vibecheck-ai 2.0.1 → 5.0.0

package/bin/runners/lib/score-history.js

@@ -0,0 +1,282 @@
+/**
+ * Score History Tracking
+ * 
+ * Tracks Vibe Score history over time for trend analysis,
+ * streaks, and gamification.
+ */
+
+const fs = require("fs");
+const path = require("path");
+
+/**
+ * Get history file path for a project
+ */
+function getHistoryPath(projectPath) {
+  return path.join(projectPath, ".vibecheck", "history.json");
+}
+
+/**
+ * Load score history
+ */
+function loadHistory(projectPath) {
+  const historyPath = getHistoryPath(projectPath);
+  
+  try {
+    if (fs.existsSync(historyPath)) {
+      return JSON.parse(fs.readFileSync(historyPath, "utf8"));
+    }
+  } catch {}
+  
+  return {
+    projectId: path.basename(projectPath),
+    checks: [],
+  };
+}
+
+/**
+ * Save score history
+ */
+function saveHistory(projectPath, history) {
+  const historyPath = getHistoryPath(projectPath);
+  const dir = path.dirname(historyPath);
+  
+  try {
+    if (!fs.existsSync(dir)) {
+      fs.mkdirSync(dir, { recursive: true });
+    }
+    fs.writeFileSync(historyPath, JSON.stringify(history, null, 2));
+  } catch (err) {
+    console.warn(`Warning: Could not save history: ${err.message}`);
+  }
+}
+
+/**
+ * Record a new check
+ */
+function recordCheck(projectPath, checkData) {
+  const history = loadHistory(projectPath);
+  
+  const check = {
+    timestamp: new Date().toISOString(),
+    score: checkData.score || 0,
+    verdict: checkData.verdict || "BLOCK",
+    commitSha: checkData.commitSha || null,
+    commitMessage: checkData.commitMessage || null,
+    branch: checkData.branch || null,
+    categoryScores: checkData.categoryScores || {},
+    findingCounts: checkData.findingCounts || {
+      critical: 0,
+      high: 0,
+      medium: 0,
+      low: 0,
+    },
+  };
+  
+  history.checks.unshift(check);
+  
+  // Keep only last 100 checks
+  if (history.checks.length > 100) {
+    history.checks = history.checks.slice(0, 100);
+  }
+  
+  saveHistory(projectPath, history);
+  
+  return check;
+}
+
+/**
+ * Calculate trend from recent checks
+ */
+function calculateTrend(projectPath, limit = 10) {
+  const history = loadHistory(projectPath);
+  const recentChecks = history.checks.slice(0, limit);
+  
+  if (recentChecks.length < 2) {
+    return {
+      direction: "stable",
+      delta: 0,
+      previousScore: null,
+      streak: null,
+      sparkline: [],
+    };
+  }
+  
+  const latest = recentChecks[0].score;
+  const previous = recentChecks[1].score;
+  const delta = latest - previous;
+  
+  // Calculate streak
+  let streak = { count: 1, type: recentChecks[0].verdict };
+  for (let i = 1; i < recentChecks.length; i++) {
+    if (recentChecks[i].verdict === streak.type) {
+      streak.count++;
+    } else {
+      break;
+    }
+  }
+  
+  // Generate sparkline data (last 10 scores)
+  const sparkline = recentChecks.slice(0, 10).map(c => c.score).reverse();
+  
+  return {
+    direction: delta > 0 ? "up" : delta < 0 ? "down" : "stable",
+    delta: Math.abs(delta),
+    previousScore: previous,
+    streak: streak.count >= 3 ? streak : null,
+    sparkline,
+  };
+}
+
+/**
+ * Get milestones achieved
+ */
+function getMilestones(projectPath) {
+  const history = loadHistory(projectPath);
+  const milestones = [];
+  
+  if (history.checks.length === 0) return milestones;
+  
+  const latest = history.checks[0];
+  
+  // First check
+  if (history.checks.length === 1) {
+    milestones.push("First check completed!");
+  }
+  
+  // First 90+ score
+  const first90 = history.checks.find(c => c.score >= 90);
+  if (first90 && first90 === latest) {
+    milestones.push("First 90+ score!");
+  }
+  
+  // Perfect 100
+  if (latest.score === 100) {
+    milestones.push("Perfect 100! 🏆");
+  }
+  
+  // Streak milestones
+  const trend = calculateTrend(projectPath);
+  if (trend.streak) {
+    if (trend.streak.count >= 10 && trend.streak.type === "SHIP") {
+      milestones.push("10 SHIP streak! 🔥🔥🔥");
+    } else if (trend.streak.count >= 5 && trend.streak.type === "SHIP") {
+      milestones.push("5 SHIP streak! 🔥");
+    }
+  }
+  
+  // Improvement milestones
+  if (trend.direction === "up" && trend.delta >= 10) {
+    milestones.push(`+${trend.delta} points improvement!`);
+  }
+  
+  return milestones;
+}
+
+/**
+ * Format history for CLI display
+ */
+function formatHistoryDisplay(projectPath, limit = 10) {
+  const c = {
+    reset: "\x1b[0m",
+    bold: "\x1b[1m",
+    dim: "\x1b[2m",
+    red: "\x1b[31m",
+    green: "\x1b[32m",
+    yellow: "\x1b[33m",
+    cyan: "\x1b[36m",
+  };
+  
+  const history = loadHistory(projectPath);
+  const trend = calculateTrend(projectPath);
+  const milestones = getMilestones(projectPath);
+  
+  if (history.checks.length === 0) {
+    return `${c.dim}No history yet. Run \`vibecheck ship\` to start tracking.${c.reset}`;
+  }
+  
+  let output = `\n${c.bold}📊 Score History${c.reset}\n\n`;
+  
+  // Trend line
+  if (trend.direction !== "stable") {
+    const trendIcon = trend.direction === "up" ? "↑" : "↓";
+    const trendColor = trend.direction === "up" ? c.green : c.red;
+    output += `  ${trendColor}${trendIcon} ${trend.delta} since last check${c.reset}\n`;
+  }
+  
+  // Streak
+  if (trend.streak) {
+    output += `  ${c.yellow}🔥 ${trend.streak.count} consecutive ${trend.streak.type} verdicts${c.reset}\n`;
+  }
+  
+  // Milestones
+  for (const milestone of milestones) {
+    output += `  ${c.cyan}🏆 ${milestone}${c.reset}\n`;
+  }
+  
+  output += `\n  ${c.dim}Recent checks:${c.reset}\n`;
+  
+  // Recent checks
+  const recentChecks = history.checks.slice(0, limit);
+  for (const check of recentChecks) {
+    const date = new Date(check.timestamp);
+    const timeAgo = formatTimeAgo(date);
+    const verdictColor = check.verdict === "SHIP" ? c.green : 
+                         check.verdict === "WARN" ? c.yellow : c.red;
+    const verdictIcon = check.verdict === "SHIP" ? "✅" : 
+                        check.verdict === "WARN" ? "⚠️" : "🚫";
+    
+    output += `  ${c.dim}${timeAgo.padEnd(12)}${c.reset} ${verdictColor}${check.score.toString().padStart(3)}${c.reset} ${verdictIcon} ${verdictColor}${check.verdict}${c.reset}`;
+    if (check.commitSha) {
+      output += ` ${c.dim}${check.commitSha.substring(0, 7)}${c.reset}`;
+    }
+    output += "\n";
+  }
+  
+  // Sparkline
+  if (trend.sparkline.length > 2) {
+    output += `\n  ${c.dim}Trend:${c.reset} ${formatSparkline(trend.sparkline)}\n`;
+  }
+  
+  return output;
+}
+
+/**
+ * Format relative time
+ */
+function formatTimeAgo(date) {
+  const now = new Date();
+  const diffMs = now - date;
+  const diffMins = Math.floor(diffMs / 60000);
+  const diffHours = Math.floor(diffMs / 3600000);
+  const diffDays = Math.floor(diffMs / 86400000);
+  
+  if (diffMins < 1) return "just now";
+  if (diffMins < 60) return `${diffMins}m ago`;
+  if (diffHours < 24) return `${diffHours}h ago`;
+  if (diffDays < 7) return `${diffDays}d ago`;
+  return date.toLocaleDateString();
+}
+
+/**
+ * Format sparkline from scores
+ */
+function formatSparkline(scores) {
+  const chars = ["▁", "▂", "▃", "▄", "▅", "▆", "▇", "█"];
+  const min = Math.min(...scores);
+  const max = Math.max(...scores);
+  const range = max - min || 1;
+  
+  return scores.map(s => {
+    const idx = Math.floor(((s - min) / range) * (chars.length - 1));
+    return chars[idx];
+  }).join("");
+}
+
+module.exports = {
+  loadHistory,
+  saveHistory,
+  recordCheck,
+  calculateTrend,
+  getMilestones,
+  formatHistoryDisplay,
+};

package/bin/runners/lib/security-bridge.js

@@ -0,0 +1,249 @@
+const fs = require("fs");
+const path = require("path");
+
+// Import from the built TypeScript packages
+const {
+  SecretsGuardian,
+  SBOMGenerator,
+  SupplyChainAnalyzer,
+  LicenseChecker,
+} = require("../../../../packages/security/dist/index.js");
+
+function walkDir(dir, fileList = []) {
+  if (!fs.existsSync(dir)) return fileList;
+  const files = fs.readdirSync(dir);
+  for (const file of files) {
+    if (["node_modules", ".git", "dist", "build", ".vibecheck"].includes(file))
+      continue;
+    const filePath = path.join(dir, file);
+    const stat = fs.statSync(filePath);
+    if (stat.isDirectory()) {
+      walkDir(filePath, fileList);
+    } else {
+      fileList.push(filePath);
+    }
+  }
+  return fileList;
+}
+
+async function runSecretsScan(projectPath) {
+  const results = {
+    secrets: [],
+    supplyChain: [],
+    licenses: [],
+    summary: { score: 100, risk: "low" },
+  };
+
+  try {
+    // Use SecretsGuardian from TypeScript package
+    const secretsGuardian = new SecretsGuardian();
+    const secretsResult = await secretsGuardian.scan(projectPath, {
+      includeTestFiles: false,
+      checkEntropy: true,
+      checkRevoked: false, // Skip revoked check for local scans
+    });
+
+    // Transform secrets to match expected format
+    if (secretsResult.detections) {
+      results.secrets = secretsResult.detections.map((detection) => ({
+        severity:
+          detection.confidence > 0.8
+            ? "high"
+            : detection.confidence > 0.6
+              ? "medium"
+              : "low",
+        type: detection.secretType,
+        message: `${detection.secretType} detected`,
+        file: path.relative(projectPath, detection.filePath),
+        location: {
+          line: detection.location.line,
+          column: detection.location.column,
+          snippet: detection.location.snippet,
+        },
+        maskedValue: detection.maskedValue,
+        recommendation: detection.recommendation.remediation,
+      }));
+    }
+
+    // Use SBOMGenerator for supply chain analysis
+    const sbomGenerator = new SBOMGenerator();
+    const sbomResult = await sbomGenerator.generate(projectPath, {
+      format: "cyclonedx",
+      includeDevDependencies: false,
+    });
+
+    // Check for supply chain issues
+    if (sbomResult.dependencies) {
+      const highRiskDeps = sbomResult.dependencies.filter(
+        (dep) => dep.vulnerabilities && dep.vulnerabilities.length > 0,
+      );
+
+      if (highRiskDeps.length > 0) {
+        results.supplyChain = highRiskDeps.map((dep) => ({
+          severity: "high",
+          type: "Vulnerability",
+          message: `Dependency ${dep.name} has ${dep.vulnerabilities.length} vulnerabilities`,
+          file: "package.json",
+          component: dep.name,
+          version: dep.version,
+          vulnerabilities: dep.vulnerabilities,
+        }));
+      }
+    }
+
+    // Check lockfile consistency
+    const hasNpmLock = fs.existsSync(
+      path.join(projectPath, "package-lock.json"),
+    );
+    const hasPnpmLock = fs.existsSync(path.join(projectPath, "pnpm-lock.yaml"));
+    const hasYarnLock = fs.existsSync(path.join(projectPath, "yarn.lock"));
+
+    if (!hasNpmLock && !hasPnpmLock && !hasYarnLock) {
+      results.supplyChain.push({
+        severity: "medium",
+        type: "Supply Chain",
+        message:
+          "No lockfile found. Builds may be non-deterministic and vulnerable to supply chain attacks.",
+        file: "package.json",
+      });
+    }
+
+    // Use LicenseChecker for license compliance
+    const licenseChecker = new LicenseChecker();
+    const licenseResult = await licenseChecker.check(projectPath, {
+      allowLicenses: [
+        "MIT",
+        "Apache-2.0",
+        "BSD-2-Clause",
+        "BSD-3-Clause",
+        "ISC",
+      ],
+      includeDevDependencies: false,
+    });
+
+    if (licenseResult.issues) {
+      results.licenses = licenseResult.issues.map((issue) => ({
+        severity: issue.severity || "medium",
+        type: "License",
+        message: `Package ${issue.package} has disallowed license: ${issue.license}`,
+        file: "package.json",
+        component: issue.package,
+        license: issue.license,
+      }));
+    }
+
+    // Calculate security score
+    const criticalSecrets = results.secrets.filter(
+      (s) => s.severity === "high",
+    ).length;
+    const vulnerabilities = results.supplyChain.filter(
+      (s) => s.type === "Vulnerability",
+    ).length;
+    const licenseIssues = results.licenses.length;
+
+    // Score deduction: Critical secrets -20, Vulnerabilities -15, License issues -10, Other issues -5
+    const deduction =
+      criticalSecrets * 20 + vulnerabilities * 15 + licenseIssues * 10;
+    deduction +=
+      (results.secrets.length - criticalSecrets) * 5 +
+      results.supplyChain.filter((s) => s.type !== "Vulnerability").length * 5;
+
+    results.summary.score = Math.max(0, 100 - deduction);
+    results.summary.risk =
+      results.summary.score < 50
+        ? "high"
+        : results.summary.score < 80
+          ? "medium"
+          : "low";
+  } catch (e) {
+    console.error("Security Bridge Error:", e.message);
+    // Fallback to basic scanning if TypeScript classes fail
+    console.warn("Falling back to basic security scanning...");
+
+    try {
+      const files = walkDir(projectPath);
+
+      // Basic secrets detection
+      const secretPatterns = [
+        {
+          regex: /['"]?API[_-]?KEY['"]?\s*[:=]\s*['"]([a-zA-Z0-9]{20,})['"]/,
+          type: "API Key",
+        },
+        {
+          regex: /['"]?PASSWORD['"]?\s*[:=]\s*['"]([^'"]{8,})['"]/,
+          type: "Password",
+        },
+        {
+          regex: /['"]?SECRET['"]?\s*[:=]\s*['"]([a-zA-Z0-9]{20,})['"]/,
+          type: "Secret",
+        },
+        {
+          regex: /-----BEGIN\s+(RSA\s+)?PRIVATE\s+KEY-----/,
+          type: "Private Key",
+        },
+      ];
+
+      for (const file of files) {
+        if (
+          file.endsWith(".js") ||
+          file.endsWith(".ts") ||
+          file.endsWith(".json") ||
+          file.endsWith(".env")
+        ) {
+          const content = fs.readFileSync(file, "utf8");
+          for (const pattern of secretPatterns) {
+            const matches = content.match(pattern.regex);
+            if (matches) {
+              results.secrets.push({
+                severity: "high",
+                type: pattern.type,
+                message: `${pattern.type} detected`,
+                file: path.relative(projectPath, file),
+                recommendation:
+                  "Move to environment variables or use a secret manager",
+              });
+            }
+          }
+        }
+      }
+
+      // Basic lockfile check
+      const hasNpmLock = fs.existsSync(
+        path.join(projectPath, "package-lock.json"),
+      );
+      const hasPnpmLock = fs.existsSync(
+        path.join(projectPath, "pnpm-lock.yaml"),
+      );
+      const hasYarnLock = fs.existsSync(path.join(projectPath, "yarn.lock"));
+
+      if (!hasNpmLock && !hasPnpmLock && !hasYarnLock) {
+        results.supplyChain.push({
+          severity: "medium",
+          type: "Supply Chain",
+          message:
+            "No lockfile found. Builds may be non-deterministic and vulnerable to supply chain attacks.",
+          file: "package.json",
+        });
+      }
+
+      // Update score
+      const issueCount =
+        results.secrets.length +
+        results.supplyChain.length +
+        results.licenses.length;
+      results.summary.score = Math.max(0, 100 - issueCount * 10);
+      results.summary.risk =
+        results.summary.score < 50
+          ? "high"
+          : results.summary.score < 80
+            ? "medium"
+            : "low";
+    } catch (fallbackError) {
+      console.error("Fallback scanning also failed:", fallbackError.message);
+    }
+  }
+
+  return results;
+}
+
+module.exports = { runSecretsScan };