@jigyasudham/veto 0.8.0

package/dist/agents/development/reviewer.js

@@ -0,0 +1,260 @@
+// ─── plan ────────────────────────────────────────────────────────────────────
+export function plan(task, _context) {
+    return {
+        agent: 'reviewer',
+        task,
+        tier: 2,
+        approach: 'Systematic code review: assess complexity, error handling, naming, magic literals, nesting depth, and test coverage. Produce scored findings with actionable fixes.',
+        steps: [
+            'Read the module top-to-bottom to understand its purpose and public contract',
+            'Identify all exported symbols and verify they are intentional',
+            'Check function lengths — flag any function exceeding 50 lines for extraction',
+            'Assess cyclomatic complexity — any function with more than 10 branches is a risk',
+            'Verify every async call is awaited or explicitly fire-and-forget',
+            'Check error handling — all try/catch blocks must do something meaningful',
+            'Scan for magic numbers and untyped string literals',
+            'Measure nesting depth — refactor anything deeper than 3 levels',
+            'Review naming — variables, functions, and types should be self-documenting',
+            'Check for TODO/FIXME comments and ensure each links to a tracking issue',
+            'Verify unused imports and variables are removed',
+            'Confirm test coverage exists for every public function',
+            'Assess consistency with the rest of the codebase style',
+        ],
+        checklist: [
+            '[ ] No function exceeds 50 lines of executable code',
+            '[ ] No function has cyclomatic complexity > 10',
+            '[ ] Every await is inside an async function',
+            '[ ] Every try/catch logs or rethrows — no silent swallow',
+            '[ ] No magic numbers — use named constants',
+            '[ ] No deeply nested if/for (max 3 levels)',
+            '[ ] All TODO/FIXME comments reference a ticket number',
+            '[ ] No unused variables or imports',
+            '[ ] Naming is consistent with the project convention (camelCase, PascalCase for types)',
+            '[ ] No console.log left in production paths',
+            '[ ] Public functions have JSDoc',
+            '[ ] Every exported function has at least one test',
+            '[ ] No any types without an explanatory comment',
+            '[ ] No circular imports',
+        ],
+        pitfalls: [
+            'Approving a PR because it "looks fine" without running it locally',
+            'Missing async bugs — a synchronous function calling an async one without await silently drops the Promise',
+            'Over-reviewing style while missing logic errors — focus on correctness first',
+            'Not reading the tests — tests reveal intent, bad tests reveal bad design',
+            'Ignoring error handling because the happy path looks clean',
+        ],
+        patterns: [
+            'Guard clause pattern (early returns to reduce nesting)',
+            'Strategy pattern (replace long switch/if chains)',
+            'Extract function refactoring',
+            'Null Object pattern (replace null checks)',
+            'Result/Option type (replace throw-based error handling)',
+        ],
+        duration_estimate: '1-2 hours',
+    };
+}
+// ─── helpers ─────────────────────────────────────────────────────────────────
+function countLines(code) {
+    return code.split('\n').length;
+}
+function detectFunctions(code) {
+    const results = [];
+    const lines = code.split('\n');
+    // Match function declarations and arrow functions assigned to const/let/var
+    const funcRegex = /(?:function\s+(\w+)|(?:const|let|var)\s+(\w+)\s*=\s*(?:async\s*)?\()/;
+    let i = 0;
+    while (i < lines.length) {
+        const match = lines[i].match(funcRegex);
+        if (match) {
+            const name = match[1] || match[2] || 'anonymous';
+            let depth = 0;
+            let started = false;
+            const bodyLines = [];
+            let j = i;
+            while (j < lines.length) {
+                for (const ch of lines[j]) {
+                    if (ch === '{') {
+                        depth++;
+                        started = true;
+                    }
+                    if (ch === '}')
+                        depth--;
+                }
+                bodyLines.push(lines[j]);
+                if (started && depth === 0)
+                    break;
+                j++;
+            }
+            results.push({ name, body: bodyLines.join('\n'), start: i + 1 });
+            i = j + 1;
+        }
+        else {
+            i++;
+        }
+    }
+    return results;
+}
+function maxNestingDepth(code) {
+    let max = 0;
+    let depth = 0;
+    for (const ch of code) {
+        if (ch === '{') {
+            depth++;
+            max = Math.max(max, depth);
+        }
+        if (ch === '}')
+            depth--;
+    }
+    return max;
+}
+// ─── analyze ─────────────────────────────────────────────────────────────────
+export function analyze(code, context) {
+    const findings = [];
+    const lines = code.split('\n');
+    const totalLines = countLines(code);
+    const subject = context ?? `Code (${totalLines} lines)`;
+    // 1. Long functions
+    const functions = detectFunctions(code);
+    for (const fn of functions) {
+        const fnLines = fn.body.split('\n').length;
+        if (fnLines > 50) {
+            findings.push({
+                severity: 'medium',
+                category: 'Complexity',
+                description: `Function '${fn.name}' is ${fnLines} lines long (limit: 50).`,
+                fix: `Extract logical blocks into named helper functions. Aim for functions that do one thing and fit on one screen.`,
+                location: `Line ${fn.start}`,
+            });
+        }
+    }
+    // 2. Deep nesting
+    const nestingDepth = maxNestingDepth(code);
+    if (nestingDepth > 5) {
+        findings.push({
+            severity: 'medium',
+            category: 'Complexity',
+            description: `Maximum brace nesting depth is ${nestingDepth} (limit: 5). Deep nesting makes code hard to reason about.`,
+            fix: 'Apply guard clauses (early returns), extract inner blocks to functions, or flatten with Promise chains.',
+        });
+    }
+    // 3. Missing error handling — try without catch, or bare promise .then without .catch
+    const tryCatchBalance = (code.match(/\btry\b/g) || []).length;
+    const catchBalance = (code.match(/\bcatch\b/g) || []).length;
+    if (tryCatchBalance > catchBalance) {
+        findings.push({
+            severity: 'high',
+            category: 'Error Handling',
+            description: `Found ${tryCatchBalance} try block(s) but only ${catchBalance} catch block(s). Unmatched try blocks may silently swallow errors.`,
+            fix: 'Ensure every try has a corresponding catch. Log the error and either rethrow or return a typed error result.',
+        });
+    }
+    // 4. Unhandled promise (.then without .catch)
+    lines.forEach((line, idx) => {
+        if (/\.then\s*\(/.test(line) && !/\.catch\s*\(/.test(line)) {
+            // Check next few lines for .catch
+            const window = lines.slice(idx, idx + 5).join(' ');
+            if (!/\.catch\s*\(/.test(window)) {
+                findings.push({
+                    severity: 'high',
+                    category: 'Error Handling',
+                    description: `Promise .then() at line ${idx + 1} has no visible .catch() — unhandled rejection risk.`,
+                    fix: 'Add .catch(err => { ... }) or convert to async/await with try/catch.',
+                    location: `Line ${idx + 1}`,
+                });
+            }
+        }
+    });
+    // 5. Magic numbers
+    lines.forEach((line, idx) => {
+        // Skip comments and import lines
+        if (/^\s*(\/\/|\/\*|\*|import|export)/.test(line))
+            return;
+        // Match standalone numeric literals that aren't 0 or 1
+        const magicMatches = line.match(/(?<![.\w])(?:[2-9]\d*|\d{2,})(?!\w)/g);
+        if (magicMatches) {
+            findings.push({
+                severity: 'low',
+                category: 'Maintainability',
+                description: `Magic number(s) [${magicMatches.join(', ')}] at line ${idx + 1}. Bare literals obscure intent.`,
+                fix: 'Extract to a named constant: const MAX_RETRIES = 3; at the top of the file or in a constants module.',
+                location: `Line ${idx + 1}`,
+            });
+        }
+    });
+    // 6. TODO/FIXME without issue reference
+    lines.forEach((line, idx) => {
+        if (/\/\/.*\b(TODO|FIXME|HACK|XXX)\b/.test(line) && !/\b(#\d+|https?:\/\/|JIRA|GH-|issue)/i.test(line)) {
+            findings.push({
+                severity: 'low',
+                category: 'Technical Debt',
+                description: `Untracked TODO/FIXME at line ${idx + 1}: "${line.trim()}"`,
+                fix: 'Link to a tracking issue: // TODO(#123): fix this.',
+                location: `Line ${idx + 1}`,
+            });
+        }
+    });
+    // 7. Unused variable patterns (_var that is actually used, or var that starts with _ but is referenced)
+    lines.forEach((line, idx) => {
+        if (/const\s+_\w+\s*=/.test(line) || /let\s+_\w+\s*=/.test(line)) {
+            const varMatch = line.match(/(?:const|let)\s+(_\w+)/);
+            if (varMatch) {
+                const varName = varMatch[1];
+                const usedElsewhere = code.split('\n').filter((_, i) => i !== idx).some(l => l.includes(varName));
+                if (usedElsewhere) {
+                    findings.push({
+                        severity: 'info',
+                        category: 'Naming',
+                        description: `Variable '${varName}' starts with underscore (convention: unused) but is referenced elsewhere in the code.`,
+                        fix: `Rename '${varName}' to '${varName.slice(1)}' since it is actively used.`,
+                        location: `Line ${idx + 1}`,
+                    });
+                }
+            }
+        }
+    });
+    // 8. Consistent naming — detect mixed camelCase / snake_case for variables
+    const camelVars = (code.match(/\b(?:const|let|var)\s+([a-z][a-zA-Z0-9]*[A-Z][a-zA-Z0-9]*)\b/g) || []).length;
+    const snakeVars = (code.match(/\b(?:const|let|var)\s+([a-z][a-z0-9]*_[a-z][a-z0-9]*)\b/g) || []).length;
+    if (camelVars > 0 && snakeVars > 0) {
+        findings.push({
+            severity: 'low',
+            category: 'Naming',
+            description: `Mixed naming convention: ${camelVars} camelCase and ${snakeVars} snake_case variable declarations detected.`,
+            fix: 'Standardise on camelCase for variables and functions in TypeScript/JavaScript codebases.',
+        });
+    }
+    // ─── Score ────────────────────────────────────────────────────────────────
+    let score = 100;
+    const critical_count = findings.filter(f => f.severity === 'critical').length;
+    const high_count = findings.filter(f => f.severity === 'high').length;
+    const medium_count = findings.filter(f => f.severity === 'medium').length;
+    const low_count = findings.filter(f => f.severity === 'low').length;
+    score -= critical_count * 25;
+    score -= high_count * 15;
+    score -= medium_count * 8;
+    score -= low_count * 3;
+    score = Math.max(0, Math.min(100, score));
+    let verdict;
+    if (critical_count > 0)
+        verdict = 'rejected';
+    else if (high_count > 0)
+        verdict = 'needs_revision';
+    else if (medium_count > 0 || low_count > 2)
+        verdict = 'approved_with_warnings';
+    else
+        verdict = 'approved';
+    const summary = findings.length === 0
+        ? 'Code looks clean — no significant issues detected.'
+        : `Found ${findings.length} issue(s): ${critical_count} critical, ${high_count} high, ${medium_count} medium, ${low_count} low. Score: ${score}/100.`;
+    return {
+        agent: 'reviewer',
+        subject,
+        findings,
+        score,
+        verdict,
+        summary,
+        critical_count,
+        high_count,
+    };
+}
+//# sourceMappingURL=reviewer.js.map

package/dist/agents/development/tester.js

@@ -0,0 +1,143 @@
+function detectTestType(task, context) {
+    const combined = (task + ' ' + (context ?? '')).toLowerCase();
+    if (combined.includes('e2e') || combined.includes('end-to-end') || combined.includes('playwright') || combined.includes('cypress') || combined.includes('browser'))
+        return 'e2e';
+    if (combined.includes('integration') || combined.includes('database') || combined.includes('api') || combined.includes('endpoint') || combined.includes('http'))
+        return 'integration';
+    return 'unit';
+}
+const typeApproach = {
+    unit: 'Isolate the unit under test by mocking all dependencies. Cover happy path, error paths, boundary conditions, and type edge cases. Aim for 100% branch coverage on business logic.',
+    integration: 'Test the interaction between real components (DB, HTTP, filesystem). Use test containers or in-memory alternatives. Verify contracts and side effects, not just return values.',
+    e2e: 'Test user journeys from browser to backend. Run against a staging environment or local stack. Focus on critical paths — registration, login, core workflows. Avoid testing every permutation.',
+};
+const typeSteps = {
+    unit: [
+        'Identify the public interface of the unit under test',
+        'List all logical branches (if/else, switch, try/catch, null checks)',
+        'Create a test file co-located with the source file (*.test.ts)',
+        'Import the unit and mock all external dependencies at the top',
+        'Write the happy-path test first to establish baseline behaviour',
+        'Write a test for each error or exception path',
+        'Add boundary condition tests (empty array, zero, max value, null, undefined)',
+        'Add a test for each async path (resolved and rejected)',
+        'Verify mocks were called with the correct arguments',
+        'Run coverage report and fill gaps — target 90%+ branch coverage',
+        'Review test names — each should describe behaviour, not implementation',
+        'Run tests in watch mode and confirm they are deterministic across runs',
+    ],
+    integration: [
+        'Identify the integration boundary (DB, HTTP, message queue, filesystem)',
+        'Set up a test database or mock server that resets between tests',
+        'Write fixtures / seed data helpers',
+        'Test the full request-response cycle for each endpoint/operation',
+        'Verify response body schema and HTTP status codes',
+        'Verify database state after mutations',
+        'Test authentication and authorisation (valid token, expired token, wrong role)',
+        'Test concurrent requests do not corrupt shared state',
+        'Test rollback on partial failure (transaction integrity)',
+        'Clean up all test data in afterEach/afterAll hooks',
+        'Run tests against the CI database, not a developer\'s local DB',
+        'Assert on error response shape, not just status code',
+    ],
+    e2e: [
+        'Map the user journeys to test (registration, login, core workflow)',
+        'Set up a local or staging stack with predictable seed data',
+        'Write page object models (POMs) for each major screen',
+        'Implement the happy-path journey test first',
+        'Add negative journey tests (invalid login, blocked access)',
+        'Test form validation messages appear and are readable',
+        'Verify redirect behaviour after actions (post-login, post-submit)',
+        'Test on at least two viewport sizes (mobile and desktop)',
+        'Add accessibility checks (axe-core or Playwright a11y plugin)',
+        'Assert on URL changes to ensure navigation works',
+        'Run in headless mode in CI; headed mode for debugging',
+        'Keep each test independent — never rely on state from a previous test',
+    ],
+};
+const typeChecklist = {
+    unit: [
+        '[ ] Every public function has at least one test',
+        '[ ] Every branch of a conditional is exercised',
+        '[ ] Error throw / rejection is tested explicitly',
+        '[ ] Mocks are reset between tests (beforeEach)',
+        '[ ] No test depends on another test\'s side effects',
+        '[ ] Test names use "should <behaviour> when <condition>" format',
+        '[ ] No production code altered to make tests pass (unless it improves design)',
+        '[ ] Tests run in under 5 seconds total',
+        '[ ] Coverage threshold enforced in jest/vitest config',
+        '[ ] Snapshot tests (if used) are committed and reviewed',
+    ],
+    integration: [
+        '[ ] Test database is isolated from development database',
+        '[ ] Seed data is deterministic and version-controlled',
+        '[ ] All test data cleaned up after each test',
+        '[ ] Auth tokens generated fresh per test',
+        '[ ] Response schema validated against TypeScript types',
+        '[ ] Error response shape tested, not just status code',
+        '[ ] Transactions roll back correctly on failure',
+        '[ ] No hardcoded ports — use dynamic port allocation',
+        '[ ] CI pipeline runs integration tests in a Docker environment',
+        '[ ] Tests are tagged so unit and integration can run separately',
+    ],
+    e2e: [
+        '[ ] Page object models used — no raw selectors in test bodies',
+        '[ ] data-testid attributes used for element selection (not CSS classes)',
+        '[ ] Each test is fully independent (own seed data)',
+        '[ ] Tests run in headless mode in CI',
+        '[ ] Mobile and desktop viewports both tested',
+        '[ ] Accessibility check passes on each major screen',
+        '[ ] Network errors are simulated for critical flows',
+        '[ ] Screenshots taken on failure for debugging',
+        '[ ] Test retries configured (max 2) to handle flakiness',
+        '[ ] Critical path coverage maps to product requirements',
+    ],
+};
+const typePitfalls = {
+    unit: [
+        'Testing implementation details (private methods, internal state) — test behaviour, not internals',
+        'Mocking the module under test — only mock its dependencies',
+        'Asserting on mock call count without asserting on arguments',
+        'Writing tests after the fact without TDD discipline — causes incomplete coverage',
+        'Using Math.random() or Date.now() in tests without mocking — non-deterministic results',
+    ],
+    integration: [
+        'Running integration tests against shared databases — causes test pollution between developers',
+        'Forgetting to rollback DB transactions — leaves dirty state that breaks subsequent tests',
+        'Hardcoding localhost ports — causes CI failures when ports are in use',
+        'Not testing the unhappy auth paths — security gap',
+        'Asserting only on status codes, not response body — misses contract violations',
+    ],
+    e2e: [
+        'Using CSS class selectors — they change on style refactors and break tests',
+        'Sharing state between tests — one failure cascades to all subsequent tests',
+        'Testing every UI permutation — creates a massive suite that nobody maintains',
+        'Ignoring flaky tests — they erode trust in the entire suite',
+        'Not running e2e on CI — catching bugs only locally defeats the purpose',
+    ],
+};
+const typePatterns = {
+    unit: ['Arrange-Act-Assert', 'Mock object pattern', 'Test data builder', 'Parameterised tests', 'Given-When-Then'],
+    integration: ['Test container pattern', 'Database cleaner pattern', 'Fixture factory', 'Contract testing', 'Seeding pattern'],
+    e2e: ['Page Object Model', 'Journey test pattern', 'Screenplay pattern', 'Seed-and-clean pattern', 'Visual regression testing'],
+};
+const typeDuration = {
+    unit: '1-3 hours',
+    integration: '3-6 hours',
+    e2e: '4-8 hours',
+};
+export function plan(task, context) {
+    const testType = detectTestType(task, context);
+    return {
+        agent: 'tester',
+        task,
+        tier: 2,
+        approach: typeApproach[testType],
+        steps: typeSteps[testType],
+        checklist: typeChecklist[testType],
+        pitfalls: typePitfalls[testType],
+        patterns: typePatterns[testType],
+        duration_estimate: typeDuration[testType],
+    };
+}
+//# sourceMappingURL=tester.js.map

package/dist/agents/executor.js

@@ -0,0 +1,144 @@
+// Development agents
+import * as coder from './development/coder.js';
+import * as reviewer from './development/reviewer.js';
+import * as tester from './development/tester.js';
+import * as debugger_ from './development/debugger.js';
+import * as refactor from './development/refactor.js';
+import * as database from './development/database.js';
+import * as api from './development/api.js';
+import * as frontend from './development/frontend.js';
+import * as backend from './development/backend.js';
+import * as devops from './development/devops.js';
+import * as performance from './development/performance.js';
+import * as migration from './development/migration.js';
+// Security agents
+import * as securityScanner from './security/scanner.js';
+import * as auth from './security/auth.js';
+import * as privacy from './security/privacy.js';
+import * as secrets from './security/secrets.js';
+import * as dependencyAudit from './security/dependency-audit.js';
+import * as penetration from './security/penetration.js';
+// Memory agents
+import * as contextManager from './memory/context-manager.js';
+import * as decisionLogger from './memory/decision-logger.js';
+import * as projectMapper from './memory/project-mapper.js';
+import * as patternLearner from './memory/pattern-learner.js';
+import * as knowledgeBase from './memory/knowledge-base.js';
+// Research agents
+import * as researcher from './research/researcher.js';
+import * as techAdvisor from './research/tech-advisor.js';
+import * as costAnalyzer from './research/cost-analyzer.js';
+import * as competitorAnalyzer from './research/competitor-analyzer.js';
+import * as riskAssessor from './research/risk-assessor.js';
+import * as estimator from './research/estimator.js';
+import * as ethicsBias from './research/ethics-bias.js';
+// Quality agents
+import * as codeQuality from './quality/code-quality.js';
+import * as documentation from './quality/documentation.js';
+import * as accessibility from './quality/accessibility.js';
+import * as compatibility from './quality/compatibility.js';
+import * as errorHandling from './quality/error-handling.js';
+// Workflow agents
+import * as taskPlanner from './workflow/task-planner.js';
+import * as taskCoordinator from './workflow/task-coordinator.js';
+import * as fileManager from './workflow/file-manager.js';
+import * as gitAgent from './workflow/git-agent.js';
+import * as searchAgent from './workflow/search-agent.js';
+import * as reporter from './workflow/reporter.js';
+import * as automation from './workflow/automation.js';
+// Agents that support analyze()
+const ANALYZE_CAPABLE = new Set([
+    'reviewer',
+    'security-scanner',
+    'secrets',
+    'dependency-audit',
+    'code-quality',
+    'documentation',
+    'accessibility',
+    'error-handling',
+]);
+function resolveAgent(agentType) {
+    switch (agentType) {
+        case 'coder': return coder;
+        case 'reviewer': return reviewer;
+        case 'tester': return tester;
+        case 'debugger': return debugger_;
+        case 'refactor': return refactor;
+        case 'database': return database;
+        case 'api': return api;
+        case 'frontend': return frontend;
+        case 'backend': return backend;
+        case 'devops': return devops;
+        case 'performance': return performance;
+        case 'migration': return migration;
+        case 'security-scanner': return securityScanner;
+        case 'auth': return auth;
+        case 'privacy': return privacy;
+        case 'secrets': return secrets;
+        case 'dependency-audit': return dependencyAudit;
+        case 'penetration': return penetration;
+        case 'context-manager': return contextManager;
+        case 'decision-logger': return decisionLogger;
+        case 'project-mapper': return projectMapper;
+        case 'pattern-learner': return patternLearner;
+        case 'knowledge-base': return knowledgeBase;
+        case 'researcher': return researcher;
+        case 'tech-advisor': return techAdvisor;
+        case 'cost-analyzer': return costAnalyzer;
+        case 'competitor-analyzer': return competitorAnalyzer;
+        case 'risk-assessor': return riskAssessor;
+        case 'estimator': return estimator;
+        case 'ethics-bias': return ethicsBias;
+        case 'code-quality': return codeQuality;
+        case 'documentation': return documentation;
+        case 'accessibility': return accessibility;
+        case 'compatibility': return compatibility;
+        case 'error-handling': return errorHandling;
+        case 'task-planner': return taskPlanner;
+        case 'task-coordinator': return taskCoordinator;
+        case 'file-manager': return fileManager;
+        case 'git-agent': return gitAgent;
+        case 'search-agent': return searchAgent;
+        case 'reporter': return reporter;
+        case 'automation': return automation;
+        default:
+            throw new Error(`Unknown agent type: ${agentType}`);
+    }
+}
+export async function executeOne(task) {
+    const start = Date.now();
+    try {
+        const agent = resolveAgent(task.agent);
+        const useAnalyze = task.code !== undefined && ANALYZE_CAPABLE.has(task.agent);
+        if (useAnalyze && agent.analyze) {
+            const analysis = agent.analyze(task.code, task.context);
+            return {
+                id: task.id,
+                agent: task.agent,
+                analysis,
+                duration_ms: Date.now() - start,
+            };
+        }
+        else {
+            const plan = agent.plan(task.task, task.context);
+            return {
+                id: task.id,
+                agent: task.agent,
+                plan,
+                duration_ms: Date.now() - start,
+            };
+        }
+    }
+    catch (err) {
+        return {
+            id: task.id,
+            agent: task.agent,
+            duration_ms: Date.now() - start,
+            error: err instanceof Error ? err.message : String(err),
+        };
+    }
+}
+export async function executeParallel(tasks) {
+    return Promise.all(tasks.map(task => executeOne(task)));
+}
+//# sourceMappingURL=executor.js.map