@vibecheckai/cli 3.1.8 → 3.2.0

package/mcp-server/tools-v3.js

@@ -0,0 +1,744 @@
+/**
+ * vibecheck MCP Tools v3 - Consolidated 10 Tools
+ * 
+ * ALL tools require STARTER tier or above.
+ * No free MCP tools - this is a premium feature.
+ * 
+ * 10 TOOLS (STARTER+):
+ * 
+ * CORE (4):
+ *   1. vibecheck.ship       - Get ship verdict with evidence
+ *   2. vibecheck.scan       - Deep scan for issues  
+ *   3. vibecheck.fix        - Generate/apply fixes
+ *   4. vibecheck.prove      - Full proof loop (PRO)
+ * 
+ * TRUTH (3):
+ *   5. vibecheck.truthpack  - Get ground truth (routes, env, auth, billing)
+ *   6. vibecheck.validate   - Validate a claim with evidence
+ *   7. vibecheck.search     - Search codebase with evidence
+ * 
+ * OUTPUT (2):
+ *   8. vibecheck.report     - Generate reports (HTML, SARIF, etc.)
+ *   9. vibecheck.allowlist  - Manage false positive allowlist
+ * 
+ * UTILITY (1):
+ *   10. vibecheck.status    - Health check and status
+ */
+
+import fs from 'fs/promises';
+import path from 'path';
+import { execSync } from 'child_process';
+
+// =============================================================================
+// TIER ENFORCEMENT
+// =============================================================================
+
+const TOOL_TIERS = {
+  'vibecheck.ship': 'starter',
+  'vibecheck.scan': 'starter',
+  'vibecheck.fix': 'starter',
+  'vibecheck.prove': 'pro',
+  'vibecheck.truthpack': 'starter',
+  'vibecheck.validate': 'starter',
+  'vibecheck.search': 'starter',
+  'vibecheck.report': 'starter',
+  'vibecheck.allowlist': 'starter',
+  'vibecheck.status': 'starter',
+};
+
+function checkTierAccess(toolName, userTier) {
+  const requiredTier = TOOL_TIERS[toolName] || 'starter';
+  const tierOrder = { free: 0, starter: 1, pro: 2, compliance: 3 };
+  
+  const userLevel = tierOrder[userTier] || 0;
+  const requiredLevel = tierOrder[requiredTier] || 1;
+  
+  if (userLevel < requiredLevel) {
+    return {
+      allowed: false,
+      error: `🔒 ${toolName} requires ${requiredTier.toUpperCase()} tier. You have: ${userTier.toUpperCase()}. Upgrade at vibecheck.dev/pricing`
+    };
+  }
+  
+  return { allowed: true };
+}
+
+// =============================================================================
+// TOOL DEFINITIONS (10 tools)
+// =============================================================================
+
+export const MCP_TOOLS_V3 = [
+  // ═══════════════════════════════════════════════════════════════════════════
+  // CORE TOOLS (4)
+  // ═══════════════════════════════════════════════════════════════════════════
+  
+  {
+    name: "vibecheck.ship",
+    description: `🚀 Get ship verdict: SHIP | WARN | BLOCK
+
+Returns a verdict with evidence-backed findings. Use this to check if code is ready to ship.
+
+Returns:
+- verdict: SHIP (ready) | WARN (review) | BLOCK (must fix)
+- score: 0-100 confidence score
+- findings: Issues found with file/line evidence
+- aiHallucinationScore: Risk of AI-generated issues
+
+[STARTER tier required]`,
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          description: "Project path (default: current directory)",
+        },
+        strict: {
+          type: "boolean",
+          description: "Treat warnings as blockers",
+          default: false,
+        },
+      },
+    },
+  },
+
+  {
+    name: "vibecheck.scan",
+    description: `🔍 Deep scan for ship-killers
+
+Scans code for:
+- Missing routes (client refs to non-existent endpoints)
+- Env gaps (used but undeclared env vars)
+- Fake success (success UI without verification)
+- Ghost auth (unprotected sensitive endpoints)
+- Dead UI (buttons that do nothing)
+
+[STARTER tier required]`,
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          description: "Project path",
+        },
+        categories: {
+          type: "array",
+          items: { type: "string" },
+          description: "Categories to scan: routes, env, auth, billing, security",
+        },
+      },
+    },
+  },
+
+  {
+    name: "vibecheck.fix",
+    description: `🔧 Generate or apply fixes for findings
+
+Modes:
+- plan: Generate fix plan with AI missions (default)
+- apply: Apply patches automatically (PRO)
+- loop: Fix → verify → fix until SHIP (PRO)
+
+[STARTER: plan mode | PRO: apply/loop modes]`,
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          description: "Project path",
+        },
+        mode: {
+          type: "string",
+          enum: ["plan", "apply", "loop"],
+          description: "Fix mode (default: plan)",
+          default: "plan",
+        },
+        findingIds: {
+          type: "array",
+          items: { type: "string" },
+          description: "Specific finding IDs to fix (optional)",
+        },
+      },
+    },
+  },
+
+  {
+    name: "vibecheck.prove",
+    description: `🔬 Full proof loop with runtime verification
+
+Orchestrates: truthpack → reality → ship → fix
+Continues until SHIP verdict or stuck.
+
+Includes:
+- Browser verification with Playwright
+- Video/trace recording
+- Auth boundary testing
+- Evidence pack generation
+
+[PRO tier required]`,
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          description: "Project path",
+        },
+        url: {
+          type: "string",
+          description: "Base URL for runtime testing (e.g., http://localhost:3000)",
+        },
+        maxIterations: {
+          type: "number",
+          description: "Max fix iterations (default: 5)",
+          default: 5,
+        },
+        recordVideo: {
+          type: "boolean",
+          description: "Record video of browser sessions",
+          default: true,
+        },
+      },
+    },
+  },
+
+  // ═══════════════════════════════════════════════════════════════════════════
+  // TRUTH TOOLS (3)
+  // ═══════════════════════════════════════════════════════════════════════════
+
+  {
+    name: "vibecheck.truthpack",
+    description: `📦 Get ground truth about the codebase
+
+Returns verified facts about:
+- routes: Server routes and client references
+- env: Environment variables (used, declared, gaps)
+- auth: Authentication model and protected routes
+- billing: Payment gates and enforcement
+
+Every fact has file/line citations and confidence scores.
+
+⚠️ Use this BEFORE making assertions about the codebase.
+
+[STARTER tier required]`,
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          description: "Project path",
+        },
+        scope: {
+          type: "string",
+          enum: ["all", "routes", "env", "auth", "billing"],
+          description: "What to include (default: all)",
+          default: "all",
+        },
+        refresh: {
+          type: "boolean",
+          description: "Force rebuild (default: use cache)",
+          default: false,
+        },
+      },
+    },
+  },
+
+  {
+    name: "vibecheck.validate",
+    description: `🔍 Validate a claim with evidence
+
+Returns: true | false | unknown
+- true: Claim verified with evidence citations
+- false: Claim disproven with counterexamples
+- unknown: Insufficient evidence (DO NOT proceed)
+
+Claim types:
+- route_exists: Check if route exists
+- env_var_exists: Check if env var is declared
+- auth_enforced: Check if route is protected
+- file_exists: Check if file exists
+- function_exists: Check if function exists
+
+[STARTER tier required]`,
+    inputSchema: {
+      type: "object",
+      properties: {
+        claim: {
+          type: "string",
+          enum: ["route_exists", "env_var_exists", "auth_enforced", "file_exists", "function_exists"],
+          description: "Type of claim to validate",
+        },
+        subject: {
+          type: "object",
+          description: "What the claim is about",
+          properties: {
+            path: { type: "string", description: "Route path or file path" },
+            method: { type: "string", description: "HTTP method (for routes)" },
+            name: { type: "string", description: "Name of env var/function" },
+          },
+        },
+        projectPath: {
+          type: "string",
+          description: "Project path",
+        },
+      },
+      required: ["claim", "subject"],
+    },
+  },
+
+  {
+    name: "vibecheck.search",
+    description: `🔎 Search codebase with evidence citations
+
+Searches code and returns results with file/line citations.
+Use for finding specific patterns, functions, or implementations.
+
+[STARTER tier required]`,
+    inputSchema: {
+      type: "object",
+      properties: {
+        query: {
+          type: "string",
+          description: "Search query (regex supported)",
+        },
+        projectPath: {
+          type: "string",
+          description: "Project path",
+        },
+        filePattern: {
+          type: "string",
+          description: "File glob pattern (e.g., '**/*.ts')",
+        },
+        maxResults: {
+          type: "number",
+          description: "Max results to return (default: 20)",
+          default: 20,
+        },
+      },
+      required: ["query"],
+    },
+  },
+
+  // ═══════════════════════════════════════════════════════════════════════════
+  // OUTPUT TOOLS (2)
+  // ═══════════════════════════════════════════════════════════════════════════
+
+  {
+    name: "vibecheck.report",
+    description: `📄 Generate reports in various formats
+
+Formats:
+- html: Interactive HTML report
+- md: Markdown report
+- sarif: SARIF for GitHub code scanning
+- json: Machine-readable JSON
+
+[STARTER tier required]`,
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          description: "Project path",
+        },
+        format: {
+          type: "string",
+          enum: ["html", "md", "sarif", "json"],
+          description: "Output format (default: html)",
+          default: "html",
+        },
+        outputPath: {
+          type: "string",
+          description: "Output file path (optional)",
+        },
+      },
+    },
+  },
+
+  {
+    name: "vibecheck.allowlist",
+    description: `📝 Manage false positive allowlist
+
+Actions:
+- list: Show all allowlist entries
+- add: Add finding to allowlist
+- remove: Remove from allowlist
+- check: Check if finding is allowlisted
+
+[STARTER tier required]`,
+    inputSchema: {
+      type: "object",
+      properties: {
+        action: {
+          type: "string",
+          enum: ["list", "add", "remove", "check"],
+          description: "Action to perform",
+        },
+        findingId: {
+          type: "string",
+          description: "Finding ID (for add/remove/check)",
+        },
+        reason: {
+          type: "string",
+          description: "Reason for allowlisting (for add)",
+        },
+        projectPath: {
+          type: "string",
+          description: "Project path",
+        },
+      },
+      required: ["action"],
+    },
+  },
+
+  // ═══════════════════════════════════════════════════════════════════════════
+  // UTILITY TOOLS (1)
+  // ═══════════════════════════════════════════════════════════════════════════
+
+  {
+    name: "vibecheck.status",
+    description: `📊 Get vibecheck status and health
+
+Returns:
+- version: CLI version
+- lastVerdict: Last ship verdict
+- findingsCount: Current findings
+- truthpackAge: When truthpack was last built
+- config: Project configuration
+
+[STARTER tier required]`,
+    inputSchema: {
+      type: "object",
+      properties: {
+        projectPath: {
+          type: "string",
+          description: "Project path",
+        },
+      },
+    },
+  },
+];
+
+// =============================================================================
+// TOOL HANDLERS
+// =============================================================================
+
+export async function handleToolV3(toolName, args, context = {}) {
+  const userTier = context.tier || 'free';
+  
+  // Check tier access
+  const access = checkTierAccess(toolName, userTier);
+  if (!access.allowed) {
+    return { error: access.error, tier: userTier, required: TOOL_TIERS[toolName] };
+  }
+  
+  const projectPath = args.projectPath || process.cwd();
+  
+  try {
+    switch (toolName) {
+      case 'vibecheck.ship':
+        return await runShip(projectPath, args);
+      
+      case 'vibecheck.scan':
+        return await runScan(projectPath, args);
+      
+      case 'vibecheck.fix':
+        return await runFix(projectPath, args, userTier);
+      
+      case 'vibecheck.prove':
+        return await runProve(projectPath, args);
+      
+      case 'vibecheck.truthpack':
+        return await getTruthpack(projectPath, args);
+      
+      case 'vibecheck.validate':
+        return await validateClaim(projectPath, args);
+      
+      case 'vibecheck.search':
+        return await searchCode(projectPath, args);
+      
+      case 'vibecheck.report':
+        return await generateReport(projectPath, args);
+      
+      case 'vibecheck.allowlist':
+        return await manageAllowlist(projectPath, args);
+      
+      case 'vibecheck.status':
+        return await getStatus(projectPath);
+      
+      default:
+        return { error: `Unknown tool: ${toolName}` };
+    }
+  } catch (error) {
+    return { error: error.message, stack: error.stack };
+  }
+}
+
+// =============================================================================
+// TOOL IMPLEMENTATIONS
+// =============================================================================
+
+async function runShip(projectPath, args) {
+  const strictFlag = args.strict ? '--strict' : '';
+  const result = execSync(
+    `node "${path.join(projectPath, 'node_modules/.bin/vibecheck')}" ship --json ${strictFlag}`,
+    { cwd: projectPath, encoding: 'utf8', timeout: 120000 }
+  );
+  return JSON.parse(result);
+}
+
+async function runScan(projectPath, args) {
+  const result = execSync(
+    `node "${path.join(projectPath, 'node_modules/.bin/vibecheck')}" scan --json`,
+    { cwd: projectPath, encoding: 'utf8', timeout: 120000 }
+  );
+  return JSON.parse(result);
+}
+
+async function runFix(projectPath, args, userTier) {
+  const mode = args.mode || 'plan';
+  
+  // Apply/loop modes require PRO
+  if ((mode === 'apply' || mode === 'loop') && userTier !== 'pro' && userTier !== 'compliance') {
+    return { error: `🔒 fix --${mode} requires PRO tier. Use 'plan' mode for STARTER.` };
+  }
+  
+  const modeFlag = mode === 'plan' ? '--prompt-only' : mode === 'loop' ? '--loop --apply' : '--apply';
+  const result = execSync(
+    `node "${path.join(projectPath, 'node_modules/.bin/vibecheck')}" fix ${modeFlag} --json`,
+    { cwd: projectPath, encoding: 'utf8', timeout: 300000 }
+  );
+  return JSON.parse(result);
+}
+
+async function runProve(projectPath, args) {
+  const url = args.url || '';
+  const videoFlag = args.recordVideo ? '--video' : '';
+  const urlFlag = url ? `--url "${url}"` : '';
+  
+  const result = execSync(
+    `node "${path.join(projectPath, 'node_modules/.bin/vibecheck')}" prove ${urlFlag} ${videoFlag} --json`,
+    { cwd: projectPath, encoding: 'utf8', timeout: 600000 }
+  );
+  return JSON.parse(result);
+}
+
+async function getTruthpack(projectPath, args) {
+  const truthpackPath = path.join(projectPath, '.vibecheck', 'truthpack.json');
+  
+  if (args.refresh) {
+    execSync(
+      `node "${path.join(projectPath, 'node_modules/.bin/vibecheck')}" ctx build`,
+      { cwd: projectPath, encoding: 'utf8', timeout: 60000 }
+    );
+  }
+  
+  try {
+    const content = await fs.readFile(truthpackPath, 'utf8');
+    const truthpack = JSON.parse(content);
+    
+    // Filter by scope if specified
+    if (args.scope && args.scope !== 'all') {
+      return { [args.scope]: truthpack[args.scope] };
+    }
+    
+    return truthpack;
+  } catch (error) {
+    return { error: 'Truthpack not found. Run vibecheck init first.' };
+  }
+}
+
+async function validateClaim(projectPath, args) {
+  const { claim, subject } = args;
+  const truthpack = await getTruthpack(projectPath, { scope: 'all' });
+  
+  if (truthpack.error) return truthpack;
+  
+  switch (claim) {
+    case 'route_exists': {
+      const routes = truthpack.routes?.server || [];
+      const found = routes.find(r => 
+        r.path === subject.path && 
+        (!subject.method || r.method === subject.method || r.method === '*')
+      );
+      return {
+        result: found ? 'true' : 'false',
+        evidence: found ? [{ file: found.file, line: found.line }] : [],
+        claim,
+        subject,
+      };
+    }
+    
+    case 'env_var_exists': {
+      const declared = new Set(truthpack.env?.declared || []);
+      return {
+        result: declared.has(subject.name) ? 'true' : 'false',
+        evidence: [],
+        claim,
+        subject,
+      };
+    }
+    
+    case 'auth_enforced': {
+      const authRoutes = truthpack.auth?.protectedRoutes || [];
+      const found = authRoutes.find(r => r.path === subject.path);
+      return {
+        result: found ? 'true' : 'unknown',
+        evidence: found ? [{ file: found.file, line: found.line }] : [],
+        claim,
+        subject,
+      };
+    }
+    
+    case 'file_exists': {
+      try {
+        await fs.access(path.join(projectPath, subject.path));
+        return { result: 'true', evidence: [{ file: subject.path }], claim, subject };
+      } catch {
+        return { result: 'false', evidence: [], claim, subject };
+      }
+    }
+    
+    case 'function_exists': {
+      // Simple grep-based search
+      try {
+        const result = execSync(
+          `grep -rn "function ${subject.name}\\|const ${subject.name}\\|${subject.name} =" --include="*.ts" --include="*.js" .`,
+          { cwd: projectPath, encoding: 'utf8', timeout: 10000 }
+        );
+        const lines = result.trim().split('\n').filter(Boolean);
+        return {
+          result: lines.length > 0 ? 'true' : 'false',
+          evidence: lines.slice(0, 3).map(l => {
+            const [file, line] = l.split(':');
+            return { file, line: parseInt(line) };
+          }),
+          claim,
+          subject,
+        };
+      } catch {
+        return { result: 'false', evidence: [], claim, subject };
+      }
+    }
+    
+    default:
+      return { result: 'unknown', error: `Unknown claim type: ${claim}` };
+  }
+}
+
+async function searchCode(projectPath, args) {
+  const { query, filePattern, maxResults = 20 } = args;
+  
+  try {
+    const globFlag = filePattern ? `--include="${filePattern}"` : '--include="*.ts" --include="*.js" --include="*.tsx" --include="*.jsx"';
+    const result = execSync(
+      `grep -rn "${query}" ${globFlag} . | head -${maxResults}`,
+      { cwd: projectPath, encoding: 'utf8', timeout: 30000 }
+    );
+    
+    const matches = result.trim().split('\n').filter(Boolean).map(line => {
+      const colonIndex = line.indexOf(':');
+      const secondColon = line.indexOf(':', colonIndex + 1);
+      return {
+        file: line.substring(0, colonIndex),
+        line: parseInt(line.substring(colonIndex + 1, secondColon)),
+        content: line.substring(secondColon + 1).trim(),
+      };
+    });
+    
+    return { query, matches, total: matches.length };
+  } catch (error) {
+    return { query, matches: [], total: 0, error: error.message };
+  }
+}
+
+async function generateReport(projectPath, args) {
+  const format = args.format || 'html';
+  const result = execSync(
+    `node "${path.join(projectPath, 'node_modules/.bin/vibecheck')}" report --format ${format} --json`,
+    { cwd: projectPath, encoding: 'utf8', timeout: 60000 }
+  );
+  return JSON.parse(result);
+}
+
+async function manageAllowlist(projectPath, args) {
+  const { action, findingId, reason } = args;
+  
+  switch (action) {
+    case 'list':
+      return execSync(
+        `node "${path.join(projectPath, 'node_modules/.bin/vibecheck')}" scan --allowlist list --json`,
+        { cwd: projectPath, encoding: 'utf8', timeout: 30000 }
+      );
+    
+    case 'add':
+      if (!findingId || !reason) {
+        return { error: 'findingId and reason required for add' };
+      }
+      return execSync(
+        `node "${path.join(projectPath, 'node_modules/.bin/vibecheck')}" scan --allowlist add --id "${findingId}" --reason "${reason}"`,
+        { cwd: projectPath, encoding: 'utf8', timeout: 30000 }
+      );
+    
+    case 'remove':
+      if (!findingId) {
+        return { error: 'findingId required for remove' };
+      }
+      return execSync(
+        `node "${path.join(projectPath, 'node_modules/.bin/vibecheck')}" scan --allowlist remove --id "${findingId}"`,
+        { cwd: projectPath, encoding: 'utf8', timeout: 30000 }
+      );
+    
+    case 'check':
+      if (!findingId) {
+        return { error: 'findingId required for check' };
+      }
+      return execSync(
+        `node "${path.join(projectPath, 'node_modules/.bin/vibecheck')}" scan --allowlist check --id "${findingId}" --json`,
+        { cwd: projectPath, encoding: 'utf8', timeout: 30000 }
+      );
+    
+    default:
+      return { error: `Unknown action: ${action}` };
+  }
+}
+
+async function getStatus(projectPath) {
+  const configPath = path.join(projectPath, '.vibecheck', 'config.json');
+  const truthpackPath = path.join(projectPath, '.vibecheck', 'truthpack.json');
+  const resultsPath = path.join(projectPath, '.vibecheck', 'results', 'latest.json');
+  
+  const status = {
+    version: '3.2.0',
+    projectPath,
+    initialized: false,
+    lastVerdict: null,
+    findingsCount: 0,
+    truthpackAge: null,
+  };
+  
+  try {
+    await fs.access(configPath);
+    status.initialized = true;
+  } catch {}
+  
+  try {
+    const stats = await fs.stat(truthpackPath);
+    status.truthpackAge = stats.mtime.toISOString();
+  } catch {}
+  
+  try {
+    const results = JSON.parse(await fs.readFile(resultsPath, 'utf8'));
+    status.lastVerdict = results.verdict;
+    status.findingsCount = results.findings?.length || 0;
+  } catch {}
+  
+  return status;
+}
+
+export { TOOL_TIERS, checkTierAccess };
+
+export default {
+  MCP_TOOLS_V3,
+  handleToolV3,
+  TOOL_TIERS,
+  checkTierAccess,
+};