npm - @vibecheckai/cli - Versions diffs - 3.3.0 → 3.5.0 - Mend

@vibecheckai/cli 3.3.0 → 3.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (170) hide show

package/bin/registry.js +389 -269
package/bin/runners/cli-utils.js +2 -33
package/bin/runners/context/generators/cursor.js +49 -2
package/bin/runners/lib/agent-firewall/learning/learning-engine.js +849 -0
package/bin/runners/lib/analyzers.js +599 -142
package/bin/runners/lib/audit-logger.js +532 -0
package/bin/runners/lib/authority/authorities/architecture.js +364 -0
package/bin/runners/lib/authority/authorities/compliance.js +341 -0
package/bin/runners/lib/authority/authorities/human.js +343 -0
package/bin/runners/lib/authority/authorities/quality.js +420 -0
package/bin/runners/lib/authority/authorities/security.js +228 -0
package/bin/runners/lib/authority/index.js +293 -0
package/bin/runners/lib/authority-badge.js +425 -425
package/bin/runners/lib/bundle/bundle-intelligence.js +846 -0
package/bin/runners/lib/cli-charts.js +368 -0
package/bin/runners/lib/cli-config-display.js +405 -0
package/bin/runners/lib/cli-demo.js +275 -0
package/bin/runners/lib/cli-errors.js +438 -0
package/bin/runners/lib/cli-help-formatter.js +439 -0
package/bin/runners/lib/cli-interactive-menu.js +509 -0
package/bin/runners/lib/cli-prompts.js +441 -0
package/bin/runners/lib/cli-scan-cards.js +362 -0
package/bin/runners/lib/compliance-reporter.js +710 -0
package/bin/runners/lib/conductor/index.js +671 -0
package/bin/runners/lib/easy/README.md +123 -0
package/bin/runners/lib/easy/index.js +140 -0
package/bin/runners/lib/easy/interactive-wizard.js +788 -0
package/bin/runners/lib/easy/one-click-firewall.js +564 -0
package/bin/runners/lib/easy/zero-config-reality.js +714 -0
package/bin/runners/lib/engines/accessibility-engine.js +218 -18
package/bin/runners/lib/engines/api-consistency-engine.js +335 -30
package/bin/runners/lib/engines/async-patterns-engine.js +444 -0
package/bin/runners/lib/engines/bundle-size-engine.js +433 -0
package/bin/runners/lib/engines/confidence-scoring.js +276 -0
package/bin/runners/lib/engines/context-detection.js +264 -0
package/bin/runners/lib/engines/cross-file-analysis-engine.js +292 -27
package/bin/runners/lib/engines/database-patterns-engine.js +429 -0
package/bin/runners/lib/engines/duplicate-code-engine.js +354 -0
package/bin/runners/lib/engines/empty-catch-engine.js +127 -17
package/bin/runners/lib/engines/env-variables-engine.js +458 -0
package/bin/runners/lib/engines/error-handling-engine.js +437 -0
package/bin/runners/lib/engines/false-positive-prevention.js +630 -0
package/bin/runners/lib/engines/framework-adapters/index.js +607 -0
package/bin/runners/lib/engines/framework-detection.js +508 -0
package/bin/runners/lib/engines/import-order-engine.js +429 -0
package/bin/runners/lib/engines/mock-data-engine.js +53 -10
package/bin/runners/lib/engines/naming-conventions-engine.js +544 -0
package/bin/runners/lib/engines/noise-reduction-engine.js +452 -0
package/bin/runners/lib/engines/orchestrator.js +334 -0
package/bin/runners/lib/engines/performance-issues-engine.js +176 -36
package/bin/runners/lib/engines/react-patterns-engine.js +457 -0
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +382 -54
package/bin/runners/lib/engines/type-aware-engine.js +263 -39
package/bin/runners/lib/engines/vibecheck-engines/index.js +122 -13
package/bin/runners/lib/engines/vibecheck-engines/lib/ai-hallucination-engine.js +806 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +373 -73
package/bin/runners/lib/engines/vibecheck-engines/lib/smart-fix-engine.js +577 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/vibe-score-engine.js +543 -0
package/bin/runners/lib/engines/vibecheck-engines.js +514 -0
package/bin/runners/lib/enhanced-features/index.js +305 -0
package/bin/runners/lib/enhanced-output.js +631 -0
package/bin/runners/lib/enterprise.js +300 -0
package/bin/runners/lib/entitlements-v2.js +161 -478
package/bin/runners/lib/firewall/command-validator.js +351 -0
package/bin/runners/lib/firewall/config.js +341 -0
package/bin/runners/lib/firewall/content-validator.js +519 -0
package/bin/runners/lib/firewall/index.js +101 -0
package/bin/runners/lib/firewall/path-validator.js +256 -0
package/bin/runners/lib/html-proof-report.js +350 -700
package/bin/runners/lib/intelligence/cross-repo-intelligence.js +817 -0
package/bin/runners/lib/mcp-utils.js +425 -0
package/bin/runners/lib/missions/plan.js +46 -6
package/bin/runners/lib/missions/templates.js +232 -0
package/bin/runners/lib/output/index.js +1022 -0
package/bin/runners/lib/policy-engine.js +652 -0
package/bin/runners/lib/polish/autofix/accessibility-fixes.js +333 -0
package/bin/runners/lib/polish/autofix/async-handlers.js +273 -0
package/bin/runners/lib/polish/autofix/dead-code.js +280 -0
package/bin/runners/lib/polish/autofix/imports-optimizer.js +344 -0
package/bin/runners/lib/polish/autofix/index.js +200 -0
package/bin/runners/lib/polish/autofix/remove-consoles.js +209 -0
package/bin/runners/lib/polish/autofix/strengthen-types.js +245 -0
package/bin/runners/lib/polish/backend-checks.js +148 -0
package/bin/runners/lib/polish/documentation-checks.js +111 -0
package/bin/runners/lib/polish/frontend-checks.js +168 -0
package/bin/runners/lib/polish/index.js +71 -0
package/bin/runners/lib/polish/infrastructure-checks.js +131 -0
package/bin/runners/lib/polish/library-detection.js +175 -0
package/bin/runners/lib/polish/performance-checks.js +100 -0
package/bin/runners/lib/polish/security-checks.js +148 -0
package/bin/runners/lib/polish/utils.js +203 -0
package/bin/runners/lib/prompt-builder.js +540 -0
package/bin/runners/lib/proof-certificate.js +634 -0
package/bin/runners/lib/reality/accessibility-audit.js +946 -0
package/bin/runners/lib/reality/api-contract-validator.js +1012 -0
package/bin/runners/lib/reality/chaos-engineering.js +1084 -0
package/bin/runners/lib/reality/performance-tracker.js +1077 -0
package/bin/runners/lib/reality/scenario-generator.js +1404 -0
package/bin/runners/lib/reality/visual-regression.js +852 -0
package/bin/runners/lib/reality-profiler.js +717 -0
package/bin/runners/lib/replay/flight-recorder-viewer.js +1160 -0
package/bin/runners/lib/review/ai-code-review.js +832 -0
package/bin/runners/lib/rules/custom-rule-engine.js +985 -0
package/bin/runners/lib/sbom-generator.js +641 -0
package/bin/runners/lib/scan-output-enhanced.js +512 -0
package/bin/runners/lib/scan-output.js +65 -19
package/bin/runners/lib/security/owasp-scanner.js +939 -0
package/bin/runners/lib/ship-output.js +18 -25
package/bin/runners/lib/terminal-ui.js +113 -1
package/bin/runners/lib/unified-cli-output.js +603 -430
package/bin/runners/lib/upsell.js +90 -338
package/bin/runners/lib/validators/contract-validator.js +283 -0
package/bin/runners/lib/validators/dead-export-detector.js +279 -0
package/bin/runners/lib/validators/dep-audit.js +245 -0
package/bin/runners/lib/validators/env-validator.js +319 -0
package/bin/runners/lib/validators/index.js +120 -0
package/bin/runners/lib/validators/license-checker.js +252 -0
package/bin/runners/lib/validators/route-validator.js +290 -0
package/bin/runners/runAIAgent.js +5 -10
package/bin/runners/runAgent.js +3 -0
package/bin/runners/runApprove.js +1233 -1200
package/bin/runners/runAuth.js +22 -1
package/bin/runners/runAuthority.js +528 -0
package/bin/runners/runCheckpoint.js +4 -24
package/bin/runners/runClassify.js +862 -859
package/bin/runners/runConductor.js +772 -0
package/bin/runners/runContainer.js +366 -0
package/bin/runners/runContext.js +3 -0
package/bin/runners/runDoctor.js +28 -41
package/bin/runners/runEasy.js +410 -0
package/bin/runners/runFirewall.js +3 -0
package/bin/runners/runFirewallHook.js +3 -0
package/bin/runners/runFix.js +76 -66
package/bin/runners/runGuard.js +411 -18
package/bin/runners/runIaC.js +372 -0
package/bin/runners/runInit.js +10 -60
package/bin/runners/runMcp.js +11 -12
package/bin/runners/runPolish.js +240 -64
package/bin/runners/runPromptFirewall.js +5 -12
package/bin/runners/runProve.js +20 -55
package/bin/runners/runReality.js +68 -59
package/bin/runners/runReport.js +31 -5
package/bin/runners/runRuntime.js +5 -8
package/bin/runners/runScan.js +194 -1273
package/bin/runners/runShip.js +695 -47
package/bin/runners/runTruth.js +3 -0
package/bin/runners/runValidate.js +7 -11
package/bin/runners/runVibe.js +791 -0
package/bin/runners/runWatch.js +14 -23
package/bin/vibecheck.js +179 -65
package/mcp-server/index.js +202 -636
package/mcp-server/lib/api-client.cjs +7 -299
package/mcp-server/package.json +1 -1
package/mcp-server/tier-auth.js +175 -574
package/mcp-server/tools-v3.js +800 -505
package/mcp-server/tools.js +495 -0
package/package.json +1 -1
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +0 -164
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +0 -291
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +0 -83
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +0 -198
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +0 -275
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +0 -167
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +0 -217
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +0 -140
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +0 -164
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +0 -234
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +0 -217
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +0 -78
package/mcp-server/index-v1.js +0 -698

package/bin/runners/lib/authority/index.js ADDED Viewed

@@ -0,0 +1,293 @@
+/**
+ * Authority System - The AI That Says No
+ *
+ * Allows designated approvers (human or automated) to sign off on changes.
+ *
+ * Built-in Authorities:
+ * - security: Security review (checks for vulnerabilities)
+ * - architecture: Architecture review (patterns, structure)
+ * - compliance: Compliance check (SOC2, GDPR, HIPAA, etc.)
+ * - quality: Code quality review
+ * - human: Requires human approval (creates GitHub issue/Slack message)
+ *
+ * @example
+ * const { listAuthorities, requestApproval } = require('./authority');
+ *
+ * // List available authorities
+ * const authorities = await listAuthorities();
+ *
+ * // Request approval from security authority
+ * const result = await requestApproval('security', {
+ *   files: [{ path: 'src/auth.ts', content: '...' }],
+ *   diff: '+ const password = "secret123";',
+ * });
+ *
+ * console.log(result.verdict); // 'APPROVED' or 'REJECTED'
+ */
+"use strict";
+const { SecurityAuthority } = require("./authorities/security");
+const { ArchitectureAuthority } = require("./authorities/architecture");
+const { ComplianceAuthority } = require("./authorities/compliance");
+const { QualityAuthority } = require("./authorities/quality");
+const { HumanAuthority } = require("./authorities/human");
+// ═══════════════════════════════════════════════════════════════════════════════
+// AUTHORITY REGISTRY
+// ═══════════════════════════════════════════════════════════════════════════════
+const AUTHORITIES = {
+  security: SecurityAuthority,
+  architecture: ArchitectureAuthority,
+  compliance: ComplianceAuthority,
+  quality: QualityAuthority,
+  human: HumanAuthority,
+};
+// ═══════════════════════════════════════════════════════════════════════════════
+// PUBLIC API
+// ═══════════════════════════════════════════════════════════════════════════════
+/**
+ * List all available approval authorities
+ *
+ * @returns {Promise<Array<{name: string, description: string, automated: boolean, tier: string}>>}
+ */
+async function listAuthorities() {
+  return Object.entries(AUTHORITIES).map(([name, Authority]) => ({
+    name,
+    description: Authority.description,
+    automated: Authority.automated,
+    tier: Authority.tier,
+  }));
+}
+/**
+ * Get a specific authority by name
+ *
+ * @param {string} authorityName - Name of the authority
+ * @returns {Object|null} Authority class or null if not found
+ */
+function getAuthority(authorityName) {
+  return AUTHORITIES[authorityName] || null;
+}
+/**
+ * Check if an authority exists
+ *
+ * @param {string} authorityName - Name of the authority
+ * @returns {boolean}
+ */
+function hasAuthority(authorityName) {
+  return authorityName in AUTHORITIES;
+}
+/**
+ * Request approval from a specific authority
+ *
+ * @param {string} authorityName - Name of the authority to request approval from
+ * @param {Object} payload - The payload to review
+ * @param {Array<{path: string, content: string}>} payload.files - Files to review
+ * @param {string} payload.diff - Git diff of changes
+ * @param {Object} payload.context - Additional context (branch, commit, etc.)
+ * @param {Object} options - Additional options for the authority
+ * @returns {Promise<{
+ *   authority: string,
+ *   verdict: 'APPROVED' | 'REJECTED' | 'PENDING',
+ *   reason: string,
+ *   findings: Array<Object>,
+ *   timestamp: string,
+ *   signature: string,
+ *   metadata?: Object
+ * }>}
+ */
+async function requestApproval(authorityName, payload, options = {}) {
+  const Authority = AUTHORITIES[authorityName];
+  if (!Authority) {
+    throw new Error(`Unknown authority: ${authorityName}`);
+  }
+  const authority = new Authority(options);
+  const result = await authority.review(payload);
+  // Determine verdict from result
+  let verdict;
+  if (result.status === "pending") {
+    verdict = "PENDING";
+  } else {
+    verdict = result.approved ? "APPROVED" : "REJECTED";
+  }
+  return {
+    authority: authorityName,
+    verdict,
+    reason: result.reason,
+    findings: result.findings || [],
+    timestamp: new Date().toISOString(),
+    signature: result.signature,
+    metadata: result.metadata,
+    // Include additional fields from specific authorities
+    ...(result.qualityScore !== undefined && { qualityScore: result.qualityScore }),
+    ...(result.metrics && { metrics: result.metrics }),
+    ...(result.approvalRequest && { approvalRequest: result.approvalRequest }),
+    ...(result.notifications && { notifications: result.notifications }),
+    ...(result.existingApproval && { existingApproval: result.existingApproval }),
+  };
+}
+/**
+ * Run multiple authorities in parallel
+ *
+ * @param {string[]} authorityNames - Names of authorities to run
+ * @param {Object} payload - The payload to review
+ * @param {Object} options - Options passed to each authority
+ * @returns {Promise<Array<Object>>} Results from all authorities
+ */
+async function requestMultipleApprovals(authorityNames, payload, options = {}) {
+  const results = await Promise.all(
+    authorityNames.map(name =>
+      requestApproval(name, payload, options[name] || {})
+        .catch(error => ({
+          authority: name,
+          verdict: "ERROR",
+          reason: error.message,
+          findings: [],
+          timestamp: new Date().toISOString(),
+          signature: null,
+          error: true,
+        }))
+    )
+  );
+  return results;
+}
+/**
+ * Get aggregated verdict from multiple authority results
+ *
+ * @param {Array<Object>} results - Results from requestMultipleApprovals
+ * @returns {{
+ *   verdict: 'APPROVED' | 'REJECTED' | 'PENDING',
+ *   summary: Object,
+ *   blockers: Array<string>
+ * }}
+ */
+function getAggregatedVerdict(results) {
+  const summary = {
+    total: results.length,
+    approved: 0,
+    rejected: 0,
+    pending: 0,
+    error: 0,
+  };
+  const blockers = [];
+  for (const result of results) {
+    switch (result.verdict) {
+      case "APPROVED":
+        summary.approved++;
+        break;
+      case "REJECTED":
+        summary.rejected++;
+        blockers.push(`${result.authority}: ${result.reason}`);
+        break;
+      case "PENDING":
+        summary.pending++;
+        blockers.push(`${result.authority}: Awaiting approval`);
+        break;
+      case "ERROR":
+        summary.error++;
+        blockers.push(`${result.authority}: Error - ${result.reason}`);
+        break;
+    }
+  }
+  let verdict;
+  if (summary.rejected > 0 || summary.error > 0) {
+    verdict = "REJECTED";
+  } else if (summary.pending > 0) {
+    verdict = "PENDING";
+  } else {
+    verdict = "APPROVED";
+  }
+  return {
+    verdict,
+    summary,
+    blockers,
+  };
+}
+/**
+ * Register a custom authority
+ *
+ * @param {string} name - Name for the authority
+ * @param {Function} AuthorityClass - Authority class with static description, automated, tier properties
+ */
+function registerAuthority(name, AuthorityClass) {
+  if (AUTHORITIES[name]) {
+    throw new Error(`Authority "${name}" is already registered`);
+  }
+  if (!AuthorityClass.description) {
+    throw new Error("Authority class must have a static 'description' property");
+  }
+  if (typeof AuthorityClass.prototype.review !== "function") {
+    throw new Error("Authority class must have a 'review' method");
+  }
+  AUTHORITIES[name] = AuthorityClass;
+}
+/**
+ * Unregister a custom authority (built-in authorities cannot be removed)
+ *
+ * @param {string} name - Name of the authority to remove
+ */
+function unregisterAuthority(name) {
+  const builtInAuthorities = ["security", "architecture", "compliance", "quality", "human"];
+  if (builtInAuthorities.includes(name)) {
+    throw new Error(`Cannot unregister built-in authority: ${name}`);
+  }
+  if (!AUTHORITIES[name]) {
+    throw new Error(`Authority "${name}" is not registered`);
+  }
+  delete AUTHORITIES[name];
+}
+// ═══════════════════════════════════════════════════════════════════════════════
+// EXPORTS
+// ═══════════════════════════════════════════════════════════════════════════════
+module.exports = {
+  // Core API
+  listAuthorities,
+  requestApproval,
+  requestMultipleApprovals,
+  getAggregatedVerdict,
+  // Authority management
+  getAuthority,
+  hasAuthority,
+  registerAuthority,
+  unregisterAuthority,
+  // Authority classes (for extension/testing)
+  SecurityAuthority,
+  ArchitectureAuthority,
+  ComplianceAuthority,
+  QualityAuthority,
+  HumanAuthority,
+  // Registry (read-only access)
+  get AUTHORITIES() {
+    return { ...AUTHORITIES };
+  },
+};