preflight-scavenger 0.2.0-beta.0

package/scaffoldEngine.js

@@ -0,0 +1,420 @@
+const fs = require("node:fs/promises");
+const path = require("node:path");
+const ParserBinding = require("web-tree-sitter");
+
+const Parser = ParserBinding.Parser || ParserBinding.default?.Parser || ParserBinding.default || ParserBinding;
+const Language = ParserBinding.Language || ParserBinding.default?.Language;
+const SERVER_ONLY_MODULES = new Set(["fs", "node:fs", "pg", "child_process", "node:child_process"]);
+const CUSTOM_BACKEND_PATTERN = /(?:^|\/)(?:server|backend|db|data|database)(?:\/|$)/i;
+
+let parserReady;
+let javascriptLanguage;
+
+async function initializeParser() {
+  if (!parserReady) {
+    parserReady = Parser.init?.();
+  }
+
+  if (parserReady) {
+    await parserReady;
+  }
+
+  if (!javascriptLanguage) {
+    const wasmPath = require.resolve("tree-sitter-javascript/tree-sitter-javascript.wasm");
+    javascriptLanguage = await Language.load(wasmPath);
+  }
+}
+
+async function parseJavaScript(sourceCode) {
+  await initializeParser();
+  const parser = new Parser();
+  parser.setLanguage(javascriptLanguage);
+  return parser.parse(sourceCode);
+}
+
+function getNodeText(node, sourceCode) {
+  return sourceCode.slice(node.startIndex, node.endIndex);
+}
+
+function toByteIndex(sourceCode, stringIndex) {
+  return Buffer.byteLength(sourceCode.slice(0, stringIndex), "utf8");
+}
+
+function toByteRange(sourceCode, node) {
+  const raw = getNodeText(node, sourceCode);
+  const startIndex = toByteIndex(sourceCode, node.startIndex);
+  return {
+    startIndex,
+    endIndex: startIndex + Buffer.byteLength(raw, "utf8"),
+    raw
+  };
+}
+
+function childByFieldName(node, fieldName) {
+  return typeof node.childForFieldName === "function" ? node.childForFieldName(fieldName) : null;
+}
+
+function unquote(value) {
+  return value.trim().replace(/;$/, "").trim().replace(/^['"`]|['"`]$/g, "");
+}
+
+function walk(node, visitor) {
+  if (!node) {
+    return;
+  }
+
+  visitor(node);
+  for (let index = 0; index < node.childCount; index += 1) {
+    walk(node.child(index), visitor);
+  }
+}
+
+function isClientDirective(rootNode, sourceCode) {
+  for (let index = 0; index < rootNode.namedChildCount; index += 1) {
+    const child = rootNode.namedChild(index);
+    if (child.type === "expression_statement" && unquote(getNodeText(child, sourceCode)) === "use client") {
+      return true;
+    }
+  }
+
+  return false;
+}
+
+function isServerModule(source) {
+  return SERVER_ONLY_MODULES.has(source) || CUSTOM_BACKEND_PATTERN.test(source);
+}
+
+function getImportSource(node, sourceCode) {
+  for (let index = 0; index < node.namedChildCount; index += 1) {
+    const child = node.namedChild(index);
+    if (child.type === "string") {
+      return unquote(getNodeText(child, sourceCode));
+    }
+  }
+
+  return null;
+}
+
+function collectIdentifiers(node, sourceCode, names = new Set()) {
+  if (!node) {
+    return names;
+  }
+
+  if (node.type === "identifier") {
+    names.add(getNodeText(node, sourceCode));
+  }
+
+  for (let index = 0; index < node.namedChildCount; index += 1) {
+    collectIdentifiers(node.namedChild(index), sourceCode, names);
+  }
+
+  return names;
+}
+
+function collectServerDependencies(rootNode, sourceCode) {
+  const dependencies = [];
+  const identifiers = new Set();
+
+  for (let index = 0; index < rootNode.namedChildCount; index += 1) {
+    const node = rootNode.namedChild(index);
+    if (node.type !== "import_statement") {
+      continue;
+    }
+
+    const source = getImportSource(node, sourceCode);
+    if (!source || !isServerModule(source)) {
+      continue;
+    }
+
+    dependencies.push(getNodeText(node, sourceCode).trim().replace(/;?$/, ";"));
+    for (const identifier of collectIdentifiers(node, sourceCode)) {
+      identifiers.add(identifier);
+    }
+  }
+
+  return { dependencies, identifiers };
+}
+
+function nodeContainsServerIdentifier(node, sourceCode, serverIdentifiers) {
+  let found = false;
+  walk(node, (child) => {
+    if (found || child.type !== "identifier") {
+      return;
+    }
+
+    if (serverIdentifiers.has(getNodeText(child, sourceCode))) {
+      found = true;
+    }
+  });
+
+  return found;
+}
+
+function findFunctionContainer(node) {
+  let current = node;
+  while (current) {
+    if (current.type === "function_declaration") {
+      return current;
+    }
+
+    if (current.type === "lexical_declaration" && isFunctionValuedLexicalDeclaration(current)) {
+      return current;
+    }
+
+    if (current.type === "arrow_function") {
+      let parent = current.parent;
+      while (parent) {
+        if (parent.type === "lexical_declaration") {
+          return parent;
+        }
+        parent = parent.parent;
+      }
+      return current;
+    }
+
+    current = current.parent;
+  }
+
+  return null;
+}
+
+function isFunctionValuedLexicalDeclaration(node) {
+  for (let index = 0; index < node.namedChildCount; index += 1) {
+    const child = node.namedChild(index);
+    if (child.type !== "variable_declarator") {
+      continue;
+    }
+
+    const value = childByFieldName(child, "value");
+    if (value?.type === "arrow_function" || value?.type === "function_expression") {
+      return true;
+    }
+  }
+
+  return false;
+}
+
+function getFunctionName(container, sourceCode) {
+  if (container.type === "function_declaration") {
+    const name = childByFieldName(container, "name");
+    return name ? getNodeText(name, sourceCode) : "serverAction";
+  }
+
+  const declarator = container.type === "lexical_declaration"
+    ? Array.from({ length: container.namedChildCount }, (_, index) => container.namedChild(index))
+        .find((child) => child.type === "variable_declarator")
+    : null;
+  const name = declarator ? childByFieldName(declarator, "name") : null;
+  return name ? getNodeText(name, sourceCode) : "serverAction";
+}
+
+function normalizeExportedFunction(functionText, functionName) {
+  const trimmed = functionText.trim();
+
+  if (/^export\s+/.test(trimmed)) {
+    return trimmed;
+  }
+
+  if (/^(?:const|let|var)\s+/.test(trimmed)) {
+    return trimmed.replace(/^(?:const|let|var)\s+/, "export const ");
+  }
+
+  if (/^async\s+function\s+/.test(trimmed) || /^function\s+/.test(trimmed)) {
+    return trimmed.replace(/^(async\s+)?function\s+([A-Za-z_$][\w$]*)?/, (match, asyncPrefix = "", name = functionName) => {
+      return `export const ${name} = ${asyncPrefix || ""}function`;
+    });
+  }
+
+  return `export const ${functionName} = ${trimmed}`;
+}
+
+function findServerSideLeaks(rootNode, sourceCode) {
+  if (!isClientDirective(rootNode, sourceCode)) {
+    return [];
+  }
+
+  const { dependencies, identifiers } = collectServerDependencies(rootNode, sourceCode);
+  if (identifiers.size === 0) {
+    return [];
+  }
+
+  const seen = new Set();
+  const leaks = [];
+  walk(rootNode, (node) => {
+    if (node.type !== "call_expression" && node.type !== "new_expression" && node.type !== "member_expression") {
+      return;
+    }
+
+    if (!nodeContainsServerIdentifier(node, sourceCode, identifiers)) {
+      return;
+    }
+
+    const container = findFunctionContainer(node);
+    if (!container) {
+      return;
+    }
+
+    const range = toByteRange(sourceCode, container);
+    const seenKey = `${range.startIndex}:${range.endIndex}`;
+    if (seen.has(seenKey)) {
+      return;
+    }
+
+    seen.add(seenKey);
+    leaks.push({
+      startIndex: range.startIndex,
+      endIndex: range.endIndex,
+      rawFunctionText: range.raw,
+      functionName: getFunctionName(container, sourceCode),
+      dependencies: [...new Set(dependencies)]
+    });
+  });
+
+  return leaks;
+}
+
+async function scaffoldServerActionFile(originalFilePath, functionText, functionName, options = {}) {
+  const actionFilePath = path.join(path.dirname(originalFilePath), "actions.ts");
+  const dependencies = [...new Set(options.dependencies || [])];
+  const lines = [
+    "\"use server\";",
+    "",
+    ...dependencies,
+    ...(dependencies.length > 0 ? [""] : []),
+    normalizeExportedFunction(functionText, functionName),
+    ""
+  ];
+
+  await fs.writeFile(actionFilePath, lines.join("\n"), "utf8");
+  return actionFilePath;
+}
+
+function byteSplice(source, startIndex, endIndex, replacement = "") {
+  const sourceBytes = Buffer.from(source, "utf8");
+  const replacementBytes = Buffer.from(replacement, "utf8");
+  return Buffer.concat([
+    sourceBytes.subarray(0, startIndex),
+    replacementBytes,
+    sourceBytes.subarray(endIndex)
+  ]).toString("utf8");
+}
+
+function getBridgeImportInsertionIndex(source) {
+  const directiveMatch = source.match(/^\s*["']use client["']\s*;?[ \t]*(?:\r?\n)?/);
+  return directiveMatch ? directiveMatch[0].length : 0;
+}
+
+function injectActionBridge(originalSource, startIndex, endIndex, functionName) {
+  const withoutFunction = byteSplice(originalSource, startIndex, endIndex, "");
+  const bridgeImport = `import { ${functionName} } from './actions';\n`;
+
+  if (withoutFunction.includes(bridgeImport.trim())) {
+    return withoutFunction;
+  }
+
+  const insertionIndex = getBridgeImportInsertionIndex(withoutFunction);
+  return `${withoutFunction.slice(0, insertionIndex)}${bridgeImport}${withoutFunction.slice(insertionIndex)}`;
+}
+
+function treeContainsUnsafeNode(node) {
+  if (!node) {
+    return false;
+  }
+
+  const isMissing = typeof node.isMissing === "function" ? node.isMissing() : node.isMissing === true;
+  if (node.type === "ERROR" || node.type === "MISSING" || isMissing) {
+    return true;
+  }
+
+  for (let index = 0; index < node.childCount; index += 1) {
+    if (treeContainsUnsafeNode(node.child(index))) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
+async function assertSyntaxSafe(sourceCode) {
+  const tree = await parseJavaScript(sourceCode);
+  try {
+    if (treeContainsUnsafeNode(tree.rootNode)) {
+      throw new Error("Scaffold Syntax Violation");
+    }
+  } finally {
+    tree.delete?.();
+  }
+}
+
+async function readExistingFile(filePath) {
+  try {
+    return await fs.readFile(filePath, "utf8");
+  } catch (error) {
+    if (error.code === "ENOENT") {
+      return null;
+    }
+    throw error;
+  }
+}
+
+async function restoreFile(filePath, contents) {
+  if (contents === null) {
+    try {
+      await fs.unlink(filePath);
+    } catch (error) {
+      if (error.code !== "ENOENT") {
+        throw error;
+      }
+    }
+    return;
+  }
+
+  await fs.writeFile(filePath, contents, "utf8");
+}
+
+async function applyScaffoldTransaction(originalFilePath, leak) {
+  const actionFilePath = path.join(path.dirname(originalFilePath), "actions.ts");
+  const originalClient = await fs.readFile(originalFilePath, "utf8");
+  const originalActions = await readExistingFile(actionFilePath);
+
+  try {
+    await scaffoldServerActionFile(originalFilePath, leak.rawFunctionText, leak.functionName, {
+      dependencies: leak.dependencies || []
+    });
+    const nextClient = injectActionBridge(originalClient, leak.startIndex, leak.endIndex, leak.functionName);
+    await fs.writeFile(originalFilePath, nextClient, "utf8");
+
+    await assertSyntaxSafe(await fs.readFile(actionFilePath, "utf8"));
+    await assertSyntaxSafe(await fs.readFile(originalFilePath, "utf8"));
+
+    return {
+      status: "APPLIED",
+      clientFile: originalFilePath,
+      actionFile: actionFilePath
+    };
+  } catch (error) {
+    const rollbackErrors = [];
+    for (const [filePath, contents] of [
+      [actionFilePath, originalActions],
+      [originalFilePath, originalClient]
+    ]) {
+      try {
+        await restoreFile(filePath, contents);
+      } catch (rollbackError) {
+        rollbackErrors.push(rollbackError);
+      }
+    }
+    if (rollbackErrors.length > 0) {
+      error.rollbackErrors = rollbackErrors;
+    }
+    throw error;
+  }
+}
+
+module.exports = {
+  applyScaffoldTransaction,
+  findServerSideLeaks,
+  injectActionBridge,
+  parseJavaScript,
+  scaffoldServerActionFile
+};

package/src/licensing/licenseManager.js

@@ -0,0 +1,248 @@
+const fs = require("node:fs");
+const https = require("node:https");
+const os = require("node:os");
+const path = require("node:path");
+
+const CONFIG_DIR = ".preflight";
+const CONFIG_FILE = "config.json";
+const FREE_FIX_LIMIT = 5;
+const LEMON_SQUEEZY_ACTIVATE_URL = "https://api.lemonsqueezy.com/v1/licenses/activate";
+const LEMON_SQUEEZY_VALIDATE_URL = "https://api.lemonsqueezy.com/v1/licenses/validate";
+const FREE_FIXES_EXHAUSTED_MESSAGE =
+  "\u26a0\ufe0f Free fixes exhausted (5/5). Upgrade to PreFlight Pro for unlimited AI auto-fixes for a one-time payment of $49 / \u20b91999: https://yourwebsite.com/buy";
+const INVALID_LICENSE_MESSAGE =
+  "\u274c License is inactive or invalid. Please run 'preflight activate <key>' with a valid key.";
+const ACTIVATION_MESSAGE = "\u2705 PreFlight Pro activated successfully! Unlimited AI auto-fixes unlocked.";
+const EMAIL_MISMATCH_MESSAGE = "\u274c Email does not match the purchase record.";
+const OFFLINE_ERROR_CODES = new Set(["EAI_AGAIN", "ECONNRESET", "ETIMEDOUT", "ENETUNREACH", "ENOTFOUND", "ECONNREFUSED"]);
+
+function getConfigPath(homeDir = os.homedir()) {
+  return path.join(homeDir, CONFIG_DIR, CONFIG_FILE);
+}
+
+function defaultConfig() {
+  return {
+    freeFixesUsed: 0,
+    licenseKey: null,
+    instanceId: null
+  };
+}
+
+function normalizeConfig(config = {}) {
+  const freeFixesUsed = Number.isInteger(config.freeFixesUsed) && config.freeFixesUsed > 0 ? config.freeFixesUsed : 0;
+  const licenseKey = typeof config.licenseKey === "string" && config.licenseKey.trim() ? config.licenseKey.trim() : null;
+  const instanceId = typeof config.instanceId === "string" && config.instanceId.trim() ? config.instanceId.trim() : null;
+
+  return {
+    freeFixesUsed,
+    licenseKey,
+    instanceId
+  };
+}
+
+async function readConfig(options = {}) {
+  const configPath = getConfigPath(options.homeDir);
+
+  try {
+    const raw = await fs.promises.readFile(configPath, "utf8");
+    return normalizeConfig(JSON.parse(raw));
+  } catch (error) {
+    if (error.code === "ENOENT") {
+      return defaultConfig();
+    }
+
+    throw error;
+  }
+}
+
+async function writeConfig(config, options = {}) {
+  const configPath = getConfigPath(options.homeDir);
+  await fs.promises.mkdir(path.dirname(configPath), { recursive: true });
+  await fs.promises.writeFile(configPath, `${JSON.stringify(normalizeConfig(config), null, 2)}\n`, {
+    encoding: "utf8",
+    mode: 0o600
+  });
+}
+
+function postFormUrlEncoded(request) {
+  const body = request.body || "";
+  const url = new URL(request.url || LEMON_SQUEEZY_VALIDATE_URL);
+
+  return new Promise((resolve, reject) => {
+    const req = https.request(
+      url,
+      {
+        method: "POST",
+        headers: {
+          Accept: "application/json",
+          "Content-Type": "application/x-www-form-urlencoded",
+          "Content-Length": Buffer.byteLength(body)
+        }
+      },
+      (response) => {
+        let responseBody = "";
+        response.setEncoding("utf8");
+        response.on("data", (chunk) => {
+          responseBody += chunk;
+        });
+        response.on("end", () => {
+          try {
+            resolve(JSON.parse(responseBody || "{}"));
+          } catch (error) {
+            reject(error);
+          }
+        });
+      }
+    );
+
+    req.on("error", reject);
+    req.write(body);
+    req.end();
+  });
+}
+
+function isOfflineError(error) {
+  return OFFLINE_ERROR_CODES.has(error?.code);
+}
+
+function freePermission(config) {
+  if (config.freeFixesUsed < FREE_FIX_LIMIT) {
+    return {
+      allowed: true,
+      tier: "free",
+      remaining: FREE_FIX_LIMIT - config.freeFixesUsed
+    };
+  }
+
+  return {
+    allowed: false,
+    tier: "free",
+    message: FREE_FIXES_EXHAUSTED_MESSAGE
+  };
+}
+
+async function verifyFixPermission(options = {}) {
+  const config = await readConfig(options);
+
+  if (config.licenseKey) {
+    const payload = {
+      license_key: config.licenseKey
+    };
+    if (config.instanceId) {
+      payload.instance_id = config.instanceId;
+    }
+    const body = new URLSearchParams(payload).toString();
+    const requestLicenseValidation = options.requestLicenseValidation || postFormUrlEncoded;
+
+    try {
+      const result = await requestLicenseValidation({
+        url: LEMON_SQUEEZY_VALIDATE_URL,
+        body
+      });
+
+      if (result?.valid) {
+        return { allowed: true, tier: "pro" };
+      }
+
+      await writeConfig(
+        {
+          ...config,
+          licenseKey: null,
+          instanceId: null
+        },
+        options
+      );
+      return {
+        allowed: false,
+        tier: "pro",
+        message: INVALID_LICENSE_MESSAGE
+      };
+    } catch (error) {
+      if (isOfflineError(error)) {
+        return { allowed: true, tier: "pro", offline: true };
+      }
+
+      throw error;
+    }
+  }
+
+  return freePermission(config);
+}
+
+async function activateLicenseKey(key, userEmail, options = {}) {
+  if (typeof userEmail === "object" && userEmail !== null) {
+    options = userEmail;
+    userEmail = undefined;
+  }
+
+  const licenseKey = typeof key === "string" ? key.trim() : "";
+  if (!licenseKey) {
+    throw new Error("A license key is required.");
+  }
+
+  const requestLicenseActivation = options.requestLicenseActivation || postFormUrlEncoded;
+  const hostname = options.hostname || os.hostname;
+  const body = new URLSearchParams({
+    license_key: licenseKey,
+    instance_name: hostname()
+  }).toString();
+  const result = await requestLicenseActivation({
+    url: LEMON_SQUEEZY_ACTIVATE_URL,
+    body
+  });
+  const instanceId = result?.instance?.id || null;
+
+  if (!result?.activated || !instanceId) {
+    throw new Error(result?.error || "License activation failed.");
+  }
+
+  if (result.meta?.customer_email && result.meta.customer_email !== userEmail) {
+    return {
+      success: false,
+      message: EMAIL_MISMATCH_MESSAGE
+    };
+  }
+
+  const config = await readConfig(options);
+  await writeConfig(
+    {
+      ...config,
+      licenseKey,
+      instanceId
+    },
+    options
+  );
+
+  return {
+    success: true,
+    activated: true,
+    message: ACTIVATION_MESSAGE,
+    instanceId
+  };
+}
+
+async function recordFreeFixUsage(options = {}) {
+  const config = await readConfig(options);
+  const nextConfig = {
+    ...config,
+    freeFixesUsed: config.freeFixesUsed + 1
+  };
+  await writeConfig(nextConfig, options);
+  return nextConfig;
+}
+
+module.exports = {
+  ACTIVATION_MESSAGE,
+  EMAIL_MISMATCH_MESSAGE,
+  FREE_FIXES_EXHAUSTED_MESSAGE,
+  FREE_FIX_LIMIT,
+  INVALID_LICENSE_MESSAGE,
+  LEMON_SQUEEZY_ACTIVATE_URL,
+  LEMON_SQUEEZY_VALIDATE_URL,
+  activateLicenseKey,
+  getConfigPath,
+  readConfig,
+  recordFreeFixUsage,
+  verifyFixPermission,
+  writeConfig
+};