npm - @vibecheckai/cli - Versions diffs - 2.8.2 → 3.0.0 - Mend

@vibecheckai/cli 2.8.2 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (454) hide show

package/README.md +8 -8
package/bin/_deprecations.js +35 -0
package/bin/_router.js +46 -0
package/bin/cli-hygiene.js +241 -0
package/bin/guardrail.js +834 -0
package/bin/runners/cli-utils.js +1070 -0
package/bin/runners/context/ai-task-decomposer.js +337 -0
package/bin/runners/context/analyzer.js +462 -0
package/bin/runners/context/api-contracts.js +427 -0
package/bin/runners/context/context-diff.js +342 -0
package/bin/runners/context/context-pruner.js +291 -0
package/bin/runners/context/dependency-graph.js +414 -0
package/bin/runners/context/generators/claude.js +107 -0
package/bin/runners/context/generators/codex.js +108 -0
package/bin/runners/context/generators/copilot.js +119 -0
package/bin/runners/context/generators/cursor.js +514 -0
package/bin/runners/context/generators/mcp.js +151 -0
package/bin/runners/context/generators/windsurf.js +180 -0
package/bin/runners/context/git-context.js +302 -0
package/bin/runners/context/index.js +1042 -0
package/bin/runners/context/insights.js +173 -0
package/bin/runners/context/mcp-server/generate-rules.js +337 -0
package/bin/runners/context/mcp-server/index.js +1176 -0
package/bin/runners/context/mcp-server/package.json +24 -0
package/bin/runners/context/memory.js +200 -0
package/bin/runners/context/monorepo.js +215 -0
package/bin/runners/context/multi-repo-federation.js +404 -0
package/bin/runners/context/patterns.js +253 -0
package/bin/runners/context/proof-context.js +972 -0
package/bin/runners/context/security-scanner.js +303 -0
package/bin/runners/context/semantic-search.js +350 -0
package/bin/runners/context/shared.js +264 -0
package/bin/runners/context/team-conventions.js +310 -0
package/bin/runners/lib/ai-bridge.js +416 -0
package/bin/runners/lib/analysis-core.js +271 -0
package/bin/runners/lib/analyzers.js +541 -0
package/bin/runners/lib/audit-bridge.js +391 -0
package/bin/runners/lib/auth-truth.js +193 -0
package/bin/runners/lib/auth.js +215 -0
package/bin/runners/lib/backup.js +62 -0
package/bin/runners/lib/billing.js +107 -0
package/bin/runners/lib/claims.js +118 -0
package/bin/runners/lib/cli-ui.js +540 -0
package/bin/runners/lib/compliance-bridge-new.js +0 -0
package/bin/runners/lib/compliance-bridge.js +165 -0
package/bin/runners/lib/contracts/auth-contract.js +194 -0
package/bin/runners/lib/contracts/env-contract.js +178 -0
package/bin/runners/lib/contracts/external-contract.js +198 -0
package/bin/runners/lib/contracts/guard.js +168 -0
package/bin/runners/lib/contracts/index.js +89 -0
package/bin/runners/lib/contracts/plan-validator.js +311 -0
package/bin/runners/lib/contracts/route-contract.js +192 -0
package/bin/runners/lib/detect.js +89 -0
package/bin/runners/lib/doctor/autofix.js +254 -0
package/bin/runners/lib/doctor/index.js +37 -0
package/bin/runners/lib/doctor/modules/dependencies.js +325 -0
package/bin/runners/lib/doctor/modules/index.js +46 -0
package/bin/runners/lib/doctor/modules/network.js +250 -0
package/bin/runners/lib/doctor/modules/project.js +312 -0
package/bin/runners/lib/doctor/modules/runtime.js +224 -0
package/bin/runners/lib/doctor/modules/security.js +348 -0
package/bin/runners/lib/doctor/modules/system.js +213 -0
package/bin/runners/lib/doctor/modules/vibecheck.js +394 -0
package/bin/runners/lib/doctor/reporter.js +262 -0
package/bin/runners/lib/doctor/service.js +262 -0
package/bin/runners/lib/doctor/types.js +113 -0
package/bin/runners/lib/doctor/ui.js +263 -0
package/bin/runners/lib/doctor-enhanced.js +233 -0
package/bin/runners/lib/doctor-v2.js +608 -0
package/bin/runners/lib/enforcement.js +72 -0
package/bin/runners/lib/enterprise-detect.js +603 -0
package/bin/runners/lib/enterprise-init.js +942 -0
package/bin/runners/lib/entitlements-v2.js +381 -0
package/bin/runners/lib/entitlements.generated.js +0 -0
package/bin/runners/lib/entitlements.js +332 -0
package/bin/runners/lib/env-template.js +66 -0
package/bin/runners/lib/env.js +189 -0
package/bin/runners/lib/error-handler.js +320 -0
package/bin/runners/lib/firewall-prompt.js +50 -0
package/bin/runners/lib/graph/graph-builder.js +265 -0
package/bin/runners/lib/graph/html-renderer.js +413 -0
package/bin/runners/lib/graph/index.js +32 -0
package/bin/runners/lib/graph/runtime-collector.js +215 -0
package/bin/runners/lib/graph/static-extractor.js +518 -0
package/bin/runners/lib/init-wizard.js +308 -0
package/bin/runners/lib/json-output.js +76 -0
package/bin/runners/lib/llm.js +75 -0
package/bin/runners/lib/meter.js +61 -0
package/bin/runners/lib/missions/evidence.js +126 -0
package/bin/runners/lib/missions/plan.js +69 -0
package/bin/runners/lib/missions/templates.js +147 -0
package/bin/runners/lib/patch.js +40 -0
package/bin/runners/lib/permissions/auth-model.js +213 -0
package/bin/runners/lib/permissions/idor-prover.js +205 -0
package/bin/runners/lib/permissions/index.js +45 -0
package/bin/runners/lib/permissions/matrix-builder.js +198 -0
package/bin/runners/lib/pkgjson.js +28 -0
package/bin/runners/lib/preflight.js +142 -0
package/bin/runners/lib/reality-findings.js +84 -0
package/bin/runners/lib/redact.js +29 -0
package/bin/runners/lib/replay/capsule-manager.js +154 -0
package/bin/runners/lib/replay/index.js +263 -0
package/bin/runners/lib/replay/player.js +348 -0
package/bin/runners/lib/replay/recorder.js +331 -0
package/bin/runners/lib/report-engine.js +447 -0
package/bin/runners/lib/report-html.js +1117 -0
package/bin/runners/lib/report-templates.js +964 -0
package/bin/runners/lib/route-detection.js +1140 -0
package/bin/runners/lib/route-truth.js +477 -0
package/bin/runners/lib/sandbox/index.js +59 -0
package/bin/runners/lib/sandbox/proof-chain.js +399 -0
package/bin/runners/lib/sandbox/sandbox-runner.js +205 -0
package/bin/runners/lib/sandbox/worktree.js +174 -0
package/bin/runners/lib/scan-cache.js +330 -0
package/bin/runners/lib/scan-output-schema.js +344 -0
package/bin/runners/lib/score-history.js +282 -0
package/bin/runners/lib/security-bridge.js +249 -0
package/bin/runners/lib/server-usage.js +513 -0
package/bin/runners/lib/share-pack.js +239 -0
package/bin/runners/lib/snippets.js +67 -0
package/bin/runners/lib/truth.js +667 -0
package/bin/runners/lib/unified-output.js +189 -0
package/bin/runners/lib/validate-patch.js +156 -0
package/bin/runners/lib/verification.js +345 -0
package/bin/runners/reality/engine.js +917 -0
package/bin/runners/reality/flows.js +122 -0
package/bin/runners/reality/report.js +378 -0
package/bin/runners/reality/session.js +193 -0
package/bin/runners/runAIAgent.js +2 -0
package/bin/runners/runAudit.js +2 -0
package/bin/runners/runAuth.js +106 -0
package/bin/runners/runAutopilot.js +2 -0
package/bin/runners/runBadge.js +2 -0
package/bin/runners/runCertify.js +2 -0
package/bin/runners/runClaimVerifier.js +483 -0
package/bin/runners/runContext.js +56 -0
package/bin/runners/runContextCompiler.js +385 -0
package/bin/runners/runCtx.js +187 -0
package/bin/runners/runCtxGuard.js +176 -0
package/bin/runners/runCtxSync.js +116 -0
package/bin/runners/runDashboard.js +10 -0
package/bin/runners/runDoctor.js +245 -0
package/bin/runners/runEnhancedShip.js +2 -0
package/bin/runners/runFix.js +735 -0
package/bin/runners/runFixPacks.js +2 -0
package/bin/runners/runGate.js +17 -0
package/bin/runners/runGraph.js +283 -0
package/bin/runners/runInit.js +260 -0
package/bin/runners/runInitGha.js +101 -0
package/bin/runners/runInstall.js +76 -0
package/bin/runners/runInteractive.js +388 -0
package/bin/runners/runLaunch.js +2 -0
package/bin/runners/runMcp.js +19 -0
package/bin/runners/runMdc.js +2 -0
package/bin/runners/runMissionGenerator.js +282 -0
package/bin/runners/runNaturalLanguage.js +3 -0
package/bin/runners/runPR.js +96 -0
package/bin/runners/runPermissions.js +290 -0
package/bin/runners/runPromptFirewall.js +211 -0
package/bin/runners/runProof.js +2 -0
package/bin/runners/runProve.js +392 -0
package/bin/runners/runReality.js +489 -0
package/bin/runners/runRealitySniff.js +2 -0
package/bin/runners/runReplay.js +469 -0
package/bin/runners/runReport.js +478 -0
package/bin/runners/runScan.js +835 -0
package/bin/runners/runShare.js +34 -0
package/bin/runners/runShip.js +1062 -0
package/bin/runners/runStatus.js +136 -0
package/bin/runners/runTruthpack.js +634 -0
package/bin/runners/runUpgrade.js +2 -0
package/bin/runners/runValidate.js +2 -0
package/bin/runners/runVerifyAgentOutput.js +2 -0
package/bin/runners/runWatch.js +230 -0
package/bin/runners/utils.js +360 -0
package/bin/scan.js +612 -0
package/bin/vibecheck.js +834 -0
package/package.json +11 -11
package/dist/autopatch/verified-autopatch.d.ts +0 -111
package/dist/autopatch/verified-autopatch.d.ts.map +0 -1
package/dist/autopatch/verified-autopatch.js +0 -503
package/dist/autopatch/verified-autopatch.js.map +0 -1
package/dist/bundles/index.js +0 -8
package/dist/bundles/vibecheck-core.js +0 -25799
package/dist/bundles/vibecheck-security.js +0 -208693
package/dist/bundles/vibecheck-ship.js +0 -2318
package/dist/commands/baseline.d.ts +0 -7
package/dist/commands/baseline.d.ts.map +0 -1
package/dist/commands/baseline.js +0 -79
package/dist/commands/baseline.js.map +0 -1
package/dist/commands/cache.d.ts +0 -13
package/dist/commands/cache.d.ts.map +0 -1
package/dist/commands/cache.js +0 -165
package/dist/commands/cache.js.map +0 -1
package/dist/commands/checkpoint.d.ts +0 -8
package/dist/commands/checkpoint.d.ts.map +0 -1
package/dist/commands/checkpoint.js +0 -35
package/dist/commands/checkpoint.js.map +0 -1
package/dist/commands/doctor.d.ts +0 -17
package/dist/commands/doctor.d.ts.map +0 -1
package/dist/commands/doctor.js +0 -226
package/dist/commands/doctor.js.map +0 -1
package/dist/commands/evidence.d.ts +0 -45
package/dist/commands/evidence.d.ts.map +0 -1
package/dist/commands/evidence.js +0 -197
package/dist/commands/evidence.js.map +0 -1
package/dist/commands/explain.d.ts +0 -8
package/dist/commands/explain.d.ts.map +0 -1
package/dist/commands/explain.js +0 -52
package/dist/commands/explain.js.map +0 -1
package/dist/commands/fix-consolidated.d.ts +0 -19
package/dist/commands/fix-consolidated.d.ts.map +0 -1
package/dist/commands/fix-consolidated.js +0 -165
package/dist/commands/fix-consolidated.js.map +0 -1
package/dist/commands/index.d.ts +0 -8
package/dist/commands/index.d.ts.map +0 -1
package/dist/commands/index.js +0 -15
package/dist/commands/index.js.map +0 -1
package/dist/commands/init.d.ts +0 -8
package/dist/commands/init.d.ts.map +0 -1
package/dist/commands/init.js +0 -125
package/dist/commands/init.js.map +0 -1
package/dist/commands/launcher.d.ts +0 -10
package/dist/commands/launcher.d.ts.map +0 -1
package/dist/commands/launcher.js +0 -174
package/dist/commands/launcher.js.map +0 -1
package/dist/commands/on.d.ts +0 -8
package/dist/commands/on.d.ts.map +0 -1
package/dist/commands/on.js +0 -123
package/dist/commands/on.js.map +0 -1
package/dist/commands/replay.d.ts +0 -8
package/dist/commands/replay.d.ts.map +0 -1
package/dist/commands/replay.js +0 -52
package/dist/commands/replay.js.map +0 -1
package/dist/commands/scan-consolidated.d.ts +0 -61
package/dist/commands/scan-consolidated.d.ts.map +0 -1
package/dist/commands/scan-consolidated.js +0 -243
package/dist/commands/scan-consolidated.js.map +0 -1
package/dist/commands/scan-secrets.d.ts +0 -47
package/dist/commands/scan-secrets.d.ts.map +0 -1
package/dist/commands/scan-secrets.js +0 -225
package/dist/commands/scan-secrets.js.map +0 -1
package/dist/commands/scan-vulnerabilities-enhanced.d.ts +0 -41
package/dist/commands/scan-vulnerabilities-enhanced.d.ts.map +0 -1
package/dist/commands/scan-vulnerabilities-enhanced.js +0 -368
package/dist/commands/scan-vulnerabilities-enhanced.js.map +0 -1
package/dist/commands/scan-vulnerabilities-osv.d.ts +0 -58
package/dist/commands/scan-vulnerabilities-osv.d.ts.map +0 -1
package/dist/commands/scan-vulnerabilities-osv.js +0 -722
package/dist/commands/scan-vulnerabilities-osv.js.map +0 -1
package/dist/commands/scan-vulnerabilities.d.ts +0 -32
package/dist/commands/scan-vulnerabilities.d.ts.map +0 -1
package/dist/commands/scan-vulnerabilities.js +0 -283
package/dist/commands/scan-vulnerabilities.js.map +0 -1
package/dist/commands/secrets-allowlist.d.ts +0 -7
package/dist/commands/secrets-allowlist.d.ts.map +0 -1
package/dist/commands/secrets-allowlist.js +0 -85
package/dist/commands/secrets-allowlist.js.map +0 -1
package/dist/commands/ship-consolidated.d.ts +0 -58
package/dist/commands/ship-consolidated.d.ts.map +0 -1
package/dist/commands/ship-consolidated.js +0 -515
package/dist/commands/ship-consolidated.js.map +0 -1
package/dist/commands/stats.d.ts +0 -8
package/dist/commands/stats.d.ts.map +0 -1
package/dist/commands/stats.js +0 -134
package/dist/commands/stats.js.map +0 -1
package/dist/commands/upgrade.d.ts +0 -8
package/dist/commands/upgrade.d.ts.map +0 -1
package/dist/commands/upgrade.js +0 -30
package/dist/commands/upgrade.js.map +0 -1
package/dist/fix/applicator.d.ts +0 -44
package/dist/fix/applicator.d.ts.map +0 -1
package/dist/fix/applicator.js +0 -144
package/dist/fix/applicator.js.map +0 -1
package/dist/fix/backup.d.ts +0 -38
package/dist/fix/backup.d.ts.map +0 -1
package/dist/fix/backup.js +0 -154
package/dist/fix/backup.js.map +0 -1
package/dist/fix/engine.d.ts +0 -55
package/dist/fix/engine.d.ts.map +0 -1
package/dist/fix/engine.js +0 -285
package/dist/fix/engine.js.map +0 -1
package/dist/fix/index.d.ts +0 -5
package/dist/fix/index.d.ts.map +0 -1
package/dist/fix/index.js +0 -12
package/dist/fix/index.js.map +0 -1
package/dist/fix/interactive.d.ts +0 -22
package/dist/fix/interactive.d.ts.map +0 -1
package/dist/fix/interactive.js +0 -172
package/dist/fix/interactive.js.map +0 -1
package/dist/formatters/index.d.ts +0 -6
package/dist/formatters/index.d.ts.map +0 -1
package/dist/formatters/index.js +0 -11
package/dist/formatters/index.js.map +0 -1
package/dist/formatters/sarif-enhanced.d.ts +0 -78
package/dist/formatters/sarif-enhanced.d.ts.map +0 -1
package/dist/formatters/sarif-enhanced.js +0 -144
package/dist/formatters/sarif-enhanced.js.map +0 -1
package/dist/formatters/sarif-v2.d.ts +0 -121
package/dist/formatters/sarif-v2.d.ts.map +0 -1
package/dist/formatters/sarif-v2.js +0 -356
package/dist/formatters/sarif-v2.js.map +0 -1
package/dist/formatters/sarif.d.ts +0 -72
package/dist/formatters/sarif.d.ts.map +0 -1
package/dist/formatters/sarif.js +0 -146
package/dist/formatters/sarif.js.map +0 -1
package/dist/index.d.ts +0 -61
package/dist/index.d.ts.map +0 -1
package/dist/index.js +0 -4388
package/dist/index.js.map +0 -1
package/dist/init/ci-generator.d.ts +0 -18
package/dist/init/ci-generator.d.ts.map +0 -1
package/dist/init/ci-generator.js +0 -317
package/dist/init/ci-generator.js.map +0 -1
package/dist/init/detect-framework.d.ts +0 -15
package/dist/init/detect-framework.d.ts.map +0 -1
package/dist/init/detect-framework.js +0 -301
package/dist/init/detect-framework.js.map +0 -1
package/dist/init/hooks-installer.d.ts +0 -22
package/dist/init/hooks-installer.d.ts.map +0 -1
package/dist/init/hooks-installer.js +0 -310
package/dist/init/hooks-installer.js.map +0 -1
package/dist/init/index.d.ts +0 -8
package/dist/init/index.d.ts.map +0 -1
package/dist/init/index.js +0 -22
package/dist/init/index.js.map +0 -1
package/dist/init/templates.d.ts +0 -402
package/dist/init/templates.d.ts.map +0 -1
package/dist/init/templates.js +0 -240
package/dist/init/templates.js.map +0 -1
package/dist/mcp/server.d.ts +0 -12
package/dist/mcp/server.d.ts.map +0 -1
package/dist/mcp/server.js +0 -42
package/dist/mcp/server.js.map +0 -1
package/dist/mcp/telemetry.d.ts +0 -40
package/dist/mcp/telemetry.d.ts.map +0 -1
package/dist/mcp/telemetry.js +0 -98
package/dist/mcp/telemetry.js.map +0 -1
package/dist/reality/no-dead-buttons/button-sweep-generator.d.ts +0 -32
package/dist/reality/no-dead-buttons/button-sweep-generator.d.ts.map +0 -1
package/dist/reality/no-dead-buttons/button-sweep-generator.js +0 -236
package/dist/reality/no-dead-buttons/button-sweep-generator.js.map +0 -1
package/dist/reality/no-dead-buttons/index.d.ts +0 -11
package/dist/reality/no-dead-buttons/index.d.ts.map +0 -1
package/dist/reality/no-dead-buttons/index.js +0 -18
package/dist/reality/no-dead-buttons/index.js.map +0 -1
package/dist/reality/no-dead-buttons/static-scanner.d.ts +0 -34
package/dist/reality/no-dead-buttons/static-scanner.d.ts.map +0 -1
package/dist/reality/no-dead-buttons/static-scanner.js +0 -230
package/dist/reality/no-dead-buttons/static-scanner.js.map +0 -1
package/dist/reality/reality-graph.d.ts +0 -192
package/dist/reality/reality-graph.d.ts.map +0 -1
package/dist/reality/reality-graph.js +0 -600
package/dist/reality/reality-graph.js.map +0 -1
package/dist/reality/reality-runner.d.ts +0 -89
package/dist/reality/reality-runner.d.ts.map +0 -1
package/dist/reality/reality-runner.js +0 -540
package/dist/reality/reality-runner.js.map +0 -1
package/dist/reality/receipt-generator.d.ts +0 -152
package/dist/reality/receipt-generator.d.ts.map +0 -1
package/dist/reality/receipt-generator.js +0 -495
package/dist/reality/receipt-generator.js.map +0 -1
package/dist/reality/runtime-tracer.d.ts +0 -75
package/dist/reality/runtime-tracer.d.ts.map +0 -1
package/dist/reality/runtime-tracer.js +0 -109
package/dist/reality/runtime-tracer.js.map +0 -1
package/dist/runtime/auth-utils.d.ts +0 -43
package/dist/runtime/auth-utils.d.ts.map +0 -1
package/dist/runtime/auth-utils.js +0 -130
package/dist/runtime/auth-utils.js.map +0 -1
package/dist/runtime/client.d.ts +0 -74
package/dist/runtime/client.d.ts.map +0 -1
package/dist/runtime/client.js +0 -222
package/dist/runtime/client.js.map +0 -1
package/dist/runtime/creds.d.ts +0 -48
package/dist/runtime/creds.d.ts.map +0 -1
package/dist/runtime/creds.js +0 -245
package/dist/runtime/creds.js.map +0 -1
package/dist/runtime/exit-codes.d.ts +0 -49
package/dist/runtime/exit-codes.d.ts.map +0 -1
package/dist/runtime/exit-codes.js +0 -93
package/dist/runtime/exit-codes.js.map +0 -1
package/dist/runtime/index.d.ts +0 -9
package/dist/runtime/index.d.ts.map +0 -1
package/dist/runtime/index.js +0 -25
package/dist/runtime/index.js.map +0 -1
package/dist/runtime/json-output.d.ts +0 -42
package/dist/runtime/json-output.d.ts.map +0 -1
package/dist/runtime/json-output.js +0 -59
package/dist/runtime/json-output.js.map +0 -1
package/dist/runtime/semver.d.ts +0 -37
package/dist/runtime/semver.d.ts.map +0 -1
package/dist/runtime/semver.js +0 -110
package/dist/runtime/semver.js.map +0 -1
package/dist/scan/dead-ui-detector.d.ts +0 -48
package/dist/scan/dead-ui-detector.d.ts.map +0 -1
package/dist/scan/dead-ui-detector.js +0 -170
package/dist/scan/dead-ui-detector.js.map +0 -1
package/dist/scan/playwright-sweep.d.ts +0 -40
package/dist/scan/playwright-sweep.d.ts.map +0 -1
package/dist/scan/playwright-sweep.js +0 -216
package/dist/scan/playwright-sweep.js.map +0 -1
package/dist/scan/proof-bundle.d.ts +0 -25
package/dist/scan/proof-bundle.d.ts.map +0 -1
package/dist/scan/proof-bundle.js +0 -203
package/dist/scan/proof-bundle.js.map +0 -1
package/dist/scan/proof-graph.d.ts +0 -59
package/dist/scan/proof-graph.d.ts.map +0 -1
package/dist/scan/proof-graph.js +0 -64
package/dist/scan/proof-graph.js.map +0 -1
package/dist/scan/reality-sniff.d.ts +0 -56
package/dist/scan/reality-sniff.d.ts.map +0 -1
package/dist/scan/reality-sniff.js +0 -200
package/dist/scan/reality-sniff.js.map +0 -1
package/dist/scan/structural-verifier.d.ts +0 -20
package/dist/scan/structural-verifier.d.ts.map +0 -1
package/dist/scan/structural-verifier.js +0 -112
package/dist/scan/structural-verifier.js.map +0 -1
package/dist/scan/verification-engine.d.ts +0 -47
package/dist/scan/verification-engine.d.ts.map +0 -1
package/dist/scan/verification-engine.js +0 -141
package/dist/scan/verification-engine.js.map +0 -1
package/dist/scanner/baseline.d.ts +0 -52
package/dist/scanner/baseline.d.ts.map +0 -1
package/dist/scanner/baseline.js +0 -85
package/dist/scanner/baseline.js.map +0 -1
package/dist/scanner/incremental.d.ts +0 -30
package/dist/scanner/incremental.d.ts.map +0 -1
package/dist/scanner/incremental.js +0 -82
package/dist/scanner/incremental.js.map +0 -1
package/dist/scanner/parallel.d.ts +0 -43
package/dist/scanner/parallel.d.ts.map +0 -1
package/dist/scanner/parallel.js +0 -99
package/dist/scanner/parallel.js.map +0 -1
package/dist/standalone.d.ts +0 -1
package/dist/standalone.d.ts.map +0 -1
package/dist/standalone.js +0 -1
package/dist/standalone.js.map +0 -1
package/dist/truth-pack/index.d.ts +0 -102
package/dist/truth-pack/index.d.ts.map +0 -1
package/dist/truth-pack/index.js +0 -694
package/dist/truth-pack/index.js.map +0 -1
package/dist/ui/frame.d.ts +0 -68
package/dist/ui/frame.d.ts.map +0 -1
package/dist/ui/frame.js +0 -165
package/dist/ui/frame.js.map +0 -1
package/dist/ui/index.d.ts +0 -5
package/dist/ui/index.d.ts.map +0 -1
package/dist/ui/index.js +0 -16
package/dist/ui/index.js.map +0 -1
package/dist/ui.d.ts +0 -36
package/dist/ui.d.ts.map +0 -1
package/dist/ui.js +0 -45
package/dist/ui.js.map +0 -1

package/bin/runners/lib/contracts/auth-contract.js ADDED Viewed

@@ -0,0 +1,194 @@
+/**
+ * Auth Contract Builder
+ * Builds auth.json contract from truthpack
+ */
+"use strict";
+/**
+ * Build auth contract from truthpack
+ */
+function buildAuthContract(truthpack) {
+  const contract = {
+    version: "1.0.0",
+    generatedAt: new Date().toISOString(),
+    protectedPatterns: [],
+    publicPatterns: [],
+    roles: [],
+    evidence: []
+  };
+  // Extract protected patterns from Next middleware
+  const nextMiddleware = truthpack?.auth?.nextMiddleware || [];
+  const matcherPatterns = truthpack?.auth?.nextMatcherPatterns || [];
+  contract.protectedPatterns = [...new Set(matcherPatterns)];
+  // Add evidence from middleware files
+  for (const mw of nextMiddleware) {
+    contract.evidence.push({
+      file: mw.file,
+      type: "next_middleware",
+      signals: mw.signalTypes || []
+    });
+  }
+  // Extract Fastify auth info
+  const fastify = truthpack?.auth?.fastify || {};
+  if (fastify.hooks?.length) {
+    for (const hook of fastify.hooks) {
+      contract.evidence.push({
+        file: hook.file,
+        type: "fastify_hook",
+        hookType: hook.hookType,
+        line: hook.line
+      });
+    }
+  }
+  // Infer roles from truthpack
+  contract.roles = inferRoles(truthpack);
+  // Default public patterns
+  contract.publicPatterns = [
+    "/api/health",
+    "/api/status",
+    "/api/public/*",
+    "/_next/*",
+    "/favicon.ico"
+  ];
+  return contract;
+}
+/**
+ * Infer roles from truthpack
+ */
+function inferRoles(truthpack) {
+  const roles = [];
+  const routes = truthpack?.routes?.server || [];
+  // Check for admin routes
+  const adminRoutes = routes.filter(r => r.path.includes("/admin"));
+  if (adminRoutes.length > 0) {
+    roles.push({
+      name: "admin",
+      routes: adminRoutes.map(r => r.path),
+      evidence: adminRoutes.flatMap(r => r.evidence || [])
+    });
+  }
+  // Check for user routes (default authenticated)
+  const userRoutes = routes.filter(r =>
+    !r.path.includes("/admin") &&
+    !r.path.includes("/public") &&
+    !r.path.includes("/health")
+  );
+  if (userRoutes.length > 0) {
+    roles.push({
+      name: "user",
+      routes: userRoutes.map(r => r.path),
+      evidence: []
+    });
+  }
+  return roles;
+}
+/**
+ * Validate auth coverage
+ */
+function validateAuthContract(contract, routes, realityResults) {
+  const violations = [];
+  // Check that all non-public routes are protected
+  for (const route of routes) {
+    const isPublic = contract.publicPatterns.some(p => matchesPattern(route.path, p));
+    const isProtected = contract.protectedPatterns.some(p => matchesPattern(route.path, p));
+    if (!isPublic && !isProtected) {
+      // Check if route looks sensitive
+      if (looksLikeSensitiveRoute(route.path)) {
+        violations.push({
+          type: "unprotected_sensitive",
+          severity: "WARN",
+          route: route.path,
+          message: `Sensitive route ${route.path} not covered by auth patterns`,
+          evidence: route.evidence || []
+        });
+      }
+    }
+  }
+  // Check reality results for auth bypass
+  if (realityResults) {
+    for (const result of realityResults) {
+      if (result.type === "AuthCoverage" && result.severity === "BLOCK") {
+        violations.push({
+          type: "auth_bypass",
+          severity: "BLOCK",
+          route: result.page,
+          message: result.title,
+          evidence: []
+        });
+      }
+    }
+  }
+  return violations;
+}
+function matchesPattern(path, pattern) {
+  const normPattern = pattern.replace(/\*/g, ".*").replace(/\//g, "\\/");
+  try {
+    const rx = new RegExp(`^${normPattern}`, "i");
+    return rx.test(path);
+  } catch {
+    return false;
+  }
+}
+function looksLikeSensitiveRoute(path) {
+  const sensitivePatterns = [
+    /\/api\/users/i,
+    /\/api\/billing/i,
+    /\/api\/payment/i,
+    /\/api\/subscription/i,
+    /\/api\/settings/i,
+    /\/api\/profile/i,
+    /\/api\/account/i,
+    /\/api\/admin/i,
+    /\/api\/webhook/i,
+  ];
+  return sensitivePatterns.some(p => p.test(path));
+}
+/**
+ * Diff two auth contracts
+ */
+function diffAuthContracts(before, after) {
+  const diff = {
+    protectedAdded: [],
+    protectedRemoved: [],
+    rolesChanged: []
+  };
+  const beforeProtected = new Set(before.protectedPatterns);
+  const afterProtected = new Set(after.protectedPatterns);
+  for (const p of afterProtected) {
+    if (!beforeProtected.has(p)) diff.protectedAdded.push(p);
+  }
+  for (const p of beforeProtected) {
+    if (!afterProtected.has(p)) diff.protectedRemoved.push(p);
+  }
+  return diff;
+}
+module.exports = {
+  buildAuthContract,
+  validateAuthContract,
+  diffAuthContracts
+};

package/bin/runners/lib/contracts/env-contract.js ADDED Viewed

@@ -0,0 +1,178 @@
+/**
+ * Env Contract Builder
+ * Builds env.json contract from truthpack
+ */
+"use strict";
+/**
+ * Build env contract from truthpack
+ */
+function buildEnvContract(truthpack) {
+  const contract = {
+    version: "1.0.0",
+    generatedAt: new Date().toISOString(),
+    vars: []
+  };
+  const envVars = truthpack?.env?.vars || [];
+  const declared = new Set(truthpack?.env?.declared || []);
+  const declaredSources = truthpack?.env?.declaredSources || [];
+  for (const v of envVars) {
+    const varSpec = {
+      name: v.name,
+      required: inferRequired(v, declared),
+      usedIn: (v.references || []).map(r => r.file).filter(Boolean),
+      declaredIn: declaredSources.filter(s => isDeclaredInSource(v.name, s)),
+      description: inferDescription(v.name),
+      evidence: v.references || []
+    };
+    contract.vars.push(varSpec);
+  }
+  // Add declared vars that aren't used (might be optional)
+  for (const name of declared) {
+    if (!envVars.find(v => v.name === name)) {
+      contract.vars.push({
+        name,
+        required: false,
+        usedIn: [],
+        declaredIn: declaredSources,
+        description: inferDescription(name),
+        evidence: []
+      });
+    }
+  }
+  return contract;
+}
+/**
+ * Infer if env var is required
+ */
+function inferRequired(envVar, declared) {
+  const name = envVar.name;
+  // Common required patterns
+  const requiredPatterns = [
+    /^DATABASE_URL$/i,
+    /^NEXTAUTH_SECRET$/i,
+    /^NEXTAUTH_URL$/i,
+    /^JWT_SECRET$/i,
+    /^API_KEY$/i,
+    /^STRIPE_SECRET_KEY$/i,
+    /^STRIPE_WEBHOOK_SECRET$/i,
+    /^AUTH0_/i,
+    /^CLERK_/i,
+  ];
+  for (const pattern of requiredPatterns) {
+    if (pattern.test(name)) return true;
+  }
+  // If used but not declared, likely required
+  if (!declared.has(name) && envVar.references?.length > 0) {
+    return true;
+  }
+  return false;
+}
+function isDeclaredInSource(name, source) {
+  // Simple heuristic - would need to parse files for accurate check
+  return true;
+}
+function inferDescription(name) {
+  const descriptions = {
+    DATABASE_URL: "Database connection string",
+    NEXTAUTH_SECRET: "NextAuth.js encryption secret",
+    NEXTAUTH_URL: "NextAuth.js base URL",
+    JWT_SECRET: "JWT signing secret",
+    STRIPE_SECRET_KEY: "Stripe API secret key",
+    STRIPE_PUBLISHABLE_KEY: "Stripe publishable key",
+    STRIPE_WEBHOOK_SECRET: "Stripe webhook signing secret",
+    NODE_ENV: "Node environment (development/production)",
+    PORT: "Server port",
+    HOST: "Server host",
+  };
+  return descriptions[name] || undefined;
+}
+/**
+ * Validate code against env contract
+ */
+function validateAgainstEnvContract(contract, usedVars) {
+  const violations = [];
+  const contractVars = new Map(contract.vars.map(v => [v.name, v]));
+  for (const used of usedVars) {
+    if (!contractVars.has(used.name)) {
+      violations.push({
+        type: "undeclared_env",
+        severity: "WARN",
+        name: used.name,
+        usedIn: used.references?.map(r => r.file) || [],
+        message: `Env var ${used.name} used but not declared in contract`,
+        evidence: used.references || []
+      });
+    }
+  }
+  // Check for required vars that aren't used
+  for (const [name, spec] of contractVars) {
+    if (spec.required && spec.usedIn.length === 0) {
+      violations.push({
+        type: "unused_required",
+        severity: "WARN",
+        name,
+        message: `Required env var ${name} declared but not used`,
+        evidence: []
+      });
+    }
+  }
+  return violations;
+}
+/**
+ * Diff two env contracts
+ */
+function diffEnvContracts(before, after) {
+  const diff = {
+    added: [],
+    removed: [],
+    changed: []
+  };
+  const beforeMap = new Map(before.vars.map(v => [v.name, v]));
+  const afterMap = new Map(after.vars.map(v => [v.name, v]));
+  for (const [name, spec] of afterMap) {
+    if (!beforeMap.has(name)) {
+      diff.added.push(spec);
+    } else {
+      const prev = beforeMap.get(name);
+      if (prev.required !== spec.required) {
+        diff.changed.push({ before: prev, after: spec });
+      }
+    }
+  }
+  for (const [name, spec] of beforeMap) {
+    if (!afterMap.has(name)) {
+      diff.removed.push(spec);
+    }
+  }
+  return diff;
+}
+module.exports = {
+  buildEnvContract,
+  validateAgainstEnvContract,
+  diffEnvContracts
+};

package/bin/runners/lib/contracts/external-contract.js ADDED Viewed

@@ -0,0 +1,198 @@
+/**
+ * External Contract Builder
+ * Builds external.json contract from truthpack (Stripe, GitHub, etc.)
+ */
+"use strict";
+/**
+ * Build external services contract from truthpack
+ */
+function buildExternalContract(truthpack) {
+  const contract = {
+    version: "1.0.0",
+    generatedAt: new Date().toISOString(),
+    services: []
+  };
+  // Extract billing/Stripe info
+  const billing = truthpack?.billing || {};
+  if (billing.hasStripe || billing.webhookCandidates?.length) {
+    const stripeService = {
+      name: "stripe",
+      envVars: extractStripeEnvVars(truthpack),
+      usedIn: billing.webhookCandidates?.map(w => w.file) || [],
+      webhooks: billing.webhookCandidates?.map(w => ({
+        path: w.path,
+        verified: w.hasSignatureVerification || false,
+        idempotent: w.hasIdempotency || false
+      })) || [],
+      evidence: billing.webhookCandidates?.flatMap(w => w.evidence || []) || []
+    };
+    contract.services.push(stripeService);
+  }
+  // Detect other external services from env vars
+  const envVars = truthpack?.env?.vars || [];
+  // GitHub
+  const githubVars = envVars.filter(v => /github/i.test(v.name));
+  if (githubVars.length) {
+    contract.services.push({
+      name: "github",
+      envVars: githubVars.map(v => v.name),
+      usedIn: githubVars.flatMap(v => v.references?.map(r => r.file) || []),
+      evidence: githubVars.flatMap(v => v.references || [])
+    });
+  }
+  // SendGrid
+  const sendgridVars = envVars.filter(v => /sendgrid/i.test(v.name));
+  if (sendgridVars.length) {
+    contract.services.push({
+      name: "sendgrid",
+      envVars: sendgridVars.map(v => v.name),
+      usedIn: sendgridVars.flatMap(v => v.references?.map(r => r.file) || []),
+      evidence: sendgridVars.flatMap(v => v.references || [])
+    });
+  }
+  // Twilio
+  const twilioVars = envVars.filter(v => /twilio/i.test(v.name));
+  if (twilioVars.length) {
+    contract.services.push({
+      name: "twilio",
+      envVars: twilioVars.map(v => v.name),
+      usedIn: twilioVars.flatMap(v => v.references?.map(r => r.file) || []),
+      evidence: twilioVars.flatMap(v => v.references || [])
+    });
+  }
+  // AWS
+  const awsVars = envVars.filter(v => /^aws/i.test(v.name));
+  if (awsVars.length) {
+    contract.services.push({
+      name: "aws",
+      envVars: awsVars.map(v => v.name),
+      usedIn: awsVars.flatMap(v => v.references?.map(r => r.file) || []),
+      evidence: awsVars.flatMap(v => v.references || [])
+    });
+  }
+  // Supabase
+  const supabaseVars = envVars.filter(v => /supabase/i.test(v.name));
+  if (supabaseVars.length) {
+    contract.services.push({
+      name: "supabase",
+      envVars: supabaseVars.map(v => v.name),
+      usedIn: supabaseVars.flatMap(v => v.references?.map(r => r.file) || []),
+      evidence: supabaseVars.flatMap(v => v.references || [])
+    });
+  }
+  return contract;
+}
+function extractStripeEnvVars(truthpack) {
+  const envVars = truthpack?.env?.vars || [];
+  return envVars
+    .filter(v => /stripe/i.test(v.name))
+    .map(v => v.name);
+}
+/**
+ * Validate external services contract
+ */
+function validateExternalContract(contract) {
+  const violations = [];
+  for (const service of contract.services) {
+    // Check Stripe webhook verification
+    if (service.name === "stripe") {
+      for (const webhook of service.webhooks || []) {
+        if (!webhook.verified) {
+          violations.push({
+            type: "unverified_webhook",
+            severity: "BLOCK",
+            service: "stripe",
+            path: webhook.path,
+            message: `Stripe webhook at ${webhook.path} missing signature verification`,
+            evidence: []
+          });
+        }
+        if (!webhook.idempotent) {
+          violations.push({
+            type: "non_idempotent_webhook",
+            severity: "WARN",
+            service: "stripe",
+            path: webhook.path,
+            message: `Stripe webhook at ${webhook.path} may not be idempotent`,
+            evidence: []
+          });
+        }
+      }
+    }
+    // Check for missing required env vars
+    const requiredVars = getRequiredVarsForService(service.name);
+    for (const required of requiredVars) {
+      if (!service.envVars.includes(required)) {
+        violations.push({
+          type: "missing_env",
+          severity: "WARN",
+          service: service.name,
+          envVar: required,
+          message: `Service ${service.name} typically requires ${required}`,
+          evidence: []
+        });
+      }
+    }
+  }
+  return violations;
+}
+function getRequiredVarsForService(name) {
+  const requirements = {
+    stripe: ["STRIPE_SECRET_KEY", "STRIPE_WEBHOOK_SECRET"],
+    github: ["GITHUB_TOKEN"],
+    sendgrid: ["SENDGRID_API_KEY"],
+    twilio: ["TWILIO_ACCOUNT_SID", "TWILIO_AUTH_TOKEN"],
+    supabase: ["SUPABASE_URL", "SUPABASE_ANON_KEY"]
+  };
+  return requirements[name] || [];
+}
+/**
+ * Diff two external contracts
+ */
+function diffExternalContracts(before, after) {
+  const diff = {
+    added: [],
+    removed: [],
+    changed: []
+  };
+  const beforeMap = new Map(before.services.map(s => [s.name, s]));
+  const afterMap = new Map(after.services.map(s => [s.name, s]));
+  for (const [name, service] of afterMap) {
+    if (!beforeMap.has(name)) {
+      diff.added.push(service);
+    }
+  }
+  for (const [name, service] of beforeMap) {
+    if (!afterMap.has(name)) {
+      diff.removed.push(service);
+    }
+  }
+  return diff;
+}
+module.exports = {
+  buildExternalContract,
+  validateExternalContract,
+  diffExternalContracts
+};