npm - @vibecheckai/cli - Versions diffs - 3.5.1 → 3.5.2 - Mend

@vibecheckai/cli 3.5.1 → 3.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (272) hide show

package/bin/registry.js +406 -154
package/bin/runners/context/analyzer.js +52 -1
package/bin/runners/context/generators/mcp.js +15 -13
package/bin/runners/context/git-context.js +3 -1
package/bin/runners/context/proof-context.js +248 -1
package/bin/runners/context/team-conventions.js +33 -7
package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +474 -0
package/bin/runners/lib/agent-firewall/change-packet/builder.js +488 -0
package/bin/runners/lib/agent-firewall/change-packet/schema.json +228 -0
package/bin/runners/lib/agent-firewall/change-packet/store.js +200 -0
package/bin/runners/lib/agent-firewall/claims/claim-types.js +21 -0
package/bin/runners/lib/agent-firewall/claims/extractor.js +303 -0
package/bin/runners/lib/agent-firewall/claims/patterns.js +24 -0
package/bin/runners/lib/agent-firewall/critic/index.js +151 -0
package/bin/runners/lib/agent-firewall/critic/judge.js +432 -0
package/bin/runners/lib/agent-firewall/critic/prompts.js +305 -0
package/bin/runners/lib/agent-firewall/evidence/auth-evidence.js +88 -0
package/bin/runners/lib/agent-firewall/evidence/contract-evidence.js +75 -0
package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +127 -0
package/bin/runners/lib/agent-firewall/evidence/resolver.js +102 -0
package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +213 -0
package/bin/runners/lib/agent-firewall/evidence/side-effect-evidence.js +145 -0
package/bin/runners/lib/agent-firewall/fs-hook/daemon.js +19 -0
package/bin/runners/lib/agent-firewall/fs-hook/installer.js +87 -0
package/bin/runners/lib/agent-firewall/fs-hook/watcher.js +184 -0
package/bin/runners/lib/agent-firewall/git-hook/pre-commit.js +163 -0
package/bin/runners/lib/agent-firewall/ide-extension/cursor.js +107 -0
package/bin/runners/lib/agent-firewall/ide-extension/vscode.js +68 -0
package/bin/runners/lib/agent-firewall/ide-extension/windsurf.js +66 -0
package/bin/runners/lib/agent-firewall/interceptor/base.js +304 -0
package/bin/runners/lib/agent-firewall/interceptor/cursor.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/vscode.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/windsurf.js +34 -0
package/bin/runners/lib/agent-firewall/lawbook/distributor.js +465 -0
package/bin/runners/lib/agent-firewall/lawbook/evaluator.js +604 -0
package/bin/runners/lib/agent-firewall/lawbook/index.js +304 -0
package/bin/runners/lib/agent-firewall/lawbook/registry.js +514 -0
package/bin/runners/lib/agent-firewall/lawbook/schema.js +420 -0
package/bin/runners/lib/agent-firewall/logger.js +141 -0
package/bin/runners/lib/agent-firewall/policy/default-policy.json +90 -0
package/bin/runners/lib/agent-firewall/policy/engine.js +103 -0
package/bin/runners/lib/agent-firewall/policy/loader.js +451 -0
package/bin/runners/lib/agent-firewall/policy/rules/auth-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/contract-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +86 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js +162 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +189 -0
package/bin/runners/lib/agent-firewall/policy/rules/scope.js +93 -0
package/bin/runners/lib/agent-firewall/policy/rules/unsafe-side-effect.js +57 -0
package/bin/runners/lib/agent-firewall/policy/schema.json +183 -0
package/bin/runners/lib/agent-firewall/policy/verdict.js +54 -0
package/bin/runners/lib/agent-firewall/proposal/extractor.js +394 -0
package/bin/runners/lib/agent-firewall/proposal/index.js +212 -0
package/bin/runners/lib/agent-firewall/proposal/schema.js +251 -0
package/bin/runners/lib/agent-firewall/proposal/validator.js +386 -0
package/bin/runners/lib/agent-firewall/reality/index.js +332 -0
package/bin/runners/lib/agent-firewall/reality/state.js +625 -0
package/bin/runners/lib/agent-firewall/reality/watcher.js +322 -0
package/bin/runners/lib/agent-firewall/risk/index.js +173 -0
package/bin/runners/lib/agent-firewall/risk/scorer.js +328 -0
package/bin/runners/lib/agent-firewall/risk/thresholds.js +321 -0
package/bin/runners/lib/agent-firewall/risk/vectors.js +421 -0
package/bin/runners/lib/agent-firewall/simulator/diff-simulator.js +472 -0
package/bin/runners/lib/agent-firewall/simulator/import-resolver.js +346 -0
package/bin/runners/lib/agent-firewall/simulator/index.js +181 -0
package/bin/runners/lib/agent-firewall/simulator/route-validator.js +380 -0
package/bin/runners/lib/agent-firewall/time-machine/incident-correlator.js +661 -0
package/bin/runners/lib/agent-firewall/time-machine/index.js +267 -0
package/bin/runners/lib/agent-firewall/time-machine/replay-engine.js +436 -0
package/bin/runners/lib/agent-firewall/time-machine/state-reconstructor.js +490 -0
package/bin/runners/lib/agent-firewall/time-machine/timeline-builder.js +530 -0
package/bin/runners/lib/agent-firewall/truthpack/index.js +67 -0
package/bin/runners/lib/agent-firewall/truthpack/loader.js +137 -0
package/bin/runners/lib/agent-firewall/unblock/planner.js +337 -0
package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +118 -0
package/bin/runners/lib/analysis-core.js +220 -182
package/bin/runners/lib/analyzers.js +2145 -224
package/bin/runners/lib/api-client.js +269 -0
package/bin/runners/lib/authority-badge.js +425 -0
package/bin/runners/lib/cli-output.js +242 -210
package/bin/runners/lib/default-config.js +127 -0
package/bin/runners/lib/detectors-v2.js +547 -785
package/bin/runners/lib/doctor/modules/security.js +3 -1
package/bin/runners/lib/engine/ast-cache.js +210 -0
package/bin/runners/lib/engine/auth-extractor.js +211 -0
package/bin/runners/lib/engine/billing-extractor.js +112 -0
package/bin/runners/lib/engine/enforcement-extractor.js +100 -0
package/bin/runners/lib/engine/env-extractor.js +207 -0
package/bin/runners/lib/engine/express-extractor.js +208 -0
package/bin/runners/lib/engine/extractors.js +849 -0
package/bin/runners/lib/engine/index.js +207 -0
package/bin/runners/lib/engine/repo-index.js +514 -0
package/bin/runners/lib/engine/types.js +124 -0
package/bin/runners/lib/engines/accessibility-engine.js +190 -0
package/bin/runners/lib/engines/api-consistency-engine.js +162 -0
package/bin/runners/lib/engines/ast-cache.js +99 -0
package/bin/runners/lib/engines/code-quality-engine.js +255 -0
package/bin/runners/lib/engines/console-logs-engine.js +115 -0
package/bin/runners/lib/engines/cross-file-analysis-engine.js +268 -0
package/bin/runners/lib/engines/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/deprecated-api-engine.js +226 -0
package/bin/runners/lib/engines/empty-catch-engine.js +150 -0
package/bin/runners/lib/engines/file-filter.js +131 -0
package/bin/runners/lib/engines/hardcoded-secrets-engine.js +251 -0
package/bin/runners/lib/engines/mock-data-engine.js +272 -0
package/bin/runners/lib/engines/parallel-processor.js +71 -0
package/bin/runners/lib/engines/performance-issues-engine.js +265 -0
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +243 -0
package/bin/runners/lib/engines/todo-fixme-engine.js +115 -0
package/bin/runners/lib/engines/type-aware-engine.js +152 -0
package/bin/runners/lib/engines/unsafe-regex-engine.js +225 -0
package/bin/runners/lib/engines/vibecheck-engines/README.md +53 -0
package/bin/runners/lib/engines/vibecheck-engines/index.js +15 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +291 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +83 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +275 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +167 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +139 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +140 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +234 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +78 -0
package/bin/runners/lib/engines/vibecheck-engines/package.json +13 -0
package/bin/runners/lib/entitlements-v2.js +152 -446
package/bin/runners/lib/error-handler.js +60 -12
package/bin/runners/lib/error-messages.js +289 -0
package/bin/runners/lib/evidence-pack.js +7 -1
package/bin/runners/lib/exit-codes.js +275 -0
package/bin/runners/lib/finding-id.js +69 -0
package/bin/runners/lib/finding-sorter.js +89 -0
package/bin/runners/lib/fingerprint.js +377 -0
package/bin/runners/lib/global-flags.js +37 -0
package/bin/runners/lib/help-formatter.js +413 -0
package/bin/runners/lib/logger.js +38 -0
package/bin/runners/lib/next-action.js +560 -0
package/bin/runners/lib/prerequisites.js +149 -0
package/bin/runners/lib/route-detection.js +137 -68
package/bin/runners/lib/route-truth.js +1167 -322
package/bin/runners/lib/scan-output.js +504 -463
package/bin/runners/lib/scan-runner.js +135 -0
package/bin/runners/lib/schemas/ajv-validator.js +464 -0
package/bin/runners/lib/schemas/error-envelope.schema.json +105 -0
package/bin/runners/lib/schemas/finding-v3.schema.json +151 -0
package/bin/runners/lib/schemas/report-artifact.schema.json +120 -0
package/bin/runners/lib/schemas/run-request.schema.json +108 -0
package/bin/runners/lib/schemas/validator.js +27 -0
package/bin/runners/lib/schemas/verdict.schema.json +140 -0
package/bin/runners/lib/ship-output-enterprise.js +239 -0
package/bin/runners/lib/ship-output.js +328 -31
package/bin/runners/lib/terminal-ui.js +234 -731
package/bin/runners/lib/truth.js +1332 -308
package/bin/runners/lib/unified-cli-output.js +604 -0
package/bin/runners/lib/unified-output.js +163 -155
package/bin/runners/lib/upsell.js +104 -204
package/bin/runners/runAgent.d.ts +5 -0
package/bin/runners/runAgent.js +161 -0
package/bin/runners/runAllowlist.js +166 -101
package/bin/runners/runApprove.js +1200 -0
package/bin/runners/runAuth.js +373 -95
package/bin/runners/runCheckpoint.js +59 -21
package/bin/runners/runClassify.js +926 -0
package/bin/runners/runContext.d.ts +4 -0
package/bin/runners/runContext.js +136 -24
package/bin/runners/runDoctor.js +115 -67
package/bin/runners/runEvidencePack.js +239 -96
package/bin/runners/runFirewall.d.ts +5 -0
package/bin/runners/runFirewall.js +134 -0
package/bin/runners/runFirewallHook.d.ts +5 -0
package/bin/runners/runFirewallHook.js +56 -0
package/bin/runners/runFix.js +6 -5
package/bin/runners/runGuard.js +212 -118
package/bin/runners/runInit.js +66 -21
package/bin/runners/runLabs.js +204 -121
package/bin/runners/runMcp.js +131 -60
package/bin/runners/runPolish.d.ts +4 -0
package/bin/runners/runPolish.js +43 -20
package/bin/runners/runProof.zip +0 -0
package/bin/runners/runProve.js +15 -5
package/bin/runners/runQuickstart.js +531 -0
package/bin/runners/runReality.js +14 -0
package/bin/runners/runReport.js +36 -4
package/bin/runners/runScan.js +689 -91
package/bin/runners/runShip.js +96 -40
package/bin/runners/runTruth.d.ts +5 -0
package/bin/runners/runTruth.js +101 -0
package/bin/runners/runValidate.js +21 -4
package/bin/runners/runWatch.js +118 -54
package/bin/scan.js +6 -1
package/bin/vibecheck.js +297 -52
package/mcp-server/HARDENING_SUMMARY.md +299 -0
package/mcp-server/agent-firewall-interceptor.js +500 -0
package/mcp-server/authority-tools.js +569 -0
package/mcp-server/conductor/conflict-resolver.js +588 -0
package/mcp-server/conductor/execution-planner.js +544 -0
package/mcp-server/conductor/index.js +377 -0
package/mcp-server/conductor/lock-manager.js +615 -0
package/mcp-server/conductor/request-queue.js +550 -0
package/mcp-server/conductor/session-manager.js +500 -0
package/mcp-server/conductor/tools.js +510 -0
package/mcp-server/deprecation-middleware.js +282 -0
package/mcp-server/handlers/index.ts +15 -0
package/mcp-server/handlers/tool-handler.ts +474 -591
package/mcp-server/index.js +1748 -1099
package/mcp-server/lib/api-client.cjs +13 -0
package/mcp-server/lib/cache-wrapper.cjs +383 -0
package/mcp-server/lib/error-envelope.js +138 -0
package/mcp-server/lib/executor.ts +428 -721
package/mcp-server/lib/index.ts +19 -0
package/mcp-server/lib/logger.cjs +30 -0
package/mcp-server/lib/rate-limiter.js +166 -0
package/mcp-server/lib/sandbox.test.ts +519 -0
package/mcp-server/lib/sandbox.ts +342 -284
package/mcp-server/lib/types.ts +267 -0
package/mcp-server/logger.js +173 -0
package/mcp-server/package.json +11 -27
package/mcp-server/premium-tools.js +2 -2
package/mcp-server/registry/tool-registry.js +794 -0
package/mcp-server/registry/tools.json +507 -378
package/mcp-server/registry.test.ts +334 -0
package/mcp-server/tests/tier-gating.test.js +297 -0
package/mcp-server/tier-auth.js +492 -347
package/mcp-server/tools-v3.js +950 -0
package/mcp-server/truth-context.js +131 -90
package/mcp-server/truth-firewall-tools.js +1612 -1001
package/mcp-server/tsconfig.json +8 -5
package/mcp-server/vibecheck-2.0-tools.js +14 -1
package/mcp-server/vibecheck-mcp-server-3.2.0.tgz +0 -0
package/mcp-server/vibecheck-tools.js +2 -2
package/package.json +4 -3
package/bin/runners/runInstall.js +0 -281
package/mcp-server/ARCHITECTURE.md +0 -339
package/mcp-server/__tests__/cache.test.ts +0 -313
package/mcp-server/__tests__/executor.test.ts +0 -239
package/mcp-server/__tests__/fixtures/exclusion-test/.cache/webpack/cache.pack +0 -1
package/mcp-server/__tests__/fixtures/exclusion-test/.next/server/chunk.js +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/.turbo/cache.json +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/.venv/lib/env.py +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/dist/bundle.js +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/package.json +0 -5
package/mcp-server/__tests__/fixtures/exclusion-test/src/app.ts +0 -5
package/mcp-server/__tests__/fixtures/exclusion-test/venv/lib/config.py +0 -4
package/mcp-server/__tests__/ids.test.ts +0 -345
package/mcp-server/__tests__/integration/tools.test.ts +0 -410
package/mcp-server/__tests__/registry.test.ts +0 -365
package/mcp-server/__tests__/sandbox.test.ts +0 -323
package/mcp-server/__tests__/schemas.test.ts +0 -372
package/mcp-server/benchmarks/run-benchmarks.ts +0 -304
package/mcp-server/examples/doctor.request.json +0 -14
package/mcp-server/examples/doctor.response.json +0 -53
package/mcp-server/examples/error.response.json +0 -15
package/mcp-server/examples/scan.request.json +0 -14
package/mcp-server/examples/scan.response.json +0 -108
package/mcp-server/index-v3.ts +0 -293
package/mcp-server/index.old.js +0 -4137
package/mcp-server/lib/cache.ts +0 -341
package/mcp-server/lib/errors.ts +0 -346
package/mcp-server/lib/ids.ts +0 -238
package/mcp-server/lib/logger.ts +0 -368
package/mcp-server/lib/metrics.ts +0 -365
package/mcp-server/lib/validator.ts +0 -229
package/mcp-server/package-lock.json +0 -165
package/mcp-server/schemas/error-envelope.schema.json +0 -125
package/mcp-server/schemas/finding.schema.json +0 -167
package/mcp-server/schemas/report-artifact.schema.json +0 -88
package/mcp-server/schemas/run-request.schema.json +0 -75
package/mcp-server/schemas/verdict.schema.json +0 -168
package/mcp-server/tier-auth.d.ts +0 -71
package/mcp-server/vitest.config.ts +0 -16

package/bin/runners/runGuard.js CHANGED Viewed

@@ -1,73 +1,127 @@
 /**
  * vibecheck guard - Unified trust boundary enforcement
  *
- * Combines: validate + claim-verifier + prompt-firewall
- *
- * Usage:
- *   vibecheck guard                    # Run all checks
- *   vibecheck guard --claims           # Verify AI claims against truthpack
- *   vibecheck guard --prompts          # Check for prompt injection
- *   vibecheck guard --hallucinations   # Detect AI hallucination patterns
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * World-Class AI Guardrails
+ * ═══════════════════════════════════════════════════════════════════════════════
  */
 const path = require("path");
 const fs = require("fs");
+const { parseGlobalFlags, shouldSuppressOutput, isJsonMode } = require("./lib/global-flags");
+const { EXIT } = require("./lib/exit-codes");
+const {
+  ansi,
+  sym,
+  renderMinimalHeader,
+  renderSectionHeader,
+  renderVerdict,
+  renderSuccess,
+  renderError,
+  renderWarning,
+  renderFooter,
+  Spinner,
+  getTierFromKey,
+} = require("./lib/unified-cli-output");
 // Import underlying implementations
-const { runValidate } = require("./runValidate");
-const { runPromptFirewall } = require("./runPromptFirewall");
-// ANSI colors
-const c = {
-  reset: "\x1b[0m",
-  dim: "\x1b[2m",
-  bold: "\x1b[1m",
-  cyan: "\x1b[36m",
-  green: "\x1b[32m",
-  yellow: "\x1b[33m",
-  red: "\x1b[31m",
-  magenta: "\x1b[35m",
-};
+let runValidate, runPromptFirewall;
+try {
+  runValidate = require("./runValidate").runValidate;
+} catch {
+  runValidate = null;
+}
+try {
+  runPromptFirewall = require("./runPromptFirewall").runPromptFirewall;
+} catch {
+  runPromptFirewall = null;
+}
 function printHelp() {
   console.log(`
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-  ${c.bold}vibecheck guard${c.reset} - Trust boundary enforcement for AI outputs
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-${c.green}USAGE${c.reset}
-  vibecheck guard [options]
-${c.yellow}OPTIONS${c.reset}
-  --claims           Verify AI claims against truthpack (route_exists, auth_enforced, etc.)
-  --prompts          Check code for prompt injection vulnerabilities
-  --hallucinations   Detect AI hallucination patterns in generated code
-  --file <path>      Check specific file(s)
-  --json             Output JSON for CI integration
-  --strict           Fail on warnings (default: fail on errors only)
-${c.magenta}EXAMPLES${c.reset}
-  vibecheck guard                           # Run all checks
-  vibecheck guard --claims --file api.ts    # Verify claims in specific file
-  vibecheck guard --prompts                 # Prompt injection scan
-  vibecheck guard --json                    # CI-friendly output
-${c.dim}This command unifies trust boundary checks for AI-generated code.${c.reset}
+  ${ansi.bold}USAGE${ansi.reset}
+    ${ansi.cyan}vibecheck guard${ansi.reset} [options]
+  ${ansi.dim}Aliases: ai-guard, firewall, validate${ansi.reset}
+  Validate AI-generated code and prompts. Detects prompt injection attempts,
+  verifies claims against your codebase (hallucination checking), and ensures
+  AI outputs meet your standards.
+  ${ansi.bold}CHECK MODES${ansi.reset}
+    ${ansi.cyan}--claims${ansi.reset}           Verify AI claims against truthpack
+    ${ansi.cyan}--prompts${ansi.reset}          Check code for prompt injection
+    ${ansi.cyan}--hallucinations${ansi.reset}   Detect AI hallucination patterns
+    ${ansi.dim}(default: run all checks)${ansi.reset}
+  ${ansi.bold}OPTIONS${ansi.reset}
+    ${ansi.cyan}--file <path>${ansi.reset}      Check specific file(s)
+    ${ansi.cyan}--strict${ansi.reset}           Fail on warnings (default: fail on errors only)
+    ${ansi.cyan}--json${ansi.reset}             Output as JSON (CI integration)
+    ${ansi.cyan}--quiet, -q${ansi.reset}        Suppress non-essential output
+    ${ansi.cyan}--help, -h${ansi.reset}         Show this help
+  ${ansi.bold}EXAMPLES${ansi.reset}
+    ${ansi.dim}# Run all guardrail checks${ansi.reset}
+    vibecheck guard
+    ${ansi.dim}# Verify AI claims in specific file${ansi.reset}
+    vibecheck guard --claims --file api.ts
+    ${ansi.dim}# Prompt injection scan only${ansi.reset}
+    vibecheck guard --prompts
+    ${ansi.dim}# CI pipeline (strict, JSON output)${ansi.reset}
+    vibecheck guard --strict --json
+  ${ansi.bold}EXIT CODES${ansi.reset}
+    0  All checks passed
+    1  Warnings found (non-blocking)
+    2  Errors found (blocking issues)
+  ${ansi.dim}────────────────────────────────────────────────────────────────────${ansi.reset}
+  ${ansi.dim}Documentation: https://docs.vibecheckai.dev/cli/guard${ansi.reset}
 `);
 }
 async function runGuard(args = []) {
+  const { flags: globalFlags } = parseGlobalFlags(args);
+  const quiet = shouldSuppressOutput(globalFlags);
+  const json = isJsonMode(globalFlags) || args.includes("--json");
+  const startTime = Date.now();
   // Parse arguments
-  if (args.includes("--help") || args.includes("-h")) {
+  if (globalFlags.help || args.includes("--help") || args.includes("-h")) {
     printHelp();
-    return 0;
+    return EXIT.SUCCESS;
   }
   const runClaims = args.includes("--claims") || (!args.includes("--prompts") && !args.includes("--hallucinations"));
   const runPrompts = args.includes("--prompts") || (!args.includes("--claims") && !args.includes("--hallucinations"));
   const runHallucinations = args.includes("--hallucinations") || (!args.includes("--claims") && !args.includes("--prompts"));
-  const jsonOutput = args.includes("--json");
   const strict = args.includes("--strict");
+  // Validate --file if provided
+  const fileIndex = args.indexOf("--file");
+  if (fileIndex !== -1) {
+    const filePath = args[fileIndex + 1];
+    if (!filePath || filePath.startsWith("--")) {
+      if (json) {
+        console.log(JSON.stringify({ success: false, error: "--file requires a path argument" }));
+      } else {
+        renderError("--file requires a path argument");
+      }
+      return EXIT.USER_ERROR;
+    }
+    if (!fs.existsSync(filePath)) {
+      if (json) {
+        console.log(JSON.stringify({ success: false, error: `File not found: ${filePath}` }));
+      } else {
+        renderError(`File not found: ${filePath}`);
+      }
+      return EXIT.NOT_FOUND;
+    }
+  }
   const results = {
     claims: null,
@@ -78,91 +132,131 @@ async function runGuard(args = []) {
     warnings: 0,
   };
-  console.log(`
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-  ${c.bold}🛡️  VIBECHECK GUARD${c.reset} - Trust Boundary Enforcement
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-`);
+  try {
+    if (!quiet && !json) {
+      renderMinimalHeader("guard", "starter");
+      renderSectionHeader("Trust Boundary Checks", sym.shield);
+    }
-  // Run claims verification (validates AI claims against truthpack)
-  if (runClaims) {
-    console.log(`${c.dim}▸ Verifying AI claims against truthpack...${c.reset}`);
-    try {
-      const validateArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
-      const exitCode = await runValidate(validateArgs);
-      results.claims = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
-      if (exitCode !== 0) {
-        results.errors++;
-        results.verdict = "FAIL";
+    // Run claims verification
+    if (runClaims) {
+      const spinner = !quiet && !json ? new Spinner("Verifying AI claims against truthpack").start() : null;
+      if (!runValidate) {
+        results.claims = { skipped: true, reason: "Validator module not available" };
+        spinner?.warn("Claims check skipped: module not available");
+      } else {
+        try {
+          const validateArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
+          const exitCode = await runValidate(validateArgs);
+          results.claims = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
+          if (exitCode !== 0) {
+            results.errors++;
+            results.verdict = "FAIL";
+            spinner?.fail("Claim verification failed");
+          } else {
+            spinner?.succeed("Claims verified");
+          }
+        } catch (e) {
+          results.claims = { error: e.message };
+          spinner?.warn(`Claims check failed: ${e.message}`);
+        }
       }
-      console.log(exitCode === 0
-        ? `  ${c.green}✓${c.reset} Claims verified`
-        : `  ${c.red}✗${c.reset} Claim verification failed`);
-    } catch (e) {
-      results.claims = { error: e.message };
-      console.log(`  ${c.yellow}⚠${c.reset} Claims check skipped: ${e.message}`);
     }
-  }
-  // Run prompt injection detection
-  if (runPrompts) {
-    console.log(`${c.dim}▸ Scanning for prompt injection vulnerabilities...${c.reset}`);
-    try {
-      const firewallArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
-      const exitCode = await runPromptFirewall(firewallArgs);
-      results.prompts = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
-      if (exitCode !== 0) {
-        results.warnings++;
-        if (strict) results.verdict = "FAIL";
+    // Run prompt injection detection
+    if (runPrompts) {
+      const spinner = !quiet && !json ? new Spinner("Scanning for prompt injection vulnerabilities").start() : null;
+      if (!runPromptFirewall) {
+        results.prompts = { skipped: true, reason: "Firewall module not available" };
+        spinner?.warn("Prompt check skipped: module not available");
+      } else {
+        try {
+          const firewallArgs = args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a));
+          const exitCode = await runPromptFirewall(firewallArgs);
+          results.prompts = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
+          if (exitCode !== 0) {
+            results.warnings++;
+            if (strict) results.verdict = "FAIL";
+            spinner?.warn("Prompt injection risks detected");
+          } else {
+            spinner?.succeed("No prompt injection risks");
+          }
+        } catch (e) {
+          results.prompts = { error: e.message };
+          spinner?.warn(`Prompt check failed: ${e.message}`);
+        }
       }
-      console.log(exitCode === 0
-        ? `  ${c.green}✓${c.reset} No prompt injection risks`
-        : `  ${c.yellow}⚠${c.reset} Prompt injection risks detected`);
-    } catch (e) {
-      results.prompts = { error: e.message };
-      console.log(`  ${c.yellow}⚠${c.reset} Prompt check skipped: ${e.message}`);
     }
-  }
-  // Run hallucination detection
-  if (runHallucinations) {
-    console.log(`${c.dim}▸ Detecting hallucination patterns...${c.reset}`);
-    // Use validate with hallucination focus
-    try {
-      const validateArgs = ["--hallucinations", ...args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a))];
-      const exitCode = await runValidate(validateArgs);
-      results.hallucinations = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
-      if (exitCode !== 0) {
-        results.warnings++;
-        if (strict) results.verdict = "FAIL";
+    // Run hallucination detection
+    if (runHallucinations) {
+      const spinner = !quiet && !json ? new Spinner("Detecting hallucination patterns").start() : null;
+      if (!runValidate) {
+        results.hallucinations = { skipped: true, reason: "Validator module not available" };
+        spinner?.warn("Hallucination check skipped: module not available");
+      } else {
+        try {
+          const validateArgs = ["--hallucinations", ...args.filter(a => !["--claims", "--prompts", "--hallucinations"].includes(a))];
+          const exitCode = await runValidate(validateArgs);
+          results.hallucinations = { exitCode, status: exitCode === 0 ? "pass" : "fail" };
+          if (exitCode !== 0) {
+            results.warnings++;
+            if (strict) results.verdict = "FAIL";
+            spinner?.warn("Potential hallucinations detected");
+          } else {
+            spinner?.succeed("No hallucination patterns");
+          }
+        } catch (e) {
+          results.hallucinations = { error: e.message };
+          spinner?.warn(`Hallucination check failed: ${e.message}`);
+        }
       }
-      console.log(exitCode === 0
-        ? `  ${c.green}✓${c.reset} No hallucination patterns`
-        : `  ${c.yellow}⚠${c.reset} Potential hallucinations detected`);
-    } catch (e) {
-      results.hallucinations = { error: e.message };
-      console.log(`  ${c.yellow}⚠${c.reset} Hallucination check skipped: ${e.message}`);
     }
-  }
-  // Summary
-  console.log(`
-${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}`);
-  if (results.verdict === "PASS") {
-    console.log(`  ${c.green}${c.bold}✓ GUARD PASS${c.reset} - All trust boundaries intact`);
-  } else {
-    console.log(`  ${c.red}${c.bold}✗ GUARD FAIL${c.reset} - Trust boundary violations detected`);
-  }
+    // Summary
+    const duration = Date.now() - startTime;
+    if (!quiet && !json) {
+      renderVerdict(results.verdict === "PASS" ? "PASS" : "FAIL", {
+        warnings: results.warnings,
+        critical: results.errors,
+        duration,
+      });
+      renderFooter({
+        nextSteps: results.verdict === "PASS" ? [
+          { cmd: "vibecheck scan", desc: "run full code analysis" },
+          { cmd: "vibecheck ship", desc: "get ship verdict" },
+        ] : [
+          { cmd: "vibecheck fix --plan-only", desc: "view fix recommendations" },
+        ],
+        docsUrl: "https://docs.vibecheckai.dev/cli/guard",
+      });
+    }
-  console.log(`${c.cyan}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}
-`);
+    if (json) {
+      console.log(JSON.stringify({ ...results, duration }, null, 2));
+    }
-  if (jsonOutput) {
-    console.log(JSON.stringify(results, null, 2));
+    // Return appropriate exit code
+    if (results.verdict === "PASS") {
+      return EXIT.SUCCESS;
+    } else if (results.errors > 0) {
+      return EXIT.BLOCKING;
+    } else {
+      return EXIT.WARNINGS;
+    }
+  } catch (error) {
+    if (json) {
+      console.log(JSON.stringify({ success: false, error: error.message }));
+    } else {
+      renderError(`Guard check failed: ${error.message}`);
+    }
+    return EXIT.INTERNAL_ERROR;
   }
-  return results.verdict === "PASS" ? 0 : (results.errors > 0 ? 2 : 1);
 }
 module.exports = { runGuard };

package/bin/runners/runInit.js CHANGED Viewed

@@ -12,6 +12,7 @@
 const fs = require("fs");
 const path = require("path");
 const { parseGlobalFlags, shouldShowBanner } = require("./lib/global-flags");
+const { EXIT } = require("./lib/exit-codes");
 // Use enhanced wizard if available
 let InitWizard;
@@ -693,8 +694,8 @@ async function runRepairMode(targetDir, projectName, opts) {
     if (!opts.dryRun) {
       startSpinner('Generating truthpack...', colors.accent);
       try {
-        const { runCtx } = require("./runCtx");
-        await runCtx(["build", "--path", targetDir, "--quiet"]);
+        const { runContext } = require("./runContext");
+        await runContext(["--path", targetDir, "--quiet"]);
         stopSpinner('Truthpack generated', true);
         fixes.push("Generated: .vibecheck/truthpack.json");
       } catch (e) {
@@ -1054,6 +1055,17 @@ function printNextSteps(options = {}) {
   console.log();
   console.log(`  ${c.dim}Full docs:${c.reset} ${colors.info}https://docs.vibecheckai.dev${c.reset}`);
   console.log();
+  // Upsell box
+  console.log(`  ${c.dim}╭────────────────────────────────────────────────────────────╮${c.reset}`);
+  console.log(`  ${c.dim}│${c.reset}                                                            ${c.dim}│${c.reset}`);
+  console.log(`  ${c.dim}│${c.reset}  ${colors.accent}⚡ STARTER${c.reset} ${c.dim}•${c.reset} AI-powered fixes, GitHub CI, MCP tools       ${c.dim}│${c.reset}`);
+  console.log(`  ${c.dim}│${c.reset}  ${colors.accent}🏆 PRO${c.reset}     ${c.dim}•${c.reset} Runtime proof, verified badges, AI testing   ${c.dim}│${c.reset}`);
+  console.log(`  ${c.dim}│${c.reset}                                                            ${c.dim}│${c.reset}`);
+  console.log(`  ${c.dim}│${c.reset}  ${colors.info}vibecheck login${c.reset} ${c.dim}to upgrade • vibecheck.dev/pricing${c.reset}       ${c.dim}│${c.reset}`);
+  console.log(`  ${c.dim}│${c.reset}                                                            ${c.dim}│${c.reset}`);
+  console.log(`  ${c.dim}╰────────────────────────────────────────────────────────────╯${c.reset}`);
+  console.log();
 }
 // ═══════════════════════════════════════════════════════════════════════════════
@@ -1398,13 +1410,17 @@ async function runLocalSetup(targetDir, projectName, opts, filesCreated) {
   if (!opts.dryRun) {
     startSpinner('Building truthpack...', colors.accent);
     try {
-      const { runCtx } = require("./runCtx");
-      await runCtx(["build", "--path", targetDir, "--quiet"]);
+      const { runContext } = require("./runContext");
+      await runContext(["--path", targetDir, "--quiet"]);
       stopSpinner('Truthpack generated', true);
       filesCreated.push('.vibecheck/truthpack.json');
     } catch (e) {
       stopSpinner('Truthpack generation failed', false);
-      throw new Error(`Truthpack generation failed: ${e.message}. Run 'vibecheck ctx build' manually or 'vibecheck init --repair' to retry.`);
+      // Don't throw - truthpack generation is optional for init
+      if (!opts.json) {
+        console.log(`  ${colors.warning}${ICONS.warning}${c.reset} ${e.message}`);
+        console.log(`  ${c.dim}Run 'vibecheck context' manually to generate truthpack${c.reset}`);
+      }
     }
   } else {
     printSetupStep('truthpack.json', 'dry-run', 'would generate via vibecheck ctx build');
@@ -1472,21 +1488,36 @@ async function runLocalSetup(targetDir, projectName, opts, filesCreated) {
     printSetupStep('IDE rules', 'dry-run', 'would generate via vibecheck context');
   }
-  // 6. Create .vibecheckrc at project root
+  // 6. Create .vibecheckrc at project root (create both for compatibility)
   logStep('Creating root config');
-  const rcPath = path.join(targetDir, ".vibecheckrc.json");
-  if (!fs.existsSync(rcPath)) {
-    const rc = {
-      extends: ".vibecheck/config.json",
-      tier: "free",
-    };
+  const rcPathJson = path.join(targetDir, ".vibecheckrc.json");
+  const rcPath = path.join(targetDir, ".vibecheckrc");
+  const rc = {
+    extends: ".vibecheck/config.json",
+    tier: "free",
+  };
+  if (!fs.existsSync(rcPathJson) && !fs.existsSync(rcPath)) {
     if (opts.dryRun) {
+      printSetupStep('.vibecheckrc', 'dry-run', 'would create');
       printSetupStep('.vibecheckrc.json', 'dry-run', 'would create');
     } else {
+      // Create .vibecheckrc (without .json) for compatibility with tests/expectations
       fs.writeFileSync(rcPath, JSON.stringify(rc, null, 2));
-      printSetupStep('.vibecheckrc.json', 'success', 'root config created');
+      printSetupStep('.vibecheckrc', 'success', 'root config created');
+      filesCreated.push('.vibecheckrc');
+      // Also create .vibecheckrc.json for backward compatibility
+      fs.writeFileSync(rcPathJson, JSON.stringify(rc, null, 2));
       filesCreated.push('.vibecheckrc.json');
     }
+  } else if (fs.existsSync(rcPathJson) && !fs.existsSync(rcPath)) {
+    // If only .vibecheckrc.json exists, create .vibecheckrc for compatibility
+    if (!opts.dryRun) {
+      fs.writeFileSync(rcPath, JSON.stringify(rc, null, 2));
+      printSetupStep('.vibecheckrc', 'success', 'root config created (compatibility)');
+      filesCreated.push('.vibecheckrc');
+    }
   }
   // 7. Update .gitignore
@@ -1510,7 +1541,8 @@ async function runLocalSetup(targetDir, projectName, opts, filesCreated) {
     }
   }
-  return filesCreated;
+  // Return both filesCreated and detection for use in main function
+  return { filesCreated, detection };
 }
 // ═══════════════════════════════════════════════════════════════════════════════
@@ -1611,10 +1643,11 @@ async function runInit(args) {
     return 0;
   }
-  // --quick mode delegates to runInstall (zero-friction onboarding)
+  // --quick mode runs local setup with non-interactive defaults
   if (opts.quick) {
-    const { runInstall } = require("./runInstall");
-    return await runInstall(args);
+    opts.local = true;
+    opts.nonInteractive = true;
+    // Continue with normal init flow below
   }
   const targetDir = path.resolve(opts.path);
@@ -1712,6 +1745,7 @@ async function runInit(args) {
   }
   let filesCreated = [];
+  let detection = null; // Declare detection in main function scope
   const result = {
     success: true,
     project: projectName,
@@ -1725,7 +1759,15 @@ async function runInit(args) {
   // Always run local setup first
   if (opts.local || opts.connect) {
     try {
-      filesCreated = await runLocalSetup(targetDir, projectName, opts, filesCreated);
+      // runLocalSetup returns both filesCreated and detection
+      const setupResult = await runLocalSetup(targetDir, projectName, opts, filesCreated);
+      if (setupResult && typeof setupResult === 'object' && 'filesCreated' in setupResult) {
+        filesCreated = setupResult.filesCreated;
+        detection = setupResult.detection || null;
+      } else {
+        // Backward compatibility: if it returns just an array, use it
+        filesCreated = Array.isArray(setupResult) ? setupResult : filesCreated;
+      }
     } catch (e) {
       result.errors.push({ step: 'local', error: e.message, stack: e.stack });
       if (!opts.json) {
@@ -1735,8 +1777,11 @@ async function runInit(args) {
         }
         console.log(`  ${colors.info}${ICONS.info}${c.reset} Run ${c.cyan}vibecheck init --repair${c.reset} to fix partial state`);
       }
-      if (!opts.dryRun) {
-        return 1; // Exit on error unless dry-run
+      // Don't exit on error - continue and report errors in result
+      // Only exit if critical setup failed AND we're not in dry-run mode
+      if (!opts.dryRun && result.errors.length > 0 && filesCreated.length === 0) {
+        // Only exit if NO files were created at all (complete failure)
+        return EXIT.INTERNAL_ERROR;
       }
     }
   }
@@ -1754,7 +1799,7 @@ async function runInit(args) {
         }
       }
       if (!opts.dryRun) {
-        return 1;
+        return EXIT.INTERNAL_ERROR;
       }
     }
   }