@vibecheckai/cli 3.9.1 → 4.0.0

package/mcp-server/tools-v3.js

@@ -1,1004 +0,0 @@
-/**
- * vibecheck MCP Tools v3 - Consolidated Tools
- * 
- * ═══════════════════════════════════════════════════════════════════════════
- * TIER MODEL - Aligned with CLI entitlements-v2.js
- * ═══════════════════════════════════════════════════════════════════════════
- * 
- * Simple 2-tier model:
- * - FREE ($0): Inspect & Observe (10 tools)
- * - PRO ($49/mo): Fix, Prove & Enforce (18 tools)
- * 
- * PRO includes:
- * - Authority System (verdicts, approvals)
- * - Agent Conductor (multi-agent coordination)
- * - Agent Firewall (enforce mode)
- */
-
-import fs from 'fs/promises';
-import path from 'path';
-import { execSync } from 'child_process';
-import { createRequire } from 'module';
-
-// Import cache wrapper for persistent caching
-const require = createRequire(import.meta.url);
-const { executeCachedCliCommand, ToolCache } = require('./lib/cache-wrapper.cjs');
-
-// Import tier auth for consistent tier checking
-import { 
-  FREE_TOOLS, 
-  PRO_TOOLS, 
-  OPTION_GATES,
-  getMcpToolAccess,
-  notEntitledError,
-  optionNotEntitledError,
-  ERROR_CODES,
-  isPro as tierAuthIsPro,
-  getDevModeOverride,
-} from './tier-auth.js';
-
-/**
- * Check if developer mode bypass is allowed.
- * SECURITY: VIBECHECK_DEV_PRO is ONLY allowed in non-production environments.
- * Uses centralized function from tier-auth.js
- */
-function isDevProBypassAllowed() {
-  return getDevModeOverride().enabled;
-}
-
-// =============================================================================
-// TIER SYSTEM - Uses tier-auth.js as single source of truth
-// =============================================================================
-
-/**
- * TOOL_TIERS - Derived from tier-auth.js for consistency
- * This ensures MCP tools-v3.js and tier-auth.js stay in sync
- */
-const TOOL_TIERS = {};
-
-// Populate from FREE_TOOLS
-for (const tool of FREE_TOOLS) {
-  TOOL_TIERS[tool] = 'free';
-}
-
-// Populate from PRO_TOOLS  
-for (const tool of PRO_TOOLS) {
-  TOOL_TIERS[tool] = 'pro';
-}
-
-function isPro(tier) {
-  if (isDevProBypassAllowed()) return true;
-  return tier === 'pro';
-}
-
-/**
- * Check tier access with proper ErrorEnvelope support
- */
-function checkTierAccess(toolName, userTier, args = {}) {
-  // Developer mode bypass (blocked in production)
-  if (isDevProBypassAllowed()) {
-    return { allowed: true };
-  }
-  
-  const required = TOOL_TIERS[toolName] || 'pro';
-  
-  // Check tool-level access
-  if (required === 'pro' && !isPro(userTier)) {
-    return {
-      allowed: false,
-      error: notEntitledError(toolName, userTier, 'pro'),
-    };
-  }
-  
-  // Check option-level access
-  const gates = OPTION_GATES[toolName];
-  if (gates && args) {
-    for (const [option, requiredTier] of Object.entries(gates)) {
-      if (typeof requiredTier === 'object') {
-        const argValue = args[option];
-        if (argValue && requiredTier[argValue] === 'pro' && !isPro(userTier)) {
-          return {
-            allowed: false,
-            error: optionNotEntitledError(toolName, `${option}=${argValue}`, userTier, 'pro'),
-          };
-        }
-      } else if (args[option] === true && requiredTier === 'pro' && !isPro(userTier)) {
-        return {
-          allowed: false,
-          error: optionNotEntitledError(toolName, option, userTier, 'pro'),
-        };
-      }
-    }
-  }
-  
-  return { allowed: true };
-}
-
-// =============================================================================
-// TOOL DEFINITIONS
-// =============================================================================
-
-export const MCP_TOOLS_V3 = [
-  // ═══════════════════════════════════════════════════════════════════════════
-  // FREE TOOLS - Inspect & Observe
-  // ═══════════════════════════════════════════════════════════════════════════
-  
-  {
-    name: "vibecheck.scan",
-    description: `🔍 Scan codebase for issues
-
-Scans for:
-- Missing routes (client refs to non-existent endpoints)
-- Env gaps (used but undeclared env vars)
-- Ghost auth (unprotected sensitive endpoints)
-- Dead UI (buttons that do nothing)
-- Security issues
-
-Response includes cacheStats: { hit, reusedFindingsCount, durationMs }
-
-[FREE]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Project path" },
-        categories: {
-          type: "array",
-          items: { type: "string" },
-          description: "Categories: routes, env, auth, billing, security",
-        },
-        since: {
-          type: "string",
-          description: "ISO timestamp for incremental scan (only re-scan changed files)",
-        },
-        noCache: {
-          type: "boolean",
-          description: "Bypass cache lookup",
-          default: false,
-        },
-      },
-    },
-  },
-
-  {
-    name: "vibecheck.ctx",
-    description: `📦 Generate truth context for AI agents
-
-Returns verified facts about:
-- routes: Server routes and client references
-- env: Environment variables (used, declared, gaps)
-- auth: Authentication model and protected routes
-- billing: Payment gates and enforcement
-
-Use this BEFORE making assertions about the codebase.
-
-[FREE]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", description: "Project path" },
-        scope: {
-          type: "string",
-          enum: ["all", "routes", "env", "auth", "billing"],
-          description: "What to include",
-          default: "all",
-        },
-      },
-    },
-  },
-
-  {
-    name: "vibecheck.verify",
-    description: `✅ Verify AI-generated code before applying
-
-Checks for:
-- Secrets in code
-- Dangerous commands
-- Path traversal
-- Incomplete stubs
-- Hallucinated imports
-
-[FREE]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        code: { type: "string", description: "Code to verify" },
-        file: { type: "string", description: "Target file path" },
-        projectPath: { type: "string", description: "Project path" },
-      },
-      required: ["code"],
-    },
-  },
-
-  {
-    name: "vibecheck.report",
-    description: `📄 Generate reports
-
-Formats: html, md, sarif, json
-
-[FREE]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string" },
-        format: { type: "string", enum: ["html", "md", "sarif", "json"], default: "html" },
-      },
-    },
-  },
-
-  {
-    name: "vibecheck.status",
-    description: `📊 Check vibecheck status and health [FREE]`,
-    inputSchema: {
-      type: "object",
-      properties: { projectPath: { type: "string" } },
-    },
-  },
-
-  {
-    name: "vibecheck.doctor",
-    description: `🩺 Diagnose and fix environment issues
-Response includes cacheStats: { hit, reusedFindingsCount, durationMs }
-[FREE]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string" },
-        fix: { type: "boolean", default: false },
-        noCache: {
-          type: "boolean",
-          description: "Bypass cache lookup",
-          default: false,
-        },
-      },
-    },
-  },
-
-  {
-    name: "vibecheck.firewall",
-    description: `🛡️ Agent Firewall - observe mode
-
-Validates AI code changes against repo truth.
-FREE tier: Observe only (logs but doesn't block).
-PRO tier: Enforce mode (blocks violations).
-
-[FREE - observe mode]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        action: { type: "string", enum: ["check", "status", "log"] },
-        code: { type: "string" },
-        file: { type: "string" },
-      },
-    },
-  },
-
-  {
-    name: "authority.list",
-    description: `📋 List available authorities [FREE]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        tier: { type: "string", enum: ["free", "pro"] },
-      },
-    },
-  },
-
-  {
-    name: "authority.classify",
-    description: `📊 Inventory Authority - analyze duplication and legacy code [FREE]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string", default: "." },
-        includeNear: { type: "boolean", default: true },
-        format: { type: "string", enum: ["json", "table", "markdown"], default: "json" },
-      },
-    },
-  },
-
-  {
-    name: "vibecheck_conductor_status",
-    description: `📡 Get multi-agent coordination status [FREE]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectRoot: { type: "string" },
-        includeDetails: { type: "boolean", default: false },
-      },
-      required: ["projectRoot"],
-    },
-  },
-
-  {
-    name: "vibecheck.get_next_action",
-    description: `🎯 Get next best action recommendation
-
-Returns what the user should do next based on project state.
-Uses the same logic as CLI/Web/VS Code for consistency.
-
-Response:
-- action: string (init, scan, ship, fix, etc.)
-- command: string (full CLI command)
-- why: string (explanation)
-- dashboardLink: string (URL to view in dashboard)
-- timeEstimate: string (~30 seconds, ~45 seconds, etc.)
-- requiredTier: string (free or pro)
-- priority: string (high, medium, low)
-- upgradeHint: object (if action requires upgrade)
-
-[FREE]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { 
-          type: "string", 
-          description: "Project path to analyze", 
-          default: "." 
-        },
-        currentTier: { 
-          type: "string", 
-          enum: ["free", "pro"], 
-          description: "User's current tier",
-          default: "free" 
-        },
-      },
-    },
-  },
-
-  // ═══════════════════════════════════════════════════════════════════════════
-  // PRO TOOLS - Fix, Prove & Enforce
-  // ═══════════════════════════════════════════════════════════════════════════
-
-  {
-    name: "vibecheck.ship",
-    description: `🚀 Get ship verdict: SHIP | WARN | BLOCK
-
-Returns evidence-backed verdict.
-Response includes cacheStats: { hit, reusedFindingsCount, durationMs }
-
-[PRO - $49/mo]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string" },
-        strict: { type: "boolean" },
-        since: {
-          type: "string",
-          description: "ISO timestamp for incremental check (only re-check changed files)",
-        },
-        noCache: {
-          type: "boolean",
-          description: "Bypass cache lookup",
-          default: false,
-        },
-      },
-    },
-  },
-
-  {
-    name: "vibecheck.fix",
-    description: `🔧 AI-powered fixes with proof
-
-Modes: plan, apply, loop
-
-[PRO - $49/mo]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string" },
-        mode: { type: "string", enum: ["plan", "apply", "loop"], default: "plan" },
-        findingIds: { type: "array", items: { type: "string" } },
-      },
-    },
-  },
-
-  {
-    name: "vibecheck.prove",
-    description: `🔬 Full proof loop with runtime verification
-
-[PRO - $49/mo]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string" },
-        url: { type: "string" },
-        maxIterations: { type: "number", default: 5 },
-        recordVideo: { type: "boolean", default: true },
-      },
-    },
-  },
-
-  {
-    name: "vibecheck.gate",
-    description: `🚧 CI/CD enforcement - fail builds on issues [PRO - $49/mo]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string" },
-        strict: { type: "boolean" },
-      },
-    },
-  },
-
-  {
-    name: "vibecheck.badge",
-    description: `🏷️ Generate ship badge [PRO - $49/mo]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string" },
-        outputPath: { type: "string" },
-      },
-    },
-  },
-
-  {
-    name: "vibecheck.reality",
-    description: `🧪 Full runtime verification with auth boundary testing [PRO - $49/mo]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        url: { type: "string" },
-        auth: { type: "string" },
-        headed: { type: "boolean" },
-        maxPages: { type: "number", default: 20 },
-      },
-      required: ["url"],
-    },
-  },
-
-  {
-    name: "vibecheck.ai_test",
-    description: `🤖 AI agent testing - autonomous exploration [PRO - $49/mo]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        url: { type: "string" },
-        goal: { type: "string" },
-        maxActions: { type: "number", default: 50 },
-      },
-      required: ["url"],
-    },
-  },
-
-  {
-    name: "vibecheck.share",
-    description: `📤 Generate PR/review bundle [PRO - $49/mo]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectPath: { type: "string" },
-        format: { type: "string", enum: ["github", "gitlab", "slack", "json"], default: "github" },
-      },
-    },
-  },
-
-  // ═══════════════════════════════════════════════════════════════════════════
-  // AUTHORITY SYSTEM (PRO)
-  // ═══════════════════════════════════════════════════════════════════════════
-
-  {
-    name: "authority.approve",
-    description: `🛡️ Authority Approval - Execute authority & get verdict (PROCEED/STOP/DEFER)
-
-Execute an authority to get a structured verdict with proofs.
-
-[PRO - $49/mo]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        authority: { type: "string", description: "Authority ID (e.g., 'safe-consolidation')" },
-        projectPath: { type: "string", default: "." },
-        dryRun: { type: "boolean", default: false },
-      },
-      required: ["authority"],
-    },
-  },
-
-  // ═══════════════════════════════════════════════════════════════════════════
-  // AGENT CONDUCTOR (PRO) - Multi-Agent Coordination
-  // ═══════════════════════════════════════════════════════════════════════════
-
-  {
-    name: "vibecheck_conductor_register",
-    description: `📡 Register AI agent for multi-agent coordination
-
-Call this at the start of any multi-agent workflow.
-
-[PRO - $49/mo]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        agentId: { type: "string", description: "Agent ID (e.g., 'cursor', 'copilot')" },
-        projectRoot: { type: "string" },
-        workingFiles: { type: "array", items: { type: "string" } },
-      },
-      required: ["agentId", "projectRoot"],
-    },
-  },
-
-  {
-    name: "vibecheck_conductor_acquire_lock",
-    description: `🔒 Acquire lock on file/folder for exclusive access
-
-Prevents concurrent modifications by other agents.
-
-[PRO - $49/mo]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        sessionId: { type: "string" },
-        path: { type: "string" },
-        type: { type: "string", enum: ["exclusive", "shared"], default: "exclusive" },
-        reason: { type: "string" },
-      },
-      required: ["sessionId", "path"],
-    },
-  },
-
-  {
-    name: "vibecheck_conductor_release_lock",
-    description: `🔓 Release a previously acquired lock [PRO - $49/mo]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        lockId: { type: "string" },
-        sessionId: { type: "string" },
-      },
-      required: ["lockId", "sessionId"],
-    },
-  },
-
-  {
-    name: "vibecheck_conductor_propose",
-    description: `📋 Submit change proposal for multi-agent coordination
-
-Checks for conflicts with other agents before proceeding.
-
-[PRO - $49/mo]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        sessionId: { type: "string" },
-        proposalId: { type: "string" },
-        intent: { type: "string" },
-        operations: {
-          type: "array",
-          items: {
-            type: "object",
-            properties: {
-              type: { type: "string", enum: ["create", "modify", "delete", "move"] },
-              path: { type: "string" },
-              content: { type: "string" },
-            },
-          },
-        },
-        projectRoot: { type: "string" },
-      },
-      required: ["sessionId", "proposalId", "intent", "operations", "projectRoot"],
-    },
-  },
-
-  {
-    name: "vibecheck_conductor_terminate",
-    description: `🛑 Terminate agent session and release all locks [PRO - $49/mo]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        sessionId: { type: "string" },
-      },
-      required: ["sessionId"],
-    },
-  },
-
-  // ═══════════════════════════════════════════════════════════════════════════
-  // AGENT FIREWALL (PRO) - Enforce Mode
-  // ═══════════════════════════════════════════════════════════════════════════
-
-  {
-    name: "vibecheck_agent_firewall_intercept",
-    description: `🛡️ Agent Firewall (Sentinel) - ENFORCE MODE
-
-Intercepts AI code changes and validates against repo truth.
-Blocks violations. Generates proof artifacts.
-
-Features:
-- Reality state validation (routes, env, services)
-- Risk scoring (surface area, blast radius)
-- Diff simulation (broken imports, orphaned files)
-- Assumption verification
-- Proof artifact generation
-
-Call BEFORE any file write operations.
-
-[PRO - $49/mo]`,
-    inputSchema: {
-      type: "object",
-      required: ["agentId", "filePath", "content"],
-      properties: {
-        agentId: { type: "string", description: "Agent ID" },
-        filePath: { type: "string", description: "File to write" },
-        content: { type: "string", description: "New content" },
-        operation: { type: "string", enum: ["create", "modify", "delete"], default: "modify" },
-        intent: { type: "string", description: "What this change accomplishes" },
-        projectRoot: { type: "string" },
-      },
-    },
-  },
-
-  // ═══════════════════════════════════════════════════════════════════════════
-  // INTENT FIREWALL v2 (PRO) - Intent-Aware BLOCKING Enforcement
-  // ═══════════════════════════════════════════════════════════════════════════
-
-  {
-    name: "vibecheck_intent_firewall_intercept",
-    description: `🛡️ Intent-Aware Firewall v2 - BLOCKING enforcement
-
-Intercepts AI code changes and BLOCKS unless:
-1. User intent is declared (via vibecheck intent set)
-2. Changes align with declared intent
-3. Reality proofs pass
-
-⚠️ If no intent is declared, ALL CHANGES ARE BLOCKED.
-
-This is enforcement infrastructure that cannot be bypassed.
-Declare intent BEFORE making AI changes:
-  vibecheck intent set -s "Your intent"
-
-Returns: { decision: "PASS"|"BLOCK", violations, intent_hash }
-
-[PRO - $49/mo]`,
-    inputSchema: {
-      type: "object",
-      required: ["agentId", "filePath", "content"],
-      properties: {
-        agentId: { type: "string", description: "Agent ID" },
-        filePath: { type: "string", description: "File to write" },
-        content: { type: "string", description: "New content" },
-        oldContent: { type: "string", description: "Old content (for diff)" },
-        intent: { type: "string", description: "Agent's stated intent (NOT user intent)" },
-        projectRoot: { type: "string" },
-      },
-    },
-  },
-
-  {
-    name: "vibecheck_intent_status",
-    description: `📋 Get current intent status for Agent Firewall v2
-
-Shows whether intent is declared and what changes are allowed.
-Use this BEFORE making AI changes to understand constraints.
-
-Returns: { hasIntent, summary, constraints, allowed_changes, hash }
-
-[FREE]`,
-    inputSchema: {
-      type: "object",
-      properties: {
-        projectRoot: { type: "string", default: "." },
-      },
-    },
-  },
-];
-
-// =============================================================================
-// TOOL HANDLERS
-// =============================================================================
-
-/**
- * Handle v3 tool execution with tier checking and ErrorEnvelope support
- */
-export async function handleToolV3(toolName, args, context = {}) {
-  const userTier = context.tier || 'free';
-  
-  // Check access with option-level gates
-  const access = checkTierAccess(toolName, userTier, args);
-  if (!access.allowed) {
-    // Return proper ErrorEnvelope format
-    return { 
-      ok: false,
-      error: access.error,
-      tier: userTier,
-      required: access.error?.required || 'pro',
-    };
-  }
-  
-  const projectPath = args.projectPath || process.cwd();
-  
-  try {
-    switch (toolName) {
-      case 'vibecheck.scan':
-      case 'vibecheck.ctx':
-      case 'vibecheck.report':
-      case 'vibecheck.status':
-      case 'vibecheck.doctor':
-      case 'vibecheck.ship':
-      case 'vibecheck.fix':
-      case 'vibecheck.prove':
-      case 'vibecheck.gate':
-      case 'vibecheck.badge':
-      case 'vibecheck.reality':
-      case 'vibecheck.ai_test':
-      case 'vibecheck.share':
-        return await runCliCommand(projectPath, toolName.replace('vibecheck.', ''), args);
-      
-      case 'vibecheck.verify':
-        return await verifyCode(args);
-      
-      case 'vibecheck.firewall':
-        return await firewallCheck(args, userTier);
-      
-      case 'authority.list':
-      case 'authority.classify':
-      case 'authority.approve':
-        return await runCliCommand(projectPath, toolName.replace('authority.', 'authority '), args);
-      
-      case 'vibecheck_conductor_status':
-      case 'vibecheck_conductor_register':
-      case 'vibecheck_conductor_acquire_lock':
-      case 'vibecheck_conductor_release_lock':
-      case 'vibecheck_conductor_propose':
-      case 'vibecheck_conductor_terminate':
-        return await handleConductorTool(toolName, args, userTier);
-      
-      case 'vibecheck_agent_firewall_intercept':
-        return await handleFirewallIntercept(args, userTier);
-      
-      case 'vibecheck.get_next_action':
-        return await handleGetNextAction(projectPath, userTier);
-      
-      default:
-        return { 
-          ok: false,
-          error: { 
-            code: 'TOOL_NOT_FOUND', 
-            message: `Unknown tool: ${toolName}`,
-            retryable: false,
-          } 
-        };
-    }
-  } catch (error) {
-    return { 
-      ok: false,
-      error: { 
-        code: 'INTERNAL_ERROR', 
-        message: error.message,
-        retryable: true,
-      } 
-    };
-  }
-}
-
-// =============================================================================
-// IMPLEMENTATIONS
-// =============================================================================
-
-// Cacheable tools
-const CACHEABLE_TOOLS = new Set(['scan', 'ship', 'polish', 'doctor']);
-
-async function runCliCommand(projectPath, command, args, options = {}) {
-  const flags = Object.entries(args)
-    .filter(([k, v]) => k !== 'projectPath' && v !== undefined && v !== null)
-    .map(([k, v]) => {
-      if (typeof v === 'boolean') return v ? `--${k}` : '';
-      if (Array.isArray(v)) return `--${k} ${v.join(',')}`;
-      return `--${k} "${v}"`;
-    })
-    .filter(Boolean)
-    .join(' ');
-
-  // Check if this tool supports caching
-  const isCacheable = CACHEABLE_TOOLS.has(command);
-  const useCache = isCacheable && options.useCache !== false && !args.noCache;
-
-  if (useCache) {
-    // Use cached execution
-    return executeCachedCliCommand(
-      projectPath,
-      command,
-      () => {
-        const result = execSync(
-          `npx vibecheck ${command} --json ${flags}`,
-          { cwd: projectPath, encoding: 'utf8', timeout: 300000 }
-        );
-        try {
-          return JSON.parse(result);
-        } catch {
-          return { output: result, findings: [], verdict: null, metadata: {} };
-        }
-      },
-      {
-        useCache: true,
-        forceRefresh: args.forceRefresh || false,
-        vibecheckVersion: '3.3.0',
-      }
-    );
-  }
-
-  // Non-cacheable execution
-  const result = execSync(
-    `npx vibecheck ${command} --json ${flags}`,
-    { cwd: projectPath, encoding: 'utf8', timeout: 300000 }
-  );
-  
-  try {
-    const parsed = JSON.parse(result);
-    // Add empty cacheStats for consistency
-    return {
-      ...parsed,
-      cacheStats: { hit: false, reusedFindingsCount: 0, durationMs: 0 },
-    };
-  } catch {
-    return { output: result, cacheStats: { hit: false, reusedFindingsCount: 0, durationMs: 0 } };
-  }
-}
-
-async function verifyCode(args) {
-  const { code } = args;
-  const issues = [];
-  
-  if (/(?:password|secret|api_?key|token)\s*[:=]\s*['"][^'"]+['"]/i.test(code)) {
-    issues.push({ type: 'secret', message: 'Possible hardcoded secret' });
-  }
-  if (/eval\s*\(|Function\s*\(/.test(code)) {
-    issues.push({ type: 'danger', message: 'eval() or Function() detected' });
-  }
-  if (/TODO|FIXME|XXX|HACK/i.test(code)) {
-    issues.push({ type: 'stub', message: 'Incomplete code stub' });
-  }
-  
-  return { verified: issues.length === 0, issues };
-}
-
-async function firewallCheck(args, tier) {
-  const mode = tier === 'pro' ? 'enforce' : 'observe';
-  return {
-    mode,
-    checked: true,
-    message: mode === 'observe' 
-      ? 'Agent Firewall in observe mode (FREE). Upgrade to PRO for enforce mode.'
-      : 'Agent Firewall in enforce mode (PRO).',
-  };
-}
-
-async function handleConductorTool(toolName, args, tier) {
-  // For full conductor features, require PRO
-  if (toolName !== 'vibecheck_conductor_status' && tier !== 'pro') {
-    return {
-      error: 'Full Conductor features require PRO. Upgrade at https://vibecheckai.dev/pricing'
-    };
-  }
-  
-  // Import and delegate to conductor handlers
-  try {
-    const { 
-      handleConductorRegister, 
-      handleConductorAcquireLock,
-      handleConductorReleaseLock,
-      handleConductorPropose,
-      handleConductorStatus,
-      handleConductorTerminate,
-    } = await import('./conductor/tools.js');
-    
-    switch (toolName) {
-      case 'vibecheck_conductor_status':
-        return await handleConductorStatus(args);
-      case 'vibecheck_conductor_register':
-        return await handleConductorRegister(args);
-      case 'vibecheck_conductor_acquire_lock':
-        return await handleConductorAcquireLock(args);
-      case 'vibecheck_conductor_release_lock':
-        return await handleConductorReleaseLock(args);
-      case 'vibecheck_conductor_propose':
-        return await handleConductorPropose(args);
-      case 'vibecheck_conductor_terminate':
-        return await handleConductorTerminate(args);
-      default:
-        return { error: `Unknown conductor tool: ${toolName}` };
-    }
-  } catch (error) {
-    return { error: `Conductor not available: ${error.message}` };
-  }
-}
-
-async function handleFirewallIntercept(args, tier) {
-  if (tier !== 'pro') {
-    return {
-      allowed: true,
-      mode: 'observe',
-      message: 'Firewall intercept in observe mode (FREE). Changes logged but not blocked.',
-      violations: [],
-    };
-  }
-  
-  // Import and delegate to firewall interceptor
-  try {
-    const { interceptFileWrite } = await import('./agent-firewall-interceptor.js');
-    return await interceptFileWrite(args);
-  } catch (error) {
-    return { error: `Firewall intercept failed: ${error.message}` };
-  }
-}
-
-/**
- * Handle get_next_action tool - returns recommended next action based on project state
- */
-async function handleGetNextAction(projectPath, tier) {
-  try {
-    // Import the next-action module from CLI
-    const nextActionModule = require('../bin/runners/lib/next-action.js');
-    const result = nextActionModule.getNextActionJson(projectPath, tier);
-    
-    return {
-      ok: true,
-      data: result,
-    };
-  } catch (error) {
-    // Fallback: compute basic next action without the module
-    const statePath = path.join(projectPath, '.vibecheck', 'summary.json');
-    let state = { hasConfig: false, lastScan: null, lastShip: null };
-    
-    try {
-      await fs.access(path.join(projectPath, '.vibecheckrc'));
-      state.hasConfig = true;
-    } catch {}
-    
-    try {
-      const summary = JSON.parse(await fs.readFile(statePath, 'utf-8'));
-      state.lastScan = { verdict: summary.verdict, score: summary.score };
-    } catch {}
-    
-    // Basic next action logic
-    let action, command, why;
-    
-    if (!state.hasConfig) {
-      action = 'init';
-      command = 'vibecheck init';
-      why = 'Project not initialized. Run init to create config.';
-    } else if (!state.lastScan) {
-      action = 'scan';
-      command = 'vibecheck scan';
-      why = 'No scans yet. Run your first scan.';
-    } else if (tier === 'pro') {
-      action = 'ship';
-      command = 'vibecheck ship';
-      why = 'Get your SHIP/WARN/BLOCK verdict.';
-    } else {
-      action = 'report';
-      command = 'vibecheck report';
-      why = 'Generate a report of your scan results.';
-    }
-    
-    return {
-      ok: true,
-      data: {
-        action,
-        command,
-        cliCommand: command,
-        why,
-        dashboardLink: 'https://app.vibecheckai.dev',
-        docsLink: `https://docs.vibecheckai.dev/cli/${action}`,
-        timeEstimate: action === 'scan' ? '~45 seconds' : '~15 seconds',
-        requiredTier: action === 'ship' ? 'pro' : 'free',
-        priority: 'high',
-        upgradeHint: tier === 'free' && action === 'report' ? {
-          feature: 'Ship Verdict',
-          benefit: 'Get SHIP/WARN/BLOCK verdict with evidence',
-          url: 'https://vibecheckai.dev/pricing',
-        } : null,
-      },
-    };
-  }
-}
-
-// =============================================================================
-// EXPORTS
-// =============================================================================
-
-export { TOOL_TIERS, checkTierAccess, isPro };
-
-export default {
-  MCP_TOOLS_V3,
-  handleToolV3,
-  TOOL_TIERS,
-};