@vibecheckai/cli 3.5.0 → 3.5.2

package/bin/runners/lib/engines/vibecheck-engines.js

@@ -1,514 +0,0 @@
-/**
- * Vibecheck Engines - Main Analysis Module
- * 
- * Combines all analysis engines into a unified vibe score calculation.
- * This is the brain behind the `vibecheck vibe` command.
- */
-
-"use strict";
-
-const fs = require("fs");
-const path = require("path");
-
-// Import individual engines with graceful fallbacks
-let emptyCatchEngine, mockDataEngine, hardcodedSecretsEngine, consoleLogsEngine;
-let codeQualityEngine, securityEngine, deadCodeEngine;
-
-try {
-  emptyCatchEngine = require("./empty-catch-engine");
-} catch { emptyCatchEngine = null; }
-
-try {
-  mockDataEngine = require("./mock-data-engine");
-} catch { mockDataEngine = null; }
-
-try {
-  hardcodedSecretsEngine = require("./hardcoded-secrets-engine");
-} catch { hardcodedSecretsEngine = null; }
-
-try {
-  consoleLogsEngine = require("./console-logs-engine");
-} catch { consoleLogsEngine = null; }
-
-try {
-  codeQualityEngine = require("./code-quality-engine");
-} catch { codeQualityEngine = null; }
-
-try {
-  securityEngine = require("./security-vulnerabilities-engine");
-} catch { securityEngine = null; }
-
-try {
-  deadCodeEngine = require("./dead-code-engine");
-} catch { deadCodeEngine = null; }
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// AI HALLUCINATION DETECTION
-// ═══════════════════════════════════════════════════════════════════════════════
-
-/**
- * Patterns that indicate AI-generated code that may not work as expected
- */
-const AI_HALLUCINATION_PATTERNS = [
-  // Fake success returns
-  {
-    pattern: /return\s+{\s*success:\s*true\s*}/g,
-    title: "Fake Success Return",
-    description: "Returns success without doing actual work",
-    severity: "WARN",
-    category: "AIHallucination",
-  },
-  {
-    pattern: /return\s+{\s*ok:\s*true\s*}/g,
-    title: "Fake OK Return",
-    description: "Returns OK without validation",
-    severity: "WARN",
-    category: "AIHallucination",
-  },
-  // Stub implementations
-  {
-    pattern: /TODO|FIXME|HACK|XXX|STUB/gi,
-    title: "Incomplete Implementation",
-    description: "Code contains TODO/FIXME markers indicating unfinished work",
-    severity: "INFO",
-    category: "AIHallucination",
-  },
-  // Placeholder implementations
-  {
-    pattern: /throw\s+new\s+Error\s*\(\s*['"]not\s+implemented['"]\s*\)/gi,
-    title: "Not Implemented",
-    description: "Function throws 'not implemented' error",
-    severity: "BLOCK",
-    category: "AIHallucination",
-  },
-  // Fake data patterns
-  {
-    pattern: /['"]example\.com['"]/gi,
-    title: "Placeholder URL",
-    description: "Using example.com placeholder URL",
-    severity: "WARN",
-    category: "AIHallucination",
-  },
-  {
-    pattern: /['"]test@test\.com['"]/gi,
-    title: "Test Email",
-    description: "Using test email in non-test code",
-    severity: "WARN",
-    category: "AIHallucination",
-  },
-  {
-    pattern: /['"]lorem\s+ipsum['"]/gi,
-    title: "Lorem Ipsum",
-    description: "Placeholder text found in code",
-    severity: "INFO",
-    category: "AIHallucination",
-  },
-  // Mock implementations
-  {
-    pattern: /\/\/\s*mock|\/\/\s*fake|\/\/\s*stub|\/\/\s*placeholder/gi,
-    title: "Marked as Mock",
-    description: "Code is explicitly marked as mock/fake/stub",
-    severity: "WARN",
-    category: "AIHallucination",
-  },
-  // Optimistic error handling
-  {
-    pattern: /catch\s*\([^)]*\)\s*{\s*\/\/\s*ignore|catch\s*\([^)]*\)\s*{\s*}/g,
-    title: "Swallowed Error",
-    description: "Error is caught but ignored",
-    severity: "WARN",
-    category: "AIHallucination",
-  },
-  // Fake database queries
-  {
-    pattern: /return\s+\[\s*{\s*id:\s*1/g,
-    title: "Hardcoded Data",
-    description: "Returns hardcoded array instead of database query",
-    severity: "WARN",
-    category: "AIHallucination",
-  },
-];
-
-/**
- * Analyze code for AI hallucination patterns
- */
-function analyzeAIHallucinations(content, filePath, options = {}) {
-  const findings = [];
-  const lines = content.split('\n');
-  const fileName = path.basename(filePath);
-  
-  // Skip test files unless explicitly included
-  if (!options.includeTests) {
-    if (fileName.includes('.test.') || fileName.includes('.spec.') || 
-        fileName.includes('__tests__') || filePath.includes('/test/') ||
-        filePath.includes('\\test\\')) {
-      return findings;
-    }
-  }
-  
-  for (const patternDef of AI_HALLUCINATION_PATTERNS) {
-    const matches = content.matchAll(patternDef.pattern);
-    
-    for (const match of matches) {
-      const matchIndex = match.index;
-      let lineNumber = 1;
-      let charCount = 0;
-      
-      for (let i = 0; i < lines.length; i++) {
-        charCount += lines[i].length + 1;
-        if (charCount > matchIndex) {
-          lineNumber = i + 1;
-          break;
-        }
-      }
-      
-      findings.push({
-        title: patternDef.title,
-        message: patternDef.description,
-        severity: patternDef.severity,
-        category: patternDef.category,
-        file: filePath,
-        line: lineNumber,
-        evidence: [{
-          file: filePath,
-          lines: `${lineNumber}`,
-          snippet: match[0].substring(0, 50),
-        }],
-        fixHints: getFixHint(patternDef.title),
-      });
-    }
-  }
-  
-  return findings;
-}
-
-function getFixHint(title) {
-  const hints = {
-    "Fake Success Return": ["Implement actual success validation logic"],
-    "Fake OK Return": ["Add proper validation before returning OK"],
-    "Incomplete Implementation": ["Complete the TODO item or remove if not needed"],
-    "Not Implemented": ["Implement the function or remove if not used"],
-    "Placeholder URL": ["Replace with actual production URL"],
-    "Test Email": ["Use environment variable for email configuration"],
-    "Lorem Ipsum": ["Replace with actual content"],
-    "Marked as Mock": ["Replace mock implementation with real code"],
-    "Swallowed Error": ["Handle the error appropriately or log it"],
-    "Hardcoded Data": ["Replace with actual database query"],
-  };
-  return hints[title] || ["Review and fix this issue"];
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// ENGINE WRAPPERS
-// ═══════════════════════════════════════════════════════════════════════════════
-
-function analyzeEmptyCatch(content, filePath) {
-  if (!emptyCatchEngine || !emptyCatchEngine.analyze) return [];
-  try {
-    return emptyCatchEngine.analyze(content, filePath);
-  } catch {
-    return [];
-  }
-}
-
-function analyzeMockData(content, filePath) {
-  if (!mockDataEngine || !mockDataEngine.analyze) return [];
-  try {
-    return mockDataEngine.analyze(content, filePath);
-  } catch {
-    return [];
-  }
-}
-
-function analyzeHardcodedSecrets(content, filePath) {
-  if (!hardcodedSecretsEngine || !hardcodedSecretsEngine.analyze) return [];
-  try {
-    return hardcodedSecretsEngine.analyze(content, filePath);
-  } catch {
-    return [];
-  }
-}
-
-function analyzeConsoleLogs(content, filePath) {
-  if (!consoleLogsEngine || !consoleLogsEngine.analyze) return [];
-  try {
-    return consoleLogsEngine.analyze(content, filePath);
-  } catch {
-    return [];
-  }
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// VIBE SCORE CALCULATION
-// ═══════════════════════════════════════════════════════════════════════════════
-
-/**
- * Calculate comprehensive vibe score from findings
- */
-function calculateVibeScore(findings, meta = {}) {
-  const { filesAnalyzed = 0, linesOfCode = 0 } = meta;
-  
-  // Count by severity
-  const blockers = findings.filter(f => f.severity === 'BLOCK' || f.severity === 'critical').length;
-  const warnings = findings.filter(f => f.severity === 'WARN' || f.severity === 'warning').length;
-  const info = findings.filter(f => f.severity === 'INFO' || f.severity === 'info').length;
-  
-  // Count by category
-  const byCategory = {};
-  for (const f of findings) {
-    const cat = f.category || 'Other';
-    byCategory[cat] = (byCategory[cat] || 0) + 1;
-  }
-  
-  // Calculate base score
-  let score = 100;
-  score -= blockers * 15;
-  score -= warnings * 5;
-  score -= info * 1;
-  score = Math.max(0, Math.min(100, score));
-  
-  // Calculate component scores
-  const components = {
-    implementationCompleteness: calculateComponentScore(findings, ['AIHallucination', 'Incomplete']),
-    errorHandling: calculateComponentScore(findings, ['EmptyCatch', 'SwallowedError']),
-    apiDataIntegrity: calculateComponentScore(findings, ['MockData', 'PlaceholderURL', 'FakeData']),
-    codeQuality: calculateComponentScore(findings, ['ConsoleLog', 'DeadCode', 'CodeQuality']),
-    securityPosture: calculateComponentScore(findings, ['HardcodedSecret', 'Security']),
-  };
-  
-  // Calculate grade
-  let grade, label, emoji;
-  if (score >= 90) {
-    grade = 'A'; label = 'Ship Ready'; emoji = '🚀';
-  } else if (score >= 80) {
-    grade = 'B'; label = 'Almost There'; emoji = '✨';
-  } else if (score >= 70) {
-    grade = 'C'; label = 'Needs Polish'; emoji = '🔧';
-  } else if (score >= 50) {
-    grade = 'D'; label = 'Work Required'; emoji = '⚠️';
-  } else {
-    grade = 'F'; label = 'Not Ready'; emoji = '🚫';
-  }
-  
-  // Calculate risk level
-  let riskLevel;
-  if (blockers === 0 && warnings <= 2) {
-    riskLevel = 'minimal';
-  } else if (blockers <= 1 && warnings <= 5) {
-    riskLevel = 'low';
-  } else if (blockers <= 3 && warnings <= 10) {
-    riskLevel = 'medium';
-  } else if (blockers <= 5) {
-    riskLevel = 'high';
-  } else {
-    riskLevel = 'critical';
-  }
-  
-  // Generate insights
-  const insights = generateInsights(findings, byCategory, score);
-  
-  // Calculate risk metrics
-  const risk = calculateRiskMetrics(findings, filesAnalyzed, linesOfCode);
-  
-  return {
-    score,
-    grade,
-    label,
-    emoji,
-    riskLevel,
-    components,
-    insights,
-    risk,
-    summary: {
-      blockers,
-      warnings,
-      info,
-      total: findings.length,
-    },
-    findings,
-    meta: {
-      filesAnalyzed,
-      linesOfCode,
-      analyzedAt: new Date().toISOString(),
-    },
-  };
-}
-
-function calculateComponentScore(findings, categories) {
-  const relevant = findings.filter(f => categories.some(c => 
-    (f.category || '').toLowerCase().includes(c.toLowerCase())
-  ));
-  
-  const blockers = relevant.filter(f => f.severity === 'BLOCK').length;
-  const warnings = relevant.filter(f => f.severity === 'WARN').length;
-  
-  let score = 100;
-  score -= blockers * 20;
-  score -= warnings * 8;
-  score = Math.max(0, Math.min(100, score));
-  
-  let status;
-  if (score >= 90) status = 'excellent';
-  else if (score >= 70) status = 'good';
-  else if (score >= 50) status = 'needs-work';
-  else status = 'critical';
-  
-  return {
-    score,
-    status,
-    issueCount: relevant.length,
-  };
-}
-
-function generateInsights(findings, byCategory, score) {
-  const insights = [];
-  
-  // Category-based insights
-  if (byCategory.AIHallucination > 0) {
-    insights.push({
-      type: 'pattern',
-      title: 'AI Hallucination Patterns Detected',
-      message: `Found ${byCategory.AIHallucination} potential AI-generated code issues`,
-      action: 'Review code marked as fake/mock/stub and implement real logic',
-    });
-  }
-  
-  if (byCategory.EmptyCatch > 0) {
-    insights.push({
-      type: 'critical',
-      title: 'Silent Error Handling',
-      message: `${byCategory.EmptyCatch} errors are being silently swallowed`,
-      action: 'Add proper error logging or handling to catch blocks',
-    });
-  }
-  
-  if (byCategory.HardcodedSecret > 0) {
-    insights.push({
-      type: 'critical',
-      title: 'Security Risk: Hardcoded Secrets',
-      message: `Found ${byCategory.HardcodedSecret} hardcoded credentials`,
-      action: 'Move secrets to environment variables immediately',
-    });
-  }
-  
-  if (byCategory.MockData > 0) {
-    insights.push({
-      type: 'pattern',
-      title: 'Mock Data in Production Code',
-      message: `Found ${byCategory.MockData} mock data patterns`,
-      action: 'Replace mock data with real API calls or database queries',
-    });
-  }
-  
-  if (score >= 90) {
-    insights.push({
-      type: 'positive',
-      title: 'Excellent Code Quality',
-      message: 'Your codebase shows strong production readiness',
-      action: 'Run vibecheck ship to generate your ship badge',
-    });
-  }
-  
-  return insights;
-}
-
-function calculateRiskMetrics(findings, filesAnalyzed, linesOfCode) {
-  const blockers = findings.filter(f => f.severity === 'BLOCK').length;
-  const securityIssues = findings.filter(f => 
-    (f.category || '').toLowerCase().includes('secret') ||
-    (f.category || '').toLowerCase().includes('security')
-  ).length;
-  
-  // Technical debt hours (rough estimate)
-  let debtHours = 0;
-  for (const f of findings) {
-    if (f.severity === 'BLOCK') debtHours += 2;
-    else if (f.severity === 'WARN') debtHours += 0.5;
-    else debtHours += 0.1;
-  }
-  debtHours = Math.round(debtHours * 10) / 10;
-  
-  let technicalDebtLabel;
-  if (debtHours < 4) technicalDebtLabel = 'low';
-  else if (debtHours < 16) technicalDebtLabel = 'medium';
-  else technicalDebtLabel = 'high';
-  
-  // Security risk
-  let securityRiskLevel;
-  if (securityIssues === 0) securityRiskLevel = 'normal';
-  else if (securityIssues <= 2) securityRiskLevel = 'elevated';
-  else securityRiskLevel = 'critical';
-  
-  // Reliability risk
-  const errorHandlingIssues = findings.filter(f =>
-    (f.category || '').toLowerCase().includes('catch') ||
-    (f.category || '').toLowerCase().includes('error')
-  ).length;
-  
-  let reliabilityRiskLevel;
-  if (errorHandlingIssues === 0) reliabilityRiskLevel = 'low';
-  else if (errorHandlingIssues <= 3) reliabilityRiskLevel = 'medium';
-  else reliabilityRiskLevel = 'high';
-  
-  // Deployment risk
-  let deploymentRisk;
-  if (blockers === 0 && securityIssues === 0) deploymentRisk = 'acceptable';
-  else if (blockers <= 2 && securityIssues <= 1) deploymentRisk = 'medium-risk';
-  else deploymentRisk = 'high-risk';
-  
-  return {
-    technicalDebtHours: debtHours,
-    technicalDebtLabel,
-    securityRiskLevel,
-    reliabilityRiskLevel,
-    deploymentRisk,
-  };
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// JSON REPORT GENERATOR
-// ═══════════════════════════════════════════════════════════════════════════════
-
-function generateVibeReportJSON(vibeScore) {
-  return {
-    vibeScore: {
-      score: vibeScore.score,
-      grade: vibeScore.grade,
-      label: vibeScore.label,
-      riskLevel: vibeScore.riskLevel,
-    },
-    components: vibeScore.components,
-    insights: vibeScore.insights,
-    risk: vibeScore.risk,
-    summary: vibeScore.summary,
-    findings: vibeScore.findings.map(f => ({
-      title: f.title,
-      message: f.message,
-      severity: f.severity,
-      category: f.category,
-      file: f.file,
-      line: f.line,
-    })),
-    meta: vibeScore.meta,
-  };
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// EXPORTS
-// ═══════════════════════════════════════════════════════════════════════════════
-
-module.exports = {
-  // Main analysis functions
-  analyzeAIHallucinations,
-  analyzeEmptyCatch,
-  analyzeMockData,
-  analyzeHardcodedSecrets,
-  analyzeConsoleLogs,
-  
-  // Score calculation
-  calculateVibeScore,
-  generateVibeReportJSON,
-  
-  // Utilities
-  AI_HALLUCINATION_PATTERNS,
-};