@vibecheckai/cli 3.0.4 → 3.0.7

package/mcp-server/.guardrail/audit/audit.log.jsonl

@@ -0,0 +1,2 @@
+{"id":"36b46d34-86fb-43cc-844c-7df3b8155019","timestamp":"2026-01-11T21:25:55.725Z","actor":{"id":"mevla","type":"system","name":"mevla"},"surface":"mcp","action":"tool.invoke","category":"tool","target":{"type":"tool","name":"vibecheck.health"},"tier":"free","result":"success","metadata":{},"prevHash":"0000000000000000000000000000000000000000000000000000000000000000","version":1,"hash":"bf2bf569bee90629dcff3b9c0cb4db77f2078d0539a4cb0c15d5227b9dec61cb"}
+{"id":"a26d38e9-a10c-478b-bce5-021e2788a339","timestamp":"2026-01-11T21:25:55.735Z","actor":{"id":"mevla","type":"system","name":"mevla"},"surface":"mcp","action":"tool.complete","category":"tool","target":{"type":"tool","name":"vibecheck.health"},"tier":"free","result":"success","metadata":{},"prevHash":"bf2bf569bee90629dcff3b9c0cb4db77f2078d0539a4cb0c15d5227b9dec61cb","version":1,"hash":"b15c8295a18bc5f1c3fb5f105a6edaab81e8cef38754c30379f8fe9557632cff"}

package/mcp-server/.specs/architecture.mdc

@@ -0,0 +1,90 @@
+---
+description: Architecture Overview documentation
+category: architecture
+generatedAt: 2026-01-13T13:47:09.402Z
+---
+
+# Architecture Overview
+
+## Components
+
+### getRulesForLevel
+- **Type:** function
+- **Path:** `agent-checkpoint.js`
+
+### validateContent
+- **Type:** function
+- **Path:** `agent-checkpoint.js`
+
+### formatViolations
+- **Type:** function
+- **Path:** `agent-checkpoint.js`
+
+### handleCheckpointTool
+- **Type:** function
+- **Path:** `agent-checkpoint.js`
+
+### ServiceName
+- **Type:** class
+- **Path:** `architect-tools.js`
+
+### name
+- **Type:** function
+- **Path:** `architect-tools.js`
+
+### detectFileType
+- **Type:** function
+- **Path:** `architect-tools.js`
+
+### detectFramework
+- **Type:** function
+- **Path:** `architect-tools.js`
+
+### reviewCode
+- **Type:** function
+- **Path:** `architect-tools.js`
+
+### getSuggestions
+- **Type:** function
+- **Path:** `architect-tools.js`
+
+### ComponentName
+- **Type:** function
+- **Path:** `architect-tools.js`
+
+### useHookName
+- **Type:** function
+- **Path:** `architect-tools.js`
+
+### handler
+- **Type:** function
+- **Path:** `architect-tools.js`
+
+### handleArchitectTool
+- **Type:** function
+- **Path:** `architect-tools.js`
+
+### getCurrentTier
+- **Type:** function
+- **Path:** `audit-mcp.js`
+
+### getCurrentActor
+- **Type:** function
+- **Path:** `audit-mcp.js`
+
+### redactSensitive
+- **Type:** function
+- **Path:** `audit-mcp.js`
+
+### redactMetadata
+- **Type:** function
+- **Path:** `audit-mcp.js`
+
+### redactObject
+- **Type:** function
+- **Path:** `audit-mcp.js`
+
+### computeHash
+- **Type:** function
+- **Path:** `audit-mcp.js`
+

package/mcp-server/.specs/security.mdc

@@ -0,0 +1,30 @@
+---
+description: Security Architecture documentation
+category: security
+generatedAt: 2026-01-13T13:47:09.403Z
+---
+
+# Security Architecture
+
+## Components
+
+### loadUserConfig
+- **Type:** function
+- **Path:** `tier-auth.js`
+
+### getTierFromApiKey
+- **Type:** function
+- **Path:** `tier-auth.js`
+
+### checkFeatureAccess
+- **Type:** function
+- **Path:** `tier-auth.js`
+
+### withTierCheck
+- **Type:** function
+- **Path:** `tier-auth.js`
+
+### getUserInfo
+- **Type:** function
+- **Path:** `tier-auth.js`
+

package/mcp-server/README.md

@@ -0,0 +1,252 @@
+# vibecheck MCP Server
+
+Professional Model Context Protocol server for vibecheck AI.
+
+> "Stop shipping pretend features."
+
+## Installation
+
+```bash
+npm install -g vibecheck-mcp-server
+```
+
+## Configuration
+
+See [MCP-INSTALLATION-GUIDE.md](../docs/MCP-INSTALLATION-GUIDE.md) for editor-specific setup.
+
+## Development
+
+```bash
+cd mcp-server
+npm install
+npm start
+```
+
+## Premium Command Palette Tools
+
+These tools provide a top-notch, zero-friction UX:
+
+### Ship Check Commands
+- `run_ship` - vibecheck: Ship Check (GO/NO-GO)
+- `run_reality` - vibecheck: Run Reality Mode
+- `run_mockproof` - vibecheck: Run MockProof Gate
+- `run_airlock` - vibecheck: Run Airlock (SupplyChain)
+
+### Report & Artifact Commands
+- `get_last_run` - vibecheck: Open Last Run Report
+- `open_artifact` - Open Report/Replay/Trace/SARIF/Badge
+- `rerun_last_check` - vibecheck: Re-run Last Check
+- `export_sarif` - Export findings as SARIF
+
+### Setup & Policy Commands
+- `run_doctor` - vibecheck: Doctor (Fix my setup)
+- `edit_policies` - vibecheck: Policies (Quick Edit)
+- `get_status` - Get server status and workspace info
+- `policy_patch` - Apply atomic policy changes
+
+### Fix Mode Commands
+- `enter_fix_mode` - Enter Fix Mode for blocker resolution
+- `fix_mode_status` - Get Fix Mode checklist status
+- `mark_fix_complete` - Mark blocker as fixed
+- `exit_fix_mode` - Exit and re-run ship check
+
+### Evidence & Diagnostics
+- `explain_finding` - Get detailed finding explanation
+
+## AI vibecheck Tools (Prompt Firewall + Output Verification)
+
+These tools provide AI safety and verification capabilities:
+
+| Tool | Description |
+|------|-------------|
+| `vibecheck.verify` | 🛡️ Verify AI agent output before applying - checks secrets, dangerous commands, path traversal |
+| `vibecheck.quality` | 📊 Code quality analysis - complexity, maintainability, technical debt metrics |
+| `vibecheck.smells` | 👃 Code smell detection - anti-patterns, naming issues, structural problems |
+| `vibecheck.hallucination` | 🔍 Hallucination check - verify claims against actual source code |
+| `vibecheck.breaking` | ⚠️ Breaking change detection - API changes, removed methods, type changes |
+| `vibecheck.mdc` | 📝 MDC Generator - source-anchored documentation generation |
+| `vibecheck.coverage` | 🧪 Test coverage mapping - identify untested components |
+
+### Example Usage
+
+```json
+// Verify AI-generated code before applying
+{
+  "tool": "vibecheck.verify",
+  "arguments": {
+    "input": "{\"format\":\"vibecheck-v1\",\"diff\":\"...\",\"commands\":[]}",
+    "mode": "build"
+  }
+}
+
+// Check code quality
+{
+  "tool": "vibecheck.quality",
+  "arguments": {
+    "projectPath": ".",
+    "threshold": 70
+  }
+}
+
+// Detect code smells
+{
+  "tool": "vibecheck.smells",
+  "arguments": {
+    "projectPath": ".",
+    "severity": "high"
+  }
+}
+```
+
+## Agent Checkpoint Tools
+
+Pre-write validation that blocks AI agents until issues are fixed:
+
+| Tool | Description |
+|------|-------------|
+| `vibecheck_checkpoint` | 🛡️ Validate code before writing - blocks on TODOs, mocks, console.log, etc. |
+| `vibecheck_set_strictness` | ⚙️ Set checkpoint strictness: chill, standard, strict, paranoid |
+| `vibecheck_checkpoint_status` | 📊 Get current checkpoint status and blocking violations |
+
+## Architect Tools
+
+AI agents consult the Architect before writing code:
+
+| Tool | Description |
+|------|-------------|
+| `vibecheck_architect_review` | 🏛️ Review code against architecture patterns |
+| `vibecheck_architect_suggest` | 💡 Get architectural guidance before writing code |
+| `vibecheck_architect_patterns` | 📋 List all active architecture patterns |
+| `vibecheck_architect_set_strictness` | ⚙️ Set architect strictness level |
+
+## Codebase Architect Tools
+
+Deep codebase knowledge for AI agents:
+
+| Tool | Description |
+|------|-------------|
+| `vibecheck_architect_context` | 🧠 Load full codebase context (tech stack, conventions, patterns) |
+| `vibecheck_architect_guide` | 🏛️ Get guidance for creating/modifying code |
+| `vibecheck_architect_validate` | ✅ Validate code against codebase patterns |
+| `vibecheck_architect_dependencies` | 🔗 Understand file relationships and impact |
+
+## vibecheck 2.0 Tools (Consolidated)
+
+Six core tools for the complete workflow:
+
+| Tool | Description |
+|------|-------------|
+| `checkpoint` | 🛡️ Block AI agents until issues are fixed (pre/post write) |
+| `check` | 🔍 Verify code is real, wired, honest |
+| `ship` | 🚀 Go/No-Go decision (GO / WARN / NO-GO) |
+| `fix` | 🔧 Fix blocking issues safely |
+| `status` | 📊 Health + version info |
+| `set_strictness` | ⚙️ Set checkpoint strictness level |
+
+## Intent Drift Guard Tools
+
+Capture intent before writing code, monitor for drift:
+
+| Tool | Description |
+|------|-------------|
+| `vibecheck_intent_start` | 🎯 Start a new step with explicit intent |
+| `vibecheck_intent_check` | ✅ Check if code changes align with stated intent |
+| `vibecheck_intent_validate_prompt` | 🔒 Validate new prompts against locked intent |
+| `vibecheck_intent_status` | 📊 Get current Intent Drift Guard status |
+| `vibecheck_intent_complete` | ✅ Complete step and generate proof artifact |
+| `vibecheck_intent_lock` | 🔒 Lock intent to prevent scope expansion |
+| `vibecheck_intent_unlock` | 🔓 Unlock intent, allow scope changes |
+
+## Fix Missions v1 + Reality v2 Tools
+
+Production-ready AI fix loop and runtime verification:
+
+| Tool | Description |
+|------|-------------|
+| `vibecheck.fix` | 🛠 Fix Missions v1 — AI-powered surgical fixes with verification loop |
+| `vibecheck.reality` | 🧪 Reality Mode v2 — Two-pass auth verification (anon + auth), Dead UI detection |
+| `vibecheck.prove` | 🔬 One Command Reality Proof — orchestrates ctx → reality → ship → fix loop |
+| `vibecheck.share` | 📦 Share Bundle — generate PR comment / review bundle from fix missions |
+
+### vibecheck.reality Options
+
+```json
+{
+  "tool": "vibecheck.reality",
+  "arguments": {
+    "url": "http://localhost:3000",
+    "verifyAuth": true,
+    "auth": "user@example.com:password",
+    "storageState": ".vibecheck/reality/storageState.json",
+    "truthpack": ".vibecheck/truth/truthpack.json",
+    "headed": false,
+    "maxPages": 18,
+    "maxDepth": 2,
+    "danger": false
+  }
+}
+```
+
+### vibecheck.fix Options
+
+```json
+{
+  "tool": "vibecheck.fix",
+  "arguments": {
+    "promptOnly": false,
+    "apply": true,
+    "autopilot": true,
+    "share": true,
+    "maxMissions": 8,
+    "maxSteps": 10
+  }
+}
+```
+
+### vibecheck.prove Options
+
+```json
+{
+  "tool": "vibecheck.prove",
+  "arguments": {
+    "url": "http://localhost:3000",
+    "auth": "user@example.com:password",
+    "maxFixRounds": 3,
+    "skipReality": false,
+    "skipFix": false
+  }
+}
+```
+
+## Core Analysis Tools
+
+- `validate_project` - Validate project structure and API endpoints
+- `check_design_system` - Validate design system consistency
+- `check_project_drift` - Check for architecture drift
+- `setup_design_system` - Set up and lock design system
+- `register_api_endpoint` - Register API endpoint
+- `get_project_health` - Get project health score
+- `get_vibechecks_rules` - Get vibechecks rules
+- `architect_analyze` - Intelligent project analysis
+- `build_knowledge_base` - Build codebase knowledge
+- `semantic_search` - Search code by meaning
+- `security_scan` - Full security scan
+- `ship_check` - Ship readiness check
+- `get_deploy_verdict` - Get deploy GO/NO-GO decision
+
+## Resources
+
+- `vibechecks://rules` - Vibechecks rules document
+- `vibechecks://templates` - Available templates
+- `vibechecks://design-tokens` - Design system tokens
+
+## Documentation
+
+See [MCP-PREMIUM-TOOLS.md](../docs/MCP-PREMIUM-TOOLS.md) for detailed tool documentation.
+
+## Privacy & Trust
+
+- Runs locally
+- Artifacts saved to `.vibecheck/`
+- No upload unless you export/share
+