npm - vibecheck-ai - Versions diffs - 2.0.1 → 5.0.0 - Mend

vibecheck-ai 2.0.1 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (456) hide show

package/bin/.generated +25 -0
package/bin/_deprecations.js +463 -0
package/bin/_router.js +46 -0
package/bin/cli-hygiene.js +241 -0
package/bin/dev/run-v2-torture.js +30 -0
package/bin/registry.js +656 -0
package/bin/runners/CLI_REFACTOR_SUMMARY.md +229 -0
package/bin/runners/ENHANCEMENT_GUIDE.md +121 -0
package/bin/runners/REPORT_AUDIT.md +64 -0
package/bin/runners/cli-utils.js +1070 -0
package/bin/runners/context/ai-task-decomposer.js +337 -0
package/bin/runners/context/analyzer.js +513 -0
package/bin/runners/context/api-contracts.js +427 -0
package/bin/runners/context/context-diff.js +342 -0
package/bin/runners/context/context-pruner.js +291 -0
package/bin/runners/context/dependency-graph.js +414 -0
package/bin/runners/context/generators/claude.js +107 -0
package/bin/runners/context/generators/codex.js +108 -0
package/bin/runners/context/generators/copilot.js +119 -0
package/bin/runners/context/generators/cursor-enhanced.js +2525 -0
package/bin/runners/context/generators/cursor.js +514 -0
package/bin/runners/context/generators/mcp.js +169 -0
package/bin/runners/context/generators/windsurf.js +180 -0
package/bin/runners/context/git-context.js +304 -0
package/bin/runners/context/index.js +1110 -0
package/bin/runners/context/insights.js +173 -0
package/bin/runners/context/mcp-server/generate-rules.js +337 -0
package/bin/runners/context/mcp-server/index.js +1176 -0
package/bin/runners/context/mcp-server/package.json +24 -0
package/bin/runners/context/memory.js +200 -0
package/bin/runners/context/monorepo.js +215 -0
package/bin/runners/context/multi-repo-federation.js +404 -0
package/bin/runners/context/patterns.js +253 -0
package/bin/runners/context/proof-context.js +1264 -0
package/bin/runners/context/security-scanner.js +541 -0
package/bin/runners/context/semantic-search.js +350 -0
package/bin/runners/context/shared.js +264 -0
package/bin/runners/context/team-conventions.js +336 -0
package/bin/runners/lib/__tests__/entitlements-v2.test.js +295 -0
package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +474 -0
package/bin/runners/lib/agent-firewall/change-packet/builder.js +488 -0
package/bin/runners/lib/agent-firewall/change-packet/schema.json +228 -0
package/bin/runners/lib/agent-firewall/change-packet/store.js +200 -0
package/bin/runners/lib/agent-firewall/claims/claim-types.js +21 -0
package/bin/runners/lib/agent-firewall/claims/extractor.js +303 -0
package/bin/runners/lib/agent-firewall/claims/patterns.js +24 -0
package/bin/runners/lib/agent-firewall/critic/index.js +151 -0
package/bin/runners/lib/agent-firewall/critic/judge.js +432 -0
package/bin/runners/lib/agent-firewall/critic/prompts.js +305 -0
package/bin/runners/lib/agent-firewall/enforcement/gateway.js +1059 -0
package/bin/runners/lib/agent-firewall/enforcement/index.js +98 -0
package/bin/runners/lib/agent-firewall/enforcement/mode.js +318 -0
package/bin/runners/lib/agent-firewall/enforcement/orchestrator.js +484 -0
package/bin/runners/lib/agent-firewall/enforcement/proof-artifact.js +418 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/change-event.schema.json +173 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/intent.schema.json +181 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/verdict.schema.json +222 -0
package/bin/runners/lib/agent-firewall/enforcement/verdict-v2.js +333 -0
package/bin/runners/lib/agent-firewall/evidence/auth-evidence.js +88 -0
package/bin/runners/lib/agent-firewall/evidence/contract-evidence.js +75 -0
package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +127 -0
package/bin/runners/lib/agent-firewall/evidence/resolver.js +102 -0
package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +213 -0
package/bin/runners/lib/agent-firewall/evidence/side-effect-evidence.js +145 -0
package/bin/runners/lib/agent-firewall/fs-hook/daemon.js +19 -0
package/bin/runners/lib/agent-firewall/fs-hook/installer.js +87 -0
package/bin/runners/lib/agent-firewall/fs-hook/watcher.js +184 -0
package/bin/runners/lib/agent-firewall/git-hook/pre-commit.js +163 -0
package/bin/runners/lib/agent-firewall/ide-extension/cursor.js +107 -0
package/bin/runners/lib/agent-firewall/ide-extension/vscode.js +68 -0
package/bin/runners/lib/agent-firewall/ide-extension/windsurf.js +66 -0
package/bin/runners/lib/agent-firewall/index.js +200 -0
package/bin/runners/lib/agent-firewall/integration/index.js +20 -0
package/bin/runners/lib/agent-firewall/integration/ship-gate.js +437 -0
package/bin/runners/lib/agent-firewall/intent/alignment-engine.js +634 -0
package/bin/runners/lib/agent-firewall/intent/auto-detect.js +426 -0
package/bin/runners/lib/agent-firewall/intent/index.js +102 -0
package/bin/runners/lib/agent-firewall/intent/schema.js +352 -0
package/bin/runners/lib/agent-firewall/intent/store.js +283 -0
package/bin/runners/lib/agent-firewall/interception/fs-interceptor.js +502 -0
package/bin/runners/lib/agent-firewall/interception/index.js +23 -0
package/bin/runners/lib/agent-firewall/interceptor/base.js +308 -0
package/bin/runners/lib/agent-firewall/interceptor/cursor.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/vscode.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/windsurf.js +34 -0
package/bin/runners/lib/agent-firewall/lawbook/distributor.js +465 -0
package/bin/runners/lib/agent-firewall/lawbook/evaluator.js +604 -0
package/bin/runners/lib/agent-firewall/lawbook/index.js +304 -0
package/bin/runners/lib/agent-firewall/lawbook/registry.js +514 -0
package/bin/runners/lib/agent-firewall/lawbook/schema.js +420 -0
package/bin/runners/lib/agent-firewall/logger.js +141 -0
package/bin/runners/lib/agent-firewall/policy/default-policy.json +90 -0
package/bin/runners/lib/agent-firewall/policy/engine.js +103 -0
package/bin/runners/lib/agent-firewall/policy/loader.js +451 -0
package/bin/runners/lib/agent-firewall/policy/rules/auth-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/contract-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +79 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js +227 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +191 -0
package/bin/runners/lib/agent-firewall/policy/rules/scope.js +93 -0
package/bin/runners/lib/agent-firewall/policy/rules/unsafe-side-effect.js +57 -0
package/bin/runners/lib/agent-firewall/policy/schema.json +183 -0
package/bin/runners/lib/agent-firewall/policy/verdict.js +54 -0
package/bin/runners/lib/agent-firewall/proposal/extractor.js +394 -0
package/bin/runners/lib/agent-firewall/proposal/index.js +212 -0
package/bin/runners/lib/agent-firewall/proposal/schema.js +251 -0
package/bin/runners/lib/agent-firewall/proposal/validator.js +386 -0
package/bin/runners/lib/agent-firewall/reality/index.js +332 -0
package/bin/runners/lib/agent-firewall/reality/state.js +625 -0
package/bin/runners/lib/agent-firewall/reality/watcher.js +322 -0
package/bin/runners/lib/agent-firewall/risk/index.js +173 -0
package/bin/runners/lib/agent-firewall/risk/scorer.js +328 -0
package/bin/runners/lib/agent-firewall/risk/thresholds.js +322 -0
package/bin/runners/lib/agent-firewall/risk/vectors.js +421 -0
package/bin/runners/lib/agent-firewall/session/collector.js +451 -0
package/bin/runners/lib/agent-firewall/session/index.js +26 -0
package/bin/runners/lib/agent-firewall/simulator/diff-simulator.js +472 -0
package/bin/runners/lib/agent-firewall/simulator/import-resolver.js +346 -0
package/bin/runners/lib/agent-firewall/simulator/index.js +181 -0
package/bin/runners/lib/agent-firewall/simulator/route-validator.js +380 -0
package/bin/runners/lib/agent-firewall/time-machine/incident-correlator.js +661 -0
package/bin/runners/lib/agent-firewall/time-machine/index.js +267 -0
package/bin/runners/lib/agent-firewall/time-machine/replay-engine.js +436 -0
package/bin/runners/lib/agent-firewall/time-machine/state-reconstructor.js +490 -0
package/bin/runners/lib/agent-firewall/time-machine/timeline-builder.js +530 -0
package/bin/runners/lib/agent-firewall/truthpack/index.js +67 -0
package/bin/runners/lib/agent-firewall/truthpack/loader.js +137 -0
package/bin/runners/lib/agent-firewall/unblock/planner.js +337 -0
package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +118 -0
package/bin/runners/lib/ai-bridge.js +416 -0
package/bin/runners/lib/analysis-core.js +309 -0
package/bin/runners/lib/analyzers.js +2500 -0
package/bin/runners/lib/api-client.js +269 -0
package/bin/runners/lib/approve-output.js +235 -0
package/bin/runners/lib/artifact-envelope.js +540 -0
package/bin/runners/lib/assets/vibecheck-logo.png +0 -0
package/bin/runners/lib/audit-bridge.js +391 -0
package/bin/runners/lib/auth-shared.js +977 -0
package/bin/runners/lib/auth-truth.js +193 -0
package/bin/runners/lib/auth.js +215 -0
package/bin/runners/lib/authority-badge.js +425 -0
package/bin/runners/lib/backup.js +62 -0
package/bin/runners/lib/billing.js +107 -0
package/bin/runners/lib/checkpoint.js +941 -0
package/bin/runners/lib/claims.js +118 -0
package/bin/runners/lib/classify-output.js +204 -0
package/bin/runners/lib/cleanup/engine.js +571 -0
package/bin/runners/lib/cleanup/index.js +53 -0
package/bin/runners/lib/cleanup/output.js +375 -0
package/bin/runners/lib/cleanup/rules.js +1060 -0
package/bin/runners/lib/cli-output.js +400 -0
package/bin/runners/lib/cli-ui.js +540 -0
package/bin/runners/lib/compliance-bridge-new.js +0 -0
package/bin/runners/lib/compliance-bridge.js +165 -0
package/bin/runners/lib/contracts/auth-contract.js +202 -0
package/bin/runners/lib/contracts/env-contract.js +181 -0
package/bin/runners/lib/contracts/external-contract.js +206 -0
package/bin/runners/lib/contracts/guard.js +168 -0
package/bin/runners/lib/contracts/index.js +89 -0
package/bin/runners/lib/contracts/plan-validator.js +311 -0
package/bin/runners/lib/contracts/route-contract.js +199 -0
package/bin/runners/lib/contracts.js +804 -0
package/bin/runners/lib/default-config.js +127 -0
package/bin/runners/lib/detect.js +89 -0
package/bin/runners/lib/detectors-v2.js +622 -0
package/bin/runners/lib/doctor/autofix.js +254 -0
package/bin/runners/lib/doctor/diagnosis-receipt.js +454 -0
package/bin/runners/lib/doctor/failure-signatures.js +526 -0
package/bin/runners/lib/doctor/fix-script.js +336 -0
package/bin/runners/lib/doctor/index.js +37 -0
package/bin/runners/lib/doctor/modules/build-tools.js +453 -0
package/bin/runners/lib/doctor/modules/dependencies.js +325 -0
package/bin/runners/lib/doctor/modules/index.js +105 -0
package/bin/runners/lib/doctor/modules/network.js +250 -0
package/bin/runners/lib/doctor/modules/os-quirks.js +706 -0
package/bin/runners/lib/doctor/modules/project.js +312 -0
package/bin/runners/lib/doctor/modules/repo-integrity.js +485 -0
package/bin/runners/lib/doctor/modules/runtime.js +224 -0
package/bin/runners/lib/doctor/modules/security.js +350 -0
package/bin/runners/lib/doctor/modules/system.js +213 -0
package/bin/runners/lib/doctor/modules/vibecheck.js +394 -0
package/bin/runners/lib/doctor/reporter.js +262 -0
package/bin/runners/lib/doctor/safe-repair.js +384 -0
package/bin/runners/lib/doctor/service.js +262 -0
package/bin/runners/lib/doctor/types.js +113 -0
package/bin/runners/lib/doctor/ui.js +263 -0
package/bin/runners/lib/doctor-enhanced.js +233 -0
package/bin/runners/lib/doctor-output.js +226 -0
package/bin/runners/lib/doctor-v2.js +608 -0
package/bin/runners/lib/drift.js +425 -0
package/bin/runners/lib/enforcement.js +72 -0
package/bin/runners/lib/engine/ast-cache.js +210 -0
package/bin/runners/lib/engine/auth-extractor.js +211 -0
package/bin/runners/lib/engine/billing-extractor.js +112 -0
package/bin/runners/lib/engine/enforcement-extractor.js +100 -0
package/bin/runners/lib/engine/env-extractor.js +207 -0
package/bin/runners/lib/engine/express-extractor.js +208 -0
package/bin/runners/lib/engine/extractors.js +849 -0
package/bin/runners/lib/engine/index.js +207 -0
package/bin/runners/lib/engine/repo-index.js +514 -0
package/bin/runners/lib/engine/types.js +124 -0
package/bin/runners/lib/engines/accessibility-engine.js +190 -0
package/bin/runners/lib/engines/api-consistency-engine.js +162 -0
package/bin/runners/lib/engines/ast-cache.js +99 -0
package/bin/runners/lib/engines/attack-detector.js +1192 -0
package/bin/runners/lib/engines/code-quality-engine.js +255 -0
package/bin/runners/lib/engines/console-logs-engine.js +115 -0
package/bin/runners/lib/engines/cross-file-analysis-engine.js +268 -0
package/bin/runners/lib/engines/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/deprecated-api-engine.js +226 -0
package/bin/runners/lib/engines/empty-catch-engine.js +150 -0
package/bin/runners/lib/engines/file-filter.js +131 -0
package/bin/runners/lib/engines/hardcoded-secrets-engine.js +251 -0
package/bin/runners/lib/engines/mock-data-engine.js +272 -0
package/bin/runners/lib/engines/parallel-processor.js +71 -0
package/bin/runners/lib/engines/performance-issues-engine.js +265 -0
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +243 -0
package/bin/runners/lib/engines/todo-fixme-engine.js +115 -0
package/bin/runners/lib/engines/type-aware-engine.js +152 -0
package/bin/runners/lib/engines/unsafe-regex-engine.js +225 -0
package/bin/runners/lib/engines/vibecheck-engines/README.md +53 -0
package/bin/runners/lib/engines/vibecheck-engines/index.js +15 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +291 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +83 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +275 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +167 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +139 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +140 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +234 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +78 -0
package/bin/runners/lib/engines/vibecheck-engines/package.json +13 -0
package/bin/runners/lib/enterprise-detect.js +603 -0
package/bin/runners/lib/enterprise-init.js +942 -0
package/bin/runners/lib/entitlements-v2.js +265 -0
package/bin/runners/lib/entitlements.generated.js +0 -0
package/bin/runners/lib/entitlements.js +340 -0
package/bin/runners/lib/env-resolver.js +417 -0
package/bin/runners/lib/env-template.js +66 -0
package/bin/runners/lib/env.js +189 -0
package/bin/runners/lib/error-handler.js +368 -0
package/bin/runners/lib/error-messages.js +289 -0
package/bin/runners/lib/evidence-pack.js +684 -0
package/bin/runners/lib/exit-codes.js +275 -0
package/bin/runners/lib/extractors/client-calls.js +990 -0
package/bin/runners/lib/extractors/fastify-route-dump.js +573 -0
package/bin/runners/lib/extractors/fastify-routes.js +426 -0
package/bin/runners/lib/extractors/index.js +363 -0
package/bin/runners/lib/extractors/next-routes.js +524 -0
package/bin/runners/lib/extractors/proof-graph.js +431 -0
package/bin/runners/lib/extractors/route-matcher.js +451 -0
package/bin/runners/lib/extractors/truthpack-v2.js +377 -0
package/bin/runners/lib/extractors/ui-bindings.js +547 -0
package/bin/runners/lib/finding-id.js +69 -0
package/bin/runners/lib/finding-sorter.js +89 -0
package/bin/runners/lib/findings-schema.js +281 -0
package/bin/runners/lib/fingerprint.js +377 -0
package/bin/runners/lib/firewall-prompt.js +50 -0
package/bin/runners/lib/fix-output.js +228 -0
package/bin/runners/lib/global-flags.js +250 -0
package/bin/runners/lib/graph/graph-builder.js +265 -0
package/bin/runners/lib/graph/html-renderer.js +413 -0
package/bin/runners/lib/graph/index.js +32 -0
package/bin/runners/lib/graph/runtime-collector.js +215 -0
package/bin/runners/lib/graph/static-extractor.js +518 -0
package/bin/runners/lib/help-formatter.js +413 -0
package/bin/runners/lib/html-proof-report.js +913 -0
package/bin/runners/lib/html-report.js +650 -0
package/bin/runners/lib/init-wizard.js +601 -0
package/bin/runners/lib/interactive-menu.js +1496 -0
package/bin/runners/lib/json-output.js +76 -0
package/bin/runners/lib/llm.js +75 -0
package/bin/runners/lib/logger.js +38 -0
package/bin/runners/lib/meter.js +61 -0
package/bin/runners/lib/missions/briefing.js +427 -0
package/bin/runners/lib/missions/checkpoint.js +753 -0
package/bin/runners/lib/missions/evidence.js +126 -0
package/bin/runners/lib/missions/hardening.js +851 -0
package/bin/runners/lib/missions/plan.js +648 -0
package/bin/runners/lib/missions/safety-gates.js +645 -0
package/bin/runners/lib/missions/schema.js +478 -0
package/bin/runners/lib/missions/templates.js +317 -0
package/bin/runners/lib/next-action.js +560 -0
package/bin/runners/lib/packs/bundle.js +675 -0
package/bin/runners/lib/packs/evidence-pack.js +671 -0
package/bin/runners/lib/packs/pack-factory.js +837 -0
package/bin/runners/lib/packs/permissions-pack.js +686 -0
package/bin/runners/lib/packs/proof-graph-pack.js +779 -0
package/bin/runners/lib/patch.js +40 -0
package/bin/runners/lib/permissions/auth-model.js +213 -0
package/bin/runners/lib/permissions/idor-prover.js +205 -0
package/bin/runners/lib/permissions/index.js +45 -0
package/bin/runners/lib/permissions/matrix-builder.js +198 -0
package/bin/runners/lib/pkgjson.js +28 -0
package/bin/runners/lib/policy.js +295 -0
package/bin/runners/lib/polish/accessibility.js +62 -0
package/bin/runners/lib/polish/analyzer.js +93 -0
package/bin/runners/lib/polish/backend.js +87 -0
package/bin/runners/lib/polish/configuration.js +83 -0
package/bin/runners/lib/polish/documentation.js +83 -0
package/bin/runners/lib/polish/frontend.js +817 -0
package/bin/runners/lib/polish/index.js +27 -0
package/bin/runners/lib/polish/infrastructure.js +80 -0
package/bin/runners/lib/polish/internationalization.js +85 -0
package/bin/runners/lib/polish/libraries.js +180 -0
package/bin/runners/lib/polish/observability.js +75 -0
package/bin/runners/lib/polish/performance.js +64 -0
package/bin/runners/lib/polish/privacy.js +110 -0
package/bin/runners/lib/polish/resilience.js +92 -0
package/bin/runners/lib/polish/security.js +78 -0
package/bin/runners/lib/polish/seo.js +71 -0
package/bin/runners/lib/polish/styles.js +62 -0
package/bin/runners/lib/polish/utils.js +104 -0
package/bin/runners/lib/preflight.js +142 -0
package/bin/runners/lib/prerequisites.js +149 -0
package/bin/runners/lib/prove-output.js +220 -0
package/bin/runners/lib/reality/correlation-detectors.js +359 -0
package/bin/runners/lib/reality/index.js +318 -0
package/bin/runners/lib/reality/request-hashing.js +416 -0
package/bin/runners/lib/reality/request-mapper.js +453 -0
package/bin/runners/lib/reality/safety-rails.js +463 -0
package/bin/runners/lib/reality/semantic-snapshot.js +408 -0
package/bin/runners/lib/reality/toast-detector.js +393 -0
package/bin/runners/lib/reality-findings.js +84 -0
package/bin/runners/lib/reality-output.js +231 -0
package/bin/runners/lib/receipts.js +179 -0
package/bin/runners/lib/redact.js +29 -0
package/bin/runners/lib/replay/capsule-manager.js +154 -0
package/bin/runners/lib/replay/index.js +263 -0
package/bin/runners/lib/replay/player.js +348 -0
package/bin/runners/lib/replay/recorder.js +331 -0
package/bin/runners/lib/report-engine.js +626 -0
package/bin/runners/lib/report-html.js +1233 -0
package/bin/runners/lib/report-output.js +366 -0
package/bin/runners/lib/report-templates.js +967 -0
package/bin/runners/lib/report.js +135 -0
package/bin/runners/lib/route-detection.js +1209 -0
package/bin/runners/lib/route-truth.js +1322 -0
package/bin/runners/lib/safelist/index.js +96 -0
package/bin/runners/lib/safelist/integration.js +334 -0
package/bin/runners/lib/safelist/matcher.js +696 -0
package/bin/runners/lib/safelist/schema.js +948 -0
package/bin/runners/lib/safelist/store.js +438 -0
package/bin/runners/lib/sandbox/index.js +59 -0
package/bin/runners/lib/sandbox/proof-chain.js +399 -0
package/bin/runners/lib/sandbox/sandbox-runner.js +205 -0
package/bin/runners/lib/sandbox/worktree.js +174 -0
package/bin/runners/lib/scan-cache.js +330 -0
package/bin/runners/lib/scan-output-schema.js +344 -0
package/bin/runners/lib/scan-output.js +631 -0
package/bin/runners/lib/scan-runner.js +135 -0
package/bin/runners/lib/schema-validator.js +350 -0
package/bin/runners/lib/schemas/ajv-validator.js +464 -0
package/bin/runners/lib/schemas/contracts.schema.json +160 -0
package/bin/runners/lib/schemas/error-envelope.schema.json +105 -0
package/bin/runners/lib/schemas/finding-v3.schema.json +151 -0
package/bin/runners/lib/schemas/finding.schema.json +100 -0
package/bin/runners/lib/schemas/mission-pack.schema.json +206 -0
package/bin/runners/lib/schemas/proof-graph.schema.json +176 -0
package/bin/runners/lib/schemas/reality-report.schema.json +162 -0
package/bin/runners/lib/schemas/report-artifact.schema.json +120 -0
package/bin/runners/lib/schemas/run-request.schema.json +108 -0
package/bin/runners/lib/schemas/share-pack.schema.json +180 -0
package/bin/runners/lib/schemas/ship-manifest.schema.json +251 -0
package/bin/runners/lib/schemas/ship-report.schema.json +117 -0
package/bin/runners/lib/schemas/truthpack-v2.schema.json +303 -0
package/bin/runners/lib/schemas/validator.js +465 -0
package/bin/runners/lib/schemas/verdict.schema.json +140 -0
package/bin/runners/lib/score-history.js +282 -0
package/bin/runners/lib/security-bridge.js +249 -0
package/bin/runners/lib/server-usage.js +513 -0
package/bin/runners/lib/share-pack.js +239 -0
package/bin/runners/lib/ship-gate.js +832 -0
package/bin/runners/lib/ship-manifest.js +1153 -0
package/bin/runners/lib/ship-output-enterprise.js +239 -0
package/bin/runners/lib/ship-output.js +1128 -0
package/bin/runners/lib/snippets.js +67 -0
package/bin/runners/lib/status-output.js +340 -0
package/bin/runners/lib/terminal-ui.js +356 -0
package/bin/runners/lib/truth.js +1691 -0
package/bin/runners/lib/ui.js +562 -0
package/bin/runners/lib/unified-cli-output.js +947 -0
package/bin/runners/lib/unified-output.js +197 -0
package/bin/runners/lib/upsell.js +410 -0
package/bin/runners/lib/usage.js +153 -0
package/bin/runners/lib/validate-patch.js +156 -0
package/bin/runners/lib/verdict-engine.js +628 -0
package/bin/runners/lib/verification.js +345 -0
package/bin/runners/lib/why-tree.js +650 -0
package/bin/runners/reality/engine.js +917 -0
package/bin/runners/reality/flows.js +122 -0
package/bin/runners/reality/report.js +378 -0
package/bin/runners/reality/session.js +193 -0
package/bin/runners/runAIAgent.js +229 -0
package/bin/runners/runAgent.d.ts +5 -0
package/bin/runners/runAgent.js +161 -0
package/bin/runners/runAllowlist.js +418 -0
package/bin/runners/runApprove.js +320 -0
package/bin/runners/runAudit.js +692 -0
package/bin/runners/runAuth.js +731 -0
package/bin/runners/runCI.js +353 -0
package/bin/runners/runCheckpoint.js +530 -0
package/bin/runners/runClassify.js +928 -0
package/bin/runners/runCleanup.js +343 -0
package/bin/runners/runContext.d.ts +4 -0
package/bin/runners/runContext.js +175 -0
package/bin/runners/runDoctor.js +877 -0
package/bin/runners/runEvidencePack.js +362 -0
package/bin/runners/runFirewall.d.ts +5 -0
package/bin/runners/runFirewall.js +134 -0
package/bin/runners/runFirewallHook.d.ts +5 -0
package/bin/runners/runFirewallHook.js +56 -0
package/bin/runners/runFix.js +1355 -0
package/bin/runners/runForge.js +451 -0
package/bin/runners/runGuard.js +262 -0
package/bin/runners/runInit.js +1927 -0
package/bin/runners/runIntent.js +906 -0
package/bin/runners/runKickoff.js +878 -0
package/bin/runners/runLabs.js +424 -0
package/bin/runners/runLaunch.js +2000 -0
package/bin/runners/runLink.js +785 -0
package/bin/runners/runMcp.js +1875 -0
package/bin/runners/runPacks.js +2089 -0
package/bin/runners/runPolish.d.ts +4 -0
package/bin/runners/runPolish.js +390 -0
package/bin/runners/runPromptFirewall.js +211 -0
package/bin/runners/runProve.js +1411 -0
package/bin/runners/runQuickstart.js +531 -0
package/bin/runners/runReality.js +2260 -0
package/bin/runners/runReport.js +726 -0
package/bin/runners/runRuntime.js +110 -0
package/bin/runners/runSafelist.js +1190 -0
package/bin/runners/runScan.js +688 -0
package/bin/runners/runShield.js +1282 -0
package/bin/runners/runShip.js +1660 -0
package/bin/runners/runTruth.d.ts +5 -0
package/bin/runners/runTruth.js +101 -0
package/bin/runners/runValidate.js +179 -0
package/bin/runners/runWatch.js +478 -0
package/bin/runners/utils.js +360 -0
package/bin/scan.js +617 -0
package/bin/vibecheck.js +1617 -0
package/dist/guardrail/index.d.ts +2405 -0
package/dist/guardrail/index.js +9747 -0
package/dist/guardrail/index.js.map +1 -0
package/dist/scanner/index.d.ts +282 -0
package/dist/scanner/index.js +3395 -0
package/dist/scanner/index.js.map +1 -0
package/package.json +123 -104
package/README.md +0 -491
package/dist/index.js +0 -99711
package/dist/index.js.map +0 -1

package/bin/runners/lib/agent-firewall/policy/engine.js ADDED Viewed

@@ -0,0 +1,103 @@
+/**
+ * Policy Engine
+ *
+ * Main policy engine that evaluates all rules deterministically.
+ * Uses AI to reduce false positives when enabled.
+ */
+"use strict";
+const ghostRoute = require("./rules/ghost-route");
+const ghostEnv = require("./rules/ghost-env");
+const authDrift = require("./rules/auth-drift");
+const contractDrift = require("./rules/contract-drift");
+const fakeSuccess = require("./rules/fake-success");
+const scope = require("./rules/scope");
+const unsafeSideEffect = require("./rules/unsafe-side-effect");
+const { generateVerdict } = require("./verdict");
+const { analyzeFalsePositive } = require("../ai/false-positive-analyzer");
+/**
+ * Evaluate policy against change packet
+ * @param {object} params
+ * @param {object} params.policy - Policy configuration
+ * @param {array} params.claims - Extracted claims
+ * @param {array} params.evidence - Evidence resolution results
+ * @param {array} params.files - Changed files
+ * @param {string} params.intent - Agent intent message
+ * @returns {Promise<object>} Verdict object
+ */
+async function evaluatePolicy({ policy, claims, evidence, files, intent }) {
+  const violations = [];
+  // Evaluate all rules
+  const ruleEvaluators = [
+    ghostRoute,
+    ghostEnv,
+    authDrift,
+    contractDrift,
+    fakeSuccess,
+    unsafeSideEffect
+  ];
+  // Evaluate claim-based rules
+  for (const evaluator of ruleEvaluators) {
+    try {
+      const violation = evaluator.evaluate({ claims, evidence, policy });
+      if (violation) {
+        // Use AI to check if this is a false positive
+        const claim = claims.find(c =>
+          c.type === violation.claim?.type &&
+          c.value === violation.claim?.value
+        );
+        if (claim && policy.rules?.ai_false_positive_detection?.enabled) {
+          try {
+            const aiAnalysis = await analyzeFalsePositive({
+              violation,
+              claim,
+              filePath: claim.file || violation.claim?.file || "unknown",
+              projectRoot: process.cwd(),
+              policy
+            });
+            // If AI determines it's a false positive with high confidence, skip it
+            if (aiAnalysis.isFalsePositive && aiAnalysis.confidence >= 0.8) {
+              // Log but don't add to violations
+              if (policy.rules?.ai_false_positive_detection?.logSkipped) {
+                console.log(`[AI] Skipping false positive: ${violation.message} (confidence: ${aiAnalysis.confidence}, reason: ${aiAnalysis.reason})`);
+              }
+              continue;
+            }
+          } catch (aiError) {
+            // If AI analysis fails, proceed with the violation
+            console.warn(`[AI] False positive analysis failed: ${aiError.message}`);
+          }
+        }
+        violations.push(violation);
+      }
+    } catch (error) {
+      console.warn(`Rule evaluation error: ${error.message}`);
+    }
+  }
+  // Evaluate scope rule (file-based)
+  try {
+    const violation = scope.evaluate({ files, intent, policy });
+    if (violation) {
+      violations.push(violation);
+    }
+  } catch (error) {
+    console.warn(`Scope rule evaluation error: ${error.message}`);
+  }
+  // Generate final verdict
+  const verdict = generateVerdict(violations);
+  return verdict;
+}
+module.exports = {
+  evaluatePolicy
+};

package/bin/runners/lib/agent-firewall/policy/loader.js ADDED Viewed

@@ -0,0 +1,451 @@
+/**
+ * Policy Loader
+ *
+ * Loads and validates agent firewall policy from:
+ * - .vibecheck/policy.json (JSON policy)
+ * - .vibecheck/rules.yaml (YAML rule DSL)
+ * - .vibecheckrc (legacy)
+ *
+ * Falls back to default policy if not found.
+ */
+"use strict";
+const fs = require("fs");
+const path = require("path");
+const Ajv = require("ajv").default || require("ajv");
+// Try to load YAML parser
+let yaml = null;
+try {
+  yaml = require("js-yaml");
+} catch {
+  // js-yaml not available, YAML support disabled
+}
+// Load schema
+const schemaPath = path.join(__dirname, "schema.json");
+const schema = JSON.parse(fs.readFileSync(schemaPath, "utf8"));
+// Load default policy
+const defaultPolicyPath = path.join(__dirname, "default-policy.json");
+const defaultPolicy = JSON.parse(fs.readFileSync(defaultPolicyPath, "utf8"));
+/**
+ * Load YAML rules file
+ * @param {string} rulesPath - Path to rules.yaml
+ * @returns {Array} Parsed rules array
+ */
+function loadYamlRules(rulesPath) {
+  if (!yaml) {
+    console.warn("js-yaml not installed, YAML rules not loaded");
+    return [];
+  }
+  try {
+    const content = fs.readFileSync(rulesPath, "utf8");
+    const parsed = yaml.load(content);
+    if (!parsed || !parsed.rules) {
+      return [];
+    }
+    return normalizeYamlRules(parsed.rules);
+  } catch (error) {
+    console.warn(`Failed to load YAML rules: ${error.message}`);
+    return [];
+  }
+}
+/**
+ * Normalize YAML rules to policy format
+ * @param {Array} rules - Raw YAML rules
+ * @returns {Array} Normalized rules
+ */
+function normalizeYamlRules(rules) {
+  return rules.map(rule => {
+    // Map YAML DSL actions to policy severity
+    const severityMap = {
+      block: "block",
+      warn: "warn",
+      allow: "allow",
+      require_confirmation: "warn",
+    };
+    return {
+      id: rule.id,
+      description: rule.description || "",
+      severity: severityMap[rule.action] || "warn",
+      enabled: rule.enabled !== false,
+      match: rule.match || {},
+      action: rule.action || "warn",
+      message: rule.message || rule.description || "",
+      // Custom rule evaluator info
+      custom: rule.custom || null,
+      block_if_domain: rule.block_if_domain || [],
+    };
+  });
+}
+/**
+ * Merge YAML rules into policy
+ * @param {object} policy - Policy object
+ * @param {Array} yamlRules - Normalized YAML rules
+ * @returns {object} Policy with merged rules
+ */
+function mergeYamlRulesIntoPolicy(policy, yamlRules) {
+  if (!yamlRules || yamlRules.length === 0) {
+    return policy;
+  }
+  const merged = { ...policy };
+  merged.rules = merged.rules || {};
+  merged.customRules = merged.customRules || [];
+  for (const rule of yamlRules) {
+    // Add to custom rules array
+    merged.customRules.push(rule);
+    // Also add to rules object for backward compatibility
+    if (rule.id) {
+      merged.rules[rule.id] = {
+        severity: rule.severity,
+        enabled: rule.enabled,
+        block_if_domain: rule.block_if_domain,
+      };
+    }
+  }
+  return merged;
+}
+/**
+ * Load policy from project root
+ * @param {string} projectRoot - Project root directory
+ * @param {object} overrides - Optional policy overrides
+ * @returns {object} Loaded and validated policy
+ */
+function loadPolicy(projectRoot, overrides = {}) {
+  const policyPath = path.join(projectRoot, ".vibecheck", "policy.json");
+  const yamlRulesPath = path.join(projectRoot, ".vibecheck", "rules.yaml");
+  const legacyRcPath = path.join(projectRoot, ".vibecheckrc");
+  let policy;
+  // Try to load project policy (JSON)
+  if (fs.existsSync(policyPath)) {
+    try {
+      policy = JSON.parse(fs.readFileSync(policyPath, "utf8"));
+    } catch (error) {
+      throw new Error(`Failed to parse policy file: ${error.message}`);
+    }
+  } else if (fs.existsSync(legacyRcPath)) {
+    // Try legacy .vibecheckrc
+    try {
+      policy = JSON.parse(fs.readFileSync(legacyRcPath, "utf8"));
+    } catch (error) {
+      // Might be YAML format
+      if (yaml) {
+        try {
+          policy = yaml.load(fs.readFileSync(legacyRcPath, "utf8"));
+        } catch {
+          throw new Error(`Failed to parse .vibecheckrc: ${error.message}`);
+        }
+      } else {
+        throw new Error(`Failed to parse .vibecheckrc: ${error.message}`);
+      }
+    }
+  } else {
+    // Use default policy
+    policy = JSON.parse(JSON.stringify(defaultPolicy));
+  }
+  // Load and merge YAML rules if present
+  if (fs.existsSync(yamlRulesPath)) {
+    const yamlRules = loadYamlRules(yamlRulesPath);
+    policy = mergeYamlRulesIntoPolicy(policy, yamlRules);
+  }
+  // Apply overrides (deep merge)
+  if (Object.keys(overrides).length > 0) {
+    policy = deepMerge(policy, overrides);
+  }
+  // Validate against schema
+  const ajv = new Ajv({ allErrors: true, strict: false });
+  const validate = ajv.compile(schema);
+  const valid = validate(policy);
+  if (!valid) {
+    const errors = validate.errors.map(e =>
+      `${e.instancePath || 'root'} ${e.message}`
+    ).join(', ');
+    throw new Error(`Policy validation failed: ${errors}`);
+  }
+  return policy;
+}
+/**
+ * Deep merge two objects
+ * @param {object} target - Target object
+ * @param {object} source - Source object to merge
+ * @returns {object} Merged object
+ */
+function deepMerge(target, source) {
+  const output = Object.assign({}, target);
+  if (isObject(target) && isObject(source)) {
+    Object.keys(source).forEach(key => {
+      if (isObject(source[key])) {
+        if (!(key in target)) {
+          Object.assign(output, { [key]: source[key] });
+        } else {
+          output[key] = deepMerge(target[key], source[key]);
+        }
+      } else {
+        Object.assign(output, { [key]: source[key] });
+      }
+    });
+  }
+  return output;
+}
+/**
+ * Check if value is a plain object
+ * @param {*} item - Value to check
+ * @returns {boolean}
+ */
+function isObject(item) {
+  return item && typeof item === 'object' && !Array.isArray(item);
+}
+/**
+ * Get default policy
+ * @returns {object} Default policy
+ */
+function getDefaultPolicy() {
+  return JSON.parse(JSON.stringify(defaultPolicy));
+}
+/**
+ * Save policy to project root
+ * @param {string} projectRoot - Project root directory
+ * @param {object} policy - Policy to save
+ */
+function savePolicy(projectRoot, policy) {
+  const vibecheckDir = path.join(projectRoot, ".vibecheck");
+  const policyPath = path.join(vibecheckDir, "policy.json");
+  // Ensure .vibecheck directory exists
+  if (!fs.existsSync(vibecheckDir)) {
+    fs.mkdirSync(vibecheckDir, { recursive: true });
+  }
+  // Validate before saving
+  const ajv = new Ajv({ allErrors: true, strict: false });
+  const validate = ajv.compile(schema);
+  const valid = validate(policy);
+  if (!valid) {
+    const errors = validate.errors.map(e =>
+      `${e.instancePath || 'root'} ${e.message}`
+    ).join(', ');
+    throw new Error(`Policy validation failed: ${errors}`);
+  }
+  fs.writeFileSync(policyPath, JSON.stringify(policy, null, 2));
+}
+/**
+ * Save YAML rules to project root
+ * @param {string} projectRoot - Project root directory
+ * @param {Array} rules - Rules array
+ */
+function saveYamlRules(projectRoot, rules) {
+  if (!yaml) {
+    throw new Error("js-yaml not installed, cannot save YAML rules");
+  }
+  const vibecheckDir = path.join(projectRoot, ".vibecheck");
+  const rulesPath = path.join(vibecheckDir, "rules.yaml");
+  // Ensure .vibecheck directory exists
+  if (!fs.existsSync(vibecheckDir)) {
+    fs.mkdirSync(vibecheckDir, { recursive: true });
+  }
+  const content = yaml.dump({ rules }, {
+    lineWidth: 120,
+    quotingType: '"',
+    forceQuotes: false,
+  });
+  fs.writeFileSync(rulesPath, content);
+}
+/**
+ * Create default YAML rules file
+ * @param {string} projectRoot - Project root directory
+ */
+function createDefaultYamlRules(projectRoot) {
+  const defaultRules = [
+    {
+      id: "no-phantom-env",
+      description: "Block undeclared environment variables",
+      match: { type: "env", exists: false },
+      action: "block",
+      message: "Env vars must be declared before use",
+    },
+    {
+      id: "no-ghost-routes",
+      description: "Block routes that reference unregistered paths",
+      match: { type: "route", registered: false },
+      action: "block",
+      message: "Routes must be registered in the router",
+    },
+    {
+      id: "core-folder-protection",
+      description: "Require confirmation for changes to core code",
+      match: { path: "^src/core/" },
+      action: "require_confirmation",
+      message: "Changes to core require explicit confirmation",
+    },
+    {
+      id: "no-silent-deletes",
+      description: "Require confirmation for file deletions",
+      match: { operation: "delete" },
+      action: "require_confirmation",
+      message: "File deletions require explicit confirmation",
+    },
+    {
+      id: "auth-changes-high-risk",
+      description: "Flag authentication changes as high risk",
+      match: { tags: ["auth", "security"] },
+      action: "warn",
+      block_if_domain: ["payments"],
+      message: "Auth changes require careful review",
+    },
+    {
+      id: "max-files-per-change",
+      description: "Limit number of files in a single change",
+      match: { files_count: { gt: 10 } },
+      action: "require_confirmation",
+      message: "Large changes (>10 files) require confirmation",
+    },
+  ];
+  saveYamlRules(projectRoot, defaultRules);
+}
+/**
+ * Get custom rules from policy
+ * @param {object} policy - Policy object
+ * @returns {Array} Custom rules
+ */
+function getCustomRules(policy) {
+  return policy.customRules || [];
+}
+/**
+ * Evaluate a custom YAML rule against a change
+ * @param {object} rule - Rule definition
+ * @param {object} context - Change context
+ * @returns {object|null} Violation if rule triggered, null otherwise
+ */
+function evaluateCustomRule(rule, context) {
+  if (!rule.enabled) return null;
+  const match = rule.match || {};
+  let triggered = false;
+  // Match by type
+  if (match.type) {
+    const claims = context.claims || [];
+    const typeClaims = claims.filter(c => c.type === match.type);
+    if (typeClaims.length > 0) {
+      if (match.exists === false) {
+        // Check if any claim doesn't exist
+        triggered = typeClaims.some(c => !c.exists);
+      } else if (match.registered === false) {
+        triggered = typeClaims.some(c => !c.registered);
+      } else {
+        triggered = true;
+      }
+    }
+  }
+  // Match by path pattern
+  if (match.path) {
+    const files = context.files || [];
+    const regex = new RegExp(match.path);
+    triggered = triggered || files.some(f => regex.test(f.path || f));
+  }
+  // Match by operation
+  if (match.operation) {
+    const operations = context.operations || [];
+    triggered = triggered || operations.some(op => op.type === match.operation);
+  }
+  // Match by file count
+  if (match.files_count) {
+    const fileCount = (context.files || []).length;
+    if (match.files_count.gt && fileCount > match.files_count.gt) {
+      triggered = true;
+    }
+    if (match.files_count.lt && fileCount < match.files_count.lt) {
+      triggered = true;
+    }
+  }
+  // Match by tags
+  if (match.tags && Array.isArray(match.tags)) {
+    const domains = context.domains || [];
+    triggered = triggered || match.tags.some(tag => domains.includes(tag));
+  }
+  if (!triggered) return null;
+  // Check block_if_domain upgrade
+  let severity = rule.severity || rule.action;
+  if (rule.block_if_domain && rule.block_if_domain.length > 0) {
+    const domains = context.domains || [];
+    if (rule.block_if_domain.some(d => domains.includes(d))) {
+      severity = "block";
+    }
+  }
+  return {
+    rule: rule.id,
+    type: "custom_rule",
+    severity,
+    message: rule.message || rule.description || `Rule ${rule.id} triggered`,
+  };
+}
+/**
+ * Check if YAML support is available
+ * @returns {boolean} YAML support available
+ */
+function hasYamlSupport() {
+  return yaml !== null;
+}
+module.exports = {
+  loadPolicy,
+  getDefaultPolicy,
+  savePolicy,
+  loadYamlRules,
+  saveYamlRules,
+  createDefaultYamlRules,
+  getCustomRules,
+  evaluateCustomRule,
+  mergeYamlRulesIntoPolicy,
+  normalizeYamlRules,
+  hasYamlSupport,
+  schema,
+  defaultPolicy
+};

package/bin/runners/lib/agent-firewall/policy/rules/auth-drift.js ADDED Viewed

@@ -0,0 +1,50 @@
+/**
+ * Auth Drift Rule
+ *
+ * Blocks if auth restriction claimed but not enforced.
+ */
+"use strict";
+const { CLAIM_TYPES } = require("../../claims/claim-types");
+/**
+ * Evaluate auth drift rule
+ * @param {object} params
+ * @param {array} params.claims - Extracted claims
+ * @param {array} params.evidence - Evidence resolution results
+ * @param {object} params.policy - Policy configuration
+ * @returns {object|null} Violation or null
+ */
+function evaluate({ claims, evidence, policy }) {
+  const ruleConfig = policy.rules?.auth_drift;
+  if (!ruleConfig || !ruleConfig.enabled) {
+    return null;
+  }
+  // Find auth claims with CONTRADICTS evidence
+  for (let i = 0; i < claims.length; i++) {
+    const claim = claims[i];
+    if (claim.type === CLAIM_TYPES.AUTH) {
+      const ev = evidence.find(e => e.claimId === `claim_${i}`);
+      if (ev && ev.result === "CONTRADICTS") {
+        return {
+          rule: "auth_drift",
+          severity: ruleConfig.severity || "block",
+          message: `Auth drift: ${claim.value} claims auth restriction but route is not protected`,
+          claimId: `claim_${i}`,
+          claim
+        };
+      }
+    }
+  }
+  return null;
+}
+module.exports = {
+  evaluate
+};

package/bin/runners/lib/agent-firewall/policy/rules/contract-drift.js ADDED Viewed

@@ -0,0 +1,50 @@
+/**
+ * Contract Drift Rule
+ *
+ * Blocks if API contract mismatch.
+ */
+"use strict";
+const { CLAIM_TYPES } = require("../../claims/claim-types");
+/**
+ * Evaluate contract drift rule
+ * @param {object} params
+ * @param {array} params.claims - Extracted claims
+ * @param {array} params.evidence - Evidence resolution results
+ * @param {object} params.policy - Policy configuration
+ * @returns {object|null} Violation or null
+ */
+function evaluate({ claims, evidence, policy }) {
+  const ruleConfig = policy.rules?.contract_drift;
+  if (!ruleConfig || !ruleConfig.enabled) {
+    return null;
+  }
+  // Find contract claims with CONTRADICTS evidence
+  for (let i = 0; i < claims.length; i++) {
+    const claim = claims[i];
+    if (claim.type === CLAIM_TYPES.CONTRACT) {
+      const ev = evidence.find(e => e.claimId === `claim_${i}`);
+      if (ev && ev.result === "CONTRADICTS") {
+        return {
+          rule: "contract_drift",
+          severity: ruleConfig.severity || "block",
+          message: `Contract drift: ${claim.value} API contract mismatch`,
+          claimId: `claim_${i}`,
+          claim
+        };
+      }
+    }
+  }
+  return null;
+}
+module.exports = {
+  evaluate
+};