ready-to-ship 1.0.0

package/src/modules/api.js

@@ -0,0 +1,152 @@
+const path = require('path');
+const { findFiles, readFile, fileExists } = require('../utils/fileHelpers');
+const { error, success, verdict, printIssues } = require('../utils/logHelpers');
+const { extractRoutes } = require('../utils/parseHelpers');
+
+/**
+ * Validate API endpoints and health checks
+ */
+async function validate(projectPath = process.cwd()) {
+  const issues = [];
+  const warnings = [];
+  
+  // Find route files
+  const routePatterns = [
+    '**/routes/**/*.{js,ts,jsx,tsx}',
+    '**/routes.{js,ts,jsx,tsx}',
+    '**/api/**/*.{js,ts,jsx,tsx}',
+    '**/src/**/*.{js,ts,jsx,tsx}'
+  ];
+  
+  let routeFiles = [];
+  for (const pattern of routePatterns) {
+    const files = await findFiles(pattern, projectPath);
+    routeFiles.push(...files);
+  }
+  
+  // If no route files found, try to find main app file
+  if (routeFiles.length === 0) {
+    const mainFiles = await findFiles('**/{app,server,index,main}.{js,ts}', projectPath);
+    routeFiles.push(...mainFiles);
+  }
+  
+  if (routeFiles.length === 0) {
+    warnings.push('No route files found. Make sure your project structure is standard.');
+    verdict(false, 'API: NOT READY (No routes found)');
+    return { passed: false, issues, warnings };
+  }
+  
+  // Check for health endpoint
+  let hasHealthEndpoint = false;
+  const healthPatterns = ['/health', '/healthz', '/ping', '/status', '/api/health'];
+  
+  for (const filePath of routeFiles) {
+    const code = await readFile(filePath);
+    if (!code) continue;
+    
+    const routes = extractRoutes(code);
+    
+    // Check if any route matches health patterns
+    const healthRoutes = routes.filter(route => 
+      healthPatterns.some(pattern => route.path === pattern || route.path.startsWith(pattern + '/'))
+    );
+    
+    if (healthRoutes.length > 0) {
+      hasHealthEndpoint = true;
+      break;
+    }
+  }
+  
+  if (!hasHealthEndpoint) {
+    issues.push('/health endpoint missing (recommended for monitoring and load balancers)');
+  }
+  
+  // Check route consistency
+  const allRoutes = [];
+  for (const filePath of routeFiles) {
+    const code = await readFile(filePath);
+    if (!code) continue;
+    
+    const routes = extractRoutes(code);
+    routes.forEach(route => {
+      allRoutes.push({
+        ...route,
+        file: path.relative(projectPath, filePath)
+      });
+    });
+  }
+  
+  // Group routes by path
+  const routesByPath = {};
+  allRoutes.forEach(route => {
+    if (!routesByPath[route.path]) {
+      routesByPath[route.path] = [];
+    }
+    routesByPath[route.path].push(route.method);
+  });
+  
+  // Auth/action endpoints that don't need GET (false positive prevention)
+  const actionEndpoints = [
+    'login', 'logout', 'register', 'signin', 'signout', 'signup',
+    'refresh-token', 'reset-password', 'forgot-password', 'verify',
+    'authenticate', 'authorize', 'callback', 'webhook'
+  ];
+  
+  const isActionEndpoint = (path) => {
+    const pathLower = path.toLowerCase();
+    return actionEndpoints.some(action => pathLower.includes(action));
+  };
+  
+  // Check for common REST inconsistencies
+  Object.keys(routesByPath).forEach(path => {
+    const methods = routesByPath[path];
+    
+    // Skip action endpoints (login, register, etc.)
+    if (isActionEndpoint(path)) {
+      return;
+    }
+    
+    // If POST exists, usually should have GET for the collection
+    if (methods.includes('POST') && !methods.includes('GET')) {
+      const collectionPath = path.replace(/\/[^/]+$/, '');
+      if (collectionPath !== path && !routesByPath[collectionPath]?.includes('GET')) {
+        warnings.push(`POST ${path} exists but no GET endpoint for collection`);
+      }
+    }
+    
+    // If PUT/PATCH exists, usually should have GET for the resource
+    if ((methods.includes('PUT') || methods.includes('PATCH')) && !methods.includes('GET')) {
+      warnings.push(`${methods.find(m => ['PUT', 'PATCH'].includes(m))} ${path} exists but no GET endpoint`);
+    }
+  });
+  
+  // Print results
+  console.log('\n🔹 API VALIDATION\n');
+  
+  if (hasHealthEndpoint) {
+    success('Health endpoint found');
+  }
+  
+  if (issues.length === 0 && warnings.length === 0) {
+    success('API structure looks good');
+    verdict(true, 'API: READY');
+    return { passed: true, issues: [], warnings, routes: allRoutes };
+  }
+  
+  printIssues(issues, 'error');
+  printIssues(warnings, 'warning');
+  
+  verdict(false, 'API: NOT READY');
+  
+  return {
+    passed: issues.length === 0,
+    issues,
+    warnings,
+    routes: allRoutes
+  };
+}
+
+module.exports = {
+  validate
+};
+

package/src/modules/auth.js

@@ -0,0 +1,152 @@
+const path = require('path');
+const { getAllFiles, readFile } = require('../utils/fileHelpers');
+const { error, success, verdict, printIssues } = require('../utils/logHelpers');
+const { extractRoutes, hasAuthMiddleware, extractJWTExpiry } = require('../utils/parseHelpers');
+
+/**
+ * Validate authentication and route protection
+ */
+async function validate(projectPath = process.cwd()) {
+  const issues = [];
+  const warnings = [];
+  const vulnerableRoutes = [];
+  
+  // Find route files
+  const routePatterns = [
+    '**/routes/**/*.{js,ts,jsx,tsx}',
+    '**/routes.{js,ts,jsx,tsx}',
+    '**/api/**/*.{js,ts,jsx,tsx}',
+    '**/controllers/**/*.{js,ts,jsx,tsx}',
+    '**/src/**/*.{js,ts,jsx,tsx}'
+  ];
+  
+  let routeFiles = [];
+  for (const pattern of routePatterns) {
+    const files = await require('../utils/fileHelpers').findFiles(pattern, projectPath);
+    routeFiles.push(...files);
+  }
+  
+  // If no route files found, try to find main app file
+  if (routeFiles.length === 0) {
+    const mainFiles = await require('../utils/fileHelpers').findFiles('**/{app,server,index,main}.{js,ts}', projectPath);
+    routeFiles.push(...mainFiles);
+  }
+  
+  if (routeFiles.length === 0) {
+    warnings.push('No route files found. Make sure your project structure is standard.');
+    verdict(false, 'AUTH: NOT READY (No routes found)');
+    return { passed: false, issues, warnings, vulnerableRoutes: [] };
+  }
+  
+  // Analyze each route file
+  for (const filePath of routeFiles) {
+    const code = await readFile(filePath);
+    if (!code) continue;
+    
+    const routes = extractRoutes(code);
+    const lines = code.split('\n');
+    
+    routes.forEach(route => {
+      const routePath = route.path;
+      const method = route.method;
+      const isSensitive = isSensitiveRoute(routePath);
+      
+      if (isSensitive) {
+        // Check if route has auth middleware
+        const hasAuth = hasAuthMiddleware(code, route.line);
+        
+        if (!hasAuth) {
+          vulnerableRoutes.push({
+            method,
+            path: routePath,
+            file: path.relative(projectPath, filePath),
+            line: route.line
+          });
+          issues.push(`Route ${method} ${routePath} missing auth middleware (${path.relative(projectPath, filePath)})`);
+        }
+      }
+    });
+    
+    // Check JWT expiry configuration
+    const jwtExpiry = extractJWTExpiry(code);
+    if (jwtExpiry !== null) {
+      const maxRecommendedExpiry = 7 * 24 * 60 * 60; // 7 days in seconds
+      const oneYearInSeconds = 365 * 24 * 60 * 60;
+      
+      if (jwtExpiry > oneYearInSeconds) {
+        issues.push(`JWT expiry too long: ${formatDuration(jwtExpiry)} (recommended: < 7 days)`);
+      } else if (jwtExpiry > maxRecommendedExpiry) {
+        warnings.push(`JWT expiry is ${formatDuration(jwtExpiry)} (recommended: < 7 days)`);
+      }
+    }
+  }
+  
+  // Print results
+  console.log('\n🔹 AUTH VALIDATION\n');
+  
+  if (issues.length === 0 && warnings.length === 0) {
+    success('All routes are properly protected');
+    verdict(true, 'AUTH: READY');
+    return { passed: true, issues: [], warnings: [], vulnerableRoutes: [] };
+  }
+  
+  printIssues(issues, 'error');
+  printIssues(warnings, 'warning');
+  
+  if (vulnerableRoutes.length > 0) {
+    console.log('\n📋 Vulnerable Routes:');
+    vulnerableRoutes.forEach(route => {
+      error(`${route.method} ${route.path} (${route.file}:${route.line})`);
+    });
+  }
+  
+  verdict(false, 'AUTH: NOT READY');
+  
+  return {
+    passed: issues.length === 0,
+    issues,
+    warnings,
+    vulnerableRoutes
+  };
+}
+
+/**
+ * Check if route is sensitive and requires auth
+ */
+function isSensitiveRoute(path) {
+  const sensitivePatterns = [
+    /^\/admin/i,
+    /^\/api\/admin/i,
+    /\/users/i,
+    /\/profile/i,
+    /\/settings/i,
+    /\/account/i,
+    /\/dashboard/i,
+    /\/delete/i,
+    /\/update/i,
+    /\/create/i,
+    /\/edit/i,
+    /\/password/i,
+    /\/auth\/change/i,
+    /\/api\/v\d+\/.*(?:user|admin|auth|profile|settings)/i
+  ];
+  
+  return sensitivePatterns.some(pattern => pattern.test(path));
+}
+
+/**
+ * Format duration in seconds to human-readable string
+ */
+function formatDuration(seconds) {
+  if (seconds < 60) return `${seconds} seconds`;
+  if (seconds < 3600) return `${Math.floor(seconds / 60)} minutes`;
+  if (seconds < 86400) return `${Math.floor(seconds / 3600)} hours`;
+  if (seconds < 2592000) return `${Math.floor(seconds / 86400)} days`;
+  if (seconds < 31536000) return `${Math.floor(seconds / 2592000)} months`;
+  return `${Math.floor(seconds / 31536000)} years`;
+}
+
+module.exports = {
+  validate
+};
+

package/src/modules/database.js

@@ -0,0 +1,178 @@
+const path = require('path');
+const { findFiles, readFile, parseEnvFile, fileExists } = require('../utils/fileHelpers');
+const { error, success, verdict, printIssues } = require('../utils/logHelpers');
+
+/**
+ * Validate database configuration
+ */
+async function validate(projectPath = process.cwd()) {
+  const issues = [];
+  const warnings = [];
+  
+  // Check for database connection strings in .env
+  const envPath = path.join(projectPath, '.env');
+  let envVars = {};
+  
+  if (await fileExists(envPath)) {
+    envVars = await parseEnvFile(envPath);
+  }
+  
+  // Detect database type from env vars
+  const dbVars = Object.keys(envVars).filter(key => 
+    /DATABASE|DB|MONGO|POSTGRES|MYSQL|REDIS/i.test(key)
+  );
+  
+  let hasDbConfig = dbVars.length > 0;
+  let dbType = null;
+  
+  if (envVars.DATABASE_URL) {
+    const dbUrl = envVars.DATABASE_URL.toLowerCase();
+    if (dbUrl.includes('mongodb')) dbType = 'MongoDB';
+    else if (dbUrl.includes('postgres')) dbType = 'PostgreSQL';
+    else if (dbUrl.includes('mysql')) dbType = 'MySQL';
+    else if (dbUrl.includes('redis')) dbType = 'Redis';
+  }
+  
+  // Check package.json for database drivers
+  const packageJsonPath = path.join(projectPath, 'package.json');
+  const packageJsonContent = await readFile(packageJsonPath);
+  let packageJson = {};
+  
+  if (packageJsonContent) {
+    try {
+      packageJson = JSON.parse(packageJsonContent);
+    } catch (e) {
+      // Invalid JSON
+    }
+  }
+  
+  const deps = { ...packageJson.dependencies, ...packageJson.devDependencies };
+  const dbPackages = {
+    'mongoose': 'MongoDB',
+    'mongodb': 'MongoDB',
+    'pg': 'PostgreSQL',
+    'mysql2': 'MySQL',
+    'mysql': 'MySQL',
+    'redis': 'Redis',
+    'ioredis': 'Redis',
+    'prisma': 'Prisma ORM',
+    'sequelize': 'Sequelize ORM',
+    'typeorm': 'TypeORM'
+  };
+  
+  let detectedDbPackage = null;
+  Object.keys(dbPackages).forEach(pkg => {
+    if (deps[pkg]) {
+      detectedDbPackage = dbPackages[pkg];
+      if (!dbType) dbType = dbPackages[pkg];
+    }
+  });
+  
+  // Check for database connection files
+  const dbFiles = await findFiles('**/{db,database,config}/**/*.{js,ts}', projectPath);
+  const connectionFiles = await findFiles('**/*connection*.{js,ts}', projectPath);
+  const modelFiles = await findFiles('**/{models,schemas}/**/*.{js,ts}', projectPath);
+  
+  let hasConnectionFile = dbFiles.length > 0 || connectionFiles.length > 0;
+  let hasModels = modelFiles.length > 0;
+  
+  // Check for connection error handling
+  let hasConnectionHandling = false;
+  for (const filePath of [...dbFiles, ...connectionFiles].slice(0, 10)) {
+    const code = await readFile(filePath);
+    if (code) {
+      if (/catch|error|on\('error'\)/i.test(code)) {
+        hasConnectionHandling = true;
+        break;
+      }
+    }
+  }
+  
+  // Validation checks
+  if (!hasDbConfig && !detectedDbPackage) {
+    warnings.push('No database configuration detected');
+  } else {
+    if (dbType) {
+      success(`Database type detected: ${dbType}`);
+    }
+    
+    // Check for connection string security
+    if (envVars.DATABASE_URL) {
+      const dbUrl = envVars.DATABASE_URL;
+      if (dbUrl.includes('localhost') || dbUrl.includes('127.0.0.1')) {
+        warnings.push('Database URL points to localhost (ensure production uses remote database)');
+      }
+      
+      // Check for credentials in URL (should be in env)
+      if (!dbUrl.startsWith('${') && dbUrl.includes('@') && !dbUrl.includes('://')) {
+        // Might be okay, but check format
+      }
+    }
+    
+    // Check for missing connection handling
+    if (!hasConnectionHandling && hasConnectionFile) {
+      issues.push('Database connection error handling not detected');
+    }
+    
+    // Check for connection pooling
+    let hasPooling = false;
+    for (const filePath of [...dbFiles, ...connectionFiles].slice(0, 10)) {
+      const code = await readFile(filePath);
+      if (code && /pool|pooling|max.*connection/i.test(code)) {
+        hasPooling = true;
+        break;
+      }
+    }
+    
+    if (!hasPooling && detectedDbPackage) {
+      warnings.push('Connection pooling not detected (recommended for production)');
+    }
+  }
+  
+  // Check for migration files
+  const migrationFiles = await findFiles('**/{migrations,migrate}/**/*.{js,ts,sql}', projectPath);
+  if (migrationFiles.length === 0 && detectedDbPackage) {
+    warnings.push('No migration files detected (recommended for database versioning)');
+  }
+  
+  // Print results
+  console.log('\n🔹 DATABASE VALIDATION\n');
+  
+  if (hasDbConfig || detectedDbPackage) {
+    if (hasConnectionFile) success('Database connection file found');
+    if (hasModels) success('Database models/schemas found');
+    if (hasConnectionHandling) success('Connection error handling found');
+  }
+  
+  if (issues.length === 0 && warnings.length === 0 && (hasDbConfig || detectedDbPackage)) {
+    success('Database configuration looks good');
+    verdict(true, 'DATABASE: READY');
+    return { passed: true, issues: [], warnings: [] };
+  }
+  
+  if (!hasDbConfig && !detectedDbPackage) {
+    verdict(true, 'DATABASE: SKIPPED (No database detected)');
+    return { passed: true, issues: [], warnings: [], skipped: true };
+  }
+  
+  printIssues(issues, 'error');
+  printIssues(warnings, 'warning');
+  
+  if (issues.length === 0) {
+    verdict(true, 'DATABASE: READY (with warnings)');
+  } else {
+    verdict(false, 'DATABASE: NOT READY');
+  }
+  
+  return {
+    passed: issues.length === 0,
+    issues,
+    warnings,
+    dbType
+  };
+}
+
+module.exports = {
+  validate
+};
+

package/src/modules/dependencies.js

@@ -0,0 +1,151 @@
+const path = require('path');
+const { readFile, fileExists } = require('../utils/fileHelpers');
+const { error, success, verdict, printIssues, warning } = require('../utils/logHelpers');
+
+/**
+ * Validate dependencies
+ */
+async function validate(projectPath = process.cwd()) {
+  const issues = [];
+  const warnings = [];
+  
+  const packageJsonPath = path.join(projectPath, 'package.json');
+  const packageLockPath = path.join(projectPath, 'package-lock.json');
+  const yarnLockPath = path.join(projectPath, 'yarn.lock');
+  
+  // Check for package.json
+  if (!await fileExists(packageJsonPath)) {
+    issues.push('package.json not found');
+    verdict(false, 'DEPENDENCIES: NOT READY');
+    return { passed: false, issues, warnings: [] };
+  }
+  
+  const packageJsonContent = await readFile(packageJsonPath);
+  let packageJson = {};
+  
+  try {
+    packageJson = JSON.parse(packageJsonContent);
+  } catch (e) {
+    issues.push('package.json is malformed');
+    verdict(false, 'DEPENDENCIES: NOT READY');
+    return { passed: false, issues, warnings: [] };
+  }
+  
+  // Check for lock file
+  const hasLockFile = await fileExists(packageLockPath) || await fileExists(yarnLockPath);
+  if (!hasLockFile) {
+    warnings.push('Lock file (package-lock.json or yarn.lock) not found (recommended for reproducible builds)');
+  }
+  
+  // Check for critical dependencies
+  const deps = { ...packageJson.dependencies, ...packageJson.devDependencies };
+  const criticalDeps = {
+    'express': 'Express.js',
+    'fastify': 'Fastify',
+    'koa': 'Koa',
+    'nestjs': 'NestJS'
+  };
+  
+  let hasFramework = false;
+  Object.keys(criticalDeps).forEach(dep => {
+    if (deps[dep]) {
+      hasFramework = true;
+    }
+  });
+  
+  if (!hasFramework) {
+    warnings.push('No major web framework detected (Express, Fastify, Koa, NestJS)');
+  }
+  
+  // Check for outdated packages (basic check)
+  const nodeVersion = process.version;
+  const nodeMajor = parseInt(nodeVersion.replace('v', '').split('.')[0]);
+  
+  if (nodeMajor < 14) {
+    warnings.push(`Node.js version ${nodeVersion} is outdated (recommended: >= 14.0.0)`);
+  }
+  
+  // Check for common security-related packages
+  const securityPackages = ['helmet', 'cors', 'express-rate-limit', 'bcrypt', 'jsonwebtoken'];
+  const missingSecurity = securityPackages.filter(pkg => !deps[pkg]);
+  
+  if (missingSecurity.length > 0) {
+    warnings.push(`Missing security packages: ${missingSecurity.join(', ')}`);
+  }
+  
+  // Check for vulnerable patterns in dependencies
+  const vulnerablePatterns = {
+    'express': { min: '4.17.0', reason: 'Older versions have security vulnerabilities' },
+    'lodash': { min: '4.17.21', reason: 'Older versions have security vulnerabilities' }
+  };
+  
+  Object.keys(vulnerablePatterns).forEach(pkg => {
+    if (deps[pkg]) {
+      const version = deps[pkg].replace(/[\^~]/, '');
+      const pattern = vulnerablePatterns[pkg];
+      // Basic version check (simplified)
+      if (version && version.includes('4.') && pkg === 'express') {
+        warnings.push(`${pkg} version might be outdated - ${pattern.reason}`);
+      }
+    }
+  });
+  
+  // Check for too many dependencies (maintenance burden)
+  const totalDeps = Object.keys(deps).length;
+  if (totalDeps > 100) {
+    warnings.push(`Large number of dependencies (${totalDeps}) - consider reviewing for unused packages`);
+  }
+  
+  // Check for dev dependencies in production
+  if (packageJson.scripts && packageJson.scripts.start) {
+    const startScript = packageJson.scripts.start;
+    if (startScript.includes('nodemon') || startScript.includes('ts-node-dev')) {
+      warnings.push('Development tools in start script (use production tools in production)');
+    }
+  }
+  
+  // Try to run npm audit (if available)
+  let auditIssues = [];
+  try {
+    // Check if npm audit is available (don't run it, just check)
+    const hasNpmAudit = true; // Assume available
+    if (hasNpmAudit) {
+      warnings.push('Run "npm audit" to check for known vulnerabilities');
+    }
+  } catch (e) {
+    // npm audit not available or failed
+  }
+  
+  // Print results
+  console.log('\n🔹 DEPENDENCIES VALIDATION\n');
+  
+  if (hasLockFile) success('Lock file found');
+  if (hasFramework) success('Web framework detected');
+  
+  if (issues.length === 0 && warnings.length === 0) {
+    success('Dependencies look good');
+    verdict(true, 'DEPENDENCIES: READY');
+    return { passed: true, issues: [], warnings: [] };
+  }
+  
+  printIssues(issues, 'error');
+  printIssues(warnings, 'warning');
+  
+  if (issues.length === 0) {
+    verdict(true, 'DEPENDENCIES: READY (with warnings)');
+  } else {
+    verdict(false, 'DEPENDENCIES: NOT READY');
+  }
+  
+  return {
+    passed: issues.length === 0,
+    issues,
+    warnings,
+    totalDependencies: totalDeps
+  };
+}
+
+module.exports = {
+  validate
+};
+