vibecheck-ai 2.0.1 → 5.0.0

package/bin/runners/lib/detectors-v2.js

@@ -0,0 +1,622 @@
+/**
+ * Truth Context – MCP Tools for Evidence‑Backed AI
+ *
+ * Core context-engine tools that surface **truth-backed** context for AI agents.
+ * Every response is grounded in concrete evidence with file/line citations
+ * and explicit confidence scores.
+ *
+ * This is the "Truth Firewall", exposed to agents as an "Evidence Pack" / "Truth Pack". [web:3]
+ *
+ * Tools:
+ *   - vibecheck.ctx           – Build a repo-level Truth Pack (routes, auth, billing, env, schema)
+ *   - vibecheck.verify_claim  – Check whether a claim is backed by real evidence
+ *   - vibecheck.evidence      – Pull code-level evidence for a specific file/function
+ */
+
+import fs from "fs/promises";
+import path from "path";
+import { execSync } from "child_process";
+
+// ============================================================================
+// TRUTH CONTEXT TOOLS
+// ============================================================================
+
+export const TRUTH_CONTEXT_TOOLS = [
+  {
+    name: "vibecheck.ctx",
+    description: `📋 Build a repo Truth Pack: routes, auth, billing, env vars, schema.
+
+Generates an evidence-backed context bundle with file/line citations.
+Use this before the agent makes any architectural or behavioral claims
+about the codebase.
+
+Returns:
+- routes: All detected routes with handlers and middleware
+- auth: Auth guards, protected routes, auth flow indicators
+- billing: Payment gates, subscription checks, paid feature indicators
+- env: Environment variables (declared vs used, mismatches)
+- schema: Database schema and TypeScript contracts
+- confidence: Aggregate confidence score (0–1) for the extracted view`,
+    inputSchema: {
+      type: "object",
+      properties: {
+        scope: {
+          type: "string",
+          enum: ["all", "routes", "auth", "billing", "env", "schema"],
+          description: "Which slice of context to extract (default: all)",
+          default: "all",
+        },
+        path: {
+          type: "string",
+          description: "Project root path (default: current working directory)",
+        },
+      },
+    },
+  },
+  {
+    name: "vibecheck.verify_claim",
+    description: `🔍 Truth Firewall check – verify that a claim is backed by code.
+
+Run this before asserting that something exists, is configured, or is enforced.
+Returns concrete evidence (file/line) when the claim is supported,
+or a structured rejection with an explanation when it is not.
+
+Examples:
+- "Route /api/users exists"        → VERIFIED with handler at src/routes/users.ts:45
+- "Auth is required for /admin"    → VERIFIED via middleware at src/middleware/auth.ts:12
+- "Stripe is configured"           → REJECTED: No evidence of Stripe integration found`,
+    inputSchema: {
+      type: "object",
+      properties: {
+        claim_type: {
+          type: "string",
+          enum: [
+            "route",
+            "endpoint",
+            "env_var",
+            "middleware",
+            "auth_guard",
+            "billing_gate",
+            "file",
+            "function",
+          ],
+          description: "Category of claim to verify",
+        },
+        claim: {
+          type: "string",
+          description:
+            "The claim subject (e.g. '/api/users', 'AUTH_SECRET', 'authMiddleware')",
+        },
+        path: {
+          type: "string",
+          description: "Project root path (default: current working directory)",
+        },
+      },
+      required: ["claim_type", "claim"],
+    },
+  },
+  {
+    name: "vibecheck.evidence",
+    description: `📎 Retrieve code evidence for a file or symbol.
+
+Returns an annotated code snippet with line numbers for precise citation.
+Use this when the agent needs to quote or reason about specific code blocks
+in its response.`,
+    inputSchema: {
+      type: "object",
+      properties: {
+        file: {
+          type: "string",
+          description: "File path relative to the project root",
+        },
+        function_name: {
+          type: "string",
+          description: "Optional function/class name to locate within the file",
+        },
+        line: {
+          type: "number",
+          description: "Optional 1-based line number to center the snippet on",
+        },
+        context_lines: {
+          type: "number",
+          description:
+            "Number of lines of context before/after the target (default: 10)",
+          default: 10,
+        },
+        path: {
+          type: "string",
+          description: "Project root path (default: current working directory)",
+        },
+      },
+      required: ["file"],
+    },
+  },
+];
+
+// ============================================================================
+// TOOL DISPATCH
+// ============================================================================
+
+export async function handleTruthContextTool(toolName, args) {
+  const projectPath = args.path || process.cwd();
+
+  switch (toolName) {
+    case "vibecheck.ctx":
+      return await getTruthPack(projectPath, args.scope || "all");
+    case "vibecheck.verify_claim":
+      return await verifyClaim(projectPath, args.claim_type, args.claim);
+    case "vibecheck.evidence":
+      return await getEvidence(projectPath, args.file, args);
+    default:
+      return { error: `Unknown tool: ${toolName}` };
+  }
+}
+
+// ============================================================================
+// CONTEXT EXTRACTION
+// ============================================================================
+
+async function getTruthPack(projectPath, scope) {
+  const truthPack = {
+    version: "1.0.0",
+    generatedAt: new Date().toISOString(),
+    projectPath,
+    scope,
+    confidence: 0,
+    sections: {},
+  };
+
+  try {
+    if (scope === "all" || scope === "routes") {
+      truthPack.sections.routes = await extractRoutes(projectPath);
+    }
+    if (scope === "all" || scope === "auth") {
+      truthPack.sections.auth = await extractAuth(projectPath);
+    }
+    if (scope === "all" || scope === "billing") {
+      truthPack.sections.billing = await extractBilling(projectPath);
+    }
+    if (scope === "all" || scope === "env") {
+      truthPack.sections.env = await extractEnvVars(projectPath);
+    }
+    if (scope === "all" || scope === "schema") {
+      truthPack.sections.schema = await extractSchema(projectPath);
+    }
+
+    const sections = Object.values(truthPack.sections);
+    if (sections.length > 0) {
+      truthPack.confidence =
+        sections.reduce((sum, section) => sum + (section.confidence || 0), 0) /
+        sections.length;
+    }
+
+    return truthPack;
+  } catch (error) {
+    return {
+      error: error.message,
+      projectPath,
+      suggestion: "Run `vibecheck init` to set up the project",
+    };
+  }
+}
+
+async function extractRoutes(projectPath) {
+  const routes = [];
+  const routePatterns = [
+    /app\.(get|post|put|patch|delete|use)\s*\(\s*['"`]([^'"`]+)['"`]/gi,
+    /router\.(get|post|put|patch|delete|use)\s*\(\s*['"`]([^'"`]+)['"`]/gi,
+    /@(Get|Post|Put|Patch|Delete)\s*\(\s*['"`]([^'"`]+)['"`]/gi,
+  ];
+
+  const files = await findSourceFiles(projectPath, [".ts", ".js", ".tsx", ".jsx"]);
+
+  for (const file of files.slice(0, 50)) {
+    try {
+      const content = await fs.readFile(file, "utf8");
+      const relPath = path.relative(projectPath, file);
+
+      for (const pattern of routePatterns) {
+        let match;
+        pattern.lastIndex = 0;
+        while ((match = pattern.exec(content)) !== null) {
+          const line = content.substring(0, match.index).split("\n").length;
+          routes.push({
+            method: match[1].toUpperCase(),
+            path: match[2],
+            file: relPath,
+            line,
+            evidence: {
+              snippet: content.split("\n")[line - 1]?.trim(),
+              verifiedAt: new Date().toISOString(),
+            },
+          });
+        }
+      }
+    } catch {
+      // Skip unreadable files
+    }
+  }
+
+  return {
+    count: routes.length,
+    routes: routes.slice(0, 100),
+    confidence: routes.length > 0 ? 0.8 : 0.2,
+  };
+}
+
+async function extractAuth(projectPath) {
+  const authIndicators = [];
+  const authPatterns = [
+    /auth(enticate|orize|Middleware|Guard|Check)/gi,
+    /isAuthenticated|requireAuth|verifyToken|jwt\.verify/gi,
+    /passport\.(authenticate|use)/gi,
+    /session\.|cookie\./gi,
+  ];
+
+  const files = await findSourceFiles(projectPath, [".ts", ".js"]);
+
+  for (const file of files.slice(0, 50)) {
+    try {
+      const content = await fs.readFile(file, "utf8");
+      const relPath = path.relative(projectPath, file);
+
+      for (const pattern of authPatterns) {
+        let match;
+        pattern.lastIndex = 0;
+        while ((match = pattern.exec(content)) !== null) {
+          const line = content.substring(0, match.index).split("\n").length;
+          authIndicators.push({
+            type: "auth_indicator",
+            match: match[0],
+            file: relPath,
+            line,
+          });
+        }
+      }
+    } catch {
+      // Skip
+    }
+  }
+
+  return {
+    count: authIndicators.length,
+    indicators: authIndicators.slice(0, 50),
+    confidence:
+      authIndicators.length > 5
+        ? 0.8
+        : authIndicators.length > 0
+        ? 0.5
+        : 0.1,
+  };
+}
+
+async function extractBilling(projectPath) {
+  const billingIndicators = [];
+  const billingPatterns = [
+    /stripe|paddle|lemonsqueezy|gumroad/gi,
+    /subscription|payment|checkout|invoice/gi,
+    /isPro|isPremium|isEnterprise|hasPaid/gi,
+    /price|tier|plan/gi,
+  ];
+
+  const files = await findSourceFiles(projectPath, [".ts", ".js"]);
+
+  for (const file of files.slice(0, 30)) {
+    try {
+      const content = await fs.readFile(file, "utf8");
+      const relPath = path.relative(projectPath, file);
+
+      for (const pattern of billingPatterns) {
+        let match;
+        pattern.lastIndex = 0;
+        while ((match = pattern.exec(content)) !== null) {
+          const line = content.substring(0, match.index).split("\n").length;
+          billingIndicators.push({
+            type: "billing_indicator",
+            match: match[0],
+            file: relPath,
+            line,
+          });
+        }
+      }
+    } catch {
+      // Skip
+    }
+  }
+
+  return {
+    count: billingIndicators.length,
+    indicators: billingIndicators.slice(0, 30),
+    confidence:
+      billingIndicators.length > 3
+        ? 0.7
+        : billingIndicators.length > 0
+        ? 0.4
+        : 0.1,
+  };
+}
+
+async function extractEnvVars(projectPath) {
+  const declared = [];
+  const used = [];
+
+  const envFiles = [".env.example", ".env.local.example", ".env.sample"];
+  for (const envFile of envFiles) {
+    try {
+      const content = await fs.readFile(path.join(projectPath, envFile), "utf8");
+      const lines = content.split("\n");
+      for (let i = 0; i < lines.length; i++) {
+        const match = lines[i].match(/^([A-Z][A-Z0-9_]*)=/);
+        if (match) {
+          declared.push({
+            name: match[1],
+            file: envFile,
+            line: i + 1,
+          });
+        }
+      }
+    } catch {
+      // File does not exist
+    }
+  }
+
+  const files = await findSourceFiles(projectPath, [".ts", ".js"]);
+  for (const file of files.slice(0, 30)) {
+    try {
+      const content = await fs.readFile(file, "utf8");
+      const relPath = path.relative(projectPath, file);
+      const pattern = /process\.env\.([A-Z][A-Z0-9_]*)/g;
+      let match;
+      while ((match = pattern.exec(content)) !== null) {
+        const line = content.substring(0, match.index).split("\n").length;
+        used.push({
+          name: match[1],
+          file: relPath,
+          line,
+        });
+      }
+    } catch {
+      // Skip
+    }
+  }
+
+  const declaredNames = new Set(declared.map((d) => d.name));
+  const usedNames = new Set(used.map((u) => u.name));
+  const undeclared = [...usedNames].filter((name) => !declaredNames.has(name));
+  const unused = [...declaredNames].filter((name) => !usedNames.has(name));
+
+  return {
+    declared: declared.slice(0, 50),
+    used: used.slice(0, 50),
+    mismatches: {
+      undeclared,
+      unused,
+    },
+    confidence: undeclared.length === 0 ? 0.9 : 0.5,
+  };
+}
+
+async function extractSchema(projectPath) {
+  const schemas = [];
+
+  try {
+    const prismaPath = path.join(projectPath, "prisma", "schema.prisma");
+    const content = await fs.readFile(prismaPath, "utf8");
+    const modelMatches = content.matchAll(/model\s+(\w+)\s*\{/g);
+    for (const match of modelMatches) {
+      schemas.push({
+        type: "prisma_model",
+        name: match[1],
+        file: "prisma/schema.prisma",
+      });
+    }
+  } catch {
+    // No Prisma schema
+  }
+
+  const files = await findSourceFiles(projectPath, [".ts", ".tsx"]);
+  for (const file of files.slice(0, 20)) {
+    try {
+      const content = await fs.readFile(file, "utf8");
+      const relPath = path.relative(projectPath, file);
+
+      const typeMatches = content.matchAll(/(?:interface|type)\s+(\w+)/g);
+      for (const match of typeMatches) {
+        const line = content.substring(0, match.index).split("\n").length;
+        schemas.push({
+          type: "typescript_type",
+          name: match[1],
+          file: relPath,
+          line,
+        });
+      }
+    } catch {
+      // Skip
+    }
+  }
+
+  return {
+    count: schemas.length,
+    schemas: schemas.slice(0, 50),
+    confidence:
+      schemas.length > 5 ? 0.7 : schemas.length > 0 ? 0.4 : 0.2,
+  };
+}
+
+// ============================================================================
+// CLAIM VERIFICATION
+// ============================================================================
+
+async function verifyClaim(projectPath, claimType, claim) {
+  const result = {
+    claim: { type: claimType, value: claim },
+    verified: false,
+    evidence: null,
+    confidence: 0,
+    rejection: null,
+  };
+
+  try {
+    switch (claimType) {
+      case "file": {
+        const filePath = path.join(projectPath, claim);
+        try {
+          await fs.access(filePath);
+          const stats = await fs.stat(filePath);
+          result.verified = true;
+          result.confidence = 1.0;
+          result.evidence = {
+            file: claim,
+            exists: true,
+            size: stats.size,
+            verifiedAt: new Date().toISOString(),
+          };
+        } catch {
+          result.rejection = `File does not exist: ${claim}`;
+        }
+        break;
+      }
+
+      case "route":
+      case "endpoint": {
+        const routes = await extractRoutes(projectPath);
+        const matchingRoute = routes.routes.find(
+          (route) => route.path === claim || route.path.includes(claim),
+        );
+        if (matchingRoute) {
+          result.verified = true;
+          result.confidence = 0.9;
+          result.evidence = matchingRoute;
+        } else {
+          result.rejection = `No route matching "${claim}" found in codebase`;
+        }
+        break;
+      }
+
+      case "env_var": {
+        const envData = await extractEnvVars(projectPath);
+        const isDeclared = envData.declared.some((env) => env.name === claim);
+        const isUsed = envData.used.some((env) => env.name === claim);
+        if (isDeclared || isUsed) {
+          result.verified = true;
+          result.confidence = isDeclared && isUsed ? 1.0 : 0.7;
+          result.evidence = {
+            declared: isDeclared,
+            used: isUsed,
+            locations: [
+              ...envData.declared.filter((env) => env.name === claim),
+              ...envData.used.filter((env) => env.name === claim),
+            ],
+          };
+        } else {
+          result.rejection = `Environment variable "${claim}" not found`;
+        }
+        break;
+      }
+
+      default:
+        result.rejection = `Claim type "${claimType}" verification is not implemented yet`;
+    }
+  } catch (error) {
+    result.rejection = `Verification error: ${error.message}`;
+  }
+
+  return result;
+}
+
+// ============================================================================
+// EVIDENCE EXTRACTION
+// ============================================================================
+
+async function getEvidence(projectPath, file, options) {
+  const filePath = path.join(projectPath, file);
+
+  try {
+    const content = await fs.readFile(filePath, "utf8");
+    const lines = content.split("\n");
+
+    let targetLine = options.line || 1;
+    const contextLines = options.context_lines || 10;
+
+    if (options.function_name) {
+      const pattern = new RegExp(
+        `(function|const|let|var|class)\\s+${options.function_name}`,
+        "i",
+      );
+      for (let i = 0; i < lines.length; i++) {
+        if (pattern.test(lines[i])) {
+          targetLine = i + 1;
+          break;
+        }
+      }
+    }
+
+    const startLine = Math.max(1, targetLine - contextLines);
+    const endLine = Math.min(lines.length, targetLine + contextLines);
+
+    const snippet = lines
+      .slice(startLine - 1, endLine)
+      .map(
+        (line, index) =>
+          `${String(startLine + index).padStart(4, " ")} | ${line}`,
+      )
+      .join("\n");
+
+    return {
+      file,
+      targetLine,
+      startLine,
+      endLine,
+      totalLines: lines.length,
+      snippet,
+      verifiedAt: new Date().toISOString(),
+    };
+  } catch (error) {
+    return {
+      error: `Cannot read file: ${error.message}`,
+      file,
+    };
+  }
+}
+
+// ============================================================================
+// UTILITIES
+// ============================================================================
+
+async function findSourceFiles(projectPath, extensions) {
+  const files = [];
+
+  async function walk(dir) {
+    try {
+      const entries = await fs.readdir(dir, { withFileTypes: true });
+      for (const entry of entries) {
+        const fullPath = path.join(dir, entry.name);
+        if (entry.isDirectory()) {
+          if (
+            !entry.name.startsWith(".") &&
+            entry.name !== "node_modules" &&
+            entry.name !== "dist" &&
+            entry.name !== "build"
+          ) {
+            await walk(fullPath);
+          }
+        } else if (entry.isFile()) {
+          const ext = path.extname(entry.name).toLowerCase();
+          if (extensions.includes(ext)) {
+            files.push(fullPath);
+          }
+        }
+      }
+    } catch {
+      // Skip inaccessible directories
+    }
+  }
+
+  await walk(projectPath);
+  return files;
+}
+
+export default {
+  TRUTH_CONTEXT_TOOLS,
+  handleTruthContextTool,
+};