@vibecheckai/cli 3.9.1 → 4.0.0

package/mcp-server/consolidated-tools.js

@@ -1,1170 +0,0 @@
-/**
- * Vibecheck MCP Consolidated Tools
- * 
- * Reduced from 50+ tools to a curated set for agents.
- * Each tool returns evidence-backed responses with file/line citations.
- * 
- * Tool Categories:
- * 1. Core Commands (5) - ship, scan, fix, verify, ctx
- * 2. Truth Queries (5) - truthpack, routes, env, auth, billing
- * 3. Evidence (3) - validate_claim, evidence, proof_graph
- * 4. Proof Artifacts (2) - evidence_pack, allowlist
- * 5. Utilities (2) - status, doctor
- * 
- * Response Format (Standardized):
- * {
- *   ok: boolean,
- *   data: any,
- *   evidence: Array<{ file, line, snippet, confidence }>,
- *   metadata: { timestamp, cached, projectFingerprint }
- * }
- */
-
-import { execSync, spawn } from 'child_process';
-import fs from 'fs';
-import path from 'path';
-import { handleTruthFirewallTool } from './truth-firewall-tools.js';
-import { PROOF_TOOLS, handleProofTool } from './proof-tools.js';
-
-// ============================================================================
-// STANDARDIZED RESPONSE WRAPPER
-// ============================================================================
-
-function wrapResponse(data, options = {}) {
-  const { evidence = [], cached = false, error = null } = options;
-  
-  if (error) {
-    return {
-      ok: false,
-      error: typeof error === 'string' ? error : error.message,
-      data: null,
-      evidence: [],
-      metadata: {
-        timestamp: new Date().toISOString(),
-        cached: false
-      }
-    };
-  }
-  
-  return {
-    ok: true,
-    data,
-    evidence: evidence.map(e => ({
-      file: e.file || null,
-      line: e.line || e.lines || null,
-      snippet: e.snippet || e.code || null,
-      confidence: e.confidence || 0.9,
-      reason: e.reason || null
-    })),
-    metadata: {
-      timestamp: new Date().toISOString(),
-      cached
-    }
-  };
-}
-
-// ============================================================================
-// TOOL DEFINITIONS (Curated for Agents)
-// ============================================================================
-
-const ALL_TOOLS = [
-  // === CORE COMMANDS (5) ===
-  {
-    name: "vibecheck.ship",
-    description: "Get ship verdict: SHIP/WARN/BLOCK with evidence. Returns top blockers and fix suggestions.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." },
-        strict: { type: "boolean", description: "Treat warnings as blockers", default: false },
-        json: { type: "boolean", description: "Return raw JSON output", default: false }
-      }
-    }
-  },
-  {
-    name: "vibecheck.scan",
-    description: "Deep scan for ship-killers: secrets, auth gaps, fake success, dead UI, billing bypasses.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." },
-        profile: { 
-          type: "string", 
-          enum: ["quick", "full", "security", "billing"],
-          description: "Scan profile",
-          default: "quick"
-        }
-      }
-    }
-  },
-  {
-    name: "vibecheck.fix",
-    description: "Generate fix plan or apply patches for findings. Returns evidence-backed fix suggestions.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." },
-        apply: { type: "boolean", description: "Apply patches (requires clean git)", default: false },
-        promptOnly: { type: "boolean", description: "Generate prompts only, no patches", default: false }
-      }
-    }
-  },
-  {
-    name: "vibecheck.verify",
-    description: "Runtime verification using Playwright. Tests UI behavior, auth flows, dead buttons.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        url: { type: "string", description: "Base URL to verify (required)" },
-        auth: { type: "string", description: "Login credentials as email:password" },
-        paths: { type: "string", description: "Comma-separated paths to test" },
-        budget: { type: "string", enum: ["2m", "5m", "10m"], description: "Time budget", default: "5m" }
-      },
-      required: ["url"]
-    }
-  },
-  {
-    name: "vibecheck.ctx",
-    description: "Generate Truth Pack with routes, env, auth, billing facts. Evidence-backed context.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." },
-        snapshot: { type: "boolean", description: "Save timestamped snapshot", default: false }
-      }
-    }
-  },
-
-  // === TRUTH QUERIES (5) ===
-  {
-    name: "vibecheck.get_truthpack",
-    description: "Get the full Truth Pack for the project. Use this BEFORE making claims about the codebase.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." },
-        refresh: { type: "boolean", description: "Force regenerate truthpack", default: false }
-      }
-    }
-  },
-  {
-    name: "vibecheck.get_routes",
-    description: "Get all server and client routes with file/line evidence.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." },
-        type: { type: "string", enum: ["server", "client", "all"], default: "all" }
-      }
-    }
-  },
-  {
-    name: "vibecheck.get_env",
-    description: "Get env vars: declared, used, mismatches. Evidence-backed.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." }
-      }
-    }
-  },
-  {
-    name: "vibecheck.get_auth",
-    description: "Get auth model: guards, protected routes, unprotected routes, gaps.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." }
-      }
-    }
-  },
-  {
-    name: "vibecheck.get_billing",
-    description: "Get billing model: gates, paid features, bypasses, enforcement gaps.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." }
-      }
-    }
-  },
-
-  // === EVIDENCE (3) ===
-  {
-    name: "vibecheck.validate_claim",
-    description: "Validate a claim about the codebase. Returns true/false/unknown with evidence.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." },
-        claim: { type: "string", description: "The claim to validate (required)" },
-        type: { 
-          type: "string", 
-          enum: ["route_exists", "env_var_used", "auth_enforced", "file_exists", "function_exists"],
-          description: "Type of claim"
-        }
-      },
-      required: ["claim"]
-    }
-  },
-  {
-    name: "vibecheck.compile_context",
-    description: "Get task-focused context with invariants and policy controls.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." },
-        task: { type: "string", description: "Task description" },
-        policy: { type: "string", enum: ["strict", "balanced", "permissive"], default: "strict" }
-      },
-      required: ["task"]
-    }
-  },
-  {
-    name: "vibecheck.search_evidence",
-    description: "Search for evidence with file/line citations.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." },
-        query: { type: "string", description: "What to search for" },
-        type: { type: "string", enum: ["route", "handler", "middleware", "component", "env_var", "model", "any"], default: "any" },
-        limit: { type: "number", default: 10 }
-      },
-      required: ["query"]
-    }
-  },
-  {
-    name: "vibecheck.find_counterexamples",
-    description: "Find counterexamples that falsify auth/billing claims.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." },
-        claim: { type: "string", enum: ["auth_enforced", "billing_gate_exists", "route_guarded", "no_bypass"] },
-        subject: { type: "object" }
-      },
-      required: ["claim", "subject"]
-    }
-  },
-  {
-    name: "vibecheck.check_invariants",
-    description: "Check invariants (auth/billing/ux/api) for ship-killers.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." },
-        category: { type: "string", enum: ["all", "auth", "billing", "security", "ux", "api"], default: "all" }
-      }
-    }
-  },
-  {
-    name: "vibecheck.get_evidence",
-    description: "Get file/line evidence for a specific finding or claim.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." },
-        findingId: { type: "string", description: "Finding ID to get evidence for" },
-        file: { type: "string", description: "File path to extract evidence from" },
-        pattern: { type: "string", description: "Regex pattern to search for" }
-      }
-    }
-  },
-  {
-    name: "vibecheck.get_proof_graph",
-    description: "Get the proof graph: claims -> evidence -> gaps -> risk score.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." }
-      }
-    }
-  },
-
-  // === SPEC-REQUIRED TOOLS (4) ===
-  {
-    name: "vibecheck.get_contracts",
-    description: "Get context contracts (routes, env, auth, external). Use with validate_plan to stop hallucinations.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." }
-      }
-    }
-  },
-  {
-    name: "vibecheck.validate_plan",
-    description: "Validate an AI-generated plan against contracts. Returns violations for invented routes, missing env vars, auth mismatches.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." },
-        plan: { 
-          type: "array", 
-          description: "Array of plan actions to validate",
-          items: {
-            type: "object",
-            properties: {
-              action: { type: "string" },
-              target: { type: "string" },
-              details: { type: "object" }
-            }
-          }
-        }
-      },
-      required: ["plan"]
-    }
-  },
-  {
-    name: "vibecheck.share",
-    description: "Build share pack from latest mission. Generates sanitized share.json, share.md, pr_comment.md.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." },
-        missionDir: { type: "string", description: "Specific mission directory (default: latest)" }
-      }
-    }
-  },
-  {
-    name: "vibecheck.pr_comment",
-    description: "Render PR comment markdown from last ship report. Ready to paste into GitHub PR.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." },
-        maxFindings: { type: "number", description: "Max findings to include", default: 12 }
-      }
-    }
-  },
-
-  // === PROOF ARTIFACTS (2) ===
-  {
-    name: "vibecheck.evidence_pack",
-    description: "Build shareable evidence pack with videos, traces, screenshots. Returns zip path.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." },
-        includeVideos: { type: "boolean", description: "Include recorded videos", default: true },
-        includeTraces: { type: "boolean", description: "Include Playwright traces", default: true },
-        includeScreenshots: { type: "boolean", description: "Include screenshots", default: true },
-        applyAllowlist: { type: "boolean", description: "Filter by allowlist", default: true }
-      }
-    }
-  },
-  {
-    name: "vibecheck.allowlist",
-    description: "Manage finding allowlist. Add entries to suppress known false positives.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." },
-        action: { 
-          type: "string", 
-          enum: ["list", "add", "remove", "check"],
-          description: "Action to perform",
-          default: "list"
-        },
-        findingId: { type: "string", description: "Finding ID to add/remove (for add/remove)" },
-        pattern: { type: "string", description: "Pattern to match (for add)" },
-        reason: { type: "string", description: "Reason for allowlisting (for add)" },
-        scope: { type: "string", enum: ["global", "file", "line"], default: "global" }
-      }
-    }
-  },
-
-  // === UTILITIES (2) ===
-  {
-    name: "vibecheck.status",
-    description: "Get current vibecheck status: last verdict, findings count, truthpack freshness.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." }
-      }
-    }
-  },
-  {
-    name: "vibecheck.doctor",
-    description: "Environment health check. Verifies dependencies, configs, permissions.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Path to project root", default: "." }
-      }
-    }
-  },
-  
-  // === RUNTIME (1) ===
-  {
-    name: "vibecheck.reality",
-    description: "Run runtime browser verification with optional video/trace recording.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        url: { type: "string", description: "Base URL to verify (required)" },
-        projectPath: { type: "string", description: "Path to project root", default: "." },
-        auth: { type: "string", description: "Login credentials as email:password" },
-        recordVideo: { type: "boolean", description: "Record video of session", default: false },
-        recordTrace: { type: "boolean", description: "Record Playwright trace", default: false },
-        maxPages: { type: "number", description: "Max pages to crawl", default: 18 }
-      },
-      required: ["url"]
-    }
-  }
-];
-
-const ALLOWED_TOOL_NAMES = new Set([
-  // Core
-  "vibecheck.ship",
-  "vibecheck.scan",
-  "vibecheck.ctx",
-  // Truth
-  "vibecheck.get_truthpack",
-  "vibecheck.validate_claim",
-  "vibecheck.compile_context",
-  "vibecheck.search_evidence",
-  "vibecheck.find_counterexamples",
-  "vibecheck.check_invariants",
-  // Proof artifacts
-  "vibecheck.evidence_pack",
-  "vibecheck.allowlist",
-  // Runtime
-  "vibecheck.reality",
-  // Proof tools (new)
-  "vibecheck.prove",
-  "vibecheck.prove_status",
-  "vibecheck.get_evidence",
-  "vibecheck.check_flaky",
-  "vibecheck.allowlist_add",
-  "vibecheck.get_proof_graph",
-  // Utilities
-  "vibecheck.status",
-]);
-
-// Combine base tools with proof tools
-const COMBINED_TOOLS = [...ALL_TOOLS, ...PROOF_TOOLS];
-
-export const CONSOLIDATED_TOOLS = COMBINED_TOOLS.filter((tool) =>
-  ALLOWED_TOOL_NAMES.has(tool.name),
-);
-
-// ============================================================================
-// TOOL HANDLERS
-// ============================================================================
-
-export async function handleConsolidatedTool(name, args) {
-  const projectPath = args.projectPath || process.cwd();
-  
-  switch (name) {
-    // Core Commands
-    case "vibecheck.ship":
-      return wrapResponse(await runCliCommand("ship", projectPath, args));
-    case "vibecheck.scan":
-      return wrapResponse(await runCliCommand("scan", projectPath, args));
-    case "vibecheck.ctx":
-      return wrapResponse(await runCliCommand("ctx", projectPath, args));
-
-    // Truth Firewall / Evidence
-    case "vibecheck.get_truthpack":
-    case "vibecheck.validate_claim":
-    case "vibecheck.compile_context":
-    case "vibecheck.search_evidence":
-    case "vibecheck.find_counterexamples":
-    case "vibecheck.check_invariants":
-      return await handleTruthFirewallTool(name, args, projectPath);
-    
-    // Proof Artifacts
-    case "vibecheck.evidence_pack":
-      return await handleEvidencePack(projectPath, args);
-    case "vibecheck.allowlist":
-      return await handleAllowlist(projectPath, args);
-    
-    // Runtime
-    case "vibecheck.reality":
-      return await handleReality(projectPath, args);
-    
-    // Proof Tools
-    case "vibecheck.prove":
-    case "vibecheck.prove_status":
-    case "vibecheck.get_evidence":
-    case "vibecheck.check_flaky":
-    case "vibecheck.allowlist_add":
-    case "vibecheck.get_proof_graph":
-      return await handleProofTool(name, { ...args, projectPath });
-    
-    // Utilities
-    case "vibecheck.status":
-      return wrapResponse(await getStatus(projectPath));
-    
-    default:
-      return wrapResponse(null, { error: `Unknown tool: ${name}. Available: ${CONSOLIDATED_TOOLS.map(t => t.name).join(', ')}` });
-  }
-}
-
-// ============================================================================
-// IMPLEMENTATION HELPERS
-// ============================================================================
-
-async function runCliCommand(cmd, projectPath, args) {
-  const binPath = path.join(__dirname, '..', 'bin', 'vibecheck.js');
-  let cmdArgs = [cmd];
-  
-  // Add flags based on args
-  if (args.strict) cmdArgs.push('--strict');
-  if (args.json) cmdArgs.push('--json');
-  if (args.apply) cmdArgs.push('--apply');
-  if (args.promptOnly) cmdArgs.push('--prompt-only');
-  if (args.snapshot) cmdArgs.push('--snapshot');
-  if (args.url) cmdArgs.push('--url', args.url);
-  if (args.auth) cmdArgs.push('--auth', args.auth);
-  if (args.paths) cmdArgs.push('--paths', args.paths);
-  if (args.budget) cmdArgs.push('--budget', args.budget);
-  if (args.profile) cmdArgs.push('--profile', args.profile);
-  
-  try {
-    const result = execSync(`node "${binPath}" ${cmdArgs.join(' ')}`, {
-      cwd: projectPath,
-      encoding: 'utf8',
-      timeout: 120000
-    });
-    
-    // Try to parse JSON output
-    try {
-      return JSON.parse(result);
-    } catch {
-      return { output: result, success: true };
-    }
-  } catch (error) {
-    return {
-      error: error.message,
-      exitCode: error.status,
-      output: error.stdout || error.stderr
-    };
-  }
-}
-
-async function getTruthpack(projectPath, refresh = false) {
-  // Spec path: .vibecheck/truthpack.json
-  const specPath = path.join(projectPath, '.vibecheck', 'truthpack.json');
-  // Legacy path: .vibecheck/truth/truthpack.json
-  const legacyPath = path.join(projectPath, '.vibecheck', 'truth', 'truthpack.json');
-  
-  const truthpackPath = fs.existsSync(specPath) ? specPath : legacyPath;
-  
-  if (refresh || !fs.existsSync(truthpackPath)) {
-    await runCliCommand('ctx', projectPath, {});
-  }
-  
-  // Try spec path first after potential regeneration
-  for (const tpPath of [specPath, legacyPath]) {
-    try {
-      const truthpack = JSON.parse(fs.readFileSync(tpPath, 'utf8'));
-      return {
-        data: truthpack,
-        evidence: [{ file: tpPath.replace(projectPath, '.'), line: 1 }],
-        confidence: 1.0,
-        freshness: truthpack.generatedAt
-      };
-    } catch {}
-  }
-  
-  return { error: 'Truthpack not found. Run vibecheck ctx first.', gaps: ['truthpack_missing'] };
-}
-
-async function getRoutes(projectPath, type = 'all') {
-  const truthpack = await getTruthpack(projectPath);
-  if (truthpack.error) return truthpack;
-  
-  const routes = truthpack.data.routes || {};
-  
-  if (type === 'server') {
-    return { data: routes.server || [], evidence: [], confidence: 0.9 };
-  } else if (type === 'client') {
-    return { data: routes.clientRefs || [], evidence: [], confidence: 0.85 };
-  }
-  
-  return {
-    data: {
-      server: routes.server || [],
-      client: routes.clientRefs || [],
-      gaps: routes.gaps || []
-    },
-    evidence: [],
-    confidence: 0.9
-  };
-}
-
-async function getEnv(projectPath) {
-  const truthpack = await getTruthpack(projectPath);
-  if (truthpack.error) return truthpack;
-  
-  return {
-    data: truthpack.data.env || {},
-    evidence: [],
-    confidence: 0.95
-  };
-}
-
-async function getAuth(projectPath) {
-  const truthpack = await getTruthpack(projectPath);
-  if (truthpack.error) return truthpack;
-  
-  return {
-    data: truthpack.data.auth || {},
-    evidence: [],
-    confidence: 0.85
-  };
-}
-
-async function getBilling(projectPath) {
-  const truthpack = await getTruthpack(projectPath);
-  if (truthpack.error) return truthpack;
-  
-  return {
-    data: truthpack.data.billing || {},
-    evidence: [],
-    confidence: 0.8
-  };
-}
-
-async function validateClaim(projectPath, claim, type) {
-  // Use the claim verifier runner
-  const binPath = path.join(__dirname, '..', 'bin', 'runners', 'runClaimVerifier.js');
-  
-  try {
-    const { validateClaim: verify } = require(binPath);
-    const result = await verify(projectPath, { claim, type });
-    return result;
-  } catch (error) {
-    // Fallback to simple validation
-    const truthpack = await getTruthpack(projectPath);
-    if (truthpack.error) return { valid: 'unknown', reason: truthpack.error };
-    
-    // Simple claim validation based on type
-    if (type === 'route_exists') {
-      const routes = truthpack.data.routes?.server || [];
-      const exists = routes.some(r => r.path === claim || r.path.includes(claim));
-      return {
-        valid: exists,
-        confidence: exists ? 0.9 : 0.7,
-        evidence: exists ? routes.filter(r => r.path.includes(claim)).slice(0, 3) : [],
-        gaps: exists ? [] : [`Route ${claim} not found in server routes`]
-      };
-    }
-    
-    if (type === 'env_var_used') {
-      const vars = truthpack.data.env?.vars || [];
-      const found = vars.find(v => v.name === claim);
-      return {
-        valid: !!found,
-        confidence: found ? 0.95 : 0.8,
-        evidence: found ? [{ file: found.file, line: found.line }] : [],
-        gaps: found ? [] : [`Env var ${claim} not found in codebase`]
-      };
-    }
-    
-    if (type === 'file_exists') {
-      const filePath = path.join(projectPath, claim);
-      const exists = fs.existsSync(filePath);
-      return {
-        valid: exists,
-        confidence: 1.0,
-        evidence: exists ? [{ file: claim, line: 1 }] : [],
-        gaps: exists ? [] : [`File ${claim} does not exist`]
-      };
-    }
-    
-    return { valid: 'unknown', reason: 'Claim type not supported', type };
-  }
-}
-
-async function getEvidence(projectPath, args) {
-  if (args.findingId) {
-    // Get evidence for a specific finding from last ship report
-    const shipPath = path.join(projectPath, '.vibecheck', 'last_ship.json');
-    try {
-      const report = JSON.parse(fs.readFileSync(shipPath, 'utf8'));
-      const finding = report.findings?.find(f => f.id === args.findingId);
-      if (finding) {
-        return {
-          data: finding.evidence || [],
-          finding,
-          confidence: 0.9
-        };
-      }
-    } catch {}
-    return { error: 'Finding not found', findingId: args.findingId };
-  }
-  
-  if (args.file && args.pattern) {
-    // Search for pattern in file
-    const filePath = path.join(projectPath, args.file);
-    try {
-      const content = fs.readFileSync(filePath, 'utf8');
-      const regex = new RegExp(args.pattern, 'gi');
-      const matches = [];
-      let match;
-      while ((match = regex.exec(content)) !== null) {
-        const line = content.substring(0, match.index).split('\n').length;
-        matches.push({
-          file: args.file,
-          line,
-          snippet: match[0],
-          confidence: 0.95
-        });
-      }
-      return { data: matches, confidence: 0.9 };
-    } catch (error) {
-      return { error: error.message };
-    }
-  }
-  
-  return { error: 'Provide either findingId or file+pattern' };
-}
-
-async function getProofGraph(projectPath) {
-  const proofPath = path.join(projectPath, '.vibecheck', 'proof-graph.json');
-  
-  try {
-    const proofGraph = JSON.parse(fs.readFileSync(proofPath, 'utf8'));
-    return {
-      data: proofGraph,
-      confidence: 0.9
-    };
-  } catch {
-    // Generate if not exists
-    await runCliCommand('ship', projectPath, {});
-    try {
-      const proofGraph = JSON.parse(fs.readFileSync(proofPath, 'utf8'));
-      return { data: proofGraph, confidence: 0.9 };
-    } catch {
-      return { error: 'Proof graph not available. Run vibecheck ship first.' };
-    }
-  }
-}
-
-async function getStatus(projectPath) {
-  const shipPath = path.join(projectPath, '.vibecheck', 'last_ship.json');
-  // Check both spec path and legacy path
-  const truthpackPath = path.join(projectPath, '.vibecheck', 'truthpack.json');
-  const legacyTruthpackPath = path.join(projectPath, '.vibecheck', 'truth', 'truthpack.json');
-  
-  const status = {
-    hasShipReport: false,
-    hasTruthpack: false,
-    lastVerdict: null,
-    findingsCount: 0,
-    truthpackAge: null
-  };
-  
-  try {
-    const report = JSON.parse(fs.readFileSync(shipPath, 'utf8'));
-    status.hasShipReport = true;
-    status.lastVerdict = report.meta?.verdict;
-    status.findingsCount = report.findings?.length || 0;
-  } catch {}
-  
-  // Try spec path first, then legacy
-  for (const tpPath of [truthpackPath, legacyTruthpackPath]) {
-    try {
-      const truthpack = JSON.parse(fs.readFileSync(tpPath, 'utf8'));
-      status.hasTruthpack = true;
-      status.truthpackAge = truthpack.generatedAt;
-      break;
-    } catch {}
-  }
-  
-  return { data: status, confidence: 1.0 };
-}
-
-// ============================================================================
-// SPEC-REQUIRED TOOL IMPLEMENTATIONS
-// ============================================================================
-
-async function getContracts(projectPath) {
-  const contractDir = path.join(projectPath, '.vibecheck', 'contracts');
-  const contracts = {};
-  
-  const files = ['routes.json', 'env.json', 'auth.json', 'external.json'];
-  
-  for (const file of files) {
-    const filePath = path.join(contractDir, file);
-    try {
-      contracts[file.replace('.json', '')] = JSON.parse(fs.readFileSync(filePath, 'utf8'));
-    } catch {}
-  }
-  
-  if (Object.keys(contracts).length === 0) {
-    return { 
-      error: 'No contracts found. Run vibecheck ctx sync first.',
-      hint: 'vibecheck ctx sync generates contracts from your truthpack'
-    };
-  }
-  
-  return {
-    data: contracts,
-    files: Object.keys(contracts).map(k => `.vibecheck/contracts/${k}.json`),
-    confidence: 1.0
-  };
-}
-
-async function validatePlan(projectPath, plan) {
-  if (!plan || !Array.isArray(plan)) {
-    return { error: 'Plan must be an array of actions' };
-  }
-  
-  // Load contracts
-  const contractsResult = await getContracts(projectPath);
-  if (contractsResult.error) {
-    return { 
-      valid: 'unknown', 
-      reason: contractsResult.error,
-      hint: 'Generate contracts first with: vibecheck ctx sync'
-    };
-  }
-  
-  const contracts = contractsResult.data;
-  const violations = [];
-  const requiredContractEdits = [];
-  
-  for (const action of plan) {
-    // Check route references
-    if (action.action === 'fetch' || action.action === 'api_call' || action.target?.startsWith('/api/')) {
-      const routeTarget = action.target || action.details?.endpoint;
-      if (routeTarget && contracts.routes?.routes) {
-        const routeExists = contracts.routes.routes.some(r => 
-          r.path === routeTarget || 
-          r.path.replace(/:\w+/g, '[^/]+').match(new RegExp(`^${routeTarget.replace(/:\w+/g, '[^/]+')}$`))
-        );
-        if (!routeExists) {
-          violations.push({
-            type: 'route_not_in_contract',
-            action: action.action,
-            target: routeTarget,
-            message: `Route ${routeTarget} not found in routes contract`,
-            severity: 'BLOCK'
-          });
-          requiredContractEdits.push({
-            contract: 'routes',
-            action: 'add_route',
-            data: { path: routeTarget, method: action.details?.method || 'GET' }
-          });
-        }
-      }
-    }
-    
-    // Check env var references
-    if (action.action === 'use_env' || action.details?.env) {
-      const envVar = action.target || action.details?.env;
-      if (envVar && contracts.env?.vars) {
-        const envExists = contracts.env.vars.some(v => v.name === envVar);
-        if (!envExists) {
-          violations.push({
-            type: 'env_not_in_contract',
-            action: action.action,
-            target: envVar,
-            message: `Env var ${envVar} not declared in env contract`,
-            severity: 'WARN'
-          });
-          requiredContractEdits.push({
-            contract: 'env',
-            action: 'add_var',
-            data: { name: envVar, required: true }
-          });
-        }
-      }
-    }
-  }
-  
-  return {
-    valid: violations.length === 0,
-    violations,
-    requiredContractEdits,
-    checkedActions: plan.length,
-    confidence: 0.9
-  };
-}
-
-async function buildShare(projectPath, missionDir) {
-  const binPath = path.join(__dirname, '..', 'bin', 'vibecheck.js');
-  let cmdArgs = ['share'];
-  if (missionDir) cmdArgs.push('--mission-dir', missionDir);
-  
-  try {
-    const result = execSync(`node "${binPath}" ${cmdArgs.join(' ')}`, {
-      cwd: projectPath,
-      encoding: 'utf8',
-      timeout: 30000
-    });
-    
-    // Read generated files
-    const shareDir = path.join(projectPath, '.vibecheck', 'missions');
-    const files = {};
-    
-    for (const file of ['share.json', 'share.md', 'pr_comment.md']) {
-      // Find latest mission dir
-      try {
-        const dirs = fs.readdirSync(shareDir).filter(d => d.match(/^\d+$/)).sort().reverse();
-        if (dirs.length > 0) {
-          const latestShare = path.join(shareDir, dirs[0], 'share', file);
-          if (fs.existsSync(latestShare)) {
-            files[file] = fs.readFileSync(latestShare, 'utf8');
-          }
-        }
-      } catch {}
-    }
-    
-    return {
-      success: true,
-      output: result,
-      files,
-      confidence: 1.0
-    };
-  } catch (error) {
-    return { error: error.message };
-  }
-}
-
-async function renderPRComment(projectPath, maxFindings = 12) {
-  const shipPath = path.join(projectPath, '.vibecheck', 'last_ship.json');
-  
-  try {
-    const report = JSON.parse(fs.readFileSync(shipPath, 'utf8'));
-    const verdict = report.meta?.verdict || 'unknown';
-    const findings = report.findings || [];
-    
-    // Build PR comment markdown
-    const severityCounts = { BLOCK: 0, WARN: 0, INFO: 0 };
-    for (const f of findings) {
-      severityCounts[f.severity] = (severityCounts[f.severity] || 0) + 1;
-    }
-    
-    const verdictEmoji = verdict === 'SHIP' ? '✅' : verdict === 'WARN' ? '⚠️' : '🛑';
-    
-    let md = `## vibecheck — ${verdictEmoji} ${verdict}\n\n`;
-    md += `**Reality summary:** BLOCK=${severityCounts.BLOCK} • WARN=${severityCounts.WARN}\n\n`;
-    
-    const topFindings = findings
-      .filter(f => f.severity === 'BLOCK' || f.severity === 'WARN')
-      .slice(0, maxFindings);
-    
-    if (topFindings.length === 0) {
-      md += `✅ No blockers. Ship it.\n`;
-    } else {
-      md += `### Top findings\n`;
-      for (const f of topFindings) {
-        md += `- **${f.severity}** \`${f.id}\` — ${f.title}\n`;
-        const ev = (f.evidence || [])[0];
-        if (ev?.file) {
-          md += `  - Evidence: \`${ev.file}:${ev.lines}\` (${ev.reason})\n`;
-        }
-        const hint = (f.fixHints || [])[0];
-        if (hint) md += `  - Fix: ${hint}\n`;
-      }
-      
-      if (findings.length > topFindings.length) {
-        md += `\n_…and ${findings.length - topFindings.length} more finding(s). See \`.vibecheck/last_ship.json\` for full details._\n`;
-      }
-    }
-    
-    return {
-      markdown: md,
-      verdict,
-      findingsCount: findings.length,
-      confidence: 1.0
-    };
-  } catch (error) {
-    return { error: 'No ship report found. Run vibecheck ship first.' };
-  }
-}
-
-// ============================================================================
-// PROOF ARTIFACT HANDLERS
-// ============================================================================
-
-async function handleEvidencePack(projectPath, args) {
-  try {
-    // Try to import the evidence-pack module
-    const evidencePackPath = path.join(path.dirname(new URL(import.meta.url).pathname), '..', 'bin', 'runners', 'lib', 'evidence-pack.js');
-    
-    // For Windows, fix the path
-    const normalizedPath = process.platform === 'win32' 
-      ? evidencePackPath.replace(/^\/([A-Za-z]):/, '$1:')
-      : evidencePackPath;
-    
-    let evidencePack;
-    try {
-      evidencePack = await import(`file://${normalizedPath}`);
-    } catch {
-      // Fall back to CLI command
-      return wrapResponse(await runCliCommand("evidence-pack", projectPath, args));
-    }
-    
-    const pack = await evidencePack.buildEvidencePack(projectPath, {
-      includeVideos: args.includeVideos !== false,
-      includeTraces: args.includeTraces !== false,
-      includeScreenshots: args.includeScreenshots !== false,
-      applyAllowlist: args.applyAllowlist !== false
-    });
-    
-    return wrapResponse({
-      packId: pack.id,
-      manifestPath: pack.manifestPath,
-      zipPath: pack.zipPath,
-      summary: pack.summary
-    }, {
-      evidence: pack.manifest.findings.slice(0, 5).map(f => ({
-        file: f.where?.file,
-        line: f.where?.line,
-        snippet: f.what,
-        confidence: f.confidence
-      }))
-    });
-  } catch (error) {
-    return wrapResponse(null, { error: error.message });
-  }
-}
-
-async function handleAllowlist(projectPath, args) {
-  try {
-    const evidencePackPath = path.join(path.dirname(new URL(import.meta.url).pathname), '..', 'bin', 'runners', 'lib', 'evidence-pack.js');
-    const normalizedPath = process.platform === 'win32' 
-      ? evidencePackPath.replace(/^\/([A-Za-z]):/, '$1:')
-      : evidencePackPath;
-    
-    let evidencePack;
-    try {
-      evidencePack = await import(`file://${normalizedPath}`);
-    } catch {
-      return wrapResponse(null, { error: 'Evidence pack module not available' });
-    }
-    
-    const action = args.action || 'list';
-    
-    switch (action) {
-      case 'list': {
-        const allowlist = evidencePack.loadAllowlist(projectPath);
-        return wrapResponse({
-          entries: allowlist.entries || [],
-          lastUpdated: allowlist.lastUpdated
-        });
-      }
-      
-      case 'add': {
-        if (!args.findingId && !args.pattern) {
-          return wrapResponse(null, { error: 'Either findingId or pattern is required' });
-        }
-        
-        const entry = evidencePack.addToAllowlist(projectPath, {
-          findingId: args.findingId,
-          pattern: args.pattern,
-          reason: args.reason || 'Added via MCP tool',
-          scope: args.scope || 'global',
-          addedBy: 'mcp'
-        });
-        
-        return wrapResponse({
-          added: entry,
-          message: `Added allowlist entry: ${entry.id}`
-        });
-      }
-      
-      case 'remove': {
-        if (!args.findingId) {
-          return wrapResponse(null, { error: 'findingId is required for remove action' });
-        }
-        
-        const allowlist = evidencePack.loadAllowlist(projectPath);
-        const before = allowlist.entries.length;
-        allowlist.entries = allowlist.entries.filter(e => e.id !== args.findingId && e.findingId !== args.findingId);
-        evidencePack.saveAllowlist(projectPath, allowlist);
-        
-        return wrapResponse({
-          removed: before - allowlist.entries.length,
-          remaining: allowlist.entries.length
-        });
-      }
-      
-      case 'check': {
-        if (!args.findingId) {
-          return wrapResponse(null, { error: 'findingId is required for check action' });
-        }
-        
-        const allowlist = evidencePack.loadAllowlist(projectPath);
-        const result = evidencePack.isAllowlisted({ id: args.findingId }, allowlist);
-        
-        return wrapResponse({
-          allowed: result.allowed,
-          reason: result.reason,
-          entryId: result.entry?.id
-        });
-      }
-      
-      default:
-        return wrapResponse(null, { error: `Unknown action: ${action}` });
-    }
-  } catch (error) {
-    return wrapResponse(null, { error: error.message });
-  }
-}
-
-async function handleReality(projectPath, args) {
-  try {
-    if (!args.url) {
-      return wrapResponse(null, { error: 'url is required' });
-    }
-    
-    const cmdArgs = {
-      url: args.url,
-      projectPath,
-      json: true
-    };
-    
-    if (args.auth) cmdArgs.auth = args.auth;
-    if (args.recordVideo) cmdArgs['--video'] = true;
-    if (args.recordTrace) cmdArgs['--trace'] = true;
-    if (args.maxPages) cmdArgs.maxPages = args.maxPages;
-    
-    // Build CLI command
-    const binPath = path.join(path.dirname(new URL(import.meta.url).pathname), '..', 'bin', 'vibecheck.js');
-    const normalizedBinPath = process.platform === 'win32' 
-      ? binPath.replace(/^\/([A-Za-z]):/, '$1:')
-      : binPath;
-    
-    let cliArgs = ['reality', '--url', args.url, '--json'];
-    if (args.auth) cliArgs.push('--auth', args.auth);
-    if (args.recordVideo) cliArgs.push('--video');
-    if (args.recordTrace) cliArgs.push('--trace');
-    if (args.maxPages) cliArgs.push('--max-pages', String(args.maxPages));
-    
-    const result = execSync(`node "${normalizedBinPath}" ${cliArgs.join(' ')}`, {
-      cwd: projectPath,
-      encoding: 'utf8',
-      timeout: 300000 // 5 minutes for runtime tests
-    });
-    
-    try {
-      const parsed = JSON.parse(result);
-      return wrapResponse(parsed, {
-        evidence: (parsed.findings || []).slice(0, 5).map(f => ({
-          file: f.file,
-          line: f.line,
-          snippet: f.title,
-          confidence: f.confidence || 0.8
-        }))
-      });
-    } catch {
-      return wrapResponse({ output: result });
-    }
-  } catch (error) {
-    return wrapResponse(null, { 
-      error: error.message,
-      output: error.stdout || error.stderr 
-    });
-  }
-}
-
-export default { CONSOLIDATED_TOOLS, handleConsolidatedTool, wrapResponse };