@nclamvn/vibecode-cli 1.7.0 → 1.8.1

package/src/commands/review.js

@@ -1,11 +1,13 @@
 // ═══════════════════════════════════════════════════════════════════════════════
 // VIBECODE CLI - Review Command
+// Phase K1: AI Code Review
 // ═══════════════════════════════════════════════════════════════════════════════
 
 import chalk from 'chalk';
 import ora from 'ora';
 import path from 'path';
-import { exec } from 'child_process';
+import fs from 'fs/promises';
+import { exec, spawn } from 'child_process';
 import { promisify } from 'util';
 import inquirer from 'inquirer';
 import { workspaceExists, getProjectName } from '../core/workspace.js';
@@ -26,6 +28,10 @@ import { printBox, printError, printSuccess, printWarning, printNextStep } from
 const execAsync = promisify(exec);
 
 export async function reviewCommand(options = {}) {
+  // K1: AI-powered code review
+  if (options.ai) {
+    return aiCodeReview(options);
+  }
   const spinner = ora('Starting review...').start();
 
   try {
@@ -288,3 +294,122 @@ async function checkGitStatus() {
     return { clean: true, message: 'Git not available' };
   }
 }
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// K1: AI CODE REVIEW
+// ═══════════════════════════════════════════════════════════════════════════════
+
+async function aiCodeReview(options) {
+  const cwd = process.cwd();
+
+  console.log(chalk.cyan(`
+╭────────────────────────────────────────────────────────────────────╮
+│  🔍 AI CODE REVIEW                                                 │
+│                                                                    │
+│  Analyzing codebase for:                                          │
+│  • Code quality & best practices                                  │
+│  • Potential bugs & edge cases                                    │
+│  • Performance concerns                                           │
+│  • Security vulnerabilities                                       │
+│  • Maintainability issues                                         │
+│                                                                    │
+╰────────────────────────────────────────────────────────────────────╯
+  `));
+
+  // Gather codebase context
+  const files = await gatherSourceFiles(cwd, options.path);
+
+  console.log(chalk.gray(`  Found ${files.length} files to review\n`));
+
+  const prompt = `
+# AI Code Review Request
+
+## Project: ${path.basename(cwd)}
+
+## Files to Review:
+${files.map(f => `- ${f}`).join('\n')}
+
+## Review Criteria:
+1. **Code Quality**: Clean code, readability, naming conventions
+2. **Best Practices**: Design patterns, DRY, SOLID principles
+3. **Potential Bugs**: Edge cases, null checks, error handling
+4. **Performance**: Inefficient loops, memory leaks, N+1 queries
+5. **Security**: Input validation, XSS, SQL injection, auth issues
+6. **Maintainability**: Modularity, testability, documentation
+
+## Output Format:
+For each issue found, provide:
+- **Severity**: Critical / High / Medium / Low
+- **Category**: Bug / Performance / Security / Quality / Maintainability
+- **File**: path/to/file.ts
+- **Line**: (if applicable)
+- **Issue**: Description
+- **Suggestion**: How to fix
+
+## Summary:
+End with overall score (A-F) and top 3 priorities.
+
+Review the codebase now.
+`;
+
+  // Write prompt
+  const promptFile = path.join(cwd, '.vibecode', 'review-prompt.md');
+  await fs.mkdir(path.dirname(promptFile), { recursive: true });
+  await fs.writeFile(promptFile, prompt);
+
+  // Run Claude Code
+  console.log(chalk.gray('  Analyzing with Claude Code...\n'));
+
+  await runClaudeCode(prompt, cwd);
+
+  // Save report
+  const reportDir = path.join(cwd, '.vibecode', 'reports');
+  await fs.mkdir(reportDir, { recursive: true });
+  const reportFile = path.join(reportDir, `review-${Date.now()}.md`);
+
+  console.log(chalk.green(`\n✅ Review complete!`));
+  console.log(chalk.gray(`  Report saved to: .vibecode/reports/\n`));
+}
+
+async function gatherSourceFiles(cwd, targetPath) {
+  const files = [];
+  const extensions = ['.js', '.ts', '.tsx', '.jsx', '.py', '.go', '.rs', '.vue', '.svelte'];
+  const ignoreDirs = ['node_modules', '.git', 'dist', 'build', '.next', 'coverage', '.vibecode', '__pycache__'];
+
+  const scanDir = targetPath ? path.join(cwd, targetPath) : cwd;
+
+  async function scan(dir) {
+    try {
+      const entries = await fs.readdir(dir, { withFileTypes: true });
+
+      for (const entry of entries) {
+        if (entry.name.startsWith('.')) continue;
+        if (ignoreDirs.includes(entry.name)) continue;
+
+        const fullPath = path.join(dir, entry.name);
+        const relativePath = path.relative(cwd, fullPath);
+
+        if (entry.isDirectory()) {
+          await scan(fullPath);
+        } else if (extensions.some(ext => entry.name.endsWith(ext))) {
+          files.push(relativePath);
+        }
+      }
+    } catch {}
+  }
+
+  await scan(scanDir);
+  return files.slice(0, 50); // Limit files
+}
+
+async function runClaudeCode(prompt, cwd) {
+  return new Promise((resolve) => {
+    const child = spawn('claude', ['-p', prompt, '--dangerously-skip-permissions'], {
+      cwd,
+      stdio: 'inherit'
+    });
+
+    child.on('close', resolve);
+    child.on('error', () => resolve());
+  });
+}

package/src/commands/security.js

@@ -0,0 +1,229 @@
+// ═══════════════════════════════════════════════════════════════════════════════
+// VIBECODE CLI - Security Command
+// Phase K5: AI Security Audit
+// ═══════════════════════════════════════════════════════════════════════════════
+
+import { spawn, exec } from 'child_process';
+import { promisify } from 'util';
+import fs from 'fs/promises';
+import path from 'path';
+import chalk from 'chalk';
+
+const execAsync = promisify(exec);
+
+export async function securityCommand(options = {}) {
+  const cwd = process.cwd();
+
+  console.log(chalk.cyan(`
+╭────────────────────────────────────────────────────────────────────╮
+│  🔒 SECURITY AUDIT                                                 │
+│                                                                    │
+│  Scanning for vulnerabilities...                                  │
+│                                                                    │
+╰────────────────────────────────────────────────────────────────────╯
+  `));
+
+  const results = {
+    npmAudit: null,
+    secretsScan: [],
+    timestamp: new Date().toISOString()
+  };
+
+  // 1. Run npm audit
+  console.log(chalk.gray('\n  [1/3] Running npm audit...\n'));
+  try {
+    const { stdout } = await execAsync('npm audit --json', { cwd, timeout: 60000 });
+    results.npmAudit = JSON.parse(stdout);
+    console.log(chalk.green('    ✓ npm audit complete'));
+  } catch (error) {
+    try {
+      if (error.stdout) {
+        results.npmAudit = JSON.parse(error.stdout);
+        const vulns = results.npmAudit?.metadata?.vulnerabilities;
+        if (vulns) {
+          const total = vulns.critical + vulns.high + vulns.moderate + vulns.low;
+          if (total > 0) {
+            console.log(chalk.yellow(`    ⚠ Found ${total} vulnerabilities`));
+          } else {
+            console.log(chalk.green('    ✓ No vulnerabilities found'));
+          }
+        }
+      }
+    } catch {
+      results.npmAudit = { error: 'npm audit failed or not applicable' };
+      console.log(chalk.gray('    - npm audit not applicable'));
+    }
+  }
+
+  // 2. Scan for secrets
+  console.log(chalk.gray('\n  [2/3] Scanning for exposed secrets...\n'));
+  results.secretsScan = await scanForSecrets(cwd);
+  if (results.secretsScan.length > 0) {
+    console.log(chalk.red(`    ⚠ Found ${results.secretsScan.length} potential secrets!`));
+    for (const secret of results.secretsScan.slice(0, 5)) {
+      console.log(chalk.gray(`      - ${secret.file}: ${secret.type}`));
+    }
+  } else {
+    console.log(chalk.green('    ✓ No exposed secrets detected'));
+  }
+
+  // 3. AI security analysis
+  console.log(chalk.gray('\n  [3/3] AI security analysis...\n'));
+
+  const vulnSummary = results.npmAudit?.metadata?.vulnerabilities;
+  const npmSummary = vulnSummary
+    ? `Critical: ${vulnSummary.critical}, High: ${vulnSummary.high}, Moderate: ${vulnSummary.moderate}, Low: ${vulnSummary.low}`
+    : 'npm audit not available';
+
+  const prompt = `
+# Security Audit Request
+
+## Project: ${path.basename(cwd)}
+
+## NPM Audit Results:
+${npmSummary}
+
+## Potential Secrets Found:
+${results.secretsScan.map(s => `- ${s.file}: ${s.type}`).join('\n') || 'None detected'}
+
+## Security Analysis Required:
+Analyze the codebase for security vulnerabilities:
+
+1. **Authentication Issues**
+   - Weak password handling
+   - Missing auth checks on protected routes
+   - Insecure session management
+   - JWT vulnerabilities
+
+2. **Input Validation**
+   - SQL injection risks
+   - XSS vulnerabilities
+   - Command injection
+   - Path traversal
+   - ReDoS (regex denial of service)
+
+3. **Data Exposure**
+   - Sensitive data in logs
+   - Exposed API keys in code
+   - Insecure data storage
+   - PII handling issues
+
+4. **Configuration Issues**
+   - CORS misconfiguration
+   - Missing security headers
+   - Debug mode in production
+   - Insecure defaults
+
+5. **Dependencies**
+   - Known vulnerable packages
+   - Outdated dependencies
+   - Unnecessary dependencies
+
+## Output Format:
+For each vulnerability found:
+- **Severity**: Critical / High / Medium / Low
+- **Category**: Auth / Injection / Exposure / Config / Dependency
+- **Location**: File and line number
+- **Description**: What's the issue
+- **Remediation**: How to fix it
+
+End with a security score (A-F) and priority fixes.
+`;
+
+  const promptFile = path.join(cwd, '.vibecode', 'security-prompt.md');
+  await fs.mkdir(path.dirname(promptFile), { recursive: true });
+  await fs.writeFile(promptFile, prompt);
+
+  await runClaudeCode(prompt, cwd);
+
+  // Save report
+  const reportPath = path.join(cwd, '.vibecode', 'reports', `security-${Date.now()}.json`);
+  await fs.mkdir(path.dirname(reportPath), { recursive: true });
+  await fs.writeFile(reportPath, JSON.stringify(results, null, 2));
+
+  console.log(chalk.green('\n✅ Security audit complete!'));
+  console.log(chalk.gray(`  Report saved to: .vibecode/reports/\n`));
+
+  // Auto-fix option
+  if (options.fix) {
+    console.log(chalk.yellow('\n  Attempting auto-fix...\n'));
+    try {
+      await execAsync('npm audit fix', { cwd });
+      console.log(chalk.green('  ✓ npm audit fix completed\n'));
+    } catch {
+      console.log(chalk.gray('  - npm audit fix not applicable\n'));
+    }
+  }
+}
+
+async function scanForSecrets(cwd) {
+  const secrets = [];
+  const patterns = [
+    { regex: /(['"])?(api[_-]?key|apikey)(['"])?\s*[:=]\s*(['"])[a-zA-Z0-9]{20,}(['"])/gi, type: 'API Key' },
+    { regex: /(['"])?(secret|password|passwd|pwd)(['"])?\s*[:=]\s*(['"])[^'"]{8,}(['"])/gi, type: 'Password/Secret' },
+    { regex: /(['"])?(aws[_-]?access[_-]?key[_-]?id)(['"])?\s*[:=]\s*(['"])[A-Z0-9]{20}(['"])/gi, type: 'AWS Access Key' },
+    { regex: /(['"])?(aws[_-]?secret)(['"])?\s*[:=]\s*(['"])[a-zA-Z0-9/+=]{40}(['"])/gi, type: 'AWS Secret Key' },
+    { regex: /(['"])?(private[_-]?key)(['"])?\s*[:=]\s*(['"])-----BEGIN/gi, type: 'Private Key' },
+    { regex: /(['"])?(auth[_-]?token|bearer)(['"])?\s*[:=]\s*(['"])[a-zA-Z0-9._-]{20,}(['"])/gi, type: 'Auth Token' },
+    { regex: /(['"])?(github[_-]?token)(['"])?\s*[:=]\s*(['"])gh[ps]_[a-zA-Z0-9]{36}(['"])/gi, type: 'GitHub Token' },
+    { regex: /(['"])?(stripe[_-]?key)(['"])?\s*[:=]\s*(['"])sk_[a-zA-Z0-9]{24,}(['"])/gi, type: 'Stripe Key' }
+  ];
+
+  const files = await getAllSourceFiles(cwd);
+
+  for (const file of files) {
+    try {
+      const content = await fs.readFile(path.join(cwd, file), 'utf-8');
+
+      for (const { regex, type } of patterns) {
+        regex.lastIndex = 0; // Reset regex state
+        if (regex.test(content)) {
+          secrets.push({ file, type });
+          break; // One type per file is enough
+        }
+      }
+    } catch {}
+  }
+
+  return secrets;
+}
+
+async function getAllSourceFiles(cwd) {
+  const files = [];
+  const extensions = ['.js', '.ts', '.jsx', '.tsx', '.json', '.env', '.yaml', '.yml', '.py', '.go'];
+  const ignoreDirs = ['node_modules', '.git', 'dist', 'build', '.next', 'coverage'];
+
+  async function scan(dir) {
+    try {
+      const entries = await fs.readdir(dir, { withFileTypes: true });
+
+      for (const entry of entries) {
+        if (entry.name.startsWith('.') && entry.name !== '.env') continue;
+        if (ignoreDirs.includes(entry.name)) continue;
+
+        const fullPath = path.join(dir, entry.name);
+
+        if (entry.isDirectory()) {
+          await scan(fullPath);
+        } else if (extensions.some(ext => entry.name.endsWith(ext))) {
+          files.push(path.relative(cwd, fullPath));
+        }
+      }
+    } catch {}
+  }
+
+  await scan(cwd);
+  return files.slice(0, 100);
+}
+
+async function runClaudeCode(prompt, cwd) {
+  return new Promise((resolve) => {
+    const child = spawn('claude', ['-p', prompt, '--dangerously-skip-permissions'], {
+      cwd,
+      stdio: 'inherit'
+    });
+
+    child.on('close', resolve);
+    child.on('error', () => resolve());
+  });
+}

package/src/commands/test.js

@@ -0,0 +1,194 @@
+// ═══════════════════════════════════════════════════════════════════════════════
+// VIBECODE CLI - Test Command
+// Phase K2: AI Test Generation
+// ═══════════════════════════════════════════════════════════════════════════════
+
+import { spawn } from 'child_process';
+import fs from 'fs/promises';
+import path from 'path';
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+
+export async function testCommand(targetPath, options = {}) {
+  const cwd = process.cwd();
+
+  // Generate tests
+  if (options.generate) {
+    return generateTests(cwd, targetPath, options);
+  }
+
+  // Run tests (pass through to npm test)
+  if (options.run) {
+    const { exec } = await import('child_process');
+    const child = exec('npm test', { cwd });
+    child.stdout?.pipe(process.stdout);
+    child.stderr?.pipe(process.stderr);
+    return new Promise(resolve => child.on('close', resolve));
+  }
+
+  // Coverage
+  if (options.coverage) {
+    const { exec } = await import('child_process');
+    const child = exec('npm run test:coverage || npm test -- --coverage', { cwd });
+    child.stdout?.pipe(process.stdout);
+    child.stderr?.pipe(process.stderr);
+    return new Promise(resolve => child.on('close', resolve));
+  }
+
+  // Default: show menu
+  const { action } = await inquirer.prompt([{
+    type: 'list',
+    name: 'action',
+    message: 'Test options:',
+    choices: [
+      { name: '🧪 Run tests (npm test)', value: 'run' },
+      { name: '✨ Generate tests for file/folder', value: 'generate' },
+      { name: '📊 Show coverage', value: 'coverage' },
+      { name: '👋 Exit', value: 'exit' }
+    ]
+  }]);
+
+  if (action === 'run') {
+    return testCommand(null, { run: true });
+  }
+  if (action === 'generate') {
+    const { target } = await inquirer.prompt([{
+      type: 'input',
+      name: 'target',
+      message: 'Path to generate tests for:',
+      default: 'src/'
+    }]);
+    return generateTests(cwd, target, options);
+  }
+  if (action === 'coverage') {
+    return testCommand(null, { coverage: true });
+  }
+}
+
+async function generateTests(cwd, targetPath, options) {
+  console.log(chalk.cyan(`
+╭────────────────────────────────────────────────────────────────────╮
+│  🧪 TEST GENERATION                                                │
+│                                                                    │
+│  Target: ${(targetPath || 'src/').padEnd(52)}│
+│                                                                    │
+╰────────────────────────────────────────────────────────────────────╯
+  `));
+
+  // Detect test framework
+  const framework = await detectTestFramework(cwd);
+  console.log(chalk.gray(`  Test framework: ${framework}\n`));
+
+  // Get files to generate tests for
+  const files = await getFilesToTest(cwd, targetPath || 'src/');
+
+  if (files.length === 0) {
+    console.log(chalk.yellow('  No files found to generate tests for.\n'));
+    return;
+  }
+
+  console.log(chalk.gray(`  Found ${files.length} files\n`));
+
+  const prompt = `
+# Test Generation Request
+
+## Project: ${path.basename(cwd)}
+## Test Framework: ${framework}
+
+## Files to Generate Tests For:
+${files.map(f => `- ${f}`).join('\n')}
+
+## Instructions:
+1. Read each source file
+2. Generate comprehensive tests including:
+   - Unit tests for each function/method
+   - Edge cases (null, undefined, empty, boundary values)
+   - Error handling tests
+   - Mock external dependencies
+   - Integration tests where appropriate
+
+3. Use ${framework} syntax and conventions
+4. Follow AAA pattern (Arrange, Act, Assert)
+5. Add descriptive test names
+6. Include setup/teardown if needed
+
+## Output:
+Create test files in __tests__/ or *.test.ts/js format.
+For each source file, create corresponding test file.
+
+Generate tests now.
+`;
+
+  const promptFile = path.join(cwd, '.vibecode', 'test-gen-prompt.md');
+  await fs.mkdir(path.dirname(promptFile), { recursive: true });
+  await fs.writeFile(promptFile, prompt);
+
+  console.log(chalk.gray('  Generating tests with Claude Code...\n'));
+
+  await runClaudeCode(prompt, cwd);
+
+  console.log(chalk.green('\n✅ Tests generated!'));
+  console.log(chalk.gray('  Run: npm test\n'));
+}
+
+async function detectTestFramework(cwd) {
+  try {
+    const pkgPath = path.join(cwd, 'package.json');
+    const pkg = JSON.parse(await fs.readFile(pkgPath, 'utf-8'));
+    const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+
+    if (deps.vitest) return 'vitest';
+    if (deps.jest) return 'jest';
+    if (deps.mocha) return 'mocha';
+    if (deps['@testing-library/react']) return 'jest + @testing-library/react';
+    if (deps.ava) return 'ava';
+    if (deps.tap) return 'tap';
+    if (deps.uvu) return 'uvu';
+
+    return 'jest'; // default
+  } catch {
+    return 'jest';
+  }
+}
+
+async function getFilesToTest(cwd, targetPath) {
+  const files = [];
+  const fullPath = path.join(cwd, targetPath);
+
+  async function scan(dir) {
+    try {
+      const entries = await fs.readdir(dir, { withFileTypes: true });
+
+      for (const entry of entries) {
+        if (entry.name.startsWith('.')) continue;
+        if (entry.name.includes('.test.') || entry.name.includes('.spec.')) continue;
+        if (entry.name === '__tests__') continue;
+        if (entry.name === 'node_modules') continue;
+        if (entry.name === 'dist' || entry.name === 'build') continue;
+
+        const entryPath = path.join(dir, entry.name);
+
+        if (entry.isDirectory()) {
+          await scan(entryPath);
+        } else if (/\.(js|ts|jsx|tsx)$/.test(entry.name)) {
+          files.push(path.relative(cwd, entryPath));
+        }
+      }
+    } catch {}
+  }
+
+  await scan(fullPath);
+  return files.slice(0, 20); // Limit
+}
+
+async function runClaudeCode(prompt, cwd) {
+  return new Promise((resolve) => {
+    const child = spawn('claude', ['-p', prompt, '--dangerously-skip-permissions'], {
+      cwd,
+      stdio: 'inherit'
+    });
+
+    child.on('close', resolve);
+    child.on('error', () => resolve());
+  });
+}

package/src/config/constants.js

@@ -3,7 +3,11 @@
 // Spec Hash: 0fe43335f5a325e3279a079ce616c052
 // ═══════════════════════════════════════════════════════════════════════════════
 
-export const VERSION = '1.0.1';
+import { createRequire } from 'module';
+const require = createRequire(import.meta.url);
+const pkg = require('../../package.json');
+
+export const VERSION = pkg.version;
 export const SPEC_HASH = '0fe43335f5a325e3279a079ce616c052';
 
 // ─────────────────────────────────────────────────────────────────────────────

package/src/index.js

@@ -50,6 +50,14 @@ export { watchCommand } from './commands/watch.js';
 // Phase I3 Commands - Shell Mode
 export { shellCommand } from './commands/shell.js';
 
+// Phase K Commands - Maximize Claude Code
+export { testCommand } from './commands/test.js';
+export { docsCommand } from './commands/docs.js';
+export { refactorCommand } from './commands/refactor.js';
+export { securityCommand } from './commands/security.js';
+export { askCommand } from './commands/ask.js';
+export { migrateCommand } from './commands/migrate.js';
+
 // UI exports (Phase H2: Dashboard)
 export {
   ProgressDashboard,

package/docs-site/README.md

@@ -1,41 +0,0 @@
-# Website
-
-This website is built using [Docusaurus](https://docusaurus.io/), a modern static website generator.
-
-## Installation
-
-```bash
-yarn
-```
-
-## Local Development
-
-```bash
-yarn start
-```
-
-This command starts a local development server and opens up a browser window. Most changes are reflected live without having to restart the server.
-
-## Build
-
-```bash
-yarn build
-```
-
-This command generates static content into the `build` directory and can be served using any static contents hosting service.
-
-## Deployment
-
-Using SSH:
-
-```bash
-USE_SSH=true yarn deploy
-```
-
-Not using SSH:
-
-```bash
-GIT_USER=<Your GitHub username> yarn deploy
-```
-
-If you are using GitHub pages for hosting, this command is a convenient way to build the website and push to the `gh-pages` branch.

package/docs-site/blog/2019-05-28-first-blog-post.md

@@ -1,12 +0,0 @@
----
-slug: first-blog-post
-title: First Blog Post
-authors: [slorber, yangshun]
-tags: [hola, docusaurus]
----
-
-Lorem ipsum dolor sit amet...
-
-<!-- truncate -->
-
-...consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet