vibecheck-ai 2.0.1 → 5.0.0

package/bin/runners/lib/engine/types.js

@@ -0,0 +1,124 @@
+// bin/runners/lib/engine/types.js
+// JSDoc type definitions for the engine
+
+/**
+ * @typedef {Object} FileRecord
+ * @property {string} abs - Absolute path
+ * @property {string} rel - Relative path from repo root (forward slashes)
+ * @property {number} size - File size in bytes
+ * @property {number} mtime - Last modified time (ms since epoch)
+ * @property {string} hash - Content hash (sha256)
+ * @property {string} [ext] - File extension (e.g., ".ts", ".js")
+ */
+
+/**
+ * @typedef {Object} RepoSignals
+ * @property {boolean} hasPackageJson
+ * @property {boolean} hasRequirementsTxt
+ * @property {boolean} hasPyprojectToml
+ * @property {boolean} hasGoMod
+ * @property {boolean} hasGemfile
+ * @property {boolean} hasNextApp - has app/ directory
+ * @property {boolean} hasNextPages - has pages/ directory
+ * @property {boolean} hasOpenAPI
+ * @property {boolean} hasGraphQL
+ * @property {Set<string>} detectedFrameworks
+ */
+
+/**
+ * @typedef {Object} RepoIndexResult
+ * @property {FileRecord[]} files - All indexed files
+ * @property {RepoSignals} signals - Detected signals
+ * @property {Map<string, string>} contentCache - abs -> content
+ * @property {Map<string, Set<string>>} tokenIndex - token -> Set<abs>
+ * @property {Object} stats
+ * @property {number} stats.totalFiles
+ * @property {number} stats.totalSize
+ * @property {number} stats.indexTimeMs
+ */
+
+/**
+ * @typedef {Object} Evidence
+ * @property {string} id - Unique evidence ID (ev_xxxx)
+ * @property {string} file - Relative file path
+ * @property {string} lines - Line range (e.g., "10-15")
+ * @property {string} snippetHash - SHA256 of snippet
+ * @property {string} reason - Why this is evidence
+ */
+
+/**
+ * @typedef {Object} RouteFact
+ * @property {string} method - HTTP method (GET, POST, *, etc.)
+ * @property {string} path - Canonicalized route path
+ * @property {string} handler - Relative file path
+ * @property {string} framework - Source framework
+ * @property {"high"|"med"|"low"} confidence
+ * @property {Evidence[]} evidence
+ * @property {string[]} [hooks] - Fastify hooks if present
+ */
+
+/**
+ * @typedef {Object} ClientRefFact
+ * @property {string} method - HTTP method or "*"
+ * @property {string} path - Canonicalized path
+ * @property {string} source - Relative file path
+ * @property {"high"|"med"|"low"} confidence
+ * @property {string} kind - fetch, axios_member, axios_config, useSWR, useQuery
+ * @property {Evidence[]} evidence
+ */
+
+/**
+ * @typedef {Object} EnvFact
+ * @property {string} name - Environment variable name
+ * @property {string[]} files - Files where it's referenced
+ * @property {boolean} hasDefault - Whether a default value exists
+ * @property {string} [defaultValue] - Default value if any
+ */
+
+/**
+ * @typedef {Object} Gap
+ * @property {string} kind - Gap type (e.g., "fastify_plugin_unresolved")
+ * @property {string} [file] - Related file
+ * @property {string} [spec] - Module specifier
+ * @property {string} [name] - Identifier name
+ * @property {string} [note] - Additional notes
+ * @property {string} [error] - Error message if from catch
+ */
+
+/**
+ * @typedef {Object} AdapterResult
+ * @property {RouteFact[]} routes
+ * @property {ClientRefFact[]} clientRefs
+ * @property {Gap[]} gaps
+ * @property {Object} stats
+ * @property {number} stats.filesScanned
+ * @property {number} stats.parseErrors
+ * @property {number} [quality] - 0-1 extraction quality score
+ */
+
+/**
+ * @typedef {Object} Finding
+ * @property {string} id - Stable finding ID
+ * @property {string} title
+ * @property {string} description
+ * @property {"info"|"warn"|"block"} severity
+ * @property {"high"|"med"|"low"} confidence
+ * @property {Evidence[]} evidence
+ * @property {Gap[]} [gaps]
+ * @property {string} [suggestedFix]
+ * @property {string} [category]
+ */
+
+/**
+ * @typedef {Object} ScanResult
+ * @property {Finding[]} findings
+ * @property {Object} truthpack
+ * @property {Object} stats
+ * @property {number} stats.scanTimeMs
+ * @property {number} stats.filesIndexed
+ * @property {number} stats.routesFound
+ * @property {number} stats.clientRefsFound
+ * @property {number} stats.gapsFound
+ */
+
+module.exports = {};

package/bin/runners/lib/engines/accessibility-engine.js

@@ -0,0 +1,190 @@
+/**
+ * Accessibility Analysis Engine
+ * Detects accessibility issues in React/JSX code
+ */
+
+const { getAST } = require("./ast-cache");
+const traverse = require("@babel/traverse").default;
+const t = require("@babel/types");
+
+/**
+ * Analyze accessibility issues
+ */
+function analyzeAccessibility(code, filePath) {
+  const findings = [];
+  const ast = getAST(code, filePath);
+  if (!ast) return findings;
+
+  const lines = code.split("\n");
+  const isJSX = filePath.endsWith(".jsx") || filePath.endsWith(".tsx");
+
+  if (!isJSX) return findings; // Only analyze JSX files
+
+  traverse(ast, {
+    JSXElement(path) {
+      const node = path.node;
+      const openingElement = node.openingElement;
+      const tagName = openingElement.name.name;
+      
+      // Missing alt text on images
+      if (tagName === "img") {
+        const hasAlt = openingElement.attributes.some(attr => 
+          t.isJSXAttribute(attr) && attr.name.name === "alt"
+        );
+        
+        if (!hasAlt) {
+          const line = openingElement.loc.start.line;
+          findings.push({
+            type: "missing_alt_text",
+            severity: "BLOCK",
+            category: "Accessibility",
+            file: filePath,
+            line,
+            column: openingElement.loc.start.column,
+            title: "Image missing alt text",
+            message: "Images must have alt text for screen readers",
+            codeSnippet: lines[line - 1]?.trim(),
+            confidence: "high",
+          });
+        }
+      }
+      
+      // Interactive elements without accessible labels
+      const interactiveElements = ["button", "a", "input", "select", "textarea"];
+      if (interactiveElements.includes(tagName)) {
+        const hasLabel = openingElement.attributes.some(attr => 
+          t.isJSXAttribute(attr) && 
+          (attr.name.name === "aria-label" || 
+           attr.name.name === "aria-labelledby" ||
+           attr.name.name === "title")
+        );
+        
+        // Check for associated label element
+        const hasAssociatedLabel = path.findParent(p => {
+          if (t.isJSXElement(p.node)) {
+            return p.node.openingElement.name.name === "label";
+          }
+          return false;
+        });
+        
+        if (!hasLabel && !hasAssociatedLabel && tagName !== "a") {
+          const line = openingElement.loc.start.line;
+          findings.push({
+            type: "missing_accessible_label",
+            severity: "WARN",
+            category: "Accessibility",
+            file: filePath,
+            line,
+            column: openingElement.loc.start.column,
+            title: `${tagName} element missing accessible label`,
+            message: `Add aria-label, aria-labelledby, or wrap in <label>`,
+            codeSnippet: lines[line - 1]?.trim(),
+            confidence: "med",
+          });
+        }
+      }
+      
+      // Missing form labels
+      if (tagName === "input" || tagName === "select" || tagName === "textarea") {
+        const inputType = openingElement.attributes.find(attr => 
+          t.isJSXAttribute(attr) && attr.name.name === "type"
+        );
+        const typeValue = inputType && t.isStringLiteral(inputType.value) 
+          ? inputType.value.value 
+          : "text";
+        
+        // Skip hidden inputs
+        if (typeValue === "hidden") return;
+        
+        const hasLabel = openingElement.attributes.some(attr => 
+          t.isJSXAttribute(attr) && 
+          (attr.name.name === "aria-label" || 
+           attr.name.name === "aria-labelledby" ||
+           attr.name.name === "id")
+        );
+        
+        if (!hasLabel) {
+          const line = openingElement.loc.start.line;
+          findings.push({
+            type: "missing_form_label",
+            severity: "WARN",
+            category: "Accessibility",
+            file: filePath,
+            line,
+            column: openingElement.loc.start.column,
+            title: "Form input missing label",
+            message: "Form inputs should have associated labels",
+            codeSnippet: lines[line - 1]?.trim(),
+            confidence: "med",
+          });
+        }
+      }
+      
+      // Missing keyboard handlers on interactive elements
+      if (tagName === "div" || tagName === "span") {
+        const hasOnClick = openingElement.attributes.some(attr => 
+          t.isJSXAttribute(attr) && 
+          (attr.name.name === "onClick" || attr.name.name === "onKeyDown")
+        );
+        
+        const hasRole = openingElement.attributes.some(attr => 
+          t.isJSXAttribute(attr) && attr.name.name === "role"
+        );
+        
+        if (hasOnClick && !hasRole) {
+          const line = openingElement.loc.start.line;
+          findings.push({
+            type: "missing_keyboard_handler",
+            severity: "WARN",
+            category: "Accessibility",
+            file: filePath,
+            line,
+            column: openingElement.loc.start.column,
+            title: "Interactive element missing keyboard support",
+            message: "Elements with onClick should have onKeyDown and proper role",
+            codeSnippet: lines[line - 1]?.trim(),
+            confidence: "med",
+          });
+        }
+      }
+      
+      // Color contrast issues (heuristic: inline styles with low contrast colors)
+      const styleAttr = openingElement.attributes.find(attr => 
+        t.isJSXAttribute(attr) && attr.name.name === "style"
+      );
+      
+      if (styleAttr && t.isJSXExpressionContainer(styleAttr.value)) {
+        const styleExpr = styleAttr.value.expression;
+        if (t.isObjectExpression(styleExpr)) {
+          const colorProp = styleExpr.properties.find(prop => 
+            t.isObjectProperty(prop) && 
+            t.isIdentifier(prop.key) && 
+            prop.key.name === "color"
+          );
+          
+          if (colorProp) {
+            const line = openingElement.loc.start.line;
+            findings.push({
+              type: "potential_contrast_issue",
+              severity: "WARN",
+              category: "Accessibility",
+              file: filePath,
+              line,
+              column: openingElement.loc.start.column,
+              title: "Potential color contrast issue",
+              message: "Inline color styles may not meet WCAG contrast requirements - verify with contrast checker",
+              codeSnippet: lines[line - 1]?.trim(),
+              confidence: "low",
+            });
+          }
+        }
+      }
+    },
+  });
+
+  return findings;
+}
+
+module.exports = {
+  analyzeAccessibility,
+};

package/bin/runners/lib/engines/api-consistency-engine.js

@@ -0,0 +1,162 @@
+/**
+ * API Consistency Engine
+ * Checks API route consistency, response formats, error handling patterns
+ */
+
+const { getAST } = require("./ast-cache");
+const traverse = require("@babel/traverse").default;
+const t = require("@babel/types");
+
+/**
+ * Analyze API consistency issues
+ */
+function analyzeAPIConsistency(code, filePath) {
+  const findings = [];
+  const ast = getAST(code, filePath);
+  if (!ast) return findings;
+
+  const lines = code.split("\n");
+  const isAPIRoute = filePath.includes("/api/") || filePath.includes("/routes/");
+
+  if (!isAPIRoute) return findings;
+
+  const responseFormats = new Set();
+  const errorHandlingPatterns = new Set();
+  let hasErrorHandler = false;
+
+  traverse(ast, {
+    // Check response formats
+    CallExpression(path) {
+      const node = path.node;
+      
+      // Next.js API routes
+      if (t.isMemberExpression(node.callee) && 
+          t.isIdentifier(node.callee.object, { name: "NextResponse" })) {
+        const method = node.callee.property.name;
+        if (["json", "redirect", "next"].includes(method)) {
+          responseFormats.add(`NextResponse.${method}`);
+        }
+      }
+      
+      // Express-style responses
+      if (t.isMemberExpression(node.callee)) {
+        const prop = node.callee.property;
+        if (t.isIdentifier(prop) && 
+            ["json", "send", "status", "redirect"].includes(prop.name)) {
+          responseFormats.add(`res.${prop.name}`);
+        }
+      }
+      
+      // Error handling
+      if (t.isMemberExpression(node.callee) && 
+          t.isIdentifier(node.callee.property, { name: "catch" })) {
+        hasErrorHandler = true;
+        errorHandlingPatterns.add("promise.catch");
+      }
+    },
+    
+    // Try-catch blocks
+    TryStatement(path) {
+      hasErrorHandler = true;
+      errorHandlingPatterns.add("try-catch");
+    },
+    
+    // Check for inconsistent error responses
+    IfStatement(path) {
+      const test = path.node.test;
+      if (t.isBinaryExpression(test) && 
+          (test.operator === "===" || test.operator === "==")) {
+        const left = test.left;
+        const right = test.right;
+        
+        // Check for error status checks
+        if ((t.isMemberExpression(left) && 
+             t.isIdentifier(left.property, { name: "status" })) ||
+            (t.isMemberExpression(left) && 
+             t.isIdentifier(left.property, { name: "ok" }))) {
+          const thenBlock = path.node.consequent;
+          const elseBlock = path.node.alternate;
+          
+          // Check if error response is consistent
+          if (thenBlock && !elseBlock) {
+            const line = path.node.loc.start.line;
+            findings.push({
+              type: "missing_error_response",
+              severity: "WARN",
+              category: "APIConsistency",
+              file: filePath,
+              line,
+              column: path.node.loc.start.column,
+              title: "Missing error response handling",
+              message: "Error condition checked but no error response returned",
+              codeSnippet: lines[line - 1]?.trim(),
+              confidence: "med",
+            });
+          }
+        }
+      }
+    },
+  });
+
+  // Check for inconsistent response formats
+  if (responseFormats.size > 1) {
+    findings.push({
+      type: "inconsistent_response_format",
+      severity: "WARN",
+      category: "APIConsistency",
+      file: filePath,
+      line: 1,
+      column: 0,
+      title: "Inconsistent API response formats",
+      message: `Multiple response formats used: ${Array.from(responseFormats).join(", ")}`,
+      confidence: "low",
+    });
+  }
+
+  // Check for missing error handling
+  if (!hasErrorHandler && isAPIRoute) {
+    findings.push({
+      type: "missing_error_handling",
+      severity: "WARN",
+      category: "APIConsistency",
+      file: filePath,
+      line: 1,
+      column: 0,
+      title: "API route missing error handling",
+      message: "API route should have try-catch or promise error handling",
+      confidence: "med",
+    });
+  }
+
+  // Check for missing status codes
+  let hasStatusCode = false;
+  traverse(ast, {
+    CallExpression(path) {
+      const node = path.node;
+      if (t.isMemberExpression(node.callee) && 
+          t.isIdentifier(node.callee.property, { name: "status" })) {
+        hasStatusCode = true;
+      }
+    },
+  });
+
+  if (!hasStatusCode && responseFormats.size > 0) {
+    findings.push({
+      type: "missing_status_code",
+      severity: "WARN",
+      category: "APIConsistency",
+      file: filePath,
+      line: 1,
+      column: 0,
+      title: "API response missing explicit status code",
+      message: "API responses should explicitly set HTTP status codes",
+      confidence: "med",
+    });
+  }
+
+  return findings;
+}
+
+module.exports = {
+  analyzeAPIConsistency,
+};

package/bin/runners/lib/engines/ast-cache.js

@@ -0,0 +1,99 @@
+/**
+ * AST Cache - Shared AST parsing cache for all engines
+ * Dramatically improves performance by parsing each file only once
+ */
+
+const parser = require("@babel/parser");
+const traverse = require("@babel/traverse").default;
+const t = require("@babel/types");
+
+// Global AST cache: filePath -> { ast, code, timestamp }
+const _AST_CACHE = new Map();
+const _CACHE_MAX_SIZE = 10000; // Prevent memory issues in huge monorepos
+
+/**
+ * Parse code with comprehensive plugin support
+ */
+function parseCode(code, filePath = "") {
+  try {
+    return parser.parse(code, {
+      sourceType: "unambiguous",
+      errorRecovery: true,
+      allowReturnOutsideFunction: true,
+      plugins: [
+        "typescript",
+        "jsx",
+        "dynamicImport",
+        "topLevelAwait",
+        "classProperties",
+        "classPrivateProperties",
+        "decorators-legacy",
+        "exportDefaultFrom",
+        "exportNamespaceFrom",
+        "functionBind",
+        "nullishCoalescingOperator",
+        "optionalChaining",
+        "objectRestSpread",
+      ],
+    });
+  } catch (err) {
+    return null;
+  }
+}
+
+/**
+ * Get AST from cache or parse and cache it
+ */
+function getAST(code, filePath) {
+  // Check cache first
+  if (_AST_CACHE.has(filePath)) {
+    const cached = _AST_CACHE.get(filePath);
+    // Verify code hasn't changed (simple hash check)
+    if (cached.code === code) {
+      return cached.ast;
+    }
+  }
+
+  // Parse and cache
+  const ast = parseCode(code, filePath);
+  if (ast) {
+    // Evict oldest entries if cache is too large
+    if (_AST_CACHE.size >= _CACHE_MAX_SIZE) {
+      const firstKey = _AST_CACHE.keys().next().value;
+      _AST_CACHE.delete(firstKey);
+    }
+    
+    _AST_CACHE.set(filePath, {
+      ast,
+      code,
+      timestamp: Date.now(),
+    });
+  }
+
+  return ast;
+}
+
+/**
+ * Clear AST cache (call after scan completes)
+ */
+function clearASTCache() {
+  _AST_CACHE.clear();
+}
+
+/**
+ * Get cache stats
+ */
+function getCacheStats() {
+  return {
+    size: _AST_CACHE.size,
+    maxSize: _CACHE_MAX_SIZE,
+    hitRate: 0, // Could track this if needed
+  };
+}
+
+module.exports = {
+  getAST,
+  parseCode,
+  clearASTCache,
+  getCacheStats,
+};