@vibecheckai/cli 3.2.6 → 3.3.0

package/bin/runners/lib/agent-firewall/reality/watcher.js

@@ -0,0 +1,322 @@
+/**
+ * Reality State Watcher
+ * 
+ * Watches for file system changes and incrementally updates the reality state.
+ * Uses chokidar for efficient file watching.
+ */
+
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const { EventEmitter } = require("events");
+const { getRealityState, invalidateCache, hashFile, classifyFileDomain } = require("./state");
+
+// Try to load chokidar if available
+let chokidar = null;
+try {
+  chokidar = require("chokidar");
+} catch {
+  // chokidar not available, fall back to polling
+}
+
+/**
+ * Reality State Watcher
+ * Emits events when reality state changes
+ */
+class RealityWatcher extends EventEmitter {
+  constructor(projectRoot, options = {}) {
+    super();
+    
+    this.projectRoot = projectRoot;
+    this.options = {
+      debounceMs: options.debounceMs || 500,
+      watchPatterns: options.watchPatterns || [
+        "**/*.ts",
+        "**/*.tsx",
+        "**/*.js",
+        "**/*.jsx",
+        ".env*",
+        ".guardrail/**/*.json",
+        ".vibecheck/**/*.json",
+      ],
+      ignorePatterns: options.ignorePatterns || [
+        "**/node_modules/**",
+        "**/dist/**",
+        "**/build/**",
+        "**/.git/**",
+        "**/coverage/**",
+      ],
+      ...options,
+    };
+    
+    this.watcher = null;
+    this.debounceTimer = null;
+    this.pendingChanges = new Set();
+    this.isRunning = false;
+    this.lastState = null;
+  }
+  
+  /**
+   * Start watching for changes
+   */
+  start() {
+    if (this.isRunning) {
+      return;
+    }
+    
+    this.isRunning = true;
+    
+    // Get initial state
+    this.lastState = getRealityState(this.projectRoot);
+    this.emit("ready", this.lastState);
+    
+    if (chokidar) {
+      this._startChokidarWatch();
+    } else {
+      this._startPollingWatch();
+    }
+  }
+  
+  /**
+   * Stop watching
+   */
+  stop() {
+    this.isRunning = false;
+    
+    if (this.watcher) {
+      if (typeof this.watcher.close === "function") {
+        this.watcher.close();
+      }
+      this.watcher = null;
+    }
+    
+    if (this.debounceTimer) {
+      clearTimeout(this.debounceTimer);
+      this.debounceTimer = null;
+    }
+    
+    if (this.pollInterval) {
+      clearInterval(this.pollInterval);
+      this.pollInterval = null;
+    }
+    
+    this.emit("stopped");
+  }
+  
+  /**
+   * Force refresh of reality state
+   */
+  refresh() {
+    invalidateCache();
+    this.lastState = getRealityState(this.projectRoot, { forceRefresh: true });
+    this.emit("refresh", this.lastState);
+    return this.lastState;
+  }
+  
+  /**
+   * Get current state
+   */
+  getState() {
+    return this.lastState || getRealityState(this.projectRoot);
+  }
+  
+  /**
+   * Start chokidar-based watching
+   */
+  _startChokidarWatch() {
+    this.watcher = chokidar.watch(this.options.watchPatterns, {
+      cwd: this.projectRoot,
+      ignored: this.options.ignorePatterns,
+      persistent: true,
+      ignoreInitial: true,
+      awaitWriteFinish: {
+        stabilityThreshold: 200,
+        pollInterval: 100,
+      },
+    });
+    
+    this.watcher
+      .on("add", (filePath) => this._handleChange("add", filePath))
+      .on("change", (filePath) => this._handleChange("change", filePath))
+      .on("unlink", (filePath) => this._handleChange("delete", filePath))
+      .on("error", (error) => this.emit("error", error));
+  }
+  
+  /**
+   * Start polling-based watching (fallback)
+   */
+  _startPollingWatch() {
+    let lastCheck = new Map();
+    
+    // Initial scan
+    this._scanFiles(lastCheck);
+    
+    // Poll every 2 seconds
+    this.pollInterval = setInterval(() => {
+      const currentFiles = new Map();
+      this._scanFiles(currentFiles);
+      
+      // Detect changes
+      for (const [filePath, hash] of currentFiles) {
+        if (!lastCheck.has(filePath)) {
+          this._handleChange("add", filePath);
+        } else if (lastCheck.get(filePath) !== hash) {
+          this._handleChange("change", filePath);
+        }
+      }
+      
+      // Detect deletions
+      for (const [filePath] of lastCheck) {
+        if (!currentFiles.has(filePath)) {
+          this._handleChange("delete", filePath);
+        }
+      }
+      
+      lastCheck = currentFiles;
+    }, 2000);
+  }
+  
+  /**
+   * Scan files for polling mode
+   */
+  _scanFiles(fileMap) {
+    const extensions = [".ts", ".tsx", ".js", ".jsx", ".json"];
+    const ignoreDirs = ["node_modules", ".git", "dist", "build"];
+    
+    const scan = (dir, depth = 0) => {
+      if (depth > 5) return;
+      
+      try {
+        const entries = fs.readdirSync(dir, { withFileTypes: true });
+        for (const entry of entries) {
+          const fullPath = path.join(dir, entry.name);
+          const relativePath = path.relative(this.projectRoot, fullPath);
+          
+          if (entry.isDirectory()) {
+            if (!entry.name.startsWith(".") && !ignoreDirs.includes(entry.name)) {
+              scan(fullPath, depth + 1);
+            }
+          } else if (entry.isFile()) {
+            const ext = path.extname(entry.name);
+            if (extensions.includes(ext) || entry.name.startsWith(".env")) {
+              const hash = hashFile(fullPath);
+              if (hash) {
+                fileMap.set(relativePath, hash);
+              }
+            }
+          }
+        }
+      } catch {
+        // Ignore errors
+      }
+    };
+    
+    scan(this.projectRoot);
+  }
+  
+  /**
+   * Handle file change
+   */
+  _handleChange(type, filePath) {
+    this.pendingChanges.add({ type, filePath, timestamp: Date.now() });
+    
+    // Debounce updates
+    if (this.debounceTimer) {
+      clearTimeout(this.debounceTimer);
+    }
+    
+    this.debounceTimer = setTimeout(() => {
+      this._processChanges();
+    }, this.options.debounceMs);
+  }
+  
+  /**
+   * Process pending changes
+   */
+  _processChanges() {
+    if (this.pendingChanges.size === 0) return;
+    
+    const changes = Array.from(this.pendingChanges);
+    this.pendingChanges.clear();
+    
+    // Determine if we need to refresh reality state
+    const significantChange = changes.some(c => 
+      c.filePath.includes(".guardrail") ||
+      c.filePath.includes(".vibecheck") ||
+      c.filePath.includes(".env") ||
+      c.filePath.includes("routes") ||
+      c.filePath.includes("api")
+    );
+    
+    if (significantChange) {
+      // Full refresh for significant changes
+      invalidateCache();
+      this.lastState = getRealityState(this.projectRoot, { forceRefresh: true });
+    } else {
+      // Incremental update for minor changes
+      this._incrementalUpdate(changes);
+    }
+    
+    // Emit change event
+    this.emit("change", {
+      changes,
+      state: this.lastState,
+      significantChange,
+    });
+  }
+  
+  /**
+   * Incremental update for minor file changes
+   */
+  _incrementalUpdate(changes) {
+    if (!this.lastState) {
+      this.lastState = getRealityState(this.projectRoot);
+      return;
+    }
+    
+    for (const change of changes) {
+      const relativePath = change.filePath.replace(/\\/g, "/");
+      
+      switch (change.type) {
+        case "add":
+        case "change": {
+          const fullPath = path.join(this.projectRoot, change.filePath);
+          if (fs.existsSync(fullPath)) {
+            try {
+              const stat = fs.statSync(fullPath);
+              this.lastState.files.set(relativePath, {
+                hash: hashFile(fullPath),
+                modified: stat.mtime,
+                size: stat.size,
+                domain: classifyFileDomain(relativePath),
+              });
+            } catch {
+              // Ignore stat errors
+            }
+          }
+          break;
+        }
+        
+        case "delete":
+          this.lastState.files.delete(relativePath);
+          break;
+      }
+    }
+    
+    // Update timestamp
+    this.lastState.lastUpdated = new Date();
+  }
+}
+
+/**
+ * Create a watcher instance
+ */
+function createWatcher(projectRoot, options) {
+  return new RealityWatcher(projectRoot, options);
+}
+
+module.exports = {
+  RealityWatcher,
+  createWatcher,
+};

package/bin/runners/lib/agent-firewall/risk/index.js

@@ -0,0 +1,173 @@
+/**
+ * Risk Scoring Module
+ * 
+ * Entry point for the risk scoring engine.
+ * Provides risk assessment for change proposals.
+ * 
+ * Usage:
+ *   const { risk } = require('./risk');
+ *   
+ *   const score = risk.calculate({
+ *     files: [{ path: 'src/auth.ts' }],
+ *     operations: [{ type: 'modify', path: 'src/auth.ts' }],
+ *     claims: [...],
+ *     evidence: [...],
+ *   });
+ *   
+ *   console.log(score.total, score.level, score.decision);
+ */
+
+"use strict";
+
+const {
+  calculateRiskScore,
+  quickAssess,
+  buildContext,
+  getDomainBreakdown,
+  formatRiskScore,
+  compareScores,
+  RISK_VECTORS,
+  RISK_LEVELS,
+} = require("./scorer");
+
+const {
+  DEFAULT_THRESHOLDS,
+  THRESHOLD_PROFILES,
+  loadThresholds,
+  getDecision,
+} = require("./thresholds");
+
+const { getRiskLevel, getVectorIds, getVector } = require("./vectors");
+
+/**
+ * Risk scoring singleton
+ */
+const risk = {
+  /**
+   * Calculate full risk score
+   * @param {Object} params - Score parameters
+   * @returns {Object} Risk score result
+   */
+  calculate(params) {
+    return calculateRiskScore(params);
+  },
+  
+  /**
+   * Quick risk assessment
+   * @param {Object} params - Basic parameters
+   * @returns {Object} Quick assessment
+   */
+  quick(params) {
+    return quickAssess(params);
+  },
+  
+  /**
+   * Get risk level from score
+   * @param {number} score - Numeric score
+   * @returns {Object} Risk level
+   */
+  getLevel(score) {
+    return getRiskLevel(score);
+  },
+  
+  /**
+   * Format risk score for display
+   * @param {Object} score - Risk score
+   * @returns {string} Formatted string
+   */
+  format(score) {
+    return formatRiskScore(score);
+  },
+  
+  /**
+   * Compare two scores
+   * @param {Object} current - Current score
+   * @param {Object} previous - Previous score
+   * @returns {Object} Comparison
+   */
+  compare(current, previous) {
+    return compareScores(current, previous);
+  },
+  
+  /**
+   * Get domain breakdown
+   * @param {Object} score - Risk score
+   * @returns {Object} Domain breakdown
+   */
+  breakdown(score) {
+    return getDomainBreakdown(score);
+  },
+  
+  /**
+   * Load thresholds from policy
+   * @param {Object} policy - Policy configuration
+   * @returns {Object} Thresholds
+   */
+  loadThresholds(policy) {
+    return loadThresholds(policy);
+  },
+  
+  /**
+   * Get decision for score
+   * @param {number} score - Risk score
+   * @param {Object} thresholds - Thresholds
+   * @param {string[]} domains - Affected domains
+   * @returns {Object} Decision
+   */
+  decide(score, thresholds, domains) {
+    return getDecision(score, thresholds, domains);
+  },
+  
+  /**
+   * Get all available vectors
+   * @returns {Object} Vector definitions
+   */
+  getVectors() {
+    return RISK_VECTORS;
+  },
+  
+  /**
+   * Get all risk levels
+   * @returns {Object} Level definitions
+   */
+  getLevels() {
+    return RISK_LEVELS;
+  },
+  
+  /**
+   * Get threshold profiles
+   * @returns {Object} Profile definitions
+   */
+  getProfiles() {
+    return THRESHOLD_PROFILES;
+  },
+  
+  /**
+   * Get default thresholds
+   * @returns {Object} Default thresholds
+   */
+  getDefaults() {
+    return DEFAULT_THRESHOLDS;
+  },
+};
+
+module.exports = {
+  risk,
+  // Direct exports
+  calculateRiskScore,
+  quickAssess,
+  buildContext,
+  getDomainBreakdown,
+  formatRiskScore,
+  compareScores,
+  loadThresholds,
+  getDecision,
+  getRiskLevel,
+  getVectorIds,
+  getVector,
+  // Constants
+  RISK_VECTORS,
+  RISK_LEVELS,
+  DEFAULT_THRESHOLDS,
+  THRESHOLD_PROFILES,
+};