npm - vibecheck-ai - Versions diffs - 2.0.1 → 5.0.0 - Mend

vibecheck-ai 2.0.1 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (456) hide show

package/bin/.generated +25 -0
package/bin/_deprecations.js +463 -0
package/bin/_router.js +46 -0
package/bin/cli-hygiene.js +241 -0
package/bin/dev/run-v2-torture.js +30 -0
package/bin/registry.js +656 -0
package/bin/runners/CLI_REFACTOR_SUMMARY.md +229 -0
package/bin/runners/ENHANCEMENT_GUIDE.md +121 -0
package/bin/runners/REPORT_AUDIT.md +64 -0
package/bin/runners/cli-utils.js +1070 -0
package/bin/runners/context/ai-task-decomposer.js +337 -0
package/bin/runners/context/analyzer.js +513 -0
package/bin/runners/context/api-contracts.js +427 -0
package/bin/runners/context/context-diff.js +342 -0
package/bin/runners/context/context-pruner.js +291 -0
package/bin/runners/context/dependency-graph.js +414 -0
package/bin/runners/context/generators/claude.js +107 -0
package/bin/runners/context/generators/codex.js +108 -0
package/bin/runners/context/generators/copilot.js +119 -0
package/bin/runners/context/generators/cursor-enhanced.js +2525 -0
package/bin/runners/context/generators/cursor.js +514 -0
package/bin/runners/context/generators/mcp.js +169 -0
package/bin/runners/context/generators/windsurf.js +180 -0
package/bin/runners/context/git-context.js +304 -0
package/bin/runners/context/index.js +1110 -0
package/bin/runners/context/insights.js +173 -0
package/bin/runners/context/mcp-server/generate-rules.js +337 -0
package/bin/runners/context/mcp-server/index.js +1176 -0
package/bin/runners/context/mcp-server/package.json +24 -0
package/bin/runners/context/memory.js +200 -0
package/bin/runners/context/monorepo.js +215 -0
package/bin/runners/context/multi-repo-federation.js +404 -0
package/bin/runners/context/patterns.js +253 -0
package/bin/runners/context/proof-context.js +1264 -0
package/bin/runners/context/security-scanner.js +541 -0
package/bin/runners/context/semantic-search.js +350 -0
package/bin/runners/context/shared.js +264 -0
package/bin/runners/context/team-conventions.js +336 -0
package/bin/runners/lib/__tests__/entitlements-v2.test.js +295 -0
package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +474 -0
package/bin/runners/lib/agent-firewall/change-packet/builder.js +488 -0
package/bin/runners/lib/agent-firewall/change-packet/schema.json +228 -0
package/bin/runners/lib/agent-firewall/change-packet/store.js +200 -0
package/bin/runners/lib/agent-firewall/claims/claim-types.js +21 -0
package/bin/runners/lib/agent-firewall/claims/extractor.js +303 -0
package/bin/runners/lib/agent-firewall/claims/patterns.js +24 -0
package/bin/runners/lib/agent-firewall/critic/index.js +151 -0
package/bin/runners/lib/agent-firewall/critic/judge.js +432 -0
package/bin/runners/lib/agent-firewall/critic/prompts.js +305 -0
package/bin/runners/lib/agent-firewall/enforcement/gateway.js +1059 -0
package/bin/runners/lib/agent-firewall/enforcement/index.js +98 -0
package/bin/runners/lib/agent-firewall/enforcement/mode.js +318 -0
package/bin/runners/lib/agent-firewall/enforcement/orchestrator.js +484 -0
package/bin/runners/lib/agent-firewall/enforcement/proof-artifact.js +418 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/change-event.schema.json +173 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/intent.schema.json +181 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/verdict.schema.json +222 -0
package/bin/runners/lib/agent-firewall/enforcement/verdict-v2.js +333 -0
package/bin/runners/lib/agent-firewall/evidence/auth-evidence.js +88 -0
package/bin/runners/lib/agent-firewall/evidence/contract-evidence.js +75 -0
package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +127 -0
package/bin/runners/lib/agent-firewall/evidence/resolver.js +102 -0
package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +213 -0
package/bin/runners/lib/agent-firewall/evidence/side-effect-evidence.js +145 -0
package/bin/runners/lib/agent-firewall/fs-hook/daemon.js +19 -0
package/bin/runners/lib/agent-firewall/fs-hook/installer.js +87 -0
package/bin/runners/lib/agent-firewall/fs-hook/watcher.js +184 -0
package/bin/runners/lib/agent-firewall/git-hook/pre-commit.js +163 -0
package/bin/runners/lib/agent-firewall/ide-extension/cursor.js +107 -0
package/bin/runners/lib/agent-firewall/ide-extension/vscode.js +68 -0
package/bin/runners/lib/agent-firewall/ide-extension/windsurf.js +66 -0
package/bin/runners/lib/agent-firewall/index.js +200 -0
package/bin/runners/lib/agent-firewall/integration/index.js +20 -0
package/bin/runners/lib/agent-firewall/integration/ship-gate.js +437 -0
package/bin/runners/lib/agent-firewall/intent/alignment-engine.js +634 -0
package/bin/runners/lib/agent-firewall/intent/auto-detect.js +426 -0
package/bin/runners/lib/agent-firewall/intent/index.js +102 -0
package/bin/runners/lib/agent-firewall/intent/schema.js +352 -0
package/bin/runners/lib/agent-firewall/intent/store.js +283 -0
package/bin/runners/lib/agent-firewall/interception/fs-interceptor.js +502 -0
package/bin/runners/lib/agent-firewall/interception/index.js +23 -0
package/bin/runners/lib/agent-firewall/interceptor/base.js +308 -0
package/bin/runners/lib/agent-firewall/interceptor/cursor.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/vscode.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/windsurf.js +34 -0
package/bin/runners/lib/agent-firewall/lawbook/distributor.js +465 -0
package/bin/runners/lib/agent-firewall/lawbook/evaluator.js +604 -0
package/bin/runners/lib/agent-firewall/lawbook/index.js +304 -0
package/bin/runners/lib/agent-firewall/lawbook/registry.js +514 -0
package/bin/runners/lib/agent-firewall/lawbook/schema.js +420 -0
package/bin/runners/lib/agent-firewall/logger.js +141 -0
package/bin/runners/lib/agent-firewall/policy/default-policy.json +90 -0
package/bin/runners/lib/agent-firewall/policy/engine.js +103 -0
package/bin/runners/lib/agent-firewall/policy/loader.js +451 -0
package/bin/runners/lib/agent-firewall/policy/rules/auth-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/contract-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +79 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js +227 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +191 -0
package/bin/runners/lib/agent-firewall/policy/rules/scope.js +93 -0
package/bin/runners/lib/agent-firewall/policy/rules/unsafe-side-effect.js +57 -0
package/bin/runners/lib/agent-firewall/policy/schema.json +183 -0
package/bin/runners/lib/agent-firewall/policy/verdict.js +54 -0
package/bin/runners/lib/agent-firewall/proposal/extractor.js +394 -0
package/bin/runners/lib/agent-firewall/proposal/index.js +212 -0
package/bin/runners/lib/agent-firewall/proposal/schema.js +251 -0
package/bin/runners/lib/agent-firewall/proposal/validator.js +386 -0
package/bin/runners/lib/agent-firewall/reality/index.js +332 -0
package/bin/runners/lib/agent-firewall/reality/state.js +625 -0
package/bin/runners/lib/agent-firewall/reality/watcher.js +322 -0
package/bin/runners/lib/agent-firewall/risk/index.js +173 -0
package/bin/runners/lib/agent-firewall/risk/scorer.js +328 -0
package/bin/runners/lib/agent-firewall/risk/thresholds.js +322 -0
package/bin/runners/lib/agent-firewall/risk/vectors.js +421 -0
package/bin/runners/lib/agent-firewall/session/collector.js +451 -0
package/bin/runners/lib/agent-firewall/session/index.js +26 -0
package/bin/runners/lib/agent-firewall/simulator/diff-simulator.js +472 -0
package/bin/runners/lib/agent-firewall/simulator/import-resolver.js +346 -0
package/bin/runners/lib/agent-firewall/simulator/index.js +181 -0
package/bin/runners/lib/agent-firewall/simulator/route-validator.js +380 -0
package/bin/runners/lib/agent-firewall/time-machine/incident-correlator.js +661 -0
package/bin/runners/lib/agent-firewall/time-machine/index.js +267 -0
package/bin/runners/lib/agent-firewall/time-machine/replay-engine.js +436 -0
package/bin/runners/lib/agent-firewall/time-machine/state-reconstructor.js +490 -0
package/bin/runners/lib/agent-firewall/time-machine/timeline-builder.js +530 -0
package/bin/runners/lib/agent-firewall/truthpack/index.js +67 -0
package/bin/runners/lib/agent-firewall/truthpack/loader.js +137 -0
package/bin/runners/lib/agent-firewall/unblock/planner.js +337 -0
package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +118 -0
package/bin/runners/lib/ai-bridge.js +416 -0
package/bin/runners/lib/analysis-core.js +309 -0
package/bin/runners/lib/analyzers.js +2500 -0
package/bin/runners/lib/api-client.js +269 -0
package/bin/runners/lib/approve-output.js +235 -0
package/bin/runners/lib/artifact-envelope.js +540 -0
package/bin/runners/lib/assets/vibecheck-logo.png +0 -0
package/bin/runners/lib/audit-bridge.js +391 -0
package/bin/runners/lib/auth-shared.js +977 -0
package/bin/runners/lib/auth-truth.js +193 -0
package/bin/runners/lib/auth.js +215 -0
package/bin/runners/lib/authority-badge.js +425 -0
package/bin/runners/lib/backup.js +62 -0
package/bin/runners/lib/billing.js +107 -0
package/bin/runners/lib/checkpoint.js +941 -0
package/bin/runners/lib/claims.js +118 -0
package/bin/runners/lib/classify-output.js +204 -0
package/bin/runners/lib/cleanup/engine.js +571 -0
package/bin/runners/lib/cleanup/index.js +53 -0
package/bin/runners/lib/cleanup/output.js +375 -0
package/bin/runners/lib/cleanup/rules.js +1060 -0
package/bin/runners/lib/cli-output.js +400 -0
package/bin/runners/lib/cli-ui.js +540 -0
package/bin/runners/lib/compliance-bridge-new.js +0 -0
package/bin/runners/lib/compliance-bridge.js +165 -0
package/bin/runners/lib/contracts/auth-contract.js +202 -0
package/bin/runners/lib/contracts/env-contract.js +181 -0
package/bin/runners/lib/contracts/external-contract.js +206 -0
package/bin/runners/lib/contracts/guard.js +168 -0
package/bin/runners/lib/contracts/index.js +89 -0
package/bin/runners/lib/contracts/plan-validator.js +311 -0
package/bin/runners/lib/contracts/route-contract.js +199 -0
package/bin/runners/lib/contracts.js +804 -0
package/bin/runners/lib/default-config.js +127 -0
package/bin/runners/lib/detect.js +89 -0
package/bin/runners/lib/detectors-v2.js +622 -0
package/bin/runners/lib/doctor/autofix.js +254 -0
package/bin/runners/lib/doctor/diagnosis-receipt.js +454 -0
package/bin/runners/lib/doctor/failure-signatures.js +526 -0
package/bin/runners/lib/doctor/fix-script.js +336 -0
package/bin/runners/lib/doctor/index.js +37 -0
package/bin/runners/lib/doctor/modules/build-tools.js +453 -0
package/bin/runners/lib/doctor/modules/dependencies.js +325 -0
package/bin/runners/lib/doctor/modules/index.js +105 -0
package/bin/runners/lib/doctor/modules/network.js +250 -0
package/bin/runners/lib/doctor/modules/os-quirks.js +706 -0
package/bin/runners/lib/doctor/modules/project.js +312 -0
package/bin/runners/lib/doctor/modules/repo-integrity.js +485 -0
package/bin/runners/lib/doctor/modules/runtime.js +224 -0
package/bin/runners/lib/doctor/modules/security.js +350 -0
package/bin/runners/lib/doctor/modules/system.js +213 -0
package/bin/runners/lib/doctor/modules/vibecheck.js +394 -0
package/bin/runners/lib/doctor/reporter.js +262 -0
package/bin/runners/lib/doctor/safe-repair.js +384 -0
package/bin/runners/lib/doctor/service.js +262 -0
package/bin/runners/lib/doctor/types.js +113 -0
package/bin/runners/lib/doctor/ui.js +263 -0
package/bin/runners/lib/doctor-enhanced.js +233 -0
package/bin/runners/lib/doctor-output.js +226 -0
package/bin/runners/lib/doctor-v2.js +608 -0
package/bin/runners/lib/drift.js +425 -0
package/bin/runners/lib/enforcement.js +72 -0
package/bin/runners/lib/engine/ast-cache.js +210 -0
package/bin/runners/lib/engine/auth-extractor.js +211 -0
package/bin/runners/lib/engine/billing-extractor.js +112 -0
package/bin/runners/lib/engine/enforcement-extractor.js +100 -0
package/bin/runners/lib/engine/env-extractor.js +207 -0
package/bin/runners/lib/engine/express-extractor.js +208 -0
package/bin/runners/lib/engine/extractors.js +849 -0
package/bin/runners/lib/engine/index.js +207 -0
package/bin/runners/lib/engine/repo-index.js +514 -0
package/bin/runners/lib/engine/types.js +124 -0
package/bin/runners/lib/engines/accessibility-engine.js +190 -0
package/bin/runners/lib/engines/api-consistency-engine.js +162 -0
package/bin/runners/lib/engines/ast-cache.js +99 -0
package/bin/runners/lib/engines/attack-detector.js +1192 -0
package/bin/runners/lib/engines/code-quality-engine.js +255 -0
package/bin/runners/lib/engines/console-logs-engine.js +115 -0
package/bin/runners/lib/engines/cross-file-analysis-engine.js +268 -0
package/bin/runners/lib/engines/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/deprecated-api-engine.js +226 -0
package/bin/runners/lib/engines/empty-catch-engine.js +150 -0
package/bin/runners/lib/engines/file-filter.js +131 -0
package/bin/runners/lib/engines/hardcoded-secrets-engine.js +251 -0
package/bin/runners/lib/engines/mock-data-engine.js +272 -0
package/bin/runners/lib/engines/parallel-processor.js +71 -0
package/bin/runners/lib/engines/performance-issues-engine.js +265 -0
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +243 -0
package/bin/runners/lib/engines/todo-fixme-engine.js +115 -0
package/bin/runners/lib/engines/type-aware-engine.js +152 -0
package/bin/runners/lib/engines/unsafe-regex-engine.js +225 -0
package/bin/runners/lib/engines/vibecheck-engines/README.md +53 -0
package/bin/runners/lib/engines/vibecheck-engines/index.js +15 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +291 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +83 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +275 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +167 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +139 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +140 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +234 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +78 -0
package/bin/runners/lib/engines/vibecheck-engines/package.json +13 -0
package/bin/runners/lib/enterprise-detect.js +603 -0
package/bin/runners/lib/enterprise-init.js +942 -0
package/bin/runners/lib/entitlements-v2.js +265 -0
package/bin/runners/lib/entitlements.generated.js +0 -0
package/bin/runners/lib/entitlements.js +340 -0
package/bin/runners/lib/env-resolver.js +417 -0
package/bin/runners/lib/env-template.js +66 -0
package/bin/runners/lib/env.js +189 -0
package/bin/runners/lib/error-handler.js +368 -0
package/bin/runners/lib/error-messages.js +289 -0
package/bin/runners/lib/evidence-pack.js +684 -0
package/bin/runners/lib/exit-codes.js +275 -0
package/bin/runners/lib/extractors/client-calls.js +990 -0
package/bin/runners/lib/extractors/fastify-route-dump.js +573 -0
package/bin/runners/lib/extractors/fastify-routes.js +426 -0
package/bin/runners/lib/extractors/index.js +363 -0
package/bin/runners/lib/extractors/next-routes.js +524 -0
package/bin/runners/lib/extractors/proof-graph.js +431 -0
package/bin/runners/lib/extractors/route-matcher.js +451 -0
package/bin/runners/lib/extractors/truthpack-v2.js +377 -0
package/bin/runners/lib/extractors/ui-bindings.js +547 -0
package/bin/runners/lib/finding-id.js +69 -0
package/bin/runners/lib/finding-sorter.js +89 -0
package/bin/runners/lib/findings-schema.js +281 -0
package/bin/runners/lib/fingerprint.js +377 -0
package/bin/runners/lib/firewall-prompt.js +50 -0
package/bin/runners/lib/fix-output.js +228 -0
package/bin/runners/lib/global-flags.js +250 -0
package/bin/runners/lib/graph/graph-builder.js +265 -0
package/bin/runners/lib/graph/html-renderer.js +413 -0
package/bin/runners/lib/graph/index.js +32 -0
package/bin/runners/lib/graph/runtime-collector.js +215 -0
package/bin/runners/lib/graph/static-extractor.js +518 -0
package/bin/runners/lib/help-formatter.js +413 -0
package/bin/runners/lib/html-proof-report.js +913 -0
package/bin/runners/lib/html-report.js +650 -0
package/bin/runners/lib/init-wizard.js +601 -0
package/bin/runners/lib/interactive-menu.js +1496 -0
package/bin/runners/lib/json-output.js +76 -0
package/bin/runners/lib/llm.js +75 -0
package/bin/runners/lib/logger.js +38 -0
package/bin/runners/lib/meter.js +61 -0
package/bin/runners/lib/missions/briefing.js +427 -0
package/bin/runners/lib/missions/checkpoint.js +753 -0
package/bin/runners/lib/missions/evidence.js +126 -0
package/bin/runners/lib/missions/hardening.js +851 -0
package/bin/runners/lib/missions/plan.js +648 -0
package/bin/runners/lib/missions/safety-gates.js +645 -0
package/bin/runners/lib/missions/schema.js +478 -0
package/bin/runners/lib/missions/templates.js +317 -0
package/bin/runners/lib/next-action.js +560 -0
package/bin/runners/lib/packs/bundle.js +675 -0
package/bin/runners/lib/packs/evidence-pack.js +671 -0
package/bin/runners/lib/packs/pack-factory.js +837 -0
package/bin/runners/lib/packs/permissions-pack.js +686 -0
package/bin/runners/lib/packs/proof-graph-pack.js +779 -0
package/bin/runners/lib/patch.js +40 -0
package/bin/runners/lib/permissions/auth-model.js +213 -0
package/bin/runners/lib/permissions/idor-prover.js +205 -0
package/bin/runners/lib/permissions/index.js +45 -0
package/bin/runners/lib/permissions/matrix-builder.js +198 -0
package/bin/runners/lib/pkgjson.js +28 -0
package/bin/runners/lib/policy.js +295 -0
package/bin/runners/lib/polish/accessibility.js +62 -0
package/bin/runners/lib/polish/analyzer.js +93 -0
package/bin/runners/lib/polish/backend.js +87 -0
package/bin/runners/lib/polish/configuration.js +83 -0
package/bin/runners/lib/polish/documentation.js +83 -0
package/bin/runners/lib/polish/frontend.js +817 -0
package/bin/runners/lib/polish/index.js +27 -0
package/bin/runners/lib/polish/infrastructure.js +80 -0
package/bin/runners/lib/polish/internationalization.js +85 -0
package/bin/runners/lib/polish/libraries.js +180 -0
package/bin/runners/lib/polish/observability.js +75 -0
package/bin/runners/lib/polish/performance.js +64 -0
package/bin/runners/lib/polish/privacy.js +110 -0
package/bin/runners/lib/polish/resilience.js +92 -0
package/bin/runners/lib/polish/security.js +78 -0
package/bin/runners/lib/polish/seo.js +71 -0
package/bin/runners/lib/polish/styles.js +62 -0
package/bin/runners/lib/polish/utils.js +104 -0
package/bin/runners/lib/preflight.js +142 -0
package/bin/runners/lib/prerequisites.js +149 -0
package/bin/runners/lib/prove-output.js +220 -0
package/bin/runners/lib/reality/correlation-detectors.js +359 -0
package/bin/runners/lib/reality/index.js +318 -0
package/bin/runners/lib/reality/request-hashing.js +416 -0
package/bin/runners/lib/reality/request-mapper.js +453 -0
package/bin/runners/lib/reality/safety-rails.js +463 -0
package/bin/runners/lib/reality/semantic-snapshot.js +408 -0
package/bin/runners/lib/reality/toast-detector.js +393 -0
package/bin/runners/lib/reality-findings.js +84 -0
package/bin/runners/lib/reality-output.js +231 -0
package/bin/runners/lib/receipts.js +179 -0
package/bin/runners/lib/redact.js +29 -0
package/bin/runners/lib/replay/capsule-manager.js +154 -0
package/bin/runners/lib/replay/index.js +263 -0
package/bin/runners/lib/replay/player.js +348 -0
package/bin/runners/lib/replay/recorder.js +331 -0
package/bin/runners/lib/report-engine.js +626 -0
package/bin/runners/lib/report-html.js +1233 -0
package/bin/runners/lib/report-output.js +366 -0
package/bin/runners/lib/report-templates.js +967 -0
package/bin/runners/lib/report.js +135 -0
package/bin/runners/lib/route-detection.js +1209 -0
package/bin/runners/lib/route-truth.js +1322 -0
package/bin/runners/lib/safelist/index.js +96 -0
package/bin/runners/lib/safelist/integration.js +334 -0
package/bin/runners/lib/safelist/matcher.js +696 -0
package/bin/runners/lib/safelist/schema.js +948 -0
package/bin/runners/lib/safelist/store.js +438 -0
package/bin/runners/lib/sandbox/index.js +59 -0
package/bin/runners/lib/sandbox/proof-chain.js +399 -0
package/bin/runners/lib/sandbox/sandbox-runner.js +205 -0
package/bin/runners/lib/sandbox/worktree.js +174 -0
package/bin/runners/lib/scan-cache.js +330 -0
package/bin/runners/lib/scan-output-schema.js +344 -0
package/bin/runners/lib/scan-output.js +631 -0
package/bin/runners/lib/scan-runner.js +135 -0
package/bin/runners/lib/schema-validator.js +350 -0
package/bin/runners/lib/schemas/ajv-validator.js +464 -0
package/bin/runners/lib/schemas/contracts.schema.json +160 -0
package/bin/runners/lib/schemas/error-envelope.schema.json +105 -0
package/bin/runners/lib/schemas/finding-v3.schema.json +151 -0
package/bin/runners/lib/schemas/finding.schema.json +100 -0
package/bin/runners/lib/schemas/mission-pack.schema.json +206 -0
package/bin/runners/lib/schemas/proof-graph.schema.json +176 -0
package/bin/runners/lib/schemas/reality-report.schema.json +162 -0
package/bin/runners/lib/schemas/report-artifact.schema.json +120 -0
package/bin/runners/lib/schemas/run-request.schema.json +108 -0
package/bin/runners/lib/schemas/share-pack.schema.json +180 -0
package/bin/runners/lib/schemas/ship-manifest.schema.json +251 -0
package/bin/runners/lib/schemas/ship-report.schema.json +117 -0
package/bin/runners/lib/schemas/truthpack-v2.schema.json +303 -0
package/bin/runners/lib/schemas/validator.js +465 -0
package/bin/runners/lib/schemas/verdict.schema.json +140 -0
package/bin/runners/lib/score-history.js +282 -0
package/bin/runners/lib/security-bridge.js +249 -0
package/bin/runners/lib/server-usage.js +513 -0
package/bin/runners/lib/share-pack.js +239 -0
package/bin/runners/lib/ship-gate.js +832 -0
package/bin/runners/lib/ship-manifest.js +1153 -0
package/bin/runners/lib/ship-output-enterprise.js +239 -0
package/bin/runners/lib/ship-output.js +1128 -0
package/bin/runners/lib/snippets.js +67 -0
package/bin/runners/lib/status-output.js +340 -0
package/bin/runners/lib/terminal-ui.js +356 -0
package/bin/runners/lib/truth.js +1691 -0
package/bin/runners/lib/ui.js +562 -0
package/bin/runners/lib/unified-cli-output.js +947 -0
package/bin/runners/lib/unified-output.js +197 -0
package/bin/runners/lib/upsell.js +410 -0
package/bin/runners/lib/usage.js +153 -0
package/bin/runners/lib/validate-patch.js +156 -0
package/bin/runners/lib/verdict-engine.js +628 -0
package/bin/runners/lib/verification.js +345 -0
package/bin/runners/lib/why-tree.js +650 -0
package/bin/runners/reality/engine.js +917 -0
package/bin/runners/reality/flows.js +122 -0
package/bin/runners/reality/report.js +378 -0
package/bin/runners/reality/session.js +193 -0
package/bin/runners/runAIAgent.js +229 -0
package/bin/runners/runAgent.d.ts +5 -0
package/bin/runners/runAgent.js +161 -0
package/bin/runners/runAllowlist.js +418 -0
package/bin/runners/runApprove.js +320 -0
package/bin/runners/runAudit.js +692 -0
package/bin/runners/runAuth.js +731 -0
package/bin/runners/runCI.js +353 -0
package/bin/runners/runCheckpoint.js +530 -0
package/bin/runners/runClassify.js +928 -0
package/bin/runners/runCleanup.js +343 -0
package/bin/runners/runContext.d.ts +4 -0
package/bin/runners/runContext.js +175 -0
package/bin/runners/runDoctor.js +877 -0
package/bin/runners/runEvidencePack.js +362 -0
package/bin/runners/runFirewall.d.ts +5 -0
package/bin/runners/runFirewall.js +134 -0
package/bin/runners/runFirewallHook.d.ts +5 -0
package/bin/runners/runFirewallHook.js +56 -0
package/bin/runners/runFix.js +1355 -0
package/bin/runners/runForge.js +451 -0
package/bin/runners/runGuard.js +262 -0
package/bin/runners/runInit.js +1927 -0
package/bin/runners/runIntent.js +906 -0
package/bin/runners/runKickoff.js +878 -0
package/bin/runners/runLabs.js +424 -0
package/bin/runners/runLaunch.js +2000 -0
package/bin/runners/runLink.js +785 -0
package/bin/runners/runMcp.js +1875 -0
package/bin/runners/runPacks.js +2089 -0
package/bin/runners/runPolish.d.ts +4 -0
package/bin/runners/runPolish.js +390 -0
package/bin/runners/runPromptFirewall.js +211 -0
package/bin/runners/runProve.js +1411 -0
package/bin/runners/runQuickstart.js +531 -0
package/bin/runners/runReality.js +2260 -0
package/bin/runners/runReport.js +726 -0
package/bin/runners/runRuntime.js +110 -0
package/bin/runners/runSafelist.js +1190 -0
package/bin/runners/runScan.js +688 -0
package/bin/runners/runShield.js +1282 -0
package/bin/runners/runShip.js +1660 -0
package/bin/runners/runTruth.d.ts +5 -0
package/bin/runners/runTruth.js +101 -0
package/bin/runners/runValidate.js +179 -0
package/bin/runners/runWatch.js +478 -0
package/bin/runners/utils.js +360 -0
package/bin/scan.js +617 -0
package/bin/vibecheck.js +1617 -0
package/dist/guardrail/index.d.ts +2405 -0
package/dist/guardrail/index.js +9747 -0
package/dist/guardrail/index.js.map +1 -0
package/dist/scanner/index.d.ts +282 -0
package/dist/scanner/index.js +3395 -0
package/dist/scanner/index.js.map +1 -0
package/package.json +123 -104
package/README.md +0 -491
package/dist/index.js +0 -99711
package/dist/index.js.map +0 -1

package/bin/runners/lib/agent-firewall/lawbook/schema.js ADDED Viewed

@@ -0,0 +1,420 @@
+/**
+ * Lawbook Invariant Schema
+ *
+ * Defines the YAML DSL for organizational invariant rules.
+ * Invariants are rules that must ALWAYS hold true in the codebase.
+ *
+ * Codename: Lawbook
+ */
+"use strict";
+/**
+ * Invariant rule types
+ */
+const INVARIANT_TYPES = {
+  // File/path based rules
+  NO_MODIFY: "no-modify",           // Files/paths that cannot be modified
+  NO_DELETE: "no-delete",           // Files/paths that cannot be deleted
+  NO_CREATE: "no-create",           // Patterns that cannot be created
+  REQUIRE_APPROVAL: "require-approval", // Changes require approval
+  // Code pattern rules
+  NEVER: "never",                   // Pattern must never appear
+  ALWAYS: "always",                 // Pattern must always be present
+  BEFORE: "before",                 // Pattern A must come before pattern B
+  AFTER: "after",                   // Pattern A must come after pattern B
+  MAINTAINS: "maintains",           // Property must be maintained
+  // Architectural rules
+  ALL_THROUGH: "all-through",       // All X must go through Y
+  NO_DIRECT: "no-direct",           // No direct access to X (use Y instead)
+  LAYER_BOUNDARY: "layer-boundary", // Enforce architectural layers
+  // Environment rules
+  ENV_MUST_BE_REGISTERED: "env-must-be-registered", // All env vars must be in registry
+  ENV_REQUIRED: "env-required",     // Specific env vars required
+  // Dependency rules
+  DEPENDENCY_LOCKED: "dependency-locked", // Dependency version locked
+  NO_DEPENDENCY: "no-dependency",   // Certain dependencies forbidden
+};
+/**
+ * Invariant severity levels
+ */
+const INVARIANT_SEVERITY = {
+  BLOCK: "block",       // Absolutely cannot proceed
+  ERROR: "error",       // Serious violation
+  WARNING: "warning",   // Should be addressed
+  INFO: "info",         // Advisory
+};
+/**
+ * Invariant scope types
+ */
+const SCOPE_TYPES = {
+  FILE: "file",         // Single file
+  DIRECTORY: "directory", // Directory and subdirectories
+  GLOB: "glob",         // Glob pattern
+  REGEX: "regex",       // Regex pattern
+  ALL: "all",           // Entire codebase
+};
+/**
+ * JSON Schema for invariant definitions
+ */
+const INVARIANT_SCHEMA = {
+  $schema: "http://json-schema.org/draft-07/schema#",
+  title: "VibeCheck Lawbook Invariant",
+  type: "object",
+  required: ["id", "rule"],
+  properties: {
+    id: {
+      type: "string",
+      description: "Unique identifier for this invariant",
+      pattern: "^[a-z0-9-]+$",
+    },
+    description: {
+      type: "string",
+      description: "Human-readable description of this invariant",
+    },
+    rule: {
+      type: "string",
+      enum: Object.values(INVARIANT_TYPES),
+      description: "Type of invariant rule",
+    },
+    scope: {
+      type: "string",
+      description: "Glob pattern defining where this rule applies",
+    },
+    target: {
+      type: "string",
+      description: "Target path/file for 'all-through' rules",
+    },
+    pattern: {
+      type: "string",
+      description: "Regex pattern to match/exclude",
+    },
+    exclude: {
+      oneOf: [
+        { type: "string" },
+        { type: "array", items: { type: "string" } },
+      ],
+      description: "Paths/patterns excluded from this rule",
+    },
+    violations: {
+      type: "array",
+      items: {
+        type: "object",
+        properties: {
+          pattern: { type: "string" },
+          exclude: {
+            oneOf: [
+              { type: "string" },
+              { type: "array", items: { type: "string" } },
+            ],
+          },
+          message: { type: "string" },
+        },
+      },
+      description: "Specific violation patterns to detect",
+    },
+    severity: {
+      type: "string",
+      enum: Object.values(INVARIANT_SEVERITY),
+      default: "error",
+      description: "Severity level when violated",
+    },
+    introduced: {
+      type: "string",
+      format: "date",
+      description: "Date this invariant was introduced",
+    },
+    incident: {
+      type: "string",
+      description: "Related incident ID that prompted this invariant",
+    },
+    owner: {
+      type: "string",
+      description: "Team/person responsible for this invariant",
+    },
+    registry: {
+      type: "string",
+      description: "Registry file for env-must-be-registered rules",
+    },
+    message: {
+      type: "string",
+      description: "Custom message when violated",
+    },
+    autofix: {
+      type: "object",
+      properties: {
+        enabled: { type: "boolean", default: false },
+        action: { type: "string" },
+        template: { type: "string" },
+      },
+      description: "Auto-fix configuration",
+    },
+    metadata: {
+      type: "object",
+      description: "Additional metadata",
+    },
+  },
+};
+/**
+ * Schema for the full lawbook YAML file
+ */
+const LAWBOOK_FILE_SCHEMA = {
+  $schema: "http://json-schema.org/draft-07/schema#",
+  title: "VibeCheck Lawbook",
+  type: "object",
+  properties: {
+    version: {
+      type: "string",
+      default: "1.0.0",
+      description: "Lawbook schema version",
+    },
+    name: {
+      type: "string",
+      description: "Name of this invariant library",
+    },
+    description: {
+      type: "string",
+      description: "Description of this invariant library",
+    },
+    extends: {
+      oneOf: [
+        { type: "string" },
+        { type: "array", items: { type: "string" } },
+      ],
+      description: "Other lawbooks this extends",
+    },
+    invariants: {
+      type: "array",
+      items: { $ref: "#/definitions/invariant" },
+      description: "List of invariant rules",
+    },
+    groups: {
+      type: "object",
+      additionalProperties: {
+        type: "array",
+        items: { type: "string" },
+      },
+      description: "Named groups of invariant IDs",
+    },
+  },
+  definitions: {
+    invariant: INVARIANT_SCHEMA,
+  },
+};
+/**
+ * Create a default invariant template
+ * @param {string} id - Invariant ID
+ * @param {string} rule - Rule type
+ * @returns {Object} Invariant template
+ */
+function createInvariantTemplate(id, rule) {
+  return {
+    id,
+    rule,
+    description: "",
+    scope: "**/*",
+    severity: INVARIANT_SEVERITY.ERROR,
+    introduced: new Date().toISOString().split("T")[0],
+    metadata: {},
+  };
+}
+/**
+ * Validate an invariant against the schema
+ * @param {Object} invariant - Invariant to validate
+ * @returns {Object} Validation result
+ */
+function validateInvariant(invariant) {
+  const errors = [];
+  // Check required fields
+  if (!invariant.id) {
+    errors.push({ field: "id", message: "Invariant ID is required" });
+  } else if (!/^[a-z0-9-]+$/.test(invariant.id)) {
+    errors.push({ field: "id", message: "Invariant ID must be lowercase alphanumeric with hyphens" });
+  }
+  if (!invariant.rule) {
+    errors.push({ field: "rule", message: "Rule type is required" });
+  } else if (!Object.values(INVARIANT_TYPES).includes(invariant.rule)) {
+    errors.push({ field: "rule", message: `Unknown rule type: ${invariant.rule}` });
+  }
+  // Validate severity
+  if (invariant.severity && !Object.values(INVARIANT_SEVERITY).includes(invariant.severity)) {
+    errors.push({ field: "severity", message: `Unknown severity: ${invariant.severity}` });
+  }
+  // Rule-specific validation
+  if (invariant.rule === INVARIANT_TYPES.ALL_THROUGH && !invariant.target) {
+    errors.push({ field: "target", message: "all-through rules require a target" });
+  }
+  if ((invariant.rule === INVARIANT_TYPES.NEVER || invariant.rule === INVARIANT_TYPES.ALWAYS) && !invariant.pattern) {
+    errors.push({ field: "pattern", message: `${invariant.rule} rules require a pattern` });
+  }
+  if (invariant.rule === INVARIANT_TYPES.ENV_MUST_BE_REGISTERED && !invariant.registry) {
+    errors.push({ field: "registry", message: "env-must-be-registered rules require a registry file" });
+  }
+  return {
+    valid: errors.length === 0,
+    errors,
+  };
+}
+/**
+ * Parse a lawbook YAML string
+ * @param {string} content - YAML content
+ * @returns {Object} Parsed lawbook
+ */
+function parseLawbook(content) {
+  // Try to use js-yaml if available
+  try {
+    const yaml = require("js-yaml");
+    return yaml.load(content);
+  } catch {
+    // Fallback: basic YAML-like parsing for simple cases
+    return parseSimpleLawbook(content);
+  }
+}
+/**
+ * Simple lawbook parser for basic YAML structures
+ * @param {string} content - YAML content
+ * @returns {Object} Parsed lawbook
+ */
+function parseSimpleLawbook(content) {
+  const lines = content.split("\n");
+  const lawbook = {
+    version: "1.0.0",
+    invariants: [],
+  };
+  let currentInvariant = null;
+  let currentKey = null;
+  let indent = 0;
+  for (const line of lines) {
+    const trimmed = line.trim();
+    // Skip comments and empty lines
+    if (!trimmed || trimmed.startsWith("#")) continue;
+    // Check indent level
+    const currentIndent = line.search(/\S/);
+    // Key-value pair
+    const kvMatch = trimmed.match(/^(\w+):\s*(.*)$/);
+    if (kvMatch) {
+      const [, key, value] = kvMatch;
+      if (key === "invariants") {
+        // Start of invariants array
+        continue;
+      }
+      if (currentIndent > indent && currentInvariant) {
+        // Nested property
+        currentInvariant[key] = value || undefined;
+      } else {
+        // Top-level property
+        lawbook[key] = value;
+      }
+      currentKey = key;
+    }
+    // Array item
+    if (trimmed.startsWith("- ")) {
+      const itemContent = trimmed.slice(2).trim();
+      if (itemContent.startsWith("id:")) {
+        // New invariant
+        if (currentInvariant) {
+          lawbook.invariants.push(currentInvariant);
+        }
+        currentInvariant = { id: itemContent.slice(3).trim() };
+        indent = currentIndent;
+      }
+    }
+  }
+  // Push last invariant
+  if (currentInvariant) {
+    lawbook.invariants.push(currentInvariant);
+  }
+  return lawbook;
+}
+/**
+ * Serialize a lawbook to YAML string
+ * @param {Object} lawbook - Lawbook to serialize
+ * @returns {string} YAML string
+ */
+function serializeLawbook(lawbook) {
+  try {
+    const yaml = require("js-yaml");
+    return yaml.dump(lawbook, {
+      indent: 2,
+      lineWidth: 120,
+      noRefs: true,
+    });
+  } catch {
+    // Fallback: simple serialization
+    return JSON.stringify(lawbook, null, 2);
+  }
+}
+/**
+ * Create a default lawbook template
+ * @param {string} name - Lawbook name
+ * @returns {Object} Default lawbook
+ */
+function createDefaultLawbook(name = "project-invariants") {
+  return {
+    version: "1.0.0",
+    name,
+    description: "Project-specific invariant rules",
+    invariants: [
+      {
+        id: "example-no-console",
+        description: "No console.log in production code",
+        rule: INVARIANT_TYPES.NEVER,
+        scope: "src/**/*.{ts,tsx,js,jsx}",
+        pattern: "console\\.log\\(",
+        exclude: ["**/*.test.*", "**/*.spec.*"],
+        severity: INVARIANT_SEVERITY.WARNING,
+        introduced: new Date().toISOString().split("T")[0],
+      },
+    ],
+    groups: {
+      security: [],
+      architecture: [],
+      quality: [],
+    },
+  };
+}
+module.exports = {
+  INVARIANT_TYPES,
+  INVARIANT_SEVERITY,
+  INVARIANT_SCHEMA,
+  LAWBOOK_FILE_SCHEMA,
+  createInvariantTemplate,
+  validateInvariant,
+  parseLawbook,
+  serializeLawbook,
+  createDefaultLawbook,
+};

package/bin/runners/lib/agent-firewall/logger.js ADDED Viewed

@@ -0,0 +1,141 @@
+/**
+ * Agent Firewall Logger Utility
+ *
+ * Centralized logging for agent-firewall modules.
+ * Provides structured logging without console.* calls.
+ */
+"use strict";
+/**
+ * Log levels
+ */
+const LOG_LEVELS = {
+  DEBUG: 0,
+  INFO: 1,
+  WARN: 2,
+  ERROR: 3,
+  SILENT: 4,
+};
+/**
+ * Current log level (from environment or default)
+ */
+let currentLevel = LOG_LEVELS.INFO;
+if (process.env.VIBECHECK_LOG_LEVEL) {
+  const envLevel = process.env.VIBECHECK_LOG_LEVEL.toUpperCase();
+  if (LOG_LEVELS[envLevel] !== undefined) {
+    currentLevel = LOG_LEVELS[envLevel];
+  }
+}
+/**
+ * Log buffer for inspection
+ */
+const logBuffer = [];
+const MAX_BUFFER_SIZE = 500;
+/**
+ * Write a log entry
+ * @param {number} level - Log level
+ * @param {string} levelName - Level name
+ * @param {string} module - Module name
+ * @param {string} message - Message
+ * @param {Error} [error] - Optional error
+ */
+function writeLog(level, levelName, module, message, error) {
+  if (level < currentLevel) return;
+  const entry = {
+    timestamp: new Date().toISOString(),
+    level: levelName,
+    module,
+    message,
+    error: error ? { message: error.message, stack: error.stack } : null,
+  };
+  // Buffer for later inspection
+  logBuffer.push(entry);
+  if (logBuffer.length > MAX_BUFFER_SIZE) {
+    logBuffer.shift();
+  }
+  // Only write to stderr in debug mode or for warnings/errors
+  const formatted = `[${entry.timestamp}] [${levelName}] [${module}] ${message}`;
+  if (level >= LOG_LEVELS.WARN || process.env.VIBECHECK_DEBUG) {
+    process.stderr.write(formatted + '\n');
+  }
+}
+/**
+ * Create a logger for a module
+ * @param {string} moduleName - Module name
+ * @returns {Object} Logger
+ */
+function createLogger(moduleName) {
+  return {
+    debug: function(msg) { writeLog(LOG_LEVELS.DEBUG, 'DEBUG', moduleName, msg); },
+    info: function(msg) { writeLog(LOG_LEVELS.INFO, 'INFO', moduleName, msg); },
+    warn: function(msg, err) { writeLog(LOG_LEVELS.WARN, 'WARN', moduleName, msg, err || null); },
+    error: function(msg, err) { writeLog(LOG_LEVELS.ERROR, 'ERROR', moduleName, msg, err || null); },
+  };
+}
+/**
+ * Get error message safely
+ * @param {*} error - Error
+ * @returns {string} Message
+ */
+function getErrorMessage(error) {
+  if (error instanceof Error) return error.message;
+  if (typeof error === 'string') return error;
+  if (error && typeof error === 'object' && 'message' in error) {
+    return String(error.message);
+  }
+  return String(error);
+}
+/**
+ * Set log level
+ * @param {string|number} level - Level
+ */
+function setLogLevel(level) {
+  if (typeof level === 'string') {
+    const upper = level.toUpperCase();
+    if (LOG_LEVELS[upper] !== undefined) {
+      currentLevel = LOG_LEVELS[upper];
+    }
+  } else if (typeof level === 'number') {
+    currentLevel = level;
+  }
+}
+/**
+ * Get recent logs
+ * @param {number} count - Count
+ * @returns {Object[]} Logs
+ */
+function getRecentLogs(count) {
+  return logBuffer.slice(-(count || 100));
+}
+// Pre-created loggers
+const lawbookLogger = createLogger('Lawbook');
+const timeMachineLogger = createLogger('TimeMachine');
+const realityLogger = createLogger('Reality');
+const criticLogger = createLogger('Critic');
+const simulatorLogger = createLogger('Simulator');
+module.exports = {
+  createLogger,
+  getErrorMessage,
+  setLogLevel,
+  getRecentLogs,
+  LOG_LEVELS,
+  lawbookLogger,
+  timeMachineLogger,
+  realityLogger,
+  criticLogger,
+  simulatorLogger,
+};

package/bin/runners/lib/agent-firewall/policy/default-policy.json ADDED Viewed

@@ -0,0 +1,90 @@
+{
+  "version": "1.0",
+  "mode": "enforce",
+  "profile": "repo-lock",
+  "scope": {
+    "max_files_touched": 10,
+    "max_lines_changed": 600,
+    "blocked_paths": [
+      "**/node_modules/**",
+      "**/dist/**",
+      "**/.next/**",
+      "**/.vibecheck/packets/**"
+    ],
+    "allowed_paths": [
+      "apps/**",
+      "packages/**",
+      "src/**"
+    ],
+    "require_intent_for_expand_scope": true
+  },
+  "hard_domains": {
+    "routes": true,
+    "env": true,
+    "auth": true,
+    "contracts": true,
+    "payments": true,
+    "side_effects": true
+  },
+  "rules": {
+    "ghost_route": {
+      "severity": "block",
+      "enabled": true
+    },
+    "ghost_env": {
+      "severity": "block",
+      "enabled": true
+    },
+    "auth_drift": {
+      "severity": "block",
+      "enabled": true
+    },
+    "contract_drift": {
+      "severity": "block",
+      "enabled": true
+    },
+    "fake_success_ui": {
+      "severity": "warn",
+      "enabled": true,
+      "block_if_domain": ["payments", "auth", "side_effects"]
+    },
+    "scope_explosion": {
+      "severity": "block",
+      "enabled": true
+    },
+    "unsafe_side_effect": {
+      "severity": "block",
+      "enabled": true
+    },
+    "ai_false_positive_detection": {
+      "enabled": true,
+      "confidence_threshold": 0.8,
+      "logSkipped": true,
+      "useLLM": false
+    }
+  },
+  "evidence": {
+    "require_pointers": true,
+    "acceptable_sources": [
+      "truthpack.routes",
+      "truthpack.env",
+      "truthpack.auth",
+      "truthpack.contracts",
+      "repo.search"
+    ],
+    "pointer_format": "file:lineStart-lineEnd"
+  },
+  "verification": {
+    "require_for_domains": ["auth", "payments", "side_effects"],
+    "accepted": ["tests", "reality"],
+    "reality": {
+      "enabled": true,
+      "block_on": ["fake_success", "no_mutation", "network_error"]
+    }
+  },
+  "output": {
+    "write_change_packets": true,
+    "packet_dir": ".vibecheck/packets",
+    "report_formats": ["md", "html"]
+  }
+}