@rigour-labs/core 2.9.4 → 2.10.0

package/dist/pattern-index/matcher.test.js

@@ -0,0 +1,238 @@
+/**
+ * Pattern Matcher Tests
+ *
+ * Comprehensive tests for the pattern matcher.
+ */
+import { describe, it, expect } from 'vitest';
+import { PatternMatcher, checkPatternDuplicate } from './matcher.js';
+// Helper to create a mock pattern
+function createPattern(overrides = {}) {
+    return {
+        id: 'test-id',
+        type: 'function',
+        name: 'testFunction',
+        file: 'src/utils.ts',
+        line: 1,
+        endLine: 5,
+        signature: '(input: string): string',
+        description: 'A test function',
+        keywords: ['test', 'function'],
+        hash: 'abc123',
+        exported: true,
+        usageCount: 0,
+        indexedAt: new Date().toISOString(),
+        ...overrides
+    };
+}
+// Helper to create a mock index
+function createIndex(patterns) {
+    return {
+        version: '1.0.0',
+        lastUpdated: new Date().toISOString(),
+        rootDir: '/test',
+        patterns,
+        stats: {
+            totalPatterns: patterns.length,
+            totalFiles: 1,
+            byType: { function: patterns.length },
+            indexDurationMs: 100
+        },
+        files: []
+    };
+}
+describe('PatternMatcher', () => {
+    describe('exact name match', () => {
+        it('should find exact name matches with 100% confidence', async () => {
+            const pattern = createPattern({ name: 'formatDate' });
+            const index = createIndex([pattern]);
+            const matcher = new PatternMatcher(index, { useEmbeddings: false });
+            const result = await matcher.match({ name: 'formatDate' });
+            expect(result.status).toBe('FOUND_SIMILAR');
+            expect(result.matches).toHaveLength(1);
+            expect(result.matches[0].matchType).toBe('exact');
+            expect(result.matches[0].confidence).toBe(100);
+        });
+        it('should be case-insensitive for exact matches', async () => {
+            const pattern = createPattern({ name: 'formatDate' });
+            const index = createIndex([pattern]);
+            const matcher = new PatternMatcher(index, { useEmbeddings: false });
+            const result = await matcher.match({ name: 'FormatDate' });
+            expect(result.matches).toHaveLength(1);
+            expect(result.matches[0].matchType).toBe('exact');
+        });
+        it('should set action to BLOCK for exact matches', async () => {
+            const pattern = createPattern({ name: 'formatDate' });
+            const index = createIndex([pattern]);
+            const matcher = new PatternMatcher(index, { useEmbeddings: false });
+            const result = await matcher.match({ name: 'formatDate' });
+            expect(result.action).toBe('BLOCK');
+        });
+    });
+    describe('fuzzy name match', () => {
+        it('should find fuzzy matches for similar names', async () => {
+            const pattern = createPattern({ name: 'formatDate' });
+            const index = createIndex([pattern]);
+            const matcher = new PatternMatcher(index, { useEmbeddings: false });
+            // 'formatDate' vs 'formatDates' have extremely high similarity
+            const result = await matcher.match({ name: 'formatDates' });
+            expect(result.status).toBe('FOUND_SIMILAR');
+            expect(result.matches.some(m => m.matchType === 'fuzzy')).toBe(true);
+        });
+        it('should find matches for renamed patterns', async () => {
+            const pattern = createPattern({
+                name: 'formatDate',
+                keywords: ['format', 'date']
+            });
+            const index = createIndex([pattern]);
+            const matcher = new PatternMatcher(index, { useEmbeddings: false });
+            const result = await matcher.match({ name: 'formatDateString' });
+            expect(result.matches.length).toBeGreaterThan(0);
+        });
+        it('should not match completely unrelated names', async () => {
+            const pattern = createPattern({ name: 'formatDate' });
+            const index = createIndex([pattern]);
+            const matcher = new PatternMatcher(index, { useEmbeddings: false });
+            const result = await matcher.match({ name: 'sendEmail' });
+            expect(result.status).toBe('NO_MATCH');
+        });
+    });
+    describe('signature match', () => {
+        it('should find matches with identical signatures', async () => {
+            const pattern = createPattern({
+                name: 'formatDate',
+                signature: '(date: Date): string'
+            });
+            const index = createIndex([pattern]);
+            const matcher = new PatternMatcher(index, { useEmbeddings: false });
+            const result = await matcher.match({
+                name: 'myDateFormatter',
+                signature: '(date: Date): string'
+            });
+            expect(result.matches.some(m => m.matchType === 'signature')).toBe(true);
+        });
+        it('should match similar parameter patterns', async () => {
+            const pattern = createPattern({
+                name: 'formatDate',
+                signature: '(date: Date, format: string): string'
+            });
+            const index = createIndex([pattern]);
+            const matcher = new PatternMatcher(index, { useEmbeddings: false });
+            const result = await matcher.match({
+                signature: '(input: Date, pattern: string): string'
+            });
+            expect(result.matches.length).toBeGreaterThan(0);
+        });
+    });
+    describe('keyword match', () => {
+        it('should find matches based on keywords', async () => {
+            const pattern = createPattern({
+                name: 'formatDate',
+                keywords: ['format', 'date', 'time']
+            });
+            const index = createIndex([pattern]);
+            const matcher = new PatternMatcher(index, { useEmbeddings: false });
+            const result = await matcher.match({
+                keywords: ['date', 'format']
+            });
+            expect(result.matches.some(m => m.matchType === 'semantic')).toBe(true);
+        });
+    });
+    describe('overrides', () => {
+        it('should allow overridden patterns', async () => {
+            const pattern = createPattern({ name: 'formatDate' });
+            const index = createIndex([pattern]);
+            const matcher = new PatternMatcher(index, { useEmbeddings: false }, [
+                {
+                    pattern: 'formatDate',
+                    reason: 'Refactoring in progress',
+                    createdAt: new Date().toISOString()
+                }
+            ]);
+            const result = await matcher.match({ name: 'formatDate' });
+            expect(result.status).toBe('OVERRIDE_ALLOWED');
+            expect(result.action).toBe('ALLOW');
+        });
+        it('should support glob overrides', async () => {
+            const pattern = createPattern({ name: 'formatDate' });
+            const index = createIndex([pattern]);
+            const matcher = new PatternMatcher(index, { useEmbeddings: false }, [
+                {
+                    pattern: 'format*',
+                    reason: 'All format functions are exempt',
+                    createdAt: new Date().toISOString()
+                }
+            ]);
+            const result = await matcher.match({ name: 'formatDate' });
+            expect(result.status).toBe('OVERRIDE_ALLOWED');
+        });
+        it('should ignore expired overrides', async () => {
+            const pattern = createPattern({ name: 'formatDate' });
+            const index = createIndex([pattern]);
+            const matcher = new PatternMatcher(index, { useEmbeddings: false }, [
+                {
+                    pattern: 'formatDate',
+                    reason: 'Expired override',
+                    createdAt: '2020-01-01T00:00:00Z',
+                    expiresAt: '2020-01-02T00:00:00Z' // Expired
+                }
+            ]);
+            const result = await matcher.match({ name: 'formatDate' });
+            expect(result.status).toBe('FOUND_SIMILAR');
+        });
+    });
+    describe('configuration', () => {
+        it('should respect minConfidence setting', async () => {
+            const pattern = createPattern({ name: 'formatDate' });
+            const index = createIndex([pattern]);
+            const matcher = new PatternMatcher(index, { minConfidence: 95, useEmbeddings: false });
+            // Fuzzy match won't meet 95% threshold
+            const result = await matcher.match({ name: 'dateFormat' });
+            // Should only include exact matches at 95%+ threshold
+            expect(result.matches.every(m => m.confidence >= 95)).toBe(true);
+        });
+        it('should respect maxMatches setting', async () => {
+            const patterns = [
+                createPattern({ id: '1', name: 'formatDate1' }),
+                createPattern({ id: '2', name: 'formatDate2' }),
+                createPattern({ id: '3', name: 'formatDate3' }),
+                createPattern({ id: '4', name: 'formatDate4' }),
+            ];
+            const index = createIndex(patterns);
+            const matcher = new PatternMatcher(index, { maxMatches: 2, useEmbeddings: false });
+            const result = await matcher.match({ name: 'formatDate' });
+            expect(result.matches.length).toBeLessThanOrEqual(2);
+        });
+    });
+    describe('suggestions', () => {
+        it('should suggest importing exported patterns', async () => {
+            const pattern = createPattern({
+                name: 'formatDate',
+                file: 'src/utils/date.ts',
+                exported: true
+            });
+            const index = createIndex([pattern]);
+            const matcher = new PatternMatcher(index, { useEmbeddings: false });
+            const result = await matcher.match({ name: 'formatDate' });
+            expect(result.suggestion).toContain('Import');
+            expect(result.suggestion).toContain('src/utils/date.ts');
+        });
+        it('should suggest extracting non-exported patterns', async () => {
+            const pattern = createPattern({
+                name: 'formatDate',
+                exported: false
+            });
+            const index = createIndex([pattern]);
+            const matcher = new PatternMatcher(index, { useEmbeddings: false });
+            const result = await matcher.match({ name: 'formatDate' });
+            expect(result.suggestion).toContain('similar pattern');
+        });
+    });
+});
+describe('checkPatternDuplicate', () => {
+    it('should be a quick helper for duplicate checking', async () => {
+        const pattern = createPattern({ name: 'myUtil' });
+        const index = createIndex([pattern]);
+        const result = await checkPatternDuplicate(index, 'myUtil');
+        expect(result.status).toBe('FOUND_SIMILAR');
+    });
+});

package/dist/pattern-index/overrides.d.ts

@@ -0,0 +1,64 @@
+/**
+ * Human Override Manager
+ *
+ * Manages human overrides for pattern matching.
+ * Supports inline comments, config files, and MCP approvals.
+ */
+import type { PatternOverride } from './types.js';
+/**
+ * Override Manager class.
+ */
+export declare class OverrideManager {
+    private overrides;
+    private rootDir;
+    private overridesPath;
+    constructor(rootDir: string);
+    /**
+     * Load overrides from disk.
+     */
+    load(): Promise<PatternOverride[]>;
+    /**
+     * Save overrides to disk.
+     */
+    save(): Promise<void>;
+    /**
+     * Add a new override.
+     */
+    addOverride(override: Omit<PatternOverride, 'createdAt'>): Promise<PatternOverride>;
+    /**
+     * Remove an override.
+     */
+    removeOverride(pattern: string): Promise<boolean>;
+    /**
+     * Check if a pattern is overridden.
+     */
+    isOverridden(name: string): PatternOverride | null;
+    /**
+     * Get all active overrides.
+     */
+    getActiveOverrides(): PatternOverride[];
+    /**
+     * Get all expired overrides.
+     */
+    getExpiredOverrides(): PatternOverride[];
+    /**
+     * Clean up expired overrides.
+     */
+    cleanupExpired(): Promise<number>;
+    /**
+     * Parse inline override comments from code.
+     */
+    parseInlineOverrides(code: string, filePath: string): PatternOverride[];
+    /**
+     * Check if an override is expired.
+     */
+    private isExpired;
+    /**
+     * Get default expiration date.
+     */
+    private getDefaultExpiration;
+}
+/**
+ * Load overrides from rigour.config.yaml.
+ */
+export declare function loadConfigOverrides(rootDir: string): Promise<PatternOverride[]>;

package/dist/pattern-index/overrides.js

@@ -0,0 +1,196 @@
+/**
+ * Human Override Manager
+ *
+ * Manages human overrides for pattern matching.
+ * Supports inline comments, config files, and MCP approvals.
+ */
+import * as fs from 'fs/promises';
+import * as path from 'path';
+/** Default override expiration in days */
+const DEFAULT_EXPIRATION_DAYS = 30;
+/**
+ * Override Manager class.
+ */
+export class OverrideManager {
+    overrides = [];
+    rootDir;
+    overridesPath;
+    constructor(rootDir) {
+        this.rootDir = rootDir;
+        this.overridesPath = path.join(rootDir, '.rigour', 'allow.json');
+    }
+    /**
+     * Load overrides from disk.
+     */
+    async load() {
+        try {
+            const content = await fs.readFile(this.overridesPath, 'utf-8');
+            const data = JSON.parse(content);
+            this.overrides = data.overrides || [];
+            // Filter out expired overrides
+            this.overrides = this.overrides.filter(o => !this.isExpired(o));
+            return this.overrides;
+        }
+        catch {
+            this.overrides = [];
+            return [];
+        }
+    }
+    /**
+     * Save overrides to disk.
+     */
+    async save() {
+        const dir = path.dirname(this.overridesPath);
+        await fs.mkdir(dir, { recursive: true });
+        await fs.writeFile(this.overridesPath, JSON.stringify({ overrides: this.overrides }, null, 2), 'utf-8');
+    }
+    /**
+     * Add a new override.
+     */
+    async addOverride(override) {
+        const fullOverride = {
+            ...override,
+            createdAt: new Date().toISOString(),
+            expiresAt: override.expiresAt || this.getDefaultExpiration()
+        };
+        // Remove any existing override for the same pattern
+        this.overrides = this.overrides.filter(o => o.pattern !== fullOverride.pattern);
+        this.overrides.push(fullOverride);
+        await this.save();
+        return fullOverride;
+    }
+    /**
+     * Remove an override.
+     */
+    async removeOverride(pattern) {
+        const before = this.overrides.length;
+        this.overrides = this.overrides.filter(o => o.pattern !== pattern);
+        if (this.overrides.length !== before) {
+            await this.save();
+            return true;
+        }
+        return false;
+    }
+    /**
+     * Check if a pattern is overridden.
+     */
+    isOverridden(name) {
+        for (const override of this.overrides) {
+            if (this.isExpired(override))
+                continue;
+            // Exact match
+            if (override.pattern === name) {
+                return override;
+            }
+            // Glob match
+            if (override.pattern.includes('*')) {
+                const regex = new RegExp('^' + override.pattern.replace(/\*/g, '.*') + '$');
+                if (regex.test(name)) {
+                    return override;
+                }
+            }
+        }
+        return null;
+    }
+    /**
+     * Get all active overrides.
+     */
+    getActiveOverrides() {
+        return this.overrides.filter(o => !this.isExpired(o));
+    }
+    /**
+     * Get all expired overrides.
+     */
+    getExpiredOverrides() {
+        return this.overrides.filter(o => this.isExpired(o));
+    }
+    /**
+     * Clean up expired overrides.
+     */
+    async cleanupExpired() {
+        const before = this.overrides.length;
+        this.overrides = this.overrides.filter(o => !this.isExpired(o));
+        if (this.overrides.length !== before) {
+            await this.save();
+        }
+        return before - this.overrides.length;
+    }
+    /**
+     * Parse inline override comments from code.
+     */
+    parseInlineOverrides(code, filePath) {
+        const overrides = [];
+        const lines = code.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // Match: // rigour-allow: pattern-name
+            // Or: // rigour-allow: pattern-name (reason)
+            const match = line.match(/\/\/\s*rigour-allow:\s*(\S+)(?:\s*\(([^)]+)\))?/i);
+            if (match) {
+                overrides.push({
+                    pattern: match[1],
+                    reason: match[2] || `Inline override in ${filePath}:${i + 1}`,
+                    createdAt: new Date().toISOString(),
+                    approvedBy: `inline:${filePath}:${i + 1}`
+                });
+            }
+        }
+        return overrides;
+    }
+    /**
+     * Check if an override is expired.
+     */
+    isExpired(override) {
+        if (!override.expiresAt)
+            return false;
+        return new Date(override.expiresAt) < new Date();
+    }
+    /**
+     * Get default expiration date.
+     */
+    getDefaultExpiration() {
+        const date = new Date();
+        date.setDate(date.getDate() + DEFAULT_EXPIRATION_DAYS);
+        return date.toISOString();
+    }
+}
+/**
+ * Load overrides from rigour.config.yaml.
+ */
+export async function loadConfigOverrides(rootDir) {
+    const configPaths = [
+        path.join(rootDir, 'rigour.config.yaml'),
+        path.join(rootDir, 'rigour.config.yml'),
+        path.join(rootDir, '.rigour', 'config.yaml')
+    ];
+    for (const configPath of configPaths) {
+        try {
+            const content = await fs.readFile(configPath, 'utf-8');
+            const { parse } = await import('yaml');
+            const config = parse(content);
+            if (config.patterns?.allow && Array.isArray(config.patterns.allow)) {
+                return config.patterns.allow.map((item) => {
+                    if (typeof item === 'string') {
+                        return {
+                            pattern: item,
+                            reason: 'Configured in rigour.config.yaml',
+                            createdAt: new Date().toISOString()
+                        };
+                    }
+                    return {
+                        pattern: item.pattern || item.path || item.name,
+                        reason: item.reason || 'Configured in rigour.config.yaml',
+                        expiresAt: item.expires,
+                        approvedBy: item.approved_by,
+                        createdAt: new Date().toISOString()
+                    };
+                });
+            }
+        }
+        catch {
+            // Config file doesn't exist or is invalid
+            continue;
+        }
+    }
+    return [];
+}

package/dist/pattern-index/security.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Security Detector
+ *
+ * Detects CVEs and security vulnerabilities in the project's dependencies
+ * and alerts the AI/Editor before code is written.
+ */
+import type { SecurityResult } from './types.js';
+export declare class SecurityDetector {
+    private rootDir;
+    private cachePath;
+    private CACHE_TTL;
+    constructor(rootDir: string);
+    /**
+     * Run a live security audit using NPM.
+     * This provides the latest CVE info from the NPM registry.
+     */
+    runAudit(): Promise<SecurityResult>;
+    /**
+     * Get a quick summary for the AI context.
+     */
+    getSecuritySummary(): Promise<string>;
+    private getLockfileHash;
+    private getCachedResult;
+    private saveCache;
+}

package/dist/pattern-index/security.js

@@ -0,0 +1,127 @@
+/**
+ * Security Detector
+ *
+ * Detects CVEs and security vulnerabilities in the project's dependencies
+ * and alerts the AI/Editor before code is written.
+ */
+import { execa } from 'execa';
+import * as fs from 'fs/promises';
+import * as path from 'path';
+import { createHash } from 'crypto';
+export class SecurityDetector {
+    rootDir;
+    cachePath;
+    CACHE_TTL = 3600000; // 1 hour in milliseconds
+    constructor(rootDir) {
+        this.rootDir = rootDir;
+        this.cachePath = path.join(rootDir, '.rigour', 'security-cache.json');
+    }
+    /**
+     * Run a live security audit using NPM.
+     * This provides the latest CVE info from the NPM registry.
+     */
+    async runAudit() {
+        try {
+            const lockfileHash = await this.getLockfileHash();
+            const cached = await this.getCachedResult(lockfileHash);
+            if (cached) {
+                return cached;
+            }
+            // Run npm audit --json for machine-readable CVE data
+            const { stdout } = await execa('npm', ['audit', '--json'], {
+                cwd: this.rootDir,
+                reject: false // npm audit returns non-zero for found vulnerabilities
+            });
+            const auditData = JSON.parse(stdout);
+            const vulnerabilities = [];
+            if (auditData.vulnerabilities) {
+                for (const [name, vuln] of Object.entries(auditData.vulnerabilities)) {
+                    const v = vuln;
+                    // Dig into the advisory data
+                    const via = v.via && Array.isArray(v.via) ? v.via[0] : null;
+                    vulnerabilities.push({
+                        cveId: via?.name || 'N/A',
+                        packageName: name,
+                        vulnerableRange: v.range,
+                        severity: v.severity,
+                        title: via?.title || `Vulnerability in ${name}`,
+                        url: via?.url || `https://www.npmjs.com/package/${name}/vulnerability`,
+                        currentVersion: v.nodes && v.nodes[0] ? v.version : undefined
+                    });
+                }
+            }
+            const result = {
+                status: vulnerabilities.length > 0 ? 'VULNERABLE' : 'SECURE',
+                vulnerabilities: vulnerabilities.sort((a, b) => {
+                    const severityOrder = { critical: 0, high: 1, moderate: 2, low: 3 };
+                    return severityOrder[a.severity] - severityOrder[b.severity];
+                })
+            };
+            // Save to cache
+            await this.saveCache(lockfileHash, result);
+            return result;
+        }
+        catch (error) {
+            console.error('Security audit failed:', error);
+            return { status: 'SECURE', vulnerabilities: [] };
+        }
+    }
+    /**
+     * Get a quick summary for the AI context.
+     */
+    async getSecuritySummary() {
+        const result = await this.runAudit();
+        if (result.status === 'SECURE')
+            return '✅ No known vulnerabilities found in dependencies.';
+        const topVulns = result.vulnerabilities.slice(0, 3);
+        let summary = `⚠️  FOUND ${result.vulnerabilities.length} VULNERABILITIES:\n`;
+        for (const v of topVulns) {
+            summary += `- [${v.severity.toUpperCase()}] ${v.packageName}: ${v.title} (${v.url})\n`;
+        }
+        if (result.vulnerabilities.length > 3) {
+            summary += `- ...and ${result.vulnerabilities.length - 3} more. Run 'rigour check' for full report.`;
+        }
+        return summary;
+    }
+    async getLockfileHash() {
+        const lockfiles = ['pnpm-lock.yaml', 'package-lock.json', 'yarn.lock'];
+        for (const file of lockfiles) {
+            try {
+                const content = await fs.readFile(path.join(this.rootDir, file), 'utf-8');
+                return createHash('sha256').update(content).digest('hex').slice(0, 16);
+            }
+            catch {
+                continue;
+            }
+        }
+        return 'no-lockfile';
+    }
+    async getCachedResult(currentHash) {
+        try {
+            const content = await fs.readFile(this.cachePath, 'utf-8');
+            const cache = JSON.parse(content);
+            const isExpired = Date.now() - new Date(cache.timestamp).getTime() > this.CACHE_TTL;
+            if (!isExpired && cache.lockfileHash === currentHash) {
+                return cache.result;
+            }
+        }
+        catch {
+            // No cache or invalid cache
+        }
+        return null;
+    }
+    async saveCache(hash, result) {
+        try {
+            await fs.mkdir(path.dirname(this.cachePath), { recursive: true });
+            const cache = {
+                lockfileHash: hash,
+                timestamp: new Date().toISOString(),
+                result
+            };
+            await fs.writeFile(this.cachePath, JSON.stringify(cache, null, 2), 'utf-8');
+        }
+        catch (error) {
+            console.warn('Failed to save security cache:', error);
+        }
+    }
+}