@vibecheckai/cli 3.4.0 → 3.5.0

package/bin/runners/lib/engines/orchestrator.js

@@ -0,0 +1,334 @@
+/**
+ * Engine Orchestrator
+ * 
+ * Manages which engines run for SCAN vs SHIP commands:
+ * - SCAN (Quick/FREE): 5 essential engines, <3s target
+ * - SHIP (Comprehensive/PRO): All 17+ engines + ship-only validators
+ */
+
+"use strict";
+
+const path = require("path");
+const fs = require("fs");
+const fg = require("fast-glob");
+
+// ============================================================================
+// ENGINE DEFINITIONS
+// ============================================================================
+
+/**
+ * SCAN engines - Quick analysis for free tier
+ * Target: <3 seconds on medium project (100-500 files)
+ */
+const SCAN_ENGINES = [
+  "hardcoded-secrets-engine",
+  "console-logs-engine", 
+  "ai-hallucination-engine",
+  "type-aware-engine",
+  "error-handling-engine",
+];
+
+/**
+ * ALL engines - Comprehensive analysis for Pro tier
+ * Used by SHIP command
+ */
+const ALL_ENGINES = [
+  // Core security
+  "hardcoded-secrets-engine",
+  "security-vulnerabilities-engine",
+  
+  // Code quality
+  "console-logs-engine",
+  "code-quality-engine",
+  "dead-code-engine",
+  "deprecated-api-engine",
+  "empty-catch-engine",
+  "unsafe-regex-engine",
+  
+  // Type safety & patterns
+  "type-aware-engine",
+  "mock-data-engine",
+  "error-handling-engine",
+  
+  // Framework patterns
+  "async-patterns-engine",
+  "react-patterns-engine",
+  "database-patterns-engine",
+  
+  // Advanced analysis
+  "accessibility-engine",
+  "api-consistency-engine",
+  "cross-file-analysis-engine",
+  
+  // AI hallucination detection
+  "ai-hallucination-engine",
+];
+
+// Standard ignore patterns
+const STANDARD_IGNORE_PATTERNS = [
+  "**/node_modules/**",
+  "**/.next/**",
+  "**/dist/**",
+  "**/build/**",
+  "**/*.d.ts",
+  "**/*.d.ts.map",
+  "**/__tests__/**",
+  "**/tests/**",
+  "**/*.test.ts",
+  "**/*.test.tsx",
+  "**/*.test.js",
+  "**/*.spec.ts",
+  "**/*.spec.tsx",
+  "**/*.spec.js",
+  "**/fixtures/**",
+  "**/mcp-server/**",
+  "**/bin/**",
+  "**/packages/cli/**",
+  "**/examples/**",
+  "**/templates/**",
+  "**/docs/**",
+  "**/.guardrail/**",
+  "**/.cursor/**",
+  "**/.vibecheck/**",
+  "**/coverage/**",
+  "**/_archive/**",
+];
+
+// File cache for performance
+const _FILE_CACHE = new Map();
+
+function readFileCached(filePath) {
+  if (_FILE_CACHE.has(filePath)) {
+    return _FILE_CACHE.get(filePath);
+  }
+  try {
+    const content = fs.readFileSync(filePath, "utf8");
+    _FILE_CACHE.set(filePath, content);
+    return content;
+  } catch {
+    return null;
+  }
+}
+
+function clearFileCache() {
+  _FILE_CACHE.clear();
+}
+
+// ============================================================================
+// ENGINE LOADER
+// ============================================================================
+
+function loadEngine(engineName) {
+  const enginePaths = [
+    `./${engineName}`,
+    `./vibecheck-engines/lib/${engineName.replace("-engine", "-engine")}`,
+  ];
+  
+  for (const enginePath of enginePaths) {
+    try {
+      return require(enginePath);
+    } catch {
+      continue;
+    }
+  }
+  
+  // Special cases
+  if (engineName === "ai-hallucination-engine") {
+    try {
+      return require("./vibecheck-engines/lib/ai-hallucination-engine");
+    } catch {
+      return null;
+    }
+  }
+  
+  return null;
+}
+
+// ============================================================================
+// ORCHESTRATOR
+// ============================================================================
+
+/**
+ * Run specified engines in parallel on project files
+ * @param {string} projectPath - Path to project root
+ * @param {Object} options - Configuration
+ * @param {string|string[]} options.engines - "scan", "all", or array of engine names
+ * @param {boolean} options.parallel - Run engines in parallel (default: true)
+ * @param {number} options.maxFiles - Max files to analyze (default: 500 for scan, 2000 for ship)
+ * @param {Function} options.onProgress - Progress callback
+ * @returns {Promise<{findings: Array, stats: Object}>}
+ */
+async function runAllEngines(projectPath, options = {}) {
+  const {
+    engines = "scan",
+    parallel = true,
+    maxFiles = engines === "scan" ? 500 : 2000,
+    onProgress = null,
+  } = options;
+  
+  const startTime = Date.now();
+  const findings = [];
+  const stats = {
+    enginesRun: 0,
+    filesScanned: 0,
+    findingsPerEngine: {},
+    duration: 0,
+  };
+  
+  // Determine which engines to run
+  let engineList;
+  if (engines === "scan") {
+    engineList = SCAN_ENGINES;
+  } else if (engines === "all") {
+    engineList = ALL_ENGINES;
+  } else if (Array.isArray(engines)) {
+    engineList = engines;
+  } else {
+    engineList = SCAN_ENGINES;
+  }
+  
+  // Get files to analyze
+  const files = fg.sync(["**/*.{ts,tsx,js,jsx}"], {
+    cwd: projectPath,
+    absolute: true,
+    ignore: STANDARD_IGNORE_PATTERNS,
+  }).slice(0, maxFiles);
+  
+  stats.filesScanned = files.length;
+  
+  if (onProgress) onProgress("discovery", 100);
+  
+  // Load engines
+  const loadedEngines = [];
+  for (const engineName of engineList) {
+    const engine = loadEngine(engineName);
+    if (engine) {
+      loadedEngines.push({ name: engineName, module: engine });
+    }
+  }
+  
+  stats.enginesRun = loadedEngines.length;
+  
+  // Run engines
+  const engineResults = await Promise.all(
+    loadedEngines.map(async ({ name, module }) => {
+      const engineFindings = [];
+      
+      try {
+        // Determine analyzer function
+        const analyzerFn = getAnalyzerFunction(name, module);
+        if (!analyzerFn) return { name, findings: [] };
+        
+        // Run on each file
+        for (const filePath of files) {
+          try {
+            const content = readFileCached(filePath);
+            if (!content) continue;
+            
+            const fileRel = path.relative(projectPath, filePath).replace(/\\/g, "/");
+            const fileFindings = analyzerFn(content, fileRel);
+            
+            if (Array.isArray(fileFindings)) {
+              engineFindings.push(...fileFindings);
+            }
+          } catch {
+            // Skip files that fail analysis
+          }
+        }
+        
+        return { name, findings: engineFindings };
+      } catch {
+        return { name, findings: [] };
+      }
+    })
+  );
+  
+  // Aggregate findings
+  for (const result of engineResults) {
+    stats.findingsPerEngine[result.name] = result.findings.length;
+    findings.push(...result.findings.map(f => ({
+      ...f,
+      engine: result.name,
+    })));
+  }
+  
+  // Clear cache
+  clearFileCache();
+  
+  stats.duration = Date.now() - startTime;
+  
+  if (onProgress) onProgress("analysis", 100);
+  
+  return { findings, stats };
+}
+
+/**
+ * Get the appropriate analyzer function from an engine module
+ */
+function getAnalyzerFunction(engineName, module) {
+  // Map engine names to their exported functions
+  const fnMap = {
+    "hardcoded-secrets-engine": module.analyzeHardcodedSecrets,
+    "console-logs-engine": module.analyzeConsoleLogs,
+    "ai-hallucination-engine": module.analyzeAIHallucinations,
+    "type-aware-engine": module.analyzeTypeAware,
+    "error-handling-engine": module.analyzeErrorHandling,
+    "mock-data-engine": module.analyzeMockData,
+    "code-quality-engine": module.analyzeCodeQuality,
+    "dead-code-engine": module.analyzeDeadCode,
+    "deprecated-api-engine": module.analyzeDeprecatedApi,
+    "empty-catch-engine": module.analyzeEmptyCatch,
+    "unsafe-regex-engine": module.analyzeUnsafeRegex,
+    "async-patterns-engine": module.analyzeAsyncPatterns,
+    "react-patterns-engine": module.analyzeReactPatterns,
+    "database-patterns-engine": module.analyzeDatabasePatterns,
+    "accessibility-engine": module.analyzeAccessibility,
+    "api-consistency-engine": module.analyzeAPIConsistency,
+    "cross-file-analysis-engine": module.analyzeCrossFile,
+    "security-vulnerabilities-engine": module.analyzeSecurityVulnerabilities,
+  };
+  
+  return fnMap[engineName] || module.analyze || module.run || Object.values(module).find(v => typeof v === "function");
+}
+
+/**
+ * Run SCAN engines only (quick, free tier)
+ */
+async function runScanEngines(projectPath, options = {}) {
+  return runAllEngines(projectPath, {
+    ...options,
+    engines: "scan",
+    maxFiles: options.maxFiles || 500,
+  });
+}
+
+/**
+ * Run ALL engines (comprehensive, pro tier)
+ */
+async function runShipEngines(projectPath, options = {}) {
+  return runAllEngines(projectPath, {
+    ...options,
+    engines: "all",
+    maxFiles: options.maxFiles || 2000,
+  });
+}
+
+// ============================================================================
+// EXPORTS
+// ============================================================================
+
+module.exports = {
+  // Constants
+  SCAN_ENGINES,
+  ALL_ENGINES,
+  STANDARD_IGNORE_PATTERNS,
+  
+  // Main orchestrator
+  runAllEngines,
+  runScanEngines,
+  runShipEngines,
+  
+  // Utilities
+  loadEngine,
+  clearFileCache,
+};

package/bin/runners/lib/engines/performance-issues-engine.js

@@ -1,6 +1,10 @@
 /**
  * Performance Issues Detection Engine
  * Detects memory leaks, inefficient loops, large bundle sizes, and performance anti-patterns
+ * Enhanced with framework-aware detection:
+ * - React Server Components (different rules apply)
+ * - Next.js App Router patterns
+ * - Client-only hooks in server components
  */
 
 const { getAST } = require("./ast-cache");
@@ -8,6 +12,32 @@ const traverse = require("@babel/traverse").default;
 const t = require("@babel/types");
 const { shouldExcludeFile } = require("./file-filter");
 
+/**
+ * Check if file is a React Server Component
+ */
+function isServerComponent(code, filePath) {
+  const normalizedPath = filePath.replace(/\\/g, "/");
+  
+  // Check if it's in app directory (Next.js App Router)
+  if (!normalizedPath.includes("/app/")) {
+    return false;
+  }
+  
+  // Check for "use client" directive - if present, it's NOT a server component
+  if (/['"]use client['"]/.test(code)) {
+    return false;
+  }
+  
+  return true;
+}
+
+/**
+ * Check if file is a client component
+ */
+function isClientComponent(code) {
+  return /['"]use client['"]/.test(code);
+}
+
 /**
  * Analyze a file for performance issues
  */
@@ -21,48 +51,77 @@ function analyzePerformanceIssues(code, filePath) {
   if (!ast) return findings;
 
   const lines = code.split("\n");
+  
+  // Determine component type
+  const isRSC = isServerComponent(code, filePath);
+  const isCC = isClientComponent(code);
 
   // Memory leaks: Event listeners not removed
-  traverse(ast, {
-    CallExpression(path) {
-      const node = path.node;
-      
-      // Check for addEventListener without corresponding removeEventListener
-      if (t.isMemberExpression(node.callee)) {
-        const prop = node.callee.property;
+  // Skip for Server Components (no DOM access)
+  if (!isRSC) {
+    traverse(ast, {
+      CallExpression(path) {
+        const node = path.node;
         
-        if (t.isIdentifier(prop) && prop.name === "addEventListener") {
-          // Check if there's a corresponding removeEventListener in the same scope
-          const scope = path.scope;
-          const hasRemoveListener = scope.getAllBindings().some((binding, name) => {
-            return name.includes("removeEventListener") || name.includes("removeListener");
-          });
+        // Check for addEventListener without corresponding removeEventListener
+        if (t.isMemberExpression(node.callee)) {
+          const prop = node.callee.property;
           
-          // Also check if it's in a useEffect cleanup (React)
-          const parent = path.findParent(p => 
-            t.isCallExpression(p.node) && 
-            t.isIdentifier(p.node.callee, { name: "useEffect" })
-          );
-          
-          if (!hasRemoveListener && !parent) {
-            const line = node.loc.start.line;
-            findings.push({
-              type: "memory_leak",
-              severity: "WARN",
-              category: "Performance",
-              file: filePath,
-              line,
-              column: node.loc.start.column,
-              title: "Potential memory leak: Event listener not removed",
-              message: "addEventListener called without corresponding removeEventListener",
-              codeSnippet: lines[line - 1]?.trim(),
-              confidence: "med",
-            });
+          if (t.isIdentifier(prop) && prop.name === "addEventListener") {
+            // Check if there's a corresponding removeEventListener in the same scope
+            const scope = path.scope;
+            let hasRemoveListener = false;
+            try {
+              const bindings = scope.getAllBindings();
+              for (const name in bindings) {
+                if (name.includes("removeEventListener") || name.includes("removeListener")) {
+                  hasRemoveListener = true;
+                  break;
+                }
+              }
+            } catch (e) {
+              // Scope traversal can fail, assume safe
+              hasRemoveListener = true;
+            }
+            
+            // Also check if it's in a useEffect cleanup (React)
+            const parent = path.findParent(p => 
+              t.isCallExpression(p.node) && 
+              t.isIdentifier(p.node.callee, { name: "useEffect" })
+            );
+            
+            // Check if there's a cleanup function returning removeEventListener
+            if (parent) {
+              const useEffectArg = parent.node.arguments[0];
+              if (t.isArrowFunctionExpression(useEffectArg) || t.isFunctionExpression(useEffectArg)) {
+                const funcCode = code.substring(useEffectArg.start, useEffectArg.end);
+                if (/return.*removeEventListener|removeEventListener.*return/s.test(funcCode)) {
+                  hasRemoveListener = true;
+                }
+              }
+            }
+            
+            if (!hasRemoveListener && !parent) {
+              const line = node.loc.start.line;
+              findings.push({
+                type: "memory_leak",
+                severity: "WARN",
+                category: "Performance",
+                file: filePath,
+                line,
+                column: node.loc.start.column,
+                title: "Potential memory leak: Event listener not removed",
+                message: "addEventListener called without corresponding removeEventListener. Use useEffect cleanup.",
+                codeSnippet: lines[line - 1]?.trim(),
+                confidence: "med",
+                fixHint: "Add cleanup in useEffect: useEffect(() => { el.addEventListener(...); return () => el.removeEventListener(...); }, [])",
+              });
+            }
           }
         }
-      }
-    },
-  });
+      },
+    });
+  }
 
   // Inefficient loops: nested loops with O(n²) complexity
   // Only flag if depth >= 4 (3 levels is often acceptable)
@@ -251,12 +310,93 @@ function analyzePerformanceIssues(code, filePath) {
             message: `Importing entire ${source} library - use tree-shaking or import specific functions`,
             codeSnippet: lines[line - 1]?.trim(),
             confidence: "med",
+            fixHint: `Import specific functions: import { specificFn } from '${source}/specificFn'`,
           });
         }
       }
     },
   });
 
+  // React Server Components: Detect client-only hooks used in server components
+  if (isRSC) {
+    const clientOnlyHooks = [
+      "useState",
+      "useEffect",
+      "useLayoutEffect",
+      "useRef",
+      "useCallback",
+      "useMemo",
+      "useReducer",
+      "useContext",
+      "useImperativeHandle",
+      "useDebugValue",
+    ];
+    
+    traverse(ast, {
+      CallExpression(path) {
+        const node = path.node;
+        
+        if (t.isIdentifier(node.callee)) {
+          const hookName = node.callee.name;
+          
+          if (clientOnlyHooks.includes(hookName)) {
+            const line = node.loc.start.line;
+            findings.push({
+              type: "client_hook_in_server_component",
+              severity: "BLOCK",
+              category: "Performance",
+              file: filePath,
+              line,
+              column: node.loc.start.column,
+              title: `Client-only hook '${hookName}' used in Server Component`,
+              message: `${hookName} cannot be used in Server Components. Add 'use client' directive or move to a client component.`,
+              codeSnippet: lines[line - 1]?.trim(),
+              confidence: "high",
+              fixHint: "Add 'use client' at the top of the file, or extract this logic to a client component",
+            });
+          }
+        }
+      },
+    });
+  }
+  
+  // Detect async/await in client components that should be server components
+  if (isCC) {
+    // Check for database queries in client components
+    const serverOnlyPatterns = [
+      /prisma\./,
+      /db\./,
+      /\.findUnique\(/,
+      /\.findMany\(/,
+      /\.create\(/,
+      /\.update\(/,
+      /\.delete\(/,
+      /fs\./,
+      /readFile/,
+      /writeFile/,
+    ];
+    
+    if (serverOnlyPatterns.some(p => p.test(code))) {
+      const normalizedPath = filePath.replace(/\\/g, "/");
+      // Only warn if in app directory where RSC is available
+      if (normalizedPath.includes("/app/")) {
+        findings.push({
+          type: "server_code_in_client_component",
+          severity: "WARN",
+          category: "Performance",
+          file: filePath,
+          line: 1,
+          column: 0,
+          title: "Server-only code in Client Component",
+          message: "Database/filesystem operations should be in Server Components for better performance",
+          codeSnippet: "'use client'",
+          confidence: "med",
+          fixHint: "Remove 'use client' and move client interactivity to child components",
+        });
+      }
+    }
+  }
+
   return findings;
 }