@vibecheckai/cli 3.1.0 → 3.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (160) hide show
  1. package/bin/.generated +25 -25
  2. package/bin/dev/run-v2-torture.js +30 -30
  3. package/bin/registry.js +105 -105
  4. package/bin/runners/lib/__tests__/entitlements-v2.test.js +295 -295
  5. package/bin/runners/lib/analysis-core.js +271 -271
  6. package/bin/runners/lib/analyzers.js +579 -579
  7. package/bin/runners/lib/auth-truth.js +193 -193
  8. package/bin/runners/lib/backup.js +62 -62
  9. package/bin/runners/lib/billing.js +107 -107
  10. package/bin/runners/lib/claims.js +118 -118
  11. package/bin/runners/lib/cli-output.js +368 -368
  12. package/bin/runners/lib/cli-ui.js +540 -540
  13. package/bin/runners/lib/contracts/auth-contract.js +202 -202
  14. package/bin/runners/lib/contracts/env-contract.js +181 -181
  15. package/bin/runners/lib/contracts/external-contract.js +206 -206
  16. package/bin/runners/lib/contracts/guard.js +168 -168
  17. package/bin/runners/lib/contracts/index.js +89 -89
  18. package/bin/runners/lib/contracts/plan-validator.js +311 -311
  19. package/bin/runners/lib/contracts/route-contract.js +199 -199
  20. package/bin/runners/lib/contracts.js +804 -804
  21. package/bin/runners/lib/detect.js +89 -89
  22. package/bin/runners/lib/detectors-v2.js +703 -703
  23. package/bin/runners/lib/doctor/autofix.js +254 -254
  24. package/bin/runners/lib/doctor/index.js +37 -37
  25. package/bin/runners/lib/doctor/modules/dependencies.js +325 -325
  26. package/bin/runners/lib/doctor/modules/index.js +46 -46
  27. package/bin/runners/lib/doctor/modules/network.js +250 -250
  28. package/bin/runners/lib/doctor/modules/project.js +312 -312
  29. package/bin/runners/lib/doctor/modules/runtime.js +224 -224
  30. package/bin/runners/lib/doctor/modules/security.js +348 -348
  31. package/bin/runners/lib/doctor/modules/system.js +213 -213
  32. package/bin/runners/lib/doctor/modules/vibecheck.js +394 -394
  33. package/bin/runners/lib/doctor/reporter.js +262 -262
  34. package/bin/runners/lib/doctor/service.js +262 -262
  35. package/bin/runners/lib/doctor/types.js +113 -113
  36. package/bin/runners/lib/doctor/ui.js +263 -263
  37. package/bin/runners/lib/doctor-v2.js +608 -608
  38. package/bin/runners/lib/drift.js +425 -425
  39. package/bin/runners/lib/enforcement.js +72 -72
  40. package/bin/runners/lib/enterprise-detect.js +603 -603
  41. package/bin/runners/lib/enterprise-init.js +942 -942
  42. package/bin/runners/lib/entitlements-v2.js +490 -489
  43. package/bin/runners/lib/entitlements.js +6 -3
  44. package/bin/runners/lib/env-resolver.js +417 -417
  45. package/bin/runners/lib/env-template.js +66 -66
  46. package/bin/runners/lib/env.js +189 -189
  47. package/bin/runners/lib/extractors/client-calls.js +990 -990
  48. package/bin/runners/lib/extractors/fastify-route-dump.js +573 -573
  49. package/bin/runners/lib/extractors/fastify-routes.js +426 -426
  50. package/bin/runners/lib/extractors/index.js +363 -363
  51. package/bin/runners/lib/extractors/next-routes.js +524 -524
  52. package/bin/runners/lib/extractors/proof-graph.js +431 -431
  53. package/bin/runners/lib/extractors/route-matcher.js +451 -451
  54. package/bin/runners/lib/extractors/truthpack-v2.js +377 -377
  55. package/bin/runners/lib/extractors/ui-bindings.js +547 -547
  56. package/bin/runners/lib/findings-schema.js +281 -281
  57. package/bin/runners/lib/firewall-prompt.js +50 -50
  58. package/bin/runners/lib/graph/graph-builder.js +265 -265
  59. package/bin/runners/lib/graph/html-renderer.js +413 -413
  60. package/bin/runners/lib/graph/index.js +32 -32
  61. package/bin/runners/lib/graph/runtime-collector.js +215 -215
  62. package/bin/runners/lib/graph/static-extractor.js +518 -518
  63. package/bin/runners/lib/html-report.js +650 -650
  64. package/bin/runners/lib/init-wizard.js +308 -308
  65. package/bin/runners/lib/llm.js +75 -75
  66. package/bin/runners/lib/meter.js +61 -61
  67. package/bin/runners/lib/missions/evidence.js +126 -126
  68. package/bin/runners/lib/missions/plan.js +69 -69
  69. package/bin/runners/lib/missions/templates.js +192 -192
  70. package/bin/runners/lib/patch.js +40 -40
  71. package/bin/runners/lib/permissions/auth-model.js +213 -213
  72. package/bin/runners/lib/permissions/idor-prover.js +205 -205
  73. package/bin/runners/lib/permissions/index.js +45 -45
  74. package/bin/runners/lib/permissions/matrix-builder.js +198 -198
  75. package/bin/runners/lib/pkgjson.js +28 -28
  76. package/bin/runners/lib/policy.js +295 -295
  77. package/bin/runners/lib/preflight.js +142 -142
  78. package/bin/runners/lib/reality/correlation-detectors.js +359 -359
  79. package/bin/runners/lib/reality/index.js +318 -318
  80. package/bin/runners/lib/reality/request-hashing.js +416 -416
  81. package/bin/runners/lib/reality/request-mapper.js +453 -453
  82. package/bin/runners/lib/reality/safety-rails.js +463 -463
  83. package/bin/runners/lib/reality/semantic-snapshot.js +408 -408
  84. package/bin/runners/lib/reality/toast-detector.js +393 -393
  85. package/bin/runners/lib/reality-findings.js +84 -84
  86. package/bin/runners/lib/receipts.js +179 -179
  87. package/bin/runners/lib/redact.js +29 -29
  88. package/bin/runners/lib/replay/capsule-manager.js +154 -154
  89. package/bin/runners/lib/replay/index.js +263 -263
  90. package/bin/runners/lib/replay/player.js +348 -348
  91. package/bin/runners/lib/replay/recorder.js +331 -331
  92. package/bin/runners/lib/report-engine.js +447 -447
  93. package/bin/runners/lib/report-html.js +1499 -1499
  94. package/bin/runners/lib/report-templates.js +969 -969
  95. package/bin/runners/lib/report.js +135 -135
  96. package/bin/runners/lib/route-detection.js +1140 -1140
  97. package/bin/runners/lib/route-truth.js +477 -477
  98. package/bin/runners/lib/sandbox/index.js +59 -59
  99. package/bin/runners/lib/sandbox/proof-chain.js +399 -399
  100. package/bin/runners/lib/sandbox/sandbox-runner.js +205 -205
  101. package/bin/runners/lib/sandbox/worktree.js +174 -174
  102. package/bin/runners/lib/schema-validator.js +350 -350
  103. package/bin/runners/lib/schemas/contracts.schema.json +160 -160
  104. package/bin/runners/lib/schemas/finding.schema.json +100 -100
  105. package/bin/runners/lib/schemas/mission-pack.schema.json +206 -206
  106. package/bin/runners/lib/schemas/proof-graph.schema.json +176 -176
  107. package/bin/runners/lib/schemas/reality-report.schema.json +162 -162
  108. package/bin/runners/lib/schemas/share-pack.schema.json +180 -180
  109. package/bin/runners/lib/schemas/ship-report.schema.json +117 -117
  110. package/bin/runners/lib/schemas/truthpack-v2.schema.json +303 -303
  111. package/bin/runners/lib/schemas/validator.js +438 -438
  112. package/bin/runners/lib/score-history.js +282 -282
  113. package/bin/runners/lib/server-usage.js +12 -0
  114. package/bin/runners/lib/share-pack.js +239 -239
  115. package/bin/runners/lib/snippets.js +67 -67
  116. package/bin/runners/lib/truth.js +667 -667
  117. package/bin/runners/lib/upsell.js +510 -510
  118. package/bin/runners/lib/usage.js +153 -153
  119. package/bin/runners/lib/validate-patch.js +156 -156
  120. package/bin/runners/lib/verdict-engine.js +628 -628
  121. package/bin/runners/reality/engine.js +917 -917
  122. package/bin/runners/reality/flows.js +122 -122
  123. package/bin/runners/reality/report.js +378 -378
  124. package/bin/runners/reality/session.js +193 -193
  125. package/bin/runners/runAuth.js +51 -0
  126. package/bin/runners/runClaimVerifier.js +483 -483
  127. package/bin/runners/runContext.js +56 -56
  128. package/bin/runners/runContextCompiler.js +385 -385
  129. package/bin/runners/runCtx.js +674 -674
  130. package/bin/runners/runCtxDiff.js +301 -301
  131. package/bin/runners/runCtxGuard.js +176 -176
  132. package/bin/runners/runCtxSync.js +116 -116
  133. package/bin/runners/runGate.js +17 -17
  134. package/bin/runners/runGraph.js +454 -454
  135. package/bin/runners/runGuard.js +168 -168
  136. package/bin/runners/runInitGha.js +164 -164
  137. package/bin/runners/runInstall.js +277 -277
  138. package/bin/runners/runInteractive.js +388 -388
  139. package/bin/runners/runLabs.js +340 -340
  140. package/bin/runners/runMissionGenerator.js +282 -282
  141. package/bin/runners/runPR.js +255 -255
  142. package/bin/runners/runPermissions.js +304 -304
  143. package/bin/runners/runPreflight.js +580 -553
  144. package/bin/runners/runProve.js +1252 -1252
  145. package/bin/runners/runReality.js +1328 -1328
  146. package/bin/runners/runReplay.js +499 -499
  147. package/bin/runners/runReport.js +584 -584
  148. package/bin/runners/runShare.js +212 -212
  149. package/bin/runners/runStatus.js +138 -138
  150. package/bin/runners/runTruthpack.js +636 -636
  151. package/bin/runners/runVerify.js +272 -272
  152. package/bin/runners/runWatch.js +407 -407
  153. package/bin/vibecheck.js +2 -1
  154. package/mcp-server/consolidated-tools.js +804 -804
  155. package/mcp-server/package.json +1 -1
  156. package/mcp-server/tools/index.js +72 -72
  157. package/mcp-server/truth-context.js +581 -581
  158. package/mcp-server/truth-firewall-tools.js +1500 -1500
  159. package/package.json +1 -1
  160. package/bin/runners/runProof.zip +0 -0
package/bin/runners/lib/doctor/modules/dependencies.js CHANGED
@@ -1,325 +1,325 @@
1
- /**
2
- * Dependencies Diagnostics Module
3
- *
4
- * Checks for outdated packages, vulnerabilities, and dependency health
5
- */
6
-
7
- const fs = require('fs');
8
- const path = require('path');
9
- const { execSync } = require('child_process');
10
- const { SEVERITY, CATEGORY, FIX_TYPE } = require('../types');
11
-
12
- const MODULE_ID = 'dependencies';
13
-
14
- function createDiagnostics(projectPath) {
15
- return [
16
- {
17
- id: `${MODULE_ID}.outdated`,
18
- name: 'Outdated Packages',
19
- category: CATEGORY.DEPENDENCIES,
20
- parallel: true,
21
- check: async () => {
22
- try {
23
- // Try npm outdated (returns non-zero if outdated packages exist)
24
- const result = execSync('npm outdated --json 2>/dev/null || echo "{}"', {
25
- cwd: projectPath,
26
- encoding: 'utf8',
27
- timeout: 30000,
28
- stdio: ['pipe', 'pipe', 'pipe'],
29
- }).trim();
30
-
31
- const outdated = JSON.parse(result || '{}');
32
- const count = Object.keys(outdated).length;
33
-
34
- const metadata = { count, packages: outdated };
35
-
36
- // Check for major version updates
37
- const majorUpdates = Object.entries(outdated).filter(([_, info]) => {
38
- const current = parseInt((info.current || '0').split('.')[0]);
39
- const latest = parseInt((info.latest || '0').split('.')[0]);
40
- return latest > current;
41
- });
42
-
43
- if (majorUpdates.length > 0) {
44
- return {
45
- severity: SEVERITY.INFO,
46
- message: `${count} outdated (${majorUpdates.length} major)`,
47
- detail: `Major updates: ${majorUpdates.slice(0, 3).map(([n]) => n).join(', ')}${majorUpdates.length > 3 ? '...' : ''}`,
48
- metadata,
49
- fixes: [{
50
- type: FIX_TYPE.COMMAND,
51
- description: 'Update all packages',
52
- command: 'npm update',
53
- autoFixable: false,
54
- }],
55
- };
56
- }
57
-
58
- if (count > 0) {
59
- return {
60
- severity: SEVERITY.INFO,
61
- message: `${count} minor/patch updates available`,
62
- metadata,
63
- };
64
- }
65
-
66
- return {
67
- severity: SEVERITY.PASS,
68
- message: 'All packages up to date',
69
- metadata,
70
- };
71
- } catch {
72
- return {
73
- severity: SEVERITY.INFO,
74
- message: 'Could not check for outdated packages',
75
- };
76
- }
77
- },
78
- },
79
- {
80
- id: `${MODULE_ID}.audit`,
81
- name: 'Security Vulnerabilities',
82
- category: CATEGORY.DEPENDENCIES,
83
- parallel: true,
84
- check: async () => {
85
- try {
86
- const result = execSync('npm audit --json 2>/dev/null || echo "{}"', {
87
- cwd: projectPath,
88
- encoding: 'utf8',
89
- timeout: 60000,
90
- stdio: ['pipe', 'pipe', 'pipe'],
91
- }).trim();
92
-
93
- let audit;
94
- try {
95
- audit = JSON.parse(result || '{}');
96
- } catch {
97
- return {
98
- severity: SEVERITY.INFO,
99
- message: 'Could not parse audit results',
100
- };
101
- }
102
-
103
- const vulnerabilities = audit.metadata?.vulnerabilities || {};
104
- const total = vulnerabilities.total || 0;
105
- const critical = vulnerabilities.critical || 0;
106
- const high = vulnerabilities.high || 0;
107
- const moderate = vulnerabilities.moderate || 0;
108
- const low = vulnerabilities.low || 0;
109
-
110
- const metadata = { total, critical, high, moderate, low };
111
-
112
- if (critical > 0) {
113
- return {
114
- severity: SEVERITY.ERROR,
115
- message: `${critical} critical vulnerabilities`,
116
- detail: `Total: ${total} (${high} high, ${moderate} moderate, ${low} low)`,
117
- metadata,
118
- fixes: [
119
- {
120
- type: FIX_TYPE.COMMAND,
121
- description: 'Auto-fix vulnerabilities',
122
- command: 'npm audit fix',
123
- autoFixable: true,
124
- },
125
- {
126
- type: FIX_TYPE.COMMAND,
127
- description: 'Force fix (may have breaking changes)',
128
- command: 'npm audit fix --force',
129
- dangerous: true,
130
- autoFixable: false,
131
- },
132
- ],
133
- };
134
- }
135
-
136
- if (high > 0) {
137
- return {
138
- severity: SEVERITY.WARNING,
139
- message: `${high} high severity vulnerabilities`,
140
- detail: `Total: ${total} (${moderate} moderate, ${low} low)`,
141
- metadata,
142
- fixes: [{
143
- type: FIX_TYPE.COMMAND,
144
- description: 'Auto-fix vulnerabilities',
145
- command: 'npm audit fix',
146
- autoFixable: true,
147
- }],
148
- };
149
- }
150
-
151
- if (total > 0) {
152
- return {
153
- severity: SEVERITY.INFO,
154
- message: `${total} low/moderate vulnerabilities`,
155
- metadata,
156
- };
157
- }
158
-
159
- return {
160
- severity: SEVERITY.PASS,
161
- message: 'No known vulnerabilities',
162
- metadata,
163
- };
164
- } catch {
165
- return {
166
- severity: SEVERITY.INFO,
167
- message: 'Could not run security audit',
168
- };
169
- }
170
- },
171
- },
172
- {
173
- id: `${MODULE_ID}.peer_deps`,
174
- name: 'Peer Dependencies',
175
- category: CATEGORY.DEPENDENCIES,
176
- parallel: true,
177
- check: async () => {
178
- try {
179
- const result = execSync('npm ls --json 2>&1 || true', {
180
- cwd: projectPath,
181
- encoding: 'utf8',
182
- timeout: 30000,
183
- stdio: ['pipe', 'pipe', 'pipe'],
184
- });
185
-
186
- // Look for peer dependency warnings
187
- const peerWarnings = (result.match(/WARN.*peer/gi) || []).length;
188
- const missingPeers = (result.match(/missing peer/gi) || []).length;
189
-
190
- const metadata = { peerWarnings, missingPeers };
191
-
192
- if (missingPeers > 0) {
193
- return {
194
- severity: SEVERITY.WARNING,
195
- message: `${missingPeers} missing peer dependencies`,
196
- metadata,
197
- fixes: [{
198
- type: FIX_TYPE.COMMAND,
199
- description: 'Install peer dependencies',
200
- command: 'npm install --legacy-peer-deps',
201
- autoFixable: false,
202
- }],
203
- };
204
- }
205
-
206
- return {
207
- severity: SEVERITY.PASS,
208
- message: 'Peer dependencies satisfied',
209
- metadata,
210
- };
211
- } catch {
212
- return {
213
- severity: SEVERITY.INFO,
214
- message: 'Could not check peer dependencies',
215
- };
216
- }
217
- },
218
- },
219
- {
220
- id: `${MODULE_ID}.duplicate`,
221
- name: 'Duplicate Packages',
222
- category: CATEGORY.DEPENDENCIES,
223
- parallel: true,
224
- check: async () => {
225
- try {
226
- const result = execSync('npm dedupe --dry-run 2>&1 || true', {
227
- cwd: projectPath,
228
- encoding: 'utf8',
229
- timeout: 30000,
230
- stdio: ['pipe', 'pipe', 'pipe'],
231
- });
232
-
233
- const wouldDedupe = result.includes('removed') || result.includes('dedupe');
234
-
235
- if (wouldDedupe) {
236
- return {
237
- severity: SEVERITY.INFO,
238
- message: 'Deduplication possible',
239
- fixes: [{
240
- type: FIX_TYPE.COMMAND,
241
- description: 'Deduplicate packages',
242
- command: 'npm dedupe',
243
- autoFixable: true,
244
- }],
245
- };
246
- }
247
-
248
- return {
249
- severity: SEVERITY.PASS,
250
- message: 'No duplicates found',
251
- };
252
- } catch {
253
- return {
254
- severity: SEVERITY.INFO,
255
- message: 'Could not check for duplicates',
256
- };
257
- }
258
- },
259
- },
260
- {
261
- id: `${MODULE_ID}.engines`,
262
- name: 'Engine Requirements',
263
- category: CATEGORY.DEPENDENCIES,
264
- parallel: true,
265
- check: async () => {
266
- const pkgPath = path.join(projectPath, 'package.json');
267
-
268
- try {
269
- const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
270
-
271
- if (!pkg.engines) {
272
- return {
273
- severity: SEVERITY.INFO,
274
- message: 'No engine requirements specified',
275
- fixes: [{
276
- type: FIX_TYPE.MANUAL,
277
- description: 'Add "engines" field to package.json to enforce Node version',
278
- autoFixable: false,
279
- }],
280
- };
281
- }
282
-
283
- const nodeReq = pkg.engines.node;
284
- const npmReq = pkg.engines.npm;
285
-
286
- const metadata = { nodeReq, npmReq };
287
-
288
- // Basic semver check against current version
289
- if (nodeReq) {
290
- const currentMajor = parseInt(process.version.slice(1).split('.')[0]);
291
- const minMatch = nodeReq.match(/>=?\s*(\d+)/);
292
- const minRequired = minMatch ? parseInt(minMatch[1]) : 0;
293
-
294
- if (currentMajor < minRequired) {
295
- return {
296
- severity: SEVERITY.ERROR,
297
- message: `Node ${process.version} does not satisfy "${nodeReq}"`,
298
- metadata,
299
- fixes: [{
300
- type: FIX_TYPE.COMMAND,
301
- description: `Upgrade to Node ${minRequired}+`,
302
- command: `nvm install ${minRequired}`,
303
- autoFixable: false,
304
- }],
305
- };
306
- }
307
- }
308
-
309
- return {
310
- severity: SEVERITY.PASS,
311
- message: nodeReq ? `node: ${nodeReq}` : 'Specified',
312
- metadata,
313
- };
314
- } catch {
315
- return {
316
- severity: SEVERITY.INFO,
317
- message: 'Could not check engine requirements',
318
- };
319
- }
320
- },
321
- },
322
- ];
323
- }
324
-
325
- module.exports = { MODULE_ID, createDiagnostics };
1
+ /**
2
+ * Dependencies Diagnostics Module
3
+ *
4
+ * Checks for outdated packages, vulnerabilities, and dependency health
5
+ */
6
+
7
+ const fs = require('fs');
8
+ const path = require('path');
9
+ const { execSync } = require('child_process');
10
+ const { SEVERITY, CATEGORY, FIX_TYPE } = require('../types');
11
+
12
+ const MODULE_ID = 'dependencies';
13
+
14
+ function createDiagnostics(projectPath) {
15
+ return [
16
+ {
17
+ id: `${MODULE_ID}.outdated`,
18
+ name: 'Outdated Packages',
19
+ category: CATEGORY.DEPENDENCIES,
20
+ parallel: true,
21
+ check: async () => {
22
+ try {
23
+ // Try npm outdated (returns non-zero if outdated packages exist)
24
+ const result = execSync('npm outdated --json 2>/dev/null || echo "{}"', {
25
+ cwd: projectPath,
26
+ encoding: 'utf8',
27
+ timeout: 30000,
28
+ stdio: ['pipe', 'pipe', 'pipe'],
29
+ }).trim();
30
+
31
+ const outdated = JSON.parse(result || '{}');
32
+ const count = Object.keys(outdated).length;
33
+
34
+ const metadata = { count, packages: outdated };
35
+
36
+ // Check for major version updates
37
+ const majorUpdates = Object.entries(outdated).filter(([_, info]) => {
38
+ const current = parseInt((info.current || '0').split('.')[0]);
39
+ const latest = parseInt((info.latest || '0').split('.')[0]);
40
+ return latest > current;
41
+ });
42
+
43
+ if (majorUpdates.length > 0) {
44
+ return {
45
+ severity: SEVERITY.INFO,
46
+ message: `${count} outdated (${majorUpdates.length} major)`,
47
+ detail: `Major updates: ${majorUpdates.slice(0, 3).map(([n]) => n).join(', ')}${majorUpdates.length > 3 ? '...' : ''}`,
48
+ metadata,
49
+ fixes: [{
50
+ type: FIX_TYPE.COMMAND,
51
+ description: 'Update all packages',
52
+ command: 'npm update',
53
+ autoFixable: false,
54
+ }],
55
+ };
56
+ }
57
+
58
+ if (count > 0) {
59
+ return {
60
+ severity: SEVERITY.INFO,
61
+ message: `${count} minor/patch updates available`,
62
+ metadata,
63
+ };
64
+ }
65
+
66
+ return {
67
+ severity: SEVERITY.PASS,
68
+ message: 'All packages up to date',
69
+ metadata,
70
+ };
71
+ } catch {
72
+ return {
73
+ severity: SEVERITY.INFO,
74
+ message: 'Could not check for outdated packages',
75
+ };
76
+ }
77
+ },
78
+ },
79
+ {
80
+ id: `${MODULE_ID}.audit`,
81
+ name: 'Security Vulnerabilities',
82
+ category: CATEGORY.DEPENDENCIES,
83
+ parallel: true,
84
+ check: async () => {
85
+ try {
86
+ const result = execSync('npm audit --json 2>/dev/null || echo "{}"', {
87
+ cwd: projectPath,
88
+ encoding: 'utf8',
89
+ timeout: 60000,
90
+ stdio: ['pipe', 'pipe', 'pipe'],
91
+ }).trim();
92
+
93
+ let audit;
94
+ try {
95
+ audit = JSON.parse(result || '{}');
96
+ } catch {
97
+ return {
98
+ severity: SEVERITY.INFO,
99
+ message: 'Could not parse audit results',
100
+ };
101
+ }
102
+
103
+ const vulnerabilities = audit.metadata?.vulnerabilities || {};
104
+ const total = vulnerabilities.total || 0;
105
+ const critical = vulnerabilities.critical || 0;
106
+ const high = vulnerabilities.high || 0;
107
+ const moderate = vulnerabilities.moderate || 0;
108
+ const low = vulnerabilities.low || 0;
109
+
110
+ const metadata = { total, critical, high, moderate, low };
111
+
112
+ if (critical > 0) {
113
+ return {
114
+ severity: SEVERITY.ERROR,
115
+ message: `${critical} critical vulnerabilities`,
116
+ detail: `Total: ${total} (${high} high, ${moderate} moderate, ${low} low)`,
117
+ metadata,
118
+ fixes: [
119
+ {
120
+ type: FIX_TYPE.COMMAND,
121
+ description: 'Auto-fix vulnerabilities',
122
+ command: 'npm audit fix',
123
+ autoFixable: true,
124
+ },
125
+ {
126
+ type: FIX_TYPE.COMMAND,
127
+ description: 'Force fix (may have breaking changes)',
128
+ command: 'npm audit fix --force',
129
+ dangerous: true,
130
+ autoFixable: false,
131
+ },
132
+ ],
133
+ };
134
+ }
135
+
136
+ if (high > 0) {
137
+ return {
138
+ severity: SEVERITY.WARNING,
139
+ message: `${high} high severity vulnerabilities`,
140
+ detail: `Total: ${total} (${moderate} moderate, ${low} low)`,
141
+ metadata,
142
+ fixes: [{
143
+ type: FIX_TYPE.COMMAND,
144
+ description: 'Auto-fix vulnerabilities',
145
+ command: 'npm audit fix',
146
+ autoFixable: true,
147
+ }],
148
+ };
149
+ }
150
+
151
+ if (total > 0) {
152
+ return {
153
+ severity: SEVERITY.INFO,
154
+ message: `${total} low/moderate vulnerabilities`,
155
+ metadata,
156
+ };
157
+ }
158
+
159
+ return {
160
+ severity: SEVERITY.PASS,
161
+ message: 'No known vulnerabilities',
162
+ metadata,
163
+ };
164
+ } catch {
165
+ return {
166
+ severity: SEVERITY.INFO,
167
+ message: 'Could not run security audit',
168
+ };
169
+ }
170
+ },
171
+ },
172
+ {
173
+ id: `${MODULE_ID}.peer_deps`,
174
+ name: 'Peer Dependencies',
175
+ category: CATEGORY.DEPENDENCIES,
176
+ parallel: true,
177
+ check: async () => {
178
+ try {
179
+ const result = execSync('npm ls --json 2>&1 || true', {
180
+ cwd: projectPath,
181
+ encoding: 'utf8',
182
+ timeout: 30000,
183
+ stdio: ['pipe', 'pipe', 'pipe'],
184
+ });
185
+
186
+ // Look for peer dependency warnings
187
+ const peerWarnings = (result.match(/WARN.*peer/gi) || []).length;
188
+ const missingPeers = (result.match(/missing peer/gi) || []).length;
189
+
190
+ const metadata = { peerWarnings, missingPeers };
191
+
192
+ if (missingPeers > 0) {
193
+ return {
194
+ severity: SEVERITY.WARNING,
195
+ message: `${missingPeers} missing peer dependencies`,
196
+ metadata,
197
+ fixes: [{
198
+ type: FIX_TYPE.COMMAND,
199
+ description: 'Install peer dependencies',
200
+ command: 'npm install --legacy-peer-deps',
201
+ autoFixable: false,
202
+ }],
203
+ };
204
+ }
205
+
206
+ return {
207
+ severity: SEVERITY.PASS,
208
+ message: 'Peer dependencies satisfied',
209
+ metadata,
210
+ };
211
+ } catch {
212
+ return {
213
+ severity: SEVERITY.INFO,
214
+ message: 'Could not check peer dependencies',
215
+ };
216
+ }
217
+ },
218
+ },
219
+ {
220
+ id: `${MODULE_ID}.duplicate`,
221
+ name: 'Duplicate Packages',
222
+ category: CATEGORY.DEPENDENCIES,
223
+ parallel: true,
224
+ check: async () => {
225
+ try {
226
+ const result = execSync('npm dedupe --dry-run 2>&1 || true', {
227
+ cwd: projectPath,
228
+ encoding: 'utf8',
229
+ timeout: 30000,
230
+ stdio: ['pipe', 'pipe', 'pipe'],
231
+ });
232
+
233
+ const wouldDedupe = result.includes('removed') || result.includes('dedupe');
234
+
235
+ if (wouldDedupe) {
236
+ return {
237
+ severity: SEVERITY.INFO,
238
+ message: 'Deduplication possible',
239
+ fixes: [{
240
+ type: FIX_TYPE.COMMAND,
241
+ description: 'Deduplicate packages',
242
+ command: 'npm dedupe',
243
+ autoFixable: true,
244
+ }],
245
+ };
246
+ }
247
+
248
+ return {
249
+ severity: SEVERITY.PASS,
250
+ message: 'No duplicates found',
251
+ };
252
+ } catch {
253
+ return {
254
+ severity: SEVERITY.INFO,
255
+ message: 'Could not check for duplicates',
256
+ };
257
+ }
258
+ },
259
+ },
260
+ {
261
+ id: `${MODULE_ID}.engines`,
262
+ name: 'Engine Requirements',
263
+ category: CATEGORY.DEPENDENCIES,
264
+ parallel: true,
265
+ check: async () => {
266
+ const pkgPath = path.join(projectPath, 'package.json');
267
+
268
+ try {
269
+ const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
270
+
271
+ if (!pkg.engines) {
272
+ return {
273
+ severity: SEVERITY.INFO,
274
+ message: 'No engine requirements specified',
275
+ fixes: [{
276
+ type: FIX_TYPE.MANUAL,
277
+ description: 'Add "engines" field to package.json to enforce Node version',
278
+ autoFixable: false,
279
+ }],
280
+ };
281
+ }
282
+
283
+ const nodeReq = pkg.engines.node;
284
+ const npmReq = pkg.engines.npm;
285
+
286
+ const metadata = { nodeReq, npmReq };
287
+
288
+ // Basic semver check against current version
289
+ if (nodeReq) {
290
+ const currentMajor = parseInt(process.version.slice(1).split('.')[0]);
291
+ const minMatch = nodeReq.match(/>=?\s*(\d+)/);
292
+ const minRequired = minMatch ? parseInt(minMatch[1]) : 0;
293
+
294
+ if (currentMajor < minRequired) {
295
+ return {
296
+ severity: SEVERITY.ERROR,
297
+ message: `Node ${process.version} does not satisfy "${nodeReq}"`,
298
+ metadata,
299
+ fixes: [{
300
+ type: FIX_TYPE.COMMAND,
301
+ description: `Upgrade to Node ${minRequired}+`,
302
+ command: `nvm install ${minRequired}`,
303
+ autoFixable: false,
304
+ }],
305
+ };
306
+ }
307
+ }
308
+
309
+ return {
310
+ severity: SEVERITY.PASS,
311
+ message: nodeReq ? `node: ${nodeReq}` : 'Specified',
312
+ metadata,
313
+ };
314
+ } catch {
315
+ return {
316
+ severity: SEVERITY.INFO,
317
+ message: 'Could not check engine requirements',
318
+ };
319
+ }
320
+ },
321
+ },
322
+ ];
323
+ }
324
+
325
+ module.exports = { MODULE_ID, createDiagnostics };