@viberaven/cli 1.0.6 → 1.1.0

package/dist/cli.js

@@ -31,9 +31,9 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 ));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
-// ../../node_modules/picocolors/picocolors.js
+// ../../../../node_modules/picocolors/picocolors.js
 var require_picocolors = __commonJS({
-  "../../node_modules/picocolors/picocolors.js"(exports2, module2) {
+  "../../../../node_modules/picocolors/picocolors.js"(exports2, module2) {
     var p2 = process || {};
     var argv = p2.argv || [];
     var env = p2.env || {};
@@ -103,9 +103,9 @@ var require_picocolors = __commonJS({
   }
 });
 
-// ../../node_modules/sisteransi/src/index.js
+// ../../../../node_modules/sisteransi/src/index.js
 var require_src = __commonJS({
-  "../../node_modules/sisteransi/src/index.js"(exports2, module2) {
+  "../../../../node_modules/sisteransi/src/index.js"(exports2, module2) {
     "use strict";
     var ESC = "\x1B";
     var CSI = `${ESC}[`;
@@ -167,12 +167,11 @@ __export(cli_exports, {
   parseArgs: () => parseArgs,
   printHelp: () => printHelp,
   resolveDefaultEntrypointMode: () => resolveDefaultEntrypointMode,
-  resolveLaunchPermissionMode: () => resolveLaunchPermissionMode,
   runScanCommand: () => runScanCommand
 });
 module.exports = __toCommonJS(cli_exports);
 var import_promises19 = require("node:fs/promises");
-var import_node_path25 = require("node:path");
+var import_node_path26 = require("node:path");
 
 // src/config.ts
 var import_node_os = require("node:os");
@@ -8855,7 +8854,7 @@ function buildProviderAction(gap, provider2) {
       // Use step title as the done signal
       doneSignal: `${step.title} step completed`,
       verifyCommand: PUBLIC_VERIFY_COMMAND,
-      actionClass: "provider_write",
+      actionClass: "manual_provider_step",
       approvalRequired: true,
       manualFallback: `Open ${step.openUrl ?? `https://${provider2}.com`} and complete: ${step.instruction}`,
       copyValues: []
@@ -9412,385 +9411,155 @@ function sanitizeArtifactForDisk(artifact) {
   return redactUnknown(artifact);
 }
 
-// src/providerMcpBridge.ts
-var import_node_fs7 = require("node:fs");
-var import_node_os2 = require("node:os");
+// src/version.ts
+var VERSION = "1.1.0";
+
+// src/prp/buildPrp.ts
 var import_node_path8 = require("node:path");
-var UPGRADE_URL4 = "https://viberaven.dev/pricing";
-var FALLBACK_COMMAND = "npx -y viberaven audit --vercel-supabase --json";
-var SUPPORTED_PROVIDERS = /* @__PURE__ */ new Set(["supabase", "vercel"]);
-var configPathsOverride;
-function defaultMcpConfigPaths() {
-  const home = (0, import_node_os2.homedir)();
-  return [
-    (0, import_node_path8.join)(home, ".config", "claude", "claude_desktop_config.json"),
-    (0, import_node_path8.join)(home, ".cursor", "mcp.json"),
-    (0, import_node_path8.join)(home, ".gemini", "antigravity", "mcp_config.json")
-  ];
-}
-function resolveConfigPaths() {
-  return configPathsOverride ?? defaultMcpConfigPaths();
-}
-function parseMcpServers(raw) {
-  if (!raw || typeof raw !== "object") {
-    return void 0;
-  }
-  const obj = raw;
-  if (obj.mcpServers && typeof obj.mcpServers === "object") {
-    return obj.mcpServers;
-  }
-  if (obj.servers && typeof obj.servers === "object") {
-    return obj.servers;
-  }
-  return void 0;
+
+// src/prp/types.ts
+var PRP_SCHEMA_URL = "https://schemas.viberaven.dev/prp/v0.1/schema.json";
+var PRP_PROTOCOL = "viberaven-production-protocol";
+var PRP_PROTOCOL_VERSION = "0.1.0";
+
+// src/prp/buildPrp.ts
+var ONE_DAY_MS = 24 * 60 * 60 * 1e3;
+var REDACTED = "<redacted>";
+var SENSITIVE_JSON_KEY_PATTERN = /secret|token|api[_-]?key|apikey|password|private[_-]?key|database[_-]?url|connection[_-]?string|service[_-]?role|role[_-]?key/i;
+function buildProductionProtocolReport(options) {
+  const profile = options.profile ?? "launch";
+  const generatedAt = options.artifact.scannedAt;
+  const expiresAt = new Date(new Date(generatedAt).getTime() + ONE_DAY_MS).toISOString();
+  const evidence = buildEvidence(options.artifact);
+  const nextActions = buildNextActions(options.tasks);
+  const findings = buildFindings(options.artifact, nextActions);
+  return {
+    $schema: PRP_SCHEMA_URL,
+    protocol: PRP_PROTOCOL,
+    protocolVersion: PRP_PROTOCOL_VERSION,
+    producer: {
+      name: "viberaven",
+      version: options.producerVersion
+    },
+    subject: {
+      projectName: sanitizePrpText((0, import_node_path8.basename)(options.artifact.workspacePath) || "workspace"),
+      framework: sanitizePrpText(options.artifact.archetype || "unknown"),
+      packageManager: "unknown",
+      deploymentTarget: sanitizePrpText(options.artifact.selectedProviders?.deployment ?? "unknown"),
+      environment: "production"
+    },
+    profile,
+    decision: {
+      status: resolveDecisionStatus(options.artifact),
+      generatedAt,
+      expiresAt,
+      summary: summarizeDecision(options.artifact)
+    },
+    findings,
+    evidence,
+    nextActions,
+    agentInstructions: {
+      mustRead: [".viberaven/prp.json", ".viberaven/mission-map.md", ".viberaven/context-map.json"],
+      doNotDeployUntil: [
+        "decision.status is not blocked",
+        "critical nextActions are resolved or explicitly accepted"
+      ]
+    }
+  };
 }
-function findServerEntry(servers, provider2) {
-  if (servers[provider2]) {
-    return servers[provider2];
-  }
-  const key = Object.keys(servers).find((candidate) => candidate.toLowerCase() === provider2);
-  return key ? servers[key] : void 0;
+function resolveDecisionStatus(artifact) {
+  if (artifact.gaps.some((gap) => gap.severity === "critical")) return "blocked";
+  if (artifact.gaps.some((gap) => gap.severity === "warning")) return "warning";
+  return "clear";
 }
-function findProviderMcpConfig(provider2, configPaths) {
-  const paths = configPaths ?? resolveConfigPaths();
-  for (const path of paths) {
-    if (!(0, import_node_fs7.existsSync)(path)) {
-      continue;
-    }
-    try {
-      const raw = JSON.parse((0, import_node_fs7.readFileSync)(path, "utf8"));
-      const servers = parseMcpServers(raw);
-      if (!servers) {
-        continue;
-      }
-      const entry = findServerEntry(servers, provider2);
-      if (!entry || typeof entry !== "object") {
-        continue;
-      }
-      const server = entry;
-      return {
-        command: typeof server.command === "string" ? server.command : void 0,
-        args: Array.isArray(server.args) ? server.args.filter((arg) => typeof arg === "string") : void 0,
-        url: typeof server.url === "string" ? server.url : void 0,
-        source: path
-      };
-    } catch {
-      continue;
-    }
-  }
-  return void 0;
+function summarizeDecision(artifact) {
+  const critical = artifact.gaps.filter((gap) => gap.severity === "critical").length;
+  const warning = artifact.gaps.filter((gap) => gap.severity === "warning").length;
+  if (critical > 0) return `${critical} production blocker${critical === 1 ? "" : "s"} found`;
+  if (warning > 0) return `${warning} production warning${warning === 1 ? "" : "s"} found`;
+  return "No production blockers found";
 }
-async function verifyProviderGap(options) {
-  if (options.plan !== "pro") {
-    return {
-      verified: false,
-      reason: "pro-required",
-      upgradeUrl: UPGRADE_URL4
-    };
-  }
-  const provider2 = options.provider.toLowerCase().trim();
-  if (!SUPPORTED_PROVIDERS.has(provider2)) {
+function buildEvidence(artifact) {
+  return artifact.gaps.map((gap) => {
+    const gapId = safePrpId(gap.id);
     return {
-      verified: false,
-      reason: "unsupported-provider"
+      id: `evidence.${gapId}.repo`,
+      kind: "repo",
+      status: evidenceStatusForGapSeverity(gap.severity),
+      source: sanitizePrpText(String(gap.file ?? gap.primaryMapCategory ?? "repo")),
+      summary: sanitizePrpText(gap.detail || gap.title || gap.id)
     };
-  }
-  const mcpConfig = findProviderMcpConfig(provider2);
-  if (!mcpConfig) {
-    return {
-      verified: false,
-      mcpUnavailable: true,
-      fallbackCommand: FALLBACK_COMMAND
-    };
-  }
-  return {
-    verified: false,
-    mcpUnavailable: true,
-    fallbackCommand: FALLBACK_COMMAND
-  };
+  });
 }
-function defaultProviderDashboardUrl(provider2) {
-  const normalized = provider2.toLowerCase();
-  if (normalized === "vercel") return "https://vercel.com/dashboard";
-  if (normalized === "supabase") return "https://supabase.com/dashboard/projects";
-  if (normalized === "stripe") return "https://dashboard.stripe.com/webhooks";
-  if (normalized === "posthog") return "https://us.posthog.com/project/settings";
-  return void 0;
+function evidenceStatusForGapSeverity(severity) {
+  if (severity === "critical" || severity === "warning") return "missing";
+  return "inconclusive";
 }
-
-// src/launch/providerAutomation.ts
-function buildProviderAutomationOptions(options) {
-  const provider2 = options.provider.toLowerCase();
-  const result = [];
-  if (options.mcpConfig) {
-    result.push({
-      kind: "mcp",
-      provider: provider2,
-      available: true,
-      label: `${provider2} MCP configured`,
-      source: options.mcpConfig.source,
-      openUrl: options.mcpConfig.url
-    });
-  }
-  if (options.cli?.available) {
-    result.push({
-      kind: "cli",
-      provider: provider2,
-      available: true,
-      label: options.cli.authenticated ? `${options.cli.command} CLI authenticated` : `${options.cli.command} CLI needs login`,
-      command: options.cli.authenticated ? options.cli.command : `${options.cli.command} login`,
-      reason: options.cli.detail
-    });
-  }
-  const dashboardUrl = defaultProviderDashboardUrl(provider2);
-  if (dashboardUrl) {
-    result.push({
-      kind: "dashboard",
-      provider: provider2,
-      available: true,
-      label: `Open ${provider2} dashboard`,
-      openUrl: dashboardUrl
-    });
-  }
-  result.push({
-    kind: "manual",
-    provider: provider2,
-    available: true,
-    label: `Show manual ${provider2} setup steps`,
-    reason: "Manual fallback is always available"
+function buildFindings(artifact, nextActions) {
+  return artifact.gaps.map((gap) => {
+    const gapId = safePrpId(gap.id);
+    return {
+      id: gapId,
+      severity: gap.severity,
+      category: sanitizePrpText(String(gap.primaryMapCategory ?? "unknown")),
+      summary: sanitizePrpText(gap.title || gap.id),
+      evidenceRefs: [`evidence.${gapId}.repo`],
+      nextActionRefs: nextActions.some((action) => action.gapId === sanitizePrpText(gap.id)) ? [`action.${gapId}`] : []
+    };
   });
-  return result;
 }
-
-// src/launch/providerActions.ts
-var VERIFY_COMMAND = "npx -y viberaven --verify";
-function buildLaunchProviderActions(options) {
-  const actions = [];
-  const providers = new Set(options.recipe.providers);
-  if (providers.has("vercel")) {
-    actions.push({
-      provider: "vercel",
-      actionClass: "preview_deploy",
-      title: "Create a Vercel preview URL",
-      detail: "Run a preview deploy so the vibe coder can see the app live before production promotion.",
-      openUrl: "https://vercel.com/new",
-      command: "vercel deploy",
-      copyValues: [],
-      verifyCommand: VERIFY_COMMAND,
-      approvalRequired: true,
-      manualFallback: "Open Vercel, import or link this project, then create a preview deployment.",
-      automation: buildProviderAutomationOptions({ provider: "vercel" })
-    });
-  }
-  if (providers.has("supabase")) {
-    actions.push({
-      provider: "supabase",
-      actionClass: "provider_write",
-      title: "Connect Supabase project and env values",
-      detail: "Connect the production Supabase project, then verify env wiring, migrations, auth, and RLS evidence.",
-      openUrl: defaultProviderDashboardUrl("supabase"),
-      copyValues: [
-        { label: "Public URL env name", value: "NEXT_PUBLIC_SUPABASE_URL", secret: false },
-        { label: "Anon key env name", value: "NEXT_PUBLIC_SUPABASE_ANON_KEY", secret: false }
-      ],
-      verifyCommand: VERIFY_COMMAND,
-      approvalRequired: true,
-      manualFallback: "Open Supabase project settings, copy the project URL and anon key, then add them to Vercel preview and production env vars.",
-      automation: buildProviderAutomationOptions({ provider: "supabase" })
-    });
-  }
-  if (providers.has("stripe")) {
-    const baseUrl = options.productionDomain ?? "https://<production-domain>";
-    actions.push({
-      provider: "stripe",
-      actionClass: "provider_write",
-      title: "Finish Stripe products and webhook setup",
-      detail: "Configure Stripe products/prices and add the production webhook endpoint with required billing events.",
-      openUrl: defaultProviderDashboardUrl("stripe"),
-      copyValues: [
-        { label: "Webhook endpoint", value: `${baseUrl}/api/stripe/webhook`, secret: false },
-        { label: "Required event", value: "checkout.session.completed", secret: false },
-        { label: "Required event", value: "customer.subscription.updated", secret: false },
-        { label: "Required event", value: "customer.subscription.deleted", secret: false },
-        { label: "Required event", value: "invoice.payment_failed", secret: false },
-        { label: "Webhook secret env name", value: "STRIPE_WEBHOOK_SECRET", secret: false }
-      ],
-      verifyCommand: VERIFY_COMMAND,
-      approvalRequired: true,
-      manualFallback: "Open Stripe Webhooks, add the endpoint URL, select the listed events, then store the signing secret as STRIPE_WEBHOOK_SECRET.",
-      automation: buildProviderAutomationOptions({ provider: "stripe" })
-    });
-  }
-  return actions;
-}
-
-// src/launch/recipes.ts
-function textIncludes(text, token) {
-  return text.toLowerCase().includes(token.toLowerCase());
+function buildNextActions(tasks) {
+  return tasks.map((task) => ({
+    id: `action.${safePrpId(task.gapId)}`,
+    title: sanitizePrpText(task.title),
+    actionClass: actionClassForTask(task),
+    requiresUserAction: task.requiresUserAction,
+    approvalRequired: task.requiresUserAction,
+    verifyCommand: sanitizePrpText(task.verifyCommand || PUBLIC_VERIFY_COMMAND),
+    gapId: sanitizePrpText(task.gapId),
+    provider: sanitizeOptionalPrpText(task.providerAction?.provider),
+    dashboardUrl: sanitizeOptionalPrpText(task.providerAction?.dashboardUrl),
+    manualFallback: sanitizeOptionalPrpText(task.providerAction?.exactStep ?? task.action),
+    mcpTool: sanitizeOptionalPrpText(task.mcpTool),
+    mcpArgs: sanitizePrpJsonObject(task.mcpArgs)
+  }));
 }
-function selectedProviderSet(artifact) {
-  return new Set(Object.values(artifact.selectedProviders ?? {}).map((value) => value.toLowerCase()));
+function actionClassForTask(task) {
+  if (task.fixType === "repo-code") return "local_repo_write";
+  if (task.fixType === "provider-action") return "manual_provider_step";
+  if (task.fixType === "manual-verify") return "local_repo_read";
+  return "manual_provider_step";
 }
-function hasProvider(artifact, provider2) {
-  const selected = selectedProviderSet(artifact);
-  return selected.has(provider2);
+function safeId(value) {
+  return value.trim().toLowerCase().replace(/[^a-z0-9]+/g, "_").replace(/^_+|_+$/g, "") || "unknown";
 }
-function isNextLike(artifact) {
-  const text = [artifact.archetype, artifact.summary].join(" ");
-  return textIncludes(text, "next") || textIncludes(text, "nextjs") || textIncludes(text, "next.js");
+function safePrpId(value) {
+  return safeId(sanitizePrpText(value));
 }
-function detectLaunchRecipe(artifact) {
-  const next = isNextLike(artifact);
-  const vercel = hasProvider(artifact, "vercel");
-  const supabase = hasProvider(artifact, "supabase");
-  const stripe = hasProvider(artifact, "stripe");
-  if (next && supabase && stripe && vercel) {
-    return {
-      id: "nextjs-supabase-stripe-vercel",
-      label: "Next.js + Supabase + Stripe + Vercel SaaS",
-      confidence: "high",
-      goal: "preview-first",
-      providers: ["vercel", "supabase", "stripe"],
-      reasons: ["Next.js/Vercel evidence detected", "Supabase evidence detected", "Stripe billing evidence detected"]
-    };
-  }
-  if (next && supabase && vercel) {
-    return {
-      id: "nextjs-supabase-vercel",
-      label: "Next.js + Supabase + Vercel app",
-      confidence: "high",
-      goal: "preview-first",
-      providers: ["vercel", "supabase"],
-      reasons: ["Next.js/Vercel evidence detected", "Supabase evidence detected"]
-    };
-  }
-  if (next && vercel) {
-    return {
-      id: "nextjs-vercel",
-      label: "Next.js + Vercel app",
-      confidence: "medium",
-      goal: "preview-first",
-      providers: ["vercel"],
-      reasons: ["Next.js/Vercel evidence detected"]
-    };
-  }
-  return {
-    id: "generic-preview-first",
-    label: "Generic preview-first launch",
-    confidence: "low",
-    goal: "preview-first",
-    providers: vercel ? ["vercel"] : [],
-    reasons: ["Provider evidence is incomplete, so VibeRaven will use a conservative preview-first path"]
-  };
+function sanitizeOptionalPrpText(value) {
+  return value === void 0 ? void 0 : sanitizePrpText(value);
 }
-
-// src/launch/buildLaunchPlan.ts
-function isSafeRepoTask(task) {
-  return task.fixType === "repo-code" && task.requiresUserAction === false;
+function sanitizePrpJsonObject(value) {
+  return value === void 0 ? void 0 : sanitizePrpJsonValue(value);
 }
-function providerActionFromTask(task) {
-  if (task.fixType !== "provider-action" || !task.providerAction) {
-    return void 0;
-  }
-  const providerAction = task.providerAction;
-  return {
-    provider: providerAction.provider,
-    actionClass: providerAction.actionClass,
-    title: task.title,
-    detail: providerAction.exactStep,
-    openUrl: providerAction.dashboardUrl,
-    copyValues: providerAction.copyValues,
-    verifyCommand: providerAction.verifyCommand,
-    approvalRequired: providerAction.approvalRequired,
-    manualFallback: providerAction.manualFallback,
-    automation: buildProviderAutomationOptions({ provider: providerAction.provider })
-  };
-}
-function mergeTaskProviderActions(recipeActions, tasks) {
-  const actions = [...recipeActions];
-  for (const task of tasks) {
-    const taskAction = providerActionFromTask(task);
-    if (!taskAction) continue;
-    const alreadyCovered = actions.some(
-      (action) => action.provider === taskAction.provider && action.actionClass === taskAction.actionClass
+function sanitizePrpJsonValue(value) {
+  if (typeof value === "string") return sanitizePrpText(value);
+  if (Array.isArray(value)) return value.map((item3) => sanitizePrpJsonValue(item3));
+  if (value && typeof value === "object") {
+    return Object.fromEntries(
+      Object.entries(value).map(([key, item3]) => [
+        sanitizePrpText(key),
+        SENSITIVE_JSON_KEY_PATTERN.test(key) ? REDACTED : sanitizePrpJsonValue(item3)
+      ])
     );
-    if (!alreadyCovered) {
-      actions.push(taskAction);
-    }
   }
-  return actions;
+  return value;
 }
-function selectNextAction(options) {
-  const safeRepoTask = options.safeRepoTasks[0];
-  if (safeRepoTask) {
-    return {
-      type: "safe_repo_gap",
-      title: safeRepoTask.title,
-      detail: safeRepoTask.exactFix ?? "Apply the supported VibeRaven safe repo fix, then verify after the batch.",
-      actionClass: "local_repo_write",
-      gapId: safeRepoTask.gapId,
-      approvalRequired: false,
-      manualFallback: "Use VIBERAVEN_NEXT_ACTION or viberaven_heal_apply for the supported safe repo fix, then run verify after the batch."
-    };
-  }
-  const preview = options.providerActions.find((action) => action.actionClass === "preview_deploy");
-  if (preview) {
-    return {
-      type: "preview_deploy",
-      title: preview.title,
-      detail: preview.detail,
-      actionClass: "preview_deploy",
-      provider: preview.provider,
-      approvalRequired: preview.approvalRequired,
-      openUrl: preview.openUrl,
-      command: preview.command,
-      manualFallback: preview.manualFallback
-    };
-  }
-  const provider2 = options.providerActions[0];
-  if (provider2) {
-    return {
-      type: "provider_setup",
-      title: provider2.title,
-      detail: provider2.detail,
-      actionClass: provider2.actionClass,
-      provider: provider2.provider,
-      approvalRequired: provider2.approvalRequired,
-      openUrl: provider2.openUrl,
-      command: provider2.command,
-      manualFallback: provider2.manualFallback
-    };
-  }
-  return {
-    type: "done",
-    title: "Launch path is clear",
-    detail: "No launch action is currently required. Run verify before claiming production readiness.",
-    actionClass: "local_repo_read",
-    approvalRequired: false
-  };
-}
-function buildLaunchPlan(options) {
-  const permissionMode = options.permissionMode ?? "ask";
-  const recipe = detectLaunchRecipe(options.artifact);
-  const tasks = options.tasks ?? buildTaskList(options.artifact);
-  const safeRepoTasks = tasks.filter(isSafeRepoTask);
-  const providerActions = mergeTaskProviderActions(buildLaunchProviderActions({ recipe }), tasks);
-  const criticalGaps = options.artifact.gaps.filter((gap) => gap.severity === "critical");
-  return {
-    version: 1,
-    generatedAt: (options.now ?? /* @__PURE__ */ new Date()).toISOString(),
-    permissionMode,
-    recipe,
-    usageLine: options.artifact.usageLine,
-    safeRepoTasks,
-    providerActions,
-    nextAction: selectNextAction({ safeRepoTasks, providerActions }),
-    previewFirst: true,
-    productionGate: {
-      status: criticalGaps.length > 0 ? "blocked" : "unknown",
-      reasons: criticalGaps.length > 0 ? ["Critical launch gaps remain"] : ["Preview deploy should be verified before production promotion"]
-    }
-  };
+function sanitizePrpText(value) {
+  return value.replace(/-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z ]*PRIVATE KEY-----/g, REDACTED).replace(/\b[a-z][a-z0-9+.-]*:\/\/[^\s/@]+:[^\s/@]+@[^\s,;)]+/gi, REDACTED).replace(/\b(?:postgres(?:ql)?|mongodb(?:\+srv)?|redis(?:s)?|mysql|mariadb):\/\/[^\s/@:]+:[^\s/@]+@[^\s,;)]+/gi, REDACTED).replace(/\b(?:redis(?:s)?):\/\/:[^\s/@]+@[^\s,;)]+/gi, REDACTED).replace(
+    /\b([A-Za-z_][A-Za-z0-9_]*(?:SECRET|TOKEN|PASSWORD|PRIVATE[_-]?KEY|API[_-]?KEY|APIKEY|SERVICE[_-]?ROLE|DATABASE[_-]?URL|CONNECTION[_-]?STRING)[A-Za-z0-9_]*)\s*=\s*(?:"[^"]*"|'[^']*'|[^\s,;]+)/gi,
+    `$1=${REDACTED}`
+  ).replace(/\bBearer\s+[A-Za-z0-9._~+/=-]{8,}/gi, `Bearer ${REDACTED}`).replace(/(^|[^A-Za-z0-9])whsec_[A-Za-z0-9_]+/g, `$1${REDACTED}`).replace(/(^|[^A-Za-z0-9])sk_(live|test)_[A-Za-z0-9_]+/g, `$1${REDACTED}`).replace(/(^|[^A-Za-z0-9])pk_(live|test)_[A-Za-z0-9_]+/g, `$1${REDACTED}`).replace(/(^|[^A-Za-z0-9])sk-(?:proj-)?[A-Za-z0-9_-]{8,}/g, `$1${REDACTED}`).replace(/(^|[^A-Za-z0-9])gh[oprsu]_[A-Za-z0-9_]{16,}/g, `$1${REDACTED}`).replace(/(^|[^A-Za-z0-9])github_pat_[A-Za-z0-9_]{16,}/g, `$1${REDACTED}`).replace(/(^|[^A-Za-z0-9])(sb|supabase|vercel|stripe)_[A-Za-z0-9_]*\d[A-Za-z0-9_]{15,}/gi, `$1${REDACTED}`).replace(/(^|[^A-Za-z0-9_-])[A-Za-z0-9_-]{8,}\.[A-Za-z0-9_-]{8,}\.[A-Za-z0-9_-]{8,}(?=$|[^A-Za-z0-9_-])/g, `$1${REDACTED}`).replace(/\b[A-Za-z0-9+/]{32,}={0,2}\b/g, REDACTED);
 }
 
 // src/artifacts.ts
@@ -9801,35 +9570,6 @@ async function copyReportAssets(reportAssetsDir) {
     await (0, import_promises5.copyFile)((0, import_node_path9.join)(sourceDir, rel), (0, import_node_path9.join)(reportAssetsDir, rel));
   }
 }
-function renderLaunchTasklist(plan) {
-  const lines = [
-    "# VibeRaven Launch Autopilot",
-    "",
-    `Recipe: ${plan.recipe.label}`,
-    `Goal: preview URL first, production gate second`,
-    `Mode: ${plan.permissionMode}`,
-    "",
-    `Safe repo tasks: ${plan.safeRepoTasks.length}`,
-    `Provider actions: ${plan.providerActions.length}`,
-    "",
-    "## Best Next Move",
-    "",
-    `**Type:** ${plan.nextAction.type}`,
-    `**Title:** ${plan.nextAction.title}`,
-    `**Detail:** ${plan.nextAction.detail}`,
-    `**Approval required:** ${plan.nextAction.approvalRequired}`
-  ];
-  if (plan.nextAction.openUrl) lines.push(`**Open:** ${plan.nextAction.openUrl}`);
-  if (plan.nextAction.command) lines.push(`**Command:** \`${plan.nextAction.command}\``);
-  if (plan.nextAction.manualFallback) lines.push(`**Manual fallback:** ${plan.nextAction.manualFallback}`);
-  lines.push("", "## Production Gate", "");
-  lines.push(`Status: ${plan.productionGate.status}`);
-  for (const reason of plan.productionGate.reasons) {
-    lines.push(`- ${reason}`);
-  }
-  return `${lines.join("\n")}
-`;
-}
 async function writeScanArtifacts(options) {
   const cwd = options.cwd ?? options.artifact.workspacePath;
   const dir = getProjectArtifactsDir(cwd);
@@ -9838,33 +9578,27 @@ async function writeScanArtifacts(options) {
   const gateResultPath = (0, import_node_path9.join)(dir, "gate-result.json");
   const contextMapPath = (0, import_node_path9.join)(dir, "context-map.json");
   const gapsDir = (0, import_node_path9.join)(dir, "gaps");
+  const prpPath = (0, import_node_path9.join)(dir, "prp.json");
   const tasklistPath = (0, import_node_path9.join)(dir, "agent-tasklist.md");
   const summaryPath = (0, import_node_path9.join)(dir, "agent-summary.md");
   const playbookPath = (0, import_node_path9.join)(dir, "launch-playbook.md");
-  const launchPlanPath = (0, import_node_path9.join)(dir, "launch-plan.json");
-  const launchTasklistPath = (0, import_node_path9.join)(dir, "launch-tasklist.md");
-  const providerActionsPath = (0, import_node_path9.join)(dir, "provider-actions.json");
   const reportPath = (0, import_node_path9.join)(dir, "report.html");
   const reportAssetsDir = (0, import_node_path9.join)(dir, "report");
   await (0, import_promises5.mkdir)(gapsDir, { recursive: true });
   const safe = sanitizeArtifactForDisk(options.artifact);
-  const tasks = buildTaskList(safe);
-  const launchPlan = buildLaunchPlan({
-    artifact: safe,
-    tasks,
-    permissionMode: options.launchPermissionMode
-  });
-  const launchPlanJson = `${JSON.stringify(launchPlan, null, 2)}
-`;
-  const launchTasklist = renderLaunchTasklist(launchPlan);
-  const providerActionsJson = `${JSON.stringify({ providerActions: launchPlan.providerActions }, null, 2)}
-`;
   const json = `${JSON.stringify(safe, null, 2)}
 `;
   const summary = generateAgentSummary(safe);
   const playbook = generateLaunchPlaybook(safe);
   const html = generateReportHtml(safe);
+  const tasks = buildTaskList(safe);
   const tasklist = buildTaskListMarkdown(tasks);
+  const prp = `${JSON.stringify(buildProductionProtocolReport({
+    artifact: safe,
+    tasks,
+    producerVersion: VERSION
+  }), null, 2)}
+`;
   const gateResult = `${JSON.stringify(generateGateResult(safe), null, 2)}
 `;
   const contextMap = `${JSON.stringify(generateContextMap(safe), null, 2)}
@@ -9877,9 +9611,7 @@ async function writeScanArtifacts(options) {
     await (0, import_promises5.writeFile)((0, import_node_path9.join)(dir, "gaps", `${gap.content.id}.json`), `${JSON.stringify(gap.content, null, 2)}
 `, "utf-8");
   }
-  await (0, import_promises5.writeFile)(launchPlanPath, launchPlanJson, "utf-8");
-  await (0, import_promises5.writeFile)(launchTasklistPath, launchTasklist, "utf-8");
-  await (0, import_promises5.writeFile)(providerActionsPath, providerActionsJson, "utf-8");
+  await (0, import_promises5.writeFile)(prpPath, prp, "utf-8");
   await (0, import_promises5.writeFile)(tasklistPath, tasklist, "utf-8");
   await (0, import_promises5.writeFile)(jsonPath, json, "utf-8");
   await (0, import_promises5.writeFile)(summaryPath, summary, "utf-8");
@@ -9891,16 +9623,12 @@ async function writeScanArtifacts(options) {
     gateResultPath,
     contextMapPath,
     gapsDir,
+    prpPath,
     tasklistPath,
     summaryPath,
     playbookPath,
-    launchPlanPath,
-    launchTasklistPath,
-    providerActionsPath,
     reportPath,
-    reportAssetsDir,
-    tasks,
-    launchPlan
+    reportAssetsDir
   };
 }
 
@@ -9931,6 +9659,28 @@ function renderJsonlEvents(result) {
 `;
 }
 
+// src/output/prpSummary.ts
+function renderProductionProtocolSummary(prp) {
+  const nextAction = prp.nextActions[0];
+  const lines = [
+    "",
+    "VibeRaven Production Protocol",
+    "",
+    `Profile: ${prp.profile}`,
+    `Decision: ${prp.decision.status.toUpperCase()}`,
+    "Canonical artifact: .viberaven/prp.json",
+    ""
+  ];
+  if (nextAction) {
+    lines.push("Next action:", nextAction.title, "");
+    lines.push("Why:", prp.decision.summary);
+  } else {
+    lines.push("Next action:", "No production blockers found.", "");
+    lines.push("Why:", prp.decision.summary);
+  }
+  return lines.join("\n");
+}
+
 // src/commands/strictGate.ts
 function exitCodeForStrictGate(result, options = {}) {
   if (result.gate.status === "error") return 2;
@@ -10236,11 +9986,11 @@ function validateSafeFixRelativePath(path) {
   if (segments.some((segment) => segment === ".git" || segment === "node_modules")) {
     return { ok: false, reason: "Safe fix path targets a blocked directory." };
   }
-  const basename3 = segments.at(-1)?.toLowerCase() ?? "";
-  if (basename3 !== ".env.example" && (basename3 === ".env" || basename3.startsWith(".env."))) {
+  const basename4 = segments.at(-1)?.toLowerCase() ?? "";
+  if (basename4 !== ".env.example" && (basename4 === ".env" || basename4.startsWith(".env."))) {
     return { ok: false, reason: "Safe fix path targets an environment secret file." };
   }
-  if (isSecretLikeFilename(basename3)) {
+  if (isSecretLikeFilename(basename4)) {
     return { ok: false, reason: "Safe fix path targets a secret-like file." };
   }
   if (!isAllowedSafeFixPath(normalized)) {
@@ -11080,7 +10830,7 @@ function isRecord6(value) {
 // src/tui/runInteractive.ts
 var import_node_path15 = require("node:path");
 
-// ../../node_modules/@clack/core/dist/index.mjs
+// ../../../../node_modules/@clack/core/dist/index.mjs
 var import_sisteransi = __toESM(require_src(), 1);
 var import_node_process = require("node:process");
 var g = __toESM(require("node:readline"), 1);
@@ -11438,7 +11188,7 @@ var LD = class extends x {
   }
 };
 
-// ../../node_modules/@clack/prompts/dist/index.mjs
+// ../../../../node_modules/@clack/prompts/dist/index.mjs
 var import_node_process2 = __toESM(require("node:process"), 1);
 var import_picocolors2 = __toESM(require_picocolors(), 1);
 var import_sisteransi2 = __toESM(require_src(), 1);
@@ -11664,9 +11414,6 @@ function buildAgentFixPrompt(artifact, gap) {
   ].join("\n");
 }
 
-// src/version.ts
-var VERSION = "1.0.6";
-
 // src/commands/guide.ts
 var import_picocolors3 = __toESM(require_picocolors());
 function formatPasteTarget(step) {
@@ -11951,6 +11698,15 @@ Maps repo evidence to OWASP LLM Top 10 launch risks. Supports SAFECode-style dep
 var STACK_FRAMING = `Stack context for this repo: Next.js, Supabase, Vercel, VibeRaven.
 Do NOT deploy to Vercel or ship to production users without running \`${PUBLIC_AGENT_MODE_COMMAND}\`.
 Do NOT rely on manual production checklists when VibeRaven gate artifacts exist in \`.viberaven/\`.`;
+var PRODUCTION_PROTOCOL_RULES = `## VibeRaven Production Protocol
+
+Before making deploy, auth, database, payment, API, or scaling changes:
+
+1. Read \`.viberaven/prp.json\`.
+2. Follow \`.viberaven/mission-map.md\`.
+3. Do not deploy if \`decision.status\` is \`blocked\`.
+4. Fix \`nextActions\` in order.
+5. Re-run \`${PUBLIC_AGENT_MODE_COMMAND}\`.`;
 var AGENT_NEGATIVE_CONSTRAINTS = `## Event-Triggered Production Verification
 
 Trigger: modifications to \`package.json\`, \`vercel.json\`, \`supabase/migrations/**/*\`, \`.env.example\`, auth/billing/webhook paths, or deploy workflow files.
@@ -11976,6 +11732,8 @@ var AGENT_RULES_BODY = `${AGENT_RULES_PREAMBLE}
 
 ${STACK_FRAMING}
 
+${PRODUCTION_PROTOCOL_RULES}
+
 ${AGENT_NEGATIVE_CONSTRAINTS}
 
 ## VibeRaven Production-Readiness Gate
@@ -12025,10 +11783,11 @@ var AGENT_CONTEXT_BODY = `${AGENT_RULES_PREAMBLE}
 
 After \`--agent-mode\`, read these artifacts in order:
 
-1. \`.viberaven/mission-map.md\`
-2. \`.viberaven/agent-tasklist.md\`
-3. \`.viberaven/gate-result.json\`
-4. \`.viberaven/context-map.json\``;
+1. \`.viberaven/prp.json\`
+2. \`.viberaven/mission-map.md\`
+3. \`.viberaven/agent-tasklist.md\`
+4. \`.viberaven/gate-result.json\`
+5. \`.viberaven/context-map.json\``;
 var MISSION_MAP_BODY = `${AGENT_RULES_PREAMBLE}
 
 ## Mission Map loop
@@ -12372,7 +12131,7 @@ function getAgentRulesTargets(value) {
 }
 
 // src/commands/seedPackageJsonScripts.ts
-var import_node_fs8 = require("node:fs");
+var import_node_fs7 = require("node:fs");
 var import_promises9 = require("node:fs/promises");
 var import_node_path13 = require("node:path");
 var VIBERAVEN_PACKAGE_JSON_SCRIPTS = {
@@ -12382,7 +12141,7 @@ var VIBERAVEN_PACKAGE_JSON_SCRIPTS = {
 };
 async function seedPackageJsonScripts(options) {
   const packageJsonPath = (0, import_node_path13.join)(options.cwd, "package.json");
-  if (!(0, import_node_fs8.existsSync)(packageJsonPath)) {
+  if (!(0, import_node_fs7.existsSync)(packageJsonPath)) {
     return null;
   }
   const raw = await (0, import_promises9.readFile)(packageJsonPath, "utf-8");
@@ -12892,7 +12651,7 @@ async function runCondenseCommand(options) {
 
 // src/heal/apply.ts
 var import_promises13 = require("node:fs/promises");
-var import_node_fs11 = require("node:fs");
+var import_node_fs10 = require("node:fs");
 var import_node_path20 = require("node:path");
 
 // src/heal/pathSafety.ts
@@ -12924,7 +12683,7 @@ function applyEmptyCatchRecipe(source) {
 }
 
 // src/heal/recipes/index.ts
-var import_node_fs10 = require("node:fs");
+var import_node_fs9 = require("node:fs");
 var import_promises12 = require("node:fs/promises");
 var import_node_path19 = require("node:path");
 
@@ -13307,7 +13066,7 @@ function applyRateLimitRecipe(source, hasUpstash) {
 }
 
 // src/heal/recipes/eslintRestrictedImports.ts
-var import_node_fs9 = require("node:fs");
+var import_node_fs8 = require("node:fs");
 var import_node_path18 = require("node:path");
 var VIBERAVEN_ESLINT_MARKER = "VibeRaven heal: eslint_restricted_imports";
 var RESTRICTED_IMPORTS_MESSAGE = `Restricted import. Run ${PUBLIC_AGENT_MODE_COMMAND} before substituting packages.`;
@@ -13338,7 +13097,7 @@ var ESLINT_CONFIG_CANDIDATES = [
 ];
 function detectEslintConfigFile(cwd) {
   for (const candidate of ESLINT_CONFIG_CANDIDATES) {
-    if ((0, import_node_fs9.existsSync)((0, import_node_path18.join)(cwd, candidate))) {
+    if ((0, import_node_fs8.existsSync)((0, import_node_path18.join)(cwd, candidate))) {
       return candidate;
     }
   }
@@ -13513,13 +13272,13 @@ function defaultTargetFile(gapId) {
   return map[gapId];
 }
 async function readSourceOrEmpty(absolutePath) {
-  if (!(0, import_node_fs10.existsSync)(absolutePath)) return "";
+  if (!(0, import_node_fs9.existsSync)(absolutePath)) return "";
   return (0, import_promises12.readFile)(absolutePath, "utf8");
 }
 async function detectUpstash(cwd) {
   try {
     const pkgPath = (0, import_node_path19.join)(cwd, "package.json");
-    if (!(0, import_node_fs10.existsSync)(pkgPath)) return false;
+    if (!(0, import_node_fs9.existsSync)(pkgPath)) return false;
     const raw = await (0, import_promises12.readFile)(pkgPath, "utf8");
     const pkg = JSON.parse(raw);
     const deps = {
@@ -13586,7 +13345,7 @@ async function dispatchRecipeByGapId(gapId, cwd, explicitTarget) {
   if (gapId === "missing_csp_header") {
     let configFile = "next.config.js";
     let absolutePath = (0, import_node_path19.join)(cwd, configFile);
-    if (!(0, import_node_fs10.existsSync)(absolutePath)) {
+    if (!(0, import_node_fs9.existsSync)(absolutePath)) {
       configFile = "next.config.mjs";
       absolutePath = (0, import_node_path19.join)(cwd, configFile);
     }
@@ -13702,7 +13461,7 @@ async function applyHeal(options) {
       await (0, import_promises13.mkdir)((0, import_node_path20.dirname)(absoluteTarget), { recursive: true });
       const healDir2 = (0, import_node_path20.join)(options.cwd, ".viberaven", "heal", id);
       await (0, import_promises13.mkdir)((0, import_node_path20.join)(healDir2, "before"), { recursive: true });
-      const beforeContent = (0, import_node_fs11.existsSync)(absoluteTarget) ? await (0, import_promises13.readFile)(absoluteTarget, "utf8") : "";
+      const beforeContent = (0, import_node_fs10.existsSync)(absoluteTarget) ? await (0, import_promises13.readFile)(absoluteTarget, "utf8") : "";
       await (0, import_promises13.writeFile)((0, import_node_path20.join)(healDir2, "before", "target.txt"), beforeContent, "utf8");
       await (0, import_promises13.writeFile)(absoluteTarget, dispatched.output, "utf8");
       const patch2 = [
@@ -13973,7 +13732,7 @@ async function runHealCommand(options) {
 
 // src/stackRecommend.ts
 var import_promises17 = require("node:fs/promises");
-var import_node_fs12 = require("node:fs");
+var import_node_fs11 = require("node:fs");
 var import_node_path23 = require("node:path");
 var DEFAULT_STACK = {
   frontend: "react",
@@ -13986,7 +13745,7 @@ var DEFAULT_STACK = {
 };
 async function recommendStack(cwd = process.cwd()) {
   const pkgPath = (0, import_node_path23.join)(cwd, "package.json");
-  if (!(0, import_node_fs12.existsSync)(pkgPath)) {
+  if (!(0, import_node_fs11.existsSync)(pkgPath)) {
     return DEFAULT_STACK;
   }
   const pkg = JSON.parse(await (0, import_promises17.readFile)(pkgPath, "utf-8"));
@@ -14446,10 +14205,10 @@ function buildProviderActionBlock(task) {
       doneSignal: pa.doneSignal,
       verifyCommand: task.verifyCommand,
       mcpAlternative: task.mcpTool ?? pa.mcpAlternative ?? null,
-      actionClass: pa.actionClass,
-      approvalRequired: pa.approvalRequired,
-      manualFallback: pa.manualFallback,
-      copyValues: pa.copyValues
+      actionClass: pa.actionClass ?? "manual_provider_step",
+      approvalRequired: pa.approvalRequired ?? true,
+      manualFallback: pa.manualFallback ?? pa.exactStep,
+      copyValues: pa.copyValues ?? []
     }
   };
 }
@@ -14470,53 +14229,103 @@ function printNextActionBlock(block) {
   console.log(NEXT_ACTION_END);
 }
 
-// src/output/launchActionBlock.ts
-var LAUNCH_ACTION_START = "VIBERAVEN_LAUNCH_ACTION_START";
-var LAUNCH_ACTION_END = "VIBERAVEN_LAUNCH_ACTION_END";
-function renderLaunchSummary(plan) {
-  const lines = [
-    "",
-    "VibeRaven Launch Autopilot",
-    "",
-    `Recipe: ${plan.recipe.label}`,
-    "Goal: preview URL first, production gate second",
-    `Mode: ${plan.permissionMode}`
+// src/providerMcpBridge.ts
+var import_node_fs12 = require("node:fs");
+var import_node_os2 = require("node:os");
+var import_node_path25 = require("node:path");
+var UPGRADE_URL4 = "https://viberaven.dev/pricing";
+var FALLBACK_COMMAND = "npx -y viberaven audit --vercel-supabase --json";
+var SUPPORTED_PROVIDERS = /* @__PURE__ */ new Set(["supabase", "vercel"]);
+var configPathsOverride;
+function defaultMcpConfigPaths() {
+  const home = (0, import_node_os2.homedir)();
+  return [
+    (0, import_node_path25.join)(home, ".config", "claude", "claude_desktop_config.json"),
+    (0, import_node_path25.join)(home, ".cursor", "mcp.json"),
+    (0, import_node_path25.join)(home, ".gemini", "antigravity", "mcp_config.json")
   ];
-  if (plan.usageLine) {
-    lines.push(`Scan usage: ${plan.usageLine}`);
+}
+function resolveConfigPaths() {
+  return configPathsOverride ?? defaultMcpConfigPaths();
+}
+function parseMcpServers(raw) {
+  if (!raw || typeof raw !== "object") {
+    return void 0;
   }
-  lines.push(
-    "",
-    `Auto-close queue: ${plan.safeRepoTasks.length} safe repo task${plan.safeRepoTasks.length === 1 ? "" : "s"}`,
-    `Provider actions: ${plan.providerActions.length}`,
-    "",
-    "Best next move:",
-    plan.nextAction.title,
-    plan.nextAction.detail
-  );
-  if (plan.nextAction.openUrl) {
-    lines.push(`Open: ${plan.nextAction.openUrl}`);
+  const obj = raw;
+  if (obj.mcpServers && typeof obj.mcpServers === "object") {
+    return obj.mcpServers;
   }
-  if (plan.nextAction.command) {
-    lines.push(`Command: ${plan.nextAction.command}`);
+  if (obj.servers && typeof obj.servers === "object") {
+    return obj.servers;
   }
-  lines.push(`Approval required: ${plan.nextAction.approvalRequired ? "yes" : "no"}`);
-  return lines.join("\n");
+  return void 0;
 }
-function printLaunchActionBlock(plan) {
-  console.log(LAUNCH_ACTION_START);
-  console.log(
-    JSON.stringify(
-      {
-        VIBERAVEN_LAUNCH_ACTION: plan.nextAction
+function findServerEntry(servers, provider2) {
+  if (servers[provider2]) {
+    return servers[provider2];
+  }
+  const key = Object.keys(servers).find((candidate) => candidate.toLowerCase() === provider2);
+  return key ? servers[key] : void 0;
+}
+function findProviderMcpConfig(provider2, configPaths) {
+  const paths = configPaths ?? resolveConfigPaths();
+  for (const path of paths) {
+    if (!(0, import_node_fs12.existsSync)(path)) {
+      continue;
+    }
+    try {
+      const raw = JSON.parse((0, import_node_fs12.readFileSync)(path, "utf8"));
+      const servers = parseMcpServers(raw);
+      if (!servers) {
+        continue;
       }
-    )
-  );
-  console.log(LAUNCH_ACTION_END);
+      const entry = findServerEntry(servers, provider2);
+      if (!entry || typeof entry !== "object") {
+        continue;
+      }
+      const server = entry;
+      return {
+        command: typeof server.command === "string" ? server.command : void 0,
+        args: Array.isArray(server.args) ? server.args.filter((arg) => typeof arg === "string") : void 0,
+        url: typeof server.url === "string" ? server.url : void 0,
+        source: path
+      };
+    } catch {
+      continue;
+    }
+  }
+  return void 0;
+}
+async function verifyProviderGap(options) {
+  if (options.plan !== "pro") {
+    return {
+      verified: false,
+      reason: "pro-required",
+      upgradeUrl: UPGRADE_URL4
+    };
+  }
+  const provider2 = options.provider.toLowerCase().trim();
+  if (!SUPPORTED_PROVIDERS.has(provider2)) {
+    return {
+      verified: false,
+      reason: "unsupported-provider"
+    };
+  }
+  const mcpConfig = findProviderMcpConfig(provider2);
+  if (!mcpConfig) {
+    return {
+      verified: false,
+      mcpUnavailable: true,
+      fallbackCommand: FALLBACK_COMMAND
+    };
+  }
+  return {
+    verified: false,
+    mcpUnavailable: true,
+    fallbackCommand: FALLBACK_COMMAND
+  };
 }
-
-// src/launch/types.ts
-var LAUNCH_PERMISSION_MODES = ["manual", "ask", "safe", "full"];
 
 // src/cli.ts
 function printHelp() {
@@ -14546,7 +14355,6 @@ Usage:
 
   viberaven --agent-mode [--json|--jsonl] [path]
                        Agent-first scan; writes tasklist, gate-result, context-map, and per-gap JSON
-                       Optional: --launch-mode manual|ask|safe|full (default: ask)
 
   viberaven --strict[=warning] [path]
                        Fail when production gate is not clear; warning mode also fails on warnings
@@ -14683,13 +14491,6 @@ function shouldConsumeLeadingHyphenValue(command, key, value) {
 function hasFlag(flags, key) {
   return flags[key] === true || typeof flags[key] === "string";
 }
-function resolveLaunchPermissionMode(flags) {
-  const value = flags["launch-mode"];
-  if (typeof value !== "string") {
-    return "ask";
-  }
-  return LAUNCH_PERMISSION_MODES.includes(value) ? value : "ask";
-}
 async function guardEarlyVerifyScan(input) {
   if (input.flags["force-scan"] === true) {
     return void 0;
@@ -14698,7 +14499,7 @@ async function guardEarlyVerifyScan(input) {
   if (!verifyLike) {
     return void 0;
   }
-  const workspacePath = input.positional[0] ? (0, import_node_path25.join)(process.cwd(), input.positional[0]) : await resolveWorkspaceRoot(process.cwd());
+  const workspacePath = input.positional[0] ? (0, import_node_path26.join)(process.cwd(), input.positional[0]) : await resolveWorkspaceRoot(process.cwd());
   const loopState = await loadLoopState(workspacePath);
   if (loopState.batchApplied <= 0) {
     return void 0;
@@ -14774,7 +14575,7 @@ async function cmdStatus(flags, positional) {
     console.log("Not signed in. Run: viberaven login");
     return 1;
   }
-  const startDir = positional[0] ? (0, import_node_path25.join)(process.cwd(), positional[0]) : process.cwd();
+  const startDir = positional[0] ? (0, import_node_path26.join)(process.cwd(), positional[0]) : process.cwd();
   let artifact;
   try {
     artifact = await loadLastArtifact(startDir);
@@ -14928,7 +14729,7 @@ async function cmdWatch(flags) {
   }
 }
 async function runScanCommand(flags, positional, options) {
-  const workspacePath = positional[0] ? (0, import_node_path25.join)(process.cwd(), positional[0]) : await resolveWorkspaceRoot(process.cwd());
+  const workspacePath = positional[0] ? (0, import_node_path26.join)(process.cwd(), positional[0]) : await resolveWorkspaceRoot(process.cwd());
   const apiBaseUrl = resolveApiBaseUrl(typeof flags["api-url"] === "string" ? flags["api-url"] : void 0);
   let accessToken;
   try {
@@ -14974,17 +14775,17 @@ async function runScanCommand(flags, positional, options) {
     return { exitCode: 1 };
   }
   const artifact = await enrichArtifactWithAccount(result.artifact, apiBaseUrl, accessToken);
-  const paths = await writeScanArtifacts({
-    artifact,
-    cwd: workspacePath,
-    launchPermissionMode: resolveLaunchPermissionMode(flags)
-  });
+  const paths = await writeScanArtifacts({ artifact, cwd: workspacePath });
   if (flags.json && !options?.deferMachineOutput) {
     console.log(formatScanJsonStdout(artifact));
     return { exitCode: 0, artifacts: paths };
   }
   if (!options?.deferMachineOutput) {
     printScanSummary(artifact, paths);
+    if (flags["agent-mode"]) {
+      const prp = JSON.parse(await (0, import_promises19.readFile)(paths.prpPath, "utf8"));
+      console.log(renderProductionProtocolSummary(prp));
+    }
   }
   if (artifact.usage && !options?.deferMachineOutput) {
     console.log(formatUsageLine(artifact.usage));
@@ -14993,14 +14794,11 @@ async function runScanCommand(flags, positional, options) {
     const loopState = await loadLoopState(workspacePath);
     const openGapCount = artifact.gaps.length;
     const updatedState = resetBatch(loopState, openGapCount);
-    const tasks = paths.tasks;
+    const tasks = buildTaskList(artifact);
     const plan = artifact.plan ?? "free";
     const block = buildNextActionBlock(tasks, updatedState, plan);
     printNextActionBlock(block);
     printProviderActionBlock(tasks);
-    const launchPlan = paths.launchPlan;
-    console.log(renderLaunchSummary(launchPlan));
-    printLaunchActionBlock(launchPlan);
     await saveLoopState(workspacePath, updatedState);
   }
   if (flags.open) {
@@ -15013,7 +14811,7 @@ async function runScanCommand(flags, positional, options) {
   return { exitCode: 0, artifacts: paths };
 }
 async function cmdReport(flags, positional) {
-  const startDir = positional[0] ? (0, import_node_path25.join)(process.cwd(), positional[0]) : process.cwd();
+  const startDir = positional[0] ? (0, import_node_path26.join)(process.cwd(), positional[0]) : process.cwd();
   try {
     const paths = await refreshReportFromDisk(startDir);
     console.log(`Report refreshed: ${paths.reportPath}`);
@@ -15035,7 +14833,7 @@ async function cmdReport(flags, positional) {
   }
 }
 async function cmdPrompt(flags, positional) {
-  const startDir = positional[0] ? (0, import_node_path25.join)(process.cwd(), positional[0]) : process.cwd();
+  const startDir = positional[0] ? (0, import_node_path26.join)(process.cwd(), positional[0]) : process.cwd();
   let artifact;
   try {
     artifact = await loadLastArtifact(startDir);
@@ -15133,7 +14931,7 @@ async function main() {
   const wantsJsonl = hasFlag(flags, "jsonl");
   const wantsStrict = hasFlag(flags, "strict");
   if (flags.condense) {
-    const cwd = positional[0] ? (0, import_node_path25.join)(process.cwd(), positional[0]) : process.cwd();
+    const cwd = positional[0] ? (0, import_node_path26.join)(process.cwd(), positional[0]) : process.cwd();
     const result = await runCondenseCommand({ cwd });
     console.log(`VibeRaven context map refreshed: ${result.contextMapPath}`);
     return 0;
@@ -15197,7 +14995,7 @@ async function main() {
     case "next":
       return runNextCommand({
         json: Boolean(flags.json),
-        cwd: positional[0] ? (0, import_node_path25.join)(process.cwd(), positional[0]) : process.cwd()
+        cwd: positional[0] ? (0, import_node_path26.join)(process.cwd(), positional[0]) : process.cwd()
       });
     case "guide": {
       const provider2 = positional[0];
@@ -15235,7 +15033,7 @@ async function main() {
     case "provider-verify":
       return cmdProviderVerify(flags, positional);
     case "init": {
-      const cwd = positional[0] ? (0, import_node_path25.join)(process.cwd(), positional[0]) : process.cwd();
+      const cwd = positional[0] ? (0, import_node_path26.join)(process.cwd(), positional[0]) : process.cwd();
       const agents = typeof flags.agents === "string" ? flags.agents : void 0;
       return runInitCommand({
         cwd,
@@ -15249,7 +15047,7 @@ async function main() {
         return 1;
       }
       return runDoctorAgentsCommand({
-        cwd: positional[0] ? (0, import_node_path25.join)(process.cwd(), positional[0]) : process.cwd()
+        cwd: positional[0] ? (0, import_node_path26.join)(process.cwd(), positional[0]) : process.cwd()
       });
     case "validate-npm-package":
       return runValidateNpmPackageCommand({
@@ -15262,7 +15060,7 @@ async function main() {
         return 1;
       }
       return runAuditCommand({
-        cwd: positional[0] ? (0, import_node_path25.join)(process.cwd(), positional[0]) : process.cwd(),
+        cwd: positional[0] ? (0, import_node_path26.join)(process.cwd(), positional[0]) : process.cwd(),
         json: Boolean(flags.json)
       });
     default:
@@ -15288,7 +15086,6 @@ if (require.main === module) {
   parseArgs,
   printHelp,
   resolveDefaultEntrypointMode,
-  resolveLaunchPermissionMode,
   runScanCommand
 });
 //# sourceMappingURL=cli.js.map