npm - @vibecheckai/cli - Versions diffs - 3.4.0 → 3.5.1 - Mend

@vibecheckai/cli 3.4.0 → 3.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (228) hide show

package/bin/registry.js +154 -338
package/bin/runners/context/generators/mcp.js +13 -15
package/bin/runners/context/proof-context.js +1 -248
package/bin/runners/lib/analysis-core.js +180 -198
package/bin/runners/lib/analyzers.js +223 -1669
package/bin/runners/lib/cli-output.js +210 -242
package/bin/runners/lib/detectors-v2.js +785 -547
package/bin/runners/lib/entitlements-v2.js +458 -96
package/bin/runners/lib/error-handler.js +9 -16
package/bin/runners/lib/global-flags.js +0 -37
package/bin/runners/lib/route-truth.js +322 -1167
package/bin/runners/lib/scan-output.js +469 -448
package/bin/runners/lib/ship-output.js +27 -280
package/bin/runners/lib/terminal-ui.js +733 -231
package/bin/runners/lib/truth.js +321 -1004
package/bin/runners/lib/unified-output.js +158 -162
package/bin/runners/lib/upsell.js +204 -104
package/bin/runners/runAllowlist.js +324 -0
package/bin/runners/runAuth.js +95 -324
package/bin/runners/runCheckpoint.js +21 -39
package/bin/runners/runContext.js +24 -136
package/bin/runners/runDoctor.js +67 -115
package/bin/runners/runEvidencePack.js +219 -0
package/bin/runners/runFix.js +5 -6
package/bin/runners/runGuard.js +118 -212
package/bin/runners/runInit.js +2 -14
package/bin/runners/runInstall.js +281 -0
package/bin/runners/runLabs.js +341 -0
package/bin/runners/runMcp.js +52 -130
package/bin/runners/runPolish.js +20 -43
package/bin/runners/runProve.js +3 -13
package/bin/runners/runReality.js +0 -14
package/bin/runners/runReport.js +2 -3
package/bin/runners/runScan.js +44 -511
package/bin/runners/runShip.js +14 -28
package/bin/runners/runValidate.js +2 -19
package/bin/runners/runWatch.js +54 -118
package/bin/vibecheck.js +41 -148
package/mcp-server/ARCHITECTURE.md +339 -0
package/mcp-server/__tests__/cache.test.ts +313 -0
package/mcp-server/__tests__/executor.test.ts +239 -0
package/mcp-server/__tests__/fixtures/exclusion-test/.cache/webpack/cache.pack +1 -0
package/mcp-server/__tests__/fixtures/exclusion-test/.next/server/chunk.js +3 -0
package/mcp-server/__tests__/fixtures/exclusion-test/.turbo/cache.json +3 -0
package/mcp-server/__tests__/fixtures/exclusion-test/.venv/lib/env.py +3 -0
package/mcp-server/__tests__/fixtures/exclusion-test/dist/bundle.js +3 -0
package/mcp-server/__tests__/fixtures/exclusion-test/package.json +5 -0
package/mcp-server/__tests__/fixtures/exclusion-test/src/app.ts +5 -0
package/mcp-server/__tests__/fixtures/exclusion-test/venv/lib/config.py +4 -0
package/mcp-server/__tests__/ids.test.ts +345 -0
package/mcp-server/__tests__/integration/tools.test.ts +410 -0
package/mcp-server/__tests__/registry.test.ts +365 -0
package/mcp-server/__tests__/sandbox.test.ts +323 -0
package/mcp-server/__tests__/schemas.test.ts +372 -0
package/mcp-server/benchmarks/run-benchmarks.ts +304 -0
package/mcp-server/examples/doctor.request.json +14 -0
package/mcp-server/examples/doctor.response.json +53 -0
package/mcp-server/examples/error.response.json +15 -0
package/mcp-server/examples/scan.request.json +14 -0
package/mcp-server/examples/scan.response.json +108 -0
package/mcp-server/handlers/tool-handler.ts +671 -0
package/mcp-server/index-v3.ts +293 -0
package/mcp-server/index.js +1072 -1573
package/mcp-server/index.old.js +4137 -0
package/mcp-server/lib/cache.ts +341 -0
package/mcp-server/lib/errors.ts +346 -0
package/mcp-server/lib/executor.ts +792 -0
package/mcp-server/lib/ids.ts +238 -0
package/mcp-server/lib/logger.ts +368 -0
package/mcp-server/lib/metrics.ts +365 -0
package/mcp-server/lib/sandbox.ts +337 -0
package/mcp-server/lib/validator.ts +229 -0
package/mcp-server/package-lock.json +165 -0
package/mcp-server/package.json +32 -7
package/mcp-server/premium-tools.js +2 -2
package/mcp-server/registry/tools.json +476 -0
package/mcp-server/schemas/error-envelope.schema.json +125 -0
package/mcp-server/schemas/finding.schema.json +167 -0
package/mcp-server/schemas/report-artifact.schema.json +88 -0
package/mcp-server/schemas/run-request.schema.json +75 -0
package/mcp-server/schemas/verdict.schema.json +168 -0
package/mcp-server/tier-auth.d.ts +71 -0
package/mcp-server/tier-auth.js +371 -183
package/mcp-server/truth-context.js +90 -131
package/mcp-server/truth-firewall-tools.js +1000 -1611
package/mcp-server/tsconfig.json +34 -0
package/mcp-server/vibecheck-tools.js +2 -2
package/mcp-server/vitest.config.ts +16 -0
package/package.json +3 -4
package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +0 -474
package/bin/runners/lib/agent-firewall/change-packet/builder.js +0 -488
package/bin/runners/lib/agent-firewall/change-packet/schema.json +0 -228
package/bin/runners/lib/agent-firewall/change-packet/store.js +0 -200
package/bin/runners/lib/agent-firewall/claims/claim-types.js +0 -21
package/bin/runners/lib/agent-firewall/claims/extractor.js +0 -303
package/bin/runners/lib/agent-firewall/claims/patterns.js +0 -24
package/bin/runners/lib/agent-firewall/critic/index.js +0 -151
package/bin/runners/lib/agent-firewall/critic/judge.js +0 -432
package/bin/runners/lib/agent-firewall/critic/prompts.js +0 -305
package/bin/runners/lib/agent-firewall/evidence/auth-evidence.js +0 -88
package/bin/runners/lib/agent-firewall/evidence/contract-evidence.js +0 -75
package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +0 -127
package/bin/runners/lib/agent-firewall/evidence/resolver.js +0 -102
package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +0 -213
package/bin/runners/lib/agent-firewall/evidence/side-effect-evidence.js +0 -145
package/bin/runners/lib/agent-firewall/fs-hook/daemon.js +0 -19
package/bin/runners/lib/agent-firewall/fs-hook/installer.js +0 -87
package/bin/runners/lib/agent-firewall/fs-hook/watcher.js +0 -184
package/bin/runners/lib/agent-firewall/git-hook/pre-commit.js +0 -163
package/bin/runners/lib/agent-firewall/ide-extension/cursor.js +0 -107
package/bin/runners/lib/agent-firewall/ide-extension/vscode.js +0 -68
package/bin/runners/lib/agent-firewall/ide-extension/windsurf.js +0 -66
package/bin/runners/lib/agent-firewall/interceptor/base.js +0 -304
package/bin/runners/lib/agent-firewall/interceptor/cursor.js +0 -35
package/bin/runners/lib/agent-firewall/interceptor/vscode.js +0 -35
package/bin/runners/lib/agent-firewall/interceptor/windsurf.js +0 -34
package/bin/runners/lib/agent-firewall/lawbook/distributor.js +0 -465
package/bin/runners/lib/agent-firewall/lawbook/evaluator.js +0 -604
package/bin/runners/lib/agent-firewall/lawbook/index.js +0 -304
package/bin/runners/lib/agent-firewall/lawbook/registry.js +0 -514
package/bin/runners/lib/agent-firewall/lawbook/schema.js +0 -420
package/bin/runners/lib/agent-firewall/logger.js +0 -141
package/bin/runners/lib/agent-firewall/policy/default-policy.json +0 -90
package/bin/runners/lib/agent-firewall/policy/engine.js +0 -103
package/bin/runners/lib/agent-firewall/policy/loader.js +0 -451
package/bin/runners/lib/agent-firewall/policy/rules/auth-drift.js +0 -50
package/bin/runners/lib/agent-firewall/policy/rules/contract-drift.js +0 -50
package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +0 -86
package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js +0 -162
package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +0 -189
package/bin/runners/lib/agent-firewall/policy/rules/scope.js +0 -93
package/bin/runners/lib/agent-firewall/policy/rules/unsafe-side-effect.js +0 -57
package/bin/runners/lib/agent-firewall/policy/schema.json +0 -183
package/bin/runners/lib/agent-firewall/policy/verdict.js +0 -54
package/bin/runners/lib/agent-firewall/proposal/extractor.js +0 -394
package/bin/runners/lib/agent-firewall/proposal/index.js +0 -212
package/bin/runners/lib/agent-firewall/proposal/schema.js +0 -251
package/bin/runners/lib/agent-firewall/proposal/validator.js +0 -386
package/bin/runners/lib/agent-firewall/reality/index.js +0 -332
package/bin/runners/lib/agent-firewall/reality/state.js +0 -625
package/bin/runners/lib/agent-firewall/reality/watcher.js +0 -322
package/bin/runners/lib/agent-firewall/risk/index.js +0 -173
package/bin/runners/lib/agent-firewall/risk/scorer.js +0 -328
package/bin/runners/lib/agent-firewall/risk/thresholds.js +0 -321
package/bin/runners/lib/agent-firewall/risk/vectors.js +0 -421
package/bin/runners/lib/agent-firewall/simulator/diff-simulator.js +0 -472
package/bin/runners/lib/agent-firewall/simulator/import-resolver.js +0 -346
package/bin/runners/lib/agent-firewall/simulator/index.js +0 -181
package/bin/runners/lib/agent-firewall/simulator/route-validator.js +0 -380
package/bin/runners/lib/agent-firewall/time-machine/incident-correlator.js +0 -661
package/bin/runners/lib/agent-firewall/time-machine/index.js +0 -267
package/bin/runners/lib/agent-firewall/time-machine/replay-engine.js +0 -436
package/bin/runners/lib/agent-firewall/time-machine/state-reconstructor.js +0 -490
package/bin/runners/lib/agent-firewall/time-machine/timeline-builder.js +0 -530
package/bin/runners/lib/agent-firewall/truthpack/index.js +0 -67
package/bin/runners/lib/agent-firewall/truthpack/loader.js +0 -137
package/bin/runners/lib/agent-firewall/unblock/planner.js +0 -337
package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +0 -118
package/bin/runners/lib/api-client.js +0 -269
package/bin/runners/lib/authority-badge.js +0 -425
package/bin/runners/lib/engines/accessibility-engine.js +0 -190
package/bin/runners/lib/engines/api-consistency-engine.js +0 -162
package/bin/runners/lib/engines/ast-cache.js +0 -99
package/bin/runners/lib/engines/code-quality-engine.js +0 -255
package/bin/runners/lib/engines/console-logs-engine.js +0 -115
package/bin/runners/lib/engines/cross-file-analysis-engine.js +0 -268
package/bin/runners/lib/engines/dead-code-engine.js +0 -198
package/bin/runners/lib/engines/deprecated-api-engine.js +0 -226
package/bin/runners/lib/engines/empty-catch-engine.js +0 -150
package/bin/runners/lib/engines/file-filter.js +0 -131
package/bin/runners/lib/engines/hardcoded-secrets-engine.js +0 -251
package/bin/runners/lib/engines/mock-data-engine.js +0 -272
package/bin/runners/lib/engines/parallel-processor.js +0 -71
package/bin/runners/lib/engines/performance-issues-engine.js +0 -265
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +0 -243
package/bin/runners/lib/engines/todo-fixme-engine.js +0 -115
package/bin/runners/lib/engines/type-aware-engine.js +0 -152
package/bin/runners/lib/engines/unsafe-regex-engine.js +0 -225
package/bin/runners/lib/engines/vibecheck-engines/README.md +0 -53
package/bin/runners/lib/engines/vibecheck-engines/index.js +0 -15
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +0 -164
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +0 -291
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +0 -83
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +0 -198
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +0 -275
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +0 -167
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +0 -217
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +0 -139
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +0 -140
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +0 -164
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +0 -234
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +0 -217
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +0 -78
package/bin/runners/lib/engines/vibecheck-engines/package.json +0 -13
package/bin/runners/lib/exit-codes.js +0 -275
package/bin/runners/lib/fingerprint.js +0 -377
package/bin/runners/lib/help-formatter.js +0 -413
package/bin/runners/lib/logger.js +0 -38
package/bin/runners/lib/ship-output-enterprise.js +0 -239
package/bin/runners/lib/unified-cli-output.js +0 -604
package/bin/runners/runAgent.d.ts +0 -5
package/bin/runners/runAgent.js +0 -161
package/bin/runners/runApprove.js +0 -1200
package/bin/runners/runClassify.js +0 -859
package/bin/runners/runContext.d.ts +0 -4
package/bin/runners/runFirewall.d.ts +0 -5
package/bin/runners/runFirewall.js +0 -134
package/bin/runners/runFirewallHook.d.ts +0 -5
package/bin/runners/runFirewallHook.js +0 -56
package/bin/runners/runPolish.d.ts +0 -4
package/bin/runners/runProof.zip +0 -0
package/bin/runners/runTruth.d.ts +0 -5
package/bin/runners/runTruth.js +0 -101
package/mcp-server/HARDENING_SUMMARY.md +0 -299
package/mcp-server/agent-firewall-interceptor.js +0 -500
package/mcp-server/authority-tools.js +0 -569
package/mcp-server/conductor/conflict-resolver.js +0 -588
package/mcp-server/conductor/execution-planner.js +0 -544
package/mcp-server/conductor/index.js +0 -377
package/mcp-server/conductor/lock-manager.js +0 -615
package/mcp-server/conductor/request-queue.js +0 -550
package/mcp-server/conductor/session-manager.js +0 -500
package/mcp-server/conductor/tools.js +0 -510
package/mcp-server/lib/api-client.cjs +0 -13
package/mcp-server/lib/logger.cjs +0 -30
package/mcp-server/logger.js +0 -173
package/mcp-server/tools-v3.js +0 -706
package/mcp-server/vibecheck-mcp-server-3.2.0.tgz +0 -0

package/bin/registry.js CHANGED Viewed

@@ -1,43 +1,42 @@
 /**
- * Vibecheck CLI Command Registry
+ * Vibecheck CLI Command Registry (LOCKED)
  *
  * Single source of truth for the public CLI surface.
  * If it isn't here, it does not exist.
- *
- * Simple 2-tier model:
- * - FREE ($0): Inspect & Observe
- * - PRO ($69/mo): Fix, Prove & Enforce
  */
 "use strict";
 // ─────────────────────────────────────────────────────────────
-// CLI COMMANDS (2-tier: FREE / PRO)
+// CORE 13 + APPROVED EXTRAS (locked surface area)
 // ─────────────────────────────────────────────────────────────
 const ALLOWED_COMMANDS = new Set([
-  // FREE (10) - Inspect & Observe
-  "init",       // one-time setup
-  "doctor",     // health check
-  "watch",      // continuous mode
-  "scan",       // static analysis
-  "report",     // generate reports
-  "context",    // generate IDE rules
-  "classify",   // Authority: inventory (read-only)
-  "login",      // authenticate
-  "logout",     // remove credentials
-  "whoami",     // show current user
-  // PRO (9) - Fix, Prove & Enforce
-  "ship",       // verdict engine (GO/NO-GO)
-  "fix",        // AI-powered fixes
-  "prove",      // runtime proof
-  "reality",    // browser verification
-  "gate",       // CI/CD enforcement
-  "guard",      // AI guardrails
-  "mcp",        // MCP server
-  "checkpoint", // baseline comparison
-  "approve",    // Authority: verdicts
-  "polish",     // production polish
+  // Core 13
+  "init",
+  "doctor",
+  "scan",
+  "report",
+  "fix",
+  "watch",
+  "checkpoint",
+  "polish",
+  "ship",
+  "prove",   // replaces ctx
+  "reality", // runtime crawl
+  "context",
+  "guard",
+  // Proof artifacts (new)
+  "evidence-pack",
+  "allowlist",
+  // Approved extras
+  "mcp",
+  "login",
+  "logout",
+  "whoami",
+  "ai-test",
+  "labs",
 ]);
 function assertAllowedOnly(obj) {
@@ -48,424 +47,241 @@ function assertAllowedOnly(obj) {
 }
 // ─────────────────────────────────────────────────────────────
-// COMMANDS - 2-Tier: FREE and PRO ($69/mo)
+// COMMANDS (ALLOWED ONLY)
 // ─────────────────────────────────────────────────────────────
 const COMMANDS = {
-  // ══════════════════════════════════════════════════════════════
-  // FREE TIER - Inspect & Observe
-  // ══════════════════════════════════════════════════════════════
+  // ── SETUP ───────────────────────────────────────────────────
   init: {
     description: "One-time setup (config + contracts + scripts)",
-    longDescription: "Initialize vibecheck in your project. Creates configuration files, sets up IDE rules, and optionally connects to the dashboard.",
     tier: "free",
     category: "setup",
     aliases: ["setup", "configure"],
     runner: () => require("./runners/runInit").runInit,
-    examples: [
-      { command: "vibecheck init", description: "Interactive setup wizard" },
-      { command: "vibecheck init --local", description: "Quick local-only setup" },
-      { command: "vibecheck init --quick", description: "Non-interactive defaults" },
-    ],
-    related: ["doctor", "scan"],
   },
   doctor: {
     description: "Environment + dependency + config health check",
-    longDescription: "Comprehensive diagnostics for your development environment.",
     tier: "free",
     category: "setup",
     aliases: ["health", "diag"],
     runner: () => require("./runners/runDoctor").runDoctor,
-    examples: [
-      { command: "vibecheck doctor", description: "Run all health checks" },
-      { command: "vibecheck doctor --fix", description: "Auto-fix detected issues" },
-      { command: "vibecheck doctor --json", description: "Output as JSON" },
-    ],
-    related: ["init", "scan"],
   },
   watch: {
     description: "Continuous mode - re-runs on changes",
-    longDescription: "File watcher that automatically re-runs scans when your code changes.",
     tier: "free",
     category: "setup",
     aliases: ["w", "dev"],
     runner: () => require("./runners/runWatch").runWatch,
-    examples: [
-      { command: "vibecheck watch", description: "Start watching" },
-      { command: "vibecheck watch --path ./src", description: "Watch specific directory" },
-    ],
-    related: ["scan"],
   },
+  // ── ANALYSIS ────────────────────────────────────────────────
+  checkpoint: {
+    description: "Compare baseline vs current, hallucination scoring",
+    tier: "free",
+    category: "analysis",
+    aliases: ["cp", "compare", "diff"],
+    caps: "basic on FREE, hallucination scoring on PRO",
+    runner: () => require("./runners/runCheckpoint").runCheckpoint,
+  },
+  // ── PROOF LOOP ──────────────────────────────────────────────
   scan: {
-    description: "Static code analysis; use --allowlist for false positives",
-    longDescription: "Scan your codebase for route integrity issues, security vulnerabilities, and code quality problems.",
+    description: "Route integrity & code analysis scanner",
     tier: "free",
     category: "proof",
     aliases: ["s", "check"],
     runner: () => require("./runners/runScan").runScan,
-    examples: [
-      { command: "vibecheck scan", description: "Quick scan" },
-      { command: "vibecheck scan --profile full", description: "Full scan" },
-      { command: "vibecheck scan --allowlist list", description: "View suppressed findings" },
-    ],
-    related: ["ship", "fix", "report"],
   },
   report: {
     description: "Generate HTML/MD/SARIF reports",
-    longDescription: "Create shareable reports from scan results.",
     tier: "free",
     category: "output",
+    caps: "HTML/MD only on FREE",
     aliases: ["html", "artifact"],
     runner: () => require("./runners/runReport").runReport,
-    examples: [
-      { command: "vibecheck report", description: "Generate HTML report" },
-      { command: "vibecheck report --format md", description: "Markdown report" },
-      { command: "vibecheck report --format sarif", description: "SARIF for GitHub" },
-    ],
-    related: ["scan"],
-  },
-  context: {
-    description: "Generate IDE rules (.cursorrules, MDC, Copilot)",
-    longDescription: "Generate project-aware AI coding rules for your IDE.",
-    tier: "free",
-    category: "truth",
-    aliases: ["rules", "ai-rules", "mdc", "ctx"],
-    runner: () => require("./runners/runContext").runContext,
-    examples: [
-      { command: "vibecheck context", description: "Generate all IDE rules" },
-      { command: "vibecheck context --format cursor", description: ".cursorrules only" },
-    ],
-    related: ["scan", "guard"],
-  },
-  classify: {
-    description: "Inventory authority - duplication & legacy code maps",
-    longDescription: "Read-only inventory of your codebase including duplication maps and legacy code detection.",
-    tier: "free",
-    category: "authority",
-    aliases: ["inventory", "audit"],
-    runner: () => require("./runners/runClassify").runClassify,
-    examples: [
-      { command: "vibecheck classify", description: "Quick inventory" },
-      { command: "vibecheck classify --json", description: "JSON output" },
-    ],
-    related: ["approve", "scan"],
   },
-  login: {
-    description: "Authenticate with API key",
-    longDescription: "Connect your CLI to the vibecheck API.",
-    tier: "free",
-    category: "account",
-    aliases: ["auth", "signin"],
-    runner: () => require("./runners/runAuth").runLogin,
-    skipAuth: true,
-    examples: [
-      { command: "vibecheck login", description: "Interactive login" },
-      { command: "vibecheck login --key YOUR_API_KEY", description: "Login with key" },
-    ],
-    related: ["logout", "whoami"],
-  },
-  logout: {
-    description: "Remove stored credentials",
+  fix: {
+    description: "AI-powered auto-fix",
     tier: "free",
-    category: "account",
-    aliases: ["signout"],
-    runner: () => require("./runners/runAuth").runLogout,
-    skipAuth: true,
-    examples: [
-      { command: "vibecheck logout", description: "Clear credentials" },
-    ],
-    related: ["login", "whoami"],
+    category: "proof",
+    caps: "--plan-only on FREE",
+    aliases: ["f", "repair"],
+    runner: () => require("./runners/runFix").runFix,
   },
-  whoami: {
-    description: "Show current user and plan",
+  reality: {
+    description: "Runtime proof (browser crawl)",
     tier: "free",
-    category: "account",
-    aliases: ["me", "user"],
-    runner: () => require("./runners/runAuth").runWhoami,
-    skipAuth: true,
-    examples: [
-      { command: "vibecheck whoami", description: "Show user info" },
-    ],
-    related: ["login", "logout"],
+    category: "proof",
+    caps: "preview mode on FREE (5 pages, no auth)",
+    aliases: ["r", "test", "e2e"],
+    runner: () => async (args, ctx) => {
+      const { runRuntime } = require("./runners/runRuntime");
+      return await runRuntime(["crawl", ...args], ctx);
+    },
   },
-  // ══════════════════════════════════════════════════════════════
-  // PRO TIER ($69/mo) - Fix, Prove & Enforce
-  // ══════════════════════════════════════════════════════════════
   ship: {
     description: "Verdict engine - SHIP / WARN / BLOCK",
-    longDescription: "The final word on whether your code is ready to ship. Combines all scan results and generates a clear verdict.",
-    tier: "pro",
+    tier: "free",
     category: "proof",
     aliases: ["verdict", "go"],
+    caps: "static-only on FREE",
     runner: () => require("./runners/runShip").runShip,
-    examples: [
-      { command: "vibecheck ship", description: "Get shipping verdict" },
-      { command: "vibecheck ship --strict", description: "Fail on warnings" },
-      { command: "vibecheck ship --badge", description: "Generate status badge" },
-    ],
-    related: ["scan", "prove", "fix"],
   },
-  fix: {
-    description: "AI-powered auto-fix for findings",
-    longDescription: "Generate AI prompts to fix detected issues. Use --apply to let AI make changes directly.",
+  prove: {
+    description: "One command reality proof - video + network evidence that your app works",
     tier: "pro",
     category: "proof",
-    aliases: ["f", "repair"],
-    runner: () => require("./runners/runFix").runFix,
-    examples: [
-      { command: "vibecheck fix", description: "Generate fix missions" },
-      { command: "vibecheck fix --apply", description: "Apply AI fixes" },
-      { command: "vibecheck fix --loop", description: "Fix loop until clean" },
-    ],
-    related: ["scan", "ship"],
+    aliases: ["p", "full", "all"],
+    caps: "video, trace, HAR recording enabled by default; CI-ready output",
+    runner: () => require("./runners/runProve").runProve,
   },
-  prove: {
-    description: "Full proof loop with runtime verification",
-    longDescription: "Complete verification cycle with runtime testing and evidence generation.",
-    tier: "pro",
+  // ── PROOF ARTIFACTS ─────────────────────────────────────────
+  "evidence-pack": {
+    description: "Bundle proof artifacts (videos, traces, screenshots) into shareable pack",
+    tier: "free",
     category: "proof",
-    aliases: ["p", "verify"],
-    runner: () => require("./runners/runProve").runProve,
-    examples: [
-      { command: "vibecheck prove", description: "Run full proof loop" },
-      { command: "vibecheck prove --url http://localhost:3000", description: "With runtime testing" },
-      { command: "vibecheck prove --bundle", description: "Generate evidence pack" },
-    ],
-    related: ["ship", "reality"],
+    aliases: ["pack", "bundle", "evidence"],
+    runner: () => require("./runners/runEvidencePack").runEvidencePack,
   },
-  reality: {
-    description: "Browser-based runtime verification",
-    longDescription: "Verify your app's runtime behavior with Playwright-powered browser testing.",
-    tier: "pro",
+  allowlist: {
+    description: "Manage finding allowlist (suppress false positives)",
+    tier: "free",
     category: "proof",
-    aliases: ["browser", "e2e"],
-    runner: () => require("./runners/runReality").runReality,
-    examples: [
-      { command: "vibecheck reality --url http://localhost:3000", description: "Test localhost" },
-      { command: "vibecheck reality --auth email:pass", description: "With authentication" },
-      { command: "vibecheck reality --agent", description: "AI agent testing" },
-    ],
-    related: ["prove", "ship"],
+    aliases: ["allow", "ignore", "whitelist"],
+    runner: () => require("./runners/runAllowlist").runAllowlist,
   },
-  gate: {
-    description: "CI/CD enforcement - fail builds on issues",
-    longDescription: "Enforce quality gates in your CI/CD pipeline.",
-    tier: "pro",
-    category: "automation",
-    aliases: ["ci", "enforce"],
-    runner: () => require("./runners/runGuard").runGate,
-    examples: [
-      { command: "vibecheck gate", description: "Run CI gate check" },
-      { command: "vibecheck gate --strict", description: "Strict mode" },
-    ],
-    related: ["ship", "scan"],
+  // ── QUALITY ────────────────────────────────────────────────
+  polish: {
+    description: "Production polish analyzer - finds missing essentials",
+    tier: "free",
+    category: "quality",
+    aliases: ["quality", "finalize", "ready"],
+    runner: () => require("./runners/runPolish").runPolish,
+  },
+  // ── AI TRUTH ───────────────────────────────────────────────
+  context: {
+    description: "Generate IDE rules (.cursorrules, MDC, Windsurf, Copilot)",
+    tier: "free",
+    category: "truth",
+    aliases: ["rules", "ai-rules", "mdc"],
+    runner: () => require("./runners/runContext").runContext,
   },
   guard: {
     description: "AI guardrails - prompt firewall & hallucination checking",
-    longDescription: "Validate AI-generated code and prompts. Detects prompt injection and verifies claims.",
-    tier: "pro",
+    tier: "free",
     category: "truth",
     aliases: ["ai-guard", "firewall", "validate"],
     runner: () => require("./runners/runGuard").runGuard,
-    examples: [
-      { command: "vibecheck guard", description: "Run all guardrail checks" },
-      { command: "vibecheck guard --claims", description: "Verify AI claims" },
-    ],
-    related: ["context", "fix"],
   },
+  // ── AUTOMATION ─────────────────────────────────────────────
   mcp: {
     description: "Start MCP server for AI IDEs",
-    longDescription: "Launch an MCP server for AI IDE integration.",
-    tier: "pro",
+    tier: "starter",
     category: "automation",
     aliases: [],
     runner: () => require("./runners/runMcp").runMcp,
-    examples: [
-      { command: "vibecheck mcp", description: "Start MCP server" },
-      { command: "vibecheck mcp --port 3099", description: "Custom port" },
-    ],
-    related: ["context"],
   },
-  checkpoint: {
-    description: "Compare baseline vs current, hallucination scoring",
-    longDescription: "Track changes between scan runs. Detects new issues, resolved issues, and regressions.",
+  "ai-test": {
+    description: "AI autonomous test (alias: runtime agent)",
     tier: "pro",
-    category: "analysis",
-    aliases: ["cp", "compare", "diff"],
-    runner: () => require("./runners/runCheckpoint").runCheckpoint,
-    examples: [
-      { command: "vibecheck checkpoint", description: "Compare against baseline" },
-      { command: "vibecheck checkpoint --set", description: "Save new baseline" },
-    ],
-    related: ["scan", "fix"],
+    category: "automation",
+    aliases: ["ai", "agent"],
+    runner: () => async (args, ctx) => {
+      const { runRuntime } = require("./runners/runRuntime");
+      return await runRuntime(["agent", ...args], ctx);
+    },
   },
-  approve: {
-    description: "Authority verdicts - PROCEED/STOP/DEFER with proofs",
-    longDescription: "Execute authorities to get structured verdicts with proofs.",
-    tier: "pro",
-    category: "authority",
-    aliases: ["auth-verdict", "authority"],
-    runner: () => require("./runners/runApprove").runApprove,
-    examples: [
-      { command: "vibecheck approve safe-consolidation", description: "Run authority" },
-      { command: "vibecheck approve --list", description: "List authorities" },
-    ],
-    related: ["classify", "ship"],
+  // ── ACCOUNT (skipAuth) ────────────────────────────────────
+  login: {
+    description: "Authenticate with API key",
+    tier: "free",
+    category: "account",
+    aliases: ["auth", "signin"],
+    runner: () => require("./runners/runAuth").runLogin,
+    skipAuth: true,
   },
-  polish: {
-    description: "Production polish - final cleanup before deploy",
-    longDescription: "Final production readiness checks and cleanup.",
-    tier: "pro",
-    category: "proof",
-    aliases: ["prod", "final"],
-    runner: () => require("./runners/runPolish").runPolish,
-    examples: [
-      { command: "vibecheck polish", description: "Run polish checks" },
-    ],
-    related: ["ship", "prove"],
+  logout: {
+    description: "Remove stored credentials",
+    tier: "free",
+    category: "account",
+    aliases: ["signout"],
+    runner: () => require("./runners/runAuth").runLogout,
+    skipAuth: true,
   },
-};
-// Validate that only allowed commands are defined
-assertAllowedOnly(COMMANDS);
-// ─────────────────────────────────────────────────────────────
-// TIER HELPERS
-// ─────────────────────────────────────────────────────────────
-function isPro(tier) {
-  return tier === "pro";
-}
-function requiresPro(commandName) {
-  const cmd = COMMANDS[commandName];
-  return cmd && cmd.tier === "pro";
-}
+  whoami: {
+    description: "Show current user and plan",
+    tier: "free",
+    category: "account",
+    aliases: ["me", "user"],
+    runner: () => require("./runners/runAuth").runWhoami,
+    skipAuth: true,
+  },
-function getFreeCommands() {
-  return Object.entries(COMMANDS)
-    .filter(([, cmd]) => cmd.tier === "free")
-    .map(([name]) => name);
-}
+  // ── EXTRAS ────────────────────────────────────────────────
+  labs: {
+    description: "Experimental features",
+    tier: "free",
+    category: "extras",
+    aliases: ["experimental", "beta"],
+    runner: () => require("./runners/runLabs").runLabs,
+  },
+};
-function getProCommands() {
-  return Object.entries(COMMANDS)
-    .filter(([, cmd]) => cmd.tier === "pro")
-    .map(([name]) => name);
-}
+assertAllowedOnly(COMMANDS);
 // ─────────────────────────────────────────────────────────────
-// BUILD DERIVED DATA STRUCTURES
+// DERIVED MAPS
 // ─────────────────────────────────────────────────────────────
-// Build alias map: { alias -> command }
 const ALIAS_MAP = {};
-for (const [cmdName, cmd] of Object.entries(COMMANDS)) {
-  if (cmd.aliases) {
-    for (const alias of cmd.aliases) {
-      ALIAS_MAP[alias] = cmdName;
-    }
-  }
+for (const [cmd, def] of Object.entries(COMMANDS)) {
+  for (const alias of def.aliases || []) ALIAS_MAP[alias] = cmd;
 }
-// All command names including aliases
-const ALL_COMMANDS = new Set([
+const ALL_COMMANDS = [
   ...Object.keys(COMMANDS),
-  ...Object.keys(ALIAS_MAP),
-]);
+  ...Object.values(COMMANDS).flatMap((c) => c.aliases || []),
+];
 // ─────────────────────────────────────────────────────────────
-// GETTERS
+// RUNNER LOADER
 // ─────────────────────────────────────────────────────────────
+function getRunner(cmd, styles = {}) {
+  const def = COMMANDS[cmd];
+  if (!def) return null;
+  const red = styles.red || "";
+  const reset = styles.reset || "";
+  const errorSym = styles.errorSymbol || "✗";
-function getRunner(cmd, opts = {}) {
-  // Resolve alias to canonical command
-  const canonicalCmd = ALIAS_MAP[cmd] || cmd;
-  const def = COMMANDS[canonicalCmd];
-  if (!def) {
-    return null;
-  }
-  if (!def.runner) {
-    return null;
-  }
   try {
     return def.runner();
   } catch (e) {
-    if (opts.red && opts.reset) {
-      console.error(`${opts.red}${opts.errorSymbol || '×'} Failed to load runner for ${cmd}: ${e.message}${opts.reset}`);
-    }
-    return null;
-  }
-}
-function getCommand(name) {
-  // Check direct name
-  if (COMMANDS[name]) return COMMANDS[name];
-  // Check alias map
-  const canonical = ALIAS_MAP[name];
-  if (canonical && COMMANDS[canonical]) {
-    return { ...COMMANDS[canonical], _resolvedFrom: name, _canonicalName: canonical };
+    return async () => {
+      console.error(`${red}${errorSym}${reset} Failed to load ${cmd}: ${e.message}`);
+      return 1;
+    };
   }
-  return null;
 }
-function resolveCommand(name) {
-  return ALIAS_MAP[name] || name;
-}
-// ─────────────────────────────────────────────────────────────
-// EXPORTS
-// ─────────────────────────────────────────────────────────────
 module.exports = {
-  // Core data
   COMMANDS,
-  ALLOWED_COMMANDS,
   ALIAS_MAP,
   ALL_COMMANDS,
-  // Tier helpers
-  isPro,
-  requiresPro,
-  getFreeCommands,
-  getProCommands,
-  // Getters
   getRunner,
-  getCommand,
-  resolveCommand,
-  listCommands: () => Object.keys(COMMANDS),
-  getCommandsByTier: (tier) =>
-    Object.entries(COMMANDS)
-      .filter(([, cmd]) => cmd.tier === tier)
-      .map(([name, cmd]) => ({ name, ...cmd })),
-  getCommandsByCategory: (category) =>
-    Object.entries(COMMANDS)
-      .filter(([, cmd]) => cmd.category === category)
-      .map(([name, cmd]) => ({ name, ...cmd })),
 };