@vibecheckai/cli 3.1.6 → 3.2.0

package/bin/runners/runCheckpoint.js

@@ -213,6 +213,8 @@ function parseArgs(args) {
     current: null,
     hallucination: false,
     save: false,
+    gate: false,        // Exit non-zero on regressions (for CI)
+    preCommit: false,   // Pre-commit mode - fast check with minimal output
     path: process.cwd(),
   };
   
@@ -224,6 +226,8 @@ function parseArgs(args) {
     else if (arg === '--current' || arg === '-c') opts.current = args[++i];
     else if (arg === '--hallucination' || arg === '--hall') opts.hallucination = true;
     else if (arg === '--save' || arg === '-s') opts.save = true;
+    else if (arg === '--gate') opts.gate = true;
+    else if (arg === '--pre-commit') opts.preCommit = true;
     else if (arg === '--path' || arg === '-p') opts.path = args[++i];
     else if (!arg.startsWith('-')) opts.path = arg;
   }
@@ -245,15 +249,22 @@ ${c.bold}OPTIONS${c.reset}
   -c, --current <file>    Path to current results file (default: latest)
   --hallucination         Include hallucination scoring ${c.magenta}[PRO]${c.reset}
   -s, --save              Save checkpoint to .vibecheck/checkpoints/
+  --gate                  Exit non-zero on regressions (for CI)
+  --pre-commit            Pre-commit mode - fast check with minimal output
   --json                  Output as JSON
   -p, --path <dir>        Project path (default: current directory)
   -h, --help              Show this help
 
+${c.bold}CI INTEGRATION${c.reset}
+  vibecheck checkpoint --gate                       # Fail CI on regressions
+  vibecheck checkpoint --pre-commit                 # Fast check for git hooks
+
 ${c.bold}EXAMPLES${c.reset}
   vibecheck checkpoint                              # Compare latest vs baseline
   vibecheck checkpoint --baseline scan-v1.json      # Use specific baseline
   vibecheck checkpoint --hallucination              # Include AI hallucination check
   vibecheck checkpoint --save                       # Save checkpoint report
+  vibecheck checkpoint --gate --json                # CI: exit 1 on regressions
 
 ${c.bold}OUTPUT${c.reset}
   • Fixed issues - Issues resolved since baseline
@@ -261,6 +272,10 @@ ${c.bold}OUTPUT${c.reset}
   • Regressions - New issues introduced
   • Hallucination score - AI-generated code issues ${c.magenta}[PRO]${c.reset}
 
+${c.bold}EXIT CODES${c.reset}
+  0  No regressions (or --gate not specified)
+  1  Regressions detected (with --gate flag)
+
 ${c.bold}TIER${c.reset}
   ${c.cyan}FREE${c.reset}  Basic comparison (fixed, remaining, regressions)
   ${c.magenta}PRO${c.reset}   + Hallucination scoring
@@ -382,10 +397,29 @@ async function runCheckpoint(args) {
     fs.writeFileSync(checkpointFile, JSON.stringify(checkpoint, null, 2));
   }
   
+  // Pre-commit mode - minimal output for git hooks
+  if (opts.preCommit) {
+    const hasRegressions = checkpoint.summary.regressions > 0;
+    if (hasRegressions) {
+      console.log(`${c.red}${icons.cross}${c.reset} Checkpoint: ${checkpoint.summary.regressions} regression(s) detected`);
+      for (const r of comparison.regressions.slice(0, 3)) {
+        console.log(`  ${c.dim}${r.title || r.id || r.type}${c.reset}`);
+      }
+      if (comparison.regressions.length > 3) {
+        console.log(`  ${c.dim}... and ${comparison.regressions.length - 3} more${c.reset}`);
+      }
+      return 1;
+    } else {
+      console.log(`${c.green}${icons.check}${c.reset} Checkpoint passed (${checkpoint.summary.fixed} fixed, ${checkpoint.summary.remaining} remaining)`);
+      return 0;
+    }
+  }
+  
   // JSON output
   if (opts.json) {
     console.log(JSON.stringify(checkpoint, null, 2));
-    return checkpoint.summary.regressions > 0 ? 1 : 0;
+    const exitCode = opts.gate && checkpoint.summary.regressions > 0 ? 1 : 0;
+    return exitCode;
   }
   
   // Human-readable output
@@ -496,8 +530,15 @@ ${c.bold}╔══════════════════════
   }
   console.log();
   
-  // Return code: 1 if regressions, 0 otherwise
-  return comparison.regressions.length > 0 ? 1 : 0;
+  // Return code:
+  // - With --gate: 1 if regressions, 0 otherwise
+  // - Without --gate: always 0 (informational only)
+  if (opts.gate && comparison.regressions.length > 0) {
+    console.log(`${c.yellow}${icons.warning} Gate mode: Exiting with code 1 due to regressions${c.reset}\n`);
+    return 1;
+  }
+  
+  return 0;
 }
 
 module.exports = { runCheckpoint };

package/bin/runners/runContext.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Type declarations for runContext.js
+ */
+export function runContext(args: string[]): Promise<number>;

package/bin/runners/runContext.js

@@ -16,10 +16,9 @@ async function runContext(args) {
   
   // Parse command-specific args
   const opts = {
-    ...globalFlags, // Merge global flags
+    ...globalFlags, // Merge global flags (includes help, json, noBanner, etc.)
     output: null,
-    format: "all",
-    help: false
+    format: "all"
   };
   
   for (let i = 0; i < cleanArgs.length; i++) {

package/bin/runners/runDoctor.js

@@ -385,9 +385,8 @@ function parseArgs(args) {
   const { flags: globalFlags, cleanArgs } = parseGlobalFlags(args);
   
   const opts = {
-    ...globalFlags, // Merge global flags (json, verbose, noBanner, quiet, ci, etc.)
+    ...globalFlags, // Merge global flags (json, verbose, noBanner, quiet, ci, help, etc.)
     path: globalFlags.path || process.cwd(),
-    help: false,
     fix: false,
     dryRun: false,
     output: null,
@@ -575,10 +574,18 @@ function runDoctorLegacy() {
 
   console.log("");
   if (hasIssues) {
-    console.log("  ❌ Issues found. Fix them and run doctor again.\n");
+    console.log("  ❌ Issues found. Fix them and run doctor again.");
+    console.log();
+    console.log(`  ${c.dim}Need help?${c.reset} ${colors.accent}vibecheck fix${c.reset} ${c.dim}can auto-repair many issues${c.reset}`);
+    console.log(`  ${c.dim}Requires STARTER plan • vibecheck.dev/pricing${c.reset}`);
+    console.log();
     return 2;
   } else {
-    console.log("  ✅ Environment healthy!\n");
+    console.log("  ✅ Environment healthy!");
+    console.log();
+    console.log(`  ${c.dim}Ready to scan?${c.reset} ${colors.accent}vibecheck scan${c.reset} ${c.dim}finds AI mistakes before they ship${c.reset}`);
+    console.log(`  ${c.dim}Want verified proof?${c.reset} ${colors.accent}vibecheck prove${c.reset} ${c.dim}(PRO) records video evidence${c.reset}`);
+    console.log();
     return 0;
   }
 }

package/bin/runners/runFix.js

@@ -330,6 +330,17 @@ function getMissionIcon(missionType) {
     'FIX_FAKE_SUCCESS': ICONS.ghost,
     'FIX_ENV_CONTRACT': ICONS.env,
     'FIX_DEAD_UI': ICONS.dead,
+    // New enhanced mission types
+    'FIX_EMPTY_CATCH': ICONS.bug,
+    'FIX_TEST_KEYS': ICONS.key,
+    'FIX_MOCK_DOMAINS': ICONS.link,
+    'FIX_PLACEHOLDER_DATA': ICONS.doc,
+    'FIX_HARDCODED_SECRETS': ICONS.lock,
+    'FIX_SIMULATED_BILLING': ICONS.money,
+    'FIX_SILENT_FALLBACK': ICONS.warning,
+    'SYNC_CONTRACTS': ICONS.graph,
+    'FIX_ROUTE_DRIFT': ICONS.route,
+    'FIX_AUTH_DRIFT': ICONS.shield,
   };
   return icons[missionType] || ICONS.mission;
 }
@@ -344,6 +355,17 @@ function getMissionColor(missionType) {
     'FIX_FAKE_SUCCESS': colors.medium,
     'FIX_ENV_CONTRACT': colors.low,
     'FIX_DEAD_UI': colors.low,
+    // New enhanced mission types
+    'FIX_EMPTY_CATCH': colors.high,
+    'FIX_TEST_KEYS': colors.critical,
+    'FIX_MOCK_DOMAINS': colors.critical,
+    'FIX_PLACEHOLDER_DATA': colors.medium,
+    'FIX_HARDCODED_SECRETS': colors.critical,
+    'FIX_SIMULATED_BILLING': colors.critical,
+    'FIX_SILENT_FALLBACK': colors.high,
+    'SYNC_CONTRACTS': colors.medium,
+    'FIX_ROUTE_DRIFT': colors.medium,
+    'FIX_AUTH_DRIFT': colors.critical,
   };
   return colorMap[missionType] || colors.accent;
 }
@@ -579,7 +601,7 @@ async function runFix(args) {
 
   // Show autopilot header if in autopilot mode
   if (opts.autopilot) {
-    printAutopilotHeader(maxSteps, stagnationLimit);
+    printLoopHeader(maxSteps, stagnationLimit);
   }
 
   for (let step = 1; step <= maxSteps; step++) {
@@ -801,349 +823,21 @@ async function runFix(args) {
   return 1;
 }
 
-/**
- * Show Fix Plan (default behavior - no changes applied)
- */
-async function showFixPlan(projectPath, opts) {
-  console.log(`\n${c.cyan}${c.bold}📋 FIX PLAN${c.reset}\n`);
-  console.log(`${c.dim}This shows what CAN be fixed. No changes will be made.${c.reset}`);
-  console.log(`${c.dim}Use --apply to apply changes (requires clean git state).${c.reset}\n`);
-
-  const scanResult = await loadLatestScan(projectPath);
-  if (!scanResult) {
-    console.error(`${c.red}Error:${c.reset} No scan results found. Run 'vibecheck scan' first.\n`);
-    return EXIT_CODES.MISCONFIG;
-  }
-
-  // Filter to fixable findings
-  const fixable = scanResult.findings.filter(f => {
-    const ruleId = f.ruleId || '';
-    return f.autofixAvailable && ALLOWED_FIX_TYPES.includes(ruleId);
-  });
-
-  if (fixable.length === 0) {
-    console.log(`${c.green}✓${c.reset} No mechanical fixes available.\n`);
-    console.log(`${c.dim}All remaining issues require manual intervention.${c.reset}\n`);
-    return EXIT_CODES.PASS;
-  }
-
-  console.log(`${c.bold}Fixable Issues (${fixable.length}):${c.reset}\n`);
-
-  for (const finding of fixable) {
-    const patch = generatePatchPreview(projectPath, finding);
-    
-    console.log(`${c.blue}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}`);
-    console.log(`${c.bold}${finding.id?.full || finding.id}${c.reset} - ${finding.ruleId}`);
-    console.log(`${c.dim}File:${c.reset} ${finding.file}:${finding.line}`);
-    console.log(`${c.dim}Why:${c.reset} ${finding.message || finding.description}`);
-    console.log(`${c.dim}Evidence:${c.reset} ${finding.evidence?.[0]?.snippet || 'See file'}`);
-    console.log('');
-    console.log(`${c.bold}Proposed Change:${c.reset}`);
-    console.log(patch.preview);
-    console.log('');
-    console.log(`${c.dim}Risk:${c.reset} ${patch.risk}`);
-    console.log(`${c.dim}Verification:${c.reset} Re-run scan to confirm no regression`);
-    console.log('');
-  }
-
-  console.log(`${c.blue}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}`);
-  console.log(`\n${c.bold}To apply these fixes:${c.reset}`);
-  console.log(`  ${c.cyan}vibecheck fix --apply${c.reset}\n`);
-  console.log(`${c.dim}This will:${c.reset}`);
-  console.log(`  1. Check for clean git state`);
-  console.log(`  2. Create branch: vibecheck/fix-<timestamp>`);
-  console.log(`  3. Apply patches with structured commits`);
-  console.log(`  4. Re-run scan to verify no regression\n`);
-
-  return EXIT_CODES.PASS;
-}
-
-/**
- * Apply fixes with proof-gating
- */
-async function applyFixes(projectPath, opts) {
-  console.log(`\n${c.cyan}${c.bold}🔧 APPLYING FIXES${c.reset}\n`);
-
-  // Step 1: Check git state
-  if (!isGitClean(projectPath)) {
-    console.error(`${c.red}Error:${c.reset} Git working directory is not clean.`);
-    console.error(`${c.dim}Commit or stash your changes before applying fixes.${c.reset}\n`);
-    return EXIT_CODES.MISCONFIG;
-  }
-
-  const scanResult = await loadLatestScan(projectPath);
-  if (!scanResult) {
-    console.error(`${c.red}Error:${c.reset} No scan results found. Run 'vibecheck scan' first.\n`);
-    return EXIT_CODES.MISCONFIG;
-  }
-
-  const fixable = scanResult.findings.filter(f => {
-    const ruleId = f.ruleId || '';
-    return f.autofixAvailable && ALLOWED_FIX_TYPES.includes(ruleId);
-  });
-
-  if (fixable.length === 0) {
-    console.log(`${c.green}✓${c.reset} No fixes to apply.\n`);
-    return EXIT_CODES.PASS;
-  }
-
-  // Step 2: Create branch
-  const branchName = `vibecheck/fix-${Date.now()}`;
-  try {
-    execSync(`git checkout -b ${branchName}`, { cwd: projectPath, stdio: 'pipe' });
-    console.log(`${c.green}✓${c.reset} Created branch: ${branchName}\n`);
-  } catch (err) {
-    console.error(`${c.red}Error:${c.reset} Failed to create branch: ${err.message}\n`);
-    return EXIT_CODES.INTERNAL;
-  }
-
-  // Step 3: Apply fixes
-  let applied = 0;
-  let failed = 0;
-
-  for (const finding of fixable) {
-    try {
-      const result = await applyAutofix(projectPath, finding, opts);
-      if (result) {
-        applied++;
-        
-        // Commit with structured message
-        const commitMsg = `fix(${finding.ruleId}): ${finding.id?.full || finding.id}\n\nFile: ${finding.file}:${finding.line}\nEvidence: ${finding.evidence?.[0]?.snippet || 'See scan results'}\n\nApplied by vibecheck fix --apply`;
-        
-        try {
-          execSync(`git add "${finding.file}"`, { cwd: projectPath, stdio: 'pipe' });
-          execSync(`git commit -m "${commitMsg.replace(/"/g, '\\"')}"`, { cwd: projectPath, stdio: 'pipe' });
-        } catch {
-          // File might not have changed, continue
-        }
-        
-        console.log(`${c.green}✓${c.reset} Fixed: ${finding.id?.full || finding.id}`);
-      } else {
-        failed++;
-        console.log(`${c.yellow}⚠${c.reset} Skipped: ${finding.id?.full || finding.id}`);
-      }
-    } catch (error) {
-      failed++;
-      console.log(`${c.red}✗${c.reset} Error: ${finding.id?.full || finding.id} - ${error.message}`);
-    }
-  }
-
-  console.log('');
-  console.log(`${c.bold}Summary:${c.reset}`);
-  console.log(`  Applied: ${c.green}${applied}${c.reset}`);
-  console.log(`  Skipped: ${c.yellow}${failed}${c.reset}`);
-  console.log('');
-
-  // Step 4: Re-run scan to verify
-  console.log(`${c.dim}Verifying fixes...${c.reset}\n`);
-  
-  try {
-    const { runScan } = require('./runScan');
-    const verifyResult = await runScan(['--json', '--path', projectPath]);
-    
-    if (verifyResult === 0 || verifyResult === EXIT_CODES.PASS) {
-      console.log(`${c.green}✓${c.reset} Verification passed - no regressions\n`);
-    } else {
-      console.log(`${c.yellow}⚠${c.reset} Verification found issues - review before merging\n`);
-    }
-  } catch {
-    console.log(`${c.dim}Run 'vibecheck scan' to verify manually.${c.reset}\n`);
-  }
-
-  console.log(`${c.bold}Rollback:${c.reset}`);
-  console.log(`  ${c.cyan}git checkout main && git branch -D ${branchName}${c.reset}\n`);
-
-  return applied > 0 ? EXIT_CODES.PASS : EXIT_CODES.FAIL;
-}
-
-/**
- * Check if git working directory is clean
- */
-function isGitClean(projectPath) {
-  try {
-    const status = execSync('git status --porcelain', { cwd: projectPath, encoding: 'utf8' });
-    return status.trim() === '';
-  } catch {
-    return false;
-  }
-}
-
-/**
- * Generate patch preview for a finding
- */
-function generatePatchPreview(projectPath, finding) {
-  const filePath = path.join(projectPath, finding.file);
-  
-  if (!fs.existsSync(filePath)) {
-    return { preview: `  ${c.red}File not found${c.reset}`, risk: 'N/A' };
-  }
-
-  const content = fs.readFileSync(filePath, 'utf8');
-  const lines = content.split('\n');
-  const lineIndex = finding.line - 1;
-
-  if (lineIndex < 0 || lineIndex >= lines.length) {
-    return { preview: `  ${c.red}Invalid line number${c.reset}`, risk: 'N/A' };
-  }
-
-  const before = lines[lineIndex];
-  let after = before;
-  let risk = 'Low';
-
-  // Generate preview based on rule type
-  switch (finding.ruleId) {
-    case 'empty-catch':
-      after = before.replace(/catch\s*(?:\(([^)]*)\))?\s*\{\s*\}/, (m, v) => {
-        const varName = v || 'err';
-        return `catch (${varName}) { console.error('Error:', ${varName}); throw ${varName}; }`;
-      });
-      risk = 'Low - adds proper error handling';
-      break;
-    case 'dangerous-default':
-      after = before.replace(/\s*(\|\||\?\?)\s*['"][^'"]*['"]/, '');
-      risk = 'Medium - removes fallback (may require env var)';
-      break;
-    case 'placeholder-value':
-      after = before.replace(/(CHANGEME|REPLACE_ME|YOUR_\w+|INSERT_\w+)/g, "/* TODO: Replace $1 */ ''");
-      risk = 'Low - flags for manual replacement';
-      break;
-    default:
-      return { preview: `  ${c.dim}No preview available${c.reset}`, risk: 'Unknown' };
-  }
-
-  return {
-    preview: `  ${c.red}- ${before.trim()}${c.reset}\n  ${c.green}+ ${after.trim()}${c.reset}`,
-    risk,
-  };
-}
-
-async function applyAutofix(projectPath, finding, options) {
-  const filePath = path.join(projectPath, finding.file);
-  
-  if (!fs.existsSync(filePath)) {
-    throw new Error(`File not found: ${finding.file}`);
-  }
-
-  const content = fs.readFileSync(filePath, 'utf8');
-  const lines = content.split('\n');
-  const lineIndex = finding.line - 1;
-
-  if (lineIndex < 0 || lineIndex >= lines.length) {
-    throw new Error(`Invalid line number: ${finding.line}`);
-  }
-
-  let newContent = content;
-  const ruleId = finding.ruleId;
-
-  // Apply fixes based on rule type
-  switch (ruleId) {
-    case 'empty-catch':
-      newContent = fixEmptyCatch(lines, lineIndex, filePath);
-      break;
-    case 'dangerous-default':
-      newContent = fixDangerousDefault(lines, lineIndex, filePath);
-      break;
-    case 'placeholder-value':
-      newContent = fixPlaceholderValue(lines, lineIndex, filePath);
-      break;
-    default:
-      return false;
-  }
-
-  if (newContent !== content) {
-    if (!options.dryRun) {
-      fs.writeFileSync(filePath, newContent, 'utf8');
-    }
-    return true;
-  }
-
-  return false;
-}
-
-function fixEmptyCatch(lines, lineIndex, filePath) {
-  const line = lines[lineIndex];
-  const newLines = [...lines];
-
-  // Find the catch block
-  if (line.includes('catch') && line.includes('{')) {
-    // Simple case: catch {} on one line
-    if (line.match(/catch\s*(?:\([^)]*\))?\s*\{\s*\}/)) {
-      const indent = line.match(/^(\s*)/)?.[1] || '';
-      newLines[lineIndex] = line.replace(
-        /catch\s*(?:\(([^)]*)\))?\s*\{\s*\}/,
-        (match, errVar) => {
-          const varName = errVar || 'err';
-          return `catch (${varName}) {\n${indent}  console.error('Error:', ${varName});\n${indent}  throw ${varName};\n${indent}}`;
-        }
-      );
-    }
-  }
-
-  return newLines.join('\n');
-}
-
-function fixDangerousDefault(lines, lineIndex, filePath) {
-  const line = lines[lineIndex];
-  const newLines = [...lines];
-
-  // Remove dangerous default
-  if (line.includes('process.env.') && (line.includes('||') || line.includes('??'))) {
-    newLines[lineIndex] = line.replace(
-      /\s*(\|\||\?\?)\s*['"][^'"]*['"]/,
-      ''
-    );
-  }
-
-  return newLines.join('\n');
-}
-
-function fixPlaceholderValue(lines, lineIndex, filePath) {
-  const line = lines[lineIndex];
-  const newLines = [...lines];
-
-  // Replace placeholder with TODO comment
-  newLines[lineIndex] = line.replace(
-    /(CHANGEME|REPLACE_ME|YOUR_[A-Z0-9_]+|INSERT_[A-Z0-9_]+)/g,
-    (match) => `/* TODO: Replace ${match} */ ''`
-  );
-
-  return newLines.join('\n');
-}
-
-async function loadLatestScan(projectPath) {
-  const scanDir = path.join(projectPath, '.vibecheck', 'reality-sniff', 'scans');
-  
-  if (!fs.existsSync(scanDir)) {
-    return null;
-  }
-
-  try {
-    const files = fs.readdirSync(scanDir)
-      .filter(f => f.endsWith('.json'))
-      .map(f => ({
-        name: f,
-        path: path.join(scanDir, f),
-        mtime: fs.statSync(path.join(scanDir, f)).mtime,
-      }))
-      .sort((a, b) => b.mtime - a.mtime);
-
-    if (files.length === 0) {
-      return null;
-    }
-
-    const content = fs.readFileSync(files[0].path, 'utf8');
-    return JSON.parse(content);
-  } catch {
-    return null;
-  }
-}
+// ═══════════════════════════════════════════════════════════════════════════════
+// NOTE: Legacy rule-based fix functions (showFixPlan, applyFixes, etc.) were removed.
+// The fix command now uses the mission-based system exclusively, which provides:
+// - LLM-generated patches with Reality Firewall prompt
+// - Automatic backup/restore on failure
+// - Progress detection and stagnation handling
+// - Integration with ship verification
+// ═══════════════════════════════════════════════════════════════════════════════
 
 function parseArgs(args) {
   // Parse global flags first
   const { flags: globalFlags, cleanArgs } = parseGlobalFlags(args);
   
   const opts = {
-    ...globalFlags, // Merge global flags (json, verbose, noBanner, quiet, ci, etc.)
+    ...globalFlags, // Merge global flags (json, verbose, noBanner, quiet, ci, help, etc.)
     path: globalFlags.path || process.cwd(),
     apply: false,
     promptOnly: false,
@@ -1153,7 +847,7 @@ function parseArgs(args) {
     maxSteps: 10,
     stagnationLimit: 2,
     fastifyEntry: null,
-    help: false,
+    // Note: help comes from globalFlags, don't override it here
   };
 
   // Parse command-specific args from cleanArgs
@@ -1208,13 +902,29 @@ function printHelp(showBanner = true) {
     ${colors.shipGreen}${ICONS.stop}${c.reset} Progress detector stops on stagnation
 
   ${c.bold}Mission Types:${c.reset}
+    ${c.dim}Security & Auth:${c.reset}
     ${colors.critical}${ICONS.lock}${c.reset} REMOVE_OWNER_MODE      ${c.dim}Delete backdoor env bypass${c.reset}
+    ${colors.critical}${ICONS.lock}${c.reset} FIX_HARDCODED_SECRETS  ${c.dim}Move secrets to env vars${c.reset}
+    ${colors.critical}${ICONS.key}${c.reset} FIX_TEST_KEYS          ${c.dim}Replace test API keys${c.reset}
+    ${colors.critical}${ICONS.shield}${c.reset} FIX_AUTH_DRIFT         ${c.dim}Restore removed auth patterns${c.reset}
+    ${colors.medium}${ICONS.auth}${c.reset} ADD_SERVER_AUTH        ${c.dim}Add auth to sensitive endpoints${c.reset}
+
+    ${c.dim}Billing & Payments:${c.reset}
     ${colors.high}${ICONS.money}${c.reset} FIX_STRIPE_WEBHOOKS    ${c.dim}Add signature verification + idempotency${c.reset}
     ${colors.high}${ICONS.shield}${c.reset} ENFORCE_PAID_SURFACE   ${c.dim}Add server-side entitlement checks${c.reset}
-    ${colors.medium}${ICONS.auth}${c.reset} ADD_SERVER_AUTH        ${c.dim}Add auth to sensitive endpoints${c.reset}
-    ${colors.medium}${ICONS.route}${c.reset} FIX_MISSING_ROUTE      ${c.dim}Wire client refs to server routes${c.reset}
+    ${colors.critical}${ICONS.money}${c.reset} FIX_SIMULATED_BILLING  ${c.dim}Replace fake billing with real${c.reset}
+
+    ${c.dim}Reality & Data:${c.reset}
+    ${colors.critical}${ICONS.link}${c.reset} FIX_MOCK_DOMAINS       ${c.dim}Replace localhost/mock URLs${c.reset}
     ${colors.medium}${ICONS.ghost}${c.reset} FIX_FAKE_SUCCESS       ${c.dim}Gate success UI on network result${c.reset}
+    ${colors.medium}${ICONS.doc}${c.reset} FIX_PLACEHOLDER_DATA   ${c.dim}Replace lorem ipsum with real data${c.reset}
+    ${colors.high}${ICONS.warning}${c.reset} FIX_SILENT_FALLBACK    ${c.dim}Make failures visible${c.reset}
+
+    ${c.dim}Code Quality:${c.reset}
+    ${colors.high}${ICONS.bug}${c.reset} FIX_EMPTY_CATCH        ${c.dim}Add error handling to catch blocks${c.reset}
+    ${colors.medium}${ICONS.route}${c.reset} FIX_MISSING_ROUTE      ${c.dim}Wire client refs to server routes${c.reset}
     ${colors.low}${ICONS.env}${c.reset} FIX_ENV_CONTRACT       ${c.dim}Add missing env vars to templates${c.reset}
+    ${colors.low}${ICONS.dead}${c.reset} FIX_DEAD_UI            ${c.dim}Make UI actions functional${c.reset}
 
   ${c.bold}LLM Configuration:${c.reset}
     ${c.dim}Set these environment variables:${c.reset}