@vibecheckai/cli 3.2.4 → 3.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (123) hide show
  1. package/bin/.generated +25 -25
  2. package/bin/dev/run-v2-torture.js +30 -30
  3. package/bin/runners/lib/__tests__/entitlements-v2.test.js +295 -295
  4. package/bin/runners/lib/api-client.js +269 -0
  5. package/bin/runners/lib/auth-truth.js +193 -193
  6. package/bin/runners/lib/backup.js +62 -62
  7. package/bin/runners/lib/billing.js +107 -107
  8. package/bin/runners/lib/claims.js +118 -118
  9. package/bin/runners/lib/cli-ui.js +540 -540
  10. package/bin/runners/lib/contracts/auth-contract.js +202 -202
  11. package/bin/runners/lib/contracts/env-contract.js +181 -181
  12. package/bin/runners/lib/contracts/external-contract.js +206 -206
  13. package/bin/runners/lib/contracts/guard.js +168 -168
  14. package/bin/runners/lib/contracts/index.js +89 -89
  15. package/bin/runners/lib/contracts/plan-validator.js +311 -311
  16. package/bin/runners/lib/contracts/route-contract.js +199 -199
  17. package/bin/runners/lib/contracts.js +804 -804
  18. package/bin/runners/lib/detect.js +89 -89
  19. package/bin/runners/lib/doctor/autofix.js +254 -254
  20. package/bin/runners/lib/doctor/index.js +37 -37
  21. package/bin/runners/lib/doctor/modules/dependencies.js +325 -325
  22. package/bin/runners/lib/doctor/modules/index.js +46 -46
  23. package/bin/runners/lib/doctor/modules/network.js +250 -250
  24. package/bin/runners/lib/doctor/modules/project.js +312 -312
  25. package/bin/runners/lib/doctor/modules/runtime.js +224 -224
  26. package/bin/runners/lib/doctor/modules/security.js +348 -348
  27. package/bin/runners/lib/doctor/modules/system.js +213 -213
  28. package/bin/runners/lib/doctor/modules/vibecheck.js +394 -394
  29. package/bin/runners/lib/doctor/reporter.js +262 -262
  30. package/bin/runners/lib/doctor/service.js +262 -262
  31. package/bin/runners/lib/doctor/types.js +113 -113
  32. package/bin/runners/lib/doctor/ui.js +263 -263
  33. package/bin/runners/lib/doctor-v2.js +608 -608
  34. package/bin/runners/lib/drift.js +425 -425
  35. package/bin/runners/lib/enforcement.js +72 -72
  36. package/bin/runners/lib/enterprise-detect.js +603 -603
  37. package/bin/runners/lib/enterprise-init.js +942 -942
  38. package/bin/runners/lib/env-resolver.js +417 -417
  39. package/bin/runners/lib/env-template.js +66 -66
  40. package/bin/runners/lib/env.js +189 -189
  41. package/bin/runners/lib/extractors/client-calls.js +990 -990
  42. package/bin/runners/lib/extractors/fastify-route-dump.js +573 -573
  43. package/bin/runners/lib/extractors/fastify-routes.js +426 -426
  44. package/bin/runners/lib/extractors/index.js +363 -363
  45. package/bin/runners/lib/extractors/next-routes.js +524 -524
  46. package/bin/runners/lib/extractors/proof-graph.js +431 -431
  47. package/bin/runners/lib/extractors/route-matcher.js +451 -451
  48. package/bin/runners/lib/extractors/truthpack-v2.js +377 -377
  49. package/bin/runners/lib/extractors/ui-bindings.js +547 -547
  50. package/bin/runners/lib/findings-schema.js +281 -281
  51. package/bin/runners/lib/firewall-prompt.js +50 -50
  52. package/bin/runners/lib/graph/graph-builder.js +265 -265
  53. package/bin/runners/lib/graph/html-renderer.js +413 -413
  54. package/bin/runners/lib/graph/index.js +32 -32
  55. package/bin/runners/lib/graph/runtime-collector.js +215 -215
  56. package/bin/runners/lib/graph/static-extractor.js +518 -518
  57. package/bin/runners/lib/html-report.js +650 -650
  58. package/bin/runners/lib/llm.js +75 -75
  59. package/bin/runners/lib/meter.js +61 -61
  60. package/bin/runners/lib/missions/evidence.js +126 -126
  61. package/bin/runners/lib/patch.js +40 -40
  62. package/bin/runners/lib/permissions/auth-model.js +213 -213
  63. package/bin/runners/lib/permissions/idor-prover.js +205 -205
  64. package/bin/runners/lib/permissions/index.js +45 -45
  65. package/bin/runners/lib/permissions/matrix-builder.js +198 -198
  66. package/bin/runners/lib/pkgjson.js +28 -28
  67. package/bin/runners/lib/policy.js +295 -295
  68. package/bin/runners/lib/preflight.js +142 -142
  69. package/bin/runners/lib/reality/correlation-detectors.js +359 -359
  70. package/bin/runners/lib/reality/index.js +318 -318
  71. package/bin/runners/lib/reality/request-hashing.js +416 -416
  72. package/bin/runners/lib/reality/request-mapper.js +453 -453
  73. package/bin/runners/lib/reality/safety-rails.js +463 -463
  74. package/bin/runners/lib/reality/semantic-snapshot.js +408 -408
  75. package/bin/runners/lib/reality/toast-detector.js +393 -393
  76. package/bin/runners/lib/reality-findings.js +84 -84
  77. package/bin/runners/lib/receipts.js +179 -179
  78. package/bin/runners/lib/redact.js +29 -29
  79. package/bin/runners/lib/replay/capsule-manager.js +154 -154
  80. package/bin/runners/lib/replay/index.js +263 -263
  81. package/bin/runners/lib/replay/player.js +348 -348
  82. package/bin/runners/lib/replay/recorder.js +331 -331
  83. package/bin/runners/lib/report.js +135 -135
  84. package/bin/runners/lib/route-detection.js +1140 -1140
  85. package/bin/runners/lib/sandbox/index.js +59 -59
  86. package/bin/runners/lib/sandbox/proof-chain.js +399 -399
  87. package/bin/runners/lib/sandbox/sandbox-runner.js +205 -205
  88. package/bin/runners/lib/sandbox/worktree.js +174 -174
  89. package/bin/runners/lib/schema-validator.js +350 -350
  90. package/bin/runners/lib/schemas/contracts.schema.json +160 -160
  91. package/bin/runners/lib/schemas/finding.schema.json +100 -100
  92. package/bin/runners/lib/schemas/mission-pack.schema.json +206 -206
  93. package/bin/runners/lib/schemas/proof-graph.schema.json +176 -176
  94. package/bin/runners/lib/schemas/reality-report.schema.json +162 -162
  95. package/bin/runners/lib/schemas/share-pack.schema.json +180 -180
  96. package/bin/runners/lib/schemas/ship-report.schema.json +117 -117
  97. package/bin/runners/lib/schemas/truthpack-v2.schema.json +303 -303
  98. package/bin/runners/lib/schemas/validator.js +438 -438
  99. package/bin/runners/lib/score-history.js +282 -282
  100. package/bin/runners/lib/share-pack.js +239 -239
  101. package/bin/runners/lib/snippets.js +67 -67
  102. package/bin/runners/lib/upsell.js +510 -510
  103. package/bin/runners/lib/usage.js +153 -153
  104. package/bin/runners/lib/validate-patch.js +156 -156
  105. package/bin/runners/lib/verdict-engine.js +628 -628
  106. package/bin/runners/reality/engine.js +917 -917
  107. package/bin/runners/reality/flows.js +122 -122
  108. package/bin/runners/reality/report.js +378 -378
  109. package/bin/runners/reality/session.js +193 -193
  110. package/bin/runners/runAgent.d.ts +5 -0
  111. package/bin/runners/runFirewall.d.ts +5 -0
  112. package/bin/runners/runFirewallHook.d.ts +5 -0
  113. package/bin/runners/runGuard.js +168 -168
  114. package/bin/runners/runScan.js +82 -0
  115. package/bin/runners/runTruth.d.ts +5 -0
  116. package/bin/vibecheck.js +45 -20
  117. package/mcp-server/index.js +85 -0
  118. package/mcp-server/lib/api-client.js +269 -0
  119. package/mcp-server/package.json +1 -1
  120. package/mcp-server/tier-auth.js +173 -113
  121. package/mcp-server/tools/index.js +72 -72
  122. package/mcp-server/vibecheck-mcp-server-3.2.0.tgz +0 -0
  123. package/package.json +1 -1
package/bin/runners/lib/schemas/share-pack.schema.json CHANGED
@@ -1,180 +1,180 @@
1
- {
2
- "$schema": "https://json-schema.org/draft/2020-12/schema",
3
- "$id": "https://vibecheck.dev/schemas/share-pack.schema.json",
4
- "title": "Vibecheck Share Pack",
5
- "description": "Sanitized bundle for sharing analysis results without sensitive data",
6
- "type": "object",
7
- "required": ["specVersion", "generatedAt", "fingerprint", "redaction", "report"],
8
- "properties": {
9
- "specVersion": {
10
- "type": "string",
11
- "const": "2.0"
12
- },
13
- "generatedAt": {
14
- "type": "string",
15
- "format": "date-time"
16
- },
17
- "fingerprint": {
18
- "type": "string",
19
- "pattern": "^sha256:[a-f0-9]{64}$",
20
- "description": "Hash of share pack contents"
21
- },
22
- "projectName": {
23
- "type": "string",
24
- "description": "Sanitized project name (no paths)"
25
- },
26
- "redaction": {
27
- "$ref": "#/$defs/redactionMetadata"
28
- },
29
- "report": {
30
- "$ref": "#/$defs/sanitizedReport"
31
- },
32
- "proofGraph": {
33
- "$ref": "#/$defs/sanitizedProofGraph"
34
- },
35
- "missions": {
36
- "type": "array",
37
- "items": { "$ref": "#/$defs/sanitizedMission" }
38
- },
39
- "artifacts": {
40
- "type": "array",
41
- "items": { "$ref": "#/$defs/artifact" }
42
- }
43
- },
44
- "$defs": {
45
- "redactionMetadata": {
46
- "type": "object",
47
- "required": ["level", "redactedFields", "originalFingerprints"],
48
- "properties": {
49
- "level": {
50
- "type": "string",
51
- "enum": ["minimal", "standard", "paranoid"],
52
- "description": "Redaction level applied"
53
- },
54
- "redactedFields": {
55
- "type": "array",
56
- "items": { "type": "string" },
57
- "description": "List of field paths that were redacted"
58
- },
59
- "pathsRedacted": {
60
- "type": "boolean",
61
- "description": "Whether file paths were anonymized"
62
- },
63
- "envVarsRedacted": {
64
- "type": "boolean",
65
- "description": "Whether env var names were replaced"
66
- },
67
- "codeSnippetsRedacted": {
68
- "type": "boolean",
69
- "description": "Whether code snippets were removed"
70
- },
71
- "originalFingerprints": {
72
- "type": "object",
73
- "description": "Original fingerprints before redaction for verification",
74
- "properties": {
75
- "truthpack": { "type": "string" },
76
- "contracts": { "type": "string" },
77
- "shipReport": { "type": "string" }
78
- }
79
- }
80
- }
81
- },
82
- "sanitizedReport": {
83
- "type": "object",
84
- "properties": {
85
- "verdict": {
86
- "type": "object",
87
- "properties": {
88
- "status": { "type": "string", "enum": ["SHIP", "WARN", "BLOCK"] },
89
- "exitCode": { "type": "integer" },
90
- "reason": { "type": "string" }
91
- }
92
- },
93
- "stats": {
94
- "type": "object",
95
- "properties": {
96
- "findingsTotal": { "type": "integer" },
97
- "bySeverity": {
98
- "type": "object",
99
- "additionalProperties": { "type": "integer" }
100
- },
101
- "byCategory": {
102
- "type": "object",
103
- "additionalProperties": { "type": "integer" }
104
- }
105
- }
106
- },
107
- "coverage": {
108
- "$ref": "#/$defs/coverageMetrics"
109
- },
110
- "findings": {
111
- "type": "array",
112
- "items": { "$ref": "#/$defs/sanitizedFinding" }
113
- }
114
- }
115
- },
116
- "sanitizedFinding": {
117
- "type": "object",
118
- "properties": {
119
- "id": { "type": "string" },
120
- "detectorId": { "type": "string" },
121
- "severity": { "type": "string" },
122
- "category": { "type": "string" },
123
- "title": { "type": "string" },
124
- "confidence": { "type": "string" },
125
- "fileRef": {
126
- "type": "string",
127
- "description": "Anonymized file reference (e.g., 'file_001')"
128
- },
129
- "lineRange": { "type": "string" }
130
- }
131
- },
132
- "sanitizedProofGraph": {
133
- "type": "object",
134
- "properties": {
135
- "nodeCount": { "type": "integer" },
136
- "edgeCount": { "type": "integer" },
137
- "coverage": {
138
- "type": "object",
139
- "properties": {
140
- "uiBindingsLinked": { "type": "number" },
141
- "clientCallsLinked": { "type": "number" },
142
- "serverRoutesLinked": { "type": "number" }
143
- }
144
- },
145
- "gapCount": { "type": "integer" }
146
- }
147
- },
148
- "sanitizedMission": {
149
- "type": "object",
150
- "properties": {
151
- "id": { "type": "string" },
152
- "type": { "type": "string" },
153
- "priority": { "type": "string" },
154
- "status": { "type": "string" },
155
- "title": { "type": "string" }
156
- }
157
- },
158
- "coverageMetrics": {
159
- "type": "object",
160
- "properties": {
161
- "clientCallsMappedPct": { "type": "number" },
162
- "serverRoutesCoveredPct": { "type": "number" },
163
- "uiActionsVerifiedPct": { "type": "number" },
164
- "authVerifiedPct": { "type": ["number", "null"] }
165
- }
166
- },
167
- "artifact": {
168
- "type": "object",
169
- "required": ["name", "sha256"],
170
- "properties": {
171
- "name": {
172
- "type": "string",
173
- "description": "Artifact type name (not path)"
174
- },
175
- "sha256": { "type": "string", "pattern": "^[a-f0-9]{64}$" },
176
- "included": { "type": "boolean" }
177
- }
178
- }
179
- }
180
- }
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://vibecheck.dev/schemas/share-pack.schema.json",
4
+ "title": "Vibecheck Share Pack",
5
+ "description": "Sanitized bundle for sharing analysis results without sensitive data",
6
+ "type": "object",
7
+ "required": ["specVersion", "generatedAt", "fingerprint", "redaction", "report"],
8
+ "properties": {
9
+ "specVersion": {
10
+ "type": "string",
11
+ "const": "2.0"
12
+ },
13
+ "generatedAt": {
14
+ "type": "string",
15
+ "format": "date-time"
16
+ },
17
+ "fingerprint": {
18
+ "type": "string",
19
+ "pattern": "^sha256:[a-f0-9]{64}$",
20
+ "description": "Hash of share pack contents"
21
+ },
22
+ "projectName": {
23
+ "type": "string",
24
+ "description": "Sanitized project name (no paths)"
25
+ },
26
+ "redaction": {
27
+ "$ref": "#/$defs/redactionMetadata"
28
+ },
29
+ "report": {
30
+ "$ref": "#/$defs/sanitizedReport"
31
+ },
32
+ "proofGraph": {
33
+ "$ref": "#/$defs/sanitizedProofGraph"
34
+ },
35
+ "missions": {
36
+ "type": "array",
37
+ "items": { "$ref": "#/$defs/sanitizedMission" }
38
+ },
39
+ "artifacts": {
40
+ "type": "array",
41
+ "items": { "$ref": "#/$defs/artifact" }
42
+ }
43
+ },
44
+ "$defs": {
45
+ "redactionMetadata": {
46
+ "type": "object",
47
+ "required": ["level", "redactedFields", "originalFingerprints"],
48
+ "properties": {
49
+ "level": {
50
+ "type": "string",
51
+ "enum": ["minimal", "standard", "paranoid"],
52
+ "description": "Redaction level applied"
53
+ },
54
+ "redactedFields": {
55
+ "type": "array",
56
+ "items": { "type": "string" },
57
+ "description": "List of field paths that were redacted"
58
+ },
59
+ "pathsRedacted": {
60
+ "type": "boolean",
61
+ "description": "Whether file paths were anonymized"
62
+ },
63
+ "envVarsRedacted": {
64
+ "type": "boolean",
65
+ "description": "Whether env var names were replaced"
66
+ },
67
+ "codeSnippetsRedacted": {
68
+ "type": "boolean",
69
+ "description": "Whether code snippets were removed"
70
+ },
71
+ "originalFingerprints": {
72
+ "type": "object",
73
+ "description": "Original fingerprints before redaction for verification",
74
+ "properties": {
75
+ "truthpack": { "type": "string" },
76
+ "contracts": { "type": "string" },
77
+ "shipReport": { "type": "string" }
78
+ }
79
+ }
80
+ }
81
+ },
82
+ "sanitizedReport": {
83
+ "type": "object",
84
+ "properties": {
85
+ "verdict": {
86
+ "type": "object",
87
+ "properties": {
88
+ "status": { "type": "string", "enum": ["SHIP", "WARN", "BLOCK"] },
89
+ "exitCode": { "type": "integer" },
90
+ "reason": { "type": "string" }
91
+ }
92
+ },
93
+ "stats": {
94
+ "type": "object",
95
+ "properties": {
96
+ "findingsTotal": { "type": "integer" },
97
+ "bySeverity": {
98
+ "type": "object",
99
+ "additionalProperties": { "type": "integer" }
100
+ },
101
+ "byCategory": {
102
+ "type": "object",
103
+ "additionalProperties": { "type": "integer" }
104
+ }
105
+ }
106
+ },
107
+ "coverage": {
108
+ "$ref": "#/$defs/coverageMetrics"
109
+ },
110
+ "findings": {
111
+ "type": "array",
112
+ "items": { "$ref": "#/$defs/sanitizedFinding" }
113
+ }
114
+ }
115
+ },
116
+ "sanitizedFinding": {
117
+ "type": "object",
118
+ "properties": {
119
+ "id": { "type": "string" },
120
+ "detectorId": { "type": "string" },
121
+ "severity": { "type": "string" },
122
+ "category": { "type": "string" },
123
+ "title": { "type": "string" },
124
+ "confidence": { "type": "string" },
125
+ "fileRef": {
126
+ "type": "string",
127
+ "description": "Anonymized file reference (e.g., 'file_001')"
128
+ },
129
+ "lineRange": { "type": "string" }
130
+ }
131
+ },
132
+ "sanitizedProofGraph": {
133
+ "type": "object",
134
+ "properties": {
135
+ "nodeCount": { "type": "integer" },
136
+ "edgeCount": { "type": "integer" },
137
+ "coverage": {
138
+ "type": "object",
139
+ "properties": {
140
+ "uiBindingsLinked": { "type": "number" },
141
+ "clientCallsLinked": { "type": "number" },
142
+ "serverRoutesLinked": { "type": "number" }
143
+ }
144
+ },
145
+ "gapCount": { "type": "integer" }
146
+ }
147
+ },
148
+ "sanitizedMission": {
149
+ "type": "object",
150
+ "properties": {
151
+ "id": { "type": "string" },
152
+ "type": { "type": "string" },
153
+ "priority": { "type": "string" },
154
+ "status": { "type": "string" },
155
+ "title": { "type": "string" }
156
+ }
157
+ },
158
+ "coverageMetrics": {
159
+ "type": "object",
160
+ "properties": {
161
+ "clientCallsMappedPct": { "type": "number" },
162
+ "serverRoutesCoveredPct": { "type": "number" },
163
+ "uiActionsVerifiedPct": { "type": "number" },
164
+ "authVerifiedPct": { "type": ["number", "null"] }
165
+ }
166
+ },
167
+ "artifact": {
168
+ "type": "object",
169
+ "required": ["name", "sha256"],
170
+ "properties": {
171
+ "name": {
172
+ "type": "string",
173
+ "description": "Artifact type name (not path)"
174
+ },
175
+ "sha256": { "type": "string", "pattern": "^[a-f0-9]{64}$" },
176
+ "included": { "type": "boolean" }
177
+ }
178
+ }
179
+ }
180
+ }
package/bin/runners/lib/schemas/ship-report.schema.json CHANGED
@@ -1,117 +1,117 @@
1
- {
2
- "$schema": "https://json-schema.org/draft/2020-12/schema",
3
- "$id": "https://vibecheck.dev/schemas/ship-report.schema.json",
4
- "title": "Vibecheck Ship Report",
5
- "description": "Final ship verdict with findings and proof chain",
6
- "type": "object",
7
- "required": ["meta", "verdict", "findings", "stats"],
8
- "properties": {
9
- "meta": {
10
- "type": "object",
11
- "required": ["version", "generatedAt", "repoRoot"],
12
- "properties": {
13
- "version": { "type": "string", "const": "2.0.0" },
14
- "generatedAt": { "type": "string", "format": "date-time" },
15
- "repoRoot": { "type": "string" },
16
- "commit": {
17
- "type": "object",
18
- "properties": {
19
- "sha": { "type": "string" },
20
- "branch": { "type": "string" },
21
- "message": { "type": "string" }
22
- }
23
- },
24
- "durationMs": { "type": "integer" },
25
- "truthpackHash": { "type": "string" }
26
- }
27
- },
28
- "verdict": {
29
- "type": "object",
30
- "required": ["status", "exitCode"],
31
- "properties": {
32
- "status": { "type": "string", "enum": ["SHIP", "WARN", "BLOCK"] },
33
- "exitCode": { "type": "integer", "enum": [0, 1, 2] },
34
- "summary": { "type": "string" },
35
- "blockReasons": {
36
- "type": "array",
37
- "items": { "type": "string" }
38
- }
39
- }
40
- },
41
- "findings": {
42
- "type": "array",
43
- "items": { "$ref": "finding.schema.json" }
44
- },
45
- "stats": {
46
- "type": "object",
47
- "properties": {
48
- "total": { "type": "integer" },
49
- "byCategory": { "type": "object", "additionalProperties": { "type": "integer" } },
50
- "bySeverity": {
51
- "type": "object",
52
- "properties": {
53
- "BLOCK": { "type": "integer" },
54
- "WARN": { "type": "integer" },
55
- "INFO": { "type": "integer" }
56
- }
57
- },
58
- "byScope": { "type": "object", "additionalProperties": { "type": "integer" } }
59
- }
60
- },
61
- "proofChain": {
62
- "type": "object",
63
- "description": "Summary proof chain for top blockers",
64
- "properties": {
65
- "topBlockers": {
66
- "type": "array",
67
- "maxItems": 5,
68
- "items": {
69
- "type": "object",
70
- "properties": {
71
- "findingId": { "type": "string" },
72
- "chain": {
73
- "type": "array",
74
- "items": {
75
- "type": "object",
76
- "properties": {
77
- "nodeType": { "type": "string" },
78
- "label": { "type": "string" },
79
- "evidence": { "type": "string" }
80
- }
81
- }
82
- }
83
- }
84
- }
85
- }
86
- }
87
- },
88
- "artifacts": {
89
- "type": "object",
90
- "properties": {
91
- "truthpack": { "type": "string" },
92
- "realityReport": { "type": "string" },
93
- "proofGraph": { "type": "string" },
94
- "missionPack": { "type": "string" }
95
- }
96
- },
97
- "runtime": {
98
- "type": "object",
99
- "description": "Runtime verification summary if available",
100
- "properties": {
101
- "ran": { "type": "boolean" },
102
- "url": { "type": "string" },
103
- "actionsCount": { "type": "integer" },
104
- "requestsCount": { "type": "integer" },
105
- "toastsDetected": { "type": "integer" },
106
- "coverage": {
107
- "type": "object",
108
- "properties": {
109
- "routesHit": { "type": "integer" },
110
- "routesTotal": { "type": "integer" },
111
- "percent": { "type": "number" }
112
- }
113
- }
114
- }
115
- }
116
- }
117
- }
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://vibecheck.dev/schemas/ship-report.schema.json",
4
+ "title": "Vibecheck Ship Report",
5
+ "description": "Final ship verdict with findings and proof chain",
6
+ "type": "object",
7
+ "required": ["meta", "verdict", "findings", "stats"],
8
+ "properties": {
9
+ "meta": {
10
+ "type": "object",
11
+ "required": ["version", "generatedAt", "repoRoot"],
12
+ "properties": {
13
+ "version": { "type": "string", "const": "2.0.0" },
14
+ "generatedAt": { "type": "string", "format": "date-time" },
15
+ "repoRoot": { "type": "string" },
16
+ "commit": {
17
+ "type": "object",
18
+ "properties": {
19
+ "sha": { "type": "string" },
20
+ "branch": { "type": "string" },
21
+ "message": { "type": "string" }
22
+ }
23
+ },
24
+ "durationMs": { "type": "integer" },
25
+ "truthpackHash": { "type": "string" }
26
+ }
27
+ },
28
+ "verdict": {
29
+ "type": "object",
30
+ "required": ["status", "exitCode"],
31
+ "properties": {
32
+ "status": { "type": "string", "enum": ["SHIP", "WARN", "BLOCK"] },
33
+ "exitCode": { "type": "integer", "enum": [0, 1, 2] },
34
+ "summary": { "type": "string" },
35
+ "blockReasons": {
36
+ "type": "array",
37
+ "items": { "type": "string" }
38
+ }
39
+ }
40
+ },
41
+ "findings": {
42
+ "type": "array",
43
+ "items": { "$ref": "finding.schema.json" }
44
+ },
45
+ "stats": {
46
+ "type": "object",
47
+ "properties": {
48
+ "total": { "type": "integer" },
49
+ "byCategory": { "type": "object", "additionalProperties": { "type": "integer" } },
50
+ "bySeverity": {
51
+ "type": "object",
52
+ "properties": {
53
+ "BLOCK": { "type": "integer" },
54
+ "WARN": { "type": "integer" },
55
+ "INFO": { "type": "integer" }
56
+ }
57
+ },
58
+ "byScope": { "type": "object", "additionalProperties": { "type": "integer" } }
59
+ }
60
+ },
61
+ "proofChain": {
62
+ "type": "object",
63
+ "description": "Summary proof chain for top blockers",
64
+ "properties": {
65
+ "topBlockers": {
66
+ "type": "array",
67
+ "maxItems": 5,
68
+ "items": {
69
+ "type": "object",
70
+ "properties": {
71
+ "findingId": { "type": "string" },
72
+ "chain": {
73
+ "type": "array",
74
+ "items": {
75
+ "type": "object",
76
+ "properties": {
77
+ "nodeType": { "type": "string" },
78
+ "label": { "type": "string" },
79
+ "evidence": { "type": "string" }
80
+ }
81
+ }
82
+ }
83
+ }
84
+ }
85
+ }
86
+ }
87
+ },
88
+ "artifacts": {
89
+ "type": "object",
90
+ "properties": {
91
+ "truthpack": { "type": "string" },
92
+ "realityReport": { "type": "string" },
93
+ "proofGraph": { "type": "string" },
94
+ "missionPack": { "type": "string" }
95
+ }
96
+ },
97
+ "runtime": {
98
+ "type": "object",
99
+ "description": "Runtime verification summary if available",
100
+ "properties": {
101
+ "ran": { "type": "boolean" },
102
+ "url": { "type": "string" },
103
+ "actionsCount": { "type": "integer" },
104
+ "requestsCount": { "type": "integer" },
105
+ "toastsDetected": { "type": "integer" },
106
+ "coverage": {
107
+ "type": "object",
108
+ "properties": {
109
+ "routesHit": { "type": "integer" },
110
+ "routesTotal": { "type": "integer" },
111
+ "percent": { "type": "number" }
112
+ }
113
+ }
114
+ }
115
+ }
116
+ }
117
+ }