@hatem427/code-guard-ci 1.0.0

package/scripts/set-admin-password.ts

@@ -0,0 +1,90 @@
+#!/usr/bin/env ts-node
+/**
+ * ============================================================================
+ * set-admin-password.ts — CLI tool to set admin password
+ * ============================================================================
+ *
+ * Admin password is required to delete bypass log entries.
+ * This provides a higher level of security for log management.
+ *
+ * Usage:
+ *   npm run set-admin-password
+ */
+
+import { setAdminPassword } from './utils/bypass-manager';
+import * as readline from 'readline';
+
+function promptPassword(question: string): Promise<string> {
+  return new Promise((resolve) => {
+    const rl = readline.createInterface({
+      input: process.stdin,
+      output: process.stdout,
+    });
+
+    const stdin = process.stdin as any;
+    stdin.setRawMode(true);
+    
+    let password = '';
+    process.stdout.write(question);
+    
+    stdin.on('data', (char: Buffer) => {
+      const str = char.toString('utf-8');
+      
+      if (str === '\n' || str === '\r' || str === '\u0004') {
+        stdin.setRawMode(false);
+        process.stdout.write('\n');
+        rl.close();
+        resolve(password);
+      } else if (str === '\u0003') {
+        // Ctrl+C
+        process.exit(1);
+      } else if (str === '\u007f' || str === '\b') {
+        // Backspace
+        if (password.length > 0) {
+          password = password.slice(0, -1);
+          process.stdout.write('\b \b');
+        }
+      } else {
+        password += str;
+        process.stdout.write('*');
+      }
+    });
+  });
+}
+
+async function main() {
+  console.log('🔐 Code Guardian — Set Admin Password\n');
+  console.log('⚠️  ADMIN PRIVILEGES:');
+  console.log('   • View all bypass logs');
+  console.log('   • Delete bypass log entries');
+  console.log('   • Access archived logs\n');
+  console.log('🔒 This password should be highly restricted and secure.\n');
+
+  const password = await promptPassword('Enter new admin password: ');
+  
+  if (!password || password.length < 8) {
+    console.error('\n❌ Admin password must be at least 8 characters long.');
+    process.exit(1);
+  }
+
+  const confirm = await promptPassword('Confirm password: ');
+
+  if (password !== confirm) {
+    console.error('\n❌ Passwords do not match.');
+    process.exit(1);
+  }
+
+  setAdminPassword(password);
+  console.log('\n✅ Admin password set successfully!');
+  console.log('📁 Stored in: .code-guardian/admin-credentials.hash');
+  console.log('\n⚠️  IMPORTANT SECURITY NOTES:');
+  console.log('   1. Add .code-guardian/ to .gitignore (if not already done)');
+  console.log('   2. Share this password only with authorized administrators');
+  console.log('   3. Change default password immediately in production');
+  console.log('   4. Store password securely (password manager recommended)');
+}
+
+main().catch((err) => {
+  console.error(`Error: ${err.message}`);
+  process.exit(1);
+});

package/scripts/set-bypass-password.ts

@@ -0,0 +1,80 @@
+#!/usr/bin/env ts-node
+/**
+ * ============================================================================
+ * set-bypass-password.ts — CLI tool to set bypass password
+ * ============================================================================
+ *
+ * Usage:
+ *   npm run set-bypass-password
+ */
+
+import { setBypassPassword } from './utils/bypass-manager';
+import * as readline from 'readline';
+
+function promptPassword(question: string): Promise<string> {
+  return new Promise((resolve) => {
+    const rl = readline.createInterface({
+      input: process.stdin,
+      output: process.stdout,
+    });
+
+    const stdin = process.stdin as any;
+    stdin.setRawMode(true);
+    
+    let password = '';
+    process.stdout.write(question);
+    
+    stdin.on('data', (char: Buffer) => {
+      const str = char.toString('utf-8');
+      
+      if (str === '\n' || str === '\r' || str === '\u0004') {
+        stdin.setRawMode(false);
+        process.stdout.write('\n');
+        rl.close();
+        resolve(password);
+      } else if (str === '\u0003') {
+        // Ctrl+C
+        process.exit(1);
+      } else if (str === '\u007f' || str === '\b') {
+        // Backspace
+        if (password.length > 0) {
+          password = password.slice(0, -1);
+          process.stdout.write('\b \b');
+        }
+      } else {
+        password += str;
+        process.stdout.write('*');
+      }
+    });
+  });
+}
+
+async function main() {
+  console.log('🔐 Code Guardian — Set Bypass Password\n');
+  console.log('This password will be required to bypass pre-commit checks.');
+  console.log('Share it only with authorized team members.\n');
+
+  const password = await promptPassword('Enter new bypass password: ');
+  
+  if (!password || password.length < 6) {
+    console.error('\n❌ Password must be at least 6 characters long.');
+    process.exit(1);
+  }
+
+  const confirm = await promptPassword('Confirm password: ');
+
+  if (password !== confirm) {
+    console.error('\n❌ Passwords do not match.');
+    process.exit(1);
+  }
+
+  setBypassPassword(password);
+  console.log('\n✅ Password set successfully!');
+  console.log('📁 Stored in: .code-guardian/bypass-password.hash');
+  console.log('\n⚠️  Remember to add .code-guardian/ to .gitignore if not already done.');
+}
+
+main().catch((err) => {
+  console.error(`Error: ${err.message}`);
+  process.exit(1);
+});

package/scripts/utils/auto-fixer.ts

@@ -0,0 +1,181 @@
+/**
+ * ============================================================================
+ * auto-fixer.ts — Automatic code fixes for common violations
+ * ============================================================================
+ *
+ * Provides auto-fix capabilities for rules that can be safely automated.
+ */
+
+import * as fs from 'fs';
+import { Violation } from './rule-engine';
+
+export interface FixResult {
+  fixed: boolean;
+  message: string;
+}
+
+/**
+ * Attempt to auto-fix a violation
+ */
+export function autoFixViolation(violation: Violation, filePath: string): FixResult {
+  const content = fs.readFileSync(filePath, 'utf-8');
+  const lines = content.split('\n');
+
+  switch (violation.ruleId) {
+    case 'no-console-log':
+      return fixConsoleLog(lines, violation, filePath);
+    
+    case 'no-any-type':
+      return fixAnyType(lines, violation, filePath);
+    
+    case 'react-no-inline-styles':
+      return { fixed: false, message: 'Manual fix required - convert to Tailwind classes' };
+    
+    case 'require-alt-text':
+      return fixMissingAlt(lines, violation, filePath);
+    
+    case 'require-button-type':
+      return fixButtonType(lines, violation, filePath);
+    
+    default:
+      return { fixed: false, message: 'No auto-fix available for this rule' };
+  }
+}
+
+/**
+ * Remove console.log statements
+ */
+function fixConsoleLog(lines: string[], violation: Violation, filePath: string): FixResult {
+  if (!violation.line) {
+    return { fixed: false, message: 'Cannot determine line number' };
+  }
+
+  const lineIndex = violation.line - 1;
+  const line = lines[lineIndex];
+
+  // Remove entire line if it only contains console.log
+  if (line.trim().match(/^console\.log\(.+\);?\s*$/)) {
+    lines.splice(lineIndex, 1);
+    fs.writeFileSync(filePath, lines.join('\n'), 'utf-8');
+    return { fixed: true, message: 'Removed console.log statement' };
+  }
+
+  return { fixed: false, message: 'Console.log is part of larger expression - manual fix required' };
+}
+
+/**
+ * Convert 'any' to 'unknown' (safer)
+ */
+function fixAnyType(lines: string[], violation: Violation, filePath: string): FixResult {
+  if (!violation.line) {
+    return { fixed: false, message: 'Cannot determine line number' };
+  }
+
+  const lineIndex = violation.line - 1;
+  let line = lines[lineIndex];
+
+  // Replace : any with : unknown
+  if (line.includes(': any')) {
+    line = line.replace(/:\s*any\b/g, ': unknown');
+    lines[lineIndex] = line;
+    fs.writeFileSync(filePath, lines.join('\n'), 'utf-8');
+    return { fixed: true, message: 'Changed any → unknown' };
+  }
+
+  // Replace any[] with unknown[]
+  if (line.includes('any[]')) {
+    line = line.replace(/\bany\[\]/g, 'unknown[]');
+    lines[lineIndex] = line;
+    fs.writeFileSync(filePath, lines.join('\n'), 'utf-8');
+    return { fixed: true, message: 'Changed any[] → unknown[]' };
+  }
+
+  return { fixed: false, message: 'Complex any usage - manual fix required' };
+}
+
+/**
+ * Add alt="" to images
+ */
+function fixMissingAlt(lines: string[], violation: Violation, filePath: string): FixResult {
+  if (!violation.line) {
+    return { fixed: false, message: 'Cannot determine line number' };
+  }
+
+  const lineIndex = violation.line - 1;
+  let line = lines[lineIndex];
+
+  // Add alt="" before the closing />
+  if (/<img\b/.test(line) && !/alt\s*=/.test(line)) {
+    // Add alt before />
+    line = line.replace(/\/>/, ' alt="" />');
+    // Or before >
+    line = line.replace(/([^/])>/, '$1 alt="">');
+    
+    lines[lineIndex] = line;
+    fs.writeFileSync(filePath, lines.join('\n'), 'utf-8');
+    return { fixed: true, message: 'Added alt="" attribute' };
+  }
+
+  return { fixed: false, message: 'Could not add alt attribute' };
+}
+
+/**
+ * Add type="button" to buttons
+ */
+function fixButtonType(lines: string[], violation: Violation, filePath: string): FixResult {
+  if (!violation.line) {
+    return { fixed: false, message: 'Cannot determine line number' };
+  }
+
+  const lineIndex = violation.line - 1;
+  let line = lines[lineIndex];
+
+  // Add type="button" to <button>
+  if (/<button\b/.test(line) && !/type\s*=/.test(line)) {
+    line = line.replace(/<button/, '<button type="button"');
+    
+    lines[lineIndex] = line;
+    fs.writeFileSync(filePath, lines.join('\n'), 'utf-8');
+    return { fixed: true, message: 'Added type="button" attribute' };
+  }
+
+  return { fixed: false, message: 'Could not add type attribute' };
+}
+
+/**
+ * Auto-fix all fixable violations in a list
+ */
+export function autoFixAll(violations: Violation[], rootDir: string): {
+  fixed: number;
+  failed: number;
+  results: Array<{ violation: Violation; result: FixResult }>;
+} {
+  const results: Array<{ violation: Violation; result: FixResult }> = [];
+  let fixed = 0;
+  let failed = 0;
+
+  // Group by file to avoid multiple reads/writes
+  const byFile = new Map<string, Violation[]>();
+  for (const v of violations) {
+    const existing = byFile.get(v.file) || [];
+    existing.push(v);
+    byFile.set(v.file, existing);
+  }
+
+  for (const [file, fileViolations] of byFile) {
+    const fullPath = `${rootDir}/${file}`;
+    
+    for (const violation of fileViolations) {
+      const result = autoFixViolation(violation, fullPath);
+      results.push({ violation, result });
+      
+      if (result.fixed) {
+        fixed++;
+      } else {
+        failed++;
+      }
+    }
+  }
+
+  return { fixed, failed, results };
+}