@probelabs/visor 0.1.106 → 0.1.111

package/dist/examples/templates/security-report.liquid

@@ -0,0 +1,137 @@
+# 🔒 Security Analysis Report
+
+{% if issues.size == 0 %}
+## ✅ No Security Issues Found
+
+Great job! This code review found no security vulnerabilities in the analyzed files.
+
+{% else %}
+
+## 📊 Security Summary
+
+Found **{{ issues.size }}** security issue{% if issues.size > 1 %}s{% endif %} requiring attention:
+
+{% assign critical_count = issues | where: "severity", "critical" | size %}
+{% assign error_count = issues | where: "severity", "error" | size %}
+{% assign warning_count = issues | where: "severity", "warning" | size %}
+{% assign info_count = issues | where: "severity", "info" | size %}
+
+| Severity | Count |
+|----------|-------|
+| 🔴 Critical | {{ critical_count }} |
+| 🟠 Error | {{ error_count }} |
+| 🟡 Warning | {{ warning_count }} |
+| 🔵 Info | {{ info_count }} |
+
+---
+
+{% if critical_count > 0 %}
+## 🚨 Critical Security Issues
+
+{% for issue in issues %}
+{% if issue.severity == "critical" %}
+### {{ issue.ruleId }}
+**File**: `{{ issue.file }}:{{ issue.line }}`
+
+{{ issue.message }}
+
+{% if issue.suggestion %}
+**💡 Recommended Fix**: {{ issue.suggestion }}
+{% endif %}
+
+---
+{% endif %}
+{% endfor %}
+{% endif %}
+
+{% if error_count > 0 %}
+## ❌ Security Errors  
+
+{% for issue in issues %}
+{% if issue.severity == "error" %}
+### {{ issue.ruleId }}
+**File**: `{{ issue.file }}:{{ issue.line }}`
+
+{{ issue.message }}
+
+{% if issue.suggestion %}
+**💡 Recommended Fix**: {{ issue.suggestion }}
+{% endif %}
+
+---
+{% endif %}
+{% endfor %}
+{% endif %}
+
+{% if warning_count > 0 %}
+## ⚠️ Security Warnings
+
+<details>
+<summary>View {{ warning_count }} warning{% if warning_count > 1 %}s{% endif %}</summary>
+
+{% for issue in issues %}
+{% if issue.severity == "warning" %}
+### {{ issue.ruleId }}
+**File**: `{{ issue.file }}:{{ issue.line }}`
+
+{{ issue.message }}
+
+{% if issue.suggestion %}
+**💡 Recommended Fix**: {{ issue.suggestion }}
+{% endif %}
+
+---
+{% endif %}
+{% endfor %}
+
+</details>
+{% endif %}
+
+{% if info_count > 0 %}
+## ℹ️ Security Information
+
+<details>
+<summary>View {{ info_count }} informational item{% if info_count > 1 %}s{% endif %}</summary>
+
+{% for issue in issues %}
+{% if issue.severity == "info" %}
+### {{ issue.ruleId }}
+**File**: `{{ issue.file }}:{{ issue.line }}`
+
+{{ issue.message }}
+
+{% if issue.suggestion %}
+**💡 Suggested Improvement**: {{ issue.suggestion }}
+{% endif %}
+
+---
+{% endif %}
+{% endfor %}
+
+</details>
+{% endif %}
+
+{% endif %}
+
+## 🛡️ Security Best Practices
+
+{% if suggestions.size > 0 %}
+Based on this analysis, consider these recommendations:
+
+{% for suggestion in suggestions %}
+- {{ suggestion }}
+{% endfor %}
+{% endif %}
+
+### General Security Reminders:
+- Always validate and sanitize user input
+- Use parameterized queries to prevent SQL injection  
+- Implement proper authentication and authorization
+- Keep dependencies updated to patch known vulnerabilities
+- Follow the principle of least privilege
+- Use HTTPS for all data transmission
+- Implement proper error handling without information disclosure
+
+---
+
+*🤖 Generated by Visor Security Analysis*

package/dist/examples/tools-library.yaml

@@ -0,0 +1,281 @@
+version: "1.0"
+
+# Reusable Tool Library
+# This file contains only tool definitions that can be imported by other configs
+
+tools:
+  # Git tools
+  git-status:
+    name: git-status
+    description: Get git repository status
+    exec: 'git status --porcelain'
+    transform_js: |
+      const lines = output.trim().split('\n').filter(l => l);
+      return lines.map(line => {
+        const [status, ...pathParts] = line.trim().split(/\s+/);
+        return {
+          status: status,
+          file: pathParts.join(' ')
+        };
+      });
+
+  git-diff-stats:
+    name: git-diff-stats
+    description: Get statistics about changes
+    inputSchema:
+      type: object
+      properties:
+        base:
+          type: string
+          description: Base branch to compare against
+    exec: 'git diff --stat {{ args.base }}..HEAD'
+    transform_js: |
+      const lines = output.trim().split('\n');
+      const summary = lines[lines.length - 1];
+      const match = summary.match(/(\d+) files? changed(?:, (\d+) insertions?)?(?:, (\d+) deletions?)?/);
+      return {
+        filesChanged: parseInt(match?.[1] || '0'),
+        insertions: parseInt(match?.[2] || '0'),
+        deletions: parseInt(match?.[3] || '0')
+      };
+
+  git-log-recent:
+    name: git-log-recent
+    description: Get recent commit messages
+    inputSchema:
+      type: object
+      properties:
+        count:
+          type: number
+          description: Number of commits to retrieve
+    exec: 'git log --oneline -n {{ args.count | default: 5 }}'
+    transform_js: |
+      const lines = output.trim().split('\n').filter(l => l);
+      return lines.map(line => {
+        const [hash, ...messageParts] = line.split(/\s+/);
+        return {
+          hash: hash,
+          message: messageParts.join(' ')
+        };
+      });
+
+  # Docker tools
+  docker-lint:
+    name: docker-lint
+    description: Lint Dockerfile for best practices
+    inputSchema:
+      type: object
+      properties:
+        file:
+          type: string
+          description: Dockerfile to lint
+      required: [file]
+    exec: 'hadolint {{ args.file }} --format json || echo "[]"'
+    parseJson: true
+    transform_js: |
+      // Convert hadolint output to issues
+      return output.map(issue => ({
+        file: args.file,
+        line: issue.line || 0,
+        message: issue.message,
+        severity: issue.level === 'error' ? 'error' : issue.level === 'warning' ? 'warning' : 'info',
+        category: 'style',
+        ruleId: issue.code || 'docker-lint'
+      }));
+
+  docker-scan:
+    name: docker-scan
+    description: Scan Docker image for vulnerabilities
+    inputSchema:
+      type: object
+      properties:
+        image:
+          type: string
+          description: Docker image to scan
+      required: [image]
+    exec: 'trivy image --format json --quiet {{ args.image }} || echo "{}"'
+    parseJson: true
+    timeout: 60000
+    transform_js: |
+      const vulnerabilities = [];
+      if (output.Results) {
+        for (const result of output.Results) {
+          if (result.Vulnerabilities) {
+            for (const vuln of result.Vulnerabilities) {
+              vulnerabilities.push({
+                file: result.Target || 'docker-image',
+                line: 0,
+                message: `${vuln.VulnerabilityID}: ${vuln.Title || vuln.Description}`,
+                severity: vuln.Severity?.toLowerCase() || 'info',
+                category: 'security',
+                ruleId: vuln.VulnerabilityID
+              });
+            }
+          }
+        }
+      }
+      return vulnerabilities;
+
+  # Package management tools
+  npm-audit:
+    name: npm-audit
+    description: Run npm security audit
+    exec: 'npm audit --json || echo "{}"'
+    parseJson: true
+    transform_js: |
+      const issues = [];
+      if (output.vulnerabilities) {
+        for (const [pkg, vuln] of Object.entries(output.vulnerabilities)) {
+          issues.push({
+            file: 'package.json',
+            line: 0,
+            message: `${pkg}: ${vuln.severity} severity vulnerability`,
+            severity: vuln.severity === 'high' || vuln.severity === 'critical' ? 'error' : 'warning',
+            category: 'security',
+            ruleId: `npm-${vuln.severity}`
+          });
+        }
+      }
+      return issues;
+
+  check-outdated:
+    name: check-outdated
+    description: Check for outdated dependencies
+    inputSchema:
+      type: object
+      properties:
+        manager:
+          type: string
+          enum: [npm, pip, go]
+          description: Package manager to use
+    exec: |
+      {% if args.manager == "npm" %}
+        npm outdated --json || echo "{}"
+      {% elsif args.manager == "pip" %}
+        pip list --outdated --format json || echo "[]"
+      {% elsif args.manager == "go" %}
+        go list -u -m -json all || echo "{}"
+      {% else %}
+        echo "{}"
+      {% endif %}
+    parseJson: true
+    transform_js: |
+      const outdated = [];
+      if (args.manager === 'npm' && typeof output === 'object') {
+        for (const [pkg, info] of Object.entries(output)) {
+          if (info.wanted !== info.current) {
+            outdated.push({
+              package: pkg,
+              current: info.current,
+              wanted: info.wanted,
+              latest: info.latest
+            });
+          }
+        }
+      }
+      // Add handlers for pip and go...
+      return outdated;
+
+  # Testing tools
+  run-tests:
+    name: run-tests
+    description: Run test suite and parse results
+    inputSchema:
+      type: object
+      properties:
+        command:
+          type: string
+          description: Test command to run
+        format:
+          type: string
+          enum: [jest, pytest, go]
+          description: Test output format
+      required: [command]
+    exec: '{{ args.command }} 2>&1'
+    timeout: 300000
+    transform_js: |
+      // Parse test output based on format
+      const lines = output.split('\n');
+      let passed = 0, failed = 0, skipped = 0;
+
+      if (args.format === 'jest') {
+        const summary = lines.find(l => l.includes('Tests:'));
+        if (summary) {
+          const match = summary.match(/(\d+) passed/);
+          if (match) passed = parseInt(match[1]);
+          const failMatch = summary.match(/(\d+) failed/);
+          if (failMatch) failed = parseInt(failMatch[1]);
+        }
+      }
+
+      return {
+        passed: passed,
+        failed: failed,
+        skipped: skipped,
+        success: failed === 0
+      };
+
+  # Code quality tools
+  eslint-check:
+    name: eslint-check
+    description: Run ESLint on JavaScript/TypeScript files
+    inputSchema:
+      type: object
+      properties:
+        files:
+          type: array
+          items:
+            type: string
+          description: Files to lint
+    exec: 'npx eslint --format json {{ args.files | join: " " }} || echo "[]"'
+    parseJson: true
+    transform_js: |
+      const issues = [];
+      for (const file of output) {
+        for (const message of file.messages || []) {
+          issues.push({
+            file: file.filePath,
+            line: message.line || 0,
+            endLine: message.endLine,
+            column: message.column,
+            endColumn: message.endColumn,
+            message: message.message,
+            severity: message.severity === 2 ? 'error' : 'warning',
+            category: 'style',
+            ruleId: message.ruleId || 'eslint'
+          });
+        }
+      }
+      return issues;
+
+  prettier-check:
+    name: prettier-check
+    description: Check code formatting with Prettier
+    inputSchema:
+      type: object
+      properties:
+        files:
+          type: array
+          items:
+            type: string
+          description: Files to check
+    exec: 'npx prettier --check {{ args.files | join: " " }} 2>&1'
+    transform_js: |
+      const unformatted = [];
+      const lines = output.split('\n');
+      for (const line of lines) {
+        if (line.includes('[warn]') && line.includes('Code style issues found')) {
+          const match = line.match(/in (.+?)$/);
+          if (match) {
+            unformatted.push({
+              file: match[1],
+              line: 0,
+              message: 'File needs formatting',
+              severity: 'warning',
+              category: 'style',
+              ruleId: 'prettier'
+            });
+          }
+        }
+      }
+      return unformatted;

package/dist/examples/transform-example.yaml

@@ -0,0 +1,199 @@
+version: "1.0"
+# Example demonstrating the transform feature in Visor checks
+# Transform allows you to reshape command output using Liquid templates
+
+steps:
+  # Example 1: Extract specific key from JSON output
+  get-package-version:
+    type: command
+    exec: "cat package.json"
+    transform: |
+      {{ output.version }}
+    group: info
+
+  # Example 2: Extract array from nested object
+  get-dependencies:
+    type: command
+    exec: "cat package.json"
+    transform: |
+      {{ output.dependencies | json }}
+    forEach: true  # Now each dependency can be processed individually
+    group: dependencies
+
+  # Example 3: Transform object to array of specific fields
+  list-dependency-names:
+    type: command
+    exec: "cat package.json"
+    transform: |
+      [
+        {% for dep in output.dependencies %}
+          "{{ dep[0] }}"{% unless forloop.last %},{% endunless %}
+        {% endfor %}
+      ]
+    forEach: true
+    group: dependencies
+
+  # Example 4: Extract and reshape complex data
+  analyze-git-log:
+    type: command
+    exec: |
+      git log --format='{"hash":"%H","author":"%an","date":"%ad","message":"%s"}' -n 5 | jq -s '.'
+    transform: |
+      [
+        {% for commit in output %}
+        {
+          "id": {{ commit.hash | slice: 0, 7 | json }},
+          "author": {{ commit.author | json }},
+          "summary": {{ commit.message | truncate: 50 | json }}
+        }{% unless forloop.last %},{% endunless %}
+        {% endfor %}
+      ]
+    group: git-analysis
+
+  # Example 5: Filter array based on condition
+  get-large-files:
+    type: command
+    exec: |
+      find . -type f -name "*.js" -exec wc -l {} + | awk '{print "{\"file\":\"" $2 "\",\"lines\":" $1 "}"}'  | jq -s '.'
+    transform: |
+      [
+        {% for file in output %}
+          {% if file.lines > 100 %}
+            {{ file.file | json }}
+          {% endif %}
+        {% endfor %}
+      ]
+    forEach: true  # Process each large file
+    group: analysis
+
+  # Example 6: Combine with forEach - extract array then process each
+  get-test-files:
+    type: command
+    exec: |
+      find . -name "*.test.js" -o -name "*.spec.js" | head -10
+    transform: |
+      {{ output | split: "\n" | json }}
+    forEach: true
+    group: testing
+
+  run-each-test:
+    type: command
+    exec: |
+      echo "Running test: {{ outputs.get-test-files }}"
+      # npm test {{ outputs.get-test-files }}
+    depends_on: [get-test-files]
+    group: testing
+
+  # Example 7: Extract nested array from API response
+  fetch-pr-comments:
+    type: http_client
+    url: "https://api.github.com/repos/{{ pr.repo }}/pulls/{{ pr.number }}/comments"
+    transform: |
+      [
+        {% for comment in output %}
+        {
+          "author": {{ comment.user.login | json }},
+          "body": {{ comment.body | truncate: 100 | json }},
+          "file": {{ comment.path | json }},
+          "line": {{ comment.line }}
+        }{% unless forloop.last %},{% endunless %}
+        {% endfor %}
+      ]
+    group: review
+
+  # Example 8: Create array from string output using filters
+  parse-csv-output:
+    type: command
+    exec: |
+      echo "file1.js,100,modified
+      file2.py,200,added
+      file3.ts,50,deleted"
+    transform: |
+      {% assign lines = output | split: "\n" %}
+      [
+        {% for line in lines %}
+          {% assign parts = line | split: "," %}
+          {% if parts.size == 3 %}
+          {
+            "file": {{ parts[0] | json }},
+            "lines": {{ parts[1] }},
+            "status": {{ parts[2] | json }}
+          }{% unless forloop.last %},{% endunless %}
+          {% endif %}
+        {% endfor %}
+      ]
+    group: parsing
+
+  # Example 9: Complex transformation with calculations
+  aggregate-metrics:
+    type: command
+    exec: |
+      echo '[{"name":"moduleA","size":1000,"complexity":5},
+             {"name":"moduleB","size":2000,"complexity":8},
+             {"name":"moduleC","size":500,"complexity":2}]'
+    transform: |
+      {% assign total_size = 0 %}
+      {% assign total_complexity = 0 %}
+      {% for module in output %}
+        {% assign total_size = total_size | plus: module.size %}
+        {% assign total_complexity = total_complexity | plus: module.complexity %}
+      {% endfor %}
+      {
+        "modules": {{ output | size }},
+        "totalSize": {{ total_size }},
+        "totalComplexity": {{ total_complexity }},
+        "averageSize": {{ total_size | divided_by: output.size }},
+        "averageComplexity": {{ total_complexity | divided_by: output.size }},
+        "details": {{ output | json }}
+      }
+    group: metrics
+
+  # Example 10: Extract specific array from complex nested structure
+  get-security-issues:
+    type: command
+    exec: |
+      # Simulating a security scan output
+      echo '{
+        "scan_date": "2024-01-01",
+        "results": {
+          "vulnerabilities": [
+            {"severity": "high", "file": "auth.js", "line": 42, "issue": "SQL Injection"},
+            {"severity": "medium", "file": "config.js", "line": 10, "issue": "Hardcoded Secret"},
+            {"severity": "low", "file": "utils.js", "line": 100, "issue": "Weak Random"}
+          ],
+          "summary": {"total": 3, "high": 1, "medium": 1, "low": 1}
+        }
+      }'
+    transform: |
+      {{ output.results.vulnerabilities | json }}
+    forEach: true  # Each vulnerability will be processed separately
+    group: security
+
+  process-each-vulnerability:
+    type: ai
+    prompt: |
+      Analyze this security issue and provide remediation:
+      {{ outputs.get-security-issues | json }}
+
+      Provide specific code fix suggestions.
+    depends_on: [get-security-issues]
+    group: security
+
+# How transform works:
+# 1. The command output is captured in the 'output' variable
+# 2. The transform Liquid template has access to:
+#    - output: The raw command output (parsed as JSON if possible)
+#    - pr: Pull request context
+#    - files: Changed files
+#    - env: Environment variables
+#    - outputs: Results from dependency checks
+# 3. The transform template is rendered and the result replaces the original output
+# 4. If the transformed result looks like JSON, it's parsed; otherwise kept as string
+# 5. The final output is available to dependent checks via outputs.<check-name>
+#
+# Common patterns:
+# - Extract field: {{ output.fieldName }}
+# - Extract nested: {{ output.parent.child.field }}
+# - Convert to JSON: {{ output | json }}
+# - Filter array: {% for item in output %}{% if condition %}...{% endif %}{% endfor %}
+# - Create new structure: { "key": {{ output.value | json }} }