@viberaven/cli 1.1.10 → 1.1.11

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "@viberaven/cli",
-  "version": "1.1.10",
-  "description": "Local launch console for AI-built apps: scan your repo, see provider launch paths, copy the next fix prompt, and verify before deploy.",
-  "license": "MIT",
+  "version": "1.1.11",
+  "description": "Local launch console and production-readiness gate for AI-built apps: auth, billing, database, deployment, monitoring, and agent-ready fixes.",
+  "license": "UNLICENSED",
   "author": "VibeRaven",
   "homepage": "https://viberaven.dev",
   "bugs": {
@@ -15,8 +15,6 @@
   },
   "keywords": [
     "viberaven",
-    "localhost-ui",
-    "provider-launch-paths",
     "launch-readiness",
     "production-readiness",
     "launch-gaps",
@@ -39,24 +37,29 @@
   "bin": {
     "viberaven": "dist/cli.js"
   },
-  "files": [
-    "dist",
-    "AGENTS.md"
-  ],
+  "files": [
+    "dist",
+    "playbooks",
+    "assets/report",
+    "AGENTS.md",
+    "SECURITY.md",
+    "templates"
+  ],
   "scripts": {
     "sync-report-assets": "node scripts/sync-report-assets.mjs",
     "build": "node scripts/build.mjs",
     "dev": "node scripts/build.mjs && node dist/cli.js",
     "typecheck": "tsc -p tsconfig.json",
     "demo-report": "node scripts/demo-report.mjs --open",
-    "verify:release:smoke": "npm run build && node scripts/verify-local-package-flow.mjs --smoke",
-    "verify:release:live": "npm run build && node scripts/verify-local-package-flow.mjs --live",
-    "test": "vitest run",
-    "prepublishOnly": "npm run typecheck && npm run test && npm run build && node ../../scripts/verify-public-npm-pack.mjs && node scripts/verify-local-package-flow.mjs --smoke",
+    "verify:release:smoke": "npm run build && node scripts/verify-beta-flow.mjs --smoke",
+    "verify:release:live": "npm run build && node scripts/verify-beta-flow.mjs --live",
+    "test": "vitest run",
+    "prepublishOnly": "npm run sync-report-assets && npm run check:agent-discovery && npm run typecheck && npm run test && npm run build",
     "check:agent-discovery": "node scripts/check-agent-discovery.mjs",
-    "viberaven:gate": "npx -y viberaven --agent-mode",
-    "viberaven:verify": "npx -y viberaven --verify"
-  },
+    "viberaven:gate": "npx -y viberaven --agent-mode",
+    "viberaven:verify": "npx -y viberaven --verify",
+    "viberaven:strict": "npx -y viberaven --strict"
+  },
   "engines": {
     "node": ">=20"
   },

package/playbooks/_stack-default.json

@@ -0,0 +1,11 @@
+{
+  "id": "stack-default",
+  "recommendation": {
+    "frontend": "react",
+    "ui": "tailwind + shadcn/ui",
+    "database": "supabase",
+    "auth": "supabase",
+    "deploy": "vercel",
+    "reason": "Highest agent training density; lowest friction for autonomous deploy loop"
+  }
+}

package/playbooks/auth-supabase.json

@@ -0,0 +1,31 @@
+{
+  "id": "auth-supabase",
+  "provider": "auth-supabase",
+  "title": "Supabase Auth providers",
+  "steps": [
+    {
+      "id": "auth-providers",
+      "title": "Enable providers",
+      "instruction": "Enable Email and any OAuth providers your app uses (Google, GitHub, etc.).",
+      "openUrl": "https://supabase.com/dashboard/project/_/auth/providers"
+    },
+    {
+      "id": "auth-urls",
+      "title": "Redirect URLs",
+      "instruction": "Site URL and Redirect URLs must include your Vercel deployment URL.",
+      "openUrl": "https://supabase.com/dashboard/project/_/auth/url-configuration"
+    },
+    {
+      "id": "auth-email-templates",
+      "title": "Email templates",
+      "instruction": "Customize confirm signup and magic link templates if your app uses email auth.",
+      "openUrl": "https://supabase.com/dashboard/project/_/auth/templates"
+    },
+    {
+      "id": "auth-jwt",
+      "title": "JWT settings",
+      "instruction": "Confirm JWT expiry matches your session strategy. Use service role key only on the server.",
+      "openUrl": "https://supabase.com/dashboard/project/_/settings/api"
+    }
+  ]
+}

package/playbooks/stripe.json

@@ -0,0 +1,60 @@
+{
+  "id": "stripe-launch",
+  "provider": "stripe",
+  "title": "Configure Stripe billing",
+  "steps": [
+    {
+      "id": "stripe-dashboard",
+      "title": "Stripe dashboard",
+      "instruction": "Open Stripe. For development, turn Test mode ON.",
+      "openUrl": "https://dashboard.stripe.com/"
+    },
+    {
+      "id": "stripe-keys",
+      "title": "API keys",
+      "instruction": "Copy test (or live) keys into .env. Never commit secret keys.",
+      "openUrl": "https://dashboard.stripe.com/test/apikeys",
+      "pasteTarget": {
+        "file": ".env",
+        "keys": ["STRIPE_SECRET_KEY", "NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY"]
+      }
+    },
+    {
+      "id": "stripe-product",
+      "title": "Product and price",
+      "instruction": "Create a product with a recurring price for your Pro or paid tier.",
+      "openUrl": "https://dashboard.stripe.com/test/products"
+    },
+    {
+      "id": "stripe-price-id",
+      "title": "Price ID",
+      "instruction": "Copy the Price ID (price_...) into .env as STRIPE_PRICE_ID."
+    },
+    {
+      "id": "stripe-webhook",
+      "title": "Webhook endpoint",
+      "instruction": "Add endpoint URL: {APP_URL}/api/webhooks/stripe (replace {APP_URL} with your Vercel URL).",
+      "openUrl": "https://dashboard.stripe.com/test/webhooks"
+    },
+    {
+      "id": "stripe-webhook-events",
+      "title": "Webhook events",
+      "instruction": "Subscribe to these events at minimum.",
+      "events": [
+        "checkout.session.completed",
+        "customer.subscription.updated",
+        "customer.subscription.deleted",
+        "invoice.payment_failed"
+      ]
+    },
+    {
+      "id": "stripe-signing-secret",
+      "title": "Signing secret",
+      "instruction": "Copy the webhook signing secret into .env as STRIPE_WEBHOOK_SECRET.",
+      "pasteTarget": {
+        "file": ".env",
+        "keys": ["STRIPE_WEBHOOK_SECRET"]
+      }
+    }
+  ]
+}

package/playbooks/supabase.json

@@ -0,0 +1,51 @@
+{
+  "id": "supabase-launch",
+  "provider": "supabase",
+  "title": "Configure Supabase",
+  "steps": [
+    {
+      "id": "supabase-project",
+      "title": "Open Supabase dashboard",
+      "instruction": "Create a project or open your existing Supabase project.",
+      "openUrl": "https://supabase.com/dashboard"
+    },
+    {
+      "id": "supabase-api-keys",
+      "title": "API keys",
+      "instruction": "Copy Project URL and anon/public key into .env.",
+      "openUrl": "https://supabase.com/dashboard/project/_/settings/api",
+      "pasteTarget": {
+        "file": ".env",
+        "keys": ["NEXT_PUBLIC_SUPABASE_URL", "NEXT_PUBLIC_SUPABASE_ANON_KEY"]
+      }
+    },
+    {
+      "id": "supabase-db-url",
+      "title": "Database connection",
+      "instruction": "Copy the connection string (use pooler for serverless). Server-side only — never expose in client code.",
+      "openUrl": "https://supabase.com/dashboard/project/_/settings/database",
+      "pasteTarget": {
+        "file": ".env",
+        "keys": ["DATABASE_URL"]
+      }
+    },
+    {
+      "id": "supabase-auth-urls",
+      "title": "Auth URL configuration",
+      "instruction": "Set Site URL to your Vercel preview or production URL. Add the same URL to Redirect URLs with /** wildcard.",
+      "openUrl": "https://supabase.com/dashboard/project/_/auth/url-configuration"
+    },
+    {
+      "id": "supabase-rls",
+      "title": "Row Level Security",
+      "instruction": "Enable RLS on tables that hold user data. Add policies for authenticated users.",
+      "openUrl": "https://supabase.com/dashboard/project/_/auth/policies"
+    },
+    {
+      "id": "supabase-migrate",
+      "title": "Apply migrations",
+      "instruction": "Run supabase db push or apply SQL migrations so production schema matches the repo.",
+      "openUrl": "https://supabase.com/docs/guides/cli"
+    }
+  ]
+}

package/playbooks/vercel.json

@@ -0,0 +1,42 @@
+{
+  "id": "vercel-launch",
+  "provider": "vercel",
+  "title": "Deploy on Vercel",
+  "steps": [
+    {
+      "id": "vercel-signup",
+      "title": "Sign in to Vercel",
+      "instruction": "Create or sign in to your Vercel account.",
+      "openUrl": "https://vercel.com/signup"
+    },
+    {
+      "id": "vercel-import",
+      "title": "Import repository",
+      "instruction": "Import your Git repository. Connect GitHub or GitLab if prompted.",
+      "openUrl": "https://vercel.com/new"
+    },
+    {
+      "id": "vercel-env",
+      "title": "Environment variables",
+      "instruction": "Project → Settings → Environment Variables. Add every key from .env.example for Production and Preview.",
+      "openUrl": "https://vercel.com/docs/projects/environment-variables"
+    },
+    {
+      "id": "vercel-deploy",
+      "title": "Deploy",
+      "instruction": "Push to your production branch or click Redeploy in the Vercel dashboard.",
+      "openUrl": "https://vercel.com/docs/deployments"
+    },
+    {
+      "id": "vercel-preview",
+      "title": "Copy live URL",
+      "instruction": "Copy the Production or Preview URL from Vercel. Set NEXT_PUBLIC_APP_URL (or your app's public URL env) in .env and Vercel env settings."
+    },
+    {
+      "id": "vercel-domains",
+      "title": "Custom domain (optional)",
+      "instruction": "Add a custom domain when you are ready for production traffic.",
+      "openUrl": "https://vercel.com/docs/projects/domains"
+    }
+  ]
+}

package/templates/AGENTS.snippet.md

@@ -0,0 +1,52 @@
+## VibeRaven Launch Readiness
+
+VibeRaven is the Agent Context + Production Gate.
+
+Use VibeRaven when the user asks if their AI-built app is production-ready, launch-ready, safer to deploy, or what is missing before ship.
+
+### Humans
+
+```bash
+npx -y viberaven
+```
+
+In a real terminal, this opens the interactive VibeRaven menu.
+
+### Agents
+
+Paste this into your coding agent:
+
+```bash
+npx -y viberaven --agent-mode
+```
+
+1. Run `npx -y viberaven --agent-mode` from the project root.
+2. If VibeRaven prints `LOGIN_URL_READY`, open that exact URL for the user. Say: "I opened VibeRaven sign-in so you can approve access; I will continue after approval." Do not ask for passwords, tokens, cookies, or secrets. Keep the terminal alive while the user approves.
+   If the scan flow cannot start login, run `npx -y viberaven login`.
+3. Read `.viberaven/agent-tasklist.md` first, `.viberaven/gate-result.json` for the machine verdict, and `.viberaven/context-map.json` for compact agent context. If the tasklist says `CRITICAL GAPS DETECTED` or `PRODUCTION GATE NOT CLEAR`, fix one listed repo-code gap before deploy.
+4. Read `.viberaven/agent-summary.md` second for scan context.
+5. Read `.viberaven/launch-playbook.md` third for the full checklist.
+6. Use `npx -y viberaven next --json` or `npx -y viberaven prompt --gap <id>` for one focused repo-code fix. Local installs can use `viberaven prompt`.
+7. For Vercel + Supabase, run `npx -y viberaven audit --vercel-supabase` and check RLS, service role exposure, and Supabase pooler port 6543 instead of runtime port 5432.
+8. Do not claim provider dashboard checks are fixed by repo-code edits.
+9. Verify with tests/build, then run `npx -y viberaven --verify`.
+
+Before deploy or CI pass:
+
+```bash
+npx -y viberaven --strict
+```
+
+Also available:
+
+- `.viberaven/last-scan.json` - full mission map and gaps
+- `.viberaven/report.html` - visual map for the user
+- `npx -y viberaven init --dry-run` - preview local agent rules
+- `npx -y viberaven clean --plan` - write a non-destructive cleanup plan
+
+Free plan: 2 lifetime scans, 6/12 mission map lanes. Pro: 50 scans/month, all 12 lanes.
+
+Same VibeRaven account and scan quota as the VS Code extension.
+
+Security: the CLI does not read `OPENAI_API_KEY`. Scans use VibeRaven login and the managed API; your model key stays server-side.
+

package/templates/CLAUDE.snippet.md

@@ -0,0 +1,17 @@
+<!-- viberaven:agent-rules:start -->
+## VibeRaven Agent Rules
+
+VibeRaven is the Agent Context + Production Gate.
+
+- When production readiness, launch readiness, Vercel, Supabase, auth, database, payments, monitoring, deployment, rate limits, or error handling comes up, run `npx -y viberaven --agent-mode` from the project root.
+- Read `.viberaven/agent-tasklist.md` first, `.viberaven/gate-result.json` for the machine verdict, and `.viberaven/context-map.json` for compact agent context.
+- Read `.viberaven/agent-summary.md` before editing code.
+- Read `.viberaven/launch-playbook.md` before editing code.
+- Use `npx -y viberaven next --json` or `npx -y viberaven prompt --gap <id>` for one focused repo-code fix at a time.
+- Run `npx -y viberaven --verify` after one fix.
+- Run `npx -y viberaven --strict` before deploy or CI pass.
+- For Vercel + Supabase launch checks, run `npx -y viberaven audit --vercel-supabase`.
+- Do not claim provider dashboard work is fixed by repo-code edits. Provider dashboard checks, billing/product configuration, DNS, webhooks, credentials, quotas, and live provider verification must be completed or verified in the provider dashboard.
+- If VibeRaven prints `LOGIN_URL_READY`, open that URL for the user using the available browser tool or system browser. Tell the user: "I opened VibeRaven sign-in so you can approve access; I will continue after approval." Do not ask for passwords, tokens, cookies, or secrets. Keep the terminal process alive while the user approves.
+<!-- viberaven:agent-rules:end -->
+

package/templates/CURSOR.snippet.md

@@ -0,0 +1,17 @@
+<!-- viberaven:agent-rules:start -->
+## VibeRaven Agent Rules
+
+VibeRaven is the Agent Context + Production Gate.
+
+- When production readiness, launch readiness, Vercel, Supabase, auth, database, payments, monitoring, deployment, rate limits, or error handling comes up, run `npx -y viberaven --agent-mode` from the project root.
+- Read `.viberaven/agent-tasklist.md` first, `.viberaven/gate-result.json` for the machine verdict, and `.viberaven/context-map.json` for compact agent context.
+- Read `.viberaven/agent-summary.md` before editing code.
+- Read `.viberaven/launch-playbook.md` before editing code.
+- Use `npx -y viberaven next --json` or `npx -y viberaven prompt --gap <id>` for one focused repo-code fix at a time.
+- Run `npx -y viberaven --verify` after one fix.
+- Run `npx -y viberaven --strict` before deploy or CI pass.
+- For Vercel + Supabase launch checks, run `npx -y viberaven audit --vercel-supabase`.
+- Do not claim provider dashboard work is fixed by repo-code edits. Provider dashboard checks, billing/product configuration, DNS, webhooks, credentials, quotas, and live provider verification must be completed or verified in the provider dashboard.
+- If VibeRaven prints `LOGIN_URL_READY`, open that URL for the user using the available browser tool or system browser. Tell the user: "I opened VibeRaven sign-in so you can approve access; I will continue after approval." Do not ask for passwords, tokens, cookies, or secrets. Keep the terminal process alive while the user approves.
+<!-- viberaven:agent-rules:end -->
+

package/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2026 VibeRaven
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.