@vibecheckai/cli 3.4.0 → 3.5.1

package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js

@@ -1,275 +0,0 @@
-/**
- * Deprecated API Engine
- * Detects use of deprecated APIs and patterns.
- */
-
-const { getAST, parseCode } = require("./ast-cache");
-const traverse = require("@babel/traverse").default;
-const t = require("@babel/types");
-const { shouldExcludeFile, isTestContext, hasIgnoreDirective } = require("./file-filter");
-
-const REACT_LIFECYCLE_DEPRECATED = new Set([
-  "componentWillMount",
-  "componentWillReceiveProps",
-  "componentWillUpdate",
-  "UNSAFE_componentWillMount",
-  "UNSAFE_componentWillReceiveProps",
-  "UNSAFE_componentWillUpdate",
-]);
-
-function snippetForLine(lines, line) {
-  return lines[line - 1] ? lines[line - 1].trim() : "";
-}
-
-function push(findings, filePath, loc, title, message, confidence = "med") {
-  findings.push({
-    type: "deprecated_api",
-    severity: "WARN",
-    category: "Deprecated",
-    file: filePath,
-    line: loc?.line || 1,
-    column: loc?.column || 0,
-    title,
-    message,
-    codeSnippet: snippetForLine(linesCache.get(filePath) || [], loc?.line || 1),
-    confidence,
-  });
-}
-
-const linesCache = new Map();
-
-function analyzeDeprecatedApi(code, filePath) {
-  const findings = [];
-
-  if (shouldExcludeFile(filePath)) return findings;
-  if (isTestContext(code, filePath)) return findings;
-  if (hasIgnoreDirective(code, "deprecated-api")) return findings;
-
-  const ast = getAST(code, filePath);
-  if (!ast) return findings;
-
-  const lines = code.split("\n");
-  linesCache.set(filePath, lines);
-
-  traverse(ast, {
-    CallExpression(path) {
-      const callee = path.node.callee;
-      const loc = path.node.loc?.start;
-
-      // obj.substr(...)
-      if (
-        t.isMemberExpression(callee) &&
-        t.isIdentifier(callee.property, { name: "substr" }) &&
-        !callee.computed
-      ) {
-        findings.push({
-          type: "deprecated_api",
-          severity: "WARN",
-          category: "Deprecated",
-          file: filePath,
-          line: loc?.line || 1,
-          column: loc?.column || 0,
-          title: "Deprecated String.prototype.substr()",
-          message: "Use slice() or substring() instead of substr().",
-          codeSnippet: snippetForLine(lines, loc?.line || 1),
-          confidence: "high",
-        });
-      }
-
-      // fs.exists(...)
-      if (
-        t.isMemberExpression(callee) &&
-        t.isIdentifier(callee.object, { name: "fs" }) &&
-        t.isIdentifier(callee.property, { name: "exists" }) &&
-        !callee.computed
-      ) {
-        findings.push({
-          type: "deprecated_api",
-          severity: "WARN",
-          category: "Deprecated",
-          file: filePath,
-          line: loc?.line || 1,
-          column: loc?.column || 0,
-          title: "Deprecated fs.exists()",
-          message: "Use fs.access() / fs.promises.access() instead of fs.exists().",
-          codeSnippet: snippetForLine(lines, loc?.line || 1),
-          confidence: "high",
-        });
-      }
-
-      // document.write(...)
-      if (
-        t.isMemberExpression(callee) &&
-        t.isIdentifier(callee.object, { name: "document" }) &&
-        t.isIdentifier(callee.property, { name: "write" }) &&
-        !callee.computed
-      ) {
-        findings.push({
-          type: "deprecated_api",
-          severity: "WARN",
-          category: "Deprecated",
-          file: filePath,
-          line: loc?.line || 1,
-          column: loc?.column || 0,
-          title: "document.write is discouraged",
-          message: "Avoid document.write(). Prefer DOM APIs or framework rendering.",
-          codeSnippet: snippetForLine(lines, loc?.line || 1),
-          confidence: "high",
-        });
-      }
-
-      // Buffer(...) as function
-      if (t.isIdentifier(callee, { name: "Buffer" })) {
-        findings.push({
-          type: "deprecated_api",
-          severity: "WARN",
-          category: "Deprecated",
-          file: filePath,
-          line: loc?.line || 1,
-          column: loc?.column || 0,
-          title: "Deprecated Buffer() constructor",
-          message: "Use Buffer.from() / Buffer.alloc() instead of Buffer().",
-          codeSnippet: snippetForLine(lines, loc?.line || 1),
-          confidence: "high",
-        });
-      }
-    },
-
-    NewExpression(path) {
-      const callee = path.node.callee;
-      const loc = path.node.loc?.start;
-
-      // new Buffer(...)
-      if (t.isIdentifier(callee, { name: "Buffer" })) {
-        findings.push({
-          type: "deprecated_api",
-          severity: "WARN",
-          category: "Deprecated",
-          file: filePath,
-          line: loc?.line || 1,
-          column: loc?.column || 0,
-          title: "Deprecated new Buffer()",
-          message: "Use Buffer.from() / Buffer.alloc() instead of new Buffer().",
-          codeSnippet: snippetForLine(lines, loc?.line || 1),
-          confidence: "high",
-        });
-      }
-    },
-
-    MemberExpression(path) {
-      const loc = path.node.loc?.start;
-      const prop = path.node.property;
-
-      // __proto__ access (either computed or not)
-      const isProto =
-        (!path.node.computed && t.isIdentifier(prop, { name: "__proto__" })) ||
-        (path.node.computed && t.isStringLiteral(prop, { value: "__proto__" }));
-      if (isProto) {
-        findings.push({
-          type: "deprecated_api",
-          severity: "WARN",
-          category: "Deprecated",
-          file: filePath,
-          line: loc?.line || 1,
-          column: loc?.column || 0,
-          title: "Avoid __proto__",
-          message: "Avoid using __proto__. Prefer Object.getPrototypeOf / Object.setPrototypeOf.",
-          codeSnippet: snippetForLine(lines, loc?.line || 1),
-          confidence: "high",
-        });
-      }
-    },
-
-    ClassMethod(path) {
-      const key = path.node.key;
-      if (!t.isIdentifier(key)) return;
-      if (!REACT_LIFECYCLE_DEPRECATED.has(key.name)) return;
-
-      const loc = path.node.loc?.start;
-      findings.push({
-        type: "deprecated_api",
-        severity: "WARN",
-        category: "Deprecated",
-        file: filePath,
-        line: loc?.line || 1,
-        column: loc?.column || 0,
-        title: `Deprecated React lifecycle: ${key.name}`,
-        message: "This lifecycle method is legacy. Prefer componentDidMount/update or hooks.",
-        codeSnippet: snippetForLine(lines, loc?.line || 1),
-        confidence: "med",
-      });
-    },
-
-    ObjectMethod(path) {
-      const key = path.node.key;
-      if (!t.isIdentifier(key)) return;
-      if (!REACT_LIFECYCLE_DEPRECATED.has(key.name)) return;
-
-      const loc = path.node.loc?.start;
-      findings.push({
-        type: "deprecated_api",
-        severity: "WARN",
-        category: "Deprecated",
-        file: filePath,
-        line: loc?.line || 1,
-        column: loc?.column || 0,
-        title: `Deprecated method: ${key.name}`,
-        message: "This method name matches deprecated React lifecycle patterns.",
-        codeSnippet: snippetForLine(lines, loc?.line || 1),
-        confidence: "low",
-      });
-    },
-
-    AssignmentExpression(path) {
-      // Component.getInitialProps = async () => {}
-      if (!t.isMemberExpression(path.node.left)) return;
-      const prop = path.node.left.property;
-      if (path.node.left.computed) return;
-      if (!t.isIdentifier(prop, { name: "getInitialProps" })) return;
-
-      const loc = path.node.loc?.start;
-      findings.push({
-        type: "deprecated_api",
-        severity: "WARN",
-        category: "Deprecated",
-        file: filePath,
-        line: loc?.line || 1,
-        column: loc?.column || 0,
-        title: "Next.js getInitialProps is legacy",
-        message: "Prefer getServerSideProps/getStaticProps or the App Router data fetching.",
-        codeSnippet: snippetForLine(lines, loc?.line || 1),
-        confidence: "med",
-      });
-    },
-
-    ObjectProperty(path) {
-      // { getInitialProps: ... }
-      const key = path.node.key;
-      const isKey =
-        (t.isIdentifier(key) && key.name === "getInitialProps") ||
-        (t.isStringLiteral(key) && key.value === "getInitialProps");
-      if (!isKey) return;
-
-      const loc = path.node.loc?.start;
-      findings.push({
-        type: "deprecated_api",
-        severity: "WARN",
-        category: "Deprecated",
-        file: filePath,
-        line: loc?.line || 1,
-        column: loc?.column || 0,
-        title: "Next.js getInitialProps is legacy",
-        message: "Prefer getServerSideProps/getStaticProps or App Router data fetching.",
-        codeSnippet: snippetForLine(lines, loc?.line || 1),
-        confidence: "low",
-      });
-    },
-  });
-
-  return findings;
-}
-
-module.exports = {
-  analyzeDeprecatedApi,
-  parseCode,
-};

package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js

@@ -1,167 +0,0 @@
-/**
- * Empty Catch Engine
- * Flags catch blocks that swallow errors without handling/reporting/rethrowing.
- */
-
-const { getAST, parseCode } = require("./ast-cache");
-const traverse = require("@babel/traverse").default;
-const t = require("@babel/types");
-const { shouldExcludeFile, isTestContext, hasIgnoreDirective } = require("./file-filter");
-
-function stripCommentsAndWhitespace(text) {
-  if (!text) return "";
-  // remove /* */ and // comments
-  const noBlock = text.replace(/\/\*[\s\S]*?\*\//g, "");
-  const noLine = noBlock.replace(/\/\/.*$/gm, "");
-  return noLine.replace(/\s+/g, "");
-}
-
-function getCodeSlice(code, node) {
-  if (!node || typeof node.start !== "number" || typeof node.end !== "number") return "";
-  return code.slice(node.start, node.end);
-}
-
-function isAllowedCallExpression(callPath) {
-  const callee = callPath.node.callee;
-
-  // console.error / console.warn
-  if (
-    t.isMemberExpression(callee) &&
-    t.isIdentifier(callee.object, { name: "console" }) &&
-    t.isIdentifier(callee.property) &&
-    ["error", "warn"].includes(callee.property.name)
-  ) {
-    return true;
-  }
-
-  // logger.error / log.error / this.logger.error
-  if (t.isMemberExpression(callee) && t.isIdentifier(callee.property, { name: "error" })) {
-    return true;
-  }
-
-  // Sentry.captureException / captureException / reportError
-  if (t.isIdentifier(callee) && ["captureException", "reportError"].includes(callee.name)) return true;
-
-  if (
-    t.isMemberExpression(callee) &&
-    t.isIdentifier(callee.object, { name: "Sentry" }) &&
-    t.isIdentifier(callee.property, { name: "captureException" })
-  ) {
-    return true;
-  }
-
-  return false;
-}
-
-function catchHasMeaningfulHandling(catchPath) {
-  let ok = false;
-
-  catchPath.traverse({
-    // stop on nested functions
-    Function(inner) {
-      inner.skip();
-    },
-
-    ThrowStatement() {
-      ok = true;
-    },
-
-    ReturnStatement() {
-      // Returning from catch isn't always "handling", but it's at least an explicit behavior.
-      ok = true;
-    },
-
-    CallExpression(p) {
-      if (isAllowedCallExpression(p)) ok = true;
-    },
-  });
-
-  return ok;
-}
-
-function analyzeEmptyCatch(code, filePath) {
-  const findings = [];
-
-  if (shouldExcludeFile(filePath)) return findings;
-  if (isTestContext(code, filePath)) return findings;
-  if (hasIgnoreDirective(code, "empty-catch")) return findings;
-
-  const ast = getAST(code, filePath);
-  if (!ast) return findings;
-
-  const lines = code.split("\n");
-
-  traverse(ast, {
-    CatchClause(path) {
-      const body = path.node.body;
-      if (!body || !body.loc) return;
-
-      const hasStatements = Array.isArray(body.body) && body.body.length > 0;
-
-      // detect comment-only or empty
-      const rawBlock = getCodeSlice(code, body);
-      const stripped = stripCommentsAndWhitespace(rawBlock.replace(/^\{/, "").replace(/\}$/, ""));
-      const isEmptyOrCommentOnly = stripped.length === 0;
-
-      if (!hasStatements && isEmptyOrCommentOnly) {
-        const line = body.loc.start.line;
-        findings.push({
-          type: "empty_catch",
-          severity: "WARN",
-          category: "CodeQuality",
-          file: filePath,
-          line,
-          column: body.loc.start.column,
-          title: "Empty catch block",
-          message: "Catch block swallows errors. Add logging/reporting or rethrow.",
-          codeSnippet: lines[line - 1]?.trim(),
-          confidence: "high",
-        });
-        return;
-      }
-
-      // Even if it has statements, it may still be useless (e.g., only a comment, or empty statements)
-      if (isEmptyOrCommentOnly) {
-        const line = body.loc.start.line;
-        findings.push({
-          type: "empty_catch",
-          severity: "WARN",
-          category: "CodeQuality",
-          file: filePath,
-          line,
-          column: body.loc.start.column,
-          title: "Catch block has no executable handling",
-          message: "Catch block contains no executable statements. Add handling or rethrow.",
-          codeSnippet: lines[line - 1]?.trim(),
-          confidence: "high",
-        });
-        return;
-      }
-
-      // If it does something meaningful (log, report, throw, return), don't flag.
-      if (catchHasMeaningfulHandling(path)) return;
-
-      // Otherwise, treat as weak handling (e.g., assignment, empty statement, etc.)
-      const line = body.loc.start.line;
-      findings.push({
-        type: "weak_catch",
-        severity: "WARN",
-        category: "CodeQuality",
-        file: filePath,
-        line,
-        column: body.loc.start.column,
-        title: "Catch block likely swallows errors",
-        message: "Catch block does not rethrow or log/report the error.",
-        codeSnippet: lines[line - 1]?.trim(),
-        confidence: "med",
-      });
-    },
-  });
-
-  return findings;
-}
-
-module.exports = {
-  analyzeEmptyCatch,
-  parseCode,
-};

package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js

@@ -1,217 +0,0 @@
-/**
- * File Filter
- *
- * Central filtering rules for analysis engines.
- *
- * Goals:
- * - Skip generated/build/vendored output
- * - Skip non-code files
- * - Skip tests by default (engines can opt-in)
- */
-
-const path = require("path");
-
-function normalizePath(p) {
-  return (p || "").replace(/\\/g, "/");
-}
-
-const CODE_EXTENSIONS = new Set([".js", ".jsx", ".ts", ".tsx", ".mjs", ".cjs"]);
-
-function isCodeFile(filePath) {
-  const fp = normalizePath(filePath);
-  if (!fp) return false;
-  if (fp.toLowerCase().endsWith(".d.ts")) return false;
-  const ext = path.extname(fp).toLowerCase();
-  return CODE_EXTENSIONS.has(ext);
-}
-
-function looksLikeTestFile(filePath) {
-  const fp = normalizePath(filePath).toLowerCase();
-  const base = path.basename(fp);
-
-  if (
-    fp.includes("/__tests__/") ||
-    fp.includes("/__mocks__/") ||
-    fp.includes("/fixtures/") ||
-    fp.includes("/fixture/") ||
-    fp.includes("/test/") ||
-    fp.includes("/tests/") ||
-    fp.includes("/spec/") ||
-    fp.includes("/e2e/")
-  ) {
-    return true;
-  }
-
-  if (/\.(test|spec|e2e)\.(js|jsx|ts|tsx|mjs|cjs)$/.test(base)) return true;
-
-  if (
-    base === "jest.config.js" ||
-    base === "jest.config.ts" ||
-    base === "vitest.config.ts" ||
-    base === "playwright.config.ts" ||
-    base === "cypress.config.ts"
-  ) {
-    return true;
-  }
-
-  return false;
-}
-
-const EXCLUDED_PATH_SNIPPETS = [
-  "/node_modules/",
-  "/dist/",
-  "/build/",
-  "/out/",
-  "/coverage/",
-  "/.next/",
-  "/.turbo/",
-  "/.cache/",
-  "/.git/",
-  "/vendor/",
-  "/generated/",
-  "/__generated__/",
-  "/codegen/",
-  "/storybook-static/",
-  "/public/",
-  "/static/",
-  "/tmp/",
-  "/temp/",
-  "/bin/",
-  "/scripts/",
-  "/examples/",
-  "/demo/",
-  "/docs/",
-  "/.vscode/",
-  "/.idea/",
-  "/.husky/",
-  "/.github/",
-  "/migrations/",
-  "/prisma/",
-  "/.cursor/",
-  "/.windsurf/",
-  "/.guardrail/",
-  "/.test-cli/",
-  "/_archive/",
-  "/attached_assets/",
-  "/shared/",
-  "/templates/",
-  "/tmp/",
-  "/vscode-extension/",
-];
-
-const EXCLUDED_NAME_PATTERNS = [
-  /\.min\./i,
-  /\.bundle\./i,
-  /-min\./i,
-  /\.generated\./i,
-  /\.gen\./i,
-  /\.d\.ts$/i,
-  /\.map$/i,
-  /\.snap$/i,
-  /\.lock$/i,
-  /^\.env/i,
-  /\.config\.(js|ts|json)$/i,
-  /\.setup\.(js|ts)$/i,
-  /\.test\.(js|ts|jsx|tsx)$/i,
-  /\.spec\.(js|ts|jsx|tsx)$/i,
-  /\.e2e\.(js|ts|jsx|tsx)$/i,
-  /\.stories\.(js|ts|jsx|tsx)$/i,
-  /\.mock\.(js|ts|jsx|tsx)$/i,
-  /\.fixture\.(js|ts|jsx|tsx)$/i,
-];
-
-function shouldExcludeFile(filePath, opts = {}) {
-  const fp = normalizePath(filePath);
-  if (!fp) return true;
-
-  const allowNonCode = Boolean(opts.allowNonCode);
-  const includeTests = Boolean(opts.includeTests);
-
-  const lowered = fp.toLowerCase();
-
-  // Always exclude these
-  if (lowered.endsWith(".map") || lowered.endsWith(".snap") || lowered.endsWith(".lock")) return true;
-  if (lowered.endsWith(".d.ts")) return true;
-
-  if (!allowNonCode && !isCodeFile(fp)) return true;
-
-  for (const snippet of EXCLUDED_PATH_SNIPPETS) {
-    if (lowered.includes(snippet)) return true;
-  }
-
-  const base = path.basename(lowered);
-  for (const re of EXCLUDED_NAME_PATTERNS) {
-    if (re.test(base) || re.test(lowered)) return true;
-  }
-
-  // Skip tests by default
-  if (!includeTests && looksLikeTestFile(fp)) return true;
-
-  return false;
-}
-
-/**
- * Determine whether a file/code is likely test-only code.
- * Used to reduce false positives on rules that target production behavior.
- */
-function isTestContext(code, filePath = "") {
-  const fp = normalizePath(filePath).toLowerCase();
-  if (looksLikeTestFile(fp)) return true;
-
-  if (!code || typeof code !== "string") return false;
-
-  // sample a slice to keep it cheap
-  const head = code.slice(0, 2500);
-  const midStart = Math.max(0, Math.floor(code.length / 2) - 1250);
-  const mid = code.slice(midStart, midStart + 2500);
-  const sample = `${head}\n${mid}`;
-
-  const hints = [
-    /\bdescribe\s*\(/,
-    /\bit\s*\(/,
-    /\btest\s*\(/,
-    /\bexpect\s*\(/,
-    /\b(beforeEach|afterEach|beforeAll|afterAll)\s*\(/,
-    /\bfrom\s+['"]vitest['"]/,
-    /\bfrom\s+['"]@jest\/globals['"]/,
-    /\bfrom\s+['"]mocha['"]/,
-    /\bplaywright\b/i,
-    /\bcypress\b/i,
-    /\bsupertest\b/i,
-    /\bjest\b/i,
-    /\bvitest\b/i,
-  ];
-
-  if (hints.some((re) => re.test(sample))) return true;
-  if (/process\.env\.NODE_ENV\s*===\s*['"]test['"]/.test(sample)) return true;
-
-  return false;
-}
-
-/**
- * Lightweight opt-out mechanism:
- *   // vibecheck-ignore
- *   // vibecheck-ignore(rule-name)
- */
-function hasIgnoreDirective(code, ruleName) {
-  if (!code || typeof code !== "string") return false;
-
-  // only check the header
-  const header = code.split(/\r?\n/).slice(0, 60).join("\n");
-  if (!/vibecheck-ignore\b/i.test(header)) return false;
-
-  if (!ruleName) return true;
-
-  const escaped = ruleName.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-  const re = new RegExp(`vibecheck-ignore\\s*\\(\\s*${escaped}\\s*\\)`, "i");
-  return re.test(header);
-}
-
-module.exports = {
-  normalizePath,
-  isCodeFile,
-  looksLikeTestFile,
-  shouldExcludeFile,
-  isTestContext,
-  hasIgnoreDirective,
-};