npm - @vibecheckai/cli - Versions diffs - 3.5.0 → 3.5.2 - Mend

@vibecheckai/cli 3.5.0 → 3.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (224) hide show

package/bin/registry.js +214 -237
package/bin/runners/cli-utils.js +33 -2
package/bin/runners/context/analyzer.js +52 -1
package/bin/runners/context/generators/cursor.js +2 -49
package/bin/runners/context/git-context.js +3 -1
package/bin/runners/context/team-conventions.js +33 -7
package/bin/runners/lib/analysis-core.js +25 -5
package/bin/runners/lib/analyzers.js +431 -481
package/bin/runners/lib/default-config.js +127 -0
package/bin/runners/lib/doctor/modules/security.js +3 -1
package/bin/runners/lib/engine/ast-cache.js +210 -0
package/bin/runners/lib/engine/auth-extractor.js +211 -0
package/bin/runners/lib/engine/billing-extractor.js +112 -0
package/bin/runners/lib/engine/enforcement-extractor.js +100 -0
package/bin/runners/lib/engine/env-extractor.js +207 -0
package/bin/runners/lib/engine/express-extractor.js +208 -0
package/bin/runners/lib/engine/extractors.js +849 -0
package/bin/runners/lib/engine/index.js +207 -0
package/bin/runners/lib/engine/repo-index.js +514 -0
package/bin/runners/lib/engine/types.js +124 -0
package/bin/runners/lib/engines/accessibility-engine.js +18 -218
package/bin/runners/lib/engines/api-consistency-engine.js +30 -335
package/bin/runners/lib/engines/cross-file-analysis-engine.js +27 -292
package/bin/runners/lib/engines/empty-catch-engine.js +17 -127
package/bin/runners/lib/engines/mock-data-engine.js +10 -53
package/bin/runners/lib/engines/performance-issues-engine.js +36 -176
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +54 -382
package/bin/runners/lib/engines/type-aware-engine.js +39 -263
package/bin/runners/lib/engines/vibecheck-engines/index.js +13 -122
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +291 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +83 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +275 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +167 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +73 -373
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +140 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +234 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +78 -0
package/bin/runners/lib/entitlements-v2.js +73 -97
package/bin/runners/lib/error-handler.js +44 -3
package/bin/runners/lib/error-messages.js +289 -0
package/bin/runners/lib/evidence-pack.js +7 -1
package/bin/runners/lib/finding-id.js +69 -0
package/bin/runners/lib/finding-sorter.js +89 -0
package/bin/runners/lib/html-proof-report.js +700 -350
package/bin/runners/lib/missions/plan.js +6 -46
package/bin/runners/lib/missions/templates.js +0 -232
package/bin/runners/lib/next-action.js +560 -0
package/bin/runners/lib/prerequisites.js +149 -0
package/bin/runners/lib/route-detection.js +137 -68
package/bin/runners/lib/scan-output.js +91 -76
package/bin/runners/lib/scan-runner.js +135 -0
package/bin/runners/lib/schemas/ajv-validator.js +464 -0
package/bin/runners/lib/schemas/error-envelope.schema.json +105 -0
package/bin/runners/lib/schemas/finding-v3.schema.json +151 -0
package/bin/runners/lib/schemas/report-artifact.schema.json +120 -0
package/bin/runners/lib/schemas/run-request.schema.json +108 -0
package/bin/runners/lib/schemas/validator.js +27 -0
package/bin/runners/lib/schemas/verdict.schema.json +140 -0
package/bin/runners/lib/ship-output-enterprise.js +23 -23
package/bin/runners/lib/ship-output.js +75 -31
package/bin/runners/lib/terminal-ui.js +6 -113
package/bin/runners/lib/truth.js +351 -10
package/bin/runners/lib/unified-cli-output.js +430 -603
package/bin/runners/lib/unified-output.js +13 -9
package/bin/runners/runAIAgent.js +10 -5
package/bin/runners/runAgent.js +0 -3
package/bin/runners/runAllowlist.js +389 -0
package/bin/runners/runApprove.js +0 -33
package/bin/runners/runAuth.js +73 -45
package/bin/runners/runCheckpoint.js +51 -11
package/bin/runners/runClassify.js +85 -21
package/bin/runners/runContext.js +0 -3
package/bin/runners/runDoctor.js +41 -28
package/bin/runners/runEvidencePack.js +362 -0
package/bin/runners/runFirewall.js +0 -3
package/bin/runners/runFirewallHook.js +0 -3
package/bin/runners/runFix.js +66 -76
package/bin/runners/runGuard.js +18 -411
package/bin/runners/runInit.js +113 -30
package/bin/runners/runLabs.js +424 -0
package/bin/runners/runMcp.js +19 -25
package/bin/runners/runPolish.js +64 -240
package/bin/runners/runPromptFirewall.js +12 -5
package/bin/runners/runProve.js +57 -22
package/bin/runners/runQuickstart.js +531 -0
package/bin/runners/runReality.js +59 -68
package/bin/runners/runReport.js +38 -33
package/bin/runners/runRuntime.js +8 -5
package/bin/runners/runScan.js +1413 -190
package/bin/runners/runShip.js +113 -719
package/bin/runners/runTruth.js +0 -3
package/bin/runners/runValidate.js +13 -9
package/bin/runners/runWatch.js +23 -14
package/bin/scan.js +6 -1
package/bin/vibecheck.js +204 -185
package/mcp-server/deprecation-middleware.js +282 -0
package/mcp-server/handlers/index.ts +15 -0
package/mcp-server/handlers/tool-handler.ts +554 -0
package/mcp-server/index-v1.js +698 -0
package/mcp-server/index.js +210 -238
package/mcp-server/lib/cache-wrapper.cjs +383 -0
package/mcp-server/lib/error-envelope.js +138 -0
package/mcp-server/lib/executor.ts +499 -0
package/mcp-server/lib/index.ts +19 -0
package/mcp-server/lib/rate-limiter.js +166 -0
package/mcp-server/lib/sandbox.test.ts +519 -0
package/mcp-server/lib/sandbox.ts +395 -0
package/mcp-server/lib/types.ts +267 -0
package/mcp-server/package.json +12 -3
package/mcp-server/registry/tool-registry.js +794 -0
package/mcp-server/registry/tools.json +605 -0
package/mcp-server/registry.test.ts +334 -0
package/mcp-server/tests/tier-gating.test.js +297 -0
package/mcp-server/tier-auth.js +378 -45
package/mcp-server/tools-v3.js +353 -442
package/mcp-server/tsconfig.json +37 -0
package/mcp-server/vibecheck-2.0-tools.js +14 -1
package/package.json +1 -1
package/bin/runners/lib/agent-firewall/learning/learning-engine.js +0 -849
package/bin/runners/lib/audit-logger.js +0 -532
package/bin/runners/lib/authority/authorities/architecture.js +0 -364
package/bin/runners/lib/authority/authorities/compliance.js +0 -341
package/bin/runners/lib/authority/authorities/human.js +0 -343
package/bin/runners/lib/authority/authorities/quality.js +0 -420
package/bin/runners/lib/authority/authorities/security.js +0 -228
package/bin/runners/lib/authority/index.js +0 -293
package/bin/runners/lib/bundle/bundle-intelligence.js +0 -846
package/bin/runners/lib/cli-charts.js +0 -368
package/bin/runners/lib/cli-config-display.js +0 -405
package/bin/runners/lib/cli-demo.js +0 -275
package/bin/runners/lib/cli-errors.js +0 -438
package/bin/runners/lib/cli-help-formatter.js +0 -439
package/bin/runners/lib/cli-interactive-menu.js +0 -509
package/bin/runners/lib/cli-prompts.js +0 -441
package/bin/runners/lib/cli-scan-cards.js +0 -362
package/bin/runners/lib/compliance-reporter.js +0 -710
package/bin/runners/lib/conductor/index.js +0 -671
package/bin/runners/lib/easy/README.md +0 -123
package/bin/runners/lib/easy/index.js +0 -140
package/bin/runners/lib/easy/interactive-wizard.js +0 -788
package/bin/runners/lib/easy/one-click-firewall.js +0 -564
package/bin/runners/lib/easy/zero-config-reality.js +0 -714
package/bin/runners/lib/engines/async-patterns-engine.js +0 -444
package/bin/runners/lib/engines/bundle-size-engine.js +0 -433
package/bin/runners/lib/engines/confidence-scoring.js +0 -276
package/bin/runners/lib/engines/context-detection.js +0 -264
package/bin/runners/lib/engines/database-patterns-engine.js +0 -429
package/bin/runners/lib/engines/duplicate-code-engine.js +0 -354
package/bin/runners/lib/engines/env-variables-engine.js +0 -458
package/bin/runners/lib/engines/error-handling-engine.js +0 -437
package/bin/runners/lib/engines/false-positive-prevention.js +0 -630
package/bin/runners/lib/engines/framework-adapters/index.js +0 -607
package/bin/runners/lib/engines/framework-detection.js +0 -508
package/bin/runners/lib/engines/import-order-engine.js +0 -429
package/bin/runners/lib/engines/naming-conventions-engine.js +0 -544
package/bin/runners/lib/engines/noise-reduction-engine.js +0 -452
package/bin/runners/lib/engines/orchestrator.js +0 -334
package/bin/runners/lib/engines/react-patterns-engine.js +0 -457
package/bin/runners/lib/engines/vibecheck-engines/lib/ai-hallucination-engine.js +0 -806
package/bin/runners/lib/engines/vibecheck-engines/lib/smart-fix-engine.js +0 -577
package/bin/runners/lib/engines/vibecheck-engines/lib/vibe-score-engine.js +0 -543
package/bin/runners/lib/engines/vibecheck-engines.js +0 -514
package/bin/runners/lib/enhanced-features/index.js +0 -305
package/bin/runners/lib/enhanced-output.js +0 -631
package/bin/runners/lib/enterprise.js +0 -300
package/bin/runners/lib/firewall/command-validator.js +0 -351
package/bin/runners/lib/firewall/config.js +0 -341
package/bin/runners/lib/firewall/content-validator.js +0 -519
package/bin/runners/lib/firewall/index.js +0 -101
package/bin/runners/lib/firewall/path-validator.js +0 -256
package/bin/runners/lib/intelligence/cross-repo-intelligence.js +0 -817
package/bin/runners/lib/mcp-utils.js +0 -425
package/bin/runners/lib/output/index.js +0 -1022
package/bin/runners/lib/policy-engine.js +0 -652
package/bin/runners/lib/polish/autofix/accessibility-fixes.js +0 -333
package/bin/runners/lib/polish/autofix/async-handlers.js +0 -273
package/bin/runners/lib/polish/autofix/dead-code.js +0 -280
package/bin/runners/lib/polish/autofix/imports-optimizer.js +0 -344
package/bin/runners/lib/polish/autofix/index.js +0 -200
package/bin/runners/lib/polish/autofix/remove-consoles.js +0 -209
package/bin/runners/lib/polish/autofix/strengthen-types.js +0 -245
package/bin/runners/lib/polish/backend-checks.js +0 -148
package/bin/runners/lib/polish/documentation-checks.js +0 -111
package/bin/runners/lib/polish/frontend-checks.js +0 -168
package/bin/runners/lib/polish/index.js +0 -71
package/bin/runners/lib/polish/infrastructure-checks.js +0 -131
package/bin/runners/lib/polish/library-detection.js +0 -175
package/bin/runners/lib/polish/performance-checks.js +0 -100
package/bin/runners/lib/polish/security-checks.js +0 -148
package/bin/runners/lib/polish/utils.js +0 -203
package/bin/runners/lib/prompt-builder.js +0 -540
package/bin/runners/lib/proof-certificate.js +0 -634
package/bin/runners/lib/reality/accessibility-audit.js +0 -946
package/bin/runners/lib/reality/api-contract-validator.js +0 -1012
package/bin/runners/lib/reality/chaos-engineering.js +0 -1084
package/bin/runners/lib/reality/performance-tracker.js +0 -1077
package/bin/runners/lib/reality/scenario-generator.js +0 -1404
package/bin/runners/lib/reality/visual-regression.js +0 -852
package/bin/runners/lib/reality-profiler.js +0 -717
package/bin/runners/lib/replay/flight-recorder-viewer.js +0 -1160
package/bin/runners/lib/review/ai-code-review.js +0 -832
package/bin/runners/lib/rules/custom-rule-engine.js +0 -985
package/bin/runners/lib/sbom-generator.js +0 -641
package/bin/runners/lib/scan-output-enhanced.js +0 -512
package/bin/runners/lib/security/owasp-scanner.js +0 -939
package/bin/runners/lib/validators/contract-validator.js +0 -283
package/bin/runners/lib/validators/dead-export-detector.js +0 -279
package/bin/runners/lib/validators/dep-audit.js +0 -245
package/bin/runners/lib/validators/env-validator.js +0 -319
package/bin/runners/lib/validators/index.js +0 -120
package/bin/runners/lib/validators/license-checker.js +0 -252
package/bin/runners/lib/validators/route-validator.js +0 -290
package/bin/runners/runAuthority.js +0 -528
package/bin/runners/runConductor.js +0 -772
package/bin/runners/runContainer.js +0 -366
package/bin/runners/runEasy.js +0 -410
package/bin/runners/runIaC.js +0 -372
package/bin/runners/runVibe.js +0 -791
package/mcp-server/tools.js +0 -495

package/bin/runners/lib/mcp-utils.js DELETED Viewed

@@ -1,425 +0,0 @@
-/**
- * MCP Utilities
- *
- * Shared utilities for MCP server implementations.
- * Used by both the stdio (mcp-server/index.js) and HTTP (runMcp.js) implementations.
- */
-"use strict";
-const path = require("path");
-const fs = require("fs");
-// =============================================================================
-// TIER DEFINITIONS (mirrors @vibecheck/core)
-// =============================================================================
-const TIERS = {
-  free: {
-    name: 'FREE',
-    price: '$0',
-    rateLimit: { rpm: 10, burst: 20, daily: 100 },
-  },
-  pro: {
-    name: 'PRO',
-    price: '$69/mo',
-    rateLimit: { rpm: 100, burst: 200, daily: Infinity },
-  },
-};
-// =============================================================================
-// TOOL TIER MAPPINGS
-// =============================================================================
-const TOOL_TIERS = {
-  // FREE - Inspect & Observe
-  'vibecheck.scan': 'free',
-  'vibecheck.ctx': 'free',
-  'vibecheck.verify': 'free',
-  'vibecheck.report': 'free',
-  'vibecheck.status': 'free',
-  'vibecheck.doctor': 'free',
-  'vibecheck.firewall': 'free',
-  'authority.list': 'free',
-  'authority.classify': 'free',
-  'vibecheck_conductor_status': 'free',
-  // HTTP tools (legacy names)
-  'repo_map': 'free',
-  'routes_list': 'free',
-  'truthpack_get': 'free',
-  'findings_latest': 'free',
-  // PRO - Fix, Prove & Enforce
-  'vibecheck.ship': 'pro',
-  'vibecheck.fix': 'pro',
-  'vibecheck.prove': 'pro',
-  'vibecheck.gate': 'pro',
-  'vibecheck.badge': 'pro',
-  'vibecheck.reality': 'pro',
-  'vibecheck.ai_test': 'pro',
-  'vibecheck.share': 'pro',
-  'authority.approve': 'pro',
-  'vibecheck_conductor_register': 'pro',
-  'vibecheck_conductor_acquire_lock': 'pro',
-  'vibecheck_conductor_release_lock': 'pro',
-  'vibecheck_conductor_propose': 'pro',
-  'vibecheck_conductor_terminate': 'pro',
-  'vibecheck_agent_firewall_intercept': 'pro',
-  // HTTP tools (legacy names)
-  'run_ship': 'pro',
-  'policy_check': 'pro',
-};
-/**
- * Check if tool requires pro tier
- */
-function requiresPro(toolName) {
-  return TOOL_TIERS[toolName] === 'pro';
-}
-/**
- * Check tier access for a tool
- */
-function checkTierAccess(toolName, userTier) {
-  const required = TOOL_TIERS[toolName];
-  // Unknown tools default to pro
-  if (!required) {
-    return {
-      allowed: userTier === 'pro',
-      error: userTier !== 'pro'
-        ? `Unknown tool "${toolName}" requires Pro tier`
-        : undefined,
-    };
-  }
-  if (required === 'free') {
-    return { allowed: true };
-  }
-  if (userTier === 'pro') {
-    return { allowed: true };
-  }
-  return {
-    allowed: false,
-    error: `${toolName} requires Pro ($69/mo). Upgrade at https://vibecheckai.dev/pricing`,
-  };
-}
-// =============================================================================
-// RATE LIMITING
-// =============================================================================
-class RateLimiter {
-  constructor() {
-    this.clients = new Map();
-  }
-  check(clientId, tier) {
-    const now = Date.now();
-    const limits = TIERS[tier]?.rateLimit || TIERS.free.rateLimit;
-    if (!this.clients.has(clientId)) {
-      this.clients.set(clientId, {
-        requests: [],
-        dailyCount: 0,
-        dailyReset: this.getNextMidnight(),
-      });
-    }
-    const client = this.clients.get(clientId);
-    // Reset daily counter if needed
-    if (now > client.dailyReset) {
-      client.dailyCount = 0;
-      client.dailyReset = this.getNextMidnight();
-    }
-    // Clean old requests (older than 1 minute)
-    client.requests = client.requests.filter(time => now - time < 60000);
-    // Check RPM limit
-    if (client.requests.length >= limits.rpm) {
-      return {
-        allowed: false,
-        error: 'Rate limit exceeded',
-        resetAt: Math.min(...client.requests) + 60000,
-        remaining: 0,
-      };
-    }
-    // Check daily limit
-    if (limits.daily !== Infinity && client.dailyCount >= limits.daily) {
-      return {
-        allowed: false,
-        error: 'Daily quota exceeded',
-        resetAt: client.dailyReset,
-        remaining: 0,
-      };
-    }
-    // Record request
-    client.requests.push(now);
-    client.dailyCount++;
-    return {
-      allowed: true,
-      remaining: limits.rpm - client.requests.length,
-      dailyRemaining: limits.daily === Infinity
-        ? Infinity
-        : limits.daily - client.dailyCount,
-    };
-  }
-  getNextMidnight() {
-    const tomorrow = new Date();
-    tomorrow.setHours(24, 0, 0, 0);
-    return tomorrow.getTime();
-  }
-  cleanup() {
-    const now = Date.now();
-    for (const [clientId, client] of this.clients) {
-      // Remove clients with no recent activity
-      if (client.requests.length === 0 && now > client.dailyReset) {
-        this.clients.delete(clientId);
-      }
-    }
-  }
-}
-// =============================================================================
-// AUDIT LOGGING
-// =============================================================================
-class AuditLogger {
-  constructor(logPath) {
-    this.logPath = logPath || path.join(process.cwd(), '.vibecheck', 'audit', 'mcp-audit.jsonl');
-    this.ensureDir();
-  }
-  ensureDir() {
-    try {
-      fs.mkdirSync(path.dirname(this.logPath), { recursive: true });
-    } catch {
-      // Ignore
-    }
-  }
-  log(event) {
-    const entry = {
-      timestamp: new Date().toISOString(),
-      ...event,
-    };
-    try {
-      fs.appendFileSync(this.logPath, JSON.stringify(entry) + '\n');
-    } catch (err) {
-      // Silent fail for audit logging
-    }
-  }
-  logToolCall(toolName, tier, success, duration, error) {
-    this.log({
-      type: 'tool_call',
-      tool: toolName,
-      tier,
-      success,
-      duration,
-      error: error?.message,
-    });
-  }
-  logAuth(tier, success, error) {
-    this.log({
-      type: 'auth',
-      tier,
-      success,
-      error: error?.message,
-    });
-  }
-}
-// =============================================================================
-// PATH SECURITY
-// =============================================================================
-const BLOCKED_PATHS = [
-  '.env',
-  '.env.local',
-  '.env.production',
-  'credentials',
-  'secrets',
-  '.ssh',
-  '.aws',
-  '.npmrc',
-  '.pypirc',
-];
-/**
- * Check if path is safe to access
- */
-function isPathSafe(requestedPath, projectRoot) {
-  const resolved = path.resolve(projectRoot, requestedPath);
-  // Must be within project root
-  if (!resolved.startsWith(projectRoot)) {
-    return { safe: false, error: 'Path traversal detected' };
-  }
-  // Check blocked paths
-  const relative = path.relative(projectRoot, resolved);
-  for (const blocked of BLOCKED_PATHS) {
-    if (relative.includes(blocked) || relative.startsWith(blocked)) {
-      return { safe: false, error: `Access to ${blocked} is blocked` };
-    }
-  }
-  return { safe: true };
-}
-// =============================================================================
-// INPUT VALIDATION
-// =============================================================================
-/**
- * Validate tool arguments against schema
- */
-function validateArgs(args, schema) {
-  const errors = [];
-  if (!schema || !schema.properties) {
-    return { valid: true, args };
-  }
-  const validated = {};
-  for (const [key, prop] of Object.entries(schema.properties)) {
-    const value = args?.[key];
-    // Check required
-    if (schema.required?.includes(key) && value === undefined) {
-      errors.push(`Missing required argument: ${key}`);
-      continue;
-    }
-    // Use default if not provided
-    if (value === undefined && prop.default !== undefined) {
-      validated[key] = prop.default;
-      continue;
-    }
-    // Skip undefined optional args
-    if (value === undefined) {
-      continue;
-    }
-    // Type check
-    if (prop.type === 'string' && typeof value !== 'string') {
-      errors.push(`${key} must be a string`);
-    } else if (prop.type === 'boolean' && typeof value !== 'boolean') {
-      errors.push(`${key} must be a boolean`);
-    } else if (prop.type === 'number' && typeof value !== 'number') {
-      errors.push(`${key} must be a number`);
-    } else if (prop.type === 'array' && !Array.isArray(value)) {
-      errors.push(`${key} must be an array`);
-    }
-    // Enum check
-    if (prop.enum && !prop.enum.includes(value)) {
-      errors.push(`${key} must be one of: ${prop.enum.join(', ')}`);
-    }
-    validated[key] = value;
-  }
-  return {
-    valid: errors.length === 0,
-    errors,
-    args: validated,
-  };
-}
-// =============================================================================
-// SECRET REDACTION
-// =============================================================================
-const SECRET_PATTERNS = [
-  /sk[_-][a-zA-Z0-9]{20,}/g,           // Stripe keys
-  /pk[_-][a-zA-Z0-9]{20,}/g,           // Stripe public keys
-  /ghp_[a-zA-Z0-9]{36}/g,              // GitHub tokens
-  /gho_[a-zA-Z0-9]{36}/g,              // GitHub OAuth
-  /xox[baprs]-[a-zA-Z0-9-]{10,}/g,     // Slack tokens
-  /Bearer\s+[a-zA-Z0-9._-]+/gi,        // Bearer tokens
-  /api[_-]?key[_-]?[=:]["']?[a-zA-Z0-9]{16,}/gi,
-  /password[_-]?[=:]["']?[^\s"']+/gi,
-  /secret[_-]?[=:]["']?[^\s"']+/gi,
-];
-/**
- * Redact secrets from output
- */
-function redactSecrets(text) {
-  if (!text || typeof text !== 'string') return text;
-  let redacted = text;
-  for (const pattern of SECRET_PATTERNS) {
-    redacted = redacted.replace(pattern, '[REDACTED]');
-  }
-  return redacted;
-}
-/**
- * Redact secrets from object (deep)
- */
-function redactObject(obj) {
-  if (!obj) return obj;
-  if (typeof obj === 'string') return redactSecrets(obj);
-  if (Array.isArray(obj)) return obj.map(redactObject);
-  if (typeof obj !== 'object') return obj;
-  const result = {};
-  for (const [key, value] of Object.entries(obj)) {
-    // Always redact certain keys
-    const lowerKey = key.toLowerCase();
-    if (lowerKey.includes('password') ||
-        lowerKey.includes('secret') ||
-        lowerKey.includes('token') ||
-        lowerKey.includes('apikey') ||
-        lowerKey.includes('api_key')) {
-      result[key] = '[REDACTED]';
-    } else {
-      result[key] = redactObject(value);
-    }
-  }
-  return result;
-}
-// =============================================================================
-// EXPORTS
-// =============================================================================
-module.exports = {
-  // Tier management
-  TIERS,
-  TOOL_TIERS,
-  requiresPro,
-  checkTierAccess,
-  // Rate limiting
-  RateLimiter,
-  // Audit logging
-  AuditLogger,
-  // Security
-  isPathSafe,
-  validateArgs,
-  redactSecrets,
-  redactObject,
-  BLOCKED_PATHS,
-  SECRET_PATTERNS,
-};