@vibecheckai/cli 3.0.4 → 3.0.7

package/bin/runners/runShip.js

@@ -22,6 +22,8 @@ const {
   findOwnerModeBypass
 } = require("./lib/analyzers");
 const { findingsFromReality } = require("./lib/reality-findings");
+// Contract Drift Detection - per spec: "routes/env/auth drift → usually BLOCK"
+const { findContractDrift, loadContracts, hasContracts, getDriftSummary } = require("./lib/drift");
 
 // Build proof graph from findings for evidence-backed verdicts
 function buildProofGraph(findings, truthpack, root) {
@@ -103,7 +105,8 @@ function getClaimType(category) {
     'StripeWebhook': 'billing_enforced',
     'PaidSurface': 'billing_enforced',
     'OwnerModeBypass': 'billing_enforced',
-    'DeadUI': 'ui_wired'
+    'DeadUI': 'ui_wired',
+    'ContractDrift': 'contract_satisfied'
   };
   return map[category] || 'ui_wired';
 }
@@ -117,7 +120,8 @@ function getGapType(category) {
     'StripeWebhook': 'missing_verification',
     'PaidSurface': 'missing_gate',
     'OwnerModeBypass': 'missing_gate',
-    'DeadUI': 'missing_handler'
+    'DeadUI': 'missing_handler',
+    'ContractDrift': 'contract_drift'
   };
   return map[category] || 'untested_path';
 }
@@ -490,6 +494,23 @@ ${c.bold}EXAMPLES${c.reset}
       ...findingsFromReality(projectPath)
     ];
     
+    // Contract Drift Detection - per spec section 8.1:
+    // "drift can be WARN or BLOCK depending on category:
+    //  routes/env/auth drift → usually BLOCK (because AI will lie here)"
+    if (hasContracts(projectPath)) {
+      const contracts = loadContracts(projectPath);
+      const driftFindings = findContractDrift(contracts, truthpack);
+      allFindings.push(...driftFindings);
+      
+      const driftSummary = getDriftSummary(driftFindings);
+      if (driftSummary.hasDrift) {
+        console.log(`  ${driftSummary.blocks > 0 ? c.red + '🛑' : c.yellow + '⚠️'} Contract drift detected: ${driftSummary.blocks} blocks, ${driftSummary.warns} warnings${c.reset}`);
+        if (driftSummary.blocks > 0) {
+          console.log(`     ${c.dim}Run 'vibecheck ctx sync' to update contracts${c.reset}`);
+        }
+      }
+    }
+    
     results.routeTruth = {
       serverRoutes: truthpack.routes.server.length,
       clientRefs: truthpack.routes.clientRefs.length,

package/bin/runners/runTruthpack.js

@@ -11,11 +11,13 @@
  *   vibecheck ctx --md         - Also generate truthpack.md
  */
 
-import fs from 'fs/promises';
-import path from 'path';
-import crypto from 'crypto';
-import { execSync } from 'child_process';
-import { RouteIndex, resolveNextRoutes, resolveFastifyRoutes } from './lib/route-truth.js';
+"use strict";
+
+const fs = require('fs/promises');
+const path = require('path');
+const crypto = require('crypto');
+const { execSync } = require('child_process');
+const { RouteIndex, resolveNextRoutes, resolveFastifyRoutes } = require('./lib/route-truth.js');
 
 const VERSION = '1.0.0';
 
@@ -25,7 +27,7 @@ let evidenceCounter = 0;
 /**
  * Main entry point
  */
-export async function runTruthpack(projectPath = process.cwd(), options = {}) {
+async function runTruthpack(projectPath = process.cwd(), options = {}) {
   const startTime = Date.now();
   console.log('📦 Generating Truth Pack...\n');
   
@@ -631,4 +633,4 @@ function generateMarkdown(truthpack) {
   return lines.join('\n');
 }
 
-export default runTruthpack;
+module.exports = { runTruthpack };

package/bin/runners/runValidate.js

@@ -1,2 +1,162 @@
-async function runValidate(args) { console.log("Validate command not yet implemented"); return 0; }
+/**
+ * vibecheck validate - Validate AI-generated code for hallucinations
+ */
+
+const fs = require("fs");
+const path = require("path");
+const { buildTruthpack } = require("./lib/truth");
+const { routeMatches } = require("./lib/claims");
+
+const c = {
+  reset: "\x1b[0m",
+  bold: "\x1b[1m",
+  dim: "\x1b[2m",
+  green: "\x1b[32m",
+  yellow: "\x1b[33m",
+  red: "\x1b[31m",
+  cyan: "\x1b[36m",
+};
+
+function parseArgs(args) {
+  const opts = {
+    help: false,
+    file: null,
+    json: false,
+    verbose: false,
+  };
+
+  for (let i = 0; i < args.length; i++) {
+    const arg = args[i];
+    switch (arg) {
+      case "--help":
+      case "-h":
+        opts.help = true;
+        break;
+      case "--json":
+        opts.json = true;
+        break;
+      case "--verbose":
+      case "-v":
+        opts.verbose = true;
+        break;
+      default:
+        if (!arg.startsWith("-")) {
+          opts.file = arg;
+        }
+    }
+  }
+
+  return opts;
+}
+
+function printHelp() {
+  console.log(`
+${c.bold}vibecheck validate${c.reset} - Validate AI-generated code for hallucinations
+
+${c.bold}USAGE${c.reset}
+  vibecheck validate [file] [options]
+
+${c.bold}OPTIONS${c.reset}
+  --help, -h     Show this help
+  --json         Output as JSON
+  --verbose, -v  Show detailed output
+
+${c.bold}WHAT IT CHECKS${c.reset}
+  - API routes referenced but not defined
+  - Env vars used but not declared
+  - Imports that don't exist
+  - Function calls to undefined functions
+
+${c.bold}EXAMPLES${c.reset}
+  vibecheck validate                     # Validate all files
+  vibecheck validate src/api/route.ts    # Validate specific file
+  vibecheck validate --json              # JSON output
+`);
+}
+
+async function runValidate(args) {
+  const opts = parseArgs(args);
+
+  if (opts.help) {
+    printHelp();
+    return 0;
+  }
+
+  const projectPath = process.cwd();
+  
+  console.log(`\n${c.bold}🔍 Validating code for hallucinations...${c.reset}\n`);
+
+  try {
+    // Build truthpack for validation
+    const truthpack = await buildTruthpack({ repoRoot: projectPath });
+    
+    const issues = [];
+    
+    // Check for missing routes
+    const clientRefs = truthpack.routes?.clientRefs || [];
+    const serverRoutes = truthpack.routes?.server || [];
+    
+    for (const ref of clientRefs) {
+      const method = ref.method || "*";
+      const p = ref.path;
+      const exists = serverRoutes.some(r => routeMatches(r, method, p) || routeMatches(r, "*", p));
+      
+      if (!exists) {
+        issues.push({
+          type: "missing_route",
+          severity: "error",
+          message: `Route ${method} ${p} is referenced but not defined`,
+          file: ref.evidence?.[0]?.file || "unknown",
+          line: ref.evidence?.[0]?.lines?.split("-")[0] || 1,
+        });
+      }
+    }
+    
+    // Check for undeclared env vars (excluding system vars)
+    const envVars = truthpack.env?.vars || [];
+    const declared = new Set(truthpack.env?.declared || []);
+    const systemVars = new Set([
+      'HOME', 'USER', 'PATH', 'NODE_ENV', 'CI', 'DEBUG', 'PORT',
+      'APPDATA', 'USERPROFILE', 'COMPUTERNAME', 'HOSTNAME',
+    ]);
+    
+    for (const v of envVars) {
+      if (!declared.has(v.name) && !systemVars.has(v.name) && v.name.startsWith("VIBECHECK_")) {
+        issues.push({
+          type: "undeclared_env",
+          severity: "warning",
+          message: `Env var ${v.name} is used but not declared in .env.example`,
+          file: v.references?.[0]?.file || "unknown",
+          line: v.references?.[0]?.lines?.split("-")[0] || 1,
+        });
+      }
+    }
+    
+    // Output results
+    if (opts.json) {
+      console.log(JSON.stringify({ issues, valid: issues.length === 0 }, null, 2));
+    } else {
+      if (issues.length === 0) {
+        console.log(`${c.green}✓${c.reset} No hallucinations detected!\n`);
+        console.log(`  ${c.dim}All routes and env vars are properly defined.${c.reset}\n`);
+      } else {
+        console.log(`${c.yellow}⚠${c.reset} Found ${issues.length} potential issues:\n`);
+        
+        for (const issue of issues) {
+          const icon = issue.severity === "error" ? `${c.red}✗${c.reset}` : `${c.yellow}⚠${c.reset}`;
+          console.log(`  ${icon} ${issue.message}`);
+          console.log(`    ${c.dim}${issue.file}:${issue.line}${c.reset}`);
+        }
+        console.log();
+      }
+    }
+    
+    return issues.some(i => i.severity === "error") ? 1 : 0;
+    
+  } catch (error) {
+    console.error(`${c.red}✗${c.reset} Validation failed: ${error.message}`);
+    return 1;
+  }
+}
+
 module.exports = { runValidate };