vibecheck-ai 1.2.2 → 1.2.3

package/dist/index.js

@@ -9,8 +9,9 @@ import * as os5 from 'os';
 import os5__default from 'os';
 import * as crypto52 from 'crypto';
 import crypto52__default, { createHash, randomUUID, createHmac } from 'crypto';
+import { AsyncResource } from 'async_hooks';
 import { glob } from 'glob';
-import fg from 'fast-glob';
+import fg2 from 'fast-glob';
 import * as fs15 from 'fs';
 import fs15__default, { existsSync, mkdirSync, promises, readFileSync, writeFileSync, readdirSync, statSync, realpathSync } from 'fs';
 import { exec, execSync, spawn, execFileSync } from 'child_process';
@@ -28,7 +29,7 @@ import { Command, InvalidArgumentError } from 'commander';
 import updateNotifier from 'update-notifier';
 import chalk9 from 'chalk';
 import gradient from 'gradient-string';
-import figlet from 'figlet';
+import 'figlet';
 import ci from 'ci-info';
 import 'ink';
 import 'react/jsx-runtime';
@@ -82,7 +83,7 @@ function getErrorDefaults(code) {
     CONFIG_NOT_FOUND: {
       message: "Configuration file not found",
       suggestions: [
-        "Run `vibecheck init` to create a configuration file",
+        "Run `vibecheck link` to create a configuration file",
         "Create a vibecheck.config.mjs file manually",
         "Specify a config path with --config <path>"
       ],
@@ -637,7 +638,7 @@ ${errors}`,
           suggestions: [
             "Check your configuration file for typos",
             "Refer to the documentation for valid options",
-            "Use `vibecheck init --force` to regenerate a valid config"
+            "Use `vibecheck link --force` to regenerate a valid config"
           ]
         }
       );
@@ -1547,6 +1548,12 @@ var init_credentials = __esm({
   }
 });
 
+// ../../packages/shared-types/dist/chunk-X7ZL25I6.js
+var init_chunk_X7ZL25I6 = __esm({
+  "../../packages/shared-types/dist/chunk-X7ZL25I6.js"() {
+  }
+});
+
 // ../../packages/shared-types/dist/index.js
 function tierMeetsRequirement(userTier, requiredTier) {
   const userIndex = TIER_ORDER.indexOf(userTier);
@@ -1692,6 +1699,7 @@ function createDriftEvent(type, severity, file2, operation, description, context
 var ENTITLEMENTS, FREE_ENTITLEMENTS, PRO_ENTITLEMENTS, FEATURE_KEYS, FEATURE_METADATA, PLAN_DEFINITIONS, TIER_ORDER, UPGRADE_URLS, VERDICT_THRESHOLDS, SEVERITY_PENALTIES, PERMISSIONS;
 var init_dist = __esm({
   "../../packages/shared-types/dist/index.js"() {
+    init_chunk_X7ZL25I6();
     ENTITLEMENTS = {
       // === FREE Tier Entitlements ===
       SCAN_UNLIMITED: "scan_unlimited",
@@ -1711,6 +1719,8 @@ var init_dist = __esm({
       GITHUB_ACTION_WARN: "github_action_warn",
       FIREWALL_OBSERVE: "firewall_observe",
       FILE_LOCKING: "file_locking",
+      AUTOFIX_LIMITED: "autofix_limited",
+      // 3 fixes per month for free tier
       // === PRO Tier Entitlements ===
       REALITY_MODE: "reality_mode",
       CONTEXT_ENGINE: "context_engine",
@@ -1766,7 +1776,9 @@ var init_dist = __esm({
       ENTITLEMENTS.TRACE_ANALYSIS,
       ENTITLEMENTS.GITHUB_ACTION_WARN,
       ENTITLEMENTS.FIREWALL_OBSERVE,
-      ENTITLEMENTS.FILE_LOCKING
+      ENTITLEMENTS.FILE_LOCKING,
+      ENTITLEMENTS.AUTOFIX_LIMITED
+      // 3 fixes per month
     ]);
     PRO_ENTITLEMENTS = /* @__PURE__ */ new Set([
       // Includes all FREE entitlements
@@ -1862,12 +1874,24 @@ var init_dist = __esm({
         ],
         docsUrl: "/docs/firewall"
       },
+      [ENTITLEMENTS.AUTOFIX_LIMITED]: {
+        entitlement: ENTITLEMENTS.AUTOFIX_LIMITED,
+        title: "Auto-Fix (Limited)",
+        description: "AI-powered code repair with 3 fixes per month on free tier.",
+        benefits: [
+          "3 AI-powered fixes per month",
+          "One-click application",
+          "Preview before applying",
+          "Upgrade for unlimited"
+        ],
+        docsUrl: "/docs/autofix"
+      },
       [ENTITLEMENTS.AUTOFIX_APPLY]: {
         entitlement: ENTITLEMENTS.AUTOFIX_APPLY,
-        title: "Auto-Fix Apply",
-        description: "AI-powered code repair with rollback support.",
+        title: "Auto-Fix Unlimited",
+        description: "AI-powered code repair with rollback support. 100 fixes per month.",
         benefits: [
-          "One-click fixes",
+          "100 fixes per month",
           "Rollback support",
           "Fix verification",
           "Batch application"
@@ -2596,6 +2620,7 @@ var init_dist = __esm({
         features: [
           "Unlimited scans",
           "Unlimited ship decisions",
+          "3 AI fixes per month",
           "Doctor (health checks)",
           "HTML reports",
           "Checkpoint create/restore",
@@ -3250,6 +3275,201 @@ var init_chunk_7A7U3ABV = __esm({
     };
   }
 });
+
+// ../../packages/shared-utils/src/retry.ts
+var init_retry = __esm({
+  "../../packages/shared-utils/src/retry.ts"() {
+  }
+});
+
+// ../../node_modules/.pnpm/yocto-queue@1.2.2/node_modules/yocto-queue/index.js
+var Node, Queue;
+var init_yocto_queue = __esm({
+  "../../node_modules/.pnpm/yocto-queue@1.2.2/node_modules/yocto-queue/index.js"() {
+    Node = class {
+      value;
+      next;
+      constructor(value) {
+        this.value = value;
+      }
+    };
+    Queue = class {
+      #head;
+      #tail;
+      #size;
+      constructor() {
+        this.clear();
+      }
+      enqueue(value) {
+        const node = new Node(value);
+        if (this.#head) {
+          this.#tail.next = node;
+          this.#tail = node;
+        } else {
+          this.#head = node;
+          this.#tail = node;
+        }
+        this.#size++;
+      }
+      dequeue() {
+        const current = this.#head;
+        if (!current) {
+          return;
+        }
+        this.#head = this.#head.next;
+        this.#size--;
+        if (!this.#head) {
+          this.#tail = void 0;
+        }
+        return current.value;
+      }
+      peek() {
+        if (!this.#head) {
+          return;
+        }
+        return this.#head.value;
+      }
+      clear() {
+        this.#head = void 0;
+        this.#tail = void 0;
+        this.#size = 0;
+      }
+      get size() {
+        return this.#size;
+      }
+      *[Symbol.iterator]() {
+        let current = this.#head;
+        while (current) {
+          yield current.value;
+          current = current.next;
+        }
+      }
+      *drain() {
+        while (this.#head) {
+          yield this.dequeue();
+        }
+      }
+    };
+  }
+});
+function pLimit(concurrency) {
+  if (!((Number.isInteger(concurrency) || concurrency === Number.POSITIVE_INFINITY) && concurrency > 0)) {
+    throw new TypeError("Expected `concurrency` to be a number from 1 and up");
+  }
+  const queue = new Queue();
+  let activeCount = 0;
+  const next = () => {
+    activeCount--;
+    if (queue.size > 0) {
+      queue.dequeue()();
+    }
+  };
+  const run = async (function_, resolve6, arguments_) => {
+    activeCount++;
+    const result = (async () => function_(...arguments_))();
+    resolve6(result);
+    try {
+      await result;
+    } catch {
+    }
+    next();
+  };
+  const enqueue = (function_, resolve6, arguments_) => {
+    queue.enqueue(
+      AsyncResource.bind(run.bind(void 0, function_, resolve6, arguments_))
+    );
+    (async () => {
+      await Promise.resolve();
+      if (activeCount < concurrency && queue.size > 0) {
+        queue.dequeue()();
+      }
+    })();
+  };
+  const generator = (function_, ...arguments_) => new Promise((resolve6) => {
+    enqueue(function_, resolve6, arguments_);
+  });
+  Object.defineProperties(generator, {
+    activeCount: {
+      get: () => activeCount
+    },
+    pendingCount: {
+      get: () => queue.size
+    },
+    clearQueue: {
+      value() {
+        queue.clear();
+      }
+    }
+  });
+  return generator;
+}
+var init_p_limit = __esm({
+  "../../node_modules/.pnpm/p-limit@5.0.0/node_modules/p-limit/index.js"() {
+    init_yocto_queue();
+  }
+});
+
+// ../../packages/shared-utils/src/concurrency.ts
+function getUploadLimiter(concurrency = UPLOAD_CONCURRENCY) {
+  if (!uploadLimiter) {
+    uploadLimiter = pLimit(concurrency);
+  }
+  return uploadLimiter;
+}
+function getApiCallLimiter(concurrency = API_CALL_CONCURRENCY) {
+  if (!apiCallLimiter) {
+    apiCallLimiter = pLimit(concurrency);
+  }
+  return apiCallLimiter;
+}
+async function withUploadLimit(fn) {
+  return getUploadLimiter()(fn);
+}
+async function withApiCallLimit(fn) {
+  return getApiCallLimiter()(fn);
+}
+var UPLOAD_CONCURRENCY, API_CALL_CONCURRENCY, uploadLimiter, apiCallLimiter;
+var init_concurrency = __esm({
+  "../../packages/shared-utils/src/concurrency.ts"() {
+    init_p_limit();
+    UPLOAD_CONCURRENCY = 4;
+    API_CALL_CONCURRENCY = 6;
+    uploadLimiter = null;
+    apiCallLimiter = null;
+  }
+});
+
+// ../../packages/shared-utils/src/index.ts
+async function fetchWithTimeout(input, init, timeoutMs = DEFAULT_FETCH_TIMEOUT_MS) {
+  const controller = new AbortController();
+  const teardown = () => controller.abort();
+  const timeoutId = setTimeout(teardown, timeoutMs);
+  if (init?.signal) {
+    if (init.signal.aborted) {
+      clearTimeout(timeoutId);
+      throw new DOMException("Aborted", "AbortError");
+    }
+    init.signal.addEventListener("abort", teardown);
+  }
+  try {
+    const response = await fetch(input, { ...init, signal: controller.signal });
+    clearTimeout(timeoutId);
+    if (init?.signal) init.signal.removeEventListener("abort", teardown);
+    return response;
+  } catch (err) {
+    clearTimeout(timeoutId);
+    if (init?.signal) init.signal.removeEventListener("abort", teardown);
+    throw err;
+  }
+}
+var DEFAULT_FETCH_TIMEOUT_MS;
+var init_src = __esm({
+  "../../packages/shared-utils/src/index.ts"() {
+    init_retry();
+    init_concurrency();
+    DEFAULT_FETCH_TIMEOUT_MS = 3e4;
+  }
+});
 function getContentType(filePath) {
   const ext = path18.extname(filePath).toLowerCase();
   return CONTENT_TYPES[ext] || "application/octet-stream";
@@ -3272,8 +3492,9 @@ function createVideoStorageService(env2) {
   return new VideoStorageService(config);
 }
 var CONTENT_TYPES, S3StorageClient, LocalStorageClient, VideoStorageService;
-var init_chunk_ALU7SPZV = __esm({
-  "../../packages/core/dist/chunk-ALU7SPZV.js"() {
+var init_chunk_2NLPIC5E = __esm({
+  "../../packages/core/dist/chunk-2NLPIC5E.js"() {
+    init_src();
     CONTENT_TYPES = {
       ".webm": "video/webm",
       ".mp4": "video/mp4",
@@ -3549,19 +3770,23 @@ var init_chunk_ALU7SPZV = __esm({
       }
       /**
        * Upload all reality check artifacts from a directory.
+       * Uses concurrency limiting to avoid exhausting memory/connections.
        */
       async uploadRealityCheckArtifacts(artifactsDir, projectId, checkId) {
         const result = {
           videoUrl: "",
           screenshots: []
         };
+        const uploadLimit = getUploadLimiter();
         const videosDir = path18.join(artifactsDir, "videos");
         try {
           const videoFiles = await fs102.readdir(videosDir);
           const videoFile = videoFiles.find((f) => f.endsWith(".webm") || f.endsWith(".mp4"));
           if (videoFile) {
             const videoPath = path18.join(videosDir, videoFile);
-            const uploadResult = await this.uploadVideo(videoPath, projectId, checkId);
+            const uploadResult = await uploadLimit(
+              () => this.uploadVideo(videoPath, projectId, checkId)
+            );
             result.videoUrl = uploadResult.url;
             result.duration = await this.getVideoDuration(videoPath);
           }
@@ -3573,26 +3798,26 @@ var init_chunk_ALU7SPZV = __esm({
           const imageFiles = screenshotFiles.filter(
             (f) => f.endsWith(".png") || f.endsWith(".jpg") || f.endsWith(".jpeg")
           );
-          let index = 0;
-          for (const file2 of imageFiles.sort()) {
+          const screenshotTasks = imageFiles.sort().map((file2, index) => {
             const screenshotPath = path18.join(screenshotsDir, file2);
             const timestampMatch = file2.match(/-(\d+)ms\./);
             const timestamp = timestampMatch ? parseInt(timestampMatch[1], 10) : index * 1e3;
             const routeMatch = file2.match(/^(.+?)-\d+ms\./);
             const route = routeMatch ? routeMatch[1].replace(/-/g, "/") : void 0;
-            const uploadResult = await this.uploadScreenshot(
-              screenshotPath,
-              projectId,
-              checkId,
-              index,
-              { timestamp, route }
-            );
-            result.screenshots.push({
-              url: uploadResult.url,
-              timestamp,
-              route
+            return uploadLimit(async () => {
+              const uploadResult = await this.uploadScreenshot(
+                screenshotPath,
+                projectId,
+                checkId,
+                index,
+                { timestamp, route }
+              );
+              return { url: uploadResult.url, timestamp, route };
             });
-            index++;
+          });
+          const screenshotResults = await Promise.all(screenshotTasks);
+          for (const s of screenshotResults) {
+            result.screenshots.push(s);
           }
         } catch {
         }
@@ -5687,7 +5912,7 @@ async function discoverFiles(options) {
       };
     }
   }
-  const files = await fg(includePatterns, {
+  const files = await fg2(includePatterns, {
     cwd: rootDir,
     absolute: true,
     ignore: excludePatterns,
@@ -12634,10 +12859,11 @@ function getISLTranslator(config) {
 function resetISLTranslator() {
   globalTranslator = null;
 }
-var ISLTypeRef, ISLField, ISLExpression, ISLPostconditionBranch, ISLEntity, ISLBehavior, ISLDomain, TranslatorAssumption, TranslatorQuestion, ClauseConfidence, TranslatorOutput, TRANSLATOR_OUTPUT_SCHEMA, ISL_TRANSLATOR_SYSTEM_PROMPT, SPEC_TEMPLATES, DEFAULT_CONFIG4, ISLTranslator, globalTranslator;
-var init_chunk_KZUPVFL2 = __esm({
-  "../../packages/core/dist/chunk-KZUPVFL2.js"() {
+var ISLTypeRef, ISLField, ISLExpression, ISLPostconditionBranch, ISLEntity, ISLBehavior, ISLDomain, TranslatorAssumption, TranslatorQuestion, ClauseConfidence, TranslatorOutput, TRANSLATOR_OUTPUT_SCHEMA, ISL_TRANSLATOR_SYSTEM_PROMPT, SPEC_TEMPLATES, LLM_REQUEST_TIMEOUT_MS, DEFAULT_CONFIG4, ISLTranslator, globalTranslator;
+var init_chunk_3M5P5OHI = __esm({
+  "../../packages/core/dist/chunk-3M5P5OHI.js"() {
     init_chunk_CKFIPOYN();
+    init_src();
     init_dist2();
     ISLTypeRef = z.object({
       kind: z.literal("TypeRef"),
@@ -13140,6 +13366,7 @@ Remember: Your job is to EXTRACT intent and structure it, not to generate code.
         }
       }
     };
+    LLM_REQUEST_TIMEOUT_MS = 6e4;
     DEFAULT_CONFIG4 = {
       provider: "anthropic",
       model: "claude-sonnet-4-20250514",
@@ -13355,23 +13582,25 @@ Please fix these issues in your next output.`;
         if (!apiKey) {
           throw new Error("Anthropic API key not configured");
         }
-        const response = await fetch("https://api.anthropic.com/v1/messages", {
-          method: "POST",
-          headers: {
-            "Content-Type": "application/json",
-            "x-api-key": apiKey,
-            "anthropic-version": "2023-06-01"
+        const response = await fetchWithTimeout(
+          "https://api.anthropic.com/v1/messages",
+          {
+            method: "POST",
+            headers: {
+              "Content-Type": "application/json",
+              "x-api-key": apiKey,
+              "anthropic-version": "2023-06-01"
+            },
+            body: JSON.stringify({
+              model: this.config.model,
+              max_tokens: 4096,
+              temperature: this.config.temperature,
+              system: systemPrompt,
+              messages: [{ role: "user", content: userPrompt }]
+            })
           },
-          body: JSON.stringify({
-            model: this.config.model,
-            max_tokens: 4096,
-            temperature: this.config.temperature,
-            system: systemPrompt,
-            messages: [
-              { role: "user", content: userPrompt }
-            ]
-          })
-        });
+          LLM_REQUEST_TIMEOUT_MS
+        );
         if (!response.ok) {
           const error = await response.text();
           throw new Error(`Anthropic API error: ${error}`);
@@ -13391,22 +13620,26 @@ Please fix these issues in your next output.`;
         if (!apiKey) {
           throw new Error("OpenAI API key not configured");
         }
-        const response = await fetch("https://api.openai.com/v1/chat/completions", {
-          method: "POST",
-          headers: {
-            "Content-Type": "application/json",
-            "Authorization": `Bearer ${apiKey}`
+        const response = await fetchWithTimeout(
+          "https://api.openai.com/v1/chat/completions",
+          {
+            method: "POST",
+            headers: {
+              "Content-Type": "application/json",
+              "Authorization": `Bearer ${apiKey}`
+            },
+            body: JSON.stringify({
+              model: this.config.model,
+              temperature: this.config.temperature,
+              messages: [
+                { role: "system", content: systemPrompt },
+                { role: "user", content: userPrompt }
+              ],
+              response_format: { type: "json_object" }
+            })
           },
-          body: JSON.stringify({
-            model: this.config.model,
-            temperature: this.config.temperature,
-            messages: [
-              { role: "system", content: systemPrompt },
-              { role: "user", content: userPrompt }
-            ],
-            response_format: { type: "json_object" }
-          })
-        });
+          LLM_REQUEST_TIMEOUT_MS
+        );
         if (!response.ok) {
           const error = await response.text();
           throw new Error(`OpenAI API error: ${error}`);
@@ -13423,20 +13656,22 @@ Please fix these issues in your next output.`;
        */
       async callLocal(systemPrompt, userPrompt) {
         const apiBase = this.config.apiBase || "http://localhost:11434";
-        const response = await fetch(`${apiBase}/api/generate`, {
-          method: "POST",
-          headers: {
-            "Content-Type": "application/json"
-          },
-          body: JSON.stringify({
-            model: this.config.model,
-            prompt: `${systemPrompt}
+        const response = await fetchWithTimeout(
+          `${apiBase}/api/generate`,
+          {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+              model: this.config.model,
+              prompt: `${systemPrompt}
 
 ${userPrompt}`,
-            stream: false,
-            format: "json"
-          })
-        });
+              stream: false,
+              format: "json"
+            })
+          },
+          LLM_REQUEST_TIMEOUT_MS
+        );
         if (!response.ok) {
           const error = await response.text();
           throw new Error(`Local API error: ${error}`);
@@ -40862,7 +41097,7 @@ function deepFreeze(obj) {
   }
   return obj;
 }
-async function withRetry(fn, config = {}) {
+async function withRetry2(fn, config = {}) {
   const cfg = { ...DEFAULT_RETRY_CONFIG, ...config };
   let lastError = null;
   let delay = cfg.initialDelayMs;
@@ -41798,8 +42033,8 @@ async function isAllowed(projectRoot, type, value) {
   }
 }
 var DEFAULT_CONFIG10, DRIFT_WEIGHTS, ScopeCreepDetector, IntentValidator, DEFAULT_OPTIONS6, PARSER_OPTIONS, ClaimExtractor, DEFAULT_CONFIG25, BUILTIN_MODULES, EvidenceResolver, POLICY_LIMITS, VALID_SEVERITIES, PolicyEngine, UnblockPlanner, DEFAULT_CONFIG34, modeValidator, actionValidator, AgentFirewall, ContractGenerator, ContractVerifier, DEFAULT_WEIGHTS, TrustScorer, BEHAVIOR_TEMPLATES, ENTITY_TEMPLATES, ISLGenerator, globalGenerator, IntentStore, globalIntentStore, MissionService, globalMissionService, TIER_A_RULES, TIER_B_RULES, TIER_C_RULES, BaseRule, DEFAULT_CONFIG44, GhostRouteRule, DEFAULT_CONFIG54, GhostEnvRule, DEFAULT_CONFIG63, AuthDriftRule, DEFAULT_CONFIG72, ContractDriftRule, DEFAULT_CONFIG82, ScopeExplosionRule, DEFAULT_CONFIG92, UnsafeSideEffectRule, ObserveModeManager, DEFAULT_ALLOWLIST, ALLOWLIST_FILENAME, AllowlistManager;
-var init_chunk_4MEEGNJS = __esm({
-  "../../packages/core/dist/chunk-4MEEGNJS.js"() {
+var init_chunk_QXRHICLP = __esm({
+  "../../packages/core/dist/chunk-QXRHICLP.js"() {
     init_chunk_DFJL4MLU();
     init_chunk_SKXQ6JUA();
     init_chunk_4EQXFW4J();
@@ -43077,7 +43312,7 @@ var init_chunk_4MEEGNJS = __esm({
       async loadTruthpack(name) {
         const filePath = path18.join(this.config.projectRoot, this.config.truthpackPath, `${name}.json`);
         try {
-          return await withRetry(
+          return await withRetry2(
             async () => {
               const content = await fs102.readFile(filePath, "utf-8");
               return JSON.parse(content);
@@ -44514,7 +44749,7 @@ var init_chunk_4MEEGNJS = __esm({
         if (this.auditBuffer.length === 0) return;
         const entries = this.auditBuffer.splice(0, this.auditBuffer.length);
         try {
-          await withRetry(
+          await withRetry2(
             async () => {
               const logPath = path18.isAbsolute(this.config.auditLogPath) ? this.config.auditLogPath : path18.join(this.config.projectRoot, this.config.auditLogPath);
               await fs102.mkdir(path18.dirname(logPath), { recursive: true });
@@ -63200,7 +63435,7 @@ __export(dist_exports, {
   visualizePath: () => visualizePath,
   visualizeReport: () => visualizeReport,
   vulnToSarifResult: () => vulnToSarifResult,
-  withRetry: () => withRetry,
+  withRetry: () => withRetry2,
   wrapError: () => wrapError2,
   writeCursorRules: () => writeCursorRules,
   writeHooks: () => writeHooks,
@@ -63752,8 +63987,8 @@ async function loadFiles(projectPath, patterns, excludePatterns, incremental, lo
   const files = /* @__PURE__ */ new Map();
   const oldHashes = incremental ? await loadHashCache(projectPath) : /* @__PURE__ */ new Map();
   const newHashes = /* @__PURE__ */ new Map();
-  const fg22 = await import('fast-glob');
-  const glob42 = fg22.default || fg22;
+  const fg32 = await import('fast-glob');
+  const glob42 = fg32.default || fg32;
   const filePaths = await glob42(patterns, {
     cwd: projectPath,
     absolute: true,
@@ -66857,6 +67092,68 @@ function shouldGenerateForPlatform(platform2, detection, forceAll = false) {
   }
   return detection.recommendedPlatforms.includes(platform2);
 }
+async function scanTruthpack(projectRoot, config) {
+  const scanner = new TruthpackScanner(projectRoot, config);
+  return scanner.scan();
+}
+async function saveTruthpack(projectRoot, data) {
+  const truthpackDir = path18.join(projectRoot, TRUTHPACK_DIR);
+  await fs102.mkdir(truthpackDir, { recursive: true });
+  await Promise.all([
+    fs102.writeFile(
+      path18.join(truthpackDir, "routes.json"),
+      JSON.stringify(
+        {
+          version: "1.0.0",
+          generatedAt: data.meta.generatedAt,
+          routes: data.routes
+        },
+        null,
+        2
+      )
+    ),
+    fs102.writeFile(
+      path18.join(truthpackDir, "env.json"),
+      JSON.stringify(
+        {
+          version: "1.0.0",
+          generatedAt: data.meta.generatedAt,
+          variables: data.envVars
+        },
+        null,
+        2
+      )
+    ),
+    fs102.writeFile(
+      path18.join(truthpackDir, "auth.json"),
+      JSON.stringify(
+        {
+          version: "1.0.0",
+          generatedAt: data.meta.generatedAt,
+          rules: data.authRules
+        },
+        null,
+        2
+      )
+    ),
+    fs102.writeFile(
+      path18.join(truthpackDir, "contracts.json"),
+      JSON.stringify(
+        {
+          version: "1.0.0",
+          generatedAt: data.meta.generatedAt,
+          contracts: data.contracts
+        },
+        null,
+        2
+      )
+    ),
+    fs102.writeFile(
+      path18.join(truthpackDir, "meta.json"),
+      JSON.stringify(data.meta, null, 2)
+    )
+  ]);
+}
 async function detectPhase(config, contextMemory) {
   const signals = [];
   const [
@@ -68771,18 +69068,29 @@ async function extractTruthpackContext(projectPath) {
     const envPath = path18.join(truthpackDir, "env.json");
     if (fs15.existsSync(envPath)) {
       const envData = JSON.parse(fs15.readFileSync(envPath, "utf-8"));
-      const variables = envData.variables || {};
-      context.envVars = Object.entries(variables).map(([name, info]) => ({
-        name,
-        required: info.required,
-        hasDefault: !!info.default
-      }));
+      const variables = envData.variables;
+      if (Array.isArray(variables)) {
+        context.envVars = variables.map((v) => ({
+          name: v.name,
+          required: v.required,
+          hasDefault: !!(v.hasDefault ?? v.defaultValue)
+        }));
+      } else if (variables && typeof variables === "object") {
+        context.envVars = Object.entries(variables).map(([name, info]) => ({
+          name,
+          required: info.required,
+          hasDefault: !!info.default
+        }));
+      }
     }
     const authPath = path18.join(truthpackDir, "auth.json");
     if (fs15.existsSync(authPath)) {
       const authData = JSON.parse(fs15.readFileSync(authPath, "utf-8"));
       context.authProviders = authData.providers || [];
       context.authMiddleware = authData.middleware || [];
+      if (authData.rules?.length && !context.authMiddleware.length) {
+        context.authMiddleware = authData.rules.map((r) => r.name);
+      }
     }
     const contractsPath = path18.join(truthpackDir, "contracts.json");
     if (fs15.existsSync(contractsPath)) {
@@ -68801,6 +69109,21 @@ async function forge(projectPath, options = {}) {
   const config = { ...DEFAULT_FORGE_CONFIG, ...options };
   const startTime = Date.now();
   const absProjectPath = path18.resolve(projectPath);
+  const truthpackDir = path18.join(absProjectPath, ".vibecheck", "truthpack");
+  const hasTruthpack = fs15.existsSync(path18.join(truthpackDir, "routes.json"));
+  if (!hasTruthpack || config.refreshTruthpack) {
+    try {
+      const data = await scanTruthpack(absProjectPath, DEFAULT_TRUTHPACK_SCANNER);
+      await saveTruthpack(absProjectPath, data);
+      if (config.verbose) {
+        console.log(`\u{1F4CA} Truthpack refreshed: ${data.routes.length} routes, ${data.contracts.length} contracts`);
+      }
+    } catch (err) {
+      if (config.verbose) {
+        console.warn("\u26A0\uFE0F Truthpack refresh skipped:", err instanceof Error ? err.message : err);
+      }
+    }
+  }
   let ideDetection = null;
   let effectivePlatforms = config.platforms;
   if (config.autoDetectIDE !== false) {
@@ -68992,6 +69315,7 @@ function parseArgs(args) {
     if (arg === "standard") opts.tier = "standard";
     if (arg === "extended") opts.tier = "extended";
     if (arg === "comprehensive") opts.tier = "comprehensive";
+    if (arg === "--refresh-truthpack") opts.refreshTruthpack = true;
   }
   return opts;
 }
@@ -69022,6 +69346,7 @@ OPTIONS:
   --auto-detect          Auto-detect IDE (default behavior)
   --no-auto-detect       Disable IDE auto-detection
   --all-platforms        Generate rules for ALL platforms (no auto-detect)
+  --refresh-truthpack    Rescan codebase and refresh .vibecheck/truthpack before generating
   --verbose, -v          Show detailed output
   --help, -h             Show this help
 
@@ -69437,11 +69762,11 @@ function findAllPaths(startId, endId, adjacency, nodes, edges, maxDepth) {
     { path: [startId], visited: /* @__PURE__ */ new Set([startId]) }
   ];
   while (queue.length > 0) {
-    const { path: path342, visited } = queue.shift();
-    const current = path342[path342.length - 1];
-    if (path342.length > maxDepth) continue;
+    const { path: path352, visited } = queue.shift();
+    const current = path352[path352.length - 1];
+    if (path352.length > maxDepth) continue;
     if (current === endId) {
-      paths.push([...path342]);
+      paths.push([...path352]);
       continue;
     }
     const neighbors = adjacency.get(current) || [];
@@ -69449,7 +69774,7 @@ function findAllPaths(startId, endId, adjacency, nodes, edges, maxDepth) {
       if (!visited.has(neighbor)) {
         const newVisited = new Set(visited);
         newVisited.add(neighbor);
-        queue.push({ path: [...path342, neighbor], visited: newVisited });
+        queue.push({ path: [...path352, neighbor], visited: newVisited });
       }
     }
   }
@@ -69467,21 +69792,21 @@ function getPathEdges(nodeIds, allEdges) {
 }
 function detectFlowIssues(paths) {
   const issues = [];
-  for (const path342 of paths) {
-    if (!path342.hasValidation && path342.risk.level !== "low") {
+  for (const path352 of paths) {
+    if (!path352.hasValidation && path352.risk.level !== "low") {
       issues.push({
         id: generateId2(),
-        severity: path342.risk.level === "critical" ? "critical" : path342.risk.level === "high" ? "error" : "warning",
+        severity: path352.risk.level === "critical" ? "critical" : path352.risk.level === "high" ? "error" : "warning",
         type: "missing_validation",
-        title: `Unvalidated data flow to ${path342.sink.sinkCategory}`,
-        description: `Data from ${path342.source.sourceCategory} flows to ${path342.sink.sinkCategory} without validation.`,
-        path: path342,
-        suggestion: getSuggestionForSink(path342.sink.sinkCategory),
+        title: `Unvalidated data flow to ${path352.sink.sinkCategory}`,
+        description: `Data from ${path352.source.sourceCategory} flows to ${path352.sink.sinkCategory} without validation.`,
+        path: path352,
+        suggestion: getSuggestionForSink(path352.sink.sinkCategory),
         docLink: getDocLinkForIssue("missing_validation")
       });
     }
-    if (path342.sink.riskLevel === "critical") {
-      const hasProperSanitization = path342.validations.some(
+    if (path352.sink.riskLevel === "critical") {
+      const hasProperSanitization = path352.validations.some(
         (v) => v.metadata?.patternName === "sanitization" || v.metadata?.patternName === "parameterized_query"
       );
       if (!hasProperSanitization) {
@@ -69489,22 +69814,22 @@ function detectFlowIssues(paths) {
           id: generateId2(),
           severity: "critical",
           type: "unsafe_sink",
-          title: `Potentially unsafe ${path342.sink.sinkCategory}`,
-          description: `Data flows to a critical sink (${path342.sink.label}) without proper sanitization.`,
-          path: path342,
-          suggestion: getSuggestionForSink(path342.sink.sinkCategory),
+          title: `Potentially unsafe ${path352.sink.sinkCategory}`,
+          description: `Data flows to a critical sink (${path352.sink.label}) without proper sanitization.`,
+          path: path352,
+          suggestion: getSuggestionForSink(path352.sink.sinkCategory),
           docLink: getDocLinkForIssue("unsafe_sink")
         });
       }
     }
-    if (path342.source.sourceCategory === "user_input" && ["sql_query", "shell_exec", "eval", "html_render"].includes(path342.sink.sinkCategory || "")) {
+    if (path352.source.sourceCategory === "user_input" && ["sql_query", "shell_exec", "eval", "html_render"].includes(path352.sink.sinkCategory || "")) {
       issues.push({
         id: generateId2(),
         severity: "critical",
         type: "untrusted_source",
         title: "User input flows to sensitive operation",
-        description: `User input from ${path342.source.label} flows directly to ${path342.sink.label}.`,
-        path: path342,
+        description: `User input from ${path352.source.label} flows directly to ${path352.sink.label}.`,
+        path: path352,
         suggestion: "Always validate and sanitize user input before using it in sensitive operations.",
         docLink: getDocLinkForIssue("untrusted_source")
       });
@@ -69999,17 +70324,17 @@ async function recordTelemetryEvent(projectRoot, event, context) {
   await service.load();
   await service.recordEvent(event, context);
 }
-var DEFAULT_CONFIG15, PostSaveHook, execAsync2, DEFAULT_CONFIG210, PreCommitHook, DEFAULT_CONFIG38, BUILTINS, DependencyCheckHook, DEFAULT_CONFIG48, hookTypeValidator, HooksManager, DEFAULT_CONFIG58, AUDIT_TYPES, typeValidator, resultValidator, AuditLogger, DEFAULT_CONFIG66, HallucinationAnalytics, DEFAULT_CONFIG75, EvidencePackGenerator, HybridModeService, DEFAULT_PREDICTIVE_CONFIG, DEFAULT_INTELLIGENCE_CONFIG, DEFAULT_CONFIG84, ProjectLearner, globalLearner, DEFAULT_CONFIG93, FILE_TYPE_PATTERNS, PURPOSE_PATTERNS, SENSITIVITY_INDICATORS, SemanticContextAnalyzer, globalAnalyzer, DEFAULT_CONFIG102, PredictiveEngine, globalEngine2, DEFAULT_CONFIG112, IntelligenceEngine, globalEngine22, DEFAULT_INCREMENTAL_CONFIG, DEFAULT_WORKER_POOL_CONFIG, DEFAULT_STREAM_CONFIG, DEFAULT_MULTI_CACHE_CONFIG, DEFAULT_CONFIG122, IncrementalEngine, globalEngine3, DEFAULT_CONFIG132, WorkerPool, DEFAULT_CONFIG142, ProgressTracker, gzipAsync2, gunzipAsync2, DEFAULT_CONFIG152, MultiLevelCache, globalCache, DEFAULT_CONFIG16, PerformanceScanner, globalScanner2, DEFAULT_OPTIONS7, HallucinationEngine, globalEngine4, EXTRACTION_PATTERNS, PROMPT_PATTERNS, ClaimExtractor2, globalExtractor2, DEFAULT_CONFIG17, RealtimeAnalyzer, globalAnalyzer2, DEFAULT_OPTIONS23, HASH_CACHE_PATH, FILE_CONTENT_CACHE, DEFAULT_LEARNING_CONFIG, LearningStorage, ConfidenceCalibrator2, IssueTracker, LearningSystem, globalLearningSystem, DEFAULT_WORKER_CONFIG, WorkerPool2, globalPool, DEFAULT_OPTIONS33, ResultStream, GitChangeDetector, ParallelAnalyzer, DEFAULT_POLICY_OPTIONS, severitySchema, metavariableComparisonSchema, pathFilterSchema, autofixSchema, ruleMetadataSchema, policyRuleSchema, policyConfigSchema, EXAMPLE_POLICY, policyCache, PolicyParser, PolicyResolver, PolicyEngine2, globalEngine5, DEFAULT_PERMISSIONS, DEFAULT_OPTIONS42, PluginLoader, DEFAULT_SANDBOX_OPTIONS, SandboxedRuleContext, PluginSandbox, FROZEN_GLOBALS, BLOCKED_GLOBALS, PluginManager, globalManager, TIER_CONFIGS, DEFAULT_FORGE_CONFIG, PHASE_RULE_CONFIGS, CATEGORY_IMPACT_WEIGHTS, VIBECHECK_ATTRIBUTION, VIBECHECK_ATTRIBUTION2, VIBECHECK_ATTRIBUTION_SKILL, SIGNAL_WEIGHTS, IGNORED_DIRS, SOURCE_EXTENSIONS, TEST_PATTERNS2, CONTEXT_FILE, VIBECHECK_DIR, MEMORY_VERSION, MAX_HISTORY_ENTRIES, MAX_BEHAVIOR_SIGNALS, VELOCITY_WINDOW_DAYS, ContextMemory, DEFAULT_DEBOUNCE_MS, DEFAULT_BATCH_THRESHOLD, BATCH_WINDOW_MS, COMMIT_SETTLE_MS, DEFAULT_WATCH_PATTERNS, DEFAULT_IGNORE_PATTERNS, STRUCTURAL_PATTERNS, CONFIG_PATTERNS2, DEPENDENCY_PATTERNS, ForgeWatcher, ChangeAccumulator, DEFAULT_WINDOW_MS, DEFAULT_THRESHOLD, CLEANUP_INTERVAL_MS, BatchDetector, SCAFFOLD_PATTERNS, PHASE_CONFIGS, CHANGE_TO_RULE_MAP, RuleOrchestrator, MEMORY_VERSION2, MEMORY_FILE, VIBECHECK_DIR2, MAX_TIMELINE_EVENTS, MAX_CONVERSATIONS, MAX_CODE_CHANGES2, MAX_INSIGHTS, MAX_SESSIONS, EnhancedMemorySystem, SUPPORTED_EXTENSIONS, PATTERNS22, analysisCache, IGNORED_DIRS2, SOURCE_EXTENSIONS2, COMPLEXITY_THRESHOLDS, MIN_FREQUENCY_THRESHOLD, MIN_EXAMPLES, IGNORED_DIRS3, SOURCE_EXTENSIONS3, generateId, DEFAULT_SOURCE_PATTERNS, DEFAULT_SINK_PATTERNS, DEFAULT_VALIDATION_PATTERNS, generateId2, FlowTracingEngine, COLORS, BOX, DEFAULT_SAFE_MODE_CONFIG, AGGRESSIVE_MODE_CONFIG, SafeModeManager, SAFE_PATTERNS, MEDIUM_PATTERNS, HIGH_PATTERNS, DESTRUCTIVE_PATTERNS, ActionClassifier, ChaosSessionRecorder, DEFAULT_REPLAY_OPTIONS, TELEMETRY_FILENAME, FIRST_SESSION_DURATION_MS, TelemetryService;
+var DEFAULT_CONFIG15, PostSaveHook, execAsync2, DEFAULT_CONFIG210, PreCommitHook, DEFAULT_CONFIG38, BUILTINS, DependencyCheckHook, DEFAULT_CONFIG48, hookTypeValidator, HooksManager, DEFAULT_CONFIG58, AUDIT_TYPES, typeValidator, resultValidator, AuditLogger, DEFAULT_CONFIG66, HallucinationAnalytics, DEFAULT_CONFIG75, EvidencePackGenerator, HybridModeService, DEFAULT_PREDICTIVE_CONFIG, DEFAULT_INTELLIGENCE_CONFIG, DEFAULT_CONFIG84, ProjectLearner, globalLearner, DEFAULT_CONFIG93, FILE_TYPE_PATTERNS, PURPOSE_PATTERNS, SENSITIVITY_INDICATORS, SemanticContextAnalyzer, globalAnalyzer, DEFAULT_CONFIG102, PredictiveEngine, globalEngine2, DEFAULT_CONFIG112, IntelligenceEngine, globalEngine22, DEFAULT_INCREMENTAL_CONFIG, DEFAULT_WORKER_POOL_CONFIG, DEFAULT_STREAM_CONFIG, DEFAULT_MULTI_CACHE_CONFIG, DEFAULT_CONFIG122, IncrementalEngine, globalEngine3, DEFAULT_CONFIG132, WorkerPool, DEFAULT_CONFIG142, ProgressTracker, gzipAsync2, gunzipAsync2, DEFAULT_CONFIG152, MultiLevelCache, globalCache, DEFAULT_CONFIG16, PerformanceScanner, globalScanner2, DEFAULT_OPTIONS7, HallucinationEngine, globalEngine4, EXTRACTION_PATTERNS, PROMPT_PATTERNS, ClaimExtractor2, globalExtractor2, DEFAULT_CONFIG17, RealtimeAnalyzer, globalAnalyzer2, DEFAULT_OPTIONS23, HASH_CACHE_PATH, FILE_CONTENT_CACHE, DEFAULT_LEARNING_CONFIG, LearningStorage, ConfidenceCalibrator2, IssueTracker, LearningSystem, globalLearningSystem, DEFAULT_WORKER_CONFIG, WorkerPool2, globalPool, DEFAULT_OPTIONS33, ResultStream, GitChangeDetector, ParallelAnalyzer, DEFAULT_POLICY_OPTIONS, severitySchema, metavariableComparisonSchema, pathFilterSchema, autofixSchema, ruleMetadataSchema, policyRuleSchema, policyConfigSchema, EXAMPLE_POLICY, policyCache, PolicyParser, PolicyResolver, PolicyEngine2, globalEngine5, DEFAULT_PERMISSIONS, DEFAULT_OPTIONS42, PluginLoader, DEFAULT_SANDBOX_OPTIONS, SandboxedRuleContext, PluginSandbox, FROZEN_GLOBALS, BLOCKED_GLOBALS, PluginManager, globalManager, TIER_CONFIGS, DEFAULT_FORGE_CONFIG, PHASE_RULE_CONFIGS, CATEGORY_IMPACT_WEIGHTS, VIBECHECK_ATTRIBUTION, VIBECHECK_ATTRIBUTION2, VIBECHECK_ATTRIBUTION_SKILL, TRUTHPACK_DIR, TruthpackScanner, SIGNAL_WEIGHTS, IGNORED_DIRS, SOURCE_EXTENSIONS, TEST_PATTERNS2, CONTEXT_FILE, VIBECHECK_DIR, MEMORY_VERSION, MAX_HISTORY_ENTRIES, MAX_BEHAVIOR_SIGNALS, VELOCITY_WINDOW_DAYS, ContextMemory, DEFAULT_DEBOUNCE_MS, DEFAULT_BATCH_THRESHOLD, BATCH_WINDOW_MS, COMMIT_SETTLE_MS, DEFAULT_WATCH_PATTERNS, DEFAULT_IGNORE_PATTERNS, STRUCTURAL_PATTERNS, CONFIG_PATTERNS2, DEPENDENCY_PATTERNS, ForgeWatcher, ChangeAccumulator, DEFAULT_WINDOW_MS, DEFAULT_THRESHOLD, CLEANUP_INTERVAL_MS, BatchDetector, SCAFFOLD_PATTERNS, PHASE_CONFIGS, CHANGE_TO_RULE_MAP, RuleOrchestrator, MEMORY_VERSION2, MEMORY_FILE, VIBECHECK_DIR2, MAX_TIMELINE_EVENTS, MAX_CONVERSATIONS, MAX_CODE_CHANGES2, MAX_INSIGHTS, MAX_SESSIONS, EnhancedMemorySystem, SUPPORTED_EXTENSIONS, PATTERNS22, analysisCache, IGNORED_DIRS2, SOURCE_EXTENSIONS2, COMPLEXITY_THRESHOLDS, MIN_FREQUENCY_THRESHOLD, MIN_EXAMPLES, IGNORED_DIRS3, SOURCE_EXTENSIONS3, DEFAULT_TRUTHPACK_SCANNER, generateId, DEFAULT_SOURCE_PATTERNS, DEFAULT_SINK_PATTERNS, DEFAULT_VALIDATION_PATTERNS, generateId2, FlowTracingEngine, COLORS, BOX, DEFAULT_SAFE_MODE_CONFIG, AGGRESSIVE_MODE_CONFIG, SafeModeManager, SAFE_PATTERNS, MEDIUM_PATTERNS, HIGH_PATTERNS, DESTRUCTIVE_PATTERNS, ActionClassifier, ChaosSessionRecorder, DEFAULT_REPLAY_OPTIONS, TELEMETRY_FILENAME, FIRST_SESSION_DURATION_MS, TelemetryService;
 var init_dist3 = __esm({
   "../../packages/core/dist/index.js"() {
     init_chunk_77VSC4EV();
     init_chunk_7A7U3ABV();
-    init_chunk_ALU7SPZV();
+    init_chunk_2NLPIC5E();
     init_chunk_VHEV5Y4C();
     init_chunk_3AO6JE6F();
     init_chunk_KCKIH3Q3();
     init_chunk_KCKIH3Q3();
-    init_chunk_KZUPVFL2();
+    init_chunk_3M5P5OHI();
     init_chunk_J2QKZNYI();
     init_chunk_CKFIPOYN();
     init_chunk_BCWLBWUJ();
@@ -70030,8 +70355,8 @@ var init_dist3 = __esm({
     init_chunk_ENJMGXRB();
     init_chunk_VB6M3WM5();
     init_chunk_VB6M3WM5();
-    init_chunk_4MEEGNJS();
-    init_chunk_4MEEGNJS();
+    init_chunk_QXRHICLP();
+    init_chunk_QXRHICLP();
     init_chunk_DFJL4MLU();
     init_chunk_WS67ECG2();
     init_chunk_WS67ECG2();
@@ -70975,7 +71300,7 @@ ${errors} error(s), ${warnings} warning(s), ${infos} info`;
         this.logger.debug(`Running ${hookType} hook`);
         try {
           const result = await circuitBreaker.execute(async () => {
-            return withRetry(
+            return withRetry2(
               async () => {
                 return withTimeout2(
                   fn,
@@ -71476,7 +71801,7 @@ ${issues.map((i) => `  - ${i}`).join("\n")}`;
       async doFlush(entries) {
         const logDir = path18.join(this.projectRoot, this.config.logDirectory);
         try {
-          await withRetry(
+          await withRetry2(
             async () => {
               await fs102.mkdir(logDir, { recursive: true });
               if (!this.currentLogFile || await this.shouldRotate()) {
@@ -76101,8 +76426,8 @@ ${content}`;
         const findings = [];
         const absolutePath = path18.join(this.options.projectRoot, filePath);
         try {
-          const fs30 = await import('fs/promises');
-          const content = await fs30.readFile(absolutePath, "utf-8");
+          const fs31 = await import('fs/promises');
+          const content = await fs31.readFile(absolutePath, "utf-8");
           if (this.codeValidator) {
             const result = await this.codeValidator.validate(content, filePath);
             for (const error of result.errors) {
@@ -76216,34 +76541,34 @@ ${content}`;
       }
       async validateTruthpack() {
         const truthpackDir = path18.join(this.options.projectRoot, ".vibecheck/truthpack");
-        const fs30 = await import('fs/promises');
+        const fs31 = await import('fs/promises');
         const validation = {};
         try {
           try {
-            const routesContent = await fs30.readFile(path18.join(truthpackDir, "routes.json"), "utf-8");
+            const routesContent = await fs31.readFile(path18.join(truthpackDir, "routes.json"), "utf-8");
             validation.routes = TruthpackValidators.validateRoutes(JSON.parse(routesContent));
           } catch {
           }
           try {
-            const envContent = await fs30.readFile(path18.join(truthpackDir, "env.json"), "utf-8");
+            const envContent = await fs31.readFile(path18.join(truthpackDir, "env.json"), "utf-8");
             validation.env = TruthpackValidators.validateEnv(JSON.parse(envContent));
           } catch {
           }
           try {
-            const authContent = await fs30.readFile(path18.join(truthpackDir, "auth.json"), "utf-8");
+            const authContent = await fs31.readFile(path18.join(truthpackDir, "auth.json"), "utf-8");
             validation.auth = TruthpackValidators.validateAuth(JSON.parse(authContent));
           } catch {
           }
           try {
-            const contractsContent = await fs30.readFile(path18.join(truthpackDir, "contracts.json"), "utf-8");
+            const contractsContent = await fs31.readFile(path18.join(truthpackDir, "contracts.json"), "utf-8");
             validation.contracts = TruthpackValidators.validateContracts(JSON.parse(contractsContent));
           } catch {
           }
           if (validation.routes || validation.auth || validation.contracts) {
             validation.crossValidation = TruthpackValidators.crossValidate({
-              routes: validation.routes ? JSON.parse(await fs30.readFile(path18.join(truthpackDir, "routes.json"), "utf-8").catch(() => "{}")) : void 0,
-              auth: validation.auth ? JSON.parse(await fs30.readFile(path18.join(truthpackDir, "auth.json"), "utf-8").catch(() => "{}")) : void 0,
-              contracts: validation.contracts ? JSON.parse(await fs30.readFile(path18.join(truthpackDir, "contracts.json"), "utf-8").catch(() => "{}")) : void 0
+              routes: validation.routes ? JSON.parse(await fs31.readFile(path18.join(truthpackDir, "routes.json"), "utf-8").catch(() => "{}")) : void 0,
+              auth: validation.auth ? JSON.parse(await fs31.readFile(path18.join(truthpackDir, "auth.json"), "utf-8").catch(() => "{}")) : void 0,
+              contracts: validation.contracts ? JSON.parse(await fs31.readFile(path18.join(truthpackDir, "contracts.json"), "utf-8").catch(() => "{}")) : void 0
             });
           }
         } catch (error) {
@@ -78855,8 +79180,8 @@ ${content}`;
         await this.pool.destroy();
       }
       async readFile(filePath) {
-        const fs30 = await import('fs/promises');
-        return fs30.readFile(filePath, "utf-8");
+        const fs31 = await import('fs/promises');
+        return fs31.readFile(filePath, "utf-8");
       }
     };
     DEFAULT_POLICY_OPTIONS = {
@@ -80428,6 +80753,314 @@ ${content}`;
 ---
 <!-- vibecheck:attribution -->
 *Verified by VibeCheck \u2713*`;
+    TRUTHPACK_DIR = ".vibecheck/truthpack";
+    TruthpackScanner = class {
+      projectRoot;
+      config;
+      constructor(projectRoot, config) {
+        this.projectRoot = projectRoot;
+        this.config = config;
+      }
+      async scan() {
+        const [routes, envVars, authRules, contracts] = await Promise.all([
+          this.config.routes.enabled ? this.scanRoutes() : Promise.resolve([]),
+          this.config.env.enabled ? this.scanEnvVars() : Promise.resolve([]),
+          this.config.auth.enabled ? this.scanAuth() : Promise.resolve([]),
+          this.config.contracts.enabled ? this.scanContracts() : Promise.resolve([])
+        ]);
+        const meta = {
+          version: "1.0.0",
+          generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+          hash: await this.computeHash({ routes, envVars, authRules, contracts }),
+          scannerVersions: {
+            routes: "1.0.0",
+            env: "1.0.0",
+            auth: "1.0.0",
+            contracts: "1.0.0"
+          },
+          summary: {
+            routes: routes.length,
+            envVars: envVars.length,
+            authRules: authRules.length,
+            contracts: contracts.length
+          }
+        };
+        return { routes, envVars, authRules, contracts, meta };
+      }
+      async scanRoutes() {
+        const routes = [];
+        const files = await fg2(this.config.routes.patterns, {
+          cwd: this.projectRoot,
+          ignore: ["**/node_modules/**", "**/dist/**", "**/build/**"],
+          absolute: true
+        });
+        for (const file2 of files) {
+          const content = await fs102.readFile(file2, "utf-8");
+          const fileRoutes = this.extractRoutes(content, file2);
+          routes.push(...fileRoutes);
+        }
+        return routes;
+      }
+      extractRoutes(content, file2) {
+        const routes = [];
+        const relativePath = path18.relative(this.projectRoot, file2);
+        const expressPattern = /\.(get|post|put|patch|delete|options|head)\s*\(\s*['"`]([^'"`]+)['"`]/gi;
+        let match;
+        while ((match = expressPattern.exec(content)) !== null) {
+          const method = match[1].toUpperCase();
+          const routePath = match[2];
+          const line = content.substring(0, match.index).split("\n").length;
+          routes.push({
+            path: routePath,
+            method,
+            handler: this.extractHandler(content, match.index),
+            file: relativePath,
+            line,
+            parameters: this.extractRouteParams(routePath),
+            middleware: this.extractMiddleware(content, match.index),
+            auth: this.detectAuthRequirement(content, match.index)
+          });
+        }
+        const routerPattern = /router\.(get|post|put|patch|delete|options|head)\s*\(\s*['"`]([^'"`]+)['"`]/gi;
+        while ((match = routerPattern.exec(content)) !== null) {
+          const method = match[1].toUpperCase();
+          const routePath = match[2];
+          const line = content.substring(0, match.index).split("\n").length;
+          routes.push({
+            path: routePath,
+            method,
+            handler: this.extractHandler(content, match.index),
+            file: relativePath,
+            line,
+            parameters: this.extractRouteParams(routePath),
+            middleware: this.extractMiddleware(content, match.index),
+            auth: this.detectAuthRequirement(content, match.index)
+          });
+        }
+        if (file2.includes("/api/") || file2.includes("\\api\\")) {
+          const nextPattern = /export\s+(default\s+)?(async\s+)?function\s+(\w+)/i;
+          const nextMatch = content.match(nextPattern);
+          if (nextMatch) {
+            const apiPath = this.filePathToApiRoute(file2);
+            routes.push({
+              path: apiPath,
+              method: "GET",
+              handler: nextMatch[3] || "handler",
+              file: relativePath,
+              line: 1,
+              parameters: this.extractRouteParams(apiPath),
+              middleware: []
+            });
+          }
+        }
+        return routes;
+      }
+      extractHandler(content, index) {
+        const afterRoute = content.substring(index, index + 200);
+        const handlerMatch = afterRoute.match(/,\s*(\w+)/);
+        return handlerMatch?.[1] ?? "anonymous";
+      }
+      extractRouteParams(routePath) {
+        const params = [];
+        const paramPattern = /:(\w+)/g;
+        let match;
+        while ((match = paramPattern.exec(routePath)) !== null) {
+          params.push({
+            name: match[1],
+            type: "string",
+            required: true,
+            in: "path"
+          });
+        }
+        return params;
+      }
+      extractMiddleware(content, index) {
+        const middleware = [];
+        const beforeRoute = content.substring(Math.max(0, index - 500), index);
+        const authMiddleware = ["authenticate", "auth", "requireAuth", "isAuthenticated", "protect"];
+        const validationMiddleware = ["validate", "validateBody", "validateParams"];
+        for (const mw of [...authMiddleware, ...validationMiddleware]) {
+          if (beforeRoute.includes(mw)) middleware.push(mw);
+        }
+        return middleware;
+      }
+      detectAuthRequirement(content, index) {
+        const context = content.substring(Math.max(0, index - 200), index + 200);
+        const authPatterns = [
+          "authenticate",
+          "auth",
+          "requireAuth",
+          "isAuthenticated",
+          "protect",
+          "jwt",
+          "session"
+        ];
+        for (const pattern of authPatterns) {
+          if (context.toLowerCase().includes(pattern)) {
+            return { required: true };
+          }
+        }
+        return void 0;
+      }
+      filePathToApiRoute(file2) {
+        const relativePath = path18.relative(this.projectRoot, file2);
+        const apiMatch = relativePath.match(/(?:pages|app)\/api\/(.+)\.(ts|js|tsx|jsx)/i);
+        if (apiMatch) {
+          const route = "/" + apiMatch[1].replace(/\[\.\.\.(\w+)\]/g, "*").replace(/\[(\w+)\]/g, ":$1").replace(/\/index$/, "").replace(/\\/g, "/");
+          return "/api" + route;
+        }
+        return "/api/unknown";
+      }
+      async scanEnvVars() {
+        const envVars = [];
+        for (const envFile of this.config.env.files) {
+          const filePath = path18.join(this.projectRoot, envFile);
+          try {
+            const content = await fs102.readFile(filePath, "utf-8");
+            const lines = content.split("\n");
+            for (let i = 0; i < lines.length; i++) {
+              const line = lines[i].trim();
+              if (line.startsWith("#") || !line) continue;
+              const match = line.match(/^([A-Z_][A-Z0-9_]*)=(.*)$/);
+              if (match) {
+                const [, name, value] = match;
+                const isSensitive = this.isSensitiveEnvVar(name ?? "");
+                envVars.push({
+                  name: name ?? "",
+                  file: envFile,
+                  line: i + 1,
+                  hasDefault: (value?.length ?? 0) > 0,
+                  defaultValue: isSensitive ? "[REDACTED]" : value,
+                  required: (value?.length ?? 0) === 0,
+                  sensitive: isSensitive
+                });
+              }
+            }
+          } catch {
+          }
+        }
+        return envVars;
+      }
+      isSensitiveEnvVar(name) {
+        const sensitivePatterns = [
+          "SECRET",
+          "KEY",
+          "PASSWORD",
+          "TOKEN",
+          "PRIVATE",
+          "CREDENTIAL",
+          "AUTH",
+          "API_KEY",
+          "APIKEY"
+        ];
+        return sensitivePatterns.some((p7) => name.toUpperCase().includes(p7));
+      }
+      async scanAuth() {
+        const authRules = [];
+        const files = await fg2(this.config.auth.patterns, {
+          cwd: this.projectRoot,
+          ignore: ["**/node_modules/**", "**/dist/**", "**/build/**"],
+          absolute: true
+        });
+        for (const file2 of files) {
+          const content = await fs102.readFile(file2, "utf-8");
+          const relativePath = path18.relative(this.projectRoot, file2);
+          const rolePattern = /(?:role|ROLE|Role)\s*[=:]\s*['"`](\w+)['"`]/g;
+          let match;
+          while ((match = rolePattern.exec(content)) !== null) {
+            const line = content.substring(0, match.index).split("\n").length;
+            authRules.push({ name: match[1], type: "role", file: relativePath, line });
+          }
+          const permPattern = /(?:permission|PERMISSION|Permission)\s*[=:]\s*['"`](\w+)['"`]/g;
+          while ((match = permPattern.exec(content)) !== null) {
+            const line = content.substring(0, match.index).split("\n").length;
+            authRules.push({ name: match[1], type: "permission", file: relativePath, line });
+          }
+          const middlewarePattern = /(?:export\s+(?:const|function|async function)\s+)?(authenticate|requireAuth|isAuthenticated|protect|authMiddleware)\b/gi;
+          while ((match = middlewarePattern.exec(content)) !== null) {
+            const line = content.substring(0, match.index).split("\n").length;
+            authRules.push({ name: match[1], type: "middleware", file: relativePath, line });
+          }
+        }
+        return Array.from(
+          new Map(authRules.map((r) => [`${r.name}-${r.type}`, r])).values()
+        );
+      }
+      async scanContracts() {
+        const contracts = [];
+        const files = await fg2(["**/*.ts", "**/*.tsx"], {
+          cwd: this.projectRoot,
+          ignore: [
+            "**/node_modules/**",
+            "**/dist/**",
+            "**/build/**",
+            "**/*.test.ts",
+            "**/*.spec.ts"
+          ],
+          absolute: true
+        });
+        for (const file2 of files) {
+          const content = await fs102.readFile(file2, "utf-8");
+          const relativePath = path18.relative(this.projectRoot, file2);
+          const interfacePattern = /export\s+interface\s+(\w+)/g;
+          let match;
+          while ((match = interfacePattern.exec(content)) !== null) {
+            const line = content.substring(0, match.index).split("\n").length;
+            contracts.push({
+              name: match[1],
+              type: "interface",
+              file: relativePath,
+              line,
+              source: "typescript"
+            });
+          }
+          const typePattern = /export\s+type\s+(\w+)\s*=/g;
+          while ((match = typePattern.exec(content)) !== null) {
+            const line = content.substring(0, match.index).split("\n").length;
+            contracts.push({
+              name: match[1],
+              type: "type",
+              file: relativePath,
+              line,
+              source: "typescript"
+            });
+          }
+          const zodPattern = /(?:export\s+)?(?:const|let)\s+(\w+Schema|\w+Validator)\s*=\s*z\./g;
+          while ((match = zodPattern.exec(content)) !== null) {
+            const line = content.substring(0, match.index).split("\n").length;
+            contracts.push({
+              name: match[1],
+              type: "schema",
+              file: relativePath,
+              line,
+              source: "zod"
+            });
+          }
+          const enumPattern = /export\s+(?:const\s+)?enum\s+(\w+)/g;
+          while ((match = enumPattern.exec(content)) !== null) {
+            const line = content.substring(0, match.index).split("\n").length;
+            contracts.push({
+              name: match[1],
+              type: "enum",
+              file: relativePath,
+              line,
+              source: "typescript"
+            });
+          }
+        }
+        return contracts;
+      }
+      async computeHash(data) {
+        const str = JSON.stringify(data);
+        let hash = 0;
+        for (let i = 0; i < str.length; i++) {
+          const char = str.charCodeAt(i);
+          hash = (hash << 5) - hash + char;
+          hash = hash & hash;
+        }
+        return Math.abs(hash).toString(16).padStart(16, "0");
+      }
+    };
     SIGNAL_WEIGHTS = {
       fileCount: 0.15,
       gitHistory: 0.15,
@@ -82530,6 +83163,12 @@ ${content}`;
       "coverage"
     ];
     SOURCE_EXTENSIONS3 = [".ts", ".tsx", ".js", ".jsx"];
+    DEFAULT_TRUTHPACK_SCANNER = {
+      routes: { enabled: true, frameworks: ["express", "nextjs", "fastify", "hono"], patterns: ["**/*.ts", "**/*.js"] },
+      env: { enabled: true, files: [".env", ".env.local", ".env.example", ".env.development"] },
+      auth: { enabled: true, patterns: ["**/*.ts", "**/*.js"] },
+      contracts: { enabled: true, sources: ["typescript", "zod", "openapi"] }
+    };
     generateId = () => randomUUID().slice(0, 12);
     DEFAULT_SOURCE_PATTERNS = [
       // User Input
@@ -83013,7 +83652,7 @@ ${content}`;
        * Find all files to analyze
        */
       async findFiles() {
-        const files = await fg(this.options.include, {
+        const files = await fg2(this.options.include, {
           cwd: this.options.rootDir,
           ignore: this.options.exclude,
           absolute: true,
@@ -83424,10 +84063,10 @@ ${content}`;
       /**
        * Check if a path matches a glob pattern
        */
-      matchesPattern(path342, pattern) {
+      matchesPattern(path352, pattern) {
         const regexPattern = pattern.replace(/\*\*/g, "<<<GLOBSTAR>>>").replace(/\*/g, "[^/]*").replace(/<<<GLOBSTAR>>>/g, ".*");
         const regex = new RegExp(`^${regexPattern}$`);
-        return regex.test(path342);
+        return regex.test(path352);
       }
       /**
        * Check if a selector might match a denied selector pattern
@@ -84185,7 +84824,7 @@ __export(utils_exports, {
   throttle: () => throttle,
   unregisterTempFile: () => unregisterTempFile,
   validateOrThrow: () => validateOrThrow,
-  withRetry: () => withRetry,
+  withRetry: () => withRetry2,
   withTimeout: () => withTimeout2,
   wrapError: () => wrapError2
 });
@@ -84684,7 +85323,7 @@ var symbols = {
 };
 var colors = getCachedColors();
 var BRAND_COLORS = ["#00d4ff", "#7b2dff", "#ff00aa"];
-var brandGradient = gradient(BRAND_COLORS);
+gradient(BRAND_COLORS);
 ({
   brand: gradient(BRAND_COLORS),
   success: gradient(["#00ff87", "#60efff"]),
@@ -84694,48 +85333,6 @@ var brandGradient = gradient(BRAND_COLORS);
   cool: gradient(["#00c6ff", "#0072ff"]),
   warm: gradient(["#ff9a9e", "#fecfef"])
 });
-function printBanner(options) {
-  const env2 = getEnvironment();
-  const showTagline = true;
-  const compact = false;
-  if (!env2.isInteractive || env2.terminal.width < 60) {
-    console.log("");
-    console.log("VibeCheck");
-    {
-      console.log(chalk9.dim("Hallucination prevention for AI-assisted development"));
-    }
-    console.log("");
-    return;
-  }
-  try {
-    const font = compact ? "Small" : "Standard";
-    const banner = figlet.textSync("VibeCheck", {
-      font,
-      horizontalLayout: "default"
-    });
-    console.log("");
-    if (shouldUseColors()) {
-      console.log(brandGradient.multiline(banner));
-    } else {
-      console.log(banner);
-    }
-    if (showTagline) {
-      console.log(chalk9.dim("  Hallucination prevention for AI-assisted development"));
-    }
-    console.log("");
-  } catch {
-    console.log("");
-    if (shouldUseColors()) {
-      console.log(brandGradient("VibeCheck"));
-    } else {
-      console.log("VibeCheck");
-    }
-    {
-      console.log(chalk9.dim("Hallucination prevention for AI-assisted development"));
-    }
-    console.log("");
-  }
-}
 function formatKeyValue(key, value) {
   const c = getCachedColors();
   let formattedValue;
@@ -84806,7 +85403,7 @@ async function runInitWizard() {
       configContent: generateConfigTemplate("standard")
     };
   }
-  p4.intro(chalk9.cyan("vibecheck init"));
+  p4.intro(chalk9.cyan("vibecheck link"));
   const template = await p4.select({
     message: "Choose a configuration template:",
     options: [
@@ -85072,7 +85669,7 @@ async function configureOutput(currentConfig) {
 }
 
 // src/lib/version.ts
-var CLI_VERSION = "1.2.2" ;
+var CLI_VERSION = "1.2.3" ;
 var CLI_NAME = "vibecheck-ai" ;
 
 // src/ui/command-header.tsx
@@ -85158,6 +85755,14 @@ var COMMAND_ASCII = {
     "\u2588\u2588\u2551\u2588\u2588\u2551 \u255A\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2551   \u2588\u2588\u2551   ",
     "\u255A\u2550\u255D\u255A\u2550\u255D  \u255A\u2550\u2550\u2550\u255D\u255A\u2550\u255D   \u255A\u2550\u255D   "
   ],
+  LINK: [
+    "\u2588\u2588\u2557     \u2588\u2588\u2557\u2588\u2588\u2557\u2588\u2588\u2588\u2557   \u2588\u2588\u2557\u2588\u2588\u2557  \u2588\u2588\u2557",
+    "\u2588\u2588\u2551     \u2588\u2588\u2551\u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2557  \u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2554\u255D",
+    "\u2588\u2588\u2551     \u2588\u2588\u2551\u2588\u2588\u2551\u2588\u2588\u2554\u2588\u2588\u2557 \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2554\u255D ",
+    "\u2588\u2588\u2551     \u2588\u2588\u2551\u2588\u2588\u2551\u2588\u2588\u2551\u255A\u2588\u2588\u2557\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2588\u2588\u2557 ",
+    "\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2551\u2588\u2588\u2551\u2588\u2588\u2551 \u255A\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2551  \u2588\u2588\u2557",
+    "\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D\u255A\u2550\u255D\u255A\u2550\u255D\u255A\u2550\u255D  \u255A\u2550\u2550\u2550\u255D\u255A\u2550\u255D  \u255A\u2550\u255D"
+  ],
   WATCH: [
     "\u2588\u2588\u2557    \u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2557  \u2588\u2588\u2557",
     "\u2588\u2588\u2551    \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u255A\u2550\u2550\u2588\u2588\u2554\u2550\u2550\u255D\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D\u2588\u2588\u2551  \u2588\u2588\u2551",
@@ -85507,8 +86112,26 @@ var LOGO = `
 `;
 var COMMANDS = [
   // ═══════════════════════════════════════════════════════════════════════════════
-  // THE FLOW: quickstart → certify → status → ship
+  // SETUP: link, quickstart → certify → status → ship
   // ═══════════════════════════════════════════════════════════════════════════════
+  {
+    name: "link",
+    description: "Bind project to VibeCheck (instant setup, auto-detects stack). Aliases: init, setup, configure",
+    usage: "vibecheck link [options]",
+    icon: "\u{1F517}",
+    category: "core",
+    options: [
+      { flag: "-f, --force", description: "Overwrite existing configuration" },
+      { flag: "-m, --minimal", description: "Config only, skip scan" },
+      { flag: "--forge", description: "Generate AI context rules" },
+      { flag: "--connect", description: "Connect to CI/CD pipeline" }
+    ],
+    examples: [
+      "vibecheck link",
+      "vibecheck link --force",
+      "vibecheck link --json"
+    ]
+  },
   {
     name: "quickstart",
     description: "First-time setup: truthpack + forge rules + guardrails",
@@ -85623,8 +86246,26 @@ var COMMANDS = [
     ]
   },
   // ═══════════════════════════════════════════════════════════════════════════════
-  // TOOLS: Fix, Forge, Scan, Trace
+  // TOOLS: Audit, Fix, Forge, Scan, Trace
   // ═══════════════════════════════════════════════════════════════════════════════
+  {
+    name: "audit",
+    description: "Find code that looks done but doesn't work (validate + drift). Aliases: check, validate",
+    usage: "vibecheck audit [files...] [options]",
+    icon: "\u{1F50D}",
+    category: "tools",
+    options: [
+      { flag: "-m, --mode <mode>", description: "full (validate + drift), validate, or drift", default: "full" },
+      { flag: "-s, --strict", description: "Enable strict validation/checking" },
+      { flag: "--fix", description: "Attempt to fix issues (validate mode)" },
+      { flag: "--fail-fast", description: "Stop on first error (drift mode)" }
+    ],
+    examples: [
+      "vibecheck audit",
+      "vibecheck audit --mode drift",
+      "vibecheck audit src/ --strict"
+    ]
+  },
   {
     name: "fix",
     description: "Auto-fix simple issues (complex \u2192 use vibecheck ship --missions)",
@@ -85733,6 +86374,21 @@ var COMMANDS = [
       "vibecheck doctor"
     ]
   },
+  {
+    name: "watch",
+    description: "Watch for changes and re-run validation",
+    usage: "vibecheck watch [options]",
+    icon: "\u{1F441}\uFE0F",
+    category: "config",
+    options: [
+      { flag: "-d, --debounce <ms>", description: "Debounce delay in ms" },
+      { flag: "--once", description: "Run once and exit" }
+    ],
+    examples: [
+      "vibecheck watch",
+      "vibecheck watch --once"
+    ]
+  },
   // ═══════════════════════════════════════════════════════════════════════════════
   // REPORTS & BADGES
   // ═══════════════════════════════════════════════════════════════════════════════
@@ -85768,6 +86424,17 @@ var COMMANDS = [
       "vibecheck badge --project-id abc123",
       "vibecheck badge --style for-the-badge"
     ]
+  },
+  {
+    name: "menu",
+    description: "Open interactive menu to run any command",
+    usage: "vibecheck menu",
+    icon: "\u{1F4CB}",
+    category: "config",
+    options: [],
+    examples: [
+      "vibecheck menu"
+    ]
   }
 ];
 var GLOBAL_OPTIONS = [
@@ -85848,16 +86515,16 @@ function renderHelp() {
   console.log("");
   console.log(chalk9.white.bold("  QUICK START"));
   console.log("");
-  console.log("    " + chalk9.dim("# 1. First-time setup (generates truthpack + AI rules)"));
+  console.log("    " + chalk9.dim("# 1. Bind project (instant setup)"));
+  console.log("    " + chalk9.green("$ vibecheck link"));
+  console.log("");
+  console.log("    " + chalk9.dim("# 2. First-time setup (truthpack + AI rules)"));
   console.log("    " + chalk9.green("$ vibecheck quickstart"));
   console.log("");
-  console.log("    " + chalk9.dim("# 2. Certify your app (Reality + Chaos \u2192 Ship Score)"));
+  console.log("    " + chalk9.dim("# 3. Certify (Reality + Chaos \u2192 Badge)"));
   console.log("    " + chalk9.green("$ vibecheck certify"));
   console.log("");
-  console.log("    " + chalk9.dim("# 3. View proof replay"));
-  console.log("    " + chalk9.green("$ vibecheck reality replay last --web"));
-  console.log("");
-  console.log("    " + chalk9.dim("# 4. Check what's active"));
+  console.log("    " + chalk9.dim("# 4. Check status"));
   console.log("    " + chalk9.green("$ vibecheck status"));
   console.log("");
   console.log(chalk9.dim("  " + "\u2500".repeat(68)));
@@ -85868,55 +86535,118 @@ function renderHelp() {
   console.log("  " + chalk9.dim("Docs:") + " " + chalk9.cyan.underline("https://vibecheck.dev/docs"));
   console.log("");
 }
-function renderCommandHelp(commandName) {
+function getMainHelpText() {
+  const lines = [];
+  lines.push("");
+  lines.push(vibeGradient(LOGO));
+  lines.push("");
+  lines.push(chalk9.dim("  " + "\u2500".repeat(68)));
+  lines.push(chalk9.white.bold("  \u{1F6E1}\uFE0F  Stop AI hallucinations. Ship with confidence."));
+  lines.push(chalk9.dim("  " + "\u2500".repeat(68)));
+  lines.push("");
+  lines.push(chalk9.white.bold("  USAGE"));
+  lines.push("");
+  lines.push("    " + chalk9.cyan("vibecheck") + chalk9.dim(" <command>") + chalk9.yellow(" [options]"));
+  lines.push("");
+  const coreCommands = COMMANDS.filter((c) => c.category === "core");
+  lines.push(chalk9.white.bold("  THE FLOW"));
+  lines.push("");
+  for (const cmd of coreCommands) {
+    lines.push("    " + cmd.icon + " " + chalk9.cyan.bold(cmd.name.padEnd(12)) + chalk9.dim(cmd.description));
+  }
+  lines.push("");
+  lines.push(chalk9.dim("    link \u2192 quickstart \u2192 certify \u2192 status \u2192 ship (repeat)"));
+  lines.push("");
+  const verifyCommands = COMMANDS.filter((c) => c.category === "verify");
+  lines.push(chalk9.white.bold("  VERIFICATION"));
+  lines.push("");
+  for (const cmd of verifyCommands) {
+    lines.push("    " + cmd.icon + " " + chalk9.cyan.bold(cmd.name.padEnd(12)) + chalk9.dim(cmd.description));
+  }
+  lines.push("");
+  const toolCommands = COMMANDS.filter((c) => c.category === "tools");
+  lines.push(chalk9.white.bold("  TOOLS"));
+  lines.push("");
+  for (const cmd of toolCommands) {
+    lines.push("    " + cmd.icon + " " + chalk9.cyan.bold(cmd.name.padEnd(12)) + chalk9.dim(cmd.description));
+  }
+  lines.push("");
+  const configCommands = COMMANDS.filter((c) => c.category === "config");
+  lines.push(chalk9.white.bold("  CONFIG"));
+  lines.push("");
+  for (const cmd of configCommands) {
+    lines.push("    " + cmd.icon + " " + chalk9.cyan.bold(cmd.name.padEnd(12)) + chalk9.dim(cmd.description));
+  }
+  lines.push("");
+  const advancedCommands = COMMANDS.filter((c) => c.category === "advanced");
+  lines.push(chalk9.white.bold("  ADVANCED"));
+  lines.push("");
+  for (const cmd of advancedCommands) {
+    lines.push("    " + cmd.icon + " " + chalk9.cyan.bold(cmd.name.padEnd(12)) + chalk9.dim(cmd.description));
+  }
+  lines.push("");
+  lines.push(chalk9.white.bold("  OPTIONS"));
+  lines.push("");
+  for (const opt of GLOBAL_OPTIONS) {
+    lines.push("    " + chalk9.yellow(opt.flag.padEnd(24)) + chalk9.dim(opt.description));
+  }
+  lines.push("");
+  lines.push(chalk9.white.bold("  QUICK START"));
+  lines.push("");
+  lines.push("    " + chalk9.dim("# 1. Bind project") + "  " + chalk9.green("$ vibecheck link"));
+  lines.push("    " + chalk9.dim("# 2. First-time setup") + "  " + chalk9.green("$ vibecheck quickstart"));
+  lines.push("    " + chalk9.dim("# 3. Certify") + "  " + chalk9.green("$ vibecheck certify"));
+  lines.push("    " + chalk9.dim("# 4. Status") + "  " + chalk9.green("$ vibecheck status"));
+  lines.push("");
+  lines.push(chalk9.dim("  Run") + " vibecheck " + chalk9.cyan("<command>") + " --help " + chalk9.dim("for command help"));
+  lines.push(chalk9.dim("  Run") + " vibecheck " + chalk9.magenta("menu") + " " + chalk9.dim("for interactive mode"));
+  lines.push("");
+  return lines.join("\n");
+}
+function getCommandHelpText(commandName) {
   const cmd = COMMANDS.find((c) => c.name === commandName);
   if (!cmd) {
-    console.log(chalk9.red(`
-  Unknown command: ${commandName}
-`));
-    console.log(chalk9.dim(`  Run ${chalk9.cyan("vibecheck --help")} for available commands.
-`));
-    return;
+    return chalk9.red("\n  Unknown command: " + commandName + "\n") + chalk9.dim("  Run vibecheck --help for available commands.\n");
   }
-  console.log("");
-  console.log(vibeGradient(LOGO));
-  console.log(chalk9.dim("  " + "\u2500".repeat(68)));
-  console.log("  " + cmd.icon + " " + chalk9.white.bold(cmd.name.toUpperCase()) + " " + chalk9.dim("\u2500") + " " + cmd.description);
-  console.log(chalk9.dim("  " + "\u2500".repeat(68)));
-  console.log("");
-  console.log(chalk9.white.bold("  USAGE"));
-  console.log("");
-  console.log("    " + chalk9.green("$") + " " + cmd.usage);
-  console.log("");
+  const lines = [];
+  lines.push("");
+  lines.push(vibeGradient(LOGO));
+  lines.push(chalk9.dim("  " + "\u2500".repeat(68)));
+  lines.push("  " + cmd.icon + " " + chalk9.white.bold(cmd.name.toUpperCase()) + " " + chalk9.dim("\u2500") + " " + cmd.description);
+  lines.push(chalk9.dim("  " + "\u2500".repeat(68)));
+  lines.push("");
+  lines.push(chalk9.white.bold("  USAGE"));
+  lines.push("");
+  lines.push("    " + chalk9.green("$") + " " + cmd.usage);
+  lines.push("");
   if (cmd.options.length > 0) {
-    console.log(chalk9.white.bold("  OPTIONS"));
-    console.log("");
+    lines.push(chalk9.white.bold("  OPTIONS"));
+    lines.push("");
     for (const opt of cmd.options) {
-      console.log(
-        "    " + chalk9.yellow(opt.flag.padEnd(28)) + chalk9.dim(opt.description) + (opt.default ? chalk9.cyan(` [default: ${opt.default}]`) : "")
-      );
+      lines.push("    " + chalk9.yellow(opt.flag.padEnd(28)) + chalk9.dim(opt.description) + (opt.default ? chalk9.cyan(` [default: ${opt.default}]`) : ""));
     }
-    console.log("");
+    lines.push("");
   }
-  console.log(chalk9.white.bold("  GLOBAL OPTIONS"));
-  console.log("");
-  console.log("    " + chalk9.dim("Also accepts: --verbose, --quiet, --json, --config <path>"));
-  console.log("");
+  lines.push(chalk9.white.bold("  GLOBAL OPTIONS"));
+  lines.push("");
+  lines.push("    " + chalk9.dim("Also accepts: --verbose, --quiet, --json, --config <path>"));
+  lines.push("");
   if (cmd.examples.length > 0) {
-    console.log(chalk9.white.bold("  EXAMPLES"));
-    console.log("");
-    for (const example of cmd.examples) {
-      console.log("    " + chalk9.green("$") + " " + example);
+    lines.push(chalk9.white.bold("  EXAMPLES"));
+    lines.push("");
+    for (const ex of cmd.examples) {
+      lines.push("    " + chalk9.green("$") + " " + ex);
     }
-    console.log("");
+    lines.push("");
   }
-  console.log(chalk9.white.bold("  SEE ALSO"));
-  console.log("");
+  lines.push(chalk9.white.bold("  SEE ALSO"));
+  lines.push("");
   const related = COMMANDS.filter((c) => c.name !== cmd.name).slice(0, 3);
   for (const r of related) {
-    console.log("    " + r.icon + " " + chalk9.cyan(r.name) + " - " + chalk9.dim(r.description));
+    lines.push("    " + r.icon + " " + chalk9.cyan(r.name) + " - " + chalk9.dim(r.description));
   }
-  console.log("");
+  lines.push("");
+  return lines.join("\n");
 }
 ({
   loaded: chalk9.green,
@@ -86031,8 +86761,14 @@ var MENU_LOGO = `
 `;
 var MAIN_MENU_ITEMS = [
   // ═══════════════════════════════════════════════════════════════════════════════
-  // THE FLOW: quickstart → certify → status → ship
+  // SETUP: link → quickstart → certify → status → ship
   // ═══════════════════════════════════════════════════════════════════════════════
+  {
+    value: "link",
+    label: "Link Project",
+    hint: "Bind project to VibeCheck (instant setup)",
+    icon: "\u{1F517}"
+  },
   {
     value: "quickstart",
     label: "Quickstart",
@@ -86111,6 +86847,12 @@ var MAIN_MENU_ITEMS = [
     hint: "Regenerate truthpack from codebase",
     icon: "\u{1F50D}"
   },
+  {
+    value: "audit",
+    label: "Audit",
+    hint: "Validate + drift detection (find wrongness)",
+    icon: "\u{1F50E}"
+  },
   {
     value: "divider3",
     label: "\u2500".repeat(40),
@@ -86168,6 +86910,12 @@ var MAIN_MENU_ITEMS = [
   // ═══════════════════════════════════════════════════════════════════════════════
   // HELP & EXIT
   // ═══════════════════════════════════════════════════════════════════════════════
+  {
+    value: "login",
+    label: "Login / Account",
+    hint: "Sign in to VibeCheck Cloud",
+    icon: "\u{1F510}"
+  },
   {
     value: "help",
     label: "Help",
@@ -86933,6 +87681,7 @@ function wrapText(text4, maxWidth) {
   if (currentLine) lines.push(currentLine);
   return lines;
 }
+init_dist();
 ({
   /** Score thresholds for coloring */
   thresholds: [
@@ -87390,6 +88139,25 @@ async function generateReport(data, options = {}) {
 
 // src/lib/index.ts
 init_errors();
+var SILENCE_ENV = "VIBECHECK_SILENCE_DEPRECATIONS";
+function isDeprecationSilenced() {
+  return process.env[SILENCE_ENV] === "1" || process.env[SILENCE_ENV] === "true";
+}
+function printDeprecation(options) {
+  if (isDeprecationSilenced()) return;
+  const { command, replacement, reason = "Renamed for clarity", removeIn = "v5.0.0" } = options;
+  console.error("");
+  console.error(chalk9.yellow.bold("\u26A0 Deprecation Warning"));
+  console.error(chalk9.dim("\u2501".repeat(60)));
+  console.error(`  ${chalk9.dim("Command:")}     ${chalk9.yellow(`vibecheck ${command}`)}`);
+  console.error(`  ${chalk9.dim("Replacement:")} ${chalk9.cyan(`vibecheck ${replacement}`)}`);
+  console.error(`  ${chalk9.dim("Reason:")}      ${reason}`);
+  console.error(`  ${chalk9.dim("Remove in:")}   ${removeIn}`);
+  console.error("");
+  console.error(`  ${chalk9.dim(`Silence with: ${SILENCE_ENV}=1`)}`);
+  console.error(chalk9.dim("\u2501".repeat(60)));
+  console.error("");
+}
 init_errors();
 var LOG_LEVEL_MAP = {
   silent: -1,
@@ -87757,7 +88525,8 @@ async function runForgeInternal(options) {
       incremental: true,
       generateContract: hasFeatureAccess(userTier, FEATURE_KEYS.FORGE_EXTENDED),
       verbose: verbose ?? false,
-      platforms: ["cursor", "windsurf"]
+      platforms: []
+      // Auto-detect: only generate for the IDE in use
     };
     const output = await forge(projectPath, config);
     if (!quiet && !json) {
@@ -87959,7 +88728,7 @@ function generateGitHubActionsWorkflow(options) {
     bun: "bunx"
   }[pm];
   let workflow = `# VibeCheck CI/CD Integration
-# Auto-generated by vibecheck init --connect
+# Auto-generated by vibecheck link --connect
 # Learn more: https://vibecheck.dev/docs/ci-cd
 
 name: VibeCheck
@@ -88008,7 +88777,7 @@ jobs:
   if (options.includeCheck !== false) {
     workflow += `
       - name: Run VibeCheck
-        run: ${runCmd} vibecheck check${failFlag}
+        run: ${runCmd} vibecheck audit${failFlag}
         env:
           VIBECHECK_CI: true
 
@@ -88049,7 +88818,7 @@ function generateGitLabCI(options) {
     bun: "bunx"
   }[pm];
   let config = `# VibeCheck GitLab CI Integration
-# Auto-generated by vibecheck init --connect
+# Auto-generated by vibecheck link --connect
 
 image: node:${nodeVersion}
 
@@ -88076,7 +88845,7 @@ vibecheck:
 `;
   }
   if (options.includeCheck !== false) {
-    config += `    - ${runCmd} vibecheck check${failFlag}
+    config += `    - ${runCmd} vibecheck audit${failFlag}
 `;
   }
   config += `  artifacts:
@@ -88112,7 +88881,7 @@ function generateCircleCI(options) {
     bun: "bunx"
   }[pm];
   let config = `# VibeCheck CircleCI Integration
-# Auto-generated by vibecheck init --connect
+# Auto-generated by vibecheck link --connect
 
 version: 2.1
 
@@ -88142,7 +88911,7 @@ jobs:
   if (options.includeCheck !== false) {
     config += `      - run:
           name: Run VibeCheck
-          command: ${runCmd} vibecheck check${failFlag}
+          command: ${runCmd} vibecheck audit${failFlag}
 `;
   }
   config += `      - store_artifacts:
@@ -88206,7 +88975,7 @@ function generateAzurePipelines(options) {
     bun: "bunx"
   }[pm];
   let config = `# VibeCheck Azure Pipelines Integration
-# Auto-generated by vibecheck init --connect
+# Auto-generated by vibecheck link --connect
 
 trigger:
   branches:
@@ -88245,7 +89014,7 @@ stages:
   }
   if (options.includeCheck !== false) {
     config += `
-          - script: ${runCmd} vibecheck check${failFlag}
+          - script: ${runCmd} vibecheck audit${failFlag}
             displayName: 'Run VibeCheck'
 
           - task: PublishBuildArtifacts@1
@@ -88291,7 +89060,7 @@ function generateVercelConfig(options) {
   }[pm];
   return `{
   "$schema": "https://openapi.vercel.sh/vercel.json",
-  "buildCommand": "${runCmd} vibecheck check && ${pm === "npm" ? "npm run" : pm} build",
+  "buildCommand": "${runCmd} vibecheck audit && ${pm === "npm" ? "npm run" : pm} build",
   "installCommand": "${pm} install && npm install -g vibecheck-ai",
   "framework": null,
   "env": {
@@ -88309,10 +89078,10 @@ function generateNetlifyConfig(options) {
     bun: "bunx"
   }[pm];
   return `# VibeCheck Netlify Integration
-# Auto-generated by vibecheck init --connect
+# Auto-generated by vibecheck link --connect
 
 [build]
-  command = "npm install -g vibecheck-ai && ${runCmd} vibecheck check && ${pm === "npm" ? "npm run" : pm} build"
+  command = "npm install -g vibecheck-ai && ${runCmd} vibecheck audit && ${pm === "npm" ? "npm run" : pm} build"
 
 [build.environment]
   VIBECHECK_CI = "true"
@@ -88320,7 +89089,7 @@ function generateNetlifyConfig(options) {
 
 # Run VibeCheck on deploy previews
 [context.deploy-preview]
-  command = "npm install -g vibecheck-ai && ${runCmd} vibecheck check && ${pm === "npm" ? "npm run" : pm} build"
+  command = "npm install -g vibecheck-ai && ${runCmd} vibecheck audit && ${pm === "npm" ? "npm run" : pm} build"
 
 # Run ship gate on production
 [context.production]
@@ -88451,7 +89220,7 @@ async function integrateWithCI(options) {
         if (detection.existing) {
           result.errors?.push("Netlify config exists. Please add VibeCheck manually.");
           result.instructions.push(
-            "Add to your build command: vibecheck check &&",
+            "Add to your build command: vibecheck audit &&",
             "See: https://vibecheck.dev/docs/ci-cd/netlify"
           );
         } else {
@@ -88472,7 +89241,7 @@ async function integrateWithCI(options) {
         result.instructions.push(
           "You can manually integrate VibeCheck by adding these commands to your CI:",
           "  npm install -g vibecheck-ai",
-          "  vibecheck check",
+          "  vibecheck audit",
           "See: https://vibecheck.dev/docs/ci-cd"
         );
     }
@@ -88484,6 +89253,7 @@ async function integrateWithCI(options) {
 }
 
 // src/lib/reality-uploader.ts
+init_src();
 init_dist3();
 init_credentials();
 async function uploadVideoArtifacts(artifactsDir, projectId, checkId) {
@@ -88560,7 +89330,9 @@ async function uploadRealityCheckResults(result, options) {
   const checkId = `rc_${Date.now()}_${Math.random().toString(36).substring(2, 8)}`;
   let videoUpload = null;
   if (result.artifactsDir) {
-    videoUpload = await uploadVideoArtifacts(result.artifactsDir, projectId, checkId);
+    videoUpload = await withUploadLimit(
+      () => uploadVideoArtifacts(result.artifactsDir, projectId, checkId)
+    );
   }
   const payload = {
     projectId,
@@ -88592,7 +89364,9 @@ async function uploadRealityCheckResults(result, options) {
     startedAt: result.summary.startedAt,
     completedAt: result.summary.completedAt
   };
-  const record = await createRealityCheckRecord(apiUrl, authToken, payload);
+  const record = await withApiCallLimit(
+    () => createRealityCheckRecord(apiUrl, authToken, payload)
+  );
   if (!record) {
     return null;
   }
@@ -88760,6 +89534,7 @@ function formatQuotaMessage(status) {
 // src/lib/proof-run-client.ts
 init_credentials();
 var execAsync3 = promisify(exec);
+var API_TIMEOUT_MS = 3e4;
 var DEFAULT_API_URL3 = "https://api.vibecheckai.dev";
 async function createProofRun(input) {
   const { credentials, error } = await getCredentialsAndUrl2();
@@ -88795,38 +89570,46 @@ async function createProofRun(input) {
       body.actionsRunId = input.github.actionsRunId;
       body.actionsRunUrl = input.github.actionsRunUrl;
     }
-    const response = await fetch(`${credentials.apiUrl}/api/v1/proof-runs`, {
-      method: "POST",
-      headers,
-      body: JSON.stringify(body)
-    });
-    const data = await response.json();
-    if (!response.ok) {
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), API_TIMEOUT_MS);
+    try {
+      const response = await fetch(`${credentials.apiUrl}/api/v1/proof-runs`, {
+        method: "POST",
+        headers,
+        body: JSON.stringify(body),
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      const data = await response.json();
+      if (!response.ok) {
+        return {
+          success: false,
+          error: data.error ?? {
+            code: "API_ERROR",
+            message: data.message ?? "Failed to create proof run"
+          }
+        };
+      }
+      const proofRunId = data.proofRun?.id;
+      const dashboardUrl = proofRunId ? `${credentials.apiUrl.replace("api.", "app.")}/proof-runs/${proofRunId}` : void 0;
       return {
-        success: false,
-        error: data.error ?? {
-          code: "API_ERROR",
-          message: data.message ?? "Failed to create proof run"
+        success: true,
+        data: {
+          id: proofRunId ?? "",
+          projectId: input.projectId,
+          status: input.status ?? "completed",
+          verdict: input.verdict,
+          scores: input.scoreOverall ? {
+            overall: input.scoreOverall,
+            previousScore: input.scorePrevious,
+            delta: input.scoreDelta
+          } : void 0,
+          dashboardUrl
         }
       };
+    } finally {
+      clearTimeout(timeoutId);
     }
-    const proofRunId = data.proofRun?.id;
-    const dashboardUrl = proofRunId ? `${credentials.apiUrl.replace("api.", "app.")}/proof-runs/${proofRunId}` : void 0;
-    return {
-      success: true,
-      data: {
-        id: proofRunId ?? "",
-        projectId: input.projectId,
-        status: input.status ?? "completed",
-        verdict: input.verdict,
-        scores: input.scoreOverall ? {
-          overall: input.scoreOverall,
-          previousScore: input.scorePrevious,
-          delta: input.scoreDelta
-        } : void 0,
-        dashboardUrl
-      }
-    };
   } catch (err) {
     return {
       success: false,
@@ -89505,15 +90288,18 @@ async function scanCommand(options) {
       if (!isAuthenticated() && !options.quiet) {
         logger2.newline();
         console.log(colors.primary("\u2501".repeat(50)));
-        console.log(`${symbols.raw.star} ${chalk9.bold("Pro Features Available")}`);
+        console.log(`${symbols.raw.star} ${chalk9.bold("Pro Commands & Features")}`);
         console.log(colors.primary("\u2501".repeat(50)));
         console.log("");
-        console.log(colors.muted("With Pro, this scan would also:"));
-        console.log(`  ${colors.success("+")} Sync to cloud dashboard`);
-        console.log(`  ${colors.success("+")} Track scan history (90 days)`);
-        console.log(`  ${colors.success("+")} Generate verified Ship Badges`);
-        console.log(`  ${colors.success("+")} Auto-fix issues with AI`);
-        console.log(`  ${colors.success("+")} Post results to GitHub PRs`);
+        console.log(colors.muted("Upgrade to Pro to unlock:"));
+        console.log(`  ${colors.success("vibecheck certify")}   ${chalk9.dim("Full proof: ISL + Reality + Chaos \u2192 Badge")}`);
+        console.log(`  ${colors.success("vibecheck ship --reality")}  ${chalk9.dim("Pre-deploy gate with browser verification")}`);
+        console.log(`  ${colors.success("vibecheck ship --chaos")}   ${chalk9.dim("AI Chaos Agent (autonomous bug hunting)")}`);
+        console.log(`  ${colors.success("vibecheck fix")}   ${chalk9.dim("Mission-based auto-fix with safety gates")}`);
+        console.log(`  ${colors.success("vibecheck report")}  ${chalk9.dim("Executive summary, compliance, PDF reports")}`);
+        console.log(`  ${colors.success("MCP server")}   ${chalk9.dim("AI IDE integration (Cursor, etc.)")}`);
+        console.log("");
+        console.log(colors.muted("Cloud:") + " Sync dashboard, 90-day history, verified badges, GitHub PR comments");
         console.log("");
         console.log(`${colors.muted("Start free trial:")} ${colors.info("vibecheck.dev/pro")}`);
         console.log("");
@@ -89607,7 +90393,7 @@ async function scanCommand(options) {
 init_validation();
 init_scoring();
 init_dist();
-var { glob: glob8 } = fg;
+var { glob: glob8 } = fg2;
 async function validateCommand(files, options) {
   const logger2 = createLogger({
     level: options.verbose ? "verbose" : options.quiet ? "quiet" : "normal",
@@ -89860,7 +90646,7 @@ async function validateCommand(files, options) {
 init_validation();
 init_scoring();
 init_dist();
-var { glob: glob9 } = fg;
+var { glob: glob9 } = fg2;
 async function checkCommand(options) {
   const logger2 = createLogger({
     level: options.verbose ? "verbose" : options.quiet ? "quiet" : "normal",
@@ -90166,6 +90952,39 @@ async function checkCommand(options) {
     process.exit(1);
   }
 }
+
+// src/commands/audit.ts
+async function auditCommand(files, options) {
+  createLogger({
+    level: options.verbose ? "verbose" : options.quiet ? "quiet" : "normal",
+    json: options.json
+  });
+  const mode = options.mode ?? "full";
+  if (env.isInteractive && !options.json && !options.quiet) {
+    safeRenderHeader({
+      command: "audit",
+      target: process.cwd(),
+      elapsedTime: 0
+    });
+  }
+  if (mode === "full" || mode === "validate") {
+    await validateCommand(files, {
+      ...options,
+      strict: options.strict,
+      fix: options.fix,
+      maxErrors: options.maxErrors,
+      timeout: options.timeout
+    });
+  }
+  if (mode === "full" || mode === "drift") {
+    await checkCommand({
+      ...options,
+      strict: options.strict,
+      failFast: options.failFast,
+      timeout: options.timeout
+    });
+  }
+}
 var VERDICT_COLORS3 = {
   SHIP: chalk9.green,
   WARN: chalk9.yellow,
@@ -90706,7 +91525,7 @@ async function initCommand(options) {
     }
     if (env.isInteractive && !options.json) {
       safeRenderHeader({
-        command: "init",
+        command: "link",
         version: CLI_VERSION,
         target: process.cwd(),
         elapsedTime: 0
@@ -90904,13 +91723,13 @@ async function initCommand(options) {
     }
     if (env.isInteractive && !options.json) {
       safeRenderHeader({
-        command: "init",
+        command: "link",
         version: CLI_VERSION,
         target: process.cwd(),
         elapsedTime: duration,
         vitals: [
           {
-            label: "INITIALIZATION",
+            label: "LINK",
             status: "optimal",
             value: "Complete",
             percentage: 100
@@ -90989,12 +91808,12 @@ async function initCommand(options) {
       logger2.newline();
       console.log(chalk9.dim("Next steps:"));
       console.log(`  ${symbols.arrow} Run ${chalk9.cyan("vibecheck scan")} to generate your truthpack`);
-      console.log(`  ${symbols.arrow} Run ${chalk9.cyan("vibecheck check")} to validate your codebase`);
+      console.log(`  ${symbols.arrow} Run ${chalk9.cyan("vibecheck audit")} to validate your codebase`);
       if (!options.forge) {
-        console.log(`  ${symbols.arrow} Run ${chalk9.cyan("vibecheck init --forge")} to generate AI context rules`);
+        console.log(`  ${symbols.arrow} Run ${chalk9.cyan("vibecheck link --forge")} to generate AI context rules`);
       }
       if (!options.connect) {
-        console.log(`  ${symbols.arrow} Run ${chalk9.cyan("vibecheck init --connect")} to integrate with CI/CD`);
+        console.log(`  ${symbols.arrow} Run ${chalk9.cyan("vibecheck link --connect")} to integrate with CI/CD`);
       }
       console.log(`  ${symbols.arrow} Edit ${chalk9.cyan(CONFIG_FILENAME)} to customize settings`);
       if (ciResult?.success && ciResult.instructions.length > 0) {
@@ -91048,6 +91867,13 @@ async function configCommand(options) {
     level: options.verbose ? "verbose" : options.quiet ? "quiet" : "normal",
     json: options.json
   });
+  if (env.isInteractive && !options.json && !options.quiet && !options.get && !options.set && !options.list) {
+    safeRenderHeader({
+      command: "config",
+      target: process.cwd(),
+      elapsedTime: 0
+    });
+  }
   try {
     let configPath = null;
     let config = null;
@@ -91117,7 +91943,7 @@ async function configCommand(options) {
             repoRoot,
             defaultConfigPath,
             message: "No VibeCheck configuration found",
-            suggestion: "Run `vibecheck init` to create a configuration file",
+            suggestion: "Run `vibecheck link` to create a configuration file",
             loadError: configLoadError
           }, null, 2));
         } else {
@@ -91130,7 +91956,7 @@ async function configCommand(options) {
           }
           logger2.newline();
           logger2.info("To create a configuration file, run:");
-          logger2.dim("  vibecheck init");
+          logger2.dim("  vibecheck link");
           logger2.newline();
           logger2.dim("Using default configuration in the meantime.");
         }
@@ -91571,7 +92397,11 @@ async function fixCommand(options) {
   try {
     validateOptions2(options);
     if (env.isInteractive && !options.json && !options.quiet) {
-      printBanner();
+      safeRenderHeader({
+        command: "fix",
+        target: process.cwd(),
+        elapsedTime: 0
+      });
     }
     if (options.rollback) {
       await handleRollback(options.rollback, logger2, options);
@@ -91590,12 +92420,12 @@ async function fixCommand(options) {
           success: true,
           message: "Nothing to fix (no VibeCheck configuration file)",
           configExists: false,
-          suggestion: "Run `vibecheck init` to configure this project",
+          suggestion: "Run `vibecheck link` to configure this project",
           results: { totalIssues: 0, fixableIssues: 0, appliedFixes: 0 }
         }, null, 2));
       } else {
         logger2.warn("No VibeCheck configuration file found");
-        logger2.dim("Run `vibecheck init` to configure this project");
+        logger2.dim("Run `vibecheck link` to configure this project");
         logger2.newline();
         logger2.success("Nothing to fix");
       }
@@ -91608,7 +92438,7 @@ async function fixCommand(options) {
       config = defaultConfig2;
       if (!options.dryRun) {
         logger2.warn("No configuration found, using defaults");
-        logger2.dim("Run `vibecheck init` to create a configuration file");
+        logger2.dim("Run `vibecheck link` to create a configuration file");
       }
     }
     const projectRoot = process.cwd();
@@ -92179,7 +93009,7 @@ async function shipCommand(options) {
           details: configError instanceof Error ? configError.message : String(configError)
         }, null, 2));
       } else {
-        logger2.error('Failed to load configuration. Run "vibecheck init" first.');
+        logger2.error('Failed to load configuration. Run "vibecheck link" first.');
       }
       process.exit(1);
     }
@@ -92695,7 +93525,7 @@ async function runTruthpackCheck(projectRoot, config) {
         name: "truthpack",
         status: "fail",
         message: "Truthpack path not configured",
-        details: ['Run "vibecheck init" to configure'],
+        details: ['Run "vibecheck link" to configure'],
         fixable: true,
         durationMs: Date.now() - startTime
       };
@@ -94130,7 +94960,7 @@ async function reportCommand(options) {
       config = await loadConfig(options.config);
     } catch {
       throw new VibeCheckError(
-        'Failed to load configuration. Run "vibecheck init" first.',
+        'Failed to load configuration. Run "vibecheck link" first.',
         "CONFIG_NOT_FOUND"
       );
     }
@@ -95131,7 +95961,7 @@ async function runForgeWatch(projectPath, config, logger2) {
   await new Promise(() => {
   });
 }
-var forgeCommand = new Command("forge").description("Generate AI context rules to prevent drift and hallucinations").option("-o, --output <path>", "Output directory (default: project root)").option("-t, --tier <tier>", "Rule tier: minimal, standard, extended, comprehensive").option("-w, --watch", "Watch mode: auto-update rules when project changes").option("-p, --platform <platform>", "Target platform: cursor, windsurf, both", "both").option("--incremental", "Only update changed rules (default: true)", true).option("--no-incremental", "Regenerate all rules").option("--contract", "Generate AI Contract (Pro+ feature)").option("--no-contract", "Skip AI Contract generation").action(async (options, command) => {
+var forgeCommand = new Command("forge").description("Generate AI context rules to prevent drift and hallucinations").option("-o, --output <path>", "Output directory (default: project root)").option("-t, --tier <tier>", "Rule tier: minimal, standard, extended, comprehensive").option("-w, --watch", "Watch mode: auto-update rules when project changes").option("-p, --platform <platform>", "Target platform: cursor, windsurf, both, auto (auto = detect IDE, default)", "auto").option("--incremental", "Only update changed rules (default: true)", true).option("--no-incremental", "Regenerate all rules").option("--contract", "Generate AI Contract (Pro+ feature)").option("--no-contract", "Skip AI Contract generation").action(async (options, command) => {
   const globalOpts = command.optsWithGlobals();
   const logger2 = createLogger({
     level: globalOpts.verbose ? "debug" : "info",
@@ -95140,12 +95970,12 @@ var forgeCommand = new Command("forge").description("Generate AI context rules t
   try {
     const projectPath = await findProjectRoot(process.cwd());
     if (!projectPath) {
-      logger2.error('Not in a VibeCheck project. Run "vibecheck init" first.');
+      logger2.error('Not in a VibeCheck project. Run "vibecheck link" first.');
       process.exit(1);
     }
     const userTier = await getCurrentTierAsync();
     const tierConfig = options.tier ? { tier: options.tier, maxRules: getTierLimit(options.tier) } : getForgeConfigForTier(userTier);
-    const platforms = options.platform === "both" ? ["cursor", "windsurf"] : [options.platform ?? "cursor"];
+    const platforms = options.platform === "auto" || options.platform === void 0 ? [] : options.platform === "both" ? ["cursor", "windsurf"] : [options.platform];
     const isPro2 = userTier === "pro" || userTier === "enterprise";
     const config = {
       tier: tierConfig.tier,
@@ -95164,7 +95994,7 @@ var forgeCommand = new Command("forge").description("Generate AI context rules t
     }
     logger2.info(chalk9.bold("Generating AI context rules..."));
     logger2.dim(`Tier: ${tierConfig.tier} (max ${tierConfig.maxRules} rules)`);
-    logger2.dim(`Platforms: ${platforms.join(", ")}`);
+    logger2.dim(`Platforms: ${platforms.length === 0 ? "auto-detect (IDE in use)" : platforms.join(", ")}`);
     const output = await forge(projectPath, config);
     if (globalOpts.json) {
       console.log(JSON.stringify(formatForgeOutputForJson(output), null, 2));
@@ -95355,7 +96185,7 @@ init_scoring();
 init_truthpack();
 
 // ../../packages/core/dist/firewall/index.js
-init_chunk_4MEEGNJS();
+init_chunk_QXRHICLP();
 init_chunk_DFJL4MLU();
 init_chunk_SKXQ6JUA();
 init_chunk_4EQXFW4J();
@@ -97473,14 +98303,11 @@ ${str}`);
   }
 });
 function addCustomHelp(cmd, cmdName) {
-  cmd.on("option:help", () => {
-    renderCommandHelp(cmdName);
-    process.exit(0);
-  });
+  cmd.helpInformation = () => getCommandHelpText(cmdName);
   return cmd;
 }
 addCustomHelp(
-  program2.command("init").description("Initialize VibeCheck (runs quickstart for first-time users)").option("-f, --force", "Overwrite existing configuration").option("-m, --minimal", "Minimal mode: create config only, skip scan").option("-q, --quick", "Quick mode: auto-scan, show Ship Score and top issues").option(
+  program2.command("link").alias("init").alias("setup").alias("configure").description("Bind project to VibeCheck (instant setup, auto-detects stack)").option("-f, --force", "Overwrite existing configuration").option("-m, --minimal", "Minimal mode: create config only, skip scan").option("-q, --quick", "Quick mode: auto-scan, show Ship Score and top issues").option(
     "-t, --template <template>",
     "Configuration template (minimal, standard, strict)",
     (value) => {
@@ -97493,114 +98320,152 @@ addCustomHelp(
       return value;
     }
   ).option("--forge", "Generate AI context rules (Cursor, Windsurf, etc.)").option("--connect", "Connect VibeCheck to your CI/CD pipeline").option("--ship-gate", "Include ship gate in CI/CD (use with --connect)").action(async (options, command) => {
+    if (command.name() === "init") {
+      printDeprecation({
+        command: "init",
+        replacement: "link",
+        reason: "Renamed for clarity",
+        removeIn: "v5.0.0"
+      });
+    }
     const globalOpts = command.optsWithGlobals();
     await initCommand({
       ...options,
       ...globalOpts
     });
   }),
-  "init"
+  "link"
+);
+addCustomHelp(
+  program2.command("quickstart").alias("start").description("Interactive setup wizard for new users").option("--skip-prompts", "Run without interactive prompts").action(async (options, command) => {
+    const globalOpts = command.optsWithGlobals();
+    await quickstartCommand({
+      ...options,
+      ...globalOpts
+    });
+  }),
+  "quickstart"
+);
+addCustomHelp(
+  program2.command("missions").description("View fix missions grouped by category").option("-c, --category <category>", "Filter by category (auth, env, routes, contracts)").option("-s, --status <status>", "Filter by status (pending, in-progress, done)").option("-a, --all", "Show completed missions too").action(async (options, command) => {
+    const globalOpts = command.optsWithGlobals();
+    await missionsCommand({
+      ...options,
+      ...globalOpts
+    });
+  }),
+  "missions"
+);
+addCustomHelp(
+  program2.command("github").description("Set up GitHub Action for CI gate").option("--action", "Create GitHub Action workflow file (default)").option("--threshold <score>", "Fail threshold score (0-100)", (v) => {
+    const num = parseInt(v, 10);
+    if (isNaN(num) || num < 0 || num > 100) {
+      throw new InvalidArgumentError("Threshold must be between 0 and 100");
+    }
+    return num;
+  }).option("--autofix", "Enable auto-fix in CI workflow").action(async (options, command) => {
+    const globalOpts = command.optsWithGlobals();
+    await githubCommand({
+      ...options,
+      ...globalOpts
+    });
+  }),
+  "github"
+);
+addCustomHelp(
+  program2.command("scan").description("Scan codebase and generate truthpack").option("-o, --output <path>", "Output path for truthpack", validatePath).option("-i, --include <patterns...>", "Include patterns").option("-e, --exclude <patterns...>", "Exclude patterns").option(
+    "--timeout <ms>",
+    "Scan timeout in milliseconds",
+    (v) => parsePositiveInteger(v, "timeout")
+  ).option("--force", "Force regeneration even if truthpack exists").action(async (options, command) => {
+    const globalOpts = command.optsWithGlobals();
+    await scanCommand({
+      ...options,
+      ...globalOpts
+    });
+  }),
+  "scan"
+);
+addCustomHelp(
+  program2.command("audit [files...]").alias("check").alias("validate").description("Find code that looks done but doesn't work (validate + drift detection)").option(
+    "-m, --mode <mode>",
+    "Audit mode: full (validate + drift), validate (files vs truthpack), drift (hallucination + drift)",
+    (value) => {
+      const valid = ["full", "validate", "drift"];
+      if (!valid.includes(value)) {
+        throw new InvalidArgumentError(
+          `Mode must be one of: ${valid.join(", ")}`
+        );
+      }
+      return value;
+    }
+  ).option("-s, --strict", "Enable strict validation/checking").option("--fix", "Attempt to fix issues (validate mode only)").option(
+    "--max-errors <count>",
+    "Maximum errors to report (validate mode)",
+    (v) => parsePositiveInteger(v, "max-errors")
+  ).option("--fail-fast", "Stop on first error (drift mode)").option(
+    "--timeout <ms>",
+    "Timeout in milliseconds",
+    (v) => parsePositiveInteger(v, "timeout")
+  ).action(async (files, options, command) => {
+    const globalOpts = command.optsWithGlobals();
+    const invokedAs = command.name();
+    const mode = invokedAs === "audit" ? options.mode ?? "full" : invokedAs === "validate" ? "validate" : "drift";
+    await auditCommand(files ?? [], {
+      ...options,
+      ...globalOpts,
+      mode
+    });
+  }),
+  "audit"
+);
+addCustomHelp(
+  program2.command("trace [target]").description("Trace data flow from sources to sinks").option("-f, --format <format>", "Output format (text, json, mermaid)", "text").option("-o, --output <path>", "Output file path").option("--max-depth <n>", "Maximum path depth", (v) => parsePositiveInteger(v, "max-depth")).option("--show-all", "Show all paths, not just issues").action(async (target, options, command) => {
+    const globalOpts = command.optsWithGlobals();
+    await traceCommand({
+      target,
+      format: options.format,
+      output: options.output,
+      maxDepth: options.maxDepth,
+      showAll: options.showAll,
+      ...globalOpts
+    });
+  }),
+  "trace"
+);
+addCustomHelp(
+  program2.command("config").description("View or edit configuration").option("--get <key>", "Get a configuration value").option("--set <key=value>", "Set a configuration value").option("--list", "List all configuration values").option("--validate", "Validate the configuration file").option("--path", "Show the configuration file path").action(async (options, command) => {
+    const globalOpts = command.optsWithGlobals();
+    await configCommand({
+      ...options,
+      ...globalOpts
+    });
+  }),
+  "config"
+);
+addCustomHelp(
+  program2.command("watch").description("Watch for changes and validate continuously").option(
+    "-d, --debounce <ms>",
+    "Debounce delay in milliseconds",
+    (v) => parsePositiveInteger(v, "debounce")
+  ).option("--once", "Run validation once and exit").action(async (options, command) => {
+    const globalOpts = command.optsWithGlobals();
+    await watchCommand({
+      ...options,
+      ...globalOpts
+    });
+  }),
+  "watch"
+);
+addCustomHelp(
+  program2.command("doctor").description("Validate system dependencies and configuration").action(async (options, command) => {
+    const globalOpts = command.optsWithGlobals();
+    await doctorCommand({
+      ...globalOpts
+    });
+  }),
+  "doctor"
 );
-program2.command("quickstart").alias("start").description("Interactive setup wizard for new users").option("--skip-prompts", "Run without interactive prompts").action(async (options, command) => {
-  const globalOpts = command.optsWithGlobals();
-  await quickstartCommand({
-    ...options,
-    ...globalOpts
-  });
-});
-program2.command("missions").description("View fix missions grouped by category").option("-c, --category <category>", "Filter by category (auth, env, routes, contracts)").option("-s, --status <status>", "Filter by status (pending, in-progress, done)").option("-a, --all", "Show completed missions too").action(async (options, command) => {
-  const globalOpts = command.optsWithGlobals();
-  await missionsCommand({
-    ...options,
-    ...globalOpts
-  });
-});
-program2.command("github").description("Set up GitHub Action for CI gate").option("--action", "Create GitHub Action workflow file (default)").option("--threshold <score>", "Fail threshold score (0-100)", (v) => {
-  const num = parseInt(v, 10);
-  if (isNaN(num) || num < 0 || num > 100) {
-    throw new InvalidArgumentError("Threshold must be between 0 and 100");
-  }
-  return num;
-}).option("--autofix", "Enable auto-fix in CI workflow").action(async (options, command) => {
-  const globalOpts = command.optsWithGlobals();
-  await githubCommand({
-    ...options,
-    ...globalOpts
-  });
-});
-program2.command("scan").description("Scan codebase and generate truthpack").option("-o, --output <path>", "Output path for truthpack", validatePath).option("-i, --include <patterns...>", "Include patterns").option("-e, --exclude <patterns...>", "Exclude patterns").option(
-  "--timeout <ms>",
-  "Scan timeout in milliseconds",
-  (v) => parsePositiveInteger(v, "timeout")
-).option("--force", "Force regeneration even if truthpack exists").action(async (options, command) => {
-  const globalOpts = command.optsWithGlobals();
-  await scanCommand({
-    ...options,
-    ...globalOpts
-  });
-});
-program2.command("validate [files...]").description("Validate files against truthpack").option("-s, --strict", "Enable strict validation").option("--fix", "Attempt to fix issues automatically").option(
-  "--max-errors <count>",
-  "Maximum number of errors to report",
-  (v) => parsePositiveInteger(v, "max-errors")
-).option(
-  "--timeout <ms>",
-  "Validation timeout in milliseconds",
-  (v) => parsePositiveInteger(v, "timeout")
-).action(async (files, options, command) => {
-  const globalOpts = command.optsWithGlobals();
-  await validateCommand(files, {
-    ...options,
-    ...globalOpts
-  });
-});
-program2.command("check").description("Run hallucination and drift detection").option("-s, --strict", "Enable strict checking").option("--fail-fast", "Stop on first error").option(
-  "--timeout <ms>",
-  "Check timeout in milliseconds",
-  (v) => parsePositiveInteger(v, "timeout")
-).action(async (options, command) => {
-  const globalOpts = command.optsWithGlobals();
-  await checkCommand({
-    ...options,
-    failFast: options.failFast,
-    ...globalOpts
-  });
-});
-program2.command("trace [target]").description("Trace data flow from sources to sinks").option("-f, --format <format>", "Output format (text, json, mermaid)", "text").option("-o, --output <path>", "Output file path").option("--max-depth <n>", "Maximum path depth", (v) => parsePositiveInteger(v, "max-depth")).option("--show-all", "Show all paths, not just issues").action(async (target, options, command) => {
-  const globalOpts = command.optsWithGlobals();
-  await traceCommand({
-    target,
-    format: options.format,
-    output: options.output,
-    maxDepth: options.maxDepth,
-    showAll: options.showAll,
-    ...globalOpts
-  });
-});
-program2.command("config").description("View or edit configuration").option("--get <key>", "Get a configuration value").option("--set <key=value>", "Set a configuration value").option("--list", "List all configuration values").option("--validate", "Validate the configuration file").option("--path", "Show the configuration file path").action(async (options, command) => {
-  const globalOpts = command.optsWithGlobals();
-  await configCommand({
-    ...options,
-    ...globalOpts
-  });
-});
-program2.command("watch").description("Watch for changes and validate continuously").option(
-  "-d, --debounce <ms>",
-  "Debounce delay in milliseconds",
-  (v) => parsePositiveInteger(v, "debounce")
-).option("--once", "Run validation once and exit").action(async (options, command) => {
-  const globalOpts = command.optsWithGlobals();
-  await watchCommand({
-    ...options,
-    ...globalOpts
-  });
-});
-program2.command("doctor").description("Validate system dependencies and configuration").action(async (options, command) => {
-  const globalOpts = command.optsWithGlobals();
-  await doctorCommand({
-    ...globalOpts
-  });
-});
 program2.addCommand(forgeCommand);
 var realityCommand = program2.command("reality").description("\u{1F3AC} Reality Mode 2.0 - Runtime verification with proof bundles");
 realityCommand.command("run").description("Run Reality Mode and produce a Proof Bundle").option("-u, --url <url>", "Target URL (auto-detects if not provided)").option("-s, --scenarios <preset|ids>", "Scenario preset (smoke, standard, chaos) or comma-separated IDs", "standard").option("--headless", "Run browser in headless mode", true).option("--no-headless", "Run browser in headed mode (show browser)").option("-b, --browser <browser>", "Browser to use (chromium, firefox, webkit)", "chromium").option("--timeout <seconds>", "Global timeout in seconds", (v) => parsePositiveInteger(v, "timeout")).option("--video", "Enable video recording", true).option("--no-video", "Disable video recording").option("-o, --output <path>", "Output directory for proof bundle").option("--open", "Open report in browser after run").action(async (options, command) => {
@@ -97651,165 +98516,205 @@ realityCommand.command("clean").description("Clean up old proof bundles").option
     ...globalOpts
   });
 });
-program2.command("ship").description("Pre-deployment checks with optional auto-fix").option("--fix", "Auto-fix issues before shipping").option("--force", "Proceed despite blockers").option("--strict", "Stricter pre-deploy checks").option(
-  "-m, --mode <mode>",
-  "Scoring mode: isl (spec-first), traditional (scan-based), or hybrid",
-  (value) => {
-    const valid = ["isl", "traditional", "hybrid"];
-    if (!valid.includes(value)) {
-      throw new InvalidArgumentError(
-        `Mode must be one of: ${valid.join(", ")}`
-      );
+addCustomHelp(
+  program2.command("ship").description("Pre-deployment checks with optional auto-fix").option("--fix", "Auto-fix issues before shipping").option("--force", "Proceed despite blockers").option("--strict", "Stricter pre-deploy checks").option(
+    "-m, --mode <mode>",
+    "Scoring mode: isl (spec-first), traditional (scan-based), or hybrid",
+    (value) => {
+      const valid = ["isl", "traditional", "hybrid"];
+      if (!valid.includes(value)) {
+        throw new InvalidArgumentError(
+          `Mode must be one of: ${valid.join(", ")}`
+        );
+      }
+      return value;
     }
-    return value;
-  }
-).option("--spec <path>", "Path to ISL spec file (enables ISL verification)").option("--reality", "Enable Reality Mode (auto-starts your app, runs browser tests)").option("--reality-url <url>", "Use existing server instead of auto-starting").option(
-  "--reality-timeout <seconds>",
-  "Reality Mode timeout in seconds",
-  (v) => parsePositiveInteger(v, "reality-timeout")
-).option(
-  "--reality-startup-timeout <seconds>",
-  "Server startup timeout in seconds",
-  (v) => parsePositiveInteger(v, "reality-startup-timeout")
-).option("--reality-headless", "Run browser in headless mode", true).option("--no-reality-headless", "Run browser in headed mode (see browser)").option("--chaos", "Enable AI Chaos Agent (autonomous bug hunting)").option("--chaos-aggressive", "Aggressive chaos mode (includes security tests)").option(
-  "--chaos-actions <number>",
-  "Maximum chaos actions to perform",
-  (v) => parsePositiveInteger(v, "chaos-actions")
-).option("--chaos-provider <provider>", "AI provider: auto (default), fallback (no AI), ollama (free), anthropic, openai", "auto").option("--chaos-model <model>", "Model to use (default: llava for ollama, gpt-4o for openai)").option("--chaos-url <url>", "Base URL for ollama/local provider (default: http://localhost:11434)").option("--chaos-api-key <key>", "API key for anthropic/openai (or use OPENAI_API_KEY/ANTHROPIC_API_KEY env)").option("--chaos-no-vision", "Disable vision (DOM-only mode, works with any LLM)").option("--detailed", "Show detailed 6-dimension Ship Score breakdown").option("--missions", "Group findings into actionable fix missions").option("--github-pr <number>", "Post results as GitHub PR comment", (v) => parsePositiveInteger(v, "github-pr")).option("--github-repo <repo>", "GitHub repository (owner/repo format)").option("--report", "Generate HTML report and open in browser").action(async (options, command) => {
-  const globalOpts = command.optsWithGlobals();
-  await shipCommand({
-    ...options,
-    mode: options.mode,
-    spec: options.spec,
-    reality: options.reality,
-    realityUrl: options.realityUrl,
-    realityTimeout: options.realityTimeout,
-    realityStartupTimeout: options.realityStartupTimeout,
-    realityHeadless: options.realityHeadless,
-    chaos: options.chaos,
-    chaosAggressive: options.chaosAggressive,
-    chaosActions: options.chaosActions,
-    chaosProvider: options.chaosProvider,
-    chaosModel: options.chaosModel,
-    chaosUrl: options.chaosUrl,
-    chaosApiKey: options.chaosApiKey,
-    chaosNoVision: options.chaosNoVision,
-    detailed: options.detailed,
-    missions: options.missions,
-    githubPr: options.githubPr,
-    githubRepo: options.githubRepo,
-    ...globalOpts
-  });
-});
-program2.command("certify").description("\u{1F3C6} Final certification: ISL + Reality + Chaos \u2192 Badge (zero setup)").option("--spec <path>", "Path to ISL spec file (auto-generates if missing)").option("--skip-isl", "Skip ISL verification step").option("--skip-reality", "Skip Reality Mode verification").option("--skip-chaos", "Skip Chaos Agent testing").option("--chaos-actions <number>", "Maximum chaos actions to perform", (v) => parsePositiveInteger(v, "chaos-actions")).option("--timeout <seconds>", "Reality Mode timeout in seconds", (v) => parsePositiveInteger(v, "timeout")).option("--headless", "Run browser in headless mode", true).option("--no-headless", "Run browser in headed mode (show browser)").option("-o, --output <path>", "Output directory for proof bundle").option("--threshold <score>", "Minimum score required for certification (default: 85)", (v) => parsePositiveInteger(v, "threshold")).option("--open", "Open report in browser after completion").action(async (options, command) => {
-  const globalOpts = command.optsWithGlobals();
-  await certifyCommand({
-    spec: options.spec,
-    skipIsl: options.skipIsl,
-    skipReality: options.skipReality,
-    skipChaos: options.skipChaos,
-    chaosActions: options.chaosActions,
-    timeout: options.timeout,
-    headless: options.headless,
-    output: options.output,
-    threshold: options.threshold,
-    open: options.open,
-    ...globalOpts
-  });
-});
-program2.command("status").description("Show current VibeCheck module status").action(async (options, command) => {
-  const globalOpts = command.optsWithGlobals();
-  await statusCommand({
-    ...globalOpts
-  });
-});
-program2.command("fix [files...]").description("Auto-fix simple issues (env vars, empty catches, stubs) - use --missions for complex ones").option("-a, --apply", "Apply fixes automatically without review").option("-i, --interactive", "Interactive mode - review each fix").option("-d, --dry-run", "Show fixes without applying").option("-r, --rollback <transactionId>", "Rollback a previous fix transaction").option(
-  "--confidence <threshold>",
-  "Minimum confidence threshold (0-1)",
-  (v) => {
-    const parsed = parseFloat(v);
-    if (isNaN(parsed) || parsed < 0 || parsed > 1) {
-      throw new InvalidArgumentError("Confidence must be a number between 0 and 1");
+  ).option("--spec <path>", "Path to ISL spec file (enables ISL verification)").option("--reality", "Enable Reality Mode (auto-starts your app, runs browser tests)").option("--reality-url <url>", "Use existing server instead of auto-starting").option(
+    "--reality-timeout <seconds>",
+    "Reality Mode timeout in seconds",
+    (v) => parsePositiveInteger(v, "reality-timeout")
+  ).option(
+    "--reality-startup-timeout <seconds>",
+    "Server startup timeout in seconds",
+    (v) => parsePositiveInteger(v, "reality-startup-timeout")
+  ).option("--reality-headless", "Run browser in headless mode", true).option("--no-reality-headless", "Run browser in headed mode (see browser)").option("--chaos", "Enable AI Chaos Agent (autonomous bug hunting)").option("--chaos-aggressive", "Aggressive chaos mode (includes security tests)").option(
+    "--chaos-actions <number>",
+    "Maximum chaos actions to perform",
+    (v) => parsePositiveInteger(v, "chaos-actions")
+  ).option("--chaos-provider <provider>", "AI provider: auto (default), fallback (no AI), ollama (free), anthropic, openai", "auto").option("--chaos-model <model>", "Model to use (default: llava for ollama, gpt-4o for openai)").option("--chaos-url <url>", "Base URL for ollama/local provider (default: http://localhost:11434)").option("--chaos-api-key <key>", "API key for anthropic/openai (or use OPENAI_API_KEY/ANTHROPIC_API_KEY env)").option("--chaos-no-vision", "Disable vision (DOM-only mode, works with any LLM)").option("--detailed", "Show detailed 6-dimension Ship Score breakdown").option("--missions", "Group findings into actionable fix missions").option("--github-pr <number>", "Post results as GitHub PR comment", (v) => parsePositiveInteger(v, "github-pr")).option("--github-repo <repo>", "GitHub repository (owner/repo format)").option("--report", "Generate HTML report and open in browser").action(async (options, command) => {
+    const globalOpts = command.optsWithGlobals();
+    await shipCommand({
+      ...options,
+      mode: options.mode,
+      spec: options.spec,
+      reality: options.reality,
+      realityUrl: options.realityUrl,
+      realityTimeout: options.realityTimeout,
+      realityStartupTimeout: options.realityStartupTimeout,
+      realityHeadless: options.realityHeadless,
+      chaos: options.chaos,
+      chaosAggressive: options.chaosAggressive,
+      chaosActions: options.chaosActions,
+      chaosProvider: options.chaosProvider,
+      chaosModel: options.chaosModel,
+      chaosUrl: options.chaosUrl,
+      chaosApiKey: options.chaosApiKey,
+      chaosNoVision: options.chaosNoVision,
+      detailed: options.detailed,
+      missions: options.missions,
+      githubPr: options.githubPr,
+      githubRepo: options.githubRepo,
+      ...globalOpts
+    });
+  }),
+  "ship"
+);
+addCustomHelp(
+  program2.command("certify").description("\u{1F3C6} Final certification: ISL + Reality + Chaos \u2192 Badge (zero setup)").option("--spec <path>", "Path to ISL spec file (auto-generates if missing)").option("--skip-isl", "Skip ISL verification step").option("--skip-reality", "Skip Reality Mode verification").option("--skip-chaos", "Skip Chaos Agent testing").option("--chaos-actions <number>", "Maximum chaos actions to perform", (v) => parsePositiveInteger(v, "chaos-actions")).option("--timeout <seconds>", "Reality Mode timeout in seconds", (v) => parsePositiveInteger(v, "timeout")).option("--headless", "Run browser in headless mode", true).option("--no-headless", "Run browser in headed mode (show browser)").option("-o, --output <path>", "Output directory for proof bundle").option("--threshold <score>", "Minimum score required for certification (default: 85)", (v) => parsePositiveInteger(v, "threshold")).option("--open", "Open report in browser after completion").action(async (options, command) => {
+    const globalOpts = command.optsWithGlobals();
+    await certifyCommand({
+      spec: options.spec,
+      skipIsl: options.skipIsl,
+      skipReality: options.skipReality,
+      skipChaos: options.skipChaos,
+      chaosActions: options.chaosActions,
+      timeout: options.timeout,
+      headless: options.headless,
+      output: options.output,
+      threshold: options.threshold,
+      open: options.open,
+      ...globalOpts
+    });
+  }),
+  "certify"
+);
+addCustomHelp(
+  program2.command("verify").description("Full proof loop with runtime verification (alias for certify)").option("--spec <path>", "Path to ISL spec file (auto-generates if missing)").option("--skip-isl", "Skip ISL verification step").option("--skip-reality", "Skip Reality Mode verification").option("--skip-chaos", "Skip Chaos Agent testing").option("--chaos-actions <number>", "Maximum chaos actions to perform", (v) => parsePositiveInteger(v, "chaos-actions")).option("--timeout <seconds>", "Reality Mode timeout in seconds", (v) => parsePositiveInteger(v, "timeout")).option("--headless", "Run browser in headless mode", true).option("--no-headless", "Run browser in headed mode (show browser)").option("-o, --output <path>", "Output directory for proof bundle").option("--threshold <score>", "Minimum score required for certification (default: 85)", (v) => parsePositiveInteger(v, "threshold")).option("--open", "Open report in browser after completion").action(async (options, command) => {
+    const globalOpts = command.optsWithGlobals();
+    await certifyCommand({
+      spec: options.spec,
+      skipIsl: options.skipIsl,
+      skipReality: options.skipReality,
+      skipChaos: options.skipChaos,
+      chaosActions: options.chaosActions,
+      timeout: options.timeout,
+      headless: options.headless,
+      output: options.output,
+      threshold: options.threshold,
+      open: options.open,
+      ...globalOpts
+    });
+  }),
+  "certify"
+);
+addCustomHelp(
+  program2.command("status").description("Show current VibeCheck module status").action(async (options, command) => {
+    const globalOpts = command.optsWithGlobals();
+    await statusCommand({
+      ...globalOpts
+    });
+  }),
+  "status"
+);
+addCustomHelp(
+  program2.command("fix [files...]").description("Auto-fix simple issues (env vars, empty catches, stubs) - use --missions for complex ones").option("-a, --apply", "Apply fixes automatically without review").option("-i, --interactive", "Interactive mode - review each fix").option("-d, --dry-run", "Show fixes without applying").option("-r, --rollback <transactionId>", "Rollback a previous fix transaction").option(
+    "--confidence <threshold>",
+    "Minimum confidence threshold (0-1)",
+    (v) => {
+      const parsed = parseFloat(v);
+      if (isNaN(parsed) || parsed < 0 || parsed > 1) {
+        throw new InvalidArgumentError("Confidence must be a number between 0 and 1");
+      }
+      return parsed;
     }
-    return parsed;
-  }
-).action(async (files, options, command) => {
-  const globalOpts = command.optsWithGlobals();
-  await fixCommand({
-    files: files.length > 0 ? files : void 0,
-    ...options,
-    ...globalOpts
-  });
-});
-program2.command("report").description("Generate enterprise-grade HTML/PDF reports").option(
-  "-t, --type <type>",
-  "Report type (reality-check, ship-readiness, executive-summary, detailed-technical, compliance)",
-  (value) => {
-    const valid = ["reality-check", "ship-readiness", "executive-summary", "detailed-technical", "compliance"];
-    if (!valid.includes(value)) {
-      throw new InvalidArgumentError(`Report type must be one of: ${valid.join(", ")}`);
-    }
-    return value;
-  }
-).option(
-  "-f, --format <format>",
-  "Output format (html, pdf)",
-  (value) => {
-    const valid = ["html", "pdf"];
-    if (!valid.includes(value)) {
-      throw new InvalidArgumentError(`Format must be one of: ${valid.join(", ")}`);
-    }
-    return value;
-  }
-).option("-o, --output <path>", "Output file path", validatePath).option(
-  "--theme <theme>",
-  "Color theme (dark, light)",
-  (value) => {
-    const valid = ["dark", "light"];
-    if (!valid.includes(value)) {
-      throw new InvalidArgumentError(`Theme must be one of: ${valid.join(", ")}`);
-    }
-    return value;
-  }
-).option("--branding <name>", "Company name for report branding").option("--open", "Open report in browser after generation").action(async (options, command) => {
-  const globalOpts = command.optsWithGlobals();
-  await reportCommand({
-    ...options,
-    ...globalOpts
-  });
-});
-program2.command("badge").description("Generate Ship Score badge embed codes for README").option("-p, --project-id <id>", "Project ID from dashboard").option(
-  "-s, --style <style>",
-  "Badge style (flat, flat-square, plastic, for-the-badge)",
-  (value) => {
-    const valid = ["flat", "flat-square", "plastic", "for-the-badge"];
-    if (!valid.includes(value)) {
-      throw new InvalidArgumentError(`Style must be one of: ${valid.join(", ")}`);
-    }
-    return value;
-  }
-).option(
-  "-f, --format <format>",
-  "Output format (markdown, html, url)",
-  (value) => {
-    const valid = ["markdown", "html", "url"];
-    if (!valid.includes(value)) {
-      throw new InvalidArgumentError(`Format must be one of: ${valid.join(", ")}`);
-    }
-    return value;
-  }
-).action(async (options, command) => {
-  const globalOpts = command.optsWithGlobals();
-  await badgeCommand({
-    projectId: options.projectId,
-    style: options.style,
-    format: options.format,
-    ...globalOpts
-  });
-});
-program2.command("menu").description("Open interactive menu").action(async () => {
-  await runInteractiveMode();
-});
+  ).action(async (files, options, command) => {
+    const globalOpts = command.optsWithGlobals();
+    await fixCommand({
+      files: files.length > 0 ? files : void 0,
+      ...options,
+      ...globalOpts
+    });
+  }),
+  "fix"
+);
+addCustomHelp(
+  program2.command("report").description("Generate enterprise-grade HTML/PDF reports").option(
+    "-t, --type <type>",
+    "Report type (reality-check, ship-readiness, executive-summary, detailed-technical, compliance)",
+    (value) => {
+      const valid = ["reality-check", "ship-readiness", "executive-summary", "detailed-technical", "compliance"];
+      if (!valid.includes(value)) {
+        throw new InvalidArgumentError(`Report type must be one of: ${valid.join(", ")}`);
+      }
+      return value;
+    }
+  ).option(
+    "-f, --format <format>",
+    "Output format (html, pdf)",
+    (value) => {
+      const valid = ["html", "pdf"];
+      if (!valid.includes(value)) {
+        throw new InvalidArgumentError(`Format must be one of: ${valid.join(", ")}`);
+      }
+      return value;
+    }
+  ).option("-o, --output <path>", "Output file path", validatePath).option(
+    "--theme <theme>",
+    "Color theme (dark, light)",
+    (value) => {
+      const valid = ["dark", "light"];
+      if (!valid.includes(value)) {
+        throw new InvalidArgumentError(`Theme must be one of: ${valid.join(", ")}`);
+      }
+      return value;
+    }
+  ).option("--branding <name>", "Company name for report branding").option("--open", "Open report in browser after generation").action(async (options, command) => {
+    const globalOpts = command.optsWithGlobals();
+    await reportCommand({
+      ...options,
+      ...globalOpts
+    });
+  }),
+  "report"
+);
+addCustomHelp(
+  program2.command("badge").description("Generate Ship Score badge embed codes for README").option("-p, --project-id <id>", "Project ID from dashboard").option(
+    "-s, --style <style>",
+    "Badge style (flat, flat-square, plastic, for-the-badge)",
+    (value) => {
+      const valid = ["flat", "flat-square", "plastic", "for-the-badge"];
+      if (!valid.includes(value)) {
+        throw new InvalidArgumentError(`Style must be one of: ${valid.join(", ")}`);
+      }
+      return value;
+    }
+  ).option(
+    "-f, --format <format>",
+    "Output format (markdown, html, url)",
+    (value) => {
+      const valid = ["markdown", "html", "url"];
+      if (!valid.includes(value)) {
+        throw new InvalidArgumentError(`Format must be one of: ${valid.join(", ")}`);
+      }
+      return value;
+    }
+  ).action(async (options, command) => {
+    const globalOpts = command.optsWithGlobals();
+    await badgeCommand({
+      projectId: options.projectId,
+      style: options.style,
+      format: options.format,
+      ...globalOpts
+    });
+  }),
+  "badge"
+);
+addCustomHelp(
+  program2.command("menu").description("Open interactive menu").action(async () => {
+    await runInteractiveMode();
+  }),
+  "menu"
+);
 program2.command("login").description("Login to VibeCheck Cloud").action(async () => {
   const session = await showLoginScreen();
   if (session) {
@@ -97827,10 +98732,7 @@ program2.command("logout").description("Logout from VibeCheck Cloud").action(asy
   printSuccess("Logged out successfully. See you next time!");
 });
 program2.helpOption("-h, --help", "Display gorgeous help");
-program2.on("option:help", () => {
-  renderHelp();
-  process.exit(0);
-});
+program2.helpInformation = () => getMainHelpText();
 program2.action(async () => {
   await runInteractiveMode();
 });
@@ -97844,12 +98746,16 @@ async function runInteractiveMode() {
     try {
       switch (selection) {
         // ═══════════════════════════════════════════════════════════════════════
-        // THE FLOW
+        // SETUP & FLOW
         // ═══════════════════════════════════════════════════════════════════════
+        case "link":
+          await initCommand({ ...globalOpts });
+          break;
         case "quickstart":
           await quickstartCommand({ ...globalOpts });
           break;
         case "certify":
+        case "verify":
           await certifyCommand({ open: true, ...globalOpts });
           break;
         case "status":
@@ -97876,6 +98782,9 @@ async function runInteractiveMode() {
         case "scan":
           await scanCommand({ ...globalOpts });
           break;
+        case "audit":
+          await auditCommand([], { ...globalOpts, mode: "full" });
+          break;
         case "forge":
           await forgeCommand.parseAsync(["forge"], { from: "user" });
           break;
@@ -97891,6 +98800,9 @@ async function runInteractiveMode() {
         case "doctor":
           await doctorCommand({ ...globalOpts });
           break;
+        case "login":
+          await showLoginScreen();
+          break;
         case "help":
           renderHelp();
           break;