@vibecheckai/cli 3.2.5 → 3.3.0

package/bin/runners/lib/agent-firewall/lawbook/schema.js

@@ -0,0 +1,420 @@
+/**
+ * Lawbook Invariant Schema
+ * 
+ * Defines the YAML DSL for organizational invariant rules.
+ * Invariants are rules that must ALWAYS hold true in the codebase.
+ * 
+ * Codename: Lawbook
+ */
+
+"use strict";
+
+/**
+ * Invariant rule types
+ */
+const INVARIANT_TYPES = {
+  // File/path based rules
+  NO_MODIFY: "no-modify",           // Files/paths that cannot be modified
+  NO_DELETE: "no-delete",           // Files/paths that cannot be deleted
+  NO_CREATE: "no-create",           // Patterns that cannot be created
+  REQUIRE_APPROVAL: "require-approval", // Changes require approval
+  
+  // Code pattern rules
+  NEVER: "never",                   // Pattern must never appear
+  ALWAYS: "always",                 // Pattern must always be present
+  BEFORE: "before",                 // Pattern A must come before pattern B
+  AFTER: "after",                   // Pattern A must come after pattern B
+  MAINTAINS: "maintains",           // Property must be maintained
+  
+  // Architectural rules
+  ALL_THROUGH: "all-through",       // All X must go through Y
+  NO_DIRECT: "no-direct",           // No direct access to X (use Y instead)
+  LAYER_BOUNDARY: "layer-boundary", // Enforce architectural layers
+  
+  // Environment rules
+  ENV_MUST_BE_REGISTERED: "env-must-be-registered", // All env vars must be in registry
+  ENV_REQUIRED: "env-required",     // Specific env vars required
+  
+  // Dependency rules
+  DEPENDENCY_LOCKED: "dependency-locked", // Dependency version locked
+  NO_DEPENDENCY: "no-dependency",   // Certain dependencies forbidden
+};
+
+/**
+ * Invariant severity levels
+ */
+const INVARIANT_SEVERITY = {
+  BLOCK: "block",       // Absolutely cannot proceed
+  ERROR: "error",       // Serious violation
+  WARNING: "warning",   // Should be addressed
+  INFO: "info",         // Advisory
+};
+
+/**
+ * Invariant scope types
+ */
+const SCOPE_TYPES = {
+  FILE: "file",         // Single file
+  DIRECTORY: "directory", // Directory and subdirectories
+  GLOB: "glob",         // Glob pattern
+  REGEX: "regex",       // Regex pattern
+  ALL: "all",           // Entire codebase
+};
+
+/**
+ * JSON Schema for invariant definitions
+ */
+const INVARIANT_SCHEMA = {
+  $schema: "http://json-schema.org/draft-07/schema#",
+  title: "VibeCheck Lawbook Invariant",
+  type: "object",
+  required: ["id", "rule"],
+  properties: {
+    id: {
+      type: "string",
+      description: "Unique identifier for this invariant",
+      pattern: "^[a-z0-9-]+$",
+    },
+    description: {
+      type: "string",
+      description: "Human-readable description of this invariant",
+    },
+    rule: {
+      type: "string",
+      enum: Object.values(INVARIANT_TYPES),
+      description: "Type of invariant rule",
+    },
+    scope: {
+      type: "string",
+      description: "Glob pattern defining where this rule applies",
+    },
+    target: {
+      type: "string",
+      description: "Target path/file for 'all-through' rules",
+    },
+    pattern: {
+      type: "string",
+      description: "Regex pattern to match/exclude",
+    },
+    exclude: {
+      oneOf: [
+        { type: "string" },
+        { type: "array", items: { type: "string" } },
+      ],
+      description: "Paths/patterns excluded from this rule",
+    },
+    violations: {
+      type: "array",
+      items: {
+        type: "object",
+        properties: {
+          pattern: { type: "string" },
+          exclude: {
+            oneOf: [
+              { type: "string" },
+              { type: "array", items: { type: "string" } },
+            ],
+          },
+          message: { type: "string" },
+        },
+      },
+      description: "Specific violation patterns to detect",
+    },
+    severity: {
+      type: "string",
+      enum: Object.values(INVARIANT_SEVERITY),
+      default: "error",
+      description: "Severity level when violated",
+    },
+    introduced: {
+      type: "string",
+      format: "date",
+      description: "Date this invariant was introduced",
+    },
+    incident: {
+      type: "string",
+      description: "Related incident ID that prompted this invariant",
+    },
+    owner: {
+      type: "string",
+      description: "Team/person responsible for this invariant",
+    },
+    registry: {
+      type: "string",
+      description: "Registry file for env-must-be-registered rules",
+    },
+    message: {
+      type: "string",
+      description: "Custom message when violated",
+    },
+    autofix: {
+      type: "object",
+      properties: {
+        enabled: { type: "boolean", default: false },
+        action: { type: "string" },
+        template: { type: "string" },
+      },
+      description: "Auto-fix configuration",
+    },
+    metadata: {
+      type: "object",
+      description: "Additional metadata",
+    },
+  },
+};
+
+/**
+ * Schema for the full lawbook YAML file
+ */
+const LAWBOOK_FILE_SCHEMA = {
+  $schema: "http://json-schema.org/draft-07/schema#",
+  title: "VibeCheck Lawbook",
+  type: "object",
+  properties: {
+    version: {
+      type: "string",
+      default: "1.0.0",
+      description: "Lawbook schema version",
+    },
+    name: {
+      type: "string",
+      description: "Name of this invariant library",
+    },
+    description: {
+      type: "string",
+      description: "Description of this invariant library",
+    },
+    extends: {
+      oneOf: [
+        { type: "string" },
+        { type: "array", items: { type: "string" } },
+      ],
+      description: "Other lawbooks this extends",
+    },
+    invariants: {
+      type: "array",
+      items: { $ref: "#/definitions/invariant" },
+      description: "List of invariant rules",
+    },
+    groups: {
+      type: "object",
+      additionalProperties: {
+        type: "array",
+        items: { type: "string" },
+      },
+      description: "Named groups of invariant IDs",
+    },
+  },
+  definitions: {
+    invariant: INVARIANT_SCHEMA,
+  },
+};
+
+/**
+ * Create a default invariant template
+ * @param {string} id - Invariant ID
+ * @param {string} rule - Rule type
+ * @returns {Object} Invariant template
+ */
+function createInvariantTemplate(id, rule) {
+  return {
+    id,
+    rule,
+    description: "",
+    scope: "**/*",
+    severity: INVARIANT_SEVERITY.ERROR,
+    introduced: new Date().toISOString().split("T")[0],
+    metadata: {},
+  };
+}
+
+/**
+ * Validate an invariant against the schema
+ * @param {Object} invariant - Invariant to validate
+ * @returns {Object} Validation result
+ */
+function validateInvariant(invariant) {
+  const errors = [];
+  
+  // Check required fields
+  if (!invariant.id) {
+    errors.push({ field: "id", message: "Invariant ID is required" });
+  } else if (!/^[a-z0-9-]+$/.test(invariant.id)) {
+    errors.push({ field: "id", message: "Invariant ID must be lowercase alphanumeric with hyphens" });
+  }
+  
+  if (!invariant.rule) {
+    errors.push({ field: "rule", message: "Rule type is required" });
+  } else if (!Object.values(INVARIANT_TYPES).includes(invariant.rule)) {
+    errors.push({ field: "rule", message: `Unknown rule type: ${invariant.rule}` });
+  }
+  
+  // Validate severity
+  if (invariant.severity && !Object.values(INVARIANT_SEVERITY).includes(invariant.severity)) {
+    errors.push({ field: "severity", message: `Unknown severity: ${invariant.severity}` });
+  }
+  
+  // Rule-specific validation
+  if (invariant.rule === INVARIANT_TYPES.ALL_THROUGH && !invariant.target) {
+    errors.push({ field: "target", message: "all-through rules require a target" });
+  }
+  
+  if ((invariant.rule === INVARIANT_TYPES.NEVER || invariant.rule === INVARIANT_TYPES.ALWAYS) && !invariant.pattern) {
+    errors.push({ field: "pattern", message: `${invariant.rule} rules require a pattern` });
+  }
+  
+  if (invariant.rule === INVARIANT_TYPES.ENV_MUST_BE_REGISTERED && !invariant.registry) {
+    errors.push({ field: "registry", message: "env-must-be-registered rules require a registry file" });
+  }
+  
+  return {
+    valid: errors.length === 0,
+    errors,
+  };
+}
+
+/**
+ * Parse a lawbook YAML string
+ * @param {string} content - YAML content
+ * @returns {Object} Parsed lawbook
+ */
+function parseLawbook(content) {
+  // Try to use js-yaml if available
+  try {
+    const yaml = require("js-yaml");
+    return yaml.load(content);
+  } catch {
+    // Fallback: basic YAML-like parsing for simple cases
+    return parseSimpleLawbook(content);
+  }
+}
+
+/**
+ * Simple lawbook parser for basic YAML structures
+ * @param {string} content - YAML content
+ * @returns {Object} Parsed lawbook
+ */
+function parseSimpleLawbook(content) {
+  const lines = content.split("\n");
+  const lawbook = {
+    version: "1.0.0",
+    invariants: [],
+  };
+  
+  let currentInvariant = null;
+  let currentKey = null;
+  let indent = 0;
+  
+  for (const line of lines) {
+    const trimmed = line.trim();
+    
+    // Skip comments and empty lines
+    if (!trimmed || trimmed.startsWith("#")) continue;
+    
+    // Check indent level
+    const currentIndent = line.search(/\S/);
+    
+    // Key-value pair
+    const kvMatch = trimmed.match(/^(\w+):\s*(.*)$/);
+    if (kvMatch) {
+      const [, key, value] = kvMatch;
+      
+      if (key === "invariants") {
+        // Start of invariants array
+        continue;
+      }
+      
+      if (currentIndent > indent && currentInvariant) {
+        // Nested property
+        currentInvariant[key] = value || undefined;
+      } else {
+        // Top-level property
+        lawbook[key] = value;
+      }
+      
+      currentKey = key;
+    }
+    
+    // Array item
+    if (trimmed.startsWith("- ")) {
+      const itemContent = trimmed.slice(2).trim();
+      
+      if (itemContent.startsWith("id:")) {
+        // New invariant
+        if (currentInvariant) {
+          lawbook.invariants.push(currentInvariant);
+        }
+        currentInvariant = { id: itemContent.slice(3).trim() };
+        indent = currentIndent;
+      }
+    }
+  }
+  
+  // Push last invariant
+  if (currentInvariant) {
+    lawbook.invariants.push(currentInvariant);
+  }
+  
+  return lawbook;
+}
+
+/**
+ * Serialize a lawbook to YAML string
+ * @param {Object} lawbook - Lawbook to serialize
+ * @returns {string} YAML string
+ */
+function serializeLawbook(lawbook) {
+  try {
+    const yaml = require("js-yaml");
+    return yaml.dump(lawbook, {
+      indent: 2,
+      lineWidth: 120,
+      noRefs: true,
+    });
+  } catch {
+    // Fallback: simple serialization
+    return JSON.stringify(lawbook, null, 2);
+  }
+}
+
+/**
+ * Create a default lawbook template
+ * @param {string} name - Lawbook name
+ * @returns {Object} Default lawbook
+ */
+function createDefaultLawbook(name = "project-invariants") {
+  return {
+    version: "1.0.0",
+    name,
+    description: "Project-specific invariant rules",
+    invariants: [
+      {
+        id: "example-no-console",
+        description: "No console.log in production code",
+        rule: INVARIANT_TYPES.NEVER,
+        scope: "src/**/*.{ts,tsx,js,jsx}",
+        pattern: "console\\.log\\(",
+        exclude: ["**/*.test.*", "**/*.spec.*"],
+        severity: INVARIANT_SEVERITY.WARNING,
+        introduced: new Date().toISOString().split("T")[0],
+      },
+    ],
+    groups: {
+      security: [],
+      architecture: [],
+      quality: [],
+    },
+  };
+}
+
+module.exports = {
+  INVARIANT_TYPES,
+  INVARIANT_SEVERITY,
+  INVARIANT_SCHEMA,
+  LAWBOOK_FILE_SCHEMA,
+  createInvariantTemplate,
+  validateInvariant,
+  parseLawbook,
+  serializeLawbook,
+  createDefaultLawbook,
+};

package/bin/runners/lib/agent-firewall/logger.js

@@ -0,0 +1,141 @@
+/**
+ * Agent Firewall Logger Utility
+ * 
+ * Centralized logging for agent-firewall modules.
+ * Provides structured logging without console.* calls.
+ */
+
+"use strict";
+
+/**
+ * Log levels
+ */
+const LOG_LEVELS = {
+  DEBUG: 0,
+  INFO: 1,
+  WARN: 2,
+  ERROR: 3,
+  SILENT: 4,
+};
+
+/**
+ * Current log level (from environment or default)
+ */
+let currentLevel = LOG_LEVELS.INFO;
+
+if (process.env.VIBECHECK_LOG_LEVEL) {
+  const envLevel = process.env.VIBECHECK_LOG_LEVEL.toUpperCase();
+  if (LOG_LEVELS[envLevel] !== undefined) {
+    currentLevel = LOG_LEVELS[envLevel];
+  }
+}
+
+/**
+ * Log buffer for inspection
+ */
+const logBuffer = [];
+const MAX_BUFFER_SIZE = 500;
+
+/**
+ * Write a log entry
+ * @param {number} level - Log level
+ * @param {string} levelName - Level name
+ * @param {string} module - Module name
+ * @param {string} message - Message
+ * @param {Error} [error] - Optional error
+ */
+function writeLog(level, levelName, module, message, error) {
+  if (level < currentLevel) return;
+  
+  const entry = {
+    timestamp: new Date().toISOString(),
+    level: levelName,
+    module,
+    message,
+    error: error ? { message: error.message, stack: error.stack } : null,
+  };
+  
+  // Buffer for later inspection
+  logBuffer.push(entry);
+  if (logBuffer.length > MAX_BUFFER_SIZE) {
+    logBuffer.shift();
+  }
+  
+  // Only write to stderr in debug mode or for warnings/errors
+  const formatted = `[${entry.timestamp}] [${levelName}] [${module}] ${message}`;
+  if (level >= LOG_LEVELS.WARN || process.env.VIBECHECK_DEBUG) {
+    process.stderr.write(formatted + '\n');
+  }
+}
+
+/**
+ * Create a logger for a module
+ * @param {string} moduleName - Module name
+ * @returns {Object} Logger
+ */
+function createLogger(moduleName) {
+  return {
+    debug: function(msg) { writeLog(LOG_LEVELS.DEBUG, 'DEBUG', moduleName, msg); },
+    info: function(msg) { writeLog(LOG_LEVELS.INFO, 'INFO', moduleName, msg); },
+    warn: function(msg, err) { writeLog(LOG_LEVELS.WARN, 'WARN', moduleName, msg, err || null); },
+    error: function(msg, err) { writeLog(LOG_LEVELS.ERROR, 'ERROR', moduleName, msg, err || null); },
+  };
+}
+
+/**
+ * Get error message safely
+ * @param {*} error - Error
+ * @returns {string} Message
+ */
+function getErrorMessage(error) {
+  if (error instanceof Error) return error.message;
+  if (typeof error === 'string') return error;
+  if (error && typeof error === 'object' && 'message' in error) {
+    return String(error.message);
+  }
+  return String(error);
+}
+
+/**
+ * Set log level
+ * @param {string|number} level - Level
+ */
+function setLogLevel(level) {
+  if (typeof level === 'string') {
+    const upper = level.toUpperCase();
+    if (LOG_LEVELS[upper] !== undefined) {
+      currentLevel = LOG_LEVELS[upper];
+    }
+  } else if (typeof level === 'number') {
+    currentLevel = level;
+  }
+}
+
+/**
+ * Get recent logs
+ * @param {number} count - Count
+ * @returns {Object[]} Logs
+ */
+function getRecentLogs(count) {
+  return logBuffer.slice(-(count || 100));
+}
+
+// Pre-created loggers
+const lawbookLogger = createLogger('Lawbook');
+const timeMachineLogger = createLogger('TimeMachine');
+const realityLogger = createLogger('Reality');
+const criticLogger = createLogger('Critic');
+const simulatorLogger = createLogger('Simulator');
+
+module.exports = {
+  createLogger,
+  getErrorMessage,
+  setLogLevel,
+  getRecentLogs,
+  LOG_LEVELS,
+  lawbookLogger,
+  timeMachineLogger,
+  realityLogger,
+  criticLogger,
+  simulatorLogger,
+};