@vibecheckai/cli 3.5.0 → 3.5.2

package/bin/runners/lib/easy/one-click-firewall.js

@@ -1,564 +0,0 @@
-/**
- * One-Click Firewall
- * 
- * ═══════════════════════════════════════════════════════════════════════════════
- * PROTECTION IN ONE COMMAND - Just Works™
- * ═══════════════════════════════════════════════════════════════════════════════
- * 
- * Just run: npx vibecheck protect
- * 
- * This module:
- * 1. Sets up the firewall with smart defaults
- * 2. Installs git hooks automatically
- * 3. Configures VS Code integration
- * 4. Starts protecting immediately
- */
-
-"use strict";
-
-const fs = require("fs");
-const path = require("path");
-const { exec, execSync } = require("child_process");
-const { colors, icons } = require("./interactive-wizard");
-const { SimpleOutput } = require("./zero-config-reality");
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// DEFAULT CONFIGURATIONS
-// ═══════════════════════════════════════════════════════════════════════════════
-
-const DEFAULT_FIREWALL_CONFIG = {
-  version: "1.0",
-  enabled: true,
-  mode: "protect", // "monitor" | "protect" | "strict"
-  
-  // What to check
-  rules: {
-    // Critical - Always block
-    security: {
-      enabled: true,
-      block: true,
-      checks: ["hardcoded-secrets", "sql-injection", "xss", "eval"]
-    },
-    
-    // Important - Block by default
-    quality: {
-      enabled: true,
-      block: true,
-      checks: ["fake-data", "mock-apis", "todo-in-production", "console-logs"]
-    },
-    
-    // Nice to have - Warn only
-    suggestions: {
-      enabled: true,
-      block: false,
-      checks: ["missing-error-handling", "any-type", "magic-numbers"]
-    }
-  },
-  
-  // Where to apply
-  scope: {
-    include: ["src/**/*", "app/**/*", "pages/**/*", "components/**/*"],
-    exclude: ["**/*.test.*", "**/*.spec.*", "**/test/**", "**/tests/**", "**/__tests__/**"]
-  },
-  
-  // How to notify
-  notifications: {
-    terminal: true,
-    vscode: true,
-    sound: false // Don't be annoying
-  },
-  
-  // Learning settings
-  learning: {
-    enabled: true,
-    autoDismissAfter: 3 // Auto-dismiss after 3 false positives
-  }
-};
-
-const GIT_PRE_COMMIT_HOOK = `#!/bin/sh
-# Vibecheck Firewall - Pre-commit Hook
-# This hook runs automatically before each commit
-
-# Run vibecheck firewall check
-npx vibecheck check --staged
-
-# If vibecheck fails, block the commit
-if [ $? -ne 0 ]; then
-  echo ""
-  echo "\\033[31m✗ Commit blocked by Vibecheck Firewall\\033[0m"
-  echo "\\033[33m  Fix the issues above or use --no-verify to bypass\\033[0m"
-  echo ""
-  exit 1
-fi
-
-exit 0
-`;
-
-const VSCODE_SETTINGS = {
-  "vibecheck.enabled": true,
-  "vibecheck.firewallMode": "protect",
-  "vibecheck.showInlineWarnings": true,
-  "vibecheck.autoFix": false
-};
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// ONE-CLICK FIREWALL
-// ═══════════════════════════════════════════════════════════════════════════════
-
-class OneClickFirewall {
-  constructor(options = {}) {
-    this.options = {
-      mode: options.mode || "protect",
-      skipGitHooks: options.skipGitHooks || false,
-      skipVscode: options.skipVscode || false,
-      quiet: options.quiet || false,
-      ...options
-    };
-    
-    this.projectRoot = process.cwd();
-    this.output = new SimpleOutput();
-  }
-
-  async enable() {
-    try {
-      if (!this.options.quiet) {
-        this.showWelcome();
-      }
-
-      // Step 1: Create config directory
-      await this.createConfigDir();
-      
-      // Step 2: Write firewall config
-      await this.writeFirewallConfig();
-      
-      // Step 3: Set up git hooks
-      if (!this.options.skipGitHooks) {
-        await this.setupGitHooks();
-      }
-      
-      // Step 4: Set up VS Code
-      if (!this.options.skipVscode) {
-        await this.setupVscode();
-      }
-      
-      // Step 5: Create initial truthpack
-      await this.createTruthpack();
-      
-      // Done!
-      this.showSuccess();
-      
-      return { success: true };
-
-    } catch (error) {
-      this.output.error(`Setup failed: ${error.message}`);
-      return { success: false, error };
-    }
-  }
-
-  showWelcome() {
-    console.clear();
-    console.log("");
-    console.log(`  ${colors.cyan}${colors.bright}${icons.shield} Vibecheck Firewall${colors.reset}`);
-    console.log(`  ${colors.dim}One-click protection for your code${colors.reset}`);
-    console.log("");
-  }
-
-  async createConfigDir() {
-    this.output.step("Creating configuration...");
-    
-    const configDir = path.join(this.projectRoot, ".vibecheck");
-    
-    if (!fs.existsSync(configDir)) {
-      fs.mkdirSync(configDir, { recursive: true });
-    }
-    
-    // Create .gitignore for the config dir
-    const gitignorePath = path.join(configDir, ".gitignore");
-    if (!fs.existsSync(gitignorePath)) {
-      fs.writeFileSync(gitignorePath, `# Vibecheck local files
-learning.json
-.cache/
-*.local.json
-`);
-    }
-    
-    this.output.success("Config directory created");
-  }
-
-  async writeFirewallConfig() {
-    this.output.step("Writing firewall rules...");
-    
-    const configPath = path.join(this.projectRoot, ".vibecheck", "firewall.json");
-    
-    // Customize config based on mode
-    const config = { ...DEFAULT_FIREWALL_CONFIG };
-    config.mode = this.options.mode;
-    
-    if (this.options.mode === "monitor") {
-      // Monitor mode - don't block anything
-      config.rules.security.block = false;
-      config.rules.quality.block = false;
-    } else if (this.options.mode === "strict") {
-      // Strict mode - block everything
-      config.rules.suggestions.block = true;
-    }
-    
-    fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
-    
-    this.output.success("Firewall rules configured");
-  }
-
-  async setupGitHooks() {
-    this.output.step("Setting up Git protection...");
-    
-    // Check if this is a git repo
-    const gitDir = path.join(this.projectRoot, ".git");
-    
-    if (!fs.existsSync(gitDir)) {
-      this.output.warning("Not a Git repository - skipping hooks");
-      return;
-    }
-    
-    const hooksDir = path.join(gitDir, "hooks");
-    
-    if (!fs.existsSync(hooksDir)) {
-      fs.mkdirSync(hooksDir, { recursive: true });
-    }
-    
-    // Write pre-commit hook
-    const preCommitPath = path.join(hooksDir, "pre-commit");
-    
-    // Backup existing hook if present
-    if (fs.existsSync(preCommitPath)) {
-      const existing = fs.readFileSync(preCommitPath, "utf8");
-      if (!existing.includes("vibecheck")) {
-        fs.writeFileSync(preCommitPath + ".backup", existing);
-      }
-    }
-    
-    fs.writeFileSync(preCommitPath, GIT_PRE_COMMIT_HOOK);
-    
-    // Make executable
-    try {
-      fs.chmodSync(preCommitPath, "755");
-    } catch {
-      // Windows doesn't support chmod, but that's OK
-    }
-    
-    this.output.success("Git hooks installed");
-  }
-
-  async setupVscode() {
-    this.output.step("Configuring VS Code...");
-    
-    const vscodeDir = path.join(this.projectRoot, ".vscode");
-    
-    if (!fs.existsSync(vscodeDir)) {
-      fs.mkdirSync(vscodeDir, { recursive: true });
-    }
-    
-    const settingsPath = path.join(vscodeDir, "settings.json");
-    let settings = {};
-    
-    // Read existing settings
-    if (fs.existsSync(settingsPath)) {
-      try {
-        settings = JSON.parse(fs.readFileSync(settingsPath, "utf8"));
-      } catch {
-        settings = {};
-      }
-    }
-    
-    // Merge our settings
-    settings = { ...settings, ...VSCODE_SETTINGS };
-    
-    fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2));
-    
-    // Recommend extension
-    const extensionsPath = path.join(vscodeDir, "extensions.json");
-    let extensions = { recommendations: [] };
-    
-    if (fs.existsSync(extensionsPath)) {
-      try {
-        extensions = JSON.parse(fs.readFileSync(extensionsPath, "utf8"));
-      } catch {
-        extensions = { recommendations: [] };
-      }
-    }
-    
-    if (!extensions.recommendations.includes("vibecheck.vibecheck-ai")) {
-      extensions.recommendations.push("vibecheck.vibecheck-ai");
-      fs.writeFileSync(extensionsPath, JSON.stringify(extensions, null, 2));
-    }
-    
-    this.output.success("VS Code configured");
-  }
-
-  async createTruthpack() {
-    this.output.step("Creating project truthpack...");
-    
-    // Create initial truthpack with basic project info
-    const truthpack = {
-      version: "1.0",
-      generated: new Date().toISOString(),
-      project: {
-        root: this.projectRoot,
-        name: this.getProjectName()
-      },
-      routes: [],
-      envVars: this.detectEnvVars(),
-      auth: this.detectAuthPatterns()
-    };
-    
-    const truthpackPath = path.join(this.projectRoot, ".vibecheck", "truthpack.json");
-    fs.writeFileSync(truthpackPath, JSON.stringify(truthpack, null, 2));
-    
-    this.output.success("Truthpack created");
-  }
-
-  getProjectName() {
-    try {
-      const pkg = JSON.parse(fs.readFileSync(
-        path.join(this.projectRoot, "package.json"), "utf8"
-      ));
-      return pkg.name || path.basename(this.projectRoot);
-    } catch {
-      return path.basename(this.projectRoot);
-    }
-  }
-
-  detectEnvVars() {
-    const envVars = [];
-    const envPath = path.join(this.projectRoot, ".env.example");
-    
-    if (fs.existsSync(envPath)) {
-      const content = fs.readFileSync(envPath, "utf8");
-      const lines = content.split("\n");
-      
-      for (const line of lines) {
-        const match = line.match(/^([A-Z_][A-Z0-9_]*)=/);
-        if (match) {
-          envVars.push(match[1]);
-        }
-      }
-    }
-    
-    return envVars;
-  }
-
-  detectAuthPatterns() {
-    // Basic auth detection
-    return {
-      detected: false,
-      type: null,
-      routes: []
-    };
-  }
-
-  showSuccess() {
-    this.output.blank();
-    console.log(`  ${colors.green}${colors.bright}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${colors.reset}`);
-    console.log(`  ${colors.green}${colors.bright}  ${icons.check} Firewall is now ACTIVE!${colors.reset}`);
-    console.log(`  ${colors.green}${colors.bright}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${colors.reset}`);
-    this.output.blank();
-    
-    console.log(`  ${colors.dim}What's protected:${colors.reset}`);
-    console.log(`    ${colors.green}${icons.check}${colors.reset} Security issues (secrets, injection, XSS)`);
-    console.log(`    ${colors.green}${icons.check}${colors.reset} Quality issues (fake data, console.log)`);
-    console.log(`    ${colors.green}${icons.check}${colors.reset} Git commits (bad code won't be committed)`);
-    this.output.blank();
-    
-    console.log(`  ${colors.dim}How it works:${colors.reset}`);
-    console.log(`    1. Edit code normally`);
-    console.log(`    2. If there's a problem, you'll see a warning`);
-    console.log(`    3. Critical issues block commits automatically`);
-    this.output.blank();
-    
-    const modeText = this.options.mode === "strict" ? "STRICT" :
-                    this.options.mode === "monitor" ? "MONITOR" : "PROTECT";
-    
-    console.log(`  ${colors.cyan}Mode:${colors.reset} ${modeText}`);
-    console.log(`  ${colors.cyan}Config:${colors.reset} .vibecheck/firewall.json`);
-    this.output.blank();
-    
-    console.log(`  ${colors.dim}To change settings, edit .vibecheck/firewall.json${colors.reset}`);
-    console.log(`  ${colors.dim}To disable, run: npx vibecheck protect --off${colors.reset}`);
-    this.output.blank();
-  }
-
-  async disable() {
-    this.output.step("Disabling firewall...");
-    
-    const configPath = path.join(this.projectRoot, ".vibecheck", "firewall.json");
-    
-    if (fs.existsSync(configPath)) {
-      const config = JSON.parse(fs.readFileSync(configPath, "utf8"));
-      config.enabled = false;
-      fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
-    }
-    
-    // Remove git hook
-    const preCommitPath = path.join(this.projectRoot, ".git", "hooks", "pre-commit");
-    if (fs.existsSync(preCommitPath)) {
-      const content = fs.readFileSync(preCommitPath, "utf8");
-      if (content.includes("vibecheck")) {
-        fs.unlinkSync(preCommitPath);
-        
-        // Restore backup if exists
-        const backupPath = preCommitPath + ".backup";
-        if (fs.existsSync(backupPath)) {
-          fs.renameSync(backupPath, preCommitPath);
-        }
-      }
-    }
-    
-    this.output.success("Firewall disabled");
-    this.output.info("Run 'npx vibecheck protect' to enable again");
-  }
-
-  async status() {
-    const configPath = path.join(this.projectRoot, ".vibecheck", "firewall.json");
-    
-    if (!fs.existsSync(configPath)) {
-      console.log("");
-      console.log(`  ${colors.yellow}${icons.warning} Firewall not configured${colors.reset}`);
-      console.log(`  ${colors.dim}Run 'npx vibecheck protect' to enable${colors.reset}`);
-      console.log("");
-      return { enabled: false };
-    }
-    
-    const config = JSON.parse(fs.readFileSync(configPath, "utf8"));
-    
-    console.log("");
-    console.log(`  ${colors.cyan}${icons.shield} Firewall Status${colors.reset}`);
-    console.log(`  ${colors.dim}${"─".repeat(40)}${colors.reset}`);
-    
-    const status = config.enabled ? 
-      `${colors.green}ACTIVE${colors.reset}` : 
-      `${colors.red}DISABLED${colors.reset}`;
-    
-    console.log(`  Status:  ${status}`);
-    console.log(`  Mode:    ${config.mode}`);
-    console.log(`  Config:  .vibecheck/firewall.json`);
-    console.log("");
-    
-    if (config.enabled) {
-      console.log(`  ${colors.dim}Blocking:${colors.reset}`);
-      if (config.rules?.security?.block) console.log(`    ${colors.green}${icons.check}${colors.reset} Security issues`);
-      if (config.rules?.quality?.block) console.log(`    ${colors.green}${icons.check}${colors.reset} Quality issues`);
-      if (config.rules?.suggestions?.block) console.log(`    ${colors.green}${icons.check}${colors.reset} Suggestions`);
-      console.log("");
-    }
-    
-    return { enabled: config.enabled, config };
-  }
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// QUICK CHECK COMMAND (for git hooks)
-// ═══════════════════════════════════════════════════════════════════════════════
-
-async function quickCheck(options = {}) {
-  const output = new SimpleOutput();
-  
-  const configPath = path.join(process.cwd(), ".vibecheck", "firewall.json");
-  
-  if (!fs.existsSync(configPath)) {
-    // No config - allow through
-    return { passed: true };
-  }
-  
-  const config = JSON.parse(fs.readFileSync(configPath, "utf8"));
-  
-  if (!config.enabled) {
-    return { passed: true };
-  }
-
-  // Get staged files if checking staged
-  let filesToCheck = [];
-  
-  if (options.staged) {
-    try {
-      const stdout = execSync("git diff --cached --name-only --diff-filter=ACMR", {
-        encoding: "utf8"
-      });
-      filesToCheck = stdout.trim().split("\n").filter(Boolean);
-    } catch {
-      filesToCheck = [];
-    }
-  }
-
-  if (filesToCheck.length === 0) {
-    return { passed: true };
-  }
-
-  // Quick check the files
-  const issues = [];
-  
-  for (const file of filesToCheck) {
-    // Skip non-JS/TS files
-    if (!/\.(js|jsx|ts|tsx)$/.test(file)) continue;
-    
-    const filePath = path.join(process.cwd(), file);
-    if (!fs.existsSync(filePath)) continue;
-    
-    const content = fs.readFileSync(filePath, "utf8");
-    
-    // Quick pattern checks
-    const patterns = [
-      { name: "console.log", pattern: /console\.log\(/, severity: "warning" },
-      { name: "Hardcoded secret", pattern: /(?:password|secret|api[_-]?key)\s*[:=]\s*['"][^'"]{8,}['"]/i, severity: "critical" },
-      { name: "TODO in code", pattern: /\/\/\s*TODO:/i, severity: "warning" },
-      { name: "Fake data", pattern: /(?:fake|mock|dummy|test)(?:Data|User|Email)/i, severity: "warning" }
-    ];
-    
-    for (const p of patterns) {
-      if (p.pattern.test(content)) {
-        issues.push({
-          file,
-          issue: p.name,
-          severity: p.severity
-        });
-      }
-    }
-  }
-
-  // Report issues
-  const criticalIssues = issues.filter(i => i.severity === "critical");
-  const warnings = issues.filter(i => i.severity === "warning");
-
-  if (issues.length > 0) {
-    console.log("");
-    console.log(`  ${colors.cyan}${icons.shield} Vibecheck Firewall${colors.reset}`);
-    console.log("");
-    
-    for (const issue of issues) {
-      const icon = issue.severity === "critical" ? icons.cross : icons.warning;
-      const color = issue.severity === "critical" ? colors.magenta : colors.yellow;
-      console.log(`  ${color}${icon}${colors.reset} ${issue.issue} in ${issue.file}`);
-    }
-    console.log("");
-  }
-
-  // Block if critical issues and config says to block
-  if (criticalIssues.length > 0 && config.rules?.security?.block) {
-    return { passed: false, issues: criticalIssues };
-  }
-
-  // Block if quality issues and config says to block
-  if (warnings.length > 0 && config.rules?.quality?.block) {
-    return { passed: false, issues: warnings };
-  }
-
-  return { passed: true, issues };
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// EXPORTS
-// ═══════════════════════════════════════════════════════════════════════════════
-
-module.exports = {
-  OneClickFirewall,
-  quickCheck,
-  DEFAULT_FIREWALL_CONFIG
-};