@vibecheckai/cli 3.5.0 → 3.5.2

package/bin/runners/lib/engines/vibecheck-engines/lib/vibe-score-engine.js

@@ -1,543 +0,0 @@
-/**
- * Vibe Score Engine
- * 
- * The ultimate metric for vibecoding quality. Aggregates findings from all
- * analysis engines and produces a comprehensive "production readiness" score.
- * 
- * The Vibe Score answers: "How much of this code was vibe-coded vs properly implemented?"
- * 
- * Score Components:
- * - Implementation Completeness (30%) - Are functions actually implemented?
- * - Error Handling Quality (25%) - Are errors properly handled?
- * - API/Data Integrity (20%) - Are API calls real and data valid?
- * - Code Quality (15%) - Standard code quality metrics
- * - Security Posture (10%) - Basic security checks
- * 
- * @module vibe-score-engine
- */
-
-"use strict";
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// SCORE WEIGHTS - How much each category contributes to final score
-// ═══════════════════════════════════════════════════════════════════════════════
-
-const SCORE_WEIGHTS = {
-  implementationCompleteness: 0.30, // Functions actually do what they claim
-  errorHandling: 0.25,              // Errors are properly caught and handled
-  apiDataIntegrity: 0.20,           // API calls are real, data is valid
-  codeQuality: 0.15,                // Standard quality metrics
-  securityPosture: 0.10,            // Basic security checks
-};
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// SEVERITY IMPACT - How much each severity level impacts the score
-// ═══════════════════════════════════════════════════════════════════════════════
-
-const SEVERITY_IMPACT = {
-  BLOCK: 15,      // Critical issues
-  critical: 15,
-  WARN: 8,        // Warnings
-  warning: 8,
-  high: 10,
-  medium: 5,
-  low: 2,
-  INFO: 1,
-  info: 1,
-};
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// CATEGORY MAPPING - Map finding categories to score components
-// ═══════════════════════════════════════════════════════════════════════════════
-
-const CATEGORY_TO_COMPONENT = {
-  // Implementation Completeness
-  AIHallucination: "implementationCompleteness",
-  stubImplementations: "implementationCompleteness",
-  DeadCode: "implementationCompleteness",
-  emptyFunction: "implementationCompleteness",
-  FakeSuccess: "implementationCompleteness",
-  placeholder: "implementationCompleteness",
-  
-  // Error Handling
-  EmptyCatch: "errorHandling",
-  SilentFailure: "errorHandling",
-  optimisticErrors: "errorHandling",
-  swallowedErrors: "errorHandling",
-  empty_async_catch: "errorHandling",
-  
-  // API/Data Integrity
-  FakeDomain: "apiDataIntegrity",
-  FakeResponse: "apiDataIntegrity",
-  MockData: "apiDataIntegrity",
-  hallucinatedAPIs: "apiDataIntegrity",
-  fakeData: "apiDataIntegrity",
-  MissingRoute: "apiDataIntegrity",
-  ContractDrift: "apiDataIntegrity",
-  
-  // Code Quality
-  CodeQuality: "codeQuality",
-  ConsoleLog: "codeQuality",
-  DeprecatedAPI: "codeQuality",
-  TypeAware: "codeQuality",
-  copyPaste: "codeQuality",
-  NamingConventions: "codeQuality",
-  naming_convention: "codeQuality",
-  boolean_naming: "codeQuality",
-  constant_naming: "codeQuality",
-  file_naming: "codeQuality",
-  non_descriptive_name: "codeQuality",
-  
-  // Security
-  HardcodedSecret: "securityPosture",
-  Security: "securityPosture",
-  AuthBypass: "securityPosture",
-  GhostAuth: "securityPosture",
-  UnsafeRegex: "securityPosture",
-  dangerous_default: "securityPosture",
-  exposed_secret: "securityPosture",
-  env_not_gitignored: "securityPosture",
-  insecure_default: "securityPosture",
-  insecure_env_default: "securityPosture",
-  
-  // Async Patterns (affects error handling and implementation)
-  AsyncPatterns: "errorHandling",
-  floating_promise: "errorHandling",
-  await_outside_async: "implementationCompleteness",
-  async_promise_executor: "errorHandling",
-  then_in_async: "codeQuality",
-  await_in_loop: "codeQuality",
-  sequential_await: "codeQuality",
-  
-  // Environment Variables (affects security and configuration)
-  EnvVariable: "securityPosture",
-  EnvSetup: "securityPosture",
-  unvalidated_env_var: "securityPosture",
-  env_type_coercion: "codeQuality",
-  empty_env_var: "codeQuality",
-  missing_env_example: "codeQuality",
-  
-  // React Patterns (affects implementation and code quality)
-  ReactPatterns: "implementationCompleteness",
-  missing_key: "implementationCompleteness",
-  index_as_key: "codeQuality",
-  conditional_hook: "implementationCompleteness",
-  hook_in_loop: "implementationCompleteness",
-  missing_deps_array: "errorHandling",
-  stale_closure: "errorHandling",
-  direct_state_mutation: "implementationCompleteness",
-  mutating_state_array: "implementationCompleteness",
-  props_spreading_dom: "codeQuality",
-  
-  // Database Patterns (affects API integrity and security)
-  DatabasePatterns: "apiDataIntegrity",
-  n_plus_1_query: "apiDataIntegrity",
-  query_in_loop: "apiDataIntegrity",
-  unbounded_query: "apiDataIntegrity",
-  missing_transaction: "apiDataIntegrity",
-  raw_query_interpolation: "securityPosture",
-  db_no_error_handling: "errorHandling",
-  
-  // Import Order (affects code quality)
-  ImportOrder: "codeQuality",
-  import_order: "codeQuality",
-  mixed_imports: "codeQuality",
-  code_between_imports: "codeQuality",
-  side_effect_import: "codeQuality",
-  unused_import: "codeQuality",
-  should_be_type_import: "codeQuality",
-  
-  // Error Handling Engine (complements existing)
-  empty_catch: "errorHandling",
-  untyped_catch: "codeQuality",
-  console_log_in_catch: "errorHandling",
-  rethrow_without_context: "errorHandling",
-  try_without_catch: "errorHandling",
-  generic_error_message: "errorHandling",
-  inconsistent_error_response: "apiDataIntegrity",
-  then_without_catch: "errorHandling",
-};
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// GRADE THRESHOLDS
-// ═══════════════════════════════════════════════════════════════════════════════
-
-const GRADE_THRESHOLDS = {
-  A: { min: 90, label: "Production Ready", emoji: "🚀", riskLevel: "minimal" },
-  B: { min: 80, label: "Minor Polish Needed", emoji: "✅", riskLevel: "low" },
-  C: { min: 70, label: "Review Recommended", emoji: "⚠️", riskLevel: "medium" },
-  D: { min: 50, label: "Significant Issues", emoji: "🔧", riskLevel: "high" },
-  F: { min: 0, label: "Not Ship Ready", emoji: "🛑", riskLevel: "critical" },
-};
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// VIBE SCORE CALCULATOR
-// ═══════════════════════════════════════════════════════════════════════════════
-
-/**
- * Calculate comprehensive vibe score from all findings
- * @param {Array} allFindings - Combined findings from all engines
- * @param {object} options - Calculation options
- * @returns {object} Comprehensive vibe score report
- */
-function calculateVibeScore(allFindings, options = {}) {
-  const {
-    filesAnalyzed = 0,
-    linesOfCode = 0,
-    truthpack = null,
-  } = options;
-  
-  // Initialize component scores (start at 100 for each)
-  const componentScores = {
-    implementationCompleteness: 100,
-    errorHandling: 100,
-    apiDataIntegrity: 100,
-    codeQuality: 100,
-    securityPosture: 100,
-  };
-  
-  // Track deductions per component
-  const componentDeductions = {
-    implementationCompleteness: [],
-    errorHandling: [],
-    apiDataIntegrity: [],
-    codeQuality: [],
-    securityPosture: [],
-  };
-  
-  // Process each finding
-  for (const finding of allFindings) {
-    // Determine which component this finding affects
-    const category = finding.category || finding.type || "Other";
-    const component = CATEGORY_TO_COMPONENT[category] || 
-                      CATEGORY_TO_COMPONENT[finding.category_detail] ||
-                      "codeQuality"; // Default to code quality
-    
-    // Calculate deduction based on severity and confidence
-    const severity = finding.severity || "WARN";
-    const confidence = finding.confidence || 0.8;
-    const baseDeduction = SEVERITY_IMPACT[severity] || 5;
-    const deduction = baseDeduction * confidence;
-    
-    // Apply deduction
-    componentScores[component] = Math.max(0, componentScores[component] - deduction);
-    
-    // Track for reporting
-    componentDeductions[component].push({
-      finding: finding.id || finding.type,
-      severity,
-      confidence,
-      deduction: Math.round(deduction * 10) / 10,
-      message: finding.message || finding.title,
-      file: finding.file,
-      line: finding.line,
-    });
-  }
-  
-  // Calculate weighted final score
-  let finalScore = 0;
-  for (const [component, weight] of Object.entries(SCORE_WEIGHTS)) {
-    finalScore += componentScores[component] * weight;
-  }
-  finalScore = Math.round(finalScore);
-  
-  // Determine grade
-  let grade = "F";
-  let gradeInfo = GRADE_THRESHOLDS.F;
-  for (const [g, info] of Object.entries(GRADE_THRESHOLDS)) {
-    if (finalScore >= info.min) {
-      grade = g;
-      gradeInfo = info;
-      break;
-    }
-  }
-  
-  // Calculate component summaries
-  const componentSummaries = {};
-  for (const [component, score] of Object.entries(componentScores)) {
-    const deductions = componentDeductions[component];
-    componentSummaries[component] = {
-      score: Math.round(score),
-      weight: SCORE_WEIGHTS[component],
-      contribution: Math.round(score * SCORE_WEIGHTS[component]),
-      issueCount: deductions.length,
-      topIssues: deductions
-        .sort((a, b) => b.deduction - a.deduction)
-        .slice(0, 3),
-      status: score >= 90 ? "excellent" : score >= 70 ? "good" : score >= 50 ? "needs-work" : "critical",
-    };
-  }
-  
-  // Generate insights
-  const insights = generateInsights(componentScores, componentDeductions, allFindings);
-  
-  // Calculate risk metrics
-  const riskMetrics = calculateRiskMetrics(allFindings, componentScores);
-  
-  return {
-    // Core score
-    score: finalScore,
-    grade,
-    label: gradeInfo.label,
-    emoji: gradeInfo.emoji,
-    riskLevel: gradeInfo.riskLevel,
-    
-    // Component breakdown
-    components: componentSummaries,
-    
-    // Finding summaries
-    summary: {
-      total: allFindings.length,
-      blockers: allFindings.filter(f => f.severity === "BLOCK" || f.severity === "critical").length,
-      warnings: allFindings.filter(f => f.severity === "WARN" || f.severity === "warning").length,
-      info: allFindings.filter(f => f.severity === "INFO" || f.severity === "info").length,
-    },
-    
-    // Risk metrics
-    risk: riskMetrics,
-    
-    // Actionable insights
-    insights,
-    
-    // Metadata
-    meta: {
-      filesAnalyzed,
-      linesOfCode,
-      calculatedAt: new Date().toISOString(),
-      version: "1.0.0",
-    },
-  };
-}
-
-/**
- * Generate actionable insights from the analysis
- */
-function generateInsights(componentScores, componentDeductions, allFindings) {
-  const insights = [];
-  
-  // Check each component for issues
-  if (componentScores.implementationCompleteness < 70) {
-    insights.push({
-      type: "critical",
-      category: "implementation",
-      title: "Incomplete Implementations Detected",
-      message: "Several functions appear to be stubs or return fake success without doing actual work.",
-      action: "Review functions flagged as 'fake success' or 'stub implementation' and complete them.",
-      impact: "high",
-    });
-  }
-  
-  if (componentScores.errorHandling < 70) {
-    insights.push({
-      type: "critical",
-      category: "reliability",
-      title: "Poor Error Handling",
-      message: "Errors are being silently swallowed or logged without proper handling.",
-      action: "Add proper error handling - either rethrow, return error responses, or implement recovery logic.",
-      impact: "high",
-    });
-  }
-  
-  if (componentScores.apiDataIntegrity < 70) {
-    insights.push({
-      type: "critical",
-      category: "integrity",
-      title: "Fake/Placeholder Data Detected",
-      message: "API calls may be pointing to fake endpoints or using placeholder data.",
-      action: "Replace placeholder URLs and data with real values from environment variables.",
-      impact: "high",
-    });
-  }
-  
-  if (componentScores.securityPosture < 70) {
-    insights.push({
-      type: "critical",
-      category: "security",
-      title: "Security Issues Found",
-      message: "Hardcoded secrets or auth bypasses detected.",
-      action: "Move secrets to environment variables and remove any auth bypass code.",
-      impact: "critical",
-    });
-  }
-  
-  // Check for common patterns
-  const fakeSuccessCount = allFindings.filter(f => 
-    f.type?.includes("fake-success") || f.type?.includes("fakeSuccess")
-  ).length;
-  
-  if (fakeSuccessCount >= 3) {
-    insights.push({
-      type: "pattern",
-      category: "vibe-coding",
-      title: "Vibe Coding Pattern Detected",
-      message: `Found ${fakeSuccessCount} instances of fake success returns - common AI generation pattern.`,
-      action: "These functions need real implementation. Consider using vibecheck fix to generate fixes.",
-      impact: "high",
-    });
-  }
-  
-  // Positive insights
-  if (componentScores.implementationCompleteness >= 90 && componentScores.errorHandling >= 90) {
-    insights.push({
-      type: "positive",
-      category: "quality",
-      title: "Well-Implemented Codebase",
-      message: "Functions are properly implemented with good error handling.",
-      action: "Keep up the good practices!",
-      impact: "positive",
-    });
-  }
-  
-  return insights;
-}
-
-/**
- * Calculate risk metrics
- */
-function calculateRiskMetrics(allFindings, componentScores) {
-  // Calculate technical debt estimate
-  const blockerHours = allFindings.filter(f => f.severity === "BLOCK").length * 2; // ~2 hours per blocker
-  const warningHours = allFindings.filter(f => f.severity === "WARN").length * 0.5; // ~30 min per warning
-  const technicalDebtHours = blockerHours + warningHours;
-  
-  // Categorize risks
-  const securityRisks = allFindings.filter(f => 
-    CATEGORY_TO_COMPONENT[f.category] === "securityPosture"
-  );
-  
-  const reliabilityRisks = allFindings.filter(f =>
-    CATEGORY_TO_COMPONENT[f.category] === "errorHandling"
-  );
-  
-  const integrityRisks = allFindings.filter(f =>
-    CATEGORY_TO_COMPONENT[f.category] === "apiDataIntegrity"
-  );
-  
-  return {
-    technicalDebtHours: Math.round(technicalDebtHours * 10) / 10,
-    technicalDebtLabel: technicalDebtHours > 40 ? "high" : technicalDebtHours > 10 ? "medium" : "low",
-    
-    securityRiskCount: securityRisks.length,
-    securityRiskLevel: securityRisks.some(r => r.severity === "BLOCK") ? "critical" : 
-                       securityRisks.length > 0 ? "elevated" : "normal",
-    
-    reliabilityRiskCount: reliabilityRisks.length,
-    reliabilityRiskLevel: reliabilityRisks.filter(r => r.severity === "BLOCK").length > 3 ? "high" :
-                          reliabilityRisks.length > 5 ? "medium" : "low",
-    
-    integrityRiskCount: integrityRisks.length,
-    integrityRiskLevel: integrityRisks.some(r => r.severity === "BLOCK") ? "high" :
-                        integrityRisks.length > 3 ? "medium" : "low",
-    
-    // Overall deployment risk
-    deploymentRisk: componentScores.securityPosture < 50 ? "do-not-deploy" :
-                    componentScores.implementationCompleteness < 50 ? "high-risk" :
-                    componentScores.errorHandling < 50 ? "medium-risk" : "acceptable",
-  };
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// VIBE REPORT GENERATOR
-// ═══════════════════════════════════════════════════════════════════════════════
-
-/**
- * Generate a human-readable vibe report
- */
-function generateVibeReport(vibeScore) {
-  const lines = [];
-  
-  // Header
-  lines.push(`═══════════════════════════════════════════════════════════════`);
-  lines.push(`                    VIBE SCORE REPORT                          `);
-  lines.push(`═══════════════════════════════════════════════════════════════`);
-  lines.push(``);
-  
-  // Main score
-  lines.push(`  ${vibeScore.emoji} Overall Score: ${vibeScore.score}/100 (Grade: ${vibeScore.grade})`);
-  lines.push(`  ${vibeScore.label}`);
-  lines.push(``);
-  
-  // Component breakdown
-  lines.push(`  COMPONENT BREAKDOWN:`);
-  lines.push(`  ─────────────────────────────────────────────────────────────`);
-  
-  for (const [name, data] of Object.entries(vibeScore.components)) {
-    const status = data.status === "excellent" ? "✅" :
-                   data.status === "good" ? "👍" :
-                   data.status === "needs-work" ? "⚠️" : "🛑";
-    
-    const displayName = name.replace(/([A-Z])/g, " $1").trim();
-    lines.push(`  ${status} ${displayName.padEnd(28)} ${data.score}/100 (${data.issueCount} issues)`);
-  }
-  
-  lines.push(``);
-  
-  // Risk metrics
-  lines.push(`  RISK ASSESSMENT:`);
-  lines.push(`  ─────────────────────────────────────────────────────────────`);
-  lines.push(`  Technical Debt: ~${vibeScore.risk.technicalDebtHours} hours (${vibeScore.risk.technicalDebtLabel})`);
-  lines.push(`  Security Risk:  ${vibeScore.risk.securityRiskLevel}`);
-  lines.push(`  Reliability:    ${vibeScore.risk.reliabilityRiskLevel}`);
-  lines.push(`  Deployment:     ${vibeScore.risk.deploymentRisk}`);
-  lines.push(``);
-  
-  // Insights
-  if (vibeScore.insights.length > 0) {
-    lines.push(`  INSIGHTS:`);
-    lines.push(`  ─────────────────────────────────────────────────────────────`);
-    
-    for (const insight of vibeScore.insights.slice(0, 5)) {
-      const icon = insight.type === "critical" ? "🚨" :
-                   insight.type === "pattern" ? "🔍" :
-                   insight.type === "positive" ? "✨" : "💡";
-      lines.push(`  ${icon} ${insight.title}`);
-      lines.push(`     ${insight.message}`);
-      lines.push(`     → ${insight.action}`);
-      lines.push(``);
-    }
-  }
-  
-  // Summary
-  lines.push(`  SUMMARY:`);
-  lines.push(`  ─────────────────────────────────────────────────────────────`);
-  lines.push(`  ${vibeScore.summary.blockers} blockers | ${vibeScore.summary.warnings} warnings | ${vibeScore.summary.info} info`);
-  lines.push(`  Files analyzed: ${vibeScore.meta.filesAnalyzed || "N/A"}`);
-  lines.push(``);
-  lines.push(`═══════════════════════════════════════════════════════════════`);
-  
-  return lines.join("\n");
-}
-
-/**
- * Generate JSON-compatible vibe report for CI/CD
- */
-function generateVibeReportJSON(vibeScore) {
-  return {
-    vibecheck: {
-      score: vibeScore.score,
-      grade: vibeScore.grade,
-      status: vibeScore.riskLevel,
-      summary: vibeScore.summary,
-    },
-    components: Object.fromEntries(
-      Object.entries(vibeScore.components).map(([k, v]) => [k, v.score])
-    ),
-    risk: vibeScore.risk,
-    insights: vibeScore.insights,
-    meta: vibeScore.meta,
-  };
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// EXPORTS
-// ═══════════════════════════════════════════════════════════════════════════════
-
-module.exports = {
-  calculateVibeScore,
-  generateVibeReport,
-  generateVibeReportJSON,
-  SCORE_WEIGHTS,
-  SEVERITY_IMPACT,
-  CATEGORY_TO_COMPONENT,
-  GRADE_THRESHOLDS,
-};