@loxia-labs/loxia-autopilot-one 1.0.1

package/package.json

@@ -0,0 +1,94 @@
+{
+  "name": "@loxia-labs/loxia-autopilot-one",
+  "version": "1.0.1",
+  "description": "Loxia AI Agents System - No-code/vibe-code/companion-coder platform",
+  "type": "module",
+  "main": "src/index.js",
+  "bin": {
+    "loxia": "./bin/cli.js"
+  },
+  "scripts": {
+    "start": "node src/index.js",
+    "dev": "node --inspect src/index.js",
+    "test": "jest",
+    "lint": "eslint src/",
+    "typecheck": "echo 'No TypeScript - skipping typecheck'",
+    "build": "npm run build:web-ui",
+    "build:web-ui": "cd web-ui && npm install && npm run build && cd ..",
+    "docs": "jsdoc -c jsdoc.config.json",
+    "postinstall": "node scripts/install-scanners.js",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "ai",
+    "agents",
+    "automation",
+    "coding-assistant",
+    "no-code",
+    "vibe-code"
+  ],
+  "author": "Loxia AI",
+  "license": "SEE LICENSE IN LICENSE",
+  "files": [
+    "bin/",
+    "src/",
+    "web-ui/build/",
+    "web-ui/dist/",
+    "scripts/",
+    "README.md",
+    "LICENSE"
+  ],
+  "engines": {
+    "node": ">=16.0.0"
+  },
+  "dependencies": {
+    "@babel/parser": "^7.28.5",
+    "@babel/traverse": "^7.28.5",
+    "express": "^4.18.2",
+    "glob": "^10.4.5",
+    "node-fetch": "^3.3.2",
+    "pdf-parse": "^2.2.2",
+    "postcss": "^8.5.6",
+    "postcss-less": "^6.0.0",
+    "postcss-scss": "^4.0.9",
+    "prettier": "^3.6.2",
+    "puppeteer": "^24.25.0",
+    "stylelint": "^16.25.0",
+    "stylelint-config-standard": "^39.0.1",
+    "tiktoken": "^1.0.15",
+    "typescript": "^5.9.3",
+    "ws": "^8.16.0"
+  },
+  "devDependencies": {
+    "ajv": "^8.17.1",
+    "ajv-formats": "^3.0.1",
+    "eslint": "^8.57.1",
+    "eslint-plugin-security": "^3.0.1",
+    "jest": "^29.7.0",
+    "jsdoc": "^4.0.2"
+  },
+  "jest": {
+    "testEnvironment": "node",
+    "collectCoverageFrom": [
+      "src/**/*.js",
+      "!src/**/*.test.js"
+    ]
+  },
+  "eslintConfig": {
+    "env": {
+      "node": true,
+      "es2022": true
+    },
+    "extends": [
+      "eslint:recommended"
+    ],
+    "parserOptions": {
+      "ecmaVersion": 2022,
+      "sourceType": "module"
+    },
+    "rules": {
+      "no-unused-vars": "warn",
+      "no-console": "off"
+    }
+  }
+}

package/scripts/install-scanners.js

@@ -0,0 +1,236 @@
+#!/usr/bin/env node
+/**
+ * Post-install script to set up security scanners
+ * Automatically installs required scanners for the platform
+ */
+
+import { exec } from 'child_process';
+import { promisify } from 'util';
+import https from 'https';
+import http from 'http';
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+import { createWriteStream } from 'fs';
+import { pipeline } from 'stream/promises';
+
+const execAsync = promisify(exec);
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+const SCANNER_DIR = path.join(__dirname, '..', 'node_modules', '.scanners');
+const SEMGREP_VERSION = 'v1.55.0';
+
+console.log('═══════════════════════════════════════════════════════════');
+console.log('  Installing Security Scanners');
+console.log('═══════════════════════════════════════════════════════════\n');
+
+/**
+ * Main installation function
+ */
+async function installScanners() {
+  // Ensure scanner directory exists
+  await fs.promises.mkdir(SCANNER_DIR, { recursive: true });
+
+  // 1. Check ESLint Security Plugin (should be in package.json)
+  await checkESLintSecurity();
+
+  // 2. Install Semgrep standalone binary
+  await installSemgrep();
+
+  // 3. Optionally install Python scanners if Python is available
+  await installPythonScanners();
+
+  console.log('\n═══════════════════════════════════════════════════════════');
+  console.log('  Installation Complete');
+  console.log('═══════════════════════════════════════════════════════════\n');
+}
+
+/**
+ * Check if ESLint Security Plugin is installed
+ */
+async function checkESLintSecurity() {
+  console.log('📦 Checking ESLint Security Plugin...');
+  try {
+    await import('eslint-plugin-security');
+    console.log('   ✅ eslint-plugin-security is installed\n');
+  } catch (error) {
+    console.log('   ⚠️  eslint-plugin-security not found');
+    console.log('   Run: npm install --save-dev eslint-plugin-security\n');
+  }
+}
+
+/**
+ * Install Semgrep standalone binary for the current platform
+ */
+async function installSemgrep() {
+  console.log('🔍 Installing Semgrep...');
+
+  const platform = process.platform;
+  const arch = process.arch;
+
+  // Check if semgrep is already installed globally
+  try {
+    const result = await execAsync('semgrep --version', { timeout: 5000 });
+    console.log(`   ✅ Semgrep already installed: ${result.stdout.trim()}`);
+    console.log('   Using system-installed Semgrep\n');
+    return;
+  } catch (error) {
+    console.log('   Semgrep not found in PATH, installing standalone binary...');
+  }
+
+  // Determine download URL based on platform
+  const binaryInfo = getSemgrepBinaryInfo(platform, arch);
+
+  if (!binaryInfo) {
+    console.log(`   ⚠️  No Semgrep binary available for ${platform}-${arch}`);
+    console.log('   Please install manually: https://semgrep.dev/docs/getting-started/\n');
+    return;
+  }
+
+  try {
+    const binaryPath = path.join(SCANNER_DIR, 'semgrep');
+
+    console.log(`   Downloading from ${binaryInfo.url}...`);
+    await downloadFile(binaryInfo.url, binaryPath);
+
+    // Make executable
+    await fs.promises.chmod(binaryPath, 0o755);
+
+    console.log('   ✅ Semgrep installed successfully');
+    console.log(`   Location: ${binaryPath}\n`);
+
+    // Add to PATH environment note
+    console.log('   Note: To use system-wide, add to PATH or install globally:');
+    console.log('   pip install semgrep\n');
+  } catch (error) {
+    console.log(`   ⚠️  Failed to install Semgrep: ${error.message}`);
+    console.log('   You can install manually: pip install semgrep\n');
+  }
+}
+
+/**
+ * Get Semgrep binary info for platform
+ */
+function getSemgrepBinaryInfo(platform, arch) {
+  // Semgrep binary URLs (using latest stable release)
+  // Note: Semgrep doesn't provide standalone binaries anymore for all platforms
+  // They recommend using pip install or Docker
+
+  // For now, we'll provide instructions rather than downloading
+  // The actual implementation would use Semgrep's Python package
+
+  return null; // Will trigger manual installation message
+}
+
+/**
+ * Install Python-based scanners (Bandit, pip-audit) if Python is available
+ */
+async function installPythonScanners() {
+  console.log('🐍 Checking Python scanners...');
+
+  // Check if Python is available
+  let pythonCommand = null;
+
+  try {
+    await execAsync('python3 --version', { timeout: 5000 });
+    pythonCommand = 'python3';
+  } catch (error) {
+    try {
+      await execAsync('python --version', { timeout: 5000 });
+      pythonCommand = 'python';
+    } catch (error2) {
+      console.log('   ⚠️  Python not found - skipping Python scanners');
+      console.log('   To enable Python scanning, install Python and run:');
+      console.log('   pip install semgrep bandit pip-audit checkov yamllint\n');
+      return;
+    }
+  }
+
+  console.log(`   ✅ Python found: ${pythonCommand}`);
+
+  // Security scanners
+  await installViaPip('semgrep', pythonCommand);
+  await installViaPip('bandit', pythonCommand);
+  await installViaPip('pip-audit', pythonCommand);
+
+  // Config validation tools
+  await installViaPip('checkov', pythonCommand);
+  await installViaPip('yamllint', pythonCommand);
+
+  console.log('');
+}
+
+/**
+ * Install a Python package via pip
+ */
+async function installViaPip(packageName, pythonCommand) {
+  try {
+    // Check if already installed
+    const checkResult = await execAsync(`${pythonCommand} -m pip show ${packageName}`, {
+      timeout: 5000
+    });
+    console.log(`   ✅ ${packageName} already installed`);
+    return true;
+  } catch (error) {
+    // Not installed, try to install
+    console.log(`   Installing ${packageName}...`);
+    try {
+      await execAsync(`${pythonCommand} -m pip install --user ${packageName}`, {
+        timeout: 60000
+      });
+      console.log(`   ✅ ${packageName} installed successfully`);
+      return true;
+    } catch (installError) {
+      console.log(`   ⚠️  Failed to install ${packageName}: ${installError.message}`);
+      console.log(`   You can install manually: pip install ${packageName}`);
+      return false;
+    }
+  }
+}
+
+/**
+ * Download a file from URL
+ */
+async function downloadFile(url, outputPath) {
+  return new Promise((resolve, reject) => {
+    const client = url.startsWith('https') ? https : http;
+
+    client.get(url, (response) => {
+      if (response.statusCode === 302 || response.statusCode === 301) {
+        // Follow redirect
+        downloadFile(response.headers.location, outputPath)
+          .then(resolve)
+          .catch(reject);
+        return;
+      }
+
+      if (response.statusCode !== 200) {
+        reject(new Error(`Failed to download: HTTP ${response.statusCode}`));
+        return;
+      }
+
+      const fileStream = createWriteStream(outputPath);
+      response.pipe(fileStream);
+
+      fileStream.on('finish', () => {
+        fileStream.close();
+        resolve();
+      });
+
+      fileStream.on('error', (error) => {
+        fs.unlink(outputPath, () => {}); // Delete partial file
+        reject(error);
+      });
+    }).on('error', reject);
+  });
+}
+
+// Run installation
+installScanners().catch((error) => {
+  console.error('❌ Installation failed:', error.message);
+  console.error('\nYou can manually install scanners:');
+  console.error('  npm install --save-dev eslint-plugin-security');
+  console.error('  pip install semgrep bandit pip-audit');
+  process.exit(0); // Don't fail npm install
+});

package/src/analyzers/CSSAnalyzer.js

@@ -0,0 +1,297 @@
+/**
+ * CSSAnalyzer - CSS/SCSS/LESS code analysis using PostCSS and Stylelint
+ *
+ * Purpose:
+ * - Analyze CSS, SCSS, and LESS files for syntax errors
+ * - Validate style rules and properties
+ * - Detect common CSS issues and bad practices
+ * - Support preprocessor syntaxes (SCSS, LESS)
+ */
+
+import { STATIC_ANALYSIS } from '../utilities/constants.js';
+
+class CSSAnalyzer {
+  constructor(logger = null) {
+    this.logger = logger;
+    this.stylelint = null;
+    this.postcss = null;
+    this.postcssScss = null;
+    this.postcssLess = null;
+  }
+
+  /**
+   * Analyze CSS/SCSS/LESS code
+   * @param {string} filePath - Path to file
+   * @param {string} content - File content
+   * @param {Object} options - Analysis options
+   * @returns {Promise<Array>} Array of diagnostics
+   */
+  async analyze(filePath, content, options = {}) {
+    try {
+      const diagnostics = [];
+      const language = this.detectLanguage(filePath);
+
+      // Check syntax using PostCSS
+      const syntaxErrors = await this.checkSyntax(filePath, content, language);
+      diagnostics.push(...syntaxErrors);
+
+      // Only run style linting if no syntax errors
+      if (syntaxErrors.length === 0) {
+        const styleIssues = await this.lintStyles(filePath, content, language);
+        diagnostics.push(...styleIssues);
+      }
+
+      this.logger?.debug('CSS analysis completed', {
+        file: filePath,
+        language,
+        totalDiagnostics: diagnostics.length,
+        errors: diagnostics.filter(d => d.severity === STATIC_ANALYSIS.SEVERITY.ERROR).length,
+        warnings: diagnostics.filter(d => d.severity === STATIC_ANALYSIS.SEVERITY.WARNING).length
+      });
+
+      return diagnostics;
+
+    } catch (error) {
+      this.logger?.error('CSS analysis failed', {
+        file: filePath,
+        error: error.message
+      });
+
+      // Return empty array on error to allow other analysis to continue
+      return [];
+    }
+  }
+
+  /**
+   * Check CSS syntax using PostCSS
+   * @private
+   */
+  async checkSyntax(filePath, content, language) {
+    const diagnostics = [];
+
+    try {
+      // Lazy load PostCSS and syntax parsers
+      if (!this.postcss) {
+        const postcssModule = await import('postcss');
+        this.postcss = postcssModule.default;
+      }
+
+      let syntax = null;
+
+      if (language === 'scss') {
+        if (!this.postcssScss) {
+          const scssModule = await import('postcss-scss');
+          this.postcssScss = scssModule.default;
+        }
+        syntax = this.postcssScss;
+      } else if (language === 'less') {
+        if (!this.postcssLess) {
+          const lessModule = await import('postcss-less');
+          this.postcssLess = lessModule.default;
+        }
+        syntax = this.postcssLess;
+      }
+
+      // Parse CSS with PostCSS
+      const result = this.postcss().process(content, {
+        from: filePath,
+        syntax
+      });
+
+      // PostCSS parsing is synchronous - accessing result.root will throw if syntax error
+      const root = result.root;
+
+      // If we get here, syntax is valid
+      this.logger?.debug('PostCSS syntax check passed', { file: filePath });
+
+    } catch (error) {
+      // PostCSS syntax error
+      const diagnostic = this.formatPostCSSError(error, filePath);
+      if (diagnostic) {
+        diagnostics.push(diagnostic);
+      }
+    }
+
+    return diagnostics;
+  }
+
+  /**
+   * Lint styles using Stylelint
+   * @private
+   */
+  async lintStyles(filePath, content, language) {
+    const diagnostics = [];
+
+    try {
+      // Lazy load Stylelint
+      if (!this.stylelint) {
+        const stylelintModule = await import('stylelint');
+        this.stylelint = stylelintModule.default;
+      }
+
+      // Configure Stylelint
+      const config = {
+        extends: ['stylelint-config-standard'],
+        rules: {
+          // Custom rules for better analysis
+          'color-no-invalid-hex': true,
+          'font-family-no-duplicate-names': true,
+          'function-calc-no-invalid': true,
+          'string-no-newline': true,
+          'unit-no-unknown': true,
+          'property-no-unknown': true,
+          'declaration-block-no-duplicate-properties': true,
+          'selector-pseudo-class-no-unknown': true,
+          'selector-pseudo-element-no-unknown': true,
+          'selector-type-no-unknown': [true, {
+            ignoreTypes: ['/^custom-/', 'ng-deep'] // Allow custom elements
+          }],
+          'media-feature-name-no-unknown': true,
+          'at-rule-no-unknown': language === 'scss' ? [true, {
+            ignoreAtRules: ['mixin', 'include', 'extend', 'if', 'else', 'for', 'each', 'while', 'function', 'return', 'content', 'use', 'forward']
+          }] : language === 'less' ? [true, {
+            ignoreAtRules: ['plugin']
+          }] : true,
+          'comment-no-empty': true,
+          'no-duplicate-selectors': true,
+          'no-empty-source': null, // Allow empty files
+          'block-no-empty': true,
+          'declaration-block-no-shorthand-property-overrides': true,
+          'font-family-no-missing-generic-family-keyword': true,
+          'function-linear-gradient-no-nonstandard-direction': true,
+          'no-descending-specificity': null, // Too strict for real projects
+          'no-duplicate-at-import-rules': true,
+          'no-extra-semicolons': true,
+          'no-invalid-double-slash-comments': true,
+          'selector-pseudo-element-colon-notation': 'double',
+          'selector-type-case': 'lower'
+        },
+        customSyntax: language === 'scss' ? 'postcss-scss' :
+                      language === 'less' ? 'postcss-less' : undefined
+      };
+
+      // Run Stylelint
+      const result = await this.stylelint.lint({
+        code: content,
+        codeFilename: filePath,
+        config
+      });
+
+      // Process results
+      if (result.results && result.results.length > 0) {
+        const fileResult = result.results[0];
+
+        if (fileResult.warnings) {
+          for (const warning of fileResult.warnings) {
+            diagnostics.push({
+              file: filePath,
+              line: warning.line || 1,
+              column: warning.column || 1,
+              severity: warning.severity === 'error'
+                ? STATIC_ANALYSIS.SEVERITY.ERROR
+                : STATIC_ANALYSIS.SEVERITY.WARNING,
+              rule: warning.rule || 'unknown',
+              message: warning.text,
+              category: this.categorizeStylelintRule(warning.rule),
+              fixable: false,
+              source: 'stylelint'
+            });
+          }
+        }
+      }
+
+    } catch (error) {
+      this.logger?.warn('Stylelint analysis failed', {
+        file: filePath,
+        error: error.message
+      });
+      // Don't fail the whole analysis if linting fails
+    }
+
+    return diagnostics;
+  }
+
+  /**
+   * Format PostCSS error into diagnostic
+   * @private
+   */
+  formatPostCSSError(error, filePath) {
+    return {
+      file: filePath,
+      line: error.line || 1,
+      column: error.column || 1,
+      severity: STATIC_ANALYSIS.SEVERITY.ERROR,
+      rule: error.name || 'CssSyntaxError',
+      message: error.reason || error.message,
+      category: STATIC_ANALYSIS.CATEGORY.SYNTAX,
+      fixable: false,
+      source: 'postcss',
+      code: error.source || undefined
+    };
+  }
+
+  /**
+   * Categorize Stylelint rule into analysis category
+   * @private
+   */
+  categorizeStylelintRule(rule) {
+    if (!rule) return STATIC_ANALYSIS.CATEGORY.STYLE;
+
+    const ruleLower = rule.toLowerCase();
+
+    if (ruleLower.includes('no-invalid') ||
+        ruleLower.includes('no-unknown') ||
+        ruleLower.includes('no-empty') ||
+        ruleLower.includes('syntax')) {
+      return STATIC_ANALYSIS.CATEGORY.SYNTAX;
+    }
+
+    if (ruleLower.includes('performance') ||
+        ruleLower.includes('optimize')) {
+      return STATIC_ANALYSIS.CATEGORY.PERFORMANCE;
+    }
+
+    if (ruleLower.includes('best-practice') ||
+        ruleLower.includes('recommended')) {
+      return STATIC_ANALYSIS.CATEGORY.BEST_PRACTICE;
+    }
+
+    return STATIC_ANALYSIS.CATEGORY.STYLE;
+  }
+
+  /**
+   * Detect language from file path
+   * @private
+   */
+  detectLanguage(filePath) {
+    const ext = filePath.toLowerCase();
+
+    if (ext.endsWith('.scss') || ext.endsWith('.sass')) {
+      return 'scss';
+    }
+
+    if (ext.endsWith('.less')) {
+      return 'less';
+    }
+
+    return 'css';
+  }
+
+  /**
+   * Get supported file extensions
+   * @returns {Array<string>} Array of supported extensions
+   */
+  getSupportedExtensions() {
+    return ['.css', '.scss', '.sass', '.less'];
+  }
+
+  /**
+   * Check if auto-fix is supported
+   * @returns {boolean} True if auto-fix is supported
+   */
+  supportsAutoFix() {
+    return false; // Auto-fix not implemented yet
+  }
+}
+
+export default CSSAnalyzer;