@rigour-labs/core 2.22.0 → 3.0.0

package/src/pattern-index/overrides.ts

@@ -1,235 +0,0 @@
-/**
- * Human Override Manager
- * 
- * Manages human overrides for pattern matching.
- * Supports inline comments, config files, and MCP approvals.
- */
-
-import * as fs from 'fs/promises';
-import * as path from 'path';
-import type { PatternOverride } from './types.js';
-
-/** Default override expiration in days */
-const DEFAULT_EXPIRATION_DAYS = 30;
-
-/**
- * Override Manager class.
- */
-export class OverrideManager {
-    private overrides: PatternOverride[] = [];
-    private rootDir: string;
-    private overridesPath: string;
-
-    constructor(rootDir: string) {
-        this.rootDir = rootDir;
-        this.overridesPath = path.join(rootDir, '.rigour', 'allow.json');
-    }
-
-    /**
-     * Load overrides from disk.
-     */
-    async load(): Promise<PatternOverride[]> {
-        try {
-            const content = await fs.readFile(this.overridesPath, 'utf-8');
-            const data = JSON.parse(content);
-            this.overrides = data.overrides || [];
-
-            // Filter out expired overrides
-            this.overrides = this.overrides.filter(o => !this.isExpired(o));
-
-            return this.overrides;
-        } catch {
-            this.overrides = [];
-            return [];
-        }
-    }
-
-    /**
-     * Save overrides to disk.
-     */
-    async save(): Promise<void> {
-        const dir = path.dirname(this.overridesPath);
-        await fs.mkdir(dir, { recursive: true });
-
-        await fs.writeFile(
-            this.overridesPath,
-            JSON.stringify({ overrides: this.overrides }, null, 2),
-            'utf-8'
-        );
-    }
-
-    /**
-     * Add a new override.
-     */
-    async addOverride(override: Omit<PatternOverride, 'createdAt'>): Promise<PatternOverride> {
-        const fullOverride: PatternOverride = {
-            ...override,
-            createdAt: new Date().toISOString(),
-            expiresAt: override.expiresAt || this.getDefaultExpiration()
-        };
-
-        // Remove any existing override for the same pattern
-        this.overrides = this.overrides.filter(o => o.pattern !== fullOverride.pattern);
-
-        this.overrides.push(fullOverride);
-        await this.save();
-
-        return fullOverride;
-    }
-
-    /**
-     * Remove an override.
-     */
-    async removeOverride(pattern: string): Promise<boolean> {
-        const before = this.overrides.length;
-        this.overrides = this.overrides.filter(o => o.pattern !== pattern);
-
-        if (this.overrides.length !== before) {
-            await this.save();
-            return true;
-        }
-
-        return false;
-    }
-
-    /**
-     * Check if a pattern is overridden.
-     */
-    isOverridden(name: string): PatternOverride | null {
-        for (const override of this.overrides) {
-            if (this.isExpired(override)) continue;
-
-            // Exact match
-            if (override.pattern === name) {
-                return override;
-            }
-
-            // Glob match
-            if (override.pattern.includes('*')) {
-                const regex = new RegExp(
-                    '^' + override.pattern.replace(/\*/g, '.*') + '$'
-                );
-                if (regex.test(name)) {
-                    return override;
-                }
-            }
-        }
-
-        return null;
-    }
-
-    /**
-     * Get all active overrides.
-     */
-    getActiveOverrides(): PatternOverride[] {
-        return this.overrides.filter(o => !this.isExpired(o));
-    }
-
-    /**
-     * Get all expired overrides.
-     */
-    getExpiredOverrides(): PatternOverride[] {
-        return this.overrides.filter(o => this.isExpired(o));
-    }
-
-    /**
-     * Clean up expired overrides.
-     */
-    async cleanupExpired(): Promise<number> {
-        const before = this.overrides.length;
-        this.overrides = this.overrides.filter(o => !this.isExpired(o));
-
-        if (this.overrides.length !== before) {
-            await this.save();
-        }
-
-        return before - this.overrides.length;
-    }
-
-    /**
-     * Parse inline override comments from code.
-     */
-    parseInlineOverrides(code: string, filePath: string): PatternOverride[] {
-        const overrides: PatternOverride[] = [];
-        const lines = code.split('\n');
-
-        for (let i = 0; i < lines.length; i++) {
-            const line = lines[i];
-
-            // Match: // rigour-allow: pattern-name
-            // Or: // rigour-allow: pattern-name (reason)
-            const match = line.match(/\/\/\s*rigour-allow:\s*(\S+)(?:\s*\(([^)]+)\))?/i);
-
-            if (match) {
-                overrides.push({
-                    pattern: match[1],
-                    reason: match[2] || `Inline override in ${filePath}:${i + 1}`,
-                    createdAt: new Date().toISOString(),
-                    approvedBy: `inline:${filePath}:${i + 1}`
-                });
-            }
-        }
-
-        return overrides;
-    }
-
-    /**
-     * Check if an override is expired.
-     */
-    private isExpired(override: PatternOverride): boolean {
-        if (!override.expiresAt) return false;
-        return new Date(override.expiresAt) < new Date();
-    }
-
-    /**
-     * Get default expiration date.
-     */
-    private getDefaultExpiration(): string {
-        const date = new Date();
-        date.setDate(date.getDate() + DEFAULT_EXPIRATION_DAYS);
-        return date.toISOString();
-    }
-}
-
-/**
- * Load overrides from rigour.config.yaml.
- */
-export async function loadConfigOverrides(rootDir: string): Promise<PatternOverride[]> {
-    const configPaths = [
-        path.join(rootDir, 'rigour.config.yaml'),
-        path.join(rootDir, 'rigour.config.yml'),
-        path.join(rootDir, '.rigour', 'config.yaml')
-    ];
-
-    for (const configPath of configPaths) {
-        try {
-            const content = await fs.readFile(configPath, 'utf-8');
-            const { parse } = await import('yaml');
-            const config = parse(content);
-
-            if (config.patterns?.allow && Array.isArray(config.patterns.allow)) {
-                return config.patterns.allow.map((item: any) => {
-                    if (typeof item === 'string') {
-                        return {
-                            pattern: item,
-                            reason: 'Configured in rigour.config.yaml',
-                            createdAt: new Date().toISOString()
-                        };
-                    }
-                    return {
-                        pattern: item.pattern || item.path || item.name,
-                        reason: item.reason || 'Configured in rigour.config.yaml',
-                        expiresAt: item.expires,
-                        approvedBy: item.approved_by,
-                        createdAt: new Date().toISOString()
-                    };
-                });
-            }
-        } catch {
-            // Config file doesn't exist or is invalid
-            continue;
-        }
-    }
-
-    return [];
-}

package/src/pattern-index/security.ts

@@ -1,151 +0,0 @@
-/**
- * Security Detector
- * 
- * Detects CVEs and security vulnerabilities in the project's dependencies
- * and alerts the AI/Editor before code is written.
- */
-
-import { execa } from 'execa';
-import * as fs from 'fs/promises';
-import * as path from 'path';
-import { createHash } from 'crypto';
-import type { SecurityEntry, SecurityResult } from './types.js';
-
-interface SecurityCache {
-    lockfileHash: string;
-    timestamp: string;
-    result: SecurityResult;
-}
-
-export class SecurityDetector {
-    private rootDir: string;
-    private cachePath: string;
-    private CACHE_TTL = 3600000; // 1 hour in milliseconds
-
-    constructor(rootDir: string) {
-        this.rootDir = rootDir;
-        this.cachePath = path.join(rootDir, '.rigour', 'security-cache.json');
-    }
-
-    /**
-     * Run a live security audit using NPM.
-     * This provides the latest CVE info from the NPM registry.
-     */
-    async runAudit(): Promise<SecurityResult> {
-        try {
-            const lockfileHash = await this.getLockfileHash();
-            const cached = await this.getCachedResult(lockfileHash);
-
-            if (cached) {
-                return cached;
-            }
-
-            // Run npm audit --json for machine-readable CVE data
-            const { stdout } = await execa('npm', ['audit', '--json'], {
-                cwd: this.rootDir,
-                reject: false // npm audit returns non-zero for found vulnerabilities
-            });
-
-            const auditData = JSON.parse(stdout);
-            const vulnerabilities: SecurityEntry[] = [];
-
-            if (auditData.vulnerabilities) {
-                for (const [name, vuln] of Object.entries(auditData.vulnerabilities as any)) {
-                    const v = vuln as any;
-
-                    // Dig into the advisory data
-                    const via = v.via && Array.isArray(v.via) ? v.via[0] : null;
-
-                    vulnerabilities.push({
-                        cveId: via?.name || 'N/A',
-                        packageName: name,
-                        vulnerableRange: v.range,
-                        severity: v.severity,
-                        title: via?.title || `Vulnerability in ${name}`,
-                        url: via?.url || `https://www.npmjs.com/package/${name}/vulnerability`,
-                        currentVersion: v.nodes && v.nodes[0] ? v.version : undefined
-                    });
-                }
-            }
-
-            const result: SecurityResult = {
-                status: vulnerabilities.length > 0 ? 'VULNERABLE' : 'SECURE',
-                vulnerabilities: vulnerabilities.sort((a, b) => {
-                    const severityOrder = { critical: 0, high: 1, moderate: 2, low: 3 };
-                    return (severityOrder as any)[a.severity] - (severityOrder as any)[b.severity];
-                })
-            };
-
-            // Save to cache
-            await this.saveCache(lockfileHash, result);
-
-            return result;
-        } catch (error) {
-            console.error('Security audit failed:', error);
-            return { status: 'SECURE', vulnerabilities: [] };
-        }
-    }
-
-    /**
-     * Get a quick summary for the AI context.
-     */
-    async getSecuritySummary(): Promise<string> {
-        const result = await this.runAudit();
-        if (result.status === 'SECURE') return '✅ No known vulnerabilities found in dependencies.';
-
-        const topVulns = result.vulnerabilities.slice(0, 3);
-        let summary = `⚠️  FOUND ${result.vulnerabilities.length} VULNERABILITIES:\n`;
-
-        for (const v of topVulns) {
-            summary += `- [${v.severity.toUpperCase()}] ${v.packageName}: ${v.title} (${v.url})\n`;
-        }
-
-        if (result.vulnerabilities.length > 3) {
-            summary += `- ...and ${result.vulnerabilities.length - 3} more. Run 'rigour check' for full report.`;
-        }
-
-        return summary;
-    }
-
-    private async getLockfileHash(): Promise<string> {
-        const lockfiles = ['pnpm-lock.yaml', 'package-lock.json', 'yarn.lock'];
-        for (const file of lockfiles) {
-            try {
-                const content = await fs.readFile(path.join(this.rootDir, file), 'utf-8');
-                return createHash('sha256').update(content).digest('hex').slice(0, 16);
-            } catch {
-                continue;
-            }
-        }
-        return 'no-lockfile';
-    }
-
-    private async getCachedResult(currentHash: string): Promise<SecurityResult | null> {
-        try {
-            const content = await fs.readFile(this.cachePath, 'utf-8');
-            const cache: SecurityCache = JSON.parse(content);
-
-            const isExpired = Date.now() - new Date(cache.timestamp).getTime() > this.CACHE_TTL;
-            if (!isExpired && cache.lockfileHash === currentHash) {
-                return cache.result;
-            }
-        } catch {
-            // No cache or invalid cache
-        }
-        return null;
-    }
-
-    private async saveCache(hash: string, result: SecurityResult): Promise<void> {
-        try {
-            await fs.mkdir(path.dirname(this.cachePath), { recursive: true });
-            const cache: SecurityCache = {
-                lockfileHash: hash,
-                timestamp: new Date().toISOString(),
-                result
-            };
-            await fs.writeFile(this.cachePath, JSON.stringify(cache, null, 2), 'utf-8');
-        } catch (error) {
-            console.warn('Failed to save security cache:', error);
-        }
-    }
-}

package/src/pattern-index/staleness.test.ts

@@ -1,313 +0,0 @@
-/**
- * Staleness Detector Tests
- * 
- * Tests for the staleness detection system.
- */
-
-import { describe, it, expect, beforeEach, afterEach } from 'vitest';
-import * as fs from 'fs/promises';
-import * as path from 'path';
-import * as os from 'os';
-import { StalenessDetector, checkCodeStaleness } from './staleness.js';
-
-describe('StalenessDetector', () => {
-    let testDir: string;
-
-    beforeEach(async () => {
-        testDir = await fs.mkdtemp(path.join(os.tmpdir(), 'rigour-staleness-'));
-    });
-
-    afterEach(async () => {
-        await fs.rm(testDir, { recursive: true, force: true });
-    });
-
-    describe('React deprecations', () => {
-        it('should detect componentWillMount', async () => {
-            await fs.writeFile(
-                path.join(testDir, 'package.json'),
-                JSON.stringify({ dependencies: { react: '^18.0.0' } })
-            );
-
-            const detector = new StalenessDetector(testDir);
-            const result = await detector.checkStaleness(`
-                class MyComponent extends React.Component {
-                    componentWillMount() {
-                        console.log('mounting');
-                    }
-                }
-            `);
-
-            expect(result.status).toBe('DEPRECATED');
-            expect(result.issues.some(i => i.pattern.includes('componentWillMount'))).toBe(true);
-            expect(result.issues[0].replacement).toContain('useEffect');
-        });
-
-        it('should detect ReactDOM.render', async () => {
-            await fs.writeFile(
-                path.join(testDir, 'package.json'),
-                JSON.stringify({ dependencies: { react: '^18.0.0', 'react-dom': '^18.0.0' } })
-            );
-
-            const detector = new StalenessDetector(testDir);
-            const result = await detector.checkStaleness(`
-                ReactDOM.render(<App />, document.getElementById('root'));
-            `);
-
-            expect(result.status).toBe('DEPRECATED');
-            expect(result.issues.some(i => i.pattern.includes('ReactDOM.render'))).toBe(true);
-            expect(result.issues[0].replacement).toContain('createRoot');
-        });
-
-        it('should not flag React deprecations if React is not installed', async () => {
-            await fs.writeFile(
-                path.join(testDir, 'package.json'),
-                JSON.stringify({ dependencies: { express: '^4.0.0' } })
-            );
-
-            const detector = new StalenessDetector(testDir);
-            const result = await detector.checkStaleness(`
-                componentWillMount() {}
-            `);
-
-            // Should not flag React-specific patterns if React isn't a dependency
-            expect(result.issues.filter(i => i.pattern.includes('componentWillMount'))).toHaveLength(0);
-        });
-    });
-
-    describe('Package deprecations', () => {
-        it('should detect moment.js usage', async () => {
-            await fs.writeFile(
-                path.join(testDir, 'package.json'),
-                JSON.stringify({ dependencies: {} })
-            );
-
-            const detector = new StalenessDetector(testDir);
-            const result = await detector.checkStaleness(`
-                import moment from 'moment';
-                const date = moment().format('YYYY-MM-DD');
-            `);
-
-            expect(result.status).toBe('STALE');
-            expect(result.issues.some(i => i.replacement.includes('date-fns'))).toBe(true);
-        });
-
-        it('should detect request library usage', async () => {
-            await fs.writeFile(
-                path.join(testDir, 'package.json'),
-                JSON.stringify({ dependencies: {} })
-            );
-
-            const detector = new StalenessDetector(testDir);
-            const result = await detector.checkStaleness(`
-                const request = require('request');
-                request.get('https://example.com');
-            `);
-
-            expect(result.status).toBe('DEPRECATED');
-            expect(result.issues.some(i => i.replacement.includes('fetch'))).toBe(true);
-        });
-    });
-
-    describe('JavaScript deprecations', () => {
-        it('should detect var keyword usage', async () => {
-            await fs.writeFile(
-                path.join(testDir, 'package.json'),
-                JSON.stringify({ dependencies: {} })
-            );
-
-            const detector = new StalenessDetector(testDir);
-            const result = await detector.checkStaleness(`
-                var name = 'test';
-                var count = 0;
-            `);
-
-            expect(result.issues.some(i => i.replacement.includes('const') || i.replacement.includes('let'))).toBe(true);
-        });
-    });
-
-    describe('Redux deprecations', () => {
-        it('should detect createStore usage in modern Redux projects', async () => {
-            await fs.writeFile(
-                path.join(testDir, 'package.json'),
-                JSON.stringify({ dependencies: { redux: '^4.2.0' } })
-            );
-
-            const detector = new StalenessDetector(testDir);
-            const result = await detector.checkStaleness(`
-                import { createStore } from 'redux';
-                const store = createStore(reducer);
-            `);
-
-            expect(result.status).toBe('STALE');
-            expect(result.issues.some(i => i.replacement.includes('configureStore'))).toBe(true);
-        });
-    });
-
-    describe('Node.js deprecations', () => {
-        it('should detect Buffer constructor', async () => {
-            await fs.writeFile(
-                path.join(testDir, 'package.json'),
-                JSON.stringify({ dependencies: {} })
-            );
-
-            const detector = new StalenessDetector(testDir);
-            const result = await detector.checkStaleness(`
-                const buf = new Buffer('hello');
-            `);
-
-            expect(result.status).toBe('DEPRECATED');
-            expect(result.issues.some(i => i.replacement.includes('Buffer.from'))).toBe(true);
-        });
-    });
-
-    describe('Next.js deprecations', () => {
-        it('should detect getInitialProps in Next 13+ projects', async () => {
-            await fs.writeFile(
-                path.join(testDir, 'package.json'),
-                JSON.stringify({ dependencies: { next: '^13.0.0' } })
-            );
-
-            const detector = new StalenessDetector(testDir);
-            const result = await detector.checkStaleness(`
-                MyPage.getInitialProps = async (ctx) => {
-                    return { data: {} };
-                };
-            `);
-
-            expect(result.issues.some(i => i.pattern.includes('getInitialProps'))).toBe(true);
-        });
-    });
-
-    describe('TypeScript best practices', () => {
-        it('should warn about enum usage', async () => {
-            await fs.writeFile(
-                path.join(testDir, 'package.json'),
-                JSON.stringify({ dependencies: {} })
-            );
-
-            const detector = new StalenessDetector(testDir);
-            const result = await detector.checkStaleness(`
-                enum Status {
-                    Active = 'active',
-                    Inactive = 'inactive'
-                }
-            `);
-
-            expect(result.issues.some(i => i.severity === 'info' && i.pattern.includes('enum'))).toBe(true);
-        });
-    });
-
-    describe('Project context', () => {
-        it('should return project versions in context', async () => {
-            await fs.writeFile(
-                path.join(testDir, 'package.json'),
-                JSON.stringify({
-                    dependencies: {
-                        react: '^18.2.0',
-                        next: '^14.0.0'
-                    },
-                    devDependencies: {
-                        typescript: '^5.0.0'
-                    }
-                })
-            );
-
-            const detector = new StalenessDetector(testDir);
-            const result = await detector.checkStaleness('const x = 1;');
-
-            expect(result.projectContext.react).toBeDefined();
-            expect(result.projectContext.next).toBeDefined();
-            expect(result.projectContext.typescript).toBeDefined();
-        });
-    });
-
-    describe('Custom deprecations', () => {
-        it('should allow adding custom deprecation rules', async () => {
-            await fs.writeFile(
-                path.join(testDir, 'package.json'),
-                JSON.stringify({ dependencies: {} })
-            );
-
-            const detector = new StalenessDetector(testDir);
-            detector.addDeprecation({
-                pattern: 'legacyFunction',
-                deprecatedIn: '1.0.0',
-                replacement: 'newFunction()',
-                severity: 'error',
-                reason: 'Custom deprecation'
-            });
-
-            const result = await detector.checkStaleness(`
-                legacyFunction();
-            `);
-
-            expect(result.issues.some(i => i.replacement === 'newFunction()')).toBe(true);
-        });
-    });
-
-    describe('Overall status', () => {
-        it('should return FRESH when no issues found', async () => {
-            await fs.writeFile(
-                path.join(testDir, 'package.json'),
-                JSON.stringify({ dependencies: {} })
-            );
-
-            const detector = new StalenessDetector(testDir);
-            const result = await detector.checkStaleness(`
-                const name = 'test';
-                const greet = () => console.log('Hello');
-            `);
-
-            expect(result.status).toBe('FRESH');
-        });
-
-        it('should return STALE for warnings', async () => {
-            await fs.writeFile(
-                path.join(testDir, 'package.json'),
-                JSON.stringify({ dependencies: { redux: '^4.2.0' } })
-            );
-
-            const detector = new StalenessDetector(testDir);
-            const result = await detector.checkStaleness(`
-                createStore(reducer);
-            `);
-
-            expect(result.status).toBe('STALE');
-        });
-
-        it('should return DEPRECATED for errors', async () => {
-            await fs.writeFile(
-                path.join(testDir, 'package.json'),
-                JSON.stringify({ dependencies: {} })
-            );
-
-            const detector = new StalenessDetector(testDir);
-            const result = await detector.checkStaleness(`
-                new Buffer('hello');
-            `);
-
-            expect(result.status).toBe('DEPRECATED');
-        });
-    });
-});
-
-describe('checkCodeStaleness', () => {
-    let testDir: string;
-
-    beforeEach(async () => {
-        testDir = await fs.mkdtemp(path.join(os.tmpdir(), 'rigour-staleness-'));
-        await fs.writeFile(
-            path.join(testDir, 'package.json'),
-            JSON.stringify({ dependencies: {} })
-        );
-    });
-
-    afterEach(async () => {
-        await fs.rm(testDir, { recursive: true, force: true });
-    });
-
-    it('should be a quick helper for staleness checking', async () => {
-        const result = await checkCodeStaleness(testDir, 'const x = 1;');
-        expect(result.status).toBe('FRESH');
-    });
-});