@synchronized-studio/cmsassets-agent 0.5.1 → 0.6.1

package/dist/chunk-BHI66HZ7.js

@@ -0,0 +1,492 @@
+import {
+  buildCmsOptions,
+  findInjectionPoints,
+  getTransformFunctionName
+} from "./chunk-W7TNFULQ.js";
+import {
+  chatCompletion,
+  isOpenAiError
+} from "./chunk-3D6MPYQN.js";
+
+// src/verifier/aiReview.ts
+import { readFileSync as readFileSync2, writeFileSync } from "fs";
+import { join as join2 } from "path";
+import consola from "consola";
+import pc from "picocolors";
+
+// src/patcher/diffValidator.ts
+var ALLOWED_ADD_PATTERNS = [
+  /import\s+\{[^}]*transform/i,
+  /response-transformer/,
+  /transformCmsAssetUrls/,
+  /transformPrismicAssetUrls/,
+  /transformContentfulAssetUrls/,
+  /transformSanityAssetUrls/,
+  /transformShopifyAssetUrls/,
+  /transformCloudinaryAssetUrls/,
+  /transformImgixAssetUrls/,
+  /transformGenericAssetUrls/
+];
+function validateDiff(diff, allowedFiles) {
+  const errors = [];
+  const lines = diff.split("\n");
+  const fileHeaders = lines.filter((l) => l.startsWith("--- ") || l.startsWith("+++ "));
+  for (const header of fileHeaders) {
+    const filePath = header.replace(/^[+-]{3}\s+[ab]\//, "").trim();
+    if (filePath === "/dev/null") continue;
+    if (!allowedFiles.some((f) => filePath.endsWith(f) || f.endsWith(filePath))) {
+      errors.push(`Diff modifies disallowed file: ${filePath}`);
+    }
+  }
+  const addedLines = lines.filter((l) => l.startsWith("+") && !l.startsWith("+++"));
+  const removedLines = lines.filter((l) => l.startsWith("-") && !l.startsWith("---"));
+  for (const added of addedLines) {
+    const lineContent = added.substring(1).trim();
+    if (!lineContent) continue;
+    const isAllowed = ALLOWED_ADD_PATTERNS.some((p) => p.test(lineContent));
+    const hasMatchingRemoval = removedLines.some((r) => {
+      const removedContent = r.substring(1).trim();
+      return lineContent.includes(removedContent) || removedContent.includes(lineContent.replace(/transform\w+AssetUrls\([^)]+\)/, ""));
+    });
+    if (!isAllowed && !hasMatchingRemoval) {
+      if (/^[{}\[\](),;\s]*$/.test(lineContent)) continue;
+      if (/^},?\s*\{?\s*(repository|spaceId|projectId|storeDomain|cloudName|imgixDomain|originUrl)\s*:/.test(lineContent)) continue;
+      if (/^\}\s*\)\s*;?\s*$/.test(lineContent)) continue;
+      if (/^\w+:\s*['"][^'"]+['"]\s*,?\s*\}?\)?\s*$/.test(lineContent)) continue;
+      errors.push(`Suspicious added line: ${lineContent.substring(0, 80)}`);
+    }
+  }
+  if (addedLines.length > 20) {
+    errors.push(`Too many additions (${addedLines.length}), expected <= 20`);
+  }
+  if (removedLines.length > 10) {
+    errors.push(`Too many removals (${removedLines.length}), expected <= 10`);
+  }
+  return { valid: errors.length === 0, errors };
+}
+
+// src/verifier/rescan.ts
+import { readFileSync } from "fs";
+import { join, relative } from "path";
+function rescanFile(root, filePath, framework, cms) {
+  const absPath = join(root, filePath);
+  let content;
+  try {
+    content = readFileSync(absPath, "utf-8");
+  } catch {
+    return [];
+  }
+  const hasTransformer = content.includes("@synchronized-studio/response-transformer");
+  if (!hasTransformer) {
+    return findInjectionPoints(root, framework, cms).candidates.filter((c) => c.filePath === relative(root, absPath) || c.filePath === filePath);
+  }
+  return findUnwrappedCmsCalls(content, filePath, cms);
+}
+var CMS_CALL_PATTERNS = [
+  /client\.\w+\s*\(/g,
+  /\$prismic\.\w+\s*\(/g,
+  /\$contentful\.\w+\s*\(/g,
+  /\$sanity\.\w+\s*\(/g,
+  /usePrismic\(\)/g,
+  /createClient\(\)/g,
+  /\$fetch\s*\(\s*['"`]\/api\//g
+];
+var TRANSFORM_WRAPPERS = [
+  "transformPrismicAssetUrls",
+  "transformContentfulAssetUrls",
+  "transformSanityAssetUrls",
+  "transformShopifyAssetUrls",
+  "transformCloudinaryAssetUrls",
+  "transformImgixAssetUrls",
+  "transformGenericAssetUrls",
+  "transformCmsAssetUrls"
+];
+function findEnclosingFunctionRange(lines, lineIdx) {
+  let start = lineIdx;
+  let braceDepth = 0;
+  for (let i = lineIdx; i >= 0; i--) {
+    for (const c of lines[i]) {
+      if (c === "}") braceDepth++;
+      else if (c === "{") braceDepth--;
+    }
+    if (/(?:async\s+)?(?:function\b|\w+\s*\(|=>\s*\{)/.test(lines[i]) && braceDepth <= 0) {
+      start = i;
+      break;
+    }
+  }
+  braceDepth = 0;
+  let end = lineIdx;
+  for (let i = start; i < lines.length; i++) {
+    for (const c of lines[i]) {
+      if (c === "{") braceDepth++;
+      else if (c === "}") braceDepth--;
+    }
+    if (braceDepth === 0 && i > start) {
+      end = i;
+      break;
+    }
+  }
+  return { start, end };
+}
+function stripLineComment(line) {
+  if (/^\s*(import\s|.*\brequire\s*\()/.test(line)) return line;
+  return line.replace(/\/\/.*$/, "");
+}
+function findUnwrappedCmsCalls(content, filePath, cms) {
+  const strippedContent = content.replace(
+    /\/\*[\s\S]*?\*\//g,
+    (match) => match.split("\n").map(() => "").join("\n")
+  );
+  const lines = strippedContent.split("\n");
+  const originalLines = content.split("\n");
+  const candidates = [];
+  for (let i = 0; i < lines.length; i++) {
+    const line = stripLineComment(lines[i]);
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("import ") || trimmed.startsWith("*")) {
+      continue;
+    }
+    const hasCmsCall = CMS_CALL_PATTERNS.some((p) => {
+      p.lastIndex = 0;
+      return p.test(trimmed);
+    });
+    if (!hasCmsCall) continue;
+    const isWrappedInline = TRANSFORM_WRAPPERS.some((fn) => trimmed.includes(fn));
+    if (isWrappedInline) continue;
+    const fnRange = findEnclosingFunctionRange(lines, i);
+    const fnBody = lines.slice(fnRange.start, fnRange.end + 1).join("\n");
+    const fnHasTransform = TRANSFORM_WRAPPERS.some((fn) => fnBody.includes(fn));
+    if (fnHasTransform) continue;
+    const simpleAssign = trimmed.match(/(?:const|let)\s+(\w+)\s*=/);
+    const destructAssign = trimmed.match(/(?:const|let)\s+\{([^}]+)\}\s*=/);
+    const varNames = [];
+    if (simpleAssign) varNames.push(simpleAssign[1]);
+    if (destructAssign) {
+      varNames.push(...destructAssign[1].split(",").map((s) => s.trim().split(":")[0].trim()).filter(Boolean));
+    }
+    if (varNames.length > 0) {
+      const ahead = lines.slice(i + 1, Math.min(lines.length, i + 40)).join("\n");
+      const isAnyVarWrapped = varNames.some(
+        (varName) => TRANSFORM_WRAPPERS.some(
+          (fn) => ahead.includes(`${fn}(${varName}`) || ahead.includes(`${fn}( ${varName}`) || new RegExp(`${fn}\\([\\s\\S]{0,300}\\b${varName}\\b`).test(ahead)
+        )
+      );
+      if (isAnyVarWrapped) continue;
+    }
+    const contextSlice = lines.slice(Math.max(0, i - 10), Math.min(lines.length, i + 15)).join("\n");
+    if (/transform\s*:/.test(contextSlice)) continue;
+    candidates.push({
+      filePath,
+      line: i + 1,
+      type: "return",
+      score: 70,
+      confidence: "medium",
+      targetCode: originalLines[i]?.trim() ?? trimmed,
+      context: originalLines.slice(Math.max(0, i - 2), Math.min(originalLines.length, i + 3)).join("\n"),
+      reasons: ["CMS SDK call without transform wrapper (post-patch rescan)"]
+    });
+  }
+  return candidates;
+}
+
+// src/verifier/aiReview.ts
+async function aiReviewAll(root, patchedFiles, plan, opts = {}) {
+  const startTime = Date.now();
+  const maxIterations = opts.maxIterations ?? 3;
+  const model = opts.model ?? "gpt-4o";
+  const results = [];
+  let totalTokens = 0;
+  const uniqueFiles = [...new Set(patchedFiles)];
+  for (const filePath of uniqueFiles) {
+    consola.info(`${pc.cyan("AI review:")} ${filePath}`);
+    const result = await reviewFileLoop(root, filePath, plan, {
+      maxIterations,
+      model
+    });
+    totalTokens += result.tokensUsed;
+    results.push(result.fileResult);
+    const icon = result.fileResult.passed ? pc.green("\u2713") : pc.red("\u2717");
+    const detail = result.fileResult.fixApplied ? pc.dim("(auto-fixed)") : "";
+    consola.info(`  ${icon} ${filePath} ${detail}`);
+    if (!result.fileResult.passed) {
+      for (const issue of result.fileResult.issues) {
+        consola.info(`    ${pc.yellow("\u26A0")} ${issue}`);
+      }
+    }
+  }
+  const filesPassed = results.filter((r) => r.passed).length;
+  const filesFixed = results.filter((r) => r.fixApplied).length;
+  const filesFailed = results.filter((r) => !r.passed).length;
+  return {
+    schemaVersion: "1.0",
+    filesReviewed: results.length,
+    filesPassed,
+    filesFixed,
+    filesFailed,
+    results,
+    totalDurationMs: Date.now() - startTime,
+    tokensUsed: totalTokens
+  };
+}
+async function reviewFileLoop(root, filePath, plan, opts) {
+  let tokensUsed = 0;
+  let fixAttempted = false;
+  let fixApplied = false;
+  for (let iter = 0; iter < opts.maxIterations; iter++) {
+    const remaining = rescanFile(
+      root,
+      filePath,
+      plan.scan.framework.name,
+      plan.scan.cms
+    );
+    const rescanIssues = remaining.map(
+      (c) => `Line ${c.line}: ${c.targetCode.substring(0, 80)}`
+    );
+    const absPath = join2(root, filePath);
+    let content;
+    try {
+      content = readFileSync2(absPath, "utf-8");
+    } catch {
+      return {
+        fileResult: {
+          filePath,
+          passed: false,
+          issues: ["Cannot read file"],
+          fixAttempted,
+          fixApplied,
+          iterations: iter + 1
+        },
+        tokensUsed
+      };
+    }
+    const reviewResult = await aiSemanticReview(content, filePath, plan, opts.model, rescanIssues);
+    tokensUsed += reviewResult.tokensUsed;
+    if (reviewResult.passed) {
+      return {
+        fileResult: {
+          filePath,
+          passed: true,
+          issues: [],
+          fixAttempted,
+          fixApplied,
+          iterations: iter + 1
+        },
+        tokensUsed
+      };
+    }
+    if (!reviewResult.diff) {
+      return {
+        fileResult: {
+          filePath,
+          passed: false,
+          issues: reviewResult.issues,
+          fixAttempted,
+          fixApplied,
+          iterations: iter + 1
+        },
+        tokensUsed
+      };
+    }
+    fixAttempted = true;
+    const applied = applyAiDiff(root, filePath, content, reviewResult.diff);
+    if (applied) {
+      fixApplied = true;
+      consola.info(`    ${pc.blue("\u21BB")} Applied AI fix (iteration ${iter + 1})`);
+    } else {
+      return {
+        fileResult: {
+          filePath,
+          passed: false,
+          issues: [...reviewResult.issues, "AI fix could not be applied"],
+          fixAttempted,
+          fixApplied,
+          iterations: iter + 1
+        },
+        tokensUsed
+      };
+    }
+  }
+  const finalRemaining = rescanFile(root, filePath, plan.scan.framework.name, plan.scan.cms);
+  const passed = finalRemaining.length === 0;
+  return {
+    fileResult: {
+      filePath,
+      passed,
+      issues: passed ? [] : finalRemaining.map((c) => `Line ${c.line}: unwrapped CMS call \u2014 ${c.targetCode.substring(0, 80)}`),
+      fixAttempted,
+      fixApplied,
+      iterations: opts.maxIterations
+    },
+    tokensUsed
+  };
+}
+async function aiSemanticReview(content, filePath, plan, model, rescanIssues) {
+  const fn = getTransformFunctionName(plan.scan.cms.type);
+  const opts = buildCmsOptions(plan.scan.cms.type, plan.scan.cms.params);
+  const rescanSection = rescanIssues.length > 0 ? `
+Rule-based rescan found these potentially unwrapped CMS calls:
+${rescanIssues.map((i) => `- ${i}`).join("\n")}
+` : "";
+  const prompt = `You are verifying that CMS asset URL transformations were correctly applied to a source file, AND that the file is still structurally correct.
+
+CMS: ${plan.scan.cms.type}
+Transform function: ${fn}
+Expected options: ${opts}
+Framework: ${plan.scan.framework.name}
+${rescanSection}
+File (${filePath}):
+\`\`\`
+${content}
+\`\`\`
+
+CHECK THE FOLLOWING:
+
+A. Transform correctness:
+1. Is the import \`import { ${fn} } from '@synchronized-studio/response-transformer'\` present?
+2. For functions that RETURN CMS data objects/arrays, is the return wrapped with ${fn}()?
+   - Wrapping at the return level is CORRECT and SUFFICIENT.
+   - \`return ${fn}({ model: document }, ${opts})\` is correct.
+   - \`return ${fn}(data, ${opts})\` is correct.
+   - Do NOT flag intermediate CMS SDK calls ($prismic, $contentful, client.get) as unwrapped
+     when the function's return is already wrapped.
+3. Are the options (${opts}) correct in every ${fn}() call?
+
+B. Code integrity (CRITICAL \u2014 the patch must not break existing code):
+4. Are all functions that existed before still defined and accessible? (e.g. if a function like getPage, fetchData, etc. was defined, it must still be there)
+5. Are there any obvious undefined references \u2014 calls to functions or variables that don't exist in the file?
+6. Does the code structure look intact \u2014 no truncated functions, missing closing brackets, orphaned statements?
+7. Are all exports still present and correct?
+8. CRITICAL: If a return value is an object containing FUNCTION references (like \`{ getPage, generateMetadata }\`),
+   wrapping it with ${fn}() will BREAK it because the transform uses JSON.stringify which destroys functions.
+   The transform should ONLY wrap CMS DATA returns (objects/arrays with data properties), NOT factory/API returns
+   that provide callable functions. If you see this pattern, report it as an issue and provide a diff that REMOVES
+   the incorrect wrapping.
+9. CRITICAL: Check for UNREACHABLE CODE \u2014 any statement placed after a \`return\` statement in the same block is dead code.
+   If ${fn}() was added as a return BEFORE existing side effects (like commit(), setState(), dispatch(), store mutations),
+   those side effects become unreachable and the function is broken. Report this as an issue and provide a diff that fixes it.
+   The correct pattern for functions that commit data is: transform the data first, then pass it to the commit.
+10. \`return dispatch(...)\` is delegation \u2014 do NOT wrap it with ${fn}(). The target action handles the transform.
+11. CRITICAL: ${fn}() must NEVER appear inside loop/iteration callbacks (forEach, _each, map, reduce, for...of).
+   The transform uses JSON.stringify on the ENTIRE data structure \u2014 calling it per-iteration is wasteful and often
+   operates on incomplete data. If you see ${fn}() inside a loop callback, report it as an issue and provide a diff
+   that moves the transform AFTER the loop, wrapping the final result.
+12. For Vuex/Pinia actions that both commit AND return the same data: the transform should be applied ONCE,
+   stored in a variable, and used for both the commit and the return. Double-transforming is a bug.
+13. NUXT 3 CLIENT-SIDE: If the framework is Nuxt 3 and the file is NOT in \`server/\`, verify that:
+   a) Transform options include \`cmsAssetsUrl\` referencing a variable that holds \`useRuntimeConfig()\`. Without this,
+      transforms silently fail on client-side navigation because \`process.env\` is not available on the client.
+   b) \`useRuntimeConfig()\` is NEVER called directly inside a callback (transform, useFetch handler, async callback).
+      It MUST be captured in a variable in the outer setup/composable scope (e.g. \`const config = useRuntimeConfig()\`)
+      and referenced by that variable. Calling it inside a callback loses the Nuxt composable context and throws.
+   If \`cmsAssetsUrl\` is missing or \`useRuntimeConfig()\` is called inside a callback, report as an issue with a fix diff.
+
+IMPORTANT \u2014 do NOT flag any of these as transform issues:
+- Functions that return simple strings, URLs, booleans, or "#" \u2014 these are NOT CMS data
+- Error returns like \`return err\`, \`return []\`, \`return undefined\` \u2014 skip these
+- Functions that return \`dispatch(...)\` or delegate to another action \u2014 the target action handles the transform
+- A function that already contains ${fn}() calls IS correctly handled \u2014 do not ask for more wrapping
+- If the file already imports and uses ${fn} in multiple places, assume it is correctly integrated
+
+CRITICAL \u2014 report as issues and provide removal diffs for these INCORRECT wrappings:
+- Returns that produce navigation/routing objects like \`{ query: ... }\`, \`{ path: ... }\`, \`{ redirect: ... }\` \u2014 these are Vue Router or framework navigation objects, NOT CMS data. Wrapping them with ${fn}() is wrong
+- Returns in utility/filter functions that build URL query parameters, pagination objects, or UI state \u2014 NOT CMS data
+- If \`__runtimeConfig\` is referenced but never declared (no \`const __runtimeConfig = useRuntimeConfig()\` in the file), report this as an undefined variable issue
+
+Respond with JSON only (no markdown fences, no explanation):
+- If everything is correct: {"passed":true}
+- If there are issues: {"passed":false,"issues":["description of each issue"],"diff":"unified diff that fixes ALL issues"}
+
+The diff MUST:
+- Use standard unified diff format (--- a/file, +++ b/file, @@ hunks)
+- Only add/modify transformer-related code OR fix broken code caused by the patch
+- Restore any accidentally removed functions, variables, or exports
+- Not remove or change any existing logic beyond what's needed for the fix`;
+  const result = await chatCompletion(prompt, { model, maxTokens: 4e3 });
+  if (isOpenAiError(result)) {
+    return { passed: false, issues: [result.error], tokensUsed: 0 };
+  }
+  const raw = result.content.replace(/^```(?:json)?\s*/m, "").replace(/\s*```\s*$/m, "").trim();
+  try {
+    const parsed = JSON.parse(raw);
+    if (parsed.passed === true) {
+      return { passed: true, issues: [], tokensUsed: result.tokensUsed };
+    }
+    const issues = Array.isArray(parsed.issues) ? parsed.issues : [];
+    const diff = typeof parsed.diff === "string" ? parsed.diff : void 0;
+    return { passed: false, issues, diff, tokensUsed: result.tokensUsed };
+  } catch {
+    return {
+      passed: false,
+      issues: ["AI returned non-JSON response"],
+      tokensUsed: result.tokensUsed
+    };
+  }
+}
+function applyAiDiff(root, filePath, originalContent, diff) {
+  const validation = validateDiff(diff, [filePath]);
+  if (!validation.valid) {
+    consola.warn(`    AI diff validation failed: ${validation.errors.join("; ")}`);
+    return false;
+  }
+  const newContent = applyUnifiedDiff(originalContent, diff);
+  if (!newContent || newContent === originalContent) {
+    return false;
+  }
+  try {
+    const absPath = join2(root, filePath);
+    writeFileSync(absPath, newContent, "utf-8");
+    return true;
+  } catch {
+    return false;
+  }
+}
+function applyUnifiedDiff(original, diff) {
+  const lines = original.split("\n");
+  const diffLines = diff.split("\n");
+  const result = [...lines];
+  let offset = 0;
+  for (let i = 0; i < diffLines.length; i++) {
+    const line = diffLines[i];
+    const hunkMatch = line.match(/^@@\s*-(\d+)(?:,(\d+))?\s*\+(\d+)(?:,(\d+))?\s*@@/);
+    if (!hunkMatch) continue;
+    const oldStart = parseInt(hunkMatch[1], 10) - 1;
+    let pos = oldStart + offset;
+    for (let j = i + 1; j < diffLines.length; j++) {
+      const hunkLine = diffLines[j];
+      if (hunkLine.startsWith("@@") || hunkLine.startsWith("diff ") || hunkLine.startsWith("--- ") || hunkLine.startsWith("+++ ")) {
+        break;
+      }
+      if (hunkLine.startsWith("-")) {
+        const expected = hunkLine.substring(1);
+        if (pos < result.length && result[pos].trim() === expected.trim()) {
+          result.splice(pos, 1);
+          offset--;
+        } else {
+          let found = false;
+          for (let k = Math.max(0, pos - 8); k < Math.min(result.length, pos + 9); k++) {
+            if (result[k].trim() === expected.trim()) {
+              result.splice(k, 1);
+              offset--;
+              pos = k;
+              found = true;
+              break;
+            }
+          }
+          if (!found) return null;
+        }
+      } else if (hunkLine.startsWith("+")) {
+        const newLine = hunkLine.substring(1);
+        result.splice(pos, 0, newLine);
+        pos++;
+        offset++;
+      } else if (hunkLine.startsWith(" ")) {
+        pos++;
+      }
+    }
+  }
+  return result.join("\n");
+}
+
+export {
+  aiReviewAll
+};