@vibecheckai/cli 3.0.2 → 3.0.3

package/bin/runners/context/security-scanner.js

@@ -1,303 +0,0 @@
-/**
- * Security Scanner Module
- * Scans context for secrets, vulnerabilities, and sensitive data
- */
-
-const fs = require("fs");
-const path = require("path");
-const crypto = require("crypto");
-
-/**
- * Secret patterns to detect
- */
-const SECRET_PATTERNS = [
-  // API Keys
-  { pattern: /AIza[0-9A-Za-z_-]{35}/, type: "Google API Key" },
-  { pattern: /AKIA[0-9A-Z]{16}/, type: "AWS Access Key" },
-  { pattern: /xoxb-[0-9]{10}-[0-9]{10}/, type: "Slack Bot Token" },
-  { pattern: /ghp_[a-zA-Z0-9]{36}/, type: "GitHub Personal Token" },
-  { pattern: /sk_live_[0-9a-zA-Z]{24}/, type: "Stripe Live Key" },
-  { pattern: /pk_live_[0-9a-zA-Z]{24}/, type: "Stripe Publishable Key" },
-  
-  // Generic patterns
-  { pattern: /['"]?API[_-]?KEY['"]?\s*[:=]\s*['"][^'"]{8,}['"]/, type: "API Key" },
-  { pattern: /['"]?SECRET[_-]?KEY['"]?\s*[:=]\s*['"][^'"]{8,}['"]/, type: "Secret Key" },
-  { pattern: /['"]?PASSWORD['"]?\s*[:=]\s*['"][^'"]{6,}['"]/, type: "Password" },
-  { pattern: /['"]?TOKEN['"]?\s*[:=]\s*['"][^'"]{8,}['"]/, type: "Token" },
-  { pattern: /['"]?PRIVATE[_-]?KEY['"]?\s*[:=]\s*['"][^'"]{16,}['"]/, type: "Private Key" },
-  
-  // Database URLs
-  { pattern: /mongodb:\/\/[^:]+:[^@]+@/, type: "MongoDB URL" },
-  { pattern: /postgres:\/\/[^:]+:[^@]+@/, type: "PostgreSQL URL" },
-  { pattern: /mysql:\/\/[^:]+:[^@]+@/, type: "MySQL URL" },
-  
-  // JWT tokens
-  { pattern: /eyJ[A-Za-z0-9_-]*\.eyJ[A-Za-z0-9_-]*\.[A-Za-z0-9_-]*/, type: "JWT Token" },
-];
-
-/**
- * Vulnerability patterns
- */
-const VULNERABILITY_PATTERNS = [
-  // SQL Injection
-  { pattern: /query\s*\(\s*['"]\s*\+.*\+\s*['"]/, type: "SQL Injection", severity: "high" },
-  { pattern: /execute\s*\(\s*['"]\s*\+/, type: "SQL Injection", severity: "high" },
-  
-  // XSS
-  { pattern: /dangerouslySetInnerHTML/, type: "XSS Risk", severity: "high" },
-  { pattern: /innerHTML\s*=/, type: "XSS Risk", severity: "medium" },
-  { pattern: /document\.write\s*\(/, type: "XSS Risk", severity: "high" },
-  
-  // Path Traversal
-  { pattern: /\.\.\/\.\./, type: "Path Traversal", severity: "medium" },
-  { pattern: /readFile\s*\(\s*.*\+/, type: "Path Traversal", severity: "high" },
-  
-  // Insecure Crypto
-  { pattern: /md5\s*\(/, type: "Weak Hash", severity: "medium" },
-  { pattern: /sha1\s*\(/, type: "Weak Hash", severity: "medium" },
-  
-  // Hardcoded credentials
-  { pattern: /admin\s*:\s*['"]admin['"]/, type: "Hardcoded Credentials", severity: "high" },
-  { pattern: /root\s*:\s*['"][^'"]{4,}['"]/, type: "Hardcoded Credentials", severity: "high" },
-  
-  // Debug code
-  { pattern: /console\.log\s*\(\s*password/, type: "Password in Log", severity: "high" },
-  { pattern: /console\.log\s*\(\s*token/, type: "Token in Log", severity: "high" },
-];
-
-/**
- * Find files recursively
- */
-function findFiles(dir, extensions, maxDepth = 5, currentDepth = 0) {
-  if (currentDepth >= maxDepth || !fs.existsSync(dir)) return [];
-  
-  const files = [];
-  try {
-    const entries = fs.readdirSync(dir, { withFileTypes: true });
-    for (const entry of entries) {
-      const fullPath = path.join(dir, entry.name);
-      if (entry.isDirectory() && !entry.name.startsWith(".") && entry.name !== "node_modules") {
-        files.push(...findFiles(fullPath, extensions, maxDepth, currentDepth + 1));
-      } else if (entry.isFile() && extensions.some(ext => entry.name.endsWith(ext))) {
-        files.push(fullPath);
-      }
-    }
-  } catch {}
-  return files;
-}
-
-/**
- * Scan file for secrets
- */
-function scanForSecrets(content, filePath) {
-  const secrets = [];
-  const lines = content.split("\n");
-  
-  for (const pattern of SECRET_PATTERNS) {
-    const matches = content.matchAll(new RegExp(pattern.pattern.source, 'g'));
-    for (const match of matches) {
-      const lineNum = content.substring(0, match.index).split("\n").length;
-      const line = lines[lineNum - 1];
-      
-      secrets.push({
-        type: pattern.type,
-        file: path.relative(process.cwd(), filePath).replace(/\\/g, "/"),
-        line: lineNum,
-        content: line.trim(),
-        severity: "critical",
-      });
-    }
-  }
-  
-  return secrets;
-}
-
-/**
- * Scan file for vulnerabilities
- */
-function scanForVulnerabilities(content, filePath) {
-  const vulnerabilities = [];
-  const lines = content.split("\n");
-  
-  for (const pattern of VULNERABILITY_PATTERNS) {
-    const matches = content.matchAll(new RegExp(pattern.pattern.source, 'g'));
-    for (const match of matches) {
-      const lineNum = content.substring(0, match.index).split("\n").length;
-      const line = lines[lineNum - 1];
-      
-      vulnerabilities.push({
-        type: pattern.type,
-        file: path.relative(process.cwd(), filePath).replace(/\\/g, "/"),
-        line: lineNum,
-        content: line.trim(),
-        severity: pattern.severity || "medium",
-        recommendation: getRecommendation(pattern.type),
-      });
-    }
-  }
-  
-  return vulnerabilities;
-}
-
-/**
- * Get recommendation for vulnerability type
- */
-function getRecommendation(type) {
-  const recommendations = {
-    "SQL Injection": "Use parameterized queries or prepared statements",
-    "XSS Risk": "Sanitize user input and use textContent instead of innerHTML",
-    "Path Traversal": "Validate and sanitize file paths, use path.join()",
-    "Weak Hash": "Use stronger hashing algorithms like bcrypt or Argon2",
-    "Hardcoded Credentials": "Use environment variables for credentials",
-    "Password in Log": "Remove sensitive data from logs",
-    "Token in Log": "Remove sensitive data from logs",
-  };
-  
-  return recommendations[type] || "Review and fix the security issue";
-}
-
-/**
- * Scan project for security issues
- */
-function scanProject(projectPath) {
-  const files = findFiles(projectPath, [".ts", ".tsx", ".js", ".jsx", ".json", ".env*", ".yml", ".yaml"], 5);
-  
-  const results = {
-    secrets: [],
-    vulnerabilities: [],
-    stats: {
-      totalFiles: files.length,
-      filesWithSecrets: 0,
-      filesWithVulnerabilities: 0,
-      criticalIssues: 0,
-      highIssues: 0,
-      mediumIssues: 0,
-    },
-    scanned: new Date().toISOString(),
-  };
-  
-  for (const file of files) {
-    try {
-      const content = fs.readFileSync(file, "utf-8");
-      const relativePath = path.relative(projectPath, file).replace(/\\/g, "/");
-      
-      // Skip certain files
-      if (relativePath.includes("node_modules") || 
-          relativePath.includes(".git") ||
-          relativePath.includes("dist/") ||
-          relativePath.includes("build/")) {
-        continue;
-      }
-      
-      const secrets = scanForSecrets(content, file);
-      const vulnerabilities = scanForVulnerabilities(content, file);
-      
-      if (secrets.length > 0) {
-        results.secrets.push(...secrets);
-        results.stats.filesWithSecrets++;
-      }
-      
-      if (vulnerabilities.length > 0) {
-        results.vulnerabilities.push(...vulnerabilities);
-        results.stats.filesWithVulnerabilities++;
-      }
-      
-      // Count severity
-      for (const issue of [...secrets, ...vulnerabilities]) {
-        switch (issue.severity) {
-          case "critical":
-            results.stats.criticalIssues++;
-            break;
-          case "high":
-            results.stats.highIssues++;
-            break;
-          case "medium":
-            results.stats.mediumIssues++;
-            break;
-        }
-      }
-    } catch {}
-  }
-  
-  return results;
-}
-
-/**
- * Generate security report
- */
-function generateSecurityReport(results) {
-  let report = `# Security Scan Report\n\n`;
-  report += `Scanned: ${new Date(results.scanned).toLocaleString()}\n`;
-  report += `Total Files: ${results.stats.totalFiles}\n\n`;
-  
-  // Summary
-  report += `## Summary\n\n`;
-  report += `- Files with Secrets: ${results.stats.filesWithSecrets}\n`;
-  report += `- Files with Vulnerabilities: ${results.stats.filesWithVulnerabilities}\n`;
-  report += `- Critical Issues: ${results.stats.criticalIssues}\n`;
-  report += `- High Issues: ${results.stats.highIssues}\n`;
-  report += `- Medium Issues: ${results.stats.mediumIssues}\n\n`;
-  
-  // Secrets
-  if (results.secrets.length > 0) {
-    report += `## 🔑 Secrets Found (${results.secrets.length})\n\n`;
-    for (const secret of results.secrets) {
-      report += `### ${secret.type} - ${secret.file}:${secret.line}\n`;
-      report += `\`\`\`\n${secret.content}\n\`\`\`\n\n`;
-    }
-  }
-  
-  // Vulnerabilities
-  if (results.vulnerabilities.length > 0) {
-    report += `## 🚨 Vulnerabilities Found (${results.vulnerabilities.length})\n\n`;
-    for (const vuln of results.vulnerabilities) {
-      const icon = vuln.severity === "critical" ? "🔴" : 
-                   vuln.severity === "high" ? "🟠" : "🟡";
-      report += `### ${icon} ${vuln.type} - ${vuln.file}:${vuln.line}\n`;
-      report += `**Severity:** ${vuln.severity}\n`;
-      report += `**Recommendation:** ${vuln.recommendation}\n\n`;
-      report += `\`\`\`\n${vuln.content}\n\`\`\`\n\n`;
-    }
-  }
-  
-  if (results.secrets.length === 0 && results.vulnerabilities.length === 0) {
-    report += `## ✅ No Security Issues Found\n\n`;
-    report += `Great job! No secrets or obvious vulnerabilities were detected.\n`;
-  }
-  
-  return report;
-}
-
-/**
- * Filter content for safe AI consumption
- */
-function filterForAI(content) {
-  let filtered = content;
-  
-  // Remove detected secrets
-  for (const pattern of SECRET_PATTERNS) {
-    filtered = filtered.replace(pattern.pattern, "[REDACTED_SECRET]");
-  }
-  
-  // Remove sensitive lines
-  const lines = filtered.split("\n");
-  const safeLines = lines.filter(line => {
-    const lower = line.toLowerCase();
-    return !lower.includes("password") &&
-           !lower.includes("secret") &&
-           !lower.includes("private_key") &&
-           !lower.includes("api_key") &&
-           !line.includes("console.log") &&
-           !line.includes("debugger");
-  });
-  
-  return safeLines.join("\n");
-}
-
-module.exports = {
-  scanProject,
-  generateSecurityReport,
-  filterForAI,
-  SECRET_PATTERNS,
-  VULNERABILITY_PATTERNS,
-};

package/bin/runners/context/semantic-search.js

@@ -1,350 +0,0 @@
-/**
- * Semantic Code Search Module
- * Embeds code chunks for natural language queries
- */
-
-const fs = require("fs");
-const path = require("path");
-const crypto = require("crypto");
-
-/**
- * Simple TF-IDF vectorizer for semantic search
- * In production, would use OpenAI embeddings or similar
- */
-class SimpleVectorizer {
-  constructor() {
-    this.vocabulary = new Map();
-    this.idf = new Map();
-    this.documents = [];
-  }
-  
-  /**
-   * Tokenize text into words
-   */
-  tokenize(text) {
-    return text
-      .toLowerCase()
-      .replace(/[^\w\s]/g, " ")
-      .split(/\s+/)
-      .filter(word => word.length > 2);
-  }
-  
-  /**
-   * Build vocabulary from documents
-   */
-  fit(documents) {
-    this.documents = documents;
-    const docCount = documents.length;
-    const docFreq = new Map();
-    
-    // Count document frequency for each term
-    for (const doc of documents) {
-      const tokens = new Set(this.tokenize(doc));
-      for (const token of tokens) {
-        docFreq.set(token, (docFreq.get(token) || 0) + 1);
-      }
-    }
-    
-    // Calculate IDF
-    for (const [term, freq] of docFreq) {
-      this.idf.set(term, Math.log(docCount / freq));
-      this.vocabulary.set(term, this.vocabulary.size);
-    }
-  }
-  
-  /**
-   * Transform document to TF-IDF vector
-   */
-  transform(text) {
-    const tokens = this.tokenize(text);
-    const tf = new Map();
-    
-    // Count term frequency
-    for (const token of tokens) {
-      tf.set(token, (tf.get(token) || 0) + 1);
-    }
-    
-    // Create vector
-    const vector = new Array(this.vocabulary.size).fill(0);
-    for (const [term, count] of tf) {
-      if (this.vocabulary.has(term)) {
-        const idx = this.vocabulary.get(term);
-        vector[idx] = (count / tokens.length) * this.idf.get(term);
-      }
-    }
-    
-    return vector;
-  }
-  
-  /**
-   * Calculate cosine similarity between vectors
-   */
-  cosineSimilarity(vec1, vec2) {
-    let dotProduct = 0;
-    let norm1 = 0;
-    let norm2 = 0;
-    
-    for (let i = 0; i < vec1.length; i++) {
-      dotProduct += vec1[i] * vec2[i];
-      norm1 += vec1[i] * vec1[i];
-      norm2 += vec2[i] * vec2[i];
-    }
-    
-    return dotProduct / (Math.sqrt(norm1) * Math.sqrt(norm2));
-  }
-}
-
-/**
- * Find files recursively
- */
-function findFiles(dir, extensions, maxDepth = 5, currentDepth = 0) {
-  if (currentDepth >= maxDepth || !fs.existsSync(dir)) return [];
-  
-  const files = [];
-  try {
-    const entries = fs.readdirSync(dir, { withFileTypes: true });
-    for (const entry of entries) {
-      const fullPath = path.join(dir, entry.name);
-      if (entry.isDirectory() && !entry.name.startsWith(".") && entry.name !== "node_modules") {
-        files.push(...findFiles(fullPath, extensions, maxDepth, currentDepth + 1));
-      } else if (entry.isFile() && extensions.some(ext => entry.name.endsWith(ext))) {
-        files.push(fullPath);
-      }
-    }
-  } catch {}
-  return files;
-}
-
-/**
- * Extract code chunks with context
- */
-function extractCodeChunks(filePath, maxSize = 1000) {
-  const chunks = [];
-  try {
-    const content = fs.readFileSync(filePath, "utf-8");
-    const lines = content.split("\n");
-    
-    // Extract functions, classes, and important blocks
-    let currentChunk = [];
-    let startLine = 0;
-    let inFunction = false;
-    let inClass = false;
-    let braceCount = 0;
-    
-    for (let i = 0; i < lines.length; i++) {
-      const line = lines[i];
-      currentChunk.push(line);
-      
-      // Detect function/class start
-      if (line.match(/^(function|class|export\s+(function|class)|const\s+\w+\s*=|async\s+function)/)) {
-        startLine = i;
-        inFunction = true;
-        braceCount = (line.match(/{/g) || []).length - (line.match(/}/g) || []).length;
-      }
-      
-      // Track braces for function boundaries
-      if (inFunction) {
-        braceCount += (line.match(/{/g) || []).length - (line.match(/}/g) || []).length;
-        
-        if (braceCount <= 0 || line.trim().endsWith("}") || line.trim().endsWith("});")) {
-          // End of function
-          const chunkText = currentChunk.join("\n");
-          if (chunkText.length < maxSize) {
-            chunks.push({
-              text: chunkText,
-              file: path.relative(process.cwd(), filePath).replace(/\\/g, "/"),
-              startLine: startLine + 1,
-              endLine: i + 1,
-              type: "function",
-            });
-          }
-          currentChunk = [];
-          inFunction = false;
-          braceCount = 0;
-        }
-      }
-      
-      // Split large chunks
-      if (currentChunk.length > 50) {
-        const chunkText = currentChunk.join("\n");
-        if (chunkText.length < maxSize) {
-          chunks.push({
-            text: chunkText,
-            file: path.relative(process.cwd(), filePath).replace(/\\/g, "/"),
-            startLine: startLine + 1,
-            endLine: i + 1,
-            type: "block",
-          });
-        }
-        currentChunk = [];
-        startLine = i + 1;
-      }
-    }
-    
-    // Add remaining chunk if significant
-    if (currentChunk.length > 5) {
-      const chunkText = currentChunk.join("\n");
-      if (chunkText.length < maxSize) {
-        chunks.push({
-          text: chunkText,
-          file: path.relative(process.cwd(), filePath).replace(/\\/g, "/"),
-          startLine: startLine + 1,
-          endLine: lines.length,
-          type: "block",
-        });
-      }
-    }
-  } catch {}
-  
-  return chunks;
-}
-
-/**
- * Build semantic search index
- */
-function buildSearchIndex(projectPath) {
-  const files = findFiles(projectPath, [".ts", ".tsx", ".js", ".jsx"], 5);
-  const chunks = [];
-  
-  // Extract code chunks
-  for (const file of files) {
-    const fileChunks = extractCodeChunks(file);
-    chunks.push(...fileChunks);
-  }
-  
-  // Create vectorizer and fit
-  const vectorizer = new SimpleVectorizer();
-  const documents = chunks.map(c => c.text);
-  vectorizer.fit(documents);
-  
-  // Create embeddings
-  const embeddings = chunks.map((chunk, idx) => ({
-    ...chunk,
-    vector: vectorizer.transform(chunk.text),
-    id: crypto.createHash("md5").update(chunk.text).digest("hex").slice(0, 8),
-  }));
-  
-  return {
-    vectorizer,
-    embeddings,
-    totalChunks: chunks.length,
-    totalFiles: files.length,
-  };
-}
-
-/**
- * Search code semantically
- */
-function semanticSearch(index, query, limit = 10) {
-  const queryVector = index.vectorizer.transform(query);
-  const results = [];
-  
-  for (const embedding of index.embeddings) {
-    const similarity = index.vectorizer.cosineSimilarity(queryVector, embedding.vector);
-    if (similarity > 0.1) { // Threshold
-      results.push({
-        ...embedding,
-        similarity,
-      });
-    }
-  }
-  
-  return results
-    .sort((a, b) => b.similarity - a.similarity)
-    .slice(0, limit);
-}
-
-/**
- * Save search index
- */
-function saveSearchIndex(projectPath, index) {
-  const vibecheckDir = path.join(projectPath, ".vibecheck");
-  if (!fs.existsSync(vibecheckDir)) {
-    fs.mkdirSync(vibecheckDir, { recursive: true });
-  }
-  
-  const indexData = {
-    version: "1.0.0",
-    created: new Date().toISOString(),
-    totalChunks: index.totalChunks,
-    totalFiles: index.totalFiles,
-    vocabulary: Array.from(index.vectorizer.vocabulary.keys()),
-    idf: Object.fromEntries(index.vectorizer.idf),
-    embeddings: index.embeddings.map(e => ({
-      id: e.id,
-      file: e.file,
-      startLine: e.startLine,
-      endLine: e.endLine,
-      type: e.type,
-      vector: e.vector,
-    })),
-  };
-  
-  fs.writeFileSync(
-    path.join(vibecheckDir, "semantic-index.json"),
-    JSON.stringify(indexData, null, 2)
-  );
-}
-
-/**
- * Load search index
- */
-function loadSearchIndex(projectPath) {
-  const indexPath = path.join(projectPath, ".vibecheck", "semantic-index.json");
-  
-  if (!fs.existsSync(indexPath)) {
-    return null;
-  }
-  
-  try {
-    const data = JSON.parse(fs.readFileSync(indexPath, "utf-8"));
-    
-    // Reconstruct vectorizer
-    const vectorizer = new SimpleVectorizer();
-    data.vocabulary.forEach((term, idx) => {
-      vectorizer.vocabulary.set(term, idx);
-    });
-    vectorizer.idf = new Map(Object.entries(data.idf));
-    
-    return {
-      vectorizer,
-      embeddings: data.embeddings,
-      totalChunks: data.totalChunks,
-      totalFiles: data.totalFiles,
-    };
-  } catch {
-    return null;
-  }
-}
-
-/**
- * Generate semantic search report
- */
-function generateSearchReport(results, query) {
-  let report = `# Semantic Search Results\n\n`;
-  report += `Query: "${query}"\n`;
-  report += `Found: ${results.length} results\n\n`;
-  
-  for (const result of results) {
-    report += `## ${result.file}:${result.startLine}-${result.endLine}\n`;
-    report += `**Similarity:** ${(result.similarity * 100).toFixed(1)}%\n`;
-    report += `**Type:** ${result.type}\n\n`;
-    report += `\`\`\`${path.extname(result.file).slice(1)}\n`;
-    report += result.text.split("\n").slice(0, 10).join("\n");
-    if (result.text.split("\n").length > 10) {
-      report += "\n...";
-    }
-    report += "\n\`\`\`\n\n";
-  }
-  
-  return report;
-}
-
-module.exports = {
-  buildSearchIndex,
-  semanticSearch,
-  saveSearchIndex,
-  loadSearchIndex,
-  generateSearchReport,
-  SimpleVectorizer,
-};