@vibecheckai/cli 3.7.0 → 3.8.0

package/bin/runners/lib/agent-firewall/enforcement/schemas/intent.schema.json

@@ -0,0 +1,181 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://vibecheckai.dev/schemas/intent/v3",
+  "title": "Agent Firewall Intent Schema v3",
+  "description": "User-declared intent that constrains AI agent behavior. Immutable once created.",
+  "type": "object",
+  "required": ["summary", "constraints", "created_at", "hash", "version"],
+  "properties": {
+    "summary": {
+      "type": "string",
+      "description": "Human-written summary of intended change (10-500 chars)",
+      "minLength": 10,
+      "maxLength": 500
+    },
+    "constraints": {
+      "type": "array",
+      "description": "Hard constraints that MUST be respected. Violations = BLOCK.",
+      "items": {
+        "type": "string",
+        "minLength": 5
+      },
+      "minItems": 0
+    },
+    "allowed_changes": {
+      "type": "array",
+      "description": "Explicit whitelist of allowed modifications",
+      "items": {
+        "$ref": "#/definitions/AllowedChange"
+      }
+    },
+    "blocked_patterns": {
+      "type": "array",
+      "description": "Patterns that are explicitly blocked regardless of other rules",
+      "items": {
+        "type": "object",
+        "required": ["pattern", "reason"],
+        "properties": {
+          "pattern": { "type": "string" },
+          "reason": { "type": "string" },
+          "severity": { "enum": ["block", "warn"] }
+        }
+      }
+    },
+    "scope": {
+      "$ref": "#/definitions/IntentScope"
+    },
+    "created_at": {
+      "type": "string",
+      "format": "date-time"
+    },
+    "expires_at": {
+      "type": "string",
+      "format": "date-time",
+      "description": "Intent automatically expires after this time"
+    },
+    "hash": {
+      "type": "string",
+      "pattern": "^[a-f0-9]{64}$",
+      "description": "SHA-256 hash of (summary + constraints + allowed_changes) for immutability"
+    },
+    "version": {
+      "type": "integer",
+      "minimum": 1,
+      "description": "Intent version, increments on amendments"
+    },
+    "parent_hash": {
+      "type": "string",
+      "pattern": "^[a-f0-9]{64}$",
+      "description": "Hash of parent intent if this is an amendment"
+    },
+    "session_id": {
+      "type": "string",
+      "description": "IDE/session identifier"
+    },
+    "author": {
+      "type": "string",
+      "description": "User who declared the intent"
+    },
+    "reality_requirements": {
+      "type": "array",
+      "description": "Required proofs before shipping",
+      "items": {
+        "$ref": "#/definitions/RealityRequirement"
+      }
+    }
+  },
+  "definitions": {
+    "AllowedChange": {
+      "type": "object",
+      "required": ["type"],
+      "properties": {
+        "type": {
+          "enum": [
+            "file_create",
+            "file_modify",
+            "file_delete",
+            "route_add",
+            "route_modify",
+            "route_delete",
+            "env_add",
+            "env_modify",
+            "permission_add",
+            "permission_modify",
+            "config_change",
+            "migration_add",
+            "test_add"
+          ]
+        },
+        "target": {
+          "type": "string",
+          "description": "Exact path or identifier"
+        },
+        "pattern": {
+          "type": "string",
+          "description": "Glob pattern for matching multiple targets"
+        },
+        "reason": {
+          "type": "string",
+          "description": "Why this change is allowed"
+        },
+        "max_lines": {
+          "type": "integer",
+          "description": "Maximum lines that can be changed"
+        },
+        "requires_test": {
+          "type": "boolean",
+          "description": "Change requires accompanying test"
+        }
+      }
+    },
+    "IntentScope": {
+      "type": "object",
+      "properties": {
+        "directories": {
+          "type": "array",
+          "items": { "type": "string" },
+          "description": "Allowed directories"
+        },
+        "file_patterns": {
+          "type": "array",
+          "items": { "type": "string" },
+          "description": "Allowed file patterns (glob)"
+        },
+        "domains": {
+          "type": "array",
+          "items": {
+            "enum": ["auth", "payments", "routes", "contracts", "ui", "database", "config", "general", "tests"]
+          },
+          "description": "Allowed domains"
+        },
+        "excluded_paths": {
+          "type": "array",
+          "items": { "type": "string" },
+          "description": "Paths explicitly excluded from any changes"
+        },
+        "protected_files": {
+          "type": "array",
+          "items": { "type": "string" },
+          "description": "Files that cannot be modified under any circumstances"
+        }
+      }
+    },
+    "RealityRequirement": {
+      "type": "object",
+      "required": ["type", "target"],
+      "properties": {
+        "type": {
+          "enum": ["route_reachable", "auth_enforced", "env_exists", "test_passes", "ui_renders"]
+        },
+        "target": {
+          "type": "string",
+          "description": "What to verify"
+        },
+        "method": {
+          "enum": ["http", "browser", "cli", "unit"],
+          "description": "Verification method"
+        }
+      }
+    }
+  }
+}

package/bin/runners/lib/agent-firewall/enforcement/schemas/verdict.schema.json

@@ -0,0 +1,222 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://vibecheckai.dev/schemas/verdict/v3",
+  "title": "Agent Firewall Verdict Schema v3",
+  "description": "Immutable, signed verdict produced by the enforcement system",
+  "type": "object",
+  "required": ["id", "decision", "mode", "timestamp", "verdict_hash", "intent_hash"],
+  "properties": {
+    "id": {
+      "type": "string",
+      "pattern": "^vrd-[a-z0-9]{12,}$",
+      "description": "Unique verdict ID"
+    },
+    "decision": {
+      "enum": ["PASS", "BLOCK", "WOULD_PASS", "WOULD_BLOCK"],
+      "description": "Final decision. WOULD_* used in OBSERVE mode only."
+    },
+    "mode": {
+      "enum": ["ENFORCE", "OBSERVE", "CI", "IDE"],
+      "description": "Mode used during evaluation"
+    },
+    "violations": {
+      "type": "array",
+      "description": "All violations that contributed to BLOCK decision",
+      "items": {
+        "$ref": "#/definitions/Violation"
+      }
+    },
+    "proofs": {
+      "type": "array",
+      "description": "Proof artifacts collected during evaluation",
+      "items": {
+        "$ref": "#/definitions/ProofArtifact"
+      }
+    },
+    "intent_hash": {
+      "type": ["string", "null"],
+      "description": "Hash of intent used for evaluation (null if no intent)"
+    },
+    "change_events": {
+      "type": "array",
+      "description": "IDs of change events evaluated",
+      "items": { "type": "string" }
+    },
+    "timestamp": {
+      "type": "string",
+      "format": "date-time"
+    },
+    "verdict_hash": {
+      "type": "string",
+      "pattern": "^[a-f0-9]{64}$",
+      "description": "SHA-256 hash of verdict content for integrity"
+    },
+    "signature": {
+      "type": "object",
+      "description": "Cryptographic signature for audit trail",
+      "properties": {
+        "algorithm": {
+          "enum": ["sha256-hmac", "ed25519", "none"]
+        },
+        "value": { "type": "string" },
+        "key_id": { "type": "string" },
+        "signed_at": { "type": "string", "format": "date-time" }
+      }
+    },
+    "chain": {
+      "type": "object",
+      "description": "Hash chain for audit trail",
+      "properties": {
+        "previous_verdict_hash": {
+          "type": ["string", "null"],
+          "description": "Hash of previous verdict in session"
+        },
+        "sequence_number": {
+          "type": "integer",
+          "description": "Verdict sequence number in session"
+        },
+        "session_id": { "type": "string" }
+      }
+    },
+    "summary": {
+      "type": "string",
+      "description": "Human-readable summary"
+    },
+    "block_message": {
+      "type": "string",
+      "description": "Formatted block message for agent consumption"
+    },
+    "fix_guidance": {
+      "type": "array",
+      "description": "Actionable fix suggestions",
+      "items": {
+        "$ref": "#/definitions/FixGuidance"
+      }
+    },
+    "metadata": {
+      "type": "object",
+      "properties": {
+        "run_id": { "type": "string" },
+        "agent_id": { "type": "string" },
+        "project_root": { "type": "string" },
+        "file_count": { "type": "integer" },
+        "evaluation_duration_ms": { "type": "integer" },
+        "vibecheck_version": { "type": "string" }
+      }
+    }
+  },
+  "definitions": {
+    "Violation": {
+      "type": "object",
+      "required": ["code", "rule", "message", "resource", "severity"],
+      "properties": {
+        "code": {
+          "type": "string",
+          "description": "Unique violation code (e.g., UNDECLARED_ROUTE)"
+        },
+        "rule": {
+          "type": "string",
+          "description": "Rule that was violated"
+        },
+        "message": {
+          "type": "string",
+          "description": "Human-readable message"
+        },
+        "resource": {
+          "type": "string",
+          "description": "What was violated (file path, route, etc)"
+        },
+        "intent_ref": {
+          "type": "string",
+          "description": "Which part of intent was violated"
+        },
+        "severity": {
+          "enum": ["block", "warn"]
+        },
+        "evidence": {
+          "type": "object",
+          "description": "Evidence of violation",
+          "properties": {
+            "file": { "type": "string" },
+            "line": { "type": "integer" },
+            "snippet": { "type": "string" },
+            "expected": { "type": "string" },
+            "actual": { "type": "string" }
+          }
+        },
+        "fix_hint": {
+          "type": "string",
+          "description": "Quick fix suggestion"
+        }
+      }
+    },
+    "ProofArtifact": {
+      "type": "object",
+      "required": ["id", "type", "status", "target"],
+      "properties": {
+        "id": {
+          "type": "string",
+          "pattern": "^prf-[a-z]+-[a-z0-9]+$"
+        },
+        "type": {
+          "enum": ["route", "auth", "ui", "integration", "env", "contract", "test"]
+        },
+        "status": {
+          "enum": ["verified", "failed", "pending", "skipped"]
+        },
+        "target": {
+          "type": "string",
+          "description": "What was verified"
+        },
+        "trace": {
+          "type": "string",
+          "description": "Reference to evidence (file, screenshot, log)"
+        },
+        "verified_at": {
+          "type": "string",
+          "format": "date-time"
+        },
+        "method": {
+          "enum": ["static", "runtime", "browser", "http"]
+        },
+        "details": {
+          "type": "object",
+          "description": "Type-specific verification details"
+        },
+        "error": {
+          "type": "string",
+          "description": "Error message if failed"
+        }
+      }
+    },
+    "FixGuidance": {
+      "type": "object",
+      "required": ["violation_code", "action"],
+      "properties": {
+        "violation_code": {
+          "type": "string",
+          "description": "Code of violation this fixes"
+        },
+        "action": {
+          "enum": ["update_intent", "add_file", "modify_file", "add_env", "add_route", "add_test", "remove_code"]
+        },
+        "target": {
+          "type": "string",
+          "description": "What to modify"
+        },
+        "command": {
+          "type": "string",
+          "description": "CLI command to run (if applicable)"
+        },
+        "explanation": {
+          "type": "string",
+          "description": "Why this fix works"
+        },
+        "auto_fixable": {
+          "type": "boolean",
+          "description": "Can this be auto-fixed by vibecheck fix?"
+        }
+      }
+    }
+  }
+}