vibecheck-ai 2.0.1 → 5.0.0

package/bin/runners/lib/agent-firewall/truthpack/loader.js

@@ -0,0 +1,137 @@
+/**
+ * Truthpack Loader
+ * 
+ * Loads truthpack files from .vibecheck/truthpack/
+ * Caches for performance and validates freshness.
+ */
+
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+
+const TRUTHPACK_DIR = ".vibecheck/truthpack";
+const STALE_AFTER_HOURS = 24;
+
+let cache = {
+  routes: null,
+  env: null,
+  auth: null,
+  contracts: null,
+  loadedAt: null
+};
+
+/**
+ * Load truthpack from project root
+ * @param {string} projectRoot - Project root directory
+ * @param {boolean} forceRefresh - Force reload even if cached
+ * @returns {object} Truthpack data
+ */
+function loadTruthpack(projectRoot, forceRefresh = false) {
+  const truthpackPath = path.join(projectRoot, TRUTHPACK_DIR);
+  
+  // Check cache freshness
+  if (!forceRefresh && cache.loadedAt) {
+    const ageHours = (Date.now() - cache.loadedAt) / (1000 * 60 * 60);
+    if (ageHours < STALE_AFTER_HOURS && cache.routes !== null) {
+      return cache;
+    }
+  }
+  
+  const truthpack = {
+    routes: loadTruthpackFile(projectRoot, "routes.json"),
+    env: loadTruthpackFile(projectRoot, "env.json"),
+    auth: loadTruthpackFile(projectRoot, "auth.json"),
+    contracts: loadTruthpackFile(projectRoot, "contracts.json"),
+    uiGraph: loadTruthpackFile(projectRoot, "ui.graph.json")
+  };
+  
+  // Update cache
+  cache = {
+    ...truthpack,
+    loadedAt: Date.now()
+  };
+  
+  return truthpack;
+}
+
+/**
+ * Load a specific truthpack file
+ * @param {string} projectRoot - Project root directory
+ * @param {string} filename - Truthpack filename
+ * @returns {object|null} Parsed JSON or null if not found
+ */
+function loadTruthpackFile(projectRoot, filename) {
+  const filePath = path.join(projectRoot, TRUTHPACK_DIR, filename);
+  
+  if (!fs.existsSync(filePath)) {
+    // Fallback: try loading from truthpack.json if routes.json doesn't exist
+    if (filename === "routes.json") {
+      const truthpackPath = path.join(projectRoot, ".vibecheck", "truthpack.json");
+      if (fs.existsSync(truthpackPath)) {
+        try {
+          const truthpack = JSON.parse(fs.readFileSync(truthpackPath, "utf8"));
+          // Extract server routes from truthpack.json format
+          if (truthpack.routes && truthpack.routes.server) {
+            return {
+              routes: truthpack.routes.server.map(r => ({
+                path: r.path,
+                method: r.method,
+                handler: r.handler || r.source
+              }))
+            };
+          }
+        } catch (error) {
+          // Fall through to return null
+        }
+      }
+    }
+    return null;
+  }
+  
+  try {
+    return JSON.parse(fs.readFileSync(filePath, "utf8"));
+  } catch (error) {
+    console.warn(`Failed to load truthpack file ${filename}: ${error.message}`);
+    return null;
+  }
+}
+
+/**
+ * Check if truthpack is fresh
+ * @param {string} projectRoot - Project root directory
+ * @returns {boolean} True if truthpack exists and is fresh
+ */
+function isTruthpackFresh(projectRoot) {
+  const truthpackPath = path.join(projectRoot, TRUTHPACK_DIR);
+  const routesPath = path.join(truthpackPath, "routes.json");
+  
+  if (!fs.existsSync(routesPath)) {
+    return false;
+  }
+  
+  const stats = fs.statSync(routesPath);
+  const ageHours = (Date.now() - stats.mtime.getTime()) / (1000 * 60 * 60);
+  
+  return ageHours < STALE_AFTER_HOURS;
+}
+
+/**
+ * Clear truthpack cache
+ */
+function clearCache() {
+  cache = {
+    routes: null,
+    env: null,
+    auth: null,
+    contracts: null,
+    loadedAt: null
+  };
+}
+
+module.exports = {
+  loadTruthpack,
+  loadTruthpackFile,
+  isTruthpackFresh,
+  clearCache
+};

package/bin/runners/lib/agent-firewall/unblock/planner.js

@@ -0,0 +1,337 @@
+/**
+ * Auto-Unblock Planner
+ * 
+ * Generates exact missing proofs and minimal patch plans when blocked.
+ * No open-ended advice - specific file/line instructions.
+ */
+
+"use strict";
+
+const path = require("path");
+const fs = require("fs");
+const { CLAIM_TYPES } = require("../claims/claim-types");
+
+/**
+ * Generate unblock plan from violations
+ * @param {object} params
+ * @param {array} params.violations - Rule violations
+ * @param {array} params.claims - Extracted claims
+ * @param {string} params.projectRoot - Project root directory
+ * @returns {object} Unblock plan with specific steps
+ */
+function generateUnblockPlan({ violations, claims, projectRoot }) {
+  const steps = [];
+  
+  for (const violation of violations) {
+    if (violation.severity !== "block") {
+      continue; // Only generate plans for blocking violations
+    }
+    
+    const claim = violation.claim || claims.find(c => 
+      violation.claimId && c.type === violation.claim?.type
+    );
+    
+    switch (violation.rule) {
+      case "ghost_route":
+        steps.push(...planGhostRoute(claim, projectRoot));
+        break;
+        
+      case "ghost_env":
+        steps.push(...planGhostEnv(claim, projectRoot));
+        break;
+        
+      case "auth_drift":
+        steps.push(...planAuthDrift(claim, projectRoot));
+        break;
+        
+      case "contract_drift":
+        steps.push(...planContractDrift(claim, projectRoot));
+        break;
+        
+      case "scope_explosion":
+        steps.push(...planScopeExplosion(violation));
+        break;
+        
+      case "unsafe_side_effect":
+        steps.push(...planUnsafeSideEffect(claim, projectRoot));
+        break;
+        
+      case "fake_success_ui":
+        steps.push(...planFakeSuccess(claim, projectRoot));
+        break;
+    }
+  }
+  
+  return {
+    steps: deduplicateSteps(steps)
+  };
+}
+
+/**
+ * Plan for ghost route violation
+ */
+function planGhostRoute(claim, projectRoot) {
+  if (!claim || claim.type !== CLAIM_TYPES.ROUTE) {
+    return [];
+  }
+  
+  const routePath = claim.value;
+  const steps = [];
+  
+  // Determine framework and suggest route file location
+  const isApiRoute = routePath.startsWith("/api/");
+  
+  if (isApiRoute) {
+    // Next.js App Router
+    const routePathSegments = routePath.replace("/api/", "").split("/");
+    const routeFile = path.join("app", "api", ...routePathSegments, "route.ts");
+    const routeFileAbs = path.join(projectRoot, routeFile);
+    
+    steps.push({
+      action: "create",
+      file: routeFile,
+      line: 1,
+      description: `Create route handler at ${routeFile} for ${routePath}`
+    });
+    
+    // Also suggest adding to truthpack
+    steps.push({
+      action: "modify",
+      file: ".vibecheck/truthpack/routes.json",
+      line: null,
+      description: `Run 'vibecheck truth' to regenerate truthpack with new route`
+    });
+  }
+  
+  return steps;
+}
+
+/**
+ * Plan for ghost env violation
+ */
+function planGhostEnv(claim, projectRoot) {
+  if (!claim || claim.type !== CLAIM_TYPES.ENV) {
+    return [];
+  }
+  
+  const envVarName = claim.value;
+  const steps = [];
+  
+  // Find env schema file
+  const envSchemaFiles = [
+    "apps/api/src/config/env.schema.ts",
+    "apps/api/src/env.schema.ts",
+    "src/config/env.schema.ts",
+    "src/env.schema.ts"
+  ];
+  
+  let envSchemaFile = null;
+  for (const candidate of envSchemaFiles) {
+    const fullPath = path.join(projectRoot, candidate);
+    if (fs.existsSync(fullPath)) {
+      envSchemaFile = candidate;
+      break;
+    }
+  }
+  
+  if (!envSchemaFile) {
+    // Create new schema file
+    envSchemaFile = "apps/api/src/config/env.schema.ts";
+    steps.push({
+      action: "create",
+      file: envSchemaFile,
+      line: 1,
+      description: `Create env schema file and add ${envVarName}`
+    });
+  } else {
+    // Add to existing schema
+    steps.push({
+      action: "modify",
+      file: envSchemaFile,
+      line: null, // Will need to find insertion point
+      description: `Add ${envVarName} to env schema`
+    });
+  }
+  
+  // Also add to .env.example
+  steps.push({
+    action: "modify",
+    file: ".env.example",
+    line: null,
+    description: `Add ${envVarName}=<value> to .env.example`
+  });
+  
+  return steps;
+}
+
+/**
+ * Plan for auth drift violation
+ */
+function planAuthDrift(claim, projectRoot) {
+  if (!claim || claim.type !== CLAIM_TYPES.AUTH) {
+    return [];
+  }
+  
+  const steps = [];
+  
+  // Find middleware file
+  const middlewareFiles = [
+    "middleware.ts",
+    "src/middleware.ts",
+    "apps/api/src/middleware.ts"
+  ];
+  
+  let middlewareFile = null;
+  for (const candidate of middlewareFiles) {
+    const fullPath = path.join(projectRoot, candidate);
+    if (fs.existsSync(fullPath)) {
+      middlewareFile = candidate;
+      break;
+    }
+  }
+  
+  if (middlewareFile) {
+    steps.push({
+      action: "modify",
+      file: middlewareFile,
+      line: null,
+      description: `Add protected route pattern to middleware matcher for ${claim.file || "affected route"}`
+    });
+  } else {
+    steps.push({
+      action: "create",
+      file: "middleware.ts",
+      line: 1,
+      description: `Create middleware.ts and add auth protection for ${claim.file || "affected route"}`
+    });
+  }
+  
+  return steps;
+}
+
+/**
+ * Plan for contract drift violation
+ */
+function planContractDrift(claim, projectRoot) {
+  if (!claim || claim.type !== CLAIM_TYPES.CONTRACT) {
+    return [];
+  }
+  
+  const steps = [];
+  
+  steps.push({
+    action: "modify",
+    file: ".vibecheck/truthpack/contracts.json",
+    line: null,
+    description: `Update contract definition for ${claim.value} or run 'vibecheck truth' to regenerate`
+  });
+  
+  return steps;
+}
+
+/**
+ * Plan for scope explosion violation
+ */
+function planScopeExplosion(violation) {
+  const steps = [];
+  
+  const metadata = violation.metadata || {};
+  
+  if (metadata.totalFiles) {
+    steps.push({
+      action: "modify",
+      file: null,
+      line: null,
+      description: `Reduce scope: ${metadata.totalFiles} files touched (max: ${metadata.maxFiles}). Split into smaller changes or provide explicit intent message.`
+    });
+  }
+  
+  if (metadata.totalLines) {
+    steps.push({
+      action: "modify",
+      file: null,
+      line: null,
+      description: `Reduce scope: ${metadata.totalLines} lines changed (max: ${metadata.maxLines}). Split into smaller changes or provide explicit intent message.`
+    });
+  }
+  
+  return steps;
+}
+
+/**
+ * Plan for unsafe side effect violation
+ */
+function planUnsafeSideEffect(claim, projectRoot) {
+  if (!claim || claim.type !== CLAIM_TYPES.SIDE_EFFECT) {
+    return [];
+  }
+  
+  const steps = [];
+  
+  // Suggest creating test file
+  const claimFile = claim.file || "";
+  if (claimFile) {
+    const baseName = path.basename(claimFile, path.extname(claimFile));
+    const dir = path.dirname(claimFile);
+    const testFile = path.join(dir, `${baseName}.test.ts`);
+    
+    steps.push({
+      action: "create",
+      file: testFile,
+      line: 1,
+      description: `Create test file to verify side effect: ${claim.value}`
+    });
+  }
+  
+  // Also suggest reality proof
+  steps.push({
+    action: "modify",
+    file: null,
+    line: null,
+    description: `Run 'vibecheck reality' to generate proof for side effect: ${claim.value}`
+  });
+  
+  return steps;
+}
+
+/**
+ * Plan for fake success UI violation
+ */
+function planFakeSuccess(claim, projectRoot) {
+  if (!claim || claim.type !== CLAIM_TYPES.UI_SUCCESS) {
+    return [];
+  }
+  
+  const steps = [];
+  
+  steps.push({
+    action: "modify",
+    file: claim.file || "unknown",
+    line: null,
+    description: `Add HTTP call or side effect before showing success message: ${claim.value}`
+  });
+  
+  return steps;
+}
+
+/**
+ * Deduplicate steps by file+action
+ */
+function deduplicateSteps(steps) {
+  const seen = new Set();
+  const unique = [];
+  
+  for (const step of steps) {
+    const key = `${step.action}|${step.file || "null"}`;
+    if (!seen.has(key)) {
+      seen.add(key);
+      unique.push(step);
+    }
+  }
+  
+  return unique;
+}
+
+module.exports = {
+  generateUnblockPlan
+};

package/bin/runners/lib/agent-firewall/utils/ignore-checker.js

@@ -0,0 +1,118 @@
+/**
+ * Ignore File Checker
+ * 
+ * Checks if a file matches patterns in .vibecheckignore
+ */
+
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+
+// Try to use minimatch if available, otherwise use simple pattern matching
+let minimatch;
+try {
+  minimatch = require("minimatch").minimatch;
+} catch {
+  minimatch = null;
+}
+
+let ignorePatterns = null;
+let ignoreFile = null;
+
+/**
+ * Load ignore patterns from .vibecheckignore
+ * @param {string} projectRoot - Project root directory
+ * @returns {array} Array of ignore patterns
+ */
+function loadIgnorePatterns(projectRoot) {
+  if (ignorePatterns !== null && ignoreFile === projectRoot) {
+    return ignorePatterns;
+  }
+
+  const ignorePath = path.join(projectRoot, ".vibecheckignore");
+  ignorePatterns = [];
+  
+  if (fs.existsSync(ignorePath)) {
+    const content = fs.readFileSync(ignorePath, "utf8");
+    ignorePatterns = content
+      .split("\n")
+      .map(line => line.trim())
+      .filter(line => line && !line.startsWith("#"));
+  }
+  
+  ignoreFile = projectRoot;
+  return ignorePatterns;
+}
+
+/**
+ * Check if a file should be ignored
+ * @param {string} projectRoot - Project root directory
+ * @param {string} filePath - File path (relative to project root)
+ * @returns {boolean} True if file should be ignored
+ */
+function shouldIgnore(projectRoot, filePath) {
+  const patterns = loadIgnorePatterns(projectRoot);
+  const normalizedPath = filePath.replace(/\\/g, "/");
+  
+  // Check against all patterns
+  for (const pattern of patterns) {
+    // Handle both glob patterns and simple path matches
+    if (minimatch) {
+      if (minimatch(normalizedPath, pattern, { matchBase: true }) ||
+          minimatch(normalizedPath, `**/${pattern}`, { matchBase: true })) {
+        return true;
+      }
+    } else {
+      // Fallback: simple pattern matching
+      const regexPattern = pattern
+        .replace(/\*\*/g, ".*")
+        .replace(/\*/g, "[^/]*")
+        .replace(/\//g, "\\/");
+      const regex = new RegExp(`^${regexPattern}$`);
+      if (regex.test(normalizedPath)) {
+        return true;
+      }
+    }
+    
+    // Also check if path contains the pattern as a substring (for directory patterns)
+    const cleanPattern = pattern.replace(/\*\*/g, "").replace(/\*/g, "");
+    if (normalizedPath.includes(cleanPattern)) {
+      return true;
+    }
+  }
+  
+  // Also check common test file patterns
+  const testPatterns = [
+    /\/__tests__\//,
+    /\.test\.(ts|tsx|js|jsx)$/,
+    /\.spec\.(ts|tsx|js|jsx)$/,
+    /\/tests\//,
+    /\/test\//,
+    /\/fixtures\//,
+    /\/examples\//,
+    /\/templates\//
+  ];
+  
+  for (const pattern of testPatterns) {
+    if (pattern.test(normalizedPath)) {
+      return true;
+    }
+  }
+  
+  return false;
+}
+
+/**
+ * Clear cached ignore patterns (for testing)
+ */
+function clearCache() {
+  ignorePatterns = null;
+  ignoreFile = null;
+}
+
+module.exports = {
+  shouldIgnore,
+  loadIgnorePatterns,
+  clearCache
+};