@vibecheckai/cli 3.5.0 → 3.5.2

package/bin/runners/lib/validators/contract-validator.js

@@ -1,283 +0,0 @@
-/**
- * Contract Validator - Ship-only check
- * Validates API contracts match implementation
- */
-
-"use strict";
-
-const path = require("path");
-const fs = require("fs");
-const fg = require("fast-glob");
-
-/**
- * Validate API contracts against implementation
- * Checks:
- * - OpenAPI/Swagger specs match actual routes
- * - TypeScript types match API responses
- * - tRPC routers match client usage
- */
-async function validateContracts(projectPath) {
-  const findings = [];
-  const startTime = Date.now();
-  
-  try {
-    // Check for OpenAPI/Swagger specs
-    const openApiFindings = await validateOpenApiContracts(projectPath);
-    findings.push(...openApiFindings);
-    
-    // Check for tRPC contracts
-    const trpcFindings = await validateTrpcContracts(projectPath);
-    findings.push(...trpcFindings);
-    
-    // Check for GraphQL schemas
-    const graphqlFindings = await validateGraphqlContracts(projectPath);
-    findings.push(...graphqlFindings);
-    
-  } catch (error) {
-    findings.push({
-      id: "CONTRACT_VALIDATION_ERROR",
-      category: "ContractValidation",
-      severity: "INFO",
-      title: "Contract validation incomplete",
-      message: `Could not fully validate contracts: ${error.message}`,
-      confidence: "low",
-      type: "validation_error",
-    });
-  }
-  
-  return {
-    findings,
-    duration: Date.now() - startTime,
-    type: "contract-validator",
-  };
-}
-
-async function validateOpenApiContracts(projectPath) {
-  const findings = [];
-  
-  // Find OpenAPI/Swagger spec files
-  const specFiles = fg.sync([
-    "**/openapi.{json,yaml,yml}",
-    "**/swagger.{json,yaml,yml}",
-    "**/api-spec.{json,yaml,yml}",
-  ], {
-    cwd: projectPath,
-    absolute: true,
-    ignore: ["**/node_modules/**"],
-  });
-  
-  if (specFiles.length === 0) {
-    // No OpenAPI spec - not an error, just no contract to validate
-    return findings;
-  }
-  
-  for (const specFile of specFiles) {
-    try {
-      const content = fs.readFileSync(specFile, "utf8");
-      const relativePath = path.relative(projectPath, specFile).replace(/\\/g, "/");
-      
-      // Basic validation - check if it parses
-      let spec;
-      if (specFile.endsWith(".json")) {
-        spec = JSON.parse(content);
-      } else {
-        // YAML parsing would require yaml package
-        continue;
-      }
-      
-      // Check for paths without implementations
-      const paths = spec.paths || {};
-      
-      for (const [routePath, methods] of Object.entries(paths)) {
-        for (const method of Object.keys(methods)) {
-          if (["parameters", "servers", "$ref"].includes(method)) continue;
-          
-          // Check if this route exists in codebase
-          const routeExists = await checkRouteExists(projectPath, routePath, method);
-          
-          if (!routeExists) {
-            findings.push({
-              id: `CONTRACT_MISSING_IMPL_${hashString(routePath + method)}`,
-              category: "ContractValidation",
-              severity: "WARN",
-              title: `API spec defines route without implementation: ${method.toUpperCase()} ${routePath}`,
-              message: `OpenAPI spec defines ${method.toUpperCase()} ${routePath} but no matching handler found`,
-              file: relativePath,
-              confidence: "medium",
-              type: "missing_implementation",
-            });
-          }
-        }
-      }
-      
-    } catch (error) {
-      findings.push({
-        id: `CONTRACT_PARSE_ERROR_${hashString(specFile)}`,
-        category: "ContractValidation",
-        severity: "WARN",
-        title: `Could not parse API spec: ${path.basename(specFile)}`,
-        message: error.message,
-        file: path.relative(projectPath, specFile).replace(/\\/g, "/"),
-        confidence: "high",
-        type: "parse_error",
-      });
-    }
-  }
-  
-  return findings;
-}
-
-async function validateTrpcContracts(projectPath) {
-  const findings = [];
-  
-  // Find tRPC router files
-  const trpcFiles = fg.sync([
-    "**/trpc/**/*.{ts,tsx}",
-    "**/server/routers/**/*.{ts,tsx}",
-    "**/*.router.{ts,tsx}",
-  ], {
-    cwd: projectPath,
-    absolute: true,
-    ignore: ["**/node_modules/**", "**/*.test.*", "**/*.spec.*"],
-  });
-  
-  if (trpcFiles.length === 0) return findings;
-  
-  // Extract procedure names from routers
-  const definedProcedures = new Set();
-  
-  for (const file of trpcFiles) {
-    try {
-      const content = fs.readFileSync(file, "utf8");
-      
-      // Find procedure definitions
-      const procedureMatches = content.matchAll(/\.(?:query|mutation|subscription)\s*\(/g);
-      const nameMatches = content.matchAll(/(\w+):\s*(?:router|publicProcedure|protectedProcedure)/g);
-      
-      for (const match of nameMatches) {
-        definedProcedures.add(match[1]);
-      }
-    } catch {
-      // Skip files that can't be read
-    }
-  }
-  
-  // Find tRPC client usage
-  const clientFiles = fg.sync(["**/*.{ts,tsx}"], {
-    cwd: projectPath,
-    absolute: true,
-    ignore: ["**/node_modules/**", "**/server/**", "**/*.test.*"],
-  });
-  
-  for (const file of clientFiles) {
-    try {
-      const content = fs.readFileSync(file, "utf8");
-      const relativePath = path.relative(projectPath, file).replace(/\\/g, "/");
-      
-      // Find trpc client calls
-      const clientMatches = content.matchAll(/trpc\.(\w+)\.(?:useQuery|useMutation|useSubscription)/g);
-      
-      for (const match of clientMatches) {
-        const procedureName = match[1];
-        const line = content.substring(0, match.index).split("\n").length;
-        
-        if (!definedProcedures.has(procedureName) && procedureName !== "useContext") {
-          findings.push({
-            id: `TRPC_MISSING_PROCEDURE_${hashString(procedureName + file)}`,
-            category: "ContractValidation",
-            severity: "WARN",
-            title: `tRPC procedure may not exist: ${procedureName}`,
-            message: `Client calls trpc.${procedureName} but no matching router procedure found`,
-            file: relativePath,
-            line,
-            confidence: "medium",
-            type: "missing_procedure",
-          });
-        }
-      }
-    } catch {
-      // Skip files that can't be read
-    }
-  }
-  
-  return findings;
-}
-
-async function validateGraphqlContracts(projectPath) {
-  const findings = [];
-  
-  // Find GraphQL schema files
-  const schemaFiles = fg.sync([
-    "**/*.graphql",
-    "**/*.gql",
-    "**/schema.{ts,js}",
-  ], {
-    cwd: projectPath,
-    absolute: true,
-    ignore: ["**/node_modules/**"],
-  });
-  
-  if (schemaFiles.length === 0) return findings;
-  
-  // Basic check: schema files should have resolvers
-  const resolverFiles = fg.sync([
-    "**/resolvers/**/*.{ts,js}",
-    "**/*.resolvers.{ts,js}",
-  ], {
-    cwd: projectPath,
-    absolute: true,
-    ignore: ["**/node_modules/**"],
-  });
-  
-  if (schemaFiles.length > 0 && resolverFiles.length === 0) {
-    findings.push({
-      id: "GRAPHQL_NO_RESOLVERS",
-      category: "ContractValidation",
-      severity: "WARN",
-      title: "GraphQL schema found but no resolvers detected",
-      message: "GraphQL schema files exist but no resolver implementations found",
-      confidence: "medium",
-      type: "missing_resolvers",
-    });
-  }
-  
-  return findings;
-}
-
-async function checkRouteExists(projectPath, routePath, method) {
-  // Convert OpenAPI path to file path pattern
-  const normalizedPath = routePath
-    .replace(/\{(\w+)\}/g, "[$1]") // {id} -> [id]
-    .replace(/^\//, "");
-  
-  // Check for Next.js API routes
-  const patterns = [
-    `**/pages/api/${normalizedPath}.{ts,js}`,
-    `**/pages/api/${normalizedPath}/index.{ts,js}`,
-    `**/app/api/${normalizedPath}/route.{ts,js}`,
-  ];
-  
-  for (const pattern of patterns) {
-    const files = fg.sync([pattern], {
-      cwd: projectPath,
-      ignore: ["**/node_modules/**"],
-    });
-    if (files.length > 0) return true;
-  }
-  
-  return false;
-}
-
-function hashString(str) {
-  let hash = 0;
-  for (let i = 0; i < str.length; i++) {
-    const char = str.charCodeAt(i);
-    hash = ((hash << 5) - hash) + char;
-    hash = hash & hash;
-  }
-  return Math.abs(hash).toString(36).substring(0, 8);
-}
-
-module.exports = {
-  validateContracts,
-};

package/bin/runners/lib/validators/dead-export-detector.js

@@ -1,279 +0,0 @@
-/**
- * Dead Export Detector - Ship-only check
- * Detects exports that are never imported anywhere
- */
-
-"use strict";
-
-const path = require("path");
-const fs = require("fs");
-const fg = require("fast-glob");
-
-/**
- * Detect exports that are never imported
- * This helps identify dead code that should be removed
- */
-async function detectDeadExports(projectPath) {
-  const findings = [];
-  const startTime = Date.now();
-  
-  try {
-    // Get all source files
-    const files = fg.sync(["**/*.{ts,tsx,js,jsx}"], {
-      cwd: projectPath,
-      absolute: true,
-      ignore: [
-        "**/node_modules/**",
-        "**/dist/**",
-        "**/build/**",
-        "**/.next/**",
-        "**/*.test.*",
-        "**/*.spec.*",
-        "**/coverage/**",
-        "**/__tests__/**",
-        "**/tests/**",
-        "**/index.ts",
-        "**/index.js",
-        "**/index.tsx",
-        "**/index.jsx",
-      ],
-    });
-    
-    // Phase 1: Collect all exports
-    const exports = new Map(); // export name -> { file, line, type }
-    
-    for (const file of files) {
-      try {
-        const content = fs.readFileSync(file, "utf8");
-        const relativePath = path.relative(projectPath, file).replace(/\\/g, "/");
-        
-        const fileExports = extractExports(content, relativePath);
-        for (const exp of fileExports) {
-          const key = `${relativePath}:${exp.name}`;
-          exports.set(key, exp);
-        }
-      } catch {
-        // Skip files that can't be read
-      }
-    }
-    
-    // Phase 2: Collect all imports
-    const imports = new Set(); // imported names
-    
-    for (const file of files) {
-      try {
-        const content = fs.readFileSync(file, "utf8");
-        const fileImports = extractImports(content);
-        for (const imp of fileImports) {
-          imports.add(imp);
-        }
-      } catch {
-        // Skip files that can't be read
-      }
-    }
-    
-    // Phase 3: Find dead exports
-    let deadCount = 0;
-    const MAX_DEAD_EXPORTS = 20; // Limit to prevent noise
-    
-    for (const [key, exp] of exports.entries()) {
-      // Skip entry points and common patterns
-      if (isLikelyEntryPoint(exp.file, exp.name)) continue;
-      
-      // Check if this export is imported anywhere
-      if (!imports.has(exp.name)) {
-        // Double-check: search for the name in all files
-        const isUsed = await isExportUsedAnywhere(exp.name, files, exp.file);
-        
-        if (!isUsed) {
-          deadCount++;
-          
-          if (deadCount <= MAX_DEAD_EXPORTS) {
-            findings.push({
-              id: `DEAD_EXPORT_${hashString(key)}`,
-              category: "DeadExport",
-              severity: "INFO",
-              title: `Potentially unused export: ${exp.name}`,
-              message: `${exp.name} is exported from ${exp.file} but may not be imported anywhere`,
-              file: exp.file,
-              line: exp.line,
-              confidence: "low",
-              type: "dead_export",
-            });
-          }
-        }
-      }
-    }
-    
-    // Summary if there are many dead exports
-    if (deadCount > MAX_DEAD_EXPORTS) {
-      findings.push({
-        id: "DEAD_EXPORT_SUMMARY",
-        category: "DeadExport",
-        severity: "WARN",
-        title: `${deadCount} potentially unused exports found`,
-        message: `Consider removing unused exports to reduce bundle size and improve maintainability`,
-        confidence: "low",
-        type: "dead_export_summary",
-      });
-    }
-    
-  } catch (error) {
-    findings.push({
-      id: "DEAD_EXPORT_ERROR",
-      category: "DeadExport",
-      severity: "INFO",
-      title: "Dead export detection incomplete",
-      message: `Could not complete dead export detection: ${error.message}`,
-      confidence: "low",
-      type: "detection_error",
-    });
-  }
-  
-  return {
-    findings,
-    duration: Date.now() - startTime,
-    type: "dead-export-detector",
-  };
-}
-
-function extractExports(content, file) {
-  const exports = [];
-  const lines = content.split("\n");
-  
-  for (let i = 0; i < lines.length; i++) {
-    const line = lines[i];
-    
-    // export const/let/var/function/class name
-    const namedExportMatch = line.match(/export\s+(?:const|let|var|function|class|type|interface|enum)\s+([A-Za-z_$][A-Za-z0-9_$]*)/);
-    if (namedExportMatch) {
-      exports.push({
-        name: namedExportMatch[1],
-        file,
-        line: i + 1,
-        type: "named",
-      });
-      continue;
-    }
-    
-    // export { name, name2 }
-    const bracedExportMatch = line.match(/export\s*\{([^}]+)\}/);
-    if (bracedExportMatch) {
-      const names = bracedExportMatch[1].split(",").map(n => {
-        const asMatch = n.trim().match(/(\w+)\s+as\s+(\w+)/);
-        return asMatch ? asMatch[2] : n.trim().split(" ")[0];
-      }).filter(Boolean);
-      
-      for (const name of names) {
-        exports.push({
-          name,
-          file,
-          line: i + 1,
-          type: "named",
-        });
-      }
-      continue;
-    }
-    
-    // export default (we track this specially)
-    if (/export\s+default/.test(line)) {
-      exports.push({
-        name: "default",
-        file,
-        line: i + 1,
-        type: "default",
-      });
-    }
-  }
-  
-  return exports;
-}
-
-function extractImports(content) {
-  const imports = new Set();
-  
-  // import { name, name2 } from 'module'
-  const bracedImportMatches = content.matchAll(/import\s*\{([^}]+)\}\s*from/g);
-  for (const match of bracedImportMatches) {
-    const names = match[1].split(",").map(n => {
-      const asMatch = n.trim().match(/(\w+)\s+as\s+(\w+)/);
-      return asMatch ? asMatch[1] : n.trim().split(" ")[0];
-    }).filter(Boolean);
-    
-    for (const name of names) {
-      imports.add(name);
-    }
-  }
-  
-  // import name from 'module' (default import)
-  const defaultImportMatches = content.matchAll(/import\s+(\w+)\s+from/g);
-  for (const match of defaultImportMatches) {
-    imports.add(match[1]);
-    imports.add("default");
-  }
-  
-  // Dynamic imports
-  const dynamicImportMatches = content.matchAll(/import\s*\(\s*['"`]([^'"`]+)['"`]\s*\)/g);
-  for (const match of dynamicImportMatches) {
-    // Mark the default export as potentially used
-    imports.add("default");
-  }
-  
-  return imports;
-}
-
-function isLikelyEntryPoint(file, name) {
-  // Entry point files
-  if (file.includes("page.") || file.includes("route.") || file.includes("layout.")) return true;
-  if (file.includes("middleware.")) return true;
-  if (file.endsWith("config.ts") || file.endsWith("config.js")) return true;
-  
-  // Common exports that are used externally
-  const externalExports = ["handler", "GET", "POST", "PUT", "DELETE", "PATCH", "middleware"];
-  if (externalExports.includes(name)) return true;
-  
-  // API route handlers
-  if (file.includes("/api/")) return true;
-  
-  // Default exports are often consumed by frameworks
-  if (name === "default") return true;
-  
-  return false;
-}
-
-async function isExportUsedAnywhere(name, files, sourceFile) {
-  // Quick regex check across all files
-  for (const file of files) {
-    if (file.includes(sourceFile)) continue; // Skip the source file
-    
-    try {
-      const content = fs.readFileSync(file, "utf8");
-      
-      // Check for import of this name
-      const importPattern = new RegExp(`import[^}]*\\b${name}\\b[^}]*from`, "g");
-      if (importPattern.test(content)) return true;
-      
-      // Check for dynamic import and usage
-      if (content.includes(name) && content.includes("import(")) return true;
-      
-    } catch {
-      // Skip files that can't be read
-    }
-  }
-  
-  return false;
-}
-
-function hashString(str) {
-  let hash = 0;
-  for (let i = 0; i < str.length; i++) {
-    const char = str.charCodeAt(i);
-    hash = ((hash << 5) - hash) + char;
-    hash = hash & hash;
-  }
-  return Math.abs(hash).toString(36).substring(0, 8);
-}
-
-module.exports = {
-  detectDeadExports,
-};