npm - @vibecheckai/cli - Versions diffs - 3.5.1 → 3.5.2 - Mend

@vibecheckai/cli 3.5.1 → 3.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (272) hide show

package/bin/registry.js +406 -154
package/bin/runners/context/analyzer.js +52 -1
package/bin/runners/context/generators/mcp.js +15 -13
package/bin/runners/context/git-context.js +3 -1
package/bin/runners/context/proof-context.js +248 -1
package/bin/runners/context/team-conventions.js +33 -7
package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +474 -0
package/bin/runners/lib/agent-firewall/change-packet/builder.js +488 -0
package/bin/runners/lib/agent-firewall/change-packet/schema.json +228 -0
package/bin/runners/lib/agent-firewall/change-packet/store.js +200 -0
package/bin/runners/lib/agent-firewall/claims/claim-types.js +21 -0
package/bin/runners/lib/agent-firewall/claims/extractor.js +303 -0
package/bin/runners/lib/agent-firewall/claims/patterns.js +24 -0
package/bin/runners/lib/agent-firewall/critic/index.js +151 -0
package/bin/runners/lib/agent-firewall/critic/judge.js +432 -0
package/bin/runners/lib/agent-firewall/critic/prompts.js +305 -0
package/bin/runners/lib/agent-firewall/evidence/auth-evidence.js +88 -0
package/bin/runners/lib/agent-firewall/evidence/contract-evidence.js +75 -0
package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +127 -0
package/bin/runners/lib/agent-firewall/evidence/resolver.js +102 -0
package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +213 -0
package/bin/runners/lib/agent-firewall/evidence/side-effect-evidence.js +145 -0
package/bin/runners/lib/agent-firewall/fs-hook/daemon.js +19 -0
package/bin/runners/lib/agent-firewall/fs-hook/installer.js +87 -0
package/bin/runners/lib/agent-firewall/fs-hook/watcher.js +184 -0
package/bin/runners/lib/agent-firewall/git-hook/pre-commit.js +163 -0
package/bin/runners/lib/agent-firewall/ide-extension/cursor.js +107 -0
package/bin/runners/lib/agent-firewall/ide-extension/vscode.js +68 -0
package/bin/runners/lib/agent-firewall/ide-extension/windsurf.js +66 -0
package/bin/runners/lib/agent-firewall/interceptor/base.js +304 -0
package/bin/runners/lib/agent-firewall/interceptor/cursor.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/vscode.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/windsurf.js +34 -0
package/bin/runners/lib/agent-firewall/lawbook/distributor.js +465 -0
package/bin/runners/lib/agent-firewall/lawbook/evaluator.js +604 -0
package/bin/runners/lib/agent-firewall/lawbook/index.js +304 -0
package/bin/runners/lib/agent-firewall/lawbook/registry.js +514 -0
package/bin/runners/lib/agent-firewall/lawbook/schema.js +420 -0
package/bin/runners/lib/agent-firewall/logger.js +141 -0
package/bin/runners/lib/agent-firewall/policy/default-policy.json +90 -0
package/bin/runners/lib/agent-firewall/policy/engine.js +103 -0
package/bin/runners/lib/agent-firewall/policy/loader.js +451 -0
package/bin/runners/lib/agent-firewall/policy/rules/auth-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/contract-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +86 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js +162 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +189 -0
package/bin/runners/lib/agent-firewall/policy/rules/scope.js +93 -0
package/bin/runners/lib/agent-firewall/policy/rules/unsafe-side-effect.js +57 -0
package/bin/runners/lib/agent-firewall/policy/schema.json +183 -0
package/bin/runners/lib/agent-firewall/policy/verdict.js +54 -0
package/bin/runners/lib/agent-firewall/proposal/extractor.js +394 -0
package/bin/runners/lib/agent-firewall/proposal/index.js +212 -0
package/bin/runners/lib/agent-firewall/proposal/schema.js +251 -0
package/bin/runners/lib/agent-firewall/proposal/validator.js +386 -0
package/bin/runners/lib/agent-firewall/reality/index.js +332 -0
package/bin/runners/lib/agent-firewall/reality/state.js +625 -0
package/bin/runners/lib/agent-firewall/reality/watcher.js +322 -0
package/bin/runners/lib/agent-firewall/risk/index.js +173 -0
package/bin/runners/lib/agent-firewall/risk/scorer.js +328 -0
package/bin/runners/lib/agent-firewall/risk/thresholds.js +321 -0
package/bin/runners/lib/agent-firewall/risk/vectors.js +421 -0
package/bin/runners/lib/agent-firewall/simulator/diff-simulator.js +472 -0
package/bin/runners/lib/agent-firewall/simulator/import-resolver.js +346 -0
package/bin/runners/lib/agent-firewall/simulator/index.js +181 -0
package/bin/runners/lib/agent-firewall/simulator/route-validator.js +380 -0
package/bin/runners/lib/agent-firewall/time-machine/incident-correlator.js +661 -0
package/bin/runners/lib/agent-firewall/time-machine/index.js +267 -0
package/bin/runners/lib/agent-firewall/time-machine/replay-engine.js +436 -0
package/bin/runners/lib/agent-firewall/time-machine/state-reconstructor.js +490 -0
package/bin/runners/lib/agent-firewall/time-machine/timeline-builder.js +530 -0
package/bin/runners/lib/agent-firewall/truthpack/index.js +67 -0
package/bin/runners/lib/agent-firewall/truthpack/loader.js +137 -0
package/bin/runners/lib/agent-firewall/unblock/planner.js +337 -0
package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +118 -0
package/bin/runners/lib/analysis-core.js +220 -182
package/bin/runners/lib/analyzers.js +2145 -224
package/bin/runners/lib/api-client.js +269 -0
package/bin/runners/lib/authority-badge.js +425 -0
package/bin/runners/lib/cli-output.js +242 -210
package/bin/runners/lib/default-config.js +127 -0
package/bin/runners/lib/detectors-v2.js +547 -785
package/bin/runners/lib/doctor/modules/security.js +3 -1
package/bin/runners/lib/engine/ast-cache.js +210 -0
package/bin/runners/lib/engine/auth-extractor.js +211 -0
package/bin/runners/lib/engine/billing-extractor.js +112 -0
package/bin/runners/lib/engine/enforcement-extractor.js +100 -0
package/bin/runners/lib/engine/env-extractor.js +207 -0
package/bin/runners/lib/engine/express-extractor.js +208 -0
package/bin/runners/lib/engine/extractors.js +849 -0
package/bin/runners/lib/engine/index.js +207 -0
package/bin/runners/lib/engine/repo-index.js +514 -0
package/bin/runners/lib/engine/types.js +124 -0
package/bin/runners/lib/engines/accessibility-engine.js +190 -0
package/bin/runners/lib/engines/api-consistency-engine.js +162 -0
package/bin/runners/lib/engines/ast-cache.js +99 -0
package/bin/runners/lib/engines/code-quality-engine.js +255 -0
package/bin/runners/lib/engines/console-logs-engine.js +115 -0
package/bin/runners/lib/engines/cross-file-analysis-engine.js +268 -0
package/bin/runners/lib/engines/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/deprecated-api-engine.js +226 -0
package/bin/runners/lib/engines/empty-catch-engine.js +150 -0
package/bin/runners/lib/engines/file-filter.js +131 -0
package/bin/runners/lib/engines/hardcoded-secrets-engine.js +251 -0
package/bin/runners/lib/engines/mock-data-engine.js +272 -0
package/bin/runners/lib/engines/parallel-processor.js +71 -0
package/bin/runners/lib/engines/performance-issues-engine.js +265 -0
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +243 -0
package/bin/runners/lib/engines/todo-fixme-engine.js +115 -0
package/bin/runners/lib/engines/type-aware-engine.js +152 -0
package/bin/runners/lib/engines/unsafe-regex-engine.js +225 -0
package/bin/runners/lib/engines/vibecheck-engines/README.md +53 -0
package/bin/runners/lib/engines/vibecheck-engines/index.js +15 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +291 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +83 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +275 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +167 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +139 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +140 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +234 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +78 -0
package/bin/runners/lib/engines/vibecheck-engines/package.json +13 -0
package/bin/runners/lib/entitlements-v2.js +152 -446
package/bin/runners/lib/error-handler.js +60 -12
package/bin/runners/lib/error-messages.js +289 -0
package/bin/runners/lib/evidence-pack.js +7 -1
package/bin/runners/lib/exit-codes.js +275 -0
package/bin/runners/lib/finding-id.js +69 -0
package/bin/runners/lib/finding-sorter.js +89 -0
package/bin/runners/lib/fingerprint.js +377 -0
package/bin/runners/lib/global-flags.js +37 -0
package/bin/runners/lib/help-formatter.js +413 -0
package/bin/runners/lib/logger.js +38 -0
package/bin/runners/lib/next-action.js +560 -0
package/bin/runners/lib/prerequisites.js +149 -0
package/bin/runners/lib/route-detection.js +137 -68
package/bin/runners/lib/route-truth.js +1167 -322
package/bin/runners/lib/scan-output.js +504 -463
package/bin/runners/lib/scan-runner.js +135 -0
package/bin/runners/lib/schemas/ajv-validator.js +464 -0
package/bin/runners/lib/schemas/error-envelope.schema.json +105 -0
package/bin/runners/lib/schemas/finding-v3.schema.json +151 -0
package/bin/runners/lib/schemas/report-artifact.schema.json +120 -0
package/bin/runners/lib/schemas/run-request.schema.json +108 -0
package/bin/runners/lib/schemas/validator.js +27 -0
package/bin/runners/lib/schemas/verdict.schema.json +140 -0
package/bin/runners/lib/ship-output-enterprise.js +239 -0
package/bin/runners/lib/ship-output.js +328 -31
package/bin/runners/lib/terminal-ui.js +234 -731
package/bin/runners/lib/truth.js +1332 -308
package/bin/runners/lib/unified-cli-output.js +604 -0
package/bin/runners/lib/unified-output.js +163 -155
package/bin/runners/lib/upsell.js +104 -204
package/bin/runners/runAgent.d.ts +5 -0
package/bin/runners/runAgent.js +161 -0
package/bin/runners/runAllowlist.js +166 -101
package/bin/runners/runApprove.js +1200 -0
package/bin/runners/runAuth.js +373 -95
package/bin/runners/runCheckpoint.js +59 -21
package/bin/runners/runClassify.js +926 -0
package/bin/runners/runContext.d.ts +4 -0
package/bin/runners/runContext.js +136 -24
package/bin/runners/runDoctor.js +115 -67
package/bin/runners/runEvidencePack.js +239 -96
package/bin/runners/runFirewall.d.ts +5 -0
package/bin/runners/runFirewall.js +134 -0
package/bin/runners/runFirewallHook.d.ts +5 -0
package/bin/runners/runFirewallHook.js +56 -0
package/bin/runners/runFix.js +6 -5
package/bin/runners/runGuard.js +212 -118
package/bin/runners/runInit.js +66 -21
package/bin/runners/runLabs.js +204 -121
package/bin/runners/runMcp.js +131 -60
package/bin/runners/runPolish.d.ts +4 -0
package/bin/runners/runPolish.js +43 -20
package/bin/runners/runProof.zip +0 -0
package/bin/runners/runProve.js +15 -5
package/bin/runners/runQuickstart.js +531 -0
package/bin/runners/runReality.js +14 -0
package/bin/runners/runReport.js +36 -4
package/bin/runners/runScan.js +689 -91
package/bin/runners/runShip.js +96 -40
package/bin/runners/runTruth.d.ts +5 -0
package/bin/runners/runTruth.js +101 -0
package/bin/runners/runValidate.js +21 -4
package/bin/runners/runWatch.js +118 -54
package/bin/scan.js +6 -1
package/bin/vibecheck.js +297 -52
package/mcp-server/HARDENING_SUMMARY.md +299 -0
package/mcp-server/agent-firewall-interceptor.js +500 -0
package/mcp-server/authority-tools.js +569 -0
package/mcp-server/conductor/conflict-resolver.js +588 -0
package/mcp-server/conductor/execution-planner.js +544 -0
package/mcp-server/conductor/index.js +377 -0
package/mcp-server/conductor/lock-manager.js +615 -0
package/mcp-server/conductor/request-queue.js +550 -0
package/mcp-server/conductor/session-manager.js +500 -0
package/mcp-server/conductor/tools.js +510 -0
package/mcp-server/deprecation-middleware.js +282 -0
package/mcp-server/handlers/index.ts +15 -0
package/mcp-server/handlers/tool-handler.ts +474 -591
package/mcp-server/index.js +1748 -1099
package/mcp-server/lib/api-client.cjs +13 -0
package/mcp-server/lib/cache-wrapper.cjs +383 -0
package/mcp-server/lib/error-envelope.js +138 -0
package/mcp-server/lib/executor.ts +428 -721
package/mcp-server/lib/index.ts +19 -0
package/mcp-server/lib/logger.cjs +30 -0
package/mcp-server/lib/rate-limiter.js +166 -0
package/mcp-server/lib/sandbox.test.ts +519 -0
package/mcp-server/lib/sandbox.ts +342 -284
package/mcp-server/lib/types.ts +267 -0
package/mcp-server/logger.js +173 -0
package/mcp-server/package.json +11 -27
package/mcp-server/premium-tools.js +2 -2
package/mcp-server/registry/tool-registry.js +794 -0
package/mcp-server/registry/tools.json +507 -378
package/mcp-server/registry.test.ts +334 -0
package/mcp-server/tests/tier-gating.test.js +297 -0
package/mcp-server/tier-auth.js +492 -347
package/mcp-server/tools-v3.js +950 -0
package/mcp-server/truth-context.js +131 -90
package/mcp-server/truth-firewall-tools.js +1612 -1001
package/mcp-server/tsconfig.json +8 -5
package/mcp-server/vibecheck-2.0-tools.js +14 -1
package/mcp-server/vibecheck-mcp-server-3.2.0.tgz +0 -0
package/mcp-server/vibecheck-tools.js +2 -2
package/package.json +4 -3
package/bin/runners/runInstall.js +0 -281
package/mcp-server/ARCHITECTURE.md +0 -339
package/mcp-server/__tests__/cache.test.ts +0 -313
package/mcp-server/__tests__/executor.test.ts +0 -239
package/mcp-server/__tests__/fixtures/exclusion-test/.cache/webpack/cache.pack +0 -1
package/mcp-server/__tests__/fixtures/exclusion-test/.next/server/chunk.js +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/.turbo/cache.json +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/.venv/lib/env.py +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/dist/bundle.js +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/package.json +0 -5
package/mcp-server/__tests__/fixtures/exclusion-test/src/app.ts +0 -5
package/mcp-server/__tests__/fixtures/exclusion-test/venv/lib/config.py +0 -4
package/mcp-server/__tests__/ids.test.ts +0 -345
package/mcp-server/__tests__/integration/tools.test.ts +0 -410
package/mcp-server/__tests__/registry.test.ts +0 -365
package/mcp-server/__tests__/sandbox.test.ts +0 -323
package/mcp-server/__tests__/schemas.test.ts +0 -372
package/mcp-server/benchmarks/run-benchmarks.ts +0 -304
package/mcp-server/examples/doctor.request.json +0 -14
package/mcp-server/examples/doctor.response.json +0 -53
package/mcp-server/examples/error.response.json +0 -15
package/mcp-server/examples/scan.request.json +0 -14
package/mcp-server/examples/scan.response.json +0 -108
package/mcp-server/index-v3.ts +0 -293
package/mcp-server/index.old.js +0 -4137
package/mcp-server/lib/cache.ts +0 -341
package/mcp-server/lib/errors.ts +0 -346
package/mcp-server/lib/ids.ts +0 -238
package/mcp-server/lib/logger.ts +0 -368
package/mcp-server/lib/metrics.ts +0 -365
package/mcp-server/lib/validator.ts +0 -229
package/mcp-server/package-lock.json +0 -165
package/mcp-server/schemas/error-envelope.schema.json +0 -125
package/mcp-server/schemas/finding.schema.json +0 -167
package/mcp-server/schemas/report-artifact.schema.json +0 -88
package/mcp-server/schemas/run-request.schema.json +0 -75
package/mcp-server/schemas/verdict.schema.json +0 -168
package/mcp-server/tier-auth.d.ts +0 -71
package/mcp-server/vitest.config.ts +0 -16

package/bin/runners/runMcp.js CHANGED Viewed

@@ -6,14 +6,17 @@
  */
 const path = require("path");
+const fs = require("fs");
 const http = require("http");
 const { URL } = require("url");
 // Import Vibecheck modules
-const { buildTruthpack, writeTruthpack } = require("./lib/truth");
+const { buildTruthpackSmart, writeTruthpack } = require("./lib/truth");
 const { shipCore } = require("./runShip");
 const { generateRunId } = require("./lib/cli-output");
 const { enforceLimit, enforceFeature, trackUsage } = require("./lib/entitlements");
+const { EXIT } = require("./lib/exit-codes");
+const { parseGlobalFlags, shouldSuppressOutput, isJsonMode } = require("./lib/global-flags");
 // MCP Server class
 class VibecheckMCPServer {
@@ -236,7 +239,7 @@ class VibecheckMCPServer {
     const source = args.source || "both";
     // Get truthpack
-    const truthpack = await buildTruthpack({ repoRoot: projectPath });
+    const truthpack = await buildTruthpackSmart({ repoRoot: projectPath });
     const result = {};
@@ -258,7 +261,7 @@ class VibecheckMCPServer {
     let truthpack;
     if (args.refresh) {
-      truthpack = await buildTruthpack({ repoRoot: projectPath });
+      truthpack = await buildTruthpackSmart({ repoRoot: projectPath });
       writeTruthpack(projectPath, truthpack);
     } else {
       // Try to read existing truthpack
@@ -266,7 +269,7 @@ class VibecheckMCPServer {
       if (require("fs").existsSync(truthpackPath)) {
         truthpack = JSON.parse(require("fs").readFileSync(truthpackPath, "utf8"));
       } else {
-        truthpack = await buildTruthpack({ repoRoot: projectPath });
+        truthpack = await buildTruthpackSmart({ repoRoot: projectPath });
         writeTruthpack(projectPath, truthpack);
       }
     }
@@ -642,8 +645,14 @@ class VibecheckMCPServer {
     });
     this.server.on("error", err => {
-      console.error("MCP Server failed to start:", err);
-      process.exit(1);
+      console.error("MCP Server failed to start:", err.message);
+      if (err.code === "EADDRINUSE") {
+        console.error(`  Port ${this.port} is already in use. Try a different port with --port`);
+      } else if (err.code === "EACCES") {
+        console.error(`  Permission denied for port ${this.port}. Use a port > 1024`);
+      }
+      // Emit error event for caller to handle
+      this.emit?.("error", err);
     });
   }
@@ -658,54 +667,70 @@ class VibecheckMCPServer {
 // CLI handler
 async function runMcp(args) {
   const opts = parseArgs(args);
+  const { flags: globalFlags } = parseGlobalFlags(args);
+  const quiet = shouldSuppressOutput(globalFlags);
+  const json = isJsonMode(globalFlags);
-  // Check if we're in free tier and only showing help/config
-  const isFreeTier = process.env.VIBECHECK_TIER === "free" || !process.env.VIBECHECK_API_KEY;
+  // MCP Server access: FREE tier gets observe mode, PRO tier gets full features
+  // Help/config/status/test commands are always available
   const isHelpOrConfig = opts.help || opts.printConfig || opts.status || opts.test;
-  if (isFreeTier && !isHelpOrConfig) {
-    // This will be handled by entitlements system
-    // But we can show a helpful message
-    console.log("\n🔌 MCP Server requires STARTER plan or higher");
-    console.log("Use --help to see available options or");
-    console.log("Upgrade: https://vibecheckai.dev/pricing\n");
-    return 3; // EXIT_FEATURE_NOT_ALLOWED
-  }
+  // MCP Server is available to all tiers - tier enforcement happens at tool level
+  // FREE users can run the server, but PRO tools will be gated
+  // This is handled by mcp-server/tier-auth.js
   if (opts.help) {
     printHelp();
-    return 0;
+    return EXIT.SUCCESS;
   }
   if (opts.printConfig) {
     printClientConfig(opts);
-    return 0;
+    return EXIT.SUCCESS;
   }
   if (opts.status) {
     // Check server status
     try {
-      const response = await fetch(`http://${opts.host}:${opts.port}/status`);
+      const host = opts.host || "127.0.0.1";
+      const port = opts.port || 3000;
+      const response = await fetch(`http://${host}:${port}/status`);
       const status = await response.json();
       console.log(JSON.stringify(status, null, 2));
-      return 0;
+      return EXIT.SUCCESS;
     } catch (err) {
-      console.error("Server not running or not reachable");
-      return 1;
+      if (json) {
+        console.log(JSON.stringify({ success: false, error: "Server not running or not reachable" }));
+      } else {
+        console.error("Server not running or not reachable");
+        console.error("  Start the server with: vibecheck mcp");
+      }
+      return EXIT.NETWORK_ERROR;
     }
   }
   if (opts.test) {
     // Test connection
     try {
-      const response = await fetch(`http://${opts.host}:${opts.port}/tools`);
+      const host = opts.host || "127.0.0.1";
+      const port = opts.port || 3000;
+      const response = await fetch(`http://${host}:${port}/tools`);
       const tools = await response.json();
-      console.log("✅ Connection successful");
-      console.log(`📋 Available tools: ${tools.tools.length}`);
-      return 0;
+      if (json) {
+        console.log(JSON.stringify({ success: true, toolCount: tools.tools?.length || 0 }));
+      } else {
+        console.log("✅ Connection successful");
+        console.log(`📋 Available tools: ${tools.tools?.length || 0}`);
+      }
+      return EXIT.SUCCESS;
     } catch (err) {
-      console.error("❌ Connection failed:", err.message);
-      return 1;
+      if (json) {
+        console.log(JSON.stringify({ success: false, error: err.message }));
+      } else {
+        console.error("❌ Connection failed:", err.message);
+        console.error("  Ensure the MCP server is running");
+      }
+      return EXIT.NETWORK_ERROR;
     }
   }
@@ -713,42 +738,88 @@ async function runMcp(args) {
   let config = {};
   if (opts.config) {
     const configPath = path.resolve(opts.config);
-    if (require("fs").existsSync(configPath)) {
-      config = JSON.parse(require("fs").readFileSync(configPath, "utf8"));
-    } else {
-      console.error(`Config file not found: ${configPath}`);
-      return 1;
+    if (!fs.existsSync(configPath)) {
+      if (json) {
+        console.log(JSON.stringify({ success: false, error: `Config file not found: ${configPath}` }));
+      } else {
+        console.error(`Config file not found: ${configPath}`);
+      }
+      return EXIT.NOT_FOUND;
+    }
+    try {
+      config = JSON.parse(fs.readFileSync(configPath, "utf8"));
+    } catch (parseErr) {
+      if (json) {
+        console.log(JSON.stringify({ success: false, error: `Invalid JSON in config: ${parseErr.message}` }));
+      } else {
+        console.error(`Invalid JSON in config file: ${parseErr.message}`);
+      }
+      return EXIT.USER_ERROR;
     }
   }
-  // Create and start server
-  const server = new VibecheckMCPServer({
-    host: opts.host || config.server?.host || "127.0.0.1",
-    port: opts.port || config.server?.port || 3000,
-    allowRemote: opts.allowRemote || config.server?.allowRemote || false,
-    requireApiKey: opts.requireApiKey !== false,
-    apiKey: opts.apiKey || config.auth?.apiKey,
-    logLevel: opts.logLevel || config.logging?.level || "info",
-    auditLog: opts.auditLog || config.logging?.auditFile
-  });
-  server.start();
-  // Handle shutdown
-  process.on("SIGINT", () => {
-    console.log("\nShutting down MCP server...");
-    server.stop();
-    process.exit(0);
-  });
-  process.on("SIGTERM", () => {
-    console.log("\nShutting down MCP server...");
-    server.stop();
-    process.exit(0);
-  });
+  // Validate port
+  const port = opts.port || config.server?.port || 3000;
+  if (isNaN(port) || port < 1 || port > 65535) {
+    if (json) {
+      console.log(JSON.stringify({ success: false, error: `Invalid port: ${port}` }));
+    } else {
+      console.error(`Invalid port: ${port}`);
+      console.error("  Port must be a number between 1 and 65535");
+    }
+    return EXIT.USER_ERROR;
+  }
-  // Keep process alive
-  return new Promise(() => {});
+  try {
+    // Create and start server
+    const server = new VibecheckMCPServer({
+      host: opts.host || config.server?.host || "127.0.0.1",
+      port: port,
+      allowRemote: opts.allowRemote || config.server?.allowRemote || false,
+      requireApiKey: opts.requireApiKey !== false,
+      apiKey: opts.apiKey || config.auth?.apiKey,
+      logLevel: opts.logLevel || config.logging?.level || "info",
+      auditLog: opts.auditLog || config.logging?.auditFile
+    });
+    // Track if server started successfully
+    let serverStarted = false;
+    let serverError = null;
+    // Listen for server errors before starting
+    server.server?.on?.("error", (err) => {
+      serverError = err;
+    });
+    server.start();
+    serverStarted = true;
+    // Handle shutdown gracefully
+    const cleanup = () => {
+      if (!quiet) console.log("\nShutting down MCP server...");
+      server.stop();
+    };
+    process.on("SIGINT", () => {
+      cleanup();
+      process.exit(EXIT.SUCCESS);
+    });
+    process.on("SIGTERM", () => {
+      cleanup();
+      process.exit(EXIT.SUCCESS);
+    });
+    // Keep process alive
+    return new Promise(() => {});
+  } catch (error) {
+    if (json) {
+      console.log(JSON.stringify({ success: false, error: error.message }));
+    } else {
+      console.error(`Failed to start MCP server: ${error.message}`);
+    }
+    return EXIT.INTERNAL_ERROR;
+  }
 }
 // Argument parsing

package/bin/runners/runPolish.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+/**
+ * Type declarations for runPolish.js
+ */
+export function runPolish(args: string[]): Promise<number>;

package/bin/runners/runPolish.js CHANGED Viewed

@@ -24,6 +24,8 @@
 const fs = require("fs");
 const path = require("path");
+const { EXIT } = require("./lib/exit-codes");
+const { parseGlobalFlags, shouldSuppressOutput, isJsonMode } = require("./lib/global-flags");
 // ═══════════════════════════════════════════════════════════════════════════════
 // TERMINAL STYLING
@@ -2856,26 +2858,35 @@ function getCategoryIcon(category) {
 async function runPolish(args) {
   const opts = parseArgs(args);
+  const { flags: globalFlags } = parseGlobalFlags(args);
+  const quiet = shouldSuppressOutput(globalFlags);
+  const json = isJsonMode(globalFlags) || opts.json;
   if (opts.help) {
     printHelp();
-    return 0;
+    return EXIT.SUCCESS;
   }
   const projectPath = path.resolve(opts.path);
   // Verify project exists
   if (!await pathExists(projectPath)) {
-    console.error(`${c.red}${icons.cross} Project path does not exist: ${projectPath}${c.reset}`);
-    return 1;
+    if (json) {
+      console.log(JSON.stringify({ success: false, error: `Project path does not exist: ${projectPath}` }));
+    } else {
+      console.error(`${c.red}${icons.cross} Project path does not exist: ${projectPath}${c.reset}`);
+      console.error(`  Verify the path and try again.`);
+    }
+    return EXIT.NOT_FOUND;
   }
-  // JSON mode
-  if (opts.json) {
-    const report = await analyzeProject(projectPath, opts);
-    console.log(JSON.stringify(report, null, 2));
-    return report.critical > 0 ? 1 : 0;
-  }
+  try {
+    // JSON mode
+    if (json) {
+      const report = await analyzeProject(projectPath, opts);
+      console.log(JSON.stringify(report, null, 2));
+      return report.critical > 0 ? EXIT.BLOCKING : EXIT.SUCCESS;
+    }
   // Interactive mode
   console.log(`
@@ -2914,8 +2925,10 @@ ${c.bold}╔══════════════════════
   console.log(`            ${icons.critical} ${report.critical} critical  ${icons.high} ${report.high} high  ${icons.medium} ${report.medium} medium  ${icons.low} ${report.low} low\n`);
   if (report.issues.length === 0) {
-    console.log(`\n${c.green}${c.bold}${icons.check} Perfect!${c.reset} No polish issues found. Your project is production-ready! ${icons.rocket}\n`);
-    return 0;
+    if (!quiet) {
+      console.log(`\n${c.green}${c.bold}${icons.check} Perfect!${c.reset} No polish issues found. Your project is production-ready! ${icons.rocket}\n`);
+    }
+    return EXIT.SUCCESS;
   }
   // Group by category
@@ -3016,16 +3029,26 @@ ${c.bold}╔══════════════════════
   }
   // Next steps
-  console.log(`${c.bold}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}`);
-  console.log(`${c.bold}${icons.rocket} NEXT STEPS${c.reset}`);
-  console.log(`${c.bold}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}\n`);
-  console.log(`   1. Fix ${c.red}critical${c.reset} and ${c.yellow}high${c.reset} severity issues first`);
-  console.log(`   2. Use ${c.cyan}vibecheck polish --prompts${c.reset} to get AI-ready fixes`);
-  console.log(`   3. Copy prompts to your AI assistant (Cursor, Copilot, Claude)`);
-  console.log(`   4. Re-run ${c.cyan}vibecheck polish${c.reset} to verify fixes`);
-  console.log(`   5. Run ${c.cyan}vibecheck ship${c.reset} when score is 80+\n`);
+  if (!quiet) {
+    console.log(`${c.bold}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}`);
+    console.log(`${c.bold}${icons.rocket} NEXT STEPS${c.reset}`);
+    console.log(`${c.bold}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${c.reset}\n`);
+    console.log(`   1. Fix ${c.red}critical${c.reset} and ${c.yellow}high${c.reset} severity issues first`);
+    console.log(`   2. Use ${c.cyan}vibecheck polish --prompts${c.reset} to get AI-ready fixes`);
+    console.log(`   3. Copy prompts to your AI assistant (Cursor, Copilot, Claude)`);
+    console.log(`   4. Re-run ${c.cyan}vibecheck polish${c.reset} to verify fixes`);
+    console.log(`   5. Run ${c.cyan}vibecheck ship${c.reset} when score is 80+\n`);
+  }
-  return report.critical > 0 ? 1 : 0;
+  return report.critical > 0 ? EXIT.BLOCKING : EXIT.SUCCESS;
+  } catch (error) {
+    if (json) {
+      console.log(JSON.stringify({ success: false, error: error.message }));
+    } else {
+      console.error(`${c.red}${icons.cross} Polish analysis failed: ${error.message}${c.reset}`);
+    }
+    return EXIT.INTERNAL_ERROR;
+  }
 }
 module.exports = { runPolish };

package/bin/runners/runProof.zip ADDED Viewed

Binary file

package/bin/runners/runProve.js CHANGED Viewed

@@ -19,18 +19,18 @@
 const fs = require("fs");
 const path = require("path");
-const { buildTruthpack, writeTruthpack, detectFastifyEntry } = require("./lib/truth");
+const { buildTruthpackSmart, writeTruthpack, detectFastifyEntry } = require("./lib/truth");
 const { shipCore } = require("./runShip");
 const { findContractDrift, loadContracts, hasContracts, getDriftSummary } = require("./lib/drift");
 const {
   generateRunId,
   createJsonOutput,
   writeJsonOutput,
-  exitCodeToVerdict,
-  verdictToExitCode,
   saveArtifact
 } = require("./lib/cli-output");
+const { EXIT, verdictToExitCode, exitCodeToVerdict } = require("./lib/exit-codes");
 const { parseGlobalFlags, shouldShowBanner } = require("./lib/global-flags");
+const upsell = require("./lib/upsell");
 let runReality;
 try {
@@ -709,6 +709,9 @@ function printHelp(showBanner = true) {
     ${colors.accent}--no-trace${c.reset}               Disable Playwright traces
     ${colors.accent}--no-har${c.reset}                 Disable HAR network capture
+  ${c.bold}Evidence Pack:${c.reset}
+    ${colors.accent}--bundle${c.reset}                 Generate shareable evidence pack (zip with videos, traces, screenshots)
   ${c.bold}Exit Codes:${c.reset}
     ${colors.shipGreen}0${c.reset}  SHIP  — Proved real, ready to deploy
     ${colors.warnAmber}1${c.reset}  WARN  — Warnings found, review recommended
@@ -797,7 +800,7 @@ async function runProve(argsOrOpts = {}, context = {}) {
       stabilityRuns: parseInt(getArg(["--stability-runs"]) || "2", 10),
       flakyThreshold: parseFloat(getArg(["--flaky-threshold"]) || "0.66"),
       maxPages: parseInt(getArg(["--max-pages"]) || "18", 10),
-      evidencePack: cleanArgs.includes("--evidence-pack"),
+      evidencePack: cleanArgs.includes("--evidence-pack") || cleanArgs.includes("--bundle"),
       output: getArg(["--output", "-o"]),
     };
   }
@@ -866,7 +869,7 @@ async function runProve(argsOrOpts = {}, context = {}) {
   try {
     const fastEntry = fastifyEntry || (await detectFastifyEntry(root));
-    const truthpack = await buildTruthpack({ repoRoot: root, fastifyEntry: fastEntry });
+    const truthpack = await buildTruthpackSmart({ repoRoot: root, fastifyEntry: fastEntry });
     writeTruthpack(root, truthpack);
     stopSpinner('Truthpack refreshed', true);
@@ -1407,6 +1410,13 @@ async function runProve(argsOrOpts = {}, context = {}) {
       console.log(`  ${colors.accent}vibecheck ship --fix${c.reset}  ${c.dim}Manual fix mode${c.reset}`);
       console.log();
     }
+    // Upsell for upgrade
+    console.log(upsell.formatNextSteps("prove", finalVerdict, "free"));
+    console.log();
+    console.log(`  ${c.dim}${upsell.sym.star} Upgrade for unlimited prove runs + video artifacts${c.reset}`);
+    console.log(`  ${c.dim}${upsell.sym.arrow} ${upsell.PRICING_URL}${c.reset}`);
+    console.log();
   } else if (ci) {
     // CI mode - structured output for easy parsing
     console.log(`::group::vibecheck prove summary`);