@vibecheckai/cli 3.5.0 → 3.5.1

package/bin/runners/runAllowlist.js

@@ -0,0 +1,324 @@
+/**
+ * vibecheck allowlist - Manage Finding Allowlist
+ *
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * Manage allowlist entries to suppress known false positives.
+ * Entries persist in .vibecheck/allowlist.json
+ * ═══════════════════════════════════════════════════════════════════════════════
+ */
+
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const { parseGlobalFlags, shouldShowBanner } = require("./lib/global-flags");
+
+// Colors
+const c = {
+  reset: '\x1b[0m',
+  bold: '\x1b[1m',
+  dim: '\x1b[2m',
+  green: '\x1b[32m',
+  yellow: '\x1b[33m',
+  cyan: '\x1b[36m',
+  red: '\x1b[31m',
+};
+
+const rgb = (r, g, b) => `\x1b[38;2;${r};${g};${b}m`;
+
+const colors = {
+  accent: rgb(150, 100, 255),
+  success: rgb(0, 255, 150),
+  warning: rgb(255, 200, 0),
+  error: rgb(255, 80, 80),
+};
+
+const ICONS = {
+  allow: '✓',
+  block: '✗',
+  list: '📋',
+  add: '+',
+  remove: '-',
+};
+
+function printHelp(opts = {}) {
+  if (shouldShowBanner(opts)) {
+    console.log(`
+${colors.accent}  █████╗ ██╗     ██╗      ██████╗ ██╗    ██╗${c.reset}
+${colors.accent}  ██╔══██╗██║     ██║     ██╔═══██╗██║    ██║${c.reset}
+${colors.accent}  ███████║██║     ██║     ██║   ██║██║ █╗ ██║${c.reset}
+${colors.accent}  ██╔══██║██║     ██║     ██║   ██║██║███╗██║${c.reset}
+${colors.accent}  ██║  ██║███████╗███████╗╚██████╔╝╚███╔███╔╝${c.reset}
+${colors.accent}  ╚═╝  ╚═╝╚══════╝╚══════╝ ╚═════╝  ╚══╝╚══╝ ${c.reset}
+`);
+  }
+  
+  console.log(`
+  ${c.bold}Usage:${c.reset} vibecheck allowlist <action> [options]
+
+  ${c.bold}Manage Finding Allowlist${c.reset} — Suppress known false positives.
+
+  ${c.bold}Actions:${c.reset}
+    ${colors.accent}list${c.reset}                   Show all allowlist entries ${c.dim}(default)${c.reset}
+    ${colors.accent}add${c.reset}                    Add entry to allowlist
+    ${colors.accent}remove${c.reset}                 Remove entry from allowlist
+    ${colors.accent}check${c.reset}                  Check if finding is allowlisted
+
+  ${c.bold}Options (add):${c.reset}
+    ${colors.accent}--id <finding-id>${c.reset}      Finding ID to allowlist
+    ${colors.accent}--pattern <regex>${c.reset}     Pattern to match (title, file, URL)
+    ${colors.accent}--reason <text>${c.reset}       Reason for allowlisting ${c.dim}(required)${c.reset}
+    ${colors.accent}--scope <scope>${c.reset}       Scope: global, file, line ${c.dim}(default: global)${c.reset}
+    ${colors.accent}--expires <days>${c.reset}      Auto-expire after N days
+    ${colors.accent}--file <path>${c.reset}         File scope (for scope=file|line)
+    ${colors.accent}--lines <start-end>${c.reset}   Line range (for scope=line)
+
+  ${c.bold}Options (remove):${c.reset}
+    ${colors.accent}--id <entry-id>${c.reset}        Allowlist entry ID to remove
+
+  ${c.bold}Options (check):${c.reset}
+    ${colors.accent}--id <finding-id>${c.reset}      Finding ID to check
+
+  ${c.bold}Global Options:${c.reset}
+    ${colors.accent}--json${c.reset}                 Output as JSON
+    ${colors.accent}--help, -h${c.reset}             Show this help
+
+  ${c.bold}Examples:${c.reset}
+    ${c.dim}# List all allowlist entries${c.reset}
+    vibecheck allowlist list
+
+    ${c.dim}# Add specific finding to allowlist${c.reset}
+    vibecheck allowlist add --id R_ANON_DEAD_abc123 --reason "Known toggle behavior"
+
+    ${c.dim}# Add pattern-based allowlist${c.reset}
+    vibecheck allowlist add --pattern "lorem ipsum" --reason "Docs page placeholder"
+
+    ${c.dim}# Add file-scoped allowlist${c.reset}
+    vibecheck allowlist add --pattern "test data" --scope file --file "src/fixtures.ts" --reason "Test fixtures"
+
+    ${c.dim}# Add with expiration${c.reset}
+    vibecheck allowlist add --id FAKE_xyz --reason "Temporary demo" --expires 7
+
+    ${c.dim}# Remove entry${c.reset}
+    vibecheck allowlist remove --id AL_abc123
+
+    ${c.dim}# Check if finding is allowlisted${c.reset}
+    vibecheck allowlist check --id R_ANON_DEAD_abc123
+  `);
+}
+
+async function runAllowlist(argsOrOpts = {}) {
+  // Handle array args from CLI
+  let globalOpts = { noBanner: false, json: false, quiet: false, ci: false };
+  if (Array.isArray(argsOrOpts)) {
+    const { flags } = parseGlobalFlags(argsOrOpts);
+    globalOpts = { ...globalOpts, ...flags };
+    
+    if (globalOpts.help) {
+      printHelp(globalOpts);
+      return 0;
+    }
+    
+    const getArg = (flags) => {
+      for (const f of flags) {
+        const idx = argsOrOpts.indexOf(f);
+        if (idx !== -1 && idx < argsOrOpts.length - 1) return argsOrOpts[idx + 1];
+      }
+      return undefined;
+    };
+    
+    // Get action (first positional arg)
+    const action = argsOrOpts.find(a => !a.startsWith("-") && a !== "allowlist") || "list";
+    
+    argsOrOpts = {
+      repoRoot: process.cwd(),
+      action,
+      id: getArg(["--id"]),
+      pattern: getArg(["--pattern"]),
+      reason: getArg(["--reason"]),
+      scope: getArg(["--scope"]) || "global",
+      file: getArg(["--file"]),
+      lines: getArg(["--lines"]),
+      expires: getArg(["--expires"]),
+      ...globalOpts,
+    };
+  }
+
+  const {
+    repoRoot = process.cwd(),
+    action = "list",
+    id = null,
+    pattern = null,
+    reason = null,
+    scope = "global",
+    file = null,
+    lines = null,
+    expires = null,
+    json = false,
+    quiet = false
+  } = argsOrOpts;
+
+  const root = repoRoot || process.cwd();
+
+  // Import evidence-pack module
+  let evidencePack;
+  try {
+    evidencePack = require("./lib/evidence-pack");
+  } catch (e) {
+    console.error(`${colors.error}${ICONS.block}${c.reset} Failed to load evidence-pack module: ${e.message}`);
+    return 1;
+  }
+
+  try {
+    switch (action) {
+      case "list": {
+        const allowlist = evidencePack.loadAllowlist(root);
+        
+        if (json) {
+          console.log(JSON.stringify(allowlist, null, 2));
+          return 0;
+        }
+        
+        if (!quiet) {
+          console.log(`\n  ${ICONS.list} ${c.bold}Allowlist Entries${c.reset}\n`);
+        }
+        
+        if (!allowlist.entries || allowlist.entries.length === 0) {
+          console.log(`  ${c.dim}No entries in allowlist.${c.reset}\n`);
+          console.log(`  ${c.dim}Add entries with: vibecheck allowlist add --id <id> --reason "..."${c.reset}\n`);
+          return 0;
+        }
+        
+        for (const entry of allowlist.entries) {
+          const expireStr = entry.expiresAt 
+            ? `${c.dim}expires ${new Date(entry.expiresAt).toLocaleDateString()}${c.reset}` 
+            : '';
+          const scopeStr = entry.scope !== 'global' 
+            ? `${c.cyan}[${entry.scope}]${c.reset} ` 
+            : '';
+          
+          console.log(`  ${colors.success}${ICONS.allow}${c.reset} ${c.bold}${entry.id}${c.reset} ${scopeStr}${expireStr}`);
+          
+          if (entry.findingId) {
+            console.log(`    ${c.dim}Finding:${c.reset} ${entry.findingId}`);
+          }
+          if (entry.pattern) {
+            console.log(`    ${c.dim}Pattern:${c.reset} ${entry.pattern}`);
+          }
+          console.log(`    ${c.dim}Reason:${c.reset} ${entry.reason || 'No reason provided'}`);
+          console.log(`    ${c.dim}Added:${c.reset} ${entry.addedAt} by ${entry.addedBy || 'user'}`);
+          console.log();
+        }
+        
+        console.log(`  ${c.dim}Total: ${allowlist.entries.length} entries${c.reset}\n`);
+        return 0;
+      }
+      
+      case "add": {
+        if (!id && !pattern) {
+          console.error(`\n  ${colors.error}${ICONS.block}${c.reset} Either --id or --pattern is required\n`);
+          return 1;
+        }
+        
+        if (!reason) {
+          console.error(`\n  ${colors.error}${ICONS.block}${c.reset} --reason is required\n`);
+          return 1;
+        }
+        
+        const entry = {
+          findingId: id,
+          pattern,
+          reason,
+          scope,
+          addedBy: 'cli'
+        };
+        
+        if (file) entry.file = file;
+        if (lines) {
+          const [start, end] = lines.split('-').map(Number);
+          entry.lines = [start, end || start];
+        }
+        if (expires) {
+          const days = parseInt(expires, 10);
+          entry.expiresAt = new Date(Date.now() + days * 24 * 60 * 60 * 1000).toISOString();
+        }
+        
+        const added = evidencePack.addToAllowlist(root, entry);
+        
+        if (json) {
+          console.log(JSON.stringify({ added }, null, 2));
+          return 0;
+        }
+        
+        console.log(`\n  ${colors.success}${ICONS.add}${c.reset} Added allowlist entry: ${c.bold}${added.id}${c.reset}\n`);
+        return 0;
+      }
+      
+      case "remove": {
+        if (!id) {
+          console.error(`\n  ${colors.error}${ICONS.block}${c.reset} --id is required for remove\n`);
+          return 1;
+        }
+        
+        const allowlist = evidencePack.loadAllowlist(root);
+        const before = allowlist.entries.length;
+        allowlist.entries = allowlist.entries.filter(e => e.id !== id && e.findingId !== id);
+        const removed = before - allowlist.entries.length;
+        
+        if (removed > 0) {
+          evidencePack.saveAllowlist(root, allowlist);
+        }
+        
+        if (json) {
+          console.log(JSON.stringify({ removed, remaining: allowlist.entries.length }, null, 2));
+          return 0;
+        }
+        
+        if (removed > 0) {
+          console.log(`\n  ${colors.success}${ICONS.remove}${c.reset} Removed ${removed} entry from allowlist\n`);
+        } else {
+          console.log(`\n  ${colors.warning}${ICONS.block}${c.reset} Entry not found: ${id}\n`);
+        }
+        return 0;
+      }
+      
+      case "check": {
+        if (!id) {
+          console.error(`\n  ${colors.error}${ICONS.block}${c.reset} --id is required for check\n`);
+          return 1;
+        }
+        
+        const allowlist = evidencePack.loadAllowlist(root);
+        const result = evidencePack.isAllowlisted({ id }, allowlist);
+        
+        if (json) {
+          console.log(JSON.stringify(result, null, 2));
+          return result.allowed ? 0 : 1;
+        }
+        
+        if (result.allowed) {
+          console.log(`\n  ${colors.success}${ICONS.allow}${c.reset} ${c.bold}Allowlisted${c.reset}`);
+          console.log(`  ${c.dim}Reason:${c.reset} ${result.reason}`);
+          console.log(`  ${c.dim}Entry:${c.reset} ${result.entry?.id}\n`);
+        } else {
+          console.log(`\n  ${colors.warning}${ICONS.block}${c.reset} ${c.bold}Not allowlisted${c.reset}\n`);
+        }
+        return result.allowed ? 0 : 1;
+      }
+      
+      default:
+        console.error(`\n  ${colors.error}${ICONS.block}${c.reset} Unknown action: ${action}\n`);
+        printHelp(globalOpts);
+        return 1;
+    }
+  } catch (error) {
+    if (json) {
+      console.log(JSON.stringify({ error: error.message }, null, 2));
+    } else {
+      console.error(`\n  ${colors.error}${ICONS.block}${c.reset} ${error.message}\n`);
+    }
+    return 1;
+  }
+}
+
+module.exports = { runAllowlist };