@vibecheckai/cli 3.1.2 → 3.1.4

package/mcp-server/tier-auth.js

@@ -8,27 +8,144 @@ import fs from "fs/promises";
 import path from "path";
 import os from "os";
 
-// Tier definitions
+// Tier definitions - MUST MATCH CLI entitlements-v2.js
 export const TIERS = {
   free: {
-    name: 'Free',
-    features: ['verify', 'quality', 'hallucination'],
-    limits: { scans: 10, projects: 1 }
+    name: 'FREE',
+    price: 0,
+    order: 0,
+    features: [
+      // Core commands
+      'scan', 'ship', 'ship.static',
+      // Setup
+      'init', 'init.local', 'doctor', 'status', 'install', 'preflight', 'watch', 'watch.local',
+      // AI Truth
+      'ctx', 'guard', 'context', 'mdc', 'contracts',
+      // Quality
+      'verify', 'quality', 'polish', 'checkpoint', 'checkpoint.basic',
+      // Fix (plan only)
+      'fix', 'fix.plan_only',
+      // Reality (preview)
+      'reality', 'reality.preview',
+      // MCP (help only)
+      'mcp.help_only',
+      // Report (html/md only)
+      'report', 'report.html_md',
+    ],
+    limits: { 
+      scans: 50, 
+      shipChecks: 20, 
+      realityMaxPages: 5, 
+      realityMaxClicks: 20, 
+      fixApplyPatches: false,
+      mcpRateLimit: 10, // requests per minute
+    },
+    // MCP tools allowed on FREE
+    mcpTools: ['vibecheck.status', 'vibecheck.get_truthpack'],
   },
   starter: {
-    name: 'Starter', 
-    features: ['verify', 'quality', 'hallucination', 'smells', 'breaking'],
-    limits: { scans: 100, projects: 3 }
+    name: 'STARTER',
+    price: 39, // Updated pricing
+    order: 1,
+    features: [
+      // All FREE features plus...
+      // Init connect
+      'init.connect',
+      // Scan autofix
+      'scan.autofix',
+      // CI/CD
+      'gate', 'pr', 'badge', 'launch', 'dashboard_sync',
+      // Watch PR
+      'watch.pr',
+      // Report formats
+      'report.sarif_csv',
+      // Reality basic
+      'reality.basic',
+      // MCP read-only
+      'mcp', 'mcp.read_only',
+      // Ship full
+      'ship.full',
+    ],
+    limits: { 
+      scans: -1, 
+      shipChecks: -1, 
+      realityMaxPages: 50, 
+      realityMaxClicks: 200, 
+      fixApplyPatches: false,
+      mcpRateLimit: 60, // requests per minute
+    },
+    // MCP tools allowed on STARTER (read-only safe tools)
+    mcpTools: [
+      'vibecheck.status',
+      'vibecheck.get_truthpack',
+      'vibecheck.scan',
+      'vibecheck.list_routes',
+      'vibecheck.list_env',
+      'vibecheck.get_findings',
+      'vibecheck.contracts_diff',
+      'vibecheck.validate_claim',
+      'vibecheck.compile_context',
+    ],
   },
   pro: {
-    name: 'Professional',
-    features: ['verify', 'quality', 'hallucination', 'smells', 'breaking', 'mdc'],
-    limits: { scans: 1000, projects: 10 }
+    name: 'PRO',
+    price: 99,
+    order: 2,
+    features: [
+      // All STARTER features plus...
+      // Prove
+      'prove',
+      // Fix apply
+      'fix.apply_patches', 'fix.loop',
+      // Checkpoint advanced
+      'checkpoint.hallucination',
+      // Reality advanced
+      'reality.full', 'reality.advanced_auth_boundary',
+      // Premium
+      'replay', 'share', 'ai-test', 'permissions', 'graph',
+      // MCP full
+      'mcp.full',
+    ],
+    limits: { 
+      scans: -1, 
+      shipChecks: -1, 
+      realityMaxPages: -1, 
+      realityMaxClicks: -1, 
+      fixApplyPatches: true,
+      mcpRateLimit: -1, // unlimited
+    },
+    // MCP tools allowed on PRO (full suite)
+    mcpTools: [
+      // All STARTER tools plus...
+      'vibecheck.generate_mission',
+      'vibecheck.verify_patch',
+      'vibecheck.explain_evidence',
+      'vibecheck.fix',
+      'vibecheck.proof',
+      'vibecheck.prove',
+      'vibecheck.ship',
+      'vibecheck.reality',
+      'vibecheck.permissions',
+      'vibecheck.graph',
+    ],
   },
-  enterprise: {
-    name: 'Enterprise',
-    features: ['verify', 'quality', 'hallucination', 'smells', 'breaking', 'mdc'],
-    limits: { scans: -1, projects: -1 } // unlimited
+  compliance: {
+    name: 'COMPLIANCE',
+    price: 0, // Enterprise/on-prem
+    order: 3,
+    features: [
+      // All PRO features plus...
+      'report.compliance_packs',
+    ],
+    limits: { 
+      scans: -1, 
+      shipChecks: -1, 
+      realityMaxPages: -1, 
+      realityMaxClicks: -1, 
+      fixApplyPatches: true,
+      mcpRateLimit: -1,
+    },
+    mcpTools: ['*'], // All tools
   }
 };
 
@@ -47,20 +164,25 @@ async function loadUserConfig() {
 
 /**
  * Determine tier from API key
+ * Matches CLI entitlements-v2.js logic
  */
 function getTierFromApiKey(apiKey) {
   if (!apiKey) return 'free';
   
+  // Check API key prefix patterns (matches CLI)
   if (apiKey.startsWith('gr_starter_')) return 'starter';
   if (apiKey.startsWith('gr_pro_')) return 'pro';
-  if (apiKey.startsWith('gr_ent_')) return 'enterprise';
+  if (apiKey.startsWith('gr_compliance_') || apiKey.startsWith('gr_ent_')) return 'compliance';
   if (apiKey.startsWith('gr_free_')) return 'free';
   
+  // Try to fetch from API (same as CLI)
+  // For now, default to free - API lookup would happen in production
   return 'free'; // default for unknown keys
 }
 
 /**
  * Check if user has access to a specific feature
+ * Matches CLI entitlements-v2.js logic
  */
 export async function checkFeatureAccess(featureName, providedApiKey = null) {
   // Try to load user config
@@ -76,25 +198,47 @@ export async function checkFeatureAccess(featureName, providedApiKey = null) {
     };
   }
   
-  const tier = getTierFromApiKey(apiKey);
-  const tierConfig = TIERS[tier];
+  const currentTier = getTierFromApiKey(apiKey);
+  const currentTierConfig = TIERS[currentTier];
   
-  if (!tierConfig.features.includes(featureName)) {
-    const requiredTier = Object.entries(TIERS).find(([_, config]) => 
-      config.features.includes(featureName)
-    )?.[0];
-    
+  // Find which tier has this feature
+  let requiredTier = null;
+  let requiredTierConfig = null;
+  
+  for (const [tierName, tierConfig] of Object.entries(TIERS)) {
+    if (tierConfig.features.includes(featureName)) {
+      requiredTier = tierName;
+      requiredTierConfig = tierConfig;
+      break;
+    }
+  }
+  
+  // If feature not found in any tier, deny access
+  if (!requiredTier) {
     return {
       hasAccess: false,
-      tier,
-      reason: `${featureName} requires ${requiredTier} tier or higher`,
+      tier: currentTier,
+      reason: `${featureName} is not available in any tier`,
+      upgradeUrl: 'https://vibecheckai.dev/pricing'
+    };
+  }
+  
+  // Check if current tier meets minimum requirement (using order)
+  const hasAccess = currentTierConfig.order >= requiredTierConfig.order;
+  
+  if (!hasAccess) {
+    return {
+      hasAccess: false,
+      tier: currentTier,
+      requiredTier,
+      reason: `${featureName} requires ${requiredTierConfig.name} tier ($${requiredTierConfig.price}/mo) or higher. Current tier: ${currentTierConfig.name}`,
       upgradeUrl: 'https://vibecheckai.dev/pricing'
     };
   }
   
   return {
     hasAccess: true,
-    tier,
+    tier: currentTier,
     reason: 'Access granted'
   };
 }
@@ -122,6 +266,93 @@ export function withTierCheck(featureName, handler) {
   };
 }
 
+/**
+ * Check if user has access to a specific MCP tool
+ * MCP tools have specific tier requirements separate from CLI features
+ */
+export async function checkMcpToolAccess(toolName, providedApiKey = null) {
+  const userConfig = await loadUserConfig();
+  const apiKey = providedApiKey || userConfig?.apiKey;
+  
+  const currentTier = getTierFromApiKey(apiKey);
+  const currentTierConfig = TIERS[currentTier];
+  
+  // Check if tool is allowed for current tier
+  const allowedTools = [];
+  
+  // Accumulate tools from current tier and all lower tiers
+  for (const [tierName, tierConfig] of Object.entries(TIERS)) {
+    if (tierConfig.order <= currentTierConfig.order) {
+      if (tierConfig.mcpTools) {
+        if (tierConfig.mcpTools.includes('*')) {
+          // Compliance tier - all tools allowed
+          return {
+            hasAccess: true,
+            tier: currentTier,
+            reason: 'Full MCP access'
+          };
+        }
+        allowedTools.push(...tierConfig.mcpTools);
+      }
+    }
+  }
+  
+  // Check if tool is in allowed list
+  const hasAccess = allowedTools.includes(toolName);
+  
+  if (!hasAccess) {
+    // Find which tier has this tool
+    let requiredTier = null;
+    for (const [tierName, tierConfig] of Object.entries(TIERS)) {
+      if (tierConfig.mcpTools?.includes(toolName) || tierConfig.mcpTools?.includes('*')) {
+        requiredTier = tierName;
+        break;
+      }
+    }
+    
+    const requiredTierConfig = requiredTier ? TIERS[requiredTier] : null;
+    
+    return {
+      hasAccess: false,
+      tier: currentTier,
+      requiredTier,
+      reason: requiredTierConfig 
+        ? `${toolName} requires ${requiredTierConfig.name} tier ($${requiredTierConfig.price}/mo). Current: ${currentTierConfig.name}`
+        : `${toolName} is not available`,
+      upgradeUrl: 'https://vibecheckai.dev/pricing'
+    };
+  }
+  
+  return {
+    hasAccess: true,
+    tier: currentTier,
+    reason: 'Access granted'
+  };
+}
+
+/**
+ * Middleware for MCP tool handlers with tool-specific checking
+ */
+export function withMcpToolCheck(toolName, handler) {
+  return async (args) => {
+    const access = await checkMcpToolAccess(toolName, args?.apiKey);
+    
+    if (!access.hasAccess) {
+      return {
+        content: [{
+          type: "text",
+          text: `🚫 UPGRADE REQUIRED\n\n${access.reason}\n\nUpgrade at: ${access.upgradeUrl}`
+        }],
+        isError: true
+      };
+    }
+    
+    // Add tier info to args for the handler
+    args._tier = access.tier;
+    return handler(args);
+  };
+}
+
 /**
  * Get current user info
  */
@@ -136,12 +367,46 @@ export async function getUserInfo() {
   }
   
   const tier = getTierFromApiKey(config.apiKey);
+  const tierConfig = TIERS[tier];
+  
   return {
     authenticated: true,
     tier,
     email: config.email,
     authenticatedAt: config.authenticatedAt,
-    features: TIERS[tier].features,
-    limits: TIERS[tier].limits
+    features: tierConfig.features,
+    limits: tierConfig.limits,
+    mcpTools: tierConfig.mcpTools,
+  };
+}
+
+/**
+ * Get list of MCP tools available for current tier
+ */
+export async function getAvailableMcpTools(providedApiKey = null) {
+  const userConfig = await loadUserConfig();
+  const apiKey = providedApiKey || userConfig?.apiKey;
+  
+  const currentTier = getTierFromApiKey(apiKey);
+  const currentTierConfig = TIERS[currentTier];
+  
+  const allowedTools = new Set();
+  
+  // Accumulate tools from current tier and all lower tiers
+  for (const [tierName, tierConfig] of Object.entries(TIERS)) {
+    if (tierConfig.order <= currentTierConfig.order) {
+      if (tierConfig.mcpTools) {
+        if (tierConfig.mcpTools.includes('*')) {
+          return { tier: currentTier, tools: ['*'], unlimited: true };
+        }
+        tierConfig.mcpTools.forEach(t => allowedTools.add(t));
+      }
+    }
+  }
+  
+  return {
+    tier: currentTier,
+    tools: Array.from(allowedTools),
+    unlimited: false
   };
 }

package/mcp-server/vibecheck-tools.js

@@ -278,16 +278,16 @@ export const VIBECHECK_TOOLS = [
 export async function handleVibecheckTool(toolName, args) {
   const projectPath = path.resolve(args.projectPath || ".");
 
-  // Map tools to required features
+  // Map tools to required features (matches CLI entitlements-v2.js)
   const featureMap = {
-    "vibecheck.verify": "verify",
-    "vibecheck.quality": "quality", 
-    "vibecheck.smells": "smells",
-    "vibecheck.hallucination": "hallucination",
-    "vibecheck.breaking": "breaking",
-    "vibecheck.mdc": "mdc",
-    "vibecheck.coverage": "quality", // map to quality tier
-    "vibecheck.autofix": "smells" // map to smells tier (fix requires starter+)
+    "vibecheck.verify": "verify", // FREE
+    "vibecheck.quality": "quality", // FREE
+    "vibecheck.smells": "smells", // STARTER
+    "vibecheck.hallucination": "hallucination", // FREE
+    "vibecheck.breaking": "breaking", // STARTER
+    "vibecheck.mdc": "mdc", // FREE
+    "vibecheck.coverage": "quality", // FREE
+    "vibecheck.autofix": "fix.apply_patches" // PRO (auto-apply requires PRO)
   };
 
   const requiredFeature = featureMap[toolName];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vibecheckai/cli",
-  "version": "3.1.2",
+  "version": "3.1.4",
   "description": "Vibecheck CLI - Ship with confidence. One verdict: SHIP | WARN | BLOCK.",
   "main": "bin/vibecheck.js",
   "bin": {