@vibecheckai/cli 3.1.2 → 3.1.4

package/bin/runners/runClaimVerifier.js

@@ -1,483 +0,0 @@
-#!/usr/bin/env node
-/**
- * Claim Verifier v1
- * 
- * Validates claims against the Truth Pack.
- * Returns: true | false | unknown
- * 
- * CRITICAL: If 'unknown', the agent MUST NOT proceed with actions that depend on this claim.
- * 
- * Usage:
- *   validateClaim({ type: 'route_exists', subject: { method: 'POST', path: '/api/login' } })
- */
-
-import fs from 'fs/promises';
-import path from 'path';
-import crypto from 'crypto';
-import { RouteIndex, validateRouteExists as validateRouteFromIndex } from './lib/route-truth.js';
-
-/**
- * Load the truth pack from disk
- */
-async function loadTruthpack(projectPath) {
-  const truthpackPath = path.join(projectPath, '.vibecheck', 'truth', 'truthpack.json');
-  try {
-    const content = await fs.readFile(truthpackPath, 'utf8');
-    return JSON.parse(content);
-  } catch (err) {
-    return null;
-  }
-}
-
-/**
- * Validate a claim against the truth pack
- * 
- * @param {Object} claim - The claim to validate
- * @param {string} claim.type - Type of claim (route_exists, env_var_exists, auth_enforced, etc.)
- * @param {Object} claim.subject - What the claim is about
- * @param {boolean} claim.expected - Expected result (default: true)
- * @param {Object} claim.context - Optional context (task, scopeFiles)
- * @param {string} projectPath - Project root path
- * @returns {Object} Claim result with evidence
- */
-export async function validateClaim(claim, projectPath = process.cwd()) {
-  const claimId = generateClaimId(claim);
-  const truthpack = await loadTruthpack(projectPath);
-  
-  if (!truthpack) {
-    return {
-      id: claimId,
-      result: 'unknown',
-      confidence: 'low',
-      evidence: [],
-      assumptions: [],
-      gaps: [{ title: 'No truth pack found', severity: 'block', confidence: 'high' }],
-      nextSteps: ['Run `vibecheck ctx` to generate truth pack'],
-    };
-  }
-  
-  let result;
-  
-  switch (claim.type) {
-    case 'route_exists':
-      result = await verifyRouteExists(claim, truthpack, projectPath);
-      break;
-      
-    case 'env_var_exists':
-      result = verifyEnvVarExists(claim, truthpack);
-      break;
-      
-    case 'env_var_used':
-      result = verifyEnvVarUsed(claim, truthpack);
-      break;
-      
-    case 'auth_enforced':
-    case 'auth_enforced_on_surface':
-      result = verifyAuthEnforced(claim, truthpack);
-      break;
-      
-    case 'route_guarded':
-      result = verifyRouteGuarded(claim, truthpack);
-      break;
-      
-    case 'file_exists':
-      result = await verifyFileExists(claim, projectPath);
-      break;
-      
-    case 'integration_exists':
-      result = verifyIntegrationExists(claim, truthpack);
-      break;
-      
-    default:
-      result = {
-        result: 'unknown',
-        confidence: 'low',
-        evidence: [],
-        assumptions: [],
-        gaps: [],
-        nextSteps: [`Claim type "${claim.type}" not yet implemented`],
-      };
-  }
-  
-  // Add warning for unknown results
-  if (result.result === 'unknown') {
-    result.warning = '⚠️ UNKNOWN claims BLOCK dependent actions. Verify before proceeding.';
-    if (!result.nextSteps) result.nextSteps = [];
-    result.nextSteps.push(
-      'Use vibecheck.search_evidence to find related code',
-      'Check if the feature is implemented yet'
-    );
-  }
-  
-  return {
-    id: claimId,
-    ...result,
-    timestamp: new Date().toISOString(),
-  };
-}
-
-/**
- * Verify route_exists claim using Route Truth v1
- */
-async function verifyRouteExists(claim, truthpack, projectPath) {
-  const { method, path: routePath } = claim.subject;
-  
-  // Use Route Truth for live verification (more accurate than cached truthpack)
-  if (projectPath) {
-    try {
-      const result = await validateRouteFromIndex({ method, path: routePath }, projectPath);
-      return {
-        result: result.result,
-        confidence: result.confidence,
-        evidence: result.evidence || [],
-        assumptions: [],
-        gaps: result.gaps || [],
-        nextSteps: result.nextSteps || [],
-        matchedRoute: result.matchedRoute,
-        closestRoutes: result.closestRoutes,
-      };
-    } catch {
-      // Fall back to truthpack if Route Truth fails
-    }
-  }
-  
-  // Fallback: use cached truthpack
-  const routes = truthpack?.routes?.server || [];
-  
-  // Find matching route
-  const match = routes.find(r => {
-    const methodMatch = !method || r.method === '*' || r.method.toUpperCase() === method.toUpperCase();
-    const pathMatch = r.path === routePath || pathMatches(r.path, routePath);
-    return methodMatch && pathMatch;
-  });
-  
-  if (match) {
-    return {
-      result: 'true',
-      confidence: match.confidence,
-      evidence: match.evidence || [],
-      assumptions: [],
-      gaps: [],
-      nextSteps: [],
-    };
-  }
-  
-  // Check if it's referenced but not defined (gap)
-  const clientRef = truthpack?.routes?.clientRefs?.find(r => r.path === routePath);
-  if (clientRef) {
-    return {
-      result: 'false',
-      confidence: 'high',
-      evidence: clientRef.evidence || [],
-      assumptions: [],
-      gaps: [{
-        title: `Route ${routePath} referenced in UI but not found on server`,
-        severity: 'block',
-        confidence: 'high',
-        suggestion: 'Create the server route or fix the client reference',
-      }],
-      nextSteps: ['Check server route definitions', 'Verify the intended endpoint path'],
-    };
-  }
-  
-  return {
-    result: 'false',
-    confidence: 'high',
-    evidence: [],
-    assumptions: [],
-    gaps: [],
-    nextSteps: [`Route ${method || 'ANY'} ${routePath} not found in truth pack`],
-  };
-}
-
-/**
- * Verify env_var_exists claim
- */
-function verifyEnvVarExists(claim, truthpack) {
-  const { name } = claim.subject;
-  const vars = truthpack.env?.vars || [];
-  
-  const match = vars.find(v => v.name === name);
-  
-  if (match) {
-    return {
-      result: 'true',
-      confidence: 'high',
-      evidence: match.references || [],
-      assumptions: [],
-      gaps: [],
-      nextSteps: [],
-    };
-  }
-  
-  return {
-    result: 'unknown',
-    confidence: 'low',
-    evidence: [],
-    assumptions: [],
-    gaps: [],
-    nextSteps: [`Check .env.example for ${name}`, `Search for process.env.${name} in code`],
-  };
-}
-
-/**
- * Verify env_var_used claim
- */
-function verifyEnvVarUsed(claim, truthpack) {
-  const { name } = claim.subject;
-  const vars = truthpack.env?.vars || [];
-  
-  const match = vars.find(v => v.name === name);
-  
-  if (match && match.references && match.references.length > 0) {
-    return {
-      result: 'true',
-      confidence: 'high',
-      evidence: match.references,
-      assumptions: [],
-      gaps: [],
-      nextSteps: [],
-    };
-  }
-  
-  if (match) {
-    return {
-      result: 'false',
-      confidence: 'med',
-      evidence: [],
-      assumptions: [],
-      gaps: [{
-        title: `${name} declared but not used in code`,
-        severity: 'warn',
-        confidence: 'med',
-      }],
-      nextSteps: [],
-    };
-  }
-  
-  return {
-    result: 'false',
-    confidence: 'high',
-    evidence: [],
-    assumptions: [],
-    gaps: [],
-    nextSteps: [],
-  };
-}
-
-/**
- * Verify auth_enforced claim
- */
-function verifyAuthEnforced(claim, truthpack) {
-  const { path: surfacePath, surface } = claim.subject;
-  const targetPath = surfacePath || surface;
-  
-  const protectedSurfaces = truthpack.auth?.protectedSurfaces || [];
-  const match = protectedSurfaces.find(s => 
-    s.surface === targetPath || pathMatches(s.surface, targetPath)
-  );
-  
-  if (match) {
-    return {
-      result: 'true',
-      confidence: 'high',
-      evidence: match.evidence || [],
-      assumptions: [],
-      gaps: [],
-      nextSteps: [],
-    };
-  }
-  
-  // Check if route exists but isn't protected
-  const routes = truthpack.routes?.server || [];
-  const routeMatch = routes.find(r => r.path === targetPath);
-  
-  if (routeMatch) {
-    if (routeMatch.authRequired === 'yes') {
-      return {
-        result: 'true',
-        confidence: 'med',
-        evidence: routeMatch.evidence || [],
-        assumptions: [{ description: 'Auth detected via pattern matching, not explicit middleware check' }],
-        gaps: [],
-        nextSteps: ['Verify middleware is correctly applied'],
-      };
-    } else if (routeMatch.authRequired === 'no') {
-      return {
-        result: 'false',
-        confidence: 'high',
-        evidence: routeMatch.evidence || [],
-        assumptions: [],
-        gaps: [],
-        nextSteps: [],
-      };
-    }
-  }
-  
-  return {
-    result: 'unknown',
-    confidence: 'low',
-    evidence: [],
-    assumptions: [],
-    gaps: [],
-    nextSteps: ['Check middleware configuration', 'Look for auth guards on this route'],
-  };
-}
-
-/**
- * Verify route_guarded claim
- */
-function verifyRouteGuarded(claim, truthpack) {
-  const { path: routePath } = claim.subject;
-  const routes = truthpack.routes?.server || [];
-  
-  const match = routes.find(r => r.path === routePath);
-  
-  if (match && match.middlewares && match.middlewares.length > 0) {
-    return {
-      result: 'true',
-      confidence: 'high',
-      evidence: match.evidence || [],
-      assumptions: [],
-      gaps: [],
-      nextSteps: [],
-    };
-  }
-  
-  if (match) {
-    return {
-      result: 'false',
-      confidence: 'med',
-      evidence: match.evidence || [],
-      assumptions: [],
-      gaps: [{
-        title: `Route ${routePath} has no detected middleware`,
-        severity: 'warn',
-        confidence: 'med',
-      }],
-      nextSteps: [],
-    };
-  }
-  
-  return {
-    result: 'unknown',
-    confidence: 'low',
-    evidence: [],
-    assumptions: [],
-    gaps: [],
-    nextSteps: [`Route ${routePath} not found in truth pack`],
-  };
-}
-
-/**
- * Verify file_exists claim
- */
-async function verifyFileExists(claim, projectPath) {
-  const { path: filePath, name } = claim.subject;
-  const targetPath = path.join(projectPath, filePath || name);
-  
-  try {
-    await fs.access(targetPath);
-    return {
-      result: 'true',
-      confidence: 'high',
-      evidence: [{ id: 'file_check', file: filePath || name, lines: '1', snippetHash: '', reason: 'File exists' }],
-      assumptions: [],
-      gaps: [],
-      nextSteps: [],
-    };
-  } catch {
-    return {
-      result: 'false',
-      confidence: 'high',
-      evidence: [],
-      assumptions: [],
-      gaps: [],
-      nextSteps: [],
-    };
-  }
-}
-
-/**
- * Verify integration_exists claim
- */
-function verifyIntegrationExists(claim, truthpack) {
-  const { name } = claim.subject;
-  const services = truthpack.integrations?.services || [];
-  
-  const match = services.find(s => s.name.toLowerCase() === name.toLowerCase());
-  
-  if (match) {
-    return {
-      result: 'true',
-      confidence: 'high',
-      evidence: match.evidence || [],
-      assumptions: [],
-      gaps: [],
-      nextSteps: [],
-    };
-  }
-  
-  return {
-    result: 'false',
-    confidence: 'med',
-    evidence: [],
-    assumptions: [],
-    gaps: [],
-    nextSteps: [`Search for ${name} imports or SDK usage`],
-  };
-}
-
-// =============================================================================
-// HELPERS
-// =============================================================================
-
-function generateClaimId(claim) {
-  const payload = JSON.stringify({ type: claim.type, subject: claim.subject });
-  return `clm_${crypto.createHash('sha256').update(payload).digest('hex').slice(0, 8)}`;
-}
-
-function pathMatches(pattern, path) {
-  // Handle Express-style path params (:id, :userId, etc.)
-  const patternParts = pattern.split('/');
-  const pathParts = path.split('/');
-  
-  if (patternParts.length !== pathParts.length) return false;
-  
-  return patternParts.every((part, i) => {
-    if (part.startsWith(':')) return true; // Param placeholder
-    if (part === '*') return true; // Wildcard
-    return part === pathParts[i];
-  });
-}
-
-/**
- * Batch validate multiple claims
- */
-export async function validateClaims(claims, projectPath = process.cwd()) {
-  const results = [];
-  
-  for (const claim of claims) {
-    const result = await validateClaim(claim, projectPath);
-    results.push(result);
-  }
-  
-  // Check if any claims are unknown - blocks dependent actions
-  const hasUnknown = results.some(r => r.result === 'unknown');
-  const hasFalse = results.some(r => r.result === 'false');
-  
-  return {
-    claims: results,
-    allVerified: !hasUnknown && !hasFalse,
-    hasUnknown,
-    hasFalse,
-    canProceed: !hasUnknown,
-    message: hasUnknown 
-      ? '⚠️ Cannot proceed: some claims are unknown. Verify or provide more evidence.'
-      : hasFalse
-        ? '❌ Some claims are false. Review and correct before proceeding.'
-        : '✅ All claims verified.',
-  };
-}
-
-export default { validateClaim, validateClaims };