@vibecheckai/cli 3.5.0 → 3.5.2

package/bin/runners/lib/missions/plan.js

@@ -69,7 +69,6 @@ const CATEGORY_TO_MISSION_TYPE = {
   GhostAuth: "ADD_SERVER_AUTH",
   AuthCoverage: "ADD_SERVER_AUTH",
   AuthDrift: "FIX_AUTH_DRIFT",
-  SecurityVulnerabilities: "FIX_SECURITY_VULN",
   
   // Billing & Payments
   Billing: "FIX_STRIPE_WEBHOOKS",
@@ -78,12 +77,9 @@ const CATEGORY_TO_MISSION_TYPE = {
   // Routes & APIs
   MissingRoute: "FIX_MISSING_ROUTE",
   RouteDrift: "FIX_ROUTE_DRIFT",
-  APIConsistency: "FIX_API_CONSISTENCY",
   
   // Environment & Config
   EnvContract: "FIX_ENV_CONTRACT",
-  EnvVariable: "FIX_ENV_VALIDATION",
-  EnvSetup: "FIX_ENV_SETUP",
   
   // Reality/Runtime issues
   FakeSuccess: "FIX_FAKE_SUCCESS",
@@ -97,26 +93,6 @@ const CATEGORY_TO_MISSION_TYPE = {
   TestKeys: "FIX_TEST_KEYS",
   HardcodedSecrets: "FIX_HARDCODED_SECRETS",
   SilentFallback: "FIX_SILENT_FALLBACK",
-  CodeQuality: "FIX_CODE_QUALITY",
-  
-  // React Patterns (V5)
-  ReactPatterns: "FIX_REACT_PATTERN",
-  
-  // Database Patterns (V5)
-  DatabasePatterns: "FIX_DATABASE_PATTERN",
-  
-  // Async Patterns (V5)
-  AsyncPatterns: "FIX_ASYNC_PATTERN",
-  
-  // Error Handling (V5)
-  ErrorHandling: "FIX_ERROR_HANDLING",
-  
-  // Performance (V5)
-  Performance: "FIX_PERFORMANCE",
-  BundleSize: "FIX_BUNDLE_SIZE",
-  
-  // Accessibility
-  Accessibility: "FIX_ACCESSIBILITY",
 };
 
 /**
@@ -128,7 +104,6 @@ const MISSION_PRIORITY = {
   REMOVE_OWNER_MODE: 1,
   FIX_HARDCODED_SECRETS: 2,
   FIX_AUTH_DRIFT: 3,
-  FIX_SECURITY_VULN: 4,
   
   // P1: Security & billing (fix before shipping)
   FIX_STRIPE_WEBHOOKS: 10,
@@ -141,32 +116,17 @@ const MISSION_PRIORITY = {
   FIX_PLACEHOLDER_DATA: 21,
   FIX_FAKE_SUCCESS: 22,
   
-  // P3: Code quality & patterns (fix when possible)
+  // P3: Code quality (fix when possible)
   FIX_MISSING_ROUTE: 30,
   FIX_ROUTE_DRIFT: 31,
   FIX_ENV_CONTRACT: 32,
-  FIX_ENV_VALIDATION: 33,
-  FIX_ENV_SETUP: 34,
-  FIX_EMPTY_CATCH: 35,
-  FIX_SILENT_FALLBACK: 36,
-  FIX_ERROR_HANDLING: 37,
-  FIX_API_CONSISTENCY: 38,
-  
-  // P4: React & Framework patterns
-  FIX_REACT_PATTERN: 40,
-  FIX_ASYNC_PATTERN: 41,
-  FIX_DATABASE_PATTERN: 42,
-  FIX_CODE_QUALITY: 43,
-  
-  // P5: Performance & optimization
-  FIX_PERFORMANCE: 50,
-  FIX_BUNDLE_SIZE: 51,
+  FIX_EMPTY_CATCH: 33,
+  FIX_SILENT_FALLBACK: 34,
   
-  // P6: UI & accessibility
-  FIX_DEAD_UI: 60,
-  FIX_ACCESSIBILITY: 61,
+  // P4: UI issues (fix before polish)
+  FIX_DEAD_UI: 40,
   
-  // P7: Generic (lowest priority)
+  // P5: Generic (lowest priority)
   GENERIC_FIX: 99,
 };
 

package/bin/runners/lib/missions/templates.js

@@ -304,238 +304,6 @@ function templateForMissionType(type) {
         success: ["Silent fallback findings disappear and failures become visible."]
       };
 
-    // ═══════════════════════════════════════════════════════════════════════════════
-    // V5 MISSION TYPES - React, Database, Async, Performance patterns
-    // ═══════════════════════════════════════════════════════════════════════════════
-
-    case "FIX_REACT_PATTERN":
-      return {
-        intent: "Fix React anti-patterns that cause bugs, performance issues, or maintenance problems.",
-        do: [
-          "For missing keys: Add unique, stable keys to list items (use IDs, not array indices).",
-          "For direct state mutation: Use setState/dispatch with new object/array references.",
-          "For conditional hooks: Move hooks to top level, use early returns AFTER hooks.",
-          "For missing deps: Add all referenced values to dependency arrays, or wrap in useCallback/useMemo.",
-          "For stale closures: Include state variables in deps or use functional updates."
-        ],
-        dont: [
-          "Do not use array index as key for dynamic lists.",
-          "Do not mutate state directly (push, splice, sort on state arrays).",
-          "Do not call hooks inside conditions, loops, or nested functions.",
-          "Do not ignore ESLint exhaustive-deps warnings."
-        ],
-        success: ["React pattern findings disappear and component behavior becomes predictable."]
-      };
-
-    case "FIX_DATABASE_PATTERN":
-      return {
-        intent: "Fix database anti-patterns that cause N+1 queries, data integrity issues, or performance problems.",
-        do: [
-          "For N+1 queries: Use eager loading (include/select), batch queries, or DataLoader.",
-          "For unbounded queries: Add pagination (take/limit) to prevent memory issues.",
-          "For missing transactions: Wrap multiple writes in transaction blocks for atomicity.",
-          "For raw query injection: Use parameterized queries or ORM methods with proper escaping.",
-          "For missing error handling: Wrap DB operations in try-catch with proper error recovery."
-        ],
-        dont: [
-          "Do not query inside loops - batch before the loop.",
-          "Do not use string interpolation in raw SQL queries.",
-          "Do not rely on implicit transactions for multi-write operations.",
-          "Do not swallow database errors silently."
-        ],
-        success: ["Database pattern findings disappear and queries become efficient and safe."]
-      };
-
-    case "FIX_ASYNC_PATTERN":
-      return {
-        intent: "Fix async/await and Promise anti-patterns that cause race conditions or unhandled errors.",
-        do: [
-          "For floating promises: Add await, .catch(), or void to explicitly handle/ignore.",
-          "For sequential awaits: Use Promise.all() for independent async operations.",
-          "For await in loops: Batch with Promise.all() or use for-await-of for streams.",
-          "For async Promise executor: Remove async from new Promise(async () => {}).",
-          "For empty async catch: Log error and either re-throw or handle meaningfully."
-        ],
-        dont: [
-          "Do not create promises without handling rejections.",
-          "Do not use .then() inside async functions - use await instead.",
-          "Do not await sequentially when operations are independent.",
-          "Do not return inside Promise executor - resolve/reject instead."
-        ],
-        success: ["Async pattern findings disappear and async code handles all paths correctly."]
-      };
-
-    case "FIX_ERROR_HANDLING":
-      return {
-        intent: "Improve error handling to make failures visible and debuggable.",
-        do: [
-          "For empty catch: Add error logging (console.error or structured logger).",
-          "For generic errors: Include specific context in error messages.",
-          "For missing catch: Add .catch() to promises or wrap in try-catch.",
-          "For rethrow without context: Wrap with new Error('Context: ', { cause: err }).",
-          "For inconsistent API errors: Standardize error response shape across endpoints."
-        ],
-        dont: [
-          "Do not catch and ignore errors without logging.",
-          "Do not use generic messages like 'Something went wrong'.",
-          "Do not use console.log for errors - use console.error.",
-          "Do not expose internal error details to end users."
-        ],
-        success: ["Error handling findings disappear and failures become traceable."]
-      };
-
-    case "FIX_SECURITY_VULN":
-      return {
-        intent: "Fix security vulnerabilities that could lead to data breaches or system compromise.",
-        do: [
-          "For SQL injection: Use parameterized queries or ORM methods.",
-          "For XSS: Sanitize user input before rendering (DOMPurify, sanitize-html).",
-          "For path traversal: Validate and normalize paths, use path.resolve().",
-          "For command injection: Escape shell arguments or use safer APIs.",
-          "For SSRF: Validate URLs against allowlist, block internal IPs."
-        ],
-        dont: [
-          "Do not interpolate user input into SQL strings.",
-          "Do not use dangerouslySetInnerHTML with unsanitized content.",
-          "Do not use user input directly in file paths or shell commands.",
-          "Do not fetch arbitrary URLs provided by users."
-        ],
-        success: ["Security vulnerability findings disappear and attack surface is reduced."]
-      };
-
-    case "FIX_PERFORMANCE":
-      return {
-        intent: "Fix performance issues that degrade user experience or waste resources.",
-        do: [
-          "For memory leaks: Add cleanup in useEffect return, remove event listeners.",
-          "For unnecessary re-renders: Use React.memo, useMemo, useCallback appropriately.",
-          "For large operations: Move to Web Workers or use pagination.",
-          "For sync in async: Use non-blocking alternatives (streams, async iteration).",
-          "For RSC issues: Keep client hooks out of server components, and vice versa."
-        ],
-        dont: [
-          "Do not add event listeners without removal.",
-          "Do not re-create objects/arrays on every render.",
-          "Do not block the main thread with heavy computation.",
-          "Do not use useState/useEffect in Server Components."
-        ],
-        success: ["Performance findings disappear and app becomes responsive."]
-      };
-
-    case "FIX_BUNDLE_SIZE":
-      return {
-        intent: "Reduce client bundle size to improve load times and user experience.",
-        do: [
-          "For heavy packages: Replace moment with date-fns/dayjs, lodash with lodash-es.",
-          "For full imports: Use tree-shakeable imports (import { x } from 'lib').",
-          "For server code in client: Move server-only imports behind dynamic imports.",
-          "For large icons: Import specific icons, not entire icon libraries.",
-          "Consider code splitting and lazy loading for large features."
-        ],
-        dont: [
-          "Do not import entire libraries when you need one function.",
-          "Do not import server-only modules (fs, crypto) in client bundles.",
-          "Do not bundle development-only code in production.",
-          "Do not use moment.js for new projects."
-        ],
-        success: ["Bundle size findings disappear and initial load time improves."]
-      };
-
-    case "FIX_API_CONSISTENCY":
-      return {
-        intent: "Standardize API design for better developer experience and maintainability.",
-        do: [
-          "For REST violations: Use correct HTTP methods (GET for reads, POST for creates).",
-          "For inconsistent responses: Standardize response shape ({ data, error, meta }).",
-          "For missing validation: Add input validation using Zod, Yup, or Joi.",
-          "For missing auth: Add authentication checks to sensitive endpoints.",
-          "For missing rate limiting: Add rate limiting to public endpoints."
-        ],
-        dont: [
-          "Do not use GET for mutations or POST for reads.",
-          "Do not return different response shapes from different endpoints.",
-          "Do not trust client input without validation.",
-          "Do not expose sensitive endpoints without authentication."
-        ],
-        success: ["API consistency findings disappear and API becomes predictable."]
-      };
-
-    case "FIX_ENV_VALIDATION":
-      return {
-        intent: "Add runtime validation for environment variables to catch misconfigurations early.",
-        do: [
-          "Validate required env vars at startup, fail fast if missing.",
-          "Parse boolean env vars explicitly (process.env.FLAG === 'true').",
-          "Parse numeric env vars with parseInt/parseFloat and validate.",
-          "Use typed env validation libraries (t3-env, envalid).",
-          "Document all env vars in .env.example with descriptions."
-        ],
-        dont: [
-          "Do not compare env strings directly to booleans.",
-          "Do not use sensitive defaults that could accidentally work.",
-          "Do not let missing env vars cause cryptic runtime errors.",
-          "Do not use untyped process.env.* throughout the codebase."
-        ],
-        success: ["Env validation findings disappear and misconfigurations fail fast."]
-      };
-
-    case "FIX_ENV_SETUP":
-      return {
-        intent: "Improve environment variable setup for security and developer experience.",
-        do: [
-          "Ensure .env is in .gitignore.",
-          "Create .env.example with all required variables.",
-          "Use descriptive names (DATABASE_URL not DB).",
-          "Document sensitive vs non-sensitive variables.",
-          "Set up different .env files for different environments."
-        ],
-        dont: [
-          "Do not commit .env files with real secrets.",
-          "Do not use generic names for env vars.",
-          "Do not mix development defaults with production configs.",
-          "Do not leave .env.example out of date."
-        ],
-        success: ["Env setup findings disappear and onboarding becomes easier."]
-      };
-
-    case "FIX_ACCESSIBILITY":
-      return {
-        intent: "Fix accessibility issues to make the application usable by everyone.",
-        do: [
-          "For missing alt text: Add descriptive alt text, or alt='' for decorative images.",
-          "For missing labels: Add aria-label or visible labels to interactive elements.",
-          "For keyboard access: Add keyboard handlers (onKeyDown) alongside onClick.",
-          "For missing focus: Ensure focusable elements have visible focus indicators.",
-          "Test with screen readers and keyboard-only navigation."
-        ],
-        dont: [
-          "Do not use alt='image' or alt='icon' - be descriptive.",
-          "Do not rely solely on color to convey information.",
-          "Do not create mouse-only interactions.",
-          "Do not remove focus outlines without alternatives."
-        ],
-        success: ["Accessibility findings disappear and app works for all users."]
-      };
-
-    case "FIX_CODE_QUALITY":
-      return {
-        intent: "Improve code quality for better maintainability and fewer bugs.",
-        do: [
-          "For high complexity: Break down functions into smaller, focused units.",
-          "For magic numbers: Extract to named constants with clear meanings.",
-          "For deep nesting: Use early returns, extract functions, or flatten logic.",
-          "For too many params: Use options objects or builder patterns.",
-          "For large files: Split into modules with clear responsibilities."
-        ],
-        dont: [
-          "Do not write functions over 50 lines without good reason.",
-          "Do not use literal numbers without context (except 0, 1, -1).",
-          "Do not nest more than 3-4 levels deep.",
-          "Do not have functions with more than 4-5 parameters."
-        ],
-        success: ["Code quality findings disappear and code becomes maintainable."]
-      };
-
     default:
       return {
         intent: "Fix the specific finding with smallest correct patch.",