@vibecheckai/cli 3.2.4 → 3.2.6

package/bin/runners/lib/backup.js

@@ -1,62 +1,62 @@
-// bin/runners/lib/backup.js
-const fs = require("fs");
-const path = require("path");
-
-function ensureDir(p) {
-  fs.mkdirSync(p, { recursive: true });
-}
-
-function backupFiles(repoRoot, fileRelPaths, backupRoot) {
-  ensureDir(backupRoot);
-
-  const saved = [];
-  for (const rel of fileRelPaths) {
-    const abs = path.join(repoRoot, rel);
-    if (!fs.existsSync(abs)) {
-      saved.push({ rel, existed: false });
-      continue;
-    }
-
-    const dest = path.join(backupRoot, rel);
-    ensureDir(path.dirname(dest));
-    fs.copyFileSync(abs, dest);
-    saved.push({ rel, existed: true });
-  }
-
-  fs.writeFileSync(
-    path.join(backupRoot, "_manifest.json"),
-    JSON.stringify({ saved }, null, 2),
-    "utf8"
-  );
-
-  return saved;
-}
-
-function restoreBackup(repoRoot, backupRoot) {
-  const manifestPath = path.join(backupRoot, "_manifest.json");
-  if (!fs.existsSync(manifestPath)) {
-    return { ok: false, error: "backup manifest missing" };
-  }
-
-  const manifest = JSON.parse(fs.readFileSync(manifestPath, "utf8"));
-  const saved = manifest.saved || [];
-
-  for (const s of saved) {
-    const abs = path.join(repoRoot, s.rel);
-    const bak = path.join(backupRoot, s.rel);
-
-    if (!s.existed) {
-      if (fs.existsSync(abs)) fs.rmSync(abs, { force: true });
-      continue;
-    }
-
-    if (fs.existsSync(bak)) {
-      ensureDir(path.dirname(abs));
-      fs.copyFileSync(bak, abs);
-    }
-  }
-
-  return { ok: true };
-}
-
-module.exports = { backupFiles, restoreBackup };
+// bin/runners/lib/backup.js
+const fs = require("fs");
+const path = require("path");
+
+function ensureDir(p) {
+  fs.mkdirSync(p, { recursive: true });
+}
+
+function backupFiles(repoRoot, fileRelPaths, backupRoot) {
+  ensureDir(backupRoot);
+
+  const saved = [];
+  for (const rel of fileRelPaths) {
+    const abs = path.join(repoRoot, rel);
+    if (!fs.existsSync(abs)) {
+      saved.push({ rel, existed: false });
+      continue;
+    }
+
+    const dest = path.join(backupRoot, rel);
+    ensureDir(path.dirname(dest));
+    fs.copyFileSync(abs, dest);
+    saved.push({ rel, existed: true });
+  }
+
+  fs.writeFileSync(
+    path.join(backupRoot, "_manifest.json"),
+    JSON.stringify({ saved }, null, 2),
+    "utf8"
+  );
+
+  return saved;
+}
+
+function restoreBackup(repoRoot, backupRoot) {
+  const manifestPath = path.join(backupRoot, "_manifest.json");
+  if (!fs.existsSync(manifestPath)) {
+    return { ok: false, error: "backup manifest missing" };
+  }
+
+  const manifest = JSON.parse(fs.readFileSync(manifestPath, "utf8"));
+  const saved = manifest.saved || [];
+
+  for (const s of saved) {
+    const abs = path.join(repoRoot, s.rel);
+    const bak = path.join(backupRoot, s.rel);
+
+    if (!s.existed) {
+      if (fs.existsSync(abs)) fs.rmSync(abs, { force: true });
+      continue;
+    }
+
+    if (fs.existsSync(bak)) {
+      ensureDir(path.dirname(abs));
+      fs.copyFileSync(bak, abs);
+    }
+  }
+
+  return { ok: true };
+}
+
+module.exports = { backupFiles, restoreBackup };

package/bin/runners/lib/billing.js

@@ -1,107 +1,107 @@
-// bin/runners/lib/billing.js
-const fg = require("fast-glob");
-const fs = require("fs");
-const path = require("path");
-const crypto = require("crypto");
-
-function sha256(text) {
-  return "sha256:" + crypto.createHash("sha256").update(text).digest("hex");
-}
-
-function safeRead(fileAbs) {
-  return fs.readFileSync(fileAbs, "utf8");
-}
-
-function evidenceFromLine({ fileAbs, repoRoot, lineNo, reason }) {
-  const fileRel = path.relative(repoRoot, fileAbs).replace(/\\/g, "/");
-  const lines = safeRead(fileAbs).split(/\r?\n/);
-  const idx = Math.max(0, Math.min(lines.length - 1, lineNo - 1));
-  const snippet = lines[idx] || "";
-  return {
-    id: `ev_${crypto.randomBytes(4).toString("hex")}`,
-    file: fileRel,
-    lines: `${lineNo}-${lineNo}`,
-    snippetHash: sha256(snippet),
-    reason
-  };
-}
-
-function findLineMatches(code, regex) {
-  const out = [];
-  const lines = code.split(/\r?\n/);
-  for (let i = 0; i < lines.length; i++) {
-    if (regex.test(lines[i])) out.push(i + 1);
-  }
-  return out;
-}
-
-function classifyStripeSignals(code) {
-  const signals = {
-    usesStripeSdk: /\bstripe\b/i.test(code) && /from\s+['"]stripe['"]|require\(['"]stripe['"]\)/.test(code),
-    webhookConstructEvent: /\bconstructEvent(Async)?\b/.test(code) || /\bstripe\.webhooks\.constructEvent\b/.test(code),
-    readsStripeSignatureHeader: /stripe-signature/i.test(code) || /\bStripe-Signature\b/.test(code),
-    rawBodySignal:
-      /\bbodyParser\s*:\s*false\b/.test(code) ||
-      /\breq\.(text|arrayBuffer)\(\)/.test(code) ||
-      /\brawBody\b/.test(code) || /\brequest\.raw\b/.test(code) || /\bcontentTypeParser\b/i.test(code),
-    idempotencySignal:
-      /\bevent\.id\b/.test(code) && /\b(prisma|db|redis|cache|processed|dedupe|idempotent)\b/i.test(code) ||
-      /\bidempotenc(y|e)\b/i.test(code)
-  };
-
-  return signals;
-}
-
-async function buildBillingTruth(repoRoot) {
-  const files = await fg(["**/*.{ts,tsx,js,jsx}"], {
-    cwd: repoRoot,
-    absolute: true,
-    ignore: ["**/node_modules/**", "**/.next/**", "**/dist/**", "**/build/**"]
-  });
-
-  const webhookCandidates = [];
-  const stripeFiles = [];
-
-  for (const fileAbs of files) {
-    const fileRel = path.relative(repoRoot, fileAbs).replace(/\\/g, "/");
-    const code = safeRead(fileAbs);
-
-    const signals = classifyStripeSignals(code);
-
-    if (signals.usesStripeSdk) stripeFiles.push(fileRel);
-
-    if (signals.webhookConstructEvent || signals.readsStripeSignatureHeader) {
-      const ev = [];
-      const lines1 = findLineMatches(code, /\bconstructEvent(Async)?\b|stripe\.webhooks\.constructEvent/);
-      const lines2 = findLineMatches(code, /stripe-signature|Stripe-Signature/i);
-      const lines3 = findLineMatches(code, /bodyParser\s*:\s*false|req\.(text|arrayBuffer)\(|rawBody|contentTypeParser/i);
-      const lines4 = findLineMatches(code, /event\.id|idempotenc(y|e)|dedupe|processed/i);
-
-      for (const ln of lines1.slice(0, 3)) ev.push(evidenceFromLine({ fileAbs, repoRoot, lineNo: ln, reason: "Stripe webhook signature constructEvent signal" }));
-      for (const ln of lines2.slice(0, 3)) ev.push(evidenceFromLine({ fileAbs, repoRoot, lineNo: ln, reason: "Stripe-Signature header usage signal" }));
-      for (const ln of lines3.slice(0, 3)) ev.push(evidenceFromLine({ fileAbs, repoRoot, lineNo: ln, reason: "Raw body handling signal (required for Stripe verification)" }));
-      for (const ln of lines4.slice(0, 3)) ev.push(evidenceFromLine({ fileAbs, repoRoot, lineNo: ln, reason: "Idempotency/dedupe signal (event replay protection)" }));
-
-      webhookCandidates.push({
-        file: fileRel,
-        signals,
-        evidence: ev
-      });
-    }
-  }
-
-  const hasStripe = stripeFiles.length > 0;
-
-  return {
-    hasStripe,
-    stripeFiles: stripeFiles.slice(0, 200),
-    webhookCandidates,
-    summary: {
-      webhookHandlersFound: webhookCandidates.length,
-      verifiedWebhookHandlers: webhookCandidates.filter(w => w.signals.webhookConstructEvent && w.signals.rawBodySignal).length,
-      idempotentWebhookHandlers: webhookCandidates.filter(w => w.signals.idempotencySignal).length
-    }
-  };
-}
-
-module.exports = { buildBillingTruth };
+// bin/runners/lib/billing.js
+const fg = require("fast-glob");
+const fs = require("fs");
+const path = require("path");
+const crypto = require("crypto");
+
+function sha256(text) {
+  return "sha256:" + crypto.createHash("sha256").update(text).digest("hex");
+}
+
+function safeRead(fileAbs) {
+  return fs.readFileSync(fileAbs, "utf8");
+}
+
+function evidenceFromLine({ fileAbs, repoRoot, lineNo, reason }) {
+  const fileRel = path.relative(repoRoot, fileAbs).replace(/\\/g, "/");
+  const lines = safeRead(fileAbs).split(/\r?\n/);
+  const idx = Math.max(0, Math.min(lines.length - 1, lineNo - 1));
+  const snippet = lines[idx] || "";
+  return {
+    id: `ev_${crypto.randomBytes(4).toString("hex")}`,
+    file: fileRel,
+    lines: `${lineNo}-${lineNo}`,
+    snippetHash: sha256(snippet),
+    reason
+  };
+}
+
+function findLineMatches(code, regex) {
+  const out = [];
+  const lines = code.split(/\r?\n/);
+  for (let i = 0; i < lines.length; i++) {
+    if (regex.test(lines[i])) out.push(i + 1);
+  }
+  return out;
+}
+
+function classifyStripeSignals(code) {
+  const signals = {
+    usesStripeSdk: /\bstripe\b/i.test(code) && /from\s+['"]stripe['"]|require\(['"]stripe['"]\)/.test(code),
+    webhookConstructEvent: /\bconstructEvent(Async)?\b/.test(code) || /\bstripe\.webhooks\.constructEvent\b/.test(code),
+    readsStripeSignatureHeader: /stripe-signature/i.test(code) || /\bStripe-Signature\b/.test(code),
+    rawBodySignal:
+      /\bbodyParser\s*:\s*false\b/.test(code) ||
+      /\breq\.(text|arrayBuffer)\(\)/.test(code) ||
+      /\brawBody\b/.test(code) || /\brequest\.raw\b/.test(code) || /\bcontentTypeParser\b/i.test(code),
+    idempotencySignal:
+      /\bevent\.id\b/.test(code) && /\b(prisma|db|redis|cache|processed|dedupe|idempotent)\b/i.test(code) ||
+      /\bidempotenc(y|e)\b/i.test(code)
+  };
+
+  return signals;
+}
+
+async function buildBillingTruth(repoRoot) {
+  const files = await fg(["**/*.{ts,tsx,js,jsx}"], {
+    cwd: repoRoot,
+    absolute: true,
+    ignore: ["**/node_modules/**", "**/.next/**", "**/dist/**", "**/build/**"]
+  });
+
+  const webhookCandidates = [];
+  const stripeFiles = [];
+
+  for (const fileAbs of files) {
+    const fileRel = path.relative(repoRoot, fileAbs).replace(/\\/g, "/");
+    const code = safeRead(fileAbs);
+
+    const signals = classifyStripeSignals(code);
+
+    if (signals.usesStripeSdk) stripeFiles.push(fileRel);
+
+    if (signals.webhookConstructEvent || signals.readsStripeSignatureHeader) {
+      const ev = [];
+      const lines1 = findLineMatches(code, /\bconstructEvent(Async)?\b|stripe\.webhooks\.constructEvent/);
+      const lines2 = findLineMatches(code, /stripe-signature|Stripe-Signature/i);
+      const lines3 = findLineMatches(code, /bodyParser\s*:\s*false|req\.(text|arrayBuffer)\(|rawBody|contentTypeParser/i);
+      const lines4 = findLineMatches(code, /event\.id|idempotenc(y|e)|dedupe|processed/i);
+
+      for (const ln of lines1.slice(0, 3)) ev.push(evidenceFromLine({ fileAbs, repoRoot, lineNo: ln, reason: "Stripe webhook signature constructEvent signal" }));
+      for (const ln of lines2.slice(0, 3)) ev.push(evidenceFromLine({ fileAbs, repoRoot, lineNo: ln, reason: "Stripe-Signature header usage signal" }));
+      for (const ln of lines3.slice(0, 3)) ev.push(evidenceFromLine({ fileAbs, repoRoot, lineNo: ln, reason: "Raw body handling signal (required for Stripe verification)" }));
+      for (const ln of lines4.slice(0, 3)) ev.push(evidenceFromLine({ fileAbs, repoRoot, lineNo: ln, reason: "Idempotency/dedupe signal (event replay protection)" }));
+
+      webhookCandidates.push({
+        file: fileRel,
+        signals,
+        evidence: ev
+      });
+    }
+  }
+
+  const hasStripe = stripeFiles.length > 0;
+
+  return {
+    hasStripe,
+    stripeFiles: stripeFiles.slice(0, 200),
+    webhookCandidates,
+    summary: {
+      webhookHandlersFound: webhookCandidates.length,
+      verifiedWebhookHandlers: webhookCandidates.filter(w => w.signals.webhookConstructEvent && w.signals.rawBodySignal).length,
+      idempotentWebhookHandlers: webhookCandidates.filter(w => w.signals.idempotencySignal).length
+    }
+  };
+}
+
+module.exports = { buildBillingTruth };

package/bin/runners/lib/claims.js

@@ -1,118 +1,118 @@
-// bin/runners/lib/claims.js
-const { canonicalizeMethod, canonicalizePath } = require("./truth");
-
-function escapeRegex(s) {
-  return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-}
-
-function compileRoutePattern(routePath) {
-  const parts = routePath.split("/").filter(Boolean);
-  const reParts = parts.map(seg => {
-    if (seg.startsWith(":")) return "([^/]+)";
-    if (seg.startsWith("*")) {
-      const optional = seg.endsWith("?");
-      return optional ? "(.*)?" : "(.*)";
-    }
-    return escapeRegex(seg);
-  });
-  return new RegExp("^/" + reParts.join("/") + "$");
-}
-
-function routeMatches(routeDef, method, path) {
-  const m = method === "*" ? "*" : method;
-  const rm = routeDef.method;
-
-  const methodOk = (rm === "*" || m === "*" || rm === m);
-  if (!methodOk) return false;
-
-  if (routeDef.path === path) return true;
-  return compileRoutePattern(routeDef.path).test(path);
-}
-
-function validateClaimRouteExists(truthpack, claim) {
-  const method = canonicalizeMethod(claim?.subject?.method || "*");
-  const path = canonicalizePath(claim?.subject?.path || "/");
-
-  const server = truthpack?.routes?.server || [];
-  const matches = server.filter(r => routeMatches(r, method, path));
-
-  if (matches.length) {
-    // pick best confidence
-    const score = c => (c === "high" ? 3 : c === "med" ? 2 : 1);
-    matches.sort((a,b) => score(b.confidence) - score(a.confidence));
-    const best = matches[0];
-
-    return {
-      id: claim.id,
-      result: "true",
-      confidence: best.confidence,
-      evidence: best.evidence || [],
-      assumptions: [],
-      gaps: [],
-      nextSteps: []
-    };
-  }
-
-  const gaps = truthpack?.routes?.gaps || [];
-  const hasGaps = gaps.length > 0;
-
-  return {
-    id: claim.id,
-    result: hasGaps ? "unknown" : "false",
-    confidence: hasGaps ? "low" : "high",
-    evidence: [],
-    assumptions: hasGaps ? ["Fastify plugin resolution incomplete"] : [],
-    gaps,
-    nextSteps: hasGaps ? ["Resolve Fastify plugin imports (relative) or add optional runtime route dump mode later"] : []
-  };
-}
-
-function validateClaimEnvVarUsed(truthpack, claim) {
-  const name = String(claim?.subject?.name || "").trim();
-  const vars = truthpack?.env?.vars || [];
-  const hit = vars.find(v => v.name === name);
-
-  if (hit) {
-    return {
-      id: claim.id,
-      result: "true",
-      confidence: hit.references?.length ? "high" : "med",
-      evidence: hit.references || [],
-      assumptions: [],
-      gaps: [],
-      nextSteps: []
-    };
-  }
-  return {
-    id: claim.id,
-    result: "false",
-    confidence: "high",
-    evidence: [],
-    assumptions: [],
-    gaps: [],
-    nextSteps: []
-  };
-}
-
-function validateClaimEnvVarDeclared(truthpack, claim) {
-  const name = String(claim?.subject?.name || "").trim();
-  const declared = truthpack?.env?.declared || [];
-  const ok = declared.includes(name);
-
-  return {
-    id: claim.id,
-    result: ok ? "true" : "false",
-    confidence: "high",
-    evidence: [],
-    assumptions: [],
-    gaps: [],
-    nextSteps: ok ? [] : ["Add to .env.example/.env.template so the project contract is real"]
-  };
-}
-
-module.exports = {
-  routeMatches,
-  validateClaimRouteExists,
-  validateClaimEnvVarUsed,
-  validateClaimEnvVarDeclared
-};
+// bin/runners/lib/claims.js
+const { canonicalizeMethod, canonicalizePath } = require("./truth");
+
+function escapeRegex(s) {
+  return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+
+function compileRoutePattern(routePath) {
+  const parts = routePath.split("/").filter(Boolean);
+  const reParts = parts.map(seg => {
+    if (seg.startsWith(":")) return "([^/]+)";
+    if (seg.startsWith("*")) {
+      const optional = seg.endsWith("?");
+      return optional ? "(.*)?" : "(.*)";
+    }
+    return escapeRegex(seg);
+  });
+  return new RegExp("^/" + reParts.join("/") + "$");
+}
+
+function routeMatches(routeDef, method, path) {
+  const m = method === "*" ? "*" : method;
+  const rm = routeDef.method;
+
+  const methodOk = (rm === "*" || m === "*" || rm === m);
+  if (!methodOk) return false;
+
+  if (routeDef.path === path) return true;
+  return compileRoutePattern(routeDef.path).test(path);
+}
+
+function validateClaimRouteExists(truthpack, claim) {
+  const method = canonicalizeMethod(claim?.subject?.method || "*");
+  const path = canonicalizePath(claim?.subject?.path || "/");
+
+  const server = truthpack?.routes?.server || [];
+  const matches = server.filter(r => routeMatches(r, method, path));
+
+  if (matches.length) {
+    // pick best confidence
+    const score = c => (c === "high" ? 3 : c === "med" ? 2 : 1);
+    matches.sort((a,b) => score(b.confidence) - score(a.confidence));
+    const best = matches[0];
+
+    return {
+      id: claim.id,
+      result: "true",
+      confidence: best.confidence,
+      evidence: best.evidence || [],
+      assumptions: [],
+      gaps: [],
+      nextSteps: []
+    };
+  }
+
+  const gaps = truthpack?.routes?.gaps || [];
+  const hasGaps = gaps.length > 0;
+
+  return {
+    id: claim.id,
+    result: hasGaps ? "unknown" : "false",
+    confidence: hasGaps ? "low" : "high",
+    evidence: [],
+    assumptions: hasGaps ? ["Fastify plugin resolution incomplete"] : [],
+    gaps,
+    nextSteps: hasGaps ? ["Resolve Fastify plugin imports (relative) or add optional runtime route dump mode later"] : []
+  };
+}
+
+function validateClaimEnvVarUsed(truthpack, claim) {
+  const name = String(claim?.subject?.name || "").trim();
+  const vars = truthpack?.env?.vars || [];
+  const hit = vars.find(v => v.name === name);
+
+  if (hit) {
+    return {
+      id: claim.id,
+      result: "true",
+      confidence: hit.references?.length ? "high" : "med",
+      evidence: hit.references || [],
+      assumptions: [],
+      gaps: [],
+      nextSteps: []
+    };
+  }
+  return {
+    id: claim.id,
+    result: "false",
+    confidence: "high",
+    evidence: [],
+    assumptions: [],
+    gaps: [],
+    nextSteps: []
+  };
+}
+
+function validateClaimEnvVarDeclared(truthpack, claim) {
+  const name = String(claim?.subject?.name || "").trim();
+  const declared = truthpack?.env?.declared || [];
+  const ok = declared.includes(name);
+
+  return {
+    id: claim.id,
+    result: ok ? "true" : "false",
+    confidence: "high",
+    evidence: [],
+    assumptions: [],
+    gaps: [],
+    nextSteps: ok ? [] : ["Add to .env.example/.env.template so the project contract is real"]
+  };
+}
+
+module.exports = {
+  routeMatches,
+  validateClaimRouteExists,
+  validateClaimEnvVarUsed,
+  validateClaimEnvVarDeclared
+};