@vibecheckai/cli 3.1.2 → 3.1.4

package/bin/runners/runTruthpack.js

@@ -1,636 +0,0 @@
-#!/usr/bin/env node
-/**
- * Truth Pack Generator v1
- * 
- * Generates .vibecheck/truth/truthpack.json from codebase analysis.
- * This is the ground truth that agents must reference.
- * 
- * Usage:
- *   vibecheck ctx              - Generate truthpack.json
- *   vibecheck ctx --snapshot   - Write to snapshots/<commit>.json
- *   vibecheck ctx --md         - Also generate truthpack.md
- */
-
-"use strict";
-
-const fs = require('fs/promises');
-const path = require('path');
-const crypto = require('crypto');
-const { execSync } = require('child_process');
-const { RouteIndex, resolveNextRoutes, resolveFastifyRoutes } = require('./lib/route-truth.js');
-
-const VERSION = '1.0.0';
-
-// Evidence counter for unique IDs
-let evidenceCounter = 0;
-
-/**
- * Main entry point
- */
-async function runTruthpack(projectPath = process.cwd(), options = {}) {
-  const startTime = Date.now();
-  console.log('📦 Generating Truth Pack...\n');
-  
-  // Ensure .vibecheck/truth directory exists
-  const truthDir = path.join(projectPath, '.vibecheck', 'truth');
-  await fs.mkdir(truthDir, { recursive: true });
-  
-  // Reset evidence counter
-  evidenceCounter = 0;
-  const allEvidence = [];
-  
-  // Build truth pack
-  const truthpack = {
-    meta: await buildMeta(projectPath),
-    project: await extractProject(projectPath),
-    routes: await extractRoutes(projectPath, allEvidence),
-    env: await extractEnv(projectPath, allEvidence),
-    auth: await extractAuth(projectPath, allEvidence),
-    billing: await extractBilling(projectPath, allEvidence),
-    integrations: await extractIntegrations(projectPath, allEvidence),
-    index: {
-      evidenceRefs: allEvidence,
-      hashes: {
-        truthpackHash: '', // Will be computed after serialization
-      },
-    },
-  };
-  
-  // Compute truthpack hash
-  const truthpackJson = JSON.stringify(truthpack, null, 2);
-  truthpack.index.hashes.truthpackHash = crypto.createHash('sha256').update(truthpackJson).digest('hex');
-  
-  // Write truthpack.json
-  const truthpackPath = path.join(truthDir, 'truthpack.json');
-  await fs.writeFile(truthpackPath, JSON.stringify(truthpack, null, 2));
-  console.log(`✅ Wrote ${truthpackPath}`);
-  
-  // Write evidence.index.json
-  const evidenceIndex = {
-    meta: {
-      commit: truthpack.meta.commit.sha,
-      generatedAt: truthpack.meta.generatedAt,
-    },
-    evidence: allEvidence,
-  };
-  const evidencePath = path.join(truthDir, 'evidence.index.json');
-  await fs.writeFile(evidencePath, JSON.stringify(evidenceIndex, null, 2));
-  console.log(`✅ Wrote ${evidencePath}`);
-  
-  // Optionally write snapshot
-  if (options.snapshot) {
-    const snapshotsDir = path.join(truthDir, 'snapshots');
-    await fs.mkdir(snapshotsDir, { recursive: true });
-    const snapshotPath = path.join(snapshotsDir, `truthpack.${truthpack.meta.commit.sha.slice(0, 8)}.json`);
-    await fs.writeFile(snapshotPath, JSON.stringify(truthpack, null, 2));
-    console.log(`✅ Wrote snapshot: ${snapshotPath}`);
-  }
-  
-  // Optionally generate markdown
-  if (options.md !== false) {
-    const mdPath = path.join(truthDir, 'truthpack.md');
-    await fs.writeFile(mdPath, generateMarkdown(truthpack));
-    console.log(`✅ Wrote ${mdPath}`);
-  }
-  
-  const duration = Date.now() - startTime;
-  console.log(`\n📦 Truth Pack complete in ${duration}ms`);
-  console.log(`   Routes: ${truthpack.routes.server.length} server, ${truthpack.routes.clientRefs.length} client refs`);
-  console.log(`   Env vars: ${truthpack.env.vars.length}`);
-  console.log(`   Evidence: ${allEvidence.length} refs`);
-  
-  return truthpack;
-}
-
-/**
- * Build metadata section
- */
-async function buildMeta(projectPath) {
-  let sha = 'unknown';
-  let branch = 'unknown';
-  
-  try {
-    sha = execSync('git rev-parse HEAD', { cwd: projectPath, encoding: 'utf8' }).trim();
-    branch = execSync('git rev-parse --abbrev-ref HEAD', { cwd: projectPath, encoding: 'utf8' }).trim();
-  } catch {}
-  
-  return {
-    version: VERSION,
-    generatedAt: new Date().toISOString(),
-    repoRoot: projectPath,
-    commit: { sha, branch },
-    tool: { name: 'vibecheck', version: VERSION },
-  };
-}
-
-/**
- * Extract project structure
- */
-async function extractProject(projectPath) {
-  const frameworks = [];
-  const workspaces = [];
-  const entrypoints = [];
-  const scripts = {};
-  
-  // Detect frameworks from package.json
-  try {
-    const pkgPath = path.join(projectPath, 'package.json');
-    const pkg = JSON.parse(await fs.readFile(pkgPath, 'utf8'));
-    
-    const deps = { ...pkg.dependencies, ...pkg.devDependencies };
-    if (deps.next) frameworks.push('nextjs');
-    if (deps.express) frameworks.push('express');
-    if (deps.fastify) frameworks.push('fastify');
-    if (deps.react) frameworks.push('react');
-    if (deps.vue) frameworks.push('vue');
-    if (deps['@nestjs/core']) frameworks.push('nestjs');
-    if (deps.prisma || deps['@prisma/client']) frameworks.push('prisma');
-    
-    // Extract scripts
-    if (pkg.scripts) {
-      Object.assign(scripts, pkg.scripts);
-    }
-    
-    // Check for workspaces
-    if (pkg.workspaces) {
-      const wsPatterns = Array.isArray(pkg.workspaces) ? pkg.workspaces : pkg.workspaces.packages || [];
-      for (const pattern of wsPatterns) {
-        const wsPath = pattern.replace('/*', '');
-        try {
-          const entries = await fs.readdir(path.join(projectPath, wsPath), { withFileTypes: true });
-          for (const entry of entries) {
-            if (entry.isDirectory()) {
-              workspaces.push({
-                name: entry.name,
-                path: path.join(wsPath, entry.name),
-                type: detectWorkspaceType(entry.name),
-              });
-            }
-          }
-        } catch {}
-      }
-    }
-  } catch {}
-  
-  // Detect entrypoints
-  const potentialEntrypoints = [
-    { kind: 'api', paths: ['apps/api/src/index.ts', 'src/server.ts', 'server/index.ts', 'api/index.ts'] },
-    { kind: 'web', paths: ['apps/web/app/page.tsx', 'src/pages/index.tsx', 'pages/index.tsx', 'app/page.tsx'] },
-    { kind: 'cli', paths: ['bin/cli.js', 'src/cli.ts', 'cli/index.ts'] },
-  ];
-  
-  for (const ep of potentialEntrypoints) {
-    for (const p of ep.paths) {
-      try {
-        await fs.access(path.join(projectPath, p));
-        entrypoints.push({ kind: ep.kind, path: p });
-        break;
-      } catch {}
-    }
-  }
-  
-  return { frameworks, workspaces, entrypoints, scripts };
-}
-
-/**
- * Extract server routes and client route references using Route Truth v1
- */
-async function extractRoutes(projectPath, allEvidence) {
-  // Use Route Truth v1 resolvers for high-confidence extraction
-  const routeIndex = new RouteIndex();
-  await routeIndex.build(projectPath);
-  
-  const routeMap = routeIndex.getRouteMap();
-  const serverRoutes = routeMap.server.map(route => ({
-    method: route.method,
-    path: route.path,
-    handler: route.handler,
-    middlewares: route.middlewares || [],
-    authRequired: route.authRequired || 'unknown',
-    confidence: route.confidence,
-    evidence: route.evidence,
-  }));
-  
-  // Add evidence to allEvidence
-  for (const route of routeMap.server) {
-    if (route.evidence) allEvidence.push(...route.evidence);
-  }
-  
-  // Extract client route references (fetch/axios calls)
-  const clientRefs = [];
-  const files = await findSourceFiles(projectPath);
-  
-  // Client route reference patterns
-  const clientPatterns = [
-    /fetch\s*\(\s*['"`]([^'"`]+)['"`]/gi,
-    /axios\.(get|post|put|patch|delete)\s*\(\s*['"`]([^'"`]+)['"`]/gi,
-    /api\s*\.\s*(get|post|put|delete)\s*\(\s*['"`]([^'"`]+)['"`]/gi,
-  ];
-  
-  for (const file of files) {
-    try {
-      const content = await fs.readFile(file, 'utf8');
-      const relPath = path.relative(projectPath, file);
-      const lines = content.split('\n');
-      
-      // Extract client route references only (server routes handled by Route Truth)
-      for (const pattern of clientPatterns) {
-        let match;
-        pattern.lastIndex = 0;
-        while ((match = pattern.exec(content)) !== null) {
-          const routePath = match[2] || match[1];
-          if (!routePath.startsWith('/api') && !routePath.startsWith('http')) continue;
-          
-          const lineNum = content.substring(0, match.index).split('\n').length;
-          const snippet = lines[lineNum - 1];
-          
-          const evidence = createEvidence(relPath, `${lineNum}`, snippet, 'Client route reference');
-          allEvidence.push(evidence);
-          
-          clientRefs.push({
-            method: match[1]?.toUpperCase() || 'GET',
-            path: routePath,
-            source: `${relPath}:${lineNum}`,
-            confidence: routePath.includes('${') ? 'low' : 'high',
-            evidence: [evidence],
-          });
-        }
-      }
-    } catch {}
-  }
-  
-  return { server: serverRoutes, clientRefs };
-}
-
-/**
- * Extract environment variables
- */
-async function extractEnv(projectPath, allEvidence) {
-  const vars = new Map();
-  
-  // Check .env.example for declarations
-  const envFiles = ['.env.example', '.env.local.example', '.env.sample', 'env.example'];
-  for (const envFile of envFiles) {
-    try {
-      const content = await fs.readFile(path.join(projectPath, envFile), 'utf8');
-      const lines = content.split('\n');
-      
-      for (let i = 0; i < lines.length; i++) {
-        const match = lines[i].match(/^([A-Z][A-Z0-9_]*)=/);
-        if (match) {
-          const name = match[1];
-          if (!vars.has(name)) {
-            vars.set(name, {
-              name,
-              required: !lines[i].includes('optional'),
-              references: [],
-              defaultValueHint: lines[i].includes('=') ? lines[i].split('=')[1]?.trim() : undefined,
-            });
-          }
-        }
-      }
-    } catch {}
-  }
-  
-  // Find process.env usage in code
-  const files = await findSourceFiles(projectPath);
-  for (const file of files.slice(0, 100)) {
-    try {
-      const content = await fs.readFile(file, 'utf8');
-      const relPath = path.relative(projectPath, file);
-      const lines = content.split('\n');
-      
-      const pattern = /process\.env\.([A-Z][A-Z0-9_]*)/g;
-      let match;
-      while ((match = pattern.exec(content)) !== null) {
-        const name = match[1];
-        const lineNum = content.substring(0, match.index).split('\n').length;
-        const snippet = lines[lineNum - 1];
-        
-        const evidence = createEvidence(relPath, `${lineNum}`, snippet, `Usage of ${name}`);
-        allEvidence.push(evidence);
-        
-        if (!vars.has(name)) {
-          vars.set(name, { name, required: true, references: [] });
-        }
-        vars.get(name).references.push(evidence);
-      }
-    } catch {}
-  }
-  
-  return { vars: Array.from(vars.values()) };
-}
-
-/**
- * Extract auth model and protected surfaces
- */
-async function extractAuth(projectPath, allEvidence) {
-  const signals = [];
-  const protectedSurfaces = [];
-  const gaps = [];
-  let authType = 'unknown';
-  
-  const files = await findSourceFiles(projectPath);
-  
-  // Auth type detection patterns
-  const authPatterns = {
-    jwt: /jsonwebtoken|jwt\.verify|jwt\.sign/i,
-    session: /express-session|cookie-session/i,
-    nextauth: /next-auth|NextAuth/i,
-  };
-  
-  // Auth middleware patterns
-  const middlewarePatterns = [
-    /(?:export\s+)?(?:const|function)\s+(\w*[Aa]uth\w*Middleware|\w*[Gg]uard\w*)/g,
-    /requireAuth|isAuthenticated|verifyToken|checkAuth/gi,
-  ];
-  
-  for (const file of files.slice(0, 100)) {
-    try {
-      const content = await fs.readFile(file, 'utf8');
-      const relPath = path.relative(projectPath, file);
-      const lines = content.split('\n');
-      
-      // Detect auth type
-      for (const [type, pattern] of Object.entries(authPatterns)) {
-        if (pattern.test(content)) {
-          authType = type;
-          const match = content.match(pattern);
-          if (match) {
-            const lineNum = content.substring(0, match.index).split('\n').length;
-            const evidence = createEvidence(relPath, `${lineNum}`, lines[lineNum - 1], `${type} auth signal`);
-            allEvidence.push(evidence);
-            signals.push({ name: type, evidence: [evidence] });
-          }
-        }
-      }
-      
-      // Find auth middleware/guards
-      for (const pattern of middlewarePatterns) {
-        let match;
-        pattern.lastIndex = 0;
-        while ((match = pattern.exec(content)) !== null) {
-          const lineNum = content.substring(0, match.index).split('\n').length;
-          const evidence = createEvidence(relPath, `${lineNum}`, lines[lineNum - 1], 'Auth middleware');
-          allEvidence.push(evidence);
-          signals.push({ name: match[1] || match[0], evidence: [evidence] });
-        }
-      }
-      
-      // Find protected routes
-      if (content.includes('auth') || content.includes('protect')) {
-        const routePattern = /\.(get|post|put|patch|delete)\s*\(\s*['"`]([^'"`]+)['"`].*(?:auth|protect|guard)/gi;
-        let match;
-        while ((match = routePattern.exec(content)) !== null) {
-          const lineNum = content.substring(0, match.index).split('\n').length;
-          const evidence = createEvidence(relPath, `${lineNum}`, lines[lineNum - 1], 'Protected route');
-          allEvidence.push(evidence);
-          
-          protectedSurfaces.push({
-            surface: match[2],
-            kind: 'route',
-            enforcedBy: ['middleware'],
-            evidence: [evidence],
-          });
-        }
-      }
-    } catch {}
-  }
-  
-  return {
-    model: { type: authType, signals },
-    protectedSurfaces,
-    gaps,
-  };
-}
-
-/**
- * Extract billing signals and paid surfaces
- */
-async function extractBilling(projectPath, allEvidence) {
-  const signals = [];
-  const paidSurfaces = [];
-  const gaps = [];
-  const bypassSignals = [];
-  
-  const files = await findSourceFiles(projectPath);
-  
-  // Billing signal patterns
-  const billingPatterns = [
-    /stripe|Stripe/g,
-    /subscription|Subscription/g,
-    /isPro|isEnterprise|tier|Tier/g,
-    /checkEntitlement|hasFeature|canAccess/g,
-  ];
-  
-  // Bypass patterns (ship killers)
-  const bypassPatterns = [
-    { pattern: /SKIP_BILLING|BYPASS_PAYMENT/g, severity: 'block' },
-    { pattern: /isPro\s*=\s*true\s*\/\//g, severity: 'block' },
-    { pattern: /tier\s*=\s*['"]enterprise['"]\s*\/\/\s*dev/gi, severity: 'warn' },
-  ];
-  
-  for (const file of files.slice(0, 100)) {
-    try {
-      const content = await fs.readFile(file, 'utf8');
-      const relPath = path.relative(projectPath, file);
-      const lines = content.split('\n');
-      
-      // Find billing signals
-      for (const pattern of billingPatterns) {
-        let match;
-        pattern.lastIndex = 0;
-        while ((match = pattern.exec(content)) !== null) {
-          const lineNum = content.substring(0, match.index).split('\n').length;
-          const evidence = createEvidence(relPath, `${lineNum}`, lines[lineNum - 1], 'Billing signal');
-          allEvidence.push(evidence);
-          signals.push({ name: match[0], evidence: [evidence] });
-        }
-      }
-      
-      // Find bypass signals
-      for (const { pattern, severity } of bypassPatterns) {
-        let match;
-        pattern.lastIndex = 0;
-        while ((match = pattern.exec(content)) !== null) {
-          const lineNum = content.substring(0, match.index).split('\n').length;
-          const evidence = createEvidence(relPath, `${lineNum}`, lines[lineNum - 1], 'Billing bypass signal');
-          allEvidence.push(evidence);
-          bypassSignals.push({ pattern: match[0], severity, evidence: [evidence] });
-        }
-      }
-    } catch {}
-  }
-  
-  return { signals, paidSurfaces, gaps, bypassSignals };
-}
-
-/**
- * Extract integrations (Stripe, Resend, etc.)
- */
-async function extractIntegrations(projectPath, allEvidence) {
-  const services = [];
-  const integrationPatterns = {
-    stripe: /new Stripe\(|stripe\.customers|stripe\.subscriptions/gi,
-    resend: /new Resend\(|resend\.emails/gi,
-    prisma: /new PrismaClient\(|prisma\./gi,
-    supabase: /createClient.*supabase|supabaseClient/gi,
-    openai: /new OpenAI\(|openai\./gi,
-  };
-  
-  const files = await findSourceFiles(projectPath);
-  
-  for (const file of files.slice(0, 100)) {
-    try {
-      const content = await fs.readFile(file, 'utf8');
-      const relPath = path.relative(projectPath, file);
-      
-      for (const [name, pattern] of Object.entries(integrationPatterns)) {
-        if (pattern.test(content)) {
-          const existing = services.find(s => s.name === name);
-          if (existing) {
-            existing.clientFiles.push(relPath);
-          } else {
-            services.push({ name, clientFiles: [relPath], evidence: [] });
-          }
-        }
-      }
-    } catch {}
-  }
-  
-  return { services };
-}
-
-// =============================================================================
-// HELPERS
-// =============================================================================
-
-function createEvidence(file, lines, snippet, reason) {
-  evidenceCounter++;
-  const id = `ev_${String(evidenceCounter).padStart(4, '0')}`;
-  const snippetHash = `sha256:${crypto.createHash('sha256').update(snippet || '').digest('hex').slice(0, 16)}`;
-  
-  return { id, file, lines, snippetHash, reason };
-}
-
-function extractMiddlewares(content, lineNum) {
-  // Simple middleware extraction - look for function calls before the handler
-  const lines = content.split('\n');
-  const line = lines[lineNum - 1] || '';
-  const middlewares = [];
-  
-  const mwPattern = /(\w+Middleware|\w+Guard|\w+Auth)/g;
-  let match;
-  while ((match = mwPattern.exec(line)) !== null) {
-    middlewares.push(match[1]);
-  }
-  
-  return middlewares;
-}
-
-function detectAuthRequired(content, lineNum) {
-  const lines = content.split('\n');
-  const context = lines.slice(Math.max(0, lineNum - 5), lineNum + 5).join('\n');
-  
-  if (/auth|protect|guard|require.*auth/i.test(context)) return 'yes';
-  if (/public|no.*auth/i.test(context)) return 'no';
-  return 'unknown';
-}
-
-function detectWorkspaceType(name) {
-  if (/api|server|backend/i.test(name)) return 'service';
-  if (/web|app|frontend|ui/i.test(name)) return 'app';
-  if (/package|lib|shared|common/i.test(name)) return 'package';
-  return 'unknown';
-}
-
-async function findSourceFiles(projectPath) {
-  const files = [];
-  const extensions = ['.ts', '.tsx', '.js', '.jsx'];
-  const ignoreDirs = ['node_modules', 'dist', 'build', '.git', '.next', 'coverage', '.vibecheck'];
-  
-  async function walk(dir) {
-    try {
-      const entries = await fs.readdir(dir, { withFileTypes: true });
-      for (const entry of entries) {
-        const fullPath = path.join(dir, entry.name);
-        if (entry.isDirectory()) {
-          if (!ignoreDirs.includes(entry.name) && !entry.name.startsWith('.')) {
-            await walk(fullPath);
-          }
-        } else if (entry.isFile()) {
-          const ext = path.extname(entry.name).toLowerCase();
-          if (extensions.includes(ext)) {
-            files.push(fullPath);
-          }
-        }
-      }
-    } catch {}
-  }
-  
-  await walk(projectPath);
-  return files;
-}
-
-function generateMarkdown(truthpack) {
-  const lines = [
-    '# Truth Pack',
-    '',
-    `Generated: ${truthpack.meta.generatedAt}`,
-    `Commit: ${truthpack.meta.commit.sha} (${truthpack.meta.commit.branch})`,
-    '',
-    '## Project',
-    '',
-    `**Frameworks:** ${truthpack.project.frameworks.join(', ') || 'none detected'}`,
-    '',
-    '### Workspaces',
-    '',
-    ...truthpack.project.workspaces.map(w => `- \`${w.path}\` (${w.type})`),
-    '',
-    '### Entrypoints',
-    '',
-    ...truthpack.project.entrypoints.map(e => `- \`${e.path}\` (${e.kind})`),
-    '',
-    '## Routes',
-    '',
-    `**Server Routes:** ${truthpack.routes.server.length}`,
-    `**Client Refs:** ${truthpack.routes.clientRefs.length}`,
-    '',
-    '### Server Routes',
-    '',
-    '| Method | Path | Handler | Auth |',
-    '|--------|------|---------|------|',
-    ...truthpack.routes.server.slice(0, 50).map(r => 
-      `| ${r.method} | \`${r.path}\` | ${r.handler} | ${r.authRequired} |`
-    ),
-    '',
-    '## Environment',
-    '',
-    `**Variables:** ${truthpack.env.vars.length}`,
-    '',
-    ...truthpack.env.vars.slice(0, 30).map(v => 
-      `- \`${v.name}\` ${v.required ? '(required)' : '(optional)'} - ${v.references.length} refs`
-    ),
-    '',
-    '## Auth',
-    '',
-    `**Type:** ${truthpack.auth.model.type}`,
-    `**Signals:** ${truthpack.auth.model.signals.length}`,
-    `**Protected Surfaces:** ${truthpack.auth.protectedSurfaces.length}`,
-    '',
-    '## Billing',
-    '',
-    `**Signals:** ${truthpack.billing.signals.length}`,
-    `**Bypass Signals:** ${truthpack.billing.bypassSignals.length}`,
-    '',
-    '## Index',
-    '',
-    `**Evidence Refs:** ${truthpack.index.evidenceRefs.length}`,
-    `**Hash:** ${truthpack.index.hashes.truthpackHash}`,
-    '',
-  ];
-  
-  return lines.join('\n');
-}
-
-module.exports = { runTruthpack };