npm - @vibecheckai/cli - Versions diffs - 3.2.2 → 3.2.4 - Mend

@vibecheckai/cli 3.2.2 → 3.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (170) hide show

package/bin/.generated +25 -25
package/bin/dev/run-v2-torture.js +30 -30
package/bin/runners/ENHANCEMENT_GUIDE.md +121 -121
package/bin/runners/lib/__tests__/entitlements-v2.test.js +295 -295
package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +474 -0
package/bin/runners/lib/agent-firewall/claims/extractor.js +117 -28
package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +23 -14
package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +72 -1
package/bin/runners/lib/agent-firewall/interceptor/base.js +2 -2
package/bin/runners/lib/agent-firewall/policy/default-policy.json +6 -0
package/bin/runners/lib/agent-firewall/policy/engine.js +34 -3
package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +29 -4
package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +12 -0
package/bin/runners/lib/agent-firewall/truthpack/loader.js +21 -0
package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +118 -0
package/bin/runners/lib/analyzers.js +606 -325
package/bin/runners/lib/auth-truth.js +193 -193
package/bin/runners/lib/backup.js +62 -62
package/bin/runners/lib/billing.js +107 -107
package/bin/runners/lib/claims.js +118 -118
package/bin/runners/lib/cli-ui.js +540 -540
package/bin/runners/lib/contracts/auth-contract.js +202 -202
package/bin/runners/lib/contracts/env-contract.js +181 -181
package/bin/runners/lib/contracts/external-contract.js +206 -206
package/bin/runners/lib/contracts/guard.js +168 -168
package/bin/runners/lib/contracts/index.js +89 -89
package/bin/runners/lib/contracts/plan-validator.js +311 -311
package/bin/runners/lib/contracts/route-contract.js +199 -199
package/bin/runners/lib/contracts.js +804 -804
package/bin/runners/lib/detect.js +89 -89
package/bin/runners/lib/doctor/autofix.js +254 -254
package/bin/runners/lib/doctor/index.js +37 -37
package/bin/runners/lib/doctor/modules/dependencies.js +325 -325
package/bin/runners/lib/doctor/modules/index.js +46 -46
package/bin/runners/lib/doctor/modules/network.js +250 -250
package/bin/runners/lib/doctor/modules/project.js +312 -312
package/bin/runners/lib/doctor/modules/runtime.js +224 -224
package/bin/runners/lib/doctor/modules/security.js +348 -348
package/bin/runners/lib/doctor/modules/system.js +213 -213
package/bin/runners/lib/doctor/modules/vibecheck.js +394 -394
package/bin/runners/lib/doctor/reporter.js +262 -262
package/bin/runners/lib/doctor/service.js +262 -262
package/bin/runners/lib/doctor/types.js +113 -113
package/bin/runners/lib/doctor/ui.js +263 -263
package/bin/runners/lib/doctor-v2.js +608 -608
package/bin/runners/lib/drift.js +425 -425
package/bin/runners/lib/enforcement.js +72 -72
package/bin/runners/lib/engines/accessibility-engine.js +190 -0
package/bin/runners/lib/engines/api-consistency-engine.js +162 -0
package/bin/runners/lib/engines/ast-cache.js +99 -0
package/bin/runners/lib/engines/code-quality-engine.js +255 -0
package/bin/runners/lib/engines/console-logs-engine.js +115 -0
package/bin/runners/lib/engines/cross-file-analysis-engine.js +268 -0
package/bin/runners/lib/engines/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/deprecated-api-engine.js +226 -0
package/bin/runners/lib/engines/empty-catch-engine.js +150 -0
package/bin/runners/lib/engines/file-filter.js +131 -0
package/bin/runners/lib/engines/hardcoded-secrets-engine.js +251 -0
package/bin/runners/lib/engines/mock-data-engine.js +272 -0
package/bin/runners/lib/engines/parallel-processor.js +71 -0
package/bin/runners/lib/engines/performance-issues-engine.js +265 -0
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +243 -0
package/bin/runners/lib/engines/todo-fixme-engine.js +115 -0
package/bin/runners/lib/engines/type-aware-engine.js +152 -0
package/bin/runners/lib/engines/unsafe-regex-engine.js +225 -0
package/bin/runners/lib/engines/vibecheck-engines/README.md +53 -0
package/bin/runners/lib/engines/vibecheck-engines/index.js +15 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +291 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +83 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +275 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +167 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +139 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +140 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +234 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +78 -0
package/bin/runners/lib/engines/vibecheck-engines/package.json +13 -0
package/bin/runners/lib/enterprise-detect.js +603 -603
package/bin/runners/lib/enterprise-init.js +942 -942
package/bin/runners/lib/env-resolver.js +417 -417
package/bin/runners/lib/env-template.js +66 -66
package/bin/runners/lib/env.js +189 -189
package/bin/runners/lib/extractors/client-calls.js +990 -990
package/bin/runners/lib/extractors/fastify-route-dump.js +573 -573
package/bin/runners/lib/extractors/fastify-routes.js +426 -426
package/bin/runners/lib/extractors/index.js +363 -363
package/bin/runners/lib/extractors/next-routes.js +524 -524
package/bin/runners/lib/extractors/proof-graph.js +431 -431
package/bin/runners/lib/extractors/route-matcher.js +451 -451
package/bin/runners/lib/extractors/truthpack-v2.js +377 -377
package/bin/runners/lib/extractors/ui-bindings.js +547 -547
package/bin/runners/lib/findings-schema.js +281 -281
package/bin/runners/lib/firewall-prompt.js +50 -50
package/bin/runners/lib/global-flags.js +213 -213
package/bin/runners/lib/graph/graph-builder.js +265 -265
package/bin/runners/lib/graph/html-renderer.js +413 -413
package/bin/runners/lib/graph/index.js +32 -32
package/bin/runners/lib/graph/runtime-collector.js +215 -215
package/bin/runners/lib/graph/static-extractor.js +518 -518
package/bin/runners/lib/html-report.js +650 -650
package/bin/runners/lib/interactive-menu.js +1496 -1496
package/bin/runners/lib/llm.js +75 -75
package/bin/runners/lib/meter.js +61 -61
package/bin/runners/lib/missions/evidence.js +126 -126
package/bin/runners/lib/patch.js +40 -40
package/bin/runners/lib/permissions/auth-model.js +213 -213
package/bin/runners/lib/permissions/idor-prover.js +205 -205
package/bin/runners/lib/permissions/index.js +45 -45
package/bin/runners/lib/permissions/matrix-builder.js +198 -198
package/bin/runners/lib/pkgjson.js +28 -28
package/bin/runners/lib/policy.js +295 -295
package/bin/runners/lib/preflight.js +142 -142
package/bin/runners/lib/reality/correlation-detectors.js +359 -359
package/bin/runners/lib/reality/index.js +318 -318
package/bin/runners/lib/reality/request-hashing.js +416 -416
package/bin/runners/lib/reality/request-mapper.js +453 -453
package/bin/runners/lib/reality/safety-rails.js +463 -463
package/bin/runners/lib/reality/semantic-snapshot.js +408 -408
package/bin/runners/lib/reality/toast-detector.js +393 -393
package/bin/runners/lib/reality-findings.js +84 -84
package/bin/runners/lib/receipts.js +179 -179
package/bin/runners/lib/redact.js +29 -29
package/bin/runners/lib/replay/capsule-manager.js +154 -154
package/bin/runners/lib/replay/index.js +263 -263
package/bin/runners/lib/replay/player.js +348 -348
package/bin/runners/lib/replay/recorder.js +331 -331
package/bin/runners/lib/report-output.js +187 -187
package/bin/runners/lib/report.js +135 -135
package/bin/runners/lib/route-detection.js +1140 -1140
package/bin/runners/lib/sandbox/index.js +59 -59
package/bin/runners/lib/sandbox/proof-chain.js +399 -399
package/bin/runners/lib/sandbox/sandbox-runner.js +205 -205
package/bin/runners/lib/sandbox/worktree.js +174 -174
package/bin/runners/lib/scan-output.js +525 -190
package/bin/runners/lib/schema-validator.js +350 -350
package/bin/runners/lib/schemas/contracts.schema.json +160 -160
package/bin/runners/lib/schemas/finding.schema.json +100 -100
package/bin/runners/lib/schemas/mission-pack.schema.json +206 -206
package/bin/runners/lib/schemas/proof-graph.schema.json +176 -176
package/bin/runners/lib/schemas/reality-report.schema.json +162 -162
package/bin/runners/lib/schemas/share-pack.schema.json +180 -180
package/bin/runners/lib/schemas/ship-report.schema.json +117 -117
package/bin/runners/lib/schemas/truthpack-v2.schema.json +303 -303
package/bin/runners/lib/schemas/validator.js +438 -438
package/bin/runners/lib/score-history.js +282 -282
package/bin/runners/lib/share-pack.js +239 -239
package/bin/runners/lib/snippets.js +67 -67
package/bin/runners/lib/status-output.js +253 -253
package/bin/runners/lib/terminal-ui.js +351 -271
package/bin/runners/lib/upsell.js +510 -510
package/bin/runners/lib/usage.js +153 -153
package/bin/runners/lib/validate-patch.js +156 -156
package/bin/runners/lib/verdict-engine.js +628 -628
package/bin/runners/reality/engine.js +917 -917
package/bin/runners/reality/flows.js +122 -122
package/bin/runners/reality/report.js +378 -378
package/bin/runners/reality/session.js +193 -193
package/bin/runners/runGuard.js +168 -168
package/bin/runners/runProof.zip +0 -0
package/bin/runners/runProve.js +8 -0
package/bin/runners/runReality.js +14 -0
package/bin/runners/runScan.js +17 -1
package/bin/runners/runTruth.js +15 -3
package/mcp-server/tier-auth.js +4 -4
package/mcp-server/tools/index.js +72 -72
package/package.json +1 -1

package/bin/runners/lib/enterprise-detect.js CHANGED Viewed

@@ -1,603 +1,603 @@
-// bin/runners/lib/enterprise-detect.js
-// Enterprise-grade project detection: frameworks, databases, cloud, CI/CD, security tools
-const fs = require("fs");
-const path = require("path");
-function fileExists(root, rel) {
-  return fs.existsSync(path.join(root, rel));
-}
-function readJsonSafe(filePath) {
-  try {
-    return JSON.parse(fs.readFileSync(filePath, "utf8"));
-  } catch {
-    return null;
-  }
-}
-function readFileSafe(filePath) {
-  try {
-    return fs.readFileSync(filePath, "utf8");
-  } catch {
-    return "";
-  }
-}
-// ============================================================================
-// FRAMEWORK DETECTION
-// ============================================================================
-const FRAMEWORKS = {
-  nextjs: {
-    name: "Next.js",
-    icon: "▲",
-    category: "frontend",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!(deps.next || fileExists(root, "next.config.js") ||
-                fileExists(root, "next.config.mjs") || fileExists(root, "next.config.ts"));
-    },
-    checks: ["routes", "auth", "api", "security", "ssr"],
-    invariants: ["INV_NO_FAKE_SUCCESS", "INV_NO_ROUTE_INVENTION", "INV_NO_GHOST_AUTH"],
-  },
-  remix: {
-    name: "Remix",
-    icon: "💿",
-    category: "frontend",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps["@remix-run/node"] || !!deps["@remix-run/react"];
-    },
-    checks: ["routes", "auth", "api", "security", "loaders"],
-    invariants: ["INV_NO_FAKE_SUCCESS", "INV_NO_ROUTE_INVENTION"],
-  },
-  nuxt: {
-    name: "Nuxt",
-    icon: "💚",
-    category: "frontend",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps.nuxt || fileExists(root, "nuxt.config.ts") || fileExists(root, "nuxt.config.js");
-    },
-    checks: ["routes", "auth", "api", "security"],
-    invariants: ["INV_NO_FAKE_SUCCESS", "INV_NO_ROUTE_INVENTION"],
-  },
-  sveltekit: {
-    name: "SvelteKit",
-    icon: "🔥",
-    category: "frontend",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps["@sveltejs/kit"] || fileExists(root, "svelte.config.js");
-    },
-    checks: ["routes", "auth", "api", "security"],
-    invariants: ["INV_NO_FAKE_SUCCESS", "INV_NO_ROUTE_INVENTION"],
-  },
-  react: {
-    name: "React",
-    icon: "⚛️",
-    category: "frontend",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps.react && !FRAMEWORKS.nextjs.detect(root, pkg) && !FRAMEWORKS.remix.detect(root, pkg);
-    },
-    checks: ["components", "api", "security"],
-    invariants: ["INV_NO_FAKE_SUCCESS"],
-  },
-  vue: {
-    name: "Vue",
-    icon: "💚",
-    category: "frontend",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps.vue && !FRAMEWORKS.nuxt.detect(root, pkg);
-    },
-    checks: ["components", "api", "security"],
-    invariants: ["INV_NO_FAKE_SUCCESS"],
-  },
-  fastify: {
-    name: "Fastify",
-    icon: "⚡",
-    category: "backend",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps.fastify;
-    },
-    checks: ["routes", "auth", "api", "security", "webhooks"],
-    invariants: ["INV_NO_FAKE_SUCCESS", "INV_NO_ROUTE_INVENTION", "INV_NO_GHOST_AUTH", "INV_NO_SILENT_CATCH_AUTH"],
-  },
-  express: {
-    name: "Express",
-    icon: "🚂",
-    category: "backend",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps.express;
-    },
-    checks: ["routes", "auth", "api", "security"],
-    invariants: ["INV_NO_FAKE_SUCCESS", "INV_NO_ROUTE_INVENTION", "INV_NO_GHOST_AUTH"],
-  },
-  hono: {
-    name: "Hono",
-    icon: "🔥",
-    category: "backend",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps.hono;
-    },
-    checks: ["routes", "auth", "api", "security"],
-    invariants: ["INV_NO_FAKE_SUCCESS", "INV_NO_ROUTE_INVENTION"],
-  },
-  nestjs: {
-    name: "NestJS",
-    icon: "🐈",
-    category: "backend",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps["@nestjs/core"];
-    },
-    checks: ["routes", "auth", "api", "security", "guards"],
-    invariants: ["INV_NO_FAKE_SUCCESS", "INV_NO_ROUTE_INVENTION", "INV_NO_GHOST_AUTH"],
-  },
-};
-// ============================================================================
-// DATABASE DETECTION
-// ============================================================================
-const DATABASES = {
-  prisma: {
-    name: "Prisma",
-    icon: "◮",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps["@prisma/client"] || fileExists(root, "prisma/schema.prisma");
-    },
-    checks: ["migrations", "models"],
-  },
-  drizzle: {
-    name: "Drizzle",
-    icon: "💧",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps["drizzle-orm"] || fileExists(root, "drizzle.config.ts");
-    },
-    checks: ["migrations", "schema"],
-  },
-  mongoose: {
-    name: "Mongoose",
-    icon: "🍃",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps.mongoose;
-    },
-    checks: ["models", "connections"],
-  },
-  supabase: {
-    name: "Supabase",
-    icon: "⚡",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps["@supabase/supabase-js"];
-    },
-    checks: ["rls", "auth", "realtime"],
-  },
-  firebase: {
-    name: "Firebase",
-    icon: "🔥",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps.firebase || !!deps["firebase-admin"];
-    },
-    checks: ["rules", "auth", "functions"],
-  },
-  redis: {
-    name: "Redis",
-    icon: "🔴",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps.redis || !!deps.ioredis || !!deps["@upstash/redis"];
-    },
-    checks: ["connections", "caching"],
-  },
-};
-// ============================================================================
-// AUTH PROVIDER DETECTION
-// ============================================================================
-const AUTH_PROVIDERS = {
-  nextauth: {
-    name: "NextAuth.js",
-    icon: "🔐",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps["next-auth"] || !!deps["@auth/core"];
-    },
-    checks: ["session", "providers", "callbacks"],
-  },
-  clerk: {
-    name: "Clerk",
-    icon: "🔑",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps["@clerk/nextjs"] || !!deps["@clerk/clerk-sdk-node"];
-    },
-    checks: ["middleware", "organizations"],
-  },
-  auth0: {
-    name: "Auth0",
-    icon: "🔒",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps["@auth0/nextjs-auth0"] || !!deps["auth0"];
-    },
-    checks: ["rules", "actions", "rbac"],
-  },
-  lucia: {
-    name: "Lucia",
-    icon: "🔐",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps.lucia;
-    },
-    checks: ["sessions", "adapters"],
-  },
-  passport: {
-    name: "Passport.js",
-    icon: "🛂",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps.passport;
-    },
-    checks: ["strategies", "serialization"],
-  },
-};
-// ============================================================================
-// PAYMENT PROVIDER DETECTION
-// ============================================================================
-const PAYMENT_PROVIDERS = {
-  stripe: {
-    name: "Stripe",
-    icon: "💳",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps.stripe || !!deps["@stripe/stripe-js"];
-    },
-    checks: ["webhooks", "idempotency", "signature"],
-    invariants: ["INV_NO_BYPASS_ENTITLEMENTS", "INV_STRIPE_WEBHOOK_VERIFIED", "INV_STRIPE_IDEMPOTENT"],
-  },
-  lemonSqueezy: {
-    name: "Lemon Squeezy",
-    icon: "🍋",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps["@lemonsqueezy/lemonsqueezy.js"];
-    },
-    checks: ["webhooks", "subscriptions"],
-  },
-  paddle: {
-    name: "Paddle",
-    icon: "🏓",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps["@paddle/paddle-js"];
-    },
-    checks: ["webhooks", "subscriptions"],
-  },
-};
-// ============================================================================
-// CI/CD DETECTION
-// ============================================================================
-const CI_PROVIDERS = {
-  githubActions: {
-    name: "GitHub Actions",
-    icon: "🐙",
-    detect: (root) => fileExists(root, ".github/workflows") &&
-      fs.readdirSync(path.join(root, ".github/workflows")).some(f => f.endsWith(".yml") || f.endsWith(".yaml")),
-    configPath: ".github/workflows/vibecheck.yml",
-  },
-  gitlabCI: {
-    name: "GitLab CI",
-    icon: "🦊",
-    detect: (root) => fileExists(root, ".gitlab-ci.yml"),
-    configPath: ".gitlab-ci.yml",
-  },
-  circleci: {
-    name: "CircleCI",
-    icon: "⭕",
-    detect: (root) => fileExists(root, ".circleci/config.yml"),
-    configPath: ".circleci/config.yml",
-  },
-  jenkins: {
-    name: "Jenkins",
-    icon: "🎩",
-    detect: (root) => fileExists(root, "Jenkinsfile"),
-    configPath: "Jenkinsfile",
-  },
-};
-// ============================================================================
-// DEPLOYMENT PLATFORM DETECTION
-// ============================================================================
-const DEPLOY_PLATFORMS = {
-  vercel: {
-    name: "Vercel",
-    icon: "▲",
-    detect: (root) => fileExists(root, "vercel.json") || fileExists(root, ".vercel"),
-    configPath: "vercel.json",
-  },
-  netlify: {
-    name: "Netlify",
-    icon: "◆",
-    detect: (root) => fileExists(root, "netlify.toml"),
-    configPath: "netlify.toml",
-  },
-  railway: {
-    name: "Railway",
-    icon: "🚂",
-    detect: (root) => fileExists(root, "railway.toml") || fileExists(root, "railway.json"),
-    configPath: "railway.toml",
-  },
-  render: {
-    name: "Render",
-    icon: "🎨",
-    detect: (root) => fileExists(root, "render.yaml"),
-    configPath: "render.yaml",
-  },
-  fly: {
-    name: "Fly.io",
-    icon: "🪁",
-    detect: (root) => fileExists(root, "fly.toml"),
-    configPath: "fly.toml",
-  },
-  docker: {
-    name: "Docker",
-    icon: "🐳",
-    detect: (root) => fileExists(root, "Dockerfile") || fileExists(root, "docker-compose.yml"),
-    configPath: "Dockerfile",
-  },
-  kubernetes: {
-    name: "Kubernetes",
-    icon: "☸️",
-    detect: (root) => fileExists(root, "k8s") || fileExists(root, "kubernetes") ||
-      fileExists(root, "charts") || fileExists(root, "helm"),
-    configPath: "k8s/",
-  },
-};
-// ============================================================================
-// TESTING FRAMEWORK DETECTION
-// ============================================================================
-const TEST_FRAMEWORKS = {
-  jest: {
-    name: "Jest",
-    icon: "🃏",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps.jest || fileExists(root, "jest.config.js") || fileExists(root, "jest.config.ts");
-    },
-  },
-  vitest: {
-    name: "Vitest",
-    icon: "⚡",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps.vitest || fileExists(root, "vitest.config.ts");
-    },
-  },
-  playwright: {
-    name: "Playwright",
-    icon: "🎭",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps["@playwright/test"] || fileExists(root, "playwright.config.ts");
-    },
-  },
-  cypress: {
-    name: "Cypress",
-    icon: "🌲",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps.cypress || fileExists(root, "cypress.config.ts") || fileExists(root, "cypress.config.js");
-    },
-  },
-};
-// ============================================================================
-// SECURITY TOOLS DETECTION
-// ============================================================================
-const SECURITY_TOOLS = {
-  eslintSecurity: {
-    name: "ESLint Security",
-    icon: "🔒",
-    detect: (root, pkg) => {
-      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
-      return !!deps["eslint-plugin-security"];
-    },
-  },
-  snyk: {
-    name: "Snyk",
-    icon: "🐕",
-    detect: (root) => fileExists(root, ".snyk"),
-  },
-  dependabot: {
-    name: "Dependabot",
-    icon: "🤖",
-    detect: (root) => fileExists(root, ".github/dependabot.yml"),
-  },
-  codeql: {
-    name: "CodeQL",
-    icon: "🔬",
-    detect: (root) => {
-      const workflowDir = path.join(root, ".github/workflows");
-      if (!fs.existsSync(workflowDir)) return false;
-      const files = fs.readdirSync(workflowDir);
-      return files.some(f => {
-        const content = readFileSafe(path.join(workflowDir, f));
-        return content.includes("codeql") || content.includes("CodeQL");
-      });
-    },
-  },
-};
-// ============================================================================
-// COMPREHENSIVE DETECTION
-// ============================================================================
-function detectAll(root) {
-  const pkgPath = path.join(root, "package.json");
-  const pkg = readJsonSafe(pkgPath);
-  if (!pkg) {
-    return { error: "No package.json found", pkg: null };
-  }
-  const result = {
-    pkg,
-    packageManager: detectPackageManager(root),
-    monorepo: detectMonorepo(root, pkg),
-    frameworks: {},
-    databases: {},
-    auth: {},
-    payments: {},
-    ci: {},
-    deploy: {},
-    testing: {},
-    security: {},
-  };
-  // Detect all categories
-  for (const [key, fw] of Object.entries(FRAMEWORKS)) {
-    if (fw.detect(root, pkg)) {
-      result.frameworks[key] = { ...fw, detected: true };
-    }
-  }
-  for (const [key, db] of Object.entries(DATABASES)) {
-    if (db.detect(root, pkg)) {
-      result.databases[key] = { ...db, detected: true };
-    }
-  }
-  for (const [key, auth] of Object.entries(AUTH_PROVIDERS)) {
-    if (auth.detect(root, pkg)) {
-      result.auth[key] = { ...auth, detected: true };
-    }
-  }
-  for (const [key, pay] of Object.entries(PAYMENT_PROVIDERS)) {
-    if (pay.detect(root, pkg)) {
-      result.payments[key] = { ...pay, detected: true };
-    }
-  }
-  for (const [key, ci] of Object.entries(CI_PROVIDERS)) {
-    if (ci.detect(root)) {
-      result.ci[key] = { ...ci, detected: true };
-    }
-  }
-  for (const [key, dp] of Object.entries(DEPLOY_PLATFORMS)) {
-    if (dp.detect(root)) {
-      result.deploy[key] = { ...dp, detected: true };
-    }
-  }
-  for (const [key, tf] of Object.entries(TEST_FRAMEWORKS)) {
-    if (tf.detect(root, pkg)) {
-      result.testing[key] = { ...tf, detected: true };
-    }
-  }
-  for (const [key, st] of Object.entries(SECURITY_TOOLS)) {
-    if (st.detect(root, pkg)) {
-      result.security[key] = { ...st, detected: true };
-    }
-  }
-  // Aggregate invariants from detected frameworks and payments
-  result.invariants = aggregateInvariants(result);
-  // Aggregate checks
-  result.checks = aggregateChecks(result);
-  return result;
-}
-function detectPackageManager(root) {
-  if (fileExists(root, "pnpm-lock.yaml")) return "pnpm";
-  if (fileExists(root, "yarn.lock")) return "yarn";
-  if (fileExists(root, "bun.lockb")) return "bun";
-  if (fileExists(root, "package-lock.json")) return "npm";
-  return "npm";
-}
-function detectMonorepo(root, pkg) {
-  const indicators = {
-    pnpmWorkspaces: fileExists(root, "pnpm-workspace.yaml"),
-    lernaConfig: fileExists(root, "lerna.json"),
-    nxConfig: fileExists(root, "nx.json"),
-    turborepo: fileExists(root, "turbo.json"),
-    workspaces: Array.isArray(pkg?.workspaces) || typeof pkg?.workspaces === "object",
-  };
-  const isMonorepo = Object.values(indicators).some(Boolean);
-  return { isMonorepo, indicators };
-}
-function aggregateInvariants(detection) {
-  const invariants = new Set();
-  // From frameworks
-  for (const fw of Object.values(detection.frameworks)) {
-    if (fw.invariants) {
-      fw.invariants.forEach(inv => invariants.add(inv));
-    }
-  }
-  // From payments
-  for (const pay of Object.values(detection.payments)) {
-    if (pay.invariants) {
-      pay.invariants.forEach(inv => invariants.add(inv));
-    }
-  }
-  // Always include base invariants
-  invariants.add("INV_NO_HARDCODED_SECRETS");
-  return Array.from(invariants).sort();
-}
-function aggregateChecks(detection) {
-  const checks = new Set(["security", "quality"]);
-  for (const fw of Object.values(detection.frameworks)) {
-    if (fw.checks) {
-      fw.checks.forEach(c => checks.add(c));
-    }
-  }
-  for (const db of Object.values(detection.databases)) {
-    if (db.checks) {
-      db.checks.forEach(c => checks.add(c));
-    }
-  }
-  return Array.from(checks).sort();
-}
-// ============================================================================
-// EXPORTS
-// ============================================================================
-module.exports = {
-  detectAll,
-  detectPackageManager,
-  detectMonorepo,
-  FRAMEWORKS,
-  DATABASES,
-  AUTH_PROVIDERS,
-  PAYMENT_PROVIDERS,
-  CI_PROVIDERS,
-  DEPLOY_PLATFORMS,
-  TEST_FRAMEWORKS,
-  SECURITY_TOOLS,
-};
+// bin/runners/lib/enterprise-detect.js
+// Enterprise-grade project detection: frameworks, databases, cloud, CI/CD, security tools
+const fs = require("fs");
+const path = require("path");
+function fileExists(root, rel) {
+  return fs.existsSync(path.join(root, rel));
+}
+function readJsonSafe(filePath) {
+  try {
+    return JSON.parse(fs.readFileSync(filePath, "utf8"));
+  } catch {
+    return null;
+  }
+}
+function readFileSafe(filePath) {
+  try {
+    return fs.readFileSync(filePath, "utf8");
+  } catch {
+    return "";
+  }
+}
+// ============================================================================
+// FRAMEWORK DETECTION
+// ============================================================================
+const FRAMEWORKS = {
+  nextjs: {
+    name: "Next.js",
+    icon: "▲",
+    category: "frontend",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!(deps.next || fileExists(root, "next.config.js") ||
+                fileExists(root, "next.config.mjs") || fileExists(root, "next.config.ts"));
+    },
+    checks: ["routes", "auth", "api", "security", "ssr"],
+    invariants: ["INV_NO_FAKE_SUCCESS", "INV_NO_ROUTE_INVENTION", "INV_NO_GHOST_AUTH"],
+  },
+  remix: {
+    name: "Remix",
+    icon: "💿",
+    category: "frontend",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps["@remix-run/node"] || !!deps["@remix-run/react"];
+    },
+    checks: ["routes", "auth", "api", "security", "loaders"],
+    invariants: ["INV_NO_FAKE_SUCCESS", "INV_NO_ROUTE_INVENTION"],
+  },
+  nuxt: {
+    name: "Nuxt",
+    icon: "💚",
+    category: "frontend",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps.nuxt || fileExists(root, "nuxt.config.ts") || fileExists(root, "nuxt.config.js");
+    },
+    checks: ["routes", "auth", "api", "security"],
+    invariants: ["INV_NO_FAKE_SUCCESS", "INV_NO_ROUTE_INVENTION"],
+  },
+  sveltekit: {
+    name: "SvelteKit",
+    icon: "🔥",
+    category: "frontend",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps["@sveltejs/kit"] || fileExists(root, "svelte.config.js");
+    },
+    checks: ["routes", "auth", "api", "security"],
+    invariants: ["INV_NO_FAKE_SUCCESS", "INV_NO_ROUTE_INVENTION"],
+  },
+  react: {
+    name: "React",
+    icon: "⚛️",
+    category: "frontend",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps.react && !FRAMEWORKS.nextjs.detect(root, pkg) && !FRAMEWORKS.remix.detect(root, pkg);
+    },
+    checks: ["components", "api", "security"],
+    invariants: ["INV_NO_FAKE_SUCCESS"],
+  },
+  vue: {
+    name: "Vue",
+    icon: "💚",
+    category: "frontend",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps.vue && !FRAMEWORKS.nuxt.detect(root, pkg);
+    },
+    checks: ["components", "api", "security"],
+    invariants: ["INV_NO_FAKE_SUCCESS"],
+  },
+  fastify: {
+    name: "Fastify",
+    icon: "⚡",
+    category: "backend",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps.fastify;
+    },
+    checks: ["routes", "auth", "api", "security", "webhooks"],
+    invariants: ["INV_NO_FAKE_SUCCESS", "INV_NO_ROUTE_INVENTION", "INV_NO_GHOST_AUTH", "INV_NO_SILENT_CATCH_AUTH"],
+  },
+  express: {
+    name: "Express",
+    icon: "🚂",
+    category: "backend",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps.express;
+    },
+    checks: ["routes", "auth", "api", "security"],
+    invariants: ["INV_NO_FAKE_SUCCESS", "INV_NO_ROUTE_INVENTION", "INV_NO_GHOST_AUTH"],
+  },
+  hono: {
+    name: "Hono",
+    icon: "🔥",
+    category: "backend",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps.hono;
+    },
+    checks: ["routes", "auth", "api", "security"],
+    invariants: ["INV_NO_FAKE_SUCCESS", "INV_NO_ROUTE_INVENTION"],
+  },
+  nestjs: {
+    name: "NestJS",
+    icon: "🐈",
+    category: "backend",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps["@nestjs/core"];
+    },
+    checks: ["routes", "auth", "api", "security", "guards"],
+    invariants: ["INV_NO_FAKE_SUCCESS", "INV_NO_ROUTE_INVENTION", "INV_NO_GHOST_AUTH"],
+  },
+};
+// ============================================================================
+// DATABASE DETECTION
+// ============================================================================
+const DATABASES = {
+  prisma: {
+    name: "Prisma",
+    icon: "◮",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps["@prisma/client"] || fileExists(root, "prisma/schema.prisma");
+    },
+    checks: ["migrations", "models"],
+  },
+  drizzle: {
+    name: "Drizzle",
+    icon: "💧",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps["drizzle-orm"] || fileExists(root, "drizzle.config.ts");
+    },
+    checks: ["migrations", "schema"],
+  },
+  mongoose: {
+    name: "Mongoose",
+    icon: "🍃",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps.mongoose;
+    },
+    checks: ["models", "connections"],
+  },
+  supabase: {
+    name: "Supabase",
+    icon: "⚡",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps["@supabase/supabase-js"];
+    },
+    checks: ["rls", "auth", "realtime"],
+  },
+  firebase: {
+    name: "Firebase",
+    icon: "🔥",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps.firebase || !!deps["firebase-admin"];
+    },
+    checks: ["rules", "auth", "functions"],
+  },
+  redis: {
+    name: "Redis",
+    icon: "🔴",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps.redis || !!deps.ioredis || !!deps["@upstash/redis"];
+    },
+    checks: ["connections", "caching"],
+  },
+};
+// ============================================================================
+// AUTH PROVIDER DETECTION
+// ============================================================================
+const AUTH_PROVIDERS = {
+  nextauth: {
+    name: "NextAuth.js",
+    icon: "🔐",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps["next-auth"] || !!deps["@auth/core"];
+    },
+    checks: ["session", "providers", "callbacks"],
+  },
+  clerk: {
+    name: "Clerk",
+    icon: "🔑",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps["@clerk/nextjs"] || !!deps["@clerk/clerk-sdk-node"];
+    },
+    checks: ["middleware", "organizations"],
+  },
+  auth0: {
+    name: "Auth0",
+    icon: "🔒",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps["@auth0/nextjs-auth0"] || !!deps["auth0"];
+    },
+    checks: ["rules", "actions", "rbac"],
+  },
+  lucia: {
+    name: "Lucia",
+    icon: "🔐",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps.lucia;
+    },
+    checks: ["sessions", "adapters"],
+  },
+  passport: {
+    name: "Passport.js",
+    icon: "🛂",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps.passport;
+    },
+    checks: ["strategies", "serialization"],
+  },
+};
+// ============================================================================
+// PAYMENT PROVIDER DETECTION
+// ============================================================================
+const PAYMENT_PROVIDERS = {
+  stripe: {
+    name: "Stripe",
+    icon: "💳",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps.stripe || !!deps["@stripe/stripe-js"];
+    },
+    checks: ["webhooks", "idempotency", "signature"],
+    invariants: ["INV_NO_BYPASS_ENTITLEMENTS", "INV_STRIPE_WEBHOOK_VERIFIED", "INV_STRIPE_IDEMPOTENT"],
+  },
+  lemonSqueezy: {
+    name: "Lemon Squeezy",
+    icon: "🍋",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps["@lemonsqueezy/lemonsqueezy.js"];
+    },
+    checks: ["webhooks", "subscriptions"],
+  },
+  paddle: {
+    name: "Paddle",
+    icon: "🏓",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps["@paddle/paddle-js"];
+    },
+    checks: ["webhooks", "subscriptions"],
+  },
+};
+// ============================================================================
+// CI/CD DETECTION
+// ============================================================================
+const CI_PROVIDERS = {
+  githubActions: {
+    name: "GitHub Actions",
+    icon: "🐙",
+    detect: (root) => fileExists(root, ".github/workflows") &&
+      fs.readdirSync(path.join(root, ".github/workflows")).some(f => f.endsWith(".yml") || f.endsWith(".yaml")),
+    configPath: ".github/workflows/vibecheck.yml",
+  },
+  gitlabCI: {
+    name: "GitLab CI",
+    icon: "🦊",
+    detect: (root) => fileExists(root, ".gitlab-ci.yml"),
+    configPath: ".gitlab-ci.yml",
+  },
+  circleci: {
+    name: "CircleCI",
+    icon: "⭕",
+    detect: (root) => fileExists(root, ".circleci/config.yml"),
+    configPath: ".circleci/config.yml",
+  },
+  jenkins: {
+    name: "Jenkins",
+    icon: "🎩",
+    detect: (root) => fileExists(root, "Jenkinsfile"),
+    configPath: "Jenkinsfile",
+  },
+};
+// ============================================================================
+// DEPLOYMENT PLATFORM DETECTION
+// ============================================================================
+const DEPLOY_PLATFORMS = {
+  vercel: {
+    name: "Vercel",
+    icon: "▲",
+    detect: (root) => fileExists(root, "vercel.json") || fileExists(root, ".vercel"),
+    configPath: "vercel.json",
+  },
+  netlify: {
+    name: "Netlify",
+    icon: "◆",
+    detect: (root) => fileExists(root, "netlify.toml"),
+    configPath: "netlify.toml",
+  },
+  railway: {
+    name: "Railway",
+    icon: "🚂",
+    detect: (root) => fileExists(root, "railway.toml") || fileExists(root, "railway.json"),
+    configPath: "railway.toml",
+  },
+  render: {
+    name: "Render",
+    icon: "🎨",
+    detect: (root) => fileExists(root, "render.yaml"),
+    configPath: "render.yaml",
+  },
+  fly: {
+    name: "Fly.io",
+    icon: "🪁",
+    detect: (root) => fileExists(root, "fly.toml"),
+    configPath: "fly.toml",
+  },
+  docker: {
+    name: "Docker",
+    icon: "🐳",
+    detect: (root) => fileExists(root, "Dockerfile") || fileExists(root, "docker-compose.yml"),
+    configPath: "Dockerfile",
+  },
+  kubernetes: {
+    name: "Kubernetes",
+    icon: "☸️",
+    detect: (root) => fileExists(root, "k8s") || fileExists(root, "kubernetes") ||
+      fileExists(root, "charts") || fileExists(root, "helm"),
+    configPath: "k8s/",
+  },
+};
+// ============================================================================
+// TESTING FRAMEWORK DETECTION
+// ============================================================================
+const TEST_FRAMEWORKS = {
+  jest: {
+    name: "Jest",
+    icon: "🃏",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps.jest || fileExists(root, "jest.config.js") || fileExists(root, "jest.config.ts");
+    },
+  },
+  vitest: {
+    name: "Vitest",
+    icon: "⚡",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps.vitest || fileExists(root, "vitest.config.ts");
+    },
+  },
+  playwright: {
+    name: "Playwright",
+    icon: "🎭",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps["@playwright/test"] || fileExists(root, "playwright.config.ts");
+    },
+  },
+  cypress: {
+    name: "Cypress",
+    icon: "🌲",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps.cypress || fileExists(root, "cypress.config.ts") || fileExists(root, "cypress.config.js");
+    },
+  },
+};
+// ============================================================================
+// SECURITY TOOLS DETECTION
+// ============================================================================
+const SECURITY_TOOLS = {
+  eslintSecurity: {
+    name: "ESLint Security",
+    icon: "🔒",
+    detect: (root, pkg) => {
+      const deps = { ...(pkg?.dependencies || {}), ...(pkg?.devDependencies || {}) };
+      return !!deps["eslint-plugin-security"];
+    },
+  },
+  snyk: {
+    name: "Snyk",
+    icon: "🐕",
+    detect: (root) => fileExists(root, ".snyk"),
+  },
+  dependabot: {
+    name: "Dependabot",
+    icon: "🤖",
+    detect: (root) => fileExists(root, ".github/dependabot.yml"),
+  },
+  codeql: {
+    name: "CodeQL",
+    icon: "🔬",
+    detect: (root) => {
+      const workflowDir = path.join(root, ".github/workflows");
+      if (!fs.existsSync(workflowDir)) return false;
+      const files = fs.readdirSync(workflowDir);
+      return files.some(f => {
+        const content = readFileSafe(path.join(workflowDir, f));
+        return content.includes("codeql") || content.includes("CodeQL");
+      });
+    },
+  },
+};
+// ============================================================================
+// COMPREHENSIVE DETECTION
+// ============================================================================
+function detectAll(root) {
+  const pkgPath = path.join(root, "package.json");
+  const pkg = readJsonSafe(pkgPath);
+  if (!pkg) {
+    return { error: "No package.json found", pkg: null };
+  }
+  const result = {
+    pkg,
+    packageManager: detectPackageManager(root),
+    monorepo: detectMonorepo(root, pkg),
+    frameworks: {},
+    databases: {},
+    auth: {},
+    payments: {},
+    ci: {},
+    deploy: {},
+    testing: {},
+    security: {},
+  };
+  // Detect all categories
+  for (const [key, fw] of Object.entries(FRAMEWORKS)) {
+    if (fw.detect(root, pkg)) {
+      result.frameworks[key] = { ...fw, detected: true };
+    }
+  }
+  for (const [key, db] of Object.entries(DATABASES)) {
+    if (db.detect(root, pkg)) {
+      result.databases[key] = { ...db, detected: true };
+    }
+  }
+  for (const [key, auth] of Object.entries(AUTH_PROVIDERS)) {
+    if (auth.detect(root, pkg)) {
+      result.auth[key] = { ...auth, detected: true };
+    }
+  }
+  for (const [key, pay] of Object.entries(PAYMENT_PROVIDERS)) {
+    if (pay.detect(root, pkg)) {
+      result.payments[key] = { ...pay, detected: true };
+    }
+  }
+  for (const [key, ci] of Object.entries(CI_PROVIDERS)) {
+    if (ci.detect(root)) {
+      result.ci[key] = { ...ci, detected: true };
+    }
+  }
+  for (const [key, dp] of Object.entries(DEPLOY_PLATFORMS)) {
+    if (dp.detect(root)) {
+      result.deploy[key] = { ...dp, detected: true };
+    }
+  }
+  for (const [key, tf] of Object.entries(TEST_FRAMEWORKS)) {
+    if (tf.detect(root, pkg)) {
+      result.testing[key] = { ...tf, detected: true };
+    }
+  }
+  for (const [key, st] of Object.entries(SECURITY_TOOLS)) {
+    if (st.detect(root, pkg)) {
+      result.security[key] = { ...st, detected: true };
+    }
+  }
+  // Aggregate invariants from detected frameworks and payments
+  result.invariants = aggregateInvariants(result);
+  // Aggregate checks
+  result.checks = aggregateChecks(result);
+  return result;
+}
+function detectPackageManager(root) {
+  if (fileExists(root, "pnpm-lock.yaml")) return "pnpm";
+  if (fileExists(root, "yarn.lock")) return "yarn";
+  if (fileExists(root, "bun.lockb")) return "bun";
+  if (fileExists(root, "package-lock.json")) return "npm";
+  return "npm";
+}
+function detectMonorepo(root, pkg) {
+  const indicators = {
+    pnpmWorkspaces: fileExists(root, "pnpm-workspace.yaml"),
+    lernaConfig: fileExists(root, "lerna.json"),
+    nxConfig: fileExists(root, "nx.json"),
+    turborepo: fileExists(root, "turbo.json"),
+    workspaces: Array.isArray(pkg?.workspaces) || typeof pkg?.workspaces === "object",
+  };
+  const isMonorepo = Object.values(indicators).some(Boolean);
+  return { isMonorepo, indicators };
+}
+function aggregateInvariants(detection) {
+  const invariants = new Set();
+  // From frameworks
+  for (const fw of Object.values(detection.frameworks)) {
+    if (fw.invariants) {
+      fw.invariants.forEach(inv => invariants.add(inv));
+    }
+  }
+  // From payments
+  for (const pay of Object.values(detection.payments)) {
+    if (pay.invariants) {
+      pay.invariants.forEach(inv => invariants.add(inv));
+    }
+  }
+  // Always include base invariants
+  invariants.add("INV_NO_HARDCODED_SECRETS");
+  return Array.from(invariants).sort();
+}
+function aggregateChecks(detection) {
+  const checks = new Set(["security", "quality"]);
+  for (const fw of Object.values(detection.frameworks)) {
+    if (fw.checks) {
+      fw.checks.forEach(c => checks.add(c));
+    }
+  }
+  for (const db of Object.values(detection.databases)) {
+    if (db.checks) {
+      db.checks.forEach(c => checks.add(c));
+    }
+  }
+  return Array.from(checks).sort();
+}
+// ============================================================================
+// EXPORTS
+// ============================================================================
+module.exports = {
+  detectAll,
+  detectPackageManager,
+  detectMonorepo,
+  FRAMEWORKS,
+  DATABASES,
+  AUTH_PROVIDERS,
+  PAYMENT_PROVIDERS,
+  CI_PROVIDERS,
+  DEPLOY_PLATFORMS,
+  TEST_FRAMEWORKS,
+  SECURITY_TOOLS,
+};