archicore 0.3.6 → 0.3.7

package/dist/cli/commands/interactive.js

@@ -25,6 +25,8 @@ const COMMANDS = [
     { name: 'rules', aliases: [], description: 'Check architectural rules' },
     { name: 'docs', aliases: ['documentation'], description: 'Generate architecture documentation' },
     { name: 'export', aliases: [], description: 'Export analysis results' },
+    { name: 'enterprise', aliases: ['ent'], description: 'Enterprise analysis for large projects (50K+ files)' },
+    { name: 'estimate', aliases: ['est'], description: 'Estimate project size and recommended tier' },
     { name: 'history', aliases: ['hist'], description: 'View and search conversation history' },
     { name: 'resume', aliases: [], description: 'Resume previous conversation session' },
     { name: 'status', aliases: [], description: 'Show connection and project status' },
@@ -532,6 +534,14 @@ async function handleCommand(input) {
         case 'resume':
             await handleResumeCommand(args);
             break;
+        case 'enterprise':
+        case 'ent':
+            await handleEnterpriseCommand(args);
+            break;
+        case 'estimate':
+        case 'est':
+            await handleEstimateCommand();
+            break;
         default:
             printFormattedError(`Unknown command: /${command}`, {
                 suggestion: 'Use /help to see available commands',
@@ -1321,8 +1331,11 @@ async function handleDocsCommand(args) {
         printInfo('Use /index first');
         return;
     }
+    const pathModule = await import('path');
     const format = args[0] || 'markdown';
-    const output = args[1] || `documentation.${format === 'markdown' ? 'md' : format}`;
+    const filename = `ARCHITECTURE.${format === 'markdown' ? 'md' : format}`;
+    // Save to project root by default, or custom path if specified
+    const output = args[1] || pathModule.default.join(state.projectPath, filename);
     const spinner = createSpinner('Generating documentation...').start();
     try {
         const config = await loadConfig();
@@ -1339,6 +1352,7 @@ async function handleDocsCommand(args) {
         spinner.succeed('Documentation generated');
         printKeyValue('Output', output);
         printKeyValue('Format', format);
+        printInfo(`Documentation saved to project root: ${filename}`);
         showTokenUsage();
     }
     catch (error) {
@@ -1510,4 +1524,209 @@ async function handleResumeCommand(args) {
         printError(String(error));
     }
 }
+async function handleEstimateCommand() {
+    if (!state.projectId) {
+        printError('No project indexed');
+        printInfo('Use /index first to register the project');
+        return;
+    }
+    const spinner = createSpinner('Analyzing project size...').start();
+    try {
+        const config = await loadConfig();
+        const response = await apiFetch(`${config.serverUrl}/api/projects/${state.projectId}/enterprise/estimate`);
+        if (!response.ok) {
+            spinner.fail('Failed to estimate project');
+            const errorData = await response.json().catch(() => ({}));
+            printError(errorData.error || 'Unknown error');
+            return;
+        }
+        const data = await response.json();
+        spinner.succeed('Project analyzed');
+        console.log();
+        printSection('Project Size Estimation');
+        printKeyValue('Total Files', data.totalFiles?.toLocaleString() || 'N/A');
+        printKeyValue('Total Size', `${data.totalSizeMB?.toFixed(1) || 'N/A'} MB`);
+        printKeyValue('Recommended Tier', colors.primary(data.recommendation?.toUpperCase() || 'STANDARD'));
+        printKeyValue('Estimated Time', `~${data.estimatedTimeMinutes || 'N/A'} minutes`);
+        // Language distribution
+        if (data.languageDistribution && Object.keys(data.languageDistribution).length > 0) {
+            console.log();
+            console.log(colors.highlight('  Language Distribution:'));
+            const sorted = Object.entries(data.languageDistribution)
+                .sort((a, b) => b[1] - a[1])
+                .slice(0, 8);
+            for (const [lang, count] of sorted) {
+                const percent = data.totalFiles ? ((count / data.totalFiles) * 100).toFixed(1) : '?';
+                console.log(`    ${lang.padEnd(12)} ${colors.muted(count.toLocaleString().padStart(6))} (${percent}%)`);
+            }
+        }
+        // Tier recommendations
+        if (data.tiers) {
+            console.log();
+            console.log(colors.highlight('  Available Tiers:'));
+            console.log(`    ${colors.success('quick')}    - ${data.tiers.quick.estimatedFiles.toLocaleString()} files - Fast overview`);
+            console.log(`    ${colors.warning('standard')} - ${data.tiers.standard.estimatedFiles.toLocaleString()} files - Balanced analysis`);
+            console.log(`    ${colors.error('deep')}     - ${data.tiers.deep.estimatedFiles.toLocaleString()} files - Full analysis (Enterprise)`);
+        }
+        console.log();
+        printInfo('Use /enterprise [tier] to start analysis');
+        printInfo('Example: /enterprise quick  or  /enterprise standard');
+    }
+    catch (error) {
+        spinner.fail('Failed to estimate project');
+        printError(String(error));
+    }
+}
+async function handleEnterpriseCommand(args) {
+    if (!state.projectId) {
+        printError('No project indexed');
+        printInfo('Use /index first to register the project');
+        return;
+    }
+    const tier = args[0]?.toLowerCase() || 'standard';
+    const strategy = args[1] || 'smart';
+    if (!['quick', 'standard', 'deep'].includes(tier)) {
+        printError(`Invalid tier: ${tier}`);
+        printInfo('Available tiers: quick, standard, deep');
+        return;
+    }
+    // First, get estimate to show what we're doing
+    const estimateSpinner = createSpinner('Analyzing project...').start();
+    try {
+        const config = await loadConfig();
+        // Get estimate first
+        const estimateResponse = await apiFetch(`${config.serverUrl}/api/projects/${state.projectId}/enterprise/estimate`);
+        if (!estimateResponse.ok) {
+            estimateSpinner.fail('Failed to analyze project');
+            return;
+        }
+        const estimate = await estimateResponse.json();
+        estimateSpinner.succeed(`Project has ${estimate.totalFiles?.toLocaleString()} files`);
+        // Determine files to analyze
+        const tierConfig = estimate.tiers?.[tier];
+        const filesToAnalyze = tierConfig?.estimatedFiles || estimate.totalFiles || 0;
+        console.log();
+        console.log(`  ${colors.highlight('Enterprise Analysis Configuration:')}`);
+        console.log(`    Tier:      ${colors.primary(tier.toUpperCase())}`);
+        console.log(`    Strategy:  ${colors.muted(strategy)}`);
+        console.log(`    Files:     ${colors.muted(filesToAnalyze.toLocaleString())} of ${estimate.totalFiles?.toLocaleString()}`);
+        console.log();
+        // Confirm for large projects
+        if ((estimate.totalFiles || 0) > 10000 && tier !== 'quick') {
+            const confirmed = await promptYesNo(`This is a large project (${estimate.totalFiles?.toLocaleString()} files). Continue with ${tier} analysis?`);
+            if (!confirmed) {
+                printInfo('Cancelled. Use /enterprise quick for faster analysis.');
+                return;
+            }
+        }
+        // Start enterprise indexing
+        const indexSpinner = createSpinner(`Starting ${tier} analysis with ${strategy} sampling...`).start();
+        // For CLI, we do local indexing with enterprise options
+        const { CodeIndex } = await import('../../code-index/index.js');
+        const { EnterpriseIndexer } = await import('../../server/services/enterprise-indexer.js');
+        const fs = await import('fs/promises');
+        const pathModule = await import('path');
+        // Initialize enterprise indexer
+        const enterpriseIndexer = new EnterpriseIndexer(state.projectPath, {
+            tier,
+            sampling: {
+                enabled: true,
+                maxFiles: tierConfig?.maxFiles || 5000,
+                strategy: strategy,
+            },
+        });
+        await enterpriseIndexer.initialize();
+        indexSpinner.update('Selecting files to analyze...');
+        const filesToIndex = await enterpriseIndexer.getFilesToIndex();
+        indexSpinner.update(`Parsing ${filesToIndex.length} selected files...`);
+        // Parse only selected files
+        const codeIndex = new CodeIndex(state.projectPath);
+        const asts = new Map();
+        let parsed = 0;
+        for (const filePath of filesToIndex) {
+            try {
+                const { ASTParser } = await import('../../code-index/ast-parser.js');
+                const parser = new ASTParser();
+                const ast = await parser.parseFile(filePath);
+                if (ast) {
+                    asts.set(filePath, ast);
+                    parsed++;
+                    if (parsed % 100 === 0) {
+                        indexSpinner.update(`Parsed ${parsed}/${filesToIndex.length} files...`);
+                    }
+                }
+            }
+            catch {
+                // Skip files that can't be parsed
+            }
+        }
+        indexSpinner.update(`Extracting symbols from ${asts.size} files...`);
+        // Extract symbols
+        const symbols = codeIndex.extractSymbols(asts);
+        indexSpinner.update(`Found ${symbols.size} symbols, building graph...`);
+        // Build dependency graph
+        const graph = codeIndex.buildDependencyGraph(asts, symbols);
+        // Read file contents (only for smaller selections)
+        let fileContents = [];
+        if (filesToIndex.length <= 2000) {
+            indexSpinner.update('Reading file contents...');
+            for (const [filePath] of asts) {
+                try {
+                    const fullPath = pathModule.default.isAbsolute(filePath)
+                        ? filePath
+                        : pathModule.default.join(state.projectPath, filePath);
+                    const content = await fs.readFile(fullPath, 'utf-8');
+                    fileContents.push([filePath, content]);
+                }
+                catch {
+                    // Skip unreadable files
+                }
+            }
+        }
+        // Prepare data for upload
+        const astsArray = Array.from(asts.entries());
+        const symbolsArray = Array.from(symbols.entries());
+        const graphData = {
+            nodes: Array.from(graph.nodes.entries()),
+            edges: Array.from(graph.edges.entries()),
+        };
+        const indexData = {
+            asts: astsArray,
+            symbols: symbolsArray,
+            graph: graphData,
+            fileContents,
+            statistics: {
+                totalFiles: asts.size,
+                totalSymbols: symbols.size,
+            },
+        };
+        // Upload to server
+        indexSpinner.update('Uploading analysis data to server...');
+        const uploadResult = await uploadIndexData(state.projectId, indexData, (progress) => {
+            indexSpinner.update(progress.message);
+        });
+        if (!uploadResult.success) {
+            indexSpinner.fail('Failed to upload analysis');
+            if (uploadResult.errorDetails) {
+                printError(uploadResult.errorDetails.message);
+                printInfo(uploadResult.errorDetails.suggestion);
+            }
+            return;
+        }
+        indexSpinner.succeed(`Enterprise analysis complete!`);
+        console.log();
+        printSection('Analysis Summary');
+        printKeyValue('Tier', tier.toUpperCase());
+        printKeyValue('Strategy', strategy);
+        printKeyValue('Files Analyzed', asts.size.toLocaleString());
+        printKeyValue('Symbols Found', symbols.size.toLocaleString());
+        printKeyValue('Graph Nodes', graph.nodes.size.toLocaleString());
+        console.log();
+        printSuccess('Project is ready for queries!');
+        printInfo('Try: /search "authentication" or /metrics or /security');
+    }
+    catch (error) {
+        printError(`Enterprise analysis failed: ${error}`);
+    }
+}
 //# sourceMappingURL=interactive.js.map

package/dist/github/github-service.d.ts

@@ -9,11 +9,11 @@ export declare class GitHubService {
     private connections;
     private repositories;
     private initialized;
-    private clientId;
-    private clientSecret;
-    private redirectUri;
-    private webhookBaseUrl;
     constructor(dataDir?: string);
+    private get clientId();
+    private get clientSecret();
+    private get redirectUri();
+    private get webhookBaseUrl();
     private ensureInitialized;
     private saveConnections;
     private saveRepositories;

package/dist/github/github-service.js

@@ -10,8 +10,19 @@ import { Logger } from '../utils/logger.js';
 const DATA_DIR = '.archicore';
 const CONNECTIONS_FILE = 'github-connections.json';
 const REPOSITORIES_FILE = 'github-repositories.json';
-// Encryption key (in production, use env variable)
-const ENCRYPTION_KEY = process.env.GITHUB_ENCRYPTION_KEY || 'archicore-github-key-32bytes!!';
+// Encryption key - REQUIRED in production
+function getEncryptionKey() {
+    const key = process.env.GITHUB_ENCRYPTION_KEY || process.env.ENCRYPTION_KEY;
+    if (!key) {
+        if (process.env.NODE_ENV === 'production') {
+            throw new Error('ENCRYPTION_KEY or GITHUB_ENCRYPTION_KEY is required in production');
+        }
+        // Dev-only fallback (logs warning)
+        console.warn('WARNING: Using dev-only encryption key. Set ENCRYPTION_KEY in production.');
+        return 'dev-only-github-key-32bytes!!!';
+    }
+    return key;
+}
 // Singleton instance
 let instance = null;
 export class GitHubService {
@@ -19,22 +30,27 @@ export class GitHubService {
     connections = [];
     repositories = [];
     initialized = false;
-    clientId;
-    clientSecret;
-    redirectUri;
-    webhookBaseUrl;
     constructor(dataDir = DATA_DIR) {
         // Singleton pattern - return existing instance
         if (instance) {
             return instance;
         }
         this.dataDir = dataDir;
-        this.clientId = process.env.GITHUB_CLIENT_ID || '';
-        this.clientSecret = process.env.GITHUB_CLIENT_SECRET || '';
-        this.redirectUri = process.env.GITHUB_REDIRECT_URI || 'http://localhost:3000/api/github/callback';
-        this.webhookBaseUrl = process.env.ARCHICORE_WEBHOOK_URL || 'http://localhost:3000/api/github/webhook';
         instance = this;
     }
+    // Lazy getters for environment variables (read at runtime, not at module load)
+    get clientId() {
+        return process.env.GITHUB_CLIENT_ID || '';
+    }
+    get clientSecret() {
+        return process.env.GITHUB_CLIENT_SECRET || '';
+    }
+    get redirectUri() {
+        return process.env.GITHUB_REDIRECT_URI || process.env.GITHUB_CALLBACK_URL || 'http://localhost:3000/api/github/callback';
+    }
+    get webhookBaseUrl() {
+        return process.env.ARCHICORE_WEBHOOK_URL || 'http://localhost:3000/api/github/webhook';
+    }
     async ensureInitialized() {
         if (this.initialized)
             return;
@@ -75,7 +91,7 @@ export class GitHubService {
     // ===== ENCRYPTION =====
     encrypt(text) {
         const iv = randomBytes(16);
-        const key = createHash('sha256').update(ENCRYPTION_KEY).digest();
+        const key = createHash('sha256').update(getEncryptionKey()).digest();
         const cipher = createCipheriv('aes-256-cbc', key, iv);
         let encrypted = cipher.update(text, 'utf8', 'hex');
         encrypted += cipher.final('hex');
@@ -84,7 +100,7 @@ export class GitHubService {
     decrypt(encrypted) {
         const parts = encrypted.split(':');
         const iv = Buffer.from(parts[0], 'hex');
-        const key = createHash('sha256').update(ENCRYPTION_KEY).digest();
+        const key = createHash('sha256').update(getEncryptionKey()).digest();
         const decipher = createDecipheriv('aes-256-cbc', key, iv);
         let decrypted = decipher.update(parts[1], 'hex', 'utf8');
         decrypted += decipher.final('utf8');
@@ -640,7 +656,7 @@ export class GitHubService {
         const response = await fetch(url, {
             headers: {
                 'Authorization': `Bearer ${accessToken}`,
-                'Accept': 'application/vnd.github+json',
+                'Accept': 'application/vnd.github.v3+raw',
                 'User-Agent': 'ArchiCore',
                 'X-GitHub-Api-Version': '2022-11-28'
             },

package/dist/gitlab/gitlab-service.js

@@ -19,8 +19,19 @@ import { Logger } from '../utils/logger.js';
 const DATA_DIR = process.env.ARCHICORE_DATA_DIR || '.archicore';
 const INSTANCES_FILE = 'gitlab-instances.json';
 const REPOSITORIES_FILE = 'gitlab-repositories.json';
-// Encryption key for tokens
-const ENCRYPTION_KEY = process.env.GITLAB_ENCRYPTION_KEY || process.env.ENCRYPTION_KEY || 'archicore-gitlab-key-32bytes!!';
+// Encryption key - REQUIRED in production
+function getEncryptionKey() {
+    const key = process.env.GITLAB_ENCRYPTION_KEY || process.env.ENCRYPTION_KEY;
+    if (!key) {
+        if (process.env.NODE_ENV === 'production') {
+            throw new Error('ENCRYPTION_KEY or GITLAB_ENCRYPTION_KEY is required in production');
+        }
+        // Dev-only fallback (logs warning)
+        console.warn('WARNING: Using dev-only encryption key. Set ENCRYPTION_KEY in production.');
+        return 'dev-only-gitlab-key-32bytes!!!';
+    }
+    return key;
+}
 // Webhook base URL - construct from PUBLIC_URL or API_URL
 const getWebhookUrl = () => {
     // Use explicit GitLab webhook URL if set
@@ -118,7 +129,7 @@ export class GitLabService {
     // ===== ENCRYPTION =====
     encrypt(text) {
         const iv = randomBytes(16);
-        const key = createHash('sha256').update(ENCRYPTION_KEY).digest();
+        const key = createHash('sha256').update(getEncryptionKey()).digest();
         const cipher = createCipheriv('aes-256-cbc', key, iv);
         let encrypted = cipher.update(text, 'utf8', 'hex');
         encrypted += cipher.final('hex');
@@ -130,7 +141,7 @@ export class GitLabService {
             if (parts.length !== 2)
                 return encrypted; // Not encrypted
             const iv = Buffer.from(parts[0], 'hex');
-            const key = createHash('sha256').update(ENCRYPTION_KEY).digest();
+            const key = createHash('sha256').update(getEncryptionKey()).digest();
             const decipher = createDecipheriv('aes-256-cbc', key, iv);
             let decrypted = decipher.update(parts[1], 'hex', 'utf8');
             decrypted += decipher.final('utf8');
@@ -488,19 +499,41 @@ export class GitLabService {
             throw new Error('GitLab instance not found');
         }
         const accessToken = this.decrypt(instance.accessToken);
-        const encodedId = encodeURIComponent(String(projectId));
-        const sha = ref || 'HEAD';
-        const url = `${instance.instanceUrl}/api/v4/projects/${encodedId}/repository/archive.zip?sha=${encodeURIComponent(sha)}`;
-        const response = await fetch(url, {
-            headers: {
-                'PRIVATE-TOKEN': accessToken
+        // Get project info for default branch
+        const project = await this.getProject(userId, instanceId, projectId);
+        const branch = ref || project.default_branch || 'main';
+        // Use API endpoint with wget (Node.js fetch sends headers that GitLab rejects)
+        const apiUrl = `${instance.instanceUrl}/api/v4/projects/${encodeURIComponent(String(projectId))}/repository/archive?sha=${encodeURIComponent(branch)}`;
+        Logger.info(`[GitLab] Downloading from: ${apiUrl}`);
+        // Use wget via child_process - it works where fetch fails
+        const { execSync } = await import('child_process');
+        const { tmpdir } = await import('os');
+        const { join: pathJoin } = await import('path');
+        const { readFileSync, unlinkSync } = await import('fs');
+        const tempFile = pathJoin(tmpdir(), `gitlab-archive-${Date.now()}.tar.gz`);
+        try {
+            execSync(`wget -q --header="PRIVATE-TOKEN: ${accessToken}" -O "${tempFile}" "${apiUrl}"`, {
+                timeout: 300000, // 5 min timeout
+                stdio: 'pipe'
+            });
+            const buffer = readFileSync(tempFile);
+            Logger.info(`[GitLab] Downloaded ${buffer.length} bytes`);
+            // Cleanup temp file
+            try {
+                unlinkSync(tempFile);
             }
-        });
-        if (!response.ok) {
-            throw new Error(`Failed to download repository: ${response.status}`);
+            catch { }
+            return buffer;
+        }
+        catch (error) {
+            // Cleanup on error
+            try {
+                unlinkSync(tempFile);
+            }
+            catch { }
+            Logger.error(`[GitLab] wget failed: ${error}`);
+            throw new Error(`Failed to download repository: wget failed`);
         }
-        const arrayBuffer = await response.arrayBuffer();
-        return Buffer.from(arrayBuffer);
     }
     /**
      * Get file content from repository

package/dist/server/index.js

@@ -21,7 +21,7 @@ import { fileURLToPath } from 'url';
 import { Logger } from '../utils/logger.js';
 import { apiRouter } from './routes/api.js';
 import { uploadRouter } from './routes/upload.js';
-import { authRouter } from './routes/auth.js';
+import { authRouter, cleanupAuthIntervals } from './routes/auth.js';
 import { oauthRouter } from './routes/oauth.js';
 import { adminRouter } from './routes/admin.js';
 import { developerRouter } from './routes/developer.js';
@@ -159,6 +159,15 @@ export class ArchiCoreServer {
         this.setupErrorHandling();
     }
     setupMiddleware() {
+        // Trust proxy - required when running behind nginx/reverse proxy
+        // This allows express-rate-limit to correctly identify clients via X-Forwarded-For
+        // Set TRUST_PROXY=false to disable, or specify number of proxies (e.g., "1", "2")
+        const trustProxy = process.env.TRUST_PROXY;
+        if (trustProxy !== 'false') {
+            // Default: trust first proxy (typical setup with nginx)
+            const proxyCount = trustProxy ? parseInt(trustProxy, 10) : 1;
+            this.app.set('trust proxy', isNaN(proxyCount) ? trustProxy : proxyCount);
+        }
         // Security headers (helmet) - enabled by default for security
         // Set HELMET_ENABLED=false to disable (not recommended)
         const helmetEnabled = process.env.HELMET_ENABLED !== 'false';
@@ -419,6 +428,8 @@ export class ArchiCoreServer {
         });
     }
     async stop() {
+        // Cleanup intervals
+        cleanupAuthIntervals();
         // Disconnect cache and database
         await cache.disconnect();
         await db.close();
@@ -438,9 +449,43 @@ export class ArchiCoreServer {
         return this.app;
     }
 }
+/**
+ * Validate required environment variables for production
+ */
+function validateProductionEnvironment() {
+    if (process.env.NODE_ENV !== 'production') {
+        return; // Only enforce in production
+    }
+    const requiredVars = [
+        'JWT_SECRET',
+        'ENCRYPTION_KEY',
+        'ENCRYPTION_SALT',
+    ];
+    const missingVars = [];
+    for (const varName of requiredVars) {
+        if (!process.env[varName]) {
+            missingVars.push(varName);
+        }
+    }
+    // Check for weak JWT_SECRET
+    const jwtSecret = process.env.JWT_SECRET;
+    if (jwtSecret && jwtSecret.length < 32) {
+        Logger.error('CRITICAL: JWT_SECRET must be at least 32 characters in production');
+        missingVars.push('JWT_SECRET (too short)');
+    }
+    if (missingVars.length > 0) {
+        Logger.error('CRITICAL: Missing required environment variables for production:');
+        missingVars.forEach(v => Logger.error(`  - ${v}`));
+        Logger.error('Server cannot start in production mode without these variables.');
+        process.exit(1);
+    }
+    Logger.info('Production environment validation passed');
+}
 // Запуск сервера при прямом вызове
 const isMainModule = process.argv[1]?.includes('server');
 if (isMainModule) {
+    // Validate production environment before starting
+    validateProductionEnvironment();
     const port = parseInt(process.env.PORT || '3000', 10);
     const host = process.env.HOST || '0.0.0.0';
     const server = new ArchiCoreServer({
@@ -458,5 +503,27 @@ if (isMainModule) {
         await server.stop();
         process.exit(0);
     });
+    process.on('SIGTERM', async () => {
+        Logger.info('SIGTERM received, shutting down gracefully...');
+        await server.stop();
+        process.exit(0);
+    });
+    // Handle uncaught exceptions - log and exit gracefully
+    process.on('uncaughtException', async (error) => {
+        Logger.error('Uncaught Exception:', error);
+        try {
+            await server.stop();
+        }
+        catch (stopError) {
+            Logger.error('Error during shutdown after uncaughtException:', stopError);
+        }
+        process.exit(1);
+    });
+    // Handle unhandled promise rejections
+    process.on('unhandledRejection', (reason, promise) => {
+        Logger.error('Unhandled Promise Rejection:', reason);
+        Logger.error('Promise:', promise);
+        // Don't exit - just log, but track for debugging
+    });
 }
 //# sourceMappingURL=index.js.map