@vibecheckai/cli 3.1.2 → 3.1.4

package/bin/runners/lib/scan-output.js

@@ -0,0 +1,545 @@
+/**
+ * Scan Output - Premium Scan Results Display
+ * 
+ * Handles all scan output formatting:
+ * - Layer status display
+ * - Findings grouped by category
+ * - Coverage maps
+ * - JSON/SARIF export
+ */
+
+const {
+  ansi,
+  colors,
+  box,
+  icons,
+  renderScoreCard,
+  renderFindingsList,
+  renderSection,
+  renderDivider,
+  renderTable,
+  formatDuration,
+  formatNumber,
+  truncate,
+} = require('./terminal-ui');
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// LAYER STATUS DISPLAY
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function renderLayers(layers) {
+  const lines = [];
+  lines.push(renderSection('ANALYSIS LAYERS', '⚡'));
+  lines.push('');
+  
+  const layerConfig = {
+    ast: { name: 'AST Analysis', icon: '🔍', desc: 'Static code parsing' },
+    truth: { name: 'Build Truth', icon: '📦', desc: 'Manifest verification' },
+    reality: { name: 'Reality Check', icon: '🎭', desc: 'Playwright runtime' },
+    realitySniff: { name: 'Reality Sniff', icon: '🔬', desc: 'AI artifact detection' },
+    detection: { name: 'Detection Engines', icon: '🛡️', desc: 'Security patterns' },
+  };
+  
+  for (const layer of layers) {
+    const config = layerConfig[layer.name] || { name: layer.name, icon: '○', desc: '' };
+    
+    let status, statusColor;
+    if (layer.skipped) {
+      status = `${ansi.dim}○ skipped${ansi.reset}`;
+    } else if (layer.error) {
+      status = `${colors.error}${icons.error} error${ansi.reset}`;
+    } else {
+      status = `${colors.success}${icons.success}${ansi.reset}`;
+    }
+    
+    const duration = layer.duration ? `${ansi.dim}${layer.duration}ms${ansi.reset}` : '';
+    const findings = layer.findings !== undefined ? `${colors.accent}${layer.findings}${ansi.reset} ${ansi.dim}findings${ansi.reset}` : '';
+    
+    lines.push(`  ${status} ${config.icon} ${config.name.padEnd(20)} ${duration.padEnd(15)} ${findings}`);
+  }
+  
+  return lines.join('\n');
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// COVERAGE MAP DISPLAY
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function renderCoverageMap(coverage) {
+  if (!coverage) return '';
+  
+  const lines = [];
+  lines.push(renderSection('ROUTE COVERAGE', '🗺️'));
+  lines.push('');
+  
+  const pct = coverage.coveragePercent || 0;
+  const color = pct >= 80 ? colors.success : pct >= 60 ? colors.warning : colors.error;
+  
+  // Coverage bar
+  const barWidth = 50;
+  const filled = Math.round((pct / 100) * barWidth);
+  const bar = `${color}${'█'.repeat(filled)}${ansi.dim}${'░'.repeat(barWidth - filled)}${ansi.reset}`;
+  
+  lines.push(`  ${color}${ansi.bold}${pct}%${ansi.reset} ${ansi.dim}of routes reachable from${ansi.reset} ${colors.accent}/${ansi.reset}`);
+  lines.push(`  ${bar}`);
+  lines.push('');
+  
+  // Stats
+  const stats = [
+    ['Total Routes', coverage.totalRoutes || 0],
+    ['Reachable', coverage.reachableFromRoot || 0],
+    ['Orphaned', coverage.orphanedRoutes || 0],
+    ['Dead Links', coverage.deadLinks || 0],
+  ];
+  
+  for (const [label, value] of stats) {
+    const valueColor = label === 'Orphaned' || label === 'Dead Links' 
+      ? (value > 0 ? colors.error : colors.success)
+      : ansi.reset;
+    lines.push(`  ${ansi.dim}${label}:${ansi.reset} ${valueColor}${ansi.bold}${value}${ansi.reset}`);
+  }
+  
+  // Isolated clusters
+  if (coverage.isolatedClusters?.length > 0) {
+    lines.push('');
+    lines.push(`  ${colors.warning}${icons.warning}${ansi.reset} ${ansi.dim}Isolated clusters:${ansi.reset}`);
+    for (const cluster of coverage.isolatedClusters.slice(0, 3)) {
+      const auth = cluster.requiresAuth ? ` ${ansi.dim}(auth required)${ansi.reset}` : '';
+      lines.push(`    ${ansi.dim}├─${ansi.reset} ${ansi.bold}${cluster.name}${ansi.reset}${auth} ${ansi.dim}(${cluster.nodeIds?.length || 0} routes)${ansi.reset}`);
+    }
+    if (coverage.isolatedClusters.length > 3) {
+      lines.push(`    ${ansi.dim}└─ ... and ${coverage.isolatedClusters.length - 3} more clusters${ansi.reset}`);
+    }
+  }
+  
+  // Unreachable routes
+  if (coverage.unreachableRoutes?.length > 0) {
+    lines.push('');
+    lines.push(`  ${colors.error}${icons.error}${ansi.reset} ${ansi.dim}Unreachable routes:${ansi.reset}`);
+    for (const route of coverage.unreachableRoutes.slice(0, 5)) {
+      lines.push(`    ${ansi.dim}├─${ansi.reset} ${colors.error}${route}${ansi.reset}`);
+    }
+    if (coverage.unreachableRoutes.length > 5) {
+      lines.push(`    ${ansi.dim}└─ ... and ${coverage.unreachableRoutes.length - 5} more${ansi.reset}`);
+    }
+  }
+  
+  return lines.join('\n');
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// BREAKDOWN DISPLAY
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function renderBreakdown(breakdown) {
+  if (!breakdown) return '';
+  
+  const lines = [];
+  lines.push(renderSection('SCORE BREAKDOWN', '📊'));
+  lines.push('');
+  
+  const items = [
+    { key: 'deadLinks', label: 'Dead Links', icon: '🔗' },
+    { key: 'orphanRoutes', label: 'Orphan Routes', icon: '👻' },
+    { key: 'runtimeFailures', label: 'Runtime 404s', icon: '💥' },
+    { key: 'unresolvedDynamic', label: 'Unresolved Dynamic', icon: '❓' },
+    { key: 'placeholders', label: 'Placeholders', icon: '📝' },
+    { key: 'secretsExposed', label: 'Secrets Exposed', icon: '🔐' },
+    { key: 'authBypass', label: 'Auth Bypass', icon: '🚪' },
+    { key: 'mockData', label: 'Mock Data', icon: '🎭' },
+  ];
+  
+  for (const item of items) {
+    const data = breakdown[item.key];
+    if (!data && data !== 0) continue;
+    
+    const count = typeof data === 'object' ? data.count : data;
+    const penalty = typeof data === 'object' ? data.penalty : 0;
+    
+    const status = count === 0 ? `${colors.success}${icons.success}${ansi.reset}` : `${colors.error}${icons.error}${ansi.reset}`;
+    const countColor = count === 0 ? colors.success : colors.error;
+    const penaltyStr = penalty > 0 ? `${ansi.dim}-${penalty} pts${ansi.reset}` : `${ansi.dim}  ---${ansi.reset}`;
+    
+    lines.push(`  ${status} ${item.icon} ${item.label.padEnd(22)} ${countColor}${ansi.bold}${String(count).padStart(3)}${ansi.reset}  ${penaltyStr}`);
+  }
+  
+  return lines.join('\n');
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// BLOCKERS DISPLAY
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function renderBlockers(blockers, options = {}) {
+  const { maxItems = 8 } = options;
+  
+  if (!blockers || blockers.length === 0) {
+    const lines = [];
+    lines.push(renderSection('SHIP BLOCKERS', '🚀'));
+    lines.push('');
+    lines.push(`  ${colors.success}${ansi.bold}${icons.success} No blockers! You're clear to ship.${ansi.reset}`);
+    return lines.join('\n');
+  }
+  
+  const lines = [];
+  lines.push(renderSection(`SHIP BLOCKERS (${blockers.length})`, '🚨'));
+  lines.push('');
+  
+  for (const blocker of blockers.slice(0, maxItems)) {
+    const sevColor = blocker.severity === 'critical' || blocker.severity === 'BLOCK' 
+      ? colors.bg.error 
+      : colors.bg.warning;
+    const sevLabel = blocker.severity === 'critical' || blocker.severity === 'BLOCK'
+      ? 'CRITICAL'
+      : '  HIGH  ';
+    
+    lines.push(`  ${sevColor}${ansi.bold} ${sevLabel} ${ansi.reset} ${ansi.bold}${truncate(blocker.title || blocker.message, 45)}${ansi.reset}`);
+    
+    if (blocker.description) {
+      lines.push(`             ${ansi.dim}${truncate(blocker.description, 55)}${ansi.reset}`);
+    }
+    
+    if (blocker.file) {
+      const fileDisplay = blocker.file + (blocker.line ? `:${blocker.line}` : '');
+      lines.push(`             ${colors.accent}${truncate(fileDisplay, 50)}${ansi.reset}`);
+    }
+    
+    if (blocker.fix || blocker.fixSuggestion) {
+      lines.push(`             ${colors.success}→ ${truncate(blocker.fix || blocker.fixSuggestion, 50)}${ansi.reset}`);
+    }
+    
+    lines.push('');
+  }
+  
+  if (blockers.length > maxItems) {
+    lines.push(`  ${ansi.dim}... and ${blockers.length - maxItems} more blockers${ansi.reset}`);
+    lines.push('');
+  }
+  
+  return lines.join('\n');
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// CATEGORY SUMMARY
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function renderCategorySummary(findings) {
+  if (!findings || findings.length === 0) return '';
+  
+  // Group by category
+  const categories = {};
+  for (const f of findings) {
+    const cat = f.category || f.ruleId?.split('/')[0] || 'other';
+    if (!categories[cat]) {
+      categories[cat] = { critical: 0, high: 0, medium: 0, low: 0, total: 0 };
+    }
+    categories[cat].total++;
+    
+    const sev = (f.severity || '').toLowerCase();
+    if (sev === 'critical' || sev === 'block') categories[cat].critical++;
+    else if (sev === 'high') categories[cat].high++;
+    else if (sev === 'medium' || sev === 'warn' || sev === 'warning') categories[cat].medium++;
+    else categories[cat].low++;
+  }
+  
+  const lines = [];
+  lines.push(renderSection('FINDINGS BY CATEGORY', '📁'));
+  lines.push('');
+  
+  const categoryIcons = {
+    ROUTE: '🔗',
+    AUTH: '🔐',
+    SECRET: '🔑',
+    BILLING: '💳',
+    MOCK: '🎭',
+    DEAD_UI: '👻',
+    FAKE_SUCCESS: '✨',
+    REALITY: '🔬',
+    QUALITY: '📋',
+    CONFIG: '⚙️',
+  };
+  
+  const sortedCategories = Object.entries(categories)
+    .sort((a, b) => {
+      // Sort by criticality: critical > high > medium > low
+      const aCrit = a[1].critical * 1000 + a[1].high * 100 + a[1].medium * 10;
+      const bCrit = b[1].critical * 1000 + b[1].high * 100 + b[1].medium * 10;
+      return bCrit - aCrit;
+    });
+  
+  for (const [cat, counts] of sortedCategories) {
+    const icon = categoryIcons[cat.toUpperCase()] || '•';
+    const critStr = counts.critical > 0 ? `${colors.critical}${counts.critical}C${ansi.reset} ` : '';
+    const highStr = counts.high > 0 ? `${colors.high}${counts.high}H${ansi.reset} ` : '';
+    const medStr = counts.medium > 0 ? `${colors.medium}${counts.medium}M${ansi.reset} ` : '';
+    const lowStr = counts.low > 0 ? `${colors.low}${counts.low}L${ansi.reset}` : '';
+    
+    lines.push(`  ${icon} ${cat.padEnd(15)} ${ansi.dim}${String(counts.total).padStart(3)} total${ansi.reset}  ${critStr}${highStr}${medStr}${lowStr}`);
+  }
+  
+  return lines.join('\n');
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// FULL SCAN OUTPUT
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function formatScanOutput(result, options = {}) {
+  const { verbose = false, json = false } = options;
+  
+  if (json) {
+    return JSON.stringify(result, null, 2);
+  }
+  
+  const { verdict, findings = [], layers = [], coverage, breakdown, timings = {} } = result;
+  
+  // Count findings by severity
+  const severityCounts = {
+    critical: findings.filter(f => f.severity === 'critical' || f.severity === 'BLOCK').length,
+    high: findings.filter(f => f.severity === 'high').length,
+    medium: findings.filter(f => f.severity === 'medium' || f.severity === 'WARN' || f.severity === 'warning').length,
+    low: findings.filter(f => f.severity === 'low' || f.severity === 'INFO' || f.severity === 'info').length,
+  };
+  
+  // Calculate score
+  const score = verdict?.score ?? calculateScore(severityCounts);
+  const verdictStatus = verdict?.verdict || (severityCounts.critical > 0 ? 'BLOCK' : severityCounts.high > 0 ? 'WARN' : 'SHIP');
+  
+  const lines = [];
+  
+  // Score card
+  lines.push(renderScoreCard(score, {
+    verdict: verdictStatus,
+    findings: severityCounts,
+    duration: timings.total,
+    cached: result.cached,
+  }));
+  
+  // Blockers (critical + high severity findings)
+  const blockers = findings.filter(f => 
+    f.severity === 'critical' || f.severity === 'BLOCK' || f.severity === 'high'
+  );
+  lines.push(renderBlockers(blockers));
+  
+  // Category summary
+  if (findings.length > 0) {
+    lines.push(renderCategorySummary(findings));
+  }
+  
+  // Verbose output
+  if (verbose) {
+    // Coverage map
+    if (coverage) {
+      lines.push('');
+      lines.push(renderCoverageMap(coverage));
+    }
+    
+    // Breakdown
+    if (breakdown) {
+      lines.push('');
+      lines.push(renderBreakdown(breakdown));
+    }
+    
+    // Layers
+    if (layers.length > 0) {
+      lines.push('');
+      lines.push(renderLayers(layers));
+    }
+    
+    // All findings
+    if (findings.length > 0) {
+      lines.push('');
+      lines.push(renderFindingsList(findings, { maxItems: 20, groupBySeverity: true }));
+    }
+  }
+  
+  // Timing summary
+  if (timings.total) {
+    lines.push('');
+    lines.push(`  ${ansi.dim}Completed in ${formatDuration(timings.total)}${ansi.reset}`);
+  }
+  
+  lines.push('');
+  return lines.join('\n');
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// SCORE CALCULATION
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function calculateScore(severityCounts) {
+  const deductions = 
+    (severityCounts.critical || 0) * 25 +
+    (severityCounts.high || 0) * 15 +
+    (severityCounts.medium || 0) * 5 +
+    (severityCounts.low || 0) * 1;
+  
+  return Math.max(0, 100 - deductions);
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// EXIT CODE DETERMINATION
+// ═══════════════════════════════════════════════════════════════════════════════
+
+const EXIT_CODES = {
+  SUCCESS: 0,
+  WARNING: 1,
+  FAILURE: 2,
+  ERROR: 3,
+};
+
+function getExitCode(verdict) {
+  if (!verdict) return EXIT_CODES.ERROR;
+  
+  const status = verdict.verdict || verdict;
+  
+  switch (status) {
+    case 'PASS':
+    case 'SHIP':
+      return EXIT_CODES.SUCCESS;
+    case 'WARN':
+      return EXIT_CODES.WARNING;
+    case 'FAIL':
+    case 'BLOCK':
+      return EXIT_CODES.FAILURE;
+    default:
+      return EXIT_CODES.ERROR;
+  }
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// ERROR DISPLAY
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function printError(error, context = '') {
+  const prefix = context ? `${context}: ` : '';
+  
+  console.error('');
+  console.error(`  ${colors.error}${icons.error}${ansi.reset} ${ansi.bold}${prefix}${error.message || error}${ansi.reset}`);
+  
+  if (error.code) {
+    console.error(`  ${ansi.dim}Error code: ${error.code}${ansi.reset}`);
+  }
+  
+  if (error.suggestion || error.fix) {
+    console.error(`  ${colors.success}${icons.arrowRight}${ansi.reset} ${error.suggestion || error.fix}`);
+  }
+  
+  if (error.docs || error.helpUrl) {
+    console.error(`  ${ansi.dim}See: ${error.docs || error.helpUrl}${ansi.reset}`);
+  }
+  
+  console.error('');
+  
+  // Return appropriate exit code
+  if (error.code === 'VALIDATION_ERROR') return EXIT_CODES.FAILURE;
+  if (error.code === 'LIMIT_EXCEEDED') return EXIT_CODES.WARNING;
+  return EXIT_CODES.ERROR;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// SARIF OUTPUT
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function formatSARIF(findings, options = {}) {
+  const { projectPath = '.', version = '1.0.0' } = options;
+  
+  const rules = new Map();
+  const results = [];
+  
+  for (const f of findings) {
+    const ruleId = f.ruleId || f.id || `vibecheck/${f.category || 'general'}`;
+    
+    if (!rules.has(ruleId)) {
+      rules.set(ruleId, {
+        id: ruleId,
+        name: f.category || 'general',
+        shortDescription: { text: f.title || f.message },
+        defaultConfiguration: {
+          level: sarifLevel(f.severity),
+        },
+        helpUri: 'https://vibecheck.dev/docs/rules/' + ruleId,
+      });
+    }
+    
+    const result = {
+      ruleId,
+      level: sarifLevel(f.severity),
+      message: { text: f.message || f.title },
+      locations: [],
+    };
+    
+    if (f.file) {
+      result.locations.push({
+        physicalLocation: {
+          artifactLocation: { uri: f.file },
+          region: f.line ? { startLine: f.line, startColumn: f.column || 1 } : undefined,
+        },
+      });
+    }
+    
+    if (f.fix) {
+      result.fixes = [{ description: { text: f.fix } }];
+    }
+    
+    results.push(result);
+  }
+  
+  return {
+    $schema: 'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json',
+    version: '2.1.0',
+    runs: [{
+      tool: {
+        driver: {
+          name: 'vibecheck',
+          version,
+          informationUri: 'https://vibecheck.dev',
+          rules: Array.from(rules.values()),
+        },
+      },
+      results,
+      invocations: [{
+        executionSuccessful: true,
+        endTimeUtc: new Date().toISOString(),
+      }],
+    }],
+  };
+}
+
+function sarifLevel(severity) {
+  const levels = {
+    critical: 'error',
+    BLOCK: 'error',
+    high: 'error',
+    medium: 'warning',
+    WARN: 'warning',
+    warning: 'warning',
+    low: 'note',
+    INFO: 'note',
+    info: 'none',
+  };
+  return levels[severity] || 'warning';
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// EXPORTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+module.exports = {
+  // Main formatters
+  formatScanOutput,
+  formatSARIF,
+  
+  // Component renderers
+  renderLayers,
+  renderCoverageMap,
+  renderBreakdown,
+  renderBlockers,
+  renderCategorySummary,
+  
+  // Utilities
+  calculateScore,
+  getExitCode,
+  printError,
+  EXIT_CODES,
+};

package/bin/runners/lib/server-usage.js

@@ -269,18 +269,6 @@ class ServerUsageEnforcement {
       return { synced: 0, pending: 0 };
     }
     
-    // Check if API key is configured before attempting sync
-    const token = getAuthToken();
-    if (!token) {
-      // No API key - silently allow offline mode (no warning needed for missing config)
-      return { 
-        synced: 0, 
-        pending: offline.queue.length,
-        error: 'No API key configured',
-        offline: true,
-      };
-    }
-    
     const result = await apiRequest('/sync', 'POST');
     
     if (result.offline || !result.success) {