rebar-mcp 2.0.0

package/src/services/rules-engine.ts

@@ -0,0 +1,353 @@
+/**
+ * Custom rules engine for Rebar.
+ *
+ * Allows users to define custom quality rules in .rebar/rules.yaml
+ * that extend the built-in checks.
+ */
+import * as path from "node:path";
+import { readFileSafe, fileExists, sanitizePath } from "./file-ops.js";
+
+export interface CustomRule {
+  id: string;
+  name: string;
+  description: string;
+  severity: "error" | "warning" | "info";
+  type: "file-exists" | "file-contains" | "file-not-contains" | "glob-count" | "command";
+  target?: string; // File path or glob pattern
+  pattern?: string; // Regex pattern for contains rules
+  min?: number; // Minimum count for glob-count
+  max?: number; // Maximum count for glob-count
+  command?: string; // Shell command for command rules
+  enabled?: boolean;
+}
+
+export interface RulesConfig {
+  version: string;
+  rules: CustomRule[];
+}
+
+export interface RuleResult {
+  id: string;
+  name: string;
+  passed: boolean;
+  severity: "error" | "warning" | "info";
+  message: string;
+}
+
+/**
+ * Parses a YAML-like rules file (simplified parser for basic YAML).
+ * For full YAML support, users should use JSON format.
+ */
+function parseSimpleYaml(content: string): RulesConfig | null {
+  try {
+    // Try JSON first
+    if (content.trim().startsWith("{")) {
+      return JSON.parse(content) as RulesConfig;
+    }
+
+    // Simple YAML-like parser
+    const rules: CustomRule[] = [];
+    const lines = content.split("\n");
+    let currentRule: Partial<CustomRule> | null = null;
+    let inRules = false;
+
+    for (const line of lines) {
+      const trimmed = line.trim();
+      if (!trimmed || trimmed.startsWith("#")) continue;
+
+      if (trimmed === "rules:") {
+        inRules = true;
+        continue;
+      }
+
+      if (inRules && trimmed.startsWith("- id:")) {
+        if (currentRule && currentRule.id) {
+          rules.push(currentRule as CustomRule);
+        }
+        currentRule = { id: trimmed.slice(5).trim(), enabled: true };
+        continue;
+      }
+
+      if (currentRule && trimmed.includes(":")) {
+        const [key, ...valueParts] = trimmed.split(":");
+        const value = valueParts.join(":").trim().replace(/^["']|["']$/g, "");
+
+        switch (key.trim()) {
+          case "name":
+            currentRule.name = value;
+            break;
+          case "description":
+            currentRule.description = value;
+            break;
+          case "severity":
+            if (value === "error" || value === "warning" || value === "info") {
+              currentRule.severity = value;
+            }
+            break;
+          case "type":
+            if (["file-exists", "file-contains", "file-not-contains", "glob-count", "command"].includes(value)) {
+              currentRule.type = value as CustomRule["type"];
+            }
+            break;
+          case "target":
+            currentRule.target = value;
+            break;
+          case "pattern":
+            currentRule.pattern = value;
+            break;
+          case "min":
+            currentRule.min = parseInt(value, 10);
+            break;
+          case "max":
+            currentRule.max = parseInt(value, 10);
+            break;
+          case "command":
+            currentRule.command = value;
+            break;
+          case "enabled":
+            currentRule.enabled = value === "true";
+            break;
+        }
+      }
+    }
+
+    if (currentRule && currentRule.id) {
+      rules.push(currentRule as CustomRule);
+    }
+
+    return { version: "1.0", rules };
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Loads custom rules from .rebar/rules.yaml or .rebar/rules.json
+ */
+export async function loadCustomRules(projectPath: string): Promise<RulesConfig | null> {
+  const yamlPath = sanitizePath(projectPath, ".rebar/rules.yaml");
+  const jsonPath = sanitizePath(projectPath, ".rebar/rules.json");
+
+  // Try YAML first
+  let content = await readFileSafe(yamlPath);
+  if (content) {
+    return parseSimpleYaml(content);
+  }
+
+  // Try JSON
+  content = await readFileSafe(jsonPath);
+  if (content) {
+    try {
+      return JSON.parse(content) as RulesConfig;
+    } catch {
+      return null;
+    }
+  }
+
+  return null;
+}
+
+/**
+ * Evaluates a single rule against the project.
+ */
+export async function evaluateRule(rule: CustomRule, projectPath: string): Promise<RuleResult> {
+  const result: RuleResult = {
+    id: rule.id,
+    name: rule.name,
+    passed: false,
+    severity: rule.severity,
+    message: "",
+  };
+
+  if (rule.enabled === false) {
+    result.passed = true;
+    result.message = "Rule disabled";
+    return result;
+  }
+
+  try {
+    switch (rule.type) {
+      case "file-exists": {
+        if (!rule.target) {
+          result.message = "Rule missing 'target' field";
+          return result;
+        }
+        const filePath = sanitizePath(projectPath, rule.target);
+        const exists = await fileExists(filePath);
+        result.passed = exists;
+        result.message = exists
+          ? `File exists: ${rule.target}`
+          : `File not found: ${rule.target}`;
+        break;
+      }
+
+      case "file-contains": {
+        if (!rule.target || !rule.pattern) {
+          result.message = "Rule missing 'target' or 'pattern' field";
+          return result;
+        }
+        const filePath = sanitizePath(projectPath, rule.target);
+        const content = await readFileSafe(filePath);
+        if (!content) {
+          result.passed = false;
+          result.message = `File not found: ${rule.target}`;
+          return result;
+        }
+        const regex = new RegExp(rule.pattern);
+        result.passed = regex.test(content);
+        result.message = result.passed
+          ? `Pattern found in ${rule.target}`
+          : `Pattern not found in ${rule.target}`;
+        break;
+      }
+
+      case "file-not-contains": {
+        if (!rule.target || !rule.pattern) {
+          result.message = "Rule missing 'target' or 'pattern' field";
+          return result;
+        }
+        const filePath = sanitizePath(projectPath, rule.target);
+        const content = await readFileSafe(filePath);
+        if (!content) {
+          result.passed = true; // File doesn't exist, so pattern can't be in it
+          result.message = `File not found (OK): ${rule.target}`;
+          return result;
+        }
+        const regex = new RegExp(rule.pattern);
+        result.passed = !regex.test(content);
+        result.message = result.passed
+          ? `Pattern not found in ${rule.target} (OK)`
+          : `Forbidden pattern found in ${rule.target}`;
+        break;
+      }
+
+      case "glob-count": {
+        // Simplified glob matching - count files matching pattern
+        if (!rule.target) {
+          result.message = "Rule missing 'target' glob pattern";
+          return result;
+        }
+        // For simplicity, just check if directory exists and count files
+        const targetDir = path.dirname(rule.target);
+        const ext = path.extname(rule.target);
+        const dirPath = sanitizePath(projectPath, targetDir === "." ? "" : targetDir);
+
+        if (!(await fileExists(dirPath))) {
+          result.passed = rule.min === 0 || rule.min === undefined;
+          result.message = `Directory not found: ${targetDir}`;
+          return result;
+        }
+
+        // Count matching files (simplified - just count by extension)
+        const fs = await import("node:fs/promises");
+        const files = await fs.readdir(dirPath).catch(() => [] as string[]);
+        const matchingFiles = ext
+          ? files.filter((f) => f.endsWith(ext))
+          : files;
+        const count = matchingFiles.length;
+
+        const minOk = rule.min === undefined || count >= rule.min;
+        const maxOk = rule.max === undefined || count <= rule.max;
+        result.passed = minOk && maxOk;
+
+        if (!minOk) {
+          result.message = `Found ${count} files, expected at least ${rule.min}`;
+        } else if (!maxOk) {
+          result.message = `Found ${count} files, expected at most ${rule.max}`;
+        } else {
+          result.message = `Found ${count} files matching ${rule.target}`;
+        }
+        break;
+      }
+
+      case "command": {
+        if (!rule.command) {
+          result.message = "Rule missing 'command' field";
+          return result;
+        }
+        // Note: Command execution is intentionally limited for security
+        result.passed = false;
+        result.message = "Command rules are disabled in MCP mode for security";
+        break;
+      }
+
+      default:
+        result.message = `Unknown rule type: ${rule.type}`;
+    }
+  } catch (err) {
+    result.message = `Rule evaluation failed: ${err instanceof Error ? err.message : String(err)}`;
+  }
+
+  return result;
+}
+
+/**
+ * Evaluates all custom rules against the project.
+ */
+export async function evaluateAllRules(projectPath: string): Promise<RuleResult[]> {
+  const config = await loadCustomRules(projectPath);
+  if (!config || !config.rules || config.rules.length === 0) {
+    return [];
+  }
+
+  const results: RuleResult[] = [];
+  for (const rule of config.rules) {
+    results.push(await evaluateRule(rule, projectPath));
+  }
+  return results;
+}
+
+/**
+ * Generates a default rules.yaml template.
+ */
+export function generateDefaultRulesTemplate(): string {
+  return `# Rebar Custom Rules
+# Define custom quality gates for your project
+# Docs: https://github.com/RCOLKITT/rebar-mcp#custom-rules
+
+version: "1.0"
+
+rules:
+  # Ensure important files exist
+  - id: readme-exists
+    name: README.md exists
+    description: Every project should have a README
+    severity: warning
+    type: file-exists
+    target: README.md
+
+  - id: license-exists
+    name: LICENSE file exists
+    description: Open source projects should have a license
+    severity: info
+    type: file-exists
+    target: LICENSE
+
+  # Check for sensitive patterns
+  - id: no-hardcoded-localhost
+    name: No hardcoded localhost URLs
+    description: Avoid hardcoding localhost in production code
+    severity: warning
+    type: file-not-contains
+    target: "src/**/*.ts"
+    pattern: "localhost:\\\\d+"
+
+  # Ensure minimum test coverage
+  - id: test-files-exist
+    name: Test files exist
+    description: Project should have test files
+    severity: warning
+    type: glob-count
+    target: "**/*.test.ts"
+    min: 1
+
+  # Disabled example
+  - id: example-disabled
+    name: Example disabled rule
+    description: This rule is disabled
+    severity: info
+    type: file-exists
+    target: .example
+    enabled: false
+`;
+}

package/src/services/strictness.ts

@@ -0,0 +1,202 @@
+/**
+ * Strictness profiles for Rebar enforcement hooks.
+ *
+ * Controls how aggressively hooks enforce quality:
+ * - standard: Notify on issues, only block dangerous commands and secrets
+ * - strict: Block on test/lint failures
+ * - paranoid: Block on any types, large files, TODOs in commits
+ */
+
+export type StrictnessProfile = "standard" | "strict" | "paranoid";
+
+export interface HookConfig {
+  event: string;
+  matcher: string;
+  command: string;
+  description: string;
+}
+
+/**
+ * Generates the complete set of hooks for a given strictness profile.
+ *
+ * @param profile - The strictness level
+ * @param testCommand - Project's test command (e.g., "npm test")
+ * @param lintCommand - Project's lint command (e.g., "npx eslint")
+ * @param formatCommand - Project's format command (e.g., "npx prettier --write")
+ */
+export function getHooksForProfile(
+  profile: StrictnessProfile,
+  testCommand: string,
+  lintCommand: string,
+  formatCommand: string
+): HookConfig[] {
+  const hooks: HookConfig[] = [];
+
+  // ─── Format on write — always auto-formats, never blocks ───
+  hooks.push({
+    event: "PostToolUse",
+    matcher: "Write(*.ts)|Write(*.tsx)|Write(*.js)|Write(*.jsx)",
+    command: `${formatCommand} "$CLAUDE_FILE_PATH" 2>/dev/null || true`,
+    description: "Auto-format TypeScript/JavaScript files after write",
+  });
+
+  // ─── Lint on write ───
+  if (profile === "standard") {
+    // Standard: shows output but does not block
+    hooks.push({
+      event: "PostToolUse",
+      matcher: "Write(*.ts)|Write(*.tsx)|Write(*.js)|Write(*.jsx)",
+      command: `${lintCommand} "$CLAUDE_FILE_PATH" 2>&1 | head -20; exit 0`,
+      description: "Show lint results after write (non-blocking)",
+    });
+  } else {
+    // Strict/Paranoid: blocks on lint errors
+    hooks.push({
+      event: "PostToolUse",
+      matcher: "Write(*.ts)|Write(*.tsx)|Write(*.js)|Write(*.jsx)",
+      command: `RESULT=$(${lintCommand} "$CLAUDE_FILE_PATH" 2>&1); EXITCODE=$?; if [ $EXITCODE -ne 0 ]; then echo "$RESULT" | head -20; echo '\\n❌ LINT ERRORS — Fix these before continuing.' >&2; exit 2; fi; exit 0`,
+      description: "Block on lint errors after write",
+    });
+  }
+
+  // ─── Test enforcement ───
+  if (profile === "standard") {
+    // Standard: runs tests, shows results, does not block
+    hooks.push({
+      event: "PostToolUse",
+      matcher: "Write(*.ts)|Write(*.tsx)|Write(*.js)|Write(*.jsx)|Edit(*.ts)|Edit(*.tsx)|Edit(*.js)|Edit(*.jsx)",
+      command: `${testCommand} 2>&1 | tail -10; if [ $? -ne 0 ]; then echo '\\n⚠️ TESTS FAILED — You should fix these before continuing.'; fi; exit 0`,
+      description: "Run tests after code changes (non-blocking notification)",
+    });
+  } else {
+    // Strict/Paranoid: blocks on test failures
+    hooks.push({
+      event: "PostToolUse",
+      matcher: "Write(*.ts)|Write(*.tsx)|Write(*.js)|Write(*.jsx)|Edit(*.ts)|Edit(*.tsx)|Edit(*.js)|Edit(*.jsx)",
+      command: `${testCommand} 2>&1 | tail -10; EXIT_CODE=\${PIPESTATUS[0]}; if [ $EXIT_CODE -ne 0 ]; then echo '\\n❌ TESTS FAILED — Fix failing tests before continuing. Do not move to the next task.' >&2; exit 2; fi; exit 0`,
+      description: "Block on test failures after code changes",
+    });
+  }
+
+  // ─── Danger blocker — ALWAYS blocks, even in Standard ───
+  hooks.push({
+    event: "PreToolUse",
+    matcher: "Bash",
+    command: `BLOCKED='rm -rf|rm -fr|git push --force|git push -f|DROP TABLE|DROP DATABASE|TRUNCATE TABLE|chmod -R 777'; if echo "$CLAUDE_BASH_COMMAND" | grep -qiE "$BLOCKED"; then echo 'BLOCKED: Destructive command detected. Ask the developer for explicit approval.' >&2; exit 2; fi; exit 0`,
+    description: "Block destructive commands (always active)",
+  });
+
+  // ─── Secret detector — ALWAYS blocks, even in Standard ───
+  hooks.push({
+    event: "PreToolUse",
+    matcher: "Bash(git commit*)|Bash(git add*)",
+    command: `STAGED=$(git diff --cached --name-only 2>/dev/null); if [ -z "$STAGED" ]; then exit 0; fi; SECRETS=$(git diff --cached | grep -inE '(api[_-]?key|secret|password|token|private[_-]?key|aws_access|AKIA[A-Z0-9]{16})\\s*[:=]\\s*[\"\\x27]?[A-Za-z0-9+/=_-]{8,}' | head -5); if [ -n "$SECRETS" ]; then echo "BLOCKED: Potential secrets in staged files:" >&2; echo "$SECRETS" >&2; exit 2; fi; exit 0`,
+    description: "Block commits containing potential secrets (always active)",
+  });
+
+  // ─── Paranoid-only hooks ───
+  if (profile === "paranoid") {
+    // File size guard — blocks writes to files over 400 lines
+    hooks.push({
+      event: "PostToolUse",
+      matcher: "Write(*)|Edit(*)",
+      command: `if [ -f "$CLAUDE_FILE_PATH" ]; then LINES=$(wc -l < "$CLAUDE_FILE_PATH"); if [ "$LINES" -gt 400 ]; then echo "BLOCKED: File $CLAUDE_FILE_PATH has $LINES lines (max 400). Split this file into smaller modules." >&2; exit 2; fi; fi; exit 0`,
+      description: "Block files exceeding 400 lines",
+    });
+
+    // Any type guard — blocks writes that introduce `any` type (TypeScript only)
+    hooks.push({
+      event: "PostToolUse",
+      matcher: "Write(*.ts)|Write(*.tsx)|Edit(*.ts)|Edit(*.tsx)",
+      command: `if [ -f "$CLAUDE_FILE_PATH" ]; then ANY_COUNT=$(grep -cE ':\\s*any\\b|as\\s+any\\b|<any>' "$CLAUDE_FILE_PATH" 2>/dev/null || echo 0); if [ "$ANY_COUNT" -gt 0 ]; then echo "BLOCKED: File $CLAUDE_FILE_PATH contains $ANY_COUNT uses of 'any' type. Use specific types or 'unknown' instead." >&2; exit 2; fi; fi; exit 0`,
+      description: "Block TypeScript files containing 'any' type",
+    });
+
+    // Commit completeness — blocks commits with TODO/FIXME in staged files
+    hooks.push({
+      event: "PreToolUse",
+      matcher: "Bash(git commit*)",
+      command: `STAGED=$(git diff --cached --name-only 2>/dev/null); TODOS=""; for f in $STAGED; do if [ -f "$f" ]; then FOUND=$(grep -n 'TODO\\|FIXME\\|HACK\\|XXX' "$f" 2>/dev/null | head -3); if [ -n "$FOUND" ]; then TODOS="$TODOS\\n$f:\\n$FOUND"; fi; fi; done; if [ -n "$TODOS" ]; then echo "BLOCKED: Incomplete work found in staged files:" >&2; echo -e "$TODOS" >&2; echo "\\nRemove all TODO/FIXME/HACK/XXX comments before committing." >&2; exit 2; fi; exit 0`,
+      description: "Block commits containing TODO/FIXME/HACK/XXX comments",
+    });
+  }
+
+  return hooks;
+}
+
+/**
+ * Converts HookConfig[] to the settings.json format.
+ */
+export function hooksToSettingsFormat(hooks: HookConfig[]): Record<string, unknown[]> {
+  const result: Record<string, unknown[]> = {};
+
+  for (const hook of hooks) {
+    if (!result[hook.event]) {
+      result[hook.event] = [];
+    }
+    result[hook.event].push({
+      matcher: hook.matcher,
+      hooks: [
+        {
+          type: "command",
+          command: hook.command,
+        },
+      ],
+    });
+  }
+
+  return result;
+}
+
+/**
+ * Identifies Rebar-generated hooks by their description prefix.
+ */
+export function isRebarHook(description: string): boolean {
+  const rebarPrefixes = [
+    "Auto-format",
+    "Show lint",
+    "Block on lint",
+    "Run tests",
+    "Block on test",
+    "Block destructive",
+    "Block commits containing potential",
+    "Block files exceeding",
+    "Block TypeScript files containing",
+    "Block commits containing TODO",
+  ];
+  return rebarPrefixes.some((prefix) => description.startsWith(prefix));
+}
+
+/**
+ * Detects the current strictness profile from hooks in settings.json.
+ */
+export function detectCurrentProfile(hooks: Record<string, unknown[]>): StrictnessProfile | null {
+  let hasBlockingLint = false;
+  let hasBlockingTests = false;
+  let hasFileSizeGuard = false;
+  let hasAnyTypeGuard = false;
+
+  for (const eventHooks of Object.values(hooks)) {
+    if (!Array.isArray(eventHooks)) continue;
+    for (const hookEntry of eventHooks) {
+      const h = hookEntry as Record<string, unknown>;
+      const hooksArray = h.hooks as Array<Record<string, unknown>> | undefined;
+      if (!hooksArray) continue;
+
+      for (const hook of hooksArray) {
+        const cmd = hook.command as string | undefined;
+        if (!cmd) continue;
+
+        if (cmd.includes("LINT ERRORS") && cmd.includes("exit 2")) hasBlockingLint = true;
+        if (cmd.includes("TESTS FAILED") && cmd.includes("exit 2")) hasBlockingTests = true;
+        if (cmd.includes("max 400") && cmd.includes("exit 2")) hasFileSizeGuard = true;
+        if (cmd.includes("'any' type") && cmd.includes("exit 2")) hasAnyTypeGuard = true;
+      }
+    }
+  }
+
+  if (hasFileSizeGuard && hasAnyTypeGuard) return "paranoid";
+  if (hasBlockingLint && hasBlockingTests) return "strict";
+  if (!hasBlockingLint && !hasBlockingTests) return "standard";
+  return null; // Mixed configuration
+}

package/src/services/template-engine.ts

@@ -0,0 +1,119 @@
+/**
+ * Lightweight template engine with variable substitution and conditionals.
+ * Uses {{variable}} syntax and {{#if condition}}...{{/if}} blocks.
+ */
+import type { TemplateVariables } from "../types.js";
+
+/**
+ * Renders a template string with the given variables.
+ *
+ * Supports:
+ * - {{variable_name}} — replaced with the variable's value
+ * - {{#if variable_name}}...{{/if}} — conditional blocks
+ * - {{#unless variable_name}}...{{/unless}} — inverse conditional blocks
+ * - {{#each variable_name}}...{{/each}} — iteration over arrays
+ */
+export function renderTemplate(
+  template: string,
+  variables: TemplateVariables
+): string {
+  let result = template;
+
+  // Process {{#each variable}}...{{/each}} blocks
+  result = processEachBlocks(result, variables);
+
+  // Process {{#if variable}}...{{/if}} blocks (supports nesting)
+  result = processConditionalBlocks(result, variables);
+
+  // Process {{#unless variable}}...{{/unless}} blocks
+  result = processUnlessBlocks(result, variables);
+
+  // Replace {{variable}} placeholders
+  result = replaceVariables(result, variables);
+
+  return result;
+}
+
+function processEachBlocks(
+  template: string,
+  variables: TemplateVariables
+): string {
+  const eachRegex = /\{\{#each\s+(\w+)\}\}([\s\S]*?)\{\{\/each\}\}/g;
+  return template.replace(eachRegex, (_match, varName: string, body: string) => {
+    const value = variables[varName];
+    if (!Array.isArray(value) || value.length === 0) {
+      return "";
+    }
+    return value
+      .map((item) => body.replace(/\{\{this\}\}/g, item))
+      .join("");
+  });
+}
+
+function processConditionalBlocks(
+  template: string,
+  variables: TemplateVariables
+): string {
+  // Process innermost {{#if}}...{{/if}} first to handle nesting
+  let result = template;
+  let iterations = 0;
+  const maxIterations = 50;
+
+  while (result.includes("{{#if ") && iterations < maxIterations) {
+    const prev = result;
+    result = result.replace(
+      /\{\{#if\s+(\w+)\}\}([\s\S]*?)\{\{\/if\}\}/,
+      (_match, varName: string, body: string) => {
+        const value = variables[varName];
+        if (isTruthy(value)) {
+          return body;
+        }
+        return "";
+      }
+    );
+    if (result === prev) break;
+    iterations++;
+  }
+
+  return result;
+}
+
+function processUnlessBlocks(
+  template: string,
+  variables: TemplateVariables
+): string {
+  const unlessRegex = /\{\{#unless\s+(\w+)\}\}([\s\S]*?)\{\{\/unless\}\}/g;
+  return template.replace(unlessRegex, (_match, varName: string, body: string) => {
+    const value = variables[varName];
+    if (!isTruthy(value)) {
+      return body;
+    }
+    return "";
+  });
+}
+
+function replaceVariables(
+  template: string,
+  variables: TemplateVariables
+): string {
+  return template.replace(/\{\{(\w+)\}\}/g, (_match, varName: string) => {
+    const value = variables[varName];
+    if (value === undefined) {
+      return `{{${varName}}}`;
+    }
+    if (Array.isArray(value)) {
+      return value.join(", ");
+    }
+    return String(value);
+  });
+}
+
+function isTruthy(value: string | boolean | string[] | undefined): boolean {
+  if (value === undefined || value === false || value === "") {
+    return false;
+  }
+  if (Array.isArray(value) && value.length === 0) {
+    return false;
+  }
+  return true;
+}