@vibecheckai/cli 3.5.0 → 3.5.2

package/bin/runners/lib/authority/authorities/architecture.js

@@ -1,364 +0,0 @@
-/**
- * Architecture Authority - Automated architecture review
- * 
- * Checks for:
- * - Import/export patterns
- * - Circular dependencies
- * - Layer violations
- * - Naming conventions
- * - File organization
- */
-
-"use strict";
-
-const crypto = require("crypto");
-const path = require("path");
-
-class ArchitectureAuthority {
-  static description = "Architecture review (patterns, structure)";
-  static automated = true;
-  static tier = "pro";
-  
-  constructor(options = {}) {
-    this.options = options;
-    this.rules = this._initializeRules();
-  }
-  
-  _initializeRules() {
-    return {
-      layerViolations: [
-        { 
-          name: "ui-imports-db",
-          pattern: /from\s+['"].*\/(database|db|prisma|models)\//,
-          context: /(components|pages|views|ui)\//,
-          message: "UI layer importing directly from database layer",
-          severity: "high",
-        },
-        {
-          name: "model-imports-ui",
-          pattern: /from\s+['"].*\/(components|views|pages)\//,
-          context: /(models|entities|database)\//,
-          message: "Data layer importing from UI layer",
-          severity: "high",
-        },
-      ],
-      circularDependencies: {
-        enabled: true,
-        severity: "medium",
-      },
-      namingConventions: [
-        {
-          name: "component-naming",
-          pattern: /^[A-Z][a-zA-Z0-9]*\.(tsx|jsx)$/,
-          context: /components\//,
-          message: "Component files should use PascalCase",
-          severity: "low",
-        },
-        {
-          name: "hook-naming",
-          pattern: /^use[A-Z][a-zA-Z0-9]*\.(ts|tsx)$/,
-          context: /hooks\//,
-          message: "Hook files should start with 'use' prefix",
-          severity: "low",
-        },
-        {
-          name: "util-naming",
-          pattern: /^[a-z][a-zA-Z0-9-]*\.(ts|js)$/,
-          context: /(utils?|lib|helpers)\//,
-          message: "Utility files should use camelCase or kebab-case",
-          severity: "low",
-        },
-      ],
-      importPatterns: [
-        {
-          name: "relative-import-depth",
-          pattern: /from\s+['"]\.\.\/\.\.\/\.\.\/\.\.\//,
-          message: "Import depth exceeds 3 levels - consider using path aliases",
-          severity: "medium",
-        },
-        {
-          name: "index-barrel-bloat",
-          pattern: /export\s+\*\s+from/,
-          message: "Barrel exports can cause bundle bloat - verify tree-shaking",
-          severity: "low",
-        },
-        {
-          name: "default-export-missing",
-          pattern: /^(?!.*export\s+default).*\.tsx$/m,
-          context: /(pages|app)\//,
-          message: "Page/App files typically need default export",
-          severity: "medium",
-        },
-      ],
-      fileOrganization: [
-        {
-          name: "test-colocation",
-          check: (files) => {
-            const srcFiles = files.filter(f => f.path.match(/src\/.*\.(ts|tsx|js|jsx)$/));
-            const testFiles = files.filter(f => f.path.match(/\.(test|spec)\.(ts|tsx|js|jsx)$/));
-            const colocated = testFiles.filter(t => {
-              const basePath = t.path.replace(/\.(test|spec)\.(ts|tsx|js|jsx)$/, "");
-              return srcFiles.some(s => s.path.startsWith(basePath));
-            });
-            return {
-              pass: colocated.length === testFiles.length,
-              message: "Tests should be colocated with source files",
-              severity: "low",
-            };
-          },
-        },
-      ],
-    };
-  }
-
-  async review(payload) {
-    const { files = [], diff = "", context = {} } = payload;
-    const findings = [];
-    const startTime = Date.now();
-
-    // Analyze imports and exports in diff
-    if (diff) {
-      findings.push(...this._analyzeDiffPatterns(diff));
-    }
-
-    // Analyze file structure
-    if (files.length > 0) {
-      findings.push(...this._analyzeFileStructure(files));
-      findings.push(...this._detectCircularDependencies(files));
-    }
-
-    // Check naming conventions
-    findings.push(...this._checkNamingConventions(files));
-
-    // Determine approval status
-    const hasHigh = findings.some(f => f.severity === "high");
-    const hasMedium = findings.some(f => f.severity === "medium");
-
-    return {
-      approved: !hasHigh,
-      reason: hasHigh 
-        ? "Architecture violations found - review required" 
-        : hasMedium
-          ? "Approved with architecture warnings"
-          : findings.length > 0 
-            ? "Approved with minor suggestions"
-            : "Architecture patterns look good",
-      findings,
-      signature: this._sign(findings),
-      metadata: {
-        analysisTimeMs: Date.now() - startTime,
-        filesAnalyzed: files.length,
-        rulesChecked: this._countRules(),
-      },
-    };
-  }
-
-  _analyzeDiffPatterns(diff) {
-    const findings = [];
-    const lines = diff.split("\n");
-    let currentFile = "unknown";
-    let lineNumber = 0;
-
-    for (const line of lines) {
-      // Track file context
-      if (line.startsWith("+++") || line.startsWith("---")) {
-        const match = line.match(/[ab]\/(.+)/);
-        if (match) currentFile = match[1];
-        continue;
-      }
-
-      if (line.startsWith("@@")) {
-        const match = line.match(/@@ -\d+(?:,\d+)? \+(\d+)/);
-        if (match) lineNumber = parseInt(match[1], 10);
-        continue;
-      }
-
-      // Only check added lines
-      if (line.startsWith("+") && !line.startsWith("+++")) {
-        const addedContent = line.slice(1);
-
-        // Check layer violations
-        for (const rule of this.rules.layerViolations) {
-          if (rule.context.test(currentFile) && rule.pattern.test(addedContent)) {
-            findings.push({
-              type: "layer-violation",
-              rule: rule.name,
-              severity: rule.severity,
-              message: rule.message,
-              file: currentFile,
-              line: lineNumber,
-              evidence: addedContent.trim().slice(0, 100),
-            });
-          }
-        }
-
-        // Check import patterns
-        for (const rule of this.rules.importPatterns) {
-          if (rule.pattern.test(addedContent)) {
-            if (!rule.context || rule.context.test(currentFile)) {
-              findings.push({
-                type: "import-pattern",
-                rule: rule.name,
-                severity: rule.severity,
-                message: rule.message,
-                file: currentFile,
-                line: lineNumber,
-                evidence: addedContent.trim().slice(0, 100),
-              });
-            }
-          }
-        }
-
-        lineNumber++;
-      } else if (!line.startsWith("-")) {
-        lineNumber++;
-      }
-    }
-
-    return findings;
-  }
-
-  _analyzeFileStructure(files) {
-    const findings = [];
-
-    for (const rule of this.rules.fileOrganization) {
-      if (typeof rule.check === "function") {
-        const result = rule.check(files);
-        if (!result.pass) {
-          findings.push({
-            type: "file-organization",
-            rule: rule.name,
-            severity: result.severity || "low",
-            message: result.message,
-          });
-        }
-      }
-    }
-
-    return findings;
-  }
-
-  _detectCircularDependencies(files) {
-    const findings = [];
-    const graph = new Map();
-
-    // Build dependency graph
-    for (const file of files) {
-      if (!file.content) continue;
-      
-      const imports = [];
-      const importRegex = /import\s+(?:.*?\s+from\s+)?['"]([^'"]+)['"]/g;
-      let match;
-      
-      while ((match = importRegex.exec(file.content)) !== null) {
-        const importPath = match[1];
-        // Only track relative imports
-        if (importPath.startsWith(".")) {
-          const resolvedPath = this._resolveImportPath(file.path, importPath);
-          imports.push(resolvedPath);
-        }
-      }
-      
-      graph.set(file.path, imports);
-    }
-
-    // Detect cycles using DFS
-    const visited = new Set();
-    const recursionStack = new Set();
-
-    const detectCycle = (node, path = []) => {
-      if (recursionStack.has(node)) {
-        const cycleStart = path.indexOf(node);
-        const cycle = path.slice(cycleStart);
-        return { hasCycle: true, cycle: [...cycle, node] };
-      }
-      
-      if (visited.has(node)) {
-        return { hasCycle: false };
-      }
-
-      visited.add(node);
-      recursionStack.add(node);
-
-      const neighbors = graph.get(node) || [];
-      for (const neighbor of neighbors) {
-        const result = detectCycle(neighbor, [...path, node]);
-        if (result.hasCycle) {
-          return result;
-        }
-      }
-
-      recursionStack.delete(node);
-      return { hasCycle: false };
-    };
-
-    for (const node of graph.keys()) {
-      visited.clear();
-      recursionStack.clear();
-      const result = detectCycle(node);
-      
-      if (result.hasCycle) {
-        findings.push({
-          type: "circular-dependency",
-          severity: this.rules.circularDependencies.severity,
-          message: "Circular dependency detected",
-          evidence: result.cycle.join(" → "),
-        });
-        break; // Report only first cycle found
-      }
-    }
-
-    return findings;
-  }
-
-  _checkNamingConventions(files) {
-    const findings = [];
-
-    for (const file of files) {
-      const fileName = path.basename(file.path);
-      
-      for (const rule of this.rules.namingConventions) {
-        if (rule.context.test(file.path)) {
-          if (!rule.pattern.test(fileName)) {
-            findings.push({
-              type: "naming-convention",
-              rule: rule.name,
-              severity: rule.severity,
-              message: rule.message,
-              file: file.path,
-            });
-          }
-        }
-      }
-    }
-
-    return findings;
-  }
-
-  _resolveImportPath(fromPath, importPath) {
-    const fromDir = path.dirname(fromPath);
-    return path.normalize(path.join(fromDir, importPath));
-  }
-
-  _countRules() {
-    return (
-      this.rules.layerViolations.length +
-      this.rules.namingConventions.length +
-      this.rules.importPatterns.length +
-      this.rules.fileOrganization.length +
-      1 // circular dependencies
-    );
-  }
-
-  _sign(findings) {
-    const timestamp = Date.now();
-    const hash = crypto
-      .createHash("sha256")
-      .update(JSON.stringify({ findings: findings.length, timestamp }))
-      .digest("hex")
-      .slice(0, 16);
-    return `arch_${timestamp}_${hash}_${findings.length}`;
-  }
-}
-
-module.exports = { ArchitectureAuthority };

package/bin/runners/lib/authority/authorities/compliance.js

@@ -1,341 +0,0 @@
-/**
- * Compliance Authority - Automated compliance review
- * 
- * Checks for:
- * - SOC2 compliance issues
- * - GDPR data handling
- * - HIPAA PHI handling
- * - PCI-DSS requirements
- * - License compliance
- */
-
-"use strict";
-
-const crypto = require("crypto");
-
-class ComplianceAuthority {
-  static description = "Compliance check (SOC2, GDPR, HIPAA, etc.)";
-  static automated = true;
-  static tier = "pro";
-  
-  constructor(options = {}) {
-    this.options = options;
-    this.frameworks = options.frameworks || ["soc2", "gdpr"];
-    this.rules = this._initializeRules();
-  }
-  
-  _initializeRules() {
-    return {
-      soc2: [
-        {
-          name: "logging-required",
-          pattern: /(authentication|login|logout|password|permission|access)/i,
-          checkAuditLog: true,
-          message: "Security events must be logged for SOC2 compliance",
-          severity: "high",
-        },
-        {
-          name: "encryption-at-rest",
-          pattern: /\.encrypt|crypto\.|bcrypt|argon2/,
-          inverse: true,
-          context: /(password|secret|token|key)/i,
-          message: "Sensitive data should be encrypted at rest",
-          severity: "high",
-        },
-        {
-          name: "access-control",
-          pattern: /(isAdmin|isAuthenticated|hasPermission|authorize|checkRole)/i,
-          context: /(route|endpoint|api|handler)/i,
-          message: "API endpoints should have access control checks",
-          severity: "medium",
-        },
-      ],
-      gdpr: [
-        {
-          name: "pii-handling",
-          pattern: /(email|phone|address|ssn|social[_-]?security|passport|license)/i,
-          message: "Personal Identifiable Information detected - ensure GDPR compliance",
-          severity: "medium",
-        },
-        {
-          name: "consent-tracking",
-          pattern: /(consent|gdpr|optIn|optOut|dataSubject)/i,
-          context: /(user|customer|profile)/i,
-          inverse: true,
-          message: "User data handling should include consent management",
-          severity: "high",
-        },
-        {
-          name: "data-retention",
-          pattern: /(delete|purge|anonymize|retention)/i,
-          context: /(user|customer|pii)/i,
-          inverse: true,
-          message: "Consider data retention and right-to-be-forgotten requirements",
-          severity: "medium",
-        },
-        {
-          name: "data-export",
-          pattern: /(export|download|portability)/i,
-          context: /(user|customer|data)/i,
-          inverse: true,
-          message: "GDPR requires data portability capability",
-          severity: "low",
-        },
-      ],
-      hipaa: [
-        {
-          name: "phi-logging",
-          pattern: /(patient|medical|health|diagnosis|prescription|treatment)/i,
-          message: "Protected Health Information detected - ensure HIPAA compliance",
-          severity: "critical",
-        },
-        {
-          name: "phi-encryption",
-          pattern: /\.encrypt|crypto\./,
-          context: /(patient|medical|health)/i,
-          inverse: true,
-          message: "PHI must be encrypted in transit and at rest",
-          severity: "critical",
-        },
-        {
-          name: "access-audit",
-          pattern: /(audit|log|track)/i,
-          context: /(patient|medical|record)/i,
-          inverse: true,
-          message: "Access to PHI must be logged for HIPAA audit requirements",
-          severity: "high",
-        },
-      ],
-      pciDss: [
-        {
-          name: "card-data",
-          pattern: /(cardNumber|cvv|expiry|pan|primaryAccountNumber)/i,
-          message: "Payment card data detected - ensure PCI-DSS compliance",
-          severity: "critical",
-        },
-        {
-          name: "card-storage",
-          pattern: /(save|store|persist).*card/i,
-          message: "Storing payment card data requires PCI-DSS compliance",
-          severity: "critical",
-        },
-        {
-          name: "card-logging",
-          pattern: /console\.(log|info|debug).*card/i,
-          message: "Never log payment card data",
-          severity: "critical",
-        },
-      ],
-      licenses: [
-        {
-          name: "gpl-viral",
-          pattern: /GPL|GNU General Public/i,
-          context: /LICENSE|package\.json/,
-          message: "GPL license detected - may require source disclosure",
-          severity: "medium",
-        },
-        {
-          name: "agpl-network",
-          pattern: /AGPL|Affero/i,
-          context: /LICENSE|package\.json/,
-          message: "AGPL license detected - network use triggers disclosure",
-          severity: "high",
-        },
-      ],
-    };
-  }
-
-  async review(payload) {
-    const { files = [], diff = "", context = {} } = payload;
-    const findings = [];
-    const startTime = Date.now();
-
-    // Determine which frameworks to check
-    const activeFrameworks = context.frameworks || this.frameworks;
-
-    // Analyze diff content
-    if (diff) {
-      findings.push(...this._analyzeDiff(diff, activeFrameworks));
-    }
-
-    // Analyze files
-    for (const file of files) {
-      if (file.content) {
-        findings.push(...this._analyzeFile(file.path || "unknown", file.content, activeFrameworks));
-      }
-    }
-
-    // Check for missing compliance requirements
-    findings.push(...this._checkMissingRequirements(files, activeFrameworks));
-
-    // Determine approval status
-    const hasCritical = findings.some(f => f.severity === "critical");
-    const hasHigh = findings.some(f => f.severity === "high");
-
-    return {
-      approved: !hasCritical,
-      reason: hasCritical 
-        ? "Critical compliance violations found - immediate action required" 
-        : hasHigh
-          ? "Approved with compliance warnings - review required"
-          : findings.length > 0 
-            ? "Approved with minor compliance notes"
-            : "Compliance checks passed",
-      findings,
-      signature: this._sign(findings),
-      metadata: {
-        analysisTimeMs: Date.now() - startTime,
-        filesAnalyzed: files.length,
-        frameworksChecked: activeFrameworks,
-        rulesChecked: this._countRules(activeFrameworks),
-      },
-    };
-  }
-
-  _analyzeDiff(diff, frameworks) {
-    const findings = [];
-    const lines = diff.split("\n");
-    let currentFile = "unknown";
-    let lineNumber = 0;
-
-    for (const line of lines) {
-      if (line.startsWith("+++") || line.startsWith("---")) {
-        const match = line.match(/[ab]\/(.+)/);
-        if (match) currentFile = match[1];
-        continue;
-      }
-
-      if (line.startsWith("@@")) {
-        const match = line.match(/@@ -\d+(?:,\d+)? \+(\d+)/);
-        if (match) lineNumber = parseInt(match[1], 10);
-        continue;
-      }
-
-      if (line.startsWith("+") && !line.startsWith("+++")) {
-        const addedContent = line.slice(1);
-        
-        for (const framework of frameworks) {
-          const rules = this.rules[framework] || [];
-          for (const rule of rules) {
-            if (this._matchesRule(addedContent, currentFile, rule)) {
-              findings.push({
-                type: "compliance-violation",
-                framework,
-                rule: rule.name,
-                severity: rule.severity,
-                message: rule.message,
-                file: currentFile,
-                line: lineNumber,
-                evidence: addedContent.trim().slice(0, 100),
-              });
-            }
-          }
-        }
-
-        lineNumber++;
-      } else if (!line.startsWith("-")) {
-        lineNumber++;
-      }
-    }
-
-    return findings;
-  }
-
-  _analyzeFile(filePath, content, frameworks) {
-    const findings = [];
-    const lines = content.split("\n");
-
-    for (let i = 0; i < lines.length; i++) {
-      const line = lines[i];
-      
-      for (const framework of frameworks) {
-        const rules = this.rules[framework] || [];
-        for (const rule of rules) {
-          if (this._matchesRule(line, filePath, rule)) {
-            findings.push({
-              type: "compliance-violation",
-              framework,
-              rule: rule.name,
-              severity: rule.severity,
-              message: rule.message,
-              file: filePath,
-              line: i + 1,
-              evidence: line.trim().slice(0, 100),
-            });
-          }
-        }
-      }
-    }
-
-    return findings;
-  }
-
-  _matchesRule(content, filePath, rule) {
-    // Check context filter first
-    if (rule.context && !rule.context.test(content) && !rule.context.test(filePath)) {
-      return false;
-    }
-
-    const matches = rule.pattern.test(content);
-    
-    // Handle inverse rules (checking for absence of something)
-    if (rule.inverse) {
-      return !matches;
-    }
-    
-    return matches;
-  }
-
-  _checkMissingRequirements(files, frameworks) {
-    const findings = [];
-    const allContent = files.map(f => f.content || "").join("\n");
-
-    // Check for missing privacy policy reference (GDPR)
-    if (frameworks.includes("gdpr")) {
-      if (!/(privacy[_-]?policy|gdpr|data[_-]?protection)/i.test(allContent)) {
-        findings.push({
-          type: "compliance-missing",
-          framework: "gdpr",
-          rule: "privacy-policy-reference",
-          severity: "medium",
-          message: "Consider adding privacy policy references for GDPR compliance",
-        });
-      }
-    }
-
-    // Check for missing audit logging setup (SOC2)
-    if (frameworks.includes("soc2")) {
-      if (!/(auditLog|securityLog|eventLog|audit\.log)/i.test(allContent)) {
-        findings.push({
-          type: "compliance-missing",
-          framework: "soc2",
-          rule: "audit-logging-setup",
-          severity: "medium",
-          message: "SOC2 requires audit logging infrastructure",
-        });
-      }
-    }
-
-    return findings;
-  }
-
-  _countRules(frameworks) {
-    let count = 0;
-    for (const framework of frameworks) {
-      count += (this.rules[framework] || []).length;
-    }
-    return count;
-  }
-
-  _sign(findings) {
-    const timestamp = Date.now();
-    const hash = crypto
-      .createHash("sha256")
-      .update(JSON.stringify({ findings: findings.length, timestamp }))
-      .digest("hex")
-      .slice(0, 16);
-    return `compl_${timestamp}_${hash}_${findings.length}`;
-  }
-}
-
-module.exports = { ComplianceAuthority };