@vibecheckai/cli 3.2.2 → 3.2.4

package/bin/runners/lib/contracts/env-contract.js

@@ -1,181 +1,181 @@
-/**
- * Env Contract Builder
- * Builds env.json contract from truthpack
- */
-
-"use strict";
-
-/**
- * Build env contract from truthpack
- */
-function buildEnvContract(truthpack) {
-  const contract = {
-    version: "1.0.0",
-    generatedAt: new Date().toISOString(),
-    vars: []
-  };
-
-  const envVars = truthpack?.env?.vars || [];
-  const declared = new Set(truthpack?.env?.declared || []);
-  const declaredSources = truthpack?.env?.declaredSources || [];
-
-  for (const v of envVars) {
-    const varSpec = {
-      name: v.name,
-      required: inferRequired(v, declared),
-      usedIn: (v.references || []).map(r => r.file).filter(Boolean),
-      declaredIn: declaredSources.filter(s => isDeclaredInSource(v.name, s)),
-      description: inferDescription(v.name),
-      evidence: v.references || []
-    };
-
-    contract.vars.push(varSpec);
-  }
-
-  // Add declared vars that aren't used (might be optional)
-  for (const name of declared) {
-    if (!envVars.find(v => v.name === name)) {
-      contract.vars.push({
-        name,
-        required: false,
-        usedIn: [],
-        declaredIn: declaredSources,
-        description: inferDescription(name),
-        evidence: []
-      });
-    }
-  }
-
-  // Deterministic output: sort vars by name
-  contract.vars.sort((a, b) => a.name.localeCompare(b.name));
-
-  return contract;
-}
-
-/**
- * Infer if env var is required
- */
-function inferRequired(envVar, declared) {
-  const name = envVar.name;
-  
-  // Common required patterns
-  const requiredPatterns = [
-    /^DATABASE_URL$/i,
-    /^NEXTAUTH_SECRET$/i,
-    /^NEXTAUTH_URL$/i,
-    /^JWT_SECRET$/i,
-    /^API_KEY$/i,
-    /^STRIPE_SECRET_KEY$/i,
-    /^STRIPE_WEBHOOK_SECRET$/i,
-    /^AUTH0_/i,
-    /^CLERK_/i,
-  ];
-
-  for (const pattern of requiredPatterns) {
-    if (pattern.test(name)) return true;
-  }
-
-  // If used but not declared, likely required
-  if (!declared.has(name) && envVar.references?.length > 0) {
-    return true;
-  }
-
-  return false;
-}
-
-function isDeclaredInSource(name, source) {
-  // Simple heuristic - would need to parse files for accurate check
-  return true;
-}
-
-function inferDescription(name) {
-  const descriptions = {
-    DATABASE_URL: "Database connection string",
-    NEXTAUTH_SECRET: "NextAuth.js encryption secret",
-    NEXTAUTH_URL: "NextAuth.js base URL",
-    JWT_SECRET: "JWT signing secret",
-    STRIPE_SECRET_KEY: "Stripe API secret key",
-    STRIPE_PUBLISHABLE_KEY: "Stripe publishable key",
-    STRIPE_WEBHOOK_SECRET: "Stripe webhook signing secret",
-    NODE_ENV: "Node environment (development/production)",
-    PORT: "Server port",
-    HOST: "Server host",
-  };
-
-  return descriptions[name] || undefined;
-}
-
-/**
- * Validate code against env contract
- */
-function validateAgainstEnvContract(contract, usedVars) {
-  const violations = [];
-  const contractVars = new Map(contract.vars.map(v => [v.name, v]));
-
-  for (const used of usedVars) {
-    if (!contractVars.has(used.name)) {
-      violations.push({
-        type: "undeclared_env",
-        severity: "WARN",
-        name: used.name,
-        usedIn: used.references?.map(r => r.file) || [],
-        message: `Env var ${used.name} used but not declared in contract`,
-        evidence: used.references || []
-      });
-    }
-  }
-
-  // Check for required vars that aren't used
-  for (const [name, spec] of contractVars) {
-    if (spec.required && spec.usedIn.length === 0) {
-      violations.push({
-        type: "unused_required",
-        severity: "WARN",
-        name,
-        message: `Required env var ${name} declared but not used`,
-        evidence: []
-      });
-    }
-  }
-
-  return violations;
-}
-
-/**
- * Diff two env contracts
- */
-function diffEnvContracts(before, after) {
-  const diff = {
-    added: [],
-    removed: [],
-    changed: []
-  };
-
-  const beforeMap = new Map(before.vars.map(v => [v.name, v]));
-  const afterMap = new Map(after.vars.map(v => [v.name, v]));
-
-  for (const [name, spec] of afterMap) {
-    if (!beforeMap.has(name)) {
-      diff.added.push(spec);
-    } else {
-      const prev = beforeMap.get(name);
-      if (prev.required !== spec.required) {
-        diff.changed.push({ before: prev, after: spec });
-      }
-    }
-  }
-
-  for (const [name, spec] of beforeMap) {
-    if (!afterMap.has(name)) {
-      diff.removed.push(spec);
-    }
-  }
-
-  return diff;
-}
-
-module.exports = {
-  buildEnvContract,
-  validateAgainstEnvContract,
-  diffEnvContracts
-};
+/**
+ * Env Contract Builder
+ * Builds env.json contract from truthpack
+ */
+
+"use strict";
+
+/**
+ * Build env contract from truthpack
+ */
+function buildEnvContract(truthpack) {
+  const contract = {
+    version: "1.0.0",
+    generatedAt: new Date().toISOString(),
+    vars: []
+  };
+
+  const envVars = truthpack?.env?.vars || [];
+  const declared = new Set(truthpack?.env?.declared || []);
+  const declaredSources = truthpack?.env?.declaredSources || [];
+
+  for (const v of envVars) {
+    const varSpec = {
+      name: v.name,
+      required: inferRequired(v, declared),
+      usedIn: (v.references || []).map(r => r.file).filter(Boolean),
+      declaredIn: declaredSources.filter(s => isDeclaredInSource(v.name, s)),
+      description: inferDescription(v.name),
+      evidence: v.references || []
+    };
+
+    contract.vars.push(varSpec);
+  }
+
+  // Add declared vars that aren't used (might be optional)
+  for (const name of declared) {
+    if (!envVars.find(v => v.name === name)) {
+      contract.vars.push({
+        name,
+        required: false,
+        usedIn: [],
+        declaredIn: declaredSources,
+        description: inferDescription(name),
+        evidence: []
+      });
+    }
+  }
+
+  // Deterministic output: sort vars by name
+  contract.vars.sort((a, b) => a.name.localeCompare(b.name));
+
+  return contract;
+}
+
+/**
+ * Infer if env var is required
+ */
+function inferRequired(envVar, declared) {
+  const name = envVar.name;
+  
+  // Common required patterns
+  const requiredPatterns = [
+    /^DATABASE_URL$/i,
+    /^NEXTAUTH_SECRET$/i,
+    /^NEXTAUTH_URL$/i,
+    /^JWT_SECRET$/i,
+    /^API_KEY$/i,
+    /^STRIPE_SECRET_KEY$/i,
+    /^STRIPE_WEBHOOK_SECRET$/i,
+    /^AUTH0_/i,
+    /^CLERK_/i,
+  ];
+
+  for (const pattern of requiredPatterns) {
+    if (pattern.test(name)) return true;
+  }
+
+  // If used but not declared, likely required
+  if (!declared.has(name) && envVar.references?.length > 0) {
+    return true;
+  }
+
+  return false;
+}
+
+function isDeclaredInSource(name, source) {
+  // Simple heuristic - would need to parse files for accurate check
+  return true;
+}
+
+function inferDescription(name) {
+  const descriptions = {
+    DATABASE_URL: "Database connection string",
+    NEXTAUTH_SECRET: "NextAuth.js encryption secret",
+    NEXTAUTH_URL: "NextAuth.js base URL",
+    JWT_SECRET: "JWT signing secret",
+    STRIPE_SECRET_KEY: "Stripe API secret key",
+    STRIPE_PUBLISHABLE_KEY: "Stripe publishable key",
+    STRIPE_WEBHOOK_SECRET: "Stripe webhook signing secret",
+    NODE_ENV: "Node environment (development/production)",
+    PORT: "Server port",
+    HOST: "Server host",
+  };
+
+  return descriptions[name] || undefined;
+}
+
+/**
+ * Validate code against env contract
+ */
+function validateAgainstEnvContract(contract, usedVars) {
+  const violations = [];
+  const contractVars = new Map(contract.vars.map(v => [v.name, v]));
+
+  for (const used of usedVars) {
+    if (!contractVars.has(used.name)) {
+      violations.push({
+        type: "undeclared_env",
+        severity: "WARN",
+        name: used.name,
+        usedIn: used.references?.map(r => r.file) || [],
+        message: `Env var ${used.name} used but not declared in contract`,
+        evidence: used.references || []
+      });
+    }
+  }
+
+  // Check for required vars that aren't used
+  for (const [name, spec] of contractVars) {
+    if (spec.required && spec.usedIn.length === 0) {
+      violations.push({
+        type: "unused_required",
+        severity: "WARN",
+        name,
+        message: `Required env var ${name} declared but not used`,
+        evidence: []
+      });
+    }
+  }
+
+  return violations;
+}
+
+/**
+ * Diff two env contracts
+ */
+function diffEnvContracts(before, after) {
+  const diff = {
+    added: [],
+    removed: [],
+    changed: []
+  };
+
+  const beforeMap = new Map(before.vars.map(v => [v.name, v]));
+  const afterMap = new Map(after.vars.map(v => [v.name, v]));
+
+  for (const [name, spec] of afterMap) {
+    if (!beforeMap.has(name)) {
+      diff.added.push(spec);
+    } else {
+      const prev = beforeMap.get(name);
+      if (prev.required !== spec.required) {
+        diff.changed.push({ before: prev, after: spec });
+      }
+    }
+  }
+
+  for (const [name, spec] of beforeMap) {
+    if (!afterMap.has(name)) {
+      diff.removed.push(spec);
+    }
+  }
+
+  return diff;
+}
+
+module.exports = {
+  buildEnvContract,
+  validateAgainstEnvContract,
+  diffEnvContracts
+};