@vibecheckai/cli 3.7.0 → 3.8.0

package/bin/registry.js

@@ -1,12 +1,18 @@
 /**
  * Vibecheck CLI Command Registry
  *
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * VERSION 4.0.0 - CLEAN & TIGHT
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * 
  * Single source of truth for the public CLI surface.
  * If it isn't here, it does not exist.
  * 
- * Simple 2-tier model:
+ * 2-tier model:
  * - FREE ($0): Inspect & Observe
- * - PRO ($69/mo): Fix, Prove & Enforce
+ * - PRO ($49/mo): Fix, Prove & Enforce
+ * 
+ * @version 4.0.0
  */
 
 "use strict";
@@ -15,33 +21,32 @@
 // CLI COMMANDS (2-tier: FREE / PRO)
 // ─────────────────────────────────────────────────────────────
 const ALLOWED_COMMANDS = new Set([
-  // FREE (14) - Inspect & Observe
-  "init",           // one-time setup
-  "quickstart",     // 2-minute onboarding (NEW)
-  "doctor",         // health check
-  "watch",          // continuous mode
-  "scan",           // static analysis
-  "report",         // generate reports
-  "context",        // generate IDE rules
-  "classify",       // Authority: inventory (read-only)
-  "login",          // authenticate
-  "logout",         // remove credentials
-  "whoami",         // show current user
-  "allowlist",      // manage finding allowlist
-  "evidence-pack",  // bundle proof artifacts
-  "labs",           // experimental features
-
-  // PRO (9) - Fix, Prove & Enforce
-  "ship",       // verdict engine (GO/NO-GO)
-  "fix",        // AI-powered fixes
-  "prove",      // runtime proof
-  "reality",    // browser verification
-  "gate",       // CI/CD enforcement
-  "guard",      // AI guardrails
-  "mcp",        // MCP server
-  "checkpoint", // baseline comparison
-  "approve",    // Authority: verdicts
-  "polish",     // production polish
+  // FREE - Setup & Observe
+  "link",
+  "kickoff",
+  "doctor",
+  "watch",
+  "forge",
+  "audit",
+  "auth",
+  "safelist",
+  "labs",
+  "packs",
+  "ci",
+
+  // PRO - Enforce, Prove & Ship
+  "intent",
+  "approve",
+  "shield",
+  "launch",
+  "reality",
+  "prove",
+  "ship",
+  "seal",
+  "fix",
+  "polish",
+  "checkpoint",
+  "mcp",
 ]);
 
 function assertAllowedOnly(obj) {
@@ -52,41 +57,40 @@ function assertAllowedOnly(obj) {
 }
 
 // ─────────────────────────────────────────────────────────────
-// COMMANDS - 2-Tier: FREE and PRO ($69/mo)
+// COMMANDS - Canonical Only
 // ─────────────────────────────────────────────────────────────
 const COMMANDS = {
   // ══════════════════════════════════════════════════════════════
-  // FREE TIER - Inspect & Observe
+  // FREE TIER
   // ══════════════════════════════════════════════════════════════
 
-  init: {
-    description: "One-time setup (config + contracts + scripts)",
-    longDescription: "Initialize vibecheck in your project. Creates configuration files, sets up IDE rules, and optionally connects to the dashboard.",
+  link: {
+    description: "Instant project binding (<10s, zero questions)",
+    longDescription: "Bind your project to VibeCheck in under 10 seconds. Auto-detects package manager, framework, runtime, monorepo structure, and CI. Creates .vibecheck/project.json receipt with smart next-step suggestion.",
     tier: "free",
     category: "setup",
-    aliases: ["setup", "configure"],
-    runner: () => require("./runners/runInit").runInit,
+    runner: () => require("./runners/runLink").runLink,
     examples: [
-      { command: "vibecheck init", description: "Interactive setup wizard" },
-      { command: "vibecheck init --local", description: "Quick local-only setup" },
-      { command: "vibecheck init --quick", description: "Non-interactive defaults" },
+      { command: "vibecheck link", description: "Instant project binding" },
+      { command: "vibecheck link --force", description: "Re-link existing project" },
+      { command: "vibecheck link --json", description: "JSON output for CI" },
     ],
-    related: ["quickstart", "doctor", "scan"],
+    related: ["kickoff", "doctor", "audit"],
   },
 
-  quickstart: {
-    description: "2-minute onboarding: doctor → ctx → scan → ship → report",
-    longDescription: "Get your first proof in under 2 minutes. Runs the complete verification pipeline with sensible defaults.",
+  kickoff: {
+    description: "60-second dopamine: link → forge → audit → ship (auto-detects project type)",
+    longDescription: "First run experience that gets you to value in 60 seconds. Auto-detects project intent (frontend, API, full-stack, library), runs optimized pipeline, produces shareable summary with clear next steps.",
     tier: "free",
     category: "setup",
-    aliases: ["qs", "start", "onboard"],
-    runner: () => require("./runners/runQuickstart").runQuickstart,
+    runner: () => require("./runners/runKickoff").runKickoff,
     examples: [
-      { command: "vibecheck quickstart", description: "Run full 2-minute onboarding" },
-      { command: "vibecheck quickstart --fast", description: "Skip optional checks" },
-      { command: "vibecheck quickstart --no-open", description: "Don't open report in browser" },
+      { command: "vibecheck kickoff", description: "60-second first run" },
+      { command: "vibecheck kickoff --fast", description: "30-second fast mode" },
+      { command: "vibecheck kickoff --tier minimal", description: "Minimal AI rules" },
+      { command: "vibecheck kickoff --no-ship", description: "Skip ship verdict" },
     ],
-    related: ["init", "scan", "ship"],
+    related: ["link", "forge", "audit", "ship"],
   },
 
   doctor: {
@@ -94,14 +98,13 @@ const COMMANDS = {
     longDescription: "Comprehensive diagnostics for your development environment.",
     tier: "free",
     category: "setup",
-    aliases: ["health", "diag"],
     runner: () => require("./runners/runDoctor").runDoctor,
     examples: [
       { command: "vibecheck doctor", description: "Run all health checks" },
       { command: "vibecheck doctor --fix", description: "Auto-fix detected issues" },
       { command: "vibecheck doctor --json", description: "Output as JSON" },
     ],
-    related: ["init", "scan"],
+    related: ["link", "audit"],
   },
 
   watch: {
@@ -109,210 +112,194 @@ const COMMANDS = {
     longDescription: "File watcher that automatically re-runs scans when your code changes.",
     tier: "free",
     category: "setup",
-    aliases: ["w", "dev"],
     runner: () => require("./runners/runWatch").runWatch,
     examples: [
       { command: "vibecheck watch", description: "Start watching" },
       { command: "vibecheck watch --path ./src", description: "Watch specific directory" },
     ],
-    related: ["scan"],
-  },
-
-  scan: {
-    description: "Static code analysis; use --allowlist for false positives",
-    longDescription: "Scan your codebase for route integrity issues, security vulnerabilities, and code quality problems.",
-    tier: "free",
-    category: "proof",
-    aliases: ["s", "check"],
-    runner: () => require("./runners/runScan").runScan,
-    examples: [
-      { command: "vibecheck scan", description: "Quick scan" },
-      { command: "vibecheck scan --profile full", description: "Full scan" },
-      { command: "vibecheck scan --allowlist list", description: "View suppressed findings" },
-    ],
-    related: ["ship", "fix", "report"],
-  },
-
-  report: {
-    description: "Generate HTML/MD/SARIF reports",
-    longDescription: "Create shareable reports from scan results.",
-    tier: "free",
-    category: "output",
-    aliases: ["html", "artifact"],
-    runner: () => require("./runners/runReport").runReport,
-    examples: [
-      { command: "vibecheck report", description: "Generate HTML report" },
-      { command: "vibecheck report --format md", description: "Markdown report" },
-      { command: "vibecheck report --format sarif", description: "SARIF for GitHub" },
-    ],
-    related: ["scan"],
+    related: ["audit"],
   },
 
-  context: {
-    description: "Generate IDE rules (.cursorrules, MDC, Copilot)",
-    longDescription: "Generate project-aware AI coding rules for your IDE.",
+  forge: {
+    description: "🔥 AI Brain Generator - minimal but lethal rules",
+    longDescription: "Generate the smallest set of rules that produce the biggest accuracy lift. Creates .cursorrules, MDC specs, AI contracts, truthpacks, subagents, skills, and hooks. 5-10 rules max by default, expandable tiers.",
     tier: "free",
     category: "truth",
-    aliases: ["rules", "ai-rules", "mdc", "ctx"],
-    runner: () => require("./runners/runContext").runContext,
+    runner: () => require("./runners/runForge").runForge,
     examples: [
-      { command: "vibecheck context", description: "Generate all IDE rules" },
-      { command: "vibecheck context --format cursor", description: ".cursorrules only" },
+      { command: "vibecheck forge", description: "Standard tier (10 rules)" },
+      { command: "vibecheck forge minimal", description: "Minimal tier (5 rules)" },
+      { command: "vibecheck forge extended", description: "Extended tier (20 rules)" },
+      { command: "vibecheck forge --no-incremental", description: "Full regeneration" },
     ],
-    related: ["scan", "guard"],
+    related: ["audit", "shield", "mcp"],
   },
 
-  classify: {
-    description: "Inventory authority - duplication & legacy code maps",
-    longDescription: "Read-only inventory of your codebase including duplication maps and legacy code detection.",
+  audit: {
+    description: "Convincing wrongness detector - find code that LOOKS done but DOESN'T work",
+    longDescription: "Find code that LOOKS done but DOESN'T work. Detects dead routes, ghost env vars, fake success UI, auth drift, mock landmines, silent failures, optimistic bombs, and paid theater.",
     tier: "free",
-    category: "authority",
-    aliases: ["inventory", "audit"],
-    runner: () => require("./runners/runClassify").runClassify,
+    category: "analysis",
+    runner: () => require("./runners/runAudit").runAudit,
     examples: [
-      { command: "vibecheck classify", description: "Quick inventory" },
-      { command: "vibecheck classify --json", description: "JSON output" },
+      { command: "vibecheck audit", description: "Quick scan for convincing wrongness" },
+      { command: "vibecheck audit --deep", description: "Deep scan with cross-file analysis" },
+      { command: "vibecheck audit --fail-on critical --sarif", description: "CI mode with SARIF output" },
+      { command: "vibecheck audit --threshold high", description: "Show only critical and high findings" },
     ],
-    related: ["approve", "scan"],
+    related: ["ship", "fix", "packs", "safelist"],
   },
 
-  login: {
-    description: "Authenticate with API key",
-    longDescription: "Connect your CLI to the vibecheck API.",
+  auth: {
+    description: "Authentication management (login, logout, me, --check, --refresh)",
+    longDescription: "Manage your VibeCheck authentication. Subcommands: login, logout, whoami/me. Flags: --check (validate without prompting), --refresh (force entitlements refresh).",
     tier: "free",
     category: "account",
-    aliases: ["auth", "signin"],
-    runner: () => require("./runners/runAuth").runLogin,
+    runner: () => require("./runners/runAuth").runAuth,
     skipAuth: true,
     examples: [
-      { command: "vibecheck login", description: "Interactive login" },
-      { command: "vibecheck login --key YOUR_API_KEY", description: "Login with key" },
+      { command: "vibecheck auth login", description: "Interactive login" },
+      { command: "vibecheck auth login --key YOUR_API_KEY", description: "Login with key (CI/scripts)" },
+      { command: "vibecheck auth logout", description: "Clear all credentials" },
+      { command: "vibecheck auth whoami", description: "Show user info (alias: me)" },
+      { command: "vibecheck auth --check", description: "Validate auth without prompting (CI)" },
+      { command: "vibecheck auth --refresh", description: "Force refresh entitlements from API" },
     ],
-    related: ["logout", "whoami"],
+    related: [],
   },
 
-  logout: {
-    description: "Remove stored credentials",
+  safelist: {
+    description: "Responsible finding suppression with justification & expiry",
+    longDescription: "A scalpel, not a trash can. Suppress findings responsibly with required justification, owner accountability, and optional expiration. Supports repo-wide and local-only scopes.",
     tier: "free",
-    category: "account",
-    aliases: ["signout"],
-    runner: () => require("./runners/runAuth").runLogout,
-    skipAuth: true,
+    category: "config",
+    runner: () => require("./runners/runSafelist").runSafelist,
     examples: [
-      { command: "vibecheck logout", description: "Clear credentials" },
+      { command: "vibecheck safelist", description: "List safelist entries" },
+      { command: "vibecheck safelist add --id MOCK_DATA_xyz --reason 'Test fixture data' --category false-positive --owner 'Dev Team'", description: "Add with required fields" },
+      { command: "vibecheck safelist add --pattern 'lorem' --reason 'Placeholder text' --category test-fixture --owner 'QA' --expires 30", description: "Add pattern with expiry" },
+      { command: "vibecheck safelist report", description: "Show suppression health report" },
+      { command: "vibecheck safelist remove --id SL_abc123", description: "Remove entry" },
+      { command: "vibecheck safelist clean", description: "Remove expired entries" },
     ],
-    related: ["login", "whoami"],
+    related: ["audit", "ship"],
   },
 
-  whoami: {
-    description: "Show current user and plan",
+  labs: {
+    description: "Experimental & beta features",
+    longDescription: "Access experimental features that are in development.",
     tier: "free",
-    category: "account",
-    aliases: ["me", "user"],
-    runner: () => require("./runners/runAuth").runWhoami,
+    category: "experimental",
+    runner: () => require("./runners/runLabs").runLabs,
     skipAuth: true,
     examples: [
-      { command: "vibecheck whoami", description: "Show user info" },
-    ],
-    related: ["login", "logout"],
-  },
-
-  allowlist: {
-    description: "Manage finding allowlist for false positives",
-    longDescription: "Add, remove, or view allowlist entries to suppress known false positives. Supports patterns, file scopes, and expiration.",
-    tier: "free",
-    category: "setup",
-    aliases: ["al", "suppress"],
-    runner: () => require("./runners/runAllowlist").runAllowlist,
-    examples: [
-      { command: "vibecheck allowlist", description: "List allowlist entries" },
-      { command: "vibecheck allowlist add --id MOCK_DATA_xyz --reason 'Test fixture'", description: "Add by ID" },
-      { command: "vibecheck allowlist add --pattern 'lorem' --reason 'Placeholder'", description: "Add pattern" },
-      { command: "vibecheck allowlist remove --id AL_abc123", description: "Remove entry" },
+      { command: "vibecheck labs", description: "List available features" },
+      { command: "vibecheck labs ai-agent --url http://localhost:3000", description: "AI agent" },
+      { command: "vibecheck labs security-audit", description: "Security audit" },
     ],
-    related: ["scan", "ship"],
+    related: ["audit", "fix"],
   },
 
-  "evidence-pack": {
-    description: "Bundle proof artifacts into shareable packs",
-    longDescription: "Creates shareable evidence packs from proof runs. Bundles videos, traces, screenshots, and findings.",
+  packs: {
+    description: "Artifact factory V2 - ZIP bundle + manifest + HTML index",
+    longDescription: "Turn results into shareable evidence bundles with stable naming, reproducible builds, and cross-links to ship/reality/shield receipts. Subcommands: bundle, evidence, permissions, graph, report, list, cleanup.",
     tier: "free",
     category: "output",
-    aliases: ["pack", "bundle"],
-    runner: () => require("./runners/runEvidencePack").runEvidencePack,
+    runner: () => require("./runners/runPacks").runPacks,
     examples: [
-      { command: "vibecheck evidence-pack", description: "Bundle latest run" },
-      { command: "vibecheck evidence-pack --run-id abc123", description: "Bundle specific run" },
-      { command: "vibecheck evidence-pack --markdown", description: "Markdown report" },
-      { command: "vibecheck evidence-pack --no-videos", description: "Exclude large files" },
+      { command: "vibecheck packs", description: "Create all-in-one evidence bundle (V2)" },
+      { command: "vibecheck packs bundle", description: "ZIP bundle + manifest + HTML index" },
+      { command: "vibecheck packs evidence", description: "Bundle videos, traces, screenshots" },
+      { command: "vibecheck packs permissions", description: "AuthZ matrix, roles, protected routes" },
+      { command: "vibecheck packs graph", description: "Proof graph with receipt cross-links" },
+      { command: "vibecheck packs report --format html", description: "Generate HTML report" },
+      { command: "vibecheck packs report --format sarif", description: "SARIF for GitHub" },
+      { command: "vibecheck packs list", description: "List existing packs and bundles" },
+      { command: "vibecheck packs cleanup", description: "Remove old packs (keeps 5 recent)" },
     ],
-    related: ["prove", "reality"],
+    related: ["prove", "reality", "ship", "fix", "launch"],
+    aliases: ["bundle", "artifacts"],
   },
 
-  labs: {
-    description: "Experimental & beta features",
-    longDescription: "Access experimental features that are in development. Features may change or be removed without notice.",
+  ci: {
+    description: "One-command enterprise CI wiring (GitHub Actions)",
+    longDescription: "Wire up enterprise-grade GitHub Actions CI from zero. Auto-detects your stack (Next.js, Fastify, etc.), package manager, Node version, and creates optimized workflows with SARIF output, PR comments, and status checks.",
     tier: "free",
-    category: "setup",
-    aliases: ["experimental", "beta"],
-    runner: () => require("./runners/runLabs").runLabs,
-    skipAuth: true,
+    category: "ci",
+    runner: () => require("./runners/runCI").runCI,
     examples: [
-      { command: "vibecheck labs", description: "List available features" },
-      { command: "vibecheck labs ai-agent --url http://localhost:3000", description: "AI agent" },
-      { command: "vibecheck labs security-audit", description: "Security audit" },
-      { command: "vibecheck labs smart-fix", description: "AI-powered fixes" },
+      { command: "vibecheck ci", description: "Auto-detect and create CI workflows" },
+      { command: "vibecheck ci --dry-run", description: "Preview without creating files" },
+      { command: "vibecheck ci --full", description: "Create all workflows (audit, ship, e2e, security)" },
+      { command: "vibecheck ci --validate", description: "Validate existing workflows" },
     ],
-    related: ["scan", "fix"],
+    related: ["link", "audit", "ship", "packs"],
   },
 
   // ══════════════════════════════════════════════════════════════
-  // PRO TIER ($69/mo) - Fix, Prove & Enforce
+  // PRO TIER
   // ══════════════════════════════════════════════════════════════
 
-  ship: {
-    description: "Verdict engine - SHIP / WARN / BLOCK",
-    longDescription: "The final word on whether your code is ready to ship. Combines all scan results and generates a clear verdict.",
+  intent: {
+    description: "Declare intent for Agent Firewall enforcement",
+    longDescription: "Manage intent declarations for the Agent Firewall v2.",
     tier: "pro",
-    category: "proof",
-    aliases: ["verdict", "go"],
-    runner: () => require("./runners/runShip").runShip,
+    category: "enforcement",
+    runner: () => require("./runners/runIntent").runIntent,
     examples: [
-      { command: "vibecheck ship", description: "Get shipping verdict" },
-      { command: "vibecheck ship --strict", description: "Fail on warnings" },
-      { command: "vibecheck ship --badge", description: "Generate status badge" },
+      { command: "vibecheck intent set -s \"fix login bug\"", description: "Set intent" },
+      { command: "vibecheck intent show", description: "Show current intent" },
+      { command: "vibecheck intent clear", description: "Clear intent" },
     ],
-    related: ["scan", "prove", "fix"],
+    related: ["approve", "shield", "ship"],
   },
 
-  fix: {
-    description: "AI-powered auto-fix for findings",
-    longDescription: "Generate AI prompts to fix detected issues. Use --apply to let AI make changes directly.",
+  approve: {
+    description: "Review and approve session changes",
+    longDescription: "Review AI changes made during a vibe session (OBSERVE mode).",
     tier: "pro",
-    category: "proof",
-    aliases: ["f", "repair"],
-    runner: () => require("./runners/runFix").runFix,
+    category: "enforcement",
+    runner: () => require("./runners/runApprove").runApprove,
     examples: [
-      { command: "vibecheck fix", description: "Generate fix missions" },
-      { command: "vibecheck fix --apply", description: "Apply AI fixes" },
-      { command: "vibecheck fix --loop", description: "Fix loop until clean" },
+      { command: "vibecheck approve", description: "Interactive review" },
+      { command: "vibecheck approve -y", description: "Auto-approve" },
+      { command: "vibecheck approve --reject", description: "Reject pending changes" },
     ],
-    related: ["scan", "ship"],
+    related: ["intent", "shield"],
   },
 
-  prove: {
-    description: "Full proof loop with runtime verification",
-    longDescription: "Complete verification cycle with runtime testing and evidence generation.",
+  shield: {
+    description: "Agent Firewall - intercept, validate, and enforce AI actions",
+    longDescription: "Unified AI enforcement layer. Subcommands: status, enforce, observe, lock, unlock, verify, check, install.",
     tier: "pro",
-    category: "proof",
-    aliases: ["p", "verify"],
-    runner: () => require("./runners/runProve").runProve,
+    category: "enforcement",
+    runner: () => require("./runners/runShield").runShield,
     examples: [
-      { command: "vibecheck prove", description: "Run full proof loop" },
-      { command: "vibecheck prove --url http://localhost:3000", description: "With runtime testing" },
-      { command: "vibecheck prove --bundle", description: "Generate evidence pack" },
+      { command: "vibecheck shield status", description: "Show firewall status" },
+      { command: "vibecheck shield enforce", description: "Enable enforcement mode" },
+      { command: "vibecheck shield observe", description: "Enable observe-only mode" },
+      { command: "vibecheck shield verify --claims", description: "Verify AI claims" },
+      { command: "vibecheck shield check", description: "v2 enforcement check" },
+      { command: "vibecheck shield install", description: "Install IDE hooks" },
     ],
-    related: ["ship", "reality"],
+    related: ["forge", "ship", "fix", "intent"],
+  },
+
+  launch: {
+    description: "Pre-release validation wizard - last 10 minutes before release",
+    longDescription: "Comprehensive pre-release checklist that validates build, environment, routes, auth, integrations, and security. One command to ensure you're ready to ship.",
+    tier: "pro",
+    category: "automation",
+    runner: () => require("./runners/runLaunch").runLaunch,
+    examples: [
+      { command: "vibecheck launch", description: "Interactive pre-release wizard" },
+      { command: "vibecheck launch --ci", description: "CI mode (non-interactive)" },
+      { command: "vibecheck launch --ci --json", description: "CI mode with JSON output" },
+      { command: "vibecheck launch --strict", description: "Treat warnings as blockers" },
+      { command: "vibecheck launch --only build,env,security", description: "Run specific phases" },
+      { command: "vibecheck launch --bundle", description: "Auto-generate shareable bundle" },
+    ],
+    related: ["ship", "audit", "shield", "packs"],
   },
 
   reality: {
@@ -320,98 +307,120 @@ const COMMANDS = {
     longDescription: "Verify your app's runtime behavior with Playwright-powered browser testing.",
     tier: "pro",
     category: "proof",
-    aliases: ["browser", "e2e"],
     runner: () => require("./runners/runReality").runReality,
     examples: [
       { command: "vibecheck reality --url http://localhost:3000", description: "Test localhost" },
       { command: "vibecheck reality --auth email:pass", description: "With authentication" },
-      { command: "vibecheck reality --agent", description: "AI agent testing" },
     ],
     related: ["prove", "ship"],
   },
 
-  gate: {
-    description: "CI/CD enforcement - fail builds on issues",
-    longDescription: "Enforce quality gates in your CI/CD pipeline.",
+  prove: {
+    description: "Full proof loop with runtime verification",
+    longDescription: "Complete verification cycle: forge → audit → reality → ship → fix loop.",
     tier: "pro",
-    category: "automation",
-    aliases: ["ci", "enforce"],
-    runner: () => require("./runners/runGuard").runGate,
+    category: "proof",
+    runner: () => require("./runners/runProve").runProve,
     examples: [
-      { command: "vibecheck gate", description: "Run CI gate check" },
-      { command: "vibecheck gate --strict", description: "Strict mode" },
+      { command: "vibecheck prove", description: "Run full proof loop" },
+      { command: "vibecheck prove --url http://localhost:3000", description: "With runtime testing" },
     ],
-    related: ["ship", "scan"],
+    related: ["ship", "reality"],
   },
 
-  guard: {
-    description: "AI guardrails - prompt firewall & hallucination checking",
-    longDescription: "Validate AI-generated code and prompts. Detects prompt injection and verifies claims.",
+  ship: {
+    description: "Verdict engine - SHIP / WARN / BLOCK",
+    longDescription: "The final word on whether your code is ready to ship.",
     tier: "pro",
-    category: "truth",
-    aliases: ["ai-guard", "firewall", "validate"],
-    runner: () => require("./runners/runGuard").runGuard,
+    category: "proof",
+    runner: () => require("./runners/runShip").runShip,
     examples: [
-      { command: "vibecheck guard", description: "Run all guardrail checks" },
-      { command: "vibecheck guard --claims", description: "Verify AI claims" },
+      { command: "vibecheck ship", description: "Get shipping verdict" },
+      { command: "vibecheck ship --strict", description: "Fail on warnings" },
     ],
-    related: ["context", "fix"],
+    related: ["audit", "prove", "fix", "seal"],
   },
 
-  mcp: {
-    description: "Start MCP server for AI IDEs",
-    longDescription: "Launch an MCP server for AI IDE integration.",
+  seal: {
+    description: "Generate ship badge and attestation",
+    longDescription: "Generate a ship status badge (SVG) and cryptographic attestation.",
     tier: "pro",
-    category: "automation",
-    aliases: [],
-    runner: () => require("./runners/runMcp").runMcp,
+    category: "output",
+    runner: () => require("./runners/runShip").runSeal,
     examples: [
-      { command: "vibecheck mcp", description: "Start MCP server" },
-      { command: "vibecheck mcp --port 3099", description: "Custom port" },
+      { command: "vibecheck seal", description: "Generate status badge" },
+      { command: "vibecheck seal --format svg", description: "SVG badge" },
+      { command: "vibecheck seal --attest", description: "Include attestation" },
     ],
-    related: ["context"],
+    related: ["ship", "packs"],
   },
 
-  checkpoint: {
-    description: "Compare baseline vs current, hallucination scoring",
-    longDescription: "Track changes between scan runs. Detects new issues, resolved issues, and regressions.",
+  fix: {
+    description: "Mission-based auto-fix with safety gates (V2)",
+    longDescription: "Fix Missions V2 - 'Missions, not chaos'. Transform findings into small, reversible fix missions with pre-flight/post-flight safety gates, checkpoint-based rollback, and plan-only mode for trust building.",
     tier: "pro",
-    category: "analysis",
-    aliases: ["cp", "compare", "diff"],
-    runner: () => require("./runners/runCheckpoint").runCheckpoint,
+    category: "proof",
+    runner: () => require("./runners/runFix").runFix,
     examples: [
-      { command: "vibecheck checkpoint", description: "Compare against baseline" },
-      { command: "vibecheck checkpoint --set", description: "Save new baseline" },
+      { command: "vibecheck fix", description: "Plan missions (no changes)" },
+      { command: "vibecheck fix --plan-only", description: "Full mission briefings with safety gates" },
+      { command: "vibecheck fix --prompt-only", description: "Generate LLM prompts only" },
+      { command: "vibecheck fix --apply", description: "Apply AI fixes with checkpoints" },
+      { command: "vibecheck fix --autopilot --apply", description: "Loop until SHIP or stuck" },
+      { command: "vibecheck fix --mission M_xxx", description: "Run specific mission" },
+      { command: "vibecheck fix --rollback M_xxx", description: "Rollback mission by ID" },
+      { command: "vibecheck fix --force", description: "Override safety gates" },
+      { command: "vibecheck fix --min-confidence 0.7", description: "Set confidence threshold" },
+      { command: "vibecheck fix --max-blast 5", description: "Limit blast radius" },
+      { command: "vibecheck fix --list-checkpoints", description: "List available checkpoints" },
     ],
-    related: ["scan", "fix"],
+    related: ["audit", "ship", "checkpoint"],
   },
 
-  approve: {
-    description: "Authority verdicts - PROCEED/STOP/DEFER with proofs",
-    longDescription: "Execute authorities to get structured verdicts with proofs.",
-    tier: "pro",
-    category: "authority",
-    aliases: ["auth-verdict", "authority"],
-    runner: () => require("./runners/runApprove").runApprove,
+  checkpoint: {
+    description: "⏱️ Time machine - snapshot & restore",
+    longDescription: "Checkpoint is the time machine. Create snapshots before risky actions, restore reliably. Auto-integrates with fix/polish/shield for fearless experimentation.",
+    tier: "free",
+    category: "proof",
+    runner: () => require("./runners/runCheckpoint").runCheckpoint,
     examples: [
-      { command: "vibecheck approve safe-consolidation", description: "Run authority" },
-      { command: "vibecheck approve --list", description: "List authorities" },
+      { command: "vibecheck checkpoint create 'Before refactor'", description: "Manual checkpoint" },
+      { command: "vibecheck checkpoint create --tag pre-fix", description: "Tagged checkpoint" },
+      { command: "vibecheck checkpoint list", description: "List all checkpoints" },
+      { command: "vibecheck checkpoint restore latest", description: "Restore most recent" },
+      { command: "vibecheck checkpoint restore pre-fix", description: "Restore by tag" },
+      { command: "vibecheck checkpoint restore latest --dry-run", description: "Preview restore" },
+      { command: "vibecheck checkpoint diff latest", description: "See changes since" },
+      { command: "vibecheck checkpoint prune --keep 5", description: "Keep 5 most recent" },
+      { command: "vibecheck checkpoint status", description: "Storage status" },
     ],
-    related: ["classify", "ship"],
+    related: ["fix", "polish", "shield"],
   },
 
   polish: {
     description: "Production polish - final cleanup before deploy",
     longDescription: "Final production readiness checks and cleanup.",
     tier: "pro",
-    category: "proof",
-    aliases: ["prod", "final"],
+    category: "quality",
     runner: () => require("./runners/runPolish").runPolish,
     examples: [
       { command: "vibecheck polish", description: "Run polish checks" },
     ],
     related: ["ship", "prove"],
   },
+
+  mcp: {
+    description: "Start MCP server for AI IDEs",
+    longDescription: "Launch an MCP server for AI IDE integration.",
+    tier: "pro",
+    category: "automation",
+    runner: () => require("./runners/runMcp").runMcp,
+    examples: [
+      { command: "vibecheck mcp", description: "Start MCP server" },
+      { command: "vibecheck mcp --port 3099", description: "Custom port" },
+    ],
+    related: ["forge", "shield"],
+  },
 };
 
 // Validate that only allowed commands are defined
@@ -441,34 +450,12 @@ function getProCommands() {
     .map(([name]) => name);
 }
 
-// ─────────────────────────────────────────────────────────────
-// BUILD DERIVED DATA STRUCTURES
-// ─────────────────────────────────────────────────────────────
-
-// Build alias map: { alias -> command }
-const ALIAS_MAP = {};
-for (const [cmdName, cmd] of Object.entries(COMMANDS)) {
-  if (cmd.aliases) {
-    for (const alias of cmd.aliases) {
-      ALIAS_MAP[alias] = cmdName;
-    }
-  }
-}
-
-// All command names including aliases
-const ALL_COMMANDS = new Set([
-  ...Object.keys(COMMANDS),
-  ...Object.keys(ALIAS_MAP),
-]);
-
 // ─────────────────────────────────────────────────────────────
 // GETTERS
 // ─────────────────────────────────────────────────────────────
 
 function getRunner(cmd, opts = {}) {
-  // Resolve alias to canonical command
-  const canonicalCmd = ALIAS_MAP[cmd] || cmd;
-  const def = COMMANDS[canonicalCmd];
+  const def = COMMANDS[cmd];
   
   if (!def) {
     return null;
@@ -482,29 +469,109 @@ function getRunner(cmd, opts = {}) {
     return def.runner();
   } catch (e) {
     if (opts.red && opts.reset) {
-      console.error(`${opts.red}${opts.errorSymbol || '×'} Failed to load runner for ${cmd}: ${e.message}${opts.reset}`);
+      console.error(`${opts.red}× Failed to load runner for ${cmd}: ${e.message}${opts.reset}`);
     }
     return null;
   }
 }
 
 function getCommand(name) {
-  // Check direct name
-  if (COMMANDS[name]) return COMMANDS[name];
-  
-  // Check alias map
-  const canonical = ALIAS_MAP[name];
-  if (canonical && COMMANDS[canonical]) {
-    return { ...COMMANDS[canonical], _resolvedFrom: name, _canonicalName: canonical };
-  }
-  
-  return null;
+  return COMMANDS[name] || null;
 }
 
-function resolveCommand(name) {
-  return ALIAS_MAP[name] || name;
+function isValidCommand(name) {
+  return name in COMMANDS;
 }
 
+function listCommands() {
+  return Object.keys(COMMANDS);
+}
+
+// ─────────────────────────────────────────────────────────────
+// ALIAS MAP - Backwards compatibility for CLI
+// ─────────────────────────────────────────────────────────────
+// Note: The new registry uses canonical names only, but ALIAS_MAP
+// is kept for backwards compatibility with vibecheck.js
+const ALIAS_MAP = {
+  // Legacy aliases → canonical commands
+  "init": "link",
+  "setup": "link",
+  "configure": "link",
+  "quickstart": "kickoff",
+  "qs": "kickoff",
+  "start": "kickoff",
+  "onboard": "kickoff",
+  "health": "doctor",
+  "diag": "doctor",
+  "w": "watch",
+  "dev": "watch",
+  "scan": "audit",
+  "s": "audit",
+  "check": "audit",
+  "context": "forge",
+  "rules": "forge",
+  "ai-rules": "forge",
+  "mdc": "forge",
+  "ctx": "forge",
+  "brain": "forge",
+  "truthpack": "forge",
+  "login": "auth",
+  "logout": "auth",
+  "whoami": "auth",
+  "allowlist": "safelist",
+  "al": "safelist",
+  "suppress": "safelist",
+  "report": "packs",
+  "html": "packs",
+  "artifact": "packs",
+  "artifacts": "packs",
+  "evidence-pack": "packs",
+  "bundle": "packs",
+  "permissions-pack": "packs",
+  "proof-graph": "packs",
+  "gate": "launch",
+  "ci-gate": "launch",
+  "enforce": "launch",
+  "preflight": "launch",
+  "prelaunch": "launch",
+  "guard": "shield",
+  "ai-guard": "shield",
+  "firewall": "shield",
+  "validate": "shield",
+  "f": "fix",
+  "repair": "fix",
+  "missions": "fix",
+  "cp": "checkpoint",
+  "snap": "checkpoint",
+  "snapshot": "checkpoint",
+  "timemachine": "checkpoint",
+  "rollback": "checkpoint",
+  "p": "prove",
+  "verify": "prove",
+  "browser": "reality",
+  "e2e": "reality",
+  "cp": "checkpoint",
+  "compare": "checkpoint",
+  "diff": "checkpoint",
+  "prod": "polish",
+  "final": "polish",
+  "badge": "seal",
+  "attest": "seal",
+  // Auth aliases - top-level shortcuts
+  "login": "auth",
+  "logout": "auth",
+  "whoami": "auth",
+  "me": "auth",
+  "signin": "auth",
+  "signout": "auth",
+};
+
+// All command names including aliases
+const ALL_COMMANDS = new Set([
+  ...Object.keys(COMMANDS),
+  ...Object.keys(ALIAS_MAP),
+]);
+
 // ─────────────────────────────────────────────────────────────
 // EXPORTS
 // ─────────────────────────────────────────────────────────────
@@ -524,8 +591,8 @@ module.exports = {
   // Getters
   getRunner,
   getCommand,
-  resolveCommand,
-  listCommands: () => Object.keys(COMMANDS),
+  isValidCommand,
+  listCommands,
   
   getCommandsByTier: (tier) => 
     Object.entries(COMMANDS)