@vibecheckai/cli 3.2.5 → 3.3.0

package/bin/runners/lib/reality-findings.js

@@ -1,84 +1,84 @@
-// bin/runners/lib/reality-findings.js
-const fs = require("fs");
-const path = require("path");
-
-function loadLastReality(repoRoot, maxAgeHours = 12) {
-  const p = path.join(repoRoot, ".vibecheck", "reality", "last_reality.json");
-  if (!fs.existsSync(p)) return null;
-
-  const obj = JSON.parse(fs.readFileSync(p, "utf8"));
-  const finishedAt = obj?.meta?.finishedAt ? new Date(obj.meta.finishedAt).getTime() : 0;
-  if (!finishedAt) return null;
-
-  const ageMs = Date.now() - finishedAt;
-  if (ageMs > maxAgeHours * 3600 * 1000) return null; // stale
-
-  return obj;
-}
-
-function findingsFromReality(repoRoot) {
-  const r = loadLastReality(repoRoot);
-  if (!r) return [];
-
-  const out = [];
-  for (const f of r.findings || []) {
-    // Preserve original category (DeadUI, AuthCoverage, etc.)
-    const category = f.category || "DeadUI";
-    
-    // Generate appropriate fix hints based on category
-    let fixHints;
-    if (category === "AuthCoverage") {
-      fixHints = [
-        "Verify your Next.js matcher config protects this route.",
-        "Ensure middleware redirects unauthenticated users.",
-        "Check that session/auth state is being validated server-side."
-      ];
-    } else {
-      fixHints = [
-        "Ensure the element has a real onClick/handler and it returns a real result.",
-        "If it calls /api/*, ensure the route exists and returns success only on res.ok.",
-        "If it's intentionally disabled, reflect that visually and remove the click affordance."
-      ];
-    }
-
-    out.push({
-      id: `F_REALITY_${f.id}`,
-      severity: f.severity === "BLOCK" ? "BLOCK" : "WARN",
-      category,
-      title: f.title,
-      why: category === "AuthCoverage" 
-        ? "Reality Runner detected an auth boundary violation."
-        : "Reality Runner found a UI interaction that fails in the running app.",
-      confidence: "high",
-      evidence: [
-        {
-          id: `ev_${f.id}`,
-          file: f.page ? String(f.page).replace(/^https?:\/\//, "") : "runtime",
-          lines: "0-0",
-          snippetHash: (f.screenshot || "runtime").slice(0, 80),
-          reason: f.reason
-        }
-      ],
-      fixHints
-    });
-  }
-
-  // escalate raw runtime console errors into WARN
-  const ce = (r.consoleErrors || []).slice(0, 5);
-  if (ce.length) {
-    out.push({
-      id: "F_REALITY_CONSOLE_ERRORS",
-      severity: "WARN",
-      category: "DeadUI",
-      title: `Console errors observed during Reality run (${ce.length})`,
-      why: "Console errors often correlate with broken UI handlers or missing data paths.",
-      confidence: "med",
-      evidence: [],
-      fixHints: ["Open the Reality report and fix the first error in the consoleErrors list."]
-    });
-  }
-
-  return out;
-}
-
-module.exports = { findingsFromReality };
+// bin/runners/lib/reality-findings.js
+const fs = require("fs");
+const path = require("path");
+
+function loadLastReality(repoRoot, maxAgeHours = 12) {
+  const p = path.join(repoRoot, ".vibecheck", "reality", "last_reality.json");
+  if (!fs.existsSync(p)) return null;
+
+  const obj = JSON.parse(fs.readFileSync(p, "utf8"));
+  const finishedAt = obj?.meta?.finishedAt ? new Date(obj.meta.finishedAt).getTime() : 0;
+  if (!finishedAt) return null;
+
+  const ageMs = Date.now() - finishedAt;
+  if (ageMs > maxAgeHours * 3600 * 1000) return null; // stale
+
+  return obj;
+}
+
+function findingsFromReality(repoRoot) {
+  const r = loadLastReality(repoRoot);
+  if (!r) return [];
+
+  const out = [];
+  for (const f of r.findings || []) {
+    // Preserve original category (DeadUI, AuthCoverage, etc.)
+    const category = f.category || "DeadUI";
+    
+    // Generate appropriate fix hints based on category
+    let fixHints;
+    if (category === "AuthCoverage") {
+      fixHints = [
+        "Verify your Next.js matcher config protects this route.",
+        "Ensure middleware redirects unauthenticated users.",
+        "Check that session/auth state is being validated server-side."
+      ];
+    } else {
+      fixHints = [
+        "Ensure the element has a real onClick/handler and it returns a real result.",
+        "If it calls /api/*, ensure the route exists and returns success only on res.ok.",
+        "If it's intentionally disabled, reflect that visually and remove the click affordance."
+      ];
+    }
+
+    out.push({
+      id: `F_REALITY_${f.id}`,
+      severity: f.severity === "BLOCK" ? "BLOCK" : "WARN",
+      category,
+      title: f.title,
+      why: category === "AuthCoverage" 
+        ? "Reality Runner detected an auth boundary violation."
+        : "Reality Runner found a UI interaction that fails in the running app.",
+      confidence: "high",
+      evidence: [
+        {
+          id: `ev_${f.id}`,
+          file: f.page ? String(f.page).replace(/^https?:\/\//, "") : "runtime",
+          lines: "0-0",
+          snippetHash: (f.screenshot || "runtime").slice(0, 80),
+          reason: f.reason
+        }
+      ],
+      fixHints
+    });
+  }
+
+  // escalate raw runtime console errors into WARN
+  const ce = (r.consoleErrors || []).slice(0, 5);
+  if (ce.length) {
+    out.push({
+      id: "F_REALITY_CONSOLE_ERRORS",
+      severity: "WARN",
+      category: "DeadUI",
+      title: `Console errors observed during Reality run (${ce.length})`,
+      why: "Console errors often correlate with broken UI handlers or missing data paths.",
+      confidence: "med",
+      evidence: [],
+      fixHints: ["Open the Reality report and fix the first error in the consoleErrors list."]
+    });
+  }
+
+  return out;
+}
+
+module.exports = { findingsFromReality };

package/bin/runners/lib/receipts.js

@@ -1,179 +1,179 @@
-/**
- * Receipts and Manifests Generation
- * 
- * Creates manifest.json and receipt.json for paid command runs.
- * Required for audit trail and billing verification.
- */
-
-"use strict";
-
-const fs = require("fs");
-const path = require("path");
-const crypto = require("crypto");
-const { logUsage } = require("./usage");
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// RECEIPT GENERATION
-// ═══════════════════════════════════════════════════════════════════════════════
-
-function getRunDir(runId) {
-  const runDir = path.join(process.cwd(), ".vibecheck", "runs", runId);
-  const receiptsDir = path.join(process.cwd(), ".vibecheck", "receipts");
-  
-  // Ensure directories exist
-  if (!fs.existsSync(runDir)) fs.mkdirSync(runDir, { recursive: true });
-  if (!fs.existsSync(receiptsDir)) fs.mkdirSync(receiptsDir, { recursive: true });
-  
-  return { runDir, receiptsDir };
-}
-
-/**
- * Get git commit hash if available
- */
-function getGitInfo() {
-  try {
-    const gitDir = path.join(process.cwd(), ".git");
-    if (!fs.existsSync(gitDir)) return null;
-    
-    const headFile = path.join(gitDir, "HEAD");
-    if (!fs.existsSync(headFile)) return null;
-    
-    const headRef = fs.readFileSync(headFile, "utf8").trim();
-    const refMatch = headRef.match(/^ref: (.+)$/);
-    
-    if (refMatch) {
-      const refFile = path.join(gitDir, refMatch[1]);
-      if (fs.existsSync(refFile)) {
-        return fs.readFileSync(refFile, "utf8").trim();
-      }
-    } else {
-      // Detached HEAD
-      return headRef;
-    }
-  } catch {
-    return null;
-  }
-}
-
-/**
- * Calculate hash of manifest for receipt integrity
- */
-function calculateManifestHash(manifest) {
-  const manifestString = JSON.stringify(manifest, Object.keys(manifest).sort());
-  return crypto.createHash("sha256").update(manifestString).digest("hex");
-}
-
-/**
- * Create manifest and receipt for a command run
- */
-async function createManifestAndReceipt(options) {
-  const { runId, command, args, tier, exitCode, startTime, endTime, projectPath } = options;
-  const { runDir, receiptsDir } = getRunDir(runId);
-  
-  // Create manifest
-  const manifest = {
-    runId,
-    command,
-    args,
-    timestamp: startTime,
-    duration: endTime ? new Date(endTime).getTime() - new Date(startTime).getTime() : null,
-    project: {
-      path: projectPath,
-      git: getGitInfo(),
-      branch: process.env.GIT_BRANCH || null,
-    },
-    environment: {
-      nodeVersion: process.version,
-      platform: process.platform,
-      arch: process.arch,
-    },
-    execution: {
-      exitCode,
-      endTime,
-    },
-    outputs: [], // To be filled by runners if needed
-  };
-  
-  // Save manifest
-  const manifestPath = path.join(runDir, "manifest.json");
-  fs.writeFileSync(manifestPath, JSON.stringify(manifest, null, 2));
-  
-  // Create receipt
-  const manifestHash = calculateManifestHash(manifest);
-  const receipt = {
-    runId,
-    command,
-    tier,
-    timestamp: new Date().toISOString(),
-    manifestHash,
-    verification: {
-      algorithm: "SHA-256",
-      signature: "TODO: Implement server-side signing",
-    },
-    billing: {
-      tier,
-      charged: false, // TODO: Check with backend
-      usage: {
-        // Units will be populated by individual runners
-      },
-    },
-  };
-  
-  // Save receipt
-  const receiptPath = path.join(receiptsDir, `${runId}.json`);
-  fs.writeFileSync(receiptPath, JSON.stringify(receipt, null, 2));
-  
-  // Log usage (if units are provided)
-  if (options.units) {
-    logUsage({
-      runId,
-      command,
-      tier,
-      units: options.units,
-      timestamp: startTime,
-      projectPath,
-    });
-  }
-  
-  return { manifest, receipt, manifestPath, receiptPath };
-}
-
-/**
- * Verify a receipt against its manifest
- */
-function verifyReceipt(receiptPath) {
-  try {
-    const receipt = JSON.parse(fs.readFileSync(receiptPath, "utf8"));
-    const manifestPath = path.join(
-      process.cwd(), 
-      ".vibecheck", 
-      "runs", 
-      receipt.runId, 
-      "manifest.json"
-    );
-    
-    if (!fs.existsSync(manifestPath)) {
-      return { valid: false, error: "Manifest not found" };
-    }
-    
-    const manifest = JSON.parse(fs.readFileSync(manifestPath, "utf8"));
-    const calculatedHash = calculateManifestHash(manifest);
-    
-    if (calculatedHash !== receipt.manifestHash) {
-      return { valid: false, error: "Manifest hash mismatch" };
-    }
-    
-    return { valid: true, receipt, manifest };
-  } catch (error) {
-    return { valid: false, error: error.message };
-  }
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// EXPORTS
-// ═══════════════════════════════════════════════════════════════════════════════
-module.exports = {
-  createManifestAndReceipt,
-  verifyReceipt,
-  calculateManifestHash,
-};
+/**
+ * Receipts and Manifests Generation
+ * 
+ * Creates manifest.json and receipt.json for paid command runs.
+ * Required for audit trail and billing verification.
+ */
+
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const crypto = require("crypto");
+const { logUsage } = require("./usage");
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// RECEIPT GENERATION
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function getRunDir(runId) {
+  const runDir = path.join(process.cwd(), ".vibecheck", "runs", runId);
+  const receiptsDir = path.join(process.cwd(), ".vibecheck", "receipts");
+  
+  // Ensure directories exist
+  if (!fs.existsSync(runDir)) fs.mkdirSync(runDir, { recursive: true });
+  if (!fs.existsSync(receiptsDir)) fs.mkdirSync(receiptsDir, { recursive: true });
+  
+  return { runDir, receiptsDir };
+}
+
+/**
+ * Get git commit hash if available
+ */
+function getGitInfo() {
+  try {
+    const gitDir = path.join(process.cwd(), ".git");
+    if (!fs.existsSync(gitDir)) return null;
+    
+    const headFile = path.join(gitDir, "HEAD");
+    if (!fs.existsSync(headFile)) return null;
+    
+    const headRef = fs.readFileSync(headFile, "utf8").trim();
+    const refMatch = headRef.match(/^ref: (.+)$/);
+    
+    if (refMatch) {
+      const refFile = path.join(gitDir, refMatch[1]);
+      if (fs.existsSync(refFile)) {
+        return fs.readFileSync(refFile, "utf8").trim();
+      }
+    } else {
+      // Detached HEAD
+      return headRef;
+    }
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Calculate hash of manifest for receipt integrity
+ */
+function calculateManifestHash(manifest) {
+  const manifestString = JSON.stringify(manifest, Object.keys(manifest).sort());
+  return crypto.createHash("sha256").update(manifestString).digest("hex");
+}
+
+/**
+ * Create manifest and receipt for a command run
+ */
+async function createManifestAndReceipt(options) {
+  const { runId, command, args, tier, exitCode, startTime, endTime, projectPath } = options;
+  const { runDir, receiptsDir } = getRunDir(runId);
+  
+  // Create manifest
+  const manifest = {
+    runId,
+    command,
+    args,
+    timestamp: startTime,
+    duration: endTime ? new Date(endTime).getTime() - new Date(startTime).getTime() : null,
+    project: {
+      path: projectPath,
+      git: getGitInfo(),
+      branch: process.env.GIT_BRANCH || null,
+    },
+    environment: {
+      nodeVersion: process.version,
+      platform: process.platform,
+      arch: process.arch,
+    },
+    execution: {
+      exitCode,
+      endTime,
+    },
+    outputs: [], // To be filled by runners if needed
+  };
+  
+  // Save manifest
+  const manifestPath = path.join(runDir, "manifest.json");
+  fs.writeFileSync(manifestPath, JSON.stringify(manifest, null, 2));
+  
+  // Create receipt
+  const manifestHash = calculateManifestHash(manifest);
+  const receipt = {
+    runId,
+    command,
+    tier,
+    timestamp: new Date().toISOString(),
+    manifestHash,
+    verification: {
+      algorithm: "SHA-256",
+      signature: "TODO: Implement server-side signing",
+    },
+    billing: {
+      tier,
+      charged: false, // TODO: Check with backend
+      usage: {
+        // Units will be populated by individual runners
+      },
+    },
+  };
+  
+  // Save receipt
+  const receiptPath = path.join(receiptsDir, `${runId}.json`);
+  fs.writeFileSync(receiptPath, JSON.stringify(receipt, null, 2));
+  
+  // Log usage (if units are provided)
+  if (options.units) {
+    logUsage({
+      runId,
+      command,
+      tier,
+      units: options.units,
+      timestamp: startTime,
+      projectPath,
+    });
+  }
+  
+  return { manifest, receipt, manifestPath, receiptPath };
+}
+
+/**
+ * Verify a receipt against its manifest
+ */
+function verifyReceipt(receiptPath) {
+  try {
+    const receipt = JSON.parse(fs.readFileSync(receiptPath, "utf8"));
+    const manifestPath = path.join(
+      process.cwd(), 
+      ".vibecheck", 
+      "runs", 
+      receipt.runId, 
+      "manifest.json"
+    );
+    
+    if (!fs.existsSync(manifestPath)) {
+      return { valid: false, error: "Manifest not found" };
+    }
+    
+    const manifest = JSON.parse(fs.readFileSync(manifestPath, "utf8"));
+    const calculatedHash = calculateManifestHash(manifest);
+    
+    if (calculatedHash !== receipt.manifestHash) {
+      return { valid: false, error: "Manifest hash mismatch" };
+    }
+    
+    return { valid: true, receipt, manifest };
+  } catch (error) {
+    return { valid: false, error: error.message };
+  }
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// EXPORTS
+// ═══════════════════════════════════════════════════════════════════════════════
+module.exports = {
+  createManifestAndReceipt,
+  verifyReceipt,
+  calculateManifestHash,
+};

package/bin/runners/lib/redact.js

@@ -1,29 +1,29 @@
-// bin/runners/lib/redact.js
-function redactString(s) {
-  if (typeof s !== "string") return s;
-
-  return s
-    .replace(/(api[_-]?key|secret|token|password)\s*[:=]\s*["']?([^"'\s]{6,})["']?/gi, "$1: [REDACTED]")
-    .replace(/(bearer)\s+([a-z0-9_\-\.=]{12,})/gi, "$1 [REDACTED]")
-    .replace(/sk-[a-z0-9]{16,}/gi, "[REDACTED]")
-    .replace(/[a-z0-9+\/=]{80,}/gi, "[REDACTED_BLOB]");
-}
-
-function redactObject(obj) {
-  if (obj == null) return obj;
-  if (typeof obj === "string") return redactString(obj);
-  if (typeof obj !== "object") return obj;
-  if (Array.isArray(obj)) return obj.map(redactObject);
-
-  const out = {};
-  for (const [k, v] of Object.entries(obj)) {
-    if (/api[_-]?key|secret|token|password|private/i.test(k)) {
-      out[k] = "[REDACTED]";
-      continue;
-    }
-    out[k] = redactObject(v);
-  }
-  return out;
-}
-
-module.exports = { redactObject };
+// bin/runners/lib/redact.js
+function redactString(s) {
+  if (typeof s !== "string") return s;
+
+  return s
+    .replace(/(api[_-]?key|secret|token|password)\s*[:=]\s*["']?([^"'\s]{6,})["']?/gi, "$1: [REDACTED]")
+    .replace(/(bearer)\s+([a-z0-9_\-\.=]{12,})/gi, "$1 [REDACTED]")
+    .replace(/sk-[a-z0-9]{16,}/gi, "[REDACTED]")
+    .replace(/[a-z0-9+\/=]{80,}/gi, "[REDACTED_BLOB]");
+}
+
+function redactObject(obj) {
+  if (obj == null) return obj;
+  if (typeof obj === "string") return redactString(obj);
+  if (typeof obj !== "object") return obj;
+  if (Array.isArray(obj)) return obj.map(redactObject);
+
+  const out = {};
+  for (const [k, v] of Object.entries(obj)) {
+    if (/api[_-]?key|secret|token|password|private/i.test(k)) {
+      out[k] = "[REDACTED]";
+      continue;
+    }
+    out[k] = redactObject(v);
+  }
+  return out;
+}
+
+module.exports = { redactObject };