@vibecheckai/cli 3.2.5 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (197) hide show
  1. package/bin/.generated +25 -25
  2. package/bin/dev/run-v2-torture.js +30 -30
  3. package/bin/registry.js +192 -5
  4. package/bin/runners/lib/__tests__/entitlements-v2.test.js +295 -295
  5. package/bin/runners/lib/agent-firewall/change-packet/builder.js +280 -6
  6. package/bin/runners/lib/agent-firewall/critic/index.js +151 -0
  7. package/bin/runners/lib/agent-firewall/critic/judge.js +432 -0
  8. package/bin/runners/lib/agent-firewall/critic/prompts.js +305 -0
  9. package/bin/runners/lib/agent-firewall/lawbook/distributor.js +465 -0
  10. package/bin/runners/lib/agent-firewall/lawbook/evaluator.js +604 -0
  11. package/bin/runners/lib/agent-firewall/lawbook/index.js +304 -0
  12. package/bin/runners/lib/agent-firewall/lawbook/registry.js +514 -0
  13. package/bin/runners/lib/agent-firewall/lawbook/schema.js +420 -0
  14. package/bin/runners/lib/agent-firewall/logger.js +141 -0
  15. package/bin/runners/lib/agent-firewall/policy/loader.js +312 -4
  16. package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js +113 -1
  17. package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +133 -6
  18. package/bin/runners/lib/agent-firewall/proposal/extractor.js +394 -0
  19. package/bin/runners/lib/agent-firewall/proposal/index.js +212 -0
  20. package/bin/runners/lib/agent-firewall/proposal/schema.js +251 -0
  21. package/bin/runners/lib/agent-firewall/proposal/validator.js +386 -0
  22. package/bin/runners/lib/agent-firewall/reality/index.js +332 -0
  23. package/bin/runners/lib/agent-firewall/reality/state.js +625 -0
  24. package/bin/runners/lib/agent-firewall/reality/watcher.js +322 -0
  25. package/bin/runners/lib/agent-firewall/risk/index.js +173 -0
  26. package/bin/runners/lib/agent-firewall/risk/scorer.js +328 -0
  27. package/bin/runners/lib/agent-firewall/risk/thresholds.js +321 -0
  28. package/bin/runners/lib/agent-firewall/risk/vectors.js +421 -0
  29. package/bin/runners/lib/agent-firewall/simulator/diff-simulator.js +472 -0
  30. package/bin/runners/lib/agent-firewall/simulator/import-resolver.js +346 -0
  31. package/bin/runners/lib/agent-firewall/simulator/index.js +181 -0
  32. package/bin/runners/lib/agent-firewall/simulator/route-validator.js +380 -0
  33. package/bin/runners/lib/agent-firewall/time-machine/incident-correlator.js +661 -0
  34. package/bin/runners/lib/agent-firewall/time-machine/index.js +267 -0
  35. package/bin/runners/lib/agent-firewall/time-machine/replay-engine.js +436 -0
  36. package/bin/runners/lib/agent-firewall/time-machine/state-reconstructor.js +490 -0
  37. package/bin/runners/lib/agent-firewall/time-machine/timeline-builder.js +530 -0
  38. package/bin/runners/lib/analyzers.js +81 -18
  39. package/bin/runners/lib/api-client.js +269 -0
  40. package/bin/runners/lib/auth-truth.js +193 -193
  41. package/bin/runners/lib/authority-badge.js +425 -0
  42. package/bin/runners/lib/backup.js +62 -62
  43. package/bin/runners/lib/billing.js +107 -107
  44. package/bin/runners/lib/claims.js +118 -118
  45. package/bin/runners/lib/cli-output.js +7 -1
  46. package/bin/runners/lib/cli-ui.js +540 -540
  47. package/bin/runners/lib/contracts/auth-contract.js +202 -202
  48. package/bin/runners/lib/contracts/env-contract.js +181 -181
  49. package/bin/runners/lib/contracts/external-contract.js +206 -206
  50. package/bin/runners/lib/contracts/guard.js +168 -168
  51. package/bin/runners/lib/contracts/index.js +89 -89
  52. package/bin/runners/lib/contracts/plan-validator.js +311 -311
  53. package/bin/runners/lib/contracts/route-contract.js +199 -199
  54. package/bin/runners/lib/contracts.js +804 -804
  55. package/bin/runners/lib/detect.js +89 -89
  56. package/bin/runners/lib/doctor/autofix.js +254 -254
  57. package/bin/runners/lib/doctor/index.js +37 -37
  58. package/bin/runners/lib/doctor/modules/dependencies.js +325 -325
  59. package/bin/runners/lib/doctor/modules/index.js +46 -46
  60. package/bin/runners/lib/doctor/modules/network.js +250 -250
  61. package/bin/runners/lib/doctor/modules/project.js +312 -312
  62. package/bin/runners/lib/doctor/modules/runtime.js +224 -224
  63. package/bin/runners/lib/doctor/modules/security.js +348 -348
  64. package/bin/runners/lib/doctor/modules/system.js +213 -213
  65. package/bin/runners/lib/doctor/modules/vibecheck.js +394 -394
  66. package/bin/runners/lib/doctor/reporter.js +262 -262
  67. package/bin/runners/lib/doctor/service.js +262 -262
  68. package/bin/runners/lib/doctor/types.js +113 -113
  69. package/bin/runners/lib/doctor/ui.js +263 -263
  70. package/bin/runners/lib/doctor-v2.js +608 -608
  71. package/bin/runners/lib/drift.js +425 -425
  72. package/bin/runners/lib/enforcement.js +72 -72
  73. package/bin/runners/lib/enterprise-detect.js +603 -603
  74. package/bin/runners/lib/enterprise-init.js +942 -942
  75. package/bin/runners/lib/env-resolver.js +417 -417
  76. package/bin/runners/lib/env-template.js +66 -66
  77. package/bin/runners/lib/env.js +189 -189
  78. package/bin/runners/lib/error-handler.js +16 -9
  79. package/bin/runners/lib/exit-codes.js +275 -0
  80. package/bin/runners/lib/extractors/client-calls.js +990 -990
  81. package/bin/runners/lib/extractors/fastify-route-dump.js +573 -573
  82. package/bin/runners/lib/extractors/fastify-routes.js +426 -426
  83. package/bin/runners/lib/extractors/index.js +363 -363
  84. package/bin/runners/lib/extractors/next-routes.js +524 -524
  85. package/bin/runners/lib/extractors/proof-graph.js +431 -431
  86. package/bin/runners/lib/extractors/route-matcher.js +451 -451
  87. package/bin/runners/lib/extractors/truthpack-v2.js +377 -377
  88. package/bin/runners/lib/extractors/ui-bindings.js +547 -547
  89. package/bin/runners/lib/findings-schema.js +281 -281
  90. package/bin/runners/lib/firewall-prompt.js +50 -50
  91. package/bin/runners/lib/global-flags.js +37 -0
  92. package/bin/runners/lib/graph/graph-builder.js +265 -265
  93. package/bin/runners/lib/graph/html-renderer.js +413 -413
  94. package/bin/runners/lib/graph/index.js +32 -32
  95. package/bin/runners/lib/graph/runtime-collector.js +215 -215
  96. package/bin/runners/lib/graph/static-extractor.js +518 -518
  97. package/bin/runners/lib/help-formatter.js +413 -0
  98. package/bin/runners/lib/html-report.js +650 -650
  99. package/bin/runners/lib/llm.js +75 -75
  100. package/bin/runners/lib/logger.js +38 -0
  101. package/bin/runners/lib/meter.js +61 -61
  102. package/bin/runners/lib/missions/evidence.js +126 -126
  103. package/bin/runners/lib/patch.js +40 -40
  104. package/bin/runners/lib/permissions/auth-model.js +213 -213
  105. package/bin/runners/lib/permissions/idor-prover.js +205 -205
  106. package/bin/runners/lib/permissions/index.js +45 -45
  107. package/bin/runners/lib/permissions/matrix-builder.js +198 -198
  108. package/bin/runners/lib/pkgjson.js +28 -28
  109. package/bin/runners/lib/policy.js +295 -295
  110. package/bin/runners/lib/preflight.js +142 -142
  111. package/bin/runners/lib/reality/correlation-detectors.js +359 -359
  112. package/bin/runners/lib/reality/index.js +318 -318
  113. package/bin/runners/lib/reality/request-hashing.js +416 -416
  114. package/bin/runners/lib/reality/request-mapper.js +453 -453
  115. package/bin/runners/lib/reality/safety-rails.js +463 -463
  116. package/bin/runners/lib/reality/semantic-snapshot.js +408 -408
  117. package/bin/runners/lib/reality/toast-detector.js +393 -393
  118. package/bin/runners/lib/reality-findings.js +84 -84
  119. package/bin/runners/lib/receipts.js +179 -179
  120. package/bin/runners/lib/redact.js +29 -29
  121. package/bin/runners/lib/replay/capsule-manager.js +154 -154
  122. package/bin/runners/lib/replay/index.js +263 -263
  123. package/bin/runners/lib/replay/player.js +348 -348
  124. package/bin/runners/lib/replay/recorder.js +331 -331
  125. package/bin/runners/lib/report.js +135 -135
  126. package/bin/runners/lib/route-detection.js +1140 -1140
  127. package/bin/runners/lib/sandbox/index.js +59 -59
  128. package/bin/runners/lib/sandbox/proof-chain.js +399 -399
  129. package/bin/runners/lib/sandbox/sandbox-runner.js +205 -205
  130. package/bin/runners/lib/sandbox/worktree.js +174 -174
  131. package/bin/runners/lib/schema-validator.js +350 -350
  132. package/bin/runners/lib/schemas/contracts.schema.json +160 -160
  133. package/bin/runners/lib/schemas/finding.schema.json +100 -100
  134. package/bin/runners/lib/schemas/mission-pack.schema.json +206 -206
  135. package/bin/runners/lib/schemas/proof-graph.schema.json +176 -176
  136. package/bin/runners/lib/schemas/reality-report.schema.json +162 -162
  137. package/bin/runners/lib/schemas/share-pack.schema.json +180 -180
  138. package/bin/runners/lib/schemas/ship-report.schema.json +117 -117
  139. package/bin/runners/lib/schemas/truthpack-v2.schema.json +303 -303
  140. package/bin/runners/lib/schemas/validator.js +438 -438
  141. package/bin/runners/lib/score-history.js +282 -282
  142. package/bin/runners/lib/share-pack.js +239 -239
  143. package/bin/runners/lib/snippets.js +67 -67
  144. package/bin/runners/lib/unified-cli-output.js +604 -0
  145. package/bin/runners/lib/upsell.js +658 -510
  146. package/bin/runners/lib/usage.js +153 -153
  147. package/bin/runners/lib/validate-patch.js +156 -156
  148. package/bin/runners/lib/verdict-engine.js +628 -628
  149. package/bin/runners/reality/engine.js +917 -917
  150. package/bin/runners/reality/flows.js +122 -122
  151. package/bin/runners/reality/report.js +378 -378
  152. package/bin/runners/reality/session.js +193 -193
  153. package/bin/runners/runAgent.d.ts +5 -0
  154. package/bin/runners/runApprove.js +1200 -0
  155. package/bin/runners/runAuth.js +324 -95
  156. package/bin/runners/runCheckpoint.js +39 -21
  157. package/bin/runners/runClassify.js +859 -0
  158. package/bin/runners/runContext.js +136 -24
  159. package/bin/runners/runDoctor.js +108 -68
  160. package/bin/runners/runFirewall.d.ts +5 -0
  161. package/bin/runners/runFirewallHook.d.ts +5 -0
  162. package/bin/runners/runFix.js +6 -5
  163. package/bin/runners/runGuard.js +262 -168
  164. package/bin/runners/runInit.js +3 -2
  165. package/bin/runners/runMcp.js +130 -52
  166. package/bin/runners/runPolish.js +43 -20
  167. package/bin/runners/runProve.js +1 -2
  168. package/bin/runners/runReport.js +3 -2
  169. package/bin/runners/runScan.js +145 -44
  170. package/bin/runners/runShip.js +3 -4
  171. package/bin/runners/runTruth.d.ts +5 -0
  172. package/bin/runners/runValidate.js +19 -2
  173. package/bin/runners/runWatch.js +104 -53
  174. package/bin/vibecheck.js +106 -19
  175. package/mcp-server/HARDENING_SUMMARY.md +299 -0
  176. package/mcp-server/agent-firewall-interceptor.js +367 -31
  177. package/mcp-server/authority-tools.js +569 -0
  178. package/mcp-server/conductor/conflict-resolver.js +588 -0
  179. package/mcp-server/conductor/execution-planner.js +544 -0
  180. package/mcp-server/conductor/index.js +377 -0
  181. package/mcp-server/conductor/lock-manager.js +615 -0
  182. package/mcp-server/conductor/request-queue.js +550 -0
  183. package/mcp-server/conductor/session-manager.js +500 -0
  184. package/mcp-server/conductor/tools.js +510 -0
  185. package/mcp-server/index.js +1199 -208
  186. package/mcp-server/lib/api-client.cjs +305 -0
  187. package/mcp-server/lib/logger.cjs +30 -0
  188. package/mcp-server/logger.js +173 -0
  189. package/mcp-server/package.json +2 -2
  190. package/mcp-server/premium-tools.js +2 -2
  191. package/mcp-server/tier-auth.js +351 -136
  192. package/mcp-server/tools/index.js +72 -72
  193. package/mcp-server/truth-firewall-tools.js +145 -15
  194. package/mcp-server/vibecheck-tools.js +2 -2
  195. package/package.json +2 -3
  196. package/mcp-server/index.old.js +0 -4137
  197. package/mcp-server/package-lock.json +0 -165
package/bin/runners/lib/doctor/modules/dependencies.js CHANGED
@@ -1,325 +1,325 @@
1
- /**
2
- * Dependencies Diagnostics Module
3
- *
4
- * Checks for outdated packages, vulnerabilities, and dependency health
5
- */
6
-
7
- const fs = require('fs');
8
- const path = require('path');
9
- const { execSync } = require('child_process');
10
- const { SEVERITY, CATEGORY, FIX_TYPE } = require('../types');
11
-
12
- const MODULE_ID = 'dependencies';
13
-
14
- function createDiagnostics(projectPath) {
15
- return [
16
- {
17
- id: `${MODULE_ID}.outdated`,
18
- name: 'Outdated Packages',
19
- category: CATEGORY.DEPENDENCIES,
20
- parallel: true,
21
- check: async () => {
22
- try {
23
- // Try npm outdated (returns non-zero if outdated packages exist)
24
- const result = execSync('npm outdated --json 2>/dev/null || echo "{}"', {
25
- cwd: projectPath,
26
- encoding: 'utf8',
27
- timeout: 30000,
28
- stdio: ['pipe', 'pipe', 'pipe'],
29
- }).trim();
30
-
31
- const outdated = JSON.parse(result || '{}');
32
- const count = Object.keys(outdated).length;
33
-
34
- const metadata = { count, packages: outdated };
35
-
36
- // Check for major version updates
37
- const majorUpdates = Object.entries(outdated).filter(([_, info]) => {
38
- const current = parseInt((info.current || '0').split('.')[0]);
39
- const latest = parseInt((info.latest || '0').split('.')[0]);
40
- return latest > current;
41
- });
42
-
43
- if (majorUpdates.length > 0) {
44
- return {
45
- severity: SEVERITY.INFO,
46
- message: `${count} outdated (${majorUpdates.length} major)`,
47
- detail: `Major updates: ${majorUpdates.slice(0, 3).map(([n]) => n).join(', ')}${majorUpdates.length > 3 ? '...' : ''}`,
48
- metadata,
49
- fixes: [{
50
- type: FIX_TYPE.COMMAND,
51
- description: 'Update all packages',
52
- command: 'npm update',
53
- autoFixable: false,
54
- }],
55
- };
56
- }
57
-
58
- if (count > 0) {
59
- return {
60
- severity: SEVERITY.INFO,
61
- message: `${count} minor/patch updates available`,
62
- metadata,
63
- };
64
- }
65
-
66
- return {
67
- severity: SEVERITY.PASS,
68
- message: 'All packages up to date',
69
- metadata,
70
- };
71
- } catch {
72
- return {
73
- severity: SEVERITY.INFO,
74
- message: 'Could not check for outdated packages',
75
- };
76
- }
77
- },
78
- },
79
- {
80
- id: `${MODULE_ID}.audit`,
81
- name: 'Security Vulnerabilities',
82
- category: CATEGORY.DEPENDENCIES,
83
- parallel: true,
84
- check: async () => {
85
- try {
86
- const result = execSync('npm audit --json 2>/dev/null || echo "{}"', {
87
- cwd: projectPath,
88
- encoding: 'utf8',
89
- timeout: 60000,
90
- stdio: ['pipe', 'pipe', 'pipe'],
91
- }).trim();
92
-
93
- let audit;
94
- try {
95
- audit = JSON.parse(result || '{}');
96
- } catch {
97
- return {
98
- severity: SEVERITY.INFO,
99
- message: 'Could not parse audit results',
100
- };
101
- }
102
-
103
- const vulnerabilities = audit.metadata?.vulnerabilities || {};
104
- const total = vulnerabilities.total || 0;
105
- const critical = vulnerabilities.critical || 0;
106
- const high = vulnerabilities.high || 0;
107
- const moderate = vulnerabilities.moderate || 0;
108
- const low = vulnerabilities.low || 0;
109
-
110
- const metadata = { total, critical, high, moderate, low };
111
-
112
- if (critical > 0) {
113
- return {
114
- severity: SEVERITY.ERROR,
115
- message: `${critical} critical vulnerabilities`,
116
- detail: `Total: ${total} (${high} high, ${moderate} moderate, ${low} low)`,
117
- metadata,
118
- fixes: [
119
- {
120
- type: FIX_TYPE.COMMAND,
121
- description: 'Auto-fix vulnerabilities',
122
- command: 'npm audit fix',
123
- autoFixable: true,
124
- },
125
- {
126
- type: FIX_TYPE.COMMAND,
127
- description: 'Force fix (may have breaking changes)',
128
- command: 'npm audit fix --force',
129
- dangerous: true,
130
- autoFixable: false,
131
- },
132
- ],
133
- };
134
- }
135
-
136
- if (high > 0) {
137
- return {
138
- severity: SEVERITY.WARNING,
139
- message: `${high} high severity vulnerabilities`,
140
- detail: `Total: ${total} (${moderate} moderate, ${low} low)`,
141
- metadata,
142
- fixes: [{
143
- type: FIX_TYPE.COMMAND,
144
- description: 'Auto-fix vulnerabilities',
145
- command: 'npm audit fix',
146
- autoFixable: true,
147
- }],
148
- };
149
- }
150
-
151
- if (total > 0) {
152
- return {
153
- severity: SEVERITY.INFO,
154
- message: `${total} low/moderate vulnerabilities`,
155
- metadata,
156
- };
157
- }
158
-
159
- return {
160
- severity: SEVERITY.PASS,
161
- message: 'No known vulnerabilities',
162
- metadata,
163
- };
164
- } catch {
165
- return {
166
- severity: SEVERITY.INFO,
167
- message: 'Could not run security audit',
168
- };
169
- }
170
- },
171
- },
172
- {
173
- id: `${MODULE_ID}.peer_deps`,
174
- name: 'Peer Dependencies',
175
- category: CATEGORY.DEPENDENCIES,
176
- parallel: true,
177
- check: async () => {
178
- try {
179
- const result = execSync('npm ls --json 2>&1 || true', {
180
- cwd: projectPath,
181
- encoding: 'utf8',
182
- timeout: 30000,
183
- stdio: ['pipe', 'pipe', 'pipe'],
184
- });
185
-
186
- // Look for peer dependency warnings
187
- const peerWarnings = (result.match(/WARN.*peer/gi) || []).length;
188
- const missingPeers = (result.match(/missing peer/gi) || []).length;
189
-
190
- const metadata = { peerWarnings, missingPeers };
191
-
192
- if (missingPeers > 0) {
193
- return {
194
- severity: SEVERITY.WARNING,
195
- message: `${missingPeers} missing peer dependencies`,
196
- metadata,
197
- fixes: [{
198
- type: FIX_TYPE.COMMAND,
199
- description: 'Install peer dependencies',
200
- command: 'npm install --legacy-peer-deps',
201
- autoFixable: false,
202
- }],
203
- };
204
- }
205
-
206
- return {
207
- severity: SEVERITY.PASS,
208
- message: 'Peer dependencies satisfied',
209
- metadata,
210
- };
211
- } catch {
212
- return {
213
- severity: SEVERITY.INFO,
214
- message: 'Could not check peer dependencies',
215
- };
216
- }
217
- },
218
- },
219
- {
220
- id: `${MODULE_ID}.duplicate`,
221
- name: 'Duplicate Packages',
222
- category: CATEGORY.DEPENDENCIES,
223
- parallel: true,
224
- check: async () => {
225
- try {
226
- const result = execSync('npm dedupe --dry-run 2>&1 || true', {
227
- cwd: projectPath,
228
- encoding: 'utf8',
229
- timeout: 30000,
230
- stdio: ['pipe', 'pipe', 'pipe'],
231
- });
232
-
233
- const wouldDedupe = result.includes('removed') || result.includes('dedupe');
234
-
235
- if (wouldDedupe) {
236
- return {
237
- severity: SEVERITY.INFO,
238
- message: 'Deduplication possible',
239
- fixes: [{
240
- type: FIX_TYPE.COMMAND,
241
- description: 'Deduplicate packages',
242
- command: 'npm dedupe',
243
- autoFixable: true,
244
- }],
245
- };
246
- }
247
-
248
- return {
249
- severity: SEVERITY.PASS,
250
- message: 'No duplicates found',
251
- };
252
- } catch {
253
- return {
254
- severity: SEVERITY.INFO,
255
- message: 'Could not check for duplicates',
256
- };
257
- }
258
- },
259
- },
260
- {
261
- id: `${MODULE_ID}.engines`,
262
- name: 'Engine Requirements',
263
- category: CATEGORY.DEPENDENCIES,
264
- parallel: true,
265
- check: async () => {
266
- const pkgPath = path.join(projectPath, 'package.json');
267
-
268
- try {
269
- const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
270
-
271
- if (!pkg.engines) {
272
- return {
273
- severity: SEVERITY.INFO,
274
- message: 'No engine requirements specified',
275
- fixes: [{
276
- type: FIX_TYPE.MANUAL,
277
- description: 'Add "engines" field to package.json to enforce Node version',
278
- autoFixable: false,
279
- }],
280
- };
281
- }
282
-
283
- const nodeReq = pkg.engines.node;
284
- const npmReq = pkg.engines.npm;
285
-
286
- const metadata = { nodeReq, npmReq };
287
-
288
- // Basic semver check against current version
289
- if (nodeReq) {
290
- const currentMajor = parseInt(process.version.slice(1).split('.')[0]);
291
- const minMatch = nodeReq.match(/>=?\s*(\d+)/);
292
- const minRequired = minMatch ? parseInt(minMatch[1]) : 0;
293
-
294
- if (currentMajor < minRequired) {
295
- return {
296
- severity: SEVERITY.ERROR,
297
- message: `Node ${process.version} does not satisfy "${nodeReq}"`,
298
- metadata,
299
- fixes: [{
300
- type: FIX_TYPE.COMMAND,
301
- description: `Upgrade to Node ${minRequired}+`,
302
- command: `nvm install ${minRequired}`,
303
- autoFixable: false,
304
- }],
305
- };
306
- }
307
- }
308
-
309
- return {
310
- severity: SEVERITY.PASS,
311
- message: nodeReq ? `node: ${nodeReq}` : 'Specified',
312
- metadata,
313
- };
314
- } catch {
315
- return {
316
- severity: SEVERITY.INFO,
317
- message: 'Could not check engine requirements',
318
- };
319
- }
320
- },
321
- },
322
- ];
323
- }
324
-
325
- module.exports = { MODULE_ID, createDiagnostics };
1
+ /**
2
+ * Dependencies Diagnostics Module
3
+ *
4
+ * Checks for outdated packages, vulnerabilities, and dependency health
5
+ */
6
+
7
+ const fs = require('fs');
8
+ const path = require('path');
9
+ const { execSync } = require('child_process');
10
+ const { SEVERITY, CATEGORY, FIX_TYPE } = require('../types');
11
+
12
+ const MODULE_ID = 'dependencies';
13
+
14
+ function createDiagnostics(projectPath) {
15
+ return [
16
+ {
17
+ id: `${MODULE_ID}.outdated`,
18
+ name: 'Outdated Packages',
19
+ category: CATEGORY.DEPENDENCIES,
20
+ parallel: true,
21
+ check: async () => {
22
+ try {
23
+ // Try npm outdated (returns non-zero if outdated packages exist)
24
+ const result = execSync('npm outdated --json 2>/dev/null || echo "{}"', {
25
+ cwd: projectPath,
26
+ encoding: 'utf8',
27
+ timeout: 30000,
28
+ stdio: ['pipe', 'pipe', 'pipe'],
29
+ }).trim();
30
+
31
+ const outdated = JSON.parse(result || '{}');
32
+ const count = Object.keys(outdated).length;
33
+
34
+ const metadata = { count, packages: outdated };
35
+
36
+ // Check for major version updates
37
+ const majorUpdates = Object.entries(outdated).filter(([_, info]) => {
38
+ const current = parseInt((info.current || '0').split('.')[0]);
39
+ const latest = parseInt((info.latest || '0').split('.')[0]);
40
+ return latest > current;
41
+ });
42
+
43
+ if (majorUpdates.length > 0) {
44
+ return {
45
+ severity: SEVERITY.INFO,
46
+ message: `${count} outdated (${majorUpdates.length} major)`,
47
+ detail: `Major updates: ${majorUpdates.slice(0, 3).map(([n]) => n).join(', ')}${majorUpdates.length > 3 ? '...' : ''}`,
48
+ metadata,
49
+ fixes: [{
50
+ type: FIX_TYPE.COMMAND,
51
+ description: 'Update all packages',
52
+ command: 'npm update',
53
+ autoFixable: false,
54
+ }],
55
+ };
56
+ }
57
+
58
+ if (count > 0) {
59
+ return {
60
+ severity: SEVERITY.INFO,
61
+ message: `${count} minor/patch updates available`,
62
+ metadata,
63
+ };
64
+ }
65
+
66
+ return {
67
+ severity: SEVERITY.PASS,
68
+ message: 'All packages up to date',
69
+ metadata,
70
+ };
71
+ } catch {
72
+ return {
73
+ severity: SEVERITY.INFO,
74
+ message: 'Could not check for outdated packages',
75
+ };
76
+ }
77
+ },
78
+ },
79
+ {
80
+ id: `${MODULE_ID}.audit`,
81
+ name: 'Security Vulnerabilities',
82
+ category: CATEGORY.DEPENDENCIES,
83
+ parallel: true,
84
+ check: async () => {
85
+ try {
86
+ const result = execSync('npm audit --json 2>/dev/null || echo "{}"', {
87
+ cwd: projectPath,
88
+ encoding: 'utf8',
89
+ timeout: 60000,
90
+ stdio: ['pipe', 'pipe', 'pipe'],
91
+ }).trim();
92
+
93
+ let audit;
94
+ try {
95
+ audit = JSON.parse(result || '{}');
96
+ } catch {
97
+ return {
98
+ severity: SEVERITY.INFO,
99
+ message: 'Could not parse audit results',
100
+ };
101
+ }
102
+
103
+ const vulnerabilities = audit.metadata?.vulnerabilities || {};
104
+ const total = vulnerabilities.total || 0;
105
+ const critical = vulnerabilities.critical || 0;
106
+ const high = vulnerabilities.high || 0;
107
+ const moderate = vulnerabilities.moderate || 0;
108
+ const low = vulnerabilities.low || 0;
109
+
110
+ const metadata = { total, critical, high, moderate, low };
111
+
112
+ if (critical > 0) {
113
+ return {
114
+ severity: SEVERITY.ERROR,
115
+ message: `${critical} critical vulnerabilities`,
116
+ detail: `Total: ${total} (${high} high, ${moderate} moderate, ${low} low)`,
117
+ metadata,
118
+ fixes: [
119
+ {
120
+ type: FIX_TYPE.COMMAND,
121
+ description: 'Auto-fix vulnerabilities',
122
+ command: 'npm audit fix',
123
+ autoFixable: true,
124
+ },
125
+ {
126
+ type: FIX_TYPE.COMMAND,
127
+ description: 'Force fix (may have breaking changes)',
128
+ command: 'npm audit fix --force',
129
+ dangerous: true,
130
+ autoFixable: false,
131
+ },
132
+ ],
133
+ };
134
+ }
135
+
136
+ if (high > 0) {
137
+ return {
138
+ severity: SEVERITY.WARNING,
139
+ message: `${high} high severity vulnerabilities`,
140
+ detail: `Total: ${total} (${moderate} moderate, ${low} low)`,
141
+ metadata,
142
+ fixes: [{
143
+ type: FIX_TYPE.COMMAND,
144
+ description: 'Auto-fix vulnerabilities',
145
+ command: 'npm audit fix',
146
+ autoFixable: true,
147
+ }],
148
+ };
149
+ }
150
+
151
+ if (total > 0) {
152
+ return {
153
+ severity: SEVERITY.INFO,
154
+ message: `${total} low/moderate vulnerabilities`,
155
+ metadata,
156
+ };
157
+ }
158
+
159
+ return {
160
+ severity: SEVERITY.PASS,
161
+ message: 'No known vulnerabilities',
162
+ metadata,
163
+ };
164
+ } catch {
165
+ return {
166
+ severity: SEVERITY.INFO,
167
+ message: 'Could not run security audit',
168
+ };
169
+ }
170
+ },
171
+ },
172
+ {
173
+ id: `${MODULE_ID}.peer_deps`,
174
+ name: 'Peer Dependencies',
175
+ category: CATEGORY.DEPENDENCIES,
176
+ parallel: true,
177
+ check: async () => {
178
+ try {
179
+ const result = execSync('npm ls --json 2>&1 || true', {
180
+ cwd: projectPath,
181
+ encoding: 'utf8',
182
+ timeout: 30000,
183
+ stdio: ['pipe', 'pipe', 'pipe'],
184
+ });
185
+
186
+ // Look for peer dependency warnings
187
+ const peerWarnings = (result.match(/WARN.*peer/gi) || []).length;
188
+ const missingPeers = (result.match(/missing peer/gi) || []).length;
189
+
190
+ const metadata = { peerWarnings, missingPeers };
191
+
192
+ if (missingPeers > 0) {
193
+ return {
194
+ severity: SEVERITY.WARNING,
195
+ message: `${missingPeers} missing peer dependencies`,
196
+ metadata,
197
+ fixes: [{
198
+ type: FIX_TYPE.COMMAND,
199
+ description: 'Install peer dependencies',
200
+ command: 'npm install --legacy-peer-deps',
201
+ autoFixable: false,
202
+ }],
203
+ };
204
+ }
205
+
206
+ return {
207
+ severity: SEVERITY.PASS,
208
+ message: 'Peer dependencies satisfied',
209
+ metadata,
210
+ };
211
+ } catch {
212
+ return {
213
+ severity: SEVERITY.INFO,
214
+ message: 'Could not check peer dependencies',
215
+ };
216
+ }
217
+ },
218
+ },
219
+ {
220
+ id: `${MODULE_ID}.duplicate`,
221
+ name: 'Duplicate Packages',
222
+ category: CATEGORY.DEPENDENCIES,
223
+ parallel: true,
224
+ check: async () => {
225
+ try {
226
+ const result = execSync('npm dedupe --dry-run 2>&1 || true', {
227
+ cwd: projectPath,
228
+ encoding: 'utf8',
229
+ timeout: 30000,
230
+ stdio: ['pipe', 'pipe', 'pipe'],
231
+ });
232
+
233
+ const wouldDedupe = result.includes('removed') || result.includes('dedupe');
234
+
235
+ if (wouldDedupe) {
236
+ return {
237
+ severity: SEVERITY.INFO,
238
+ message: 'Deduplication possible',
239
+ fixes: [{
240
+ type: FIX_TYPE.COMMAND,
241
+ description: 'Deduplicate packages',
242
+ command: 'npm dedupe',
243
+ autoFixable: true,
244
+ }],
245
+ };
246
+ }
247
+
248
+ return {
249
+ severity: SEVERITY.PASS,
250
+ message: 'No duplicates found',
251
+ };
252
+ } catch {
253
+ return {
254
+ severity: SEVERITY.INFO,
255
+ message: 'Could not check for duplicates',
256
+ };
257
+ }
258
+ },
259
+ },
260
+ {
261
+ id: `${MODULE_ID}.engines`,
262
+ name: 'Engine Requirements',
263
+ category: CATEGORY.DEPENDENCIES,
264
+ parallel: true,
265
+ check: async () => {
266
+ const pkgPath = path.join(projectPath, 'package.json');
267
+
268
+ try {
269
+ const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
270
+
271
+ if (!pkg.engines) {
272
+ return {
273
+ severity: SEVERITY.INFO,
274
+ message: 'No engine requirements specified',
275
+ fixes: [{
276
+ type: FIX_TYPE.MANUAL,
277
+ description: 'Add "engines" field to package.json to enforce Node version',
278
+ autoFixable: false,
279
+ }],
280
+ };
281
+ }
282
+
283
+ const nodeReq = pkg.engines.node;
284
+ const npmReq = pkg.engines.npm;
285
+
286
+ const metadata = { nodeReq, npmReq };
287
+
288
+ // Basic semver check against current version
289
+ if (nodeReq) {
290
+ const currentMajor = parseInt(process.version.slice(1).split('.')[0]);
291
+ const minMatch = nodeReq.match(/>=?\s*(\d+)/);
292
+ const minRequired = minMatch ? parseInt(minMatch[1]) : 0;
293
+
294
+ if (currentMajor < minRequired) {
295
+ return {
296
+ severity: SEVERITY.ERROR,
297
+ message: `Node ${process.version} does not satisfy "${nodeReq}"`,
298
+ metadata,
299
+ fixes: [{
300
+ type: FIX_TYPE.COMMAND,
301
+ description: `Upgrade to Node ${minRequired}+`,
302
+ command: `nvm install ${minRequired}`,
303
+ autoFixable: false,
304
+ }],
305
+ };
306
+ }
307
+ }
308
+
309
+ return {
310
+ severity: SEVERITY.PASS,
311
+ message: nodeReq ? `node: ${nodeReq}` : 'Specified',
312
+ metadata,
313
+ };
314
+ } catch {
315
+ return {
316
+ severity: SEVERITY.INFO,
317
+ message: 'Could not check engine requirements',
318
+ };
319
+ }
320
+ },
321
+ },
322
+ ];
323
+ }
324
+
325
+ module.exports = { MODULE_ID, createDiagnostics };