@vibecheckai/cli 3.2.2 → 3.2.4

package/bin/runners/lib/enforcement.js

@@ -1,72 +1,72 @@
-// bin/runners/lib/enforcement.js
-const fs = require("fs");
-const path = require("path");
-
-const ENFORCE_HINTS = [
-  "enforceFeature",
-  "enforceLimit",
-  "getEntitlements",
-  "requirePlan",
-  "requireTier",
-  "requireSubscription",
-  "checkAccess",
-  "entitlements",
-  "plan",
-  "tier",
-  "subscription",
-  "stripe",
-  "credits"
-];
-
-function looksPaidSurface(routePath) {
-  const p = String(routePath || "");
-  return (
-    p.includes("/api/ship") ||
-    p.includes("/api/verdict") ||
-    p.includes("/api/fix") ||
-    p.includes("/api/autopilot") ||
-    p.includes("/api/missions") ||
-    p.includes("/api/pr") ||
-    p.includes("/api/credits") ||
-    p.includes("/api/billing") ||
-    p.includes("/api/stripe") ||
-    p.includes("/api/entitlements")
-  );
-}
-
-function handlerHasEnforcementSignal(repoRoot, handlerRel) {
-  const abs = path.join(repoRoot, handlerRel);
-  if (!fs.existsSync(abs)) return { ok: false, hits: [] };
-
-  const code = fs.readFileSync(abs, "utf8");
-  const hits = ENFORCE_HINTS.filter(k => code.includes(k));
-  return { ok: hits.length > 0, hits };
-}
-
-function buildEnforcementTruth(repoRoot, serverRoutes) {
-  const checked = [];
-  const routeList = serverRoutes || [];
-
-  for (const r of routeList) {
-    if (!r.handler) continue;
-    if (!looksPaidSurface(r.path)) continue;
-
-    const res = handlerHasEnforcementSignal(repoRoot, r.handler);
-    checked.push({
-      method: r.method,
-      path: r.path,
-      handler: r.handler,
-      enforced: res.ok,
-      hits: res.hits
-    });
-  }
-
-  return {
-    checkedCount: checked.length,
-    enforcedCount: checked.filter(x => x.enforced).length,
-    missingCount: checked.filter(x => !x.enforced).length,
-    checks: checked
-  };
-}
-
-module.exports = { buildEnforcementTruth };
+// bin/runners/lib/enforcement.js
+const fs = require("fs");
+const path = require("path");
+
+const ENFORCE_HINTS = [
+  "enforceFeature",
+  "enforceLimit",
+  "getEntitlements",
+  "requirePlan",
+  "requireTier",
+  "requireSubscription",
+  "checkAccess",
+  "entitlements",
+  "plan",
+  "tier",
+  "subscription",
+  "stripe",
+  "credits"
+];
+
+function looksPaidSurface(routePath) {
+  const p = String(routePath || "");
+  return (
+    p.includes("/api/ship") ||
+    p.includes("/api/verdict") ||
+    p.includes("/api/fix") ||
+    p.includes("/api/autopilot") ||
+    p.includes("/api/missions") ||
+    p.includes("/api/pr") ||
+    p.includes("/api/credits") ||
+    p.includes("/api/billing") ||
+    p.includes("/api/stripe") ||
+    p.includes("/api/entitlements")
+  );
+}
+
+function handlerHasEnforcementSignal(repoRoot, handlerRel) {
+  const abs = path.join(repoRoot, handlerRel);
+  if (!fs.existsSync(abs)) return { ok: false, hits: [] };
+
+  const code = fs.readFileSync(abs, "utf8");
+  const hits = ENFORCE_HINTS.filter(k => code.includes(k));
+  return { ok: hits.length > 0, hits };
+}
+
+function buildEnforcementTruth(repoRoot, serverRoutes) {
+  const checked = [];
+  const routeList = serverRoutes || [];
+
+  for (const r of routeList) {
+    if (!r.handler) continue;
+    if (!looksPaidSurface(r.path)) continue;
+
+    const res = handlerHasEnforcementSignal(repoRoot, r.handler);
+    checked.push({
+      method: r.method,
+      path: r.path,
+      handler: r.handler,
+      enforced: res.ok,
+      hits: res.hits
+    });
+  }
+
+  return {
+    checkedCount: checked.length,
+    enforcedCount: checked.filter(x => x.enforced).length,
+    missingCount: checked.filter(x => !x.enforced).length,
+    checks: checked
+  };
+}
+
+module.exports = { buildEnforcementTruth };

package/bin/runners/lib/engines/accessibility-engine.js

@@ -0,0 +1,190 @@
+/**
+ * Accessibility Analysis Engine
+ * Detects accessibility issues in React/JSX code
+ */
+
+const { getAST } = require("./ast-cache");
+const traverse = require("@babel/traverse").default;
+const t = require("@babel/types");
+
+/**
+ * Analyze accessibility issues
+ */
+function analyzeAccessibility(code, filePath) {
+  const findings = [];
+  const ast = getAST(code, filePath);
+  if (!ast) return findings;
+
+  const lines = code.split("\n");
+  const isJSX = filePath.endsWith(".jsx") || filePath.endsWith(".tsx");
+
+  if (!isJSX) return findings; // Only analyze JSX files
+
+  traverse(ast, {
+    JSXElement(path) {
+      const node = path.node;
+      const openingElement = node.openingElement;
+      const tagName = openingElement.name.name;
+      
+      // Missing alt text on images
+      if (tagName === "img") {
+        const hasAlt = openingElement.attributes.some(attr => 
+          t.isJSXAttribute(attr) && attr.name.name === "alt"
+        );
+        
+        if (!hasAlt) {
+          const line = openingElement.loc.start.line;
+          findings.push({
+            type: "missing_alt_text",
+            severity: "BLOCK",
+            category: "Accessibility",
+            file: filePath,
+            line,
+            column: openingElement.loc.start.column,
+            title: "Image missing alt text",
+            message: "Images must have alt text for screen readers",
+            codeSnippet: lines[line - 1]?.trim(),
+            confidence: "high",
+          });
+        }
+      }
+      
+      // Interactive elements without accessible labels
+      const interactiveElements = ["button", "a", "input", "select", "textarea"];
+      if (interactiveElements.includes(tagName)) {
+        const hasLabel = openingElement.attributes.some(attr => 
+          t.isJSXAttribute(attr) && 
+          (attr.name.name === "aria-label" || 
+           attr.name.name === "aria-labelledby" ||
+           attr.name.name === "title")
+        );
+        
+        // Check for associated label element
+        const hasAssociatedLabel = path.findParent(p => {
+          if (t.isJSXElement(p.node)) {
+            return p.node.openingElement.name.name === "label";
+          }
+          return false;
+        });
+        
+        if (!hasLabel && !hasAssociatedLabel && tagName !== "a") {
+          const line = openingElement.loc.start.line;
+          findings.push({
+            type: "missing_accessible_label",
+            severity: "WARN",
+            category: "Accessibility",
+            file: filePath,
+            line,
+            column: openingElement.loc.start.column,
+            title: `${tagName} element missing accessible label`,
+            message: `Add aria-label, aria-labelledby, or wrap in <label>`,
+            codeSnippet: lines[line - 1]?.trim(),
+            confidence: "med",
+          });
+        }
+      }
+      
+      // Missing form labels
+      if (tagName === "input" || tagName === "select" || tagName === "textarea") {
+        const inputType = openingElement.attributes.find(attr => 
+          t.isJSXAttribute(attr) && attr.name.name === "type"
+        );
+        const typeValue = inputType && t.isStringLiteral(inputType.value) 
+          ? inputType.value.value 
+          : "text";
+        
+        // Skip hidden inputs
+        if (typeValue === "hidden") return;
+        
+        const hasLabel = openingElement.attributes.some(attr => 
+          t.isJSXAttribute(attr) && 
+          (attr.name.name === "aria-label" || 
+           attr.name.name === "aria-labelledby" ||
+           attr.name.name === "id")
+        );
+        
+        if (!hasLabel) {
+          const line = openingElement.loc.start.line;
+          findings.push({
+            type: "missing_form_label",
+            severity: "WARN",
+            category: "Accessibility",
+            file: filePath,
+            line,
+            column: openingElement.loc.start.column,
+            title: "Form input missing label",
+            message: "Form inputs should have associated labels",
+            codeSnippet: lines[line - 1]?.trim(),
+            confidence: "med",
+          });
+        }
+      }
+      
+      // Missing keyboard handlers on interactive elements
+      if (tagName === "div" || tagName === "span") {
+        const hasOnClick = openingElement.attributes.some(attr => 
+          t.isJSXAttribute(attr) && 
+          (attr.name.name === "onClick" || attr.name.name === "onKeyDown")
+        );
+        
+        const hasRole = openingElement.attributes.some(attr => 
+          t.isJSXAttribute(attr) && attr.name.name === "role"
+        );
+        
+        if (hasOnClick && !hasRole) {
+          const line = openingElement.loc.start.line;
+          findings.push({
+            type: "missing_keyboard_handler",
+            severity: "WARN",
+            category: "Accessibility",
+            file: filePath,
+            line,
+            column: openingElement.loc.start.column,
+            title: "Interactive element missing keyboard support",
+            message: "Elements with onClick should have onKeyDown and proper role",
+            codeSnippet: lines[line - 1]?.trim(),
+            confidence: "med",
+          });
+        }
+      }
+      
+      // Color contrast issues (heuristic: inline styles with low contrast colors)
+      const styleAttr = openingElement.attributes.find(attr => 
+        t.isJSXAttribute(attr) && attr.name.name === "style"
+      );
+      
+      if (styleAttr && t.isJSXExpressionContainer(styleAttr.value)) {
+        const styleExpr = styleAttr.value.expression;
+        if (t.isObjectExpression(styleExpr)) {
+          const colorProp = styleExpr.properties.find(prop => 
+            t.isObjectProperty(prop) && 
+            t.isIdentifier(prop.key) && 
+            prop.key.name === "color"
+          );
+          
+          if (colorProp) {
+            const line = openingElement.loc.start.line;
+            findings.push({
+              type: "potential_contrast_issue",
+              severity: "WARN",
+              category: "Accessibility",
+              file: filePath,
+              line,
+              column: openingElement.loc.start.column,
+              title: "Potential color contrast issue",
+              message: "Inline color styles may not meet WCAG contrast requirements - verify with contrast checker",
+              codeSnippet: lines[line - 1]?.trim(),
+              confidence: "low",
+            });
+          }
+        }
+      }
+    },
+  });
+
+  return findings;
+}
+
+module.exports = {
+  analyzeAccessibility,
+};

package/bin/runners/lib/engines/api-consistency-engine.js

@@ -0,0 +1,162 @@
+/**
+ * API Consistency Engine
+ * Checks API route consistency, response formats, error handling patterns
+ */
+
+const { getAST } = require("./ast-cache");
+const traverse = require("@babel/traverse").default;
+const t = require("@babel/types");
+
+/**
+ * Analyze API consistency issues
+ */
+function analyzeAPIConsistency(code, filePath) {
+  const findings = [];
+  const ast = getAST(code, filePath);
+  if (!ast) return findings;
+
+  const lines = code.split("\n");
+  const isAPIRoute = filePath.includes("/api/") || filePath.includes("/routes/");
+
+  if (!isAPIRoute) return findings;
+
+  const responseFormats = new Set();
+  const errorHandlingPatterns = new Set();
+  let hasErrorHandler = false;
+
+  traverse(ast, {
+    // Check response formats
+    CallExpression(path) {
+      const node = path.node;
+      
+      // Next.js API routes
+      if (t.isMemberExpression(node.callee) && 
+          t.isIdentifier(node.callee.object, { name: "NextResponse" })) {
+        const method = node.callee.property.name;
+        if (["json", "redirect", "next"].includes(method)) {
+          responseFormats.add(`NextResponse.${method}`);
+        }
+      }
+      
+      // Express-style responses
+      if (t.isMemberExpression(node.callee)) {
+        const prop = node.callee.property;
+        if (t.isIdentifier(prop) && 
+            ["json", "send", "status", "redirect"].includes(prop.name)) {
+          responseFormats.add(`res.${prop.name}`);
+        }
+      }
+      
+      // Error handling
+      if (t.isMemberExpression(node.callee) && 
+          t.isIdentifier(node.callee.property, { name: "catch" })) {
+        hasErrorHandler = true;
+        errorHandlingPatterns.add("promise.catch");
+      }
+    },
+    
+    // Try-catch blocks
+    TryStatement(path) {
+      hasErrorHandler = true;
+      errorHandlingPatterns.add("try-catch");
+    },
+    
+    // Check for inconsistent error responses
+    IfStatement(path) {
+      const test = path.node.test;
+      if (t.isBinaryExpression(test) && 
+          (test.operator === "===" || test.operator === "==")) {
+        const left = test.left;
+        const right = test.right;
+        
+        // Check for error status checks
+        if ((t.isMemberExpression(left) && 
+             t.isIdentifier(left.property, { name: "status" })) ||
+            (t.isMemberExpression(left) && 
+             t.isIdentifier(left.property, { name: "ok" }))) {
+          const thenBlock = path.node.consequent;
+          const elseBlock = path.node.alternate;
+          
+          // Check if error response is consistent
+          if (thenBlock && !elseBlock) {
+            const line = path.node.loc.start.line;
+            findings.push({
+              type: "missing_error_response",
+              severity: "WARN",
+              category: "APIConsistency",
+              file: filePath,
+              line,
+              column: path.node.loc.start.column,
+              title: "Missing error response handling",
+              message: "Error condition checked but no error response returned",
+              codeSnippet: lines[line - 1]?.trim(),
+              confidence: "med",
+            });
+          }
+        }
+      }
+    },
+  });
+
+  // Check for inconsistent response formats
+  if (responseFormats.size > 1) {
+    findings.push({
+      type: "inconsistent_response_format",
+      severity: "WARN",
+      category: "APIConsistency",
+      file: filePath,
+      line: 1,
+      column: 0,
+      title: "Inconsistent API response formats",
+      message: `Multiple response formats used: ${Array.from(responseFormats).join(", ")}`,
+      confidence: "low",
+    });
+  }
+
+  // Check for missing error handling
+  if (!hasErrorHandler && isAPIRoute) {
+    findings.push({
+      type: "missing_error_handling",
+      severity: "WARN",
+      category: "APIConsistency",
+      file: filePath,
+      line: 1,
+      column: 0,
+      title: "API route missing error handling",
+      message: "API route should have try-catch or promise error handling",
+      confidence: "med",
+    });
+  }
+
+  // Check for missing status codes
+  let hasStatusCode = false;
+  traverse(ast, {
+    CallExpression(path) {
+      const node = path.node;
+      if (t.isMemberExpression(node.callee) && 
+          t.isIdentifier(node.callee.property, { name: "status" })) {
+        hasStatusCode = true;
+      }
+    },
+  });
+
+  if (!hasStatusCode && responseFormats.size > 0) {
+    findings.push({
+      type: "missing_status_code",
+      severity: "WARN",
+      category: "APIConsistency",
+      file: filePath,
+      line: 1,
+      column: 0,
+      title: "API response missing explicit status code",
+      message: "API responses should explicitly set HTTP status codes",
+      confidence: "med",
+    });
+  }
+
+  return findings;
+}
+
+module.exports = {
+  analyzeAPIConsistency,
+};

package/bin/runners/lib/engines/ast-cache.js

@@ -0,0 +1,99 @@
+/**
+ * AST Cache - Shared AST parsing cache for all engines
+ * Dramatically improves performance by parsing each file only once
+ */
+
+const parser = require("@babel/parser");
+const traverse = require("@babel/traverse").default;
+const t = require("@babel/types");
+
+// Global AST cache: filePath -> { ast, code, timestamp }
+const _AST_CACHE = new Map();
+const _CACHE_MAX_SIZE = 10000; // Prevent memory issues in huge monorepos
+
+/**
+ * Parse code with comprehensive plugin support
+ */
+function parseCode(code, filePath = "") {
+  try {
+    return parser.parse(code, {
+      sourceType: "unambiguous",
+      errorRecovery: true,
+      allowReturnOutsideFunction: true,
+      plugins: [
+        "typescript",
+        "jsx",
+        "dynamicImport",
+        "topLevelAwait",
+        "classProperties",
+        "classPrivateProperties",
+        "decorators-legacy",
+        "exportDefaultFrom",
+        "exportNamespaceFrom",
+        "functionBind",
+        "nullishCoalescingOperator",
+        "optionalChaining",
+        "objectRestSpread",
+      ],
+    });
+  } catch (err) {
+    return null;
+  }
+}
+
+/**
+ * Get AST from cache or parse and cache it
+ */
+function getAST(code, filePath) {
+  // Check cache first
+  if (_AST_CACHE.has(filePath)) {
+    const cached = _AST_CACHE.get(filePath);
+    // Verify code hasn't changed (simple hash check)
+    if (cached.code === code) {
+      return cached.ast;
+    }
+  }
+
+  // Parse and cache
+  const ast = parseCode(code, filePath);
+  if (ast) {
+    // Evict oldest entries if cache is too large
+    if (_AST_CACHE.size >= _CACHE_MAX_SIZE) {
+      const firstKey = _AST_CACHE.keys().next().value;
+      _AST_CACHE.delete(firstKey);
+    }
+    
+    _AST_CACHE.set(filePath, {
+      ast,
+      code,
+      timestamp: Date.now(),
+    });
+  }
+
+  return ast;
+}
+
+/**
+ * Clear AST cache (call after scan completes)
+ */
+function clearASTCache() {
+  _AST_CACHE.clear();
+}
+
+/**
+ * Get cache stats
+ */
+function getCacheStats() {
+  return {
+    size: _AST_CACHE.size,
+    maxSize: _CACHE_MAX_SIZE,
+    hitRate: 0, // Could track this if needed
+  };
+}
+
+module.exports = {
+  getAST,
+  parseCode,
+  clearASTCache,
+  getCacheStats,
+};