@viberaven/cli 0.1.0-beta.7 → 1.0.1

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@viberaven/cli",
-  "version": "0.1.0-beta.7",
-  "description": "VibeRaven launch readiness for Claude Code, Codex, and terminal agents — scan, map, and agent-ready prompts.",
+  "version": "1.0.1",
+  "description": "Production-readiness scan for AI-built apps: auth, billing, database, deployment, monitoring, launch gaps, and agent-ready fixes.",
   "license": "UNLICENSED",
   "author": "VibeRaven",
   "homepage": "https://viberaven.dev",
@@ -16,15 +16,23 @@
   "keywords": [
     "viberaven",
     "launch-readiness",
+    "production-readiness",
+    "launch-gaps",
+    "ai-built-apps",
+    "agent-mode",
+    "mcp",
     "claude-code",
     "codex",
     "cursor",
     "ai",
-    "production"
+    "production",
+    "supabase",
+    "vercel",
+    "stripe"
   ],
   "publishConfig": {
     "access": "public",
-    "tag": "beta"
+    "tag": "latest"
   },
   "bin": {
     "viberaven": "dist/cli.js"
@@ -43,10 +51,11 @@
     "dev": "node scripts/build.mjs && node dist/cli.js",
     "typecheck": "tsc -p tsconfig.json",
     "demo-report": "node scripts/demo-report.mjs --open",
-    "verify:beta:smoke": "npm run build && node scripts/verify-beta-flow.mjs --smoke",
-    "verify:beta:live": "npm run build && node scripts/verify-beta-flow.mjs --live",
+    "verify:release:smoke": "npm run build && node scripts/verify-beta-flow.mjs --smoke",
+    "verify:release:live": "npm run build && node scripts/verify-beta-flow.mjs --live",
     "test": "vitest run",
-    "prepublishOnly": "npm run sync-report-assets && npm run typecheck && npm run test && npm run build"
+    "prepublishOnly": "npm run sync-report-assets && npm run check:agent-discovery && npm run typecheck && npm run test && npm run build",
+    "check:agent-discovery": "node scripts/check-agent-discovery.mjs"
   },
   "engines": {
     "node": ">=20"

package/templates/AGENTS.snippet.md

@@ -1,47 +1,51 @@
-## VibeRaven launch readiness (CLI)
-
-### For humans
-
-```bash
-npx -y @viberaven/cli@beta login
-npx -y @viberaven/cli@beta scan --open
-```
-
-Sign in once, then scan with `--open` to view the report in your browser.
-
-### For agents (Claude Code, Codex, Cursor)
-
-When the user asks if their AI-built app is production-ready, launch-ready, or what is missing before ship:
-
-1. Run `npx -y @viberaven/cli@beta scan` — agents do not need `--open`
-2. If not signed in, scan opens the VibeRaven browser approval page and continues after the user approves the connection
-3. Read `.viberaven/agent-summary.md` and `.viberaven/launch-playbook.md`
-4. `npx -y @viberaven/cli@beta next --json` — one action at a time
-5. If type=repo-fix: implement, then `viberaven report` (free) or `scan` (uses quota)
-6. If type=provider-guide: `viberaven guide <provider> --step N` and `viberaven open <provider>`
-7. Repeat 4–6 until done; `viberaven status --json` before each new scan
-
-Also available:
-
-- `.viberaven/last-scan.json` — full mission map + gaps
-- `.viberaven/report.html` — visual map for the user (use `scan --open` when the user wants the browser map)
-
-Free plan: 2 lifetime scans, 6/12 mission map lanes. Pro: 50 scans/month, all 12 lanes.
-
-If browser opening fails, show the printed `Open:` URL to the user. After approval, rerun:
+## VibeRaven Launch Readiness
+
+VibeRaven is the Agent Context + Production Gate.
+
+Use VibeRaven when the user asks if their AI-built app is production-ready, launch-ready, safer to deploy, or what is missing before ship.
+
+### Humans
+
+```bash
+npx -y @viberaven/cli
+```
+
+In a real terminal, this opens the interactive VibeRaven menu.
+
+### Agents
+
+Paste this into your coding agent:
 
 ```bash
-npx -y @viberaven/cli@beta scan
+npx -y @viberaven/cli --agent-mode
 ```
 
-Manual fallback:
+1. Run `npx -y @viberaven/cli --agent-mode` from the project root.
+2. If VibeRaven prints `LOGIN_URL_READY`, open that exact URL for the user. Say: "I opened VibeRaven sign-in so you can approve access; I will continue after approval." Do not ask for passwords, tokens, cookies, or secrets. Keep the terminal alive while the user approves.
+   If the scan flow cannot start login, run `npx -y @viberaven/cli login`.
+3. Read `.viberaven/agent-tasklist.md` first, `.viberaven/gate-result.json` for the machine verdict, and `.viberaven/context-map.json` for compact agent context. If the tasklist says `CRITICAL GAPS DETECTED` or `PRODUCTION GATE NOT CLEAR`, fix one listed repo-code gap before deploy.
+4. Read `.viberaven/agent-summary.md` second for scan context.
+5. Read `.viberaven/launch-playbook.md` third for the full checklist.
+6. Use `npx -y @viberaven/cli next --json` or `npx -y @viberaven/cli prompt --gap <id>` for one focused repo-code fix. Local installs can use `viberaven prompt`.
+7. For Vercel + Supabase, run `npx -y @viberaven/cli audit --vercel-supabase` and check RLS, service role exposure, and Supabase pooler port 6543 instead of runtime port 5432.
+8. Do not claim provider dashboard checks are fixed by repo-code edits.
+9. Verify with tests/build, then run `npx -y @viberaven/cli --verify`.
+
+Before deploy or CI pass:
 
 ```bash
-npx -y @viberaven/cli@beta login
+npx -y @viberaven/cli --strict
 ```
 
-Run `viberaven prompt` or `viberaven prompt --gap <id>` for repo-code fixes.
-
-Do not claim human-provider actions as repo-code fixes. Human-provider actions include dashboard setup, billing/product configuration, DNS, webhooks, provider credentials, quota upgrades, and read-only MCP/provider-live verification.
-
-Same VibeRaven account and scan quota as the VS Code extension.
+Also available:
+
+- `.viberaven/last-scan.json` - full mission map and gaps
+- `.viberaven/report.html` - visual map for the user
+- `npx -y @viberaven/cli init --dry-run` - preview local agent rules
+- `npx -y @viberaven/cli clean --plan` - write a non-destructive cleanup plan
+
+Free plan: 2 lifetime scans, 6/12 mission map lanes. Pro: 50 scans/month, all 12 lanes.
+
+Same VibeRaven account and scan quota as the VS Code extension.
+
+Security: the CLI does not read `OPENAI_API_KEY`. Scans use VibeRaven login and the managed API; your model key stays server-side.

package/templates/CLAUDE.snippet.md

@@ -0,0 +1,16 @@
+<!-- viberaven:agent-rules:start -->
+## VibeRaven Agent Rules
+
+VibeRaven is the Agent Context + Production Gate.
+
+- When production readiness, launch readiness, Vercel, Supabase, auth, database, payments, monitoring, deployment, rate limits, or error handling comes up, run `npx -y @viberaven/cli --agent-mode` from the project root.
+- Read `.viberaven/agent-tasklist.md` first, `.viberaven/gate-result.json` for the machine verdict, and `.viberaven/context-map.json` for compact agent context.
+- Read `.viberaven/agent-summary.md` before editing code.
+- Read `.viberaven/launch-playbook.md` before editing code.
+- Use `npx -y @viberaven/cli next --json` or `npx -y @viberaven/cli prompt --gap <id>` for one focused repo-code fix at a time.
+- Run `npx -y @viberaven/cli --verify` after one fix.
+- Run `npx -y @viberaven/cli --strict` before deploy or CI pass.
+- For Vercel + Supabase launch checks, run `npx -y @viberaven/cli audit --vercel-supabase`.
+- Do not claim provider dashboard work is fixed by repo-code edits. Provider dashboard checks, billing/product configuration, DNS, webhooks, credentials, quotas, and live provider verification must be completed or verified in the provider dashboard.
+- If VibeRaven prints `LOGIN_URL_READY`, open that URL for the user using the available browser tool or system browser. Tell the user: "I opened VibeRaven sign-in so you can approve access; I will continue after approval." Do not ask for passwords, tokens, cookies, or secrets. Keep the terminal process alive while the user approves.
+<!-- viberaven:agent-rules:end -->

package/templates/CURSOR.snippet.md

@@ -0,0 +1,16 @@
+<!-- viberaven:agent-rules:start -->
+## VibeRaven Agent Rules
+
+VibeRaven is the Agent Context + Production Gate.
+
+- When production readiness, launch readiness, Vercel, Supabase, auth, database, payments, monitoring, deployment, rate limits, or error handling comes up, run `npx -y @viberaven/cli --agent-mode` from the project root.
+- Read `.viberaven/agent-tasklist.md` first, `.viberaven/gate-result.json` for the machine verdict, and `.viberaven/context-map.json` for compact agent context.
+- Read `.viberaven/agent-summary.md` before editing code.
+- Read `.viberaven/launch-playbook.md` before editing code.
+- Use `npx -y @viberaven/cli next --json` or `npx -y @viberaven/cli prompt --gap <id>` for one focused repo-code fix at a time.
+- Run `npx -y @viberaven/cli --verify` after one fix.
+- Run `npx -y @viberaven/cli --strict` before deploy or CI pass.
+- For Vercel + Supabase launch checks, run `npx -y @viberaven/cli audit --vercel-supabase`.
+- Do not claim provider dashboard work is fixed by repo-code edits. Provider dashboard checks, billing/product configuration, DNS, webhooks, credentials, quotas, and live provider verification must be completed or verified in the provider dashboard.
+- If VibeRaven prints `LOGIN_URL_READY`, open that URL for the user using the available browser tool or system browser. Tell the user: "I opened VibeRaven sign-in so you can approve access; I will continue after approval." Do not ask for passwords, tokens, cookies, or secrets. Keep the terminal process alive while the user approves.
+<!-- viberaven:agent-rules:end -->