npm - @shakecodeslikecray/whiterose - Versions diffs - 1.0.4 → 1.0.6 - Mend

@shakecodeslikecray/whiterose 1.0.4 → 1.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/cli/index.js CHANGED Viewed

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { readFileSync, existsSync, mkdirSync, writeFileSync, readdirSync, statSync, rmSync, mkdtempSync, realpathSync } from 'fs';
+import { readFileSync, existsSync, mkdirSync, writeFileSync, rmSync, readdirSync, statSync, mkdtempSync, realpathSync } from 'fs';
 import { join, dirname, isAbsolute, resolve, basename, relative } from 'path';
 import chalk3 from 'chalk';
 import * as readline from 'readline';
@@ -2116,11 +2116,25 @@ var CoreScanner = class {
   executor;
   config;
   progress;
+  passErrors = [];
   constructor(executor, config = {}, progress = {}) {
     this.executor = executor;
     this.config = { ...DEFAULT_SCANNER_CONFIG, ...config };
     this.progress = progress;
   }
+  /**
+   * Get errors that occurred during the last scan.
+   * Returns an array of pass names and their error messages.
+   */
+  getPassErrors() {
+    return this.passErrors;
+  }
+  /**
+   * Check if any passes failed during the last scan.
+   */
+  hasPassErrors() {
+    return this.passErrors.length > 0;
+  }
   /**
    * Run a thorough 19-pass scan with findings flowing through pipeline:
    *
@@ -2134,6 +2148,7 @@ var CoreScanner = class {
   async scan(context) {
     const cwd = process.cwd();
     const startTime = Date.now();
+    this.passErrors = [];
     const pipeline = getFullAnalysisPipeline();
     const unitPasses = pipeline[0].passes;
     const integrationPasses = pipeline[1].passes;
@@ -2214,8 +2229,10 @@ var CoreScanner = class {
           this.report(`    \u2713 ${pass.name}: ${bugs.length} bugs`);
           return bugs;
         } catch (error) {
-          this.progress.onPassError?.(pass.name, error.message);
-          this.report(`    \u2717 ${pass.name}: ${error.message}`);
+          const errorMsg = error.message || String(error);
+          this.progress.onPassError?.(pass.name, errorMsg);
+          this.report(`    \u2717 ${pass.name}: ${errorMsg}`);
+          this.passErrors.push({ passName: pass.name, error: errorMsg });
           return [];
         }
       });
@@ -2236,6 +2253,7 @@ var CoreScanner = class {
    */
   async quickScan(context) {
     const cwd = process.cwd();
+    this.passErrors = [];
     this.report(`
 \u2550\u2550\u2550\u2550 QUICK SCAN \u2550\u2550\u2550\u2550`);
     this.report(`  Provider: ${this.executor.name}`);
@@ -2249,7 +2267,9 @@ var CoreScanner = class {
       this.report(`  Found ${bugs.length} bugs`);
       return bugs;
     } catch (error) {
-      this.report(`  Error: ${error.message}`);
+      const errorMsg = error.message || String(error);
+      this.report(`  Error: ${errorMsg}`);
+      this.passErrors.push({ passName: "quick-scan", error: errorMsg });
       return [];
     }
   }
@@ -2294,11 +2314,41 @@ var CoreScanner = class {
         }
       }
     } else {
-      const jsonObjectMatch = output.match(/\{[\s\S]*\}/);
-      if (jsonObjectMatch) {
-        try {
-          parsed = JSON.parse(jsonObjectMatch[0]);
-        } catch {
+      const firstBrace = output.indexOf("{");
+      if (firstBrace !== -1) {
+        const substring = output.slice(firstBrace);
+        let depth = 0;
+        let inString = false;
+        let escape = false;
+        for (let i = 0; i < substring.length; i++) {
+          const char = substring[i];
+          if (escape) {
+            escape = false;
+            continue;
+          }
+          if (char === "\\" && inString) {
+            escape = true;
+            continue;
+          }
+          if (char === '"') {
+            inString = !inString;
+            continue;
+          }
+          if (inString) continue;
+          if (char === "{") {
+            depth++;
+          } else if (char === "}") {
+            depth--;
+            if (depth === 0) {
+              const candidate = substring.slice(0, i + 1);
+              try {
+                parsed = JSON.parse(candidate);
+                break;
+              } catch {
+                depth = 1;
+              }
+            }
+          }
         }
       }
     }
@@ -3089,7 +3139,7 @@ function extractIntentFromDocs(docs) {
     }
   }
   if (docs.readme) {
-    const featuresMatch = docs.readme.match(/##\s*Features?\s*\n([\s\S]*?)(?=\n##|\n---|\$)/i);
+    const featuresMatch = docs.readme.match(/##\s*Features?\s*\n([\s\S]*?)(?=\n##|\n---|$)/i);
     if (featuresMatch) {
       const featureLines = featuresMatch[1].split("\n").filter((line) => line.trim().startsWith("-") || line.trim().startsWith("*")).map((line) => line.replace(/^[-*]\s*/, "").trim()).filter((line) => line.length > 0);
       intent.features.push(...featureLines.slice(0, 20));
@@ -3326,6 +3376,9 @@ async function initCommand(options) {
   }
   const writeSpinner = p3.spinner();
   writeSpinner.start("Creating configuration...");
+  const whiteroseExistedBefore = existsSync(whiterosePath);
+  const gitignorePath = join(cwd, ".gitignore");
+  const originalGitignore = existsSync(gitignorePath) ? readFileSync(gitignorePath, "utf-8") : null;
   try {
     mkdirSync(join(whiterosePath, "cache"), { recursive: true });
     mkdirSync(join(whiterosePath, "reports"), { recursive: true });
@@ -3361,29 +3414,37 @@ async function initCommand(options) {
         markdownPath: "BUGS.md"
       }
     };
-    writeFileSync(join(whiterosePath, "config.yml"), YAML.stringify(config), "utf-8");
-    writeFileSync(
-      join(whiterosePath, "cache", "understanding.json"),
-      JSON.stringify(understanding, null, 2),
-      "utf-8"
-    );
     const intentDoc = generateIntentDocument(understanding);
+    const configContent = YAML.stringify(config);
+    const understandingContent = JSON.stringify(understanding, null, 2);
+    const hashesContent = JSON.stringify({ version: "1", fileHashes: [], lastFullScan: null }, null, 2);
+    writeFileSync(join(whiterosePath, "config.yml"), configContent, "utf-8");
+    writeFileSync(join(whiterosePath, "cache", "understanding.json"), understandingContent, "utf-8");
     writeFileSync(join(whiterosePath, "intent.md"), intentDoc, "utf-8");
-    writeFileSync(
-      join(whiterosePath, "cache", "file-hashes.json"),
-      JSON.stringify({ version: "1", fileHashes: [], lastFullScan: null }, null, 2),
-      "utf-8"
-    );
-    const gitignorePath = join(cwd, ".gitignore");
-    if (existsSync(gitignorePath)) {
-      const gitignore = await import('fs').then((fs) => fs.readFileSync(gitignorePath, "utf-8"));
-      if (!gitignore.includes(".whiterose/cache")) {
-        writeFileSync(gitignorePath, gitignore + "\n# whiterose cache\n.whiterose/cache/\n", "utf-8");
-      }
+    writeFileSync(join(whiterosePath, "cache", "file-hashes.json"), hashesContent, "utf-8");
+    if (originalGitignore !== null && !originalGitignore.includes(".whiterose/cache")) {
+      writeFileSync(gitignorePath, originalGitignore + "\n# whiterose cache\n.whiterose/cache/\n", "utf-8");
     }
     writeSpinner.stop("Configuration created");
   } catch (error) {
     writeSpinner.stop("Failed to create configuration");
+    if (!whiteroseExistedBefore && existsSync(whiterosePath)) {
+      try {
+        rmSync(whiterosePath, { recursive: true, force: true });
+        p3.log.info("Rolled back: removed .whiterose directory");
+      } catch {
+      }
+    }
+    if (originalGitignore !== null && existsSync(gitignorePath)) {
+      try {
+        const currentGitignore = readFileSync(gitignorePath, "utf-8");
+        if (currentGitignore !== originalGitignore) {
+          writeFileSync(gitignorePath, originalGitignore, "utf-8");
+          p3.log.info("Rolled back: restored .gitignore");
+        }
+      } catch {
+      }
+    }
     p3.log.error(String(error));
     process.exit(1);
   }
@@ -5146,7 +5207,19 @@ async function scanCommand(paths, options) {
     try {
       config = await loadConfig(cwd);
       understanding = await loadUnderstanding(cwd);
-    } catch {
+    } catch (err) {
+      const errorMessage = err instanceof Error ? err.message : String(err);
+      if (!isQuiet) {
+        p3.log.warn(`Failed to load config: ${errorMessage}`);
+        p3.log.info('Continuing with default settings. Run "whiterose init" to fix.');
+      } else if (options.ci) {
+        console.error(JSON.stringify({
+          error: "Config parse error",
+          message: errorMessage,
+          hint: 'Fix config.yml or run "whiterose init" to regenerate'
+        }));
+        process.exit(1);
+      }
     }
   }
   if (!understanding) {
@@ -5265,6 +5338,16 @@ async function scanCommand(paths, options) {
       }
       const totalTime = Math.floor((Date.now() - analysisStartTime) / 1e3);
       llmSpinner.stop(`Found ${bugs.length} potential bugs (${totalTime}s)`);
+      if (scanner.hasPassErrors()) {
+        const errors = scanner.getPassErrors();
+        p3.log.warn(`${errors.length} analysis pass(es) failed:`);
+        for (const err of errors.slice(0, 5)) {
+          console.log(chalk3.yellow(`  - ${err.passName}: ${err.error}`));
+        }
+        if (errors.length > 5) {
+          console.log(chalk3.yellow(`  ... and ${errors.length - 5} more`));
+        }
+      }
     } catch (error) {
       llmSpinner.stop("Analysis failed");
       p3.log.error(String(error));
@@ -5287,6 +5370,16 @@ async function scanCommand(paths, options) {
         config
       });
     }
+    if (options.ci && scanner.hasPassErrors()) {
+      const errors = scanner.getPassErrors();
+      if (bugs.length === 0) {
+        console.error(JSON.stringify({
+          error: "Analysis failed",
+          passErrors: errors
+        }));
+        process.exit(1);
+      }
+    }
   }
   if (!isQuickScan) {
     if (!isQuiet) {
@@ -5307,7 +5400,14 @@ async function scanCommand(paths, options) {
       try {
         const crossFileBugs = await analyzeCrossFile(cwd);
         bugs.push(...crossFileBugs);
-      } catch {
+      } catch (err) {
+        if (options.ci) {
+          console.error(JSON.stringify({
+            error: "Cross-file analysis failed",
+            message: err instanceof Error ? err.message : String(err)
+          }));
+          process.exit(1);
+        }
       }
     }
   }
@@ -5330,7 +5430,14 @@ async function scanCommand(paths, options) {
       try {
         const contractBugs = await analyzeContracts(cwd);
         bugs.push(...contractBugs);
-      } catch {
+      } catch (err) {
+        if (options.ci) {
+          console.error(JSON.stringify({
+            error: "Contract analysis failed",
+            message: err instanceof Error ? err.message : String(err)
+          }));
+          process.exit(1);
+        }
       }
     }
   }
@@ -5340,7 +5447,14 @@ async function scanCommand(paths, options) {
       if (intentBugs.length > 0) {
         bugs.push(...intentBugs);
       }
-    } catch {
+    } catch (err) {
+      if (options.ci) {
+        console.error(JSON.stringify({
+          error: "Intent validation failed",
+          message: err instanceof Error ? err.message : String(err)
+        }));
+        process.exit(1);
+      }
     }
   }
   const confidenceOrder = { high: 3, medium: 2, low: 1 };
@@ -6484,19 +6598,21 @@ async function runAgenticFix(bug, config, projectDir, onProgress) {
                   for (const block of event.message.content) {
                     if (block.type === "tool_use") {
                       const toolName = block.name || "tool";
-                      onProgress(`Using ${toolName}...`);
-                    } else if (block.type === "text" && block.text) {
-                      const preview = block.text.substring(0, 80).replace(/\n/g, " ").trim();
-                      if (preview) {
-                        onProgress(preview + (block.text.length > 80 ? "..." : ""));
-                      }
+                      const friendlyNames = {
+                        "Read": "Reading file",
+                        "Edit": "Editing file",
+                        "Write": "Writing file",
+                        "Bash": "Running command",
+                        "Glob": "Searching files",
+                        "Grep": "Searching content",
+                        "Task": "Running task"
+                      };
+                      const displayName = friendlyNames[toolName] || `Using ${toolName}`;
+                      onProgress(`${displayName}...`);
                     }
                   }
                 }
               } catch {
-                if (trimmed.length > 3 && trimmed.length < 100) {
-                  onProgress(trimmed);
-                }
               }
             }
           }
@@ -6935,10 +7051,12 @@ async function loadBugFromGitHub(issueUrl, cwd) {
     } else if (labels.some((l) => l.includes("leak") || l.includes("memory"))) {
       category = "resource-leak";
     }
+    const sanitizedTitle = sanitizeSarifText(String(issue.title || ""), "github.title");
+    const sanitizedBody = sanitizeSarifText(String(issue.body || ""), "github.body");
     return {
       id: `GH-${issueNumber}`,
-      title: issue.title,
-      description: issue.body || issue.title,
+      title: sanitizedTitle,
+      description: sanitizedBody || sanitizedTitle,
       file: fileMatch?.[1] || "",
       line: parseInt(lineMatch?.[1] || "1", 10),
       kind: "bug",