npm - @vibecheckai/cli - Versions diffs - 2.8.2 → 3.0.0 - Mend

@vibecheckai/cli 2.8.2 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (454) hide show

package/README.md +8 -8
package/bin/_deprecations.js +35 -0
package/bin/_router.js +46 -0
package/bin/cli-hygiene.js +241 -0
package/bin/guardrail.js +834 -0
package/bin/runners/cli-utils.js +1070 -0
package/bin/runners/context/ai-task-decomposer.js +337 -0
package/bin/runners/context/analyzer.js +462 -0
package/bin/runners/context/api-contracts.js +427 -0
package/bin/runners/context/context-diff.js +342 -0
package/bin/runners/context/context-pruner.js +291 -0
package/bin/runners/context/dependency-graph.js +414 -0
package/bin/runners/context/generators/claude.js +107 -0
package/bin/runners/context/generators/codex.js +108 -0
package/bin/runners/context/generators/copilot.js +119 -0
package/bin/runners/context/generators/cursor.js +514 -0
package/bin/runners/context/generators/mcp.js +151 -0
package/bin/runners/context/generators/windsurf.js +180 -0
package/bin/runners/context/git-context.js +302 -0
package/bin/runners/context/index.js +1042 -0
package/bin/runners/context/insights.js +173 -0
package/bin/runners/context/mcp-server/generate-rules.js +337 -0
package/bin/runners/context/mcp-server/index.js +1176 -0
package/bin/runners/context/mcp-server/package.json +24 -0
package/bin/runners/context/memory.js +200 -0
package/bin/runners/context/monorepo.js +215 -0
package/bin/runners/context/multi-repo-federation.js +404 -0
package/bin/runners/context/patterns.js +253 -0
package/bin/runners/context/proof-context.js +972 -0
package/bin/runners/context/security-scanner.js +303 -0
package/bin/runners/context/semantic-search.js +350 -0
package/bin/runners/context/shared.js +264 -0
package/bin/runners/context/team-conventions.js +310 -0
package/bin/runners/lib/ai-bridge.js +416 -0
package/bin/runners/lib/analysis-core.js +271 -0
package/bin/runners/lib/analyzers.js +541 -0
package/bin/runners/lib/audit-bridge.js +391 -0
package/bin/runners/lib/auth-truth.js +193 -0
package/bin/runners/lib/auth.js +215 -0
package/bin/runners/lib/backup.js +62 -0
package/bin/runners/lib/billing.js +107 -0
package/bin/runners/lib/claims.js +118 -0
package/bin/runners/lib/cli-ui.js +540 -0
package/bin/runners/lib/compliance-bridge-new.js +0 -0
package/bin/runners/lib/compliance-bridge.js +165 -0
package/bin/runners/lib/contracts/auth-contract.js +194 -0
package/bin/runners/lib/contracts/env-contract.js +178 -0
package/bin/runners/lib/contracts/external-contract.js +198 -0
package/bin/runners/lib/contracts/guard.js +168 -0
package/bin/runners/lib/contracts/index.js +89 -0
package/bin/runners/lib/contracts/plan-validator.js +311 -0
package/bin/runners/lib/contracts/route-contract.js +192 -0
package/bin/runners/lib/detect.js +89 -0
package/bin/runners/lib/doctor/autofix.js +254 -0
package/bin/runners/lib/doctor/index.js +37 -0
package/bin/runners/lib/doctor/modules/dependencies.js +325 -0
package/bin/runners/lib/doctor/modules/index.js +46 -0
package/bin/runners/lib/doctor/modules/network.js +250 -0
package/bin/runners/lib/doctor/modules/project.js +312 -0
package/bin/runners/lib/doctor/modules/runtime.js +224 -0
package/bin/runners/lib/doctor/modules/security.js +348 -0
package/bin/runners/lib/doctor/modules/system.js +213 -0
package/bin/runners/lib/doctor/modules/vibecheck.js +394 -0
package/bin/runners/lib/doctor/reporter.js +262 -0
package/bin/runners/lib/doctor/service.js +262 -0
package/bin/runners/lib/doctor/types.js +113 -0
package/bin/runners/lib/doctor/ui.js +263 -0
package/bin/runners/lib/doctor-enhanced.js +233 -0
package/bin/runners/lib/doctor-v2.js +608 -0
package/bin/runners/lib/enforcement.js +72 -0
package/bin/runners/lib/enterprise-detect.js +603 -0
package/bin/runners/lib/enterprise-init.js +942 -0
package/bin/runners/lib/entitlements-v2.js +381 -0
package/bin/runners/lib/entitlements.generated.js +0 -0
package/bin/runners/lib/entitlements.js +332 -0
package/bin/runners/lib/env-template.js +66 -0
package/bin/runners/lib/env.js +189 -0
package/bin/runners/lib/error-handler.js +320 -0
package/bin/runners/lib/firewall-prompt.js +50 -0
package/bin/runners/lib/graph/graph-builder.js +265 -0
package/bin/runners/lib/graph/html-renderer.js +413 -0
package/bin/runners/lib/graph/index.js +32 -0
package/bin/runners/lib/graph/runtime-collector.js +215 -0
package/bin/runners/lib/graph/static-extractor.js +518 -0
package/bin/runners/lib/init-wizard.js +308 -0
package/bin/runners/lib/json-output.js +76 -0
package/bin/runners/lib/llm.js +75 -0
package/bin/runners/lib/meter.js +61 -0
package/bin/runners/lib/missions/evidence.js +126 -0
package/bin/runners/lib/missions/plan.js +69 -0
package/bin/runners/lib/missions/templates.js +147 -0
package/bin/runners/lib/patch.js +40 -0
package/bin/runners/lib/permissions/auth-model.js +213 -0
package/bin/runners/lib/permissions/idor-prover.js +205 -0
package/bin/runners/lib/permissions/index.js +45 -0
package/bin/runners/lib/permissions/matrix-builder.js +198 -0
package/bin/runners/lib/pkgjson.js +28 -0
package/bin/runners/lib/preflight.js +142 -0
package/bin/runners/lib/reality-findings.js +84 -0
package/bin/runners/lib/redact.js +29 -0
package/bin/runners/lib/replay/capsule-manager.js +154 -0
package/bin/runners/lib/replay/index.js +263 -0
package/bin/runners/lib/replay/player.js +348 -0
package/bin/runners/lib/replay/recorder.js +331 -0
package/bin/runners/lib/report-engine.js +447 -0
package/bin/runners/lib/report-html.js +1117 -0
package/bin/runners/lib/report-templates.js +964 -0
package/bin/runners/lib/route-detection.js +1140 -0
package/bin/runners/lib/route-truth.js +477 -0
package/bin/runners/lib/sandbox/index.js +59 -0
package/bin/runners/lib/sandbox/proof-chain.js +399 -0
package/bin/runners/lib/sandbox/sandbox-runner.js +205 -0
package/bin/runners/lib/sandbox/worktree.js +174 -0
package/bin/runners/lib/scan-cache.js +330 -0
package/bin/runners/lib/scan-output-schema.js +344 -0
package/bin/runners/lib/score-history.js +282 -0
package/bin/runners/lib/security-bridge.js +249 -0
package/bin/runners/lib/server-usage.js +513 -0
package/bin/runners/lib/share-pack.js +239 -0
package/bin/runners/lib/snippets.js +67 -0
package/bin/runners/lib/truth.js +667 -0
package/bin/runners/lib/unified-output.js +189 -0
package/bin/runners/lib/validate-patch.js +156 -0
package/bin/runners/lib/verification.js +345 -0
package/bin/runners/reality/engine.js +917 -0
package/bin/runners/reality/flows.js +122 -0
package/bin/runners/reality/report.js +378 -0
package/bin/runners/reality/session.js +193 -0
package/bin/runners/runAIAgent.js +2 -0
package/bin/runners/runAudit.js +2 -0
package/bin/runners/runAuth.js +106 -0
package/bin/runners/runAutopilot.js +2 -0
package/bin/runners/runBadge.js +2 -0
package/bin/runners/runCertify.js +2 -0
package/bin/runners/runClaimVerifier.js +483 -0
package/bin/runners/runContext.js +56 -0
package/bin/runners/runContextCompiler.js +385 -0
package/bin/runners/runCtx.js +187 -0
package/bin/runners/runCtxGuard.js +176 -0
package/bin/runners/runCtxSync.js +116 -0
package/bin/runners/runDashboard.js +10 -0
package/bin/runners/runDoctor.js +245 -0
package/bin/runners/runEnhancedShip.js +2 -0
package/bin/runners/runFix.js +735 -0
package/bin/runners/runFixPacks.js +2 -0
package/bin/runners/runGate.js +17 -0
package/bin/runners/runGraph.js +283 -0
package/bin/runners/runInit.js +260 -0
package/bin/runners/runInitGha.js +101 -0
package/bin/runners/runInstall.js +76 -0
package/bin/runners/runInteractive.js +388 -0
package/bin/runners/runLaunch.js +2 -0
package/bin/runners/runMcp.js +19 -0
package/bin/runners/runMdc.js +2 -0
package/bin/runners/runMissionGenerator.js +282 -0
package/bin/runners/runNaturalLanguage.js +3 -0
package/bin/runners/runPR.js +96 -0
package/bin/runners/runPermissions.js +290 -0
package/bin/runners/runPromptFirewall.js +211 -0
package/bin/runners/runProof.js +2 -0
package/bin/runners/runProve.js +392 -0
package/bin/runners/runReality.js +489 -0
package/bin/runners/runRealitySniff.js +2 -0
package/bin/runners/runReplay.js +469 -0
package/bin/runners/runReport.js +478 -0
package/bin/runners/runScan.js +835 -0
package/bin/runners/runShare.js +34 -0
package/bin/runners/runShip.js +1062 -0
package/bin/runners/runStatus.js +136 -0
package/bin/runners/runTruthpack.js +634 -0
package/bin/runners/runUpgrade.js +2 -0
package/bin/runners/runValidate.js +2 -0
package/bin/runners/runVerifyAgentOutput.js +2 -0
package/bin/runners/runWatch.js +230 -0
package/bin/runners/utils.js +360 -0
package/bin/scan.js +612 -0
package/bin/vibecheck.js +834 -0
package/package.json +11 -11
package/dist/autopatch/verified-autopatch.d.ts +0 -111
package/dist/autopatch/verified-autopatch.d.ts.map +0 -1
package/dist/autopatch/verified-autopatch.js +0 -503
package/dist/autopatch/verified-autopatch.js.map +0 -1
package/dist/bundles/index.js +0 -8
package/dist/bundles/vibecheck-core.js +0 -25799
package/dist/bundles/vibecheck-security.js +0 -208693
package/dist/bundles/vibecheck-ship.js +0 -2318
package/dist/commands/baseline.d.ts +0 -7
package/dist/commands/baseline.d.ts.map +0 -1
package/dist/commands/baseline.js +0 -79
package/dist/commands/baseline.js.map +0 -1
package/dist/commands/cache.d.ts +0 -13
package/dist/commands/cache.d.ts.map +0 -1
package/dist/commands/cache.js +0 -165
package/dist/commands/cache.js.map +0 -1
package/dist/commands/checkpoint.d.ts +0 -8
package/dist/commands/checkpoint.d.ts.map +0 -1
package/dist/commands/checkpoint.js +0 -35
package/dist/commands/checkpoint.js.map +0 -1
package/dist/commands/doctor.d.ts +0 -17
package/dist/commands/doctor.d.ts.map +0 -1
package/dist/commands/doctor.js +0 -226
package/dist/commands/doctor.js.map +0 -1
package/dist/commands/evidence.d.ts +0 -45
package/dist/commands/evidence.d.ts.map +0 -1
package/dist/commands/evidence.js +0 -197
package/dist/commands/evidence.js.map +0 -1
package/dist/commands/explain.d.ts +0 -8
package/dist/commands/explain.d.ts.map +0 -1
package/dist/commands/explain.js +0 -52
package/dist/commands/explain.js.map +0 -1
package/dist/commands/fix-consolidated.d.ts +0 -19
package/dist/commands/fix-consolidated.d.ts.map +0 -1
package/dist/commands/fix-consolidated.js +0 -165
package/dist/commands/fix-consolidated.js.map +0 -1
package/dist/commands/index.d.ts +0 -8
package/dist/commands/index.d.ts.map +0 -1
package/dist/commands/index.js +0 -15
package/dist/commands/index.js.map +0 -1
package/dist/commands/init.d.ts +0 -8
package/dist/commands/init.d.ts.map +0 -1
package/dist/commands/init.js +0 -125
package/dist/commands/init.js.map +0 -1
package/dist/commands/launcher.d.ts +0 -10
package/dist/commands/launcher.d.ts.map +0 -1
package/dist/commands/launcher.js +0 -174
package/dist/commands/launcher.js.map +0 -1
package/dist/commands/on.d.ts +0 -8
package/dist/commands/on.d.ts.map +0 -1
package/dist/commands/on.js +0 -123
package/dist/commands/on.js.map +0 -1
package/dist/commands/replay.d.ts +0 -8
package/dist/commands/replay.d.ts.map +0 -1
package/dist/commands/replay.js +0 -52
package/dist/commands/replay.js.map +0 -1
package/dist/commands/scan-consolidated.d.ts +0 -61
package/dist/commands/scan-consolidated.d.ts.map +0 -1
package/dist/commands/scan-consolidated.js +0 -243
package/dist/commands/scan-consolidated.js.map +0 -1
package/dist/commands/scan-secrets.d.ts +0 -47
package/dist/commands/scan-secrets.d.ts.map +0 -1
package/dist/commands/scan-secrets.js +0 -225
package/dist/commands/scan-secrets.js.map +0 -1
package/dist/commands/scan-vulnerabilities-enhanced.d.ts +0 -41
package/dist/commands/scan-vulnerabilities-enhanced.d.ts.map +0 -1
package/dist/commands/scan-vulnerabilities-enhanced.js +0 -368
package/dist/commands/scan-vulnerabilities-enhanced.js.map +0 -1
package/dist/commands/scan-vulnerabilities-osv.d.ts +0 -58
package/dist/commands/scan-vulnerabilities-osv.d.ts.map +0 -1
package/dist/commands/scan-vulnerabilities-osv.js +0 -722
package/dist/commands/scan-vulnerabilities-osv.js.map +0 -1
package/dist/commands/scan-vulnerabilities.d.ts +0 -32
package/dist/commands/scan-vulnerabilities.d.ts.map +0 -1
package/dist/commands/scan-vulnerabilities.js +0 -283
package/dist/commands/scan-vulnerabilities.js.map +0 -1
package/dist/commands/secrets-allowlist.d.ts +0 -7
package/dist/commands/secrets-allowlist.d.ts.map +0 -1
package/dist/commands/secrets-allowlist.js +0 -85
package/dist/commands/secrets-allowlist.js.map +0 -1
package/dist/commands/ship-consolidated.d.ts +0 -58
package/dist/commands/ship-consolidated.d.ts.map +0 -1
package/dist/commands/ship-consolidated.js +0 -515
package/dist/commands/ship-consolidated.js.map +0 -1
package/dist/commands/stats.d.ts +0 -8
package/dist/commands/stats.d.ts.map +0 -1
package/dist/commands/stats.js +0 -134
package/dist/commands/stats.js.map +0 -1
package/dist/commands/upgrade.d.ts +0 -8
package/dist/commands/upgrade.d.ts.map +0 -1
package/dist/commands/upgrade.js +0 -30
package/dist/commands/upgrade.js.map +0 -1
package/dist/fix/applicator.d.ts +0 -44
package/dist/fix/applicator.d.ts.map +0 -1
package/dist/fix/applicator.js +0 -144
package/dist/fix/applicator.js.map +0 -1
package/dist/fix/backup.d.ts +0 -38
package/dist/fix/backup.d.ts.map +0 -1
package/dist/fix/backup.js +0 -154
package/dist/fix/backup.js.map +0 -1
package/dist/fix/engine.d.ts +0 -55
package/dist/fix/engine.d.ts.map +0 -1
package/dist/fix/engine.js +0 -285
package/dist/fix/engine.js.map +0 -1
package/dist/fix/index.d.ts +0 -5
package/dist/fix/index.d.ts.map +0 -1
package/dist/fix/index.js +0 -12
package/dist/fix/index.js.map +0 -1
package/dist/fix/interactive.d.ts +0 -22
package/dist/fix/interactive.d.ts.map +0 -1
package/dist/fix/interactive.js +0 -172
package/dist/fix/interactive.js.map +0 -1
package/dist/formatters/index.d.ts +0 -6
package/dist/formatters/index.d.ts.map +0 -1
package/dist/formatters/index.js +0 -11
package/dist/formatters/index.js.map +0 -1
package/dist/formatters/sarif-enhanced.d.ts +0 -78
package/dist/formatters/sarif-enhanced.d.ts.map +0 -1
package/dist/formatters/sarif-enhanced.js +0 -144
package/dist/formatters/sarif-enhanced.js.map +0 -1
package/dist/formatters/sarif-v2.d.ts +0 -121
package/dist/formatters/sarif-v2.d.ts.map +0 -1
package/dist/formatters/sarif-v2.js +0 -356
package/dist/formatters/sarif-v2.js.map +0 -1
package/dist/formatters/sarif.d.ts +0 -72
package/dist/formatters/sarif.d.ts.map +0 -1
package/dist/formatters/sarif.js +0 -146
package/dist/formatters/sarif.js.map +0 -1
package/dist/index.d.ts +0 -61
package/dist/index.d.ts.map +0 -1
package/dist/index.js +0 -4388
package/dist/index.js.map +0 -1
package/dist/init/ci-generator.d.ts +0 -18
package/dist/init/ci-generator.d.ts.map +0 -1
package/dist/init/ci-generator.js +0 -317
package/dist/init/ci-generator.js.map +0 -1
package/dist/init/detect-framework.d.ts +0 -15
package/dist/init/detect-framework.d.ts.map +0 -1
package/dist/init/detect-framework.js +0 -301
package/dist/init/detect-framework.js.map +0 -1
package/dist/init/hooks-installer.d.ts +0 -22
package/dist/init/hooks-installer.d.ts.map +0 -1
package/dist/init/hooks-installer.js +0 -310
package/dist/init/hooks-installer.js.map +0 -1
package/dist/init/index.d.ts +0 -8
package/dist/init/index.d.ts.map +0 -1
package/dist/init/index.js +0 -22
package/dist/init/index.js.map +0 -1
package/dist/init/templates.d.ts +0 -402
package/dist/init/templates.d.ts.map +0 -1
package/dist/init/templates.js +0 -240
package/dist/init/templates.js.map +0 -1
package/dist/mcp/server.d.ts +0 -12
package/dist/mcp/server.d.ts.map +0 -1
package/dist/mcp/server.js +0 -42
package/dist/mcp/server.js.map +0 -1
package/dist/mcp/telemetry.d.ts +0 -40
package/dist/mcp/telemetry.d.ts.map +0 -1
package/dist/mcp/telemetry.js +0 -98
package/dist/mcp/telemetry.js.map +0 -1
package/dist/reality/no-dead-buttons/button-sweep-generator.d.ts +0 -32
package/dist/reality/no-dead-buttons/button-sweep-generator.d.ts.map +0 -1
package/dist/reality/no-dead-buttons/button-sweep-generator.js +0 -236
package/dist/reality/no-dead-buttons/button-sweep-generator.js.map +0 -1
package/dist/reality/no-dead-buttons/index.d.ts +0 -11
package/dist/reality/no-dead-buttons/index.d.ts.map +0 -1
package/dist/reality/no-dead-buttons/index.js +0 -18
package/dist/reality/no-dead-buttons/index.js.map +0 -1
package/dist/reality/no-dead-buttons/static-scanner.d.ts +0 -34
package/dist/reality/no-dead-buttons/static-scanner.d.ts.map +0 -1
package/dist/reality/no-dead-buttons/static-scanner.js +0 -230
package/dist/reality/no-dead-buttons/static-scanner.js.map +0 -1
package/dist/reality/reality-graph.d.ts +0 -192
package/dist/reality/reality-graph.d.ts.map +0 -1
package/dist/reality/reality-graph.js +0 -600
package/dist/reality/reality-graph.js.map +0 -1
package/dist/reality/reality-runner.d.ts +0 -89
package/dist/reality/reality-runner.d.ts.map +0 -1
package/dist/reality/reality-runner.js +0 -540
package/dist/reality/reality-runner.js.map +0 -1
package/dist/reality/receipt-generator.d.ts +0 -152
package/dist/reality/receipt-generator.d.ts.map +0 -1
package/dist/reality/receipt-generator.js +0 -495
package/dist/reality/receipt-generator.js.map +0 -1
package/dist/reality/runtime-tracer.d.ts +0 -75
package/dist/reality/runtime-tracer.d.ts.map +0 -1
package/dist/reality/runtime-tracer.js +0 -109
package/dist/reality/runtime-tracer.js.map +0 -1
package/dist/runtime/auth-utils.d.ts +0 -43
package/dist/runtime/auth-utils.d.ts.map +0 -1
package/dist/runtime/auth-utils.js +0 -130
package/dist/runtime/auth-utils.js.map +0 -1
package/dist/runtime/client.d.ts +0 -74
package/dist/runtime/client.d.ts.map +0 -1
package/dist/runtime/client.js +0 -222
package/dist/runtime/client.js.map +0 -1
package/dist/runtime/creds.d.ts +0 -48
package/dist/runtime/creds.d.ts.map +0 -1
package/dist/runtime/creds.js +0 -245
package/dist/runtime/creds.js.map +0 -1
package/dist/runtime/exit-codes.d.ts +0 -49
package/dist/runtime/exit-codes.d.ts.map +0 -1
package/dist/runtime/exit-codes.js +0 -93
package/dist/runtime/exit-codes.js.map +0 -1
package/dist/runtime/index.d.ts +0 -9
package/dist/runtime/index.d.ts.map +0 -1
package/dist/runtime/index.js +0 -25
package/dist/runtime/index.js.map +0 -1
package/dist/runtime/json-output.d.ts +0 -42
package/dist/runtime/json-output.d.ts.map +0 -1
package/dist/runtime/json-output.js +0 -59
package/dist/runtime/json-output.js.map +0 -1
package/dist/runtime/semver.d.ts +0 -37
package/dist/runtime/semver.d.ts.map +0 -1
package/dist/runtime/semver.js +0 -110
package/dist/runtime/semver.js.map +0 -1
package/dist/scan/dead-ui-detector.d.ts +0 -48
package/dist/scan/dead-ui-detector.d.ts.map +0 -1
package/dist/scan/dead-ui-detector.js +0 -170
package/dist/scan/dead-ui-detector.js.map +0 -1
package/dist/scan/playwright-sweep.d.ts +0 -40
package/dist/scan/playwright-sweep.d.ts.map +0 -1
package/dist/scan/playwright-sweep.js +0 -216
package/dist/scan/playwright-sweep.js.map +0 -1
package/dist/scan/proof-bundle.d.ts +0 -25
package/dist/scan/proof-bundle.d.ts.map +0 -1
package/dist/scan/proof-bundle.js +0 -203
package/dist/scan/proof-bundle.js.map +0 -1
package/dist/scan/proof-graph.d.ts +0 -59
package/dist/scan/proof-graph.d.ts.map +0 -1
package/dist/scan/proof-graph.js +0 -64
package/dist/scan/proof-graph.js.map +0 -1
package/dist/scan/reality-sniff.d.ts +0 -56
package/dist/scan/reality-sniff.d.ts.map +0 -1
package/dist/scan/reality-sniff.js +0 -200
package/dist/scan/reality-sniff.js.map +0 -1
package/dist/scan/structural-verifier.d.ts +0 -20
package/dist/scan/structural-verifier.d.ts.map +0 -1
package/dist/scan/structural-verifier.js +0 -112
package/dist/scan/structural-verifier.js.map +0 -1
package/dist/scan/verification-engine.d.ts +0 -47
package/dist/scan/verification-engine.d.ts.map +0 -1
package/dist/scan/verification-engine.js +0 -141
package/dist/scan/verification-engine.js.map +0 -1
package/dist/scanner/baseline.d.ts +0 -52
package/dist/scanner/baseline.d.ts.map +0 -1
package/dist/scanner/baseline.js +0 -85
package/dist/scanner/baseline.js.map +0 -1
package/dist/scanner/incremental.d.ts +0 -30
package/dist/scanner/incremental.d.ts.map +0 -1
package/dist/scanner/incremental.js +0 -82
package/dist/scanner/incremental.js.map +0 -1
package/dist/scanner/parallel.d.ts +0 -43
package/dist/scanner/parallel.d.ts.map +0 -1
package/dist/scanner/parallel.js +0 -99
package/dist/scanner/parallel.js.map +0 -1
package/dist/standalone.d.ts +0 -1
package/dist/standalone.d.ts.map +0 -1
package/dist/standalone.js +0 -1
package/dist/standalone.js.map +0 -1
package/dist/truth-pack/index.d.ts +0 -102
package/dist/truth-pack/index.d.ts.map +0 -1
package/dist/truth-pack/index.js +0 -694
package/dist/truth-pack/index.js.map +0 -1
package/dist/ui/frame.d.ts +0 -68
package/dist/ui/frame.d.ts.map +0 -1
package/dist/ui/frame.js +0 -165
package/dist/ui/frame.js.map +0 -1
package/dist/ui/index.d.ts +0 -5
package/dist/ui/index.d.ts.map +0 -1
package/dist/ui/index.js +0 -16
package/dist/ui/index.js.map +0 -1
package/dist/ui.d.ts +0 -36
package/dist/ui.d.ts.map +0 -1
package/dist/ui.js +0 -45
package/dist/ui.js.map +0 -1

package/bin/runners/lib/permissions/index.js ADDED Viewed

@@ -0,0 +1,45 @@
+/**
+ * Permissions Module Index
+ * Exports all permission verification functionality
+ */
+"use strict";
+const {
+  extractAuthModel,
+  extractRolePatterns,
+  inferRoles,
+  buildRouteAuthMap
+} = require("./auth-model");
+const {
+  buildAuthZMatrix,
+  detectViolations,
+  formatMatrix
+} = require("./matrix-builder");
+const {
+  detectIDORCandidates,
+  buildIDORTestPlan,
+  executeIDORTest,
+  formatIDORPlan
+} = require("./idor-prover");
+module.exports = {
+  // Auth model extraction
+  extractAuthModel,
+  extractRolePatterns,
+  inferRoles,
+  buildRouteAuthMap,
+  // AuthZ matrix
+  buildAuthZMatrix,
+  detectViolations,
+  formatMatrix,
+  // IDOR detection
+  detectIDORCandidates,
+  buildIDORTestPlan,
+  executeIDORTest,
+  formatIDORPlan
+};

package/bin/runners/lib/permissions/matrix-builder.js ADDED Viewed

@@ -0,0 +1,198 @@
+/**
+ * AuthZ Matrix Builder
+ * Builds authorization matrix from auth model and runtime verification
+ */
+"use strict";
+const crypto = require("crypto");
+function sha256(text) {
+  return crypto.createHash("sha256").update(text).digest("hex").slice(0, 16);
+}
+/**
+ * Build AuthZ matrix from auth model
+ */
+function buildAuthZMatrix(authModel, runtimeResults = null) {
+  const matrix = {
+    meta: {
+      version: "1.0.0",
+      generatedAt: new Date().toISOString()
+    },
+    roles: authModel.roles.map(r => r.name),
+    routes: [],
+    violations: []
+  };
+  for (const route of authModel.routes) {
+    const routeAuthZ = {
+      path: route.path,
+      method: route.method,
+      declared: route.declared,
+      actual: {
+        anon: null,
+        user: null,
+        admin: null
+      }
+    };
+    // Merge runtime results if available
+    if (runtimeResults) {
+      const runtimeForRoute = runtimeResults.filter(r =>
+        matchesRoute(route.path, r.path)
+      );
+      for (const result of runtimeForRoute) {
+        if (result.role === "anon") {
+          routeAuthZ.actual.anon = {
+            status: result.status,
+            redirected: result.redirected,
+            accessible: result.status >= 200 && result.status < 400 && !result.redirected
+          };
+        } else if (result.role === "user") {
+          routeAuthZ.actual.user = {
+            status: result.status,
+            redirected: result.redirected,
+            accessible: result.status >= 200 && result.status < 400 && !result.redirected
+          };
+        } else if (result.role === "admin") {
+          routeAuthZ.actual.admin = {
+            status: result.status,
+            redirected: result.redirected,
+            accessible: result.status >= 200 && result.status < 400 && !result.redirected
+          };
+        }
+      }
+    }
+    matrix.routes.push(routeAuthZ);
+  }
+  // Detect violations
+  matrix.violations = detectViolations(matrix);
+  return matrix;
+}
+/**
+ * Detect authorization violations
+ */
+function detectViolations(matrix) {
+  const violations = [];
+  for (const route of matrix.routes) {
+    // Check: protected route accessible anonymously
+    if (route.declared.protected && route.actual.anon?.accessible) {
+      violations.push({
+        id: `AUTHZ_ANON_${sha256(route.path)}`,
+        severity: "BLOCK",
+        type: "anon_access",
+        route: route.path,
+        method: route.method,
+        expected: "protected (should require auth)",
+        actual: "accessible anonymously",
+        message: `Protected route ${route.path} accessible without authentication`,
+        evidence: []
+      });
+    }
+    // Check: role mismatch (admin route accessible by user)
+    if (route.declared.roles?.includes("admin") &&
+        !route.declared.roles?.includes("user") &&
+        route.actual.user?.accessible) {
+      violations.push({
+        id: `AUTHZ_ROLE_${sha256(route.path)}`,
+        severity: "BLOCK",
+        type: "role_mismatch",
+        route: route.path,
+        method: route.method,
+        expected: "admin only",
+        actual: "accessible by user role",
+        message: `Admin route ${route.path} accessible by non-admin users`,
+        evidence: []
+      });
+    }
+    // Check: protected route blocked after login (broken auth)
+    if (route.declared.protected &&
+        route.actual.anon?.redirected &&
+        route.actual.user && !route.actual.user.accessible) {
+      violations.push({
+        id: `AUTHZ_BLOCKED_${sha256(route.path)}`,
+        severity: "WARN",
+        type: "blocked_after_auth",
+        route: route.path,
+        method: route.method,
+        expected: "accessible after auth",
+        actual: `blocked (status ${route.actual.user.status})`,
+        message: `Protected route ${route.path} not accessible after authentication`,
+        evidence: []
+      });
+    }
+  }
+  return violations;
+}
+/**
+ * Format matrix for display
+ */
+function formatMatrix(matrix) {
+  const lines = [];
+  lines.push("# AuthZ Matrix\n");
+  lines.push(`Generated: ${matrix.meta.generatedAt}`);
+  lines.push(`Roles: ${matrix.roles.join(", ")}\n`);
+  // Build table header
+  const header = ["Route", "Method", "Declared", "Anon", "User", "Admin"];
+  lines.push(`| ${header.join(" | ")} |`);
+  lines.push(`| ${header.map(() => "---").join(" | ")} |`);
+  for (const route of matrix.routes) {
+    const declared = route.declared.protected ? "🔒" : "🌐";
+    const anon = formatAccess(route.actual.anon);
+    const user = formatAccess(route.actual.user);
+    const admin = formatAccess(route.actual.admin);
+    lines.push(`| ${route.path} | ${route.method} | ${declared} | ${anon} | ${user} | ${admin} |`);
+  }
+  if (matrix.violations.length > 0) {
+    lines.push("\n## Violations\n");
+    for (const v of matrix.violations) {
+      const icon = v.severity === "BLOCK" ? "🛑" : "⚠️";
+      lines.push(`${icon} **${v.type}**: ${v.message}`);
+    }
+  }
+  return lines.join("\n");
+}
+function formatAccess(result) {
+  if (!result) return "?";
+  if (result.accessible) return "✅";
+  if (result.redirected) return "↩️";
+  return `❌ ${result.status}`;
+}
+function matchesRoute(pattern, actual) {
+  const patternParts = pattern.split("/").filter(Boolean);
+  const actualParts = actual.split("/").filter(Boolean);
+  if (patternParts.length !== actualParts.length) return false;
+  for (let i = 0; i < patternParts.length; i++) {
+    const p = patternParts[i];
+    if (p.startsWith(":") || p.startsWith("*")) continue;
+    if (p !== actualParts[i]) return false;
+  }
+  return true;
+}
+module.exports = {
+  buildAuthZMatrix,
+  detectViolations,
+  formatMatrix
+};

package/bin/runners/lib/pkgjson.js ADDED Viewed

@@ -0,0 +1,28 @@
+// bin/runners/lib/pkgjson.js
+const fs = require("fs");
+const path = require("path");
+function readPkg(root) {
+  const p = path.join(root, "package.json");
+  if (!fs.existsSync(p)) throw new Error("package.json not found");
+  return { path: p, json: JSON.parse(fs.readFileSync(p, "utf8")) };
+}
+function writePkg(pkgPath, json) {
+  fs.writeFileSync(pkgPath, JSON.stringify(json, null, 2) + "\n", "utf8");
+}
+function upsertScripts(pkg, scripts) {
+  pkg.scripts = pkg.scripts || {};
+  const changed = [];
+  for (const [k, v] of Object.entries(scripts)) {
+    if (pkg.scripts[k] === v) continue;
+    pkg.scripts[k] = v;
+    changed.push(k);
+  }
+  return changed;
+}
+module.exports = { readPkg, writePkg, upsertScripts };

package/bin/runners/lib/preflight.js ADDED Viewed

@@ -0,0 +1,142 @@
+/**
+ * Preflight checks - Run before any vibecheck command
+ *
+ * Validates:
+ * - Node version
+ * - Required dependencies
+ * - Project structure
+ * - Configuration
+ */
+"use strict";
+const fs = require("fs");
+const path = require("path");
+const MIN_NODE_VERSION = 18;
+function checkNodeVersion() {
+  const version = process.version;
+  const major = parseInt(version.slice(1).split(".")[0], 10);
+  if (major < MIN_NODE_VERSION) {
+    return {
+      ok: false,
+      message: `Node.js ${MIN_NODE_VERSION}+ required (you have ${version})`
+    };
+  }
+  return { ok: true };
+}
+function checkPlaywright() {
+  try {
+    require.resolve("playwright");
+    return { ok: true };
+  } catch {
+    return {
+      ok: false,
+      optional: true,
+      message: "Playwright not installed. Reality mode requires: npm i -D playwright"
+    };
+  }
+}
+function checkFastGlob() {
+  try {
+    require.resolve("fast-glob");
+    return { ok: true };
+  } catch {
+    return {
+      ok: false,
+      message: "fast-glob not installed. Run: npm install"
+    };
+  }
+}
+function checkProjectRoot(root) {
+  const pkgPath = path.join(root, "package.json");
+  if (!fs.existsSync(pkgPath)) {
+    return {
+      ok: false,
+      message: "No package.json found. Are you in a project directory?"
+    };
+  }
+  return { ok: true };
+}
+function checkGit(root) {
+  const gitPath = path.join(root, ".git");
+  if (!fs.existsSync(gitPath)) {
+    return {
+      ok: false,
+      optional: true,
+      message: "Not a git repository. Some features may not work."
+    };
+  }
+  return { ok: true };
+}
+function checkWritable(root) {
+  const vibecheckDir = path.join(root, ".vibecheck");
+  try {
+    fs.mkdirSync(vibecheckDir, { recursive: true });
+    const testFile = path.join(vibecheckDir, ".write_test");
+    fs.writeFileSync(testFile, "test");
+    fs.unlinkSync(testFile);
+    return { ok: true };
+  } catch {
+    return {
+      ok: false,
+      message: "Cannot write to .vibecheck directory. Check permissions."
+    };
+  }
+}
+function runPreflight(root, { silent = false, strict = false } = {}) {
+  const checks = [
+    { name: "Node.js", check: checkNodeVersion },
+    { name: "Project", check: () => checkProjectRoot(root) },
+    { name: "Writable", check: () => checkWritable(root) },
+    { name: "Git", check: () => checkGit(root) },
+    { name: "fast-glob", check: checkFastGlob },
+    { name: "Playwright", check: checkPlaywright },
+  ];
+  const results = [];
+  let hasError = false;
+  for (const { name, check } of checks) {
+    const result = check();
+    results.push({ name, ...result });
+    if (!result.ok && !result.optional) {
+      hasError = true;
+    }
+  }
+  if (!silent && hasError) {
+    console.error("\n⚠️ Preflight checks failed:\n");
+    for (const r of results) {
+      if (!r.ok && !r.optional) {
+        console.error(`  ✗ ${r.name}: ${r.message}`);
+      }
+    }
+    console.error("");
+  }
+  if (!silent && !hasError) {
+    // Show optional warnings
+    const optionalWarnings = results.filter(r => !r.ok && r.optional);
+    if (optionalWarnings.length && process.env.VIBECHECK_VERBOSE) {
+      for (const r of optionalWarnings) {
+        console.warn(`  ⚠ ${r.name}: ${r.message}`);
+      }
+    }
+  }
+  return {
+    ok: !hasError,
+    results
+  };
+}
+module.exports = { runPreflight, checkNodeVersion, checkPlaywright };

package/bin/runners/lib/reality-findings.js ADDED Viewed

@@ -0,0 +1,84 @@
+// bin/runners/lib/reality-findings.js
+const fs = require("fs");
+const path = require("path");
+function loadLastReality(repoRoot, maxAgeHours = 12) {
+  const p = path.join(repoRoot, ".vibecheck", "reality", "last_reality.json");
+  if (!fs.existsSync(p)) return null;
+  const obj = JSON.parse(fs.readFileSync(p, "utf8"));
+  const finishedAt = obj?.meta?.finishedAt ? new Date(obj.meta.finishedAt).getTime() : 0;
+  if (!finishedAt) return null;
+  const ageMs = Date.now() - finishedAt;
+  if (ageMs > maxAgeHours * 3600 * 1000) return null; // stale
+  return obj;
+}
+function findingsFromReality(repoRoot) {
+  const r = loadLastReality(repoRoot);
+  if (!r) return [];
+  const out = [];
+  for (const f of r.findings || []) {
+    // Preserve original category (DeadUI, AuthCoverage, etc.)
+    const category = f.category || "DeadUI";
+    // Generate appropriate fix hints based on category
+    let fixHints;
+    if (category === "AuthCoverage") {
+      fixHints = [
+        "Verify your Next.js matcher config protects this route.",
+        "Ensure middleware redirects unauthenticated users.",
+        "Check that session/auth state is being validated server-side."
+      ];
+    } else {
+      fixHints = [
+        "Ensure the element has a real onClick/handler and it returns a real result.",
+        "If it calls /api/*, ensure the route exists and returns success only on res.ok.",
+        "If it's intentionally disabled, reflect that visually and remove the click affordance."
+      ];
+    }
+    out.push({
+      id: `F_REALITY_${f.id}`,
+      severity: f.severity === "BLOCK" ? "BLOCK" : "WARN",
+      category,
+      title: f.title,
+      why: category === "AuthCoverage"
+        ? "Reality Runner detected an auth boundary violation."
+        : "Reality Runner found a UI interaction that fails in the running app.",
+      confidence: "high",
+      evidence: [
+        {
+          id: `ev_${f.id}`,
+          file: f.page ? String(f.page).replace(/^https?:\/\//, "") : "runtime",
+          lines: "0-0",
+          snippetHash: (f.screenshot || "runtime").slice(0, 80),
+          reason: f.reason
+        }
+      ],
+      fixHints
+    });
+  }
+  // escalate raw runtime console errors into WARN
+  const ce = (r.consoleErrors || []).slice(0, 5);
+  if (ce.length) {
+    out.push({
+      id: "F_REALITY_CONSOLE_ERRORS",
+      severity: "WARN",
+      category: "DeadUI",
+      title: `Console errors observed during Reality run (${ce.length})`,
+      why: "Console errors often correlate with broken UI handlers or missing data paths.",
+      confidence: "med",
+      evidence: [],
+      fixHints: ["Open the Reality report and fix the first error in the consoleErrors list."]
+    });
+  }
+  return out;
+}
+module.exports = { findingsFromReality };

package/bin/runners/lib/redact.js ADDED Viewed

@@ -0,0 +1,29 @@
+// bin/runners/lib/redact.js
+function redactString(s) {
+  if (typeof s !== "string") return s;
+  return s
+    .replace(/(api[_-]?key|secret|token|password)\s*[:=]\s*["']?([^"'\s]{6,})["']?/gi, "$1: [REDACTED]")
+    .replace(/(bearer)\s+([a-z0-9_\-\.=]{12,})/gi, "$1 [REDACTED]")
+    .replace(/sk-[a-z0-9]{16,}/gi, "[REDACTED]")
+    .replace(/[a-z0-9+\/=]{80,}/gi, "[REDACTED_BLOB]");
+}
+function redactObject(obj) {
+  if (obj == null) return obj;
+  if (typeof obj === "string") return redactString(obj);
+  if (typeof obj !== "object") return obj;
+  if (Array.isArray(obj)) return obj.map(redactObject);
+  const out = {};
+  for (const [k, v] of Object.entries(obj)) {
+    if (/api[_-]?key|secret|token|password|private/i.test(k)) {
+      out[k] = "[REDACTED]";
+      continue;
+    }
+    out[k] = redactObject(v);
+  }
+  return out;
+}
+module.exports = { redactObject };

package/bin/runners/lib/replay/capsule-manager.js ADDED Viewed

@@ -0,0 +1,154 @@
+/**
+ * Replay Capsule Manager
+ * Handles saving, loading, and managing replay capsules
+ */
+const fs = require('fs').promises;
+const path = require('path');
+const { v4: uuidv4 } = require('uuid');
+const crypto = require('crypto');
+class CapsuleManager {
+  constructor(basePath) {
+    this.basePath = path.join(basePath, '.vibecheck', 'replays');
+  }
+  async init() {
+    await fs.mkdir(this.basePath, { recursive: true });
+  }
+  async saveCapsule(capsule) {
+    const id = capsule.id || uuidv4();
+    const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
+    const capsuleDir = path.join(this.basePath, `${timestamp}_${id}`);
+    await fs.mkdir(capsuleDir, { recursive: true });
+    // Save metadata
+    const metadata = {
+      id,
+      createdAt: new Date().toISOString(),
+      name: capsule.name || `Replay ${timestamp}`,
+      description: capsule.description || '',
+      tags: capsule.tags || [],
+      steps: capsule.steps ? capsule.steps.length : 0,
+      duration: capsule.duration || 0,
+      status: 'captured',
+      ...capsule.metadata
+    };
+    // Save steps
+    const steps = capsule.steps || [];
+    // Generate deterministic hash for the capsule
+    const hash = crypto
+      .createHash('sha256')
+      .update(JSON.stringify({ metadata, steps }))
+      .digest('hex');
+    metadata.hash = hash;
+    await Promise.all([
+      fs.writeFile(
+        path.join(capsuleDir, 'metadata.json'),
+        JSON.stringify(metadata, null, 2),
+        'utf8'
+      ),
+      fs.writeFile(
+        path.join(capsuleDir, 'steps.json'),
+        JSON.stringify(steps, null, 2),
+        'utf8'
+      )
+    ]);
+    return { id, path: capsuleDir, metadata };
+  }
+  async loadCapsule(capsuleId) {
+    const capsules = await this.listCapsules();
+    const capsule = capsules.find(c => c.id === capsuleId || c.metadata.id === capsuleId);
+    if (!capsule) {
+      throw new Error(`Capsule ${capsuleId} not found`);
+    }
+    const [metadata, steps] = await Promise.all([
+      fs.readFile(path.join(capsule.path, 'metadata.json'), 'utf8')
+        .then(JSON.parse),
+      fs.readFile(path.join(capsule.path, 'steps.json'), 'utf8')
+        .then(JSON.parse)
+    ]);
+    return { metadata, steps };
+  }
+  async listCapsules() {
+    try {
+      const dirs = await fs.readdir(this.basePath, { withFileTypes: true });
+      const capsules = [];
+      for (const dir of dirs) {
+        if (!dir.isDirectory()) continue;
+        try {
+          const metadataPath = path.join(this.basePath, dir.name, 'metadata.json');
+          const metadata = JSON.parse(await fs.readFile(metadataPath, 'utf8'));
+          capsules.push({
+            id: metadata.id,
+            name: metadata.name,
+            path: path.join(this.basePath, dir.name),
+            metadata,
+            timestamp: new Date(metadata.createdAt).getTime()
+          });
+        } catch (err) {
+          console.error(`Error loading capsule ${dir.name}:`, err.message);
+        }
+      }
+      // Sort by timestamp, newest first
+      return capsules.sort((a, b) => b.timestamp - a.timestamp);
+    } catch (err) {
+      if (err.code === 'ENOENT') {
+        return [];
+      }
+      throw err;
+    }
+  }
+  async deleteCapsule(capsuleId) {
+    const capsules = await this.listCapsules();
+    const capsule = capsules.find(c => c.id === capsuleId || c.metadata.id === capsuleId);
+    if (!capsule) {
+      throw new Error(`Capsule ${capsuleId} not found`);
+    }
+    await fs.rm(capsule.path, { recursive: true, force: true });
+    return true;
+  }
+  async exportCapsule(capsuleId, outputPath) {
+    const { metadata, steps } = await this.loadCapsule(capsuleId);
+    const exportData = { metadata, steps };
+    await fs.writeFile(
+      outputPath,
+      JSON.stringify(exportData, null, 2),
+      'utf8'
+    );
+    return outputPath;
+  }
+  async importCapsule(filePath) {
+    const data = JSON.parse(await fs.readFile(filePath, 'utf8'));
+    return this.saveCapsule({
+      ...data.metadata,
+      steps: data.steps,
+      imported: true
+    });
+  }
+}
+module.exports = CapsuleManager;