codehere 0.1.0 → 0.2.0

package/dist/application/use-cases/edit-file-use-case.js

@@ -0,0 +1,685 @@
+/**
+ * Application Use Case: EditFileUseCase
+ * Handles file editing with verification and Reflexion
+ */
+import { container } from '../services/dependency-container.js';
+import { backupFile, rollbackFile } from '../../verification/backup.js';
+import { executionTracer } from '../../infrastructure/observability/execution-tracer.js';
+import { validateFilePath } from '../../infrastructure/security/input-validator.js';
+export class EditFileUseCase {
+    aiService;
+    verificationService;
+    sastScanner;
+    enhancedSecurityGate;
+    appropriateFriction;
+    hitlValidation;
+    biDirectionalLearning;
+    teamStandards;
+    promptToCodeLineage;
+    nistAIRMF;
+    policyAsCode;
+    constructor(aiService, verificationService, sastScanner, // Optional: AI SAST scanner (legacy, prefer enhancedSecurityGate)
+    enhancedSecurityGate, // Optional: Enhanced security gate (all scanners)
+    appropriateFriction, // Optional: Appropriate friction system
+    hitlValidation, // Optional: HITL validation system
+    biDirectionalLearning, // Optional: Bi-directional learning system
+    teamStandards, // Optional: Team standards system
+    promptToCodeLineage, // Optional: Prompt-to-code lineage tracking
+    nistAIRMF, // Optional: NIST AI RMF for enterprise governance
+    policyAsCode // Optional: Policy-as-Code for automated compliance
+    ) {
+        this.aiService = aiService;
+        this.verificationService = verificationService;
+        this.sastScanner = sastScanner;
+        this.enhancedSecurityGate = enhancedSecurityGate;
+        this.appropriateFriction = appropriateFriction;
+        this.hitlValidation = hitlValidation;
+        this.biDirectionalLearning = biDirectionalLearning;
+        this.teamStandards = teamStandards;
+        this.promptToCodeLineage = promptToCodeLineage;
+        this.nistAIRMF = nistAIRMF;
+        this.policyAsCode = policyAsCode;
+    }
+    async execute(request) {
+        // 1. Start Prompt-to-Code Lineage tracking
+        let lineageId;
+        let rootNodeId;
+        if (this.promptToCodeLineage) {
+            const runId = executionTracer.getCurrentRunId();
+            if (runId) {
+                lineageId = this.promptToCodeLineage.createLineage(request.instruction, {
+                    sessionId: runId,
+                    workspace: process.cwd(),
+                });
+                const lineage = lineageId ? this.promptToCodeLineage.getLineage(lineageId) : undefined;
+                rootNodeId = lineage?.rootNodeId;
+            }
+            else {
+                // No run context - create lineage without sessionId
+                lineageId = this.promptToCodeLineage.createLineage(request.instruction);
+                const lineage = lineageId ? this.promptToCodeLineage.getLineage(lineageId) : undefined;
+                rootNodeId = lineage?.rootNodeId;
+            }
+        }
+        // Validate file path
+        const pathValidation = validateFilePath(request.filepath);
+        if (!pathValidation.valid) {
+            return {
+                success: false,
+                error: `Invalid file path: ${pathValidation.errors.join(', ')}`,
+            };
+        }
+        // NIST AI RMF: GOVERN - Establish risk culture and accountability (Enterprise Governance)
+        if (this.nistAIRMF) {
+            // Check if file exists for context type (quick check)
+            const { existsSync } = await import('fs');
+            const { join } = await import('path');
+            const safeFilePath = pathValidation.sanitized || request.filepath;
+            const fullPath = join(process.cwd(), safeFilePath);
+            const fileExists = existsSync(fullPath);
+            const riskContext = {
+                contextType: fileExists ? 'code_edit' : 'code_generation',
+                targetDomain: this.inferDomain(request.filepath, request.instruction),
+                riskLevel: this.determineRiskLevel(request.instruction, ''),
+                regulatoryRelevant: this.isRegulatoryRelevant(request.filepath, request.instruction),
+            };
+            const governDecision = await this.nistAIRMF.govern(riskContext);
+            console.log(`[EditFileUseCase] NIST AI RMF Govern: ${governDecision.decision}`);
+            if (governDecision.outcome === 'blocked') {
+                return {
+                    success: false,
+                    error: `Operation blocked by governance policy: ${governDecision.rationale}`,
+                };
+            }
+            if (governDecision.outcome === 'requires_review') {
+                console.warn(`[EditFileUseCase] ⚠️  Governance requires review: ${governDecision.rationale}`);
+            }
+        }
+        // CRITICAL FIX: Security check FIRST (before any expensive operations)
+        // This prevents wasting time and tokens on dangerous code
+        // RESEARCH CONTEXT: 45% of AI-generated code has security flaws, 35% has license issues
+        // Use Enhanced Security Gate if available (includes all scanners), fallback to SAST only
+        if (this.enhancedSecurityGate) {
+            // Fast pre-check on instruction before generating edit
+            const fastCheck = await this.enhancedSecurityGate.fastCheck(request.instruction);
+            if (!fastCheck.allowed) {
+                return {
+                    success: false,
+                    error: `Security vulnerabilities detected in instruction: ${fastCheck.findings.join('; ')}`,
+                    securityFindings: fastCheck.findings,
+                };
+            }
+        }
+        else if (this.sastScanner) {
+            // Legacy: Quick security check on instruction before generating edit
+            // This is a fast pattern-based check, full AI scan happens after edit generation
+            const quickSecurityCheck = await this.sastScanner.scanInstruction(request.instruction);
+            if (quickSecurityCheck && quickSecurityCheck.findings && quickSecurityCheck.findings.length > 0) {
+                const criticalFindings = quickSecurityCheck.findings.filter((f) => f.severity === 'critical') || [];
+                const highFindings = quickSecurityCheck.findings.filter((f) => f.severity === 'high') || [];
+                if (criticalFindings.length > 0 || highFindings.length > 0) {
+                    return {
+                        success: false,
+                        error: `Security vulnerabilities detected: ${criticalFindings.length} critical, ${highFindings.length} high severity findings. Review and fix before applying.`,
+                        securityFindings: quickSecurityCheck.findings,
+                    };
+                }
+            }
+        }
+        const { readFileSync, writeFileSync, existsSync, mkdirSync } = await import('fs');
+        const { join, dirname } = await import('path');
+        // Use sanitized path if validation found issues
+        const safeFilePath = pathValidation.sanitized || request.filepath;
+        const fullPath = join(process.cwd(), safeFilePath);
+        const fileExists = existsSync(fullPath);
+        // Determine risk level for friction/HITL
+        const riskLevel = this.determineRiskLevel(request.instruction, fileExists ? '' : '');
+        // 2. Check Appropriate Friction (after security check, before edit generation)
+        let frictionApplied = null;
+        if (this.appropriateFriction) {
+            const frictionPoint = this.appropriateFriction.needsFriction('edit_file', {
+                riskLevel,
+                isDestructive: !fileExists || request.instruction.toLowerCase().includes('delete'),
+                modifiesSecuritySensitiveCode: request.instruction.toLowerCase().includes('security') ||
+                    request.instruction.toLowerCase().includes('auth') ||
+                    request.instruction.toLowerCase().includes('password'),
+            });
+            if (frictionPoint) {
+                frictionApplied = frictionPoint;
+                console.log(`[EditFileUseCase] ⚠️ Friction applied: ${frictionPoint.message}`);
+                // For CLI: Log warning. For UI: This would pause and wait for user interaction
+                if (frictionPoint.requiresExplicitConfirmation) {
+                    // In CLI, we'll allow it but log the warning
+                    // In UI, this would block until user confirms
+                    console.warn(`[EditFileUseCase] Explicit confirmation required: ${frictionPoint.message}`);
+                }
+            }
+        }
+        // Handle file creation if file doesn't exist
+        if (!fileExists) {
+            console.log(`[EditFileUseCase] File does not exist, creating new file: ${fullPath}`);
+            console.log(`[EditFileUseCase] Instruction: ${request.instruction}`);
+            return await this.createFile(request, fullPath);
+        }
+        console.log(`[EditFileUseCase] Editing existing file: ${fullPath}`);
+        console.log(`[EditFileUseCase] Instruction: ${request.instruction}`);
+        // Read current content
+        const currentContent = readFileSync(fullPath, 'utf-8');
+        console.log(`[EditFileUseCase] File size: ${currentContent.length} chars`);
+        // Update risk level with file context
+        const updatedRiskLevel = this.determineRiskLevel(request.instruction, currentContent);
+        // 3. Check HITL Validation requirement
+        let hitlRequired = false;
+        let hitlCheckpointId;
+        if (this.hitlValidation && this.hitlValidation.requiresValidation({
+            riskLevel: updatedRiskLevel,
+            isDestructive: request.instruction.toLowerCase().includes('delete'),
+            modifiesSecuritySensitiveCode: request.instruction.toLowerCase().includes('security') ||
+                request.instruction.toLowerCase().includes('auth') ||
+                request.instruction.toLowerCase().includes('password'),
+        })) {
+            hitlRequired = true;
+            // Note: In CLI, we proceed with warning. In UI, this would block until approval
+            console.warn(`[EditFileUseCase] ⚠️ HITL validation required for this operation`);
+        }
+        // Track edit generation in lineage
+        if (this.promptToCodeLineage && lineageId && rootNodeId) {
+            this.promptToCodeLineage.addNode(lineageId, {
+                type: 'plan',
+                timestamp: Date.now(),
+                description: `Generating edit for ${request.filepath}`,
+                input: { instruction: request.instruction, filepath: request.filepath },
+                metadata: { riskLevel: updatedRiskLevel },
+            }, rootNodeId);
+        }
+        // Generate edit
+        let diff;
+        try {
+            diff = await this.aiService.generateEdit(currentContent, request.instruction, request.filepath);
+            console.log(`[EditFileUseCase] Generated diff length: ${diff.length} chars`);
+            if (diff.length > 0) {
+                console.log(`[EditFileUseCase] Diff preview: ${diff.substring(0, 200)}...`);
+            }
+            else {
+                console.warn(`[EditFileUseCase] Warning: Empty diff generated`);
+            }
+        }
+        catch (error) {
+            console.error(`[EditFileUseCase] Failed to generate edit:`, error);
+            return {
+                success: false,
+                error: `Failed to generate edit: ${error instanceof Error ? error.message : String(error)}`,
+            };
+        }
+        // Apply diff
+        let newContent;
+        try {
+            newContent = await this.applyDiff(currentContent, diff);
+            console.log(`[EditFileUseCase] Applied diff, new content size: ${newContent.length} chars`);
+            // Check if content actually changed
+            if (newContent === currentContent) {
+                console.warn(`[EditFileUseCase] Warning: Content unchanged after applying diff`);
+            }
+            else {
+                const diffSize = newContent.length - currentContent.length;
+                console.log(`[EditFileUseCase] Content changed: ${diffSize > 0 ? '+' : ''}${diffSize} chars difference`);
+            }
+        }
+        catch (error) {
+            console.error(`[EditFileUseCase] Failed to apply diff:`, error);
+            return {
+                success: false,
+                error: `Failed to apply diff: ${error instanceof Error ? error.message : String(error)}`,
+            };
+        }
+        // Comprehensive security scan - before verification
+        // RESEARCH CONTEXT: 45% AI code has flaws, 35% license issues, provider bias risk
+        // Use Enhanced Security Gate if available (all scanners), fallback to SAST only
+        if (this.enhancedSecurityGate) {
+            // Comprehensive scan: SAST + License + Provider Bias + Uncertainty
+            const securityResult = await this.enhancedSecurityGate.scan(request.filepath, newContent, request.instruction, { query: request.instruction });
+            if (!securityResult.passed) {
+                const errorMessages = [
+                    ...securityResult.errors,
+                    ...securityResult.warnings.map(w => `Warning: ${w}`),
+                ];
+                return {
+                    success: false,
+                    error: `Security validation failed: ${errorMessages.join('; ')}`,
+                    securityFindings: securityResult.sast.findings,
+                    licenseFindings: securityResult.license.findings,
+                    providerBiasFindings: securityResult.providerBias.findings,
+                    uncertaintyFindings: securityResult.uncertainty,
+                };
+            }
+            // Log warnings for non-blocking issues (provider bias, uncertainty)
+            if (securityResult.warnings.length > 0) {
+                console.warn(`[EditFileUseCase] Security warnings: ${securityResult.warnings.join('; ')}`);
+            }
+            // NIST AI RMF: MAP - Context framing and risk identification (Enterprise Governance)
+            if (this.nistAIRMF) {
+                const riskContext = {
+                    contextType: fileExists ? 'code_edit' : 'code_generation',
+                    targetDomain: this.inferDomain(request.filepath, request.instruction),
+                    riskLevel: this.determineRiskLevel(request.instruction, newContent),
+                    regulatoryRelevant: this.isRegulatoryRelevant(request.filepath, request.instruction),
+                };
+                const { decision: mapDecision, riskProfile } = await this.nistAIRMF.map(riskContext, {
+                    security: {
+                        vulnerabilities: securityResult.sast.findings?.length || 0,
+                        licenseConflicts: securityResult.license.findings?.length || 0,
+                        providerBias: (securityResult.providerBias.findings?.length || 0) > 0,
+                        uncertainty: securityResult.uncertainty?.combined?.value || 0.5,
+                    },
+                    compliance: {
+                        gdprRelevant: riskContext.regulatoryRelevant,
+                        hipaaRelevant: this.inferDomain(request.filepath, request.instruction) === 'healthcare',
+                    },
+                    operational: {
+                        complexity: newContent.length > 1000 ? 0.8 : 0.5,
+                        dependencies: 0, // Could be enhanced
+                    },
+                });
+                console.log(`[EditFileUseCase] NIST AI RMF Map: ${mapDecision.decision}`);
+                if (mapDecision.outcome === 'blocked') {
+                    return {
+                        success: false,
+                        error: `Operation blocked by risk mapping: ${mapDecision.rationale}`,
+                        securityFindings: securityResult.sast.findings,
+                        licenseFindings: securityResult.license.findings,
+                        providerBiasFindings: securityResult.providerBias.findings,
+                        uncertaintyFindings: securityResult.uncertainty,
+                    };
+                }
+                // NIST AI RMF: MEASURE - Quantify and monitor risks (Enterprise Governance)
+                const measureDecision = await this.nistAIRMF.measure(riskProfile, {
+                    sastFindings: securityResult.sast.findings?.length || 0,
+                    licenseFindings: securityResult.license.findings?.length || 0,
+                    providerBiasFindings: securityResult.providerBias.findings?.length || 0,
+                    uncertaintyScore: securityResult.uncertainty?.combined?.value,
+                });
+                console.log(`[EditFileUseCase] NIST AI RMF Measure: ${measureDecision.decision}`);
+            }
+            // Policy-as-Code: Evaluate policies before proceeding (Enterprise Governance)
+            if (this.policyAsCode) {
+                const policyEvaluation = await this.policyAsCode.evaluate({
+                    filepath: request.filepath,
+                    code: newContent,
+                    instruction: request.instruction,
+                    securityFindings: securityResult.sast.findings,
+                    licenseFindings: securityResult.license.findings,
+                    providerBiasFindings: securityResult.providerBias.findings,
+                    uncertainty: securityResult.uncertainty,
+                });
+                if (!policyEvaluation.passed && policyEvaluation.blockingRules.length > 0) {
+                    const blockingRule = policyEvaluation.blockingRules[0];
+                    console.error(`[EditFileUseCase] Policy violation: ${blockingRule.ruleName} - ${blockingRule.message}`);
+                    return {
+                        success: false,
+                        error: `Policy violation: ${blockingRule.message}`,
+                        securityFindings: securityResult.sast.findings,
+                        licenseFindings: securityResult.license.findings,
+                        providerBiasFindings: securityResult.providerBias.findings,
+                        uncertaintyFindings: securityResult.uncertainty,
+                    };
+                }
+                if (policyEvaluation.results.length > 0) {
+                    console.log(`[EditFileUseCase] Policy evaluation: ${policyEvaluation.results.filter(r => r.passed).length}/${policyEvaluation.results.length} passed`);
+                }
+            }
+            // Track security scan in lineage
+            if (this.promptToCodeLineage && lineageId && rootNodeId) {
+                this.promptToCodeLineage.addNode(lineageId, {
+                    type: 'verification',
+                    timestamp: Date.now(),
+                    description: 'Security scan completed',
+                    input: { filepath: request.filepath },
+                    output: { passed: securityResult.passed, findings: securityResult.errors.length },
+                    metadata: {
+                        securityScan: true,
+                        licenseIssues: securityResult.license.findings?.length || 0,
+                        providerBiasIssues: securityResult.providerBias.findings?.length || 0,
+                    },
+                }, rootNodeId);
+            }
+        }
+        else if (this.sastScanner) {
+            // Legacy: SAST-only scan
+            const securityCheck = await this.sastScanner.scan(request.filepath, newContent);
+            const criticalFindings = securityCheck.findings?.filter(f => f.severity === 'critical') || [];
+            const highFindings = securityCheck.findings?.filter(f => f.severity === 'high') || [];
+            // Block edits with critical or high severity findings
+            if (criticalFindings.length > 0 || highFindings.length > 0) {
+                return {
+                    success: false,
+                    error: `Security vulnerabilities detected: ${criticalFindings.length} critical, ${highFindings.length} high severity findings. Review and fix before applying.`,
+                    securityFindings: securityCheck.findings,
+                };
+            }
+        }
+        // Create backup before applying edit
+        let backupPath;
+        try {
+            backupPath = await backupFile(fullPath);
+            console.log(`[EditFileUseCase] Backup created: ${backupPath}`);
+            // Link backup to current run for undo capability
+            const runId = executionTracer.getCurrentRunId();
+            if (runId) {
+                executionTracer.trace({
+                    operationType: 'file_operation',
+                    operationName: 'backup',
+                    input: { filepath: fullPath },
+                    output: { backupPath },
+                    metadata: {
+                        runId,
+                        filepath: fullPath,
+                    },
+                });
+            }
+        }
+        catch (error) {
+            console.warn(`[EditFileUseCase] Failed to create backup: ${error instanceof Error ? error.message : String(error)}`);
+            // Continue anyway - backup failure shouldn't block edit
+        }
+        // 4. Team Standards Validation (before writing file)
+        let teamStandardsApplied = false;
+        if (this.teamStandards && newContent) {
+            const teamId = 'default'; // TODO: Get from config or context
+            const standardsResult = this.teamStandards.validateCode(teamId, newContent, request.filepath);
+            if (!standardsResult.passed) {
+                console.warn(`[EditFileUseCase] Team standards violations: ${standardsResult.violations.length}`);
+                // Try auto-fix
+                const fixedResult = this.teamStandards.applyStyleGuide(teamId, newContent, request.filepath);
+                if (fixedResult.fixesApplied > 0) {
+                    newContent = fixedResult.modified;
+                    teamStandardsApplied = true;
+                    console.log(`[EditFileUseCase] Auto-fixed ${fixedResult.fixesApplied} style issues`);
+                }
+                else {
+                    // Critical violations that can't be auto-fixed
+                    const criticalViolations = standardsResult.issues.filter(i => i.severity === 'error');
+                    if (criticalViolations.length > 0) {
+                        return {
+                            success: false,
+                            error: `Team standards validation failed: ${criticalViolations.length} critical violations`,
+                            frictionApplied,
+                            hitlRequired,
+                            hitlCheckpointId,
+                        };
+                    }
+                }
+            }
+        }
+        // Verify if verification service available
+        let verification;
+        if (this.verificationService) {
+            console.log(`[EditFileUseCase] Writing file and verifying...`);
+            writeFileSync(fullPath, newContent, 'utf-8');
+            verification = await this.verificationService.verify(fullPath);
+            console.log(`[EditFileUseCase] Verification result: success=${verification.success}, compiled=${verification.compiled}, testsPassed=${verification.testsPassed}`);
+            if (verification.errors && verification.errors.length > 0) {
+                console.error(`[EditFileUseCase] Verification errors: ${verification.errors.join('; ')}`);
+            }
+            if (!verification.success) {
+                console.warn(`[EditFileUseCase] Verification failed, rolling back...`);
+                // Automatic rollback on verification failure
+                if (backupPath) {
+                    try {
+                        await rollbackFile(fullPath, backupPath);
+                        console.log(`[EditFileUseCase] File rolled back successfully`);
+                    }
+                    catch (rollbackError) {
+                        console.error(`[EditFileUseCase] Rollback failed: ${rollbackError instanceof Error ? rollbackError.message : String(rollbackError)}`);
+                        // Try to restore from original content as fallback
+                        try {
+                            writeFileSync(fullPath, currentContent, 'utf-8');
+                            console.log(`[EditFileUseCase] File restored from original content`);
+                        }
+                        catch (restoreError) {
+                            console.error(`[EditFileUseCase] Restore also failed: ${restoreError instanceof Error ? restoreError.message : String(restoreError)}`);
+                        }
+                    }
+                }
+                // Use Reflexion to learn from failure
+                const reflexionUseCase = container.reflexionUseCase;
+                const reflection = await reflexionUseCase.execute({
+                    trajectory: {
+                        query: request.instruction,
+                        steps: [{
+                                thought: { content: 'Attempting edit', reasoning: request.instruction },
+                                action: { type: 'tool', name: 'edit', parameters: {} },
+                                observation: { result: null, success: false, error: verification.errors.join('; ') },
+                                timestamp: new Date(),
+                            }],
+                        success: false,
+                    },
+                    reward: 0,
+                    errors: verification.errors,
+                });
+                return {
+                    success: false,
+                    verification,
+                    reflection: reflection.reflection,
+                    error: verification.errors.join('; '),
+                };
+            }
+        }
+        else {
+            // No verification - just apply (still create backup for undo capability)
+            console.log(`[EditFileUseCase] No verification service, writing file directly`);
+            writeFileSync(fullPath, newContent, 'utf-8');
+        }
+        const edit = {
+            filepath: request.filepath,
+            oldContent: currentContent,
+            newContent,
+            instruction: request.instruction,
+            diff,
+            metadata: {
+                verificationResult: verification,
+            },
+        };
+        // 5. Record Bi-directional Learning
+        if (this.biDirectionalLearning) {
+            const userId = 'default'; // TODO: Get from context
+            this.biDirectionalLearning.recordFeedback(userId, {
+                type: 'edit',
+                signal: 'positive', // Successful edit = positive signal
+                originalCode: currentContent,
+                modifiedCode: newContent,
+                filepath: request.filepath,
+                context: {
+                    query: request.instruction,
+                    generatedBy: 'EditFileUseCase',
+                },
+            });
+            console.log(`[EditFileUseCase] Edit recorded for learning`);
+        }
+        // 6. Complete Prompt-to-Code Lineage tracking
+        if (this.promptToCodeLineage && lineageId && rootNodeId) {
+            this.promptToCodeLineage.trackCodeGeneration(lineageId, rootNodeId, {
+                filepath: request.filepath,
+                content: newContent,
+                diff: diff,
+                originalContent: currentContent,
+            }, {
+                verificationPassed: verification?.success || false,
+            });
+            console.log(`[EditFileUseCase] Lineage tracking complete`);
+        }
+        console.log(`[EditFileUseCase] Edit completed successfully`);
+        return {
+            success: true,
+            edit,
+            verification,
+            frictionApplied,
+            hitlRequired,
+            hitlCheckpointId,
+        };
+    }
+    /**
+     * Create a new file with generated content
+     */
+    async createFile(request, fullPath) {
+        const { writeFileSync, mkdirSync, existsSync } = await import('fs');
+        const { dirname } = await import('path');
+        try {
+            // Ensure directory exists
+            const dir = dirname(fullPath);
+            if (!existsSync(dir)) {
+                console.log(`[EditFileUseCase] Creating directory: ${dir}`);
+                mkdirSync(dir, { recursive: true });
+            }
+            // Generate file content using AI
+            console.log(`[EditFileUseCase] Generating new file content...`);
+            let fileContent;
+            try {
+                fileContent = await this.aiService.generateFileContent(request.filepath, request.instruction, request.requirements || []);
+                console.log(`[EditFileUseCase] Generated content length: ${fileContent.length} chars`);
+            }
+            catch (error) {
+                console.error(`[EditFileUseCase] Failed to generate file content:`, error);
+                return {
+                    success: false,
+                    error: `Failed to generate file content: ${error instanceof Error ? error.message : String(error)}`,
+                };
+            }
+            // Security scan before writing
+            if (this.sastScanner) {
+                const securityCheck = await this.sastScanner.scan(request.filepath, fileContent);
+                const criticalFindings = securityCheck.findings?.filter(f => f.severity === 'critical') || [];
+                const highFindings = securityCheck.findings?.filter(f => f.severity === 'high') || [];
+                if (criticalFindings.length > 0 || highFindings.length > 0) {
+                    return {
+                        success: false,
+                        error: `Security vulnerabilities detected: ${criticalFindings.length} critical, ${highFindings.length} high severity findings. Review and fix before creating.`,
+                        securityFindings: securityCheck.findings,
+                    };
+                }
+            }
+            // Write file
+            writeFileSync(fullPath, fileContent, 'utf-8');
+            console.log(`[EditFileUseCase] File created successfully: ${fullPath}`);
+            // Verify if verification service available
+            let verification;
+            if (this.verificationService) {
+                console.log(`[EditFileUseCase] Verifying new file...`);
+                verification = await this.verificationService.verify(fullPath);
+                console.log(`[EditFileUseCase] Verification result: success=${verification.success}, compiled=${verification.compiled}, testsPassed=${verification.testsPassed}`);
+                if (!verification.success) {
+                    console.warn(`[EditFileUseCase] Verification failed for new file, but keeping it for inspection`);
+                    return {
+                        success: false,
+                        verification,
+                        error: verification.errors?.join('; ') || 'Verification failed',
+                    };
+                }
+            }
+            const edit = {
+                filepath: request.filepath,
+                oldContent: '', // No old content for new files
+                newContent: fileContent,
+                instruction: request.instruction,
+                diff: `New file created: ${request.filepath}`,
+                metadata: {
+                    verificationResult: verification,
+                },
+            };
+            console.log(`[EditFileUseCase] File creation completed successfully`);
+            return {
+                success: true,
+                edit,
+                verification,
+            };
+        }
+        catch (error) {
+            console.error(`[EditFileUseCase] Failed to create file:`, error);
+            return {
+                success: false,
+                error: `Failed to create file: ${error instanceof Error ? error.message : String(error)}`,
+            };
+        }
+    }
+    async applyDiff(content, diff) {
+        try {
+            const { applyEditFallback } = await import('../../utils/diff-parser.js');
+            return applyEditFallback(content, diff);
+        }
+        catch (error) {
+            console.error('Failed to apply diff:', error);
+            // Fallback: if diff parsing fails, return original content
+            // This prevents silent failures
+            throw new Error(`Failed to apply diff: ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+    /**
+     * Determine risk level based on instruction and content
+     */
+    determineRiskLevel(instruction, currentContent) {
+        const instructionLower = instruction.toLowerCase();
+        // Critical: Destructive operations
+        if (instructionLower.includes('delete') ||
+            instructionLower.includes('remove all') ||
+            instructionLower.includes('drop table') ||
+            instructionLower.includes('rm -rf')) {
+            return 'critical';
+        }
+        // High: Security-sensitive operations
+        if (instructionLower.includes('security') ||
+            instructionLower.includes('auth') ||
+            instructionLower.includes('password') ||
+            instructionLower.includes('credential') ||
+            instructionLower.includes('token') ||
+            instructionLower.includes('api key')) {
+            return 'high';
+        }
+        // High: Large file modifications
+        if (currentContent.length > 5000 && instruction.split(' ').length > 30) {
+            return 'high';
+        }
+        // Medium: Complex refactoring
+        if (instructionLower.includes('refactor') ||
+            instructionLower.includes('restructure') ||
+            instructionLower.includes('rewrite')) {
+            return 'medium';
+        }
+        // Low: Simple edits
+        return 'low';
+    }
+    /**
+     * Infer domain from filepath and instruction for NIST AI RMF
+     */
+    inferDomain(filepath, instruction) {
+        const pathLower = filepath.toLowerCase();
+        const instructionLower = instruction.toLowerCase();
+        if (pathLower.includes('health') || instructionLower.includes('health')) {
+            return 'healthcare';
+        }
+        if (pathLower.includes('finance') || pathLower.includes('payment') || instructionLower.includes('finance')) {
+            return 'financial';
+        }
+        if (pathLower.includes('auth') || instructionLower.includes('authentication')) {
+            return 'security';
+        }
+        return 'general';
+    }
+    /**
+     * Determine if operation is regulatory relevant (GDPR, HIPAA, etc.)
+     */
+    isRegulatoryRelevant(filepath, instruction) {
+        const pathLower = filepath.toLowerCase();
+        const instructionLower = instruction.toLowerCase();
+        // GDPR: Personal data processing
+        if (pathLower.includes('user') || pathLower.includes('customer') ||
+            instructionLower.includes('personal data') || instructionLower.includes('gdpr')) {
+            return true;
+        }
+        // HIPAA: Healthcare data
+        if (pathLower.includes('health') || instructionLower.includes('patient') ||
+            instructionLower.includes('medical record')) {
+            return true;
+        }
+        return false;
+    }
+}
+//# sourceMappingURL=edit-file-use-case.js.map