@vibecheckai/cli 3.0.4 → 3.0.7

package/mcp-server/index.js

@@ -0,0 +1,2092 @@
+#!/usr/bin/env node
+
+/**
+ * vibecheck MCP Server v2.0 - Clean Product Surface
+ *
+ * 6 Public Tools (maps to CLI):
+ *   vibecheck.scan   - Find truth
+ *   vibecheck.gate   - Enforce truth in CI
+ *   vibecheck.fix    - Apply safe patches
+ *   vibecheck.proof  - Premium verification (mocks, reality)
+ *   vibecheck.report - Access artifacts
+ *   vibecheck.status - Health and config info
+ *
+ * Everything else is parameters on these tools.
+ */
+
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import {
+  CallToolRequestSchema,
+  ListToolsRequestSchema,
+  ListResourcesRequestSchema,
+  ReadResourceRequestSchema,
+} from "@modelcontextprotocol/sdk/types.js";
+
+import fs from "fs/promises";
+import path from "path";
+import { fileURLToPath } from "url";
+import { execSync } from "child_process";
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+const VERSION = "2.1.0";
+
+// Import intelligence tools
+import {
+  INTELLIGENCE_TOOLS,
+  handleIntelligenceTool,
+} from "./intelligence-tools.js";
+
+// Import AI vibecheck tools
+import {
+  VIBECHECK_TOOLS,
+  handleVibecheckTool,
+} from "./vibecheck-tools.js";
+
+// Import agent checkpoint tools
+import {
+  AGENT_CHECKPOINT_TOOLS,
+  handleCheckpointTool,
+} from "./agent-checkpoint.js";
+
+// Import architect tools
+import {
+  ARCHITECT_TOOLS,
+  handleArchitectTool,
+} from "./architect-tools.js";
+
+// Import codebase architect tools
+import {
+  CODEBASE_ARCHITECT_TOOLS,
+  handleCodebaseArchitectTool,
+} from "./codebase-architect-tools.js";
+
+// Import vibecheck 2.0 tools
+import {
+  VIBECHECK_2_TOOLS,
+  handleVibecheck2Tool,
+} from "./vibecheck-2.0-tools.js";
+
+// Import intent drift tools
+import {
+  intentDriftTools,
+} from "./intent-drift-tools.js";
+
+// Import audit trail for MCP
+import { emitToolInvoke, emitToolComplete } from "./audit-mcp.js";
+
+// Import MDC generator
+import { mdcGeneratorTool, handleMDCGeneration } from "./mdc-generator.js";
+
+// Import Truth Context tools (Evidence Pack / Truth Pack)
+import { TRUTH_CONTEXT_TOOLS, handleTruthContextTool } from "./truth-context.js";
+
+// Import Truth Firewall tools (Hallucination Stopper)
+import { TRUTH_FIREWALL_TOOLS, handleTruthFirewallTool } from "./truth-firewall-tools.js";
+
+// Import Consolidated Tools (15 focused tools - recommended surface)
+import { CONSOLIDATED_TOOLS, handleConsolidatedTool } from "./consolidated-tools.js";
+
+// ============================================================================
+// TOOL DEFINITIONS - Public Tools (Clean Product Surface)
+// ============================================================================
+
+// RECOMMENDED: Use consolidated tools (15 focused, evidence-backed tools)
+// These map directly to CLI commands and return file/line citations
+const USE_CONSOLIDATED_TOOLS = process.env.VIBECHECK_MCP_CONSOLIDATED !== 'false';
+
+const TOOLS = USE_CONSOLIDATED_TOOLS ? [
+  // 15 Consolidated Tools - recommended for new integrations
+  ...CONSOLIDATED_TOOLS,
+  // Keep Truth Firewall for backward compatibility
+  ...TRUTH_FIREWALL_TOOLS,
+] : [
+  // Legacy: Full tool set (50+ tools) - for backward compatibility
+  // PRIORITY: Truth Firewall tools (Hallucination Stopper) - agents MUST use these
+  ...TRUTH_FIREWALL_TOOLS, // vibecheck.get_truthpack, vibecheck.validate_claim, vibecheck.compile_context, etc.
+  
+  // Truth Context tools (Evidence-Backed AI)
+  ...TRUTH_CONTEXT_TOOLS, // vibecheck.ctx, vibecheck.verify_claim, vibecheck.evidence
+  
+  ...INTELLIGENCE_TOOLS, // Add all intelligence suite tools
+  ...VIBECHECK_TOOLS,    // Add AI vibecheck tools (verify, quality, smells, etc.)
+  ...AGENT_CHECKPOINT_TOOLS, // Add agent checkpoint tools
+  ...ARCHITECT_TOOLS,    // Add architect review/suggest tools
+  ...CODEBASE_ARCHITECT_TOOLS, // Add codebase-aware architect tools
+  ...VIBECHECK_2_TOOLS,  // Add vibecheck 2.0 consolidated tools
+  ...intentDriftTools,   // Add intent drift guard tools
+  mdcGeneratorTool,      // Add MDC generator tool
+  // 1. SHIP - Quick health check (vibe coder friendly)
+  {
+    name: "vibecheck.ship",
+    description:
+      "🚀 Quick health check — 'Is my app ready?' Plain English, traffic light score",
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          description: "Path to project root",
+          default: ".",
+        },
+        fix: {
+          type: "boolean",
+          description: "Auto-fix problems where possible",
+          default: false,
+        },
+      },
+    },
+  },
+
+  // 2. SCAN - Deep technical analysis
+  {
+    name: "vibecheck.scan",
+    description:
+      "🔍 Deep scan — technical analysis of secrets, auth, mocks, routes (detailed output)",
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          description: "Path to project root",
+          default: ".",
+        },
+        profile: {
+          type: "string",
+          enum: ["quick", "full", "ship", "ci", "security", "compliance", "ai"],
+          description:
+            "Check profile: quick, full, ship, ci, security, compliance, ai",
+          default: "quick",
+        },
+        only: {
+          type: "array",
+          items: { type: "string" },
+          description:
+            "Run only specific checks: integrity, security, hygiene, contracts, auth, routes, mocks, compliance, ai",
+        },
+        format: {
+          type: "string",
+          enum: ["text", "json", "html", "sarif"],
+          description: "Output format",
+          default: "text",
+        },
+      },
+    },
+  },
+
+  // 3. VERIFY - Runtime verification with Playwright
+  {
+    name: "vibecheck.verify",
+    description:
+      "🧪 Runtime Verify — clicks buttons, fills forms, finds Dead UI with Playwright",
+    inputSchema: {
+      type: "object",
+      properties: {
+        url: {
+          type: "string",
+          description: "Target URL to test (required)",
+        },
+        auth: {
+          type: "string",
+          description: "Auth credentials (email:password)",
+        },
+        flows: {
+          type: "array",
+          items: { type: "string" },
+          description: "Flow packs to test: auth, ui, forms, billing",
+        },
+        headed: {
+          type: "boolean",
+          description: "Run browser in visible mode",
+          default: false,
+        },
+        record: {
+          type: "boolean",
+          description: "Record video of test run",
+          default: false,
+        },
+      },
+      required: ["url"],
+    },
+  },
+
+  // 3b. REALITY v2 - Two-Pass Auth Verification + Dead UI Crawler
+  {
+    name: "vibecheck.reality",
+    description:
+      "🧪 Reality Mode v2 — Two-pass auth verification: crawl anon, then auth. Finds Dead UI, HTTP errors, auth coverage gaps.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        url: {
+          type: "string",
+          description: "Target URL to test (required)",
+        },
+        auth: {
+          type: "string",
+          description: "Auth credentials (email:password) for login attempt",
+        },
+        verifyAuth: {
+          type: "boolean",
+          description: "Enable two-pass auth verification (anon + auth)",
+          default: false,
+        },
+        storageState: {
+          type: "string",
+          description: "Path to Playwright storageState.json for pre-authenticated session",
+        },
+        saveStorageState: {
+          type: "string",
+          description: "Path to save storageState after successful login",
+        },
+        truthpack: {
+          type: "string",
+          description: "Path to truthpack.json for auth matcher verification",
+        },
+        headed: {
+          type: "boolean",
+          description: "Run browser in visible mode",
+          default: false,
+        },
+        maxPages: {
+          type: "number",
+          description: "Max pages to visit per pass (default: 18)",
+          default: 18,
+        },
+        maxDepth: {
+          type: "number",
+          description: "Max link depth to crawl (default: 2)",
+          default: 2,
+        },
+        danger: {
+          type: "boolean",
+          description: "Allow clicking risky buttons (delete, cancel, etc.)",
+          default: false,
+        },
+      },
+      required: ["url"],
+    },
+  },
+
+  // 4. AI-TEST - AI Agent testing
+  {
+    name: "vibecheckai.dev-test",
+    description:
+      "🤖 AI Agent — autonomous testing that explores your app and generates fix prompts",
+    inputSchema: {
+      type: "object",
+      properties: {
+        url: {
+          type: "string",
+          description: "Target URL to test (required)",
+        },
+        goal: {
+          type: "string",
+          description: "Natural language goal for the AI agent",
+          default: "Test all features and find issues",
+        },
+        headed: {
+          type: "boolean",
+          description: "Run browser in visible mode",
+          default: false,
+        },
+      },
+      required: ["url"],
+    },
+  },
+
+  // 3. GATE - Enforce truth in CI
+  {
+    name: "vibecheck.gate",
+    description: "🚦 Enforce truth in CI — fail builds on policy violations",
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          default: ".",
+        },
+        policy: {
+          type: "string",
+          enum: ["default", "strict", "ci"],
+          description: "Policy strictness level",
+          default: "strict",
+        },
+        sarif: {
+          type: "boolean",
+          description: "Generate SARIF for GitHub Code Scanning",
+          default: true,
+        },
+      },
+    },
+  },
+
+  // 5. FIX - Fix Missions v1
+  {
+    name: "vibecheck.fix",
+    description:
+      "🔧 Fix Missions v1 — AI-powered surgical fixes with proof verification loop",
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          default: ".",
+        },
+        promptOnly: {
+          type: "boolean",
+          description: "Generate mission prompts only (no edits)",
+          default: false,
+        },
+        apply: {
+          type: "boolean",
+          description: "Apply patches returned by the model",
+          default: false,
+        },
+        autopilot: {
+          type: "boolean",
+          description: "Loop: fix → verify → fix until SHIP or stuck",
+          default: false,
+        },
+        share: {
+          type: "boolean",
+          description: "Generate share bundle for review",
+          default: false,
+        },
+        maxMissions: {
+          type: "number",
+          description: "Max missions to plan (default: 8)",
+          default: 8,
+        },
+        maxSteps: {
+          type: "number",
+          description: "Max autopilot steps (default: 10)",
+          default: 10,
+        },
+      },
+    },
+  },
+
+  // 6. SHARE - Generate share bundle from fix missions
+  {
+    name: "vibecheck.share",
+    description: "📦 Share Bundle — generate PR comment / review bundle from latest fix missions",
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          default: ".",
+        },
+        prComment: {
+          type: "boolean",
+          description: "Output GitHub PR comment format",
+          default: false,
+        },
+        out: {
+          type: "string",
+          description: "Write output to file path",
+        },
+      },
+    },
+  },
+
+  // 7. PROVE - One Command Reality Proof (orchestrates ctx → reality → ship → fix)
+  {
+    name: "vibecheck.prove",
+    description: "🔬 One Command Reality Proof — orchestrates ctx → reality → ship → fix loop until SHIP or stuck",
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          default: ".",
+        },
+        url: {
+          type: "string",
+          description: "Base URL for runtime testing",
+        },
+        auth: {
+          type: "string",
+          description: "Auth credentials (email:password)",
+        },
+        storageState: {
+          type: "string",
+          description: "Path to Playwright storageState.json",
+        },
+        maxFixRounds: {
+          type: "number",
+          description: "Max auto-fix attempts (default: 3)",
+          default: 3,
+        },
+        skipReality: {
+          type: "boolean",
+          description: "Skip runtime crawling (static only)",
+          default: false,
+        },
+        skipFix: {
+          type: "boolean",
+          description: "Don't auto-fix, just diagnose",
+          default: false,
+        },
+        headed: {
+          type: "boolean",
+          description: "Run browser in visible mode",
+          default: false,
+        },
+        danger: {
+          type: "boolean",
+          description: "Allow clicking risky buttons",
+          default: false,
+        },
+      },
+    },
+  },
+
+  // 8. CTX - Truth Pack Generator
+  {
+    name: "vibecheck.ctx",
+    description: "📦 Truth Pack — generate ground truth for AI agents (routes, env, auth, billing)",
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          default: ".",
+        },
+        snapshot: {
+          type: "boolean",
+          description: "Save timestamped snapshot",
+          default: false,
+        },
+        json: {
+          type: "boolean",
+          description: "Output raw JSON",
+          default: false,
+        },
+      },
+    },
+  },
+
+  // 9. PROOF - Premium verification
+  {
+    name: "vibecheck.proof",
+    description:
+      "🎬 Premium verification — mocks (static) or reality (runtime with Playwright)",
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          default: ".",
+        },
+        mode: {
+          type: "string",
+          enum: ["mocks", "reality"],
+          description:
+            "Proof mode: mocks (import graph + fake domains) or reality (Playwright runtime)",
+        },
+        url: {
+          type: "string",
+          description: "Base URL for reality mode",
+          default: "http://localhost:3000",
+        },
+        flow: {
+          type: "string",
+          enum: ["auth", "checkout", "dashboard"],
+          description: "Flow to test in reality mode",
+          default: "auth",
+        },
+      },
+      required: ["mode"],
+    },
+  },
+
+  // 5. REPORT - Access artifacts
+  {
+    name: "vibecheck.validate",
+    description:
+      "🤖 Validate AI-generated code. Checks for hallucinations, intent mismatch, and quality issues.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        code: { type: "string", description: "The code content to validate" },
+        intent: {
+          type: "string",
+          description: "The user's original request/intent",
+        },
+        projectPath: { type: "string", default: "." },
+      },
+      required: ["code"],
+    },
+  },
+  // 10. REPORT - Access scan artifacts
+  {
+    name: "vibecheck.report",
+    description:
+      "📄 Access scan artifacts — summary, full report, SARIF export",
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          default: ".",
+        },
+        type: {
+          type: "string",
+          enum: ["summary", "full", "sarif", "html"],
+          description: "Report type to retrieve",
+          default: "summary",
+        },
+        runId: {
+          type: "string",
+          description: "Specific run ID (defaults to last run)",
+        },
+      },
+    },
+  },
+
+  // 11. STATUS - Health and config
+  {
+    name: "vibecheck.status",
+    description: "📊 Server status — health, versions, config, last run info",
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          default: ".",
+        },
+      },
+    },
+  },
+
+  // 12. AUTOPILOT - Continuous protection
+  {
+    name: "vibecheck.autopilot",
+    description:
+      "🤖 Autopilot — continuous protection with weekly reports, auto-PRs, deploy blocking",
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          default: ".",
+        },
+        action: {
+          type: "string",
+          enum: ["status", "enable", "disable", "digest"],
+          description: "Autopilot action",
+          default: "status",
+        },
+        slack: {
+          type: "string",
+          description: "Slack webhook URL for notifications",
+        },
+        email: {
+          type: "string",
+          description: "Email for weekly digest",
+        },
+      },
+    },
+  },
+
+  // 13. AUTOPILOT PLAN - Generate fix plan (Pro/Compliance)
+  {
+    name: "vibecheck.autopilot_plan",
+    description:
+      "🤖 Autopilot Plan — scan codebase, group issues into fix packs, estimate risk (Pro/Compliance)",
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          default: ".",
+        },
+        profile: {
+          type: "string",
+          enum: ["quick", "full", "ship", "ci"],
+          description: "Scan profile",
+          default: "ship",
+        },
+        maxFixes: {
+          type: "number",
+          description: "Max fixes per category",
+          default: 10,
+        },
+      },
+    },
+  },
+
+  // 14. AUTOPILOT APPLY - Apply fixes (Pro/Compliance)
+  {
+    name: "vibecheck.autopilot_apply",
+    description:
+      "🔧 Autopilot Apply — apply fix packs with verification, re-scan to confirm (Pro/Compliance)",
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          default: ".",
+        },
+        profile: {
+          type: "string",
+          enum: ["quick", "full", "ship", "ci"],
+          description: "Scan profile",
+          default: "ship",
+        },
+        maxFixes: {
+          type: "number",
+          description: "Max fixes per category",
+          default: 10,
+        },
+        verify: {
+          type: "boolean",
+          description: "Run verification after apply",
+          default: true,
+        },
+        dryRun: {
+          type: "boolean",
+          description: "Preview changes without applying",
+          default: false,
+        },
+      },
+    },
+  },
+
+  // 15. BADGE - Generate ship badge
+  {
+    name: "vibecheck.badge",
+    description:
+      "🏅 Ship Badge — generate a badge for README/PR showing scan status",
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          default: ".",
+        },
+        format: {
+          type: "string",
+          enum: ["svg", "md", "html"],
+          description: "Badge format",
+          default: "svg",
+        },
+        style: {
+          type: "string",
+          enum: ["flat", "flat-square"],
+          description: "Badge style",
+          default: "flat",
+        },
+      },
+    },
+  },
+
+  // 16. CONTEXT - AI Rules Generator
+  {
+    name: "vibecheck.context",
+    description:
+      "🧠 AI Context — generate rules files for Cursor, Windsurf, Copilot to understand your codebase",
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          description: "Path to project root",
+          default: ".",
+        },
+        platform: {
+          type: "string",
+          enum: ["all", "cursor", "windsurf", "copilot", "claude"],
+          description: "Target platform (default: all)",
+          default: "all",
+        },
+      },
+    },
+  },
+];
+
+// ============================================================================
+// SERVER IMPLEMENTATION
+// ============================================================================
+
+class VibecheckMCP {
+  constructor() {
+    this.server = new Server(
+      { name: "vibecheck", version: VERSION },
+      { capabilities: { tools: {}, resources: {} } },
+    );
+    this.setupHandlers();
+  }
+
+  setupHandlers() {
+    // List tools
+    this.server.setRequestHandler(ListToolsRequestSchema, async () => ({
+      tools: TOOLS,
+    }));
+
+    // Call tool
+    this.server.setRequestHandler(CallToolRequestSchema, async (request) => {
+      const { name, arguments: args } = request.params;
+      const projectPath = path.resolve(args?.projectPath || ".");
+      const startTime = Date.now();
+
+      // Emit audit event for tool invocation start
+      emitToolInvoke(name, args, "success", { projectPath });
+
+      try {
+        // Handle intelligence tools first
+        if (name.startsWith("vibecheck.intelligence.")) {
+          return await handleIntelligenceTool(name, args, __dirname);
+        }
+
+        // Handle AI vibecheck tools (verify, quality, smells, hallucination, breaking, mdc, coverage)
+        if (["vibecheck.verify", "vibecheck.quality", "vibecheck.smells", 
+             "vibecheck.hallucination", "vibecheck.breaking", "vibecheck.mdc", 
+             "vibecheck.coverage"].includes(name)) {
+          const result = await handleVibecheckTool(name, args);
+          return {
+            content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
+          };
+        }
+
+        // Handle agent checkpoint tools
+        if (["vibecheck_checkpoint", "vibecheck_set_strictness", "vibecheck_checkpoint_status"].includes(name)) {
+          return await handleCheckpointTool(name, args);
+        }
+
+        // Handle architect tools
+        if (["vibecheck_architect_review", "vibecheck_architect_suggest", 
+             "vibecheck_architect_patterns", "vibecheck_architect_set_strictness"].includes(name)) {
+          return await handleArchitectTool(name, args);
+        }
+
+        // Handle codebase architect tools
+        if (["vibecheck_architect_context", "vibecheck_architect_guide",
+             "vibecheck_architect_validate", "vibecheck_architect_patterns",
+             "vibecheck_architect_dependencies"].includes(name)) {
+          return await handleCodebaseArchitectTool(name, args);
+        }
+
+        // Handle vibecheck 2.0 tools
+        if (["checkpoint", "check", "ship", "fix", "status", "set_strictness"].includes(name)) {
+          return await handleVibecheck2Tool(name, args, __dirname);
+        }
+
+        // Handle intent drift tools
+        if (name.startsWith("vibecheck_intent_")) {
+          const tool = intentDriftTools.find(t => t.name === name);
+          if (tool && tool.handler) {
+            const result = await tool.handler(args);
+            return {
+              content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
+            };
+          }
+        }
+
+        switch (name) {
+          case "vibecheck.ship":
+            return await this.handleShip(projectPath, args);
+          case "vibecheck.scan":
+            return await this.handleScan(projectPath, args);
+          case "vibecheck.verify":
+            return await this.handleVerify(projectPath, args);
+          case "vibecheck.reality":
+            return await this.handleReality(projectPath, args);
+          case "vibecheckai.dev-test":
+            return await this.handleAITest(projectPath, args);
+          case "vibecheck.gate":
+            return await this.handleGate(projectPath, args);
+          case "vibecheck.fix":
+            return await this.handleFix(projectPath, args);
+          case "vibecheck.share":
+            return await this.handleShare(projectPath, args);
+          case "vibecheck.ctx":
+            return await this.handleCtx(projectPath, args);
+          case "vibecheck.prove":
+            return await this.handleProve(projectPath, args);
+          case "vibecheck.proof":
+            return await this.handleProof(projectPath, args);
+          case "vibecheck.validate":
+            return await this.handleValidate(projectPath, args);
+          case "vibecheck.report":
+            return await this.handleReport(projectPath, args);
+          case "vibecheck.status":
+            return await this.handleStatus(projectPath, args);
+          case "vibecheck.autopilot":
+            return await this.handleAutopilot(projectPath, args);
+          case "vibecheck.autopilot_plan":
+            return await this.handleAutopilotPlan(projectPath, args);
+          case "vibecheck.autopilot_apply":
+            return await this.handleAutopilotApply(projectPath, args);
+          case "vibecheck.badge":
+            return await this.handleBadge(projectPath, args);
+          case "vibecheck.context":
+            return await this.handleContext(projectPath, args);
+          case "generate_mdc":
+            return await handleMDCGeneration(args);
+          // Truth Context tools (Evidence Pack / Truth Pack)
+          case "vibecheck.verify_claim":
+          case "vibecheck.evidence":
+            return await handleTruthContextTool(name, args);
+          // Truth Firewall tools (Hallucination Stopper)
+          case "vibecheck.get_truthpack":
+          case "vibecheck.validate_claim":
+          case "vibecheck.compile_context":
+          case "vibecheck.search_evidence":
+          case "vibecheck.find_counterexamples":
+          case "vibecheck.propose_patch":
+          case "vibecheck.check_invariants":
+          case "vibecheck.add_assumption":
+            return await handleTruthFirewallTool(name, args, projectPath);
+          default:
+            return this.error(`Unknown tool: ${name}`);
+        }
+      } catch (err) {
+        // Emit audit event for tool error
+        emitToolComplete(name, "error", { 
+          errorMessage: err.message,
+          durationMs: Date.now() - startTime 
+        });
+        return this.error(`${name} failed: ${err.message}`);
+      }
+    });
+
+    // Resources
+    this.server.setRequestHandler(ListResourcesRequestSchema, async () => ({
+      resources: [
+        {
+          uri: "vibecheck://config",
+          name: "vibecheck Config",
+          description: "Project vibecheck configuration",
+          mimeType: "application/json",
+        },
+        {
+          uri: "vibecheck://summary",
+          name: "Last Scan Summary",
+          description: "Most recent scan results and verdict",
+          mimeType: "application/json",
+        },
+        {
+          uri: "vibecheck://truthpack",
+          name: "Truth Pack",
+          description: "Ground truth: routes, env, auth, billing",
+          mimeType: "application/json",
+        },
+        {
+          uri: "vibecheck://missions",
+          name: "Fix Missions",
+          description: "Latest mission pack for AI-powered fixes",
+          mimeType: "application/json",
+        },
+        {
+          uri: "vibecheck://reality",
+          name: "Reality Results",
+          description: "Last runtime verification results",
+          mimeType: "application/json",
+        },
+        {
+          uri: "vibecheck://findings",
+          name: "All Findings",
+          description: "Complete list of detected issues",
+          mimeType: "application/json",
+        },
+        {
+          uri: "vibecheck://share",
+          name: "Share Pack",
+          description: "Latest fix missions share bundle for PR/review",
+          mimeType: "application/json",
+        },
+        {
+          uri: "vibecheck://prove",
+          name: "Prove Report",
+          description: "Last prove loop results (ctx → reality → ship → fix)",
+          mimeType: "application/json",
+        },
+      ],
+    }));
+
+    this.server.setRequestHandler(
+      ReadResourceRequestSchema,
+      async (request) => {
+        const { uri } = request.params;
+        const projectPath = process.cwd();
+
+        if (uri === "vibecheck://config") {
+          const configPath = path.join(projectPath, "vibecheck.config.json");
+          try {
+            const content = await fs.readFile(configPath, "utf-8");
+            return {
+              contents: [{ uri, mimeType: "application/json", text: content }],
+            };
+          } catch {
+            return {
+              contents: [{ uri, mimeType: "application/json", text: "{}" }],
+            };
+          }
+        }
+
+        if (uri === "vibecheck://summary") {
+          const summaryPath = path.join(
+            projectPath,
+            ".vibecheck",
+            "summary.json",
+          );
+          try {
+            const content = await fs.readFile(summaryPath, "utf-8");
+            return {
+              contents: [{ uri, mimeType: "application/json", text: content }],
+            };
+          } catch {
+            return {
+              contents: [
+                {
+                  uri,
+                  mimeType: "application/json",
+                  text: '{"message": "No scan found. Run vibecheck.scan first."}',
+                },
+              ],
+            };
+          }
+        }
+
+        if (uri === "vibecheck://truthpack") {
+          const truthpackPath = path.join(projectPath, ".vibecheck", "truth", "truthpack.json");
+          try {
+            const content = await fs.readFile(truthpackPath, "utf-8");
+            return { contents: [{ uri, mimeType: "application/json", text: content }] };
+          } catch {
+            return { contents: [{ uri, mimeType: "application/json", text: '{"message": "No truthpack. Run vibecheck.ctx first."}' }] };
+          }
+        }
+
+        if (uri === "vibecheck://missions") {
+          const missionsDir = path.join(projectPath, ".vibecheck", "missions");
+          try {
+            const dirs = await fs.readdir(missionsDir);
+            const latest = dirs.sort().reverse()[0];
+            if (latest) {
+              const missionPath = path.join(missionsDir, latest, "missions.json");
+              const content = await fs.readFile(missionPath, "utf-8");
+              return { contents: [{ uri, mimeType: "application/json", text: content }] };
+            }
+          } catch {}
+          return { contents: [{ uri, mimeType: "application/json", text: '{"message": "No missions. Run vibecheck.fix first."}' }] };
+        }
+
+        if (uri === "vibecheck://reality") {
+          const realityPath = path.join(projectPath, ".vibecheck", "reality", "last_reality.json");
+          try {
+            const content = await fs.readFile(realityPath, "utf-8");
+            return { contents: [{ uri, mimeType: "application/json", text: content }] };
+          } catch {
+            return { contents: [{ uri, mimeType: "application/json", text: '{"message": "No reality results. Run vibecheck verify first."}' }] };
+          }
+        }
+
+        if (uri === "vibecheck://findings") {
+          const findingsPath = path.join(projectPath, ".vibecheck", "findings.json");
+          try {
+            const content = await fs.readFile(findingsPath, "utf-8");
+            return { contents: [{ uri, mimeType: "application/json", text: content }] };
+          } catch {
+            // Try summary.json as fallback
+            const summaryPath = path.join(projectPath, ".vibecheck", "summary.json");
+            try {
+              const summary = JSON.parse(await fs.readFile(summaryPath, "utf-8"));
+              const findings = summary.findings || [];
+              return { contents: [{ uri, mimeType: "application/json", text: JSON.stringify({ findings }, null, 2) }] };
+            } catch {
+              return { contents: [{ uri, mimeType: "application/json", text: '{"message": "No findings. Run vibecheck.scan first."}' }] };
+            }
+          }
+        }
+
+        if (uri === "vibecheck://share") {
+          const missionsDir = path.join(projectPath, ".vibecheck", "missions");
+          try {
+            const dirs = await fs.readdir(missionsDir);
+            const latest = dirs.sort().reverse()[0];
+            if (latest) {
+              const sharePath = path.join(missionsDir, latest, "share", "share.json");
+              try {
+                const content = await fs.readFile(sharePath, "utf-8");
+                return { contents: [{ uri, mimeType: "application/json", text: content }] };
+              } catch {
+                // Fallback to missions.json
+                const missionPath = path.join(missionsDir, latest, "missions.json");
+                const content = await fs.readFile(missionPath, "utf-8");
+                return { contents: [{ uri, mimeType: "application/json", text: content }] };
+              }
+            }
+          } catch {}
+          return { contents: [{ uri, mimeType: "application/json", text: '{"message": "No share pack. Run vibecheck.fix --share first."}' }] };
+        }
+
+        if (uri === "vibecheck://prove") {
+          const provePath = path.join(projectPath, ".vibecheck", "prove", "last_prove.json");
+          try {
+            const content = await fs.readFile(provePath, "utf-8");
+            return { contents: [{ uri, mimeType: "application/json", text: content }] };
+          } catch {
+            return { contents: [{ uri, mimeType: "application/json", text: '{"message": "No prove results. Run vibecheck.prove first."}' }] };
+          }
+        }
+
+        return { contents: [] };
+      },
+    );
+  }
+
+  // Helpers
+  success(text) {
+    return { content: [{ type: "text", text }] };
+  }
+
+  error(text) {
+    return { content: [{ type: "text", text: `❌ ${text}` }], isError: true };
+  }
+
+  // Validate project path exists and is accessible
+  validateProjectPath(projectPath) {
+    try {
+      const stats = require("fs").statSync(projectPath);
+      if (!stats.isDirectory()) {
+        return { valid: false, error: `Path is not a directory: ${projectPath}` };
+      }
+      return { valid: true };
+    } catch (e) {
+      return { valid: false, error: `Cannot access path: ${projectPath} (${e.code || e.message})` };
+    }
+  }
+
+  // ============================================================================
+  // SCAN
+  // ============================================================================
+  async handleScan(projectPath, args) {
+    const profile = args?.profile || "quick";
+    const format = args?.format || "text";
+    const only = args?.only;
+
+    let output = "# 🔍 vibecheck Scan\n\n";
+    output += `**Profile:** ${profile}\n`;
+    output += `**Path:** ${projectPath}\n\n`;
+
+    try {
+      // Build CLI command
+      let cmd = `node "${path.join(__dirname, "..", "bin", "vibecheck.js")}" scan`;
+      cmd += ` --profile=${profile}`;
+      if (only?.length) cmd += ` --only=${only.join(",")}`;
+      cmd += ` --json`;
+
+      const result = execSync(cmd, {
+        cwd: projectPath,
+        encoding: "utf8",
+        maxBuffer: 10 * 1024 * 1024,
+      });
+
+      // Read summary
+      const summaryPath = path.join(projectPath, ".vibecheck", "summary.json");
+      const summary = JSON.parse(await fs.readFile(summaryPath, "utf-8"));
+
+      output += `## Score: ${summary.score}/100 (${summary.grade})\n\n`;
+      output += `**Verdict:** ${summary.canShip ? "✅ SHIP" : "🚫 NO-SHIP"}\n\n`;
+
+      if (summary.counts) {
+        output += "### Checks\n\n";
+        output += "| Category | Issues |\n|----------|--------|\n";
+        for (const [key, count] of Object.entries(summary.counts)) {
+          const icon = count === 0 ? "✅" : "⚠️";
+          output += `| ${icon} ${key} | ${count} |\n`;
+        }
+      }
+
+      output += `\n📄 **Report:** .vibecheck/report.html\n`;
+    } catch (err) {
+      output += `\n⚠️ Scan error: ${err.message}\n`;
+    }
+
+    output += "\n---\n_Context Enhanced by vibecheck AI_\n";
+    return this.success(output);
+  }
+
+  // ============================================================================
+  // GATE
+  // ============================================================================
+  async handleGate(projectPath, args) {
+    const policy = args?.policy || "strict";
+
+    let output = "# 🚦 vibecheck Gate\n\n";
+    output += `**Policy:** ${policy}\n\n`;
+
+    try {
+      let cmd = `node "${path.join(__dirname, "..", "bin", "vibecheck.js")}" gate`;
+      cmd += ` --policy=${policy}`;
+      if (args?.sarif) cmd += ` --sarif`;
+
+      execSync(cmd, {
+        cwd: projectPath,
+        encoding: "utf8",
+        maxBuffer: 10 * 1024 * 1024,
+      });
+
+      output += "## ✅ GATE PASSED\n\n";
+      output += "All checks passed. Clear to merge.\n";
+    } catch (err) {
+      output += "## 🚫 GATE FAILED\n\n";
+      output += "Build blocked. Fix the issues and re-run.\n\n";
+      output += `Run \`vibecheck fix --plan\` to see recommended fixes.\n`;
+    }
+
+    return this.success(output);
+  }
+
+  // ============================================================================
+  // FIX MISSIONS v1
+  // ============================================================================
+  async handleFix(projectPath, args) {
+    const mode = args?.autopilot ? "Autopilot" : 
+                 args?.apply ? "Apply" : 
+                 args?.promptOnly ? "Prompt Only" : "Plan";
+
+    let output = "# 🛠 vibecheck Fix Missions v1\n\n";
+    output += `**Mode:** ${mode}\n`;
+    output += `**Max Missions:** ${args?.maxMissions || 8}\n`;
+    if (args?.autopilot) output += `**Max Steps:** ${args?.maxSteps || 10}\n`;
+    output += "\n";
+
+    try {
+      let cmd = `node "${path.join(__dirname, "..", "bin", "vibecheck.js")}" fix`;
+      if (args?.promptOnly) cmd += ` --prompt-only`;
+      if (args?.apply) cmd += ` --apply`;
+      if (args?.autopilot) cmd += ` --autopilot`;
+      if (args?.share) cmd += ` --share`;
+      if (args?.maxMissions) cmd += ` --max-missions ${args.maxMissions}`;
+      if (args?.maxSteps) cmd += ` --max-steps ${args.maxSteps}`;
+
+      const result = execSync(cmd, {
+        cwd: projectPath,
+        encoding: "utf8",
+        maxBuffer: 10 * 1024 * 1024,
+        timeout: 300000, // 5 min timeout for autopilot
+        env: { ...process.env, VIBECHECK_SKIP_AUTH: "1" },
+      });
+
+      output += result.replace(/\x1b\[[0-9;]*m/g, ""); // Strip ANSI codes
+
+      // Read mission pack if available
+      const missionsDir = path.join(projectPath, ".vibecheck", "missions");
+      try {
+        const dirs = await fs.readdir(missionsDir);
+        const latest = dirs.sort().reverse()[0];
+        if (latest) {
+          const missionPath = path.join(missionsDir, latest, "missions.json");
+          const missions = JSON.parse(await fs.readFile(missionPath, "utf-8"));
+          
+          output += "\n## Planned Missions\n\n";
+          output += "| # | Mission | Target Findings |\n|---|---------|----------------|\n";
+          for (let i = 0; i < missions.missions.length; i++) {
+            const m = missions.missions[i];
+            output += `| ${i + 1} | ${m.title} | ${m.targetFindingIds.length} |\n`;
+          }
+          output += `\n📁 **Mission Pack:** .vibecheck/missions/${latest}\n`;
+        }
+      } catch {}
+    } catch (err) {
+      output += `\n⚠️ Fix error: ${err.message}\n`;
+      if (err.stdout) output += `\n${err.stdout.replace(/\x1b\[[0-9;]*m/g, "")}\n`;
+    }
+
+    output += "\n---\n_Fix Missions v1 — Reality Firewall Protected_\n";
+    return this.success(output);
+  }
+
+  // ============================================================================
+  // SHARE - Generate share bundle from fix missions
+  // ============================================================================
+  async handleShare(projectPath, args) {
+    let output = "# 📦 vibecheck Share Bundle\n\n";
+
+    try {
+      let cmd = `node "${path.join(__dirname, "..", "bin", "vibecheck.js")}" share`;
+      if (args?.prComment) cmd += ` --pr-comment`;
+      if (args?.out) cmd += ` --out "${args.out}"`;
+
+      const result = execSync(cmd, {
+        cwd: projectPath,
+        encoding: "utf8",
+        maxBuffer: 10 * 1024 * 1024,
+        env: { ...process.env, VIBECHECK_SKIP_AUTH: "1" },
+      });
+
+      output += result.replace(/\x1b\[[0-9;]*m/g, "");
+
+      // Read share pack if available
+      const missionsDir = path.join(projectPath, ".vibecheck", "missions");
+      try {
+        const dirs = await fs.readdir(missionsDir);
+        const latest = dirs.sort().reverse()[0];
+        if (latest) {
+          const sharePath = path.join(missionsDir, latest, "share", "share.json");
+          try {
+            const share = JSON.parse(await fs.readFile(sharePath, "utf-8"));
+            
+            output += "\n## Share Pack Summary\n\n";
+            output += `| Metric | Value |\n|--------|-------|\n`;
+            output += `| Mission Pack | ${latest} |\n`;
+            output += `| Total Steps | ${share.timeline?.length || 0} |\n`;
+            output += `| Final Verdict | ${share.finalVerdict || "Unknown"} |\n`;
+            
+            if (share.timeline?.length > 0) {
+              output += "\n## Timeline\n\n";
+              output += "| Step | Mission | Before | After |\n|------|---------|--------|-------|\n";
+              for (const t of share.timeline.slice(0, 10)) {
+                output += `| ${t.step} | ${t.missionTitle || t.missionId} | ${t.beforeVerdict} | ${t.afterVerdict} |\n`;
+              }
+            }
+            
+            output += `\n📁 **Share Pack:** .vibecheck/missions/${latest}/share/\n`;
+            output += `📄 **PR Comment:** .vibecheck/missions/${latest}/share/pr_comment.md\n`;
+          } catch {}
+        }
+      } catch {}
+    } catch (err) {
+      output += `\n⚠️ Share error: ${err.message}\n`;
+      if (err.stdout) output += `\n${err.stdout.replace(/\x1b\[[0-9;]*m/g, "")}\n`;
+    }
+
+    output += "\n---\n_Fix Missions Share Bundle_\n";
+    return this.success(output);
+  }
+
+  // ============================================================================
+  // CTX - Truth Pack Generator
+  // ============================================================================
+  async handleCtx(projectPath, args) {
+    let output = "# 📦 vibecheck Truth Pack\n\n";
+    output += `**Path:** ${projectPath}\n\n`;
+
+    try {
+      let cmd = `node "${path.join(__dirname, "..", "bin", "vibecheck.js")}" ctx`;
+      if (args?.snapshot) cmd += ` --snapshot`;
+      if (args?.json) cmd += ` --json`;
+
+      const result = execSync(cmd, {
+        cwd: projectPath,
+        encoding: "utf8",
+        maxBuffer: 10 * 1024 * 1024,
+        env: { ...process.env, VIBECHECK_SKIP_AUTH: "1" },
+      });
+
+      if (args?.json) {
+        // Return raw JSON
+        output = result;
+        return this.success(output);
+      }
+
+      output += result.replace(/\x1b\[[0-9;]*m/g, ""); // Strip ANSI codes
+
+      // Read truthpack summary
+      const truthpackPath = path.join(projectPath, ".vibecheck", "truth", "truthpack.json");
+      try {
+        const truthpack = JSON.parse(await fs.readFile(truthpackPath, "utf-8"));
+        
+        output += "\n## Truth Pack Contents\n\n";
+        output += `| Category | Count |\n|----------|-------|\n`;
+        output += `| Server Routes | ${truthpack.routes?.server?.length || 0} |\n`;
+        output += `| Client Refs | ${truthpack.routes?.clientRefs?.length || 0} |\n`;
+        output += `| Route Gaps | ${truthpack.routes?.gaps?.length || 0} |\n`;
+        output += `| Env Used | ${truthpack.env?.vars?.length || 0} |\n`;
+        output += `| Env Declared | ${truthpack.env?.declared?.length || 0} |\n`;
+        output += `| Auth Middleware | ${truthpack.auth?.nextMiddleware?.length || 0} |\n`;
+        output += `| Stripe Detected | ${truthpack.billing?.hasStripe ? "✅" : "❌"} |\n`;
+        output += `| Webhooks | ${truthpack.billing?.summary?.webhookHandlersFound || 0} |\n`;
+        
+        output += `\n📁 **Saved:** .vibecheck/truth/truthpack.json\n`;
+      } catch {}
+    } catch (err) {
+      output += `\n⚠️ Truth pack error: ${err.message}\n`;
+    }
+
+    output += "\n---\n_Ground Truth for AI Agents_\n";
+    return this.success(output);
+  }
+
+  // ============================================================================
+  // PROVE - One Command Reality Proof
+  // ============================================================================
+  async handleProve(projectPath, args) {
+    let output = "# 🔬 vibecheck prove\n\n";
+    output += `**URL:** ${args?.url || "(static only)"}\n`;
+    output += `**Max Fix Rounds:** ${args?.maxFixRounds || 3}\n\n`;
+
+    try {
+      let cmd = `node "${path.join(__dirname, "..", "bin", "vibecheck.js")}" prove`;
+      if (args?.url) cmd += ` --url ${args.url}`;
+      if (args?.auth) cmd += ` --auth ${args.auth}`;
+      if (args?.storageState) cmd += ` --storage-state ${args.storageState}`;
+      if (args?.skipReality) cmd += ` --skip-reality`;
+      if (args?.skipFix) cmd += ` --skip-fix`;
+      if (args?.maxFixRounds) cmd += ` --max-fix-rounds ${args.maxFixRounds}`;
+
+      const result = execSync(cmd, {
+        cwd: projectPath,
+        encoding: "utf8",
+        maxBuffer: 10 * 1024 * 1024,
+        timeout: 600000, // 10 min timeout for full prove loop
+        env: { ...process.env, VIBECHECK_SKIP_AUTH: "1" },
+      });
+
+      output += result.replace(/\x1b\[[0-9;]*m/g, "");
+
+      // Read prove report
+      const provePath = path.join(projectPath, ".vibecheck", "prove", "last_prove.json");
+      try {
+        const report = JSON.parse(await fs.readFile(provePath, "utf-8"));
+        
+        output += "\n## Timeline\n\n";
+        output += "| Step | Action | Status |\n|------|--------|--------|\n";
+        for (const t of report.timeline || []) {
+          output += `| ${t.step} | ${t.action} | ${t.status || t.verdict || "ok"} |\n`;
+        }
+        
+        output += `\n**Final Verdict:** ${report.finalVerdict}\n`;
+        output += `**Duration:** ${report.meta?.durationSeconds}s\n`;
+      } catch {}
+    } catch (err) {
+      output += `\n⚠️ Prove error: ${err.message}\n`;
+      if (err.stdout) output += `\n${err.stdout.replace(/\x1b\[[0-9;]*m/g, "")}\n`;
+    }
+
+    output += "\n---\n_One command to make it real_\n";
+    return this.success(output);
+  }
+
+  // ============================================================================
+  // PROOF
+  // ============================================================================
+  async handleProof(projectPath, args) {
+    const mode = args?.mode;
+
+    if (!mode) {
+      return this.error("Mode required: 'mocks' or 'reality'");
+    }
+
+    let output = `# 🎬 vibecheck Proof: ${mode.toUpperCase()}\n\n`;
+
+    try {
+      let cmd = `node "${path.join(__dirname, "..", "bin", "vibecheck.js")}" proof ${mode}`;
+      if (mode === "reality" && args?.url) cmd += ` --url=${args.url}`;
+      if (mode === "reality" && args?.flow) cmd += ` --flow=${args.flow}`;
+
+      const result = execSync(cmd, {
+        cwd: projectPath,
+        encoding: "utf8",
+        maxBuffer: 10 * 1024 * 1024,
+        timeout: 120000, // 2 min timeout for reality mode
+      });
+
+      output += result;
+    } catch (err) {
+      if (mode === "mocks") {
+        output += "## 🚫 MOCKPROOF: FAIL\n\n";
+        output += "Mock/demo code detected in production paths.\n";
+      } else {
+        output += "## 🚫 REALITY MODE: FAIL\n\n";
+        output += "Fake data or mock services detected at runtime.\n";
+      }
+      output += `\n${err.stdout || err.message}\n`;
+    }
+
+    return this.success(output);
+  }
+
+  // ============================================================================
+  // VALIDATE
+  // ============================================================================
+  async handleValidate(projectPath, args) {
+    const { code, intent } = args;
+    if (!code) return this.error("Code is required");
+
+    let output = "# 🤖 AI Code Validation\n\n";
+    if (intent) output += `**Intent:** ${intent}\n\n`;
+
+    try {
+      const {
+        runHallucinationCheck,
+        validateIntent,
+        validateQuality,
+      } = require(
+        path.join(__dirname, "..", "bin", "runners", "lib", "ai-bridge.js"),
+      );
+
+      // 1. Hallucinations (checking against project deps + internal logic)
+      // Note: In MCP context, we might want to check the provided code specifically for imports.
+      // The bridge's runHallucinationCheck mostly checks package.json.
+      // But we can check imports in the 'code' snippet if we extract them.
+      // The bridge handles extractImports internally but runHallucinationCheck doesn't expose it directly for a string input.
+      // We will rely on package.json sanity check for now + static analysis of the snippet.
+
+      const hallResult = await runHallucinationCheck(projectPath);
+
+      // 2. Intent
+      let intentResult = { score: 100, issues: [] };
+      if (intent) {
+        intentResult = validateIntent(code, intent);
+      }
+
+      // 3. Quality
+      const qualityResult = validateQuality(code);
+
+      const allIssues = [
+        ...hallResult.issues,
+        ...intentResult.issues,
+        ...qualityResult.issues,
+      ];
+
+      const score = Math.round(
+        (hallResult.score + intentResult.score + qualityResult.score) / 3,
+      );
+      const status = score >= 80 ? "✅ PASSED" : "⚠️ ISSUES FOUND";
+
+      output += `**Status:** ${status} (${score}/100)\n\n`;
+
+      if (allIssues.length > 0) {
+        output += "### Issues\n";
+        for (const issue of allIssues) {
+          const icon =
+            issue.severity === "critical"
+              ? "🔴"
+              : issue.severity === "high"
+                ? "🟠"
+                : "🟡";
+          output += `- ${icon} **[${issue.type}]** ${issue.message}\n`;
+        }
+      } else {
+        output += "✨ Code looks valid and safe.\n";
+      }
+
+      return this.success(output);
+    } catch (err) {
+      return this.error(`Validation failed: ${err.message}`);
+    }
+  }
+
+  // ============================================================================
+  // REPORT
+  // ============================================================================
+  async handleReport(projectPath, args) {
+    const type = args?.type || "summary";
+    const outputDir = path.join(projectPath, ".vibecheck");
+
+    let output = "# 📄 vibecheck Report\n\n";
+
+    try {
+      if (type === "summary") {
+        const summaryPath = path.join(outputDir, "summary.json");
+        const summary = JSON.parse(await fs.readFile(summaryPath, "utf-8"));
+
+        output += `**Score:** ${summary.score}/100 (${summary.grade})\n`;
+        output += `**Verdict:** ${summary.canShip ? "✅ SHIP" : "🚫 NO-SHIP"}\n`;
+        output += `**Generated:** ${summary.timestamp}\n`;
+      } else if (type === "full") {
+        const reportPath = path.join(outputDir, "summary.md");
+        output += await fs.readFile(reportPath, "utf-8");
+      } else if (type === "sarif") {
+        const sarifPath = path.join(outputDir, "results.sarif");
+        const sarif = await fs.readFile(sarifPath, "utf-8");
+        output += "```json\n" + sarif.substring(0, 2000) + "\n```\n";
+        output += `\n📄 **Full SARIF:** ${sarifPath}\n`;
+      } else if (type === "html") {
+        output += `📄 **HTML Report:** ${path.join(outputDir, "report.html")}\n`;
+        output += "Open in browser to view the full report.\n";
+      }
+    } catch (err) {
+      output += `⚠️ No ${type} report found. Run \`vibecheck.scan\` first.\n`;
+    }
+
+    return this.success(output);
+  }
+
+  // ============================================================================
+  // SHIP - Quick health check
+  // ============================================================================
+  async handleShip(projectPath, args) {
+    let output = "# 🚀 vibecheck Ship\n\n";
+    output += `**Path:** ${projectPath}\n\n`;
+
+    try {
+      let cmd = `node "${path.join(__dirname, "..", "bin", "vibecheck.js")}" ship`;
+      if (args?.fix) cmd += ` --fix`;
+
+      const result = execSync(cmd, {
+        cwd: projectPath,
+        encoding: "utf8",
+        maxBuffer: 10 * 1024 * 1024,
+        env: { ...process.env, VIBECHECK_SKIP_AUTH: "1" },
+      });
+
+      // Parse the output for key information
+      output += result.replace(/\x1b\[[0-9;]*m/g, ""); // Strip ANSI codes
+    } catch (err) {
+      output += `\n⚠️ Ship check failed: ${err.message}\n`;
+    }
+
+    output += "\n---\n_Context Enhanced by vibecheck AI_\n";
+    return this.success(output);
+  }
+
+  // ============================================================================
+  // VERIFY - Runtime browser testing
+  // ============================================================================
+  async handleVerify(projectPath, args) {
+    const url = args?.url;
+    if (!url) return this.error("URL is required");
+
+    let output = "# 🧪 vibecheck Verify\n\n";
+    output += `**URL:** ${url}\n`;
+    if (args?.flows?.length) output += `**Flows:** ${args.flows.join(", ")}\n`;
+    if (args?.headed) output += `**Mode:** Headed (visible browser)\n`;
+    if (args?.record) output += `**Recording:** Enabled\n`;
+    output += "\n";
+
+    try {
+      let cmd = `node "${path.join(__dirname, "..", "bin", "vibecheck.js")}" verify --url "${url}"`;
+      if (args?.auth) cmd += ` --auth "${args.auth}"`;
+      if (args?.flows?.length) cmd += ` --flows ${args.flows.join(",")}`;
+      if (args?.headed) cmd += ` --headed`;
+      if (args?.record) cmd += ` --record`;
+
+      const result = execSync(cmd, {
+        cwd: projectPath,
+        encoding: "utf8",
+        maxBuffer: 10 * 1024 * 1024,
+        timeout: 180000, // 3 min timeout
+        env: { ...process.env, VIBECHECK_SKIP_AUTH: "1" },
+      });
+
+      output += result.replace(/\x1b\[[0-9;]*m/g, "");
+
+      // Try to read reality results
+      const realityPath = path.join(projectPath, ".vibecheck", "reality", "last_reality.json");
+      try {
+        const reality = JSON.parse(await fs.readFile(realityPath, "utf-8"));
+        
+        output += "\n## Verification Summary\n\n";
+        output += `| Metric | Value |\n|--------|-------|\n`;
+        output += `| Pages Visited | ${reality.meta?.pagesVisited || 0} |\n`;
+        output += `| Buttons Clicked | ${reality.meta?.buttonsClicked || 0} |\n`;
+        output += `| Forms Tested | ${reality.meta?.formsTested || 0} |\n`;
+        output += `| Dead UI Found | ${reality.findings?.length || 0} |\n`;
+        output += `| Console Errors | ${reality.consoleErrors?.length || 0} |\n`;
+        output += `| Duration | ${reality.meta?.durationMs || 0}ms |\n`;
+        
+        if (reality.findings?.length > 0) {
+          output += "\n## Dead UI Detected\n\n";
+          for (const f of reality.findings.slice(0, 5)) {
+            output += `- **${f.title}** — ${f.reason}\n`;
+          }
+          if (reality.findings.length > 5) {
+            output += `\n_...and ${reality.findings.length - 5} more_\n`;
+          }
+        }
+        
+        output += `\n📁 **Full Report:** .vibecheck/reality/last_reality.json\n`;
+      } catch {}
+    } catch (err) {
+      output += `\n⚠️ Verify failed: ${err.message}\n`;
+      if (err.stdout) output += `\n${err.stdout.replace(/\x1b\[[0-9;]*m/g, "")}\n`;
+    }
+
+    output += "\n---\n_Runtime Verification by vibecheck_\n";
+    return this.success(output);
+  }
+
+  // ============================================================================
+  // REALITY v2 - Two-Pass Auth Verification + Dead UI Crawler
+  // ============================================================================
+  async handleReality(projectPath, args) {
+    const url = args?.url;
+    if (!url) return this.error("URL is required");
+
+    let output = "# 🧪 vibecheck Reality v2\n\n";
+    output += `**URL:** ${url}\n`;
+    output += `**Two-Pass Auth:** ${args?.verifyAuth ? "Yes" : "No"}\n`;
+    if (args?.auth) output += `**Auth:** ${args.auth.split(":")[0]}:***\n`;
+    if (args?.storageState) output += `**Storage State:** ${args.storageState}\n`;
+    if (args?.headed) output += `**Mode:** Headed (visible browser)\n`;
+    if (args?.danger) output += `**Danger Mode:** Enabled (risky clicks allowed)\n`;
+    output += "\n";
+
+    try {
+      let cmd = `node "${path.join(__dirname, "..", "bin", "vibecheck.js")}" reality --url "${url}"`;
+      if (args?.auth) cmd += ` --auth "${args.auth}"`;
+      if (args?.verifyAuth) cmd += ` --verify-auth`;
+      if (args?.storageState) cmd += ` --storage-state "${args.storageState}"`;
+      if (args?.saveStorageState) cmd += ` --save-storage-state "${args.saveStorageState}"`;
+      if (args?.truthpack) cmd += ` --truthpack "${args.truthpack}"`;
+      if (args?.headed) cmd += ` --headed`;
+      if (args?.maxPages) cmd += ` --max-pages ${args.maxPages}`;
+      if (args?.maxDepth) cmd += ` --max-depth ${args.maxDepth}`;
+      if (args?.danger) cmd += ` --danger`;
+
+      const result = execSync(cmd, {
+        cwd: projectPath,
+        encoding: "utf8",
+        maxBuffer: 10 * 1024 * 1024,
+        timeout: 300000, // 5 min timeout for two-pass
+        env: { ...process.env, VIBECHECK_SKIP_AUTH: "1" },
+      });
+
+      output += result.replace(/\x1b\[[0-9;]*m/g, "");
+
+      // Read reality results
+      const realityPath = path.join(projectPath, ".vibecheck", "reality", "last_reality.json");
+      try {
+        const reality = JSON.parse(await fs.readFile(realityPath, "utf-8"));
+        
+        output += "\n## Reality Report\n\n";
+        output += `| Metric | Value |\n|--------|-------|\n`;
+        output += `| Anon Pages | ${reality.passes?.anon?.pagesVisited?.length || 0} |\n`;
+        if (reality.passes?.auth) {
+          output += `| Auth Pages | ${reality.passes?.auth?.pagesVisited?.length || 0} |\n`;
+        }
+        output += `| Findings | ${reality.findings?.length || 0} |\n`;
+        output += `| Console Errors | ${reality.consoleErrors?.length || 0} |\n`;
+        output += `| Network Errors | ${reality.networkErrors?.length || 0} |\n`;
+        
+        if (reality.coverage) {
+          output += `| UI Coverage | ${reality.coverage.percent}% (${reality.coverage.hit}/${reality.coverage.total}) |\n`;
+        }
+        
+        if (reality.meta?.protectedMatcherCount > 0) {
+          output += `| Auth Matchers | ${reality.meta.protectedMatcherCount} |\n`;
+        }
+        
+        // Show findings by category
+        const blocks = reality.findings?.filter(f => f.severity === "BLOCK") || [];
+        const warns = reality.findings?.filter(f => f.severity === "WARN") || [];
+        
+        if (blocks.length > 0) {
+          output += "\n### 🛑 BLOCK Findings\n\n";
+          for (const f of blocks.slice(0, 5)) {
+            output += `- **${f.title}**\n  - ${f.reason}\n`;
+            if (f.screenshot) output += `  - Screenshot: ${f.screenshot}\n`;
+          }
+          if (blocks.length > 5) {
+            output += `\n_...and ${blocks.length - 5} more BLOCKs_\n`;
+          }
+        }
+        
+        if (warns.length > 0) {
+          output += "\n### ⚠️ WARN Findings\n\n";
+          for (const f of warns.slice(0, 3)) {
+            output += `- **${f.title}** — ${f.reason}\n`;
+          }
+          if (warns.length > 3) {
+            output += `\n_...and ${warns.length - 3} more WARNs_\n`;
+          }
+        }
+        
+        // Verdict
+        const verdict = blocks.length > 0 ? "🛑 BLOCK" : warns.length > 0 ? "⚠️ WARN" : "✅ CLEAN";
+        output += `\n## Verdict: ${verdict}\n`;
+        
+        output += `\n📁 **Full Report:** .vibecheck/reality/last_reality.json\n`;
+        
+        if (reality.meta?.savedStorageState) {
+          output += `📁 **Saved Auth State:** ${reality.meta.savedStorageState}\n`;
+        }
+      } catch {}
+    } catch (err) {
+      output += `\n⚠️ Reality failed: ${err.message}\n`;
+      if (err.stdout) output += `\n${err.stdout.replace(/\x1b\[[0-9;]*m/g, "")}\n`;
+    }
+
+    output += "\n---\n_Reality Mode v2 — Two-Pass Auth Verification_\n";
+    return this.success(output);
+  }
+
+  // ============================================================================
+  // AI-TEST - AI Agent testing
+  // ============================================================================
+  async handleAITest(projectPath, args) {
+    const url = args?.url;
+    if (!url) return this.error("URL is required");
+
+    let output = "# 🤖 vibecheck AI Agent\n\n";
+    output += `**URL:** ${url}\n`;
+    output += `**Goal:** ${args?.goal || "Test all features"}\n\n`;
+
+    try {
+      let cmd = `node "${path.join(__dirname, "..", "bin", "vibecheck.js")}" ai-test --url "${url}"`;
+      if (args?.goal) cmd += ` --goal "${args.goal}"`;
+      if (args?.headed) cmd += ` --headed`;
+
+      const result = execSync(cmd, {
+        cwd: projectPath,
+        encoding: "utf8",
+        maxBuffer: 10 * 1024 * 1024,
+        timeout: 180000,
+        env: { ...process.env, VIBECHECK_SKIP_AUTH: "1" },
+      });
+
+      output += result.replace(/\x1b\[[0-9;]*m/g, "");
+
+      // Try to read fix prompts
+      const promptPath = path.join(
+        projectPath,
+        ".vibecheck",
+        "ai-agent",
+        "fix-prompt.md",
+      );
+      try {
+        const prompts = await fs.readFile(promptPath, "utf-8");
+        output += "\n## Fix Prompts Generated\n\n";
+        output += prompts.substring(0, 2000);
+        if (prompts.length > 2000) output += "\n\n... (truncated)";
+      } catch {}
+    } catch (err) {
+      output += `\n⚠️ AI Agent failed: ${err.message}\n`;
+    }
+
+    output += "\n---\n_Context Enhanced by vibecheck AI_\n";
+    return this.success(output);
+  }
+
+  // ============================================================================
+  // AUTOPILOT - Continuous protection
+  // ============================================================================
+  async handleAutopilot(projectPath, args) {
+    const action = args?.action || "status";
+
+    let output = "# 🤖 vibecheck Autopilot\n\n";
+    output += `**Action:** ${action}\n\n`;
+
+    try {
+      let cmd = `node "${path.join(__dirname, "..", "bin", "vibecheck.js")}" autopilot ${action}`;
+      if (args?.slack) cmd += ` --slack="${args.slack}"`;
+      if (args?.email) cmd += ` --email="${args.email}"`;
+
+      const result = execSync(cmd, {
+        cwd: projectPath,
+        encoding: "utf8",
+        maxBuffer: 10 * 1024 * 1024,
+        env: { ...process.env, VIBECHECK_SKIP_AUTH: "1" },
+      });
+
+      output += result.replace(/\x1b\[[0-9;]*m/g, "");
+    } catch (err) {
+      output += `\n⚠️ Autopilot failed: ${err.message}\n`;
+    }
+
+    return this.success(output);
+  }
+
+  // ============================================================================
+  // AUTOPILOT PLAN - Generate fix plan (Pro/Compliance)
+  // ============================================================================
+  async handleAutopilotPlan(projectPath, args) {
+    let output = "# 🤖 vibecheck Autopilot Plan\n\n";
+    output += `**Path:** ${projectPath}\n`;
+    output += `**Profile:** ${args?.profile || "ship"}\n\n`;
+
+    try {
+      // Use the core autopilot runner directly
+      const corePath = path.join(__dirname, "..", "packages", "core", "dist", "index.js");
+      let runAutopilot;
+      
+      try {
+        const core = await import(corePath);
+        runAutopilot = core.runAutopilot;
+      } catch {
+        // Fallback to CLI
+        let cmd = `node "${path.join(__dirname, "..", "bin", "vibecheck.js")}" autopilot plan`;
+        cmd += ` --profile ${args?.profile || "ship"}`;
+        cmd += ` --max-fixes ${args?.maxFixes || 10}`;
+        cmd += ` --json`;
+
+        const result = execSync(cmd, {
+          cwd: projectPath,
+          encoding: "utf8",
+          maxBuffer: 10 * 1024 * 1024,
+          env: { ...process.env, VIBECHECK_SKIP_AUTH: "1" },
+        });
+
+        const jsonResult = JSON.parse(result);
+        output += `## Scan Results\n\n`;
+        output += `- **Total findings:** ${jsonResult.totalFindings}\n`;
+        output += `- **Fixable:** ${jsonResult.fixableFindings}\n`;
+        output += `- **Estimated time:** ${jsonResult.estimatedDuration}\n\n`;
+
+        output += `## Fix Packs\n\n`;
+        for (const pack of jsonResult.packs || []) {
+          const risk = pack.estimatedRisk === "high" ? "🔴" : pack.estimatedRisk === "medium" ? "🟡" : "🟢";
+          output += `### ${risk} ${pack.name}\n`;
+          output += `- Issues: ${pack.findings.length}\n`;
+          output += `- Files: ${pack.impactedFiles.join(", ")}\n\n`;
+        }
+
+        output += `\n💡 Run \`vibecheck.autopilot_apply\` to apply these fixes.\n`;
+        return this.success(output);
+      }
+
+      if (runAutopilot) {
+        const result = await runAutopilot({
+          projectPath,
+          mode: "plan",
+          profile: args?.profile || "ship",
+          maxFixes: args?.maxFixes || 10,
+        });
+
+        output += `## Scan Results\n\n`;
+        output += `- **Total findings:** ${result.totalFindings}\n`;
+        output += `- **Fixable:** ${result.fixableFindings}\n`;
+        output += `- **Estimated time:** ${result.estimatedDuration}\n\n`;
+
+        output += `## Fix Packs\n\n`;
+        for (const pack of result.packs) {
+          const risk = pack.estimatedRisk === "high" ? "🔴" : pack.estimatedRisk === "medium" ? "🟡" : "🟢";
+          output += `### ${risk} ${pack.name}\n`;
+          output += `- Issues: ${pack.findings.length}\n`;
+          output += `- Files: ${pack.impactedFiles.join(", ")}\n\n`;
+        }
+
+        output += `\n💡 Run \`vibecheck.autopilot_apply\` to apply these fixes.\n`;
+      }
+    } catch (err) {
+      output += `\n❌ Error: ${err.message}\n`;
+    }
+
+    return this.success(output);
+  }
+
+  // ============================================================================
+  // AUTOPILOT APPLY - Apply fixes (Pro/Compliance)
+  // ============================================================================
+  async handleAutopilotApply(projectPath, args) {
+    let output = "# 🔧 vibecheck Autopilot Apply\n\n";
+    output += `**Path:** ${projectPath}\n`;
+    output += `**Profile:** ${args?.profile || "ship"}\n`;
+    output += `**Dry Run:** ${args?.dryRun ? "Yes" : "No"}\n\n`;
+
+    try {
+      // Fallback to CLI
+      let cmd = `node "${path.join(__dirname, "..", "bin", "vibecheck.js")}" autopilot apply`;
+      cmd += ` --profile ${args?.profile || "ship"}`;
+      cmd += ` --max-fixes ${args?.maxFixes || 10}`;
+      if (args?.verify === false) cmd += ` --no-verify`;
+      if (args?.dryRun) cmd += ` --dry-run`;
+      cmd += ` --json`;
+
+      const result = execSync(cmd, {
+        cwd: projectPath,
+        encoding: "utf8",
+        maxBuffer: 10 * 1024 * 1024,
+        timeout: 300000, // 5 min timeout
+        env: { ...process.env, VIBECHECK_SKIP_AUTH: "1" },
+      });
+
+      const jsonResult = JSON.parse(result);
+
+      output += `## Results\n\n`;
+      output += `- **Packs attempted:** ${jsonResult.packsAttempted}\n`;
+      output += `- **Packs succeeded:** ${jsonResult.packsSucceeded}\n`;
+      output += `- **Packs failed:** ${jsonResult.packsFailed}\n`;
+      output += `- **Fixes applied:** ${jsonResult.appliedFixes?.filter(f => f.success).length || 0}\n`;
+      output += `- **Duration:** ${jsonResult.duration}ms\n\n`;
+
+      if (jsonResult.verification) {
+        output += `## Verification\n\n`;
+        output += `- TypeScript: ${jsonResult.verification.typecheck?.passed ? "✅" : "❌"}\n`;
+        output += `- Build: ${jsonResult.verification.build?.passed ? "✅" : "⏭️"}\n`;
+        output += `- Overall: ${jsonResult.verification.passed ? "✅ PASSED" : "❌ FAILED"}\n\n`;
+      }
+
+      output += `**Remaining findings:** ${jsonResult.remainingFindings}\n`;
+      output += `**New scan verdict:** ${jsonResult.newScanVerdict}\n`;
+    } catch (err) {
+      output += `\n❌ Error: ${err.message}\n`;
+    }
+
+    return this.success(output);
+  }
+
+  // ============================================================================
+  // BADGE - Generate ship badge
+  // ============================================================================
+  async handleBadge(projectPath, args) {
+    const format = args?.format || "svg";
+
+    let output = "# 🏅 vibecheck Badge\n\n";
+
+    try {
+      let cmd = `node "${path.join(__dirname, "..", "bin", "vibecheck.js")}" badge --format ${format}`;
+      if (args?.style) cmd += ` --style ${args.style}`;
+
+      const result = execSync(cmd, {
+        cwd: projectPath,
+        encoding: "utf8",
+        maxBuffer: 10 * 1024 * 1024,
+        env: { ...process.env, VIBECHECK_SKIP_AUTH: "1" },
+      });
+
+      output += result.replace(/\x1b\[[0-9;]*m/g, "");
+
+      // Read the badge file
+      const badgePath = path.join(
+        projectPath,
+        ".vibecheck",
+        "badges",
+        `badge.${format}`,
+      );
+      try {
+        const badge = await fs.readFile(badgePath, "utf-8");
+        if (format === "md") {
+          output += "\n**Markdown:**\n```\n" + badge + "\n```\n";
+        } else if (format === "html") {
+          output += "\n**HTML:**\n```html\n" + badge + "\n```\n";
+        } else {
+          output += `\n**Badge saved to:** ${badgePath}\n`;
+        }
+      } catch {}
+    } catch (err) {
+      output += `\n⚠️ Badge generation failed: ${err.message}\n`;
+    }
+
+    return this.success(output);
+  }
+
+  // ============================================================================
+  // CONTEXT - AI Rules Generator
+  // ============================================================================
+  async handleContext(projectPath, args) {
+    const platform = args?.platform || "all";
+
+    let output = "# 🧠 vibecheck Context Generator\n\n";
+    output += `**Project:** ${path.basename(projectPath)}\n`;
+    output += `**Platform:** ${platform}\n\n`;
+
+    try {
+      let cmd = `node "${path.join(__dirname, "..", "bin", "vibecheck.js")}" context`;
+      if (platform !== "all") cmd += ` --platform=${platform}`;
+
+      execSync(cmd, {
+        cwd: projectPath,
+        encoding: "utf8",
+        maxBuffer: 10 * 1024 * 1024,
+      });
+
+      output += "## ✅ Context Generated\n\n";
+      output +=
+        "Your AI coding assistants now have full project awareness.\n\n";
+
+      output += "### Generated Files\n\n";
+
+      if (platform === "all" || platform === "cursor") {
+        output += "**Cursor:**\n";
+        output += "- `.cursorrules` - Main rules file\n";
+        output += "- `.cursor/rules/*.mdc` - Modular rules\n\n";
+      }
+
+      if (platform === "all" || platform === "windsurf") {
+        output += "**Windsurf:**\n";
+        output += "- `.windsurf/rules/*.md` - Cascade rules\n\n";
+      }
+
+      if (platform === "all" || platform === "copilot") {
+        output += "**GitHub Copilot:**\n";
+        output += "- `.github/copilot-instructions.md`\n\n";
+      }
+
+      output += "**Universal (MCP):**\n";
+      output += "- `.vibecheck/context.json` - Full context\n";
+      output += "- `.vibecheck/project-map.json` - Project analysis\n\n";
+
+      output += "### What Your AI Now Knows\n\n";
+      output += "- Project architecture and structure\n";
+      output += "- API routes and endpoints\n";
+      output += "- Components and data models\n";
+      output += "- Coding conventions and patterns\n";
+      output += "- Dependencies and tech stack\n\n";
+
+      output +=
+        "> **Tip:** Regenerate after major codebase changes with `vibecheck context`\n";
+    } catch (err) {
+      output += `\n⚠️ Context generation failed: ${err.message}\n`;
+    }
+
+    output += "\n---\n_Context Enhanced by vibecheck AI_\n";
+    return this.success(output);
+  }
+
+  // ============================================================================
+  // STATUS
+  // ============================================================================
+  async handleStatus(projectPath, args) {
+    let output = "# 📊 vibecheck Status\n\n";
+
+    output += "## Server\n\n";
+    output += `- **Version:** ${VERSION}\n`;
+    output += `- **Node:** ${process.version}\n`;
+    output += `- **Platform:** ${process.platform}\n\n`;
+
+    output += "## Project\n\n";
+    output += `- **Path:** ${projectPath}\n`;
+
+    // Config
+    const configPaths = [
+      path.join(projectPath, "vibecheck.config.json"),
+      path.join(projectPath, ".vibecheckrc"),
+    ];
+    let hasConfig = false;
+    for (const p of configPaths) {
+      try {
+        await fs.access(p);
+        hasConfig = true;
+        output += `- **Config:** ✅ Found (${path.basename(p)})\n`;
+        break;
+      } catch {}
+    }
+    if (!hasConfig) {
+      output += "- **Config:** ⚠️ Not found (run `vibecheck init`)\n";
+    }
+
+    // Last scan
+    const summaryPath = path.join(projectPath, ".vibecheck", "summary.json");
+    try {
+      const summary = JSON.parse(await fs.readFile(summaryPath, "utf-8"));
+      output += `- **Last Scan:** ${summary.timestamp}\n`;
+      output += `- **Last Score:** ${summary.score}/100 (${summary.grade})\n`;
+      output += `- **Last Verdict:** ${summary.canShip ? "✅ SHIP" : "🚫 NO-SHIP"}\n`;
+    } catch {
+      output += "- **Last Scan:** None\n";
+    }
+
+    output += "\n## Available Tools\n\n";
+    output += "| Tool | Description |\n|------|-------------|\n";
+    for (const tool of TOOLS) {
+      output += `| \`${tool.name}\` | ${tool.description.split("—")[0].trim()} |\n`;
+    }
+
+    output += "\n---\n_Vibecheck v" + VERSION + " — https://vibecheckai.dev_\n";
+
+    return this.success(output);
+  }
+
+  // ============================================================================
+  // RUN
+  // ============================================================================
+  async run() {
+    const transport = new StdioServerTransport();
+    await this.server.connect(transport);
+    console.error("vibecheck MCP Server v2.0 running on stdio");
+  }
+}
+
+// Main
+const server = new VibecheckMCP();
+server.run().catch(console.error);