@controlfront/detect 0.0.1

package/src/lib/collectTokenMatches.js.regex

@@ -0,0 +1,252 @@
+// Helper: Extracts a balanced block (e.g., for parentheses)
+function extractBalanced(source, startIndex, openChar = '(', closeChar = ')') {
+  let depth = 0, started = false;
+  for (let i = startIndex; i < source.length; i++) {
+    const ch = source[i];
+    if (ch === openChar) { depth++; started = true; }
+    else if (ch === closeChar) {
+      depth--;
+      if (depth === 0 && started) return { block: source.slice(startIndex + 1, i), endIndex: i };
+    }
+  }
+  return { block: '', endIndex: startIndex };
+}
+
+// Helper: Finds the line number and snippet at a given index in the source
+function lineNumberAtIndex(source, index) {
+  let line = 1, lastNL = -1;
+  for (let i = 0; i < source.length && i < index; i++) if (source.charCodeAt(i) === 10) { line++; lastNL = i; }
+  const lineStart = lastNL + 1;
+  const lineEnd = source.indexOf('\n', index) === -1 ? source.length : source.indexOf('\n', index);
+  return { line, snippet: source.slice(lineStart, lineEnd).trim().slice(0, 500) };
+}
+/**
+ * @typedef {Object} TokenMatch
+ * @property {string} file      - Path to file where value was found
+ * @property {number} line      - Line number (1-based)
+ * @property {string} raw       - Raw value (e.g. "#ff0000", "16px", "var(--brand-primary)")
+ * @property {"color"|"length"|"css-var"|"gradient"|"css-var-decl"|"number"|"font-family"|"shadow"|"tailwind-class"} category
+ * @property {string} snippet  - Line snippet for preview
+ * @property {string} [context] - Optional wrapping selector context
+ */
+
+import fs from "fs";
+
+/**
+ * Scan files for token-like values.
+ * @param {string[]} files
+ * @returns {TokenMatch[]}
+ */
+export function collectTokenMatches(files) {
+  const colorHex = /#(?:[0-9a-fA-F]{3,4}|[0-9a-fA-F]{6}|[0-9a-fA-F]{8})\b/g;
+  const colorFunc = /\b(?:rgb|rgba|hsl|hsla|hwb|lab|lch|oklab|oklch|color)\(\s*[^)]+\)/g;
+  const cssVarUse = /var\(\s*--[a-zA-Z0-9\-_]+(?:\s*,\s*[^)]+)?\)/g;
+  const cssVarDecl = /--[a-zA-Z0-9\-_]+\s*:\s*[^;]+;/g;
+  const gradient = /\b(?:linear-gradient|radial-gradient|conic-gradient)\(\s*[^)]+\)/g;
+  const lengthVal = /\b\d*\.?\d+\s*(?:px|rem|em|vh|vw|%|ch|vmin|vmax|cm|mm|in|pt|pc)\b/g;
+  const unitlessNumber = /\b\d*\.?\d+\b/g;
+  const fontFamily = /font-family\s*:\s*([^;]+);/i;
+  const shadow = /\b(?:box-shadow|text-shadow)\s*:\s*([^;]+);/i;
+  const tailwindClassAttr = /\b(?:class|className)\s*=\s*(?:(["'])([^"']+)\1|{["']([^"']+)["']})/g;
+
+  /** @type {TokenMatch[]} */
+  const matches = [];
+
+  const cssFileExts = new Set([".css", ".scss", ".less", ".pcss", ".postcss"]);
+
+  for (const file of files) {
+    let content;
+    try {
+      content = fs.readFileSync(file, "utf8");
+    } catch {
+      continue;
+    }
+
+    // Extra pass: capture Tailwind classes inside cn(...) calls robustly
+    try {
+      const cnCall = /cn\s*\(/g;
+      let m;
+      while ((m = cnCall.exec(content)) !== null) {
+        const { block } = extractBalanced(content, m.index + m[0].length - 1, '(', ')');
+        if (!block) continue;
+        // Object keys
+        const keyRegex = /["'`]([^"'`]+)["'`]\s*:/gs;
+        let km;
+        while ((km = keyRegex.exec(block)) !== null) {
+          km[1].split(/\s+/).forEach(cls => {
+            if (cls.trim()) {
+              const { line, snippet } = lineNumberAtIndex(content, m.index + km.index);
+              matches.push({ file, line, raw: cls.trim(), category: "tailwind-class", snippet });
+            }
+          });
+        }
+        // String literal args
+        const strRegex = /(['"`])([^'"`]*?)\1(?!\s*:)/gs;
+        let sm;
+        while ((sm = strRegex.exec(block)) !== null) {
+          sm[2].split(/\s+/).forEach(cls => {
+            if (cls.trim()) {
+              const { line, snippet } = lineNumberAtIndex(content, m.index + sm.index);
+              matches.push({ file, line, raw: cls.trim(), category: "tailwind-class", snippet });
+            }
+          });
+        }
+      }
+    } catch {}
+
+    const lines = content.split(/\r?\n/);
+
+    // Determine if file is CSS-like
+    const isCssLike = cssFileExts.has(
+      file.slice(file.lastIndexOf(".")).toLowerCase()
+    );
+
+    /** @type {string[]} */
+    const selectorStack = [];
+
+    for (let idx = 0; idx < lines.length; idx++) {
+      const lineText = lines[idx];
+      const line = idx + 1;
+      let m;
+
+      // If CSS-like file, track selector context by parsing lines with '{' and '}'
+      if (isCssLike) {
+        // Match selectors before '{'
+        const selectorMatch = lineText.match(/^\s*([^{]+)\s*{/);
+        if (selectorMatch) {
+          const selector = selectorMatch[1].trim();
+          selectorStack.push(selector);
+        }
+        // Count closing braces to pop selector context
+        // Note: handle multiple '}' on same line
+        const closingBraces = (lineText.match(/}/g) || []).length;
+        for (let i = 0; i < closingBraces; i++) {
+          if (selectorStack.length > 0) {
+            selectorStack.pop();
+          }
+        }
+      }
+
+      const currentContext = selectorStack.length > 0 ? selectorStack[selectorStack.length - 1] : "";
+
+      // Colors (hex)
+      while ((m = colorHex.exec(lineText)) !== null) {
+        matches.push({
+          file,
+          line,
+          raw: m[0],
+          category: "color",
+          snippet: lineText.trim().slice(0, 500),
+        });
+      }
+      // Colors (functions)
+      while ((m = colorFunc.exec(lineText)) !== null) {
+        matches.push({
+          file,
+          line,
+          raw: m[0],
+          category: "color",
+          snippet: lineText.trim().slice(0, 500),
+        });
+      }
+
+      // CSS var declarations
+      while ((m = cssVarDecl.exec(lineText)) !== null) {
+        matches.push({
+          file,
+          line,
+          raw: m[0],
+          category: "css-var-decl",
+          snippet: lineText.trim().slice(0, 500),
+          context: currentContext || undefined,
+        });
+      }
+
+      // CSS var uses
+      while ((m = cssVarUse.exec(lineText)) !== null) {
+        matches.push({
+          file,
+          line,
+          raw: m[0],
+          category: "css-var",
+          snippet: lineText.trim().slice(0, 500),
+        });
+      }
+
+      // Gradients
+      while ((m = gradient.exec(lineText)) !== null) {
+        matches.push({
+          file,
+          line,
+          raw: m[0],
+          category: "gradient",
+          snippet: lineText.trim().slice(0, 500),
+        });
+      }
+
+      // Lengths
+      while ((m = lengthVal.exec(lineText)) !== null) {
+        matches.push({
+          file,
+          line,
+          raw: m[0],
+          category: "length",
+          snippet: lineText.trim().slice(0, 500),
+        });
+      }
+
+      // Unitless numbers
+      while ((m = unitlessNumber.exec(lineText)) !== null) {
+        matches.push({
+          file,
+          line,
+          raw: m[0],
+          category: "number",
+          snippet: lineText.trim().slice(0, 500),
+        });
+      }
+
+      // Font-family
+      if ((m = fontFamily.exec(lineText)) !== null) {
+        matches.push({
+          file,
+          line,
+          raw: m[1].trim(),
+          category: "font-family",
+          snippet: lineText.trim().slice(0, 500),
+        });
+      }
+
+      // Shadows
+      if ((m = shadow.exec(lineText)) !== null) {
+        matches.push({
+          file,
+          line,
+          raw: m[1].trim(),
+          category: "shadow",
+          snippet: lineText.trim().slice(0, 500),
+        });
+      }
+
+      // Tailwind classes
+      while ((m = tailwindClassAttr.exec(lineText)) !== null) {
+        const classesStr = m[2] || m[3] || "";
+        const classes = classesStr.trim().split(/\s+/);
+        for (const cls of classes) {
+          matches.push({
+            file,
+            line,
+            raw: cls,
+            category: "tailwind-class",
+            snippet: lineText.trim().slice(0, 500),
+          });
+        }
+      }
+
+      // Tailwind classes inside cn({ "..." : condition })
+      // (Handled above via robust multi-line cn(...) parser)
+    }
+  }
+
+  return matches;
+}

package/src/lib/loadRules.js

@@ -0,0 +1,73 @@
+// src/lib/loadRules.js
+import fs from "fs";
+import path from "path";
+import { createClient } from "@supabase/supabase-js";
+
+export async function loadRules(mode = "core") {
+  if (mode === "ci") {
+    // --- CI: fetch rules from Supabase ---
+    const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL;
+    const supabaseAnonKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY;
+
+    if (!supabaseUrl || !supabaseAnonKey) {
+      throw new Error("Supabase env vars missing for CI mode");
+    }
+
+    const supabase = createClient(supabaseUrl, supabaseAnonKey);
+    const { data, error } = await supabase
+      .from("rules")
+      .select("slug, name, description, severity, code, default_active")
+      .eq("default_active", true);
+
+    if (error) throw error;
+
+    return data.map(rule => {
+      // turn code string into executable function
+      let run;
+      try {
+        // eslint-disable-next-line no-new-func
+        run = new Function("file", "context", rule.code);
+      } catch (e) {
+        console.error(`❌ Failed to compile rule ${rule.slug}`, e);
+        run = () => [];
+      }
+      return { ...rule, run };
+    });
+  }
+
+  // --- Local: load from filesystem ---
+  const repoRoot = path.resolve(path.dirname(new URL(import.meta.url).pathname), "../..");
+  const dirs = [];
+
+  if (mode === "core") {
+    dirs.push(path.resolve(repoRoot, "src/rules/core"));
+  } else if (mode === "dev") {
+    dirs.push(path.resolve(repoRoot, "src/rules/dev"));
+  } else if (mode === "dev+core" || mode === "core+dev") {
+    dirs.push(
+      path.resolve(repoRoot, "src/rules/core"),
+      path.resolve(repoRoot, "src/rules/dev")
+    );
+  } else {
+    throw new Error(`Unknown rules mode: ${mode}`);
+  }
+
+  const ruleFiles = [];
+  for (const dir of dirs) {
+    if (fs.existsSync(dir)) {
+      const files = fs.readdirSync(dir).filter(f => f.endsWith(".js"));
+      for (const f of files) {
+        ruleFiles.push({ dir, file: f });
+      }
+    }
+  }
+
+  const rules = await Promise.all(
+    ruleFiles.map(async ({ dir, file }) => {
+      const mod = await import(path.join(dir, file));
+      return mod.default;
+    })
+  );
+
+  return rules;
+}

package/src/rules/core/no-hardcoded-colors.js

@@ -0,0 +1,28 @@
+// src/rules/core/no-hardcoded-colors.js (ESM)
+export default {
+  meta: {
+    slug: "no-hardcoded-colors",
+    name: "No Hardcoded Colors",
+    description: "Flags hex/rgb/hsl literals; use DS tokens instead.",
+    severity: "error",
+  },
+  files: ["**/*.{js,jsx,ts,tsx,css,scss,less,html}"],
+  evaluate(file, content, ctx) {
+    const re = /#(?:[0-9a-fA-F]{3}){1,2}\b|rgba?\([^)]*\)|hsla?\([^)]*\)/g;
+    let m;
+    while ((m = re.exec(content))) {
+      const line = content.slice(0, m.index).split("\n").length;
+      ctx.report({
+        rule: this.meta.slug,
+        message: `Hardcoded color ${m[0]} — use a token`,
+        severity: (ctx.config && ctx.config.severity) || this.meta.severity || "error",
+        file,
+        line,
+        codeContext: content
+          .split("\n")
+          .slice(Math.max(0, line - 2), line + 1)
+          .join("\n"),
+      });
+    }
+  },
+};

package/src/rules/core/no-hardcoded-spacing.js

@@ -0,0 +1,29 @@
+export default {
+  meta: {
+    slug: "no-hardcoded-spacing",
+    name: "No Hardcoded Spacing",
+    description: "Disallow raw spacing values; use spacing tokens.",
+    severity: "error",
+  },
+  files: ["**/*.{ts,tsx,js,jsx,css,scss,less,html}"],
+  evaluate(file, content, ctx) {
+    const regex = /(margin(?:Top|Bottom|Left|Right)?|padding(?:Top|Bottom|Left|Right)?|gap|lineHeight)\s*:\s*{?\s*["']?\d+(\.\d+)?(px|em|rem|pt|%|vw|vh|vmin|vmax|ch|ex)?["']?\s*}?/gi;
+    const lines = content.split("\n");
+
+    lines.forEach((lineContent, idx) => {
+      for (const match of lineContent.matchAll(regex)) {
+        ctx.report({
+          rule: this.meta.slug,
+          message: `Hardcoded spacing \`${match[0]}\` — use a spacing token`,
+          severity: (ctx.config && ctx.config.severity) || this.meta.severity || "error",
+          file,
+          line: idx + 1,
+          codeContext: content
+            .split("\n")
+            .slice(Math.max(0, idx - 1), idx + 2)
+            .join("\n"),
+        });
+      }
+    });
+  },
+};

package/src/rules/core/no-inline-styles.js

@@ -0,0 +1,28 @@
+// src/rules/core/no-inline-styles.js (ESM)
+export default {
+  meta: {
+    slug: "no-inline-styles",
+    name: "No Inline Styles",
+    description: "Prevent inline style attributes in JSX/HTML; use tokens or classes instead.",
+    severity: "error",
+  },
+  files: ["**/*.{js,jsx,ts,tsx,html}"],
+  evaluate(file, content, ctx) {
+    const re = /style\s*=\s*(\{\s*\{[^]*?\}\s*\}|"(?:[^"\\]|\\.)*"|'(?:[^'\\]|\\.)*')/g;
+    let m;
+    while ((m = re.exec(content))) {
+      const line = content.slice(0, m.index).split("\n").length;
+      ctx.report({
+        rule: this.meta.slug,
+        message: "Inline style detected — use tokens or classes instead",
+        severity: (ctx.config && ctx.config.severity) || this.meta.severity || "error",
+        file,
+        line,
+        codeContext: content
+          .split("\n")
+          .slice(Math.max(0, line - 2), line + 1)
+          .join("\n"),
+      });
+    }
+  },
+};

package/src/utils/authorId.js

@@ -0,0 +1,106 @@
+/**
+ * authorId.js
+ *
+ * Robust author identification strategy.
+ * 
+ * Git provides:
+ * - author.name
+ * - author.email
+ * 
+ * Neither is perfect:
+ * - Email can change (work -> personal, typos, company changes)
+ * - Name can vary (full vs abbreviated, unicode normalization)
+ * 
+ * Strategy:
+ * 1. Use email as primary (most stable)
+ * 2. Normalize email (lowercase, trim)
+ * 3. Hash for privacy
+ * 4. Track email -> author_id mapping server-side for deduplication
+ */
+
+import crypto from "crypto";
+
+function sha256(value) {
+  if (typeof value !== "string" || value.length === 0) return null;
+  return crypto.createHash("sha256").update(value, "utf8").digest("hex");
+}
+
+/**
+ * Normalize email for consistent hashing
+ */
+function normalizeEmail(email) {
+  if (!email || typeof email !== "string") return null;
+  return email.toLowerCase().trim();
+}
+
+/**
+ * Generate author ID from git metadata
+ * 
+ * Priority:
+ * 1. email (normalized & hashed)
+ * 2. name + email combo (fallback if email alone is ambiguous)
+ * 3. name only (last resort)
+ */
+export function generateAuthorId(author) {
+  // Input can be:
+  // - { email: "...", name: "..." }
+  // - just an email string
+  // - null/undefined
+  
+  let email = null;
+  let name = null;
+  
+  if (typeof author === "string") {
+    email = author;
+  } else if (author && typeof author === "object") {
+    email = author.email || author.author_email || null;
+    name = author.name || author.author_name || author.author || null;
+  }
+  
+  const normalizedEmail = normalizeEmail(email);
+  const normalizedName = name ? name.trim() : null;
+  
+  // Strategy 1: Hash email (best)
+  if (normalizedEmail) {
+    return sha256(normalizedEmail);
+  }
+  
+  // Strategy 2: Hash name (fallback - less stable)
+  if (normalizedName) {
+    console.warn("⚠️ No email for author, using name only (less stable):", normalizedName);
+    return sha256(normalizedName);
+  }
+  
+  console.warn("⚠️ No author information available");
+  return null;
+}
+
+/**
+ * Extract author metadata for storage
+ * Returns both the hashed ID and the original email/name for server-side mapping
+ */
+export function extractAuthorMetadata(author) {
+  let email = null;
+  let name = null;
+  
+  if (typeof author === "string") {
+    email = author;
+  } else if (author && typeof author === "object") {
+    email = author.email || author.author_email || null;
+    name = author.name || author.author_name || author.author || null;
+  }
+  
+  const normalizedEmail = normalizeEmail(email);
+  const normalizedName = name ? name.trim() : null;
+  
+  return {
+    author_id: generateAuthorId(author),
+    author_email: normalizedEmail,
+    author_name: normalizedName,
+    // Include original for debugging/auditing
+    author_email_original: email,
+    author_name_original: name,
+  };
+}
+
+export default generateAuthorId;