npm - vibecheck-ai - Versions diffs - 2.0.1 → 5.0.0 - Mend

vibecheck-ai 2.0.1 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (456) hide show

package/bin/.generated +25 -0
package/bin/_deprecations.js +463 -0
package/bin/_router.js +46 -0
package/bin/cli-hygiene.js +241 -0
package/bin/dev/run-v2-torture.js +30 -0
package/bin/registry.js +656 -0
package/bin/runners/CLI_REFACTOR_SUMMARY.md +229 -0
package/bin/runners/ENHANCEMENT_GUIDE.md +121 -0
package/bin/runners/REPORT_AUDIT.md +64 -0
package/bin/runners/cli-utils.js +1070 -0
package/bin/runners/context/ai-task-decomposer.js +337 -0
package/bin/runners/context/analyzer.js +513 -0
package/bin/runners/context/api-contracts.js +427 -0
package/bin/runners/context/context-diff.js +342 -0
package/bin/runners/context/context-pruner.js +291 -0
package/bin/runners/context/dependency-graph.js +414 -0
package/bin/runners/context/generators/claude.js +107 -0
package/bin/runners/context/generators/codex.js +108 -0
package/bin/runners/context/generators/copilot.js +119 -0
package/bin/runners/context/generators/cursor-enhanced.js +2525 -0
package/bin/runners/context/generators/cursor.js +514 -0
package/bin/runners/context/generators/mcp.js +169 -0
package/bin/runners/context/generators/windsurf.js +180 -0
package/bin/runners/context/git-context.js +304 -0
package/bin/runners/context/index.js +1110 -0
package/bin/runners/context/insights.js +173 -0
package/bin/runners/context/mcp-server/generate-rules.js +337 -0
package/bin/runners/context/mcp-server/index.js +1176 -0
package/bin/runners/context/mcp-server/package.json +24 -0
package/bin/runners/context/memory.js +200 -0
package/bin/runners/context/monorepo.js +215 -0
package/bin/runners/context/multi-repo-federation.js +404 -0
package/bin/runners/context/patterns.js +253 -0
package/bin/runners/context/proof-context.js +1264 -0
package/bin/runners/context/security-scanner.js +541 -0
package/bin/runners/context/semantic-search.js +350 -0
package/bin/runners/context/shared.js +264 -0
package/bin/runners/context/team-conventions.js +336 -0
package/bin/runners/lib/__tests__/entitlements-v2.test.js +295 -0
package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +474 -0
package/bin/runners/lib/agent-firewall/change-packet/builder.js +488 -0
package/bin/runners/lib/agent-firewall/change-packet/schema.json +228 -0
package/bin/runners/lib/agent-firewall/change-packet/store.js +200 -0
package/bin/runners/lib/agent-firewall/claims/claim-types.js +21 -0
package/bin/runners/lib/agent-firewall/claims/extractor.js +303 -0
package/bin/runners/lib/agent-firewall/claims/patterns.js +24 -0
package/bin/runners/lib/agent-firewall/critic/index.js +151 -0
package/bin/runners/lib/agent-firewall/critic/judge.js +432 -0
package/bin/runners/lib/agent-firewall/critic/prompts.js +305 -0
package/bin/runners/lib/agent-firewall/enforcement/gateway.js +1059 -0
package/bin/runners/lib/agent-firewall/enforcement/index.js +98 -0
package/bin/runners/lib/agent-firewall/enforcement/mode.js +318 -0
package/bin/runners/lib/agent-firewall/enforcement/orchestrator.js +484 -0
package/bin/runners/lib/agent-firewall/enforcement/proof-artifact.js +418 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/change-event.schema.json +173 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/intent.schema.json +181 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/verdict.schema.json +222 -0
package/bin/runners/lib/agent-firewall/enforcement/verdict-v2.js +333 -0
package/bin/runners/lib/agent-firewall/evidence/auth-evidence.js +88 -0
package/bin/runners/lib/agent-firewall/evidence/contract-evidence.js +75 -0
package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +127 -0
package/bin/runners/lib/agent-firewall/evidence/resolver.js +102 -0
package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +213 -0
package/bin/runners/lib/agent-firewall/evidence/side-effect-evidence.js +145 -0
package/bin/runners/lib/agent-firewall/fs-hook/daemon.js +19 -0
package/bin/runners/lib/agent-firewall/fs-hook/installer.js +87 -0
package/bin/runners/lib/agent-firewall/fs-hook/watcher.js +184 -0
package/bin/runners/lib/agent-firewall/git-hook/pre-commit.js +163 -0
package/bin/runners/lib/agent-firewall/ide-extension/cursor.js +107 -0
package/bin/runners/lib/agent-firewall/ide-extension/vscode.js +68 -0
package/bin/runners/lib/agent-firewall/ide-extension/windsurf.js +66 -0
package/bin/runners/lib/agent-firewall/index.js +200 -0
package/bin/runners/lib/agent-firewall/integration/index.js +20 -0
package/bin/runners/lib/agent-firewall/integration/ship-gate.js +437 -0
package/bin/runners/lib/agent-firewall/intent/alignment-engine.js +634 -0
package/bin/runners/lib/agent-firewall/intent/auto-detect.js +426 -0
package/bin/runners/lib/agent-firewall/intent/index.js +102 -0
package/bin/runners/lib/agent-firewall/intent/schema.js +352 -0
package/bin/runners/lib/agent-firewall/intent/store.js +283 -0
package/bin/runners/lib/agent-firewall/interception/fs-interceptor.js +502 -0
package/bin/runners/lib/agent-firewall/interception/index.js +23 -0
package/bin/runners/lib/agent-firewall/interceptor/base.js +308 -0
package/bin/runners/lib/agent-firewall/interceptor/cursor.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/vscode.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/windsurf.js +34 -0
package/bin/runners/lib/agent-firewall/lawbook/distributor.js +465 -0
package/bin/runners/lib/agent-firewall/lawbook/evaluator.js +604 -0
package/bin/runners/lib/agent-firewall/lawbook/index.js +304 -0
package/bin/runners/lib/agent-firewall/lawbook/registry.js +514 -0
package/bin/runners/lib/agent-firewall/lawbook/schema.js +420 -0
package/bin/runners/lib/agent-firewall/logger.js +141 -0
package/bin/runners/lib/agent-firewall/policy/default-policy.json +90 -0
package/bin/runners/lib/agent-firewall/policy/engine.js +103 -0
package/bin/runners/lib/agent-firewall/policy/loader.js +451 -0
package/bin/runners/lib/agent-firewall/policy/rules/auth-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/contract-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +79 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js +227 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +191 -0
package/bin/runners/lib/agent-firewall/policy/rules/scope.js +93 -0
package/bin/runners/lib/agent-firewall/policy/rules/unsafe-side-effect.js +57 -0
package/bin/runners/lib/agent-firewall/policy/schema.json +183 -0
package/bin/runners/lib/agent-firewall/policy/verdict.js +54 -0
package/bin/runners/lib/agent-firewall/proposal/extractor.js +394 -0
package/bin/runners/lib/agent-firewall/proposal/index.js +212 -0
package/bin/runners/lib/agent-firewall/proposal/schema.js +251 -0
package/bin/runners/lib/agent-firewall/proposal/validator.js +386 -0
package/bin/runners/lib/agent-firewall/reality/index.js +332 -0
package/bin/runners/lib/agent-firewall/reality/state.js +625 -0
package/bin/runners/lib/agent-firewall/reality/watcher.js +322 -0
package/bin/runners/lib/agent-firewall/risk/index.js +173 -0
package/bin/runners/lib/agent-firewall/risk/scorer.js +328 -0
package/bin/runners/lib/agent-firewall/risk/thresholds.js +322 -0
package/bin/runners/lib/agent-firewall/risk/vectors.js +421 -0
package/bin/runners/lib/agent-firewall/session/collector.js +451 -0
package/bin/runners/lib/agent-firewall/session/index.js +26 -0
package/bin/runners/lib/agent-firewall/simulator/diff-simulator.js +472 -0
package/bin/runners/lib/agent-firewall/simulator/import-resolver.js +346 -0
package/bin/runners/lib/agent-firewall/simulator/index.js +181 -0
package/bin/runners/lib/agent-firewall/simulator/route-validator.js +380 -0
package/bin/runners/lib/agent-firewall/time-machine/incident-correlator.js +661 -0
package/bin/runners/lib/agent-firewall/time-machine/index.js +267 -0
package/bin/runners/lib/agent-firewall/time-machine/replay-engine.js +436 -0
package/bin/runners/lib/agent-firewall/time-machine/state-reconstructor.js +490 -0
package/bin/runners/lib/agent-firewall/time-machine/timeline-builder.js +530 -0
package/bin/runners/lib/agent-firewall/truthpack/index.js +67 -0
package/bin/runners/lib/agent-firewall/truthpack/loader.js +137 -0
package/bin/runners/lib/agent-firewall/unblock/planner.js +337 -0
package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +118 -0
package/bin/runners/lib/ai-bridge.js +416 -0
package/bin/runners/lib/analysis-core.js +309 -0
package/bin/runners/lib/analyzers.js +2500 -0
package/bin/runners/lib/api-client.js +269 -0
package/bin/runners/lib/approve-output.js +235 -0
package/bin/runners/lib/artifact-envelope.js +540 -0
package/bin/runners/lib/assets/vibecheck-logo.png +0 -0
package/bin/runners/lib/audit-bridge.js +391 -0
package/bin/runners/lib/auth-shared.js +977 -0
package/bin/runners/lib/auth-truth.js +193 -0
package/bin/runners/lib/auth.js +215 -0
package/bin/runners/lib/authority-badge.js +425 -0
package/bin/runners/lib/backup.js +62 -0
package/bin/runners/lib/billing.js +107 -0
package/bin/runners/lib/checkpoint.js +941 -0
package/bin/runners/lib/claims.js +118 -0
package/bin/runners/lib/classify-output.js +204 -0
package/bin/runners/lib/cleanup/engine.js +571 -0
package/bin/runners/lib/cleanup/index.js +53 -0
package/bin/runners/lib/cleanup/output.js +375 -0
package/bin/runners/lib/cleanup/rules.js +1060 -0
package/bin/runners/lib/cli-output.js +400 -0
package/bin/runners/lib/cli-ui.js +540 -0
package/bin/runners/lib/compliance-bridge-new.js +0 -0
package/bin/runners/lib/compliance-bridge.js +165 -0
package/bin/runners/lib/contracts/auth-contract.js +202 -0
package/bin/runners/lib/contracts/env-contract.js +181 -0
package/bin/runners/lib/contracts/external-contract.js +206 -0
package/bin/runners/lib/contracts/guard.js +168 -0
package/bin/runners/lib/contracts/index.js +89 -0
package/bin/runners/lib/contracts/plan-validator.js +311 -0
package/bin/runners/lib/contracts/route-contract.js +199 -0
package/bin/runners/lib/contracts.js +804 -0
package/bin/runners/lib/default-config.js +127 -0
package/bin/runners/lib/detect.js +89 -0
package/bin/runners/lib/detectors-v2.js +622 -0
package/bin/runners/lib/doctor/autofix.js +254 -0
package/bin/runners/lib/doctor/diagnosis-receipt.js +454 -0
package/bin/runners/lib/doctor/failure-signatures.js +526 -0
package/bin/runners/lib/doctor/fix-script.js +336 -0
package/bin/runners/lib/doctor/index.js +37 -0
package/bin/runners/lib/doctor/modules/build-tools.js +453 -0
package/bin/runners/lib/doctor/modules/dependencies.js +325 -0
package/bin/runners/lib/doctor/modules/index.js +105 -0
package/bin/runners/lib/doctor/modules/network.js +250 -0
package/bin/runners/lib/doctor/modules/os-quirks.js +706 -0
package/bin/runners/lib/doctor/modules/project.js +312 -0
package/bin/runners/lib/doctor/modules/repo-integrity.js +485 -0
package/bin/runners/lib/doctor/modules/runtime.js +224 -0
package/bin/runners/lib/doctor/modules/security.js +350 -0
package/bin/runners/lib/doctor/modules/system.js +213 -0
package/bin/runners/lib/doctor/modules/vibecheck.js +394 -0
package/bin/runners/lib/doctor/reporter.js +262 -0
package/bin/runners/lib/doctor/safe-repair.js +384 -0
package/bin/runners/lib/doctor/service.js +262 -0
package/bin/runners/lib/doctor/types.js +113 -0
package/bin/runners/lib/doctor/ui.js +263 -0
package/bin/runners/lib/doctor-enhanced.js +233 -0
package/bin/runners/lib/doctor-output.js +226 -0
package/bin/runners/lib/doctor-v2.js +608 -0
package/bin/runners/lib/drift.js +425 -0
package/bin/runners/lib/enforcement.js +72 -0
package/bin/runners/lib/engine/ast-cache.js +210 -0
package/bin/runners/lib/engine/auth-extractor.js +211 -0
package/bin/runners/lib/engine/billing-extractor.js +112 -0
package/bin/runners/lib/engine/enforcement-extractor.js +100 -0
package/bin/runners/lib/engine/env-extractor.js +207 -0
package/bin/runners/lib/engine/express-extractor.js +208 -0
package/bin/runners/lib/engine/extractors.js +849 -0
package/bin/runners/lib/engine/index.js +207 -0
package/bin/runners/lib/engine/repo-index.js +514 -0
package/bin/runners/lib/engine/types.js +124 -0
package/bin/runners/lib/engines/accessibility-engine.js +190 -0
package/bin/runners/lib/engines/api-consistency-engine.js +162 -0
package/bin/runners/lib/engines/ast-cache.js +99 -0
package/bin/runners/lib/engines/attack-detector.js +1192 -0
package/bin/runners/lib/engines/code-quality-engine.js +255 -0
package/bin/runners/lib/engines/console-logs-engine.js +115 -0
package/bin/runners/lib/engines/cross-file-analysis-engine.js +268 -0
package/bin/runners/lib/engines/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/deprecated-api-engine.js +226 -0
package/bin/runners/lib/engines/empty-catch-engine.js +150 -0
package/bin/runners/lib/engines/file-filter.js +131 -0
package/bin/runners/lib/engines/hardcoded-secrets-engine.js +251 -0
package/bin/runners/lib/engines/mock-data-engine.js +272 -0
package/bin/runners/lib/engines/parallel-processor.js +71 -0
package/bin/runners/lib/engines/performance-issues-engine.js +265 -0
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +243 -0
package/bin/runners/lib/engines/todo-fixme-engine.js +115 -0
package/bin/runners/lib/engines/type-aware-engine.js +152 -0
package/bin/runners/lib/engines/unsafe-regex-engine.js +225 -0
package/bin/runners/lib/engines/vibecheck-engines/README.md +53 -0
package/bin/runners/lib/engines/vibecheck-engines/index.js +15 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +291 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +83 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +275 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +167 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +139 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +140 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +234 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +78 -0
package/bin/runners/lib/engines/vibecheck-engines/package.json +13 -0
package/bin/runners/lib/enterprise-detect.js +603 -0
package/bin/runners/lib/enterprise-init.js +942 -0
package/bin/runners/lib/entitlements-v2.js +265 -0
package/bin/runners/lib/entitlements.generated.js +0 -0
package/bin/runners/lib/entitlements.js +340 -0
package/bin/runners/lib/env-resolver.js +417 -0
package/bin/runners/lib/env-template.js +66 -0
package/bin/runners/lib/env.js +189 -0
package/bin/runners/lib/error-handler.js +368 -0
package/bin/runners/lib/error-messages.js +289 -0
package/bin/runners/lib/evidence-pack.js +684 -0
package/bin/runners/lib/exit-codes.js +275 -0
package/bin/runners/lib/extractors/client-calls.js +990 -0
package/bin/runners/lib/extractors/fastify-route-dump.js +573 -0
package/bin/runners/lib/extractors/fastify-routes.js +426 -0
package/bin/runners/lib/extractors/index.js +363 -0
package/bin/runners/lib/extractors/next-routes.js +524 -0
package/bin/runners/lib/extractors/proof-graph.js +431 -0
package/bin/runners/lib/extractors/route-matcher.js +451 -0
package/bin/runners/lib/extractors/truthpack-v2.js +377 -0
package/bin/runners/lib/extractors/ui-bindings.js +547 -0
package/bin/runners/lib/finding-id.js +69 -0
package/bin/runners/lib/finding-sorter.js +89 -0
package/bin/runners/lib/findings-schema.js +281 -0
package/bin/runners/lib/fingerprint.js +377 -0
package/bin/runners/lib/firewall-prompt.js +50 -0
package/bin/runners/lib/fix-output.js +228 -0
package/bin/runners/lib/global-flags.js +250 -0
package/bin/runners/lib/graph/graph-builder.js +265 -0
package/bin/runners/lib/graph/html-renderer.js +413 -0
package/bin/runners/lib/graph/index.js +32 -0
package/bin/runners/lib/graph/runtime-collector.js +215 -0
package/bin/runners/lib/graph/static-extractor.js +518 -0
package/bin/runners/lib/help-formatter.js +413 -0
package/bin/runners/lib/html-proof-report.js +913 -0
package/bin/runners/lib/html-report.js +650 -0
package/bin/runners/lib/init-wizard.js +601 -0
package/bin/runners/lib/interactive-menu.js +1496 -0
package/bin/runners/lib/json-output.js +76 -0
package/bin/runners/lib/llm.js +75 -0
package/bin/runners/lib/logger.js +38 -0
package/bin/runners/lib/meter.js +61 -0
package/bin/runners/lib/missions/briefing.js +427 -0
package/bin/runners/lib/missions/checkpoint.js +753 -0
package/bin/runners/lib/missions/evidence.js +126 -0
package/bin/runners/lib/missions/hardening.js +851 -0
package/bin/runners/lib/missions/plan.js +648 -0
package/bin/runners/lib/missions/safety-gates.js +645 -0
package/bin/runners/lib/missions/schema.js +478 -0
package/bin/runners/lib/missions/templates.js +317 -0
package/bin/runners/lib/next-action.js +560 -0
package/bin/runners/lib/packs/bundle.js +675 -0
package/bin/runners/lib/packs/evidence-pack.js +671 -0
package/bin/runners/lib/packs/pack-factory.js +837 -0
package/bin/runners/lib/packs/permissions-pack.js +686 -0
package/bin/runners/lib/packs/proof-graph-pack.js +779 -0
package/bin/runners/lib/patch.js +40 -0
package/bin/runners/lib/permissions/auth-model.js +213 -0
package/bin/runners/lib/permissions/idor-prover.js +205 -0
package/bin/runners/lib/permissions/index.js +45 -0
package/bin/runners/lib/permissions/matrix-builder.js +198 -0
package/bin/runners/lib/pkgjson.js +28 -0
package/bin/runners/lib/policy.js +295 -0
package/bin/runners/lib/polish/accessibility.js +62 -0
package/bin/runners/lib/polish/analyzer.js +93 -0
package/bin/runners/lib/polish/backend.js +87 -0
package/bin/runners/lib/polish/configuration.js +83 -0
package/bin/runners/lib/polish/documentation.js +83 -0
package/bin/runners/lib/polish/frontend.js +817 -0
package/bin/runners/lib/polish/index.js +27 -0
package/bin/runners/lib/polish/infrastructure.js +80 -0
package/bin/runners/lib/polish/internationalization.js +85 -0
package/bin/runners/lib/polish/libraries.js +180 -0
package/bin/runners/lib/polish/observability.js +75 -0
package/bin/runners/lib/polish/performance.js +64 -0
package/bin/runners/lib/polish/privacy.js +110 -0
package/bin/runners/lib/polish/resilience.js +92 -0
package/bin/runners/lib/polish/security.js +78 -0
package/bin/runners/lib/polish/seo.js +71 -0
package/bin/runners/lib/polish/styles.js +62 -0
package/bin/runners/lib/polish/utils.js +104 -0
package/bin/runners/lib/preflight.js +142 -0
package/bin/runners/lib/prerequisites.js +149 -0
package/bin/runners/lib/prove-output.js +220 -0
package/bin/runners/lib/reality/correlation-detectors.js +359 -0
package/bin/runners/lib/reality/index.js +318 -0
package/bin/runners/lib/reality/request-hashing.js +416 -0
package/bin/runners/lib/reality/request-mapper.js +453 -0
package/bin/runners/lib/reality/safety-rails.js +463 -0
package/bin/runners/lib/reality/semantic-snapshot.js +408 -0
package/bin/runners/lib/reality/toast-detector.js +393 -0
package/bin/runners/lib/reality-findings.js +84 -0
package/bin/runners/lib/reality-output.js +231 -0
package/bin/runners/lib/receipts.js +179 -0
package/bin/runners/lib/redact.js +29 -0
package/bin/runners/lib/replay/capsule-manager.js +154 -0
package/bin/runners/lib/replay/index.js +263 -0
package/bin/runners/lib/replay/player.js +348 -0
package/bin/runners/lib/replay/recorder.js +331 -0
package/bin/runners/lib/report-engine.js +626 -0
package/bin/runners/lib/report-html.js +1233 -0
package/bin/runners/lib/report-output.js +366 -0
package/bin/runners/lib/report-templates.js +967 -0
package/bin/runners/lib/report.js +135 -0
package/bin/runners/lib/route-detection.js +1209 -0
package/bin/runners/lib/route-truth.js +1322 -0
package/bin/runners/lib/safelist/index.js +96 -0
package/bin/runners/lib/safelist/integration.js +334 -0
package/bin/runners/lib/safelist/matcher.js +696 -0
package/bin/runners/lib/safelist/schema.js +948 -0
package/bin/runners/lib/safelist/store.js +438 -0
package/bin/runners/lib/sandbox/index.js +59 -0
package/bin/runners/lib/sandbox/proof-chain.js +399 -0
package/bin/runners/lib/sandbox/sandbox-runner.js +205 -0
package/bin/runners/lib/sandbox/worktree.js +174 -0
package/bin/runners/lib/scan-cache.js +330 -0
package/bin/runners/lib/scan-output-schema.js +344 -0
package/bin/runners/lib/scan-output.js +631 -0
package/bin/runners/lib/scan-runner.js +135 -0
package/bin/runners/lib/schema-validator.js +350 -0
package/bin/runners/lib/schemas/ajv-validator.js +464 -0
package/bin/runners/lib/schemas/contracts.schema.json +160 -0
package/bin/runners/lib/schemas/error-envelope.schema.json +105 -0
package/bin/runners/lib/schemas/finding-v3.schema.json +151 -0
package/bin/runners/lib/schemas/finding.schema.json +100 -0
package/bin/runners/lib/schemas/mission-pack.schema.json +206 -0
package/bin/runners/lib/schemas/proof-graph.schema.json +176 -0
package/bin/runners/lib/schemas/reality-report.schema.json +162 -0
package/bin/runners/lib/schemas/report-artifact.schema.json +120 -0
package/bin/runners/lib/schemas/run-request.schema.json +108 -0
package/bin/runners/lib/schemas/share-pack.schema.json +180 -0
package/bin/runners/lib/schemas/ship-manifest.schema.json +251 -0
package/bin/runners/lib/schemas/ship-report.schema.json +117 -0
package/bin/runners/lib/schemas/truthpack-v2.schema.json +303 -0
package/bin/runners/lib/schemas/validator.js +465 -0
package/bin/runners/lib/schemas/verdict.schema.json +140 -0
package/bin/runners/lib/score-history.js +282 -0
package/bin/runners/lib/security-bridge.js +249 -0
package/bin/runners/lib/server-usage.js +513 -0
package/bin/runners/lib/share-pack.js +239 -0
package/bin/runners/lib/ship-gate.js +832 -0
package/bin/runners/lib/ship-manifest.js +1153 -0
package/bin/runners/lib/ship-output-enterprise.js +239 -0
package/bin/runners/lib/ship-output.js +1128 -0
package/bin/runners/lib/snippets.js +67 -0
package/bin/runners/lib/status-output.js +340 -0
package/bin/runners/lib/terminal-ui.js +356 -0
package/bin/runners/lib/truth.js +1691 -0
package/bin/runners/lib/ui.js +562 -0
package/bin/runners/lib/unified-cli-output.js +947 -0
package/bin/runners/lib/unified-output.js +197 -0
package/bin/runners/lib/upsell.js +410 -0
package/bin/runners/lib/usage.js +153 -0
package/bin/runners/lib/validate-patch.js +156 -0
package/bin/runners/lib/verdict-engine.js +628 -0
package/bin/runners/lib/verification.js +345 -0
package/bin/runners/lib/why-tree.js +650 -0
package/bin/runners/reality/engine.js +917 -0
package/bin/runners/reality/flows.js +122 -0
package/bin/runners/reality/report.js +378 -0
package/bin/runners/reality/session.js +193 -0
package/bin/runners/runAIAgent.js +229 -0
package/bin/runners/runAgent.d.ts +5 -0
package/bin/runners/runAgent.js +161 -0
package/bin/runners/runAllowlist.js +418 -0
package/bin/runners/runApprove.js +320 -0
package/bin/runners/runAudit.js +692 -0
package/bin/runners/runAuth.js +731 -0
package/bin/runners/runCI.js +353 -0
package/bin/runners/runCheckpoint.js +530 -0
package/bin/runners/runClassify.js +928 -0
package/bin/runners/runCleanup.js +343 -0
package/bin/runners/runContext.d.ts +4 -0
package/bin/runners/runContext.js +175 -0
package/bin/runners/runDoctor.js +877 -0
package/bin/runners/runEvidencePack.js +362 -0
package/bin/runners/runFirewall.d.ts +5 -0
package/bin/runners/runFirewall.js +134 -0
package/bin/runners/runFirewallHook.d.ts +5 -0
package/bin/runners/runFirewallHook.js +56 -0
package/bin/runners/runFix.js +1355 -0
package/bin/runners/runForge.js +451 -0
package/bin/runners/runGuard.js +262 -0
package/bin/runners/runInit.js +1927 -0
package/bin/runners/runIntent.js +906 -0
package/bin/runners/runKickoff.js +878 -0
package/bin/runners/runLabs.js +424 -0
package/bin/runners/runLaunch.js +2000 -0
package/bin/runners/runLink.js +785 -0
package/bin/runners/runMcp.js +1875 -0
package/bin/runners/runPacks.js +2089 -0
package/bin/runners/runPolish.d.ts +4 -0
package/bin/runners/runPolish.js +390 -0
package/bin/runners/runPromptFirewall.js +211 -0
package/bin/runners/runProve.js +1411 -0
package/bin/runners/runQuickstart.js +531 -0
package/bin/runners/runReality.js +2260 -0
package/bin/runners/runReport.js +726 -0
package/bin/runners/runRuntime.js +110 -0
package/bin/runners/runSafelist.js +1190 -0
package/bin/runners/runScan.js +688 -0
package/bin/runners/runShield.js +1282 -0
package/bin/runners/runShip.js +1660 -0
package/bin/runners/runTruth.d.ts +5 -0
package/bin/runners/runTruth.js +101 -0
package/bin/runners/runValidate.js +179 -0
package/bin/runners/runWatch.js +478 -0
package/bin/runners/utils.js +360 -0
package/bin/scan.js +617 -0
package/bin/vibecheck.js +1617 -0
package/dist/guardrail/index.d.ts +2405 -0
package/dist/guardrail/index.js +9747 -0
package/dist/guardrail/index.js.map +1 -0
package/dist/scanner/index.d.ts +282 -0
package/dist/scanner/index.js +3395 -0
package/dist/scanner/index.js.map +1 -0
package/package.json +123 -104
package/README.md +0 -491
package/dist/index.js +0 -99711
package/dist/index.js.map +0 -1

package/bin/runners/runIntent.js ADDED Viewed

@@ -0,0 +1,906 @@
+/**
+ * vibecheck intent - Intent Declaration CLI
+ *
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * AGENT FIREWALL™ - INTENT DECLARATION COMMAND
+ * ═══════════════════════════════════════════════════════════════════════════════
+ *
+ * Manage intent declarations for the Agent Firewall.
+ * Intent MUST be declared before AI code generation.
+ * If intent is missing → Agent Firewall defaults to BLOCK.
+ *
+ * Subcommands:
+ *   set     - Declare a new intent
+ *   show    - Show current intent
+ *   clear   - Clear current intent
+ *   history - View intent history
+ *   verify  - Verify intent integrity
+ *
+ * @module runIntent
+ * @version 2.0.0
+ */
+"use strict";
+const path = require("path");
+const fs = require("fs");
+// Lazy imports
+let _globalFlags = null;
+let _exitCodes = null;
+let _cliOutput = null;
+let _intentModule = null;
+function getGlobalFlags() {
+  if (!_globalFlags) {
+    _globalFlags = require("./lib/global-flags");
+  }
+  return _globalFlags;
+}
+function getExitCodes() {
+  if (!_exitCodes) {
+    _exitCodes = require("./lib/exit-codes");
+  }
+  return _exitCodes;
+}
+function getCliOutput() {
+  if (!_cliOutput) {
+    _cliOutput = require("./lib/unified-cli-output");
+  }
+  return _cliOutput;
+}
+function getIntentModule() {
+  if (!_intentModule) {
+    _intentModule = require("./lib/agent-firewall/intent");
+  }
+  return _intentModule;
+}
+// ═══════════════════════════════════════════════════════════════════════════════
+// CONSTANTS
+// ═══════════════════════════════════════════════════════════════════════════════
+const INTENT_VERSION = "2.0.0";
+const SUBCOMMANDS = {
+  set: { description: "Declare a new intent", pro: false },
+  show: { description: "Show current intent", pro: false },
+  clear: { description: "Clear current intent (archives to history)", pro: false },
+  history: { description: "View intent history", pro: false },
+  verify: { description: "Verify intent integrity", pro: false },
+  template: { description: "Show intent templates", pro: false },
+};
+// ═══════════════════════════════════════════════════════════════════════════════
+// HELP
+// ═══════════════════════════════════════════════════════════════════════════════
+function printHelp() {
+  const { ansi } = getCliOutput();
+  console.log(`
+${ansi.bold}${ansi.cyan}╔═══════════════════════════════════════════════════════════════════════════════╗
+║                                                                               ║
+║   ${ansi.reset}${ansi.bold}INTENT DECLARATION${ansi.cyan}                                                        ║
+║   ${ansi.reset}${ansi.dim}Agent Firewall™ Intent System${ansi.cyan}                                             ║
+║                                                                               ║
+╚═══════════════════════════════════════════════════════════════════════════════╝${ansi.reset}
+  ${ansi.bold}USAGE${ansi.reset}
+    ${ansi.cyan}vibecheck i${ansi.reset} "summary"              ${ansi.dim}Quick intent (auto-infers everything)${ansi.reset}
+    ${ansi.cyan}vibecheck intent${ansi.reset} <subcommand> [options]
+  ${ansi.dim}Declare your intent BEFORE AI code generation.
+  In observe mode, changes are logged for later approval.${ansi.reset}
+  ${ansi.bold}SUBCOMMANDS${ansi.reset}
+    ${ansi.cyan}set${ansi.reset}         Declare a new intent
+    ${ansi.cyan}show${ansi.reset}        Show current intent
+    ${ansi.cyan}clear${ansi.reset}       Clear current intent
+    ${ansi.cyan}history${ansi.reset}     View intent history
+    ${ansi.cyan}verify${ansi.reset}      Verify intent integrity
+    ${ansi.cyan}template${ansi.reset}    Show intent templates
+  ${ansi.bold}SET OPTIONS${ansi.reset}
+    ${ansi.cyan}--summary, -s <text>${ansi.reset}      Intent summary (required)
+    ${ansi.cyan}--constraint, -c <text>${ansi.reset}   Add constraint (repeatable)
+    ${ansi.cyan}--allow-file <path>${ansi.reset}       Allow file modification (repeatable)
+    ${ansi.cyan}--allow-route <route>${ansi.reset}     Allow route addition (repeatable)
+    ${ansi.cyan}--allow-env <var>${ansi.reset}         Allow env var (repeatable)
+    ${ansi.cyan}--scope-dir <dir>${ansi.reset}         Restrict to directory (repeatable)
+    ${ansi.cyan}--scope-domain <domain>${ansi.reset}   Restrict to domain (repeatable)
+    ${ansi.cyan}--expires <duration>${ansi.reset}      Set expiration (e.g., "1h", "30m")
+    ${ansi.cyan}--from-file <path>${ansi.reset}        Load intent from JSON file
+  ${ansi.bold}EXAMPLES${ansi.reset}
+    ${ansi.dim}# Simple intent${ansi.reset}
+    vibecheck intent set -s "Fix login button styling"
+    ${ansi.dim}# Intent with constraints${ansi.reset}
+    vibecheck intent set -s "Add user profile endpoint" \\
+      -c "No auth changes" \\
+      -c "Tests required" \\
+      --allow-file "src/routes/users.ts" \\
+      --allow-route "GET /api/users/:id"
+    ${ansi.dim}# Scoped intent${ansi.reset}
+    vibecheck intent set -s "Refactor auth module" \\
+      --scope-dir "src/auth/" \\
+      --scope-domain "auth"
+    ${ansi.dim}# From file${ansi.reset}
+    vibecheck intent set --from-file intent.json
+    ${ansi.dim}# Show current${ansi.reset}
+    vibecheck intent show
+    ${ansi.dim}# Clear${ansi.reset}
+    vibecheck intent clear
+  ${ansi.bold}DOMAINS${ansi.reset}
+    auth, payments, routes, contracts, ui, database, config, general
+  ${ansi.dim}────────────────────────────────────────────────────────────────────${ansi.reset}
+  ${ansi.dim}Documentation: https://docs.vibecheckai.dev/cli/intent${ansi.reset}
+  ${ansi.dim}Version: ${INTENT_VERSION}${ansi.reset}
+`);
+}
+// ═══════════════════════════════════════════════════════════════════════════════
+// MAIN ENTRY
+// ═══════════════════════════════════════════════════════════════════════════════
+/**
+ * Main intent command handler
+ * @param {string[]} args - Command arguments
+ * @param {Object} context - Execution context
+ * @returns {Promise<number>} Exit code
+ */
+async function runIntent(args = [], context = {}) {
+  const { parseGlobalFlags, shouldSuppressOutput, isJsonMode } = getGlobalFlags();
+  const { EXIT } = getExitCodes();
+  const { flags: globalFlags, cleanArgs } = parseGlobalFlags(args);
+  const quiet = shouldSuppressOutput(globalFlags);
+  const json = isJsonMode(globalFlags) || args.includes("--json");
+  const projectRoot = context.repoRoot || globalFlags.path || process.cwd();
+  // Handle help
+  if (globalFlags.help || args.includes("--help") || args.includes("-h")) {
+    printHelp();
+    return EXIT.SUCCESS;
+  }
+  // Check for QUICK INTENT MODE: vibecheck i "summary text"
+  // If first arg is a quoted string (not a subcommand), treat as quick intent
+  const firstArg = cleanArgs[0];
+  const isQuickMode = firstArg &&
+    !SUBCOMMANDS[firstArg] &&
+    !firstArg.startsWith("-") &&
+    firstArg.length > 2;
+  if (isQuickMode) {
+    // Quick intent: vibecheck i "fix login bug"
+    const ctx = {
+      projectRoot,
+      json,
+      quiet,
+      args: cleanArgs,
+      originalArgs: args,
+      quickMode: true,
+    };
+    return await handleQuickSet(ctx);
+  }
+  // Parse subcommand
+  const subcommand = firstArg || "show";
+  const subArgs = cleanArgs.slice(1);
+  // Create context
+  const ctx = {
+    projectRoot,
+    json,
+    quiet,
+    args: subArgs,
+    originalArgs: args,
+  };
+  try {
+    switch (subcommand) {
+      case "set":
+        return await handleSet(ctx);
+      case "show":
+        return await handleShow(ctx);
+      case "clear":
+        return await handleClear(ctx);
+      case "history":
+        return await handleHistory(ctx);
+      case "verify":
+        return await handleVerify(ctx);
+      case "template":
+        return await handleTemplate(ctx);
+      default:
+        return handleUnknown(subcommand, ctx);
+    }
+  } catch (error) {
+    return handleError(error, ctx);
+  }
+}
+// ═══════════════════════════════════════════════════════════════════════════════
+// HANDLERS
+// ═══════════════════════════════════════════════════════════════════════════════
+/**
+ * Handle QUICK set - vibecheck i "summary text"
+ * Auto-infers constraints, scope, and allowed files from context
+ */
+async function handleQuickSet(ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi, renderSuccess, renderError } = getCliOutput();
+  const { createIntent, IntentStore } = getIntentModule();
+  // Import auto-detect module
+  let autoDetect;
+  try {
+    autoDetect = require("./lib/agent-firewall/intent/auto-detect");
+  } catch (e) {
+    if (ctx.json) {
+      console.log(JSON.stringify({ success: false, error: "Auto-detect module not available" }));
+    } else {
+      renderError("Auto-detect module not available");
+    }
+    return EXIT.INTERNAL_ERROR;
+  }
+  // Get the summary from args - join all non-flag args
+  const summaryParts = ctx.args.filter(a => !a.startsWith("-"));
+  const userSummary = summaryParts.join(" ").trim();
+  if (!userSummary) {
+    if (ctx.json) {
+      console.log(JSON.stringify({ success: false, error: "Summary required" }));
+    } else {
+      renderError("Summary required");
+      console.log(`\n  ${ansi.dim}Example: ${ansi.cyan}vibecheck i "fix login bug"${ansi.reset}\n`);
+    }
+    return EXIT.USER_ERROR;
+  }
+  // Auto-detect context
+  const detected = autoDetect.autoDetectIntent(ctx.projectRoot, userSummary);
+  // Create and store intent
+  const intent = createIntent(detected);
+  const store = new IntentStore(ctx.projectRoot);
+  const result = store.store(intent);
+  if (ctx.json) {
+    console.log(JSON.stringify({
+      success: result.success,
+      quick_mode: true,
+      intent: {
+        hash: intent.hash,
+        summary: intent.summary,
+        constraints: intent.constraints,
+        allowed_changes: intent.allowed_changes?.length || 0,
+        scope: intent.scope,
+        created_at: intent.created_at,
+      },
+      auto_detected: detected._context,
+      error: result.error,
+    }, null, 2));
+  } else if (!ctx.quiet) {
+    if (result.success) {
+      console.log(`
+${ansi.green}${ansi.bold}╔═══════════════════════════════════════════════════════════════════╗
+║                                                                   ║
+║   ✓ QUICK INTENT SET                                              ║
+║                                                                   ║
+╚═══════════════════════════════════════════════════════════════════╝${ansi.reset}
+  ${ansi.bold}Summary${ansi.reset}
+    ${intent.summary}`);
+      if (intent.constraints.length > 0) {
+        console.log(`\n  ${ansi.bold}Auto-Inferred Constraints${ansi.reset}`);
+        for (const c of intent.constraints) {
+          console.log(`    ${ansi.yellow}•${ansi.reset} ${c}`);
+        }
+      }
+      if (intent.allowed_changes && intent.allowed_changes.length > 0) {
+        console.log(`\n  ${ansi.bold}Auto-Allowed Files${ansi.reset} ${ansi.dim}(from git status)${ansi.reset}`);
+        for (const ac of intent.allowed_changes.slice(0, 5)) {
+          console.log(`    ${ansi.green}✓${ansi.reset} ${ac.target}`);
+        }
+        if (intent.allowed_changes.length > 5) {
+          console.log(`    ${ansi.dim}... and ${intent.allowed_changes.length - 5} more${ansi.reset}`);
+        }
+      }
+      if (intent.scope) {
+        console.log(`\n  ${ansi.bold}Auto-Detected Scope${ansi.reset}`);
+        if (intent.scope.directories) {
+          console.log(`    ${ansi.dim}Directories:${ansi.reset} ${intent.scope.directories.join(", ")}`);
+        }
+        if (intent.scope.domains) {
+          console.log(`    ${ansi.dim}Domains:${ansi.reset} ${intent.scope.domains.join(", ")}`);
+        }
+      }
+      // Show context used
+      const ctx_info = detected._context;
+      if (ctx_info) {
+        console.log(`\n  ${ansi.dim}Context: ${ctx_info.branch ? `branch=${ctx_info.branch}` : ""}${ctx_info.stagedFiles ? ` staged=${ctx_info.stagedFiles}` : ""}${ctx_info.modifiedFiles ? ` modified=${ctx_info.modifiedFiles}` : ""} type=${ctx_info.inferredType}${ansi.reset}`);
+      }
+      console.log(`
+  ${ansi.dim}Hash: ${intent.hash.slice(0, 16)}...${ansi.reset}
+  ${ansi.bold}You're ready to vibe.${ansi.reset} ${ansi.dim}AI changes will be checked against this intent.${ansi.reset}
+`);
+    } else {
+      renderError(result.error || "Failed to store intent");
+    }
+  }
+  return result.success ? EXIT.SUCCESS : EXIT.INTERNAL_ERROR;
+}
+/**
+ * Handle set subcommand
+ */
+async function handleSet(ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi, renderSuccess, renderError } = getCliOutput();
+  const { createIntent, IntentStore, CONSTRAINT_TEMPLATES } = getIntentModule();
+  const args = ctx.originalArgs;
+  // Check for --from-file
+  const fromFile = getArgValue(args, "--from-file");
+  let intentData;
+  if (fromFile) {
+    // Load from file
+    const filePath = path.resolve(ctx.projectRoot, fromFile);
+    if (!fs.existsSync(filePath)) {
+      if (ctx.json) {
+        console.log(JSON.stringify({ success: false, error: `File not found: ${fromFile}` }));
+      } else {
+        renderError(`File not found: ${fromFile}`);
+      }
+      return EXIT.USER_ERROR;
+    }
+    try {
+      intentData = JSON.parse(fs.readFileSync(filePath, "utf-8"));
+    } catch (e) {
+      if (ctx.json) {
+        console.log(JSON.stringify({ success: false, error: `Invalid JSON: ${e.message}` }));
+      } else {
+        renderError(`Invalid JSON in ${fromFile}: ${e.message}`);
+      }
+      return EXIT.USER_ERROR;
+    }
+  } else {
+    // Build from CLI args
+    const summary = getArgValue(args, "--summary") || getArgValue(args, "-s");
+    if (!summary) {
+      if (ctx.json) {
+        console.log(JSON.stringify({ success: false, error: "Summary required. Use --summary or -s" }));
+      } else {
+        renderError("Summary required. Use --summary or -s");
+        console.log(`\n  ${ansi.dim}Example: vibecheck intent set -s "Add user profile endpoint"${ansi.reset}\n`);
+      }
+      return EXIT.USER_ERROR;
+    }
+    const constraints = getAllArgValues(args, "--constraint", "-c");
+    const allowFiles = getAllArgValues(args, "--allow-file");
+    const allowRoutes = getAllArgValues(args, "--allow-route");
+    const allowEnvs = getAllArgValues(args, "--allow-env");
+    const scopeDirs = getAllArgValues(args, "--scope-dir");
+    const scopeDomains = getAllArgValues(args, "--scope-domain");
+    const expires = getArgValue(args, "--expires");
+    // Build allowed_changes
+    const allowed_changes = [];
+    for (const file of allowFiles) {
+      allowed_changes.push({ type: "file_modify", target: file });
+    }
+    for (const route of allowRoutes) {
+      allowed_changes.push({ type: "route_add", target: route });
+    }
+    for (const env of allowEnvs) {
+      allowed_changes.push({ type: "env_add", target: env });
+    }
+    // Build scope
+    let scope = null;
+    if (scopeDirs.length > 0 || scopeDomains.length > 0) {
+      scope = {};
+      if (scopeDirs.length > 0) scope.directories = scopeDirs;
+      if (scopeDomains.length > 0) scope.domains = scopeDomains;
+    }
+    intentData = {
+      summary,
+      constraints,
+      allowed_changes: allowed_changes.length > 0 ? allowed_changes : undefined,
+      scope,
+    };
+    // Handle expiration
+    if (expires) {
+      const ms = parseDuration(expires);
+      if (ms) {
+        intentData.expires_at = new Date(Date.now() + ms).toISOString();
+      }
+    }
+  }
+  // Create and store intent
+  const intent = createIntent(intentData);
+  const store = new IntentStore(ctx.projectRoot);
+  const result = store.store(intent);
+  if (ctx.json) {
+    console.log(JSON.stringify({
+      success: result.success,
+      intent: {
+        hash: intent.hash,
+        summary: intent.summary,
+        constraints: intent.constraints,
+        created_at: intent.created_at,
+      },
+      error: result.error,
+    }, null, 2));
+  } else if (!ctx.quiet) {
+    if (result.success) {
+      console.log(`
+${ansi.green}${ansi.bold}╔═══════════════════════════════════════════════════════════════════╗
+║                                                                   ║
+║   ✓ INTENT DECLARED                                               ║
+║                                                                   ║
+╚═══════════════════════════════════════════════════════════════════╝${ansi.reset}
+  ${ansi.bold}Summary${ansi.reset}
+    ${intent.summary}
+  ${ansi.bold}Constraints${ansi.reset}`);
+      if (intent.constraints.length > 0) {
+        for (const c of intent.constraints) {
+          console.log(`    ${ansi.yellow}•${ansi.reset} ${c}`);
+        }
+      } else {
+        console.log(`    ${ansi.dim}(none)${ansi.reset}`);
+      }
+      if (intent.allowed_changes && intent.allowed_changes.length > 0) {
+        console.log(`\n  ${ansi.bold}Allowed Changes${ansi.reset}`);
+        for (const ac of intent.allowed_changes) {
+          console.log(`    ${ansi.green}✓${ansi.reset} [${ac.type}] ${ac.target || ac.pattern}`);
+        }
+      }
+      if (intent.scope) {
+        console.log(`\n  ${ansi.bold}Scope${ansi.reset}`);
+        if (intent.scope.directories) {
+          console.log(`    ${ansi.dim}Directories:${ansi.reset} ${intent.scope.directories.join(", ")}`);
+        }
+        if (intent.scope.domains) {
+          console.log(`    ${ansi.dim}Domains:${ansi.reset} ${intent.scope.domains.join(", ")}`);
+        }
+      }
+      console.log(`
+  ${ansi.dim}Hash: ${intent.hash.slice(0, 16)}...${ansi.reset}
+  ${ansi.dim}Created: ${intent.created_at}${ansi.reset}
+  ${ansi.bold}The Agent Firewall will now enforce this intent.${ansi.reset}
+  ${ansi.dim}Changes outside this intent will be BLOCKED.${ansi.reset}
+`);
+    } else {
+      renderError(result.error || "Failed to store intent");
+    }
+  }
+  return result.success ? EXIT.SUCCESS : EXIT.INTERNAL_ERROR;
+}
+/**
+ * Handle show subcommand
+ */
+async function handleShow(ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi, renderWarning } = getCliOutput();
+  const { IntentStore, verifyIntentIntegrity, isIntentExpired } = getIntentModule();
+  const store = new IntentStore(ctx.projectRoot);
+  const intent = store.getCurrent({ allowMissing: true });
+  if (!intent) {
+    if (ctx.json) {
+      console.log(JSON.stringify({ intent: null, message: "No intent declared" }));
+    } else if (!ctx.quiet) {
+      renderWarning("No intent declared");
+      console.log(`
+  ${ansi.dim}The Agent Firewall will BLOCK all AI changes.${ansi.reset}
+  ${ansi.dim}Declare an intent: ${ansi.cyan}vibecheck intent set -s "Your intent"${ansi.reset}
+`);
+    }
+    return EXIT.SUCCESS;
+  }
+  // Check if it's the blocking intent
+  const isBlocking = intent.summary?.includes("NO INTENT DECLARED");
+  // Verify integrity
+  const integrity = verifyIntentIntegrity(intent);
+  const expired = isIntentExpired(intent);
+  if (ctx.json) {
+    console.log(JSON.stringify({
+      intent,
+      status: {
+        valid: integrity.valid && !expired && !isBlocking,
+        integrity: integrity.valid,
+        expired,
+        isBlocking,
+      },
+    }, null, 2));
+  } else if (!ctx.quiet) {
+    if (isBlocking) {
+      console.log(`
+${ansi.yellow}${ansi.bold}╔═══════════════════════════════════════════════════════════════════╗
+║                                                                   ║
+║   ⚠ NO INTENT DECLARED                                            ║
+║                                                                   ║
+╚═══════════════════════════════════════════════════════════════════╝${ansi.reset}
+  ${ansi.yellow}All AI changes are currently BLOCKED.${ansi.reset}
+  ${ansi.dim}Declare an intent to allow specific changes.${ansi.reset}
+  ${ansi.bold}Example:${ansi.reset}
+    ${ansi.cyan}vibecheck intent set -s "Fix login button" --allow-file "src/Login.tsx"${ansi.reset}
+`);
+    } else {
+      const statusColor = integrity.valid && !expired ? ansi.green : ansi.red;
+      const statusText = integrity.valid && !expired ? "ACTIVE" : expired ? "EXPIRED" : "INVALID";
+      console.log(`
+${ansi.cyan}${ansi.bold}╔═══════════════════════════════════════════════════════════════════╗
+║                                                                   ║
+║   CURRENT INTENT                                                  ║
+║                                                                   ║
+╚═══════════════════════════════════════════════════════════════════╝${ansi.reset}
+  ${ansi.bold}Status${ansi.reset}
+    ${statusColor}${statusText}${ansi.reset}${expired ? ` ${ansi.dim}(expired at ${intent.expires_at})${ansi.reset}` : ""}
+  ${ansi.bold}Summary${ansi.reset}
+    ${intent.summary}
+  ${ansi.bold}Constraints${ansi.reset}`);
+      if (intent.constraints && intent.constraints.length > 0) {
+        for (const c of intent.constraints) {
+          console.log(`    ${ansi.yellow}•${ansi.reset} ${c}`);
+        }
+      } else {
+        console.log(`    ${ansi.dim}(none)${ansi.reset}`);
+      }
+      if (intent.allowed_changes && intent.allowed_changes.length > 0) {
+        console.log(`\n  ${ansi.bold}Allowed Changes${ansi.reset}`);
+        for (const ac of intent.allowed_changes) {
+          console.log(`    ${ansi.green}✓${ansi.reset} [${ac.type}] ${ac.target || ac.pattern}`);
+        }
+      }
+      if (intent.scope) {
+        console.log(`\n  ${ansi.bold}Scope${ansi.reset}`);
+        if (intent.scope.directories) {
+          console.log(`    ${ansi.dim}Directories:${ansi.reset} ${intent.scope.directories.join(", ")}`);
+        }
+        if (intent.scope.domains) {
+          console.log(`    ${ansi.dim}Domains:${ansi.reset} ${intent.scope.domains.join(", ")}`);
+        }
+        if (intent.scope.excluded_paths) {
+          console.log(`    ${ansi.dim}Excluded:${ansi.reset} ${intent.scope.excluded_paths.join(", ")}`);
+        }
+      }
+      console.log(`
+  ${ansi.dim}Hash: ${intent.hash.slice(0, 16)}...${ansi.reset}
+  ${ansi.dim}Version: ${intent.version || 1}${ansi.reset}
+  ${ansi.dim}Created: ${intent.created_at}${ansi.reset}
+`);
+    }
+  }
+  return EXIT.SUCCESS;
+}
+/**
+ * Handle clear subcommand
+ */
+async function handleClear(ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi, renderSuccess, renderWarning } = getCliOutput();
+  const { IntentStore } = getIntentModule();
+  const store = new IntentStore(ctx.projectRoot);
+  if (!store.hasIntent()) {
+    if (ctx.json) {
+      console.log(JSON.stringify({ success: true, message: "No intent to clear" }));
+    } else if (!ctx.quiet) {
+      renderWarning("No intent to clear");
+    }
+    return EXIT.SUCCESS;
+  }
+  store.clear();
+  if (ctx.json) {
+    console.log(JSON.stringify({ success: true, message: "Intent cleared and archived" }));
+  } else if (!ctx.quiet) {
+    renderSuccess("Intent cleared");
+    console.log(`
+  ${ansi.dim}The previous intent has been archived to history.${ansi.reset}
+  ${ansi.yellow}The Agent Firewall will now BLOCK all AI changes.${ansi.reset}
+  ${ansi.dim}View history: ${ansi.cyan}vibecheck intent history${ansi.reset}
+`);
+  }
+  return EXIT.SUCCESS;
+}
+/**
+ * Handle history subcommand
+ */
+async function handleHistory(ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi } = getCliOutput();
+  const { IntentStore } = getIntentModule();
+  const store = new IntentStore(ctx.projectRoot);
+  const history = store.getHistory(10);
+  if (ctx.json) {
+    console.log(JSON.stringify({ history }, null, 2));
+  } else if (!ctx.quiet) {
+    console.log(`
+${ansi.bold}Intent History${ansi.reset} ${ansi.dim}(last 10)${ansi.reset}
+`);
+    if (history.length === 0) {
+      console.log(`  ${ansi.dim}No history found${ansi.reset}\n`);
+    } else {
+      for (const intent of history) {
+        const date = new Date(intent.archived_at || intent.created_at).toLocaleString();
+        console.log(`  ${ansi.dim}${date}${ansi.reset}`);
+        console.log(`    ${intent.summary}`);
+        console.log(`    ${ansi.dim}Hash: ${intent.hash.slice(0, 12)}... | v${intent.version || 1}${ansi.reset}`);
+        console.log();
+      }
+    }
+  }
+  return EXIT.SUCCESS;
+}
+/**
+ * Handle verify subcommand
+ */
+async function handleVerify(ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi, renderSuccess, renderError } = getCliOutput();
+  const { IntentStore, verifyIntentIntegrity, isIntentExpired } = getIntentModule();
+  const store = new IntentStore(ctx.projectRoot);
+  const intent = store.getCurrent({ allowMissing: true });
+  if (!intent) {
+    if (ctx.json) {
+      console.log(JSON.stringify({ valid: false, reason: "NO_INTENT" }));
+    } else {
+      renderError("No intent to verify");
+    }
+    return EXIT.WARNINGS;
+  }
+  const integrity = verifyIntentIntegrity(intent);
+  const expired = isIntentExpired(intent);
+  const isBlocking = intent.summary?.includes("NO INTENT DECLARED");
+  const result = {
+    valid: integrity.valid && !expired && !isBlocking,
+    integrity: integrity.valid,
+    integrityReason: integrity.reason,
+    expired,
+    isBlocking,
+    hash: intent.hash,
+    computed_hash: integrity.computed_hash,
+  };
+  if (ctx.json) {
+    console.log(JSON.stringify(result, null, 2));
+  } else if (!ctx.quiet) {
+    if (result.valid) {
+      renderSuccess("Intent verified");
+      console.log(`
+  ${ansi.green}✓${ansi.reset} Integrity: ${integrity.reason}
+  ${ansi.green}✓${ansi.reset} Not expired
+  ${ansi.dim}Hash: ${intent.hash.slice(0, 16)}...${ansi.reset}
+`);
+    } else {
+      renderError("Intent verification failed");
+      console.log(`
+  ${!integrity.valid ? `${ansi.red}✗${ansi.reset} Integrity: ${integrity.reason}` : `${ansi.green}✓${ansi.reset} Integrity: OK`}
+  ${expired ? `${ansi.red}✗${ansi.reset} Expired` : `${ansi.green}✓${ansi.reset} Not expired`}
+  ${isBlocking ? `${ansi.yellow}!${ansi.reset} Blocking intent (no user intent declared)` : ""}
+`);
+    }
+  }
+  return result.valid ? EXIT.SUCCESS : EXIT.WARNINGS;
+}
+/**
+ * Handle template subcommand
+ */
+async function handleTemplate(ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi } = getCliOutput();
+  const { CONSTRAINT_TEMPLATES } = getIntentModule();
+  const templates = {
+    STRICT_BUGFIX: {
+      description: "For minimal, focused bug fixes",
+      constraints: CONSTRAINT_TEMPLATES.STRICT_BUGFIX,
+      example: 'vibecheck intent set -s "Fix login button" -c "No new routes" -c "Changes limited to specified file(s)" --allow-file "src/Login.tsx"',
+    },
+    FEATURE_ADDITION: {
+      description: "For adding new features",
+      constraints: CONSTRAINT_TEMPLATES.FEATURE_ADDITION,
+      example: 'vibecheck intent set -s "Add user profile endpoint" -c "Tests required" --allow-route "GET /api/users/:id"',
+    },
+    REFACTOR: {
+      description: "For refactoring without behavior changes",
+      constraints: CONSTRAINT_TEMPLATES.REFACTOR,
+      example: 'vibecheck intent set -s "Refactor auth module" -c "No behavior changes" --scope-dir "src/auth/"',
+    },
+    SECURITY_PATCH: {
+      description: "For security-sensitive changes",
+      constraints: CONSTRAINT_TEMPLATES.SECURITY_PATCH,
+      example: 'vibecheck intent set -s "Fix XSS vulnerability" -c "No permission relaxation" -c "Review required"',
+    },
+  };
+  if (ctx.json) {
+    console.log(JSON.stringify(templates, null, 2));
+  } else if (!ctx.quiet) {
+    console.log(`
+${ansi.bold}Intent Templates${ansi.reset}
+`);
+    for (const [name, template] of Object.entries(templates)) {
+      console.log(`${ansi.cyan}${ansi.bold}${name}${ansi.reset}`);
+      console.log(`  ${ansi.dim}${template.description}${ansi.reset}`);
+      console.log(`  ${ansi.bold}Constraints:${ansi.reset}`);
+      for (const c of template.constraints) {
+        console.log(`    ${ansi.yellow}•${ansi.reset} ${c}`);
+      }
+      console.log(`  ${ansi.bold}Example:${ansi.reset}`);
+      console.log(`    ${ansi.dim}${template.example}${ansi.reset}`);
+      console.log();
+    }
+  }
+  return EXIT.SUCCESS;
+}
+/**
+ * Handle unknown subcommand
+ */
+function handleUnknown(subcommand, ctx) {
+  const { EXIT } = getExitCodes();
+  const { ansi } = getCliOutput();
+  if (ctx.json) {
+    console.log(JSON.stringify({
+      success: false,
+      error: `Unknown subcommand: ${subcommand}`,
+      available: Object.keys(SUBCOMMANDS),
+    }));
+  } else {
+    console.log(`
+${ansi.red}Error: Unknown subcommand '${subcommand}'${ansi.reset}
+${ansi.dim}Available subcommands:${ansi.reset}
+${Object.keys(SUBCOMMANDS).map(s => `  ${ansi.cyan}${s}${ansi.reset}`).join("\n")}
+Run ${ansi.cyan}vibecheck intent --help${ansi.reset} for usage.
+`);
+  }
+  return EXIT.USER_ERROR;
+}
+/**
+ * Handle error
+ */
+function handleError(error, ctx) {
+  const { EXIT } = getExitCodes();
+  const { renderError } = getCliOutput();
+  if (ctx.json) {
+    console.log(JSON.stringify({ success: false, error: error.message }));
+  } else {
+    renderError(`Intent error: ${error.message}`);
+  }
+  return EXIT.INTERNAL_ERROR;
+}
+// ═══════════════════════════════════════════════════════════════════════════════
+// UTILITIES
+// ═══════════════════════════════════════════════════════════════════════════════
+function getArgValue(args, ...flags) {
+  for (const flag of flags) {
+    const index = args.indexOf(flag);
+    if (index !== -1 && args[index + 1] && !args[index + 1].startsWith("-")) {
+      return args[index + 1];
+    }
+  }
+  return null;
+}
+function getAllArgValues(args, ...flags) {
+  const values = [];
+  for (let i = 0; i < args.length; i++) {
+    if (flags.includes(args[i]) && args[i + 1] && !args[i + 1].startsWith("-")) {
+      values.push(args[i + 1]);
+    }
+  }
+  return values;
+}
+function parseDuration(str) {
+  const match = str.match(/^(\d+)(s|m|h|d)$/);
+  if (!match) return null;
+  const value = parseInt(match[1], 10);
+  const unit = match[2];
+  const multipliers = {
+    s: 1000,
+    m: 60 * 1000,
+    h: 60 * 60 * 1000,
+    d: 24 * 60 * 60 * 1000,
+  };
+  return value * multipliers[unit];
+}
+// ═══════════════════════════════════════════════════════════════════════════════
+// EXPORTS
+// ═══════════════════════════════════════════════════════════════════════════════
+module.exports = {
+  runIntent,
+  SUBCOMMANDS,
+};