npm - @vibecheckai/cli - Versions diffs - 3.5.1 → 3.5.3 - Mend

@vibecheckai/cli 3.5.1 → 3.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (272) hide show

package/bin/registry.js +406 -154
package/bin/runners/context/analyzer.js +52 -1
package/bin/runners/context/generators/mcp.js +15 -13
package/bin/runners/context/git-context.js +3 -1
package/bin/runners/context/proof-context.js +248 -1
package/bin/runners/context/team-conventions.js +33 -7
package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +474 -0
package/bin/runners/lib/agent-firewall/change-packet/builder.js +488 -0
package/bin/runners/lib/agent-firewall/change-packet/schema.json +228 -0
package/bin/runners/lib/agent-firewall/change-packet/store.js +200 -0
package/bin/runners/lib/agent-firewall/claims/claim-types.js +21 -0
package/bin/runners/lib/agent-firewall/claims/extractor.js +303 -0
package/bin/runners/lib/agent-firewall/claims/patterns.js +24 -0
package/bin/runners/lib/agent-firewall/critic/index.js +151 -0
package/bin/runners/lib/agent-firewall/critic/judge.js +432 -0
package/bin/runners/lib/agent-firewall/critic/prompts.js +305 -0
package/bin/runners/lib/agent-firewall/evidence/auth-evidence.js +88 -0
package/bin/runners/lib/agent-firewall/evidence/contract-evidence.js +75 -0
package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +127 -0
package/bin/runners/lib/agent-firewall/evidence/resolver.js +102 -0
package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +213 -0
package/bin/runners/lib/agent-firewall/evidence/side-effect-evidence.js +145 -0
package/bin/runners/lib/agent-firewall/fs-hook/daemon.js +19 -0
package/bin/runners/lib/agent-firewall/fs-hook/installer.js +87 -0
package/bin/runners/lib/agent-firewall/fs-hook/watcher.js +184 -0
package/bin/runners/lib/agent-firewall/git-hook/pre-commit.js +163 -0
package/bin/runners/lib/agent-firewall/ide-extension/cursor.js +107 -0
package/bin/runners/lib/agent-firewall/ide-extension/vscode.js +68 -0
package/bin/runners/lib/agent-firewall/ide-extension/windsurf.js +66 -0
package/bin/runners/lib/agent-firewall/interceptor/base.js +304 -0
package/bin/runners/lib/agent-firewall/interceptor/cursor.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/vscode.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/windsurf.js +34 -0
package/bin/runners/lib/agent-firewall/lawbook/distributor.js +465 -0
package/bin/runners/lib/agent-firewall/lawbook/evaluator.js +604 -0
package/bin/runners/lib/agent-firewall/lawbook/index.js +304 -0
package/bin/runners/lib/agent-firewall/lawbook/registry.js +514 -0
package/bin/runners/lib/agent-firewall/lawbook/schema.js +420 -0
package/bin/runners/lib/agent-firewall/logger.js +141 -0
package/bin/runners/lib/agent-firewall/policy/default-policy.json +90 -0
package/bin/runners/lib/agent-firewall/policy/engine.js +103 -0
package/bin/runners/lib/agent-firewall/policy/loader.js +451 -0
package/bin/runners/lib/agent-firewall/policy/rules/auth-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/contract-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +86 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js +162 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +189 -0
package/bin/runners/lib/agent-firewall/policy/rules/scope.js +93 -0
package/bin/runners/lib/agent-firewall/policy/rules/unsafe-side-effect.js +57 -0
package/bin/runners/lib/agent-firewall/policy/schema.json +183 -0
package/bin/runners/lib/agent-firewall/policy/verdict.js +54 -0
package/bin/runners/lib/agent-firewall/proposal/extractor.js +394 -0
package/bin/runners/lib/agent-firewall/proposal/index.js +212 -0
package/bin/runners/lib/agent-firewall/proposal/schema.js +251 -0
package/bin/runners/lib/agent-firewall/proposal/validator.js +386 -0
package/bin/runners/lib/agent-firewall/reality/index.js +332 -0
package/bin/runners/lib/agent-firewall/reality/state.js +625 -0
package/bin/runners/lib/agent-firewall/reality/watcher.js +322 -0
package/bin/runners/lib/agent-firewall/risk/index.js +173 -0
package/bin/runners/lib/agent-firewall/risk/scorer.js +328 -0
package/bin/runners/lib/agent-firewall/risk/thresholds.js +321 -0
package/bin/runners/lib/agent-firewall/risk/vectors.js +421 -0
package/bin/runners/lib/agent-firewall/simulator/diff-simulator.js +472 -0
package/bin/runners/lib/agent-firewall/simulator/import-resolver.js +346 -0
package/bin/runners/lib/agent-firewall/simulator/index.js +181 -0
package/bin/runners/lib/agent-firewall/simulator/route-validator.js +380 -0
package/bin/runners/lib/agent-firewall/time-machine/incident-correlator.js +661 -0
package/bin/runners/lib/agent-firewall/time-machine/index.js +267 -0
package/bin/runners/lib/agent-firewall/time-machine/replay-engine.js +436 -0
package/bin/runners/lib/agent-firewall/time-machine/state-reconstructor.js +490 -0
package/bin/runners/lib/agent-firewall/time-machine/timeline-builder.js +530 -0
package/bin/runners/lib/agent-firewall/truthpack/index.js +67 -0
package/bin/runners/lib/agent-firewall/truthpack/loader.js +137 -0
package/bin/runners/lib/agent-firewall/unblock/planner.js +337 -0
package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +118 -0
package/bin/runners/lib/analysis-core.js +220 -182
package/bin/runners/lib/analyzers.js +2145 -224
package/bin/runners/lib/api-client.js +269 -0
package/bin/runners/lib/authority-badge.js +425 -0
package/bin/runners/lib/cli-output.js +242 -210
package/bin/runners/lib/default-config.js +127 -0
package/bin/runners/lib/detectors-v2.js +547 -785
package/bin/runners/lib/doctor/modules/security.js +3 -1
package/bin/runners/lib/engine/ast-cache.js +210 -0
package/bin/runners/lib/engine/auth-extractor.js +211 -0
package/bin/runners/lib/engine/billing-extractor.js +112 -0
package/bin/runners/lib/engine/enforcement-extractor.js +100 -0
package/bin/runners/lib/engine/env-extractor.js +207 -0
package/bin/runners/lib/engine/express-extractor.js +208 -0
package/bin/runners/lib/engine/extractors.js +849 -0
package/bin/runners/lib/engine/index.js +207 -0
package/bin/runners/lib/engine/repo-index.js +514 -0
package/bin/runners/lib/engine/types.js +124 -0
package/bin/runners/lib/engines/accessibility-engine.js +190 -0
package/bin/runners/lib/engines/api-consistency-engine.js +162 -0
package/bin/runners/lib/engines/ast-cache.js +99 -0
package/bin/runners/lib/engines/code-quality-engine.js +255 -0
package/bin/runners/lib/engines/console-logs-engine.js +115 -0
package/bin/runners/lib/engines/cross-file-analysis-engine.js +268 -0
package/bin/runners/lib/engines/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/deprecated-api-engine.js +226 -0
package/bin/runners/lib/engines/empty-catch-engine.js +150 -0
package/bin/runners/lib/engines/file-filter.js +131 -0
package/bin/runners/lib/engines/hardcoded-secrets-engine.js +251 -0
package/bin/runners/lib/engines/mock-data-engine.js +272 -0
package/bin/runners/lib/engines/parallel-processor.js +71 -0
package/bin/runners/lib/engines/performance-issues-engine.js +265 -0
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +243 -0
package/bin/runners/lib/engines/todo-fixme-engine.js +115 -0
package/bin/runners/lib/engines/type-aware-engine.js +152 -0
package/bin/runners/lib/engines/unsafe-regex-engine.js +225 -0
package/bin/runners/lib/engines/vibecheck-engines/README.md +53 -0
package/bin/runners/lib/engines/vibecheck-engines/index.js +15 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +291 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +83 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +275 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +167 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +139 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +140 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +234 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +78 -0
package/bin/runners/lib/engines/vibecheck-engines/package.json +13 -0
package/bin/runners/lib/entitlements-v2.js +152 -446
package/bin/runners/lib/error-handler.js +60 -12
package/bin/runners/lib/error-messages.js +289 -0
package/bin/runners/lib/evidence-pack.js +7 -1
package/bin/runners/lib/exit-codes.js +275 -0
package/bin/runners/lib/finding-id.js +69 -0
package/bin/runners/lib/finding-sorter.js +89 -0
package/bin/runners/lib/fingerprint.js +377 -0
package/bin/runners/lib/global-flags.js +37 -0
package/bin/runners/lib/help-formatter.js +413 -0
package/bin/runners/lib/logger.js +38 -0
package/bin/runners/lib/next-action.js +560 -0
package/bin/runners/lib/prerequisites.js +149 -0
package/bin/runners/lib/route-detection.js +137 -68
package/bin/runners/lib/route-truth.js +1167 -322
package/bin/runners/lib/scan-output.js +504 -463
package/bin/runners/lib/scan-runner.js +135 -0
package/bin/runners/lib/schemas/ajv-validator.js +464 -0
package/bin/runners/lib/schemas/error-envelope.schema.json +105 -0
package/bin/runners/lib/schemas/finding-v3.schema.json +151 -0
package/bin/runners/lib/schemas/report-artifact.schema.json +120 -0
package/bin/runners/lib/schemas/run-request.schema.json +108 -0
package/bin/runners/lib/schemas/validator.js +27 -0
package/bin/runners/lib/schemas/verdict.schema.json +140 -0
package/bin/runners/lib/ship-output-enterprise.js +239 -0
package/bin/runners/lib/ship-output.js +328 -31
package/bin/runners/lib/terminal-ui.js +234 -731
package/bin/runners/lib/truth.js +1332 -308
package/bin/runners/lib/unified-cli-output.js +604 -0
package/bin/runners/lib/unified-output.js +163 -155
package/bin/runners/lib/upsell.js +104 -204
package/bin/runners/runAgent.d.ts +5 -0
package/bin/runners/runAgent.js +161 -0
package/bin/runners/runAllowlist.js +166 -101
package/bin/runners/runApprove.js +1200 -0
package/bin/runners/runAuth.js +373 -95
package/bin/runners/runCheckpoint.js +59 -21
package/bin/runners/runClassify.js +926 -0
package/bin/runners/runContext.d.ts +4 -0
package/bin/runners/runContext.js +136 -24
package/bin/runners/runDoctor.js +115 -67
package/bin/runners/runEvidencePack.js +239 -96
package/bin/runners/runFirewall.d.ts +5 -0
package/bin/runners/runFirewall.js +134 -0
package/bin/runners/runFirewallHook.d.ts +5 -0
package/bin/runners/runFirewallHook.js +56 -0
package/bin/runners/runFix.js +6 -5
package/bin/runners/runGuard.js +212 -118
package/bin/runners/runInit.js +66 -21
package/bin/runners/runLabs.js +204 -121
package/bin/runners/runMcp.js +131 -60
package/bin/runners/runPolish.d.ts +4 -0
package/bin/runners/runPolish.js +43 -20
package/bin/runners/runProof.zip +0 -0
package/bin/runners/runProve.js +15 -5
package/bin/runners/runQuickstart.js +531 -0
package/bin/runners/runReality.js +14 -0
package/bin/runners/runReport.js +36 -4
package/bin/runners/runScan.js +689 -91
package/bin/runners/runShip.js +96 -40
package/bin/runners/runTruth.d.ts +5 -0
package/bin/runners/runTruth.js +101 -0
package/bin/runners/runValidate.js +21 -4
package/bin/runners/runWatch.js +118 -54
package/bin/scan.js +6 -1
package/bin/vibecheck.js +297 -52
package/mcp-server/HARDENING_SUMMARY.md +299 -0
package/mcp-server/agent-firewall-interceptor.js +500 -0
package/mcp-server/authority-tools.js +569 -0
package/mcp-server/conductor/conflict-resolver.js +588 -0
package/mcp-server/conductor/execution-planner.js +544 -0
package/mcp-server/conductor/index.js +377 -0
package/mcp-server/conductor/lock-manager.js +615 -0
package/mcp-server/conductor/request-queue.js +550 -0
package/mcp-server/conductor/session-manager.js +500 -0
package/mcp-server/conductor/tools.js +510 -0
package/mcp-server/deprecation-middleware.js +282 -0
package/mcp-server/handlers/index.ts +15 -0
package/mcp-server/handlers/tool-handler.ts +474 -591
package/mcp-server/index.js +1748 -1099
package/mcp-server/lib/api-client.cjs +13 -0
package/mcp-server/lib/cache-wrapper.cjs +383 -0
package/mcp-server/lib/error-envelope.js +138 -0
package/mcp-server/lib/executor.ts +428 -721
package/mcp-server/lib/index.ts +19 -0
package/mcp-server/lib/logger.cjs +30 -0
package/mcp-server/lib/rate-limiter.js +166 -0
package/mcp-server/lib/sandbox.test.ts +519 -0
package/mcp-server/lib/sandbox.ts +342 -284
package/mcp-server/lib/types.ts +267 -0
package/mcp-server/logger.js +173 -0
package/mcp-server/package.json +11 -27
package/mcp-server/premium-tools.js +2 -2
package/mcp-server/registry/tool-registry.js +794 -0
package/mcp-server/registry/tools.json +507 -378
package/mcp-server/registry.test.ts +334 -0
package/mcp-server/tests/tier-gating.test.js +297 -0
package/mcp-server/tier-auth.js +492 -347
package/mcp-server/tools-v3.js +950 -0
package/mcp-server/truth-context.js +131 -90
package/mcp-server/truth-firewall-tools.js +1612 -1001
package/mcp-server/tsconfig.json +8 -5
package/mcp-server/vibecheck-2.0-tools.js +14 -1
package/mcp-server/vibecheck-mcp-server-3.2.0.tgz +0 -0
package/mcp-server/vibecheck-tools.js +2 -2
package/package.json +4 -3
package/bin/runners/runInstall.js +0 -281
package/mcp-server/ARCHITECTURE.md +0 -339
package/mcp-server/__tests__/cache.test.ts +0 -313
package/mcp-server/__tests__/executor.test.ts +0 -239
package/mcp-server/__tests__/fixtures/exclusion-test/.cache/webpack/cache.pack +0 -1
package/mcp-server/__tests__/fixtures/exclusion-test/.next/server/chunk.js +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/.turbo/cache.json +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/.venv/lib/env.py +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/dist/bundle.js +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/package.json +0 -5
package/mcp-server/__tests__/fixtures/exclusion-test/src/app.ts +0 -5
package/mcp-server/__tests__/fixtures/exclusion-test/venv/lib/config.py +0 -4
package/mcp-server/__tests__/ids.test.ts +0 -345
package/mcp-server/__tests__/integration/tools.test.ts +0 -410
package/mcp-server/__tests__/registry.test.ts +0 -365
package/mcp-server/__tests__/sandbox.test.ts +0 -323
package/mcp-server/__tests__/schemas.test.ts +0 -372
package/mcp-server/benchmarks/run-benchmarks.ts +0 -304
package/mcp-server/examples/doctor.request.json +0 -14
package/mcp-server/examples/doctor.response.json +0 -53
package/mcp-server/examples/error.response.json +0 -15
package/mcp-server/examples/scan.request.json +0 -14
package/mcp-server/examples/scan.response.json +0 -108
package/mcp-server/index-v3.ts +0 -293
package/mcp-server/index.old.js +0 -4137
package/mcp-server/lib/cache.ts +0 -341
package/mcp-server/lib/errors.ts +0 -346
package/mcp-server/lib/ids.ts +0 -238
package/mcp-server/lib/logger.ts +0 -368
package/mcp-server/lib/metrics.ts +0 -365
package/mcp-server/lib/validator.ts +0 -229
package/mcp-server/package-lock.json +0 -165
package/mcp-server/schemas/error-envelope.schema.json +0 -125
package/mcp-server/schemas/finding.schema.json +0 -167
package/mcp-server/schemas/report-artifact.schema.json +0 -88
package/mcp-server/schemas/run-request.schema.json +0 -75
package/mcp-server/schemas/verdict.schema.json +0 -168
package/mcp-server/tier-auth.d.ts +0 -71
package/mcp-server/vitest.config.ts +0 -16

package/bin/registry.js CHANGED Viewed

@@ -1,42 +1,47 @@
 /**
- * Vibecheck CLI Command Registry (LOCKED)
+ * Vibecheck CLI Command Registry
  *
  * Single source of truth for the public CLI surface.
  * If it isn't here, it does not exist.
+ *
+ * Simple 2-tier model:
+ * - FREE ($0): Inspect & Observe
+ * - PRO ($69/mo): Fix, Prove & Enforce
  */
 "use strict";
 // ─────────────────────────────────────────────────────────────
-// CORE 13 + APPROVED EXTRAS (locked surface area)
+// CLI COMMANDS (2-tier: FREE / PRO)
 // ─────────────────────────────────────────────────────────────
 const ALLOWED_COMMANDS = new Set([
-  // Core 13
-  "init",
-  "doctor",
-  "scan",
-  "report",
-  "fix",
-  "watch",
-  "checkpoint",
-  "polish",
-  "ship",
-  "prove",   // replaces ctx
-  "reality", // runtime crawl
-  "context",
-  "guard",
-  // Proof artifacts (new)
-  "evidence-pack",
-  "allowlist",
-  // Approved extras
-  "mcp",
-  "login",
-  "logout",
-  "whoami",
-  "ai-test",
-  "labs",
+  // FREE (14) - Inspect & Observe
+  "init",           // one-time setup
+  "quickstart",     // 2-minute onboarding (NEW)
+  "doctor",         // health check
+  "watch",          // continuous mode
+  "scan",           // static analysis
+  "report",         // generate reports
+  "context",        // generate IDE rules
+  "classify",       // Authority: inventory (read-only)
+  "login",          // authenticate
+  "logout",         // remove credentials
+  "whoami",         // show current user
+  "allowlist",      // manage finding allowlist
+  "evidence-pack",  // bundle proof artifacts
+  "labs",           // experimental features
+  // PRO (9) - Fix, Prove & Enforce
+  "ship",       // verdict engine (GO/NO-GO)
+  "fix",        // AI-powered fixes
+  "prove",      // runtime proof
+  "reality",    // browser verification
+  "gate",       // CI/CD enforcement
+  "guard",      // AI guardrails
+  "mcp",        // MCP server
+  "checkpoint", // baseline comparison
+  "approve",    // Authority: verdicts
+  "polish",     // production polish
 ]);
 function assertAllowedOnly(obj) {
@@ -47,241 +52,488 @@ function assertAllowedOnly(obj) {
 }
 // ─────────────────────────────────────────────────────────────
-// COMMANDS (ALLOWED ONLY)
+// COMMANDS - 2-Tier: FREE and PRO ($69/mo)
 // ─────────────────────────────────────────────────────────────
 const COMMANDS = {
-  // ── SETUP ───────────────────────────────────────────────────
+  // ══════════════════════════════════════════════════════════════
+  // FREE TIER - Inspect & Observe
+  // ══════════════════════════════════════════════════════════════
   init: {
     description: "One-time setup (config + contracts + scripts)",
+    longDescription: "Initialize vibecheck in your project. Creates configuration files, sets up IDE rules, and optionally connects to the dashboard.",
     tier: "free",
     category: "setup",
     aliases: ["setup", "configure"],
     runner: () => require("./runners/runInit").runInit,
+    examples: [
+      { command: "vibecheck init", description: "Interactive setup wizard" },
+      { command: "vibecheck init --local", description: "Quick local-only setup" },
+      { command: "vibecheck init --quick", description: "Non-interactive defaults" },
+    ],
+    related: ["quickstart", "doctor", "scan"],
+  },
+  quickstart: {
+    description: "2-minute onboarding: doctor → ctx → scan → ship → report",
+    longDescription: "Get your first proof in under 2 minutes. Runs the complete verification pipeline with sensible defaults.",
+    tier: "free",
+    category: "setup",
+    aliases: ["qs", "start", "onboard"],
+    runner: () => require("./runners/runQuickstart").runQuickstart,
+    examples: [
+      { command: "vibecheck quickstart", description: "Run full 2-minute onboarding" },
+      { command: "vibecheck quickstart --fast", description: "Skip optional checks" },
+      { command: "vibecheck quickstart --no-open", description: "Don't open report in browser" },
+    ],
+    related: ["init", "scan", "ship"],
   },
   doctor: {
     description: "Environment + dependency + config health check",
+    longDescription: "Comprehensive diagnostics for your development environment.",
     tier: "free",
     category: "setup",
     aliases: ["health", "diag"],
     runner: () => require("./runners/runDoctor").runDoctor,
+    examples: [
+      { command: "vibecheck doctor", description: "Run all health checks" },
+      { command: "vibecheck doctor --fix", description: "Auto-fix detected issues" },
+      { command: "vibecheck doctor --json", description: "Output as JSON" },
+    ],
+    related: ["init", "scan"],
   },
   watch: {
     description: "Continuous mode - re-runs on changes",
+    longDescription: "File watcher that automatically re-runs scans when your code changes.",
     tier: "free",
     category: "setup",
     aliases: ["w", "dev"],
     runner: () => require("./runners/runWatch").runWatch,
+    examples: [
+      { command: "vibecheck watch", description: "Start watching" },
+      { command: "vibecheck watch --path ./src", description: "Watch specific directory" },
+    ],
+    related: ["scan"],
   },
-  // ── ANALYSIS ────────────────────────────────────────────────
-  checkpoint: {
-    description: "Compare baseline vs current, hallucination scoring",
-    tier: "free",
-    category: "analysis",
-    aliases: ["cp", "compare", "diff"],
-    caps: "basic on FREE, hallucination scoring on PRO",
-    runner: () => require("./runners/runCheckpoint").runCheckpoint,
-  },
-  // ── PROOF LOOP ──────────────────────────────────────────────
   scan: {
-    description: "Route integrity & code analysis scanner",
+    description: "Static code analysis; use --allowlist for false positives",
+    longDescription: "Scan your codebase for route integrity issues, security vulnerabilities, and code quality problems.",
     tier: "free",
     category: "proof",
     aliases: ["s", "check"],
     runner: () => require("./runners/runScan").runScan,
+    examples: [
+      { command: "vibecheck scan", description: "Quick scan" },
+      { command: "vibecheck scan --profile full", description: "Full scan" },
+      { command: "vibecheck scan --allowlist list", description: "View suppressed findings" },
+    ],
+    related: ["ship", "fix", "report"],
   },
   report: {
     description: "Generate HTML/MD/SARIF reports",
+    longDescription: "Create shareable reports from scan results.",
     tier: "free",
     category: "output",
-    caps: "HTML/MD only on FREE",
     aliases: ["html", "artifact"],
     runner: () => require("./runners/runReport").runReport,
+    examples: [
+      { command: "vibecheck report", description: "Generate HTML report" },
+      { command: "vibecheck report --format md", description: "Markdown report" },
+      { command: "vibecheck report --format sarif", description: "SARIF for GitHub" },
+    ],
+    related: ["scan"],
   },
-  fix: {
-    description: "AI-powered auto-fix",
+  context: {
+    description: "Generate IDE rules (.cursorrules, MDC, Copilot)",
+    longDescription: "Generate project-aware AI coding rules for your IDE.",
     tier: "free",
-    category: "proof",
-    caps: "--plan-only on FREE",
-    aliases: ["f", "repair"],
-    runner: () => require("./runners/runFix").runFix,
+    category: "truth",
+    aliases: ["rules", "ai-rules", "mdc", "ctx"],
+    runner: () => require("./runners/runContext").runContext,
+    examples: [
+      { command: "vibecheck context", description: "Generate all IDE rules" },
+      { command: "vibecheck context --format cursor", description: ".cursorrules only" },
+    ],
+    related: ["scan", "guard"],
   },
-  reality: {
-    description: "Runtime proof (browser crawl)",
+  classify: {
+    description: "Inventory authority - duplication & legacy code maps",
+    longDescription: "Read-only inventory of your codebase including duplication maps and legacy code detection.",
     tier: "free",
-    category: "proof",
-    caps: "preview mode on FREE (5 pages, no auth)",
-    aliases: ["r", "test", "e2e"],
-    runner: () => async (args, ctx) => {
-      const { runRuntime } = require("./runners/runRuntime");
-      return await runRuntime(["crawl", ...args], ctx);
-    },
+    category: "authority",
+    aliases: ["inventory", "audit"],
+    runner: () => require("./runners/runClassify").runClassify,
+    examples: [
+      { command: "vibecheck classify", description: "Quick inventory" },
+      { command: "vibecheck classify --json", description: "JSON output" },
+    ],
+    related: ["approve", "scan"],
   },
-  ship: {
-    description: "Verdict engine - SHIP / WARN / BLOCK",
+  login: {
+    description: "Authenticate with API key",
+    longDescription: "Connect your CLI to the vibecheck API.",
     tier: "free",
-    category: "proof",
-    aliases: ["verdict", "go"],
-    caps: "static-only on FREE",
-    runner: () => require("./runners/runShip").runShip,
+    category: "account",
+    aliases: ["auth", "signin"],
+    runner: () => require("./runners/runAuth").runLogin,
+    skipAuth: true,
+    examples: [
+      { command: "vibecheck login", description: "Interactive login" },
+      { command: "vibecheck login --key YOUR_API_KEY", description: "Login with key" },
+    ],
+    related: ["logout", "whoami"],
   },
-  prove: {
-    description: "One command reality proof - video + network evidence that your app works",
-    tier: "pro",
-    category: "proof",
-    aliases: ["p", "full", "all"],
-    caps: "video, trace, HAR recording enabled by default; CI-ready output",
-    runner: () => require("./runners/runProve").runProve,
+  logout: {
+    description: "Remove stored credentials",
+    tier: "free",
+    category: "account",
+    aliases: ["signout"],
+    runner: () => require("./runners/runAuth").runLogout,
+    skipAuth: true,
+    examples: [
+      { command: "vibecheck logout", description: "Clear credentials" },
+    ],
+    related: ["login", "whoami"],
   },
-  // ── PROOF ARTIFACTS ─────────────────────────────────────────
-  "evidence-pack": {
-    description: "Bundle proof artifacts (videos, traces, screenshots) into shareable pack",
+  whoami: {
+    description: "Show current user and plan",
     tier: "free",
-    category: "proof",
-    aliases: ["pack", "bundle", "evidence"],
-    runner: () => require("./runners/runEvidencePack").runEvidencePack,
+    category: "account",
+    aliases: ["me", "user"],
+    runner: () => require("./runners/runAuth").runWhoami,
+    skipAuth: true,
+    examples: [
+      { command: "vibecheck whoami", description: "Show user info" },
+    ],
+    related: ["login", "logout"],
   },
   allowlist: {
-    description: "Manage finding allowlist (suppress false positives)",
+    description: "Manage finding allowlist for false positives",
+    longDescription: "Add, remove, or view allowlist entries to suppress known false positives. Supports patterns, file scopes, and expiration.",
     tier: "free",
-    category: "proof",
-    aliases: ["allow", "ignore", "whitelist"],
+    category: "setup",
+    aliases: ["al", "suppress"],
     runner: () => require("./runners/runAllowlist").runAllowlist,
+    examples: [
+      { command: "vibecheck allowlist", description: "List allowlist entries" },
+      { command: "vibecheck allowlist add --id MOCK_DATA_xyz --reason 'Test fixture'", description: "Add by ID" },
+      { command: "vibecheck allowlist add --pattern 'lorem' --reason 'Placeholder'", description: "Add pattern" },
+      { command: "vibecheck allowlist remove --id AL_abc123", description: "Remove entry" },
+    ],
+    related: ["scan", "ship"],
   },
-  // ── QUALITY ────────────────────────────────────────────────
-  polish: {
-    description: "Production polish analyzer - finds missing essentials",
+  "evidence-pack": {
+    description: "Bundle proof artifacts into shareable packs",
+    longDescription: "Creates shareable evidence packs from proof runs. Bundles videos, traces, screenshots, and findings.",
     tier: "free",
-    category: "quality",
-    aliases: ["quality", "finalize", "ready"],
-    runner: () => require("./runners/runPolish").runPolish,
+    category: "output",
+    aliases: ["pack", "bundle"],
+    runner: () => require("./runners/runEvidencePack").runEvidencePack,
+    examples: [
+      { command: "vibecheck evidence-pack", description: "Bundle latest run" },
+      { command: "vibecheck evidence-pack --run-id abc123", description: "Bundle specific run" },
+      { command: "vibecheck evidence-pack --markdown", description: "Markdown report" },
+      { command: "vibecheck evidence-pack --no-videos", description: "Exclude large files" },
+    ],
+    related: ["prove", "reality"],
   },
-  // ── AI TRUTH ───────────────────────────────────────────────
-  context: {
-    description: "Generate IDE rules (.cursorrules, MDC, Windsurf, Copilot)",
+  labs: {
+    description: "Experimental & beta features",
+    longDescription: "Access experimental features that are in development. Features may change or be removed without notice.",
     tier: "free",
-    category: "truth",
-    aliases: ["rules", "ai-rules", "mdc"],
-    runner: () => require("./runners/runContext").runContext,
+    category: "setup",
+    aliases: ["experimental", "beta"],
+    runner: () => require("./runners/runLabs").runLabs,
+    skipAuth: true,
+    examples: [
+      { command: "vibecheck labs", description: "List available features" },
+      { command: "vibecheck labs ai-agent --url http://localhost:3000", description: "AI agent" },
+      { command: "vibecheck labs security-audit", description: "Security audit" },
+      { command: "vibecheck labs smart-fix", description: "AI-powered fixes" },
+    ],
+    related: ["scan", "fix"],
+  },
+  // ══════════════════════════════════════════════════════════════
+  // PRO TIER ($69/mo) - Fix, Prove & Enforce
+  // ══════════════════════════════════════════════════════════════
+  ship: {
+    description: "Verdict engine - SHIP / WARN / BLOCK",
+    longDescription: "The final word on whether your code is ready to ship. Combines all scan results and generates a clear verdict.",
+    tier: "pro",
+    category: "proof",
+    aliases: ["verdict", "go"],
+    runner: () => require("./runners/runShip").runShip,
+    examples: [
+      { command: "vibecheck ship", description: "Get shipping verdict" },
+      { command: "vibecheck ship --strict", description: "Fail on warnings" },
+      { command: "vibecheck ship --badge", description: "Generate status badge" },
+    ],
+    related: ["scan", "prove", "fix"],
+  },
+  fix: {
+    description: "AI-powered auto-fix for findings",
+    longDescription: "Generate AI prompts to fix detected issues. Use --apply to let AI make changes directly.",
+    tier: "pro",
+    category: "proof",
+    aliases: ["f", "repair"],
+    runner: () => require("./runners/runFix").runFix,
+    examples: [
+      { command: "vibecheck fix", description: "Generate fix missions" },
+      { command: "vibecheck fix --apply", description: "Apply AI fixes" },
+      { command: "vibecheck fix --loop", description: "Fix loop until clean" },
+    ],
+    related: ["scan", "ship"],
+  },
+  prove: {
+    description: "Full proof loop with runtime verification",
+    longDescription: "Complete verification cycle with runtime testing and evidence generation.",
+    tier: "pro",
+    category: "proof",
+    aliases: ["p", "verify"],
+    runner: () => require("./runners/runProve").runProve,
+    examples: [
+      { command: "vibecheck prove", description: "Run full proof loop" },
+      { command: "vibecheck prove --url http://localhost:3000", description: "With runtime testing" },
+      { command: "vibecheck prove --bundle", description: "Generate evidence pack" },
+    ],
+    related: ["ship", "reality"],
+  },
+  reality: {
+    description: "Browser-based runtime verification",
+    longDescription: "Verify your app's runtime behavior with Playwright-powered browser testing.",
+    tier: "pro",
+    category: "proof",
+    aliases: ["browser", "e2e"],
+    runner: () => require("./runners/runReality").runReality,
+    examples: [
+      { command: "vibecheck reality --url http://localhost:3000", description: "Test localhost" },
+      { command: "vibecheck reality --auth email:pass", description: "With authentication" },
+      { command: "vibecheck reality --agent", description: "AI agent testing" },
+    ],
+    related: ["prove", "ship"],
+  },
+  gate: {
+    description: "CI/CD enforcement - fail builds on issues",
+    longDescription: "Enforce quality gates in your CI/CD pipeline.",
+    tier: "pro",
+    category: "automation",
+    aliases: ["ci", "enforce"],
+    runner: () => require("./runners/runGuard").runGate,
+    examples: [
+      { command: "vibecheck gate", description: "Run CI gate check" },
+      { command: "vibecheck gate --strict", description: "Strict mode" },
+    ],
+    related: ["ship", "scan"],
   },
   guard: {
     description: "AI guardrails - prompt firewall & hallucination checking",
-    tier: "free",
+    longDescription: "Validate AI-generated code and prompts. Detects prompt injection and verifies claims.",
+    tier: "pro",
     category: "truth",
     aliases: ["ai-guard", "firewall", "validate"],
     runner: () => require("./runners/runGuard").runGuard,
+    examples: [
+      { command: "vibecheck guard", description: "Run all guardrail checks" },
+      { command: "vibecheck guard --claims", description: "Verify AI claims" },
+    ],
+    related: ["context", "fix"],
   },
-  // ── AUTOMATION ─────────────────────────────────────────────
   mcp: {
     description: "Start MCP server for AI IDEs",
-    tier: "starter",
+    longDescription: "Launch an MCP server for AI IDE integration.",
+    tier: "pro",
     category: "automation",
     aliases: [],
     runner: () => require("./runners/runMcp").runMcp,
+    examples: [
+      { command: "vibecheck mcp", description: "Start MCP server" },
+      { command: "vibecheck mcp --port 3099", description: "Custom port" },
+    ],
+    related: ["context"],
   },
-  "ai-test": {
-    description: "AI autonomous test (alias: runtime agent)",
+  checkpoint: {
+    description: "Compare baseline vs current, hallucination scoring",
+    longDescription: "Track changes between scan runs. Detects new issues, resolved issues, and regressions.",
     tier: "pro",
-    category: "automation",
-    aliases: ["ai", "agent"],
-    runner: () => async (args, ctx) => {
-      const { runRuntime } = require("./runners/runRuntime");
-      return await runRuntime(["agent", ...args], ctx);
-    },
-  },
-  // ── ACCOUNT (skipAuth) ────────────────────────────────────
-  login: {
-    description: "Authenticate with API key",
-    tier: "free",
-    category: "account",
-    aliases: ["auth", "signin"],
-    runner: () => require("./runners/runAuth").runLogin,
-    skipAuth: true,
-  },
-  logout: {
-    description: "Remove stored credentials",
-    tier: "free",
-    category: "account",
-    aliases: ["signout"],
-    runner: () => require("./runners/runAuth").runLogout,
-    skipAuth: true,
+    category: "analysis",
+    aliases: ["cp", "compare", "diff"],
+    runner: () => require("./runners/runCheckpoint").runCheckpoint,
+    examples: [
+      { command: "vibecheck checkpoint", description: "Compare against baseline" },
+      { command: "vibecheck checkpoint --set", description: "Save new baseline" },
+    ],
+    related: ["scan", "fix"],
   },
-  whoami: {
-    description: "Show current user and plan",
-    tier: "free",
-    category: "account",
-    aliases: ["me", "user"],
-    runner: () => require("./runners/runAuth").runWhoami,
-    skipAuth: true,
+  approve: {
+    description: "Authority verdicts - PROCEED/STOP/DEFER with proofs",
+    longDescription: "Execute authorities to get structured verdicts with proofs.",
+    tier: "pro",
+    category: "authority",
+    aliases: ["auth-verdict", "authority"],
+    runner: () => require("./runners/runApprove").runApprove,
+    examples: [
+      { command: "vibecheck approve safe-consolidation", description: "Run authority" },
+      { command: "vibecheck approve --list", description: "List authorities" },
+    ],
+    related: ["classify", "ship"],
   },
-  // ── EXTRAS ────────────────────────────────────────────────
-  labs: {
-    description: "Experimental features",
-    tier: "free",
-    category: "extras",
-    aliases: ["experimental", "beta"],
-    runner: () => require("./runners/runLabs").runLabs,
+  polish: {
+    description: "Production polish - final cleanup before deploy",
+    longDescription: "Final production readiness checks and cleanup.",
+    tier: "pro",
+    category: "proof",
+    aliases: ["prod", "final"],
+    runner: () => require("./runners/runPolish").runPolish,
+    examples: [
+      { command: "vibecheck polish", description: "Run polish checks" },
+    ],
+    related: ["ship", "prove"],
   },
 };
+// Validate that only allowed commands are defined
 assertAllowedOnly(COMMANDS);
 // ─────────────────────────────────────────────────────────────
-// DERIVED MAPS
+// TIER HELPERS
 // ─────────────────────────────────────────────────────────────
+function isPro(tier) {
+  return tier === "pro";
+}
+function requiresPro(commandName) {
+  const cmd = COMMANDS[commandName];
+  return cmd && cmd.tier === "pro";
+}
+function getFreeCommands() {
+  return Object.entries(COMMANDS)
+    .filter(([, cmd]) => cmd.tier === "free")
+    .map(([name]) => name);
+}
+function getProCommands() {
+  return Object.entries(COMMANDS)
+    .filter(([, cmd]) => cmd.tier === "pro")
+    .map(([name]) => name);
+}
+// ─────────────────────────────────────────────────────────────
+// BUILD DERIVED DATA STRUCTURES
+// ─────────────────────────────────────────────────────────────
+// Build alias map: { alias -> command }
 const ALIAS_MAP = {};
-for (const [cmd, def] of Object.entries(COMMANDS)) {
-  for (const alias of def.aliases || []) ALIAS_MAP[alias] = cmd;
+for (const [cmdName, cmd] of Object.entries(COMMANDS)) {
+  if (cmd.aliases) {
+    for (const alias of cmd.aliases) {
+      ALIAS_MAP[alias] = cmdName;
+    }
+  }
 }
-const ALL_COMMANDS = [
+// All command names including aliases
+const ALL_COMMANDS = new Set([
   ...Object.keys(COMMANDS),
-  ...Object.values(COMMANDS).flatMap((c) => c.aliases || []),
-];
+  ...Object.keys(ALIAS_MAP),
+]);
 // ─────────────────────────────────────────────────────────────
-// RUNNER LOADER
+// GETTERS
 // ─────────────────────────────────────────────────────────────
-function getRunner(cmd, styles = {}) {
-  const def = COMMANDS[cmd];
-  if (!def) return null;
-  const red = styles.red || "";
-  const reset = styles.reset || "";
-  const errorSym = styles.errorSymbol || "✗";
+function getRunner(cmd, opts = {}) {
+  // Resolve alias to canonical command
+  const canonicalCmd = ALIAS_MAP[cmd] || cmd;
+  const def = COMMANDS[canonicalCmd];
+  if (!def) {
+    return null;
+  }
+  if (!def.runner) {
+    return null;
+  }
   try {
     return def.runner();
   } catch (e) {
-    return async () => {
-      console.error(`${red}${errorSym}${reset} Failed to load ${cmd}: ${e.message}`);
-      return 1;
-    };
+    if (opts.red && opts.reset) {
+      console.error(`${opts.red}${opts.errorSymbol || '×'} Failed to load runner for ${cmd}: ${e.message}${opts.reset}`);
+    }
+    return null;
+  }
+}
+function getCommand(name) {
+  // Check direct name
+  if (COMMANDS[name]) return COMMANDS[name];
+  // Check alias map
+  const canonical = ALIAS_MAP[name];
+  if (canonical && COMMANDS[canonical]) {
+    return { ...COMMANDS[canonical], _resolvedFrom: name, _canonicalName: canonical };
   }
+  return null;
+}
+function resolveCommand(name) {
+  return ALIAS_MAP[name] || name;
 }
+// ─────────────────────────────────────────────────────────────
+// EXPORTS
+// ─────────────────────────────────────────────────────────────
 module.exports = {
+  // Core data
   COMMANDS,
+  ALLOWED_COMMANDS,
   ALIAS_MAP,
   ALL_COMMANDS,
+  // Tier helpers
+  isPro,
+  requiresPro,
+  getFreeCommands,
+  getProCommands,
+  // Getters
   getRunner,
+  getCommand,
+  resolveCommand,
+  listCommands: () => Object.keys(COMMANDS),
+  getCommandsByTier: (tier) =>
+    Object.entries(COMMANDS)
+      .filter(([, cmd]) => cmd.tier === tier)
+      .map(([name, cmd]) => ({ name, ...cmd })),
+  getCommandsByCategory: (category) =>
+    Object.entries(COMMANDS)
+      .filter(([, cmd]) => cmd.category === category)
+      .map(([name, cmd]) => ({ name, ...cmd })),
 };