@rigour-labs/core 2.21.2 → 3.0.0

package/dist/gates/duplication-drift.js

@@ -0,0 +1,190 @@
+/**
+ * Duplication Drift Gate
+ *
+ * Detects when AI generates near-identical functions across files because
+ * it doesn't remember what it already wrote. This is an AI-specific failure
+ * mode — humans reuse via copy-paste (same file), AI re-invents (cross-file).
+ *
+ * Detection strategy:
+ * 1. Extract all function bodies (normalized: strip whitespace, comments)
+ * 2. Compare function signatures + body hashes across files
+ * 3. Flag functions with >80% similarity in different files
+ *
+ * @since v2.16.0
+ */
+import { Gate } from './base.js';
+import { FileScanner } from '../utils/scanner.js';
+import { Logger } from '../utils/logger.js';
+import crypto from 'crypto';
+import path from 'path';
+export class DuplicationDriftGate extends Gate {
+    config;
+    constructor(config = {}) {
+        super('duplication-drift', 'AI Duplication Drift Detection');
+        this.config = {
+            enabled: config.enabled ?? true,
+            similarity_threshold: config.similarity_threshold ?? 0.8,
+            min_body_lines: config.min_body_lines ?? 5,
+        };
+    }
+    get provenance() { return 'ai-drift'; }
+    async run(context) {
+        if (!this.config.enabled)
+            return [];
+        const failures = [];
+        const functions = [];
+        const files = await FileScanner.findFiles({
+            cwd: context.cwd,
+            patterns: ['**/*.{ts,js,tsx,jsx,py}'],
+            ignore: [...(context.ignore || []), '**/node_modules/**', '**/dist/**', '**/*.test.*', '**/*.spec.*'],
+        });
+        Logger.info(`Duplication Drift: Scanning ${files.length} files`);
+        for (const file of files) {
+            try {
+                const { readFile } = await import('fs-extra');
+                const content = await readFile(path.join(context.cwd, file), 'utf-8');
+                const ext = path.extname(file);
+                if (['.ts', '.js', '.tsx', '.jsx'].includes(ext)) {
+                    this.extractJSFunctions(content, file, functions);
+                }
+                else if (ext === '.py') {
+                    this.extractPyFunctions(content, file, functions);
+                }
+            }
+            catch (e) { }
+        }
+        // Compare all function pairs across different files
+        const duplicateGroups = this.findDuplicateGroups(functions);
+        for (const group of duplicateGroups) {
+            const files = group.map(f => f.file);
+            const locations = group.map(f => `${f.file}:${f.line} (${f.name})`).join(', ');
+            failures.push(this.createFailure(`AI Duplication Drift: Function '${group[0].name}' has ${group.length} near-identical copies across files`, [...new Set(files)], `Found duplicate implementations at: ${locations}. Extract to a shared module and import.`, 'Duplication Drift', group[0].line, undefined, 'high'));
+        }
+        return failures;
+    }
+    extractJSFunctions(content, file, functions) {
+        const lines = content.split('\n');
+        // Match function declarations, arrow functions, and method definitions
+        const patterns = [
+            // function name(...) {
+            /^(?:export\s+)?(?:async\s+)?function\s+(\w+)\s*\(([^)]*)\)/,
+            // const name = (...) => {
+            /^(?:export\s+)?(?:const|let|var)\s+(\w+)\s*=\s*(?:async\s+)?(?:\([^)]*\)|(\w+))\s*=>/,
+            // name(...) { — class method
+            /^\s+(?:async\s+)?(\w+)\s*\(([^)]*)\)\s*\{/,
+        ];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            for (const pattern of patterns) {
+                const match = line.match(pattern);
+                if (match) {
+                    const name = match[1];
+                    const params = match[2] || '';
+                    const body = this.extractFunctionBody(lines, i);
+                    if (body.length >= this.config.min_body_lines) {
+                        const normalized = this.normalizeBody(body.join('\n'));
+                        functions.push({
+                            name,
+                            file,
+                            line: i + 1,
+                            paramCount: params ? params.split(',').length : 0,
+                            bodyHash: this.hash(normalized),
+                            bodyLength: body.length,
+                            normalized,
+                        });
+                    }
+                    break;
+                }
+            }
+        }
+    }
+    extractPyFunctions(content, file, functions) {
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const match = lines[i].match(/^(?:\s*)(?:async\s+)?def\s+(\w+)\s*\(([^)]*)\)/);
+            if (match) {
+                const name = match[1];
+                const params = match[2] || '';
+                const indent = lines[i].match(/^(\s*)/)?.[1]?.length || 0;
+                // Extract body by indentation
+                const body = [];
+                for (let j = i + 1; j < lines.length; j++) {
+                    const lineIndent = lines[j].match(/^(\s*)/)?.[1]?.length || 0;
+                    if (lines[j].trim() === '' || lineIndent > indent) {
+                        body.push(lines[j]);
+                    }
+                    else {
+                        break;
+                    }
+                }
+                if (body.length >= this.config.min_body_lines) {
+                    const normalized = this.normalizeBody(body.join('\n'));
+                    functions.push({
+                        name,
+                        file,
+                        line: i + 1,
+                        paramCount: params ? params.split(',').length : 0,
+                        bodyHash: this.hash(normalized),
+                        bodyLength: body.length,
+                        normalized,
+                    });
+                }
+            }
+        }
+    }
+    extractFunctionBody(lines, startIndex) {
+        let braceDepth = 0;
+        let started = false;
+        const body = [];
+        for (let i = startIndex; i < lines.length; i++) {
+            const line = lines[i];
+            for (const ch of line) {
+                if (ch === '{') {
+                    braceDepth++;
+                    started = true;
+                }
+                if (ch === '}')
+                    braceDepth--;
+            }
+            if (started)
+                body.push(line);
+            if (started && braceDepth === 0)
+                break;
+        }
+        return body;
+    }
+    normalizeBody(body) {
+        return body
+            .replace(/\/\/.*/g, '') // strip single-line comments
+            .replace(/\/\*[\s\S]*?\*\//g, '') // strip multi-line comments
+            .replace(/#.*/g, '') // strip Python comments
+            .replace(/`[^`]*`/g, '"STR"') // normalize template literals to placeholder
+            .replace(/\basync\s+/g, '') // normalize async modifier
+            .replace(/\s+/g, ' ') // collapse whitespace
+            .replace(/['"]/g, '"') // normalize single/double quotes (NOT backticks)
+            .trim();
+    }
+    hash(text) {
+        return crypto.createHash('md5').update(text).digest('hex');
+    }
+    findDuplicateGroups(functions) {
+        const groups = new Map();
+        // Group by body hash (exact duplicates across files)
+        for (const fn of functions) {
+            const existing = groups.get(fn.bodyHash) || [];
+            existing.push(fn);
+            groups.set(fn.bodyHash, existing);
+        }
+        // Filter: only groups with functions from DIFFERENT files, 2+ members
+        const duplicates = [];
+        for (const group of groups.values()) {
+            if (group.length < 2)
+                continue;
+            const uniqueFiles = new Set(group.map(f => f.file));
+            if (uniqueFiles.size >= 2) {
+                duplicates.push(group);
+            }
+        }
+        return duplicates;
+    }
+}

package/dist/gates/environment.js

@@ -26,22 +26,22 @@ export class EnvironmentGate extends Gate {
                 if (versionMatch) {
                     const version = versionMatch[1];
                     if (!semver.satisfies(version, semverRange)) {
-                        failures.push(this.createFailure(`Environment Alignment: Tool '${tool}' version mismatch.`, [], `Project requires '${tool} ${semverRange}' (discovered from contract), but found version '${version}'. Please align your local environment to prevent drift.`));
+                        failures.push(this.createFailure(`Environment Alignment: Tool '${tool}' version mismatch.`, [], `Project requires '${tool} ${semverRange}' (discovered from contract), but found version '${version}'. Please align your local environment to prevent drift.`, undefined, undefined, undefined, 'medium'));
                     }
                 }
                 else {
-                    failures.push(this.createFailure(`Environment Alignment: Could not determine version for '${tool}'.`, [], `Ensure '${tool} --version' returns a standard SemVer string.`));
+                    failures.push(this.createFailure(`Environment Alignment: Could not determine version for '${tool}'.`, [], `Ensure '${tool} --version' returns a standard SemVer string.`, undefined, undefined, undefined, 'medium'));
                 }
             }
             catch (e) {
-                failures.push(this.createFailure(`Environment Alignment: Required tool '${tool}' is missing.`, [], `Install '${tool}' and ensure it is in your $PATH.`));
+                failures.push(this.createFailure(`Environment Alignment: Required tool '${tool}' is missing.`, [], `Install '${tool}' and ensure it is in your $PATH.`, undefined, undefined, undefined, 'medium'));
             }
         }
         // 2. Verify Required Env Vars
         const requiredEnv = envConfig.required_env || [];
         for (const envVar of requiredEnv) {
             if (!process.env[envVar]) {
-                failures.push(this.createFailure(`Environment Alignment: Missing required environment variable '${envVar}'.`, [], `Ensure '${envVar}' is defined in your environment or .env file.`));
+                failures.push(this.createFailure(`Environment Alignment: Missing required environment variable '${envVar}'.`, [], `Ensure '${envVar}' is defined in your environment or .env file.`, undefined, undefined, undefined, 'medium'));
             }
         }
         return failures;

package/dist/gates/file.js

@@ -22,7 +22,7 @@ export class FileGate extends Gate {
         }
         if (violations.length > 0) {
             return [
-                this.createFailure(`The following files exceed the maximum limit of ${this.config.maxLines} lines:`, violations, 'Break these files into smaller, more modular components to improve maintainability (SOLID - Single Responsibility Principle).'),
+                this.createFailure(`The following files exceed the maximum limit of ${this.config.maxLines} lines:`, violations, 'Break these files into smaller, more modular components to improve maintainability (SOLID - Single Responsibility Principle).', undefined, undefined, undefined, 'low'),
             ];
         }
         return [];

package/dist/gates/hallucinated-imports.d.ts

@@ -0,0 +1,63 @@
+/**
+ * Hallucinated Imports Gate
+ *
+ * Detects imports that reference modules which don't exist in the project.
+ * This is an AI-specific failure mode — LLMs confidently generate import
+ * statements for packages, files, or modules that were never installed
+ * or created.
+ *
+ * Detection strategy:
+ * 1. Parse all import/require statements
+ * 2. For relative imports: verify the target file exists
+ * 3. For package imports: verify the package exists in node_modules or package.json
+ * 4. For Python imports: verify the module exists in the project or site-packages
+ * 5. For Go imports: verify relative package paths exist in the project
+ * 6. For Ruby/C#: verify relative require/using paths exist
+ *
+ * Supported languages: JS/TS, Python, Go, Ruby, C#
+ *
+ * @since v2.16.0
+ */
+import { Gate, GateContext } from './base.js';
+import { Failure, Provenance } from '../types/index.js';
+export interface HallucinatedImport {
+    file: string;
+    line: number;
+    importPath: string;
+    type: 'relative' | 'package' | 'python' | 'go' | 'ruby' | 'csharp';
+    reason: string;
+}
+export interface HallucinatedImportsConfig {
+    enabled?: boolean;
+    check_relative?: boolean;
+    check_packages?: boolean;
+    ignore_patterns?: string[];
+}
+export declare class HallucinatedImportsGate extends Gate {
+    private config;
+    constructor(config?: HallucinatedImportsConfig);
+    protected get provenance(): Provenance;
+    run(context: GateContext): Promise<Failure[]>;
+    private checkJSImports;
+    private checkPyImports;
+    private resolveRelativeImport;
+    private extractPackageName;
+    private shouldIgnore;
+    private isNodeBuiltin;
+    private isPythonStdlib;
+    /**
+     * Check Go imports — verify relative/project package paths exist
+     * Go stdlib packages are skipped; only project-relative imports are checked
+     */
+    private checkGoImports;
+    /**
+     * Check Ruby imports — verify require_relative paths exist
+     */
+    private checkRubyImports;
+    /**
+     * Check C# imports — verify relative using paths match project namespaces
+     * (C# uses namespaces, not file paths — we check for obviously wrong namespaces)
+     */
+    private checkCSharpImports;
+    private loadPackageJson;
+}