@vibecheckai/cli 3.2.2 → 3.2.4

package/bin/runners/runGuard.js

@@ -1,168 +1,168 @@
-/**
- * vibecheck guard - Unified trust boundary enforcement
- * 
- * Combines: validate + claim-verifier + prompt-firewall
- * 
- * Usage:
- *   vibecheck guard                    # Run all checks
- *   vibecheck guard --claims           # Verify AI claims against truthpack
- *   vibecheck guard --prompts          # Check for prompt injection
- *   vibecheck guard --hallucinations   # Detect AI hallucination patterns
- */
-
-const path = require("path");
-const fs = require("fs");
-
-// Import underlying implementations
-const { runValidate } = require("./runValidate");
-const { runPromptFirewall } = require("./runPromptFirewall");
-
-// ANSI colors
-const c = {
-  reset: "\x1b[0m",
-  dim: "\x1b[2m",
-  bold: "\x1b[1m",
-  cyan: "\x1b[36m",
-  green: "\x1b[32m",
-  yellow: "\x1b[33m",
-  red: "\x1b[31m",
-  magenta: "\x1b[35m",
-};
-
-function printHelp() {
-  console.log(`
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-  ${c.bold}vibecheck guard${c.reset} - Trust boundary enforcement for AI outputs
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-
-${c.green}USAGE${c.reset}
-  vibecheck guard [options]
-
-${c.yellow}OPTIONS${c.reset}
-  --claims           Verify AI claims against truthpack (route_exists, auth_enforced, etc.)
-  --prompts          Check code for prompt injection vulnerabilities
-  --hallucinations   Detect AI hallucination patterns in generated code
-  --file <path>      Check specific file(s)
-  --json             Output JSON for CI integration
-  --strict           Fail on warnings (default: fail on errors only)
-
-${c.magenta}EXAMPLES${c.reset}
-  vibecheck guard                           # Run all checks
-  vibecheck guard --claims --file api.ts    # Verify claims in specific file
-  vibecheck guard --prompts                 # Prompt injection scan
-  vibecheck guard --json                    # CI-friendly output
-
-${c.dim}This command unifies trust boundary checks for AI-generated code.${c.reset}
-`);
-}
-
-async function runGuard(args = []) {
-  // Parse arguments
-  if (args.includes("--help") || args.includes("-h")) {
-    printHelp();
-    return 0;
-  }
-
-  const runClaims = args.includes("--claims") || (!args.includes("--prompts") && !args.includes("--hallucinations"));
-  const runPrompts = args.includes("--prompts") || (!args.includes("--claims") && !args.includes("--hallucinations"));
-  const runHallucinations = args.includes("--hallucinations") || (!args.includes("--claims") && !args.includes("--prompts"));
-  const jsonOutput = args.includes("--json");
-  const strict = args.includes("--strict");
-
-  const results = {
-    claims: null,
-    prompts: null,
-    hallucinations: null,
-    verdict: "PASS",
-    errors: 0,
-    warnings: 0,
-  };
-
-  console.log(`
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-  ${c.bold}🛡️  VIBECHECK GUARD${c.reset} - Trust Boundary Enforcement
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-`);
-
-  // Run claims verification (validates AI claims against truthpack)
-  if (runClaims) {
-    console.log(`${c.dim}▸ Verifying AI claims against truthpack...${c.reset}`);
-    try {
-      const validateArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
-      const exitCode = await runValidate(validateArgs);
-      results.claims = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
-      if (exitCode !== 0) {
-        results.errors++;
-        results.verdict = "FAIL";
-      }
-      console.log(exitCode === 0 
-        ? `  ${c.green}✓${c.reset} Claims verified` 
-        : `  ${c.red}✗${c.reset} Claim verification failed`);
-    } catch (e) {
-      results.claims = { error: e.message };
-      console.log(`  ${c.yellow}⚠${c.reset} Claims check skipped: ${e.message}`);
-    }
-  }
-
-  // Run prompt injection detection
-  if (runPrompts) {
-    console.log(`${c.dim}▸ Scanning for prompt injection vulnerabilities...${c.reset}`);
-    try {
-      const firewallArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
-      const exitCode = await runPromptFirewall(firewallArgs);
-      results.prompts = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
-      if (exitCode !== 0) {
-        results.warnings++;
-        if (strict) results.verdict = "FAIL";
-      }
-      console.log(exitCode === 0 
-        ? `  ${c.green}✓${c.reset} No prompt injection risks` 
-        : `  ${c.yellow}⚠${c.reset} Prompt injection risks detected`);
-    } catch (e) {
-      results.prompts = { error: e.message };
-      console.log(`  ${c.yellow}⚠${c.reset} Prompt check skipped: ${e.message}`);
-    }
-  }
-
-  // Run hallucination detection
-  if (runHallucinations) {
-    console.log(`${c.dim}▸ Detecting hallucination patterns...${c.reset}`);
-    // Use validate with hallucination focus
-    try {
-      const validateArgs = ["--hallucinations", ...args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a))];
-      const exitCode = await runValidate(validateArgs);
-      results.hallucinations = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
-      if (exitCode !== 0) {
-        results.warnings++;
-        if (strict) results.verdict = "FAIL";
-      }
-      console.log(exitCode === 0 
-        ? `  ${c.green}✓${c.reset} No hallucination patterns` 
-        : `  ${c.yellow}⚠${c.reset} Potential hallucinations detected`);
-    } catch (e) {
-      results.hallucinations = { error: e.message };
-      console.log(`  ${c.yellow}⚠${c.reset} Hallucination check skipped: ${e.message}`);
-    }
-  }
-
-  // Summary
-  console.log(`
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}`);
-  
-  if (results.verdict === "PASS") {
-    console.log(`  ${c.green}${c.bold}✓ GUARD PASS${c.reset} - All trust boundaries intact`);
-  } else {
-    console.log(`  ${c.red}${c.bold}✗ GUARD FAIL${c.reset} - Trust boundary violations detected`);
-  }
-
-  console.log(`${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-`);
-
-  if (jsonOutput) {
-    console.log(JSON.stringify(results, null, 2));
-  }
-
-  return results.verdict === "PASS" ? 0 : (results.errors > 0 ? 2 : 1);
-}
-
-module.exports = { runGuard };
+/**
+ * vibecheck guard - Unified trust boundary enforcement
+ * 
+ * Combines: validate + claim-verifier + prompt-firewall
+ * 
+ * Usage:
+ *   vibecheck guard                    # Run all checks
+ *   vibecheck guard --claims           # Verify AI claims against truthpack
+ *   vibecheck guard --prompts          # Check for prompt injection
+ *   vibecheck guard --hallucinations   # Detect AI hallucination patterns
+ */
+
+const path = require("path");
+const fs = require("fs");
+
+// Import underlying implementations
+const { runValidate } = require("./runValidate");
+const { runPromptFirewall } = require("./runPromptFirewall");
+
+// ANSI colors
+const c = {
+  reset: "\x1b[0m",
+  dim: "\x1b[2m",
+  bold: "\x1b[1m",
+  cyan: "\x1b[36m",
+  green: "\x1b[32m",
+  yellow: "\x1b[33m",
+  red: "\x1b[31m",
+  magenta: "\x1b[35m",
+};
+
+function printHelp() {
+  console.log(`
+${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
+  ${c.bold}vibecheck guard${c.reset} - Trust boundary enforcement for AI outputs
+${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
+
+${c.green}USAGE${c.reset}
+  vibecheck guard [options]
+
+${c.yellow}OPTIONS${c.reset}
+  --claims           Verify AI claims against truthpack (route_exists, auth_enforced, etc.)
+  --prompts          Check code for prompt injection vulnerabilities
+  --hallucinations   Detect AI hallucination patterns in generated code
+  --file <path>      Check specific file(s)
+  --json             Output JSON for CI integration
+  --strict           Fail on warnings (default: fail on errors only)
+
+${c.magenta}EXAMPLES${c.reset}
+  vibecheck guard                           # Run all checks
+  vibecheck guard --claims --file api.ts    # Verify claims in specific file
+  vibecheck guard --prompts                 # Prompt injection scan
+  vibecheck guard --json                    # CI-friendly output
+
+${c.dim}This command unifies trust boundary checks for AI-generated code.${c.reset}
+`);
+}
+
+async function runGuard(args = []) {
+  // Parse arguments
+  if (args.includes("--help") || args.includes("-h")) {
+    printHelp();
+    return 0;
+  }
+
+  const runClaims = args.includes("--claims") || (!args.includes("--prompts") && !args.includes("--hallucinations"));
+  const runPrompts = args.includes("--prompts") || (!args.includes("--claims") && !args.includes("--hallucinations"));
+  const runHallucinations = args.includes("--hallucinations") || (!args.includes("--claims") && !args.includes("--prompts"));
+  const jsonOutput = args.includes("--json");
+  const strict = args.includes("--strict");
+
+  const results = {
+    claims: null,
+    prompts: null,
+    hallucinations: null,
+    verdict: "PASS",
+    errors: 0,
+    warnings: 0,
+  };
+
+  console.log(`
+${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
+  ${c.bold}🛡️  VIBECHECK GUARD${c.reset} - Trust Boundary Enforcement
+${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
+`);
+
+  // Run claims verification (validates AI claims against truthpack)
+  if (runClaims) {
+    console.log(`${c.dim}▸ Verifying AI claims against truthpack...${c.reset}`);
+    try {
+      const validateArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
+      const exitCode = await runValidate(validateArgs);
+      results.claims = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
+      if (exitCode !== 0) {
+        results.errors++;
+        results.verdict = "FAIL";
+      }
+      console.log(exitCode === 0 
+        ? `  ${c.green}✓${c.reset} Claims verified` 
+        : `  ${c.red}✗${c.reset} Claim verification failed`);
+    } catch (e) {
+      results.claims = { error: e.message };
+      console.log(`  ${c.yellow}⚠${c.reset} Claims check skipped: ${e.message}`);
+    }
+  }
+
+  // Run prompt injection detection
+  if (runPrompts) {
+    console.log(`${c.dim}▸ Scanning for prompt injection vulnerabilities...${c.reset}`);
+    try {
+      const firewallArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
+      const exitCode = await runPromptFirewall(firewallArgs);
+      results.prompts = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
+      if (exitCode !== 0) {
+        results.warnings++;
+        if (strict) results.verdict = "FAIL";
+      }
+      console.log(exitCode === 0 
+        ? `  ${c.green}✓${c.reset} No prompt injection risks` 
+        : `  ${c.yellow}⚠${c.reset} Prompt injection risks detected`);
+    } catch (e) {
+      results.prompts = { error: e.message };
+      console.log(`  ${c.yellow}⚠${c.reset} Prompt check skipped: ${e.message}`);
+    }
+  }
+
+  // Run hallucination detection
+  if (runHallucinations) {
+    console.log(`${c.dim}▸ Detecting hallucination patterns...${c.reset}`);
+    // Use validate with hallucination focus
+    try {
+      const validateArgs = ["--hallucinations", ...args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a))];
+      const exitCode = await runValidate(validateArgs);
+      results.hallucinations = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
+      if (exitCode !== 0) {
+        results.warnings++;
+        if (strict) results.verdict = "FAIL";
+      }
+      console.log(exitCode === 0 
+        ? `  ${c.green}✓${c.reset} No hallucination patterns` 
+        : `  ${c.yellow}⚠${c.reset} Potential hallucinations detected`);
+    } catch (e) {
+      results.hallucinations = { error: e.message };
+      console.log(`  ${c.yellow}⚠${c.reset} Hallucination check skipped: ${e.message}`);
+    }
+  }
+
+  // Summary
+  console.log(`
+${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}`);
+  
+  if (results.verdict === "PASS") {
+    console.log(`  ${c.green}${c.bold}✓ GUARD PASS${c.reset} - All trust boundaries intact`);
+  } else {
+    console.log(`  ${c.red}${c.bold}✗ GUARD FAIL${c.reset} - Trust boundary violations detected`);
+  }
+
+  console.log(`${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
+`);
+
+  if (jsonOutput) {
+    console.log(JSON.stringify(results, null, 2));
+  }
+
+  return results.verdict === "PASS" ? 0 : (results.errors > 0 ? 2 : 1);
+}
+
+module.exports = { runGuard };

package/bin/runners/runProve.js

@@ -31,6 +31,7 @@ const {
   saveArtifact 
 } = require("./lib/cli-output");
 const { parseGlobalFlags, shouldShowBanner } = require("./lib/global-flags");
+const upsell = require("./lib/upsell");
 
 let runReality;
 try {
@@ -1410,6 +1411,13 @@ async function runProve(argsOrOpts = {}, context = {}) {
       console.log(`  ${colors.accent}vibecheck ship --fix${c.reset}  ${c.dim}Manual fix mode${c.reset}`);
       console.log();
     }
+    
+    // Upsell for upgrade
+    console.log(upsell.formatNextSteps("prove", finalVerdict, "free"));
+    console.log();
+    console.log(`  ${c.dim}${upsell.sym.star} Upgrade for unlimited prove runs + video artifacts${c.reset}`);
+    console.log(`  ${c.dim}${upsell.sym.arrow} ${upsell.PRICING_URL}${c.reset}`);
+    console.log();
   } else if (ci) {
     // CI mode - structured output for easy parsing
     console.log(`::group::vibecheck prove summary`);

package/bin/runners/runReality.js

@@ -32,6 +32,7 @@ const { parseGlobalFlags, shouldShowBanner } = require("./lib/global-flags");
 
 // Entitlements enforcement
 const entitlements = require("./lib/entitlements-v2");
+const upsell = require("./lib/upsell");
 
 let chromium;
 let playwrightError = null;
@@ -2076,6 +2077,19 @@ async function runReality(argsOrOpts = {}) {
     console.log();
   }
 
+  // Upsell for free tier users running in preview mode
+  const currentTier = entitlements.getCurrentTierSync ? entitlements.getCurrentTierSync() : 'free';
+  if (currentTier === 'free') {
+    console.log(upsell.formatEarnedUpsell({
+      cmd: "reality",
+      why: "cap_hit",
+      topIssues: findings.slice(0, 5),
+      upgradeTier: "starter",
+    }));
+    console.log(upsell.formatNextSteps("reality", blocks > 0 ? "BLOCK" : warns > 0 ? "WARN" : "SHIP", currentTier));
+    console.log();
+  }
+
   process.exitCode = blocks ? 2 : warns ? 1 : 0;
   return process.exitCode;
 }

package/bin/runners/runScan.js

@@ -763,6 +763,13 @@ async function runScan(args) {
         findDeprecatedApis,
         findEmptyCatch,
         findUnsafeRegex,
+        findSecurityVulnerabilities,
+        findPerformanceIssues,
+        findCodeQualityIssues,
+        findCrossFileIssues,
+        findTypeSafetyIssues,
+        findAccessibilityIssues,
+        findAPIConsistencyIssues,
         clearFileCache, // V3: Memory management
       } = require('./lib/analyzers');
       
@@ -789,8 +796,17 @@ async function runScan(args) {
         findings.push(...findEmptyCatch(projectPath));
         findings.push(...findUnsafeRegex(projectPath));
         
-        // V3: Clear file cache to prevent memory leaks in large monorepos
+        // Enhanced analyzers (Security, Performance, Code Quality)
+        findings.push(...findSecurityVulnerabilities(projectPath));
+        findings.push(...findPerformanceIssues(projectPath));
+        findings.push(...findCodeQualityIssues(projectPath));
+        
+        // V3: Clear file cache and AST cache to prevent memory leaks in large monorepos
         clearFileCache();
+        const engines = require("./lib/engines/vibecheck-engines");
+        if (engines.clearASTCache) {
+          engines.clearASTCache();
+        }
         
         // Convert to scan format matching TypeScript scanner output
         const shipBlockers = findings.map((f, i) => ({

package/bin/runners/runTruth.js

@@ -37,10 +37,22 @@ async function runTruth(options = {}) {
     // Write truthpack files based on scope
     if (scope === "all" || scope === "routes") {
       const routesFile = path.join(truthpackDir, "routes.json");
+      // Extract routes from truthpack structure: truthpack.truthpack.routes.server
+      const serverRoutes = truthpack.truthpack?.routes?.server || [];
+      const gaps = truthpack.truthpack?.routes?.gaps || [];
+      const stack = truthpack.truthpack?.project || {};
+      
       fs.writeFileSync(routesFile, JSON.stringify({
-        routes: truthpack.routes || [],
-        gaps: truthpack.gaps || [],
-        stack: truthpack.stack || {}
+        routes: serverRoutes.map(r => ({
+          path: r.path,
+          method: r.method,
+          handler: r.handler || r.source
+        })),
+        gaps: gaps,
+        stack: {
+          framework: stack.frameworks?.[0] || "unknown",
+          language: "typescript"
+        }
       }, null, 2));
     }
     

package/mcp-server/tier-auth.js

@@ -197,7 +197,7 @@ export async function checkFeatureAccess(featureName, providedApiKey = null) {
       hasAccess: false,
       tier: 'free',
       reason: 'No API key provided. Run: vibecheck auth --key YOUR_API_KEY',
-      upgradeUrl: 'https://vibecheckai.dev/pricing'
+      upgradeUrl: 'https://vibecheckai.dev'
     };
   }
   
@@ -222,7 +222,7 @@ export async function checkFeatureAccess(featureName, providedApiKey = null) {
       hasAccess: false,
       tier: currentTier,
       reason: `${featureName} is not available in any tier`,
-      upgradeUrl: 'https://vibecheckai.dev/pricing'
+      upgradeUrl: 'https://vibecheckai.dev'
     };
   }
   
@@ -235,7 +235,7 @@ export async function checkFeatureAccess(featureName, providedApiKey = null) {
       tier: currentTier,
       requiredTier,
       reason: `${featureName} requires ${requiredTierConfig.name} tier ($${requiredTierConfig.price}/mo) or higher. Current tier: ${currentTierConfig.name}`,
-      upgradeUrl: 'https://vibecheckai.dev/pricing'
+      upgradeUrl: 'https://vibecheckai.dev'
     };
   }
   
@@ -322,7 +322,7 @@ export async function checkMcpToolAccess(toolName, providedApiKey = null) {
       reason: requiredTierConfig 
         ? `${toolName} requires ${requiredTierConfig.name} tier ($${requiredTierConfig.price}/mo). Current: ${currentTierConfig.name}`
         : `${toolName} is not available`,
-      upgradeUrl: 'https://vibecheckai.dev/pricing'
+      upgradeUrl: 'https://vibecheckai.dev'
     };
   }
   

package/mcp-server/tools/index.js

@@ -1,72 +1,72 @@
-/**
- * MCP Tools Index - Single Entry Point for All Tools
- * 
- * This module exports all MCP tools in a unified structure.
- * Internal modules are organized by category but presented as one toolset.
- * 
- * Tool Categories:
- * - Core: scan, ship, reality, fix, prove, report
- * - Truth: ctx, guard, validate_claim, compile_context
- * - AI: checkpoint, architect, intelligence
- * 
- * Usage:
- *   import { ALL_TOOLS, handleTool } from './tools/index.js';
- */
-
-// Re-export consolidated tools as the primary interface
-export { CONSOLIDATED_TOOLS, handleConsolidatedTool } from '../consolidated-tools.js';
-
-// Re-export truth firewall (hallucination stopper)
-export { TRUTH_FIREWALL_TOOLS, handleTruthFirewallTool } from '../truth-firewall-tools.js';
-
-// Re-export truth context
-export { TRUTH_CONTEXT_TOOLS, handleTruthContextTool } from '../truth-context.js';
-
-/**
- * Get all recommended tools (consolidated + truth firewall)
- */
-export function getRecommendedTools() {
-  const { CONSOLIDATED_TOOLS } = require('../consolidated-tools.js');
-  const { TRUTH_FIREWALL_TOOLS } = require('../truth-firewall-tools.js');
-  return [...CONSOLIDATED_TOOLS, ...TRUTH_FIREWALL_TOOLS];
-}
-
-/**
- * Handle any tool call by routing to the appropriate handler
- */
-export async function handleToolCall(toolName, args) {
-  // Route to consolidated handler first
-  const { handleConsolidatedTool, CONSOLIDATED_TOOLS } = await import('../consolidated-tools.js');
-  const consolidatedNames = CONSOLIDATED_TOOLS.map(t => t.name);
-  
-  if (consolidatedNames.includes(toolName)) {
-    return handleConsolidatedTool(toolName, args);
-  }
-  
-  // Route to truth firewall
-  const { handleTruthFirewallTool, TRUTH_FIREWALL_TOOLS } = await import('../truth-firewall-tools.js');
-  const firewallNames = TRUTH_FIREWALL_TOOLS.map(t => t.name);
-  
-  if (firewallNames.includes(toolName)) {
-    return handleTruthFirewallTool(toolName, args);
-  }
-  
-  // Route to truth context
-  const { handleTruthContextTool, TRUTH_CONTEXT_TOOLS } = await import('../truth-context.js');
-  const contextNames = TRUTH_CONTEXT_TOOLS.map(t => t.name);
-  
-  if (contextNames.includes(toolName)) {
-    return handleTruthContextTool(toolName, args);
-  }
-  
-  throw new Error(`Unknown tool: ${toolName}`);
-}
-
-/**
- * Tool categories for documentation
- */
-export const TOOL_CATEGORIES = {
-  core: ['vibecheck.scan', 'vibecheck.ship', 'vibecheck.reality', 'vibecheck.fix', 'vibecheck.prove', 'vibecheck.report'],
-  truth: ['vibecheck.ctx', 'vibecheck.get_truthpack', 'vibecheck.validate_claim', 'vibecheck.compile_context'],
-  guard: ['vibecheck.guard', 'vibecheck.check_route', 'vibecheck.check_env', 'vibecheck.check_auth'],
-};
+/**
+ * MCP Tools Index - Single Entry Point for All Tools
+ * 
+ * This module exports all MCP tools in a unified structure.
+ * Internal modules are organized by category but presented as one toolset.
+ * 
+ * Tool Categories:
+ * - Core: scan, ship, reality, fix, prove, report
+ * - Truth: ctx, guard, validate_claim, compile_context
+ * - AI: checkpoint, architect, intelligence
+ * 
+ * Usage:
+ *   import { ALL_TOOLS, handleTool } from './tools/index.js';
+ */
+
+// Re-export consolidated tools as the primary interface
+export { CONSOLIDATED_TOOLS, handleConsolidatedTool } from '../consolidated-tools.js';
+
+// Re-export truth firewall (hallucination stopper)
+export { TRUTH_FIREWALL_TOOLS, handleTruthFirewallTool } from '../truth-firewall-tools.js';
+
+// Re-export truth context
+export { TRUTH_CONTEXT_TOOLS, handleTruthContextTool } from '../truth-context.js';
+
+/**
+ * Get all recommended tools (consolidated + truth firewall)
+ */
+export function getRecommendedTools() {
+  const { CONSOLIDATED_TOOLS } = require('../consolidated-tools.js');
+  const { TRUTH_FIREWALL_TOOLS } = require('../truth-firewall-tools.js');
+  return [...CONSOLIDATED_TOOLS, ...TRUTH_FIREWALL_TOOLS];
+}
+
+/**
+ * Handle any tool call by routing to the appropriate handler
+ */
+export async function handleToolCall(toolName, args) {
+  // Route to consolidated handler first
+  const { handleConsolidatedTool, CONSOLIDATED_TOOLS } = await import('../consolidated-tools.js');
+  const consolidatedNames = CONSOLIDATED_TOOLS.map(t => t.name);
+  
+  if (consolidatedNames.includes(toolName)) {
+    return handleConsolidatedTool(toolName, args);
+  }
+  
+  // Route to truth firewall
+  const { handleTruthFirewallTool, TRUTH_FIREWALL_TOOLS } = await import('../truth-firewall-tools.js');
+  const firewallNames = TRUTH_FIREWALL_TOOLS.map(t => t.name);
+  
+  if (firewallNames.includes(toolName)) {
+    return handleTruthFirewallTool(toolName, args);
+  }
+  
+  // Route to truth context
+  const { handleTruthContextTool, TRUTH_CONTEXT_TOOLS } = await import('../truth-context.js');
+  const contextNames = TRUTH_CONTEXT_TOOLS.map(t => t.name);
+  
+  if (contextNames.includes(toolName)) {
+    return handleTruthContextTool(toolName, args);
+  }
+  
+  throw new Error(`Unknown tool: ${toolName}`);
+}
+
+/**
+ * Tool categories for documentation
+ */
+export const TOOL_CATEGORIES = {
+  core: ['vibecheck.scan', 'vibecheck.ship', 'vibecheck.reality', 'vibecheck.fix', 'vibecheck.prove', 'vibecheck.report'],
+  truth: ['vibecheck.ctx', 'vibecheck.get_truthpack', 'vibecheck.validate_claim', 'vibecheck.compile_context'],
+  guard: ['vibecheck.guard', 'vibecheck.check_route', 'vibecheck.check_env', 'vibecheck.check_auth'],
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vibecheckai/cli",
-  "version": "3.2.2",
+  "version": "3.2.4",
   "description": "Vibecheck CLI - Ship with confidence. One verdict: SHIP | WARN | BLOCK.",
   "main": "bin/vibecheck.js",
   "bin": {