@vibecheckai/cli 3.2.4 → 3.2.6

package/bin/runners/lib/usage.js

@@ -1,153 +1,153 @@
-/**
- * Usage Logger - Track metered units per command
- * 
- * Records usage for monetization and billing.
- * All paid commands must log their usage.
- */
-
-"use strict";
-
-const fs = require("fs");
-const path = require("path");
-const os = require("os");
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// USAGE LOGGING
-// ═══════════════════════════════════════════════════════════════════════════════
-
-function getUsageLogPath() {
-  const home = os.homedir();
-  const vibecheckDir = path.join(home, ".vibecheck");
-  const usageDir = path.join(vibecheckDir, "usage");
-  
-  // Ensure directories exist
-  if (!fs.existsSync(vibecheckDir)) fs.mkdirSync(vibecheckDir, { recursive: true });
-  if (!fs.existsSync(usageDir)) fs.mkdirSync(usageDir, { recursive: true });
-  
-  return path.join(usageDir, "usage.jsonl");
-}
-
-/**
- * Log usage for a command run
- * @param {Object} usage - Usage data
- * @param {string} usage.runId - Unique run identifier
- * @param {string} usage.command - Command name
- * @param {string} usage.tier - User tier (free/pro/complete)
- * @param {Object} usage.units - Units consumed
- * @param {number} usage.units.pages - Pages crawled (reality)
- * @param {number} usage.units.clicks - UI interactions (reality)
- * @param {number} usage.units.endpoints - API endpoints tested (permissions)
- * @param {number} usage.units.roles - Roles tested (permissions)
- * @param {number} usage.units.files - Files modified (fix)
- * @param {number} usage.units.hunks - Hunks applied (fix)
- * @param {number} usage.units.exports - Reports generated
- * @param {string} usage.timestamp - ISO timestamp
- * @param {string} usage.projectPath - Project directory
- */
-function logUsage(usage) {
-  const logPath = getUsageLogPath();
-  const entry = {
-    ...usage,
-    timestamp: usage.timestamp || new Date().toISOString(),
-    hostname: os.hostname(),
-    platform: process.platform,
-    nodeVersion: process.version,
-  };
-  
-  // Append to log file (JSONL format - one JSON per line)
-  const line = JSON.stringify(entry) + "\n";
-  fs.appendFileSync(logPath, line);
-  
-  // Also store in run-specific directory for receipts
-  if (usage.runId) {
-    const runDir = path.join(process.cwd(), ".vibecheck", "runs", usage.runId);
-    if (fs.existsSync(runDir)) {
-      fs.writeFileSync(path.join(runDir, "usage.json"), JSON.stringify(entry, null, 2));
-    }
-  }
-  
-  return entry;
-}
-
-/**
- * Get usage statistics for a time period
- * @param {Object} options - Query options
- * @param {string} options.since - ISO date to start from
- * @param {string} options.until - ISO date to end at
- * @param {string} options.command - Filter by command
- * @param {string} options.tier - Filter by tier
- * @returns {Array} Array of usage entries
- */
-function getUsage(options = {}) {
-  const logPath = getUsageLogPath();
-  
-  if (!fs.existsSync(logPath)) return [];
-  
-  const lines = fs.readFileSync(logPath, "utf8").split("\n").filter(Boolean);
-  const entries = lines.map(line => {
-    try { return JSON.parse(line); } catch { return null; }
-  }).filter(Boolean);
-  
-  // Apply filters
-  let filtered = entries;
-  
-  if (options.since) {
-    filtered = filtered.filter(e => e.timestamp >= options.since);
-  }
-  
-  if (options.until) {
-    filtered = filtered.filter(e => e.timestamp <= options.until);
-  }
-  
-  if (options.command) {
-    filtered = filtered.filter(e => e.command === options.command);
-  }
-  
-  if (options.tier) {
-    filtered = filtered.filter(e => e.tier === options.tier);
-  }
-  
-  return filtered;
-}
-
-/**
- * Get aggregate usage by unit type
- * @param {Object} options - Query options (same as getUsage)
- * @returns {Object} Aggregated totals
- */
-function getUsageTotals(options = {}) {
-  const entries = getUsage(options);
-  const totals = {
-    runs: entries.length,
-    pages: 0,
-    clicks: 0,
-    endpoints: 0,
-    roles: 0,
-    files: 0,
-    hunks: 0,
-    exports: 0,
-  };
-  
-  for (const entry of entries) {
-    if (entry.units) {
-      totals.pages += entry.units.pages || 0;
-      totals.clicks += entry.units.clicks || 0;
-      totals.endpoints += entry.units.endpoints || 0;
-      totals.roles += entry.units.roles || 0;
-      totals.files += entry.units.files || 0;
-      totals.hunks += entry.units.hunks || 0;
-      totals.exports += entry.units.exports || 0;
-    }
-  }
-  
-  return totals;
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// EXPORTS
-// ═══════════════════════════════════════════════════════════════════════════════
-module.exports = {
-  logUsage,
-  getUsage,
-  getUsageTotals,
-};
+/**
+ * Usage Logger - Track metered units per command
+ * 
+ * Records usage for monetization and billing.
+ * All paid commands must log their usage.
+ */
+
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const os = require("os");
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// USAGE LOGGING
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function getUsageLogPath() {
+  const home = os.homedir();
+  const vibecheckDir = path.join(home, ".vibecheck");
+  const usageDir = path.join(vibecheckDir, "usage");
+  
+  // Ensure directories exist
+  if (!fs.existsSync(vibecheckDir)) fs.mkdirSync(vibecheckDir, { recursive: true });
+  if (!fs.existsSync(usageDir)) fs.mkdirSync(usageDir, { recursive: true });
+  
+  return path.join(usageDir, "usage.jsonl");
+}
+
+/**
+ * Log usage for a command run
+ * @param {Object} usage - Usage data
+ * @param {string} usage.runId - Unique run identifier
+ * @param {string} usage.command - Command name
+ * @param {string} usage.tier - User tier (free/pro/complete)
+ * @param {Object} usage.units - Units consumed
+ * @param {number} usage.units.pages - Pages crawled (reality)
+ * @param {number} usage.units.clicks - UI interactions (reality)
+ * @param {number} usage.units.endpoints - API endpoints tested (permissions)
+ * @param {number} usage.units.roles - Roles tested (permissions)
+ * @param {number} usage.units.files - Files modified (fix)
+ * @param {number} usage.units.hunks - Hunks applied (fix)
+ * @param {number} usage.units.exports - Reports generated
+ * @param {string} usage.timestamp - ISO timestamp
+ * @param {string} usage.projectPath - Project directory
+ */
+function logUsage(usage) {
+  const logPath = getUsageLogPath();
+  const entry = {
+    ...usage,
+    timestamp: usage.timestamp || new Date().toISOString(),
+    hostname: os.hostname(),
+    platform: process.platform,
+    nodeVersion: process.version,
+  };
+  
+  // Append to log file (JSONL format - one JSON per line)
+  const line = JSON.stringify(entry) + "\n";
+  fs.appendFileSync(logPath, line);
+  
+  // Also store in run-specific directory for receipts
+  if (usage.runId) {
+    const runDir = path.join(process.cwd(), ".vibecheck", "runs", usage.runId);
+    if (fs.existsSync(runDir)) {
+      fs.writeFileSync(path.join(runDir, "usage.json"), JSON.stringify(entry, null, 2));
+    }
+  }
+  
+  return entry;
+}
+
+/**
+ * Get usage statistics for a time period
+ * @param {Object} options - Query options
+ * @param {string} options.since - ISO date to start from
+ * @param {string} options.until - ISO date to end at
+ * @param {string} options.command - Filter by command
+ * @param {string} options.tier - Filter by tier
+ * @returns {Array} Array of usage entries
+ */
+function getUsage(options = {}) {
+  const logPath = getUsageLogPath();
+  
+  if (!fs.existsSync(logPath)) return [];
+  
+  const lines = fs.readFileSync(logPath, "utf8").split("\n").filter(Boolean);
+  const entries = lines.map(line => {
+    try { return JSON.parse(line); } catch { return null; }
+  }).filter(Boolean);
+  
+  // Apply filters
+  let filtered = entries;
+  
+  if (options.since) {
+    filtered = filtered.filter(e => e.timestamp >= options.since);
+  }
+  
+  if (options.until) {
+    filtered = filtered.filter(e => e.timestamp <= options.until);
+  }
+  
+  if (options.command) {
+    filtered = filtered.filter(e => e.command === options.command);
+  }
+  
+  if (options.tier) {
+    filtered = filtered.filter(e => e.tier === options.tier);
+  }
+  
+  return filtered;
+}
+
+/**
+ * Get aggregate usage by unit type
+ * @param {Object} options - Query options (same as getUsage)
+ * @returns {Object} Aggregated totals
+ */
+function getUsageTotals(options = {}) {
+  const entries = getUsage(options);
+  const totals = {
+    runs: entries.length,
+    pages: 0,
+    clicks: 0,
+    endpoints: 0,
+    roles: 0,
+    files: 0,
+    hunks: 0,
+    exports: 0,
+  };
+  
+  for (const entry of entries) {
+    if (entry.units) {
+      totals.pages += entry.units.pages || 0;
+      totals.clicks += entry.units.clicks || 0;
+      totals.endpoints += entry.units.endpoints || 0;
+      totals.roles += entry.units.roles || 0;
+      totals.files += entry.units.files || 0;
+      totals.hunks += entry.units.hunks || 0;
+      totals.exports += entry.units.exports || 0;
+    }
+  }
+  
+  return totals;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// EXPORTS
+// ═══════════════════════════════════════════════════════════════════════════════
+module.exports = {
+  logUsage,
+  getUsage,
+  getUsageTotals,
+};

package/bin/runners/lib/validate-patch.js

@@ -1,156 +1,156 @@
-// bin/runners/lib/validate-patch.js
-const fs = require("fs");
-const path = require("path");
-
-function isRelSafe(p) {
-  if (!p || typeof p !== "string") return false;
-  if (p.includes("\0")) return false;
-  if (path.isAbsolute(p)) return false;
-  const norm = path.normalize(p).replace(/\\/g, "/");
-  if (norm.startsWith("../") || norm.startsWith("..\\")) return false;
-  return true;
-}
-
-function parseDiffTouchedFiles(diff) {
-  const files = new Set();
-  const lines = String(diff || "").split(/\r?\n/);
-  for (const line of lines) {
-    if (line.startsWith("+++ ")) {
-      const p = line.slice(4).trim();
-      if (p === "/dev/null") continue;
-      const cleaned = p.startsWith("b/") ? p.slice(2) : p;
-      files.add(cleaned);
-    }
-  }
-  return Array.from(files);
-}
-
-function countChangedLines(diff) {
-  const lines = String(diff || "").split(/\r?\n/);
-  let adds = 0, dels = 0;
-  for (const l of lines) {
-    if (l.startsWith("+++ ") || l.startsWith("--- ") || l.startsWith("@@")) continue;
-    if (l.startsWith("+")) adds++;
-    if (l.startsWith("-")) dels++;
-  }
-  return { adds, dels, total: adds + dels };
-}
-
-function extractAddedApiStrings(diff) {
-  const out = [];
-  const lines = String(diff || "").split(/\r?\n/);
-  for (const l of lines) {
-    if (!l.startsWith("+") || l.startsWith("+++")) continue;
-    const m = l.match(/["'`](\/api\/[^"'` ]+)["'`]/g);
-    if (m) out.push(...m.map(x => x.replace(/^[+"'`]+|[+"'`]+$/g, "")));
-  }
-  return Array.from(new Set(out));
-}
-
-function extractAddedEnvNames(diff) {
-  const out = new Set();
-  const lines = String(diff || "").split(/\r?\n/);
-  for (const l of lines) {
-    if (!l.startsWith("+") || l.startsWith("+++")) continue;
-
-    const re1 = /process\.env\.([A-Z0-9_]+)/g;
-    let m;
-    while ((m = re1.exec(l)) !== null) out.add(m[1]);
-
-    const re2 = /import\.meta\.env\.([A-Z0-9_]+)/g;
-    while ((m = re2.exec(l)) !== null) out.add(m[1]);
-  }
-  return Array.from(out);
-}
-
-function validatePatchResponse({
-  repoRoot,
-  patchJson,
-  mission,
-  truthpack,
-  allowedFiles,
-  limits
-}) {
-  const errors = [];
-  const warnings = [];
-
-  const lim = {
-    maxEdits: limits?.maxEdits ?? 6,
-    maxFiles: limits?.maxFiles ?? 6,
-    maxChangedLines: limits?.maxChangedLines ?? 400
-  };
-
-  if (!patchJson || typeof patchJson !== "object") errors.push("Patch JSON missing or not an object.");
-  if (patchJson.status !== "ok") errors.push(`Patch status must be "ok" (got ${patchJson?.status}).`);
-  if (!Array.isArray(patchJson.edits)) errors.push("Patch edits must be an array.");
-  if ((patchJson.edits || []).length > lim.maxEdits) errors.push(`Too many edits (>${lim.maxEdits}).`);
-
-  if (errors.length) return { ok: false, errors, warnings };
-
-  const allowed = new Set((allowedFiles || []).filter(Boolean));
-  const touchedAll = new Set();
-
-  for (const ed of patchJson.edits) {
-    if (!ed || typeof ed !== "object") { errors.push("Edit entry not an object."); continue; }
-    if (!isRelSafe(ed.path)) errors.push(`Unsafe edit path: ${ed.path}`);
-    if (typeof ed.diff !== "string" || !ed.diff.includes("\n+++ ")) errors.push(`Diff missing or not unified for: ${ed.path}`);
-
-    const touched = parseDiffTouchedFiles(ed.diff);
-    for (const f of touched) touchedAll.add(f);
-
-    if (touched.length === 0) errors.push(`No touched file detected in diff for ${ed.path}`);
-  }
-
-  const touchedList = Array.from(touchedAll);
-  if (touchedList.length > lim.maxFiles) errors.push(`Too many touched files (>${lim.maxFiles}).`);
-
-  for (const f of touchedList) {
-    if (!isRelSafe(f)) errors.push(`Unsafe touched file: ${f}`);
-    if (allowed.size && !allowed.has(f)) {
-      errors.push(`Touched file not allowed by mission evidence: ${f}`);
-    }
-    if (f.includes("node_modules/") || f.includes(".next/") || f.includes("dist/") || f.includes("build/")) {
-      errors.push(`Touched forbidden build/vendor file: ${f}`);
-    }
-  }
-
-  let totalChanged = 0;
-  for (const ed of patchJson.edits) totalChanged += countChangedLines(ed.diff).total;
-  if (totalChanged > lim.maxChangedLines) errors.push(`Patch too large (>${lim.maxChangedLines} changed lines).`);
-
-  const type = mission?.type || "GENERIC_FIX";
-  const combinedDiff = patchJson.edits.map(e => e.diff).join("\n");
-
-  const addedApis = extractAddedApiStrings(combinedDiff);
-  if (addedApis.length && type !== "FIX_MISSING_ROUTE") {
-    errors.push(`No-drift: patch adds /api strings (${addedApis.join(", ")}) but mission is ${type}.`);
-  }
-
-  const addedEnv = extractAddedEnvNames(combinedDiff);
-  if (addedEnv.length && type !== "FIX_ENV_CONTRACT") {
-    warnings.push(`Patch introduces new env var usage (${addedEnv.join(", ")}). If that wasn't intended, reject this patch.`);
-  }
-
-  const touchesEntitlements = /enforceFeature|enforceLimit|getEntitlements|subscription|tier|plan|credits/i.test(combinedDiff);
-  if (touchesEntitlements && !["ENFORCE_PAID_SURFACE","FIX_STRIPE_WEBHOOKS","REMOVE_OWNER_MODE"].includes(type)) {
-    errors.push(`No-drift: patch touches entitlements/billing logic but mission is ${type}.`);
-  }
-
-  const touchesMiddleware = /middleware\.(ts|js)|matcher\s*:|NextResponse\.(redirect|rewrite)/i.test(combinedDiff);
-  if (touchesMiddleware && type !== "ADD_SERVER_AUTH") {
-    warnings.push("Patch touches Next middleware/matcher outside ADD_SERVER_AUTH mission. Verify intent.");
-  }
-
-  for (const f of touchedList) {
-    const abs = path.join(repoRoot, f);
-    if (!fs.existsSync(abs)) {
-      if (type === "FIX_MISSING_ROUTE" && (f.includes("app/api/") || f.includes("pages/api/"))) continue;
-      warnings.push(`Touched file does not exist (would be created): ${f}`);
-    }
-  }
-
-  if (errors.length) return { ok: false, errors, warnings };
-  return { ok: true, errors: [], warnings };
-}
-
-module.exports = { validatePatchResponse, parseDiffTouchedFiles };
+// bin/runners/lib/validate-patch.js
+const fs = require("fs");
+const path = require("path");
+
+function isRelSafe(p) {
+  if (!p || typeof p !== "string") return false;
+  if (p.includes("\0")) return false;
+  if (path.isAbsolute(p)) return false;
+  const norm = path.normalize(p).replace(/\\/g, "/");
+  if (norm.startsWith("../") || norm.startsWith("..\\")) return false;
+  return true;
+}
+
+function parseDiffTouchedFiles(diff) {
+  const files = new Set();
+  const lines = String(diff || "").split(/\r?\n/);
+  for (const line of lines) {
+    if (line.startsWith("+++ ")) {
+      const p = line.slice(4).trim();
+      if (p === "/dev/null") continue;
+      const cleaned = p.startsWith("b/") ? p.slice(2) : p;
+      files.add(cleaned);
+    }
+  }
+  return Array.from(files);
+}
+
+function countChangedLines(diff) {
+  const lines = String(diff || "").split(/\r?\n/);
+  let adds = 0, dels = 0;
+  for (const l of lines) {
+    if (l.startsWith("+++ ") || l.startsWith("--- ") || l.startsWith("@@")) continue;
+    if (l.startsWith("+")) adds++;
+    if (l.startsWith("-")) dels++;
+  }
+  return { adds, dels, total: adds + dels };
+}
+
+function extractAddedApiStrings(diff) {
+  const out = [];
+  const lines = String(diff || "").split(/\r?\n/);
+  for (const l of lines) {
+    if (!l.startsWith("+") || l.startsWith("+++")) continue;
+    const m = l.match(/["'`](\/api\/[^"'` ]+)["'`]/g);
+    if (m) out.push(...m.map(x => x.replace(/^[+"'`]+|[+"'`]+$/g, "")));
+  }
+  return Array.from(new Set(out));
+}
+
+function extractAddedEnvNames(diff) {
+  const out = new Set();
+  const lines = String(diff || "").split(/\r?\n/);
+  for (const l of lines) {
+    if (!l.startsWith("+") || l.startsWith("+++")) continue;
+
+    const re1 = /process\.env\.([A-Z0-9_]+)/g;
+    let m;
+    while ((m = re1.exec(l)) !== null) out.add(m[1]);
+
+    const re2 = /import\.meta\.env\.([A-Z0-9_]+)/g;
+    while ((m = re2.exec(l)) !== null) out.add(m[1]);
+  }
+  return Array.from(out);
+}
+
+function validatePatchResponse({
+  repoRoot,
+  patchJson,
+  mission,
+  truthpack,
+  allowedFiles,
+  limits
+}) {
+  const errors = [];
+  const warnings = [];
+
+  const lim = {
+    maxEdits: limits?.maxEdits ?? 6,
+    maxFiles: limits?.maxFiles ?? 6,
+    maxChangedLines: limits?.maxChangedLines ?? 400
+  };
+
+  if (!patchJson || typeof patchJson !== "object") errors.push("Patch JSON missing or not an object.");
+  if (patchJson.status !== "ok") errors.push(`Patch status must be "ok" (got ${patchJson?.status}).`);
+  if (!Array.isArray(patchJson.edits)) errors.push("Patch edits must be an array.");
+  if ((patchJson.edits || []).length > lim.maxEdits) errors.push(`Too many edits (>${lim.maxEdits}).`);
+
+  if (errors.length) return { ok: false, errors, warnings };
+
+  const allowed = new Set((allowedFiles || []).filter(Boolean));
+  const touchedAll = new Set();
+
+  for (const ed of patchJson.edits) {
+    if (!ed || typeof ed !== "object") { errors.push("Edit entry not an object."); continue; }
+    if (!isRelSafe(ed.path)) errors.push(`Unsafe edit path: ${ed.path}`);
+    if (typeof ed.diff !== "string" || !ed.diff.includes("\n+++ ")) errors.push(`Diff missing or not unified for: ${ed.path}`);
+
+    const touched = parseDiffTouchedFiles(ed.diff);
+    for (const f of touched) touchedAll.add(f);
+
+    if (touched.length === 0) errors.push(`No touched file detected in diff for ${ed.path}`);
+  }
+
+  const touchedList = Array.from(touchedAll);
+  if (touchedList.length > lim.maxFiles) errors.push(`Too many touched files (>${lim.maxFiles}).`);
+
+  for (const f of touchedList) {
+    if (!isRelSafe(f)) errors.push(`Unsafe touched file: ${f}`);
+    if (allowed.size && !allowed.has(f)) {
+      errors.push(`Touched file not allowed by mission evidence: ${f}`);
+    }
+    if (f.includes("node_modules/") || f.includes(".next/") || f.includes("dist/") || f.includes("build/")) {
+      errors.push(`Touched forbidden build/vendor file: ${f}`);
+    }
+  }
+
+  let totalChanged = 0;
+  for (const ed of patchJson.edits) totalChanged += countChangedLines(ed.diff).total;
+  if (totalChanged > lim.maxChangedLines) errors.push(`Patch too large (>${lim.maxChangedLines} changed lines).`);
+
+  const type = mission?.type || "GENERIC_FIX";
+  const combinedDiff = patchJson.edits.map(e => e.diff).join("\n");
+
+  const addedApis = extractAddedApiStrings(combinedDiff);
+  if (addedApis.length && type !== "FIX_MISSING_ROUTE") {
+    errors.push(`No-drift: patch adds /api strings (${addedApis.join(", ")}) but mission is ${type}.`);
+  }
+
+  const addedEnv = extractAddedEnvNames(combinedDiff);
+  if (addedEnv.length && type !== "FIX_ENV_CONTRACT") {
+    warnings.push(`Patch introduces new env var usage (${addedEnv.join(", ")}). If that wasn't intended, reject this patch.`);
+  }
+
+  const touchesEntitlements = /enforceFeature|enforceLimit|getEntitlements|subscription|tier|plan|credits/i.test(combinedDiff);
+  if (touchesEntitlements && !["ENFORCE_PAID_SURFACE","FIX_STRIPE_WEBHOOKS","REMOVE_OWNER_MODE"].includes(type)) {
+    errors.push(`No-drift: patch touches entitlements/billing logic but mission is ${type}.`);
+  }
+
+  const touchesMiddleware = /middleware\.(ts|js)|matcher\s*:|NextResponse\.(redirect|rewrite)/i.test(combinedDiff);
+  if (touchesMiddleware && type !== "ADD_SERVER_AUTH") {
+    warnings.push("Patch touches Next middleware/matcher outside ADD_SERVER_AUTH mission. Verify intent.");
+  }
+
+  for (const f of touchedList) {
+    const abs = path.join(repoRoot, f);
+    if (!fs.existsSync(abs)) {
+      if (type === "FIX_MISSING_ROUTE" && (f.includes("app/api/") || f.includes("pages/api/"))) continue;
+      warnings.push(`Touched file does not exist (would be created): ${f}`);
+    }
+  }
+
+  if (errors.length) return { ok: false, errors, warnings };
+  return { ok: true, errors: [], warnings };
+}
+
+module.exports = { validatePatchResponse, parseDiffTouchedFiles };