@codexstar/bug-hunter 3.0.0

package/scripts/tests/bug-hunter-state.test.cjs

@@ -0,0 +1,87 @@
+const assert = require('node:assert/strict');
+const fs = require('fs');
+const path = require('path');
+const test = require('node:test');
+
+const {
+  makeSandbox,
+  readJson,
+  resolveSkillScript,
+  runJson,
+  writeJson
+} = require('./test-utils.cjs');
+
+test('bug-hunter-state init/mark/hash/filter/record works end-to-end', () => {
+  const sandbox = makeSandbox('bug-hunter-state-');
+  const stateScript = resolveSkillScript('bug-hunter-state.cjs');
+  const fileA = path.join(sandbox, 'a.ts');
+  const fileB = path.join(sandbox, 'b.ts');
+  fs.writeFileSync(fileA, 'const a = 1;\n', 'utf8');
+  fs.writeFileSync(fileB, 'const b = 2;\n', 'utf8');
+
+  const filesJson = path.join(sandbox, 'files.json');
+  writeJson(filesJson, [fileA, fileB]);
+  const statePath = path.join(sandbox, 'state.json');
+
+  const init = runJson('node', [stateScript, 'init', statePath, 'extended', filesJson, '1']);
+  assert.equal(init.ok, true);
+  assert.equal(init.summary.metrics.filesTotal, 2);
+  assert.equal(init.summary.metrics.chunksTotal, 2);
+
+  const next = runJson('node', [stateScript, 'next-chunk', statePath]);
+  assert.equal(next.done, false);
+  assert.equal(next.chunk.id, 'chunk-1');
+
+  const markProgress = runJson('node', [stateScript, 'mark-chunk', statePath, 'chunk-1', 'in_progress']);
+  assert.equal(markProgress.chunk.status, 'in_progress');
+
+  const hashFilter1 = runJson('node', [stateScript, 'hash-filter', statePath, filesJson]);
+  assert.deepEqual(hashFilter1.skip, []);
+  assert.equal(hashFilter1.scan.length, 2);
+
+  const scanJson = path.join(sandbox, 'scan.json');
+  writeJson(scanJson, hashFilter1.scan);
+  runJson('node', [stateScript, 'hash-update', statePath, scanJson, 'scanned']);
+
+  const hashFilter2 = runJson('node', [stateScript, 'hash-filter', statePath, filesJson]);
+  assert.equal(hashFilter2.scan.length, 0);
+  assert.equal(hashFilter2.skip.length, 2);
+
+  const findingsJson = path.join(sandbox, 'findings.json');
+  writeJson(findingsJson, [
+    { bugId: 'BUG-1', severity: 'Low', file: 'src/x.ts', lines: '1', claim: 'x' },
+    { bugId: 'BUG-2', severity: 'Critical', file: 'src/x.ts', lines: '1', claim: 'x' }
+  ]);
+  const recorded = runJson('node', [stateScript, 'record-findings', statePath, findingsJson, 'test']);
+  assert.equal(recorded.inserted, 1);
+  assert.equal(recorded.updated, 1);
+  assert.equal(recorded.metrics.findingsUnique, 1);
+
+  runJson('node', [stateScript, 'mark-chunk', statePath, 'chunk-1', 'done']);
+  const status = runJson('node', [stateScript, 'status', statePath]);
+  assert.equal(status.summary.metrics.chunksDone, 1);
+  assert.equal(status.summary.chunkStatus.done, 1);
+
+  const state = readJson(statePath);
+  assert.equal(state.bugLedger[0].severity, 'Critical');
+  assert.equal(state.metrics.lowConfidenceFindings, 1);
+
+  const extraFile = path.join(sandbox, 'c.ts');
+  fs.writeFileSync(extraFile, 'const c = 3;\n', 'utf8');
+  const extraFilesJson = path.join(sandbox, 'extra-files.json');
+  writeJson(extraFilesJson, [extraFile]);
+  const appendResult = runJson('node', [stateScript, 'append-files', statePath, extraFilesJson]);
+  assert.equal(appendResult.appended, 1);
+  assert.equal(appendResult.chunksAdded, 1);
+
+  const factCardJson = path.join(sandbox, 'fact-card.json');
+  writeJson(factCardJson, {
+    apiContracts: ['src/x.ts contract'],
+    authAssumptions: ['auth check required'],
+    invariants: ['state transition remains atomic']
+  });
+  const factCardResult = runJson('node', [stateScript, 'record-fact-card', statePath, 'chunk-1', factCardJson]);
+  assert.equal(factCardResult.ok, true);
+  const updatedState = readJson(statePath);
+  assert.equal(updatedState.factCards['chunk-1'].apiContracts.length, 1);
+});

package/scripts/tests/code-index.test.cjs

@@ -0,0 +1,57 @@
+const assert = require('node:assert/strict');
+const fs = require('fs');
+const path = require('path');
+const test = require('node:test');
+
+const {
+  makeSandbox,
+  writeJson,
+  resolveSkillScript,
+  runJson
+} = require('./test-utils.cjs');
+
+test('code-index build captures symbols, call graph, boundaries, and query scope', () => {
+  const sandbox = makeSandbox('code-index-');
+  const codeIndex = resolveSkillScript('code-index.cjs');
+  const filesJson = path.join(sandbox, 'files.json');
+  const indexPath = path.join(sandbox, 'index.json');
+
+  const routeFile = path.join(sandbox, 'src', 'routes', 'user-route.ts');
+  const serviceFile = path.join(sandbox, 'src', 'routes', 'service.ts');
+  const authFile = path.join(sandbox, 'src', 'lib', 'auth.ts');
+  fs.mkdirSync(path.dirname(routeFile), { recursive: true });
+  fs.mkdirSync(path.dirname(authFile), { recursive: true });
+  fs.writeFileSync(routeFile, [
+    "import { loadUser } from './service';",
+    'export function handler(req) {',
+    '  return loadUser(req);',
+    '}'
+  ].join('\n'), 'utf8');
+  fs.writeFileSync(serviceFile, [
+    "import { verifyToken } from '../lib/auth';",
+    'export function loadUser(req) {',
+    '  return verifyToken(req.token);',
+    '}'
+  ].join('\n'), 'utf8');
+  fs.writeFileSync(authFile, [
+    'export function verifyToken(token) {',
+    '  return Boolean(token);',
+    '}'
+  ].join('\n'), 'utf8');
+
+  writeJson(filesJson, [routeFile, serviceFile, authFile]);
+  const buildResult = runJson('node', [codeIndex, 'build', indexPath, filesJson, sandbox]);
+  assert.equal(buildResult.ok, true);
+  assert.equal(buildResult.metrics.filesIndexed, 3);
+  assert.equal(buildResult.metrics.symbolsIndexed > 0, true);
+  assert.equal(buildResult.metrics.callEdges > 0, true);
+  assert.equal(buildResult.metrics.trustBoundaryFiles >= 1, true);
+
+  const seedJson = path.join(sandbox, 'seed.json');
+  writeJson(seedJson, [routeFile]);
+  const queryResult = runJson('node', [codeIndex, 'query', indexPath, seedJson, '1']);
+  assert.equal(queryResult.ok, true);
+  assert.equal(queryResult.selected.includes(routeFile), true);
+  assert.equal(queryResult.selected.includes(serviceFile), true);
+  assert.equal(queryResult.trustBoundaryFiles.includes(routeFile), true);
+});

package/scripts/tests/delta-mode.test.cjs

@@ -0,0 +1,47 @@
+const assert = require('node:assert/strict');
+const fs = require('fs');
+const path = require('path');
+const test = require('node:test');
+
+const {
+  makeSandbox,
+  resolveSkillScript,
+  runJson,
+  writeJson
+} = require('./test-utils.cjs');
+
+test('delta-mode selects changed scope and returns expansion overlays', () => {
+  const sandbox = makeSandbox('delta-mode-');
+  const codeIndex = resolveSkillScript('code-index.cjs');
+  const deltaMode = resolveSkillScript('delta-mode.cjs');
+  const filesJson = path.join(sandbox, 'files.json');
+  const indexPath = path.join(sandbox, 'index.json');
+  const changedJson = path.join(sandbox, 'changed.json');
+
+  const changedFile = path.join(sandbox, 'src', 'feature', 'changed.ts');
+  const depFile = path.join(sandbox, 'src', 'feature', 'dep.ts');
+  const criticalOverlay = path.join(sandbox, 'src', 'api', 'admin-route.ts');
+  fs.mkdirSync(path.dirname(changedFile), { recursive: true });
+  fs.mkdirSync(path.dirname(criticalOverlay), { recursive: true });
+  fs.writeFileSync(changedFile, "import { dep } from './dep';\nexport const value = dep();\n", 'utf8');
+  fs.writeFileSync(depFile, 'export function dep() { return 1; }\n', 'utf8');
+  fs.writeFileSync(criticalOverlay, 'export function handler(req) { return req.body; }\n', 'utf8');
+
+  writeJson(filesJson, [changedFile, depFile, criticalOverlay]);
+  runJson('node', [codeIndex, 'build', indexPath, filesJson, sandbox]);
+  writeJson(changedJson, [changedFile]);
+
+  const selected = runJson('node', [deltaMode, 'select', indexPath, changedJson, '1']);
+  assert.equal(selected.ok, true);
+  assert.equal(selected.selected.includes(changedFile), true);
+  assert.equal(selected.selected.includes(depFile), true);
+  assert.equal(selected.expansionCandidates.includes(criticalOverlay), true);
+
+  const alreadySelectedJson = path.join(sandbox, 'selected.json');
+  const lowFilesJson = path.join(sandbox, 'low-files.json');
+  writeJson(alreadySelectedJson, selected.selected);
+  writeJson(lowFilesJson, [changedFile]);
+  const expansion = runJson('node', [deltaMode, 'expand', indexPath, lowFilesJson, alreadySelectedJson, '1']);
+  assert.equal(expansion.ok, true);
+  assert.equal(expansion.overlayOnly.includes(criticalOverlay), true);
+});

package/scripts/tests/fix-lock.test.cjs

@@ -0,0 +1,36 @@
+const assert = require('node:assert/strict');
+const path = require('path');
+const test = require('node:test');
+
+const {
+  makeSandbox,
+  resolveSkillScript,
+  runJson,
+  runRaw
+} = require('./test-utils.cjs');
+
+test('fix-lock enforces single writer and supports release', () => {
+  const sandbox = makeSandbox('fix-lock-');
+  const lockScript = resolveSkillScript('fix-lock.cjs');
+  const lockPath = path.join(sandbox, 'bug-hunter-fix.lock');
+
+  const acquire1 = runJson('node', [lockScript, 'acquire', lockPath, '120']);
+  assert.equal(acquire1.ok, true);
+  assert.equal(acquire1.acquired, true);
+
+  const acquire2 = runRaw('node', [lockScript, 'acquire', lockPath, '120']);
+  assert.notEqual(acquire2.status, 0);
+  const output2 = `${acquire2.stdout || ''}${acquire2.stderr || ''}`;
+  assert.match(output2, /lock-held/);
+
+  const status = runJson('node', [lockScript, 'status', lockPath, '120']);
+  assert.equal(status.exists, true);
+  assert.equal(status.stale, false);
+
+  const release = runJson('node', [lockScript, 'release', lockPath]);
+  assert.equal(release.ok, true);
+  assert.equal(release.released, true);
+
+  const statusAfter = runJson('node', [lockScript, 'status', lockPath, '120']);
+  assert.equal(statusAfter.exists, false);
+});

package/scripts/tests/fixtures/flaky-worker.cjs

@@ -0,0 +1,63 @@
+#!/usr/bin/env node
+
+const fs = require('fs');
+const path = require('path');
+
+function parseArgs(argv) {
+  const options = {};
+  let index = 0;
+  while (index < argv.length) {
+    const token = argv[index];
+    if (!token.startsWith('--')) {
+      index += 1;
+      continue;
+    }
+    const key = token.slice(2);
+    const value = argv[index + 1];
+    if (!value || value.startsWith('--')) {
+      options[key] = 'true';
+      index += 1;
+      continue;
+    }
+    options[key] = value;
+    index += 2;
+  }
+  return options;
+}
+
+const options = parseArgs(process.argv.slice(2));
+const chunkId = options['chunk-id'] || 'chunk';
+const attemptsFile = options['attempts-file'];
+const findingsJson = options['findings-json'];
+
+if (!attemptsFile) {
+  console.error('attempts-file is required');
+  process.exit(1);
+}
+
+const attemptsPath = path.resolve(attemptsFile);
+let attempts = {};
+if (fs.existsSync(attemptsPath)) {
+  attempts = JSON.parse(fs.readFileSync(attemptsPath, 'utf8'));
+}
+attempts[chunkId] = (attempts[chunkId] || 0) + 1;
+fs.mkdirSync(path.dirname(attemptsPath), { recursive: true });
+fs.writeFileSync(attemptsPath, `${JSON.stringify(attempts, null, 2)}\n`, 'utf8');
+
+if (attempts[chunkId] === 1) {
+  console.error(`intentional failure on first attempt for ${chunkId}`);
+  process.exit(1);
+}
+
+if (findingsJson) {
+  const payload = [
+    {
+      bugId: `BUG-${chunkId}`,
+      severity: 'Medium',
+      file: `src/retry-${chunkId}.ts`,
+      lines: '10-11',
+      claim: `retry-success-${chunkId}`
+    }
+  ];
+  fs.writeFileSync(findingsJson, `${JSON.stringify(payload, null, 2)}\n`, 'utf8');
+}

package/scripts/tests/fixtures/low-confidence-worker.cjs

@@ -0,0 +1,73 @@
+#!/usr/bin/env node
+
+const fs = require('fs');
+const path = require('path');
+
+function parseArgs(argv) {
+  const options = {};
+  let index = 0;
+  while (index < argv.length) {
+    const token = argv[index];
+    if (!token.startsWith('--')) {
+      index += 1;
+      continue;
+    }
+    const key = token.slice(2);
+    const value = argv[index + 1];
+    if (!value || value.startsWith('--')) {
+      options[key] = 'true';
+      index += 1;
+      continue;
+    }
+    options[key] = value;
+    index += 2;
+  }
+  return options;
+}
+
+function readJson(filePath) {
+  return JSON.parse(fs.readFileSync(filePath, 'utf8'));
+}
+
+function writeJson(filePath, value) {
+  fs.mkdirSync(path.dirname(filePath), { recursive: true });
+  fs.writeFileSync(filePath, `${JSON.stringify(value, null, 2)}\n`, 'utf8');
+}
+
+const options = parseArgs(process.argv.slice(2));
+const scanFilesJson = options['scan-files-json'];
+const findingsJson = options['findings-json'];
+const factsJson = options['facts-json'];
+const seenFilesPath = options['seen-files'];
+const chunkId = options['chunk-id'] || 'chunk';
+const confidence = Number.parseInt(String(options.confidence || '60'), 10);
+
+const scanFiles = scanFilesJson ? readJson(scanFilesJson) : [];
+if (seenFilesPath) {
+  const current = fs.existsSync(seenFilesPath) ? readJson(seenFilesPath) : [];
+  const merged = [...new Set([...current, ...scanFiles])];
+  writeJson(seenFilesPath, merged);
+}
+
+if (findingsJson && scanFiles.length > 0) {
+  writeJson(findingsJson, [
+    {
+      bugId: `BUG-${chunkId}`,
+      severity: 'Critical',
+      confidence: Number.isInteger(confidence) ? confidence : 60,
+      file: scanFiles[0],
+      lines: '1',
+      claim: `Low-confidence risk in ${path.basename(scanFiles[0])}`
+    }
+  ]);
+}
+
+if (factsJson) {
+  writeJson(factsJson, {
+    apiContracts: scanFiles.map((filePath) => {
+      return `${path.basename(filePath)} contract`;
+    }),
+    authAssumptions: ['Auth decisions must remain explicit'],
+    invariants: [`Chunk ${chunkId} invariants captured`]
+  });
+}

package/scripts/tests/fixtures/success-worker.cjs

@@ -0,0 +1,42 @@
+#!/usr/bin/env node
+
+const fs = require('fs');
+
+function parseArgs(argv) {
+  const options = {};
+  let index = 0;
+  while (index < argv.length) {
+    const token = argv[index];
+    if (!token.startsWith('--')) {
+      index += 1;
+      continue;
+    }
+    const key = token.slice(2);
+    const value = argv[index + 1];
+    if (!value || value.startsWith('--')) {
+      options[key] = 'true';
+      index += 1;
+      continue;
+    }
+    options[key] = value;
+    index += 2;
+  }
+  return options;
+}
+
+const options = parseArgs(process.argv.slice(2));
+const findingsJson = options['findings-json'];
+if (!findingsJson) {
+  process.exit(0);
+}
+
+const payload = [
+  {
+    bugId: `BUG-${options['chunk-id'] || '0'}`,
+    severity: 'Low',
+    file: 'src/example.ts',
+    lines: '1',
+    claim: 'example'
+  }
+];
+fs.writeFileSync(findingsJson, `${JSON.stringify(payload, null, 2)}\n`, 'utf8');

package/scripts/tests/payload-guard.test.cjs

@@ -0,0 +1,41 @@
+const assert = require('node:assert/strict');
+const path = require('path');
+const test = require('node:test');
+
+const {
+  makeSandbox,
+  resolveSkillScript,
+  runJson,
+  runRaw,
+  writeJson
+} = require('./test-utils.cjs');
+
+test('payload-guard accepts valid hunter payload and rejects malformed payload', () => {
+  const sandbox = makeSandbox('payload-guard-');
+  const guardScript = resolveSkillScript('payload-guard.cjs');
+  const validPayloadPath = path.join(sandbox, 'valid.json');
+  const invalidPayloadPath = path.join(sandbox, 'invalid.json');
+
+  writeJson(validPayloadPath, {
+    skillDir: '/Users/codex/.agents/skills/bug-hunter',
+    targetFiles: ['src/a.ts'],
+    riskMap: {},
+    techStack: { framework: 'express' },
+    outputSchema: { type: 'object' }
+  });
+
+  const valid = runJson('node', [guardScript, 'validate', 'hunter', validPayloadPath]);
+  assert.equal(valid.ok, true);
+  assert.deepEqual(valid.errors, []);
+
+  writeJson(invalidPayloadPath, {
+    skillDir: 'relative/path',
+    targetFiles: [],
+    outputSchema: null
+  });
+
+  const invalid = runRaw('node', [guardScript, 'validate', 'hunter', invalidPayloadPath]);
+  assert.notEqual(invalid.status, 0);
+  const output = `${invalid.stdout || ''}\n${invalid.stderr || ''}`;
+  assert.match(output, /Missing required field: riskMap/);
+});