@vibecheckai/cli 3.5.0 → 3.5.2

package/bin/runners/lib/engines/vibecheck-engines/lib/smart-fix-engine.js

@@ -1,577 +0,0 @@
-/**
- * Smart Fix Suggestions Engine
- * 
- * AI-powered fix recommendations with confidence scoring.
- * Generates actionable, context-aware fix suggestions for vibecheck findings.
- * 
- * Features:
- * - Context-aware fix generation based on surrounding code
- * - Framework-specific fixes (React, Next.js, Express, etc.)
- * - Confidence scoring for each suggestion
- * - Auto-applicable fixes vs manual review required
- * - Code snippets for common patterns
- * 
- * @module smart-fix-engine
- */
-
-"use strict";
-
-const path = require("path");
-const fs = require("fs");
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// FIX TEMPLATES - Common fix patterns for different issue types
-// ═══════════════════════════════════════════════════════════════════════════════
-
-const FIX_TEMPLATES = {
-  // ═══════════════════════════════════════════════════════════════════════════
-  // FAKE SUCCESS FIXES
-  // ═══════════════════════════════════════════════════════════════════════════
-  "fake-success": {
-    patterns: [
-      {
-        match: /return\s*{\s*success:\s*true\s*}/,
-        replace: `// TODO: Implement actual logic before returning success
-        const result = await performActualOperation();
-        if (!result.ok) {
-          return { success: false, error: result.error };
-        }
-        return { success: true, data: result.data };`,
-        confidence: 0.85,
-        autoApplicable: false,
-        message: "Replace hardcoded success with actual operation result",
-      },
-    ],
-    manualSteps: [
-      "Identify what operation this function should perform",
-      "Implement the actual business logic",
-      "Add error handling for failure cases",
-      "Return success only after verifying the operation completed",
-    ],
-  },
-
-  // ═══════════════════════════════════════════════════════════════════════════
-  // EMPTY CATCH FIXES
-  // ═══════════════════════════════════════════════════════════════════════════
-  "empty-catch": {
-    patterns: [
-      {
-        match: /catch\s*\(\s*(?:e|err|error|_)?\s*\)\s*{\s*}/,
-        replace: `catch (error) {
-          console.error('Operation failed:', error);
-          throw error; // Re-throw to let caller handle
-        }`,
-        confidence: 0.90,
-        autoApplicable: true,
-        message: "Add proper error handling - log and rethrow",
-      },
-      {
-        // Catch with only console.log
-        match: /catch\s*\(\s*(\w+)\s*\)\s*{\s*console\.log\([^)]+\)\s*;?\s*}/,
-        replace: (match, varName) => `catch (${varName}) {
-          console.error('Operation failed:', ${varName});
-          // Choose one:
-          // throw ${varName}; // Re-throw for caller to handle
-          // return { success: false, error: ${varName}.message }; // Return error response
-        }`,
-        confidence: 0.85,
-        autoApplicable: false,
-        message: "Improve error handling beyond just logging",
-      },
-    ],
-    manualSteps: [
-      "Decide how this error should be handled in context",
-      "Either: rethrow the error for upstream handling",
-      "Or: return an error response to the caller",
-      "Or: implement recovery/retry logic if appropriate",
-      "Consider adding error reporting to a monitoring service",
-    ],
-  },
-
-  // ═══════════════════════════════════════════════════════════════════════════
-  // PLACEHOLDER DATA FIXES
-  // ═══════════════════════════════════════════════════════════════════════════
-  "placeholder-data": {
-    patterns: [
-      {
-        // Placeholder UUID
-        match: /["'](?:12345678-1234-1234-1234-123456789012|00000000-0000-0000-0000-000000000000)["']/,
-        replace: `crypto.randomUUID() // Generate real UUID`,
-        confidence: 0.95,
-        autoApplicable: false,
-        message: "Replace placeholder UUID with dynamically generated one",
-      },
-      {
-        // Placeholder email
-        match: /["'](?:test@test\.com|user@example\.com)["']/i,
-        replace: `process.env.USER_EMAIL || throw new Error('USER_EMAIL not set')`,
-        confidence: 0.75,
-        autoApplicable: false,
-        message: "Replace placeholder email with environment variable or actual user data",
-      },
-    ],
-    manualSteps: [
-      "Identify where this data should come from (database, user input, env var)",
-      "Replace the hardcoded value with dynamic data",
-      "Add validation for the data source",
-      "Update tests to use proper test fixtures",
-    ],
-  },
-
-  // ═══════════════════════════════════════════════════════════════════════════
-  // PLACEHOLDER API URL FIXES
-  // ═══════════════════════════════════════════════════════════════════════════
-  "placeholder-api": {
-    patterns: [
-      {
-        match: /fetch\s*\(\s*["']https?:\/\/(?:example\.com|api\.example|your-api|my-api)/i,
-        replace: `fetch(process.env.API_URL + '/endpoint')`,
-        confidence: 0.90,
-        autoApplicable: false,
-        message: "Use environment variable for API URL",
-      },
-    ],
-    manualSteps: [
-      "Add API_URL to your .env file with the real endpoint",
-      "Update all fetch calls to use the environment variable",
-      "Add API_URL to .env.example for documentation",
-      "Verify the endpoint exists and is accessible",
-    ],
-  },
-
-  // ═══════════════════════════════════════════════════════════════════════════
-  // STUB IMPLEMENTATION FIXES
-  // ═══════════════════════════════════════════════════════════════════════════
-  "stub-implementation": {
-    patterns: [
-      {
-        match: /{\s*throw\s+(?:new\s+Error\()?["'](?:not\s+implemented|TODO|NYI)/i,
-        replace: `{
-          // TODO: Implement this function
-          // 1. Validate inputs
-          // 2. Perform the operation
-          // 3. Return the result
-          throw new Error('Not implemented - remove this after implementing');
-        }`,
-        confidence: 0.80,
-        autoApplicable: false,
-        message: "Implement the function logic",
-      },
-    ],
-    manualSteps: [
-      "Review the function signature and docstring to understand what it should do",
-      "Implement the actual business logic",
-      "Add input validation",
-      "Add proper error handling",
-      "Write tests to verify the implementation",
-      "Remove any 'not implemented' throws",
-    ],
-  },
-
-  // ═══════════════════════════════════════════════════════════════════════════
-  // HARDCODED SECRET FIXES
-  // ═══════════════════════════════════════════════════════════════════════════
-  "hardcoded-secret": {
-    patterns: [
-      {
-        match: /(?:api[_-]?key|apiKey|API_KEY)\s*[=:]\s*["']([^"']+)["']/i,
-        replace: `apiKey: process.env.API_KEY || throw new Error('API_KEY not configured')`,
-        confidence: 0.95,
-        autoApplicable: false,
-        message: "Move secret to environment variable",
-      },
-    ],
-    manualSteps: [
-      "Add the secret to your .env file (never commit this)",
-      "Add the variable name (without value) to .env.example",
-      "Update code to read from process.env",
-      "Add validation to ensure the env var is set",
-      "Consider using a secrets manager in production",
-      "IMPORTANT: If this was committed, rotate the secret immediately",
-    ],
-  },
-
-  // ═══════════════════════════════════════════════════════════════════════════
-  // ASYNC WITHOUT AWAIT FIXES
-  // ═══════════════════════════════════════════════════════════════════════════
-  "async-without-await": {
-    patterns: [
-      {
-        match: /async\s+(?:function\s+)?(\w+)\s*\([^)]*\)\s*{/,
-        replace: (match, funcName) => `// If this function doesn't need to be async, remove 'async':
-function ${funcName}(`,
-        confidence: 0.60,
-        autoApplicable: false,
-        message: "Either add await calls or remove async keyword",
-      },
-    ],
-    manualSteps: [
-      "Check if this function actually needs to be async",
-      "If yes: add await for async operations inside",
-      "If no: remove the async keyword to avoid confusion",
-      "Async functions always return Promises - make sure callers expect this",
-    ],
-  },
-
-  // ═══════════════════════════════════════════════════════════════════════════
-  // CONSOLE.LOG IN PRODUCTION FIXES
-  // ═══════════════════════════════════════════════════════════════════════════
-  "console-log": {
-    patterns: [
-      {
-        match: /console\.log\s*\(/,
-        replace: `// Use a proper logger instead:
-logger.debug(`,
-        confidence: 0.70,
-        autoApplicable: false,
-        message: "Replace console.log with proper logger",
-      },
-    ],
-    manualSteps: [
-      "Set up a proper logging library (pino, winston, etc.)",
-      "Replace console.log with logger.debug or logger.info",
-      "Configure log levels for different environments",
-      "Remove or downgrade debug logs before shipping",
-    ],
-  },
-};
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// FRAMEWORK-SPECIFIC FIXES
-// ═══════════════════════════════════════════════════════════════════════════════
-
-const FRAMEWORK_FIXES = {
-  nextjs: {
-    "api-handler-error": {
-      patterns: [
-        {
-          match: /export\s+(?:default\s+)?(?:async\s+)?function\s+handler/,
-          fix: `export default async function handler(req, res) {
-  try {
-    // Your logic here
-    return res.status(200).json({ success: true, data: result });
-  } catch (error) {
-    console.error('API Error:', error);
-    return res.status(500).json({ success: false, error: error.message });
-  }
-}`,
-          message: "Next.js API handler should have try-catch",
-        },
-      ],
-    },
-  },
-  
-  react: {
-    "missing-error-boundary": {
-      patterns: [
-        {
-          message: "Wrap components with ErrorBoundary for better error handling",
-          fix: `import { ErrorBoundary } from 'react-error-boundary';
-
-function ErrorFallback({error}) {
-  return <div role="alert">Something went wrong: {error.message}</div>
-}
-
-// Wrap your component:
-<ErrorBoundary FallbackComponent={ErrorFallback}>
-  <YourComponent />
-</ErrorBoundary>`,
-        },
-      ],
-    },
-  },
-  
-  express: {
-    "missing-error-middleware": {
-      patterns: [
-        {
-          message: "Add error handling middleware",
-          fix: `// Add at the end of your routes:
-app.use((err, req, res, next) => {
-  console.error('Server Error:', err);
-  res.status(err.status || 500).json({
-    success: false,
-    error: process.env.NODE_ENV === 'production' 
-      ? 'Internal server error' 
-      : err.message
-  });
-});`,
-        },
-      ],
-    },
-  },
-};
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// SMART FIX GENERATOR
-// ═══════════════════════════════════════════════════════════════════════════════
-
-/**
- * Generate smart fix suggestions for a finding
- * @param {object} finding - The finding to generate fixes for
- * @param {object} context - Context about the file and project
- * @returns {object} Fix suggestions with confidence
- */
-function generateFixSuggestions(finding, context = {}) {
-  const {
-    fileContent = "",
-    filePath = "",
-    framework = null,
-    projectType = null,
-  } = context;
-  
-  const suggestions = [];
-  
-  // Get template for finding type
-  const findingType = normalizeFindingType(finding.type || finding.category);
-  const template = FIX_TEMPLATES[findingType];
-  
-  if (template) {
-    // Generate pattern-based fixes
-    for (const pattern of template.patterns) {
-      const match = fileContent.match(pattern.match);
-      
-      if (match) {
-        let replacement = pattern.replace;
-        
-        // If replace is a function, call it with match groups
-        if (typeof replacement === "function") {
-          replacement = replacement(match[0], ...match.slice(1));
-        }
-        
-        suggestions.push({
-          type: "code-fix",
-          confidence: pattern.confidence,
-          autoApplicable: pattern.autoApplicable,
-          message: pattern.message,
-          original: match[0],
-          replacement,
-          location: {
-            file: filePath,
-            line: finding.line,
-            matchIndex: match.index,
-          },
-        });
-      }
-    }
-    
-    // Add manual steps
-    if (template.manualSteps) {
-      suggestions.push({
-        type: "manual-steps",
-        confidence: 0.95,
-        autoApplicable: false,
-        message: "Manual fix steps",
-        steps: template.manualSteps,
-      });
-    }
-  }
-  
-  // Add framework-specific fixes
-  if (framework && FRAMEWORK_FIXES[framework]) {
-    const frameworkFixes = FRAMEWORK_FIXES[framework];
-    
-    for (const [fixType, fixData] of Object.entries(frameworkFixes)) {
-      // Check if this fix is relevant
-      if (isFixRelevant(finding, fixType)) {
-        for (const pattern of fixData.patterns) {
-          suggestions.push({
-            type: "framework-fix",
-            framework,
-            confidence: 0.75,
-            autoApplicable: false,
-            message: pattern.message,
-            codeExample: pattern.fix,
-          });
-        }
-      }
-    }
-  }
-  
-  // Add general best practice suggestions
-  suggestions.push(...generateBestPracticeSuggestions(finding, context));
-  
-  // Sort by confidence
-  suggestions.sort((a, b) => b.confidence - a.confidence);
-  
-  return {
-    finding: finding.id || finding.type,
-    fixCount: suggestions.length,
-    hasAutoFix: suggestions.some(s => s.autoApplicable),
-    suggestions: suggestions.slice(0, 5), // Top 5 suggestions
-    priority: calculateFixPriority(finding, suggestions),
-  };
-}
-
-/**
- * Normalize finding type to match template keys
- */
-function normalizeFindingType(type) {
-  const typeMap = {
-    "hardcoded-success-object": "fake-success",
-    "async-fake-success": "fake-success",
-    "api-fake-success": "fake-success",
-    "catch-returns-success": "empty-catch",
-    "catch-log-only": "empty-catch",
-    "catch-todo-comment": "empty-catch",
-    "empty-catch": "empty-catch",
-    "swallowed-errors": "empty-catch",
-    "placeholder-uuid": "placeholder-data",
-    "placeholder-email": "placeholder-data",
-    "fetch-example-url": "placeholder-api",
-    "placeholder-api-url": "placeholder-api",
-    "throws-not-implemented": "stub-implementation",
-    "comment-only-function": "stub-implementation",
-    "placeholder-api-key": "hardcoded-secret",
-    "HardcodedSecret": "hardcoded-secret",
-    "async-without-await": "async-without-await",
-    "ConsoleLog": "console-log",
-  };
-  
-  return typeMap[type] || type?.toLowerCase().replace(/_/g, "-");
-}
-
-/**
- * Check if a framework fix is relevant for a finding
- */
-function isFixRelevant(finding, fixType) {
-  const relevanceMap = {
-    "api-handler-error": ["fake-success", "empty-catch", "FakeSuccess"],
-    "missing-error-boundary": ["empty-catch", "swallowed-errors"],
-    "missing-error-middleware": ["empty-catch", "silent-failure"],
-  };
-  
-  const relevantTypes = relevanceMap[fixType] || [];
-  return relevantTypes.some(t => 
-    finding.type?.includes(t) || finding.category?.includes(t)
-  );
-}
-
-/**
- * Generate best practice suggestions
- */
-function generateBestPracticeSuggestions(finding, context) {
-  const suggestions = [];
-  
-  // Error handling best practices
-  if (finding.category?.includes("Error") || finding.type?.includes("catch")) {
-    suggestions.push({
-      type: "best-practice",
-      confidence: 0.80,
-      autoApplicable: false,
-      message: "Error Handling Best Practices",
-      tips: [
-        "Always handle or rethrow errors - never swallow them",
-        "Use typed error classes for different error types",
-        "Log errors with context (user ID, request ID, etc.)",
-        "Consider using a centralized error handler",
-        "In production, never expose internal error details to users",
-      ],
-    });
-  }
-  
-  // API best practices
-  if (finding.type?.includes("api") || finding.category?.includes("API")) {
-    suggestions.push({
-      type: "best-practice",
-      confidence: 0.80,
-      autoApplicable: false,
-      message: "API Best Practices",
-      tips: [
-        "Always use environment variables for API URLs",
-        "Add timeout and retry logic for external API calls",
-        "Validate API responses before using the data",
-        "Use TypeScript interfaces for API response types",
-        "Add error handling for network failures",
-      ],
-    });
-  }
-  
-  return suggestions;
-}
-
-/**
- * Calculate fix priority
- */
-function calculateFixPriority(finding, suggestions) {
-  let priority = 0;
-  
-  // Higher priority for blockers
-  if (finding.severity === "BLOCK" || finding.severity === "critical") {
-    priority += 30;
-  } else if (finding.severity === "WARN") {
-    priority += 15;
-  }
-  
-  // Higher priority for auto-fixable issues
-  if (suggestions.some(s => s.autoApplicable)) {
-    priority += 20;
-  }
-  
-  // Higher priority for high-confidence fixes
-  const maxConfidence = Math.max(...suggestions.map(s => s.confidence || 0));
-  priority += maxConfidence * 10;
-  
-  // Higher priority for security issues
-  if (finding.category?.includes("Security") || finding.type?.includes("secret")) {
-    priority += 25;
-  }
-  
-  return Math.min(100, priority);
-}
-
-/**
- * Generate fix plan for multiple findings
- * @param {Array} findings - Array of findings
- * @param {object} context - Project context
- * @returns {object} Comprehensive fix plan
- */
-function generateFixPlan(findings, context = {}) {
-  const fixes = findings.map(f => generateFixSuggestions(f, context));
-  
-  // Sort by priority
-  fixes.sort((a, b) => b.priority - a.priority);
-  
-  // Group by fix type
-  const autoFixable = fixes.filter(f => f.hasAutoFix);
-  const manualRequired = fixes.filter(f => !f.hasAutoFix);
-  
-  // Calculate estimated effort
-  const autoFixTime = autoFixable.length * 2; // ~2 min per auto-fix
-  const manualFixTime = manualRequired.reduce((sum, f) => {
-    const severity = findings.find(finding => finding.id === f.finding)?.severity;
-    return sum + (severity === "BLOCK" ? 30 : 15); // 30 min for blockers, 15 for warnings
-  }, 0);
-  
-  return {
-    summary: {
-      totalFindings: findings.length,
-      autoFixable: autoFixable.length,
-      manualRequired: manualRequired.length,
-      estimatedTimeMinutes: autoFixTime + manualFixTime,
-    },
-    prioritized: fixes,
-    autoFixes: autoFixable,
-    manualFixes: manualRequired,
-    recommendations: [
-      autoFixable.length > 0 ? 
-        `Run 'vibecheck fix --auto' to apply ${autoFixable.length} automatic fixes` : null,
-      manualRequired.length > 0 ?
-        `${manualRequired.length} issues require manual review and fixes` : null,
-      fixes.some(f => f.priority > 50) ?
-        "Start with high-priority fixes marked with priority > 50" : null,
-    ].filter(Boolean),
-  };
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// EXPORTS
-// ═══════════════════════════════════════════════════════════════════════════════
-
-module.exports = {
-  generateFixSuggestions,
-  generateFixPlan,
-  FIX_TEMPLATES,
-  FRAMEWORK_FIXES,
-  normalizeFindingType,
-};