speclock 5.1.0 → 5.2.0

package/src/core/diff-parser.js

@@ -0,0 +1,349 @@
+// ===================================================================
+// SpecLock Diff Parser — Unified Diff → Structured Changes
+// Parses git unified diff format into actionable change objects.
+// Foundation for diff-native patch review.
+//
+// Developed by Sandeep Roy (https://github.com/sgroy10)
+// ===================================================================
+
+// --- Import/export detection regexes ---
+
+// JS/TS imports
+const JS_IMPORT_FROM = /(?:import|export)\s+(?:[\s\S]*?)\s+from\s+["']([^"']+)["']/;
+const JS_REQUIRE = /(?:const|let|var)\s+.*?=\s*require\s*\(\s*["']([^"']+)["']\s*\)/;
+const JS_DYNAMIC_IMPORT = /import\s*\(\s*["']([^"']+)["']\s*\)/;
+const JS_IMPORT_PLAIN = /^import\s+["']([^"']+)["']/;
+
+// Python imports
+const PY_IMPORT = /^import\s+([\w.]+)/;
+const PY_FROM_IMPORT = /^from\s+([\w.]+)\s+import/;
+
+// JS/TS exports
+const JS_EXPORT_FUNCTION = /export\s+(?:async\s+)?function\s+(\w+)/;
+const JS_EXPORT_CONST = /export\s+(?:const|let|var)\s+(\w+)/;
+const JS_EXPORT_CLASS = /export\s+(?:default\s+)?class\s+(\w+)/;
+const JS_EXPORT_DEFAULT = /export\s+default\s+(?:function\s+)?(\w+)?/;
+const JS_NAMED_EXPORT = /export\s*\{([^}]+)\}/;
+
+// Function/class definitions (for symbol detection)
+const JS_FUNCTION_DEF = /(?:async\s+)?function\s+(\w+)\s*\(/;
+const JS_ARROW_DEF = /(?:const|let|var)\s+(\w+)\s*=\s*(?:async\s+)?\(?/;
+const JS_CLASS_METHOD = /(?:async\s+)?(\w+)\s*\([^)]*\)\s*\{/;
+const PY_FUNCTION_DEF = /^def\s+(\w+)\s*\(/;
+const PY_CLASS_DEF = /^class\s+(\w+)/;
+
+// Route patterns
+const EXPRESS_ROUTE = /(?:app|router)\s*\.\s*(get|post|put|patch|delete|all)\s*\(\s*["']([^"']+)["']/;
+const FASTAPI_ROUTE = /@(?:app|router)\s*\.\s*(get|post|put|patch|delete)\s*\(\s*["']([^"']+)["']/;
+
+// Schema/migration patterns
+const SCHEMA_FILE_PATTERNS = [
+  /migration/i, /schema/i, /model/i, /prisma/i, /\.sql$/i,
+  /knexfile/i, /sequelize/i, /typeorm/i, /drizzle/i,
+];
+
+/**
+ * Parse a unified diff string into structured file changes.
+ *
+ * @param {string} diffText - Raw unified diff (git diff output)
+ * @returns {object} Parsed diff with structured changes per file
+ */
+export function parseDiff(diffText) {
+  if (!diffText || typeof diffText !== "string") {
+    return { files: [], stats: { filesChanged: 0, additions: 0, deletions: 0, hunks: 0 } };
+  }
+
+  const files = [];
+  let totalAdditions = 0;
+  let totalDeletions = 0;
+  let totalHunks = 0;
+
+  // Split into file diffs
+  const fileDiffs = diffText.split(/^diff --git /m).filter(Boolean);
+
+  for (const fileDiff of fileDiffs) {
+    const parsed = parseFileDiff(fileDiff);
+    if (parsed) {
+      files.push(parsed);
+      totalAdditions += parsed.additions;
+      totalDeletions += parsed.deletions;
+      totalHunks += parsed.hunks.length;
+    }
+  }
+
+  return {
+    files,
+    stats: {
+      filesChanged: files.length,
+      additions: totalAdditions,
+      deletions: totalDeletions,
+      hunks: totalHunks,
+    },
+  };
+}
+
+/**
+ * Parse a single file's diff section.
+ */
+function parseFileDiff(fileDiffText) {
+  // Extract file path
+  const pathMatch = fileDiffText.match(/a\/(.+?)\s+b\/(.+?)(?:\n|$)/);
+  if (!pathMatch) return null;
+
+  const filePath = pathMatch[2];
+  const language = detectLanguage(filePath);
+
+  // Parse hunks
+  const hunks = [];
+  const hunkRegex = /^@@\s+-(\d+)(?:,(\d+))?\s+\+(\d+)(?:,(\d+))?\s+@@(.*)?$/gm;
+  let match;
+
+  while ((match = hunkRegex.exec(fileDiffText)) !== null) {
+    const hunkStart = match.index;
+    const nextHunk = fileDiffText.indexOf("\n@@", hunkStart + 1);
+    const hunkEnd = nextHunk === -1 ? fileDiffText.length : nextHunk;
+    const hunkBody = fileDiffText.substring(hunkStart, hunkEnd);
+
+    const lines = hunkBody.split("\n").slice(1); // skip @@ header
+    const addedLines = [];
+    const removedLines = [];
+
+    for (const line of lines) {
+      if (line.startsWith("+") && !line.startsWith("+++")) {
+        addedLines.push(line.substring(1));
+      } else if (line.startsWith("-") && !line.startsWith("---")) {
+        removedLines.push(line.substring(1));
+      }
+    }
+
+    hunks.push({
+      oldStart: parseInt(match[1], 10),
+      oldCount: parseInt(match[2] || "1", 10),
+      newStart: parseInt(match[3], 10),
+      newCount: parseInt(match[4] || "1", 10),
+      context: (match[5] || "").trim(),
+      addedLines,
+      removedLines,
+    });
+  }
+
+  // Count additions/deletions
+  let additions = 0;
+  let deletions = 0;
+  for (const hunk of hunks) {
+    additions += hunk.addedLines.length;
+    deletions += hunk.removedLines.length;
+  }
+
+  // Detect import changes
+  const importsAdded = [];
+  const importsRemoved = [];
+  for (const hunk of hunks) {
+    for (const line of hunk.addedLines) {
+      const imp = extractImport(line.trim(), language);
+      if (imp && !importsAdded.includes(imp)) importsAdded.push(imp);
+    }
+    for (const line of hunk.removedLines) {
+      const imp = extractImport(line.trim(), language);
+      if (imp && !importsRemoved.includes(imp)) importsRemoved.push(imp);
+    }
+  }
+
+  // Detect export changes
+  const exportsAdded = [];
+  const exportsRemoved = [];
+  const exportsModified = [];
+  for (const hunk of hunks) {
+    for (const line of hunk.addedLines) {
+      const exp = extractExport(line.trim(), language);
+      if (exp) {
+        // Check if this export was in removed lines (modified) or truly new
+        const wasRemoved = hunk.removedLines.some(rl => {
+          const re = extractExport(rl.trim(), language);
+          return re && re.symbol === exp.symbol;
+        });
+        if (wasRemoved) {
+          if (!exportsModified.find(e => e.symbol === exp.symbol)) {
+            exportsModified.push({ ...exp, changeType: "signature_changed" });
+          }
+        } else {
+          if (!exportsAdded.find(e => e.symbol === exp.symbol)) {
+            exportsAdded.push(exp);
+          }
+        }
+      }
+    }
+    for (const line of hunk.removedLines) {
+      const exp = extractExport(line.trim(), language);
+      if (exp) {
+        const wasAdded = hunk.addedLines.some(al => {
+          const ae = extractExport(al.trim(), language);
+          return ae && ae.symbol === exp.symbol;
+        });
+        if (!wasAdded) {
+          if (!exportsRemoved.find(e => e.symbol === exp.symbol)) {
+            exportsRemoved.push({ ...exp, changeType: "removed" });
+          }
+        }
+      }
+    }
+  }
+
+  // Detect symbols touched (functions/classes modified)
+  const symbolsTouched = [];
+  for (const hunk of hunks) {
+    // Context line from @@ header often shows the function scope
+    if (hunk.context) {
+      const sym = extractSymbol(hunk.context, language);
+      if (sym && !symbolsTouched.find(s => s.symbol === sym.symbol)) {
+        symbolsTouched.push({ ...sym, changeType: "body_modified" });
+      }
+    }
+    // Also check removed/added lines for function definitions
+    for (const line of [...hunk.removedLines, ...hunk.addedLines]) {
+      const sym = extractSymbol(line.trim(), language);
+      if (sym && !symbolsTouched.find(s => s.symbol === sym.symbol)) {
+        symbolsTouched.push({ ...sym, changeType: "definition_changed" });
+      }
+    }
+  }
+
+  // Detect route changes
+  const routeChanges = [];
+  for (const hunk of hunks) {
+    for (const line of hunk.addedLines) {
+      const route = extractRoute(line.trim());
+      if (route) {
+        const wasRemoved = hunk.removedLines.some(rl => extractRoute(rl.trim())?.path === route.path);
+        routeChanges.push({ ...route, changeType: wasRemoved ? "modified" : "added" });
+      }
+    }
+    for (const line of hunk.removedLines) {
+      const route = extractRoute(line.trim());
+      if (route) {
+        const wasAdded = hunk.addedLines.some(al => extractRoute(al.trim())?.path === route.path);
+        if (!wasAdded) routeChanges.push({ ...route, changeType: "removed" });
+      }
+    }
+  }
+
+  // Detect if this is a schema/migration file
+  const isSchemaFile = SCHEMA_FILE_PATTERNS.some(p => p.test(filePath));
+
+  return {
+    path: filePath,
+    language,
+    additions,
+    deletions,
+    hunks,
+    importsAdded,
+    importsRemoved,
+    exportsAdded,
+    exportsRemoved,
+    exportsModified,
+    symbolsTouched,
+    routeChanges,
+    isSchemaFile,
+  };
+}
+
+// --- Extraction helpers ---
+
+function extractImport(line, language) {
+  if (language === "python") {
+    let m = line.match(PY_IMPORT);
+    if (m) return m[1];
+    m = line.match(PY_FROM_IMPORT);
+    if (m) return m[1];
+    return null;
+  }
+
+  // JS/TS
+  let m = line.match(JS_IMPORT_FROM);
+  if (m) return m[1];
+  m = line.match(JS_REQUIRE);
+  if (m) return m[1];
+  m = line.match(JS_DYNAMIC_IMPORT);
+  if (m) return m[1];
+  m = line.match(JS_IMPORT_PLAIN);
+  if (m) return m[1];
+  return null;
+}
+
+function extractExport(line, language) {
+  if (language === "python") {
+    // Python doesn't have explicit exports in the same way
+    // but we detect class/function definitions at module level
+    let m = line.match(PY_FUNCTION_DEF);
+    if (m && !m[1].startsWith("_")) return { symbol: m[1], kind: "function" };
+    m = line.match(PY_CLASS_DEF);
+    if (m) return { symbol: m[1], kind: "class" };
+    return null;
+  }
+
+  // JS/TS
+  let m = line.match(JS_EXPORT_FUNCTION);
+  if (m) return { symbol: m[1], kind: "function" };
+  m = line.match(JS_EXPORT_CONST);
+  if (m) return { symbol: m[1], kind: "const" };
+  m = line.match(JS_EXPORT_CLASS);
+  if (m) return { symbol: m[1], kind: "class" };
+  m = line.match(JS_EXPORT_DEFAULT);
+  if (m && m[1]) return { symbol: m[1], kind: "default" };
+  // Named exports: export { a, b, c }
+  m = line.match(JS_NAMED_EXPORT);
+  if (m) {
+    // Return just the first symbol for simplicity
+    const symbols = m[1].split(",").map(s => s.trim().split(/\s+as\s+/)[0].trim());
+    if (symbols[0]) return { symbol: symbols[0], kind: "named" };
+  }
+  return null;
+}
+
+function extractSymbol(line, language) {
+  if (language === "python") {
+    let m = line.match(PY_FUNCTION_DEF);
+    if (m) return { symbol: m[1], kind: "function" };
+    m = line.match(PY_CLASS_DEF);
+    if (m) return { symbol: m[1], kind: "class" };
+    return null;
+  }
+
+  // JS/TS
+  let m = line.match(JS_EXPORT_FUNCTION);
+  if (m) return { symbol: m[1], kind: "function" };
+  m = line.match(JS_FUNCTION_DEF);
+  if (m) return { symbol: m[1], kind: "function" };
+  m = line.match(JS_EXPORT_CLASS);
+  if (m) return { symbol: m[1], kind: "class" };
+  m = line.match(JS_CLASS_METHOD);
+  if (m && !["if", "for", "while", "switch", "catch", "else"].includes(m[1])) {
+    return { symbol: m[1], kind: "method" };
+  }
+  return null;
+}
+
+function extractRoute(line) {
+  let m = line.match(EXPRESS_ROUTE);
+  if (m) return { method: m[1].toUpperCase(), path: m[2] };
+  m = line.match(FASTAPI_ROUTE);
+  if (m) return { method: m[1].toUpperCase(), path: m[2] };
+  return null;
+}
+
+function detectLanguage(filePath) {
+  const ext = filePath.split(".").pop()?.toLowerCase();
+  switch (ext) {
+    case "js": case "jsx": case "mjs": case "cjs": return "javascript";
+    case "ts": case "tsx": return "typescript";
+    case "py": case "pyw": return "python";
+    case "rb": return "ruby";
+    case "go": return "go";
+    case "rs": return "rust";
+    case "java": return "java";
+    case "sql": return "sql";
+    case "json": return "json";
+    case "yaml": case "yml": return "yaml";
+    default: return "unknown";
+  }
+}

package/src/core/engine.js

@@ -639,8 +639,14 @@ export {
   getCriticalPaths,
 } from "./code-graph.js";
 
-// --- Patch Gateway (v5.1) ---
+// --- Patch Gateway (v5.1) + Diff-Native Review (v5.2) ---
 export {
   reviewPatch,
   reviewPatchAsync,
+  reviewPatchDiff,
+  reviewPatchDiffAsync,
+  reviewPatchUnified,
 } from "./patch-gateway.js";
+
+// --- Diff Parser (v5.2) ---
+export { parseDiff as parseUnifiedDiff } from "./diff-parser.js";

package/src/core/patch-gateway.js

@@ -344,3 +344,222 @@ function buildSummary(verdict, riskScore, reasons, files, blastDetails, lockFile
 
   return parts.join(". ") + ".";
 }
+
+// ===================================================================
+// DIFF-NATIVE REVIEW (v5.2) — Actual patch analysis
+// ===================================================================
+
+import { parseDiff } from "./diff-parser.js";
+import { analyzeDiff, calculateVerdict } from "./diff-analyzer.js";
+
+/**
+ * Review a proposed change using actual diff content.
+ * Combines diff-level signal extraction with project constraints.
+ *
+ * @param {string} root - Project root
+ * @param {object} opts
+ * @param {string} opts.description - What the change does
+ * @param {string[]} [opts.files] - Files being changed
+ * @param {string} opts.diff - Raw unified diff (git diff output)
+ * @param {object} [opts.options] - Analysis options
+ * @returns {object} Diff-native review result
+ */
+export function reviewPatchDiff(root, { description, files = [], diff, options = {} }) {
+  if (!description || typeof description !== "string" || !description.trim()) {
+    return {
+      verdict: "ERROR",
+      riskScore: 0,
+      reviewMode: "diff-native",
+      error: "description is required",
+      signals: {},
+      reasons: [],
+      summary: "No change description provided.",
+    };
+  }
+
+  if (!diff || typeof diff !== "string" || !diff.trim()) {
+    return {
+      verdict: "ERROR",
+      riskScore: 0,
+      reviewMode: "diff-native",
+      error: "diff is required (provide git diff output)",
+      signals: {},
+      reasons: [],
+      summary: "No diff content provided.",
+    };
+  }
+
+  // Parse the diff
+  const parsedDiff = parseDiff(diff);
+
+  // If files not provided, extract from parsed diff
+  if (files.length === 0 && parsedDiff.files.length > 0) {
+    files = parsedDiff.files.map(f => f.path);
+  }
+
+  // Run all signal analyzers
+  const { signals, reasons } = analyzeDiff(root, parsedDiff, description, options);
+
+  // Calculate verdict from signals
+  const { verdict, riskScore, recommendation } = calculateVerdict(signals, reasons);
+
+  // Build summary
+  const summaryParts = [`${verdict} (risk: ${riskScore}/100)`];
+  const criticalReasons = reasons.filter(r => r.severity === "critical");
+  const highReasons = reasons.filter(r => r.severity === "high");
+  if (criticalReasons.length > 0) summaryParts.push(`${criticalReasons.length} critical issue(s)`);
+  if (highReasons.length > 0) summaryParts.push(`${highReasons.length} high-severity issue(s)`);
+  if (parsedDiff.stats.filesChanged > 0) {
+    summaryParts.push(`${parsedDiff.stats.filesChanged} file(s), +${parsedDiff.stats.additions}/-${parsedDiff.stats.deletions}`);
+  }
+
+  return {
+    verdict,
+    riskScore,
+    reviewMode: "diff-native",
+    description,
+    files,
+    signals,
+    reasons,
+    parsedDiff: parsedDiff.stats,
+    recommendation,
+    summary: summaryParts.join(". ") + ".",
+    api_version: "v2",
+  };
+}
+
+/**
+ * Async diff review — adds LLM conflict checking for ambiguous cases.
+ */
+export async function reviewPatchDiffAsync(root, opts) {
+  const result = reviewPatchDiff(root, opts);
+
+  if (result.verdict === "ERROR" || result.verdict === "BLOCK") {
+    result.source = result.verdict === "BLOCK" ? "diff-native" : "error";
+    return result;
+  }
+
+  // For WARN / ALLOW, try LLM enhancement
+  try {
+    const { llmCheckConflict } = await import("./llm-checker.js");
+    const brain = readBrain(root);
+    const activeLocks = (brain?.specLock?.items || []).filter(l => l.active !== false && !l.constraintType);
+
+    if (activeLocks.length > 0) {
+      const llmResult = await llmCheckConflict(root, opts.description, activeLocks);
+      if (llmResult && llmResult.hasConflict) {
+        for (const lc of (llmResult.conflictingLocks || [])) {
+          const confidence = (lc.confidence || 50) / 100;
+          result.signals.llmConflict.used = true;
+          result.signals.llmConflict.score = Math.min(CAPS_LLM, Math.round(confidence * 10));
+          result.reasons.push({
+            type: "llm_conflict",
+            severity: confidence >= 0.7 ? "critical" : "high",
+            confidence,
+            message: `LLM detected conflict with: "${lc.text}"`,
+            details: { lockId: lc.id, lockText: lc.text },
+          });
+        }
+        // Recalculate verdict
+        const recalc = calculateVerdict(result.signals, result.reasons);
+        result.verdict = recalc.verdict;
+        result.riskScore = recalc.riskScore;
+        result.recommendation = recalc.recommendation;
+      }
+    }
+    result.source = "diff-native+llm";
+  } catch (_) {
+    result.source = "diff-native";
+  }
+
+  return result;
+}
+
+const CAPS_LLM = 10;
+
+/**
+ * Unified review — runs both intent review (v5.1) and diff review (v5.2),
+ * then merges results. Takes the stronger verdict.
+ *
+ * @param {string} root - Project root
+ * @param {object} opts - Same as reviewPatchDiff but diff is optional
+ * @returns {object} Unified review result
+ */
+export function reviewPatchUnified(root, opts) {
+  const hasDiff = opts.diff && typeof opts.diff === "string" && opts.diff.trim();
+
+  // Always run intent review (v5.1)
+  const intentResult = reviewPatch(root, {
+    description: opts.description,
+    files: opts.files || [],
+    includeGraph: true,
+  });
+
+  if (!hasDiff) {
+    // No diff available — return intent review only
+    return {
+      ...intentResult,
+      reviewMode: "intent-only",
+      source: "v5.1-intent",
+    };
+  }
+
+  // Run diff review (v5.2)
+  const diffResult = reviewPatchDiff(root, opts);
+
+  if (diffResult.verdict === "ERROR") {
+    // Diff parsing failed — fallback to intent only
+    return {
+      ...intentResult,
+      reviewMode: "intent-only",
+      source: "v5.1-intent (diff parse failed)",
+    };
+  }
+
+  // Merge results — weighted: intent 35%, diff 65%
+  const intentWeight = 0.35;
+  const diffWeight = 0.65;
+  const mergedRisk = Math.min(100, Math.round(
+    intentResult.riskScore * intentWeight + diffResult.riskScore * diffWeight
+  ));
+
+  // Take stronger verdict
+  const verdictRank = { ALLOW: 0, WARN: 1, BLOCK: 2 };
+  const finalVerdict = verdictRank[diffResult.verdict] >= verdictRank[intentResult.verdict]
+    ? diffResult.verdict
+    : intentResult.verdict;
+
+  // Merge reasons (deduplicate by type+lockId)
+  const mergedReasons = [...diffResult.reasons];
+  for (const ir of intentResult.reasons) {
+    const exists = mergedReasons.find(r =>
+      r.type === ir.type && r.details?.lockId === ir.lockId
+    );
+    if (!exists) {
+      mergedReasons.push({
+        ...ir,
+        confidence: typeof ir.confidence === "number" && ir.confidence > 1
+          ? ir.confidence / 100 : ir.confidence,
+      });
+    }
+  }
+
+  return {
+    verdict: finalVerdict,
+    riskScore: mergedRisk,
+    reviewMode: "unified",
+    description: opts.description,
+    files: diffResult.files,
+    signals: diffResult.signals,
+    reasons: mergedReasons,
+    parsedDiff: diffResult.parsedDiff,
+    blastRadius: intentResult.blastRadius,
+    recommendation: diffResult.recommendation,
+    summary: `${finalVerdict} (risk: ${mergedRisk}/100). Intent: ${intentResult.verdict}(${intentResult.riskScore}). Diff: ${diffResult.verdict}(${diffResult.riskScore}).`,
+    intentVerdict: intentResult.verdict,
+    intentRisk: intentResult.riskScore,
+    diffVerdict: diffResult.verdict,
+    diffRisk: diffResult.riskScore,
+    api_version: "v2",
+  };
+}

package/src/dashboard/index.html

@@ -89,7 +89,7 @@
 <div class="header">
   <div>
     <h1><span>SpecLock</span> Dashboard</h1>
-    <div class="meta">v5.1.0 &mdash; AI Constraint Engine</div>
+    <div class="meta">v5.2.0 &mdash; AI Constraint Engine</div>
   </div>
   <div style="display:flex;align-items:center;gap:12px;">
     <span id="health-badge" class="status-badge healthy">Loading...</span>
@@ -182,7 +182,7 @@
 </div>
 
 <div style="text-align:center;padding:24px;color:var(--muted);font-size:12px;">
-  SpecLock v5.1.0 &mdash; Developed by Sandeep Roy &mdash; <a href="https://github.com/sgroy10/speclock" style="color:var(--accent)">GitHub</a>
+  SpecLock v5.2.0 &mdash; Developed by Sandeep Roy &mdash; <a href="https://github.com/sgroy10/speclock" style="color:var(--accent)">GitHub</a>
 </div>
 
 <script>