@viberaven/cli 1.1.3 → 1.1.5

package/SECURITY.md

@@ -1,53 +1,53 @@
-# Security - `@viberaven/cli`
-
-## Managed Scan Boundary
-
-The npm CLI does not read `OPENAI_API_KEY` and does not accept a bring-your-own-key scan path. Scans use the VibeRaven managed API after device login, same as the signed-in VS Code extension.
-
-- API keys for model calls live on the server, not in the published npm package.
-- Local credentials store only a VibeRaven access token in `%APPDATA%\viberaven\credentials.json` or `~/.config/viberaven/`.
-- Never commit `credentials.json` or paste tokens into chat.
-
-## Safe Commands
-
-Human terminal:
-
-```bash
-npx -y viberaven
-```
-
-Agent or CI gate:
-
-```bash
-npx -y viberaven --agent-mode
-npx -y viberaven --verify
-npx -y viberaven --strict
-```
-
-VibeRaven is the Agent Context + Production Gate. Agents should read `.viberaven/agent-tasklist.md`, `.viberaven/gate-result.json`, and `.viberaven/context-map.json` before claiming an app is safe to deploy.
-
-## Written Artifacts
-
-After a scan, the CLI may create:
-
-| Path | Contents |
-|------|----------|
-| `.viberaven/last-scan.json` | Full scan payload |
-| `.viberaven/agent-tasklist.md` | Agent tasklist |
-| `.viberaven/gate-result.json` | Machine gate verdict |
-| `.viberaven/context-map.json` | Compact agent context |
-| `.viberaven/gaps/<gapId>.json` | Per-gap evidence |
-| `.viberaven/agent-summary.md` | Human/agent summary |
-| `.viberaven/launch-playbook.md` | Launch checklist |
-| `.viberaven/report.html` | Local HTML report |
-
-Repo scanners redact common key patterns in evidence strings; the CLI runs an extra redaction pass before writing files.
-
-## Provider Boundaries
-
-Provider dashboard checks are not cleared by repo-code edits. Billing/product configuration, DNS, webhooks, credentials, quotas, and live provider verification must be completed or verified in the provider dashboard or through read-only provider evidence.
-
-## Reporting Issues
-
-If you believe a scan artifact leaked a secret, rotate the key immediately and open an issue at https://github.com/ohad6k/VibeRaven/issues with the redacted file path only.
-
+# Security - `@viberaven/cli`
+
+## Managed Scan Boundary
+
+The npm CLI does not read `OPENAI_API_KEY` and does not accept a bring-your-own-key scan path. Scans use the VibeRaven managed API after device login, same as the signed-in VS Code extension.
+
+- API keys for model calls live on the server, not in the published npm package.
+- Local credentials store only a VibeRaven access token in `%APPDATA%\viberaven\credentials.json` or `~/.config/viberaven/`.
+- Never commit `credentials.json` or paste tokens into chat.
+
+## Safe Commands
+
+Human terminal:
+
+```bash
+npx -y viberaven
+```
+
+Agent or CI gate:
+
+```bash
+npx -y viberaven --agent-mode
+npx -y viberaven --verify
+npx -y viberaven --strict
+```
+
+VibeRaven is the Agent Context + Production Gate. Agents should read `.viberaven/agent-tasklist.md`, `.viberaven/gate-result.json`, and `.viberaven/context-map.json` before claiming an app is safe to deploy.
+
+## Written Artifacts
+
+After a scan, the CLI may create:
+
+| Path | Contents |
+|------|----------|
+| `.viberaven/last-scan.json` | Full scan payload |
+| `.viberaven/agent-tasklist.md` | Agent tasklist |
+| `.viberaven/gate-result.json` | Machine gate verdict |
+| `.viberaven/context-map.json` | Compact agent context |
+| `.viberaven/gaps/<gapId>.json` | Per-gap evidence |
+| `.viberaven/agent-summary.md` | Human/agent summary |
+| `.viberaven/launch-playbook.md` | Launch checklist |
+| `.viberaven/report.html` | Local HTML report |
+
+Repo scanners redact common key patterns in evidence strings; the CLI runs an extra redaction pass before writing files.
+
+## Provider Boundaries
+
+Provider dashboard checks are not cleared by repo-code edits. Billing/product configuration, DNS, webhooks, credentials, quotas, and live provider verification must be completed or verified in the provider dashboard or through read-only provider evidence.
+
+## Reporting Issues
+
+If you believe a scan artifact leaked a secret, rotate the key immediately and open an issue at https://github.com/ohad6k/VibeRaven/issues with the redacted file path only.
+

package/assets/report/assets/provider-authjs.svg

@@ -1,5 +1,5 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 64 64" aria-hidden="true">
-  <path fill="#412991" d="M32 5 11 16.8v13.7c0 12.2 8.9 23.3 21 27 12.1-3.7 21-14.8 21-27V16.8L32 5Z"/>
-  <path fill="#EB5424" d="M32 5v48.7c-3.1-1.1-6.1-2.7-8.7-4.7L32 5Z"/>
-  <path fill="#FBC22C" d="m32 5 8.7 44c-2.6 2-5.6 3.6-8.7 4.7V5Z"/>
-</svg>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 64 64" aria-hidden="true">
+  <path fill="#412991" d="M32 5 11 16.8v13.7c0 12.2 8.9 23.3 21 27 12.1-3.7 21-14.8 21-27V16.8L32 5Z"/>
+  <path fill="#EB5424" d="M32 5v48.7c-3.1-1.1-6.1-2.7-8.7-4.7L32 5Z"/>
+  <path fill="#FBC22C" d="m32 5 8.7 44c-2.6 2-5.6 3.6-8.7 4.7V5Z"/>
+</svg>

package/assets/report/assets/provider-aws.svg

@@ -1,5 +1,5 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 96 64" aria-hidden="true">
-  <text x="48" y="31" text-anchor="middle" font-family="Arial, Helvetica, sans-serif" font-size="21" font-weight="800" letter-spacing="-1.4" fill="#111827">AWS</text>
-  <path fill="#FF9900" d="M23.6 42.4c13.9 7.5 31.5 7.5 45.1-.1 1.1-.6 2.2.8 1.3 1.7-12.3 12.5-34.3 12.6-47.2.8-.9-.8-.3-2.9.8-2.4Z"/>
-  <path fill="#FF9900" d="M66.8 39.8c2.4-.3 7.8-.8 8.8 1 .9 1.6-1 5.8-2.5 8.2-.5.8-1.7.4-1.5-.6.5-2.1 1.3-4.8.5-5.8-.8-1-3.8-.8-5.4-.6-1 .1-1.2-2-.1-2.2h.2Z"/>
-</svg>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 96 64" aria-hidden="true">
+  <text x="48" y="31" text-anchor="middle" font-family="Arial, Helvetica, sans-serif" font-size="21" font-weight="800" letter-spacing="-1.4" fill="#111827">AWS</text>
+  <path fill="#FF9900" d="M23.6 42.4c13.9 7.5 31.5 7.5 45.1-.1 1.1-.6 2.2.8 1.3 1.7-12.3 12.5-34.3 12.6-47.2.8-.9-.8-.3-2.9.8-2.4Z"/>
+  <path fill="#FF9900" d="M66.8 39.8c2.4-.3 7.8-.8 8.8 1 .9 1.6-1 5.8-2.5 8.2-.5.8-1.7.4-1.5-.6.5-2.1 1.3-4.8.5-5.8-.8-1-3.8-.8-5.4-.6-1 .1-1.2-2-.1-2.2h.2Z"/>
+</svg>

package/assets/report/assets/provider-logrocket.svg

@@ -1,4 +1,4 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 64 64" aria-hidden="true">
-  <path fill="#764ABC" fill-rule="evenodd" clip-rule="evenodd" d="M26.8 12.9A20.8 20.8 0 0 1 32.3 7a20.5 20.5 0 0 1 5.5 5.8 29.3 29.3 0 0 1 5.1 17.1c1.1.9 2.3 1.8 3.4 2.7a6.2 6.2 0 0 1 2 5.7c-.5 2.6-1.1 5.2-1.6 7.8a2.2 2.2 0 0 1-3.3 1.1c-1.8-1.5-3.6-3-5.4-4.5a8.4 8.4 0 0 1-5.2 2.3 8.5 8.5 0 0 1-6.1-2.2c-1.3 1-2.5 2.1-3.8 3.2-.6.6-1.2 1-1.9 1.4a2.2 2.2 0 0 1-2.9-1.4c-.6-2.5-1.2-5.1-1.8-7.6a6.3 6.3 0 0 1 2.1-6c1-.8 2-1.6 3-2.3.3-.2.1-.5.2-.7a29.3 29.3 0 0 1 5.2-16.5Zm2.2 8.2a4.3 4.3 0 0 0 .4 5.8 4.8 4.8 0 0 0 6.5.1 4.3 4.3 0 0 0 1.1-4.8 4.4 4.4 0 0 0-3.9-2.9 4.5 4.5 0 0 0-4.1 1.8Zm3.3 4.9a2.1 2.1 0 1 0 0-4.2 2.1 2.1 0 0 0 0 4.2Z"/>
-  <path fill="#764ABC" d="M26.4 48.1a1.1 1.1 0 0 1 1.6-.9 10.4 10.4 0 0 0 9 0 1.1 1.1 0 0 1 1.6.8v4.8a1.1 1.1 0 0 1-1.7.8c-.5-.4-.9-.9-1.4-1.3-.7 1.4-1.4 2.8-2.1 4.1a1.1 1.1 0 0 1-1.8 0c-.8-1.4-1.4-2.8-2.2-4.1-.4.4-.9.9-1.3 1.3a1.1 1.1 0 0 1-1.7-.8v-4.7Z"/>
-</svg>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 64 64" aria-hidden="true">
+  <path fill="#764ABC" fill-rule="evenodd" clip-rule="evenodd" d="M26.8 12.9A20.8 20.8 0 0 1 32.3 7a20.5 20.5 0 0 1 5.5 5.8 29.3 29.3 0 0 1 5.1 17.1c1.1.9 2.3 1.8 3.4 2.7a6.2 6.2 0 0 1 2 5.7c-.5 2.6-1.1 5.2-1.6 7.8a2.2 2.2 0 0 1-3.3 1.1c-1.8-1.5-3.6-3-5.4-4.5a8.4 8.4 0 0 1-5.2 2.3 8.5 8.5 0 0 1-6.1-2.2c-1.3 1-2.5 2.1-3.8 3.2-.6.6-1.2 1-1.9 1.4a2.2 2.2 0 0 1-2.9-1.4c-.6-2.5-1.2-5.1-1.8-7.6a6.3 6.3 0 0 1 2.1-6c1-.8 2-1.6 3-2.3.3-.2.1-.5.2-.7a29.3 29.3 0 0 1 5.2-16.5Zm2.2 8.2a4.3 4.3 0 0 0 .4 5.8 4.8 4.8 0 0 0 6.5.1 4.3 4.3 0 0 0 1.1-4.8 4.4 4.4 0 0 0-3.9-2.9 4.5 4.5 0 0 0-4.1 1.8Zm3.3 4.9a2.1 2.1 0 1 0 0-4.2 2.1 2.1 0 0 0 0 4.2Z"/>
+  <path fill="#764ABC" d="M26.4 48.1a1.1 1.1 0 0 1 1.6-.9 10.4 10.4 0 0 0 9 0 1.1 1.1 0 0 1 1.6.8v4.8a1.1 1.1 0 0 1-1.7.8c-.5-.4-.9-.9-1.4-1.3-.7 1.4-1.4 2.8-2.1 4.1a1.1 1.1 0 0 1-1.8 0c-.8-1.4-1.4-2.8-2.2-4.1-.4.4-.9.9-1.3 1.3a1.1 1.1 0 0 1-1.7-.8v-4.7Z"/>
+</svg>

package/assets/report/station.css

@@ -5402,152 +5402,15 @@ body.station-results-active .studio-node__logo:not(.provider-logo--brand) svg pa
   background: rgba(3, 8, 13, 0.94);
 }
 
-.studio-top-rail__build,
-.studio-top-rail__brand {
-  color: rgba(63, 224, 244, 0.9);
-}
-
-.studio-launch-hero {
-  display: grid;
-  grid-template-columns: minmax(0, 1fr) minmax(180px, 0.78fr);
-  gap: 14px;
-  align-items: stretch;
-  padding: 12px 14px;
-  border-bottom: 1px solid rgba(32, 214, 237, 0.16);
-  background:
-    radial-gradient(circle at 8% 20%, rgba(63, 224, 244, 0.15), transparent 34%),
-    linear-gradient(135deg, rgba(5, 18, 28, 0.96), rgba(2, 8, 13, 0.98));
-}
-
-.studio-launch-hero__main,
-.studio-launch-hero__next {
-  display: grid;
-  min-width: 0;
-  align-content: center;
-}
-
-.studio-launch-hero__main {
-  gap: 8px;
-}
-
-.studio-launch-hero__next {
-  gap: 7px;
-  padding: 10px 11px;
-  border: 1px solid rgba(63, 224, 244, 0.16);
-  border-radius: 8px;
-  background: rgba(1, 6, 10, 0.62);
-}
-
-.studio-launch-hero__wordmark {
-  margin: 0;
-  color: rgba(232, 250, 255, 0.92);
-  font-size: 11px;
-  font-weight: 900;
-  letter-spacing: 0.14em;
-  text-transform: uppercase;
-}
-
-.studio-launch-hero__decision {
-  display: inline-flex;
-  align-items: center;
-  width: max-content;
-  max-width: 100%;
-  min-height: 30px;
-  padding: 6px 11px;
-  border: 1px solid rgba(239, 68, 68, 0.35);
-  border-radius: 999px;
-  background: rgba(40, 12, 12, 0.46);
-  color: #fecaca;
-  font-size: 12px;
-  font-weight: 900;
-  letter-spacing: 0.08em;
-  line-height: 1;
-  text-transform: uppercase;
-  overflow-wrap: anywhere;
-}
-
-.studio-launch-hero__decision--warning {
-  border-color: rgba(245, 158, 11, 0.42);
-  background: rgba(40, 28, 8, 0.5);
-  color: #fde68a;
-}
-
-.studio-launch-hero__decision--clear {
-  border-color: rgba(74, 222, 128, 0.38);
-  background: rgba(8, 32, 18, 0.52);
-  color: #bbf7d0;
-}
-
-.studio-launch-hero__gauge {
-  height: 8px;
-  overflow: hidden;
-  border-radius: 999px;
-  background: rgba(255, 255, 255, 0.08);
-}
-
-.studio-launch-hero__gauge-fill {
-  display: block;
-  height: 100%;
-  border-radius: inherit;
-  background: #ef4444;
-  transition: width 0.35s var(--vr-ease-out);
-}
-
-.studio-launch-hero__gauge-fill--warning {
-  background: #f59e0b;
-}
-
-.studio-launch-hero__gauge-fill--clear {
-  background: #4ade80;
-}
-
-.studio-launch-hero__next-label {
-  color: rgba(232, 250, 255, 0.58);
-  font-size: 9px;
-  font-weight: 900;
-  letter-spacing: 0.12em;
-  line-height: 1;
-  text-transform: uppercase;
-}
-
-.studio-launch-hero__next strong {
-  min-width: 0;
-  color: rgba(248, 252, 255, 0.95);
-  font-size: 12px;
-  font-weight: 850;
-  line-height: 1.25;
-  overflow-wrap: anywhere;
-}
-
-.studio-launch-hero__verify {
-  justify-self: start;
-  min-height: 30px;
-  padding: 0 10px;
-  border: 1px solid rgba(63, 224, 244, 0.32);
-  border-radius: 7px;
-  background: rgba(63, 224, 244, 0.1);
-  color: rgba(232, 250, 255, 0.92);
-  font: 800 10px/1 var(--font-ui);
-  letter-spacing: 0.07em;
-  text-transform: uppercase;
-}
-
-.studio-launch-hero__verify:hover,
-.studio-launch-hero__verify:focus-visible {
-  border-color: rgba(63, 224, 244, 0.52);
-  background: rgba(63, 224, 244, 0.16);
-}
-
-@media (max-width: 620px) {
-  .studio-launch-hero {
-    grid-template-columns: minmax(0, 1fr);
-  }
-}
-
-.studio-workspace {
-  position: relative;
-  grid-template-columns: 52px minmax(0, 1fr);
-}
+.studio-top-rail__build,
+.studio-top-rail__brand {
+  color: rgba(63, 224, 244, 0.9);
+}
+
+.studio-workspace {
+  position: relative;
+  grid-template-columns: 52px minmax(0, 1fr);
+}
 
 .studio-nav-rail {
   border-right-color: rgba(32, 214, 237, 0.14);

package/assets/report/station.js

@@ -6670,99 +6670,18 @@ function applyScanStage(stage) {
   }
 }
 
-function setTextById(id, text) {
-  const element = document.getElementById(id);
-  if (element) {
-    element.textContent = String(text || '');
-  }
-}
-
-function normalizeLaunchHeroDecision(value) {
-  const raw = readString(value).toLowerCase();
-  if (raw === 'clear') {
-    return 'CLEAR';
-  }
-  if (raw === 'warning' || raw === 'warn') {
-    return 'WARNING';
-  }
-  if (raw === 'blocked' || raw === 'block' || raw === 'not_clear' || raw === 'needs_work' || raw === 'fail' || raw === 'failed') {
-    return 'BLOCKED';
-  }
-  return '';
-}
-
-function resolveLaunchHeroDecision(payload, score, gaps) {
-  const explicitDecision = isRecord(payload)
-    ? normalizeLaunchHeroDecision(payload.decision) ||
-      normalizeLaunchHeroDecision(payload.gateStatus) ||
-      normalizeLaunchHeroDecision(payload.status) ||
-      (isRecord(payload.productionGate) ? normalizeLaunchHeroDecision(payload.productionGate.status) : '') ||
-      (isRecord(payload.gateResult)
-        ? normalizeLaunchHeroDecision(payload.gateResult.status) ||
-          (isRecord(payload.gateResult.gate) ? normalizeLaunchHeroDecision(payload.gateResult.gate.status) : '')
-        : '')
-    : '';
-  if (explicitDecision) {
-    return explicitDecision;
-  }
-
-  const gapCount = Array.isArray(gaps) ? gaps.length : 0;
-  if (Array.isArray(gaps) && gaps.some(function (gap) { return isRecord(gap) && readString(gap.severity).toLowerCase() === 'critical'; })) {
-    return 'BLOCKED';
-  }
-  if (gapCount > 0) {
-    return 'WARNING';
-  }
-  if (score >= 90 && gapCount === 0) {
-    return 'CLEAR';
-  }
-  if (score >= 70) {
-    return 'WARNING';
-  }
-  return 'BLOCKED';
-}
-
-function resolveLaunchHeroNextAction(decision, gaps) {
-  const firstGap = Array.isArray(gaps) && isRecord(gaps[0]) ? gaps[0] : null;
-  const firstTitle = firstGap ? readString(firstGap.title) : '';
-  if (firstTitle) {
-    return firstTitle;
-  }
-  if (decision === 'CLEAR') {
-    return 'Share the VibeRaven proof card.';
-  }
-  if (decision === 'WARNING') {
-    return 'Run verify after applying the remaining fixes.';
-  }
-  return 'Run a scan to map production gaps.';
-}
-
-function updateLaunchHero(decision, score, nextAction) {
-  const normalizedDecision = decision === 'CLEAR' || decision === 'WARNING' ? decision : 'BLOCKED';
-  const normalizedScore = Math.max(0, Math.min(100, Math.round(Number(score) || 0)));
-  const toneClass = normalizedDecision === 'CLEAR'
-    ? 'clear'
-    : normalizedDecision === 'WARNING'
-      ? 'warning'
-      : 'blocked';
-  const decisionEl = document.getElementById('studio-launch-decision');
-  if (decisionEl) {
-    decisionEl.className = 'studio-launch-hero__decision studio-launch-hero__decision--' + toneClass;
-    decisionEl.textContent = (normalizedDecision === 'CLEAR' ? '\u25c6 ' : '\u25c7 ') + normalizedDecision;
-  }
-  const gaugeFill = document.getElementById('studio-launch-gauge-fill');
-  if (gaugeFill) {
-    gaugeFill.className = 'studio-launch-hero__gauge-fill studio-launch-hero__gauge-fill--' + toneClass;
-    gaugeFill.style.width = normalizedScore + '%';
-  }
-  setTextById('studio-launch-next-action', nextAction || resolveLaunchHeroNextAction(normalizedDecision, []));
-}
-
-function setResultsBar(score) {
-  const bar = document.getElementById('mc-results-bar');
-  if (!bar) {
-    return;
-  }
+function setTextById(id, text) {
+  const element = document.getElementById(id);
+  if (element) {
+    element.textContent = String(text || '');
+  }
+}
+
+function setResultsBar(score) {
+  const bar = document.getElementById('mc-results-bar');
+  if (!bar) {
+    return;
+  }
   bar.style.width = score + '%';
   bar.setAttribute('aria-valuenow', String(score));
   bar.classList.remove('mc-bar-fill--amber', 'mc-bar-fill--green');
@@ -6828,14 +6747,13 @@ function renderMissionControl(payload, options) {
     }
     clearProductionChrome();
     setSection('spec-update', null);
-    if (specNotes instanceof HTMLElement) {
-      specNotes.hidden = true;
-    }
-    updateLaunchHero('BLOCKED', 0, 'Fix the scan failure, then run verify.');
-    announceMissionControlReadout(payload, 0, true);
-    showMcState('results');
-    return;
-  }
+    if (specNotes instanceof HTMLElement) {
+      specNotes.hidden = true;
+    }
+    announceMissionControlReadout(payload, 0, true);
+    showMcState('results');
+    return;
+  }
 
   // Success path — new schema
   if (mcResults instanceof HTMLElement) {
@@ -6858,11 +6776,9 @@ function renderMissionControl(payload, options) {
     mainBar.setAttribute('aria-valuenow', String(score));
     mainBar.classList.remove('mc-bar-fill--amber', 'mc-bar-fill--green');
   }
-
-  const gaps = Array.isArray(payload.gaps) ? payload.gaps : [];
-  const launchDecision = resolveLaunchHeroDecision(payload, score, gaps);
-  updateLaunchHero(launchDecision, score, resolveLaunchHeroNextAction(launchDecision, gaps));
-  const fullSummary = typeof payload.summary === 'string' ? payload.summary.replace(/\s+/g, ' ').trim() : '';
+
+  const gaps = Array.isArray(payload.gaps) ? payload.gaps : [];
+  const fullSummary = typeof payload.summary === 'string' ? payload.summary.replace(/\s+/g, ' ').trim() : '';
   /* Cap only for pathological payload size; normal summaries show in full in the panel. */
   const maxSummary = 4000;
   const summary = fullSummary.length > maxSummary ? fullSummary.slice(0, maxSummary - 1).replace(/\s+\S*$/, '') + '\u2026' : fullSummary;
@@ -7358,9 +7274,9 @@ function buildAgentPromptText(payload, nextMove, missing, files) {
 
 function buildChecklistText(payload, nextMove, missing, files) {
   const lines = [
-    '# VibeRaven production checklist',
+    '# VibeRaven production checklist',
     '',
-    'Generated from the latest VibeRaven run.',
+    'Generated from the latest VibeRaven run.',
     '',
     '## Next move',
     '',