@vibecheckai/cli 3.4.0 → 3.5.0

package/bin/runners/lib/engines/framework-detection.js

@@ -0,0 +1,508 @@
+/**
+ * Framework Detection Module
+ * Detects frameworks, libraries, and patterns used in the codebase
+ * Provides context-aware detection rules for all scanners
+ */
+
+const fs = require("fs");
+const path = require("path");
+
+/**
+ * Framework types
+ */
+const FRAMEWORKS = {
+  NEXTJS: "nextjs",
+  NEXTJS_APP_ROUTER: "nextjs-app-router",
+  NEXTJS_PAGES_ROUTER: "nextjs-pages-router",
+  REACT: "react",
+  VUE: "vue",
+  SVELTE: "svelte",
+  EXPRESS: "express",
+  FASTIFY: "fastify",
+  NESTJS: "nestjs",
+  TRPC: "trpc",
+  GRAPHQL: "graphql",
+  PRISMA: "prisma",
+  DRIZZLE: "drizzle",
+  TANSTACK_QUERY: "tanstack-query",
+  ZUSTAND: "zustand",
+  REDUX: "redux",
+};
+
+/**
+ * Cached framework detection results
+ */
+let cachedFrameworks = null;
+let cachedProjectRoot = null;
+
+/**
+ * Detect frameworks from package.json
+ */
+function detectFrameworksFromPackageJson(projectRoot) {
+  const packageJsonPath = path.join(projectRoot, "package.json");
+  
+  if (!fs.existsSync(packageJsonPath)) {
+    return new Set();
+  }
+  
+  try {
+    const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, "utf-8"));
+    const deps = {
+      ...packageJson.dependencies,
+      ...packageJson.devDependencies,
+    };
+    
+    const frameworks = new Set();
+    
+    // Next.js
+    if (deps["next"]) {
+      frameworks.add(FRAMEWORKS.NEXTJS);
+      // Check for app router vs pages router
+      const appDir = path.join(projectRoot, "app");
+      const srcAppDir = path.join(projectRoot, "src", "app");
+      if (fs.existsSync(appDir) || fs.existsSync(srcAppDir)) {
+        frameworks.add(FRAMEWORKS.NEXTJS_APP_ROUTER);
+      }
+      const pagesDir = path.join(projectRoot, "pages");
+      const srcPagesDir = path.join(projectRoot, "src", "pages");
+      if (fs.existsSync(pagesDir) || fs.existsSync(srcPagesDir)) {
+        frameworks.add(FRAMEWORKS.NEXTJS_PAGES_ROUTER);
+      }
+    }
+    
+    // React
+    if (deps["react"] || deps["react-dom"]) {
+      frameworks.add(FRAMEWORKS.REACT);
+    }
+    
+    // Vue
+    if (deps["vue"]) {
+      frameworks.add(FRAMEWORKS.VUE);
+    }
+    
+    // Svelte
+    if (deps["svelte"]) {
+      frameworks.add(FRAMEWORKS.SVELTE);
+    }
+    
+    // Express
+    if (deps["express"]) {
+      frameworks.add(FRAMEWORKS.EXPRESS);
+    }
+    
+    // Fastify
+    if (deps["fastify"]) {
+      frameworks.add(FRAMEWORKS.FASTIFY);
+    }
+    
+    // NestJS
+    if (deps["@nestjs/core"]) {
+      frameworks.add(FRAMEWORKS.NESTJS);
+    }
+    
+    // tRPC
+    if (deps["@trpc/server"] || deps["@trpc/client"] || deps["@trpc/react-query"]) {
+      frameworks.add(FRAMEWORKS.TRPC);
+    }
+    
+    // GraphQL
+    if (deps["graphql"] || deps["@apollo/server"] || deps["@apollo/client"] || deps["graphql-yoga"]) {
+      frameworks.add(FRAMEWORKS.GRAPHQL);
+    }
+    
+    // Prisma
+    if (deps["@prisma/client"] || deps["prisma"]) {
+      frameworks.add(FRAMEWORKS.PRISMA);
+    }
+    
+    // Drizzle
+    if (deps["drizzle-orm"]) {
+      frameworks.add(FRAMEWORKS.DRIZZLE);
+    }
+    
+    // TanStack Query
+    if (deps["@tanstack/react-query"] || deps["react-query"]) {
+      frameworks.add(FRAMEWORKS.TANSTACK_QUERY);
+    }
+    
+    // Zustand
+    if (deps["zustand"]) {
+      frameworks.add(FRAMEWORKS.ZUSTAND);
+    }
+    
+    // Redux
+    if (deps["redux"] || deps["@reduxjs/toolkit"]) {
+      frameworks.add(FRAMEWORKS.REDUX);
+    }
+    
+    return frameworks;
+  } catch (e) {
+    return new Set();
+  }
+}
+
+/**
+ * Get detected frameworks (cached)
+ */
+function getFrameworks(projectRoot) {
+  if (cachedFrameworks && cachedProjectRoot === projectRoot) {
+    return cachedFrameworks;
+  }
+  
+  cachedProjectRoot = projectRoot;
+  cachedFrameworks = detectFrameworksFromPackageJson(projectRoot);
+  return cachedFrameworks;
+}
+
+/**
+ * Check if a specific framework is used
+ */
+function hasFramework(projectRoot, framework) {
+  return getFrameworks(projectRoot).has(framework);
+}
+
+/**
+ * Next.js App Router patterns
+ */
+const NEXTJS_APP_ROUTER_PATTERNS = {
+  // Server Components (default in app directory)
+  serverComponent: {
+    filePatterns: [
+      /app\/.*\/page\.(tsx?|jsx?)$/,
+      /app\/.*\/layout\.(tsx?|jsx?)$/,
+      /app\/.*\/loading\.(tsx?|jsx?)$/,
+      /app\/.*\/error\.(tsx?|jsx?)$/,
+      /app\/.*\/not-found\.(tsx?|jsx?)$/,
+      /app\/.*\/template\.(tsx?|jsx?)$/,
+    ],
+    codePatterns: [
+      /^(?!['"]use client['"])/m, // No "use client" directive
+    ],
+  },
+  
+  // Client Components
+  clientComponent: {
+    codePatterns: [
+      /['"]use client['"]/,
+    ],
+  },
+  
+  // Server Actions
+  serverAction: {
+    codePatterns: [
+      /['"]use server['"]/,
+      /async\s+function\s+\w+.*formData/i,
+    ],
+  },
+  
+  // Route Handlers
+  routeHandler: {
+    filePatterns: [
+      /app\/.*\/route\.(ts|js)$/,
+      /app\/api\/.*\/route\.(ts|js)$/,
+    ],
+    exportPatterns: [
+      /export\s+(?:async\s+)?function\s+(?:GET|POST|PUT|DELETE|PATCH|HEAD|OPTIONS)/,
+    ],
+  },
+  
+  // Middleware
+  middleware: {
+    filePatterns: [
+      /middleware\.(ts|js)$/,
+    ],
+  },
+  
+  // Metadata
+  metadata: {
+    codePatterns: [
+      /export\s+(?:const|async\s+function)\s+(?:metadata|generateMetadata)/,
+    ],
+  },
+};
+
+/**
+ * tRPC patterns
+ */
+const TRPC_PATTERNS = {
+  // Router definitions
+  router: {
+    codePatterns: [
+      /\.router\s*\(\s*\{/,
+      /createTRPCRouter\s*\(\s*\{/,
+      /t\.router\s*\(/,
+    ],
+  },
+  
+  // Procedures
+  procedure: {
+    codePatterns: [
+      /\.query\s*\(/,
+      /\.mutation\s*\(/,
+      /\.subscription\s*\(/,
+      /publicProcedure/,
+      /protectedProcedure/,
+    ],
+  },
+  
+  // Context
+  context: {
+    codePatterns: [
+      /createContext/i,
+      /createTRPCContext/,
+      /ctx\.\w+/,
+    ],
+  },
+  
+  // Client usage
+  clientUsage: {
+    codePatterns: [
+      /trpc\.\w+\.useQuery/,
+      /trpc\.\w+\.useMutation/,
+      /api\.\w+\.useQuery/,
+      /api\.\w+\.useMutation/,
+    ],
+  },
+};
+
+/**
+ * React Server Components patterns
+ */
+const RSC_PATTERNS = {
+  // Async components (RSC feature)
+  asyncComponent: {
+    codePatterns: [
+      /export\s+(?:default\s+)?async\s+function\s+\w+.*\{/,
+      /async\s+function\s+\w+Component/,
+    ],
+  },
+  
+  // Server-only imports
+  serverOnlyImports: {
+    codePatterns: [
+      /import\s+.*from\s+['"]server-only['"]/,
+      /import\s+['"]server-only['"]/,
+    ],
+  },
+  
+  // Client-only imports
+  clientOnlyImports: {
+    codePatterns: [
+      /import\s+.*from\s+['"]client-only['"]/,
+    ],
+  },
+};
+
+/**
+ * GraphQL patterns
+ */
+const GRAPHQL_PATTERNS = {
+  // Schema definitions
+  schema: {
+    codePatterns: [
+      /gql`/,
+      /graphql`/,
+      /type\s+Query\s*\{/,
+      /type\s+Mutation\s*\{/,
+      /type\s+Subscription\s*\{/,
+    ],
+  },
+  
+  // Resolvers
+  resolvers: {
+    codePatterns: [
+      /resolvers\s*[=:]\s*\{/,
+      /Query\s*:\s*\{/,
+      /Mutation\s*:\s*\{/,
+    ],
+  },
+  
+  // Hooks
+  hooks: {
+    codePatterns: [
+      /useQuery\s*\(/,
+      /useMutation\s*\(/,
+      /useSubscription\s*\(/,
+      /useLazyQuery\s*\(/,
+    ],
+  },
+};
+
+/**
+ * Check if file is a Next.js App Router file
+ */
+function isNextjsAppRouterFile(filePath) {
+  const normalizedPath = filePath.replace(/\\/g, "/");
+  return NEXTJS_APP_ROUTER_PATTERNS.serverComponent.filePatterns.some(p => p.test(normalizedPath)) ||
+         NEXTJS_APP_ROUTER_PATTERNS.routeHandler.filePatterns.some(p => p.test(normalizedPath));
+}
+
+/**
+ * Check if file is a server component (no "use client")
+ */
+function isServerComponent(code, filePath) {
+  const normalizedPath = filePath.replace(/\\/g, "/");
+  
+  // Check if it's in app directory
+  if (!normalizedPath.includes("/app/")) {
+    return false;
+  }
+  
+  // Check for "use client" directive
+  if (/['"]use client['"]/.test(code)) {
+    return false;
+  }
+  
+  return true;
+}
+
+/**
+ * Check if file is a client component
+ */
+function isClientComponent(code) {
+  return /['"]use client['"]/.test(code);
+}
+
+/**
+ * Check if file contains server actions
+ */
+function hasServerActions(code) {
+  return /['"]use server['"]/.test(code);
+}
+
+/**
+ * Check if file is a route handler
+ */
+function isRouteHandler(filePath, code) {
+  const normalizedPath = filePath.replace(/\\/g, "/");
+  
+  if (!NEXTJS_APP_ROUTER_PATTERNS.routeHandler.filePatterns.some(p => p.test(normalizedPath))) {
+    return false;
+  }
+  
+  return NEXTJS_APP_ROUTER_PATTERNS.routeHandler.exportPatterns.some(p => p.test(code));
+}
+
+/**
+ * Check if code uses tRPC
+ */
+function usesTRPC(code) {
+  return Object.values(TRPC_PATTERNS).some(category =>
+    category.codePatterns.some(p => p.test(code))
+  );
+}
+
+/**
+ * Check if code uses GraphQL
+ */
+function usesGraphQL(code) {
+  return Object.values(GRAPHQL_PATTERNS).some(category =>
+    category.codePatterns.some(p => p.test(code))
+  );
+}
+
+/**
+ * Get file context based on framework patterns
+ */
+function getFileContext(filePath, code, projectRoot) {
+  const context = {
+    frameworks: Array.from(getFrameworks(projectRoot)),
+    isServerComponent: false,
+    isClientComponent: false,
+    isRouteHandler: false,
+    hasServerActions: false,
+    usesTRPC: false,
+    usesGraphQL: false,
+    isAppRouterFile: false,
+    isAPIRoute: false,
+    isMiddleware: false,
+  };
+  
+  const normalizedPath = filePath.replace(/\\/g, "/");
+  
+  // Next.js specific
+  if (hasFramework(projectRoot, FRAMEWORKS.NEXTJS)) {
+    context.isAppRouterFile = isNextjsAppRouterFile(filePath);
+    context.isServerComponent = isServerComponent(code, filePath);
+    context.isClientComponent = isClientComponent(code);
+    context.isRouteHandler = isRouteHandler(filePath, code);
+    context.hasServerActions = hasServerActions(code);
+    context.isAPIRoute = /\/api\//.test(normalizedPath);
+    context.isMiddleware = /middleware\.(ts|js)$/.test(normalizedPath);
+  }
+  
+  // tRPC
+  context.usesTRPC = usesTRPC(code);
+  
+  // GraphQL
+  context.usesGraphQL = usesGraphQL(code);
+  
+  return context;
+}
+
+/**
+ * Framework-specific rules for scanners
+ */
+const FRAMEWORK_RULES = {
+  // Next.js App Router specific rules
+  nextjsAppRouter: {
+    // Server Components can use async/await directly
+    allowAsyncComponents: true,
+    // Server Components can access server-only resources
+    allowServerOnlyImports: true,
+    // Route handlers have specific patterns
+    routeHandlerPatterns: ["GET", "POST", "PUT", "DELETE", "PATCH"],
+  },
+  
+  // tRPC specific rules
+  trpc: {
+    // tRPC procedures are type-safe by design
+    skipSQLInjectionInProcedures: true,
+    // Input validation is handled by zod
+    hasInputValidation: true,
+  },
+  
+  // GraphQL specific rules
+  graphql: {
+    // Resolvers have specific patterns
+    resolverPatterns: ["Query", "Mutation", "Subscription"],
+    // Variables are parameterized by design
+    skipSQLInjectionInResolvers: true,
+  },
+  
+  // Prisma specific rules
+  prisma: {
+    // Prisma queries are parameterized
+    skipSQLInjectionForPrisma: true,
+    // Common patterns
+    queryPatterns: ["findUnique", "findFirst", "findMany", "create", "update", "delete"],
+  },
+};
+
+/**
+ * Clear the framework cache (useful for testing or when package.json changes)
+ */
+function clearCache() {
+  cachedFrameworks = null;
+  cachedProjectRoot = null;
+}
+
+module.exports = {
+  FRAMEWORKS,
+  getFrameworks,
+  hasFramework,
+  getFileContext,
+  isNextjsAppRouterFile,
+  isServerComponent,
+  isClientComponent,
+  isRouteHandler,
+  hasServerActions,
+  usesTRPC,
+  usesGraphQL,
+  NEXTJS_APP_ROUTER_PATTERNS,
+  TRPC_PATTERNS,
+  RSC_PATTERNS,
+  GRAPHQL_PATTERNS,
+  FRAMEWORK_RULES,
+  clearCache,
+};