@vibecheckai/cli 3.2.6 → 3.3.0

package/bin/runners/lib/agent-firewall/proposal/schema.js

@@ -0,0 +1,251 @@
+/**
+ * Proposal Schema
+ * 
+ * JSON Schema definition for structured change proposals.
+ * LLMs must output this format - no raw code blobs allowed.
+ */
+
+"use strict";
+
+/**
+ * JSON Schema for Change Proposal
+ */
+const PROPOSAL_SCHEMA = {
+  $schema: "http://json-schema.org/draft-07/schema#",
+  type: "object",
+  required: ["intent", "operations"],
+  properties: {
+    // Required fields
+    intent: {
+      type: "string",
+      description: "Short identifier for the change intent (e.g., 'add_auth_middleware')",
+      minLength: 3,
+      maxLength: 100,
+      pattern: "^[a-z][a-z0-9_]*$",
+    },
+    operations: {
+      type: "array",
+      description: "List of file operations",
+      minItems: 1,
+      items: {
+        type: "object",
+        required: ["type", "path"],
+        properties: {
+          type: {
+            type: "string",
+            enum: ["create", "modify", "delete", "rename"],
+            description: "Type of operation",
+          },
+          path: {
+            type: "string",
+            description: "File path relative to project root",
+          },
+          content: {
+            type: "string",
+            description: "New file content (for create/modify)",
+          },
+          newPath: {
+            type: "string",
+            description: "New path (for rename)",
+          },
+        },
+      },
+    },
+    
+    // Recommended fields
+    summary: {
+      type: "string",
+      description: "Human-readable summary of the change",
+      minLength: 10,
+      maxLength: 500,
+    },
+    filesTouched: {
+      type: "array",
+      description: "List of all files that will be touched",
+      items: { type: "string" },
+    },
+    assumptions: {
+      type: "array",
+      description: "Assumptions the change relies on",
+      items: {
+        type: "object",
+        required: ["type"],
+        properties: {
+          type: {
+            type: "string",
+            enum: ["env", "route", "service", "file", "dependency", "permission", "config"],
+            description: "Type of assumption",
+          },
+          key: {
+            type: "string",
+            description: "Key/name of the assumed resource",
+          },
+          value: {
+            type: "string",
+            description: "Expected value (if applicable)",
+          },
+          reason: {
+            type: "string",
+            description: "Why this assumption is needed",
+          },
+          path: {
+            type: "string",
+            description: "File path (for file assumptions)",
+          },
+          method: {
+            type: "string",
+            description: "HTTP method (for route assumptions)",
+          },
+        },
+      },
+    },
+    confidence: {
+      type: "number",
+      description: "Confidence level (0-1) that the change is correct",
+      minimum: 0,
+      maximum: 1,
+    },
+    
+    // Optional metadata
+    metadata: {
+      type: "object",
+      properties: {
+        agentId: {
+          type: "string",
+          description: "ID of the agent proposing the change",
+        },
+        sessionId: {
+          type: "string",
+          description: "Session ID for tracking",
+        },
+        timestamp: {
+          type: "string",
+          format: "date-time",
+          description: "Proposal timestamp",
+        },
+        parentProposalId: {
+          type: "string",
+          description: "ID of parent proposal (for iterative changes)",
+        },
+        tags: {
+          type: "array",
+          items: { type: "string" },
+          description: "Tags for categorization",
+        },
+      },
+    },
+    
+    // Risk acknowledgment
+    riskAcknowledgment: {
+      type: "object",
+      properties: {
+        touchesAuth: { type: "boolean" },
+        touchesPayments: { type: "boolean" },
+        touchesDatabase: { type: "boolean" },
+        touchesCore: { type: "boolean" },
+        hasSideEffects: { type: "boolean" },
+        isIrreversible: { type: "boolean" },
+      },
+    },
+    
+    // Verification requirements
+    verification: {
+      type: "object",
+      properties: {
+        requiresTests: { type: "boolean" },
+        requiresReview: { type: "boolean" },
+        requiresRealityCheck: { type: "boolean" },
+        testCases: {
+          type: "array",
+          items: { type: "string" },
+        },
+      },
+    },
+  },
+};
+
+/**
+ * Minimal proposal schema (for quick validation)
+ */
+const MINIMAL_PROPOSAL_SCHEMA = {
+  type: "object",
+  required: ["intent", "operations"],
+  properties: {
+    intent: { type: "string", minLength: 3 },
+    operations: {
+      type: "array",
+      minItems: 1,
+      items: {
+        type: "object",
+        required: ["type", "path"],
+      },
+    },
+  },
+};
+
+/**
+ * Default values for optional fields
+ */
+const DEFAULT_PROPOSAL_VALUES = {
+  confidence: 0.5,
+  assumptions: [],
+  filesTouched: [],
+  metadata: {},
+  riskAcknowledgment: {
+    touchesAuth: false,
+    touchesPayments: false,
+    touchesDatabase: false,
+    touchesCore: false,
+    hasSideEffects: false,
+    isIrreversible: false,
+  },
+  verification: {
+    requiresTests: false,
+    requiresReview: false,
+    requiresRealityCheck: false,
+    testCases: [],
+  },
+};
+
+/**
+ * Create a proposal template
+ * @param {string} intent - Intent identifier
+ * @param {Array} operations - Operations
+ * @returns {Object} Proposal template
+ */
+function createProposalTemplate(intent, operations) {
+  return {
+    intent,
+    summary: "",
+    filesTouched: operations.map(op => op.path),
+    operations,
+    assumptions: [],
+    confidence: 0.5,
+    metadata: {
+      timestamp: new Date().toISOString(),
+    },
+    riskAcknowledgment: { ...DEFAULT_PROPOSAL_VALUES.riskAcknowledgment },
+    verification: { ...DEFAULT_PROPOSAL_VALUES.verification },
+  };
+}
+
+/**
+ * Normalize intent string to snake_case
+ * @param {string} intent - Raw intent
+ * @returns {string} Normalized intent
+ */
+function normalizeIntent(intent) {
+  return intent
+    .toLowerCase()
+    .replace(/[^a-z0-9]+/g, "_")
+    .replace(/^_+|_+$/g, "")
+    .slice(0, 100);
+}
+
+module.exports = {
+  PROPOSAL_SCHEMA,
+  MINIMAL_PROPOSAL_SCHEMA,
+  DEFAULT_PROPOSAL_VALUES,
+  createProposalTemplate,
+  normalizeIntent,
+};

package/bin/runners/lib/agent-firewall/proposal/validator.js

@@ -0,0 +1,386 @@
+/**
+ * Proposal Validator
+ * 
+ * Validates change proposals against the schema and semantic rules.
+ * Rejects incomplete, vague, or unsafe proposals.
+ */
+
+"use strict";
+
+const { PROPOSAL_SCHEMA, DEFAULT_PROPOSAL_VALUES, normalizeIntent } = require("./schema");
+const { classifyFileDomain } = require("../reality/state");
+
+/**
+ * @typedef {Object} ValidationResult
+ * @property {boolean} valid - Whether proposal is valid
+ * @property {Array} errors - Validation errors
+ * @property {Array} warnings - Validation warnings
+ * @property {Object} normalized - Normalized proposal
+ */
+
+/**
+ * Validate proposal structure
+ * @param {Object} proposal - Raw proposal
+ * @returns {ValidationResult} Validation result
+ */
+function validateStructure(proposal) {
+  const errors = [];
+  const warnings = [];
+  
+  // Check required fields
+  if (!proposal) {
+    errors.push({ field: "proposal", message: "Proposal is required" });
+    return { valid: false, errors, warnings };
+  }
+  
+  if (!proposal.intent) {
+    errors.push({ field: "intent", message: "Intent is required" });
+  } else if (typeof proposal.intent !== "string") {
+    errors.push({ field: "intent", message: "Intent must be a string" });
+  } else if (proposal.intent.length < 3) {
+    errors.push({ field: "intent", message: "Intent must be at least 3 characters" });
+  }
+  
+  if (!proposal.operations) {
+    errors.push({ field: "operations", message: "Operations array is required" });
+  } else if (!Array.isArray(proposal.operations)) {
+    errors.push({ field: "operations", message: "Operations must be an array" });
+  } else if (proposal.operations.length === 0) {
+    errors.push({ field: "operations", message: "At least one operation is required" });
+  } else {
+    // Validate each operation
+    for (let i = 0; i < proposal.operations.length; i++) {
+      const op = proposal.operations[i];
+      
+      if (!op.type) {
+        errors.push({ field: `operations[${i}].type`, message: "Operation type is required" });
+      } else if (!["create", "modify", "delete", "rename"].includes(op.type)) {
+        errors.push({ 
+          field: `operations[${i}].type`, 
+          message: `Invalid operation type: ${op.type}. Must be create, modify, delete, or rename` 
+        });
+      }
+      
+      if (!op.path) {
+        errors.push({ field: `operations[${i}].path`, message: "Operation path is required" });
+      }
+      
+      // Content required for create/modify
+      if ((op.type === "create" || op.type === "modify") && !op.content && op.content !== "") {
+        warnings.push({ 
+          field: `operations[${i}].content`, 
+          message: "Content is recommended for create/modify operations" 
+        });
+      }
+      
+      // newPath required for rename
+      if (op.type === "rename" && !op.newPath) {
+        errors.push({ field: `operations[${i}].newPath`, message: "newPath is required for rename operations" });
+      }
+    }
+  }
+  
+  // Validate optional fields
+  if (proposal.confidence !== undefined) {
+    if (typeof proposal.confidence !== "number") {
+      errors.push({ field: "confidence", message: "Confidence must be a number" });
+    } else if (proposal.confidence < 0 || proposal.confidence > 1) {
+      errors.push({ field: "confidence", message: "Confidence must be between 0 and 1" });
+    }
+  }
+  
+  if (proposal.assumptions && !Array.isArray(proposal.assumptions)) {
+    errors.push({ field: "assumptions", message: "Assumptions must be an array" });
+  }
+  
+  if (proposal.filesTouched && !Array.isArray(proposal.filesTouched)) {
+    errors.push({ field: "filesTouched", message: "filesTouched must be an array" });
+  }
+  
+  return {
+    valid: errors.length === 0,
+    errors,
+    warnings,
+  };
+}
+
+/**
+ * Validate proposal semantics
+ * @param {Object} proposal - Proposal to validate
+ * @returns {ValidationResult} Validation result
+ */
+function validateSemantics(proposal) {
+  const errors = [];
+  const warnings = [];
+  
+  // Check for vague intent
+  const vagueIntents = ["fix", "update", "change", "modify", "improve", "refactor"];
+  const intentWords = proposal.intent.toLowerCase().split("_");
+  if (intentWords.length === 1 && vagueIntents.includes(intentWords[0])) {
+    warnings.push({
+      field: "intent",
+      message: `Intent '${proposal.intent}' is too vague. Be more specific about what is being changed.`,
+    });
+  }
+  
+  // Check for missing summary on complex changes
+  if (proposal.operations.length > 2 && !proposal.summary) {
+    warnings.push({
+      field: "summary",
+      message: "Summary is recommended for changes touching multiple files",
+    });
+  }
+  
+  // Check for missing assumptions when touching sensitive domains
+  const sensitiveDomains = ["auth", "payments", "database", "security"];
+  const touchedDomains = new Set();
+  
+  for (const op of proposal.operations) {
+    const domain = classifyFileDomain(op.path);
+    touchedDomains.add(domain);
+  }
+  
+  const sensitiveDomainsAffected = [...touchedDomains].filter(d => sensitiveDomains.includes(d));
+  
+  if (sensitiveDomainsAffected.length > 0 && (!proposal.assumptions || proposal.assumptions.length === 0)) {
+    warnings.push({
+      field: "assumptions",
+      message: `Change affects sensitive domains (${sensitiveDomainsAffected.join(", ")}). Assumptions should be declared.`,
+    });
+  }
+  
+  // Check for low confidence without explanation
+  if (proposal.confidence !== undefined && proposal.confidence < 0.5 && !proposal.summary) {
+    warnings.push({
+      field: "confidence",
+      message: "Low confidence proposals should include a summary explaining uncertainties",
+    });
+  }
+  
+  // Check filesTouched matches operations
+  if (proposal.filesTouched && proposal.operations) {
+    const operationPaths = new Set(proposal.operations.map(op => op.path));
+    const declaredPaths = new Set(proposal.filesTouched);
+    
+    for (const path of operationPaths) {
+      if (!declaredPaths.has(path)) {
+        warnings.push({
+          field: "filesTouched",
+          message: `Operation path '${path}' not listed in filesTouched`,
+        });
+      }
+    }
+  }
+  
+  // Check assumptions have required fields
+  if (proposal.assumptions) {
+    for (let i = 0; i < proposal.assumptions.length; i++) {
+      const assumption = proposal.assumptions[i];
+      
+      if (!assumption.type) {
+        errors.push({
+          field: `assumptions[${i}].type`,
+          message: "Assumption type is required",
+        });
+      }
+      
+      if (!assumption.key && !assumption.path && !assumption.value) {
+        errors.push({
+          field: `assumptions[${i}]`,
+          message: "Assumption must have key, path, or value",
+        });
+      }
+      
+      if (!assumption.reason) {
+        warnings.push({
+          field: `assumptions[${i}].reason`,
+          message: "Assumption should explain why it's needed",
+        });
+      }
+    }
+  }
+  
+  return {
+    valid: errors.length === 0,
+    errors,
+    warnings,
+  };
+}
+
+/**
+ * Validate proposal completeness
+ * @param {Object} proposal - Proposal to validate
+ * @param {Object} options - Validation options
+ * @returns {ValidationResult} Validation result
+ */
+function validateCompleteness(proposal, options = {}) {
+  const { strict = false } = options;
+  const errors = [];
+  const warnings = [];
+  
+  // In strict mode, require more fields
+  if (strict) {
+    if (!proposal.summary) {
+      errors.push({ field: "summary", message: "Summary is required in strict mode" });
+    }
+    
+    if (!proposal.assumptions || proposal.assumptions.length === 0) {
+      errors.push({ field: "assumptions", message: "At least one assumption is required in strict mode" });
+    }
+    
+    if (proposal.confidence === undefined) {
+      errors.push({ field: "confidence", message: "Confidence is required in strict mode" });
+    }
+    
+    if (!proposal.riskAcknowledgment) {
+      errors.push({ field: "riskAcknowledgment", message: "Risk acknowledgment is required in strict mode" });
+    }
+  }
+  
+  // Check for empty content in operations
+  for (let i = 0; i < proposal.operations.length; i++) {
+    const op = proposal.operations[i];
+    if (op.type === "create" && (!op.content || op.content.trim() === "")) {
+      warnings.push({
+        field: `operations[${i}].content`,
+        message: "Creating empty file - is this intentional?",
+      });
+    }
+  }
+  
+  // Check for reasonable number of operations
+  if (proposal.operations.length > 20) {
+    warnings.push({
+      field: "operations",
+      message: `Large number of operations (${proposal.operations.length}). Consider breaking into smaller proposals.`,
+    });
+  }
+  
+  return {
+    valid: errors.length === 0,
+    errors,
+    warnings,
+  };
+}
+
+/**
+ * Normalize proposal (fill defaults, clean data)
+ * @param {Object} proposal - Raw proposal
+ * @returns {Object} Normalized proposal
+ */
+function normalizeProposal(proposal) {
+  const normalized = {
+    ...DEFAULT_PROPOSAL_VALUES,
+    ...proposal,
+    intent: normalizeIntent(proposal.intent || "unknown"),
+    filesTouched: proposal.filesTouched || proposal.operations?.map(op => op.path) || [],
+    metadata: {
+      ...DEFAULT_PROPOSAL_VALUES.metadata,
+      ...proposal.metadata,
+      timestamp: proposal.metadata?.timestamp || new Date().toISOString(),
+    },
+  };
+  
+  // Normalize operations
+  normalized.operations = (proposal.operations || []).map(op => ({
+    ...op,
+    path: op.path?.replace(/\\/g, "/"),
+    newPath: op.newPath?.replace(/\\/g, "/"),
+  }));
+  
+  // Auto-detect risk acknowledgment from file paths
+  for (const op of normalized.operations) {
+    const domain = classifyFileDomain(op.path);
+    if (domain === "auth") normalized.riskAcknowledgment.touchesAuth = true;
+    if (domain === "payments") normalized.riskAcknowledgment.touchesPayments = true;
+    if (domain === "database") normalized.riskAcknowledgment.touchesDatabase = true;
+    if (domain === "core") normalized.riskAcknowledgment.touchesCore = true;
+  }
+  
+  // Check for side effects
+  const hasSideEffects = normalized.operations.some(op => {
+    if (!op.content) return false;
+    return (
+      op.content.includes("fetch(") ||
+      op.content.includes("axios") ||
+      op.content.includes("fs.write") ||
+      op.content.includes("prisma.") ||
+      op.content.includes("exec(")
+    );
+  });
+  normalized.riskAcknowledgment.hasSideEffects = hasSideEffects;
+  
+  // Check for irreversibility
+  const isIrreversible = normalized.operations.some(op => 
+    op.type === "delete" || op.path.includes("migration")
+  );
+  normalized.riskAcknowledgment.isIrreversible = isIrreversible;
+  
+  return normalized;
+}
+
+/**
+ * Full proposal validation
+ * @param {Object} proposal - Proposal to validate
+ * @param {Object} options - Validation options
+ * @returns {ValidationResult} Full validation result
+ */
+function validate(proposal, options = {}) {
+  // Structural validation
+  const structureResult = validateStructure(proposal);
+  if (!structureResult.valid) {
+    return {
+      valid: false,
+      errors: structureResult.errors,
+      warnings: structureResult.warnings,
+      normalized: null,
+    };
+  }
+  
+  // Normalize
+  const normalized = normalizeProposal(proposal);
+  
+  // Semantic validation
+  const semanticResult = validateSemantics(normalized);
+  
+  // Completeness validation
+  const completenessResult = validateCompleteness(normalized, options);
+  
+  // Combine results
+  const allErrors = [
+    ...structureResult.errors,
+    ...semanticResult.errors,
+    ...completenessResult.errors,
+  ];
+  
+  const allWarnings = [
+    ...structureResult.warnings,
+    ...semanticResult.warnings,
+    ...completenessResult.warnings,
+  ];
+  
+  return {
+    valid: allErrors.length === 0,
+    errors: allErrors,
+    warnings: allWarnings,
+    normalized,
+  };
+}
+
+/**
+ * Quick validation (structure only)
+ * @param {Object} proposal - Proposal to validate
+ * @returns {boolean} Is valid
+ */
+function isValid(proposal) {
+  return validateStructure(proposal).valid;
+}
+
+module.exports = {
+  validate,
+  validateStructure,
+  validateSemantics,
+  validateCompleteness,
+  normalizeProposal,
+  isValid,
+};