@vibecheckai/cli 3.3.0 → 3.5.0

package/bin/runners/lib/engines/vibecheck-engines/lib/smart-fix-engine.js

@@ -0,0 +1,577 @@
+/**
+ * Smart Fix Suggestions Engine
+ * 
+ * AI-powered fix recommendations with confidence scoring.
+ * Generates actionable, context-aware fix suggestions for vibecheck findings.
+ * 
+ * Features:
+ * - Context-aware fix generation based on surrounding code
+ * - Framework-specific fixes (React, Next.js, Express, etc.)
+ * - Confidence scoring for each suggestion
+ * - Auto-applicable fixes vs manual review required
+ * - Code snippets for common patterns
+ * 
+ * @module smart-fix-engine
+ */
+
+"use strict";
+
+const path = require("path");
+const fs = require("fs");
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// FIX TEMPLATES - Common fix patterns for different issue types
+// ═══════════════════════════════════════════════════════════════════════════════
+
+const FIX_TEMPLATES = {
+  // ═══════════════════════════════════════════════════════════════════════════
+  // FAKE SUCCESS FIXES
+  // ═══════════════════════════════════════════════════════════════════════════
+  "fake-success": {
+    patterns: [
+      {
+        match: /return\s*{\s*success:\s*true\s*}/,
+        replace: `// TODO: Implement actual logic before returning success
+        const result = await performActualOperation();
+        if (!result.ok) {
+          return { success: false, error: result.error };
+        }
+        return { success: true, data: result.data };`,
+        confidence: 0.85,
+        autoApplicable: false,
+        message: "Replace hardcoded success with actual operation result",
+      },
+    ],
+    manualSteps: [
+      "Identify what operation this function should perform",
+      "Implement the actual business logic",
+      "Add error handling for failure cases",
+      "Return success only after verifying the operation completed",
+    ],
+  },
+
+  // ═══════════════════════════════════════════════════════════════════════════
+  // EMPTY CATCH FIXES
+  // ═══════════════════════════════════════════════════════════════════════════
+  "empty-catch": {
+    patterns: [
+      {
+        match: /catch\s*\(\s*(?:e|err|error|_)?\s*\)\s*{\s*}/,
+        replace: `catch (error) {
+          console.error('Operation failed:', error);
+          throw error; // Re-throw to let caller handle
+        }`,
+        confidence: 0.90,
+        autoApplicable: true,
+        message: "Add proper error handling - log and rethrow",
+      },
+      {
+        // Catch with only console.log
+        match: /catch\s*\(\s*(\w+)\s*\)\s*{\s*console\.log\([^)]+\)\s*;?\s*}/,
+        replace: (match, varName) => `catch (${varName}) {
+          console.error('Operation failed:', ${varName});
+          // Choose one:
+          // throw ${varName}; // Re-throw for caller to handle
+          // return { success: false, error: ${varName}.message }; // Return error response
+        }`,
+        confidence: 0.85,
+        autoApplicable: false,
+        message: "Improve error handling beyond just logging",
+      },
+    ],
+    manualSteps: [
+      "Decide how this error should be handled in context",
+      "Either: rethrow the error for upstream handling",
+      "Or: return an error response to the caller",
+      "Or: implement recovery/retry logic if appropriate",
+      "Consider adding error reporting to a monitoring service",
+    ],
+  },
+
+  // ═══════════════════════════════════════════════════════════════════════════
+  // PLACEHOLDER DATA FIXES
+  // ═══════════════════════════════════════════════════════════════════════════
+  "placeholder-data": {
+    patterns: [
+      {
+        // Placeholder UUID
+        match: /["'](?:12345678-1234-1234-1234-123456789012|00000000-0000-0000-0000-000000000000)["']/,
+        replace: `crypto.randomUUID() // Generate real UUID`,
+        confidence: 0.95,
+        autoApplicable: false,
+        message: "Replace placeholder UUID with dynamically generated one",
+      },
+      {
+        // Placeholder email
+        match: /["'](?:test@test\.com|user@example\.com)["']/i,
+        replace: `process.env.USER_EMAIL || throw new Error('USER_EMAIL not set')`,
+        confidence: 0.75,
+        autoApplicable: false,
+        message: "Replace placeholder email with environment variable or actual user data",
+      },
+    ],
+    manualSteps: [
+      "Identify where this data should come from (database, user input, env var)",
+      "Replace the hardcoded value with dynamic data",
+      "Add validation for the data source",
+      "Update tests to use proper test fixtures",
+    ],
+  },
+
+  // ═══════════════════════════════════════════════════════════════════════════
+  // PLACEHOLDER API URL FIXES
+  // ═══════════════════════════════════════════════════════════════════════════
+  "placeholder-api": {
+    patterns: [
+      {
+        match: /fetch\s*\(\s*["']https?:\/\/(?:example\.com|api\.example|your-api|my-api)/i,
+        replace: `fetch(process.env.API_URL + '/endpoint')`,
+        confidence: 0.90,
+        autoApplicable: false,
+        message: "Use environment variable for API URL",
+      },
+    ],
+    manualSteps: [
+      "Add API_URL to your .env file with the real endpoint",
+      "Update all fetch calls to use the environment variable",
+      "Add API_URL to .env.example for documentation",
+      "Verify the endpoint exists and is accessible",
+    ],
+  },
+
+  // ═══════════════════════════════════════════════════════════════════════════
+  // STUB IMPLEMENTATION FIXES
+  // ═══════════════════════════════════════════════════════════════════════════
+  "stub-implementation": {
+    patterns: [
+      {
+        match: /{\s*throw\s+(?:new\s+Error\()?["'](?:not\s+implemented|TODO|NYI)/i,
+        replace: `{
+          // TODO: Implement this function
+          // 1. Validate inputs
+          // 2. Perform the operation
+          // 3. Return the result
+          throw new Error('Not implemented - remove this after implementing');
+        }`,
+        confidence: 0.80,
+        autoApplicable: false,
+        message: "Implement the function logic",
+      },
+    ],
+    manualSteps: [
+      "Review the function signature and docstring to understand what it should do",
+      "Implement the actual business logic",
+      "Add input validation",
+      "Add proper error handling",
+      "Write tests to verify the implementation",
+      "Remove any 'not implemented' throws",
+    ],
+  },
+
+  // ═══════════════════════════════════════════════════════════════════════════
+  // HARDCODED SECRET FIXES
+  // ═══════════════════════════════════════════════════════════════════════════
+  "hardcoded-secret": {
+    patterns: [
+      {
+        match: /(?:api[_-]?key|apiKey|API_KEY)\s*[=:]\s*["']([^"']+)["']/i,
+        replace: `apiKey: process.env.API_KEY || throw new Error('API_KEY not configured')`,
+        confidence: 0.95,
+        autoApplicable: false,
+        message: "Move secret to environment variable",
+      },
+    ],
+    manualSteps: [
+      "Add the secret to your .env file (never commit this)",
+      "Add the variable name (without value) to .env.example",
+      "Update code to read from process.env",
+      "Add validation to ensure the env var is set",
+      "Consider using a secrets manager in production",
+      "IMPORTANT: If this was committed, rotate the secret immediately",
+    ],
+  },
+
+  // ═══════════════════════════════════════════════════════════════════════════
+  // ASYNC WITHOUT AWAIT FIXES
+  // ═══════════════════════════════════════════════════════════════════════════
+  "async-without-await": {
+    patterns: [
+      {
+        match: /async\s+(?:function\s+)?(\w+)\s*\([^)]*\)\s*{/,
+        replace: (match, funcName) => `// If this function doesn't need to be async, remove 'async':
+function ${funcName}(`,
+        confidence: 0.60,
+        autoApplicable: false,
+        message: "Either add await calls or remove async keyword",
+      },
+    ],
+    manualSteps: [
+      "Check if this function actually needs to be async",
+      "If yes: add await for async operations inside",
+      "If no: remove the async keyword to avoid confusion",
+      "Async functions always return Promises - make sure callers expect this",
+    ],
+  },
+
+  // ═══════════════════════════════════════════════════════════════════════════
+  // CONSOLE.LOG IN PRODUCTION FIXES
+  // ═══════════════════════════════════════════════════════════════════════════
+  "console-log": {
+    patterns: [
+      {
+        match: /console\.log\s*\(/,
+        replace: `// Use a proper logger instead:
+logger.debug(`,
+        confidence: 0.70,
+        autoApplicable: false,
+        message: "Replace console.log with proper logger",
+      },
+    ],
+    manualSteps: [
+      "Set up a proper logging library (pino, winston, etc.)",
+      "Replace console.log with logger.debug or logger.info",
+      "Configure log levels for different environments",
+      "Remove or downgrade debug logs before shipping",
+    ],
+  },
+};
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// FRAMEWORK-SPECIFIC FIXES
+// ═══════════════════════════════════════════════════════════════════════════════
+
+const FRAMEWORK_FIXES = {
+  nextjs: {
+    "api-handler-error": {
+      patterns: [
+        {
+          match: /export\s+(?:default\s+)?(?:async\s+)?function\s+handler/,
+          fix: `export default async function handler(req, res) {
+  try {
+    // Your logic here
+    return res.status(200).json({ success: true, data: result });
+  } catch (error) {
+    console.error('API Error:', error);
+    return res.status(500).json({ success: false, error: error.message });
+  }
+}`,
+          message: "Next.js API handler should have try-catch",
+        },
+      ],
+    },
+  },
+  
+  react: {
+    "missing-error-boundary": {
+      patterns: [
+        {
+          message: "Wrap components with ErrorBoundary for better error handling",
+          fix: `import { ErrorBoundary } from 'react-error-boundary';
+
+function ErrorFallback({error}) {
+  return <div role="alert">Something went wrong: {error.message}</div>
+}
+
+// Wrap your component:
+<ErrorBoundary FallbackComponent={ErrorFallback}>
+  <YourComponent />
+</ErrorBoundary>`,
+        },
+      ],
+    },
+  },
+  
+  express: {
+    "missing-error-middleware": {
+      patterns: [
+        {
+          message: "Add error handling middleware",
+          fix: `// Add at the end of your routes:
+app.use((err, req, res, next) => {
+  console.error('Server Error:', err);
+  res.status(err.status || 500).json({
+    success: false,
+    error: process.env.NODE_ENV === 'production' 
+      ? 'Internal server error' 
+      : err.message
+  });
+});`,
+        },
+      ],
+    },
+  },
+};
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// SMART FIX GENERATOR
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Generate smart fix suggestions for a finding
+ * @param {object} finding - The finding to generate fixes for
+ * @param {object} context - Context about the file and project
+ * @returns {object} Fix suggestions with confidence
+ */
+function generateFixSuggestions(finding, context = {}) {
+  const {
+    fileContent = "",
+    filePath = "",
+    framework = null,
+    projectType = null,
+  } = context;
+  
+  const suggestions = [];
+  
+  // Get template for finding type
+  const findingType = normalizeFindingType(finding.type || finding.category);
+  const template = FIX_TEMPLATES[findingType];
+  
+  if (template) {
+    // Generate pattern-based fixes
+    for (const pattern of template.patterns) {
+      const match = fileContent.match(pattern.match);
+      
+      if (match) {
+        let replacement = pattern.replace;
+        
+        // If replace is a function, call it with match groups
+        if (typeof replacement === "function") {
+          replacement = replacement(match[0], ...match.slice(1));
+        }
+        
+        suggestions.push({
+          type: "code-fix",
+          confidence: pattern.confidence,
+          autoApplicable: pattern.autoApplicable,
+          message: pattern.message,
+          original: match[0],
+          replacement,
+          location: {
+            file: filePath,
+            line: finding.line,
+            matchIndex: match.index,
+          },
+        });
+      }
+    }
+    
+    // Add manual steps
+    if (template.manualSteps) {
+      suggestions.push({
+        type: "manual-steps",
+        confidence: 0.95,
+        autoApplicable: false,
+        message: "Manual fix steps",
+        steps: template.manualSteps,
+      });
+    }
+  }
+  
+  // Add framework-specific fixes
+  if (framework && FRAMEWORK_FIXES[framework]) {
+    const frameworkFixes = FRAMEWORK_FIXES[framework];
+    
+    for (const [fixType, fixData] of Object.entries(frameworkFixes)) {
+      // Check if this fix is relevant
+      if (isFixRelevant(finding, fixType)) {
+        for (const pattern of fixData.patterns) {
+          suggestions.push({
+            type: "framework-fix",
+            framework,
+            confidence: 0.75,
+            autoApplicable: false,
+            message: pattern.message,
+            codeExample: pattern.fix,
+          });
+        }
+      }
+    }
+  }
+  
+  // Add general best practice suggestions
+  suggestions.push(...generateBestPracticeSuggestions(finding, context));
+  
+  // Sort by confidence
+  suggestions.sort((a, b) => b.confidence - a.confidence);
+  
+  return {
+    finding: finding.id || finding.type,
+    fixCount: suggestions.length,
+    hasAutoFix: suggestions.some(s => s.autoApplicable),
+    suggestions: suggestions.slice(0, 5), // Top 5 suggestions
+    priority: calculateFixPriority(finding, suggestions),
+  };
+}
+
+/**
+ * Normalize finding type to match template keys
+ */
+function normalizeFindingType(type) {
+  const typeMap = {
+    "hardcoded-success-object": "fake-success",
+    "async-fake-success": "fake-success",
+    "api-fake-success": "fake-success",
+    "catch-returns-success": "empty-catch",
+    "catch-log-only": "empty-catch",
+    "catch-todo-comment": "empty-catch",
+    "empty-catch": "empty-catch",
+    "swallowed-errors": "empty-catch",
+    "placeholder-uuid": "placeholder-data",
+    "placeholder-email": "placeholder-data",
+    "fetch-example-url": "placeholder-api",
+    "placeholder-api-url": "placeholder-api",
+    "throws-not-implemented": "stub-implementation",
+    "comment-only-function": "stub-implementation",
+    "placeholder-api-key": "hardcoded-secret",
+    "HardcodedSecret": "hardcoded-secret",
+    "async-without-await": "async-without-await",
+    "ConsoleLog": "console-log",
+  };
+  
+  return typeMap[type] || type?.toLowerCase().replace(/_/g, "-");
+}
+
+/**
+ * Check if a framework fix is relevant for a finding
+ */
+function isFixRelevant(finding, fixType) {
+  const relevanceMap = {
+    "api-handler-error": ["fake-success", "empty-catch", "FakeSuccess"],
+    "missing-error-boundary": ["empty-catch", "swallowed-errors"],
+    "missing-error-middleware": ["empty-catch", "silent-failure"],
+  };
+  
+  const relevantTypes = relevanceMap[fixType] || [];
+  return relevantTypes.some(t => 
+    finding.type?.includes(t) || finding.category?.includes(t)
+  );
+}
+
+/**
+ * Generate best practice suggestions
+ */
+function generateBestPracticeSuggestions(finding, context) {
+  const suggestions = [];
+  
+  // Error handling best practices
+  if (finding.category?.includes("Error") || finding.type?.includes("catch")) {
+    suggestions.push({
+      type: "best-practice",
+      confidence: 0.80,
+      autoApplicable: false,
+      message: "Error Handling Best Practices",
+      tips: [
+        "Always handle or rethrow errors - never swallow them",
+        "Use typed error classes for different error types",
+        "Log errors with context (user ID, request ID, etc.)",
+        "Consider using a centralized error handler",
+        "In production, never expose internal error details to users",
+      ],
+    });
+  }
+  
+  // API best practices
+  if (finding.type?.includes("api") || finding.category?.includes("API")) {
+    suggestions.push({
+      type: "best-practice",
+      confidence: 0.80,
+      autoApplicable: false,
+      message: "API Best Practices",
+      tips: [
+        "Always use environment variables for API URLs",
+        "Add timeout and retry logic for external API calls",
+        "Validate API responses before using the data",
+        "Use TypeScript interfaces for API response types",
+        "Add error handling for network failures",
+      ],
+    });
+  }
+  
+  return suggestions;
+}
+
+/**
+ * Calculate fix priority
+ */
+function calculateFixPriority(finding, suggestions) {
+  let priority = 0;
+  
+  // Higher priority for blockers
+  if (finding.severity === "BLOCK" || finding.severity === "critical") {
+    priority += 30;
+  } else if (finding.severity === "WARN") {
+    priority += 15;
+  }
+  
+  // Higher priority for auto-fixable issues
+  if (suggestions.some(s => s.autoApplicable)) {
+    priority += 20;
+  }
+  
+  // Higher priority for high-confidence fixes
+  const maxConfidence = Math.max(...suggestions.map(s => s.confidence || 0));
+  priority += maxConfidence * 10;
+  
+  // Higher priority for security issues
+  if (finding.category?.includes("Security") || finding.type?.includes("secret")) {
+    priority += 25;
+  }
+  
+  return Math.min(100, priority);
+}
+
+/**
+ * Generate fix plan for multiple findings
+ * @param {Array} findings - Array of findings
+ * @param {object} context - Project context
+ * @returns {object} Comprehensive fix plan
+ */
+function generateFixPlan(findings, context = {}) {
+  const fixes = findings.map(f => generateFixSuggestions(f, context));
+  
+  // Sort by priority
+  fixes.sort((a, b) => b.priority - a.priority);
+  
+  // Group by fix type
+  const autoFixable = fixes.filter(f => f.hasAutoFix);
+  const manualRequired = fixes.filter(f => !f.hasAutoFix);
+  
+  // Calculate estimated effort
+  const autoFixTime = autoFixable.length * 2; // ~2 min per auto-fix
+  const manualFixTime = manualRequired.reduce((sum, f) => {
+    const severity = findings.find(finding => finding.id === f.finding)?.severity;
+    return sum + (severity === "BLOCK" ? 30 : 15); // 30 min for blockers, 15 for warnings
+  }, 0);
+  
+  return {
+    summary: {
+      totalFindings: findings.length,
+      autoFixable: autoFixable.length,
+      manualRequired: manualRequired.length,
+      estimatedTimeMinutes: autoFixTime + manualFixTime,
+    },
+    prioritized: fixes,
+    autoFixes: autoFixable,
+    manualFixes: manualRequired,
+    recommendations: [
+      autoFixable.length > 0 ? 
+        `Run 'vibecheck fix --auto' to apply ${autoFixable.length} automatic fixes` : null,
+      manualRequired.length > 0 ?
+        `${manualRequired.length} issues require manual review and fixes` : null,
+      fixes.some(f => f.priority > 50) ?
+        "Start with high-priority fixes marked with priority > 50" : null,
+    ].filter(Boolean),
+  };
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// EXPORTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+module.exports = {
+  generateFixSuggestions,
+  generateFixPlan,
+  FIX_TEMPLATES,
+  FRAMEWORK_FIXES,
+  normalizeFindingType,
+};