@vibecheckai/cli 3.4.0 → 3.5.0

package/bin/runners/lib/easy/one-click-firewall.js

@@ -0,0 +1,564 @@
+/**
+ * One-Click Firewall
+ * 
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * PROTECTION IN ONE COMMAND - Just Works™
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * 
+ * Just run: npx vibecheck protect
+ * 
+ * This module:
+ * 1. Sets up the firewall with smart defaults
+ * 2. Installs git hooks automatically
+ * 3. Configures VS Code integration
+ * 4. Starts protecting immediately
+ */
+
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const { exec, execSync } = require("child_process");
+const { colors, icons } = require("./interactive-wizard");
+const { SimpleOutput } = require("./zero-config-reality");
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// DEFAULT CONFIGURATIONS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+const DEFAULT_FIREWALL_CONFIG = {
+  version: "1.0",
+  enabled: true,
+  mode: "protect", // "monitor" | "protect" | "strict"
+  
+  // What to check
+  rules: {
+    // Critical - Always block
+    security: {
+      enabled: true,
+      block: true,
+      checks: ["hardcoded-secrets", "sql-injection", "xss", "eval"]
+    },
+    
+    // Important - Block by default
+    quality: {
+      enabled: true,
+      block: true,
+      checks: ["fake-data", "mock-apis", "todo-in-production", "console-logs"]
+    },
+    
+    // Nice to have - Warn only
+    suggestions: {
+      enabled: true,
+      block: false,
+      checks: ["missing-error-handling", "any-type", "magic-numbers"]
+    }
+  },
+  
+  // Where to apply
+  scope: {
+    include: ["src/**/*", "app/**/*", "pages/**/*", "components/**/*"],
+    exclude: ["**/*.test.*", "**/*.spec.*", "**/test/**", "**/tests/**", "**/__tests__/**"]
+  },
+  
+  // How to notify
+  notifications: {
+    terminal: true,
+    vscode: true,
+    sound: false // Don't be annoying
+  },
+  
+  // Learning settings
+  learning: {
+    enabled: true,
+    autoDismissAfter: 3 // Auto-dismiss after 3 false positives
+  }
+};
+
+const GIT_PRE_COMMIT_HOOK = `#!/bin/sh
+# Vibecheck Firewall - Pre-commit Hook
+# This hook runs automatically before each commit
+
+# Run vibecheck firewall check
+npx vibecheck check --staged
+
+# If vibecheck fails, block the commit
+if [ $? -ne 0 ]; then
+  echo ""
+  echo "\\033[31m✗ Commit blocked by Vibecheck Firewall\\033[0m"
+  echo "\\033[33m  Fix the issues above or use --no-verify to bypass\\033[0m"
+  echo ""
+  exit 1
+fi
+
+exit 0
+`;
+
+const VSCODE_SETTINGS = {
+  "vibecheck.enabled": true,
+  "vibecheck.firewallMode": "protect",
+  "vibecheck.showInlineWarnings": true,
+  "vibecheck.autoFix": false
+};
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// ONE-CLICK FIREWALL
+// ═══════════════════════════════════════════════════════════════════════════════
+
+class OneClickFirewall {
+  constructor(options = {}) {
+    this.options = {
+      mode: options.mode || "protect",
+      skipGitHooks: options.skipGitHooks || false,
+      skipVscode: options.skipVscode || false,
+      quiet: options.quiet || false,
+      ...options
+    };
+    
+    this.projectRoot = process.cwd();
+    this.output = new SimpleOutput();
+  }
+
+  async enable() {
+    try {
+      if (!this.options.quiet) {
+        this.showWelcome();
+      }
+
+      // Step 1: Create config directory
+      await this.createConfigDir();
+      
+      // Step 2: Write firewall config
+      await this.writeFirewallConfig();
+      
+      // Step 3: Set up git hooks
+      if (!this.options.skipGitHooks) {
+        await this.setupGitHooks();
+      }
+      
+      // Step 4: Set up VS Code
+      if (!this.options.skipVscode) {
+        await this.setupVscode();
+      }
+      
+      // Step 5: Create initial truthpack
+      await this.createTruthpack();
+      
+      // Done!
+      this.showSuccess();
+      
+      return { success: true };
+
+    } catch (error) {
+      this.output.error(`Setup failed: ${error.message}`);
+      return { success: false, error };
+    }
+  }
+
+  showWelcome() {
+    console.clear();
+    console.log("");
+    console.log(`  ${colors.cyan}${colors.bright}${icons.shield} Vibecheck Firewall${colors.reset}`);
+    console.log(`  ${colors.dim}One-click protection for your code${colors.reset}`);
+    console.log("");
+  }
+
+  async createConfigDir() {
+    this.output.step("Creating configuration...");
+    
+    const configDir = path.join(this.projectRoot, ".vibecheck");
+    
+    if (!fs.existsSync(configDir)) {
+      fs.mkdirSync(configDir, { recursive: true });
+    }
+    
+    // Create .gitignore for the config dir
+    const gitignorePath = path.join(configDir, ".gitignore");
+    if (!fs.existsSync(gitignorePath)) {
+      fs.writeFileSync(gitignorePath, `# Vibecheck local files
+learning.json
+.cache/
+*.local.json
+`);
+    }
+    
+    this.output.success("Config directory created");
+  }
+
+  async writeFirewallConfig() {
+    this.output.step("Writing firewall rules...");
+    
+    const configPath = path.join(this.projectRoot, ".vibecheck", "firewall.json");
+    
+    // Customize config based on mode
+    const config = { ...DEFAULT_FIREWALL_CONFIG };
+    config.mode = this.options.mode;
+    
+    if (this.options.mode === "monitor") {
+      // Monitor mode - don't block anything
+      config.rules.security.block = false;
+      config.rules.quality.block = false;
+    } else if (this.options.mode === "strict") {
+      // Strict mode - block everything
+      config.rules.suggestions.block = true;
+    }
+    
+    fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
+    
+    this.output.success("Firewall rules configured");
+  }
+
+  async setupGitHooks() {
+    this.output.step("Setting up Git protection...");
+    
+    // Check if this is a git repo
+    const gitDir = path.join(this.projectRoot, ".git");
+    
+    if (!fs.existsSync(gitDir)) {
+      this.output.warning("Not a Git repository - skipping hooks");
+      return;
+    }
+    
+    const hooksDir = path.join(gitDir, "hooks");
+    
+    if (!fs.existsSync(hooksDir)) {
+      fs.mkdirSync(hooksDir, { recursive: true });
+    }
+    
+    // Write pre-commit hook
+    const preCommitPath = path.join(hooksDir, "pre-commit");
+    
+    // Backup existing hook if present
+    if (fs.existsSync(preCommitPath)) {
+      const existing = fs.readFileSync(preCommitPath, "utf8");
+      if (!existing.includes("vibecheck")) {
+        fs.writeFileSync(preCommitPath + ".backup", existing);
+      }
+    }
+    
+    fs.writeFileSync(preCommitPath, GIT_PRE_COMMIT_HOOK);
+    
+    // Make executable
+    try {
+      fs.chmodSync(preCommitPath, "755");
+    } catch {
+      // Windows doesn't support chmod, but that's OK
+    }
+    
+    this.output.success("Git hooks installed");
+  }
+
+  async setupVscode() {
+    this.output.step("Configuring VS Code...");
+    
+    const vscodeDir = path.join(this.projectRoot, ".vscode");
+    
+    if (!fs.existsSync(vscodeDir)) {
+      fs.mkdirSync(vscodeDir, { recursive: true });
+    }
+    
+    const settingsPath = path.join(vscodeDir, "settings.json");
+    let settings = {};
+    
+    // Read existing settings
+    if (fs.existsSync(settingsPath)) {
+      try {
+        settings = JSON.parse(fs.readFileSync(settingsPath, "utf8"));
+      } catch {
+        settings = {};
+      }
+    }
+    
+    // Merge our settings
+    settings = { ...settings, ...VSCODE_SETTINGS };
+    
+    fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2));
+    
+    // Recommend extension
+    const extensionsPath = path.join(vscodeDir, "extensions.json");
+    let extensions = { recommendations: [] };
+    
+    if (fs.existsSync(extensionsPath)) {
+      try {
+        extensions = JSON.parse(fs.readFileSync(extensionsPath, "utf8"));
+      } catch {
+        extensions = { recommendations: [] };
+      }
+    }
+    
+    if (!extensions.recommendations.includes("vibecheck.vibecheck-ai")) {
+      extensions.recommendations.push("vibecheck.vibecheck-ai");
+      fs.writeFileSync(extensionsPath, JSON.stringify(extensions, null, 2));
+    }
+    
+    this.output.success("VS Code configured");
+  }
+
+  async createTruthpack() {
+    this.output.step("Creating project truthpack...");
+    
+    // Create initial truthpack with basic project info
+    const truthpack = {
+      version: "1.0",
+      generated: new Date().toISOString(),
+      project: {
+        root: this.projectRoot,
+        name: this.getProjectName()
+      },
+      routes: [],
+      envVars: this.detectEnvVars(),
+      auth: this.detectAuthPatterns()
+    };
+    
+    const truthpackPath = path.join(this.projectRoot, ".vibecheck", "truthpack.json");
+    fs.writeFileSync(truthpackPath, JSON.stringify(truthpack, null, 2));
+    
+    this.output.success("Truthpack created");
+  }
+
+  getProjectName() {
+    try {
+      const pkg = JSON.parse(fs.readFileSync(
+        path.join(this.projectRoot, "package.json"), "utf8"
+      ));
+      return pkg.name || path.basename(this.projectRoot);
+    } catch {
+      return path.basename(this.projectRoot);
+    }
+  }
+
+  detectEnvVars() {
+    const envVars = [];
+    const envPath = path.join(this.projectRoot, ".env.example");
+    
+    if (fs.existsSync(envPath)) {
+      const content = fs.readFileSync(envPath, "utf8");
+      const lines = content.split("\n");
+      
+      for (const line of lines) {
+        const match = line.match(/^([A-Z_][A-Z0-9_]*)=/);
+        if (match) {
+          envVars.push(match[1]);
+        }
+      }
+    }
+    
+    return envVars;
+  }
+
+  detectAuthPatterns() {
+    // Basic auth detection
+    return {
+      detected: false,
+      type: null,
+      routes: []
+    };
+  }
+
+  showSuccess() {
+    this.output.blank();
+    console.log(`  ${colors.green}${colors.bright}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${colors.reset}`);
+    console.log(`  ${colors.green}${colors.bright}  ${icons.check} Firewall is now ACTIVE!${colors.reset}`);
+    console.log(`  ${colors.green}${colors.bright}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${colors.reset}`);
+    this.output.blank();
+    
+    console.log(`  ${colors.dim}What's protected:${colors.reset}`);
+    console.log(`    ${colors.green}${icons.check}${colors.reset} Security issues (secrets, injection, XSS)`);
+    console.log(`    ${colors.green}${icons.check}${colors.reset} Quality issues (fake data, console.log)`);
+    console.log(`    ${colors.green}${icons.check}${colors.reset} Git commits (bad code won't be committed)`);
+    this.output.blank();
+    
+    console.log(`  ${colors.dim}How it works:${colors.reset}`);
+    console.log(`    1. Edit code normally`);
+    console.log(`    2. If there's a problem, you'll see a warning`);
+    console.log(`    3. Critical issues block commits automatically`);
+    this.output.blank();
+    
+    const modeText = this.options.mode === "strict" ? "STRICT" :
+                    this.options.mode === "monitor" ? "MONITOR" : "PROTECT";
+    
+    console.log(`  ${colors.cyan}Mode:${colors.reset} ${modeText}`);
+    console.log(`  ${colors.cyan}Config:${colors.reset} .vibecheck/firewall.json`);
+    this.output.blank();
+    
+    console.log(`  ${colors.dim}To change settings, edit .vibecheck/firewall.json${colors.reset}`);
+    console.log(`  ${colors.dim}To disable, run: npx vibecheck protect --off${colors.reset}`);
+    this.output.blank();
+  }
+
+  async disable() {
+    this.output.step("Disabling firewall...");
+    
+    const configPath = path.join(this.projectRoot, ".vibecheck", "firewall.json");
+    
+    if (fs.existsSync(configPath)) {
+      const config = JSON.parse(fs.readFileSync(configPath, "utf8"));
+      config.enabled = false;
+      fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
+    }
+    
+    // Remove git hook
+    const preCommitPath = path.join(this.projectRoot, ".git", "hooks", "pre-commit");
+    if (fs.existsSync(preCommitPath)) {
+      const content = fs.readFileSync(preCommitPath, "utf8");
+      if (content.includes("vibecheck")) {
+        fs.unlinkSync(preCommitPath);
+        
+        // Restore backup if exists
+        const backupPath = preCommitPath + ".backup";
+        if (fs.existsSync(backupPath)) {
+          fs.renameSync(backupPath, preCommitPath);
+        }
+      }
+    }
+    
+    this.output.success("Firewall disabled");
+    this.output.info("Run 'npx vibecheck protect' to enable again");
+  }
+
+  async status() {
+    const configPath = path.join(this.projectRoot, ".vibecheck", "firewall.json");
+    
+    if (!fs.existsSync(configPath)) {
+      console.log("");
+      console.log(`  ${colors.yellow}${icons.warning} Firewall not configured${colors.reset}`);
+      console.log(`  ${colors.dim}Run 'npx vibecheck protect' to enable${colors.reset}`);
+      console.log("");
+      return { enabled: false };
+    }
+    
+    const config = JSON.parse(fs.readFileSync(configPath, "utf8"));
+    
+    console.log("");
+    console.log(`  ${colors.cyan}${icons.shield} Firewall Status${colors.reset}`);
+    console.log(`  ${colors.dim}${"─".repeat(40)}${colors.reset}`);
+    
+    const status = config.enabled ? 
+      `${colors.green}ACTIVE${colors.reset}` : 
+      `${colors.red}DISABLED${colors.reset}`;
+    
+    console.log(`  Status:  ${status}`);
+    console.log(`  Mode:    ${config.mode}`);
+    console.log(`  Config:  .vibecheck/firewall.json`);
+    console.log("");
+    
+    if (config.enabled) {
+      console.log(`  ${colors.dim}Blocking:${colors.reset}`);
+      if (config.rules?.security?.block) console.log(`    ${colors.green}${icons.check}${colors.reset} Security issues`);
+      if (config.rules?.quality?.block) console.log(`    ${colors.green}${icons.check}${colors.reset} Quality issues`);
+      if (config.rules?.suggestions?.block) console.log(`    ${colors.green}${icons.check}${colors.reset} Suggestions`);
+      console.log("");
+    }
+    
+    return { enabled: config.enabled, config };
+  }
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// QUICK CHECK COMMAND (for git hooks)
+// ═══════════════════════════════════════════════════════════════════════════════
+
+async function quickCheck(options = {}) {
+  const output = new SimpleOutput();
+  
+  const configPath = path.join(process.cwd(), ".vibecheck", "firewall.json");
+  
+  if (!fs.existsSync(configPath)) {
+    // No config - allow through
+    return { passed: true };
+  }
+  
+  const config = JSON.parse(fs.readFileSync(configPath, "utf8"));
+  
+  if (!config.enabled) {
+    return { passed: true };
+  }
+
+  // Get staged files if checking staged
+  let filesToCheck = [];
+  
+  if (options.staged) {
+    try {
+      const stdout = execSync("git diff --cached --name-only --diff-filter=ACMR", {
+        encoding: "utf8"
+      });
+      filesToCheck = stdout.trim().split("\n").filter(Boolean);
+    } catch {
+      filesToCheck = [];
+    }
+  }
+
+  if (filesToCheck.length === 0) {
+    return { passed: true };
+  }
+
+  // Quick check the files
+  const issues = [];
+  
+  for (const file of filesToCheck) {
+    // Skip non-JS/TS files
+    if (!/\.(js|jsx|ts|tsx)$/.test(file)) continue;
+    
+    const filePath = path.join(process.cwd(), file);
+    if (!fs.existsSync(filePath)) continue;
+    
+    const content = fs.readFileSync(filePath, "utf8");
+    
+    // Quick pattern checks
+    const patterns = [
+      { name: "console.log", pattern: /console\.log\(/, severity: "warning" },
+      { name: "Hardcoded secret", pattern: /(?:password|secret|api[_-]?key)\s*[:=]\s*['"][^'"]{8,}['"]/i, severity: "critical" },
+      { name: "TODO in code", pattern: /\/\/\s*TODO:/i, severity: "warning" },
+      { name: "Fake data", pattern: /(?:fake|mock|dummy|test)(?:Data|User|Email)/i, severity: "warning" }
+    ];
+    
+    for (const p of patterns) {
+      if (p.pattern.test(content)) {
+        issues.push({
+          file,
+          issue: p.name,
+          severity: p.severity
+        });
+      }
+    }
+  }
+
+  // Report issues
+  const criticalIssues = issues.filter(i => i.severity === "critical");
+  const warnings = issues.filter(i => i.severity === "warning");
+
+  if (issues.length > 0) {
+    console.log("");
+    console.log(`  ${colors.cyan}${icons.shield} Vibecheck Firewall${colors.reset}`);
+    console.log("");
+    
+    for (const issue of issues) {
+      const icon = issue.severity === "critical" ? icons.cross : icons.warning;
+      const color = issue.severity === "critical" ? colors.magenta : colors.yellow;
+      console.log(`  ${color}${icon}${colors.reset} ${issue.issue} in ${issue.file}`);
+    }
+    console.log("");
+  }
+
+  // Block if critical issues and config says to block
+  if (criticalIssues.length > 0 && config.rules?.security?.block) {
+    return { passed: false, issues: criticalIssues };
+  }
+
+  // Block if quality issues and config says to block
+  if (warnings.length > 0 && config.rules?.quality?.block) {
+    return { passed: false, issues: warnings };
+  }
+
+  return { passed: true, issues };
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// EXPORTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+module.exports = {
+  OneClickFirewall,
+  quickCheck,
+  DEFAULT_FIREWALL_CONFIG
+};