@vibecheckai/cli 3.0.4 → 3.0.5

package/bin/dev/run-v2-torture.js

@@ -0,0 +1,30 @@
+#!/usr/bin/env node
+/**
+ * Run Spec v2 Torture Suite
+ * 
+ * Quick confidence builder for spec v2 implementation.
+ * 
+ * Usage:
+ *   node bin/dev/run-v2-torture.js
+ *   pnpm test:v2
+ */
+
+"use strict";
+
+const path = require("path");
+
+// Run the torture suite
+const { TortureTestRunner } = require("../../tests/e2e/spec-v2.torture.test.js");
+
+async function main() {
+  const runner = new TortureTestRunner();
+  const results = await runner.run();
+  
+  // Exit with appropriate code
+  process.exit(results.failed > 0 ? 1 : 0);
+}
+
+main().catch(err => {
+  console.error("❌ Torture suite crashed:", err);
+  process.exit(1);
+});

package/bin/guardrail.js

@@ -90,6 +90,7 @@ const { runReplay } = require("./runners/runReplay");
 // Context Contracts commands
 const { runCtxSync } = require("./runners/runCtxSync");
 const { runCtxGuard } = require("./runners/runCtxGuard");
+const { runCtxDiff } = require("./runners/runCtxDiff");
 
 // Truth Pack v1 - Core truth system
 let runTruthpack;
@@ -472,6 +473,9 @@ ${c.blue}🔧 FIX & AUTOMATE${c.reset}
 ${c.dim}📦 TRUTH SYSTEM${c.reset}
 
   ${c.cyan}ctx${c.reset}               Generate Truth Pack - ground truth for AI agents
+  ${c.cyan}ctx sync${c.reset}          Generate contracts from truthpack (routes/env/auth/external)
+  ${c.cyan}ctx guard${c.reset}         CI gate - fail on contract drift (BLOCK on route/env/auth drift)
+  ${c.cyan}ctx diff${c.reset}          Preview contract changes before syncing
   ${c.cyan}ctx --snapshot${c.reset}    Save snapshot to .vibecheck/truth/snapshots/
   ${c.cyan}graph${c.reset}             Build Reality Proof Graph - end-to-end causal chains
 
@@ -800,6 +804,11 @@ ${c.dim}Run 'vibecheck <command> --help' for details.${c.reset}
           exitCode = await runCtxGuard.main(args.slice(1));
           break;
         }
+        if (args[0] === "diff") {
+          const { main: ctxDiffMain } = require("./runners/runCtxDiff");
+          exitCode = await ctxDiffMain(args.slice(1));
+          break;
+        }
         // Parse args for ctx command - use Route Truth v1
         const fastifyEntryIdx = args.indexOf('--fastify-entry');
         const fastifyEntry = fastifyEntryIdx !== -1 ? args[fastifyEntryIdx + 1] : undefined;

package/bin/runners/lib/analyzers.js

@@ -131,9 +131,47 @@ function findEnvGaps(truthpack) {
   const declared = new Set(truthpack?.env?.declared || []);
   const declaredSources = truthpack?.env?.declaredSources || [];
 
+  // Well-known system/CI env vars that shouldn't be flagged as undeclared
+  const systemEnvVars = new Set([
+    // System
+    'HOME', 'USER', 'PATH', 'PWD', 'SHELL', 'TERM', 'LANG', 'TZ', 'TMPDIR', 'TEMP', 'TMP',
+    'COLORTERM', 'FORCE_COLOR', 'NO_COLOR', 'TERM_PROGRAM', 'TERM_PROGRAM_VERSION',
+    // Windows
+    'APPDATA', 'LOCALAPPDATA', 'USERPROFILE', 'COMPUTERNAME', 'USERNAME', 'HOMEDRIVE', 'HOMEPATH',
+    'SYSTEMROOT', 'WINDIR', 'PROGRAMFILES', 'PROGRAMDATA', 'COMMONPROGRAMFILES',
+    // Node.js
+    'NODE_ENV', 'NODE_OPTIONS', 'NODE_PATH', 'NODE_DEBUG', 'NODE_NO_WARNINGS',
+    // CI/CD platforms
+    'CI', 'CONTINUOUS_INTEGRATION', 'BUILD_NUMBER', 'BUILD_ID',
+    'GITHUB_ACTIONS', 'GITHUB_WORKFLOW', 'GITHUB_RUN_ID', 'GITHUB_RUN_NUMBER', 'GITHUB_SHA', 'GITHUB_REF',
+    'GITLAB_CI', 'CI_COMMIT_SHA', 'CI_PIPELINE_ID', 'CI_JOB_ID',
+    'CIRCLECI', 'CIRCLE_BUILD_NUM', 'CIRCLE_SHA1', 'CIRCLE_BRANCH',
+    'TRAVIS', 'TRAVIS_BUILD_NUMBER', 'TRAVIS_COMMIT',
+    'JENKINS_URL', 'BUILD_TAG', 'GIT_COMMIT',
+    'BUILDKITE', 'BUILDKITE_BUILD_NUMBER', 'BUILDKITE_COMMIT',
+    'CODEBUILD_BUILD_ID', 'CODEBUILD_RESOLVED_SOURCE_VERSION',
+    'VERCEL', 'VERCEL_ENV', 'VERCEL_URL', 'VERCEL_GIT_COMMIT_SHA',
+    'NETLIFY', 'CONTEXT', 'DEPLOY_PRIME_URL',
+    'RAILWAY_ENVIRONMENT', 'RAILWAY_GIT_COMMIT_SHA',
+    'HEROKU', 'DYNO', 'RENDER', 'FLY_APP_NAME',
+    // CI user info
+    'GITHUB_ACTOR', 'GITLAB_USER_LOGIN', 'GITLAB_USER_NAME', 'GITLAB_USER_EMAIL',
+    // Network/proxy
+    'HTTP_PROXY', 'HTTPS_PROXY', 'NO_PROXY', 'http_proxy', 'https_proxy', 'no_proxy',
+    'HOSTNAME', 'HOST',
+    // Debug/logging
+    'DEBUG', 'VERBOSE', 'LOG_LEVEL',
+    // Editor/IDE
+    'EDITOR', 'VISUAL', 'VSCODE_PID', 'TERM_SESSION_ID',
+    // Common optional vars that are often checked but not required
+    'PORT', 'npm_package_version', 'npm_package_name',
+  ]);
+
   // 1) USED but not declared in templates/examples => WARN (or BLOCK if required)
   for (const v of used) {
     if (declared.has(v.name)) continue;
+    // Skip well-known system/CI env vars
+    if (systemEnvVars.has(v.name)) continue;
 
     const sev = v.required ? "BLOCK" : "WARN";
     findings.push({

package/bin/runners/lib/contracts/auth-contract.js

@@ -58,6 +58,14 @@ function buildAuthContract(truthpack) {
     "/favicon.ico"
   ];
 
+  // Deterministic output: sort all arrays
+  contract.protectedPatterns.sort();
+  contract.publicPatterns.sort();
+  contract.roles.sort((a, b) => a.name.localeCompare(b.name));
+  for (const role of contract.roles) {
+    if (role.routes) role.routes.sort();
+  }
+
   return contract;
 }
 

package/bin/runners/lib/contracts/env-contract.js

@@ -46,6 +46,9 @@ function buildEnvContract(truthpack) {
     }
   }
 
+  // Deterministic output: sort vars by name
+  contract.vars.sort((a, b) => a.name.localeCompare(b.name));
+
   return contract;
 }
 

package/bin/runners/lib/contracts/external-contract.js

@@ -84,12 +84,20 @@ function buildExternalContract(truthpack) {
   if (supabaseVars.length) {
     contract.services.push({
       name: "supabase",
-      envVars: supabaseVars.map(v => v.name),
-      usedIn: supabaseVars.flatMap(v => v.references?.map(r => r.file) || []),
+      envVars: supabaseVars.map(v => v.name).sort(),
+      usedIn: [...new Set(supabaseVars.flatMap(v => v.references?.map(r => r.file) || []))].sort(),
       evidence: supabaseVars.flatMap(v => v.references || [])
     });
   }
 
+  // Deterministic output: sort services by name, and their internal arrays
+  contract.services.sort((a, b) => a.name.localeCompare(b.name));
+  for (const svc of contract.services) {
+    if (svc.envVars) svc.envVars.sort();
+    if (svc.usedIn) svc.usedIn = [...new Set(svc.usedIn)].sort();
+    if (svc.webhooks) svc.webhooks.sort((a, b) => a.path.localeCompare(b.path));
+  }
+
   return contract;
 }
 

package/bin/runners/lib/contracts/route-contract.js

@@ -38,6 +38,13 @@ function buildRouteContract(truthpack) {
     contract.routes.push(routeSpec);
   }
 
+  // Deterministic output: sort routes by method + path
+  contract.routes.sort((a, b) => {
+    const keyA = `${a.method}_${a.path}`;
+    const keyB = `${b.method}_${b.path}`;
+    return keyA.localeCompare(keyB);
+  });
+
   return contract;
 }