@vibecheckai/cli 2.8.2 → 3.0.0

package/bin/runners/lib/graph/static-extractor.js

@@ -0,0 +1,518 @@
+/**
+ * Static Edge Extractor
+ * Extracts causal edges from AST analysis:
+ * - UI actions → client functions
+ * - Client functions → network calls
+ * - Network calls → server routes
+ * - Server routes → handlers
+ * - Handlers → DB/external calls
+ */
+
+"use strict";
+
+const fg = require("fast-glob");
+const fs = require("fs");
+const path = require("path");
+const crypto = require("crypto");
+const parser = require("@babel/parser");
+const traverse = require("@babel/traverse").default;
+const t = require("@babel/types");
+
+function sha256(text) {
+  return crypto.createHash("sha256").update(text).digest("hex").slice(0, 16);
+}
+
+function nodeId(type, file, line) {
+  return `${type}_${sha256(file + ":" + line)}`;
+}
+
+function parseFile(code) {
+  return parser.parse(code, {
+    sourceType: "unambiguous",
+    plugins: ["typescript", "jsx", "decorators-legacy"]
+  });
+}
+
+function safeRead(fileAbs) {
+  return fs.readFileSync(fileAbs, "utf8");
+}
+
+function getSnippet(code, loc) {
+  if (!loc) return "";
+  const lines = code.split(/\r?\n/);
+  const start = Math.max(0, (loc.start?.line || 1) - 1);
+  const end = Math.min(lines.length, (loc.end?.line || start + 1));
+  return lines.slice(start, end).join("\n").slice(0, 200);
+}
+
+/**
+ * Extract UI action nodes (onClick, onSubmit, etc.)
+ */
+async function extractUIActions(repoRoot) {
+  const files = await fg(["**/*.{tsx,jsx}"], {
+    cwd: repoRoot,
+    absolute: true,
+    ignore: ["**/node_modules/**", "**/.next/**", "**/dist/**", "**/build/**"]
+  });
+
+  const nodes = [];
+  const edges = [];
+
+  for (const fileAbs of files) {
+    const fileRel = path.relative(repoRoot, fileAbs).replace(/\\/g, "/");
+    const code = safeRead(fileAbs);
+
+    let ast;
+    try { ast = parseFile(code); } catch { continue; }
+
+    traverse(ast, {
+      JSXAttribute(p) {
+        const name = p.node.name?.name;
+        if (!name || !["onClick", "onSubmit", "onPress", "onChange"].includes(name)) return;
+
+        const line = p.node.loc?.start?.line || 0;
+        const snippet = getSnippet(code, p.node.loc);
+        const id = nodeId("ui_action", fileRel, line);
+
+        nodes.push({
+          id,
+          type: "ui_action",
+          file: fileRel,
+          line,
+          snippet,
+          snippetHash: sha256(snippet),
+          actionType: name
+        });
+
+        // Try to find what function this calls
+        const value = p.node.value;
+        if (t.isJSXExpressionContainer(value)) {
+          const expr = value.expression;
+          
+          // Direct function reference: onClick={handleClick}
+          if (t.isIdentifier(expr)) {
+            edges.push({
+              id: `edge_${sha256(id + "_" + expr.name)}`,
+              from: id,
+              toRef: expr.name,
+              type: "calls",
+              confidence: "high",
+              file: fileRel
+            });
+          }
+          
+          // Arrow function with call: onClick={() => handleClick()}
+          if (t.isArrowFunctionExpression(expr) || t.isFunctionExpression(expr)) {
+            traverse(expr.body, {
+              CallExpression(cp) {
+                if (t.isIdentifier(cp.node.callee)) {
+                  edges.push({
+                    id: `edge_${sha256(id + "_" + cp.node.callee.name)}`,
+                    from: id,
+                    toRef: cp.node.callee.name,
+                    type: "calls",
+                    confidence: "med",
+                    file: fileRel
+                  });
+                }
+              }
+            }, p.scope, p);
+          }
+        }
+      }
+    });
+  }
+
+  return { nodes, edges };
+}
+
+/**
+ * Extract client function nodes that make network calls
+ */
+async function extractClientFunctions(repoRoot) {
+  const files = await fg(["**/*.{ts,tsx,js,jsx}"], {
+    cwd: repoRoot,
+    absolute: true,
+    ignore: ["**/node_modules/**", "**/.next/**", "**/dist/**", "**/build/**", "**/server/**", "**/api/**"]
+  });
+
+  const nodes = [];
+  const edges = [];
+
+  for (const fileAbs of files) {
+    const fileRel = path.relative(repoRoot, fileAbs).replace(/\\/g, "/");
+    const code = safeRead(fileAbs);
+
+    let ast;
+    try { ast = parseFile(code); } catch { continue; }
+
+    // Track function declarations that contain fetch/axios
+    const funcMap = new Map();
+
+    traverse(ast, {
+      "FunctionDeclaration|ArrowFunctionExpression|FunctionExpression"(p) {
+        const funcName = p.node.id?.name || 
+          (t.isVariableDeclarator(p.parent) && t.isIdentifier(p.parent.id) ? p.parent.id.name : null);
+        
+        if (!funcName) return;
+
+        const line = p.node.loc?.start?.line || 0;
+        const snippet = getSnippet(code, p.node.loc);
+        const id = nodeId("client_function", fileRel, line);
+
+        funcMap.set(funcName, { id, line, snippet });
+      }
+    });
+
+    traverse(ast, {
+      CallExpression(p) {
+        const callee = p.node.callee;
+        let fetchUrl = null;
+        let method = "*";
+        let callType = null;
+
+        // fetch("/api/x")
+        if (t.isIdentifier(callee) && callee.name === "fetch") {
+          const arg0 = p.node.arguments[0];
+          if (t.isStringLiteral(arg0)) {
+            fetchUrl = arg0.value;
+            callType = "fetch";
+          }
+          // Check method in options
+          const arg1 = p.node.arguments[1];
+          if (t.isObjectExpression(arg1)) {
+            for (const prop of arg1.properties) {
+              if (t.isObjectProperty(prop) && 
+                  ((t.isIdentifier(prop.key) && prop.key.name === "method") ||
+                   (t.isStringLiteral(prop.key) && prop.key.value === "method")) &&
+                  t.isStringLiteral(prop.value)) {
+                method = prop.value.value.toUpperCase();
+              }
+            }
+          }
+        }
+
+        // axios.get("/api/x")
+        if (t.isMemberExpression(callee) && 
+            t.isIdentifier(callee.object) && callee.object.name === "axios" &&
+            t.isIdentifier(callee.property)) {
+          const verb = callee.property.name;
+          if (["get", "post", "put", "patch", "delete"].includes(verb)) {
+            const arg0 = p.node.arguments[0];
+            if (t.isStringLiteral(arg0)) {
+              fetchUrl = arg0.value;
+              method = verb.toUpperCase();
+              callType = "axios";
+            }
+          }
+        }
+
+        if (fetchUrl && fetchUrl.startsWith("/")) {
+          const line = p.node.loc?.start?.line || 0;
+          const snippet = getSnippet(code, p.node.loc);
+          const networkId = nodeId("network_call", fileRel, line);
+
+          nodes.push({
+            id: networkId,
+            type: "network_call",
+            file: fileRel,
+            line,
+            snippet,
+            snippetHash: sha256(snippet),
+            url: fetchUrl,
+            method,
+            callType
+          });
+
+          // Find enclosing function
+          let funcScope = p.scope;
+          while (funcScope) {
+            const funcNode = funcScope.block;
+            if (t.isFunction(funcNode)) {
+              const funcName = funcNode.id?.name ||
+                (t.isVariableDeclarator(funcScope.parentBlock) ? funcScope.parentBlock.id?.name : null);
+              
+              if (funcName && funcMap.has(funcName)) {
+                const funcData = funcMap.get(funcName);
+                
+                // Add function node if not already added
+                if (!nodes.find(n => n.id === funcData.id)) {
+                  nodes.push({
+                    id: funcData.id,
+                    type: "client_function",
+                    file: fileRel,
+                    line: funcData.line,
+                    snippet: funcData.snippet,
+                    snippetHash: sha256(funcData.snippet),
+                    name: funcName
+                  });
+                }
+
+                edges.push({
+                  id: `edge_${sha256(funcData.id + "_" + networkId)}`,
+                  from: funcData.id,
+                  to: networkId,
+                  type: "fetches",
+                  confidence: "high"
+                });
+              }
+              break;
+            }
+            funcScope = funcScope.parent;
+          }
+
+          // Create edge to server route (to be resolved later)
+          edges.push({
+            id: `edge_${sha256(networkId + "_route_" + fetchUrl)}`,
+            from: networkId,
+            toRoute: { method, path: fetchUrl },
+            type: "calls_route",
+            confidence: "high"
+          });
+        }
+      }
+    });
+  }
+
+  return { nodes, edges };
+}
+
+/**
+ * Extract server route nodes from truthpack
+ */
+function extractServerRoutes(truthpack) {
+  const nodes = [];
+  const serverRoutes = truthpack?.routes?.server || [];
+
+  for (const route of serverRoutes) {
+    const id = nodeId("server_route", route.handler || "unknown", route.path.length);
+    
+    nodes.push({
+      id,
+      type: "server_route",
+      file: route.handler || "unknown",
+      line: 0,
+      snippet: `${route.method} ${route.path}`,
+      snippetHash: sha256(`${route.method} ${route.path}`),
+      method: route.method,
+      path: route.path,
+      confidence: route.confidence
+    });
+  }
+
+  return { nodes, edges: [] };
+}
+
+/**
+ * Extract handler → DB/external call edges
+ */
+async function extractHandlerCalls(repoRoot) {
+  const files = await fg(["**/api/**/*.{ts,js}", "**/routes/**/*.{ts,js}", "**/server/**/*.{ts,js}"], {
+    cwd: repoRoot,
+    absolute: true,
+    ignore: ["**/node_modules/**", "**/.next/**", "**/dist/**", "**/build/**"]
+  });
+
+  const nodes = [];
+  const edges = [];
+
+  for (const fileAbs of files) {
+    const fileRel = path.relative(repoRoot, fileAbs).replace(/\\/g, "/");
+    const code = safeRead(fileAbs);
+
+    let ast;
+    try { ast = parseFile(code); } catch { continue; }
+
+    traverse(ast, {
+      CallExpression(p) {
+        const callee = p.node.callee;
+        let callType = null;
+        let target = null;
+
+        // Prisma: prisma.user.findMany(), prisma.$transaction()
+        if (t.isMemberExpression(callee)) {
+          const obj = callee.object;
+          if (t.isIdentifier(obj) && obj.name === "prisma") {
+            callType = "db_call";
+            target = "prisma";
+          } else if (t.isMemberExpression(obj) && 
+                     t.isIdentifier(obj.object) && obj.object.name === "prisma") {
+            callType = "db_call";
+            target = `prisma.${obj.property?.name || "unknown"}`;
+          }
+        }
+
+        // External: stripe.customers.create()
+        if (t.isMemberExpression(callee)) {
+          const rootObj = getRootObject(callee);
+          if (rootObj && ["stripe", "github", "sendgrid", "twilio", "aws"].includes(rootObj.toLowerCase())) {
+            callType = "external_call";
+            target = rootObj;
+          }
+        }
+
+        if (callType) {
+          const line = p.node.loc?.start?.line || 0;
+          const snippet = getSnippet(code, p.node.loc);
+          const id = nodeId(callType, fileRel, line);
+
+          nodes.push({
+            id,
+            type: callType,
+            file: fileRel,
+            line,
+            snippet,
+            snippetHash: sha256(snippet),
+            target
+          });
+        }
+      }
+    });
+  }
+
+  return { nodes, edges };
+}
+
+function getRootObject(node) {
+  if (t.isIdentifier(node)) return node.name;
+  if (t.isMemberExpression(node)) return getRootObject(node.object);
+  return null;
+}
+
+/**
+ * Build complete static graph
+ */
+async function extractStaticGraph(repoRoot, truthpack) {
+  const uiActions = await extractUIActions(repoRoot);
+  const clientFuncs = await extractClientFunctions(repoRoot);
+  const serverRoutes = extractServerRoutes(truthpack);
+  const handlerCalls = await extractHandlerCalls(repoRoot);
+
+  const allNodes = [
+    ...uiActions.nodes,
+    ...clientFuncs.nodes,
+    ...serverRoutes.nodes,
+    ...handlerCalls.nodes
+  ];
+
+  const allEdges = [
+    ...uiActions.edges,
+    ...clientFuncs.edges,
+    ...serverRoutes.edges,
+    ...handlerCalls.edges
+  ];
+
+  // Resolve function reference edges
+  const resolvedEdges = resolveEdges(allNodes, allEdges, truthpack);
+
+  return {
+    nodes: dedupeNodes(allNodes),
+    edges: resolvedEdges
+  };
+}
+
+function dedupeNodes(nodes) {
+  const seen = new Map();
+  for (const n of nodes) {
+    if (!seen.has(n.id)) seen.set(n.id, n);
+  }
+  return Array.from(seen.values());
+}
+
+function resolveEdges(nodes, edges, truthpack) {
+  const resolved = [];
+  const nodeById = new Map(nodes.map(n => [n.id, n]));
+  const funcByName = new Map();
+  const routeNodes = nodes.filter(n => n.type === "server_route");
+
+  // Build function name → node map
+  for (const n of nodes) {
+    if (n.type === "client_function" && n.name) {
+      funcByName.set(n.name, n);
+    }
+  }
+
+  for (const edge of edges) {
+    // Resolve toRef (function name) → actual node
+    if (edge.toRef) {
+      const target = funcByName.get(edge.toRef);
+      if (target) {
+        resolved.push({
+          ...edge,
+          to: target.id,
+          toRef: undefined
+        });
+      } else {
+        // Unresolved function call - might be external
+        resolved.push({
+          ...edge,
+          to: `unresolved_${edge.toRef}`,
+          confidence: "low"
+        });
+      }
+      continue;
+    }
+
+    // Resolve toRoute → server route node
+    if (edge.toRoute) {
+      const route = findMatchingRoute(routeNodes, edge.toRoute.method, edge.toRoute.path);
+      if (route) {
+        resolved.push({
+          ...edge,
+          to: route.id,
+          toRoute: undefined
+        });
+      } else {
+        // No matching route - this is a broken edge
+        resolved.push({
+          ...edge,
+          to: `missing_route_${edge.toRoute.method}_${edge.toRoute.path}`,
+          toRoute: edge.toRoute,
+          broken: true,
+          brokenReason: `Route ${edge.toRoute.method} ${edge.toRoute.path} not found on server`
+        });
+      }
+      continue;
+    }
+
+    resolved.push(edge);
+  }
+
+  return resolved;
+}
+
+function findMatchingRoute(routeNodes, method, path) {
+  // Normalize path
+  const normPath = path.replace(/\/$/, "") || "/";
+  
+  for (const r of routeNodes) {
+    if (r.method === "*" || r.method === method || method === "*") {
+      if (r.path === normPath) return r;
+      // Check parameterized match
+      if (matchesParameterized(r.path, normPath)) return r;
+    }
+  }
+  return null;
+}
+
+function matchesParameterized(pattern, actual) {
+  const patternParts = pattern.split("/").filter(Boolean);
+  const actualParts = actual.split("/").filter(Boolean);
+  
+  if (patternParts.length !== actualParts.length) return false;
+  
+  for (let i = 0; i < patternParts.length; i++) {
+    const p = patternParts[i];
+    if (p.startsWith(":") || p.startsWith("*")) continue;
+    if (p !== actualParts[i]) return false;
+  }
+  return true;
+}
+
+module.exports = {
+  extractStaticGraph,
+  extractUIActions,
+  extractClientFunctions,
+  extractServerRoutes,
+  extractHandlerCalls
+};