@vibecheckai/cli 3.1.8 → 3.2.0

package/bin/registry.js

@@ -8,31 +8,31 @@
 "use strict";
 
 // ─────────────────────────────────────────────────────────────
-// CORE 13 + APPROVED EXTRAS (locked surface area)
+// CORE 17 COMMANDS (locked surface area)
 // ─────────────────────────────────────────────────────────────
 const ALLOWED_COMMANDS = new Set([
-  // Core 13
-  "init",
-  "doctor",
-  "scan",
-  "report",
-  "fix",
-  "watch",
-  "checkpoint",
-  "polish",
-  "ship",
-  "prove",   // replaces ctx
-  "reality", // runtime crawl
-  "context",
-  "guard",
-
-  // Approved extras
-  "mcp",
-  "login",
-  "logout",
-  "whoami",
-  "ai-test",
-  "labs",
+  // FREE (8) - Core functionality to try the product
+  "init",       // one-time setup
+  "doctor",     // health check
+  "watch",      // continuous mode
+  "scan",       // includes --allowlist subcommand
+  "ship",       // verdict engine
+  "login",      // authenticate
+  "logout",     // remove credentials
+  "whoami",     // show current user
+
+  // STARTER (6) - Productivity & automation
+  "fix",        // AI-powered fixes
+  "report",     // generate reports
+  "context",    // generate IDE rules
+  "guard",      // AI guardrails (prompt firewall, hallucination checking)
+  "mcp",        // MCP server
+  "checkpoint", // baseline comparison & hallucination scoring
+
+  // PRO (3) - Advanced proof & AI testing
+  "prove",      // includes --bundle for evidence packs
+  "reality",    // includes --agent for AI testing
+  "polish",     // production polish
 ]);
 
 function assertAllowedOnly(obj) {
@@ -46,6 +46,10 @@ function assertAllowedOnly(obj) {
 // COMMANDS (ALLOWED ONLY)
 // ─────────────────────────────────────────────────────────────
 const COMMANDS = {
+  // ══════════════════════════════════════════════════════════════
+  // FREE TIER (8 commands) - Core functionality to try the product
+  // ══════════════════════════════════════════════════════════════
+
   // ── SETUP ───────────────────────────────────────────────────
   init: {
     description: "One-time setup (config + contracts + scripts)",
@@ -71,85 +75,74 @@ const COMMANDS = {
     runner: () => require("./runners/runWatch").runWatch,
   },
 
-  // ── ANALYSIS ────────────────────────────────────────────────
-  checkpoint: {
-    description: "Compare baseline vs current, hallucination scoring",
-    tier: "free",
-    category: "analysis",
-    aliases: ["cp", "compare", "diff"],
-    caps: "basic on FREE, hallucination scoring on PRO",
-    runner: () => require("./runners/runCheckpoint").runCheckpoint,
-  },
-
-  // ── PROOF LOOP ──────────────────────────────────────────────
+  // ── CORE LOOP ───────────────────────────────────────────────
   scan: {
-    description: "Route integrity & code analysis scanner",
+    description: "Route integrity & code analysis; use --allowlist for false positive management",
     tier: "free",
     category: "proof",
     aliases: ["s", "check"],
     runner: () => require("./runners/runScan").runScan,
   },
 
-  report: {
-    description: "Generate HTML/MD/SARIF reports",
+  ship: {
+    description: "Verdict engine - SHIP / WARN / BLOCK",
     tier: "free",
-    category: "output",
-    caps: "HTML/MD only on FREE",
-    aliases: ["html", "artifact"],
-    runner: () => require("./runners/runReport").runReport,
+    category: "proof",
+    aliases: ["verdict", "go"],
+    runner: () => require("./runners/runShip").runShip,
   },
 
-  fix: {
-    description: "AI-powered auto-fix",
+  // ── ACCOUNT (skipAuth) ────────────────────────────────────
+  login: {
+    description: "Authenticate with API key",
     tier: "free",
-    category: "proof",
-    caps: "--plan-only on FREE",
-    aliases: ["f", "repair"],
-    runner: () => require("./runners/runFix").runFix,
+    category: "account",
+    aliases: ["auth", "signin"],
+    runner: () => require("./runners/runAuth").runLogin,
+    skipAuth: true,
   },
 
-  reality: {
-    description: "Runtime proof (browser crawl)",
+  logout: {
+    description: "Remove stored credentials",
     tier: "free",
-    category: "proof",
-    caps: "preview mode on FREE (5 pages, no auth)",
-    aliases: ["r", "test", "e2e"],
-    runner: () => async (args, ctx) => {
-      const { runRuntime } = require("./runners/runRuntime");
-      return await runRuntime(["crawl", ...args], ctx);
-    },
+    category: "account",
+    aliases: ["signout"],
+    runner: () => require("./runners/runAuth").runLogout,
+    skipAuth: true,
   },
 
-  ship: {
-    description: "Verdict engine - SHIP / WARN / BLOCK",
+  whoami: {
+    description: "Show current user and plan",
     tier: "free",
-    category: "proof",
-    aliases: ["verdict", "go"],
-    caps: "static-only on FREE",
-    runner: () => require("./runners/runShip").runShip,
+    category: "account",
+    aliases: ["me", "user"],
+    runner: () => require("./runners/runAuth").runWhoami,
+    skipAuth: true,
   },
 
-  prove: {
-    description: "Full proof loop - truth → reality → ship → fix",
-    tier: "pro",
+  // ══════════════════════════════════════════════════════════════
+  // STARTER TIER (6 commands) - Productivity & automation
+  // ══════════════════════════════════════════════════════════════
+
+  fix: {
+    description: "AI-powered auto-fix for findings",
+    tier: "starter",
     category: "proof",
-    aliases: ["p", "full", "all"],
-    runner: () => require("./runners/runProve").runProve,
+    aliases: ["f", "repair"],
+    runner: () => require("./runners/runFix").runFix,
   },
 
-  // ── QUALITY ────────────────────────────────────────────────
-  polish: {
-    description: "Production polish analyzer - finds missing essentials",
-    tier: "free",
-    category: "quality",
-    aliases: ["quality", "finalize", "ready"],
-    runner: () => require("./runners/runPolish").runPolish,
+  report: {
+    description: "Generate HTML/MD/SARIF reports",
+    tier: "starter",
+    category: "output",
+    aliases: ["html", "artifact"],
+    runner: () => require("./runners/runReport").runReport,
   },
 
-  // ── AI TRUTH ───────────────────────────────────────────────
   context: {
     description: "Generate IDE rules (.cursorrules, MDC, Windsurf, Copilot)",
-    tier: "free",
+    tier: "starter",
     category: "truth",
     aliases: ["rules", "ai-rules", "mdc"],
     runner: () => require("./runners/runContext").runContext,
@@ -157,13 +150,12 @@ const COMMANDS = {
 
   guard: {
     description: "AI guardrails - prompt firewall & hallucination checking",
-    tier: "free",
+    tier: "starter",
     category: "truth",
     aliases: ["ai-guard", "firewall", "validate"],
     runner: () => require("./runners/runGuard").runGuard,
   },
 
-  // ── AUTOMATION ─────────────────────────────────────────────
   mcp: {
     description: "Start MCP server for AI IDEs",
     tier: "starter",
@@ -172,52 +164,50 @@ const COMMANDS = {
     runner: () => require("./runners/runMcp").runMcp,
   },
 
-  "ai-test": {
-    description: "AI autonomous test (alias: runtime agent)",
+  checkpoint: {
+    description: "Compare baseline vs current, hallucination scoring",
+    tier: "starter",
+    category: "analysis",
+    aliases: ["cp", "compare", "diff"],
+    runner: () => require("./runners/runCheckpoint").runCheckpoint,
+  },
+
+  // ══════════════════════════════════════════════════════════════
+  // PRO TIER (3 commands) - Advanced proof & AI testing
+  // ══════════════════════════════════════════════════════════════
+
+  reality: {
+    description: "Runtime proof (browser crawl); use --agent for AI testing",
     tier: "pro",
-    category: "automation",
-    aliases: ["ai", "agent"],
+    category: "proof",
+    caps: "--agent for AI autonomous testing",
+    aliases: ["r", "test", "e2e"],
     runner: () => async (args, ctx) => {
       const { runRuntime } = require("./runners/runRuntime");
-      return await runRuntime(["agent", ...args], ctx);
+      // Check if --agent flag is present to route to agent subcommand
+      if (args.includes("--agent") || args.includes("-a")) {
+        const filteredArgs = args.filter(a => a !== "--agent" && a !== "-a");
+        return await runRuntime(["agent", ...filteredArgs], ctx);
+      }
+      return await runRuntime(["crawl", ...args], ctx);
     },
   },
 
-  // ── ACCOUNT (skipAuth) ────────────────────────────────────
-  login: {
-    description: "Authenticate with API key",
-    tier: "free",
-    category: "account",
-    aliases: ["auth", "signin"],
-    runner: () => require("./runners/runAuth").runLogin,
-    skipAuth: true,
-  },
-
-  logout: {
-    description: "Remove stored credentials",
-    tier: "free",
-    category: "account",
-    aliases: ["signout"],
-    runner: () => require("./runners/runAuth").runLogout,
-    skipAuth: true,
-  },
-
-  whoami: {
-    description: "Show current user and plan",
-    tier: "free",
-    category: "account",
-    aliases: ["me", "user"],
-    runner: () => require("./runners/runAuth").runWhoami,
-    skipAuth: true,
+  prove: {
+    description: "One command reality proof - video + network evidence that your app works",
+    tier: "pro",
+    category: "proof",
+    aliases: ["p", "full", "all"],
+    caps: "video, trace, HAR recording; use --bundle for evidence pack",
+    runner: () => require("./runners/runProve").runProve,
   },
 
-  // ── EXTRAS ────────────────────────────────────────────────
-  labs: {
-    description: "Experimental features",
-    tier: "free",
-    category: "extras",
-    aliases: ["experimental", "beta"],
-    runner: () => require("./runners/runLabs").runLabs,
+  polish: {
+    description: "Production polish analyzer - finds missing essentials",
+    tier: "pro",
+    category: "quality",
+    aliases: ["quality", "finalize", "ready"],
+    runner: () => require("./runners/runPolish").runPolish,
   },
 };
 

package/bin/runners/context/generators/mcp.js

@@ -1,8 +1,15 @@
 /**
  * MCP Context JSON Generator
  * Generates .vibecheck/context.json for MCP servers
+ * 
+ * Uses the unified EVIDENCE_SCHEMA and TRUTH_CONTRACT from proof-context.js
  */
 
+const { EVIDENCE_SCHEMA, TRUTH_CONTRACT } = require("../proof-context.js");
+
+// Context attribution message shown when AI uses vibecheck data
+const CONTEXT_ATTRIBUTION = "🧠 Context enhanced by vibecheck";
+
 /**
  * Generate universal context JSON for MCP
  */
@@ -14,6 +21,9 @@ function generateContextJson(analysis, projectPath) {
     version: "3.0.0",
     generatedAt: new Date().toISOString(),
     generator: "vibecheck-context",
+    // Reference the unified schema from proof-context.js
+    evidenceSchema: EVIDENCE_SCHEMA,
+    truthContract: TRUTH_CONTRACT,
     
     project: {
       name: analysis.name,
@@ -92,6 +102,9 @@ function generateContextJson(analysis, projectPath) {
       byExtension: analysis.stats?.byExtension || {},
       largestFiles: analysis.stats?.largestFiles || [],
     },
+    contextValidation: analysis.contextValidation || null,
+    contextDrift: analysis.contextDrift || null,
+    contextSummary: analysis.contextSummary || null,
 
     rules: {
       critical: [
@@ -143,9 +156,14 @@ function generateContextJson(analysis, projectPath) {
         },
       ],
     },
+
+    // Attribution message for AI responses
+    _attribution: CONTEXT_ATTRIBUTION,
+    _attributionNote: "Include this attribution when referencing vibecheck context in responses",
   }, null, 2);
 }
 
 module.exports = {
   generateContextJson,
+  CONTEXT_ATTRIBUTION,
 };

package/bin/runners/context/index.js

@@ -59,6 +59,67 @@ const { generateCopilotInstructions } = require("./generators/copilot");
 const { generateClaudeConfig } = require("./generators/claude");
 const { generateCodexConfig } = require("./generators/codex");
 const { generateContextJson } = require("./generators/mcp");
+let enhancedContextEngine = null;
+const enhancedCandidates = [
+  path.join(__dirname, "..", "..", "..", "src", "lib", "context", "enhanced-context-engine.js"),
+  path.join(__dirname, "..", "..", "..", "..", "..", "src", "lib", "context", "enhanced-context-engine.js"),
+];
+for (const candidate of enhancedCandidates) {
+  try {
+    if (fs.existsSync(candidate)) {
+      ({ enhancedContextEngine } = require(candidate));
+      break;
+    }
+  } catch {}
+}
+
+async function emitGuardrailMetric(projectPath, metric) {
+  try {
+    const auditDir = path.join(projectPath, ".vibecheck", "audit");
+    fs.mkdirSync(auditDir, { recursive: true });
+    const record = JSON.stringify({ ...metric, timestamp: new Date().toISOString() });
+    fs.appendFileSync(path.join(auditDir, "guardrail-metrics.jsonl"), `${record}\n`);
+  } catch {
+    // ignore metrics write failures
+  }
+}
+
+async function applyContextValidation(projectPath, analysis, opts) {
+  if (!enhancedContextEngine) return analysis;
+
+  const { context, validation, drift } = await enhancedContextEngine.getValidatedContext(projectPath, {
+    file: opts.currentFile || undefined,
+    purpose: opts.task || "general",
+    checkDrift: true,
+  });
+
+  analysis.contextValidation = validation;
+  analysis.contextDrift = drift;
+  analysis.contextSummary = {
+    confidence: validation?.confidence ?? context?.confidence ?? 0,
+    freshness: context?.freshness ?? null,
+    issues: validation?.issues?.length || 0,
+    driftScore: drift?.score ?? 0,
+    blocked: validation?.valid === false,
+  };
+
+  await emitGuardrailMetric(projectPath, {
+    event: "context_validation",
+    confidence: analysis.contextSummary.confidence,
+    freshness: analysis.contextSummary.freshness,
+    issues: analysis.contextSummary.issues,
+    driftScore: analysis.contextSummary.driftScore,
+  });
+
+  const vibecheckDir = path.join(projectPath, ".vibecheck");
+  fs.mkdirSync(vibecheckDir, { recursive: true });
+  fs.writeFileSync(
+    path.join(vibecheckDir, "context-validation.json"),
+    JSON.stringify({ validation, drift }, null, 2),
+  );
+
+  return analysis;
+}
 
 /**
  * Parse command line arguments
@@ -357,10 +418,14 @@ function startWatchMode(projectPath, platform, verbose) {
   let debounceTimer = null;
   const watchDirs = ["src", "app", "pages", "components", "lib", "server"];
   
-  const regenerate = () => {
+  const regenerate = async () => {
     console.log(`\n${c.yellow}⟳ Change detected, regenerating...${c.reset}\n`);
     try {
-      const analysis = analyzeProject(projectPath);
+      let analysis = analyzeProject(projectPath);
+      analysis = await applyContextValidation(projectPath, analysis, {
+        currentFile: "",
+        task: "general",
+      });
       writeFiles(projectPath, platform, analysis, verbose);
       console.log(`${c.green}✓ Rules regenerated${c.reset} at ${new Date().toLocaleTimeString()}\n`);
     } catch (err) {
@@ -375,7 +440,9 @@ function startWatchMode(projectPath, platform, verbose) {
         fs.watch(watchPath, { recursive: true }, (eventType, filename) => {
           if (filename && (filename.endsWith(".ts") || filename.endsWith(".tsx") || filename.endsWith(".js") || filename.endsWith(".jsx"))) {
             if (debounceTimer) clearTimeout(debounceTimer);
-            debounceTimer = setTimeout(regenerate, 500);
+            debounceTimer = setTimeout(() => {
+              void regenerate();
+            }, 500);
           }
         });
         console.log(`${c.dim}  Watching: ${dir}/${c.reset}`);
@@ -839,7 +906,8 @@ ${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━
 `);
 
   // Analyze project
-  const analysis = analyzeProject(projectPath);
+  let analysis = analyzeProject(projectPath);
+  analysis = await applyContextValidation(projectPath, analysis, opts);
   const p = analysis.patterns || {};
 
   // Display analysis - Basic info