@vibecheckai/cli 3.3.0 → 3.4.0

package/mcp-server/lib/api-client.cjs

@@ -1,305 +1,13 @@
 /**
- * API Client for Vibecheck Dashboard Integration
+ * API Client - MCP Server Re-export
  * 
- * Handles communication with the web dashboard API for:
- * - Creating scan records
- * - Updating scan progress
- * - Submitting scan results
- * - Broadcasting real-time updates
- */
-
-"use strict";
-
-const https = require("https");
-const http = require("http");
-const { logger } = require("./logger.cjs");
-
-// Configuration
-const API_BASE_URL = process.env.VIBECHECK_API_URL || "https://api.vibecheckai.dev";
-const API_TIMEOUT = 30000; // 30 seconds
-
-/**
- * Make HTTP request to API
- */
-async function makeRequest(path, options = {}) {
-  const url = new URL(path, API_BASE_URL);
-  const isHttps = url.protocol === "https:";
-  const client = isHttps ? https : http;
-
-  const defaultOptions = {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      "User-Agent": "vibecheck-cli/3.3.0",
-    },
-    timeout: API_TIMEOUT,
-  };
-
-  const requestOptions = {
-    ...defaultOptions,
-    ...options,
-    hostname: url.hostname,
-    port: url.port || (isHttps ? 443 : 80),
-    path: url.pathname + url.search,
-  };
-
-  // Add Authorization header if API key is available
-  const apiKey = process.env.VIBECHECK_API_KEY || getApiKey();
-  if (apiKey) {
-    requestOptions.headers.Authorization = `Bearer ${apiKey}`;
-  }
-
-  return new Promise((resolve, reject) => {
-    const req = client.request(requestOptions, (res) => {
-      let data = "";
-
-      res.on("data", (chunk) => {
-        data += chunk;
-      });
-
-      res.on("end", () => {
-        try {
-          const jsonData = data ? JSON.parse(data) : {};
-          resolve({
-            ok: res.statusCode >= 200 && res.statusCode < 300,
-            status: res.statusCode,
-            data: jsonData,
-          });
-        } catch (err) {
-          resolve({
-            ok: false,
-            status: res.statusCode,
-            data: { error: "Invalid JSON response" },
-          });
-        }
-      });
-    });
-
-    req.on("error", (err) => {
-      logger.debug(`API request failed: ${err.message}`);
-      resolve({
-        ok: false,
-        error: err.message,
-        data: { error: err.message },
-      });
-    });
-
-    req.on("timeout", () => {
-      req.destroy();
-      resolve({
-        ok: false,
-        error: "Request timeout",
-        data: { error: "Request timeout" },
-      });
-    });
-
-    if (options.body) {
-      req.write(JSON.stringify(options.body));
-    }
-
-    req.end();
-  });
-}
-
-/**
- * Get API key from environment or config
- */
-function getApiKey() {
-  // Try various environment variables
-  const envVars = [
-    "VIBECHECK_API_KEY",
-    "VIBECHECK_TOKEN",
-    "API_KEY",
-    "TOKEN",
-  ];
-
-  for (const envVar of envVars) {
-    if (process.env[envVar]) {
-      return process.env[envVar];
-    }
-  }
-
-  // Try to read from config file
-  try {
-    const fs = require("fs");
-    const path = require("path");
-    const os = require("os");
-
-    const configPaths = [
-      path.join(os.homedir(), ".vibecheck", "config.json"),
-      path.join(process.cwd(), ".vibecheckrc.json"),
-      path.join(process.cwd(), "vibecheck.config.json"),
-    ];
-
-    for (const configPath of configPaths) {
-      if (fs.existsSync(configPath)) {
-        const config = JSON.parse(fs.readFileSync(configPath, "utf8"));
-        if (config.apiKey || config.token) {
-          return config.apiKey || config.token;
-        }
-      }
-    }
-  } catch (err) {
-    // Ignore config file errors
-  }
-
-  return null;
-}
-
-// =============================================================================
-// SECURITY: Input Validation
-// =============================================================================
-
-/**
- * Validate scanId format to prevent path injection.
- * 
- * SECURITY FIX: scanId is interpolated into URLs like `/api/scans/${scanId}/progress`.
- * Without validation, an attacker could inject path segments:
- *   scanId = "../../admin/delete" 
- *   → URL becomes "/api/scans/../../admin/delete/progress"
+ * This module re-exports from the canonical bin/runners/lib/api-client.js
+ * DO NOT add implementation here.
  * 
- * @param {string} scanId - The scan ID to validate
- * @returns {string} - The validated scanId
- * @throws {Error} - If scanId is invalid
- */
-function validateScanId(scanId) {
-  if (!scanId || typeof scanId !== 'string') {
-    throw new Error('scanId is required and must be a string');
-  }
-  
-  // Only allow alphanumeric, hyphens, underscores (no dots, slashes, etc.)
-  // Max length 64 to prevent abuse
-  if (!/^[a-zA-Z0-9_-]{1,64}$/.test(scanId)) {
-    throw new Error('Invalid scanId format - must be alphanumeric with hyphens/underscores only, max 64 chars');
-  }
-  
-  return scanId;
-}
-
-/**
- * Create a new scan record
- */
-async function createScan(options) {
-  const {
-    repositoryId,
-    repositoryUrl,
-    localPath,
-    branch = "main",
-    enableLLM = false,
-  } = options;
-
-  const response = await makeRequest("/api/scans", {
-    body: {
-      repositoryId,
-      repositoryUrl,
-      localPath,
-      branch,
-      enableLLM,
-    },
-  });
-
-  if (!response.ok) {
-    throw new Error(`Failed to create scan: ${response.data?.error || response.error}`);
-  }
-
-  return response.data.data;
-}
-
-/**
- * Update scan progress
+ * @see ../../../bin/runners/lib/api-client.js for the canonical implementation
  */
-async function updateScanProgress(scanId, progress, status = null) {
-  const validatedId = validateScanId(scanId);
-  
-  const response = await makeRequest(`/api/scans/${validatedId}/progress`, {
-    body: {
-      progress,
-      status,
-    },
-  });
 
-  if (!response.ok) {
-    logger.debug(`Failed to update scan progress: ${response.data?.error || response.error}`);
-  }
-
-  return response.data;
-}
-
-/**
- * Submit scan results
- */
-async function submitScanResults(scanId, results) {
-  const validatedId = validateScanId(scanId);
-  
-  const {
-    verdict,
-    score,
-    findings,
-    filesScanned,
-    linesScanned,
-    durationMs,
-    metadata = {},
-  } = results;
-
-  const response = await makeRequest(`/api/scans/${validatedId}/complete`, {
-    body: {
-      verdict,
-      score,
-      findings,
-      filesScanned,
-      linesScanned,
-      durationMs,
-      metadata,
-    },
-  });
-
-  if (!response.ok) {
-    throw new Error(`Failed to submit scan results: ${response.data?.error || response.error}`);
-  }
-
-  return response.data;
-}
-
-/**
- * Report scan error
- */
-async function reportScanError(scanId, error) {
-  const validatedId = validateScanId(scanId);
-  
-  const response = await makeRequest(`/api/scans/${validatedId}/error`, {
-    body: {
-      error: error.message || String(error),
-      stack: error.stack,
-    },
-  });
-
-  if (!response.ok) {
-    logger.debug(`Failed to report scan error: ${response.data?.error || response.error}`);
-  }
-
-  return response.data;
-}
-
-/**
- * Check if API is available
- */
-async function isApiAvailable() {
-  try {
-    const response = await makeRequest("/api/health", {
-      method: "GET",
-      timeout: 5000,
-    });
-    return response.ok;
-  } catch (err) {
-    return false;
-  }
-}
+"use strict";
 
-module.exports = {
-  createScan,
-  updateScanProgress,
-  submitScanResults,
-  reportScanError,
-  isApiAvailable,
-  getApiKey,
-};
+// Re-export everything from the canonical api-client
+module.exports = require('../../bin/runners/lib/api-client.js');

package/mcp-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vibecheck-mcp-server",
-  "version": "3.3.0",
+  "version": "3.4.0",
   "description": "Professional MCP server for vibecheck - Intelligent development environment vibechecks",
   "type": "module",
   "main": "index.js",