@vibecheckai/cli 3.5.0 → 3.5.2

package/bin/runners/lib/validators/license-checker.js

@@ -1,252 +0,0 @@
-/**
- * License Checker - Ship-only check
- * Validates dependency licenses for compliance
- */
-
-"use strict";
-
-const path = require("path");
-const fs = require("fs");
-
-// Licenses that are generally safe for commercial use
-const PERMISSIVE_LICENSES = [
-  "MIT",
-  "ISC",
-  "BSD-2-Clause",
-  "BSD-3-Clause",
-  "Apache-2.0",
-  "0BSD",
-  "CC0-1.0",
-  "Unlicense",
-  "WTFPL",
-  "Zlib",
-  "BlueOak-1.0.0",
-];
-
-// Licenses that require attribution or have other requirements
-const ATTRIBUTION_LICENSES = [
-  "CC-BY-4.0",
-  "CC-BY-3.0",
-];
-
-// Copyleft licenses that may require source disclosure
-const COPYLEFT_LICENSES = [
-  "GPL-2.0",
-  "GPL-3.0",
-  "LGPL-2.1",
-  "LGPL-3.0",
-  "AGPL-3.0",
-  "MPL-2.0",
-  "EPL-1.0",
-  "EPL-2.0",
-  "CDDL-1.0",
-  "EUPL-1.1",
-  "EUPL-1.2",
-];
-
-// Licenses that may have issues
-const PROBLEMATIC_LICENSES = [
-  "SSPL-1.0",
-  "BSL-1.0",
-  "Elastic-2.0",
-  "Commons-Clause",
-];
-
-/**
- * Check dependency licenses for compliance issues
- */
-async function checkLicenses(projectPath) {
-  const findings = [];
-  const startTime = Date.now();
-  
-  try {
-    const nodeModulesPath = path.join(projectPath, "node_modules");
-    
-    if (!fs.existsSync(nodeModulesPath)) {
-      return {
-        findings,
-        duration: Date.now() - startTime,
-        type: "license-checker",
-      };
-    }
-    
-    // Get direct dependencies from package.json
-    const packageJsonPath = path.join(projectPath, "package.json");
-    if (!fs.existsSync(packageJsonPath)) {
-      return {
-        findings,
-        duration: Date.now() - startTime,
-        type: "license-checker",
-      };
-    }
-    
-    const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, "utf8"));
-    const dependencies = {
-      ...packageJson.dependencies,
-      ...packageJson.devDependencies,
-    };
-    
-    const licenseStats = {
-      permissive: 0,
-      attribution: 0,
-      copyleft: 0,
-      problematic: 0,
-      unknown: 0,
-    };
-    
-    const problematicPackages = [];
-    const copyleftPackages = [];
-    const unknownPackages = [];
-    
-    // Check each dependency
-    for (const depName of Object.keys(dependencies)) {
-      const depPath = path.join(nodeModulesPath, depName);
-      const depPackageJson = path.join(depPath, "package.json");
-      
-      if (!fs.existsSync(depPackageJson)) continue;
-      
-      try {
-        const depInfo = JSON.parse(fs.readFileSync(depPackageJson, "utf8"));
-        const license = normalizeLicense(depInfo.license);
-        
-        if (!license || license === "UNLICENSED") {
-          licenseStats.unknown++;
-          unknownPackages.push(depName);
-        } else if (PERMISSIVE_LICENSES.includes(license)) {
-          licenseStats.permissive++;
-        } else if (ATTRIBUTION_LICENSES.includes(license)) {
-          licenseStats.attribution++;
-        } else if (COPYLEFT_LICENSES.includes(license)) {
-          licenseStats.copyleft++;
-          copyleftPackages.push({ name: depName, license });
-        } else if (PROBLEMATIC_LICENSES.includes(license)) {
-          licenseStats.problematic++;
-          problematicPackages.push({ name: depName, license });
-        } else {
-          licenseStats.unknown++;
-          unknownPackages.push(depName);
-        }
-      } catch {
-        // Skip packages that can't be read
-      }
-    }
-    
-    // Report problematic licenses
-    for (const pkg of problematicPackages) {
-      findings.push({
-        id: `LICENSE_PROBLEMATIC_${hashString(pkg.name)}`,
-        category: "LicenseCompliance",
-        severity: "WARN",
-        title: `Potentially problematic license: ${pkg.name}`,
-        message: `${pkg.name} uses ${pkg.license} which may have usage restrictions`,
-        confidence: "high",
-        type: "problematic_license",
-        details: {
-          package: pkg.name,
-          license: pkg.license,
-        },
-      });
-    }
-    
-    // Report copyleft licenses
-    if (copyleftPackages.length > 0) {
-      findings.push({
-        id: "LICENSE_COPYLEFT_SUMMARY",
-        category: "LicenseCompliance",
-        severity: "WARN",
-        title: `${copyleftPackages.length} packages with copyleft licenses`,
-        message: `Copyleft licenses may require source disclosure: ${copyleftPackages.map(p => p.name).slice(0, 5).join(", ")}${copyleftPackages.length > 5 ? "..." : ""}`,
-        confidence: "medium",
-        type: "copyleft_licenses",
-        details: {
-          packages: copyleftPackages,
-        },
-      });
-    }
-    
-    // Report unknown licenses only if there are many
-    if (unknownPackages.length > 10) {
-      findings.push({
-        id: "LICENSE_UNKNOWN_SUMMARY",
-        category: "LicenseCompliance",
-        severity: "INFO",
-        title: `${unknownPackages.length} packages with unknown/no license`,
-        message: `These packages have no clear license: ${unknownPackages.slice(0, 5).join(", ")}${unknownPackages.length > 5 ? "..." : ""}`,
-        confidence: "low",
-        type: "unknown_licenses",
-      });
-    }
-    
-    // Check for LICENSE file in project
-    const hasLicenseFile = fs.existsSync(path.join(projectPath, "LICENSE")) ||
-                          fs.existsSync(path.join(projectPath, "LICENSE.md")) ||
-                          fs.existsSync(path.join(projectPath, "LICENSE.txt"));
-    
-    if (!hasLicenseFile && Object.keys(dependencies).length > 0) {
-      findings.push({
-        id: "LICENSE_NO_PROJECT_LICENSE",
-        category: "LicenseCompliance",
-        severity: "INFO",
-        title: "No LICENSE file in project",
-        message: "Consider adding a LICENSE file to clarify your project's licensing terms",
-        confidence: "high",
-        type: "no_license_file",
-      });
-    }
-    
-  } catch (error) {
-    findings.push({
-      id: "LICENSE_CHECK_ERROR",
-      category: "LicenseCompliance",
-      severity: "INFO",
-      title: "License check incomplete",
-      message: `Could not complete license check: ${error.message}`,
-      confidence: "low",
-      type: "check_error",
-    });
-  }
-  
-  return {
-    findings,
-    duration: Date.now() - startTime,
-    type: "license-checker",
-  };
-}
-
-function normalizeLicense(license) {
-  if (!license) return null;
-  
-  if (typeof license === "object") {
-    return license.type || license.name || null;
-  }
-  
-  // Handle SPDX expressions like "MIT OR Apache-2.0"
-  const spdx = String(license).trim();
-  if (spdx.includes(" OR ")) {
-    // Take the first option
-    return spdx.split(" OR ")[0].trim();
-  }
-  if (spdx.includes(" AND ")) {
-    // All must be satisfied, take the most restrictive
-    return spdx.split(" AND ")[0].trim();
-  }
-  
-  return spdx;
-}
-
-function hashString(str) {
-  let hash = 0;
-  for (let i = 0; i < str.length; i++) {
-    const char = str.charCodeAt(i);
-    hash = ((hash << 5) - hash) + char;
-    hash = hash & hash;
-  }
-  return Math.abs(hash).toString(36).substring(0, 8);
-}
-
-module.exports = {
-  checkLicenses,
-  PERMISSIVE_LICENSES,
-  COPYLEFT_LICENSES,
-  PROBLEMATIC_LICENSES,
-};

package/bin/runners/lib/validators/route-validator.js

@@ -1,290 +0,0 @@
-/**
- * Route Validator - Ship-only check
- * Validates that all routes resolve properly
- */
-
-"use strict";
-
-const path = require("path");
-const fs = require("fs");
-const fg = require("fast-glob");
-
-/**
- * Validate routes in the project
- * Checks:
- * - All Link href values resolve to actual routes
- * - All API routes have handlers
- * - No orphan routes (defined but unreachable)
- * - Route parameters match between definition and usage
- */
-async function validateRoutes(projectPath) {
-  const findings = [];
-  const startTime = Date.now();
-  
-  try {
-    // Get route definitions
-    const routeFiles = await findRouteFiles(projectPath);
-    const routeDefinitions = await extractRouteDefinitions(routeFiles, projectPath);
-    
-    // Get route references (Links, fetches, navigations)
-    const codeFiles = fg.sync(["**/*.{ts,tsx,js,jsx}"], {
-      cwd: projectPath,
-      absolute: true,
-      ignore: [
-        "**/node_modules/**",
-        "**/dist/**",
-        "**/build/**",
-        "**/.next/**",
-        "**/*.test.*",
-        "**/*.spec.*",
-      ],
-    });
-    
-    const routeReferences = await extractRouteReferences(codeFiles, projectPath);
-    
-    // Check for unresolved routes
-    const definedRoutes = new Set(routeDefinitions.map(r => r.path));
-    
-    for (const ref of routeReferences) {
-      const normalizedPath = normalizeRoutePath(ref.path);
-      
-      // Skip external URLs
-      if (isExternalUrl(ref.path)) continue;
-      
-      // Skip dynamic routes that would match patterns
-      if (matchesDynamicRoute(normalizedPath, definedRoutes)) continue;
-      
-      // Check if route exists
-      if (!routeExists(normalizedPath, routeDefinitions)) {
-        findings.push({
-          id: `ROUTE_UNRESOLVED_${hashString(ref.path)}`,
-          category: "RouteIntegrity",
-          severity: "WARN",
-          title: `Route reference may not resolve: ${ref.path}`,
-          message: `Link/fetch to ${ref.path} - no matching route found`,
-          file: ref.file,
-          line: ref.line,
-          confidence: "medium",
-          type: "unresolved_route",
-        });
-      }
-    }
-    
-    // Check for orphan routes (defined but never referenced)
-    const referencedPaths = new Set(routeReferences.map(r => normalizeRoutePath(r.path)));
-    
-    for (const route of routeDefinitions) {
-      if (isInternalRoute(route.path)) continue;
-      if (isApiRoute(route.path)) continue; // API routes may be called externally
-      
-      const normalizedPath = normalizeRoutePath(route.path);
-      const isReferenced = Array.from(referencedPaths).some(ref => 
-        ref === normalizedPath || matchesDynamicPattern(ref, normalizedPath)
-      );
-      
-      if (!isReferenced) {
-        findings.push({
-          id: `ROUTE_ORPHAN_${hashString(route.path)}`,
-          category: "RouteIntegrity",
-          severity: "INFO",
-          title: `Route may be orphaned: ${route.path}`,
-          message: `Route defined but not referenced in codebase`,
-          file: route.file,
-          line: route.line,
-          confidence: "low",
-          type: "orphan_route",
-        });
-      }
-    }
-    
-  } catch (error) {
-    findings.push({
-      id: "ROUTE_VALIDATION_ERROR",
-      category: "RouteIntegrity",
-      severity: "INFO",
-      title: "Route validation incomplete",
-      message: `Could not fully validate routes: ${error.message}`,
-      confidence: "low",
-      type: "validation_error",
-    });
-  }
-  
-  return {
-    findings,
-    duration: Date.now() - startTime,
-    type: "route-validator",
-  };
-}
-
-// ============================================================================
-// HELPERS
-// ============================================================================
-
-async function findRouteFiles(projectPath) {
-  // Next.js App Router
-  const appRoutes = fg.sync(["**/app/**/page.{ts,tsx,js,jsx}", "**/app/**/route.{ts,tsx,js,jsx}"], {
-    cwd: projectPath,
-    absolute: true,
-    ignore: ["**/node_modules/**"],
-  });
-  
-  // Next.js Pages Router
-  const pageRoutes = fg.sync(["**/pages/**/*.{ts,tsx,js,jsx}"], {
-    cwd: projectPath,
-    absolute: true,
-    ignore: ["**/node_modules/**", "**/pages/api/**"],
-  });
-  
-  // API routes
-  const apiRoutes = fg.sync(["**/pages/api/**/*.{ts,tsx,js,jsx}", "**/app/api/**/route.{ts,tsx,js,jsx}"], {
-    cwd: projectPath,
-    absolute: true,
-    ignore: ["**/node_modules/**"],
-  });
-  
-  return [...appRoutes, ...pageRoutes, ...apiRoutes];
-}
-
-async function extractRouteDefinitions(files, projectPath) {
-  const routes = [];
-  
-  for (const file of files) {
-    const relativePath = path.relative(projectPath, file).replace(/\\/g, "/");
-    
-    // Convert file path to route path
-    let routePath = relativePath
-      .replace(/^(src\/)?(app|pages)/, "")
-      .replace(/\/page\.(ts|tsx|js|jsx)$/, "")
-      .replace(/\/route\.(ts|tsx|js|jsx)$/, "")
-      .replace(/\/index\.(ts|tsx|js|jsx)$/, "")
-      .replace(/\.(ts|tsx|js|jsx)$/, "")
-      .replace(/\[\.\.\.(\w+)\]/g, "*") // Catch-all
-      .replace(/\[(\w+)\]/g, ":$1"); // Dynamic segments
-    
-    if (!routePath.startsWith("/")) routePath = "/" + routePath;
-    if (routePath === "/") routePath = "/";
-    
-    routes.push({
-      path: routePath,
-      file: relativePath,
-      line: 1,
-      type: relativePath.includes("/api/") ? "api" : "page",
-    });
-  }
-  
-  return routes;
-}
-
-async function extractRouteReferences(files, projectPath) {
-  const references = [];
-  
-  for (const file of files) {
-    try {
-      const content = fs.readFileSync(file, "utf8");
-      const relativePath = path.relative(projectPath, file).replace(/\\/g, "/");
-      
-      // Find Link hrefs
-      const linkMatches = content.matchAll(/href=["'`]([^"'`]+)["'`]/g);
-      for (const match of linkMatches) {
-        const line = content.substring(0, match.index).split("\n").length;
-        references.push({
-          path: match[1],
-          file: relativePath,
-          line,
-          type: "link",
-        });
-      }
-      
-      // Find router.push/replace
-      const routerMatches = content.matchAll(/(?:router|navigate)\.(?:push|replace)\s*\(\s*["'`]([^"'`]+)["'`]/g);
-      for (const match of routerMatches) {
-        const line = content.substring(0, match.index).split("\n").length;
-        references.push({
-          path: match[1],
-          file: relativePath,
-          line,
-          type: "navigation",
-        });
-      }
-      
-      // Find fetch calls to API routes
-      const fetchMatches = content.matchAll(/fetch\s*\(\s*["'`](\/api[^"'`]+)["'`]/g);
-      for (const match of fetchMatches) {
-        const line = content.substring(0, match.index).split("\n").length;
-        references.push({
-          path: match[1],
-          file: relativePath,
-          line,
-          type: "fetch",
-        });
-      }
-    } catch {
-      // Skip files that can't be read
-    }
-  }
-  
-  return references;
-}
-
-function normalizeRoutePath(path) {
-  return path
-    .split("?")[0]
-    .split("#")[0]
-    .replace(/\/+$/, "") || "/";
-}
-
-function isExternalUrl(url) {
-  return /^(https?:)?\/\//.test(url) || url.startsWith("mailto:") || url.startsWith("tel:");
-}
-
-function isInternalRoute(path) {
-  return path.startsWith("/_") || path.includes("/_");
-}
-
-function isApiRoute(path) {
-  return path.startsWith("/api/") || path.includes("/api/");
-}
-
-function matchesDynamicRoute(path, definedRoutes) {
-  for (const route of definedRoutes) {
-    if (matchesDynamicPattern(path, route)) return true;
-  }
-  return false;
-}
-
-function matchesDynamicPattern(path, pattern) {
-  const pathParts = path.split("/");
-  const patternParts = pattern.split("/");
-  
-  if (patternParts.includes("*")) return true; // Catch-all
-  
-  if (pathParts.length !== patternParts.length) return false;
-  
-  for (let i = 0; i < patternParts.length; i++) {
-    const pp = patternParts[i];
-    if (pp.startsWith(":")) continue; // Dynamic segment matches anything
-    if (pp !== pathParts[i]) return false;
-  }
-  
-  return true;
-}
-
-function routeExists(path, definitions) {
-  return definitions.some(def => 
-    def.path === path || matchesDynamicPattern(path, def.path)
-  );
-}
-
-function hashString(str) {
-  let hash = 0;
-  for (let i = 0; i < str.length; i++) {
-    const char = str.charCodeAt(i);
-    hash = ((hash << 5) - hash) + char;
-    hash = hash & hash;
-  }
-  return Math.abs(hash).toString(36).substring(0, 8);
-}
-
-module.exports = {
-  validateRoutes,
-};