npm - vibecheck-ai - Versions diffs - 2.0.1 → 5.0.0 - Mend

vibecheck-ai 2.0.1 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (456) hide show

package/bin/.generated +25 -0
package/bin/_deprecations.js +463 -0
package/bin/_router.js +46 -0
package/bin/cli-hygiene.js +241 -0
package/bin/dev/run-v2-torture.js +30 -0
package/bin/registry.js +656 -0
package/bin/runners/CLI_REFACTOR_SUMMARY.md +229 -0
package/bin/runners/ENHANCEMENT_GUIDE.md +121 -0
package/bin/runners/REPORT_AUDIT.md +64 -0
package/bin/runners/cli-utils.js +1070 -0
package/bin/runners/context/ai-task-decomposer.js +337 -0
package/bin/runners/context/analyzer.js +513 -0
package/bin/runners/context/api-contracts.js +427 -0
package/bin/runners/context/context-diff.js +342 -0
package/bin/runners/context/context-pruner.js +291 -0
package/bin/runners/context/dependency-graph.js +414 -0
package/bin/runners/context/generators/claude.js +107 -0
package/bin/runners/context/generators/codex.js +108 -0
package/bin/runners/context/generators/copilot.js +119 -0
package/bin/runners/context/generators/cursor-enhanced.js +2525 -0
package/bin/runners/context/generators/cursor.js +514 -0
package/bin/runners/context/generators/mcp.js +169 -0
package/bin/runners/context/generators/windsurf.js +180 -0
package/bin/runners/context/git-context.js +304 -0
package/bin/runners/context/index.js +1110 -0
package/bin/runners/context/insights.js +173 -0
package/bin/runners/context/mcp-server/generate-rules.js +337 -0
package/bin/runners/context/mcp-server/index.js +1176 -0
package/bin/runners/context/mcp-server/package.json +24 -0
package/bin/runners/context/memory.js +200 -0
package/bin/runners/context/monorepo.js +215 -0
package/bin/runners/context/multi-repo-federation.js +404 -0
package/bin/runners/context/patterns.js +253 -0
package/bin/runners/context/proof-context.js +1264 -0
package/bin/runners/context/security-scanner.js +541 -0
package/bin/runners/context/semantic-search.js +350 -0
package/bin/runners/context/shared.js +264 -0
package/bin/runners/context/team-conventions.js +336 -0
package/bin/runners/lib/__tests__/entitlements-v2.test.js +295 -0
package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +474 -0
package/bin/runners/lib/agent-firewall/change-packet/builder.js +488 -0
package/bin/runners/lib/agent-firewall/change-packet/schema.json +228 -0
package/bin/runners/lib/agent-firewall/change-packet/store.js +200 -0
package/bin/runners/lib/agent-firewall/claims/claim-types.js +21 -0
package/bin/runners/lib/agent-firewall/claims/extractor.js +303 -0
package/bin/runners/lib/agent-firewall/claims/patterns.js +24 -0
package/bin/runners/lib/agent-firewall/critic/index.js +151 -0
package/bin/runners/lib/agent-firewall/critic/judge.js +432 -0
package/bin/runners/lib/agent-firewall/critic/prompts.js +305 -0
package/bin/runners/lib/agent-firewall/enforcement/gateway.js +1059 -0
package/bin/runners/lib/agent-firewall/enforcement/index.js +98 -0
package/bin/runners/lib/agent-firewall/enforcement/mode.js +318 -0
package/bin/runners/lib/agent-firewall/enforcement/orchestrator.js +484 -0
package/bin/runners/lib/agent-firewall/enforcement/proof-artifact.js +418 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/change-event.schema.json +173 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/intent.schema.json +181 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/verdict.schema.json +222 -0
package/bin/runners/lib/agent-firewall/enforcement/verdict-v2.js +333 -0
package/bin/runners/lib/agent-firewall/evidence/auth-evidence.js +88 -0
package/bin/runners/lib/agent-firewall/evidence/contract-evidence.js +75 -0
package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +127 -0
package/bin/runners/lib/agent-firewall/evidence/resolver.js +102 -0
package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +213 -0
package/bin/runners/lib/agent-firewall/evidence/side-effect-evidence.js +145 -0
package/bin/runners/lib/agent-firewall/fs-hook/daemon.js +19 -0
package/bin/runners/lib/agent-firewall/fs-hook/installer.js +87 -0
package/bin/runners/lib/agent-firewall/fs-hook/watcher.js +184 -0
package/bin/runners/lib/agent-firewall/git-hook/pre-commit.js +163 -0
package/bin/runners/lib/agent-firewall/ide-extension/cursor.js +107 -0
package/bin/runners/lib/agent-firewall/ide-extension/vscode.js +68 -0
package/bin/runners/lib/agent-firewall/ide-extension/windsurf.js +66 -0
package/bin/runners/lib/agent-firewall/index.js +200 -0
package/bin/runners/lib/agent-firewall/integration/index.js +20 -0
package/bin/runners/lib/agent-firewall/integration/ship-gate.js +437 -0
package/bin/runners/lib/agent-firewall/intent/alignment-engine.js +634 -0
package/bin/runners/lib/agent-firewall/intent/auto-detect.js +426 -0
package/bin/runners/lib/agent-firewall/intent/index.js +102 -0
package/bin/runners/lib/agent-firewall/intent/schema.js +352 -0
package/bin/runners/lib/agent-firewall/intent/store.js +283 -0
package/bin/runners/lib/agent-firewall/interception/fs-interceptor.js +502 -0
package/bin/runners/lib/agent-firewall/interception/index.js +23 -0
package/bin/runners/lib/agent-firewall/interceptor/base.js +308 -0
package/bin/runners/lib/agent-firewall/interceptor/cursor.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/vscode.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/windsurf.js +34 -0
package/bin/runners/lib/agent-firewall/lawbook/distributor.js +465 -0
package/bin/runners/lib/agent-firewall/lawbook/evaluator.js +604 -0
package/bin/runners/lib/agent-firewall/lawbook/index.js +304 -0
package/bin/runners/lib/agent-firewall/lawbook/registry.js +514 -0
package/bin/runners/lib/agent-firewall/lawbook/schema.js +420 -0
package/bin/runners/lib/agent-firewall/logger.js +141 -0
package/bin/runners/lib/agent-firewall/policy/default-policy.json +90 -0
package/bin/runners/lib/agent-firewall/policy/engine.js +103 -0
package/bin/runners/lib/agent-firewall/policy/loader.js +451 -0
package/bin/runners/lib/agent-firewall/policy/rules/auth-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/contract-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +79 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js +227 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +191 -0
package/bin/runners/lib/agent-firewall/policy/rules/scope.js +93 -0
package/bin/runners/lib/agent-firewall/policy/rules/unsafe-side-effect.js +57 -0
package/bin/runners/lib/agent-firewall/policy/schema.json +183 -0
package/bin/runners/lib/agent-firewall/policy/verdict.js +54 -0
package/bin/runners/lib/agent-firewall/proposal/extractor.js +394 -0
package/bin/runners/lib/agent-firewall/proposal/index.js +212 -0
package/bin/runners/lib/agent-firewall/proposal/schema.js +251 -0
package/bin/runners/lib/agent-firewall/proposal/validator.js +386 -0
package/bin/runners/lib/agent-firewall/reality/index.js +332 -0
package/bin/runners/lib/agent-firewall/reality/state.js +625 -0
package/bin/runners/lib/agent-firewall/reality/watcher.js +322 -0
package/bin/runners/lib/agent-firewall/risk/index.js +173 -0
package/bin/runners/lib/agent-firewall/risk/scorer.js +328 -0
package/bin/runners/lib/agent-firewall/risk/thresholds.js +322 -0
package/bin/runners/lib/agent-firewall/risk/vectors.js +421 -0
package/bin/runners/lib/agent-firewall/session/collector.js +451 -0
package/bin/runners/lib/agent-firewall/session/index.js +26 -0
package/bin/runners/lib/agent-firewall/simulator/diff-simulator.js +472 -0
package/bin/runners/lib/agent-firewall/simulator/import-resolver.js +346 -0
package/bin/runners/lib/agent-firewall/simulator/index.js +181 -0
package/bin/runners/lib/agent-firewall/simulator/route-validator.js +380 -0
package/bin/runners/lib/agent-firewall/time-machine/incident-correlator.js +661 -0
package/bin/runners/lib/agent-firewall/time-machine/index.js +267 -0
package/bin/runners/lib/agent-firewall/time-machine/replay-engine.js +436 -0
package/bin/runners/lib/agent-firewall/time-machine/state-reconstructor.js +490 -0
package/bin/runners/lib/agent-firewall/time-machine/timeline-builder.js +530 -0
package/bin/runners/lib/agent-firewall/truthpack/index.js +67 -0
package/bin/runners/lib/agent-firewall/truthpack/loader.js +137 -0
package/bin/runners/lib/agent-firewall/unblock/planner.js +337 -0
package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +118 -0
package/bin/runners/lib/ai-bridge.js +416 -0
package/bin/runners/lib/analysis-core.js +309 -0
package/bin/runners/lib/analyzers.js +2500 -0
package/bin/runners/lib/api-client.js +269 -0
package/bin/runners/lib/approve-output.js +235 -0
package/bin/runners/lib/artifact-envelope.js +540 -0
package/bin/runners/lib/assets/vibecheck-logo.png +0 -0
package/bin/runners/lib/audit-bridge.js +391 -0
package/bin/runners/lib/auth-shared.js +977 -0
package/bin/runners/lib/auth-truth.js +193 -0
package/bin/runners/lib/auth.js +215 -0
package/bin/runners/lib/authority-badge.js +425 -0
package/bin/runners/lib/backup.js +62 -0
package/bin/runners/lib/billing.js +107 -0
package/bin/runners/lib/checkpoint.js +941 -0
package/bin/runners/lib/claims.js +118 -0
package/bin/runners/lib/classify-output.js +204 -0
package/bin/runners/lib/cleanup/engine.js +571 -0
package/bin/runners/lib/cleanup/index.js +53 -0
package/bin/runners/lib/cleanup/output.js +375 -0
package/bin/runners/lib/cleanup/rules.js +1060 -0
package/bin/runners/lib/cli-output.js +400 -0
package/bin/runners/lib/cli-ui.js +540 -0
package/bin/runners/lib/compliance-bridge-new.js +0 -0
package/bin/runners/lib/compliance-bridge.js +165 -0
package/bin/runners/lib/contracts/auth-contract.js +202 -0
package/bin/runners/lib/contracts/env-contract.js +181 -0
package/bin/runners/lib/contracts/external-contract.js +206 -0
package/bin/runners/lib/contracts/guard.js +168 -0
package/bin/runners/lib/contracts/index.js +89 -0
package/bin/runners/lib/contracts/plan-validator.js +311 -0
package/bin/runners/lib/contracts/route-contract.js +199 -0
package/bin/runners/lib/contracts.js +804 -0
package/bin/runners/lib/default-config.js +127 -0
package/bin/runners/lib/detect.js +89 -0
package/bin/runners/lib/detectors-v2.js +622 -0
package/bin/runners/lib/doctor/autofix.js +254 -0
package/bin/runners/lib/doctor/diagnosis-receipt.js +454 -0
package/bin/runners/lib/doctor/failure-signatures.js +526 -0
package/bin/runners/lib/doctor/fix-script.js +336 -0
package/bin/runners/lib/doctor/index.js +37 -0
package/bin/runners/lib/doctor/modules/build-tools.js +453 -0
package/bin/runners/lib/doctor/modules/dependencies.js +325 -0
package/bin/runners/lib/doctor/modules/index.js +105 -0
package/bin/runners/lib/doctor/modules/network.js +250 -0
package/bin/runners/lib/doctor/modules/os-quirks.js +706 -0
package/bin/runners/lib/doctor/modules/project.js +312 -0
package/bin/runners/lib/doctor/modules/repo-integrity.js +485 -0
package/bin/runners/lib/doctor/modules/runtime.js +224 -0
package/bin/runners/lib/doctor/modules/security.js +350 -0
package/bin/runners/lib/doctor/modules/system.js +213 -0
package/bin/runners/lib/doctor/modules/vibecheck.js +394 -0
package/bin/runners/lib/doctor/reporter.js +262 -0
package/bin/runners/lib/doctor/safe-repair.js +384 -0
package/bin/runners/lib/doctor/service.js +262 -0
package/bin/runners/lib/doctor/types.js +113 -0
package/bin/runners/lib/doctor/ui.js +263 -0
package/bin/runners/lib/doctor-enhanced.js +233 -0
package/bin/runners/lib/doctor-output.js +226 -0
package/bin/runners/lib/doctor-v2.js +608 -0
package/bin/runners/lib/drift.js +425 -0
package/bin/runners/lib/enforcement.js +72 -0
package/bin/runners/lib/engine/ast-cache.js +210 -0
package/bin/runners/lib/engine/auth-extractor.js +211 -0
package/bin/runners/lib/engine/billing-extractor.js +112 -0
package/bin/runners/lib/engine/enforcement-extractor.js +100 -0
package/bin/runners/lib/engine/env-extractor.js +207 -0
package/bin/runners/lib/engine/express-extractor.js +208 -0
package/bin/runners/lib/engine/extractors.js +849 -0
package/bin/runners/lib/engine/index.js +207 -0
package/bin/runners/lib/engine/repo-index.js +514 -0
package/bin/runners/lib/engine/types.js +124 -0
package/bin/runners/lib/engines/accessibility-engine.js +190 -0
package/bin/runners/lib/engines/api-consistency-engine.js +162 -0
package/bin/runners/lib/engines/ast-cache.js +99 -0
package/bin/runners/lib/engines/attack-detector.js +1192 -0
package/bin/runners/lib/engines/code-quality-engine.js +255 -0
package/bin/runners/lib/engines/console-logs-engine.js +115 -0
package/bin/runners/lib/engines/cross-file-analysis-engine.js +268 -0
package/bin/runners/lib/engines/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/deprecated-api-engine.js +226 -0
package/bin/runners/lib/engines/empty-catch-engine.js +150 -0
package/bin/runners/lib/engines/file-filter.js +131 -0
package/bin/runners/lib/engines/hardcoded-secrets-engine.js +251 -0
package/bin/runners/lib/engines/mock-data-engine.js +272 -0
package/bin/runners/lib/engines/parallel-processor.js +71 -0
package/bin/runners/lib/engines/performance-issues-engine.js +265 -0
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +243 -0
package/bin/runners/lib/engines/todo-fixme-engine.js +115 -0
package/bin/runners/lib/engines/type-aware-engine.js +152 -0
package/bin/runners/lib/engines/unsafe-regex-engine.js +225 -0
package/bin/runners/lib/engines/vibecheck-engines/README.md +53 -0
package/bin/runners/lib/engines/vibecheck-engines/index.js +15 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +291 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +83 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +275 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +167 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +139 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +140 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +234 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +78 -0
package/bin/runners/lib/engines/vibecheck-engines/package.json +13 -0
package/bin/runners/lib/enterprise-detect.js +603 -0
package/bin/runners/lib/enterprise-init.js +942 -0
package/bin/runners/lib/entitlements-v2.js +265 -0
package/bin/runners/lib/entitlements.generated.js +0 -0
package/bin/runners/lib/entitlements.js +340 -0
package/bin/runners/lib/env-resolver.js +417 -0
package/bin/runners/lib/env-template.js +66 -0
package/bin/runners/lib/env.js +189 -0
package/bin/runners/lib/error-handler.js +368 -0
package/bin/runners/lib/error-messages.js +289 -0
package/bin/runners/lib/evidence-pack.js +684 -0
package/bin/runners/lib/exit-codes.js +275 -0
package/bin/runners/lib/extractors/client-calls.js +990 -0
package/bin/runners/lib/extractors/fastify-route-dump.js +573 -0
package/bin/runners/lib/extractors/fastify-routes.js +426 -0
package/bin/runners/lib/extractors/index.js +363 -0
package/bin/runners/lib/extractors/next-routes.js +524 -0
package/bin/runners/lib/extractors/proof-graph.js +431 -0
package/bin/runners/lib/extractors/route-matcher.js +451 -0
package/bin/runners/lib/extractors/truthpack-v2.js +377 -0
package/bin/runners/lib/extractors/ui-bindings.js +547 -0
package/bin/runners/lib/finding-id.js +69 -0
package/bin/runners/lib/finding-sorter.js +89 -0
package/bin/runners/lib/findings-schema.js +281 -0
package/bin/runners/lib/fingerprint.js +377 -0
package/bin/runners/lib/firewall-prompt.js +50 -0
package/bin/runners/lib/fix-output.js +228 -0
package/bin/runners/lib/global-flags.js +250 -0
package/bin/runners/lib/graph/graph-builder.js +265 -0
package/bin/runners/lib/graph/html-renderer.js +413 -0
package/bin/runners/lib/graph/index.js +32 -0
package/bin/runners/lib/graph/runtime-collector.js +215 -0
package/bin/runners/lib/graph/static-extractor.js +518 -0
package/bin/runners/lib/help-formatter.js +413 -0
package/bin/runners/lib/html-proof-report.js +913 -0
package/bin/runners/lib/html-report.js +650 -0
package/bin/runners/lib/init-wizard.js +601 -0
package/bin/runners/lib/interactive-menu.js +1496 -0
package/bin/runners/lib/json-output.js +76 -0
package/bin/runners/lib/llm.js +75 -0
package/bin/runners/lib/logger.js +38 -0
package/bin/runners/lib/meter.js +61 -0
package/bin/runners/lib/missions/briefing.js +427 -0
package/bin/runners/lib/missions/checkpoint.js +753 -0
package/bin/runners/lib/missions/evidence.js +126 -0
package/bin/runners/lib/missions/hardening.js +851 -0
package/bin/runners/lib/missions/plan.js +648 -0
package/bin/runners/lib/missions/safety-gates.js +645 -0
package/bin/runners/lib/missions/schema.js +478 -0
package/bin/runners/lib/missions/templates.js +317 -0
package/bin/runners/lib/next-action.js +560 -0
package/bin/runners/lib/packs/bundle.js +675 -0
package/bin/runners/lib/packs/evidence-pack.js +671 -0
package/bin/runners/lib/packs/pack-factory.js +837 -0
package/bin/runners/lib/packs/permissions-pack.js +686 -0
package/bin/runners/lib/packs/proof-graph-pack.js +779 -0
package/bin/runners/lib/patch.js +40 -0
package/bin/runners/lib/permissions/auth-model.js +213 -0
package/bin/runners/lib/permissions/idor-prover.js +205 -0
package/bin/runners/lib/permissions/index.js +45 -0
package/bin/runners/lib/permissions/matrix-builder.js +198 -0
package/bin/runners/lib/pkgjson.js +28 -0
package/bin/runners/lib/policy.js +295 -0
package/bin/runners/lib/polish/accessibility.js +62 -0
package/bin/runners/lib/polish/analyzer.js +93 -0
package/bin/runners/lib/polish/backend.js +87 -0
package/bin/runners/lib/polish/configuration.js +83 -0
package/bin/runners/lib/polish/documentation.js +83 -0
package/bin/runners/lib/polish/frontend.js +817 -0
package/bin/runners/lib/polish/index.js +27 -0
package/bin/runners/lib/polish/infrastructure.js +80 -0
package/bin/runners/lib/polish/internationalization.js +85 -0
package/bin/runners/lib/polish/libraries.js +180 -0
package/bin/runners/lib/polish/observability.js +75 -0
package/bin/runners/lib/polish/performance.js +64 -0
package/bin/runners/lib/polish/privacy.js +110 -0
package/bin/runners/lib/polish/resilience.js +92 -0
package/bin/runners/lib/polish/security.js +78 -0
package/bin/runners/lib/polish/seo.js +71 -0
package/bin/runners/lib/polish/styles.js +62 -0
package/bin/runners/lib/polish/utils.js +104 -0
package/bin/runners/lib/preflight.js +142 -0
package/bin/runners/lib/prerequisites.js +149 -0
package/bin/runners/lib/prove-output.js +220 -0
package/bin/runners/lib/reality/correlation-detectors.js +359 -0
package/bin/runners/lib/reality/index.js +318 -0
package/bin/runners/lib/reality/request-hashing.js +416 -0
package/bin/runners/lib/reality/request-mapper.js +453 -0
package/bin/runners/lib/reality/safety-rails.js +463 -0
package/bin/runners/lib/reality/semantic-snapshot.js +408 -0
package/bin/runners/lib/reality/toast-detector.js +393 -0
package/bin/runners/lib/reality-findings.js +84 -0
package/bin/runners/lib/reality-output.js +231 -0
package/bin/runners/lib/receipts.js +179 -0
package/bin/runners/lib/redact.js +29 -0
package/bin/runners/lib/replay/capsule-manager.js +154 -0
package/bin/runners/lib/replay/index.js +263 -0
package/bin/runners/lib/replay/player.js +348 -0
package/bin/runners/lib/replay/recorder.js +331 -0
package/bin/runners/lib/report-engine.js +626 -0
package/bin/runners/lib/report-html.js +1233 -0
package/bin/runners/lib/report-output.js +366 -0
package/bin/runners/lib/report-templates.js +967 -0
package/bin/runners/lib/report.js +135 -0
package/bin/runners/lib/route-detection.js +1209 -0
package/bin/runners/lib/route-truth.js +1322 -0
package/bin/runners/lib/safelist/index.js +96 -0
package/bin/runners/lib/safelist/integration.js +334 -0
package/bin/runners/lib/safelist/matcher.js +696 -0
package/bin/runners/lib/safelist/schema.js +948 -0
package/bin/runners/lib/safelist/store.js +438 -0
package/bin/runners/lib/sandbox/index.js +59 -0
package/bin/runners/lib/sandbox/proof-chain.js +399 -0
package/bin/runners/lib/sandbox/sandbox-runner.js +205 -0
package/bin/runners/lib/sandbox/worktree.js +174 -0
package/bin/runners/lib/scan-cache.js +330 -0
package/bin/runners/lib/scan-output-schema.js +344 -0
package/bin/runners/lib/scan-output.js +631 -0
package/bin/runners/lib/scan-runner.js +135 -0
package/bin/runners/lib/schema-validator.js +350 -0
package/bin/runners/lib/schemas/ajv-validator.js +464 -0
package/bin/runners/lib/schemas/contracts.schema.json +160 -0
package/bin/runners/lib/schemas/error-envelope.schema.json +105 -0
package/bin/runners/lib/schemas/finding-v3.schema.json +151 -0
package/bin/runners/lib/schemas/finding.schema.json +100 -0
package/bin/runners/lib/schemas/mission-pack.schema.json +206 -0
package/bin/runners/lib/schemas/proof-graph.schema.json +176 -0
package/bin/runners/lib/schemas/reality-report.schema.json +162 -0
package/bin/runners/lib/schemas/report-artifact.schema.json +120 -0
package/bin/runners/lib/schemas/run-request.schema.json +108 -0
package/bin/runners/lib/schemas/share-pack.schema.json +180 -0
package/bin/runners/lib/schemas/ship-manifest.schema.json +251 -0
package/bin/runners/lib/schemas/ship-report.schema.json +117 -0
package/bin/runners/lib/schemas/truthpack-v2.schema.json +303 -0
package/bin/runners/lib/schemas/validator.js +465 -0
package/bin/runners/lib/schemas/verdict.schema.json +140 -0
package/bin/runners/lib/score-history.js +282 -0
package/bin/runners/lib/security-bridge.js +249 -0
package/bin/runners/lib/server-usage.js +513 -0
package/bin/runners/lib/share-pack.js +239 -0
package/bin/runners/lib/ship-gate.js +832 -0
package/bin/runners/lib/ship-manifest.js +1153 -0
package/bin/runners/lib/ship-output-enterprise.js +239 -0
package/bin/runners/lib/ship-output.js +1128 -0
package/bin/runners/lib/snippets.js +67 -0
package/bin/runners/lib/status-output.js +340 -0
package/bin/runners/lib/terminal-ui.js +356 -0
package/bin/runners/lib/truth.js +1691 -0
package/bin/runners/lib/ui.js +562 -0
package/bin/runners/lib/unified-cli-output.js +947 -0
package/bin/runners/lib/unified-output.js +197 -0
package/bin/runners/lib/upsell.js +410 -0
package/bin/runners/lib/usage.js +153 -0
package/bin/runners/lib/validate-patch.js +156 -0
package/bin/runners/lib/verdict-engine.js +628 -0
package/bin/runners/lib/verification.js +345 -0
package/bin/runners/lib/why-tree.js +650 -0
package/bin/runners/reality/engine.js +917 -0
package/bin/runners/reality/flows.js +122 -0
package/bin/runners/reality/report.js +378 -0
package/bin/runners/reality/session.js +193 -0
package/bin/runners/runAIAgent.js +229 -0
package/bin/runners/runAgent.d.ts +5 -0
package/bin/runners/runAgent.js +161 -0
package/bin/runners/runAllowlist.js +418 -0
package/bin/runners/runApprove.js +320 -0
package/bin/runners/runAudit.js +692 -0
package/bin/runners/runAuth.js +731 -0
package/bin/runners/runCI.js +353 -0
package/bin/runners/runCheckpoint.js +530 -0
package/bin/runners/runClassify.js +928 -0
package/bin/runners/runCleanup.js +343 -0
package/bin/runners/runContext.d.ts +4 -0
package/bin/runners/runContext.js +175 -0
package/bin/runners/runDoctor.js +877 -0
package/bin/runners/runEvidencePack.js +362 -0
package/bin/runners/runFirewall.d.ts +5 -0
package/bin/runners/runFirewall.js +134 -0
package/bin/runners/runFirewallHook.d.ts +5 -0
package/bin/runners/runFirewallHook.js +56 -0
package/bin/runners/runFix.js +1355 -0
package/bin/runners/runForge.js +451 -0
package/bin/runners/runGuard.js +262 -0
package/bin/runners/runInit.js +1927 -0
package/bin/runners/runIntent.js +906 -0
package/bin/runners/runKickoff.js +878 -0
package/bin/runners/runLabs.js +424 -0
package/bin/runners/runLaunch.js +2000 -0
package/bin/runners/runLink.js +785 -0
package/bin/runners/runMcp.js +1875 -0
package/bin/runners/runPacks.js +2089 -0
package/bin/runners/runPolish.d.ts +4 -0
package/bin/runners/runPolish.js +390 -0
package/bin/runners/runPromptFirewall.js +211 -0
package/bin/runners/runProve.js +1411 -0
package/bin/runners/runQuickstart.js +531 -0
package/bin/runners/runReality.js +2260 -0
package/bin/runners/runReport.js +726 -0
package/bin/runners/runRuntime.js +110 -0
package/bin/runners/runSafelist.js +1190 -0
package/bin/runners/runScan.js +688 -0
package/bin/runners/runShield.js +1282 -0
package/bin/runners/runShip.js +1660 -0
package/bin/runners/runTruth.d.ts +5 -0
package/bin/runners/runTruth.js +101 -0
package/bin/runners/runValidate.js +179 -0
package/bin/runners/runWatch.js +478 -0
package/bin/runners/utils.js +360 -0
package/bin/scan.js +617 -0
package/bin/vibecheck.js +1617 -0
package/dist/guardrail/index.d.ts +2405 -0
package/dist/guardrail/index.js +9747 -0
package/dist/guardrail/index.js.map +1 -0
package/dist/scanner/index.d.ts +282 -0
package/dist/scanner/index.js +3395 -0
package/dist/scanner/index.js.map +1 -0
package/package.json +123 -104
package/README.md +0 -491
package/dist/index.js +0 -99711
package/dist/index.js.map +0 -1

package/bin/runners/lib/agent-firewall/evidence/resolver.js ADDED Viewed

@@ -0,0 +1,102 @@
+/**
+ * Evidence Resolver
+ *
+ * Main orchestrator for resolving claims against truthpack.
+ * Returns PROVEN, UNPROVEN, or CONTRADICTS for each claim.
+ */
+"use strict";
+const routeEvidence = require("./route-evidence");
+const envEvidence = require("./env-evidence");
+const authEvidence = require("./auth-evidence");
+const contractEvidence = require("./contract-evidence");
+const sideEffectEvidence = require("./side-effect-evidence");
+const { CLAIM_TYPES } = require("../claims/claim-types");
+/**
+ * Resolve evidence for all claims
+ * @param {string} projectRoot - Project root directory
+ * @param {array} claims - Array of claims to resolve
+ * @returns {array} Array of evidence results
+ */
+function resolveEvidence(projectRoot, claims) {
+  const results = [];
+  for (let i = 0; i < claims.length; i++) {
+    const claim = claims[i];
+    const claimId = `claim_${i}`;
+    let result;
+    switch (claim.type) {
+      case CLAIM_TYPES.ROUTE:
+        result = routeEvidence.resolve(projectRoot, claim);
+        break;
+      case CLAIM_TYPES.ENV:
+        result = envEvidence.resolve(projectRoot, claim);
+        break;
+      case CLAIM_TYPES.AUTH:
+        result = authEvidence.resolve(projectRoot, claim);
+        break;
+      case CLAIM_TYPES.CONTRACT:
+        result = contractEvidence.resolve(projectRoot, claim);
+        break;
+      case CLAIM_TYPES.SIDE_EFFECT:
+        result = sideEffectEvidence.resolve(projectRoot, claim);
+        break;
+      case CLAIM_TYPES.HTTP_CALL:
+        // HTTP calls are checked as routes
+        result = routeEvidence.resolve(projectRoot, {
+          ...claim,
+          type: CLAIM_TYPES.ROUTE,
+          value: extractRouteFromHttpCall(claim.value)
+        });
+        break;
+      case CLAIM_TYPES.UI_SUCCESS:
+        // UI success claims are checked for side effects
+        result = sideEffectEvidence.resolve(projectRoot, claim);
+        break;
+      default:
+        result = {
+          claimId,
+          result: "UNPROVEN",
+          sources: [],
+          reason: `Unknown claim type: ${claim.type}`
+        };
+    }
+    results.push({
+      claimId,
+      ...result
+    });
+  }
+  return results;
+}
+/**
+ * Extract route path from HTTP call claim value
+ * @param {string} httpCall - HTTP call string (e.g., "GET /api/users")
+ * @returns {string} Route path
+ */
+function extractRouteFromHttpCall(httpCall) {
+  // Handle "GET /api/users" format
+  const match = httpCall.match(/\s+(.+)$/);
+  if (match) {
+    return match[1];
+  }
+  // Handle "/api/users" format
+  return httpCall.startsWith("/") ? httpCall : `/${httpCall}`;
+}
+module.exports = {
+  resolveEvidence
+};

package/bin/runners/lib/agent-firewall/evidence/route-evidence.js ADDED Viewed

@@ -0,0 +1,213 @@
+/**
+ * Route Evidence Resolver
+ *
+ * Resolves route claims against truthpack.routes.json
+ * Checks for ghost routes (UI references route not registered).
+ */
+"use strict";
+const { getRoutes } = require("../truthpack");
+const { canonicalizePath } = require("../../route-truth");
+const { shouldIgnore } = require("../utils/ignore-checker");
+/**
+ * Resolve route claim evidence
+ * @param {string} projectRoot - Project root directory
+ * @param {object} claim - Route claim
+ * @returns {object} Evidence result
+ */
+function resolve(projectRoot, claim) {
+  // Skip checking routes from ignored files (test files, fixtures, etc.)
+  if (claim.pointer && shouldIgnore(projectRoot, claim.pointer.split(":")[0])) {
+    return {
+      result: "PROVEN",
+      sources: [{
+        type: "ignored",
+        pointer: claim.pointer,
+        confidence: 1.0
+      }],
+      reason: `Route from ignored file (test/fixture)`
+    };
+  }
+  // Normalize route path from claim
+  const routePath = canonicalizePath(claim.value);
+  // Skip external API calls (routes that don't start with /api/ in Next.js context)
+  // Routes like /content/blog, /content/faq are external backend API calls, not Next.js routes
+  // Only validate Next.js API routes (those in apps/web-ui/src/app/api/)
+  if (!routePath.startsWith('/api/')) {
+    return {
+      result: "PROVEN",
+      sources: [{
+        type: "external_api",
+        pointer: claim.pointer,
+        confidence: 1.0
+      }],
+      reason: `Route ${routePath} is an external API call, not a Next.js route`
+    };
+  }
+  // Skip wildcard patterns from template literals (they're approximations)
+  // These are detected from fetch(`${url}/api/...`) and are not exact routes
+  if (routePath.includes('*') || routePath === '/api/*') {
+    return {
+      result: "PROVEN",
+      sources: [{
+        type: "pattern",
+        pointer: claim.pointer,
+        confidence: 0.8
+      }],
+      reason: `Route pattern ${routePath} is a template literal approximation, not an exact route`
+    };
+  }
+  // Skip backend API routes (routes from template literals using apiUrl)
+  // These are calls to the backend API server, not Next.js API routes
+  if (claim.isBackendApi || (claim.reason && claim.reason.includes('backend API'))) {
+    return {
+      result: "PROVEN",
+      sources: [{
+        type: "backend_api",
+        pointer: claim.pointer,
+        confidence: 0.9
+      }],
+      reason: `Route ${routePath} is a backend API call (using apiUrl variable), not a Next.js route`
+    };
+  }
+  // Skip routes that are clearly backend API routes (v1, v2, etc. are typically backend)
+  // Next.js API routes are usually simpler like /api/checkout, /api/health
+  if (routePath.match(/^\/api\/v\d+\//)) {
+    return {
+      result: "PROVEN",
+      sources: [{
+        type: "backend_api",
+        pointer: claim.pointer,
+        confidence: 0.85
+      }],
+      reason: `Route ${routePath} appears to be a backend API route (versioned), not a Next.js route`
+    };
+  }
+  const routes = getRoutes(projectRoot);
+  // Check if route exists in truthpack
+  if (routes && routes.length > 0) {
+    // First, check for exact match
+    const exactMatch = routes.find(route => {
+      const routePathNormalized = canonicalizePath(route.path || route);
+      return routePathNormalized === routePath;
+    });
+    if (exactMatch) {
+      return {
+        result: "PROVEN",
+        sources: [{
+          type: "truthpack.routes",
+          pointer: claim.pointer,
+          confidence: 0.9
+        }],
+        reason: `Route ${routePath} found in truthpack (exact match)`
+      };
+    }
+    // Then check parameterized routes - but be conservative
+    // Only match if it looks like a parameter value (numeric/UUID-like)
+    const paramMatch = routes.find(route => {
+      const routePathNormalized = canonicalizePath(route.path || route);
+      if (!isParameterizedPath(routePathNormalized)) return false;
+      const routeParts = routePathNormalized.split("/").filter(Boolean);
+      const claimParts = routePath.split("/").filter(Boolean);
+      if (routeParts.length !== claimParts.length) return false;
+      // Check if all non-parameter segments match exactly
+      for (let i = 0; i < routeParts.length; i++) {
+        const rSeg = routeParts[i];
+        const cSeg = claimParts[i];
+        // If it's a parameter, check if the concrete value looks like a parameter
+        if (rSeg.startsWith(":")) {
+          // Only match if it looks like an ID (numeric or UUID-like)
+          // Don't match literal words like "create", "update", etc.
+          const looksLikeId = /^\d+$/.test(cSeg) || /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(cSeg);
+          if (!looksLikeId) return false;
+        } else if (rSeg !== cSeg) {
+          return false;
+        }
+      }
+      return true;
+    });
+    if (paramMatch) {
+      return {
+        result: "PROVEN",
+        sources: [{
+          type: "truthpack.routes",
+          pointer: claim.pointer,
+          confidence: 0.7
+        }],
+        reason: `Route ${routePath} matches parameterized route in truthpack`
+      };
+    }
+    // No match found - ghost route
+    return {
+      result: "UNPROVEN",
+      sources: [],
+      reason: `Route ${routePath} not found in truthpack (ghost route)`
+    };
+  } else {
+    // No routes in truthpack - cannot prove
+    return {
+      result: "UNPROVEN",
+      sources: [],
+      reason: "No routes found in truthpack"
+    };
+  }
+}
+function isParameterizedPath(p) {
+  const s = String(p || "").trim();
+  return s.includes(":") || s.includes("*");
+}
+function matchPath(pattern, concrete) {
+  const pat = String(pattern || "").trim();
+  const con = String(concrete || "").trim();
+  if (pat === con) return true;
+  // Simple parameterized matching - only match if segments align
+  const patParts = pat.split("/").filter(Boolean);
+  const conParts = con.split("/").filter(Boolean);
+  if (patParts.length !== conParts.length) return false;
+  for (let i = 0; i < patParts.length; i++) {
+    const pSeg = patParts[i];
+    const cSeg = conParts[i];
+    // Parameter placeholder (:id, :slug) matches any segment
+    if (pSeg.startsWith(":")) {
+      continue;
+    }
+    // Wildcard (*slug) matches remainder
+    if (pSeg.startsWith("*")) {
+      return true;
+    }
+    // Exact match required for literal segments
+    if (pSeg !== cSeg) return false;
+  }
+  return true;
+}
+module.exports = {
+  resolve
+};

package/bin/runners/lib/agent-firewall/evidence/side-effect-evidence.js ADDED Viewed

@@ -0,0 +1,145 @@
+/**
+ * Side Effect Evidence Resolver
+ *
+ * Detects unverified side effects (DB writes, email, payments).
+ * Checks for test coverage or reality proof.
+ */
+"use strict";
+const fs = require("fs");
+const path = require("path");
+/**
+ * Resolve side effect claim evidence
+ * @param {string} projectRoot - Project root directory
+ * @param {object} claim - Side effect claim
+ * @returns {object} Evidence result
+ */
+function resolve(projectRoot, claim) {
+  const claimFile = claim.file || "";
+  const claimValue = claim.value.toLowerCase();
+  // Detect side effect types
+  const hasDbWrite = /\b(create|update|delete|insert|save|write)\b/i.test(claimValue) ||
+                     /\b(prisma|sequelize|mongoose|db\.|database\.)\b/i.test(claimValue);
+  const hasEmail = /\b(email|sendMail|nodemailer|sendgrid|mailgun)\b/i.test(claimValue);
+  const hasPayment = /\b(stripe|payment|charge|checkout|billing)\b/i.test(claimValue);
+  if (!hasDbWrite && !hasEmail && !hasPayment) {
+    // Not a side effect
+    return {
+      result: "PROVEN",
+      sources: [],
+      reason: "No side effect detected"
+    };
+  }
+  // Check for test coverage
+  const testFile = findTestFile(projectRoot, claimFile);
+  if (testFile && fs.existsSync(testFile)) {
+    const testContent = fs.readFileSync(testFile, "utf8");
+    // Check if test covers the side effect
+    if (testContent.includes(claimValue.slice(0, 20)) ||
+        testContent.includes("mock") ||
+        testContent.includes("test")) {
+      return {
+        result: "PROVEN",
+        sources: [{
+          type: "repo.search",
+          pointer: testFile,
+          confidence: 0.7
+        }],
+        reason: "Test file found for side effect"
+      };
+    }
+  }
+  // Check for reality proof (reality report)
+  const realityReport = findRealityReport(projectRoot, claimFile);
+  if (realityReport) {
+    return {
+      result: "PROVEN",
+      sources: [{
+        type: "repo.search",
+        pointer: realityReport,
+        confidence: 0.8
+      }],
+      reason: "Reality proof found for side effect"
+    };
+  }
+  // Side effect detected but no verification found
+  return {
+    result: "UNPROVEN",
+    sources: [],
+    reason: `Side effect detected (${hasDbWrite ? 'DB' : ''}${hasEmail ? 'Email' : ''}${hasPayment ? 'Payment' : ''}) but no test coverage or reality proof found`
+  };
+}
+/**
+ * Find test file for a source file
+ * @param {string} projectRoot - Project root directory
+ * @param {string} sourceFile - Source file path
+ * @returns {string|null} Test file path or null
+ */
+function findTestFile(projectRoot, sourceFile) {
+  if (!sourceFile) return null;
+  // Try common test file patterns
+  const baseName = path.basename(sourceFile, path.extname(sourceFile));
+  const dir = path.dirname(sourceFile);
+  const patterns = [
+    `${dir}/${baseName}.test.ts`,
+    `${dir}/${baseName}.test.tsx`,
+    `${dir}/${baseName}.test.js`,
+    `${dir}/__tests__/${baseName}.test.ts`,
+    `${dir}/__tests__/${baseName}.test.tsx`,
+    `${dir.replace(/\/src\//, '/tests/')}/${baseName}.test.ts`
+  ];
+  for (const pattern of patterns) {
+    const testPath = path.join(projectRoot, pattern);
+    if (fs.existsSync(testPath)) {
+      return pattern;
+    }
+  }
+  return null;
+}
+/**
+ * Find reality report for a file
+ * @param {string} projectRoot - Project root directory
+ * @param {string} sourceFile - Source file path
+ * @returns {string|null} Reality report path or null
+ */
+function findRealityReport(projectRoot, sourceFile) {
+  const realityDir = path.join(projectRoot, ".vibecheck", "reality");
+  if (!fs.existsSync(realityDir)) {
+    return null;
+  }
+  // Look for recent reality reports
+  const reports = fs.readdirSync(realityDir)
+    .filter(file => file.endsWith('.json'))
+    .map(file => path.join(realityDir, file))
+    .filter(file => {
+      try {
+        const report = JSON.parse(fs.readFileSync(file, "utf8"));
+        return report.files && report.files.includes(sourceFile);
+      } catch {
+        return false;
+      }
+    });
+  return reports.length > 0 ? reports[0] : null;
+}
+module.exports = {
+  resolve
+};

package/bin/runners/lib/agent-firewall/fs-hook/daemon.js ADDED Viewed

@@ -0,0 +1,19 @@
+#!/usr/bin/env node
+/**
+ * File System Hook Daemon
+ *
+ * Runs as a background process to intercept file writes.
+ * Start with: node bin/runners/lib/agent-firewall/fs-hook/daemon.js
+ */
+const path = require("path");
+const { startFileSystemHook } = require("./installer");
+const projectRoot = process.cwd();
+console.log("🛡️  Starting Agent Firewall File System Hook...\n");
+console.log(`   Project: ${projectRoot}\n`);
+startFileSystemHook(projectRoot);
+console.log("✅ File System Hook running (press Ctrl+C to stop)\n");

package/bin/runners/lib/agent-firewall/fs-hook/installer.js ADDED Viewed

@@ -0,0 +1,87 @@
+/**
+ * File System Hook Installer
+ *
+ * Installs and manages the file system hook daemon.
+ */
+"use strict";
+const fs = require("fs");
+const path = require("path");
+const { FileSystemHook } = require("./watcher");
+let globalHook = null;
+/**
+ * Install file system hook
+ * @param {string} projectRoot - Project root directory
+ * @returns {object} Installation result
+ */
+function installFileSystemHook(projectRoot) {
+  const hookScript = path.join(__dirname, "daemon.js");
+  const packageJson = path.join(projectRoot, "package.json");
+  // Add script to package.json
+  if (fs.existsSync(packageJson)) {
+    const pkg = JSON.parse(fs.readFileSync(packageJson, "utf8"));
+    if (!pkg.scripts) {
+      pkg.scripts = {};
+    }
+    pkg.scripts["firewall:fs-hook"] = `node ${path.relative(projectRoot, hookScript)}`;
+    fs.writeFileSync(packageJson, JSON.stringify(pkg, null, 2));
+  }
+  // Create marker file
+  const markerFile = path.join(projectRoot, ".vibecheck", "fs-hook-enabled");
+  fs.writeFileSync(markerFile, JSON.stringify({
+    enabled: true,
+    installedAt: new Date().toISOString()
+  }, null, 2));
+  return {
+    success: true,
+    message: "File system hook installed. Run 'npm run firewall:fs-hook' to start."
+  };
+}
+/**
+ * Start file system hook daemon
+ * @param {string} projectRoot - Project root directory
+ */
+function startFileSystemHook(projectRoot) {
+  if (globalHook) {
+    console.log("⚠️  File system hook already running");
+    return;
+  }
+  globalHook = new FileSystemHook(projectRoot);
+  globalHook.start().catch(console.error);
+  // Keep process alive
+  process.on("SIGINT", () => {
+    if (globalHook) {
+      globalHook.stop();
+    }
+    process.exit(0);
+  });
+  // Keep alive
+  setInterval(() => {}, 1000);
+}
+/**
+ * Stop file system hook
+ */
+function stopFileSystemHook() {
+  if (globalHook) {
+    globalHook.stop();
+    globalHook = null;
+  }
+}
+module.exports = {
+  installFileSystemHook,
+  startFileSystemHook,
+  stopFileSystemHook,
+  FileSystemHook
+};