@vibecheckai/cli 3.2.2 → 3.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/.generated +25 -25
- package/bin/dev/run-v2-torture.js +30 -30
- package/bin/runners/ENHANCEMENT_GUIDE.md +121 -121
- package/bin/runners/lib/__tests__/entitlements-v2.test.js +295 -295
- package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +474 -0
- package/bin/runners/lib/agent-firewall/claims/extractor.js +117 -28
- package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +23 -14
- package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +72 -1
- package/bin/runners/lib/agent-firewall/interceptor/base.js +2 -2
- package/bin/runners/lib/agent-firewall/policy/default-policy.json +6 -0
- package/bin/runners/lib/agent-firewall/policy/engine.js +34 -3
- package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +29 -4
- package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +12 -0
- package/bin/runners/lib/agent-firewall/truthpack/loader.js +21 -0
- package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +118 -0
- package/bin/runners/lib/analyzers.js +606 -325
- package/bin/runners/lib/auth-truth.js +193 -193
- package/bin/runners/lib/backup.js +62 -62
- package/bin/runners/lib/billing.js +107 -107
- package/bin/runners/lib/claims.js +118 -118
- package/bin/runners/lib/cli-ui.js +540 -540
- package/bin/runners/lib/contracts/auth-contract.js +202 -202
- package/bin/runners/lib/contracts/env-contract.js +181 -181
- package/bin/runners/lib/contracts/external-contract.js +206 -206
- package/bin/runners/lib/contracts/guard.js +168 -168
- package/bin/runners/lib/contracts/index.js +89 -89
- package/bin/runners/lib/contracts/plan-validator.js +311 -311
- package/bin/runners/lib/contracts/route-contract.js +199 -199
- package/bin/runners/lib/contracts.js +804 -804
- package/bin/runners/lib/detect.js +89 -89
- package/bin/runners/lib/doctor/autofix.js +254 -254
- package/bin/runners/lib/doctor/index.js +37 -37
- package/bin/runners/lib/doctor/modules/dependencies.js +325 -325
- package/bin/runners/lib/doctor/modules/index.js +46 -46
- package/bin/runners/lib/doctor/modules/network.js +250 -250
- package/bin/runners/lib/doctor/modules/project.js +312 -312
- package/bin/runners/lib/doctor/modules/runtime.js +224 -224
- package/bin/runners/lib/doctor/modules/security.js +348 -348
- package/bin/runners/lib/doctor/modules/system.js +213 -213
- package/bin/runners/lib/doctor/modules/vibecheck.js +394 -394
- package/bin/runners/lib/doctor/reporter.js +262 -262
- package/bin/runners/lib/doctor/service.js +262 -262
- package/bin/runners/lib/doctor/types.js +113 -113
- package/bin/runners/lib/doctor/ui.js +263 -263
- package/bin/runners/lib/doctor-v2.js +608 -608
- package/bin/runners/lib/drift.js +425 -425
- package/bin/runners/lib/enforcement.js +72 -72
- package/bin/runners/lib/engines/accessibility-engine.js +190 -0
- package/bin/runners/lib/engines/api-consistency-engine.js +162 -0
- package/bin/runners/lib/engines/ast-cache.js +99 -0
- package/bin/runners/lib/engines/code-quality-engine.js +255 -0
- package/bin/runners/lib/engines/console-logs-engine.js +115 -0
- package/bin/runners/lib/engines/cross-file-analysis-engine.js +268 -0
- package/bin/runners/lib/engines/dead-code-engine.js +198 -0
- package/bin/runners/lib/engines/deprecated-api-engine.js +226 -0
- package/bin/runners/lib/engines/empty-catch-engine.js +150 -0
- package/bin/runners/lib/engines/file-filter.js +131 -0
- package/bin/runners/lib/engines/hardcoded-secrets-engine.js +251 -0
- package/bin/runners/lib/engines/mock-data-engine.js +272 -0
- package/bin/runners/lib/engines/parallel-processor.js +71 -0
- package/bin/runners/lib/engines/performance-issues-engine.js +265 -0
- package/bin/runners/lib/engines/security-vulnerabilities-engine.js +243 -0
- package/bin/runners/lib/engines/todo-fixme-engine.js +115 -0
- package/bin/runners/lib/engines/type-aware-engine.js +152 -0
- package/bin/runners/lib/engines/unsafe-regex-engine.js +225 -0
- package/bin/runners/lib/engines/vibecheck-engines/README.md +53 -0
- package/bin/runners/lib/engines/vibecheck-engines/index.js +15 -0
- package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +164 -0
- package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +291 -0
- package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +83 -0
- package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +198 -0
- package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +275 -0
- package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +167 -0
- package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +217 -0
- package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +139 -0
- package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +140 -0
- package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +164 -0
- package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +234 -0
- package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +217 -0
- package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +78 -0
- package/bin/runners/lib/engines/vibecheck-engines/package.json +13 -0
- package/bin/runners/lib/enterprise-detect.js +603 -603
- package/bin/runners/lib/enterprise-init.js +942 -942
- package/bin/runners/lib/env-resolver.js +417 -417
- package/bin/runners/lib/env-template.js +66 -66
- package/bin/runners/lib/env.js +189 -189
- package/bin/runners/lib/extractors/client-calls.js +990 -990
- package/bin/runners/lib/extractors/fastify-route-dump.js +573 -573
- package/bin/runners/lib/extractors/fastify-routes.js +426 -426
- package/bin/runners/lib/extractors/index.js +363 -363
- package/bin/runners/lib/extractors/next-routes.js +524 -524
- package/bin/runners/lib/extractors/proof-graph.js +431 -431
- package/bin/runners/lib/extractors/route-matcher.js +451 -451
- package/bin/runners/lib/extractors/truthpack-v2.js +377 -377
- package/bin/runners/lib/extractors/ui-bindings.js +547 -547
- package/bin/runners/lib/findings-schema.js +281 -281
- package/bin/runners/lib/firewall-prompt.js +50 -50
- package/bin/runners/lib/global-flags.js +213 -213
- package/bin/runners/lib/graph/graph-builder.js +265 -265
- package/bin/runners/lib/graph/html-renderer.js +413 -413
- package/bin/runners/lib/graph/index.js +32 -32
- package/bin/runners/lib/graph/runtime-collector.js +215 -215
- package/bin/runners/lib/graph/static-extractor.js +518 -518
- package/bin/runners/lib/html-report.js +650 -650
- package/bin/runners/lib/interactive-menu.js +1496 -1496
- package/bin/runners/lib/llm.js +75 -75
- package/bin/runners/lib/meter.js +61 -61
- package/bin/runners/lib/missions/evidence.js +126 -126
- package/bin/runners/lib/patch.js +40 -40
- package/bin/runners/lib/permissions/auth-model.js +213 -213
- package/bin/runners/lib/permissions/idor-prover.js +205 -205
- package/bin/runners/lib/permissions/index.js +45 -45
- package/bin/runners/lib/permissions/matrix-builder.js +198 -198
- package/bin/runners/lib/pkgjson.js +28 -28
- package/bin/runners/lib/policy.js +295 -295
- package/bin/runners/lib/preflight.js +142 -142
- package/bin/runners/lib/reality/correlation-detectors.js +359 -359
- package/bin/runners/lib/reality/index.js +318 -318
- package/bin/runners/lib/reality/request-hashing.js +416 -416
- package/bin/runners/lib/reality/request-mapper.js +453 -453
- package/bin/runners/lib/reality/safety-rails.js +463 -463
- package/bin/runners/lib/reality/semantic-snapshot.js +408 -408
- package/bin/runners/lib/reality/toast-detector.js +393 -393
- package/bin/runners/lib/reality-findings.js +84 -84
- package/bin/runners/lib/receipts.js +179 -179
- package/bin/runners/lib/redact.js +29 -29
- package/bin/runners/lib/replay/capsule-manager.js +154 -154
- package/bin/runners/lib/replay/index.js +263 -263
- package/bin/runners/lib/replay/player.js +348 -348
- package/bin/runners/lib/replay/recorder.js +331 -331
- package/bin/runners/lib/report-output.js +187 -187
- package/bin/runners/lib/report.js +135 -135
- package/bin/runners/lib/route-detection.js +1140 -1140
- package/bin/runners/lib/sandbox/index.js +59 -59
- package/bin/runners/lib/sandbox/proof-chain.js +399 -399
- package/bin/runners/lib/sandbox/sandbox-runner.js +205 -205
- package/bin/runners/lib/sandbox/worktree.js +174 -174
- package/bin/runners/lib/scan-output.js +525 -190
- package/bin/runners/lib/schema-validator.js +350 -350
- package/bin/runners/lib/schemas/contracts.schema.json +160 -160
- package/bin/runners/lib/schemas/finding.schema.json +100 -100
- package/bin/runners/lib/schemas/mission-pack.schema.json +206 -206
- package/bin/runners/lib/schemas/proof-graph.schema.json +176 -176
- package/bin/runners/lib/schemas/reality-report.schema.json +162 -162
- package/bin/runners/lib/schemas/share-pack.schema.json +180 -180
- package/bin/runners/lib/schemas/ship-report.schema.json +117 -117
- package/bin/runners/lib/schemas/truthpack-v2.schema.json +303 -303
- package/bin/runners/lib/schemas/validator.js +438 -438
- package/bin/runners/lib/score-history.js +282 -282
- package/bin/runners/lib/share-pack.js +239 -239
- package/bin/runners/lib/snippets.js +67 -67
- package/bin/runners/lib/status-output.js +253 -253
- package/bin/runners/lib/terminal-ui.js +351 -271
- package/bin/runners/lib/upsell.js +510 -510
- package/bin/runners/lib/usage.js +153 -153
- package/bin/runners/lib/validate-patch.js +156 -156
- package/bin/runners/lib/verdict-engine.js +628 -628
- package/bin/runners/reality/engine.js +917 -917
- package/bin/runners/reality/flows.js +122 -122
- package/bin/runners/reality/report.js +378 -378
- package/bin/runners/reality/session.js +193 -193
- package/bin/runners/runGuard.js +168 -168
- package/bin/runners/runProof.zip +0 -0
- package/bin/runners/runProve.js +8 -0
- package/bin/runners/runReality.js +14 -0
- package/bin/runners/runScan.js +17 -1
- package/bin/runners/runTruth.js +15 -3
- package/mcp-server/tier-auth.js +4 -4
- package/mcp-server/tools/index.js +72 -72
- package/package.json +1 -1
|
@@ -1,168 +1,168 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Contract Guard
|
|
3
|
-
* Validates code against contracts - CI gate functionality
|
|
4
|
-
*/
|
|
5
|
-
|
|
6
|
-
"use strict";
|
|
7
|
-
|
|
8
|
-
const fs = require("fs");
|
|
9
|
-
const path = require("path");
|
|
10
|
-
const { validateAgainstRouteContract } = require("./route-contract");
|
|
11
|
-
const { validateAgainstEnvContract } = require("./env-contract");
|
|
12
|
-
const { validateAuthContract } = require("./auth-contract");
|
|
13
|
-
const { validateExternalContract } = require("./external-contract");
|
|
14
|
-
|
|
15
|
-
/**
|
|
16
|
-
* Load contracts from .vibecheck/contracts/
|
|
17
|
-
*/
|
|
18
|
-
function loadContracts(repoRoot) {
|
|
19
|
-
const contractDir = path.join(repoRoot, ".vibecheck", "contracts");
|
|
20
|
-
const contracts = {};
|
|
21
|
-
|
|
22
|
-
const files = {
|
|
23
|
-
routes: "routes.json",
|
|
24
|
-
env: "env.json",
|
|
25
|
-
auth: "auth.json",
|
|
26
|
-
external: "external.json"
|
|
27
|
-
};
|
|
28
|
-
|
|
29
|
-
for (const [key, file] of Object.entries(files)) {
|
|
30
|
-
const filePath = path.join(contractDir, file);
|
|
31
|
-
if (fs.existsSync(filePath)) {
|
|
32
|
-
try {
|
|
33
|
-
contracts[key] = JSON.parse(fs.readFileSync(filePath, "utf8"));
|
|
34
|
-
} catch (e) {
|
|
35
|
-
console.warn(`Warning: Could not parse ${file}: ${e.message}`);
|
|
36
|
-
}
|
|
37
|
-
}
|
|
38
|
-
}
|
|
39
|
-
|
|
40
|
-
return contracts;
|
|
41
|
-
}
|
|
42
|
-
|
|
43
|
-
/**
|
|
44
|
-
* Save contracts to .vibecheck/contracts/
|
|
45
|
-
*/
|
|
46
|
-
function saveContracts(repoRoot, contracts) {
|
|
47
|
-
const contractDir = path.join(repoRoot, ".vibecheck", "contracts");
|
|
48
|
-
fs.mkdirSync(contractDir, { recursive: true });
|
|
49
|
-
|
|
50
|
-
const files = {
|
|
51
|
-
routes: "routes.json",
|
|
52
|
-
env: "env.json",
|
|
53
|
-
auth: "auth.json",
|
|
54
|
-
external: "external.json"
|
|
55
|
-
};
|
|
56
|
-
|
|
57
|
-
for (const [key, file] of Object.entries(files)) {
|
|
58
|
-
if (contracts[key]) {
|
|
59
|
-
const filePath = path.join(contractDir, file);
|
|
60
|
-
fs.writeFileSync(filePath, JSON.stringify(contracts[key], null, 2), "utf8");
|
|
61
|
-
}
|
|
62
|
-
}
|
|
63
|
-
}
|
|
64
|
-
|
|
65
|
-
/**
|
|
66
|
-
* Guard: Validate current code against contracts
|
|
67
|
-
*/
|
|
68
|
-
function guardContracts(contracts, truthpack, options = {}) {
|
|
69
|
-
const violations = [];
|
|
70
|
-
|
|
71
|
-
// Route contract validation
|
|
72
|
-
if (contracts.routes && truthpack?.routes?.clientRefs) {
|
|
73
|
-
const routeViolations = validateAgainstRouteContract(
|
|
74
|
-
contracts.routes,
|
|
75
|
-
truthpack.routes.clientRefs
|
|
76
|
-
);
|
|
77
|
-
violations.push(...routeViolations);
|
|
78
|
-
}
|
|
79
|
-
|
|
80
|
-
// Env contract validation
|
|
81
|
-
if (contracts.env && truthpack?.env?.vars) {
|
|
82
|
-
const envViolations = validateAgainstEnvContract(
|
|
83
|
-
contracts.env,
|
|
84
|
-
truthpack.env.vars
|
|
85
|
-
);
|
|
86
|
-
violations.push(...envViolations);
|
|
87
|
-
}
|
|
88
|
-
|
|
89
|
-
// Auth contract validation
|
|
90
|
-
if (contracts.auth && truthpack?.routes?.server) {
|
|
91
|
-
const authViolations = validateAuthContract(
|
|
92
|
-
contracts.auth,
|
|
93
|
-
truthpack.routes.server,
|
|
94
|
-
options.realityResults
|
|
95
|
-
);
|
|
96
|
-
violations.push(...authViolations);
|
|
97
|
-
}
|
|
98
|
-
|
|
99
|
-
// External contract validation
|
|
100
|
-
if (contracts.external) {
|
|
101
|
-
const externalViolations = validateExternalContract(contracts.external);
|
|
102
|
-
violations.push(...externalViolations);
|
|
103
|
-
}
|
|
104
|
-
|
|
105
|
-
return {
|
|
106
|
-
valid: violations.filter(v => v.severity === "BLOCK").length === 0,
|
|
107
|
-
violations,
|
|
108
|
-
blocks: violations.filter(v => v.severity === "BLOCK"),
|
|
109
|
-
warns: violations.filter(v => v.severity === "WARN")
|
|
110
|
-
};
|
|
111
|
-
}
|
|
112
|
-
|
|
113
|
-
/**
|
|
114
|
-
* Get guard summary for CI output
|
|
115
|
-
*/
|
|
116
|
-
function getGuardSummary(guardResult) {
|
|
117
|
-
const { valid, blocks, warns } = guardResult;
|
|
118
|
-
|
|
119
|
-
return {
|
|
120
|
-
verdict: valid ? (warns.length ? "WARN" : "PASS") : "BLOCK",
|
|
121
|
-
exitCode: valid ? (warns.length ? 1 : 0) : 2,
|
|
122
|
-
summary: {
|
|
123
|
-
blocks: blocks.length,
|
|
124
|
-
warns: warns.length,
|
|
125
|
-
total: blocks.length + warns.length
|
|
126
|
-
},
|
|
127
|
-
violations: guardResult.violations
|
|
128
|
-
};
|
|
129
|
-
}
|
|
130
|
-
|
|
131
|
-
/**
|
|
132
|
-
* Format guard result for console output
|
|
133
|
-
*/
|
|
134
|
-
function formatGuardResult(guardResult) {
|
|
135
|
-
const lines = [];
|
|
136
|
-
const { violations, blocks, warns } = guardResult;
|
|
137
|
-
|
|
138
|
-
if (violations.length === 0) {
|
|
139
|
-
lines.push("✓ All contracts satisfied");
|
|
140
|
-
return lines.join("\n");
|
|
141
|
-
}
|
|
142
|
-
|
|
143
|
-
if (blocks.length > 0) {
|
|
144
|
-
lines.push(`\n🛑 BLOCKS (${blocks.length}):`);
|
|
145
|
-
for (const v of blocks) {
|
|
146
|
-
lines.push(` ✗ [${v.type}] ${v.message}`);
|
|
147
|
-
if (v.route) lines.push(` Route: ${v.route}`);
|
|
148
|
-
if (v.name) lines.push(` Var: ${v.name}`);
|
|
149
|
-
}
|
|
150
|
-
}
|
|
151
|
-
|
|
152
|
-
if (warns.length > 0) {
|
|
153
|
-
lines.push(`\n⚠️ WARNINGS (${warns.length}):`);
|
|
154
|
-
for (const v of warns) {
|
|
155
|
-
lines.push(` ⚠ [${v.type}] ${v.message}`);
|
|
156
|
-
}
|
|
157
|
-
}
|
|
158
|
-
|
|
159
|
-
return lines.join("\n");
|
|
160
|
-
}
|
|
161
|
-
|
|
162
|
-
module.exports = {
|
|
163
|
-
loadContracts,
|
|
164
|
-
saveContracts,
|
|
165
|
-
guardContracts,
|
|
166
|
-
getGuardSummary,
|
|
167
|
-
formatGuardResult
|
|
168
|
-
};
|
|
1
|
+
/**
|
|
2
|
+
* Contract Guard
|
|
3
|
+
* Validates code against contracts - CI gate functionality
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
"use strict";
|
|
7
|
+
|
|
8
|
+
const fs = require("fs");
|
|
9
|
+
const path = require("path");
|
|
10
|
+
const { validateAgainstRouteContract } = require("./route-contract");
|
|
11
|
+
const { validateAgainstEnvContract } = require("./env-contract");
|
|
12
|
+
const { validateAuthContract } = require("./auth-contract");
|
|
13
|
+
const { validateExternalContract } = require("./external-contract");
|
|
14
|
+
|
|
15
|
+
/**
|
|
16
|
+
* Load contracts from .vibecheck/contracts/
|
|
17
|
+
*/
|
|
18
|
+
function loadContracts(repoRoot) {
|
|
19
|
+
const contractDir = path.join(repoRoot, ".vibecheck", "contracts");
|
|
20
|
+
const contracts = {};
|
|
21
|
+
|
|
22
|
+
const files = {
|
|
23
|
+
routes: "routes.json",
|
|
24
|
+
env: "env.json",
|
|
25
|
+
auth: "auth.json",
|
|
26
|
+
external: "external.json"
|
|
27
|
+
};
|
|
28
|
+
|
|
29
|
+
for (const [key, file] of Object.entries(files)) {
|
|
30
|
+
const filePath = path.join(contractDir, file);
|
|
31
|
+
if (fs.existsSync(filePath)) {
|
|
32
|
+
try {
|
|
33
|
+
contracts[key] = JSON.parse(fs.readFileSync(filePath, "utf8"));
|
|
34
|
+
} catch (e) {
|
|
35
|
+
console.warn(`Warning: Could not parse ${file}: ${e.message}`);
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
return contracts;
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
/**
|
|
44
|
+
* Save contracts to .vibecheck/contracts/
|
|
45
|
+
*/
|
|
46
|
+
function saveContracts(repoRoot, contracts) {
|
|
47
|
+
const contractDir = path.join(repoRoot, ".vibecheck", "contracts");
|
|
48
|
+
fs.mkdirSync(contractDir, { recursive: true });
|
|
49
|
+
|
|
50
|
+
const files = {
|
|
51
|
+
routes: "routes.json",
|
|
52
|
+
env: "env.json",
|
|
53
|
+
auth: "auth.json",
|
|
54
|
+
external: "external.json"
|
|
55
|
+
};
|
|
56
|
+
|
|
57
|
+
for (const [key, file] of Object.entries(files)) {
|
|
58
|
+
if (contracts[key]) {
|
|
59
|
+
const filePath = path.join(contractDir, file);
|
|
60
|
+
fs.writeFileSync(filePath, JSON.stringify(contracts[key], null, 2), "utf8");
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
|
|
65
|
+
/**
|
|
66
|
+
* Guard: Validate current code against contracts
|
|
67
|
+
*/
|
|
68
|
+
function guardContracts(contracts, truthpack, options = {}) {
|
|
69
|
+
const violations = [];
|
|
70
|
+
|
|
71
|
+
// Route contract validation
|
|
72
|
+
if (contracts.routes && truthpack?.routes?.clientRefs) {
|
|
73
|
+
const routeViolations = validateAgainstRouteContract(
|
|
74
|
+
contracts.routes,
|
|
75
|
+
truthpack.routes.clientRefs
|
|
76
|
+
);
|
|
77
|
+
violations.push(...routeViolations);
|
|
78
|
+
}
|
|
79
|
+
|
|
80
|
+
// Env contract validation
|
|
81
|
+
if (contracts.env && truthpack?.env?.vars) {
|
|
82
|
+
const envViolations = validateAgainstEnvContract(
|
|
83
|
+
contracts.env,
|
|
84
|
+
truthpack.env.vars
|
|
85
|
+
);
|
|
86
|
+
violations.push(...envViolations);
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
// Auth contract validation
|
|
90
|
+
if (contracts.auth && truthpack?.routes?.server) {
|
|
91
|
+
const authViolations = validateAuthContract(
|
|
92
|
+
contracts.auth,
|
|
93
|
+
truthpack.routes.server,
|
|
94
|
+
options.realityResults
|
|
95
|
+
);
|
|
96
|
+
violations.push(...authViolations);
|
|
97
|
+
}
|
|
98
|
+
|
|
99
|
+
// External contract validation
|
|
100
|
+
if (contracts.external) {
|
|
101
|
+
const externalViolations = validateExternalContract(contracts.external);
|
|
102
|
+
violations.push(...externalViolations);
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
return {
|
|
106
|
+
valid: violations.filter(v => v.severity === "BLOCK").length === 0,
|
|
107
|
+
violations,
|
|
108
|
+
blocks: violations.filter(v => v.severity === "BLOCK"),
|
|
109
|
+
warns: violations.filter(v => v.severity === "WARN")
|
|
110
|
+
};
|
|
111
|
+
}
|
|
112
|
+
|
|
113
|
+
/**
|
|
114
|
+
* Get guard summary for CI output
|
|
115
|
+
*/
|
|
116
|
+
function getGuardSummary(guardResult) {
|
|
117
|
+
const { valid, blocks, warns } = guardResult;
|
|
118
|
+
|
|
119
|
+
return {
|
|
120
|
+
verdict: valid ? (warns.length ? "WARN" : "PASS") : "BLOCK",
|
|
121
|
+
exitCode: valid ? (warns.length ? 1 : 0) : 2,
|
|
122
|
+
summary: {
|
|
123
|
+
blocks: blocks.length,
|
|
124
|
+
warns: warns.length,
|
|
125
|
+
total: blocks.length + warns.length
|
|
126
|
+
},
|
|
127
|
+
violations: guardResult.violations
|
|
128
|
+
};
|
|
129
|
+
}
|
|
130
|
+
|
|
131
|
+
/**
|
|
132
|
+
* Format guard result for console output
|
|
133
|
+
*/
|
|
134
|
+
function formatGuardResult(guardResult) {
|
|
135
|
+
const lines = [];
|
|
136
|
+
const { violations, blocks, warns } = guardResult;
|
|
137
|
+
|
|
138
|
+
if (violations.length === 0) {
|
|
139
|
+
lines.push("✓ All contracts satisfied");
|
|
140
|
+
return lines.join("\n");
|
|
141
|
+
}
|
|
142
|
+
|
|
143
|
+
if (blocks.length > 0) {
|
|
144
|
+
lines.push(`\n🛑 BLOCKS (${blocks.length}):`);
|
|
145
|
+
for (const v of blocks) {
|
|
146
|
+
lines.push(` ✗ [${v.type}] ${v.message}`);
|
|
147
|
+
if (v.route) lines.push(` Route: ${v.route}`);
|
|
148
|
+
if (v.name) lines.push(` Var: ${v.name}`);
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
|
|
152
|
+
if (warns.length > 0) {
|
|
153
|
+
lines.push(`\n⚠️ WARNINGS (${warns.length}):`);
|
|
154
|
+
for (const v of warns) {
|
|
155
|
+
lines.push(` ⚠ [${v.type}] ${v.message}`);
|
|
156
|
+
}
|
|
157
|
+
}
|
|
158
|
+
|
|
159
|
+
return lines.join("\n");
|
|
160
|
+
}
|
|
161
|
+
|
|
162
|
+
module.exports = {
|
|
163
|
+
loadContracts,
|
|
164
|
+
saveContracts,
|
|
165
|
+
guardContracts,
|
|
166
|
+
getGuardSummary,
|
|
167
|
+
formatGuardResult
|
|
168
|
+
};
|
|
@@ -1,89 +1,89 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Context Contracts - Module Index
|
|
3
|
-
*
|
|
4
|
-
* Exports all contract functionality for CLI and MCP use
|
|
5
|
-
*/
|
|
6
|
-
|
|
7
|
-
"use strict";
|
|
8
|
-
|
|
9
|
-
const { buildRouteContract, validateAgainstRouteContract, diffRouteContracts } = require("./route-contract");
|
|
10
|
-
const { buildEnvContract, validateAgainstEnvContract, diffEnvContracts } = require("./env-contract");
|
|
11
|
-
const { buildAuthContract, validateAuthContract, diffAuthContracts } = require("./auth-contract");
|
|
12
|
-
const { buildExternalContract, validateExternalContract, diffExternalContracts } = require("./external-contract");
|
|
13
|
-
const { loadContracts, saveContracts, guardContracts, getGuardSummary, formatGuardResult } = require("./guard");
|
|
14
|
-
const { validatePlan, parsePlanActions, formatValidationResult } = require("./plan-validator");
|
|
15
|
-
|
|
16
|
-
/**
|
|
17
|
-
* Build all contracts from truthpack
|
|
18
|
-
*/
|
|
19
|
-
function buildAllContracts(truthpack) {
|
|
20
|
-
return {
|
|
21
|
-
routes: buildRouteContract(truthpack),
|
|
22
|
-
env: buildEnvContract(truthpack),
|
|
23
|
-
auth: buildAuthContract(truthpack),
|
|
24
|
-
external: buildExternalContract(truthpack)
|
|
25
|
-
};
|
|
26
|
-
}
|
|
27
|
-
|
|
28
|
-
/**
|
|
29
|
-
* Diff all contracts
|
|
30
|
-
*/
|
|
31
|
-
function diffAllContracts(before, after) {
|
|
32
|
-
return {
|
|
33
|
-
routes: before.routes && after.routes ? diffRouteContracts(before.routes, after.routes) : null,
|
|
34
|
-
env: before.env && after.env ? diffEnvContracts(before.env, after.env) : null,
|
|
35
|
-
auth: before.auth && after.auth ? diffAuthContracts(before.auth, after.auth) : null,
|
|
36
|
-
external: before.external && after.external ? diffExternalContracts(before.external, after.external) : null
|
|
37
|
-
};
|
|
38
|
-
}
|
|
39
|
-
|
|
40
|
-
/**
|
|
41
|
-
* Check if contracts have meaningful changes
|
|
42
|
-
*/
|
|
43
|
-
function hasContractChanges(diff) {
|
|
44
|
-
if (!diff) return false;
|
|
45
|
-
|
|
46
|
-
const checkDiff = (d) => {
|
|
47
|
-
if (!d) return false;
|
|
48
|
-
return (d.added?.length > 0) || (d.removed?.length > 0) || (d.changed?.length > 0) ||
|
|
49
|
-
(d.protectedAdded?.length > 0) || (d.protectedRemoved?.length > 0);
|
|
50
|
-
};
|
|
51
|
-
|
|
52
|
-
return checkDiff(diff.routes) || checkDiff(diff.env) ||
|
|
53
|
-
checkDiff(diff.auth) || checkDiff(diff.external);
|
|
54
|
-
}
|
|
55
|
-
|
|
56
|
-
module.exports = {
|
|
57
|
-
// Contract builders
|
|
58
|
-
buildRouteContract,
|
|
59
|
-
buildEnvContract,
|
|
60
|
-
buildAuthContract,
|
|
61
|
-
buildExternalContract,
|
|
62
|
-
buildAllContracts,
|
|
63
|
-
|
|
64
|
-
// Contract validation
|
|
65
|
-
validateAgainstRouteContract,
|
|
66
|
-
validateAgainstEnvContract,
|
|
67
|
-
validateAuthContract,
|
|
68
|
-
validateExternalContract,
|
|
69
|
-
|
|
70
|
-
// Contract diffing
|
|
71
|
-
diffRouteContracts,
|
|
72
|
-
diffEnvContracts,
|
|
73
|
-
diffAuthContracts,
|
|
74
|
-
diffExternalContracts,
|
|
75
|
-
diffAllContracts,
|
|
76
|
-
hasContractChanges,
|
|
77
|
-
|
|
78
|
-
// Guard (CI gate)
|
|
79
|
-
loadContracts,
|
|
80
|
-
saveContracts,
|
|
81
|
-
guardContracts,
|
|
82
|
-
getGuardSummary,
|
|
83
|
-
formatGuardResult,
|
|
84
|
-
|
|
85
|
-
// Plan validation (hallucination stopper)
|
|
86
|
-
validatePlan,
|
|
87
|
-
parsePlanActions,
|
|
88
|
-
formatValidationResult
|
|
89
|
-
};
|
|
1
|
+
/**
|
|
2
|
+
* Context Contracts - Module Index
|
|
3
|
+
*
|
|
4
|
+
* Exports all contract functionality for CLI and MCP use
|
|
5
|
+
*/
|
|
6
|
+
|
|
7
|
+
"use strict";
|
|
8
|
+
|
|
9
|
+
const { buildRouteContract, validateAgainstRouteContract, diffRouteContracts } = require("./route-contract");
|
|
10
|
+
const { buildEnvContract, validateAgainstEnvContract, diffEnvContracts } = require("./env-contract");
|
|
11
|
+
const { buildAuthContract, validateAuthContract, diffAuthContracts } = require("./auth-contract");
|
|
12
|
+
const { buildExternalContract, validateExternalContract, diffExternalContracts } = require("./external-contract");
|
|
13
|
+
const { loadContracts, saveContracts, guardContracts, getGuardSummary, formatGuardResult } = require("./guard");
|
|
14
|
+
const { validatePlan, parsePlanActions, formatValidationResult } = require("./plan-validator");
|
|
15
|
+
|
|
16
|
+
/**
|
|
17
|
+
* Build all contracts from truthpack
|
|
18
|
+
*/
|
|
19
|
+
function buildAllContracts(truthpack) {
|
|
20
|
+
return {
|
|
21
|
+
routes: buildRouteContract(truthpack),
|
|
22
|
+
env: buildEnvContract(truthpack),
|
|
23
|
+
auth: buildAuthContract(truthpack),
|
|
24
|
+
external: buildExternalContract(truthpack)
|
|
25
|
+
};
|
|
26
|
+
}
|
|
27
|
+
|
|
28
|
+
/**
|
|
29
|
+
* Diff all contracts
|
|
30
|
+
*/
|
|
31
|
+
function diffAllContracts(before, after) {
|
|
32
|
+
return {
|
|
33
|
+
routes: before.routes && after.routes ? diffRouteContracts(before.routes, after.routes) : null,
|
|
34
|
+
env: before.env && after.env ? diffEnvContracts(before.env, after.env) : null,
|
|
35
|
+
auth: before.auth && after.auth ? diffAuthContracts(before.auth, after.auth) : null,
|
|
36
|
+
external: before.external && after.external ? diffExternalContracts(before.external, after.external) : null
|
|
37
|
+
};
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
/**
|
|
41
|
+
* Check if contracts have meaningful changes
|
|
42
|
+
*/
|
|
43
|
+
function hasContractChanges(diff) {
|
|
44
|
+
if (!diff) return false;
|
|
45
|
+
|
|
46
|
+
const checkDiff = (d) => {
|
|
47
|
+
if (!d) return false;
|
|
48
|
+
return (d.added?.length > 0) || (d.removed?.length > 0) || (d.changed?.length > 0) ||
|
|
49
|
+
(d.protectedAdded?.length > 0) || (d.protectedRemoved?.length > 0);
|
|
50
|
+
};
|
|
51
|
+
|
|
52
|
+
return checkDiff(diff.routes) || checkDiff(diff.env) ||
|
|
53
|
+
checkDiff(diff.auth) || checkDiff(diff.external);
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
module.exports = {
|
|
57
|
+
// Contract builders
|
|
58
|
+
buildRouteContract,
|
|
59
|
+
buildEnvContract,
|
|
60
|
+
buildAuthContract,
|
|
61
|
+
buildExternalContract,
|
|
62
|
+
buildAllContracts,
|
|
63
|
+
|
|
64
|
+
// Contract validation
|
|
65
|
+
validateAgainstRouteContract,
|
|
66
|
+
validateAgainstEnvContract,
|
|
67
|
+
validateAuthContract,
|
|
68
|
+
validateExternalContract,
|
|
69
|
+
|
|
70
|
+
// Contract diffing
|
|
71
|
+
diffRouteContracts,
|
|
72
|
+
diffEnvContracts,
|
|
73
|
+
diffAuthContracts,
|
|
74
|
+
diffExternalContracts,
|
|
75
|
+
diffAllContracts,
|
|
76
|
+
hasContractChanges,
|
|
77
|
+
|
|
78
|
+
// Guard (CI gate)
|
|
79
|
+
loadContracts,
|
|
80
|
+
saveContracts,
|
|
81
|
+
guardContracts,
|
|
82
|
+
getGuardSummary,
|
|
83
|
+
formatGuardResult,
|
|
84
|
+
|
|
85
|
+
// Plan validation (hallucination stopper)
|
|
86
|
+
validatePlan,
|
|
87
|
+
parsePlanActions,
|
|
88
|
+
formatValidationResult
|
|
89
|
+
};
|