@nahisaho/musubix-core 1.0.0 → 1.0.2

package/dist/cli/commands/codegen.js

@@ -0,0 +1,684 @@
+/**
+ * Codegen Command
+ *
+ * CLI commands for code generation and analysis
+ *
+ * @packageDocumentation
+ * @module cli/commands/codegen
+ *
+ * @see REQ-CLI-003 - Codegen CLI
+ * @see REQ-CG-001 - Code Generation
+ * @see REQ-CG-002 - Static Analysis
+ * @see DES-MUSUBIX-001 Section 16-C.3 - codegenコマンド設計
+ * @see TSK-071〜073 - Codegen CLI実装
+ */
+import { readFile, writeFile, mkdir, readdir, stat } from 'fs/promises';
+import { resolve, dirname, extname, join } from 'path';
+import { ExitCode, getGlobalOptions, outputResult } from '../base.js';
+/**
+ * Security patterns to check
+ */
+const SECURITY_PATTERNS = [
+    {
+        pattern: /eval\s*\(/g,
+        type: 'Code Injection',
+        severity: 'critical',
+        cwe: 'CWE-94',
+        description: 'Use of eval() can lead to code injection vulnerabilities',
+        recommendation: 'Avoid eval(). Use safer alternatives like JSON.parse() for data parsing.',
+    },
+    {
+        pattern: /new\s+Function\s*\(/g,
+        type: 'Code Injection',
+        severity: 'high',
+        cwe: 'CWE-94',
+        description: 'Dynamic function creation can lead to code injection',
+        recommendation: 'Avoid dynamic function creation. Use predefined functions instead.',
+    },
+    {
+        pattern: /innerHTML\s*=/g,
+        type: 'XSS',
+        severity: 'high',
+        cwe: 'CWE-79',
+        description: 'Direct innerHTML assignment can lead to XSS vulnerabilities',
+        recommendation: 'Use textContent or sanitize HTML before assignment.',
+    },
+    {
+        pattern: /document\.write\s*\(/g,
+        type: 'XSS',
+        severity: 'high',
+        cwe: 'CWE-79',
+        description: 'document.write can be exploited for XSS attacks',
+        recommendation: 'Use DOM manipulation methods instead of document.write.',
+    },
+    {
+        pattern: /password\s*[:=]\s*['"][^'"]+['"]/gi,
+        type: 'Hardcoded Credentials',
+        severity: 'critical',
+        cwe: 'CWE-798',
+        description: 'Hardcoded passwords detected',
+        recommendation: 'Use environment variables or secure credential stores.',
+    },
+    {
+        pattern: /api[_-]?key\s*[:=]\s*['"][^'"]+['"]/gi,
+        type: 'Hardcoded Credentials',
+        severity: 'high',
+        cwe: 'CWE-798',
+        description: 'Hardcoded API key detected',
+        recommendation: 'Use environment variables for API keys.',
+    },
+    {
+        pattern: /exec\s*\(/g,
+        type: 'Command Injection',
+        severity: 'high',
+        cwe: 'CWE-78',
+        description: 'Use of exec() can lead to command injection',
+        recommendation: 'Use execFile() or spawn() with explicit arguments.',
+    },
+    {
+        pattern: /dangerouslySetInnerHTML/g,
+        type: 'XSS',
+        severity: 'medium',
+        cwe: 'CWE-79',
+        description: 'React dangerouslySetInnerHTML can lead to XSS',
+        recommendation: 'Sanitize HTML content before using dangerouslySetInnerHTML.',
+    },
+    {
+        pattern: /\bhttp:\/\//g,
+        type: 'Insecure Communication',
+        severity: 'medium',
+        cwe: 'CWE-319',
+        description: 'Use of HTTP instead of HTTPS',
+        recommendation: 'Use HTTPS for all external communications.',
+    },
+    {
+        pattern: /Math\.random\(\)/g,
+        type: 'Weak Randomness',
+        severity: 'low',
+        cwe: 'CWE-338',
+        description: 'Math.random() is not cryptographically secure',
+        recommendation: 'Use crypto.getRandomValues() for security-sensitive randomness.',
+    },
+];
+/**
+ * Code analysis rules
+ */
+const ANALYSIS_RULES = [
+    {
+        name: 'no-any',
+        pattern: /:\s*any\b/g,
+        severity: 'warning',
+        message: 'Avoid using "any" type. Use proper types for better type safety.',
+    },
+    {
+        name: 'no-console',
+        pattern: /console\.(log|warn|error|info|debug)\s*\(/g,
+        severity: 'info',
+        message: 'Console statements should be removed in production code.',
+    },
+    {
+        name: 'max-line-length',
+        check: (line) => line.length > 120,
+        severity: 'info',
+        message: 'Line exceeds 120 characters.',
+    },
+    {
+        name: 'no-magic-numbers',
+        pattern: /[^0-9a-z_]([2-9]|[1-9]\d+)(?=[^0-9]|$)/gi,
+        severity: 'info',
+        message: 'Avoid magic numbers. Use named constants instead.',
+    },
+    {
+        name: 'prefer-const',
+        pattern: /\blet\s+\w+\s*=/g,
+        severity: 'info',
+        message: 'Consider using const if variable is not reassigned.',
+    },
+];
+/**
+ * Register codegen command
+ */
+export function registerCodegenCommand(program) {
+    const codegen = program
+        .command('codegen')
+        .description('Code generation and analysis');
+    // codegen generate
+    codegen
+        .command('generate <design>')
+        .description('Generate code from design')
+        .option('-o, --output <dir>', 'Output directory', 'src/generated')
+        .option('-l, --language <lang>', 'Target language', 'typescript')
+        .option('-t, --template <name>', 'Code template to use')
+        .action(async (design, options) => {
+        const globalOpts = getGlobalOptions(program);
+        try {
+            const designPath = resolve(process.cwd(), design);
+            const content = await readFile(designPath, 'utf-8');
+            // Parse design and generate code
+            const files = generateCodeFromDesign(content, options);
+            const outputDir = resolve(process.cwd(), options.output ?? 'src/generated');
+            await mkdir(outputDir, { recursive: true });
+            let totalLines = 0;
+            const languages = new Set();
+            for (const file of files) {
+                const filePath = resolve(outputDir, file.filename);
+                await mkdir(dirname(filePath), { recursive: true });
+                await writeFile(filePath, file.content, 'utf-8');
+                totalLines += file.content.split('\n').length;
+                languages.add(file.language);
+            }
+            const result = {
+                success: true,
+                files,
+                summary: {
+                    totalFiles: files.length,
+                    totalLines,
+                    languages: Array.from(languages),
+                },
+                message: `Generated ${files.length} files (${totalLines} lines)`,
+            };
+            if (!globalOpts.quiet) {
+                console.log(`✅ Code generated in ${outputDir}`);
+                for (const file of files) {
+                    console.log(`   - ${file.filename}`);
+                }
+            }
+            if (globalOpts.json) {
+                outputResult(result, globalOpts);
+            }
+            process.exit(ExitCode.SUCCESS);
+        }
+        catch (error) {
+            if (!globalOpts.quiet) {
+                console.error(`❌ Code generation failed: ${error.message}`);
+            }
+            process.exit(ExitCode.GENERAL_ERROR);
+        }
+    });
+    // codegen analyze
+    codegen
+        .command('analyze <path>')
+        .description('Static code analysis')
+        .option('--strict', 'Enable strict mode', false)
+        .action(async (path, _options) => {
+        const globalOpts = getGlobalOptions(program);
+        try {
+            const targetPath = resolve(process.cwd(), path);
+            const issues = [];
+            let fileCount = 0;
+            let totalLines = 0;
+            // Check if path is file or directory
+            const pathStat = await stat(targetPath);
+            if (pathStat.isDirectory()) {
+                await analyzeDirectory(targetPath, issues, (lines) => {
+                    fileCount++;
+                    totalLines += lines;
+                });
+            }
+            else {
+                const content = await readFile(targetPath, 'utf-8');
+                const lines = content.split('\n');
+                analyzeFile(targetPath, lines, issues);
+                fileCount = 1;
+                totalLines = lines.length;
+            }
+            const errors = issues.filter(i => i.severity === 'error').length;
+            const warnings = issues.filter(i => i.severity === 'warning').length;
+            const info = issues.filter(i => i.severity === 'info').length;
+            // Calculate metrics
+            const complexity = Math.round(totalLines / 10); // Simplified
+            const maintainabilityIndex = Math.max(0, 100 - errors * 10 - warnings * 2);
+            const result = {
+                success: true,
+                issues,
+                metrics: {
+                    files: fileCount,
+                    lines: totalLines,
+                    complexity,
+                    maintainabilityIndex,
+                },
+                summary: { errors, warnings, info },
+                message: errors === 0
+                    ? `✅ Analyzed ${fileCount} files - No errors found`
+                    : `⚠️ Found ${errors} errors, ${warnings} warnings`,
+            };
+            outputResult(result, globalOpts);
+            process.exit(errors === 0 ? ExitCode.SUCCESS : ExitCode.VALIDATION_ERROR);
+        }
+        catch (error) {
+            if (!globalOpts.quiet) {
+                console.error(`❌ Analysis failed: ${error.message}`);
+            }
+            process.exit(ExitCode.GENERAL_ERROR);
+        }
+    });
+    // codegen security
+    codegen
+        .command('security <path>')
+        .description('Security scan')
+        .option('--severity <level>', 'Minimum severity to report', 'low')
+        .action(async (path, options) => {
+        const globalOpts = getGlobalOptions(program);
+        try {
+            const targetPath = resolve(process.cwd(), path);
+            const vulnerabilities = [];
+            // Check if path is file or directory
+            const pathStat = await stat(targetPath);
+            if (pathStat.isDirectory()) {
+                await scanDirectory(targetPath, vulnerabilities);
+            }
+            else {
+                const content = await readFile(targetPath, 'utf-8');
+                scanFile(targetPath, content, vulnerabilities);
+            }
+            // Filter by severity
+            const severityOrder = ['critical', 'high', 'medium', 'low'];
+            const minSeverityIndex = severityOrder.indexOf(options.severity ?? 'low');
+            const filtered = vulnerabilities.filter(v => severityOrder.indexOf(v.severity) <= minSeverityIndex);
+            const critical = filtered.filter(v => v.severity === 'critical').length;
+            const high = filtered.filter(v => v.severity === 'high').length;
+            const medium = filtered.filter(v => v.severity === 'medium').length;
+            const low = filtered.filter(v => v.severity === 'low').length;
+            // Calculate security score (0-100)
+            const score = Math.max(0, 100 - critical * 30 - high * 15 - medium * 5 - low * 1);
+            const result = {
+                success: true,
+                vulnerabilities: filtered,
+                summary: { critical, high, medium, low },
+                score,
+                message: critical + high === 0
+                    ? `✅ Security score: ${score}/100 - No critical issues`
+                    : `🔴 Security score: ${score}/100 - ${critical} critical, ${high} high severity issues`,
+            };
+            outputResult(result, globalOpts);
+            process.exit(critical === 0 ? ExitCode.SUCCESS : ExitCode.VALIDATION_ERROR);
+        }
+        catch (error) {
+            if (!globalOpts.quiet) {
+                console.error(`❌ Security scan failed: ${error.message}`);
+            }
+            process.exit(ExitCode.GENERAL_ERROR);
+        }
+    });
+}
+/**
+ * Generate code from design
+ */
+function generateCodeFromDesign(content, options) {
+    const files = [];
+    const language = options.language ?? 'typescript';
+    const ext = language === 'typescript' ? '.ts' : language === 'javascript' ? '.js' : '.py';
+    // Extract components from design
+    const componentMatches = content.match(/component\s+["']?([A-Za-z0-9_-]+)["']?/gi) || [];
+    const classMatches = content.match(/class\s+["']?([A-Za-z0-9_-]+)["']?/gi) || [];
+    const interfaceMatches = content.match(/interface\s+["']?([A-Za-z0-9_-]+)["']?/gi) || [];
+    // Extract requirement references
+    const reqMatches = content.match(/REQ-[A-Z]+-\d+/g) || [];
+    const desMatches = content.match(/DES-[A-Z]+-\d+/g) || [];
+    // Generate files for components
+    const seen = new Set();
+    const allMatches = [...componentMatches, ...classMatches, ...interfaceMatches];
+    for (const match of allMatches) {
+        const name = match.split(/\s+/).pop()?.replace(/["']/g, '') || 'Unknown';
+        if (seen.has(name))
+            continue;
+        seen.add(name);
+        const code = generateComponentCode(name, language);
+        files.push({
+            filename: `${toKebabCase(name)}${ext}`,
+            language,
+            content: code,
+            metadata: {
+                requirements: reqMatches.slice(0, 5),
+                designElements: desMatches.slice(0, 5),
+                patterns: [],
+            },
+        });
+    }
+    // Generate index file
+    if (files.length > 0) {
+        const indexContent = files
+            .map(f => {
+            const baseName = f.filename.replace(ext, '');
+            return `export * from './${baseName}';`;
+        })
+            .join('\n');
+        files.push({
+            filename: `index${ext}`,
+            language,
+            content: `/**\n * Generated index file\n * @generated\n */\n\n${indexContent}\n`,
+            metadata: {
+                requirements: [],
+                designElements: [],
+                patterns: [],
+            },
+        });
+    }
+    return files;
+}
+/**
+ * Generate component code
+ */
+function generateComponentCode(name, language) {
+    const className = toPascalCase(name);
+    if (language === 'typescript') {
+        return `/**
+ * ${className}
+ *
+ * @generated
+ * @module ${toKebabCase(name)}
+ */
+
+/**
+ * ${className} interface
+ */
+export interface I${className} {
+  /**
+   * Initialize the component
+   */
+  initialize(): Promise<void>;
+
+  /**
+   * Execute main logic
+   */
+  execute(): Promise<void>;
+
+  /**
+   * Cleanup resources
+   */
+  dispose(): Promise<void>;
+}
+
+/**
+ * ${className} implementation
+ */
+export class ${className} implements I${className} {
+  private initialized = false;
+
+  /**
+   * Create a new ${className} instance
+   */
+  constructor() {
+    // Initialize
+  }
+
+  /**
+   * Initialize the component
+   */
+  async initialize(): Promise<void> {
+    if (this.initialized) return;
+    // TODO: Add initialization logic
+    this.initialized = true;
+  }
+
+  /**
+   * Execute main logic
+   */
+  async execute(): Promise<void> {
+    if (!this.initialized) {
+      await this.initialize();
+    }
+    // TODO: Add execution logic
+  }
+
+  /**
+   * Cleanup resources
+   */
+  async dispose(): Promise<void> {
+    // TODO: Add cleanup logic
+    this.initialized = false;
+  }
+}
+
+/**
+ * Create a new ${className} instance
+ */
+export function create${className}(): ${className} {
+  return new ${className}();
+}
+`;
+    }
+    else if (language === 'python') {
+        return `"""
+${className}
+
+Generated module
+"""
+
+from abc import ABC, abstractmethod
+from typing import Optional
+
+
+class I${className}(ABC):
+    """${className} interface."""
+
+    @abstractmethod
+    async def initialize(self) -> None:
+        """Initialize the component."""
+        pass
+
+    @abstractmethod
+    async def execute(self) -> None:
+        """Execute main logic."""
+        pass
+
+    @abstractmethod
+    async def dispose(self) -> None:
+        """Cleanup resources."""
+        pass
+
+
+class ${className}(I${className}):
+    """${className} implementation."""
+
+    def __init__(self) -> None:
+        """Create a new ${className} instance."""
+        self._initialized = False
+
+    async def initialize(self) -> None:
+        """Initialize the component."""
+        if self._initialized:
+            return
+        # TODO: Add initialization logic
+        self._initialized = True
+
+    async def execute(self) -> None:
+        """Execute main logic."""
+        if not self._initialized:
+            await self.initialize()
+        # TODO: Add execution logic
+
+    async def dispose(self) -> None:
+        """Cleanup resources."""
+        # TODO: Add cleanup logic
+        self._initialized = False
+
+
+def create_${toSnakeCase(name)}() -> ${className}:
+    """Create a new ${className} instance."""
+    return ${className}()
+`;
+    }
+    // JavaScript
+    return `/**
+ * ${className}
+ *
+ * @generated
+ * @module ${toKebabCase(name)}
+ */
+
+/**
+ * ${className} implementation
+ */
+export class ${className} {
+  #initialized = false;
+
+  /**
+   * Create a new ${className} instance
+   */
+  constructor() {
+    // Initialize
+  }
+
+  /**
+   * Initialize the component
+   */
+  async initialize() {
+    if (this.#initialized) return;
+    // TODO: Add initialization logic
+    this.#initialized = true;
+  }
+
+  /**
+   * Execute main logic
+   */
+  async execute() {
+    if (!this.#initialized) {
+      await this.initialize();
+    }
+    // TODO: Add execution logic
+  }
+
+  /**
+   * Dispose resources
+   */
+  async dispose() {
+    // TODO: Add cleanup logic
+    this.#initialized = false;
+  }
+}
+
+/**
+ * Create a new ${className} instance
+ */
+export function create${className}() {
+  return new ${className}();
+}
+`;
+}
+/**
+ * Analyze directory
+ */
+async function analyzeDirectory(dir, issues, onFile) {
+    const entries = await readdir(dir, { withFileTypes: true });
+    for (const entry of entries) {
+        const fullPath = join(dir, entry.name);
+        if (entry.isDirectory()) {
+            if (!entry.name.startsWith('.') && entry.name !== 'node_modules') {
+                await analyzeDirectory(fullPath, issues, onFile);
+            }
+        }
+        else if (entry.isFile()) {
+            const ext = extname(entry.name);
+            if (['.ts', '.js', '.tsx', '.jsx', '.py'].includes(ext)) {
+                const content = await readFile(fullPath, 'utf-8');
+                const lines = content.split('\n');
+                analyzeFile(fullPath, lines, issues);
+                onFile(lines.length);
+            }
+        }
+    }
+}
+/**
+ * Analyze file
+ */
+function analyzeFile(file, lines, issues) {
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const rule of ANALYSIS_RULES) {
+            if ('pattern' in rule && rule.pattern) {
+                rule.pattern.lastIndex = 0;
+                if (rule.pattern.test(line)) {
+                    issues.push({
+                        file,
+                        line: i + 1,
+                        severity: rule.severity,
+                        rule: rule.name,
+                        message: rule.message,
+                    });
+                }
+            }
+            else if ('check' in rule && rule.check?.(line)) {
+                issues.push({
+                    file,
+                    line: i + 1,
+                    severity: rule.severity,
+                    rule: rule.name,
+                    message: rule.message,
+                });
+            }
+        }
+    }
+}
+/**
+ * Scan directory for security issues
+ */
+async function scanDirectory(dir, vulnerabilities) {
+    const entries = await readdir(dir, { withFileTypes: true });
+    for (const entry of entries) {
+        const fullPath = join(dir, entry.name);
+        if (entry.isDirectory()) {
+            if (!entry.name.startsWith('.') && entry.name !== 'node_modules') {
+                await scanDirectory(fullPath, vulnerabilities);
+            }
+        }
+        else if (entry.isFile()) {
+            const ext = extname(entry.name);
+            if (['.ts', '.js', '.tsx', '.jsx', '.py', '.json', '.yml', '.yaml'].includes(ext)) {
+                const content = await readFile(fullPath, 'utf-8');
+                scanFile(fullPath, content, vulnerabilities);
+            }
+        }
+    }
+}
+/**
+ * Scan file for security issues
+ */
+function scanFile(file, content, vulnerabilities) {
+    const lines = content.split('\n');
+    for (const pattern of SECURITY_PATTERNS) {
+        pattern.pattern.lastIndex = 0;
+        for (let i = 0; i < lines.length; i++) {
+            pattern.pattern.lastIndex = 0;
+            if (pattern.pattern.test(lines[i])) {
+                vulnerabilities.push({
+                    severity: pattern.severity,
+                    type: pattern.type,
+                    file,
+                    line: i + 1,
+                    description: pattern.description,
+                    recommendation: pattern.recommendation,
+                    cwe: pattern.cwe,
+                });
+            }
+        }
+    }
+}
+/**
+ * Convert to kebab-case
+ */
+function toKebabCase(str) {
+    return str
+        .replace(/([a-z])([A-Z])/g, '$1-$2')
+        .replace(/[\s_]+/g, '-')
+        .toLowerCase();
+}
+/**
+ * Convert to PascalCase
+ */
+function toPascalCase(str) {
+    return str
+        .replace(/[-_\s]+(.)?/g, (_, c) => (c ? c.toUpperCase() : ''))
+        .replace(/^./, s => s.toUpperCase());
+}
+/**
+ * Convert to snake_case
+ */
+function toSnakeCase(str) {
+    return str
+        .replace(/([a-z])([A-Z])/g, '$1_$2')
+        .replace(/[-\s]+/g, '_')
+        .toLowerCase();
+}
+export { generateCodeFromDesign, analyzeFile, scanFile, };
+//# sourceMappingURL=codegen.js.map