@vibecheckai/cli 3.3.0 → 3.5.0

package/bin/runners/lib/engines/duplicate-code-engine.js

@@ -0,0 +1,354 @@
+/**
+ * Duplicate Code Detection Engine
+ * Detects:
+ * - Exact duplicate code blocks
+ * - Similar code patterns (near-duplicates)
+ * - Copy-paste code between files
+ * - Repeated utility functions
+ */
+
+const { getAST } = require("./ast-cache");
+const traverse = require("@babel/traverse").default;
+const t = require("@babel/types");
+const crypto = require("crypto");
+
+/**
+ * Minimum lines for a duplicate to be reported
+ */
+const MIN_DUPLICATE_LINES = 5;
+
+/**
+ * Minimum tokens for a duplicate to be considered significant
+ */
+const MIN_DUPLICATE_TOKENS = 20;
+
+/**
+ * Similarity threshold for near-duplicates (0-1)
+ */
+const SIMILARITY_THRESHOLD = 0.8;
+
+/**
+ * Normalize code by removing variable names and literals
+ */
+function normalizeCode(code) {
+  // Remove comments
+  code = code.replace(/\/\/.*$/gm, "");
+  code = code.replace(/\/\*[\s\S]*?\*\//g, "");
+  
+  // Normalize whitespace
+  code = code.replace(/\s+/g, " ").trim();
+  
+  // Remove string contents (keep quotes)
+  code = code.replace(/"[^"]*"/g, '""');
+  code = code.replace(/'[^']*'/g, "''");
+  code = code.replace(/`[^`]*`/g, "``");
+  
+  // Normalize numbers
+  code = code.replace(/\b\d+\.?\d*\b/g, "0");
+  
+  return code;
+}
+
+/**
+ * Tokenize code for comparison
+ */
+function tokenize(code) {
+  const normalized = normalizeCode(code);
+  
+  // Split into tokens
+  const tokens = normalized.split(/(\s+|[{}()\[\];,.])/g)
+    .filter(t => t.trim().length > 0);
+  
+  return tokens;
+}
+
+/**
+ * Calculate hash of normalized code block
+ */
+function hashCodeBlock(code) {
+  const normalized = normalizeCode(code);
+  return crypto.createHash("md5").update(normalized).digest("hex");
+}
+
+/**
+ * Calculate similarity between two token arrays using Jaccard similarity
+ */
+function calculateSimilarity(tokens1, tokens2) {
+  if (tokens1.length === 0 || tokens2.length === 0) return 0;
+  
+  const set1 = new Set(tokens1);
+  const set2 = new Set(tokens2);
+  
+  let intersection = 0;
+  for (const token of set1) {
+    if (set2.has(token)) intersection++;
+  }
+  
+  const union = set1.size + set2.size - intersection;
+  return intersection / union;
+}
+
+/**
+ * Extract significant code blocks from AST
+ */
+function extractCodeBlocks(code, filePath) {
+  const ast = getAST(code, filePath);
+  if (!ast) return [];
+  
+  const blocks = [];
+  const lines = code.split("\n");
+  
+  traverse(ast, {
+    // Function declarations and expressions
+    FunctionDeclaration(path) {
+      extractBlock(path, blocks, code, lines, "function");
+    },
+    FunctionExpression(path) {
+      // Only capture if it's a standalone function (not inline callback)
+      if (path.parentPath.isVariableDeclarator()) {
+        extractBlock(path, blocks, code, lines, "function");
+      }
+    },
+    ArrowFunctionExpression(path) {
+      // Only capture if it's a standalone function
+      if (path.parentPath.isVariableDeclarator()) {
+        const body = path.node.body;
+        // Only capture functions with block body (not one-liners)
+        if (t.isBlockStatement(body)) {
+          extractBlock(path, blocks, code, lines, "arrow");
+        }
+      }
+    },
+    
+    // Class methods
+    ClassMethod(path) {
+      extractBlock(path, blocks, code, lines, "method");
+    },
+    
+    // If statements with significant bodies
+    IfStatement(path) {
+      const bodyLines = getBlockLineCount(path.node);
+      if (bodyLines >= MIN_DUPLICATE_LINES) {
+        extractBlock(path, blocks, code, lines, "if-block");
+      }
+    },
+    
+    // Switch statements
+    SwitchStatement(path) {
+      const bodyLines = getBlockLineCount(path.node);
+      if (bodyLines >= MIN_DUPLICATE_LINES) {
+        extractBlock(path, blocks, code, lines, "switch");
+      }
+    },
+  });
+  
+  return blocks;
+}
+
+/**
+ * Get line count of a block
+ */
+function getBlockLineCount(node) {
+  if (!node.loc) return 0;
+  return node.loc.end.line - node.loc.start.line + 1;
+}
+
+/**
+ * Extract a code block with metadata
+ */
+function extractBlock(path, blocks, code, lines, type) {
+  const node = path.node;
+  if (!node.loc) return;
+  
+  const startLine = node.loc.start.line;
+  const endLine = node.loc.end.line;
+  const lineCount = endLine - startLine + 1;
+  
+  // Skip small blocks
+  if (lineCount < MIN_DUPLICATE_LINES) return;
+  
+  const blockCode = code.substring(node.start, node.end);
+  const tokens = tokenize(blockCode);
+  
+  // Skip blocks with too few tokens
+  if (tokens.length < MIN_DUPLICATE_TOKENS) return;
+  
+  // Get function/method name if available
+  let name = "<anonymous>";
+  if (node.id?.name) {
+    name = node.id.name;
+  } else if (node.key?.name) {
+    name = node.key.name;
+  } else if (path.parentPath?.isVariableDeclarator()) {
+    const declId = path.parentPath.node.id;
+    if (t.isIdentifier(declId)) {
+      name = declId.name;
+    }
+  }
+  
+  blocks.push({
+    type,
+    name,
+    startLine,
+    endLine,
+    lineCount,
+    code: blockCode,
+    tokens,
+    hash: hashCodeBlock(blockCode),
+    snippet: lines[startLine - 1]?.trim() || "",
+  });
+}
+
+/**
+ * Find duplicates within a single file
+ */
+function findDuplicatesInFile(code, filePath) {
+  const findings = [];
+  const blocks = extractCodeBlocks(code, filePath);
+  
+  // Group by hash for exact duplicates
+  const hashGroups = new Map();
+  for (const block of blocks) {
+    if (!hashGroups.has(block.hash)) {
+      hashGroups.set(block.hash, []);
+    }
+    hashGroups.get(block.hash).push(block);
+  }
+  
+  // Report exact duplicates
+  for (const [hash, group] of hashGroups) {
+    if (group.length > 1) {
+      const first = group[0];
+      const locations = group.map(b => `line ${b.startLine}`).join(", ");
+      
+      findings.push({
+        type: "exact_duplicate",
+        severity: "WARN",
+        category: "CodeQuality",
+        file: filePath,
+        line: first.startLine,
+        column: 0,
+        title: `Duplicate code block (${first.lineCount} lines, ${group.length} occurrences)`,
+        message: `Identical code found at: ${locations}. Consider extracting to a shared function.`,
+        codeSnippet: first.snippet,
+        confidence: "high",
+        fixHint: "Extract duplicate code into a reusable function",
+      });
+    }
+  }
+  
+  // Find near-duplicates (similar but not identical)
+  const reported = new Set();
+  for (let i = 0; i < blocks.length; i++) {
+    for (let j = i + 1; j < blocks.length; j++) {
+      const block1 = blocks[i];
+      const block2 = blocks[j];
+      
+      // Skip if already matched as exact duplicate
+      if (block1.hash === block2.hash) continue;
+      
+      // Skip if already reported
+      const pairKey = `${block1.startLine}-${block2.startLine}`;
+      if (reported.has(pairKey)) continue;
+      
+      const similarity = calculateSimilarity(block1.tokens, block2.tokens);
+      
+      if (similarity >= SIMILARITY_THRESHOLD) {
+        reported.add(pairKey);
+        
+        findings.push({
+          type: "similar_code",
+          severity: "INFO",
+          category: "CodeQuality",
+          file: filePath,
+          line: block1.startLine,
+          column: 0,
+          title: `Similar code blocks (${Math.round(similarity * 100)}% similar)`,
+          message: `'${block1.name}' (line ${block1.startLine}) and '${block2.name}' (line ${block2.startLine}) have similar structure.`,
+          codeSnippet: block1.snippet,
+          confidence: "med",
+          fixHint: "Consider refactoring to share common logic",
+        });
+      }
+    }
+  }
+  
+  return findings;
+}
+
+/**
+ * Find duplicates across multiple files
+ */
+function findDuplicatesAcrossFiles(files, repoRoot) {
+  const fs = require("fs");
+  const path = require("path");
+  const findings = [];
+  const allBlocks = new Map(); // hash -> [{ file, block }]
+  
+  // Collect blocks from all files
+  for (const fileAbs of files) {
+    try {
+      const code = fs.readFileSync(fileAbs, "utf8");
+      const fileRel = path.relative(repoRoot, fileAbs).replace(/\\/g, "/");
+      const blocks = extractCodeBlocks(code, fileRel);
+      
+      for (const block of blocks) {
+        if (!allBlocks.has(block.hash)) {
+          allBlocks.set(block.hash, []);
+        }
+        allBlocks.get(block.hash).push({ file: fileRel, block });
+      }
+    } catch (e) {
+      // Skip files that can't be read
+      continue;
+    }
+  }
+  
+  // Find cross-file duplicates
+  for (const [hash, occurrences] of allBlocks) {
+    // Get unique files
+    const uniqueFiles = new Set(occurrences.map(o => o.file));
+    
+    if (uniqueFiles.size > 1) {
+      const first = occurrences[0];
+      const fileList = Array.from(uniqueFiles).slice(0, 5).join(", ");
+      const moreFiles = uniqueFiles.size > 5 ? ` and ${uniqueFiles.size - 5} more` : "";
+      
+      findings.push({
+        type: "cross_file_duplicate",
+        severity: "WARN",
+        category: "CodeQuality",
+        file: first.file,
+        line: first.block.startLine,
+        column: 0,
+        title: `Duplicate code across ${uniqueFiles.size} files`,
+        message: `Same code block (${first.block.lineCount} lines) found in: ${fileList}${moreFiles}`,
+        codeSnippet: first.block.snippet,
+        confidence: "high",
+        fixHint: "Extract to a shared utility module",
+      });
+    }
+  }
+  
+  return findings;
+}
+
+/**
+ * Analyze duplicate code in a single file
+ */
+function analyzeDuplicateCode(code, filePath) {
+  return findDuplicatesInFile(code, filePath);
+}
+
+module.exports = {
+  analyzeDuplicateCode,
+  findDuplicatesInFile,
+  findDuplicatesAcrossFiles,
+  extractCodeBlocks,
+  calculateSimilarity,
+  normalizeCode,
+  tokenize,
+  hashCodeBlock,
+  MIN_DUPLICATE_LINES,
+  SIMILARITY_THRESHOLD,
+};

package/bin/runners/lib/engines/empty-catch-engine.js

@@ -1,12 +1,95 @@
 /**
  * Empty Catch Block Detection Engine
  * Uses AST analysis to detect empty or effectively empty catch blocks
+ * Enhanced with:
+ * - Intentional suppression comment detection
+ * - Structured logging detection (winston, pino, bunyan)
+ * - Error reporting service detection (Sentry, Bugsnag, Rollbar)
+ * - Recovery/cleanup pattern detection
  */
 
 const { getAST, parseCode } = require("./ast-cache");
 const traverse = require("@babel/traverse").default;
 const t = require("@babel/types");
 
+/**
+ * Comments that indicate intentional error suppression
+ */
+const INTENTIONAL_SUPPRESSION_PATTERNS = [
+  /intentionally?\s*(?:ignored?|suppress(?:ed)?|silent|swallow(?:ed)?)/i,
+  /error\s*(?:is\s*)?(?:expected|ok|fine|acceptable)/i,
+  /safe\s*to\s*ignore/i,
+  /this\s*(?:error|exception)\s*(?:can|is)\s*(?:safely\s*)?(?:be\s*)?ignored/i,
+  /ignore\s*(?:this\s*)?(?:error|exception)/i,
+  /suppress(?:ed)?\s*(?:error|exception)/i,
+  /best\s*effort/i,
+  /fallback/i,
+  /graceful(?:ly)?/i,
+  /optional/i,
+  /non-critical/i,
+  /not\s*(?:a\s*)?(?:critical|fatal)/i,
+];
+
+/**
+ * Structured logging calls (not console)
+ */
+const STRUCTURED_LOGGER_PATTERNS = [
+  // Logger method calls
+  /^logger\./i,
+  /^log\./i,
+  /^winston\./i,
+  /^pino\./i,
+  /^bunyan\./i,
+  /^console\.(error|warn)/i,
+  // Error tracking services
+  /Sentry\.capture/i,
+  /Bugsnag\.notify/i,
+  /Rollbar\.error/i,
+  /trackError/i,
+  /reportError/i,
+  /captureException/i,
+  /logError/i,
+];
+
+/**
+ * Check if code contains intentional suppression comment
+ */
+function hasIntentionalSuppressionComment(code, startLine, endLine, lines) {
+  // Check comments in and around the catch block
+  for (let i = Math.max(0, startLine - 2); i <= Math.min(lines.length - 1, endLine + 1); i++) {
+    const line = lines[i];
+    // Check for intentional suppression patterns in comments
+    if (INTENTIONAL_SUPPRESSION_PATTERNS.some(pattern => pattern.test(line))) {
+      return true;
+    }
+  }
+  return false;
+}
+
+/**
+ * Check if expression is a structured logging call
+ */
+function isStructuredLoggingCall(expression, code) {
+  if (!t.isCallExpression(expression)) return false;
+  
+  const callee = expression.callee;
+  let calleeStr = "";
+  
+  // Build the callee string
+  if (t.isMemberExpression(callee)) {
+    if (t.isIdentifier(callee.object)) {
+      calleeStr = callee.object.name + ".";
+    }
+    if (t.isIdentifier(callee.property)) {
+      calleeStr += callee.property.name;
+    }
+  } else if (t.isIdentifier(callee)) {
+    calleeStr = callee.name;
+  }
+  
+  return STRUCTURED_LOGGER_PATTERNS.some(pattern => pattern.test(calleeStr));
+}
+
 /**
  * Check if a catch block is effectively empty
  */
@@ -83,59 +166,86 @@ function analyzeEmptyCatch(code, filePath) {
       
       if (!body) return;
       
+      const startLine = catchNode.loc.start.line;
+      const endLine = catchNode.loc.end.line;
+      
+      // Check for intentional suppression comments first
+      if (hasIntentionalSuppressionComment(code, startLine - 1, endLine - 1, lines)) {
+        // Has intentional suppression comment - skip or low severity
+        return;
+      }
+      
       // Check if completely empty
       if (isEmptyCatchBlock(body)) {
-        const line = catchNode.loc.start.line;
         findings.push({
           type: "empty_catch",
           severity: "WARN",
           category: "EmptyCatch",
           file: filePath,
-          line,
+          line: startLine,
           column: catchNode.loc.start.column,
           title: "Empty catch block",
           message: "Catch block contains no error handling code",
-          codeSnippet: lines[line - 1]?.trim(),
+          codeSnippet: lines[startLine - 1]?.trim(),
           confidence: "high",
+          fixHint: "Add error handling, logging, or a comment explaining why the error is intentionally ignored",
         });
         return;
       }
       
-      // Check if only has comments - but allow console.error/warn and return/throw
+      // Check if only has comments - but allow console.error/warn, structured logging, return/throw
       const statements = body.body || [];
       const hasRealHandling = statements.some(stmt => {
-        // Allow return statements
+        // Allow return statements (with or without value)
         if (t.isReturnStatement(stmt)) return true;
-        // Allow throw statements
+        
+        // Allow throw statements (re-throwing or wrapping)
         if (t.isThrowStatement(stmt)) return true;
-        // Allow console.error/warn (logging is acceptable error handling)
+        
+        // Allow structured logging and error reporting
         if (t.isExpressionStatement(stmt) && t.isCallExpression(stmt.expression)) {
-          const callee = stmt.expression.callee;
-          if (t.isMemberExpression(callee) && 
-              t.isIdentifier(callee.object, { name: "console" }) &&
-              t.isIdentifier(callee.property)) {
-            if (["error", "warn"].includes(callee.property.name)) {
-              return true; // This is acceptable error handling
-            }
+          if (isStructuredLoggingCall(stmt.expression, code)) {
+            return true;
           }
         }
+        
+        // Allow await expressions (might be async error handling)
+        if (t.isExpressionStatement(stmt) && t.isAwaitExpression(stmt.expression)) {
+          return true;
+        }
+        
+        // Allow variable assignments (might be setting error state)
+        if (t.isExpressionStatement(stmt) && t.isAssignmentExpression(stmt.expression)) {
+          return true;
+        }
+        
+        // Allow variable declarations (const error = ...)
+        if (t.isVariableDeclaration(stmt)) {
+          return true;
+        }
+        
+        // Allow if statements (conditional error handling)
+        if (t.isIfStatement(stmt)) {
+          return true;
+        }
+        
         return false;
       });
       
       // Only flag if it truly has no handling
       if (!hasRealHandling && onlyHasComments(body, code)) {
-        const line = catchNode.loc.start.line;
         findings.push({
           type: "comment_only_catch",
           severity: "WARN",
           category: "EmptyCatch",
           file: filePath,
-          line,
+          line: startLine,
           column: catchNode.loc.start.column,
           title: "Catch block with only comments",
           message: "Catch block contains only comments, no actual error handling",
-          codeSnippet: lines[line - 1]?.trim(),
+          codeSnippet: lines[startLine - 1]?.trim(),
           confidence: "med",
+          fixHint: "Add proper error handling or use a recognized suppression comment pattern",
         });
       }
     },