@vibecheckai/cli 3.2.6 → 3.3.0

package/bin/runners/lib/agent-firewall/critic/prompts.js

@@ -0,0 +1,305 @@
+/**
+ * Critic LLM Prompts
+ * 
+ * Prompt templates for the "savage" critic judge.
+ * Philosophy: "If it cannot be proven safe, block it."
+ */
+
+"use strict";
+
+/**
+ * System prompt for the critic
+ */
+const CRITIC_SYSTEM_PROMPT = `You are a strict code change critic. Your role is to judge whether proposed changes should be allowed.
+
+PHILOSOPHY:
+- If a change cannot be proven safe by the repository state, BLOCK it
+- Assumptions that cannot be verified are violations
+- Vague intent is a violation
+- Missing explanations are suspicious
+- Trust nothing, verify everything
+
+You output ONLY valid JSON. No explanations outside the JSON.
+
+VERDICT OPTIONS:
+- "ALLOW" - Change is safe and well-documented
+- "BLOCK" - Change has unverified assumptions or risks
+- "REQUIRE_CONFIRMATION" - Change needs human review
+
+Be conservative. When in doubt, BLOCK.`;
+
+/**
+ * Prompt template for evaluating a proposal
+ */
+const EVALUATION_PROMPT_TEMPLATE = `Evaluate this proposed code change:
+
+## Proposal
+Intent: {{intent}}
+Summary: {{summary}}
+Files touched: {{filesTouched}}
+Operations: {{operationsCount}} ({{operationTypes}})
+Declared confidence: {{confidence}}
+
+## Assumptions Declared
+{{assumptions}}
+
+## Assumption Validation Results
+{{validationResults}}
+
+## Risk Assessment
+Risk Score: {{riskScore}}
+Risk Level: {{riskLevel}}
+Risk Factors:
+{{riskFactors}}
+
+## Simulation Results
+Simulation Passed: {{simulationPassed}}
+Errors: {{simulationErrors}}
+Warnings: {{simulationWarnings}}
+
+## Reality State Summary
+Total files in repo: {{fileCount}}
+Total routes: {{routeCount}}
+Total env vars: {{envVarCount}}
+Affected domains: {{domains}}
+
+---
+
+Evaluate and respond with JSON only:
+{
+  "verdict": "ALLOW" | "BLOCK" | "REQUIRE_CONFIRMATION",
+  "confidence": 0.0 to 1.0,
+  "reasoning": ["reason 1", "reason 2", ...],
+  "violations": ["violation 1", ...] or [],
+  "recommendations": ["recommendation 1", ...] or []
+}`;
+
+/**
+ * Prompt for detecting vague/hand-wavy proposals
+ */
+const VAGUENESS_CHECK_PROMPT = `Analyze this proposal for vagueness:
+
+Intent: {{intent}}
+Summary: {{summary}}
+Operation count: {{operationCount}}
+
+Rate the specificity on a scale of 1-10 (10 = very specific).
+Identify any vague language.
+
+Respond with JSON only:
+{
+  "specificityScore": 1-10,
+  "vagueTerms": ["term1", "term2"],
+  "suggestions": ["be more specific about X", ...]
+}`;
+
+/**
+ * Prompt for assumption verification
+ */
+const ASSUMPTION_VERIFICATION_PROMPT = `Verify these assumptions against the repository state:
+
+{{assumptions}}
+
+Repository State:
+- Declared env vars: {{declaredEnvVars}}
+- Registered routes: {{registeredRoutes}}
+- Registered services: {{registeredServices}}
+
+For each assumption, determine:
+1. Can it be verified from the repo state?
+2. Is there evidence supporting it?
+3. Is it a valid assumption?
+
+Respond with JSON only:
+{
+  "results": [
+    {
+      "assumption": "...",
+      "verified": true/false,
+      "evidence": "..." or null,
+      "reason": "..."
+    }
+  ],
+  "overallVerificationRate": 0.0 to 1.0
+}`;
+
+/**
+ * Build evaluation prompt from data
+ * @param {Object} data - Prompt data
+ * @returns {string} Filled prompt
+ */
+function buildEvaluationPrompt(data) {
+  const {
+    proposal,
+    validationResults,
+    riskScore,
+    simulationResult,
+    realityState,
+  } = data;
+  
+  let prompt = EVALUATION_PROMPT_TEMPLATE;
+  
+  // Fill in proposal data
+  prompt = prompt.replace("{{intent}}", proposal.intent || "not specified");
+  prompt = prompt.replace("{{summary}}", proposal.summary || "not provided");
+  prompt = prompt.replace("{{filesTouched}}", (proposal.filesTouched || []).join(", ") || "none");
+  prompt = prompt.replace("{{operationsCount}}", String((proposal.operations || []).length));
+  prompt = prompt.replace("{{operationTypes}}", 
+    [...new Set((proposal.operations || []).map(o => o.type))].join(", ") || "none"
+  );
+  prompt = prompt.replace("{{confidence}}", String(proposal.confidence ?? "not specified"));
+  
+  // Fill in assumptions
+  const assumptionsText = (proposal.assumptions || []).length > 0
+    ? proposal.assumptions.map(a => 
+        `- [${a.type}] ${a.key || a.path}: ${a.reason || "no reason given"}`
+      ).join("\n")
+    : "None declared";
+  prompt = prompt.replace("{{assumptions}}", assumptionsText);
+  
+  // Fill in validation results
+  const validationText = validationResults
+    ? Object.entries(validationResults).map(([key, val]) => 
+        `- ${key}: ${JSON.stringify(val)}`
+      ).join("\n")
+    : "Not available";
+  prompt = prompt.replace("{{validationResults}}", validationText);
+  
+  // Fill in risk assessment
+  prompt = prompt.replace("{{riskScore}}", String(riskScore?.total ?? "N/A"));
+  prompt = prompt.replace("{{riskLevel}}", riskScore?.level || "N/A");
+  prompt = prompt.replace("{{riskFactors}}", 
+    (riskScore?.reasons || []).map(r => `- ${r}`).join("\n") || "None"
+  );
+  
+  // Fill in simulation results
+  prompt = prompt.replace("{{simulationPassed}}", 
+    simulationResult ? String(simulationResult.passed) : "Not run"
+  );
+  prompt = prompt.replace("{{simulationErrors}}", 
+    simulationResult?.errors?.length > 0
+      ? simulationResult.errors.map(e => `- ${e.message}`).join("\n")
+      : "None"
+  );
+  prompt = prompt.replace("{{simulationWarnings}}", 
+    simulationResult?.warnings?.length > 0
+      ? simulationResult.warnings.map(w => `- ${w.message}`).join("\n")
+      : "None"
+  );
+  
+  // Fill in reality state
+  prompt = prompt.replace("{{fileCount}}", String(realityState?.files?.size ?? "N/A"));
+  prompt = prompt.replace("{{routeCount}}", String(realityState?.routes?.length ?? "N/A"));
+  prompt = prompt.replace("{{envVarCount}}", String(realityState?.envVars?.size ?? "N/A"));
+  prompt = prompt.replace("{{domains}}", 
+    [...new Set((proposal.operations || []).map(o => classifyDomain(o.path)))].join(", ") || "general"
+  );
+  
+  return prompt;
+}
+
+/**
+ * Simple domain classifier (for prompt building)
+ */
+function classifyDomain(filePath) {
+  if (!filePath) return "general";
+  const s = filePath.toLowerCase();
+  if (s.includes("auth")) return "auth";
+  if (s.includes("payment") || s.includes("stripe")) return "payments";
+  if (s.includes("route") || s.includes("api")) return "routes";
+  if (s.includes("db") || s.includes("prisma")) return "database";
+  return "general";
+}
+
+/**
+ * Build vagueness check prompt
+ * @param {Object} proposal - Proposal to check
+ * @returns {string} Filled prompt
+ */
+function buildVaguenessPrompt(proposal) {
+  let prompt = VAGUENESS_CHECK_PROMPT;
+  
+  prompt = prompt.replace("{{intent}}", proposal.intent || "not specified");
+  prompt = prompt.replace("{{summary}}", proposal.summary || "not provided");
+  prompt = prompt.replace("{{operationCount}}", String((proposal.operations || []).length));
+  
+  return prompt;
+}
+
+/**
+ * Build assumption verification prompt
+ * @param {Array} assumptions - Assumptions to verify
+ * @param {Object} realityState - Repository state
+ * @returns {string} Filled prompt
+ */
+function buildVerificationPrompt(assumptions, realityState) {
+  let prompt = ASSUMPTION_VERIFICATION_PROMPT;
+  
+  const assumptionsText = assumptions.map(a => 
+    `- [${a.type}] ${a.key || a.path}: ${a.reason || "no reason"}`
+  ).join("\n");
+  
+  prompt = prompt.replace("{{assumptions}}", assumptionsText);
+  
+  // Extract state summaries
+  const declaredEnvVars = realityState?.envVars 
+    ? [...realityState.envVars.keys()].slice(0, 20).join(", ")
+    : "not available";
+  
+  const registeredRoutes = realityState?.routes
+    ? realityState.routes.slice(0, 10).map(r => `${r.method} ${r.path}`).join(", ")
+    : "not available";
+  
+  const registeredServices = realityState?.services
+    ? realityState.services.slice(0, 10).map(s => s.name).join(", ")
+    : "not available";
+  
+  prompt = prompt.replace("{{declaredEnvVars}}", declaredEnvVars);
+  prompt = prompt.replace("{{registeredRoutes}}", registeredRoutes);
+  prompt = prompt.replace("{{registeredServices}}", registeredServices);
+  
+  return prompt;
+}
+
+/**
+ * Parse critic response
+ * @param {string} response - LLM response text
+ * @returns {Object} Parsed response
+ */
+function parseCriticResponse(response) {
+  try {
+    // Try to extract JSON from response
+    const jsonMatch = response.match(/\{[\s\S]*\}/);
+    if (jsonMatch) {
+      return JSON.parse(jsonMatch[0]);
+    }
+    
+    // If no JSON found, return a default blocked response
+    return {
+      verdict: "BLOCK",
+      confidence: 0.5,
+      reasoning: ["Failed to parse critic response"],
+      violations: ["Invalid response format"],
+      recommendations: [],
+    };
+  } catch (error) {
+    return {
+      verdict: "BLOCK",
+      confidence: 0.5,
+      reasoning: ["Failed to parse critic response: " + error.message],
+      violations: ["Invalid JSON in response"],
+      recommendations: [],
+    };
+  }
+}
+
+module.exports = {
+  CRITIC_SYSTEM_PROMPT,
+  EVALUATION_PROMPT_TEMPLATE,
+  VAGUENESS_CHECK_PROMPT,
+  ASSUMPTION_VERIFICATION_PROMPT,
+  buildEvaluationPrompt,
+  buildVaguenessPrompt,
+  buildVerificationPrompt,
+  parseCriticResponse,
+};