npm - @vibecheckai/cli - Versions diffs - 2.8.2 → 3.0.0 - Mend

@vibecheckai/cli 2.8.2 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (454) hide show

package/README.md +8 -8
package/bin/_deprecations.js +35 -0
package/bin/_router.js +46 -0
package/bin/cli-hygiene.js +241 -0
package/bin/guardrail.js +834 -0
package/bin/runners/cli-utils.js +1070 -0
package/bin/runners/context/ai-task-decomposer.js +337 -0
package/bin/runners/context/analyzer.js +462 -0
package/bin/runners/context/api-contracts.js +427 -0
package/bin/runners/context/context-diff.js +342 -0
package/bin/runners/context/context-pruner.js +291 -0
package/bin/runners/context/dependency-graph.js +414 -0
package/bin/runners/context/generators/claude.js +107 -0
package/bin/runners/context/generators/codex.js +108 -0
package/bin/runners/context/generators/copilot.js +119 -0
package/bin/runners/context/generators/cursor.js +514 -0
package/bin/runners/context/generators/mcp.js +151 -0
package/bin/runners/context/generators/windsurf.js +180 -0
package/bin/runners/context/git-context.js +302 -0
package/bin/runners/context/index.js +1042 -0
package/bin/runners/context/insights.js +173 -0
package/bin/runners/context/mcp-server/generate-rules.js +337 -0
package/bin/runners/context/mcp-server/index.js +1176 -0
package/bin/runners/context/mcp-server/package.json +24 -0
package/bin/runners/context/memory.js +200 -0
package/bin/runners/context/monorepo.js +215 -0
package/bin/runners/context/multi-repo-federation.js +404 -0
package/bin/runners/context/patterns.js +253 -0
package/bin/runners/context/proof-context.js +972 -0
package/bin/runners/context/security-scanner.js +303 -0
package/bin/runners/context/semantic-search.js +350 -0
package/bin/runners/context/shared.js +264 -0
package/bin/runners/context/team-conventions.js +310 -0
package/bin/runners/lib/ai-bridge.js +416 -0
package/bin/runners/lib/analysis-core.js +271 -0
package/bin/runners/lib/analyzers.js +541 -0
package/bin/runners/lib/audit-bridge.js +391 -0
package/bin/runners/lib/auth-truth.js +193 -0
package/bin/runners/lib/auth.js +215 -0
package/bin/runners/lib/backup.js +62 -0
package/bin/runners/lib/billing.js +107 -0
package/bin/runners/lib/claims.js +118 -0
package/bin/runners/lib/cli-ui.js +540 -0
package/bin/runners/lib/compliance-bridge-new.js +0 -0
package/bin/runners/lib/compliance-bridge.js +165 -0
package/bin/runners/lib/contracts/auth-contract.js +194 -0
package/bin/runners/lib/contracts/env-contract.js +178 -0
package/bin/runners/lib/contracts/external-contract.js +198 -0
package/bin/runners/lib/contracts/guard.js +168 -0
package/bin/runners/lib/contracts/index.js +89 -0
package/bin/runners/lib/contracts/plan-validator.js +311 -0
package/bin/runners/lib/contracts/route-contract.js +192 -0
package/bin/runners/lib/detect.js +89 -0
package/bin/runners/lib/doctor/autofix.js +254 -0
package/bin/runners/lib/doctor/index.js +37 -0
package/bin/runners/lib/doctor/modules/dependencies.js +325 -0
package/bin/runners/lib/doctor/modules/index.js +46 -0
package/bin/runners/lib/doctor/modules/network.js +250 -0
package/bin/runners/lib/doctor/modules/project.js +312 -0
package/bin/runners/lib/doctor/modules/runtime.js +224 -0
package/bin/runners/lib/doctor/modules/security.js +348 -0
package/bin/runners/lib/doctor/modules/system.js +213 -0
package/bin/runners/lib/doctor/modules/vibecheck.js +394 -0
package/bin/runners/lib/doctor/reporter.js +262 -0
package/bin/runners/lib/doctor/service.js +262 -0
package/bin/runners/lib/doctor/types.js +113 -0
package/bin/runners/lib/doctor/ui.js +263 -0
package/bin/runners/lib/doctor-enhanced.js +233 -0
package/bin/runners/lib/doctor-v2.js +608 -0
package/bin/runners/lib/enforcement.js +72 -0
package/bin/runners/lib/enterprise-detect.js +603 -0
package/bin/runners/lib/enterprise-init.js +942 -0
package/bin/runners/lib/entitlements-v2.js +381 -0
package/bin/runners/lib/entitlements.generated.js +0 -0
package/bin/runners/lib/entitlements.js +332 -0
package/bin/runners/lib/env-template.js +66 -0
package/bin/runners/lib/env.js +189 -0
package/bin/runners/lib/error-handler.js +320 -0
package/bin/runners/lib/firewall-prompt.js +50 -0
package/bin/runners/lib/graph/graph-builder.js +265 -0
package/bin/runners/lib/graph/html-renderer.js +413 -0
package/bin/runners/lib/graph/index.js +32 -0
package/bin/runners/lib/graph/runtime-collector.js +215 -0
package/bin/runners/lib/graph/static-extractor.js +518 -0
package/bin/runners/lib/init-wizard.js +308 -0
package/bin/runners/lib/json-output.js +76 -0
package/bin/runners/lib/llm.js +75 -0
package/bin/runners/lib/meter.js +61 -0
package/bin/runners/lib/missions/evidence.js +126 -0
package/bin/runners/lib/missions/plan.js +69 -0
package/bin/runners/lib/missions/templates.js +147 -0
package/bin/runners/lib/patch.js +40 -0
package/bin/runners/lib/permissions/auth-model.js +213 -0
package/bin/runners/lib/permissions/idor-prover.js +205 -0
package/bin/runners/lib/permissions/index.js +45 -0
package/bin/runners/lib/permissions/matrix-builder.js +198 -0
package/bin/runners/lib/pkgjson.js +28 -0
package/bin/runners/lib/preflight.js +142 -0
package/bin/runners/lib/reality-findings.js +84 -0
package/bin/runners/lib/redact.js +29 -0
package/bin/runners/lib/replay/capsule-manager.js +154 -0
package/bin/runners/lib/replay/index.js +263 -0
package/bin/runners/lib/replay/player.js +348 -0
package/bin/runners/lib/replay/recorder.js +331 -0
package/bin/runners/lib/report-engine.js +447 -0
package/bin/runners/lib/report-html.js +1117 -0
package/bin/runners/lib/report-templates.js +964 -0
package/bin/runners/lib/route-detection.js +1140 -0
package/bin/runners/lib/route-truth.js +477 -0
package/bin/runners/lib/sandbox/index.js +59 -0
package/bin/runners/lib/sandbox/proof-chain.js +399 -0
package/bin/runners/lib/sandbox/sandbox-runner.js +205 -0
package/bin/runners/lib/sandbox/worktree.js +174 -0
package/bin/runners/lib/scan-cache.js +330 -0
package/bin/runners/lib/scan-output-schema.js +344 -0
package/bin/runners/lib/score-history.js +282 -0
package/bin/runners/lib/security-bridge.js +249 -0
package/bin/runners/lib/server-usage.js +513 -0
package/bin/runners/lib/share-pack.js +239 -0
package/bin/runners/lib/snippets.js +67 -0
package/bin/runners/lib/truth.js +667 -0
package/bin/runners/lib/unified-output.js +189 -0
package/bin/runners/lib/validate-patch.js +156 -0
package/bin/runners/lib/verification.js +345 -0
package/bin/runners/reality/engine.js +917 -0
package/bin/runners/reality/flows.js +122 -0
package/bin/runners/reality/report.js +378 -0
package/bin/runners/reality/session.js +193 -0
package/bin/runners/runAIAgent.js +2 -0
package/bin/runners/runAudit.js +2 -0
package/bin/runners/runAuth.js +106 -0
package/bin/runners/runAutopilot.js +2 -0
package/bin/runners/runBadge.js +2 -0
package/bin/runners/runCertify.js +2 -0
package/bin/runners/runClaimVerifier.js +483 -0
package/bin/runners/runContext.js +56 -0
package/bin/runners/runContextCompiler.js +385 -0
package/bin/runners/runCtx.js +187 -0
package/bin/runners/runCtxGuard.js +176 -0
package/bin/runners/runCtxSync.js +116 -0
package/bin/runners/runDashboard.js +10 -0
package/bin/runners/runDoctor.js +245 -0
package/bin/runners/runEnhancedShip.js +2 -0
package/bin/runners/runFix.js +735 -0
package/bin/runners/runFixPacks.js +2 -0
package/bin/runners/runGate.js +17 -0
package/bin/runners/runGraph.js +283 -0
package/bin/runners/runInit.js +260 -0
package/bin/runners/runInitGha.js +101 -0
package/bin/runners/runInstall.js +76 -0
package/bin/runners/runInteractive.js +388 -0
package/bin/runners/runLaunch.js +2 -0
package/bin/runners/runMcp.js +19 -0
package/bin/runners/runMdc.js +2 -0
package/bin/runners/runMissionGenerator.js +282 -0
package/bin/runners/runNaturalLanguage.js +3 -0
package/bin/runners/runPR.js +96 -0
package/bin/runners/runPermissions.js +290 -0
package/bin/runners/runPromptFirewall.js +211 -0
package/bin/runners/runProof.js +2 -0
package/bin/runners/runProve.js +392 -0
package/bin/runners/runReality.js +489 -0
package/bin/runners/runRealitySniff.js +2 -0
package/bin/runners/runReplay.js +469 -0
package/bin/runners/runReport.js +478 -0
package/bin/runners/runScan.js +835 -0
package/bin/runners/runShare.js +34 -0
package/bin/runners/runShip.js +1062 -0
package/bin/runners/runStatus.js +136 -0
package/bin/runners/runTruthpack.js +634 -0
package/bin/runners/runUpgrade.js +2 -0
package/bin/runners/runValidate.js +2 -0
package/bin/runners/runVerifyAgentOutput.js +2 -0
package/bin/runners/runWatch.js +230 -0
package/bin/runners/utils.js +360 -0
package/bin/scan.js +612 -0
package/bin/vibecheck.js +834 -0
package/package.json +11 -11
package/dist/autopatch/verified-autopatch.d.ts +0 -111
package/dist/autopatch/verified-autopatch.d.ts.map +0 -1
package/dist/autopatch/verified-autopatch.js +0 -503
package/dist/autopatch/verified-autopatch.js.map +0 -1
package/dist/bundles/index.js +0 -8
package/dist/bundles/vibecheck-core.js +0 -25799
package/dist/bundles/vibecheck-security.js +0 -208693
package/dist/bundles/vibecheck-ship.js +0 -2318
package/dist/commands/baseline.d.ts +0 -7
package/dist/commands/baseline.d.ts.map +0 -1
package/dist/commands/baseline.js +0 -79
package/dist/commands/baseline.js.map +0 -1
package/dist/commands/cache.d.ts +0 -13
package/dist/commands/cache.d.ts.map +0 -1
package/dist/commands/cache.js +0 -165
package/dist/commands/cache.js.map +0 -1
package/dist/commands/checkpoint.d.ts +0 -8
package/dist/commands/checkpoint.d.ts.map +0 -1
package/dist/commands/checkpoint.js +0 -35
package/dist/commands/checkpoint.js.map +0 -1
package/dist/commands/doctor.d.ts +0 -17
package/dist/commands/doctor.d.ts.map +0 -1
package/dist/commands/doctor.js +0 -226
package/dist/commands/doctor.js.map +0 -1
package/dist/commands/evidence.d.ts +0 -45
package/dist/commands/evidence.d.ts.map +0 -1
package/dist/commands/evidence.js +0 -197
package/dist/commands/evidence.js.map +0 -1
package/dist/commands/explain.d.ts +0 -8
package/dist/commands/explain.d.ts.map +0 -1
package/dist/commands/explain.js +0 -52
package/dist/commands/explain.js.map +0 -1
package/dist/commands/fix-consolidated.d.ts +0 -19
package/dist/commands/fix-consolidated.d.ts.map +0 -1
package/dist/commands/fix-consolidated.js +0 -165
package/dist/commands/fix-consolidated.js.map +0 -1
package/dist/commands/index.d.ts +0 -8
package/dist/commands/index.d.ts.map +0 -1
package/dist/commands/index.js +0 -15
package/dist/commands/index.js.map +0 -1
package/dist/commands/init.d.ts +0 -8
package/dist/commands/init.d.ts.map +0 -1
package/dist/commands/init.js +0 -125
package/dist/commands/init.js.map +0 -1
package/dist/commands/launcher.d.ts +0 -10
package/dist/commands/launcher.d.ts.map +0 -1
package/dist/commands/launcher.js +0 -174
package/dist/commands/launcher.js.map +0 -1
package/dist/commands/on.d.ts +0 -8
package/dist/commands/on.d.ts.map +0 -1
package/dist/commands/on.js +0 -123
package/dist/commands/on.js.map +0 -1
package/dist/commands/replay.d.ts +0 -8
package/dist/commands/replay.d.ts.map +0 -1
package/dist/commands/replay.js +0 -52
package/dist/commands/replay.js.map +0 -1
package/dist/commands/scan-consolidated.d.ts +0 -61
package/dist/commands/scan-consolidated.d.ts.map +0 -1
package/dist/commands/scan-consolidated.js +0 -243
package/dist/commands/scan-consolidated.js.map +0 -1
package/dist/commands/scan-secrets.d.ts +0 -47
package/dist/commands/scan-secrets.d.ts.map +0 -1
package/dist/commands/scan-secrets.js +0 -225
package/dist/commands/scan-secrets.js.map +0 -1
package/dist/commands/scan-vulnerabilities-enhanced.d.ts +0 -41
package/dist/commands/scan-vulnerabilities-enhanced.d.ts.map +0 -1
package/dist/commands/scan-vulnerabilities-enhanced.js +0 -368
package/dist/commands/scan-vulnerabilities-enhanced.js.map +0 -1
package/dist/commands/scan-vulnerabilities-osv.d.ts +0 -58
package/dist/commands/scan-vulnerabilities-osv.d.ts.map +0 -1
package/dist/commands/scan-vulnerabilities-osv.js +0 -722
package/dist/commands/scan-vulnerabilities-osv.js.map +0 -1
package/dist/commands/scan-vulnerabilities.d.ts +0 -32
package/dist/commands/scan-vulnerabilities.d.ts.map +0 -1
package/dist/commands/scan-vulnerabilities.js +0 -283
package/dist/commands/scan-vulnerabilities.js.map +0 -1
package/dist/commands/secrets-allowlist.d.ts +0 -7
package/dist/commands/secrets-allowlist.d.ts.map +0 -1
package/dist/commands/secrets-allowlist.js +0 -85
package/dist/commands/secrets-allowlist.js.map +0 -1
package/dist/commands/ship-consolidated.d.ts +0 -58
package/dist/commands/ship-consolidated.d.ts.map +0 -1
package/dist/commands/ship-consolidated.js +0 -515
package/dist/commands/ship-consolidated.js.map +0 -1
package/dist/commands/stats.d.ts +0 -8
package/dist/commands/stats.d.ts.map +0 -1
package/dist/commands/stats.js +0 -134
package/dist/commands/stats.js.map +0 -1
package/dist/commands/upgrade.d.ts +0 -8
package/dist/commands/upgrade.d.ts.map +0 -1
package/dist/commands/upgrade.js +0 -30
package/dist/commands/upgrade.js.map +0 -1
package/dist/fix/applicator.d.ts +0 -44
package/dist/fix/applicator.d.ts.map +0 -1
package/dist/fix/applicator.js +0 -144
package/dist/fix/applicator.js.map +0 -1
package/dist/fix/backup.d.ts +0 -38
package/dist/fix/backup.d.ts.map +0 -1
package/dist/fix/backup.js +0 -154
package/dist/fix/backup.js.map +0 -1
package/dist/fix/engine.d.ts +0 -55
package/dist/fix/engine.d.ts.map +0 -1
package/dist/fix/engine.js +0 -285
package/dist/fix/engine.js.map +0 -1
package/dist/fix/index.d.ts +0 -5
package/dist/fix/index.d.ts.map +0 -1
package/dist/fix/index.js +0 -12
package/dist/fix/index.js.map +0 -1
package/dist/fix/interactive.d.ts +0 -22
package/dist/fix/interactive.d.ts.map +0 -1
package/dist/fix/interactive.js +0 -172
package/dist/fix/interactive.js.map +0 -1
package/dist/formatters/index.d.ts +0 -6
package/dist/formatters/index.d.ts.map +0 -1
package/dist/formatters/index.js +0 -11
package/dist/formatters/index.js.map +0 -1
package/dist/formatters/sarif-enhanced.d.ts +0 -78
package/dist/formatters/sarif-enhanced.d.ts.map +0 -1
package/dist/formatters/sarif-enhanced.js +0 -144
package/dist/formatters/sarif-enhanced.js.map +0 -1
package/dist/formatters/sarif-v2.d.ts +0 -121
package/dist/formatters/sarif-v2.d.ts.map +0 -1
package/dist/formatters/sarif-v2.js +0 -356
package/dist/formatters/sarif-v2.js.map +0 -1
package/dist/formatters/sarif.d.ts +0 -72
package/dist/formatters/sarif.d.ts.map +0 -1
package/dist/formatters/sarif.js +0 -146
package/dist/formatters/sarif.js.map +0 -1
package/dist/index.d.ts +0 -61
package/dist/index.d.ts.map +0 -1
package/dist/index.js +0 -4388
package/dist/index.js.map +0 -1
package/dist/init/ci-generator.d.ts +0 -18
package/dist/init/ci-generator.d.ts.map +0 -1
package/dist/init/ci-generator.js +0 -317
package/dist/init/ci-generator.js.map +0 -1
package/dist/init/detect-framework.d.ts +0 -15
package/dist/init/detect-framework.d.ts.map +0 -1
package/dist/init/detect-framework.js +0 -301
package/dist/init/detect-framework.js.map +0 -1
package/dist/init/hooks-installer.d.ts +0 -22
package/dist/init/hooks-installer.d.ts.map +0 -1
package/dist/init/hooks-installer.js +0 -310
package/dist/init/hooks-installer.js.map +0 -1
package/dist/init/index.d.ts +0 -8
package/dist/init/index.d.ts.map +0 -1
package/dist/init/index.js +0 -22
package/dist/init/index.js.map +0 -1
package/dist/init/templates.d.ts +0 -402
package/dist/init/templates.d.ts.map +0 -1
package/dist/init/templates.js +0 -240
package/dist/init/templates.js.map +0 -1
package/dist/mcp/server.d.ts +0 -12
package/dist/mcp/server.d.ts.map +0 -1
package/dist/mcp/server.js +0 -42
package/dist/mcp/server.js.map +0 -1
package/dist/mcp/telemetry.d.ts +0 -40
package/dist/mcp/telemetry.d.ts.map +0 -1
package/dist/mcp/telemetry.js +0 -98
package/dist/mcp/telemetry.js.map +0 -1
package/dist/reality/no-dead-buttons/button-sweep-generator.d.ts +0 -32
package/dist/reality/no-dead-buttons/button-sweep-generator.d.ts.map +0 -1
package/dist/reality/no-dead-buttons/button-sweep-generator.js +0 -236
package/dist/reality/no-dead-buttons/button-sweep-generator.js.map +0 -1
package/dist/reality/no-dead-buttons/index.d.ts +0 -11
package/dist/reality/no-dead-buttons/index.d.ts.map +0 -1
package/dist/reality/no-dead-buttons/index.js +0 -18
package/dist/reality/no-dead-buttons/index.js.map +0 -1
package/dist/reality/no-dead-buttons/static-scanner.d.ts +0 -34
package/dist/reality/no-dead-buttons/static-scanner.d.ts.map +0 -1
package/dist/reality/no-dead-buttons/static-scanner.js +0 -230
package/dist/reality/no-dead-buttons/static-scanner.js.map +0 -1
package/dist/reality/reality-graph.d.ts +0 -192
package/dist/reality/reality-graph.d.ts.map +0 -1
package/dist/reality/reality-graph.js +0 -600
package/dist/reality/reality-graph.js.map +0 -1
package/dist/reality/reality-runner.d.ts +0 -89
package/dist/reality/reality-runner.d.ts.map +0 -1
package/dist/reality/reality-runner.js +0 -540
package/dist/reality/reality-runner.js.map +0 -1
package/dist/reality/receipt-generator.d.ts +0 -152
package/dist/reality/receipt-generator.d.ts.map +0 -1
package/dist/reality/receipt-generator.js +0 -495
package/dist/reality/receipt-generator.js.map +0 -1
package/dist/reality/runtime-tracer.d.ts +0 -75
package/dist/reality/runtime-tracer.d.ts.map +0 -1
package/dist/reality/runtime-tracer.js +0 -109
package/dist/reality/runtime-tracer.js.map +0 -1
package/dist/runtime/auth-utils.d.ts +0 -43
package/dist/runtime/auth-utils.d.ts.map +0 -1
package/dist/runtime/auth-utils.js +0 -130
package/dist/runtime/auth-utils.js.map +0 -1
package/dist/runtime/client.d.ts +0 -74
package/dist/runtime/client.d.ts.map +0 -1
package/dist/runtime/client.js +0 -222
package/dist/runtime/client.js.map +0 -1
package/dist/runtime/creds.d.ts +0 -48
package/dist/runtime/creds.d.ts.map +0 -1
package/dist/runtime/creds.js +0 -245
package/dist/runtime/creds.js.map +0 -1
package/dist/runtime/exit-codes.d.ts +0 -49
package/dist/runtime/exit-codes.d.ts.map +0 -1
package/dist/runtime/exit-codes.js +0 -93
package/dist/runtime/exit-codes.js.map +0 -1
package/dist/runtime/index.d.ts +0 -9
package/dist/runtime/index.d.ts.map +0 -1
package/dist/runtime/index.js +0 -25
package/dist/runtime/index.js.map +0 -1
package/dist/runtime/json-output.d.ts +0 -42
package/dist/runtime/json-output.d.ts.map +0 -1
package/dist/runtime/json-output.js +0 -59
package/dist/runtime/json-output.js.map +0 -1
package/dist/runtime/semver.d.ts +0 -37
package/dist/runtime/semver.d.ts.map +0 -1
package/dist/runtime/semver.js +0 -110
package/dist/runtime/semver.js.map +0 -1
package/dist/scan/dead-ui-detector.d.ts +0 -48
package/dist/scan/dead-ui-detector.d.ts.map +0 -1
package/dist/scan/dead-ui-detector.js +0 -170
package/dist/scan/dead-ui-detector.js.map +0 -1
package/dist/scan/playwright-sweep.d.ts +0 -40
package/dist/scan/playwright-sweep.d.ts.map +0 -1
package/dist/scan/playwright-sweep.js +0 -216
package/dist/scan/playwright-sweep.js.map +0 -1
package/dist/scan/proof-bundle.d.ts +0 -25
package/dist/scan/proof-bundle.d.ts.map +0 -1
package/dist/scan/proof-bundle.js +0 -203
package/dist/scan/proof-bundle.js.map +0 -1
package/dist/scan/proof-graph.d.ts +0 -59
package/dist/scan/proof-graph.d.ts.map +0 -1
package/dist/scan/proof-graph.js +0 -64
package/dist/scan/proof-graph.js.map +0 -1
package/dist/scan/reality-sniff.d.ts +0 -56
package/dist/scan/reality-sniff.d.ts.map +0 -1
package/dist/scan/reality-sniff.js +0 -200
package/dist/scan/reality-sniff.js.map +0 -1
package/dist/scan/structural-verifier.d.ts +0 -20
package/dist/scan/structural-verifier.d.ts.map +0 -1
package/dist/scan/structural-verifier.js +0 -112
package/dist/scan/structural-verifier.js.map +0 -1
package/dist/scan/verification-engine.d.ts +0 -47
package/dist/scan/verification-engine.d.ts.map +0 -1
package/dist/scan/verification-engine.js +0 -141
package/dist/scan/verification-engine.js.map +0 -1
package/dist/scanner/baseline.d.ts +0 -52
package/dist/scanner/baseline.d.ts.map +0 -1
package/dist/scanner/baseline.js +0 -85
package/dist/scanner/baseline.js.map +0 -1
package/dist/scanner/incremental.d.ts +0 -30
package/dist/scanner/incremental.d.ts.map +0 -1
package/dist/scanner/incremental.js +0 -82
package/dist/scanner/incremental.js.map +0 -1
package/dist/scanner/parallel.d.ts +0 -43
package/dist/scanner/parallel.d.ts.map +0 -1
package/dist/scanner/parallel.js +0 -99
package/dist/scanner/parallel.js.map +0 -1
package/dist/standalone.d.ts +0 -1
package/dist/standalone.d.ts.map +0 -1
package/dist/standalone.js +0 -1
package/dist/standalone.js.map +0 -1
package/dist/truth-pack/index.d.ts +0 -102
package/dist/truth-pack/index.d.ts.map +0 -1
package/dist/truth-pack/index.js +0 -694
package/dist/truth-pack/index.js.map +0 -1
package/dist/ui/frame.d.ts +0 -68
package/dist/ui/frame.d.ts.map +0 -1
package/dist/ui/frame.js +0 -165
package/dist/ui/frame.js.map +0 -1
package/dist/ui/index.d.ts +0 -5
package/dist/ui/index.d.ts.map +0 -1
package/dist/ui/index.js +0 -16
package/dist/ui/index.js.map +0 -1
package/dist/ui.d.ts +0 -36
package/dist/ui.d.ts.map +0 -1
package/dist/ui.js +0 -45
package/dist/ui.js.map +0 -1

package/bin/runners/runFixPacks.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ async function runFixPacks(args) { console.log("Fix packs not yet implemented"); return 0; }
2	+ module.exports = { runFixPacks };

package/bin/runners/runGate.js ADDED Viewed

@@ -0,0 +1,17 @@
+// bin/runners/runGate.js
+// CI/CD gate command - wraps ship for pass/fail CI pipelines
+const { runShip } = require("./runShip");
+async function runGate(args) {
+  // Gate is essentially ship with strict exit codes for CI
+  // Pass through args to ship
+  const exitCode = await runShip([...args, "--ci"]);
+  // Exit codes:
+  // 0 = SHIP (pass)
+  // 1 = WARN (pass by default, fail with --strict)
+  // 2 = BLOCK (fail)
+  return exitCode;
+}
+module.exports = { runGate };

package/bin/runners/runGraph.js ADDED Viewed

@@ -0,0 +1,283 @@
+/**
+ * vibecheck graph - Reality Proof Graph
+ *
+ * Builds and visualizes the complete causal chain:
+ * UI action → client function → network call → server route → handler → DB/external
+ *
+ * Identifies broken edges that indicate:
+ * - Routes referenced but don't exist
+ * - Routes that fail at runtime
+ * - UI showing success but server returning errors
+ */
+"use strict";
+const path = require("path");
+const fs = require("fs");
+const { buildTruthpack, loadTruthpack } = require("./lib/truth");
+const {
+  extractStaticGraph,
+  buildProofGraph,
+  getFindingsFromGraph,
+  renderGraphHtml,
+  renderGraphMermaid,
+  generateFetchWrapper,
+  collectRequests,
+  buildRuntimeEdges,
+  mergeRuntimeResults
+} = require("./lib/graph");
+const c = {
+  reset: '\x1b[0m',
+  bold: '\x1b[1m',
+  dim: '\x1b[2m',
+  green: '\x1b[32m',
+  yellow: '\x1b[33m',
+  cyan: '\x1b[36m',
+  red: '\x1b[31m',
+  blue: '\x1b[34m',
+};
+function ensureDir(p) {
+  fs.mkdirSync(p, { recursive: true });
+}
+async function runGraph(args) {
+  const opts = parseArgs(args);
+  if (opts.help) {
+    printHelp();
+    return 0;
+  }
+  const root = path.resolve(opts.path || process.cwd());
+  const outDir = path.join(root, ".vibecheck", "graph");
+  ensureDir(outDir);
+  console.log(`\n${c.cyan}${c.bold}🔍 vibecheck graph${c.reset}`);
+  console.log(`${c.dim}Building Reality Proof Graph...${c.reset}\n`);
+  // Load or build truthpack
+  let truthpack = loadTruthpack(root);
+  if (!truthpack) {
+    console.log(`${c.dim}Building truthpack...${c.reset}`);
+    truthpack = await buildTruthpack({ repoRoot: root, fastifyEntry: opts.fastifyEntry });
+  }
+  // Extract static graph
+  console.log(`${c.dim}Extracting static edges...${c.reset}`);
+  const staticData = await extractStaticGraph(root, truthpack);
+  // Build proof graph
+  let graph = buildProofGraph({
+    nodes: staticData.nodes,
+    edges: staticData.edges,
+    meta: { repoRoot: root }
+  });
+  // Runtime verification (optional)
+  if (opts.runtime && opts.url) {
+    console.log(`${c.dim}Collecting runtime edges from ${opts.url}...${c.reset}`);
+    try {
+      const runtimeEdges = await collectRuntimeEdges(opts.url, graph, opts);
+      graph = mergeRuntimeResults(graph, runtimeEdges);
+    } catch (e) {
+      console.log(`${c.yellow}⚠️ Runtime collection failed: ${e.message}${c.reset}`);
+    }
+  }
+  // Get findings from broken edges
+  const findings = getFindingsFromGraph(graph);
+  // Write outputs
+  fs.writeFileSync(path.join(outDir, "graph.json"), JSON.stringify(graph, null, 2), "utf8");
+  if (!opts.jsonOnly) {
+    const html = renderGraphHtml(graph);
+    fs.writeFileSync(path.join(outDir, "graph.html"), html, "utf8");
+    const mermaid = renderGraphMermaid(graph);
+    fs.writeFileSync(path.join(outDir, "graph.mmd"), mermaid, "utf8");
+  }
+  if (findings.length > 0) {
+    fs.writeFileSync(path.join(outDir, "broken-edges.json"), JSON.stringify(findings, null, 2), "utf8");
+  }
+  // Print summary
+  console.log(`\n${c.bold}Graph Summary${c.reset}`);
+  console.log(`  Nodes: ${graph.nodes.length}`);
+  console.log(`  Valid edges: ${c.green}${graph.edges.length}${c.reset}`);
+  console.log(`  Broken edges: ${graph.brokenEdges.length > 0 ? c.red : c.green}${graph.brokenEdges.length}${c.reset}`);
+  console.log(`  Coverage: ${graph.coverage.percent}%`);
+  if (opts.broken || findings.length > 0) {
+    console.log(`\n${c.bold}Broken Edges${c.reset}`);
+    if (findings.length === 0) {
+      console.log(`  ${c.green}✓ No broken edges found${c.reset}`);
+    } else {
+      for (const f of findings.slice(0, 10)) {
+        const icon = f.severity === "BLOCK" ? `${c.red}✗` : `${c.yellow}⚠`;
+        console.log(`  ${icon} ${f.title}${c.reset}`);
+      }
+      if (findings.length > 10) {
+        console.log(`  ${c.dim}... and ${findings.length - 10} more${c.reset}`);
+      }
+    }
+  }
+  console.log(`\n${c.bold}Output${c.reset}`);
+  console.log(`  ${c.dim}Graph:${c.reset} .vibecheck/graph/graph.json`);
+  if (!opts.jsonOnly) {
+    console.log(`  ${c.dim}Visualization:${c.reset} .vibecheck/graph/graph.html`);
+    console.log(`  ${c.dim}Mermaid:${c.reset} .vibecheck/graph/graph.mmd`);
+  }
+  if (findings.length > 0) {
+    console.log(`  ${c.dim}Broken edges:${c.reset} .vibecheck/graph/broken-edges.json`);
+  }
+  if (opts.view && !opts.jsonOnly) {
+    const htmlPath = path.join(outDir, "graph.html");
+    console.log(`\n${c.dim}Opening graph visualization...${c.reset}`);
+    // Cross-platform open
+    const { exec } = require("child_process");
+    const cmd = process.platform === "win32" ? `start "" "${htmlPath}"` :
+                process.platform === "darwin" ? `open "${htmlPath}"` :
+                `xdg-open "${htmlPath}"`;
+    exec(cmd);
+  }
+  const blocks = findings.filter(f => f.severity === "BLOCK").length;
+  const warns = findings.filter(f => f.severity === "WARN").length;
+  console.log(`\n${c.bold}Verdict:${c.reset} ${blocks ? `${c.red}🛑 BLOCK${c.reset}` : warns ? `${c.yellow}⚠️ WARN${c.reset}` : `${c.green}✅ CLEAN${c.reset}`}`);
+  return blocks ? 2 : warns ? 1 : 0;
+}
+async function collectRuntimeEdges(url, staticGraph, opts) {
+  let chromium;
+  try {
+    chromium = require("playwright").chromium;
+  } catch {
+    throw new Error("Playwright not installed. Run: npm i -D playwright");
+  }
+  const browser = await chromium.launch({ headless: !opts.headed });
+  const context = await browser.newContext();
+  const page = await context.newPage();
+  // Inject fetch wrapper
+  await page.addInitScript(generateFetchWrapper());
+  // Navigate and interact
+  await page.goto(url, { waitUntil: "domcontentloaded" });
+  await page.waitForLoadState("networkidle", { timeout: 10000 }).catch(() => {});
+  // Click some interactive elements to trigger requests
+  const buttons = await page.locator("button, a[href^='/'], [role='button']").all();
+  for (const btn of buttons.slice(0, 10)) {
+    try {
+      await btn.click({ timeout: 1000 });
+      await page.waitForTimeout(500);
+    } catch {
+      // Ignore click failures
+    }
+  }
+  // Collect requests
+  const requests = await collectRequests(page);
+  await browser.close();
+  // Build runtime edges
+  return buildRuntimeEdges(requests, staticGraph);
+}
+function parseArgs(args) {
+  const opts = {
+    path: process.cwd(),
+    url: null,
+    runtime: false,
+    view: false,
+    broken: false,
+    jsonOnly: false,
+    headed: false,
+    fastifyEntry: null,
+    help: false,
+  };
+  for (let i = 0; i < args.length; i++) {
+    const arg = args[i];
+    if (arg === "--build") continue; // Default behavior
+    else if (arg === "--runtime") opts.runtime = true;
+    else if (arg === "--url") opts.url = args[++i];
+    else if (arg === "--view") opts.view = true;
+    else if (arg === "--broken") opts.broken = true;
+    else if (arg === "--json") opts.jsonOnly = true;
+    else if (arg === "--headed") opts.headed = true;
+    else if (arg === "--fastify-entry") opts.fastifyEntry = args[++i];
+    else if (arg === "--path" || arg === "-p") opts.path = args[++i];
+    else if (arg === "--help" || arg === "-h") opts.help = true;
+  }
+  return opts;
+}
+function printHelp() {
+  console.log(`
+${c.cyan}${c.bold}🔍 vibecheck graph${c.reset} - Reality Proof Graph
+Build and visualize the complete causal chain from UI to database.
+Identify broken edges that indicate missing routes, runtime failures, or causal contradictions.
+${c.bold}USAGE${c.reset}
+  vibecheck graph                              ${c.dim}# Build static graph${c.reset}
+  vibecheck graph --runtime --url http://...   ${c.dim}# Add runtime edges${c.reset}
+  vibecheck graph --view                       ${c.dim}# Open visualization${c.reset}
+  vibecheck graph --broken                     ${c.dim}# List broken edges${c.reset}
+${c.bold}OPTIONS${c.reset}
+  --build              Build static graph (default)
+  --runtime            Collect runtime edges via Playwright
+  --url <url>          Target URL for runtime collection
+  --view               Open interactive HTML visualization
+  --broken             Show only broken edges
+  --json               Output JSON only (no HTML/Mermaid)
+  --headed             Run browser in headed mode
+  --fastify-entry      Fastify entry file (e.g. src/server.ts)
+  --path, -p           Project path (default: current directory)
+  --help, -h           Show this help
+${c.bold}GRAPH NODES${c.reset}
+  • UI Action          onClick, onSubmit, etc.
+  • Client Function    Functions that make network calls
+  • Network Call       fetch(), axios.*()
+  • Server Route       Next API routes, Fastify routes
+  • Handler            Route handler functions
+  • DB Call            Prisma, raw SQL
+  • External Call      Stripe, GitHub, etc.
+${c.bold}BROKEN EDGE TYPES${c.reset}
+  • ${c.red}MissingRoute${c.reset}        Route referenced but doesn't exist
+  • ${c.red}RuntimeFailure${c.reset}      Route returns 4xx/5xx at runtime
+  • ${c.red}CausalContradiction${c.reset} UI shows success but server returned error
+${c.bold}OUTPUT${c.reset}
+  .vibecheck/graph/
+    graph.json          Machine-readable graph
+    graph.html          Interactive D3 visualization
+    graph.mmd           Mermaid diagram
+    broken-edges.json   Broken edges as findings
+${c.bold}EXAMPLES${c.reset}
+  vibecheck graph --view                           ${c.dim}# Build + open visualization${c.reset}
+  vibecheck graph --runtime --url http://localhost:3000 --view
+  vibecheck graph --broken --json                  ${c.dim}# CI mode: just broken edges${c.reset}
+`);
+}
+module.exports = { runGraph };

package/bin/runners/runInit.js ADDED Viewed

@@ -0,0 +1,260 @@
+const fs = require("fs");
+const path = require("path");
+// Use enhanced wizard if available
+let InitWizard;
+try {
+  InitWizard = require("./lib/init-wizard").InitWizard;
+} catch {
+  InitWizard = null;
+}
+// Enterprise init
+let EnterpriseInit;
+try {
+  EnterpriseInit = require("./lib/enterprise-init").EnterpriseInit;
+} catch {
+  EnterpriseInit = null;
+}
+function parseArgs(args) {
+  const out = {
+    path: ".",
+    gitHooks: false,
+    help: false,
+    quick: false,
+    // Enterprise options
+    enterprise: false,
+    ci: false, // true or "github" | "gitlab"
+    compliance: false, // true or "soc2" | "hipaa" | "gdpr" | "pci"
+    team: false,
+    mcp: false,
+    strict: false,
+    failOnWarn: false,
+    detect: false, // Just detect, don't write
+  };
+  for (let i = 0; i < args.length; i++) {
+    const a = args[i];
+    if (a.startsWith("--path=")) out.path = a.split("=")[1];
+    if (a === "--path" || a === "-p") out.path = args[++i];
+    if (a === "--git-hooks") out.gitHooks = true;
+    if (a === "--help" || a === "-h") out.help = true;
+    if (a === "--quick" || a === "-q") out.quick = true;
+    // Enterprise flags
+    if (a === "--enterprise" || a === "-e") out.enterprise = true;
+    if (a === "--ci") {
+      const next = args[i + 1];
+      if (next && !next.startsWith("-")) {
+        out.ci = args[++i];
+      } else {
+        out.ci = true;
+      }
+    }
+    if (a === "--gha" || a === "--github-actions") out.ci = "github";
+    if (a === "--gitlab") out.ci = "gitlab";
+    if (a === "--compliance") {
+      const next = args[i + 1];
+      if (next && !next.startsWith("-")) {
+        out.compliance = args[++i];
+      } else {
+        out.compliance = true;
+      }
+    }
+    if (a === "--soc2") out.compliance = "soc2";
+    if (a === "--hipaa") out.compliance = "hipaa";
+    if (a === "--gdpr") out.compliance = "gdpr";
+    if (a === "--pci") out.compliance = "pci";
+    if (a === "--team") out.team = true;
+    if (a === "--mcp") out.mcp = true;
+    if (a === "--strict") out.strict = true;
+    if (a === "--fail-on-warn") out.failOnWarn = true;
+    if (a === "--detect") out.detect = true;
+    if (a === "--full") {
+      out.enterprise = true;
+      out.ci = true;
+      out.team = true;
+      out.mcp = true;
+    }
+  }
+  return out;
+}
+async function runInit(args) {
+  const opts = parseArgs(args);
+  if (opts.help) {
+    printHelp();
+    return 0;
+  }
+  const targetDir = path.resolve(opts.path);
+  // Enterprise mode - comprehensive setup
+  const useEnterprise = opts.enterprise || opts.ci || opts.compliance ||
+                        opts.team || opts.mcp || opts.detect || opts.full;
+  if (EnterpriseInit && useEnterprise) {
+    const enterprise = new EnterpriseInit(targetDir, opts);
+    return await enterprise.run();
+  }
+  // Detect-only mode (quick detection report)
+  if (opts.detect) {
+    const { detectAll } = require("./lib/enterprise-detect");
+    const detection = detectAll(targetDir);
+    console.log(JSON.stringify(detection, null, 2));
+    return 0;
+  }
+  // Use wizard for interactive setup (unless --quick)
+  if (InitWizard && !opts.quick) {
+    const wizard = new InitWizard(targetDir, opts);
+    return await wizard.run();
+  }
+  // Quick mode - legacy behavior
+  console.log("\n  🚀 vibecheck INIT\n");
+  // Create config file
+  const configPath = path.join(targetDir, ".vibecheckrc");
+  if (!fs.existsSync(configPath)) {
+    const defaultConfig = {
+      version: "1.0.0",
+      checks: ["integrity"],
+      output: ".vibecheck",
+      policy: {
+        allowlist: { domains: [], packages: [] },
+        ignore: { paths: ["node_modules", "__tests__", "*.test.*"] },
+      },
+    };
+    fs.writeFileSync(configPath, JSON.stringify(defaultConfig, null, 2));
+    console.log("  ✅ Created .vibecheckrc");
+  } else {
+    console.log("  ⚠️ .vibecheckrc already exists");
+  }
+  // Create output directory
+  const outputDir = path.join(targetDir, ".vibecheck");
+  if (!fs.existsSync(outputDir)) {
+    fs.mkdirSync(outputDir, { recursive: true });
+    console.log("  ✅ Created .vibecheck/");
+  }
+  // Install git hooks if requested
+  if (opts.gitHooks) {
+    const huskyDir = path.join(targetDir, ".husky");
+    if (!fs.existsSync(huskyDir)) {
+      fs.mkdirSync(huskyDir, { recursive: true });
+    }
+    const prePushHook = `#!/usr/bin/env sh
+. "$(dirname -- "$0")/_/husky.sh"
+echo "🚦 Running vibecheck gate..."
+npx vibecheck gate
+if [ $? -ne 0 ]; then
+  echo "❌ Push blocked: Gate failed!"
+  exit 1
+fi
+`;
+    fs.writeFileSync(path.join(huskyDir, "pre-push"), prePushHook, {
+      mode: 0o755,
+    });
+    console.log("  ✅ Installed git pre-push hook");
+  }
+  // Add to .gitignore
+  const gitignorePath = path.join(targetDir, ".gitignore");
+  if (fs.existsSync(gitignorePath)) {
+    let gitignore = fs.readFileSync(gitignorePath, "utf-8");
+    if (!gitignore.includes(".vibecheck/")) {
+      gitignore += "\n# vibecheck\n.vibecheck/\n";
+      fs.writeFileSync(gitignorePath, gitignore);
+      console.log("  ✅ Added .vibecheck/ to .gitignore");
+    }
+  }
+  console.log("\n  ✅ vibecheck initialized!\n");
+  console.log("  Next steps:");
+  console.log("    1. Run: vibecheck scan");
+  console.log("    2. Review: .vibecheck/report.html");
+  console.log("    3. Fix issues and re-scan\n");
+  return 0;
+}
+function printHelp() {
+  console.log(`
+\x1b[1m\x1b[36m⚡ vibecheck init\x1b[0m — Enterprise Project Setup
+\x1b[2mConfigure your project for production-grade verification.\x1b[0m
+\x1b[1mUSAGE\x1b[0m
+  vibecheck init                    Interactive setup wizard
+  vibecheck init --enterprise       Full enterprise configuration
+  vibecheck init --full             Everything: CI, team, MCP, security
+\x1b[1mBASIC OPTIONS\x1b[0m
+  --path, -p <dir>     Project path (default: current directory)
+  --quick, -q          Skip wizard, use defaults
+  --git-hooks          Install git pre-push hook
+  --help, -h           Show this help
+\x1b[1m\x1b[35mENTERPRISE OPTIONS\x1b[0m
+  --enterprise, -e     Enable enterprise mode (detection + config)
+  --full               All enterprise features (CI + team + MCP)
+  --detect             Detection only (JSON output, no writes)
+\x1b[1m\x1b[33mCI/CD INTEGRATION\x1b[0m
+  --ci [provider]      Setup CI/CD (auto-detects if no provider)
+  --gha                GitHub Actions workflow
+  --gitlab             GitLab CI configuration
+  --fail-on-warn       CI fails on WARN (default: only BLOCK)
+\x1b[1m\x1b[32mCOMPLIANCE TEMPLATES\x1b[0m
+  --compliance [type]  Generate compliance templates
+  --soc2               SOC 2 Type II baseline
+  --hipaa              HIPAA compliance baseline
+  --gdpr               GDPR compliance baseline
+  --pci                PCI-DSS compliance baseline
+\x1b[1m\x1b[34mTEAM & SECURITY\x1b[0m
+  --team               Generate team configuration (multi-env)
+  --mcp                Generate MCP server config (AI agents)
+  --strict             Enable strict mode (zero tolerance)
+\x1b[1mCREATED FILES\x1b[0m
+  .vibecheck/config.json           Main configuration
+  .vibecheck/invariants.yml        Ship killers & warnings
+  .vibecheck/security-policy.json  Security headers, CORS, rate limits
+  .vibecheck/schemas/              JSON validation schemas
+  .vibecheck/team.json             Team/environment config (--team)
+  .vibecheck/mcp.json              MCP server config (--mcp)
+  .vibecheck/compliance/           Compliance templates (--compliance)
+  .github/workflows/vibecheck.yml  GitHub Actions (--gha)
+\x1b[1mEXAMPLES\x1b[0m
+  vibecheck init                         # Interactive wizard
+  vibecheck init --enterprise            # Enterprise config
+  vibecheck init --full                  # Everything
+  vibecheck init --gha                   # + GitHub Actions
+  vibecheck init --gha --fail-on-warn    # Strict CI
+  vibecheck init --soc2                  # + SOC 2 compliance
+  vibecheck init --enterprise --team     # + Team environments
+  vibecheck init --detect                # Detection report only
+\x1b[1mDETECTION INCLUDES\x1b[0m
+  Frameworks    Next.js, Remix, Nuxt, SvelteKit, React, Vue, Fastify, Express, NestJS, Hono
+  Databases     Prisma, Drizzle, Mongoose, Supabase, Firebase, Redis
+  Auth          NextAuth, Clerk, Auth0, Lucia, Passport
+  Payments      Stripe, Lemon Squeezy, Paddle
+  CI/CD         GitHub Actions, GitLab CI, CircleCI, Jenkins
+  Deploy        Vercel, Netlify, Railway, Render, Fly.io, Docker, Kubernetes
+  Testing       Jest, Vitest, Playwright, Cypress
+`);
+}
+module.exports = { runInit };

package/bin/runners/runInitGha.js ADDED Viewed

@@ -0,0 +1,101 @@
+// bin/runners/runInitGha.js
+const fs = require("fs");
+const path = require("path");
+function ensureDir(p) {
+  fs.mkdirSync(p, { recursive: true });
+}
+function workflowYaml({ packageRunner = "npx vibecheck", failOnWarn = false } = {}) {
+  return `name: vibecheck
+on:
+  pull_request:
+permissions:
+  contents: read
+  pull-requests: write
+jobs:
+  vibecheck:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+      - name: Install deps (auto)
+        run: |
+          set -e
+          if [ -f pnpm-lock.yaml ]; then
+            corepack enable
+            pnpm install --frozen-lockfile
+          elif [ -f package-lock.json ]; then
+            npm ci
+          elif [ -f yarn.lock ]; then
+            corepack enable
+            yarn install --frozen-lockfile
+          else
+            npm install
+          fi
+      - name: vibecheck pr (generate comment)
+        id: vc
+        run: |
+          set +e
+          mkdir -p .vibecheck
+          ${packageRunner} pr --out .vibecheck/pr_comment.md ${failOnWarn ? "--fail-on-warn" : ""}
+          code=$?
+          echo "code=$code" >> $GITHUB_OUTPUT
+          echo "---- vibecheck exit code: $code ----"
+          exit 0
+      - name: Post PR comment
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs');
+            const body = fs.readFileSync('.vibecheck/pr_comment.md', 'utf8');
+            const pr = context.payload.pull_request;
+            if (!pr) { core.warning('No pull_request in context; skipping comment'); return; }
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: pr.number,
+              body
+            });
+      - name: Enforce verdict
+        run: |
+          code="\${{ steps.vc.outputs.code }}"
+          echo "vibecheck code=$code"
+          if [ "$code" = "0" ]; then
+            echo "SHIP/WARN allowed."
+            exit 0
+          fi
+          if [ "$code" = "1" ]; then
+            echo "WARN failing (policy)."
+            exit 1
+          fi
+          echo "BLOCK failing."
+          exit 1
+`;
+}
+async function runInitGha({ repoRoot, failOnWarn = false } = {}) {
+  const root = repoRoot || process.cwd();
+  const wfDir = path.join(root, ".github", "workflows");
+  ensureDir(wfDir);
+  const wfPath = path.join(wfDir, "vibecheck.yml");
+  fs.writeFileSync(wfPath, workflowYaml({ failOnWarn }), "utf8");
+  console.log(`✅ Wrote: ${path.relative(root, wfPath).replace(/\\/g, "/")}`);
+  console.log(`\nNotes:`);
+  console.log(`- If your CLI isn't called via "npx vibecheck", edit the workflow line.`);
+  console.log(`- Set VIBECHECK_API_KEY as a GitHub Actions secret for cloud features.`);
+}
+module.exports = { runInitGha };