@vibecheckai/cli 3.2.5 → 3.3.0

package/mcp-server/tier-auth.js

@@ -1,157 +1,276 @@
+/* vibecheck-disable */
 /**
  * MCP Server Tier Authentication & Authorization
  * 
- * Provides tier checking for MCP tools based on API keys
+ * UNIFIED AUTHORITY SYSTEM for MCP tools.
+ * 
+ * Authority Rules:
+ * - FREE: May see problems, never resolve certainty. Read-only context tools.
+ * - STARTER: May fix, but not prove. Read tools + advisory actions.
+ * - PRO: May enforce reality. Full MCP access with proof generation.
+ * - ENTERPRISE: All features + compliance tools.
+ * 
+ * Verdict authority is paid. Evidence beats explanations.
  */
 
 import fs from "fs/promises";
 import path from "path";
 import os from "os";
 
-// Tier definitions - MUST MATCH CLI entitlements-v2.js
+// ═══════════════════════════════════════════════════════════════════════════════
+// TIER DEFINITIONS - UNIFIED AUTHORITY SYSTEM
+// Synchronized with packages/core/src/tier-config.ts
+// 
+// Authority Rules:
+// - FREE: May see problems, never resolve certainty
+// - STARTER: May fix, but not prove (Advisory verdicts only)
+// - PRO: May enforce reality (Full verdict authority)
+// ═══════════════════════════════════════════════════════════════════════════════
 export const TIERS = {
   free: {
     name: 'FREE',
     price: 0,
     order: 0,
-    features: [
-      // Core commands
-      'scan', 'ship', 'ship.static',
-      // Setup
-      'init', 'init.local', 'doctor', 'status', 'install', 'preflight', 'watch', 'watch.local',
-      // AI Truth
-      'ctx', 'guard', 'context', 'mdc', 'contracts',
-      // Quality
-      'verify', 'quality', 'polish', 'checkpoint', 'checkpoint.basic',
-      // Fix (plan only)
-      'fix', 'fix.plan_only',
-      // Reality (preview)
-      'reality', 'reality.preview',
-      // MCP (help only)
-      'mcp.help_only',
-      // Report (html/md only)
-      'report', 'report.html_md',
-    ],
+    // Verdict authority
+    verdictAuthority: 'NONE',
+    canIssueVerdicts: false,
+    canEnforceCI: false,
+    canGenerateProof: false,
+    // Agent Firewall configuration
+    firewall: {
+      mode: 'observe',        // Log only, never block
+      canOverride: false,     // Cannot override blocks
+      auditEnabled: false,    // No audit trail
+    },
+    // Limits
     limits: { 
-      scans: 50, 
-      shipChecks: 20, 
+      scans: -1,  // Unlimited scans
       realityMaxPages: 5, 
       realityMaxClicks: 20, 
-      fixApplyPatches: false,
-      mcpRateLimit: 10, // requests per minute
+      mcpRateLimit: 10,
     },
-    // MCP tools allowed on FREE
+    // MCP tools allowed on FREE (read-only context only)
     mcpTools: [
       'vibecheck.get_truthpack',
-      'vibecheck.validate_claim',
       'vibecheck.compile_context',
       'vibecheck.search_evidence',
+      'vibecheck_agent_firewall_intercept',  // Observe mode
+      'vibecheck_conductor_status',  // Read-only coordination status
+      // Authority System - FREE tier
+      'vibecheck.classify',         // Inventory authority (read-only)
+      'vibecheck.authority_list',   // List available authorities
     ],
+    // Authority System configuration
+    authority: {
+      canClassify: true,          // Can run inventory analysis
+      canApprove: false,          // Cannot get verdicts
+      canEnforce: false,          // Cannot enforce in CI
+      canGenerateBadge: false,    // Cannot generate badges
+      availableAuthorities: ['inventory'],
+    },
   },
   starter: {
     name: 'STARTER',
-    price: 39, // Updated pricing
+    price: 39,
     order: 1,
-    features: [
-      // All FREE features plus...
-      // Init connect
-      'init.connect',
-      // Scan autofix
-      'scan.autofix',
-      // CI/CD
-      'gate', 'pr', 'badge', 'launch', 'dashboard_sync',
-      // Watch PR
-      'watch.pr',
-      // Report formats
-      'report.sarif_csv',
-      // Reality basic
-      'reality.basic',
-      // MCP read-only
-      'mcp', 'mcp.read_only',
-      // Ship full
-      'ship.full',
-    ],
+    // Verdict authority - ADVISORY (verdicts not enforced)
+    verdictAuthority: 'ADVISORY',
+    canIssueVerdicts: true,  // SHIP, WARN only
+    canEnforceCI: false,     // Cannot block builds
+    canGenerateProof: false, // Cannot generate proof
+    // Agent Firewall configuration
+    firewall: {
+      mode: 'advisory',       // Warn but allow
+      canOverride: true,      // Can override with reason
+      auditEnabled: true,     // Basic audit trail
+    },
+    // Limits
     limits: { 
-      scans: -1, 
-      shipChecks: -1, 
-      realityMaxPages: 50, 
-      realityMaxClicks: 200, 
-      fixApplyPatches: false,
-      mcpRateLimit: 60, // requests per minute
+      scans: -1,           // Unlimited scans
+      realityMaxPages: -1, // Unlimited browser testing
+      realityMaxClicks: -1,
+      mcpRateLimit: 60,
     },
-    // MCP tools allowed on STARTER (curated)
+    // MCP tools allowed on STARTER (read + advisory actions)
     mcpTools: [
       'vibecheck.ctx',
       'vibecheck.scan',
-      'vibecheck.ship',
+      'vibecheck.ship',      // Advisory verdicts only
       'vibecheck.get_truthpack',
       'vibecheck.validate_claim',
       'vibecheck.compile_context',
       'vibecheck.search_evidence',
       'vibecheck.find_counterexamples',
       'vibecheck.check_invariants',
+      'vibecheck.fix',       // Plan mode only
+      'vibecheck_agent_firewall_intercept',  // Advisory mode
+      // Conductor - multi-agent coordination
+      'vibecheck_conductor_register',
+      'vibecheck_conductor_acquire_lock',
+      'vibecheck_conductor_release_lock',
+      'vibecheck_conductor_propose',
+      'vibecheck_conductor_status',
+      'vibecheck_conductor_terminate',
+      // Authority System - STARTER tier
+      'vibecheck.classify',         // Inventory authority
+      'vibecheck.approve',          // Advisory verdicts
+      'vibecheck.authority_list',   // List authorities
+      'vibecheck.authority_approve', // Authority approval (advisory)
     ],
+    // Authority System configuration
+    authority: {
+      canClassify: true,          // Can run inventory analysis
+      canApprove: true,           // Can get advisory verdicts
+      canEnforce: false,          // Cannot enforce in CI
+      canGenerateBadge: false,    // Cannot generate badges
+      availableAuthorities: ['inventory', 'safe-consolidation'],
+    },
   },
   pro: {
     name: 'PRO',
     price: 99,
     order: 2,
-    features: [
-      // All STARTER features plus...
-      // Prove
-      'prove',
-      // Fix apply
-      'fix.apply_patches', 'fix.loop',
-      // Checkpoint advanced
-      'checkpoint.hallucination',
-      // Reality advanced
-      'reality.full', 'reality.advanced_auth_boundary',
-      // Premium
-      'replay', 'share', 'ai-test', 'permissions', 'graph',
-      // MCP full
-      'mcp.full',
-    ],
+    // Verdict authority - ENFORCED (verdicts block CI/PRs)
+    verdictAuthority: 'ENFORCED',
+    canIssueVerdicts: true,  // SHIP, WARN, BLOCK
+    canEnforceCI: true,      // Can block builds
+    canGenerateProof: true,  // Can generate cryptographic proof
+    // Agent Firewall configuration
+    firewall: {
+      mode: 'enforce',        // Block violations
+      canOverride: true,      // Can override with approval
+      auditEnabled: true,     // Full audit trail
+      criticEnabled: true,    // Enable Critic LLM
+    },
+    // Limits
     limits: { 
-      scans: -1, 
-      shipChecks: -1, 
-      realityMaxPages: -1, 
-      realityMaxClicks: -1, 
-      fixApplyPatches: true,
-      mcpRateLimit: -1, // unlimited
+      scans: -1,
+      realityMaxPages: -1,
+      realityMaxClicks: -1,
+      mcpRateLimit: -1,  // Unlimited
+    },
+    // MCP tools - FULL ACCESS
+    mcpTools: ['*'],  // All tools unlocked
+    // Authority System configuration
+    authority: {
+      canClassify: true,          // Can run inventory analysis
+      canApprove: true,           // Can get verdicts
+      canEnforce: true,           // Can enforce in CI (STOP verdicts block)
+      canGenerateBadge: true,     // Can generate authority badges
+      availableAuthorities: ['inventory', 'safe-consolidation', 'security-remediation'],
     },
-    // MCP tools allowed on PRO (curated)
-    mcpTools: [
-      'vibecheck.ctx',
-      'vibecheck.scan',
-      'vibecheck.ship',
-      'vibecheck.get_truthpack',
-      'vibecheck.validate_claim',
-      'vibecheck.compile_context',
-      'vibecheck.search_evidence',
-      'vibecheck.find_counterexamples',
-      'vibecheck.check_invariants',
-    ],
   },
-  compliance: {
-    name: 'COMPLIANCE',
-    price: 0, // Enterprise/on-prem
+  enterprise: {
+    name: 'ENTERPRISE',
+    price: 0, // Custom pricing
     order: 3,
-    features: [
-      // All PRO features plus...
-      'report.compliance_packs',
-    ],
+    // Verdict authority - ENFORCED + Compliance
+    verdictAuthority: 'ENFORCED',
+    canIssueVerdicts: true,
+    canEnforceCI: true,
+    canGenerateProof: true,
+    // Agent Firewall configuration
+    firewall: {
+      mode: 'enforce',        // Block violations
+      canOverride: true,      // Can override with multi-approval
+      auditEnabled: true,     // Full compliance audit trail
+      criticEnabled: true,    // Enable Critic LLM
+      complianceMode: true,   // Generate compliance artifacts
+    },
+    // Limits
     limits: { 
-      scans: -1, 
-      shipChecks: -1, 
-      realityMaxPages: -1, 
-      realityMaxClicks: -1, 
-      fixApplyPatches: true,
+      scans: -1,
+      realityMaxPages: -1,
+      realityMaxClicks: -1,
       mcpRateLimit: -1,
     },
-    mcpTools: ['*'], // All tools
+    // MCP tools - FULL ACCESS + Compliance
+    mcpTools: ['*'],
+    // Authority System configuration
+    authority: {
+      canClassify: true,          // Can run inventory analysis
+      canApprove: true,           // Can get verdicts
+      canEnforce: true,           // Can enforce in CI (STOP verdicts block)
+      canGenerateBadge: true,     // Can generate authority badges
+      canCustomize: true,         // Can create custom authorities
+      availableAuthorities: ['*'], // All authorities including custom
+    },
   }
 };
 
+// ═══════════════════════════════════════════════════════════════════════════════
+// CLI FEATURE → TIER MAPPING
+// Maps CLI features (not MCP tools) to minimum required tier
+// ═══════════════════════════════════════════════════════════════════════════════
+export const CLI_FEATURE_TIERS = {
+  // FREE - Basic scanning (always available)
+  'scan': 'free',
+  'ctx': 'free',
+  'ship': 'free',
+  'classify': 'free',         // Authority: inventory (read-only)
+  
+  // STARTER - Enhanced features
+  'gate': 'starter',
+  'badge': 'starter',
+  'fix': 'starter',           // Plan mode
+  'approve': 'starter',       // Authority: advisory verdicts
+  'authority.starter': 'starter', // Authority System access
+  
+  // PRO - Full enforcement
+  'prove': 'pro',
+  'fix.apply_patches': 'pro', // Apply mode
+  'reality': 'pro',
+  'autopilot': 'pro',
+  'verify': 'pro',
+  'authority.pro': 'pro',     // Authority: enforced verdicts + badges
+  'authority.enforce': 'pro', // Authority: CI blocking
+};
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// MCP TOOL → TIER MAPPING (Unified Authority System)
+// Aligned with packages/core/src/features.ts
+// ═══════════════════════════════════════════════════════════════════════════════
+export const MCP_TOOL_TIERS = {
+  // FREE - Read-only context tools ONLY
+  // Free users may see problems, never resolve certainty
+  'vibecheck.get_truthpack': 'free',
+  'vibecheck.compile_context': 'free',
+  'vibecheck.search_evidence': 'free',
+  'vibecheck_agent_firewall_intercept': 'free',  // Observe mode only
+  'vibecheck.classify': 'free',         // Authority: inventory (read-only)
+  'vibecheck.authority_list': 'free',   // List available authorities
+  
+  // STARTER - Advisory verdict authority
+  // Starter users may fix, but not prove
+  'vibecheck.ctx': 'starter',
+  'vibecheck.scan': 'starter',
+  'vibecheck.ship': 'starter',          // SHIP/WARN (advisory, not enforced)
+  'vibecheck.fix': 'starter',           // Plan mode only (no apply)
+  'vibecheck.validate_claim': 'starter',
+  'vibecheck.find_counterexamples': 'starter',
+  'vibecheck.check_invariants': 'starter',
+  'vibecheck.gate': 'starter',          // Advisory gates
+  'vibecheck.badge': 'starter',         // Unverified badges
+  'vibecheck.approve': 'starter',       // Authority: advisory verdicts
+  'vibecheck.authority_approve': 'starter', // Authority approval (advisory)
+  
+  // PRO - Full verdict authority & enforcement
+  // Pro users may enforce reality
+  'vibecheck.prove': 'pro',             // Cryptographic proof generation
+  'vibecheck.fix.apply': 'pro',         // Apply fixes
+  'vibecheck.fix.verify': 'pro',        // Verify fixes with proof
+  'vibecheck.reality': 'pro',           // Full browser testing
+  'vibecheck.reality.prove': 'pro',     // Prove runtime behavior
+  'vibecheck.enforce': 'pro',           // Enforce verdicts in CI
+  'vibecheck.ai_test': 'pro',           // AI agent testing
+  'vibecheck.autopilot': 'pro',         // Autonomous protection
+  'vibecheck.report': 'pro',            // Advanced reporting
+  'vibecheck.allowlist': 'pro',         // Manage allowlists
+  'vibecheck.status': 'pro',            // Advanced status
+  'vibecheck.authority_enforce': 'pro', // Authority: enforced verdicts
+  'vibecheck.authority_badge': 'pro',   // Authority: generate badges
+};
+
 /**
  * Load user configuration from ~/.vibecheck/credentials.json
  */
@@ -165,50 +284,149 @@ async function loadUserConfig() {
   }
 }
 
+// ═══════════════════════════════════════════════════════════════════════════════
+// SECURE TIER VALIDATION - API-First with Caching
+// SECURITY: Never trust API key prefix alone - always validate with API
+// ═══════════════════════════════════════════════════════════════════════════════
+
 /**
- * Determine tier from API key
- * Matches CLI entitlements-v2.js logic
+ * Tier cache to avoid hammering the API on every request
+ * Structure: Map<apiKeyHash, { tier, validatedAt, expiresAt }>
+ */
+const tierCache = new Map();
+const TIER_CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes
+const TIER_CACHE_MAX_SIZE = 1000; // Prevent unbounded growth
+
+/**
+ * Hash API key for cache key (don't store raw keys in memory)
+ */
+function hashApiKey(apiKey) {
+  const crypto = require('crypto');
+  return crypto.createHash('sha256').update(apiKey).digest('hex').slice(0, 32);
+}
+
+/**
+ * Evict expired entries and enforce max size
+ */
+function cleanupTierCache() {
+  const now = Date.now();
+  for (const [key, value] of tierCache) {
+    if (value.expiresAt < now) {
+      tierCache.delete(key);
+    }
+  }
+  // If still too large, evict oldest entries
+  if (tierCache.size > TIER_CACHE_MAX_SIZE) {
+    const entries = Array.from(tierCache.entries())
+      .sort((a, b) => a[1].validatedAt - b[1].validatedAt);
+    const toDelete = entries.slice(0, tierCache.size - TIER_CACHE_MAX_SIZE);
+    for (const [key] of toDelete) {
+      tierCache.delete(key);
+    }
+  }
+}
+
+/**
+ * Determine tier from API key - ALWAYS validates with API first
+ * 
+ * SECURITY FIX: Previous version checked prefix patterns BEFORE API validation,
+ * allowing attackers to spoof tier with fake keys like "gr_pro_anything".
+ * Now we ALWAYS validate with API first. Prefix is never authoritative.
+ * 
+ * @param {string} apiKey - The API key to validate
+ * @returns {Promise<string|null>} - Tier name or null if invalid
  */
 async function getTierFromApiKey(apiKey) {
-  if (!apiKey) return null; // No API key = no access
+  if (!apiKey || typeof apiKey !== 'string') return null;
+  
+  // Validate key format (basic sanity check)
+  if (apiKey.length < 10 || apiKey.length > 256) return null;
   
-  // Check API key prefix patterns (matches CLI)
-  if (apiKey.startsWith('gr_starter_')) return 'starter';
-  if (apiKey.startsWith('gr_pro_')) return 'pro';
-  if (apiKey.startsWith('gr_compliance_') || apiKey.startsWith('gr_ent_')) return 'compliance';
-  if (apiKey.startsWith('gr_free_')) return 'free';
+  const keyHash = hashApiKey(apiKey);
+  const now = Date.now();
+  
+  // Check cache first (only if not expired)
+  const cached = tierCache.get(keyHash);
+  if (cached && cached.expiresAt > now) {
+    return cached.tier;
+  }
   
-  // Try to validate with API
+  // ALWAYS validate with API - this is the authoritative source
   try {
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), 10000); // 10s timeout
+    
     const response = await fetch('https://api.vibecheckai.dev/whoami', {
       headers: {
         'Authorization': `Bearer ${apiKey}`,
         'Content-Type': 'application/json',
       },
+      signal: controller.signal,
     });
     
+    clearTimeout(timeoutId);
+    
     if (!response.ok) {
-      return null; // Invalid API key
+      // API explicitly rejected this key - it's invalid
+      // Cache the rejection briefly to avoid hammering on invalid keys
+      tierCache.set(keyHash, {
+        tier: null,
+        validatedAt: now,
+        expiresAt: now + 60000, // Cache rejections for 1 minute
+      });
+      return null;
     }
     
     const data = await response.json();
     
     // Map API response to tier
+    let tier;
     switch (data.plan?.toLowerCase()) {
       case 'starter':
-        return 'starter';
+        tier = 'starter';
+        break;
       case 'pro':
-        return 'pro';
-      case 'compliance':
-        return 'compliance';
+        tier = 'pro';
+        break;
+      case 'enterprise':
+        tier = 'enterprise';
+        break;
       default:
-        return 'free';
+        tier = 'free';
     }
+    
+    // Cache the validated tier
+    tierCache.set(keyHash, {
+      tier,
+      validatedAt: now,
+      expiresAt: now + TIER_CACHE_TTL_MS,
+    });
+    
+    // Periodic cleanup
+    if (tierCache.size > TIER_CACHE_MAX_SIZE * 0.9) {
+      cleanupTierCache();
+    }
+    
+    return tier;
+    
   } catch (error) {
-    console.error('API validation failed:', error);
-    return null; // On error, deny access
+    // Network error - check if we have a recent valid cache entry
+    // (This allows graceful degradation during brief network issues)
+    if (cached && cached.tier !== null) {
+      // Only use stale cache if it was validated within last 15 minutes
+      // and the original validation was successful (tier !== null)
+      const staleTolerance = 15 * 60 * 1000; // 15 minutes
+      if (now - cached.validatedAt < staleTolerance) {
+        console.error(`[TIER-AUTH] API unreachable, using stale cache for ${keyHash.slice(0, 8)}...`);
+        return cached.tier;
+      }
+    }
+    
+    // No valid cache - fail closed for security
+    console.error('[TIER-AUTH] API validation failed with no valid cache, denying access:', error.message);
+    return null;
   }
-} // default for unknown keys
+}
 
 /**
  * Check if user has access to a specific feature
@@ -240,28 +458,20 @@ export async function getFeatureAccessStatus(featureName, providedApiKey = null)
   }
   const currentTierConfig = TIERS[currentTier];
   
-  // Find which tier has this feature
-  let requiredTier = null;
-  let requiredTierConfig = null;
-  
-  for (const [tierName, tierConfig] of Object.entries(TIERS)) {
-    if (tierConfig.features.includes(featureName)) {
-      requiredTier = tierName;
-      requiredTierConfig = tierConfig;
-      break;
-    }
-  }
+  // Find which tier requires this feature using CLI_FEATURE_TIERS mapping
+  const requiredTier = CLI_FEATURE_TIERS[featureName];
   
-  // If feature not found in any tier, deny access
+  // If feature not found in mapping, allow it (default to free)
   if (!requiredTier) {
     return {
-      hasAccess: false,
+      hasAccess: true,
       tier: currentTier,
-      reason: `${featureName} is not available in any tier`,
-      upgradeUrl: 'https://vibecheckai.dev'
+      reason: `Feature '${featureName}' has no tier restriction`
     };
   }
   
+  const requiredTierConfig = TIERS[requiredTier];
+  
   // Check if current tier meets minimum requirement (using order)
   const hasAccess = currentTierConfig.order >= requiredTierConfig.order;
   
@@ -287,7 +497,7 @@ export async function getFeatureAccessStatus(featureName, providedApiKey = null)
  */
 export function withTierCheck(featureName, handler) {
   return async (args) => {
-    const access = await checkFeatureAccess(featureName, args?.apiKey);
+    const access = await getFeatureAccessStatus(featureName, args?.apiKey);
     
     if (!access.hasAccess) {
       return {
@@ -393,7 +603,7 @@ export async function getMcpToolAccess(toolName, providedApiKey = null) {
  */
 export function withMcpToolCheck(toolName, handler) {
   return async (args) => {
-    const access = await checkMcpToolAccess(toolName, args?.apiKey);
+    const access = await getMcpToolAccess(toolName, args?.apiKey);
     
     if (!access.hasAccess) {
       return {
@@ -427,12 +637,17 @@ export async function getUserInfo() {
   const tier = getTierFromApiKey(config.apiKey);
   const tierConfig = TIERS[tier];
   
+  // Get features available for this tier from CLI_FEATURE_TIERS
+  const availableFeatures = Object.entries(CLI_FEATURE_TIERS)
+    .filter(([, reqTier]) => TIERS[reqTier].order <= tierConfig.order)
+    .map(([feature]) => feature);
+  
   return {
     authenticated: true,
     tier,
     email: config.email,
     authenticatedAt: config.authenticatedAt,
-    features: tierConfig.features,
+    features: availableFeatures,
     limits: tierConfig.limits,
     mcpTools: tierConfig.mcpTools,
   };