@vibecheckai/cli 3.7.0 → 3.9.0

package/bin/runners/lib/missions/plan.js

@@ -1,8 +1,24 @@
 // bin/runners/lib/missions/plan.js
 // ═══════════════════════════════════════════════════════════════════════════════
-// MISSION PLANNING - Hardened with confidence scoring and better deduplication
+// MISSION PLANNING V2 - Enhanced with dependency-aware grouping, blast radius
+// analysis, and risk-based batching. "Missions, not chaos."
 // ═══════════════════════════════════════════════════════════════════════════════
 
+const {
+  createMission,
+  calculateBlastRadius,
+  calculateRiskLevel,
+  RISK_LEVEL,
+  BLAST_RADIUS,
+} = require('./schema');
+const { templateForMissionType } = require('./templates');
+const {
+  ValidationError,
+  validateFinding,
+  validateOptions,
+  getAuditTrail,
+} = require('./hardening');
+
 /**
  * Score a finding for priority ordering
  * Enhanced with confidence-based scoring
@@ -131,54 +147,239 @@ const MISSION_PRIORITY = {
 };
 
 /**
- * Create a mission from a finding
+ * Extract files from findings
+ * @param {Array} findings - Findings array
+ * @returns {string[]} Unique file paths
+ */
+function extractFilesFromFindings(findings) {
+  const files = new Set();
+  for (const f of findings) {
+    if (f.file) files.add(f.file);
+    for (const ev of (f.evidence || [])) {
+      if (ev.file) files.add(ev.file);
+      if (ev.path) files.add(ev.path);
+    }
+  }
+  return Array.from(files);
+}
+
+/**
+ * Build a simple import graph from truthpack
+ * @param {object} truthpack - Truthpack object
+ * @returns {Map} Map of file -> imported files
+ */
+function buildImportGraph(truthpack) {
+  const graph = new Map();
+  
+  // Extract imports from truthpack if available
+  const imports = truthpack?.imports || truthpack?.dependencies?.imports || [];
+  for (const imp of imports) {
+    if (imp.from && imp.to) {
+      if (!graph.has(imp.from)) graph.set(imp.from, new Set());
+      graph.get(imp.from).add(imp.to);
+    }
+  }
+  
+  return graph;
+}
+
+/**
+ * Find connected components in file graph
+ * Files that import each other should be grouped together
+ * @param {string[]} files - List of files
+ * @param {Map} importGraph - Import graph
+ * @returns {string[][]} Array of file clusters
+ */
+function findConnectedFileClusters(files, importGraph) {
+  const fileSet = new Set(files);
+  const visited = new Set();
+  const clusters = [];
+  
+  function dfs(file, cluster) {
+    if (visited.has(file)) return;
+    visited.add(file);
+    cluster.push(file);
+    
+    // Check files this one imports
+    const imports = importGraph.get(file) || new Set();
+    for (const imported of imports) {
+      if (fileSet.has(imported)) {
+        dfs(imported, cluster);
+      }
+    }
+    
+    // Check files that import this one
+    for (const [from, toSet] of importGraph) {
+      if (toSet.has(file) && fileSet.has(from)) {
+        dfs(from, cluster);
+      }
+    }
+  }
+  
+  for (const file of files) {
+    if (!visited.has(file)) {
+      const cluster = [];
+      dfs(file, cluster);
+      if (cluster.length > 0) {
+        clusters.push(cluster);
+      }
+    }
+  }
+  
+  return clusters;
+}
+
+/**
+ * Calculate cluster risk score
+ * @param {Array} findings - Findings in cluster
+ * @returns {number} Risk score 0-100
+ */
+function calculateClusterRisk(findings) {
+  let score = 0;
+  
+  for (const f of findings) {
+    // Severity contribution
+    if (f.severity === 'BLOCK') score += 30;
+    else if (f.severity === 'WARN') score += 15;
+    else score += 5;
+    
+    // Confidence inverse (lower confidence = higher risk)
+    const confidence = f.confidence || 0.5;
+    score += Math.round((1 - confidence) * 10);
+  }
+  
+  // Normalize by finding count, cap at 100
+  return Math.min(100, score);
+}
+
+/**
+ * Create a mission from a finding using the new schema
  * Enhanced with confidence and better metadata
  */
-function missionFromFinding(f, relatedFindings = []) {
+function missionFromFinding(f, relatedFindings = [], options = {}) {
   const type = CATEGORY_TO_MISSION_TYPE[f.category] || "GENERIC_FIX";
   const allFindingIds = [f.id, ...relatedFindings.map(r => r.id)];
+  const allFindings = [f, ...relatedFindings];
   
   // Calculate mission confidence based on findings
   const confidences = [f.confidence || 0.5, ...relatedFindings.map(r => r.confidence || 0.5)];
   const avgConfidence = confidences.reduce((a, b) => a + b, 0) / confidences.length;
   
-  return {
-    id: `M_${f.id}`,
+  // Extract all files from findings
+  const allowedFiles = extractFilesFromFindings(allFindings);
+  
+  // Get template for this mission type
+  const template = templateForMissionType(type);
+  
+  // Use the new schema to create a proper mission object
+  return createMission({
     type,
     title: f.title,
     severity: f.severity,
     category: f.category,
-    confidence: avgConfidence,
-    successCriteria: [
-      `Finding ${f.id} no longer appears in ship results`,
-      ...(relatedFindings.length > 0 ? 
-        [`${relatedFindings.length} related finding(s) also resolved`] : []
-      )
-    ],
     targetFindingIds: allFindingIds,
-    findingCount: allFindingIds.length,
-    // Include evidence for the LLM context
+    template,
+    allowedFiles,
+    readOnlyContext: options.readOnlyContext || [],
+    confidence: avgConfidence,
     evidence: f.evidence || [],
     file: f.file || null,
-  };
+  });
 }
 
 /**
  * Group related findings that can be fixed together
  * E.g., multiple Dead UI issues in the same file
+ * Now with dependency-aware clustering
  */
-function groupRelatedFindings(findings) {
+function groupRelatedFindings(findings, options = {}) {
+  const { importGraph = new Map(), maxClusterRisk = 80 } = options;
   const groups = new Map();
   
+  // First pass: group by category
+  const byCategory = new Map();
   for (const f of findings) {
-    // Group key: category + file (if available)
-    const file = f.file || f.evidence?.[0]?.file || 'unknown';
-    const groupKey = `${f.category}:${file}`;
+    const cat = f.category || 'Unknown';
+    if (!byCategory.has(cat)) byCategory.set(cat, []);
+    byCategory.get(cat).push(f);
+  }
+  
+  // Second pass: within each category, cluster by file dependencies
+  for (const [category, catFindings] of byCategory) {
+    const files = extractFilesFromFindings(catFindings);
+    const clusters = findConnectedFileClusters(files, importGraph);
+    
+    // Map files to their cluster index
+    const fileToCluster = new Map();
+    clusters.forEach((cluster, idx) => {
+      for (const file of cluster) {
+        fileToCluster.set(file, idx);
+      }
+    });
     
-    if (!groups.has(groupKey)) {
-      groups.set(groupKey, []);
+    // Group findings by their file's cluster
+    const clusterGroups = new Map();
+    for (const f of catFindings) {
+      const file = f.file || f.evidence?.[0]?.file || f.evidence?.[0]?.path || 'unknown';
+      const clusterIdx = fileToCluster.get(file) ?? -1;
+      const groupKey = `${category}:cluster_${clusterIdx}:${file}`;
+      
+      if (!clusterGroups.has(groupKey)) {
+        clusterGroups.set(groupKey, []);
+      }
+      clusterGroups.get(groupKey).push(f);
+    }
+    
+    // Third pass: split groups that exceed risk threshold
+    for (const [groupKey, groupFindings] of clusterGroups) {
+      const risk = calculateClusterRisk(groupFindings);
+      
+      if (risk > maxClusterRisk && groupFindings.length > 1) {
+        // Split into individual findings for high-risk groups
+        for (let i = 0; i < groupFindings.length; i++) {
+          groups.set(`${groupKey}:split_${i}`, [groupFindings[i]]);
+        }
+      } else {
+        groups.set(groupKey, groupFindings);
+      }
+    }
+  }
+  
+  return groups;
+}
+
+/**
+ * Advanced grouping with blast radius analysis
+ * Groups findings while respecting blast radius limits
+ */
+function groupWithBlastRadiusLimit(findings, options = {}) {
+  const { maxBlastRadius = 5, importGraph = new Map() } = options;
+  const groups = new Map();
+  
+  // Start with basic grouping
+  const basicGroups = groupRelatedFindings(findings, { importGraph });
+  
+  // Check each group's blast radius
+  for (const [key, groupFindings] of basicGroups) {
+    const files = extractFilesFromFindings(groupFindings);
+    
+    if (files.length > maxBlastRadius) {
+      // Split into smaller groups by file
+      const byFile = new Map();
+      for (const f of groupFindings) {
+        const file = f.file || f.evidence?.[0]?.file || 'unknown';
+        if (!byFile.has(file)) byFile.set(file, []);
+        byFile.get(file).push(f);
+      }
+      
+      // Create separate groups for each file
+      let idx = 0;
+      for (const [file, fileFindings] of byFile) {
+        groups.set(`${key}:file_${idx++}`, fileFindings);
+      }
+    } else {
+      groups.set(key, groupFindings);
     }
-    groups.get(groupKey).push(f);
   }
   
   return groups;
@@ -189,11 +390,105 @@ function groupRelatedFindings(findings) {
  * 
  * @param {Array} findings - List of findings from ship/scan
  * @param {Object} options - Planning options
+ * @param {number} [options.maxMissions=12] - Maximum missions to plan
+ * @param {boolean} [options.blocksOnlyFirst=true] - Prioritize BLOCK findings
+ * @param {boolean} [options.groupRelated=true] - Group related findings
+ * @param {object} [options.truthpack] - Truthpack for dependency analysis
+ * @param {number} [options.maxBlastRadius=5] - Maximum files per mission
+ * @param {number} [options.maxClusterRisk=80] - Maximum cluster risk score
+ * @param {number} [options.minConfidence=0] - Minimum confidence threshold
  * @returns {Array} Planned missions
  */
-function planMissions(findings, { maxMissions = 12, blocksOnlyFirst = true, groupRelated = true } = {}) {
+function planMissions(findings, options = {}) {
+  const audit = getAuditTrail();
+  
+  // ═══════════════════════════════════════════════════════════════════════════════
+  // INPUT VALIDATION
+  // ═══════════════════════════════════════════════════════════════════════════════
+  
+  // Handle null/undefined findings
+  if (!findings) {
+    audit.warn('plan_missions_no_findings', { findings });
+    return [];
+  }
+  
+  // Handle non-array findings
+  if (!Array.isArray(findings)) {
+    audit.error('plan_missions_invalid_findings', { type: typeof findings });
+    throw new ValidationError('findings must be an array', 'findings', findings);
+  }
+  
+  // Handle empty findings
+  if (findings.length === 0) {
+    audit.info('plan_missions_empty_findings');
+    return [];
+  }
+  
+  // Validate and sanitize options
+  const optionsSchema = {
+    maxMissions: { type: 'number', default: 12, min: 1, max: 100 },
+    blocksOnlyFirst: { type: 'boolean', default: true },
+    groupRelated: { type: 'boolean', default: true },
+    maxBlastRadius: { type: 'number', default: 5, min: 1, max: 50 },
+    maxClusterRisk: { type: 'number', default: 80, min: 0, max: 100 },
+    minConfidence: { type: 'number', default: 0, min: 0, max: 1 },
+  };
+  
+  const validatedOptions = validateOptions(options, optionsSchema);
+  if (!validatedOptions.valid) {
+    audit.warn('plan_missions_invalid_options', { errors: validatedOptions.errors });
+  }
+  
+  const {
+    maxMissions,
+    blocksOnlyFirst,
+    groupRelated,
+    maxBlastRadius,
+    maxClusterRisk,
+    minConfidence,
+  } = validatedOptions.sanitized;
+  
+  const truthpack = options.truthpack || null;
+  
+  audit.info('plan_missions_start', { 
+    findingCount: findings.length, 
+    maxMissions, 
+    blocksOnlyFirst,
+    groupRelated,
+  });
+
+  // Build import graph from truthpack if available
+  const importGraph = truthpack ? buildImportGraph(truthpack) : new Map();
+
+  // ═══════════════════════════════════════════════════════════════════════════════
+  // FINDING VALIDATION & FILTERING
+  // ═══════════════════════════════════════════════════════════════════════════════
+  
+  // Validate and filter findings
+  const validFindings = [];
+  let invalidCount = 0;
+  
+  for (const f of findings) {
+    const validation = validateFinding(f);
+    if (validation.valid) {
+      validFindings.push(f);
+    } else {
+      invalidCount++;
+      audit.debug('plan_missions_invalid_finding', { id: f?.id, errors: validation.errors });
+    }
+  }
+  
+  if (invalidCount > 0) {
+    audit.warn('plan_missions_invalid_findings_skipped', { invalidCount, validCount: validFindings.length });
+  }
+  
+  if (validFindings.length === 0) {
+    audit.info('plan_missions_no_valid_findings');
+    return [];
+  }
+  
   // Step 1: Sort by score (severity + confidence + evidence)
-  const sorted = [...findings].sort((a, b) => scoreFinding(b) - scoreFinding(a));
+  const sorted = [...validFindings].sort((a, b) => scoreFinding(b) - scoreFinding(a));
 
   // Step 2: Filter to BLOCKs only if we have them (cost control)
   const hasBlocks = sorted.some(f => f.severity === "BLOCK");
@@ -217,43 +512,137 @@ function planMissions(findings, { maxMissions = 12, blocksOnlyFirst = true, grou
     if (f.severity === "WARN" && seenFingerprints.has(nearDupeKey)) continue;
     seenFingerprints.add(nearDupeKey);
     
+    // Filter by minimum confidence if specified
+    const confidence = f.confidence || 0.5;
+    if (confidence < minConfidence) continue;
+    
     deduplicated.push(f);
   }
 
-  // Step 4: Group related findings (optional - reduces noise)
+  // Step 4: Group related findings with enhanced heuristics
   let missions = [];
   
   if (groupRelated) {
-    const groups = groupRelatedFindings(deduplicated);
+    // Use blast radius-aware grouping
+    const groups = groupWithBlastRadiusLimit(deduplicated, {
+      maxBlastRadius,
+      importGraph,
+      maxClusterRisk,
+    });
     
     for (const [groupKey, groupFindings] of groups) {
       // Take the highest severity finding as primary
       const primary = groupFindings[0]; // Already sorted by score
       const related = groupFindings.slice(1, 5); // Limit related findings
       
-      missions.push(missionFromFinding(primary, related));
+      missions.push(missionFromFinding(primary, related, { importGraph }));
     }
   } else {
     missions = deduplicated.map(f => missionFromFinding(f));
   }
 
-  // Step 5: Sort by priority and limit
+  // Step 5: Sort by priority and risk
   missions.sort((a, b) => {
     const prioA = MISSION_PRIORITY[a.type] || 50;
     const prioB = MISSION_PRIORITY[b.type] || 50;
     if (prioA !== prioB) return prioA - prioB;
     
-    // Secondary sort by confidence (higher first)
-    return (b.confidence || 0.5) - (a.confidence || 0.5);
+    // Secondary sort by risk level (lower risk first for safety)
+    const riskOrder = { low: 0, medium: 1, high: 2, critical: 3 };
+    const riskA = riskOrder[a.safety?.riskLevel] ?? 1;
+    const riskB = riskOrder[b.safety?.riskLevel] ?? 1;
+    if (riskA !== riskB) return riskA - riskB;
+    
+    // Tertiary sort by confidence (higher first)
+    return (b.safety?.confidence || 0.5) - (a.safety?.confidence || 0.5);
   });
 
-  return missions.slice(0, maxMissions);
+  const result = missions.slice(0, maxMissions);
+  
+  // Log planning results
+  audit.info('plan_missions_complete', {
+    inputFindings: findings.length,
+    validFindings: validFindings.length,
+    deduplicated: deduplicated.length,
+    missions: result.length,
+    missionTypes: result.map(m => m.type),
+  });
+  
+  return result;
+}
+
+/**
+ * Plan a single mission for a specific finding
+ * @param {object} finding - The finding to create a mission for
+ * @param {object} options - Planning options
+ * @returns {object} Mission object
+ */
+function planSingleMission(finding, options = {}) {
+  return missionFromFinding(finding, [], options);
+}
+
+/**
+ * Get mission statistics
+ * @param {Array} missions - Array of missions
+ * @returns {object} Statistics object
+ */
+function getMissionStats(missions) {
+  const stats = {
+    total: missions.length,
+    byType: {},
+    byRisk: { low: 0, medium: 0, high: 0, critical: 0 },
+    byBlastRadius: { low: 0, medium: 0, high: 0 },
+    totalFindings: 0,
+    avgConfidence: 0,
+  };
+  
+  let totalConfidence = 0;
+  
+  for (const m of missions) {
+    // By type
+    stats.byType[m.type] = (stats.byType[m.type] || 0) + 1;
+    
+    // By risk
+    const risk = m.safety?.riskLevel || 'medium';
+    stats.byRisk[risk] = (stats.byRisk[risk] || 0) + 1;
+    
+    // By blast radius
+    const blast = m.scope?.blastRadius || 'medium';
+    stats.byBlastRadius[blast] = (stats.byBlastRadius[blast] || 0) + 1;
+    
+    // Finding count
+    stats.totalFindings += m.objective?.findingCount || 1;
+    
+    // Confidence
+    totalConfidence += m.safety?.confidence || 0.5;
+  }
+  
+  stats.avgConfidence = missions.length > 0 
+    ? Math.round((totalConfidence / missions.length) * 100) / 100 
+    : 0;
+  
+  return stats;
 }
 
 module.exports = { 
+  // Main planning functions
   planMissions,
+  planSingleMission,
+  getMissionStats,
+  
+  // Grouping functions
+  groupRelatedFindings,
+  groupWithBlastRadiusLimit,
+  
+  // Utility functions
   scoreFinding,
   generateFingerprint,
+  extractFilesFromFindings,
+  buildImportGraph,
+  findConnectedFileClusters,
+  calculateClusterRisk,
+  
+  // Constants
   CATEGORY_TO_MISSION_TYPE,
-  MISSION_PRIORITY
+  MISSION_PRIORITY,
 };