@vibecheckai/cli 3.0.2 → 3.0.3

package/bin/runners/lib/auth.js

@@ -1,215 +0,0 @@
-const fs = require("fs");
-const path = require("path");
-const os = require("os");
-
-// Config paths
-function getConfigPath() {
-  const home = os.homedir();
-  if (process.platform === "win32") {
-    return path.join(
-      process.env.APPDATA || path.join(home, "AppData", "Roaming"),
-      "vibecheck",
-      "config.json",
-    );
-  }
-  return path.join(home, ".config", "vibecheck", "config.json");
-}
-
-function ensureConfigDir(configPath) {
-  const dir = path.dirname(configPath);
-  if (!fs.existsSync(dir)) {
-    fs.mkdirSync(dir, { recursive: true });
-  }
-}
-
-// 1. Get API Key
-function getApiKey() {
-  // 1. Env var (CI/Production)
-  if (process.env.VIBECHECK_API_KEY) {
-    return { key: process.env.VIBECHECK_API_KEY, source: "env" };
-  }
-
-  // 2. User config
-  try {
-    const configPath = getConfigPath();
-    if (fs.existsSync(configPath)) {
-      const config = JSON.parse(fs.readFileSync(configPath, "utf8"));
-      if (config.apiKey) {
-        return { key: config.apiKey, source: "user" };
-      }
-    }
-  } catch (err) {
-    // ignore config errors
-  }
-
-  return { key: null, source: null };
-}
-
-// 2. Save API Key
-function saveApiKey(apiKey) {
-  const configPath = getConfigPath();
-  ensureConfigDir(configPath);
-
-  let config = {};
-  try {
-    if (fs.existsSync(configPath)) {
-      config = JSON.parse(fs.readFileSync(configPath, "utf8"));
-    }
-  } catch (err) {
-    // ignore, start fresh
-  }
-
-  config.apiKey = apiKey;
-  // Also save a basic user structure if needed, but for now just key
-
-  fs.writeFileSync(configPath, JSON.stringify(config, null, 2), {
-    mode: 0o600,
-  });
-}
-
-// 3. Delete API Key
-function deleteApiKey() {
-  const configPath = getConfigPath();
-  try {
-    if (fs.existsSync(configPath)) {
-      const config = JSON.parse(fs.readFileSync(configPath, "utf8"));
-      delete config.apiKey;
-      fs.writeFileSync(configPath, JSON.stringify(config, null, 2), {
-        mode: 0o600,
-      });
-    }
-  } catch (err) {
-    // ignore
-  }
-}
-
-// 4. Get Entitlements (Mocked for now, but ready for API)
-// In real world: fetch from GET /v1/auth/whoami
-async function getEntitlements(apiKey) {
-  if (!apiKey) return null;
-
-  // Check cache first
-  const configPath = getConfigPath();
-  const cachePath = path.join(
-    path.dirname(configPath),
-    "entitlements-cache.json",
-  );
-
-  try {
-    if (fs.existsSync(cachePath)) {
-      const cache = JSON.parse(fs.readFileSync(cachePath, "utf8"));
-      // Check if same key and fresh (10 mins)
-      if (
-        cache.keyHash === Buffer.from(apiKey).toString("base64") &&
-        Date.now() - cache.timestamp < 10 * 60 * 1000
-      ) {
-        return cache.data;
-      }
-    }
-  } catch (err) {
-    // ignore cache errors
-  }
-
-  // Simulate API delay
-  // await new Promise(r => setTimeout(r, 100));
-
-  // Call the real API endpoint
-  let res;
-  try {
-    // Try production API first, then fallback to localhost for development
-    const apiUrl =
-      process.env.VIBECHECK_API_URL || "https://api.vibecheckai.dev";
-    const urls = [apiUrl, "http://localhost:3000"];
-
-    for (const url of urls) {
-      try {
-        res = await fetch(`${url}/v1/auth/whoami`, {
-          headers: {
-            Authorization: `Bearer ${apiKey}`,
-          },
-          signal: AbortSignal.timeout(5000), // 5 second timeout
-        });
-        if (res.ok) break;
-      } catch (e) {
-        // Try next URL
-        continue;
-      }
-    }
-
-    if (!res || !res.ok) {
-      throw new Error("API unavailable");
-    }
-  } catch (error) {
-    // SECURITY: Do not fallback to mock entitlements
-    // If API is unavailable, fail gracefully with clear error message
-    throw new Error(
-      "Cannot connect to vibecheck API. API connection required for this feature. " +
-      "Please check your network connection and ensure VIBECHECK_API_URL is set correctly."
-    );
-  }
-
-  if (!res.ok) {
-    throw new Error(`API returned ${res.status}: ${res.statusText}`);
-  }
-
-  const result = await res.json();
-
-  // Write to cache
-  try {
-    ensureConfigDir(cachePath);
-    fs.writeFileSync(
-      cachePath,
-      JSON.stringify(
-        {
-          keyHash: Buffer.from(apiKey).toString("base64"),
-          timestamp: Date.now(),
-          data: result,
-        },
-        null,
-        2,
-      ),
-    );
-  } catch (err) {
-    // ignore cache write errors
-  }
-
-  return result;
-}
-
-// 5. Check Entitlement
-async function checkEntitlement(requiredScope) {
-  const { key } = getApiKey();
-  if (!key) {
-    return {
-      allowed: false,
-      reason:
-        'No API key found. Run "vibecheck login" or set VIBECHECK_API_KEY.',
-    };
-  }
-
-  const entitlements = await getEntitlements(key);
-  if (!entitlements) {
-    return { allowed: false, reason: "Invalid API key." };
-  }
-
-  if (
-    entitlements.scopes.includes(requiredScope) ||
-    entitlements.scopes.includes("*")
-  ) {
-    return { allowed: true, plan: entitlements.plan };
-  }
-
-  return {
-    allowed: false,
-    reason: `Plan '${entitlements.plan}' does not support this feature. Required scope: ${requiredScope}`,
-  };
-}
-
-module.exports = {
-  getApiKey,
-  saveApiKey,
-  deleteApiKey,
-  getEntitlements,
-  checkEntitlement,
-  getConfigPath,
-};

package/bin/runners/lib/backup.js

@@ -1,62 +0,0 @@
-// bin/runners/lib/backup.js
-const fs = require("fs");
-const path = require("path");
-
-function ensureDir(p) {
-  fs.mkdirSync(p, { recursive: true });
-}
-
-function backupFiles(repoRoot, fileRelPaths, backupRoot) {
-  ensureDir(backupRoot);
-
-  const saved = [];
-  for (const rel of fileRelPaths) {
-    const abs = path.join(repoRoot, rel);
-    if (!fs.existsSync(abs)) {
-      saved.push({ rel, existed: false });
-      continue;
-    }
-
-    const dest = path.join(backupRoot, rel);
-    ensureDir(path.dirname(dest));
-    fs.copyFileSync(abs, dest);
-    saved.push({ rel, existed: true });
-  }
-
-  fs.writeFileSync(
-    path.join(backupRoot, "_manifest.json"),
-    JSON.stringify({ saved }, null, 2),
-    "utf8"
-  );
-
-  return saved;
-}
-
-function restoreBackup(repoRoot, backupRoot) {
-  const manifestPath = path.join(backupRoot, "_manifest.json");
-  if (!fs.existsSync(manifestPath)) {
-    return { ok: false, error: "backup manifest missing" };
-  }
-
-  const manifest = JSON.parse(fs.readFileSync(manifestPath, "utf8"));
-  const saved = manifest.saved || [];
-
-  for (const s of saved) {
-    const abs = path.join(repoRoot, s.rel);
-    const bak = path.join(backupRoot, s.rel);
-
-    if (!s.existed) {
-      if (fs.existsSync(abs)) fs.rmSync(abs, { force: true });
-      continue;
-    }
-
-    if (fs.existsSync(bak)) {
-      ensureDir(path.dirname(abs));
-      fs.copyFileSync(bak, abs);
-    }
-  }
-
-  return { ok: true };
-}
-
-module.exports = { backupFiles, restoreBackup };

package/bin/runners/lib/billing.js

@@ -1,107 +0,0 @@
-// bin/runners/lib/billing.js
-const fg = require("fast-glob");
-const fs = require("fs");
-const path = require("path");
-const crypto = require("crypto");
-
-function sha256(text) {
-  return "sha256:" + crypto.createHash("sha256").update(text).digest("hex");
-}
-
-function safeRead(fileAbs) {
-  return fs.readFileSync(fileAbs, "utf8");
-}
-
-function evidenceFromLine({ fileAbs, repoRoot, lineNo, reason }) {
-  const fileRel = path.relative(repoRoot, fileAbs).replace(/\\/g, "/");
-  const lines = safeRead(fileAbs).split(/\r?\n/);
-  const idx = Math.max(0, Math.min(lines.length - 1, lineNo - 1));
-  const snippet = lines[idx] || "";
-  return {
-    id: `ev_${crypto.randomBytes(4).toString("hex")}`,
-    file: fileRel,
-    lines: `${lineNo}-${lineNo}`,
-    snippetHash: sha256(snippet),
-    reason
-  };
-}
-
-function findLineMatches(code, regex) {
-  const out = [];
-  const lines = code.split(/\r?\n/);
-  for (let i = 0; i < lines.length; i++) {
-    if (regex.test(lines[i])) out.push(i + 1);
-  }
-  return out;
-}
-
-function classifyStripeSignals(code) {
-  const signals = {
-    usesStripeSdk: /\bstripe\b/i.test(code) && /from\s+['"]stripe['"]|require\(['"]stripe['"]\)/.test(code),
-    webhookConstructEvent: /\bconstructEvent(Async)?\b/.test(code) || /\bstripe\.webhooks\.constructEvent\b/.test(code),
-    readsStripeSignatureHeader: /stripe-signature/i.test(code) || /\bStripe-Signature\b/.test(code),
-    rawBodySignal:
-      /\bbodyParser\s*:\s*false\b/.test(code) ||
-      /\breq\.(text|arrayBuffer)\(\)/.test(code) ||
-      /\brawBody\b/.test(code) || /\brequest\.raw\b/.test(code) || /\bcontentTypeParser\b/i.test(code),
-    idempotencySignal:
-      /\bevent\.id\b/.test(code) && /\b(prisma|db|redis|cache|processed|dedupe|idempotent)\b/i.test(code) ||
-      /\bidempotenc(y|e)\b/i.test(code)
-  };
-
-  return signals;
-}
-
-async function buildBillingTruth(repoRoot) {
-  const files = await fg(["**/*.{ts,tsx,js,jsx}"], {
-    cwd: repoRoot,
-    absolute: true,
-    ignore: ["**/node_modules/**", "**/.next/**", "**/dist/**", "**/build/**"]
-  });
-
-  const webhookCandidates = [];
-  const stripeFiles = [];
-
-  for (const fileAbs of files) {
-    const fileRel = path.relative(repoRoot, fileAbs).replace(/\\/g, "/");
-    const code = safeRead(fileAbs);
-
-    const signals = classifyStripeSignals(code);
-
-    if (signals.usesStripeSdk) stripeFiles.push(fileRel);
-
-    if (signals.webhookConstructEvent || signals.readsStripeSignatureHeader) {
-      const ev = [];
-      const lines1 = findLineMatches(code, /\bconstructEvent(Async)?\b|stripe\.webhooks\.constructEvent/);
-      const lines2 = findLineMatches(code, /stripe-signature|Stripe-Signature/i);
-      const lines3 = findLineMatches(code, /bodyParser\s*:\s*false|req\.(text|arrayBuffer)\(|rawBody|contentTypeParser/i);
-      const lines4 = findLineMatches(code, /event\.id|idempotenc(y|e)|dedupe|processed/i);
-
-      for (const ln of lines1.slice(0, 3)) ev.push(evidenceFromLine({ fileAbs, repoRoot, lineNo: ln, reason: "Stripe webhook signature constructEvent signal" }));
-      for (const ln of lines2.slice(0, 3)) ev.push(evidenceFromLine({ fileAbs, repoRoot, lineNo: ln, reason: "Stripe-Signature header usage signal" }));
-      for (const ln of lines3.slice(0, 3)) ev.push(evidenceFromLine({ fileAbs, repoRoot, lineNo: ln, reason: "Raw body handling signal (required for Stripe verification)" }));
-      for (const ln of lines4.slice(0, 3)) ev.push(evidenceFromLine({ fileAbs, repoRoot, lineNo: ln, reason: "Idempotency/dedupe signal (event replay protection)" }));
-
-      webhookCandidates.push({
-        file: fileRel,
-        signals,
-        evidence: ev
-      });
-    }
-  }
-
-  const hasStripe = stripeFiles.length > 0;
-
-  return {
-    hasStripe,
-    stripeFiles: stripeFiles.slice(0, 200),
-    webhookCandidates,
-    summary: {
-      webhookHandlersFound: webhookCandidates.length,
-      verifiedWebhookHandlers: webhookCandidates.filter(w => w.signals.webhookConstructEvent && w.signals.rawBodySignal).length,
-      idempotentWebhookHandlers: webhookCandidates.filter(w => w.signals.idempotencySignal).length
-    }
-  };
-}
-
-module.exports = { buildBillingTruth };

package/bin/runners/lib/claims.js

@@ -1,118 +0,0 @@
-// bin/runners/lib/claims.js
-const { canonicalizeMethod, canonicalizePath } = require("./truth");
-
-function escapeRegex(s) {
-  return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-}
-
-function compileRoutePattern(routePath) {
-  const parts = routePath.split("/").filter(Boolean);
-  const reParts = parts.map(seg => {
-    if (seg.startsWith(":")) return "([^/]+)";
-    if (seg.startsWith("*")) {
-      const optional = seg.endsWith("?");
-      return optional ? "(.*)?" : "(.*)";
-    }
-    return escapeRegex(seg);
-  });
-  return new RegExp("^/" + reParts.join("/") + "$");
-}
-
-function routeMatches(routeDef, method, path) {
-  const m = method === "*" ? "*" : method;
-  const rm = routeDef.method;
-
-  const methodOk = (rm === "*" || m === "*" || rm === m);
-  if (!methodOk) return false;
-
-  if (routeDef.path === path) return true;
-  return compileRoutePattern(routeDef.path).test(path);
-}
-
-function validateClaimRouteExists(truthpack, claim) {
-  const method = canonicalizeMethod(claim?.subject?.method || "*");
-  const path = canonicalizePath(claim?.subject?.path || "/");
-
-  const server = truthpack?.routes?.server || [];
-  const matches = server.filter(r => routeMatches(r, method, path));
-
-  if (matches.length) {
-    // pick best confidence
-    const score = c => (c === "high" ? 3 : c === "med" ? 2 : 1);
-    matches.sort((a,b) => score(b.confidence) - score(a.confidence));
-    const best = matches[0];
-
-    return {
-      id: claim.id,
-      result: "true",
-      confidence: best.confidence,
-      evidence: best.evidence || [],
-      assumptions: [],
-      gaps: [],
-      nextSteps: []
-    };
-  }
-
-  const gaps = truthpack?.routes?.gaps || [];
-  const hasGaps = gaps.length > 0;
-
-  return {
-    id: claim.id,
-    result: hasGaps ? "unknown" : "false",
-    confidence: hasGaps ? "low" : "high",
-    evidence: [],
-    assumptions: hasGaps ? ["Fastify plugin resolution incomplete"] : [],
-    gaps,
-    nextSteps: hasGaps ? ["Resolve Fastify plugin imports (relative) or add optional runtime route dump mode later"] : []
-  };
-}
-
-function validateClaimEnvVarUsed(truthpack, claim) {
-  const name = String(claim?.subject?.name || "").trim();
-  const vars = truthpack?.env?.vars || [];
-  const hit = vars.find(v => v.name === name);
-
-  if (hit) {
-    return {
-      id: claim.id,
-      result: "true",
-      confidence: hit.references?.length ? "high" : "med",
-      evidence: hit.references || [],
-      assumptions: [],
-      gaps: [],
-      nextSteps: []
-    };
-  }
-  return {
-    id: claim.id,
-    result: "false",
-    confidence: "high",
-    evidence: [],
-    assumptions: [],
-    gaps: [],
-    nextSteps: []
-  };
-}
-
-function validateClaimEnvVarDeclared(truthpack, claim) {
-  const name = String(claim?.subject?.name || "").trim();
-  const declared = truthpack?.env?.declared || [];
-  const ok = declared.includes(name);
-
-  return {
-    id: claim.id,
-    result: ok ? "true" : "false",
-    confidence: "high",
-    evidence: [],
-    assumptions: [],
-    gaps: [],
-    nextSteps: ok ? [] : ["Add to .env.example/.env.template so the project contract is real"]
-  };
-}
-
-module.exports = {
-  routeMatches,
-  validateClaimRouteExists,
-  validateClaimEnvVarUsed,
-  validateClaimEnvVarDeclared
-};