@vibecheckai/cli 3.2.5 → 3.3.0

package/bin/runners/runGuard.js

@@ -1,168 +1,262 @@
-/**
- * vibecheck guard - Unified trust boundary enforcement
- * 
- * Combines: validate + claim-verifier + prompt-firewall
- * 
- * Usage:
- *   vibecheck guard                    # Run all checks
- *   vibecheck guard --claims           # Verify AI claims against truthpack
- *   vibecheck guard --prompts          # Check for prompt injection
- *   vibecheck guard --hallucinations   # Detect AI hallucination patterns
- */
-
-const path = require("path");
-const fs = require("fs");
-
-// Import underlying implementations
-const { runValidate } = require("./runValidate");
-const { runPromptFirewall } = require("./runPromptFirewall");
-
-// ANSI colors
-const c = {
-  reset: "\x1b[0m",
-  dim: "\x1b[2m",
-  bold: "\x1b[1m",
-  cyan: "\x1b[36m",
-  green: "\x1b[32m",
-  yellow: "\x1b[33m",
-  red: "\x1b[31m",
-  magenta: "\x1b[35m",
-};
-
-function printHelp() {
-  console.log(`
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-  ${c.bold}vibecheck guard${c.reset} - Trust boundary enforcement for AI outputs
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-
-${c.green}USAGE${c.reset}
-  vibecheck guard [options]
-
-${c.yellow}OPTIONS${c.reset}
-  --claims           Verify AI claims against truthpack (route_exists, auth_enforced, etc.)
-  --prompts          Check code for prompt injection vulnerabilities
-  --hallucinations   Detect AI hallucination patterns in generated code
-  --file <path>      Check specific file(s)
-  --json             Output JSON for CI integration
-  --strict           Fail on warnings (default: fail on errors only)
-
-${c.magenta}EXAMPLES${c.reset}
-  vibecheck guard                           # Run all checks
-  vibecheck guard --claims --file api.ts    # Verify claims in specific file
-  vibecheck guard --prompts                 # Prompt injection scan
-  vibecheck guard --json                    # CI-friendly output
-
-${c.dim}This command unifies trust boundary checks for AI-generated code.${c.reset}
-`);
-}
-
-async function runGuard(args = []) {
-  // Parse arguments
-  if (args.includes("--help") || args.includes("-h")) {
-    printHelp();
-    return 0;
-  }
-
-  const runClaims = args.includes("--claims") || (!args.includes("--prompts") && !args.includes("--hallucinations"));
-  const runPrompts = args.includes("--prompts") || (!args.includes("--claims") && !args.includes("--hallucinations"));
-  const runHallucinations = args.includes("--hallucinations") || (!args.includes("--claims") && !args.includes("--prompts"));
-  const jsonOutput = args.includes("--json");
-  const strict = args.includes("--strict");
-
-  const results = {
-    claims: null,
-    prompts: null,
-    hallucinations: null,
-    verdict: "PASS",
-    errors: 0,
-    warnings: 0,
-  };
-
-  console.log(`
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-  ${c.bold}🛡️  VIBECHECK GUARD${c.reset} - Trust Boundary Enforcement
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-`);
-
-  // Run claims verification (validates AI claims against truthpack)
-  if (runClaims) {
-    console.log(`${c.dim}▸ Verifying AI claims against truthpack...${c.reset}`);
-    try {
-      const validateArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
-      const exitCode = await runValidate(validateArgs);
-      results.claims = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
-      if (exitCode !== 0) {
-        results.errors++;
-        results.verdict = "FAIL";
-      }
-      console.log(exitCode === 0 
-        ? `  ${c.green}✓${c.reset} Claims verified` 
-        : `  ${c.red}✗${c.reset} Claim verification failed`);
-    } catch (e) {
-      results.claims = { error: e.message };
-      console.log(`  ${c.yellow}⚠${c.reset} Claims check skipped: ${e.message}`);
-    }
-  }
-
-  // Run prompt injection detection
-  if (runPrompts) {
-    console.log(`${c.dim}▸ Scanning for prompt injection vulnerabilities...${c.reset}`);
-    try {
-      const firewallArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
-      const exitCode = await runPromptFirewall(firewallArgs);
-      results.prompts = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
-      if (exitCode !== 0) {
-        results.warnings++;
-        if (strict) results.verdict = "FAIL";
-      }
-      console.log(exitCode === 0 
-        ? `  ${c.green}✓${c.reset} No prompt injection risks` 
-        : `  ${c.yellow}⚠${c.reset} Prompt injection risks detected`);
-    } catch (e) {
-      results.prompts = { error: e.message };
-      console.log(`  ${c.yellow}⚠${c.reset} Prompt check skipped: ${e.message}`);
-    }
-  }
-
-  // Run hallucination detection
-  if (runHallucinations) {
-    console.log(`${c.dim}▸ Detecting hallucination patterns...${c.reset}`);
-    // Use validate with hallucination focus
-    try {
-      const validateArgs = ["--hallucinations", ...args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a))];
-      const exitCode = await runValidate(validateArgs);
-      results.hallucinations = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
-      if (exitCode !== 0) {
-        results.warnings++;
-        if (strict) results.verdict = "FAIL";
-      }
-      console.log(exitCode === 0 
-        ? `  ${c.green}✓${c.reset} No hallucination patterns` 
-        : `  ${c.yellow}⚠${c.reset} Potential hallucinations detected`);
-    } catch (e) {
-      results.hallucinations = { error: e.message };
-      console.log(`  ${c.yellow}⚠${c.reset} Hallucination check skipped: ${e.message}`);
-    }
-  }
-
-  // Summary
-  console.log(`
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}`);
-  
-  if (results.verdict === "PASS") {
-    console.log(`  ${c.green}${c.bold}✓ GUARD PASS${c.reset} - All trust boundaries intact`);
-  } else {
-    console.log(`  ${c.red}${c.bold}✗ GUARD FAIL${c.reset} - Trust boundary violations detected`);
-  }
-
-  console.log(`${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-`);
-
-  if (jsonOutput) {
-    console.log(JSON.stringify(results, null, 2));
-  }
-
-  return results.verdict === "PASS" ? 0 : (results.errors > 0 ? 2 : 1);
-}
-
-module.exports = { runGuard };
+/**
+ * vibecheck guard - Unified trust boundary enforcement
+ * 
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * World-Class AI Guardrails
+ * ═══════════════════════════════════════════════════════════════════════════════
+ */
+
+const path = require("path");
+const fs = require("fs");
+const { parseGlobalFlags, shouldSuppressOutput, isJsonMode } = require("./lib/global-flags");
+const { EXIT } = require("./lib/exit-codes");
+const {
+  ansi,
+  sym,
+  renderMinimalHeader,
+  renderSectionHeader,
+  renderVerdict,
+  renderSuccess,
+  renderError,
+  renderWarning,
+  renderFooter,
+  Spinner,
+  getTierFromKey,
+} = require("./lib/unified-cli-output");
+
+// Import underlying implementations
+let runValidate, runPromptFirewall;
+try {
+  runValidate = require("./runValidate").runValidate;
+} catch {
+  runValidate = null;
+}
+try {
+  runPromptFirewall = require("./runPromptFirewall").runPromptFirewall;
+} catch {
+  runPromptFirewall = null;
+}
+
+function printHelp() {
+  console.log(`
+  ${ansi.bold}USAGE${ansi.reset}
+    ${ansi.cyan}vibecheck guard${ansi.reset} [options]
+
+  ${ansi.dim}Aliases: ai-guard, firewall, validate${ansi.reset}
+
+  Validate AI-generated code and prompts. Detects prompt injection attempts,
+  verifies claims against your codebase (hallucination checking), and ensures
+  AI outputs meet your standards.
+
+  ${ansi.bold}CHECK MODES${ansi.reset}
+    ${ansi.cyan}--claims${ansi.reset}           Verify AI claims against truthpack
+    ${ansi.cyan}--prompts${ansi.reset}          Check code for prompt injection
+    ${ansi.cyan}--hallucinations${ansi.reset}   Detect AI hallucination patterns
+    ${ansi.dim}(default: run all checks)${ansi.reset}
+
+  ${ansi.bold}OPTIONS${ansi.reset}
+    ${ansi.cyan}--file <path>${ansi.reset}      Check specific file(s)
+    ${ansi.cyan}--strict${ansi.reset}           Fail on warnings (default: fail on errors only)
+    ${ansi.cyan}--json${ansi.reset}             Output as JSON (CI integration)
+    ${ansi.cyan}--quiet, -q${ansi.reset}        Suppress non-essential output
+    ${ansi.cyan}--help, -h${ansi.reset}         Show this help
+
+  ${ansi.bold}EXAMPLES${ansi.reset}
+    ${ansi.dim}# Run all guardrail checks${ansi.reset}
+    vibecheck guard
+
+    ${ansi.dim}# Verify AI claims in specific file${ansi.reset}
+    vibecheck guard --claims --file api.ts
+
+    ${ansi.dim}# Prompt injection scan only${ansi.reset}
+    vibecheck guard --prompts
+
+    ${ansi.dim}# CI pipeline (strict, JSON output)${ansi.reset}
+    vibecheck guard --strict --json
+
+  ${ansi.bold}EXIT CODES${ansi.reset}
+    0  All checks passed
+    1  Warnings found (non-blocking)
+    2  Errors found (blocking issues)
+
+  ${ansi.dim}────────────────────────────────────────────────────────────────────${ansi.reset}
+  ${ansi.dim}Documentation: https://docs.vibecheckai.dev/cli/guard${ansi.reset}
+`);
+}
+
+async function runGuard(args = []) {
+  const { flags: globalFlags } = parseGlobalFlags(args);
+  const quiet = shouldSuppressOutput(globalFlags);
+  const json = isJsonMode(globalFlags) || args.includes("--json");
+  const startTime = Date.now();
+  
+  // Parse arguments
+  if (globalFlags.help || args.includes("--help") || args.includes("-h")) {
+    printHelp();
+    return EXIT.SUCCESS;
+  }
+
+  const runClaims = args.includes("--claims") || (!args.includes("--prompts") && !args.includes("--hallucinations"));
+  const runPrompts = args.includes("--prompts") || (!args.includes("--claims") && !args.includes("--hallucinations"));
+  const runHallucinations = args.includes("--hallucinations") || (!args.includes("--claims") && !args.includes("--prompts"));
+  const strict = args.includes("--strict");
+  
+  // Validate --file if provided
+  const fileIndex = args.indexOf("--file");
+  if (fileIndex !== -1) {
+    const filePath = args[fileIndex + 1];
+    if (!filePath || filePath.startsWith("--")) {
+      if (json) {
+        console.log(JSON.stringify({ success: false, error: "--file requires a path argument" }));
+      } else {
+        renderError("--file requires a path argument");
+      }
+      return EXIT.USER_ERROR;
+    }
+    if (!fs.existsSync(filePath)) {
+      if (json) {
+        console.log(JSON.stringify({ success: false, error: `File not found: ${filePath}` }));
+      } else {
+        renderError(`File not found: ${filePath}`);
+      }
+      return EXIT.NOT_FOUND;
+    }
+  }
+
+  const results = {
+    claims: null,
+    prompts: null,
+    hallucinations: null,
+    verdict: "PASS",
+    errors: 0,
+    warnings: 0,
+  };
+
+  try {
+    if (!quiet && !json) {
+      renderMinimalHeader("guard", "starter");
+      renderSectionHeader("Trust Boundary Checks", sym.shield);
+    }
+
+    // Run claims verification
+    if (runClaims) {
+      const spinner = !quiet && !json ? new Spinner("Verifying AI claims against truthpack").start() : null;
+      
+      if (!runValidate) {
+        results.claims = { skipped: true, reason: "Validator module not available" };
+        spinner?.warn("Claims check skipped: module not available");
+      } else {
+        try {
+          const validateArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
+          const exitCode = await runValidate(validateArgs);
+          results.claims = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
+          if (exitCode !== 0) {
+            results.errors++;
+            results.verdict = "FAIL";
+            spinner?.fail("Claim verification failed");
+          } else {
+            spinner?.succeed("Claims verified");
+          }
+        } catch (e) {
+          results.claims = { error: e.message };
+          spinner?.warn(`Claims check failed: ${e.message}`);
+        }
+      }
+    }
+
+    // Run prompt injection detection
+    if (runPrompts) {
+      const spinner = !quiet && !json ? new Spinner("Scanning for prompt injection vulnerabilities").start() : null;
+      
+      if (!runPromptFirewall) {
+        results.prompts = { skipped: true, reason: "Firewall module not available" };
+        spinner?.warn("Prompt check skipped: module not available");
+      } else {
+        try {
+          const firewallArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
+          const exitCode = await runPromptFirewall(firewallArgs);
+          results.prompts = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
+          if (exitCode !== 0) {
+            results.warnings++;
+            if (strict) results.verdict = "FAIL";
+            spinner?.warn("Prompt injection risks detected");
+          } else {
+            spinner?.succeed("No prompt injection risks");
+          }
+        } catch (e) {
+          results.prompts = { error: e.message };
+          spinner?.warn(`Prompt check failed: ${e.message}`);
+        }
+      }
+    }
+
+    // Run hallucination detection
+    if (runHallucinations) {
+      const spinner = !quiet && !json ? new Spinner("Detecting hallucination patterns").start() : null;
+      
+      if (!runValidate) {
+        results.hallucinations = { skipped: true, reason: "Validator module not available" };
+        spinner?.warn("Hallucination check skipped: module not available");
+      } else {
+        try {
+          const validateArgs = ["--hallucinations", ...args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a))];
+          const exitCode = await runValidate(validateArgs);
+          results.hallucinations = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
+          if (exitCode !== 0) {
+            results.warnings++;
+            if (strict) results.verdict = "FAIL";
+            spinner?.warn("Potential hallucinations detected");
+          } else {
+            spinner?.succeed("No hallucination patterns");
+          }
+        } catch (e) {
+          results.hallucinations = { error: e.message };
+          spinner?.warn(`Hallucination check failed: ${e.message}`);
+        }
+      }
+    }
+
+    // Summary
+    const duration = Date.now() - startTime;
+    
+    if (!quiet && !json) {
+      renderVerdict(results.verdict === "PASS" ? "PASS" : "FAIL", {
+        warnings: results.warnings,
+        critical: results.errors,
+        duration,
+      });
+      
+      renderFooter({
+        nextSteps: results.verdict === "PASS" ? [
+          { cmd: "vibecheck scan", desc: "run full code analysis" },
+          { cmd: "vibecheck ship", desc: "get ship verdict" },
+        ] : [
+          { cmd: "vibecheck fix --plan-only", desc: "view fix recommendations" },
+        ],
+        docsUrl: "https://docs.vibecheckai.dev/cli/guard",
+      });
+    }
+
+    if (json) {
+      console.log(JSON.stringify({ ...results, duration }, null, 2));
+    }
+
+    // Return appropriate exit code
+    if (results.verdict === "PASS") {
+      return EXIT.SUCCESS;
+    } else if (results.errors > 0) {
+      return EXIT.BLOCKING;
+    } else {
+      return EXIT.WARNINGS;
+    }
+  } catch (error) {
+    if (json) {
+      console.log(JSON.stringify({ success: false, error: error.message }));
+    } else {
+      renderError(`Guard check failed: ${error.message}`);
+    }
+    return EXIT.INTERNAL_ERROR;
+  }
+}
+
+module.exports = { runGuard };

package/bin/runners/runInit.js

@@ -12,6 +12,7 @@
 const fs = require("fs");
 const path = require("path");
 const { parseGlobalFlags, shouldShowBanner } = require("./lib/global-flags");
+const { EXIT } = require("./lib/exit-codes");
 
 // Use enhanced wizard if available
 let InitWizard;
@@ -1747,7 +1748,7 @@ async function runInit(args) {
         console.log(`  ${colors.info}${ICONS.info}${c.reset} Run ${c.cyan}vibecheck init --repair${c.reset} to fix partial state`);
       }
       if (!opts.dryRun) {
-        return 1; // Exit on error unless dry-run
+        return EXIT.INTERNAL_ERROR; // Exit on error unless dry-run
       }
     }
   }
@@ -1765,7 +1766,7 @@ async function runInit(args) {
         }
       }
       if (!opts.dryRun) {
-        return 1;
+        return EXIT.INTERNAL_ERROR;
       }
     }
   }