npm - @vibecheckai/cli - Versions diffs - 3.5.1 → 3.5.3 - Mend

@vibecheckai/cli 3.5.1 → 3.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (272) hide show

package/bin/registry.js +406 -154
package/bin/runners/context/analyzer.js +52 -1
package/bin/runners/context/generators/mcp.js +15 -13
package/bin/runners/context/git-context.js +3 -1
package/bin/runners/context/proof-context.js +248 -1
package/bin/runners/context/team-conventions.js +33 -7
package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +474 -0
package/bin/runners/lib/agent-firewall/change-packet/builder.js +488 -0
package/bin/runners/lib/agent-firewall/change-packet/schema.json +228 -0
package/bin/runners/lib/agent-firewall/change-packet/store.js +200 -0
package/bin/runners/lib/agent-firewall/claims/claim-types.js +21 -0
package/bin/runners/lib/agent-firewall/claims/extractor.js +303 -0
package/bin/runners/lib/agent-firewall/claims/patterns.js +24 -0
package/bin/runners/lib/agent-firewall/critic/index.js +151 -0
package/bin/runners/lib/agent-firewall/critic/judge.js +432 -0
package/bin/runners/lib/agent-firewall/critic/prompts.js +305 -0
package/bin/runners/lib/agent-firewall/evidence/auth-evidence.js +88 -0
package/bin/runners/lib/agent-firewall/evidence/contract-evidence.js +75 -0
package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +127 -0
package/bin/runners/lib/agent-firewall/evidence/resolver.js +102 -0
package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +213 -0
package/bin/runners/lib/agent-firewall/evidence/side-effect-evidence.js +145 -0
package/bin/runners/lib/agent-firewall/fs-hook/daemon.js +19 -0
package/bin/runners/lib/agent-firewall/fs-hook/installer.js +87 -0
package/bin/runners/lib/agent-firewall/fs-hook/watcher.js +184 -0
package/bin/runners/lib/agent-firewall/git-hook/pre-commit.js +163 -0
package/bin/runners/lib/agent-firewall/ide-extension/cursor.js +107 -0
package/bin/runners/lib/agent-firewall/ide-extension/vscode.js +68 -0
package/bin/runners/lib/agent-firewall/ide-extension/windsurf.js +66 -0
package/bin/runners/lib/agent-firewall/interceptor/base.js +304 -0
package/bin/runners/lib/agent-firewall/interceptor/cursor.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/vscode.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/windsurf.js +34 -0
package/bin/runners/lib/agent-firewall/lawbook/distributor.js +465 -0
package/bin/runners/lib/agent-firewall/lawbook/evaluator.js +604 -0
package/bin/runners/lib/agent-firewall/lawbook/index.js +304 -0
package/bin/runners/lib/agent-firewall/lawbook/registry.js +514 -0
package/bin/runners/lib/agent-firewall/lawbook/schema.js +420 -0
package/bin/runners/lib/agent-firewall/logger.js +141 -0
package/bin/runners/lib/agent-firewall/policy/default-policy.json +90 -0
package/bin/runners/lib/agent-firewall/policy/engine.js +103 -0
package/bin/runners/lib/agent-firewall/policy/loader.js +451 -0
package/bin/runners/lib/agent-firewall/policy/rules/auth-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/contract-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +86 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js +162 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +189 -0
package/bin/runners/lib/agent-firewall/policy/rules/scope.js +93 -0
package/bin/runners/lib/agent-firewall/policy/rules/unsafe-side-effect.js +57 -0
package/bin/runners/lib/agent-firewall/policy/schema.json +183 -0
package/bin/runners/lib/agent-firewall/policy/verdict.js +54 -0
package/bin/runners/lib/agent-firewall/proposal/extractor.js +394 -0
package/bin/runners/lib/agent-firewall/proposal/index.js +212 -0
package/bin/runners/lib/agent-firewall/proposal/schema.js +251 -0
package/bin/runners/lib/agent-firewall/proposal/validator.js +386 -0
package/bin/runners/lib/agent-firewall/reality/index.js +332 -0
package/bin/runners/lib/agent-firewall/reality/state.js +625 -0
package/bin/runners/lib/agent-firewall/reality/watcher.js +322 -0
package/bin/runners/lib/agent-firewall/risk/index.js +173 -0
package/bin/runners/lib/agent-firewall/risk/scorer.js +328 -0
package/bin/runners/lib/agent-firewall/risk/thresholds.js +321 -0
package/bin/runners/lib/agent-firewall/risk/vectors.js +421 -0
package/bin/runners/lib/agent-firewall/simulator/diff-simulator.js +472 -0
package/bin/runners/lib/agent-firewall/simulator/import-resolver.js +346 -0
package/bin/runners/lib/agent-firewall/simulator/index.js +181 -0
package/bin/runners/lib/agent-firewall/simulator/route-validator.js +380 -0
package/bin/runners/lib/agent-firewall/time-machine/incident-correlator.js +661 -0
package/bin/runners/lib/agent-firewall/time-machine/index.js +267 -0
package/bin/runners/lib/agent-firewall/time-machine/replay-engine.js +436 -0
package/bin/runners/lib/agent-firewall/time-machine/state-reconstructor.js +490 -0
package/bin/runners/lib/agent-firewall/time-machine/timeline-builder.js +530 -0
package/bin/runners/lib/agent-firewall/truthpack/index.js +67 -0
package/bin/runners/lib/agent-firewall/truthpack/loader.js +137 -0
package/bin/runners/lib/agent-firewall/unblock/planner.js +337 -0
package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +118 -0
package/bin/runners/lib/analysis-core.js +220 -182
package/bin/runners/lib/analyzers.js +2145 -224
package/bin/runners/lib/api-client.js +269 -0
package/bin/runners/lib/authority-badge.js +425 -0
package/bin/runners/lib/cli-output.js +242 -210
package/bin/runners/lib/default-config.js +127 -0
package/bin/runners/lib/detectors-v2.js +547 -785
package/bin/runners/lib/doctor/modules/security.js +3 -1
package/bin/runners/lib/engine/ast-cache.js +210 -0
package/bin/runners/lib/engine/auth-extractor.js +211 -0
package/bin/runners/lib/engine/billing-extractor.js +112 -0
package/bin/runners/lib/engine/enforcement-extractor.js +100 -0
package/bin/runners/lib/engine/env-extractor.js +207 -0
package/bin/runners/lib/engine/express-extractor.js +208 -0
package/bin/runners/lib/engine/extractors.js +849 -0
package/bin/runners/lib/engine/index.js +207 -0
package/bin/runners/lib/engine/repo-index.js +514 -0
package/bin/runners/lib/engine/types.js +124 -0
package/bin/runners/lib/engines/accessibility-engine.js +190 -0
package/bin/runners/lib/engines/api-consistency-engine.js +162 -0
package/bin/runners/lib/engines/ast-cache.js +99 -0
package/bin/runners/lib/engines/code-quality-engine.js +255 -0
package/bin/runners/lib/engines/console-logs-engine.js +115 -0
package/bin/runners/lib/engines/cross-file-analysis-engine.js +268 -0
package/bin/runners/lib/engines/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/deprecated-api-engine.js +226 -0
package/bin/runners/lib/engines/empty-catch-engine.js +150 -0
package/bin/runners/lib/engines/file-filter.js +131 -0
package/bin/runners/lib/engines/hardcoded-secrets-engine.js +251 -0
package/bin/runners/lib/engines/mock-data-engine.js +272 -0
package/bin/runners/lib/engines/parallel-processor.js +71 -0
package/bin/runners/lib/engines/performance-issues-engine.js +265 -0
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +243 -0
package/bin/runners/lib/engines/todo-fixme-engine.js +115 -0
package/bin/runners/lib/engines/type-aware-engine.js +152 -0
package/bin/runners/lib/engines/unsafe-regex-engine.js +225 -0
package/bin/runners/lib/engines/vibecheck-engines/README.md +53 -0
package/bin/runners/lib/engines/vibecheck-engines/index.js +15 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +291 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +83 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +275 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +167 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +139 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +140 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +234 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +78 -0
package/bin/runners/lib/engines/vibecheck-engines/package.json +13 -0
package/bin/runners/lib/entitlements-v2.js +152 -446
package/bin/runners/lib/error-handler.js +60 -12
package/bin/runners/lib/error-messages.js +289 -0
package/bin/runners/lib/evidence-pack.js +7 -1
package/bin/runners/lib/exit-codes.js +275 -0
package/bin/runners/lib/finding-id.js +69 -0
package/bin/runners/lib/finding-sorter.js +89 -0
package/bin/runners/lib/fingerprint.js +377 -0
package/bin/runners/lib/global-flags.js +37 -0
package/bin/runners/lib/help-formatter.js +413 -0
package/bin/runners/lib/logger.js +38 -0
package/bin/runners/lib/next-action.js +560 -0
package/bin/runners/lib/prerequisites.js +149 -0
package/bin/runners/lib/route-detection.js +137 -68
package/bin/runners/lib/route-truth.js +1167 -322
package/bin/runners/lib/scan-output.js +504 -463
package/bin/runners/lib/scan-runner.js +135 -0
package/bin/runners/lib/schemas/ajv-validator.js +464 -0
package/bin/runners/lib/schemas/error-envelope.schema.json +105 -0
package/bin/runners/lib/schemas/finding-v3.schema.json +151 -0
package/bin/runners/lib/schemas/report-artifact.schema.json +120 -0
package/bin/runners/lib/schemas/run-request.schema.json +108 -0
package/bin/runners/lib/schemas/validator.js +27 -0
package/bin/runners/lib/schemas/verdict.schema.json +140 -0
package/bin/runners/lib/ship-output-enterprise.js +239 -0
package/bin/runners/lib/ship-output.js +328 -31
package/bin/runners/lib/terminal-ui.js +234 -731
package/bin/runners/lib/truth.js +1332 -308
package/bin/runners/lib/unified-cli-output.js +604 -0
package/bin/runners/lib/unified-output.js +163 -155
package/bin/runners/lib/upsell.js +104 -204
package/bin/runners/runAgent.d.ts +5 -0
package/bin/runners/runAgent.js +161 -0
package/bin/runners/runAllowlist.js +166 -101
package/bin/runners/runApprove.js +1200 -0
package/bin/runners/runAuth.js +373 -95
package/bin/runners/runCheckpoint.js +59 -21
package/bin/runners/runClassify.js +926 -0
package/bin/runners/runContext.d.ts +4 -0
package/bin/runners/runContext.js +136 -24
package/bin/runners/runDoctor.js +115 -67
package/bin/runners/runEvidencePack.js +239 -96
package/bin/runners/runFirewall.d.ts +5 -0
package/bin/runners/runFirewall.js +134 -0
package/bin/runners/runFirewallHook.d.ts +5 -0
package/bin/runners/runFirewallHook.js +56 -0
package/bin/runners/runFix.js +6 -5
package/bin/runners/runGuard.js +212 -118
package/bin/runners/runInit.js +66 -21
package/bin/runners/runLabs.js +204 -121
package/bin/runners/runMcp.js +131 -60
package/bin/runners/runPolish.d.ts +4 -0
package/bin/runners/runPolish.js +43 -20
package/bin/runners/runProof.zip +0 -0
package/bin/runners/runProve.js +15 -5
package/bin/runners/runQuickstart.js +531 -0
package/bin/runners/runReality.js +14 -0
package/bin/runners/runReport.js +36 -4
package/bin/runners/runScan.js +689 -91
package/bin/runners/runShip.js +96 -40
package/bin/runners/runTruth.d.ts +5 -0
package/bin/runners/runTruth.js +101 -0
package/bin/runners/runValidate.js +21 -4
package/bin/runners/runWatch.js +118 -54
package/bin/scan.js +6 -1
package/bin/vibecheck.js +297 -52
package/mcp-server/HARDENING_SUMMARY.md +299 -0
package/mcp-server/agent-firewall-interceptor.js +500 -0
package/mcp-server/authority-tools.js +569 -0
package/mcp-server/conductor/conflict-resolver.js +588 -0
package/mcp-server/conductor/execution-planner.js +544 -0
package/mcp-server/conductor/index.js +377 -0
package/mcp-server/conductor/lock-manager.js +615 -0
package/mcp-server/conductor/request-queue.js +550 -0
package/mcp-server/conductor/session-manager.js +500 -0
package/mcp-server/conductor/tools.js +510 -0
package/mcp-server/deprecation-middleware.js +282 -0
package/mcp-server/handlers/index.ts +15 -0
package/mcp-server/handlers/tool-handler.ts +474 -591
package/mcp-server/index.js +1748 -1099
package/mcp-server/lib/api-client.cjs +13 -0
package/mcp-server/lib/cache-wrapper.cjs +383 -0
package/mcp-server/lib/error-envelope.js +138 -0
package/mcp-server/lib/executor.ts +428 -721
package/mcp-server/lib/index.ts +19 -0
package/mcp-server/lib/logger.cjs +30 -0
package/mcp-server/lib/rate-limiter.js +166 -0
package/mcp-server/lib/sandbox.test.ts +519 -0
package/mcp-server/lib/sandbox.ts +342 -284
package/mcp-server/lib/types.ts +267 -0
package/mcp-server/logger.js +173 -0
package/mcp-server/package.json +11 -27
package/mcp-server/premium-tools.js +2 -2
package/mcp-server/registry/tool-registry.js +794 -0
package/mcp-server/registry/tools.json +507 -378
package/mcp-server/registry.test.ts +334 -0
package/mcp-server/tests/tier-gating.test.js +297 -0
package/mcp-server/tier-auth.js +492 -347
package/mcp-server/tools-v3.js +950 -0
package/mcp-server/truth-context.js +131 -90
package/mcp-server/truth-firewall-tools.js +1612 -1001
package/mcp-server/tsconfig.json +8 -5
package/mcp-server/vibecheck-2.0-tools.js +14 -1
package/mcp-server/vibecheck-mcp-server-3.2.0.tgz +0 -0
package/mcp-server/vibecheck-tools.js +2 -2
package/package.json +4 -3
package/bin/runners/runInstall.js +0 -281
package/mcp-server/ARCHITECTURE.md +0 -339
package/mcp-server/__tests__/cache.test.ts +0 -313
package/mcp-server/__tests__/executor.test.ts +0 -239
package/mcp-server/__tests__/fixtures/exclusion-test/.cache/webpack/cache.pack +0 -1
package/mcp-server/__tests__/fixtures/exclusion-test/.next/server/chunk.js +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/.turbo/cache.json +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/.venv/lib/env.py +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/dist/bundle.js +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/package.json +0 -5
package/mcp-server/__tests__/fixtures/exclusion-test/src/app.ts +0 -5
package/mcp-server/__tests__/fixtures/exclusion-test/venv/lib/config.py +0 -4
package/mcp-server/__tests__/ids.test.ts +0 -345
package/mcp-server/__tests__/integration/tools.test.ts +0 -410
package/mcp-server/__tests__/registry.test.ts +0 -365
package/mcp-server/__tests__/sandbox.test.ts +0 -323
package/mcp-server/__tests__/schemas.test.ts +0 -372
package/mcp-server/benchmarks/run-benchmarks.ts +0 -304
package/mcp-server/examples/doctor.request.json +0 -14
package/mcp-server/examples/doctor.response.json +0 -53
package/mcp-server/examples/error.response.json +0 -15
package/mcp-server/examples/scan.request.json +0 -14
package/mcp-server/examples/scan.response.json +0 -108
package/mcp-server/index-v3.ts +0 -293
package/mcp-server/index.old.js +0 -4137
package/mcp-server/lib/cache.ts +0 -341
package/mcp-server/lib/errors.ts +0 -346
package/mcp-server/lib/ids.ts +0 -238
package/mcp-server/lib/logger.ts +0 -368
package/mcp-server/lib/metrics.ts +0 -365
package/mcp-server/lib/validator.ts +0 -229
package/mcp-server/package-lock.json +0 -165
package/mcp-server/schemas/error-envelope.schema.json +0 -125
package/mcp-server/schemas/finding.schema.json +0 -167
package/mcp-server/schemas/report-artifact.schema.json +0 -88
package/mcp-server/schemas/run-request.schema.json +0 -75
package/mcp-server/schemas/verdict.schema.json +0 -168
package/mcp-server/tier-auth.d.ts +0 -71
package/mcp-server/vitest.config.ts +0 -16

package/bin/runners/lib/error-handler.js CHANGED Viewed

@@ -1,12 +1,20 @@
 /**
  * Standardized error handling for CLI runners
  *
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * World-Class Error Handling
+ * ═══════════════════════════════════════════════════════════════════════════════
+ *
  * Design principles:
  * - Every error has a human-readable message
  * - Every error suggests a next step
  * - Exit codes are consistent and documented
+ * - Errors include "receipt" (file:line evidence) where possible
+ * - Debug mode shows stack traces
  */
+const { EXIT, getExitInfo, getHint } = require("./exit-codes");
 const colors = {
   reset: "\x1b[0m",
   red: "\x1b[31m",
@@ -24,16 +32,15 @@ const c = {
   dim: (text) => `\x1b[2m${text}${colors.reset}`,
 };
-// Standard exit codes for CI/CD integration
-// Unified with packages/cli/src/runtime/exit-codes.ts
-// IMPORTANT: These codes are part of the CLI contract - do not change without migration guide
+// Re-export EXIT for backward compatibility
+// NOTE: Prefer importing from exit-codes.js directly
 const EXIT_CODES = {
-  SUCCESS: 0,           // Scan passed, no policy violations
-  POLICY_FAIL: 1,       // Findings above threshold (policy fail) - actionable by user
-  USER_ERROR: 2,        // User error: invalid args, bad config, missing required options
-  SYSTEM_ERROR: 3,      // System error: crash, filesystem issues, unexpected exceptions
-  AUTH_FAILURE: 4,      // Auth/entitlement failure: invalid key, expired token, insufficient tier
-  NETWORK_FAILURE: 5,   // Network/backend failure: API unreachable, timeout
+  SUCCESS: EXIT.SUCCESS,
+  POLICY_FAIL: EXIT.WARNINGS,       // Findings above threshold (policy fail)
+  USER_ERROR: EXIT.USER_ERROR,      // User error: invalid args, bad config
+  SYSTEM_ERROR: EXIT.INTERNAL_ERROR, // System error: crash, unexpected exceptions
+  AUTH_FAILURE: EXIT.AUTH_REQUIRED,  // Auth/entitlement failure
+  NETWORK_FAILURE: EXIT.NETWORK_ERROR, // Network/backend failure
 };
 // Error-specific guidance
@@ -153,8 +160,26 @@ function handleError(error, context = "", metadata = {}) {
   // Get specific guidance
   const guidance = getErrorGuidance(err);
+  // Check for JSON mode (via NO_COLOR env var or explicit check)
+  const isJsonMode = process.env.NO_COLOR === '1' || process.env.VIBECHECK_JSON === '1';
   // Print error header
   if (guidance) {
+    if (isJsonMode) {
+      // JSON error output
+      const errorOutput = {
+        success: false,
+        error: {
+          code: err.code || err.name || 'ERROR',
+          message: message,
+          type: guidance.title,
+          nextSteps: guidance.nextSteps,
+        },
+        exitCode: err.exitCode || 1
+      };
+      console.error(JSON.stringify(errorOutput, null, 2));
+      return;
+    }
     console.error(`\n${c.error("✗")} ${c.error(guidance.title)}`);
     console.error(`  ${message}`);
@@ -164,8 +189,20 @@ function handleError(error, context = "", metadata = {}) {
       console.error(`  ${c.dim("•")} ${step}`);
     }
   } else {
+    // Check for JSON mode
+    const isJsonMode = process.env.NO_COLOR === '1' || process.env.VIBECHECK_JSON === '1';
     // Generic error handling with specific type detection
     if (err.code === "ENOENT") {
+      if (isJsonMode) {
+        const errorOutput = {
+          success: false,
+          error: { code: 'ENOENT', message: err.path || message, receipt },
+          exitCode: 4
+        };
+        console.error(JSON.stringify(errorOutput, null, 2));
+        return;
+      }
       console.error(`\n${c.error("✗")} File or directory not found`);
       console.error(`  ${err.path || message}`);
       // Print receipt if available
@@ -206,6 +243,15 @@ function handleError(error, context = "", metadata = {}) {
       console.error(`  ${c.dim("•")} Verify VIBECHECK_API_URL is correct`);
     } else {
       // Generic error
+      if (isJsonMode) {
+        const errorOutput = {
+          success: false,
+          error: { code: err.code || err.name || 'ERROR', message, receipt },
+          exitCode: err.exitCode || 1
+        };
+        console.error(JSON.stringify(errorOutput, null, 2));
+        return;
+      }
       console.error(`\n${c.error("✗")} Error`);
       console.error(`  ${message}`);
       // Print receipt if available
@@ -222,13 +268,15 @@ function handleError(error, context = "", metadata = {}) {
     }
   }
-  // Show stack trace in debug mode
-  if (process.env.DEBUG || process.env.VIBECHECK_DEBUG) {
+  // Show stack trace in debug mode (skip in JSON mode)
+  if (!isJsonMode && (process.env.DEBUG || process.env.VIBECHECK_DEBUG)) {
     console.error(`\n${c.dim("Stack trace:")}`);
     console.error(c.dim(err.stack));
   }
-  console.error(""); // Empty line for readability
+  if (!isJsonMode) {
+    console.error(""); // Empty line for readability
+  }
 }
 /**

package/bin/runners/lib/error-messages.js ADDED Viewed

@@ -0,0 +1,289 @@
+/**
+ * Actionable Error Messages
+ *
+ * Provides standardized error messages with actionable next steps,
+ * documentation links, and clear guidance for users.
+ */
+const { EXIT } = require('./exit-codes');
+const DOCS_BASE_URL = 'https://docs.vibecheckai.dev';
+const DASHBOARD_URL = 'https://app.vibecheckai.dev';
+/**
+ * Format an actionable error message
+ */
+function formatError(error, context = {}) {
+  const {
+    command = '',
+    suggestion = null,
+    docsLink = null,
+    nextSteps = [],
+    code = null,
+  } = context;
+  const lines = [];
+  // Main error message
+  lines.push(`\n  ❌ ${error.message || error}`);
+  // Error code if provided
+  if (code) {
+    lines.push(`\n  Code: ${code}`);
+  }
+  // Next steps
+  if (nextSteps.length > 0) {
+    lines.push(`\n  Next steps:`);
+    nextSteps.forEach((step, i) => {
+      lines.push(`    ${i + 1}. ${step}`);
+    });
+  } else if (suggestion) {
+    lines.push(`\n  💡 ${suggestion}`);
+  }
+  // Documentation link
+  if (docsLink) {
+    lines.push(`\n  📖 Docs: ${docsLink}`);
+  } else if (command) {
+    lines.push(`\n  📖 Docs: ${DOCS_BASE_URL}/commands/${command}`);
+  }
+  lines.push('');
+  return lines.join('\n');
+}
+/**
+ * Common error templates with actionable guidance
+ */
+const ERROR_TEMPLATES = {
+  PROJECT_NOT_INITIALIZED: {
+    message: 'Project not initialized',
+    suggestion: 'Run `vibecheck init` to set up your project',
+    nextSteps: [
+      'Run: vibecheck init',
+      'This creates .vibecheckrc config file',
+      'Then run: vibecheck scan',
+    ],
+    docsLink: `${DOCS_BASE_URL}/getting-started/init`,
+  },
+  NO_SCAN_RESULTS: {
+    message: 'No scan results found',
+    suggestion: 'Run `vibecheck scan` first to generate results',
+    nextSteps: [
+      'Run: vibecheck scan',
+      'This analyzes your codebase',
+      'Then re-run this command',
+    ],
+    docsLink: `${DOCS_BASE_URL}/commands/scan`,
+  },
+  NO_TRUTHPACK: {
+    message: 'No truthpack found',
+    suggestion: 'Run `vibecheck context` to generate truthpack',
+    nextSteps: [
+      'Run: vibecheck context',
+      'This generates route/auth/env mapping',
+      'Then re-run this command',
+    ],
+    docsLink: `${DOCS_BASE_URL}/commands/context`,
+  },
+  AUTH_REQUIRED: {
+    message: 'Authentication required',
+    suggestion: 'Run `vibecheck login` to authenticate',
+    nextSteps: [
+      'Run: vibecheck login',
+      'Enter your API key',
+      'Get your key from: https://app.vibecheckai.dev/settings/api-keys',
+    ],
+    docsLink: `${DOCS_BASE_URL}/getting-started/authentication`,
+  },
+  INVALID_API_KEY: {
+    message: 'Invalid API key format',
+    suggestion: 'Check your API key format',
+    nextSteps: [
+      'API keys should start with vc_',
+      'Get a new key: https://app.vibecheckai.dev/settings/api-keys',
+      'Run: vibecheck login --key YOUR_KEY',
+    ],
+    docsLink: `${DOCS_BASE_URL}/getting-started/authentication`,
+  },
+  TIER_REQUIRED: {
+    message: 'This feature requires PRO tier',
+    suggestion: 'Upgrade to PRO to access this feature',
+    nextSteps: [
+      'Visit: https://app.vibecheckai.dev/pricing',
+      'Upgrade your account',
+      'Re-run this command',
+    ],
+    docsLink: `${DOCS_BASE_URL}/pricing`,
+  },
+  PROJECT_PATH_NOT_FOUND: {
+    message: 'Project path does not exist',
+    suggestion: 'Check the path and try again',
+    nextSteps: [
+      'Verify the path exists: ls <path>',
+      'Use absolute path if relative path fails',
+      'Run: vibecheck init --path <path>',
+    ],
+    docsLink: `${DOCS_BASE_URL}/commands/init`,
+  },
+  CONFIG_INVALID: {
+    message: 'Invalid configuration file',
+    suggestion: 'Run `vibecheck doctor --fix` to repair config',
+    nextSteps: [
+      'Run: vibecheck doctor --fix',
+      'This auto-fixes common config issues',
+      'Or manually edit .vibecheckrc',
+    ],
+    docsLink: `${DOCS_BASE_URL}/configuration`,
+  },
+  NETWORK_ERROR: {
+    message: 'Network connection failed',
+    suggestion: 'Check your internet connection or use --offline mode',
+    nextSteps: [
+      'Check internet connection',
+      'Or run with --offline flag for local-only mode',
+      'Example: vibecheck scan --offline',
+    ],
+    docsLink: `${DOCS_BASE_URL}/commands/scan#offline-mode`,
+  },
+  MISSING_DEPENDENCY: {
+    message: 'Missing required dependency',
+    suggestion: 'Install missing dependencies',
+    nextSteps: [
+      'Run: npm install',
+      'Or: pnpm install',
+      'Check package.json for required packages',
+    ],
+    docsLink: `${DOCS_BASE_URL}/troubleshooting/dependencies`,
+  },
+};
+/**
+ * Get error template by key
+ */
+function getErrorTemplate(key, overrides = {}) {
+  const template = ERROR_TEMPLATES[key];
+  if (!template) {
+    return {
+      message: key,
+      suggestion: 'Check the documentation for help',
+      docsLink: DOCS_BASE_URL,
+    };
+  }
+  return { ...template, ...overrides };
+}
+/**
+ * Print actionable error and return exit code
+ */
+function printActionableError(errorKey, context = {}) {
+  const template = getErrorTemplate(errorKey, context);
+  const error = {
+    message: template.message,
+    code: context.code || errorKey,
+  };
+  const formatted = formatError(error, {
+    ...context,
+    suggestion: template.suggestion,
+    nextSteps: template.nextSteps || [],
+    docsLink: template.docsLink,
+  });
+  console.error(formatted);
+  // Map error keys to exit codes
+  const exitCodeMap = {
+    AUTH_REQUIRED: EXIT.AUTH_REQUIRED,
+    INVALID_API_KEY: EXIT.AUTH_FAILED,
+    TIER_REQUIRED: EXIT.TIER_REQUIRED,
+    PROJECT_PATH_NOT_FOUND: EXIT.USER_ERROR,
+    CONFIG_INVALID: EXIT.USER_ERROR,
+    NETWORK_ERROR: EXIT.NETWORK_ERROR || 1,
+    MISSING_DEPENDENCY: EXIT.USER_ERROR,
+    PROJECT_NOT_INITIALIZED: EXIT.USER_ERROR,
+    NO_SCAN_RESULTS: EXIT.NOT_FOUND || 1,
+    NO_TRUTHPACK: EXIT.NOT_FOUND || 1,
+  };
+  return exitCodeMap[errorKey] || EXIT.USER_ERROR;
+}
+/**
+ * Enhance existing error with actionable guidance
+ */
+function enhanceError(error, command = '', additionalContext = {}) {
+  const errorMessage = error.message || String(error);
+  const lowerMessage = errorMessage.toLowerCase();
+  // Detect error type from message
+  if (lowerMessage.includes('not initialized') || lowerMessage.includes('no config')) {
+    return printActionableError('PROJECT_NOT_INITIALIZED', { command, ...additionalContext });
+  }
+  if (lowerMessage.includes('scan result') || lowerMessage.includes('no results')) {
+    return printActionableError('NO_SCAN_RESULTS', { command, ...additionalContext });
+  }
+  if (lowerMessage.includes('truthpack') || lowerMessage.includes('context')) {
+    return printActionableError('NO_TRUTHPACK', { command, ...additionalContext });
+  }
+  if (lowerMessage.includes('auth') && (lowerMessage.includes('required') || lowerMessage.includes('unauthorized'))) {
+    return printActionableError('AUTH_REQUIRED', { command, ...additionalContext });
+  }
+  if (lowerMessage.includes('api key') && (lowerMessage.includes('invalid') || lowerMessage.includes('format'))) {
+    return printActionableError('INVALID_API_KEY', { command, ...additionalContext });
+  }
+  if (lowerMessage.includes('tier') || lowerMessage.includes('pro') || lowerMessage.includes('upgrade')) {
+    return printActionableError('TIER_REQUIRED', { command, ...additionalContext });
+  }
+  if (lowerMessage.includes('path') && (lowerMessage.includes('not found') || lowerMessage.includes('does not exist'))) {
+    return printActionableError('PROJECT_PATH_NOT_FOUND', { command, path: additionalContext.path });
+  }
+  if (lowerMessage.includes('config') && (lowerMessage.includes('invalid') || lowerMessage.includes('error'))) {
+    return printActionableError('CONFIG_INVALID', { command, ...additionalContext });
+  }
+  if (lowerMessage.includes('network') || lowerMessage.includes('connection') || lowerMessage.includes('fetch')) {
+    return printActionableError('NETWORK_ERROR', { command, ...additionalContext });
+  }
+  if (lowerMessage.includes('cannot find module') || lowerMessage.includes('missing')) {
+    return printActionableError('MISSING_DEPENDENCY', { command, dependency: additionalContext.dependency });
+  }
+  // Default: print enhanced error
+  console.error(formatError(error, {
+    command,
+    suggestion: additionalContext.suggestion || 'Check the documentation for help',
+    docsLink: additionalContext.docsLink || `${DOCS_BASE_URL}/commands/${command}`,
+    nextSteps: additionalContext.nextSteps || [],
+  }));
+  return EXIT.USER_ERROR;
+}
+module.exports = {
+  formatError,
+  getErrorTemplate,
+  printActionableError,
+  enhanceError,
+  ERROR_TEMPLATES,
+};

package/bin/runners/lib/evidence-pack.js CHANGED Viewed

@@ -14,7 +14,13 @@
 const fs = require("fs");
 const path = require("path");
 const crypto = require("crypto");
-const archiver = require("archiver");
+// Make archiver optional - only required for zip creation
+let archiver;
+try {
+  archiver = require("archiver");
+} catch {
+  archiver = null;
+}
 // ═══════════════════════════════════════════════════════════════════════════════
 // EVIDENCE PACK SCHEMA