@vibecheckai/cli 3.2.5 → 3.3.0

package/bin/runners/lib/llm.js

@@ -1,75 +1,75 @@
-// bin/runners/lib/llm.js
-const https = require("https");
-const http = require("http");
-const { URL } = require("url");
-
-function postJson(urlStr, headers, bodyObj) {
-  const url = new URL(urlStr);
-  const lib = url.protocol === "https:" ? https : http;
-
-  const data = JSON.stringify(bodyObj);
-
-  return new Promise((resolve, reject) => {
-    const req = lib.request(
-      {
-        method: "POST",
-        hostname: url.hostname,
-        port: url.port || (url.protocol === "https:" ? 443 : 80),
-        path: url.pathname,
-        headers: {
-          "Content-Type": "application/json",
-          "Content-Length": Buffer.byteLength(data),
-          ...headers
-        }
-      },
-      (res) => {
-        let buf = "";
-        res.on("data", (d) => (buf += d));
-        res.on("end", () => {
-          try {
-            const json = JSON.parse(buf);
-            resolve({ status: res.statusCode, json, raw: buf });
-          } catch (e) {
-            reject(new Error(`LLM response not JSON (status ${res.statusCode}): ${buf.slice(0, 400)}`));
-          }
-        });
-      }
-    );
-
-    req.on("error", reject);
-    req.write(data);
-    req.end();
-  });
-}
-
-async function generatePatchJson(prompt) {
-  const baseUrl = process.env.VIBECHECK_LLM_BASE_URL;
-  const apiKey = process.env.VIBECHECK_LLM_API_KEY;
-  const model = process.env.VIBECHECK_LLM_MODEL || "gpt-4.1-mini";
-
-  if (!baseUrl || !apiKey) {
-    const err = new Error("LLM not configured: set VIBECHECK_LLM_BASE_URL and VIBECHECK_LLM_API_KEY");
-    err.code = "VIBECHECK_LLM_NOT_CONFIGURED";
-    throw err;
-  }
-
-  const headers = { Authorization: `Bearer ${apiKey}` };
-
-  const body = {
-    model,
-    temperature: 0.1,
-    messages: [
-      { role: "system", content: "Return JSON only." },
-      { role: "user", content: prompt }
-    ]
-  };
-
-  const r = await postJson(baseUrl, headers, body);
-
-  const content = r.json?.choices?.[0]?.message?.content;
-  if (!content) throw new Error("LLM response missing choices[0].message.content");
-
-  return JSON.parse(content);
-}
-
-module.exports = { generatePatchJson };
+// bin/runners/lib/llm.js
+const https = require("https");
+const http = require("http");
+const { URL } = require("url");
+
+function postJson(urlStr, headers, bodyObj) {
+  const url = new URL(urlStr);
+  const lib = url.protocol === "https:" ? https : http;
+
+  const data = JSON.stringify(bodyObj);
+
+  return new Promise((resolve, reject) => {
+    const req = lib.request(
+      {
+        method: "POST",
+        hostname: url.hostname,
+        port: url.port || (url.protocol === "https:" ? 443 : 80),
+        path: url.pathname,
+        headers: {
+          "Content-Type": "application/json",
+          "Content-Length": Buffer.byteLength(data),
+          ...headers
+        }
+      },
+      (res) => {
+        let buf = "";
+        res.on("data", (d) => (buf += d));
+        res.on("end", () => {
+          try {
+            const json = JSON.parse(buf);
+            resolve({ status: res.statusCode, json, raw: buf });
+          } catch (e) {
+            reject(new Error(`LLM response not JSON (status ${res.statusCode}): ${buf.slice(0, 400)}`));
+          }
+        });
+      }
+    );
+
+    req.on("error", reject);
+    req.write(data);
+    req.end();
+  });
+}
+
+async function generatePatchJson(prompt) {
+  const baseUrl = process.env.VIBECHECK_LLM_BASE_URL;
+  const apiKey = process.env.VIBECHECK_LLM_API_KEY;
+  const model = process.env.VIBECHECK_LLM_MODEL || "gpt-4.1-mini";
+
+  if (!baseUrl || !apiKey) {
+    const err = new Error("LLM not configured: set VIBECHECK_LLM_BASE_URL and VIBECHECK_LLM_API_KEY");
+    err.code = "VIBECHECK_LLM_NOT_CONFIGURED";
+    throw err;
+  }
+
+  const headers = { Authorization: `Bearer ${apiKey}` };
+
+  const body = {
+    model,
+    temperature: 0.1,
+    messages: [
+      { role: "system", content: "Return JSON only." },
+      { role: "user", content: prompt }
+    ]
+  };
+
+  const r = await postJson(baseUrl, headers, body);
+
+  const content = r.json?.choices?.[0]?.message?.content;
+  if (!content) throw new Error("LLM response missing choices[0].message.content");
+
+  return JSON.parse(content);
+}
+
+module.exports = { generatePatchJson };

package/bin/runners/lib/logger.js

@@ -0,0 +1,38 @@
+/**
+ * Simple Logger Stub
+ * 
+ * Provides a minimal logger interface for modules that need it.
+ * Respects VIBECHECK_DEBUG and VIBECHECK_QUIET environment variables.
+ */
+
+"use strict";
+
+const isDebug = process.env.VIBECHECK_DEBUG === "true" || process.env.DEBUG;
+const isQuiet = process.env.VIBECHECK_QUIET === "true";
+
+const logger = {
+  debug: (...args) => {
+    if (isDebug && !isQuiet) {
+      console.debug("[DEBUG]", ...args);
+    }
+  },
+  info: (...args) => {
+    if (!isQuiet) {
+      console.info("[INFO]", ...args);
+    }
+  },
+  warn: (...args) => {
+    console.warn("[WARN]", ...args);
+  },
+  error: (...args) => {
+    console.error("[ERROR]", ...args);
+  },
+  // Alias for compatibility
+  log: (...args) => {
+    if (!isQuiet) {
+      console.log(...args);
+    }
+  },
+};
+
+module.exports = { logger };

package/bin/runners/lib/meter.js

@@ -1,61 +1,61 @@
-// bin/runners/lib/meter.js
-const fs = require("fs");
-const path = require("path");
-const os = require("os");
-
-function monthKey(d = new Date()) {
-  const y = d.getUTCFullYear();
-  const m = String(d.getUTCMonth() + 1).padStart(2, "0");
-  return `${y}-${m}`;
-}
-
-function ensureDir(p) {
-  fs.mkdirSync(p, { recursive: true });
-}
-
-function readJson(p, fallback) {
-  try { return JSON.parse(fs.readFileSync(p, "utf8")); } catch { return fallback; }
-}
-
-function writeJson(p, obj) {
-  fs.writeFileSync(p, JSON.stringify(obj, null, 2));
-}
-
-function defaultStorePath() {
-  return path.join(os.homedir(), ".vibecheck", "usage.json");
-}
-
-/**
- * Local meter:
- * - Free tier: 10 ship checks per calendar month
- * - Paid tiers: unlimited (you can override tier via env while developing)
- */
-function consumeShipCheckOrThrow({ tier, limitFree = 10 } = {}) {
-  const effectiveTier = (tier || process.env.VIBECHECK_TIER || "free").toLowerCase();
-
-  if (effectiveTier !== "free") {
-    return { ok: true, remaining: Infinity, tier: effectiveTier };
-  }
-
-  const storePath = process.env.VIBECHECK_USAGE_PATH || defaultStorePath();
-  ensureDir(path.dirname(storePath));
-  const store = readJson(storePath, { months: {} });
-
-  const key = monthKey();
-  const used = store.months[key]?.shipChecks || 0;
-
-  if (used >= limitFree) {
-    const err = new Error(`Free tier limit reached: ${limitFree} full ship checks/month. Upgrade to continue.`);
-    err.code = "VIBECHECK_LIMIT_REACHED";
-    err.meta = { used, limitFree, month: key };
-    throw err;
-  }
-
-  store.months[key] = store.months[key] || {};
-  store.months[key].shipChecks = used + 1;
-  writeJson(storePath, store);
-
-  return { ok: true, remaining: limitFree - (used + 1), tier: effectiveTier };
-}
-
-module.exports = { consumeShipCheckOrThrow };
+// bin/runners/lib/meter.js
+const fs = require("fs");
+const path = require("path");
+const os = require("os");
+
+function monthKey(d = new Date()) {
+  const y = d.getUTCFullYear();
+  const m = String(d.getUTCMonth() + 1).padStart(2, "0");
+  return `${y}-${m}`;
+}
+
+function ensureDir(p) {
+  fs.mkdirSync(p, { recursive: true });
+}
+
+function readJson(p, fallback) {
+  try { return JSON.parse(fs.readFileSync(p, "utf8")); } catch { return fallback; }
+}
+
+function writeJson(p, obj) {
+  fs.writeFileSync(p, JSON.stringify(obj, null, 2));
+}
+
+function defaultStorePath() {
+  return path.join(os.homedir(), ".vibecheck", "usage.json");
+}
+
+/**
+ * Local meter:
+ * - Free tier: 10 ship checks per calendar month
+ * - Paid tiers: unlimited (you can override tier via env while developing)
+ */
+function consumeShipCheckOrThrow({ tier, limitFree = 10 } = {}) {
+  const effectiveTier = (tier || process.env.VIBECHECK_TIER || "free").toLowerCase();
+
+  if (effectiveTier !== "free") {
+    return { ok: true, remaining: Infinity, tier: effectiveTier };
+  }
+
+  const storePath = process.env.VIBECHECK_USAGE_PATH || defaultStorePath();
+  ensureDir(path.dirname(storePath));
+  const store = readJson(storePath, { months: {} });
+
+  const key = monthKey();
+  const used = store.months[key]?.shipChecks || 0;
+
+  if (used >= limitFree) {
+    const err = new Error(`Free tier limit reached: ${limitFree} full ship checks/month. Upgrade to continue.`);
+    err.code = "VIBECHECK_LIMIT_REACHED";
+    err.meta = { used, limitFree, month: key };
+    throw err;
+  }
+
+  store.months[key] = store.months[key] || {};
+  store.months[key].shipChecks = used + 1;
+  writeJson(storePath, store);
+
+  return { ok: true, remaining: limitFree - (used + 1), tier: effectiveTier };
+}
+
+module.exports = { consumeShipCheckOrThrow };

package/bin/runners/lib/missions/evidence.js

@@ -1,126 +1,126 @@
-// bin/runners/lib/missions/evidence.js
-const fg = require("fast-glob");
-const fs = require("fs");
-const path = require("path");
-const { collectEvidenceSnippets, collectRegexSnippets } = require("../snippets");
-
-async function findFiles(repoRoot, patterns, limit = 12) {
-  const files = await fg(patterns, {
-    cwd: repoRoot,
-    onlyFiles: true,
-    absolute: false,
-    ignore: ["**/node_modules/**","**/.next/**","**/dist/**","**/build/**"]
-  });
-  return files.slice(0, limit);
-}
-
-function uniq(arr) {
-  return Array.from(new Set((arr || []).filter(Boolean)));
-}
-
-function evidenceFilesFromFindings(findings) {
-  const files = [];
-  for (const f of findings || []) {
-    for (const ev of (f.evidence || [])) {
-      if (ev.file) files.push(ev.file);
-    }
-  }
-  return uniq(files);
-}
-
-function handlerFilesFromTruthpack(truthpack) {
-  const server = truthpack?.routes?.server || [];
-  return uniq(server.map(r => r.handler).filter(Boolean));
-}
-
-function enforcementHandlerFiles(truthpack) {
-  const checks = truthpack?.enforcement?.checks || [];
-  return uniq(checks.map(c => c.handler).filter(Boolean));
-}
-
-function stripeWebhookFiles(truthpack) {
-  const c = truthpack?.billing?.webhookCandidates || [];
-  return uniq(c.map(x => x.file).filter(Boolean));
-}
-
-function middlewareFiles(truthpack) {
-  const m = truthpack?.auth?.nextMiddleware || [];
-  return uniq(m.map(x => x.file).filter(Boolean));
-}
-
-async function expandEvidence({ repoRoot, truthpack, mission, targetFindings }) {
-  const type = mission?.type || "GENERIC_FIX";
-
-  let allowedFiles = evidenceFilesFromFindings(targetFindings);
-
-  if (type === "FIX_ENV_CONTRACT") {
-    allowedFiles = uniq([
-      ...allowedFiles,
-      ".env.example", ".env.template", ".env.sample", ".env"
-    ]);
-  }
-
-  if (type === "FIX_MISSING_ROUTE") {
-    allowedFiles = uniq([
-      ...allowedFiles,
-      ...handlerFilesFromTruthpack(truthpack)
-    ]);
-    const nextApiFiles = await findFiles(repoRoot, ["app/api/**/route.@(ts|js)", "pages/api/**/*.@(ts|js)"], 24);
-    allowedFiles = uniq([...allowedFiles, ...nextApiFiles]);
-  }
-
-  if (type === "ADD_SERVER_AUTH") {
-    allowedFiles = uniq([
-      ...allowedFiles,
-      ...middlewareFiles(truthpack),
-      ...handlerFilesFromTruthpack(truthpack)
-    ]);
-    const authLibs = await findFiles(repoRoot, ["**/*auth*.@(ts|js)","**/*session*.@(ts|js)","**/*jwt*.@(ts|js)"], 12);
-    allowedFiles = uniq([...allowedFiles, ...authLibs]);
-  }
-
-  if (type === "FIX_STRIPE_WEBHOOKS") {
-    allowedFiles = uniq([...allowedFiles, ...stripeWebhookFiles(truthpack)]);
-    const billingLibs = await findFiles(repoRoot, ["**/*stripe*.@(ts|js)","**/*billing*.@(ts|js)","**/*webhook*.@(ts|js)"], 12);
-    allowedFiles = uniq([...allowedFiles, ...billingLibs]);
-  }
-
-  if (type === "ENFORCE_PAID_SURFACE") {
-    allowedFiles = uniq([...allowedFiles, ...enforcementHandlerFiles(truthpack)]);
-    const entitlementLibs = await findFiles(repoRoot, ["**/*entitlement*.@(ts|js)","**/*plan*.@(ts|js)","**/*tier*.@(ts|js)"], 12);
-    allowedFiles = uniq([...allowedFiles, ...entitlementLibs]);
-  }
-
-  if (type === "REMOVE_OWNER_MODE") {
-    const bypassFiles = await findFiles(repoRoot, ["**/*owner*mode*.@(ts|js)","**/*entitlement*.@(ts|js)","**/*auth*.@(ts|js)"], 20);
-    allowedFiles = uniq([...allowedFiles, ...bypassFiles]);
-  }
-
-  if (type === "FIX_FAKE_SUCCESS") {
-    const uiFiles = await findFiles(repoRoot, ["app/**/*.@(ts|tsx|js|jsx)","src/**/*.@(ts|tsx|js|jsx)"], 20);
-    allowedFiles = uniq([...allowedFiles, ...uiFiles]);
-  }
-
-  const evidenceSnips = collectEvidenceSnippets(repoRoot, targetFindings, 12);
-
-  const regexByType = {
-    FIX_STRIPE_WEBHOOKS: /(constructEvent|stripe-signature|bodyParser\s*:\s*false|req\.(text|arrayBuffer)\(|event\.id|idempotenc)/i,
-    ENFORCE_PAID_SURFACE: /(enforceFeature|enforceLimit|getEntitlements|tier|plan|subscription|credits)/i,
-    ADD_SERVER_AUTH: /(authorization|bearer|jwtVerify|getServerSession|clerk|supabase|preHandler|onRequest|rbac|permissions)/i,
-    REMOVE_OWNER_MODE: /(OWNER_MODE|GUARDRAIL_OWNER_MODE|VIBECHECK_OWNER_MODE)/i,
-    FIX_FAKE_SUCCESS: /(toast\.success|router\.push|navigate\(|fetch\(|axios\.)/i,
-    FIX_ENV_CONTRACT: /(^|\s)(export\s+)?[A-Z0-9_]+\s*=/,
-    FIX_MISSING_ROUTE: /(\/api\/|fetch\(|axios\.)/i,
-    FIX_DEAD_UI: /(onClick|onclick|router\.push|navigate\(|toast\.success|fetch\(|axios\.|\/api\/)/i
-  };
-
-  const rx = regexByType[type];
-  const regexSnips = rx ? collectRegexSnippets(repoRoot, allowedFiles, rx, { pad: 4, limit: 10 }) : [];
-
-  return {
-    allowedFiles,
-    snippets: [...evidenceSnips, ...regexSnips]
-  };
-}
-
-module.exports = { expandEvidence };
+// bin/runners/lib/missions/evidence.js
+const fg = require("fast-glob");
+const fs = require("fs");
+const path = require("path");
+const { collectEvidenceSnippets, collectRegexSnippets } = require("../snippets");
+
+async function findFiles(repoRoot, patterns, limit = 12) {
+  const files = await fg(patterns, {
+    cwd: repoRoot,
+    onlyFiles: true,
+    absolute: false,
+    ignore: ["**/node_modules/**","**/.next/**","**/dist/**","**/build/**"]
+  });
+  return files.slice(0, limit);
+}
+
+function uniq(arr) {
+  return Array.from(new Set((arr || []).filter(Boolean)));
+}
+
+function evidenceFilesFromFindings(findings) {
+  const files = [];
+  for (const f of findings || []) {
+    for (const ev of (f.evidence || [])) {
+      if (ev.file) files.push(ev.file);
+    }
+  }
+  return uniq(files);
+}
+
+function handlerFilesFromTruthpack(truthpack) {
+  const server = truthpack?.routes?.server || [];
+  return uniq(server.map(r => r.handler).filter(Boolean));
+}
+
+function enforcementHandlerFiles(truthpack) {
+  const checks = truthpack?.enforcement?.checks || [];
+  return uniq(checks.map(c => c.handler).filter(Boolean));
+}
+
+function stripeWebhookFiles(truthpack) {
+  const c = truthpack?.billing?.webhookCandidates || [];
+  return uniq(c.map(x => x.file).filter(Boolean));
+}
+
+function middlewareFiles(truthpack) {
+  const m = truthpack?.auth?.nextMiddleware || [];
+  return uniq(m.map(x => x.file).filter(Boolean));
+}
+
+async function expandEvidence({ repoRoot, truthpack, mission, targetFindings }) {
+  const type = mission?.type || "GENERIC_FIX";
+
+  let allowedFiles = evidenceFilesFromFindings(targetFindings);
+
+  if (type === "FIX_ENV_CONTRACT") {
+    allowedFiles = uniq([
+      ...allowedFiles,
+      ".env.example", ".env.template", ".env.sample", ".env"
+    ]);
+  }
+
+  if (type === "FIX_MISSING_ROUTE") {
+    allowedFiles = uniq([
+      ...allowedFiles,
+      ...handlerFilesFromTruthpack(truthpack)
+    ]);
+    const nextApiFiles = await findFiles(repoRoot, ["app/api/**/route.@(ts|js)", "pages/api/**/*.@(ts|js)"], 24);
+    allowedFiles = uniq([...allowedFiles, ...nextApiFiles]);
+  }
+
+  if (type === "ADD_SERVER_AUTH") {
+    allowedFiles = uniq([
+      ...allowedFiles,
+      ...middlewareFiles(truthpack),
+      ...handlerFilesFromTruthpack(truthpack)
+    ]);
+    const authLibs = await findFiles(repoRoot, ["**/*auth*.@(ts|js)","**/*session*.@(ts|js)","**/*jwt*.@(ts|js)"], 12);
+    allowedFiles = uniq([...allowedFiles, ...authLibs]);
+  }
+
+  if (type === "FIX_STRIPE_WEBHOOKS") {
+    allowedFiles = uniq([...allowedFiles, ...stripeWebhookFiles(truthpack)]);
+    const billingLibs = await findFiles(repoRoot, ["**/*stripe*.@(ts|js)","**/*billing*.@(ts|js)","**/*webhook*.@(ts|js)"], 12);
+    allowedFiles = uniq([...allowedFiles, ...billingLibs]);
+  }
+
+  if (type === "ENFORCE_PAID_SURFACE") {
+    allowedFiles = uniq([...allowedFiles, ...enforcementHandlerFiles(truthpack)]);
+    const entitlementLibs = await findFiles(repoRoot, ["**/*entitlement*.@(ts|js)","**/*plan*.@(ts|js)","**/*tier*.@(ts|js)"], 12);
+    allowedFiles = uniq([...allowedFiles, ...entitlementLibs]);
+  }
+
+  if (type === "REMOVE_OWNER_MODE") {
+    const bypassFiles = await findFiles(repoRoot, ["**/*owner*mode*.@(ts|js)","**/*entitlement*.@(ts|js)","**/*auth*.@(ts|js)"], 20);
+    allowedFiles = uniq([...allowedFiles, ...bypassFiles]);
+  }
+
+  if (type === "FIX_FAKE_SUCCESS") {
+    const uiFiles = await findFiles(repoRoot, ["app/**/*.@(ts|tsx|js|jsx)","src/**/*.@(ts|tsx|js|jsx)"], 20);
+    allowedFiles = uniq([...allowedFiles, ...uiFiles]);
+  }
+
+  const evidenceSnips = collectEvidenceSnippets(repoRoot, targetFindings, 12);
+
+  const regexByType = {
+    FIX_STRIPE_WEBHOOKS: /(constructEvent|stripe-signature|bodyParser\s*:\s*false|req\.(text|arrayBuffer)\(|event\.id|idempotenc)/i,
+    ENFORCE_PAID_SURFACE: /(enforceFeature|enforceLimit|getEntitlements|tier|plan|subscription|credits)/i,
+    ADD_SERVER_AUTH: /(authorization|bearer|jwtVerify|getServerSession|clerk|supabase|preHandler|onRequest|rbac|permissions)/i,
+    REMOVE_OWNER_MODE: /(OWNER_MODE|GUARDRAIL_OWNER_MODE|VIBECHECK_OWNER_MODE)/i,
+    FIX_FAKE_SUCCESS: /(toast\.success|router\.push|navigate\(|fetch\(|axios\.)/i,
+    FIX_ENV_CONTRACT: /(^|\s)(export\s+)?[A-Z0-9_]+\s*=/,
+    FIX_MISSING_ROUTE: /(\/api\/|fetch\(|axios\.)/i,
+    FIX_DEAD_UI: /(onClick|onclick|router\.push|navigate\(|toast\.success|fetch\(|axios\.|\/api\/)/i
+  };
+
+  const rx = regexByType[type];
+  const regexSnips = rx ? collectRegexSnippets(repoRoot, allowedFiles, rx, { pad: 4, limit: 10 }) : [];
+
+  return {
+    allowedFiles,
+    snippets: [...evidenceSnips, ...regexSnips]
+  };
+}
+
+module.exports = { expandEvidence };

package/bin/runners/lib/patch.js

@@ -1,40 +1,40 @@
-// bin/runners/lib/patch.js
-const fs = require("fs");
-const path = require("path");
-const { spawnSync } = require("child_process");
-
-function ensureDir(p) {
-  fs.mkdirSync(p, { recursive: true });
-}
-
-function writeTempPatch(repoRoot, diffText) {
-  const dir = path.join(repoRoot, ".vibecheck", "tmp");
-  ensureDir(dir);
-  const p = path.join(dir, `patch_${Date.now()}.diff`);
-  fs.writeFileSync(p, diffText, "utf8");
-  return p;
-}
-
-function applyPatchWithGit(repoRoot, patchPath) {
-  const r = spawnSync("git", ["apply", "--reject", "--whitespace=fix", patchPath], {
-    cwd: repoRoot,
-    stdio: "pipe",
-    encoding: "utf8"
-  });
-
-  return { ok: r.status === 0, stdout: r.stdout, stderr: r.stderr, code: r.status };
-}
-
-function applyUnifiedDiff(repoRoot, diffText) {
-  const patchPath = writeTempPatch(repoRoot, diffText);
-
-  const check = spawnSync("git", ["--version"], { stdio: "ignore" });
-  if (check.status !== 0) {
-    return { ok: false, error: "git not found; cannot apply unified diff safely" };
-  }
-
-  const res = applyPatchWithGit(repoRoot, patchPath);
-  return res.ok ? { ok: true } : { ok: false, error: res.stderr || "git apply failed", details: res };
-}
-
-module.exports = { applyUnifiedDiff };
+// bin/runners/lib/patch.js
+const fs = require("fs");
+const path = require("path");
+const { spawnSync } = require("child_process");
+
+function ensureDir(p) {
+  fs.mkdirSync(p, { recursive: true });
+}
+
+function writeTempPatch(repoRoot, diffText) {
+  const dir = path.join(repoRoot, ".vibecheck", "tmp");
+  ensureDir(dir);
+  const p = path.join(dir, `patch_${Date.now()}.diff`);
+  fs.writeFileSync(p, diffText, "utf8");
+  return p;
+}
+
+function applyPatchWithGit(repoRoot, patchPath) {
+  const r = spawnSync("git", ["apply", "--reject", "--whitespace=fix", patchPath], {
+    cwd: repoRoot,
+    stdio: "pipe",
+    encoding: "utf8"
+  });
+
+  return { ok: r.status === 0, stdout: r.stdout, stderr: r.stderr, code: r.status };
+}
+
+function applyUnifiedDiff(repoRoot, diffText) {
+  const patchPath = writeTempPatch(repoRoot, diffText);
+
+  const check = spawnSync("git", ["--version"], { stdio: "ignore" });
+  if (check.status !== 0) {
+    return { ok: false, error: "git not found; cannot apply unified diff safely" };
+  }
+
+  const res = applyPatchWithGit(repoRoot, patchPath);
+  return res.ok ? { ok: true } : { ok: false, error: res.stderr || "git apply failed", details: res };
+}
+
+module.exports = { applyUnifiedDiff };