@vibecheckai/cli 3.1.0 → 3.1.1

package/bin/runners/lib/analysis-core.js

@@ -1,271 +1,271 @@
-/**
- * Analysis Core - Shared analysis engine for Ship and Scan
- * 
- * Consolidates common logic:
- * - Truthpack generation
- * - Finding collection
- * - Verdict calculation
- * - Output formatting
- * 
- * Ship = Fast path (core analyzers only)
- * Scan = Deep path (core + extended analyzers + optional layers)
- */
-
-const path = require("path");
-const fs = require("fs");
-const { buildTruthpack, writeTruthpack, detectFastifyEntry } = require("./truth");
-const {
-  findMissingRoutes,
-  findEnvGaps,
-  findFakeSuccess,
-  findGhostAuth,
-  findStripeWebhookViolations,
-  findPaidSurfaceNotEnforced,
-  findOwnerModeBypass
-} = require("./analyzers");
-const { findingsFromReality } = require("./reality-findings");
-
-// ============================================================================
-// CORE ANALYSIS (Used by both Ship and Scan)
-// ============================================================================
-
-/**
- * Run core analyzers that apply to all projects
- * @param {string} root - Project root path
- * @param {object} truthpack - Generated truthpack
- * @returns {Array} - Array of findings
- */
-function runCoreAnalyzers(root, truthpack) {
-  return [
-    ...findMissingRoutes(truthpack),
-    ...findEnvGaps(truthpack),
-    ...findFakeSuccess(root),
-    ...findGhostAuth(truthpack, root),
-    ...findStripeWebhookViolations(truthpack),
-    ...findPaidSurfaceNotEnforced(truthpack),
-    ...findOwnerModeBypass(root),
-    ...findingsFromReality(root)
-  ];
-}
-
-/**
- * Calculate verdict from findings
- * @param {Array} findings - Array of findings
- * @returns {string} - SHIP | WARN | BLOCK
- */
-function calculateVerdict(findings) {
-  if (findings.some(f => f.severity === "BLOCK")) return "BLOCK";
-  if (findings.some(f => f.severity === "WARN")) return "WARN";
-  return "SHIP";
-}
-
-/**
- * Build proof graph from findings
- * @param {Array} findings - Array of findings
- * @param {object} truthpack - Truthpack data
- * @param {string} root - Project root path
- * @returns {object} - Proof graph
- */
-function buildProofGraph(findings, truthpack, root) {
-  const claims = [];
-  let claimId = 0;
-  
-  for (const finding of findings) {
-    const claim = {
-      id: `claim-${++claimId}`,
-      type: getClaimType(finding.category),
-      assertion: finding.title || finding.message,
-      verified: finding.severity !== 'BLOCK',
-      confidence: finding.confidence === 'high' ? 0.9 : finding.confidence === 'medium' ? 0.7 : 0.5,
-      evidence: (finding.evidence || []).map((e, i) => ({
-        id: `evidence-${claimId}-${i}`,
-        type: 'file_citation',
-        file: e.file,
-        line: parseInt(e.lines?.split('-')[0]) || e.line || 1,
-        snippet: e.snippetHash || '',
-        strength: 0.8,
-        verifiedAt: new Date().toISOString(),
-        method: 'static'
-      })),
-      gaps: [{
-        id: `gap-${claimId}`,
-        type: getGapType(finding.category),
-        description: finding.why || finding.title,
-        severity: finding.severity === 'BLOCK' ? 'critical' : finding.severity === 'WARN' ? 'medium' : 'low',
-        suggestion: (finding.fixHints || [])[0] || ''
-      }],
-      severity: finding.severity === 'BLOCK' ? 'critical' : finding.severity === 'WARN' ? 'medium' : 'low',
-      file: finding.evidence?.[0]?.file || '',
-      line: parseInt(finding.evidence?.[0]?.lines?.split('-')[0]) || 1
-    };
-    claims.push(claim);
-  }
-  
-  const verifiedClaims = claims.filter(c => c.verified);
-  const failedClaims = claims.filter(c => !c.verified);
-  const allGaps = claims.flatMap(c => c.gaps);
-  
-  const riskScore = Math.min(100, failedClaims.reduce((sum, c) => {
-    if (c.severity === 'critical') return sum + 30;
-    if (c.severity === 'high') return sum + 20;
-    if (c.severity === 'medium') return sum + 10;
-    return sum + 5;
-  }, 0));
-  
-  const confidence = claims.length > 0 
-    ? claims.reduce((sum, c) => sum + c.confidence, 0) / claims.length 
-    : 1.0;
-  
-  return {
-    version: '1.0.0',
-    generatedAt: new Date().toISOString(),
-    projectPath: root,
-    claims,
-    summary: {
-      totalClaims: claims.length,
-      verifiedClaims: verifiedClaims.length,
-      failedClaims: failedClaims.length,
-      gaps: allGaps.length,
-      riskScore,
-      confidence
-    },
-    verdict: calculateVerdict(findings),
-    topBlockers: failedClaims.filter(c => c.severity === 'critical' || c.severity === 'high').slice(0, 5),
-    topGaps: allGaps.filter(g => g.severity === 'critical' || g.severity === 'high').slice(0, 5)
-  };
-}
-
-function getClaimType(category) {
-  const map = {
-    'MissingRoute': 'route_exists',
-    'EnvContract': 'env_declared',
-    'FakeSuccess': 'success_verified',
-    'GhostAuth': 'auth_protected',
-    'StripeWebhook': 'billing_enforced',
-    'PaidSurface': 'billing_enforced',
-    'OwnerModeBypass': 'billing_enforced',
-    'DeadUI': 'ui_wired'
-  };
-  return map[category] || 'ui_wired';
-}
-
-function getGapType(category) {
-  const map = {
-    'MissingRoute': 'missing_handler',
-    'EnvContract': 'missing_verification',
-    'FakeSuccess': 'missing_verification',
-    'GhostAuth': 'missing_gate',
-    'StripeWebhook': 'missing_verification',
-    'PaidSurface': 'missing_gate',
-    'OwnerModeBypass': 'missing_gate',
-    'DeadUI': 'missing_handler'
-  };
-  return map[category] || 'untested_path';
-}
-
-// ============================================================================
-// UNIFIED ANALYSIS RUNNER
-// ============================================================================
-
-/**
- * Run unified analysis (used by both ship and scan)
- * @param {object} options - Analysis options
- * @returns {object} - Analysis result with findings, verdict, proofGraph
- */
-async function runAnalysis({ 
-  repoRoot = process.cwd(), 
-  fastifyEntry = null,
-  extended = false,  // If true, run extended analyzers (scan mode)
-  noWrite = false 
-} = {}) {
-  const root = repoRoot;
-  const fastEntry = fastifyEntry || detectFastifyEntry(root);
-
-  // Build truthpack
-  const truthpack = await buildTruthpack({ repoRoot: root, fastifyEntry: fastEntry });
-  if (!noWrite) {
-    writeTruthpack(root, truthpack);
-  }
-
-  // Run core analyzers
-  const findings = runCoreAnalyzers(root, truthpack);
-
-  // Calculate verdict
-  const verdict = calculateVerdict(findings);
-
-  // Build proof graph
-  const proofGraph = buildProofGraph(findings, truthpack, root);
-
-  // Build report
-  const report = {
-    meta: { 
-      generatedAt: new Date().toISOString(), 
-      verdict,
-      mode: extended ? 'scan' : 'ship'
-    },
-    truthpackHash: truthpack.index?.hashes?.truthpackHash,
-    findings,
-    proofGraph: {
-      summary: proofGraph.summary,
-      topBlockers: proofGraph.topBlockers.slice(0, 5),
-      topGaps: proofGraph.topGaps.slice(0, 5)
-    }
-  };
-
-  // Write outputs
-  if (!noWrite) {
-    const outDir = path.join(root, ".vibecheck");
-    fs.mkdirSync(outDir, { recursive: true });
-    fs.writeFileSync(path.join(outDir, "last_ship.json"), JSON.stringify(report, null, 2));
-    fs.writeFileSync(path.join(outDir, "proof-graph.json"), JSON.stringify(proofGraph, null, 2));
-  }
-
-  return { report, truthpack, verdict, proofGraph, findings };
-}
-
-// ============================================================================
-// FINDING UTILITIES
-// ============================================================================
-
-/**
- * Group findings by category
- */
-function groupFindings(findings) {
-  const groups = {};
-  for (const f of findings) {
-    const cat = f.category || 'Other';
-    if (!groups[cat]) groups[cat] = [];
-    groups[cat].push(f);
-  }
-  return groups;
-}
-
-/**
- * Count findings by severity
- */
-function countBySeverity(findings) {
-  return {
-    block: findings.filter(f => f.severity === 'BLOCK').length,
-    warn: findings.filter(f => f.severity === 'WARN').length,
-    info: findings.filter(f => f.severity === 'INFO').length
-  };
-}
-
-/**
- * Get top N blockers
- */
-function getTopBlockers(findings, n = 5) {
-  return findings
-    .filter(f => f.severity === 'BLOCK')
-    .slice(0, n);
-}
-
-module.exports = {
-  runCoreAnalyzers,
-  calculateVerdict,
-  buildProofGraph,
-  runAnalysis,
-  groupFindings,
-  countBySeverity,
-  getTopBlockers
-};
+/**
+ * Analysis Core - Shared analysis engine for Ship and Scan
+ * 
+ * Consolidates common logic:
+ * - Truthpack generation
+ * - Finding collection
+ * - Verdict calculation
+ * - Output formatting
+ * 
+ * Ship = Fast path (core analyzers only)
+ * Scan = Deep path (core + extended analyzers + optional layers)
+ */
+
+const path = require("path");
+const fs = require("fs");
+const { buildTruthpack, writeTruthpack, detectFastifyEntry } = require("./truth");
+const {
+  findMissingRoutes,
+  findEnvGaps,
+  findFakeSuccess,
+  findGhostAuth,
+  findStripeWebhookViolations,
+  findPaidSurfaceNotEnforced,
+  findOwnerModeBypass
+} = require("./analyzers");
+const { findingsFromReality } = require("./reality-findings");
+
+// ============================================================================
+// CORE ANALYSIS (Used by both Ship and Scan)
+// ============================================================================
+
+/**
+ * Run core analyzers that apply to all projects
+ * @param {string} root - Project root path
+ * @param {object} truthpack - Generated truthpack
+ * @returns {Array} - Array of findings
+ */
+function runCoreAnalyzers(root, truthpack) {
+  return [
+    ...findMissingRoutes(truthpack),
+    ...findEnvGaps(truthpack),
+    ...findFakeSuccess(root),
+    ...findGhostAuth(truthpack, root),
+    ...findStripeWebhookViolations(truthpack),
+    ...findPaidSurfaceNotEnforced(truthpack),
+    ...findOwnerModeBypass(root),
+    ...findingsFromReality(root)
+  ];
+}
+
+/**
+ * Calculate verdict from findings
+ * @param {Array} findings - Array of findings
+ * @returns {string} - SHIP | WARN | BLOCK
+ */
+function calculateVerdict(findings) {
+  if (findings.some(f => f.severity === "BLOCK")) return "BLOCK";
+  if (findings.some(f => f.severity === "WARN")) return "WARN";
+  return "SHIP";
+}
+
+/**
+ * Build proof graph from findings
+ * @param {Array} findings - Array of findings
+ * @param {object} truthpack - Truthpack data
+ * @param {string} root - Project root path
+ * @returns {object} - Proof graph
+ */
+function buildProofGraph(findings, truthpack, root) {
+  const claims = [];
+  let claimId = 0;
+  
+  for (const finding of findings) {
+    const claim = {
+      id: `claim-${++claimId}`,
+      type: getClaimType(finding.category),
+      assertion: finding.title || finding.message,
+      verified: finding.severity !== 'BLOCK',
+      confidence: finding.confidence === 'high' ? 0.9 : finding.confidence === 'medium' ? 0.7 : 0.5,
+      evidence: (finding.evidence || []).map((e, i) => ({
+        id: `evidence-${claimId}-${i}`,
+        type: 'file_citation',
+        file: e.file,
+        line: parseInt(e.lines?.split('-')[0]) || e.line || 1,
+        snippet: e.snippetHash || '',
+        strength: 0.8,
+        verifiedAt: new Date().toISOString(),
+        method: 'static'
+      })),
+      gaps: [{
+        id: `gap-${claimId}`,
+        type: getGapType(finding.category),
+        description: finding.why || finding.title,
+        severity: finding.severity === 'BLOCK' ? 'critical' : finding.severity === 'WARN' ? 'medium' : 'low',
+        suggestion: (finding.fixHints || [])[0] || ''
+      }],
+      severity: finding.severity === 'BLOCK' ? 'critical' : finding.severity === 'WARN' ? 'medium' : 'low',
+      file: finding.evidence?.[0]?.file || '',
+      line: parseInt(finding.evidence?.[0]?.lines?.split('-')[0]) || 1
+    };
+    claims.push(claim);
+  }
+  
+  const verifiedClaims = claims.filter(c => c.verified);
+  const failedClaims = claims.filter(c => !c.verified);
+  const allGaps = claims.flatMap(c => c.gaps);
+  
+  const riskScore = Math.min(100, failedClaims.reduce((sum, c) => {
+    if (c.severity === 'critical') return sum + 30;
+    if (c.severity === 'high') return sum + 20;
+    if (c.severity === 'medium') return sum + 10;
+    return sum + 5;
+  }, 0));
+  
+  const confidence = claims.length > 0 
+    ? claims.reduce((sum, c) => sum + c.confidence, 0) / claims.length 
+    : 1.0;
+  
+  return {
+    version: '1.0.0',
+    generatedAt: new Date().toISOString(),
+    projectPath: root,
+    claims,
+    summary: {
+      totalClaims: claims.length,
+      verifiedClaims: verifiedClaims.length,
+      failedClaims: failedClaims.length,
+      gaps: allGaps.length,
+      riskScore,
+      confidence
+    },
+    verdict: calculateVerdict(findings),
+    topBlockers: failedClaims.filter(c => c.severity === 'critical' || c.severity === 'high').slice(0, 5),
+    topGaps: allGaps.filter(g => g.severity === 'critical' || g.severity === 'high').slice(0, 5)
+  };
+}
+
+function getClaimType(category) {
+  const map = {
+    'MissingRoute': 'route_exists',
+    'EnvContract': 'env_declared',
+    'FakeSuccess': 'success_verified',
+    'GhostAuth': 'auth_protected',
+    'StripeWebhook': 'billing_enforced',
+    'PaidSurface': 'billing_enforced',
+    'OwnerModeBypass': 'billing_enforced',
+    'DeadUI': 'ui_wired'
+  };
+  return map[category] || 'ui_wired';
+}
+
+function getGapType(category) {
+  const map = {
+    'MissingRoute': 'missing_handler',
+    'EnvContract': 'missing_verification',
+    'FakeSuccess': 'missing_verification',
+    'GhostAuth': 'missing_gate',
+    'StripeWebhook': 'missing_verification',
+    'PaidSurface': 'missing_gate',
+    'OwnerModeBypass': 'missing_gate',
+    'DeadUI': 'missing_handler'
+  };
+  return map[category] || 'untested_path';
+}
+
+// ============================================================================
+// UNIFIED ANALYSIS RUNNER
+// ============================================================================
+
+/**
+ * Run unified analysis (used by both ship and scan)
+ * @param {object} options - Analysis options
+ * @returns {object} - Analysis result with findings, verdict, proofGraph
+ */
+async function runAnalysis({ 
+  repoRoot = process.cwd(), 
+  fastifyEntry = null,
+  extended = false,  // If true, run extended analyzers (scan mode)
+  noWrite = false 
+} = {}) {
+  const root = repoRoot;
+  const fastEntry = fastifyEntry || detectFastifyEntry(root);
+
+  // Build truthpack
+  const truthpack = await buildTruthpack({ repoRoot: root, fastifyEntry: fastEntry });
+  if (!noWrite) {
+    writeTruthpack(root, truthpack);
+  }
+
+  // Run core analyzers
+  const findings = runCoreAnalyzers(root, truthpack);
+
+  // Calculate verdict
+  const verdict = calculateVerdict(findings);
+
+  // Build proof graph
+  const proofGraph = buildProofGraph(findings, truthpack, root);
+
+  // Build report
+  const report = {
+    meta: { 
+      generatedAt: new Date().toISOString(), 
+      verdict,
+      mode: extended ? 'scan' : 'ship'
+    },
+    truthpackHash: truthpack.index?.hashes?.truthpackHash,
+    findings,
+    proofGraph: {
+      summary: proofGraph.summary,
+      topBlockers: proofGraph.topBlockers.slice(0, 5),
+      topGaps: proofGraph.topGaps.slice(0, 5)
+    }
+  };
+
+  // Write outputs
+  if (!noWrite) {
+    const outDir = path.join(root, ".vibecheck");
+    fs.mkdirSync(outDir, { recursive: true });
+    fs.writeFileSync(path.join(outDir, "last_ship.json"), JSON.stringify(report, null, 2));
+    fs.writeFileSync(path.join(outDir, "proof-graph.json"), JSON.stringify(proofGraph, null, 2));
+  }
+
+  return { report, truthpack, verdict, proofGraph, findings };
+}
+
+// ============================================================================
+// FINDING UTILITIES
+// ============================================================================
+
+/**
+ * Group findings by category
+ */
+function groupFindings(findings) {
+  const groups = {};
+  for (const f of findings) {
+    const cat = f.category || 'Other';
+    if (!groups[cat]) groups[cat] = [];
+    groups[cat].push(f);
+  }
+  return groups;
+}
+
+/**
+ * Count findings by severity
+ */
+function countBySeverity(findings) {
+  return {
+    block: findings.filter(f => f.severity === 'BLOCK').length,
+    warn: findings.filter(f => f.severity === 'WARN').length,
+    info: findings.filter(f => f.severity === 'INFO').length
+  };
+}
+
+/**
+ * Get top N blockers
+ */
+function getTopBlockers(findings, n = 5) {
+  return findings
+    .filter(f => f.severity === 'BLOCK')
+    .slice(0, n);
+}
+
+module.exports = {
+  runCoreAnalyzers,
+  calculateVerdict,
+  buildProofGraph,
+  runAnalysis,
+  groupFindings,
+  countBySeverity,
+  getTopBlockers
+};