vibecheck-ai 2.0.1 → 5.0.0

package/bin/runners/runLaunch.js

@@ -0,0 +1,2000 @@
+/**
+ * vibecheck launch - Pre-Release Validation Wizard
+ * 
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * THE LAST 10 MINUTES BEFORE RELEASE
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * 
+ * One command to validate everything:
+ *   • Build & Compilation
+ *   • Environment Wiring
+ *   • Route Integrity
+ *   • Auth Configuration
+ *   • Integration Health
+ *   • Security Posture
+ * 
+ * @module bin/runners/runLaunch
+ * @version 2.0.0
+ */
+
+"use strict";
+
+const path = require("path");
+const fs = require("fs");
+const readline = require("readline");
+const crypto = require("crypto");
+const { execSync, spawn } = require("child_process");
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// LAZY IMPORTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+let _globalFlags = null;
+let _exitCodes = null;
+let _errorHandler = null;
+let _cliOutput = null;
+
+function getGlobalFlags() {
+  if (!_globalFlags) _globalFlags = require("./lib/global-flags");
+  return _globalFlags;
+}
+
+function getExitCodes() {
+  if (!_exitCodes) _exitCodes = require("./lib/exit-codes");
+  return _exitCodes;
+}
+
+function getErrorHandler() {
+  if (!_errorHandler) _errorHandler = require("./lib/error-handler");
+  return _errorHandler;
+}
+
+function getCliOutput() {
+  if (!_cliOutput) _cliOutput = require("./lib/unified-cli-output");
+  return _cliOutput;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// CONSTANTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+const LAUNCH_VERSION = "2.0.0";
+const DEFAULT_TIMEOUT = 600000; // 10 minutes
+const CHECK_TIMEOUT = 60000;    // 1 minute per check
+
+const PHASES = {
+  build: {
+    name: "Build Validation",
+    description: "TypeScript compilation, artifacts, bundle analysis",
+    icon: "🏗️",
+    estimatedTime: "~2 min",
+  },
+  env: {
+    name: "Environment Wiring",
+    description: "Variables, secrets, URL validation",
+    icon: "🌍",
+    estimatedTime: "~1 min",
+  },
+  routes: {
+    name: "Route Integrity",
+    description: "Registration, handlers, contract drift",
+    icon: "🛤️",
+    estimatedTime: "~2 min",
+  },
+  auth: {
+    name: "Auth Configuration",
+    description: "Middleware, protection, CORS, rate limiting",
+    icon: "🔐",
+    estimatedTime: "~1 min",
+  },
+  integrations: {
+    name: "Integration Health",
+    description: "Database, Redis, billing, webhooks",
+    icon: "🔗",
+    estimatedTime: "~2 min",
+  },
+  security: {
+    name: "Security Posture",
+    description: "Secrets scan, dependency audit, mock detection",
+    icon: "🛡️",
+    estimatedTime: "~2 min",
+  },
+};
+
+const PHASE_ORDER = ["build", "env", "routes", "auth", "integrations", "security"];
+
+// Secret patterns (critical - must not be in code)
+const SECRET_PATTERNS = [
+  { name: "Stripe Live Key", pattern: /sk_live_[a-zA-Z0-9]{24,}/g, severity: "BLOCK" },
+  { name: "AWS Access Key", pattern: /AKIA[A-Z0-9]{16}/g, severity: "BLOCK" },
+  { name: "Private Key", pattern: /-----BEGIN\s+(RSA|EC|DSA|OPENSSH)?\s*PRIVATE KEY-----/g, severity: "BLOCK" },
+  { name: "GitHub Token", pattern: /ghp_[a-zA-Z0-9]{36}/g, severity: "BLOCK" },
+  { name: "Generic API Key", pattern: /['"]?api[_-]?key['"]?\s*[:=]\s*['"][a-zA-Z0-9_-]{20,}['"]/gi, severity: "WARN" },
+  { name: "Password Assignment", pattern: /['"]?password['"]?\s*[:=]\s*['"][^'"]{8,}['"]/gi, severity: "WARN" },
+  { name: "JWT Secret Hardcoded", pattern: /jwt[_-]?secret\s*[:=]\s*['"][^'"]+['"]/gi, severity: "BLOCK" },
+];
+
+// Mock data patterns
+const MOCK_PATTERNS = [
+  { name: "Demo User", pattern: /demo@|test@example|user@test|admin@localhost/gi },
+  { name: "Placeholder Email", pattern: /your[_-]?email@|example\.com/gi },
+  { name: "Fake Data", pattern: /FAKE_|MOCK_|PLACEHOLDER_|TODO_REPLACE/gi },
+  { name: "Lorem Ipsum", pattern: /lorem\s+ipsum/gi },
+  { name: "Test Mode Flag", pattern: /isTest\s*[:=]\s*true|testMode\s*[:=]\s*true/gi },
+];
+
+// Auth patterns to detect
+const AUTH_PATTERNS = {
+  middleware: [
+    /authMiddleware/,
+    /authenticate\s*\(/,
+    /requireAuth/,
+    /isAuthenticated/,
+    /verifyToken/,
+    /passport\.authenticate/,
+  ],
+  hashBeforeLookup: [
+    /hashApiKey/,
+    /hash.*before.*lookup/i,
+    /createHash.*apiKey/i,
+    /sha256.*apiKey/i,
+  ],
+  rateLimiting: [
+    /rateLimit/i,
+    /rate.*limit/i,
+    /express-rate-limit/,
+    /@fastify\/rate-limit/,
+    /throttle/i,
+  ],
+  cors: [
+    /cors\s*\(/,
+    /ALLOWED_ORIGINS/,
+    /Access-Control-Allow-Origin/,
+  ],
+};
+
+// Files to scan for security issues
+const SECURITY_PATHS = [
+  "src/middleware",
+  "src/auth",
+  "src/routes/auth",
+  "apps/api/src/middleware",
+  "apps/api/src/routes/auth",
+  "apps/api/src/services/auth",
+  "apps/api/src/services/api-key",
+  "apps/api/src/services/encryption",
+];
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// ANSI STYLING
+// ═══════════════════════════════════════════════════════════════════════════════
+
+const SUPPORTS_COLOR = process.stdout.isTTY && !process.env.NO_COLOR;
+
+const c = SUPPORTS_COLOR ? {
+  reset: "\x1b[0m",
+  bold: "\x1b[1m",
+  dim: "\x1b[2m",
+  red: "\x1b[31m",
+  green: "\x1b[32m",
+  yellow: "\x1b[33m",
+  blue: "\x1b[34m",
+  magenta: "\x1b[35m",
+  cyan: "\x1b[36m",
+  white: "\x1b[37m",
+  gray: "\x1b[90m",
+  bgGreen: "\x1b[42m",
+  bgYellow: "\x1b[43m",
+  bgRed: "\x1b[41m",
+  bgCyan: "\x1b[46m",
+  bgMagenta: "\x1b[45m",
+} : Object.fromEntries([
+  "reset", "bold", "dim", "red", "green", "yellow", "blue", 
+  "magenta", "cyan", "white", "gray", "bgGreen", "bgYellow", "bgRed", "bgCyan", "bgMagenta"
+].map(k => [k, ""]));
+
+const sym = {
+  check: "✓",
+  cross: "✗",
+  warning: "⚠",
+  arrow: "→",
+  rocket: "🚀",
+  block: "🚫",
+  spinner: ["⠋", "⠙", "⠹", "⠸", "⠼", "⠴", "⠦", "⠧", "⠇", "⠏"],
+  box: {
+    topLeft: "╔", topRight: "╗", bottomLeft: "╚", bottomRight: "╝",
+    horizontal: "═", vertical: "║",
+    teeRight: "╠", teeLeft: "╣",
+  },
+};
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// BANNER (uses unified CLI output)
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function printUnifiedBanner(projectRoot, opts) {
+  const cli = getCliOutput();
+  const projectName = path.basename(projectRoot);
+  
+  // Determine integrity based on environment
+  const isProduction = process.env.NODE_ENV === "production";
+  const integrity = isProduction ? "PRODUCTION" : "DEVELOPMENT";
+  
+  console.log(cli.renderFullHeader("launch", {
+    version: LAUNCH_VERSION,
+    tier: "PRO",
+    integrity,
+    target: projectRoot,
+    sessionId: cli.generateSessionId(),
+  }));
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// UTILITIES
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Recursively find files matching extensions
+ */
+function findFiles(dir, extensions, ignore = []) {
+  const results = [];
+  if (!fs.existsSync(dir)) return results;
+  
+  const defaultIgnore = ["node_modules", ".git", "dist", "build", ".next", "coverage", "__pycache__"];
+  const ignoreSet = new Set([...defaultIgnore, ...ignore]);
+  
+  function walk(currentDir) {
+    try {
+      const entries = fs.readdirSync(currentDir, { withFileTypes: true });
+      for (const entry of entries) {
+        if (ignoreSet.has(entry.name)) continue;
+        
+        const fullPath = path.join(currentDir, entry.name);
+        if (entry.isDirectory()) {
+          walk(fullPath);
+        } else if (entry.isFile()) {
+          const ext = path.extname(entry.name);
+          if (extensions.includes(ext)) {
+            results.push(fullPath);
+          }
+        }
+      }
+    } catch {
+      // Permission denied or other errors - skip
+    }
+  }
+  
+  walk(dir);
+  return results;
+}
+
+/**
+ * Scan file content for patterns
+ */
+function scanFileForPatterns(filePath, patterns) {
+  const findings = [];
+  try {
+    const content = fs.readFileSync(filePath, "utf-8");
+    const lines = content.split("\n");
+    
+    for (const { name, pattern, severity } of patterns) {
+      // Reset regex lastIndex for global patterns
+      if (pattern.global) pattern.lastIndex = 0;
+      
+      let lineNum = 0;
+      for (const line of lines) {
+        lineNum++;
+        // Reset for each line
+        if (pattern.global) pattern.lastIndex = 0;
+        
+        if (pattern.test(line)) {
+          findings.push({
+            pattern: name,
+            file: filePath,
+            line: lineNum,
+            content: line.trim().substring(0, 100),
+            severity: severity || "WARN",
+          });
+        }
+      }
+    }
+  } catch {
+    // File read error - skip
+  }
+  return findings;
+}
+
+/**
+ * Check if any pattern matches in a file
+ */
+function fileContainsPatterns(filePath, patterns) {
+  try {
+    const content = fs.readFileSync(filePath, "utf-8");
+    return patterns.some(p => p.test(content));
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Get git info for audit trail
+ */
+function getGitInfo(projectRoot) {
+  try {
+    const commit = execSync("git rev-parse HEAD", { cwd: projectRoot, stdio: "pipe" }).toString().trim();
+    const branch = execSync("git rev-parse --abbrev-ref HEAD", { cwd: projectRoot, stdio: "pipe" }).toString().trim();
+    const status = execSync("git status --porcelain", { cwd: projectRoot, stdio: "pipe" }).toString().trim();
+    return {
+      commit: commit.substring(0, 12),
+      branch,
+      dirty: status.length > 0,
+    };
+  } catch {
+    return { commit: "unknown", branch: "unknown", dirty: false };
+  }
+}
+
+/**
+ * Load environment from .env files
+ */
+function loadEnvFiles(projectRoot) {
+  const env = { ...process.env };
+  const envFiles = [".env", ".env.local", ".env.production"];
+  
+  for (const file of envFiles) {
+    const filePath = path.join(projectRoot, file);
+    if (fs.existsSync(filePath)) {
+      try {
+        const content = fs.readFileSync(filePath, "utf-8");
+        for (const line of content.split("\n")) {
+          const match = line.match(/^([^#=]+)=(.*)$/);
+          if (match) {
+            const key = match[1].trim();
+            const value = match[2].trim().replace(/^["']|["']$/g, "");
+            if (!env[key]) env[key] = value; // Don't override existing
+          }
+        }
+      } catch {
+        // Skip unreadable files
+      }
+    }
+  }
+  
+  return env;
+}
+
+/**
+ * Detect package manager
+ */
+function detectPackageManager(projectRoot) {
+  if (fs.existsSync(path.join(projectRoot, "pnpm-lock.yaml"))) return "pnpm";
+  if (fs.existsSync(path.join(projectRoot, "yarn.lock"))) return "yarn";
+  if (fs.existsSync(path.join(projectRoot, "bun.lockb"))) return "bun";
+  return "npm";
+}
+
+/**
+ * Execute command with timeout
+ */
+function execWithTimeout(command, options = {}, timeout = CHECK_TIMEOUT) {
+  return new Promise((resolve, reject) => {
+    const timer = setTimeout(() => {
+      reject(new Error(`Command timed out after ${timeout}ms`));
+    }, timeout);
+    
+    try {
+      const result = execSync(command, { ...options, stdio: "pipe", timeout });
+      clearTimeout(timer);
+      resolve(result.toString());
+    } catch (err) {
+      clearTimeout(timer);
+      reject(err);
+    }
+  });
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// ARGS PARSING
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function parseArgs(args) {
+  const { parseGlobalFlags } = getGlobalFlags();
+  const { flags: globalFlags, cleanArgs } = parseGlobalFlags(args);
+  
+  const opts = {
+    path: globalFlags.path || process.cwd(),
+    json: globalFlags.json || false,
+    ci: globalFlags.ci || false,
+    quiet: globalFlags.quiet || false,
+    verbose: globalFlags.verbose || false,
+    noBanner: globalFlags.noBanner || false,
+    help: globalFlags.help || false,
+    // Launch-specific options
+    strict: false,
+    skipSlow: false,
+    timeout: DEFAULT_TIMEOUT,
+    failFast: false,
+    skipPhases: [],
+    onlyPhases: [],
+    bundle: false,
+    output: null,
+    dryRun: false,
+  };
+  
+  for (let i = 0; i < cleanArgs.length; i++) {
+    const arg = cleanArgs[i];
+    switch (arg) {
+      case "--strict":
+        opts.strict = true;
+        break;
+      case "--skip-slow":
+        opts.skipSlow = true;
+        break;
+      case "--timeout":
+        opts.timeout = parseInt(cleanArgs[++i], 10) || DEFAULT_TIMEOUT;
+        break;
+      case "--fail-fast":
+        opts.failFast = true;
+        break;
+      case "--skip":
+        opts.skipPhases = (cleanArgs[++i] || "").split(",").map(s => s.trim()).filter(Boolean);
+        break;
+      case "--only":
+        opts.onlyPhases = (cleanArgs[++i] || "").split(",").map(s => s.trim()).filter(Boolean);
+        break;
+      case "--bundle":
+        opts.bundle = true;
+        break;
+      case "--output":
+      case "-o":
+        opts.output = cleanArgs[++i];
+        break;
+      case "--path":
+      case "-p":
+        opts.path = cleanArgs[++i] || process.cwd();
+        break;
+      case "--dry-run":
+        opts.dryRun = true;
+        break;
+    }
+  }
+  
+  opts.path = path.resolve(opts.path);
+  return opts;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// HELP
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function printHelp() {
+  console.log(`
+${c.bold}${c.cyan}VIBECHECK LAUNCH${c.reset} - Pre-Release Validation Wizard (v${LAUNCH_VERSION})
+
+${c.bold}USAGE${c.reset}
+  ${c.cyan}vibecheck launch${c.reset} [options]
+
+${c.bold}DESCRIPTION${c.reset}
+  Run all pre-release validations in one command. This is your "last 10 minutes
+  before release" checklist that ensures everything is ready for production.
+
+${c.bold}OPTIONS${c.reset}
+  ${c.cyan}--ci${c.reset}                  CI mode (non-interactive, machine-readable output)
+  ${c.cyan}--json${c.reset}                Output results as JSON
+  ${c.cyan}--strict${c.reset}              Treat warnings as blockers
+  ${c.cyan}--skip-slow${c.reset}           Skip checks that take >30s
+  ${c.cyan}--timeout <ms>${c.reset}        Maximum execution time ${c.dim}(default: 600000)${c.reset}
+  ${c.cyan}--fail-fast${c.reset}           Stop on first blocker
+  ${c.cyan}--skip <phases>${c.reset}       Skip specific phases ${c.dim}(comma-separated)${c.reset}
+  ${c.cyan}--only <phases>${c.reset}       Run only specific phases ${c.dim}(comma-separated)${c.reset}
+  ${c.cyan}--bundle${c.reset}              Auto-generate launch bundle after completion
+  ${c.cyan}--output, -o <dir>${c.reset}    Output directory for artifacts
+  ${c.cyan}--path, -p <dir>${c.reset}      Project path ${c.dim}(default: current directory)${c.reset}
+  ${c.cyan}--dry-run${c.reset}             Show what would be checked without running
+  ${c.cyan}--quiet, -q${c.reset}           Suppress non-essential output
+  ${c.cyan}--verbose, -v${c.reset}         Show detailed output
+  ${c.cyan}--help, -h${c.reset}            Show this help
+
+${c.bold}PHASES${c.reset}
+  ${c.cyan}build${c.reset}                 Build validation (TypeScript, artifacts, bundle)
+  ${c.cyan}env${c.reset}                   Environment wiring (variables, secrets, URLs)
+  ${c.cyan}routes${c.reset}                Route integrity (registration, handlers, drift)
+  ${c.cyan}auth${c.reset}                  Auth configuration (middleware, protection, CORS)
+  ${c.cyan}integrations${c.reset}          Integration health (database, Redis, billing)
+  ${c.cyan}security${c.reset}              Security posture (secrets scan, audit, mocks)
+
+${c.bold}EXAMPLES${c.reset}
+  ${c.dim}# Interactive wizard${c.reset}
+  vibecheck launch
+
+  ${c.dim}# CI mode with JSON output${c.reset}
+  vibecheck launch --ci --json
+
+  ${c.dim}# Strict mode (warnings = blockers)${c.reset}
+  vibecheck launch --strict
+
+  ${c.dim}# Only run specific phases${c.reset}
+  vibecheck launch --only build,env,security
+
+  ${c.dim}# Auto-bundle results${c.reset}
+  vibecheck launch --bundle
+
+${c.bold}EXIT CODES${c.reset}
+  ${c.green}0${c.reset}  LAUNCH   - Ready to ship, no blockers
+  ${c.yellow}1${c.reset}  WARN     - Ready to ship, but warnings exist
+  ${c.red}2${c.reset}  BLOCK    - Cannot ship, blockers found
+  ${c.red}3${c.reset}  ERROR    - Execution error
+
+${c.dim}Documentation: https://docs.vibecheckai.dev/commands/launch${c.reset}
+`);
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// CHECK RUNNER UTILITY
+// ═══════════════════════════════════════════════════════════════════════════════
+
+async function runCheck(name, description, fn, severity = "WARN", opts = {}) {
+  const start = Date.now();
+  const timeout = opts.timeout || CHECK_TIMEOUT;
+  
+  try {
+    // Wrap with timeout
+    const result = await Promise.race([
+      fn(),
+      new Promise((_, reject) => 
+        setTimeout(() => reject(new Error("Check timed out")), timeout)
+      ),
+    ]);
+    
+    return {
+      name,
+      description,
+      status: result.pass ? "pass" : (result.skip ? "skip" : "fail"),
+      severity: result.severity || severity,
+      duration: Date.now() - start,
+      details: result.details,
+      error: result.error,
+      fix: result.fix,
+      location: result.location,
+      findings: result.findings || [],
+    };
+  } catch (err) {
+    return {
+      name,
+      description,
+      status: "error",
+      severity,
+      duration: Date.now() - start,
+      error: err.message,
+      findings: [],
+    };
+  }
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// PHASE 1: BUILD VALIDATION
+// ═══════════════════════════════════════════════════════════════════════════════
+
+async function runBuildPhase(ctx, opts) {
+  const checks = [];
+  const pm = detectPackageManager(ctx.projectRoot);
+  
+  // TypeScript compilation
+  checks.push(await runCheck("typescript", "TypeScript compilation", async () => {
+    const tsconfigPath = path.join(ctx.projectRoot, "tsconfig.json");
+    if (!fs.existsSync(tsconfigPath)) {
+      return { skip: true, details: "No tsconfig.json found" };
+    }
+    
+    try {
+      await execWithTimeout("npx tsc --noEmit", { cwd: ctx.projectRoot }, opts.skipSlow ? 30000 : 120000);
+      return { pass: true };
+    } catch (err) {
+      const stderr = err.stderr?.toString() || err.message;
+      const errorCount = (stderr.match(/error TS/g) || []).length;
+      return { 
+        pass: false, 
+        error: `TypeScript compilation failed (${errorCount} errors)`,
+        details: stderr.substring(0, 500),
+        fix: "Run 'npx tsc --noEmit' to see all errors",
+      };
+    }
+  }, "BLOCK", { timeout: opts.skipSlow ? 30000 : 120000 }));
+  
+  // Build artifacts present
+  checks.push(await runCheck("build-artifacts", "Build artifacts present", async () => {
+    const distPaths = [
+      { path: "dist", framework: "generic" },
+      { path: "build", framework: "CRA/generic" },
+      { path: ".next", framework: "Next.js" },
+      { path: "out", framework: "Next.js static" },
+      { path: ".output", framework: "Nuxt" },
+      { path: ".svelte-kit", framework: "SvelteKit" },
+    ];
+    
+    for (const { path: distPath, framework } of distPaths) {
+      const fullPath = path.join(ctx.projectRoot, distPath);
+      if (fs.existsSync(fullPath)) {
+        const stats = fs.statSync(fullPath);
+        const age = Date.now() - stats.mtimeMs;
+        const ageHours = Math.floor(age / (1000 * 60 * 60));
+        const isFresh = age < 24 * 60 * 60 * 1000;
+        
+        return { 
+          pass: true, 
+          details: `Found ${distPath} (${framework}, ${isFresh ? "fresh" : `${ageHours}h old`})`,
+        };
+      }
+    }
+    
+    return { 
+      pass: false, 
+      error: "No build artifacts found",
+      fix: `Run '${pm} build' to create production build`,
+    };
+  }, "BLOCK"));
+  
+  // Package.json scripts
+  checks.push(await runCheck("package-scripts", "Required scripts defined", async () => {
+    const pkgPath = path.join(ctx.projectRoot, "package.json");
+    if (!fs.existsSync(pkgPath)) {
+      return { pass: false, error: "No package.json found" };
+    }
+    
+    try {
+      const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8"));
+      const scripts = pkg.scripts || {};
+      const required = ["build", "start"];
+      const missing = required.filter(s => !scripts[s]);
+      
+      if (missing.length > 0) {
+        return { 
+          pass: false, 
+          error: `Missing scripts: ${missing.join(", ")}`,
+          severity: "WARN",
+        };
+      }
+      return { pass: true };
+    } catch (err) {
+      return { pass: false, error: "Invalid package.json" };
+    }
+  }, "WARN"));
+  
+  // Check for circular dependencies (if madge available)
+  if (!opts.skipSlow) {
+    checks.push(await runCheck("circular-deps", "No circular dependencies", async () => {
+      try {
+        // Try using madge if installed
+        const result = await execWithTimeout(
+          "npx madge --circular --extensions ts,tsx,js,jsx src/ 2>/dev/null || true",
+          { cwd: ctx.projectRoot },
+          30000
+        );
+        
+        if (result.includes("Found")) {
+          const count = (result.match(/Found (\d+)/)?.[1]) || "some";
+          return { 
+            pass: false, 
+            error: `${count} circular dependencies found`,
+            severity: "WARN",
+            details: result.substring(0, 300),
+          };
+        }
+        return { pass: true };
+      } catch {
+        return { skip: true, details: "madge not available" };
+      }
+    }, "WARN", { timeout: 30000 }));
+  }
+  
+  return { phase: "build", checks };
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// PHASE 2: ENVIRONMENT WIRING
+// ═══════════════════════════════════════════════════════════════════════════════
+
+async function runEnvPhase(ctx, opts) {
+  const checks = [];
+  const env = loadEnvFiles(ctx.projectRoot);
+  const nodeEnv = env.NODE_ENV || "development";
+  const isProduction = nodeEnv === "production";
+  
+  // Core required variables
+  const coreVars = [
+    { key: "DATABASE_URL", required: true, minLength: 10, description: "Database connection" },
+    { key: "JWT_SECRET", required: true, minLength: 32, description: "JWT signing secret" },
+  ];
+  
+  // Production-only variables
+  const prodVars = [
+    { key: "ENCRYPTION_KEY", pattern: /^[a-f0-9]{64}$/i, description: "64-char hex encryption key" },
+    { key: "FRONTEND_URL", pattern: /^https:\/\//, description: "HTTPS frontend URL" },
+    { key: "ALLOWED_ORIGINS", minLength: 1, description: "CORS allowed origins" },
+    { key: "COOKIE_SECRET", minLength: 32, description: "Cookie signing secret" },
+  ];
+  
+  // Check core variables
+  for (const { key, minLength, pattern, description } of coreVars) {
+    checks.push(await runCheck(`env-${key.toLowerCase()}`, `${key} is configured`, async () => {
+      const value = env[key];
+      if (!value) {
+        return { pass: false, error: `${key} is not set`, fix: `Add ${key} to .env file` };
+      }
+      if (minLength && value.length < minLength) {
+        return { pass: false, error: `${key} is too short (need ${minLength}+ chars)` };
+      }
+      if (pattern && !pattern.test(value)) {
+        return { pass: false, error: `${key} has invalid format (${description})` };
+      }
+      return { pass: true };
+    }, "BLOCK"));
+  }
+  
+  // Check production variables (warning in dev, block in prod)
+  if (isProduction) {
+    for (const { key, minLength, pattern, description } of prodVars) {
+      checks.push(await runCheck(`env-${key.toLowerCase()}`, `${key} is configured (production)`, async () => {
+        const value = env[key];
+        if (!value) {
+          return { pass: false, error: `${key} required in production` };
+        }
+        if (minLength && value.length < minLength) {
+          return { pass: false, error: `${key} is too short (need ${minLength}+ chars)` };
+        }
+        if (pattern && !pattern.test(value)) {
+          return { pass: false, error: `${key} invalid format (${description})` };
+        }
+        return { pass: true };
+      }, "BLOCK"));
+    }
+  }
+  
+  // Check for localhost in URLs (critical in production)
+  checks.push(await runCheck("no-localhost", "No localhost in URLs", async () => {
+    const urlVars = ["DATABASE_URL", "FRONTEND_URL", "API_URL", "REDIS_URL", "BACKEND_URL"];
+    const violations = [];
+    
+    for (const key of urlVars) {
+      const value = env[key];
+      if (value && (value.includes("localhost") || value.includes("127.0.0.1"))) {
+        violations.push(key);
+      }
+    }
+    
+    if (violations.length > 0) {
+      return { 
+        pass: false, 
+        error: `Localhost found in: ${violations.join(", ")}`,
+        severity: isProduction ? "BLOCK" : "WARN",
+        fix: "Use production URLs for deployment",
+      };
+    }
+    return { pass: true };
+  }, isProduction ? "BLOCK" : "WARN"));
+  
+  // Check for weak secrets
+  checks.push(await runCheck("secret-strength", "Secrets have sufficient entropy", async () => {
+    const secretVars = ["JWT_SECRET", "COOKIE_SECRET", "ENCRYPTION_KEY"];
+    const weak = [];
+    
+    for (const key of secretVars) {
+      const value = env[key];
+      if (value) {
+        // Check for common weak patterns
+        if (value === "secret" || value === "password" || value === "changeme" ||
+            value.length < 16 || /^(.)\1+$/.test(value) || /^12345/.test(value)) {
+          weak.push(key);
+        }
+      }
+    }
+    
+    if (weak.length > 0) {
+      return { 
+        pass: false, 
+        error: `Weak secrets detected: ${weak.join(", ")}`,
+        fix: "Use cryptographically random secrets (e.g., openssl rand -hex 32)",
+      };
+    }
+    return { pass: true };
+  }, "BLOCK"));
+  
+  // Check .env.example exists
+  checks.push(await runCheck("env-template", "Environment template exists", async () => {
+    const templates = [".env.example", ".env.template", ".env.sample"];
+    const found = templates.find(t => fs.existsSync(path.join(ctx.projectRoot, t)));
+    
+    if (!found) {
+      return { 
+        pass: false, 
+        error: "No .env.example file",
+        severity: "WARN",
+        fix: "Create .env.example with required variables (without values)",
+      };
+    }
+    return { pass: true, details: `Found ${found}` };
+  }, "WARN"));
+  
+  return { phase: "env", checks };
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// PHASE 3: ROUTE INTEGRITY
+// ═══════════════════════════════════════════════════════════════════════════════
+
+async function runRoutesPhase(ctx, opts) {
+  const checks = [];
+  
+  // Try to load and use existing route analysis
+  checks.push(await runCheck("route-analysis", "Route analysis", async () => {
+    try {
+      const { buildTruthpackSmart } = require("./lib/truth");
+      const { findMissingRoutes, findMethodMismatch, findDeadUI } = require("./lib/analyzers");
+      
+      const truth = await buildTruthpackSmart({ projectRoot: ctx.projectRoot });
+      
+      // Missing routes
+      const missing = findMissingRoutes ? findMissingRoutes(truth) : [];
+      // Method mismatch
+      const mismatch = findMethodMismatch ? findMethodMismatch(truth) : [];
+      // Dead routes
+      const dead = findDeadUI ? findDeadUI(truth) : [];
+      
+      const issues = [];
+      if (missing.length > 0) issues.push(`${missing.length} missing routes`);
+      if (mismatch.length > 0) issues.push(`${mismatch.length} method mismatches`);
+      if (dead.length > 0) issues.push(`${dead.length} dead routes`);
+      
+      if (missing.length > 0 || mismatch.length > 0) {
+        return {
+          pass: false,
+          error: issues.join(", "),
+          findings: [...missing, ...mismatch].slice(0, 5),
+        };
+      }
+      
+      if (dead.length > 0) {
+        return {
+          pass: true,
+          details: `${dead.length} dead routes detected`,
+          severity: "WARN",
+        };
+      }
+      
+      return { pass: true, details: "All routes verified" };
+    } catch (err) {
+      return { skip: true, details: `Route analysis unavailable: ${err.message}` };
+    }
+  }, "BLOCK"));
+  
+  // Check for API route files
+  checks.push(await runCheck("api-routes-exist", "API routes defined", async () => {
+    const apiPaths = [
+      "src/routes",
+      "src/api",
+      "src/pages/api",
+      "app/api",
+      "apps/api/src/routes",
+    ];
+    
+    for (const apiPath of apiPaths) {
+      const fullPath = path.join(ctx.projectRoot, apiPath);
+      if (fs.existsSync(fullPath)) {
+        const files = findFiles(fullPath, [".ts", ".tsx", ".js", ".jsx"]);
+        return { pass: true, details: `Found ${files.length} route files in ${apiPath}` };
+      }
+    }
+    
+    return { skip: true, details: "No API routes directory found" };
+  }, "INFO"));
+  
+  return { phase: "routes", checks };
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// PHASE 4: AUTH CONFIGURATION
+// ═══════════════════════════════════════════════════════════════════════════════
+
+async function runAuthPhase(ctx, opts) {
+  const checks = [];
+  const sourceFiles = findFiles(ctx.projectRoot, [".ts", ".tsx", ".js", ".jsx"]);
+  
+  // Check for auth middleware
+  checks.push(await runCheck("auth-middleware", "Auth middleware is implemented", async () => {
+    const authFiles = sourceFiles.filter(f => 
+      f.includes("middleware") || f.includes("auth") || f.includes("guard")
+    );
+    
+    let found = false;
+    for (const file of authFiles) {
+      if (fileContainsPatterns(file, AUTH_PATTERNS.middleware)) {
+        found = true;
+        break;
+      }
+    }
+    
+    if (!found) {
+      return { 
+        pass: false, 
+        error: "No auth middleware detected",
+        fix: "Implement authentication middleware for protected routes",
+      };
+    }
+    return { pass: true, details: "Auth middleware patterns found" };
+  }, "BLOCK"));
+  
+  // Check for hash-before-lookup pattern (API key security)
+  checks.push(await runCheck("hash-before-lookup", "API key hashing implemented", async () => {
+    const apiKeyFiles = sourceFiles.filter(f => 
+      f.includes("api-key") || f.includes("apikey") || f.includes("auth")
+    );
+    
+    if (apiKeyFiles.length === 0) {
+      return { skip: true, details: "No API key handling detected" };
+    }
+    
+    let found = false;
+    for (const file of apiKeyFiles) {
+      if (fileContainsPatterns(file, AUTH_PATTERNS.hashBeforeLookup)) {
+        found = true;
+        break;
+      }
+    }
+    
+    if (!found) {
+      return { 
+        pass: false, 
+        error: "API keys should be hashed before database lookup",
+        severity: "WARN",
+        fix: "Implement hash-before-lookup pattern for API key validation",
+      };
+    }
+    return { pass: true };
+  }, "WARN"));
+  
+  // Check for rate limiting
+  checks.push(await runCheck("rate-limiting", "Rate limiting configured", async () => {
+    let found = false;
+    for (const file of sourceFiles.slice(0, 100)) { // Limit scan
+      if (fileContainsPatterns(file, AUTH_PATTERNS.rateLimiting)) {
+        found = true;
+        break;
+      }
+    }
+    
+    // Also check package.json for rate limit packages
+    const pkgPath = path.join(ctx.projectRoot, "package.json");
+    if (fs.existsSync(pkgPath)) {
+      const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8"));
+      const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+      if (deps["express-rate-limit"] || deps["@fastify/rate-limit"] || deps["rate-limiter-flexible"]) {
+        found = true;
+      }
+    }
+    
+    if (!found) {
+      return { 
+        pass: false, 
+        error: "No rate limiting detected",
+        fix: "Add rate limiting to prevent abuse",
+      };
+    }
+    return { pass: true };
+  }, "WARN"));
+  
+  // Check CORS configuration
+  checks.push(await runCheck("cors-config", "CORS properly configured", async () => {
+    const env = loadEnvFiles(ctx.projectRoot);
+    
+    if (!env.ALLOWED_ORIGINS) {
+      return { 
+        pass: false, 
+        error: "ALLOWED_ORIGINS not configured",
+        fix: "Set ALLOWED_ORIGINS in environment",
+      };
+    }
+    
+    // Check for wildcard CORS (dangerous in production)
+    if (env.ALLOWED_ORIGINS === "*") {
+      return { 
+        pass: false, 
+        error: "CORS allows all origins (*) - dangerous in production",
+        fix: "Specify explicit allowed origins",
+      };
+    }
+    
+    return { pass: true };
+  }, "BLOCK"));
+  
+  return { phase: "auth", checks };
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// PHASE 5: INTEGRATION HEALTH
+// ═══════════════════════════════════════════════════════════════════════════════
+
+async function runIntegrationsPhase(ctx, opts) {
+  const checks = [];
+  const env = loadEnvFiles(ctx.projectRoot);
+  
+  // Database configuration
+  checks.push(await runCheck("database-config", "Database is configured", async () => {
+    const dbUrl = env.DATABASE_URL;
+    if (!dbUrl) {
+      return { pass: false, error: "DATABASE_URL not set" };
+    }
+    
+    // Parse and validate URL format
+    try {
+      const url = new URL(dbUrl);
+      const protocol = url.protocol.replace(":", "");
+      const validProtocols = ["postgresql", "postgres", "mysql", "mongodb", "mongodb+srv", "sqlite"];
+      
+      if (!validProtocols.includes(protocol)) {
+        return { pass: false, error: `Unknown database protocol: ${protocol}` };
+      }
+      
+      return { pass: true, details: `${protocol} database configured` };
+    } catch {
+      return { pass: false, error: "Invalid DATABASE_URL format" };
+    }
+  }, "BLOCK"));
+  
+  // Redis configuration (optional)
+  if (env.REDIS_URL) {
+    checks.push(await runCheck("redis-config", "Redis is configured", async () => {
+      try {
+        const url = new URL(env.REDIS_URL);
+        return { pass: true, details: `Redis at ${url.host}` };
+      } catch {
+        return { pass: false, error: "Invalid REDIS_URL format" };
+      }
+    }, "WARN"));
+  }
+  
+  // Stripe configuration (if used)
+  if (env.STRIPE_SECRET_KEY || env.STRIPE_PUBLISHABLE_KEY) {
+    checks.push(await runCheck("stripe-config", "Stripe properly configured", async () => {
+      const secretKey = env.STRIPE_SECRET_KEY;
+      const publishableKey = env.STRIPE_PUBLISHABLE_KEY;
+      const isProduction = env.NODE_ENV === "production";
+      
+      if (!secretKey) {
+        return { pass: false, error: "STRIPE_SECRET_KEY not set" };
+      }
+      
+      if (isProduction && secretKey.startsWith("sk_test_")) {
+        return { 
+          pass: false, 
+          error: "Using Stripe TEST key in production!",
+          fix: "Use live Stripe keys for production deployment",
+        };
+      }
+      
+      if (isProduction && publishableKey?.startsWith("pk_test_")) {
+        return { 
+          pass: false, 
+          error: "Using Stripe TEST publishable key in production!",
+        };
+      }
+      
+      // Check webhook secret
+      if (!env.STRIPE_WEBHOOK_SECRET) {
+        return { 
+          pass: false, 
+          error: "STRIPE_WEBHOOK_SECRET not set",
+          severity: "WARN",
+          fix: "Configure webhook secret for secure webhook handling",
+        };
+      }
+      
+      return { pass: true };
+    }, "BLOCK"));
+  }
+  
+  // Check for Prisma migrations
+  const prismaPath = path.join(ctx.projectRoot, "prisma");
+  if (fs.existsSync(prismaPath)) {
+    checks.push(await runCheck("prisma-migrations", "Prisma migrations up to date", async () => {
+      try {
+        const result = await execWithTimeout(
+          "npx prisma migrate status",
+          { cwd: ctx.projectRoot },
+          30000
+        );
+        
+        if (result.includes("Database schema is up to date")) {
+          return { pass: true };
+        }
+        
+        if (result.includes("pending migration")) {
+          return { 
+            pass: false, 
+            error: "Pending database migrations",
+            fix: "Run 'npx prisma migrate deploy' before deployment",
+          };
+        }
+        
+        return { pass: true, details: "Migrations checked" };
+      } catch (err) {
+        // Migration status check failed - could be DB connection issue
+        return { 
+          pass: false, 
+          error: "Could not check migration status",
+          severity: "WARN",
+          details: err.message,
+        };
+      }
+    }, "WARN"));
+  }
+  
+  return { phase: "integrations", checks };
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// PHASE 6: SECURITY POSTURE
+// ═══════════════════════════════════════════════════════════════════════════════
+
+async function runSecurityPhase(ctx, opts) {
+  const checks = [];
+  const sourceFiles = findFiles(ctx.projectRoot, [".ts", ".tsx", ".js", ".jsx"]);
+  
+  // Scan for hardcoded secrets
+  checks.push(await runCheck("hardcoded-secrets", "No hardcoded secrets in code", async () => {
+    const findings = [];
+    
+    // Limit files to scan for performance
+    const filesToScan = sourceFiles.slice(0, 500);
+    
+    for (const file of filesToScan) {
+      // Skip test files
+      if (file.includes(".test.") || file.includes(".spec.") || file.includes("__test__")) {
+        continue;
+      }
+      
+      const fileFindings = scanFileForPatterns(file, SECRET_PATTERNS);
+      findings.push(...fileFindings);
+      
+      // Stop early if we found critical issues
+      if (findings.filter(f => f.severity === "BLOCK").length >= 3) {
+        break;
+      }
+    }
+    
+    const blockers = findings.filter(f => f.severity === "BLOCK");
+    const warnings = findings.filter(f => f.severity === "WARN");
+    
+    if (blockers.length > 0) {
+      return {
+        pass: false,
+        error: `${blockers.length} hardcoded secrets found`,
+        findings: blockers.slice(0, 5),
+        fix: "Move secrets to environment variables",
+      };
+    }
+    
+    if (warnings.length > 0) {
+      return {
+        pass: true,
+        details: `${warnings.length} potential secrets (review recommended)`,
+        severity: "WARN",
+        findings: warnings.slice(0, 3),
+      };
+    }
+    
+    return { pass: true };
+  }, "BLOCK"));
+  
+  // Scan for TODOs in security-critical code
+  checks.push(await runCheck("security-todos", "No TODOs in security code", async () => {
+    const todoPattern = { name: "TODO/FIXME", pattern: /TODO|FIXME|HACK|XXX/gi };
+    const findings = [];
+    
+    for (const secPath of SECURITY_PATHS) {
+      const fullPath = path.join(ctx.projectRoot, secPath);
+      if (!fs.existsSync(fullPath)) continue;
+      
+      const files = findFiles(fullPath, [".ts", ".tsx", ".js", ".jsx"]);
+      for (const file of files) {
+        const fileFindings = scanFileForPatterns(file, [todoPattern]);
+        findings.push(...fileFindings);
+      }
+    }
+    
+    if (findings.length > 0) {
+      return {
+        pass: false,
+        error: `${findings.length} TODOs in security-critical code`,
+        findings: findings.slice(0, 5),
+        fix: "Resolve TODOs before deployment",
+      };
+    }
+    
+    return { pass: true };
+  }, "BLOCK"));
+  
+  // Scan for mock/demo data
+  checks.push(await runCheck("mock-data", "No mock/demo data in production code", async () => {
+    const findings = [];
+    
+    // Only scan source directories, not tests
+    const srcDirs = ["src", "app", "apps", "lib", "server"];
+    
+    for (const dir of srcDirs) {
+      const fullPath = path.join(ctx.projectRoot, dir);
+      if (!fs.existsSync(fullPath)) continue;
+      
+      const files = findFiles(fullPath, [".ts", ".tsx", ".js", ".jsx"]).slice(0, 200);
+      for (const file of files) {
+        // Skip test files
+        if (file.includes(".test.") || file.includes(".spec.")) continue;
+        
+        const fileFindings = scanFileForPatterns(file, MOCK_PATTERNS);
+        findings.push(...fileFindings);
+      }
+    }
+    
+    if (findings.length > 0) {
+      return {
+        pass: false,
+        error: `${findings.length} mock/demo data patterns found`,
+        findings: findings.slice(0, 5),
+        fix: "Remove mock data before production deployment",
+      };
+    }
+    
+    return { pass: true };
+  }, "BLOCK"));
+  
+  // Check for VIBECHECK_DEV_PRO bypass in production code
+  checks.push(await runCheck("dev-bypass", "No development bypasses in production", async () => {
+    const bypassPattern = { 
+      name: "DEV_PRO bypass", 
+      pattern: /VIBECHECK_DEV_PRO|DEV_BYPASS|SKIP_AUTH|DISABLE_AUTH/gi,
+      severity: "BLOCK",
+    };
+    
+    const findings = [];
+    const srcFiles = sourceFiles.filter(f => 
+      !f.includes(".test.") && !f.includes(".spec.") && !f.includes("node_modules")
+    ).slice(0, 300);
+    
+    for (const file of srcFiles) {
+      const fileFindings = scanFileForPatterns(file, [bypassPattern]);
+      findings.push(...fileFindings);
+    }
+    
+    if (findings.length > 0) {
+      return {
+        pass: false,
+        error: `${findings.length} development bypass patterns found`,
+        findings: findings.slice(0, 5),
+        fix: "Remove or properly gate development bypasses",
+      };
+    }
+    
+    return { pass: true };
+  }, "BLOCK"));
+  
+  // Dependency audit
+  if (!opts.skipSlow) {
+    checks.push(await runCheck("dependency-audit", "No critical vulnerabilities", async () => {
+      const pm = detectPackageManager(ctx.projectRoot);
+      
+      try {
+        let result;
+        switch (pm) {
+          case "pnpm":
+            result = await execWithTimeout("pnpm audit --audit-level=critical 2>&1 || true", { cwd: ctx.projectRoot }, 60000);
+            break;
+          case "yarn":
+            result = await execWithTimeout("yarn audit --level critical 2>&1 || true", { cwd: ctx.projectRoot }, 60000);
+            break;
+          default:
+            result = await execWithTimeout("npm audit --audit-level=critical 2>&1 || true", { cwd: ctx.projectRoot }, 60000);
+        }
+        
+        // Check for critical vulnerabilities
+        if (result.includes("critical") && !result.includes("0 critical")) {
+          const criticalMatch = result.match(/(\d+)\s+critical/);
+          const count = criticalMatch ? criticalMatch[1] : "some";
+          return {
+            pass: false,
+            error: `${count} critical vulnerabilities found`,
+            fix: `Run '${pm} audit fix' to attempt automatic fixes`,
+          };
+        }
+        
+        // Check for high vulnerabilities (warning)
+        if (result.includes("high") && !result.includes("0 high")) {
+          const highMatch = result.match(/(\d+)\s+high/);
+          const count = highMatch ? highMatch[1] : "some";
+          return {
+            pass: true,
+            details: `${count} high-severity vulnerabilities (review recommended)`,
+            severity: "WARN",
+          };
+        }
+        
+        return { pass: true };
+      } catch (err) {
+        return { 
+          pass: true, 
+          details: "Audit check skipped",
+          severity: "WARN",
+        };
+      }
+    }, "BLOCK", { timeout: 60000 }));
+  }
+  
+  return { phase: "security", checks };
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// ORCHESTRATOR
+// ═══════════════════════════════════════════════════════════════════════════════
+
+async function runAllPhases(ctx, opts) {
+  const results = {
+    phases: [],
+    blockers: [],
+    warnings: [],
+    passed: 0,
+    skipped: 0,
+    errors: 0,
+  };
+  
+  const phaseRunners = {
+    build: runBuildPhase,
+    env: runEnvPhase,
+    routes: runRoutesPhase,
+    auth: runAuthPhase,
+    integrations: runIntegrationsPhase,
+    security: runSecurityPhase,
+  };
+  
+  // Determine which phases to run
+  let phasesToRun = [...PHASE_ORDER];
+  if (opts.onlyPhases.length > 0) {
+    phasesToRun = opts.onlyPhases.filter(p => PHASE_ORDER.includes(p));
+  }
+  phasesToRun = phasesToRun.filter(p => !opts.skipPhases.includes(p));
+  
+  const totalPhases = phasesToRun.length;
+  
+  for (let i = 0; i < phasesToRun.length; i++) {
+    const phaseName = phasesToRun[i];
+    const phaseConfig = PHASES[phaseName];
+    const runner = phaseRunners[phaseName];
+    
+    if (!opts.ci && !opts.quiet) {
+      printPhaseStart(i + 1, totalPhases, phaseConfig);
+    }
+    
+    const start = Date.now();
+    
+    try {
+      const phaseResult = await runner(ctx, opts);
+      phaseResult.duration = Date.now() - start;
+      
+      // Aggregate results
+      for (const check of phaseResult.checks) {
+        if (check.status === "pass") {
+          results.passed++;
+        } else if (check.status === "skip") {
+          results.skipped++;
+        } else if (check.status === "error") {
+          results.errors++;
+          results.warnings.push({ phase: phaseName, ...check });
+        } else if (check.status === "fail") {
+          if (check.severity === "BLOCK") {
+            results.blockers.push({ phase: phaseName, ...check });
+          } else {
+            results.warnings.push({ phase: phaseName, ...check });
+          }
+        }
+        
+        if (!opts.ci && !opts.quiet) {
+          printCheckResult(check, opts.verbose);
+        }
+      }
+      
+      results.phases.push(phaseResult);
+      
+      // Fail fast
+      if (opts.failFast && results.blockers.length > 0) {
+        if (!opts.ci && !opts.quiet) {
+          console.log(`\n  ${c.yellow}${sym.warning} Stopping early (--fail-fast)${c.reset}\n`);
+        }
+        break;
+      }
+    } catch (err) {
+      results.errors++;
+      results.phases.push({
+        phase: phaseName,
+        duration: Date.now() - start,
+        checks: [{
+          name: "phase-error",
+          description: `Phase ${phaseName} failed`,
+          status: "error",
+          error: err.message,
+        }],
+      });
+      
+      if (!opts.ci && !opts.quiet) {
+        console.log(`  ${c.red}${sym.cross} Phase failed: ${err.message}${c.reset}`);
+      }
+    }
+  }
+  
+  // Apply strict mode
+  if (opts.strict) {
+    results.blockers.push(...results.warnings);
+    results.warnings = [];
+  }
+  
+  return results;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// OUTPUT RENDERING
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function printPhaseStart(num, total, phase) {
+  const header = `PHASE ${num}: ${phase.name.toUpperCase()}`;
+  const suffix = `[${num}/${total}] ${phase.estimatedTime}`;
+  const padding = Math.max(0, 77 - header.length - suffix.length - 4);
+  
+  console.log();
+  console.log(`${c.cyan}${sym.box.topLeft}${"═".repeat(77)}${sym.box.topRight}${c.reset}`);
+  console.log(`${c.cyan}${sym.box.vertical}${c.reset}  ${c.bold}${header}${c.reset}${" ".repeat(padding)}${c.dim}${suffix}${c.reset}  ${c.cyan}${sym.box.vertical}${c.reset}`);
+  console.log(`${c.cyan}${sym.box.teeRight}${"═".repeat(77)}${sym.box.teeLeft}${c.reset}`);
+  console.log(`${c.cyan}${sym.box.vertical}${c.reset}`);
+  console.log(`${c.cyan}${sym.box.vertical}${c.reset}  ${c.dim}${phase.description}${c.reset}`);
+  console.log(`${c.cyan}${sym.box.vertical}${c.reset}`);
+}
+
+function printCheckResult(check, verbose = false) {
+  let icon, color;
+  switch (check.status) {
+    case "pass":
+      icon = sym.check;
+      color = c.green;
+      break;
+    case "fail":
+    case "error":
+      icon = check.severity === "BLOCK" ? sym.cross : sym.warning;
+      color = check.severity === "BLOCK" ? c.red : c.yellow;
+      break;
+    case "skip":
+      icon = sym.arrow;
+      color = c.gray;
+      break;
+    default:
+      icon = "?";
+      color = c.gray;
+  }
+  
+  const desc = check.description.substring(0, 50);
+  const status = check.status.toUpperCase().padEnd(5);
+  const padding = Math.max(0, 55 - desc.length);
+  
+  console.log(`${c.cyan}${sym.box.vertical}${c.reset}  ${color}${icon}${c.reset} ${desc}${" ".repeat(padding)}${color}${status}${c.reset}`);
+  
+  if (check.error && check.status !== "pass") {
+    console.log(`${c.cyan}${sym.box.vertical}${c.reset}    ${c.dim}${sym.arrow} ${check.error}${c.reset}`);
+  }
+  
+  if (verbose && check.details) {
+    console.log(`${c.cyan}${sym.box.vertical}${c.reset}    ${c.dim}${check.details}${c.reset}`);
+  }
+  
+  if (verbose && check.findings && check.findings.length > 0) {
+    for (const finding of check.findings.slice(0, 3)) {
+      const loc = finding.file ? path.relative(process.cwd(), finding.file) : "";
+      console.log(`${c.cyan}${sym.box.vertical}${c.reset}    ${c.dim}📍 ${loc}:${finding.line || "?"}${c.reset}`);
+    }
+  }
+}
+
+function printBlockersSection(results) {
+  const blockerCount = results.blockers.length;
+  const warningCount = results.warnings.length;
+  
+  console.log();
+  console.log(`${c.cyan}${sym.box.topLeft}${"═".repeat(77)}${sym.box.topRight}${c.reset}`);
+  console.log(`${c.cyan}${sym.box.vertical}${c.reset}                                                                             ${c.cyan}${sym.box.vertical}${c.reset}`);
+  
+  const blockerText = `${sym.block} LAUNCH BLOCKERS`;
+  const blockerSuffix = `${blockerCount} found`;
+  const blockerPadding = Math.max(0, 77 - blockerText.length - blockerSuffix.length - 10);
+  
+  console.log(`${c.cyan}${sym.box.vertical}${c.reset}   ${blockerText}${" ".repeat(blockerPadding)}${blockerCount > 0 ? c.red : c.green}${blockerSuffix}${c.reset}     ${c.cyan}${sym.box.vertical}${c.reset}`);
+  console.log(`${c.cyan}${sym.box.vertical}${c.reset}                                                                             ${c.cyan}${sym.box.vertical}${c.reset}`);
+  console.log(`${c.cyan}${sym.box.teeRight}${"═".repeat(77)}${sym.box.teeLeft}${c.reset}`);
+  
+  if (blockerCount === 0) {
+    console.log(`${c.cyan}${sym.box.vertical}${c.reset}                                                                             ${c.cyan}${sym.box.vertical}${c.reset}`);
+    console.log(`${c.cyan}${sym.box.vertical}${c.reset}   ${c.green}${sym.check} No blockers! You're ready to launch.${c.reset}                                  ${c.cyan}${sym.box.vertical}${c.reset}`);
+    console.log(`${c.cyan}${sym.box.vertical}${c.reset}                                                                             ${c.cyan}${sym.box.vertical}${c.reset}`);
+  } else {
+    console.log(`${c.cyan}${sym.box.vertical}${c.reset}                                                                             ${c.cyan}${sym.box.vertical}${c.reset}`);
+    results.blockers.forEach((blocker, i) => {
+      const phaseLabel = `[${blocker.phase.toUpperCase()}]`;
+      const desc = (blocker.description || blocker.name).substring(0, 50);
+      console.log(`${c.cyan}${sym.box.vertical}${c.reset}  ${c.bold}${i + 1}.${c.reset} ${c.red}${phaseLabel}${c.reset} ${desc}`);
+      if (blocker.error) {
+        console.log(`${c.cyan}${sym.box.vertical}${c.reset}     ${c.dim}${sym.arrow} ${blocker.error.substring(0, 60)}${c.reset}`);
+      }
+      if (blocker.fix) {
+        console.log(`${c.cyan}${sym.box.vertical}${c.reset}     ${c.cyan}Fix: ${blocker.fix.substring(0, 55)}${c.reset}`);
+      }
+      console.log(`${c.cyan}${sym.box.vertical}${c.reset}`);
+    });
+  }
+  
+  // Warnings section
+  if (warningCount > 0) {
+    console.log(`${c.cyan}${sym.box.teeRight}${"═".repeat(77)}${sym.box.teeLeft}${c.reset}`);
+    console.log(`${c.cyan}${sym.box.vertical}${c.reset}                                                                             ${c.cyan}${sym.box.vertical}${c.reset}`);
+    
+    const warnText = `${sym.warning} WARNINGS (non-blocking)`;
+    const warnSuffix = `${warningCount} found`;
+    const warnPadding = Math.max(0, 77 - warnText.length - warnSuffix.length - 10);
+    
+    console.log(`${c.cyan}${sym.box.vertical}${c.reset}   ${c.yellow}${warnText}${c.reset}${" ".repeat(warnPadding)}${c.yellow}${warnSuffix}${c.reset}     ${c.cyan}${sym.box.vertical}${c.reset}`);
+    console.log(`${c.cyan}${sym.box.vertical}${c.reset}                                                                             ${c.cyan}${sym.box.vertical}${c.reset}`);
+    results.warnings.slice(0, 10).forEach(warning => {
+      const desc = (warning.description || warning.name).substring(0, 65);
+      console.log(`${c.cyan}${sym.box.vertical}${c.reset}   ${c.yellow}•${c.reset} ${desc}`);
+    });
+    if (warningCount > 10) {
+      console.log(`${c.cyan}${sym.box.vertical}${c.reset}   ${c.dim}... and ${warningCount - 10} more${c.reset}`);
+    }
+    console.log(`${c.cyan}${sym.box.vertical}${c.reset}                                                                             ${c.cyan}${sym.box.vertical}${c.reset}`);
+  }
+  
+  console.log(`${c.cyan}${sym.box.bottomLeft}${"═".repeat(77)}${sym.box.bottomRight}${c.reset}`);
+}
+
+function printVerdict(results, duration) {
+  const verdict = results.blockers.length === 0 ? 
+    (results.warnings.length === 0 ? "LAUNCH" : "WARN") : "BLOCK";
+  
+  const total = results.passed + results.blockers.length + results.warnings.length + results.skipped;
+  const score = total > 0 ? Math.max(0, Math.round(100 * (results.passed / total))) : 0;
+  
+  let verdictIcon;
+  switch (verdict) {
+    case "LAUNCH":
+      verdictIcon = sym.rocket;
+      break;
+    case "WARN":
+      verdictIcon = sym.warning;
+      break;
+    case "BLOCK":
+      verdictIcon = sym.block;
+      break;
+  }
+  
+  const verdictText = verdict === "LAUNCH" ? "READY TO LAUNCH" : verdict;
+  
+  console.log();
+  console.log(`${c.cyan}${sym.box.topLeft}${"═".repeat(77)}${sym.box.topRight}${c.reset}`);
+  console.log(`${c.cyan}${sym.box.vertical}${c.reset}                                                                             ${c.cyan}${sym.box.vertical}${c.reset}`);
+  console.log(`${c.cyan}${sym.box.vertical}${c.reset}   ${verdictIcon} ${c.bold}VERDICT: ${verdictText}${c.reset}                                         ${c.cyan}${sym.box.vertical}${c.reset}`);
+  console.log(`${c.cyan}${sym.box.vertical}${c.reset}                                                                             ${c.cyan}${sym.box.vertical}${c.reset}`);
+  console.log(`${c.cyan}${sym.box.vertical}${c.reset}   ${c.dim}┌─────────────────────────────────────────────────────────────────────┐${c.reset}   ${c.cyan}${sym.box.vertical}${c.reset}`);
+  console.log(`${c.cyan}${sym.box.vertical}${c.reset}   ${c.dim}│${c.reset}  Score: ${score}/100                                                      ${c.dim}│${c.reset}   ${c.cyan}${sym.box.vertical}${c.reset}`);
+  console.log(`${c.cyan}${sym.box.vertical}${c.reset}   ${c.dim}│${c.reset}  Blockers: ${results.blockers.length}    Warnings: ${results.warnings.length}    Passed: ${results.passed}                      ${c.dim}│${c.reset}   ${c.cyan}${sym.box.vertical}${c.reset}`);
+  console.log(`${c.cyan}${sym.box.vertical}${c.reset}   ${c.dim}│${c.reset}  Duration: ${formatDuration(duration)}                                                ${c.dim}│${c.reset}   ${c.cyan}${sym.box.vertical}${c.reset}`);
+  console.log(`${c.cyan}${sym.box.vertical}${c.reset}   ${c.dim}└─────────────────────────────────────────────────────────────────────┘${c.reset}   ${c.cyan}${sym.box.vertical}${c.reset}`);
+  console.log(`${c.cyan}${sym.box.vertical}${c.reset}                                                                             ${c.cyan}${sym.box.vertical}${c.reset}`);
+  console.log(`${c.cyan}${sym.box.bottomLeft}${"═".repeat(77)}${sym.box.bottomRight}${c.reset}`);
+  
+  return { verdict, score };
+}
+
+function formatDuration(ms) {
+  if (ms < 1000) return `${ms}ms`;
+  if (ms < 60000) return `${(ms / 1000).toFixed(1)}s`;
+  const minutes = Math.floor(ms / 60000);
+  const seconds = Math.floor((ms % 60000) / 1000);
+  return `${minutes}m ${seconds}s`;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// CI OUTPUT
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function printCIOutput(results, duration, packPath) {
+  const verdict = results.blockers.length === 0 ? 
+    (results.warnings.length === 0 ? "LAUNCH" : "WARN") : "BLOCK";
+  const total = results.passed + results.blockers.length + results.warnings.length + results.skipped;
+  const score = total > 0 ? Math.max(0, Math.round(100 * (results.passed / total))) : 0;
+  
+  console.log(`VERDICT=${verdict}`);
+  console.log(`SCORE=${score}`);
+  console.log(`BLOCKERS=${results.blockers.length}`);
+  console.log(`WARNINGS=${results.warnings.length}`);
+  console.log(`PASSED=${results.passed}`);
+  console.log(`SKIPPED=${results.skipped}`);
+  console.log(`DURATION_MS=${duration}`);
+  if (packPath) {
+    console.log(`PACK_PATH=${packPath}`);
+  }
+}
+
+function buildJsonOutput(results, duration, ctx) {
+  const verdict = results.blockers.length === 0 ? 
+    (results.warnings.length === 0 ? "LAUNCH" : "WARN") : "BLOCK";
+  const total = results.passed + results.blockers.length + results.warnings.length + results.skipped;
+  const score = total > 0 ? Math.max(0, Math.round(100 * (results.passed / total))) : 0;
+  
+  return {
+    version: LAUNCH_VERSION,
+    runId: `launch-${crypto.randomBytes(6).toString("hex")}`,
+    timestamp: new Date().toISOString(),
+    verdict,
+    score,
+    duration: {
+      ms: duration,
+      formatted: formatDuration(duration),
+    },
+    summary: {
+      blockers: results.blockers.length,
+      warnings: results.warnings.length,
+      passed: results.passed,
+      skipped: results.skipped,
+      errors: results.errors,
+    },
+    phases: results.phases.map(p => ({
+      phase: p.phase,
+      duration: p.duration,
+      checks: p.checks.map(ch => ({
+        name: ch.name,
+        description: ch.description,
+        status: ch.status,
+        severity: ch.severity,
+        duration: ch.duration,
+        error: ch.error,
+        fix: ch.fix,
+      })),
+    })),
+    blockers: results.blockers.map(b => ({
+      phase: b.phase,
+      name: b.name,
+      description: b.description,
+      error: b.error,
+      fix: b.fix,
+      findings: b.findings?.slice(0, 5),
+    })),
+    warnings: results.warnings.map(w => ({
+      phase: w.phase,
+      name: w.name,
+      description: w.description,
+      error: w.error,
+    })),
+    git: getGitInfo(ctx.projectRoot),
+    environment: {
+      nodeVersion: process.version,
+      platform: process.platform,
+      ci: process.env.CI === "true",
+      nodeEnv: process.env.NODE_ENV || "development",
+    },
+  };
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// ARTIFACT GENERATION
+// ═══════════════════════════════════════════════════════════════════════════════
+
+async function generateLaunchPack(results, duration, ctx, opts) {
+  const outputDir = opts.output || path.join(ctx.projectRoot, ".vibecheck", "launch");
+  
+  fs.mkdirSync(outputDir, { recursive: true });
+  
+  const timestamp = new Date().toISOString().replace(/[:.]/g, "-").slice(0, 19);
+  const packId = `launch-${timestamp}`;
+  
+  // Full results
+  const fullResults = buildJsonOutput(results, duration, ctx);
+  const fullPath = path.join(outputDir, `${packId}.json`);
+  fs.writeFileSync(fullPath, JSON.stringify(fullResults, null, 2));
+  
+  // Blockers only
+  const blockersPath = path.join(outputDir, "blockers.json");
+  fs.writeFileSync(blockersPath, JSON.stringify(results.blockers, null, 2));
+  
+  // Human-readable checklist
+  const checklistPath = path.join(outputDir, "checklist.md");
+  fs.writeFileSync(checklistPath, generateChecklist(results, fullResults));
+  
+  // Audit trail
+  const auditPath = path.join(outputDir, "audit-trail.json");
+  fs.writeFileSync(auditPath, JSON.stringify(generateAuditTrail(results, fullResults, ctx), null, 2));
+  
+  // Manifest
+  const manifestPath = path.join(outputDir, "manifest.json");
+  fs.writeFileSync(manifestPath, JSON.stringify({
+    id: packId,
+    version: LAUNCH_VERSION,
+    generated: new Date().toISOString(),
+    verdict: fullResults.verdict,
+    score: fullResults.score,
+    files: [
+      { name: `${packId}.json`, type: "results" },
+      { name: "blockers.json", type: "blockers" },
+      { name: "checklist.md", type: "checklist" },
+      { name: "audit-trail.json", type: "audit" },
+    ],
+  }, null, 2));
+  
+  return { packId, outputDir, fullPath };
+}
+
+function generateChecklist(results, fullResults) {
+  let md = `# Launch Checklist\n\n`;
+  md += `**Generated:** ${new Date().toISOString()}\n`;
+  md += `**Verdict:** ${fullResults.verdict}\n`;
+  md += `**Score:** ${fullResults.score}/100\n`;
+  
+  if (fullResults.git) {
+    md += `**Git:** ${fullResults.git.branch}@${fullResults.git.commit}${fullResults.git.dirty ? " (dirty)" : ""}\n`;
+  }
+  md += `\n`;
+  
+  md += `## Summary\n\n`;
+  md += `| Metric | Count |\n`;
+  md += `|--------|-------|\n`;
+  md += `| Blockers | ${results.blockers.length} |\n`;
+  md += `| Warnings | ${results.warnings.length} |\n`;
+  md += `| Passed | ${results.passed} |\n`;
+  md += `| Skipped | ${results.skipped} |\n`;
+  md += `\n`;
+  
+  if (results.blockers.length > 0) {
+    md += `## 🚫 Blockers\n\n`;
+    results.blockers.forEach((b, i) => {
+      md += `### ${i + 1}. [${b.phase.toUpperCase()}] ${b.description || b.name}\n\n`;
+      if (b.error) md += `**Error:** ${b.error}\n\n`;
+      if (b.fix) md += `**Fix:** ${b.fix}\n\n`;
+      if (b.findings && b.findings.length > 0) {
+        md += `**Locations:**\n`;
+        for (const f of b.findings.slice(0, 5)) {
+          if (f.file) {
+            md += `- \`${path.relative(process.cwd(), f.file)}:${f.line || "?"}\`\n`;
+          }
+        }
+        md += `\n`;
+      }
+    });
+  }
+  
+  if (results.warnings.length > 0) {
+    md += `## ⚠️ Warnings\n\n`;
+    results.warnings.forEach((w, i) => {
+      md += `${i + 1}. **[${w.phase.toUpperCase()}]** ${w.description || w.name}`;
+      if (w.error) md += ` - ${w.error}`;
+      md += `\n`;
+    });
+    md += `\n`;
+  }
+  
+  md += `## All Checks\n\n`;
+  for (const phase of results.phases) {
+    const phaseConfig = PHASES[phase.phase];
+    md += `### ${phaseConfig?.icon || "📋"} ${phaseConfig?.name || phase.phase}\n\n`;
+    
+    for (const check of phase.checks) {
+      const icon = check.status === "pass" ? "✅" : 
+                   check.status === "skip" ? "⏭️" :
+                   check.severity === "BLOCK" ? "❌" : "⚠️";
+      md += `- ${icon} ${check.description || check.name}`;
+      if (check.status !== "pass" && check.error) {
+        md += ` *(${check.error})*`;
+      }
+      md += `\n`;
+    }
+    md += `\n`;
+  }
+  
+  return md;
+}
+
+function generateAuditTrail(results, fullResults, ctx) {
+  return {
+    auditVersion: "1.0.0",
+    runId: fullResults.runId,
+    timestamp: fullResults.timestamp,
+    operator: {
+      userId: process.env.USER || process.env.USERNAME || "unknown",
+      email: process.env.GIT_AUTHOR_EMAIL || null,
+      method: process.env.CI ? "ci" : "cli",
+    },
+    repository: {
+      path: ctx.projectRoot,
+      ...fullResults.git,
+    },
+    environment: fullResults.environment,
+    execution: {
+      phases: results.phases.length,
+      duration: fullResults.duration.ms,
+      checks: results.phases.reduce((sum, p) => sum + p.checks.length, 0),
+    },
+    checks: results.phases.flatMap(phase => 
+      phase.checks.map(check => ({
+        phase: phase.phase,
+        check: check.name,
+        description: check.description,
+        status: check.status,
+        severity: check.severity,
+        duration: check.duration,
+        error: check.error || null,
+      }))
+    ),
+    verdict: fullResults.verdict,
+    score: fullResults.score,
+    attestation: {
+      hash: crypto.createHash("sha256")
+        .update(JSON.stringify({ verdict: fullResults.verdict, score: fullResults.score, timestamp: fullResults.timestamp }))
+        .digest("hex"),
+      signature: null, // Could be signed with private key
+    },
+  };
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// INTERACTIVE PROMPT
+// ═══════════════════════════════════════════════════════════════════════════════
+
+async function promptToContinue() {
+  return new Promise((resolve) => {
+    const rl = readline.createInterface({
+      input: process.stdin,
+      output: process.stdout,
+    });
+    
+    rl.question(`\n  ${c.dim}Press ENTER to start, or Ctrl+C to cancel...${c.reset}`, () => {
+      rl.close();
+      resolve(true);
+    });
+    
+    // Handle Ctrl+C gracefully
+    rl.on("close", () => resolve(false));
+  });
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// MAIN ENTRY POINT
+// ═══════════════════════════════════════════════════════════════════════════════
+
+async function runLaunch(args, context = {}) {
+  const { EXIT } = getExitCodes();
+  const opts = parseArgs(args);
+  
+  // Help
+  if (opts.help) {
+    printHelp();
+    return EXIT.SUCCESS;
+  }
+  
+  // Validate project path
+  if (!fs.existsSync(opts.path)) {
+    console.error(`${c.red}Error: Project path does not exist: ${opts.path}${c.reset}`);
+    return EXIT.USER_ERROR;
+  }
+  
+  // Context
+  const ctx = {
+    projectRoot: opts.path,
+    runId: context.runId || `launch-${Date.now()}`,
+    startTime: Date.now(),
+    isProduction: process.env.NODE_ENV === "production",
+  };
+  
+  // Dry run - show what would be checked
+  if (opts.dryRun) {
+    console.log(`\n${c.bold}Dry run - would check:${c.reset}\n`);
+    let phasesToRun = [...PHASE_ORDER];
+    if (opts.onlyPhases.length > 0) {
+      phasesToRun = opts.onlyPhases.filter(p => PHASE_ORDER.includes(p));
+    }
+    phasesToRun = phasesToRun.filter(p => !opts.skipPhases.includes(p));
+    
+    for (const phase of phasesToRun) {
+      const config = PHASES[phase];
+      console.log(`  ${config.icon} ${config.name}`);
+      console.log(`     ${c.dim}${config.description}${c.reset}`);
+    }
+    console.log();
+    return EXIT.SUCCESS;
+  }
+  
+  // Banner (interactive mode only)
+  if (!opts.ci && !opts.quiet && !opts.noBanner) {
+    printUnifiedBanner(projectRoot, opts);
+    const proceed = await promptToContinue();
+    if (!proceed) {
+      console.log(`\n  ${c.dim}Cancelled.${c.reset}\n`);
+      return EXIT.SUCCESS;
+    }
+  }
+  
+  // Run all phases
+  const startTime = Date.now();
+  let results;
+  
+  try {
+    results = await runAllPhases(ctx, opts);
+  } catch (err) {
+    if (!opts.ci && !opts.quiet) {
+      console.error(`\n${c.red}Fatal error: ${err.message}${c.reset}\n`);
+    }
+    if (opts.json) {
+      console.log(JSON.stringify({ error: err.message, verdict: "ERROR" }));
+    }
+    return EXIT.INTERNAL_ERROR;
+  }
+  
+  const duration = Date.now() - startTime;
+  
+  // Generate pack
+  let pack = null;
+  try {
+    pack = await generateLaunchPack(results, duration, ctx, opts);
+  } catch (err) {
+    if (!opts.quiet) {
+      console.error(`${c.yellow}Warning: Could not generate launch pack: ${err.message}${c.reset}`);
+    }
+  }
+  
+  // Output
+  if (opts.json) {
+    console.log(JSON.stringify(buildJsonOutput(results, duration, ctx), null, 2));
+  } else if (opts.ci) {
+    printCIOutput(results, duration, pack?.fullPath);
+  } else if (!opts.quiet) {
+    printBlockersSection(results);
+    const { verdict } = printVerdict(results, duration);
+    
+    if (pack) {
+      console.log();
+      console.log(`  ${c.dim}📦 Launch pack saved: ${pack.fullPath}${c.reset}`);
+    }
+    console.log();
+    
+    if (verdict === "LAUNCH" || verdict === "WARN") {
+      console.log(`  ${c.bold}Next:${c.reset} Deploy with confidence! Your launch audit is ready.`);
+      console.log(`        Share: ${c.cyan}vibecheck packs bundle --launch${c.reset}`);
+    } else {
+      console.log(`  ${c.bold}Next:${c.reset} Fix the blockers above before deploying.`);
+      console.log(`        Re-run: ${c.cyan}vibecheck launch${c.reset}`);
+    }
+    console.log();
+  }
+  
+  // Exit code
+  if (results.blockers.length > 0) {
+    return EXIT.BLOCKING;
+  } else if (results.warnings.length > 0) {
+    return EXIT.WARNINGS;
+  }
+  return EXIT.SUCCESS;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// EXPORTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+module.exports = { runLaunch };
+
+// Direct execution
+if (require.main === module) {
+  runLaunch(process.argv.slice(2))
+    .then(exitCode => process.exit(exitCode))
+    .catch(err => {
+      console.error(err);
+      process.exit(10);
+    });
+}