@vibecheckai/cli 3.7.0 → 3.8.0

package/bin/runners/lib/agent-firewall/integration/ship-gate.js

@@ -0,0 +1,437 @@
+/**
+ * Ship Gate - Enforcement integration for ship/packs/seal/CI
+ * 
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * AGENT FIREWALL™ - SHIP GATE
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * 
+ * This module provides the integration layer between the Agent Firewall
+ * enforcement system and shipping commands (ship, packs, seal, CI).
+ * 
+ * SHIP CANNOT PROCEED unless:
+ * 1. A valid PASS verdict exists
+ * 2. The verdict is recent (not stale)
+ * 3. The verdict hash is verified
+ * 4. Reality proofs are satisfied (if required)
+ * 
+ * @module integration/ship-gate
+ * @version 1.0.0
+ */
+
+"use strict";
+
+const path = require("path");
+const fs = require("fs");
+const crypto = require("crypto");
+
+const { createGateway, MODE, VERDICT } = require("../enforcement/gateway");
+const { IntentStore } = require("../intent/store");
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// CONSTANTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+const SHIP_GATE_STATUS = {
+  CLEAR: "CLEAR",           // Can ship
+  BLOCKED: "BLOCKED",       // Cannot ship - violations
+  NO_VERDICT: "NO_VERDICT", // Cannot ship - no enforcement run
+  STALE_VERDICT: "STALE_VERDICT", // Cannot ship - verdict too old
+  TAMPERED: "TAMPERED",     // Cannot ship - verdict integrity failed
+  NO_INTENT: "NO_INTENT",   // Cannot ship - no intent declared
+  PROOFS_PENDING: "PROOFS_PENDING", // Cannot ship - reality proofs needed
+};
+
+const DEFAULT_VERDICT_MAX_AGE_MS = 30 * 60 * 1000; // 30 minutes
+const STRICT_VERDICT_MAX_AGE_MS = 5 * 60 * 1000;   // 5 minutes for CI
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// SHIP GATE
+// ═══════════════════════════════════════════════════════════════════════════════
+
+class ShipGate {
+  constructor(projectRoot, options = {}) {
+    this.projectRoot = projectRoot;
+    this.options = options;
+    this.gateway = createGateway(projectRoot, options);
+    this.intentStore = new IntentStore(projectRoot);
+  }
+  
+  /**
+   * Check if ship is allowed
+   * 
+   * @param {Object} options
+   * @param {boolean} options.strict - Require recent verdict and proofs
+   * @param {boolean} options.requireIntent - Require declared intent
+   * @param {boolean} options.requireProofs - Require reality proofs
+   * @param {number} options.maxVerdictAge - Max age of verdict in ms
+   * @returns {Object} Ship gate result
+   */
+  async checkShipStatus(options = {}) {
+    const strict = options.strict || process.env.CI || false;
+    const requireIntent = options.requireIntent !== false;
+    const requireProofs = options.requireProofs || strict;
+    const maxAge = options.maxVerdictAge || (strict ? STRICT_VERDICT_MAX_AGE_MS : DEFAULT_VERDICT_MAX_AGE_MS);
+    
+    const result = {
+      status: SHIP_GATE_STATUS.CLEAR,
+      canShip: false,
+      message: "",
+      details: {},
+      verdict: null,
+      intent: null,
+      proofs: [],
+      recommendations: [],
+    };
+    
+    // Step 1: Check for declared intent
+    if (requireIntent) {
+      const hasIntent = this.intentStore.hasIntent();
+      const intent = this.intentStore.getCurrent({ allowMissing: true });
+      
+      if (!hasIntent || intent?.summary?.includes("NO INTENT")) {
+        result.status = SHIP_GATE_STATUS.NO_INTENT;
+        result.message = "No intent declared - cannot ship without declared intent";
+        result.recommendations.push("Run: vibecheck intent set -s 'your intent'");
+        return result;
+      }
+      
+      result.intent = intent;
+    }
+    
+    // Step 2: Check for valid verdict
+    const latestVerdict = this._getLatestVerdict();
+    
+    if (!latestVerdict) {
+      result.status = SHIP_GATE_STATUS.NO_VERDICT;
+      result.message = "No enforcement verdict found - run vibecheck shield first";
+      result.recommendations.push("Run: vibecheck shield");
+      return result;
+    }
+    
+    result.verdict = latestVerdict;
+    
+    // Step 3: Verify verdict integrity
+    const integrityCheck = this._verifyVerdictIntegrity(latestVerdict);
+    
+    if (!integrityCheck.valid) {
+      result.status = SHIP_GATE_STATUS.TAMPERED;
+      result.message = `Verdict integrity check failed: ${integrityCheck.reason}`;
+      result.details.integrityCheck = integrityCheck;
+      result.recommendations.push("Re-run: vibecheck shield");
+      return result;
+    }
+    
+    // Step 4: Check verdict age
+    const verdictAge = Date.now() - new Date(latestVerdict.timestamp).getTime();
+    
+    if (verdictAge > maxAge) {
+      result.status = SHIP_GATE_STATUS.STALE_VERDICT;
+      result.message = `Verdict is ${Math.round(verdictAge / 60000)} minutes old (max: ${Math.round(maxAge / 60000)})`;
+      result.details.verdictAge = verdictAge;
+      result.details.maxAge = maxAge;
+      result.recommendations.push("Re-run: vibecheck shield");
+      return result;
+    }
+    
+    // Step 5: Check verdict decision
+    if (latestVerdict.decision === VERDICT.BLOCK) {
+      result.status = SHIP_GATE_STATUS.BLOCKED;
+      result.message = latestVerdict.summary || "Enforcement violations found";
+      result.details.violations = latestVerdict.violations;
+      result.details.fixGuidance = latestVerdict.fix_guidance;
+      
+      // Add fix recommendations
+      for (const fix of latestVerdict.fix_guidance || []) {
+        if (fix.command) {
+          result.recommendations.push(fix.command);
+        }
+      }
+      
+      return result;
+    }
+    
+    // Step 6: Check reality proofs (if required)
+    if (requireProofs && latestVerdict.proofs) {
+      const pendingProofs = latestVerdict.proofs.filter(p => p.status === "pending");
+      const failedProofs = latestVerdict.proofs.filter(p => p.status === "failed");
+      
+      if (failedProofs.length > 0) {
+        result.status = SHIP_GATE_STATUS.BLOCKED;
+        result.message = `${failedProofs.length} reality proof(s) failed`;
+        result.details.failedProofs = failedProofs;
+        result.recommendations.push("Run: vibecheck prove");
+        return result;
+      }
+      
+      if (pendingProofs.length > 0) {
+        result.status = SHIP_GATE_STATUS.PROOFS_PENDING;
+        result.message = `${pendingProofs.length} reality proof(s) pending`;
+        result.details.pendingProofs = pendingProofs;
+        result.recommendations.push("Run: vibecheck prove --all");
+        return result;
+      }
+      
+      result.proofs = latestVerdict.proofs;
+    }
+    
+    // All checks passed
+    result.status = SHIP_GATE_STATUS.CLEAR;
+    result.canShip = true;
+    result.message = "All enforcement checks passed - clear to ship";
+    
+    return result;
+  }
+  
+  /**
+   * Get ship manifest for embedding in releases
+   * 
+   * Creates a signed manifest that proves the code passed enforcement
+   * at ship time. Can be verified later.
+   */
+  async getShipManifest() {
+    const status = await this.checkShipStatus({ strict: true });
+    
+    if (!status.canShip) {
+      return {
+        success: false,
+        error: status.message,
+        status: status.status,
+      };
+    }
+    
+    const manifest = {
+      schema_version: "3.0.0",
+      shipped_at: new Date().toISOString(),
+      project_root: this.projectRoot,
+      intent: {
+        hash: status.intent?.hash,
+        summary: status.intent?.summary,
+      },
+      verdict: {
+        id: status.verdict.id,
+        decision: status.verdict.decision,
+        hash: status.verdict.verdict_hash,
+        timestamp: status.verdict.timestamp,
+        violations_count: status.verdict.violations?.length || 0,
+        proofs_count: status.verdict.proofs?.length || 0,
+      },
+      proofs_verified: status.proofs.filter(p => p.status === "verified").length,
+      chain: status.verdict.chain,
+    };
+    
+    // Sign the manifest
+    manifest.signature = this._signManifest(manifest);
+    
+    return {
+      success: true,
+      manifest,
+    };
+  }
+  
+  /**
+   * Verify a ship manifest
+   */
+  verifyShipManifest(manifest) {
+    if (!manifest || !manifest.signature) {
+      return { valid: false, reason: "MISSING_SIGNATURE" };
+    }
+    
+    // Verify signature
+    const secret = process.env.VIBECHECK_SIGN_KEY || "vibecheck-local-signing-key";
+    const content = JSON.stringify({
+      shipped_at: manifest.shipped_at,
+      intent: manifest.intent,
+      verdict: manifest.verdict,
+      proofs_verified: manifest.proofs_verified,
+      chain: manifest.chain,
+    });
+    
+    const expected = crypto.createHmac("sha256", secret)
+      .update(content)
+      .digest("hex");
+    
+    if (expected !== manifest.signature.value) {
+      return { valid: false, reason: "SIGNATURE_MISMATCH" };
+    }
+    
+    return { valid: true, reason: "VERIFIED" };
+  }
+  
+  /**
+   * Format ship gate status for CLI output
+   */
+  formatStatus(status, options = {}) {
+    const lines = [];
+    const ansi = options.ansi || {};
+    const r = ansi.reset || "";
+    const b = ansi.bold || "";
+    const g = ansi.green || "";
+    const y = ansi.yellow || "";
+    const red = ansi.red || "";
+    const d = ansi.dim || "";
+    
+    // Header
+    lines.push("═══════════════════════════════════════════════════════════════════════════════");
+    lines.push(`${b}AGENT FIREWALL - SHIP GATE${r}`);
+    lines.push("═══════════════════════════════════════════════════════════════════════════════");
+    lines.push("");
+    
+    // Status
+    const statusColor = status.canShip ? g : red;
+    const statusIcon = status.canShip ? "✓" : "✗";
+    
+    lines.push(`${b}Status:${r} ${statusColor}${statusIcon} ${status.status}${r}`);
+    lines.push(`${b}Message:${r} ${status.message}`);
+    lines.push("");
+    
+    // Details
+    if (status.verdict) {
+      lines.push(`${d}Verdict ID:${r} ${status.verdict.id}`);
+      lines.push(`${d}Decision:${r} ${status.verdict.decision}`);
+      lines.push(`${d}Verdict Hash:${r} ${status.verdict.verdict_hash?.substring(0, 16)}...`);
+      lines.push("");
+    }
+    
+    if (status.intent) {
+      lines.push(`${d}Intent:${r} "${status.intent.summary}"`);
+      lines.push(`${d}Intent Hash:${r} ${status.intent.hash?.substring(0, 16)}...`);
+      lines.push("");
+    }
+    
+    // Violations
+    if (status.details?.violations?.length > 0) {
+      lines.push(`${b}Violations (${status.details.violations.length}):${r}`);
+      for (const v of status.details.violations.slice(0, 5)) {
+        lines.push(`  ${red}•${r} [${v.code}] ${v.message}`);
+        if (v.fix_hint) {
+          lines.push(`    ${g}→${r} ${v.fix_hint}`);
+        }
+      }
+      if (status.details.violations.length > 5) {
+        lines.push(`  ${d}... and ${status.details.violations.length - 5} more${r}`);
+      }
+      lines.push("");
+    }
+    
+    // Recommendations
+    if (status.recommendations?.length > 0) {
+      lines.push(`${b}To proceed:${r}`);
+      for (const rec of status.recommendations) {
+        lines.push(`  ${y}→${r} ${rec}`);
+      }
+      lines.push("");
+    }
+    
+    lines.push("═══════════════════════════════════════════════════════════════════════════════");
+    
+    return lines.join("\n");
+  }
+  
+  // ═══════════════════════════════════════════════════════════════════════════
+  // PRIVATE METHODS
+  // ═══════════════════════════════════════════════════════════════════════════
+  
+  _getLatestVerdict() {
+    const latestPath = path.join(this.projectRoot, ".vibecheck", "verdicts", "latest.json");
+    
+    if (fs.existsSync(latestPath)) {
+      try {
+        return JSON.parse(fs.readFileSync(latestPath, "utf-8"));
+      } catch {
+        return null;
+      }
+    }
+    
+    return null;
+  }
+  
+  _verifyVerdictIntegrity(verdict) {
+    if (!verdict || !verdict.verdict_hash) {
+      return { valid: false, reason: "MISSING_HASH" };
+    }
+    
+    const content = JSON.stringify({
+      decision: verdict.decision,
+      mode: verdict.mode,
+      violations: verdict.violations.map(v => ({ code: v.code, resource: v.resource })),
+      proofs: verdict.proofs.map(p => ({ id: p.id, status: p.status })),
+      intent_hash: verdict.intent_hash,
+      timestamp: verdict.timestamp,
+      chain: verdict.chain,
+    });
+    
+    const computed = crypto.createHash("sha256").update(content).digest("hex");
+    
+    if (computed !== verdict.verdict_hash) {
+      return { valid: false, reason: "HASH_MISMATCH", computed, stored: verdict.verdict_hash };
+    }
+    
+    return { valid: true, reason: "VERIFIED" };
+  }
+  
+  _signManifest(manifest) {
+    const secret = process.env.VIBECHECK_SIGN_KEY || "vibecheck-local-signing-key";
+    const content = JSON.stringify({
+      shipped_at: manifest.shipped_at,
+      intent: manifest.intent,
+      verdict: manifest.verdict,
+      proofs_verified: manifest.proofs_verified,
+      chain: manifest.chain,
+    });
+    
+    return {
+      algorithm: "sha256-hmac",
+      value: crypto.createHmac("sha256", secret).update(content).digest("hex"),
+      signed_at: new Date().toISOString(),
+    };
+  }
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// FACTORY FUNCTIONS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Create a ship gate instance
+ */
+function createShipGate(projectRoot, options = {}) {
+  return new ShipGate(projectRoot, options);
+}
+
+/**
+ * Quick check if ship is allowed
+ */
+async function canShip(projectRoot, options = {}) {
+  const gate = createShipGate(projectRoot, options);
+  const status = await gate.checkShipStatus(options);
+  return status.canShip;
+}
+
+/**
+ * Get ship status for CI
+ */
+async function getCIStatus(projectRoot) {
+  const gate = createShipGate(projectRoot, { mode: MODE.CI });
+  const status = await gate.checkShipStatus({ strict: true });
+  
+  return {
+    canShip: status.canShip,
+    exitCode: status.canShip ? 0 : 2,
+    status: status.status,
+    message: status.message,
+    verdictId: status.verdict?.id,
+    violationsCount: status.details?.violations?.length || 0,
+  };
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// EXPORTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+module.exports = {
+  ShipGate,
+  createShipGate,
+  canShip,
+  getCIStatus,
+  SHIP_GATE_STATUS,
+};