@vibecheckai/cli 2.5.1 → 2.5.3

package/README.md

@@ -1,6 +1,6 @@
-# Guardrail CLI v2.5.0 🎉
+# vibecheck CLI v2.5.0 🎉
 
-The official command-line interface for Guardrail - AI-native code security and guardrail platform.
+The official command-line interface for vibecheck - AI-native code security and vibecheck platform.
 
 ## ✨ What's New in v2.5.0
 
@@ -13,26 +13,26 @@ The official command-line interface for Guardrail - AI-native code security and
 ## Installation
 
 ```bash
-npm install -g guardrail-cli@latest
+npm install -g vibecheck-cli-tool@latest
 ```
 
 ## Quick Start
 
 ```bash
 # 🎮 Open the new interactive menu (recommended)
-guardrail menu
+vibecheck menu
 
 # 🔐 Authenticate with your API key
-guardrail auth --key gr_pro_your_api_key_here
+vibecheck auth --key gr_pro_your_api_key_here
 
 # 🔍 Scan your project
-guardrail scan --path ./your-project
+vibecheck scan --path ./your-project
 
 # 🚀 Try Reality Mode (auto-installs Playwright)
-guardrail reality --url https://your-site.com --flow user-journey
+vibecheck reality --url https://your-site.com --flow user-journey
 
 # 📦 Ship readiness check
-guardrail ship --path ./your-project
+vibecheck ship --path ./your-project
 ```
 
 ## Authentication
@@ -42,18 +42,18 @@ The CLI uses enterprise-grade authentication with secure credential storage.
 ### Commands
 
 ```bash
-# Authenticate with API key (validates against Guardrail API)
-guardrail auth --key gr_pro_abc123xyz789
+# Authenticate with API key (validates against vibecheck API)
+vibecheck auth --key gr_pro_abc123xyz789
 
 # Check current authentication status
 # Shows masked key (gr_pro_****xyz9), tier, email, expiry
-guardrail auth --status
+vibecheck auth --status
 
 # Force refresh cached entitlements
-guardrail auth --refresh
+vibecheck auth --refresh
 
 # Logout and remove stored credentials
-guardrail auth --logout
+vibecheck auth --logout
 ```
 
 ### Features
@@ -69,48 +69,48 @@ guardrail auth --logout
 
 | Platform | Location |
 |----------|----------|
-| macOS | `~/Library/Application Support/guardrail/state.json` |
-| Linux | `~/.config/guardrail/state.json` |
-| Windows | `%APPDATA%\guardrail\state.json` |
+| macOS | `~/Library/Application Support/vibecheck/state.json` |
+| Linux | `~/.config/vibecheck/state.json` |
+| Windows | `%APPDATA%\vibecheck\state.json` |
 
 If `keytar` is available, sensitive tokens are stored in the OS keychain.
 
 ## Commands
 
-- `guardrail auth` - Authenticate with your API key
-- `guardrail scan` - Run security scans
-- `guardrail scan:secrets` - Scan for hardcoded secrets
-- `guardrail scan:vulnerabilities` - Scan dependencies for CVEs (OSV integration)
-- `guardrail scan:compliance` - Compliance assessment (Pro)
-- `guardrail sbom:generate` - Generate SBOM (Pro)
-- `guardrail ship` - Ship readiness checks (Starter+)
-- `guardrail reality` - Browser testing for fake data (Starter+)
-- `guardrail smells` - Code smell analysis
-- `guardrail fix` - Manual fix suggestions (Starter+)
-- `guardrail autopilot` - AI-powered batch remediation (Pro)
-- `guardrail cache:clear` - Clear OSV vulnerability cache
-- `guardrail cache:status` - Show cache statistics
-- `guardrail init` - Initialize Guardrail in a project (see [Init Command](#init-command))
-- `guardrail menu` - Interactive menu
+- `vibecheck auth` - Authenticate with your API key
+- `vibecheck scan` - Run security scans
+- `vibecheck scan:secrets` - Scan for hardcoded secrets
+- `vibecheck scan:vulnerabilities` - Scan dependencies for CVEs (OSV integration)
+- `vibecheck scan:compliance` - Compliance assessment (Pro)
+- `vibecheck sbom:generate` - Generate SBOM (Pro)
+- `vibecheck ship` - Ship readiness checks (Starter+)
+- `vibecheck reality` - Browser testing for fake data (Starter+)
+- `vibecheck smells` - Code smell analysis
+- `vibecheck fix` - Manual fix suggestions (Starter+)
+- `vibecheck autopilot` - AI-powered batch remediation (Pro)
+- `vibecheck cache:clear` - Clear OSV vulnerability cache
+- `vibecheck cache:status` - Show cache statistics
+- `vibecheck init` - Initialize vibecheck in a project (see [Init Command](#init-command))
+- `vibecheck menu` - Interactive menu
 
 ## Init Command
 
-The `guardrail init` command provides enterprise-grade project initialization with automatic framework detection and template-based configuration.
+The `vibecheck init` command provides enterprise-grade project initialization with automatic framework detection and template-based configuration.
 
 ### Basic Usage
 
 ```bash
 # Initialize with interactive prompts (auto-detects framework)
-guardrail init
+vibecheck init
 
 # Initialize with a specific template
-guardrail init --template enterprise
+vibecheck init --template enterprise
 
 # Initialize with CI and git hooks
-guardrail init --ci --hooks
+vibecheck init --ci --hooks
 
 # Non-interactive mode
-guardrail init --template startup --no-interactive
+vibecheck init --template startup --no-interactive
 ```
 
 ### Options
@@ -126,7 +126,7 @@ guardrail init --template startup --no-interactive
 
 ### Framework Detection
 
-Guardrail automatically detects your project framework by inspecting `package.json` and file structure:
+vibecheck automatically detects your project framework by inspecting `package.json` and file structure:
 
 | Framework | Detection Signals |
 |-----------|-------------------|
@@ -137,7 +137,7 @@ Guardrail automatically detects your project framework by inspecting `package.js
 | **Remix** | `@remix-run/*` packages, `remix.config.*`, `app/routes/` |
 | **Vite+React** | `vite` + `react` dependencies, `@vitejs/plugin-react` |
 
-Based on the detected framework, Guardrail recommends the most relevant scans:
+Based on the detected framework, vibecheck recommends the most relevant scans:
 
 - **Next.js/Remix**: secrets, vulnerabilities, ship readiness, reality mode (auth flows)
 - **Express/NestJS/Fastify**: secrets, vulnerabilities, ship readiness, compliance (logging/rate limits)
@@ -145,7 +145,7 @@ Based on the detected framework, Guardrail recommends the most relevant scans:
 
 ### Templates
 
-Templates configure `.guardrail/config.json` with different defaults:
+Templates configure `.vibecheck/config.json` with different defaults:
 
 #### Startup Template
 - **Use case**: Early-stage teams, fast iteration
@@ -156,7 +156,7 @@ Templates configure `.guardrail/config.json` with different defaults:
 - **Noise reduction**: Suppress test files, low-confidence findings
 
 ```bash
-guardrail init --template startup
+vibecheck init --template startup
 ```
 
 #### Enterprise Template
@@ -168,7 +168,7 @@ guardrail init --template startup
 - **SBOM**: Enabled
 
 ```bash
-guardrail init --template enterprise
+vibecheck init --template enterprise
 ```
 
 #### OSS Template
@@ -179,12 +179,12 @@ guardrail init --template enterprise
 - **Noise reduction**: Suppress test files, examples
 
 ```bash
-guardrail init --template oss
+vibecheck init --template oss
 ```
 
 ### Generated Files
 
-#### Configuration (`.guardrail/config.json`)
+#### Configuration (`.vibecheck/config.json`)
 
 ```json
 {
@@ -212,7 +212,7 @@ guardrail init --template oss
 }
 ```
 
-#### CI Workflow (`.github/workflows/guardrail.yml`)
+#### CI Workflow (`.github/workflows/vibecheck.yml`)
 
 When using `--ci`, generates a GitHub Actions workflow that:
 - Runs secrets and vulnerability scans
@@ -222,7 +222,7 @@ When using `--ci`, generates a GitHub Actions workflow that:
 - Runs ship readiness check
 - Fails the workflow on critical/high findings
 
-**Required**: Add `GUARDRAIL_API_KEY` to your repository secrets.
+**Required**: Add `VIBECHECK_API_KEY` to your repository secrets.
 
 #### Git Hooks (`.husky/` or `lefthook.yml`)
 
@@ -234,16 +234,16 @@ When using `--hooks`, installs:
 
 ```bash
 # Next.js project with enterprise security
-guardrail init --template enterprise --ci --hooks
+vibecheck init --template enterprise --ci --hooks
 
 # Express API with startup defaults
-guardrail init --path ./api --template startup
+vibecheck init --path ./api --template startup
 
 # OSS project with lefthook
-guardrail init --template oss --hooks --hook-runner lefthook
+vibecheck init --template oss --hooks --hook-runner lefthook
 
 # CI-only setup (no hooks)
-guardrail init --template enterprise --ci --no-interactive
+vibecheck init --template enterprise --ci --no-interactive
 ```
 
 ## Vulnerability Scanning (OSV Integration)
@@ -255,7 +255,7 @@ The `scan:vulnerabilities` command uses real-time data from the [Open Source Vul
 - **Real-time OSV API queries** - Live vulnerability data from Google's OSV database
 - **Multi-ecosystem support** - npm, PyPI, RubyGems, Go
 - **Lockfile parsing** - package-lock.json, pnpm-lock.yaml, yarn.lock
-- **24-hour caching** - Reduces API calls with local cache in `.guardrail/cache/osv.json`
+- **24-hour caching** - Reduces API calls with local cache in `.vibecheck/cache/osv.json`
 - **CVSS scoring** - Severity levels with optional NVD enrichment
 - **Remediation paths** - Upgrade suggestions with breaking change detection
 - **SARIF output** - GitHub code scanning integration
@@ -264,22 +264,22 @@ The `scan:vulnerabilities` command uses real-time data from the [Open Source Vul
 
 ```bash
 # Basic vulnerability scan
-guardrail scan:vulnerabilities --path ./my-project
+vibecheck scan:vulnerabilities --path ./my-project
 
 # Bypass cache for fresh data
-guardrail scan:vulnerabilities --no-cache
+vibecheck scan:vulnerabilities --no-cache
 
 # Enable NVD enrichment for CVSS scores (slower)
-guardrail scan:vulnerabilities --nvd
+vibecheck scan:vulnerabilities --nvd
 
 # Output as SARIF for GitHub code scanning
-guardrail scan:vulnerabilities --format sarif -o results.sarif
+vibecheck scan:vulnerabilities --format sarif -o results.sarif
 
 # Filter by ecosystem
-guardrail scan:vulnerabilities --ecosystem npm
+vibecheck scan:vulnerabilities --ecosystem npm
 
 # Fail CI if critical vulnerabilities found
-guardrail scan:vulnerabilities --fail-on-critical
+vibecheck scan:vulnerabilities --fail-on-critical
 ```
 
 ### Options
@@ -297,17 +297,17 @@ guardrail scan:vulnerabilities --fail-on-critical
 
 ### Cache Management
 
-Vulnerability data is cached for 24 hours in `.guardrail/cache/osv.json`.
+Vulnerability data is cached for 24 hours in `.vibecheck/cache/osv.json`.
 
 ```bash
 # View cache statistics
-guardrail cache:status
+vibecheck cache:status
 
 # Clear the cache
-guardrail cache:clear
+vibecheck cache:clear
 
 # Clear global cache
-guardrail cache:clear --global
+vibecheck cache:clear --global
 ```
 
 ### SARIF Output for GitHub
@@ -316,11 +316,11 @@ Generate SARIF v2.1.0 output for GitHub code scanning:
 
 ```bash
 # Generate SARIF report
-guardrail scan:vulnerabilities --format sarif -o vuln-results.sarif
+vibecheck scan:vulnerabilities --format sarif -o vuln-results.sarif
 
 # In GitHub Actions workflow:
-- name: Run Guardrail Vulnerability Scan
-  run: guardrail scan:vulnerabilities --format sarif -o results.sarif
+- name: Run vibecheck Vulnerability Scan
+  run: vibecheck scan:vulnerabilities --format sarif -o results.sarif
   
 - name: Upload SARIF to GitHub
   uses: github/codeql-action/upload-sarif@v2
@@ -358,9 +358,9 @@ The header respects `NO_COLOR` environment variable and `--no-color` flag for CI
 
 | Variable | Description |
 |----------|-------------|
-| `GUARDRAIL_API_BASE_URL` | Override API endpoint (default: `https://api.guardrail.dev`) |
-| `GUARDRAIL_NO_INTERACTIVE` | Disable interactive prompts (`1` to disable) |
-| `GUARDRAIL_NO_UNICODE` | Disable Unicode output (`1` for ASCII-only) |
+| `VIBECHECK_API_BASE_URL` | Override API endpoint (default: `https://api.vibecheckai.dev`) |
+| `VIBECHECK_NO_INTERACTIVE` | Disable interactive prompts (`1` to disable) |
+| `VIBECHECK_NO_UNICODE` | Disable Unicode output (`1` for ASCII-only) |
 
 ## Reality Mode
 
@@ -370,29 +370,29 @@ Reality Mode detects fake data, mock backends, and placeholder content in your r
 
 ```bash
 # Generate a Playwright test for the auth flow
-guardrail reality --flow auth
+vibecheck reality --flow auth
 
 # Generate test for a custom URL
-guardrail reality --url http://localhost:8080 --flow checkout
+vibecheck reality --url http://localhost:8080 --flow checkout
 ```
 
 ### Generate + Run
 
 ```bash
 # Generate and immediately execute the test
-guardrail reality --run --flow auth
+vibecheck reality --run --flow auth
 
 # Run in headed mode (show browser)
-guardrail reality --run --flow auth --headless=false
+vibecheck reality --run --flow auth --headless=false
 
 # Custom timeout and workers
-guardrail reality --run --timeout 60 --workers 2
+vibecheck reality --run --timeout 60 --workers 2
 
 # Use HTML reporter for detailed results
-guardrail reality --run --reporter html,list
+vibecheck reality --run --reporter html,list
 
 # Full configuration example
-guardrail reality --run \
+vibecheck reality --run \
   --url http://localhost:8080 \
   --flow checkout \
   --timeout 45 \
@@ -411,17 +411,17 @@ Opens Playwright in interactive recording mode using `codegen` to capture user a
 
 ```bash
 # Start recording session
-guardrail reality --record --url http://localhost:3000
+vibecheck reality --record --url http://localhost:3000
 
 # Record with custom flow name
-guardrail reality --record --url http://localhost:8080 --flow signup
+vibecheck reality --record --url http://localhost:8080 --flow signup
 ```
 
 **How it works**:
 1. Opens browser with Playwright Inspector
 2. Interact with your app (click, type, navigate)
 3. Playwright records all actions with robust selectors
-4. Generated test saved to `.guardrail/reality/<runId>/reality-<flow>.test.ts`
+4. Generated test saved to `.vibecheck/reality/<runId>/reality-<flow>.test.ts`
 5. Press Ctrl+C when done
 
 ### Options
@@ -443,10 +443,10 @@ guardrail reality --record --url http://localhost:8080 --flow signup
 
 ### Artifacts
 
-When using `--run`, artifacts are saved under `.guardrail/reality/<runId>/`:
+When using `--run`, artifacts are saved under `.vibecheck/reality/<runId>/`:
 
 ```
-.guardrail/reality/auth-1704123456789-a1b2c3d4/
+.vibecheck/reality/auth-1704123456789-a1b2c3d4/
 ├── reality-auth.test.ts      # Generated test file
 ├── output.log                 # Playwright console output
 ├── result.json                # Run result summary (success, exitCode, duration)
@@ -462,17 +462,17 @@ When using `--run`, artifacts are saved under `.guardrail/reality/<runId>/`:
 
 **HTML Report** (if `--reporter html`):
 ```bash
-npx playwright show-report .guardrail/reality/<runId>/report
+npx playwright show-report .vibecheck/reality/<runId>/report
 ```
 
 **JSON Results**:
 ```bash
-cat .guardrail/reality/<runId>/result.json
+cat .vibecheck/reality/<runId>/result.json
 ```
 
 **Logs**:
 ```bash
-cat .guardrail/reality/<runId>/output.log
+cat .vibecheck/reality/<runId>/output.log
 ```
 
 ### Prerequisites
@@ -499,12 +499,12 @@ The CLI automatically detects missing dependencies and provides exact install co
 
 **Quick test in CI**:
 ```bash
-guardrail reality --run --flow auth --headless --timeout 30
+vibecheck reality --run --flow auth --headless --timeout 30
 ```
 
 **Debug with full visibility**:
 ```bash
-guardrail reality --run --flow checkout \
+vibecheck reality --run --flow checkout \
   --no-headless \
   --trace on \
   --video on \
@@ -513,19 +513,19 @@ guardrail reality --run --flow checkout \
 
 **Record custom flow**:
 ```bash
-guardrail reality --record --url http://localhost:3000 --flow onboarding
+vibecheck reality --record --url http://localhost:3000 --flow onboarding
 ```
 
 **Parallel execution**:
 ```bash
-guardrail reality --run --workers 4 --reporter html,json
+vibecheck reality --run --workers 4 --reporter html,json
 ```
 
 ## Support
 
-- [Documentation](https://guardrail.dev/docs)
-- [Discord](https://discord.gg/guardrail)
-- [Support](mailto:support@guardrail.dev)
+- [Documentation](https://vibecheckai.dev/docs)
+- [Discord](https://discord.gg/vibecheck)
+- [Support](mailto:support@vibecheckai.dev)
 
 ## License
 

package/dist/autopatch/verified-autopatch.js

@@ -60,7 +60,7 @@ class VerifiedAutopatch {
      */
     async createVerifiedFix(options) {
         const fixId = (0, crypto_1.randomUUID)();
-        const branchName = `guardrail/verified-fix-${fixId.slice(0, 8)}`;
+        const branchName = `vibecheck/verified-fix-${fixId.slice(0, 8)}`;
         const fix = {
             id: fixId,
             findingId: options.findingId,
@@ -274,22 +274,22 @@ class VerifiedAutopatch {
      */
     async runFlowsGate() {
         try {
-            // Check if guardrail is available
+            // Check if vibecheck is available
             try {
-                (0, child_process_1.execSync)('guardrail --version', {
+                (0, child_process_1.execSync)('vibecheck --version', {
                     cwd: this.projectPath,
                     stdio: 'pipe',
                 });
             }
             catch {
-                // Guardrail not available, skip flows gate
+                // vibecheck not available, skip flows gate
                 return true;
             }
             // Run reality mode for critical flows
             const flows = ['auth', 'checkout'];
             for (const flow of flows) {
                 try {
-                    (0, child_process_1.execSync)(`guardrail reality --flow ${flow} --headless`, {
+                    (0, child_process_1.execSync)(`vibecheck reality --flow ${flow} --headless`, {
                         cwd: this.projectPath,
                         stdio: 'pipe',
                         timeout: 120000,
@@ -311,19 +311,19 @@ class VerifiedAutopatch {
      */
     async runPolicyGate() {
         try {
-            // Check if guardrail is available
+            // Check if vibecheck is available
             try {
-                (0, child_process_1.execSync)('guardrail --version', {
+                (0, child_process_1.execSync)('vibecheck --version', {
                     cwd: this.projectPath,
                     stdio: 'pipe',
                 });
             }
             catch {
-                return true; // Skip if guardrail not available
+                return true; // Skip if vibecheck not available
             }
             // Run ship check
             try {
-                (0, child_process_1.execSync)('guardrail ship', {
+                (0, child_process_1.execSync)('vibecheck ship', {
                     cwd: this.projectPath,
                     stdio: 'pipe',
                     timeout: 120000,
@@ -407,7 +407,7 @@ class VerifiedAutopatch {
      */
     async generateFixReceipt(fix, gateResults) {
         const { generateReceipt } = require('../reality/receipt-generator');
-        const receiptDir = path.join(this.projectPath, '.guardrail', 'verified-fixes', fix.id);
+        const receiptDir = path.join(this.projectPath, '.vibecheck', 'verified-fixes', fix.id);
         fs.mkdirSync(receiptDir, { recursive: true });
         const receiptPath = await generateReceipt({
             projectPath: this.projectPath,

package/dist/bundles/index.js

@@ -2,7 +2,7 @@
 // This file maps workspace packages to bundled versions
 
 module.exports = {
-  '@guardrail/security': require('./bundles/guardrail-security'),
-  '@guardrail/core': require('./bundles/guardrail-core'),
-  '@guardrail/ship': require('./bundles/guardrail-ship'),
+  '@vibecheck/security': require('./bundles/vibecheck-security'),
+  '@vibecheck/core': require('./bundles/vibecheck-core'),
+  '@vibecheck/ship': require('./bundles/vibecheck-ship'),
 };