@vibecheckai/cli 3.2.6 → 3.4.0

package/bin/runners/lib/entitlements-v2.js

@@ -1,25 +1,9 @@
 /**
- * Entitlements v2 - CANONICAL Tier Enforcement
+ * VibeCheck Entitlements
  * 
- * SINGLE SOURCE OF TRUTH for all tier gating in vibecheck CLI.
- * Every command runner MUST use this module for access control.
- * 
- * NO BYPASS ALLOWED:
- * - No owner-mode env vars
- * - No offline fallback that grants paid features
- * - No silent feature access
- * 
- * Exit Codes:
- * - 0: Success
- * - 2: BLOCK verdict (CI failure)
- * - 3: Feature not allowed (upgrade required)
- * - 4: Misconfiguration/env error
- * 
- * Tiers:
- * - FREE ($0): Basic scanning and validation
- * - STARTER ($39/repo/mo): CI/CD gates, PR checks, badges, MCP
- * - PRO ($99/repo/mo): Full fix, prove, ai-test, share, advanced reality, permissions, graph, patch apply
- * - COMPLIANCE (Enterprise): Advanced compliance packs, audit trails
+ * Simple 2-tier model:
+ * - FREE ($0): Inspect & Observe
+ * - PRO ($69/mo): Fix, Prove & Enforce
  */
 
 "use strict";
@@ -27,301 +11,88 @@
 const fs = require("fs");
 const path = require("path");
 const os = require("os");
-const crypto = require("crypto");
 
-// ═══════════════════════════════════════════════════════════════════════════════
+// ============================================================================
 // EXIT CODES
-// ═══════════════════════════════════════════════════════════════════════════════
+// ============================================================================
 const EXIT_SUCCESS = 0;
-const EXIT_BLOCK_VERDICT = 2;
 const EXIT_FEATURE_NOT_ALLOWED = 3;
-const EXIT_MISCONFIG = 4;
 
-// ═══════════════════════════════════════════════════════════════════════════════
-// TIER DEFINITIONS - SOURCE OF TRUTH
-// ═══════════════════════════════════════════════════════════════════════════════
+// ============================================================================
+// TIERS
+// ============================================================================
 const TIERS = {
-  free: { name: "FREE", price: 0, order: 0 },
-  starter: { name: "STARTER", price: 39, order: 1 },  // Updated pricing
-  pro: { name: "PRO", price: 99, order: 2 },
-  compliance: { name: "COMPLIANCE", price: 0, order: 3 }, // Enterprise/on-prem
+  free: { name: "FREE", price: 0 },
+  pro: { name: "PRO", price: 69 },
 };
 
-// ═══════════════════════════════════════════════════════════════════════════════
-// ENTITLEMENTS MATRIX - SOURCE OF TRUTH
-// Format: feature -> { minTier, caps?, downgrade? }
-// ═══════════════════════════════════════════════════════════════════════════════
-const ENTITLEMENTS = {
-  // ─────────────────────────────────────────────────────────────────────────────
-  // CORE COMMANDS
-  // ─────────────────────────────────────────────────────────────────────────────
-  "scan": { minTier: "free" },
-  "scan.autofix": { minTier: "starter" },  // Apply safe fixes + missions
-  "ship": { minTier: "free", caps: { free: "static-only" } },
-  "ship.static": { minTier: "free" },
-  "ship.full": { minTier: "pro" },
-  
-  // ─────────────────────────────────────────────────────────────────────────────
-  // INIT MODES
-  // ─────────────────────────────────────────────────────────────────────────────
-  "init": { minTier: "free" },
-  "init.local": { minTier: "free" },      // Full local setup
-  "init.connect": { minTier: "starter" }, // GitHub Actions + PR comments
-  
-  // ─────────────────────────────────────────────────────────────────────────────
-  // CHECKPOINT
-  // ─────────────────────────────────────────────────────────────────────────────
-  "checkpoint": { minTier: "free", downgrade: "checkpoint.basic" },
-  "checkpoint.basic": { minTier: "free" },        // Basic diff comparison
-  "checkpoint.hallucination": { minTier: "pro" }, // Hallucination scoring
-  
-  // ─────────────────────────────────────────────────────────────────────────────
-  // REALITY TESTING
-  // ─────────────────────────────────────────────────────────────────────────────
-  "reality": { minTier: "free", downgrade: "reality.preview" },
-  "reality.preview": { minTier: "free", caps: { free: { maxPages: 5, maxClicks: 20, noAuthBoundary: true } } },
-  "reality.basic": { minTier: "starter", caps: { starter: { maxPages: 50, maxClicks: 200, basicAuthVerify: true } } },
-  "reality.full": { minTier: "pro" },
-  "reality.advanced_auth_boundary": { minTier: "pro" },
-  
-  // ─────────────────────────────────────────────────────────────────────────────
-  // PROVE COMMAND
-  // ─────────────────────────────────────────────────────────────────────────────
-  "prove": { minTier: "pro" },
-  
-  // ─────────────────────────────────────────────────────────────────────────────
-  // FIX COMMAND
-  // ─────────────────────────────────────────────────────────────────────────────
-  "fix": { minTier: "free", downgrade: "fix.plan_only" },
-  "fix.plan_only": { minTier: "free" },    // Generate missions, don't apply
-  "fix.apply_patches": { minTier: "pro" }, // Apply patches automatically
-  "fix.loop": { minTier: "pro" },          // Continuous fix loop
-  
-  // ─────────────────────────────────────────────────────────────────────────────
-  // REPORT FORMATS
-  // ─────────────────────────────────────────────────────────────────────────────
-  "report": { minTier: "free", downgrade: "report.html_md" },
-  "report.html_md": { minTier: "free" },
-  "report.sarif_csv": { minTier: "starter" },  // SARIF/CSV at STARTER
-  "report.compliance_packs": { minTier: "compliance" },
-  
-  // ─────────────────────────────────────────────────────────────────────────────
-  // SETUP & DX
-  // ─────────────────────────────────────────────────────────────────────────────
-  "install": { minTier: "free" },
-  "doctor": { minTier: "free" },
-  "status": { minTier: "free" },
-  "watch": { minTier: "free", downgrade: "watch.local" },
-  "watch.local": { minTier: "free" },      // Local-only file watching
-  "watch.pr": { minTier: "starter" },      // PR updates on changes
-  "preflight": { minTier: "free" },
-  "polish": { minTier: "free" },
-  
-  // ─────────────────────────────────────────────────────────────────────────────
-  // AI TRUTH
-  // ─────────────────────────────────────────────────────────────────────────────
-  "ctx": { minTier: "free" },
-  "guard": { minTier: "free" },
-  "context": { minTier: "free" },
-  "mdc": { minTier: "free" },
-  "contracts": { minTier: "free" },
-  
-  // ─────────────────────────────────────────────────────────────────────────────
-  // EXPORT COMMAND (subcommands gate individually)
-  // ─────────────────────────────────────────────────────────────────────────────
-  "export": { minTier: "free" },  // Base export command is free, subcommands gate themselves
-  
-  // ─────────────────────────────────────────────────────────────────────────────
-  // RUNTIME COMMAND (browser-based verification)
-  // ─────────────────────────────────────────────────────────────────────────────
-  "runtime": { minTier: "free", downgrade: "reality.preview" },  // Same as reality
-  
-  // ─────────────────────────────────────────────────────────────────────────────
-  // SECURITY COMMAND (AuthZ & IDOR)
-  // ─────────────────────────────────────────────────────────────────────────────
-  "security": { minTier: "pro" },
-  
-  // ─────────────────────────────────────────────────────────────────────────────
-  // AI FEATURES - Token/Cost Controls
-  // ─────────────────────────────────────────────────────────────────────────────
-  "ai": { minTier: "starter", downgrade: "ai.none" },
-  "ai.none": { minTier: "free", caps: { free: "No AI features - upgrade for AI" } },
-  "ai.starter": { 
-    minTier: "starter", 
-    caps: { 
-      starter: {
-        model: "gpt-3.5-turbo",           // Cheaper model for Starter
-        maxCallsPerMonth: 10,              // 10 AI calls/month
-        maxInputTokensPerRequest: 2000,    // ~$0.002 max input cost
-        maxOutputTokensPerRequest: 1000,   // ~$0.002 max output cost
-        maxCostPerMonth: 0.50,             // $0.50 max AI spend/month
-      }
-    } 
-  },
-  "ai.pro": { 
-    minTier: "pro", 
-    caps: { 
-      pro: {
-        model: "gpt-4-turbo-preview",     // Premium model for Pro
-        alternateModel: "claude-3-5-sonnet-20241022", // Fallback
-        maxCallsPerMonth: 50,              // 50 AI calls/month
-        maxInputTokensPerRequest: 4000,    // ~$0.04 max input cost
-        maxOutputTokensPerRequest: 2000,   // ~$0.06 max output cost
-        maxCostPerMonth: 5.00,             // $5.00 max AI spend/month
-      }
-    } 
-  },
-  "ai.compliance": { 
-    minTier: "compliance", 
-    caps: { 
-      compliance: {
-        model: "gpt-4-turbo-preview",
-        alternateModel: "claude-3-5-sonnet-20241022",
-        maxCallsPerMonth: 500,             // 500 AI calls/month
-        maxInputTokensPerRequest: 8000,
-        maxOutputTokensPerRequest: 4000,
-        maxCostPerMonth: 50.00,            // $50 max AI spend/month
-      }
-    } 
-  },
-  
-  // ─────────────────────────────────────────────────────────────────────────────
-  // PRO ONLY
-  // ─────────────────────────────────────────────────────────────────────────────
-  "replay": { minTier: "pro" },
-  "share": { minTier: "pro" },
-  "ai-test": { minTier: "pro" },
-  "permissions": { minTier: "pro" },
-  "graph": { minTier: "pro" },
-  
-  // ─────────────────────────────────────────────────────────────────────────────
-  // STARTER AND ABOVE
-  // ─────────────────────────────────────────────────────────────────────────────
-  "gate": { minTier: "starter" },
-  "pr": { minTier: "starter" },
-  "badge": { minTier: "starter", downgrade: "badge.basic" },
-  "badge.basic": { minTier: "starter" },           // Basic badge (STARTER)
-  "badge.verified": { minTier: "pro" },            // Verified badge with seal (PRO)
-  "fix_hints": { minTier: "starter" },             // Fix hints/missions in output
-  "launch": { minTier: "starter" },
-  "dashboard_sync": { minTier: "starter" },
-  
-  // MCP Server
-  "mcp": { minTier: "starter", downgrade: "mcp.help_only" },
-  "mcp.help_only": { minTier: "free", caps: { free: "help and print-config only" } },
-  "mcp.read_only": { minTier: "starter", caps: { starter: "read-only safe tools, rate limited" } },
-  "mcp.full": { minTier: "pro", caps: { pro: "full tools, audit logs, higher limits" } },
-  
-  // ─────────────────────────────────────────────────────────────────────────────
-  // ACCOUNT (ALWAYS FREE)
-  // ─────────────────────────────────────────────────────────────────────────────
-  "login": { minTier: "free" },
-  "logout": { minTier: "free" },
-  "whoami": { minTier: "free" },
-  
-  // Labs/experimental
-  "labs": { minTier: "free" },
-};
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// LIMITS BY TIER
-// ═══════════════════════════════════════════════════════════════════════════════
-const LIMITS = {
-  free: {
-    realityMaxPages: 5,
-    realityMaxClicks: 20,
-    realityAuthBoundary: false,
-    reportFormats: ["html", "md"],
-    fixApplyPatches: false,
-    scansPerMonth: 50,
-    shipChecksPerMonth: 20,
-  },
-  starter: {
-    realityMaxPages: 50,
-    realityMaxClicks: 200,
-    realityAuthBoundary: false,
-    realityAdvancedAuth: false,
-    reportFormats: ["html", "md", "sarif", "csv"],
-    fixApplyPatches: false,
-    scansPerMonth: 500,
-    shipChecksPerMonth: 200,
-  },
-  pro: {
-    realityMaxPages: -1, // unlimited
-    realityMaxClicks: -1,
-    realityAuthBoundary: true,
-    realityAdvancedAuth: true,
-    reportFormats: ["html", "md", "sarif", "csv"],
-    fixApplyPatches: true,
-    scansPerMonth: -1, // unlimited
-    shipChecksPerMonth: -1,
-  },
-  compliance: {
-    realityMaxPages: -1,
-    realityMaxClicks: -1,
-    realityAuthBoundary: true,
-    realityAdvancedAuth: true,
-    reportFormats: ["html", "md", "sarif", "csv", "compliance"],
-    fixApplyPatches: true,
-    scansPerMonth: -1,
-    shipChecksPerMonth: -1,
-  },
-};
-
-const API_BASE_URL = process.env.VIBECHECK_API_URL || "https://api.vibecheckai.dev";
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// CACHE PATHS
-// ═══════════════════════════════════════════════════════════════════════════════
-function getEntitlementsCachePath(projectPath) {
-  return path.join(projectPath || process.cwd(), ".vibecheck", ".entitlements.json");
+// ============================================================================
+// GATED FEATURES
+// ============================================================================
+const FREE_FEATURES = [
+  // Setup & environment
+  "init", "doctor", "install", "status", "watch", "preflight",
+  // Scan & analysis
+  "scan", "runtime",
+  // AI verification
+  "ctx", "contracts", "verify",
+  // Reports
+  "report", "export",
+  // Account
+  "login", "logout", "whoami",
+  // Preview modes
+  "reality.preview", "firewall.observe",
+  // Misc
+  "labs", "mdc",
+];
+
+const PRO_FEATURES = [
+  // CI/CD & PR
+  "gate", "pr", "badge", "ship",
+  // Fixes
+  "fix", "fix.apply", "scan.autofix",
+  // Prove & verify
+  "prove", "replay", "permissions", "graph", "ai-test", "share",
+  // Advanced
+  "checkpoint", "polish", "guard", "context",
+  // Full modes
+  "firewall.enforce", "reality.full", "mcp.full",
+  // All FREE features
+  ...FREE_FEATURES,
+];
+
+function isPro(tier) {
+  return tier === "pro";
 }
 
-function getGlobalConfigPath() {
-  const home = os.homedir();
-  if (process.platform === "win32") {
-    return path.join(process.env.APPDATA || path.join(home, "AppData", "Roaming"), "vibecheck", "config.json");
-  }
-  return path.join(home, ".config", "vibecheck", "config.json");
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// TIER COMPARISON
-// ═══════════════════════════════════════════════════════════════════════════════
-function tierMeetsMinimum(currentTier, requiredTier) {
-  const current = TIERS[currentTier]?.order ?? -1;
-  const required = TIERS[requiredTier]?.order ?? 999;
-  return current >= required;
+function tierHasFeature(tier, feature) {
+  if (tier === "pro") return true; // PRO has everything
+  return FREE_FEATURES.includes(feature);
 }
 
-function getTierLabel(tier) {
-  return TIERS[tier]?.name || tier.toUpperCase();
-}
+// ============================================================================
+// API
+// ============================================================================
+const API_BASE_URL = process.env.VIBECHECK_API_URL || "https://api.vibecheckai.dev";
 
-// ═══════════════════════════════════════════════════════════════════════════════
-// CORE API: getTier()
-// ═══════════════════════════════════════════════════════════════════════════════
 let _cachedTier = null;
 let _cachedTierExpiry = 0;
 
 async function getTier(options = {}) {
-  const { apiKey, projectPath, forceRefresh = false } = options;
+  const { apiKey, forceRefresh = false } = options;
   
-  // Check cache (5 minute TTL)
   if (!forceRefresh && _cachedTier && Date.now() < _cachedTierExpiry) {
     return _cachedTier;
   }
   
-  // No API key = free tier
   if (!apiKey) {
     _cachedTier = "free";
     _cachedTierExpiry = Date.now() + 300000;
     return "free";
   }
   
-  // Fetch from API
   try {
-    const res = await fetch(`${API_BASE_URL}/v1/entitlements`, {
+    const res = await fetch(`${API_BASE_URL}/v1/auth/whoami`, {
       method: "GET",
       headers: { "Authorization": `Bearer ${apiKey}` },
       signal: AbortSignal.timeout(5000),
@@ -329,113 +100,33 @@ async function getTier(options = {}) {
     
     if (res.ok) {
       const data = await res.json();
-      _cachedTier = data.tier || "free";
+      // Map any paid tier to 'pro'
+      const plan = data.plan || data.tier || "free";
+      _cachedTier = (plan === "free") ? "free" : "pro";
       _cachedTierExpiry = Date.now() + 300000;
-      
-      // Cache locally
-      try {
-        const cachePath = getEntitlementsCachePath(projectPath);
-        const dir = path.dirname(cachePath);
-        if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
-        fs.writeFileSync(cachePath, JSON.stringify({ tier: _cachedTier, fetchedAt: new Date().toISOString() }, null, 2));
-      } catch {}
-      
       return _cachedTier;
     }
-    
-    if (res.status === 401) {
-      return "free"; // Invalid key = free tier
-    }
   } catch {
-    // Network error - check local cache
-    try {
-      const cachePath = getEntitlementsCachePath(projectPath);
-      if (fs.existsSync(cachePath)) {
-        const cached = JSON.parse(fs.readFileSync(cachePath, "utf8"));
-        // Only use cache if less than 24 hours old
-        const fetchedAt = new Date(cached.fetchedAt).getTime();
-        if (Date.now() - fetchedAt < 24 * 3600 * 1000) {
-          return cached.tier || "free";
-        }
-      }
-    } catch {}
+    // Network error - default to free
   }
   
-  // Default to free (no offline bypass to paid features)
   return "free";
 }
 
-// ═══════════════════════════════════════════════════════════════════════════════
-// CORE API: getLimits()
-// ═══════════════════════════════════════════════════════════════════════════════
-function getLimits(tier) {
-  return LIMITS[tier] || LIMITS.free;
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// CORE API: enforce() - THE GATEKEEPER
-// ═══════════════════════════════════════════════════════════════════════════════
-/**
- * Enforce feature access. Returns enforcement result.
- * 
- * @param {string} feature - Feature key (e.g., "prove", "fix.apply_patches")
- * @param {object} options - { apiKey?, projectPath?, silent? }
- * @returns {object} - { allowed, tier, downgrade?, exitCode, message }
- */
+// ============================================================================
+// ENFORCE
+// ============================================================================
 async function enforce(feature, options = {}) {
-  const { apiKey, projectPath, silent = false } = options;
-  
-  const tier = await getTier({ apiKey, projectPath });
-  const entitlement = ENTITLEMENTS[feature];
+  const { apiKey, silent = false } = options;
+  const tier = await getTier({ apiKey });
   
-  if (!entitlement) {
-    // Unknown feature - block by default
-    return {
-      allowed: false,
-      tier,
-      exitCode: EXIT_MISCONFIG,
-      message: `Unknown feature: ${feature}`,
-    };
-  }
-  
-  const hasAccess = tierMeetsMinimum(tier, entitlement.minTier);
+  const hasAccess = tierHasFeature(tier, feature);
   
   if (hasAccess) {
-    // Full access
-    return {
-      allowed: true,
-      tier,
-      limits: getLimits(tier),
-      caps: entitlement.caps?.[tier] || null,
-    };
+    return { allowed: true, tier };
   }
   
-  // Check for downgrade option
-  if (entitlement.downgrade) {
-    const downgradeEntitlement = ENTITLEMENTS[entitlement.downgrade];
-    if (downgradeEntitlement && tierMeetsMinimum(tier, downgradeEntitlement.minTier)) {
-      // Downgrade allowed
-      const caps = downgradeEntitlement.caps?.[tier] || null;
-      const message = formatDowngradeMessage(feature, entitlement.downgrade, tier, entitlement.minTier, caps);
-      
-      if (!silent) {
-        console.log(message);
-      }
-      
-      return {
-        allowed: true,
-        tier,
-        downgrade: entitlement.downgrade,
-        limits: getLimits(tier),
-        caps,
-        message,
-      };
-    }
-  }
-  
-  // Not allowed - generate upgrade message
-  const message = formatUpgradeMessage(feature, tier, entitlement.minTier);
-  
+  const message = formatUpgradeMessage(feature);
   if (!silent) {
     console.error(message);
   }
@@ -443,80 +134,11 @@ async function enforce(feature, options = {}) {
   return {
     allowed: false,
     tier,
-    requiredTier: entitlement.minTier,
     exitCode: EXIT_FEATURE_NOT_ALLOWED,
     message,
   };
 }
 
-// ═══════════════════════════════════════════════════════════════════════════════
-// MESSAGING
-// ═══════════════════════════════════════════════════════════════════════════════
-const c = {
-  reset: "\x1b[0m",
-  bold: "\x1b[1m",
-  dim: "\x1b[2m",
-  red: "\x1b[31m",
-  green: "\x1b[32m",
-  yellow: "\x1b[33m",
-  cyan: "\x1b[36m",
-  magenta: "\x1b[35m",
-};
-
-function formatUpgradeMessage(feature, currentTier, requiredTier) {
-  const tierColors = { starter: c.cyan, pro: c.magenta, enterprise: c.yellow };
-  const reqColor = tierColors[requiredTier] || c.yellow;
-  
-  return `
-${c.red}${c.bold}⛔ Feature Not Available${c.reset}
-
-  ${c.yellow}${feature}${c.reset} requires ${reqColor}${getTierLabel(requiredTier)}${c.reset} plan.
-  Your current plan: ${c.dim}${getTierLabel(currentTier)}${c.reset}
-
-  ${c.cyan}Upgrade at:${c.reset} https://vibecheckai.dev/pricing
-
-  ${c.dim}Exit code: ${EXIT_FEATURE_NOT_ALLOWED}${c.reset}
-`;
-}
-
-function formatDowngradeMessage(feature, downgradeTo, currentTier, requiredTier, caps) {
-  const tierColors = { starter: c.cyan, pro: c.magenta, enterprise: c.yellow };
-  const reqColor = tierColors[requiredTier] || c.yellow;
-  
-  let capsStr = "";
-  if (caps) {
-    if (typeof caps === "string") {
-      capsStr = `  ${c.dim}Mode: ${caps}${c.reset}\n`;
-    } else if (typeof caps === "object") {
-      const entries = Object.entries(caps).map(([k, v]) => `${k}: ${v}`).join(", ");
-      capsStr = `  ${c.dim}Limits: ${entries}${c.reset}\n`;
-    }
-  }
-  
-  return `
-${c.yellow}${c.bold}⚠ Running in Preview Mode${c.reset}
-
-  Full ${c.yellow}${feature}${c.reset} requires ${reqColor}${getTierLabel(requiredTier)}${c.reset} plan.
-  Running ${c.green}${downgradeTo}${c.reset} instead.
-${capsStr}
-  ${c.cyan}Upgrade for full access:${c.reset} https://vibecheckai.dev/pricing
-`;
-}
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// CONVENIENCE HELPERS
-// ═══════════════════════════════════════════════════════════════════════════════
-
-/**
- * Check if a command is allowed (does not print messages)
- */
-async function checkCommand(command, options = {}) {
-  return enforce(command, { ...options, silent: true });
-}
-
-/**
- * Enforce and exit if not allowed
- */
 async function enforceOrExit(feature, options = {}) {
   const result = await enforce(feature, options);
   if (!result.allowed) {
@@ -525,82 +147,51 @@ async function enforceOrExit(feature, options = {}) {
   return result;
 }
 
-/**
- * Get the minimum tier required for a feature
- */
-function getMinTierForFeature(feature) {
-  return ENTITLEMENTS[feature]?.minTier || "enterprise";
+async function checkCommand(command, options = {}) {
+  return enforce(command, { ...options, silent: true });
 }
 
-/**
- * Check if tier has access to feature (sync, for help display)
- */
-function tierHasFeature(tier, feature) {
-  const entitlement = ENTITLEMENTS[feature];
-  if (!entitlement) return false;
-  return tierMeetsMinimum(tier, entitlement.minTier);
-}
+// ============================================================================
+// MESSAGING
+// ============================================================================
+const c = {
+  reset: "\x1b[0m",
+  bold: "\x1b[1m",
+  cyan: "\x1b[36m",
+  yellow: "\x1b[33m",
+};
 
-/**
- * Get all features for a tier
- */
-function getFeaturesForTier(tier) {
-  const features = [];
-  for (const [feature, def] of Object.entries(ENTITLEMENTS)) {
-    if (tierMeetsMinimum(tier, def.minTier)) {
-      features.push(feature);
-    }
-  }
-  return features;
-}
+function formatUpgradeMessage(feature) {
+  return `
+${c.bold}This feature requires Pro.${c.reset}
 
-// ═══════════════════════════════════════════════════════════════════════════════
-// COMMAND GROUPING FOR HELP DISPLAY
-// ═══════════════════════════════════════════════════════════════════════════════
-const COMMAND_GROUPS = {
-  "Proof Loop": ["scan", "ship", "reality", "prove", "fix", "report"],
-  "Setup & DX": ["install", "init", "doctor", "status", "watch", "launch"],
-  "AI Truth": ["ctx", "guard", "context", "mdc"],
-  "CI & Collaboration": ["gate", "pr", "badge"],
-  "Reporting": ["report"],
-  "Automation": ["ai-test", "mcp", "share"],
-};
+${c.yellow}${feature}${c.reset} is a Pro feature.
 
-function getCommandGroup(command) {
-  for (const [group, commands] of Object.entries(COMMAND_GROUPS)) {
-    if (commands.includes(command)) return group;
-  }
-  return "Other";
+Upgrade to Pro ($69/mo) to unlock Fix, Prove & Enforce capabilities.
+
+  vibecheck upgrade
+  https://vibecheckai.dev/pricing
+`;
 }
 
-// ═══════════════════════════════════════════════════════════════════════════════
+// ============================================================================
 // EXPORTS
-// ═══════════════════════════════════════════════════════════════════════════════
+// ============================================================================
 module.exports = {
-  // Core API
+  // Core
   getTier,
-  getLimits,
   enforce,
   enforceOrExit,
   checkCommand,
   
-  // Tier helpers
-  tierMeetsMinimum,
-  getTierLabel,
-  getMinTierForFeature,
+  // Helpers
+  isPro,
   tierHasFeature,
-  getFeaturesForTier,
-  
-  // Command grouping
-  COMMAND_GROUPS,
-  getCommandGroup,
   
   // Constants
   TIERS,
-  ENTITLEMENTS,
-  LIMITS,
+  FREE_FEATURES,
+  PRO_FEATURES,
   EXIT_SUCCESS,
-  EXIT_BLOCK_VERDICT,
   EXIT_FEATURE_NOT_ALLOWED,
-  EXIT_MISCONFIG,
 };