@vibecheckai/cli 3.1.8 → 3.2.0

package/mcp-server/index.js

@@ -3,13 +3,16 @@
 /**
  * vibecheck MCP Server v2.0 - Clean Product Surface
  *
- * 6 Public Tools (maps to CLI):
- *   vibecheck.scan   - Find truth
- *   vibecheck.gate   - Enforce truth in CI
- *   vibecheck.fix    - Apply safe patches
- *   vibecheck.proof  - Premium verification (mocks, reality)
- *   vibecheck.report - Access artifacts
- *   vibecheck.status - Health and config info
+ * Curated Tools for AI Agents:
+ *   vibecheck.ctx             - Build truthpack/context
+ *   vibecheck.scan            - Static scan for issues
+ *   vibecheck.ship            - Verdict with evidence
+ *   vibecheck.get_truthpack   - Ground truth
+ *   vibecheck.validate_claim  - Evidence-based claim validation
+ *   vibecheck.compile_context - Task-focused context
+ *   vibecheck.search_evidence - Evidence search
+ *   vibecheck.find_counterexamples - Falsification
+ *   vibecheck.check_invariants - Invariant checks
  *
  * Everything else is parameters on these tools.
  */
@@ -84,27 +87,126 @@ import { mdcGeneratorTool, handleMDCGeneration } from "./mdc-generator.js";
 import { TRUTH_CONTEXT_TOOLS, handleTruthContextTool } from "./truth-context.js";
 
 // Import Truth Firewall tools (Hallucination Stopper)
-import { TRUTH_FIREWALL_TOOLS, handleTruthFirewallTool } from "./truth-firewall-tools.js";
+import {
+  TRUTH_FIREWALL_TOOLS,
+  handleTruthFirewallTool,
+  hasRecentClaimValidation,
+  getContextAttribution,
+} from "./truth-firewall-tools.js";
+
+// Context attribution message
+const CONTEXT_ATTRIBUTION = "🧠 Context enhanced by vibecheck";
 
 // Import Consolidated Tools (15 focused tools - recommended surface)
 import { CONSOLIDATED_TOOLS, handleConsolidatedTool } from "./consolidated-tools.js";
 
+// Import v3 Tools (10 focused tools - STARTER+ only, no free tools)
+import { MCP_TOOLS_V3, handleToolV3, TOOL_TIERS as V3_TOOL_TIERS } from "./tools-v3.js";
+
 // Import tier auth for entitlement checking
 import { checkFeatureAccess } from "./tier-auth.js";
 
+/**
+ * TRUTH FIREWALL CONFIGURATION
+ * 
+ * Tools that make assertions or change code MUST have recent claim validation.
+ * Policy modes: strict (default for agents), balanced, permissive
+ */
+const STRICT_GUARDRAIL_TOOLS = new Set([
+  "vibecheck.scan",
+  "vibecheck.ship",
+  "vibecheck.ctx",
+  "vibecheck.fix",
+  "vibecheck.prove",
+  "vibecheck.autopilot_apply",
+]);
+
+// Tools that modify code or make assertions - require truth firewall
+const CODE_CHANGING_TOOLS = new Set([
+  "vibecheck.fix",
+  "vibecheck.autopilot_apply",
+  "vibecheck.propose_patch",
+]);
+
+// Policy thresholds (aligned with proof-context.js EVIDENCE_SCHEMA)
+const POLICY_THRESHOLDS = {
+  strict: { minConfidence: 0.8, allowUnknown: false, requireValidation: true },
+  balanced: { minConfidence: 0.6, allowUnknown: false, requireValidation: true },
+  permissive: { minConfidence: 0.4, allowUnknown: true, requireValidation: false },
+};
+
+function getTruthPolicy(args) {
+  const policy = args?.policy || "strict";
+  return POLICY_THRESHOLDS[policy] ? policy : "strict";
+}
+
+function getPolicyConfig(policy) {
+  return POLICY_THRESHOLDS[policy] || POLICY_THRESHOLDS.strict;
+}
+
+async function emitGuardrailMetric(projectPath, metric) {
+  try {
+    const auditDir = path.join(projectPath, ".vibecheck", "audit");
+    await fs.mkdir(auditDir, { recursive: true });
+    const record = JSON.stringify({ ...metric, timestamp: new Date().toISOString() });
+    await fs.appendFile(path.join(auditDir, "guardrail-metrics.jsonl"), `${record}\n`);
+  } catch {
+    // ignore metrics write failures
+  }
+}
+
+/**
+ * Check if a code-changing tool should be blocked due to missing validation.
+ * Returns { blocked: boolean, reason?: string, suggestion?: string }
+ */
+function checkTruthFirewallBlock(toolName, args, projectPath) {
+  const policy = getTruthPolicy(args);
+  const policyConfig = getPolicyConfig(policy);
+  
+  // Skip validation check if permissive mode and validation not required
+  if (!policyConfig.requireValidation) {
+    return { blocked: false };
+  }
+  
+  // Check if this is a code-changing tool that requires validation
+  if (!CODE_CHANGING_TOOLS.has(toolName) && !STRICT_GUARDRAIL_TOOLS.has(toolName)) {
+    return { blocked: false };
+  }
+  
+  // Check for recent claim validation
+  if (!hasRecentClaimValidation(projectPath)) {
+    return {
+      blocked: true,
+      reason: `Truth firewall requires claim validation before ${toolName}`,
+      code: "TRUTH_FIREWALL_REQUIRED",
+      suggestion: "Call vibecheck.validate_claim or vibecheck.get_truthpack before proceeding",
+      nextSteps: [
+        "Call vibecheck.get_truthpack with refresh=true for current evidence",
+        "Call vibecheck.validate_claim for critical assumptions",
+        `Re-run ${toolName} after validation`,
+      ],
+    };
+  }
+  
+  return { blocked: false };
+}
+
 // ============================================================================
 // TOOL DEFINITIONS - Public Tools (Clean Product Surface)
 // ============================================================================
 
-// RECOMMENDED: Use consolidated tools (15 focused, evidence-backed tools)
+// RECOMMENDED: Use v3 tools (10 focused tools, STARTER+ only, no free tools)
 // These map directly to CLI commands and return file/line citations
+// Set VIBECHECK_MCP_V3=false to use legacy tools
+const USE_V3_TOOLS = process.env.VIBECHECK_MCP_V3 !== 'false';
 const USE_CONSOLIDATED_TOOLS = process.env.VIBECHECK_MCP_CONSOLIDATED !== 'false';
 
-const TOOLS = USE_CONSOLIDATED_TOOLS ? [
-  // 15 Consolidated Tools - recommended for new integrations
+const TOOLS = USE_V3_TOOLS ? [
+  // v3: 10 focused tools for STARTER+ (no free MCP tools)
+  ...MCP_TOOLS_V3,
+] : USE_CONSOLIDATED_TOOLS ? [
+  // Curated tools for agents (legacy)
   ...CONSOLIDATED_TOOLS,
-  // Keep Truth Firewall for backward compatibility
-  ...TRUTH_FIREWALL_TOOLS,
 ] : [
   // Legacy: Full tool set (50+ tools) - for backward compatibility
   // PRIORITY: Truth Firewall tools (Hallucination Stopper) - agents MUST use these
@@ -741,6 +843,38 @@ class VibecheckMCP {
       emitToolInvoke(name, args, "success", { projectPath });
 
       try {
+        // TRUTH FIREWALL CHECK - enforce validation before code-changing tools
+        const firewallCheck = checkTruthFirewallBlock(name, args, projectPath);
+        if (firewallCheck.blocked) {
+          const policy = getTruthPolicy(args);
+          await emitGuardrailMetric(projectPath, {
+            event: "truth_firewall_block",
+            tool: name,
+            policy,
+            reason: firewallCheck.code || "no_recent_claim_validation",
+          });
+          return this.error(firewallCheck.reason, {
+            code: firewallCheck.code,
+            suggestion: firewallCheck.suggestion,
+            nextSteps: firewallCheck.nextSteps || [],
+          });
+        }
+        
+        // Handle v3 tools (10 consolidated tools, STARTER+ only)
+        if (USE_V3_TOOLS && V3_TOOL_TIERS[name]) {
+          // Get user tier from context or args
+          const userTier = args?.tier || process.env.VIBECHECK_TIER || 'free';
+          const result = await handleToolV3(name, args, { tier: userTier });
+          
+          if (result.error) {
+            return this.error(result.error, { tier: result.tier, required: result.required });
+          }
+          
+          return {
+            content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
+          };
+        }
+        
         // Handle intelligence tools first
         if (name.startsWith("vibecheck.intelligence.")) {
           return await handleIntelligenceTool(name, args, __dirname);
@@ -1045,8 +1179,11 @@ class VibecheckMCP {
   }
 
   // Helpers
-  success(text) {
-    return { content: [{ type: "text", text }] };
+  success(text, includeAttribution = true) {
+    const finalText = includeAttribution 
+      ? `${text}\n\n---\n_${CONTEXT_ATTRIBUTION}_`
+      : text;
+    return { content: [{ type: "text", text: finalText }] };
   }
 
   error(text, options = {}) {