@vibecheckai/cli 3.9.0 → 4.0.0

package/mcp-server/intent-firewall-interceptor.js

@@ -1,529 +0,0 @@
-/**
- * Intent-Aware Firewall Interceptor - MCP Tool v3.0
- * 
- * ═══════════════════════════════════════════════════════════════════════════════
- * AGENT FIREWALL™ v3.0 - UNIFIED ENFORCEMENT GATEWAY
- * ═══════════════════════════════════════════════════════════════════════════════
- * 
- * SEAMLESS UX: When no intent is declared, changes are OBSERVED (not blocked).
- * Changes are logged to the session collector for later approval.
- * 
- * Now uses the unified EnforcementGateway for all operations:
- * - Real-time interception with explainable blocks
- * - Signed verdicts for audit trail
- * - Fix guidance for each violation
- * 
- * Modes:
- * - No intent → OBSERVE: Log changes, allow to proceed, prompt for intent
- * - Intent exists → ENFORCE: Check alignment, block if not aligned
- * 
- * @module intent-firewall-interceptor
- * @version 3.0.0
- */
-
-import path from "path";
-import fs from "fs";
-import { createRequire } from "module";
-
-// Import tier auth for secure tier validation
-import { getMcpToolAccess } from "./tier-auth.js";
-
-const require = createRequire(import.meta.url);
-
-// Import v3 unified enforcement gateway
-let createGateway, IntentStore, checkAlignment, MODE, VERDICT, SessionCollector;
-let createOrchestrator, ModeConfig; // Legacy compatibility
-try {
-  const agentFirewall = require("../bin/runners/lib/agent-firewall");
-  createGateway = agentFirewall.createGateway;
-  IntentStore = agentFirewall.IntentStore;
-  checkAlignment = agentFirewall.checkAlignment;
-  MODE = agentFirewall.MODE;
-  VERDICT = agentFirewall.VERDICT;
-  SessionCollector = agentFirewall.SessionCollector;
-  
-  // Legacy compatibility
-  createOrchestrator = agentFirewall.createOrchestrator;
-  ModeConfig = agentFirewall.ModeConfig;
-} catch (err) {
-  console.warn(`[Intent Firewall] v3 modules not available: ${err.message}`);
-  
-  // Fallback to v2 imports
-  try {
-    const enforcement = require("../bin/runners/lib/agent-firewall/enforcement");
-    createOrchestrator = enforcement.createOrchestrator;
-    createGateway = enforcement.createGateway;
-    MODE = enforcement.MODE;
-    VERDICT = enforcement.VERDICT;
-    ModeConfig = enforcement.ModeConfig;
-    
-    const intent = require("../bin/runners/lib/agent-firewall/intent");
-    IntentStore = intent.IntentStore;
-    checkAlignment = intent.checkAlignment;
-    
-    const session = require("../bin/runners/lib/agent-firewall/session");
-    SessionCollector = session.SessionCollector;
-  } catch (err2) {
-    console.warn(`[Intent Firewall] Fallback failed: ${err2.message}`);
-  }
-}
-
-/**
- * MCP Tool Definition for Intent-Aware Interception
- */
-const INTENT_FIREWALL_TOOL = {
-  name: "vibecheck_intent_firewall_intercept",
-  description: `🛡️ Intent-Aware Agent Firewall v2.1 - SEAMLESS enforcement.
-
-Intercepts AI code changes with seamless UX:
-- No intent declared? → OBSERVE mode (changes logged, allowed to proceed)
-- Intent declared? → ENFORCE mode (check alignment, block if not aligned)
-
-After a vibe session, run: vibecheck approve
-This reviews logged changes and creates intent retroactively.
-
-Returns: { mode, decision, logged, intent_prompt }`,
-  inputSchema: {
-    type: "object",
-    required: ["agentId", "filePath", "content"],
-    properties: {
-      agentId: {
-        type: "string",
-        description: "Agent identifier (e.g., 'cursor', 'windsurf', 'copilot')"
-      },
-      filePath: {
-        type: "string",
-        description: "File path relative to project root"
-      },
-      content: {
-        type: "string",
-        description: "New file content"
-      },
-      oldContent: {
-        type: "string",
-        description: "Old file content (optional, for diff generation)"
-      },
-      intent: {
-        type: "string",
-        description: "Agent's stated intent for this change (NOT user intent - user intent must be declared via CLI)"
-      },
-      projectRoot: {
-        type: "string",
-        default: ".",
-        description: "Project root directory"
-      },
-      apiKey: {
-        type: "string",
-        description: "API key for authentication"
-      }
-    }
-  }
-};
-
-/**
- * Handle MCP tool call for intent-aware interception
- * Uses the unified EnforcementGateway for all operations
- * 
- * @param {string} name - Tool name (unused)
- * @param {object} args - Tool arguments
- * @returns {object} MCP tool response
- */
-async function handleIntentFirewallIntercept(name, args) {
-  const projectRoot = path.resolve(args.projectRoot || ".");
-  const agentId = args.agentId || "unknown";
-  const filePath = args.filePath;
-  const content = args.content;
-  const oldContent = args.oldContent || null;
-  const agentIntent = args.intent || "No intent provided";
-  
-  // Validate modules are available
-  if (!createGateway && !IntentStore) {
-    return {
-      content: [{
-        type: "text",
-        text: `⚠️ Intent Firewall modules not available. Change allowed but not tracked.`
-      }]
-    };
-  }
-  
-  // Validate file path is within project root
-  const fileAbs = path.resolve(projectRoot, filePath);
-  if (!fileAbs.startsWith(projectRoot + path.sep) && fileAbs !== projectRoot) {
-    return {
-      content: [{
-        type: "text",
-        text: `❌ BLOCKED: File path outside project root: ${filePath}`
-      }],
-      isError: true
-    };
-  }
-  
-  try {
-    // Create enforcement gateway
-    const gateway = createGateway ? createGateway(projectRoot) : null;
-    
-    // Build raw change for gateway
-    const rawChange = {
-      type: oldContent ? "file_write" : "file_create",
-      path: filePath,
-      content,
-      diff: oldContent ? {
-        before: oldContent,
-        after: content,
-      } : null,
-    };
-    
-    // Use gateway if available
-    if (gateway) {
-      const verdict = await gateway.intercept(rawChange, {
-        agentId,
-        interceptionPoint: "mcp_tool",
-        toolName: "vibecheck_intent_firewall_intercept",
-      });
-      
-      // Handle OBSERVE mode (WOULD_PASS/WOULD_BLOCK)
-      if (verdict.decision === "WOULD_PASS" || verdict.decision === "WOULD_BLOCK") {
-        const wouldBlock = verdict.decision === "WOULD_BLOCK";
-        
-        return {
-          content: [{
-            type: "text",
-            text: `📋 OBSERVE MODE - Change ${wouldBlock ? "would be blocked" : "logged"}
-
-File: ${filePath}
-Agent: ${agentId}
-✓ Logged to session for later review
-${wouldBlock ? `\n⚠️ Would block: ${verdict.summary}` : ""}
-
-═══════════════════════════════════════════════════════════════
-No intent declared - running in OBSERVE mode.
-Changes are allowed but logged for review.
-
-After your vibe session, run:
-  vibecheck approve
-
-Or declare intent now for enforcement:
-  vibecheck i "${agentIntent || "your intent"}"
-═══════════════════════════════════════════════════════════════
-
-💡 TIP: Quick intent declaration:
-  vibecheck i "fix login bug"
-  
-This auto-infers constraints from your git context.`
-          }]
-        };
-      }
-      
-      // Handle BLOCK
-      if (verdict.decision === "BLOCK") {
-        // Format violations with fix guidance
-        const violationLines = verdict.violations.map(v => {
-          let line = `❌ [${v.code}] ${v.message}`;
-          if (v.evidence?.file) line += `\n   File: ${v.evidence.file}:${v.evidence.line || ''}`;
-          if (v.evidence?.snippet) line += `\n   Snippet: ${v.evidence.snippet.substring(0, 60)}...`;
-          if (v.fix_hint) line += `\n   Fix: ${v.fix_hint}`;
-          return line;
-        }).join("\n\n");
-        
-        // Format fix guidance
-        const fixCommands = (verdict.fix_guidance || [])
-          .filter(f => f.command)
-          .map(f => `  ${f.command}`)
-          .join("\n");
-        
-        return {
-          content: [{
-            type: "text",
-            text: `═══════════════════════════════════════════════════════════════════════════════
-BLOCKED BY AGENT FIREWALL
-═══════════════════════════════════════════════════════════════════════════════
-
-${violationLines}
-
-═══════════════════════════════════════════════════════════════════════════════
-Verdict: ${verdict.decision}
-Violations: ${verdict.violations.length}
-Intent Hash: ${verdict.intent_hash?.slice(0, 16) || "NONE"}...
-Verdict Hash: ${verdict.verdict_hash?.slice(0, 16)}...
-
-To proceed:
-${fixCommands || "  Review and fix the violations above"}
-═══════════════════════════════════════════════════════════════════════════════`
-          }],
-          isError: true
-        };
-      }
-      
-      // Handle PASS
-      const intentStore = new IntentStore(projectRoot);
-      const userIntent = intentStore.getCurrent({ allowMissing: true });
-      
-      return {
-        content: [{
-          type: "text",
-          text: `✅ ALLOWED BY AGENT FIREWALL
-
-Verdict: ${verdict.decision}
-File: ${filePath}
-
-Intent Aligned:
-  "${userIntent?.summary || "No intent"}"
-
-═══════════════════════════════════════════════════════════════════════════════
-Intent Hash: ${verdict.intent_hash?.slice(0, 16) || "NONE"}...
-Verdict Hash: ${verdict.verdict_hash?.slice(0, 16)}...
-Proofs: ${verdict.proofs?.length || 0} verified
-═══════════════════════════════════════════════════════════════════════════════
-
-Change may proceed.`
-        }]
-      };
-    }
-    
-    // Fallback to legacy orchestrator if gateway not available
-    const intentStore = new IntentStore(projectRoot);
-    const userIntent = intentStore.getCurrent({ allowMissing: true });
-    const hasUserIntent = intentStore.hasIntent();
-    const isBlockingIntent = userIntent?.summary?.includes("NO INTENT DECLARED");
-    
-    // OBSERVE mode fallback
-    if (!hasUserIntent || isBlockingIntent) {
-      if (SessionCollector) {
-        try {
-          const collector = new SessionCollector(projectRoot);
-          collector.record({
-            type: oldContent ? "file_modify" : "file_create",
-            path: filePath,
-            agent_id: agentId,
-          });
-        } catch {}
-      }
-      
-      return {
-        content: [{
-          type: "text",
-          text: `📋 OBSERVE MODE - Change logged
-
-File: ${filePath}
-Agent: ${agentId}
-
-═══════════════════════════════════════════════════════════════
-No intent declared. Run: vibecheck approve after session.
-═══════════════════════════════════════════════════════════════`
-        }]
-      };
-    }
-    
-    // Legacy alignment check
-    const changeEvent = {
-      type: oldContent ? "file_write" : "file_create",
-      location: filePath,
-      diff: oldContent ? { before: oldContent, after: content } : null,
-      content,
-      domain: classifyDomain(filePath),
-      claims: [],
-      timestamp: new Date().toISOString(),
-    };
-    
-    const alignmentResult = checkAlignment(userIntent, changeEvent);
-    
-    if (!alignmentResult.aligned) {
-      const violations = alignmentResult.violations.map(v => 
-        `- [${v.code}] ${v.message}\n  Resource: ${v.resource}`
-      ).join("\n\n");
-      
-      return {
-        content: [{
-          type: "text",
-          text: `❌ BLOCKED BY AGENT FIREWALL
-
-${violations}
-
-Intent: "${userIntent.summary}"
-Intent Hash: ${userIntent.hash?.slice(0, 16)}...`
-        }],
-        isError: true
-      };
-    }
-    
-    return {
-      content: [{
-        type: "text",
-        text: `✅ ALLOWED - Intent aligned: "${userIntent.summary}"`
-      }]
-    };
-    
-  } catch (error) {
-    return {
-      content: [{
-        type: "text",
-        text: `❌ BLOCKED: Enforcement error: ${error.message}\n\n${error.stack}`
-      }],
-      isError: true
-    };
-  }
-}
-
-/**
- * Classify file domain
- * @param {string} filePath - File path
- * @returns {string} Domain
- */
-function classifyDomain(filePath) {
-  if (!filePath) return "general";
-  const s = filePath.toLowerCase();
-  if (s.includes("auth")) return "auth";
-  if (s.includes("stripe") || s.includes("payment")) return "payments";
-  if (s.includes("routes") || s.includes("router") || s.includes("api")) return "routes";
-  if (s.includes("schema") || s.includes("contract")) return "contracts";
-  if (s.includes("ui") || s.includes("components") || s.includes("pages")) return "ui";
-  if (s.includes("database") || s.includes("prisma") || s.includes("migration")) return "database";
-  return "general";
-}
-
-/**
- * MCP Tool for getting current intent status
- */
-const INTENT_STATUS_TOOL = {
-  name: "vibecheck_intent_status",
-  description: `📋 Get current firewall status and pending changes.
-
-Shows:
-- Current mode (OBSERVE/ENFORCE)
-- Intent status (if declared)
-- Pending session changes (if in OBSERVE mode)
-
-Returns: { mode, hasIntent, pendingChanges, summary }`,
-  inputSchema: {
-    type: "object",
-    properties: {
-      projectRoot: {
-        type: "string",
-        default: ".",
-        description: "Project root directory"
-      }
-    }
-  }
-};
-
-/**
- * Handle intent status tool call
- */
-async function handleIntentStatus(name, args) {
-  const projectRoot = path.resolve(args.projectRoot || ".");
-  
-  if (!IntentStore) {
-    return {
-      content: [{
-        type: "text",
-        text: `⚠️ Intent system not available`
-      }]
-    };
-  }
-  
-  try {
-    const intentStore = new IntentStore(projectRoot);
-    const intent = intentStore.getCurrent({ allowMissing: true });
-    const hasIntent = intentStore.hasIntent();
-    const isBlocking = intent?.summary?.includes("NO INTENT DECLARED");
-    
-    // Get session info if available
-    let sessionInfo = null;
-    if (SessionCollector) {
-      try {
-        const collector = new SessionCollector(projectRoot);
-        if (collector.hasPending()) {
-          sessionInfo = collector.getSummary();
-        }
-      } catch {
-        // Ignore session errors
-      }
-    }
-    
-    if (!hasIntent || isBlocking) {
-      // OBSERVE MODE - show session info
-      let response = `📋 OBSERVE MODE (no intent declared)\n\n`;
-      response += `Changes are allowed and logged for later review.\n\n`;
-      
-      if (sessionInfo) {
-        response += `═══════════════════════════════════════════════════════════════\n`;
-        response += `SESSION CHANGES\n`;
-        response += `  Files touched: ${sessionInfo.files_touched}\n`;
-        response += `  Total changes: ${sessionInfo.total_changes}\n`;
-        response += `  Duration: ${sessionInfo.duration_minutes} minutes\n`;
-        response += `  Domains: ${sessionInfo.domains.join(", ") || "(none)"}\n`;
-        response += `═══════════════════════════════════════════════════════════════\n\n`;
-        response += `When done, run: vibecheck approve\n`;
-      } else {
-        response += `No changes logged yet in this session.\n`;
-      }
-      
-      response += `\n💡 Quick intent: vibecheck i "your intent"\n`;
-      
-      return {
-        content: [{
-          type: "text",
-          text: response
-        }]
-      };
-    }
-    
-    // ENFORCE MODE - show intent
-    let response = `✅ ENFORCE MODE (intent active)\n\n`;
-    response += `Summary: ${intent.summary}\n\n`;
-    
-    if (intent.constraints && intent.constraints.length > 0) {
-      response += `Constraints:\n`;
-      for (const c of intent.constraints) {
-        response += `  - ${c}\n`;
-      }
-      response += "\n";
-    }
-    
-    if (intent.allowed_changes && intent.allowed_changes.length > 0) {
-      response += `Allowed Changes:\n`;
-      for (const ac of intent.allowed_changes) {
-        response += `  - [${ac.type}] ${ac.target || ac.pattern}\n`;
-      }
-      response += "\n";
-    }
-    
-    if (intent.scope) {
-      response += `Scope:\n`;
-      if (intent.scope.directories) {
-        response += `  Directories: ${intent.scope.directories.join(", ")}\n`;
-      }
-      if (intent.scope.domains) {
-        response += `  Domains: ${intent.scope.domains.join(", ")}\n`;
-      }
-      response += "\n";
-    }
-    
-    response += `Hash: ${intent.hash?.slice(0, 16)}...\n`;
-    response += `Version: ${intent.version || 1}\n`;
-    response += `Created: ${intent.created_at}`;
-    
-    return {
-      content: [{
-        type: "text",
-        text: response
-      }]
-    };
-    
-  } catch (error) {
-    return {
-      content: [{
-        type: "text",
-        text: `❌ Error: ${error.message}`
-      }],
-      isError: true
-    };
-  }
-}
-
-export {
-  INTENT_FIREWALL_TOOL,
-  handleIntentFirewallIntercept,
-  INTENT_STATUS_TOOL,
-  handleIntentStatus
-};

package/mcp-server/lib/api-client.cjs

@@ -1,13 +0,0 @@
-/**
- * API Client - MCP Server Re-export
- * 
- * This module re-exports from the canonical bin/runners/lib/api-client.js
- * DO NOT add implementation here.
- * 
- * @see ../../../bin/runners/lib/api-client.js for the canonical implementation
- */
-
-"use strict";
-
-// Re-export everything from the canonical api-client
-module.exports = require('../../bin/runners/lib/api-client.js');