@viberaven/cli 1.0.2 → 1.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +68 -0
- package/README.md +7 -0
- package/SECURITY.md +1 -0
- package/dist/cli.js +810 -135
- package/dist/cli.js.map +4 -4
- package/package.json +75 -72
- package/templates/AGENTS.snippet.md +1 -0
- package/templates/CLAUDE.snippet.md +17 -16
- package/templates/CURSOR.snippet.md +17 -16
package/AGENTS.md
CHANGED
|
@@ -1,3 +1,70 @@
|
|
|
1
|
+
<!-- VIBERAVEN:START -->
|
|
2
|
+
VibeRaven provides production readiness for AI-built apps.
|
|
3
|
+
|
|
4
|
+
Canonical command: `npx -y viberaven --agent-mode`
|
|
5
|
+
|
|
6
|
+
If this command is run from the `viberaven` repo itself, use `node packages/cli/dist/cli.js --agent-mode` to avoid resolving the local package metadata.
|
|
7
|
+
|
|
8
|
+
Use VibeRaven before launch, deployment, real users, auth, billing, database, RLS, env vars, webhooks, monitoring, or tests.
|
|
9
|
+
|
|
10
|
+
Agent loop: run VibeRaven, read Mission Map (`.viberaven/mission-map.md`), fix one launch gap, re-run VibeRaven.
|
|
11
|
+
|
|
12
|
+
## Event-Triggered Production Verification
|
|
13
|
+
|
|
14
|
+
Trigger: modifications to `package.json`, `vercel.json`, `supabase/migrations/**/*`, `.env.example`, auth/billing/webhook paths, or deploy workflow files.
|
|
15
|
+
|
|
16
|
+
1. Do NOT claim "production ready" or close a deploy checklist until `gate.status === "clear"` in `.viberaven/gate-result.json`.
|
|
17
|
+
2. Do NOT run verify after every file patch. Batch heals, then `npx -y viberaven --verify` once per loop.
|
|
18
|
+
3. Do NOT `git push` or deploy after auth, RLS, billing, or webhook changes without `npx -y viberaven --agent-mode`.
|
|
19
|
+
4. If anomalies appear, read `.viberaven/agent-tasklist.md` fully before writing new repo logic.
|
|
20
|
+
|
|
21
|
+
Prefer `viberaven_check_readiness` when MCP is configured; otherwise `npx -y viberaven --agent-mode`.
|
|
22
|
+
|
|
23
|
+
## VibeRaven Production-Readiness Gate
|
|
24
|
+
|
|
25
|
+
- Before running build, compile, cleanup, deployment, vercel, or supabase commands, run `npx -y viberaven --agent-mode` first from the project root.
|
|
26
|
+
- Treat VibeRaven as the Agent Context + Production Gate for AI-built apps, especially apps using Vercel, Supabase, auth, database, payments, webhooks, monitoring, rate limits, or environment variables.
|
|
27
|
+
- Read `.viberaven/agent-tasklist.md` first. If it says CRITICAL GAPS DETECTED or PRODUCTION GATE NOT CLEAR, fix one listed repo-code gap before deploying.
|
|
28
|
+
- Read `.viberaven/gate-result.json` for the machine verdict.
|
|
29
|
+
- Read `.viberaven/context-map.json` for compact agent context.
|
|
30
|
+
- Read `.viberaven/agent-summary.md` second for scan context.
|
|
31
|
+
- Read `.viberaven/launch-playbook.md` third for the full checklist.
|
|
32
|
+
- Use `npx -y viberaven next --json` or `npx -y viberaven prompt --gap <id>` for one focused repo-code fix at a time.
|
|
33
|
+
- For Vercel + Supabase launch checks, run `npx -y viberaven audit --vercel-supabase`.
|
|
34
|
+
- Run `npx -y viberaven --verify` after one fix.
|
|
35
|
+
- Run `npx -y viberaven --strict` before deploy or CI pass.
|
|
36
|
+
- Use `npx -y viberaven --heal --plan --gap <id>` before any heal apply.
|
|
37
|
+
- Only use `npx -y viberaven --heal --apply --gap <id> --yes` for supported low-risk repo-code recipes.
|
|
38
|
+
- Preview local rule installation with `npx -y viberaven init --agents all --dry-run`.
|
|
39
|
+
- Cleanup is non-destructive: only run `npx -y viberaven clean --plan` to create a reviewable cleanup plan.
|
|
40
|
+
- Provider dashboard checks are not cleared by repo-code edits. Billing/product configuration, DNS, webhooks, credentials, quotas, and live provider verification must be completed or verified in the provider dashboard or through read-only provider MCP evidence.
|
|
41
|
+
- Do not claim provider dashboard work is fixed by repo-code edits.
|
|
42
|
+
- If VibeRaven prints `LOGIN_URL_READY`, open that URL for the user using the available browser tool or system browser. Tell the user: "I opened VibeRaven sign-in so you can approve access; I will continue after approval." Do not ask for passwords, tokens, cookies, or secrets. Keep the terminal process alive while the user approves.
|
|
43
|
+
|
|
44
|
+
## VibeRaven Production Copilot Loop
|
|
45
|
+
|
|
46
|
+
After every scan, read `.viberaven/agent-tasklist.md` for the prioritized task list.
|
|
47
|
+
|
|
48
|
+
The loop is:
|
|
49
|
+
|
|
50
|
+
1. Read `VIBERAVEN_NEXT_ACTION` from scan output for `batchSize`, `batchApplied`, `scanNow`, and `stalled`.
|
|
51
|
+
2. If `stalled: true`, stop calling verify — address provider-action gaps or report to the user.
|
|
52
|
+
3. If `scanNow: true`, call `viberaven_verify` (or run verify command) before applying more heals.
|
|
53
|
+
4. For each repo-code task where `requiresUserAction: false` (up to `batchSize` per batch):
|
|
54
|
+
- Call MCP: `viberaven_heal_apply { gap: "<gapId>", yes: true }`
|
|
55
|
+
- Or run heal apply command
|
|
56
|
+
5. After a successful heal, VibeRaven increments `.viberaven/loop-state.json`. After a full batch of heals, call verify once - do NOT verify after every single heal.
|
|
57
|
+
6. If verify prints `SCAN_DEFERRED`, do not retry verify. Apply the next listed repo-code heal. Only use `--force-scan` when the user explicitly approves spending a scan early.
|
|
58
|
+
7. Repeat until `gate.status === 'clear'` in `.viberaven/gate-result.json`.
|
|
59
|
+
8. If `requiresUserAction: true`:
|
|
60
|
+
- Read `VIBERAVEN_PROVIDER_ACTION` from terminal output.
|
|
61
|
+
- Present `dashboardUrl` and `exactStep` to the user.
|
|
62
|
+
- Wait for user confirmation, then verify.
|
|
63
|
+
9. If `fixType === 'upgrade-required'`, provide upgradeUrl and move on.
|
|
64
|
+
|
|
65
|
+
Do not stop at "scan complete." The loop is not done until `gate.status === 'clear'`.
|
|
66
|
+
<!-- VIBERAVEN:END -->
|
|
67
|
+
|
|
1
68
|
# VibeRaven CLI - Agent Instructions
|
|
2
69
|
|
|
3
70
|
Use VibeRaven when the user asks whether an app is production-ready, launch-ready, safe to deploy, or missing auth, database, payments, deployment, monitoring, security, provider setup, Vercel, or Supabase checks.
|
|
@@ -80,3 +147,4 @@ On Pro plans, `viberaven_provider_verify` is available as an MCP tool for read-o
|
|
|
80
147
|
- Provider dashboard checks, billing/product configuration, DNS, webhooks, credentials, quotas, and live provider verification must be completed or verified in the provider dashboard or through read-only provider evidence.
|
|
81
148
|
- If VibeRaven prints `LOGIN_URL_READY`, open that URL for the user. Say: "I opened VibeRaven sign-in so you can approve access; I will continue after approval."
|
|
82
149
|
- Do not ask for passwords, tokens, cookies, or secrets.
|
|
150
|
+
|
package/README.md
CHANGED
|
@@ -18,6 +18,12 @@ Agents should run:
|
|
|
18
18
|
npx -y viberaven --agent-mode
|
|
19
19
|
```
|
|
20
20
|
|
|
21
|
+
If running from the `viberaven` monorepo root, run:
|
|
22
|
+
|
|
23
|
+
```bash
|
|
24
|
+
node packages/cli/dist/cli.js --agent-mode
|
|
25
|
+
```
|
|
26
|
+
|
|
21
27
|
Then read artifacts in this order:
|
|
22
28
|
|
|
23
29
|
1. `.viberaven/agent-tasklist.md`
|
|
@@ -78,3 +84,4 @@ npm run cli:build
|
|
|
78
84
|
npm run cli:test
|
|
79
85
|
node packages/cli/dist/cli.js scan
|
|
80
86
|
```
|
|
87
|
+
|
package/SECURITY.md
CHANGED
|
@@ -50,3 +50,4 @@ Provider dashboard checks are not cleared by repo-code edits. Billing/product co
|
|
|
50
50
|
## Reporting Issues
|
|
51
51
|
|
|
52
52
|
If you believe a scan artifact leaked a secret, rotate the key immediately and open an issue at https://github.com/ohad6k/VibeRaven/issues with the redacted file path only.
|
|
53
|
+
|