vibecheck-ai 2.0.1 → 5.0.0

package/bin/runners/lib/agent-firewall/reality/state.js

@@ -0,0 +1,625 @@
+/**
+ * Reality State Engine
+ * 
+ * Maintains a unified, authoritative model of the repository.
+ * Consolidates data from project-map, route-integrity, and context systems.
+ * 
+ * This is the single source of truth for the Firewall Agent.
+ */
+
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const crypto = require("crypto");
+
+/**
+ * @typedef {Object} FileMeta
+ * @property {string} hash - Content hash (SHA-256)
+ * @property {Date} modified - Last modified timestamp
+ * @property {number} size - File size in bytes
+ * @property {string} domain - Classified domain (auth, payments, routes, etc.)
+ */
+
+/**
+ * @typedef {Object} Route
+ * @property {string} method - HTTP method
+ * @property {string} path - Route path
+ * @property {string} file - Source file
+ * @property {number} line - Line number
+ * @property {string[]} middleware - Applied middleware
+ * @property {boolean} authenticated - Requires authentication
+ */
+
+/**
+ * @typedef {Object} Service
+ * @property {string} name - Service name
+ * @property {string} file - Source file
+ * @property {string[]} dependencies - Service dependencies
+ * @property {string} type - Service type (database, cache, api, etc.)
+ */
+
+/**
+ * @typedef {Object} EnvVar
+ * @property {string} name - Variable name
+ * @property {string} source - Where defined (.env file or usage)
+ * @property {boolean} declared - Is declared in .env files
+ * @property {boolean} used - Is used in code
+ * @property {string[]} usedIn - Files where used
+ */
+
+/**
+ * @typedef {Object} Import
+ * @property {string} from - Source file
+ * @property {string} to - Import target
+ * @property {string} type - Import type (internal, external)
+ */
+
+/**
+ * @typedef {Object} RealityState
+ * @property {Map<string, FileMeta>} files - File metadata map
+ * @property {Route[]} routes - All registered routes
+ * @property {Service[]} services - All detected services
+ * @property {Map<string, EnvVar>} envVars - Environment variables
+ * @property {Import[]} imports - Import graph edges
+ * @property {Object} buildDAG - Build dependency graph
+ * @property {Date} lastUpdated - Last snapshot timestamp
+ * @property {string} snapshotHash - Hash of entire state
+ */
+
+// Cache for reality state
+let cachedState = null;
+let cacheHash = null;
+
+/**
+ * Calculate file hash
+ */
+function hashFile(filePath) {
+  try {
+    const content = fs.readFileSync(filePath);
+    return crypto.createHash("sha256").update(content).digest("hex").slice(0, 16);
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Calculate state hash for cache invalidation
+ */
+function calculateStateHash(projectRoot) {
+  const guardrailPath = path.join(projectRoot, ".guardrail");
+  const vibecheckPath = path.join(projectRoot, ".vibecheck");
+  
+  let combined = "";
+  
+  // Include key data file hashes
+  const dataFiles = [
+    path.join(guardrailPath, "project-map.json"),
+    path.join(guardrailPath, "route-integrity.json"),
+    path.join(guardrailPath, "api-contracts.json"),
+    path.join(guardrailPath, "context-snapshot.json"),
+    path.join(vibecheckPath, "truth", "truthpack.json"),
+  ];
+  
+  for (const file of dataFiles) {
+    if (fs.existsSync(file)) {
+      const stat = fs.statSync(file);
+      combined += `${file}:${stat.mtimeMs};`;
+    }
+  }
+  
+  return crypto.createHash("md5").update(combined).digest("hex");
+}
+
+/**
+ * Classify file domain based on path and content
+ */
+function classifyFileDomain(filePath) {
+  const s = filePath.toLowerCase();
+  
+  if (s.includes("auth") || s.includes("login") || s.includes("session")) return "auth";
+  if (s.includes("stripe") || s.includes("payment") || s.includes("billing")) return "payments";
+  if (s.includes("routes") || s.includes("router") || s.includes("/api/")) return "routes";
+  if (s.includes("schema") || s.includes("contract") || s.includes("openapi")) return "contracts";
+  if (s.includes("middleware")) return "middleware";
+  if (s.includes("prisma") || s.includes("database") || s.includes("/db/")) return "database";
+  if (s.includes("test") || s.includes("spec")) return "test";
+  if (s.includes("config") || s.includes(".env")) return "config";
+  if (s.includes("/core/") || s.includes("/lib/")) return "core";
+  if (s.includes("components") || s.includes("pages") || s.includes("views")) return "ui";
+  
+  return "general";
+}
+
+/**
+ * Load project map data
+ */
+function loadProjectMap(projectRoot) {
+  const mapPath = path.join(projectRoot, ".guardrail", "project-map.json");
+  if (fs.existsSync(mapPath)) {
+    try {
+      return JSON.parse(fs.readFileSync(mapPath, "utf-8"));
+    } catch {
+      return null;
+    }
+  }
+  return null;
+}
+
+/**
+ * Load route integrity data
+ */
+function loadRouteIntegrity(projectRoot) {
+  const routePath = path.join(projectRoot, ".guardrail", "route-integrity.json");
+  if (fs.existsSync(routePath)) {
+    try {
+      return JSON.parse(fs.readFileSync(routePath, "utf-8"));
+    } catch {
+      return null;
+    }
+  }
+  return null;
+}
+
+/**
+ * Load API contracts data
+ */
+function loadApiContracts(projectRoot) {
+  const contractsPath = path.join(projectRoot, ".guardrail", "api-contracts.json");
+  if (fs.existsSync(contractsPath)) {
+    try {
+      return JSON.parse(fs.readFileSync(contractsPath, "utf-8"));
+    } catch {
+      return null;
+    }
+  }
+  return null;
+}
+
+/**
+ * Load truthpack data
+ */
+function loadTruthpack(projectRoot) {
+  const truthPath = path.join(projectRoot, ".vibecheck", "truth", "truthpack.json");
+  if (fs.existsSync(truthPath)) {
+    try {
+      return JSON.parse(fs.readFileSync(truthPath, "utf-8"));
+    } catch {
+      return null;
+    }
+  }
+  return null;
+}
+
+/**
+ * Extract routes from various data sources
+ */
+function extractRoutes(projectMap, routeIntegrity, apiContracts, truthpack) {
+  const routes = [];
+  const seen = new Set();
+  
+  // From API contracts
+  if (apiContracts?.routes) {
+    for (const route of apiContracts.routes) {
+      const key = `${route.method || "GET"}:${route.path}`;
+      if (!seen.has(key)) {
+        seen.add(key);
+        routes.push({
+          method: route.method || "GET",
+          path: route.path,
+          file: route.file || "unknown",
+          line: route.line || 0,
+          middleware: route.middleware || [],
+          authenticated: route.authenticated || false,
+        });
+      }
+    }
+  }
+  
+  // From route integrity
+  if (routeIntegrity?.routes) {
+    for (const route of routeIntegrity.routes) {
+      const key = `${route.method || "GET"}:${route.path}`;
+      if (!seen.has(key)) {
+        seen.add(key);
+        routes.push({
+          method: route.method || "GET",
+          path: route.path,
+          file: route.file || "unknown",
+          line: route.line || 0,
+          middleware: route.middleware || [],
+          authenticated: route.requiresAuth || false,
+        });
+      }
+    }
+  }
+  
+  // From truthpack
+  if (truthpack?.routes) {
+    for (const route of truthpack.routes) {
+      const key = `${route.method || "GET"}:${route.path}`;
+      if (!seen.has(key)) {
+        seen.add(key);
+        routes.push({
+          method: route.method || "GET",
+          path: route.path,
+          file: route.file || route.pointer?.file || "unknown",
+          line: route.line || route.pointer?.line || 0,
+          middleware: route.middleware || [],
+          authenticated: route.authenticated || false,
+        });
+      }
+    }
+  }
+  
+  // From project map API routes
+  if (projectMap?.apiRoutes) {
+    for (const routePath of projectMap.apiRoutes) {
+      const key = `GET:${routePath}`;
+      if (!seen.has(key)) {
+        seen.add(key);
+        routes.push({
+          method: "GET",
+          path: routePath,
+          file: "unknown",
+          line: 0,
+          middleware: [],
+          authenticated: false,
+        });
+      }
+    }
+  }
+  
+  return routes;
+}
+
+/**
+ * Extract environment variables from various data sources
+ */
+function extractEnvVars(projectRoot, projectMap, truthpack) {
+  const envVars = new Map();
+  
+  // From project map
+  if (projectMap?.envVars?.variables) {
+    for (const varName of projectMap.envVars.variables) {
+      envVars.set(varName, {
+        name: varName,
+        source: "project-map",
+        declared: true,
+        used: true,
+        usedIn: [],
+      });
+    }
+  }
+  
+  // From truthpack
+  if (truthpack?.env) {
+    for (const env of truthpack.env) {
+      const name = env.name || env.key;
+      if (name) {
+        const existing = envVars.get(name) || {
+          name,
+          source: "truthpack",
+          declared: false,
+          used: false,
+          usedIn: [],
+        };
+        existing.declared = env.declared !== false;
+        existing.used = env.used !== false;
+        if (env.file) {
+          existing.usedIn.push(env.file);
+        }
+        envVars.set(name, existing);
+      }
+    }
+  }
+  
+  // Scan .env files directly
+  const envFileNames = [".env", ".env.local", ".env.example", ".env.development", ".env.production"];
+  for (const envFile of envFileNames) {
+    const envPath = path.join(projectRoot, envFile);
+    if (fs.existsSync(envPath)) {
+      try {
+        const content = fs.readFileSync(envPath, "utf-8");
+        const matches = content.match(/^([A-Z][A-Z0-9_]+)=/gm) || [];
+        for (const m of matches) {
+          const name = m.replace("=", "");
+          const existing = envVars.get(name) || {
+            name,
+            source: envFile,
+            declared: true,
+            used: false,
+            usedIn: [],
+          };
+          existing.declared = true;
+          existing.source = envFile;
+          envVars.set(name, existing);
+        }
+      } catch {
+        // Ignore read errors
+      }
+    }
+  }
+  
+  return envVars;
+}
+
+/**
+ * Extract services from project data
+ */
+function extractServices(projectMap, truthpack) {
+  const services = [];
+  const seen = new Set();
+  
+  // From truthpack services
+  if (truthpack?.services) {
+    for (const service of truthpack.services) {
+      if (!seen.has(service.name)) {
+        seen.add(service.name);
+        services.push({
+          name: service.name,
+          file: service.file || "unknown",
+          dependencies: service.dependencies || [],
+          type: service.type || "unknown",
+        });
+      }
+    }
+  }
+  
+  // Infer services from project structure
+  if (projectMap?.directories) {
+    const serviceDirs = projectMap.directories.filter(d => 
+      d.includes("service") || d.includes("providers")
+    );
+    for (const dir of serviceDirs) {
+      const name = path.basename(dir);
+      if (!seen.has(name)) {
+        seen.add(name);
+        services.push({
+          name,
+          file: dir,
+          dependencies: [],
+          type: "inferred",
+        });
+      }
+    }
+  }
+  
+  return services;
+}
+
+/**
+ * Build import graph from dependency data
+ */
+function buildImportGraph(projectRoot) {
+  const imports = [];
+  
+  // Try to load dependency graph if it exists
+  const graphPath = path.join(projectRoot, ".guardrail", "dependency-graph.json");
+  if (fs.existsSync(graphPath)) {
+    try {
+      const graph = JSON.parse(fs.readFileSync(graphPath, "utf-8"));
+      if (graph.edges) {
+        imports.push(...graph.edges);
+      }
+    } catch {
+      // Ignore parse errors
+    }
+  }
+  
+  return imports;
+}
+
+/**
+ * Scan source files for file metadata
+ */
+function scanSourceFiles(projectRoot, maxFiles = 500) {
+  const files = new Map();
+  const extensions = [".ts", ".tsx", ".js", ".jsx", ".json"];
+  const ignoreDirs = ["node_modules", ".git", "dist", "build", ".next", "coverage"];
+  
+  function scan(dir, depth = 0) {
+    if (depth > 6 || files.size >= maxFiles) return;
+    
+    try {
+      const entries = fs.readdirSync(dir, { withFileTypes: true });
+      for (const entry of entries) {
+        if (files.size >= maxFiles) break;
+        
+        const fullPath = path.join(dir, entry.name);
+        const relativePath = path.relative(projectRoot, fullPath).replace(/\\/g, "/");
+        
+        if (entry.isDirectory()) {
+          if (!entry.name.startsWith(".") && !ignoreDirs.includes(entry.name)) {
+            scan(fullPath, depth + 1);
+          }
+        } else if (entry.isFile()) {
+          const ext = path.extname(entry.name);
+          if (extensions.includes(ext)) {
+            try {
+              const stat = fs.statSync(fullPath);
+              files.set(relativePath, {
+                hash: hashFile(fullPath),
+                modified: stat.mtime,
+                size: stat.size,
+                domain: classifyFileDomain(relativePath),
+              });
+            } catch {
+              // Skip files we can't stat
+            }
+          }
+        }
+      }
+    } catch {
+      // Skip directories we can't read
+    }
+  }
+  
+  scan(projectRoot);
+  return files;
+}
+
+/**
+ * Build the complete reality state
+ * @param {string} projectRoot - Project root directory
+ * @param {Object} options - Options
+ * @param {boolean} options.forceRefresh - Force cache refresh
+ * @param {boolean} options.scanFiles - Scan source files for metadata
+ * @returns {RealityState} The reality state
+ */
+function buildRealityState(projectRoot, options = {}) {
+  const { forceRefresh = false, scanFiles = true } = options;
+  
+  // Check cache
+  const currentHash = calculateStateHash(projectRoot);
+  if (!forceRefresh && cachedState && cacheHash === currentHash) {
+    return cachedState;
+  }
+  
+  // Load all data sources
+  const projectMap = loadProjectMap(projectRoot);
+  const routeIntegrity = loadRouteIntegrity(projectRoot);
+  const apiContracts = loadApiContracts(projectRoot);
+  const truthpack = loadTruthpack(projectRoot);
+  
+  // Build unified state
+  const state = {
+    files: scanFiles ? scanSourceFiles(projectRoot) : new Map(),
+    routes: extractRoutes(projectMap, routeIntegrity, apiContracts, truthpack),
+    services: extractServices(projectMap, truthpack),
+    envVars: extractEnvVars(projectRoot, projectMap, truthpack),
+    imports: buildImportGraph(projectRoot),
+    buildDAG: {
+      nodes: projectMap?.directories || [],
+      dependencies: projectMap?.dependencies || {},
+    },
+    lastUpdated: new Date(),
+    snapshotHash: currentHash,
+    
+    // Metadata
+    meta: {
+      framework: projectMap?.framework || "unknown",
+      language: projectMap?.language || "unknown",
+      hasTypescript: projectMap?.hasTypescript || false,
+      hasPrisma: projectMap?.hasPrisma || false,
+      monorepo: projectMap?.monorepo || null,
+    },
+  };
+  
+  // Update cache
+  cachedState = state;
+  cacheHash = currentHash;
+  
+  return state;
+}
+
+/**
+ * Get reality state (cached if possible)
+ */
+function getRealityState(projectRoot, options = {}) {
+  return buildRealityState(projectRoot, options);
+}
+
+/**
+ * Invalidate the cache
+ */
+function invalidateCache() {
+  cachedState = null;
+  cacheHash = null;
+}
+
+/**
+ * Check if a route exists in reality
+ */
+function routeExists(state, method, routePath) {
+  return state.routes.some(r => 
+    r.method.toUpperCase() === method.toUpperCase() && 
+    (r.path === routePath || matchRoutePattern(r.path, routePath))
+  );
+}
+
+/**
+ * Check if an env var exists in reality
+ */
+function envVarExists(state, varName) {
+  const envVar = state.envVars.get(varName);
+  return envVar && envVar.declared;
+}
+
+/**
+ * Check if a file exists in reality
+ */
+function fileExists(state, filePath) {
+  const normalized = filePath.replace(/\\/g, "/");
+  return state.files.has(normalized);
+}
+
+/**
+ * Match route patterns (handles dynamic segments)
+ */
+function matchRoutePattern(pattern, path) {
+  // Convert pattern to regex
+  const regexPattern = pattern
+    .replace(/:[^/]+/g, "[^/]+")  // :param -> [^/]+
+    .replace(/\*/g, ".*");        // * -> .*
+  
+  try {
+    const regex = new RegExp(`^${regexPattern}$`);
+    return regex.test(path);
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Get files by domain
+ */
+function getFilesByDomain(state, domain) {
+  const files = [];
+  for (const [path, meta] of state.files) {
+    if (meta.domain === domain) {
+      files.push({ path, ...meta });
+    }
+  }
+  return files;
+}
+
+/**
+ * Get summary of reality state
+ */
+function getStateSummary(state) {
+  return {
+    fileCount: state.files.size,
+    routeCount: state.routes.length,
+    serviceCount: state.services.length,
+    envVarCount: state.envVars.size,
+    importCount: state.imports.length,
+    lastUpdated: state.lastUpdated,
+    snapshotHash: state.snapshotHash,
+    domains: getDomainCounts(state),
+  };
+}
+
+/**
+ * Get domain counts
+ */
+function getDomainCounts(state) {
+  const counts = {};
+  for (const [, meta] of state.files) {
+    counts[meta.domain] = (counts[meta.domain] || 0) + 1;
+  }
+  return counts;
+}
+
+module.exports = {
+  buildRealityState,
+  getRealityState,
+  invalidateCache,
+  routeExists,
+  envVarExists,
+  fileExists,
+  getFilesByDomain,
+  getStateSummary,
+  classifyFileDomain,
+  hashFile,
+};