@vibecheckai/cli 3.0.9 → 3.1.0

package/bin/.generated

@@ -0,0 +1,25 @@
+================================================================================
+⚠️  GENERATED CODE - DO NOT EDIT
+================================================================================
+
+This directory contains GENERATED build output.
+
+All JavaScript files here are compiled from TypeScript sources.
+Manual edits will be OVERWRITTEN on the next build.
+
+SOURCE OF TRUTH:
+  packages/cli/src/           TypeScript CLI source
+  packages/cli/src/commands/  Command implementations
+  packages/cli/src/index.ts   Main entry point
+
+TO MAKE CHANGES:
+  1. Edit the TypeScript source in packages/cli/src/
+  2. Run: pnpm build
+  3. Changes will be reflected here automatically
+
+BUILD COMMAND:
+  pnpm --filter @vibecheck/cli build
+
+================================================================================
+Generated: 2026-01-17
+================================================================================

package/bin/registry.js

@@ -0,0 +1,105 @@
+/**
+ * Vibecheck CLI Command Registry
+ * 
+ * Single source of truth for all CLI commands.
+ * Tiers match entitlements-v2.js EXACTLY.
+ * 
+ * @module bin/registry
+ */
+
+"use strict";
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// COMMAND REGISTRY - Tiers match entitlements-v2.js EXACTLY
+// ═══════════════════════════════════════════════════════════════════════════════
+const COMMANDS = {
+  // PROOF LOOP
+  scan: { description: "Static analysis - routes, secrets, contracts", tier: "free", category: "proof", aliases: ["s", "check"], runner: () => require("./runners/runScan").runScan },
+  ship: { description: "Verdict engine - SHIP / WARN / BLOCK", tier: "free", category: "proof", aliases: ["verdict"], caps: "static-only on FREE", runner: () => require("./runners/runShip").runShip },
+  reality: { description: "Runtime proof - Playwright clicks every button", tier: "free", category: "proof", aliases: ["r", "test", "e2e"], caps: "preview mode on FREE (5 pages, no auth)", runner: () => { try { return require("./runners/runReality").runReality; } catch (e) { return async () => { console.error("Reality runner unavailable:", e.message); return 1; }; } } },
+  prove: { description: "Full proof loop - ctx → reality → ship → fix", tier: "pro", category: "proof", aliases: ["p", "full", "all"], runner: () => require("./runners/runProve").runProve },
+  fix: { description: "AI-powered auto-fix", tier: "free", category: "proof", caps: "--plan-only on FREE/PRO", aliases: ["f", "repair"], runner: () => require("./runners/runFix").runFix },
+  report: { description: "Generate HTML/MD/SARIF reports", tier: "free", category: "proof", caps: "HTML/MD only on FREE", aliases: ["html", "artifact"], runner: () => require("./runners/runReport").runReport },
+  replay: { description: "Record and replay user sessions", tier: "pro", category: "proof", aliases: ["record", "playback"], runner: () => async (args) => { try { const { runReplay } = require("./runners/runReplay"); return await runReplay(args); } catch (e) { if (args && (args.includes("--help") || args.includes("-h") || args.length === 0)) { console.log("\n  vibecheck replay - Record and replay user sessions\n\n  Subcommands:\n    record <url>     Record a user session\n    play <capsule>   Replay a recorded session\n    list             List available replay capsules\n    show <id>        Show details of a replay capsule\n    delete <id>      Delete a replay capsule\n    export <id>      Export a replay capsule\n    import <file>    Import a replay capsule\n\n  Note: Requires 'chalk' and 'playwright' dependencies.\n  Install: npm install chalk playwright\n"); return 0; } console.error("Replay runner error:", e.message); return 1; } } },
+  permissions: { description: "AuthZ matrix & IDOR detection", tier: "complete", category: "proof", aliases: ["authz", "idor"], runner: () => require("./runners/runPermissions").runPermissions },
+  graph: { description: "Reality proof graph visualization", tier: "complete", category: "proof", aliases: ["graphviz", "causal"], runner: () => require("./runners/runGraph").runGraph },
+  
+  // SETUP & DX
+  install: { description: "Zero-friction onboarding", tier: "free", category: "setup", aliases: ["i", "bootstrap"], runner: () => require("./runners/runInstall").runInstall },
+  init: { description: "Project setup wizard", tier: "free", category: "setup", aliases: ["setup", "configure"], runner: () => require("./runners/runInit").runInit },
+  doctor: { description: "Environment diagnostics", tier: "free", category: "setup", aliases: ["health", "diag"], runner: () => require("./runners/runDoctor").runDoctor },
+  status: { description: "Project health dashboard", tier: "free", category: "setup", aliases: ["st"], runner: () => require("./runners/runStatus").runStatus },
+  watch: { description: "Continuous mode - re-runs on changes", tier: "free", category: "setup", aliases: ["w", "dev"], runner: () => require("./runners/runWatch").runWatch },
+  launch: { description: "Pre-launch checklist wizard", tier: "starter", category: "setup", aliases: ["checklist", "preflight"], runner: () => require("./runners/runLaunch").runLaunch },
+  preflight: { description: "Deployment validation checks", tier: "free", category: "setup", aliases: ["validate", "check"], runner: () => require("./runners/runPreflight").runPreflight },
+  
+  // AI TRUTH
+  ctx: { description: "Generate truthpack for AI agents", tier: "free", category: "truth", aliases: ["truthpack", "tp"], subcommands: ["build", "diff", "guard", "sync", "search"], runner: () => require("./runners/runCtx").runCtx },
+  guard: { description: "Validate AI claims against truth", tier: "free", category: "truth", aliases: ["validate", "trust"], runner: () => require("./runners/runGuard").runGuard },
+  verify: { description: "Verify AI-generated code output", tier: "free", category: "truth", aliases: ["v", "check-output"], runner: () => require("./runners/runVerify").main },
+  context: { description: "Generate .cursorrules, .windsurf/rules", tier: "free", category: "truth", aliases: ["rules", "ai-rules"], runner: () => require("./runners/runContext").runContext },
+  mdc: { description: "Generate MDC specifications", tier: "free", category: "truth", aliases: [], runner: () => require("./runners/runMdc").runMdc },
+  
+  // CI & COLLABORATION (STARTER+)
+  gate: { description: "CI/CD gate - blocks deploys on failures", tier: "starter", category: "ci", aliases: ["ci", "block"], runner: () => require("./runners/runGate").runGate },
+  pr: { description: "Generate PR comment with findings", tier: "starter", category: "ci", aliases: ["pull-request"], runner: () => require("./runners/runPR").runPR },
+  badge: { description: "Generate ship badge for README", tier: "starter", category: "ci", aliases: ["b"], runner: () => require("./runners/runBadge").runBadge },
+  
+  // AUTOMATION (STARTER+/PRO)
+  mcp: { description: "Start MCP server for AI IDEs", tier: "starter", category: "automation", aliases: [], runner: () => require("./runners/runMcp").runMcp },
+  share: { description: "Generate share pack for PR/docs", tier: "pro", category: "automation", aliases: [], runner: () => require("./runners/runShare").runShare },
+  "ai-test": { description: "AI autonomous test generation", tier: "pro", category: "automation", aliases: ["ai", "agent"], runner: () => require("./runners/runAIAgent").runAIAgent },
+  
+  // ACCOUNT (always free)
+  login: { description: "Authenticate with API key", tier: "free", category: "account", aliases: ["auth", "signin"], runner: () => require("./runners/runAuth").runLogin, skipAuth: true },
+  logout: { description: "Remove stored credentials", tier: "free", category: "account", aliases: ["signout"], runner: () => require("./runners/runAuth").runLogout, skipAuth: true },
+  whoami: { description: "Show current user and plan", tier: "free", category: "account", aliases: ["me", "user"], runner: () => require("./runners/runAuth").runWhoami, skipAuth: true },
+  
+  // EXTRAS
+  labs: { description: "Experimental features", tier: "free", category: "extras", aliases: ["experimental", "beta"], runner: () => require("./runners/runLabs").runLabs },
+};
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// DERIVED DATA STRUCTURES
+// ═══════════════════════════════════════════════════════════════════════════════
+const ALIAS_MAP = {};
+for (const [cmd, def] of Object.entries(COMMANDS)) { 
+  for (const alias of def.aliases || []) ALIAS_MAP[alias] = cmd; 
+}
+
+const ALL_COMMANDS = [...Object.keys(COMMANDS), ...Object.values(COMMANDS).flatMap(c => c.aliases || [])];
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// RUNNER LOADER
+// ═══════════════════════════════════════════════════════════════════════════════
+/**
+ * Get runner function for a command
+ * @param {string} cmd - Command name
+ * @param {object} styles - Optional styling object with { red, reset, errorSymbol }
+ * @returns {Function|null} Runner function or null if not found
+ */
+function getRunner(cmd, styles = {}) {
+  const def = COMMANDS[cmd];
+  if (!def) return null;
+  const red = styles.red || "";
+  const reset = styles.reset || "";
+  const errorSym = styles.errorSymbol || "✗";
+  try { 
+    return def.runner(); 
+  } catch (e) { 
+    return async () => { 
+      console.error(`${red}${errorSym}${reset} Failed to load ${cmd}: ${e.message}`); 
+      return 1; 
+    }; 
+  }
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// EXPORTS
+// ═══════════════════════════════════════════════════════════════════════════════
+module.exports = {
+  COMMANDS,
+  ALIAS_MAP,
+  ALL_COMMANDS,
+  getRunner,
+};

package/bin/runners/lib/cli-output.js

@@ -0,0 +1,368 @@
+/**
+ * CLI Output Utilities - World-Class Consistency
+ * 
+ * Provides standardized JSON output, run ID generation,
+ * and artifact management for all CLI commands.
+ */
+
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const crypto = require("crypto");
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// RUN ID GENERATION
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Generate a unique run ID for tracking
+ */
+function generateRunId() {
+  return crypto.randomUUID();
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// OUTPUT DIRECTORY MANAGEMENT
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Get run directory paths
+ */
+function getRunPaths(runId, projectPath = process.cwd()) {
+  const runDir = path.join(projectPath, ".vibecheck", "runs", runId);
+  const artifactsDir = path.join(runDir, "artifacts");
+  
+  // Ensure directories exist
+  if (!fs.existsSync(runDir)) fs.mkdirSync(runDir, { recursive: true });
+  if (!fs.existsSync(artifactsDir)) fs.mkdirSync(artifactsDir, { recursive: true });
+  
+  return {
+    runDir,
+    artifactsDir,
+    manifestPath: path.join(runDir, "manifest.json"),
+    commandPath: path.join(runDir, "command.json"),
+  };
+}
+
+/**
+ * Save artifact to run directory
+ */
+function saveArtifact(runId, name, data, type = "json") {
+  const { artifactsDir } = getRunPaths(runId);
+  const artifactPath = path.join(artifactsDir, `${name}.${type}`);
+  
+  if (type === "json") {
+    fs.writeFileSync(artifactPath, JSON.stringify(data, null, 2));
+  } else {
+    fs.writeFileSync(artifactPath, data);
+  }
+  
+  return artifactPath;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// JSON OUTPUT SCHEMA
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Create standardized JSON output
+ */
+function createJsonOutput(options) {
+  const {
+    runId,
+    command,
+    startTime,
+    exitCode,
+    verdict,
+    result = {},
+    tier = "free",
+    version = "1.0.0",
+    projectPath = process.cwd(),
+    artifacts = [],
+  } = options;
+  
+  const output = {
+    runId,
+    command,
+    timestamp: new Date().toISOString(),
+    duration: startTime ? Date.now() - new Date(startTime).getTime() : null,
+    exitCode,
+    verdict,
+    result,
+    meta: {
+      tier,
+      version,
+      path: projectPath,
+    },
+    artifacts: artifacts.map(art => ({
+      type: art.type,
+      path: path.relative(projectPath, art.path),
+      description: art.description,
+    })),
+  };
+  
+  return output;
+}
+
+/**
+ * Write JSON output to file or stdout
+ */
+function writeJsonOutput(output, outputPath) {
+  const jsonString = JSON.stringify(output, null, 2);
+  
+  if (outputPath) {
+    fs.writeFileSync(outputPath, jsonString);
+    return outputPath;
+  } else {
+    console.log(jsonString);
+    return null;
+  }
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// VERDCT MAPPING
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Map exit codes to verdict strings
+ */
+function exitCodeToVerdict(exitCode) {
+  switch (exitCode) {
+    case 0: return "SHIP";
+    case 1: return "WARN";
+    case 2: return "BLOCK";
+    case 3: return "FEATURE_DENIED";
+    case 4: return "INVALID_INPUT";
+    case 5: return "INTERNAL_ERROR";
+    default: return "UNKNOWN";
+  }
+}
+
+/**
+ * Map verdict to exit code
+ */
+function verdictToExitCode(verdict) {
+  switch (verdict?.toUpperCase()) {
+    case "SHIP": return 0;
+    case "WARN": return 1;
+    case "BLOCK": return 2;
+    case "FEATURE_DENIED": return 3;
+    case "INVALID_INPUT": return 4;
+    case "INTERNAL_ERROR": return 5;
+    default: return 5;
+  }
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// COMMAND WRAPPER
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Wrap a command runner with standard output handling
+ */
+async function withStandardOutput(commandFn, options = {}) {
+  const {
+    command,
+    startTime = new Date().toISOString(),
+    runId = generateRunId(),
+    json = false,
+    output = null,
+    ci = false,
+    verbose = false,
+    tier = "free",
+    version = "1.0.0",
+  } = options;
+  
+  // Initialize paths
+  const paths = getRunPaths(runId);
+  const artifacts = [];
+  
+  try {
+    // Run the command
+    const result = await commandFn({
+      runId,
+      paths,
+      saveArtifact: (name, data, type) => {
+        const artifactPath = saveArtifact(runId, name, data, type);
+        artifacts.push({
+          type,
+          path: artifactPath,
+          description: `${name} artifact`,
+        });
+        return artifactPath;
+      },
+    });
+    
+    // Extract exit code and verdict
+    const exitCode = typeof result === "number" ? result : result.exitCode || 0;
+    const verdict = result.verdict || exitCodeToVerdict(exitCode);
+    
+    // Create JSON output if requested
+    if (json) {
+      const jsonOutput = createJsonOutput({
+        runId,
+        command,
+        startTime,
+        exitCode,
+        verdict,
+        result: typeof result === "object" ? result : {},
+        tier,
+        version,
+        artifacts,
+      });
+      
+      writeJsonOutput(jsonOutput, output);
+    }
+    
+    // Save command output to run directory
+    const commandOutput = {
+      exitCode,
+      verdict,
+      result: typeof result === "object" ? result : {},
+      artifacts,
+    };
+    fs.writeFileSync(paths.commandPath, JSON.stringify(commandOutput, null, 2));
+    
+    // Update stable pointer
+    const lastPath = path.join(process.cwd(), ".vibecheck", "last", `${command}.json`);
+    if (!fs.existsSync(path.dirname(lastPath))) {
+      fs.mkdirSync(path.dirname(lastPath), { recursive: true });
+    }
+    fs.writeFileSync(lastPath, JSON.stringify(commandOutput, null, 2));
+    
+    return exitCode;
+  } catch (error) {
+    // Handle errors consistently
+    const exitCode = error.exitCode || 5;
+    const verdict = "INTERNAL_ERROR";
+    
+    if (json) {
+      const jsonOutput = createJsonOutput({
+        runId,
+        command,
+        startTime,
+        exitCode,
+        verdict,
+        result: {
+          error: error.message,
+          stack: error.stack,
+        },
+        tier,
+        version,
+        artifacts,
+      });
+      
+      writeJsonOutput(jsonOutput, output);
+    }
+    
+    // Save error to run directory
+    const commandOutput = {
+      exitCode,
+      verdict,
+      error: error.message,
+      artifacts,
+    };
+    fs.writeFileSync(paths.commandPath, JSON.stringify(commandOutput, null, 2));
+    
+    throw error;
+  }
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// STANDARD FLAGS PARSER
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Parse standard CLI flags
+ */
+function parseStandardFlags(args) {
+  const flags = {
+    json: false,
+    ci: false,
+    path: process.cwd(),
+    output: null,
+    verbose: false,
+    strict: false,
+    help: false,
+    version: false,
+    debug: false,
+    quiet: false,
+  };
+  
+  const parsed = args.filter(arg => {
+    switch (arg) {
+      case "--json":
+      case "-j":
+        flags.json = true;
+        return false;
+      case "--ci":
+        flags.ci = true;
+        return false;
+      case "--verbose":
+      case "-v":
+        flags.verbose = true;
+        return false;
+      case "--strict":
+        flags.strict = true;
+        return false;
+      case "--help":
+      case "-h":
+        flags.help = true;
+        return false;
+      case "--version":
+      case "-V":
+        flags.version = true;
+        return false;
+      case "--debug":
+      case "-d":
+        flags.debug = true;
+        return false;
+      case "--quiet":
+      case "-q":
+        flags.quiet = true;
+        return false;
+      default:
+        if (arg.startsWith("--path=")) {
+          flags.path = arg.split("=")[1];
+          return false;
+        } else if (arg.startsWith("-p")) {
+          const idx = args.indexOf(arg);
+          if (idx < args.length - 1) {
+            flags.path = args[idx + 1];
+            args.splice(idx, 2);
+            return false;
+          }
+        } else if (arg.startsWith("--output=")) {
+          flags.output = arg.split("=")[1];
+          return false;
+        } else if (arg.startsWith("-o")) {
+          const idx = args.indexOf(arg);
+          if (idx < args.length - 1) {
+            flags.output = args[idx + 1];
+            args.splice(idx, 2);
+            return false;
+          }
+        }
+        return true;
+    }
+  });
+  
+  return { flags, parsed };
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// EXPORTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+module.exports = {
+  generateRunId,
+  getRunPaths,
+  saveArtifact,
+  createJsonOutput,
+  writeJsonOutput,
+  exitCodeToVerdict,
+  verdictToExitCode,
+  withStandardOutput,
+  parseStandardFlags,
+};

package/bin/runners/lib/entitlements-v2.js

@@ -17,9 +17,8 @@
  * 
  * Tiers:
  * - FREE ($0): Basic scanning and validation
- * - STARTER ($29/repo/mo): CI gates, launch, PR, badge, MCP
  * - PRO ($99/repo/mo): Full fix, prove, ai-test, share, advanced reality
- * - ENTERPRISE: Custom (placeholder only)
+ * - COMPLETE ($199/repo/mo): Everything including permissions, graph, advanced compliance
  */
 
 "use strict";
@@ -44,7 +43,7 @@ const TIERS = {
   free: { name: "FREE", price: 0, order: 0 },
   starter: { name: "STARTER", price: 29, order: 1 },
   pro: { name: "PRO", price: 99, order: 2 },
-  enterprise: { name: "ENTERPRISE", price: 499, order: 3 },
+  complete: { name: "COMPLETE", price: 199, order: 3 },
 };
 
 // ═══════════════════════════════════════════════════════════════════════════════
@@ -56,13 +55,13 @@ const ENTITLEMENTS = {
   "scan": { minTier: "free" },
   "ship": { minTier: "free", caps: { free: "static-only" } },
   "ship.static": { minTier: "free" },
-  "ship.full": { minTier: "starter" },
+  "ship.full": { minTier: "pro" },
   
   // Reality testing
   "reality": { minTier: "free", downgrade: "reality.preview" },
   "reality.preview": { minTier: "free", caps: { free: { maxPages: 5, maxClicks: 20, noAuthBoundary: true } } },
-  "reality.full": { minTier: "starter" },
-  "reality.advanced_auth_boundary": { minTier: "pro" },
+  "reality.full": { minTier: "pro" },
+  "reality.advanced_auth_boundary": { minTier: "complete" },
   
   // Prove command
   "prove": { minTier: "pro" },
@@ -70,13 +69,13 @@ const ENTITLEMENTS = {
   // Fix command
   "fix": { minTier: "free", downgrade: "fix.plan_only" },
   "fix.plan_only": { minTier: "free" },
-  "fix.apply_patches": { minTier: "pro" },
+  "fix.apply_patches": { minTier: "complete" },
   
   // Report formats
   "report": { minTier: "free", downgrade: "report.html_md" },
   "report.html_md": { minTier: "free" },
-  "report.sarif_csv": { minTier: "starter" },
-  "report.compliance_packs": { minTier: "pro" },
+  "report.sarif_csv": { minTier: "pro" },
+  "report.compliance_packs": { minTier: "complete" },
   
   // Setup & DX
   "install": { minTier: "free" },
@@ -91,16 +90,22 @@ const ENTITLEMENTS = {
   "context": { minTier: "free" },
   "mdc": { minTier: "free" },
   
-  // CI & Collaboration (STARTER+)
+  // PRO only
+  "replay": { minTier: "pro" },
+  "share": { minTier: "pro" },
+  "ai-test": { minTier: "pro" },
+  
+  // STARTER and above
   "gate": { minTier: "starter" },
-  "launch": { minTier: "starter" },
   "pr": { minTier: "starter" },
   "badge": { minTier: "starter" },
-  "mcp": { minTier: "starter" },
+  "launch": { minTier: "starter" },
+  "mcp": { minTier: "starter", downgrade: "mcp.help_only" },
+  "mcp.help_only": { minTier: "free", caps: { free: "help and print-config only" } },
   
-  // PRO only
-  "share": { minTier: "pro" },
-  "ai-test": { minTier: "pro" },
+  // COMPLETE only
+  "permissions": { minTier: "complete" },
+  "graph": { minTier: "complete" },
   
   // Account (always free)
   "login": { minTier: "free" },
@@ -124,31 +129,22 @@ const LIMITS = {
     scansPerMonth: 50,
     shipChecksPerMonth: 20,
   },
-  starter: {
-    realityMaxPages: 50,
-    realityMaxClicks: 500,
-    realityAuthBoundary: true,
-    reportFormats: ["html", "md", "sarif", "csv"],
-    fixApplyPatches: false,
-    scansPerMonth: -1, // unlimited
-    shipChecksPerMonth: -1,
-  },
   pro: {
     realityMaxPages: -1, // unlimited
     realityMaxClicks: -1,
     realityAuthBoundary: true,
-    realityAdvancedAuth: true,
-    reportFormats: ["html", "md", "sarif", "csv", "compliance"],
-    fixApplyPatches: true,
-    scansPerMonth: -1,
+    realityAdvancedAuth: false,
+    reportFormats: ["html", "md", "sarif", "csv"],
+    fixApplyPatches: false,
+    scansPerMonth: -1, // unlimited
     shipChecksPerMonth: -1,
   },
-  enterprise: {
+  complete: {
     realityMaxPages: -1,
     realityMaxClicks: -1,
     realityAuthBoundary: true,
     realityAdvancedAuth: true,
-    reportFormats: ["html", "md", "sarif", "csv", "compliance", "custom"],
+    reportFormats: ["html", "md", "sarif", "csv", "compliance"],
     fixApplyPatches: true,
     scansPerMonth: -1,
     shipChecksPerMonth: -1,