@vibecheckai/cli 3.5.0 → 3.5.2

package/bin/runners/lib/proof-certificate.js

@@ -1,634 +0,0 @@
-/**
- * Proof Certificate Generator
- * 
- * Enterprise-grade proof certificates with:
- * - Risk Radar visualization
- * - Pre-flight checklist
- * - Cryptographic verification
- * - Audit trail
- */
-
-"use strict";
-
-const crypto = require("crypto");
-const path = require("path");
-
-// Terminal UI
-let terminalUI;
-try {
-  terminalUI = require("./terminal-ui");
-} catch {
-  terminalUI = {
-    c: { reset: "", bold: "", dim: "", red: "", yellow: "", green: "", cyan: "" },
-    rgb: () => "",
-    icons: { check: "✓", cross: "✗", warning: "⚠", info: "ℹ" },
-  };
-}
-
-const { c, rgb, icons } = terminalUI;
-
-// Colors
-const colors = {
-  critical: rgb(255, 80, 80),
-  high: rgb(255, 150, 50),
-  medium: rgb(255, 200, 0),
-  low: rgb(100, 200, 255),
-  info: rgb(150, 150, 150),
-  success: rgb(0, 255, 150),
-  accent: rgb(0, 200, 255),
-  gold: rgb(255, 215, 0),
-  silver: rgb(192, 192, 192),
-  bronze: rgb(205, 127, 50),
-};
-
-// Risk categories for radar
-const RISK_CATEGORIES = [
-  { id: "security", label: "Security", icon: "🔒" },
-  { id: "quality", label: "Code Quality", icon: "✨" },
-  { id: "reliability", label: "Reliability", icon: "⚡" },
-  { id: "maintainability", label: "Maintainability", icon: "🔧" },
-  { id: "performance", label: "Performance", icon: "🚀" },
-  { id: "compliance", label: "Compliance", icon: "📋" },
-];
-
-// Pre-flight checklist items
-const PREFLIGHT_CHECKS = [
-  { id: "no-critical", label: "No critical issues", category: "blocking", weight: 100 },
-  { id: "no-secrets", label: "No hardcoded secrets", category: "security", weight: 90 },
-  { id: "no-mock-data", label: "No mock/fake data in production paths", category: "quality", weight: 80 },
-  { id: "error-handling", label: "Error handling in place", category: "reliability", weight: 70 },
-  { id: "no-console", label: "No debug console statements", category: "quality", weight: 60 },
-  { id: "type-safety", label: "Type safety enforced", category: "quality", weight: 50 },
-  { id: "deps-secure", label: "Dependencies are secure", category: "security", weight: 85 },
-  { id: "api-consistency", label: "API contracts consistent", category: "reliability", weight: 65 },
-  { id: "auth-verified", label: "Authentication verified", category: "security", weight: 95 },
-  { id: "perf-acceptable", label: "Performance acceptable", category: "performance", weight: 55 },
-];
-
-/**
- * Calculate risk scores for each category
- */
-function calculateRiskRadar(findings) {
-  const radar = {};
-  
-  for (const category of RISK_CATEGORIES) {
-    radar[category.id] = {
-      ...category,
-      score: 100,
-      issues: 0,
-      critical: 0,
-      high: 0,
-      medium: 0,
-      low: 0,
-    };
-  }
-
-  // Map findings to categories
-  const categoryMapping = {
-    "hardcoded-secrets": "security",
-    "security": "security",
-    "credentials": "security",
-    "authentication": "security",
-    "authorization": "security",
-    "injection": "security",
-    "xss": "security",
-    "csrf": "security",
-    "vulnerability": "security",
-    
-    "console-logs": "quality",
-    "dead-code": "quality",
-    "unused": "quality",
-    "duplicate": "quality",
-    "complexity": "quality",
-    "code-smell": "quality",
-    "type-any": "quality",
-    "naming": "quality",
-    
-    "error-handling": "reliability",
-    "empty-catch": "reliability",
-    "promise": "reliability",
-    "async": "reliability",
-    "null-check": "reliability",
-    "validation": "reliability",
-    
-    "deprecated": "maintainability",
-    "legacy": "maintainability",
-    "documentation": "maintainability",
-    "test-coverage": "maintainability",
-    
-    "performance": "performance",
-    "memory": "performance",
-    "n+1": "performance",
-    "bundle-size": "performance",
-    "lazy-load": "performance",
-    
-    "mock-data": "compliance",
-    "fake": "compliance",
-    "stub": "compliance",
-    "license": "compliance",
-    "gdpr": "compliance",
-    "pii": "compliance",
-  };
-
-  // Score findings
-  for (const finding of findings) {
-    const category = finding.category?.toLowerCase() || "";
-    const type = finding.type?.toLowerCase() || "";
-    const severity = finding.severity?.toLowerCase() || finding.type?.toLowerCase() || "medium";
-    
-    // Find matching risk category
-    let riskCategory = "quality"; // default
-    for (const [pattern, cat] of Object.entries(categoryMapping)) {
-      if (category.includes(pattern) || type.includes(pattern)) {
-        riskCategory = cat;
-        break;
-      }
-    }
-
-    // Update scores
-    const risk = radar[riskCategory];
-    if (risk) {
-      risk.issues++;
-      
-      switch (severity) {
-        case "critical":
-          risk.critical++;
-          risk.score -= 25;
-          break;
-        case "high":
-          risk.high++;
-          risk.score -= 15;
-          break;
-        case "warning":
-        case "medium":
-          risk.medium++;
-          risk.score -= 8;
-          break;
-        case "suggestion":
-        case "low":
-        case "info":
-          risk.low++;
-          risk.score -= 2;
-          break;
-        default:
-          risk.medium++;
-          risk.score -= 5;
-      }
-      
-      risk.score = Math.max(0, risk.score);
-    }
-  }
-
-  return radar;
-}
-
-/**
- * Render risk radar visualization
- */
-function renderRiskRadar(radar) {
-  const lines = [];
-  
-  lines.push(`  ${c.dim}╭${"─".repeat(60)}╮${c.reset}`);
-  lines.push(`  ${c.dim}│${c.reset} ${colors.accent}${c.bold}🎯 RISK RADAR${c.reset}                                              ${c.dim}│${c.reset}`);
-  lines.push(`  ${c.dim}├${"─".repeat(60)}┤${c.reset}`);
-  
-  for (const category of RISK_CATEGORIES) {
-    const risk = radar[category.id];
-    const score = risk.score;
-    const barLength = Math.round(score / 100 * 30);
-    const emptyLength = 30 - barLength;
-    
-    // Color based on score
-    let color;
-    if (score >= 80) color = colors.success;
-    else if (score >= 60) color = colors.medium;
-    else if (score >= 40) color = colors.high;
-    else color = colors.critical;
-    
-    const bar = `${color}${"█".repeat(barLength)}${c.reset}${c.dim}${"░".repeat(emptyLength)}${c.reset}`;
-    const label = `${category.icon} ${category.label}`.padEnd(20);
-    const scoreStr = `${score}%`.padStart(4);
-    const issues = risk.issues > 0 ? `${c.dim}(${risk.issues} issues)${c.reset}` : "";
-    
-    lines.push(`  ${c.dim}│${c.reset} ${label} ${bar} ${color}${scoreStr}${c.reset} ${issues.padEnd(15)}${c.dim}│${c.reset}`);
-  }
-  
-  // Overall score
-  const categories = Object.values(radar);
-  const overallScore = Math.round(categories.reduce((sum, c) => sum + c.score, 0) / categories.length);
-  let overallColor = colors.success;
-  if (overallScore < 80) overallColor = colors.medium;
-  if (overallScore < 60) overallColor = colors.high;
-  if (overallScore < 40) overallColor = colors.critical;
-  
-  lines.push(`  ${c.dim}├${"─".repeat(60)}┤${c.reset}`);
-  lines.push(`  ${c.dim}│${c.reset} ${c.bold}Overall Risk Score:${c.reset}                     ${overallColor}${c.bold}${overallScore}%${c.reset}                   ${c.dim}│${c.reset}`);
-  lines.push(`  ${c.dim}╰${"─".repeat(60)}╯${c.reset}`);
-  
-  return lines.join("\n");
-}
-
-/**
- * Run pre-flight checklist
- */
-function runPreflightChecklist(findings, proofGraph) {
-  const results = [];
-  const findingsLower = findings.map(f => ({
-    category: (f.category || "").toLowerCase(),
-    type: (f.type || f.severity || "").toLowerCase(),
-    severity: (f.severity || f.type || "").toLowerCase(),
-  }));
-
-  for (const check of PREFLIGHT_CHECKS) {
-    let passed = true;
-    let details = "";
-
-    switch (check.id) {
-      case "no-critical":
-        const criticals = findingsLower.filter(f => f.severity === "critical" || f.type === "critical");
-        passed = criticals.length === 0;
-        details = passed ? "All clear" : `${criticals.length} critical issue(s)`;
-        break;
-
-      case "no-secrets":
-        const secrets = findingsLower.filter(f => 
-          f.category.includes("secret") || 
-          f.category.includes("credential") ||
-          f.category.includes("password") ||
-          f.category.includes("api-key")
-        );
-        passed = secrets.length === 0;
-        details = passed ? "No secrets detected" : `${secrets.length} secret(s) found`;
-        break;
-
-      case "no-mock-data":
-        const mocks = findingsLower.filter(f => 
-          f.category.includes("mock") || 
-          f.category.includes("fake") ||
-          f.category.includes("stub") ||
-          f.category.includes("test-data")
-        );
-        passed = mocks.length === 0;
-        details = passed ? "No mock data" : `${mocks.length} mock data instance(s)`;
-        break;
-
-      case "error-handling":
-        const errorIssues = findingsLower.filter(f => 
-          f.category.includes("error") || 
-          f.category.includes("catch") ||
-          f.category.includes("exception")
-        );
-        passed = errorIssues.length === 0;
-        details = passed ? "Error handling OK" : `${errorIssues.length} error handling issue(s)`;
-        break;
-
-      case "no-console":
-        const consoles = findingsLower.filter(f => 
-          f.category.includes("console")
-        );
-        passed = consoles.length === 0;
-        details = passed ? "No console statements" : `${consoles.length} console statement(s)`;
-        break;
-
-      case "type-safety":
-        const typeIssues = findingsLower.filter(f => 
-          f.category.includes("type") || 
-          f.category.includes("any")
-        );
-        passed = typeIssues.length <= 2; // Allow some flexibility
-        details = passed ? "Types OK" : `${typeIssues.length} type issue(s)`;
-        break;
-
-      case "deps-secure":
-        const vulns = findingsLower.filter(f => 
-          f.category.includes("vulnerability") || 
-          f.category.includes("cve") ||
-          f.category.includes("security") && f.category.includes("dep")
-        );
-        passed = vulns.length === 0;
-        details = passed ? "Dependencies secure" : `${vulns.length} vulnerability(ies)`;
-        break;
-
-      case "api-consistency":
-        const apiIssues = findingsLower.filter(f => 
-          f.category.includes("api") && (
-            f.category.includes("inconsistent") ||
-            f.category.includes("mismatch")
-          )
-        );
-        passed = apiIssues.length === 0;
-        details = passed ? "API contracts OK" : `${apiIssues.length} API issue(s)`;
-        break;
-
-      case "auth-verified":
-        const authIssues = findingsLower.filter(f => 
-          f.category.includes("auth") && f.severity === "critical"
-        );
-        passed = authIssues.length === 0;
-        details = passed ? "Auth verified" : `${authIssues.length} auth issue(s)`;
-        break;
-
-      case "perf-acceptable":
-        const perfIssues = findingsLower.filter(f => 
-          f.category.includes("performance") && 
-          (f.severity === "critical" || f.severity === "high")
-        );
-        passed = perfIssues.length === 0;
-        details = passed ? "Performance OK" : `${perfIssues.length} perf issue(s)`;
-        break;
-
-      default:
-        passed = true;
-        details = "Check not implemented";
-    }
-
-    results.push({
-      ...check,
-      passed,
-      details,
-    });
-  }
-
-  return results;
-}
-
-/**
- * Render pre-flight checklist
- */
-function renderPreflightChecklist(checks) {
-  const lines = [];
-  
-  lines.push(`  ${c.dim}╭${"─".repeat(60)}╮${c.reset}`);
-  lines.push(`  ${c.dim}│${c.reset} ${colors.accent}${c.bold}✈️  PRE-FLIGHT CHECKLIST${c.reset}                                    ${c.dim}│${c.reset}`);
-  lines.push(`  ${c.dim}├${"─".repeat(60)}┤${c.reset}`);
-  
-  const passed = checks.filter(c => c.passed).length;
-  const total = checks.length;
-  const passRate = Math.round(passed / total * 100);
-  
-  for (const check of checks) {
-    const icon = check.passed ? `${colors.success}✓${c.reset}` : `${colors.critical}✗${c.reset}`;
-    const label = check.label.padEnd(35);
-    const details = check.details.padEnd(15);
-    const status = check.passed ? `${colors.success}PASS${c.reset}` : `${colors.critical}FAIL${c.reset}`;
-    
-    lines.push(`  ${c.dim}│${c.reset} ${icon} ${label} ${c.dim}${details}${c.reset} ${status} ${c.dim}│${c.reset}`);
-  }
-  
-  lines.push(`  ${c.dim}├${"─".repeat(60)}┤${c.reset}`);
-  
-  const passColor = passRate >= 80 ? colors.success : passRate >= 60 ? colors.medium : colors.critical;
-  lines.push(`  ${c.dim}│${c.reset} ${c.bold}Pre-flight Status:${c.reset} ${passed}/${total} checks passed ${passColor}(${passRate}%)${c.reset}          ${c.dim}│${c.reset}`);
-  
-  const canShip = checks.filter(c => c.category === "blocking" && !c.passed).length === 0;
-  const shipStatus = canShip 
-    ? `${colors.success}${c.bold}CLEARED FOR TAKEOFF${c.reset}`
-    : `${colors.critical}${c.bold}GROUNDED - BLOCKING ISSUES${c.reset}`;
-  
-  lines.push(`  ${c.dim}│${c.reset} ${shipStatus}                             ${c.dim}│${c.reset}`);
-  lines.push(`  ${c.dim}╰${"─".repeat(60)}╯${c.reset}`);
-  
-  return lines.join("\n");
-}
-
-/**
- * Generate a cryptographic proof certificate
- */
-function generateProofCertificate(options) {
-  const {
-    projectPath,
-    projectName,
-    verdict,
-    score,
-    findings,
-    truthpack,
-    proofGraph,
-    duration,
-    tier,
-    version,
-  } = options;
-
-  const timestamp = new Date().toISOString();
-  const certificateId = generateCertificateId();
-  const shortCode = generateShortCode(certificateId);
-  
-  // Calculate checksums
-  const findingsHash = hashObject(findings);
-  const truthpackHash = truthpack ? hashObject(truthpack) : null;
-  
-  // Build certificate
-  const certificate = {
-    certificateId,
-    shortCode,
-    version: "2.0.0",
-    generator: `vibecheck-cli@${version}`,
-    timestamp,
-    expires: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000).toISOString(), // 7 days
-    
-    project: {
-      name: projectName,
-      path: projectPath,
-      scannedAt: timestamp,
-    },
-    
-    verdict: {
-      status: verdict,
-      score,
-      confidence: calculateConfidence(findings, proofGraph),
-      tier,
-    },
-    
-    summary: {
-      totalFindings: findings.length,
-      critical: findings.filter(f => f.severity === "critical" || f.type === "critical").length,
-      high: findings.filter(f => f.severity === "high" || f.type === "high").length,
-      medium: findings.filter(f => f.severity === "warning" || f.type === "warning" || f.severity === "medium").length,
-      low: findings.filter(f => f.severity === "suggestion" || f.type === "suggestion" || f.severity === "low").length,
-    },
-    
-    riskRadar: calculateRiskRadar(findings),
-    preflight: runPreflightChecklist(findings, proofGraph),
-    
-    integrity: {
-      findingsHash,
-      truthpackHash,
-      certificateHash: null, // Set after signing
-    },
-    
-    metadata: {
-      duration,
-      engineVersion: version,
-      nodeVersion: process.version,
-      platform: process.platform,
-    },
-    
-    verificationUrl: `https://verify.vibecheckai.dev/cert/${shortCode}`,
-  };
-  
-  // Sign the certificate
-  certificate.integrity.certificateHash = hashObject({
-    certificateId,
-    timestamp,
-    verdict: certificate.verdict,
-    summary: certificate.summary,
-    findingsHash,
-  });
-  
-  return {
-    certificate,
-    shortCode,
-    qrCode: generateQRCodeData(certificate.verificationUrl),
-  };
-}
-
-/**
- * Generate unique certificate ID
- */
-function generateCertificateId() {
-  const timestamp = Date.now().toString(36);
-  const random = crypto.randomBytes(8).toString("hex");
-  return `VC-${timestamp}-${random}`.toUpperCase();
-}
-
-/**
- * Generate short verification code
- */
-function generateShortCode(certificateId) {
-  const hash = crypto.createHash("sha256").update(certificateId).digest("hex");
-  return hash.substring(0, 8).toUpperCase();
-}
-
-/**
- * Calculate confidence score
- */
-function calculateConfidence(findings, proofGraph) {
-  let confidence = 100;
-  
-  // Reduce confidence based on findings
-  const critical = findings.filter(f => f.severity === "critical" || f.type === "critical").length;
-  const high = findings.filter(f => f.severity === "high" || f.type === "high").length;
-  
-  confidence -= critical * 15;
-  confidence -= high * 8;
-  
-  // Boost confidence if proof graph has verified nodes
-  if (proofGraph?.nodes?.length > 0) {
-    const verifiedNodes = proofGraph.nodes.filter(n => n.verified).length;
-    const totalNodes = proofGraph.nodes.length;
-    confidence += Math.round((verifiedNodes / totalNodes) * 10);
-  }
-  
-  return Math.max(0, Math.min(100, confidence));
-}
-
-/**
- * Hash an object deterministically
- */
-function hashObject(obj) {
-  const str = JSON.stringify(obj, Object.keys(obj).sort());
-  return crypto.createHash("sha256").update(str).digest("hex").substring(0, 16);
-}
-
-/**
- * Generate QR code data URL (placeholder - would use actual QR library)
- */
-function generateQRCodeData(url) {
-  // In production, this would generate an actual QR code
-  return `data:image/svg+xml,${encodeURIComponent(`<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><text x="10" y="50" font-size="8">${url}</text></svg>`)}`;
-}
-
-/**
- * Render certificate badge for terminal
- */
-function renderCertificateBadge(certificate) {
-  const lines = [];
-  const { verdict, score, confidence } = certificate.verdict;
-  
-  // Badge colors
-  let badgeColor, badgeIcon, badgeLabel;
-  switch (verdict) {
-    case "SHIP":
-      badgeColor = colors.success;
-      badgeIcon = "🚀";
-      badgeLabel = "SHIP CERTIFIED";
-      break;
-    case "WARN":
-      badgeColor = colors.medium;
-      badgeIcon = "⚠️";
-      badgeLabel = "CONDITIONAL";
-      break;
-    case "BLOCK":
-      badgeColor = colors.critical;
-      badgeIcon = "🛑";
-      badgeLabel = "BLOCKED";
-      break;
-    default:
-      badgeColor = colors.info;
-      badgeIcon = "❓";
-      badgeLabel = "UNKNOWN";
-  }
-  
-  lines.push("");
-  lines.push(`  ${badgeColor}╭${"═".repeat(40)}╮${c.reset}`);
-  lines.push(`  ${badgeColor}║${c.reset}                                        ${badgeColor}║${c.reset}`);
-  lines.push(`  ${badgeColor}║${c.reset}  ${badgeIcon} ${c.bold}${badgeColor}${badgeLabel}${c.reset}                      ${badgeColor}║${c.reset}`);
-  lines.push(`  ${badgeColor}║${c.reset}                                        ${badgeColor}║${c.reset}`);
-  lines.push(`  ${badgeColor}║${c.reset}  Score: ${c.bold}${score}/100${c.reset}  Confidence: ${c.bold}${confidence}%${c.reset}   ${badgeColor}║${c.reset}`);
-  lines.push(`  ${badgeColor}║${c.reset}                                        ${badgeColor}║${c.reset}`);
-  lines.push(`  ${badgeColor}║${c.reset}  ${c.dim}ID: ${certificate.certificateId}${c.reset}      ${badgeColor}║${c.reset}`);
-  lines.push(`  ${badgeColor}║${c.reset}  ${c.dim}Verify: ${certificate.shortCode}${c.reset}                     ${badgeColor}║${c.reset}`);
-  lines.push(`  ${badgeColor}║${c.reset}                                        ${badgeColor}║${c.reset}`);
-  lines.push(`  ${badgeColor}╰${"═".repeat(40)}╯${c.reset}`);
-  lines.push("");
-  
-  return lines.join("\n");
-}
-
-/**
- * Export certificate as Markdown
- */
-function exportCertificateMarkdown(certificate) {
-  const { verdict, score, confidence } = certificate.verdict;
-  const { summary, project } = certificate;
-  
-  return `# VibeCheck Proof Certificate
-
-## Project: ${project.name}
-
-| Metric | Value |
-|--------|-------|
-| Verdict | **${verdict}** |
-| Score | ${score}/100 |
-| Confidence | ${confidence}% |
-| Certificate ID | \`${certificate.certificateId}\` |
-| Short Code | \`${certificate.shortCode}\` |
-| Generated | ${certificate.timestamp} |
-| Expires | ${certificate.expires} |
-
-## Summary
-
-- Critical Issues: ${summary.critical}
-- High Issues: ${summary.high}
-- Medium Issues: ${summary.medium}
-- Low Issues: ${summary.low}
-
-## Verification
-
-Verify this certificate at: ${certificate.verificationUrl}
-
----
-*Generated by VibeCheck v${certificate.metadata.engineVersion}*
-`;
-}
-
-module.exports = {
-  calculateRiskRadar,
-  renderRiskRadar,
-  runPreflightChecklist,
-  renderPreflightChecklist,
-  generateProofCertificate,
-  renderCertificateBadge,
-  exportCertificateMarkdown,
-  RISK_CATEGORIES,
-  PREFLIGHT_CHECKS,
-};