@vibecheckai/cli 3.5.0 → 3.5.2

package/bin/runners/lib/unified-output.js

@@ -123,20 +123,17 @@ function renderVerdict(verdictData, options = {}) {
     lines.push(chalk.gray(BOX.v) + chalk.gray(tBot) + chalk.gray(BOX.v));
     lines.push(chalk.gray(BOX.v) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.v));
 
-    // UPSELL (REDACTED STYLE)
+    // AUTO-FIX PROMPT
     lines.push(chalk.gray(BOX.trT + BOX.h.repeat(WIDTH - 2) + BOX.tlT));
-    const lockTitle = chalk.white.bold('🔒 DEEP SCAN ANALYSIS: ') + chalk.gray('UNAVAILABLE');
-    lines.push(chalk.gray(BOX.v) + padCenter(lockTitle, WIDTH + 9) + chalk.gray(BOX.v));
+    const fixTitle = chalk.white.bold('⚡ AUTO-FIX AVAILABLE');
+    lines.push(chalk.gray(BOX.v) + padCenter(fixTitle, WIDTH + 9) + chalk.gray(BOX.v));
     lines.push(chalk.gray(BOX.v) + padCenter(chalk.gray('─'.repeat(60)), WIDTH + 9) + chalk.gray(BOX.v));
     
-    // Redacted lines
-    ['Runtime API Schema Validation', 'Live Auth Boundary Verification', 'Env Config Resolution'].forEach(txt => {
-       const line = chalk.dim(`░░ [REDACTED] 🔒 ${txt}`);
-       lines.push(chalk.gray(BOX.v) + padCenter(line, WIDTH + 9) + chalk.gray(BOX.v));
-    });
+    // Fix options
+    lines.push(chalk.gray(BOX.v) + padCenter(chalk.dim('Run ') + chalk.cyan('vibecheck scan --autofix') + chalk.dim(' to apply fixes'), WIDTH + 9) + chalk.gray(BOX.v));
+    lines.push(chalk.gray(BOX.v) + padCenter(chalk.dim('Run ') + chalk.cyan('vibecheck fix') + chalk.dim(' to generate AI fix missions'), WIDTH + 9) + chalk.gray(BOX.v));
     
     lines.push(chalk.gray(BOX.v) + ' '.repeat(WIDTH - 2) + chalk.gray(BOX.v));
-    lines.push(chalk.gray(BOX.v) + padCenter('Run ' + chalk.cyan('vibecheck upgrade pro') + ' to unlock.', WIDTH + 9) + chalk.gray(BOX.v));
   }
 
   // BOTTOM FRAME
@@ -152,6 +149,13 @@ function renderVerdict(verdictData, options = {}) {
 
 function formatScanOutput(result, options = {}) {
   const { json = false } = options;
+  
+  // Sort findings deterministically for stable output
+  if (result.findings && Array.isArray(result.findings)) {
+    const { sortFindings } = require('./finding-sorter');
+    result.findings = sortFindings(result.findings);
+  }
+  
   if (json) return JSON.stringify(result, null, 2);
   return renderVerdict(result, options);
 }

package/bin/runners/runAIAgent.js

@@ -5,11 +5,16 @@
 const fs = require("fs");
 const path = require("path");
 
-// Terminal UI - Import from shared module
-const { c } = require("./lib/terminal-ui");
-
-// Unified Output System
-const { output } = require("./lib/output/index.js");
+const c = {
+  reset: "\x1b[0m",
+  bold: "\x1b[1m",
+  dim: "\x1b[2m",
+  green: "\x1b[32m",
+  yellow: "\x1b[33m",
+  red: "\x1b[31m",
+  cyan: "\x1b[36m",
+  magenta: "\x1b[35m",
+};
 
 function parseArgs(args) {
   const opts = {

package/bin/runners/runAgent.js

@@ -10,9 +10,6 @@ const fs = require("fs");
 const path = require("path");
 const { loadPolicy } = require("./lib/agent-firewall/policy/loader");
 
-// Unified Output System
-const { output } = require("./lib/output/index.js");
-
 /**
  * Run agent command
  * @param {object} options - Command options

package/bin/runners/runAllowlist.js

@@ -0,0 +1,389 @@
+/**
+ * vibecheck allowlist - Manage Finding Allowlist
+ *
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * Manage allowlist entries to suppress known false positives.
+ * Entries persist in .vibecheck/allowlist.json
+ * ═══════════════════════════════════════════════════════════════════════════════
+ */
+
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+
+// Colors
+const c = {
+  reset: '\x1b[0m',
+  bold: '\x1b[1m',
+  dim: '\x1b[2m',
+  green: '\x1b[32m',
+  yellow: '\x1b[33m',
+  cyan: '\x1b[36m',
+  red: '\x1b[31m',
+};
+
+const rgb = (r, g, b) => `\x1b[38;2;${r};${g};${b}m`;
+
+const colors = {
+  accent: rgb(0, 212, 255),
+  success: rgb(16, 185, 129),
+  warning: rgb(245, 158, 11),
+  error: rgb(239, 68, 68),
+};
+
+const ICONS = {
+  allow: '✓',
+  block: '✗',
+  list: '📋',
+  add: '+',
+  remove: '-',
+};
+
+function printHelp() {
+  console.log(`
+  ${c.bold}vibecheck allowlist${c.reset} - Manage Finding Allowlist
+
+  ${c.bold}Usage:${c.reset} vibecheck allowlist <action> [options]
+
+  ${c.bold}Actions:${c.reset}
+    ${colors.accent}list${c.reset}                   Show all allowlist entries ${c.dim}(default)${c.reset}
+    ${colors.accent}add${c.reset}                    Add entry to allowlist
+    ${colors.accent}remove${c.reset}                 Remove entry from allowlist
+    ${colors.accent}check${c.reset}                  Check if finding is allowlisted
+    ${colors.accent}clear${c.reset}                  Remove all allowlist entries
+
+  ${c.bold}Options (add):${c.reset}
+    ${colors.accent}--id <finding-id>${c.reset}      Finding ID to allowlist
+    ${colors.accent}--pattern <regex>${c.reset}      Pattern to match (message, file, category)
+    ${colors.accent}--reason <text>${c.reset}        Reason for allowlisting ${c.dim}(required)${c.reset}
+    ${colors.accent}--scope <scope>${c.reset}        Scope: global, file, line ${c.dim}(default: global)${c.reset}
+    ${colors.accent}--expires <days>${c.reset}       Auto-expire after N days
+    ${colors.accent}--file <path>${c.reset}          File scope (for scope=file|line)
+    ${colors.accent}--lines <start-end>${c.reset}    Line range (for scope=line)
+
+  ${c.bold}Options (remove/check):${c.reset}
+    ${colors.accent}--id <entry-id>${c.reset}        Allowlist entry ID
+
+  ${c.bold}Global Options:${c.reset}
+    ${colors.accent}--json${c.reset}                 Output as JSON
+    ${colors.accent}--help, -h${c.reset}             Show this help
+
+  ${c.bold}Examples:${c.reset}
+    ${c.dim}# List all allowlist entries${c.reset}
+    vibecheck allowlist list
+
+    ${c.dim}# Add specific finding to allowlist${c.reset}
+    vibecheck allowlist add --id MOCK_DATA_abc123 --reason "Test fixture data"
+
+    ${c.dim}# Add pattern-based allowlist${c.reset}
+    vibecheck allowlist add --pattern "lorem ipsum" --reason "Placeholder text"
+
+    ${c.dim}# Add file-scoped allowlist${c.reset}
+    vibecheck allowlist add --pattern "test data" --scope file --file "src/fixtures.ts" --reason "Test fixtures"
+
+    ${c.dim}# Add with expiration${c.reset}
+    vibecheck allowlist add --id FAKE_xyz --reason "Temporary demo" --expires 7
+
+    ${c.dim}# Remove entry${c.reset}
+    vibecheck allowlist remove --id AL_abc123
+
+    ${c.dim}# Check if finding is allowlisted${c.reset}
+    vibecheck allowlist check --id MOCK_DATA_abc123
+  `);
+}
+
+function loadAllowlist(root) {
+  const allowlistPath = path.join(root, ".vibecheck", "allowlist.json");
+  
+  if (!fs.existsSync(allowlistPath)) {
+    return { version: 1, entries: [] };
+  }
+  
+  try {
+    return JSON.parse(fs.readFileSync(allowlistPath, "utf-8"));
+  } catch {
+    return { version: 1, entries: [] };
+  }
+}
+
+function saveAllowlist(root, allowlist) {
+  const vibecheckDir = path.join(root, ".vibecheck");
+  const allowlistPath = path.join(vibecheckDir, "allowlist.json");
+  
+  fs.mkdirSync(vibecheckDir, { recursive: true });
+  fs.writeFileSync(allowlistPath, JSON.stringify(allowlist, null, 2));
+}
+
+function generateEntryId() {
+  return `AL_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 6)}`;
+}
+
+function isAllowlisted(finding, allowlist, filePath = null) {
+  const now = Date.now();
+  
+  for (const entry of allowlist.entries) {
+    // Check expiration
+    if (entry.expiresAt && new Date(entry.expiresAt).getTime() < now) {
+      continue;
+    }
+    
+    // Check direct ID match
+    if (entry.findingId && finding.id === entry.findingId) {
+      return { allowed: true, reason: entry.reason, entry };
+    }
+    
+    // Check pattern match
+    if (entry.pattern) {
+      const regex = new RegExp(entry.pattern, 'i');
+      const targets = [
+        finding.message,
+        finding.category,
+        finding.file,
+        finding.id,
+      ].filter(Boolean);
+      
+      if (targets.some(t => regex.test(t))) {
+        // Check scope
+        if (entry.scope === 'file' && entry.file) {
+          if (filePath && path.normalize(filePath).includes(path.normalize(entry.file))) {
+            return { allowed: true, reason: entry.reason, entry };
+          }
+        } else if (entry.scope === 'line' && entry.file && entry.lines) {
+          if (filePath && finding.line) {
+            const normalized = path.normalize(filePath);
+            if (normalized.includes(path.normalize(entry.file))) {
+              const [start, end] = entry.lines;
+              if (finding.line >= start && finding.line <= end) {
+                return { allowed: true, reason: entry.reason, entry };
+              }
+            }
+          }
+        } else {
+          // Global scope
+          return { allowed: true, reason: entry.reason, entry };
+        }
+      }
+    }
+  }
+  
+  return { allowed: false };
+}
+
+async function runAllowlist(args = [], context = {}) {
+  // Parse arguments
+  const getArg = (flags) => {
+    for (const f of flags) {
+      const idx = args.indexOf(f);
+      if (idx !== -1 && idx < args.length - 1) return args[idx + 1];
+    }
+    return undefined;
+  };
+  
+  const hasFlag = (flags) => flags.some(f => args.includes(f));
+
+  if (hasFlag(["--help", "-h"])) {
+    printHelp();
+    return 0;
+  }
+
+  const root = context.repoRoot || process.cwd();
+  const json = hasFlag(["--json"]);
+  const quiet = hasFlag(["--quiet", "-q"]);
+  
+  // Get action (first positional arg)
+  const action = args.find(a => !a.startsWith("-") && !getArg([a])) || "list";
+
+  try {
+    switch (action) {
+      case "list": {
+        const allowlist = loadAllowlist(root);
+        
+        if (json) {
+          console.log(JSON.stringify(allowlist, null, 2));
+          return 0;
+        }
+        
+        if (!quiet) {
+          console.log(`\n  ${ICONS.list} ${c.bold}Allowlist Entries${c.reset}\n`);
+        }
+        
+        // Remove expired entries
+        const now = Date.now();
+        const activeEntries = allowlist.entries.filter(e => 
+          !e.expiresAt || new Date(e.expiresAt).getTime() > now
+        );
+        
+        if (activeEntries.length === 0) {
+          console.log(`  ${c.dim}No entries in allowlist.${c.reset}\n`);
+          console.log(`  ${c.dim}Add entries with: vibecheck allowlist add --id <id> --reason "..."${c.reset}\n`);
+          return 0;
+        }
+        
+        for (const entry of activeEntries) {
+          const expireStr = entry.expiresAt 
+            ? `${c.dim}expires ${new Date(entry.expiresAt).toLocaleDateString()}${c.reset}` 
+            : '';
+          const scopeStr = entry.scope !== 'global' 
+            ? `${c.cyan}[${entry.scope}]${c.reset} ` 
+            : '';
+          
+          console.log(`  ${colors.success}${ICONS.allow}${c.reset} ${c.bold}${entry.id}${c.reset} ${scopeStr}${expireStr}`);
+          
+          if (entry.findingId) {
+            console.log(`    ${c.dim}Finding:${c.reset} ${entry.findingId}`);
+          }
+          if (entry.pattern) {
+            console.log(`    ${c.dim}Pattern:${c.reset} ${entry.pattern}`);
+          }
+          if (entry.file) {
+            console.log(`    ${c.dim}File:${c.reset} ${entry.file}`);
+          }
+          console.log(`    ${c.dim}Reason:${c.reset} ${entry.reason || 'No reason provided'}`);
+          console.log(`    ${c.dim}Added:${c.reset} ${entry.addedAt} by ${entry.addedBy || 'user'}`);
+          console.log();
+        }
+        
+        console.log(`  ${c.dim}Total: ${activeEntries.length} entries${c.reset}\n`);
+        return 0;
+      }
+      
+      case "add": {
+        const id = getArg(["--id"]);
+        const pattern = getArg(["--pattern"]);
+        const reason = getArg(["--reason"]);
+        const scope = getArg(["--scope"]) || "global";
+        const file = getArg(["--file"]);
+        const lines = getArg(["--lines"]);
+        const expires = getArg(["--expires"]);
+        
+        if (!id && !pattern) {
+          console.error(`\n  ${colors.error}${ICONS.block}${c.reset} Either --id or --pattern is required\n`);
+          return 1;
+        }
+        
+        if (!reason) {
+          console.error(`\n  ${colors.error}${ICONS.block}${c.reset} --reason is required\n`);
+          return 1;
+        }
+        
+        const entry = {
+          id: generateEntryId(),
+          findingId: id || null,
+          pattern: pattern || null,
+          reason,
+          scope,
+          addedAt: new Date().toISOString(),
+          addedBy: 'cli'
+        };
+        
+        if (file) entry.file = file;
+        if (lines) {
+          const [start, end] = lines.split('-').map(Number);
+          entry.lines = [start, end || start];
+        }
+        if (expires) {
+          const days = parseInt(expires, 10);
+          entry.expiresAt = new Date(Date.now() + days * 24 * 60 * 60 * 1000).toISOString();
+        }
+        
+        const allowlist = loadAllowlist(root);
+        allowlist.entries.push(entry);
+        saveAllowlist(root, allowlist);
+        
+        if (json) {
+          console.log(JSON.stringify({ added: entry }, null, 2));
+          return 0;
+        }
+        
+        console.log(`\n  ${colors.success}${ICONS.add}${c.reset} Added allowlist entry: ${c.bold}${entry.id}${c.reset}\n`);
+        return 0;
+      }
+      
+      case "remove": {
+        const id = getArg(["--id"]);
+        
+        if (!id) {
+          console.error(`\n  ${colors.error}${ICONS.block}${c.reset} --id is required for remove\n`);
+          return 1;
+        }
+        
+        const allowlist = loadAllowlist(root);
+        const before = allowlist.entries.length;
+        allowlist.entries = allowlist.entries.filter(e => e.id !== id && e.findingId !== id);
+        const removed = before - allowlist.entries.length;
+        
+        if (removed > 0) {
+          saveAllowlist(root, allowlist);
+        }
+        
+        if (json) {
+          console.log(JSON.stringify({ removed, remaining: allowlist.entries.length }, null, 2));
+          return 0;
+        }
+        
+        if (removed > 0) {
+          console.log(`\n  ${colors.success}${ICONS.remove}${c.reset} Removed ${removed} entry from allowlist\n`);
+        } else {
+          console.log(`\n  ${colors.warning}${ICONS.block}${c.reset} Entry not found: ${id}\n`);
+        }
+        return 0;
+      }
+      
+      case "check": {
+        const id = getArg(["--id"]);
+        
+        if (!id) {
+          console.error(`\n  ${colors.error}${ICONS.block}${c.reset} --id is required for check\n`);
+          return 1;
+        }
+        
+        const allowlist = loadAllowlist(root);
+        const result = isAllowlisted({ id }, allowlist);
+        
+        if (json) {
+          console.log(JSON.stringify(result, null, 2));
+          return result.allowed ? 0 : 1;
+        }
+        
+        if (result.allowed) {
+          console.log(`\n  ${colors.success}${ICONS.allow}${c.reset} ${c.bold}Allowlisted${c.reset}`);
+          console.log(`  ${c.dim}Reason:${c.reset} ${result.reason}`);
+          console.log(`  ${c.dim}Entry:${c.reset} ${result.entry?.id}\n`);
+        } else {
+          console.log(`\n  ${colors.warning}${ICONS.block}${c.reset} ${c.bold}Not allowlisted${c.reset}\n`);
+        }
+        return result.allowed ? 0 : 1;
+      }
+      
+      case "clear": {
+        const allowlist = loadAllowlist(root);
+        const count = allowlist.entries.length;
+        allowlist.entries = [];
+        saveAllowlist(root, allowlist);
+        
+        if (json) {
+          console.log(JSON.stringify({ cleared: count }, null, 2));
+          return 0;
+        }
+        
+        console.log(`\n  ${colors.success}${ICONS.remove}${c.reset} Cleared ${count} entries from allowlist\n`);
+        return 0;
+      }
+      
+      default:
+        console.error(`\n  ${colors.error}${ICONS.block}${c.reset} Unknown action: ${action}\n`);
+        printHelp();
+        return 1;
+    }
+  } catch (error) {
+    if (json) {
+      console.log(JSON.stringify({ error: error.message }, null, 2));
+    } else {
+      console.error(`\n  ${colors.error}${ICONS.block}${c.reset} ${error.message}\n`);
+    }
+    return 1;
+  }
+}
+
+module.exports = { runAllowlist, loadAllowlist, saveAllowlist, isAllowlisted };

package/bin/runners/runApprove.js

@@ -36,9 +36,6 @@ const {
   Spinner,
 } = require("./lib/terminal-ui");
 
-// Unified Output System
-const { output } = require("./lib/output/index.js");
-
 const BANNER = `
 ${ansi.rgb(0, 200, 255)}  ██╗   ██╗██╗██████╗ ███████╗ ██████╗██╗  ██╗███████╗ ██████╗██╗  ██╗${ansi.reset}
 ${ansi.rgb(30, 180, 255)}  ██║   ██║██║██╔══██╗██╔════╝██╔════╝██║  ██║██╔════╝██╔════╝██║ ██╔╝${ansi.reset}
@@ -1198,36 +1195,6 @@ async function analyzeSecurityRemediation(projectPath, authority, opts, spinner)
   };
 }
 
-/**
- * List available authorities (standalone command for registry)
- */
-async function runAuthorityList(args = []) {
-  const opts = { list: true, ...parseArgs(args) };
-  
-  if (opts.json) {
-    console.log(JSON.stringify(AUTHORITIES, null, 2));
-    return 0;
-  }
-  
-  console.log(`\n  ${ansi.bold}Available Authorities:${ansi.reset}\n`);
-  
-  for (const [id, auth] of Object.entries(AUTHORITIES)) {
-    const tierLabel = auth.tier === 'free' ? colors.success + '[FREE]' : 
-                      auth.tier === 'starter' ? colors.accent + '[STARTER]' : 
-                      auth.tier === 'pro' ? colors.warning + '[PRO]' :
-                      colors.error + '[ENTERPRISE]';
-    console.log(`  ${colors.accent}${id}${ansi.reset} ${tierLabel}${ansi.reset}`);
-    console.log(`    ${ansi.dim}${auth.description}${ansi.reset}`);
-    if (auth.note) {
-      console.log(`    ${colors.warning}Note: ${auth.note}${ansi.reset}`);
-    }
-    console.log();
-  }
-  
-  return 0;
-}
-
 module.exports = {
   runApprove: withErrorHandling(runApprove, "Approve failed"),
-  runAuthorityList,
 };