@vibecheckai/cli 3.2.0 → 3.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/runners/lib/agent-firewall/change-packet/builder.js +214 -0
- package/bin/runners/lib/agent-firewall/change-packet/schema.json +228 -0
- package/bin/runners/lib/agent-firewall/change-packet/store.js +200 -0
- package/bin/runners/lib/agent-firewall/claims/claim-types.js +21 -0
- package/bin/runners/lib/agent-firewall/claims/extractor.js +214 -0
- package/bin/runners/lib/agent-firewall/claims/patterns.js +24 -0
- package/bin/runners/lib/agent-firewall/evidence/auth-evidence.js +88 -0
- package/bin/runners/lib/agent-firewall/evidence/contract-evidence.js +75 -0
- package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +118 -0
- package/bin/runners/lib/agent-firewall/evidence/resolver.js +102 -0
- package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +142 -0
- package/bin/runners/lib/agent-firewall/evidence/side-effect-evidence.js +145 -0
- package/bin/runners/lib/agent-firewall/fs-hook/daemon.js +19 -0
- package/bin/runners/lib/agent-firewall/fs-hook/installer.js +87 -0
- package/bin/runners/lib/agent-firewall/fs-hook/watcher.js +184 -0
- package/bin/runners/lib/agent-firewall/git-hook/pre-commit.js +163 -0
- package/bin/runners/lib/agent-firewall/ide-extension/cursor.js +107 -0
- package/bin/runners/lib/agent-firewall/ide-extension/vscode.js +68 -0
- package/bin/runners/lib/agent-firewall/ide-extension/windsurf.js +66 -0
- package/bin/runners/lib/agent-firewall/interceptor/base.js +304 -0
- package/bin/runners/lib/agent-firewall/interceptor/cursor.js +35 -0
- package/bin/runners/lib/agent-firewall/interceptor/vscode.js +35 -0
- package/bin/runners/lib/agent-firewall/interceptor/windsurf.js +34 -0
- package/bin/runners/lib/agent-firewall/policy/default-policy.json +84 -0
- package/bin/runners/lib/agent-firewall/policy/engine.js +72 -0
- package/bin/runners/lib/agent-firewall/policy/loader.js +143 -0
- package/bin/runners/lib/agent-firewall/policy/rules/auth-drift.js +50 -0
- package/bin/runners/lib/agent-firewall/policy/rules/contract-drift.js +50 -0
- package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +61 -0
- package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js +50 -0
- package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +50 -0
- package/bin/runners/lib/agent-firewall/policy/rules/scope.js +93 -0
- package/bin/runners/lib/agent-firewall/policy/rules/unsafe-side-effect.js +57 -0
- package/bin/runners/lib/agent-firewall/policy/schema.json +183 -0
- package/bin/runners/lib/agent-firewall/policy/verdict.js +54 -0
- package/bin/runners/lib/agent-firewall/truthpack/index.js +67 -0
- package/bin/runners/lib/agent-firewall/truthpack/loader.js +116 -0
- package/bin/runners/lib/agent-firewall/unblock/planner.js +337 -0
- package/bin/runners/lib/analysis-core.js +198 -180
- package/bin/runners/lib/analyzers.js +1119 -536
- package/bin/runners/lib/detectors-v2.js +547 -785
- package/bin/runners/lib/fingerprint.js +377 -0
- package/bin/runners/lib/route-truth.js +1167 -322
- package/bin/runners/lib/scan-output.js +93 -9
- package/bin/runners/lib/truth.js +1004 -321
- package/bin/runners/runAgent.js +161 -0
- package/bin/runners/runFirewall.js +134 -0
- package/bin/runners/runFirewallHook.js +56 -0
- package/bin/runners/runScan.js +113 -10
- package/bin/runners/runTruth.js +89 -0
- package/mcp-server/agent-firewall-interceptor.js +164 -0
- package/mcp-server/index.js +347 -313
- package/mcp-server/truth-context.js +131 -90
- package/mcp-server/truth-firewall-tools.js +1412 -1045
- package/package.json +1 -1
|
@@ -208,12 +208,79 @@ function renderPremiumScoreCard(score, options = {}) {
|
|
|
208
208
|
return lines.join('\n');
|
|
209
209
|
}
|
|
210
210
|
|
|
211
|
+
// ═══════════════════════════════════════════════════════════════════════════════
|
|
212
|
+
// DIFF SUMMARY (NEW / FIXED / PERSISTING)
|
|
213
|
+
// ═══════════════════════════════════════════════════════════════════════════════
|
|
214
|
+
|
|
215
|
+
function renderDiffSummary(diff) {
|
|
216
|
+
if (!diff) return '';
|
|
217
|
+
|
|
218
|
+
const lines = [];
|
|
219
|
+
const width = 70;
|
|
220
|
+
|
|
221
|
+
lines.push('');
|
|
222
|
+
lines.push(` ${palette.header}${ansi.bold}📊 CHANGES SINCE LAST SCAN${ansi.reset}`);
|
|
223
|
+
lines.push(` ${palette.border}${B.lh.repeat(width - 4)}${ansi.reset}`);
|
|
224
|
+
lines.push('');
|
|
225
|
+
|
|
226
|
+
const parts = [];
|
|
227
|
+
|
|
228
|
+
// NEW findings (bad - things got worse)
|
|
229
|
+
if (diff.summary.newCount > 0) {
|
|
230
|
+
parts.push(` ${ansi.bgRgb(180, 50, 50)}${ansi.bold} +${diff.summary.newCount} NEW ${ansi.reset}`);
|
|
231
|
+
lines.push(` ${palette.critical}▲${ansi.reset} ${ansi.bold}${diff.summary.newCount}${ansi.reset} ${palette.critical}new issues${ansi.reset} introduced`);
|
|
232
|
+
}
|
|
233
|
+
|
|
234
|
+
// FIXED findings (good - things got better)
|
|
235
|
+
if (diff.summary.fixedCount > 0) {
|
|
236
|
+
parts.push(` ${ansi.bgRgb(50, 150, 80)}${ansi.bold} -${diff.summary.fixedCount} FIXED ${ansi.reset}`);
|
|
237
|
+
lines.push(` ${palette.pass}▼${ansi.reset} ${ansi.bold}${diff.summary.fixedCount}${ansi.reset} ${palette.pass}issues fixed${ansi.reset} since last scan`);
|
|
238
|
+
}
|
|
239
|
+
|
|
240
|
+
// PERSISTING (neutral - still there)
|
|
241
|
+
if (diff.summary.persistingCount > 0) {
|
|
242
|
+
lines.push(` ${palette.muted}●${ansi.reset} ${ansi.bold}${diff.summary.persistingCount}${ansi.reset} ${palette.muted}persisting issues${ansi.reset}`);
|
|
243
|
+
}
|
|
244
|
+
|
|
245
|
+
// Show top new issues
|
|
246
|
+
if (diff.new && diff.new.length > 0) {
|
|
247
|
+
lines.push('');
|
|
248
|
+
lines.push(` ${palette.critical}${ansi.bold}New issues:${ansi.reset}`);
|
|
249
|
+
for (const finding of diff.new.slice(0, 3)) {
|
|
250
|
+
const file = finding.file || finding.evidence?.[0]?.file || '';
|
|
251
|
+
const shortFile = file.split('/').slice(-2).join('/');
|
|
252
|
+
lines.push(` ${palette.critical}+${ansi.reset} ${finding.category}: ${palette.muted}${shortFile}${ansi.reset}`);
|
|
253
|
+
}
|
|
254
|
+
if (diff.new.length > 3) {
|
|
255
|
+
lines.push(` ${palette.muted}... and ${diff.new.length - 3} more${ansi.reset}`);
|
|
256
|
+
}
|
|
257
|
+
}
|
|
258
|
+
|
|
259
|
+
// Show top fixed issues
|
|
260
|
+
if (diff.fixed && diff.fixed.length > 0) {
|
|
261
|
+
lines.push('');
|
|
262
|
+
lines.push(` ${palette.pass}${ansi.bold}Fixed issues:${ansi.reset}`);
|
|
263
|
+
for (const finding of diff.fixed.slice(0, 3)) {
|
|
264
|
+
const file = finding.file || '';
|
|
265
|
+
const shortFile = file.split('/').slice(-2).join('/');
|
|
266
|
+
lines.push(` ${palette.pass}-${ansi.reset} ${finding.category}: ${palette.muted}${shortFile}${ansi.reset}`);
|
|
267
|
+
}
|
|
268
|
+
if (diff.fixed.length > 3) {
|
|
269
|
+
lines.push(` ${palette.muted}... and ${diff.fixed.length - 3} more${ansi.reset}`);
|
|
270
|
+
}
|
|
271
|
+
}
|
|
272
|
+
|
|
273
|
+
lines.push('');
|
|
274
|
+
|
|
275
|
+
return lines.join('\n');
|
|
276
|
+
}
|
|
277
|
+
|
|
211
278
|
// ═══════════════════════════════════════════════════════════════════════════════
|
|
212
279
|
// BLOCKERS TABLE
|
|
213
280
|
// ═══════════════════════════════════════════════════════════════════════════════
|
|
214
281
|
|
|
215
282
|
function renderBlockersTable(blockers, options = {}) {
|
|
216
|
-
const { maxItems = 10 } = options;
|
|
283
|
+
const { maxItems = 10, showStatus = false } = options;
|
|
217
284
|
|
|
218
285
|
if (!blockers || blockers.length === 0) {
|
|
219
286
|
const lines = [];
|
|
@@ -225,8 +292,12 @@ function renderBlockersTable(blockers, options = {}) {
|
|
|
225
292
|
const lines = [];
|
|
226
293
|
const width = 70;
|
|
227
294
|
|
|
295
|
+
// Count new blockers for header
|
|
296
|
+
const newCount = blockers.filter(b => b.status === 'NEW').length;
|
|
297
|
+
const headerExtra = newCount > 0 ? ` ${ansi.bgRgb(180, 50, 50)}${ansi.bold} +${newCount} NEW ${ansi.reset}` : '';
|
|
298
|
+
|
|
228
299
|
lines.push('');
|
|
229
|
-
lines.push(` ${palette.critical}${ansi.bold}🚨 SHIP BLOCKERS (${blockers.length})${ansi.reset}`);
|
|
300
|
+
lines.push(` ${palette.critical}${ansi.bold}🚨 SHIP BLOCKERS (${blockers.length})${ansi.reset}${headerExtra}`);
|
|
230
301
|
lines.push(` ${palette.border}${B.lh.repeat(width - 4)}${ansi.reset}`);
|
|
231
302
|
lines.push('');
|
|
232
303
|
|
|
@@ -245,14 +316,22 @@ function renderBlockersTable(blockers, options = {}) {
|
|
|
245
316
|
// Severity badge
|
|
246
317
|
const badge = `${sevColor}${ansi.bold}${sevLabel}${ansi.reset}`;
|
|
247
318
|
|
|
319
|
+
// Status badge (NEW/PERSISTING)
|
|
320
|
+
let statusBadge = '';
|
|
321
|
+
if (showStatus && blocker.status === 'NEW') {
|
|
322
|
+
statusBadge = ` ${ansi.bgRgb(180, 50, 50)}${ansi.bold} NEW ${ansi.reset}`;
|
|
323
|
+
}
|
|
324
|
+
|
|
248
325
|
// Title (truncated)
|
|
249
|
-
const title = truncate(blocker.title || blocker.message || 'Unknown issue',
|
|
326
|
+
const title = truncate(blocker.title || blocker.message || 'Unknown issue', 42);
|
|
250
327
|
|
|
251
|
-
lines.push(` ${num} ${badge} ${ansi.bold}${title}${ansi.reset}`);
|
|
328
|
+
lines.push(` ${num} ${badge}${statusBadge} ${ansi.bold}${title}${ansi.reset}`);
|
|
252
329
|
|
|
253
330
|
// File location
|
|
254
|
-
if (blocker.file) {
|
|
255
|
-
const
|
|
331
|
+
if (blocker.file || blocker.evidence?.[0]?.file) {
|
|
332
|
+
const file = blocker.file || blocker.evidence?.[0]?.file;
|
|
333
|
+
const line = blocker.line || blocker.evidence?.[0]?.lines;
|
|
334
|
+
const fileDisplay = file + (line ? `:${line}` : '');
|
|
256
335
|
lines.push(` ${palette.muted}└─${ansi.reset} ${palette.accent}${truncate(fileDisplay, 55)}${ansi.reset}`);
|
|
257
336
|
}
|
|
258
337
|
|
|
@@ -579,7 +658,7 @@ function formatScanOutput(result, options = {}) {
|
|
|
579
658
|
return JSON.stringify(result, null, 2);
|
|
580
659
|
}
|
|
581
660
|
|
|
582
|
-
const { verdict, findings = [], layers = [], coverage, breakdown, timings = {} } = result;
|
|
661
|
+
const { verdict, findings = [], layers = [], coverage, breakdown, timings = {}, diff } = result;
|
|
583
662
|
|
|
584
663
|
// Count findings by severity
|
|
585
664
|
const severityCounts = {
|
|
@@ -595,6 +674,11 @@ function formatScanOutput(result, options = {}) {
|
|
|
595
674
|
|
|
596
675
|
const lines = [];
|
|
597
676
|
|
|
677
|
+
// Diff summary (if baseline comparison was done)
|
|
678
|
+
if (diff && (diff.summary.newCount > 0 || diff.summary.fixedCount > 0)) {
|
|
679
|
+
lines.push(renderDiffSummary(diff));
|
|
680
|
+
}
|
|
681
|
+
|
|
598
682
|
// Premium score card
|
|
599
683
|
lines.push(renderPremiumScoreCard(score, {
|
|
600
684
|
verdict: verdictStatus,
|
|
@@ -603,11 +687,11 @@ function formatScanOutput(result, options = {}) {
|
|
|
603
687
|
cached: result.cached,
|
|
604
688
|
}));
|
|
605
689
|
|
|
606
|
-
// Blockers table
|
|
690
|
+
// Blockers table (with status badges)
|
|
607
691
|
const blockers = findings.filter(f =>
|
|
608
692
|
f.severity === 'critical' || f.severity === 'BLOCK' || f.severity === 'high'
|
|
609
693
|
);
|
|
610
|
-
lines.push(renderBlockersTable(blockers));
|
|
694
|
+
lines.push(renderBlockersTable(blockers, { showStatus: !!diff }));
|
|
611
695
|
|
|
612
696
|
// Category table with visual bars
|
|
613
697
|
if (findings.length > 0) {
|