npm - @vibecheckai/cli - Versions diffs - 3.0.8 → 3.0.9 - Mend

@vibecheckai/cli 3.0.8 → 3.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md +77 -484
package/bin/runners/lib/__tests__/entitlements-v2.test.js +295 -0
package/bin/runners/lib/entitlements-v2.js +409 -299
package/bin/runners/runFix.js +20 -0
package/bin/runners/runMcp.js +58 -0
package/bin/runners/runPR.js +80 -12
package/bin/runners/runReality.js +48 -2
package/bin/runners/runReport.js +40 -0
package/bin/runners/runShip.js +97 -1
package/bin/runners/runWatch.js +63 -6
package/bin/vibecheck.js +158 -59
package/package.json +1 -1

package/bin/vibecheck.js CHANGED Viewed

@@ -230,34 +230,53 @@ function findSimilarCommands(input, commands, maxDistance = 3) {
 }
 // ═══════════════════════════════════════════════════════════════════════════════
-// COMMAND REGISTRY
+// ENTITLEMENTS (v2 - Single Source of Truth)
+// ═══════════════════════════════════════════════════════════════════════════════
+const entitlements = require("./runners/lib/entitlements-v2");
+// ═══════════════════════════════════════════════════════════════════════════════
+// COMMAND REGISTRY - Tiers match entitlements-v2.js EXACTLY
 // ═══════════════════════════════════════════════════════════════════════════════
 const COMMANDS = {
-  scan: { description: "Static truth - routes, contracts, secrets, coverage", tier: "free", category: "proof", aliases: ["s", "check"], runner: () => require("./runners/runScan").runScan },
-  ship: { description: "Verdict engine - SHIP / WARN / BLOCK decision", tier: "free", category: "proof", aliases: ["verdict"], runner: () => require("./runners/runShip").runShip },
-  reality: { description: "Runtime proof - Playwright clicks every button", tier: "free", category: "proof", aliases: ["r", "test", "e2e"], runner: () => { try { return require("./runners/runReality").runReality; } catch (e) { return async () => { console.error("Reality runner unavailable:", e.message); return 1; }; } } },
-  fix: { description: "Mission-based repair - targeted fixes with proof", tier: "pro", category: "proof", freeArgs: ["--plan-only", "--help", "-h"], aliases: ["f", "repair"], runner: () => require("./runners/runFix").runFix },
-  prove: { description: "One command - runs the full loop, fixes issues, proves SHIP", tier: "free", category: "proof", aliases: ["p", "full", "all"], runner: () => require("./runners/runProve").runProve },
-  report: { description: "HTML artifact - shareable proof of what shipped", tier: "free", category: "proof", aliases: ["html", "artifact"], runner: () => require("./runners/runReport").runReport },
-  init: { description: "Set up vibecheck (--gha for GitHub Actions)", tier: "free", category: "setup", aliases: ["setup", "configure"], runner: () => require("./runners/runInit").runInit },
-  install: { description: "Zero-friction onboarding - auto-detects everything", tier: "free", category: "setup", aliases: ["i", "bootstrap"], runner: () => require("./runners/runInstall").runInstall },
-  doctor: { description: "Environment + project diagnostics", tier: "free", category: "setup", aliases: ["health", "diag"], runner: () => require("./runners/runDoctor").runDoctor },
-  watch: { description: "Continuous mode - re-runs on file changes", tier: "free", category: "setup", aliases: ["w", "dev"], runner: () => require("./runners/runWatch").runWatch },
-  ctx: { description: "Generate truthpack - ground truth for AI agents", tier: "free", category: "truth", aliases: ["truthpack", "tp"], subcommands: ["build", "diff", "guard", "sync", "search"], runner: () => require("./runners/runCtx").runCtx },
-  guard: { description: "Trust boundaries - validates AI claims + prompt injection", tier: "free", category: "truth", aliases: ["validate", "trust"], runner: () => require("./runners/runGuard").runGuard },
-  context: { description: "Generate AI rules (.cursorrules, .windsurf/rules, etc.)", tier: "free", category: "truth", aliases: ["rules", "ai-rules"], runner: () => require("./runners/runContext").runContext },
-  mcp: { description: "Start MCP server for AI coding agents", tier: "free", category: "extras", aliases: [], runner: () => require("./runners/runMcp").runMcp },
-  badge: { description: "Generate ship badge for README/PR", tier: "free", category: "extras", aliases: ["b"], runner: () => require("./runners/runBadge").runBadge },
-  pr: { description: "Generate PR comment with findings", tier: "free", category: "extras", aliases: ["pull-request"], runner: () => require("./runners/runPR").runPR },
-  labs: { description: "Experimental features", tier: "free", category: "extras", aliases: ["experimental", "beta"], runner: () => require("./runners/runLabs").runLabs },
-  gate: { description: "CI/CD gate - blocks deploys on failures", tier: "starter", category: "ci", aliases: ["ci", "block"], scope: "gate:ci", runner: () => require("./runners/runGate").runGate },
-  "ai-test": { description: "AI Agent testing - autonomous test generation", tier: "pro", category: "automation", aliases: ["ai", "agent"], scope: "ai:agent", runner: () => require("./runners/runAIAgent").runAIAgent },
+  // PROOF LOOP
+  scan: { description: "Static analysis - routes, secrets, contracts", tier: "free", category: "proof", aliases: ["s", "check"], runner: () => require("./runners/runScan").runScan },
+  ship: { description: "Verdict engine - SHIP / WARN / BLOCK", tier: "free", category: "proof", aliases: ["verdict"], caps: "static-only on FREE", runner: () => require("./runners/runShip").runShip },
+  reality: { description: "Runtime proof - Playwright clicks every button", tier: "free", category: "proof", aliases: ["r", "test", "e2e"], caps: "preview mode on FREE (5 pages, no auth)", runner: () => { try { return require("./runners/runReality").runReality; } catch (e) { return async () => { console.error("Reality runner unavailable:", e.message); return 1; }; } } },
+  prove: { description: "Full proof loop - ctx → reality → ship → fix", tier: "pro", category: "proof", aliases: ["p", "full", "all"], runner: () => require("./runners/runProve").runProve },
+  fix: { description: "AI-powered auto-fix", tier: "free", category: "proof", caps: "--plan-only on FREE/STARTER", aliases: ["f", "repair"], runner: () => require("./runners/runFix").runFix },
+  report: { description: "Generate HTML/MD/SARIF reports", tier: "free", category: "proof", caps: "HTML/MD only on FREE", aliases: ["html", "artifact"], runner: () => require("./runners/runReport").runReport },
+  // SETUP & DX
+  install: { description: "Zero-friction onboarding", tier: "free", category: "setup", aliases: ["i", "bootstrap"], runner: () => require("./runners/runInstall").runInstall },
+  init: { description: "Project setup wizard", tier: "free", category: "setup", aliases: ["setup", "configure"], runner: () => require("./runners/runInit").runInit },
+  doctor: { description: "Environment diagnostics", tier: "free", category: "setup", aliases: ["health", "diag"], runner: () => require("./runners/runDoctor").runDoctor },
+  status: { description: "Project health dashboard", tier: "free", category: "setup", aliases: ["st"], runner: () => require("./runners/runStatus").runStatus },
+  watch: { description: "Continuous mode - re-runs on changes", tier: "free", category: "setup", aliases: ["w", "dev"], runner: () => require("./runners/runWatch").runWatch },
+  launch: { description: "Pre-launch checklist wizard", tier: "starter", category: "setup", aliases: ["checklist", "preflight"], runner: () => require("./runners/runLaunch").runLaunch },
+  // AI TRUTH
+  ctx: { description: "Generate truthpack for AI agents", tier: "free", category: "truth", aliases: ["truthpack", "tp"], subcommands: ["build", "diff", "guard", "sync", "search"], runner: () => require("./runners/runCtx").runCtx },
+  guard: { description: "Validate AI claims against truth", tier: "free", category: "truth", aliases: ["validate", "trust"], runner: () => require("./runners/runGuard").runGuard },
+  context: { description: "Generate .cursorrules, .windsurf/rules", tier: "free", category: "truth", aliases: ["rules", "ai-rules"], runner: () => require("./runners/runContext").runContext },
+  mdc: { description: "Generate MDC specifications", tier: "free", category: "truth", aliases: [], runner: () => require("./runners/runMdc").runMdc },
+  // CI & COLLABORATION (STARTER+)
+  gate: { description: "CI/CD gate - blocks deploys on failures", tier: "starter", category: "ci", aliases: ["ci", "block"], runner: () => require("./runners/runGate").runGate },
+  pr: { description: "Generate PR comment with findings", tier: "starter", category: "ci", aliases: ["pull-request"], runner: () => require("./runners/runPR").runPR },
+  badge: { description: "Generate ship badge for README", tier: "starter", category: "ci", aliases: ["b"], runner: () => require("./runners/runBadge").runBadge },
+  // AUTOMATION (STARTER+/PRO)
+  mcp: { description: "Start MCP server for AI IDEs", tier: "starter", category: "automation", aliases: [], runner: () => require("./runners/runMcp").runMcp },
+  share: { description: "Generate share pack for PR/docs", tier: "pro", category: "automation", aliases: [], runner: () => require("./runners/runShare").runShare },
+  "ai-test": { description: "AI autonomous test generation", tier: "pro", category: "automation", aliases: ["ai", "agent"], runner: () => require("./runners/runAIAgent").runAIAgent },
+  // ACCOUNT (always free)
   login: { description: "Authenticate with API key", tier: "free", category: "account", aliases: ["auth", "signin"], runner: () => require("./runners/runAuth").runLogin, skipAuth: true },
   logout: { description: "Remove stored credentials", tier: "free", category: "account", aliases: ["signout"], runner: () => require("./runners/runAuth").runLogout, skipAuth: true },
   whoami: { description: "Show current user and plan", tier: "free", category: "account", aliases: ["me", "user"], runner: () => require("./runners/runAuth").runWhoami, skipAuth: true },
-  mdc: { description: "Generate MDC specifications", tier: "free", category: "truth", aliases: [], runner: () => require("./runners/runMdc").runMdc },
-  status: { description: "Project status dashboard", tier: "free", category: "setup", aliases: ["st"], runner: () => require("./runners/runStatus").runStatus },
-  share: { description: "Generate share pack for PR/docs", tier: "free", category: "extras", aliases: [], runner: () => require("./runners/runShare").runShare },
+  // EXTRAS
+  labs: { description: "Experimental features", tier: "free", category: "extras", aliases: ["experimental", "beta"], runner: () => require("./runners/runLabs").runLabs },
 };
 const ALIAS_MAP = {};
@@ -271,27 +290,62 @@ function getRunner(cmd) {
 }
 // ═══════════════════════════════════════════════════════════════════════════════
-// AUTH & ACCESS CONTROL
+// AUTH & ACCESS CONTROL (uses entitlements-v2 - NO BYPASS ALLOWED)
 // ═══════════════════════════════════════════════════════════════════════════════
 let authModule = null;
 function getAuthModule() { if (!authModule) authModule = require("./runners/lib/auth"); return authModule; }
-async function checkCommandAccess(cmd, args, entitlements) {
+/**
+ * Check command access using entitlements-v2 module.
+ * NO OWNER MODE. NO ENV VAR BYPASS. NO OFFLINE ESCALATION.
+ */
+async function checkCommandAccess(cmd, args, authInfo) {
   const def = COMMANDS[cmd];
   if (!def) return { allowed: true };
-  if (def.tier === "free") return { allowed: true, tier: "free" };
-  if (!entitlements) return { allowed: false, tier: def.tier, reason: formatAccessDenied(cmd, def.tier, null) };
-  const hasAccess = entitlements.scopes?.includes(def.scope) || entitlements.scopes?.includes("*");
-  if (!hasAccess) return { allowed: false, tier: def.tier, reason: formatAccessDenied(cmd, def.tier, entitlements.plan) };
-  return { allowed: true, tier: def.tier };
+  // Use centralized entitlements enforcement
+  const result = await entitlements.enforce(cmd, {
+    apiKey: authInfo?.key,
+    projectPath: process.cwd(),
+    silent: true, // We'll handle messaging ourselves
+  });
+  if (result.allowed) {
+    return {
+      allowed: true,
+      tier: result.tier,
+      downgrade: result.downgrade,
+      limits: result.limits,
+      caps: result.caps,
+    };
+  }
+  // Not allowed - return with proper exit code
+  return {
+    allowed: false,
+    tier: result.tier,
+    requiredTier: result.requiredTier,
+    exitCode: result.exitCode,
+    reason: formatAccessDenied(cmd, result.requiredTier, result.tier),
+  };
 }
-function formatAccessDenied(cmd, requiredTier, currentPlan) {
+function formatAccessDenied(cmd, requiredTier, currentTier) {
   const tierColors = { starter: c.cyan, pro: c.magenta, enterprise: c.yellow };
   const tierColor = tierColors[requiredTier] || c.white;
-  let msg = `${c.yellow}${cmd}${c.reset} requires a ${tierColor}${requiredTier.toUpperCase()}${c.reset} plan.\n\n`;
-  if (!currentPlan) { msg += `  Run ${c.cyan}vibecheck login${c.reset} to authenticate.\n  Get your API key at: ${c.cyan}https://vibecheckai.dev/settings/keys${c.reset}`; }
-  else { msg += `  Your current plan: ${c.yellow}${currentPlan.toUpperCase()}${c.reset}\n  Upgrade at: ${c.cyan}https://vibecheckai.dev/pricing${c.reset}`; }
+  const tierLabel = entitlements.getTierLabel(requiredTier);
+  const currentLabel = entitlements.getTierLabel(currentTier);
+  let msg = `\n${c.red}${c.bold}⛔ Feature Not Available${c.reset}\n\n`;
+  msg += `  ${c.yellow}${cmd}${c.reset} requires ${tierColor}${tierLabel}${c.reset} plan.\n`;
+  msg += `  Your current plan: ${c.dim}${currentLabel}${c.reset}\n\n`;
+  if (currentTier === "free") {
+    msg += `  ${c.cyan}Get started:${c.reset} vibecheck login\n`;
+  }
+  msg += `  ${c.cyan}Upgrade at:${c.reset} https://vibecheckai.dev/pricing\n`;
+  msg += `\n  ${c.dim}Exit code: ${entitlements.EXIT_FEATURE_NOT_ALLOWED}${c.reset}\n`;
   return msg;
 }
@@ -309,40 +363,70 @@ ${c.dim}${sym.boxBottomLeft}${sym.boxHorizontal.repeat(60)}${sym.boxBottomRight}
 function printHelp() {
   printBanner();
+  // Categories ordered as specified
+  const categoryOrder = ["proof", "setup", "truth", "ci", "automation", "account", "extras"];
   const categories = {
-    proof: { name: "THE PROOF LOOP", color: c.green, icon: sym.shield },
-    setup: { name: "SETUP & DIAGNOSTICS", color: c.yellow, icon: sym.gear },
-    truth: { name: "TRUTH SYSTEM", color: c.magenta, icon: sym.lightning },
-    extras: { name: "EXTRAS", color: c.dim, icon: sym.star },
-    ci: { name: "CI/CD", color: c.cyan, icon: sym.rocket },
+    proof: { name: "PROOF LOOP", color: c.green, icon: sym.shield },
+    setup: { name: "SETUP & DX", color: c.yellow, icon: sym.gear },
+    truth: { name: "AI TRUTH", color: c.magenta, icon: sym.lightning },
+    ci: { name: "CI & COLLABORATION", color: c.cyan, icon: sym.rocket },
     automation: { name: "AUTOMATION", color: c.blue, icon: sym.fire },
     account: { name: "ACCOUNT", color: c.dim, icon: sym.key },
+    extras: { name: "EXTRAS", color: c.dim, icon: sym.star },
   };
+  // Group commands
   const grouped = {};
   for (const [cmd, def] of Object.entries(COMMANDS)) {
     const cat = def.category || "extras";
     if (!grouped[cat]) grouped[cat] = [];
     grouped[cat].push({ cmd, ...def });
   }
-  for (const [catKey, commands] of Object.entries(grouped)) {
-    const cat = categories[catKey] || { name: catKey.toUpperCase(), color: c.white, icon: sym.bullet };
+  // Print in order
+  for (const catKey of categoryOrder) {
+    const commands = grouped[catKey];
+    if (!commands || commands.length === 0) continue;
+    const cat = categories[catKey];
     console.log(`\n${cat.color}${cat.icon} ${cat.name}${c.reset}\n`);
-    for (const { cmd, description, tier, aliases } of commands) {
-      const tierBadge = tier === "starter" ? `${c.cyan}[STARTER]${c.reset} ` : tier === "pro" ? `${c.magenta}[PRO]${c.reset} ` : "";
-      const aliasStr = aliases?.length ? `${c.dim}(${aliases.join(", ")})${c.reset}` : "";
-      console.log(`  ${c.cyan}${cmd.padEnd(12)}${c.reset} ${tierBadge}${description} ${aliasStr}`);
+    for (const { cmd, description, tier, aliases, caps } of commands) {
+      // Tier badge with color
+      let tierBadge = "";
+      if (tier === "free") {
+        tierBadge = `${c.green}[FREE]${c.reset} `;
+      } else if (tier === "starter") {
+        tierBadge = `${c.cyan}[STARTER]${c.reset} `;
+      } else if (tier === "pro") {
+        tierBadge = `${c.magenta}[PRO]${c.reset} `;
+      }
+      // Caps info (e.g., "preview mode on FREE")
+      const capsStr = caps ? `${c.dim}(${caps})${c.reset}` : "";
+      console.log(`  ${c.cyan}${cmd.padEnd(12)}${c.reset} ${tierBadge}${description} ${capsStr}`);
     }
   }
   console.log(`
 ${c.dim}${sym.boxHorizontal.repeat(64)}${c.reset}
+${c.green}TIERS${c.reset}
+  ${c.green}FREE${c.reset}      $0       scan, ship, ctx, doctor, report (HTML/MD)
+  ${c.cyan}STARTER${c.reset}   $29/mo   + gate, launch, pr, badge, mcp, reality full
+  ${c.magenta}PRO${c.reset}       $99/mo   + prove, fix apply, share, ai-test, compliance
 ${c.green}QUICK START${c.reset}
   ${c.bold}"Check my repo"${c.reset}     ${c.cyan}vibecheck scan${c.reset}
-  ${c.bold}"Can I ship?"${c.reset}       ${c.cyan}vibecheck prove --url http://localhost:3000${c.reset}
-  ${c.bold}"Why did it fail?"${c.reset}  ${c.cyan}vibecheck report${c.reset}    ${c.dim}(then: vibecheck fix)${c.reset}
+  ${c.bold}"Can I ship?"${c.reset}       ${c.cyan}vibecheck ship${c.reset}
+  ${c.bold}"Full proof loop"${c.reset}   ${c.cyan}vibecheck prove --url http://localhost:3000${c.reset} ${c.magenta}[PRO]${c.reset}
 ${c.dim}Run 'vibecheck <command> --help' for command-specific help.${c.reset}
+${c.dim}Pricing: https://vibecheckai.dev/pricing${c.reset}
 `);
 }
@@ -419,20 +503,35 @@ async function main() {
   }
   const cmdDef = COMMANDS[cmd];
-  let authInfo = { key: null, entitlements: null };
+  let authInfo = { key: null };
   if (!cmdDef.skipAuth) {
     const auth = getAuthModule();
     const { key } = auth.getApiKey();
+    authInfo.key = key;
-    if (key && cmdDef.tier !== "free") {
-      try { authInfo.key = key; authInfo.entitlements = await auth.getEntitlements(key); } catch (e) { if (config.verbose) console.log(`${c.yellow}${sym.warning}${c.reset} ${c.dim}Could not verify credentials${c.reset}`); }
-    } else { authInfo.key = key; }
+    // Use entitlements-v2 for access control (NO BYPASS)
+    const access = await checkCommandAccess(cmd, cmdArgs, authInfo);
+    if (!access.allowed) {
+      console.log(access.reason);
+      // Use proper exit code: 3 = feature not allowed
+      process.exit(access.exitCode || entitlements.EXIT_FEATURE_NOT_ALLOWED);
+    }
+    // Show downgrade notice if applicable
+    if (access.downgrade && !config.quiet) {
+      console.log(`${c.yellow}${sym.warning}${c.reset} Running in ${c.yellow}${access.downgrade}${c.reset} mode (upgrade for full access)`);
+    }
+    // Show tier badge
+    if (!config.quiet) {
+      if (access.tier === "starter") console.log(`${c.cyan}${sym.arrowRight} STARTER${c.reset} ${c.dim}feature${c.reset}`);
+      else if (access.tier === "pro") console.log(`${c.magenta}${sym.arrowRight} PRO${c.reset} ${c.dim}feature${c.reset}`);
+    }
-    const access = await checkCommandAccess(cmd, cmdArgs, authInfo.entitlements);
-    if (!access.allowed) { console.log(`\n${c.red}${sym.error} Access Denied${c.reset}\n`); console.log(access.reason); console.log(""); process.exit(1); }
-    if (access.tier === "starter" && !config.quiet) console.log(`${c.cyan}${sym.arrowRight} STARTER${c.reset} ${c.dim}feature${c.reset}`);
-    else if (access.tier === "pro" && !config.quiet) console.log(`${c.magenta}${sym.arrowRight} PRO${c.reset} ${c.dim}feature${c.reset}`);
+    // Attach access info for runners to use
+    authInfo.access = access;
   }
   state.runCount++; state.lastRun = Date.now();
@@ -448,18 +547,18 @@ async function main() {
     switch (cmd) {
       case "prove": exitCode = await runner(cmdArgs); break;
-      case "reality": exitCode = await runner({ ...context, url: getArgValue(cmdArgs, ["--url", "-u"]), auth: getArgValue(cmdArgs, ["--auth"]), storageState: getArgValue(cmdArgs, ["--storage-state"]), saveStorageState: getArgValue(cmdArgs, ["--save-storage-state"]), truthpack: getArgValue(cmdArgs, ["--truthpack"]), verifyAuth: cmdArgs.includes("--verify-auth"), headed: cmdArgs.includes("--headed"), danger: cmdArgs.includes("--danger") }); break;
-      case "watch": exitCode = await runner({ ...context, fastifyEntry: getArgValue(cmdArgs, ["--fastify-entry"]), debounceMs: parseInt(getArgValue(cmdArgs, ["--debounce"]) || "500", 10), clearScreen: !cmdArgs.includes("--no-clear") }); break;
+      case "reality": exitCode = await runner(cmdArgs); break;
+      case "watch": exitCode = await runner(cmdArgs); break;
       case "ctx": case "truthpack":
         if (cmdArgs[0] === "sync") { const { runCtxSync } = require("./runners/runCtxSync"); exitCode = await runCtxSync({ ...context, fastifyEntry: getArgValue(cmdArgs, ["--fastify-entry"]) }); }
         else if (cmdArgs[0] === "guard") { const { runCtxGuard } = require("./runners/runCtxGuard"); exitCode = await runCtxGuard.main(cmdArgs.slice(1)); }
         else if (cmdArgs[0] === "diff") { const { main: ctxDiffMain } = require("./runners/runCtxDiff"); exitCode = await ctxDiffMain(cmdArgs.slice(1)); }
         else if (cmdArgs[0] === "search") { const { runContext } = require("./runners/runContext"); exitCode = await runContext(["--search", ...cmdArgs.slice(1)]); }
-        else { exitCode = await runner({ ...context, fastifyEntry: getArgValue(cmdArgs, ["--fastify-entry"]), print: cmdArgs.includes("--print") }); }
+        else { exitCode = await runner(cmdArgs); }
         break;
       case "install": exitCode = await runner(cmdArgs); break;
       case "status": exitCode = await runner({ ...context, json: cmdArgs.includes("--json") }); break;
-      case "pr": exitCode = await runner({ ...context, fastifyEntry: getArgValue(cmdArgs, ["--fastify-entry"]), out: getArgValue(cmdArgs, ["--out"]), failOnWarn: cmdArgs.includes("--fail-on-warn"), maxFindings: parseInt(getArgValue(cmdArgs, ["--max-findings"]) || "12", 10) }); break;
+      case "pr": exitCode = await runner(cmdArgs); break;
       case "share": exitCode = await runner(cmdArgs); break;
       default: exitCode = await runner(cmdArgs);
     }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@vibecheckai/cli",
-  "version": "3.0.8",
+  "version": "3.0.9",
   "description": "Vibecheck CLI - Ship with confidence. One verdict: SHIP | WARN | BLOCK.",
   "main": "bin/vibecheck.js",
   "bin": {