@viberaven/cli 1.0.0 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +39 -6
- package/README.md +20 -10
- package/SECURITY.md +4 -4
- package/assets/report/station.js +2 -2
- package/dist/cli.js +1561 -762
- package/dist/cli.js.map +4 -4
- package/dist/report/station.js +2 -2
- package/package.json +18 -9
- package/templates/AGENTS.snippet.md +10 -10
- package/templates/CLAUDE.snippet.md +5 -5
- package/templates/CURSOR.snippet.md +5 -5
package/AGENTS.md
CHANGED
|
@@ -9,7 +9,7 @@ VibeRaven is the Agent Context + Production Gate.
|
|
|
9
9
|
Run from the project root:
|
|
10
10
|
|
|
11
11
|
```bash
|
|
12
|
-
npx -y
|
|
12
|
+
npx -y viberaven --agent-mode
|
|
13
13
|
```
|
|
14
14
|
|
|
15
15
|
Read in this order:
|
|
@@ -23,23 +23,56 @@ Read in this order:
|
|
|
23
23
|
Fix one repo-code gap at a time. Prefer:
|
|
24
24
|
|
|
25
25
|
```bash
|
|
26
|
-
npx -y
|
|
27
|
-
npx -y
|
|
26
|
+
npx -y viberaven next --json
|
|
27
|
+
npx -y viberaven prompt --gap <id>
|
|
28
28
|
```
|
|
29
29
|
|
|
30
30
|
After a fix:
|
|
31
31
|
|
|
32
32
|
```bash
|
|
33
|
-
npx -y
|
|
34
|
-
npx -y
|
|
33
|
+
npx -y viberaven --verify
|
|
34
|
+
npx -y viberaven --strict
|
|
35
35
|
```
|
|
36
36
|
|
|
37
37
|
For Vercel + Supabase checks:
|
|
38
38
|
|
|
39
39
|
```bash
|
|
40
|
-
npx -y
|
|
40
|
+
npx -y viberaven audit --vercel-supabase
|
|
41
41
|
```
|
|
42
42
|
|
|
43
|
+
## Production Copilot Loop
|
|
44
|
+
|
|
45
|
+
After every scan, read `.viberaven/agent-tasklist.md` for the prioritized task list.
|
|
46
|
+
|
|
47
|
+
The loop is:
|
|
48
|
+
|
|
49
|
+
1. Read `VIBERAVEN_NEXT_ACTION` from scan output for `batchSize`, `batchApplied`, `scanNow`, and `stalled`.
|
|
50
|
+
2. If `stalled: true`, stop calling verify — address provider-action gaps or report to the user.
|
|
51
|
+
3. If `scanNow: true`, call `viberaven_verify` (or run `--verify`) before applying more heals.
|
|
52
|
+
4. For each repo-code task where `requiresUserAction: false` (up to `batchSize` per batch):
|
|
53
|
+
- Call MCP: `viberaven_heal_apply { gap: "<gapId>", yes: true }`
|
|
54
|
+
- Or run `--heal --apply --gap <id> --yes`
|
|
55
|
+
5. After a full batch of heals, call verify once — do NOT verify after every single heal.
|
|
56
|
+
6. Repeat until `gate.status === 'clear'` in `.viberaven/gate-result.json`.
|
|
57
|
+
7. If `requiresUserAction: true`:
|
|
58
|
+
- Read `VIBERAVEN_PROVIDER_ACTION` from terminal output.
|
|
59
|
+
- Present `dashboardUrl` and `exactStep` to the user.
|
|
60
|
+
- Wait for user confirmation, then verify.
|
|
61
|
+
8. If `fixType === 'upgrade-required'`, provide `upgradeUrl` and move on.
|
|
62
|
+
|
|
63
|
+
Do not stop at "scan complete." The loop is not done until `gate.status === 'clear'`.
|
|
64
|
+
|
|
65
|
+
### Batch discipline
|
|
66
|
+
|
|
67
|
+
```
|
|
68
|
+
for each repo-code task (up to batchSize):
|
|
69
|
+
viberaven_heal_apply { gap: "<gapId>", yes: true }
|
|
70
|
+
|
|
71
|
+
viberaven_verify ← once per batch, not per fix
|
|
72
|
+
```
|
|
73
|
+
|
|
74
|
+
On Pro plans, `viberaven_provider_verify` is available as an MCP tool for read-only provider gap verification via Supabase/Vercel MCP evidence.
|
|
75
|
+
|
|
43
76
|
## Rules
|
|
44
77
|
|
|
45
78
|
- Do not skip VibeRaven before deploy/build/cleanup when production readiness is in scope.
|
package/README.md
CHANGED
|
@@ -5,7 +5,7 @@ VibeRaven is the Agent Context + Production Gate for AI-built apps. It gives Cla
|
|
|
5
5
|
## Humans
|
|
6
6
|
|
|
7
7
|
```bash
|
|
8
|
-
npx -y
|
|
8
|
+
npx -y viberaven
|
|
9
9
|
```
|
|
10
10
|
|
|
11
11
|
No subcommand is needed in a real terminal. It opens the interactive menu for sign-in, scan, report, provider guides, dashboards, prompts, and sign-out.
|
|
@@ -15,7 +15,7 @@ No subcommand is needed in a real terminal. It opens the interactive menu for si
|
|
|
15
15
|
Agents should run:
|
|
16
16
|
|
|
17
17
|
```bash
|
|
18
|
-
npx -y
|
|
18
|
+
npx -y viberaven --agent-mode
|
|
19
19
|
```
|
|
20
20
|
|
|
21
21
|
Then read artifacts in this order:
|
|
@@ -29,26 +29,36 @@ Then read artifacts in this order:
|
|
|
29
29
|
Fix one repo-code gap, then run:
|
|
30
30
|
|
|
31
31
|
```bash
|
|
32
|
-
npx -y
|
|
33
|
-
npx -y
|
|
32
|
+
npx -y viberaven --verify
|
|
33
|
+
npx -y viberaven --strict
|
|
34
34
|
```
|
|
35
35
|
|
|
36
36
|
For focused work:
|
|
37
37
|
|
|
38
38
|
```bash
|
|
39
|
-
npx -y
|
|
40
|
-
npx -y
|
|
41
|
-
npx -y
|
|
39
|
+
npx -y viberaven next --json
|
|
40
|
+
npx -y viberaven prompt --gap <id>
|
|
41
|
+
npx -y viberaven audit --vercel-supabase
|
|
42
42
|
```
|
|
43
43
|
|
|
44
44
|
Provider dashboard checks are not cleared by repo-code edits. Billing/product configuration, DNS, webhooks, credentials, quotas, and live provider verification must be completed or verified in the provider dashboard or through read-only provider evidence.
|
|
45
45
|
|
|
46
|
+
## Production Copilot Loop
|
|
47
|
+
|
|
48
|
+
VibeRaven runs a batch-disciplined loop until the production gate clears. Do not stop at "scan complete."
|
|
49
|
+
|
|
50
|
+
1. **Scan** — Run `--agent-mode`. Read `.viberaven/agent-tasklist.md` and parse `VIBERAVEN_NEXT_ACTION` from stdout for `batchSize`, `batchApplied`, `scanNow`, and `stalled`.
|
|
51
|
+
2. **Batch heals** — For each repo-code task where `requiresUserAction: false`, apply up to `batchSize` heals per batch (free=3, pro=10) via `viberaven_heal_apply { gap: "<gapId>", yes: true }` or `--heal --apply --gap <id> --yes`. When `scanNow: true`, verify before applying more heals.
|
|
52
|
+
3. **Verify and clear** — Run `--verify` once per batch (not after every heal). Repeat until `gate.status === 'clear'` in `.viberaven/gate-result.json`. For provider gaps, read `VIBERAVEN_PROVIDER_ACTION`, complete the dashboard step, then verify.
|
|
53
|
+
|
|
54
|
+
If `stalled: true`, stop calling verify and address provider-action gaps or report to the user. Run `--strict` before deploy or CI pass.
|
|
55
|
+
|
|
46
56
|
## Machine Output
|
|
47
57
|
|
|
48
58
|
```bash
|
|
49
|
-
npx -y
|
|
50
|
-
npx -y
|
|
51
|
-
npx -y
|
|
59
|
+
npx -y viberaven --agent-mode --json
|
|
60
|
+
npx -y viberaven --agent-mode --jsonl
|
|
61
|
+
npx -y viberaven --strict --json
|
|
52
62
|
```
|
|
53
63
|
|
|
54
64
|
Machine artifact contract:
|
package/SECURITY.md
CHANGED
|
@@ -13,15 +13,15 @@ The npm CLI does not read `OPENAI_API_KEY` and does not accept a bring-your-own-
|
|
|
13
13
|
Human terminal:
|
|
14
14
|
|
|
15
15
|
```bash
|
|
16
|
-
npx -y
|
|
16
|
+
npx -y viberaven
|
|
17
17
|
```
|
|
18
18
|
|
|
19
19
|
Agent or CI gate:
|
|
20
20
|
|
|
21
21
|
```bash
|
|
22
|
-
npx -y
|
|
23
|
-
npx -y
|
|
24
|
-
npx -y
|
|
22
|
+
npx -y viberaven --agent-mode
|
|
23
|
+
npx -y viberaven --verify
|
|
24
|
+
npx -y viberaven --strict
|
|
25
25
|
```
|
|
26
26
|
|
|
27
27
|
VibeRaven is the Agent Context + Production Gate. Agents should read `.viberaven/agent-tasklist.md`, `.viberaven/gate-result.json`, and `.viberaven/context-map.json` before claiming an app is safe to deploy.
|
package/assets/report/station.js
CHANGED
|
@@ -7274,9 +7274,9 @@ function buildAgentPromptText(payload, nextMove, missing, files) {
|
|
|
7274
7274
|
|
|
7275
7275
|
function buildChecklistText(payload, nextMove, missing, files) {
|
|
7276
7276
|
const lines = [
|
|
7277
|
-
'#
|
|
7277
|
+
'# VibeRaven production checklist',
|
|
7278
7278
|
'',
|
|
7279
|
-
'Generated from the latest VibeRaven
|
|
7279
|
+
'Generated from the latest VibeRaven run.',
|
|
7280
7280
|
'',
|
|
7281
7281
|
'## Next move',
|
|
7282
7282
|
'',
|