@vibecheckai/cli 3.3.0 → 3.5.0

package/bin/runners/lib/authority/authorities/human.js

@@ -0,0 +1,343 @@
+/**
+ * Human Authority - Requires human approval
+ * 
+ * Creates approval requests via:
+ * - GitHub Issues
+ * - Slack messages
+ * - Email notifications
+ * - Dashboard notifications
+ */
+
+"use strict";
+
+const crypto = require("crypto");
+
+class HumanAuthority {
+  static description = "Requires human approval (creates GitHub issue/Slack message)";
+  static automated = false;
+  static tier = "pro";
+  
+  constructor(options = {}) {
+    this.options = options;
+    this.channels = options.channels || ["dashboard"];
+    this.timeout = options.timeout || 7 * 24 * 60 * 60 * 1000; // 7 days default
+    this.requiredApprovers = options.requiredApprovers || 1;
+  }
+
+  async review(payload) {
+    const { files = [], diff = "", context = {} } = payload;
+    const startTime = Date.now();
+
+    // Generate approval request
+    const approvalRequest = this._createApprovalRequest(payload, context);
+
+    // Attempt to send notifications via configured channels
+    const notificationResults = await this._sendNotifications(approvalRequest);
+
+    // Check if there's an existing approval
+    const existingApproval = await this._checkExistingApproval(approvalRequest.id, context);
+
+    if (existingApproval) {
+      return {
+        approved: existingApproval.status === "approved",
+        reason: existingApproval.status === "approved"
+          ? `Approved by ${existingApproval.approvers.join(", ")}`
+          : `Rejected by ${existingApproval.approvers.join(", ")}: ${existingApproval.reason}`,
+        findings: [],
+        approvalRequest,
+        existingApproval,
+        signature: this._sign(existingApproval),
+        metadata: {
+          analysisTimeMs: Date.now() - startTime,
+          approvedAt: existingApproval.timestamp,
+          approvers: existingApproval.approvers,
+        },
+      };
+    }
+
+    // Return pending status
+    return {
+      approved: false,
+      reason: "Awaiting human approval",
+      status: "pending",
+      findings: this._generateReviewPoints(payload),
+      approvalRequest,
+      notifications: notificationResults,
+      signature: this._sign(approvalRequest),
+      metadata: {
+        analysisTimeMs: Date.now() - startTime,
+        expiresAt: new Date(Date.now() + this.timeout).toISOString(),
+        requiredApprovers: this.requiredApprovers,
+        channels: this.channels,
+      },
+    };
+  }
+
+  _createApprovalRequest(payload, context) {
+    const { files = [], diff = "", context: payloadContext = {} } = payload;
+    
+    const id = crypto.randomUUID();
+    const timestamp = new Date().toISOString();
+    
+    // Generate summary of changes
+    const changedFiles = files.map(f => f.path).filter(Boolean);
+    const addedLines = (diff.match(/^\+[^+]/gm) || []).length;
+    const removedLines = (diff.match(/^-[^-]/gm) || []).length;
+
+    return {
+      id,
+      timestamp,
+      type: "human-approval",
+      title: context.title || "Code Change Approval Required",
+      description: context.description || this._generateDescription(payload),
+      summary: {
+        filesChanged: changedFiles.length,
+        addedLines,
+        removedLines,
+        changedFiles: changedFiles.slice(0, 10), // Limit to first 10
+      },
+      requestedBy: context.requestedBy || process.env.USER || "cli",
+      priority: context.priority || this._determinePriority(payload),
+      expiresAt: new Date(Date.now() + this.timeout).toISOString(),
+      requiredApprovers: this.requiredApprovers,
+      metadata: {
+        branch: context.branch,
+        commit: context.commit,
+        pullRequest: context.pullRequest,
+        repository: context.repository,
+      },
+    };
+  }
+
+  _generateDescription(payload) {
+    const { files = [], diff = "" } = payload;
+    
+    let description = "## Changes Requiring Approval\n\n";
+    
+    if (files.length > 0) {
+      description += "### Files Modified\n";
+      for (const file of files.slice(0, 10)) {
+        description += `- \`${file.path}\`\n`;
+      }
+      if (files.length > 10) {
+        description += `- ... and ${files.length - 10} more files\n`;
+      }
+      description += "\n";
+    }
+    
+    // Add diff statistics
+    const addedLines = (diff.match(/^\+[^+]/gm) || []).length;
+    const removedLines = (diff.match(/^-[^-]/gm) || []).length;
+    
+    description += "### Statistics\n";
+    description += `- Lines added: ${addedLines}\n`;
+    description += `- Lines removed: ${removedLines}\n`;
+    
+    return description;
+  }
+
+  _determinePriority(payload) {
+    const { files = [], diff = "" } = payload;
+    
+    // Check for high-priority indicators
+    const highPriorityPatterns = [
+      /security/i,
+      /auth/i,
+      /billing/i,
+      /payment/i,
+      /secret/i,
+      /migration/i,
+      /database/i,
+    ];
+    
+    const allContent = diff + files.map(f => f.path || "").join("\n");
+    
+    for (const pattern of highPriorityPatterns) {
+      if (pattern.test(allContent)) {
+        return "high";
+      }
+    }
+    
+    // Large changes are medium priority
+    const addedLines = (diff.match(/^\+[^+]/gm) || []).length;
+    if (addedLines > 500 || files.length > 20) {
+      return "medium";
+    }
+    
+    return "low";
+  }
+
+  _generateReviewPoints(payload) {
+    const { files = [], diff = "" } = payload;
+    const points = [];
+
+    // Highlight areas that need human attention
+    const sensitivePatterns = [
+      { pattern: /auth|login|password|permission/i, message: "Authentication/authorization changes detected" },
+      { pattern: /billing|payment|subscription/i, message: "Billing/payment code changes detected" },
+      { pattern: /migration|schema|database/i, message: "Database/migration changes detected" },
+      { pattern: /api|endpoint|route/i, message: "API changes detected" },
+      { pattern: /config|env|secret/i, message: "Configuration changes detected" },
+      { pattern: /security|crypto|encrypt/i, message: "Security-related changes detected" },
+    ];
+
+    const allContent = diff + files.map(f => f.content || "").join("\n");
+
+    for (const { pattern, message } of sensitivePatterns) {
+      if (pattern.test(allContent)) {
+        points.push({
+          type: "review-point",
+          severity: "info",
+          message,
+        });
+      }
+    }
+
+    // Flag large files
+    for (const file of files) {
+      if (file.content && file.content.split("\n").length > 500) {
+        points.push({
+          type: "review-point",
+          severity: "info",
+          message: `Large file change: ${file.path}`,
+          file: file.path,
+        });
+      }
+    }
+
+    return points;
+  }
+
+  async _sendNotifications(approvalRequest) {
+    const results = [];
+
+    for (const channel of this.channels) {
+      try {
+        switch (channel) {
+          case "github":
+            results.push(await this._createGitHubIssue(approvalRequest));
+            break;
+          case "slack":
+            results.push(await this._sendSlackMessage(approvalRequest));
+            break;
+          case "email":
+            results.push(await this._sendEmail(approvalRequest));
+            break;
+          case "dashboard":
+            results.push(await this._createDashboardNotification(approvalRequest));
+            break;
+          default:
+            results.push({
+              channel,
+              success: false,
+              error: `Unknown channel: ${channel}`,
+            });
+        }
+      } catch (error) {
+        results.push({
+          channel,
+          success: false,
+          error: error.message,
+        });
+      }
+    }
+
+    return results;
+  }
+
+  async _createGitHubIssue(approvalRequest) {
+    // In production, this would use the GitHub API
+    // For now, return instructions for manual creation
+    return {
+      channel: "github",
+      success: true,
+      type: "manual",
+      instructions: {
+        action: "Create GitHub Issue",
+        title: `[Approval Required] ${approvalRequest.title}`,
+        body: approvalRequest.description,
+        labels: ["approval-required", `priority-${approvalRequest.priority}`],
+      },
+    };
+  }
+
+  async _sendSlackMessage(approvalRequest) {
+    // In production, this would use the Slack API
+    return {
+      channel: "slack",
+      success: true,
+      type: "manual",
+      instructions: {
+        action: "Send Slack Message",
+        channel: process.env.VIBECHECK_SLACK_CHANNEL || "#code-reviews",
+        message: `🔒 Approval Required: ${approvalRequest.title}\n\nFiles: ${approvalRequest.summary.filesChanged}\nPriority: ${approvalRequest.priority}\n\nExpires: ${approvalRequest.expiresAt}`,
+      },
+    };
+  }
+
+  async _sendEmail(approvalRequest) {
+    // In production, this would send an email
+    return {
+      channel: "email",
+      success: true,
+      type: "manual",
+      instructions: {
+        action: "Send Email",
+        to: process.env.VIBECHECK_APPROVERS_EMAIL,
+        subject: `[Approval Required] ${approvalRequest.title}`,
+        body: approvalRequest.description,
+      },
+    };
+  }
+
+  async _createDashboardNotification(approvalRequest) {
+    // Store notification locally for dashboard pickup
+    return {
+      channel: "dashboard",
+      success: true,
+      type: "stored",
+      approvalId: approvalRequest.id,
+      dashboardUrl: `https://vibecheckai.dev/approvals/${approvalRequest.id}`,
+    };
+  }
+
+  async _checkExistingApproval(approvalId, context) {
+    // In production, this would check a database or API
+    // For now, check for environment variable override (useful for CI)
+    if (process.env.VIBECHECK_AUTO_APPROVE === "true") {
+      return {
+        status: "approved",
+        approvers: ["CI_AUTO_APPROVE"],
+        timestamp: new Date().toISOString(),
+        reason: "Auto-approved via CI environment variable",
+      };
+    }
+
+    // Check for approval file in .vibecheck directory
+    const fs = require("fs");
+    const path = require("path");
+    
+    try {
+      const approvalPath = path.join(process.cwd(), ".vibecheck", "approvals", `${approvalId}.json`);
+      if (fs.existsSync(approvalPath)) {
+        return JSON.parse(fs.readFileSync(approvalPath, "utf-8"));
+      }
+    } catch {
+      // No existing approval found
+    }
+
+    return null;
+  }
+
+  _sign(data) {
+    const timestamp = Date.now();
+    const hash = crypto
+      .createHash("sha256")
+      .update(JSON.stringify({ id: data.id || data.approvalId, timestamp }))
+      .digest("hex")
+      .slice(0, 16);
+    return `human_${timestamp}_${hash}`;
+  }
+}
+
+module.exports = { HumanAuthority };