npm - @vibecheckai/cli - Versions diffs - 3.2.2 → 3.2.4 - Mend

@vibecheckai/cli 3.2.2 → 3.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (170) hide show

package/bin/.generated +25 -25
package/bin/dev/run-v2-torture.js +30 -30
package/bin/runners/ENHANCEMENT_GUIDE.md +121 -121
package/bin/runners/lib/__tests__/entitlements-v2.test.js +295 -295
package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +474 -0
package/bin/runners/lib/agent-firewall/claims/extractor.js +117 -28
package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +23 -14
package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +72 -1
package/bin/runners/lib/agent-firewall/interceptor/base.js +2 -2
package/bin/runners/lib/agent-firewall/policy/default-policy.json +6 -0
package/bin/runners/lib/agent-firewall/policy/engine.js +34 -3
package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +29 -4
package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +12 -0
package/bin/runners/lib/agent-firewall/truthpack/loader.js +21 -0
package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +118 -0
package/bin/runners/lib/analyzers.js +606 -325
package/bin/runners/lib/auth-truth.js +193 -193
package/bin/runners/lib/backup.js +62 -62
package/bin/runners/lib/billing.js +107 -107
package/bin/runners/lib/claims.js +118 -118
package/bin/runners/lib/cli-ui.js +540 -540
package/bin/runners/lib/contracts/auth-contract.js +202 -202
package/bin/runners/lib/contracts/env-contract.js +181 -181
package/bin/runners/lib/contracts/external-contract.js +206 -206
package/bin/runners/lib/contracts/guard.js +168 -168
package/bin/runners/lib/contracts/index.js +89 -89
package/bin/runners/lib/contracts/plan-validator.js +311 -311
package/bin/runners/lib/contracts/route-contract.js +199 -199
package/bin/runners/lib/contracts.js +804 -804
package/bin/runners/lib/detect.js +89 -89
package/bin/runners/lib/doctor/autofix.js +254 -254
package/bin/runners/lib/doctor/index.js +37 -37
package/bin/runners/lib/doctor/modules/dependencies.js +325 -325
package/bin/runners/lib/doctor/modules/index.js +46 -46
package/bin/runners/lib/doctor/modules/network.js +250 -250
package/bin/runners/lib/doctor/modules/project.js +312 -312
package/bin/runners/lib/doctor/modules/runtime.js +224 -224
package/bin/runners/lib/doctor/modules/security.js +348 -348
package/bin/runners/lib/doctor/modules/system.js +213 -213
package/bin/runners/lib/doctor/modules/vibecheck.js +394 -394
package/bin/runners/lib/doctor/reporter.js +262 -262
package/bin/runners/lib/doctor/service.js +262 -262
package/bin/runners/lib/doctor/types.js +113 -113
package/bin/runners/lib/doctor/ui.js +263 -263
package/bin/runners/lib/doctor-v2.js +608 -608
package/bin/runners/lib/drift.js +425 -425
package/bin/runners/lib/enforcement.js +72 -72
package/bin/runners/lib/engines/accessibility-engine.js +190 -0
package/bin/runners/lib/engines/api-consistency-engine.js +162 -0
package/bin/runners/lib/engines/ast-cache.js +99 -0
package/bin/runners/lib/engines/code-quality-engine.js +255 -0
package/bin/runners/lib/engines/console-logs-engine.js +115 -0
package/bin/runners/lib/engines/cross-file-analysis-engine.js +268 -0
package/bin/runners/lib/engines/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/deprecated-api-engine.js +226 -0
package/bin/runners/lib/engines/empty-catch-engine.js +150 -0
package/bin/runners/lib/engines/file-filter.js +131 -0
package/bin/runners/lib/engines/hardcoded-secrets-engine.js +251 -0
package/bin/runners/lib/engines/mock-data-engine.js +272 -0
package/bin/runners/lib/engines/parallel-processor.js +71 -0
package/bin/runners/lib/engines/performance-issues-engine.js +265 -0
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +243 -0
package/bin/runners/lib/engines/todo-fixme-engine.js +115 -0
package/bin/runners/lib/engines/type-aware-engine.js +152 -0
package/bin/runners/lib/engines/unsafe-regex-engine.js +225 -0
package/bin/runners/lib/engines/vibecheck-engines/README.md +53 -0
package/bin/runners/lib/engines/vibecheck-engines/index.js +15 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +291 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +83 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +275 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +167 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +139 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +140 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +234 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +78 -0
package/bin/runners/lib/engines/vibecheck-engines/package.json +13 -0
package/bin/runners/lib/enterprise-detect.js +603 -603
package/bin/runners/lib/enterprise-init.js +942 -942
package/bin/runners/lib/env-resolver.js +417 -417
package/bin/runners/lib/env-template.js +66 -66
package/bin/runners/lib/env.js +189 -189
package/bin/runners/lib/extractors/client-calls.js +990 -990
package/bin/runners/lib/extractors/fastify-route-dump.js +573 -573
package/bin/runners/lib/extractors/fastify-routes.js +426 -426
package/bin/runners/lib/extractors/index.js +363 -363
package/bin/runners/lib/extractors/next-routes.js +524 -524
package/bin/runners/lib/extractors/proof-graph.js +431 -431
package/bin/runners/lib/extractors/route-matcher.js +451 -451
package/bin/runners/lib/extractors/truthpack-v2.js +377 -377
package/bin/runners/lib/extractors/ui-bindings.js +547 -547
package/bin/runners/lib/findings-schema.js +281 -281
package/bin/runners/lib/firewall-prompt.js +50 -50
package/bin/runners/lib/global-flags.js +213 -213
package/bin/runners/lib/graph/graph-builder.js +265 -265
package/bin/runners/lib/graph/html-renderer.js +413 -413
package/bin/runners/lib/graph/index.js +32 -32
package/bin/runners/lib/graph/runtime-collector.js +215 -215
package/bin/runners/lib/graph/static-extractor.js +518 -518
package/bin/runners/lib/html-report.js +650 -650
package/bin/runners/lib/interactive-menu.js +1496 -1496
package/bin/runners/lib/llm.js +75 -75
package/bin/runners/lib/meter.js +61 -61
package/bin/runners/lib/missions/evidence.js +126 -126
package/bin/runners/lib/patch.js +40 -40
package/bin/runners/lib/permissions/auth-model.js +213 -213
package/bin/runners/lib/permissions/idor-prover.js +205 -205
package/bin/runners/lib/permissions/index.js +45 -45
package/bin/runners/lib/permissions/matrix-builder.js +198 -198
package/bin/runners/lib/pkgjson.js +28 -28
package/bin/runners/lib/policy.js +295 -295
package/bin/runners/lib/preflight.js +142 -142
package/bin/runners/lib/reality/correlation-detectors.js +359 -359
package/bin/runners/lib/reality/index.js +318 -318
package/bin/runners/lib/reality/request-hashing.js +416 -416
package/bin/runners/lib/reality/request-mapper.js +453 -453
package/bin/runners/lib/reality/safety-rails.js +463 -463
package/bin/runners/lib/reality/semantic-snapshot.js +408 -408
package/bin/runners/lib/reality/toast-detector.js +393 -393
package/bin/runners/lib/reality-findings.js +84 -84
package/bin/runners/lib/receipts.js +179 -179
package/bin/runners/lib/redact.js +29 -29
package/bin/runners/lib/replay/capsule-manager.js +154 -154
package/bin/runners/lib/replay/index.js +263 -263
package/bin/runners/lib/replay/player.js +348 -348
package/bin/runners/lib/replay/recorder.js +331 -331
package/bin/runners/lib/report-output.js +187 -187
package/bin/runners/lib/report.js +135 -135
package/bin/runners/lib/route-detection.js +1140 -1140
package/bin/runners/lib/sandbox/index.js +59 -59
package/bin/runners/lib/sandbox/proof-chain.js +399 -399
package/bin/runners/lib/sandbox/sandbox-runner.js +205 -205
package/bin/runners/lib/sandbox/worktree.js +174 -174
package/bin/runners/lib/scan-output.js +525 -190
package/bin/runners/lib/schema-validator.js +350 -350
package/bin/runners/lib/schemas/contracts.schema.json +160 -160
package/bin/runners/lib/schemas/finding.schema.json +100 -100
package/bin/runners/lib/schemas/mission-pack.schema.json +206 -206
package/bin/runners/lib/schemas/proof-graph.schema.json +176 -176
package/bin/runners/lib/schemas/reality-report.schema.json +162 -162
package/bin/runners/lib/schemas/share-pack.schema.json +180 -180
package/bin/runners/lib/schemas/ship-report.schema.json +117 -117
package/bin/runners/lib/schemas/truthpack-v2.schema.json +303 -303
package/bin/runners/lib/schemas/validator.js +438 -438
package/bin/runners/lib/score-history.js +282 -282
package/bin/runners/lib/share-pack.js +239 -239
package/bin/runners/lib/snippets.js +67 -67
package/bin/runners/lib/status-output.js +253 -253
package/bin/runners/lib/terminal-ui.js +351 -271
package/bin/runners/lib/upsell.js +510 -510
package/bin/runners/lib/usage.js +153 -153
package/bin/runners/lib/validate-patch.js +156 -156
package/bin/runners/lib/verdict-engine.js +628 -628
package/bin/runners/reality/engine.js +917 -917
package/bin/runners/reality/flows.js +122 -122
package/bin/runners/reality/report.js +378 -378
package/bin/runners/reality/session.js +193 -193
package/bin/runners/runGuard.js +168 -168
package/bin/runners/runProof.zip +0 -0
package/bin/runners/runProve.js +8 -0
package/bin/runners/runReality.js +14 -0
package/bin/runners/runScan.js +17 -1
package/bin/runners/runTruth.js +15 -3
package/mcp-server/tier-auth.js +4 -4
package/mcp-server/tools/index.js +72 -72
package/package.json +1 -1

package/bin/runners/lib/schemas/truthpack-v2.schema.json CHANGED Viewed

@@ -1,303 +1,303 @@
-{
-  "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "https://vibecheck.dev/schemas/truthpack-v2.schema.json",
-  "title": "Vibecheck Truthpack v2",
-  "description": "Complete extracted truth from static analysis",
-  "type": "object",
-  "required": ["specVersion", "generatedAt", "projectRoot", "fingerprint", "routes", "clientCalls", "uiBindings"],
-  "properties": {
-    "specVersion": {
-      "type": "string",
-      "const": "2.0",
-      "description": "Schema version"
-    },
-    "generatedAt": {
-      "type": "string",
-      "format": "date-time",
-      "description": "ISO timestamp of generation"
-    },
-    "projectRoot": {
-      "type": "string",
-      "description": "Absolute path to project root"
-    },
-    "fingerprint": {
-      "type": "string",
-      "pattern": "^sha256:[a-f0-9]{64}$",
-      "description": "Hash of truthpack contents for drift detection"
-    },
-    "stack": {
-      "$ref": "#/$defs/stackDetection"
-    },
-    "routes": {
-      "$ref": "#/$defs/routesTruth"
-    },
-    "clientCalls": {
-      "$ref": "#/$defs/clientCallsTruth"
-    },
-    "uiBindings": {
-      "$ref": "#/$defs/uiBindingsTruth"
-    },
-    "env": {
-      "$ref": "#/$defs/envTruth"
-    },
-    "auth": {
-      "$ref": "#/$defs/authTruth"
-    },
-    "billing": {
-      "$ref": "#/$defs/billingTruth"
-    },
-    "proofGraph": {
-      "$ref": "#/$defs/proofGraphRef"
-    },
-    "artifacts": {
-      "type": "array",
-      "items": { "$ref": "#/$defs/artifact" },
-      "description": "Generated artifact paths and hashes"
-    }
-  },
-  "$defs": {
-    "stackDetection": {
-      "type": "object",
-      "properties": {
-        "next": { "$ref": "#/$defs/frameworkInfo" },
-        "fastify": { "$ref": "#/$defs/frameworkInfo" },
-        "express": { "$ref": "#/$defs/frameworkInfo" },
-        "trpc": { "$ref": "#/$defs/frameworkInfo" },
-        "graphql": { "$ref": "#/$defs/frameworkInfo" }
-      }
-    },
-    "frameworkInfo": {
-      "type": "object",
-      "properties": {
-        "present": { "type": "boolean" },
-        "version": { "type": ["string", "null"] },
-        "entryFile": { "type": ["string", "null"] },
-        "confidence": { "type": "string", "enum": ["high", "medium", "low"] }
-      }
-    },
-    "routesTruth": {
-      "type": "object",
-      "required": ["server", "count"],
-      "properties": {
-        "server": {
-          "type": "array",
-          "items": { "$ref": "#/$defs/serverRoute" }
-        },
-        "count": { "type": "integer", "minimum": 0 },
-        "byFramework": {
-          "type": "object",
-          "additionalProperties": { "type": "integer" }
-        },
-        "runtimeOverrides": {
-          "type": "array",
-          "items": { "$ref": "#/$defs/serverRoute" },
-          "description": "Routes from runtime dump (higher confidence)"
-        }
-      }
-    },
-    "serverRoute": {
-      "type": "object",
-      "required": ["id", "method", "path", "file", "confidence"],
-      "properties": {
-        "id": {
-          "type": "string",
-          "pattern": "^R_[A-Z]+_[A-F0-9]+$"
-        },
-        "method": {
-          "type": "string",
-          "enum": ["GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS", "ALL"]
-        },
-        "path": { "type": "string" },
-        "canonicalPath": { "type": "string" },
-        "file": { "type": "string" },
-        "line": { "type": "integer", "minimum": 1 },
-        "framework": {
-          "type": "string",
-          "enum": ["next-app", "next-pages", "fastify", "express", "trpc", "graphql"]
-        },
-        "confidence": {
-          "type": "string",
-          "enum": ["high", "medium", "low"]
-        },
-        "authRequired": { "type": "boolean" },
-        "source": {
-          "type": "string",
-          "enum": ["static", "runtime"],
-          "default": "static"
-        },
-        "evidence": {
-          "type": "array",
-          "items": { "type": "object" }
-        }
-      }
-    },
-    "clientCallsTruth": {
-      "type": "object",
-      "required": ["calls", "count"],
-      "properties": {
-        "calls": {
-          "type": "array",
-          "items": { "$ref": "#/$defs/clientCall" }
-        },
-        "count": { "type": "integer", "minimum": 0 },
-        "byKind": {
-          "type": "object",
-          "additionalProperties": { "type": "integer" }
-        }
-      }
-    },
-    "clientCall": {
-      "type": "object",
-      "required": ["id", "kind", "file", "confidence"],
-      "properties": {
-        "id": {
-          "type": "string",
-          "pattern": "^C_[A-Z]+_[A-F0-9]+$"
-        },
-        "kind": {
-          "type": "string",
-          "enum": ["http", "trpc", "graphql", "server-action"]
-        },
-        "method": {
-          "type": "string",
-          "enum": ["GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS"]
-        },
-        "urlTemplate": { "type": ["string", "null"] },
-        "canonicalPath": { "type": ["string", "null"] },
-        "file": { "type": "string" },
-        "line": { "type": "integer", "minimum": 1 },
-        "confidence": {
-          "type": "string",
-          "enum": ["high", "medium", "low"]
-        },
-        "trpcProcedure": { "type": ["string", "null"] },
-        "graphqlOperation": { "type": ["string", "null"] },
-        "serverActionId": { "type": ["string", "null"] },
-        "linkedBindingId": { "type": ["string", "null"] },
-        "evidence": {
-          "type": "array",
-          "items": { "type": "object" }
-        }
-      }
-    },
-    "uiBindingsTruth": {
-      "type": "object",
-      "required": ["bindings", "count"],
-      "properties": {
-        "bindings": {
-          "type": "array",
-          "items": { "$ref": "#/$defs/uiBinding" }
-        },
-        "count": { "type": "integer", "minimum": 0 },
-        "byEvent": {
-          "type": "object",
-          "additionalProperties": { "type": "integer" }
-        }
-      }
-    },
-    "uiBinding": {
-      "type": "object",
-      "required": ["id", "event", "file", "line"],
-      "properties": {
-        "id": {
-          "type": "string",
-          "pattern": "^UIB_[A-F0-9]+$"
-        },
-        "event": {
-          "type": "string",
-          "enum": ["onClick", "onSubmit", "onChange", "onBlur", "formAction", "serverAction"]
-        },
-        "element": { "type": "string" },
-        "file": { "type": "string" },
-        "line": { "type": "integer", "minimum": 1 },
-        "handlerName": { "type": ["string", "null"] },
-        "labelHint": { "type": ["string", "null"] },
-        "selectorHint": { "type": ["string", "null"] },
-        "linkedClientCallId": { "type": ["string", "null"] },
-        "hasTransition": { "type": "boolean" },
-        "hasOptimistic": { "type": "boolean" }
-      }
-    },
-    "envTruth": {
-      "type": "object",
-      "properties": {
-        "vars": {
-          "type": "array",
-          "items": {
-            "type": "object",
-            "required": ["name"],
-            "properties": {
-              "name": { "type": "string" },
-              "usageCount": { "type": "integer" },
-              "required": { "type": "boolean" },
-              "files": { "type": "array", "items": { "type": "string" } },
-              "isPublic": { "type": "boolean" }
-            }
-          }
-        },
-        "declared": {
-          "type": "array",
-          "items": { "type": "string" }
-        },
-        "baseUrl": { "type": ["string", "null"] },
-        "baseUrlVar": { "type": ["string", "null"] }
-      }
-    },
-    "authTruth": {
-      "type": "object",
-      "properties": {
-        "provider": {
-          "type": ["string", "null"],
-          "enum": [null, "next-auth", "clerk", "supabase", "custom"]
-        },
-        "protectedPatterns": {
-          "type": "array",
-          "items": { "type": "string" }
-        },
-        "publicPatterns": {
-          "type": "array",
-          "items": { "type": "string" }
-        },
-        "middlewareFile": { "type": ["string", "null"] }
-      }
-    },
-    "billingTruth": {
-      "type": "object",
-      "properties": {
-        "provider": {
-          "type": ["string", "null"],
-          "enum": [null, "stripe", "paddle", "lemon-squeezy"]
-        },
-        "webhookPath": { "type": ["string", "null"] },
-        "products": {
-          "type": "array",
-          "items": { "type": "string" }
-        }
-      }
-    },
-    "proofGraphRef": {
-      "type": "object",
-      "properties": {
-        "nodeCount": { "type": "integer" },
-        "edgeCount": { "type": "integer" },
-        "coverage": {
-          "type": "object",
-          "properties": {
-            "serverRoutesLinked": { "type": "number", "minimum": 0, "maximum": 1 },
-            "clientCallsLinked": { "type": "number", "minimum": 0, "maximum": 1 },
-            "uiBindingsLinked": { "type": "number", "minimum": 0, "maximum": 1 }
-          }
-        }
-      }
-    },
-    "artifact": {
-      "type": "object",
-      "required": ["path", "sha256"],
-      "properties": {
-        "path": { "type": "string" },
-        "sha256": { "type": "string", "pattern": "^[a-f0-9]{64}$" },
-        "size": { "type": "integer" }
-      }
-    }
-  }
-}
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://vibecheck.dev/schemas/truthpack-v2.schema.json",
+  "title": "Vibecheck Truthpack v2",
+  "description": "Complete extracted truth from static analysis",
+  "type": "object",
+  "required": ["specVersion", "generatedAt", "projectRoot", "fingerprint", "routes", "clientCalls", "uiBindings"],
+  "properties": {
+    "specVersion": {
+      "type": "string",
+      "const": "2.0",
+      "description": "Schema version"
+    },
+    "generatedAt": {
+      "type": "string",
+      "format": "date-time",
+      "description": "ISO timestamp of generation"
+    },
+    "projectRoot": {
+      "type": "string",
+      "description": "Absolute path to project root"
+    },
+    "fingerprint": {
+      "type": "string",
+      "pattern": "^sha256:[a-f0-9]{64}$",
+      "description": "Hash of truthpack contents for drift detection"
+    },
+    "stack": {
+      "$ref": "#/$defs/stackDetection"
+    },
+    "routes": {
+      "$ref": "#/$defs/routesTruth"
+    },
+    "clientCalls": {
+      "$ref": "#/$defs/clientCallsTruth"
+    },
+    "uiBindings": {
+      "$ref": "#/$defs/uiBindingsTruth"
+    },
+    "env": {
+      "$ref": "#/$defs/envTruth"
+    },
+    "auth": {
+      "$ref": "#/$defs/authTruth"
+    },
+    "billing": {
+      "$ref": "#/$defs/billingTruth"
+    },
+    "proofGraph": {
+      "$ref": "#/$defs/proofGraphRef"
+    },
+    "artifacts": {
+      "type": "array",
+      "items": { "$ref": "#/$defs/artifact" },
+      "description": "Generated artifact paths and hashes"
+    }
+  },
+  "$defs": {
+    "stackDetection": {
+      "type": "object",
+      "properties": {
+        "next": { "$ref": "#/$defs/frameworkInfo" },
+        "fastify": { "$ref": "#/$defs/frameworkInfo" },
+        "express": { "$ref": "#/$defs/frameworkInfo" },
+        "trpc": { "$ref": "#/$defs/frameworkInfo" },
+        "graphql": { "$ref": "#/$defs/frameworkInfo" }
+      }
+    },
+    "frameworkInfo": {
+      "type": "object",
+      "properties": {
+        "present": { "type": "boolean" },
+        "version": { "type": ["string", "null"] },
+        "entryFile": { "type": ["string", "null"] },
+        "confidence": { "type": "string", "enum": ["high", "medium", "low"] }
+      }
+    },
+    "routesTruth": {
+      "type": "object",
+      "required": ["server", "count"],
+      "properties": {
+        "server": {
+          "type": "array",
+          "items": { "$ref": "#/$defs/serverRoute" }
+        },
+        "count": { "type": "integer", "minimum": 0 },
+        "byFramework": {
+          "type": "object",
+          "additionalProperties": { "type": "integer" }
+        },
+        "runtimeOverrides": {
+          "type": "array",
+          "items": { "$ref": "#/$defs/serverRoute" },
+          "description": "Routes from runtime dump (higher confidence)"
+        }
+      }
+    },
+    "serverRoute": {
+      "type": "object",
+      "required": ["id", "method", "path", "file", "confidence"],
+      "properties": {
+        "id": {
+          "type": "string",
+          "pattern": "^R_[A-Z]+_[A-F0-9]+$"
+        },
+        "method": {
+          "type": "string",
+          "enum": ["GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS", "ALL"]
+        },
+        "path": { "type": "string" },
+        "canonicalPath": { "type": "string" },
+        "file": { "type": "string" },
+        "line": { "type": "integer", "minimum": 1 },
+        "framework": {
+          "type": "string",
+          "enum": ["next-app", "next-pages", "fastify", "express", "trpc", "graphql"]
+        },
+        "confidence": {
+          "type": "string",
+          "enum": ["high", "medium", "low"]
+        },
+        "authRequired": { "type": "boolean" },
+        "source": {
+          "type": "string",
+          "enum": ["static", "runtime"],
+          "default": "static"
+        },
+        "evidence": {
+          "type": "array",
+          "items": { "type": "object" }
+        }
+      }
+    },
+    "clientCallsTruth": {
+      "type": "object",
+      "required": ["calls", "count"],
+      "properties": {
+        "calls": {
+          "type": "array",
+          "items": { "$ref": "#/$defs/clientCall" }
+        },
+        "count": { "type": "integer", "minimum": 0 },
+        "byKind": {
+          "type": "object",
+          "additionalProperties": { "type": "integer" }
+        }
+      }
+    },
+    "clientCall": {
+      "type": "object",
+      "required": ["id", "kind", "file", "confidence"],
+      "properties": {
+        "id": {
+          "type": "string",
+          "pattern": "^C_[A-Z]+_[A-F0-9]+$"
+        },
+        "kind": {
+          "type": "string",
+          "enum": ["http", "trpc", "graphql", "server-action"]
+        },
+        "method": {
+          "type": "string",
+          "enum": ["GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS"]
+        },
+        "urlTemplate": { "type": ["string", "null"] },
+        "canonicalPath": { "type": ["string", "null"] },
+        "file": { "type": "string" },
+        "line": { "type": "integer", "minimum": 1 },
+        "confidence": {
+          "type": "string",
+          "enum": ["high", "medium", "low"]
+        },
+        "trpcProcedure": { "type": ["string", "null"] },
+        "graphqlOperation": { "type": ["string", "null"] },
+        "serverActionId": { "type": ["string", "null"] },
+        "linkedBindingId": { "type": ["string", "null"] },
+        "evidence": {
+          "type": "array",
+          "items": { "type": "object" }
+        }
+      }
+    },
+    "uiBindingsTruth": {
+      "type": "object",
+      "required": ["bindings", "count"],
+      "properties": {
+        "bindings": {
+          "type": "array",
+          "items": { "$ref": "#/$defs/uiBinding" }
+        },
+        "count": { "type": "integer", "minimum": 0 },
+        "byEvent": {
+          "type": "object",
+          "additionalProperties": { "type": "integer" }
+        }
+      }
+    },
+    "uiBinding": {
+      "type": "object",
+      "required": ["id", "event", "file", "line"],
+      "properties": {
+        "id": {
+          "type": "string",
+          "pattern": "^UIB_[A-F0-9]+$"
+        },
+        "event": {
+          "type": "string",
+          "enum": ["onClick", "onSubmit", "onChange", "onBlur", "formAction", "serverAction"]
+        },
+        "element": { "type": "string" },
+        "file": { "type": "string" },
+        "line": { "type": "integer", "minimum": 1 },
+        "handlerName": { "type": ["string", "null"] },
+        "labelHint": { "type": ["string", "null"] },
+        "selectorHint": { "type": ["string", "null"] },
+        "linkedClientCallId": { "type": ["string", "null"] },
+        "hasTransition": { "type": "boolean" },
+        "hasOptimistic": { "type": "boolean" }
+      }
+    },
+    "envTruth": {
+      "type": "object",
+      "properties": {
+        "vars": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "required": ["name"],
+            "properties": {
+              "name": { "type": "string" },
+              "usageCount": { "type": "integer" },
+              "required": { "type": "boolean" },
+              "files": { "type": "array", "items": { "type": "string" } },
+              "isPublic": { "type": "boolean" }
+            }
+          }
+        },
+        "declared": {
+          "type": "array",
+          "items": { "type": "string" }
+        },
+        "baseUrl": { "type": ["string", "null"] },
+        "baseUrlVar": { "type": ["string", "null"] }
+      }
+    },
+    "authTruth": {
+      "type": "object",
+      "properties": {
+        "provider": {
+          "type": ["string", "null"],
+          "enum": [null, "next-auth", "clerk", "supabase", "custom"]
+        },
+        "protectedPatterns": {
+          "type": "array",
+          "items": { "type": "string" }
+        },
+        "publicPatterns": {
+          "type": "array",
+          "items": { "type": "string" }
+        },
+        "middlewareFile": { "type": ["string", "null"] }
+      }
+    },
+    "billingTruth": {
+      "type": "object",
+      "properties": {
+        "provider": {
+          "type": ["string", "null"],
+          "enum": [null, "stripe", "paddle", "lemon-squeezy"]
+        },
+        "webhookPath": { "type": ["string", "null"] },
+        "products": {
+          "type": "array",
+          "items": { "type": "string" }
+        }
+      }
+    },
+    "proofGraphRef": {
+      "type": "object",
+      "properties": {
+        "nodeCount": { "type": "integer" },
+        "edgeCount": { "type": "integer" },
+        "coverage": {
+          "type": "object",
+          "properties": {
+            "serverRoutesLinked": { "type": "number", "minimum": 0, "maximum": 1 },
+            "clientCallsLinked": { "type": "number", "minimum": 0, "maximum": 1 },
+            "uiBindingsLinked": { "type": "number", "minimum": 0, "maximum": 1 }
+          }
+        }
+      }
+    },
+    "artifact": {
+      "type": "object",
+      "required": ["path", "sha256"],
+      "properties": {
+        "path": { "type": "string" },
+        "sha256": { "type": "string", "pattern": "^[a-f0-9]{64}$" },
+        "size": { "type": "integer" }
+      }
+    }
+  }
+}