npm - @vibecheckai/cli - Versions diffs - 3.5.1 → 3.5.3 - Mend

@vibecheckai/cli 3.5.1 → 3.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (272) hide show

package/bin/registry.js +406 -154
package/bin/runners/context/analyzer.js +52 -1
package/bin/runners/context/generators/mcp.js +15 -13
package/bin/runners/context/git-context.js +3 -1
package/bin/runners/context/proof-context.js +248 -1
package/bin/runners/context/team-conventions.js +33 -7
package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +474 -0
package/bin/runners/lib/agent-firewall/change-packet/builder.js +488 -0
package/bin/runners/lib/agent-firewall/change-packet/schema.json +228 -0
package/bin/runners/lib/agent-firewall/change-packet/store.js +200 -0
package/bin/runners/lib/agent-firewall/claims/claim-types.js +21 -0
package/bin/runners/lib/agent-firewall/claims/extractor.js +303 -0
package/bin/runners/lib/agent-firewall/claims/patterns.js +24 -0
package/bin/runners/lib/agent-firewall/critic/index.js +151 -0
package/bin/runners/lib/agent-firewall/critic/judge.js +432 -0
package/bin/runners/lib/agent-firewall/critic/prompts.js +305 -0
package/bin/runners/lib/agent-firewall/evidence/auth-evidence.js +88 -0
package/bin/runners/lib/agent-firewall/evidence/contract-evidence.js +75 -0
package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +127 -0
package/bin/runners/lib/agent-firewall/evidence/resolver.js +102 -0
package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +213 -0
package/bin/runners/lib/agent-firewall/evidence/side-effect-evidence.js +145 -0
package/bin/runners/lib/agent-firewall/fs-hook/daemon.js +19 -0
package/bin/runners/lib/agent-firewall/fs-hook/installer.js +87 -0
package/bin/runners/lib/agent-firewall/fs-hook/watcher.js +184 -0
package/bin/runners/lib/agent-firewall/git-hook/pre-commit.js +163 -0
package/bin/runners/lib/agent-firewall/ide-extension/cursor.js +107 -0
package/bin/runners/lib/agent-firewall/ide-extension/vscode.js +68 -0
package/bin/runners/lib/agent-firewall/ide-extension/windsurf.js +66 -0
package/bin/runners/lib/agent-firewall/interceptor/base.js +304 -0
package/bin/runners/lib/agent-firewall/interceptor/cursor.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/vscode.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/windsurf.js +34 -0
package/bin/runners/lib/agent-firewall/lawbook/distributor.js +465 -0
package/bin/runners/lib/agent-firewall/lawbook/evaluator.js +604 -0
package/bin/runners/lib/agent-firewall/lawbook/index.js +304 -0
package/bin/runners/lib/agent-firewall/lawbook/registry.js +514 -0
package/bin/runners/lib/agent-firewall/lawbook/schema.js +420 -0
package/bin/runners/lib/agent-firewall/logger.js +141 -0
package/bin/runners/lib/agent-firewall/policy/default-policy.json +90 -0
package/bin/runners/lib/agent-firewall/policy/engine.js +103 -0
package/bin/runners/lib/agent-firewall/policy/loader.js +451 -0
package/bin/runners/lib/agent-firewall/policy/rules/auth-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/contract-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +86 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js +162 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +189 -0
package/bin/runners/lib/agent-firewall/policy/rules/scope.js +93 -0
package/bin/runners/lib/agent-firewall/policy/rules/unsafe-side-effect.js +57 -0
package/bin/runners/lib/agent-firewall/policy/schema.json +183 -0
package/bin/runners/lib/agent-firewall/policy/verdict.js +54 -0
package/bin/runners/lib/agent-firewall/proposal/extractor.js +394 -0
package/bin/runners/lib/agent-firewall/proposal/index.js +212 -0
package/bin/runners/lib/agent-firewall/proposal/schema.js +251 -0
package/bin/runners/lib/agent-firewall/proposal/validator.js +386 -0
package/bin/runners/lib/agent-firewall/reality/index.js +332 -0
package/bin/runners/lib/agent-firewall/reality/state.js +625 -0
package/bin/runners/lib/agent-firewall/reality/watcher.js +322 -0
package/bin/runners/lib/agent-firewall/risk/index.js +173 -0
package/bin/runners/lib/agent-firewall/risk/scorer.js +328 -0
package/bin/runners/lib/agent-firewall/risk/thresholds.js +321 -0
package/bin/runners/lib/agent-firewall/risk/vectors.js +421 -0
package/bin/runners/lib/agent-firewall/simulator/diff-simulator.js +472 -0
package/bin/runners/lib/agent-firewall/simulator/import-resolver.js +346 -0
package/bin/runners/lib/agent-firewall/simulator/index.js +181 -0
package/bin/runners/lib/agent-firewall/simulator/route-validator.js +380 -0
package/bin/runners/lib/agent-firewall/time-machine/incident-correlator.js +661 -0
package/bin/runners/lib/agent-firewall/time-machine/index.js +267 -0
package/bin/runners/lib/agent-firewall/time-machine/replay-engine.js +436 -0
package/bin/runners/lib/agent-firewall/time-machine/state-reconstructor.js +490 -0
package/bin/runners/lib/agent-firewall/time-machine/timeline-builder.js +530 -0
package/bin/runners/lib/agent-firewall/truthpack/index.js +67 -0
package/bin/runners/lib/agent-firewall/truthpack/loader.js +137 -0
package/bin/runners/lib/agent-firewall/unblock/planner.js +337 -0
package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +118 -0
package/bin/runners/lib/analysis-core.js +220 -182
package/bin/runners/lib/analyzers.js +2145 -224
package/bin/runners/lib/api-client.js +269 -0
package/bin/runners/lib/authority-badge.js +425 -0
package/bin/runners/lib/cli-output.js +242 -210
package/bin/runners/lib/default-config.js +127 -0
package/bin/runners/lib/detectors-v2.js +547 -785
package/bin/runners/lib/doctor/modules/security.js +3 -1
package/bin/runners/lib/engine/ast-cache.js +210 -0
package/bin/runners/lib/engine/auth-extractor.js +211 -0
package/bin/runners/lib/engine/billing-extractor.js +112 -0
package/bin/runners/lib/engine/enforcement-extractor.js +100 -0
package/bin/runners/lib/engine/env-extractor.js +207 -0
package/bin/runners/lib/engine/express-extractor.js +208 -0
package/bin/runners/lib/engine/extractors.js +849 -0
package/bin/runners/lib/engine/index.js +207 -0
package/bin/runners/lib/engine/repo-index.js +514 -0
package/bin/runners/lib/engine/types.js +124 -0
package/bin/runners/lib/engines/accessibility-engine.js +190 -0
package/bin/runners/lib/engines/api-consistency-engine.js +162 -0
package/bin/runners/lib/engines/ast-cache.js +99 -0
package/bin/runners/lib/engines/code-quality-engine.js +255 -0
package/bin/runners/lib/engines/console-logs-engine.js +115 -0
package/bin/runners/lib/engines/cross-file-analysis-engine.js +268 -0
package/bin/runners/lib/engines/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/deprecated-api-engine.js +226 -0
package/bin/runners/lib/engines/empty-catch-engine.js +150 -0
package/bin/runners/lib/engines/file-filter.js +131 -0
package/bin/runners/lib/engines/hardcoded-secrets-engine.js +251 -0
package/bin/runners/lib/engines/mock-data-engine.js +272 -0
package/bin/runners/lib/engines/parallel-processor.js +71 -0
package/bin/runners/lib/engines/performance-issues-engine.js +265 -0
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +243 -0
package/bin/runners/lib/engines/todo-fixme-engine.js +115 -0
package/bin/runners/lib/engines/type-aware-engine.js +152 -0
package/bin/runners/lib/engines/unsafe-regex-engine.js +225 -0
package/bin/runners/lib/engines/vibecheck-engines/README.md +53 -0
package/bin/runners/lib/engines/vibecheck-engines/index.js +15 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +291 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +83 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +275 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +167 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +139 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +140 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +234 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +78 -0
package/bin/runners/lib/engines/vibecheck-engines/package.json +13 -0
package/bin/runners/lib/entitlements-v2.js +152 -446
package/bin/runners/lib/error-handler.js +60 -12
package/bin/runners/lib/error-messages.js +289 -0
package/bin/runners/lib/evidence-pack.js +7 -1
package/bin/runners/lib/exit-codes.js +275 -0
package/bin/runners/lib/finding-id.js +69 -0
package/bin/runners/lib/finding-sorter.js +89 -0
package/bin/runners/lib/fingerprint.js +377 -0
package/bin/runners/lib/global-flags.js +37 -0
package/bin/runners/lib/help-formatter.js +413 -0
package/bin/runners/lib/logger.js +38 -0
package/bin/runners/lib/next-action.js +560 -0
package/bin/runners/lib/prerequisites.js +149 -0
package/bin/runners/lib/route-detection.js +137 -68
package/bin/runners/lib/route-truth.js +1167 -322
package/bin/runners/lib/scan-output.js +504 -463
package/bin/runners/lib/scan-runner.js +135 -0
package/bin/runners/lib/schemas/ajv-validator.js +464 -0
package/bin/runners/lib/schemas/error-envelope.schema.json +105 -0
package/bin/runners/lib/schemas/finding-v3.schema.json +151 -0
package/bin/runners/lib/schemas/report-artifact.schema.json +120 -0
package/bin/runners/lib/schemas/run-request.schema.json +108 -0
package/bin/runners/lib/schemas/validator.js +27 -0
package/bin/runners/lib/schemas/verdict.schema.json +140 -0
package/bin/runners/lib/ship-output-enterprise.js +239 -0
package/bin/runners/lib/ship-output.js +328 -31
package/bin/runners/lib/terminal-ui.js +234 -731
package/bin/runners/lib/truth.js +1332 -308
package/bin/runners/lib/unified-cli-output.js +604 -0
package/bin/runners/lib/unified-output.js +163 -155
package/bin/runners/lib/upsell.js +104 -204
package/bin/runners/runAgent.d.ts +5 -0
package/bin/runners/runAgent.js +161 -0
package/bin/runners/runAllowlist.js +166 -101
package/bin/runners/runApprove.js +1200 -0
package/bin/runners/runAuth.js +373 -95
package/bin/runners/runCheckpoint.js +59 -21
package/bin/runners/runClassify.js +926 -0
package/bin/runners/runContext.d.ts +4 -0
package/bin/runners/runContext.js +136 -24
package/bin/runners/runDoctor.js +115 -67
package/bin/runners/runEvidencePack.js +239 -96
package/bin/runners/runFirewall.d.ts +5 -0
package/bin/runners/runFirewall.js +134 -0
package/bin/runners/runFirewallHook.d.ts +5 -0
package/bin/runners/runFirewallHook.js +56 -0
package/bin/runners/runFix.js +6 -5
package/bin/runners/runGuard.js +212 -118
package/bin/runners/runInit.js +66 -21
package/bin/runners/runLabs.js +204 -121
package/bin/runners/runMcp.js +131 -60
package/bin/runners/runPolish.d.ts +4 -0
package/bin/runners/runPolish.js +43 -20
package/bin/runners/runProof.zip +0 -0
package/bin/runners/runProve.js +15 -5
package/bin/runners/runQuickstart.js +531 -0
package/bin/runners/runReality.js +14 -0
package/bin/runners/runReport.js +36 -4
package/bin/runners/runScan.js +689 -91
package/bin/runners/runShip.js +96 -40
package/bin/runners/runTruth.d.ts +5 -0
package/bin/runners/runTruth.js +101 -0
package/bin/runners/runValidate.js +21 -4
package/bin/runners/runWatch.js +118 -54
package/bin/scan.js +6 -1
package/bin/vibecheck.js +297 -52
package/mcp-server/HARDENING_SUMMARY.md +299 -0
package/mcp-server/agent-firewall-interceptor.js +500 -0
package/mcp-server/authority-tools.js +569 -0
package/mcp-server/conductor/conflict-resolver.js +588 -0
package/mcp-server/conductor/execution-planner.js +544 -0
package/mcp-server/conductor/index.js +377 -0
package/mcp-server/conductor/lock-manager.js +615 -0
package/mcp-server/conductor/request-queue.js +550 -0
package/mcp-server/conductor/session-manager.js +500 -0
package/mcp-server/conductor/tools.js +510 -0
package/mcp-server/deprecation-middleware.js +282 -0
package/mcp-server/handlers/index.ts +15 -0
package/mcp-server/handlers/tool-handler.ts +474 -591
package/mcp-server/index.js +1748 -1099
package/mcp-server/lib/api-client.cjs +13 -0
package/mcp-server/lib/cache-wrapper.cjs +383 -0
package/mcp-server/lib/error-envelope.js +138 -0
package/mcp-server/lib/executor.ts +428 -721
package/mcp-server/lib/index.ts +19 -0
package/mcp-server/lib/logger.cjs +30 -0
package/mcp-server/lib/rate-limiter.js +166 -0
package/mcp-server/lib/sandbox.test.ts +519 -0
package/mcp-server/lib/sandbox.ts +342 -284
package/mcp-server/lib/types.ts +267 -0
package/mcp-server/logger.js +173 -0
package/mcp-server/package.json +11 -27
package/mcp-server/premium-tools.js +2 -2
package/mcp-server/registry/tool-registry.js +794 -0
package/mcp-server/registry/tools.json +507 -378
package/mcp-server/registry.test.ts +334 -0
package/mcp-server/tests/tier-gating.test.js +297 -0
package/mcp-server/tier-auth.js +492 -347
package/mcp-server/tools-v3.js +950 -0
package/mcp-server/truth-context.js +131 -90
package/mcp-server/truth-firewall-tools.js +1612 -1001
package/mcp-server/tsconfig.json +8 -5
package/mcp-server/vibecheck-2.0-tools.js +14 -1
package/mcp-server/vibecheck-mcp-server-3.2.0.tgz +0 -0
package/mcp-server/vibecheck-tools.js +2 -2
package/package.json +4 -3
package/bin/runners/runInstall.js +0 -281
package/mcp-server/ARCHITECTURE.md +0 -339
package/mcp-server/__tests__/cache.test.ts +0 -313
package/mcp-server/__tests__/executor.test.ts +0 -239
package/mcp-server/__tests__/fixtures/exclusion-test/.cache/webpack/cache.pack +0 -1
package/mcp-server/__tests__/fixtures/exclusion-test/.next/server/chunk.js +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/.turbo/cache.json +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/.venv/lib/env.py +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/dist/bundle.js +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/package.json +0 -5
package/mcp-server/__tests__/fixtures/exclusion-test/src/app.ts +0 -5
package/mcp-server/__tests__/fixtures/exclusion-test/venv/lib/config.py +0 -4
package/mcp-server/__tests__/ids.test.ts +0 -345
package/mcp-server/__tests__/integration/tools.test.ts +0 -410
package/mcp-server/__tests__/registry.test.ts +0 -365
package/mcp-server/__tests__/sandbox.test.ts +0 -323
package/mcp-server/__tests__/schemas.test.ts +0 -372
package/mcp-server/benchmarks/run-benchmarks.ts +0 -304
package/mcp-server/examples/doctor.request.json +0 -14
package/mcp-server/examples/doctor.response.json +0 -53
package/mcp-server/examples/error.response.json +0 -15
package/mcp-server/examples/scan.request.json +0 -14
package/mcp-server/examples/scan.response.json +0 -108
package/mcp-server/index-v3.ts +0 -293
package/mcp-server/index.old.js +0 -4137
package/mcp-server/lib/cache.ts +0 -341
package/mcp-server/lib/errors.ts +0 -346
package/mcp-server/lib/ids.ts +0 -238
package/mcp-server/lib/logger.ts +0 -368
package/mcp-server/lib/metrics.ts +0 -365
package/mcp-server/lib/validator.ts +0 -229
package/mcp-server/package-lock.json +0 -165
package/mcp-server/schemas/error-envelope.schema.json +0 -125
package/mcp-server/schemas/finding.schema.json +0 -167
package/mcp-server/schemas/report-artifact.schema.json +0 -88
package/mcp-server/schemas/run-request.schema.json +0 -75
package/mcp-server/schemas/verdict.schema.json +0 -168
package/mcp-server/tier-auth.d.ts +0 -71
package/mcp-server/vitest.config.ts +0 -16

package/bin/vibecheck.js CHANGED Viewed

@@ -795,18 +795,88 @@ ${c.bold}Installation:${c.reset}
 }
 // ═══════════════════════════════════════════════════════════════════════════════
-// HELP SYSTEM
+// HELP SYSTEM - World-Class CLI Experience
 // ═══════════════════════════════════════════════════════════════════════════════
 function printBanner() {
   const VERSION = getVersion();
   console.log(`
-${c.dim}${sym.boxTopLeft}${sym.boxHorizontal.repeat(60)}${sym.boxTopRight}${c.reset}
-${c.dim}${sym.boxVertical}${c.reset}  ${gradient("VIBECHECK", [[0, 255, 255], [138, 43, 226], [255, 20, 147]])} ${c.dim}v${VERSION}${c.reset}${" ".repeat(60 - 13 - VERSION.length - 4)}${c.dim}${sym.boxVertical}${c.reset}
-${c.dim}${sym.boxVertical}${c.reset}  ${c.dim}Ship with confidence. Catch fake features before users do.${c.reset}  ${c.dim}${sym.boxVertical}${c.reset}
-${c.dim}${sym.boxBottomLeft}${sym.boxHorizontal.repeat(60)}${sym.boxBottomRight}${c.reset}
+${c.dim}${sym.boxTopLeft}${sym.boxHorizontal.repeat(64)}${sym.boxTopRight}${c.reset}
+${c.dim}${sym.boxVertical}${c.reset}  ${gradient("VIBECHECK", [[0, 255, 255], [138, 43, 226], [255, 20, 147]])} ${c.dim}v${VERSION}${c.reset}${" ".repeat(64 - 13 - VERSION.length - 4)}${c.dim}${sym.boxVertical}${c.reset}
+${c.dim}${sym.boxVertical}${c.reset}                                                                ${c.dim}${sym.boxVertical}${c.reset}
+${c.dim}${sym.boxVertical}${c.reset}  ${c.bold}Catch AI hallucinations before your users do.${c.reset}                 ${c.dim}${sym.boxVertical}${c.reset}
+${c.dim}${sym.boxVertical}${c.reset}                                                                ${c.dim}${sym.boxVertical}${c.reset}
+${c.dim}${sym.boxVertical}${c.reset}  ${c.cyan}${sym.check}${c.reset} Detects routes that look real but don't work             ${c.dim}${sym.boxVertical}${c.reset}
+${c.dim}${sym.boxVertical}${c.reset}  ${c.cyan}${sym.check}${c.reset} Finds env vars used but never declared                   ${c.dim}${sym.boxVertical}${c.reset}
+${c.dim}${sym.boxVertical}${c.reset}  ${c.cyan}${sym.check}${c.reset} Flags auth endpoints with no protection                  ${c.dim}${sym.boxVertical}${c.reset}
+${c.dim}${sym.boxVertical}${c.reset}                                                                ${c.dim}${sym.boxVertical}${c.reset}
+${c.dim}${sym.boxVertical}${c.reset}  ${c.dim}SHIP = proof your code works. Not a vibe check.${c.reset}               ${c.dim}${sym.boxVertical}${c.reset}
+${c.dim}${sym.boxBottomLeft}${sym.boxHorizontal.repeat(64)}${sym.boxBottomRight}${c.reset}
 `);
 }
+/**
+ * Print command-specific help with rich examples
+ */
+function printCommandHelp(cmd) {
+  const registry = getRegistry();
+  const def = registry.COMMANDS[cmd];
+  if (!def) return false;
+  // Build reverse alias map
+  const reverseAliases = {};
+  for (const [alias, target] of Object.entries(registry.ALIAS_MAP)) {
+    if (!reverseAliases[target]) reverseAliases[target] = [];
+    reverseAliases[target].push(alias);
+  }
+  const aliases = reverseAliases[cmd] || [];
+  // Tier badge (2-tier: FREE / PRO)
+  const tierBadge = def.tier === "free" ? `${c.green}[FREE]${c.reset}` :
+                    def.tier === "pro" ? `${c.magenta}[PRO]${c.reset}` : "";
+  console.log(`
+  ${c.bold}${sym.arrowRight} vibecheck ${cmd}${c.reset} ${tierBadge}
+  ${aliases.length > 0 ? `${c.dim}Aliases: ${aliases.join(", ")}${c.reset}` : ""}
+  ${def.longDescription || def.description}
+`);
+  // Examples
+  if (def.examples && def.examples.length > 0) {
+    console.log(`  ${c.bold}${sym.star} EXAMPLES${c.reset}\n`);
+    for (const ex of def.examples) {
+      const exTier = ex.tier === "pro" ? `${c.magenta}[PRO]${c.reset} ` : "";
+      console.log(`    ${c.dim}#${c.reset} ${ex.description} ${exTier}`);
+      console.log(`    ${c.cyan}${ex.command}${c.reset}`);
+      console.log();
+    }
+  }
+  // Related commands
+  if (def.related && def.related.length > 0) {
+    console.log(`  ${c.bold}${sym.arrowRight} RELATED COMMANDS${c.reset}\n`);
+    for (const relCmd of def.related) {
+      const relDef = registry.COMMANDS[relCmd];
+      if (relDef) {
+        const relTier = relDef.tier === "pro" ? `${c.magenta}[PRO]${c.reset} ` : "";
+        console.log(`    ${c.cyan}vibecheck ${relCmd}${c.reset} ${relTier}${c.dim}${relDef.description}${c.reset}`);
+      }
+    }
+    console.log();
+  }
+  // Documentation link
+  if (def.docsUrl) {
+    console.log(`  ${c.dim}${sym.boxHorizontal.repeat(56)}${c.reset}`);
+    console.log(`  ${c.dim}Documentation: ${c.underline}${def.docsUrl}${c.reset}`);
+  }
+  console.log(`  ${c.dim}Run 'vibecheck --help' for all commands.${c.reset}\n`);
+  return true;
+}
 function printHelp(showBanner = true) {
   if (showBanner) printBanner();
@@ -852,10 +922,9 @@ function printHelp(showBanner = true) {
     console.log(`\n${cat.color}${cat.icon} ${cat.name}${c.reset}\n`);
     for (const { cmd, description, tier, caps } of commands) {
-      // Tier badge
+      // Tier badge (2-tier: FREE / PRO)
       let tierBadge = "";
       if (tier === "free") tierBadge = `${c.green}[FREE]${c.reset} `;
-      else if (tier === "starter") tierBadge = `${c.cyan}[STARTER]${c.reset} `;
       else if (tier === "pro") tierBadge = `${c.magenta}[PRO]${c.reset} `;
       // Aliases (from reverseAliases map built earlier)
@@ -874,39 +943,98 @@ function printHelp(showBanner = true) {
   console.log(`
 ${c.dim}${sym.boxHorizontal.repeat(64)}${c.reset}
-${c.green}TIERS${c.reset}
+${c.green}${sym.star} PRICING TIERS${c.reset}
+  ${c.green}FREE${c.reset}      ${c.dim}$0${c.reset}       scan, ship, report, context, doctor, polish - full visibility
+  ${c.magenta}PRO${c.reset}       ${c.dim}$69/mo${c.reset}   + autofix, prove, reality, mcp, guard, ai-test, PR comments
-  ${c.green}FREE${c.reset}      $0       init --local, scan, ship (static), report (HTML/MD), doctor, polish
-  ${c.cyan}STARTER${c.reset}   $39/mo   + init --connect, scan --autofix, report (SARIF/CSV), mcp, PR comments
-  ${c.magenta}PRO${c.reset}       $99/mo   + prove, fix --apply, checkpoint (hallucination), reality (advanced)
+${c.green}${sym.rocket} QUICK START (2 minutes to first proof)${c.reset}
-${c.green}QUICK START - The 5-Step Journey${c.reset}
+  ${c.bold}Option 1: One command${c.reset}
+  ${c.cyan}vibecheck quickstart${c.reset}     ${c.dim}Runs doctor → ctx → scan → ship → report${c.reset}
-  1. ${c.bold}Setup${c.reset}         ${c.cyan}vibecheck init --local${c.reset}
-  2. ${c.bold}Scan${c.reset}          ${c.cyan}vibecheck scan${c.reset}
-  3. ${c.bold}Fix${c.reset}           ${c.cyan}vibecheck scan --autofix${c.reset} ${c.cyan}[STARTER]${c.reset}
-  4. ${c.bold}Prove${c.reset}         ${c.cyan}vibecheck prove${c.reset} ${c.magenta}[PRO]${c.reset}
-  5. ${c.bold}Ship${c.reset}          ${c.cyan}vibecheck ship${c.reset}
+  ${c.bold}Option 2: Step by step${c.reset}
+  ${c.bold}1.${c.reset} ${c.cyan}vibecheck init${c.reset}         ${c.dim}Set up your project${c.reset}
+  ${c.bold}2.${c.reset} ${c.cyan}vibecheck scan${c.reset}         ${c.dim}Analyze your codebase${c.reset}
+  ${c.bold}3.${c.reset} ${c.cyan}vibecheck ship${c.reset}         ${c.dim}Get shipping verdict${c.reset}
+${c.green}${sym.lightning} COMMON WORKFLOWS${c.reset}
+  ${c.dim}# Quick health check${c.reset}
+  ${c.cyan}vibecheck doctor${c.reset}
+  ${c.dim}# Scan and auto-fix${c.reset}
+  ${c.cyan}vibecheck scan --autofix${c.reset}
+  ${c.dim}# Full proof with evidence pack${c.reset}
+  ${c.cyan}vibecheck prove --url http://localhost:3000 --bundle${c.reset}
 ${c.bold}GLOBAL OPTIONS${c.reset}
-  ${c.cyan}--offline, --local${c.reset}   Run in offline mode (no API, unlimited local scans)
-  ${c.cyan}--json${c.reset}               Output as JSON
-  ${c.cyan}--quiet, -q${c.reset}          Suppress output
-  ${c.cyan}--verbose${c.reset}            Show detailed output
+  ${c.cyan}--help, -h${c.reset}           Show help for any command
+  ${c.cyan}--json${c.reset}               Machine-readable JSON output
+  ${c.cyan}--quiet, -q${c.reset}          Suppress non-essential output
+  ${c.cyan}--verbose${c.reset}            Detailed output for debugging
+  ${c.cyan}--ci${c.reset}                 CI mode (quiet + no-banner)
+  ${c.cyan}--offline${c.reset}            Run without API connection
   ${c.cyan}--path, -p <dir>${c.reset}     Run in specified directory
 ${c.bold}SHELL COMPLETIONS${c.reset}
-  ${c.cyan}vibecheck completion bash${c.reset}   ${c.dim}# Add to ~/.bashrc${c.reset}
-  ${c.cyan}vibecheck completion zsh${c.reset}    ${c.dim}# Add to ~/.zshrc${c.reset}
-  ${c.cyan}vibecheck completion fish${c.reset}   ${c.dim}# Save to completions dir${c.reset}
+  ${c.cyan}vibecheck completion bash${c.reset}   ${c.dim}# Bash (add to ~/.bashrc)${c.reset}
+  ${c.cyan}vibecheck completion zsh${c.reset}    ${c.dim}# Zsh (add to ~/.zshrc)${c.reset}
+  ${c.cyan}vibecheck completion fish${c.reset}   ${c.dim}# Fish (save to completions)${c.reset}
-${c.dim}Run 'vibecheck <command> --help' for command-specific help.${c.reset}
+${c.dim}${sym.boxHorizontal.repeat(64)}${c.reset}
+${c.dim}Run 'vibecheck <command> --help' for detailed command help.${c.reset}
+${c.dim}Documentation: https://docs.vibecheckai.dev${c.reset}
 ${c.dim}Pricing: https://vibecheckai.dev/pricing${c.reset}
 `);
 }
+// ═══════════════════════════════════════════════════════════════════════════════
+// HELP VALIDATION
+// ═══════════════════════════════════════════════════════════════════════════════
+/**
+ * Self-test function to verify help output matches actual commands
+ * Run with: node bin/vibecheck.js --self-test
+ */
+function validateHelpOutput() {
+  const registry = getRegistry();
+  const { COMMANDS, ALIAS_MAP } = registry;
+  // Extract commands from help text (simplified - just check registry)
+  const actualCommands = Object.keys(COMMANDS);
+  const actualAliases = Object.keys(ALIAS_MAP);
+  const allActualCommands = [...actualCommands, ...actualAliases];
+  // Check for obvious issues
+  const issues = [];
+  // Check that all commands have runners
+  for (const [cmd, def] of Object.entries(COMMANDS)) {
+    if (!def.runner) {
+      issues.push(`Command '${cmd}' missing runner`);
+    }
+  }
+  // Check that aliases point to valid commands
+  for (const [alias, target] of Object.entries(ALIAS_MAP)) {
+    if (!COMMANDS[target]) {
+      issues.push(`Alias '${alias}' points to non-existent command '${target}'`);
+    }
+  }
+  if (issues.length > 0) {
+    console.error('Help output validation failed:');
+    issues.forEach(issue => console.error(`  - ${issue}`));
+    return false;
+  }
+  return true;
+}
 // ═══════════════════════════════════════════════════════════════════════════════
 // HELPER FUNCTIONS
 // ═══════════════════════════════════════════════════════════════════════════════
@@ -933,6 +1061,50 @@ function formatError(error, config) {
   return lines.join("\n");
 }
+/**
+ * Map error to standardized exit code
+ * @param {Error} error - Error object
+ * @param {boolean} json - Whether JSON output is requested
+ * @returns {number} Exit code
+ */
+function mapErrorToExitCode(error, json = false) {
+  const EXIT_CODES = {
+    'AUTH_REQUIRED': 5,
+    'AUTH_FAILED': 6,
+    'TIER_REQUIRED': 7,
+    'RATE_LIMITED': 8,
+    'NOT_FOUND': 4,
+    'VALIDATION_ERROR': 3,
+    'USER_ERROR': 3,
+    'NETWORK_ERROR': 9,
+  };
+  // Check error.code first
+  if (error.code && EXIT_CODES[error.code]) {
+    return EXIT_CODES[error.code];
+  }
+  // Check error.exitCode
+  if (error.exitCode !== undefined) {
+    return error.exitCode;
+  }
+  // Check error message for common patterns
+  const message = error.message?.toLowerCase() || '';
+  if (message.includes('not found') || message.includes('not exist')) {
+    return 4; // NOT_FOUND
+  }
+  if (message.includes('auth') || message.includes('login')) {
+    return 5; // AUTH_REQUIRED
+  }
+  if (message.includes('network') || message.includes('connection')) {
+    return 9; // NETWORK_ERROR
+  }
+  // Default to internal error
+  return 10; // INTERNAL_ERROR
+}
 // ═══════════════════════════════════════════════════════════════════════════════
 // FLAG PARSING
 // ═══════════════════════════════════════════════════════════════════════════════
@@ -1032,6 +1204,16 @@ async function main() {
     process.exit(0);
   }
+  // Handle self-test flag (for CI validation)
+  if (cleanArgs.includes('--self-test')) {
+    const registry = getRegistry();
+    if (!validateHelpOutput()) {
+      process.exit(1);
+    }
+    console.log('Self-test passed: Help output matches command registry');
+    process.exit(0);
+  }
   // Load config and state
   const config = loadConfig();
   const state = loadState();
@@ -1074,6 +1256,14 @@ async function main() {
   }
   let cmdArgs = cleanArgs.slice(1);
+  // Handle command-specific help (vibecheck <cmd> --help)
+  if (globalFlags.help && cmd && COMMANDS[cmd]) {
+    // Try our rich help first, then fall back to runner's --help
+    if (printCommandHelp(cmd)) {
+      process.exit(0);
+    }
+  }
   // Pass --help to runner if specified with command
   if (globalFlags.help) cmdArgs = ["--help", ...cmdArgs];
@@ -1117,47 +1307,80 @@ async function main() {
   const cmdDef = COMMANDS[cmd];
   let authInfo = { key: null };
-  // Check for offline mode (via flag or env var)
+  // Check for offline/dev mode (via flag or env var)
+  // SECURITY: VIBECHECK_DEV_PRO only works in non-production to prevent auth bypass
+  const isDevProAllowed = process.env.NODE_ENV !== 'production' &&
+                          process.env.CI !== 'true' &&
+                          process.env.CI !== '1' &&
+                          process.env.VIBECHECK_DEV_PRO === '1';
   const isOffline = globalFlags.offline ||
                     process.env.VIBECHECK_OFFLINE === '1' ||
-                    process.env.VIBECHECK_LOCAL === '1';
+                    process.env.VIBECHECK_LOCAL === '1' ||
+                    isDevProAllowed;
   // Auth check (unless skipAuth or offline mode)
-  if (!cmdDef.skipAuth && !isOffline) {
+  // Only allow login, logout, whoami, and help without auth
+  const authExemptCommands = ['login', 'logout', 'whoami', 'help', '--help', '-h', 'version', '--version'];
+  const needsAuth = !authExemptCommands.includes(cmd) && !cmdDef.skipAuth && !isOffline;
+  if (needsAuth) {
     const auth = getAuthModule();
     const { key } = auth.getApiKey();
     authInfo.key = key;
+    // If no API key, prompt for login
+    if (!key) {
+      console.log(`\n  ${c.red}❌ Authentication Required${c.reset}`);
+      console.log(`  Please log in to use vibecheck.\n`);
+      console.log(`  ${c.cyan}Options:${c.reset}`);
+      console.log(`  1. Press ${c.yellow}Enter${c.reset} to open browser and sign up`);
+      console.log(`  2. Visit ${c.underline}https://vibecheckai.dev${c.reset} directly`);
+      console.log(`  3. Run ${c.cyan}vibecheck login${c.reset} after getting your API key\n`);
+      // Wait for Enter key
+      const readline = getReadline();
+      readline.createInterface({
+        input: process.stdin,
+        output: process.stdout
+      }).question('', async () => {
+        try {
+          const https = getHttps();
+          const url = 'https://vibecheckai.dev';
+          console.log(`\n  Opening ${c.underline}${url}${c.reset} in your browser...\n`);
+          // Try to open browser
+          const start = process.platform === 'darwin' ? 'open' :
+                       process.platform === 'win32' ? 'start' : 'xdg-open';
+          require('child_process').exec(`${start} ${url}`);
+        } catch (e) {
+          console.log(`  Could not open browser. Please visit: ${c.underline}https://vibecheckai.dev${c.reset}`);
+        }
+        process.exit(0);
+      });
+      // Keep process alive
+      return new Promise(() => {});
+    }
     const access = await checkCommandAccess(cmd, cmdArgs, authInfo);
     if (!access.allowed) {
       console.log(access.reason);
-      process.exit(access.exitCode || 3);
-    }
-    // Downgrade notice
-    if (access.downgrade && !config.quiet) {
-      const upsell = getUpsell();
-      console.log(upsell.formatDowngrade(cmd, {
-        currentTier: access.tier,
-        effectiveMode: access.downgrade,
-        caps: access.caps,
-      }));
-    }
-    // Tier badge
-    if (!config.quiet && !config.noBanner) {
-      if (access.tier === "pro") {
-        console.log(`${c.magenta}${sym.arrowRight} PRO${c.reset} ${c.dim}feature${c.reset}`);
-      } else if (access.tier === "complete") {
-        console.log(`${c.yellow}${sym.arrowRight} COMPLETE${c.reset} ${c.dim}feature${c.reset}`);
+      // Show upgrade prompt if tier insufficient
+      if (access.upgradeUrl) {
+        console.log(`\n  ${c.cyan}Upgrade:${c.reset} ${access.upgradeUrl}`);
       }
+      return 1;
     }
     authInfo.access = access;
   } else if (isOffline) {
     // Offline mode - provide basic access info
-    if (!config.quiet && !config.noBanner) {
+    // Suppress message if JSON/SARIF output is requested (check both global flags and command args)
+    const hasJsonOutput = globalFlags.json || cmdArgs.includes('--json') || cmdArgs.includes('--sarif');
+    if (!config.quiet && !config.noBanner && !hasJsonOutput) {
       console.log(`${c.cyan}${sym.arrowRight} OFFLINE${c.reset} ${c.dim}mode - local scanning without API${c.reset}`);
     }
     authInfo.access = {
@@ -1186,7 +1409,7 @@ async function main() {
     const runner = getRunner(cmd);
     if (!runner) {
       console.error(`${c.red}${sym.error}${c.reset} Failed to load runner for: ${cmd}`);
-      process.exit(1);
+      process.exit(4); // NOT_FOUND
     }
     const context = {
@@ -1201,10 +1424,32 @@ async function main() {
     };
     // Execute command - all commands use consistent runner signature
-    exitCode = await runner(cmdArgs, context);
+    const result = await runner(cmdArgs, context);
+    // Ensure result has standardized exit code
+    if (typeof result === 'object' && result.exitCode !== undefined) {
+      exitCode = result.exitCode;
+    } else if (typeof result === 'number') {
+      exitCode = result;
+    } else {
+      exitCode = 0; // SUCCESS
+    }
   } catch (error) {
-    console.error(formatError(error, config));
-    exitCode = 1;
+    // Map errors to exit codes
+    exitCode = mapErrorToExitCode(error, globalFlags.json);
+    if (globalFlags.json) {
+      console.log(JSON.stringify({
+        success: false,
+        error: {
+          code: error.code || 'INTERNAL_ERROR',
+          message: error.message,
+        },
+        exitCode,
+      }, null, 2));
+    } else {
+      console.error(formatError(error, config));
+    }
   }
   // Create receipt for paid commands