vibecheck-ai 2.0.1 → 5.0.0

package/bin/runners/lib/agent-firewall/proposal/validator.js

@@ -0,0 +1,386 @@
+/**
+ * Proposal Validator
+ * 
+ * Validates change proposals against the schema and semantic rules.
+ * Rejects incomplete, vague, or unsafe proposals.
+ */
+
+"use strict";
+
+const { PROPOSAL_SCHEMA, DEFAULT_PROPOSAL_VALUES, normalizeIntent } = require("./schema");
+const { classifyFileDomain } = require("../reality/state");
+
+/**
+ * @typedef {Object} ValidationResult
+ * @property {boolean} valid - Whether proposal is valid
+ * @property {Array} errors - Validation errors
+ * @property {Array} warnings - Validation warnings
+ * @property {Object} normalized - Normalized proposal
+ */
+
+/**
+ * Validate proposal structure
+ * @param {Object} proposal - Raw proposal
+ * @returns {ValidationResult} Validation result
+ */
+function validateStructure(proposal) {
+  const errors = [];
+  const warnings = [];
+  
+  // Check required fields
+  if (!proposal) {
+    errors.push({ field: "proposal", message: "Proposal is required" });
+    return { valid: false, errors, warnings };
+  }
+  
+  if (!proposal.intent) {
+    errors.push({ field: "intent", message: "Intent is required" });
+  } else if (typeof proposal.intent !== "string") {
+    errors.push({ field: "intent", message: "Intent must be a string" });
+  } else if (proposal.intent.length < 3) {
+    errors.push({ field: "intent", message: "Intent must be at least 3 characters" });
+  }
+  
+  if (!proposal.operations) {
+    errors.push({ field: "operations", message: "Operations array is required" });
+  } else if (!Array.isArray(proposal.operations)) {
+    errors.push({ field: "operations", message: "Operations must be an array" });
+  } else if (proposal.operations.length === 0) {
+    errors.push({ field: "operations", message: "At least one operation is required" });
+  } else {
+    // Validate each operation
+    for (let i = 0; i < proposal.operations.length; i++) {
+      const op = proposal.operations[i];
+      
+      if (!op.type) {
+        errors.push({ field: `operations[${i}].type`, message: "Operation type is required" });
+      } else if (!["create", "modify", "delete", "rename"].includes(op.type)) {
+        errors.push({ 
+          field: `operations[${i}].type`, 
+          message: `Invalid operation type: ${op.type}. Must be create, modify, delete, or rename` 
+        });
+      }
+      
+      if (!op.path) {
+        errors.push({ field: `operations[${i}].path`, message: "Operation path is required" });
+      }
+      
+      // Content required for create/modify
+      if ((op.type === "create" || op.type === "modify") && !op.content && op.content !== "") {
+        warnings.push({ 
+          field: `operations[${i}].content`, 
+          message: "Content is recommended for create/modify operations" 
+        });
+      }
+      
+      // newPath required for rename
+      if (op.type === "rename" && !op.newPath) {
+        errors.push({ field: `operations[${i}].newPath`, message: "newPath is required for rename operations" });
+      }
+    }
+  }
+  
+  // Validate optional fields
+  if (proposal.confidence !== undefined) {
+    if (typeof proposal.confidence !== "number") {
+      errors.push({ field: "confidence", message: "Confidence must be a number" });
+    } else if (proposal.confidence < 0 || proposal.confidence > 1) {
+      errors.push({ field: "confidence", message: "Confidence must be between 0 and 1" });
+    }
+  }
+  
+  if (proposal.assumptions && !Array.isArray(proposal.assumptions)) {
+    errors.push({ field: "assumptions", message: "Assumptions must be an array" });
+  }
+  
+  if (proposal.filesTouched && !Array.isArray(proposal.filesTouched)) {
+    errors.push({ field: "filesTouched", message: "filesTouched must be an array" });
+  }
+  
+  return {
+    valid: errors.length === 0,
+    errors,
+    warnings,
+  };
+}
+
+/**
+ * Validate proposal semantics
+ * @param {Object} proposal - Proposal to validate
+ * @returns {ValidationResult} Validation result
+ */
+function validateSemantics(proposal) {
+  const errors = [];
+  const warnings = [];
+  
+  // Check for vague intent
+  const vagueIntents = ["fix", "update", "change", "modify", "improve", "refactor"];
+  const intentWords = proposal.intent.toLowerCase().split("_");
+  if (intentWords.length === 1 && vagueIntents.includes(intentWords[0])) {
+    warnings.push({
+      field: "intent",
+      message: `Intent '${proposal.intent}' is too vague. Be more specific about what is being changed.`,
+    });
+  }
+  
+  // Check for missing summary on complex changes
+  if (proposal.operations.length > 2 && !proposal.summary) {
+    warnings.push({
+      field: "summary",
+      message: "Summary is recommended for changes touching multiple files",
+    });
+  }
+  
+  // Check for missing assumptions when touching sensitive domains
+  const sensitiveDomains = ["auth", "payments", "database", "security"];
+  const touchedDomains = new Set();
+  
+  for (const op of proposal.operations) {
+    const domain = classifyFileDomain(op.path);
+    touchedDomains.add(domain);
+  }
+  
+  const sensitiveDomainsAffected = [...touchedDomains].filter(d => sensitiveDomains.includes(d));
+  
+  if (sensitiveDomainsAffected.length > 0 && (!proposal.assumptions || proposal.assumptions.length === 0)) {
+    warnings.push({
+      field: "assumptions",
+      message: `Change affects sensitive domains (${sensitiveDomainsAffected.join(", ")}). Assumptions should be declared.`,
+    });
+  }
+  
+  // Check for low confidence without explanation
+  if (proposal.confidence !== undefined && proposal.confidence < 0.5 && !proposal.summary) {
+    warnings.push({
+      field: "confidence",
+      message: "Low confidence proposals should include a summary explaining uncertainties",
+    });
+  }
+  
+  // Check filesTouched matches operations
+  if (proposal.filesTouched && proposal.operations) {
+    const operationPaths = new Set(proposal.operations.map(op => op.path));
+    const declaredPaths = new Set(proposal.filesTouched);
+    
+    for (const path of operationPaths) {
+      if (!declaredPaths.has(path)) {
+        warnings.push({
+          field: "filesTouched",
+          message: `Operation path '${path}' not listed in filesTouched`,
+        });
+      }
+    }
+  }
+  
+  // Check assumptions have required fields
+  if (proposal.assumptions) {
+    for (let i = 0; i < proposal.assumptions.length; i++) {
+      const assumption = proposal.assumptions[i];
+      
+      if (!assumption.type) {
+        errors.push({
+          field: `assumptions[${i}].type`,
+          message: "Assumption type is required",
+        });
+      }
+      
+      if (!assumption.key && !assumption.path && !assumption.value) {
+        errors.push({
+          field: `assumptions[${i}]`,
+          message: "Assumption must have key, path, or value",
+        });
+      }
+      
+      if (!assumption.reason) {
+        warnings.push({
+          field: `assumptions[${i}].reason`,
+          message: "Assumption should explain why it's needed",
+        });
+      }
+    }
+  }
+  
+  return {
+    valid: errors.length === 0,
+    errors,
+    warnings,
+  };
+}
+
+/**
+ * Validate proposal completeness
+ * @param {Object} proposal - Proposal to validate
+ * @param {Object} options - Validation options
+ * @returns {ValidationResult} Validation result
+ */
+function validateCompleteness(proposal, options = {}) {
+  const { strict = false } = options;
+  const errors = [];
+  const warnings = [];
+  
+  // In strict mode, require more fields
+  if (strict) {
+    if (!proposal.summary) {
+      errors.push({ field: "summary", message: "Summary is required in strict mode" });
+    }
+    
+    if (!proposal.assumptions || proposal.assumptions.length === 0) {
+      errors.push({ field: "assumptions", message: "At least one assumption is required in strict mode" });
+    }
+    
+    if (proposal.confidence === undefined) {
+      errors.push({ field: "confidence", message: "Confidence is required in strict mode" });
+    }
+    
+    if (!proposal.riskAcknowledgment) {
+      errors.push({ field: "riskAcknowledgment", message: "Risk acknowledgment is required in strict mode" });
+    }
+  }
+  
+  // Check for empty content in operations
+  for (let i = 0; i < proposal.operations.length; i++) {
+    const op = proposal.operations[i];
+    if (op.type === "create" && (!op.content || op.content.trim() === "")) {
+      warnings.push({
+        field: `operations[${i}].content`,
+        message: "Creating empty file - is this intentional?",
+      });
+    }
+  }
+  
+  // Check for reasonable number of operations
+  if (proposal.operations.length > 20) {
+    warnings.push({
+      field: "operations",
+      message: `Large number of operations (${proposal.operations.length}). Consider breaking into smaller proposals.`,
+    });
+  }
+  
+  return {
+    valid: errors.length === 0,
+    errors,
+    warnings,
+  };
+}
+
+/**
+ * Normalize proposal (fill defaults, clean data)
+ * @param {Object} proposal - Raw proposal
+ * @returns {Object} Normalized proposal
+ */
+function normalizeProposal(proposal) {
+  const normalized = {
+    ...DEFAULT_PROPOSAL_VALUES,
+    ...proposal,
+    intent: normalizeIntent(proposal.intent || "unknown"),
+    filesTouched: proposal.filesTouched || proposal.operations?.map(op => op.path) || [],
+    metadata: {
+      ...DEFAULT_PROPOSAL_VALUES.metadata,
+      ...proposal.metadata,
+      timestamp: proposal.metadata?.timestamp || new Date().toISOString(),
+    },
+  };
+  
+  // Normalize operations
+  normalized.operations = (proposal.operations || []).map(op => ({
+    ...op,
+    path: op.path?.replace(/\\/g, "/"),
+    newPath: op.newPath?.replace(/\\/g, "/"),
+  }));
+  
+  // Auto-detect risk acknowledgment from file paths
+  for (const op of normalized.operations) {
+    const domain = classifyFileDomain(op.path);
+    if (domain === "auth") normalized.riskAcknowledgment.touchesAuth = true;
+    if (domain === "payments") normalized.riskAcknowledgment.touchesPayments = true;
+    if (domain === "database") normalized.riskAcknowledgment.touchesDatabase = true;
+    if (domain === "core") normalized.riskAcknowledgment.touchesCore = true;
+  }
+  
+  // Check for side effects
+  const hasSideEffects = normalized.operations.some(op => {
+    if (!op.content) return false;
+    return (
+      op.content.includes("fetch(") ||
+      op.content.includes("axios") ||
+      op.content.includes("fs.write") ||
+      op.content.includes("prisma.") ||
+      op.content.includes("exec(")
+    );
+  });
+  normalized.riskAcknowledgment.hasSideEffects = hasSideEffects;
+  
+  // Check for irreversibility
+  const isIrreversible = normalized.operations.some(op => 
+    op.type === "delete" || op.path.includes("migration")
+  );
+  normalized.riskAcknowledgment.isIrreversible = isIrreversible;
+  
+  return normalized;
+}
+
+/**
+ * Full proposal validation
+ * @param {Object} proposal - Proposal to validate
+ * @param {Object} options - Validation options
+ * @returns {ValidationResult} Full validation result
+ */
+function validate(proposal, options = {}) {
+  // Structural validation
+  const structureResult = validateStructure(proposal);
+  if (!structureResult.valid) {
+    return {
+      valid: false,
+      errors: structureResult.errors,
+      warnings: structureResult.warnings,
+      normalized: null,
+    };
+  }
+  
+  // Normalize
+  const normalized = normalizeProposal(proposal);
+  
+  // Semantic validation
+  const semanticResult = validateSemantics(normalized);
+  
+  // Completeness validation
+  const completenessResult = validateCompleteness(normalized, options);
+  
+  // Combine results
+  const allErrors = [
+    ...structureResult.errors,
+    ...semanticResult.errors,
+    ...completenessResult.errors,
+  ];
+  
+  const allWarnings = [
+    ...structureResult.warnings,
+    ...semanticResult.warnings,
+    ...completenessResult.warnings,
+  ];
+  
+  return {
+    valid: allErrors.length === 0,
+    errors: allErrors,
+    warnings: allWarnings,
+    normalized,
+  };
+}
+
+/**
+ * Quick validation (structure only)
+ * @param {Object} proposal - Proposal to validate
+ * @returns {boolean} Is valid
+ */
+function isValid(proposal) {
+  return validateStructure(proposal).valid;
+}
+
+module.exports = {
+  validate,
+  validateStructure,
+  validateSemantics,
+  validateCompleteness,
+  normalizeProposal,
+  isValid,
+};

package/bin/runners/lib/agent-firewall/reality/index.js

@@ -0,0 +1,332 @@
+/**
+ * Reality Engine
+ * 
+ * Entry point for the Reality State Engine.
+ * Provides a unified API for accessing and monitoring repository reality.
+ * 
+ * Usage:
+ *   const { reality } = require('./reality');
+ *   
+ *   // Get current state
+ *   const state = reality.getState(projectRoot);
+ *   
+ *   // Check if something exists
+ *   reality.routeExists(state, 'GET', '/api/users');
+ *   reality.envVarExists(state, 'JWT_SECRET');
+ *   
+ *   // Watch for changes
+ *   const watcher = reality.watch(projectRoot);
+ *   watcher.on('change', ({ state, changes }) => { ... });
+ */
+
+"use strict";
+
+const {
+  buildRealityState,
+  getRealityState,
+  invalidateCache,
+  routeExists,
+  envVarExists,
+  fileExists,
+  getFilesByDomain,
+  getStateSummary,
+  classifyFileDomain,
+  hashFile,
+} = require("./state");
+
+const { RealityWatcher, createWatcher } = require("./watcher");
+
+/**
+ * Reality Engine singleton
+ */
+const reality = {
+  /**
+   * Get the current reality state for a project
+   * @param {string} projectRoot - Project root directory
+   * @param {Object} options - Options
+   * @returns {RealityState} The reality state
+   */
+  getState(projectRoot, options = {}) {
+    return getRealityState(projectRoot, options);
+  },
+  
+  /**
+   * Build a fresh reality state (bypasses cache)
+   * @param {string} projectRoot - Project root directory
+   * @param {Object} options - Options
+   * @returns {RealityState} The reality state
+   */
+  build(projectRoot, options = {}) {
+    return buildRealityState(projectRoot, { ...options, forceRefresh: true });
+  },
+  
+  /**
+   * Invalidate the cached reality state
+   */
+  invalidate() {
+    invalidateCache();
+  },
+  
+  /**
+   * Create a watcher for reality state changes
+   * @param {string} projectRoot - Project root directory
+   * @param {Object} options - Watcher options
+   * @returns {RealityWatcher} The watcher instance
+   */
+  watch(projectRoot, options = {}) {
+    const watcher = createWatcher(projectRoot, options);
+    return watcher;
+  },
+  
+  /**
+   * Check if a route exists in the reality state
+   * @param {RealityState} state - Reality state
+   * @param {string} method - HTTP method
+   * @param {string} path - Route path
+   * @returns {boolean} True if route exists
+   */
+  routeExists(state, method, path) {
+    return routeExists(state, method, path);
+  },
+  
+  /**
+   * Check if an environment variable exists (is declared)
+   * @param {RealityState} state - Reality state
+   * @param {string} varName - Variable name
+   * @returns {boolean} True if env var is declared
+   */
+  envVarExists(state, varName) {
+    return envVarExists(state, varName);
+  },
+  
+  /**
+   * Check if a file exists in the reality state
+   * @param {RealityState} state - Reality state
+   * @param {string} filePath - File path (relative to project root)
+   * @returns {boolean} True if file exists
+   */
+  fileExists(state, filePath) {
+    return fileExists(state, filePath);
+  },
+  
+  /**
+   * Get all files in a specific domain
+   * @param {RealityState} state - Reality state
+   * @param {string} domain - Domain name (auth, payments, routes, etc.)
+   * @returns {Array} Array of file objects
+   */
+  getFilesByDomain(state, domain) {
+    return getFilesByDomain(state, domain);
+  },
+  
+  /**
+   * Get a summary of the reality state
+   * @param {RealityState} state - Reality state
+   * @returns {Object} Summary object
+   */
+  getSummary(state) {
+    return getStateSummary(state);
+  },
+  
+  /**
+   * Classify a file path into a domain
+   * @param {string} filePath - File path
+   * @returns {string} Domain name
+   */
+  classifyDomain(filePath) {
+    return classifyFileDomain(filePath);
+  },
+  
+  /**
+   * Calculate a file's content hash
+   * @param {string} filePath - Absolute file path
+   * @returns {string|null} Hash or null if file can't be read
+   */
+  hashFile(filePath) {
+    return hashFile(filePath);
+  },
+  
+  /**
+   * Validate assumptions against reality
+   * @param {RealityState} state - Reality state
+   * @param {Array} assumptions - Array of assumptions to validate
+   * @returns {Object} Validation results
+   */
+  validateAssumptions(state, assumptions) {
+    const results = {
+      valid: [],
+      invalid: [],
+      unknown: [],
+    };
+    
+    for (const assumption of assumptions) {
+      const result = {
+        assumption,
+        status: "unknown",
+        evidence: null,
+      };
+      
+      switch (assumption.type) {
+        case "env":
+          if (envVarExists(state, assumption.key)) {
+            result.status = "valid";
+            result.evidence = state.envVars.get(assumption.key);
+          } else {
+            result.status = "invalid";
+            result.evidence = `Environment variable '${assumption.key}' is not declared`;
+          }
+          break;
+          
+        case "route":
+          if (routeExists(state, assumption.method || "GET", assumption.path)) {
+            result.status = "valid";
+            const route = state.routes.find(r => 
+              r.path === assumption.path || 
+              r.method.toUpperCase() === (assumption.method || "GET").toUpperCase()
+            );
+            result.evidence = route;
+          } else {
+            result.status = "invalid";
+            result.evidence = `Route '${assumption.method || "GET"} ${assumption.path}' is not registered`;
+          }
+          break;
+          
+        case "file":
+          if (fileExists(state, assumption.path)) {
+            result.status = "valid";
+            result.evidence = state.files.get(assumption.path.replace(/\\/g, "/"));
+          } else {
+            result.status = "invalid";
+            result.evidence = `File '${assumption.path}' does not exist`;
+          }
+          break;
+          
+        case "service":
+          const service = state.services.find(s => 
+            s.name === assumption.name || s.name === assumption.key
+          );
+          if (service) {
+            result.status = "valid";
+            result.evidence = service;
+          } else {
+            result.status = "invalid";
+            result.evidence = `Service '${assumption.name || assumption.key}' is not registered`;
+          }
+          break;
+          
+        default:
+          result.status = "unknown";
+          result.evidence = `Unknown assumption type: ${assumption.type}`;
+      }
+      
+      if (result.status === "valid") {
+        results.valid.push(result);
+      } else if (result.status === "invalid") {
+        results.invalid.push(result);
+      } else {
+        results.unknown.push(result);
+      }
+    }
+    
+    return results;
+  },
+  
+  /**
+   * Get reality diff between two states
+   * @param {RealityState} oldState - Previous state
+   * @param {RealityState} newState - Current state
+   * @returns {Object} Diff object
+   */
+  diff(oldState, newState) {
+    const diff = {
+      files: {
+        added: [],
+        removed: [],
+        modified: [],
+      },
+      routes: {
+        added: [],
+        removed: [],
+      },
+      envVars: {
+        added: [],
+        removed: [],
+      },
+    };
+    
+    // File diff
+    const oldFiles = new Set(oldState.files.keys());
+    const newFiles = new Set(newState.files.keys());
+    
+    for (const file of newFiles) {
+      if (!oldFiles.has(file)) {
+        diff.files.added.push(file);
+      } else {
+        const oldMeta = oldState.files.get(file);
+        const newMeta = newState.files.get(file);
+        if (oldMeta.hash !== newMeta.hash) {
+          diff.files.modified.push(file);
+        }
+      }
+    }
+    
+    for (const file of oldFiles) {
+      if (!newFiles.has(file)) {
+        diff.files.removed.push(file);
+      }
+    }
+    
+    // Route diff
+    const oldRoutes = new Set(oldState.routes.map(r => `${r.method}:${r.path}`));
+    const newRoutes = new Set(newState.routes.map(r => `${r.method}:${r.path}`));
+    
+    for (const route of newState.routes) {
+      const key = `${route.method}:${route.path}`;
+      if (!oldRoutes.has(key)) {
+        diff.routes.added.push(route);
+      }
+    }
+    
+    for (const route of oldState.routes) {
+      const key = `${route.method}:${route.path}`;
+      if (!newRoutes.has(key)) {
+        diff.routes.removed.push(route);
+      }
+    }
+    
+    // Env var diff
+    const oldEnvVars = new Set(oldState.envVars.keys());
+    const newEnvVars = new Set(newState.envVars.keys());
+    
+    for (const varName of newEnvVars) {
+      if (!oldEnvVars.has(varName)) {
+        diff.envVars.added.push(varName);
+      }
+    }
+    
+    for (const varName of oldEnvVars) {
+      if (!newEnvVars.has(varName)) {
+        diff.envVars.removed.push(varName);
+      }
+    }
+    
+    return diff;
+  },
+};
+
+module.exports = {
+  reality,
+  RealityWatcher,
+  createWatcher,
+  // Re-export individual functions for direct access
+  buildRealityState,
+  getRealityState,
+  invalidateCache,
+  routeExists,
+  envVarExists,
+  fileExists,
+  getFilesByDomain,
+  getStateSummary,
+  classifyFileDomain,
+  hashFile,
+};