@vibecheckai/cli 3.3.0 → 3.5.0

package/bin/runners/lib/polish/library-detection.js

@@ -0,0 +1,175 @@
+/**
+ * Library Detection for Polish Checks
+ * 
+ * Detects installed libraries to reduce false positives.
+ * If a library already provides functionality, we skip the corresponding check.
+ */
+
+"use strict";
+
+const { loadPackageJsonSync, getAllDependencies } = require('./utils');
+
+/**
+ * Common libraries that provide specific functionality
+ */
+const LIBRARY_ALTERNATIVES = {
+  // Error handling libraries
+  errorBoundary: [
+    'react-error-boundary',
+    '@sentry/react',
+    'bugsnag-react',
+  ],
+  
+  // Toast/notification libraries
+  toast: [
+    'react-hot-toast',
+    'react-toastify',
+    'sonner',
+    '@radix-ui/react-toast',
+    'notistack',
+    'react-notifications',
+  ],
+  
+  // Loading/spinner libraries
+  spinner: [
+    'react-spinners',
+    'react-loader-spinner',
+    'react-loading',
+    '@chakra-ui/react',
+    '@mantine/core',
+  ],
+  
+  // Skeleton libraries
+  skeleton: [
+    'react-loading-skeleton',
+    'react-content-loader',
+    '@chakra-ui/react',
+    '@mantine/core',
+    '@radix-ui/themes',
+  ],
+  
+  // Form validation libraries
+  formValidation: [
+    'react-hook-form',
+    'formik',
+    '@tanstack/react-form',
+    'react-final-form',
+    'zod',
+    'yup',
+  ],
+  
+  // Rate limiting libraries
+  rateLimiting: [
+    'express-rate-limit',
+    'rate-limiter-flexible',
+    '@upstash/ratelimit',
+    'bottleneck',
+  ],
+  
+  // Logging libraries
+  logging: [
+    'winston',
+    'pino',
+    'bunyan',
+    'log4js',
+    'morgan',
+  ],
+  
+  // Monitoring libraries
+  monitoring: [
+    '@sentry/node',
+    '@sentry/react',
+    'newrelic',
+    'datadog-metrics',
+    '@opentelemetry/api',
+    'prom-client',
+  ],
+  
+  // Security libraries
+  security: [
+    'helmet',
+    'cors',
+    'express-validator',
+    'sanitize-html',
+    'dompurify',
+  ],
+  
+  // Auth libraries
+  auth: [
+    'next-auth',
+    'passport',
+    'express-jwt',
+    'jsonwebtoken',
+    '@clerk/nextjs',
+    '@auth0/nextjs-auth0',
+  ],
+  
+  // i18n libraries
+  i18n: [
+    'next-intl',
+    'react-i18next',
+    'i18next',
+    'next-translate',
+    'formatjs',
+    'react-intl',
+  ],
+  
+  // Accessibility libraries
+  accessibility: [
+    '@radix-ui/react-accessible-icon',
+    'react-aria',
+    '@react-aria/focus',
+    'focus-visible',
+    '@chakra-ui/react',
+  ],
+  
+  // SEO libraries
+  seo: [
+    'next-seo',
+    'react-helmet',
+    'react-helmet-async',
+    '@tanstack/react-query',
+  ],
+};
+
+/**
+ * Check if a library category is covered by installed dependencies
+ */
+function hasLibrary(deps, category) {
+  const alternatives = LIBRARY_ALTERNATIVES[category];
+  if (!alternatives) return false;
+  
+  return alternatives.some(lib => deps[lib] !== undefined);
+}
+
+/**
+ * Detect all installed libraries and return coverage map
+ */
+function detectInstalledLibraries(projectPath) {
+  const pkg = loadPackageJsonSync(projectPath);
+  if (!pkg) return { deps: {}, coverage: {} };
+  
+  const deps = getAllDependencies(pkg);
+  const coverage = {};
+  
+  for (const [category, libs] of Object.entries(LIBRARY_ALTERNATIVES)) {
+    coverage[category] = libs.filter(lib => deps[lib] !== undefined);
+  }
+  
+  return { deps, coverage };
+}
+
+/**
+ * Get a list of detected libraries for a category
+ */
+function getDetectedLibraries(projectPath, category) {
+  const { coverage } = detectInstalledLibraries(projectPath);
+  return coverage[category] || [];
+}
+
+module.exports = {
+  LIBRARY_ALTERNATIVES,
+  hasLibrary,
+  detectInstalledLibraries,
+  getDetectedLibraries,
+};

package/bin/runners/lib/polish/performance-checks.js

@@ -0,0 +1,100 @@
+/**
+ * Performance Polish Checks
+ * 
+ * Checks for performance production readiness:
+ * - Caching configuration
+ * - Image optimization
+ * - Bundle optimization
+ * - Lazy loading
+ */
+
+"use strict";
+
+const path = require("path");
+const { pathExists, findAllFiles, readFileSafe } = require('./utils');
+
+/**
+ * Check for image optimization
+ */
+async function checkImageOptimization(projectPath, options = {}) {
+  const findings = [];
+  
+  // Check for next/image usage or image optimization packages
+  const files = await findAllFiles(projectPath, /\.(tsx?|jsx?)$/);
+  let hasImageOptimization = false;
+  
+  for (const file of files) {
+    const content = await readFileSafe(file);
+    if (content && /next\/image|@next\/image|Image.*src=/i.test(content)) {
+      hasImageOptimization = true;
+      break;
+    }
+  }
+  
+  if (!hasImageOptimization) {
+    findings.push({
+      id: 'no-image-optimization',
+      category: 'performance',
+      priority: 'medium',
+      title: 'No Image Optimization',
+      description: 'Not using optimized image components. Large images slow down page load.',
+      fix: 'Use next/image for automatic image optimization',
+    });
+  }
+  
+  return findings;
+}
+
+/**
+ * Check for bundle analyzer
+ */
+async function checkBundleAnalyzer(projectPath, options = {}) {
+  const findings = [];
+  
+  const pkg = await readFileSafe(path.join(projectPath, 'package.json'));
+  if (pkg && /@next\/bundle-analyzer|webpack-bundle-analyzer/i.test(pkg)) {
+    return findings;
+  }
+  
+  findings.push({
+    id: 'no-bundle-analyzer',
+    category: 'performance',
+    priority: 'low',
+    title: 'No Bundle Analyzer',
+    description: 'Bundle analyzer not configured. Hard to identify large dependencies.',
+    fix: 'Install @next/bundle-analyzer to monitor bundle size',
+  });
+  
+  return findings;
+}
+
+/**
+ * Run all performance checks
+ */
+async function runChecks(projectPath, options = {}) {
+  const allFindings = [];
+  
+  const checks = [
+    checkImageOptimization,
+    checkBundleAnalyzer,
+  ];
+  
+  for (const check of checks) {
+    try {
+      const findings = await check(projectPath, options);
+      allFindings.push(...findings);
+    } catch (error) {
+      if (options.verbose) {
+        console.warn(`Check failed: ${check.name}`, error.message);
+      }
+    }
+  }
+  
+  return allFindings;
+}
+
+module.exports = {
+  runChecks,
+  checkImageOptimization,
+  checkBundleAnalyzer,
+};

package/bin/runners/lib/polish/security-checks.js

@@ -0,0 +1,148 @@
+/**
+ * Security Polish Checks
+ * 
+ * Checks for security production readiness:
+ * - HTTPS enforcement
+ * - CORS configuration
+ * - CSP headers
+ * - Secrets management
+ */
+
+"use strict";
+
+const path = require("path");
+const { pathExists, findAllFiles, readFileSafe } = require('./utils');
+const { detectInstalledLibraries } = require('./library-detection');
+
+/**
+ * Check for HTTPS enforcement
+ */
+async function checkHTTPS(projectPath, options = {}) {
+  const findings = [];
+  
+  // Check for HTTPS patterns
+  const files = await findAllFiles(projectPath, /\.(ts|js)$/);
+  let hasHTTPS = false;
+  
+  for (const file of files) {
+    const content = await readFileSafe(file);
+    if (content && /forceSSL|https.*redirect|x-forwarded-proto/i.test(content)) {
+      hasHTTPS = true;
+      break;
+    }
+  }
+  
+  // Also check environment or config files
+  const configFiles = ['next.config.js', 'next.config.ts', 'vercel.json', 'netlify.toml'];
+  for (const cf of configFiles) {
+    if (await pathExists(path.join(projectPath, cf))) {
+      hasHTTPS = true;
+      break;
+    }
+  }
+  
+  if (!hasHTTPS) {
+    findings.push({
+      id: 'no-https-enforcement',
+      category: 'security',
+      priority: 'high',
+      title: 'HTTPS Not Enforced',
+      description: 'No HTTPS redirect or SSL enforcement found.',
+      fix: 'Configure HTTPS redirect in your server or platform settings',
+    });
+  }
+  
+  return findings;
+}
+
+/**
+ * Check for helmet/security headers
+ */
+async function checkSecurityHeaders(projectPath, options = {}) {
+  const findings = [];
+  const { coverage } = detectInstalledLibraries(projectPath);
+  
+  if (coverage.security && coverage.security.length > 0) {
+    return findings;
+  }
+  
+  // Check for security header patterns
+  const files = await findAllFiles(projectPath, /\.(ts|js)$/);
+  let hasSecurityHeaders = false;
+  
+  for (const file of files) {
+    const content = await readFileSafe(file);
+    if (content && /helmet|Content-Security-Policy|X-Frame-Options|X-XSS-Protection/i.test(content)) {
+      hasSecurityHeaders = true;
+      break;
+    }
+  }
+  
+  if (!hasSecurityHeaders) {
+    findings.push({
+      id: 'missing-security-headers',
+      category: 'security',
+      priority: 'high',
+      title: 'Missing Security Headers',
+      description: 'No security headers configured. Vulnerable to XSS, clickjacking, etc.',
+      fix: 'Install helmet package or configure security headers manually',
+    });
+  }
+  
+  return findings;
+}
+
+/**
+ * Check for env file in .gitignore
+ */
+async function checkEnvGitignore(projectPath, options = {}) {
+  const findings = [];
+  
+  const gitignore = await readFileSafe(path.join(projectPath, '.gitignore'));
+  
+  if (!gitignore || !/\.env/i.test(gitignore)) {
+    findings.push({
+      id: 'env-not-gitignored',
+      category: 'security',
+      priority: 'critical',
+      title: '.env Not in .gitignore',
+      description: 'Environment files may be committed, exposing secrets.',
+      fix: 'Add .env* to your .gitignore file',
+    });
+  }
+  
+  return findings;
+}
+
+/**
+ * Run all security checks
+ */
+async function runChecks(projectPath, options = {}) {
+  const allFindings = [];
+  
+  const checks = [
+    checkHTTPS,
+    checkSecurityHeaders,
+    checkEnvGitignore,
+  ];
+  
+  for (const check of checks) {
+    try {
+      const findings = await check(projectPath, options);
+      allFindings.push(...findings);
+    } catch (error) {
+      if (options.verbose) {
+        console.warn(`Check failed: ${check.name}`, error.message);
+      }
+    }
+  }
+  
+  return allFindings;
+}
+
+module.exports = {
+  runChecks,
+  checkHTTPS,
+  checkSecurityHeaders,
+  checkEnvGitignore,
+};

package/bin/runners/lib/polish/utils.js

@@ -0,0 +1,203 @@
+/**
+ * Polish Check Utilities
+ * 
+ * Common file system and pattern matching utilities used by polish checks.
+ */
+
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+
+/**
+ * Check if a path exists
+ */
+async function pathExists(filePath) {
+  try {
+    await fs.promises.access(filePath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Check if a path exists (sync version)
+ */
+function pathExistsSync(filePath) {
+  try {
+    fs.accessSync(filePath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Read file contents safely
+ */
+async function readFileSafe(filePath) {
+  try {
+    return await fs.promises.readFile(filePath, 'utf8');
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Read file contents safely (sync version)
+ */
+function readFileSafeSync(filePath) {
+  try {
+    return fs.readFileSync(filePath, 'utf8');
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Check if file contains a pattern
+ */
+async function fileContains(filePath, pattern) {
+  const content = await readFileSafe(filePath);
+  if (!content) return false;
+  return pattern.test(content);
+}
+
+/**
+ * Check if file contains a pattern (sync version)
+ */
+function fileContainsSync(filePath, pattern) {
+  const content = readFileSafeSync(filePath);
+  if (!content) return false;
+  return pattern.test(content);
+}
+
+/**
+ * Find all files matching a pattern
+ */
+async function findAllFiles(dir, pattern, maxDepth = 5, currentDepth = 0) {
+  if (currentDepth >= maxDepth) return [];
+  const results = [];
+  
+  try {
+    const entries = await fs.promises.readdir(dir, { withFileTypes: true });
+    
+    for (const entry of entries) {
+      // Skip hidden dirs, node_modules, etc.
+      if (entry.name.startsWith('.') || 
+          entry.name === 'node_modules' || 
+          entry.name === 'dist' || 
+          entry.name === 'build' ||
+          entry.name === '.next' ||
+          entry.name === 'coverage') {
+        continue;
+      }
+      
+      const fullPath = path.join(dir, entry.name);
+      
+      if (entry.isDirectory()) {
+        const found = await findAllFiles(fullPath, pattern, maxDepth, currentDepth + 1);
+        results.push(...found);
+      } else if (pattern.test(entry.name)) {
+        results.push(fullPath);
+      }
+    }
+  } catch {
+    // Ignore errors (permission issues, etc.)
+  }
+  
+  return results;
+}
+
+/**
+ * Find all files matching a pattern (sync version)
+ */
+function findAllFilesSync(dir, pattern, maxDepth = 5, currentDepth = 0) {
+  if (currentDepth >= maxDepth) return [];
+  const results = [];
+  
+  try {
+    const entries = fs.readdirSync(dir, { withFileTypes: true });
+    
+    for (const entry of entries) {
+      if (entry.name.startsWith('.') || 
+          entry.name === 'node_modules' || 
+          entry.name === 'dist' || 
+          entry.name === 'build' ||
+          entry.name === '.next' ||
+          entry.name === 'coverage') {
+        continue;
+      }
+      
+      const fullPath = path.join(dir, entry.name);
+      
+      if (entry.isDirectory()) {
+        const found = findAllFilesSync(fullPath, pattern, maxDepth, currentDepth + 1);
+        results.push(...found);
+      } else if (pattern.test(entry.name)) {
+        results.push(fullPath);
+      }
+    }
+  } catch {
+    // Ignore errors
+  }
+  
+  return results;
+}
+
+/**
+ * Load package.json from a project
+ */
+async function loadPackageJson(projectPath) {
+  const pkgPath = path.join(projectPath, 'package.json');
+  const content = await readFileSafe(pkgPath);
+  if (!content) return null;
+  
+  try {
+    return JSON.parse(content);
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Load package.json from a project (sync version)
+ */
+function loadPackageJsonSync(projectPath) {
+  const pkgPath = path.join(projectPath, 'package.json');
+  const content = readFileSafeSync(pkgPath);
+  if (!content) return null;
+  
+  try {
+    return JSON.parse(content);
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Get all dependencies from package.json
+ */
+function getAllDependencies(pkg) {
+  if (!pkg) return {};
+  return {
+    ...pkg.dependencies || {},
+    ...pkg.devDependencies || {},
+    ...pkg.peerDependencies || {},
+  };
+}
+
+module.exports = {
+  pathExists,
+  pathExistsSync,
+  readFileSafe,
+  readFileSafeSync,
+  fileContains,
+  fileContainsSync,
+  findAllFiles,
+  findAllFilesSync,
+  loadPackageJson,
+  loadPackageJsonSync,
+  getAllDependencies,
+};