@vibecheckai/cli 3.5.0 → 3.5.2

package/bin/runners/lib/engines/false-positive-prevention.js

@@ -1,630 +0,0 @@
-/**
- * False Positive Prevention Engine - Bulletproof Accuracy
- * 
- * This engine prevents false positives through:
- * 
- * 1. AST-BASED GENERATED CODE DETECTION - Not just path patterns
- * 2. FRAMEWORK VERSION AWARENESS - Different rules for different versions
- * 3. VENDORED CODE DETECTION - Third-party code in src/
- * 4. CODEGEN OUTPUT DETECTION - GraphQL, Prisma, etc.
- * 5. CONFIDENCE FEEDBACK TRACKING - Learn from user suppressions
- */
-
-"use strict";
-
-const fs = require("fs");
-const path = require("path");
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// AST-BASED GENERATED CODE DETECTION
-// Detects generated code by comments and patterns, not just file paths
-// ═══════════════════════════════════════════════════════════════════════════════
-
-const GENERATED_CODE_MARKERS = {
-  // Comment-based markers
-  comments: [
-    /@generated/i,
-    /auto-?generated/i,
-    /do not edit/i,
-    /do not modify/i,
-    /this file is generated/i,
-    /automatically generated/i,
-    /machine generated/i,
-    /code generated by/i,
-    /generated by \w+/i,
-    /@auto-generated/i,
-    /eslint-disable-file/i,
-    /prettier-ignore-start/i,
-  ],
-  
-  // Tool-specific markers
-  tools: {
-    prisma: [
-      /prisma generate/i,
-      /PrismaClient/,
-      /@prisma\/client/,
-    ],
-    graphql: [
-      /graphql-codegen/i,
-      /gql\.tada/i,
-      /@graphql-typed-document-node/i,
-      /TypedDocumentNode/,
-    ],
-    openapi: [
-      /openapi-generator/i,
-      /swagger-codegen/i,
-      /orval/i,
-    ],
-    protobuf: [
-      /protoc-gen/i,
-      /google-protobuf/,
-    ],
-    trpc: [
-      /createTRPCProxyClient/,
-      /TRPCClientError/,
-    ],
-  },
-};
-
-// Check first N lines for generated markers
-const HEADER_LINES_TO_CHECK = 30;
-
-function isGeneratedCode(code, filePath = "") {
-  if (!code) return { isGenerated: false, reason: null };
-  
-  const lines = code.split("\n").slice(0, HEADER_LINES_TO_CHECK);
-  const header = lines.join("\n");
-  
-  // Check comment markers
-  for (const pattern of GENERATED_CODE_MARKERS.comments) {
-    if (pattern.test(header)) {
-      return { isGenerated: true, reason: "Generated code marker in comments", pattern: pattern.source };
-    }
-  }
-  
-  // Check tool-specific markers
-  for (const [tool, patterns] of Object.entries(GENERATED_CODE_MARKERS.tools)) {
-    for (const pattern of patterns) {
-      if (pattern.test(header)) {
-        return { isGenerated: true, reason: `Generated by ${tool}`, tool };
-      }
-    }
-  }
-  
-  // Check file path patterns
-  const pathPatterns = [
-    /\/__generated__\//i,
-    /\/generated\//i,
-    /\/codegen\//i,
-    /\.generated\.(ts|js|tsx|jsx)$/i,
-    /\.gen\.(ts|js|tsx|jsx)$/i,
-    /\.g\.(ts|js)$/i,
-  ];
-  
-  for (const pattern of pathPatterns) {
-    if (pattern.test(filePath)) {
-      return { isGenerated: true, reason: "Generated code path pattern", pattern: pattern.source };
-    }
-  }
-  
-  return { isGenerated: false, reason: null };
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// VENDORED CODE DETECTION
-// Detects third-party code copied into src/
-// ═══════════════════════════════════════════════════════════════════════════════
-
-const VENDORED_CODE_MARKERS = [
-  // License headers
-  /MIT License/i,
-  /Apache License/i,
-  /BSD \d-Clause/i,
-  /GNU General Public License/i,
-  /Copyright \(c\) \d{4}/i,
-  /All rights reserved/i,
-  
-  // Common vendored file indicators
-  /vendored?\/|\/vendor\//i,
-  /third[_-]?party/i,
-  /external\//i,
-  
-  // Package metadata
-  /@license/i,
-  /@author [^@]+<[^>]+>/i,
-  /@version \d+\.\d+/i,
-];
-
-const VENDORED_PATH_PATTERNS = [
-  /\/vendor\//i,
-  /\/vendored?\//i,
-  /\/third[_-]?party\//i,
-  /\/external\//i,
-  /\/lib\/external\//i,
-];
-
-function isVendoredCode(code, filePath = "") {
-  if (!code) return { isVendored: false, reason: null };
-  
-  // Check path patterns first (fast)
-  for (const pattern of VENDORED_PATH_PATTERNS) {
-    if (pattern.test(filePath)) {
-      return { isVendored: true, reason: "Vendored path pattern" };
-    }
-  }
-  
-  // Check content markers
-  const header = code.split("\n").slice(0, 20).join("\n");
-  
-  let licenseCount = 0;
-  for (const pattern of VENDORED_CODE_MARKERS) {
-    if (pattern.test(header)) {
-      licenseCount++;
-      // Multiple license markers = likely vendored
-      if (licenseCount >= 2) {
-        return { isVendored: true, reason: "Multiple license/author markers" };
-      }
-    }
-  }
-  
-  return { isVendored: false, reason: null };
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// FRAMEWORK VERSION DETECTION
-// Detects framework versions to apply version-specific rules
-// ═══════════════════════════════════════════════════════════════════════════════
-
-const FRAMEWORK_VERSION_CACHE = new Map();
-
-function parseVersion(versionString) {
-  if (!versionString) return null;
-  
-  const match = versionString.match(/(\d+)\.(\d+)(?:\.(\d+))?/);
-  if (!match) return null;
-  
-  return {
-    major: parseInt(match[1], 10),
-    minor: parseInt(match[2], 10),
-    patch: match[3] ? parseInt(match[3], 10) : 0,
-    raw: versionString,
-  };
-}
-
-function detectFrameworkVersions(projectPath) {
-  const cacheKey = projectPath;
-  if (FRAMEWORK_VERSION_CACHE.has(cacheKey)) {
-    return FRAMEWORK_VERSION_CACHE.get(cacheKey);
-  }
-  
-  const versions = {
-    next: null,
-    react: null,
-    vue: null,
-    svelte: null,
-    express: null,
-    fastify: null,
-    nestjs: null,
-    prisma: null,
-    typescript: null,
-  };
-  
-  try {
-    const packageJsonPath = path.join(projectPath, "package.json");
-    if (fs.existsSync(packageJsonPath)) {
-      const pkg = JSON.parse(fs.readFileSync(packageJsonPath, "utf8"));
-      const deps = { ...pkg.dependencies, ...pkg.devDependencies };
-      
-      // Extract versions
-      if (deps.next) versions.next = parseVersion(deps.next);
-      if (deps.react) versions.react = parseVersion(deps.react);
-      if (deps.vue) versions.vue = parseVersion(deps.vue);
-      if (deps.svelte) versions.svelte = parseVersion(deps.svelte);
-      if (deps.express) versions.express = parseVersion(deps.express);
-      if (deps.fastify) versions.fastify = parseVersion(deps.fastify);
-      if (deps["@nestjs/core"]) versions.nestjs = parseVersion(deps["@nestjs/core"]);
-      if (deps["@prisma/client"]) versions.prisma = parseVersion(deps["@prisma/client"]);
-      if (deps.typescript) versions.typescript = parseVersion(deps.typescript);
-    }
-  } catch {
-    // Ignore errors
-  }
-  
-  FRAMEWORK_VERSION_CACHE.set(cacheKey, versions);
-  return versions;
-}
-
-// Version-specific rule adjustments
-const VERSION_RULES = {
-  next: {
-    // Next.js 13+ has app router with different patterns
-    13: {
-      allowAsyncComponents: true,
-      allowServerOnlyImports: true,
-      requireUseClient: true,
-    },
-    // Next.js 14+ has improved server actions
-    14: {
-      allowServerActions: true,
-      requireFormAction: false, // Server actions can be inline
-    },
-  },
-  react: {
-    // React 18+ has concurrent features
-    18: {
-      allowUseTransition: true,
-      allowUseDeferredValue: true,
-      allowUseId: true,
-    },
-    // React 19+ has use() hook
-    19: {
-      allowUseHook: true,
-      allowPromiseInRender: true,
-    },
-  },
-  typescript: {
-    // TS 5.0+ has new features
-    5: {
-      allowConstTypeParameters: true,
-      allowDecoratorMetadata: true,
-    },
-  },
-};
-
-function getVersionRules(framework, version) {
-  if (!version || !VERSION_RULES[framework]) return {};
-  
-  const rules = {};
-  const frameworkRules = VERSION_RULES[framework];
-  
-  // Apply rules for all versions <= current
-  for (const [minVersion, versionRules] of Object.entries(frameworkRules)) {
-    if (version.major >= parseInt(minVersion, 10)) {
-      Object.assign(rules, versionRules);
-    }
-  }
-  
-  return rules;
-}
-
-function shouldSkipForFrameworkVersion(finding, projectPath) {
-  const versions = detectFrameworkVersions(projectPath);
-  
-  // Next.js specific rules
-  if (versions.next) {
-    const nextRules = getVersionRules("next", versions.next);
-    
-    // Skip async component warnings in Next.js 13+
-    if (nextRules.allowAsyncComponents && finding.type === "async-component") {
-      return { skip: true, reason: "Async components allowed in Next.js 13+" };
-    }
-    
-    // Skip server-only import warnings in Next.js 13+
-    if (nextRules.allowServerOnlyImports && finding.type === "server-only-import") {
-      return { skip: true, reason: "Server-only imports allowed in Next.js 13+ App Router" };
-    }
-  }
-  
-  // React specific rules
-  if (versions.react) {
-    const reactRules = getVersionRules("react", versions.react);
-    
-    // Skip use() hook warnings in React 19+
-    if (reactRules.allowUseHook && finding.type === "unknown-hook" && finding.message?.includes("use(")) {
-      return { skip: true, reason: "use() hook is valid in React 19+" };
-    }
-  }
-  
-  return { skip: false, reason: null };
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// TEST FILE DETECTION (Enhanced)
-// More accurate than just path patterns
-// ═══════════════════════════════════════════════════════════════════════════════
-
-const TEST_FRAMEWORK_IMPORTS = [
-  /from ['"]vitest['"]/,
-  /from ['"]jest['"]/,
-  /from ['"]@testing-library\//,
-  /from ['"]@playwright\//,
-  /from ['"]cypress['"]/,
-  /from ['"]mocha['"]/,
-  /from ['"]chai['"]/,
-  /require\(['"]vitest['"]\)/,
-  /require\(['"]jest['"]\)/,
-];
-
-const TEST_PATTERNS = [
-  /\bdescribe\s*\(/,
-  /\bit\s*\(/,
-  /\btest\s*\(/,
-  /\bexpect\s*\(/,
-  /\bbeforeEach\s*\(/,
-  /\bafterEach\s*\(/,
-  /\bbeforeAll\s*\(/,
-  /\bafterAll\s*\(/,
-];
-
-function isTestFile(code, filePath = "") {
-  // Path-based detection (fast)
-  if (/\.(test|spec)\.(ts|tsx|js|jsx|mjs)$/i.test(filePath)) {
-    return { isTest: true, reason: "Test file extension" };
-  }
-  if (/\/__tests__\/|\/tests?\/|\/e2e\/|\/cypress\//i.test(filePath)) {
-    return { isTest: true, reason: "Test directory" };
-  }
-  
-  if (!code) return { isTest: false, reason: null };
-  
-  // Content-based detection
-  const header = code.slice(0, 2000); // Check first 2000 chars
-  
-  // Check for test framework imports
-  for (const pattern of TEST_FRAMEWORK_IMPORTS) {
-    if (pattern.test(header)) {
-      return { isTest: true, reason: "Test framework import" };
-    }
-  }
-  
-  // Check for test patterns (must have multiple)
-  let testPatternCount = 0;
-  for (const pattern of TEST_PATTERNS) {
-    if (pattern.test(code)) {
-      testPatternCount++;
-      if (testPatternCount >= 2) {
-        return { isTest: true, reason: "Multiple test patterns" };
-      }
-    }
-  }
-  
-  return { isTest: false, reason: null };
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// CONFIDENCE FEEDBACK TRACKING
-// Learn from user suppressions to improve confidence over time
-// ═══════════════════════════════════════════════════════════════════════════════
-
-const FEEDBACK_FILE = ".vibecheck/feedback.json";
-
-function loadFeedback(projectPath) {
-  try {
-    const feedbackPath = path.join(projectPath, FEEDBACK_FILE);
-    if (fs.existsSync(feedbackPath)) {
-      return JSON.parse(fs.readFileSync(feedbackPath, "utf8"));
-    }
-  } catch {
-    // Ignore errors
-  }
-  
-  return {
-    version: 1,
-    suppressions: {},  // rule -> { count, lastSeen }
-    falsePositives: {}, // pattern -> count
-    truePositives: {},  // pattern -> count
-  };
-}
-
-function saveFeedback(projectPath, feedback) {
-  try {
-    const feedbackPath = path.join(projectPath, FEEDBACK_FILE);
-    const dir = path.dirname(feedbackPath);
-    if (!fs.existsSync(dir)) {
-      fs.mkdirSync(dir, { recursive: true });
-    }
-    fs.writeFileSync(feedbackPath, JSON.stringify(feedback, null, 2));
-  } catch {
-    // Ignore errors
-  }
-}
-
-function recordSuppression(projectPath, finding, reason = "user_suppressed") {
-  const feedback = loadFeedback(projectPath);
-  const rule = finding.type || finding.category || "unknown";
-  
-  if (!feedback.suppressions[rule]) {
-    feedback.suppressions[rule] = { count: 0, lastSeen: null };
-  }
-  
-  feedback.suppressions[rule].count++;
-  feedback.suppressions[rule].lastSeen = new Date().toISOString();
-  
-  // Track false positive patterns
-  const message = finding.message || finding.title || "";
-  const pattern = normalizePattern(message);
-  
-  if (reason === "false_positive") {
-    if (!feedback.falsePositives[pattern]) {
-      feedback.falsePositives[pattern] = 0;
-    }
-    feedback.falsePositives[pattern]++;
-  }
-  
-  saveFeedback(projectPath, feedback);
-}
-
-function normalizePattern(message) {
-  return message
-    .toLowerCase()
-    .replace(/[`'"]/g, "")
-    .replace(/\d+/g, "N")
-    .replace(/\s+/g, " ")
-    .trim()
-    .slice(0, 100);
-}
-
-function getConfidenceAdjustment(projectPath, finding) {
-  const feedback = loadFeedback(projectPath);
-  
-  let adjustment = 0;
-  
-  // Reduce confidence for frequently suppressed rules
-  const rule = finding.type || finding.category || "unknown";
-  const suppression = feedback.suppressions[rule];
-  
-  if (suppression) {
-    if (suppression.count >= 10) adjustment -= 0.2;
-    else if (suppression.count >= 5) adjustment -= 0.1;
-    else if (suppression.count >= 2) adjustment -= 0.05;
-  }
-  
-  // Reduce confidence for known false positive patterns
-  const message = finding.message || finding.title || "";
-  const pattern = normalizePattern(message);
-  const fpCount = feedback.falsePositives[pattern] || 0;
-  
-  if (fpCount >= 5) adjustment -= 0.3;
-  else if (fpCount >= 2) adjustment -= 0.15;
-  
-  return adjustment;
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// MAIN FALSE POSITIVE FILTER
-// ═══════════════════════════════════════════════════════════════════════════════
-
-function shouldFilterFinding(finding, code, filePath, projectPath) {
-  const reasons = [];
-  let confidenceAdjustment = 0;
-  
-  // Check generated code
-  const generated = isGeneratedCode(code, filePath);
-  if (generated.isGenerated) {
-    return {
-      filter: true,
-      reason: generated.reason,
-      confidence: 0,
-    };
-  }
-  
-  // Check vendored code
-  const vendored = isVendoredCode(code, filePath);
-  if (vendored.isVendored) {
-    return {
-      filter: true,
-      reason: vendored.reason,
-      confidence: 0,
-    };
-  }
-  
-  // Check test files
-  const test = isTestFile(code, filePath);
-  if (test.isTest) {
-    confidenceAdjustment -= 0.4;
-    reasons.push("Test file");
-  }
-  
-  // Check framework version rules
-  const versionSkip = shouldSkipForFrameworkVersion(finding, projectPath);
-  if (versionSkip.skip) {
-    return {
-      filter: true,
-      reason: versionSkip.reason,
-      confidence: 0,
-    };
-  }
-  
-  // Apply feedback-based adjustment
-  confidenceAdjustment += getConfidenceAdjustment(projectPath, finding);
-  
-  // Calculate final confidence
-  const baseConfidence = finding.confidence || finding.confidenceScore || 0.5;
-  const finalConfidence = Math.max(0, Math.min(1, baseConfidence + confidenceAdjustment));
-  
-  return {
-    filter: false,
-    reasons,
-    confidence: finalConfidence,
-    originalConfidence: baseConfidence,
-    adjustment: confidenceAdjustment,
-  };
-}
-
-function filterFalsePositives(findings, options = {}) {
-  const { projectPath = ".", minConfidence = 0.3 } = options;
-  
-  const filtered = [];
-  const removed = [];
-  
-  for (const finding of findings) {
-    const filePath = finding.file || finding.filePath || "";
-    
-    // Try to get code content (may not be available)
-    let code = finding.codeSnippet || finding.evidence?.[0]?.snippet || "";
-    if (!code && filePath) {
-      try {
-        const fullPath = path.isAbsolute(filePath) ? filePath : path.join(projectPath, filePath);
-        if (fs.existsSync(fullPath)) {
-          code = fs.readFileSync(fullPath, "utf8");
-        }
-      } catch {
-        // Ignore
-      }
-    }
-    
-    const result = shouldFilterFinding(finding, code, filePath, projectPath);
-    
-    if (result.filter) {
-      removed.push({ finding, reason: result.reason });
-      continue;
-    }
-    
-    // Update confidence
-    const updatedFinding = {
-      ...finding,
-      confidence: result.confidence,
-      originalConfidence: result.originalConfidence,
-    };
-    
-    // Filter by final confidence
-    if (result.confidence >= minConfidence) {
-      filtered.push(updatedFinding);
-    } else {
-      removed.push({ finding: updatedFinding, reason: "Low confidence after adjustments" });
-    }
-  }
-  
-  return {
-    findings: filtered,
-    removed,
-    stats: {
-      input: findings.length,
-      output: filtered.length,
-      removed: removed.length,
-    },
-  };
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// EXPORTS
-// ═══════════════════════════════════════════════════════════════════════════════
-
-module.exports = {
-  // Main functions
-  filterFalsePositives,
-  shouldFilterFinding,
-  
-  // Detection functions
-  isGeneratedCode,
-  isVendoredCode,
-  isTestFile,
-  
-  // Framework version functions
-  detectFrameworkVersions,
-  getVersionRules,
-  shouldSkipForFrameworkVersion,
-  
-  // Feedback functions
-  loadFeedback,
-  saveFeedback,
-  recordSuppression,
-  getConfidenceAdjustment,
-  
-  // Constants
-  GENERATED_CODE_MARKERS,
-  VENDORED_CODE_MARKERS,
-  VERSION_RULES,
-  TEST_FRAMEWORK_IMPORTS,
-  TEST_PATTERNS,
-};