@vibecheckai/cli 3.2.3 → 3.2.5

package/bin/runners/runGuard.js

@@ -1,168 +1,168 @@
-/**
- * vibecheck guard - Unified trust boundary enforcement
- * 
- * Combines: validate + claim-verifier + prompt-firewall
- * 
- * Usage:
- *   vibecheck guard                    # Run all checks
- *   vibecheck guard --claims           # Verify AI claims against truthpack
- *   vibecheck guard --prompts          # Check for prompt injection
- *   vibecheck guard --hallucinations   # Detect AI hallucination patterns
- */
-
-const path = require("path");
-const fs = require("fs");
-
-// Import underlying implementations
-const { runValidate } = require("./runValidate");
-const { runPromptFirewall } = require("./runPromptFirewall");
-
-// ANSI colors
-const c = {
-  reset: "\x1b[0m",
-  dim: "\x1b[2m",
-  bold: "\x1b[1m",
-  cyan: "\x1b[36m",
-  green: "\x1b[32m",
-  yellow: "\x1b[33m",
-  red: "\x1b[31m",
-  magenta: "\x1b[35m",
-};
-
-function printHelp() {
-  console.log(`
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-  ${c.bold}vibecheck guard${c.reset} - Trust boundary enforcement for AI outputs
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-
-${c.green}USAGE${c.reset}
-  vibecheck guard [options]
-
-${c.yellow}OPTIONS${c.reset}
-  --claims           Verify AI claims against truthpack (route_exists, auth_enforced, etc.)
-  --prompts          Check code for prompt injection vulnerabilities
-  --hallucinations   Detect AI hallucination patterns in generated code
-  --file <path>      Check specific file(s)
-  --json             Output JSON for CI integration
-  --strict           Fail on warnings (default: fail on errors only)
-
-${c.magenta}EXAMPLES${c.reset}
-  vibecheck guard                           # Run all checks
-  vibecheck guard --claims --file api.ts    # Verify claims in specific file
-  vibecheck guard --prompts                 # Prompt injection scan
-  vibecheck guard --json                    # CI-friendly output
-
-${c.dim}This command unifies trust boundary checks for AI-generated code.${c.reset}
-`);
-}
-
-async function runGuard(args = []) {
-  // Parse arguments
-  if (args.includes("--help") || args.includes("-h")) {
-    printHelp();
-    return 0;
-  }
-
-  const runClaims = args.includes("--claims") || (!args.includes("--prompts") && !args.includes("--hallucinations"));
-  const runPrompts = args.includes("--prompts") || (!args.includes("--claims") && !args.includes("--hallucinations"));
-  const runHallucinations = args.includes("--hallucinations") || (!args.includes("--claims") && !args.includes("--prompts"));
-  const jsonOutput = args.includes("--json");
-  const strict = args.includes("--strict");
-
-  const results = {
-    claims: null,
-    prompts: null,
-    hallucinations: null,
-    verdict: "PASS",
-    errors: 0,
-    warnings: 0,
-  };
-
-  console.log(`
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-  ${c.bold}🛡️  VIBECHECK GUARD${c.reset} - Trust Boundary Enforcement
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-`);
-
-  // Run claims verification (validates AI claims against truthpack)
-  if (runClaims) {
-    console.log(`${c.dim}▸ Verifying AI claims against truthpack...${c.reset}`);
-    try {
-      const validateArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
-      const exitCode = await runValidate(validateArgs);
-      results.claims = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
-      if (exitCode !== 0) {
-        results.errors++;
-        results.verdict = "FAIL";
-      }
-      console.log(exitCode === 0 
-        ? `  ${c.green}✓${c.reset} Claims verified` 
-        : `  ${c.red}✗${c.reset} Claim verification failed`);
-    } catch (e) {
-      results.claims = { error: e.message };
-      console.log(`  ${c.yellow}⚠${c.reset} Claims check skipped: ${e.message}`);
-    }
-  }
-
-  // Run prompt injection detection
-  if (runPrompts) {
-    console.log(`${c.dim}▸ Scanning for prompt injection vulnerabilities...${c.reset}`);
-    try {
-      const firewallArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
-      const exitCode = await runPromptFirewall(firewallArgs);
-      results.prompts = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
-      if (exitCode !== 0) {
-        results.warnings++;
-        if (strict) results.verdict = "FAIL";
-      }
-      console.log(exitCode === 0 
-        ? `  ${c.green}✓${c.reset} No prompt injection risks` 
-        : `  ${c.yellow}⚠${c.reset} Prompt injection risks detected`);
-    } catch (e) {
-      results.prompts = { error: e.message };
-      console.log(`  ${c.yellow}⚠${c.reset} Prompt check skipped: ${e.message}`);
-    }
-  }
-
-  // Run hallucination detection
-  if (runHallucinations) {
-    console.log(`${c.dim}▸ Detecting hallucination patterns...${c.reset}`);
-    // Use validate with hallucination focus
-    try {
-      const validateArgs = ["--hallucinations", ...args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a))];
-      const exitCode = await runValidate(validateArgs);
-      results.hallucinations = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
-      if (exitCode !== 0) {
-        results.warnings++;
-        if (strict) results.verdict = "FAIL";
-      }
-      console.log(exitCode === 0 
-        ? `  ${c.green}✓${c.reset} No hallucination patterns` 
-        : `  ${c.yellow}⚠${c.reset} Potential hallucinations detected`);
-    } catch (e) {
-      results.hallucinations = { error: e.message };
-      console.log(`  ${c.yellow}⚠${c.reset} Hallucination check skipped: ${e.message}`);
-    }
-  }
-
-  // Summary
-  console.log(`
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}`);
-  
-  if (results.verdict === "PASS") {
-    console.log(`  ${c.green}${c.bold}✓ GUARD PASS${c.reset} - All trust boundaries intact`);
-  } else {
-    console.log(`  ${c.red}${c.bold}✗ GUARD FAIL${c.reset} - Trust boundary violations detected`);
-  }
-
-  console.log(`${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-`);
-
-  if (jsonOutput) {
-    console.log(JSON.stringify(results, null, 2));
-  }
-
-  return results.verdict === "PASS" ? 0 : (results.errors > 0 ? 2 : 1);
-}
-
-module.exports = { runGuard };
+/**
+ * vibecheck guard - Unified trust boundary enforcement
+ * 
+ * Combines: validate + claim-verifier + prompt-firewall
+ * 
+ * Usage:
+ *   vibecheck guard                    # Run all checks
+ *   vibecheck guard --claims           # Verify AI claims against truthpack
+ *   vibecheck guard --prompts          # Check for prompt injection
+ *   vibecheck guard --hallucinations   # Detect AI hallucination patterns
+ */
+
+const path = require("path");
+const fs = require("fs");
+
+// Import underlying implementations
+const { runValidate } = require("./runValidate");
+const { runPromptFirewall } = require("./runPromptFirewall");
+
+// ANSI colors
+const c = {
+  reset: "\x1b[0m",
+  dim: "\x1b[2m",
+  bold: "\x1b[1m",
+  cyan: "\x1b[36m",
+  green: "\x1b[32m",
+  yellow: "\x1b[33m",
+  red: "\x1b[31m",
+  magenta: "\x1b[35m",
+};
+
+function printHelp() {
+  console.log(`
+${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
+  ${c.bold}vibecheck guard${c.reset} - Trust boundary enforcement for AI outputs
+${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
+
+${c.green}USAGE${c.reset}
+  vibecheck guard [options]
+
+${c.yellow}OPTIONS${c.reset}
+  --claims           Verify AI claims against truthpack (route_exists, auth_enforced, etc.)
+  --prompts          Check code for prompt injection vulnerabilities
+  --hallucinations   Detect AI hallucination patterns in generated code
+  --file <path>      Check specific file(s)
+  --json             Output JSON for CI integration
+  --strict           Fail on warnings (default: fail on errors only)
+
+${c.magenta}EXAMPLES${c.reset}
+  vibecheck guard                           # Run all checks
+  vibecheck guard --claims --file api.ts    # Verify claims in specific file
+  vibecheck guard --prompts                 # Prompt injection scan
+  vibecheck guard --json                    # CI-friendly output
+
+${c.dim}This command unifies trust boundary checks for AI-generated code.${c.reset}
+`);
+}
+
+async function runGuard(args = []) {
+  // Parse arguments
+  if (args.includes("--help") || args.includes("-h")) {
+    printHelp();
+    return 0;
+  }
+
+  const runClaims = args.includes("--claims") || (!args.includes("--prompts") && !args.includes("--hallucinations"));
+  const runPrompts = args.includes("--prompts") || (!args.includes("--claims") && !args.includes("--hallucinations"));
+  const runHallucinations = args.includes("--hallucinations") || (!args.includes("--claims") && !args.includes("--prompts"));
+  const jsonOutput = args.includes("--json");
+  const strict = args.includes("--strict");
+
+  const results = {
+    claims: null,
+    prompts: null,
+    hallucinations: null,
+    verdict: "PASS",
+    errors: 0,
+    warnings: 0,
+  };
+
+  console.log(`
+${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
+  ${c.bold}🛡️  VIBECHECK GUARD${c.reset} - Trust Boundary Enforcement
+${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
+`);
+
+  // Run claims verification (validates AI claims against truthpack)
+  if (runClaims) {
+    console.log(`${c.dim}▸ Verifying AI claims against truthpack...${c.reset}`);
+    try {
+      const validateArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
+      const exitCode = await runValidate(validateArgs);
+      results.claims = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
+      if (exitCode !== 0) {
+        results.errors++;
+        results.verdict = "FAIL";
+      }
+      console.log(exitCode === 0 
+        ? `  ${c.green}✓${c.reset} Claims verified` 
+        : `  ${c.red}✗${c.reset} Claim verification failed`);
+    } catch (e) {
+      results.claims = { error: e.message };
+      console.log(`  ${c.yellow}⚠${c.reset} Claims check skipped: ${e.message}`);
+    }
+  }
+
+  // Run prompt injection detection
+  if (runPrompts) {
+    console.log(`${c.dim}▸ Scanning for prompt injection vulnerabilities...${c.reset}`);
+    try {
+      const firewallArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
+      const exitCode = await runPromptFirewall(firewallArgs);
+      results.prompts = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
+      if (exitCode !== 0) {
+        results.warnings++;
+        if (strict) results.verdict = "FAIL";
+      }
+      console.log(exitCode === 0 
+        ? `  ${c.green}✓${c.reset} No prompt injection risks` 
+        : `  ${c.yellow}⚠${c.reset} Prompt injection risks detected`);
+    } catch (e) {
+      results.prompts = { error: e.message };
+      console.log(`  ${c.yellow}⚠${c.reset} Prompt check skipped: ${e.message}`);
+    }
+  }
+
+  // Run hallucination detection
+  if (runHallucinations) {
+    console.log(`${c.dim}▸ Detecting hallucination patterns...${c.reset}`);
+    // Use validate with hallucination focus
+    try {
+      const validateArgs = ["--hallucinations", ...args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a))];
+      const exitCode = await runValidate(validateArgs);
+      results.hallucinations = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
+      if (exitCode !== 0) {
+        results.warnings++;
+        if (strict) results.verdict = "FAIL";
+      }
+      console.log(exitCode === 0 
+        ? `  ${c.green}✓${c.reset} No hallucination patterns` 
+        : `  ${c.yellow}⚠${c.reset} Potential hallucinations detected`);
+    } catch (e) {
+      results.hallucinations = { error: e.message };
+      console.log(`  ${c.yellow}⚠${c.reset} Hallucination check skipped: ${e.message}`);
+    }
+  }
+
+  // Summary
+  console.log(`
+${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}`);
+  
+  if (results.verdict === "PASS") {
+    console.log(`  ${c.green}${c.bold}✓ GUARD PASS${c.reset} - All trust boundaries intact`);
+  } else {
+    console.log(`  ${c.red}${c.bold}✗ GUARD FAIL${c.reset} - Trust boundary violations detected`);
+  }
+
+  console.log(`${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
+`);
+
+  if (jsonOutput) {
+    console.log(JSON.stringify(results, null, 2));
+  }
+
+  return results.verdict === "PASS" ? 0 : (results.errors > 0 ? 2 : 1);
+}
+
+module.exports = { runGuard };

package/bin/runners/runProve.js

@@ -31,6 +31,7 @@ const {
   saveArtifact 
 } = require("./lib/cli-output");
 const { parseGlobalFlags, shouldShowBanner } = require("./lib/global-flags");
+const upsell = require("./lib/upsell");
 
 let runReality;
 try {
@@ -1410,6 +1411,13 @@ async function runProve(argsOrOpts = {}, context = {}) {
       console.log(`  ${colors.accent}vibecheck ship --fix${c.reset}  ${c.dim}Manual fix mode${c.reset}`);
       console.log();
     }
+    
+    // Upsell for upgrade
+    console.log(upsell.formatNextSteps("prove", finalVerdict, "free"));
+    console.log();
+    console.log(`  ${c.dim}${upsell.sym.star} Upgrade for unlimited prove runs + video artifacts${c.reset}`);
+    console.log(`  ${c.dim}${upsell.sym.arrow} ${upsell.PRICING_URL}${c.reset}`);
+    console.log();
   } else if (ci) {
     // CI mode - structured output for easy parsing
     console.log(`::group::vibecheck prove summary`);

package/bin/runners/runReality.js

@@ -32,6 +32,7 @@ const { parseGlobalFlags, shouldShowBanner } = require("./lib/global-flags");
 
 // Entitlements enforcement
 const entitlements = require("./lib/entitlements-v2");
+const upsell = require("./lib/upsell");
 
 let chromium;
 let playwrightError = null;
@@ -2076,6 +2077,19 @@ async function runReality(argsOrOpts = {}) {
     console.log();
   }
 
+  // Upsell for free tier users running in preview mode
+  const currentTier = entitlements.getCurrentTierSync ? entitlements.getCurrentTierSync() : 'free';
+  if (currentTier === 'free') {
+    console.log(upsell.formatEarnedUpsell({
+      cmd: "reality",
+      why: "cap_hit",
+      topIssues: findings.slice(0, 5),
+      upgradeTier: "starter",
+    }));
+    console.log(upsell.formatNextSteps("reality", blocks > 0 ? "BLOCK" : warns > 0 ? "WARN" : "SHIP", currentTier));
+    console.log();
+  }
+
   process.exitCode = blocks ? 2 : warns ? 1 : 0;
   return process.exitCode;
 }

package/bin/runners/runScan.js

@@ -763,6 +763,13 @@ async function runScan(args) {
         findDeprecatedApis,
         findEmptyCatch,
         findUnsafeRegex,
+        findSecurityVulnerabilities,
+        findPerformanceIssues,
+        findCodeQualityIssues,
+        findCrossFileIssues,
+        findTypeSafetyIssues,
+        findAccessibilityIssues,
+        findAPIConsistencyIssues,
         clearFileCache, // V3: Memory management
       } = require('./lib/analyzers');
       
@@ -789,8 +796,17 @@ async function runScan(args) {
         findings.push(...findEmptyCatch(projectPath));
         findings.push(...findUnsafeRegex(projectPath));
         
-        // V3: Clear file cache to prevent memory leaks in large monorepos
+        // Enhanced analyzers (Security, Performance, Code Quality)
+        findings.push(...findSecurityVulnerabilities(projectPath));
+        findings.push(...findPerformanceIssues(projectPath));
+        findings.push(...findCodeQualityIssues(projectPath));
+        
+        // V3: Clear file cache and AST cache to prevent memory leaks in large monorepos
         clearFileCache();
+        const engines = require("./lib/engines/vibecheck-engines");
+        if (engines.clearASTCache) {
+          engines.clearASTCache();
+        }
         
         // Convert to scan format matching TypeScript scanner output
         const shipBlockers = findings.map((f, i) => ({

package/bin/runners/runTruth.js

@@ -37,10 +37,22 @@ async function runTruth(options = {}) {
     // Write truthpack files based on scope
     if (scope === "all" || scope === "routes") {
       const routesFile = path.join(truthpackDir, "routes.json");
+      // Extract routes from truthpack structure: truthpack.truthpack.routes.server
+      const serverRoutes = truthpack.truthpack?.routes?.server || [];
+      const gaps = truthpack.truthpack?.routes?.gaps || [];
+      const stack = truthpack.truthpack?.project || {};
+      
       fs.writeFileSync(routesFile, JSON.stringify({
-        routes: truthpack.routes || [],
-        gaps: truthpack.gaps || [],
-        stack: truthpack.stack || {}
+        routes: serverRoutes.map(r => ({
+          path: r.path,
+          method: r.method,
+          handler: r.handler || r.source
+        })),
+        gaps: gaps,
+        stack: {
+          framework: stack.frameworks?.[0] || "unknown",
+          language: "typescript"
+        }
       }, null, 2));
     }
     

package/bin/vibecheck.js

@@ -1123,35 +1123,60 @@ async function main() {
                     process.env.VIBECHECK_LOCAL === '1';
 
   // Auth check (unless skipAuth or offline mode)
-  if (!cmdDef.skipAuth && !isOffline) {
+  // Only allow login, logout, whoami, and help without auth
+  const authExemptCommands = ['login', 'logout', 'whoami', 'help', '--help', '-h', 'version', '--version'];
+  const needsAuth = !authExemptCommands.includes(cmd) && !cmdDef.skipAuth && !isOffline;
+  
+  if (needsAuth) {
     const auth = getAuthModule();
     const { key } = auth.getApiKey();
     authInfo.key = key;
 
+    // If no API key, prompt for login
+    if (!key) {
+      console.log(`\n  ${c.red}❌ Authentication Required${c.reset}`);
+      console.log(`  Please log in to use vibecheck.\n`);
+      console.log(`  ${c.cyan}Options:${c.reset}`);
+      console.log(`  1. Press ${c.yellow}Enter${c.reset} to open browser and sign up`);
+      console.log(`  2. Visit ${c.underline}https://vibecheckai.dev${c.reset} directly`);
+      console.log(`  3. Run ${c.cyan}vibecheck login${c.reset} after getting your API key\n`);
+      
+      // Wait for Enter key
+      const readline = getReadline();
+      readline.createInterface({
+        input: process.stdin,
+        output: process.stdout
+      }).question('', async () => {
+        try {
+          const https = getHttps();
+          const url = 'https://vibecheckai.dev';
+          console.log(`\n  Opening ${c.underline}${url}${c.reset} in your browser...\n`);
+          
+          // Try to open browser
+          const start = process.platform === 'darwin' ? 'open' : 
+                       process.platform === 'win32' ? 'start' : 'xdg-open';
+          require('child_process').exec(`${start} ${url}`);
+        } catch (e) {
+          console.log(`  Could not open browser. Please visit: ${c.underline}https://vibecheckai.dev${c.reset}`);
+        }
+        process.exit(0);
+      });
+      
+      // Keep process alive
+      return new Promise(() => {});
+    }
+
     const access = await checkCommandAccess(cmd, cmdArgs, authInfo);
 
     if (!access.allowed) {
       console.log(access.reason);
-      process.exit(access.exitCode || 3);
-    }
-
-    // Downgrade notice
-    if (access.downgrade && !config.quiet) {
-      const upsell = getUpsell();
-      console.log(upsell.formatDowngrade(cmd, {
-        currentTier: access.tier,
-        effectiveMode: access.downgrade,
-        caps: access.caps,
-      }));
-    }
-
-    // Tier badge
-    if (!config.quiet && !config.noBanner) {
-      if (access.tier === "pro") {
-        console.log(`${c.magenta}${sym.arrowRight} PRO${c.reset} ${c.dim}feature${c.reset}`);
-      } else if (access.tier === "complete") {
-        console.log(`${c.yellow}${sym.arrowRight} COMPLETE${c.reset} ${c.dim}feature${c.reset}`);
+      
+      // Show upgrade prompt if tier insufficient
+      if (access.upgradeUrl) {
+        console.log(`\n  ${c.cyan}Upgrade:${c.reset} ${access.upgradeUrl}`);
       }
+      
+      return 1;
     }
 
     authInfo.access = access;

package/mcp-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vibecheck-mcp-server",
-  "version": "3.1.8",
+  "version": "3.2.0",
   "description": "Professional MCP server for vibecheck - Intelligent development environment vibechecks",
   "type": "module",
   "main": "index.js",