@viberaven/cli 0.1.0-beta.1 → 0.1.0-beta.2

package/dist/cli.js

@@ -9,6 +9,10 @@ var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __commonJS = (cb, mod) => function __require() {
   return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
 };
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
 var __copyProps = (to, from, except, desc) => {
   if (from && typeof from === "object" || typeof from === "function") {
     for (let key of __getOwnPropNames(from))
@@ -25,6 +29,7 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
   mod
 ));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // node_modules/picocolors/picocolors.js
 var require_picocolors = __commonJS({
@@ -155,6 +160,12 @@ var require_src = __commonJS({
 });
 
 // src/cli.ts
+var cli_exports = {};
+__export(cli_exports, {
+  formatScanJsonStdout: () => formatScanJsonStdout,
+  parseArgs: () => parseArgs
+});
+module.exports = __toCommonJS(cli_exports);
 var import_node_path8 = require("node:path");
 
 // src/config.ts
@@ -241,8 +252,18 @@ async function loadCredentials() {
       email: typeof parsed.email === "string" ? parsed.email : void 0,
       plan: typeof parsed.plan === "string" ? parsed.plan : void 0
     };
-  } catch {
-    return void 0;
+  } catch (error) {
+    if (error.code !== "ENOENT") {
+      return void 0;
+    }
+    const accessToken = process.env.VIBERAVEN_ACCESS_TOKEN?.trim();
+    if (!accessToken) {
+      return void 0;
+    }
+    return {
+      accessToken,
+      apiBaseUrl: resolveApiBaseUrl()
+    };
   }
 }
 async function saveCredentials(credentials) {
@@ -454,6 +475,16 @@ function isRecord(value) {
   return typeof value === "object" && value !== null && !Array.isArray(value);
 }
 
+// src/statusLabels.ts
+var READY = "READY";
+var LOGIN_REQUIRED = "LOGIN_REQUIRED";
+var UPGRADE_REQUIRED = "UPGRADE_REQUIRED";
+var MANUAL_ACTION_REQUIRED = "MANUAL_ACTION_REQUIRED";
+var ERROR = "ERROR";
+function formatAgentStatus(label, message) {
+  return `${label}: ${message}`;
+}
+
 // src/account.ts
 async function fetchAccountMe(apiBaseUrl, accessToken) {
   const url = `${normalizeBaseUrl(apiBaseUrl)}/v1/account/me`;
@@ -510,8 +541,9 @@ function formatUsageLine(usage) {
 function formatScanLimitMessage(upgradeUrl) {
   return [
     "",
-    "Free scan limit reached. Upgrade to Pro to continue.",
+    formatAgentStatus(UPGRADE_REQUIRED, "Free scan limit reached. Upgrade to Pro to continue."),
     "Your last scan artifacts are unchanged if you already ran a scan in this repo.",
+    "Do not keep retrying this scan until the user upgrades or quota resets.",
     "",
     `Upgrade & account: ${upgradeUrl}`,
     ""
@@ -539,7 +571,7 @@ async function runDeviceLogin(apiBaseUrl) {
       continue;
     }
     if (result.status === "expired") {
-      throw new Error("Sign-in expired. Run `viberaven login` again.");
+      throw new Error(formatAgentStatus(LOGIN_REQUIRED, "Sign-in expired. Ask the user to run `npx -y @viberaven/cli@beta login`, complete browser/device approval, then rerun `npx -y @viberaven/cli@beta scan`."));
     }
     if (result.status === "denied") {
       throw new Error("Sign-in was denied.");
@@ -570,7 +602,7 @@ async function runDeviceLogin(apiBaseUrl) {
       return;
     }
   }
-  throw new Error("Sign-in timed out. Run `viberaven login` again.");
+  throw new Error(formatAgentStatus(LOGIN_REQUIRED, "Sign-in timed out. Ask the user to run `npx -y @viberaven/cli@beta login`, complete browser/device approval, then rerun `npx -y @viberaven/cli@beta scan`."));
 }
 function buildVerificationUrl(verificationUrl, deviceCode) {
   try {
@@ -586,7 +618,7 @@ async function requireCredentials(apiBaseUrl) {
   const creds = await loadCredentials();
   const base = apiBaseUrl ?? creds?.apiBaseUrl ?? resolveApiBaseUrl();
   if (!creds?.accessToken) {
-    throw new Error("Not signed in. Run `viberaven login` first (or set credentials via device flow).");
+    throw new Error(formatAgentStatus(LOGIN_REQUIRED, "Not signed in. Ask the user to run `npx -y @viberaven/cli@beta login`, complete browser/device approval, then rerun `npx -y @viberaven/cli@beta scan`."));
   }
   return { accessToken: creds.accessToken, apiBaseUrl: base };
 }
@@ -1442,6 +1474,17 @@ var PROVIDERS = [
   provider("authjs", "Auth.js", ["authjs", "auth", "nextauth"], ["auth"], ["auth"], "authjs", {
     docsUrl: "https://authjs.dev"
   }),
+  provider("auth0", "Auth0", ["auth0"], ["auth"], ["auth"], "auth0", {
+    docsUrl: "https://auth0.com/docs",
+    dashboardUrl: "https://manage.auth0.com"
+  }),
+  provider("better-auth", "Better Auth", ["betterauth", "better-auth"], ["auth"], ["auth"], "better-auth", {
+    docsUrl: "https://www.better-auth.com/docs"
+  }),
+  provider("firebase", "Firebase", ["firebase", "firestore"], ["database"], ["database"], "firebase", {
+    docsUrl: "https://firebase.google.com/docs",
+    dashboardUrl: "https://console.firebase.google.com"
+  }),
   provider("neon", "Neon", ["neon"], ["database"], ["database"], "neon", {
     docsUrl: "https://neon.tech/docs",
     dashboardUrl: "https://console.neon.tech",
@@ -1511,6 +1554,10 @@ var PROVIDERS = [
     dashboardUrl: "https://polar.sh/dashboard",
     verification: { supportsReadOnly: false }
   }),
+  provider("lemon-squeezy", "Lemon Squeezy", ["lemonsqueezy", "lemon-squeezy", "lemon squeezy"], ["payments"], ["payments"], "lemon-squeezy", {
+    docsUrl: "https://docs.lemonsqueezy.com",
+    dashboardUrl: "https://app.lemonsqueezy.com"
+  }),
   provider("vercel", "Vercel", ["vercel"], ["deployment"], ["deployment"], "vercel", {
     docsUrl: "https://vercel.com/docs",
     dashboardUrl: "https://vercel.com/dashboard",
@@ -1523,7 +1570,7 @@ var PROVIDERS = [
     },
     verification: { supportsReadOnly: true }
   }),
-  provider("netlify", "Netlify", ["netlify"], ["deployment"], [], "netlify", {
+  provider("netlify", "Netlify", ["netlify"], ["deployment"], ["deployment"], "netlify", {
     docsUrl: "https://docs.netlify.com",
     dashboardUrl: "https://app.netlify.com",
     mcp: {
@@ -1535,7 +1582,27 @@ var PROVIDERS = [
     },
     verification: { supportsReadOnly: false }
   }),
-  provider("aws", "AWS", ["aws"], ["deployment"], [], "aws", {
+  provider("render", "Render", ["render", "rendercom"], ["deployment"], ["deployment"], "render", {
+    docsUrl: "https://render.com/docs",
+    dashboardUrl: "https://dashboard.render.com"
+  }),
+  provider("railway", "Railway", ["railway", "railwayapp"], ["deployment"], ["deployment"], "railway", {
+    docsUrl: "https://docs.railway.com",
+    dashboardUrl: "https://railway.com"
+  }),
+  provider("cloudflare", "Cloudflare", ["cloudflare", "cloudflarepages", "workers"], ["deployment"], ["deployment"], "cloudflare", {
+    docsUrl: "https://developers.cloudflare.com",
+    dashboardUrl: "https://dash.cloudflare.com",
+    mcp: {
+      label: "Cloudflare",
+      serverName: "cloudflare-api",
+      vscodeServer: { type: "http", url: "https://mcp.cloudflare.com/mcp" },
+      cursorServer: { url: "https://mcp.cloudflare.com/mcp" },
+      keyInstructions: "Cloudflare MCP uses Cloudflare account authentication. Finish browser sign-in or provide an API token only when prompted."
+    },
+    verification: { supportsReadOnly: true }
+  }),
+  provider("aws", "AWS", ["aws"], ["deployment"], ["deployment"], "aws", {
     docsUrl: "https://docs.aws.amazon.com",
     dashboardUrl: "https://console.aws.amazon.com"
   }),
@@ -1567,6 +1634,18 @@ var PROVIDERS = [
     docsUrl: "https://docs.logrocket.com",
     dashboardUrl: "https://app.logrocket.com"
   }),
+  provider("github", "GitHub Actions", ["github", "githubactions"], ["testing"], [], "github", {
+    docsUrl: "https://docs.github.com/actions",
+    dashboardUrl: "https://github.com",
+    mcp: {
+      label: "GitHub",
+      serverName: "github",
+      vscodeServer: { type: "http", url: "https://api.githubcopilot.com/mcp/" },
+      cursorServer: { url: "https://api.githubcopilot.com/mcp/" },
+      keyInstructions: "GitHub MCP should use IDE/GitHub authentication. Use read-only repository, Actions, and branch-protection queries for verification."
+    },
+    verification: { supportsReadOnly: true }
+  }),
   provider("playwright", "Playwright", ["playwright", "playwrighttest"], ["testing"], [], "playwright", {
     docsUrl: "https://playwright.dev/docs/intro",
     mcp: {
@@ -1590,7 +1669,7 @@ var PROVIDERS = [
     },
     verification: { supportsReadOnly: false }
   }),
-  provider("bot-protection", "Bot protection", ["botprotection", "cloudflareturnstile", "turnstile", "cloudflare"], ["security"], ["security"], "bot-protection", {
+  provider("bot-protection", "Bot protection", ["botprotection", "cloudflareturnstile", "turnstile"], ["security"], ["security"], "bot-protection", {
     docsUrl: "https://developers.cloudflare.com/turnstile",
     dashboardUrl: "https://dash.cloudflare.com",
     mcp: {
@@ -1773,6 +1852,269 @@ function titleizeProvider(provider2) {
   );
 }
 
+// ../../src/station/verificationLayer/types.ts
+function providerCheckId(provider2, checkKey) {
+  return `${provider2}:${checkKey}`;
+}
+var PROVIDER_CONNECTION_BLOCKS_VERIFY = [
+  "not_configured",
+  "configured",
+  "unknown_runtime",
+  "unsupported"
+];
+function coerceProviderVerificationStatus(status, connectionState) {
+  if (status !== "verified") {
+    return status;
+  }
+  if (PROVIDER_CONNECTION_BLOCKS_VERIFY.includes(connectionState)) {
+    return connectionState === "not_configured" || connectionState === "configured" ? "needs_mcp" : "unknown";
+  }
+  return status;
+}
+function mapVerificationStatusToMissionStatus(status) {
+  switch (status) {
+    case "verified":
+      return "passed";
+    case "missing":
+      return "missing";
+    case "unknown":
+      return "unknown";
+    case "needs_mcp":
+      return "needs-connection";
+    case "manual":
+      return "manual-required";
+    default:
+      return "failed";
+  }
+}
+function mapEvidenceSourceToLegacyEvidenceClass(source, status) {
+  if (source === "repo") {
+    return status === "verified" ? "repo-verified" : "missing-repo-fix";
+  }
+  if (source === "manual") {
+    return "manual-dashboard";
+  }
+  if (source === "mcp") {
+    return "mcp-verifier";
+  }
+  return "mcp-verifier";
+}
+function isProviderLayerCheck(check) {
+  return check.evidenceSource === "provider" || check.evidenceSource === "mcp";
+}
+function isRepoLayerCheck(check) {
+  return check.evidenceSource === "repo";
+}
+function computeLayerReadinessPercent(checks, layer) {
+  const filtered = checks.filter(
+    (check) => layer === "repo" ? isRepoLayerCheck(check) : isProviderLayerCheck(check)
+  );
+  if (filtered.length === 0) {
+    return 100;
+  }
+  const verified = filtered.filter((check) => check.status === "verified").length;
+  return Math.round(verified / filtered.length * 100);
+}
+function aggregateReadinessPercents(providerResults) {
+  if (providerResults.length === 0) {
+    return { repoReadinessPercent: 100, providerReadinessPercent: 100 };
+  }
+  const repoSum = providerResults.reduce((sum, r) => sum + r.repoReadinessPercent, 0);
+  const providerSum = providerResults.reduce((sum, r) => sum + r.providerReadinessPercent, 0);
+  return {
+    repoReadinessPercent: Math.round(repoSum / providerResults.length),
+    providerReadinessPercent: Math.round(providerSum / providerResults.length)
+  };
+}
+
+// ../../src/station/verificationLayer/mergeIntoMissionGraph.ts
+var PROVIDER_WIRING_KEY = {
+  vercel: "vercel-deployment",
+  supabase: "supabase-database",
+  stripe: "stripe-payments"
+};
+function mergeVerificationIntoMissionGraph(graph, layer) {
+  const providerMissions = graph.areas.flatMap((area) => area.providerMissions);
+  const missionByKey = new Map(providerMissions.map((mission) => [mission.key, mission]));
+  for (const layerCheck of layer.checks) {
+    if (layerCheck.evidenceSource === "repo") {
+      continue;
+    }
+    const mission = resolveTargetMission(graph, missionByKey, layerCheck);
+    if (!mission) {
+      continue;
+    }
+    if (mission.checks.some((check) => check.verificationCheckId === layerCheck.id || check.id === missionRowId(layerCheck.id))) {
+      continue;
+    }
+    mission.checks.push(verificationCheckToMissionCheck(layerCheck, mission));
+  }
+  recomputeMissionReadiness(providerMissions);
+  const areas = rebuildAreas(providerMissions);
+  return {
+    ...graph,
+    areas,
+    byArea: areas.reduce((acc, area) => {
+      acc[area.key] = area;
+      return acc;
+    }, {}),
+    byProvider: providerMissions.reduce((acc, mission) => {
+      acc[mission.key] = mission;
+      return acc;
+    }, {}),
+    verificationLayer: layer
+  };
+}
+function resolveTargetMission(graph, missionByKey, layerCheck) {
+  const wiringKey = PROVIDER_WIRING_KEY[layerCheck.provider];
+  if (wiringKey) {
+    return missionByKey.get(wiringKey) ?? graph.byProvider[wiringKey];
+  }
+  if (layerCheck.provider === "github") {
+    return missionByKey.get("vitest-testing") ?? missionByKey.get("playwright-testing") ?? ensureGitHubMission(graph, missionByKey, layerCheck.area);
+  }
+  return void 0;
+}
+function ensureGitHubMission(graph, missionByKey, area) {
+  const key = "vitest-testing";
+  const existing = missionByKey.get(key);
+  if (existing) {
+    return existing;
+  }
+  const mission = {
+    key,
+    provider: "vitest",
+    providerLabel: "GitHub Actions",
+    area,
+    promptSubject: "GitHub Actions CI",
+    readinessPercent: 0,
+    repoReadinessPercent: 100,
+    providerReadinessPercent: 0,
+    checks: []
+  };
+  missionByKey.set(key, mission);
+  const areaEntry = graph.areas.find((entry) => entry.key === area);
+  if (areaEntry) {
+    areaEntry.providerMissions.push(mission);
+  }
+  return mission;
+}
+function missionRowId(verificationCheckId) {
+  return `vl-${verificationCheckId}`;
+}
+function verificationCheckToMissionCheck(layerCheck, mission) {
+  const evidenceClass = legacyEvidenceClassFor(layerCheck);
+  const status = mapVerificationStatusToMissionStatus(layerCheck.status);
+  return {
+    id: missionRowId(layerCheck.id),
+    label: layerCheck.title,
+    providerKey: mission.key,
+    providerLabel: mission.providerLabel,
+    area: layerCheck.area,
+    evidenceClass,
+    status,
+    evidence: [...layerCheck.repoSignals, ...layerCheck.providerSignals, ...layerCheck.evidenceRefs],
+    promptHint: layerCheck.manualAction ?? layerCheck.description,
+    evidenceSource: layerCheck.evidenceSource,
+    verificationStatus: layerCheck.status,
+    verificationCheckId: layerCheck.id
+  };
+}
+function legacyEvidenceClassFor(layerCheck) {
+  return mapEvidenceSourceToLegacyEvidenceClass(layerCheck.evidenceSource, layerCheck.status);
+}
+function recomputeMissionReadiness(missions) {
+  for (const mission of missions) {
+    mission.repoReadinessPercent = readinessPercentForRepoChecks(mission.checks);
+    mission.providerReadinessPercent = readinessPercentForProviderChecks(mission.checks);
+    mission.readinessPercent = mission.repoReadinessPercent;
+  }
+}
+function readinessPercentForRepoChecks(checks) {
+  const repoChecks = checks.filter(isRepoLayerMissionCheck);
+  if (repoChecks.length === 0) {
+    return 100;
+  }
+  const verified = repoChecks.filter((check) => isVerifiedMissionCheck(check)).length;
+  return Math.round(verified / repoChecks.length * 100);
+}
+function readinessPercentForProviderChecks(checks) {
+  const providerChecks = checks.filter(isProviderLayerMissionCheck);
+  if (providerChecks.length === 0) {
+    return 100;
+  }
+  const verified = providerChecks.filter((check) => isVerifiedMissionCheck(check)).length;
+  return Math.round(verified / providerChecks.length * 100);
+}
+function isRepoLayerMissionCheck(check) {
+  if (check.evidenceSource === "provider" || check.evidenceSource === "mcp" || check.evidenceSource === "manual") {
+    return false;
+  }
+  if (check.evidenceSource === "repo") {
+    return true;
+  }
+  return check.evidenceClass === "repo-verified" || check.evidenceClass === "missing-repo-fix";
+}
+function isProviderLayerMissionCheck(check) {
+  if (check.evidenceSource === "provider" || check.evidenceSource === "mcp") {
+    return true;
+  }
+  return check.evidenceClass === "mcp-verifier";
+}
+function isVerifiedMissionCheck(check) {
+  if (check.verificationStatus) {
+    return check.verificationStatus === "verified";
+  }
+  return check.status === "passed" || check.status === "user-confirmed";
+}
+function rebuildAreas(providerMissions) {
+  const byArea = /* @__PURE__ */ new Map();
+  for (const mission of providerMissions) {
+    const list = byArea.get(mission.area) ?? [];
+    list.push(mission);
+    byArea.set(mission.area, list);
+  }
+  const AREA_LABELS2 = {
+    appFlow: "App Flow",
+    frontend: "Frontend",
+    backend: "Backend / API",
+    database: "Database",
+    auth: "Auth",
+    payments: "Payments",
+    deployment: "Deployment",
+    monitoring: "Monitoring",
+    security: "Security",
+    testing: "Testing",
+    landing: "Landing / Onboarding",
+    errorHandling: "Error Handling"
+  };
+  return [...byArea.entries()].map(([key, missions]) => {
+    const repoChecks = missions.flatMap((m2) => m2.checks).filter(isRepoLayerMissionCheck);
+    const providerChecks = missions.flatMap((m2) => m2.checks).filter(isProviderLayerMissionCheck);
+    const repoReadinessPercent = percentVerified(repoChecks);
+    const providerReadinessPercent = percentVerified(providerChecks);
+    const criticalCount = missions.flatMap((m2) => m2.checks).filter(
+      (check) => isProviderLayerMissionCheck(check) && (check.verificationStatus === "missing" || check.status === "missing" || check.status === "failed")
+    ).length;
+    return {
+      key,
+      label: AREA_LABELS2[key],
+      readinessPercent: repoReadinessPercent,
+      repoReadinessPercent,
+      providerReadinessPercent,
+      criticalCount,
+      providerMissions: missions
+    };
+  });
+}
+function percentVerified(checks) {
+  if (checks.length === 0) {
+    return 100;
+  }
+  const verified = checks.filter((check) => isVerifiedMissionCheck(check)).length;
+  return Math.round(verified / checks.length * 100);
+}
+
 // ../../src/station/missionGraph.ts
 var AREA_LABELS = {
   appFlow: "App Flow",
@@ -1802,13 +2144,14 @@ function buildMissionGraph(input) {
     acc[area.key] = area;
     return acc;
   }, {});
-  return {
+  const graph = {
     areas,
     byArea,
     byProvider,
     repositoryEvidence: input.repositoryEvidence,
     ...input.staticInfrastructureFlowGraph ? { staticInfrastructureFlowGraph: input.staticInfrastructureFlowGraph } : {}
   };
+  return input.verificationLayer ? mergeVerificationIntoMissionGraph(graph, input.verificationLayer) : graph;
 }
 function toProviderMission(summary) {
   const checks = summary.items.map((item3) => toMissionCheck(summary, item3));
@@ -1832,6 +2175,8 @@ function toProviderMission(summary) {
     area: summary.area,
     promptSubject: summary.promptSubject,
     readinessPercent: summary.readinessPercent,
+    repoReadinessPercent: summary.readinessPercent,
+    providerReadinessPercent: checks.some((check) => check.evidenceClass === "mcp-verifier") ? 0 : 100,
     checks
   };
 }
@@ -1969,6 +2314,10 @@ function buildAreas(providerMissions) {
       key,
       label: AREA_LABELS[key],
       readinessPercent: Math.round(passed / Math.max(actionableChecks.length, 1) * 100),
+      repoReadinessPercent: Math.round(passed / Math.max(actionableChecks.length, 1) * 100),
+      providerReadinessPercent: missions.some(
+        (mission) => mission.checks.some((check) => check.evidenceClass === "mcp-verifier")
+      ) ? 0 : 100,
       criticalCount: missing,
       providerMissions: missions
     };
@@ -2130,6 +2479,17 @@ var PROVIDER_RULES = [
     imports: ["@supabase/supabase-js", "@supabase/ssr"],
     docs: ["supabase"]
   },
+  {
+    area: "database",
+    provider: "firebase",
+    label: "Firebase",
+    packages: [/^firebase$/, /^firebase-admin$/, /@firebase\//],
+    env: ["FIREBASE_PROJECT_ID", "NEXT_PUBLIC_FIREBASE_PROJECT_ID", "VITE_FIREBASE_PROJECT_ID", "GOOGLE_APPLICATION_CREDENTIALS"],
+    paths: [/firebase/, /firestore/],
+    imports: ["firebase/app", "firebase/firestore", "firebase-admin"],
+    content: [{ pattern: /getFirestore\s*\(|collection\s*\(|firebase-admin/i, signal: "code: Firebase/Firestore usage" }],
+    docs: ["firebase", "firestore"]
+  },
   {
     area: "database",
     provider: "neon",
@@ -2182,10 +2542,33 @@ var PROVIDER_RULES = [
     label: "Auth.js",
     packages: [/^next-auth$/, /^@auth\//],
     env: ["AUTH_SECRET", "NEXTAUTH_SECRET", "NEXTAUTH_URL"],
-    paths: [/(^|\/)auth\.[jt]s$/, /api\/auth\//],
+    paths: [/api\/auth\//],
     imports: ["next-auth", "@auth/core", "@auth/nextjs"],
+    content: [{ pattern: /NextAuth\s*\(|getServerSession|useSession\s*\(/i, signal: "code: Auth.js session or route handler" }],
     docs: ["auth.js", "nextauth", "next-auth"]
   },
+  {
+    area: "auth",
+    provider: "auth0",
+    label: "Auth0",
+    packages: [/@auth0\//],
+    env: ["AUTH0_SECRET", "AUTH0_ISSUER_BASE_URL", "AUTH0_CLIENT_ID", "AUTH0_CLIENT_SECRET", "AUTH0_DOMAIN"],
+    paths: [/api\/auth/, /auth0/],
+    imports: ["@auth0/nextjs-auth0", "@auth0/auth0-react", "express-openid-connect"],
+    content: [{ pattern: /handleAuth|withPageAuthRequired|withApiAuthRequired|getSession/i, signal: "code: Auth0 session or route protection" }],
+    docs: ["auth0"]
+  },
+  {
+    area: "auth",
+    provider: "better-auth",
+    label: "Better Auth",
+    packages: [/^better-auth$/],
+    env: ["BETTER_AUTH_SECRET", "BETTER_AUTH_URL", "AUTH_SECRET", "DATABASE_URL"],
+    paths: [/better-auth/, /auth\.[jt]s$/],
+    imports: ["better-auth"],
+    content: [{ pattern: /betterAuth\s*\(|auth\.api|auth\.handler/i, signal: "code: Better Auth config" }],
+    docs: ["better auth", "better-auth"]
+  },
   {
     area: "payments",
     provider: "stripe",
@@ -2206,6 +2589,28 @@ var PROVIDER_RULES = [
     imports: ["@paddle/paddle-js", "@paddle/paddle-node-sdk"],
     docs: ["paddle"]
   },
+  {
+    area: "payments",
+    provider: "polar",
+    label: "Polar",
+    packages: [/@polar-sh\//],
+    env: ["POLAR_ACCESS_TOKEN", "POLAR_WEBHOOK_SECRET", "POLAR_PRODUCT_ID", "POLAR_PRO_PRODUCT_ID"],
+    paths: [/polar.*webhook/, /webhook.*polar/, /polar.*checkout/, /checkout.*polar/],
+    imports: ["@polar-sh/sdk"],
+    content: [{ pattern: /api\.polar\.sh|polar.*checkout|createCheckoutSession/i, signal: "code: Polar checkout or API usage" }],
+    docs: ["polar"]
+  },
+  {
+    area: "payments",
+    provider: "lemon-squeezy",
+    label: "Lemon Squeezy",
+    packages: [/@lemonsqueezy\//, /^lemonsqueezy\.ts$/],
+    env: ["LEMON_SQUEEZY_API_KEY", "LEMONSQUEEZY_API_KEY", "LEMON_SQUEEZY_WEBHOOK_SECRET", "LEMON_SQUEEZY_STORE_ID", "LEMON_SQUEEZY_VARIANT_ID"],
+    paths: [/lemon.*webhook/, /webhook.*lemon/, /lemon.*checkout/, /checkout.*lemon/, /lemonsqueezy/],
+    imports: ["@lemonsqueezy/lemonsqueezy.js", "lemonsqueezy.ts"],
+    content: [{ pattern: /api\.lemonsqueezy\.com|lemon.*checkout|checkout_url|variant_id/i, signal: "code: Lemon Squeezy checkout or API usage" }],
+    docs: ["lemon squeezy", "lemonsqueezy"]
+  },
   {
     area: "deployment",
     provider: "vercel",
@@ -2215,6 +2620,55 @@ var PROVIDER_RULES = [
     paths: [/vercel\.json$/],
     docs: ["vercel"]
   },
+  {
+    area: "deployment",
+    provider: "netlify",
+    label: "Netlify",
+    packages: [/@netlify\//],
+    env: ["NETLIFY_AUTH_TOKEN", "NETLIFY_SITE_ID"],
+    paths: [/netlify\.toml$/, /\.netlify\//, /(^|\/)_redirects$/],
+    imports: ["@netlify/functions"],
+    docs: ["netlify"]
+  },
+  {
+    area: "deployment",
+    provider: "render",
+    label: "Render",
+    env: ["RENDER_API_KEY", "RENDER_SERVICE_ID"],
+    paths: [/render\.ya?ml$/, /(^|\/)\.render\//],
+    content: [{ pattern: /render\.yaml|render\.yml|render deploy|render service/i, signal: "code: Render deployment config" }],
+    docs: ["render.com", "render deployment"]
+  },
+  {
+    area: "deployment",
+    provider: "railway",
+    label: "Railway",
+    env: ["RAILWAY_TOKEN", "RAILWAY_PROJECT_ID", "RAILWAY_SERVICE_ID"],
+    paths: [/railway\.json$/, /nixpacks\.toml$/, /(^|\/)Procfile$/],
+    content: [{ pattern: /railway up|railway deploy|nixpacks|railway\.json/i, signal: "code: Railway deployment config" }],
+    docs: ["railway"]
+  },
+  {
+    area: "deployment",
+    provider: "cloudflare",
+    label: "Cloudflare",
+    packages: [/^wrangler$/, /@cloudflare\//],
+    env: ["CLOUDFLARE_API_TOKEN", "CLOUDFLARE_ACCOUNT_ID", "CF_PAGES"],
+    paths: [/wrangler\.toml$/, /wrangler\.json$/, /(^|\/)_headers$/, /(^|\/)_redirects$/],
+    imports: ["@cloudflare/workers-types"],
+    content: [{ pattern: /compatibility_date|pages_build_output_dir|cloudflare pages|cloudflare workers/i, signal: "code: Cloudflare Pages/Workers config" }],
+    docs: ["cloudflare", "workers", "pages"]
+  },
+  {
+    area: "deployment",
+    provider: "aws",
+    label: "AWS",
+    packages: [/@aws-sdk\//, /^aws-cdk-lib$/, /^serverless$/],
+    env: ["AWS_REGION", "AWS_ACCESS_KEY_ID"],
+    paths: [/serverless\.ya?ml$/, /template\.ya?ml$/, /cdk\.json$/, /amplify\//],
+    imports: ["aws-sdk", "@aws-sdk/client"],
+    docs: ["aws", "amplify", "serverless"]
+  },
   {
     area: "monitoring",
     provider: "sentry",
@@ -3894,8 +4348,11 @@ function analyzeStackWiring(scan) {
     analyzeSecretsHygiene(ctx),
     analyzeClerkAuth(ctx),
     analyzeAuthJsAuth(ctx),
+    analyzeAuth0Auth(ctx),
+    analyzeBetterAuth(ctx),
     analyzeSupabaseAuth(ctx),
     supabaseDatabase,
+    analyzeFirebaseDatabase(ctx),
     analyzeNeonDatabase(ctx),
     analyzeTursoDatabase(ctx),
     analyzeMongoDatabase(ctx),
@@ -3903,8 +4360,12 @@ function analyzeStackWiring(scan) {
     analyzeStripePayments(ctx),
     analyzePaddlePayments(ctx),
     analyzePolarPayments(ctx),
+    analyzeLemonSqueezyPayments(ctx),
     analyzeVercelDeployment(ctx),
     analyzeNetlifyDeployment(ctx),
+    analyzeRenderDeployment(ctx),
+    analyzeRailwayDeployment(ctx),
+    analyzeCloudflareDeployment(ctx),
     analyzeAwsDeployment(ctx),
     analyzeSupabaseLanding(ctx),
     analyzePostHogMonitoring(ctx),
@@ -4175,6 +4636,44 @@ function analyzeAuthJsAuth(ctx) {
     ]
   });
 }
+function analyzeAuth0Auth(ctx) {
+  return summarize({
+    key: "auth0-auth",
+    provider: "auth0",
+    providerLabel: "Auth0",
+    area: "auth",
+    areaLabel: "Auth",
+    promptSubject: "Auth0 auth",
+    items: [
+      item2("package-installed", "Auth0 package installed", hasPackage2(ctx, [/@auth0\//]), packageEvidence2(ctx, [/@auth0\//]), "Install the Auth0 package that matches this framework."),
+      item2("env-names-documented", "Auth0 env names documented", /auth0_secret|auth0_issuer_base_url|auth0_client_id|auth0_client_secret|auth0_domain/i.test(ctx.contentBlob), envEvidence2(ctx, [/auth0_secret/i, /auth0_issuer_base_url/i, /auth0_client_id/i, /auth0_client_secret/i, /auth0_domain/i]), "Document Auth0 issuer/domain, client ID, client secret, and app secret env names in safe examples."),
+      item2("auth-route-found", "Auth0 callback or auth route found", /api\/auth|auth0|handleauth|callback/i.test(ctx.pathBlob + "\n" + ctx.contentBlob), pathEvidence2(ctx, /api\/auth|callback/i).concat(fileEvidence(ctx, /auth0|handleauth|callback/i)), "Expose the Auth0 callback/login/logout routes required by this framework."),
+      item2("session-usage-found", "Auth0 session usage found", /getsession|withapirequiredauth|withpagerequiredauth|useuser\s*\(/i.test(ctx.contentBlob), fileEvidence(ctx, /getsession|withapirequiredauth|withpagerequiredauth|useuser\s*\(/i), "Use Auth0 session checks around authenticated app routes and API handlers."),
+      item2("route-protection-found", "Protected route evidence found", /withpagerequiredauth|withapirequiredauth|middleware|protected|requires?auth/i.test(ctx.contentBlob + "\n" + ctx.pathBlob), fileEvidence(ctx, /withpagerequiredauth|withapirequiredauth|middleware|protected|requires?auth/i), "Protect private routes with Auth0 middleware or server session guards."),
+      secretSafetyItem(ctx, "secret-not-exposed", "Auth0 secrets not exposed to frontend", /auth0_client_secret|auth0_secret/i, "Keep Auth0 secrets in server-only env and never expose them through public env variables."),
+      manualItem("production-dashboard-checked", "Production Auth0 app checked", "Confirm callback URLs, logout URLs, allowed origins, social connections, MFA, and production domain in Auth0.")
+    ]
+  });
+}
+function analyzeBetterAuth(ctx) {
+  return summarize({
+    key: "better-auth-auth",
+    provider: "better-auth",
+    providerLabel: "Better Auth",
+    area: "auth",
+    areaLabel: "Auth",
+    promptSubject: "Better Auth",
+    items: [
+      item2("package-installed", "Better Auth package installed", hasPackage2(ctx, [/^better-auth$/]), packageEvidence2(ctx, [/^better-auth$/]), "Install Better Auth for this app framework."),
+      item2("env-names-documented", "Better Auth env names documented", /better_auth_secret|better_auth_url|auth_secret|database_url/i.test(ctx.contentBlob), envEvidence2(ctx, [/better_auth_secret/i, /better_auth_url/i, /auth_secret/i, /database_url/i]), "Document BETTER_AUTH_SECRET, BETTER_AUTH_URL, and database env names in safe examples."),
+      item2("auth-config-found", "Better Auth config found", /betterauth\s*\(|better-auth|auth\.api|auth\.handler/i.test(ctx.contentBlob + "\n" + ctx.pathBlob), fileEvidence(ctx, /betterauth\s*\(|better-auth|auth\.api|auth\.handler/i), "Add a central Better Auth config and route handler."),
+      item2("database-adapter-found", "Auth database adapter or schema found", /database|adapter|drizzle|prisma|schema|migration/i.test(ctx.contentBlob + "\n" + ctx.pathBlob), fileEvidence(ctx, /adapter|drizzle|prisma|schema|migration/i), "Persist Better Auth users/sessions through a real database adapter and migrations."),
+      item2("session-usage-found", "Session usage found", /getsession|usesession|auth\.api\.getsession|session/i.test(ctx.contentBlob), fileEvidence(ctx, /getsession|usesession|auth\.api\.getsession|session/i), "Use Better Auth session reads around private product routes."),
+      secretSafetyItem(ctx, "secret-not-exposed", "Better Auth secret not exposed to frontend", /better_auth_secret|auth_secret/i, "Keep Better Auth secrets in server-only env and never expose them through public env variables."),
+      manualItem("production-auth-checked", "Production auth settings checked", "Confirm production base URL, trusted origins, OAuth apps, email settings, and session policy.")
+    ]
+  });
+}
 function analyzeSupabaseAuth(ctx) {
   return summarize({
     key: "supabase-auth",
@@ -4252,6 +4751,38 @@ function analyzePolarPayments(ctx) {
     ]
   });
 }
+function analyzeLemonSqueezyPayments(ctx) {
+  return summarize({
+    key: "lemon-squeezy-payments",
+    provider: "lemon-squeezy",
+    providerLabel: "Lemon Squeezy",
+    area: "payments",
+    areaLabel: "Payments",
+    promptSubject: "Lemon Squeezy payments",
+    items: [
+      item2("api-client-found", "Lemon Squeezy SDK or API client found", hasPackage2(ctx, [/@lemonsqueezy\//, /^lemonsqueezy\.ts$/]) || /api\.lemonsqueezy\.com|lemonsqueezy|lemon_squeezy/i.test(ctx.contentBlob), packageEvidence2(ctx, [/@lemonsqueezy\//, /^lemonsqueezy\.ts$/]).concat(fileEvidence(ctx, /api\.lemonsqueezy\.com|lemonsqueezy|lemon_squeezy/i)), "Add a server-side Lemon Squeezy API client for checkout and subscription state."),
+      item2("env-names-documented", "Lemon Squeezy env names documented", /lemon_squeezy_api_key|lemonsqueezy_api_key|lemon_squeezy_webhook_secret|lemon_squeezy_store_id|lemon_squeezy_variant_id/i.test(ctx.contentBlob), envEvidence2(ctx, [/lemon_squeezy_api_key/i, /lemonsqueezy_api_key/i, /lemon_squeezy_webhook_secret/i, /lemon_squeezy_store_id/i, /lemon_squeezy_variant_id/i]), "Document Lemon Squeezy API key, webhook secret, store ID, and variant/product ID env names."),
+      item2("checkout-found", "Lemon Squeezy checkout flow found", /lemon.*checkout|checkout.*lemon|checkout_url|variant_id|store_id/i.test(ctx.contentBlob + "\n" + ctx.pathBlob), fileEvidence(ctx, /lemon.*checkout|checkout.*lemon|checkout_url|variant_id|store_id/i), "Create a checkout URL/session flow for paid plans."),
+      item2("webhook-route-found", "Lemon Squeezy webhook route found", /lemon.*webhook|webhook.*lemon|lemonsqueezy.*webhook/i.test(ctx.pathBlob + "\n" + ctx.contentBlob), pathEvidence2(ctx, /lemon.*webhook|webhook.*lemon|lemonsqueezy.*webhook/i).concat(fileEvidence(ctx, /lemonsqueezy.*webhook|lemon.*webhook/i)), "Add a Lemon Squeezy webhook route for order/subscription lifecycle events."),
+      item2("webhook-signature-found", "Lemon Squeezy webhook verification found", /x-signature|lemon_squeezy_webhook_secret|verify.*lemon|webhook.*signature/i.test(ctx.contentBlob), fileEvidence(ctx, /x-signature|lemon_squeezy_webhook_secret|verify.*lemon|webhook.*signature/i), "Verify Lemon Squeezy webhook signatures before processing billing events."),
+      secretSafetyItem(ctx, "secret-not-exposed", "Lemon Squeezy secret not exposed to frontend", /lemon_squeezy_api_key|lemonsqueezy_api_key|lemon_squeezy_webhook_secret/i, "Move Lemon Squeezy API keys and webhook secrets to server-only code."),
+      manualItem("production-dashboard-checked", "Production Lemon Squeezy store checked", "Confirm products, variants, tax/merchant settings, license keys if used, and webhook URL in Lemon Squeezy.")
+    ]
+  });
+}
+function analyzeFirebaseDatabase(ctx) {
+  return databaseSummary(ctx, {
+    key: "firebase-database",
+    provider: "firebase",
+    providerLabel: "Firebase",
+    promptSubject: "Firebase database",
+    packagePatterns: [/^firebase$/, /^firebase-admin$/, /@firebase\//],
+    envPatterns: [/firebase_project_id/i, /firestore_database_url/i, /next_public_firebase/i, /vite_firebase/i, /google_application_credentials/i],
+    usagePatterns: [/firebase\/firestore/i, /getfirestore\s*\(|collection\s*\(|doc\s*\(|firebase-admin/i],
+    manualLabel: "Production Firebase project checked",
+    manualHint: "Confirm production project, Firestore rules, indexes, backups, service account scope, and billing limits in Firebase."
+  });
+}
 function analyzeNeonDatabase(ctx) {
   return databaseSummary(ctx, {
     key: "neon-database",
@@ -4344,6 +4875,72 @@ function analyzeNetlifyDeployment(ctx) {
     ]
   });
 }
+function analyzeRenderDeployment(ctx) {
+  const base = deploymentSummary(ctx, {
+    key: "render-deployment",
+    provider: "render",
+    providerLabel: "Render",
+    promptSubject: "Render deployment",
+    packagePatterns: [],
+    configPatterns: [/render\.ya?ml/i, /(^|\n|\/)\.render\//i],
+    envPatterns: [/render_api_key/i, /render_service_id/i],
+    manualLabel: "Production Render service checked",
+    manualHint: "Confirm service type, build/start commands, env groups, health checks, custom domain, autoscaling, and rollback strategy in Render."
+  });
+  const servicePattern = /render\.ya?ml|healthcheckpath|startcommand|buildcommand|envvars|services:\s*|type:\s*web/i;
+  return summarize({
+    ...base,
+    items: [
+      ...base.items.filter((entry) => entry.status !== "manual"),
+      item2("service-config-found", "Render service config found", servicePattern.test(ctx.contentBlob + "\n" + ctx.pathBlob), fileEvidence(ctx, servicePattern).concat(pathEvidence2(ctx, servicePattern)), "Add render.yaml or deployment docs covering service type, commands, health checks, and env groups."),
+      ...base.items.filter((entry) => entry.status === "manual")
+    ]
+  });
+}
+function analyzeRailwayDeployment(ctx) {
+  const base = deploymentSummary(ctx, {
+    key: "railway-deployment",
+    provider: "railway",
+    providerLabel: "Railway",
+    promptSubject: "Railway deployment",
+    packagePatterns: [],
+    configPatterns: [/railway\.json/i, /nixpacks\.toml/i, /(^|\n|\/)Procfile\b/i],
+    envPatterns: [/railway_token/i, /railway_project_id/i, /railway_service_id/i],
+    manualLabel: "Production Railway service checked",
+    manualHint: "Confirm service, variables, start command, volumes/databases, custom domain, deploy policy, and logs in Railway."
+  });
+  const servicePattern = /railway\.json|nixpacks\.toml|railway up|railway deploy|Procfile|startCommand|healthcheck/i;
+  return summarize({
+    ...base,
+    items: [
+      ...base.items.filter((entry) => entry.status !== "manual"),
+      item2("service-config-found", "Railway service config found", servicePattern.test(ctx.contentBlob + "\n" + ctx.pathBlob), fileEvidence(ctx, servicePattern).concat(pathEvidence2(ctx, servicePattern)), "Add Railway/Nixpacks/Procfile config or deployment docs for commands, health checks, and service wiring."),
+      ...base.items.filter((entry) => entry.status === "manual")
+    ]
+  });
+}
+function analyzeCloudflareDeployment(ctx) {
+  const base = deploymentSummary(ctx, {
+    key: "cloudflare-deployment",
+    provider: "cloudflare",
+    providerLabel: "Cloudflare",
+    promptSubject: "Cloudflare deployment",
+    packagePatterns: [/^wrangler$/, /@cloudflare\//],
+    configPatterns: [/wrangler\.toml/i, /wrangler\.json/i, /_headers\b/i, /_redirects\b/i],
+    envPatterns: [/cloudflare_api_token/i, /cloudflare_account_id/i, /cf_pages/i],
+    manualLabel: "Production Cloudflare project checked",
+    manualHint: "Confirm Pages/Workers project, DNS, routes, compatibility date, env vars/secrets, cache rules, and rollback settings in Cloudflare."
+  });
+  const edgePattern = /wrangler\.toml|wrangler\.json|compatibility_date|pages_build_output_dir|workers_dev|routes?\s*=|cloudflare pages|cloudflare workers/i;
+  return summarize({
+    ...base,
+    items: [
+      ...base.items.filter((entry) => entry.status !== "manual"),
+      item2("edge-config-found", "Cloudflare Pages or Workers config found", edgePattern.test(ctx.contentBlob + "\n" + ctx.pathBlob), fileEvidence(ctx, edgePattern).concat(pathEvidence2(ctx, edgePattern)), "Add Wrangler/Pages config for build output, compatibility date, routes, and edge runtime behavior."),
+      ...base.items.filter((entry) => entry.status === "manual")
+    ]
+  });
+}
 function analyzeAwsDeployment(ctx) {
   const base = deploymentSummary(ctx, {
     key: "aws-deployment",
@@ -5189,48 +5786,758 @@ function providerLabel2(provider2) {
   );
 }
 
-// ../../src/station/orchestrator.ts
-function isScanLimitResult(value) {
-  return value.kind === "scan_limit_reached";
+// ../../src/station/verificationLayer/shared/connection.ts
+var MCP_PROVIDER_MAP = {
+  vercel: "vercel",
+  supabase: "supabase",
+  stripe: "stripe",
+  github: "github"
+};
+function resolveProviderConnectionState(provider2, mcpVerifierState) {
+  const registryProvider = MCP_PROVIDER_MAP[provider2];
+  if (!registryProvider || !mcpVerifierState) {
+    return "unknown_runtime";
+  }
+  const record = mcpVerifierState.records.find((entry) => entry.provider === registryProvider);
+  if (!record) {
+    return "unknown_runtime";
+  }
+  switch (record.status) {
+    case "configured":
+      return "configured";
+    case "missing":
+      return "not_configured";
+    case "unsupported":
+      return "unsupported";
+    case "stale":
+      return "configured";
+    default:
+      return "unknown_runtime";
+  }
 }
-function isManagedRequiredResult(value) {
-  return value.kind === "managed_required";
+function providerResultStatus(input) {
+  if (input.connectionState === "connected") {
+    return input.providerObservationMet ? "verified" : "missing";
+  }
+  if (!input.repoExpectationMet) {
+    return "missing";
+  }
+  if (input.connectionState === "not_configured" || input.connectionState === "configured") {
+    return "needs_mcp";
+  }
+  if (input.connectionState === "unsupported") {
+    return "manual";
+  }
+  return "unknown";
 }
-function isManagedSessionInvalidResult(value) {
-  return value.kind === "managed_session_invalid";
+
+// ../../src/station/verificationLayer/shared/buildCheck.ts
+function buildVerificationCheck(input) {
+  const status = input.evidenceSource === "repo" ? input.repoExpectationMet ? "verified" : "missing" : providerResultStatus({
+    connectionState: input.connectionState,
+    repoExpectationMet: input.repoExpectationMet,
+    providerObservationMet: input.providerObservationMet
+  });
+  return {
+    id: providerCheckId(input.provider, input.checkKey),
+    provider: input.provider,
+    area: input.area,
+    title: input.title,
+    description: input.description,
+    requiredEvidence: input.requiredEvidence ?? [],
+    repoSignals: input.repoSignals,
+    providerSignals: input.providerSignals,
+    evidenceSource: input.evidenceSource,
+    status,
+    fixType: input.fixType,
+    severity: input.severity,
+    evidenceRefs: input.evidenceRefs ?? [],
+    manualAction: input.manualAction
+  };
 }
-function createStationOrchestrator(deps) {
+
+// ../../src/station/verificationLayer/shared/repoSignals.ts
+var ENV_NAME_PATTERN = /\b(?:process\.env|import\.meta\.env)\.([A-Z][A-Z0-9_]{2,})\b/g;
+var ENV_ASSIGNMENT_PATTERN = /^[ \t]*(?:export[ \t]+)?([A-Z][A-Z0-9_]{2,})[ \t]*=/gm;
+var SUPABASE_TABLE_PATTERN = /\.from\s*\(\s*['"]([a-z0-9_]+)['"]\s*\)/gi;
+var STRIPE_WEBHOOK_PATH_PATTERN = /(^|\/)(api\/webhooks\/stripe|api\/stripe\/webhook|webhooks\/stripe)[^/\s]*/i;
+var GITHUB_WORKFLOW_PATTERN = /(^|\/)\.github\/workflows\/([^/\n]+\.ya?ml)/i;
+function buildRepoScanContext(scan) {
+  const files = visibleFiles4(scan);
   return {
-    async run(input) {
-      const allowLocal = Boolean(await deps.isLocalStationFallbackAllowed?.());
-      const scan = await deps.scanWorkspace(input.workspaceRoot);
-      const productionConnectionChoices = await loadProductionConnectionChoices(deps);
-      const productionConnectionEvidence = detectProductionConnectionEvidence(scan);
-      const productionConnections = summarizeProductionConnections(
-        productionConnectionChoices,
-        productionConnectionEvidence
-      );
-      const productionConnectionContext = buildProductionConnectionContext(
-        productionConnectionChoices,
-        productionConnectionEvidence
-      );
-      const verificationSummary = buildVerificationSummary(scan, productionConnections);
-      const verificationEvidenceContext = buildVerificationEvidenceContext(verificationSummary);
-      const stackWiring = analyzeStackWiring(scan);
-      const stackWiringContext = buildStackWiringContext(stackWiring);
-      const repositoryEvidence = analyzeRepositoryEvidence(scan);
-      const providerRegistry = buildProviderRegistrySnapshot();
-      const staticInfrastructureFlowGraph = buildStaticInfrastructureFlowGraph(scan);
-      const stackAutomation = buildStackAutomationSummary(stackWiring, { staticInfrastructureFlowGraph });
-      const stackAutomationContext = buildStackAutomationContext(stackAutomation);
-      const missionGraph = buildMissionGraph({
-        stackWiring,
-        repositoryEvidence,
-        staticInfrastructureFlowGraph
-      });
-      const specContent = await readSpec(input.workspaceRoot);
-      const modelPrompt = buildAnalysisPrompt(
-        scan,
+    files,
+    pathBlob: `${scan.fileTree}
+${scan.files.map((file) => file.path).join("\n")}`.replace(/\\/g, "/"),
+    contentBlob: files.map((file) => file.lowerContent).join("\n"),
+    deps: scan.packageDeps.map((dep) => dep.toLowerCase())
+  };
+}
+function visibleFiles4(scan) {
+  return scan.files.filter((file) => !file.isSecret && typeof file.content === "string").map((file) => ({
+    path: file.path.replace(/\\/g, "/"),
+    normalizedPath: file.path.replace(/\\/g, "/").toLowerCase(),
+    content: file.content,
+    lowerContent: file.content.toLowerCase()
+  }));
+}
+function collectReferencedEnvNames(scan, repositoryEvidence) {
+  const names = /* @__PURE__ */ new Set();
+  for (const entry of repositoryEvidence.env) {
+    if (entry.present || entry.evidence.length > 0) {
+      names.add(entry.name);
+    }
+  }
+  for (const file of visibleFiles4(scan)) {
+    if (!/(^|\/)\.env(\.|$)|env\.example|readme/i.test(file.normalizedPath)) {
+      ENV_NAME_PATTERN.lastIndex = 0;
+      let match;
+      while ((match = ENV_NAME_PATTERN.exec(file.content)) !== null) {
+        names.add(match[1]);
+      }
+    }
+    if (/\.env\.example|env\.example/i.test(file.normalizedPath)) {
+      ENV_ASSIGNMENT_PATTERN.lastIndex = 0;
+      let assignment;
+      while ((assignment = ENV_ASSIGNMENT_PATTERN.exec(file.content)) !== null) {
+        names.add(assignment[1]);
+      }
+    }
+  }
+  const supplemental = collectEnvVarEvidence(scan, [...names]);
+  for (const entry of supplemental) {
+    if (entry.present || entry.evidence.length > 0) {
+      names.add(entry.name);
+    }
+  }
+  return [...names].sort();
+}
+function collectEnvExampleNames(scan) {
+  const names = /* @__PURE__ */ new Set();
+  for (const file of visibleFiles4(scan)) {
+    if (!/\.env\.example|env\.example/i.test(file.normalizedPath)) {
+      continue;
+    }
+    ENV_ASSIGNMENT_PATTERN.lastIndex = 0;
+    let assignment;
+    while ((assignment = ENV_ASSIGNMENT_PATTERN.exec(file.content)) !== null) {
+      names.add(assignment[1]);
+    }
+  }
+  return [...names].sort();
+}
+function hasRlsMigrationEvidence(repo) {
+  return /\/policies\/|_rls\.sql|\brls\b/i.test(repo.pathBlob) || repo.files.some(
+    (file) => /enable\s+row\s+level\s+security|create\s+policy|alter\s+table[\s\S]{0,200}enable\s+row\s+level/i.test(
+      file.content
+    )
+  );
+}
+function collectSupabaseReferencedTables(repo) {
+  const tables = /* @__PURE__ */ new Set();
+  for (const file of repo.files) {
+    SUPABASE_TABLE_PATTERN.lastIndex = 0;
+    let match;
+    while ((match = SUPABASE_TABLE_PATTERN.exec(file.content)) !== null) {
+      tables.add(match[1]);
+    }
+  }
+  return [...tables].sort();
+}
+function findStripeWebhookRoute(repo) {
+  const pathMatch = repo.pathBlob.match(STRIPE_WEBHOOK_PATH_PATTERN);
+  if (pathMatch) {
+    return pathMatch[0].replace(/^\//, "");
+  }
+  const file = repo.files.find((entry) => /stripe.*webhook|webhook.*stripe/i.test(entry.normalizedPath));
+  return file ? file.path : null;
+}
+function hasStripeWebhookSignature(repo) {
+  return /webhooks\.constructevent/i.test(repo.contentBlob);
+}
+function collectStripePriceEnvNames(repo, referencedEnv) {
+  return referencedEnv.filter((name) => /^STRIPE_(PRICE_|PRODUCT_)/i.test(name) || /STRIPE.*PRICE/i.test(name));
+}
+function findGithubWorkflowPaths(repo) {
+  const paths = /* @__PURE__ */ new Set();
+  for (const line of repo.pathBlob.split(/\r?\n/)) {
+    const match = line.match(GITHUB_WORKFLOW_PATTERN);
+    if (match) {
+      paths.add(line.trim());
+    }
+  }
+  return [...paths].sort();
+}
+
+// ../../src/station/verificationLayer/mock/mockGitHubVerifier.ts
+var mockGitHubVerifier = {
+  provider: "github",
+  detectConfig(ctx) {
+    const repo = buildRepoScanContext(ctx.scan);
+    const workflows = findGithubWorkflowPaths(repo);
+    const signals = [];
+    if (ctx.scan.stackSignals.hasCI) {
+      signals.push("stack: hasCI");
+    }
+    for (const workflow of workflows) {
+      signals.push(`workflow: ${workflow}`);
+    }
+    const detected = workflows.length > 0 || Boolean(ctx.scan.stackSignals.hasCI);
+    return { provider: "github", detected, signals };
+  },
+  connectStatus(ctx) {
+    return resolveProviderConnectionState("github", ctx.mcpVerifierState);
+  },
+  runChecks(ctx) {
+    const connectionState = this.connectStatus(ctx);
+    const repo = buildRepoScanContext(ctx.scan);
+    const workflows = findGithubWorkflowPaths(repo);
+    return [
+      buildVerificationCheck({
+        provider: "github",
+        checkKey: "actions-run-status",
+        area: "testing",
+        title: "GitHub Actions run status",
+        description: "Recent workflow run conclusions require live GitHub API or MCP access.",
+        evidenceSource: "provider",
+        connectionState,
+        repoExpectationMet: workflows.length > 0,
+        providerObservationMet: false,
+        fixType: "mcp-connect",
+        severity: "warning",
+        repoSignals: workflows.map((path) => `workflow: ${path}`),
+        providerSignals: ["GitHub Actions API or MCP"],
+        requiredEvidence: ["Latest workflow run status on default branch"]
+      }),
+      buildVerificationCheck({
+        provider: "github",
+        checkKey: "required-checks",
+        area: "testing",
+        title: "Required GitHub checks",
+        description: "Branch protection and required check contexts need live GitHub verification.",
+        evidenceSource: "provider",
+        connectionState,
+        repoExpectationMet: workflows.length > 0,
+        providerObservationMet: false,
+        fixType: "mcp-connect",
+        severity: "warning",
+        repoSignals: workflows,
+        providerSignals: ["GitHub branch protection API or MCP"],
+        requiredEvidence: ["Required status checks configured for production branch"]
+      }),
+      buildVerificationCheck({
+        provider: "github",
+        checkKey: "failed-checks-recent",
+        area: "testing",
+        title: "Recent failed GitHub checks",
+        description: "Failed workflow runs in the last 7 days require live GitHub verification.",
+        evidenceSource: "provider",
+        connectionState,
+        repoExpectationMet: workflows.length > 0,
+        providerObservationMet: false,
+        fixType: "mcp-connect",
+        severity: "critical",
+        repoSignals: workflows,
+        providerSignals: ["GitHub check run API or MCP"],
+        requiredEvidence: ["No failing required checks on latest default-branch commit"]
+      })
+    ];
+  },
+  buildDiffs(ctx) {
+    const repo = buildRepoScanContext(ctx.scan);
+    const workflows = findGithubWorkflowPaths(repo);
+    if (workflows.length === 0) {
+      return [];
+    }
+    return [
+      {
+        id: providerCheckId("github", "ci-status-unverified"),
+        provider: "github",
+        area: "testing",
+        title: "CI status not verified",
+        description: "GitHub workflow files exist in the repo, but recent Actions conclusions have not been fetched.",
+        repoExpectation: `Workflows: ${workflows.join(", ")}`,
+        providerActual: "Not verified (mock \u2014 connect GitHub MCP read-only)",
+        severity: "warning",
+        suggestedFix: "mcp-connect",
+        evidenceRefs: workflows.map((path) => `workflow: ${path}`)
+      }
+    ];
+  }
+};
+
+// ../../src/station/verificationLayer/mock/mockStripeVerifier.ts
+var REQUIRED_STRIPE_EVENTS = [
+  "checkout.session.completed",
+  "customer.subscription.updated",
+  "customer.subscription.deleted",
+  "invoice.payment_failed"
+];
+var MOCK_STRIPE_HAS_WEBHOOK_ENDPOINT = false;
+var MOCK_STRIPE_CONFIGURED_EVENTS = /* @__PURE__ */ new Set();
+var MOCK_STRIPE_LIVE_PRICE_IDS = /* @__PURE__ */ new Set();
+var mockStripeVerifier = {
+  provider: "stripe",
+  detectConfig(ctx) {
+    const repo = buildRepoScanContext(ctx.scan);
+    const signals = [];
+    if (ctx.scan.stackSignals.hasStripe) {
+      signals.push("stack: hasStripe");
+    }
+    if (repo.deps.some((dep) => dep === "stripe" || dep.startsWith("@stripe/"))) {
+      signals.push("package: stripe");
+    }
+    if (findStripeWebhookRoute(repo)) {
+      signals.push(`route: ${findStripeWebhookRoute(repo)}`);
+    }
+    const detected = signals.length > 0;
+    return { provider: "stripe", detected, signals };
+  },
+  connectStatus(ctx) {
+    return resolveProviderConnectionState("stripe", ctx.mcpVerifierState);
+  },
+  runChecks(ctx) {
+    const connectionState = this.connectStatus(ctx);
+    const repo = buildRepoScanContext(ctx.scan);
+    const webhookRoute = findStripeWebhookRoute(repo);
+    const referencedEnv = collectReferencedEnvNames(ctx.scan, ctx.repositoryEvidence);
+    const priceEnvNames = collectStripePriceEnvNames(repo, referencedEnv);
+    const missingEvents = REQUIRED_STRIPE_EVENTS.filter((event) => !MOCK_STRIPE_CONFIGURED_EVENTS.has(event));
+    return [
+      buildVerificationCheck({
+        provider: "stripe",
+        checkKey: "dashboard-webhook-endpoint",
+        area: "payments",
+        title: "Stripe dashboard webhook endpoint",
+        description: webhookRoute ? "Repo defines a webhook route; Stripe dashboard endpoint must match and be reachable." : "No Stripe webhook route found in repo; dashboard endpoint check still applies when Stripe is used.",
+        evidenceSource: "provider",
+        connectionState,
+        repoExpectationMet: Boolean(webhookRoute),
+        providerObservationMet: MOCK_STRIPE_HAS_WEBHOOK_ENDPOINT,
+        fixType: "provider-config",
+        severity: "critical",
+        repoSignals: webhookRoute ? [`route: ${webhookRoute}`] : [],
+        providerSignals: ["Stripe webhooks API or MCP"],
+        requiredEvidence: ["Webhook endpoint URL registered in Stripe"],
+        manualAction: "Register the production webhook URL in Stripe Dashboard \u2192 Developers \u2192 Webhooks."
+      }),
+      buildVerificationCheck({
+        provider: "stripe",
+        checkKey: "webhook-events",
+        area: "payments",
+        title: "Stripe webhook event subscriptions",
+        description: missingEvents.length > 0 ? `Missing required events: ${missingEvents.join(", ")}` : "Required subscription lifecycle events are configured (mock).",
+        evidenceSource: "provider",
+        connectionState,
+        repoExpectationMet: Boolean(webhookRoute && hasStripeWebhookSignature(repo)),
+        providerObservationMet: missingEvents.length === 0,
+        fixType: "provider-config",
+        severity: "critical",
+        repoSignals: hasStripeWebhookSignature(repo) ? ["webhooks.constructEvent in repo"] : [],
+        providerSignals: ["Stripe webhook endpoint event list"],
+        requiredEvidence: REQUIRED_STRIPE_EVENTS.map((event) => `event: ${event}`)
+      }),
+      buildVerificationCheck({
+        provider: "stripe",
+        checkKey: "live-price-ids",
+        area: "payments",
+        title: "Stripe live price IDs",
+        description: priceEnvNames.length > 0 ? "Price/product env vars are referenced in repo; live Stripe prices must match." : "No Stripe price env vars detected; confirm products/prices if billing is enabled.",
+        evidenceSource: "provider",
+        connectionState,
+        repoExpectationMet: priceEnvNames.length > 0,
+        providerObservationMet: priceEnvNames.length > 0 && priceEnvNames.every((name) => MOCK_STRIPE_LIVE_PRICE_IDS.has(name)),
+        fixType: "provider-config",
+        severity: priceEnvNames.length > 0 ? "warning" : "info",
+        repoSignals: priceEnvNames.map((name) => `env: ${name}`),
+        providerSignals: ["Stripe products/prices API or MCP"],
+        requiredEvidence: ["Live price IDs match env configuration"]
+      })
+    ];
+  },
+  buildDiffs(ctx) {
+    const repo = buildRepoScanContext(ctx.scan);
+    const webhookRoute = findStripeWebhookRoute(repo);
+    const diffs = [];
+    if (webhookRoute && !MOCK_STRIPE_HAS_WEBHOOK_ENDPOINT) {
+      diffs.push({
+        id: providerCheckId("stripe", "webhook-endpoint-mismatch"),
+        provider: "stripe",
+        area: "payments",
+        title: "Stripe webhook endpoint not registered",
+        description: "The repo implements a webhook handler, but no matching endpoint is registered in the mock Stripe account.",
+        repoExpectation: `Webhook route: ${webhookRoute}`,
+        providerActual: "No Stripe webhook endpoint (mock empty dashboard)",
+        severity: "critical",
+        suggestedFix: "provider-config",
+        evidenceRefs: [`route: ${webhookRoute}`]
+      });
+    }
+    const referencedEnv = collectReferencedEnvNames(ctx.scan, ctx.repositoryEvidence);
+    if (referencedEnv.includes("STRIPE_WEBHOOK_SECRET") && !MOCK_STRIPE_HAS_WEBHOOK_ENDPOINT) {
+      diffs.push({
+        id: providerCheckId("stripe", "webhook-secret-without-endpoint"),
+        provider: "stripe",
+        area: "payments",
+        title: "STRIPE_WEBHOOK_SECRET without dashboard endpoint",
+        description: "Repo expects STRIPE_WEBHOOK_SECRET but Stripe dashboard webhook endpoint is not confirmed.",
+        repoExpectation: "STRIPE_WEBHOOK_SECRET referenced in repo",
+        providerActual: "No webhook endpoint to deliver signed events",
+        severity: "critical",
+        suggestedFix: "provider-config",
+        evidenceRefs: ["env: STRIPE_WEBHOOK_SECRET"]
+      });
+    }
+    return diffs;
+  }
+};
+
+// ../../src/station/verificationLayer/mock/mockSupabaseVerifier.ts
+var mockSupabaseVerifier = {
+  provider: "supabase",
+  detectConfig(ctx) {
+    const repo = buildRepoScanContext(ctx.scan);
+    const signals = [];
+    if (ctx.scan.stackSignals.hasSupabase) {
+      signals.push("stack: hasSupabase");
+    }
+    if (repo.deps.some((dep) => dep.startsWith("@supabase/"))) {
+      signals.push(`package: ${repo.deps.find((dep) => dep.startsWith("@supabase/"))}`);
+    }
+    if (/\/supabase\/migrations\//i.test(repo.pathBlob)) {
+      signals.push("path: supabase/migrations");
+    }
+    const detected = signals.length > 0;
+    return { provider: "supabase", detected, signals };
+  },
+  connectStatus(ctx) {
+    return resolveProviderConnectionState("supabase", ctx.mcpVerifierState);
+  },
+  runChecks(ctx) {
+    const connectionState = this.connectStatus(ctx);
+    const repo = buildRepoScanContext(ctx.scan);
+    const tables = collectSupabaseReferencedTables(repo);
+    const rlsInRepo = hasRlsMigrationEvidence(repo);
+    return [
+      buildVerificationCheck({
+        provider: "supabase",
+        checkKey: "live-rls-enabled",
+        area: "database",
+        title: "Live Supabase RLS enabled",
+        description: rlsInRepo ? "Repo contains RLS migration/policy evidence; live project RLS must be confirmed via Supabase MCP or dashboard." : "No RLS migration evidence in repo; live project likely needs RLS before launch.",
+        evidenceSource: "provider",
+        connectionState,
+        repoExpectationMet: rlsInRepo,
+        providerObservationMet: false,
+        fixType: rlsInRepo ? "mcp-connect" : "provider-config",
+        severity: "critical",
+        repoSignals: rlsInRepo ? ["migration/policy references RLS"] : ["no RLS migration detected"],
+        providerSignals: ["Supabase project policy API or MCP"],
+        requiredEvidence: ["RLS enabled on user-owned tables in live project"],
+        manualAction: "Enable RLS and policies in Supabase Dashboard \u2192 Authentication \u2192 Policies."
+      }),
+      buildVerificationCheck({
+        provider: "supabase",
+        checkKey: "live-policies",
+        area: "database",
+        title: "Live Supabase policies",
+        description: "Row policies on referenced tables require live Supabase verification.",
+        evidenceSource: "provider",
+        connectionState,
+        repoExpectationMet: tables.length > 0,
+        providerObservationMet: false,
+        fixType: "mcp-connect",
+        severity: tables.length > 0 ? "critical" : "info",
+        repoSignals: tables.map((table) => `table referenced: ${table}`),
+        providerSignals: ["Supabase policy list API or MCP"],
+        requiredEvidence: ["Policies exist for tables used in application code"]
+      }),
+      buildVerificationCheck({
+        provider: "supabase",
+        checkKey: "referenced-tables-protected",
+        area: "database",
+        title: "Referenced tables protected in live project",
+        description: tables.length > 0 ? `Application code references ${tables.length} Supabase table(s); confirm live RLS/policies cover them.` : "No Supabase table references detected in scanned code.",
+        evidenceSource: "provider",
+        connectionState,
+        repoExpectationMet: tables.length > 0 && rlsInRepo,
+        providerObservationMet: false,
+        fixType: "provider-config",
+        severity: "warning",
+        repoSignals: tables.map((table) => `.from("${table}")`),
+        providerSignals: ["Live table policy map"],
+        requiredEvidence: ["Each referenced public table has RLS + policy in production"]
+      })
+    ];
+  },
+  buildDiffs(ctx) {
+    const repo = buildRepoScanContext(ctx.scan);
+    const tables = collectSupabaseReferencedTables(repo);
+    const rlsInRepo = hasRlsMigrationEvidence(repo);
+    const diffs = [];
+    if (!rlsInRepo && tables.length > 0) {
+      diffs.push({
+        id: providerCheckId("supabase", "rls-migration-gap"),
+        provider: "supabase",
+        area: "database",
+        title: "RLS migration missing for referenced tables",
+        description: "Code queries Supabase tables but no RLS migration/policy evidence was found in the repo.",
+        repoExpectation: `Tables referenced: ${tables.join(", ")}`,
+        providerActual: "Live RLS state unknown without Supabase MCP",
+        severity: "critical",
+        suggestedFix: "repo-fix",
+        evidenceRefs: tables.map((table) => `table: ${table}`)
+      });
+    }
+    if (rlsInRepo) {
+      diffs.push({
+        id: providerCheckId("supabase", "live-rls-unverified"),
+        provider: "supabase",
+        area: "database",
+        title: "Live RLS not verified",
+        description: "Repo includes RLS migration/policy files, but live Supabase project RLS has not been confirmed.",
+        repoExpectation: "RLS policies defined in repo migrations",
+        providerActual: "Not verified (mock \u2014 connect Supabase MCP read-only)",
+        severity: "critical",
+        suggestedFix: "mcp-connect",
+        evidenceRefs: repo.files.filter((file) => /enable\s+row\s+level\s+security|create\s+policy/i.test(file.content)).slice(0, 3).map((file) => `file: ${file.path}`)
+      });
+    }
+    return diffs;
+  }
+};
+
+// ../../src/station/verificationLayer/mock/mockVercelVerifier.ts
+var MOCK_VERCEL_PRODUCTION_ENV = /* @__PURE__ */ new Set();
+function deploymentEnvCandidates(ctx) {
+  const referenced = collectReferencedEnvNames(ctx.scan, ctx.repositoryEvidence);
+  const fromExample = collectEnvExampleNames(ctx.scan);
+  const names = /* @__PURE__ */ new Set([...referenced, ...fromExample]);
+  return [...names].filter((name) => {
+    if (/^VERCEL_/i.test(name)) {
+      return true;
+    }
+    if (/^(DATABASE_URL|NEXT_PUBLIC_|VITE_|SUPABASE_|STRIPE_|CLERK_|SENTRY_|POSTHOG_|PADDLE_|AUTH_|NEXTAUTH_)/i.test(name)) {
+      return true;
+    }
+    return referenced.includes(name) && fromExample.includes(name);
+  });
+}
+var mockVercelVerifier = {
+  provider: "vercel",
+  detectConfig(ctx) {
+    const repo = buildRepoScanContext(ctx.scan);
+    const signals = [];
+    if (ctx.scan.stackSignals.hasVercel) {
+      signals.push("stack: hasVercel");
+    }
+    if (/vercel\.json/i.test(repo.pathBlob)) {
+      signals.push("path: vercel.json");
+    }
+    if (ctx.scan.stackSignals.hasNextJs || ctx.scan.stackSignals.hasVite) {
+      signals.push("framework: Vercel-compatible");
+    }
+    const detected = signals.length > 0;
+    return { provider: "vercel", detected, signals };
+  },
+  connectStatus(ctx) {
+    return resolveProviderConnectionState("vercel", ctx.mcpVerifierState);
+  },
+  runChecks(ctx) {
+    const connectionState = this.connectStatus(ctx);
+    const candidates = deploymentEnvCandidates(ctx);
+    const missingOnVercel = candidates.filter((name) => !MOCK_VERCEL_PRODUCTION_ENV.has(name));
+    const repo = buildRepoScanContext(ctx.scan);
+    const checks = [
+      buildVerificationCheck({
+        provider: "vercel",
+        checkKey: "production-env-sync",
+        area: "deployment",
+        title: "Vercel production environment variables",
+        description: missingOnVercel.length > 0 ? `${missingOnVercel.length} repo-referenced env var(s) are not confirmed in Vercel production.` : "Repo env names align with the mock Vercel production snapshot.",
+        evidenceSource: "provider",
+        connectionState,
+        repoExpectationMet: candidates.length > 0,
+        providerObservationMet: missingOnVercel.length === 0,
+        fixType: "provider-config",
+        severity: missingOnVercel.length > 0 ? "critical" : "info",
+        repoSignals: missingOnVercel.map((name) => `env expected: ${name}`),
+        providerSignals: connectionState === "connected" ? ["Vercel production env API"] : ["Awaiting Vercel MCP read-only env lookup"],
+        requiredEvidence: ["Vercel production env var names and values (redacted)"],
+        manualAction: "Add missing keys in Vercel Project Settings \u2192 Environment Variables (Production)."
+      }),
+      buildVerificationCheck({
+        provider: "vercel",
+        checkKey: "latest-deployment",
+        area: "deployment",
+        title: "Latest Vercel deployment status",
+        description: "Production deployment health requires live Vercel project access.",
+        evidenceSource: "provider",
+        connectionState,
+        repoExpectationMet: Boolean(ctx.scan.stackSignals.hasVercel || /vercel\.json/i.test(repo.pathBlob)),
+        providerObservationMet: false,
+        fixType: "mcp-connect",
+        severity: "warning",
+        repoSignals: repo.pathBlob.split(/\r?\n/).filter((p2) => /vercel\.json/i.test(p2)).slice(0, 3),
+        providerSignals: ["Vercel deployments API or MCP"],
+        requiredEvidence: ["Latest production deployment state"]
+      }),
+      buildVerificationCheck({
+        provider: "vercel",
+        checkKey: "production-domain",
+        area: "deployment",
+        title: "Vercel production domain",
+        description: "Custom domain and DNS status require live Vercel project access.",
+        evidenceSource: "provider",
+        connectionState,
+        repoExpectationMet: Boolean(ctx.scan.stackSignals.hasVercel || ctx.scan.stackSignals.hasNextJs),
+        providerObservationMet: false,
+        fixType: "mcp-connect",
+        severity: "warning",
+        repoSignals: [],
+        providerSignals: ["Vercel domains API or MCP"],
+        requiredEvidence: ["Production domain assignment and DNS verification"]
+      })
+    ];
+    return checks;
+  },
+  buildDiffs(ctx) {
+    const candidates = deploymentEnvCandidates(ctx);
+    return candidates.filter((name) => !MOCK_VERCEL_PRODUCTION_ENV.has(name)).map((name) => ({
+      id: providerCheckId("vercel", `env-missing-${name.toLowerCase()}`),
+      provider: "vercel",
+      area: "deployment",
+      title: `${name} missing in Vercel production`,
+      description: `The repo references ${name}, but the mock Vercel production env snapshot does not include it.`,
+      repoExpectation: `Referenced in repo (.env.example, code, or env evidence)`,
+      providerActual: "Not present in Vercel production (mock empty snapshot)",
+      severity: /SECRET|KEY|TOKEN|PASSWORD/i.test(name) ? "critical" : "warning",
+      suggestedFix: "provider-config",
+      evidenceRefs: collectReferencedEnvNames(ctx.scan, ctx.repositoryEvidence).filter((entry) => entry === name).map((entry) => `env: ${entry}`)
+    }));
+  }
+};
+
+// ../../src/station/verificationLayer/registry.ts
+var verifiers = [];
+function registerProviderVerifier(verifier) {
+  const existing = verifiers.findIndex((entry) => entry.provider === verifier.provider);
+  if (existing >= 0) {
+    verifiers[existing] = verifier;
+    return;
+  }
+  verifiers.push(verifier);
+}
+function getRegisteredVerifiers() {
+  return [...verifiers];
+}
+
+// ../../src/station/verificationLayer/registerDefaults.ts
+var defaultsRegistered = false;
+function ensureDefaultVerifiersRegistered() {
+  if (defaultsRegistered) {
+    return;
+  }
+  registerProviderVerifier(mockVercelVerifier);
+  registerProviderVerifier(mockSupabaseVerifier);
+  registerProviderVerifier(mockStripeVerifier);
+  registerProviderVerifier(mockGitHubVerifier);
+  defaultsRegistered = true;
+}
+
+// ../../src/station/verificationLayer/runVerificationLayer.ts
+function runVerifier(verifier, ctx) {
+  const config = verifier.detectConfig(ctx);
+  if (!config.detected) {
+    return null;
+  }
+  const connectionState = verifier.connectStatus(ctx);
+  const rawChecks = verifier.runChecks(ctx);
+  const checks = rawChecks.map((check) => ({
+    ...check,
+    status: coerceProviderVerificationStatus(check.status, connectionState)
+  }));
+  const diffs = verifier.buildDiffs(ctx);
+  return {
+    provider: verifier.provider,
+    connectionState,
+    config,
+    checks,
+    diffs,
+    repoReadinessPercent: computeLayerReadinessPercent(checks, "repo"),
+    providerReadinessPercent: computeLayerReadinessPercent(checks, "provider")
+  };
+}
+function runVerificationLayer(ctx, options) {
+  if (options?.registerDefaults !== false) {
+    ensureDefaultVerifiersRegistered();
+  }
+  const providers = getRegisteredVerifiers().map((verifier) => runVerifier(verifier, ctx)).filter((result) => result !== null);
+  const checks = providers.flatMap((result) => result.checks);
+  const diffs = providers.flatMap((result) => result.diffs);
+  const { repoReadinessPercent, providerReadinessPercent } = aggregateReadinessPercents(providers);
+  return {
+    version: 1,
+    generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    runtimeMode: "mock",
+    providers,
+    checks,
+    diffs,
+    repoReadinessPercent,
+    providerReadinessPercent
+  };
+}
+
+// ../../src/station/orchestrator.ts
+function isScanLimitResult(value) {
+  return value.kind === "scan_limit_reached";
+}
+function isManagedRequiredResult(value) {
+  return value.kind === "managed_required";
+}
+function isManagedSessionInvalidResult(value) {
+  return value.kind === "managed_session_invalid";
+}
+function createStationOrchestrator(deps) {
+  return {
+    async run(input) {
+      const allowLocal = Boolean(await deps.isLocalStationFallbackAllowed?.());
+      const scan = await deps.scanWorkspace(input.workspaceRoot);
+      const productionConnectionChoices = await loadProductionConnectionChoices(deps);
+      const productionConnectionEvidence = detectProductionConnectionEvidence(scan);
+      const productionConnections = summarizeProductionConnections(
+        productionConnectionChoices,
+        productionConnectionEvidence
+      );
+      const productionConnectionContext = buildProductionConnectionContext(
+        productionConnectionChoices,
+        productionConnectionEvidence
+      );
+      const verificationSummary = buildVerificationSummary(scan, productionConnections);
+      const verificationEvidenceContext = buildVerificationEvidenceContext(verificationSummary);
+      const stackWiring = analyzeStackWiring(scan);
+      const stackWiringContext = buildStackWiringContext(stackWiring);
+      const repositoryEvidence = analyzeRepositoryEvidence(scan);
+      const providerRegistry = buildProviderRegistrySnapshot();
+      const staticInfrastructureFlowGraph = buildStaticInfrastructureFlowGraph(scan);
+      const stackAutomation = buildStackAutomationSummary(stackWiring, { staticInfrastructureFlowGraph });
+      const stackAutomationContext = buildStackAutomationContext(stackAutomation);
+      const mcpVerifierState = await deps.getMcpVerifierState?.();
+      const verificationLayer = runVerificationLayer({
+        workspaceRoot: input.workspaceRoot,
+        scan,
+        stackWiring,
+        repositoryEvidence,
+        mcpVerifierState
+      });
+      const missionGraph = buildMissionGraph({
+        stackWiring,
+        repositoryEvidence,
+        staticInfrastructureFlowGraph,
+        verificationLayer
+      });
+      const specContent = await readSpec(input.workspaceRoot);
+      const modelPrompt = buildAnalysisPrompt(
+        scan,
         specContent,
         productionConnectionContext,
         verificationEvidenceContext,
@@ -5568,25 +6875,49 @@ function generateAgentSummary(artifact) {
     }
   }
   lines.push("");
-  lines.push("## Top launch gaps (model)");
+  lines.push("## Agent-code actions");
   if (topGaps.length === 0) {
-    lines.push("_No model gaps returned \u2014 rely on mission map checks above._");
+    lines.push("_No model gaps returned. Review mission map checks before changing code._");
   } else {
     topGaps.forEach((gap, index) => {
       lines.push(
         `${index + 1}. **${gap.title}** (\`${gap.id}\`, ${gap.severity}, map: \`${gap.primaryMapCategory}\`)`
       );
       lines.push(`   - ${gap.detail}`);
-      lines.push(`   - Prompt: \`viberaven prompt --gap ${gap.id}\``);
+      lines.push(`   - Command: \`viberaven prompt --gap ${gap.id}\``);
+      if (gap.copyPrompt) {
+        lines.push(`   - Prompt: ${gap.copyPrompt}`);
+      }
+    });
+  }
+  const manualChecks = (artifact.missionGraph.areas ?? []).flatMap(
+    (area) => area.providerMissions.flatMap(
+      (mission) => mission.checks.filter(
+        (check) => check.evidenceClass === "manual-dashboard" || check.evidenceClass === "mcp-verifier" || check.evidenceSource === "provider" || check.evidenceSource === "mcp" || check.status === "needs-connection" || check.status === "unknown"
+      ).map((check) => ({ area: area.label, provider: mission.providerLabel, check }))
+    )
+  );
+  lines.push("");
+  lines.push("## Human-provider actions");
+  if (manualChecks.length === 0) {
+    lines.push("_No manual provider actions were identified in this scan._");
+  } else {
+    manualChecks.slice(0, 8).forEach((item3, index) => {
+      lines.push(`${index + 1}. **${item3.check.label}** (${item3.area} / ${item3.provider})`);
+      lines.push(
+        `   - ${item3.check.promptHint || "Ask the user to confirm this in the provider dashboard or through read-only MCP."}`
+      );
     });
   }
   lines.push("");
+  lines.push("Do not claim human-provider actions as repo-code fixes.");
+  lines.push("");
   lines.push("## Agent workflow");
-  lines.push("1. Pick the highest-severity gap unless the user names an area or provider.");
-  lines.push("2. Run `viberaven prompt --gap <id>` (or read `copyPrompt` from `last-scan.json`).");
-  lines.push("3. Implement the fix in the repo.");
-  lines.push("4. Run `npx -y @viberaven/cli@beta scan` again to verify readiness improved.");
-  lines.push("5. Tell the user to open `.viberaven/report.html` for the visual mission map.");
+  lines.push("1. Pick the highest-severity agent-code gap unless the user names an area or provider.");
+  lines.push("2. Run `viberaven prompt --gap <id>` or read `copyPrompt` from `last-scan.json`.");
+  lines.push("3. Implement the repo-code fix.");
+  lines.push("4. Run `npx -y @viberaven/cli@beta scan` again.");
+  lines.push("5. Tell the user to review `.viberaven/report.html` for the visual mission map.");
   lines.push("");
   if (artifact.usage) {
     lines.push("## Account usage");
@@ -5719,6 +7050,24 @@ var PANEL_CLIENT_SCRIPT = `
 
 
 
+  function normalizeProviderToken(value) {
+
+    return String(value == null ? '' : value)
+      .trim()
+      .toLowerCase()
+      .replace(/&/g, 'and')
+      .replace(/[^a-z0-9]+/g, '');
+
+  }
+
+  function buildProviderStackCommand(areaKey, provider) {
+
+    return 'viberaven stack set ' + areaKey + ' ' + normalizeProviderToken(provider) + ' && viberaven scan';
+
+  }
+
+
+
   function normKey(p) {
 
     if (!p) return '';
@@ -5727,6 +7076,8 @@ var PANEL_CLIENT_SCRIPT = `
 
     var compact = raw.replace(/[^a-z0-9]+/g, '');
 
+    if (!compact || compact === 'notselected' || raw === 'not selected' || raw === 'none') return '';
+
     if (logoPayload.aliases[raw]) return logoPayload.aliases[raw];
 
     if (logoPayload.aliases[compact]) return logoPayload.aliases[compact];
@@ -5791,17 +7142,101 @@ var PANEL_CLIENT_SCRIPT = `
 
     }
 
+    if (key && logoPayload.logos[key]) return logoPayload.logos[key];
+
     if (key && logoPayload.iconUrls && logoPayload.iconUrls[key]) {
 
       return '<img class="provider-logo__img" src="' + esc(logoPayload.iconUrls[key]) + '" alt="" decoding="async" data-provider-logo-key="' + esc(key) + '" />';
 
     }
 
-    if (key && logoPayload.logos[key]) return logoPayload.logos[key];
+    return logoPayload.fallbackSvg || '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M12 3 20 7.5v9L12 21 4 16.5v-9L12 3Zm0 3.3-5 2.8v5.8l5 2.8 5-2.8V9.1l-5-2.8Zm0 3.2a2.5 2.5 0 1 1 0 5 2.5 2.5 0 0 1 0-5Z"/></svg>';
+
+  }
+
+
+
+  function nodeTone(p) {
+
+    var key = normKey(p);
+
+    if (!key || !logoPayload.nodeTones || !logoPayload.nodeTones[key]) return null;
+
+    return logoPayload.nodeTones[key];
+
+  }
+
+
+
+  function syncMapNode(areaKey, providerOption) {
+
+    var node = document.querySelector('.studio-node[data-area-key="' + areaKey + '"]');
+
+    if (!node) return;
+
+    var area = areas.find(function (a) { return a.key === areaKey; });
+
+    var areaLabel = (area && area.label) || LABELS[areaKey] || areaKey;
+
+    var missions = (area && area.providerMissions) || [];
+
+    var mission = missionForProvider(missions, providerOption);
+
+    var providerLabel = providerLabelFor(areaKey, providerOption, mission, areaLabel);
+
+    var iconKey = normKey(providerOption);
+
+    var logoInner = logoHtml(iconKey || providerOption, providerLabel);
 
-    var t = (label || p || '?').trim();
+    var cls = logoClass(iconKey || providerOption);
 
-    return '<span aria-hidden="true">' + esc(t.slice(0, 2).toUpperCase()) + '</span>';
+    var logoEl = node.querySelector('.studio-node__logo');
+
+    if (logoEl) {
+
+      logoEl.className = 'studio-node__logo provider-logo' + cls;
+
+      logoEl.innerHTML = logoInner;
+
+    }
+
+    node.className = node.className
+
+      .replace(/\\sprovider-logo--[a-z0-9-]+/g, '')
+
+      .replace(/\\sprovider-logo--brand/g, '')
+
+      .trim();
+
+    if (!/\\bprovider-logo\\b/.test(node.className)) node.className += ' provider-logo';
+
+    node.className += cls;
+
+    var provSpan = node.querySelector('.studio-node__provider');
+
+    if (provSpan) provSpan.textContent = providerLabel;
+
+    var tone = nodeTone(providerOption);
+
+    if (tone) {
+
+      node.style.setProperty('--provider-color', tone[0]);
+
+      node.style.setProperty('--provider-glow', tone[1]);
+
+    } else {
+
+      node.style.removeProperty('--provider-color');
+
+      node.style.removeProperty('--provider-glow');
+
+    }
+
+    var metaSpan = node.querySelector('.studio-node__meta');
+
+    var metaText = metaSpan ? metaSpan.textContent : '';
+
+    node.setAttribute('aria-label', areaLabel + ', ' + providerLabel + ', ' + metaText);
 
   }
 
@@ -5887,19 +7322,53 @@ var PANEL_CLIENT_SCRIPT = `
 
 
 
-  function sameProvider(a, b) {
+  function firstProviderOption(areaKey) {
 
-    if (!a || !b) return false;
+    var options = providerOptions[areaKey] || [];
 
-    return String(a).toLowerCase() === String(b).toLowerCase() || normKey(a) === normKey(b);
+    return options[0] || null;
 
   }
 
 
 
-  function projectProviderFor(areaKey, missions) {
+  function iconProviderKey(areaKey, currentProvider, mission, providerLabel) {
 
-    if (projectProviders[areaKey]) return projectProviders[areaKey];
+    var option = optionFor(areaKey, currentProvider);
+
+    var firstOption = firstProviderOption(areaKey);
+
+    return currentProvider ||
+
+      (mission && (mission.provider || mission.providerLabel || mission.key)) ||
+
+      (option && (option.provider || option.label)) ||
+
+      (firstOption && (firstOption.provider || firstOption.label)) ||
+
+      providerLabel ||
+
+      LABELS[areaKey] ||
+
+      areaKey;
+
+  }
+
+
+
+  function sameProvider(a, b) {
+
+    if (!a || !b) return false;
+
+    return String(a).toLowerCase() === String(b).toLowerCase() || normKey(a) === normKey(b);
+
+  }
+
+
+
+  function projectProviderFor(areaKey, missions) {
+
+    if (projectProviders[areaKey]) return projectProviders[areaKey];
 
     var mission = preferredMission(missions, '');
 
@@ -6037,210 +7506,672 @@ var PANEL_CLIENT_SCRIPT = `
 
     return [
 
-      'Wire ' + subject + ' for this app safely.',
+      'Wire ' + subject + ' for this app safely.',
+
+      '',
+
+      'Current ' + subject + ' readiness: ' + passed.length + '/' + Math.max(total, 1) + ' repo checks passed (' + (mission.readinessPercent || 0) + '%).',
+
+      '',
+
+      'Repo evidence already found:',
+
+      itemLines(passed, '- No ' + subject + ' checks passed yet.', true),
+
+      '',
+
+      'Missing ' + subject + ' checks:',
+
+      itemLines(missing, '- No missing ' + subject + ' checks were found by VibeRaven.', false),
+
+      '',
+
+      'Manual checks that repo evidence cannot prove:',
+
+      itemLines(manual, '- No manual dashboard checks were listed.', false),
+
+      '',
+
+      'First inspect the existing package.json files, env examples, framework routes, provider helpers, and server/client boundaries before editing.',
+
+      '',
+
+      'Implement:',
+
+      '1. Close only the missing ' + subject + ' checks listed above.',
+
+      '2. Follow the existing file structure and naming patterns.',
+
+      '3. Keep provider secrets in server-only code and documented env templates.',
+
+      '4. Keep external dashboard work explicit instead of claiming it from repo evidence.',
+
+      '',
+
+      'Constraints:',
+
+      '- Do not rewrite unrelated auth, payments, UI, billing, deployment, or analytics code.',
+
+      '- Do not expose secret keys to browser code, public env variables, or client-executed files.',
+
+      '- Do not claim external provider dashboard setup is complete from repo evidence alone.',
+
+      '',
+
+      'Verification:',
+
+      '- Run the relevant TypeScript/build/test command for this repo.',
+
+      '- Confirm VibeRaven can rescan and move the missing checks to passed where repo evidence exists.',
+
+      '- Summarize what changed and what still requires manual provider dashboard verification.'
+
+    ].join('\\n');
+
+  }
+
+
+
+  function choiceTilesHtml(areaKey, currentProvider, missions, evidenceMissions) {
+
+    var options = providerOptions[areaKey];
+
+    if (!options || !options.length) return '';
+
+    var projectProvider = projectProviderFor(areaKey, missions);
+
+    var tiles = options.map(function (opt) {
+
+      var p = opt.provider || opt.label;
+
+      var active = sameProvider(p, currentProvider);
+
+      var inProject = sameProvider(p, projectProvider);
+
+      var desc = opt.description || benefitText(p);
+
+      var providerOption = normKey(p) || normalizeProviderToken(p);
+
+      var status = inProject ? 'Using now' : active ? 'Added to setup' : 'Use this path';
+
+      return '<button type="button" class="studio-choice-tile' + (active ? ' studio-choice-tile--selected' : '') + (inProject ? ' studio-choice-tile--in-project' : '') +
+
+        '" data-provider-option="' + attrEsc(providerOption) + '" data-provider-label="' + attrEsc(p) + '" data-area-key="' + attrEsc(areaKey) + '" aria-pressed="' + (active ? 'true' : 'false') + '">' +
+
+        '<span class="studio-choice-tile__icon provider-logo' + logoClass(p) + '" aria-hidden="true">' + logoHtml(p, opt.label) + '</span>' +
+
+        '<span class="studio-choice-tile__name">' + esc(opt.label) + '</span>' +
+
+        '<span class="studio-choice-tile__desc">' + esc(desc) + '</span>' +
+
+        '<span class="studio-choice-tile__status">' + status + '</span>' +
+
+        '</button>';
+
+    }).join('');
+
+    var hintLabel = CHOICE_HINTS[areaKey] || ('Choose ' + (LABELS[areaKey] || areaKey).toLowerCase());
+
+    return '<div class="studio-setup-panel__hint"><span>' + esc(hintLabel) + '</span>' + evidenceBadgeHtml(evidenceMissions || missions) + '</div>' +
+
+      '<div class="studio-choice-list" role="group" aria-label="' + attrEsc(hintLabel) + '">' + tiles + '</div>';
+
+  }
+
+
+
+  function buildPrompt(areaKey, missions, providerLabel, automation) {
+
+    if (automation) {
+
+      if (automation.automationLevel === 'manual-only' && automation.verificationPrompt) return automation.verificationPrompt;
+
+      if (automation.repoPrompt) return automation.repoPrompt;
+
+      if (automation.promptRoutes && automation.promptRoutes['repo-fix'] && automation.promptRoutes['repo-fix'].body) {
+
+        return automation.promptRoutes['repo-fix'].body;
+
+      }
+
+    }
+
+    var areaGaps = missions[0] ? gaps.filter(function (g) { return g.primaryMapCategory === areaKey; }) : [];
+
+    if (areaGaps[0] && areaGaps[0].copyPrompt) return areaGaps[0].copyPrompt;
+
+    var missionPrompt = stackPromptFromMission(missions[0], providerLabel);
+
+    if (missionPrompt) return missionPrompt;
+
+    var missing = (missions[0] && missions[0].checks || []).filter(function (c) {
+
+      return c.evidenceClass === 'missing-repo-fix' || c.status === 'missing' || c.status === 'failed';
+
+    });
+
+    if (missing[0] && missing[0].promptHint) return missing[0].promptHint;
+
+    return setupPromptForProvider(areaKey, providerLabel);
+
+  }
+
+
+
+  function setupPromptForProvider(areaKey, providerLabel) {
+
+    var areaLabel = LABELS[areaKey] || areaKey;
+
+    var provider = providerLabel || areaLabel;
+
+    return [
+
+      'Set up ' + provider + ' for the ' + areaLabel + ' production section safely.',
+
+      '',
+
+      'Inspect first:',
+
+      '- Review package.json files, env examples, framework routes, provider helpers, server/client boundaries, and existing ' + areaLabel.toLowerCase() + ' patterns before editing.',
+
+      '- Identify the current framework, folder structure, naming style, validation style, and test/build commands.',
+
+      '- If VibeRaven SIFG leak context is present, treat its leak IDs and allowed files as the source of truth.',
+
+      '',
+
+      'Implement:',
+
+      '- Make the smallest repo-only changes needed to wire the ' + provider + ' path.',
+
+      '- Add the right package or SDK only if it is missing.',
+
+      '- Document required environment variable names in safe examples or setup docs without reading or exposing real secrets.',
+
+      '- Add server-side integration points, route handlers, webhooks, guards, or helpers only where this repo structure expects them.',
+
+      '',
+
+      'Provider constraints:',
+
+      '- Do not call provider APIs, mutate external projects, or edit VibeRaven dashboard state.',
+
+      '- Keep dashboard/provider setup as explicit manual steps.',
+
+      '- Do not claim live provider configuration is complete from repo changes alone.',
+
+      '- Keep secrets in server-only code and env examples. Use placeholder env names only.',
+
+      '',
+
+      'Verification:',
+
+      '- Run the closest relevant build, test, lint, or typecheck command.',
+
+      '- Confirm repo evidence exists for each implemented item.',
+
+      '- List provider dashboard checks separately as manual or read-only MCP verification.',
+
+      '- Rescan VibeRaven after editing so repo evidence can move to verified.'
+
+    ].join('\\n');
+
+
+  }
+
+  function evidenceSourceLabel(check) {
+
+    if (!check) return 'Unknown';
+
+    if (check.evidenceSource === 'provider') return 'Provider live';
+
+    if (check.evidenceSource === 'mcp' || check.evidenceClass === 'mcp-verifier') return 'MCP';
+
+    if (check.evidenceSource === 'manual' || check.evidenceClass === 'manual-dashboard' || check.status === 'user-confirmed') return 'Manual';
+
+    if (check.evidenceSource === 'repo' || check.evidenceClass === 'repo-verified' || check.evidenceClass === 'repo-file') return 'Repo files';
+
+    return 'Unknown';
+
+  }
+
+
+
+  function contractItem(label, detail, source, tone) {
+
+    return {
+
+      label: label || 'Unknown',
+
+      detail: detail || '',
+
+      source: source || 'Unknown',
+
+      tone: tone || 'neutral'
+
+    };
+
+  }
+
+
+
+  function checkDetail(check) {
+
+    if (!check) return '';
+
+    if (check.evidence && check.evidence[0]) return check.evidence[0];
+
+    if (check.promptHint) return check.promptHint;
+
+    if (check.status === 'unknown') return 'Not checked';
+
+    if (check.status === 'needs-connection') return 'Needs verification';
+
+    return '';
+
+  }
+
+
+
+  function buildCliSidebarContract(areaKey, label, mission, categoryGaps, providerLabel, automation, currentProvider) {
+
+    var connected = [];
+
+    var missing = [];
+
+    var manual = [];
+
+    var checks = mission && Array.isArray(mission.checks) ? mission.checks : [];
+
+    var mcpProvider = (automation && automation.mcpProvider) || '';
+
+    checks.forEach(function (check) {
+
+      var source = evidenceSourceLabel(check);
+
+      var item = contractItem(check.label, checkDetail(check), source, source === 'Repo files' ? 'repo' : source === 'MCP' ? 'mcp' : source === 'Manual' ? 'manual' : 'neutral');
+
+      if ((check.status === 'passed' || check.status === 'user-confirmed') && source !== 'Unknown') {
+
+        connected.push(item);
+
+        return;
+
+      }
+
+      if (check.evidenceClass === 'missing-repo-fix' || check.status === 'missing' || check.status === 'failed') {
+
+        missing.push(contractItem(check.label, checkDetail(check), 'Repo files', 'missing'));
+
+        return;
+
+      }
+
+      if (source === 'Manual' || source === 'MCP' || check.status === 'needs-connection' || check.status === 'unknown') {
+
+        manual.push(contractItem(check.label, checkDetail(check) || 'Not checked', source, 'manual'));
+
+      }
+
+    });
+
+    (Array.isArray(categoryGaps) ? categoryGaps : []).slice(0, 4).forEach(function (gap) {
+
+      missing.push(contractItem(gap.title || 'Product gap needs repo review', gap.detail || 'Agent can inspect and adjust repo implementation.', 'Repo files', 'missing'));
+
+    });
+
+    if (!checks.length) {
+
+      manual.push(contractItem('Provider live proof', 'Not checked', 'Unknown', 'manual'));
+
+    }
+
+    if (!manual.length) {
+
+      manual.push(contractItem('Provider live proof', 'Not checked', 'Unknown', 'manual'));
+
+    }
+
+    return {
+
+      areaKey: areaKey,
+
+      areaLabel: label || LABELS[areaKey] || areaKey,
+
+      providerKey: iconProviderKey(areaKey, currentProvider, mission, providerLabel),
+
+      providerLabel: providerLabel || 'Selected provider',
+
+      connected: connected,
+
+      missing: missing,
+
+      manual: manual,
+
+      repoPercent: typeof (mission && mission.repoReadinessPercent) === 'number'
+        ? Math.max(0, Math.min(100, Math.round(mission.repoReadinessPercent)))
+        : typeof (mission && mission.readinessPercent) === 'number'
+          ? Math.max(0, Math.min(100, Math.round(mission.readinessPercent)))
+          : 0,
+
+      providerPercent: typeof (mission && mission.providerReadinessPercent) === 'number'
+        ? Math.max(0, Math.min(100, Math.round(mission.providerReadinessPercent)))
+        : 0,
+
+      hasMcpAccess: Boolean(providerLabel || mcpProvider) || checks.some(function (check) {
+        return check.evidenceSource === 'mcp' || check.evidenceClass === 'mcp-verifier' || check.verificationStatus === 'needs_mcp';
+      })
+
+    };
+
+  }
+
+
+
+  function contractLines(items) {
+
+    return (items && items.length ? items : [{ label: 'None', detail: 'No artifact-backed item.', source: 'Unknown' }]).map(function (item) {
+
+      return '- [' + (item.source || 'Unknown') + '] ' + item.label + (item.detail ? ': ' + item.detail : '');
+
+    }).join('\\n');
+
+  }
+
+
+
+  function focusedContractPrompt(contract) {
+
+    return [
+
+      'VibeRaven selected-node production checklist',
+
+      '',
+
+      'Node: ' + contract.areaLabel,
+
+      'Selected provider context: ' + contract.providerLabel,
+
+      '',
+
+      'Verified evidence:',
+
+      contractLines(contract.connected),
+
+      '',
+
+      'Agent-code actions:',
+
+      contractLines(contract.missing),
+
+      '',
+
+      'Human-provider actions:',
+
+      contractLines(contract.manual),
+
+      '',
+
+      'Rules:',
+
+      '- Selected provider is context only and does not mean connected.',
+
+      '- Connected evidence requires Repo files, Provider live, MCP, or Manual confirmation in the artifact.',
+
+      '- Do not represent human-provider actions as completed code fixes.'
+
+    ].join('\\n');
+
+  }
+
+
+
+  function sidebarStatusBadge(contract) {
+
+    if ((contract.connected || []).some(function (item) { return item.source === 'Repo files'; })) return 'Repo evidence found';
+
+    if ((contract.missing || []).length) return 'Missing repo fixes';
+
+    if ((contract.manual || []).length) return 'Manual check';
+
+    return 'Selected only';
+
+  }
+
+
+
+  function sidebarReadinessSentence(contract) {
+
+    var hasRepo = (contract.connected || []).some(function (item) { return item.source === 'Repo files'; });
+
+    var hasLive = (contract.connected || []).some(function (item) { return item.source === 'Provider live' || item.source === 'MCP' || item.source === 'Manual'; });
+
+    if (hasRepo && !hasLive) return 'Repo found. Live not checked.';
+
+    if (hasLive) return 'Live proof exists in the scan artifact.';
+
+    if ((contract.missing || []).length) return 'Repo gaps found. Live not checked.';
+
+    return 'No verified evidence yet.';
+
+  }
+
+
+
+  function contractMetricHtml(label, percent, value, isLive) {
+
+    var safePercent = Math.max(0, Math.min(100, Math.round(percent || 0)));
+
+    return '<div class="studio-sidebar-contract__compact-metric' + (isLive ? ' studio-sidebar-contract__compact-metric--live' : '') + '">' +
+
+      '<span>' + esc(label) + '</span>' +
+
+      '<strong>' + esc(value || (safePercent + '%')) + '</strong>' +
+
+      '<i class="studio-sidebar-contract__compact-meter" aria-hidden="true"><b style="width:' + safePercent + '%"></b></i>' +
+
+      '</div>';
+
+  }
 
-      '',
 
-      'Current ' + subject + ' readiness: ' + passed.length + '/' + Math.max(total, 1) + ' repo checks passed (' + (mission.readinessPercent || 0) + '%).',
 
-      '',
+  function contractReadinessHtml(contract) {
 
-      'Repo evidence already found:',
+    var providerKey = contract.providerKey || contract.providerLabel || contract.areaLabel;
 
-      itemLines(passed, '- No ' + subject + ' checks passed yet.', true),
+    var providerStatus = contract.providerPercent > 0 ? contract.providerPercent + '%' : 'Not checked';
 
-      '',
+    return '<section class="studio-sidebar-contract__readiness" aria-label="' + attrEsc(contract.providerLabel + ' readiness') + '">' +
 
-      'Missing ' + subject + ' checks:',
+      '<div class="studio-sidebar-contract__head">' +
 
-      itemLines(missing, '- No missing ' + subject + ' checks were found by VibeRaven.', false),
+      '<span class="studio-sidebar-contract__logo provider-logo' + logoClass(providerKey) + '" title="' + attrEsc(contract.providerLabel) + '" aria-hidden="true">' + logoHtml(providerKey, contract.providerLabel) + '</span>' +
 
-      '',
+      '<div class="studio-sidebar-contract__head-text"><strong>' + esc(contract.providerLabel) + '</strong><span>' + esc(contract.areaLabel) + '</span></div>' +
 
-      'Manual checks that repo evidence cannot prove:',
+      '<span class="studio-sidebar-contract__status">' + esc(sidebarStatusBadge(contract)) + '</span>' +
 
-      itemLines(manual, '- No manual dashboard checks were listed.', false),
+      '</div>' +
 
-      '',
+      '<div class="studio-sidebar-contract__compact-metrics">' +
 
-      'First inspect the existing package.json files, env examples, framework routes, provider helpers, and server/client boundaries before editing.',
+      contractMetricHtml('Repo files', contract.repoPercent, contract.repoPercent + '%', false) +
 
-      '',
+      contractMetricHtml('Provider live', contract.providerPercent, providerStatus, true) +
 
-      'Implement:',
+      '</div>' +
 
-      '1. Close only the missing ' + subject + ' checks listed above.',
+      '<p class="studio-sidebar-contract__summary">' + esc(sidebarReadinessSentence(contract)) + '</p>' +
 
-      '2. Follow the existing file structure and naming patterns.',
+      '</section>';
 
-      '3. Keep provider secrets in server-only code and documented env templates.',
+  }
 
-      '4. Keep external dashboard work explicit instead of claiming it from repo evidence.',
 
-      '',
 
-      'Constraints:',
+  function contractRepoSignalsHtml(contract) {
 
-      '- Do not rewrite unrelated auth, payments, UI, billing, deployment, or analytics code.',
+    var repoItems = (contract.connected || []).filter(function (item) { return item.source === 'Repo files'; });
 
-      '- Do not expose secret keys to browser code, public env variables, or client-executed files.',
+    if (!repoItems.length) return '';
 
-      '- Do not claim external provider dashboard setup is complete from repo evidence alone.',
+    var rows = repoItems.slice(0, 6).map(function (item) {
 
-      '',
+      return '<li><strong>' + esc(item.label || 'Repo evidence') + '</strong><span>' + esc(item.source || 'Repo files') + '</span></li>';
 
-      'Verification:',
+    }).join('');
 
-      '- Run the relevant TypeScript/build/test command for this repo.',
+    return '<section class="studio-sidebar-contract__repo-signals">' +
 
-      '- Confirm VibeRaven can rescan and move the missing checks to passed where repo evidence exists.',
+      '<h4>' + repoItems.length + ' repo signal' + (repoItems.length === 1 ? '' : 's') + ' in the codebase.</h4>' +
 
-      '- Summarize what changed and what still requires manual provider dashboard verification.'
+      '<ul class="studio-sidebar-contract__signal-list">' + rows + '</ul>' +
 
-    ].join('\\n');
+      '</section>';
 
   }
 
 
 
-  function choiceTilesHtml(areaKey, currentProvider, missions, evidenceMissions) {
+  function contractAttentionItems(contract) {
 
-    var options = providerOptions[areaKey];
+    var items = [];
 
-    if (!options || !options.length) return '';
+    (contract.missing || []).slice(0, 3).forEach(function (item) {
 
-    var projectProvider = projectProviderFor(areaKey, missions);
+      items.push({
 
-    var tiles = options.map(function (opt) {
+        label: item.label,
 
-      var p = opt.provider || opt.label;
+        detail: item.detail || 'Repo/config check needs attention.',
 
-      var active = sameProvider(p, currentProvider);
+        source: 'Agent-code',
 
-      var inProject = sameProvider(p, projectProvider);
+        next: 'Ask the agent to inspect related files and patch only repo code/config.'
 
-      var desc = opt.description || benefitText(p);
+      });
 
-      var status = inProject ? 'Using now' : active ? 'Added to setup' : 'Use this path';
+    });
 
-      return '<button type="button" class="studio-choice-tile' + (active ? ' studio-choice-tile--selected' : '') + (inProject ? ' studio-choice-tile--in-project' : '') +
+    (contract.manual || []).slice(0, 3).forEach(function (item) {
 
-        '" data-switch-area="' + esc(areaKey) + '" data-switch-provider="' + esc(opt.provider) + '" aria-pressed="' + (active ? 'true' : 'false') + '">' +
+      items.push({
 
-        '<span class="studio-choice-tile__icon provider-logo' + logoClass(p) + '" aria-hidden="true">' + logoHtml(p, opt.label) + '</span>' +
+        label: item.label,
 
-        '<span class="studio-choice-tile__name">' + esc(opt.label) + '</span>' +
+        detail: item.detail || 'MCP/API/dashboard required.',
 
-        '<span class="studio-choice-tile__desc">' + esc(desc) + '</span>' +
+        source: item.source === 'MCP' ? 'MCP' : 'Manual',
 
-        '<span class="studio-choice-tile__status">' + status + '</span>' +
+        next: item.source === 'MCP' ? 'Use read-only MCP/API verification.' : 'Ask the user to confirm the provider dashboard.'
 
-        '</button>';
+      });
 
-    }).join('');
+    });
 
-    var hintLabel = CHOICE_HINTS[areaKey] || ('Choose ' + (LABELS[areaKey] || areaKey).toLowerCase());
+    return items;
 
-    return '<div class="studio-setup-panel__hint"><span>' + esc(hintLabel) + '</span>' + evidenceBadgeHtml(evidenceMissions || missions) + '</div>' +
+  }
 
-      '<div class="studio-choice-list" role="group" aria-label="' + esc(hintLabel) + '">' + tiles + '</div>';
 
-  }
 
+  function contractAttentionHtml(contract) {
 
+    var items = contractAttentionItems(contract);
 
-  function buildPrompt(areaKey, missions, providerLabel, automation) {
+    if (!items.length) return '';
 
-    if (automation) {
+    function attentionRow(item) {
 
-      if (automation.automationLevel === 'manual-only' && automation.verificationPrompt) return automation.verificationPrompt;
+      return '<li class="studio-sidebar-contract__attention-item">' +
 
-      if (automation.repoPrompt) return automation.repoPrompt;
+        '<div class="studio-sidebar-contract__attention-top"><strong>' + esc(item.label || 'Attention') + '</strong><em>' + esc(item.source || 'Verify') + '</em></div>' +
 
-      if (automation.promptRoutes && automation.promptRoutes['repo-fix'] && automation.promptRoutes['repo-fix'].body) {
+        (item.detail ? '<span>' + esc(item.detail) + '</span>' : '') +
 
-        return automation.promptRoutes['repo-fix'].body;
+        (item.next ? '<b>' + esc(item.next) + '</b>' : '') +
 
-      }
+        '</li>';
 
     }
 
-    var areaGaps = missions[0] ? gaps.filter(function (g) { return g.primaryMapCategory === areaKey; }) : [];
+    var first = attentionRow(items[0]);
 
-    if (areaGaps[0] && areaGaps[0].copyPrompt) return areaGaps[0].copyPrompt;
+    var more = items.length > 1
 
-    var missionPrompt = stackPromptFromMission(missions[0], providerLabel);
+      ? '<li class="studio-sidebar-contract__attention-more"><details class="studio-sidebar-contract__attention-details"><summary>+' + (items.length - 1) + ' more details</summary><ul class="studio-sidebar-contract__attention-detail-list">' +
 
-    if (missionPrompt) return missionPrompt;
+        items.slice(1).map(function (item) {
 
-    var missing = (missions[0] && missions[0].checks || []).filter(function (c) {
+          return '<li><strong>' + esc(item.label || 'Attention') + '</strong>' +
 
-      return c.evidenceClass === 'missing-repo-fix' || c.status === 'missing' || c.status === 'failed';
+            (item.detail ? '<span>' + esc(item.detail) + '</span>' : '') +
 
-    });
+            (item.next ? '<b>' + esc(item.next) + '</b>' : '') +
 
-    if (missing[0] && missing[0].promptHint) return missing[0].promptHint;
+            '</li>';
 
-    return setupPromptForProvider(areaKey, providerLabel);
+        }).join('') +
 
-  }
+        '</ul></details></li>'
 
+      : '';
 
+    return '<section class="studio-sidebar-contract__attention"><h4>Attention</h4><ul class="studio-sidebar-contract__attention-list">' + first + more + '</ul></section>';
 
-  function setupPromptForProvider(areaKey, providerLabel) {
+  }
 
-    var areaLabel = LABELS[areaKey] || areaKey;
 
-    var provider = providerLabel || areaLabel;
 
-    return [
+  function contractNextActionHtml(contract, prompt) {
 
-      'Set up ' + provider + ' for the ' + areaLabel + ' area of this app safely.',
+    var buttonText = (contract.missing || []).length ? 'Copy focused agent prompt' : (contract.manual || []).length ? 'Copy live check prompt' : 'Copy verification prompt';
 
-      '',
+    var note = (contract.missing || []).length ? 'Inspect repo wiring, patch scoped gaps, then rescan.' : (contract.manual || []).length ? 'Confirm in dashboard or connect MCP.' : 'Inspect repo wiring, then verify live setup.';
 
-      'First inspect package.json files, env examples, framework routes, provider helpers, server/client boundaries, and existing billing/auth/deployment patterns before editing.',
+    var accessClass = contract.hasMcpAccess ? ' studio-sidebar-contract__access-state--confirmed' : ' studio-sidebar-contract__access-state--needs-connection';
 
-      '',
+    var accessLabel = contract.hasMcpAccess ? 'Available' : 'Connect';
 
-      'Implement the smallest useful setup:',
+    return '<div class="studio-sidebar-contract__next-action">' +
 
-      '1. Add the right ' + provider + ' package or SDK only if it is missing.',
+      '<strong>Next best action</strong>' +
 
-      '2. Document required environment variables in safe examples, without reading or exposing real secrets.',
+      '<p>' + esc(note) + '</p>' +
 
-      '3. Add server-side integration points, route handlers, webhooks, or helpers that match this repo structure.',
+      '<div class="studio-sidebar-contract__access-state' + accessClass + '"><span>MCP/API access</span><b>' + esc(accessLabel) + '</b></div>' +
 
-      '4. Keep external provider dashboard setup explicit as a manual step.',
+      '<div class="studio-sidebar-contract__actions"><button type="button" class="studio-action-button studio-action-button--primary" data-copy-prompt="' + attrEsc(prompt) + '">' + esc(buttonText) + '</button></div>' +
 
-      '',
+      '</div>';
 
-      'Constraints:',
+  }
 
-      '- Do not rewrite unrelated product, auth, payment, database, deployment, or analytics code.',
 
-      '- Do not put secret keys in client code, public env variables, or browser-executed files.',
 
-      '- Do not claim live provider configuration is complete from repo changes alone.',
+  function selectedNodeContractHtml(contract) {
 
-      '',
+    var prompt = focusedContractPrompt(contract);
 
-      'Verification:',
+    return '<section class="studio-sidebar-contract" aria-label="Selected node production checklist">' +
 
-      '- Run the relevant TypeScript/build/test command for this repo.',
+      contractReadinessHtml(contract) +
 
-      '- Summarize repo changes and list dashboard/provider checks still needed.',
+      contractRepoSignalsHtml(contract) +
 
-      '- Re-run VibeRaven so repo evidence can move from setup needed to verified.'
+      contractAttentionHtml(contract) +
 
-    ].join('\\n');
+      contractNextActionHtml(contract, prompt) +
 
+      '</section>';
 
   }
 
 
 
-  function setupActionsHtml(areaKey, missions, providerLabel, automation) {
+  function setupActionsHtml(areaKey, missions, providerLabel, automation, currentProvider) {
 
     var prompt = buildPrompt(areaKey, missions, providerLabel, automation);
 
@@ -6264,6 +8195,8 @@ var PANEL_CLIENT_SCRIPT = `
 
     var supportsMcp = Boolean(mcpProvider);
 
+    var providerKey = iconProviderKey(areaKey, currentProvider, missions[0], providerLabel);
+
     var title = esc(providerLabel || LABELS[areaKey] || areaKey) + (isManualOnly ? ' manual check' : hasFixes ? ' fix prompt' : ' setup');
 
     var meta = supportsMcp ? 'MCP verification available' : 'Prompt only';
@@ -6286,7 +8219,13 @@ var PANEL_CLIENT_SCRIPT = `
 
     return '<section class="studio-setup-actions" aria-label="Setup actions">' +
 
-      '<div class="studio-setup-actions__head"><strong>' + title + '</strong><span>' + meta + '</span></div>' +
+      '<div class="studio-setup-actions__head">' +
+
+      '<span class="studio-setup-actions__logo provider-logo' + logoClass(providerKey) + '" title="' + attrEsc(providerLabel || providerKey) + '" aria-hidden="true">' + logoHtml(providerKey, providerLabel) + '</span>' +
+
+      '<div class="studio-setup-actions__title"><strong>' + title + '</strong><span>' + meta + '</span></div>' +
+
+      '</div>' +
 
       '<p class="studio-setup-actions__copy">' + esc(copy) + '</p>' +
 
@@ -6342,39 +8281,40 @@ var PANEL_CLIENT_SCRIPT = `
 
     var repoItems = [
 
-      { label: provider + ' package or SDK installed', detail: 'VibeRaven has not found repo evidence for this setup path yet.' },
+      { label: provider + ' repo wiring', detail: 'Not checked' },
 
-      { label: provider + ' env names documented', detail: 'Use safe examples only. Do not expose real provider secrets.' },
+      { label: provider + ' env names', detail: 'Unknown' },
 
-      { label: provider + ' server integration or route found', detail: 'Add provider code on the server side before rescanning.' }
+      { label: provider + ' server route', detail: 'Unknown' }
 
     ];
 
     var manualItems = [
 
-      { label: 'Production ' + provider + ' account and product checked', detail: 'Dashboard confirmation stays manual unless a trusted MCP verifier is configured.' },
+      { label: 'Production account', detail: 'Not checked' },
 
-      { label: 'Production webhook or provider credentials checked', detail: 'Repo evidence cannot prove live provider settings by itself.' }
+      { label: 'Webhook or credentials', detail: 'Not checked' }
 
     ];
 
     var external = automation && automation.mcpProvider
 
-      ? groupHtml('MCP verifier', [{ label: provider + ' MCP verifier available', detail: 'Use read-only MCP verification when already configured by the IDE.' }], 'external')
+      ? groupHtml('Provider live check', [{ label: provider + ' read-only MCP check available', detail: 'Use read-only MCP verification when already configured by the IDE.' }], 'external')
 
       : '';
 
-    return '<section class="studio-verification studio-provider-readiness" aria-label="' + esc(provider) + ' setup readiness">' +
+    return '<section class="studio-verification studio-provider-readiness" aria-label="' + attrEsc(provider + ' setup readiness') + '">' +
 
       '<h3 class="studio-verification__title">' + esc(provider) + '</h3>' +
 
-      readinessMetersHtml(0, 0, 'Not checked') +
+      readinessMetersHtml(0, 0, 'Not checked', provider) +
 
-      '<p class="studio-provider-readiness__note">Provider live moves after MCP verification or manual dashboard confirmation. Repo scans cannot prove live provider state.</p>' +
 
-      '<p class="studio-wiring__summary">' + esc(provider) + ' is added as a setup path, but VibeRaven has not found repo evidence for it yet.</p>' +
+      repoEvidenceCardHtml(repoItems.map(function (item) {
 
-      groupHtml('Repo setup needed', repoItems, 'missing') +
+        return { label: item.label, detail: item.detail, tone: 'missing' };
+
+      }), repoItems.length) +
 
       external +
 
@@ -6386,18 +8326,24 @@ var PANEL_CLIENT_SCRIPT = `
 
 
 
-  function readinessMetersHtml(repoPercent, providerPercent, providerStatus) {
+  function readinessMetersHtml(repoPercent, providerPercent, providerStatus, providerLabel) {
 
     var repo = Math.max(0, Math.min(100, Math.round(repoPercent || 0)));
 
     var provider = Math.max(0, Math.min(100, Math.round(providerPercent || 0)));
     var providerValue = providerStatus || (provider + '%');
 
-    return '<div class="studio-provider-readiness__meters" aria-label="Provider readiness meters">' +
+    return '<div class="verification-card studio-mission-card studio-mission-card--provider" aria-label="Repo and live provider readiness">' +
+
+      '<span class="studio-mission-card__title">' + esc(providerLabel || 'Provider') + '</span>' +
+
+      '<div class="verification-meter studio-mission-card__meters">' +
+
+      '<b class="studio-mission-card__meter-row studio-mission-card__meter-row--repo"><span class="studio-mission-card__meter-label">Repo files</span><span class="verification-meter__bar studio-mission-card__meter" aria-hidden="true"><span class="verification-meter__fill studio-mission-card__meter-fill" style="width:' + repo + '%"></span></span><span class="studio-mission-card__meter-value">' + repo + '%</span></b>' +
 
-      '<div class="studio-provider-readiness__meter-row"><span>Repo &middot; files</span><span class="studio-provider-readiness__bar" aria-hidden="true"><span class="studio-provider-readiness__bar-fill" style="width:' + repo + '%"></span></span><strong>' + repo + '%</strong></div>' +
+      '<b class="studio-mission-card__meter-row studio-mission-card__meter-row--provider"><span class="studio-mission-card__meter-label">Provider live</span><span class="verification-meter__bar studio-mission-card__meter" aria-hidden="true"><span class="verification-meter__fill studio-mission-card__meter-fill" style="width:' + provider + '%"></span></span><span class="studio-mission-card__meter-value">' + esc(providerValue) + '</span></b>' +
 
-      '<div class="studio-provider-readiness__meter-row"><span>Provider &middot; live</span><span class="studio-provider-readiness__bar" aria-hidden="true"><span class="studio-provider-readiness__bar-fill" style="width:' + provider + '%"></span></span><strong>' + esc(providerValue) + '</strong></div>' +
+      '</div>' +
 
     '</div>';
 
@@ -6413,6 +8359,90 @@ var PANEL_CLIENT_SCRIPT = `
 
   }
 
+  function checkGroupKey(check) {
+
+    if (check.evidenceClass === 'manual-dashboard') return 'manual-dashboard';
+
+    if (check.evidenceSource === 'provider' || check.evidenceSource === 'mcp' || check.evidenceClass === 'mcp-verifier' || check.status === 'needs-connection' || check.status === 'unknown') return 'mcp-verifier';
+
+    if (check.evidenceClass === 'repo-verified' || check.status === 'passed') return 'repo-verified';
+
+    return 'missing-repo-fix';
+
+  }
+
+  function providerChecksForMission(mission) {
+
+    return (mission.checks || []).filter(function (check) {
+
+      return check.evidenceSource === 'provider' || check.evidenceSource === 'mcp' || check.evidenceClass === 'mcp-verifier';
+
+    });
+
+  }
+
+  function providerStatusValue(mission, providerPercent) {
+
+    var checks = providerChecksForMission(mission);
+
+    if (!checks.length) return 'No live checks';
+
+    var needsMcp = checks.some(function (check) {
+
+      return check.status === 'needs-connection' || check.verificationStatus === 'needs_mcp';
+
+    });
+
+    if (needsMcp) return 'Needs MCP';
+
+    return providerPercent > 0 ? providerPercent + '%' : 'Not checked';
+
+  }
+
+  function diffHtml(mission) {
+
+    var layer = artifact && artifact.missionGraph && artifact.missionGraph.verificationLayer;
+
+    var diffs = layer && Array.isArray(layer.diffs) ? layer.diffs : [];
+
+    var provider = normalizeProviderToken(mission.provider || '');
+
+    var area = mission.area || '';
+
+    var matches = diffs.filter(function (diff) {
+
+      return normalizeProviderToken(diff.provider || '') === provider && (!area || diff.area === area);
+
+    });
+
+    if (!matches.length) return '';
+
+    var rows = matches.slice(0, 4).map(function (diff) {
+
+      return '<div class="studio-mismatch-card__row">' +
+
+        '<span class="studio-mismatch-card__title">' + esc(diff.title || 'Provider mismatch') + '</span>' +
+
+        '<div class="studio-mismatch-card__comparison">' +
+
+        '<span class="studio-mismatch-card__side studio-mismatch-card__side--repo"><b>Repo</b><em>' + esc(diff.repoExpectation || 'Expected setup evidence in repository') + '</em></span>' +
+
+        '<span class="studio-mismatch-card__side studio-mismatch-card__side--live"><b>Live</b><em>' + esc(diff.providerActual || 'Not verified') + '</em></span>' +
+
+        '</div></div>';
+
+    }).join('');
+
+    return '<div class="studio-mismatch-card">' +
+
+      '<div class="studio-mismatch-card__head"><strong>Mismatch</strong><span class="studio-mismatch-card__count">' + matches.length + '</span></div>' +
+
+      '<p class="studio-mismatch-card__note">Repo evidence is present, but the live provider still needs MCP or dashboard confirmation.</p>' +
+
+      '<div class="studio-mismatch-card__list">' + rows + '</div></div>';
+
+  }
+
 
 
   function groupHtml(label, items, tone) {
@@ -6423,7 +8453,7 @@ var PANEL_CLIENT_SCRIPT = `
 
     var rows = slice.map(function (item) {
 
-      var title = item.detail ? ' title="' + esc(item.detail) + '"' : '';
+      var title = item.detail ? ' title="' + attrEsc(item.detail) + '"' : '';
 
       return '<li class="studio-verification__item' + (tone === 'manual' ? ' studio-verification__item--manual' : '') + '"' + title + '><span class="studio-verification__item-label">' + esc(item.label) + '</span></li>';
 
@@ -6445,6 +8475,44 @@ var PANEL_CLIENT_SCRIPT = `
 
   }
 
+  function repoEvidenceCardHtml(repoItems, missingCount) {
+
+    if (!repoItems.length) return '';
+
+    var rows = repoItems.slice(0, 7).map(function (item) {
+
+      var tone = item.tone || 'verified';
+      var statusLabel = tone === 'missing' ? 'Fix needed' : 'Verified';
+      var title = item.detail ? ' title="' + attrEsc(item.detail) + '"' : '';
+
+      return '<li class="studio-mission-card__check studio-mission-card__check--' + esc(tone) + '"' + title + '>' +
+
+        '<b class="studio-mission-card__check-label">' + esc(item.label) + '</b>' +
+
+        '<em class="studio-mission-card__check-status">' + esc(statusLabel) + '</em>' +
+
+      '</li>';
+
+    }).join('');
+
+    return '<div class="repo-evidence-card studio-mission-card studio-mission-card--repo">' +
+
+      '<span class="studio-mission-card__title">' +
+
+      (missingCount > 0
+
+        ? missingCount + ' repo fix' + (missingCount === 1 ? '' : 'es') + ' in the codebase.'
+
+        : repoItems.length + ' repo check' + (repoItems.length === 1 ? '' : 's') + ' verified in the codebase.') +
+
+      '</span>' +
+
+      '<ul class="studio-mission-card__check-list">' + rows + '</ul>' +
+
+    '</div>';
+
+  }
+
 
 
   function missionBlockHtml(missions, providerLabel) {
@@ -6467,65 +8535,54 @@ var PANEL_CLIENT_SCRIPT = `
 
     mission.checks.forEach(function (check) {
 
-      var bucket = groups[check.evidenceClass] ? check.evidenceClass : 'manual-dashboard';
+      var bucket = checkGroupKey(check);
 
       groups[bucket].push(checkToItem(check));
 
     });
 
     var actionable = groups['repo-verified'].length + groups['missing-repo-fix'].length;
-    var manualTotal = groups['manual-dashboard'].length;
-    var manualDone = mission.checks.filter(function (check) {
-
-      return check.evidenceClass === 'manual-dashboard' && (check.status === 'passed' || check.status === 'user-confirmed');
-
-    }).length;
-    var providerPercent = manualTotal ? Math.round((manualDone / manualTotal) * 100) : 0;
-    var providerValue = manualTotal ? (manualDone > 0 ? providerPercent + '%' : 'Not checked') : 'No live checks';
-
-    var summary =
+    var providerChecks = providerChecksForMission(mission);
+    var providerPercent = typeof mission.providerReadinessPercent === 'number'
+      ? Math.max(0, Math.min(100, Math.round(mission.providerReadinessPercent)))
+      : 0;
+    var providerValue = providerStatusValue(mission, providerPercent);
+    var repoPercent = typeof mission.repoReadinessPercent === 'number'
+      ? Math.max(0, Math.min(100, Math.round(mission.repoReadinessPercent)))
+      : (mission.readinessPercent || 0);
+    var repoItems = groups['missing-repo-fix'].map(function (item) {
 
-      'Stack scanner: ' + groups['repo-verified'].length + ' / ' + Math.max(actionable, 1) +
+      return { label: item.label, detail: item.detail, tone: 'missing' };
 
-      ' repo checks verified (' + (mission.readinessPercent || 0) + '%).';
+    }).concat(groups['repo-verified'].map(function (item) {
 
-    if (groups['missing-repo-fix'].length > 0) {
+      return { label: item.label, detail: item.detail, tone: 'verified' };
 
-      summary += ' Fix ' + groups['missing-repo-fix'].length + ' repo item' +
-
-        (groups['missing-repo-fix'].length === 1 ? '' : 's') + ', then rescan.';
-
-    }
+    }));
 
     var body =
 
-      groupHtml('Repo verified', groups['repo-verified'], 'found') +
+      repoEvidenceCardHtml(repoItems, groups['missing-repo-fix'].length) +
 
-      groupHtml('Stack fixes needed', groups['missing-repo-fix'], 'missing') +
+      groupHtml('Provider live check', groups['mcp-verifier'], 'external') +
 
-      groupHtml('MCP verifier', groups['mcp-verifier'], 'external') +
+      groupHtml('Manual dashboard check', groups['manual-dashboard'], 'manual') +
 
-      groupHtml('Manual dashboard check', groups['manual-dashboard'], 'manual');
+      diffHtml(mission);
 
     if (!body) return '';
 
     return '<section class="studio-verification studio-wiring studio-mission-graph" aria-label="Mission evidence">' +
 
-      '<h3 class="studio-verification__title">' + esc(providerLabel || mission.providerLabel || 'Detected evidence') + '</h3>' +
-
-      readinessMetersHtml(mission.readinessPercent || 0, providerPercent, providerValue) +
+      readinessMetersHtml(repoPercent, providerPercent, providerValue, providerLabel || mission.providerLabel || 'Detected evidence') +
 
-      '<p class="studio-provider-readiness__note">Provider live moves after MCP verification or manual dashboard confirmation. Repo scans cannot prove live provider state.</p>' +
-
-      '<p class="studio-wiring__summary">' + esc(summary) + '</p>' + body + '</section>';
+      body + '</section>';
 
   }
 
 
 
-  function render(areaKey, providerOverride) {
-
-    if (providerOverride) selectedProviders[areaKey] = providerOverride;
+  function render(areaKey) {
 
     var area = areas.find(function (a) { return a.key === areaKey; });
 
@@ -6559,6 +8616,10 @@ var PANEL_CLIENT_SCRIPT = `
 
     var automation = automationFor(areaKey, mission, current);
 
+    var categoryGaps = gaps.filter(function (gap) { return gap.primaryMapCategory === areaKey; });
+
+    var contract = buildCliSidebarContract(areaKey, label, mission, categoryGaps, providerLabel, automation, current);
+
 
 
     panel.innerHTML =
@@ -6575,31 +8636,29 @@ var PANEL_CLIENT_SCRIPT = `
 
         addedSetupPathHtml(areaKey, current, providerLabel, missions) +
 
-        setupActionsHtml(areaKey, panelMissions, providerLabel, automation) +
+        setupActionsHtml(areaKey, panelMissions, providerLabel, automation, current) +
 
-        setupReadinessHtml(areaKey, current, providerLabel, panelMissions, automation) +
+         setupReadinessHtml(areaKey, current, providerLabel, panelMissions, automation) +
 
-        missionBlockHtml(panelMissions, providerLabel) +
-
-      '</div>';
+         selectedNodeContractHtml(contract) +
 
+       '</div>';
 
 
-    panel.querySelectorAll('[data-copy-prompt]').forEach(function (btn) {
 
-      btn.addEventListener('click', function () {
+    panel.querySelectorAll('[data-provider-option]').forEach(function (tile) {
 
-        var text = btn.getAttribute('data-copy-prompt') || '';
+      tile.addEventListener('click', function () {
 
-        navigator.clipboard.writeText(text).then(function () {
+        var providerOption = tile.getAttribute('data-provider-option') || '';
 
-          var label = btn.textContent;
+        if (!providerOption) return;
 
-          btn.textContent = 'Copied';
+        selectedProviders[areaKey] = providerOption;
 
-          setTimeout(function () { btn.textContent = label; }, 1200);
+        syncMapNode(areaKey, providerOption);
 
-        });
+        render(areaKey);
 
       });
 
@@ -6607,15 +8666,21 @@ var PANEL_CLIENT_SCRIPT = `
 
 
 
-    panel.querySelectorAll('[data-switch-provider]').forEach(function (btn) {
+    panel.querySelectorAll('[data-copy-prompt]').forEach(function (btn) {
 
       btn.addEventListener('click', function () {
 
-        var a = btn.getAttribute('data-switch-area');
+        var text = btn.getAttribute('data-copy-prompt') || '';
+
+        navigator.clipboard.writeText(text).then(function () {
+
+          var label = btn.textContent;
+
+          btn.textContent = 'Copied';
 
-        var p = btn.getAttribute('data-switch-provider');
+          setTimeout(function () { btn.textContent = label; }, 1200);
 
-        render(a, p);
+        });
 
       });
 
@@ -6670,46 +8735,79 @@ var PANEL_CLIENT_SCRIPT = `
 `;
 
 // src/report/providerLogos.ts
+var PROVIDER_LOGO_FALLBACK_SVG = '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M12 3 20 7.5v9L12 21 4 16.5v-9L12 3Zm0 3.3-5 2.8v5.8l5 2.8 5-2.8V9.1l-5-2.8Zm0 3.2a2.5 2.5 0 1 1 0 5 2.5 2.5 0 0 1 0-5Z"/></svg>';
 var PROVIDER_LOGOS = {
-  supabase: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M13.8 2.4 5.6 13.1c-.5.7 0 1.7.9 1.7h4.7l-1 6.1c-.2 1 .9 1.6 1.5.8l8.1-10.8c.5-.7 0-1.7-.9-1.7h-4.7l1-6.1c.2-1-.8-1.6-1.4-.7Z"/></svg>',
-  clerk: '<svg viewBox="0 0 24 24" aria-hidden="true"><path fill="#6C47FF" d="M19.2 12c0 3.9-3.1 7.1-7.1 7.1-3.2 0-5.9-2.1-6.8-5h2.9c.7 1.8 2.5 3.1 4.5 3.1 2.7 0 4.9-2.2 4.9-4.9S13.2 7.4 10.5 7.4c-2 0-3.8 1.2-4.5 3H3.3c.9-2.9 3.6-5 6.8-5 4 0 7.1 3.2 7.1 7.1Z"/></svg>',
-  authjs: '<svg viewBox="0 0 24 24" preserveAspectRatio="xMidYMid meet" aria-hidden="true"><path fill="#412991" d="M12 2 4 6.5v5.2c0 4.6 3.4 8.9 8 10.3 4.6-1.4 8-5.7 8-10.3V6.5L12 2Z"/><path fill="#EB5424" d="M12 2v18.5c-1.2-.4-2.3-1-3.3-1.7L12 2Z"/><path fill="#FBC22C" d="M12 2 15.3 18.8c-1-.7-2.1-1.3-3.3-1.7V2Z"/></svg>',
-  auth0: '<svg viewBox="0 0 24 24" aria-hidden="true"><rect fill="#EB5424" x="3" y="3" width="18" height="18" rx="3.2"/><path fill="#ffffff" d="M12 7.4c2.5 0 4.6 2.1 4.6 4.6S14.5 16.6 12 16.6 7.4 14.5 7.4 12 9.5 7.4 12 7.4Zm0 2.2a2.4 2.4 0 1 0 0 4.8 2.4 2.4 0 0 0 0-4.8Z"/></svg>',
-  "better-auth": '<svg viewBox="0 0 24 24" aria-hidden="true"><rect fill="#171717" x="3" y="3" width="18" height="18" rx="4"/><path fill="#ffffff" d="M8 8h3v3H8V8Zm5 0h3v3h-3V8ZM8 13h3v3H8v-3Zm5 0h3v3h-3v-3Z"/></svg>',
+  supabase: '<svg viewBox="0 0 24 24" aria-hidden="true"><path fill="#3fcf8e" d="M11.9 1.036c-.015-.986-1.26-1.41-1.874-.637L.764 12.05C-.33 13.427.65 15.455 2.409 15.455h9.579l.113 7.51c.014.985 1.259 1.408 1.873.636l9.262-11.653c1.093-1.375.113-3.403-1.645-3.403h-9.642z"/></svg>',
+  clerk: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="m21.47 20.829-2.881-2.881a.572.572 0 0 0-.7-.084 6.854 6.854 0 0 1-7.081 0 .576.576 0 0 0-.7.084l-2.881 2.881a.576.576 0 0 0-.103.69.57.57 0 0 0 .166.186 12 12 0 0 0 14.113 0 .58.58 0 0 0 .239-.423.576.576 0 0 0-.172-.453Zm.002-17.668-2.88 2.88a.569.569 0 0 1-.701.084A6.857 6.857 0 0 0 8.724 8.08a6.862 6.862 0 0 0-1.222 3.692 6.86 6.86 0 0 0 .978 3.764.573.573 0 0 1-.083.699l-2.881 2.88a.567.567 0 0 1-.864-.063A11.993 11.993 0 0 1 6.771 2.7a11.99 11.99 0 0 1 14.637-.405.566.566 0 0 1 .232.418.57.57 0 0 1-.168.448Zm-7.118 12.261a3.427 3.427 0 1 0 0-6.854 3.427 3.427 0 0 0 0 6.854Z"/></svg>',
+  authjs: '<svg viewBox="0 0 24 24" aria-hidden="true"><path fill="#18c6cf" d="M12 1.4 21 4.9v6.7c0 5.1-3.5 8.7-9 11-5.5-2.3-9-5.9-9-11V4.9l9-3.5Z"/><path fill="#8b2ff5" d="M12 1.4 21 4.9v6.7c0 5.1-3.5 8.7-9 11V1.4Z"/><path fill="#fff7df" d="M12 7a5.2 5.2 0 1 0 0 10.4A5.2 5.2 0 0 0 12 7Z"/><path fill="#ff8a00" d="M10.2 9.6a2.2 2.2 0 0 1 2.9 2.9l3.5 3.5h-2.2v1.5h-1.8V16h-1.4l-1.3-1.3a2.2 2.2 0 0 1 .3-5.1Zm.9 1.8a.7.7 0 1 0 0 1.4.7.7 0 0 0 0-1.4Z"/></svg>',
+  auth0: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M21.98 7.448L19.62 0H4.347L2.02 7.448c-1.352 4.312.03 9.206 3.815 12.015L12.007 24l6.157-4.552c3.755-2.81 5.182-7.688 3.815-12.015l-6.16 4.58 2.343 7.45-6.157-4.597-6.158 4.58 2.358-7.433-6.188-4.55 7.63-.045L12.008 0l2.356 7.404 7.615.044z"/></svg>',
+  "better-auth": '<svg viewBox="0 0 24 24" aria-hidden="true"><rect x="1.5" y="1.5" width="21" height="21" rx="3" fill="#111827"/><path fill="#fffdf7" d="M5.2 6.2h5.15v4.25H5.2V6.2Zm8.45 0h5.15v4.25h-5.15V6.2Zm-8.45 7.35h5.15v4.25H5.2v-4.25Zm8.45 0h5.15v4.25h-5.15v-4.25Z"/><path fill="#3b82f6" d="M10.35 10.45h3.3v3.1h-3.3v-3.1Z"/></svg>',
   polar: '<svg viewBox="0 0 29 29" aria-hidden="true"><path fill="#0062FF" fill-rule="evenodd" clip-rule="evenodd" d="M9.077 23.057c4.801 3.25 11.328 1.992 14.577-2.808 3.25-4.801 1.993-11.328-2.808-14.578C16.045 2.422 9.519 3.679 6.269 8.48c-3.25 4.801-1.993 11.327 2.808 14.577Zm1.393.086c4.392 2.247 9.963.138 12.444-4.711 2.48-4.848.93-10.6-3.461-12.847-4.392-2.247-9.963-.138-12.443 4.711-2.481 4.848-.932 10.6 3.46 12.847Z"/><path fill="#0062FF" fill-rule="evenodd" clip-rule="evenodd" d="M11.722 24.29c3.965 1.29 8.628-2.118 10.417-7.613 1.788-5.495.024-10.996-3.94-12.286-3.964-1.29-8.628 2.118-10.416 7.613-1.789 5.495-.025 10.995 3.939 12.286Zm1.213-.418c3.355.716 6.982-2.961 8.102-8.212 1.12-5.252-.691-10.089-4.046-10.804-3.356-.716-6.983 2.96-8.103 8.212-1.12 5.251.692 10.088 4.047 10.804Z"/><path fill="#0062FF" fill-rule="evenodd" clip-rule="evenodd" d="M13.854 24.738c2.652.284 5.3-4.14 5.912-9.882.613-5.74-1.04-10.624-3.692-10.907-2.653-.283-5.3 4.141-5.913 9.882-.613 5.741 1.04 10.624 3.693 10.907Zm1.241-1.747c1.92-.031 3.415-3.917 3.34-8.68-.075-4.764-1.693-8.6-3.612-8.57-1.92.03-3.415 3.916-3.34 8.68.076 4.763 1.693 8.6 3.612 8.57Z"/></svg>',
-  "lemon-squeezy": '<svg viewBox="0 0 24 24" aria-hidden="true"><path fill="currentColor" d="M12 3c-3.2 2.8-5 5.8-5 8.6a5 5 0 1 0 10 0c0-2.8-1.8-5.8-5-8.6Zm0 14.2a1.6 1.6 0 1 1 0-3.2 1.6 1.6 0 0 1 0 3.2Z"/></svg>',
-  github: '<svg viewBox="0 0 24 24" aria-hidden="true"><path fill="currentColor" d="M12 2C6.48 2 2 6.58 2 12.26c0 4.52 2.87 8.35 6.86 9.71.5.1.69-.22.69-.49 0-.24-.01-.87-.01-1.7-2.78.62-3.37-1.36-3.37-1.36-.45-1.17-1.11-1.48-1.11-1.48-.91-.64.07-.63.07-.63 1 .07 1.53 1.05 1.53 1.05.9 1.56 2.36 1.11 2.94.85.09-.67.35-1.11.63-1.37-2.22-.26-4.56-1.14-4.56-5.07 0-1.12.39-2.03 1.03-2.75-.1-.26-.45-1.3.1-2.7 0 0 .84-.28 2.75 1.05A9.2 9.2 0 0 1 12 6.84c.85 0 1.71.12 2.51.34 1.91-1.33 2.75-1.05 2.75-1.05.55 1.4.2 2.44.1 2.7.64.72 1.03 1.63 1.03 2.75 0 3.94-2.34 4.8-4.57 5.06.36.32.68.94.68 1.9 0 1.37-.01 2.47-.01 2.8 0 .27.18.6.7.49A10.03 10.03 0 0 0 22 12.26C22 6.58 17.52 2 12 2Z"/></svg>',
-  gitlab: '<svg viewBox="0 0 24 24" aria-hidden="true"><path fill="#FC6D26" d="M23.2 9.4 12 2.2.8 9.4l1.4 8.2L12 21.8l9.8-4.2 1.4-8.2Z"/><path fill="#E24329" d="M12 2.2v7.1l3.8 1.9 1.8-5.5L12 2.2Z"/><path fill="#FC6D26" d="M12 10.2 7.7 12l1.8-5.5L12 2.2Z"/><path fill="#FCA326" d="M.8 9.4 12 21.8 7.7 12 12 10.2Z"/><path fill="#FC6D26" d="M12 10.2l4.3 1.8 6.1-2.6L12 2.2Z"/></svg>',
-  neon: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M5 4.5c0-1 .8-1.7 1.7-1.3l9.5 4.3c1.1.5 1.8 1.6 1.8 2.8v8.6c0 1-.8 1.7-1.7 1.3L6.8 15.9A3 3 0 0 1 5 13.1V4.5Zm4.1 4.1v5l4.9 2.2v-5L9.1 8.6Z"/></svg>',
-  planetscale: '<svg viewBox="0 0 24 24" aria-hidden="true"><path fill="currentColor" d="M19.1 4.9A10 10 0 0 0 4.9 19.1L19.1 4.9Zm-12 16A10 10 0 0 0 20.9 7.1L7.1 20.9Z"/></svg>',
-  mongodb: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M12 2c3 3 4.8 6.2 4.8 9.6 0 4.2-2.2 7.1-4.8 9.9-2.6-2.8-4.8-5.7-4.8-9.9C7.2 8.2 9 5 12 2Zm0 5.2v10.2"/></svg>',
-  turso: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M4 7.5h16v3H4v-3Zm0 6h16v3H4v-3ZM7.5 4h9v3h-9V4Zm0 13h9v3h-9v-3Z"/></svg>',
+  "lemon-squeezy": '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="m7.4916 10.835 2.3748-6.5114a3.1497 3.1497 0 0 0-.065-2.3418C9.0315.183 6.9427-.398 5.2928.265 3.643.929 2.71 2.4348 3.512 4.3046l2.8197 6.5615c.219.509.97.489 1.16-.03m1.6798 1.0969 6.5334-2.7758c2.1699-.9219 2.7218-3.6907 1.022-5.2905l-.068-.063c-1.6669-1.5469-4.4217-1.002-5.3706 1.0359L8.3566 11.135c-.234.503.295 1.0199.8159.7979m.373.87 6.6454-2.5119c2.2078-.8349 4.6206.745 4.5886 3.0398l-.002.09c-.048 2.2358-2.3938 3.7376-4.5536 2.9467l-6.6724-2.4418a.595.595 0 0 1-.006-1.1229m-.386 1.9269 6.4375 2.9767a3.2997 3.2997 0 0 1 1.6658 1.6989c.769 1.7998-.283 3.6396-1.9328 4.3016-1.6499.662-3.4097.235-4.2097-1.6359l-2.8027-6.5694c-.217-.509.328-1.009.8419-.772"/></svg>',
+  github: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M12 .297c-6.63 0-12 5.373-12 12 0 5.303 3.438 9.8 8.205 11.385.6.113.82-.258.82-.577 0-.285-.01-1.04-.015-2.04-3.338.724-4.042-1.61-4.042-1.61C4.422 18.07 3.633 17.7 3.633 17.7c-1.087-.744.084-.729.084-.729 1.205.084 1.838 1.236 1.838 1.236 1.07 1.835 2.809 1.305 3.495.998.108-.776.417-1.305.76-1.605-2.665-.3-5.466-1.332-5.466-5.93 0-1.31.465-2.38 1.235-3.22-.135-.303-.54-1.523.105-3.176 0 0 1.005-.322 3.3 1.23.96-.267 1.98-.399 3-.405 1.02.006 2.04.138 3 .405 2.28-1.552 3.285-1.23 3.285-1.23.645 1.653.24 2.873.12 3.176.765.84 1.23 1.91 1.23 3.22 0 4.61-2.805 5.625-5.475 5.92.42.36.81 1.096.81 2.22 0 1.606-.015 2.896-.015 3.286 0 .315.21.69.825.57C20.565 22.092 24 17.592 24 12.297c0-6.627-5.373-12-12-12"/></svg>',
+  gitlab: '<svg viewBox="0 0 24 24" aria-hidden="true"><path fill="#FC6D26" d="m23.6004 9.5927-.0337-.0862L20.3.9814a.851.851 0 0 0-.3362-.405.8748.8748 0 0 0-.9997.0539.8748.8748 0 0 0-.29.4399l-2.2055 6.748H7.5375l-2.2057-6.748a.8573.8573 0 0 0-.29-.4412.8748.8748 0 0 0-.9997-.0537.8585.8585 0 0 0-.3362.4049L.4332 9.5015l-.0325.0862a6.0657 6.0657 0 0 0 2.0119 7.0105l.0113.0087.03.0213 4.976 3.7264 2.462 1.8633 1.4995 1.1321a1.0085 1.0085 0 0 0 1.2197 0l1.4995-1.1321 2.4619-1.8633 5.006-3.7489.0125-.01a6.0682 6.0682 0 0 0 2.0094-7.003z"/></svg>',
+  neon: '<svg viewBox="0 0 64 64" aria-hidden="true"><path fill="#37c38f" d="M63 0.0177909V63.5526L38.4178 42.2501V63.5526H0V0L63 0.0177909ZM7.72251 55.8389H30.6953V25.3238L55.2779 47.0476V7.72922L7.72251 7.71559V55.8389Z"/></svg>',
+  planetscale: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M0 12C0 5.373 5.373 0 12 0c4.873 0 9.067 2.904 10.947 7.077l-15.87 15.87a11.981 11.981 0 0 1-1.935-1.099L14.99 12H12l-8.485 8.485A11.962 11.962 0 0 1 0 12Zm12.004 12L24 12.004C23.998 18.628 18.628 23.998 12.004 24Z"/></svg>',
+  mongodb: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M17.193 9.555c-1.264-5.58-4.252-7.414-4.573-8.115-.28-.394-.53-.954-.735-1.44-.036.495-.055.685-.523 1.184-.723.566-4.438 3.682-4.74 10.02-.282 5.912 4.27 9.435 4.888 9.884l.07.05A73.49 73.49 0 0 1 11.91 24h.481c.114-1.032.284-2.056.51-3.07.417-.296.604-.463.85-.693a11.342 11.342 0 0 0 3.639-8.464c.01-.814-.103-1.662-.197-2.218Zm-5.336 8.195s0-8.291.275-8.29c.213 0 .49 10.695.49 10.695-.381-.045-.765-1.76-.765-2.405Z"/></svg>',
+  turso: '<svg viewBox="0 0 241 240" aria-hidden="true"><path fill="#4ff8d2" d="M220.035 83.61C215.365 55.67 190.875 35 190.875 35V65.78L176.335 69.53L167.225 58.56L162.415 68.02C152.495 65.32 138.835 63.58 120.045 63.58C101.255 63.58 87.5949 65.33 77.6749 68.02L72.8649 58.56L63.7549 69.53L49.2149 65.78V35C49.2149 35 24.7249 55.67 20.0549 83.61L52.1949 94.73C53.2449 114.16 61.9849 166.61 64.4849 171.37C67.1449 176.44 81.2649 190.93 92.3149 196.5C92.3149 196.5 96.3149 192.27 98.7549 188.54C101.855 192.19 117.865 204.99 120.055 204.99C122.245 204.99 138.255 192.2 141.355 188.54C143.795 192.27 147.795 196.5 147.795 196.5C158.845 190.93 172.965 176.44 175.625 171.37C178.125 166.61 186.865 114.16 187.915 94.73L220.055 83.61H220.035ZM173.845 128.35L152.095 130.29L154.005 156.96C154.005 156.96 140.775 167.91 120.045 167.91C99.3149 167.91 86.0849 156.96 86.0849 156.96L87.9949 130.29L66.2449 128.35L62.5249 98.31L98.5749 110.79L95.7749 148.18C102.475 149.88 109.525 151.57 120.055 151.57C130.585 151.57 137.625 149.88 144.325 148.18L141.525 110.79L177.575 98.31L173.855 128.35H173.845Z"/></svg>',
   stripe: '<svg viewBox="0 0 24 24" preserveAspectRatio="xMidYMid meet" aria-hidden="true"><path fill="#635BFF" d="M4.5 15.4c1.5.9 3.5 1.4 5.4 1.4 1.6 0 2.5-.4 2.5-1.2 0-.7-.7-1-3-1.5-3-.7-4.7-1.8-4.7-4.1 0-2.6 2.1-4.4 5.8-4.4 2.1 0 3.9.4 5.3 1.1v3.4a10 10 0 0 0-5.1-1.4c-1.5 0-2.2.4-2.2 1.1 0 .7.8 1 3 1.5 3.1.7 4.8 1.8 4.8 4.1 0 2.7-2.2 4.5-6.2 4.5-2.2 0-4.3-.5-5.6-1.3v-3.2Z"/></svg>',
   paddle: '<svg viewBox="0 0 90 90" aria-hidden="true"><rect x="11" y="11" width="68" height="68" rx="17" fill="#101318"/><rect x="11.5" y="11.5" width="67" height="67" rx="16.5" fill="none" stroke="#343942"/><path fill="#FFD21E" d="M8.49991 17C8.51217 21.6945 12.3128 25.5001 17 25.5001C12.3128 25.5001 8.51217 29.3055 8.49991 34C8.48783 29.3055 4.68717 25.5001 0 25.5001C4.68717 25.5001 8.48783 21.6945 8.49991 17Z" transform="translate(19.5 -31.5) scale(3)"/></svg>',
   vercel: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M12 4 22 20H2L12 4Z"/></svg>',
-  netlify: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="m12 2 3.1 5.4 6.2 1.2-4.2 4.7.8 6.3-5.9-2.6-5.9 2.6.8-6.3-4.2-4.7 6.2-1.2L12 2Z"/></svg>',
+  netlify: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M6.49 19.04h-.23L5.13 17.9v-.23l1.73-1.71h1.2l.15.15v1.2L6.5 19.04ZM5.13 6.31V6.1l1.13-1.13h.23L8.2 6.68v1.2l-.15.15h-1.2L5.13 6.31Zm9.96 9.09h-1.65l-.14-.13v-3.83c0-.68-.27-1.2-1.1-1.23-.42 0-.9 0-1.43.02l-.07.08v4.96l-.14.14H8.9l-.13-.14V8.73l.13-.14h3.7a2.6 2.6 0 0 1 2.61 2.6v4.08l-.13.14Zm-8.37-2.44H.14L0 12.82v-1.64l.14-.14h6.58l.14.14v1.64l-.14.14Zm17.14 0h-6.58l-.14-.14v-1.64l.14-.14h6.58l.14.14v1.64l-.14.14ZM11.05 6.55V1.64l.14-.14h1.65l.14.14v4.9l-.14.14h-1.65l-.14-.13Zm0 15.81v-4.9l.14-.14h1.65l.14.13v4.91l-.14.14h-1.65l-.14-.14Z"/></svg>',
   aws: '<svg viewBox="0 0 24 24" preserveAspectRatio="xMidYMid meet" aria-hidden="true"><path fill="#FF9900" d="M6.763 10.582c4.95-2.283 10.563-2.283 15.475 0 .532.243.848.741.848 1.256 0 .532-.323 1.026-.85 1.256-4.912 2.283-10.525 2.283-15.474 0-.528-.23-.851-.724-.851-.279 0-.544.098-.754.243-4.95 2.283-10.563 2.283-15.475 0-.532-.243-.848-.741-.848-1.256 0-.532.323-1.026.85-1.256.228-.098.492-.196.754-.196.279 0 .544.098.754.243Z"/><path fill="#FF9900" d="M12 3.65c-2.772 0-5.027 1.147-5.027 2.553S9.228 8.756 12 8.756s5.027-1.147 5.027-2.553S14.772 3.65 12 3.65Z"/></svg>',
-  sentry: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M12 3 22 20H2L12 3Zm0 5.1L6.8 17h2.1l3.1-5.3 3.1 5.3h2.1L12 8.1Z"/></svg>',
-  posthog: '<svg viewBox="0 0 24 24" aria-hidden="true"><path fill="#1D4AFF" d="M5 6h8.06c3.19 0 5.44 2.06 5.44 5.31S16.25 16.62 13.06 16.62H5V6Z"/><path fill="#F54E00" d="M4.13 3.94v4.5h3.94a2.25 2.25 0 0 0 0-4.5H4.13Z"/><circle cx="13.5" cy="11.81" r="1.01" fill="#F9BD2B"/><path fill="#F54E00" d="m16.39 9.49 1.88-1.13.79 1.2-2.03 1.28-.64-1.35Zm.34 4.61 2.33.83-.74 1.54-2.33-.98.74-1.39Z"/></svg>',
-  playwright: '<svg viewBox="0 0 24 24" aria-hidden="true"><path fill="#2EAD33" d="M8.4 8.2 5.4 17.2h2.3l.8-2.8h2.7l.8 2.8h2.3L11.6 8.2H8.4Zm1.1 4.8.8-2.4.8 2.4H9.5Z"/><path fill="#E2574C" d="M15.6 8.2 12.6 17.2h2.3l.8-2.8h2.7l.8 2.8h2.3L18.8 8.2h-3.2Zm1.1 4.8.8-2.4.8 2.4h-1.6Z"/><ellipse fill="#2EAD33" cx="9.5" cy="13.1" rx="1.1" ry="1.4"/><ellipse fill="#E2574C" cx="16.5" cy="13.1" rx="1.1" ry="1.4"/></svg>',
+  sentry: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M13.91 2.505c-.873-1.448-2.972-1.448-3.844 0L6.904 7.92a15.478 15.478 0 0 1 8.53 12.811h-2.221A13.301 13.301 0 0 0 5.784 9.814l-2.926 5.06a7.65 7.65 0 0 1 4.435 5.848H2.194a.365.365 0 0 1-.298-.534l1.413-2.402a5.16 5.16 0 0 0-1.614-.913L.296 19.275a2.182 2.182 0 0 0 .812 2.999 2.24 2.24 0 0 0 1.086.288h6.983a9.322 9.322 0 0 0-3.845-8.318l1.11-1.922a11.47 11.47 0 0 1 4.95 10.24h5.915a17.242 17.242 0 0 0-7.885-15.28l2.244-3.845a.37.37 0 0 1 .504-.13c.255.14 9.75 16.708 9.928 16.9a.365.365 0 0 1-.327.543h-2.287c.029.612.029 1.223 0 1.831h2.297a2.206 2.206 0 0 0 1.922-3.31z"/></svg>',
+  posthog: '<svg viewBox="0 0 156 90" aria-hidden="true"><path fill="#f9bd2b" d="M0 68.33c0-2.9 3.505-4.352 5.556-2.302l14.916 14.917c2.05 2.05.598 5.555-2.301 5.555H3.254A3.254 3.254 0 0 1 0 83.246zm0-15.712c0 .863.343 1.69.953 2.301l30.628 30.628c.61.61 1.438.953 2.301.953h16.823c2.9 0 4.351-3.505 2.301-5.555L5.556 33.494C3.506 31.444 0 32.896 0 35.795zm0-32.534c0 .863.343 1.69.953 2.3l63.162 63.163c.61.61 1.439.953 2.302.953h16.822c2.9 0 4.352-3.505 2.302-5.555L5.556.96C3.506-1.09 0 .362 0 3.26zm32.534 0c0 .863.343 1.69.954 2.3l58.56 58.56c2.05 2.05 5.555.599 5.555-2.3V61.82c0-.863-.343-1.691-.953-2.301L38.09.96c-2.05-2.05-5.556-.598-5.556 2.3zM70.624.96c-2.05-2.05-5.555-.598-5.555 2.3v16.824c0 .863.343 1.69.953 2.3L92.047 48.41c2.05 2.05 5.556.598 5.556-2.3V29.285c0-.863-.343-1.69-.953-2.3z"/><path fill="#000000" d="M138.393 68.729 107.76 38.095c-2.05-2.05-5.555-.598-5.555 2.302v42.849a3.254 3.254 0 0 0 3.254 3.254h47.451a3.254 3.254 0 0 0 3.255-3.254v-3.903c0-1.797-1.463-3.232-3.246-3.464a25.14 25.14 0 0 1-14.526-7.15m-20.572 7.36a5.207 5.207 0 0 1-5.205-5.205 5.207 5.207 0 0 1 5.205-5.206 5.21 5.21 0 0 1 5.206 5.206 5.207 5.207 0 0 1-5.206 5.205"/><path fill="#1d4aff" d="m5.28 65.78.276.248 14.916 14.916c1.96 1.961.718 5.254-1.932 5.536l-.37.02H3.255a3.255 3.255 0 0 1-3.232-2.875L0 83.245V68.33c0-2.773 3.207-4.222 5.28-2.549m0-32.533.276.247 26.978 26.98V86.5L.954 54.919a3.26 3.26 0 0 1-.926-1.873L0 52.618V35.796c0-2.774 3.207-4.223 5.28-2.55M0 3.26C0 .488 3.207-.961 5.28.712l.276.248 26.978 26.978v26.028L.954 22.385a3.25 3.25 0 0 1-.926-1.874L0 20.084z"/><path fill="#f54e00" d="m32.534 27.939 31.581 31.58c.51.51.832 1.17.925 1.874l.029.428v24.68L33.488 54.919a3.26 3.26 0 0 1-.925-1.873l-.029-.428zm0 32.533 20.472 20.472c1.961 1.961.718 5.254-1.931 5.536l-.37.02h-18.17zm5.28-59.76.276.248 26.025 26.025c.51.509.832 1.168.925 1.874l.029.427v24.68L33.488 22.385a3.26 3.26 0 0 1-.925-1.874l-.029-.427V3.26c0-2.773 3.208-4.222 5.28-2.549"/></svg>',
+  playwright: '<svg viewBox="0 0 400 400" aria-hidden="true"><path fill="#2d4552" d="M136.444 221.556C123.558 225.213 115.104 231.625 109.535 238.032C114.869 233.364 122.014 229.08 131.652 226.348C141.51 223.554 149.92 223.574 156.869 224.915V219.481C150.941 218.939 144.145 219.371 136.444 221.556ZM108.946 175.876L61.0895 188.484C61.0895 188.484 61.9617 189.716 63.5767 191.36L104.153 180.668C104.153 180.668 103.578 188.077 98.5847 194.705C108.03 187.559 108.946 175.876 108.946 175.876ZM149.005 288.347C81.6582 306.486 46.0272 228.438 35.2396 187.928C30.2556 169.229 28.0799 155.067 27.5 145.928C27.4377 144.979 27.4665 144.179 27.5336 143.446C24.04 143.657 22.3674 145.473 22.7077 150.721C23.2876 159.855 25.4633 174.016 30.4473 192.721C41.2301 233.225 76.8659 311.273 144.213 293.134C158.872 289.185 169.885 281.992 178.152 272.81C170.532 279.692 160.995 285.112 149.005 288.347ZM161.661 128.11V132.903H188.077C187.535 131.206 186.989 129.677 186.447 128.11H161.661Z"/><path fill="#2d4552" d="M193.981 167.584C205.861 170.958 212.144 179.287 215.465 186.658L228.711 190.42C228.711 190.42 226.904 164.623 203.57 157.995C181.741 151.793 168.308 170.124 166.674 172.496C173.024 167.972 182.297 164.268 193.981 167.584ZM299.422 186.777C277.573 180.547 264.145 198.916 262.535 201.255C268.89 196.736 278.158 193.031 289.837 196.362C301.698 199.741 307.976 208.06 311.307 215.436L324.572 219.212C324.572 219.212 322.736 193.41 299.422 186.777ZM286.262 254.795L176.072 223.99C176.072 223.99 177.265 230.038 181.842 237.869L274.617 263.805C282.255 259.386 286.262 254.795 286.262 254.795ZM209.867 321.102C122.618 297.71 133.166 186.543 147.284 133.865C153.097 112.156 159.073 96.0203 164.029 85.204C161.072 84.5953 158.623 86.1529 156.203 91.0746C150.941 101.747 144.212 119.124 137.7 143.45C123.586 196.127 113.038 307.29 200.283 330.682C241.406 341.699 273.442 324.955 297.323 298.659C274.655 319.19 245.714 330.701 209.867 321.102Z"/><path fill="#e2574c" d="M161.661 262.296V239.863L99.3324 257.537C99.3324 257.537 103.938 230.777 136.444 221.556C146.302 218.762 154.713 218.781 161.661 220.123V128.11H192.869C189.471 117.61 186.184 109.526 183.423 103.909C178.856 94.612 174.174 100.775 163.545 109.665C156.059 115.919 137.139 129.261 108.668 136.933C80.1966 144.61 57.179 142.574 47.5752 140.911C33.9601 138.562 26.8387 135.572 27.5049 145.928C28.0847 155.062 30.2605 169.224 35.2445 187.928C46.0272 228.433 81.663 306.481 149.01 288.342C166.602 283.602 179.019 274.233 187.626 262.291H161.661V262.296ZM61.0848 188.484L108.946 175.876C108.946 175.876 107.551 194.288 89.6087 199.018C71.6614 203.743 61.0848 188.484 61.0848 188.484Z"/><path fill="#2ead33" d="M341.786 129.174C329.345 131.355 299.498 134.072 262.612 124.185C225.716 114.304 201.236 97.0224 191.537 88.8994C177.788 77.3834 171.74 69.3802 165.788 81.4857C160.526 92.163 153.797 109.54 147.284 133.866C133.171 186.543 122.623 297.706 209.867 321.098C297.093 344.47 343.53 242.92 357.644 190.238C364.157 165.917 367.013 147.5 367.799 135.625C368.695 122.173 359.455 126.078 341.786 129.174ZM166.497 172.756C166.497 172.756 180.246 151.372 203.565 158C226.899 164.628 228.706 190.425 228.706 190.425L166.497 172.756ZM223.42 268.713C182.403 256.698 176.077 223.99 176.077 223.99L286.262 254.796C286.262 254.791 264.021 280.578 223.42 268.713ZM262.377 201.495C262.377 201.495 276.107 180.126 299.422 186.773C322.736 193.411 324.572 219.208 324.572 219.208L262.377 201.495Z"/><path fill="#d65348" d="M139.88 246.04L99.3324 257.532C99.3324 257.532 103.737 232.44 133.607 222.496L110.647 136.33L108.663 136.933C80.1918 144.611 57.1742 142.574 47.5704 140.911C33.9554 138.563 26.834 135.572 27.5001 145.929C28.08 155.063 30.2557 169.224 35.2397 187.929C46.0225 228.433 81.6583 306.481 149.005 288.342L150.989 287.719L139.88 246.04ZM61.0848 188.485L108.946 175.876C108.946 175.876 107.551 194.288 89.6087 199.018C71.6615 203.743 61.0848 188.485 61.0848 188.485Z"/><path fill="#1d8d22" d="M225.27 269.163L223.415 268.712C182.398 256.698 176.072 223.99 176.072 223.99L232.89 239.872L262.971 124.281L262.607 124.185C225.711 114.304 201.232 97.0224 191.532 88.8994C177.783 77.3834 171.735 69.3802 165.783 81.4857C160.526 92.163 153.797 109.54 147.284 133.866C133.171 186.543 122.623 297.706 209.867 321.097L211.655 321.5L225.27 269.163ZM166.497 172.756C166.497 172.756 180.246 151.372 203.565 158C226.899 164.628 228.706 190.425 228.706 190.425L166.497 172.756Z"/></svg>',
   logrocket: '<svg viewBox="0 0 24 24" preserveAspectRatio="xMidYMid meet" aria-hidden="true"><rect x="2" y="2" width="20" height="20" rx="5" fill="#764ABC"/><path fill="#FFFFFF" d="M12 7.4c2.7 0 4.9 2.2 4.9 4.9s-2.2 4.9-4.9 4.9-4.9-2.2-4.9-4.9 4.9-4.9 4.9-4.9Zm0 1.9a3 3 0 1 0 0 6 3 3 0 0 0 0-6Zm-3.2 7.4h6.4v1.5H8.8v-1.5Z"/></svg>',
   figma: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M8.5 3h3.5v6H8.5a3 3 0 1 1 0-6Zm3.5 6h3.5a3 3 0 1 0 0-6H12v6Zm0 0h3.5a3 3 0 1 1 0 6H12V9Zm-3.5 0H12v6H8.5a3 3 0 1 1 0-6ZM8.5 15H12v2.5A3.5 3.5 0 1 1 8.5 15Z"/></svg>',
   storybook: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M6.2 3.4 17.9 2l.7 18.1-12.4.7V3.4Zm8.7 3.2.3 2.4 1.7-1.3 1.7 1.1.3-3.4-4 .5v.7Zm-5.2 5.1c0 2 1.6 3.5 4.2 3.5 2.4 0 3.8-1.2 3.8-3 0-1.7-1.1-2.6-3.4-3l-1.2-.2c-.7-.1-1-.4-1-.8 0-.5.5-.8 1.3-.8.9 0 1.5.4 1.8 1.1l2.1-.8c-.5-1.4-1.8-2.2-3.8-2.2-2.3 0-3.8 1.2-3.8 2.9 0 1.6 1.1 2.5 3.3 2.9l1.2.2c.8.1 1.1.4 1.1.9 0 .6-.5.9-1.4.9-1.1 0-1.8-.5-2.1-1.3l-2.1.7Z"/></svg>',
   "product-spec": '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M6 3.2h9.2L19 7v13.8H6V3.2Zm8.2 1.9v3h3l-3-3ZM8.4 10h7.2v1.7H8.4V10Zm0 3.2h7.2v1.7H8.4v-1.7Zm0 3.2h4.9v1.7H8.4v-1.7Z"/></svg>',
   "route-map": '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M6.5 4.2a3 3 0 0 1 3 3c0 2-3 5.1-3 5.1s-3-3.1-3-5.1a3 3 0 0 1 3-3Zm0 1.8a1.2 1.2 0 1 0 0 2.4 1.2 1.2 0 0 0 0-2.4Zm11 5.8a3 3 0 0 1 3 3c0 2-3 5.1-3 5.1s-3-3.1-3-5.1a3 3 0 0 1 3-3Zm0 1.8a1.2 1.2 0 1 0 0 2.4 1.2 1.2 0 0 0 0-2.4ZM9.5 7h2.1c2.8 0 4.9 2 4.9 4.8h-2c0-1.7-1.2-2.8-2.9-2.8H9.5V7Zm4.9 10h-2.1c-2.8 0-4.9-2-4.9-4.8h2c0 1.7 1.2 2.8 2.9 2.8h2.1v2Z"/></svg>',
   react: '<svg viewBox="0 0 24 24" aria-hidden="true"><circle cx="12" cy="12" r="2.2"/><ellipse cx="12" cy="12" rx="9" ry="3.6" fill="none" stroke="currentColor" stroke-width="1.6"/><ellipse cx="12" cy="12" rx="9" ry="3.6" fill="none" stroke="currentColor" stroke-width="1.6" transform="rotate(60 12 12)"/><ellipse cx="12" cy="12" rx="9" ry="3.6" fill="none" stroke="currentColor" stroke-width="1.6" transform="rotate(120 12 12)"/></svg>',
-  vue: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M2.6 4h5.1L12 11.4 16.3 4h5.1L12 20 2.6 4Zm5.6 0L12 10.5 15.8 4h-2.7L12 5.9 10.9 4H8.2Z"/></svg>',
-  svelte: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M16.9 3.4a5.2 5.2 0 0 0-6.9 1.5L6.3 9.7a4.6 4.6 0 0 0 .8 6.4 5.1 5.1 0 0 0 6.9-1.2l.6-.8a1.6 1.6 0 0 0-.3-2.2 1.8 1.8 0 0 0-2.4.4l-.6.8a1.3 1.3 0 0 1-1.8.3 1.2 1.2 0 0 1-.2-1.6L13 7a1.3 1.3 0 0 1 1.8-.4c.5.4.7 1.1.3 1.6l-.3.4 2.8 2 .3-.4a4.7 4.7 0 0 0-1-6.8Zm-9.8 17.2a5.2 5.2 0 0 0 6.9-1.5l3.7-4.8a4.6 4.6 0 0 0-.8-6.4A5.1 5.1 0 0 0 10 9.1l-.6.8a1.6 1.6 0 0 0 .3 2.2 1.8 1.8 0 0 0 2.4-.4l.6-.8a1.3 1.3 0 0 1 1.8-.3 1.2 1.2 0 0 1 .2 1.6L11 17a1.3 1.3 0 0 1-1.8.4 1.2 1.2 0 0 1-.3-1.6l.3-.4-2.8-2-.3.4a4.7 4.7 0 0 0 1 6.8Z"/></svg>',
-  angular: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M12 2.5 20.5 5.6 19.2 17 12 21.5 4.8 17 3.5 5.6 12 2.5Zm0 4.2-5 11h2.4l1-2.4h3.2l1 2.4H17l-5-11Zm0 3.8 1.1 2.9h-2.2l1.1-2.9Z"/></svg>',
-  nodejs: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M12 2.5 20.2 7v10L12 21.5 3.8 17V7L12 2.5Zm-3.8 6.7v5.6h1.9v-3.1l3.8 3.1h1.9V9.2h-1.9v3.2l-3.8-3.2H8.2Z"/></svg>',
+  vue: '<svg viewBox="0 0 24 24" aria-hidden="true"><path fill="#42b883" d="M24 1.61H14.06L12 5.16 9.94 1.61H0l12 20.78L24 1.61Z"/><path fill="#35495e" d="M12 14.08 5.16 2.23h4.43L12 6.41l2.41-4.18h4.43L12 14.08Z"/></svg>',
+  svelte: '<svg viewBox="0 0 24 24" aria-hidden="true"><path fill="#ff3e00" d="M10.354 21.125a4.44 4.44 0 0 1-4.765-1.767 4.109 4.109 0 0 1-.703-3.107 3.898 3.898 0 0 1 .134-.522l.105-.321.287.21a7.21 7.21 0 0 0 2.187 1.099l.208.063-.02.208a1.173 1.173 0 0 0 .21.766 1.297 1.297 0 0 0 1.39.514 1.22 1.22 0 0 0 .54-.31l3.927-3.986a.927.927 0 0 0 .203-.42.908.908 0 0 0-.154-.7 1.01 1.01 0 0 0-1.08-.4.946.946 0 0 0-.42.242l-1.5 1.522a4.15 4.15 0 0 1-1.831 1.045 4.453 4.453 0 0 1-4.767-1.767 4.108 4.108 0 0 1-.702-3.107 3.855 3.855 0 0 1 1.066-2.018l3.927-3.986A4.205 4.205 0 0 1 10.65 3.34a4.442 4.442 0 0 1 4.766 1.767 4.109 4.109 0 0 1 .702 3.108 3.943 3.943 0 0 1-.133.521l-.106.321-.286-.21a7.206 7.206 0 0 0-2.188-1.098l-.208-.063.02-.208a1.18 1.18 0 0 0-.21-.767 1.297 1.297 0 0 0-1.39-.514 1.229 1.229 0 0 0-.54.31L7.15 10.493a.929.929 0 0 0-.203.42.909.909 0 0 0 .154.7 1.01 1.01 0 0 0 1.08.4.943.943 0 0 0 .42-.242l1.5-1.522a4.144 4.144 0 0 1 1.831-1.045 4.443 4.443 0 0 1 4.766 1.767 4.109 4.109 0 0 1 .702 3.107 3.857 3.857 0 0 1-1.066 2.018l-3.927 3.986a4.193 4.193 0 0 1-2.053 1.043Z"/></svg>',
+  angular: '<svg viewBox="0 0 24 24" aria-hidden="true"><path fill="#dd0031" d="M12 2 3.5 5.1l1.3 11.2L12 22l7.2-5.7 1.3-11.2L12 2Z"/><path fill="#c3002f" d="M12 2v20l7.2-5.7 1.3-11.2L12 2Z"/><path fill="#fff" d="M12 5.6 6.7 17.6h2l1.1-2.7h4.4l1.1 2.7h2L12 5.6Zm0 3.8 1.5 3.7h-3L12 9.4Z"/></svg>',
+  nodejs: '<svg viewBox="0 0 24 24" aria-hidden="true"><path fill="#5fa04e" d="M12 2.15 20.7 7.1v9.8L12 21.85 3.3 16.9V7.1L12 2.15Z"/><path fill="#ffffff" d="M8.1 9.15h2.15v4.55c0 1.35-.75 2.15-2.2 2.15-.78 0-1.37-.18-1.85-.48l.57-1.67c.28.17.6.28.95.28.27 0 .38-.15.38-.48V9.15Zm4.05 4.05c.42.5 1.02.82 1.72.82.5 0 .82-.18.82-.52 0-.38-.32-.48-1.08-.7l-.57-.17c-1.15-.35-1.88-.92-1.88-1.95 0-1.13.92-1.72 2.28-1.72 1.02 0 1.82.32 2.4.98l-1.1 1.28c-.35-.35-.78-.55-1.25-.55-.4 0-.65.15-.65.45 0 .32.28.43.93.63l.57.17c1.32.4 2.05.93 2.05 2.05 0 1.25-1.05 1.88-2.52 1.88-1.32 0-2.35-.5-2.95-1.28l1.23-1.37Z"/></svg>',
   python: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M11.8 3c2.7 0 4.2.8 4.2 2.5V9H9.6A2.6 2.6 0 0 0 7 11.6V13H4.5C3.5 13 3 12.2 3 11c0-3.2 1.9-4.9 5.6-4.9h3.8V5H8.8V3.6A10 10 0 0 1 11.8 3Zm-1.4 1.5a.8.8 0 1 0 0 1.6.8.8 0 0 0 0-1.6ZM12.2 21c-2.7 0-4.2-.8-4.2-2.5V15h6.4a2.6 2.6 0 0 0 2.6-2.6V11h2.5c1 0 1.5.8 1.5 2 0 3.2-1.9 4.9-5.6 4.9h-3.8V19h3.6v1.4a10 10 0 0 1-3 .6Zm1.4-3.1a.8.8 0 1 0 0 1.6.8.8 0 0 0 0-1.6Z"/></svg>',
   rails: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M3 17.7C5.8 9.5 11.7 5.2 21 4.8v3.1C13.5 8.3 8.7 11.6 6 18.5L3 17.7Zm4.6.7c2.1-5 5.9-7.5 11.4-7.9v2.4c-4.4.4-7.4 2.5-9 6.2l-2.4-.7Zm4.7.7c1.3-2.4 3.4-3.7 6.7-4.1v2.2c-2.2.4-3.6 1.3-4.5 2.6l-2.2-.7Z"/></svg>',
   go: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M3 8.2h7.4v1.5H3V8.2Zm-1 3h7.4v1.5H2v-1.5Zm2 3h5.4v1.5H4v-1.5Zm10.5-6.1c3.1 0 5.5 2 5.5 4.6s-2.4 4.6-5.5 4.6-5.5-2-5.5-4.6 2.4-4.6 5.5-4.6Zm0 2.1c-1.7 0-3 1.1-3 2.5s1.3 2.5 3 2.5 3-1.1 3-2.5-1.3-2.5-3-2.5Zm5.1-2h2.4l-1.2 9h-2.4l1.2-9Z"/></svg>',
   "testing-library": '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M7 3h10v4.2l-3.4 4.5 5.4 7.9c.5.8 0 1.9-1 1.9H6c-1 0-1.6-1.1-1-1.9l5.4-7.9L7 7.2V3Zm3 3.5 2 2.7 2-2.7H10Zm1.9 8.4-2.6 3.8h5.4l-2.8-3.8Z"/></svg>',
-  vitest: '<svg viewBox="0 0 24 24" preserveAspectRatio="xMidYMid meet" aria-hidden="true"><path fill="#FCC72B" d="M13.4 3 21 7.4 12 21 3 7.4 10.6 3l1.4 4.5L13.4 3Zm-1.4 7.3-2.1 4h4.2l-2.1-4Z"/><path fill="#729B1B" d="M12 10.3 9.9 14.3h4.2L12 10.3Z"/></svg>',
+  vitest: '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M13.74024 1.05293a.49504.49504 0 0 0-.1569.02512.49338.49338 0 0 0-.25056.1876L7.59513 9.56159a.4895.4895 0 0 0-.08373.22327.48846.48846 0 0 0 .03163.23629.4893.4893 0 0 0 .13985.19319.4927.4927 0 0 0 .2149.10481l3.70685.78609-.22947 4.58007a.48834.48834 0 0 0 .08466.30017.49205.49205 0 0 0 .24931.18854c.10157.03398.21174.03444.3135.00064a.49387.49387 0 0 0 .25056-.18761l5.73735-8.29594a.4884.4884 0 0 0 .08404-.22327c.009-.08015-.0016-.16137-.03163-.23629a.48835.48835 0 0 0-.13985-.19319.49318.49318 0 0 0-.2149-.1048l-3.70686-.7861.22947-4.58008a.48802.48802 0 0 0-.08466-.30017.4913.4913 0 0 0-.24931-.18853.49439.49439 0 0 0-.1566-.02574zM1.15697 9.78795c-.30647.0012-.60009.12378-.81679.34048a1.16107 1.16107 0 0 0-.34017.81648 1.162 1.162 0 0 0 .33366.81957l10.84241 10.8421a1.15762 1.15762 0 0 0 .37677.25211 1.1583 1.1583 0 0 0 .44467.08838c.00084 0 .0016-.00031.0025-.00031.00073 0 .0014.00031.0022.00031a1.15827 1.15827 0 0 0 .44467-.08838 1.15731 1.15731 0 0 0 .37677-.2521l10.84236-10.8421a1.16272 1.16272 0 0 0 .33397-.81958c-.0013-.30647-.12376-.59976-.34048-.81648a1.1616 1.1616 0 0 0-.81679-.34048 1.16114 1.16114 0 0 0-.81926.33366l-5.4012 5.4009c-.0078.0074-.01718.01255-.02482.02015L12 20.14011l-4.59776-4.59745c-.0074-.0074-.01659-.01238-.02419-.01954l-5.4015-5.40151a1.162 1.162 0 0 0-.81958-.33366Z"/></svg>',
   "rate-limit": '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M12 3a9 9 0 1 0 9 9h-3a6 6 0 1 1-1.8-4.3L13 11h8V3l-2.7 2.7A9 9 0 0 0 12 3Z"/></svg>',
-  "bot-protection": '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M12 2 20 6v6c0 5-3.5 8.6-8 10-4.5-1.4-8-5-8-10V6l8-4Zm-3 8h6v4H9v-4Zm1.5-3.2h3V10h-3V6.8Z"/></svg>',
-  "secrets-hygiene": '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M7 10V7a5 5 0 0 1 10 0v3h1.5v11h-13V10H7Zm3 0h4V7a2 2 0 0 0-4 0v3Z"/></svg>'
+  "bot-protection": '<svg viewBox="0 0 24 24" aria-hidden="true"><path fill="#f38020" d="M12 2.4 20 5.5v6.2c0 4.75-3.12 8.1-8 10.1-4.88-2-8-5.35-8-10.1V5.5l8-3.1Z"/><path fill="#fff7df" d="M12 5.9 16.9 8v3.72c0 2.64-1.8 4.64-4.9 6.05-3.1-1.41-4.9-3.41-4.9-6.05V8L12 5.9Z"/><path fill="#f38020" d="M12 8.2a3.15 3.15 0 0 1 3.15 3.15A3.15 3.15 0 0 1 12 14.5a3.15 3.15 0 0 1-3.15-3.15A3.15 3.15 0 0 1 12 8.2Zm0 1.65a1.5 1.5 0 1 0 0 3 1.5 1.5 0 0 0 0-3Z"/></svg>',
+  "secrets-hygiene": '<svg viewBox="0 0 24 24" aria-hidden="true"><path d="M7 10V7a5 5 0 0 1 10 0v3h1.5v11h-13V10H7Zm3 0h4V7a2 2 0 0 0-4 0v3Z"/></svg>',
+  firebase: '<svg viewBox="0 0 24 24" aria-hidden="true"><path fill="#ffa000" d="m3.9 18.7 2.4-15.2c.1-.6.9-.8 1.2-.3l2.6 4.9 1.1-2.1c.2-.4.8-.4 1 0l7.9 12.7-8.1 4.5-8.1-4.5Z"/><path fill="#f57c00" d="m12 23.2 8.1-4.5-2.4-14.8c-.1-.6-.9-.8-1.2-.3L12 12.1v11.1Z"/><path fill="#ffca28" d="m3.9 18.7 6.2-10.6 1.9 3.7-8.1 6.9Z"/><path fill="#fff3c4" d="m12 12.1 4.5-8.5c.3-.5 1.1-.3 1.2.3l2.4 14.8-8.1-6.6Z"/></svg>',
+  cloudflare: '<svg viewBox="0 0 32 32" aria-hidden="true"><rect x="7" y="7" width="21" height="21" rx="1.4" fill="#111827"/><rect x="4" y="4" width="21" height="21" rx="1.4" fill="#f38020"/><path fill="#fff7df" d="M11.1 17.6h9.2c1.4 0 2.5-1 2.5-2.2 0-1.1-.9-2-2.2-2.2-.6-2-2.4-3.4-4.6-3.4-1.9 0-3.6 1.1-4.3 2.7-.2 0-.4-.1-.7-.1-1.7 0-3.1 1.2-3.4 2.7-1.1.2-1.9 1-1.9 1.9 0 .9.8 1.6 1.8 1.6h3.6Z"/><path fill="#f38020" d="M18.1 13.3c1.2.4 2.1 1.4 2.4 2.6h.2c.6 0 1.1-.4 1.1-.9 0-.5-.5-.9-1.1-1h-.7l-.2-.7c-.4-1.5-1.8-2.5-3.5-2.5-.7 0-1.3.2-1.9.5 1.7.2 3 .9 3.7 2Z"/></svg>'
+};
+var PROVIDER_NODE_TONES = {
+  supabase: ["#3ecf8e", "rgba(62, 207, 142, 0.34)"],
+  clerk: ["#6c47ff", "rgba(108, 71, 255, 0.34)"],
+  authjs: ["#6c47ff", "rgba(108, 71, 255, 0.3)"],
+  auth0: ["#eb5424", "rgba(235, 84, 36, 0.34)"],
+  "better-auth": ["#111827", "rgba(17, 24, 39, 0.22)"],
+  firebase: ["#ffa000", "rgba(255, 160, 0, 0.34)"],
+  neon: ["#00e599", "rgba(0, 229, 153, 0.34)"],
+  planetscale: ["#111827", "rgba(17, 24, 39, 0.22)"],
+  mongodb: ["#47a248", "rgba(71, 162, 72, 0.34)"],
+  turso: ["#4ff8d2", "rgba(79, 248, 210, 0.3)"],
+  stripe: ["#635bff", "rgba(99, 91, 255, 0.34)"],
+  paddle: ["#fddd35", "rgba(253, 221, 53, 0.34)"],
+  polar: ["#1d4aff", "rgba(29, 74, 255, 0.3)"],
+  "lemon-squeezy": ["#ffc233", "rgba(255, 194, 51, 0.34)"],
+  vercel: ["#111827", "rgba(17, 24, 39, 0.22)"],
+  netlify: ["#00c7b7", "rgba(0, 199, 183, 0.32)"],
+  cloudflare: ["#f38020", "rgba(243, 128, 32, 0.34)"],
+  sentry: ["#a855f7", "rgba(168, 85, 247, 0.34)"],
+  posthog: ["#f54e00", "rgba(245, 78, 0, 0.34)"],
+  playwright: ["#45ba4b", "rgba(69, 186, 75, 0.32)"],
+  vitest: ["#fcc72b", "rgba(252, 199, 43, 0.34)"],
+  figma: ["#ff7262", "rgba(255, 114, 98, 0.38)"],
+  react: ["#61dafb", "rgba(97, 218, 251, 0.38)"],
+  vue: ["#42b883", "rgba(66, 184, 131, 0.34)"],
+  angular: ["#dd0031", "rgba(221, 0, 49, 0.34)"],
+  nodejs: ["#83cd29", "rgba(131, 205, 41, 0.34)"],
+  github: ["#111827", "rgba(17, 24, 39, 0.22)"],
+  gitlab: ["#fc6d26", "rgba(252, 109, 38, 0.34)"]
 };
 var ALIASES = {
   authjs: "authjs",
@@ -6742,6 +8840,8 @@ var ALIASES = {
   auth0: "auth0",
   "better-auth": "better-auth",
   betterauth: "better-auth",
+  firebase: "firebase",
+  firestore: "firebase",
   "mongodb atlas": "mongodb",
   logrocket: "logrocket",
   sentry: "sentry",
@@ -6777,7 +8877,23 @@ var ALIASES = {
   routes: "route-map",
   ratelimit: "rate-limit"
 };
-var INLINE_ONLY_LOGO_KEYS = /* @__PURE__ */ new Set(["better-auth", "paddle", "polar"]);
+var INLINE_ONLY_LOGO_KEYS = /* @__PURE__ */ new Set([
+  "auth0",
+  "authjs",
+  "better-auth",
+  "clerk",
+  "cloudflare",
+  "firebase",
+  "lemon-squeezy",
+  "netlify",
+  "paddle",
+  "playwright",
+  "polar",
+  "posthog",
+  "sentry",
+  "svelte",
+  "vitest"
+]);
 var PROVIDER_ASSET_FILES = {
   authjs: "provider-authjs.svg",
   logrocket: "provider-logrocket.svg",
@@ -6797,6 +8913,7 @@ var PROVIDER_ICON_URLS = {
   supabase: "https://cdn.simpleicons.org/supabase/3ECF8E",
   clerk: "https://cdn.simpleicons.org/clerk/6C47FF",
   auth0: "https://cdn.simpleicons.org/auth0/EB5424",
+  firebase: "https://cdn.simpleicons.org/firebase/FFCA28",
   neon: "https://cdn.simpleicons.org/neon/00E599",
   planetscale: "https://cdn.simpleicons.org/planetscale/000000",
   mongodb: "https://cdn.simpleicons.org/mongodb/47A248",
@@ -6833,16 +8950,26 @@ var BRAND_LOGO_KEYS = /* @__PURE__ */ new Set([
   "better-auth",
   "clerk",
   "gitlab",
+  "lemon-squeezy",
   "logrocket",
+  "netlify",
   "auth0",
   "paddle",
   "playwright",
   "polar",
   "posthog",
+  "sentry",
   "stripe",
+  "svelte",
   "vitest"
 ]);
+function isUnselectedProviderToken(raw, compact) {
+  return !compact || compact === "notselected" || raw === "not selected" || raw === "none";
+}
 function resolveLogoKey(raw, compact) {
+  if (isUnselectedProviderToken(raw, compact)) {
+    return "";
+  }
   if (ALIASES[raw]) {
     return ALIASES[raw];
   }
@@ -6880,13 +9007,13 @@ function normalizeProviderKey2(providerOrLabel) {
 function resolveProviderLogoKey(...candidates) {
   for (const candidate of candidates) {
     const key = normalizeProviderKey2(candidate);
-    if (key && PROVIDER_LOGOS[key]) {
+    if (key && key !== "notselected" && PROVIDER_LOGOS[key]) {
       return key;
     }
   }
   for (const candidate of candidates) {
     const key = normalizeProviderKey2(candidate);
-    if (key) {
+    if (key && key !== "notselected") {
       return key;
     }
   }
@@ -6894,7 +9021,7 @@ function resolveProviderLogoKey(...candidates) {
 }
 function providerLogoClass(providerOrLabel, ...moreCandidates) {
   const key = resolveProviderLogoKey(providerOrLabel, ...moreCandidates) || normalizeProviderKey2(providerOrLabel);
-  if (!key) {
+  if (!key || key === "notselected") {
     return "";
   }
   return ` provider-logo--${key}${BRAND_LOGO_KEYS.has(key) ? " provider-logo--brand" : ""}`;
@@ -6912,16 +9039,14 @@ function providerLogoHtml(providerOrLabel, labelFallback, ...moreCandidates) {
   if (assetUrl) {
     return providerIconImgHtml(assetUrl, key);
   }
+  if (svg) {
+    return svg;
+  }
   const iconUrl = key && PROVIDER_ICON_URLS[key];
   if (iconUrl) {
     return providerIconImgHtml(iconUrl, key);
   }
-  if (svg) {
-    return svg;
-  }
-  const label = (labelFallback ?? providerOrLabel ?? "?").trim();
-  const initials = label ? label.slice(0, 2).toUpperCase() : "?";
-  return `<span aria-hidden="true">${initials}</span>`;
+  return PROVIDER_LOGO_FALLBACK_SVG;
 }
 var PROVIDER_BENEFITS = {
   supabase: "Best when you want auth, data, and storage in one stack.",
@@ -6946,6 +9071,7 @@ var PROVIDER_BENEFITS = {
   sentry: "Best first choice for production errors and traces.",
   posthog: "Best for product analytics and funnel verification.",
   auth0: "Enterprise identity with rules, MFA, and social login.",
+  firebase: "Good fit when auth, Firestore, and hosting stay in one Google stack.",
   "better-auth": "Type-safe auth you own in your codebase.",
   playwright: "Best for browser-flow verification and UI regression checks.",
   logrocket: "Best when session replay is the missing evidence.",
@@ -6973,7 +9099,9 @@ function providerLogosPayloadJson() {
     inlineOnly: [...INLINE_ONLY_LOGO_KEYS],
     aliases: ALIASES,
     benefits: PROVIDER_BENEFITS,
-    brandKeys: [...BRAND_LOGO_KEYS]
+    brandKeys: [...BRAND_LOGO_KEYS],
+    nodeTones: PROVIDER_NODE_TONES,
+    fallbackSvg: PROVIDER_LOGO_FALLBACK_SVG
   }).replace(/</g, "\\u003c");
 }
 
@@ -7010,6 +9138,23 @@ function defaultAreaKey(artifact) {
   }
   return areas[0]?.key ?? "frontend";
 }
+function providerLabelForArea(artifact, areaKey, mission, selectedOverride) {
+  if (selectedOverride) {
+    const token = normalizeProviderKey2(selectedOverride);
+    const options = artifact.providerOptions?.[areaKey] ?? [];
+    const match = options.find(
+      (option) => normalizeProviderKey2(option.provider) === token || normalizeProviderKey2(option.label) === token
+    );
+    if (match?.label) {
+      return match.label;
+    }
+    if (mission && missionMatchesProvider(mission, selectedOverride)) {
+      return mission.providerLabel ?? selectedOverride;
+    }
+    return selectedOverride;
+  }
+  return mission?.providerLabel ?? "Not selected";
+}
 function buildAccountStripHtml(artifact) {
   if (!artifact.accountEmail) {
     return "";
@@ -7036,21 +9181,22 @@ function buildNodeHtml(artifact, meta, selectedAreaKey) {
   const area = (artifact.missionGraph.areas ?? []).find((a) => a.key === meta.key);
   const selectedOverride = artifact.selectedProviders?.[meta.key] ?? "";
   const mission = preferredMissionForArea(area, selectedOverride);
-  const selectedProvider = selectedOverride || mission?.provider || mission?.providerLabel || "";
-  const providerLabel3 = mission?.providerLabel ?? "Not selected";
+  const providerLabel3 = providerLabelForArea(artifact, meta.key, mission, selectedOverride);
+  const logoProvider = selectedOverride || mission?.provider || mission?.providerLabel || "";
   const readiness = mission?.readinessPercent ?? area?.readinessPercent ?? 0;
   const openChecks = openChecksForMission(mission);
+  const repoOpenChecks = mission?.checks.filter(
+    (check) => check.evidenceClass === "missing-repo-fix" || check.status === "missing" || check.status === "failed"
+  ).length ?? 0;
+  const providerOpenChecks = mission?.checks.filter(
+    (check) => check.evidenceSource === "provider" || check.evidenceSource === "mcp" || check.evidenceClass === "mcp-verifier" || check.status === "needs-connection" || check.status === "unknown"
+  ).length ?? 0;
   const modelGaps = gapCountForArea(artifact, meta.key);
   const stateClass = modelGaps > 0 ? " studio-node--critical" : openChecks > 0 ? " studio-node--warning" : area ? " studio-node--in-project" : "";
   const selectedClass = selectedAreaKey === meta.key ? " studio-node--selected" : "";
-  const metaText = modelGaps > 0 ? `${modelGaps} stack fix${modelGaps === 1 ? "" : "es"}` : openChecks > 0 ? `${openChecks} stack fix${openChecks === 1 ? "" : "es"}` : `${readiness}% health`;
-  const logoClass = providerLogoClass(mission?.provider, mission?.key, String(selectedProvider), providerLabel3);
-  const logoInner = providerLogoHtml(
-    mission?.provider,
-    providerLabel3,
-    mission?.key,
-    String(selectedProvider)
-  );
+  const metaText = modelGaps > 0 ? `${modelGaps} stack fix${modelGaps === 1 ? "" : "es"}` : repoOpenChecks > 0 ? `${repoOpenChecks} stack fix${repoOpenChecks === 1 ? "" : "es"}` : providerOpenChecks > 0 ? "Live check" : `${readiness}% health`;
+  const logoClass = providerLogoClass(logoProvider, mission?.key, mission?.providerLabel);
+  const logoInner = providerLogoHtml(logoProvider, providerLabel3, mission?.key, mission?.providerLabel);
   const gapBadge = modelGaps > 0 ? `<span class="studio-node__raven-badge" role="presentation">Gap ${modelGaps}</span>` : "";
   return `<button type="button" class="studio-node studio-node--${escapeHtml(meta.key)} provider-logo${logoClass}${stateClass}${selectedClass}" data-area-key="${escapeHtml(meta.key)}" aria-label="${escapeHtml(meta.label)}, ${escapeHtml(providerLabel3)}, ${escapeHtml(metaText)}">
     <span class="studio-node__logo provider-logo${logoClass}" aria-hidden="true">${logoInner}</span>
@@ -7067,7 +9213,6 @@ function generateReportHtml(artifact) {
   const nodesHtml = CATEGORY_META.map((meta) => buildNodeHtml(hydrated, meta, defaultKey)).join("\n");
   const accountStrip = buildAccountStripHtml(hydrated);
   const logosJson = providerLogosPayloadJson();
-  const scannedLabel = escapeHtml(hydrated.scannedAt);
   return `<!DOCTYPE html>
 <html lang="en" class="cli-mission-report" data-surface="panel" data-skin="editorial">
 <head>
@@ -7087,8 +9232,10 @@ function generateReportHtml(artifact) {
       <div class="studio-shell" aria-label="VibeRaven Studio cockpit">
         <header class="studio-top-rail" aria-label="Studio status">
           <img class="studio-top-rail__logo" src="report/assets/viberaven-logo.png" alt="" width="32" height="32" />
-          <span class="studio-top-rail__brand"><span>VIBERAVEN / MISSION MAP</span></span>
-          <div class="studio-top-rail__build">Last scan \xB7 ${scannedLabel}</div>
+          <div class="studio-top-rail__brand">
+            <span class="studio-top-rail__wordmark">VIBERAVEN</span>
+            <span class="studio-top-rail__label">MISSION MAP</span>
+          </div>
         </header>
         <div class="studio-workspace">
           <main class="studio-map-canvas" aria-label="Interactive full-stack system map">
@@ -7097,7 +9244,7 @@ function generateReportHtml(artifact) {
                 <div class="studio-connector-layer" aria-hidden="true"></div>
                 <div class="studio-core-group">
                   <div class="studio-core-node" aria-label="Production core score">
-                    <img class="studio-core-node__mark" src="report/assets/viberaven-logo.png" alt="VibeRaven" width="92" height="92" />
+                    <span>VIBERAVEN</span>
                     <strong>${hydrated.productionCorePercent}%</strong>
                     <small>Production core</small>
                   </div>
@@ -7149,16 +9296,22 @@ var REPORT_ASSET_FILES = [
 var INLINE_SECRET_PATTERNS = [
   /\b(sk_(?:live|test)_[A-Za-z0-9]{12,}|sk-proj-[A-Za-z0-9_-]{16,}|sk-[A-Za-z0-9_-]{20,})\b/g,
   /\b(whsec_[A-Za-z0-9]{12,}|rk_(?:live|test)_[A-Za-z0-9]{12,})\b/g,
-  /\beyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\b/g
+  /\bghp_[A-Za-z0-9]{36,}\b/g,
+  /\bgithub_pat_[A-Za-z0-9_]{50,}\b/g,
+  /\bxox[bp]-[A-Za-z0-9-]{20,}\b/g,
+  /\bxapp-[A-Za-z0-9-]{20,}\b/g,
+  /\beyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\b/g,
+  /-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z ]*PRIVATE KEY-----/g
 ];
-var SENSITIVE_ENV_KEYS = /^(?:OPENAI_API_KEY|OPENAI_KEY|ANTHROPIC_API_KEY|VIBERAVEN_ACCESS_TOKEN|VRAVEN_.*|SUPABASE_SERVICE_ROLE_KEY|.*_SECRET_KEY)$/i;
+var SENSITIVE_ENV_KEYS = /(?:^|_)(?:ACCESS_TOKEN|AUTHORIZATION|API_KEY|SECRET|SECRET_KEY|SERVICE_ROLE_KEY|TOKEN|PASSWORD|PRIVATE_KEY|CREDENTIALS?)(?:$|_)/i;
 function redactString(value) {
   let out = value;
   for (const pattern of INLINE_SECRET_PATTERNS) {
-    out = out.replace(pattern, "[REDACTED_SECRET]");
+    out = out.replace(pattern, pattern.source.includes("PRIVATE KEY") ? "[REDACTED_PRIVATE_KEY]" : "[REDACTED_SECRET]");
   }
+  out = out.replace(/\bAuthorization\s*:\s*([A-Za-z][A-Za-z0-9._-]*)\s+[^\s;,]+/gi, "Authorization: $1 [REDACTED]");
   return out.replace(
-    /\b([A-Za-z0-9_]*(?:API_KEY|SECRET|TOKEN|PASSWORD|PRIVATE_KEY)[A-Za-z0-9_]*)\s*=\s*["']?[^"'\s;,]+["']?/gi,
+    /\b([A-Za-z0-9_]*(?:ACCESS_TOKEN|AUTHORIZATION|API_KEY|SECRET|SECRET_KEY|SERVICE_ROLE_KEY|TOKEN|PASSWORD|PRIVATE_KEY|CREDENTIALS?)[A-Za-z0-9_]*)\s*=\s*["']?[^"'\s;,]+["']?/gi,
     "$1=[REDACTED]"
   );
 }
@@ -7397,6 +9550,15 @@ function gapTagColor(modelGaps, open) {
   }
   return import_picocolors.default.dim;
 }
+function manualActionCheckCount(artifact) {
+  return (artifact.missionGraph.areas ?? []).reduce((areaTotal, area) => {
+    return areaTotal + area.providerMissions.reduce((missionTotal, mission) => {
+      return missionTotal + mission.checks.filter(
+        (check) => check.evidenceClass === "manual-dashboard" || check.evidenceClass === "mcp-verifier" || check.evidenceSource === "provider" || check.evidenceSource === "mcp" || check.status === "needs-connection" || check.status === "unknown"
+      ).length;
+    }, 0);
+  }, 0);
+}
 function printScanSummary(artifact, paths) {
   const pct = artifact.productionCorePercent;
   const gapCount = artifact.gaps.length;
@@ -7432,6 +9594,11 @@ function printScanSummary(artifact, paths) {
   console.log("");
   console.log(import_picocolors.default.dim("Press Enter in `viberaven` menu to rescan \xB7 `viberaven prompt` for top gap"));
   console.log(import_picocolors.default.dim("Agents: read .viberaven/agent-summary.md"));
+  console.log(formatAgentStatus(READY, `Scan complete. Read ${paths.summaryPath} before changing code.`));
+  const manualCount = manualActionCheckCount(artifact);
+  if (manualCount > 0) {
+    console.log(formatAgentStatus(MANUAL_ACTION_REQUIRED, `${manualCount} provider dashboard or read-only MCP check${manualCount === 1 ? "" : "s"} require user/provider verification. Do not claim these as repo-code fixes.`));
+  }
   console.log("");
 }
 
@@ -7972,7 +10139,7 @@ var Y2 = ({ indicator: t = "dots" } = {}) => {
 var import_picocolors3 = __toESM(require_picocolors());
 
 // src/version.ts
-var VERSION = "0.1.0-beta.1";
+var VERSION = "0.1.0-beta.2";
 
 // src/tui/runInteractive.ts
 async function formatStatusLine() {
@@ -8230,6 +10397,10 @@ function parseArgs(argv) {
       flags.help = true;
       continue;
     }
+    if (arg === "--version" || arg === "-v") {
+      flags.version = true;
+      continue;
+    }
     if (arg.startsWith("--")) {
       const key = arg.slice(2);
       const next = argv[i + 1];
@@ -8249,6 +10420,9 @@ function parseArgs(argv) {
   }
   return { command, flags, positional };
 }
+function formatScanJsonStdout(artifact) {
+  return JSON.stringify(sanitizeArtifactForDisk(artifact), null, 2);
+}
 async function cmdLogin(flags) {
   const apiBaseUrl = resolveApiBaseUrl(typeof flags["api-url"] === "string" ? flags["api-url"] : void 0);
   await runDeviceLogin(apiBaseUrl);
@@ -8300,13 +10474,17 @@ async function cmdScan(flags, positional) {
       }
       return 2;
     }
-    console.error(result.message);
+    if (result.kind === "auth_required" || result.kind === "session_invalid") {
+      console.error(formatAgentStatus(LOGIN_REQUIRED, result.message));
+      return 1;
+    }
+    console.error(formatAgentStatus(ERROR, result.message));
     return 1;
   }
   const artifact = await enrichArtifactWithAccount(result.artifact, apiBaseUrl, accessToken);
   const paths = await writeScanArtifacts({ artifact, cwd: workspacePath });
   if (flags.json) {
-    console.log(JSON.stringify(artifact, null, 2));
+    console.log(formatScanJsonStdout(artifact));
     return 0;
   }
   printScanSummary(artifact, paths);
@@ -8429,6 +10607,10 @@ async function main() {
     printHelp();
     return 0;
   }
+  if (flags.version || command === "version") {
+    console.log(VERSION);
+    return 0;
+  }
   if (!command) {
     await runInteractiveSession();
     return 0;
@@ -8454,23 +10636,25 @@ async function main() {
       return cmdPrompt(flags, positional);
     case "stack":
       return cmdStack(positional);
-    case "--version":
-    case "-v":
-    case "version":
-      console.log(VERSION);
-      return 0;
     default:
       console.error(`Unknown command: ${command}`);
       printHelp();
       return 1;
   }
 }
-main().then((code) => {
-  if (code !== 0) {
-    process.exitCode = code;
-  }
-}).catch((error) => {
-  console.error(error instanceof Error ? error.message : String(error));
-  process.exitCode = 1;
+if (require.main === module) {
+  main().then((code) => {
+    if (code !== 0) {
+      process.exitCode = code;
+    }
+  }).catch((error) => {
+    console.error(error instanceof Error ? error.message : String(error));
+    process.exitCode = 1;
+  });
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  formatScanJsonStdout,
+  parseArgs
 });
 //# sourceMappingURL=cli.js.map