@vibecheckai/cli 3.2.5 → 3.2.6

package/bin/runners/runGuard.js

@@ -1,168 +1,168 @@
-/**
- * vibecheck guard - Unified trust boundary enforcement
- * 
- * Combines: validate + claim-verifier + prompt-firewall
- * 
- * Usage:
- *   vibecheck guard                    # Run all checks
- *   vibecheck guard --claims           # Verify AI claims against truthpack
- *   vibecheck guard --prompts          # Check for prompt injection
- *   vibecheck guard --hallucinations   # Detect AI hallucination patterns
- */
-
-const path = require("path");
-const fs = require("fs");
-
-// Import underlying implementations
-const { runValidate } = require("./runValidate");
-const { runPromptFirewall } = require("./runPromptFirewall");
-
-// ANSI colors
-const c = {
-  reset: "\x1b[0m",
-  dim: "\x1b[2m",
-  bold: "\x1b[1m",
-  cyan: "\x1b[36m",
-  green: "\x1b[32m",
-  yellow: "\x1b[33m",
-  red: "\x1b[31m",
-  magenta: "\x1b[35m",
-};
-
-function printHelp() {
-  console.log(`
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-  ${c.bold}vibecheck guard${c.reset} - Trust boundary enforcement for AI outputs
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-
-${c.green}USAGE${c.reset}
-  vibecheck guard [options]
-
-${c.yellow}OPTIONS${c.reset}
-  --claims           Verify AI claims against truthpack (route_exists, auth_enforced, etc.)
-  --prompts          Check code for prompt injection vulnerabilities
-  --hallucinations   Detect AI hallucination patterns in generated code
-  --file <path>      Check specific file(s)
-  --json             Output JSON for CI integration
-  --strict           Fail on warnings (default: fail on errors only)
-
-${c.magenta}EXAMPLES${c.reset}
-  vibecheck guard                           # Run all checks
-  vibecheck guard --claims --file api.ts    # Verify claims in specific file
-  vibecheck guard --prompts                 # Prompt injection scan
-  vibecheck guard --json                    # CI-friendly output
-
-${c.dim}This command unifies trust boundary checks for AI-generated code.${c.reset}
-`);
-}
-
-async function runGuard(args = []) {
-  // Parse arguments
-  if (args.includes("--help") || args.includes("-h")) {
-    printHelp();
-    return 0;
-  }
-
-  const runClaims = args.includes("--claims") || (!args.includes("--prompts") && !args.includes("--hallucinations"));
-  const runPrompts = args.includes("--prompts") || (!args.includes("--claims") && !args.includes("--hallucinations"));
-  const runHallucinations = args.includes("--hallucinations") || (!args.includes("--claims") && !args.includes("--prompts"));
-  const jsonOutput = args.includes("--json");
-  const strict = args.includes("--strict");
-
-  const results = {
-    claims: null,
-    prompts: null,
-    hallucinations: null,
-    verdict: "PASS",
-    errors: 0,
-    warnings: 0,
-  };
-
-  console.log(`
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-  ${c.bold}🛡️  VIBECHECK GUARD${c.reset} - Trust Boundary Enforcement
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-`);
-
-  // Run claims verification (validates AI claims against truthpack)
-  if (runClaims) {
-    console.log(`${c.dim}▸ Verifying AI claims against truthpack...${c.reset}`);
-    try {
-      const validateArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
-      const exitCode = await runValidate(validateArgs);
-      results.claims = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
-      if (exitCode !== 0) {
-        results.errors++;
-        results.verdict = "FAIL";
-      }
-      console.log(exitCode === 0 
-        ? `  ${c.green}✓${c.reset} Claims verified` 
-        : `  ${c.red}✗${c.reset} Claim verification failed`);
-    } catch (e) {
-      results.claims = { error: e.message };
-      console.log(`  ${c.yellow}⚠${c.reset} Claims check skipped: ${e.message}`);
-    }
-  }
-
-  // Run prompt injection detection
-  if (runPrompts) {
-    console.log(`${c.dim}▸ Scanning for prompt injection vulnerabilities...${c.reset}`);
-    try {
-      const firewallArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
-      const exitCode = await runPromptFirewall(firewallArgs);
-      results.prompts = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
-      if (exitCode !== 0) {
-        results.warnings++;
-        if (strict) results.verdict = "FAIL";
-      }
-      console.log(exitCode === 0 
-        ? `  ${c.green}✓${c.reset} No prompt injection risks` 
-        : `  ${c.yellow}⚠${c.reset} Prompt injection risks detected`);
-    } catch (e) {
-      results.prompts = { error: e.message };
-      console.log(`  ${c.yellow}⚠${c.reset} Prompt check skipped: ${e.message}`);
-    }
-  }
-
-  // Run hallucination detection
-  if (runHallucinations) {
-    console.log(`${c.dim}▸ Detecting hallucination patterns...${c.reset}`);
-    // Use validate with hallucination focus
-    try {
-      const validateArgs = ["--hallucinations", ...args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a))];
-      const exitCode = await runValidate(validateArgs);
-      results.hallucinations = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
-      if (exitCode !== 0) {
-        results.warnings++;
-        if (strict) results.verdict = "FAIL";
-      }
-      console.log(exitCode === 0 
-        ? `  ${c.green}✓${c.reset} No hallucination patterns` 
-        : `  ${c.yellow}⚠${c.reset} Potential hallucinations detected`);
-    } catch (e) {
-      results.hallucinations = { error: e.message };
-      console.log(`  ${c.yellow}⚠${c.reset} Hallucination check skipped: ${e.message}`);
-    }
-  }
-
-  // Summary
-  console.log(`
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}`);
-  
-  if (results.verdict === "PASS") {
-    console.log(`  ${c.green}${c.bold}✓ GUARD PASS${c.reset} - All trust boundaries intact`);
-  } else {
-    console.log(`  ${c.red}${c.bold}✗ GUARD FAIL${c.reset} - Trust boundary violations detected`);
-  }
-
-  console.log(`${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-`);
-
-  if (jsonOutput) {
-    console.log(JSON.stringify(results, null, 2));
-  }
-
-  return results.verdict === "PASS" ? 0 : (results.errors > 0 ? 2 : 1);
-}
-
-module.exports = { runGuard };
+/**
+ * vibecheck guard - Unified trust boundary enforcement
+ * 
+ * Combines: validate + claim-verifier + prompt-firewall
+ * 
+ * Usage:
+ *   vibecheck guard                    # Run all checks
+ *   vibecheck guard --claims           # Verify AI claims against truthpack
+ *   vibecheck guard --prompts          # Check for prompt injection
+ *   vibecheck guard --hallucinations   # Detect AI hallucination patterns
+ */
+
+const path = require("path");
+const fs = require("fs");
+
+// Import underlying implementations
+const { runValidate } = require("./runValidate");
+const { runPromptFirewall } = require("./runPromptFirewall");
+
+// ANSI colors
+const c = {
+  reset: "\x1b[0m",
+  dim: "\x1b[2m",
+  bold: "\x1b[1m",
+  cyan: "\x1b[36m",
+  green: "\x1b[32m",
+  yellow: "\x1b[33m",
+  red: "\x1b[31m",
+  magenta: "\x1b[35m",
+};
+
+function printHelp() {
+  console.log(`
+${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
+  ${c.bold}vibecheck guard${c.reset} - Trust boundary enforcement for AI outputs
+${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
+
+${c.green}USAGE${c.reset}
+  vibecheck guard [options]
+
+${c.yellow}OPTIONS${c.reset}
+  --claims           Verify AI claims against truthpack (route_exists, auth_enforced, etc.)
+  --prompts          Check code for prompt injection vulnerabilities
+  --hallucinations   Detect AI hallucination patterns in generated code
+  --file <path>      Check specific file(s)
+  --json             Output JSON for CI integration
+  --strict           Fail on warnings (default: fail on errors only)
+
+${c.magenta}EXAMPLES${c.reset}
+  vibecheck guard                           # Run all checks
+  vibecheck guard --claims --file api.ts    # Verify claims in specific file
+  vibecheck guard --prompts                 # Prompt injection scan
+  vibecheck guard --json                    # CI-friendly output
+
+${c.dim}This command unifies trust boundary checks for AI-generated code.${c.reset}
+`);
+}
+
+async function runGuard(args = []) {
+  // Parse arguments
+  if (args.includes("--help") || args.includes("-h")) {
+    printHelp();
+    return 0;
+  }
+
+  const runClaims = args.includes("--claims") || (!args.includes("--prompts") && !args.includes("--hallucinations"));
+  const runPrompts = args.includes("--prompts") || (!args.includes("--claims") && !args.includes("--hallucinations"));
+  const runHallucinations = args.includes("--hallucinations") || (!args.includes("--claims") && !args.includes("--prompts"));
+  const jsonOutput = args.includes("--json");
+  const strict = args.includes("--strict");
+
+  const results = {
+    claims: null,
+    prompts: null,
+    hallucinations: null,
+    verdict: "PASS",
+    errors: 0,
+    warnings: 0,
+  };
+
+  console.log(`
+${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
+  ${c.bold}🛡️  VIBECHECK GUARD${c.reset} - Trust Boundary Enforcement
+${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
+`);
+
+  // Run claims verification (validates AI claims against truthpack)
+  if (runClaims) {
+    console.log(`${c.dim}▸ Verifying AI claims against truthpack...${c.reset}`);
+    try {
+      const validateArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
+      const exitCode = await runValidate(validateArgs);
+      results.claims = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
+      if (exitCode !== 0) {
+        results.errors++;
+        results.verdict = "FAIL";
+      }
+      console.log(exitCode === 0 
+        ? `  ${c.green}✓${c.reset} Claims verified` 
+        : `  ${c.red}✗${c.reset} Claim verification failed`);
+    } catch (e) {
+      results.claims = { error: e.message };
+      console.log(`  ${c.yellow}⚠${c.reset} Claims check skipped: ${e.message}`);
+    }
+  }
+
+  // Run prompt injection detection
+  if (runPrompts) {
+    console.log(`${c.dim}▸ Scanning for prompt injection vulnerabilities...${c.reset}`);
+    try {
+      const firewallArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
+      const exitCode = await runPromptFirewall(firewallArgs);
+      results.prompts = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
+      if (exitCode !== 0) {
+        results.warnings++;
+        if (strict) results.verdict = "FAIL";
+      }
+      console.log(exitCode === 0 
+        ? `  ${c.green}✓${c.reset} No prompt injection risks` 
+        : `  ${c.yellow}⚠${c.reset} Prompt injection risks detected`);
+    } catch (e) {
+      results.prompts = { error: e.message };
+      console.log(`  ${c.yellow}⚠${c.reset} Prompt check skipped: ${e.message}`);
+    }
+  }
+
+  // Run hallucination detection
+  if (runHallucinations) {
+    console.log(`${c.dim}▸ Detecting hallucination patterns...${c.reset}`);
+    // Use validate with hallucination focus
+    try {
+      const validateArgs = ["--hallucinations", ...args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a))];
+      const exitCode = await runValidate(validateArgs);
+      results.hallucinations = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
+      if (exitCode !== 0) {
+        results.warnings++;
+        if (strict) results.verdict = "FAIL";
+      }
+      console.log(exitCode === 0 
+        ? `  ${c.green}✓${c.reset} No hallucination patterns` 
+        : `  ${c.yellow}⚠${c.reset} Potential hallucinations detected`);
+    } catch (e) {
+      results.hallucinations = { error: e.message };
+      console.log(`  ${c.yellow}⚠${c.reset} Hallucination check skipped: ${e.message}`);
+    }
+  }
+
+  // Summary
+  console.log(`
+${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}`);
+  
+  if (results.verdict === "PASS") {
+    console.log(`  ${c.green}${c.bold}✓ GUARD PASS${c.reset} - All trust boundaries intact`);
+  } else {
+    console.log(`  ${c.red}${c.bold}✗ GUARD FAIL${c.reset} - Trust boundary violations detected`);
+  }
+
+  console.log(`${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
+`);
+
+  if (jsonOutput) {
+    console.log(JSON.stringify(results, null, 2));
+  }
+
+  return results.verdict === "PASS" ? 0 : (results.errors > 0 ? 2 : 1);
+}
+
+module.exports = { runGuard };

package/bin/runners/runScan.js

@@ -18,6 +18,13 @@ const { withErrorHandling, createUserError } = require("./lib/error-handler");
 const { enforceLimit, trackUsage } = require("./lib/entitlements");
 const { emitScanStart, emitScanComplete } = require("./lib/audit-bridge");
 const { parseGlobalFlags, shouldShowBanner } = require("./lib/global-flags");
+const { 
+  createScan, 
+  updateScanProgress, 
+  submitScanResults, 
+  reportScanError, 
+  isApiAvailable 
+} = require("./lib/api-client");
 
 // ═══════════════════════════════════════════════════════════════════════════════
 // ENHANCED TERMINAL UI & OUTPUT MODULES
@@ -703,6 +710,27 @@ async function runScan(args) {
   emitScanStart(projectPath, args);
   const projectName = path.basename(projectPath);
 
+  // Initialize API integration
+  let apiScan = null;
+  let apiConnected = false;
+  
+  // Try to connect to API for dashboard integration
+  try {
+    apiConnected = await isApiAvailable();
+    if (apiConnected) {
+      // Create scan record in dashboard
+      apiScan = await createScan({
+        localPath: projectPath,
+        branch: opts.branch || 'main',
+        enableLLM: opts.llm || false,
+      });
+      console.log(`${colors.info}📡${ansi.reset} Connected to dashboard (Scan ID: ${apiScan.scanId})`);
+    }
+  } catch (err) {
+    // API connection is optional, continue without it
+    console.log(`${colors.dim}ℹ${ansi.reset} Dashboard integration unavailable`);
+  }
+
   // Validate project path
   if (!fs.existsSync(projectPath)) {
     throw createUserError(`Project path does not exist: ${projectPath}`, "ValidationError");
@@ -1228,6 +1256,28 @@ async function runScan(args) {
       durationMs: timings.total,
     });
 
+    // Submit results to dashboard if connected
+    if (apiConnected && apiScan) {
+      try {
+        await submitScanResults(apiScan.scanId, {
+          verdict: verdict.verdict,
+          score: report.score?.overall || 0,
+          findings: report.findings || [],
+          filesScanned: report.stats?.filesScanned || 0,
+          linesScanned: report.stats?.linesScanned || 0,
+          durationMs: timings.total,
+          metadata: {
+            layers,
+            profile: opts.profile,
+            version: require('../../package.json').version,
+          },
+        });
+        console.log(`${colors.success}✓${ansi.reset} Results sent to dashboard`);
+      } catch (err) {
+        console.log(`${colors.warning}⚠${ansi.reset} Failed to send results to dashboard: ${err.message}`);
+      }
+    }
+
     return getExitCodeFromUnified ? getExitCodeFromUnified(verdict) : getExitCode(verdict);
     } else {
       // Legacy fallback output when unified output system isn't available
@@ -1316,6 +1366,28 @@ async function runScan(args) {
         issueCount: criticalCount + warningCount,
         durationMs: timings.total,
       });
+
+      // Submit results to dashboard if connected
+      if (apiConnected && apiScan) {
+        try {
+          await submitScanResults(apiScan.scanId, {
+            verdict,
+            score: verdict === 'SHIP' ? 100 : verdict === 'WARN' ? 70 : 40,
+            findings: normalizedLegacyFindings,
+            filesScanned: result.stats?.filesScanned || 0,
+            linesScanned: result.stats?.linesScanned || 0,
+            durationMs: timings.total,
+            metadata: {
+              layers,
+              profile: opts.profile,
+              version: require('../../package.json').version,
+            },
+          });
+          console.log(`${colors.success}✓${ansi.reset} Results sent to dashboard`);
+        } catch (err) {
+          console.log(`${colors.warning}⚠${ansi.reset} Failed to send results to dashboard: ${err.message}`);
+        }
+      }
       
       return verdict === 'SHIP' ? 0 : verdict === 'WARN' ? 1 : 2;
     }
@@ -1334,6 +1406,16 @@ async function runScan(args) {
       errorMessage: error.message,
       durationMs: Date.now() - startTime,
     });
+
+    // Report error to dashboard if connected
+    if (apiConnected && apiScan) {
+      try {
+        await reportScanError(apiScan.scanId, error);
+        console.log(`${colors.info}📡${ansi.reset} Error reported to dashboard`);
+      } catch (err) {
+        console.log(`${colors.warning}⚠${ansi.reset} Failed to report error to dashboard: ${err.message}`);
+      }
+    }
     
     return exitCode;
   }

package/bin/runners/runTruth.d.ts

@@ -0,0 +1,5 @@
+export interface TruthOptions {
+  projectRoot?: string;
+  verbose?: boolean;
+}
+export function runTruth(options?: TruthOptions): Promise<void>;

package/mcp-server/index.js

@@ -33,6 +33,15 @@ import { fileURLToPath } from "url";
 import { execFile } from "child_process";
 import { promisify } from "util";
 
+// Import API client for dashboard integration
+const { 
+  createScan, 
+  updateScanProgress, 
+  submitScanResults, 
+  reportScanError, 
+  isApiAvailable 
+} = require("./lib/api-client");
+
 const execFileAsync = promisify(execFile);
 
 const __filename = fileURLToPath(import.meta.url);
@@ -1360,6 +1369,27 @@ class VibecheckMCP {
     const profile = args?.profile || "quick";
     const only = args?.only;
 
+    // Initialize API integration
+    let apiScan = null;
+    let apiConnected = false;
+    
+    // Try to connect to API for dashboard integration
+    try {
+      apiConnected = await isApiAvailable();
+      if (apiConnected) {
+        // Create scan record in dashboard
+        apiScan = await createScan({
+          localPath: projectPath,
+          branch: 'main',
+          enableLLM: false,
+        });
+        console.error(`[MCP] Connected to dashboard (Scan ID: ${apiScan.scanId})`);
+      }
+    } catch (err) {
+      // API connection is optional, continue without it
+      console.error(`[MCP] Dashboard integration unavailable: ${err.message}`);
+    }
+
     let output = "# 🔍 vibecheck Scan\n\n";
     output += `**Profile:** ${profile}\n`;
     output += `**Path:** ${projectPath}\n\n`;
@@ -1375,6 +1405,28 @@ class VibecheckMCP {
       const summary = await this.parseSummaryFromDisk(projectPath);
       if (summary) {
         output += this.formatScanOutput(summary, projectPath);
+        
+        // Submit results to dashboard if connected
+        if (apiConnected && apiScan) {
+          try {
+            await submitScanResults(apiScan.scanId, {
+              verdict: summary.verdict || 'UNKNOWN',
+              score: summary.score?.overall || 0,
+              findings: summary.findings || [],
+              filesScanned: summary.stats?.filesScanned || 0,
+              linesScanned: summary.stats?.linesScanned || 0,
+              durationMs: summary.timings?.total || 0,
+              metadata: {
+                profile,
+                source: 'mcp-server',
+                version: CONFIG.VERSION,
+              },
+            });
+            console.error(`[MCP] Results sent to dashboard`);
+          } catch (err) {
+            console.error(`[MCP] Failed to send results to dashboard: ${err.message}`);
+          }
+        }
       }
       output += "\n---\n_Context Enhanced by vibecheck AI_\n";
       return this.success(output);
@@ -1383,10 +1435,43 @@ class VibecheckMCP {
       const summary = await this.parseSummaryFromDisk(projectPath);
       if (summary) {
         output += this.formatScanOutput(summary, projectPath);
+        
+        // Submit results to dashboard if connected
+        if (apiConnected && apiScan) {
+          try {
+            await submitScanResults(apiScan.scanId, {
+              verdict: summary.verdict || 'UNKNOWN',
+              score: summary.score?.overall || 0,
+              findings: summary.findings || [],
+              filesScanned: summary.stats?.filesScanned || 0,
+              linesScanned: summary.stats?.linesScanned || 0,
+              durationMs: summary.timings?.total || 0,
+              metadata: {
+                profile,
+                source: 'mcp-server',
+                version: CONFIG.VERSION,
+                error: err.message,
+              },
+            });
+            console.error(`[MCP] Results sent to dashboard (with error)`);
+          } catch (err) {
+            console.error(`[MCP] Failed to send results to dashboard: ${err.message}`);
+          }
+        }
         output += `\n⚠️ Scan completed with findings (exit code ${err.code || 1})\n`;
         return this.success(output);
       }
 
+      // Report error to dashboard if connected
+      if (apiConnected && apiScan) {
+        try {
+          await reportScanError(apiScan.scanId, err);
+          console.error(`[MCP] Error reported to dashboard`);
+        } catch (err) {
+          console.error(`[MCP] Failed to report error to dashboard: ${err.message}`);
+        }
+      }
+
       return this.error(`Scan failed: ${err.message}`, {
         code: "SCAN_ERROR",
         suggestion: "Check that the project path is valid and contains scanable code",