@vibecheckai/cli 3.3.0 → 3.5.0

package/bin/registry.js

@@ -1,44 +1,51 @@
 /**
- * Vibecheck CLI Command Registry (LOCKED)
+ * Vibecheck CLI Command Registry
  *
  * Single source of truth for the public CLI surface.
  * If it isn't here, it does not exist.
  * 
- * ═══════════════════════════════════════════════════════════════════════════════
- * WORLD-CLASS CLI - Enhanced Registry with Rich Metadata
- * ═══════════════════════════════════════════════════════════════════════════════
+ * Simple 2-tier model:
+ * - FREE ($0): Inspect & Observe
+ * - PRO ($69/mo): Fix, Prove & Enforce
+ * 
+ * SCAN = Quick lint (5 core engines, fast, FREE)
+ * SHIP = Comprehensive verdict (all engines + proof cert, PRO)
  */
 
 "use strict";
 
 // ─────────────────────────────────────────────────────────────
-// CORE 19 COMMANDS (locked surface area)
+// CLI COMMANDS (22 total - 2-tier: FREE / PRO)
 // ─────────────────────────────────────────────────────────────
 const ALLOWED_COMMANDS = new Set([
-  // FREE (9) - Core functionality to try the product
-  "init",       // one-time setup
-  "doctor",     // health check
-  "watch",      // continuous mode
-  "scan",       // includes --allowlist subcommand
-  "ship",       // verdict engine
-  "classify",   // Authority: inventory (duplication/legacy maps)
-  "login",      // authenticate
-  "logout",     // remove credentials
-  "whoami",     // show current user
-
-  // STARTER (7) - Productivity & automation
-  "fix",        // AI-powered fixes
-  "report",     // generate reports
-  "context",    // generate IDE rules
-  "guard",      // AI guardrails (prompt firewall, hallucination checking)
-  "mcp",        // MCP server
-  "checkpoint", // baseline comparison & hallucination scoring
-  "approve",    // Authority: get verdicts for authorities
-
-  // PRO (3) - Advanced proof & AI testing
-  "prove",      // includes --bundle for evidence packs
-  "reality",    // includes --agent for AI testing
-  "polish",     // production polish
+  // FREE (12) - Inspect & Observe
+  "scan",            // quick lint - 5 core engines
+  "context",         // generate truthpack + IDE rules
+  "watch",           // real-time file watching
+  "doctor",          // environment diagnostics
+  "report",          // generate HTML/SARIF reports
+  "authority",       // authority system main command
+  "authority.list",  // list available authorities
+  "guard",           // agent firewall (observe mode FREE, enforce mode PRO)
+  "login",           // authenticate
+  "logout",          // clear auth
+  "whoami",          // show current user
+  "init",            // one-time setup (legacy, redirects to context)
+
+  // PRO (12) - Fix, Prove & Enforce
+  "ship",               // comprehensive - all engines, verdict, proof cert
+  "fix",                // AI-powered fixes with LLM
+  "polish",             // production hardening
+  "reality",            // playwright browser verification
+  "prove",              // full proof loop with evidence pack
+  "gate",               // CI/CD enforcement
+  "ai-test",            // AI agent for autonomous app testing
+  "authority.approve",  // get authority verdict
+  "conductor.status",   // multi-agent coordination status
+  "conductor.register", // register AI agent
+  "conductor.lock",     // acquire file lock
+  "conductor.unlock",   // release file lock
+  "conductor.propose",  // submit change proposal
 ]);
 
 function assertAllowedOnly(obj) {
@@ -49,34 +56,60 @@ function assertAllowedOnly(obj) {
 }
 
 // ─────────────────────────────────────────────────────────────
-// COMMANDS (ALLOWED ONLY) - Enhanced with World-Class Metadata
+// COMMANDS - 2-Tier: FREE and PRO ($69/mo)
 // ─────────────────────────────────────────────────────────────
 const COMMANDS = {
   // ══════════════════════════════════════════════════════════════
-  // FREE TIER (8 commands) - Core functionality to try the product
+  // FREE TIER - Inspect & Observe
   // ══════════════════════════════════════════════════════════════
 
-  // ── SETUP ───────────────────────────────────────────────────
-  init: {
-    description: "One-time setup (config + contracts + scripts)",
-    longDescription: "Initialize vibecheck in your project. Creates configuration files, sets up IDE rules, and optionally connects to the vibecheck dashboard for team collaboration.",
+  scan: {
+    description: "Quick lint - 5 core engines, fast feedback",
+    longDescription: "Fast static analysis using 5 core engines: secrets, mock data, console logs, type issues, and security vulnerabilities. Use for rapid feedback during development.",
+    tier: "free",
+    category: "analysis",
+    aliases: ["s", "check", "lint"],
+    runner: () => require("./runners/runScan").runScan,
+    examples: [
+      { command: "vibecheck scan", description: "Quick scan with 5 core engines" },
+      { command: "vibecheck scan --json", description: "JSON output for CI" },
+      { command: "vibecheck scan --allowlist list", description: "View suppressed findings" },
+    ],
+    related: ["ship", "fix", "report"],
+  },
+
+  context: {
+    description: "Generate truthpack + IDE rules (.cursorrules, MDC, Copilot)",
+    longDescription: "Generate project-aware AI coding rules and truthpack for your IDE. Creates .cursorrules, MDC files, and other IDE configurations.",
     tier: "free",
     category: "setup",
-    aliases: ["setup", "configure"],
-    runner: () => require("./runners/runInit").runInit,
+    aliases: ["rules", "ai-rules", "mdc", "ctx", "init"],
+    runner: () => require("./runners/runContext").runContext,
     examples: [
-      { command: "vibecheck init", description: "Interactive setup wizard" },
-      { command: "vibecheck init --local", description: "Quick local-only setup (no API)" },
-      { command: "vibecheck init --connect", description: "Setup with GitHub integration", tier: "starter" },
-      { command: "vibecheck init --quick", description: "Non-interactive with sensible defaults" },
+      { command: "vibecheck context", description: "Generate all IDE rules + truthpack" },
+      { command: "vibecheck context --format cursor", description: ".cursorrules only" },
+      { command: "vibecheck context --format mdc", description: "MDC files only" },
     ],
-    related: ["doctor", "scan"],
-    docsUrl: "https://docs.vibecheckai.dev/getting-started",
+    related: ["scan", "guard"],
+  },
+
+  watch: {
+    description: "Real-time file watching - re-runs scan on changes",
+    longDescription: "File watcher that automatically re-runs quick scan when your code changes.",
+    tier: "free",
+    category: "setup",
+    aliases: ["w", "dev"],
+    runner: () => require("./runners/runWatch").runWatch,
+    examples: [
+      { command: "vibecheck watch", description: "Start watching" },
+      { command: "vibecheck watch --path ./src", description: "Watch specific directory" },
+    ],
+    related: ["scan"],
   },
 
   doctor: {
-    description: "Environment + dependency + config health check",
-    longDescription: "Comprehensive diagnostics for your development environment. Checks Node.js, package managers, project configuration, and vibecheck setup. Can auto-fix common issues.",
+    description: "Environment diagnostics - config and dependency health check",
+    longDescription: "Comprehensive diagnostics for your development environment, configuration, and dependencies.",
     tier: "free",
     category: "setup",
     aliases: ["health", "diag"],
@@ -84,359 +117,446 @@ const COMMANDS = {
     examples: [
       { command: "vibecheck doctor", description: "Run all health checks" },
       { command: "vibecheck doctor --fix", description: "Auto-fix detected issues" },
-      { command: "vibecheck doctor --json", description: "Output diagnostics as JSON" },
+      { command: "vibecheck doctor --json", description: "Output as JSON" },
     ],
-    related: ["init", "scan"],
-    docsUrl: "https://docs.vibecheckai.dev/cli/doctor",
+    related: ["context", "scan"],
   },
 
-  watch: {
-    description: "Continuous mode - re-runs on changes",
-    longDescription: "File watcher that automatically re-runs scans when your code changes. Ideal for development workflows where you want instant feedback.",
+  report: {
+    description: "Generate HTML/SARIF reports from scan results",
+    longDescription: "Create shareable reports from scan results in HTML, Markdown, or SARIF format.",
     tier: "free",
-    category: "setup",
-    aliases: ["w", "dev"],
-    runner: () => require("./runners/runWatch").runWatch,
+    category: "output",
+    aliases: ["html", "artifact"],
+    runner: () => require("./runners/runReport").runReport,
     examples: [
-      { command: "vibecheck watch", description: "Start watching current directory" },
-      { command: "vibecheck watch --path ./src", description: "Watch specific directory" },
-      { command: "vibecheck watch --debounce 1000", description: "Custom debounce (1 second)" },
+      { command: "vibecheck report", description: "Generate HTML report" },
+      { command: "vibecheck report --format md", description: "Markdown report" },
+      { command: "vibecheck report --format sarif", description: "SARIF for GitHub" },
     ],
     related: ["scan", "ship"],
-    docsUrl: "https://docs.vibecheckai.dev/cli/watch",
   },
 
-  // ── CORE LOOP ───────────────────────────────────────────────
-  scan: {
-    description: "Route integrity & code analysis; use --allowlist for false positive management",
-    longDescription: "The core analysis engine. Scans your codebase for route integrity issues, security vulnerabilities, code quality problems, and more. Supports multiple scan layers: AST (fast), Truth (build manifests), and Reality (runtime browser testing).",
+  "authority": {
+    description: "Authority System - automated and human approvals",
+    longDescription: "Request approval from built-in authorities (security, architecture, compliance, quality) or human reviewers. Use 'authority list' to see available authorities and 'authority approve' to request approval.",
     tier: "free",
-    category: "proof",
-    aliases: ["s", "check"],
-    runner: () => require("./runners/runScan").runScan,
+    category: "authority",
+    aliases: ["auth"],
+    runner: () => require("./runners/runAuthority").runAuthority,
     examples: [
-      { command: "vibecheck scan", description: "Quick AST scan (Layer 1)" },
-      { command: "vibecheck scan --truth", description: "Include build manifest verification" },
-      { command: "vibecheck scan --reality --url http://localhost:3000", description: "Full runtime proof", tier: "pro" },
-      { command: "vibecheck scan --autofix", description: "Generate AI fix missions", tier: "starter" },
-      { command: "vibecheck scan --allowlist list", description: "View suppressed findings" },
-      { command: "vibecheck scan --allowlist add --id R_DEAD_xyz --reason 'Known toggle'", description: "Suppress false positive" },
+      { command: "vibecheck authority list", description: "List all authorities" },
+      { command: "vibecheck authority approve --authority security", description: "Security review" },
+      { command: "vibecheck authority approve -a quality -a security", description: "Multi-authority" },
     ],
-    related: ["ship", "fix", "prove"],
-    docsUrl: "https://docs.vibecheckai.dev/cli/scan",
+    related: ["authority.list", "authority.approve", "ship"],
   },
 
-  ship: {
-    description: "Verdict engine - SHIP / WARN / BLOCK",
-    longDescription: "The final word on whether your code is ready to ship. Combines all scan results, generates proof graphs, and renders a clear SHIP/WARN/BLOCK verdict. Use before every deployment.",
+  "authority.list": {
+    description: "List available authorities",
+    longDescription: "List all available authorities for code analysis and approval workflows.",
     tier: "free",
-    category: "proof",
-    aliases: ["verdict", "go"],
-    runner: () => require("./runners/runShip").runShip,
+    category: "authority",
+    aliases: ["authorities", "auth-list"],
+    runner: () => require("./runners/runAuthority").runAuthority,
     examples: [
-      { command: "vibecheck ship", description: "Get shipping verdict" },
-      { command: "vibecheck ship --strict", description: "Fail on any warnings" },
-      { command: "vibecheck ship --badge", description: "Generate status badge" },
-      { command: "vibecheck ship --fix", description: "Attempt auto-fixes then re-check" },
+      { command: "vibecheck authority list", description: "List all authorities" },
     ],
-    related: ["scan", "prove", "fix"],
-    docsUrl: "https://docs.vibecheckai.dev/cli/ship",
+    related: ["authority", "authority.approve"],
   },
 
-  // ── ACCOUNT (skipAuth) ────────────────────────────────────
   login: {
     description: "Authenticate with API key",
-    longDescription: "Connect your CLI to the vibecheck API. Required for dashboard sync, team features, and paid tier commands.",
+    longDescription: "Connect your CLI to the vibecheck API with your API key.",
     tier: "free",
-    category: "account",
+    category: "auth",
     aliases: ["auth", "signin"],
     runner: () => require("./runners/runAuth").runLogin,
     skipAuth: true,
     examples: [
-      { command: "vibecheck login", description: "Interactive login (opens browser)" },
-      { command: "vibecheck login --key YOUR_API_KEY", description: "Login with API key directly" },
-      { command: "VIBECHECK_API_KEY=xxx vibecheck scan", description: "Use env var (CI/CD)" },
+      { command: "vibecheck login", description: "Interactive login" },
+      { command: "vibecheck login --key YOUR_API_KEY", description: "Login with key" },
     ],
     related: ["logout", "whoami"],
-    docsUrl: "https://docs.vibecheckai.dev/authentication",
   },
 
   logout: {
-    description: "Remove stored credentials",
-    longDescription: "Clear your stored API key and log out of the vibecheck CLI.",
+    description: "Clear stored credentials",
+    longDescription: "Remove stored authentication credentials from your system.",
     tier: "free",
-    category: "account",
+    category: "auth",
     aliases: ["signout"],
     runner: () => require("./runners/runAuth").runLogout,
     skipAuth: true,
     examples: [
-      { command: "vibecheck logout", description: "Clear stored credentials" },
+      { command: "vibecheck logout", description: "Clear credentials" },
     ],
     related: ["login", "whoami"],
-    docsUrl: "https://docs.vibecheckai.dev/authentication",
   },
 
   whoami: {
     description: "Show current user and plan",
-    longDescription: "Display your current authentication status, subscription tier, and usage limits.",
+    longDescription: "Display information about the currently authenticated user and their subscription plan.",
     tier: "free",
-    category: "account",
+    category: "auth",
     aliases: ["me", "user"],
     runner: () => require("./runners/runAuth").runWhoami,
     skipAuth: true,
     examples: [
-      { command: "vibecheck whoami", description: "Show current user info" },
-      { command: "vibecheck whoami --json", description: "Output as JSON" },
+      { command: "vibecheck whoami", description: "Show user info" },
     ],
     related: ["login", "logout"],
-    docsUrl: "https://docs.vibecheckai.dev/authentication",
   },
 
-  // ── AUTHORITY SYSTEM (FREE) ──────────────────────────────────
-  classify: {
-    description: "Inventory authority - duplication & legacy code maps",
-    longDescription: "Produces a read-only inventory of your codebase including duplication maps, legacy code detection, and risk classifications. Part of the Authority System - read-only analysis available on FREE tier.",
+  init: {
+    description: "One-time setup (alias for context)",
+    longDescription: "Initialize vibecheck in your project. Alias for 'vibecheck context'.",
     tier: "free",
-    category: "authority",
-    aliases: ["inventory", "audit"],
-    runner: () => require("./runners/runClassify").runClassify,
+    category: "setup",
+    aliases: ["setup", "configure"],
+    runner: () => require("./runners/runContext").runContext,
     examples: [
-      { command: "vibecheck classify", description: "Quick inventory analysis" },
-      { command: "vibecheck classify --json", description: "JSON output for processing" },
-      { command: "vibecheck classify --include-semantic", description: "Include semantic duplicates" },
-      { command: "vibecheck classify --output inventory.md --format markdown", description: "Save as markdown" },
+      { command: "vibecheck init", description: "Initialize project" },
     ],
-    related: ["approve", "scan"],
-    docsUrl: "https://docs.vibecheckai.dev/cli/classify",
+    related: ["context", "doctor"],
   },
 
   // ══════════════════════════════════════════════════════════════
-  // STARTER TIER (7 commands) - Productivity & automation
+  // PRO TIER ($69/mo) - Fix, Prove & Enforce
   // ══════════════════════════════════════════════════════════════
 
+  ship: {
+    description: "Comprehensive verdict - ALL engines + route validation + proof cert",
+    longDescription: "The final word on whether your code is ready to ship. Runs ALL 15+ analysis engines, validates routes and contracts, generates proof certificate. SHIP/WARN/BLOCK verdict.",
+    tier: "pro",
+    category: "analysis",
+    aliases: ["verdict", "go", "full"],
+    runner: () => require("./runners/runShip").runShip,
+    examples: [
+      { command: "vibecheck ship", description: "Get shipping verdict" },
+      { command: "vibecheck ship --strict", description: "Fail on warnings" },
+      { command: "vibecheck ship --badge", description: "Generate status badge" },
+    ],
+    related: ["scan", "prove", "fix"],
+  },
+
   fix: {
-    description: "AI-powered auto-fix for findings",
-    longDescription: "Generate surgical AI prompts (missions) to fix detected issues. Each mission includes context, constraints, and verification steps. Use --apply to let AI make changes directly.",
-    tier: "starter",
-    category: "proof",
-    aliases: ["f", "repair"],
+    description: "AI-powered auto-fix with LLM",
+    longDescription: "Generate AI-powered fixes for detected issues. Uses LLM to analyze and fix problems automatically.",
+    tier: "pro",
+    category: "repair",
+    aliases: ["f", "repair", "autofix"],
     runner: () => require("./runners/runFix").runFix,
     examples: [
-      { command: "vibecheck fix", description: "Generate fix missions (prompts only)" },
-      { command: "vibecheck fix --apply", description: "Apply AI-generated fixes" },
-      { command: "vibecheck fix --loop", description: "Continuous fix loop until clean" },
-      { command: "vibecheck fix --max-missions 5", description: "Limit to 5 missions" },
+      { command: "vibecheck fix", description: "Generate fix missions" },
+      { command: "vibecheck fix --apply", description: "Apply AI fixes" },
+      { command: "vibecheck fix --loop", description: "Fix loop until clean" },
     ],
-    related: ["scan", "checkpoint", "ship"],
-    docsUrl: "https://docs.vibecheckai.dev/cli/fix",
+    related: ["scan", "ship", "polish"],
   },
 
-  report: {
-    description: "Generate HTML/MD/SARIF reports",
-    longDescription: "Create beautiful, shareable reports from your scan results. Supports multiple formats for different audiences: HTML for stakeholders, Markdown for docs, SARIF for GitHub code scanning.",
-    tier: "starter",
-    category: "output",
-    aliases: ["html", "artifact"],
-    runner: () => require("./runners/runReport").runReport,
+  polish: {
+    description: "Production hardening - console removal, dead code, type strengthening",
+    longDescription: "Automated code transformations for production readiness. Removes console statements, unused imports, strengthens types, and more - all without requiring an LLM.",
+    tier: "pro",
+    category: "repair",
+    aliases: ["prod", "final", "harden"],
+    runner: () => require("./runners/runPolish").runPolish,
     examples: [
-      { command: "vibecheck report", description: "Generate HTML report" },
-      { command: "vibecheck report --format md", description: "Markdown report" },
-      { command: "vibecheck report --format sarif", description: "SARIF for GitHub" },
-      { command: "vibecheck report --type executive", description: "Executive summary" },
-      { command: "vibecheck report --output ./reports", description: "Custom output directory" },
+      { command: "vibecheck polish", description: "Dry-run - preview changes" },
+      { command: "vibecheck polish --apply", description: "Apply all auto-fixes" },
+      { command: "vibecheck polish --passes remove-consoles,dead-code", description: "Run specific passes" },
+      { command: "vibecheck polish --safe-only --apply", description: "Apply only safe fixes" },
+      { command: "vibecheck polish --list-passes", description: "List available passes" },
     ],
-    related: ["scan", "prove"],
-    docsUrl: "https://docs.vibecheckai.dev/cli/report",
+    related: ["ship", "fix", "scan"],
   },
 
-  context: {
-    description: "Generate IDE rules (.cursorrules, MDC, Windsurf, Copilot)",
-    longDescription: "Generate project-aware AI coding rules for your IDE. These rules help AI assistants understand your codebase conventions, preventing common mistakes and enforcing patterns.",
-    tier: "starter",
-    category: "truth",
-    aliases: ["rules", "ai-rules", "mdc"],
-    runner: () => require("./runners/runContext").runContext,
+  reality: {
+    description: "Playwright browser verification - test runtime behavior",
+    longDescription: "Verify your app's runtime behavior with Playwright-powered browser testing. Tests actual API responses, UI behavior, and auth flows.",
+    tier: "pro",
+    category: "verification",
+    aliases: ["browser", "e2e", "playwright"],
+    runner: () => require("./runners/runReality").runReality,
     examples: [
-      { command: "vibecheck context", description: "Generate all IDE rule formats" },
-      { command: "vibecheck context --format cursor", description: ".cursorrules only" },
-      { command: "vibecheck context --format mdc", description: "MDC format (Cursor)" },
-      { command: "vibecheck context --format copilot", description: "GitHub Copilot instructions" },
+      { command: "vibecheck reality --url http://localhost:3000", description: "Test localhost" },
+      { command: "vibecheck reality --auth email:pass", description: "With authentication" },
+      { command: "vibecheck reality --record", description: "Record video evidence" },
     ],
-    related: ["scan", "guard"],
-    docsUrl: "https://docs.vibecheckai.dev/cli/context",
+    related: ["prove", "ship", "ai-test"],
   },
 
-  guard: {
-    description: "AI guardrails - prompt firewall & hallucination checking",
-    longDescription: "Validate AI-generated code and prompts. Detects prompt injection attempts, verifies claims against your codebase (hallucination checking), and ensures AI outputs meet your standards.",
-    tier: "starter",
-    category: "truth",
-    aliases: ["ai-guard", "firewall", "validate"],
-    runner: () => require("./runners/runGuard").runGuard,
+  "ai-test": {
+    description: "AI agent for autonomous app testing",
+    longDescription: "AI-powered autonomous testing that explores your app like a real user. Supports common scenarios like login, checkout, and signup flows.",
+    tier: "pro",
+    category: "verification",
+    aliases: ["agent", "autonomous"],
+    runner: () => require("./runners/runAIAgent").runAIAgent,
     examples: [
-      { command: "vibecheck guard", description: "Run all guardrail checks" },
-      { command: "vibecheck guard --claims", description: "Verify AI claims against codebase" },
-      { command: "vibecheck guard --prompts", description: "Check for prompt injection" },
-      { command: "vibecheck guard --hallucinations", description: "Detect hallucinated code" },
+      { command: "vibecheck ai-test --url http://localhost:3000", description: "Explore app autonomously" },
+      { command: "vibecheck ai-test --url http://localhost:3000 --scenario login", description: "Test login flow" },
+      { command: "vibecheck ai-test --url http://localhost:3000 --headed", description: "Watch the AI test" },
     ],
-    related: ["context", "checkpoint", "fix"],
-    docsUrl: "https://docs.vibecheckai.dev/cli/guard",
+    related: ["reality", "prove"],
   },
 
-  mcp: {
-    description: "Start MCP server for AI IDEs",
-    longDescription: "Launch a Model Context Protocol (MCP) server that integrates vibecheck directly into AI IDEs like Cursor. Enables real-time code analysis, fix suggestions, and proof verification within your editor.",
-    tier: "starter",
+  prove: {
+    description: "Full proof loop with evidence pack",
+    longDescription: "Complete verification cycle: scan + reality check + evidence generation. Creates cryptographically signed proof pack.",
+    tier: "pro",
+    category: "verification",
+    aliases: ["p", "verify", "evidence"],
+    runner: () => require("./runners/runProve").runProve,
+    examples: [
+      { command: "vibecheck prove", description: "Run full proof loop" },
+      { command: "vibecheck prove --url http://localhost:3000", description: "With runtime testing" },
+      { command: "vibecheck prove --bundle", description: "Generate evidence pack" },
+    ],
+    related: ["ship", "reality"],
+  },
+
+  gate: {
+    description: "CI/CD enforcement - blocks deploys on issues",
+    longDescription: "Enforce quality gates in your CI/CD pipeline. Returns exit code 1 on failures to block deployments.",
+    tier: "pro",
     category: "automation",
-    aliases: [],
-    runner: () => require("./runners/runMcp").runMcp,
+    aliases: ["ci", "enforce", "block"],
+    runner: () => require("./runners/runGuard").runGate,
     examples: [
-      { command: "vibecheck mcp", description: "Start MCP server" },
-      { command: "vibecheck mcp --port 3099", description: "Custom port" },
+      { command: "vibecheck gate", description: "Run CI gate check" },
+      { command: "vibecheck gate --strict", description: "Strict mode (fail on warnings)" },
+      { command: "vibecheck gate --threshold 80", description: "Custom score threshold" },
     ],
-    related: ["context", "guard"],
-    docsUrl: "https://docs.vibecheckai.dev/integrations/mcp",
+    related: ["ship", "scan"],
   },
 
-  checkpoint: {
-    description: "Compare baseline vs current, hallucination scoring",
-    longDescription: "Track changes between scan runs. Detects new issues, resolved issues, and regressions. Includes hallucination scoring to measure drift from your codebase's ground truth.",
-    tier: "starter",
-    category: "analysis",
-    aliases: ["cp", "compare", "diff"],
-    runner: () => require("./runners/runCheckpoint").runCheckpoint,
+  guard: {
+    description: "Agent firewall - monitors/blocks AI agent actions",
+    longDescription: "AI agent firewall that validates file writes, command execution, and content. Observe mode (FREE) logs violations. Enforce mode (PRO) blocks violations. Protects against forbidden paths, dangerous commands, and hallucination patterns.",
+    tier: "free",
+    category: "firewall",
+    skipAuth: true,  // Allow observe mode without authentication
+    aliases: ["firewall", "ai-guard"],
+    runner: () => require("./runners/runGuard").runGuard,
     examples: [
-      { command: "vibecheck checkpoint", description: "Compare against last baseline" },
-      { command: "vibecheck checkpoint --set", description: "Save current as new baseline" },
-      { command: "vibecheck checkpoint --score", description: "Calculate hallucination score" },
+      { command: "vibecheck guard --init", description: "Initialize firewall config" },
+      { command: "vibecheck guard --mode observe --action write --path .env", description: "Check path (observe)" },
+      { command: "vibecheck guard --mode enforce --action write --path .env", description: "Block write (PRO)" },
+      { command: "vibecheck guard --action execute --command \"rm -rf /\"", description: "Validate command" },
+      { command: "vibecheck guard --claims", description: "Verify AI claims (legacy)" },
     ],
-    related: ["scan", "fix", "guard"],
-    docsUrl: "https://docs.vibecheckai.dev/cli/checkpoint",
+    related: ["context", "fix", "scan"],
   },
 
-  // ── AUTHORITY SYSTEM (STARTER) ───────────────────────────────
-  approve: {
-    description: "Authority verdicts - PROCEED/STOP/DEFER with proofs",
-    longDescription: "Execute authorities to get structured verdicts with proofs. Part of the Authority System - transforms prompts into enforceable policy engines. Requires STARTER for advisory verdicts, PRO for enforcement.",
-    tier: "starter",
+  "authority.approve": {
+    description: "Get authority verdict - APPROVED/REJECTED/PENDING with proofs",
+    longDescription: "Request approval from an authority for a specific action. Returns structured verdict with evidence and findings.",
+    tier: "pro",
     category: "authority",
-    aliases: ["auth-verdict", "authority"],
-    runner: () => require("./runners/runApprove").runApprove,
+    aliases: ["auth-verdict"],
+    runner: () => {
+      const { runAuthority } = require("./runners/runAuthority");
+      return (args, context) => runAuthority(['approve', ...args], context);
+    },
     examples: [
-      { command: "vibecheck approve safe-consolidation", description: "Run safe-consolidation authority" },
-      { command: "vibecheck approve --list", description: "List available authorities" },
-      { command: "vibecheck approve safe-consolidation --json", description: "JSON output for CI" },
-      { command: "vibecheck approve safe-consolidation --badge", description: "Generate badge for PROCEED", tier: "pro" },
+      { command: "vibecheck authority approve --authority security", description: "Security review" },
+      { command: "vibecheck authority approve -a security -a quality", description: "Multi-authority" },
+      { command: "vibecheck authority approve -a security --json", description: "JSON output" },
     ],
-    related: ["classify", "scan", "ship"],
-    docsUrl: "https://docs.vibecheckai.dev/cli/approve",
+    related: ["authority", "authority.list", "ship"],
   },
 
-  // ══════════════════════════════════════════════════════════════
-  // PRO TIER (3 commands) - Advanced proof & AI testing
-  // ══════════════════════════════════════════════════════════════
+  "conductor.status": {
+    description: "Multi-agent coordination status",
+    longDescription: "View status of registered AI agents, active locks, and pending proposals.",
+    tier: "pro",
+    category: "coordination",
+    aliases: ["cstatus"],
+    runner: () => require("./runners/runConductor").runConductorStatus,
+    examples: [
+      { command: "vibecheck conductor.status", description: "View coordination status" },
+      { command: "vibecheck conductor.status --json", description: "JSON output" },
+    ],
+    related: ["conductor.register", "conductor.lock"],
+  },
 
-  reality: {
-    description: "Runtime proof (browser crawl); use --agent for AI testing",
-    longDescription: "Browser-based runtime verification. Crawls your app with Playwright, records video/traces/HAR, verifies routes actually work, and captures network evidence. Use --agent for AI-driven autonomous testing.",
+  "conductor.register": {
+    description: "Register AI agent for coordination",
+    longDescription: "Register an AI agent with the conductor for multi-agent coordination.",
     tier: "pro",
-    category: "proof",
-    caps: "--agent for AI autonomous testing",
-    aliases: ["r", "test", "e2e"],
-    runner: () => async (args, ctx) => {
-      const { runRuntime } = require("./runners/runRuntime");
-      // Check if --agent flag is present to route to agent subcommand
-      if (args.includes("--agent") || args.includes("-a")) {
-        const filteredArgs = args.filter(a => a !== "--agent" && a !== "-a");
-        return await runRuntime(["agent", ...filteredArgs], ctx);
-      }
-      return await runRuntime(["crawl", ...args], ctx);
-    },
+    category: "coordination",
+    aliases: ["cregister"],
+    runner: () => require("./runners/runConductor").runConductorRegister,
     examples: [
-      { command: "vibecheck reality --url http://localhost:3000", description: "Crawl and verify routes" },
-      { command: "vibecheck reality --url http://localhost:3000 --headed", description: "Watch browser in action" },
-      { command: "vibecheck reality --agent --url http://localhost:3000", description: "AI autonomous testing" },
-      { command: "vibecheck reality --auth ./auth.json", description: "Test with authentication" },
+      { command: "vibecheck conductor.register --name cursor", description: "Register agent" },
     ],
-    related: ["prove", "scan", "ship"],
-    docsUrl: "https://docs.vibecheckai.dev/cli/reality",
+    related: ["conductor.status", "conductor.lock"],
   },
 
-  prove: {
-    description: "One command reality proof - video + network evidence that your app works",
-    longDescription: "The ultimate verification command. Runs the full 5-step pipeline: context → reality → ship → fix → verify. Generates a complete evidence pack with video recordings, network traces, and proof artifacts. Perfect for audits and stakeholder demos.",
+  "conductor.lock": {
+    description: "Acquire file lock for exclusive editing",
+    longDescription: "Acquire a lock on files for exclusive editing by an AI agent.",
     tier: "pro",
-    category: "proof",
-    aliases: ["p", "full", "all"],
-    caps: "video, trace, HAR recording; use --bundle for evidence pack",
-    runner: () => require("./runners/runProve").runProve,
+    category: "coordination",
+    aliases: ["clock"],
+    runner: () => require("./runners/runConductor").runConductorLock,
     examples: [
-      { command: "vibecheck prove --url http://localhost:3000", description: "Full proof pipeline" },
-      { command: "vibecheck prove --url http://localhost:3000 --bundle", description: "Generate shareable evidence pack" },
-      { command: "vibecheck prove --url http://localhost:3000 --stability-runs 3", description: "Run 3x for stability" },
-      { command: "vibecheck prove --skip-fix", description: "Skip auto-fix step" },
+      { command: "vibecheck conductor.lock src/file.ts", description: "Lock file" },
+      { command: "vibecheck conductor.lock --agent cursor src/", description: "Lock directory" },
     ],
-    related: ["reality", "scan", "report"],
-    docsUrl: "https://docs.vibecheckai.dev/cli/prove",
+    related: ["conductor.unlock", "conductor.status"],
   },
 
-  polish: {
-    description: "Production polish analyzer - finds missing essentials",
-    longDescription: "Deep analysis for production readiness. Checks for missing essentials like error handling, loading states, empty states, accessibility, SEO, performance patterns, and more. Generates a prioritized punch list.",
+  "conductor.unlock": {
+    description: "Release file lock",
+    longDescription: "Release a previously acquired lock on files.",
     tier: "pro",
-    category: "quality",
-    aliases: ["quality", "finalize", "ready"],
-    runner: () => require("./runners/runPolish").runPolish,
+    category: "coordination",
+    aliases: ["cunlock"],
+    runner: () => require("./runners/runConductor").runConductorUnlock,
     examples: [
-      { command: "vibecheck polish", description: "Full production readiness check" },
-      { command: "vibecheck polish --category accessibility", description: "Focus on a11y" },
-      { command: "vibecheck polish --category performance", description: "Focus on perf" },
-      { command: "vibecheck polish --severity high", description: "Only high-priority items" },
+      { command: "vibecheck conductor.unlock src/file.ts", description: "Unlock file" },
+      { command: "vibecheck conductor.unlock --all", description: "Release all locks" },
     ],
-    related: ["scan", "ship", "prove"],
-    docsUrl: "https://docs.vibecheckai.dev/cli/polish",
+    related: ["conductor.lock", "conductor.status"],
+  },
+
+  "conductor.propose": {
+    description: "Submit change proposal for review",
+    longDescription: "Submit a proposed change for review by the conductor before applying.",
+    tier: "pro",
+    category: "coordination",
+    aliases: ["cpropose"],
+    runner: () => require("./runners/runConductor").runConductorPropose,
+    examples: [
+      { command: "vibecheck conductor.propose --diff changes.patch", description: "Submit proposal" },
+    ],
+    related: ["conductor.status", "authority.approve"],
   },
 };
 
+// Validate that only allowed commands are defined
 assertAllowedOnly(COMMANDS);
 
 // ─────────────────────────────────────────────────────────────
-// DERIVED MAPS
+// TIER HELPERS
+// ─────────────────────────────────────────────────────────────
+function isPro(tier) {
+  return tier === "pro";
+}
+
+function requiresPro(commandName) {
+  const cmd = COMMANDS[commandName];
+  return cmd && cmd.tier === "pro";
+}
+
+function getFreeCommands() {
+  return Object.entries(COMMANDS)
+    .filter(([, cmd]) => cmd.tier === "free")
+    .map(([name]) => name);
+}
+
+function getProCommands() {
+  return Object.entries(COMMANDS)
+    .filter(([, cmd]) => cmd.tier === "pro")
+    .map(([name]) => name);
+}
+
+// ─────────────────────────────────────────────────────────────
+// BUILD DERIVED DATA STRUCTURES
 // ─────────────────────────────────────────────────────────────
+
+// Build alias map: { alias -> command }
 const ALIAS_MAP = {};
-for (const [cmd, def] of Object.entries(COMMANDS)) {
-  for (const alias of def.aliases || []) ALIAS_MAP[alias] = cmd;
+for (const [cmdName, cmd] of Object.entries(COMMANDS)) {
+  if (cmd.aliases) {
+    for (const alias of cmd.aliases) {
+      ALIAS_MAP[alias] = cmdName;
+    }
+  }
 }
 
-const ALL_COMMANDS = [
+// All command names including aliases
+const ALL_COMMANDS = new Set([
   ...Object.keys(COMMANDS),
-  ...Object.values(COMMANDS).flatMap((c) => c.aliases || []),
-];
+  ...Object.keys(ALIAS_MAP),
+]);
 
 // ─────────────────────────────────────────────────────────────
-// RUNNER LOADER
+// GETTERS
 // ─────────────────────────────────────────────────────────────
-function getRunner(cmd, styles = {}) {
-  const def = COMMANDS[cmd];
-  if (!def) return null;
-
-  const red = styles.red || "";
-  const reset = styles.reset || "";
-  const errorSym = styles.errorSymbol || "✗";
 
+function getRunner(cmd, opts = {}) {
+  // Resolve alias to canonical command
+  const canonicalCmd = ALIAS_MAP[cmd] || cmd;
+  const def = COMMANDS[canonicalCmd];
+  
+  if (!def) {
+    return null;
+  }
+  
+  if (!def.runner) {
+    return null;
+  }
+  
   try {
     return def.runner();
   } catch (e) {
-    return async () => {
-      console.error(`${red}${errorSym}${reset} Failed to load ${cmd}: ${e.message}`);
-      return 1;
-    };
+    if (opts.red && opts.reset) {
+      console.error(`${opts.red}${opts.errorSymbol || '×'} Failed to load runner for ${cmd}: ${e.message}${opts.reset}`);
+    }
+    return null;
+  }
+}
+
+function getCommand(name) {
+  // Check direct name
+  if (COMMANDS[name]) return COMMANDS[name];
+  
+  // Check alias map
+  const canonical = ALIAS_MAP[name];
+  if (canonical && COMMANDS[canonical]) {
+    return { ...COMMANDS[canonical], _resolvedFrom: name, _canonicalName: canonical };
   }
+  
+  return null;
 }
 
+function resolveCommand(name) {
+  return ALIAS_MAP[name] || name;
+}
+
+// ─────────────────────────────────────────────────────────────
+// EXPORTS
+// ─────────────────────────────────────────────────────────────
 module.exports = {
+  // Core data
   COMMANDS,
+  ALLOWED_COMMANDS,
   ALIAS_MAP,
   ALL_COMMANDS,
+  
+  // Tier helpers
+  isPro,
+  requiresPro,
+  getFreeCommands,
+  getProCommands,
+  
+  // Getters
   getRunner,
+  getCommand,
+  resolveCommand,
+  listCommands: () => Object.keys(COMMANDS),
+  
+  getCommandsByTier: (tier) => 
+    Object.entries(COMMANDS)
+      .filter(([, cmd]) => cmd.tier === tier)
+      .map(([name, cmd]) => ({ name, ...cmd })),
+  
+  getCommandsByCategory: (category) =>
+    Object.entries(COMMANDS)
+      .filter(([, cmd]) => cmd.category === category)
+      .map(([name, cmd]) => ({ name, ...cmd })),
 };