npm - @vibecheckai/cli - Versions diffs - 2.8.2 → 3.0.0 - Mend

@vibecheckai/cli 2.8.2 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (454) hide show

package/README.md +8 -8
package/bin/_deprecations.js +35 -0
package/bin/_router.js +46 -0
package/bin/cli-hygiene.js +241 -0
package/bin/guardrail.js +834 -0
package/bin/runners/cli-utils.js +1070 -0
package/bin/runners/context/ai-task-decomposer.js +337 -0
package/bin/runners/context/analyzer.js +462 -0
package/bin/runners/context/api-contracts.js +427 -0
package/bin/runners/context/context-diff.js +342 -0
package/bin/runners/context/context-pruner.js +291 -0
package/bin/runners/context/dependency-graph.js +414 -0
package/bin/runners/context/generators/claude.js +107 -0
package/bin/runners/context/generators/codex.js +108 -0
package/bin/runners/context/generators/copilot.js +119 -0
package/bin/runners/context/generators/cursor.js +514 -0
package/bin/runners/context/generators/mcp.js +151 -0
package/bin/runners/context/generators/windsurf.js +180 -0
package/bin/runners/context/git-context.js +302 -0
package/bin/runners/context/index.js +1042 -0
package/bin/runners/context/insights.js +173 -0
package/bin/runners/context/mcp-server/generate-rules.js +337 -0
package/bin/runners/context/mcp-server/index.js +1176 -0
package/bin/runners/context/mcp-server/package.json +24 -0
package/bin/runners/context/memory.js +200 -0
package/bin/runners/context/monorepo.js +215 -0
package/bin/runners/context/multi-repo-federation.js +404 -0
package/bin/runners/context/patterns.js +253 -0
package/bin/runners/context/proof-context.js +972 -0
package/bin/runners/context/security-scanner.js +303 -0
package/bin/runners/context/semantic-search.js +350 -0
package/bin/runners/context/shared.js +264 -0
package/bin/runners/context/team-conventions.js +310 -0
package/bin/runners/lib/ai-bridge.js +416 -0
package/bin/runners/lib/analysis-core.js +271 -0
package/bin/runners/lib/analyzers.js +541 -0
package/bin/runners/lib/audit-bridge.js +391 -0
package/bin/runners/lib/auth-truth.js +193 -0
package/bin/runners/lib/auth.js +215 -0
package/bin/runners/lib/backup.js +62 -0
package/bin/runners/lib/billing.js +107 -0
package/bin/runners/lib/claims.js +118 -0
package/bin/runners/lib/cli-ui.js +540 -0
package/bin/runners/lib/compliance-bridge-new.js +0 -0
package/bin/runners/lib/compliance-bridge.js +165 -0
package/bin/runners/lib/contracts/auth-contract.js +194 -0
package/bin/runners/lib/contracts/env-contract.js +178 -0
package/bin/runners/lib/contracts/external-contract.js +198 -0
package/bin/runners/lib/contracts/guard.js +168 -0
package/bin/runners/lib/contracts/index.js +89 -0
package/bin/runners/lib/contracts/plan-validator.js +311 -0
package/bin/runners/lib/contracts/route-contract.js +192 -0
package/bin/runners/lib/detect.js +89 -0
package/bin/runners/lib/doctor/autofix.js +254 -0
package/bin/runners/lib/doctor/index.js +37 -0
package/bin/runners/lib/doctor/modules/dependencies.js +325 -0
package/bin/runners/lib/doctor/modules/index.js +46 -0
package/bin/runners/lib/doctor/modules/network.js +250 -0
package/bin/runners/lib/doctor/modules/project.js +312 -0
package/bin/runners/lib/doctor/modules/runtime.js +224 -0
package/bin/runners/lib/doctor/modules/security.js +348 -0
package/bin/runners/lib/doctor/modules/system.js +213 -0
package/bin/runners/lib/doctor/modules/vibecheck.js +394 -0
package/bin/runners/lib/doctor/reporter.js +262 -0
package/bin/runners/lib/doctor/service.js +262 -0
package/bin/runners/lib/doctor/types.js +113 -0
package/bin/runners/lib/doctor/ui.js +263 -0
package/bin/runners/lib/doctor-enhanced.js +233 -0
package/bin/runners/lib/doctor-v2.js +608 -0
package/bin/runners/lib/enforcement.js +72 -0
package/bin/runners/lib/enterprise-detect.js +603 -0
package/bin/runners/lib/enterprise-init.js +942 -0
package/bin/runners/lib/entitlements-v2.js +381 -0
package/bin/runners/lib/entitlements.generated.js +0 -0
package/bin/runners/lib/entitlements.js +332 -0
package/bin/runners/lib/env-template.js +66 -0
package/bin/runners/lib/env.js +189 -0
package/bin/runners/lib/error-handler.js +320 -0
package/bin/runners/lib/firewall-prompt.js +50 -0
package/bin/runners/lib/graph/graph-builder.js +265 -0
package/bin/runners/lib/graph/html-renderer.js +413 -0
package/bin/runners/lib/graph/index.js +32 -0
package/bin/runners/lib/graph/runtime-collector.js +215 -0
package/bin/runners/lib/graph/static-extractor.js +518 -0
package/bin/runners/lib/init-wizard.js +308 -0
package/bin/runners/lib/json-output.js +76 -0
package/bin/runners/lib/llm.js +75 -0
package/bin/runners/lib/meter.js +61 -0
package/bin/runners/lib/missions/evidence.js +126 -0
package/bin/runners/lib/missions/plan.js +69 -0
package/bin/runners/lib/missions/templates.js +147 -0
package/bin/runners/lib/patch.js +40 -0
package/bin/runners/lib/permissions/auth-model.js +213 -0
package/bin/runners/lib/permissions/idor-prover.js +205 -0
package/bin/runners/lib/permissions/index.js +45 -0
package/bin/runners/lib/permissions/matrix-builder.js +198 -0
package/bin/runners/lib/pkgjson.js +28 -0
package/bin/runners/lib/preflight.js +142 -0
package/bin/runners/lib/reality-findings.js +84 -0
package/bin/runners/lib/redact.js +29 -0
package/bin/runners/lib/replay/capsule-manager.js +154 -0
package/bin/runners/lib/replay/index.js +263 -0
package/bin/runners/lib/replay/player.js +348 -0
package/bin/runners/lib/replay/recorder.js +331 -0
package/bin/runners/lib/report-engine.js +447 -0
package/bin/runners/lib/report-html.js +1117 -0
package/bin/runners/lib/report-templates.js +964 -0
package/bin/runners/lib/route-detection.js +1140 -0
package/bin/runners/lib/route-truth.js +477 -0
package/bin/runners/lib/sandbox/index.js +59 -0
package/bin/runners/lib/sandbox/proof-chain.js +399 -0
package/bin/runners/lib/sandbox/sandbox-runner.js +205 -0
package/bin/runners/lib/sandbox/worktree.js +174 -0
package/bin/runners/lib/scan-cache.js +330 -0
package/bin/runners/lib/scan-output-schema.js +344 -0
package/bin/runners/lib/score-history.js +282 -0
package/bin/runners/lib/security-bridge.js +249 -0
package/bin/runners/lib/server-usage.js +513 -0
package/bin/runners/lib/share-pack.js +239 -0
package/bin/runners/lib/snippets.js +67 -0
package/bin/runners/lib/truth.js +667 -0
package/bin/runners/lib/unified-output.js +189 -0
package/bin/runners/lib/validate-patch.js +156 -0
package/bin/runners/lib/verification.js +345 -0
package/bin/runners/reality/engine.js +917 -0
package/bin/runners/reality/flows.js +122 -0
package/bin/runners/reality/report.js +378 -0
package/bin/runners/reality/session.js +193 -0
package/bin/runners/runAIAgent.js +2 -0
package/bin/runners/runAudit.js +2 -0
package/bin/runners/runAuth.js +106 -0
package/bin/runners/runAutopilot.js +2 -0
package/bin/runners/runBadge.js +2 -0
package/bin/runners/runCertify.js +2 -0
package/bin/runners/runClaimVerifier.js +483 -0
package/bin/runners/runContext.js +56 -0
package/bin/runners/runContextCompiler.js +385 -0
package/bin/runners/runCtx.js +187 -0
package/bin/runners/runCtxGuard.js +176 -0
package/bin/runners/runCtxSync.js +116 -0
package/bin/runners/runDashboard.js +10 -0
package/bin/runners/runDoctor.js +245 -0
package/bin/runners/runEnhancedShip.js +2 -0
package/bin/runners/runFix.js +735 -0
package/bin/runners/runFixPacks.js +2 -0
package/bin/runners/runGate.js +17 -0
package/bin/runners/runGraph.js +283 -0
package/bin/runners/runInit.js +260 -0
package/bin/runners/runInitGha.js +101 -0
package/bin/runners/runInstall.js +76 -0
package/bin/runners/runInteractive.js +388 -0
package/bin/runners/runLaunch.js +2 -0
package/bin/runners/runMcp.js +19 -0
package/bin/runners/runMdc.js +2 -0
package/bin/runners/runMissionGenerator.js +282 -0
package/bin/runners/runNaturalLanguage.js +3 -0
package/bin/runners/runPR.js +96 -0
package/bin/runners/runPermissions.js +290 -0
package/bin/runners/runPromptFirewall.js +211 -0
package/bin/runners/runProof.js +2 -0
package/bin/runners/runProve.js +392 -0
package/bin/runners/runReality.js +489 -0
package/bin/runners/runRealitySniff.js +2 -0
package/bin/runners/runReplay.js +469 -0
package/bin/runners/runReport.js +478 -0
package/bin/runners/runScan.js +835 -0
package/bin/runners/runShare.js +34 -0
package/bin/runners/runShip.js +1062 -0
package/bin/runners/runStatus.js +136 -0
package/bin/runners/runTruthpack.js +634 -0
package/bin/runners/runUpgrade.js +2 -0
package/bin/runners/runValidate.js +2 -0
package/bin/runners/runVerifyAgentOutput.js +2 -0
package/bin/runners/runWatch.js +230 -0
package/bin/runners/utils.js +360 -0
package/bin/scan.js +612 -0
package/bin/vibecheck.js +834 -0
package/package.json +11 -11
package/dist/autopatch/verified-autopatch.d.ts +0 -111
package/dist/autopatch/verified-autopatch.d.ts.map +0 -1
package/dist/autopatch/verified-autopatch.js +0 -503
package/dist/autopatch/verified-autopatch.js.map +0 -1
package/dist/bundles/index.js +0 -8
package/dist/bundles/vibecheck-core.js +0 -25799
package/dist/bundles/vibecheck-security.js +0 -208693
package/dist/bundles/vibecheck-ship.js +0 -2318
package/dist/commands/baseline.d.ts +0 -7
package/dist/commands/baseline.d.ts.map +0 -1
package/dist/commands/baseline.js +0 -79
package/dist/commands/baseline.js.map +0 -1
package/dist/commands/cache.d.ts +0 -13
package/dist/commands/cache.d.ts.map +0 -1
package/dist/commands/cache.js +0 -165
package/dist/commands/cache.js.map +0 -1
package/dist/commands/checkpoint.d.ts +0 -8
package/dist/commands/checkpoint.d.ts.map +0 -1
package/dist/commands/checkpoint.js +0 -35
package/dist/commands/checkpoint.js.map +0 -1
package/dist/commands/doctor.d.ts +0 -17
package/dist/commands/doctor.d.ts.map +0 -1
package/dist/commands/doctor.js +0 -226
package/dist/commands/doctor.js.map +0 -1
package/dist/commands/evidence.d.ts +0 -45
package/dist/commands/evidence.d.ts.map +0 -1
package/dist/commands/evidence.js +0 -197
package/dist/commands/evidence.js.map +0 -1
package/dist/commands/explain.d.ts +0 -8
package/dist/commands/explain.d.ts.map +0 -1
package/dist/commands/explain.js +0 -52
package/dist/commands/explain.js.map +0 -1
package/dist/commands/fix-consolidated.d.ts +0 -19
package/dist/commands/fix-consolidated.d.ts.map +0 -1
package/dist/commands/fix-consolidated.js +0 -165
package/dist/commands/fix-consolidated.js.map +0 -1
package/dist/commands/index.d.ts +0 -8
package/dist/commands/index.d.ts.map +0 -1
package/dist/commands/index.js +0 -15
package/dist/commands/index.js.map +0 -1
package/dist/commands/init.d.ts +0 -8
package/dist/commands/init.d.ts.map +0 -1
package/dist/commands/init.js +0 -125
package/dist/commands/init.js.map +0 -1
package/dist/commands/launcher.d.ts +0 -10
package/dist/commands/launcher.d.ts.map +0 -1
package/dist/commands/launcher.js +0 -174
package/dist/commands/launcher.js.map +0 -1
package/dist/commands/on.d.ts +0 -8
package/dist/commands/on.d.ts.map +0 -1
package/dist/commands/on.js +0 -123
package/dist/commands/on.js.map +0 -1
package/dist/commands/replay.d.ts +0 -8
package/dist/commands/replay.d.ts.map +0 -1
package/dist/commands/replay.js +0 -52
package/dist/commands/replay.js.map +0 -1
package/dist/commands/scan-consolidated.d.ts +0 -61
package/dist/commands/scan-consolidated.d.ts.map +0 -1
package/dist/commands/scan-consolidated.js +0 -243
package/dist/commands/scan-consolidated.js.map +0 -1
package/dist/commands/scan-secrets.d.ts +0 -47
package/dist/commands/scan-secrets.d.ts.map +0 -1
package/dist/commands/scan-secrets.js +0 -225
package/dist/commands/scan-secrets.js.map +0 -1
package/dist/commands/scan-vulnerabilities-enhanced.d.ts +0 -41
package/dist/commands/scan-vulnerabilities-enhanced.d.ts.map +0 -1
package/dist/commands/scan-vulnerabilities-enhanced.js +0 -368
package/dist/commands/scan-vulnerabilities-enhanced.js.map +0 -1
package/dist/commands/scan-vulnerabilities-osv.d.ts +0 -58
package/dist/commands/scan-vulnerabilities-osv.d.ts.map +0 -1
package/dist/commands/scan-vulnerabilities-osv.js +0 -722
package/dist/commands/scan-vulnerabilities-osv.js.map +0 -1
package/dist/commands/scan-vulnerabilities.d.ts +0 -32
package/dist/commands/scan-vulnerabilities.d.ts.map +0 -1
package/dist/commands/scan-vulnerabilities.js +0 -283
package/dist/commands/scan-vulnerabilities.js.map +0 -1
package/dist/commands/secrets-allowlist.d.ts +0 -7
package/dist/commands/secrets-allowlist.d.ts.map +0 -1
package/dist/commands/secrets-allowlist.js +0 -85
package/dist/commands/secrets-allowlist.js.map +0 -1
package/dist/commands/ship-consolidated.d.ts +0 -58
package/dist/commands/ship-consolidated.d.ts.map +0 -1
package/dist/commands/ship-consolidated.js +0 -515
package/dist/commands/ship-consolidated.js.map +0 -1
package/dist/commands/stats.d.ts +0 -8
package/dist/commands/stats.d.ts.map +0 -1
package/dist/commands/stats.js +0 -134
package/dist/commands/stats.js.map +0 -1
package/dist/commands/upgrade.d.ts +0 -8
package/dist/commands/upgrade.d.ts.map +0 -1
package/dist/commands/upgrade.js +0 -30
package/dist/commands/upgrade.js.map +0 -1
package/dist/fix/applicator.d.ts +0 -44
package/dist/fix/applicator.d.ts.map +0 -1
package/dist/fix/applicator.js +0 -144
package/dist/fix/applicator.js.map +0 -1
package/dist/fix/backup.d.ts +0 -38
package/dist/fix/backup.d.ts.map +0 -1
package/dist/fix/backup.js +0 -154
package/dist/fix/backup.js.map +0 -1
package/dist/fix/engine.d.ts +0 -55
package/dist/fix/engine.d.ts.map +0 -1
package/dist/fix/engine.js +0 -285
package/dist/fix/engine.js.map +0 -1
package/dist/fix/index.d.ts +0 -5
package/dist/fix/index.d.ts.map +0 -1
package/dist/fix/index.js +0 -12
package/dist/fix/index.js.map +0 -1
package/dist/fix/interactive.d.ts +0 -22
package/dist/fix/interactive.d.ts.map +0 -1
package/dist/fix/interactive.js +0 -172
package/dist/fix/interactive.js.map +0 -1
package/dist/formatters/index.d.ts +0 -6
package/dist/formatters/index.d.ts.map +0 -1
package/dist/formatters/index.js +0 -11
package/dist/formatters/index.js.map +0 -1
package/dist/formatters/sarif-enhanced.d.ts +0 -78
package/dist/formatters/sarif-enhanced.d.ts.map +0 -1
package/dist/formatters/sarif-enhanced.js +0 -144
package/dist/formatters/sarif-enhanced.js.map +0 -1
package/dist/formatters/sarif-v2.d.ts +0 -121
package/dist/formatters/sarif-v2.d.ts.map +0 -1
package/dist/formatters/sarif-v2.js +0 -356
package/dist/formatters/sarif-v2.js.map +0 -1
package/dist/formatters/sarif.d.ts +0 -72
package/dist/formatters/sarif.d.ts.map +0 -1
package/dist/formatters/sarif.js +0 -146
package/dist/formatters/sarif.js.map +0 -1
package/dist/index.d.ts +0 -61
package/dist/index.d.ts.map +0 -1
package/dist/index.js +0 -4388
package/dist/index.js.map +0 -1
package/dist/init/ci-generator.d.ts +0 -18
package/dist/init/ci-generator.d.ts.map +0 -1
package/dist/init/ci-generator.js +0 -317
package/dist/init/ci-generator.js.map +0 -1
package/dist/init/detect-framework.d.ts +0 -15
package/dist/init/detect-framework.d.ts.map +0 -1
package/dist/init/detect-framework.js +0 -301
package/dist/init/detect-framework.js.map +0 -1
package/dist/init/hooks-installer.d.ts +0 -22
package/dist/init/hooks-installer.d.ts.map +0 -1
package/dist/init/hooks-installer.js +0 -310
package/dist/init/hooks-installer.js.map +0 -1
package/dist/init/index.d.ts +0 -8
package/dist/init/index.d.ts.map +0 -1
package/dist/init/index.js +0 -22
package/dist/init/index.js.map +0 -1
package/dist/init/templates.d.ts +0 -402
package/dist/init/templates.d.ts.map +0 -1
package/dist/init/templates.js +0 -240
package/dist/init/templates.js.map +0 -1
package/dist/mcp/server.d.ts +0 -12
package/dist/mcp/server.d.ts.map +0 -1
package/dist/mcp/server.js +0 -42
package/dist/mcp/server.js.map +0 -1
package/dist/mcp/telemetry.d.ts +0 -40
package/dist/mcp/telemetry.d.ts.map +0 -1
package/dist/mcp/telemetry.js +0 -98
package/dist/mcp/telemetry.js.map +0 -1
package/dist/reality/no-dead-buttons/button-sweep-generator.d.ts +0 -32
package/dist/reality/no-dead-buttons/button-sweep-generator.d.ts.map +0 -1
package/dist/reality/no-dead-buttons/button-sweep-generator.js +0 -236
package/dist/reality/no-dead-buttons/button-sweep-generator.js.map +0 -1
package/dist/reality/no-dead-buttons/index.d.ts +0 -11
package/dist/reality/no-dead-buttons/index.d.ts.map +0 -1
package/dist/reality/no-dead-buttons/index.js +0 -18
package/dist/reality/no-dead-buttons/index.js.map +0 -1
package/dist/reality/no-dead-buttons/static-scanner.d.ts +0 -34
package/dist/reality/no-dead-buttons/static-scanner.d.ts.map +0 -1
package/dist/reality/no-dead-buttons/static-scanner.js +0 -230
package/dist/reality/no-dead-buttons/static-scanner.js.map +0 -1
package/dist/reality/reality-graph.d.ts +0 -192
package/dist/reality/reality-graph.d.ts.map +0 -1
package/dist/reality/reality-graph.js +0 -600
package/dist/reality/reality-graph.js.map +0 -1
package/dist/reality/reality-runner.d.ts +0 -89
package/dist/reality/reality-runner.d.ts.map +0 -1
package/dist/reality/reality-runner.js +0 -540
package/dist/reality/reality-runner.js.map +0 -1
package/dist/reality/receipt-generator.d.ts +0 -152
package/dist/reality/receipt-generator.d.ts.map +0 -1
package/dist/reality/receipt-generator.js +0 -495
package/dist/reality/receipt-generator.js.map +0 -1
package/dist/reality/runtime-tracer.d.ts +0 -75
package/dist/reality/runtime-tracer.d.ts.map +0 -1
package/dist/reality/runtime-tracer.js +0 -109
package/dist/reality/runtime-tracer.js.map +0 -1
package/dist/runtime/auth-utils.d.ts +0 -43
package/dist/runtime/auth-utils.d.ts.map +0 -1
package/dist/runtime/auth-utils.js +0 -130
package/dist/runtime/auth-utils.js.map +0 -1
package/dist/runtime/client.d.ts +0 -74
package/dist/runtime/client.d.ts.map +0 -1
package/dist/runtime/client.js +0 -222
package/dist/runtime/client.js.map +0 -1
package/dist/runtime/creds.d.ts +0 -48
package/dist/runtime/creds.d.ts.map +0 -1
package/dist/runtime/creds.js +0 -245
package/dist/runtime/creds.js.map +0 -1
package/dist/runtime/exit-codes.d.ts +0 -49
package/dist/runtime/exit-codes.d.ts.map +0 -1
package/dist/runtime/exit-codes.js +0 -93
package/dist/runtime/exit-codes.js.map +0 -1
package/dist/runtime/index.d.ts +0 -9
package/dist/runtime/index.d.ts.map +0 -1
package/dist/runtime/index.js +0 -25
package/dist/runtime/index.js.map +0 -1
package/dist/runtime/json-output.d.ts +0 -42
package/dist/runtime/json-output.d.ts.map +0 -1
package/dist/runtime/json-output.js +0 -59
package/dist/runtime/json-output.js.map +0 -1
package/dist/runtime/semver.d.ts +0 -37
package/dist/runtime/semver.d.ts.map +0 -1
package/dist/runtime/semver.js +0 -110
package/dist/runtime/semver.js.map +0 -1
package/dist/scan/dead-ui-detector.d.ts +0 -48
package/dist/scan/dead-ui-detector.d.ts.map +0 -1
package/dist/scan/dead-ui-detector.js +0 -170
package/dist/scan/dead-ui-detector.js.map +0 -1
package/dist/scan/playwright-sweep.d.ts +0 -40
package/dist/scan/playwright-sweep.d.ts.map +0 -1
package/dist/scan/playwright-sweep.js +0 -216
package/dist/scan/playwright-sweep.js.map +0 -1
package/dist/scan/proof-bundle.d.ts +0 -25
package/dist/scan/proof-bundle.d.ts.map +0 -1
package/dist/scan/proof-bundle.js +0 -203
package/dist/scan/proof-bundle.js.map +0 -1
package/dist/scan/proof-graph.d.ts +0 -59
package/dist/scan/proof-graph.d.ts.map +0 -1
package/dist/scan/proof-graph.js +0 -64
package/dist/scan/proof-graph.js.map +0 -1
package/dist/scan/reality-sniff.d.ts +0 -56
package/dist/scan/reality-sniff.d.ts.map +0 -1
package/dist/scan/reality-sniff.js +0 -200
package/dist/scan/reality-sniff.js.map +0 -1
package/dist/scan/structural-verifier.d.ts +0 -20
package/dist/scan/structural-verifier.d.ts.map +0 -1
package/dist/scan/structural-verifier.js +0 -112
package/dist/scan/structural-verifier.js.map +0 -1
package/dist/scan/verification-engine.d.ts +0 -47
package/dist/scan/verification-engine.d.ts.map +0 -1
package/dist/scan/verification-engine.js +0 -141
package/dist/scan/verification-engine.js.map +0 -1
package/dist/scanner/baseline.d.ts +0 -52
package/dist/scanner/baseline.d.ts.map +0 -1
package/dist/scanner/baseline.js +0 -85
package/dist/scanner/baseline.js.map +0 -1
package/dist/scanner/incremental.d.ts +0 -30
package/dist/scanner/incremental.d.ts.map +0 -1
package/dist/scanner/incremental.js +0 -82
package/dist/scanner/incremental.js.map +0 -1
package/dist/scanner/parallel.d.ts +0 -43
package/dist/scanner/parallel.d.ts.map +0 -1
package/dist/scanner/parallel.js +0 -99
package/dist/scanner/parallel.js.map +0 -1
package/dist/standalone.d.ts +0 -1
package/dist/standalone.d.ts.map +0 -1
package/dist/standalone.js +0 -1
package/dist/standalone.js.map +0 -1
package/dist/truth-pack/index.d.ts +0 -102
package/dist/truth-pack/index.d.ts.map +0 -1
package/dist/truth-pack/index.js +0 -694
package/dist/truth-pack/index.js.map +0 -1
package/dist/ui/frame.d.ts +0 -68
package/dist/ui/frame.d.ts.map +0 -1
package/dist/ui/frame.js +0 -165
package/dist/ui/frame.js.map +0 -1
package/dist/ui/index.d.ts +0 -5
package/dist/ui/index.d.ts.map +0 -1
package/dist/ui/index.js +0 -16
package/dist/ui/index.js.map +0 -1
package/dist/ui.d.ts +0 -36
package/dist/ui.d.ts.map +0 -1
package/dist/ui.js +0 -45
package/dist/ui.js.map +0 -1

package/bin/runners/runTruthpack.js ADDED Viewed

@@ -0,0 +1,634 @@
+#!/usr/bin/env node
+/**
+ * Truth Pack Generator v1
+ *
+ * Generates .vibecheck/truth/truthpack.json from codebase analysis.
+ * This is the ground truth that agents must reference.
+ *
+ * Usage:
+ *   vibecheck ctx              - Generate truthpack.json
+ *   vibecheck ctx --snapshot   - Write to snapshots/<commit>.json
+ *   vibecheck ctx --md         - Also generate truthpack.md
+ */
+import fs from 'fs/promises';
+import path from 'path';
+import crypto from 'crypto';
+import { execSync } from 'child_process';
+import { RouteIndex, resolveNextRoutes, resolveFastifyRoutes } from './lib/route-truth.js';
+const VERSION = '1.0.0';
+// Evidence counter for unique IDs
+let evidenceCounter = 0;
+/**
+ * Main entry point
+ */
+export async function runTruthpack(projectPath = process.cwd(), options = {}) {
+  const startTime = Date.now();
+  console.log('📦 Generating Truth Pack...\n');
+  // Ensure .vibecheck/truth directory exists
+  const truthDir = path.join(projectPath, '.vibecheck', 'truth');
+  await fs.mkdir(truthDir, { recursive: true });
+  // Reset evidence counter
+  evidenceCounter = 0;
+  const allEvidence = [];
+  // Build truth pack
+  const truthpack = {
+    meta: await buildMeta(projectPath),
+    project: await extractProject(projectPath),
+    routes: await extractRoutes(projectPath, allEvidence),
+    env: await extractEnv(projectPath, allEvidence),
+    auth: await extractAuth(projectPath, allEvidence),
+    billing: await extractBilling(projectPath, allEvidence),
+    integrations: await extractIntegrations(projectPath, allEvidence),
+    index: {
+      evidenceRefs: allEvidence,
+      hashes: {
+        truthpackHash: '', // Will be computed after serialization
+      },
+    },
+  };
+  // Compute truthpack hash
+  const truthpackJson = JSON.stringify(truthpack, null, 2);
+  truthpack.index.hashes.truthpackHash = crypto.createHash('sha256').update(truthpackJson).digest('hex');
+  // Write truthpack.json
+  const truthpackPath = path.join(truthDir, 'truthpack.json');
+  await fs.writeFile(truthpackPath, JSON.stringify(truthpack, null, 2));
+  console.log(`✅ Wrote ${truthpackPath}`);
+  // Write evidence.index.json
+  const evidenceIndex = {
+    meta: {
+      commit: truthpack.meta.commit.sha,
+      generatedAt: truthpack.meta.generatedAt,
+    },
+    evidence: allEvidence,
+  };
+  const evidencePath = path.join(truthDir, 'evidence.index.json');
+  await fs.writeFile(evidencePath, JSON.stringify(evidenceIndex, null, 2));
+  console.log(`✅ Wrote ${evidencePath}`);
+  // Optionally write snapshot
+  if (options.snapshot) {
+    const snapshotsDir = path.join(truthDir, 'snapshots');
+    await fs.mkdir(snapshotsDir, { recursive: true });
+    const snapshotPath = path.join(snapshotsDir, `truthpack.${truthpack.meta.commit.sha.slice(0, 8)}.json`);
+    await fs.writeFile(snapshotPath, JSON.stringify(truthpack, null, 2));
+    console.log(`✅ Wrote snapshot: ${snapshotPath}`);
+  }
+  // Optionally generate markdown
+  if (options.md !== false) {
+    const mdPath = path.join(truthDir, 'truthpack.md');
+    await fs.writeFile(mdPath, generateMarkdown(truthpack));
+    console.log(`✅ Wrote ${mdPath}`);
+  }
+  const duration = Date.now() - startTime;
+  console.log(`\n📦 Truth Pack complete in ${duration}ms`);
+  console.log(`   Routes: ${truthpack.routes.server.length} server, ${truthpack.routes.clientRefs.length} client refs`);
+  console.log(`   Env vars: ${truthpack.env.vars.length}`);
+  console.log(`   Evidence: ${allEvidence.length} refs`);
+  return truthpack;
+}
+/**
+ * Build metadata section
+ */
+async function buildMeta(projectPath) {
+  let sha = 'unknown';
+  let branch = 'unknown';
+  try {
+    sha = execSync('git rev-parse HEAD', { cwd: projectPath, encoding: 'utf8' }).trim();
+    branch = execSync('git rev-parse --abbrev-ref HEAD', { cwd: projectPath, encoding: 'utf8' }).trim();
+  } catch {}
+  return {
+    version: VERSION,
+    generatedAt: new Date().toISOString(),
+    repoRoot: projectPath,
+    commit: { sha, branch },
+    tool: { name: 'vibecheck', version: VERSION },
+  };
+}
+/**
+ * Extract project structure
+ */
+async function extractProject(projectPath) {
+  const frameworks = [];
+  const workspaces = [];
+  const entrypoints = [];
+  const scripts = {};
+  // Detect frameworks from package.json
+  try {
+    const pkgPath = path.join(projectPath, 'package.json');
+    const pkg = JSON.parse(await fs.readFile(pkgPath, 'utf8'));
+    const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+    if (deps.next) frameworks.push('nextjs');
+    if (deps.express) frameworks.push('express');
+    if (deps.fastify) frameworks.push('fastify');
+    if (deps.react) frameworks.push('react');
+    if (deps.vue) frameworks.push('vue');
+    if (deps['@nestjs/core']) frameworks.push('nestjs');
+    if (deps.prisma || deps['@prisma/client']) frameworks.push('prisma');
+    // Extract scripts
+    if (pkg.scripts) {
+      Object.assign(scripts, pkg.scripts);
+    }
+    // Check for workspaces
+    if (pkg.workspaces) {
+      const wsPatterns = Array.isArray(pkg.workspaces) ? pkg.workspaces : pkg.workspaces.packages || [];
+      for (const pattern of wsPatterns) {
+        const wsPath = pattern.replace('/*', '');
+        try {
+          const entries = await fs.readdir(path.join(projectPath, wsPath), { withFileTypes: true });
+          for (const entry of entries) {
+            if (entry.isDirectory()) {
+              workspaces.push({
+                name: entry.name,
+                path: path.join(wsPath, entry.name),
+                type: detectWorkspaceType(entry.name),
+              });
+            }
+          }
+        } catch {}
+      }
+    }
+  } catch {}
+  // Detect entrypoints
+  const potentialEntrypoints = [
+    { kind: 'api', paths: ['apps/api/src/index.ts', 'src/server.ts', 'server/index.ts', 'api/index.ts'] },
+    { kind: 'web', paths: ['apps/web/app/page.tsx', 'src/pages/index.tsx', 'pages/index.tsx', 'app/page.tsx'] },
+    { kind: 'cli', paths: ['bin/cli.js', 'src/cli.ts', 'cli/index.ts'] },
+  ];
+  for (const ep of potentialEntrypoints) {
+    for (const p of ep.paths) {
+      try {
+        await fs.access(path.join(projectPath, p));
+        entrypoints.push({ kind: ep.kind, path: p });
+        break;
+      } catch {}
+    }
+  }
+  return { frameworks, workspaces, entrypoints, scripts };
+}
+/**
+ * Extract server routes and client route references using Route Truth v1
+ */
+async function extractRoutes(projectPath, allEvidence) {
+  // Use Route Truth v1 resolvers for high-confidence extraction
+  const routeIndex = new RouteIndex();
+  await routeIndex.build(projectPath);
+  const routeMap = routeIndex.getRouteMap();
+  const serverRoutes = routeMap.server.map(route => ({
+    method: route.method,
+    path: route.path,
+    handler: route.handler,
+    middlewares: route.middlewares || [],
+    authRequired: route.authRequired || 'unknown',
+    confidence: route.confidence,
+    evidence: route.evidence,
+  }));
+  // Add evidence to allEvidence
+  for (const route of routeMap.server) {
+    if (route.evidence) allEvidence.push(...route.evidence);
+  }
+  // Extract client route references (fetch/axios calls)
+  const clientRefs = [];
+  const files = await findSourceFiles(projectPath);
+  // Client route reference patterns
+  const clientPatterns = [
+    /fetch\s*\(\s*['"`]([^'"`]+)['"`]/gi,
+    /axios\.(get|post|put|patch|delete)\s*\(\s*['"`]([^'"`]+)['"`]/gi,
+    /api\s*\.\s*(get|post|put|delete)\s*\(\s*['"`]([^'"`]+)['"`]/gi,
+  ];
+  for (const file of files) {
+    try {
+      const content = await fs.readFile(file, 'utf8');
+      const relPath = path.relative(projectPath, file);
+      const lines = content.split('\n');
+      // Extract client route references only (server routes handled by Route Truth)
+      for (const pattern of clientPatterns) {
+        let match;
+        pattern.lastIndex = 0;
+        while ((match = pattern.exec(content)) !== null) {
+          const routePath = match[2] || match[1];
+          if (!routePath.startsWith('/api') && !routePath.startsWith('http')) continue;
+          const lineNum = content.substring(0, match.index).split('\n').length;
+          const snippet = lines[lineNum - 1];
+          const evidence = createEvidence(relPath, `${lineNum}`, snippet, 'Client route reference');
+          allEvidence.push(evidence);
+          clientRefs.push({
+            method: match[1]?.toUpperCase() || 'GET',
+            path: routePath,
+            source: `${relPath}:${lineNum}`,
+            confidence: routePath.includes('${') ? 'low' : 'high',
+            evidence: [evidence],
+          });
+        }
+      }
+    } catch {}
+  }
+  return { server: serverRoutes, clientRefs };
+}
+/**
+ * Extract environment variables
+ */
+async function extractEnv(projectPath, allEvidence) {
+  const vars = new Map();
+  // Check .env.example for declarations
+  const envFiles = ['.env.example', '.env.local.example', '.env.sample', 'env.example'];
+  for (const envFile of envFiles) {
+    try {
+      const content = await fs.readFile(path.join(projectPath, envFile), 'utf8');
+      const lines = content.split('\n');
+      for (let i = 0; i < lines.length; i++) {
+        const match = lines[i].match(/^([A-Z][A-Z0-9_]*)=/);
+        if (match) {
+          const name = match[1];
+          if (!vars.has(name)) {
+            vars.set(name, {
+              name,
+              required: !lines[i].includes('optional'),
+              references: [],
+              defaultValueHint: lines[i].includes('=') ? lines[i].split('=')[1]?.trim() : undefined,
+            });
+          }
+        }
+      }
+    } catch {}
+  }
+  // Find process.env usage in code
+  const files = await findSourceFiles(projectPath);
+  for (const file of files.slice(0, 100)) {
+    try {
+      const content = await fs.readFile(file, 'utf8');
+      const relPath = path.relative(projectPath, file);
+      const lines = content.split('\n');
+      const pattern = /process\.env\.([A-Z][A-Z0-9_]*)/g;
+      let match;
+      while ((match = pattern.exec(content)) !== null) {
+        const name = match[1];
+        const lineNum = content.substring(0, match.index).split('\n').length;
+        const snippet = lines[lineNum - 1];
+        const evidence = createEvidence(relPath, `${lineNum}`, snippet, `Usage of ${name}`);
+        allEvidence.push(evidence);
+        if (!vars.has(name)) {
+          vars.set(name, { name, required: true, references: [] });
+        }
+        vars.get(name).references.push(evidence);
+      }
+    } catch {}
+  }
+  return { vars: Array.from(vars.values()) };
+}
+/**
+ * Extract auth model and protected surfaces
+ */
+async function extractAuth(projectPath, allEvidence) {
+  const signals = [];
+  const protectedSurfaces = [];
+  const gaps = [];
+  let authType = 'unknown';
+  const files = await findSourceFiles(projectPath);
+  // Auth type detection patterns
+  const authPatterns = {
+    jwt: /jsonwebtoken|jwt\.verify|jwt\.sign/i,
+    session: /express-session|cookie-session/i,
+    nextauth: /next-auth|NextAuth/i,
+  };
+  // Auth middleware patterns
+  const middlewarePatterns = [
+    /(?:export\s+)?(?:const|function)\s+(\w*[Aa]uth\w*Middleware|\w*[Gg]uard\w*)/g,
+    /requireAuth|isAuthenticated|verifyToken|checkAuth/gi,
+  ];
+  for (const file of files.slice(0, 100)) {
+    try {
+      const content = await fs.readFile(file, 'utf8');
+      const relPath = path.relative(projectPath, file);
+      const lines = content.split('\n');
+      // Detect auth type
+      for (const [type, pattern] of Object.entries(authPatterns)) {
+        if (pattern.test(content)) {
+          authType = type;
+          const match = content.match(pattern);
+          if (match) {
+            const lineNum = content.substring(0, match.index).split('\n').length;
+            const evidence = createEvidence(relPath, `${lineNum}`, lines[lineNum - 1], `${type} auth signal`);
+            allEvidence.push(evidence);
+            signals.push({ name: type, evidence: [evidence] });
+          }
+        }
+      }
+      // Find auth middleware/guards
+      for (const pattern of middlewarePatterns) {
+        let match;
+        pattern.lastIndex = 0;
+        while ((match = pattern.exec(content)) !== null) {
+          const lineNum = content.substring(0, match.index).split('\n').length;
+          const evidence = createEvidence(relPath, `${lineNum}`, lines[lineNum - 1], 'Auth middleware');
+          allEvidence.push(evidence);
+          signals.push({ name: match[1] || match[0], evidence: [evidence] });
+        }
+      }
+      // Find protected routes
+      if (content.includes('auth') || content.includes('protect')) {
+        const routePattern = /\.(get|post|put|patch|delete)\s*\(\s*['"`]([^'"`]+)['"`].*(?:auth|protect|guard)/gi;
+        let match;
+        while ((match = routePattern.exec(content)) !== null) {
+          const lineNum = content.substring(0, match.index).split('\n').length;
+          const evidence = createEvidence(relPath, `${lineNum}`, lines[lineNum - 1], 'Protected route');
+          allEvidence.push(evidence);
+          protectedSurfaces.push({
+            surface: match[2],
+            kind: 'route',
+            enforcedBy: ['middleware'],
+            evidence: [evidence],
+          });
+        }
+      }
+    } catch {}
+  }
+  return {
+    model: { type: authType, signals },
+    protectedSurfaces,
+    gaps,
+  };
+}
+/**
+ * Extract billing signals and paid surfaces
+ */
+async function extractBilling(projectPath, allEvidence) {
+  const signals = [];
+  const paidSurfaces = [];
+  const gaps = [];
+  const bypassSignals = [];
+  const files = await findSourceFiles(projectPath);
+  // Billing signal patterns
+  const billingPatterns = [
+    /stripe|Stripe/g,
+    /subscription|Subscription/g,
+    /isPro|isEnterprise|tier|Tier/g,
+    /checkEntitlement|hasFeature|canAccess/g,
+  ];
+  // Bypass patterns (ship killers)
+  const bypassPatterns = [
+    { pattern: /SKIP_BILLING|BYPASS_PAYMENT/g, severity: 'block' },
+    { pattern: /isPro\s*=\s*true\s*\/\//g, severity: 'block' },
+    { pattern: /tier\s*=\s*['"]enterprise['"]\s*\/\/\s*dev/gi, severity: 'warn' },
+  ];
+  for (const file of files.slice(0, 100)) {
+    try {
+      const content = await fs.readFile(file, 'utf8');
+      const relPath = path.relative(projectPath, file);
+      const lines = content.split('\n');
+      // Find billing signals
+      for (const pattern of billingPatterns) {
+        let match;
+        pattern.lastIndex = 0;
+        while ((match = pattern.exec(content)) !== null) {
+          const lineNum = content.substring(0, match.index).split('\n').length;
+          const evidence = createEvidence(relPath, `${lineNum}`, lines[lineNum - 1], 'Billing signal');
+          allEvidence.push(evidence);
+          signals.push({ name: match[0], evidence: [evidence] });
+        }
+      }
+      // Find bypass signals
+      for (const { pattern, severity } of bypassPatterns) {
+        let match;
+        pattern.lastIndex = 0;
+        while ((match = pattern.exec(content)) !== null) {
+          const lineNum = content.substring(0, match.index).split('\n').length;
+          const evidence = createEvidence(relPath, `${lineNum}`, lines[lineNum - 1], 'Billing bypass signal');
+          allEvidence.push(evidence);
+          bypassSignals.push({ pattern: match[0], severity, evidence: [evidence] });
+        }
+      }
+    } catch {}
+  }
+  return { signals, paidSurfaces, gaps, bypassSignals };
+}
+/**
+ * Extract integrations (Stripe, Resend, etc.)
+ */
+async function extractIntegrations(projectPath, allEvidence) {
+  const services = [];
+  const integrationPatterns = {
+    stripe: /new Stripe\(|stripe\.customers|stripe\.subscriptions/gi,
+    resend: /new Resend\(|resend\.emails/gi,
+    prisma: /new PrismaClient\(|prisma\./gi,
+    supabase: /createClient.*supabase|supabaseClient/gi,
+    openai: /new OpenAI\(|openai\./gi,
+  };
+  const files = await findSourceFiles(projectPath);
+  for (const file of files.slice(0, 100)) {
+    try {
+      const content = await fs.readFile(file, 'utf8');
+      const relPath = path.relative(projectPath, file);
+      for (const [name, pattern] of Object.entries(integrationPatterns)) {
+        if (pattern.test(content)) {
+          const existing = services.find(s => s.name === name);
+          if (existing) {
+            existing.clientFiles.push(relPath);
+          } else {
+            services.push({ name, clientFiles: [relPath], evidence: [] });
+          }
+        }
+      }
+    } catch {}
+  }
+  return { services };
+}
+// =============================================================================
+// HELPERS
+// =============================================================================
+function createEvidence(file, lines, snippet, reason) {
+  evidenceCounter++;
+  const id = `ev_${String(evidenceCounter).padStart(4, '0')}`;
+  const snippetHash = `sha256:${crypto.createHash('sha256').update(snippet || '').digest('hex').slice(0, 16)}`;
+  return { id, file, lines, snippetHash, reason };
+}
+function extractMiddlewares(content, lineNum) {
+  // Simple middleware extraction - look for function calls before the handler
+  const lines = content.split('\n');
+  const line = lines[lineNum - 1] || '';
+  const middlewares = [];
+  const mwPattern = /(\w+Middleware|\w+Guard|\w+Auth)/g;
+  let match;
+  while ((match = mwPattern.exec(line)) !== null) {
+    middlewares.push(match[1]);
+  }
+  return middlewares;
+}
+function detectAuthRequired(content, lineNum) {
+  const lines = content.split('\n');
+  const context = lines.slice(Math.max(0, lineNum - 5), lineNum + 5).join('\n');
+  if (/auth|protect|guard|require.*auth/i.test(context)) return 'yes';
+  if (/public|no.*auth/i.test(context)) return 'no';
+  return 'unknown';
+}
+function detectWorkspaceType(name) {
+  if (/api|server|backend/i.test(name)) return 'service';
+  if (/web|app|frontend|ui/i.test(name)) return 'app';
+  if (/package|lib|shared|common/i.test(name)) return 'package';
+  return 'unknown';
+}
+async function findSourceFiles(projectPath) {
+  const files = [];
+  const extensions = ['.ts', '.tsx', '.js', '.jsx'];
+  const ignoreDirs = ['node_modules', 'dist', 'build', '.git', '.next', 'coverage', '.vibecheck'];
+  async function walk(dir) {
+    try {
+      const entries = await fs.readdir(dir, { withFileTypes: true });
+      for (const entry of entries) {
+        const fullPath = path.join(dir, entry.name);
+        if (entry.isDirectory()) {
+          if (!ignoreDirs.includes(entry.name) && !entry.name.startsWith('.')) {
+            await walk(fullPath);
+          }
+        } else if (entry.isFile()) {
+          const ext = path.extname(entry.name).toLowerCase();
+          if (extensions.includes(ext)) {
+            files.push(fullPath);
+          }
+        }
+      }
+    } catch {}
+  }
+  await walk(projectPath);
+  return files;
+}
+function generateMarkdown(truthpack) {
+  const lines = [
+    '# Truth Pack',
+    '',
+    `Generated: ${truthpack.meta.generatedAt}`,
+    `Commit: ${truthpack.meta.commit.sha} (${truthpack.meta.commit.branch})`,
+    '',
+    '## Project',
+    '',
+    `**Frameworks:** ${truthpack.project.frameworks.join(', ') || 'none detected'}`,
+    '',
+    '### Workspaces',
+    '',
+    ...truthpack.project.workspaces.map(w => `- \`${w.path}\` (${w.type})`),
+    '',
+    '### Entrypoints',
+    '',
+    ...truthpack.project.entrypoints.map(e => `- \`${e.path}\` (${e.kind})`),
+    '',
+    '## Routes',
+    '',
+    `**Server Routes:** ${truthpack.routes.server.length}`,
+    `**Client Refs:** ${truthpack.routes.clientRefs.length}`,
+    '',
+    '### Server Routes',
+    '',
+    '| Method | Path | Handler | Auth |',
+    '|--------|------|---------|------|',
+    ...truthpack.routes.server.slice(0, 50).map(r =>
+      `| ${r.method} | \`${r.path}\` | ${r.handler} | ${r.authRequired} |`
+    ),
+    '',
+    '## Environment',
+    '',
+    `**Variables:** ${truthpack.env.vars.length}`,
+    '',
+    ...truthpack.env.vars.slice(0, 30).map(v =>
+      `- \`${v.name}\` ${v.required ? '(required)' : '(optional)'} - ${v.references.length} refs`
+    ),
+    '',
+    '## Auth',
+    '',
+    `**Type:** ${truthpack.auth.model.type}`,
+    `**Signals:** ${truthpack.auth.model.signals.length}`,
+    `**Protected Surfaces:** ${truthpack.auth.protectedSurfaces.length}`,
+    '',
+    '## Billing',
+    '',
+    `**Signals:** ${truthpack.billing.signals.length}`,
+    `**Bypass Signals:** ${truthpack.billing.bypassSignals.length}`,
+    '',
+    '## Index',
+    '',
+    `**Evidence Refs:** ${truthpack.index.evidenceRefs.length}`,
+    `**Hash:** ${truthpack.index.hashes.truthpackHash}`,
+    '',
+  ];
+  return lines.join('\n');
+}
+export default runTruthpack;

package/bin/runners/runUpgrade.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ async function runUpgrade(args) { console.log("Upgrade command not yet implemented"); return 0; }
2	+ module.exports = { runUpgrade };

package/bin/runners/runValidate.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ async function runValidate(args) { console.log("Validate command not yet implemented"); return 0; }
2	+ module.exports = { runValidate };

package/bin/runners/runVerifyAgentOutput.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ async function runVerifyAgentOutput(args) { console.log("Verify agent output not yet implemented"); return 0; }
2	+ module.exports = { runVerifyAgentOutput };