@vibecheckai/cli 3.2.2 → 3.2.4

package/bin/runners/lib/sandbox/proof-chain.js

@@ -1,399 +1,399 @@
-/**
- * Proof Chain
- * Runs verification stages in sandbox before accepting patches
- */
-
-"use strict";
-
-const { execSync } = require("child_process");
-const fs = require("fs");
-const path = require("path");
-
-/**
- * Proof chain stages
- */
-const PROOF_LEVELS = {
-  fast: ["static"],
-  balanced: ["static", "build"],
-  paranoid: ["static", "build", "reality"]
-};
-
-/**
- * Run proof chain in sandbox
- */
-async function runProofChain(sandboxPath, options = {}) {
-  const level = options.level || "balanced";
-  const stages = PROOF_LEVELS[level] || PROOF_LEVELS.balanced;
-  
-  const results = {
-    level,
-    stages: [],
-    passed: true,
-    duration: 0
-  };
-
-  const startTime = Date.now();
-
-  for (const stage of stages) {
-    const stageResult = await runStage(sandboxPath, stage, options);
-    results.stages.push(stageResult);
-
-    if (!stageResult.passed) {
-      results.passed = false;
-      results.failedAt = stage;
-      break;
-    }
-  }
-
-  results.duration = Date.now() - startTime;
-  return results;
-}
-
-/**
- * Run individual proof stage
- */
-async function runStage(sandboxPath, stage, options) {
-  const startTime = Date.now();
-  
-  switch (stage) {
-    case "static":
-      return runStaticProof(sandboxPath, options);
-    case "build":
-      return runBuildProof(sandboxPath, options);
-    case "reality":
-      return runRealityProof(sandboxPath, options);
-    default:
-      return { stage, passed: true, skipped: true, duration: 0 };
-  }
-}
-
-/**
- * Static proof: ship + contracts guard
- */
-async function runStaticProof(sandboxPath, options) {
-  const result = {
-    stage: "static",
-    passed: true,
-    checks: [],
-    duration: 0
-  };
-
-  const startTime = Date.now();
-
-  // Run vibecheck ship in sandbox
-  try {
-    const vibecheckBin = path.join(__dirname, "..", "..", "..", "vibecheck.js");
-    const output = execSync(`node "${vibecheckBin}" ship --json`, {
-      cwd: sandboxPath,
-      encoding: "utf8",
-      timeout: 30000,
-      stdio: "pipe",
-      env: { ...process.env, VIBECHECK_SKIP_AUTH: "1" }
-    });
-
-    // Parse verdict from output
-    const verdictMatch = output.match(/Verdict:\s*(SHIP|WARN|BLOCK)/i);
-    const verdict = verdictMatch ? verdictMatch[1].toUpperCase() : "UNKNOWN";
-
-    result.checks.push({
-      name: "ship",
-      passed: verdict !== "BLOCK",
-      verdict,
-      output: output.slice(-500)
-    });
-
-    if (verdict === "BLOCK") {
-      result.passed = false;
-      result.reason = "Ship verdict is BLOCK";
-    }
-  } catch (e) {
-    result.checks.push({
-      name: "ship",
-      passed: false,
-      error: e.message
-    });
-    result.passed = false;
-    result.reason = `Ship check failed: ${e.message}`;
-  }
-
-  // Run contracts guard if contracts exist
-  const contractsDir = path.join(sandboxPath, ".vibecheck", "contracts");
-  if (fs.existsSync(contractsDir)) {
-    try {
-      const vibecheckBin = path.join(__dirname, "..", "..", "..", "vibecheck.js");
-      const output = execSync(`node "${vibecheckBin}" ctx guard --json`, {
-        cwd: sandboxPath,
-        encoding: "utf8",
-        timeout: 30000,
-        stdio: "pipe",
-        env: { ...process.env, VIBECHECK_SKIP_AUTH: "1" }
-      });
-
-      result.checks.push({
-        name: "contracts",
-        passed: true,
-        output: output.slice(-500)
-      });
-    } catch (e) {
-      // Check if it's a BLOCK
-      if (e.status === 2) {
-        result.checks.push({
-          name: "contracts",
-          passed: false,
-          error: "Contract violations found"
-        });
-        result.passed = false;
-        result.reason = "Contract guard failed";
-      } else {
-        result.checks.push({
-          name: "contracts",
-          passed: true,
-          warning: e.message
-        });
-      }
-    }
-  }
-
-  result.duration = Date.now() - startTime;
-  return result;
-}
-
-/**
- * Build proof: typecheck + build + targeted tests
- */
-async function runBuildProof(sandboxPath, options) {
-  const result = {
-    stage: "build",
-    passed: true,
-    checks: [],
-    duration: 0
-  };
-
-  const startTime = Date.now();
-
-  // Detect package manager
-  const pm = detectPackageManager(sandboxPath);
-
-  // Check for TypeScript
-  const tsconfigPath = path.join(sandboxPath, "tsconfig.json");
-  if (fs.existsSync(tsconfigPath)) {
-    try {
-      execSync(`${pm} run typecheck 2>&1 || npx tsc --noEmit 2>&1`, {
-        cwd: sandboxPath,
-        encoding: "utf8",
-        timeout: 60000,
-        stdio: "pipe"
-      });
-
-      result.checks.push({
-        name: "typecheck",
-        passed: true
-      });
-    } catch (e) {
-      // TypeScript errors
-      result.checks.push({
-        name: "typecheck",
-        passed: false,
-        error: e.stdout?.slice(-500) || e.message
-      });
-      result.passed = false;
-      result.reason = "TypeScript errors";
-    }
-  }
-
-  // Try to run build
-  const pkgPath = path.join(sandboxPath, "package.json");
-  if (fs.existsSync(pkgPath)) {
-    try {
-      const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf8"));
-      
-      if (pkg.scripts?.build) {
-        execSync(`${pm} run build`, {
-          cwd: sandboxPath,
-          encoding: "utf8",
-          timeout: 120000,
-          stdio: "pipe"
-        });
-
-        result.checks.push({
-          name: "build",
-          passed: true
-        });
-      }
-    } catch (e) {
-      result.checks.push({
-        name: "build",
-        passed: false,
-        error: e.message?.slice(-500)
-      });
-      result.passed = false;
-      result.reason = "Build failed";
-    }
-  }
-
-  // Run targeted tests if changed files have test files
-  if (options.changedFiles?.length) {
-    const testFiles = findRelatedTests(sandboxPath, options.changedFiles);
-    
-    if (testFiles.length > 0) {
-      try {
-        const testCmd = `${pm} test -- ${testFiles.join(" ")}`;
-        execSync(testCmd, {
-          cwd: sandboxPath,
-          encoding: "utf8",
-          timeout: 120000,
-          stdio: "pipe"
-        });
-
-        result.checks.push({
-          name: "tests",
-          passed: true,
-          files: testFiles
-        });
-      } catch (e) {
-        result.checks.push({
-          name: "tests",
-          passed: false,
-          files: testFiles,
-          error: e.message?.slice(-500)
-        });
-        result.passed = false;
-        result.reason = "Tests failed";
-      }
-    }
-  }
-
-  result.duration = Date.now() - startTime;
-  return result;
-}
-
-/**
- * Reality proof: run reality checks on critical paths
- */
-async function runRealityProof(sandboxPath, options) {
-  const result = {
-    stage: "reality",
-    passed: true,
-    checks: [],
-    duration: 0
-  };
-
-  const startTime = Date.now();
-
-  if (!options.url) {
-    result.checks.push({
-      name: "reality",
-      passed: true,
-      skipped: true,
-      reason: "No URL provided"
-    });
-    result.duration = Date.now() - startTime;
-    return result;
-  }
-
-  // Run vibecheck reality
-  try {
-    const vibecheckBin = path.join(__dirname, "..", "..", "..", "vibecheck.js");
-    const cmd = `node "${vibecheckBin}" reality --url ${options.url} --max-pages 5 --max-depth 1`;
-    
-    execSync(cmd, {
-      cwd: sandboxPath,
-      encoding: "utf8",
-      timeout: 120000,
-      stdio: "pipe",
-      env: { ...process.env, VIBECHECK_SKIP_AUTH: "1" }
-    });
-
-    result.checks.push({
-      name: "reality",
-      passed: true
-    });
-  } catch (e) {
-    if (e.status === 2) {
-      result.checks.push({
-        name: "reality",
-        passed: false,
-        error: "Reality check found blocking issues"
-      });
-      result.passed = false;
-      result.reason = "Reality check failed";
-    } else {
-      result.checks.push({
-        name: "reality",
-        passed: true,
-        warning: e.message
-      });
-    }
-  }
-
-  result.duration = Date.now() - startTime;
-  return result;
-}
-
-/**
- * Detect package manager
- */
-function detectPackageManager(repoRoot) {
-  if (fs.existsSync(path.join(repoRoot, "pnpm-lock.yaml"))) return "pnpm";
-  if (fs.existsSync(path.join(repoRoot, "yarn.lock"))) return "yarn";
-  return "npm";
-}
-
-/**
- * Find test files related to changed files
- */
-function findRelatedTests(repoRoot, changedFiles) {
-  const testFiles = [];
-
-  for (const file of changedFiles) {
-    // Look for .test.ts, .spec.ts variants
-    const base = file.replace(/\.(ts|tsx|js|jsx)$/, "");
-    const testVariants = [
-      `${base}.test.ts`,
-      `${base}.test.tsx`,
-      `${base}.test.js`,
-      `${base}.spec.ts`,
-      `${base}.spec.tsx`,
-      `${base}.spec.js`
-    ];
-
-    for (const variant of testVariants) {
-      const testPath = path.join(repoRoot, variant);
-      if (fs.existsSync(testPath)) {
-        testFiles.push(variant);
-        break;
-      }
-    }
-
-    // Also check __tests__ directory
-    const dir = path.dirname(file);
-    const name = path.basename(file).replace(/\.(ts|tsx|js|jsx)$/, "");
-    const testsDir = path.join(repoRoot, dir, "__tests__");
-    
-    if (fs.existsSync(testsDir)) {
-      const testVariants = [
-        `${name}.test.ts`,
-        `${name}.test.tsx`,
-        `${name}.test.js`
-      ];
-
-      for (const variant of testVariants) {
-        const testPath = path.join(testsDir, variant);
-        if (fs.existsSync(testPath)) {
-          testFiles.push(path.join(dir, "__tests__", variant));
-          break;
-        }
-      }
-    }
-  }
-
-  return [...new Set(testFiles)];
-}
-
-module.exports = {
-  runProofChain,
-  runStaticProof,
-  runBuildProof,
-  runRealityProof,
-  PROOF_LEVELS
-};
+/**
+ * Proof Chain
+ * Runs verification stages in sandbox before accepting patches
+ */
+
+"use strict";
+
+const { execSync } = require("child_process");
+const fs = require("fs");
+const path = require("path");
+
+/**
+ * Proof chain stages
+ */
+const PROOF_LEVELS = {
+  fast: ["static"],
+  balanced: ["static", "build"],
+  paranoid: ["static", "build", "reality"]
+};
+
+/**
+ * Run proof chain in sandbox
+ */
+async function runProofChain(sandboxPath, options = {}) {
+  const level = options.level || "balanced";
+  const stages = PROOF_LEVELS[level] || PROOF_LEVELS.balanced;
+  
+  const results = {
+    level,
+    stages: [],
+    passed: true,
+    duration: 0
+  };
+
+  const startTime = Date.now();
+
+  for (const stage of stages) {
+    const stageResult = await runStage(sandboxPath, stage, options);
+    results.stages.push(stageResult);
+
+    if (!stageResult.passed) {
+      results.passed = false;
+      results.failedAt = stage;
+      break;
+    }
+  }
+
+  results.duration = Date.now() - startTime;
+  return results;
+}
+
+/**
+ * Run individual proof stage
+ */
+async function runStage(sandboxPath, stage, options) {
+  const startTime = Date.now();
+  
+  switch (stage) {
+    case "static":
+      return runStaticProof(sandboxPath, options);
+    case "build":
+      return runBuildProof(sandboxPath, options);
+    case "reality":
+      return runRealityProof(sandboxPath, options);
+    default:
+      return { stage, passed: true, skipped: true, duration: 0 };
+  }
+}
+
+/**
+ * Static proof: ship + contracts guard
+ */
+async function runStaticProof(sandboxPath, options) {
+  const result = {
+    stage: "static",
+    passed: true,
+    checks: [],
+    duration: 0
+  };
+
+  const startTime = Date.now();
+
+  // Run vibecheck ship in sandbox
+  try {
+    const vibecheckBin = path.join(__dirname, "..", "..", "..", "vibecheck.js");
+    const output = execSync(`node "${vibecheckBin}" ship --json`, {
+      cwd: sandboxPath,
+      encoding: "utf8",
+      timeout: 30000,
+      stdio: "pipe",
+      env: { ...process.env, VIBECHECK_SKIP_AUTH: "1" }
+    });
+
+    // Parse verdict from output
+    const verdictMatch = output.match(/Verdict:\s*(SHIP|WARN|BLOCK)/i);
+    const verdict = verdictMatch ? verdictMatch[1].toUpperCase() : "UNKNOWN";
+
+    result.checks.push({
+      name: "ship",
+      passed: verdict !== "BLOCK",
+      verdict,
+      output: output.slice(-500)
+    });
+
+    if (verdict === "BLOCK") {
+      result.passed = false;
+      result.reason = "Ship verdict is BLOCK";
+    }
+  } catch (e) {
+    result.checks.push({
+      name: "ship",
+      passed: false,
+      error: e.message
+    });
+    result.passed = false;
+    result.reason = `Ship check failed: ${e.message}`;
+  }
+
+  // Run contracts guard if contracts exist
+  const contractsDir = path.join(sandboxPath, ".vibecheck", "contracts");
+  if (fs.existsSync(contractsDir)) {
+    try {
+      const vibecheckBin = path.join(__dirname, "..", "..", "..", "vibecheck.js");
+      const output = execSync(`node "${vibecheckBin}" ctx guard --json`, {
+        cwd: sandboxPath,
+        encoding: "utf8",
+        timeout: 30000,
+        stdio: "pipe",
+        env: { ...process.env, VIBECHECK_SKIP_AUTH: "1" }
+      });
+
+      result.checks.push({
+        name: "contracts",
+        passed: true,
+        output: output.slice(-500)
+      });
+    } catch (e) {
+      // Check if it's a BLOCK
+      if (e.status === 2) {
+        result.checks.push({
+          name: "contracts",
+          passed: false,
+          error: "Contract violations found"
+        });
+        result.passed = false;
+        result.reason = "Contract guard failed";
+      } else {
+        result.checks.push({
+          name: "contracts",
+          passed: true,
+          warning: e.message
+        });
+      }
+    }
+  }
+
+  result.duration = Date.now() - startTime;
+  return result;
+}
+
+/**
+ * Build proof: typecheck + build + targeted tests
+ */
+async function runBuildProof(sandboxPath, options) {
+  const result = {
+    stage: "build",
+    passed: true,
+    checks: [],
+    duration: 0
+  };
+
+  const startTime = Date.now();
+
+  // Detect package manager
+  const pm = detectPackageManager(sandboxPath);
+
+  // Check for TypeScript
+  const tsconfigPath = path.join(sandboxPath, "tsconfig.json");
+  if (fs.existsSync(tsconfigPath)) {
+    try {
+      execSync(`${pm} run typecheck 2>&1 || npx tsc --noEmit 2>&1`, {
+        cwd: sandboxPath,
+        encoding: "utf8",
+        timeout: 60000,
+        stdio: "pipe"
+      });
+
+      result.checks.push({
+        name: "typecheck",
+        passed: true
+      });
+    } catch (e) {
+      // TypeScript errors
+      result.checks.push({
+        name: "typecheck",
+        passed: false,
+        error: e.stdout?.slice(-500) || e.message
+      });
+      result.passed = false;
+      result.reason = "TypeScript errors";
+    }
+  }
+
+  // Try to run build
+  const pkgPath = path.join(sandboxPath, "package.json");
+  if (fs.existsSync(pkgPath)) {
+    try {
+      const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf8"));
+      
+      if (pkg.scripts?.build) {
+        execSync(`${pm} run build`, {
+          cwd: sandboxPath,
+          encoding: "utf8",
+          timeout: 120000,
+          stdio: "pipe"
+        });
+
+        result.checks.push({
+          name: "build",
+          passed: true
+        });
+      }
+    } catch (e) {
+      result.checks.push({
+        name: "build",
+        passed: false,
+        error: e.message?.slice(-500)
+      });
+      result.passed = false;
+      result.reason = "Build failed";
+    }
+  }
+
+  // Run targeted tests if changed files have test files
+  if (options.changedFiles?.length) {
+    const testFiles = findRelatedTests(sandboxPath, options.changedFiles);
+    
+    if (testFiles.length > 0) {
+      try {
+        const testCmd = `${pm} test -- ${testFiles.join(" ")}`;
+        execSync(testCmd, {
+          cwd: sandboxPath,
+          encoding: "utf8",
+          timeout: 120000,
+          stdio: "pipe"
+        });
+
+        result.checks.push({
+          name: "tests",
+          passed: true,
+          files: testFiles
+        });
+      } catch (e) {
+        result.checks.push({
+          name: "tests",
+          passed: false,
+          files: testFiles,
+          error: e.message?.slice(-500)
+        });
+        result.passed = false;
+        result.reason = "Tests failed";
+      }
+    }
+  }
+
+  result.duration = Date.now() - startTime;
+  return result;
+}
+
+/**
+ * Reality proof: run reality checks on critical paths
+ */
+async function runRealityProof(sandboxPath, options) {
+  const result = {
+    stage: "reality",
+    passed: true,
+    checks: [],
+    duration: 0
+  };
+
+  const startTime = Date.now();
+
+  if (!options.url) {
+    result.checks.push({
+      name: "reality",
+      passed: true,
+      skipped: true,
+      reason: "No URL provided"
+    });
+    result.duration = Date.now() - startTime;
+    return result;
+  }
+
+  // Run vibecheck reality
+  try {
+    const vibecheckBin = path.join(__dirname, "..", "..", "..", "vibecheck.js");
+    const cmd = `node "${vibecheckBin}" reality --url ${options.url} --max-pages 5 --max-depth 1`;
+    
+    execSync(cmd, {
+      cwd: sandboxPath,
+      encoding: "utf8",
+      timeout: 120000,
+      stdio: "pipe",
+      env: { ...process.env, VIBECHECK_SKIP_AUTH: "1" }
+    });
+
+    result.checks.push({
+      name: "reality",
+      passed: true
+    });
+  } catch (e) {
+    if (e.status === 2) {
+      result.checks.push({
+        name: "reality",
+        passed: false,
+        error: "Reality check found blocking issues"
+      });
+      result.passed = false;
+      result.reason = "Reality check failed";
+    } else {
+      result.checks.push({
+        name: "reality",
+        passed: true,
+        warning: e.message
+      });
+    }
+  }
+
+  result.duration = Date.now() - startTime;
+  return result;
+}
+
+/**
+ * Detect package manager
+ */
+function detectPackageManager(repoRoot) {
+  if (fs.existsSync(path.join(repoRoot, "pnpm-lock.yaml"))) return "pnpm";
+  if (fs.existsSync(path.join(repoRoot, "yarn.lock"))) return "yarn";
+  return "npm";
+}
+
+/**
+ * Find test files related to changed files
+ */
+function findRelatedTests(repoRoot, changedFiles) {
+  const testFiles = [];
+
+  for (const file of changedFiles) {
+    // Look for .test.ts, .spec.ts variants
+    const base = file.replace(/\.(ts|tsx|js|jsx)$/, "");
+    const testVariants = [
+      `${base}.test.ts`,
+      `${base}.test.tsx`,
+      `${base}.test.js`,
+      `${base}.spec.ts`,
+      `${base}.spec.tsx`,
+      `${base}.spec.js`
+    ];
+
+    for (const variant of testVariants) {
+      const testPath = path.join(repoRoot, variant);
+      if (fs.existsSync(testPath)) {
+        testFiles.push(variant);
+        break;
+      }
+    }
+
+    // Also check __tests__ directory
+    const dir = path.dirname(file);
+    const name = path.basename(file).replace(/\.(ts|tsx|js|jsx)$/, "");
+    const testsDir = path.join(repoRoot, dir, "__tests__");
+    
+    if (fs.existsSync(testsDir)) {
+      const testVariants = [
+        `${name}.test.ts`,
+        `${name}.test.tsx`,
+        `${name}.test.js`
+      ];
+
+      for (const variant of testVariants) {
+        const testPath = path.join(testsDir, variant);
+        if (fs.existsSync(testPath)) {
+          testFiles.push(path.join(dir, "__tests__", variant));
+          break;
+        }
+      }
+    }
+  }
+
+  return [...new Set(testFiles)];
+}
+
+module.exports = {
+  runProofChain,
+  runStaticProof,
+  runBuildProof,
+  runRealityProof,
+  PROOF_LEVELS
+};