@bantay/cli 0.1.0

package/src/commands/check.ts

@@ -0,0 +1,363 @@
+import { readFile, access } from "fs/promises";
+import { spawn } from "bun";
+import { join } from "path";
+import { parseInvariants, type Invariant } from "../generators/invariants";
+import { runChecker, hasChecker } from "../checkers/registry";
+import { loadConfig } from "../config";
+import { getGitDiff, shouldCheckInvariant } from "../diff";
+import type { CheckResult, CheckerContext } from "../checkers/types";
+import { read as readAide } from "../aide";
+
+export interface CheckOptions {
+  id?: string;
+  diff?: string;
+}
+
+export interface CheckSummary {
+  passed: number;
+  failed: number;
+  skipped: number;
+  tested: number;
+  enforced: number;
+  total: number;
+  results: CheckResult[];
+}
+
+async function fileExists(path: string): Promise<boolean> {
+  try {
+    await access(path);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+interface ProjectCheckerResult {
+  pass: boolean;
+  violations: Array<{ file: string; line: number; message: string }>;
+}
+
+interface InvariantEnforcementInfo {
+  checker?: string;
+  test?: string;
+  enforced?: string;
+}
+
+/**
+ * Load checker and test paths from bantay.aide for each invariant
+ */
+async function getEnforcementInfo(
+  projectPath: string
+): Promise<Map<string, InvariantEnforcementInfo>> {
+  const info = new Map<string, InvariantEnforcementInfo>();
+  const aidePath = join(projectPath, "bantay.aide");
+
+  try {
+    const tree = await readAide(aidePath);
+    for (const [id, entity] of Object.entries(tree.entities)) {
+      if (id.startsWith("inv_")) {
+        const enforcement: InvariantEnforcementInfo = {};
+        if (entity.props?.checker) {
+          enforcement.checker = entity.props.checker as string;
+        }
+        if (entity.props?.test) {
+          enforcement.test = entity.props.test as string;
+        }
+        if (entity.props?.enforced) {
+          enforcement.enforced = entity.props.enforced as string;
+        }
+        if (enforcement.checker || enforcement.test || enforcement.enforced) {
+          info.set(id, enforcement);
+        }
+      }
+    }
+  } catch {
+    // No aide file or can't read it
+  }
+
+  return info;
+}
+
+/**
+ * Run a project checker from .bantay/checkers/
+ */
+async function runProjectChecker(
+  checkerPath: string,
+  projectPath: string
+): Promise<ProjectCheckerResult> {
+  // checkerPath is like "./no-eval" or "./bin-field"
+  const checkerFile = checkerPath.startsWith("./")
+    ? checkerPath.slice(2) + ".ts"
+    : checkerPath + ".ts";
+  const fullPath = join(projectPath, ".bantay", "checkers", checkerFile);
+
+  try {
+    // Import and run the checker
+    const checker = await import(fullPath);
+
+    if (typeof checker.check !== "function") {
+      return {
+        pass: false,
+        violations: [
+          {
+            file: checkerFile,
+            line: 0,
+            message: "Checker does not export a check() function",
+          },
+        ],
+      };
+    }
+
+    const result = await checker.check({ projectPath });
+
+    return {
+      pass: result.pass === true,
+      violations: Array.isArray(result.violations) ? result.violations : [],
+    };
+  } catch (err) {
+    return {
+      pass: false,
+      violations: [
+        {
+          file: checkerFile,
+          line: 0,
+          message: `Failed to run checker: ${err instanceof Error ? err.message : err}`,
+        },
+      ],
+    };
+  }
+}
+
+export async function runCheck(
+  projectPath: string,
+  options: CheckOptions = {}
+): Promise<CheckSummary> {
+  const invariantsPath = join(projectPath, "invariants.md");
+
+  // Check if invariants.md exists
+  if (!(await fileExists(invariantsPath))) {
+    throw new Error(
+      'No invariants.md found. Run "bantay init" to create one.'
+    );
+  }
+
+  // Load invariants
+  const content = await readFile(invariantsPath, "utf-8");
+  let invariants = parseInvariants(content);
+
+  // Filter by ID if specified
+  if (options.id) {
+    invariants = invariants.filter((inv) => inv.id === options.id);
+    if (invariants.length === 0) {
+      throw new Error(`Invariant with ID "${options.id}" not found.`);
+    }
+  }
+
+  // Load config
+  const config = await loadConfig(projectPath);
+
+  const context: CheckerContext = {
+    projectPath,
+    config,
+  };
+
+  // Get diff info if in diff mode
+  let affectedCategories: Set<string> | null = null;
+  if (options.diff) {
+    const diffResult = await getGitDiff(projectPath, options.diff);
+    affectedCategories = diffResult.categories;
+  }
+
+  // Get enforcement info (checker and test paths) from bantay.aide
+  const enforcementInfo = await getEnforcementInfo(projectPath);
+
+  // Run checkers for each invariant
+  const results: CheckResult[] = [];
+
+  for (const invariant of invariants) {
+    // In diff mode, skip invariants for unaffected categories
+    if (affectedCategories && !shouldCheckInvariant(invariant.category, affectedCategories)) {
+      // Skip this invariant entirely - don't even report it
+      continue;
+    }
+
+    // Get enforcement info for this invariant
+    const enforcement = enforcementInfo.get(invariant.id);
+
+    if (enforcement?.checker) {
+      // Run project checker
+      const projectResult = await runProjectChecker(enforcement.checker, projectPath);
+      results.push({
+        invariant,
+        status: projectResult.pass ? "pass" : "fail",
+        violations: projectResult.violations.map(v => ({
+          filePath: v.file,
+          line: v.line,
+          message: v.message,
+        })),
+        message: projectResult.pass ? undefined : `Project checker: ${enforcement.checker}`,
+      });
+    } else if (enforcement?.test) {
+      // Invariant is enforced by a test, not a checker
+      results.push({
+        invariant,
+        status: "tested",
+        violations: [],
+        message: `Enforced by test: ${enforcement.test}`,
+      });
+    } else if (enforcement?.enforced) {
+      // Invariant is enforced by implementation code directly
+      results.push({
+        invariant,
+        status: "enforced",
+        violations: [],
+        message: `Enforced by: ${enforcement.enforced}`,
+      });
+    } else {
+      // Try built-in checker
+      const result = await runChecker(invariant, context);
+      results.push(result);
+    }
+  }
+
+  // Calculate summary
+  const summary: CheckSummary = {
+    passed: results.filter((r) => r.status === "pass").length,
+    failed: results.filter((r) => r.status === "fail").length,
+    skipped: results.filter((r) => r.status === "skipped").length,
+    tested: results.filter((r) => r.status === "tested").length,
+    enforced: results.filter((r) => r.status === "enforced").length,
+    total: results.length,
+    results,
+  };
+
+  return summary;
+}
+
+export interface JsonCheckOutput {
+  timestamp: string;
+  commit: string | null;
+  results: Array<{
+    id: string;
+    status: "pass" | "fail" | "skipped" | "tested" | "enforced";
+    message?: string;
+    violations?: Array<{
+      file: string;
+      line?: number;
+      message: string;
+    }>;
+  }>;
+  summary: {
+    passed: number;
+    failed: number;
+    skipped: number;
+    tested: number;
+    enforced: number;
+    total: number;
+  };
+}
+
+async function getGitCommit(projectPath: string): Promise<string | null> {
+  try {
+    const proc = spawn({
+      cmd: ["git", "rev-parse", "HEAD"],
+      cwd: projectPath,
+      stdout: "pipe",
+      stderr: "pipe",
+    });
+
+    const [exitCode, stdout] = await Promise.all([
+      proc.exited,
+      new Response(proc.stdout).text(),
+    ]);
+
+    if (exitCode === 0) {
+      return stdout.trim();
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+
+export async function formatCheckResultsJson(
+  summary: CheckSummary,
+  projectPath: string
+): Promise<JsonCheckOutput> {
+  const commit = await getGitCommit(projectPath);
+
+  return {
+    timestamp: new Date().toISOString(),
+    commit,
+    results: summary.results.map((result) => ({
+      id: result.invariant.id,
+      status: result.status,
+      message: result.message,
+      violations:
+        result.violations.length > 0
+          ? result.violations.map((v) => ({
+              file: v.filePath,
+              line: v.line,
+              message: v.message,
+            }))
+          : undefined,
+    })),
+    summary: {
+      passed: summary.passed,
+      failed: summary.failed,
+      skipped: summary.skipped,
+      tested: summary.tested,
+      enforced: summary.enforced,
+      total: summary.total,
+    },
+  };
+}
+
+export function formatCheckResults(summary: CheckSummary): string {
+  const lines: string[] = [];
+
+  lines.push("Invariant Check Results");
+  lines.push("=======================");
+  lines.push("");
+
+  for (const result of summary.results) {
+    const statusIcon = result.status === "pass" ? "✓"
+      : result.status === "fail" ? "✗"
+      : result.status === "tested" ? "~"
+      : result.status === "enforced" ? "◆"
+      : "○";
+    const statusText = result.status.toUpperCase();
+
+    lines.push(`${statusIcon} [${result.invariant.id}] ${statusText}`);
+    lines.push(`  ${result.invariant.statement}`);
+
+    if (result.message) {
+      lines.push(`  Note: ${result.message}`);
+    }
+
+    for (const violation of result.violations) {
+      const location = violation.line
+        ? `${violation.filePath}:${violation.line}`
+        : violation.filePath;
+      lines.push(`  - ${location}: ${violation.message}`);
+    }
+
+    lines.push("");
+  }
+
+  lines.push("Summary");
+  lines.push("-------");
+  const parts = [`${summary.passed} passed`, `${summary.failed} failed`];
+  if (summary.tested > 0) {
+    parts.push(`${summary.tested} tested`);
+  }
+  if (summary.enforced > 0) {
+    parts.push(`${summary.enforced} enforced`);
+  }
+  if (summary.skipped > 0) {
+    parts.push(`${summary.skipped} skipped`);
+  }
+  lines.push(parts.join(", "));
+
+  return lines.join("\n");
+}

package/src/commands/init.ts

@@ -0,0 +1,75 @@
+import { writeFile, access } from "fs/promises";
+import { join } from "path";
+import { detectStack, type StackDetectionResult } from "../detectors";
+import { generateInvariants } from "../generators/invariants";
+import { generateConfig, configToYaml } from "../generators/config";
+
+export interface InitOptions {
+  regenerateConfig?: boolean;
+}
+
+export interface InitResult {
+  success: boolean;
+  filesCreated: string[];
+  warnings: string[];
+  detection: StackDetectionResult;
+}
+
+async function fileExists(path: string): Promise<boolean> {
+  try {
+    await access(path);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+export async function runInit(
+  projectPath: string,
+  options?: InitOptions
+): Promise<InitResult> {
+  const filesCreated: string[] = [];
+  const warnings: string[] = [];
+
+  // Detect stack
+  const detection = await detectStack(projectPath);
+
+  // Add warnings for missing detections
+  if (!detection.framework) {
+    warnings.push("No framework detected");
+  }
+
+  const invariantsPath = join(projectPath, "invariants.md");
+  const configPath = join(projectPath, "bantay.config.yml");
+
+  // Check if invariants.md already exists
+  const invariantsExists = await fileExists(invariantsPath);
+
+  if (invariantsExists) {
+    warnings.push("invariants.md already exists");
+  }
+
+  // Generate invariants.md if it doesn't exist
+  if (!invariantsExists) {
+    const invariantsContent = await generateInvariants(detection);
+    await writeFile(invariantsPath, invariantsContent);
+    filesCreated.push("invariants.md");
+  }
+
+  // Generate config (always, or when regenerateConfig is true)
+  const shouldGenerateConfig = !invariantsExists || options?.regenerateConfig;
+
+  if (shouldGenerateConfig) {
+    const config = await generateConfig(detection, projectPath);
+    const configContent = configToYaml(config);
+    await writeFile(configPath, configContent);
+    filesCreated.push("bantay.config.yml");
+  }
+
+  return {
+    success: true,
+    filesCreated,
+    warnings,
+    detection,
+  };
+}

package/src/config.ts

@@ -0,0 +1,63 @@
+import { readFile } from "fs/promises";
+import type { BantayConfig } from "./checkers/types";
+
+export async function loadConfig(projectPath: string): Promise<BantayConfig> {
+  const configPath = `${projectPath}/bantay.config.yml`;
+
+  try {
+    const content = await readFile(configPath, "utf-8");
+    return parseYamlConfig(content);
+  } catch {
+    // Default config if file doesn't exist
+    return {
+      sourceDirectories: ["src"],
+    };
+  }
+}
+
+function parseYamlConfig(content: string): BantayConfig {
+  const config: BantayConfig = {
+    sourceDirectories: [],
+  };
+
+  const lines = content.split("\n");
+  let currentKey: string | null = null;
+
+  for (const line of lines) {
+    const trimmed = line.trim();
+
+    // Skip empty lines and comments
+    if (!trimmed || trimmed.startsWith("#")) {
+      continue;
+    }
+
+    // Check for list item
+    if (trimmed.startsWith("- ")) {
+      const value = trimmed.slice(2).trim();
+      if (currentKey === "sourceDirectories") {
+        config.sourceDirectories.push(value);
+      } else if (currentKey === "routeDirectories") {
+        if (!config.routeDirectories) {
+          config.routeDirectories = [];
+        }
+        config.routeDirectories.push(value);
+      }
+      continue;
+    }
+
+    // Check for key
+    const colonIndex = trimmed.indexOf(":");
+    if (colonIndex > 0) {
+      const key = trimmed.slice(0, colonIndex).trim();
+      const value = trimmed.slice(colonIndex + 1).trim();
+
+      if (key === "schemaPath" && value) {
+        config.schemaPath = value;
+      } else {
+        currentKey = key;
+      }
+    }
+  }
+
+  return config;
+}

package/src/detectors/index.ts

@@ -0,0 +1,61 @@
+export type {
+  FrameworkDetection,
+  OrmDetection,
+  AuthDetection,
+  StackDetectionResult,
+} from "./types";
+
+import type { StackDetectionResult, FrameworkDetection, OrmDetection, AuthDetection } from "./types";
+import { detect as detectNextjs } from "./nextjs";
+import { detect as detectPrisma } from "./prisma";
+
+// Registry of framework detectors
+const frameworkDetectors: Array<() => typeof detectNextjs> = [
+  () => detectNextjs,
+];
+
+// Registry of ORM detectors
+const ormDetectors: Array<() => typeof detectPrisma> = [
+  () => detectPrisma,
+];
+
+// Registry of auth detectors (none yet)
+const authDetectors: Array<() => (projectPath: string) => Promise<AuthDetection | null>> = [];
+
+export async function detectStack(projectPath: string): Promise<StackDetectionResult> {
+  let framework: FrameworkDetection | null = null;
+  let orm: OrmDetection | null = null;
+  let auth: AuthDetection | null = null;
+
+  // Run framework detectors
+  for (const getDetector of frameworkDetectors) {
+    const detector = getDetector();
+    const result = await detector(projectPath);
+    if (result && (!framework || result.confidence === "high")) {
+      framework = result;
+      if (result.confidence === "high") break;
+    }
+  }
+
+  // Run ORM detectors
+  for (const getDetector of ormDetectors) {
+    const detector = getDetector();
+    const result = await detector(projectPath);
+    if (result && (!orm || result.confidence === "high")) {
+      orm = result;
+      if (result.confidence === "high") break;
+    }
+  }
+
+  // Run auth detectors
+  for (const getDetector of authDetectors) {
+    const detector = getDetector();
+    const result = await detector(projectPath);
+    if (result && (!auth || result.confidence === "high")) {
+      auth = result;
+      if (result.confidence === "high") break;
+    }
+  }
+
+  return { framework, orm, auth };
+}

package/src/detectors/nextjs.ts

@@ -0,0 +1,97 @@
+import { readFile, access, readdir } from "fs/promises";
+import { join } from "path";
+import type { FrameworkDetection } from "./types";
+
+export interface NextjsDetector {
+  name: "nextjs";
+  detect(projectPath: string): Promise<FrameworkDetection | null>;
+}
+
+async function fileExists(path: string): Promise<boolean> {
+  try {
+    await access(path);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+async function dirExists(path: string): Promise<boolean> {
+  try {
+    await access(path);
+    const entries = await readdir(path);
+    return entries.length >= 0; // It's a directory if readdir works
+  } catch {
+    return false;
+  }
+}
+
+async function readPackageJson(projectPath: string): Promise<Record<string, unknown> | null> {
+  try {
+    const content = await readFile(join(projectPath, "package.json"), "utf-8");
+    return JSON.parse(content);
+  } catch {
+    return null;
+  }
+}
+
+export async function detect(projectPath: string): Promise<FrameworkDetection | null> {
+  const pkg = await readPackageJson(projectPath);
+
+  let version: string | undefined;
+  let confidence: "high" | "medium" | "low" = "low";
+  let detected = false;
+
+  // Check package.json for next dependency
+  if (pkg) {
+    const deps = (pkg.dependencies ?? {}) as Record<string, string>;
+    const devDeps = (pkg.devDependencies ?? {}) as Record<string, string>;
+
+    if (deps.next) {
+      version = deps.next;
+      confidence = "high";
+      detected = true;
+    } else if (devDeps.next) {
+      version = devDeps.next;
+      confidence = "high";
+      detected = true;
+    }
+  }
+
+  // Check for next.config.js or next.config.mjs
+  const configFiles = ["next.config.js", "next.config.mjs", "next.config.ts"];
+  for (const configFile of configFiles) {
+    if (await fileExists(join(projectPath, configFile))) {
+      detected = true;
+      if (confidence === "low") {
+        confidence = "high";
+      }
+      break;
+    }
+  }
+
+  if (!detected) {
+    return null;
+  }
+
+  // Detect router type
+  let router: "app" | "pages" | undefined;
+
+  const hasAppDir = await dirExists(join(projectPath, "app"));
+  const hasPagesDir = await dirExists(join(projectPath, "pages"));
+  const hasSrcAppDir = await dirExists(join(projectPath, "src", "app"));
+  const hasSrcPagesDir = await dirExists(join(projectPath, "src", "pages"));
+
+  if (hasAppDir || hasSrcAppDir) {
+    router = "app";
+  } else if (hasPagesDir || hasSrcPagesDir) {
+    router = "pages";
+  }
+
+  return {
+    name: "nextjs",
+    version,
+    confidence,
+    router,
+  };
+}