@probelabs/visor 0.1.10 → 0.1.18

package/dist/check-execution-engine.js

@@ -1,4 +1,37 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.CheckExecutionEngine = void 0;
 const reviewer_1 = require("./reviewer");
@@ -157,6 +190,7 @@ class CheckExecutionEngine {
                     const result = await tasks[taskIndex]();
                     results[taskIndex] = { status: 'fulfilled', value: result };
                     // Check if we should stop due to fail-fast
+                    // eslint-disable-next-line @typescript-eslint/no-explicit-any
                     if (failFast && this.shouldFailFast(result)) {
                         shouldStop = true;
                         break;
@@ -190,6 +224,13 @@ class CheckExecutionEngine {
         const logFn = outputFormat === 'json' || outputFormat === 'sarif' ? console.error : console.log;
         logFn(`🔧 Debug: executeReviewChecks called with checks: ${JSON.stringify(checks)}`);
         logFn(`🔧 Debug: Config available: ${!!config}, Config has checks: ${!!config?.checks}`);
+        // Filter checks based on current event type to prevent execution of checks that shouldn't run
+        const filteredChecks = this.filterChecksByEvent(checks, config, prInfo, logFn);
+        if (filteredChecks.length !== checks.length) {
+            logFn(`🔧 Debug: Event filtering reduced checks from ${checks.length} to ${filteredChecks.length}: ${JSON.stringify(filteredChecks)}`);
+        }
+        // Use filtered checks for execution
+        checks = filteredChecks;
         // If we have a config with individual check definitions, use dependency-aware execution
         // Check if any of the checks have dependencies or if there are multiple checks
         const hasDependencies = config?.checks &&
@@ -218,7 +259,7 @@ class CheckExecutionEngine {
                 };
                 const result = await provider.execute(prInfo, providerConfig);
                 // Prefix issues with check name for consistent grouping
-                const prefixedIssues = result.issues.map(issue => ({
+                const prefixedIssues = (result.issues || []).map(issue => ({
                     ...issue,
                     ruleId: `${checks[0]}/${issue.ruleId}`,
                 }));
@@ -255,7 +296,7 @@ class CheckExecutionEngine {
             };
             const result = await provider.execute(prInfo, providerConfig);
             // Prefix issues with check name for consistent grouping
-            const prefixedIssues = result.issues.map(issue => ({
+            const prefixedIssues = (result.issues || []).map(issue => ({
                 ...issue,
                 ruleId: `${checkName}/${issue.ruleId}`,
             }));
@@ -282,6 +323,243 @@ class CheckExecutionEngine {
             format: 'table',
         });
     }
+    /**
+     * Execute review checks and return grouped results for new architecture
+     */
+    async executeGroupedChecks(prInfo, checks, timeout, config, outputFormat, debug, maxParallelism, failFast) {
+        // Determine where to send log messages based on output format
+        const logFn = outputFormat === 'json' || outputFormat === 'sarif' ? console.error : console.log;
+        logFn(`🔧 Debug: executeGroupedChecks called with checks: ${JSON.stringify(checks)}`);
+        logFn(`🔧 Debug: Config available: ${!!config}, Config has checks: ${!!config?.checks}`);
+        // Filter checks based on current event type to prevent execution of checks that shouldn't run
+        const filteredChecks = this.filterChecksByEvent(checks, config, prInfo, logFn);
+        if (filteredChecks.length !== checks.length) {
+            logFn(`🔧 Debug: Event filtering reduced checks from ${checks.length} to ${filteredChecks.length}: ${JSON.stringify(filteredChecks)}`);
+        }
+        // Use filtered checks for execution
+        checks = filteredChecks;
+        if (!config?.checks) {
+            throw new Error('Config with check definitions required for grouped execution');
+        }
+        // If we have a config with individual check definitions, use dependency-aware execution
+        const hasDependencies = checks.some(checkName => {
+            const checkConfig = config.checks[checkName];
+            return checkConfig?.depends_on && checkConfig.depends_on.length > 0;
+        });
+        if (checks.length > 1 || hasDependencies) {
+            logFn(`🔧 Debug: Using grouped dependency-aware execution for ${checks.length} checks (has dependencies: ${hasDependencies})`);
+            return await this.executeGroupedDependencyAwareChecks(prInfo, checks, timeout, config, logFn, debug, maxParallelism, failFast);
+        }
+        // Single check execution
+        if (checks.length === 1) {
+            logFn(`🔧 Debug: Using grouped single check execution for: ${checks[0]}`);
+            const checkResult = await this.executeSingleGroupedCheck(prInfo, checks[0], timeout, config, logFn, debug);
+            const groupedResults = {};
+            groupedResults[checkResult.group] = [checkResult];
+            return groupedResults;
+        }
+        // No checks to execute
+        return {};
+    }
+    /**
+     * Execute single check and return grouped result
+     */
+    async executeSingleGroupedCheck(prInfo, checkName, timeout, config, logFn, debug) {
+        if (!config?.checks?.[checkName]) {
+            throw new Error(`No configuration found for check: ${checkName}`);
+        }
+        const checkConfig = config.checks[checkName];
+        const provider = this.providerRegistry.getProviderOrThrow('ai');
+        const providerConfig = {
+            type: 'ai',
+            prompt: checkConfig.prompt,
+            focus: checkConfig.focus || this.mapCheckNameToFocus(checkName),
+            schema: checkConfig.schema,
+            group: checkConfig.group,
+            ai: {
+                timeout: timeout || 600000,
+                debug: debug,
+                ...(checkConfig.ai || {}),
+            },
+            ai_provider: checkConfig.ai_provider || config.ai_provider,
+            ai_model: checkConfig.ai_model || config.ai_model,
+        };
+        const result = await provider.execute(prInfo, providerConfig);
+        // Render the check content using the appropriate template
+        const content = await this.renderCheckContent(checkName, result, checkConfig, prInfo);
+        return {
+            checkName,
+            content,
+            group: checkConfig.group || 'default',
+            debug: result.debug,
+            issues: result.issues, // Include structured issues
+        };
+    }
+    /**
+     * Execute multiple checks with dependency awareness - return grouped results
+     */
+    async executeGroupedDependencyAwareChecks(prInfo, checks, timeout, config, logFn, debug, maxParallelism, failFast) {
+        // Use the existing dependency-aware execution logic
+        const reviewSummary = await this.executeDependencyAwareChecks(prInfo, checks, timeout, config, logFn, debug, maxParallelism, failFast);
+        // Convert the flat ReviewSummary to grouped CheckResults
+        return await this.convertReviewSummaryToGroupedResults(reviewSummary, checks, config, prInfo);
+    }
+    /**
+     * Convert ReviewSummary to GroupedCheckResults
+     */
+    async convertReviewSummaryToGroupedResults(reviewSummary, checks, config, prInfo) {
+        const groupedResults = {};
+        // Process each check individually
+        for (const checkName of checks) {
+            const checkConfig = config?.checks?.[checkName];
+            if (!checkConfig)
+                continue;
+            // Extract issues for this check
+            const checkIssues = (reviewSummary.issues || []).filter(issue => issue.ruleId?.startsWith(`${checkName}/`));
+            // Extract suggestions for this check
+            const checkSuggestions = (reviewSummary.suggestions || []).filter(suggestion => suggestion.startsWith(`[${checkName}]`));
+            // Create a mini ReviewSummary for this check
+            const checkSummary = {
+                issues: checkIssues,
+                suggestions: checkSuggestions,
+                debug: reviewSummary.debug,
+            };
+            // Render content for this check
+            const content = await this.renderCheckContent(checkName, checkSummary, checkConfig, prInfo);
+            const checkResult = {
+                checkName,
+                content,
+                group: checkConfig.group || 'default',
+                debug: reviewSummary.debug,
+                issues: checkIssues, // Include structured issues
+            };
+            // Add to appropriate group
+            const group = checkResult.group;
+            if (!groupedResults[group]) {
+                groupedResults[group] = [];
+            }
+            groupedResults[group].push(checkResult);
+        }
+        return groupedResults;
+    }
+    /**
+     * Validates that a file path is safe and within the project directory
+     * Prevents path traversal attacks by:
+     * - Blocking absolute paths
+     * - Blocking paths with ".." segments
+     * - Ensuring resolved path is within project directory
+     * - Blocking special characters and null bytes
+     * - Enforcing .liquid file extension
+     */
+    async validateTemplatePath(templatePath) {
+        const path = await Promise.resolve().then(() => __importStar(require('path')));
+        // Validate input
+        if (!templatePath || typeof templatePath !== 'string' || templatePath.trim() === '') {
+            throw new Error('Template path must be a non-empty string');
+        }
+        // Block null bytes and other dangerous characters
+        if (templatePath.includes('\0') || templatePath.includes('\x00')) {
+            throw new Error('Template path contains invalid characters');
+        }
+        // Enforce .liquid file extension
+        if (!templatePath.endsWith('.liquid')) {
+            throw new Error('Template file must have .liquid extension');
+        }
+        // Block absolute paths
+        if (path.isAbsolute(templatePath)) {
+            throw new Error('Template path must be relative to project directory');
+        }
+        // Block paths with ".." segments
+        if (templatePath.includes('..')) {
+            throw new Error('Template path cannot contain ".." segments');
+        }
+        // Block paths starting with ~ (home directory)
+        if (templatePath.startsWith('~')) {
+            throw new Error('Template path cannot reference home directory');
+        }
+        // Get the project root directory from git analyzer
+        const repositoryInfo = await this.gitAnalyzer.analyzeRepository();
+        const projectRoot = repositoryInfo.workingDirectory;
+        // Validate project root
+        if (!projectRoot || typeof projectRoot !== 'string') {
+            throw new Error('Unable to determine project root directory');
+        }
+        // Resolve the template path relative to project root
+        const resolvedPath = path.resolve(projectRoot, templatePath);
+        const resolvedProjectRoot = path.resolve(projectRoot);
+        // Validate resolved paths
+        if (!resolvedPath ||
+            !resolvedProjectRoot ||
+            resolvedPath === '' ||
+            resolvedProjectRoot === '') {
+            throw new Error(`Unable to resolve template path: projectRoot="${projectRoot}", templatePath="${templatePath}", resolvedPath="${resolvedPath}", resolvedProjectRoot="${resolvedProjectRoot}"`);
+        }
+        // Ensure the resolved path is still within the project directory
+        if (!resolvedPath.startsWith(resolvedProjectRoot + path.sep) &&
+            resolvedPath !== resolvedProjectRoot) {
+            throw new Error('Template path escapes project directory');
+        }
+        return resolvedPath;
+    }
+    /**
+     * Render check content using the appropriate template
+     */
+    async renderCheckContent(checkName, reviewSummary, checkConfig, _prInfo) {
+        // Import the liquid template system
+        const { Liquid } = await Promise.resolve().then(() => __importStar(require('liquidjs')));
+        const fs = await Promise.resolve().then(() => __importStar(require('fs/promises')));
+        const path = await Promise.resolve().then(() => __importStar(require('path')));
+        const liquid = new Liquid({
+            trimTagLeft: false,
+            trimTagRight: false,
+            trimOutputLeft: false,
+            trimOutputRight: false,
+            greedy: false,
+        });
+        // Determine template to use
+        const schema = checkConfig.schema || 'plain';
+        let templateContent;
+        if (checkConfig.template) {
+            // Custom template
+            if (checkConfig.template.content) {
+                templateContent = checkConfig.template.content;
+            }
+            else if (checkConfig.template.file) {
+                // Validate the template file path to prevent path traversal attacks
+                const validatedPath = await this.validateTemplatePath(checkConfig.template.file);
+                templateContent = await fs.readFile(validatedPath, 'utf-8');
+            }
+            else {
+                throw new Error('Custom template must specify either "file" or "content"');
+            }
+        }
+        else if (schema === 'plain') {
+            // Plain schema - return raw content directly
+            // Strip [checkName] prefixes from suggestions before joining
+            const cleanedSuggestions = (reviewSummary.suggestions || []).map(suggestion => {
+                // Remove [checkName] prefix if present
+                return suggestion.replace(/^\[[^\]]+\]\s*/, '');
+            });
+            return (reviewSummary.issues?.[0]?.message || '') + (cleanedSuggestions.join('\n\n') || '');
+        }
+        else {
+            // Use built-in schema template
+            const sanitizedSchema = schema.replace(/[^a-zA-Z0-9-]/g, '');
+            if (!sanitizedSchema) {
+                throw new Error('Invalid schema name');
+            }
+            const templatePath = path.join(__dirname, `../output/${sanitizedSchema}/template.liquid`);
+            templateContent = await fs.readFile(templatePath, 'utf-8');
+        }
+        // Prepare template data
+        const templateData = {
+            issues: reviewSummary.issues || [],
+            checkName: checkName,
+            suggestions: reviewSummary.suggestions || [],
+        };
+        const rendered = await liquid.parseAndRender(templateContent, templateData);
+        return rendered.trim();
+    }
     /**
      * Execute multiple checks with dependency awareness - intelligently parallel and sequential
      */
@@ -395,7 +673,7 @@ class CheckExecutionEngine {
                             branch: prInfo.head,
                             baseBranch: prInfo.base,
                             filesChanged: prInfo.files.map(f => f.filename),
-                            event: 'manual', // TODO: Get actual event from context
+                            event: 'issue_comment', // Command triggered from comment
                             environment: getSafeEnvironmentVariables(),
                             previousResults: results,
                         });
@@ -459,9 +737,9 @@ class CheckExecutionEngine {
                         providerConfig.sessionId = currentSessionId;
                     }
                     const result = await provider.execute(prInfo, providerConfig, dependencyResults, sessionInfo);
-                    log(`🔧 Debug: Completed check: ${checkName}, issues found: ${result.issues.length}`);
+                    log(`🔧 Debug: Completed check: ${checkName}, issues found: ${(result.issues || []).length}`);
                     // Add group, schema, template info and timestamp to issues from config
-                    const enrichedIssues = result.issues.map(issue => ({
+                    const enrichedIssues = (result.issues || []).map(issue => ({
                         ...issue,
                         ruleId: `${checkName}/${issue.ruleId}`,
                         group: checkConfig.group,
@@ -536,7 +814,7 @@ class CheckExecutionEngine {
                     const result = levelResults[i];
                     if (result.status === 'fulfilled' && result.value.result && !result.value.error) {
                         // Check for issues that should trigger fail-fast
-                        const hasFailuresToReport = result.value.result.issues.some(issue => issue.severity === 'error' || issue.severity === 'critical');
+                        const hasFailuresToReport = (result.value.result.issues || []).some(issue => issue.severity === 'error' || issue.severity === 'critical');
                         if (hasFailuresToReport) {
                             log(`🛑 Check "${checkName}" found critical/error issues and fail-fast is enabled - stopping execution`);
                             shouldStopExecution = true;
@@ -604,7 +882,7 @@ class CheckExecutionEngine {
                         branch: prInfo.head,
                         baseBranch: prInfo.base,
                         filesChanged: prInfo.files.map(f => f.filename),
-                        event: 'manual', // TODO: Get actual event from context
+                        event: 'issue_comment', // Command triggered from comment
                         environment: getSafeEnvironmentVariables(),
                         previousResults: new Map(), // No previous results in parallel execution
                     });
@@ -634,9 +912,9 @@ class CheckExecutionEngine {
                     },
                 };
                 const result = await provider.execute(prInfo, providerConfig);
-                console.error(`🔧 Debug: Completed check: ${checkName}, issues found: ${result.issues.length}`);
+                console.error(`🔧 Debug: Completed check: ${checkName}, issues found: ${(result.issues || []).length}`);
                 // Add group, schema info and timestamp to issues from config
-                const enrichedIssues = result.issues.map(issue => ({
+                const enrichedIssues = (result.issues || []).map(issue => ({
                     ...issue,
                     ruleId: `${checkName}/${issue.ruleId}`,
                     group: checkConfig.group,
@@ -704,7 +982,7 @@ class CheckExecutionEngine {
         };
         const result = await provider.execute(prInfo, providerConfig);
         // Prefix issues with check name and add group/schema info and timestamp from config
-        const prefixedIssues = result.issues.map(issue => ({
+        const prefixedIssues = (result.issues || []).map(issue => ({
             ...issue,
             ruleId: `${checkName}/${issue.ruleId}`,
             group: checkConfig.group,
@@ -759,17 +1037,17 @@ class CheckExecutionEngine {
                     continue;
                 }
                 // Check if this was a successful result
-                const hasErrors = result.issues.some(issue => issue.ruleId?.includes('/error') || issue.ruleId?.includes('/promise-error'));
+                const hasErrors = (result.issues || []).some(issue => issue.ruleId?.includes('/error') || issue.ruleId?.includes('/promise-error'));
                 if (hasErrors) {
                     debugInfo.push(`❌ Check "${checkName}" failed with errors`);
                 }
                 else {
-                    debugInfo.push(`✅ Check "${checkName}" completed: ${result.issues.length} issues found (level ${executionGroup.level})`);
+                    debugInfo.push(`✅ Check "${checkName}" completed: ${(result.issues || []).length} issues found (level ${executionGroup.level})`);
                 }
                 // Issues are already prefixed and enriched with group/schema info
-                aggregatedIssues.push(...result.issues);
+                aggregatedIssues.push(...(result.issues || []));
                 // Add suggestions with check name prefix
-                const prefixedSuggestions = result.suggestions.map(suggestion => `[${checkName}] ${suggestion}`);
+                const prefixedSuggestions = (result.suggestions || []).map(suggestion => `[${checkName}] ${suggestion}`);
                 aggregatedSuggestions.push(...prefixedSuggestions);
             }
         }
@@ -860,12 +1138,12 @@ class CheckExecutionEngine {
                 }
                 else if (checkResult.result) {
                     successfulChecks++;
-                    console.error(`🔧 Debug: Check ${checkName} succeeded with ${checkResult.result.issues.length} issues`);
-                    debugInfo.push(`✅ Check "${checkName}" completed: ${checkResult.result.issues.length} issues found`);
+                    console.error(`🔧 Debug: Check ${checkName} succeeded with ${(checkResult.result.issues || []).length} issues`);
+                    debugInfo.push(`✅ Check "${checkName}" completed: ${(checkResult.result.issues || []).length} issues found`);
                     // Issues are already prefixed and enriched with group/schema info
-                    aggregatedIssues.push(...checkResult.result.issues);
+                    aggregatedIssues.push(...(checkResult.result.issues || []));
                     // Add suggestions with check name prefix
-                    const prefixedSuggestions = checkResult.result.suggestions.map(suggestion => `[${checkName}] ${suggestion}`);
+                    const prefixedSuggestions = (checkResult.result.suggestions || []).map(suggestion => `[${checkName}] ${suggestion}`);
                     aggregatedSuggestions.push(...prefixedSuggestions);
                 }
             }
@@ -1126,7 +1404,7 @@ class CheckExecutionEngine {
         }
         // If the result has a result with critical or error issues, it should fail fast
         if (result?.result?.issues) {
-            return result.result.issues.some((issue) => issue.severity === 'error' || issue.severity === 'critical');
+            return (result.result.issues || []).some((issue) => issue.severity === 'error' || issue.severity === 'critical');
         }
         return false;
     }
@@ -1358,6 +1636,85 @@ class CheckExecutionEngine {
             }
         }
     }
+    /**
+     * Filter checks based on their event triggers to prevent execution of checks
+     * that shouldn't run for the current event type
+     */
+    filterChecksByEvent(checks, config, prInfo, logFn) {
+        if (!config?.checks) {
+            // No config available, return all checks (fallback behavior)
+            return checks;
+        }
+        // If we have event context from GitHub (prInfo with eventType), apply strict filtering
+        // Otherwise (CLI, tests), use conservative filtering
+        const prInfoWithEvent = prInfo;
+        const hasEventContext = prInfoWithEvent && 'eventType' in prInfoWithEvent && prInfoWithEvent.eventType;
+        if (hasEventContext) {
+            // GitHub Action context - apply strict event filtering
+            const currentEvent = prInfoWithEvent.eventType;
+            logFn?.(`🔧 Debug: GitHub Action context, current event: ${currentEvent}`);
+            const filteredChecks = [];
+            for (const checkName of checks) {
+                const checkConfig = config.checks[checkName];
+                if (!checkConfig) {
+                    filteredChecks.push(checkName);
+                    continue;
+                }
+                const eventTriggers = checkConfig.on || [];
+                if (eventTriggers.length === 0) {
+                    // No triggers specified, include it
+                    filteredChecks.push(checkName);
+                    logFn?.(`🔧 Debug: Check '${checkName}' has no event triggers, including`);
+                }
+                else if (eventTriggers.includes(currentEvent)) {
+                    // Check matches current event
+                    filteredChecks.push(checkName);
+                    logFn?.(`🔧 Debug: Check '${checkName}' matches event '${currentEvent}', including`);
+                }
+                else {
+                    // Check doesn't match current event
+                    logFn?.(`🔧 Debug: Check '${checkName}' does not match event '${currentEvent}' (triggers: ${JSON.stringify(eventTriggers)}), skipping`);
+                }
+            }
+            return filteredChecks;
+        }
+        else {
+            // CLI/Test context - conservative filtering (only exclude manual-only checks)
+            logFn?.(`🔧 Debug: CLI/Test context, using conservative filtering`);
+            const filteredChecks = [];
+            for (const checkName of checks) {
+                const checkConfig = config.checks[checkName];
+                if (!checkConfig) {
+                    filteredChecks.push(checkName);
+                    continue;
+                }
+                const eventTriggers = checkConfig.on || [];
+                // Only exclude checks that are explicitly manual-only
+                if (eventTriggers.length === 1 && eventTriggers[0] === 'manual') {
+                    logFn?.(`🔧 Debug: Check '${checkName}' is manual-only, skipping`);
+                }
+                else {
+                    filteredChecks.push(checkName);
+                    logFn?.(`🔧 Debug: Check '${checkName}' included (triggers: ${JSON.stringify(eventTriggers)})`);
+                }
+            }
+            return filteredChecks;
+        }
+    }
+    /**
+     * Determine the current event type from PR info
+     */
+    getCurrentEventType(prInfo) {
+        if (!prInfo) {
+            return 'pr_opened'; // Default fallback
+        }
+        // For now, assume all PR-related operations are 'pr_updated' since we don't have
+        // direct access to the original GitHub event here. This is a simplification.
+        // In the future, we could pass the actual event type through the call chain.
+        // The key insight is that issue-assistant should only run on issue_opened/issue_comment
+        // events, which don't generate PRInfo objects in the first place.
+        return 'pr_updated';
+    }
 }
 exports.CheckExecutionEngine = CheckExecutionEngine;
 //# sourceMappingURL=check-execution-engine.js.map