@nclamvn/vibecode-cli 2.0.0 → 2.2.0

package/src/commands/refactor.js

@@ -0,0 +1,205 @@
+// ═══════════════════════════════════════════════════════════════════════════════
+// VIBECODE CLI - Refactor Command
+// Phase K4: AI-Powered Refactoring
+// ═══════════════════════════════════════════════════════════════════════════════
+
+import { spawn } from 'child_process';
+import fs from 'fs/promises';
+import path from 'path';
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+import { BackupManager } from '../core/backup.js';
+
+export async function refactorCommand(targetPath, options = {}) {
+  const cwd = process.cwd();
+
+  // Interactive mode
+  if (!targetPath && !options.type) {
+    return interactiveRefactor(cwd);
+  }
+
+  return performRefactor(cwd, targetPath || 'src/', options);
+}
+
+async function interactiveRefactor(cwd) {
+  console.log(chalk.cyan(`
+╭────────────────────────────────────────────────────────────────────╮
+│  🔄 AI REFACTORING                                                 │
+│                                                                    │
+│  Improve code quality with AI-powered refactoring                 │
+│                                                                    │
+╰────────────────────────────────────────────────────────────────────╯
+  `));
+
+  const { refactorType } = await inquirer.prompt([{
+    type: 'list',
+    name: 'refactorType',
+    message: 'What type of refactoring?',
+    choices: [
+      { name: '🧹 Clean Code - Improve readability', value: 'clean' },
+      { name: '🔄 DRY - Remove duplication', value: 'dry' },
+      { name: '⚡ Performance - Optimize slow code', value: 'performance' },
+      { name: '🏗️  Architecture - Better structure', value: 'architecture' },
+      { name: '📦 Modularize - Split large files', value: 'modularize' },
+      { name: '🆕 Modernize - Update to modern syntax', value: 'modernize' },
+      { name: '🎯 Custom - Describe your own', value: 'custom' },
+      { name: '👋 Exit', value: 'exit' }
+    ]
+  }]);
+
+  if (refactorType === 'exit') return;
+
+  const { targetPath } = await inquirer.prompt([{
+    type: 'input',
+    name: 'targetPath',
+    message: 'Path to refactor:',
+    default: 'src/'
+  }]);
+
+  let customDescription = '';
+  if (refactorType === 'custom') {
+    const { desc } = await inquirer.prompt([{
+      type: 'input',
+      name: 'desc',
+      message: 'Describe the refactoring:'
+    }]);
+    customDescription = desc;
+  }
+
+  return performRefactor(cwd, targetPath, { type: refactorType, description: customDescription });
+}
+
+async function performRefactor(cwd, targetPath, options) {
+  const refactorType = options.type || 'clean';
+
+  // Create backup first
+  console.log(chalk.gray('\n  Creating backup before refactoring...\n'));
+  const backup = new BackupManager(cwd);
+  await backup.createBackup(`refactor-${refactorType}`);
+
+  const prompts = {
+    clean: `
+# Clean Code Refactoring
+
+Improve code readability:
+- Better variable/function names (descriptive, consistent)
+- Simplify complex conditions (extract to named variables/functions)
+- Extract magic numbers to named constants
+- Add meaningful comments where logic is complex
+- Improve code formatting and consistency
+- Follow language conventions and style guides
+- Remove dead code and unused imports
+`,
+    dry: `
+# DRY Refactoring (Don't Repeat Yourself)
+
+Remove code duplication:
+- Identify repeated code patterns (3+ occurrences)
+- Extract common logic to reusable functions
+- Create utility modules for shared functionality
+- Use generics/templates where appropriate
+- Consolidate similar functions with parameters
+- Create higher-order functions for common patterns
+`,
+    performance: `
+# Performance Optimization
+
+Optimize for speed and efficiency:
+- Replace O(n²) with O(n) where possible
+- Add memoization for expensive computations
+- Optimize database queries (N+1 problem)
+- Implement lazy loading for large data
+- Use efficient data structures (Map/Set vs Array)
+- Remove unnecessary re-renders (React)
+- Add proper caching strategies
+- Optimize loops and iterations
+`,
+    architecture: `
+# Architecture Refactoring
+
+Improve code structure:
+- Apply SOLID principles
+- Implement proper separation of concerns
+- Use dependency injection where appropriate
+- Apply appropriate design patterns
+- Improve module boundaries
+- Better error handling structure
+- Create clear interfaces between modules
+- Reduce coupling, increase cohesion
+`,
+    modularize: `
+# Modularization
+
+Split large files and improve organization:
+- Break large files (>300 lines) into smaller modules
+- One component/class per file
+- Group related functionality in folders
+- Create proper index files for exports
+- Improve import structure
+- Separate concerns (UI, logic, data)
+- Create feature-based folder structure
+`,
+    modernize: `
+# Modernize Code
+
+Update to modern syntax and practices:
+- ES6+ features (arrow functions, destructuring, spread)
+- async/await instead of callbacks/Promise chains
+- Optional chaining (?.) and nullish coalescing (??)
+- Modern array methods (map, filter, reduce)
+- Template literals instead of string concatenation
+- const/let instead of var
+- TypeScript improvements (if TS project)
+- Modern React patterns (hooks, functional components)
+`,
+    custom: `
+# Custom Refactoring
+
+${options.description || 'Improve the code based on best practices.'}
+`
+  };
+
+  const prompt = `
+${prompts[refactorType]}
+
+## Target Path: ${targetPath}
+
+## Instructions:
+1. Analyze the code in the target path
+2. Apply the refactoring described above
+3. Preserve all functionality (don't break anything!)
+4. Make minimal changes to achieve the goal
+5. Add comments explaining significant changes
+
+## Safety:
+- Run tests after refactoring if available
+- Keep backward compatibility
+- Don't change public APIs without good reason
+
+Perform the refactoring now.
+`;
+
+  const promptFile = path.join(cwd, '.vibecode', 'refactor-prompt.md');
+  await fs.mkdir(path.dirname(promptFile), { recursive: true });
+  await fs.writeFile(promptFile, prompt);
+
+  console.log(chalk.yellow(`  Refactoring (${refactorType})...\n`));
+
+  await runClaudeCode(prompt, cwd);
+
+  console.log(chalk.green('\n✅ Refactoring complete!'));
+  console.log(chalk.gray('  • Run tests to verify changes'));
+  console.log(chalk.gray('  • Use `vibecode undo` to revert if needed\n'));
+}
+
+async function runClaudeCode(prompt, cwd) {
+  return new Promise((resolve) => {
+    const child = spawn('claude', ['-p', prompt, '--dangerously-skip-permissions'], {
+      cwd,
+      stdio: 'inherit'
+    });
+
+    child.on('close', resolve);
+    child.on('error', () => resolve());
+  });
+}

package/src/commands/review.js

@@ -1,11 +1,13 @@
 // ═══════════════════════════════════════════════════════════════════════════════
 // VIBECODE CLI - Review Command
+// Phase K1: AI Code Review
 // ═══════════════════════════════════════════════════════════════════════════════
 
 import chalk from 'chalk';
 import ora from 'ora';
 import path from 'path';
-import { exec } from 'child_process';
+import fs from 'fs/promises';
+import { exec, spawn } from 'child_process';
 import { promisify } from 'util';
 import inquirer from 'inquirer';
 import { workspaceExists, getProjectName } from '../core/workspace.js';
@@ -26,6 +28,10 @@ import { printBox, printError, printSuccess, printWarning, printNextStep } from
 const execAsync = promisify(exec);
 
 export async function reviewCommand(options = {}) {
+  // K1: AI-powered code review
+  if (options.ai) {
+    return aiCodeReview(options);
+  }
   const spinner = ora('Starting review...').start();
 
   try {
@@ -288,3 +294,122 @@ async function checkGitStatus() {
     return { clean: true, message: 'Git not available' };
   }
 }
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// K1: AI CODE REVIEW
+// ═══════════════════════════════════════════════════════════════════════════════
+
+async function aiCodeReview(options) {
+  const cwd = process.cwd();
+
+  console.log(chalk.cyan(`
+╭────────────────────────────────────────────────────────────────────╮
+│  🔍 AI CODE REVIEW                                                 │
+│                                                                    │
+│  Analyzing codebase for:                                          │
+│  • Code quality & best practices                                  │
+│  • Potential bugs & edge cases                                    │
+│  • Performance concerns                                           │
+│  • Security vulnerabilities                                       │
+│  • Maintainability issues                                         │
+│                                                                    │
+╰────────────────────────────────────────────────────────────────────╯
+  `));
+
+  // Gather codebase context
+  const files = await gatherSourceFiles(cwd, options.path);
+
+  console.log(chalk.gray(`  Found ${files.length} files to review\n`));
+
+  const prompt = `
+# AI Code Review Request
+
+## Project: ${path.basename(cwd)}
+
+## Files to Review:
+${files.map(f => `- ${f}`).join('\n')}
+
+## Review Criteria:
+1. **Code Quality**: Clean code, readability, naming conventions
+2. **Best Practices**: Design patterns, DRY, SOLID principles
+3. **Potential Bugs**: Edge cases, null checks, error handling
+4. **Performance**: Inefficient loops, memory leaks, N+1 queries
+5. **Security**: Input validation, XSS, SQL injection, auth issues
+6. **Maintainability**: Modularity, testability, documentation
+
+## Output Format:
+For each issue found, provide:
+- **Severity**: Critical / High / Medium / Low
+- **Category**: Bug / Performance / Security / Quality / Maintainability
+- **File**: path/to/file.ts
+- **Line**: (if applicable)
+- **Issue**: Description
+- **Suggestion**: How to fix
+
+## Summary:
+End with overall score (A-F) and top 3 priorities.
+
+Review the codebase now.
+`;
+
+  // Write prompt
+  const promptFile = path.join(cwd, '.vibecode', 'review-prompt.md');
+  await fs.mkdir(path.dirname(promptFile), { recursive: true });
+  await fs.writeFile(promptFile, prompt);
+
+  // Run Claude Code
+  console.log(chalk.gray('  Analyzing with Claude Code...\n'));
+
+  await runClaudeCode(prompt, cwd);
+
+  // Save report
+  const reportDir = path.join(cwd, '.vibecode', 'reports');
+  await fs.mkdir(reportDir, { recursive: true });
+  const reportFile = path.join(reportDir, `review-${Date.now()}.md`);
+
+  console.log(chalk.green(`\n✅ Review complete!`));
+  console.log(chalk.gray(`  Report saved to: .vibecode/reports/\n`));
+}
+
+async function gatherSourceFiles(cwd, targetPath) {
+  const files = [];
+  const extensions = ['.js', '.ts', '.tsx', '.jsx', '.py', '.go', '.rs', '.vue', '.svelte'];
+  const ignoreDirs = ['node_modules', '.git', 'dist', 'build', '.next', 'coverage', '.vibecode', '__pycache__'];
+
+  const scanDir = targetPath ? path.join(cwd, targetPath) : cwd;
+
+  async function scan(dir) {
+    try {
+      const entries = await fs.readdir(dir, { withFileTypes: true });
+
+      for (const entry of entries) {
+        if (entry.name.startsWith('.')) continue;
+        if (ignoreDirs.includes(entry.name)) continue;
+
+        const fullPath = path.join(dir, entry.name);
+        const relativePath = path.relative(cwd, fullPath);
+
+        if (entry.isDirectory()) {
+          await scan(fullPath);
+        } else if (extensions.some(ext => entry.name.endsWith(ext))) {
+          files.push(relativePath);
+        }
+      }
+    } catch {}
+  }
+
+  await scan(scanDir);
+  return files.slice(0, 50); // Limit files
+}
+
+async function runClaudeCode(prompt, cwd) {
+  return new Promise((resolve) => {
+    const child = spawn('claude', ['-p', prompt, '--dangerously-skip-permissions'], {
+      cwd,
+      stdio: 'inherit'
+    });
+
+    child.on('close', resolve);
+    child.on('error', () => resolve());
+  });
+}

package/src/commands/security.js

@@ -0,0 +1,229 @@
+// ═══════════════════════════════════════════════════════════════════════════════
+// VIBECODE CLI - Security Command
+// Phase K5: AI Security Audit
+// ═══════════════════════════════════════════════════════════════════════════════
+
+import { spawn, exec } from 'child_process';
+import { promisify } from 'util';
+import fs from 'fs/promises';
+import path from 'path';
+import chalk from 'chalk';
+
+const execAsync = promisify(exec);
+
+export async function securityCommand(options = {}) {
+  const cwd = process.cwd();
+
+  console.log(chalk.cyan(`
+╭────────────────────────────────────────────────────────────────────╮
+│  🔒 SECURITY AUDIT                                                 │
+│                                                                    │
+│  Scanning for vulnerabilities...                                  │
+│                                                                    │
+╰────────────────────────────────────────────────────────────────────╯
+  `));
+
+  const results = {
+    npmAudit: null,
+    secretsScan: [],
+    timestamp: new Date().toISOString()
+  };
+
+  // 1. Run npm audit
+  console.log(chalk.gray('\n  [1/3] Running npm audit...\n'));
+  try {
+    const { stdout } = await execAsync('npm audit --json', { cwd, timeout: 60000 });
+    results.npmAudit = JSON.parse(stdout);
+    console.log(chalk.green('    ✓ npm audit complete'));
+  } catch (error) {
+    try {
+      if (error.stdout) {
+        results.npmAudit = JSON.parse(error.stdout);
+        const vulns = results.npmAudit?.metadata?.vulnerabilities;
+        if (vulns) {
+          const total = vulns.critical + vulns.high + vulns.moderate + vulns.low;
+          if (total > 0) {
+            console.log(chalk.yellow(`    ⚠ Found ${total} vulnerabilities`));
+          } else {
+            console.log(chalk.green('    ✓ No vulnerabilities found'));
+          }
+        }
+      }
+    } catch {
+      results.npmAudit = { error: 'npm audit failed or not applicable' };
+      console.log(chalk.gray('    - npm audit not applicable'));
+    }
+  }
+
+  // 2. Scan for secrets
+  console.log(chalk.gray('\n  [2/3] Scanning for exposed secrets...\n'));
+  results.secretsScan = await scanForSecrets(cwd);
+  if (results.secretsScan.length > 0) {
+    console.log(chalk.red(`    ⚠ Found ${results.secretsScan.length} potential secrets!`));
+    for (const secret of results.secretsScan.slice(0, 5)) {
+      console.log(chalk.gray(`      - ${secret.file}: ${secret.type}`));
+    }
+  } else {
+    console.log(chalk.green('    ✓ No exposed secrets detected'));
+  }
+
+  // 3. AI security analysis
+  console.log(chalk.gray('\n  [3/3] AI security analysis...\n'));
+
+  const vulnSummary = results.npmAudit?.metadata?.vulnerabilities;
+  const npmSummary = vulnSummary
+    ? `Critical: ${vulnSummary.critical}, High: ${vulnSummary.high}, Moderate: ${vulnSummary.moderate}, Low: ${vulnSummary.low}`
+    : 'npm audit not available';
+
+  const prompt = `
+# Security Audit Request
+
+## Project: ${path.basename(cwd)}
+
+## NPM Audit Results:
+${npmSummary}
+
+## Potential Secrets Found:
+${results.secretsScan.map(s => `- ${s.file}: ${s.type}`).join('\n') || 'None detected'}
+
+## Security Analysis Required:
+Analyze the codebase for security vulnerabilities:
+
+1. **Authentication Issues**
+   - Weak password handling
+   - Missing auth checks on protected routes
+   - Insecure session management
+   - JWT vulnerabilities
+
+2. **Input Validation**
+   - SQL injection risks
+   - XSS vulnerabilities
+   - Command injection
+   - Path traversal
+   - ReDoS (regex denial of service)
+
+3. **Data Exposure**
+   - Sensitive data in logs
+   - Exposed API keys in code
+   - Insecure data storage
+   - PII handling issues
+
+4. **Configuration Issues**
+   - CORS misconfiguration
+   - Missing security headers
+   - Debug mode in production
+   - Insecure defaults
+
+5. **Dependencies**
+   - Known vulnerable packages
+   - Outdated dependencies
+   - Unnecessary dependencies
+
+## Output Format:
+For each vulnerability found:
+- **Severity**: Critical / High / Medium / Low
+- **Category**: Auth / Injection / Exposure / Config / Dependency
+- **Location**: File and line number
+- **Description**: What's the issue
+- **Remediation**: How to fix it
+
+End with a security score (A-F) and priority fixes.
+`;
+
+  const promptFile = path.join(cwd, '.vibecode', 'security-prompt.md');
+  await fs.mkdir(path.dirname(promptFile), { recursive: true });
+  await fs.writeFile(promptFile, prompt);
+
+  await runClaudeCode(prompt, cwd);
+
+  // Save report
+  const reportPath = path.join(cwd, '.vibecode', 'reports', `security-${Date.now()}.json`);
+  await fs.mkdir(path.dirname(reportPath), { recursive: true });
+  await fs.writeFile(reportPath, JSON.stringify(results, null, 2));
+
+  console.log(chalk.green('\n✅ Security audit complete!'));
+  console.log(chalk.gray(`  Report saved to: .vibecode/reports/\n`));
+
+  // Auto-fix option
+  if (options.fix) {
+    console.log(chalk.yellow('\n  Attempting auto-fix...\n'));
+    try {
+      await execAsync('npm audit fix', { cwd });
+      console.log(chalk.green('  ✓ npm audit fix completed\n'));
+    } catch {
+      console.log(chalk.gray('  - npm audit fix not applicable\n'));
+    }
+  }
+}
+
+async function scanForSecrets(cwd) {
+  const secrets = [];
+  const patterns = [
+    { regex: /(['"])?(api[_-]?key|apikey)(['"])?\s*[:=]\s*(['"])[a-zA-Z0-9]{20,}(['"])/gi, type: 'API Key' },
+    { regex: /(['"])?(secret|password|passwd|pwd)(['"])?\s*[:=]\s*(['"])[^'"]{8,}(['"])/gi, type: 'Password/Secret' },
+    { regex: /(['"])?(aws[_-]?access[_-]?key[_-]?id)(['"])?\s*[:=]\s*(['"])[A-Z0-9]{20}(['"])/gi, type: 'AWS Access Key' },
+    { regex: /(['"])?(aws[_-]?secret)(['"])?\s*[:=]\s*(['"])[a-zA-Z0-9/+=]{40}(['"])/gi, type: 'AWS Secret Key' },
+    { regex: /(['"])?(private[_-]?key)(['"])?\s*[:=]\s*(['"])-----BEGIN/gi, type: 'Private Key' },
+    { regex: /(['"])?(auth[_-]?token|bearer)(['"])?\s*[:=]\s*(['"])[a-zA-Z0-9._-]{20,}(['"])/gi, type: 'Auth Token' },
+    { regex: /(['"])?(github[_-]?token)(['"])?\s*[:=]\s*(['"])gh[ps]_[a-zA-Z0-9]{36}(['"])/gi, type: 'GitHub Token' },
+    { regex: /(['"])?(stripe[_-]?key)(['"])?\s*[:=]\s*(['"])sk_[a-zA-Z0-9]{24,}(['"])/gi, type: 'Stripe Key' }
+  ];
+
+  const files = await getAllSourceFiles(cwd);
+
+  for (const file of files) {
+    try {
+      const content = await fs.readFile(path.join(cwd, file), 'utf-8');
+
+      for (const { regex, type } of patterns) {
+        regex.lastIndex = 0; // Reset regex state
+        if (regex.test(content)) {
+          secrets.push({ file, type });
+          break; // One type per file is enough
+        }
+      }
+    } catch {}
+  }
+
+  return secrets;
+}
+
+async function getAllSourceFiles(cwd) {
+  const files = [];
+  const extensions = ['.js', '.ts', '.jsx', '.tsx', '.json', '.env', '.yaml', '.yml', '.py', '.go'];
+  const ignoreDirs = ['node_modules', '.git', 'dist', 'build', '.next', 'coverage'];
+
+  async function scan(dir) {
+    try {
+      const entries = await fs.readdir(dir, { withFileTypes: true });
+
+      for (const entry of entries) {
+        if (entry.name.startsWith('.') && entry.name !== '.env') continue;
+        if (ignoreDirs.includes(entry.name)) continue;
+
+        const fullPath = path.join(dir, entry.name);
+
+        if (entry.isDirectory()) {
+          await scan(fullPath);
+        } else if (extensions.some(ext => entry.name.endsWith(ext))) {
+          files.push(path.relative(cwd, fullPath));
+        }
+      }
+    } catch {}
+  }
+
+  await scan(cwd);
+  return files.slice(0, 100);
+}
+
+async function runClaudeCode(prompt, cwd) {
+  return new Promise((resolve) => {
+    const child = spawn('claude', ['-p', prompt, '--dangerously-skip-permissions'], {
+      cwd,
+      stdio: 'inherit'
+    });
+
+    child.on('close', resolve);
+    child.on('error', () => resolve());
+  });
+}