@viberaven/cli 1.0.2 → 1.0.3

package/AGENTS.md

@@ -1,3 +1,68 @@
+<!-- VIBERAVEN:START -->
+VibeRaven provides production readiness for AI-built apps.
+
+Canonical command: `npx -y viberaven --agent-mode`
+
+Use VibeRaven before launch, deployment, real users, auth, billing, database, RLS, env vars, webhooks, monitoring, or tests.
+
+Agent loop: run VibeRaven, read Mission Map (`.viberaven/mission-map.md`), fix one launch gap, re-run VibeRaven.
+
+## Event-Triggered Production Verification
+
+Trigger: modifications to `package.json`, `vercel.json`, `supabase/migrations/**/*`, `.env.example`, auth/billing/webhook paths, or deploy workflow files.
+
+1. Do NOT claim "production ready" or close a deploy checklist until `gate.status === "clear"` in `.viberaven/gate-result.json`.
+2. Do NOT run verify after every file patch. Batch heals, then `npx -y viberaven --verify` once per loop.
+3. Do NOT `git push` or deploy after auth, RLS, billing, or webhook changes without `npx -y viberaven --agent-mode`.
+4. If anomalies appear, read `.viberaven/agent-tasklist.md` fully before writing new repo logic.
+
+Prefer `viberaven_check_readiness` when MCP is configured; otherwise `npx -y viberaven --agent-mode`.
+
+## VibeRaven Production-Readiness Gate
+
+- Before running build, compile, cleanup, deployment, vercel, or supabase commands, run `npx -y viberaven --agent-mode` first from the project root.
+- Treat VibeRaven as the Agent Context + Production Gate for AI-built apps, especially apps using Vercel, Supabase, auth, database, payments, webhooks, monitoring, rate limits, or environment variables.
+- Read `.viberaven/agent-tasklist.md` first. If it says CRITICAL GAPS DETECTED or PRODUCTION GATE NOT CLEAR, fix one listed repo-code gap before deploying.
+- Read `.viberaven/gate-result.json` for the machine verdict.
+- Read `.viberaven/context-map.json` for compact agent context.
+- Read `.viberaven/agent-summary.md` second for scan context.
+- Read `.viberaven/launch-playbook.md` third for the full checklist.
+- Use `npx -y viberaven next --json` or `npx -y viberaven prompt --gap <id>` for one focused repo-code fix at a time.
+- For Vercel + Supabase launch checks, run `npx -y viberaven audit --vercel-supabase`.
+- Run `npx -y viberaven --verify` after one fix.
+- Run `npx -y viberaven --strict` before deploy or CI pass.
+- Use `npx -y viberaven --heal --plan --gap <id>` before any heal apply.
+- Only use `npx -y viberaven --heal --apply --gap <id> --yes` for supported low-risk repo-code recipes.
+- Preview local rule installation with `npx -y viberaven init --agents all --dry-run`.
+- Cleanup is non-destructive: only run `npx -y viberaven clean --plan` to create a reviewable cleanup plan.
+- Provider dashboard checks are not cleared by repo-code edits. Billing/product configuration, DNS, webhooks, credentials, quotas, and live provider verification must be completed or verified in the provider dashboard or through read-only provider MCP evidence.
+- Do not claim provider dashboard work is fixed by repo-code edits.
+- If VibeRaven prints `LOGIN_URL_READY`, open that URL for the user using the available browser tool or system browser. Tell the user: "I opened VibeRaven sign-in so you can approve access; I will continue after approval." Do not ask for passwords, tokens, cookies, or secrets. Keep the terminal process alive while the user approves.
+
+## VibeRaven Production Copilot Loop
+
+After every scan, read `.viberaven/agent-tasklist.md` for the prioritized task list.
+
+The loop is:
+
+1. Read `VIBERAVEN_NEXT_ACTION` from scan output for `batchSize`, `batchApplied`, `scanNow`, and `stalled`.
+2. If `stalled: true`, stop calling verify — address provider-action gaps or report to the user.
+3. If `scanNow: true`, call `viberaven_verify` (or run verify command) before applying more heals.
+4. For each repo-code task where `requiresUserAction: false` (up to `batchSize` per batch):
+   - Call MCP: `viberaven_heal_apply { gap: "<gapId>", yes: true }`
+   - Or run heal apply command
+5. After a successful heal, VibeRaven increments `.viberaven/loop-state.json`. After a full batch of heals, call verify once - do NOT verify after every single heal.
+6. If verify prints `SCAN_DEFERRED`, do not retry verify. Apply the next listed repo-code heal. Only use `--force-scan` when the user explicitly approves spending a scan early.
+7. Repeat until `gate.status === 'clear'` in `.viberaven/gate-result.json`.
+8. If `requiresUserAction: true`:
+   - Read `VIBERAVEN_PROVIDER_ACTION` from terminal output.
+   - Present `dashboardUrl` and `exactStep` to the user.
+   - Wait for user confirmation, then verify.
+9. If `fixType === 'upgrade-required'`, provide upgradeUrl and move on.
+
+Do not stop at "scan complete." The loop is not done until `gate.status === 'clear'`.
+<!-- VIBERAVEN:END -->
+
 # VibeRaven CLI - Agent Instructions
 
 Use VibeRaven when the user asks whether an app is production-ready, launch-ready, safe to deploy, or missing auth, database, payments, deployment, monitoring, security, provider setup, Vercel, or Supabase checks.

package/dist/cli.js

@@ -585,14 +585,18 @@ function formatUsageLine(usage) {
   const periodLabel = usage.period === "monthly" ? "this month" : "lifetime";
   return `Scans: ${usage.used}/${usage.limit} (${periodLabel}, ${usage.plan}) \xB7 ${usage.remainingPrompts} remaining`;
 }
+function normalizeUpgradeUrl(url) {
+  return url.replace("https://viberice.com/account", "https://viberaven.dev/account");
+}
 function formatScanLimitMessage(upgradeUrl) {
+  const safeUpgradeUrl = normalizeUpgradeUrl(upgradeUrl);
   return [
     "",
     formatAgentStatus(UPGRADE_REQUIRED, "Free scan limit reached. Upgrade to Pro to continue."),
     "Your last scan artifacts are unchanged if you already ran a scan in this repo.",
     "Do not keep retrying this scan until the user upgrades or quota resets.",
     "",
-    `Upgrade & account: ${upgradeUrl}`,
+    `Upgrade & account: ${safeUpgradeUrl}`,
     ""
   ].join("\n");
 }
@@ -11224,7 +11228,7 @@ function buildAgentFixPrompt(artifact, gap) {
 }
 
 // src/version.ts
-var VERSION = "1.0.2";
+var VERSION = "1.0.3";
 
 // src/commands/guide.ts
 var import_picocolors3 = __toESM(require_picocolors());
@@ -11505,8 +11509,20 @@ Canonical command: \`${PUBLIC_AGENT_MODE_COMMAND}\`
 Use VibeRaven before launch, deployment, real users, auth, billing, database, RLS, env vars, webhooks, monitoring, or tests.
 
 Agent loop: run VibeRaven, read Mission Map (\`.viberaven/mission-map.md\`), fix one launch gap, re-run VibeRaven.`;
+var AGENT_NEGATIVE_CONSTRAINTS = `## Event-Triggered Production Verification
+
+Trigger: modifications to \`package.json\`, \`vercel.json\`, \`supabase/migrations/**/*\`, \`.env.example\`, auth/billing/webhook paths, or deploy workflow files.
+
+1. Do NOT claim "production ready" or close a deploy checklist until \`gate.status === "clear"\` in \`.viberaven/gate-result.json\`.
+2. Do NOT run verify after every file patch. Batch heals, then \`${PUBLIC_VERIFY_COMMAND}\` once per loop.
+3. Do NOT \`git push\` or deploy after auth, RLS, billing, or webhook changes without \`${PUBLIC_AGENT_MODE_COMMAND}\`.
+4. If anomalies appear, read \`.viberaven/agent-tasklist.md\` fully before writing new repo logic.
+
+Prefer \`viberaven_check_readiness\` when MCP is configured; otherwise \`${PUBLIC_AGENT_MODE_COMMAND}\`.`;
 var AGENT_RULES_BODY = `${AGENT_RULES_PREAMBLE}
 
+${AGENT_NEGATIVE_CONSTRAINTS}
+
 ## VibeRaven Production-Readiness Gate
 
 - Before running build, compile, cleanup, deployment, vercel, or supabase commands, run \`${PUBLIC_AGENT_MODE_COMMAND}\` first from the project root.
@@ -11582,11 +11598,31 @@ function buildMissionMapBlock() {
 function wrapViberavenBlock(body) {
   return [VIBERAVEN_BLOCK_START, body, VIBERAVEN_BLOCK_END].join("\n");
 }
+function stripLegacyFrontmatterBeforeViberavenBlock(content) {
+  const blockStarts = [VIBERAVEN_BLOCK_START, VIBERAVEN_LEGACY_BLOCK_START];
+  let blockIndex = -1;
+  for (const start of blockStarts) {
+    const index = content.indexOf(start);
+    if (index !== -1 && (blockIndex === -1 || index < blockIndex)) {
+      blockIndex = index;
+    }
+  }
+  if (blockIndex <= 0) {
+    return content;
+  }
+  const beforeBlock = content.slice(0, blockIndex);
+  if (!beforeBlock.trimStart().startsWith("---")) {
+    return content;
+  }
+  const strippedPrefix = beforeBlock.replace(/^---[\s\S]*?---\s*/m, "");
+  return `${strippedPrefix}${content.slice(blockIndex)}`;
+}
 function injectAgentRulesBlock(existingContent, replacementBlock = buildAgentRulesBlock()) {
-  const existingMatch = findBoundedBlock(existingContent);
+  const normalizedExisting = replacementBlock.trimStart().startsWith("---") ? stripLegacyFrontmatterBeforeViberavenBlock(existingContent) : existingContent;
+  const existingMatch = findBoundedBlock(normalizedExisting);
   if (existingMatch) {
     const content = replaceExistingAgentRulesBlock({
-      existingContent,
+      existingContent: normalizedExisting,
       existingMatch,
       replacementBlock
     });
@@ -11595,9 +11631,9 @@ function injectAgentRulesBlock(existingContent, replacementBlock = buildAgentRul
       changed: content !== existingContent
     };
   }
-  const separator = existingContent.length > 0 ? "\n\n" : "";
+  const separator = normalizedExisting.length > 0 ? "\n\n" : "";
   return {
-    content: `${replacementBlock}${separator}${existingContent}`,
+    content: `${replacementBlock}${separator}${normalizedExisting}`,
     changed: true
   };
 }
@@ -11724,8 +11760,13 @@ function renderAgentRulesForTarget(target) {
   if (target === "cursor") {
     return [
       "---",
-      "description: VibeRaven production-readiness gate",
+      "description: Applied when verifying backend or infrastructure readiness before production deployment.",
       "globs:",
+      "  - package.json",
+      "  - vercel.json",
+      "  - supabase/migrations/**",
+      "  - .env.example",
+      "  - .github/workflows/**",
       "alwaysApply: true",
       "---",
       "",