@vibecheckai/cli 3.2.0 → 3.2.2

package/bin/runners/lib/fingerprint.js

@@ -0,0 +1,377 @@
+/**
+ * Finding Fingerprint System
+ * 
+ * Provides stable, content-aware fingerprints for findings that allow:
+ * - De-duplication across runs without a database
+ * - Detection of NEW / FIXED / PERSISTING findings
+ * - Comparison even when line numbers shift
+ * 
+ * Fingerprint = hash of: ruleId + file + contextHash (code around the finding)
+ */
+
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const crypto = require("crypto");
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// FINGERPRINT GENERATION
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Generate a stable fingerprint for a finding.
+ * 
+ * The fingerprint is resilient to line number changes by:
+ * 1. Using a context window of code around the finding
+ * 2. Normalizing whitespace in the context
+ * 3. Including rule ID and file path
+ * 
+ * @param {Object} finding - The finding object
+ * @param {string} repoRoot - Repository root path
+ * @returns {string} - Stable fingerprint hash
+ */
+function generateFingerprint(finding, repoRoot) {
+  const components = [];
+  
+  // 1. Rule ID (category + severity)
+  const ruleId = `${finding.category || "unknown"}:${finding.severity || "unknown"}`;
+  components.push(ruleId);
+  
+  // 2. File path (relative, normalized)
+  const file = extractFile(finding);
+  if (file) {
+    const relPath = file.startsWith("/") || file.includes(":\\") 
+      ? path.relative(repoRoot, file).replace(/\\/g, "/")
+      : file.replace(/\\/g, "/");
+    components.push(relPath);
+  }
+  
+  // 3. Context hash (code around the finding)
+  const contextHash = getContextHash(finding, repoRoot);
+  if (contextHash) {
+    components.push(contextHash);
+  }
+  
+  // 4. Title/message for uniqueness (normalized)
+  const titleNorm = normalizeMessage(finding.title || finding.message || "");
+  if (titleNorm) {
+    components.push(titleNorm.slice(0, 100)); // Cap to prevent huge fingerprints
+  }
+  
+  // Generate hash
+  const input = components.join("|");
+  return crypto.createHash("sha256").update(input).digest("hex").slice(0, 16);
+}
+
+/**
+ * Extract file path from finding (handles various formats)
+ */
+function extractFile(finding) {
+  if (finding.file) return finding.file;
+  if (finding.location?.file) return finding.location.file;
+  if (finding.evidence?.[0]?.file) return finding.evidence[0].file;
+  
+  // Try to extract from title/message
+  const titleMatch = (finding.title || "").match(/:\s*([^\s:]+\.(ts|tsx|js|jsx|json))/);
+  if (titleMatch) return titleMatch[1];
+  
+  return null;
+}
+
+/**
+ * Extract line range from finding
+ */
+function extractLines(finding) {
+  if (finding.lines) {
+    const match = String(finding.lines).match(/(\d+)(?:-(\d+))?/);
+    if (match) {
+      return { start: parseInt(match[1]), end: parseInt(match[2] || match[1]) };
+    }
+  }
+  if (finding.location?.line) {
+    return { start: finding.location.line, end: finding.location.endLine || finding.location.line };
+  }
+  if (finding.evidence?.[0]?.lines) {
+    const match = String(finding.evidence[0].lines).match(/(\d+)(?:-(\d+))?/);
+    if (match) {
+      return { start: parseInt(match[1]), end: parseInt(match[2] || match[1]) };
+    }
+  }
+  return null;
+}
+
+/**
+ * Get a hash of the code context around the finding.
+ * Uses a window of ±3 lines to be resilient to minor edits.
+ */
+function getContextHash(finding, repoRoot) {
+  const file = extractFile(finding);
+  const lines = extractLines(finding);
+  
+  if (!file || !lines) {
+    // Fall back to snippet hash if available
+    if (finding.evidence?.[0]?.snippetHash) {
+      return finding.evidence[0].snippetHash.slice(0, 12);
+    }
+    return null;
+  }
+  
+  try {
+    const absPath = path.isAbsolute(file) ? file : path.join(repoRoot, file);
+    if (!fs.existsSync(absPath)) return null;
+    
+    const content = fs.readFileSync(absPath, "utf8");
+    const allLines = content.split(/\r?\n/);
+    
+    // Get context window (±3 lines)
+    const contextStart = Math.max(0, lines.start - 4);
+    const contextEnd = Math.min(allLines.length, lines.end + 3);
+    
+    const context = allLines
+      .slice(contextStart, contextEnd)
+      .map(line => line.trim()) // Normalize whitespace
+      .filter(line => line.length > 0) // Skip empty lines
+      .join("\n");
+    
+    return crypto.createHash("sha256").update(context).digest("hex").slice(0, 12);
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Normalize message for comparison (strip variable parts)
+ */
+function normalizeMessage(msg) {
+  return msg
+    .replace(/:\d+(-\d+)?/g, "") // Remove line numbers
+    .replace(/\([^)]*\)/g, "") // Remove parenthetical notes
+    .replace(/["'`][^"'`]+["'`]/g, "X") // Replace quoted strings
+    .replace(/\s+/g, " ") // Normalize whitespace
+    .trim()
+    .toLowerCase();
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// BASELINE MANAGEMENT
+// ═══════════════════════════════════════════════════════════════════════════════
+
+const BASELINE_FILE = ".vibecheck/baseline.json";
+
+/**
+ * Load baseline from disk
+ */
+function loadBaseline(repoRoot) {
+  const baselinePath = path.join(repoRoot, BASELINE_FILE);
+  
+  try {
+    if (!fs.existsSync(baselinePath)) {
+      return { fingerprints: new Map(), timestamp: null, version: "1.0.0" };
+    }
+    
+    const data = JSON.parse(fs.readFileSync(baselinePath, "utf8"));
+    
+    return {
+      fingerprints: new Map(Object.entries(data.fingerprints || {})),
+      timestamp: data.timestamp,
+      version: data.version || "1.0.0",
+      metadata: data.metadata || {},
+    };
+  } catch {
+    return { fingerprints: new Map(), timestamp: null, version: "1.0.0" };
+  }
+}
+
+/**
+ * Save baseline to disk
+ */
+function saveBaseline(repoRoot, findings, metadata = {}) {
+  const baselinePath = path.join(repoRoot, BASELINE_FILE);
+  
+  // Ensure directory exists
+  const dir = path.dirname(baselinePath);
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true });
+  }
+  
+  // Build fingerprint map
+  const fingerprints = {};
+  for (const finding of findings) {
+    if (finding.fingerprint) {
+      fingerprints[finding.fingerprint] = {
+        category: finding.category,
+        severity: finding.severity,
+        file: extractFile(finding),
+        title: (finding.title || finding.message || "").slice(0, 200),
+        firstSeen: finding.firstSeen || new Date().toISOString(),
+      };
+    }
+  }
+  
+  const data = {
+    version: "1.0.0",
+    timestamp: new Date().toISOString(),
+    metadata: {
+      totalFindings: findings.length,
+      criticalCount: findings.filter(f => f.severity === "BLOCK" || f.severity === "critical").length,
+      ...metadata,
+    },
+    fingerprints,
+  };
+  
+  fs.writeFileSync(baselinePath, JSON.stringify(data, null, 2));
+  
+  return data;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// DIFF CALCULATION
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Compare current findings against baseline to determine status.
+ * 
+ * @param {Array} findings - Current findings (with fingerprints)
+ * @param {Object} baseline - Loaded baseline
+ * @returns {Object} - Diff result with NEW, FIXED, PERSISTING counts
+ */
+function diffFindings(findings, baseline) {
+  const currentFP = new Set(findings.map(f => f.fingerprint).filter(Boolean));
+  const baselineFP = baseline.fingerprints;
+  
+  const result = {
+    new: [],
+    fixed: [],
+    persisting: [],
+    summary: {
+      newCount: 0,
+      fixedCount: 0,
+      persistingCount: 0,
+      totalCurrent: findings.length,
+      totalBaseline: baselineFP.size,
+    },
+  };
+  
+  // Find NEW and PERSISTING
+  for (const finding of findings) {
+    if (!finding.fingerprint) continue;
+    
+    if (baselineFP.has(finding.fingerprint)) {
+      finding.status = "PERSISTING";
+      finding.firstSeen = baselineFP.get(finding.fingerprint).firstSeen;
+      result.persisting.push(finding);
+    } else {
+      finding.status = "NEW";
+      finding.firstSeen = new Date().toISOString();
+      result.new.push(finding);
+    }
+  }
+  
+  // Find FIXED (in baseline but not in current)
+  for (const [fp, meta] of baselineFP) {
+    if (!currentFP.has(fp)) {
+      result.fixed.push({
+        fingerprint: fp,
+        status: "FIXED",
+        ...meta,
+      });
+    }
+  }
+  
+  // Update counts
+  result.summary.newCount = result.new.length;
+  result.summary.fixedCount = result.fixed.length;
+  result.summary.persistingCount = result.persisting.length;
+  
+  return result;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// ENRICHMENT
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Enrich findings with fingerprints and diff status.
+ * 
+ * @param {Array} findings - Raw findings from analyzers
+ * @param {string} repoRoot - Repository root
+ * @param {boolean} compareBaseline - Whether to compare against baseline
+ * @returns {Object} - { findings, diff, baseline }
+ */
+function enrichFindings(findings, repoRoot, compareBaseline = true) {
+  // Add fingerprints to all findings
+  for (const finding of findings) {
+    finding.fingerprint = generateFingerprint(finding, repoRoot);
+  }
+  
+  // Load baseline and diff if requested
+  let diff = null;
+  let baseline = null;
+  
+  if (compareBaseline) {
+    baseline = loadBaseline(repoRoot);
+    
+    if (baseline.fingerprints.size > 0) {
+      diff = diffFindings(findings, baseline);
+    } else {
+      // First run - all findings are "new" but we don't show the label
+      for (const finding of findings) {
+        finding.status = null; // No status on first run
+      }
+    }
+  }
+  
+  return { findings, diff, baseline };
+}
+
+/**
+ * Format diff summary for terminal output
+ */
+function formatDiffSummary(diff) {
+  if (!diff) return null;
+  
+  const parts = [];
+  
+  if (diff.summary.newCount > 0) {
+    parts.push(`\x1b[38;2;255;100;100m+${diff.summary.newCount} NEW\x1b[0m`);
+  }
+  
+  if (diff.summary.fixedCount > 0) {
+    parts.push(`\x1b[38;2;100;255;150m-${diff.summary.fixedCount} FIXED\x1b[0m`);
+  }
+  
+  if (diff.summary.persistingCount > 0) {
+    parts.push(`\x1b[38;2;200;200;200m${diff.summary.persistingCount} persisting\x1b[0m`);
+  }
+  
+  return parts.length > 0 ? parts.join("  ") : null;
+}
+
+/**
+ * Get status badge for a finding
+ */
+function getStatusBadge(finding) {
+  switch (finding.status) {
+    case "NEW":
+      return "\x1b[48;2;255;80;80m\x1b[1m NEW \x1b[0m";
+    case "FIXED":
+      return "\x1b[48;2;50;180;100m\x1b[1m FIXED \x1b[0m";
+    case "PERSISTING":
+      return "\x1b[38;2;150;150;150m●\x1b[0m"; // Subtle dot for persisting
+    default:
+      return "";
+  }
+}
+
+module.exports = {
+  generateFingerprint,
+  loadBaseline,
+  saveBaseline,
+  diffFindings,
+  enrichFindings,
+  formatDiffSummary,
+  getStatusBadge,
+  extractFile,
+  extractLines,
+};