npm - vibecheck-ai - Versions diffs - 2.0.1 → 5.0.0 - Mend

vibecheck-ai 2.0.1 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (456) hide show

package/bin/.generated +25 -0
package/bin/_deprecations.js +463 -0
package/bin/_router.js +46 -0
package/bin/cli-hygiene.js +241 -0
package/bin/dev/run-v2-torture.js +30 -0
package/bin/registry.js +656 -0
package/bin/runners/CLI_REFACTOR_SUMMARY.md +229 -0
package/bin/runners/ENHANCEMENT_GUIDE.md +121 -0
package/bin/runners/REPORT_AUDIT.md +64 -0
package/bin/runners/cli-utils.js +1070 -0
package/bin/runners/context/ai-task-decomposer.js +337 -0
package/bin/runners/context/analyzer.js +513 -0
package/bin/runners/context/api-contracts.js +427 -0
package/bin/runners/context/context-diff.js +342 -0
package/bin/runners/context/context-pruner.js +291 -0
package/bin/runners/context/dependency-graph.js +414 -0
package/bin/runners/context/generators/claude.js +107 -0
package/bin/runners/context/generators/codex.js +108 -0
package/bin/runners/context/generators/copilot.js +119 -0
package/bin/runners/context/generators/cursor-enhanced.js +2525 -0
package/bin/runners/context/generators/cursor.js +514 -0
package/bin/runners/context/generators/mcp.js +169 -0
package/bin/runners/context/generators/windsurf.js +180 -0
package/bin/runners/context/git-context.js +304 -0
package/bin/runners/context/index.js +1110 -0
package/bin/runners/context/insights.js +173 -0
package/bin/runners/context/mcp-server/generate-rules.js +337 -0
package/bin/runners/context/mcp-server/index.js +1176 -0
package/bin/runners/context/mcp-server/package.json +24 -0
package/bin/runners/context/memory.js +200 -0
package/bin/runners/context/monorepo.js +215 -0
package/bin/runners/context/multi-repo-federation.js +404 -0
package/bin/runners/context/patterns.js +253 -0
package/bin/runners/context/proof-context.js +1264 -0
package/bin/runners/context/security-scanner.js +541 -0
package/bin/runners/context/semantic-search.js +350 -0
package/bin/runners/context/shared.js +264 -0
package/bin/runners/context/team-conventions.js +336 -0
package/bin/runners/lib/__tests__/entitlements-v2.test.js +295 -0
package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +474 -0
package/bin/runners/lib/agent-firewall/change-packet/builder.js +488 -0
package/bin/runners/lib/agent-firewall/change-packet/schema.json +228 -0
package/bin/runners/lib/agent-firewall/change-packet/store.js +200 -0
package/bin/runners/lib/agent-firewall/claims/claim-types.js +21 -0
package/bin/runners/lib/agent-firewall/claims/extractor.js +303 -0
package/bin/runners/lib/agent-firewall/claims/patterns.js +24 -0
package/bin/runners/lib/agent-firewall/critic/index.js +151 -0
package/bin/runners/lib/agent-firewall/critic/judge.js +432 -0
package/bin/runners/lib/agent-firewall/critic/prompts.js +305 -0
package/bin/runners/lib/agent-firewall/enforcement/gateway.js +1059 -0
package/bin/runners/lib/agent-firewall/enforcement/index.js +98 -0
package/bin/runners/lib/agent-firewall/enforcement/mode.js +318 -0
package/bin/runners/lib/agent-firewall/enforcement/orchestrator.js +484 -0
package/bin/runners/lib/agent-firewall/enforcement/proof-artifact.js +418 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/change-event.schema.json +173 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/intent.schema.json +181 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/verdict.schema.json +222 -0
package/bin/runners/lib/agent-firewall/enforcement/verdict-v2.js +333 -0
package/bin/runners/lib/agent-firewall/evidence/auth-evidence.js +88 -0
package/bin/runners/lib/agent-firewall/evidence/contract-evidence.js +75 -0
package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +127 -0
package/bin/runners/lib/agent-firewall/evidence/resolver.js +102 -0
package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +213 -0
package/bin/runners/lib/agent-firewall/evidence/side-effect-evidence.js +145 -0
package/bin/runners/lib/agent-firewall/fs-hook/daemon.js +19 -0
package/bin/runners/lib/agent-firewall/fs-hook/installer.js +87 -0
package/bin/runners/lib/agent-firewall/fs-hook/watcher.js +184 -0
package/bin/runners/lib/agent-firewall/git-hook/pre-commit.js +163 -0
package/bin/runners/lib/agent-firewall/ide-extension/cursor.js +107 -0
package/bin/runners/lib/agent-firewall/ide-extension/vscode.js +68 -0
package/bin/runners/lib/agent-firewall/ide-extension/windsurf.js +66 -0
package/bin/runners/lib/agent-firewall/index.js +200 -0
package/bin/runners/lib/agent-firewall/integration/index.js +20 -0
package/bin/runners/lib/agent-firewall/integration/ship-gate.js +437 -0
package/bin/runners/lib/agent-firewall/intent/alignment-engine.js +634 -0
package/bin/runners/lib/agent-firewall/intent/auto-detect.js +426 -0
package/bin/runners/lib/agent-firewall/intent/index.js +102 -0
package/bin/runners/lib/agent-firewall/intent/schema.js +352 -0
package/bin/runners/lib/agent-firewall/intent/store.js +283 -0
package/bin/runners/lib/agent-firewall/interception/fs-interceptor.js +502 -0
package/bin/runners/lib/agent-firewall/interception/index.js +23 -0
package/bin/runners/lib/agent-firewall/interceptor/base.js +308 -0
package/bin/runners/lib/agent-firewall/interceptor/cursor.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/vscode.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/windsurf.js +34 -0
package/bin/runners/lib/agent-firewall/lawbook/distributor.js +465 -0
package/bin/runners/lib/agent-firewall/lawbook/evaluator.js +604 -0
package/bin/runners/lib/agent-firewall/lawbook/index.js +304 -0
package/bin/runners/lib/agent-firewall/lawbook/registry.js +514 -0
package/bin/runners/lib/agent-firewall/lawbook/schema.js +420 -0
package/bin/runners/lib/agent-firewall/logger.js +141 -0
package/bin/runners/lib/agent-firewall/policy/default-policy.json +90 -0
package/bin/runners/lib/agent-firewall/policy/engine.js +103 -0
package/bin/runners/lib/agent-firewall/policy/loader.js +451 -0
package/bin/runners/lib/agent-firewall/policy/rules/auth-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/contract-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +79 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js +227 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +191 -0
package/bin/runners/lib/agent-firewall/policy/rules/scope.js +93 -0
package/bin/runners/lib/agent-firewall/policy/rules/unsafe-side-effect.js +57 -0
package/bin/runners/lib/agent-firewall/policy/schema.json +183 -0
package/bin/runners/lib/agent-firewall/policy/verdict.js +54 -0
package/bin/runners/lib/agent-firewall/proposal/extractor.js +394 -0
package/bin/runners/lib/agent-firewall/proposal/index.js +212 -0
package/bin/runners/lib/agent-firewall/proposal/schema.js +251 -0
package/bin/runners/lib/agent-firewall/proposal/validator.js +386 -0
package/bin/runners/lib/agent-firewall/reality/index.js +332 -0
package/bin/runners/lib/agent-firewall/reality/state.js +625 -0
package/bin/runners/lib/agent-firewall/reality/watcher.js +322 -0
package/bin/runners/lib/agent-firewall/risk/index.js +173 -0
package/bin/runners/lib/agent-firewall/risk/scorer.js +328 -0
package/bin/runners/lib/agent-firewall/risk/thresholds.js +322 -0
package/bin/runners/lib/agent-firewall/risk/vectors.js +421 -0
package/bin/runners/lib/agent-firewall/session/collector.js +451 -0
package/bin/runners/lib/agent-firewall/session/index.js +26 -0
package/bin/runners/lib/agent-firewall/simulator/diff-simulator.js +472 -0
package/bin/runners/lib/agent-firewall/simulator/import-resolver.js +346 -0
package/bin/runners/lib/agent-firewall/simulator/index.js +181 -0
package/bin/runners/lib/agent-firewall/simulator/route-validator.js +380 -0
package/bin/runners/lib/agent-firewall/time-machine/incident-correlator.js +661 -0
package/bin/runners/lib/agent-firewall/time-machine/index.js +267 -0
package/bin/runners/lib/agent-firewall/time-machine/replay-engine.js +436 -0
package/bin/runners/lib/agent-firewall/time-machine/state-reconstructor.js +490 -0
package/bin/runners/lib/agent-firewall/time-machine/timeline-builder.js +530 -0
package/bin/runners/lib/agent-firewall/truthpack/index.js +67 -0
package/bin/runners/lib/agent-firewall/truthpack/loader.js +137 -0
package/bin/runners/lib/agent-firewall/unblock/planner.js +337 -0
package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +118 -0
package/bin/runners/lib/ai-bridge.js +416 -0
package/bin/runners/lib/analysis-core.js +309 -0
package/bin/runners/lib/analyzers.js +2500 -0
package/bin/runners/lib/api-client.js +269 -0
package/bin/runners/lib/approve-output.js +235 -0
package/bin/runners/lib/artifact-envelope.js +540 -0
package/bin/runners/lib/assets/vibecheck-logo.png +0 -0
package/bin/runners/lib/audit-bridge.js +391 -0
package/bin/runners/lib/auth-shared.js +977 -0
package/bin/runners/lib/auth-truth.js +193 -0
package/bin/runners/lib/auth.js +215 -0
package/bin/runners/lib/authority-badge.js +425 -0
package/bin/runners/lib/backup.js +62 -0
package/bin/runners/lib/billing.js +107 -0
package/bin/runners/lib/checkpoint.js +941 -0
package/bin/runners/lib/claims.js +118 -0
package/bin/runners/lib/classify-output.js +204 -0
package/bin/runners/lib/cleanup/engine.js +571 -0
package/bin/runners/lib/cleanup/index.js +53 -0
package/bin/runners/lib/cleanup/output.js +375 -0
package/bin/runners/lib/cleanup/rules.js +1060 -0
package/bin/runners/lib/cli-output.js +400 -0
package/bin/runners/lib/cli-ui.js +540 -0
package/bin/runners/lib/compliance-bridge-new.js +0 -0
package/bin/runners/lib/compliance-bridge.js +165 -0
package/bin/runners/lib/contracts/auth-contract.js +202 -0
package/bin/runners/lib/contracts/env-contract.js +181 -0
package/bin/runners/lib/contracts/external-contract.js +206 -0
package/bin/runners/lib/contracts/guard.js +168 -0
package/bin/runners/lib/contracts/index.js +89 -0
package/bin/runners/lib/contracts/plan-validator.js +311 -0
package/bin/runners/lib/contracts/route-contract.js +199 -0
package/bin/runners/lib/contracts.js +804 -0
package/bin/runners/lib/default-config.js +127 -0
package/bin/runners/lib/detect.js +89 -0
package/bin/runners/lib/detectors-v2.js +622 -0
package/bin/runners/lib/doctor/autofix.js +254 -0
package/bin/runners/lib/doctor/diagnosis-receipt.js +454 -0
package/bin/runners/lib/doctor/failure-signatures.js +526 -0
package/bin/runners/lib/doctor/fix-script.js +336 -0
package/bin/runners/lib/doctor/index.js +37 -0
package/bin/runners/lib/doctor/modules/build-tools.js +453 -0
package/bin/runners/lib/doctor/modules/dependencies.js +325 -0
package/bin/runners/lib/doctor/modules/index.js +105 -0
package/bin/runners/lib/doctor/modules/network.js +250 -0
package/bin/runners/lib/doctor/modules/os-quirks.js +706 -0
package/bin/runners/lib/doctor/modules/project.js +312 -0
package/bin/runners/lib/doctor/modules/repo-integrity.js +485 -0
package/bin/runners/lib/doctor/modules/runtime.js +224 -0
package/bin/runners/lib/doctor/modules/security.js +350 -0
package/bin/runners/lib/doctor/modules/system.js +213 -0
package/bin/runners/lib/doctor/modules/vibecheck.js +394 -0
package/bin/runners/lib/doctor/reporter.js +262 -0
package/bin/runners/lib/doctor/safe-repair.js +384 -0
package/bin/runners/lib/doctor/service.js +262 -0
package/bin/runners/lib/doctor/types.js +113 -0
package/bin/runners/lib/doctor/ui.js +263 -0
package/bin/runners/lib/doctor-enhanced.js +233 -0
package/bin/runners/lib/doctor-output.js +226 -0
package/bin/runners/lib/doctor-v2.js +608 -0
package/bin/runners/lib/drift.js +425 -0
package/bin/runners/lib/enforcement.js +72 -0
package/bin/runners/lib/engine/ast-cache.js +210 -0
package/bin/runners/lib/engine/auth-extractor.js +211 -0
package/bin/runners/lib/engine/billing-extractor.js +112 -0
package/bin/runners/lib/engine/enforcement-extractor.js +100 -0
package/bin/runners/lib/engine/env-extractor.js +207 -0
package/bin/runners/lib/engine/express-extractor.js +208 -0
package/bin/runners/lib/engine/extractors.js +849 -0
package/bin/runners/lib/engine/index.js +207 -0
package/bin/runners/lib/engine/repo-index.js +514 -0
package/bin/runners/lib/engine/types.js +124 -0
package/bin/runners/lib/engines/accessibility-engine.js +190 -0
package/bin/runners/lib/engines/api-consistency-engine.js +162 -0
package/bin/runners/lib/engines/ast-cache.js +99 -0
package/bin/runners/lib/engines/attack-detector.js +1192 -0
package/bin/runners/lib/engines/code-quality-engine.js +255 -0
package/bin/runners/lib/engines/console-logs-engine.js +115 -0
package/bin/runners/lib/engines/cross-file-analysis-engine.js +268 -0
package/bin/runners/lib/engines/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/deprecated-api-engine.js +226 -0
package/bin/runners/lib/engines/empty-catch-engine.js +150 -0
package/bin/runners/lib/engines/file-filter.js +131 -0
package/bin/runners/lib/engines/hardcoded-secrets-engine.js +251 -0
package/bin/runners/lib/engines/mock-data-engine.js +272 -0
package/bin/runners/lib/engines/parallel-processor.js +71 -0
package/bin/runners/lib/engines/performance-issues-engine.js +265 -0
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +243 -0
package/bin/runners/lib/engines/todo-fixme-engine.js +115 -0
package/bin/runners/lib/engines/type-aware-engine.js +152 -0
package/bin/runners/lib/engines/unsafe-regex-engine.js +225 -0
package/bin/runners/lib/engines/vibecheck-engines/README.md +53 -0
package/bin/runners/lib/engines/vibecheck-engines/index.js +15 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +291 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +83 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +275 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +167 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +139 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +140 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +234 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +78 -0
package/bin/runners/lib/engines/vibecheck-engines/package.json +13 -0
package/bin/runners/lib/enterprise-detect.js +603 -0
package/bin/runners/lib/enterprise-init.js +942 -0
package/bin/runners/lib/entitlements-v2.js +265 -0
package/bin/runners/lib/entitlements.generated.js +0 -0
package/bin/runners/lib/entitlements.js +340 -0
package/bin/runners/lib/env-resolver.js +417 -0
package/bin/runners/lib/env-template.js +66 -0
package/bin/runners/lib/env.js +189 -0
package/bin/runners/lib/error-handler.js +368 -0
package/bin/runners/lib/error-messages.js +289 -0
package/bin/runners/lib/evidence-pack.js +684 -0
package/bin/runners/lib/exit-codes.js +275 -0
package/bin/runners/lib/extractors/client-calls.js +990 -0
package/bin/runners/lib/extractors/fastify-route-dump.js +573 -0
package/bin/runners/lib/extractors/fastify-routes.js +426 -0
package/bin/runners/lib/extractors/index.js +363 -0
package/bin/runners/lib/extractors/next-routes.js +524 -0
package/bin/runners/lib/extractors/proof-graph.js +431 -0
package/bin/runners/lib/extractors/route-matcher.js +451 -0
package/bin/runners/lib/extractors/truthpack-v2.js +377 -0
package/bin/runners/lib/extractors/ui-bindings.js +547 -0
package/bin/runners/lib/finding-id.js +69 -0
package/bin/runners/lib/finding-sorter.js +89 -0
package/bin/runners/lib/findings-schema.js +281 -0
package/bin/runners/lib/fingerprint.js +377 -0
package/bin/runners/lib/firewall-prompt.js +50 -0
package/bin/runners/lib/fix-output.js +228 -0
package/bin/runners/lib/global-flags.js +250 -0
package/bin/runners/lib/graph/graph-builder.js +265 -0
package/bin/runners/lib/graph/html-renderer.js +413 -0
package/bin/runners/lib/graph/index.js +32 -0
package/bin/runners/lib/graph/runtime-collector.js +215 -0
package/bin/runners/lib/graph/static-extractor.js +518 -0
package/bin/runners/lib/help-formatter.js +413 -0
package/bin/runners/lib/html-proof-report.js +913 -0
package/bin/runners/lib/html-report.js +650 -0
package/bin/runners/lib/init-wizard.js +601 -0
package/bin/runners/lib/interactive-menu.js +1496 -0
package/bin/runners/lib/json-output.js +76 -0
package/bin/runners/lib/llm.js +75 -0
package/bin/runners/lib/logger.js +38 -0
package/bin/runners/lib/meter.js +61 -0
package/bin/runners/lib/missions/briefing.js +427 -0
package/bin/runners/lib/missions/checkpoint.js +753 -0
package/bin/runners/lib/missions/evidence.js +126 -0
package/bin/runners/lib/missions/hardening.js +851 -0
package/bin/runners/lib/missions/plan.js +648 -0
package/bin/runners/lib/missions/safety-gates.js +645 -0
package/bin/runners/lib/missions/schema.js +478 -0
package/bin/runners/lib/missions/templates.js +317 -0
package/bin/runners/lib/next-action.js +560 -0
package/bin/runners/lib/packs/bundle.js +675 -0
package/bin/runners/lib/packs/evidence-pack.js +671 -0
package/bin/runners/lib/packs/pack-factory.js +837 -0
package/bin/runners/lib/packs/permissions-pack.js +686 -0
package/bin/runners/lib/packs/proof-graph-pack.js +779 -0
package/bin/runners/lib/patch.js +40 -0
package/bin/runners/lib/permissions/auth-model.js +213 -0
package/bin/runners/lib/permissions/idor-prover.js +205 -0
package/bin/runners/lib/permissions/index.js +45 -0
package/bin/runners/lib/permissions/matrix-builder.js +198 -0
package/bin/runners/lib/pkgjson.js +28 -0
package/bin/runners/lib/policy.js +295 -0
package/bin/runners/lib/polish/accessibility.js +62 -0
package/bin/runners/lib/polish/analyzer.js +93 -0
package/bin/runners/lib/polish/backend.js +87 -0
package/bin/runners/lib/polish/configuration.js +83 -0
package/bin/runners/lib/polish/documentation.js +83 -0
package/bin/runners/lib/polish/frontend.js +817 -0
package/bin/runners/lib/polish/index.js +27 -0
package/bin/runners/lib/polish/infrastructure.js +80 -0
package/bin/runners/lib/polish/internationalization.js +85 -0
package/bin/runners/lib/polish/libraries.js +180 -0
package/bin/runners/lib/polish/observability.js +75 -0
package/bin/runners/lib/polish/performance.js +64 -0
package/bin/runners/lib/polish/privacy.js +110 -0
package/bin/runners/lib/polish/resilience.js +92 -0
package/bin/runners/lib/polish/security.js +78 -0
package/bin/runners/lib/polish/seo.js +71 -0
package/bin/runners/lib/polish/styles.js +62 -0
package/bin/runners/lib/polish/utils.js +104 -0
package/bin/runners/lib/preflight.js +142 -0
package/bin/runners/lib/prerequisites.js +149 -0
package/bin/runners/lib/prove-output.js +220 -0
package/bin/runners/lib/reality/correlation-detectors.js +359 -0
package/bin/runners/lib/reality/index.js +318 -0
package/bin/runners/lib/reality/request-hashing.js +416 -0
package/bin/runners/lib/reality/request-mapper.js +453 -0
package/bin/runners/lib/reality/safety-rails.js +463 -0
package/bin/runners/lib/reality/semantic-snapshot.js +408 -0
package/bin/runners/lib/reality/toast-detector.js +393 -0
package/bin/runners/lib/reality-findings.js +84 -0
package/bin/runners/lib/reality-output.js +231 -0
package/bin/runners/lib/receipts.js +179 -0
package/bin/runners/lib/redact.js +29 -0
package/bin/runners/lib/replay/capsule-manager.js +154 -0
package/bin/runners/lib/replay/index.js +263 -0
package/bin/runners/lib/replay/player.js +348 -0
package/bin/runners/lib/replay/recorder.js +331 -0
package/bin/runners/lib/report-engine.js +626 -0
package/bin/runners/lib/report-html.js +1233 -0
package/bin/runners/lib/report-output.js +366 -0
package/bin/runners/lib/report-templates.js +967 -0
package/bin/runners/lib/report.js +135 -0
package/bin/runners/lib/route-detection.js +1209 -0
package/bin/runners/lib/route-truth.js +1322 -0
package/bin/runners/lib/safelist/index.js +96 -0
package/bin/runners/lib/safelist/integration.js +334 -0
package/bin/runners/lib/safelist/matcher.js +696 -0
package/bin/runners/lib/safelist/schema.js +948 -0
package/bin/runners/lib/safelist/store.js +438 -0
package/bin/runners/lib/sandbox/index.js +59 -0
package/bin/runners/lib/sandbox/proof-chain.js +399 -0
package/bin/runners/lib/sandbox/sandbox-runner.js +205 -0
package/bin/runners/lib/sandbox/worktree.js +174 -0
package/bin/runners/lib/scan-cache.js +330 -0
package/bin/runners/lib/scan-output-schema.js +344 -0
package/bin/runners/lib/scan-output.js +631 -0
package/bin/runners/lib/scan-runner.js +135 -0
package/bin/runners/lib/schema-validator.js +350 -0
package/bin/runners/lib/schemas/ajv-validator.js +464 -0
package/bin/runners/lib/schemas/contracts.schema.json +160 -0
package/bin/runners/lib/schemas/error-envelope.schema.json +105 -0
package/bin/runners/lib/schemas/finding-v3.schema.json +151 -0
package/bin/runners/lib/schemas/finding.schema.json +100 -0
package/bin/runners/lib/schemas/mission-pack.schema.json +206 -0
package/bin/runners/lib/schemas/proof-graph.schema.json +176 -0
package/bin/runners/lib/schemas/reality-report.schema.json +162 -0
package/bin/runners/lib/schemas/report-artifact.schema.json +120 -0
package/bin/runners/lib/schemas/run-request.schema.json +108 -0
package/bin/runners/lib/schemas/share-pack.schema.json +180 -0
package/bin/runners/lib/schemas/ship-manifest.schema.json +251 -0
package/bin/runners/lib/schemas/ship-report.schema.json +117 -0
package/bin/runners/lib/schemas/truthpack-v2.schema.json +303 -0
package/bin/runners/lib/schemas/validator.js +465 -0
package/bin/runners/lib/schemas/verdict.schema.json +140 -0
package/bin/runners/lib/score-history.js +282 -0
package/bin/runners/lib/security-bridge.js +249 -0
package/bin/runners/lib/server-usage.js +513 -0
package/bin/runners/lib/share-pack.js +239 -0
package/bin/runners/lib/ship-gate.js +832 -0
package/bin/runners/lib/ship-manifest.js +1153 -0
package/bin/runners/lib/ship-output-enterprise.js +239 -0
package/bin/runners/lib/ship-output.js +1128 -0
package/bin/runners/lib/snippets.js +67 -0
package/bin/runners/lib/status-output.js +340 -0
package/bin/runners/lib/terminal-ui.js +356 -0
package/bin/runners/lib/truth.js +1691 -0
package/bin/runners/lib/ui.js +562 -0
package/bin/runners/lib/unified-cli-output.js +947 -0
package/bin/runners/lib/unified-output.js +197 -0
package/bin/runners/lib/upsell.js +410 -0
package/bin/runners/lib/usage.js +153 -0
package/bin/runners/lib/validate-patch.js +156 -0
package/bin/runners/lib/verdict-engine.js +628 -0
package/bin/runners/lib/verification.js +345 -0
package/bin/runners/lib/why-tree.js +650 -0
package/bin/runners/reality/engine.js +917 -0
package/bin/runners/reality/flows.js +122 -0
package/bin/runners/reality/report.js +378 -0
package/bin/runners/reality/session.js +193 -0
package/bin/runners/runAIAgent.js +229 -0
package/bin/runners/runAgent.d.ts +5 -0
package/bin/runners/runAgent.js +161 -0
package/bin/runners/runAllowlist.js +418 -0
package/bin/runners/runApprove.js +320 -0
package/bin/runners/runAudit.js +692 -0
package/bin/runners/runAuth.js +731 -0
package/bin/runners/runCI.js +353 -0
package/bin/runners/runCheckpoint.js +530 -0
package/bin/runners/runClassify.js +928 -0
package/bin/runners/runCleanup.js +343 -0
package/bin/runners/runContext.d.ts +4 -0
package/bin/runners/runContext.js +175 -0
package/bin/runners/runDoctor.js +877 -0
package/bin/runners/runEvidencePack.js +362 -0
package/bin/runners/runFirewall.d.ts +5 -0
package/bin/runners/runFirewall.js +134 -0
package/bin/runners/runFirewallHook.d.ts +5 -0
package/bin/runners/runFirewallHook.js +56 -0
package/bin/runners/runFix.js +1355 -0
package/bin/runners/runForge.js +451 -0
package/bin/runners/runGuard.js +262 -0
package/bin/runners/runInit.js +1927 -0
package/bin/runners/runIntent.js +906 -0
package/bin/runners/runKickoff.js +878 -0
package/bin/runners/runLabs.js +424 -0
package/bin/runners/runLaunch.js +2000 -0
package/bin/runners/runLink.js +785 -0
package/bin/runners/runMcp.js +1875 -0
package/bin/runners/runPacks.js +2089 -0
package/bin/runners/runPolish.d.ts +4 -0
package/bin/runners/runPolish.js +390 -0
package/bin/runners/runPromptFirewall.js +211 -0
package/bin/runners/runProve.js +1411 -0
package/bin/runners/runQuickstart.js +531 -0
package/bin/runners/runReality.js +2260 -0
package/bin/runners/runReport.js +726 -0
package/bin/runners/runRuntime.js +110 -0
package/bin/runners/runSafelist.js +1190 -0
package/bin/runners/runScan.js +688 -0
package/bin/runners/runShield.js +1282 -0
package/bin/runners/runShip.js +1660 -0
package/bin/runners/runTruth.d.ts +5 -0
package/bin/runners/runTruth.js +101 -0
package/bin/runners/runValidate.js +179 -0
package/bin/runners/runWatch.js +478 -0
package/bin/runners/utils.js +360 -0
package/bin/scan.js +617 -0
package/bin/vibecheck.js +1617 -0
package/dist/guardrail/index.d.ts +2405 -0
package/dist/guardrail/index.js +9747 -0
package/dist/guardrail/index.js.map +1 -0
package/dist/scanner/index.d.ts +282 -0
package/dist/scanner/index.js +3395 -0
package/dist/scanner/index.js.map +1 -0
package/package.json +123 -104
package/README.md +0 -491
package/dist/index.js +0 -99711
package/dist/index.js.map +0 -1

package/bin/runners/lib/contracts/auth-contract.js ADDED Viewed

@@ -0,0 +1,202 @@
+/**
+ * Auth Contract Builder
+ * Builds auth.json contract from truthpack
+ */
+"use strict";
+/**
+ * Build auth contract from truthpack
+ */
+function buildAuthContract(truthpack) {
+  const contract = {
+    version: "1.0.0",
+    generatedAt: new Date().toISOString(),
+    protectedPatterns: [],
+    publicPatterns: [],
+    roles: [],
+    evidence: []
+  };
+  // Extract protected patterns from Next middleware
+  const nextMiddleware = truthpack?.auth?.nextMiddleware || [];
+  const matcherPatterns = truthpack?.auth?.nextMatcherPatterns || [];
+  contract.protectedPatterns = [...new Set(matcherPatterns)];
+  // Add evidence from middleware files
+  for (const mw of nextMiddleware) {
+    contract.evidence.push({
+      file: mw.file,
+      type: "next_middleware",
+      signals: mw.signalTypes || []
+    });
+  }
+  // Extract Fastify auth info
+  const fastify = truthpack?.auth?.fastify || {};
+  if (fastify.hooks?.length) {
+    for (const hook of fastify.hooks) {
+      contract.evidence.push({
+        file: hook.file,
+        type: "fastify_hook",
+        hookType: hook.hookType,
+        line: hook.line
+      });
+    }
+  }
+  // Infer roles from truthpack
+  contract.roles = inferRoles(truthpack);
+  // Default public patterns
+  contract.publicPatterns = [
+    "/api/health",
+    "/api/status",
+    "/api/public/*",
+    "/_next/*",
+    "/favicon.ico"
+  ];
+  // Deterministic output: sort all arrays
+  contract.protectedPatterns.sort();
+  contract.publicPatterns.sort();
+  contract.roles.sort((a, b) => a.name.localeCompare(b.name));
+  for (const role of contract.roles) {
+    if (role.routes) role.routes.sort();
+  }
+  return contract;
+}
+/**
+ * Infer roles from truthpack
+ */
+function inferRoles(truthpack) {
+  const roles = [];
+  const routes = truthpack?.routes?.server || [];
+  // Check for admin routes
+  const adminRoutes = routes.filter(r => r.path.includes("/admin"));
+  if (adminRoutes.length > 0) {
+    roles.push({
+      name: "admin",
+      routes: adminRoutes.map(r => r.path),
+      evidence: adminRoutes.flatMap(r => r.evidence || [])
+    });
+  }
+  // Check for user routes (default authenticated)
+  const userRoutes = routes.filter(r =>
+    !r.path.includes("/admin") &&
+    !r.path.includes("/public") &&
+    !r.path.includes("/health")
+  );
+  if (userRoutes.length > 0) {
+    roles.push({
+      name: "user",
+      routes: userRoutes.map(r => r.path),
+      evidence: []
+    });
+  }
+  return roles;
+}
+/**
+ * Validate auth coverage
+ */
+function validateAuthContract(contract, routes, realityResults) {
+  const violations = [];
+  // Check that all non-public routes are protected
+  for (const route of routes) {
+    const isPublic = contract.publicPatterns.some(p => matchesPattern(route.path, p));
+    const isProtected = contract.protectedPatterns.some(p => matchesPattern(route.path, p));
+    if (!isPublic && !isProtected) {
+      // Check if route looks sensitive
+      if (looksLikeSensitiveRoute(route.path)) {
+        violations.push({
+          type: "unprotected_sensitive",
+          severity: "WARN",
+          route: route.path,
+          message: `Sensitive route ${route.path} not covered by auth patterns`,
+          evidence: route.evidence || []
+        });
+      }
+    }
+  }
+  // Check reality results for auth bypass
+  if (realityResults) {
+    for (const result of realityResults) {
+      if (result.type === "AuthCoverage" && result.severity === "BLOCK") {
+        violations.push({
+          type: "auth_bypass",
+          severity: "BLOCK",
+          route: result.page,
+          message: result.title,
+          evidence: []
+        });
+      }
+    }
+  }
+  return violations;
+}
+function matchesPattern(path, pattern) {
+  const normPattern = pattern.replace(/\*/g, ".*").replace(/\//g, "\\/");
+  try {
+    const rx = new RegExp(`^${normPattern}`, "i");
+    return rx.test(path);
+  } catch {
+    return false;
+  }
+}
+function looksLikeSensitiveRoute(path) {
+  const sensitivePatterns = [
+    /\/api\/users/i,
+    /\/api\/billing/i,
+    /\/api\/payment/i,
+    /\/api\/subscription/i,
+    /\/api\/settings/i,
+    /\/api\/profile/i,
+    /\/api\/account/i,
+    /\/api\/admin/i,
+    /\/api\/webhook/i,
+  ];
+  return sensitivePatterns.some(p => p.test(path));
+}
+/**
+ * Diff two auth contracts
+ */
+function diffAuthContracts(before, after) {
+  const diff = {
+    protectedAdded: [],
+    protectedRemoved: [],
+    rolesChanged: []
+  };
+  const beforeProtected = new Set(before.protectedPatterns);
+  const afterProtected = new Set(after.protectedPatterns);
+  for (const p of afterProtected) {
+    if (!beforeProtected.has(p)) diff.protectedAdded.push(p);
+  }
+  for (const p of beforeProtected) {
+    if (!afterProtected.has(p)) diff.protectedRemoved.push(p);
+  }
+  return diff;
+}
+module.exports = {
+  buildAuthContract,
+  validateAuthContract,
+  diffAuthContracts
+};

package/bin/runners/lib/contracts/env-contract.js ADDED Viewed

@@ -0,0 +1,181 @@
+/**
+ * Env Contract Builder
+ * Builds env.json contract from truthpack
+ */
+"use strict";
+/**
+ * Build env contract from truthpack
+ */
+function buildEnvContract(truthpack) {
+  const contract = {
+    version: "1.0.0",
+    generatedAt: new Date().toISOString(),
+    vars: []
+  };
+  const envVars = truthpack?.env?.vars || [];
+  const declared = new Set(truthpack?.env?.declared || []);
+  const declaredSources = truthpack?.env?.declaredSources || [];
+  for (const v of envVars) {
+    const varSpec = {
+      name: v.name,
+      required: inferRequired(v, declared),
+      usedIn: (v.references || []).map(r => r.file).filter(Boolean),
+      declaredIn: declaredSources.filter(s => isDeclaredInSource(v.name, s)),
+      description: inferDescription(v.name),
+      evidence: v.references || []
+    };
+    contract.vars.push(varSpec);
+  }
+  // Add declared vars that aren't used (might be optional)
+  for (const name of declared) {
+    if (!envVars.find(v => v.name === name)) {
+      contract.vars.push({
+        name,
+        required: false,
+        usedIn: [],
+        declaredIn: declaredSources,
+        description: inferDescription(name),
+        evidence: []
+      });
+    }
+  }
+  // Deterministic output: sort vars by name
+  contract.vars.sort((a, b) => a.name.localeCompare(b.name));
+  return contract;
+}
+/**
+ * Infer if env var is required
+ */
+function inferRequired(envVar, declared) {
+  const name = envVar.name;
+  // Common required patterns
+  const requiredPatterns = [
+    /^DATABASE_URL$/i,
+    /^NEXTAUTH_SECRET$/i,
+    /^NEXTAUTH_URL$/i,
+    /^JWT_SECRET$/i,
+    /^API_KEY$/i,
+    /^STRIPE_SECRET_KEY$/i,
+    /^STRIPE_WEBHOOK_SECRET$/i,
+    /^AUTH0_/i,
+    /^CLERK_/i,
+  ];
+  for (const pattern of requiredPatterns) {
+    if (pattern.test(name)) return true;
+  }
+  // If used but not declared, likely required
+  if (!declared.has(name) && envVar.references?.length > 0) {
+    return true;
+  }
+  return false;
+}
+function isDeclaredInSource(name, source) {
+  // Simple heuristic - would need to parse files for accurate check
+  return true;
+}
+function inferDescription(name) {
+  const descriptions = {
+    DATABASE_URL: "Database connection string",
+    NEXTAUTH_SECRET: "NextAuth.js encryption secret",
+    NEXTAUTH_URL: "NextAuth.js base URL",
+    JWT_SECRET: "JWT signing secret",
+    STRIPE_SECRET_KEY: "Stripe API secret key",
+    STRIPE_PUBLISHABLE_KEY: "Stripe publishable key",
+    STRIPE_WEBHOOK_SECRET: "Stripe webhook signing secret",
+    NODE_ENV: "Node environment (development/production)",
+    PORT: "Server port",
+    HOST: "Server host",
+  };
+  return descriptions[name] || undefined;
+}
+/**
+ * Validate code against env contract
+ */
+function validateAgainstEnvContract(contract, usedVars) {
+  const violations = [];
+  const contractVars = new Map(contract.vars.map(v => [v.name, v]));
+  for (const used of usedVars) {
+    if (!contractVars.has(used.name)) {
+      violations.push({
+        type: "undeclared_env",
+        severity: "WARN",
+        name: used.name,
+        usedIn: used.references?.map(r => r.file) || [],
+        message: `Env var ${used.name} used but not declared in contract`,
+        evidence: used.references || []
+      });
+    }
+  }
+  // Check for required vars that aren't used
+  for (const [name, spec] of contractVars) {
+    if (spec.required && spec.usedIn.length === 0) {
+      violations.push({
+        type: "unused_required",
+        severity: "WARN",
+        name,
+        message: `Required env var ${name} declared but not used`,
+        evidence: []
+      });
+    }
+  }
+  return violations;
+}
+/**
+ * Diff two env contracts
+ */
+function diffEnvContracts(before, after) {
+  const diff = {
+    added: [],
+    removed: [],
+    changed: []
+  };
+  const beforeMap = new Map(before.vars.map(v => [v.name, v]));
+  const afterMap = new Map(after.vars.map(v => [v.name, v]));
+  for (const [name, spec] of afterMap) {
+    if (!beforeMap.has(name)) {
+      diff.added.push(spec);
+    } else {
+      const prev = beforeMap.get(name);
+      if (prev.required !== spec.required) {
+        diff.changed.push({ before: prev, after: spec });
+      }
+    }
+  }
+  for (const [name, spec] of beforeMap) {
+    if (!afterMap.has(name)) {
+      diff.removed.push(spec);
+    }
+  }
+  return diff;
+}
+module.exports = {
+  buildEnvContract,
+  validateAgainstEnvContract,
+  diffEnvContracts
+};

package/bin/runners/lib/contracts/external-contract.js ADDED Viewed

@@ -0,0 +1,206 @@
+/**
+ * External Contract Builder
+ * Builds external.json contract from truthpack (Stripe, GitHub, etc.)
+ */
+"use strict";
+/**
+ * Build external services contract from truthpack
+ */
+function buildExternalContract(truthpack) {
+  const contract = {
+    version: "1.0.0",
+    generatedAt: new Date().toISOString(),
+    services: []
+  };
+  // Extract billing/Stripe info
+  const billing = truthpack?.billing || {};
+  if (billing.hasStripe || billing.webhookCandidates?.length) {
+    const stripeService = {
+      name: "stripe",
+      envVars: extractStripeEnvVars(truthpack),
+      usedIn: billing.webhookCandidates?.map(w => w.file) || [],
+      webhooks: billing.webhookCandidates?.map(w => ({
+        path: w.path,
+        verified: w.hasSignatureVerification || false,
+        idempotent: w.hasIdempotency || false
+      })) || [],
+      evidence: billing.webhookCandidates?.flatMap(w => w.evidence || []) || []
+    };
+    contract.services.push(stripeService);
+  }
+  // Detect other external services from env vars
+  const envVars = truthpack?.env?.vars || [];
+  // GitHub
+  const githubVars = envVars.filter(v => /github/i.test(v.name));
+  if (githubVars.length) {
+    contract.services.push({
+      name: "github",
+      envVars: githubVars.map(v => v.name),
+      usedIn: githubVars.flatMap(v => v.references?.map(r => r.file) || []),
+      evidence: githubVars.flatMap(v => v.references || [])
+    });
+  }
+  // SendGrid
+  const sendgridVars = envVars.filter(v => /sendgrid/i.test(v.name));
+  if (sendgridVars.length) {
+    contract.services.push({
+      name: "sendgrid",
+      envVars: sendgridVars.map(v => v.name),
+      usedIn: sendgridVars.flatMap(v => v.references?.map(r => r.file) || []),
+      evidence: sendgridVars.flatMap(v => v.references || [])
+    });
+  }
+  // Twilio
+  const twilioVars = envVars.filter(v => /twilio/i.test(v.name));
+  if (twilioVars.length) {
+    contract.services.push({
+      name: "twilio",
+      envVars: twilioVars.map(v => v.name),
+      usedIn: twilioVars.flatMap(v => v.references?.map(r => r.file) || []),
+      evidence: twilioVars.flatMap(v => v.references || [])
+    });
+  }
+  // AWS
+  const awsVars = envVars.filter(v => /^aws/i.test(v.name));
+  if (awsVars.length) {
+    contract.services.push({
+      name: "aws",
+      envVars: awsVars.map(v => v.name),
+      usedIn: awsVars.flatMap(v => v.references?.map(r => r.file) || []),
+      evidence: awsVars.flatMap(v => v.references || [])
+    });
+  }
+  // Supabase
+  const supabaseVars = envVars.filter(v => /supabase/i.test(v.name));
+  if (supabaseVars.length) {
+    contract.services.push({
+      name: "supabase",
+      envVars: supabaseVars.map(v => v.name).sort(),
+      usedIn: [...new Set(supabaseVars.flatMap(v => v.references?.map(r => r.file) || []))].sort(),
+      evidence: supabaseVars.flatMap(v => v.references || [])
+    });
+  }
+  // Deterministic output: sort services by name, and their internal arrays
+  contract.services.sort((a, b) => a.name.localeCompare(b.name));
+  for (const svc of contract.services) {
+    if (svc.envVars) svc.envVars.sort();
+    if (svc.usedIn) svc.usedIn = [...new Set(svc.usedIn)].sort();
+    if (svc.webhooks) svc.webhooks.sort((a, b) => a.path.localeCompare(b.path));
+  }
+  return contract;
+}
+function extractStripeEnvVars(truthpack) {
+  const envVars = truthpack?.env?.vars || [];
+  return envVars
+    .filter(v => /stripe/i.test(v.name))
+    .map(v => v.name);
+}
+/**
+ * Validate external services contract
+ */
+function validateExternalContract(contract) {
+  const violations = [];
+  for (const service of contract.services) {
+    // Check Stripe webhook verification
+    if (service.name === "stripe") {
+      for (const webhook of service.webhooks || []) {
+        if (!webhook.verified) {
+          violations.push({
+            type: "unverified_webhook",
+            severity: "BLOCK",
+            service: "stripe",
+            path: webhook.path,
+            message: `Stripe webhook at ${webhook.path} missing signature verification`,
+            evidence: []
+          });
+        }
+        if (!webhook.idempotent) {
+          violations.push({
+            type: "non_idempotent_webhook",
+            severity: "WARN",
+            service: "stripe",
+            path: webhook.path,
+            message: `Stripe webhook at ${webhook.path} may not be idempotent`,
+            evidence: []
+          });
+        }
+      }
+    }
+    // Check for missing required env vars
+    const requiredVars = getRequiredVarsForService(service.name);
+    for (const required of requiredVars) {
+      if (!service.envVars.includes(required)) {
+        violations.push({
+          type: "missing_env",
+          severity: "WARN",
+          service: service.name,
+          envVar: required,
+          message: `Service ${service.name} typically requires ${required}`,
+          evidence: []
+        });
+      }
+    }
+  }
+  return violations;
+}
+function getRequiredVarsForService(name) {
+  const requirements = {
+    stripe: ["STRIPE_SECRET_KEY", "STRIPE_WEBHOOK_SECRET"],
+    github: ["GITHUB_TOKEN"],
+    sendgrid: ["SENDGRID_API_KEY"],
+    twilio: ["TWILIO_ACCOUNT_SID", "TWILIO_AUTH_TOKEN"],
+    supabase: ["SUPABASE_URL", "SUPABASE_ANON_KEY"]
+  };
+  return requirements[name] || [];
+}
+/**
+ * Diff two external contracts
+ */
+function diffExternalContracts(before, after) {
+  const diff = {
+    added: [],
+    removed: [],
+    changed: []
+  };
+  const beforeMap = new Map(before.services.map(s => [s.name, s]));
+  const afterMap = new Map(after.services.map(s => [s.name, s]));
+  for (const [name, service] of afterMap) {
+    if (!beforeMap.has(name)) {
+      diff.added.push(service);
+    }
+  }
+  for (const [name, service] of beforeMap) {
+    if (!afterMap.has(name)) {
+      diff.removed.push(service);
+    }
+  }
+  return diff;
+}
+module.exports = {
+  buildExternalContract,
+  validateExternalContract,
+  diffExternalContracts
+};