@zohodesk/codestandard-validator 1.1.4 → 1.2.4-exp-2

package/build/ai/config.example.json

@@ -0,0 +1,10 @@
+{
+  "provider": "ollama",
+  "baseUrl": "http://127.0.0.1:11434",
+  "endpoint": "/api/generate",
+  "model": "deepseek-r1:8b",
+  "temperature": 0.2,
+  "maxTokens": 4096,
+  "timeoutMs": 120000,
+  "stream": true
+}

package/build/ai/ollama-service.js

@@ -0,0 +1,403 @@
+"use strict";
+
+const fs = require('fs');
+const path = require('path');
+const {
+  createProvider
+} = require('./provider-factory');
+const {
+  printMarkdown,
+  formatReviewResult,
+  renderMarkdown
+} = require('./render');
+function sanitizeStreamText(text) {
+  if (!text) return '';
+  return String(text).replace(/<think>[\s\S]*?<\/think>/gi, '').replace(/<\s*think[^>]*>/gi, '').replace(/<\/\s*think\s*>/gi, '').replace(/[^\S\r\n]+/g, ' ') // collapse excessive spaces
+  .replace(/\s*\n+\s*/g, '\n') // normalize newlines
+  .trim();
+}
+
+/**
+ * Ollama API Configuration Schema
+ * Ref: https://github.com/ollama/ollama/blob/main/docs/api.md#generate-a-completion
+ */
+const API_CONFIG_SCHEMA = {
+  baseUrl: {
+    type: 'string',
+    default: 'http://localhost:11434',
+    required: true
+  },
+  model: {
+    type: 'string',
+    default: 'codellama',
+    required: true
+  },
+  endpoint: {
+    type: 'string',
+    default: '/api/generate',
+    required: true
+  },
+  temperature: {
+    type: 'number',
+    default: 0.3,
+    min: 0,
+    max: 1
+  },
+  maxTokens: {
+    type: 'number',
+    default: 4096,
+    min: 256,
+    max: 16384
+  },
+  timeoutMs: {
+    type: 'number',
+    default: 120000
+  },
+  stream: {
+    type: 'boolean',
+    default: true
+  }
+};
+
+/**
+ * Reads all .md files from a folder, sorted alphabetically, and concatenates their content.
+ * @param {string} promptFolder - Absolute or relative path to the prompts folder
+ * @returns {string} Combined prompt text
+ */
+function loadPromptsFromFolder(promptFolder) {
+  const resolvedPath = path.resolve(promptFolder);
+  if (!fs.existsSync(resolvedPath)) {
+    throw new Error(`Prompt folder not found: "${resolvedPath}"`);
+  }
+  const stat = fs.statSync(resolvedPath);
+  if (!stat.isDirectory()) {
+    throw new Error(`Prompt path is not a directory: "${resolvedPath}"`);
+  }
+  const mdFiles = fs.readdirSync(resolvedPath).filter(file => path.extname(file).toLowerCase() === '.md').sort();
+  if (mdFiles.length === 0) {
+    throw new Error(`No .md prompt files found in: "${resolvedPath}"`);
+  }
+  const combined = mdFiles.map(file => {
+    const filePath = path.join(resolvedPath, file);
+    const content = fs.readFileSync(filePath, 'utf-8').trim();
+    return `<!-- prompt: ${file} -->\n${content}`;
+  });
+  return combined.join('\n\n');
+}
+
+/**
+ * Reads a single file and returns its content with metadata.
+ * @param {string} filePath
+ * @returns {{ filePath: string, fileName: string, content: string, extension: string }}
+ */
+function readFileForReview(filePath) {
+  const resolvedPath = path.resolve(filePath);
+  if (!fs.existsSync(resolvedPath)) {
+    throw new Error(`File not found: "${resolvedPath}"`);
+  }
+  const stat = fs.statSync(resolvedPath);
+  if (!stat.isFile()) {
+    throw new Error(`Path is not a file: "${resolvedPath}"`);
+  }
+  return {
+    filePath: resolvedPath,
+    fileName: path.basename(resolvedPath),
+    content: fs.readFileSync(resolvedPath, 'utf-8'),
+    extension: path.extname(resolvedPath).slice(1)
+  };
+}
+
+/**
+ * Reads all files from a folder (non-recursive) for review.
+ * @param {string} folderPath
+ * @param {string[]} [extensions] - Optional filter, e.g. ['.js', '.ts']
+ * @returns {Array<{ filePath: string, fileName: string, content: string, extension: string }>}
+ */
+function readFilesFromFolder(folderPath, extensions = []) {
+  const resolvedPath = path.resolve(folderPath);
+  if (!fs.existsSync(resolvedPath)) {
+    throw new Error(`Folder not found: "${resolvedPath}"`);
+  }
+  const stat = fs.statSync(resolvedPath);
+  if (!stat.isDirectory()) {
+    throw new Error(`Path is not a directory: "${resolvedPath}"`);
+  }
+  const entries = fs.readdirSync(resolvedPath);
+  return entries.filter(entry => {
+    const fullPath = path.join(resolvedPath, entry);
+    if (!fs.statSync(fullPath).isFile()) return false;
+    if (extensions.length === 0) return true;
+    return extensions.includes(path.extname(entry).toLowerCase());
+  }).map(entry => readFileForReview(path.join(resolvedPath, entry)));
+}
+
+/**
+ * Validates and merges user config with schema defaults.
+ * @param {Object} userConfig
+ * @returns {Object} validated config
+ */
+function buildConfig(userConfig = {}) {
+  const config = {};
+
+  // Pass through provider field for factory
+  if (userConfig.provider) {
+    config.provider = userConfig.provider;
+  }
+  for (const [key, schema] of Object.entries(API_CONFIG_SCHEMA)) {
+    const value = userConfig[key];
+    if (value === undefined || value === null) {
+      if (schema.required && schema.default === undefined) {
+        throw new Error(`Missing required config: "${key}"`);
+      }
+      config[key] = schema.default;
+      continue;
+    }
+    if (typeof value !== schema.type) {
+      throw new TypeError(`Config "${key}" must be of type ${schema.type}, got ${typeof value}`);
+    }
+    if (schema.min !== undefined && value < schema.min) {
+      throw new RangeError(`Config "${key}" must be >= ${schema.min}`);
+    }
+    if (schema.max !== undefined && value > schema.max) {
+      throw new RangeError(`Config "${key}" must be <= ${schema.max}`);
+    }
+    config[key] = value;
+  }
+  return config;
+}
+
+/**
+ * Builds the full review prompt with injected code.
+ * Uses custom prompt from folder if provided, otherwise falls back to default.
+ * @param {string} code - The source code to inject
+ * @param {string} [promptFolder] - Optional path to folder containing .md prompt files
+ * @returns {string}
+ */
+function buildPrompt(code, promptFolder) {
+  if (!code || typeof code !== 'string') {
+    throw new Error('Code input must be a non-empty string');
+  }
+  let basePrompt;
+  if (promptFolder) {
+    basePrompt = loadPromptsFromFolder(promptFolder);
+    if (!basePrompt.includes('{{CODE}}')) {
+      basePrompt += `\n\n## Code to Review\n\`\`\`\n{{CODE}}\n\`\`\``;
+    }
+  } else {
+    basePrompt = DEFAULT_REVIEW_PROMPT + `\n\n## Code to Review\n\`\`\`\n{{CODE}}\n\`\`\``;
+  }
+
+  // Force JSON-only output instruction at the end to reduce drift
+  basePrompt += `
+
+CRITICAL: Output ONLY a single valid JSON object. No markdown, tables, or extra text. If streaming, emit NDJSON lines containing only JSON fragments or the final JSON object. Do not include <think> or hidden content.`;
+  return basePrompt.replace('{{CODE}}', code.trim());
+}
+
+/**
+ * Parses JSON from Ollama response text, handling markdown fences.
+ * @param {string} text
+ * @param {Object} options
+ * @returns {Object}
+ */
+function parseReviewResponse(text, {
+  fileName
+}) {
+  let cleaned = text.trim();
+
+  //Strip <think>...</think> blocks (deepseek-r1 reasoning)
+  cleaned = cleaned.replace(/<think>[\s\S]*?<\/think>/gi, '').trim();
+
+  // Strip markdown code fences and extract JSON
+  const jsonFenceMatch = cleaned.match(/```(?:json)?\s*([\s\S]*?)```/);
+  if (jsonFenceMatch) {
+    cleaned = jsonFenceMatch[1].trim();
+  }
+
+  // Try to find a JSON object anywhere in the text
+  if (!cleaned.startsWith('{')) {
+    const jsonObjectMatch = cleaned.match(/(\{[\s\S]*\})/);
+    if (jsonObjectMatch) {
+      cleaned = jsonObjectMatch[1].trim();
+    }
+  }
+  try {
+    const parsed = JSON.parse(cleaned);
+    parsed.fileName = fileName;
+    return parsed;
+  } catch {
+    return {
+      fileName,
+      overallScore: null,
+      categories: null,
+      criticalIssues: [],
+      suggestions: [],
+      summary: cleaned,
+      rawResponse: true
+    };
+  }
+}
+
+/**
+ * Fetches a code review from the configured AI provider.
+ *
+ * @param {string} code - Source code to review
+ * @param {Object} [options]
+ * @param {Object} [options.config] - API config overrides
+ * @param {string} [options.promptFolder] - Path to folder with .md prompt files
+ * @param {string} [options.fileName] - Original file name for context
+ * @param {Function} [options.onToken] - Callback for streaming tokens
+ * @returns {Promise<Object>} Structured review result
+ */
+async function fetchCodeReview(code, options = {}) {
+  const {
+    config: userConfig = {},
+    promptFolder,
+    fileName,
+    onToken
+  } = options;
+  const config = buildConfig(userConfig);
+  const codeWithContext = fileName ? `// File: ${fileName}\n${code}` : code;
+  const prompt = buildPrompt(codeWithContext, promptFolder);
+  const provider = createProvider(config);
+  const {
+    text
+  } = await provider.generate({
+    prompt,
+    fileName,
+    onToken: chunk => {
+      // Forward raw token directly — let the caller decide how to handle it
+      if (chunk && typeof onToken === 'function') onToken(chunk);
+    }
+  });
+  const cleanText = sanitizeStreamText(text);
+  return parseReviewResponse(cleanText, {
+    fileName
+  });
+}
+
+/**
+ * Reviews a single file by path.
+ * @param {string} filePath - Path to the file to review
+ * @param {Object} [options]
+ * @param {Object} [options.config] - API config overrides
+ * @param {string} [options.promptFolder] - Path to folder with .md prompt files
+ * @param {Function} [options.onToken] - Callback for streaming tokens
+ * @returns {Promise<Object>}
+ */
+async function reviewFile(filePath, options = {}) {
+  const file = readFileForReview(filePath);
+  return fetchCodeReview(file.content, {
+    ...options,
+    fileName: file.fileName
+  });
+}
+
+/**
+ * Reviews multiple files by their paths.
+ * @param {string[]} filePaths - Array of file paths to review
+ * @param {Object} [options]
+ * @param {Object} [options.config] - API config overrides
+ * @param {string} [options.promptFolder] - Path to folder with .md prompt files
+ * @param {number} [options.concurrency=1] - Number of concurrent reviews
+ * @param {boolean} [options.streamToConsole] - Whether to stream tokens to stdout
+ * @param {Function} [options.onResult] - Callback per completed review
+ * @returns {Promise<Object[]>} Array of review results
+ */
+async function reviewFiles(filePaths, options = {}) {
+  const {
+    concurrency = 1,
+    onResult,
+    streamToConsole,
+    ...reviewOptions
+  } = options;
+  const results = [];
+  for (let i = 0; i < filePaths.length; i += concurrency) {
+    const batch = filePaths.slice(i, i + concurrency);
+    const promises = batch.map(fp => reviewFile(fp, {
+      ...reviewOptions,
+      onToken: token => {
+        if (!streamToConsole) return;
+        if (!token) return;
+        // Write raw token directly to stdout during streaming
+        process.stdout.write(token);
+      }
+    }).then(value => {
+      // Print newline after stream ends for this file
+      if (streamToConsole) process.stdout.write('\n');
+      return {
+        status: 'fulfilled',
+        value,
+        filePath: fp
+      };
+    }).catch(error => {
+      if (streamToConsole) process.stdout.write('\n');
+      return {
+        status: 'rejected',
+        reason: error,
+        filePath: fp
+      };
+    }));
+    for (const p of promises) {
+      p.then(r => {
+        let out;
+        if (r.status === 'fulfilled') {
+          out = typeof r.value === 'string' ? {
+            message: sanitizeStreamText(r.value)
+          } : r.value;
+          results.push(out);
+        } else {
+          var _r$reason;
+          const fp = r.filePath;
+          out = {
+            success: false,
+            fileName: path.basename(fp),
+            filePath: fp,
+            error: ((_r$reason = r.reason) === null || _r$reason === void 0 ? void 0 : _r$reason.message) || r.reason || 'Unknown error'
+          };
+          results.push(out);
+        }
+        if (typeof onResult === 'function') {
+          try {
+            onResult(out);
+          } catch {}
+        }
+      });
+    }
+    await Promise.allSettled(promises);
+  }
+  return results;
+}
+
+/**
+ * Reviews all files in a folder.
+ * @param {string} folderPath - Path to folder containing files to review
+ * @param {Object} [options]
+ * @param {Object} [options.config] - API config overrides
+ * @param {string} [options.promptFolder] - Path to folder with .md prompt files
+ * @param {string[]} [options.extensions] - File extensions to include, e.g. ['.js', '.ts']
+ * @param {number} [options.concurrency=1] - Number of concurrent reviews
+ * @returns {Promise<Object[]>}
+ */
+async function reviewFolder(folderPath, options = {}) {
+  const {
+    extensions = [],
+    ...rest
+  } = options;
+  const files = readFilesFromFolder(folderPath, extensions);
+  const filePaths = files.map(f => f.filePath);
+  return reviewFiles(filePaths, rest);
+}
+module.exports = {
+  API_CONFIG_SCHEMA,
+  loadPromptsFromFolder,
+  readFileForReview,
+  readFilesFromFolder,
+  buildConfig,
+  buildPrompt,
+  parseReviewResponse,
+  fetchCodeReview,
+  reviewFile,
+  reviewFiles,
+  reviewFolder
+};

package/build/ai/prompts/CODE_REVIEW_PROMPT.md

@@ -0,0 +1,72 @@
+You are an expert code reviewer. Analyze the provided code against the following 50-point checklist.
+Score each applicable category (1-10) and provide specific feedback.
+
+**CRITICAL INSTRUCTION: Your entire response MUST be a single valid JSON object. No explanation, no commentary, no markdown outside the JSON. Do not wrap in code fences. Output ONLY the JSON object.**
+
+## Review Categories
+
+### 1. Code Quality (10 points)
+1. Readability and clarity
+2. Consistent naming conventions
+3. Proper use of comments and documentation
+4. Code simplicity (no unnecessary complexity)
+5. DRY principle adherence
+6. Single Responsibility Principle
+7. Proper abstraction levels
+8. Clean function/method signatures
+9. Appropriate use of constants vs magic numbers
+10. Code formatting and indentation
+
+### 2. Error Handling (10 points)
+11. Proper try-catch usage
+12. Meaningful error messages
+13. Graceful degradation
+14. Input validation
+15. Null/undefined safety
+16. Boundary condition handling
+17. Async error handling
+18. Error propagation strategy
+19. Logging of errors
+20. User-facing error responses
+
+### 3. Performance (10 points)
+21. Algorithm efficiency (time complexity)
+22. Memory usage optimization
+23. Avoiding unnecessary computations
+24. Efficient data structures
+25. Lazy loading / deferred execution
+26. Caching strategy
+27. Loop optimization
+28. Avoiding memory leaks
+29. Database/API call optimization
+30. Bundle size / import efficiency
+
+### 4. Security (10 points)
+31. Input sanitization
+32. SQL/NoSQL injection prevention
+33. XSS prevention
+34. Authentication/authorization checks
+35. Sensitive data exposure
+36. Dependency vulnerability awareness
+37. CSRF protection
+38. Secure communication (HTTPS, encryption)
+39. Proper secret management
+40. Rate limiting / abuse prevention
+
+### 5. Maintainability (10 points)
+41. Modularity and reusability
+42. Testability
+43. Configuration externalization
+44. Dependency management
+45. Version compatibility
+46. Backward compatibility
+47. Documentation completeness
+48. Changelog / migration notes
+49. Linting / formatting rules followed
+50. CI/CD readiness
+
+## Required Output
+
+Respond with ONLY this JSON structure (no other text before or after):
+{"overallScore":<number 0-50>,"categories":{"codeQuality":{"score":<0-10>,"issues":[<string>,…]},"errorHandling":{"score":<0-10>,"issues":[<string>,…]},"performance":{"score":<0-10>,"issues":[<string>,…]},"security":{"score":<0-10>,"issues":[<string>,…]},"maintainability":{"score":<0-10>,"issues":[<string>,…]}},"criticalIssues":[<string>,…],"suggestions":[<string>,…],"summary":"<brief overall summary>"}
+

package/build/ai/prompts/PROMPT1.MD

@@ -0,0 +1,70 @@
+## Components & CSS Files Review Checklist
+
+
+##  Folder Structure Validation
+All UAT-related files must be placed under the `{appName}/uat` directory.
+
+The structure must follow:
+ - `{ComponentName}.css` – File names ends with
+ - it should closet to compponet file
+
+
+### 1. Prop Types Definition
+Props must be defined with types in `{ComponentName}.propTypes.js`.  
+Prop names must be raw, common HTML-based names and not application-specific.
+
+### 2. Component Structure
+`{ComponentName}.propTypes.js` must be imported into `{ComponentName}.js`.  
+Component name must start with a capital letter and must be a functional component (no class components).
+
+### 3. Component Purity
+No Redux, state, or application logic is allowed in `{ComponentName}.js`.  
+Hook or functional logic must be moved to `{ComponentName}.behaviour.js` or `{ComponentName}.hook.js` and imported.
+
+### 4. Code Cleanliness
+No duplicate lines, unused variables, unused methods, unused imports, or commented code.  
+Keep the component clean and minimal.
+
+### 5. Linting & Hooks Validation
+Code must pass linter checks.  
+React hooks must follow proper usage rules and performance best practices.
+
+### 6. CSS Imports
+CSS files must be imported as `styles` from `./{ComponentName}.css` in `{ComponentName}.js`
+Other naming conventions are allowed if consistently used.
+
+### 7. CSS Standards & Naming
+CSS must follow BEM naming conventions and be compatible with CSS Modules.  
+Class names must be HTML/component-based and not application-specific.
+
+### 8. CSS Variables & Layout Rules
+All colors, fonts, widths, heights, and spacing must use variables only.  
+Width and height definitions must include appropriate min and max values.
+
+### 9. CSS Selector Rules
+Do not use units with zero values (`0` instead of `0px` or `0rem`).  
+Limit selector nesting depth to the allowed maximum.  
+Do not use ID selectors—use class selectors only.
+Do not use TAG selectors—use class selectors only. if required the file line must have proper comment. 
+
+### 10. CSS Quality Rules
+Avoid adjoining class selectors and prefer reusable single classes.  
+Avoid duplicate CSS properties, empty blocks, empty values, unknown or misspelled properties.  
+Do not use `!important`; if required, add a same-line comment explaining why.
+
+### 11. CSS Content Rules
+Always use double quotes for the `content` property.  
+Only valid and supported CSS properties are allowed.
+
+### 12. HTML & Accessibility
+HTML must follow accessibility (a11y) standards.  
+Avoid duplicate attributes and follow semantic HTML.  
+Reuse existing Haas or common components instead of rewriting code.
+
+### 13. Events & Text Handling
+Event bindings must not create new inline functions.  
+No hard-coded English text is allowed; all text must be passed via props.
+
+### 14. Documentation
+A `{ComponentName}.docs.js` file must be added and used for documentation.  
+Component usage and behavior must be clearly documented.