npm - @vibecheckai/cli - Versions diffs - 3.5.0 → 3.5.1 - Mend

@vibecheckai/cli 3.5.0 → 3.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (326) hide show

package/bin/registry.js +174 -449
package/bin/runners/cli-utils.js +33 -2
package/bin/runners/context/generators/cursor.js +2 -49
package/bin/runners/context/generators/mcp.js +13 -15
package/bin/runners/context/proof-context.js +1 -248
package/bin/runners/lib/analysis-core.js +180 -198
package/bin/runners/lib/analyzers.js +241 -2212
package/bin/runners/lib/cli-output.js +210 -242
package/bin/runners/lib/detectors-v2.js +785 -547
package/bin/runners/lib/entitlements-v2.js +431 -161
package/bin/runners/lib/error-handler.js +9 -16
package/bin/runners/lib/global-flags.js +0 -37
package/bin/runners/lib/html-proof-report.js +700 -350
package/bin/runners/lib/missions/plan.js +6 -46
package/bin/runners/lib/missions/templates.js +0 -232
package/bin/runners/lib/route-truth.js +322 -1167
package/bin/runners/lib/scan-output.js +467 -493
package/bin/runners/lib/ship-output.js +27 -280
package/bin/runners/lib/terminal-ui.js +700 -310
package/bin/runners/lib/truth.js +321 -1004
package/bin/runners/lib/unified-output.js +158 -162
package/bin/runners/lib/upsell.js +204 -104
package/bin/runners/runAIAgent.js +10 -5
package/bin/runners/runAllowlist.js +324 -0
package/bin/runners/runAuth.js +94 -344
package/bin/runners/runCheckpoint.js +45 -43
package/bin/runners/runContext.js +24 -139
package/bin/runners/runDoctor.js +101 -136
package/bin/runners/runEvidencePack.js +219 -0
package/bin/runners/runFix.js +71 -82
package/bin/runners/runGuard.js +119 -606
package/bin/runners/runInit.js +60 -22
package/bin/runners/runInstall.js +281 -0
package/bin/runners/runLabs.js +341 -0
package/bin/runners/runMcp.js +62 -139
package/bin/runners/runPolish.js +83 -282
package/bin/runners/runPromptFirewall.js +12 -5
package/bin/runners/runProve.js +58 -33
package/bin/runners/runReality.js +58 -81
package/bin/runners/runReport.js +7 -34
package/bin/runners/runRuntime.js +8 -5
package/bin/runners/runScan.js +844 -219
package/bin/runners/runShip.js +59 -721
package/bin/runners/runValidate.js +11 -24
package/bin/runners/runWatch.js +76 -131
package/bin/vibecheck.js +69 -295
package/mcp-server/ARCHITECTURE.md +339 -0
package/mcp-server/__tests__/cache.test.ts +313 -0
package/mcp-server/__tests__/executor.test.ts +239 -0
package/mcp-server/__tests__/fixtures/exclusion-test/.cache/webpack/cache.pack +1 -0
package/mcp-server/__tests__/fixtures/exclusion-test/.next/server/chunk.js +3 -0
package/mcp-server/__tests__/fixtures/exclusion-test/.turbo/cache.json +3 -0
package/mcp-server/__tests__/fixtures/exclusion-test/.venv/lib/env.py +3 -0
package/mcp-server/__tests__/fixtures/exclusion-test/dist/bundle.js +3 -0
package/mcp-server/__tests__/fixtures/exclusion-test/package.json +5 -0
package/mcp-server/__tests__/fixtures/exclusion-test/src/app.ts +5 -0
package/mcp-server/__tests__/fixtures/exclusion-test/venv/lib/config.py +4 -0
package/mcp-server/__tests__/ids.test.ts +345 -0
package/mcp-server/__tests__/integration/tools.test.ts +410 -0
package/mcp-server/__tests__/registry.test.ts +365 -0
package/mcp-server/__tests__/sandbox.test.ts +323 -0
package/mcp-server/__tests__/schemas.test.ts +372 -0
package/mcp-server/benchmarks/run-benchmarks.ts +304 -0
package/mcp-server/examples/doctor.request.json +14 -0
package/mcp-server/examples/doctor.response.json +53 -0
package/mcp-server/examples/error.response.json +15 -0
package/mcp-server/examples/scan.request.json +14 -0
package/mcp-server/examples/scan.response.json +108 -0
package/mcp-server/handlers/tool-handler.ts +671 -0
package/mcp-server/index-v1.js +698 -0
package/mcp-server/index-v3.ts +293 -0
package/mcp-server/index.js +1080 -1757
package/mcp-server/index.old.js +4137 -0
package/mcp-server/lib/cache.ts +341 -0
package/mcp-server/lib/errors.ts +346 -0
package/mcp-server/lib/executor.ts +792 -0
package/mcp-server/lib/ids.ts +238 -0
package/mcp-server/lib/logger.ts +368 -0
package/mcp-server/lib/metrics.ts +365 -0
package/mcp-server/lib/sandbox.ts +337 -0
package/mcp-server/lib/validator.ts +229 -0
package/mcp-server/package-lock.json +165 -0
package/mcp-server/package.json +32 -7
package/mcp-server/premium-tools.js +2 -2
package/mcp-server/registry/tools.json +476 -0
package/mcp-server/schemas/error-envelope.schema.json +125 -0
package/mcp-server/schemas/finding.schema.json +167 -0
package/mcp-server/schemas/report-artifact.schema.json +88 -0
package/mcp-server/schemas/run-request.schema.json +75 -0
package/mcp-server/schemas/verdict.schema.json +168 -0
package/mcp-server/tier-auth.d.ts +71 -0
package/mcp-server/tier-auth.js +371 -183
package/mcp-server/truth-context.js +90 -131
package/mcp-server/truth-firewall-tools.js +1000 -1611
package/mcp-server/tsconfig.json +34 -0
package/mcp-server/vibecheck-tools.js +2 -2
package/mcp-server/vitest.config.ts +16 -0
package/package.json +3 -4
package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +0 -474
package/bin/runners/lib/agent-firewall/change-packet/builder.js +0 -488
package/bin/runners/lib/agent-firewall/change-packet/schema.json +0 -228
package/bin/runners/lib/agent-firewall/change-packet/store.js +0 -200
package/bin/runners/lib/agent-firewall/claims/claim-types.js +0 -21
package/bin/runners/lib/agent-firewall/claims/extractor.js +0 -303
package/bin/runners/lib/agent-firewall/claims/patterns.js +0 -24
package/bin/runners/lib/agent-firewall/critic/index.js +0 -151
package/bin/runners/lib/agent-firewall/critic/judge.js +0 -432
package/bin/runners/lib/agent-firewall/critic/prompts.js +0 -305
package/bin/runners/lib/agent-firewall/evidence/auth-evidence.js +0 -88
package/bin/runners/lib/agent-firewall/evidence/contract-evidence.js +0 -75
package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +0 -127
package/bin/runners/lib/agent-firewall/evidence/resolver.js +0 -102
package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +0 -213
package/bin/runners/lib/agent-firewall/evidence/side-effect-evidence.js +0 -145
package/bin/runners/lib/agent-firewall/fs-hook/daemon.js +0 -19
package/bin/runners/lib/agent-firewall/fs-hook/installer.js +0 -87
package/bin/runners/lib/agent-firewall/fs-hook/watcher.js +0 -184
package/bin/runners/lib/agent-firewall/git-hook/pre-commit.js +0 -163
package/bin/runners/lib/agent-firewall/ide-extension/cursor.js +0 -107
package/bin/runners/lib/agent-firewall/ide-extension/vscode.js +0 -68
package/bin/runners/lib/agent-firewall/ide-extension/windsurf.js +0 -66
package/bin/runners/lib/agent-firewall/interceptor/base.js +0 -304
package/bin/runners/lib/agent-firewall/interceptor/cursor.js +0 -35
package/bin/runners/lib/agent-firewall/interceptor/vscode.js +0 -35
package/bin/runners/lib/agent-firewall/interceptor/windsurf.js +0 -34
package/bin/runners/lib/agent-firewall/lawbook/distributor.js +0 -465
package/bin/runners/lib/agent-firewall/lawbook/evaluator.js +0 -604
package/bin/runners/lib/agent-firewall/lawbook/index.js +0 -304
package/bin/runners/lib/agent-firewall/lawbook/registry.js +0 -514
package/bin/runners/lib/agent-firewall/lawbook/schema.js +0 -420
package/bin/runners/lib/agent-firewall/learning/learning-engine.js +0 -849
package/bin/runners/lib/agent-firewall/logger.js +0 -141
package/bin/runners/lib/agent-firewall/policy/default-policy.json +0 -90
package/bin/runners/lib/agent-firewall/policy/engine.js +0 -103
package/bin/runners/lib/agent-firewall/policy/loader.js +0 -451
package/bin/runners/lib/agent-firewall/policy/rules/auth-drift.js +0 -50
package/bin/runners/lib/agent-firewall/policy/rules/contract-drift.js +0 -50
package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +0 -86
package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js +0 -162
package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +0 -189
package/bin/runners/lib/agent-firewall/policy/rules/scope.js +0 -93
package/bin/runners/lib/agent-firewall/policy/rules/unsafe-side-effect.js +0 -57
package/bin/runners/lib/agent-firewall/policy/schema.json +0 -183
package/bin/runners/lib/agent-firewall/policy/verdict.js +0 -54
package/bin/runners/lib/agent-firewall/proposal/extractor.js +0 -394
package/bin/runners/lib/agent-firewall/proposal/index.js +0 -212
package/bin/runners/lib/agent-firewall/proposal/schema.js +0 -251
package/bin/runners/lib/agent-firewall/proposal/validator.js +0 -386
package/bin/runners/lib/agent-firewall/reality/index.js +0 -332
package/bin/runners/lib/agent-firewall/reality/state.js +0 -625
package/bin/runners/lib/agent-firewall/reality/watcher.js +0 -322
package/bin/runners/lib/agent-firewall/risk/index.js +0 -173
package/bin/runners/lib/agent-firewall/risk/scorer.js +0 -328
package/bin/runners/lib/agent-firewall/risk/thresholds.js +0 -321
package/bin/runners/lib/agent-firewall/risk/vectors.js +0 -421
package/bin/runners/lib/agent-firewall/simulator/diff-simulator.js +0 -472
package/bin/runners/lib/agent-firewall/simulator/import-resolver.js +0 -346
package/bin/runners/lib/agent-firewall/simulator/index.js +0 -181
package/bin/runners/lib/agent-firewall/simulator/route-validator.js +0 -380
package/bin/runners/lib/agent-firewall/time-machine/incident-correlator.js +0 -661
package/bin/runners/lib/agent-firewall/time-machine/index.js +0 -267
package/bin/runners/lib/agent-firewall/time-machine/replay-engine.js +0 -436
package/bin/runners/lib/agent-firewall/time-machine/state-reconstructor.js +0 -490
package/bin/runners/lib/agent-firewall/time-machine/timeline-builder.js +0 -530
package/bin/runners/lib/agent-firewall/truthpack/index.js +0 -67
package/bin/runners/lib/agent-firewall/truthpack/loader.js +0 -137
package/bin/runners/lib/agent-firewall/unblock/planner.js +0 -337
package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +0 -118
package/bin/runners/lib/api-client.js +0 -269
package/bin/runners/lib/audit-logger.js +0 -532
package/bin/runners/lib/authority/authorities/architecture.js +0 -364
package/bin/runners/lib/authority/authorities/compliance.js +0 -341
package/bin/runners/lib/authority/authorities/human.js +0 -343
package/bin/runners/lib/authority/authorities/quality.js +0 -420
package/bin/runners/lib/authority/authorities/security.js +0 -228
package/bin/runners/lib/authority/index.js +0 -293
package/bin/runners/lib/authority-badge.js +0 -425
package/bin/runners/lib/bundle/bundle-intelligence.js +0 -846
package/bin/runners/lib/cli-charts.js +0 -368
package/bin/runners/lib/cli-config-display.js +0 -405
package/bin/runners/lib/cli-demo.js +0 -275
package/bin/runners/lib/cli-errors.js +0 -438
package/bin/runners/lib/cli-help-formatter.js +0 -439
package/bin/runners/lib/cli-interactive-menu.js +0 -509
package/bin/runners/lib/cli-prompts.js +0 -441
package/bin/runners/lib/cli-scan-cards.js +0 -362
package/bin/runners/lib/compliance-reporter.js +0 -710
package/bin/runners/lib/conductor/index.js +0 -671
package/bin/runners/lib/easy/README.md +0 -123
package/bin/runners/lib/easy/index.js +0 -140
package/bin/runners/lib/easy/interactive-wizard.js +0 -788
package/bin/runners/lib/easy/one-click-firewall.js +0 -564
package/bin/runners/lib/easy/zero-config-reality.js +0 -714
package/bin/runners/lib/engines/accessibility-engine.js +0 -390
package/bin/runners/lib/engines/api-consistency-engine.js +0 -467
package/bin/runners/lib/engines/ast-cache.js +0 -99
package/bin/runners/lib/engines/async-patterns-engine.js +0 -444
package/bin/runners/lib/engines/bundle-size-engine.js +0 -433
package/bin/runners/lib/engines/code-quality-engine.js +0 -255
package/bin/runners/lib/engines/confidence-scoring.js +0 -276
package/bin/runners/lib/engines/console-logs-engine.js +0 -115
package/bin/runners/lib/engines/context-detection.js +0 -264
package/bin/runners/lib/engines/cross-file-analysis-engine.js +0 -533
package/bin/runners/lib/engines/database-patterns-engine.js +0 -429
package/bin/runners/lib/engines/dead-code-engine.js +0 -198
package/bin/runners/lib/engines/deprecated-api-engine.js +0 -226
package/bin/runners/lib/engines/duplicate-code-engine.js +0 -354
package/bin/runners/lib/engines/empty-catch-engine.js +0 -260
package/bin/runners/lib/engines/env-variables-engine.js +0 -458
package/bin/runners/lib/engines/error-handling-engine.js +0 -437
package/bin/runners/lib/engines/false-positive-prevention.js +0 -630
package/bin/runners/lib/engines/file-filter.js +0 -131
package/bin/runners/lib/engines/framework-adapters/index.js +0 -607
package/bin/runners/lib/engines/framework-detection.js +0 -508
package/bin/runners/lib/engines/hardcoded-secrets-engine.js +0 -251
package/bin/runners/lib/engines/import-order-engine.js +0 -429
package/bin/runners/lib/engines/mock-data-engine.js +0 -315
package/bin/runners/lib/engines/naming-conventions-engine.js +0 -544
package/bin/runners/lib/engines/noise-reduction-engine.js +0 -452
package/bin/runners/lib/engines/orchestrator.js +0 -334
package/bin/runners/lib/engines/parallel-processor.js +0 -71
package/bin/runners/lib/engines/performance-issues-engine.js +0 -405
package/bin/runners/lib/engines/react-patterns-engine.js +0 -457
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +0 -571
package/bin/runners/lib/engines/todo-fixme-engine.js +0 -115
package/bin/runners/lib/engines/type-aware-engine.js +0 -376
package/bin/runners/lib/engines/unsafe-regex-engine.js +0 -225
package/bin/runners/lib/engines/vibecheck-engines/README.md +0 -53
package/bin/runners/lib/engines/vibecheck-engines/index.js +0 -124
package/bin/runners/lib/engines/vibecheck-engines/lib/ai-hallucination-engine.js +0 -806
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +0 -439
package/bin/runners/lib/engines/vibecheck-engines/lib/smart-fix-engine.js +0 -577
package/bin/runners/lib/engines/vibecheck-engines/lib/vibe-score-engine.js +0 -543
package/bin/runners/lib/engines/vibecheck-engines/package.json +0 -13
package/bin/runners/lib/engines/vibecheck-engines.js +0 -514
package/bin/runners/lib/enhanced-features/index.js +0 -305
package/bin/runners/lib/enhanced-output.js +0 -631
package/bin/runners/lib/enterprise.js +0 -300
package/bin/runners/lib/exit-codes.js +0 -275
package/bin/runners/lib/fingerprint.js +0 -377
package/bin/runners/lib/firewall/command-validator.js +0 -351
package/bin/runners/lib/firewall/config.js +0 -341
package/bin/runners/lib/firewall/content-validator.js +0 -519
package/bin/runners/lib/firewall/index.js +0 -101
package/bin/runners/lib/firewall/path-validator.js +0 -256
package/bin/runners/lib/help-formatter.js +0 -413
package/bin/runners/lib/intelligence/cross-repo-intelligence.js +0 -817
package/bin/runners/lib/logger.js +0 -38
package/bin/runners/lib/mcp-utils.js +0 -425
package/bin/runners/lib/output/index.js +0 -1022
package/bin/runners/lib/policy-engine.js +0 -652
package/bin/runners/lib/polish/autofix/accessibility-fixes.js +0 -333
package/bin/runners/lib/polish/autofix/async-handlers.js +0 -273
package/bin/runners/lib/polish/autofix/dead-code.js +0 -280
package/bin/runners/lib/polish/autofix/imports-optimizer.js +0 -344
package/bin/runners/lib/polish/autofix/index.js +0 -200
package/bin/runners/lib/polish/autofix/remove-consoles.js +0 -209
package/bin/runners/lib/polish/autofix/strengthen-types.js +0 -245
package/bin/runners/lib/polish/backend-checks.js +0 -148
package/bin/runners/lib/polish/documentation-checks.js +0 -111
package/bin/runners/lib/polish/frontend-checks.js +0 -168
package/bin/runners/lib/polish/index.js +0 -71
package/bin/runners/lib/polish/infrastructure-checks.js +0 -131
package/bin/runners/lib/polish/library-detection.js +0 -175
package/bin/runners/lib/polish/performance-checks.js +0 -100
package/bin/runners/lib/polish/security-checks.js +0 -148
package/bin/runners/lib/polish/utils.js +0 -203
package/bin/runners/lib/prompt-builder.js +0 -540
package/bin/runners/lib/proof-certificate.js +0 -634
package/bin/runners/lib/reality/accessibility-audit.js +0 -946
package/bin/runners/lib/reality/api-contract-validator.js +0 -1012
package/bin/runners/lib/reality/chaos-engineering.js +0 -1084
package/bin/runners/lib/reality/performance-tracker.js +0 -1077
package/bin/runners/lib/reality/scenario-generator.js +0 -1404
package/bin/runners/lib/reality/visual-regression.js +0 -852
package/bin/runners/lib/reality-profiler.js +0 -717
package/bin/runners/lib/replay/flight-recorder-viewer.js +0 -1160
package/bin/runners/lib/review/ai-code-review.js +0 -832
package/bin/runners/lib/rules/custom-rule-engine.js +0 -985
package/bin/runners/lib/sbom-generator.js +0 -641
package/bin/runners/lib/scan-output-enhanced.js +0 -512
package/bin/runners/lib/security/owasp-scanner.js +0 -939
package/bin/runners/lib/ship-output-enterprise.js +0 -239
package/bin/runners/lib/unified-cli-output.js +0 -777
package/bin/runners/lib/validators/contract-validator.js +0 -283
package/bin/runners/lib/validators/dead-export-detector.js +0 -279
package/bin/runners/lib/validators/dep-audit.js +0 -245
package/bin/runners/lib/validators/env-validator.js +0 -319
package/bin/runners/lib/validators/index.js +0 -120
package/bin/runners/lib/validators/license-checker.js +0 -252
package/bin/runners/lib/validators/route-validator.js +0 -290
package/bin/runners/runAgent.d.ts +0 -5
package/bin/runners/runAgent.js +0 -164
package/bin/runners/runApprove.js +0 -1233
package/bin/runners/runAuthority.js +0 -528
package/bin/runners/runClassify.js +0 -862
package/bin/runners/runConductor.js +0 -772
package/bin/runners/runContainer.js +0 -366
package/bin/runners/runContext.d.ts +0 -4
package/bin/runners/runEasy.js +0 -410
package/bin/runners/runFirewall.d.ts +0 -5
package/bin/runners/runFirewall.js +0 -137
package/bin/runners/runFirewallHook.d.ts +0 -5
package/bin/runners/runFirewallHook.js +0 -59
package/bin/runners/runIaC.js +0 -372
package/bin/runners/runPolish.d.ts +0 -4
package/bin/runners/runProof.zip +0 -0
package/bin/runners/runTruth.d.ts +0 -5
package/bin/runners/runTruth.js +0 -104
package/bin/runners/runVibe.js +0 -791
package/mcp-server/HARDENING_SUMMARY.md +0 -299
package/mcp-server/agent-firewall-interceptor.js +0 -500
package/mcp-server/authority-tools.js +0 -569
package/mcp-server/conductor/conflict-resolver.js +0 -588
package/mcp-server/conductor/execution-planner.js +0 -544
package/mcp-server/conductor/index.js +0 -377
package/mcp-server/conductor/lock-manager.js +0 -615
package/mcp-server/conductor/request-queue.js +0 -550
package/mcp-server/conductor/session-manager.js +0 -500
package/mcp-server/conductor/tools.js +0 -510
package/mcp-server/lib/api-client.cjs +0 -13
package/mcp-server/lib/logger.cjs +0 -30
package/mcp-server/logger.js +0 -173
package/mcp-server/tools-v3.js +0 -1039
package/mcp-server/tools.js +0 -495
package/mcp-server/vibecheck-mcp-server-3.2.0.tgz +0 -0

package/bin/runners/lib/agent-firewall/time-machine/incident-correlator.js DELETED Viewed

@@ -1,661 +0,0 @@
-/**
- * Time Machine Incident Correlator
- *
- * Links incidents to their causal chain.
- * Finds the "first bad change" that led to problems.
- *
- * Codename: Time Machine
- */
-"use strict";
-const fs = require("fs");
-const path = require("path");
-/**
- * @typedef {Object} Incident
- * @property {string} id - Incident ID
- * @property {string} title - Incident title
- * @property {string} description - Incident description
- * @property {Date} reportedAt - When reported
- * @property {string} severity - Incident severity
- * @property {string[]} affectedFiles - Files affected
- * @property {string[]} affectedServices - Services affected
- * @property {string} status - open, investigating, resolved
- */
-/**
- * @typedef {Object} CausalLink
- * @property {string} fromEvent - Source event ID
- * @property {string} toEvent - Target event ID
- * @property {string} relationship - Type of causal relationship
- * @property {number} confidence - Confidence score (0-1)
- * @property {string[]} evidence - Evidence supporting the link
- */
-/**
- * @typedef {Object} IncidentReport
- * @property {Incident} incident - The incident
- * @property {Object[]} causalChain - Chain of events leading to incident
- * @property {Object} rootCause - Identified root cause
- * @property {Object[]} contributingFactors - Other contributing events
- * @property {Object} recommendations - Recommendations to prevent recurrence
- * @property {Date} generatedAt - When report was generated
- */
-/**
- * Relationship types for causal links
- */
-const RELATIONSHIP_TYPES = {
-  DIRECT_CAUSE: "direct_cause",       // A directly caused B
-  CONTRIBUTING: "contributing",        // A contributed to B
-  CORRELATING: "correlating",          // A and B happened together
-  OVERRIDE_LED_TO: "override_led_to",  // Override led to issue
-  HIGH_RISK_CHANGE: "high_risk_change", // High risk change preceded issue
-};
-/**
- * Incident Correlator class
- */
-class IncidentCorrelator {
-  constructor(options = {}) {
-    this.projectRoot = options.projectRoot || process.cwd();
-    this.incidentsDir = path.join(this.projectRoot, ".vibecheck", "incidents");
-    this.packetsDir = path.join(this.projectRoot, ".vibecheck", "packets");
-    this.auditDir = path.join(this.projectRoot, ".vibecheck", "audit");
-    // Correlation settings
-    this.lookbackWindow = options.lookbackWindow || 24 * 60 * 60 * 1000; // 24 hours
-    this.minConfidence = options.minConfidence || 0.5;
-  }
-  /**
-   * Record a new incident
-   * @param {Object} incidentData - Incident data
-   * @returns {Incident} Created incident
-   */
-  recordIncident(incidentData) {
-    const incident = {
-      id: incidentData.id || `INC-${Date.now()}-${Math.random().toString(36).slice(2, 6).toUpperCase()}`,
-      title: incidentData.title || "Unnamed incident",
-      description: incidentData.description || "",
-      reportedAt: new Date().toISOString(),
-      severity: incidentData.severity || "medium",
-      affectedFiles: incidentData.affectedFiles || [],
-      affectedServices: incidentData.affectedServices || [],
-      status: "open",
-      metadata: incidentData.metadata || {},
-    };
-    // Save incident
-    this.saveIncident(incident);
-    return incident;
-  }
-  /**
-   * Save an incident to disk
-   * @param {Incident} incident - Incident to save
-   */
-  saveIncident(incident) {
-    if (!fs.existsSync(this.incidentsDir)) {
-      fs.mkdirSync(this.incidentsDir, { recursive: true });
-    }
-    // Save as individual file
-    fs.writeFileSync(
-      path.join(this.incidentsDir, `${incident.id}.json`),
-      JSON.stringify(incident, null, 2)
-    );
-    // Also append to incidents log
-    const logPath = path.join(this.incidentsDir, "incidents.jsonl");
-    fs.appendFileSync(logPath, JSON.stringify(incident) + "\n");
-  }
-  /**
-   * Load an incident by ID
-   * @param {string} incidentId - Incident ID
-   * @returns {Incident|null} Incident or null
-   */
-  loadIncident(incidentId) {
-    const incidentPath = path.join(this.incidentsDir, `${incidentId}.json`);
-    if (fs.existsSync(incidentPath)) {
-      try {
-        return JSON.parse(fs.readFileSync(incidentPath, "utf-8"));
-      } catch {
-        return null;
-      }
-    }
-    return null;
-  }
-  /**
-   * Correlate an incident with firewall events
-   * @param {string} incidentId - Incident ID
-   * @param {Object} options - Correlation options
-   * @returns {IncidentReport} Incident report
-   */
-  async correlateIncident(incidentId, options = {}) {
-    const incident = this.loadIncident(incidentId);
-    if (!incident) {
-      throw new Error(`Incident ${incidentId} not found`);
-    }
-    const lookback = options.lookbackWindow || this.lookbackWindow;
-    const incidentTime = new Date(incident.reportedAt);
-    const lookbackTime = new Date(incidentTime.getTime() - lookback);
-    // Load events in the lookback window
-    const events = await this.loadEventsInWindow(lookbackTime, incidentTime);
-    // Filter to events affecting the same files/services
-    const relevantEvents = this.filterRelevantEvents(events, incident);
-    // Build causal chain
-    const causalChain = this.buildCausalChain(relevantEvents, incident);
-    // Identify root cause
-    const rootCause = this.identifyRootCause(causalChain, relevantEvents);
-    // Find contributing factors
-    const contributingFactors = this.findContributingFactors(relevantEvents, rootCause);
-    // Generate recommendations
-    const recommendations = this.generateRecommendations(incident, rootCause, contributingFactors);
-    const report = {
-      incident,
-      causalChain,
-      rootCause,
-      contributingFactors,
-      recommendations,
-      eventsAnalyzed: events.length,
-      relevantEvents: relevantEvents.length,
-      generatedAt: new Date().toISOString(),
-    };
-    // Save report
-    this.saveReport(incidentId, report);
-    return report;
-  }
-  /**
-   * Load events in a time window
-   * @param {Date} start - Start time
-   * @param {Date} end - End time
-   * @returns {Object[]} Events
-   */
-  async loadEventsInWindow(start, end) {
-    const events = [];
-    // Load from firewall audit
-    const firewallLog = path.join(this.auditDir, "firewall-events.jsonl");
-    if (fs.existsSync(firewallLog)) {
-      const content = fs.readFileSync(firewallLog, "utf-8");
-      const lines = content.trim().split("\n").filter(l => l);
-      for (const line of lines) {
-        try {
-          const event = JSON.parse(line);
-          const eventTime = new Date(event.timestamp);
-          if (eventTime >= start && eventTime <= end) {
-            events.push({
-              ...event,
-              source: "firewall",
-            });
-          }
-        } catch {
-          // Skip invalid lines
-        }
-      }
-    }
-    // Load from change packets
-    if (fs.existsSync(this.packetsDir)) {
-      const packets = fs.readdirSync(this.packetsDir)
-        .filter(f => f.endsWith(".json"));
-      for (const packetFile of packets) {
-        try {
-          const packet = JSON.parse(
-            fs.readFileSync(path.join(this.packetsDir, packetFile), "utf-8")
-          );
-          const packetTime = new Date(packet.timestamp || packet.createdAt);
-          if (packetTime >= start && packetTime <= end) {
-            events.push({
-              ...packet,
-              source: "packet",
-            });
-          }
-        } catch {
-          // Skip invalid packets
-        }
-      }
-    }
-    // Sort by timestamp
-    events.sort((a, b) =>
-      new Date(a.timestamp).getTime() - new Date(b.timestamp).getTime()
-    );
-    return events;
-  }
-  /**
-   * Filter events relevant to an incident
-   * @param {Object[]} events - All events
-   * @param {Incident} incident - The incident
-   * @returns {Object[]} Relevant events
-   */
-  filterRelevantEvents(events, incident) {
-    const affectedFiles = new Set(incident.affectedFiles || []);
-    const affectedServices = new Set(incident.affectedServices || []);
-    return events.filter(event => {
-      // Check file match
-      const eventFiles = this.extractFilesFromEvent(event);
-      const hasFileMatch = eventFiles.some(f => {
-        for (const affected of affectedFiles) {
-          if (f.includes(affected) || affected.includes(f)) {
-            return true;
-          }
-        }
-        return false;
-      });
-      if (hasFileMatch) return true;
-      // Check service match
-      const eventServices = event.services || [];
-      const hasServiceMatch = eventServices.some(s => affectedServices.has(s));
-      if (hasServiceMatch) return true;
-      // Include high-risk events
-      if ((event.riskScore || 0) >= 70) return true;
-      // Include overrides
-      if (event.overrideUsed || event.proof?.overrideUsed) return true;
-      return false;
-    });
-  }
-  /**
-   * Extract files from an event
-   * @param {Object} event - Event
-   * @returns {string[]} Files
-   */
-  extractFilesFromEvent(event) {
-    const files = [];
-    if (event.file) files.push(event.file);
-    if (event.filePath) files.push(event.filePath);
-    for (const op of event.operations || []) {
-      if (op.path) files.push(op.path);
-      if (op.file) files.push(op.file);
-    }
-    return files;
-  }
-  /**
-   * Build causal chain from events to incident
-   * @param {Object[]} events - Relevant events
-   * @param {Incident} incident - The incident
-   * @returns {CausalLink[]} Causal chain
-   */
-  buildCausalChain(events, incident) {
-    const chain = [];
-    // Sort events by time (newest last)
-    const sorted = [...events].sort((a, b) =>
-      new Date(a.timestamp).getTime() - new Date(b.timestamp).getTime()
-    );
-    // Find events that could have caused the incident
-    for (const event of sorted) {
-      const confidence = this.calculateCausalConfidence(event, incident);
-      if (confidence >= this.minConfidence) {
-        const link = {
-          fromEvent: event.id || event.changeId,
-          toEvent: incident.id,
-          relationship: this.determineRelationship(event, incident),
-          confidence,
-          evidence: this.gatherEvidence(event, incident),
-          timestamp: event.timestamp,
-        };
-        chain.push(link);
-      }
-    }
-    // Link events to each other in the chain
-    for (let i = 0; i < chain.length - 1; i++) {
-      // Check if earlier events caused later events
-      const earlier = events.find(e => e.id === chain[i].fromEvent);
-      const later = events.find(e => e.id === chain[i + 1].fromEvent);
-      if (earlier && later && this.eventsCausally Related(earlier, later)) {
-        chain.splice(i + 1, 0, {
-          fromEvent: chain[i].fromEvent,
-          toEvent: chain[i + 1].fromEvent,
-          relationship: RELATIONSHIP_TYPES.CONTRIBUTING,
-          confidence: 0.6,
-          evidence: ["Events affected same files"],
-        });
-      }
-    }
-    return chain;
-  }
-  /**
-   * Check if two events are causally related
-   * @param {Object} earlier - Earlier event
-   * @param {Object} later - Later event
-   * @returns {boolean} Are related
-   */
-  eventsCausallyRelated(earlier, later) {
-    // Same file affected
-    const earlierFiles = new Set(this.extractFilesFromEvent(earlier));
-    const laterFiles = this.extractFilesFromEvent(later);
-    return laterFiles.some(f => earlierFiles.has(f));
-  }
-  /**
-   * Calculate confidence that event caused incident
-   * @param {Object} event - Event
-   * @param {Incident} incident - Incident
-   * @returns {number} Confidence score
-   */
-  calculateCausalConfidence(event, incident) {
-    let confidence = 0;
-    // Override events are highly suspicious
-    if (event.overrideUsed || event.proof?.overrideUsed) {
-      confidence += 0.4;
-    }
-    // High risk score
-    const riskScore = event.riskScore || event.proof?.riskScore || 0;
-    if (riskScore >= 70) {
-      confidence += 0.3;
-    } else if (riskScore >= 50) {
-      confidence += 0.2;
-    }
-    // File match
-    const eventFiles = this.extractFilesFromEvent(event);
-    const hasFileMatch = eventFiles.some(f =>
-      incident.affectedFiles?.some(af => f.includes(af) || af.includes(f))
-    );
-    if (hasFileMatch) {
-      confidence += 0.3;
-    }
-    // Temporal proximity (closer = more likely)
-    const eventTime = new Date(event.timestamp).getTime();
-    const incidentTime = new Date(incident.reportedAt).getTime();
-    const hoursBefore = (incidentTime - eventTime) / (1000 * 60 * 60);
-    if (hoursBefore <= 1) {
-      confidence += 0.2;
-    } else if (hoursBefore <= 6) {
-      confidence += 0.1;
-    }
-    return Math.min(confidence, 1);
-  }
-  /**
-   * Determine the relationship type between event and incident
-   * @param {Object} event - Event
-   * @param {Incident} incident - Incident
-   * @returns {string} Relationship type
-   */
-  determineRelationship(event, incident) {
-    if (event.overrideUsed || event.proof?.overrideUsed) {
-      return RELATIONSHIP_TYPES.OVERRIDE_LED_TO;
-    }
-    const riskScore = event.riskScore || event.proof?.riskScore || 0;
-    if (riskScore >= 70) {
-      return RELATIONSHIP_TYPES.HIGH_RISK_CHANGE;
-    }
-    const eventFiles = this.extractFilesFromEvent(event);
-    const hasFileMatch = eventFiles.some(f =>
-      incident.affectedFiles?.some(af => f.includes(af) || af.includes(f))
-    );
-    if (hasFileMatch) {
-      return RELATIONSHIP_TYPES.DIRECT_CAUSE;
-    }
-    return RELATIONSHIP_TYPES.CONTRIBUTING;
-  }
-  /**
-   * Gather evidence for a causal link
-   * @param {Object} event - Event
-   * @param {Incident} incident - Incident
-   * @returns {string[]} Evidence
-   */
-  gatherEvidence(event, incident) {
-    const evidence = [];
-    if (event.overrideUsed || event.proof?.overrideUsed) {
-      evidence.push(`Override was used: ${event.proof?.overrideReason || "No reason given"}`);
-    }
-    const riskScore = event.riskScore || event.proof?.riskScore || 0;
-    if (riskScore > 0) {
-      evidence.push(`Risk score was ${riskScore}`);
-    }
-    const eventFiles = this.extractFilesFromEvent(event);
-    const matchingFiles = eventFiles.filter(f =>
-      incident.affectedFiles?.some(af => f.includes(af) || af.includes(f))
-    );
-    if (matchingFiles.length > 0) {
-      evidence.push(`Modified files: ${matchingFiles.join(", ")}`);
-    }
-    if (event.verdict === "BLOCK") {
-      evidence.push("Change was initially blocked by firewall");
-    }
-    return evidence;
-  }
-  /**
-   * Identify the root cause from the causal chain
-   * @param {CausalLink[]} chain - Causal chain
-   * @param {Object[]} events - All relevant events
-   * @returns {Object|null} Root cause
-   */
-  identifyRootCause(chain, events) {
-    if (chain.length === 0) return null;
-    // Sort by confidence and find the first event (chronologically) with high confidence
-    const highConfidence = chain
-      .filter(link => link.confidence >= 0.7)
-      .sort((a, b) => new Date(a.timestamp).getTime() - new Date(b.timestamp).getTime());
-    if (highConfidence.length > 0) {
-      const rootLink = highConfidence[0];
-      const rootEvent = events.find(e =>
-        e.id === rootLink.fromEvent || e.changeId === rootLink.fromEvent
-      );
-      return {
-        event: rootEvent,
-        link: rootLink,
-        reason: `First high-confidence change (${Math.round(rootLink.confidence * 100)}%)`,
-      };
-    }
-    // Fall back to the first event in the chain
-    const firstLink = chain[0];
-    const firstEvent = events.find(e =>
-      e.id === firstLink.fromEvent || e.changeId === firstLink.fromEvent
-    );
-    return {
-      event: firstEvent,
-      link: firstLink,
-      reason: "First change in causal chain",
-    };
-  }
-  /**
-   * Find contributing factors beyond root cause
-   * @param {Object[]} events - All relevant events
-   * @param {Object} rootCause - Identified root cause
-   * @returns {Object[]} Contributing factors
-   */
-  findContributingFactors(events, rootCause) {
-    if (!rootCause) return [];
-    return events
-      .filter(e => {
-        const eventId = e.id || e.changeId;
-        return eventId !== rootCause.link?.fromEvent;
-      })
-      .filter(e => {
-        // Include events with some risk
-        const riskScore = e.riskScore || e.proof?.riskScore || 0;
-        return riskScore >= 30 || e.overrideUsed || e.proof?.overrideUsed;
-      })
-      .slice(0, 5); // Limit to top 5
-  }
-  /**
-   * Generate recommendations based on analysis
-   * @param {Incident} incident - The incident
-   * @param {Object} rootCause - Root cause
-   * @param {Object[]} contributingFactors - Contributing factors
-   * @returns {Object} Recommendations
-   */
-  generateRecommendations(incident, rootCause, contributingFactors) {
-    const recommendations = {
-      immediate: [],
-      shortTerm: [],
-      longTerm: [],
-    };
-    if (rootCause?.event?.overrideUsed || rootCause?.event?.proof?.overrideUsed) {
-      recommendations.immediate.push({
-        action: "Review override policy",
-        reason: "Incident was caused by an overridden firewall block",
-        priority: "high",
-      });
-      recommendations.shortTerm.push({
-        action: "Add invariant rule to prevent similar overrides",
-        reason: `Consider blocking changes to ${incident.affectedFiles?.join(", ")}`,
-        priority: "medium",
-      });
-    }
-    const highRiskChanges = contributingFactors.filter(e =>
-      (e.riskScore || e.proof?.riskScore || 0) >= 70
-    );
-    if (highRiskChanges.length > 0) {
-      recommendations.immediate.push({
-        action: "Review high-risk changes",
-        reason: `${highRiskChanges.length} high-risk changes preceded this incident`,
-        priority: "high",
-      });
-    }
-    recommendations.longTerm.push({
-      action: "Add automated tests for affected functionality",
-      reason: "Prevent regression of the fixed issue",
-      priority: "medium",
-    });
-    if (incident.affectedFiles?.length > 0) {
-      recommendations.longTerm.push({
-        action: `Consider protecting ${incident.affectedFiles[0]}`,
-        reason: "Add to lawbook as a sensitive file",
-        priority: "low",
-      });
-    }
-    return recommendations;
-  }
-  /**
-   * Save an incident report
-   * @param {string} incidentId - Incident ID
-   * @param {IncidentReport} report - Report to save
-   */
-  saveReport(incidentId, report) {
-    const reportsDir = path.join(this.incidentsDir, "reports");
-    if (!fs.existsSync(reportsDir)) {
-      fs.mkdirSync(reportsDir, { recursive: true });
-    }
-    fs.writeFileSync(
-      path.join(reportsDir, `${incidentId}-report.json`),
-      JSON.stringify(report, null, 2)
-    );
-  }
-  /**
-   * Get all incidents
-   * @returns {Incident[]} All incidents
-   */
-  getAllIncidents() {
-    const incidents = [];
-    if (!fs.existsSync(this.incidentsDir)) {
-      return incidents;
-    }
-    const files = fs.readdirSync(this.incidentsDir)
-      .filter(f => f.endsWith(".json") && !f.includes("-report"));
-    for (const file of files) {
-      try {
-        const incident = JSON.parse(
-          fs.readFileSync(path.join(this.incidentsDir, file), "utf-8")
-        );
-        incidents.push(incident);
-      } catch {
-        // Skip invalid files
-      }
-    }
-    return incidents.sort((a, b) =>
-      new Date(b.reportedAt).getTime() - new Date(a.reportedAt).getTime()
-    );
-  }
-}
-/**
- * Create an incident correlator instance
- * @param {Object} options - Options
- * @returns {IncidentCorrelator} Incident correlator
- */
-function createIncidentCorrelator(options = {}) {
-  return new IncidentCorrelator(options);
-}
-module.exports = { IncidentCorrelator, createIncidentCorrelator, RELATIONSHIP_TYPES };