npm - @vibecheckai/cli - Versions diffs - 2.8.2 → 3.0.0 - Mend

@vibecheckai/cli 2.8.2 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (454) hide show

package/README.md +8 -8
package/bin/_deprecations.js +35 -0
package/bin/_router.js +46 -0
package/bin/cli-hygiene.js +241 -0
package/bin/guardrail.js +834 -0
package/bin/runners/cli-utils.js +1070 -0
package/bin/runners/context/ai-task-decomposer.js +337 -0
package/bin/runners/context/analyzer.js +462 -0
package/bin/runners/context/api-contracts.js +427 -0
package/bin/runners/context/context-diff.js +342 -0
package/bin/runners/context/context-pruner.js +291 -0
package/bin/runners/context/dependency-graph.js +414 -0
package/bin/runners/context/generators/claude.js +107 -0
package/bin/runners/context/generators/codex.js +108 -0
package/bin/runners/context/generators/copilot.js +119 -0
package/bin/runners/context/generators/cursor.js +514 -0
package/bin/runners/context/generators/mcp.js +151 -0
package/bin/runners/context/generators/windsurf.js +180 -0
package/bin/runners/context/git-context.js +302 -0
package/bin/runners/context/index.js +1042 -0
package/bin/runners/context/insights.js +173 -0
package/bin/runners/context/mcp-server/generate-rules.js +337 -0
package/bin/runners/context/mcp-server/index.js +1176 -0
package/bin/runners/context/mcp-server/package.json +24 -0
package/bin/runners/context/memory.js +200 -0
package/bin/runners/context/monorepo.js +215 -0
package/bin/runners/context/multi-repo-federation.js +404 -0
package/bin/runners/context/patterns.js +253 -0
package/bin/runners/context/proof-context.js +972 -0
package/bin/runners/context/security-scanner.js +303 -0
package/bin/runners/context/semantic-search.js +350 -0
package/bin/runners/context/shared.js +264 -0
package/bin/runners/context/team-conventions.js +310 -0
package/bin/runners/lib/ai-bridge.js +416 -0
package/bin/runners/lib/analysis-core.js +271 -0
package/bin/runners/lib/analyzers.js +541 -0
package/bin/runners/lib/audit-bridge.js +391 -0
package/bin/runners/lib/auth-truth.js +193 -0
package/bin/runners/lib/auth.js +215 -0
package/bin/runners/lib/backup.js +62 -0
package/bin/runners/lib/billing.js +107 -0
package/bin/runners/lib/claims.js +118 -0
package/bin/runners/lib/cli-ui.js +540 -0
package/bin/runners/lib/compliance-bridge-new.js +0 -0
package/bin/runners/lib/compliance-bridge.js +165 -0
package/bin/runners/lib/contracts/auth-contract.js +194 -0
package/bin/runners/lib/contracts/env-contract.js +178 -0
package/bin/runners/lib/contracts/external-contract.js +198 -0
package/bin/runners/lib/contracts/guard.js +168 -0
package/bin/runners/lib/contracts/index.js +89 -0
package/bin/runners/lib/contracts/plan-validator.js +311 -0
package/bin/runners/lib/contracts/route-contract.js +192 -0
package/bin/runners/lib/detect.js +89 -0
package/bin/runners/lib/doctor/autofix.js +254 -0
package/bin/runners/lib/doctor/index.js +37 -0
package/bin/runners/lib/doctor/modules/dependencies.js +325 -0
package/bin/runners/lib/doctor/modules/index.js +46 -0
package/bin/runners/lib/doctor/modules/network.js +250 -0
package/bin/runners/lib/doctor/modules/project.js +312 -0
package/bin/runners/lib/doctor/modules/runtime.js +224 -0
package/bin/runners/lib/doctor/modules/security.js +348 -0
package/bin/runners/lib/doctor/modules/system.js +213 -0
package/bin/runners/lib/doctor/modules/vibecheck.js +394 -0
package/bin/runners/lib/doctor/reporter.js +262 -0
package/bin/runners/lib/doctor/service.js +262 -0
package/bin/runners/lib/doctor/types.js +113 -0
package/bin/runners/lib/doctor/ui.js +263 -0
package/bin/runners/lib/doctor-enhanced.js +233 -0
package/bin/runners/lib/doctor-v2.js +608 -0
package/bin/runners/lib/enforcement.js +72 -0
package/bin/runners/lib/enterprise-detect.js +603 -0
package/bin/runners/lib/enterprise-init.js +942 -0
package/bin/runners/lib/entitlements-v2.js +381 -0
package/bin/runners/lib/entitlements.generated.js +0 -0
package/bin/runners/lib/entitlements.js +332 -0
package/bin/runners/lib/env-template.js +66 -0
package/bin/runners/lib/env.js +189 -0
package/bin/runners/lib/error-handler.js +320 -0
package/bin/runners/lib/firewall-prompt.js +50 -0
package/bin/runners/lib/graph/graph-builder.js +265 -0
package/bin/runners/lib/graph/html-renderer.js +413 -0
package/bin/runners/lib/graph/index.js +32 -0
package/bin/runners/lib/graph/runtime-collector.js +215 -0
package/bin/runners/lib/graph/static-extractor.js +518 -0
package/bin/runners/lib/init-wizard.js +308 -0
package/bin/runners/lib/json-output.js +76 -0
package/bin/runners/lib/llm.js +75 -0
package/bin/runners/lib/meter.js +61 -0
package/bin/runners/lib/missions/evidence.js +126 -0
package/bin/runners/lib/missions/plan.js +69 -0
package/bin/runners/lib/missions/templates.js +147 -0
package/bin/runners/lib/patch.js +40 -0
package/bin/runners/lib/permissions/auth-model.js +213 -0
package/bin/runners/lib/permissions/idor-prover.js +205 -0
package/bin/runners/lib/permissions/index.js +45 -0
package/bin/runners/lib/permissions/matrix-builder.js +198 -0
package/bin/runners/lib/pkgjson.js +28 -0
package/bin/runners/lib/preflight.js +142 -0
package/bin/runners/lib/reality-findings.js +84 -0
package/bin/runners/lib/redact.js +29 -0
package/bin/runners/lib/replay/capsule-manager.js +154 -0
package/bin/runners/lib/replay/index.js +263 -0
package/bin/runners/lib/replay/player.js +348 -0
package/bin/runners/lib/replay/recorder.js +331 -0
package/bin/runners/lib/report-engine.js +447 -0
package/bin/runners/lib/report-html.js +1117 -0
package/bin/runners/lib/report-templates.js +964 -0
package/bin/runners/lib/route-detection.js +1140 -0
package/bin/runners/lib/route-truth.js +477 -0
package/bin/runners/lib/sandbox/index.js +59 -0
package/bin/runners/lib/sandbox/proof-chain.js +399 -0
package/bin/runners/lib/sandbox/sandbox-runner.js +205 -0
package/bin/runners/lib/sandbox/worktree.js +174 -0
package/bin/runners/lib/scan-cache.js +330 -0
package/bin/runners/lib/scan-output-schema.js +344 -0
package/bin/runners/lib/score-history.js +282 -0
package/bin/runners/lib/security-bridge.js +249 -0
package/bin/runners/lib/server-usage.js +513 -0
package/bin/runners/lib/share-pack.js +239 -0
package/bin/runners/lib/snippets.js +67 -0
package/bin/runners/lib/truth.js +667 -0
package/bin/runners/lib/unified-output.js +189 -0
package/bin/runners/lib/validate-patch.js +156 -0
package/bin/runners/lib/verification.js +345 -0
package/bin/runners/reality/engine.js +917 -0
package/bin/runners/reality/flows.js +122 -0
package/bin/runners/reality/report.js +378 -0
package/bin/runners/reality/session.js +193 -0
package/bin/runners/runAIAgent.js +2 -0
package/bin/runners/runAudit.js +2 -0
package/bin/runners/runAuth.js +106 -0
package/bin/runners/runAutopilot.js +2 -0
package/bin/runners/runBadge.js +2 -0
package/bin/runners/runCertify.js +2 -0
package/bin/runners/runClaimVerifier.js +483 -0
package/bin/runners/runContext.js +56 -0
package/bin/runners/runContextCompiler.js +385 -0
package/bin/runners/runCtx.js +187 -0
package/bin/runners/runCtxGuard.js +176 -0
package/bin/runners/runCtxSync.js +116 -0
package/bin/runners/runDashboard.js +10 -0
package/bin/runners/runDoctor.js +245 -0
package/bin/runners/runEnhancedShip.js +2 -0
package/bin/runners/runFix.js +735 -0
package/bin/runners/runFixPacks.js +2 -0
package/bin/runners/runGate.js +17 -0
package/bin/runners/runGraph.js +283 -0
package/bin/runners/runInit.js +260 -0
package/bin/runners/runInitGha.js +101 -0
package/bin/runners/runInstall.js +76 -0
package/bin/runners/runInteractive.js +388 -0
package/bin/runners/runLaunch.js +2 -0
package/bin/runners/runMcp.js +19 -0
package/bin/runners/runMdc.js +2 -0
package/bin/runners/runMissionGenerator.js +282 -0
package/bin/runners/runNaturalLanguage.js +3 -0
package/bin/runners/runPR.js +96 -0
package/bin/runners/runPermissions.js +290 -0
package/bin/runners/runPromptFirewall.js +211 -0
package/bin/runners/runProof.js +2 -0
package/bin/runners/runProve.js +392 -0
package/bin/runners/runReality.js +489 -0
package/bin/runners/runRealitySniff.js +2 -0
package/bin/runners/runReplay.js +469 -0
package/bin/runners/runReport.js +478 -0
package/bin/runners/runScan.js +835 -0
package/bin/runners/runShare.js +34 -0
package/bin/runners/runShip.js +1062 -0
package/bin/runners/runStatus.js +136 -0
package/bin/runners/runTruthpack.js +634 -0
package/bin/runners/runUpgrade.js +2 -0
package/bin/runners/runValidate.js +2 -0
package/bin/runners/runVerifyAgentOutput.js +2 -0
package/bin/runners/runWatch.js +230 -0
package/bin/runners/utils.js +360 -0
package/bin/scan.js +612 -0
package/bin/vibecheck.js +834 -0
package/package.json +11 -11
package/dist/autopatch/verified-autopatch.d.ts +0 -111
package/dist/autopatch/verified-autopatch.d.ts.map +0 -1
package/dist/autopatch/verified-autopatch.js +0 -503
package/dist/autopatch/verified-autopatch.js.map +0 -1
package/dist/bundles/index.js +0 -8
package/dist/bundles/vibecheck-core.js +0 -25799
package/dist/bundles/vibecheck-security.js +0 -208693
package/dist/bundles/vibecheck-ship.js +0 -2318
package/dist/commands/baseline.d.ts +0 -7
package/dist/commands/baseline.d.ts.map +0 -1
package/dist/commands/baseline.js +0 -79
package/dist/commands/baseline.js.map +0 -1
package/dist/commands/cache.d.ts +0 -13
package/dist/commands/cache.d.ts.map +0 -1
package/dist/commands/cache.js +0 -165
package/dist/commands/cache.js.map +0 -1
package/dist/commands/checkpoint.d.ts +0 -8
package/dist/commands/checkpoint.d.ts.map +0 -1
package/dist/commands/checkpoint.js +0 -35
package/dist/commands/checkpoint.js.map +0 -1
package/dist/commands/doctor.d.ts +0 -17
package/dist/commands/doctor.d.ts.map +0 -1
package/dist/commands/doctor.js +0 -226
package/dist/commands/doctor.js.map +0 -1
package/dist/commands/evidence.d.ts +0 -45
package/dist/commands/evidence.d.ts.map +0 -1
package/dist/commands/evidence.js +0 -197
package/dist/commands/evidence.js.map +0 -1
package/dist/commands/explain.d.ts +0 -8
package/dist/commands/explain.d.ts.map +0 -1
package/dist/commands/explain.js +0 -52
package/dist/commands/explain.js.map +0 -1
package/dist/commands/fix-consolidated.d.ts +0 -19
package/dist/commands/fix-consolidated.d.ts.map +0 -1
package/dist/commands/fix-consolidated.js +0 -165
package/dist/commands/fix-consolidated.js.map +0 -1
package/dist/commands/index.d.ts +0 -8
package/dist/commands/index.d.ts.map +0 -1
package/dist/commands/index.js +0 -15
package/dist/commands/index.js.map +0 -1
package/dist/commands/init.d.ts +0 -8
package/dist/commands/init.d.ts.map +0 -1
package/dist/commands/init.js +0 -125
package/dist/commands/init.js.map +0 -1
package/dist/commands/launcher.d.ts +0 -10
package/dist/commands/launcher.d.ts.map +0 -1
package/dist/commands/launcher.js +0 -174
package/dist/commands/launcher.js.map +0 -1
package/dist/commands/on.d.ts +0 -8
package/dist/commands/on.d.ts.map +0 -1
package/dist/commands/on.js +0 -123
package/dist/commands/on.js.map +0 -1
package/dist/commands/replay.d.ts +0 -8
package/dist/commands/replay.d.ts.map +0 -1
package/dist/commands/replay.js +0 -52
package/dist/commands/replay.js.map +0 -1
package/dist/commands/scan-consolidated.d.ts +0 -61
package/dist/commands/scan-consolidated.d.ts.map +0 -1
package/dist/commands/scan-consolidated.js +0 -243
package/dist/commands/scan-consolidated.js.map +0 -1
package/dist/commands/scan-secrets.d.ts +0 -47
package/dist/commands/scan-secrets.d.ts.map +0 -1
package/dist/commands/scan-secrets.js +0 -225
package/dist/commands/scan-secrets.js.map +0 -1
package/dist/commands/scan-vulnerabilities-enhanced.d.ts +0 -41
package/dist/commands/scan-vulnerabilities-enhanced.d.ts.map +0 -1
package/dist/commands/scan-vulnerabilities-enhanced.js +0 -368
package/dist/commands/scan-vulnerabilities-enhanced.js.map +0 -1
package/dist/commands/scan-vulnerabilities-osv.d.ts +0 -58
package/dist/commands/scan-vulnerabilities-osv.d.ts.map +0 -1
package/dist/commands/scan-vulnerabilities-osv.js +0 -722
package/dist/commands/scan-vulnerabilities-osv.js.map +0 -1
package/dist/commands/scan-vulnerabilities.d.ts +0 -32
package/dist/commands/scan-vulnerabilities.d.ts.map +0 -1
package/dist/commands/scan-vulnerabilities.js +0 -283
package/dist/commands/scan-vulnerabilities.js.map +0 -1
package/dist/commands/secrets-allowlist.d.ts +0 -7
package/dist/commands/secrets-allowlist.d.ts.map +0 -1
package/dist/commands/secrets-allowlist.js +0 -85
package/dist/commands/secrets-allowlist.js.map +0 -1
package/dist/commands/ship-consolidated.d.ts +0 -58
package/dist/commands/ship-consolidated.d.ts.map +0 -1
package/dist/commands/ship-consolidated.js +0 -515
package/dist/commands/ship-consolidated.js.map +0 -1
package/dist/commands/stats.d.ts +0 -8
package/dist/commands/stats.d.ts.map +0 -1
package/dist/commands/stats.js +0 -134
package/dist/commands/stats.js.map +0 -1
package/dist/commands/upgrade.d.ts +0 -8
package/dist/commands/upgrade.d.ts.map +0 -1
package/dist/commands/upgrade.js +0 -30
package/dist/commands/upgrade.js.map +0 -1
package/dist/fix/applicator.d.ts +0 -44
package/dist/fix/applicator.d.ts.map +0 -1
package/dist/fix/applicator.js +0 -144
package/dist/fix/applicator.js.map +0 -1
package/dist/fix/backup.d.ts +0 -38
package/dist/fix/backup.d.ts.map +0 -1
package/dist/fix/backup.js +0 -154
package/dist/fix/backup.js.map +0 -1
package/dist/fix/engine.d.ts +0 -55
package/dist/fix/engine.d.ts.map +0 -1
package/dist/fix/engine.js +0 -285
package/dist/fix/engine.js.map +0 -1
package/dist/fix/index.d.ts +0 -5
package/dist/fix/index.d.ts.map +0 -1
package/dist/fix/index.js +0 -12
package/dist/fix/index.js.map +0 -1
package/dist/fix/interactive.d.ts +0 -22
package/dist/fix/interactive.d.ts.map +0 -1
package/dist/fix/interactive.js +0 -172
package/dist/fix/interactive.js.map +0 -1
package/dist/formatters/index.d.ts +0 -6
package/dist/formatters/index.d.ts.map +0 -1
package/dist/formatters/index.js +0 -11
package/dist/formatters/index.js.map +0 -1
package/dist/formatters/sarif-enhanced.d.ts +0 -78
package/dist/formatters/sarif-enhanced.d.ts.map +0 -1
package/dist/formatters/sarif-enhanced.js +0 -144
package/dist/formatters/sarif-enhanced.js.map +0 -1
package/dist/formatters/sarif-v2.d.ts +0 -121
package/dist/formatters/sarif-v2.d.ts.map +0 -1
package/dist/formatters/sarif-v2.js +0 -356
package/dist/formatters/sarif-v2.js.map +0 -1
package/dist/formatters/sarif.d.ts +0 -72
package/dist/formatters/sarif.d.ts.map +0 -1
package/dist/formatters/sarif.js +0 -146
package/dist/formatters/sarif.js.map +0 -1
package/dist/index.d.ts +0 -61
package/dist/index.d.ts.map +0 -1
package/dist/index.js +0 -4388
package/dist/index.js.map +0 -1
package/dist/init/ci-generator.d.ts +0 -18
package/dist/init/ci-generator.d.ts.map +0 -1
package/dist/init/ci-generator.js +0 -317
package/dist/init/ci-generator.js.map +0 -1
package/dist/init/detect-framework.d.ts +0 -15
package/dist/init/detect-framework.d.ts.map +0 -1
package/dist/init/detect-framework.js +0 -301
package/dist/init/detect-framework.js.map +0 -1
package/dist/init/hooks-installer.d.ts +0 -22
package/dist/init/hooks-installer.d.ts.map +0 -1
package/dist/init/hooks-installer.js +0 -310
package/dist/init/hooks-installer.js.map +0 -1
package/dist/init/index.d.ts +0 -8
package/dist/init/index.d.ts.map +0 -1
package/dist/init/index.js +0 -22
package/dist/init/index.js.map +0 -1
package/dist/init/templates.d.ts +0 -402
package/dist/init/templates.d.ts.map +0 -1
package/dist/init/templates.js +0 -240
package/dist/init/templates.js.map +0 -1
package/dist/mcp/server.d.ts +0 -12
package/dist/mcp/server.d.ts.map +0 -1
package/dist/mcp/server.js +0 -42
package/dist/mcp/server.js.map +0 -1
package/dist/mcp/telemetry.d.ts +0 -40
package/dist/mcp/telemetry.d.ts.map +0 -1
package/dist/mcp/telemetry.js +0 -98
package/dist/mcp/telemetry.js.map +0 -1
package/dist/reality/no-dead-buttons/button-sweep-generator.d.ts +0 -32
package/dist/reality/no-dead-buttons/button-sweep-generator.d.ts.map +0 -1
package/dist/reality/no-dead-buttons/button-sweep-generator.js +0 -236
package/dist/reality/no-dead-buttons/button-sweep-generator.js.map +0 -1
package/dist/reality/no-dead-buttons/index.d.ts +0 -11
package/dist/reality/no-dead-buttons/index.d.ts.map +0 -1
package/dist/reality/no-dead-buttons/index.js +0 -18
package/dist/reality/no-dead-buttons/index.js.map +0 -1
package/dist/reality/no-dead-buttons/static-scanner.d.ts +0 -34
package/dist/reality/no-dead-buttons/static-scanner.d.ts.map +0 -1
package/dist/reality/no-dead-buttons/static-scanner.js +0 -230
package/dist/reality/no-dead-buttons/static-scanner.js.map +0 -1
package/dist/reality/reality-graph.d.ts +0 -192
package/dist/reality/reality-graph.d.ts.map +0 -1
package/dist/reality/reality-graph.js +0 -600
package/dist/reality/reality-graph.js.map +0 -1
package/dist/reality/reality-runner.d.ts +0 -89
package/dist/reality/reality-runner.d.ts.map +0 -1
package/dist/reality/reality-runner.js +0 -540
package/dist/reality/reality-runner.js.map +0 -1
package/dist/reality/receipt-generator.d.ts +0 -152
package/dist/reality/receipt-generator.d.ts.map +0 -1
package/dist/reality/receipt-generator.js +0 -495
package/dist/reality/receipt-generator.js.map +0 -1
package/dist/reality/runtime-tracer.d.ts +0 -75
package/dist/reality/runtime-tracer.d.ts.map +0 -1
package/dist/reality/runtime-tracer.js +0 -109
package/dist/reality/runtime-tracer.js.map +0 -1
package/dist/runtime/auth-utils.d.ts +0 -43
package/dist/runtime/auth-utils.d.ts.map +0 -1
package/dist/runtime/auth-utils.js +0 -130
package/dist/runtime/auth-utils.js.map +0 -1
package/dist/runtime/client.d.ts +0 -74
package/dist/runtime/client.d.ts.map +0 -1
package/dist/runtime/client.js +0 -222
package/dist/runtime/client.js.map +0 -1
package/dist/runtime/creds.d.ts +0 -48
package/dist/runtime/creds.d.ts.map +0 -1
package/dist/runtime/creds.js +0 -245
package/dist/runtime/creds.js.map +0 -1
package/dist/runtime/exit-codes.d.ts +0 -49
package/dist/runtime/exit-codes.d.ts.map +0 -1
package/dist/runtime/exit-codes.js +0 -93
package/dist/runtime/exit-codes.js.map +0 -1
package/dist/runtime/index.d.ts +0 -9
package/dist/runtime/index.d.ts.map +0 -1
package/dist/runtime/index.js +0 -25
package/dist/runtime/index.js.map +0 -1
package/dist/runtime/json-output.d.ts +0 -42
package/dist/runtime/json-output.d.ts.map +0 -1
package/dist/runtime/json-output.js +0 -59
package/dist/runtime/json-output.js.map +0 -1
package/dist/runtime/semver.d.ts +0 -37
package/dist/runtime/semver.d.ts.map +0 -1
package/dist/runtime/semver.js +0 -110
package/dist/runtime/semver.js.map +0 -1
package/dist/scan/dead-ui-detector.d.ts +0 -48
package/dist/scan/dead-ui-detector.d.ts.map +0 -1
package/dist/scan/dead-ui-detector.js +0 -170
package/dist/scan/dead-ui-detector.js.map +0 -1
package/dist/scan/playwright-sweep.d.ts +0 -40
package/dist/scan/playwright-sweep.d.ts.map +0 -1
package/dist/scan/playwright-sweep.js +0 -216
package/dist/scan/playwright-sweep.js.map +0 -1
package/dist/scan/proof-bundle.d.ts +0 -25
package/dist/scan/proof-bundle.d.ts.map +0 -1
package/dist/scan/proof-bundle.js +0 -203
package/dist/scan/proof-bundle.js.map +0 -1
package/dist/scan/proof-graph.d.ts +0 -59
package/dist/scan/proof-graph.d.ts.map +0 -1
package/dist/scan/proof-graph.js +0 -64
package/dist/scan/proof-graph.js.map +0 -1
package/dist/scan/reality-sniff.d.ts +0 -56
package/dist/scan/reality-sniff.d.ts.map +0 -1
package/dist/scan/reality-sniff.js +0 -200
package/dist/scan/reality-sniff.js.map +0 -1
package/dist/scan/structural-verifier.d.ts +0 -20
package/dist/scan/structural-verifier.d.ts.map +0 -1
package/dist/scan/structural-verifier.js +0 -112
package/dist/scan/structural-verifier.js.map +0 -1
package/dist/scan/verification-engine.d.ts +0 -47
package/dist/scan/verification-engine.d.ts.map +0 -1
package/dist/scan/verification-engine.js +0 -141
package/dist/scan/verification-engine.js.map +0 -1
package/dist/scanner/baseline.d.ts +0 -52
package/dist/scanner/baseline.d.ts.map +0 -1
package/dist/scanner/baseline.js +0 -85
package/dist/scanner/baseline.js.map +0 -1
package/dist/scanner/incremental.d.ts +0 -30
package/dist/scanner/incremental.d.ts.map +0 -1
package/dist/scanner/incremental.js +0 -82
package/dist/scanner/incremental.js.map +0 -1
package/dist/scanner/parallel.d.ts +0 -43
package/dist/scanner/parallel.d.ts.map +0 -1
package/dist/scanner/parallel.js +0 -99
package/dist/scanner/parallel.js.map +0 -1
package/dist/standalone.d.ts +0 -1
package/dist/standalone.d.ts.map +0 -1
package/dist/standalone.js +0 -1
package/dist/standalone.js.map +0 -1
package/dist/truth-pack/index.d.ts +0 -102
package/dist/truth-pack/index.d.ts.map +0 -1
package/dist/truth-pack/index.js +0 -694
package/dist/truth-pack/index.js.map +0 -1
package/dist/ui/frame.d.ts +0 -68
package/dist/ui/frame.d.ts.map +0 -1
package/dist/ui/frame.js +0 -165
package/dist/ui/frame.js.map +0 -1
package/dist/ui/index.d.ts +0 -5
package/dist/ui/index.d.ts.map +0 -1
package/dist/ui/index.js +0 -16
package/dist/ui/index.js.map +0 -1
package/dist/ui.d.ts +0 -36
package/dist/ui.d.ts.map +0 -1
package/dist/ui.js +0 -45
package/dist/ui.js.map +0 -1

package/bin/runners/lib/audit-bridge.js ADDED Viewed

@@ -0,0 +1,391 @@
+/**
+ * Audit Bridge - CLI Integration
+ *
+ * Provides a CommonJS wrapper for the audit trail functionality.
+ * Used by CLI runners to emit audit events.
+ */
+"use strict";
+const path = require("path");
+const fs = require("fs");
+const crypto = require("crypto");
+// Configuration
+const AUDIT_DIR = ".vibecheck/audit";
+const AUDIT_FILE = "audit.log.jsonl";
+const GENESIS_HASH = "0".repeat(64);
+// Tier from environment or default
+function getCurrentTier() {
+  return process.env.VIBECHECK_TIER || "free";
+}
+// Get current actor from environment
+function getCurrentActor() {
+  const userId = process.env.VIBECHECK_USER_ID || process.env.USER || process.env.USERNAME || "anonymous";
+  const userName = process.env.VIBECHECK_USER_NAME || process.env.USERNAME;
+  const userEmail = process.env.VIBECHECK_USER_EMAIL;
+  // Detect CI environment
+  if (process.env.CI || process.env.GITHUB_ACTIONS || process.env.GITLAB_CI) {
+    return {
+      id: process.env.GITHUB_ACTOR || process.env.GITLAB_USER_LOGIN || "ci-system",
+      type: "ci",
+      name: process.env.GITHUB_ACTOR || process.env.GITLAB_USER_NAME,
+    };
+  }
+  return {
+    id: userId,
+    type: "user",
+    name: userName,
+    email: userEmail,
+  };
+}
+// Redaction patterns for sensitive data
+const REDACTION_PATTERNS = [
+  /(?:api[_-]?key|apikey|token|secret|password|pwd|auth)[=:]\s*['"]?([a-zA-Z0-9_\-]{16,})['"]?/gi,
+  /eyJ[a-zA-Z0-9_-]+\.eyJ[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+/g,
+  /(?:AKIA|ABIA|ACCA|ASIA)[A-Z0-9]{16}/g,
+  /(?:sk_live_|sk_test_|pk_live_|pk_test_)[a-zA-Z0-9]+/g,
+];
+function redactSensitive(input) {
+  if (typeof input !== "string") return input;
+  let result = input;
+  for (const pattern of REDACTION_PATTERNS) {
+    result = result.replace(pattern, "[REDACTED]");
+  }
+  return result;
+}
+function redactMetadata(metadata, tier) {
+  if (!metadata) return undefined;
+  // Compliance+ gets full metadata (still redact secrets)
+  if (["compliance", "enterprise", "unlimited"].includes(tier)) {
+    return redactObject(metadata);
+  }
+  // Pro gets limited metadata
+  if (tier === "pro") {
+    return {
+      command: metadata.command,
+      score: metadata.score,
+      grade: metadata.grade,
+      issueCount: metadata.issueCount,
+      fixCount: metadata.fixCount,
+      durationMs: metadata.durationMs,
+      errorCode: metadata.errorCode,
+    };
+  }
+  // Free/Starter get minimal
+  return {
+    score: metadata.score,
+    grade: metadata.grade,
+  };
+}
+function redactObject(obj) {
+  if (!obj || typeof obj !== "object") return obj;
+  const result = {};
+  for (const [key, value] of Object.entries(obj)) {
+    if (typeof value === "string") {
+      result[key] = redactSensitive(value);
+    } else if (Array.isArray(value)) {
+      result[key] = value.map((v) => (typeof v === "string" ? redactSensitive(v) : v));
+    } else if (typeof value === "object" && value !== null) {
+      result[key] = redactObject(value);
+    } else {
+      result[key] = value;
+    }
+  }
+  return result;
+}
+// Compute SHA-256 hash
+function computeHash(event) {
+  const payload = JSON.stringify({
+    id: event.id,
+    timestamp: event.timestamp,
+    actor: event.actor,
+    surface: event.surface,
+    action: event.action,
+    category: event.category,
+    target: event.target,
+    tier: event.tier,
+    result: event.result,
+    metadata: event.metadata,
+    prevHash: event.prevHash,
+    version: event.version,
+  });
+  return crypto.createHash("sha256").update(payload).digest("hex");
+}
+// Get audit file path
+function getAuditFilePath(basePath = process.cwd()) {
+  return path.join(basePath, AUDIT_DIR, AUDIT_FILE);
+}
+// Ensure audit directory exists
+function ensureAuditDir(basePath = process.cwd()) {
+  const dir = path.join(basePath, AUDIT_DIR);
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true });
+  }
+}
+// Get last hash from audit log
+function getLastHash(basePath = process.cwd()) {
+  const filePath = getAuditFilePath(basePath);
+  if (!fs.existsSync(filePath)) {
+    return GENESIS_HASH;
+  }
+  const content = fs.readFileSync(filePath, "utf8");
+  const lines = content.split("\n").filter((line) => line.trim());
+  if (lines.length === 0) {
+    return GENESIS_HASH;
+  }
+  try {
+    const lastEvent = JSON.parse(lines[lines.length - 1]);
+    return lastEvent.hash || GENESIS_HASH;
+  } catch {
+    return GENESIS_HASH;
+  }
+}
+// Create audit event
+function createEvent(input, prevHash) {
+  const tier = getCurrentTier();
+  const id = crypto.randomUUID();
+  const timestamp = new Date().toISOString();
+  const eventWithoutHash = {
+    id,
+    timestamp,
+    actor: input.actor || getCurrentActor(),
+    surface: input.surface,
+    action: input.action,
+    category: input.category,
+    target: input.target,
+    tier,
+    result: input.result,
+    metadata: redactMetadata(input.metadata, tier),
+    prevHash,
+    version: 1,
+  };
+  const hash = computeHash(eventWithoutHash);
+  return {
+    ...eventWithoutHash,
+    hash,
+  };
+}
+// Emit audit event
+function emit(input, basePath = process.cwd()) {
+  try {
+    ensureAuditDir(basePath);
+    const prevHash = getLastHash(basePath);
+    const event = createEvent(input, prevHash);
+    const filePath = getAuditFilePath(basePath);
+    fs.appendFileSync(filePath, JSON.stringify(event) + "\n", "utf8");
+    return event;
+  } catch (err) {
+    // Silently fail - audit should not break main functionality
+    if (process.env.VIBECHECK_DEBUG) {
+      console.error("[audit] Failed to emit event:", err.message);
+    }
+    return null;
+  }
+}
+// Pre-defined actions
+const AuditActions = {
+  SCAN_START: "scan.start",
+  SCAN_COMPLETE: "scan.complete",
+  SCAN_ERROR: "scan.error",
+  SHIP_CHECK: "ship.check",
+  SHIP_APPROVE: "ship.approve",
+  SHIP_REJECT: "ship.reject",
+  REALITY_START: "reality.start",
+  REALITY_COMPLETE: "reality.complete",
+  REALITY_ERROR: "reality.error",
+  AUTOPILOT_ENABLE: "autopilot.enable",
+  AUTOPILOT_DISABLE: "autopilot.disable",
+  AUTOPILOT_RUN: "autopilot.run",
+  AUTOPILOT_REPORT: "autopilot.report",
+  FIX_PLAN: "fix.plan",
+  FIX_APPLY: "fix.apply",
+  FIX_REVERT: "fix.revert",
+  GATE_CHECK: "gate.check",
+  GATE_PASS: "gate.pass",
+  GATE_FAIL: "gate.fail",
+  AUTH_LOGIN: "auth.login",
+  AUTH_LOGOUT: "auth.logout",
+  TOOL_INVOKE: "tool.invoke",
+  TOOL_COMPLETE: "tool.complete",
+  TOOL_ERROR: "tool.error",
+};
+// Convenience emitters
+function emitScanStart(projectPath, args) {
+  return emit({
+    surface: "cli",
+    action: AuditActions.SCAN_START,
+    category: "scan",
+    target: { type: "project", path: projectPath },
+    result: "success",
+    metadata: { command: "scan", args, projectPath },
+  });
+}
+function emitScanComplete(projectPath, result, metadata) {
+  return emit({
+    surface: "cli",
+    action: AuditActions.SCAN_COMPLETE,
+    category: "scan",
+    target: { type: "project", path: projectPath },
+    result,
+    metadata: { command: "scan", projectPath, ...metadata },
+  });
+}
+function emitShipCheck(projectPath, result, metadata) {
+  return emit({
+    surface: "cli",
+    action: AuditActions.SHIP_CHECK,
+    category: "ship",
+    target: { type: "project", path: projectPath },
+    result,
+    metadata: { command: "ship", projectPath, ...metadata },
+  });
+}
+function emitRealityStart(url, flows) {
+  return emit({
+    surface: "cli",
+    action: AuditActions.REALITY_START,
+    category: "reality",
+    target: { type: "url", path: url },
+    result: "success",
+    metadata: { command: "reality", url, flows },
+  });
+}
+function emitRealityComplete(url, result, metadata) {
+  return emit({
+    surface: "cli",
+    action: AuditActions.REALITY_COMPLETE,
+    category: "reality",
+    target: { type: "url", path: url },
+    result,
+    metadata: { command: "reality", ...metadata },
+  });
+}
+function emitAutopilotAction(action, projectPath, result, metadata) {
+  const actionMap = {
+    enable: AuditActions.AUTOPILOT_ENABLE,
+    disable: AuditActions.AUTOPILOT_DISABLE,
+    run: AuditActions.AUTOPILOT_RUN,
+    report: AuditActions.AUTOPILOT_REPORT,
+  };
+  return emit({
+    surface: "cli",
+    action: actionMap[action] || action,
+    category: "autopilot",
+    target: { type: "project", path: projectPath },
+    result,
+    metadata: { command: "autopilot", projectPath, ...metadata },
+  });
+}
+function emitFixPlan(projectPath, result, metadata) {
+  return emit({
+    surface: "cli",
+    action: AuditActions.FIX_PLAN,
+    category: "fix",
+    target: { type: "project", path: projectPath },
+    result,
+    metadata: { command: "fix", projectPath, ...metadata },
+  });
+}
+function emitFixApply(projectPath, result, metadata) {
+  return emit({
+    surface: "cli",
+    action: AuditActions.FIX_APPLY,
+    category: "fix",
+    target: { type: "project", path: projectPath },
+    result,
+    metadata: { command: "fix", projectPath, ...metadata },
+  });
+}
+function emitGateCheck(projectPath, passed, metadata) {
+  return emit({
+    surface: "cli",
+    action: passed ? AuditActions.GATE_PASS : AuditActions.GATE_FAIL,
+    category: "gate",
+    target: { type: "project", path: projectPath },
+    result: passed ? "success" : "failure",
+    metadata: { command: "gate", projectPath, ...metadata },
+  });
+}
+function emitToolInvoke(surface, toolName, args, result, metadata) {
+  return emit({
+    surface,
+    action: AuditActions.TOOL_INVOKE,
+    category: "tool",
+    target: { type: "tool", name: toolName },
+    result,
+    metadata: { command: toolName, args, ...metadata },
+  });
+}
+function emitAuth(action, result, metadata) {
+  const actionMap = {
+    login: AuditActions.AUTH_LOGIN,
+    logout: AuditActions.AUTH_LOGOUT,
+  };
+  return emit({
+    surface: "cli",
+    action: actionMap[action] || action,
+    category: "auth",
+    target: { type: "auth" },
+    result,
+    metadata,
+  });
+}
+// Export the audit bridge
+module.exports = {
+  emit,
+  AuditActions,
+  emitScanStart,
+  emitScanComplete,
+  emitShipCheck,
+  emitRealityStart,
+  emitRealityComplete,
+  emitAutopilotAction,
+  emitFixPlan,
+  emitFixApply,
+  emitGateCheck,
+  emitToolInvoke,
+  emitAuth,
+  getCurrentTier,
+  getCurrentActor,
+  getAuditFilePath,
+};

package/bin/runners/lib/auth-truth.js ADDED Viewed

@@ -0,0 +1,193 @@
+// bin/runners/lib/auth-truth.js
+// Auth Truth v1 - Detects auth/protection patterns in Next + Fastify codebases
+const fg = require("fast-glob");
+const fs = require("fs");
+const path = require("path");
+const crypto = require("crypto");
+function sha256(text) {
+  return "sha256:" + crypto.createHash("sha256").update(text).digest("hex");
+}
+function safeRead(fileAbs) {
+  return fs.readFileSync(fileAbs, "utf8");
+}
+function evidenceFromLine({ fileAbs, repoRoot, lineNo, reason }) {
+  const fileRel = path.relative(repoRoot, fileAbs).replace(/\\/g, "/");
+  const lines = safeRead(fileAbs).split(/\r?\n/);
+  const idx = Math.max(0, Math.min(lines.length - 1, lineNo - 1));
+  const snippet = lines[idx] || "";
+  return {
+    id: `ev_${crypto.randomBytes(4).toString("hex")}`,
+    file: fileRel,
+    lines: `${lineNo}-${lineNo}`,
+    snippetHash: sha256(snippet),
+    reason
+  };
+}
+function findLineMatches(code, regex) {
+  const out = [];
+  const lines = code.split(/\r?\n/);
+  for (let i = 0; i < lines.length; i++) {
+    if (regex.test(lines[i])) out.push(i + 1);
+  }
+  return out;
+}
+function guessAuthSignalsFromCode(code) {
+  const signals = [];
+  const patterns = [
+    { key: "next_middleware", rx: /\bNextResponse\.(redirect|rewrite)\b/ },
+    { key: "next_auth", rx: /\bgetServerSession\b|\bNextAuth\b|\bauth\(\)\b/ },
+    { key: "clerk", rx: /\bclerkMiddleware\b|\bauthMiddleware\b|@clerk\/nextjs/ },
+    { key: "supabase", rx: /\bcreateRouteHandlerClient\b|\bcreateServerClient\b|@supabase/ },
+    { key: "jwt_verify", rx: /\b(jwtVerify|verifyJWT|verifyToken|authorization|bearer)\b/i },
+    { key: "session", rx: /\b(session|cookie|setCookie|getCookie)\b/i },
+    { key: "rbac", rx: /\b(role|roles|permissions|rbac|isAdmin|adminOnly)\b/i },
+    { key: "fastify_hook", rx: /\.addHook\(\s*['"](onRequest|preHandler|preValidation)['"]/ },
+    { key: "fastify_jwt", rx: /@fastify\/jwt|fastify-jwt|fastify\.jwt/i },
+  ];
+  for (const p of patterns) {
+    if (p.rx.test(code)) signals.push(p.key);
+  }
+  return Array.from(new Set(signals));
+}
+async function resolveNextMiddleware(repoRoot) {
+  const candidates = await fg(
+    ["middleware.@(ts|js)", "src/middleware.@(ts|js)"],
+    { cwd: repoRoot, absolute: true, onlyFiles: true }
+  );
+  const middlewares = [];
+  for (const fileAbs of candidates) {
+    const code = safeRead(fileAbs);
+    const fileRel = path.relative(repoRoot, fileAbs).replace(/\\/g, "/");
+    const matcherLines = findLineMatches(code, /\bmatcher\b/);
+    const redirectLines = findLineMatches(code, /\bNextResponse\.(redirect|rewrite)\b/);
+    const evidence = [];
+    for (const ln of matcherLines.slice(0, 5)) {
+      evidence.push(evidenceFromLine({ fileAbs, repoRoot, lineNo: ln, reason: "Next middleware matcher config" }));
+    }
+    for (const ln of redirectLines.slice(0, 5)) {
+      evidence.push(evidenceFromLine({ fileAbs, repoRoot, lineNo: ln, reason: "Next middleware redirect/rewrite" }));
+    }
+    const matcher = [];
+    const matcherBlock = code.match(/matcher\s*:\s*(\[[\s\S]*?\])/);
+    if (matcherBlock && matcherBlock[1]) {
+      const raw = matcherBlock[1];
+      const strings = Array.from(raw.matchAll(/['"`]([^'"`]+)['"`]/g)).map(m => m[1]);
+      matcher.push(...strings);
+    }
+    middlewares.push({
+      file: fileRel,
+      matcher,
+      signals: guessAuthSignalsFromCode(code),
+      evidence
+    });
+  }
+  return middlewares;
+}
+async function resolveFastifyAuthSignals(repoRoot, truthpackRoutes) {
+  const handlerFiles = new Set((truthpackRoutes || []).map(r => r.handler).filter(Boolean));
+  const signals = [];
+  const evidence = [];
+  for (const fileRel of handlerFiles) {
+    const fileAbs = path.join(repoRoot, fileRel);
+    if (!fs.existsSync(fileAbs)) continue;
+    const code = safeRead(fileAbs);
+    const sigs = guessAuthSignalsFromCode(code);
+    if (!sigs.length) continue;
+    for (const s of sigs) signals.push({ type: s, file: fileRel });
+    const authLinePatterns = [
+      { rx: /\.addHook\(\s*['"](onRequest|preHandler|preValidation)['"]/, reason: "Fastify hook likely used for auth" },
+      { rx: /\b(jwtVerify|authorization|bearer)\b/i, reason: "JWT/Authorization verification signal" },
+      { rx: /@fastify\/jwt|fastify\.jwt/i, reason: "Fastify JWT plugin signal" },
+      { rx: /\b(isAdmin|adminOnly|permissions|rbac)\b/i, reason: "RBAC/permissions signal" },
+    ];
+    const lines = code.split(/\r?\n/);
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      for (const p of authLinePatterns) {
+        if (p.rx.test(line)) {
+          evidence.push({
+            id: `ev_${crypto.randomBytes(4).toString("hex")}`,
+            file: fileRel,
+            lines: `${i + 1}-${i + 1}`,
+            snippetHash: sha256(line),
+            reason: p.reason
+          });
+        }
+      }
+      if (evidence.length > 30) break;
+    }
+  }
+  const uniqueTypes = Array.from(new Set(signals.map(s => s.type)));
+  return {
+    signalTypes: uniqueTypes,
+    signals,
+    evidence
+  };
+}
+function matcherCoversPath(matcherList, p) {
+  if (!Array.isArray(matcherList) || !matcherList.length) return false;
+  const pathStr = p.startsWith("/") ? p : `/${p}`;
+  return matcherList.some(m => {
+    if (!m) return false;
+    if (m.includes(":path*")) {
+      const prefix = m.split(":path*")[0].replace(/\/$/, "");
+      return pathStr.startsWith(prefix || "/");
+    }
+    if (m.includes("(.*)")) {
+      const prefix = m.split("(.*)")[0].replace(/\/$/, "");
+      return pathStr.startsWith(prefix || "/");
+    }
+    if (m === pathStr) return true;
+    if (pathStr.startsWith(m.endsWith("/") ? m : m + "/")) return true;
+    return false;
+  });
+}
+async function buildAuthTruth(repoRoot, routesServer) {
+  const middlewares = await resolveNextMiddleware(repoRoot);
+  const matchers = middlewares.flatMap(mw => mw.matcher || []);
+  const fastify = await resolveFastifyAuthSignals(repoRoot, routesServer);
+  return {
+    nextMiddleware: middlewares,
+    nextMatcherPatterns: matchers,
+    fastify,
+    helpers: {
+      matcherCoversPath: "runtime-only"
+    }
+  };
+}
+module.exports = {
+  buildAuthTruth,
+  matcherCoversPath,
+  guessAuthSignalsFromCode
+};