@probelabs/visor 0.1.0

package/action.yml

@@ -0,0 +1,142 @@
+name: 'Visor AI Code Review'
+description: 'AI-powered code review tool that analyzes PRs for security, performance, style, and architecture issues. Works out-of-the-box without configuration.'
+author: 'Visor Team'
+branding:
+  icon: 'eye'
+  color: 'blue'
+
+inputs:
+  github-token:
+    description: 'GitHub token for API access (use this OR app-id/private-key)'
+    required: false
+    default: ${{ github.token }}
+  
+  app-id:
+    description: 'GitHub App ID for authentication (optional, use with private-key)'
+    required: false
+  
+  private-key:
+    description: 'GitHub App private key for authentication (optional, use with app-id)'
+    required: false
+  
+  installation-id:
+    description: 'GitHub App installation ID (optional, auto-detected if not provided)'
+    required: false
+  
+  auto-review:
+    description: 'Enable automatic review on PR open/update'
+    required: false
+    default: 'true'
+  
+  checks:
+    description: 'Comma-separated list of checks to run (security,performance,style,architecture,all)'
+    required: false
+    default: 'all'
+  
+  output-format:
+    description: 'Output format for analysis results (table,json,markdown,sarif)'
+    required: false
+    default: 'json'
+  
+  config-path:
+    description: 'Path to visor configuration file (optional - uses bundled default config if not specified)'
+    required: false
+    default: ''
+  
+  comment-on-pr:
+    description: 'Post review results as PR comment'
+    required: false
+    default: 'true'
+  
+  create-check:
+    description: 'Create GitHub check run with results'
+    required: false
+    default: 'true'
+  
+  add-labels:
+    description: 'Add quality labels to PR'
+    required: false
+    default: 'true'
+
+  ai-model:
+    description: 'AI model to use (mock, google-gemini-pro, claude-sonnet, etc.)'
+    required: false
+    default: ''
+
+  ai-provider:
+    description: 'AI provider to use (mock, google, anthropic, openai)'
+    required: false
+    default: ''
+  
+  fail-on-critical:
+    description: 'Fail the action if critical issues are found'
+    required: false
+    default: 'false'
+  
+  fail-on-api-error:
+    description: 'Fail the action if API authentication or rate limit errors occur'
+    required: false
+    default: 'false'
+  
+  debug:
+    description: 'Enable debug mode for detailed output in comments'
+    required: false
+    default: 'false'
+  
+  # Legacy inputs for backward compatibility
+  owner:
+    description: 'Repository owner (legacy)'
+    required: false
+  repo:
+    description: 'Repository name (legacy)'
+    required: false
+  visor-config-path:
+    description: 'Path to Visor configuration file (legacy, use config-path)'
+    required: false
+  visor-checks:
+    description: 'Checks to run (legacy, use checks)'
+    required: false
+
+outputs:
+  total-issues:
+    description: 'Total number of issues found'
+  
+  critical-issues:
+    description: 'Number of critical issues found'
+  
+  review-url:
+    description: 'URL to the detailed review comment'
+  
+  sarif-report:
+    description: 'SARIF format report (if output-format includes sarif)'
+  
+  incremental-analysis:
+    description: 'Whether incremental analysis was performed (true for synchronize events)'
+  
+  pr-action:
+    description: 'The GitHub PR action that triggered this run (opened, synchronize, edited)'
+
+  check-runs-created:
+    description: 'Number of GitHub check runs created'
+
+  check-runs-urls:
+    description: 'URLs of created GitHub check runs (comma-separated)'
+
+  checks-api-available:
+    description: 'Whether GitHub Checks API was available (true/false)'
+
+  # Legacy outputs for backward compatibility
+  repo-name:
+    description: 'Name of the repository (legacy)'
+  repo-description:
+    description: 'Description of the repository (legacy)'
+  repo-stars:
+    description: 'Number of stars on the repository (legacy)'
+  issues-found:
+    description: 'Number of issues found (legacy, use total-issues)'
+  auto-review-completed:
+    description: 'Whether automatic PR review was completed (legacy)'
+
+runs:
+  using: 'node20'
+  main: 'dist/index.js'

package/defaults/.visor.yaml

@@ -0,0 +1,184 @@
+version: "1.0"
+
+# Default Visor configuration - provides comprehensive code analysis out-of-the-box
+# Uses mock provider for CI compatibility when no AI API keys are configured
+# Users can override this by creating their own .visor.yaml in their project root
+
+# Global AI provider settings - uses mock by default for CI compatibility
+ai_provider: "mock"
+
+# Global fail condition - fail if critical issues are found
+fail_if: "output.issues && output.issues.some(i => i.severity === 'critical')"
+
+checks:
+  # Security analysis - Critical for all projects
+  security:
+    type: ai
+    group: review
+    schema: code-review
+    ai_provider: "mock"
+    prompt: |
+        Please perform a comprehensive security analysis of the code changes in this pull request.
+
+        ## Files Changed
+        {% for file in files %}
+        - `{{ file.filename }}` - {{ file.status }}, +{{ file.additions }}/-{{ file.deletions }} ({{ file.changes }} total changes)
+        {% endfor %}
+
+        ## Instructions
+        Analyze the code for security vulnerabilities including:
+
+        **Input Validation & Injection:**
+        - SQL injection in database queries
+        - XSS vulnerabilities in user input handling
+        - Command injection in system calls
+        - Path traversal in file operations
+
+        **Authentication & Authorization:**
+        - Weak authentication mechanisms
+        - Session management flaws
+        - Access control bypasses
+        - Privilege escalation opportunities
+
+        **Data Protection:**
+        - Sensitive data exposure in logs/errors
+        - Unencrypted data storage
+        - API key or credential leaks
+        - Privacy regulation compliance
+
+        **Infrastructure Security:**
+        - Insecure configurations
+        - Missing security headers
+        - Vulnerable dependencies
+        - Resource exhaustion vulnerabilities
+
+        Provide specific findings with clear explanations and actionable remediation steps.
+    on: [pr_opened, pr_updated]
+
+  # Performance analysis - Important for all applications
+  performance:
+    type: ai
+    group: review
+    schema: code-review
+    ai_provider: "mock"
+    prompt: |
+        Review the code changes for performance issues:
+
+        ## Files to Analyze
+        {% for file in files %}
+        - `{{ file.filename }}` ({{ file.changes }} changes, {{ file.status }})
+        {% endfor %}
+
+        ## Analysis Areas
+        **Algorithm & Data Structure Efficiency:**
+        - Time complexity analysis (O(n), O(n²), etc.)
+        - Space complexity and memory usage
+        - Inefficient loops and nested operations
+        - Suboptimal data structure choices
+
+        **Database Performance:**
+        - N+1 query problems
+        - Missing database indexes
+        - Inefficient JOIN operations
+        - Large result set retrievals
+
+        **Resource Management:**
+        - Memory leaks and excessive allocations
+        - File handle management
+        - Connection pooling issues
+        - Resource cleanup patterns
+
+        **Async & Concurrency:**
+        - Blocking operations in async contexts
+        - Race conditions and deadlocks
+        - Inefficient parallel processing
+
+        Identify specific performance issues and provide optimization recommendations.
+    on: [pr_opened, pr_updated]
+
+  # Code quality and maintainability
+  quality:
+    type: ai
+    group: review
+    schema: code-review
+    ai_provider: "mock"
+    prompt: |
+        Evaluate the code quality and maintainability of the changes:
+
+        ## Quality Assessment Areas
+        **Code Structure & Design:**
+        - SOLID principles adherence
+        - Design pattern appropriateness
+        - Separation of concerns
+        - Code organization and clarity
+
+        **Error Handling & Reliability:**
+        - Exception handling completeness
+        - Error propagation patterns
+        - Input validation thoroughness
+        - Edge case coverage
+
+        **Testing & Test Coverage:**
+        - Missing tests for critical functionality
+        - Test coverage gaps
+        - Test quality and effectiveness
+        - Edge cases and error scenarios coverage
+
+        **Maintainability:**
+        - Code testability issues
+        - Dependencies and coupling problems
+        - Technical debt introduction
+        - Code duplication (DRY violations)
+
+        **Language-Specific Best Practices:**
+        - Idiomatic code usage
+        - Framework/library best practices
+        - Type safety (if applicable)
+
+        Focus on actionable improvements that enhance code maintainability.
+    on: [pr_opened, pr_updated]
+
+  # PR overview with intelligent analysis
+  overview:
+    type: ai
+    group: overview
+    schema: plain
+    ai_provider: "mock"
+    prompt: |
+        # 📋 Pull Request Overview: {{ pr.title }}
+
+        {% if pr.body %}
+        ## Description
+        {{ pr.body }}
+        {% endif %}
+
+        ## Files Changed Analysis
+
+        | File | Type | Status | Changes | Impact |
+        |------|------|--------|---------|--------|
+        {% for file in files %}
+        | `{{ file.filename }}` | {{ file.filename | split: "." | last | upcase }} | {{ file.status | capitalize }} | +{{ file.additions }}/-{{ file.deletions }} | {% if file.changes > 50 %}High{% elsif file.changes > 20 %}Medium{% else %}Low{% endif %} |
+        {% endfor %}
+
+        ## Instructions
+        Generate a comprehensive overview and analysis of this pull request:
+
+        1. **Change Impact Analysis**
+           - What this PR accomplishes
+           - Key technical changes introduced
+           - Affected system components
+
+        2. **Architecture Assessment**
+           - Component relationships affected
+           - Process flows modified
+           - Data flow changes
+
+        Provide a balanced technical assessment suitable for developers and stakeholders.
+    on: [pr_opened, pr_updated]
+
+# Output configuration
+output:
+  pr_comment:
+    format: markdown
+    group_by: check
+    collapse: true

package/dist/action-cli-bridge.d.ts

@@ -0,0 +1,104 @@
+export interface GitHubActionInputs {
+    'github-token': string;
+    owner?: string;
+    repo?: string;
+    'auto-review'?: string;
+    'app-id'?: string;
+    'private-key'?: string;
+    'installation-id'?: string;
+    checks?: string;
+    'output-format'?: string;
+    'config-path'?: string;
+    'comment-on-pr'?: string;
+    'create-check'?: string;
+    'add-labels'?: string;
+    'fail-on-critical'?: string;
+    'fail-on-api-error'?: string;
+    'min-score'?: string;
+    debug?: string;
+    'visor-config-path'?: string;
+    'visor-checks'?: string;
+}
+export interface GitHubContext {
+    event_name: string;
+    repository?: {
+        owner: {
+            login: string;
+        };
+        name: string;
+    };
+    event?: {
+        comment?: Record<string, unknown>;
+        issue?: Record<string, unknown>;
+        pull_request?: Record<string, unknown>;
+        action?: string;
+    };
+    payload?: Record<string, unknown>;
+}
+export interface ActionCliOutput {
+    success: boolean;
+    output?: string;
+    error?: string;
+    exitCode?: number;
+    cliOutput?: {
+        reviewScore?: number;
+        issuesFound?: number;
+        autoReviewCompleted?: boolean;
+    };
+}
+/**
+ * Bridge between GitHub Action and Visor CLI
+ */
+export declare class ActionCliBridge {
+    private githubToken;
+    private context;
+    constructor(githubToken: string, context: GitHubContext);
+    /**
+     * Determine if Visor CLI should be used based on inputs
+     */
+    shouldUseVisor(inputs: GitHubActionInputs): boolean;
+    /**
+     * Parse GitHub Action inputs to CLI arguments
+     */
+    parseGitHubInputsToCliArgs(inputs: GitHubActionInputs): string[];
+    /**
+     * Execute CLI with GitHub context
+     */
+    executeCliWithContext(inputs: GitHubActionInputs, options?: {
+        workingDir?: string;
+        timeout?: number;
+    }): Promise<ActionCliOutput>;
+    /**
+     * Merge CLI and Action outputs for backward compatibility
+     */
+    mergeActionAndCliOutputs(actionInputs: GitHubActionInputs, cliResult: ActionCliOutput, legacyOutputs?: Record<string, string>): Record<string, string>;
+    /**
+     * Execute command with timeout and proper error handling
+     */
+    private executeCommand;
+    /**
+     * Parse CLI JSON output to extract relevant data
+     */
+    private parseCliOutput;
+    /**
+     * Check if a check type is valid
+     */
+    private isValidCheck;
+    /**
+     * Create temporary config file from action inputs
+     */
+    createTempConfigFromInputs(inputs: GitHubActionInputs, options?: {
+        workingDir?: string;
+    }): Promise<string | null>;
+    /**
+     * Get AI prompt for a specific check type
+     */
+    private getPromptForCheck;
+    /**
+     * Cleanup temporary files
+     */
+    cleanup(options?: {
+        workingDir?: string;
+    }): Promise<void>;
+}
+//# sourceMappingURL=action-cli-bridge.d.ts.map

package/dist/action-cli-bridge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"action-cli-bridge.d.ts","sourceRoot":"","sources":["../src/action-cli-bridge.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE;QACX,KAAK,EAAE;YAAE,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC;QACzB,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,KAAK,CAAC,EAAE;QACN,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAClC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAChC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE;QACV,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,mBAAmB,CAAC,EAAE,OAAO,CAAC;KAC/B,CAAC;CACH;AAED;;GAEG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,OAAO,CAAgB;gBAEnB,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa;IAKvD;;OAEG;IACI,cAAc,CAAC,MAAM,EAAE,kBAAkB,GAAG,OAAO;IAS1D;;OAEG;IACI,0BAA0B,CAAC,MAAM,EAAE,kBAAkB,GAAG,MAAM,EAAE;IA6CvE;;OAEG;IACU,qBAAqB,CAChC,MAAM,EAAE,kBAAkB,EAC1B,OAAO,GAAE;QACP,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,OAAO,CAAC,EAAE,MAAM,CAAC;KACb,GACL,OAAO,CAAC,eAAe,CAAC;IAqE3B;;OAEG;IACI,wBAAwB,CAC7B,YAAY,EAAE,kBAAkB,EAChC,SAAS,EAAE,eAAe,EAC1B,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACrC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAyBzB;;OAEG;IACH,OAAO,CAAC,cAAc;IA8DtB;;OAEG;IACH,OAAO,CAAC,cAAc;IAyBtB;;OAEG;IACH,OAAO,CAAC,YAAY;IAKpB;;OAEG;IACU,0BAA0B,CACrC,MAAM,EAAE,kBAAkB,EAC1B,OAAO,GAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAA;KAAO,GACpC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAsDzB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAyCzB;;OAEG;IACU,OAAO,CAAC,OAAO,GAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAA;KAAO,GAAG,OAAO,CAAC,IAAI,CAAC;CAU3E"}