npm - vibecheck-ai - Versions diffs - 2.0.1 → 5.0.0 - Mend

vibecheck-ai 2.0.1 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (456) hide show

package/bin/.generated +25 -0
package/bin/_deprecations.js +463 -0
package/bin/_router.js +46 -0
package/bin/cli-hygiene.js +241 -0
package/bin/dev/run-v2-torture.js +30 -0
package/bin/registry.js +656 -0
package/bin/runners/CLI_REFACTOR_SUMMARY.md +229 -0
package/bin/runners/ENHANCEMENT_GUIDE.md +121 -0
package/bin/runners/REPORT_AUDIT.md +64 -0
package/bin/runners/cli-utils.js +1070 -0
package/bin/runners/context/ai-task-decomposer.js +337 -0
package/bin/runners/context/analyzer.js +513 -0
package/bin/runners/context/api-contracts.js +427 -0
package/bin/runners/context/context-diff.js +342 -0
package/bin/runners/context/context-pruner.js +291 -0
package/bin/runners/context/dependency-graph.js +414 -0
package/bin/runners/context/generators/claude.js +107 -0
package/bin/runners/context/generators/codex.js +108 -0
package/bin/runners/context/generators/copilot.js +119 -0
package/bin/runners/context/generators/cursor-enhanced.js +2525 -0
package/bin/runners/context/generators/cursor.js +514 -0
package/bin/runners/context/generators/mcp.js +169 -0
package/bin/runners/context/generators/windsurf.js +180 -0
package/bin/runners/context/git-context.js +304 -0
package/bin/runners/context/index.js +1110 -0
package/bin/runners/context/insights.js +173 -0
package/bin/runners/context/mcp-server/generate-rules.js +337 -0
package/bin/runners/context/mcp-server/index.js +1176 -0
package/bin/runners/context/mcp-server/package.json +24 -0
package/bin/runners/context/memory.js +200 -0
package/bin/runners/context/monorepo.js +215 -0
package/bin/runners/context/multi-repo-federation.js +404 -0
package/bin/runners/context/patterns.js +253 -0
package/bin/runners/context/proof-context.js +1264 -0
package/bin/runners/context/security-scanner.js +541 -0
package/bin/runners/context/semantic-search.js +350 -0
package/bin/runners/context/shared.js +264 -0
package/bin/runners/context/team-conventions.js +336 -0
package/bin/runners/lib/__tests__/entitlements-v2.test.js +295 -0
package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +474 -0
package/bin/runners/lib/agent-firewall/change-packet/builder.js +488 -0
package/bin/runners/lib/agent-firewall/change-packet/schema.json +228 -0
package/bin/runners/lib/agent-firewall/change-packet/store.js +200 -0
package/bin/runners/lib/agent-firewall/claims/claim-types.js +21 -0
package/bin/runners/lib/agent-firewall/claims/extractor.js +303 -0
package/bin/runners/lib/agent-firewall/claims/patterns.js +24 -0
package/bin/runners/lib/agent-firewall/critic/index.js +151 -0
package/bin/runners/lib/agent-firewall/critic/judge.js +432 -0
package/bin/runners/lib/agent-firewall/critic/prompts.js +305 -0
package/bin/runners/lib/agent-firewall/enforcement/gateway.js +1059 -0
package/bin/runners/lib/agent-firewall/enforcement/index.js +98 -0
package/bin/runners/lib/agent-firewall/enforcement/mode.js +318 -0
package/bin/runners/lib/agent-firewall/enforcement/orchestrator.js +484 -0
package/bin/runners/lib/agent-firewall/enforcement/proof-artifact.js +418 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/change-event.schema.json +173 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/intent.schema.json +181 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/verdict.schema.json +222 -0
package/bin/runners/lib/agent-firewall/enforcement/verdict-v2.js +333 -0
package/bin/runners/lib/agent-firewall/evidence/auth-evidence.js +88 -0
package/bin/runners/lib/agent-firewall/evidence/contract-evidence.js +75 -0
package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +127 -0
package/bin/runners/lib/agent-firewall/evidence/resolver.js +102 -0
package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +213 -0
package/bin/runners/lib/agent-firewall/evidence/side-effect-evidence.js +145 -0
package/bin/runners/lib/agent-firewall/fs-hook/daemon.js +19 -0
package/bin/runners/lib/agent-firewall/fs-hook/installer.js +87 -0
package/bin/runners/lib/agent-firewall/fs-hook/watcher.js +184 -0
package/bin/runners/lib/agent-firewall/git-hook/pre-commit.js +163 -0
package/bin/runners/lib/agent-firewall/ide-extension/cursor.js +107 -0
package/bin/runners/lib/agent-firewall/ide-extension/vscode.js +68 -0
package/bin/runners/lib/agent-firewall/ide-extension/windsurf.js +66 -0
package/bin/runners/lib/agent-firewall/index.js +200 -0
package/bin/runners/lib/agent-firewall/integration/index.js +20 -0
package/bin/runners/lib/agent-firewall/integration/ship-gate.js +437 -0
package/bin/runners/lib/agent-firewall/intent/alignment-engine.js +634 -0
package/bin/runners/lib/agent-firewall/intent/auto-detect.js +426 -0
package/bin/runners/lib/agent-firewall/intent/index.js +102 -0
package/bin/runners/lib/agent-firewall/intent/schema.js +352 -0
package/bin/runners/lib/agent-firewall/intent/store.js +283 -0
package/bin/runners/lib/agent-firewall/interception/fs-interceptor.js +502 -0
package/bin/runners/lib/agent-firewall/interception/index.js +23 -0
package/bin/runners/lib/agent-firewall/interceptor/base.js +308 -0
package/bin/runners/lib/agent-firewall/interceptor/cursor.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/vscode.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/windsurf.js +34 -0
package/bin/runners/lib/agent-firewall/lawbook/distributor.js +465 -0
package/bin/runners/lib/agent-firewall/lawbook/evaluator.js +604 -0
package/bin/runners/lib/agent-firewall/lawbook/index.js +304 -0
package/bin/runners/lib/agent-firewall/lawbook/registry.js +514 -0
package/bin/runners/lib/agent-firewall/lawbook/schema.js +420 -0
package/bin/runners/lib/agent-firewall/logger.js +141 -0
package/bin/runners/lib/agent-firewall/policy/default-policy.json +90 -0
package/bin/runners/lib/agent-firewall/policy/engine.js +103 -0
package/bin/runners/lib/agent-firewall/policy/loader.js +451 -0
package/bin/runners/lib/agent-firewall/policy/rules/auth-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/contract-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +79 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js +227 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +191 -0
package/bin/runners/lib/agent-firewall/policy/rules/scope.js +93 -0
package/bin/runners/lib/agent-firewall/policy/rules/unsafe-side-effect.js +57 -0
package/bin/runners/lib/agent-firewall/policy/schema.json +183 -0
package/bin/runners/lib/agent-firewall/policy/verdict.js +54 -0
package/bin/runners/lib/agent-firewall/proposal/extractor.js +394 -0
package/bin/runners/lib/agent-firewall/proposal/index.js +212 -0
package/bin/runners/lib/agent-firewall/proposal/schema.js +251 -0
package/bin/runners/lib/agent-firewall/proposal/validator.js +386 -0
package/bin/runners/lib/agent-firewall/reality/index.js +332 -0
package/bin/runners/lib/agent-firewall/reality/state.js +625 -0
package/bin/runners/lib/agent-firewall/reality/watcher.js +322 -0
package/bin/runners/lib/agent-firewall/risk/index.js +173 -0
package/bin/runners/lib/agent-firewall/risk/scorer.js +328 -0
package/bin/runners/lib/agent-firewall/risk/thresholds.js +322 -0
package/bin/runners/lib/agent-firewall/risk/vectors.js +421 -0
package/bin/runners/lib/agent-firewall/session/collector.js +451 -0
package/bin/runners/lib/agent-firewall/session/index.js +26 -0
package/bin/runners/lib/agent-firewall/simulator/diff-simulator.js +472 -0
package/bin/runners/lib/agent-firewall/simulator/import-resolver.js +346 -0
package/bin/runners/lib/agent-firewall/simulator/index.js +181 -0
package/bin/runners/lib/agent-firewall/simulator/route-validator.js +380 -0
package/bin/runners/lib/agent-firewall/time-machine/incident-correlator.js +661 -0
package/bin/runners/lib/agent-firewall/time-machine/index.js +267 -0
package/bin/runners/lib/agent-firewall/time-machine/replay-engine.js +436 -0
package/bin/runners/lib/agent-firewall/time-machine/state-reconstructor.js +490 -0
package/bin/runners/lib/agent-firewall/time-machine/timeline-builder.js +530 -0
package/bin/runners/lib/agent-firewall/truthpack/index.js +67 -0
package/bin/runners/lib/agent-firewall/truthpack/loader.js +137 -0
package/bin/runners/lib/agent-firewall/unblock/planner.js +337 -0
package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +118 -0
package/bin/runners/lib/ai-bridge.js +416 -0
package/bin/runners/lib/analysis-core.js +309 -0
package/bin/runners/lib/analyzers.js +2500 -0
package/bin/runners/lib/api-client.js +269 -0
package/bin/runners/lib/approve-output.js +235 -0
package/bin/runners/lib/artifact-envelope.js +540 -0
package/bin/runners/lib/assets/vibecheck-logo.png +0 -0
package/bin/runners/lib/audit-bridge.js +391 -0
package/bin/runners/lib/auth-shared.js +977 -0
package/bin/runners/lib/auth-truth.js +193 -0
package/bin/runners/lib/auth.js +215 -0
package/bin/runners/lib/authority-badge.js +425 -0
package/bin/runners/lib/backup.js +62 -0
package/bin/runners/lib/billing.js +107 -0
package/bin/runners/lib/checkpoint.js +941 -0
package/bin/runners/lib/claims.js +118 -0
package/bin/runners/lib/classify-output.js +204 -0
package/bin/runners/lib/cleanup/engine.js +571 -0
package/bin/runners/lib/cleanup/index.js +53 -0
package/bin/runners/lib/cleanup/output.js +375 -0
package/bin/runners/lib/cleanup/rules.js +1060 -0
package/bin/runners/lib/cli-output.js +400 -0
package/bin/runners/lib/cli-ui.js +540 -0
package/bin/runners/lib/compliance-bridge-new.js +0 -0
package/bin/runners/lib/compliance-bridge.js +165 -0
package/bin/runners/lib/contracts/auth-contract.js +202 -0
package/bin/runners/lib/contracts/env-contract.js +181 -0
package/bin/runners/lib/contracts/external-contract.js +206 -0
package/bin/runners/lib/contracts/guard.js +168 -0
package/bin/runners/lib/contracts/index.js +89 -0
package/bin/runners/lib/contracts/plan-validator.js +311 -0
package/bin/runners/lib/contracts/route-contract.js +199 -0
package/bin/runners/lib/contracts.js +804 -0
package/bin/runners/lib/default-config.js +127 -0
package/bin/runners/lib/detect.js +89 -0
package/bin/runners/lib/detectors-v2.js +622 -0
package/bin/runners/lib/doctor/autofix.js +254 -0
package/bin/runners/lib/doctor/diagnosis-receipt.js +454 -0
package/bin/runners/lib/doctor/failure-signatures.js +526 -0
package/bin/runners/lib/doctor/fix-script.js +336 -0
package/bin/runners/lib/doctor/index.js +37 -0
package/bin/runners/lib/doctor/modules/build-tools.js +453 -0
package/bin/runners/lib/doctor/modules/dependencies.js +325 -0
package/bin/runners/lib/doctor/modules/index.js +105 -0
package/bin/runners/lib/doctor/modules/network.js +250 -0
package/bin/runners/lib/doctor/modules/os-quirks.js +706 -0
package/bin/runners/lib/doctor/modules/project.js +312 -0
package/bin/runners/lib/doctor/modules/repo-integrity.js +485 -0
package/bin/runners/lib/doctor/modules/runtime.js +224 -0
package/bin/runners/lib/doctor/modules/security.js +350 -0
package/bin/runners/lib/doctor/modules/system.js +213 -0
package/bin/runners/lib/doctor/modules/vibecheck.js +394 -0
package/bin/runners/lib/doctor/reporter.js +262 -0
package/bin/runners/lib/doctor/safe-repair.js +384 -0
package/bin/runners/lib/doctor/service.js +262 -0
package/bin/runners/lib/doctor/types.js +113 -0
package/bin/runners/lib/doctor/ui.js +263 -0
package/bin/runners/lib/doctor-enhanced.js +233 -0
package/bin/runners/lib/doctor-output.js +226 -0
package/bin/runners/lib/doctor-v2.js +608 -0
package/bin/runners/lib/drift.js +425 -0
package/bin/runners/lib/enforcement.js +72 -0
package/bin/runners/lib/engine/ast-cache.js +210 -0
package/bin/runners/lib/engine/auth-extractor.js +211 -0
package/bin/runners/lib/engine/billing-extractor.js +112 -0
package/bin/runners/lib/engine/enforcement-extractor.js +100 -0
package/bin/runners/lib/engine/env-extractor.js +207 -0
package/bin/runners/lib/engine/express-extractor.js +208 -0
package/bin/runners/lib/engine/extractors.js +849 -0
package/bin/runners/lib/engine/index.js +207 -0
package/bin/runners/lib/engine/repo-index.js +514 -0
package/bin/runners/lib/engine/types.js +124 -0
package/bin/runners/lib/engines/accessibility-engine.js +190 -0
package/bin/runners/lib/engines/api-consistency-engine.js +162 -0
package/bin/runners/lib/engines/ast-cache.js +99 -0
package/bin/runners/lib/engines/attack-detector.js +1192 -0
package/bin/runners/lib/engines/code-quality-engine.js +255 -0
package/bin/runners/lib/engines/console-logs-engine.js +115 -0
package/bin/runners/lib/engines/cross-file-analysis-engine.js +268 -0
package/bin/runners/lib/engines/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/deprecated-api-engine.js +226 -0
package/bin/runners/lib/engines/empty-catch-engine.js +150 -0
package/bin/runners/lib/engines/file-filter.js +131 -0
package/bin/runners/lib/engines/hardcoded-secrets-engine.js +251 -0
package/bin/runners/lib/engines/mock-data-engine.js +272 -0
package/bin/runners/lib/engines/parallel-processor.js +71 -0
package/bin/runners/lib/engines/performance-issues-engine.js +265 -0
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +243 -0
package/bin/runners/lib/engines/todo-fixme-engine.js +115 -0
package/bin/runners/lib/engines/type-aware-engine.js +152 -0
package/bin/runners/lib/engines/unsafe-regex-engine.js +225 -0
package/bin/runners/lib/engines/vibecheck-engines/README.md +53 -0
package/bin/runners/lib/engines/vibecheck-engines/index.js +15 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +291 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +83 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +275 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +167 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +139 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +140 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +234 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +78 -0
package/bin/runners/lib/engines/vibecheck-engines/package.json +13 -0
package/bin/runners/lib/enterprise-detect.js +603 -0
package/bin/runners/lib/enterprise-init.js +942 -0
package/bin/runners/lib/entitlements-v2.js +265 -0
package/bin/runners/lib/entitlements.generated.js +0 -0
package/bin/runners/lib/entitlements.js +340 -0
package/bin/runners/lib/env-resolver.js +417 -0
package/bin/runners/lib/env-template.js +66 -0
package/bin/runners/lib/env.js +189 -0
package/bin/runners/lib/error-handler.js +368 -0
package/bin/runners/lib/error-messages.js +289 -0
package/bin/runners/lib/evidence-pack.js +684 -0
package/bin/runners/lib/exit-codes.js +275 -0
package/bin/runners/lib/extractors/client-calls.js +990 -0
package/bin/runners/lib/extractors/fastify-route-dump.js +573 -0
package/bin/runners/lib/extractors/fastify-routes.js +426 -0
package/bin/runners/lib/extractors/index.js +363 -0
package/bin/runners/lib/extractors/next-routes.js +524 -0
package/bin/runners/lib/extractors/proof-graph.js +431 -0
package/bin/runners/lib/extractors/route-matcher.js +451 -0
package/bin/runners/lib/extractors/truthpack-v2.js +377 -0
package/bin/runners/lib/extractors/ui-bindings.js +547 -0
package/bin/runners/lib/finding-id.js +69 -0
package/bin/runners/lib/finding-sorter.js +89 -0
package/bin/runners/lib/findings-schema.js +281 -0
package/bin/runners/lib/fingerprint.js +377 -0
package/bin/runners/lib/firewall-prompt.js +50 -0
package/bin/runners/lib/fix-output.js +228 -0
package/bin/runners/lib/global-flags.js +250 -0
package/bin/runners/lib/graph/graph-builder.js +265 -0
package/bin/runners/lib/graph/html-renderer.js +413 -0
package/bin/runners/lib/graph/index.js +32 -0
package/bin/runners/lib/graph/runtime-collector.js +215 -0
package/bin/runners/lib/graph/static-extractor.js +518 -0
package/bin/runners/lib/help-formatter.js +413 -0
package/bin/runners/lib/html-proof-report.js +913 -0
package/bin/runners/lib/html-report.js +650 -0
package/bin/runners/lib/init-wizard.js +601 -0
package/bin/runners/lib/interactive-menu.js +1496 -0
package/bin/runners/lib/json-output.js +76 -0
package/bin/runners/lib/llm.js +75 -0
package/bin/runners/lib/logger.js +38 -0
package/bin/runners/lib/meter.js +61 -0
package/bin/runners/lib/missions/briefing.js +427 -0
package/bin/runners/lib/missions/checkpoint.js +753 -0
package/bin/runners/lib/missions/evidence.js +126 -0
package/bin/runners/lib/missions/hardening.js +851 -0
package/bin/runners/lib/missions/plan.js +648 -0
package/bin/runners/lib/missions/safety-gates.js +645 -0
package/bin/runners/lib/missions/schema.js +478 -0
package/bin/runners/lib/missions/templates.js +317 -0
package/bin/runners/lib/next-action.js +560 -0
package/bin/runners/lib/packs/bundle.js +675 -0
package/bin/runners/lib/packs/evidence-pack.js +671 -0
package/bin/runners/lib/packs/pack-factory.js +837 -0
package/bin/runners/lib/packs/permissions-pack.js +686 -0
package/bin/runners/lib/packs/proof-graph-pack.js +779 -0
package/bin/runners/lib/patch.js +40 -0
package/bin/runners/lib/permissions/auth-model.js +213 -0
package/bin/runners/lib/permissions/idor-prover.js +205 -0
package/bin/runners/lib/permissions/index.js +45 -0
package/bin/runners/lib/permissions/matrix-builder.js +198 -0
package/bin/runners/lib/pkgjson.js +28 -0
package/bin/runners/lib/policy.js +295 -0
package/bin/runners/lib/polish/accessibility.js +62 -0
package/bin/runners/lib/polish/analyzer.js +93 -0
package/bin/runners/lib/polish/backend.js +87 -0
package/bin/runners/lib/polish/configuration.js +83 -0
package/bin/runners/lib/polish/documentation.js +83 -0
package/bin/runners/lib/polish/frontend.js +817 -0
package/bin/runners/lib/polish/index.js +27 -0
package/bin/runners/lib/polish/infrastructure.js +80 -0
package/bin/runners/lib/polish/internationalization.js +85 -0
package/bin/runners/lib/polish/libraries.js +180 -0
package/bin/runners/lib/polish/observability.js +75 -0
package/bin/runners/lib/polish/performance.js +64 -0
package/bin/runners/lib/polish/privacy.js +110 -0
package/bin/runners/lib/polish/resilience.js +92 -0
package/bin/runners/lib/polish/security.js +78 -0
package/bin/runners/lib/polish/seo.js +71 -0
package/bin/runners/lib/polish/styles.js +62 -0
package/bin/runners/lib/polish/utils.js +104 -0
package/bin/runners/lib/preflight.js +142 -0
package/bin/runners/lib/prerequisites.js +149 -0
package/bin/runners/lib/prove-output.js +220 -0
package/bin/runners/lib/reality/correlation-detectors.js +359 -0
package/bin/runners/lib/reality/index.js +318 -0
package/bin/runners/lib/reality/request-hashing.js +416 -0
package/bin/runners/lib/reality/request-mapper.js +453 -0
package/bin/runners/lib/reality/safety-rails.js +463 -0
package/bin/runners/lib/reality/semantic-snapshot.js +408 -0
package/bin/runners/lib/reality/toast-detector.js +393 -0
package/bin/runners/lib/reality-findings.js +84 -0
package/bin/runners/lib/reality-output.js +231 -0
package/bin/runners/lib/receipts.js +179 -0
package/bin/runners/lib/redact.js +29 -0
package/bin/runners/lib/replay/capsule-manager.js +154 -0
package/bin/runners/lib/replay/index.js +263 -0
package/bin/runners/lib/replay/player.js +348 -0
package/bin/runners/lib/replay/recorder.js +331 -0
package/bin/runners/lib/report-engine.js +626 -0
package/bin/runners/lib/report-html.js +1233 -0
package/bin/runners/lib/report-output.js +366 -0
package/bin/runners/lib/report-templates.js +967 -0
package/bin/runners/lib/report.js +135 -0
package/bin/runners/lib/route-detection.js +1209 -0
package/bin/runners/lib/route-truth.js +1322 -0
package/bin/runners/lib/safelist/index.js +96 -0
package/bin/runners/lib/safelist/integration.js +334 -0
package/bin/runners/lib/safelist/matcher.js +696 -0
package/bin/runners/lib/safelist/schema.js +948 -0
package/bin/runners/lib/safelist/store.js +438 -0
package/bin/runners/lib/sandbox/index.js +59 -0
package/bin/runners/lib/sandbox/proof-chain.js +399 -0
package/bin/runners/lib/sandbox/sandbox-runner.js +205 -0
package/bin/runners/lib/sandbox/worktree.js +174 -0
package/bin/runners/lib/scan-cache.js +330 -0
package/bin/runners/lib/scan-output-schema.js +344 -0
package/bin/runners/lib/scan-output.js +631 -0
package/bin/runners/lib/scan-runner.js +135 -0
package/bin/runners/lib/schema-validator.js +350 -0
package/bin/runners/lib/schemas/ajv-validator.js +464 -0
package/bin/runners/lib/schemas/contracts.schema.json +160 -0
package/bin/runners/lib/schemas/error-envelope.schema.json +105 -0
package/bin/runners/lib/schemas/finding-v3.schema.json +151 -0
package/bin/runners/lib/schemas/finding.schema.json +100 -0
package/bin/runners/lib/schemas/mission-pack.schema.json +206 -0
package/bin/runners/lib/schemas/proof-graph.schema.json +176 -0
package/bin/runners/lib/schemas/reality-report.schema.json +162 -0
package/bin/runners/lib/schemas/report-artifact.schema.json +120 -0
package/bin/runners/lib/schemas/run-request.schema.json +108 -0
package/bin/runners/lib/schemas/share-pack.schema.json +180 -0
package/bin/runners/lib/schemas/ship-manifest.schema.json +251 -0
package/bin/runners/lib/schemas/ship-report.schema.json +117 -0
package/bin/runners/lib/schemas/truthpack-v2.schema.json +303 -0
package/bin/runners/lib/schemas/validator.js +465 -0
package/bin/runners/lib/schemas/verdict.schema.json +140 -0
package/bin/runners/lib/score-history.js +282 -0
package/bin/runners/lib/security-bridge.js +249 -0
package/bin/runners/lib/server-usage.js +513 -0
package/bin/runners/lib/share-pack.js +239 -0
package/bin/runners/lib/ship-gate.js +832 -0
package/bin/runners/lib/ship-manifest.js +1153 -0
package/bin/runners/lib/ship-output-enterprise.js +239 -0
package/bin/runners/lib/ship-output.js +1128 -0
package/bin/runners/lib/snippets.js +67 -0
package/bin/runners/lib/status-output.js +340 -0
package/bin/runners/lib/terminal-ui.js +356 -0
package/bin/runners/lib/truth.js +1691 -0
package/bin/runners/lib/ui.js +562 -0
package/bin/runners/lib/unified-cli-output.js +947 -0
package/bin/runners/lib/unified-output.js +197 -0
package/bin/runners/lib/upsell.js +410 -0
package/bin/runners/lib/usage.js +153 -0
package/bin/runners/lib/validate-patch.js +156 -0
package/bin/runners/lib/verdict-engine.js +628 -0
package/bin/runners/lib/verification.js +345 -0
package/bin/runners/lib/why-tree.js +650 -0
package/bin/runners/reality/engine.js +917 -0
package/bin/runners/reality/flows.js +122 -0
package/bin/runners/reality/report.js +378 -0
package/bin/runners/reality/session.js +193 -0
package/bin/runners/runAIAgent.js +229 -0
package/bin/runners/runAgent.d.ts +5 -0
package/bin/runners/runAgent.js +161 -0
package/bin/runners/runAllowlist.js +418 -0
package/bin/runners/runApprove.js +320 -0
package/bin/runners/runAudit.js +692 -0
package/bin/runners/runAuth.js +731 -0
package/bin/runners/runCI.js +353 -0
package/bin/runners/runCheckpoint.js +530 -0
package/bin/runners/runClassify.js +928 -0
package/bin/runners/runCleanup.js +343 -0
package/bin/runners/runContext.d.ts +4 -0
package/bin/runners/runContext.js +175 -0
package/bin/runners/runDoctor.js +877 -0
package/bin/runners/runEvidencePack.js +362 -0
package/bin/runners/runFirewall.d.ts +5 -0
package/bin/runners/runFirewall.js +134 -0
package/bin/runners/runFirewallHook.d.ts +5 -0
package/bin/runners/runFirewallHook.js +56 -0
package/bin/runners/runFix.js +1355 -0
package/bin/runners/runForge.js +451 -0
package/bin/runners/runGuard.js +262 -0
package/bin/runners/runInit.js +1927 -0
package/bin/runners/runIntent.js +906 -0
package/bin/runners/runKickoff.js +878 -0
package/bin/runners/runLabs.js +424 -0
package/bin/runners/runLaunch.js +2000 -0
package/bin/runners/runLink.js +785 -0
package/bin/runners/runMcp.js +1875 -0
package/bin/runners/runPacks.js +2089 -0
package/bin/runners/runPolish.d.ts +4 -0
package/bin/runners/runPolish.js +390 -0
package/bin/runners/runPromptFirewall.js +211 -0
package/bin/runners/runProve.js +1411 -0
package/bin/runners/runQuickstart.js +531 -0
package/bin/runners/runReality.js +2260 -0
package/bin/runners/runReport.js +726 -0
package/bin/runners/runRuntime.js +110 -0
package/bin/runners/runSafelist.js +1190 -0
package/bin/runners/runScan.js +688 -0
package/bin/runners/runShield.js +1282 -0
package/bin/runners/runShip.js +1660 -0
package/bin/runners/runTruth.d.ts +5 -0
package/bin/runners/runTruth.js +101 -0
package/bin/runners/runValidate.js +179 -0
package/bin/runners/runWatch.js +478 -0
package/bin/runners/utils.js +360 -0
package/bin/scan.js +617 -0
package/bin/vibecheck.js +1617 -0
package/dist/guardrail/index.d.ts +2405 -0
package/dist/guardrail/index.js +9747 -0
package/dist/guardrail/index.js.map +1 -0
package/dist/scanner/index.d.ts +282 -0
package/dist/scanner/index.js +3395 -0
package/dist/scanner/index.js.map +1 -0
package/package.json +123 -104
package/README.md +0 -491
package/dist/index.js +0 -99711
package/dist/index.js.map +0 -1

package/README.md DELETED Viewed

@@ -1,491 +0,0 @@
-<p align="center">
-  <img src="https://vibecheckai.dev/logo.png" alt="VibeCheck Logo" width="100" />
-</p>
-<h1 align="center">VibeCheck</h1>
-<h3 align="center">
-  <strong>Stop AI Hallucinations. Ship Real Features.</strong>
-</h3>
-<p align="center">
-  The security layer for AI-assisted development.<br/>
-  Catches fake features, phantom APIs, and silent failures before they hit production.
-</p>
-<p align="center">
-  <a href="https://www.npmjs.com/package/vibecheck-ai"><img src="https://img.shields.io/npm/v/vibecheck-ai.svg?style=flat-square&color=E040FB" alt="npm version" /></a>
-  <a href="https://www.npmjs.com/package/vibecheck-ai"><img src="https://img.shields.io/npm/dm/vibecheck-ai.svg?style=flat-square&color=00E676" alt="npm downloads" /></a>
-  <a href="https://github.com/vibecheckai/vibecheck"><img src="https://img.shields.io/github/stars/vibecheckai/vibecheck?style=flat-square&color=FFD54F" alt="github stars" /></a>
-  <a href="https://github.com/vibecheckai/vibecheck/blob/main/LICENSE"><img src="https://img.shields.io/badge/license-MIT-blue.svg?style=flat-square" alt="license" /></a>
-</p>
-<p align="center">
-  <a href="https://vibecheckai.dev">Website</a> •
-  <a href="https://vibecheckai.dev/docs">Docs</a> •
-  <a href="https://vibecheckai.dev/discord">Discord</a> •
-  <a href="https://twitter.com/vibecheckai">Twitter</a>
-</p>
----
-## The Problem
-AI coding assistants are incredible. They're also **professional liars**.
-```typescript
-// Cursor/Copilot generated this. TypeScript happy. Linter passes. Code review: LGTM.
-async function getUser(id: string): Promise<User> {
-  return await fetch(`/api/v2/users/${id}`);  // ❌ This endpoint doesn't exist
-}
-async function chargeCustomer(order: Order) {
-  try {
-    await stripe.charges.create(order);  // ❌ Deprecated API since Stripe v3
-  } catch (e) {
-    // TODO: handle this later  // ❌ Payment failures silently swallowed
-  }
-}
-function getDashboardStats(): DashboardStats {
-  return { users: 1247, revenue: 84350 };  // ❌ Hardcoded. This is fake data.
-}
-```
-This code **compiles**. It **passes CI**. It gets **deployed**.
-Then your customers discover the payments don't work.
----
-## The Solution
-**VibeCheck catches what linters can't.**
-```bash
-$ vibecheck ship
-🔍 Running pre-ship checks...
-⛔ FAKE FEATURE: src/api/users.ts:4
-   Endpoint /api/v2/users/{id} does not exist in your routes
-   └─ AI generated a plausible URL that will 404 at runtime
-⚠️  DEPRECATED API: src/payments.ts:8
-   stripe.charges.create() was deprecated in Stripe SDK v3
-   └─ Use stripe.paymentIntents.create() instead
-⛔ SILENT FAILURE: src/payments.ts:11
-   Empty catch block in payment flow
-   └─ chargeCustomer() errors will be swallowed silently
-⚠️  MOCK DATA: src/dashboard.ts:16
-   getDashboardStats() returns hardcoded values
-   └─ This will never reflect actual database data
-Ship Status: BLOCKED (4 issues found)
-```
-**Before it ships. Not after the Slack message at 3am.**
----
-## Quick Start
-```bash
-# Install globally
-npm install -g vibecheck-ai
-# Or run with npx (no install)
-npx vibecheck-ai
-# Initialize in your project
-cd your-project
-vibecheck link
-# Run pre-ship checks
-vibecheck ship
-```
-That's it. Issues appear immediately.
----
-## Features
-### 🚀 Ship Command — Pre-Deployment Security Gate
-Run 10+ checks before every deployment:
-```bash
-vibecheck ship              # Full pre-deployment analysis
-vibecheck ship --fix        # Auto-fix issues automatically
-vibecheck ship --force      # Ship anyway (not recommended)
-```
-**Checks include:**
-- Truthpack validation (routes, env vars, auth)
-- Hallucination detection (fake APIs, deprecated methods)
-- Secret scanning (API keys, tokens, credentials)
-- Silent failure detection (empty catches, swallowed errors)
-- Mock data finder (hardcoded values in production code)
-- Drift detection (changes from verified baseline)
-- 80+ security patterns
----
-### 🎯 Reality Mode — Actually Run Your Code
-Static analysis can't catch everything. Reality Mode uses Playwright to **actually execute your code**:
-```bash
-vibecheck reality run       # Run scenarios and generate proof
-vibecheck reality report    # View detailed proof report
-```
-- Spins up real test environments
-- Makes actual API calls
-- Validates responses match expectations
-- Catches lies that static analysis misses
-- Generates cryptographic proof bundles
----
-### 🛡️ Truthpack — Your Project's Source of Truth
-VibeCheck extracts verified facts about your codebase:
-```bash
-vibecheck scan              # Generate truthpack
-vibecheck audit --mode validate file.ts  # Validate files vs truthpack
-```
-**What gets extracted:**
-- **Routes** — API endpoints with methods, paths, handlers
-- **Environment** — Required env vars with types and defaults
-- **Auth** — Authentication strategies and protected routes
-- **Database** — Schema definitions and relationships
-- **Dependencies** — Package versions and compatibility
-AI assistants reference this to stay grounded in reality.
----
-### 🔒 Code Firewall — Lock Critical Files
-Protect sensitive files from AI modifications:
-```javascript
-// vibecheck.config.mjs
-export default {
-  firewall: {
-    locked: ['.env*', 'src/core/**', 'credentials.json'],
-    warn: ['package.json', 'tsconfig.json'],
-  }
-};
-```
----
-### 📊 Enterprise Reports
-Generate beautiful HTML/PDF reports for compliance:
-```bash
-vibecheck report            # Generate HTML report
-vibecheck report --pdf      # Generate PDF report
-vibecheck report --json     # Machine-readable output
-```
----
-## All Commands
-| Command | Aliases | Description |
-|---------|---------|-------------|
-| `vibecheck link` | init, setup, configure | **Link project** — Initialize VibeCheck and create config |
-| `vibecheck audit` | check, validate | **Full audit** — Validate files vs truthpack + hallucination/drift detection |
-| `vibecheck scan` | — | Scan codebase and generate truthpack (.vibecheck/truthpack) |
-| `vibecheck ship` | — | **Pre-deployment security checks** |
-| `vibecheck quickstart` | start | Interactive setup wizard for new users |
-| `vibecheck certify` | verify | Full certification: Reality + Chaos → Badge |
-| `vibecheck status` | — | Show active modules and last run info |
-| `vibecheck reality run` | — | Run Reality Mode with proof generation |
-| `vibecheck missions` | — | View fix missions grouped by category |
-| `vibecheck fix` | — | Apply auto-fixes for detected issues |
-| `vibecheck forge` | — | Generate AI context rules for Cursor/Windsurf |
-| `vibecheck trace` | — | Trace data flow from sources to sinks |
-| `vibecheck github` | — | Set up GitHub Action for CI gate |
-| `vibecheck report` | — | Generate enterprise-grade reports |
-| `vibecheck badge` | — | Generate Ship Score badges for README |
-| `vibecheck config` | — | View or edit configuration |
-| `vibecheck doctor` | — | Validate system dependencies |
-| `vibecheck menu` | — | Open interactive menu |
----
-## Security Scanner
-Industry-leading detection with **80+ patterns**:
-<details>
-<summary><strong>🔑 Credentials (click to expand)</strong></summary>
-- AWS Access Keys & Secrets
-- GitHub Tokens (PAT, OAuth, App)
-- Stripe API Keys (Live & Test)
-- OpenAI & Anthropic API Keys
-- Google Cloud Service Accounts
-- Azure Connection Strings
-- npm Tokens & Registry Auth
-- Database Passwords & URIs
-- JWT Secrets & Private Keys
-- SendGrid, Twilio, Mailgun Keys
-</details>
-<details>
-<summary><strong>🛡️ Security Vulnerabilities</strong></summary>
-- SQL Injection patterns
-- Cross-Site Scripting (XSS)
-- Command Injection
-- Server-Side Request Forgery (SSRF)
-- Path Traversal attacks
-- Open Redirect vulnerabilities
-- CORS misconfigurations
-- Missing Content Security Policy
-- Insecure cookie settings
-- Timing attack vectors
-</details>
-<details>
-<summary><strong>🤖 AI Hallucinations</strong></summary>
-- Non-existent npm packages
-- Deprecated React 18 patterns
-- Phantom API endpoints
-- Fake environment variables
-- Made-up method names
-- Placeholder URLs (localhost, example.com)
-- Outdated library versions
-- Incorrect TypeScript types
-</details>
-<details>
-<summary><strong>⚛️ Framework-Specific</strong></summary>
-- Next.js server action issues
-- React hooks violations
-- Express without Helmet
-- Missing auth middleware
-- Unsafe trust-proxy settings
-- setState in render patterns
-- Missing error boundaries
-</details>
----
-## CI/CD Integration
-### GitHub Actions
-```yaml
-name: VibeCheck
-on: [push, pull_request]
-jobs:
-  vibecheck:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-      - run: npm install -g vibecheck-ai
-      - run: vibecheck ship --ci
-        env:
-          VIBECHECK_API_KEY: ${{ secrets.VIBECHECK_API_KEY }}
-```
-### Pre-commit Hook
-```json
-{
-  "husky": {
-    "hooks": {
-      "pre-commit": "vibecheck audit"
-    }
-  }
-}
-```
-### GitLab CI
-```yaml
-vibecheck:
-  stage: test
-  script:
-    - npm install -g vibecheck-ai
-    - vibecheck ship --ci
-```
----
-## IDE Integration
-### Cursor (MCP Server)
-```bash
-npm install -g @vibecheckai/mcp-server
-```
-```json
-// .cursor/mcp.json
-{
-  "mcpServers": {
-    "vibecheck": {
-      "command": "vibecheck-mcp"
-    }
-  }
-}
-```
-### VS Code Extension
-Install the [VibeCheck Extension](https://marketplace.visualstudio.com/items?itemName=vibecheckai.vibecheck) for:
-- Inline hallucination detection
-- Truthpack browser
-- Real-time firewall
-- One-click auto-fix
----
-## Configuration
-Create `vibecheck.config.mjs` in your project root:
-```javascript
-/** @type {import('vibecheck-ai').VibeCheckConfig} */
-export default {
-  // Project metadata
-  project: {
-    name: 'my-app',
-    type: 'nextjs', // 'nextjs' | 'react' | 'express' | 'fastify' | 'generic'
-  },
-  // What to analyze
-  include: ['src/**/*.ts', 'src/**/*.tsx'],
-  exclude: ['**/*.test.ts', '**/node_modules/**'],
-  // Analysis settings
-  analysis: {
-    strictness: 'standard', // 'relaxed' | 'standard' | 'paranoid'
-    checkDependencies: true,
-    checkEnvVars: true,
-    checkRoutes: true,
-  },
-  // File protection
-  firewall: {
-    locked: ['.env*', 'src/core/**'],
-    warn: ['package.json'],
-  },
-  // Reality Mode
-  reality: {
-    scenarios: ['auth', 'api', 'forms'],
-    timeout: 30000,
-  },
-};
-```
----
-## Pricing
-| Feature | Free | Pro ($19/mo) |
-|---------|------|--------------|
-| CLI Commands | ✅ All | ✅ All |
-| Local Scans | ✅ Unlimited | ✅ Unlimited |
-| Security Patterns | ✅ 80+ | ✅ 80+ |
-| Projects | 3 | Unlimited |
-| Scan History | 7 days | 90 days |
-| Cloud Dashboard | ❌ | ✅ |
-| Team Collaboration | ❌ | ✅ |
-| API Access | ❌ | ✅ |
-| Verified Badges | ❌ | ✅ |
-| Priority Support | ❌ | ✅ |
-**All CLI commands are free forever.** Pro unlocks cloud features and team collaboration.
----
-## Why VibeCheck?
-| Without VibeCheck | With VibeCheck |
-|-------------------|----------------|
-| AI invents fake APIs | References verified truthpack |
-| Runtime 404 errors | Compile-time detection |
-| Silent payment failures | Catches empty catch blocks |
-| Mock data in production | Detects hardcoded values |
-| Manual AI output review | Automated validation |
-| "Works on my machine" | Consistent team truth |
----
-## Requirements
-- **Node.js** 18.0.0 or higher
-- **OS**: Windows, macOS, Linux
-**Optional for Reality Mode:**
-- Playwright (auto-installed on first use)
----
-## Community
-- 💬 **Discord** — [Join our community](https://vibecheckai.dev/discord)
-- 🐦 **Twitter** — [@vibecheckai](https://twitter.com/vibecheckai)
-- 📦 **GitHub** — [vibecheckai/vibecheck](https://github.com/vibecheckai/vibecheck)
-- 📖 **Docs** — [vibecheckai.dev/docs](https://vibecheckai.dev/docs)
----
-## Contributing
-We welcome contributions! See [CONTRIBUTING.md](https://github.com/vibecheckai/vibecheck/blob/main/CONTRIBUTING.md).
-```bash
-# Clone the repo
-git clone https://github.com/vibecheckai/vibecheck.git
-# Install dependencies
-pnpm install
-# Run locally
-pnpm dev
-```
----
-## License
-MIT © [VibeCheck AI](https://vibecheckai.dev)
----
-<p align="center">
-  <strong>Your AI writes the code. VibeCheck makes sure it works.</strong>
-</p>
-<p align="center">
-  <a href="https://vibecheckai.dev">
-    <img src="https://img.shields.io/badge/Get%20Started-E040FB?style=for-the-badge&logoColor=white" alt="Get Started" />
-  </a>
-</p>