@vibecheckai/cli 3.2.6 → 3.3.0

package/mcp-server/tier-auth.js

@@ -1,3 +1,4 @@
+/* vibecheck-disable */
 /**
  * MCP Server Tier Authentication & Authorization
  * 
@@ -35,6 +36,12 @@ export const TIERS = {
     canIssueVerdicts: false,
     canEnforceCI: false,
     canGenerateProof: false,
+    // Agent Firewall configuration
+    firewall: {
+      mode: 'observe',        // Log only, never block
+      canOverride: false,     // Cannot override blocks
+      auditEnabled: false,    // No audit trail
+    },
     // Limits
     limits: { 
       scans: -1,  // Unlimited scans
@@ -47,7 +54,20 @@ export const TIERS = {
       'vibecheck.get_truthpack',
       'vibecheck.compile_context',
       'vibecheck.search_evidence',
+      'vibecheck_agent_firewall_intercept',  // Observe mode
+      'vibecheck_conductor_status',  // Read-only coordination status
+      // Authority System - FREE tier
+      'vibecheck.classify',         // Inventory authority (read-only)
+      'vibecheck.authority_list',   // List available authorities
     ],
+    // Authority System configuration
+    authority: {
+      canClassify: true,          // Can run inventory analysis
+      canApprove: false,          // Cannot get verdicts
+      canEnforce: false,          // Cannot enforce in CI
+      canGenerateBadge: false,    // Cannot generate badges
+      availableAuthorities: ['inventory'],
+    },
   },
   starter: {
     name: 'STARTER',
@@ -58,6 +78,12 @@ export const TIERS = {
     canIssueVerdicts: true,  // SHIP, WARN only
     canEnforceCI: false,     // Cannot block builds
     canGenerateProof: false, // Cannot generate proof
+    // Agent Firewall configuration
+    firewall: {
+      mode: 'advisory',       // Warn but allow
+      canOverride: true,      // Can override with reason
+      auditEnabled: true,     // Basic audit trail
+    },
     // Limits
     limits: { 
       scans: -1,           // Unlimited scans
@@ -77,7 +103,28 @@ export const TIERS = {
       'vibecheck.find_counterexamples',
       'vibecheck.check_invariants',
       'vibecheck.fix',       // Plan mode only
+      'vibecheck_agent_firewall_intercept',  // Advisory mode
+      // Conductor - multi-agent coordination
+      'vibecheck_conductor_register',
+      'vibecheck_conductor_acquire_lock',
+      'vibecheck_conductor_release_lock',
+      'vibecheck_conductor_propose',
+      'vibecheck_conductor_status',
+      'vibecheck_conductor_terminate',
+      // Authority System - STARTER tier
+      'vibecheck.classify',         // Inventory authority
+      'vibecheck.approve',          // Advisory verdicts
+      'vibecheck.authority_list',   // List authorities
+      'vibecheck.authority_approve', // Authority approval (advisory)
     ],
+    // Authority System configuration
+    authority: {
+      canClassify: true,          // Can run inventory analysis
+      canApprove: true,           // Can get advisory verdicts
+      canEnforce: false,          // Cannot enforce in CI
+      canGenerateBadge: false,    // Cannot generate badges
+      availableAuthorities: ['inventory', 'safe-consolidation'],
+    },
   },
   pro: {
     name: 'PRO',
@@ -88,6 +135,13 @@ export const TIERS = {
     canIssueVerdicts: true,  // SHIP, WARN, BLOCK
     canEnforceCI: true,      // Can block builds
     canGenerateProof: true,  // Can generate cryptographic proof
+    // Agent Firewall configuration
+    firewall: {
+      mode: 'enforce',        // Block violations
+      canOverride: true,      // Can override with approval
+      auditEnabled: true,     // Full audit trail
+      criticEnabled: true,    // Enable Critic LLM
+    },
     // Limits
     limits: { 
       scans: -1,
@@ -97,6 +151,14 @@ export const TIERS = {
     },
     // MCP tools - FULL ACCESS
     mcpTools: ['*'],  // All tools unlocked
+    // Authority System configuration
+    authority: {
+      canClassify: true,          // Can run inventory analysis
+      canApprove: true,           // Can get verdicts
+      canEnforce: true,           // Can enforce in CI (STOP verdicts block)
+      canGenerateBadge: true,     // Can generate authority badges
+      availableAuthorities: ['inventory', 'safe-consolidation', 'security-remediation'],
+    },
   },
   enterprise: {
     name: 'ENTERPRISE',
@@ -107,6 +169,14 @@ export const TIERS = {
     canIssueVerdicts: true,
     canEnforceCI: true,
     canGenerateProof: true,
+    // Agent Firewall configuration
+    firewall: {
+      mode: 'enforce',        // Block violations
+      canOverride: true,      // Can override with multi-approval
+      auditEnabled: true,     // Full compliance audit trail
+      criticEnabled: true,    // Enable Critic LLM
+      complianceMode: true,   // Generate compliance artifacts
+    },
     // Limits
     limits: { 
       scans: -1,
@@ -116,9 +186,46 @@ export const TIERS = {
     },
     // MCP tools - FULL ACCESS + Compliance
     mcpTools: ['*'],
+    // Authority System configuration
+    authority: {
+      canClassify: true,          // Can run inventory analysis
+      canApprove: true,           // Can get verdicts
+      canEnforce: true,           // Can enforce in CI (STOP verdicts block)
+      canGenerateBadge: true,     // Can generate authority badges
+      canCustomize: true,         // Can create custom authorities
+      availableAuthorities: ['*'], // All authorities including custom
+    },
   }
 };
 
+// ═══════════════════════════════════════════════════════════════════════════════
+// CLI FEATURE → TIER MAPPING
+// Maps CLI features (not MCP tools) to minimum required tier
+// ═══════════════════════════════════════════════════════════════════════════════
+export const CLI_FEATURE_TIERS = {
+  // FREE - Basic scanning (always available)
+  'scan': 'free',
+  'ctx': 'free',
+  'ship': 'free',
+  'classify': 'free',         // Authority: inventory (read-only)
+  
+  // STARTER - Enhanced features
+  'gate': 'starter',
+  'badge': 'starter',
+  'fix': 'starter',           // Plan mode
+  'approve': 'starter',       // Authority: advisory verdicts
+  'authority.starter': 'starter', // Authority System access
+  
+  // PRO - Full enforcement
+  'prove': 'pro',
+  'fix.apply_patches': 'pro', // Apply mode
+  'reality': 'pro',
+  'autopilot': 'pro',
+  'verify': 'pro',
+  'authority.pro': 'pro',     // Authority: enforced verdicts + badges
+  'authority.enforce': 'pro', // Authority: CI blocking
+};
+
 // ═══════════════════════════════════════════════════════════════════════════════
 // MCP TOOL → TIER MAPPING (Unified Authority System)
 // Aligned with packages/core/src/features.ts
@@ -129,6 +236,9 @@ export const MCP_TOOL_TIERS = {
   'vibecheck.get_truthpack': 'free',
   'vibecheck.compile_context': 'free',
   'vibecheck.search_evidence': 'free',
+  'vibecheck_agent_firewall_intercept': 'free',  // Observe mode only
+  'vibecheck.classify': 'free',         // Authority: inventory (read-only)
+  'vibecheck.authority_list': 'free',   // List available authorities
   
   // STARTER - Advisory verdict authority
   // Starter users may fix, but not prove
@@ -141,6 +251,8 @@ export const MCP_TOOL_TIERS = {
   'vibecheck.check_invariants': 'starter',
   'vibecheck.gate': 'starter',          // Advisory gates
   'vibecheck.badge': 'starter',         // Unverified badges
+  'vibecheck.approve': 'starter',       // Authority: advisory verdicts
+  'vibecheck.authority_approve': 'starter', // Authority approval (advisory)
   
   // PRO - Full verdict authority & enforcement
   // Pro users may enforce reality
@@ -155,6 +267,8 @@ export const MCP_TOOL_TIERS = {
   'vibecheck.report': 'pro',            // Advanced reporting
   'vibecheck.allowlist': 'pro',         // Manage allowlists
   'vibecheck.status': 'pro',            // Advanced status
+  'vibecheck.authority_enforce': 'pro', // Authority: enforced verdicts
+  'vibecheck.authority_badge': 'pro',   // Authority: generate badges
 };
 
 /**
@@ -170,50 +284,149 @@ async function loadUserConfig() {
   }
 }
 
+// ═══════════════════════════════════════════════════════════════════════════════
+// SECURE TIER VALIDATION - API-First with Caching
+// SECURITY: Never trust API key prefix alone - always validate with API
+// ═══════════════════════════════════════════════════════════════════════════════
+
 /**
- * Determine tier from API key
- * Matches CLI entitlements-v2.js logic
+ * Tier cache to avoid hammering the API on every request
+ * Structure: Map<apiKeyHash, { tier, validatedAt, expiresAt }>
+ */
+const tierCache = new Map();
+const TIER_CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes
+const TIER_CACHE_MAX_SIZE = 1000; // Prevent unbounded growth
+
+/**
+ * Hash API key for cache key (don't store raw keys in memory)
+ */
+function hashApiKey(apiKey) {
+  const crypto = require('crypto');
+  return crypto.createHash('sha256').update(apiKey).digest('hex').slice(0, 32);
+}
+
+/**
+ * Evict expired entries and enforce max size
+ */
+function cleanupTierCache() {
+  const now = Date.now();
+  for (const [key, value] of tierCache) {
+    if (value.expiresAt < now) {
+      tierCache.delete(key);
+    }
+  }
+  // If still too large, evict oldest entries
+  if (tierCache.size > TIER_CACHE_MAX_SIZE) {
+    const entries = Array.from(tierCache.entries())
+      .sort((a, b) => a[1].validatedAt - b[1].validatedAt);
+    const toDelete = entries.slice(0, tierCache.size - TIER_CACHE_MAX_SIZE);
+    for (const [key] of toDelete) {
+      tierCache.delete(key);
+    }
+  }
+}
+
+/**
+ * Determine tier from API key - ALWAYS validates with API first
+ * 
+ * SECURITY FIX: Previous version checked prefix patterns BEFORE API validation,
+ * allowing attackers to spoof tier with fake keys like "gr_pro_anything".
+ * Now we ALWAYS validate with API first. Prefix is never authoritative.
+ * 
+ * @param {string} apiKey - The API key to validate
+ * @returns {Promise<string|null>} - Tier name or null if invalid
  */
 async function getTierFromApiKey(apiKey) {
-  if (!apiKey) return null; // No API key = no access
+  if (!apiKey || typeof apiKey !== 'string') return null;
   
-  // Check API key prefix patterns (matches CLI)
-  if (apiKey.startsWith('gr_starter_')) return 'starter';
-  if (apiKey.startsWith('gr_pro_')) return 'pro';
-  if (apiKey.startsWith('gr_enterprise_') || apiKey.startsWith('gr_ent_')) return 'enterprise';
-  if (apiKey.startsWith('gr_free_')) return 'free';
+  // Validate key format (basic sanity check)
+  if (apiKey.length < 10 || apiKey.length > 256) return null;
   
-  // Try to validate with API
+  const keyHash = hashApiKey(apiKey);
+  const now = Date.now();
+  
+  // Check cache first (only if not expired)
+  const cached = tierCache.get(keyHash);
+  if (cached && cached.expiresAt > now) {
+    return cached.tier;
+  }
+  
+  // ALWAYS validate with API - this is the authoritative source
   try {
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), 10000); // 10s timeout
+    
     const response = await fetch('https://api.vibecheckai.dev/whoami', {
       headers: {
         'Authorization': `Bearer ${apiKey}`,
         'Content-Type': 'application/json',
       },
+      signal: controller.signal,
     });
     
+    clearTimeout(timeoutId);
+    
     if (!response.ok) {
-      return null; // Invalid API key
+      // API explicitly rejected this key - it's invalid
+      // Cache the rejection briefly to avoid hammering on invalid keys
+      tierCache.set(keyHash, {
+        tier: null,
+        validatedAt: now,
+        expiresAt: now + 60000, // Cache rejections for 1 minute
+      });
+      return null;
     }
     
     const data = await response.json();
     
     // Map API response to tier
+    let tier;
     switch (data.plan?.toLowerCase()) {
       case 'starter':
-        return 'starter';
+        tier = 'starter';
+        break;
       case 'pro':
-        return 'pro';
+        tier = 'pro';
+        break;
       case 'enterprise':
-        return 'enterprise';
+        tier = 'enterprise';
+        break;
       default:
-        return 'free';
+        tier = 'free';
+    }
+    
+    // Cache the validated tier
+    tierCache.set(keyHash, {
+      tier,
+      validatedAt: now,
+      expiresAt: now + TIER_CACHE_TTL_MS,
+    });
+    
+    // Periodic cleanup
+    if (tierCache.size > TIER_CACHE_MAX_SIZE * 0.9) {
+      cleanupTierCache();
     }
+    
+    return tier;
+    
   } catch (error) {
-    console.error('API validation failed:', error);
-    return null; // On error, deny access
+    // Network error - check if we have a recent valid cache entry
+    // (This allows graceful degradation during brief network issues)
+    if (cached && cached.tier !== null) {
+      // Only use stale cache if it was validated within last 15 minutes
+      // and the original validation was successful (tier !== null)
+      const staleTolerance = 15 * 60 * 1000; // 15 minutes
+      if (now - cached.validatedAt < staleTolerance) {
+        console.error(`[TIER-AUTH] API unreachable, using stale cache for ${keyHash.slice(0, 8)}...`);
+        return cached.tier;
+      }
+    }
+    
+    // No valid cache - fail closed for security
+    console.error('[TIER-AUTH] API validation failed with no valid cache, denying access:', error.message);
+    return null;
   }
-} // default for unknown keys
+}
 
 /**
  * Check if user has access to a specific feature
@@ -245,28 +458,20 @@ export async function getFeatureAccessStatus(featureName, providedApiKey = null)
   }
   const currentTierConfig = TIERS[currentTier];
   
-  // Find which tier has this feature
-  let requiredTier = null;
-  let requiredTierConfig = null;
+  // Find which tier requires this feature using CLI_FEATURE_TIERS mapping
+  const requiredTier = CLI_FEATURE_TIERS[featureName];
   
-  for (const [tierName, tierConfig] of Object.entries(TIERS)) {
-    if (tierConfig.features.includes(featureName)) {
-      requiredTier = tierName;
-      requiredTierConfig = tierConfig;
-      break;
-    }
-  }
-  
-  // If feature not found in any tier, deny access
+  // If feature not found in mapping, allow it (default to free)
   if (!requiredTier) {
     return {
-      hasAccess: false,
+      hasAccess: true,
       tier: currentTier,
-      reason: `${featureName} is not available in any tier`,
-      upgradeUrl: 'https://vibecheckai.dev'
+      reason: `Feature '${featureName}' has no tier restriction`
     };
   }
   
+  const requiredTierConfig = TIERS[requiredTier];
+  
   // Check if current tier meets minimum requirement (using order)
   const hasAccess = currentTierConfig.order >= requiredTierConfig.order;
   
@@ -292,7 +497,7 @@ export async function getFeatureAccessStatus(featureName, providedApiKey = null)
  */
 export function withTierCheck(featureName, handler) {
   return async (args) => {
-    const access = await checkFeatureAccess(featureName, args?.apiKey);
+    const access = await getFeatureAccessStatus(featureName, args?.apiKey);
     
     if (!access.hasAccess) {
       return {
@@ -398,7 +603,7 @@ export async function getMcpToolAccess(toolName, providedApiKey = null) {
  */
 export function withMcpToolCheck(toolName, handler) {
   return async (args) => {
-    const access = await checkMcpToolAccess(toolName, args?.apiKey);
+    const access = await getMcpToolAccess(toolName, args?.apiKey);
     
     if (!access.hasAccess) {
       return {
@@ -432,12 +637,17 @@ export async function getUserInfo() {
   const tier = getTierFromApiKey(config.apiKey);
   const tierConfig = TIERS[tier];
   
+  // Get features available for this tier from CLI_FEATURE_TIERS
+  const availableFeatures = Object.entries(CLI_FEATURE_TIERS)
+    .filter(([, reqTier]) => TIERS[reqTier].order <= tierConfig.order)
+    .map(([feature]) => feature);
+  
   return {
     authenticated: true,
     tier,
     email: config.email,
     authenticatedAt: config.authenticatedAt,
-    features: tierConfig.features,
+    features: availableFeatures,
     limits: tierConfig.limits,
     mcpTools: tierConfig.mcpTools,
   };

package/mcp-server/truth-firewall-tools.js

@@ -570,8 +570,47 @@ export function enforceClaimResult(result, policy = "strict") {
   return { allowed: true, confidence: derived };
 }
 
+// =============================================================================
+// CLAIM VALIDATION WITH RACE CONDITION PROTECTION
+// 
+// SECURITY FIX: Previous implementation had a TOCTOU race condition:
+// 1. Thread A: hasRecentClaimValidation() returns true
+// 2. Thread B: invalidates the claim (file change, etc.)
+// 3. Thread A: proceeds with stale claim → invalid state
+// 
+// New implementation uses atomic check-and-consume pattern with per-project locks.
+// =============================================================================
+
+/**
+ * Per-project validation locks to prevent concurrent operations
+ * from using the same validation state.
+ */
+const validationLocks = new Map(); // Map<projectPath, { locked: boolean, queue: Promise }>
+
+/**
+ * Acquire a validation lock for a project (serializes validation checks).
+ */
+function acquireValidationLock(projectPath) {
+  let lockState = validationLocks.get(projectPath);
+  if (!lockState) {
+    lockState = { locked: false, queue: Promise.resolve() };
+    validationLocks.set(projectPath, lockState);
+  }
+  
+  const acquirePromise = lockState.queue.then(() => {
+    lockState.locked = true;
+    return () => {
+      lockState.locked = false;
+    };
+  });
+  
+  lockState.queue = acquirePromise.catch(() => {});
+  return acquirePromise;
+}
+
 /**
- * Claim validation freshness per policy TTL.
+ * Check claim validation freshness (basic check, no lock).
+ * Use checkAndConsumeClaimValidation for atomic operations.
  */
 export function hasRecentClaimValidation(projectPath, policy = "strict") {
   const last = state.lastValidationByProject.get(projectPath);
@@ -580,6 +619,56 @@ export function hasRecentClaimValidation(projectPath, policy = "strict") {
   return Date.now() - last <= ttl;
 }
 
+/**
+ * Atomic check-and-consume claim validation.
+ * 
+ * SECURITY: Use this for operations that depend on claim validation.
+ * It ensures no other operation can use the same validation state concurrently.
+ * 
+ * @param {string} projectPath - Project path
+ * @param {string} policy - Policy name (strict/balanced/permissive)
+ * @param {string} operationId - Unique ID for this operation (for audit)
+ * @returns {Promise<{ valid: boolean, consumedAt?: number, reason?: string }>}
+ */
+export async function checkAndConsumeClaimValidation(projectPath, policy = "strict", operationId = null) {
+  const release = await acquireValidationLock(projectPath);
+  
+  try {
+    const last = state.lastValidationByProject.get(projectPath);
+    const now = Date.now();
+    
+    if (typeof last !== "number") {
+      return { 
+        valid: false, 
+        reason: "No claim validation found for this project" 
+      };
+    }
+    
+    const ttl = getPolicyConfig(policy).validationTTL;
+    const age = now - last;
+    
+    if (age > ttl) {
+      return { 
+        valid: false, 
+        reason: `Claim validation expired (age: ${Math.round(age / 1000)}s, TTL: ${Math.round(ttl / 1000)}s)` 
+      };
+    }
+    
+    // Mark this validation as consumed by updating the timestamp
+    // This prevents replay/reuse of the same validation
+    state.lastValidationByProject.set(projectPath, now);
+    
+    return { 
+      valid: true, 
+      consumedAt: now,
+      operationId,
+    };
+    
+  } finally {
+    release();
+  }
+}
+
 // =============================================================================
 // FINGERPRINT + WRAPPER
 // =============================================================================
@@ -1069,22 +1158,63 @@ async function proposePatch(projectPath, args) {
   return patch;
 }
 
+/**
+ * Validate command against strict allowlist.
+ * 
+ * SECURITY FIX: Previous allowlist was too permissive, allowing arbitrary code execution:
+ * - "node -e 'require(\"child_process\").exec(\"rm -rf /\")'" would pass
+ * - "npm exec malicious-package" would pass
+ * - "pnpm dlx evil-tool" would pass
+ * 
+ * New allowlist only permits specific safe subcommands.
+ */
 function commandAllowlisted(cmd) {
-  // Keep this tight. Expand only if you mean it.
-  const allow = [
-    /^vibecheck(\s|$)/,
-    /^pnpm(\s|$)/,
-    /^npm(\s|$)/,
-    /^yarn(\s|$)/,
-    /^node(\s|$)/,
-    /^bun(\s|$)/,
-    /^vitest(\s|$)/,
-    /^jest(\s|$)/,
-    /^tsc(\s|$)/,
-    /^eslint(\s|$)/,
-    /^playwright(\s|$)/,
+  const trimmed = cmd.trim();
+  
+  // Reject commands with shell metacharacters that could enable injection
+  // These are dangerous even in "safe" commands: ; | & $ ` \ ( ) { } < > \n
+  if (/[;|&$`\\(){}<>\n]/.test(trimmed)) {
+    return false;
+  }
+  
+  // Reject commands that use flags commonly used for code execution
+  if (/\s-[eEc]\s|\s--eval\s|\s--exec\s/i.test(trimmed)) {
+    return false;
+  }
+  
+  // Strict allowlist: only specific commands with specific safe subcommands
+  const strictAllow = [
+    // Vibecheck CLI - only specific safe commands
+    /^vibecheck\s+(ship|scan|ctx|lint|status)\b/,
+    /^vibecheck\s+--help\b/,
+    /^vibecheck\s+--version\b/,
+    
+    // Package managers - only test/build/lint (no exec, dlx, or install scripts)
+    /^pnpm\s+(test|build|lint|typecheck|check|run\s+(test|build|lint|typecheck))\b/,
+    /^npm\s+(test|run\s+(test|build|lint|typecheck))\b/,
+    /^yarn\s+(test|build|lint|typecheck|run\s+(test|build|lint|typecheck))\b/,
+    /^bun\s+(test|run\s+(test|build|lint))\b/,
+    
+    // TypeScript compiler - only type checking (no emit)
+    /^tsc\s+(--noEmit|--build)\b/,
+    /^tsc$/,  // Default tsc with no args is safe
+    
+    // Linters - safe read-only operations
+    /^eslint\s+/,  // ESLint with any args (read-only)
+    /^eslint$/,
+    
+    // Test runners - only run tests
+    /^vitest\s*(run|--run)?\b/,
+    /^vitest$/,
+    /^jest\s*(--ci|--coverage|--passWithNoTests)?\b/,
+    /^jest$/,
+    
+    // Playwright - only test mode (no codegen which opens browsers)
+    /^playwright\s+test\b/,
+    /^npx\s+playwright\s+test\b/,
   ];
-  return allow.some((re) => re.test(cmd.trim()));
+  
+  return strictAllow.some((re) => re.test(trimmed));
 }
 
 async function verifyPatch(projectPath, args) {

package/mcp-server/vibecheck-tools.js

@@ -13,7 +13,7 @@
 import path from "path";
 import fs from "fs/promises";
 import { execSync } from "child_process";
-import { withTierCheck, checkFeatureAccess } from "./tier-auth.js";
+import { withTierCheck, getFeatureAccessStatus } from "./tier-auth.js";
 
 // ============================================================================
 // TOOL DEFINITIONS
@@ -292,7 +292,7 @@ export async function handleVibecheckTool(toolName, args) {
 
   const requiredFeature = featureMap[toolName];
   if (requiredFeature) {
-    const access = await checkFeatureAccess(requiredFeature, args?.apiKey);
+    const access = await getFeatureAccessStatus(requiredFeature, args?.apiKey);
     if (!access.hasAccess) {
       return {
         content: [{

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vibecheckai/cli",
-  "version": "3.2.6",
+  "version": "3.3.0",
   "description": "Vibecheck CLI - Ship with confidence. One verdict: SHIP | WARN | BLOCK.",
   "main": "bin/vibecheck.js",
   "bin": {
@@ -37,7 +37,6 @@
     "js-yaml": "^4.1.0",
     "ora": "^8.0.0",
     "uuid": "^9.0.0",
-    "yaml": "^2.3.0",
     "zod": "^3.23.0"
   },
   "optionalDependencies": {
@@ -77,7 +76,7 @@
     "url": "https://github.com/vibecheck-oss/vibecheck/issues"
   },
   "engines": {
-    "node": ">=18.0.0"
+    "node": ">=20.11"
   },
   "publishConfig": {
     "access": "public"