@vibecheckai/cli 3.5.0 → 3.5.2

package/bin/runners/lib/engines/vibecheck-engines/lib/ai-hallucination-engine.js

@@ -1,806 +0,0 @@
-/**
- * AI Hallucination Detection Engine
- * 
- * The ultimate vibe-coder's reality check. Detects patterns that are typical of
- * AI-generated code that "looks good" but doesn't actually work.
- * 
- * Common AI hallucination patterns:
- * - Functions that return hardcoded success without doing anything
- * - API calls to non-existent endpoints
- * - Placeholder implementations that look real
- * - Copy-paste patterns from docs that don't fit the codebase
- * - "Looks like it works" patterns (console.log success without actual logic)
- * - Optimistic error handling (catching errors and doing nothing)
- * 
- * @module ai-hallucination-engine
- */
-
-"use strict";
-
-const { parseAST, getCachedAST } = require("../ast-cache");
-const { shouldSkipFile } = require("../file-filter");
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// HALLUCINATION PATTERNS - What AI tends to generate that doesn't work
-// ═══════════════════════════════════════════════════════════════════════════════
-
-/**
- * Patterns that indicate "looks like implementation but isn't"
- * High confidence = almost certainly AI hallucination
- * Medium confidence = likely hallucination, needs context
- * Low confidence = possible hallucination, review recommended
- */
-const HALLUCINATION_PATTERNS = {
-  // ═══════════════════════════════════════════════════════════════════════════
-  // FAKE SUCCESS PATTERNS - Functions that claim success without doing anything
-  // ═══════════════════════════════════════════════════════════════════════════
-  fakeSuccess: {
-    patterns: [
-      // Return success without any preceding logic
-      {
-        regex: /return\s*{\s*success:\s*true\s*,?\s*(?:message:\s*["'][^"']*["'])?\s*}/,
-        name: "hardcoded-success-object",
-        confidence: 0.85,
-        severity: "BLOCK",
-        message: "Returns success object without performing actual operation",
-      },
-      // Async function that just resolves with success
-      {
-        regex: /async\s+(?:function\s+)?\w+\s*\([^)]*\)\s*{\s*return\s*(?:Promise\.resolve\()?\s*(?:true|{[^}]*success[^}]*})/,
-        name: "async-fake-success",
-        confidence: 0.80,
-        severity: "BLOCK",
-        message: "Async function immediately returns success without async work",
-      },
-      // API handler that just returns 200 without processing
-      {
-        regex: /(?:res|response)\.(?:status\(200\)|json|send)\s*\(\s*{\s*(?:success|ok|status):\s*(?:true|["'](?:ok|success)["'])/,
-        name: "api-fake-success",
-        confidence: 0.75,
-        severity: "WARN",
-        message: "API endpoint returns success without apparent processing",
-      },
-    ],
-  },
-
-  // ═══════════════════════════════════════════════════════════════════════════
-  // OPTIMISTIC ERROR HANDLING - Catches errors and pretends everything is fine
-  // ═══════════════════════════════════════════════════════════════════════════
-  optimisticErrors: {
-    patterns: [
-      // Catch block that returns success anyway
-      {
-        regex: /catch\s*\([^)]*\)\s*{\s*(?:\/\/[^\n]*\n\s*)?return\s*{\s*success:\s*true/,
-        name: "catch-returns-success",
-        confidence: 0.95,
-        severity: "BLOCK",
-        message: "Catches error but returns success anyway - hiding failures",
-      },
-      // Catch block with just console.log (no actual handling)
-      {
-        regex: /catch\s*\(\s*(?:e|err|error|_)\s*\)\s*{\s*console\.(?:log|error)\s*\([^)]+\)\s*;?\s*}/,
-        name: "catch-log-only",
-        confidence: 0.70,
-        severity: "WARN",
-        message: "Error caught and logged but not handled - silent failure",
-      },
-      // Empty catch with comment
-      {
-        regex: /catch\s*\([^)]*\)\s*{\s*\/\/\s*(?:TODO|FIXME|handle|ignore)/i,
-        name: "catch-todo-comment",
-        confidence: 0.90,
-        severity: "BLOCK",
-        message: "Error handling deferred with TODO comment - unhandled errors",
-      },
-    ],
-  },
-
-  // ═══════════════════════════════════════════════════════════════════════════
-  // STUB IMPLEMENTATIONS - Functions that look implemented but aren't
-  // ═══════════════════════════════════════════════════════════════════════════
-  stubImplementations: {
-    patterns: [
-      // Function body is just a comment
-      {
-        regex: /(?:async\s+)?(?:function\s+\w+|\w+\s*=\s*(?:async\s+)?(?:function|\([^)]*\)\s*=>))\s*[^{]*{\s*\/\/[^\n]*\n\s*}/,
-        name: "comment-only-function",
-        confidence: 0.95,
-        severity: "BLOCK",
-        message: "Function contains only a comment - not implemented",
-      },
-      // Function that just throws "not implemented"
-      {
-        regex: /{\s*throw\s+(?:new\s+Error\()?["'](?:not\s+implemented|TODO|NYI|TBD)/i,
-        name: "throws-not-implemented",
-        confidence: 0.90,
-        severity: "BLOCK",
-        message: "Function explicitly throws 'not implemented'",
-      },
-      // Function that returns undefined/null without logic
-      {
-        regex: /(?:async\s+)?(?:function\s+\w+|\w+\s*=\s*(?:async\s+)?(?:function|\([^)]*\)\s*=>))\s*[^{]*{\s*return\s*(?:undefined|null|void\s*0)\s*;?\s*}/,
-        name: "returns-nothing",
-        confidence: 0.85,
-        severity: "WARN",
-        message: "Function returns undefined/null without performing work",
-      },
-    ],
-  },
-
-  // ═══════════════════════════════════════════════════════════════════════════
-  // HALLUCINATED API PATTERNS - API calls that look real but use fake endpoints
-  // ═══════════════════════════════════════════════════════════════════════════
-  hallucinatedAPIs: {
-    patterns: [
-      // Fetch to example/placeholder URLs
-      {
-        regex: /fetch\s*\(\s*["']https?:\/\/(?:example\.com|api\.example|your-api|my-api|placeholder)/i,
-        name: "fetch-example-url",
-        confidence: 0.95,
-        severity: "BLOCK",
-        message: "Fetch call to example/placeholder URL - not real endpoint",
-      },
-      // API URL patterns that look generated
-      {
-        regex: /(?:apiUrl|API_URL|baseUrl|BASE_URL)\s*[=:]\s*["']https?:\/\/(?:localhost|example\.com|your-|my-|api\.)/i,
-        name: "placeholder-api-url",
-        confidence: 0.80,
-        severity: "WARN",
-        message: "API URL appears to be a placeholder",
-      },
-      // GraphQL queries to fake endpoints
-      {
-        regex: /(?:query|mutation)\s+\w+\s*{[^}]*}\s*['"],?\s*["']https?:\/\/(?:example|placeholder|your-)/i,
-        name: "graphql-fake-endpoint",
-        confidence: 0.90,
-        severity: "BLOCK",
-        message: "GraphQL query pointing to placeholder endpoint",
-      },
-    ],
-  },
-
-  // ═══════════════════════════════════════════════════════════════════════════
-  // FAKE DATA PATTERNS - Looks like real data but isn't
-  // ═══════════════════════════════════════════════════════════════════════════
-  fakeData: {
-    patterns: [
-      // Hardcoded UUIDs that look generated
-      {
-        regex: /["'](?:12345678-1234-1234-1234-123456789012|00000000-0000-0000-0000-000000000000|xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)["']/,
-        name: "placeholder-uuid",
-        confidence: 0.95,
-        severity: "BLOCK",
-        message: "Placeholder UUID detected - should be dynamic",
-      },
-      // Demo/test email patterns in non-test files
-      {
-        regex: /["'](?:test@test\.com|user@example\.com|admin@admin\.com|demo@demo\.com)["']/i,
-        name: "placeholder-email",
-        confidence: 0.80,
-        severity: "WARN",
-        message: "Placeholder email in production code",
-      },
-      // Hardcoded API keys that look fake
-      {
-        regex: /(?:api[_-]?key|apiKey|API_KEY)\s*[=:]\s*["'](?:your[-_]?api[-_]?key|xxx+|test[-_]?key|sk[-_]test|pk[-_]test)/i,
-        name: "placeholder-api-key",
-        confidence: 0.90,
-        severity: "BLOCK",
-        message: "Placeholder API key - needs real credentials",
-      },
-    ],
-  },
-
-  // ═══════════════════════════════════════════════════════════════════════════
-  // COPY-PASTE PATTERNS - Code that looks copied from docs/examples
-  // ═══════════════════════════════════════════════════════════════════════════
-  copyPaste: {
-    patterns: [
-      // Comments that look like documentation examples
-      {
-        regex: /\/\/\s*(?:Example|Sample|Demo|Tutorial|From the docs|Copy this)/i,
-        name: "example-comment",
-        confidence: 0.60,
-        severity: "WARN",
-        message: "Code appears to be copied from documentation/example",
-      },
-      // TODO comments with implementation details
-      {
-        regex: /\/\/\s*TODO:\s*(?:implement|add|fix|handle|complete|finish)/i,
-        name: "todo-implement",
-        confidence: 0.85,
-        severity: "BLOCK",
-        message: "TODO comment indicates missing implementation",
-      },
-      // Placeholder function names
-      {
-        regex: /function\s+(?:doSomething|handleIt|processData|myFunction|yourFunction|exampleFunction)\s*\(/i,
-        name: "placeholder-function-name",
-        confidence: 0.75,
-        severity: "WARN",
-        message: "Generic/placeholder function name suggests example code",
-      },
-    ],
-  },
-
-  // ═══════════════════════════════════════════════════════════════════════════
-  // VIBE-CODED PATTERNS - AI-specific generation patterns
-  // ═══════════════════════════════════════════════════════════════════════════
-  vibeCoded: {
-    patterns: [
-      // Console.log that claims success without verification
-      {
-        regex: /console\.log\s*\(\s*["'](?:Success|Done|Completed|Working)[!.]*["']\s*\)/i,
-        name: "optimistic-console-log",
-        confidence: 0.70,
-        severity: "WARN",
-        message: "Console log claims success but may not verify actual result",
-      },
-      // Return statement immediately after function declaration (no logic)
-      {
-        regex: /(?:async\s+)?function\s+\w+\s*\([^)]*\)\s*{\s*return\s+/,
-        name: "immediate-return",
-        confidence: 0.50,
-        severity: "INFO",
-        message: "Function immediately returns - may lack implementation",
-      },
-      // Multiple similar patterns (likely AI batch generation)
-      {
-        regex: /(?:const|let|var)\s+(\w+)1\s*=.*\n.*\1(?:2|_2)\s*=/,
-        name: "sequential-naming",
-        confidence: 0.60,
-        severity: "INFO",
-        message: "Sequential variable naming suggests AI-generated batch code",
-      },
-    ],
-  },
-};
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// AST-BASED DETECTION - More accurate detection using AST analysis
-// ═══════════════════════════════════════════════════════════════════════════════
-
-/**
- * AST-based hallucination patterns for more accurate detection
- */
-const AST_PATTERNS = {
-  /**
-   * Detect empty or near-empty functions
-   */
-  emptyFunctions: (ast, filePath) => {
-    const findings = [];
-    
-    const checkFunction = (node, name) => {
-      if (!node.body) return;
-      
-      const body = node.body.type === "BlockStatement" ? node.body.body : [node.body];
-      
-      // Check for empty body
-      if (body.length === 0) {
-        findings.push({
-          type: "empty-function",
-          name,
-          line: node.loc?.start?.line || 1,
-          confidence: 0.90,
-          severity: "BLOCK",
-          message: `Function '${name}' has empty body - not implemented`,
-        });
-        return;
-      }
-      
-      // Check for body with only comments
-      const nonCommentStatements = body.filter(stmt => 
-        stmt.type !== "EmptyStatement" && 
-        !(stmt.type === "ExpressionStatement" && stmt.expression?.type === "Literal")
-      );
-      
-      // Check for body with only return undefined/null
-      if (body.length === 1 && body[0].type === "ReturnStatement") {
-        const arg = body[0].argument;
-        if (!arg || (arg.type === "Identifier" && arg.name === "undefined") ||
-            (arg.type === "Literal" && arg.value === null)) {
-          findings.push({
-            type: "returns-nothing-function",
-            name,
-            line: node.loc?.start?.line || 1,
-            confidence: 0.85,
-            severity: "WARN",
-            message: `Function '${name}' only returns null/undefined - stub implementation`,
-          });
-        }
-      }
-    };
-    
-    // Walk AST to find functions
-    const walk = (node) => {
-      if (!node || typeof node !== "object") return;
-      
-      if (node.type === "FunctionDeclaration" && node.id) {
-        checkFunction(node, node.id.name);
-      }
-      
-      if (node.type === "FunctionExpression" || node.type === "ArrowFunctionExpression") {
-        // Try to get name from parent
-        const name = node.id?.name || "anonymous";
-        checkFunction(node, name);
-      }
-      
-      // Recurse
-      for (const key of Object.keys(node)) {
-        const child = node[key];
-        if (Array.isArray(child)) {
-          child.forEach(walk);
-        } else if (child && typeof child === "object") {
-          walk(child);
-        }
-      }
-    };
-    
-    if (ast.program) {
-      walk(ast.program);
-    } else {
-      walk(ast);
-    }
-    
-    return findings;
-  },
-  
-  /**
-   * Detect async functions without await
-   */
-  asyncWithoutAwait: (ast, filePath) => {
-    const findings = [];
-    
-    const checkAsyncFunction = (node, name) => {
-      if (!node.async) return;
-      
-      let hasAwait = false;
-      
-      const walkForAwait = (n) => {
-        if (!n || typeof n !== "object") return;
-        if (n.type === "AwaitExpression") {
-          hasAwait = true;
-          return;
-        }
-        // Don't recurse into nested functions
-        if (n.type === "FunctionExpression" || n.type === "ArrowFunctionExpression" ||
-            n.type === "FunctionDeclaration") {
-          return;
-        }
-        for (const key of Object.keys(n)) {
-          const child = n[key];
-          if (Array.isArray(child)) {
-            child.forEach(walkForAwait);
-          } else if (child && typeof child === "object") {
-            walkForAwait(child);
-          }
-        }
-      };
-      
-      walkForAwait(node.body);
-      
-      if (!hasAwait) {
-        findings.push({
-          type: "async-without-await",
-          name,
-          line: node.loc?.start?.line || 1,
-          confidence: 0.75,
-          severity: "WARN",
-          message: `Async function '${name}' never uses await - may be unnecessary`,
-        });
-      }
-    };
-    
-    const walk = (node) => {
-      if (!node || typeof node !== "object") return;
-      
-      if (node.type === "FunctionDeclaration" && node.async && node.id) {
-        checkAsyncFunction(node, node.id.name);
-      }
-      
-      if ((node.type === "FunctionExpression" || node.type === "ArrowFunctionExpression") && node.async) {
-        const name = node.id?.name || "anonymous";
-        checkAsyncFunction(node, name);
-      }
-      
-      for (const key of Object.keys(node)) {
-        const child = node[key];
-        if (Array.isArray(child)) {
-          child.forEach(walk);
-        } else if (child && typeof child === "object") {
-          walk(child);
-        }
-      }
-    };
-    
-    if (ast.program) {
-      walk(ast.program);
-    } else {
-      walk(ast);
-    }
-    
-    return findings;
-  },
-  
-  /**
-   * Detect catch blocks that swallow errors
-   */
-  swallowedErrors: (ast, filePath) => {
-    const findings = [];
-    
-    const walk = (node) => {
-      if (!node || typeof node !== "object") return;
-      
-      if (node.type === "CatchClause") {
-        const body = node.body?.body || [];
-        
-        // Empty catch
-        if (body.length === 0) {
-          findings.push({
-            type: "empty-catch",
-            line: node.loc?.start?.line || 1,
-            confidence: 0.95,
-            severity: "BLOCK",
-            message: "Empty catch block silently swallows errors",
-          });
-        }
-        
-        // Catch with only console.log
-        if (body.length === 1 && body[0].type === "ExpressionStatement") {
-          const expr = body[0].expression;
-          if (expr.type === "CallExpression" && 
-              expr.callee?.object?.name === "console") {
-            findings.push({
-              type: "catch-log-only",
-              line: node.loc?.start?.line || 1,
-              confidence: 0.70,
-              severity: "WARN",
-              message: "Catch block only logs error - doesn't handle or rethrow",
-            });
-          }
-        }
-        
-        // Catch that returns success
-        const lastStmt = body[body.length - 1];
-        if (lastStmt?.type === "ReturnStatement" && lastStmt.argument?.type === "ObjectExpression") {
-          const props = lastStmt.argument.properties || [];
-          const successProp = props.find(p => 
-            p.key?.name === "success" && p.value?.value === true
-          );
-          if (successProp) {
-            findings.push({
-              type: "catch-returns-success",
-              line: node.loc?.start?.line || 1,
-              confidence: 0.95,
-              severity: "BLOCK",
-              message: "Catch block returns success:true - hiding errors from callers",
-            });
-          }
-        }
-      }
-      
-      for (const key of Object.keys(node)) {
-        const child = node[key];
-        if (Array.isArray(child)) {
-          child.forEach(walk);
-        } else if (child && typeof child === "object") {
-          walk(child);
-        }
-      }
-    };
-    
-    if (ast.program) {
-      walk(ast.program);
-    } else {
-      walk(ast);
-    }
-    
-    return findings;
-  },
-};
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// CONTEXT DETECTION - Reduce false positives based on context
-// ═══════════════════════════════════════════════════════════════════════════════
-
-/**
- * Check if file is a test file
- */
-function isTestFile(filePath) {
-  const patterns = [
-    /\.test\.[jt]sx?$/,
-    /\.spec\.[jt]sx?$/,
-    /\/__tests__\//,
-    /\/test\//,
-    /\/tests\//,
-    /\.stories\.[jt]sx?$/,
-    /\.mock\.[jt]sx?$/,
-  ];
-  return patterns.some(p => p.test(filePath));
-}
-
-/**
- * Check if file is a config file
- */
-function isConfigFile(filePath) {
-  const patterns = [
-    /\.config\.[jt]s$/,
-    /config\/.*\.[jt]s$/,
-    /\.env/,
-    /tsconfig/,
-    /package\.json$/,
-  ];
-  return patterns.some(p => p.test(filePath));
-}
-
-/**
- * Check if file is documentation/examples
- */
-function isDocFile(filePath) {
-  const patterns = [
-    /\/examples?\//,
-    /\/docs?\//,
-    /\/demo\//,
-    /README/,
-    /CHANGELOG/,
-    /\.md$/,
-  ];
-  return patterns.some(p => p.test(filePath));
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// MAIN DETECTION FUNCTION
-// ═══════════════════════════════════════════════════════════════════════════════
-
-/**
- * Analyze a file for AI hallucination patterns
- * @param {string} content - File content
- * @param {string} filePath - File path
- * @param {object} options - Analysis options
- * @returns {Array} Array of findings
- */
-function analyzeAIHallucinations(content, filePath, options = {}) {
-  // Skip test files unless explicitly included
-  if (isTestFile(filePath) && !options.includeTests) {
-    return [];
-  }
-  
-  // Skip config and doc files
-  if (isConfigFile(filePath) || isDocFile(filePath)) {
-    return [];
-  }
-  
-  const findings = [];
-  const lines = content.split("\n");
-  let findingId = 0;
-  
-  // Pattern-based detection
-  for (const [category, { patterns }] of Object.entries(HALLUCINATION_PATTERNS)) {
-    for (const pattern of patterns) {
-      for (let i = 0; i < lines.length; i++) {
-        const line = lines[i];
-        const match = line.match(pattern.regex);
-        
-        if (match) {
-          // Context check - look at surrounding lines for false positive indicators
-          const contextBefore = lines.slice(Math.max(0, i - 3), i).join("\n");
-          const contextAfter = lines.slice(i + 1, Math.min(lines.length, i + 4)).join("\n");
-          
-          // Skip if in test context
-          if (/test|spec|mock|stub|fake|__mocks__/i.test(contextBefore + contextAfter)) {
-            continue;
-          }
-          
-          // Skip if there's actual logic around it
-          if (/await|async|fetch|axios|database|db\.|prisma|mongoose/i.test(contextBefore)) {
-            continue;
-          }
-          
-          findings.push({
-            id: `AI-HALL-${String(++findingId).padStart(3, "0")}`,
-            category: "AIHallucination",
-            type: pattern.name,
-            severity: pattern.severity,
-            confidence: pattern.confidence,
-            file: filePath,
-            line: i + 1,
-            column: match.index + 1,
-            evidence: {
-              snippet: line.trim().slice(0, 200),
-              context: `${contextBefore}\n>>> ${line}\n${contextAfter}`.slice(0, 500),
-              pattern: pattern.regex.source,
-            },
-            message: pattern.message,
-            category_detail: category,
-            fixHints: getFixHints(category, pattern.name),
-          });
-        }
-      }
-    }
-  }
-  
-  // AST-based detection for more accuracy
-  if (!options.skipAST) {
-    try {
-      const ast = getCachedAST(filePath, content);
-      
-      if (ast) {
-        for (const [name, detector] of Object.entries(AST_PATTERNS)) {
-          const astFindings = detector(ast, filePath);
-          
-          for (const finding of astFindings) {
-            findings.push({
-              id: `AI-HALL-${String(++findingId).padStart(3, "0")}`,
-              category: "AIHallucination",
-              type: finding.type,
-              severity: finding.severity,
-              confidence: finding.confidence,
-              file: filePath,
-              line: finding.line,
-              evidence: {
-                snippet: lines[finding.line - 1]?.trim().slice(0, 200) || "",
-                context: finding.message,
-              },
-              message: finding.message,
-              category_detail: name,
-              fixHints: getFixHints(name, finding.type),
-              astVerified: true, // Higher confidence - verified by AST
-            });
-          }
-        }
-      }
-    } catch (e) {
-      // AST parsing failed - continue with pattern-based results
-    }
-  }
-  
-  return findings;
-}
-
-/**
- * Get fix hints for a finding
- */
-function getFixHints(category, type) {
-  const hints = {
-    fakeSuccess: [
-      "Implement actual business logic before returning success",
-      "Verify operation completed before returning success response",
-      "Add proper error handling and return appropriate status",
-    ],
-    optimisticErrors: [
-      "Either rethrow the error or handle it properly",
-      "Return an error response instead of success when catching errors",
-      "Log the error AND take appropriate action (retry, fallback, or propagate)",
-    ],
-    stubImplementations: [
-      "Replace TODO/stub with actual implementation",
-      "If not ready, mark the function as deprecated or throw 'Not implemented'",
-      "Remove the function if it's not needed",
-    ],
-    hallucinatedAPIs: [
-      "Replace placeholder URL with actual API endpoint",
-      "Use environment variables for API URLs",
-      "Verify the endpoint exists and is accessible",
-    ],
-    fakeData: [
-      "Replace placeholder data with dynamic/real values",
-      "Use environment variables for sensitive data",
-      "Generate proper UUIDs/IDs dynamically",
-    ],
-    copyPaste: [
-      "Customize the example code for your specific use case",
-      "Remove or implement TODO comments",
-      "Rename generic function names to be descriptive",
-    ],
-    vibeCoded: [
-      "Verify the success claim with actual checks",
-      "Add proper logic before the return statement",
-      "Review AI-generated code for correctness",
-    ],
-  };
-  
-  return hints[category] || [
-    "Review this code for correctness",
-    "Ensure the implementation matches the intent",
-    "Add proper error handling and validation",
-  ];
-}
-
-/**
- * Calculate vibe score for a file based on hallucination findings
- * @param {Array} findings - Findings from analysis
- * @returns {object} Vibe score metrics
- */
-function calculateVibeScore(findings) {
-  if (!findings || findings.length === 0) {
-    return {
-      score: 100,
-      grade: "A",
-      label: "Production Ready",
-      riskLevel: "low",
-      deductions: [],
-    };
-  }
-  
-  let score = 100;
-  const deductions = [];
-  
-  for (const finding of findings) {
-    let deduction = 0;
-    
-    switch (finding.severity) {
-      case "BLOCK":
-        deduction = 15 * finding.confidence;
-        break;
-      case "WARN":
-        deduction = 8 * finding.confidence;
-        break;
-      case "INFO":
-        deduction = 3 * finding.confidence;
-        break;
-    }
-    
-    // AST-verified findings have higher impact
-    if (finding.astVerified) {
-      deduction *= 1.2;
-    }
-    
-    score -= deduction;
-    deductions.push({
-      type: finding.type,
-      deduction: Math.round(deduction * 10) / 10,
-      reason: finding.message,
-    });
-  }
-  
-  score = Math.max(0, Math.round(score));
-  
-  // Calculate grade
-  let grade, label, riskLevel;
-  if (score >= 90) {
-    grade = "A";
-    label = "Production Ready";
-    riskLevel = "low";
-  } else if (score >= 80) {
-    grade = "B";
-    label = "Minor Issues";
-    riskLevel = "low";
-  } else if (score >= 70) {
-    grade = "C";
-    label = "Needs Review";
-    riskLevel = "medium";
-  } else if (score >= 50) {
-    grade = "D";
-    label = "Significant Issues";
-    riskLevel = "high";
-  } else {
-    grade = "F";
-    label = "Not Production Ready";
-    riskLevel = "critical";
-  }
-  
-  return {
-    score,
-    grade,
-    label,
-    riskLevel,
-    deductions,
-    totalFindings: findings.length,
-    blockers: findings.filter(f => f.severity === "BLOCK").length,
-    warnings: findings.filter(f => f.severity === "WARN").length,
-  };
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// EXPORTS
-// ═══════════════════════════════════════════════════════════════════════════════
-
-module.exports = {
-  analyzeAIHallucinations,
-  calculateVibeScore,
-  HALLUCINATION_PATTERNS,
-  AST_PATTERNS,
-  isTestFile,
-  isConfigFile,
-  isDocFile,
-};