@bantay/cli 0.1.0

package/src/checkers/logging.ts

@@ -0,0 +1,133 @@
+import type { Checker, CheckResult, CheckerContext, CheckViolation } from "./types";
+import type { Invariant } from "../generators/invariants";
+import { Glob } from "bun";
+import { readFile } from "fs/promises";
+import { join, relative } from "path";
+
+// PII field names to detect in log statements
+const PII_PATTERNS = [
+  /\bemail\b/i,
+  /\bpassword\b/i,
+  /\bssn\b/i,
+  /\bsocialSecurityNumber\b/i,
+  /\bsocial_security_number\b/i,
+  /\bcreditCard\b/i,
+  /\bcredit_card\b/i,
+  /\bcardNumber\b/i,
+  /\bcard_number\b/i,
+  /\bcvv\b/i,
+  /\bpin\b/i,
+  /\bdateOfBirth\b/i,
+  /\bdate_of_birth\b/i,
+  /\bdob\b/i,
+  /\bphoneNumber\b/i,
+  /\bphone_number\b/i,
+  /\baddress\b/i,
+  /\bsecret\b/i,
+  /\btoken\b/i,
+  /\bapiKey\b/i,
+  /\bapi_key\b/i,
+  /\bprivateKey\b/i,
+  /\bprivate_key\b/i,
+];
+
+// Log statement patterns
+const LOG_PATTERNS = [
+  /console\.(log|warn|error|info|debug)\s*\([^)]*$/,
+  /console\.(log|warn|error|info|debug)\s*\(.*\)/,
+  /logger\.(log|warn|error|info|debug)\s*\(.*\)/,
+  /log\.(log|warn|error|info|debug)\s*\(.*\)/,
+];
+
+interface LogViolation {
+  line: number;
+  piiField: string;
+  logContent: string;
+}
+
+function findPiiInLogStatements(content: string): LogViolation[] {
+  const violations: LogViolation[] = [];
+  const lines = content.split("\n");
+
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+
+    // Check if this line contains a log statement
+    const isLogStatement = LOG_PATTERNS.some((pattern) => pattern.test(line));
+
+    if (isLogStatement) {
+      // Check for PII patterns in the log statement
+      for (const piiPattern of PII_PATTERNS) {
+        if (piiPattern.test(line)) {
+          const match = line.match(piiPattern);
+          violations.push({
+            line: i + 1,
+            piiField: match ? match[0] : "unknown",
+            logContent: line.trim(),
+          });
+          break; // Only report one PII field per line
+        }
+      }
+    }
+  }
+
+  return violations;
+}
+
+async function scanSourceFiles(projectPath: string, sourceDirectories: string[]): Promise<string[]> {
+  const files: string[] = [];
+  const pattern = "**/*.{ts,tsx,js,jsx}";
+
+  for (const srcDir of sourceDirectories) {
+    const glob = new Glob(pattern);
+    const dirPath = join(projectPath, srcDir);
+
+    try {
+      for await (const file of glob.scan({ cwd: dirPath, absolute: true })) {
+        // Skip node_modules
+        if (!file.includes("node_modules")) {
+          files.push(file);
+        }
+      }
+    } catch {
+      // Directory doesn't exist, skip
+    }
+  }
+
+  return files;
+}
+
+export const loggingChecker: Checker = {
+  category: "logging",
+
+  async check(invariant: Invariant, context: CheckerContext): Promise<CheckResult> {
+    const violations: CheckViolation[] = [];
+    const sourceFiles = await scanSourceFiles(
+      context.projectPath,
+      context.config.sourceDirectories
+    );
+
+    for (const filePath of sourceFiles) {
+      try {
+        const content = await readFile(filePath, "utf-8");
+        const piiViolations = findPiiInLogStatements(content);
+
+        for (const violation of piiViolations) {
+          violations.push({
+            filePath: relative(context.projectPath, filePath),
+            line: violation.line,
+            message: `Log statement contains PII field "${violation.piiField}"`,
+          });
+        }
+      } catch {
+        // File read error, skip
+      }
+    }
+
+    return {
+      invariant,
+      status: violations.length > 0 ? "fail" : "pass",
+      violations,
+    };
+  },
+};

package/src/checkers/registry.ts

@@ -0,0 +1,46 @@
+import type { Checker, CheckResult, CheckerContext } from "./types";
+import type { Invariant } from "../generators/invariants";
+import { authChecker } from "./auth";
+import { schemaChecker } from "./schema";
+import { loggingChecker } from "./logging";
+
+const checkers: Map<string, Checker> = new Map();
+
+export function registerChecker(checker: Checker): void {
+  checkers.set(checker.category, checker);
+}
+
+export function getChecker(category: string): Checker | undefined {
+  return checkers.get(category);
+}
+
+export function hasChecker(category: string): boolean {
+  return checkers.has(category);
+}
+
+export function getAllCategories(): string[] {
+  return Array.from(checkers.keys());
+}
+
+export async function runChecker(
+  invariant: Invariant,
+  context: CheckerContext
+): Promise<CheckResult> {
+  const checker = getChecker(invariant.category);
+
+  if (!checker) {
+    return {
+      invariant,
+      status: "skipped",
+      violations: [],
+      message: `No checker registered for category "${invariant.category}"`,
+    };
+  }
+
+  return checker.check(invariant, context);
+}
+
+// Register built-in checkers
+registerChecker(authChecker);
+registerChecker(schemaChecker);
+registerChecker(loggingChecker);

package/src/checkers/schema.ts

@@ -0,0 +1,157 @@
+import type { Checker, CheckResult, CheckerContext, CheckViolation } from "./types";
+import type { Invariant } from "../generators/invariants";
+import { readFile, access } from "fs/promises";
+import { join } from "path";
+
+interface PrismaModel {
+  name: string;
+  fields: string[];
+  startLine: number;
+}
+
+function parsePrismaSchema(content: string): PrismaModel[] {
+  const models: PrismaModel[] = [];
+  const lines = content.split("\n");
+
+  let currentModel: PrismaModel | null = null;
+  let braceDepth = 0;
+
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    const trimmed = line.trim();
+
+    // Start of a model
+    const modelMatch = trimmed.match(/^model\s+(\w+)\s*\{/);
+    if (modelMatch) {
+      currentModel = {
+        name: modelMatch[1],
+        fields: [],
+        startLine: i + 1,
+      };
+      braceDepth = 1;
+      continue;
+    }
+
+    if (currentModel) {
+      // Track braces
+      for (const char of trimmed) {
+        if (char === "{") braceDepth++;
+        if (char === "}") braceDepth--;
+      }
+
+      // Parse field name (first word of the line that isn't a comment or directive)
+      if (!trimmed.startsWith("//") && !trimmed.startsWith("@@")) {
+        const fieldMatch = trimmed.match(/^(\w+)\s+/);
+        if (fieldMatch) {
+          currentModel.fields.push(fieldMatch[1]);
+        }
+      }
+
+      // End of model
+      if (braceDepth === 0) {
+        models.push(currentModel);
+        currentModel = null;
+      }
+    }
+  }
+
+  return models;
+}
+
+function checkModelTimestamps(model: PrismaModel): { hasCreatedAt: boolean; hasUpdatedAt: boolean } {
+  const fieldNames = model.fields.map((f) => f.toLowerCase());
+  return {
+    hasCreatedAt: fieldNames.includes("createdat"),
+    hasUpdatedAt: fieldNames.includes("updatedat"),
+  };
+}
+
+async function findSchemaPath(projectPath: string, configSchemaPath?: string): Promise<string | null> {
+  // Try config path first
+  if (configSchemaPath) {
+    const fullPath = join(projectPath, configSchemaPath);
+    try {
+      await access(fullPath);
+      return fullPath;
+    } catch {
+      // Config path doesn't exist, try defaults
+    }
+  }
+
+  // Try common default locations
+  const defaultPaths = [
+    "prisma/schema.prisma",
+    "schema.prisma",
+  ];
+
+  for (const defaultPath of defaultPaths) {
+    const fullPath = join(projectPath, defaultPath);
+    try {
+      await access(fullPath);
+      return fullPath;
+    } catch {
+      // Not found, try next
+    }
+  }
+
+  return null;
+}
+
+export const schemaChecker: Checker = {
+  category: "schema",
+
+  async check(invariant: Invariant, context: CheckerContext): Promise<CheckResult> {
+    const violations: CheckViolation[] = [];
+
+    // Find schema file
+    const schemaPath = await findSchemaPath(context.projectPath, context.config.schemaPath);
+
+    if (!schemaPath) {
+      return {
+        invariant,
+        status: "pass",
+        violations: [],
+        message: "No Prisma schema found",
+      };
+    }
+
+    try {
+      const content = await readFile(schemaPath, "utf-8");
+      const models = parsePrismaSchema(content);
+
+      for (const model of models) {
+        const timestamps = checkModelTimestamps(model);
+        const missingFields: string[] = [];
+
+        if (!timestamps.hasCreatedAt) {
+          missingFields.push("createdAt");
+        }
+        if (!timestamps.hasUpdatedAt) {
+          missingFields.push("updatedAt");
+        }
+
+        if (missingFields.length > 0) {
+          const relativePath = schemaPath.replace(context.projectPath + "/", "");
+          violations.push({
+            filePath: relativePath,
+            line: model.startLine,
+            message: `Model "${model.name}" is missing timestamp fields: ${missingFields.join(", ")}`,
+          });
+        }
+      }
+    } catch (error) {
+      return {
+        invariant,
+        status: "skipped",
+        violations: [],
+        message: `Failed to read schema: ${error instanceof Error ? error.message : "Unknown error"}`,
+      };
+    }
+
+    return {
+      invariant,
+      status: violations.length > 0 ? "fail" : "pass",
+      violations,
+    };
+  },
+};

package/src/checkers/types.ts

@@ -0,0 +1,30 @@
+import type { Invariant } from "../generators/invariants";
+
+export interface CheckViolation {
+  filePath: string;
+  line?: number;
+  message: string;
+}
+
+export interface CheckResult {
+  invariant: Invariant;
+  status: "pass" | "fail" | "skipped" | "tested" | "enforced";
+  violations: CheckViolation[];
+  message?: string;
+}
+
+export interface CheckerContext {
+  projectPath: string;
+  config: BantayConfig;
+}
+
+export interface BantayConfig {
+  sourceDirectories: string[];
+  routeDirectories?: string[];
+  schemaPath?: string;
+}
+
+export interface Checker {
+  category: string;
+  check(invariant: Invariant, context: CheckerContext): Promise<CheckResult>;
+}

package/src/cli.ts

@@ -0,0 +1,314 @@
+#!/usr/bin/env bun
+import { runInit } from "./commands/init";
+import { runCheck, formatCheckResults, formatCheckResultsJson } from "./commands/check";
+import { checkAllPrerequisites } from "./prerequisites";
+import {
+  handleAideAdd,
+  handleAideUpdate,
+  handleAideRemove,
+  handleAideLink,
+  handleAideShow,
+  handleAideValidate,
+  handleAideLock,
+  printAideHelp,
+} from "./commands/aide";
+import { exportInvariants, exportClaude, exportCursor, exportAll } from "./export";
+
+const args = process.argv.slice(2);
+const command = args[0];
+
+async function main() {
+  if (!command || command === "help" || command === "--help" || command === "-h") {
+    printHelp();
+    process.exit(0);
+  }
+
+  // Check prerequisites before any command runs
+  await runPrerequisiteCheck();
+
+  if (command === "init") {
+    await handleInit(args.slice(1));
+  } else if (command === "check") {
+    await handleCheck(args.slice(1));
+  } else if (command === "aide") {
+    await handleAide(args.slice(1));
+  } else if (command === "ci") {
+    console.error("bantay ci: Not yet implemented");
+    process.exit(1);
+  } else if (command === "export") {
+    await handleExport(args.slice(1));
+  } else {
+    console.error(`Unknown command: ${command}`);
+    console.error('Run "bantay help" for usage information.');
+    process.exit(1);
+  }
+}
+
+async function runPrerequisiteCheck() {
+  console.error("Checking prerequisites...");
+  const prereqs = await checkAllPrerequisites();
+
+  if (!prereqs.passed) {
+    console.error("\nPrerequisite check failed:\n");
+    for (const { name, result } of prereqs.results) {
+      if (!result.available) {
+        console.error(`  ${name}: FAILED`);
+        console.error(`    ${result.error}`);
+      }
+    }
+    process.exit(1);
+  }
+}
+
+function printHelp() {
+  console.log(`
+Bantay CLI - Enforce project invariants on every PR
+
+Usage: bantay <command> [options]
+
+Commands:
+  init      Initialize Bantay in the current project
+  check     Check all invariants against the codebase
+  aide      Manage the aide entity tree (add, remove, link, show, validate, lock)
+  ci        Generate CI workflow configuration
+  export    Export invariants to agent context files
+
+Options:
+  -h, --help    Show this help message
+
+Examples:
+  bantay init                Initialize in current directory
+  bantay check               Run full invariant check
+  bantay check --diff HEAD~1 Check only affected invariants
+  bantay aide show           Show the aide entity tree
+  bantay aide add inv_test --parent invariants --prop "statement=Test"
+  bantay ci --github-actions Generate GitHub Actions workflow
+  bantay export all              Export all targets
+  bantay export invariants       Generate invariants.md from bantay.aide
+  bantay export claude           Export to CLAUDE.md
+  bantay export cursor           Export to .cursorrules
+
+Run "bantay aide help" for aide subcommand details.
+`);
+}
+
+async function handleInit(args: string[]) {
+  const projectPath = process.cwd();
+  const regenerateConfig = args.includes("--regenerate-config");
+  const dryRun = args.includes("--dry-run");
+
+  console.log("Initializing Bantay...\n");
+
+  if (dryRun) {
+    console.log("Dry run mode - no files will be created.");
+    process.exit(0);
+  }
+
+  try {
+    const result = await runInit(projectPath, { regenerateConfig });
+
+    // Display detection results
+    console.log("Stack Detection:");
+    if (result.detection.framework) {
+      console.log(`  Framework: ${result.detection.framework.name} (${result.detection.framework.confidence} confidence)`);
+      if (result.detection.framework.router) {
+        console.log(`    Router: ${result.detection.framework.router}`);
+      }
+    } else {
+      console.log("  Framework: Not detected");
+    }
+
+    if (result.detection.orm) {
+      console.log(`  ORM: ${result.detection.orm.name} (${result.detection.orm.confidence} confidence)`);
+      if (result.detection.orm.schemaPath) {
+        console.log(`    Schema: ${result.detection.orm.schemaPath}`);
+      }
+    } else {
+      console.log("  ORM: Not detected");
+    }
+
+    if (result.detection.auth) {
+      console.log(`  Auth: ${result.detection.auth.name} (${result.detection.auth.confidence} confidence)`);
+    } else {
+      console.log("  Auth: Not detected");
+    }
+
+    console.log("");
+
+    // Display warnings
+    for (const warning of result.warnings) {
+      console.log(`Warning: ${warning}`);
+    }
+
+    // Display created files
+    if (result.filesCreated.length > 0) {
+      console.log("\nCreated files:");
+      for (const file of result.filesCreated) {
+        console.log(`  - ${file}`);
+      }
+    }
+
+    console.log("\nBantay initialized successfully!");
+    console.log("Edit invariants.md to customize your project invariants.");
+    console.log('Run "bantay check" to verify invariants.');
+
+    process.exit(0);
+  } catch (error) {
+    console.error("Error initializing Bantay:", error);
+    process.exit(1);
+  }
+}
+
+async function handleCheck(args: string[]) {
+  const projectPath = process.cwd();
+
+  // Parse options
+  const idIndex = args.indexOf("--id");
+  const diffIndex = args.indexOf("--diff");
+  const jsonOutput = args.includes("--json");
+
+  const options: { id?: string; diff?: string } = {};
+
+  if (idIndex !== -1 && args[idIndex + 1]) {
+    options.id = args[idIndex + 1];
+  }
+
+  if (diffIndex !== -1) {
+    options.diff = args[diffIndex + 1] || "HEAD";
+  }
+
+  try {
+    const summary = await runCheck(projectPath, options);
+
+    if (jsonOutput) {
+      // JSON output to stdout, nothing to stderr
+      const jsonResult = await formatCheckResultsJson(summary, projectPath);
+      console.log(JSON.stringify(jsonResult, null, 2));
+    } else {
+      // Human-readable output to stderr
+      const output = formatCheckResults(summary);
+      console.error(output);
+    }
+
+    // Exit non-zero if any invariants failed
+    if (summary.failed > 0) {
+      process.exit(1);
+    }
+
+    process.exit(0);
+  } catch (error) {
+    if (error instanceof Error) {
+      console.error(`Error: ${error.message}`);
+    } else {
+      console.error("Error running check:", error);
+    }
+    process.exit(1);
+  }
+}
+
+async function handleExport(args: string[]) {
+  const projectPath = process.cwd();
+
+  // Parse target from args
+  // Formats: bantay export invariants, bantay export claude, bantay export cursor
+  // Or: bantay export --target claude
+  const targetIndex = args.indexOf("--target");
+  let target: string;
+
+  if (targetIndex !== -1 && args[targetIndex + 1]) {
+    target = args[targetIndex + 1];
+  } else if (args[0] && !args[0].startsWith("-")) {
+    target = args[0];
+  } else {
+    console.error("Usage: bantay export <target>");
+    console.error("");
+    console.error("Targets:");
+    console.error("  all         Export all targets (invariants, claude, cursor)");
+    console.error("  invariants  Generate invariants.md from bantay.aide");
+    console.error("  claude      Export to CLAUDE.md with section markers");
+    console.error("  cursor      Export to .cursorrules with section markers");
+    console.error("");
+    console.error("Examples:");
+    console.error("  bantay export invariants");
+    console.error("  bantay export claude");
+    console.error("  bantay export --target cursor");
+    process.exit(1);
+  }
+
+  const dryRun = args.includes("--dry-run");
+
+  try {
+    if (target === "all") {
+      const results = await exportAll(projectPath, { dryRun });
+      console.log("Exported all targets:");
+      for (const r of results) {
+        console.log(`  ${r.target}: ${r.outputPath} (${r.bytesWritten} bytes)`);
+      }
+    } else if (target === "invariants") {
+      const result = await exportInvariants(projectPath, { dryRun });
+      console.log(`Exported invariants to ${result.outputPath}`);
+      console.log(`  ${result.bytesWritten} bytes written`);
+    } else if (target === "claude") {
+      const result = await exportClaude(projectPath, { dryRun });
+      console.log(`Exported to ${result.outputPath}`);
+      console.log(`  ${result.bytesWritten} bytes written`);
+    } else if (target === "cursor") {
+      const result = await exportCursor(projectPath, { dryRun });
+      console.log(`Exported to ${result.outputPath}`);
+      console.log(`  ${result.bytesWritten} bytes written`);
+    } else {
+      console.error(`Unknown export target: ${target}`);
+      console.error('Valid targets: all, invariants, claude, cursor');
+      process.exit(1);
+    }
+
+    if (dryRun) {
+      console.log("\n(Dry run - no files were written)");
+    }
+
+    process.exit(0);
+  } catch (error) {
+    if (error instanceof Error) {
+      console.error(`Error: ${error.message}`);
+    } else {
+      console.error("Error running export:", error);
+    }
+    process.exit(1);
+  }
+}
+
+async function handleAide(args: string[]) {
+  const subcommand = args[0];
+
+  if (!subcommand || subcommand === "help" || subcommand === "--help" || subcommand === "-h") {
+    printAideHelp();
+    process.exit(0);
+  }
+
+  const subArgs = args.slice(1);
+
+  if (subcommand === "add") {
+    await handleAideAdd(subArgs);
+  } else if (subcommand === "update") {
+    await handleAideUpdate(subArgs);
+  } else if (subcommand === "remove") {
+    await handleAideRemove(subArgs);
+  } else if (subcommand === "link") {
+    await handleAideLink(subArgs);
+  } else if (subcommand === "show") {
+    await handleAideShow(subArgs);
+  } else if (subcommand === "validate") {
+    await handleAideValidate(subArgs);
+  } else if (subcommand === "lock") {
+    await handleAideLock(subArgs);
+  } else {
+    console.error(`Unknown aide subcommand: ${subcommand}`);
+    console.error('Run "bantay aide help" for usage information.');
+    process.exit(1);
+  }
+}
+
+main().catch((error) => {
+  console.error("Fatal error:", error);
+  process.exit(1);
+});