@vibecheckai/cli 3.5.0 → 3.5.2

package/bin/runners/lib/terminal-ui.js

@@ -27,12 +27,7 @@ const ansi = {
   dim: `${ESC}[2m`,
   italic: `${ESC}[3m`,
   underline: `${ESC}[4m`,
-  blink: `${ESC}[5m`,
-  inverse: `${ESC}[7m`,
-  hidden: `${ESC}[8m`,
-  strike: `${ESC}[9m`,
   // Colors
-  black: `${ESC}[30m`,
   red: `${ESC}[31m`,
   green: `${ESC}[32m`,
   yellow: `${ESC}[33m`,
@@ -40,42 +35,22 @@ const ansi = {
   magenta: `${ESC}[35m`,
   cyan: `${ESC}[36m`,
   white: `${ESC}[37m`,
-  // Bright colors
   gray: `${ESC}[90m`,
-  brightRed: `${ESC}[91m`,
-  brightGreen: `${ESC}[92m`,
-  brightYellow: `${ESC}[93m`,
-  brightBlue: `${ESC}[94m`,
-  brightMagenta: `${ESC}[95m`,
-  brightCyan: `${ESC}[96m`,
-  brightWhite: `${ESC}[97m`,
   // RGB colors (truecolor support)
   rgb: (r, g, b) => SUPPORTS_TRUECOLOR ? `${ESC}[38;2;${r};${g};${b}m` : '',
   bgRgb: (r, g, b) => SUPPORTS_TRUECOLOR ? `${ESC}[48;2;${r};${g};${b}m` : '',
   // Backgrounds
-  bgBlack: `${ESC}[40m`,
   bgRed: `${ESC}[41m`,
   bgGreen: `${ESC}[42m`,
   bgYellow: `${ESC}[43m`,
   bgBlue: `${ESC}[44m`,
   bgMagenta: `${ESC}[45m`,
   bgCyan: `${ESC}[46m`,
-  bgWhite: `${ESC}[47m`,
-  bgBrightBlack: `${ESC}[100m`,
-  // Cursor control
+  // Cursor
   hideCursor: `${ESC}[?25l`,
   showCursor: `${ESC}[?25h`,
   clearLine: `${ESC}[2K`,
-  clearScreen: `${ESC}[2J`,
-  clearToEnd: `${ESC}[0J`,
-  saveCursor: `${ESC}[s`,
-  restoreCursor: `${ESC}[u`,
   cursorUp: (n = 1) => `${ESC}[${n}A`,
-  cursorDown: (n = 1) => `${ESC}[${n}B`,
-  cursorRight: (n = 1) => `${ESC}[${n}C`,
-  cursorLeft: (n = 1) => `${ESC}[${n}D`,
-  cursorTo: (row, col) => `${ESC}[${row};${col}H`,
-  cursorHome: `${ESC}[H`,
 };
 
 // Semantic Palette
@@ -94,50 +69,17 @@ const style = {
 };
 
 const icons = {
-  // Status
   success: '✓',
-  check: '✓',
   error: '✗',
-  cross: '✗',
   warning: '⚠',
   info: 'ℹ',
-  // Navigation
   bullet: '•',
   pointer: '❯',
   arrowRight: '→',
-  arrow: '→',
-  arrowLeft: '←',
-  arrowUp: '↑',
-  arrowDown: '↓',
-  // Shapes
   line: '─',
   radioOn: '◉',
   radioOff: '○',
-  star: '★',
-  sparkle: '✨',
-  // Emoji icons
   lock: '🔒',
-  ship: '🚀',
-  rocket: '🚀',
-  eye: '👁️',
-  brain: '🧠',
-  target: '🎯',
-  chart: '📊',
-  wrench: '🔧',
-  gear: '⚙️',
-  shield: '🛡️',
-  lightning: '⚡',
-  fire: '🔥',
-  folder: '📁',
-  file: '📄',
-  search: '🔍',
-  book: '📖',
-  server: '🖥️',
-  // Severity
-  critical: '🔴',
-  high: '🟠',
-  medium: '🟡',
-  low: '🔵',
 };
 
 // ═══════════════════════════════════════════════════════════════════════════════
@@ -208,6 +150,11 @@ class Spinner {
     return this;
   }
 
+  update(text) {
+    this.text = text;
+    return this;
+  }
+
   stop(symbol = icons.success, color = ansi.green, finalMsg) {
     if (this.timer) clearInterval(this.timer);
     process.stdout.write(`\r${ansi.clearLine}`);
@@ -341,27 +288,6 @@ const colors = {
   accent: ansi.cyan,
   muted: ansi.gray,
   highlight: ansi.white,
-  // Extended palette for specific use cases
-  shipGreen: ansi.rgb(0, 255, 150),
-  warnAmber: ansi.rgb(255, 200, 0),
-  blockRed: ansi.rgb(255, 80, 80),
-  watching: ansi.rgb(100, 200, 255),
-  gradient1: ansi.rgb(150, 100, 255),
-  gradient2: ansi.rgb(130, 80, 255),
-  gradient3: ansi.rgb(110, 60, 255),
-};
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// SHORTHAND 'c' ALIAS (for legacy runner compatibility)
-// ═══════════════════════════════════════════════════════════════════════════════
-
-/**
- * Legacy shorthand - prefer using `ansi` directly in new code
- */
-const c = {
-  ...ansi,
-  // Clear shorthand
-  clear: `${ESC}[2J${ESC}[H`,
 };
 
 // ═══════════════════════════════════════════════════════════════════════════════
@@ -404,60 +330,27 @@ class PhaseProgress {
   stop() { return this; }
 }
 
-// ═══════════════════════════════════════════════════════════════════════════════
-// TOP-LEVEL RGB FUNCTIONS (for migration ease)
-// ═══════════════════════════════════════════════════════════════════════════════
-
-const rgb = ansi.rgb;
-const bgRgb = ansi.bgRgb;
-
 // ═══════════════════════════════════════════════════════════════════════════════
 // EXPORTS
 // ═══════════════════════════════════════════════════════════════════════════════
 
 module.exports = {
-  // Core constants
   WIDTH,
-  ESC,
-  SUPPORTS_TRUECOLOR,
-  
-  // ANSI codes (main export)
   ansi,
-  
-  // Legacy shorthand alias
-  c,
-  
-  // Semantic colors
   colors,
   style,
-  
-  // Icons
   icons,
-  
-  // Box drawing
   BOX,
-  
-  // RGB functions (top-level)
-  rgb,
-  bgRgb,
-  
-  // Text utilities
   padCenter,
   padRight,
   truncate,
-  
-  // Components
   Spinner,
   PhaseProgress,
-  
-  // Render functions
   renderProgressBar,
   renderScreenHeader,
   renderScreenFooter,
   renderVerdictTable,
   renderSection,
   renderBanner,
-  
-  // Utilities
   formatDuration,
 };

package/bin/runners/lib/truth.js

@@ -500,14 +500,131 @@ function resolveFastifyRoutes(repoRoot, entryAbs, stats) {
     // best-effort: fastify instance identifiers
     const fastifyNames = new Set(["fastify"]);
 
+    // Static string + local-plugin harvesting (cheap, big impact on false positives)
+    const _rawConstInits = new Map();   // name -> init node (evaluated lazily)
+    const _constStrings = new Map();    // name -> resolved string
+    const _localPlugins = new Map();    // name -> Function node
+
+    function evalStaticString(node, depth = 0) {
+      if (!node || depth > 6) return null;
+
+      if (t.isStringLiteral(node)) return node.value;
+
+      if (t.isTemplateLiteral(node) && node.expressions.length === 0) {
+        return node.quasis.map((q) => q.value.cooked || "").join("");
+      }
+
+      if (t.isIdentifier(node)) {
+        const name = node.name;
+        if (_constStrings.has(name)) return _constStrings.get(name);
+        const init = _rawConstInits.get(name);
+        if (!init) return null;
+        const v = evalStaticString(init, depth + 1);
+        if (typeof v === "string") {
+          // cap to avoid pathological blowups
+          if (v.length <= 4096) _constStrings.set(name, v);
+          return v;
+        }
+        return null;
+      }
+
+      if (t.isBinaryExpression(node, { operator: "+" })) {
+        const l = evalStaticString(node.left, depth + 1);
+        const r = evalStaticString(node.right, depth + 1);
+        if (typeof l !== "string" || typeof r !== "string") return null;
+        const out = l + r;
+        return out.length <= 4096 ? out : null;
+      }
+
+      return null;
+    }
+
+    function extractPrefixFromOptsV3(node) {
+      if (!t.isObjectExpression(node)) return null;
+      for (const p of node.properties) {
+        if (!t.isObjectProperty(p)) continue;
+        const key =
+          t.isIdentifier(p.key) ? p.key.name :
+          t.isStringLiteral(p.key) ? p.key.value :
+          null;
+        if (key !== "prefix") continue;
+        return evalStaticString(p.value);
+      }
+      return null;
+    }
+
+    function extractRouteObjectV3(objExpr) {
+      let url = null;
+      let methods = [];
+      let hasHandler = false;
+      const hooks = [];
+
+      for (const p of objExpr.properties) {
+        if (!t.isObjectProperty(p)) continue;
+
+        const key =
+          t.isIdentifier(p.key) ? p.key.name :
+          t.isStringLiteral(p.key) ? p.key.value :
+          null;
+        if (!key) continue;
+
+        if (key === "url") {
+          const u = evalStaticString(p.value);
+          if (typeof u === "string") url = u;
+        }
+
+        if (key === "method") {
+          if (t.isStringLiteral(p.value)) methods = [p.value.value];
+          if (t.isArrayExpression(p.value)) {
+            methods = p.value.elements.filter((e) => t.isStringLiteral(e)).map((e) => e.value);
+          }
+        }
+
+        if (key === "handler") hasHandler = true;
+        if (["preHandler", "onRequest", "preValidation", "preSerialization"].includes(key)) hooks.push(key);
+      }
+
+      return { url, methods, hasHandler, hooks };
+    }
+
+    function unwrapPluginArg(node) {
+      // fastify-plugin wrappers are common: fastify.register(fp(plugin))
+      // We unwrap 1 layer, best-effort.
+      if (!node) return node;
+      if (!t.isCallExpression(node)) return node;
+
+      const calleeName =
+        t.isIdentifier(node.callee) ? node.callee.name :
+        t.isMemberExpression(node.callee) && t.isIdentifier(node.callee.property) ? node.callee.property.name :
+        null;
+
+      if (!calleeName) return node;
+      if (!/^(fp|fastifyPlugin|plugin|fastifyPluginify)$/i.test(calleeName)) return node;
+
+      const a0 = node.arguments && node.arguments[0];
+      return a0 || node;
+    }
+
     try {
       traverse(ast, {
+        FunctionDeclaration(p) {
+          if (t.isIdentifier(p.node.id)) {
+            _localPlugins.set(p.node.id.name, p.node);
+          }
+        },
         VariableDeclarator(p) {
           if (!t.isIdentifier(p.node.id)) return;
           const id = p.node.id.name;
           const init = p.node.init;
           if (!init) return;
 
+          _rawConstInits.set(id, init);
+
+          // local plugin: const routes = async (fastify) => { ... }
+          if (t.isFunctionExpression(init) || t.isArrowFunctionExpression(init)) {
+            _localPlugins.set(id, init);
+          }
+
           // const app = Fastify()
           if (t.isCallExpression(init) && t.isIdentifier(init.callee)) {
             const cal = init.callee.name;
@@ -570,7 +687,7 @@ function resolveFastifyRoutes(repoRoot, entryAbs, stats) {
 
           // fastify.get('/x', ...)
           if (isFastifyMethod(prop)) {
-            const routeStr = extractStringLiteral(p.node.arguments[0]);
+            const routeStr = evalStaticString(p.node.arguments[0]);
             if (!routeStr) return;
 
             const fullPath = joinPaths(prefix, routeStr);
@@ -599,7 +716,7 @@ function resolveFastifyRoutes(repoRoot, entryAbs, stats) {
             const arg0 = p.node.arguments[0];
             if (!t.isObjectExpression(arg0)) return;
 
-            const r = extractRouteObject(arg0);
+            const r = extractRouteObjectV3(arg0);
             if (!r.url) return;
 
             const fullPath = joinPaths(prefix, r.url);
@@ -628,21 +745,31 @@ function resolveFastifyRoutes(repoRoot, entryAbs, stats) {
 
           // fastify.register(plugin, { prefix })
           if (prop === "register") {
-            const pluginArgRaw = p.node.arguments[0];
+            const pluginArgRaw = unwrapPluginArg(p.node.arguments[0]);
             const optsArg = p.node.arguments[1];
 
-            const childPrefixRaw = extractPrefixFromOpts(optsArg);
+            const childPrefixRaw = extractPrefixFromOptsV3(optsArg);
             const childPrefix = childPrefixRaw ? joinPaths(prefix, childPrefixRaw) : prefix;
 
-            // inline plugin
-            if (t.isFunctionExpression(pluginArgRaw) || t.isArrowFunctionExpression(pluginArgRaw)) {
-              const param0 = pluginArgRaw.params[0];
+            // inline plugin OR local plugin identifier (common in real Fastify codebases)
+            let pluginFn = null;
+            const localIdentName = t.isIdentifier(pluginArgRaw) ? pluginArgRaw.name : null;
+            if (t.isFunctionExpression(pluginArgRaw) || t.isArrowFunctionExpression(pluginArgRaw)) pluginFn = pluginArgRaw;
+            if (!pluginFn && localIdentName) pluginFn = _localPlugins.get(localIdentName) || null;
+
+            if (pluginFn) {
+              const param0 = pluginFn.params && pluginFn.params[0];
               const innerName = t.isIdentifier(param0) ? param0.name : "fastify";
+              const bodyNode = pluginFn.body;
+              if (!t.isBlockStatement(bodyNode)) {
+                // We only handle block bodies. Expression-bodied arrows are rare for route plugins.
+                if (localIdentName) return;
+              }
 
               // traverse just the plugin body (best effort)
               try {
                 traverse(
-                  pluginArgRaw.body,
+                  bodyNode,
                   {
                     CallExpression(pp) {
                       const c = pp.node.callee;
@@ -653,7 +780,7 @@ function resolveFastifyRoutes(repoRoot, entryAbs, stats) {
                       const pr = c.property.name;
 
                       if (isFastifyMethod(pr)) {
-                        const rs = extractStringLiteral(pp.node.arguments[0]);
+                        const rs = evalStaticString(pp.node.arguments[0]);
                         if (!rs) return;
 
                         const fullPath = joinPaths(childPrefix, rs);
@@ -680,7 +807,7 @@ function resolveFastifyRoutes(repoRoot, entryAbs, stats) {
                         const a0 = pp.node.arguments[0];
                         if (!t.isObjectExpression(a0)) return;
 
-                        const r = extractRouteObject(a0);
+                        const r = extractRouteObjectV3(a0);
                         if (!r.url) return;
 
                         const fullPath = joinPaths(childPrefix, r.url);
@@ -713,6 +840,8 @@ function resolveFastifyRoutes(repoRoot, entryAbs, stats) {
                 // Inner traverse can fail; skip this plugin body
               }
 
+              // If this was a local plugin identifier, we've already extracted its routes.
+              if (localIdentName) return;
               return;
             }
 
@@ -1321,10 +1450,222 @@ function loadTruthpack(repoRoot) {
   }
 }
 
+// ---------- RepoIndex-powered build (vNext) ----------
+
+/**
+ * Build truthpack using RepoIndex for single-pass file indexing
+ * This is the optimized path that shares file reads across all extractors.
+ * 
+ * Enable with: VIBECHECK_ENGINE_V2=1
+ * 
+ * @param {Object} options
+ * @param {string} options.repoRoot
+ * @param {string} [options.fastifyEntry]
+ * @param {boolean} [options.verbose]
+ * @returns {Promise<Object>}
+ */
+async function buildTruthpackV2({ repoRoot, fastifyEntry, verbose }) {
+  const {
+    createIndex,
+    globalASTCache,
+    logIndexSummary,
+    extractNextAppRoutes,
+    extractNextPagesRoutes,
+    extractClientRefs,
+    extractFastifyRoutes,
+    detectFastifyEntries: detectFastifyEntriesV2,
+    buildEnvTruthV2,
+    buildBillingTruthV2,
+    buildAuthTruthV2,
+    buildEnforcementTruthV2,
+    extractExpressRoutes,
+  } = require("./engine");
+  
+  const startTime = Date.now();
+  
+  // Phase 0: Build RepoIndex (single glob pass)
+  const index = await createIndex(repoRoot);
+  
+  if (verbose || process.env.VIBECHECK_VERBOSE) {
+    logIndexSummary(index);
+    console.log(`   AST Cache: ${globalASTCache.getSummary().hitRate} hit rate`);
+  }
+
+  const stats = {
+    parseErrors: 0,
+    fastifyEntries: 0,
+    fastifyRoutes: 0,
+    nextAppRoutes: 0,
+    nextPagesRoutes: 0,
+    clientRefs: 0,
+    serverRoutes: 0,
+    gaps: 0,
+    indexTimeMs: index.stats.indexTimeMs,
+  };
+
+  // Use signals from index instead of re-detecting
+  const detectedFrameworks = Array.from(index.signals.detectedFrameworks);
+
+  // Workspaces
+  const workspaces = detectWorkspaces(repoRoot);
+
+  // Phase 1: Extract routes using optimized extractors (use RepoIndex + AST cache)
+  
+  // Next.js routes - use optimized extractors
+  const nextApp = extractNextAppRoutes(index, stats);
+  const nextPages = extractNextPagesRoutes(index, stats);
+
+  stats.nextAppRoutes = nextApp.length;
+  stats.nextPagesRoutes = nextPages.length;
+
+  // Fastify routes - use optimized extractor
+  let fastify = { routes: [], gaps: [] };
+
+  if (index.hasFramework("fastify") || fastifyEntry) {
+    if (fastifyEntry) {
+      const entryAbs = path.isAbsolute(fastifyEntry) ? fastifyEntry : path.join(repoRoot, fastifyEntry);
+      if (exists(entryAbs)) {
+        const resolved = extractFastifyRoutes(index, entryAbs, stats);
+        fastify.routes.push(...resolved.routes);
+        fastify.gaps.push(...resolved.gaps);
+        stats.fastifyEntries = 1;
+      }
+    } else {
+      const entries = detectFastifyEntriesV2(index);
+      stats.fastifyEntries = entries.length;
+
+      for (const entryAbs of entries) {
+        const resolved = extractFastifyRoutes(index, entryAbs, stats);
+        fastify.routes.push(...resolved.routes);
+        fastify.gaps.push(...resolved.gaps);
+      }
+    }
+  }
+
+  stats.fastifyRoutes = fastify.routes.length;
+
+  // Express routes - use optimized extractor
+  const expressRoutes = extractExpressRoutes(index, stats);
+
+  // Multi-framework routes (Flask, Django, etc. - still uses old resolvers for non-JS frameworks)
+  // Express is handled above via optimized extractor
+  const multiFramework = await resolveAllRoutes(repoRoot, { 
+    mode: process.env.VIBECHECK_ROUTE_SCAN_MODE || "smart",
+    verbose: verbose || !!process.env.VIBECHECK_VERBOSE_ROUTES,
+    skipExpress: true, // Skip Express since we handle it above with optimized extractor
+  });
+
+  // Client refs - use optimized extractor
+  const clientRefsOptimized = extractClientRefs(index, stats);
+  const allClientRefs = [...clientRefsOptimized, ...(multiFramework.clientRefs || [])];
+
+  stats.clientRefs = allClientRefs.length;
+
+  // Merge server routes (including optimized Express routes)
+  const serverRoutesRaw = [...nextApp, ...nextPages, ...(fastify.routes || []), ...expressRoutes, ...(multiFramework.routes || [])];
+
+  const bestByKey = new Map();
+  for (const r of serverRoutesRaw) {
+    const key = `${canonicalizeMethod(r.method)}:${canonicalizePath(r.path)}`;
+    const prev = bestByKey.get(key);
+    if (!prev) {
+      bestByKey.set(key, { ...r, method: canonicalizeMethod(r.method), path: canonicalizePath(r.path) });
+      continue;
+    }
+    const prevScore = scoreConfidence(prev.confidence) + (prev.method === "*" ? 0 : 1);
+    const curScore = scoreConfidence(r.confidence) + (r.method === "*" ? 0 : 1);
+    if (curScore > prevScore) {
+      bestByKey.set(key, { ...r, method: canonicalizeMethod(r.method), path: canonicalizePath(r.path) });
+    }
+  }
+
+  const server = Array.from(bestByKey.values());
+  stats.serverRoutes = server.length;
+
+  // Merge gaps
+  const allGaps = [...(fastify.gaps || []), ...(multiFramework.gaps || [])];
+  stats.gaps = allGaps.length;
+
+  // Phase 2: Build other truths (env, auth, billing, enforcement)
+  // All use optimized extractors with RepoIndex
+  const env = buildEnvTruthV2(index, stats);
+  const auth = buildAuthTruthV2(index, server);
+  const billing = buildBillingTruthV2(index, stats);
+  const enforcement = buildEnforcementTruthV2(index, server);
+
+  // Determine frameworks
+  const frameworks = new Set(detectedFrameworks);
+  server.forEach((r) => r.framework && frameworks.add(r.framework));
+  if (nextApp.length || nextPages.length) frameworks.add("next");
+  if (fastify.routes.length) frameworks.add("fastify");
+
+  stats.totalTimeMs = Date.now() - startTime;
+
+  const truthpack = {
+    meta: {
+      version: "2.2.0", // Bump version for v2 engine
+      generatedAt: new Date().toISOString(),
+      repoRoot,
+      commit: { sha: process.env.VIBECHECK_COMMIT_SHA || "unknown" },
+      stats,
+      engine: "v2", // Mark as v2 engine
+    },
+    project: {
+      frameworks: Array.from(frameworks),
+      workspaces,
+      entrypoints: {
+        fastify: fastifyEntry ? [fastifyEntry] : [],
+      },
+    },
+    routes: { server, clientRefs: allClientRefs, gaps: allGaps },
+    env,
+    auth,
+    billing,
+    enforcement,
+  };
+
+  const hash = sha256(JSON.stringify(truthpack));
+  truthpack.index = { 
+    hashes: { truthpackHash: hash }, 
+    evidenceRefs: [],
+    repoIndex: {
+      totalFiles: index.stats.totalFiles,
+      totalSize: index.stats.totalSize,
+      indexTimeMs: index.stats.indexTimeMs,
+    },
+  };
+
+  // Clear caches to free memory
+  index.clearContentCache();
+  clearCache();
+
+  return truthpack;
+}
+
+/**
+ * Smart buildTruthpack - uses v2 engine by default for better performance.
+ * Set VIBECHECK_ENGINE_V1=1 to fall back to v1 for backward compatibility.
+ * 
+ * V2 Engine Benefits:
+ * - Single-pass file indexing (RepoIndex)
+ * - Shared AST cache (globalASTCache)
+ * - Token prefiltering for faster file selection
+ * - ~30% faster on typical projects
+ */
+async function buildTruthpackSmart(options) {
+  if (process.env.VIBECHECK_ENGINE_V1 === "1") {
+    return buildTruthpack(options);
+  }
+  // V2 is now the default - uses RepoIndex + AST cache
+  return buildTruthpackV2(options);
+}
+
 module.exports = {
   canonicalizeMethod,
   canonicalizePath,
   buildTruthpack,
+  buildTruthpackV2,
+  buildTruthpackSmart,
   writeTruthpack,
   loadTruthpack,
   clearCache, // Clear file cache to free memory (important for long-running processes)