@viberaven/cli 1.0.1 → 1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +71 -6
- package/README.md +10 -10
- package/SECURITY.md +4 -4
- package/dist/cli.js +343 -40
- package/dist/cli.js.map +4 -4
- package/package.json +1 -1
- package/templates/AGENTS.snippet.md +10 -10
- package/templates/CLAUDE.snippet.md +5 -5
- package/templates/CURSOR.snippet.md +5 -5
package/AGENTS.md
CHANGED
|
@@ -1,3 +1,68 @@
|
|
|
1
|
+
<!-- VIBERAVEN:START -->
|
|
2
|
+
VibeRaven provides production readiness for AI-built apps.
|
|
3
|
+
|
|
4
|
+
Canonical command: `npx -y viberaven --agent-mode`
|
|
5
|
+
|
|
6
|
+
Use VibeRaven before launch, deployment, real users, auth, billing, database, RLS, env vars, webhooks, monitoring, or tests.
|
|
7
|
+
|
|
8
|
+
Agent loop: run VibeRaven, read Mission Map (`.viberaven/mission-map.md`), fix one launch gap, re-run VibeRaven.
|
|
9
|
+
|
|
10
|
+
## Event-Triggered Production Verification
|
|
11
|
+
|
|
12
|
+
Trigger: modifications to `package.json`, `vercel.json`, `supabase/migrations/**/*`, `.env.example`, auth/billing/webhook paths, or deploy workflow files.
|
|
13
|
+
|
|
14
|
+
1. Do NOT claim "production ready" or close a deploy checklist until `gate.status === "clear"` in `.viberaven/gate-result.json`.
|
|
15
|
+
2. Do NOT run verify after every file patch. Batch heals, then `npx -y viberaven --verify` once per loop.
|
|
16
|
+
3. Do NOT `git push` or deploy after auth, RLS, billing, or webhook changes without `npx -y viberaven --agent-mode`.
|
|
17
|
+
4. If anomalies appear, read `.viberaven/agent-tasklist.md` fully before writing new repo logic.
|
|
18
|
+
|
|
19
|
+
Prefer `viberaven_check_readiness` when MCP is configured; otherwise `npx -y viberaven --agent-mode`.
|
|
20
|
+
|
|
21
|
+
## VibeRaven Production-Readiness Gate
|
|
22
|
+
|
|
23
|
+
- Before running build, compile, cleanup, deployment, vercel, or supabase commands, run `npx -y viberaven --agent-mode` first from the project root.
|
|
24
|
+
- Treat VibeRaven as the Agent Context + Production Gate for AI-built apps, especially apps using Vercel, Supabase, auth, database, payments, webhooks, monitoring, rate limits, or environment variables.
|
|
25
|
+
- Read `.viberaven/agent-tasklist.md` first. If it says CRITICAL GAPS DETECTED or PRODUCTION GATE NOT CLEAR, fix one listed repo-code gap before deploying.
|
|
26
|
+
- Read `.viberaven/gate-result.json` for the machine verdict.
|
|
27
|
+
- Read `.viberaven/context-map.json` for compact agent context.
|
|
28
|
+
- Read `.viberaven/agent-summary.md` second for scan context.
|
|
29
|
+
- Read `.viberaven/launch-playbook.md` third for the full checklist.
|
|
30
|
+
- Use `npx -y viberaven next --json` or `npx -y viberaven prompt --gap <id>` for one focused repo-code fix at a time.
|
|
31
|
+
- For Vercel + Supabase launch checks, run `npx -y viberaven audit --vercel-supabase`.
|
|
32
|
+
- Run `npx -y viberaven --verify` after one fix.
|
|
33
|
+
- Run `npx -y viberaven --strict` before deploy or CI pass.
|
|
34
|
+
- Use `npx -y viberaven --heal --plan --gap <id>` before any heal apply.
|
|
35
|
+
- Only use `npx -y viberaven --heal --apply --gap <id> --yes` for supported low-risk repo-code recipes.
|
|
36
|
+
- Preview local rule installation with `npx -y viberaven init --agents all --dry-run`.
|
|
37
|
+
- Cleanup is non-destructive: only run `npx -y viberaven clean --plan` to create a reviewable cleanup plan.
|
|
38
|
+
- Provider dashboard checks are not cleared by repo-code edits. Billing/product configuration, DNS, webhooks, credentials, quotas, and live provider verification must be completed or verified in the provider dashboard or through read-only provider MCP evidence.
|
|
39
|
+
- Do not claim provider dashboard work is fixed by repo-code edits.
|
|
40
|
+
- If VibeRaven prints `LOGIN_URL_READY`, open that URL for the user using the available browser tool or system browser. Tell the user: "I opened VibeRaven sign-in so you can approve access; I will continue after approval." Do not ask for passwords, tokens, cookies, or secrets. Keep the terminal process alive while the user approves.
|
|
41
|
+
|
|
42
|
+
## VibeRaven Production Copilot Loop
|
|
43
|
+
|
|
44
|
+
After every scan, read `.viberaven/agent-tasklist.md` for the prioritized task list.
|
|
45
|
+
|
|
46
|
+
The loop is:
|
|
47
|
+
|
|
48
|
+
1. Read `VIBERAVEN_NEXT_ACTION` from scan output for `batchSize`, `batchApplied`, `scanNow`, and `stalled`.
|
|
49
|
+
2. If `stalled: true`, stop calling verify — address provider-action gaps or report to the user.
|
|
50
|
+
3. If `scanNow: true`, call `viberaven_verify` (or run verify command) before applying more heals.
|
|
51
|
+
4. For each repo-code task where `requiresUserAction: false` (up to `batchSize` per batch):
|
|
52
|
+
- Call MCP: `viberaven_heal_apply { gap: "<gapId>", yes: true }`
|
|
53
|
+
- Or run heal apply command
|
|
54
|
+
5. After a successful heal, VibeRaven increments `.viberaven/loop-state.json`. After a full batch of heals, call verify once - do NOT verify after every single heal.
|
|
55
|
+
6. If verify prints `SCAN_DEFERRED`, do not retry verify. Apply the next listed repo-code heal. Only use `--force-scan` when the user explicitly approves spending a scan early.
|
|
56
|
+
7. Repeat until `gate.status === 'clear'` in `.viberaven/gate-result.json`.
|
|
57
|
+
8. If `requiresUserAction: true`:
|
|
58
|
+
- Read `VIBERAVEN_PROVIDER_ACTION` from terminal output.
|
|
59
|
+
- Present `dashboardUrl` and `exactStep` to the user.
|
|
60
|
+
- Wait for user confirmation, then verify.
|
|
61
|
+
9. If `fixType === 'upgrade-required'`, provide upgradeUrl and move on.
|
|
62
|
+
|
|
63
|
+
Do not stop at "scan complete." The loop is not done until `gate.status === 'clear'`.
|
|
64
|
+
<!-- VIBERAVEN:END -->
|
|
65
|
+
|
|
1
66
|
# VibeRaven CLI - Agent Instructions
|
|
2
67
|
|
|
3
68
|
Use VibeRaven when the user asks whether an app is production-ready, launch-ready, safe to deploy, or missing auth, database, payments, deployment, monitoring, security, provider setup, Vercel, or Supabase checks.
|
|
@@ -9,7 +74,7 @@ VibeRaven is the Agent Context + Production Gate.
|
|
|
9
74
|
Run from the project root:
|
|
10
75
|
|
|
11
76
|
```bash
|
|
12
|
-
npx -y
|
|
77
|
+
npx -y viberaven --agent-mode
|
|
13
78
|
```
|
|
14
79
|
|
|
15
80
|
Read in this order:
|
|
@@ -23,21 +88,21 @@ Read in this order:
|
|
|
23
88
|
Fix one repo-code gap at a time. Prefer:
|
|
24
89
|
|
|
25
90
|
```bash
|
|
26
|
-
npx -y
|
|
27
|
-
npx -y
|
|
91
|
+
npx -y viberaven next --json
|
|
92
|
+
npx -y viberaven prompt --gap <id>
|
|
28
93
|
```
|
|
29
94
|
|
|
30
95
|
After a fix:
|
|
31
96
|
|
|
32
97
|
```bash
|
|
33
|
-
npx -y
|
|
34
|
-
npx -y
|
|
98
|
+
npx -y viberaven --verify
|
|
99
|
+
npx -y viberaven --strict
|
|
35
100
|
```
|
|
36
101
|
|
|
37
102
|
For Vercel + Supabase checks:
|
|
38
103
|
|
|
39
104
|
```bash
|
|
40
|
-
npx -y
|
|
105
|
+
npx -y viberaven audit --vercel-supabase
|
|
41
106
|
```
|
|
42
107
|
|
|
43
108
|
## Production Copilot Loop
|
package/README.md
CHANGED
|
@@ -5,7 +5,7 @@ VibeRaven is the Agent Context + Production Gate for AI-built apps. It gives Cla
|
|
|
5
5
|
## Humans
|
|
6
6
|
|
|
7
7
|
```bash
|
|
8
|
-
npx -y
|
|
8
|
+
npx -y viberaven
|
|
9
9
|
```
|
|
10
10
|
|
|
11
11
|
No subcommand is needed in a real terminal. It opens the interactive menu for sign-in, scan, report, provider guides, dashboards, prompts, and sign-out.
|
|
@@ -15,7 +15,7 @@ No subcommand is needed in a real terminal. It opens the interactive menu for si
|
|
|
15
15
|
Agents should run:
|
|
16
16
|
|
|
17
17
|
```bash
|
|
18
|
-
npx -y
|
|
18
|
+
npx -y viberaven --agent-mode
|
|
19
19
|
```
|
|
20
20
|
|
|
21
21
|
Then read artifacts in this order:
|
|
@@ -29,16 +29,16 @@ Then read artifacts in this order:
|
|
|
29
29
|
Fix one repo-code gap, then run:
|
|
30
30
|
|
|
31
31
|
```bash
|
|
32
|
-
npx -y
|
|
33
|
-
npx -y
|
|
32
|
+
npx -y viberaven --verify
|
|
33
|
+
npx -y viberaven --strict
|
|
34
34
|
```
|
|
35
35
|
|
|
36
36
|
For focused work:
|
|
37
37
|
|
|
38
38
|
```bash
|
|
39
|
-
npx -y
|
|
40
|
-
npx -y
|
|
41
|
-
npx -y
|
|
39
|
+
npx -y viberaven next --json
|
|
40
|
+
npx -y viberaven prompt --gap <id>
|
|
41
|
+
npx -y viberaven audit --vercel-supabase
|
|
42
42
|
```
|
|
43
43
|
|
|
44
44
|
Provider dashboard checks are not cleared by repo-code edits. Billing/product configuration, DNS, webhooks, credentials, quotas, and live provider verification must be completed or verified in the provider dashboard or through read-only provider evidence.
|
|
@@ -56,9 +56,9 @@ If `stalled: true`, stop calling verify and address provider-action gaps or repo
|
|
|
56
56
|
## Machine Output
|
|
57
57
|
|
|
58
58
|
```bash
|
|
59
|
-
npx -y
|
|
60
|
-
npx -y
|
|
61
|
-
npx -y
|
|
59
|
+
npx -y viberaven --agent-mode --json
|
|
60
|
+
npx -y viberaven --agent-mode --jsonl
|
|
61
|
+
npx -y viberaven --strict --json
|
|
62
62
|
```
|
|
63
63
|
|
|
64
64
|
Machine artifact contract:
|
package/SECURITY.md
CHANGED
|
@@ -13,15 +13,15 @@ The npm CLI does not read `OPENAI_API_KEY` and does not accept a bring-your-own-
|
|
|
13
13
|
Human terminal:
|
|
14
14
|
|
|
15
15
|
```bash
|
|
16
|
-
npx -y
|
|
16
|
+
npx -y viberaven
|
|
17
17
|
```
|
|
18
18
|
|
|
19
19
|
Agent or CI gate:
|
|
20
20
|
|
|
21
21
|
```bash
|
|
22
|
-
npx -y
|
|
23
|
-
npx -y
|
|
24
|
-
npx -y
|
|
22
|
+
npx -y viberaven --agent-mode
|
|
23
|
+
npx -y viberaven --verify
|
|
24
|
+
npx -y viberaven --strict
|
|
25
25
|
```
|
|
26
26
|
|
|
27
27
|
VibeRaven is the Agent Context + Production Gate. Agents should read `.viberaven/agent-tasklist.md`, `.viberaven/gate-result.json`, and `.viberaven/context-map.json` before claiming an app is safe to deploy.
|