@vibecheckai/cli 3.2.6 → 3.4.0

package/bin/runners/lib/agent-firewall/time-machine/timeline-builder.js

@@ -0,0 +1,530 @@
+/**
+ * Time Machine Timeline Builder
+ * 
+ * Builds event timelines from multiple sources.
+ * Correlates agent actions with outcomes and incidents.
+ * 
+ * Codename: Time Machine
+ */
+
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const { timeMachineLogger: log, getErrorMessage } = require("../logger.js");
+
+/**
+ * @typedef {Object} TimelineEvent
+ * @property {string} id - Event ID
+ * @property {Date} timestamp - When event occurred
+ * @property {string} type - Event type
+ * @property {string} source - Event source (firewall, conductor, git, etc.)
+ * @property {string} summary - Human-readable summary
+ * @property {Object} details - Full event details
+ * @property {string[]} relatedEvents - IDs of related events
+ * @property {Object} [causalLink] - Link to caused/causing events
+ */
+
+/**
+ * @typedef {Object} ForensicTimeline
+ * @property {string} timelineId - Timeline ID
+ * @property {Object} incident - Incident info if applicable
+ * @property {TimelineEvent[]} events - All events in timeline
+ * @property {Object[]} causalChain - Causal relationships
+ * @property {TimelineEvent} [rootCause] - Identified root cause
+ * @property {Date} generatedAt - When timeline was generated
+ */
+
+/**
+ * Event types for timeline
+ */
+const EVENT_TYPES = {
+  PROPOSAL_SUBMITTED: "proposal_submitted",
+  PROPOSAL_ALLOWED: "proposal_allowed",
+  PROPOSAL_BLOCKED: "proposal_blocked",
+  PROPOSAL_WARNED: "proposal_warned",
+  OVERRIDE_USED: "override_used",
+  FILE_CHANGED: "file_changed",
+  SESSION_STARTED: "session_started",
+  SESSION_ENDED: "session_ended",
+  LOCK_ACQUIRED: "lock_acquired",
+  LOCK_RELEASED: "lock_released",
+  CONFLICT_DETECTED: "conflict_detected",
+  INCIDENT_REPORTED: "incident_reported",
+  BUILD_FAILED: "build_failed",
+  TEST_FAILED: "test_failed",
+};
+
+/**
+ * Timeline Builder class
+ */
+class TimelineBuilder {
+  constructor(options = {}) {
+    this.projectRoot = options.projectRoot || process.cwd();
+    this.auditDir = path.join(this.projectRoot, ".vibecheck", "audit");
+    this.packetsDir = path.join(this.projectRoot, ".vibecheck", "packets");
+    this.incidentsDir = path.join(this.projectRoot, ".vibecheck", "incidents");
+  }
+  
+  /**
+   * Build a timeline for a time range
+   * @param {Object} options - Build options
+   * @returns {ForensicTimeline} Built timeline
+   */
+  async buildTimeline(options = {}) {
+    const {
+      startTime,
+      endTime = new Date(),
+      file = null,
+      agentId = null,
+      includeGit = true,
+      includeIncidents = true,
+    } = options;
+    
+    const timelineId = `timeline_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
+    const events = [];
+    
+    // Load firewall events
+    const firewallEvents = await this.loadFirewallEvents(startTime, endTime, file, agentId);
+    events.push(...firewallEvents);
+    
+    // Load conductor events
+    const conductorEvents = await this.loadConductorEvents(startTime, endTime, agentId);
+    events.push(...conductorEvents);
+    
+    // Load git events if requested
+    if (includeGit) {
+      const gitEvents = await this.loadGitEvents(startTime, endTime, file);
+      events.push(...gitEvents);
+    }
+    
+    // Load incident events if requested
+    let incidentInfo = null;
+    if (includeIncidents) {
+      const incidentEvents = await this.loadIncidentEvents(startTime, endTime, file);
+      events.push(...incidentEvents);
+      
+      // Find the main incident if any
+      incidentInfo = incidentEvents.find(e => e.type === EVENT_TYPES.INCIDENT_REPORTED)?.details;
+    }
+    
+    // Sort by timestamp
+    events.sort((a, b) => new Date(a.timestamp).getTime() - new Date(b.timestamp).getTime());
+    
+    // Build causal relationships
+    const { causalChain, rootCause } = this.buildCausalChain(events);
+    
+    // Link related events
+    this.linkRelatedEvents(events);
+    
+    return {
+      timelineId,
+      incident: incidentInfo,
+      events,
+      causalChain,
+      rootCause,
+      generatedAt: new Date(),
+      options,
+    };
+  }
+  
+  /**
+   * Load firewall events from audit log
+   * @param {Date} startTime - Start time
+   * @param {Date} endTime - End time
+   * @param {string} file - File filter
+   * @param {string} agentId - Agent filter
+   * @returns {TimelineEvent[]} Firewall events
+   */
+  async loadFirewallEvents(startTime, endTime, file, agentId) {
+    const events = [];
+    const auditFile = path.join(this.auditDir, "firewall-events.jsonl");
+    
+    if (!fs.existsSync(auditFile)) {
+      return events;
+    }
+    
+    try {
+      const content = fs.readFileSync(auditFile, "utf-8");
+      const lines = content.trim().split("\n").filter(l => l);
+      
+      for (const line of lines) {
+        try {
+          const raw = JSON.parse(line);
+          const eventTime = new Date(raw.timestamp);
+          
+          // Apply filters
+          if (startTime && eventTime < new Date(startTime)) continue;
+          if (endTime && eventTime > new Date(endTime)) continue;
+          if (file && raw.file !== file && !raw.file?.includes(file)) continue;
+          if (agentId && raw.agentId !== agentId) continue;
+          
+          events.push({
+            id: raw.id || `evt_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`,
+            timestamp: eventTime,
+            type: this.mapVerdictToEventType(raw.verdict, raw.action),
+            source: "firewall",
+            summary: this.buildFirewallSummary(raw),
+            details: raw,
+            relatedEvents: [],
+          });
+        } catch {
+          // Skip invalid lines
+        }
+      }
+    } catch (error) {
+      log.warn(`Failed to load firewall events: ${getErrorMessage(error)}`);
+    }
+    
+    return events;
+  }
+  
+  /**
+   * Load conductor events
+   * @param {Date} startTime - Start time
+   * @param {Date} endTime - End time
+   * @param {string} agentId - Agent filter
+   * @returns {TimelineEvent[]} Conductor events
+   */
+  async loadConductorEvents(startTime, endTime, agentId) {
+    const events = [];
+    const conductorFile = path.join(this.auditDir, "conductor-events.jsonl");
+    
+    if (!fs.existsSync(conductorFile)) {
+      return events;
+    }
+    
+    try {
+      const content = fs.readFileSync(conductorFile, "utf-8");
+      const lines = content.trim().split("\n").filter(l => l);
+      
+      for (const line of lines) {
+        try {
+          const raw = JSON.parse(line);
+          const eventTime = new Date(raw.timestamp);
+          
+          if (startTime && eventTime < new Date(startTime)) continue;
+          if (endTime && eventTime > new Date(endTime)) continue;
+          if (agentId && raw.agentId !== agentId) continue;
+          
+          events.push({
+            id: raw.id || `evt_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`,
+            timestamp: eventTime,
+            type: raw.type || raw.action,
+            source: "conductor",
+            summary: this.buildConductorSummary(raw),
+            details: raw,
+            relatedEvents: [],
+          });
+        } catch {
+          // Skip invalid lines
+        }
+      }
+    } catch (error) {
+      log.warn(`Failed to load conductor events: ${getErrorMessage(error)}`);
+    }
+    
+    return events;
+  }
+  
+  /**
+   * Load git events (commits, merges)
+   * @param {Date} startTime - Start time
+   * @param {Date} endTime - End time
+   * @param {string} file - File filter
+   * @returns {TimelineEvent[]} Git events
+   */
+  async loadGitEvents(startTime, endTime, file) {
+    const events = [];
+    
+    // This would typically call git log
+    // For now, return empty - would be implemented with git integration
+    
+    return events;
+  }
+  
+  /**
+   * Load incident events
+   * @param {Date} startTime - Start time
+   * @param {Date} endTime - End time
+   * @param {string} file - File filter
+   * @returns {TimelineEvent[]} Incident events
+   */
+  async loadIncidentEvents(startTime, endTime, file) {
+    const events = [];
+    const incidentsFile = path.join(this.incidentsDir, "incidents.jsonl");
+    
+    if (!fs.existsSync(incidentsFile)) {
+      return events;
+    }
+    
+    try {
+      const content = fs.readFileSync(incidentsFile, "utf-8");
+      const lines = content.trim().split("\n").filter(l => l);
+      
+      for (const line of lines) {
+        try {
+          const raw = JSON.parse(line);
+          const eventTime = new Date(raw.timestamp || raw.reportedAt);
+          
+          if (startTime && eventTime < new Date(startTime)) continue;
+          if (endTime && eventTime > new Date(endTime)) continue;
+          if (file && !raw.affectedFiles?.includes(file)) continue;
+          
+          events.push({
+            id: raw.id || raw.incidentId,
+            timestamp: eventTime,
+            type: EVENT_TYPES.INCIDENT_REPORTED,
+            source: "incident",
+            summary: `Incident: ${raw.title || raw.description || "Unknown"}`,
+            details: raw,
+            relatedEvents: [],
+          });
+        } catch {
+          // Skip invalid lines
+        }
+      }
+    } catch (error) {
+      log.warn(`Failed to load incident events: ${getErrorMessage(error)}`);
+    }
+    
+    return events;
+  }
+  
+  /**
+   * Map verdict to event type
+   * @param {string} verdict - Verdict
+   * @param {string} action - Action
+   * @returns {string} Event type
+   */
+  mapVerdictToEventType(verdict, action) {
+    if (action === "override") return EVENT_TYPES.OVERRIDE_USED;
+    
+    switch (verdict) {
+      case "ALLOW":
+        return EVENT_TYPES.PROPOSAL_ALLOWED;
+      case "BLOCK":
+        return EVENT_TYPES.PROPOSAL_BLOCKED;
+      case "WARN":
+        return EVENT_TYPES.PROPOSAL_WARNED;
+      default:
+        return EVENT_TYPES.PROPOSAL_SUBMITTED;
+    }
+  }
+  
+  /**
+   * Build summary for firewall event
+   * @param {Object} raw - Raw event data
+   * @returns {string} Summary
+   */
+  buildFirewallSummary(raw) {
+    const parts = [];
+    
+    if (raw.verdict) {
+      parts.push(`[${raw.verdict}]`);
+    }
+    
+    if (raw.agentId) {
+      parts.push(`Agent: ${raw.agentId}`);
+    }
+    
+    if (raw.file) {
+      parts.push(`File: ${path.basename(raw.file)}`);
+    }
+    
+    if (raw.intent) {
+      parts.push(raw.intent.slice(0, 50) + (raw.intent.length > 50 ? "..." : ""));
+    }
+    
+    return parts.join(" | ") || "Firewall event";
+  }
+  
+  /**
+   * Build summary for conductor event
+   * @param {Object} raw - Raw event data
+   * @returns {string} Summary
+   */
+  buildConductorSummary(raw) {
+    const parts = [];
+    
+    if (raw.type || raw.action) {
+      parts.push(`[${raw.type || raw.action}]`);
+    }
+    
+    if (raw.agentId) {
+      parts.push(`Agent: ${raw.agentId}`);
+    }
+    
+    if (raw.sessionId) {
+      parts.push(`Session: ${raw.sessionId.slice(0, 12)}...`);
+    }
+    
+    return parts.join(" | ") || "Conductor event";
+  }
+  
+  /**
+   * Build causal chain from events
+   * @param {TimelineEvent[]} events - Events to analyze
+   * @returns {Object} Causal chain and root cause
+   */
+  buildCausalChain(events) {
+    const causalChain = [];
+    let rootCause = null;
+    
+    // Find incident events
+    const incidents = events.filter(e => e.type === EVENT_TYPES.INCIDENT_REPORTED);
+    
+    if (incidents.length === 0) {
+      return { causalChain, rootCause };
+    }
+    
+    // For each incident, trace back to find potential causes
+    for (const incident of incidents) {
+      const affectedFiles = incident.details.affectedFiles || [];
+      const incidentTime = new Date(incident.timestamp);
+      
+      // Find events that affected the same files before the incident
+      const potentialCauses = events.filter(e => {
+        const eventTime = new Date(e.timestamp);
+        if (eventTime >= incidentTime) return false;
+        
+        const eventFile = e.details?.file;
+        if (!eventFile) return false;
+        
+        return affectedFiles.some(f => f.includes(eventFile) || eventFile.includes(f));
+      });
+      
+      // Look for overrides or blocked proposals that were overridden
+      for (const cause of potentialCauses) {
+        if (cause.type === EVENT_TYPES.OVERRIDE_USED ||
+            (cause.type === EVENT_TYPES.PROPOSAL_ALLOWED && cause.details?.overrideUsed)) {
+          causalChain.push({
+            cause: cause.id,
+            effect: incident.id,
+            relationship: "override_led_to_incident",
+            confidence: 0.8,
+          });
+          
+          if (!rootCause) {
+            rootCause = cause;
+          }
+        }
+      }
+      
+      // Also look for the first suspicious change
+      const firstSuspicious = potentialCauses.find(e => 
+        e.type === EVENT_TYPES.PROPOSAL_ALLOWED &&
+        (e.details?.riskScore || 0) >= 50
+      );
+      
+      if (firstSuspicious && !rootCause) {
+        rootCause = firstSuspicious;
+        causalChain.push({
+          cause: firstSuspicious.id,
+          effect: incident.id,
+          relationship: "high_risk_change_led_to_incident",
+          confidence: 0.6,
+        });
+      }
+    }
+    
+    return { causalChain, rootCause };
+  }
+  
+  /**
+   * Link related events together
+   * @param {TimelineEvent[]} events - Events to link
+   */
+  linkRelatedEvents(events) {
+    // Group events by file
+    const byFile = new Map();
+    
+    for (const event of events) {
+      const file = event.details?.file;
+      if (file) {
+        if (!byFile.has(file)) {
+          byFile.set(file, []);
+        }
+        byFile.get(file).push(event);
+      }
+    }
+    
+    // Link events that share the same file
+    for (const [, fileEvents] of byFile) {
+      for (let i = 0; i < fileEvents.length; i++) {
+        for (let j = i + 1; j < fileEvents.length; j++) {
+          fileEvents[i].relatedEvents.push(fileEvents[j].id);
+          fileEvents[j].relatedEvents.push(fileEvents[i].id);
+        }
+      }
+    }
+    
+    // Group events by session
+    const bySession = new Map();
+    
+    for (const event of events) {
+      const sessionId = event.details?.sessionId;
+      if (sessionId) {
+        if (!bySession.has(sessionId)) {
+          bySession.set(sessionId, []);
+        }
+        bySession.get(sessionId).push(event);
+      }
+    }
+    
+    // Link events in same session
+    for (const [, sessionEvents] of bySession) {
+      for (let i = 0; i < sessionEvents.length; i++) {
+        for (let j = i + 1; j < sessionEvents.length; j++) {
+          if (!sessionEvents[i].relatedEvents.includes(sessionEvents[j].id)) {
+            sessionEvents[i].relatedEvents.push(sessionEvents[j].id);
+          }
+          if (!sessionEvents[j].relatedEvents.includes(sessionEvents[i].id)) {
+            sessionEvents[j].relatedEvents.push(sessionEvents[i].id);
+          }
+        }
+      }
+    }
+  }
+  
+  /**
+   * Generate a timeline report
+   * @param {ForensicTimeline} timeline - Timeline to report on
+   * @returns {Object} Report
+   */
+  generateReport(timeline) {
+    const eventCounts = {};
+    const sourceCounts = {};
+    
+    for (const event of timeline.events) {
+      eventCounts[event.type] = (eventCounts[event.type] || 0) + 1;
+      sourceCounts[event.source] = (sourceCounts[event.source] || 0) + 1;
+    }
+    
+    return {
+      timelineId: timeline.timelineId,
+      generatedAt: timeline.generatedAt,
+      totalEvents: timeline.events.length,
+      eventCounts,
+      sourceCounts,
+      hasIncident: !!timeline.incident,
+      rootCauseIdentified: !!timeline.rootCause,
+      causalChainLength: timeline.causalChain.length,
+      timeRange: {
+        start: timeline.events[0]?.timestamp,
+        end: timeline.events[timeline.events.length - 1]?.timestamp,
+      },
+    };
+  }
+}
+
+/**
+ * Create a timeline builder instance
+ * @param {Object} options - Options
+ * @returns {TimelineBuilder} Timeline builder
+ */
+function createTimelineBuilder(options = {}) {
+  return new TimelineBuilder(options);
+}
+
+module.exports = { TimelineBuilder, createTimelineBuilder, EVENT_TYPES };