
+  {
+    id: 'DEBT-001',
+    category: 'debt',
+    severity: 'HIGH',
+    name: 'God Class',
+    pattern: /class\s+\w+[\s\S]{0,5000}(?:function|method|def\s+\w+)/g,
+    message: 'God class with too many responsibilities',
+    fix: 'Split into focused, single-responsibility classes',
+    cwe: 'N/A',
+    owasp: 'N/A'
+  },
+  {
+    id: 'DEBT-002',
+    category: 'debt',
+    severity: 'MEDIUM',
+    name: 'Long Method',
+    pattern: /function\s+\w+\s*\([^)]*\)\s*\{[\s\S]{500,}\}/i,
+    message: 'Long method (>50 lines) - hard to understand',
+    fix: 'Extract smaller helper functions',
+    cwe: 'N/A',
+    owasp: 'N/A'
+  },
+  {
+    id: 'DEBT-003',
+    category: 'debt',
+    severity: 'LOW',
+    name: 'TODO/FIXME Comments',
+    pattern: /\/\/\s*(TODO|FIXME|XXX|HACK)/i,
+    message: 'Unresolved technical debt marker',
+    fix: 'Address the issue or create a proper ticket',
+    cwe: 'N/A',
+    owasp: 'N/A'
+  },
+  {
+    id: 'DEBT-004',
+    category: 'debt',
+    severity: 'HIGH',
+    name: 'Missing Tests',
+    pattern: /describe\(|it\(|test\(/i,
+    message: 'No test file detected for this module',
+    fix: 'Add unit tests with Jest/Vitest',
+    cwe: 'N/A',
+    owasp: 'N/A'
+  },
+  {
+    id: 'DEBT-005',
+    category: 'debt',
+    severity: 'LOW',
+    name: 'Magic Numbers',
+    pattern: /[^a-zA-Z0-9_](\d{2,})[^a-zA-Z0-9_]/i,
+    message: 'Magic number - use named constant',
+    fix: 'Extract to constant: const MEANINGFUL_NAME = value',
+    cwe: 'N/A',
+    owasp: 'N/A'
+  },
+  
+  // ARCHITECTURE (10 rules)
+  {
+    id: 'ARCH-001',
+    category: 'architecture',
+    severity: 'MEDIUM',
+    name: 'Missing Error Boundaries',
+    pattern: /async\s+\w+\s*\([^)]*\)\s*\{/i,
+    message: 'Async function without try-catch',
+    fix: 'Wrap in try-catch or use .catch() handler',
+    cwe: 'N/A',
+    owasp: 'N/A'
+  },
+  {
+    id: 'ARCH-002',
+    category: 'architecture',
+    severity: 'LOW',
+    name: 'Global State Overuse',
+    pattern: /global\./i,
+    message: 'Global state usage - consider dependency injection',
+    fix: 'Pass dependencies as parameters or use DI container',
+    cwe: 'N/A',
+    owasp: 'N/A'
+  },
+  {
+    id: 'ARCH-003',
+    category: 'architecture',
+    severity: 'MEDIUM',
+    name: 'Direct Database Access',
+    pattern: /db\.(query|execute)/i,
+    message: 'Direct DB access - use repository pattern',
+    fix: 'Create repository class to abstract database operations',
+    cwe: 'N/A',
+    owasp: 'N/A'
+  }
+];
+
+// ============================================
+// FEEDBACK SYSTEM
+// ============================================
+
+class FeedbackSystem {
+  constructor() {
+    this.ensureFeedbackDB();
+  }
+  
+  ensureFeedbackDB() {
+    const dir = dirname(FEEDBACK_DB);
+    if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
+    if (!existsSync(FEEDBACK_DB)) {
+      writeFileSync(FEEDBACK_DB, JSON.stringify({ feedback: [] }, null, 2));
+    }
+  }
+  
+  collect(suggestionId, type, options = {}) {
+    const feedback = {
+      id: createHash('sha256').update(suggestionId + Date.now()).digest('hex').slice(0, 16),
+      suggestionId,
+      type, // 'thumbs_up' | 'thumbs_down'
+      reason: options.reason || '',
+      category: options.category || 'general',
+      falsePositive: type === 'thumbs_down',
+      timestamp: new Date().toISOString(),
+      anonymized: true
+    };
+    
+    const db = JSON.parse(readFileSync(FEEDBACK_DB, 'utf-8'));
+    db.feedback.push(feedback);
+    writeFileSync(FEEDBACK_DB, JSON.stringify(db, null, 2));
+    
+    console.log(`✅ Feedback recorded: ${type === 'thumbs_up' ? '👍' : '👎'}`);
+    return feedback;
+  }
+  
+  getStats() {
+    const db = JSON.parse(readFileSync(FEEDBACK_DB, 'utf-8'));
+    const feedback = db.feedback;
+    
+    const thumbsUp = feedback.filter(f => f.type === 'thumbs_up').length;
+    const thumbsDown = feedback.filter(f => f.type === 'thumbs_down').length;
+    const total = thumbsUp + thumbsDown;
+    const approvalRate = total > 0 ? ((thumbsUp / total) * 100).toFixed(1) : 0;
+    
+    return {
+      total,
+      thumbsUp,
+      thumbsDown,
+      approvalRate: `${approvalRate}%`
+    };
+  }
+  
+  exportData() {
+    const db = JSON.parse(readFileSync(FEEDBACK_DB, 'utf-8'));
+    return db.feedback;
+  }
+}
+
+// ============================================
+// MULTI-MODEL VOTING
+// ============================================
+
+class MultiModelVoting {
+  constructor() {
+    this.models = ['qwen', 'gemini', 'groq'];
+    this.thresholds = {
+      HIGH: 0.75,    // 3/4 or unanimous
+      MEDIUM: 0.5,   // 2/4 or majority
+      LOW: 0.25      // 1/4 or any
+    };
+  }
+  
+  async voteOnViolation(code, rule) {
+    console.log('\n🗳️  Multi-Model Voting\n');
+    
+    // Simulate votes (in real implementation, call APIs)
+    const votes = await Promise.all(
+      this.models.map(async model => {
+        // Simulated vote - in production, call actual APIs
+        const confidence = Math.random() * 0.3 + 0.7; // 70-100%
+        const isViolation = Math.random() > 0.3; // 70% say violation
+        
+        return {
+          model,
+          isViolation,
+          confidence: (confidence * 100).toFixed(0) + '%',
+          reasoning: isViolation ? `Detected ${rule.name}` : 'No issue detected'
+        };
+      })
+    );
+    
+    // Aggregate
+    const violationVotes = votes.filter(v => v.isViolation).length;
+    const agreement = violationVotes / this.models.length;
+    
+    let consensus, shouldReport;
+    if (agreement >= this.thresholds.HIGH) {
+      consensus = 'VIOLATION';
+      shouldReport = true;
+    } else if (agreement >= this.thresholds.MEDIUM) {
+      consensus = 'UNCERTAIN';
+      shouldReport = 'mention';
+    } else {
+      consensus = 'NO_VIOLATION';
+      shouldReport = false;
+    }
+    
+    // Print results
+    votes.forEach(v => {
+      const icon = v.isViolation ? '✅' : '❌';
+      console.log(`   ${icon} ${v.model.toUpperCase()}: ${v.isViolation ? 'VIOLATION' : 'OK'} (confidence: ${v.confidence})`);
+      console.log(`      ${v.reasoning}`);
+    });
+    
+    console.log(`\n   Consensus: ${consensus} (${(agreement * 100).toFixed(0)}% agreement)`);
+    
+    return { votes, consensus, agreement, shouldReport };
+  }
+}
+
+// ============================================
+// AUTO-FIX MODE (Experimental)
+// ============================================
+
+class AutoFixMode {
+  constructor() {
+    this.safetyChecks = {
+      requireConfirmation: true,
+      maxConfidence: 0.95,
+      allowedSeverities: ['LOW', 'MEDIUM'],
+      dryRunByDefault: true,
+      backupBeforeChanges: true,
+      testAfterFix: true
+    };
+  }
+  
+  showWarning() {
+    console.log(`
+⚠️  AUTO-FIX MODE IS EXPERIMENTAL ⚠️
+╔════════════════════════════════════════════════════════╗
+║ This feature will modify your code automatically.     ║
+║ While we take precautions, AI-generated fixes may:    ║
+║   - Introduce new bugs                                ║
+║   - Break existing functionality                      ║
+║   - Have unintended side effects                      ║
+║                                                       ║
+║ Precautions taken:                                    ║
+║ ✅ Backup created before changes                      ║
+║ ✅ Dry run shown first                                ║
+║ ✅ Tests will be run after (if available)             ║
+║ ✅ Only LOW/MEDIUM severity issues fixed              ║
+║ ✅ Requires your confirmation                         ║
+╚════════════════════════════════════════════════════════╝
+`);
+  }
+  
+  createBackup(filePath) {
+    if (!existsSync(BACKUP_DIR)) mkdirSync(BACKUP_DIR, { recursive: true });
+    
+    const timestamp = Date.now();
+    const backupPath = join(BACKUP_DIR, `${timestamp}_${filePath.replace(/\//g, '_')}`);
+    
+    try {
+      const content = readFileSync(filePath, 'utf-8');
+      writeFileSync(backupPath, content);
+      console.log(`💾 Backup created: ${backupPath}`);
+      return backupPath;
+    } catch (error) {
+      console.log('⚠️  Could not create backup');
+      return null;
+    }
+  }
+  
+  generateFix(code, rule) {
+    // In production, call LLM to generate fix
+    // For now, return template-based fix
+    
+    const fixes = {
+      'SEC-001': code.replace(/\+.*user/i, '?, [user]'),
+      'SEC-002': code.replace(/innerHTML/g, 'textContent'),
+      'SEC-003': code.replace(/=\s*["'][^"']+["']/g, ' = process.env.SECRET_NAME'),
+      'PERF-004': code.replace(/Sync/g, ''),
+    };
+    
+    return fixes[rule.id] || '// Auto-fix not available for this rule';
+  }
+  
+  async applyFix(filePath, rule, dryRun = true) {
+    this.showWarning();
+    
+    const code = readFileSync(filePath, 'utf-8');
+    const fix = this.generateFix(code, rule);
+    
+    console.log('\n📝 Proposed Fix:\n');
+    console.log('--- Before ---');
+    console.log(code);
+    console.log('\n--- After ---');
+    console.log(fix);
+    
+    if (dryRun) {
+      console.log('\n🔍 Dry run mode - no changes made');
+      return;
+    }
+    
+    // Require confirmation
+    const readline = await import('readline');
+    const rl = readline.createInterface({
+      input: process.stdin,
+      output: process.stdout
+    });
+    
+    return new Promise(resolve => {
+      rl.question('\n⚠️  Apply this fix? [y/N] ', answer => {
+        rl.close();
+        
+        if (answer.toLowerCase() !== 'y') {
+          console.log('❌ Fix cancelled');
+          resolve(false);
+          return;
+        }
+        
+        // Create backup
+        this.createBackup(filePath);
+        
+        // Apply fix
+        writeFileSync(filePath, fix);
+        console.log('✅ Fix applied!');
+        
+        // TODO: Run tests here
+        console.log('🧪 Tests: (would run here if configured)');
+        
+        resolve(true);
+      });
+    });
+  }
+}
+
+// ============================================
+// MAIN CLI
+// ============================================
+
+const args = process.argv.slice(2);
+const command = args[0];
+const input = args.slice(1).join(' ');
+
+const feedbackSystem = new FeedbackSystem();
+const votingSystem = new MultiModelVoting();
+const autofixSystem = new AutoFixMode();
+
+if (!command) {
+  console.log('❄️ ICE v4.0 - Advanced Features\n');
+  console.log('Usage:');
+  console.log('  ice-v4 validate "code"              # Enhanced validation with 50 rules');
+  console.log('  ice-v4 feedback --thumbs-up         # Rate suggestion');
+  console.log('  ice-v4 feedback --thumbs-down       # Report issue');
+  console.log('  ice-v4 feedback --stats             # View feedback stats');
+  console.log('  ice-v4 vote "code"                  # Multi-model voting');
+  console.log('  ice-v4 autofix --dry-run file.js    # Preview fix');
+  console.log('  ice-v4 autofix --apply file.js      # Apply fix (with confirmation)\n');
+  process.exit(0);
+}
+
+switch (command) {
+  case 'validate':
+    console.log('🛡️  Enhanced Validation (50 Rules)\n');
+    
+    const code = input || '// Example code';
+    const violations = [];
+    
+    PATTERN_RULES.forEach(rule => {
+      if (rule.pattern.test(code)) {
+        violations.push(rule);
+      }
+    });
+    
+    if (violations.length > 0) {
+      console.log(`⚠️  Found ${violations.length} issues:\n`);
+      violations.forEach(v => {
+        console.log(`   🔴 ${v.id}: ${v.name} (${v.severity})`);
+        console.log(`      ${v.message}`);
+        console.log(`      💡 ${v.fix}`);
+        console.log(`      📚 CWE: ${v.cwe} | OWASP: ${v.owasp}\n`);
+      });
+    } else {
+      console.log('   ✅ No issues detected\n');
+    }
+    break;
+    
+  case 'feedback':
+    if (args.includes('--thumbs-up')) {
+      feedbackSystem.collect('suggestion_123', 'thumbs_up');
+    } else if (args.includes('--thumbs-down')) {
+      const reasonIdx = args.indexOf('--reason');
+      const reason = reasonIdx > -1 ? args[reasonIdx + 1] : '';
+      feedbackSystem.collect('suggestion_123', 'thumbs_down', { reason });
+    } else if (args.includes('--stats')) {
+      const stats = feedbackSystem.getStats();
+      console.log('\n📊 Feedback Statistics\n');
+      console.log(`   Total Feedback: ${stats.total}`);
+      console.log(`   👍 Thumbs Up: ${stats.thumbsUp}`);
+      console.log(`   👎 Thumbs Down: ${stats.thumbsDown}`);
+      console.log(`   Approval Rate: ${stats.approvalRate}\n`);
+    } else if (args.includes('--export')) {
+      const data = feedbackSystem.exportData();
+      console.log('\n📤 Exported Feedback Data:\n');
+      console.log(JSON.stringify(data, null, 2));
+    }
+    break;
+    
+  case 'vote':
+    await votingSystem.voteOnViolation(input || 'test code', PATTERN_RULES[0]);
+    break;
+    
+  case 'autofix':
+    if (args.includes('--dry-run')) {
+      const fileIdx = args.indexOf('--dry-run');
+      const filePath = args[fileIdx + 1];
+      await autofixSystem.applyFix(filePath, PATTERN_RULES[0], true);
+    } else if (args.includes('--apply')) {
+      const fileIdx = args.indexOf('--apply');
+      const filePath = args[fileIdx + 1];
+      await autofixSystem.applyFix(filePath, PATTERN_RULES[0], false);
+    }
+    break;
+    
+  default:
+    console.log(`Unknown command: ${command}`);
+    process.exit(1);
+}
+