npm - vibecheck-ai - Versions diffs - 2.0.2 → 5.0.0 - Mend

vibecheck-ai 2.0.2 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (456) hide show

package/bin/.generated +25 -0
package/bin/_deprecations.js +463 -0
package/bin/_router.js +46 -0
package/bin/cli-hygiene.js +241 -0
package/bin/dev/run-v2-torture.js +30 -0
package/bin/registry.js +656 -0
package/bin/runners/CLI_REFACTOR_SUMMARY.md +229 -0
package/bin/runners/ENHANCEMENT_GUIDE.md +121 -0
package/bin/runners/REPORT_AUDIT.md +64 -0
package/bin/runners/cli-utils.js +1070 -0
package/bin/runners/context/ai-task-decomposer.js +337 -0
package/bin/runners/context/analyzer.js +513 -0
package/bin/runners/context/api-contracts.js +427 -0
package/bin/runners/context/context-diff.js +342 -0
package/bin/runners/context/context-pruner.js +291 -0
package/bin/runners/context/dependency-graph.js +414 -0
package/bin/runners/context/generators/claude.js +107 -0
package/bin/runners/context/generators/codex.js +108 -0
package/bin/runners/context/generators/copilot.js +119 -0
package/bin/runners/context/generators/cursor-enhanced.js +2525 -0
package/bin/runners/context/generators/cursor.js +514 -0
package/bin/runners/context/generators/mcp.js +169 -0
package/bin/runners/context/generators/windsurf.js +180 -0
package/bin/runners/context/git-context.js +304 -0
package/bin/runners/context/index.js +1110 -0
package/bin/runners/context/insights.js +173 -0
package/bin/runners/context/mcp-server/generate-rules.js +337 -0
package/bin/runners/context/mcp-server/index.js +1176 -0
package/bin/runners/context/mcp-server/package.json +24 -0
package/bin/runners/context/memory.js +200 -0
package/bin/runners/context/monorepo.js +215 -0
package/bin/runners/context/multi-repo-federation.js +404 -0
package/bin/runners/context/patterns.js +253 -0
package/bin/runners/context/proof-context.js +1264 -0
package/bin/runners/context/security-scanner.js +541 -0
package/bin/runners/context/semantic-search.js +350 -0
package/bin/runners/context/shared.js +264 -0
package/bin/runners/context/team-conventions.js +336 -0
package/bin/runners/lib/__tests__/entitlements-v2.test.js +295 -0
package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +474 -0
package/bin/runners/lib/agent-firewall/change-packet/builder.js +488 -0
package/bin/runners/lib/agent-firewall/change-packet/schema.json +228 -0
package/bin/runners/lib/agent-firewall/change-packet/store.js +200 -0
package/bin/runners/lib/agent-firewall/claims/claim-types.js +21 -0
package/bin/runners/lib/agent-firewall/claims/extractor.js +303 -0
package/bin/runners/lib/agent-firewall/claims/patterns.js +24 -0
package/bin/runners/lib/agent-firewall/critic/index.js +151 -0
package/bin/runners/lib/agent-firewall/critic/judge.js +432 -0
package/bin/runners/lib/agent-firewall/critic/prompts.js +305 -0
package/bin/runners/lib/agent-firewall/enforcement/gateway.js +1059 -0
package/bin/runners/lib/agent-firewall/enforcement/index.js +98 -0
package/bin/runners/lib/agent-firewall/enforcement/mode.js +318 -0
package/bin/runners/lib/agent-firewall/enforcement/orchestrator.js +484 -0
package/bin/runners/lib/agent-firewall/enforcement/proof-artifact.js +418 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/change-event.schema.json +173 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/intent.schema.json +181 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/verdict.schema.json +222 -0
package/bin/runners/lib/agent-firewall/enforcement/verdict-v2.js +333 -0
package/bin/runners/lib/agent-firewall/evidence/auth-evidence.js +88 -0
package/bin/runners/lib/agent-firewall/evidence/contract-evidence.js +75 -0
package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +127 -0
package/bin/runners/lib/agent-firewall/evidence/resolver.js +102 -0
package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +213 -0
package/bin/runners/lib/agent-firewall/evidence/side-effect-evidence.js +145 -0
package/bin/runners/lib/agent-firewall/fs-hook/daemon.js +19 -0
package/bin/runners/lib/agent-firewall/fs-hook/installer.js +87 -0
package/bin/runners/lib/agent-firewall/fs-hook/watcher.js +184 -0
package/bin/runners/lib/agent-firewall/git-hook/pre-commit.js +163 -0
package/bin/runners/lib/agent-firewall/ide-extension/cursor.js +107 -0
package/bin/runners/lib/agent-firewall/ide-extension/vscode.js +68 -0
package/bin/runners/lib/agent-firewall/ide-extension/windsurf.js +66 -0
package/bin/runners/lib/agent-firewall/index.js +200 -0
package/bin/runners/lib/agent-firewall/integration/index.js +20 -0
package/bin/runners/lib/agent-firewall/integration/ship-gate.js +437 -0
package/bin/runners/lib/agent-firewall/intent/alignment-engine.js +634 -0
package/bin/runners/lib/agent-firewall/intent/auto-detect.js +426 -0
package/bin/runners/lib/agent-firewall/intent/index.js +102 -0
package/bin/runners/lib/agent-firewall/intent/schema.js +352 -0
package/bin/runners/lib/agent-firewall/intent/store.js +283 -0
package/bin/runners/lib/agent-firewall/interception/fs-interceptor.js +502 -0
package/bin/runners/lib/agent-firewall/interception/index.js +23 -0
package/bin/runners/lib/agent-firewall/interceptor/base.js +308 -0
package/bin/runners/lib/agent-firewall/interceptor/cursor.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/vscode.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/windsurf.js +34 -0
package/bin/runners/lib/agent-firewall/lawbook/distributor.js +465 -0
package/bin/runners/lib/agent-firewall/lawbook/evaluator.js +604 -0
package/bin/runners/lib/agent-firewall/lawbook/index.js +304 -0
package/bin/runners/lib/agent-firewall/lawbook/registry.js +514 -0
package/bin/runners/lib/agent-firewall/lawbook/schema.js +420 -0
package/bin/runners/lib/agent-firewall/logger.js +141 -0
package/bin/runners/lib/agent-firewall/policy/default-policy.json +90 -0
package/bin/runners/lib/agent-firewall/policy/engine.js +103 -0
package/bin/runners/lib/agent-firewall/policy/loader.js +451 -0
package/bin/runners/lib/agent-firewall/policy/rules/auth-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/contract-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +79 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js +227 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +191 -0
package/bin/runners/lib/agent-firewall/policy/rules/scope.js +93 -0
package/bin/runners/lib/agent-firewall/policy/rules/unsafe-side-effect.js +57 -0
package/bin/runners/lib/agent-firewall/policy/schema.json +183 -0
package/bin/runners/lib/agent-firewall/policy/verdict.js +54 -0
package/bin/runners/lib/agent-firewall/proposal/extractor.js +394 -0
package/bin/runners/lib/agent-firewall/proposal/index.js +212 -0
package/bin/runners/lib/agent-firewall/proposal/schema.js +251 -0
package/bin/runners/lib/agent-firewall/proposal/validator.js +386 -0
package/bin/runners/lib/agent-firewall/reality/index.js +332 -0
package/bin/runners/lib/agent-firewall/reality/state.js +625 -0
package/bin/runners/lib/agent-firewall/reality/watcher.js +322 -0
package/bin/runners/lib/agent-firewall/risk/index.js +173 -0
package/bin/runners/lib/agent-firewall/risk/scorer.js +328 -0
package/bin/runners/lib/agent-firewall/risk/thresholds.js +322 -0
package/bin/runners/lib/agent-firewall/risk/vectors.js +421 -0
package/bin/runners/lib/agent-firewall/session/collector.js +451 -0
package/bin/runners/lib/agent-firewall/session/index.js +26 -0
package/bin/runners/lib/agent-firewall/simulator/diff-simulator.js +472 -0
package/bin/runners/lib/agent-firewall/simulator/import-resolver.js +346 -0
package/bin/runners/lib/agent-firewall/simulator/index.js +181 -0
package/bin/runners/lib/agent-firewall/simulator/route-validator.js +380 -0
package/bin/runners/lib/agent-firewall/time-machine/incident-correlator.js +661 -0
package/bin/runners/lib/agent-firewall/time-machine/index.js +267 -0
package/bin/runners/lib/agent-firewall/time-machine/replay-engine.js +436 -0
package/bin/runners/lib/agent-firewall/time-machine/state-reconstructor.js +490 -0
package/bin/runners/lib/agent-firewall/time-machine/timeline-builder.js +530 -0
package/bin/runners/lib/agent-firewall/truthpack/index.js +67 -0
package/bin/runners/lib/agent-firewall/truthpack/loader.js +137 -0
package/bin/runners/lib/agent-firewall/unblock/planner.js +337 -0
package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +118 -0
package/bin/runners/lib/ai-bridge.js +416 -0
package/bin/runners/lib/analysis-core.js +309 -0
package/bin/runners/lib/analyzers.js +2500 -0
package/bin/runners/lib/api-client.js +269 -0
package/bin/runners/lib/approve-output.js +235 -0
package/bin/runners/lib/artifact-envelope.js +540 -0
package/bin/runners/lib/assets/vibecheck-logo.png +0 -0
package/bin/runners/lib/audit-bridge.js +391 -0
package/bin/runners/lib/auth-shared.js +977 -0
package/bin/runners/lib/auth-truth.js +193 -0
package/bin/runners/lib/auth.js +215 -0
package/bin/runners/lib/authority-badge.js +425 -0
package/bin/runners/lib/backup.js +62 -0
package/bin/runners/lib/billing.js +107 -0
package/bin/runners/lib/checkpoint.js +941 -0
package/bin/runners/lib/claims.js +118 -0
package/bin/runners/lib/classify-output.js +204 -0
package/bin/runners/lib/cleanup/engine.js +571 -0
package/bin/runners/lib/cleanup/index.js +53 -0
package/bin/runners/lib/cleanup/output.js +375 -0
package/bin/runners/lib/cleanup/rules.js +1060 -0
package/bin/runners/lib/cli-output.js +400 -0
package/bin/runners/lib/cli-ui.js +540 -0
package/bin/runners/lib/compliance-bridge-new.js +0 -0
package/bin/runners/lib/compliance-bridge.js +165 -0
package/bin/runners/lib/contracts/auth-contract.js +202 -0
package/bin/runners/lib/contracts/env-contract.js +181 -0
package/bin/runners/lib/contracts/external-contract.js +206 -0
package/bin/runners/lib/contracts/guard.js +168 -0
package/bin/runners/lib/contracts/index.js +89 -0
package/bin/runners/lib/contracts/plan-validator.js +311 -0
package/bin/runners/lib/contracts/route-contract.js +199 -0
package/bin/runners/lib/contracts.js +804 -0
package/bin/runners/lib/default-config.js +127 -0
package/bin/runners/lib/detect.js +89 -0
package/bin/runners/lib/detectors-v2.js +622 -0
package/bin/runners/lib/doctor/autofix.js +254 -0
package/bin/runners/lib/doctor/diagnosis-receipt.js +454 -0
package/bin/runners/lib/doctor/failure-signatures.js +526 -0
package/bin/runners/lib/doctor/fix-script.js +336 -0
package/bin/runners/lib/doctor/index.js +37 -0
package/bin/runners/lib/doctor/modules/build-tools.js +453 -0
package/bin/runners/lib/doctor/modules/dependencies.js +325 -0
package/bin/runners/lib/doctor/modules/index.js +105 -0
package/bin/runners/lib/doctor/modules/network.js +250 -0
package/bin/runners/lib/doctor/modules/os-quirks.js +706 -0
package/bin/runners/lib/doctor/modules/project.js +312 -0
package/bin/runners/lib/doctor/modules/repo-integrity.js +485 -0
package/bin/runners/lib/doctor/modules/runtime.js +224 -0
package/bin/runners/lib/doctor/modules/security.js +350 -0
package/bin/runners/lib/doctor/modules/system.js +213 -0
package/bin/runners/lib/doctor/modules/vibecheck.js +394 -0
package/bin/runners/lib/doctor/reporter.js +262 -0
package/bin/runners/lib/doctor/safe-repair.js +384 -0
package/bin/runners/lib/doctor/service.js +262 -0
package/bin/runners/lib/doctor/types.js +113 -0
package/bin/runners/lib/doctor/ui.js +263 -0
package/bin/runners/lib/doctor-enhanced.js +233 -0
package/bin/runners/lib/doctor-output.js +226 -0
package/bin/runners/lib/doctor-v2.js +608 -0
package/bin/runners/lib/drift.js +425 -0
package/bin/runners/lib/enforcement.js +72 -0
package/bin/runners/lib/engine/ast-cache.js +210 -0
package/bin/runners/lib/engine/auth-extractor.js +211 -0
package/bin/runners/lib/engine/billing-extractor.js +112 -0
package/bin/runners/lib/engine/enforcement-extractor.js +100 -0
package/bin/runners/lib/engine/env-extractor.js +207 -0
package/bin/runners/lib/engine/express-extractor.js +208 -0
package/bin/runners/lib/engine/extractors.js +849 -0
package/bin/runners/lib/engine/index.js +207 -0
package/bin/runners/lib/engine/repo-index.js +514 -0
package/bin/runners/lib/engine/types.js +124 -0
package/bin/runners/lib/engines/accessibility-engine.js +190 -0
package/bin/runners/lib/engines/api-consistency-engine.js +162 -0
package/bin/runners/lib/engines/ast-cache.js +99 -0
package/bin/runners/lib/engines/attack-detector.js +1192 -0
package/bin/runners/lib/engines/code-quality-engine.js +255 -0
package/bin/runners/lib/engines/console-logs-engine.js +115 -0
package/bin/runners/lib/engines/cross-file-analysis-engine.js +268 -0
package/bin/runners/lib/engines/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/deprecated-api-engine.js +226 -0
package/bin/runners/lib/engines/empty-catch-engine.js +150 -0
package/bin/runners/lib/engines/file-filter.js +131 -0
package/bin/runners/lib/engines/hardcoded-secrets-engine.js +251 -0
package/bin/runners/lib/engines/mock-data-engine.js +272 -0
package/bin/runners/lib/engines/parallel-processor.js +71 -0
package/bin/runners/lib/engines/performance-issues-engine.js +265 -0
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +243 -0
package/bin/runners/lib/engines/todo-fixme-engine.js +115 -0
package/bin/runners/lib/engines/type-aware-engine.js +152 -0
package/bin/runners/lib/engines/unsafe-regex-engine.js +225 -0
package/bin/runners/lib/engines/vibecheck-engines/README.md +53 -0
package/bin/runners/lib/engines/vibecheck-engines/index.js +15 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +291 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +83 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +275 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +167 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +139 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +140 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +234 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +78 -0
package/bin/runners/lib/engines/vibecheck-engines/package.json +13 -0
package/bin/runners/lib/enterprise-detect.js +603 -0
package/bin/runners/lib/enterprise-init.js +942 -0
package/bin/runners/lib/entitlements-v2.js +265 -0
package/bin/runners/lib/entitlements.generated.js +0 -0
package/bin/runners/lib/entitlements.js +340 -0
package/bin/runners/lib/env-resolver.js +417 -0
package/bin/runners/lib/env-template.js +66 -0
package/bin/runners/lib/env.js +189 -0
package/bin/runners/lib/error-handler.js +368 -0
package/bin/runners/lib/error-messages.js +289 -0
package/bin/runners/lib/evidence-pack.js +684 -0
package/bin/runners/lib/exit-codes.js +275 -0
package/bin/runners/lib/extractors/client-calls.js +990 -0
package/bin/runners/lib/extractors/fastify-route-dump.js +573 -0
package/bin/runners/lib/extractors/fastify-routes.js +426 -0
package/bin/runners/lib/extractors/index.js +363 -0
package/bin/runners/lib/extractors/next-routes.js +524 -0
package/bin/runners/lib/extractors/proof-graph.js +431 -0
package/bin/runners/lib/extractors/route-matcher.js +451 -0
package/bin/runners/lib/extractors/truthpack-v2.js +377 -0
package/bin/runners/lib/extractors/ui-bindings.js +547 -0
package/bin/runners/lib/finding-id.js +69 -0
package/bin/runners/lib/finding-sorter.js +89 -0
package/bin/runners/lib/findings-schema.js +281 -0
package/bin/runners/lib/fingerprint.js +377 -0
package/bin/runners/lib/firewall-prompt.js +50 -0
package/bin/runners/lib/fix-output.js +228 -0
package/bin/runners/lib/global-flags.js +250 -0
package/bin/runners/lib/graph/graph-builder.js +265 -0
package/bin/runners/lib/graph/html-renderer.js +413 -0
package/bin/runners/lib/graph/index.js +32 -0
package/bin/runners/lib/graph/runtime-collector.js +215 -0
package/bin/runners/lib/graph/static-extractor.js +518 -0
package/bin/runners/lib/help-formatter.js +413 -0
package/bin/runners/lib/html-proof-report.js +913 -0
package/bin/runners/lib/html-report.js +650 -0
package/bin/runners/lib/init-wizard.js +601 -0
package/bin/runners/lib/interactive-menu.js +1496 -0
package/bin/runners/lib/json-output.js +76 -0
package/bin/runners/lib/llm.js +75 -0
package/bin/runners/lib/logger.js +38 -0
package/bin/runners/lib/meter.js +61 -0
package/bin/runners/lib/missions/briefing.js +427 -0
package/bin/runners/lib/missions/checkpoint.js +753 -0
package/bin/runners/lib/missions/evidence.js +126 -0
package/bin/runners/lib/missions/hardening.js +851 -0
package/bin/runners/lib/missions/plan.js +648 -0
package/bin/runners/lib/missions/safety-gates.js +645 -0
package/bin/runners/lib/missions/schema.js +478 -0
package/bin/runners/lib/missions/templates.js +317 -0
package/bin/runners/lib/next-action.js +560 -0
package/bin/runners/lib/packs/bundle.js +675 -0
package/bin/runners/lib/packs/evidence-pack.js +671 -0
package/bin/runners/lib/packs/pack-factory.js +837 -0
package/bin/runners/lib/packs/permissions-pack.js +686 -0
package/bin/runners/lib/packs/proof-graph-pack.js +779 -0
package/bin/runners/lib/patch.js +40 -0
package/bin/runners/lib/permissions/auth-model.js +213 -0
package/bin/runners/lib/permissions/idor-prover.js +205 -0
package/bin/runners/lib/permissions/index.js +45 -0
package/bin/runners/lib/permissions/matrix-builder.js +198 -0
package/bin/runners/lib/pkgjson.js +28 -0
package/bin/runners/lib/policy.js +295 -0
package/bin/runners/lib/polish/accessibility.js +62 -0
package/bin/runners/lib/polish/analyzer.js +93 -0
package/bin/runners/lib/polish/backend.js +87 -0
package/bin/runners/lib/polish/configuration.js +83 -0
package/bin/runners/lib/polish/documentation.js +83 -0
package/bin/runners/lib/polish/frontend.js +817 -0
package/bin/runners/lib/polish/index.js +27 -0
package/bin/runners/lib/polish/infrastructure.js +80 -0
package/bin/runners/lib/polish/internationalization.js +85 -0
package/bin/runners/lib/polish/libraries.js +180 -0
package/bin/runners/lib/polish/observability.js +75 -0
package/bin/runners/lib/polish/performance.js +64 -0
package/bin/runners/lib/polish/privacy.js +110 -0
package/bin/runners/lib/polish/resilience.js +92 -0
package/bin/runners/lib/polish/security.js +78 -0
package/bin/runners/lib/polish/seo.js +71 -0
package/bin/runners/lib/polish/styles.js +62 -0
package/bin/runners/lib/polish/utils.js +104 -0
package/bin/runners/lib/preflight.js +142 -0
package/bin/runners/lib/prerequisites.js +149 -0
package/bin/runners/lib/prove-output.js +220 -0
package/bin/runners/lib/reality/correlation-detectors.js +359 -0
package/bin/runners/lib/reality/index.js +318 -0
package/bin/runners/lib/reality/request-hashing.js +416 -0
package/bin/runners/lib/reality/request-mapper.js +453 -0
package/bin/runners/lib/reality/safety-rails.js +463 -0
package/bin/runners/lib/reality/semantic-snapshot.js +408 -0
package/bin/runners/lib/reality/toast-detector.js +393 -0
package/bin/runners/lib/reality-findings.js +84 -0
package/bin/runners/lib/reality-output.js +231 -0
package/bin/runners/lib/receipts.js +179 -0
package/bin/runners/lib/redact.js +29 -0
package/bin/runners/lib/replay/capsule-manager.js +154 -0
package/bin/runners/lib/replay/index.js +263 -0
package/bin/runners/lib/replay/player.js +348 -0
package/bin/runners/lib/replay/recorder.js +331 -0
package/bin/runners/lib/report-engine.js +626 -0
package/bin/runners/lib/report-html.js +1233 -0
package/bin/runners/lib/report-output.js +366 -0
package/bin/runners/lib/report-templates.js +967 -0
package/bin/runners/lib/report.js +135 -0
package/bin/runners/lib/route-detection.js +1209 -0
package/bin/runners/lib/route-truth.js +1322 -0
package/bin/runners/lib/safelist/index.js +96 -0
package/bin/runners/lib/safelist/integration.js +334 -0
package/bin/runners/lib/safelist/matcher.js +696 -0
package/bin/runners/lib/safelist/schema.js +948 -0
package/bin/runners/lib/safelist/store.js +438 -0
package/bin/runners/lib/sandbox/index.js +59 -0
package/bin/runners/lib/sandbox/proof-chain.js +399 -0
package/bin/runners/lib/sandbox/sandbox-runner.js +205 -0
package/bin/runners/lib/sandbox/worktree.js +174 -0
package/bin/runners/lib/scan-cache.js +330 -0
package/bin/runners/lib/scan-output-schema.js +344 -0
package/bin/runners/lib/scan-output.js +631 -0
package/bin/runners/lib/scan-runner.js +135 -0
package/bin/runners/lib/schema-validator.js +350 -0
package/bin/runners/lib/schemas/ajv-validator.js +464 -0
package/bin/runners/lib/schemas/contracts.schema.json +160 -0
package/bin/runners/lib/schemas/error-envelope.schema.json +105 -0
package/bin/runners/lib/schemas/finding-v3.schema.json +151 -0
package/bin/runners/lib/schemas/finding.schema.json +100 -0
package/bin/runners/lib/schemas/mission-pack.schema.json +206 -0
package/bin/runners/lib/schemas/proof-graph.schema.json +176 -0
package/bin/runners/lib/schemas/reality-report.schema.json +162 -0
package/bin/runners/lib/schemas/report-artifact.schema.json +120 -0
package/bin/runners/lib/schemas/run-request.schema.json +108 -0
package/bin/runners/lib/schemas/share-pack.schema.json +180 -0
package/bin/runners/lib/schemas/ship-manifest.schema.json +251 -0
package/bin/runners/lib/schemas/ship-report.schema.json +117 -0
package/bin/runners/lib/schemas/truthpack-v2.schema.json +303 -0
package/bin/runners/lib/schemas/validator.js +465 -0
package/bin/runners/lib/schemas/verdict.schema.json +140 -0
package/bin/runners/lib/score-history.js +282 -0
package/bin/runners/lib/security-bridge.js +249 -0
package/bin/runners/lib/server-usage.js +513 -0
package/bin/runners/lib/share-pack.js +239 -0
package/bin/runners/lib/ship-gate.js +832 -0
package/bin/runners/lib/ship-manifest.js +1153 -0
package/bin/runners/lib/ship-output-enterprise.js +239 -0
package/bin/runners/lib/ship-output.js +1128 -0
package/bin/runners/lib/snippets.js +67 -0
package/bin/runners/lib/status-output.js +340 -0
package/bin/runners/lib/terminal-ui.js +356 -0
package/bin/runners/lib/truth.js +1691 -0
package/bin/runners/lib/ui.js +562 -0
package/bin/runners/lib/unified-cli-output.js +947 -0
package/bin/runners/lib/unified-output.js +197 -0
package/bin/runners/lib/upsell.js +410 -0
package/bin/runners/lib/usage.js +153 -0
package/bin/runners/lib/validate-patch.js +156 -0
package/bin/runners/lib/verdict-engine.js +628 -0
package/bin/runners/lib/verification.js +345 -0
package/bin/runners/lib/why-tree.js +650 -0
package/bin/runners/reality/engine.js +917 -0
package/bin/runners/reality/flows.js +122 -0
package/bin/runners/reality/report.js +378 -0
package/bin/runners/reality/session.js +193 -0
package/bin/runners/runAIAgent.js +229 -0
package/bin/runners/runAgent.d.ts +5 -0
package/bin/runners/runAgent.js +161 -0
package/bin/runners/runAllowlist.js +418 -0
package/bin/runners/runApprove.js +320 -0
package/bin/runners/runAudit.js +692 -0
package/bin/runners/runAuth.js +731 -0
package/bin/runners/runCI.js +353 -0
package/bin/runners/runCheckpoint.js +530 -0
package/bin/runners/runClassify.js +928 -0
package/bin/runners/runCleanup.js +343 -0
package/bin/runners/runContext.d.ts +4 -0
package/bin/runners/runContext.js +175 -0
package/bin/runners/runDoctor.js +877 -0
package/bin/runners/runEvidencePack.js +362 -0
package/bin/runners/runFirewall.d.ts +5 -0
package/bin/runners/runFirewall.js +134 -0
package/bin/runners/runFirewallHook.d.ts +5 -0
package/bin/runners/runFirewallHook.js +56 -0
package/bin/runners/runFix.js +1355 -0
package/bin/runners/runForge.js +451 -0
package/bin/runners/runGuard.js +262 -0
package/bin/runners/runInit.js +1927 -0
package/bin/runners/runIntent.js +906 -0
package/bin/runners/runKickoff.js +878 -0
package/bin/runners/runLabs.js +424 -0
package/bin/runners/runLaunch.js +2000 -0
package/bin/runners/runLink.js +785 -0
package/bin/runners/runMcp.js +1875 -0
package/bin/runners/runPacks.js +2089 -0
package/bin/runners/runPolish.d.ts +4 -0
package/bin/runners/runPolish.js +390 -0
package/bin/runners/runPromptFirewall.js +211 -0
package/bin/runners/runProve.js +1411 -0
package/bin/runners/runQuickstart.js +531 -0
package/bin/runners/runReality.js +2260 -0
package/bin/runners/runReport.js +726 -0
package/bin/runners/runRuntime.js +110 -0
package/bin/runners/runSafelist.js +1190 -0
package/bin/runners/runScan.js +688 -0
package/bin/runners/runShield.js +1282 -0
package/bin/runners/runShip.js +1660 -0
package/bin/runners/runTruth.d.ts +5 -0
package/bin/runners/runTruth.js +101 -0
package/bin/runners/runValidate.js +179 -0
package/bin/runners/runWatch.js +478 -0
package/bin/runners/utils.js +360 -0
package/bin/scan.js +617 -0
package/bin/vibecheck.js +1617 -0
package/dist/guardrail/index.d.ts +2405 -0
package/dist/guardrail/index.js +9747 -0
package/dist/guardrail/index.js.map +1 -0
package/dist/scanner/index.d.ts +282 -0
package/dist/scanner/index.js +3395 -0
package/dist/scanner/index.js.map +1 -0
package/package.json +123 -104
package/README.md +0 -491
package/dist/index.js +0 -99711
package/dist/index.js.map +0 -1

package/bin/runners/lib/report-templates.js ADDED Viewed

@@ -0,0 +1,967 @@
+/**
+ * Report Templates - Executive & Compliance Reports
+ *
+ * Purpose-built reports for different audiences:
+ * - Executive: C-suite friendly, minimal technical detail
+ * - Compliance: SOC2/HIPAA/PCI-DSS ready language
+ */
+/**
+ * Generate Executive Report (C-Suite / Stakeholders)
+ *
+ * Features:
+ * - Single-page summary
+ * - No code snippets or file paths
+ * - Risk-focused language
+ * - Clear action items
+ * - Print-ready layout
+ */
+function generateEnhancedExecutiveReport(data, opts = {}) {
+  const { projectName, generatedAt, score, verdict, findings, categoryScores } = data;
+  const company = opts.company || "";
+  const logo = opts.logo || "";
+  // Calculate metrics
+  const criticalCount = findings?.filter(f => ["BLOCK", "critical"].includes(f.severity)).length || 0;
+  const highCount = findings?.filter(f => f.severity === "high").length || 0;
+  const totalIssues = findings?.length || 0;
+  // Risk level
+  const riskLevel = score >= 80 ? "Low" : score >= 60 ? "Medium" : "High";
+  const riskColor = score >= 80 ? "#10b981" : score >= 60 ? "#f59e0b" : "#ef4444";
+  // Verdict config
+  const verdictMap = {
+    SHIP: { text: "Ready for Production", color: "#10b981", icon: "✓" },
+    WARN: { text: "Requires Attention", color: "#f59e0b", icon: "!" },
+    BLOCK: { text: "Not Recommended", color: "#ef4444", icon: "✕" },
+  };
+  const v = verdictMap[verdict] || verdictMap.WARN;
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Executive Summary - ${projectName}</title>
+  <style>
+    @page { size: letter; margin: 0.75in; }
+    * { box-sizing: border-box; margin: 0; padding: 0; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'SF Pro Text', 'Segoe UI', system-ui, sans-serif;
+      background: #ffffff;
+      color: #1a1a2e;
+      line-height: 1.6;
+      max-width: 850px;
+      margin: 0 auto;
+      padding: 48px;
+    }
+    .header {
+      display: flex;
+      justify-content: space-between;
+      align-items: flex-start;
+      border-bottom: 2px solid #e5e7eb;
+      padding-bottom: 24px;
+      margin-bottom: 32px;
+    }
+    .header-left h1 {
+      font-size: 28px;
+      font-weight: 700;
+      color: #111827;
+      letter-spacing: -0.5px;
+    }
+    .header-left .subtitle {
+      font-size: 14px;
+      color: #6b7280;
+      margin-top: 4px;
+    }
+    .header-right {
+      text-align: right;
+    }
+    .logo {
+      height: 36px;
+      margin-bottom: 8px;
+    }
+    .brand {
+      font-size: 12px;
+      color: #9ca3af;
+      text-transform: uppercase;
+      letter-spacing: 0.1em;
+    }
+    .hero {
+      display: grid;
+      grid-template-columns: 200px 1fr;
+      gap: 40px;
+      margin-bottom: 40px;
+      padding: 32px;
+      background: linear-gradient(135deg, #f8fafc 0%, #f1f5f9 100%);
+      border-radius: 16px;
+      border: 1px solid #e2e8f0;
+    }
+    .score-display {
+      display: flex;
+      flex-direction: column;
+      align-items: center;
+      justify-content: center;
+    }
+    .score-circle {
+      width: 140px;
+      height: 140px;
+      border-radius: 50%;
+      background: conic-gradient(
+        ${riskColor} 0deg,
+        ${riskColor} ${score * 3.6}deg,
+        #e5e7eb ${score * 3.6}deg,
+        #e5e7eb 360deg
+      );
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      position: relative;
+    }
+    .score-circle::before {
+      content: '';
+      position: absolute;
+      width: 110px;
+      height: 110px;
+      border-radius: 50%;
+      background: white;
+    }
+    .score-value {
+      position: relative;
+      font-size: 40px;
+      font-weight: 800;
+      color: ${riskColor};
+    }
+    .score-label {
+      font-size: 12px;
+      color: #6b7280;
+      text-transform: uppercase;
+      letter-spacing: 0.1em;
+      margin-top: 12px;
+    }
+    .verdict-section {
+      display: flex;
+      flex-direction: column;
+      justify-content: center;
+    }
+    .verdict-badge {
+      display: inline-flex;
+      align-items: center;
+      gap: 10px;
+      padding: 10px 20px;
+      background: ${v.color}15;
+      border: 1px solid ${v.color}30;
+      border-radius: 50px;
+      width: fit-content;
+      margin-bottom: 16px;
+    }
+    .verdict-icon {
+      width: 24px;
+      height: 24px;
+      border-radius: 50%;
+      background: ${v.color};
+      color: white;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      font-weight: 700;
+      font-size: 14px;
+    }
+    .verdict-text {
+      font-weight: 700;
+      font-size: 15px;
+      color: ${v.color};
+    }
+    .verdict-summary {
+      font-size: 15px;
+      color: #374151;
+      line-height: 1.7;
+    }
+    .section {
+      margin-bottom: 32px;
+    }
+    .section-title {
+      font-size: 18px;
+      font-weight: 600;
+      color: #111827;
+      margin-bottom: 16px;
+      padding-bottom: 8px;
+      border-bottom: 1px solid #e5e7eb;
+    }
+    .metrics-grid {
+      display: grid;
+      grid-template-columns: repeat(4, 1fr);
+      gap: 16px;
+    }
+    .metric-card {
+      background: #f9fafb;
+      border: 1px solid #e5e7eb;
+      border-radius: 12px;
+      padding: 20px;
+      text-align: center;
+    }
+    .metric-value {
+      font-size: 32px;
+      font-weight: 700;
+    }
+    .metric-value.critical { color: #ef4444; }
+    .metric-value.high { color: #f97316; }
+    .metric-value.medium { color: #f59e0b; }
+    .metric-value.low { color: #3b82f6; }
+    .metric-value.neutral { color: #6b7280; }
+    .metric-label {
+      font-size: 12px;
+      color: #6b7280;
+      text-transform: uppercase;
+      letter-spacing: 0.05em;
+      margin-top: 4px;
+    }
+    .risk-table {
+      width: 100%;
+      border-collapse: collapse;
+    }
+    .risk-table th {
+      text-align: left;
+      font-size: 12px;
+      color: #6b7280;
+      text-transform: uppercase;
+      letter-spacing: 0.05em;
+      padding: 12px 16px;
+      background: #f9fafb;
+      border-bottom: 1px solid #e5e7eb;
+    }
+    .risk-table td {
+      padding: 16px;
+      border-bottom: 1px solid #e5e7eb;
+      font-size: 14px;
+    }
+    .risk-table .category {
+      font-weight: 600;
+      color: #111827;
+    }
+    .status-badge {
+      display: inline-block;
+      padding: 4px 12px;
+      border-radius: 50px;
+      font-size: 12px;
+      font-weight: 600;
+    }
+    .status-badge.pass { background: #d1fae5; color: #065f46; }
+    .status-badge.attention { background: #fef3c7; color: #92400e; }
+    .status-badge.fail { background: #fee2e2; color: #991b1b; }
+    .recommendation-box {
+      background: #fffbeb;
+      border: 1px solid #fcd34d;
+      border-radius: 12px;
+      padding: 20px;
+    }
+    .recommendation-title {
+      font-weight: 600;
+      color: #92400e;
+      margin-bottom: 8px;
+    }
+    .recommendation-text {
+      font-size: 14px;
+      color: #78350f;
+      line-height: 1.6;
+    }
+    .action-list {
+      list-style: none;
+      margin-top: 12px;
+    }
+    .action-list li {
+      padding: 8px 0 8px 24px;
+      position: relative;
+      font-size: 14px;
+      color: #78350f;
+    }
+    .action-list li::before {
+      content: '→';
+      position: absolute;
+      left: 0;
+      color: #f59e0b;
+      font-weight: bold;
+    }
+    .footer {
+      margin-top: 48px;
+      padding-top: 24px;
+      border-top: 1px solid #e5e7eb;
+      display: flex;
+      justify-content: space-between;
+      align-items: center;
+      font-size: 12px;
+      color: #9ca3af;
+    }
+    .footer a {
+      color: #6b7280;
+      text-decoration: none;
+    }
+    @media print {
+      body { padding: 0; max-width: none; }
+      .hero { break-inside: avoid; }
+      .section { break-inside: avoid; }
+    }
+  </style>
+</head>
+<body>
+  <header class="header">
+    <div class="header-left">
+      <h1>Security Assessment</h1>
+      <div class="subtitle">${projectName} · ${new Date(generatedAt).toLocaleDateString('en-US', { year: 'numeric', month: 'long', day: 'numeric' })}</div>
+    </div>
+    <div class="header-right">
+      ${logo ? `<img src="${logo}" alt="Logo" class="logo">` : ''}
+      <div class="brand">${company || 'VibeCheck Report'}</div>
+    </div>
+  </header>
+  <section class="hero">
+    <div class="score-display">
+      <div class="score-circle">
+        <span class="score-value">${score}</span>
+      </div>
+      <div class="score-label">Security Score</div>
+    </div>
+    <div class="verdict-section">
+      <div class="verdict-badge">
+        <span class="verdict-icon">${v.icon}</span>
+        <span class="verdict-text">${v.text}</span>
+      </div>
+      <p class="verdict-summary">${getExecutiveSummary(verdict, criticalCount, highCount, score)}</p>
+    </div>
+  </section>
+  <section class="section">
+    <h2 class="section-title">Risk Overview</h2>
+    <div class="metrics-grid">
+      <div class="metric-card">
+        <div class="metric-value critical">${criticalCount}</div>
+        <div class="metric-label">Critical Risk</div>
+      </div>
+      <div class="metric-card">
+        <div class="metric-value high">${highCount}</div>
+        <div class="metric-label">High Risk</div>
+      </div>
+      <div class="metric-card">
+        <div class="metric-value neutral">${totalIssues}</div>
+        <div class="metric-label">Total Issues</div>
+      </div>
+      <div class="metric-card">
+        <div class="metric-value" style="color: ${riskColor}">${riskLevel}</div>
+        <div class="metric-label">Risk Level</div>
+      </div>
+    </div>
+  </section>
+  ${categoryScores && Object.keys(categoryScores).length > 0 ? `
+  <section class="section">
+    <h2 class="section-title">Security Categories</h2>
+    <table class="risk-table">
+      <thead>
+        <tr>
+          <th>Category</th>
+          <th>Score</th>
+          <th>Status</th>
+        </tr>
+      </thead>
+      <tbody>
+        ${Object.entries(categoryScores).map(([cat, catScore]) => {
+          const status = catScore >= 80 ? 'pass' : catScore >= 60 ? 'attention' : 'fail';
+          const statusText = catScore >= 80 ? 'Passing' : catScore >= 60 ? 'Needs Review' : 'At Risk';
+          return `
+          <tr>
+            <td class="category">${formatCategoryName(cat)}</td>
+            <td>${catScore}%</td>
+            <td><span class="status-badge ${status}">${statusText}</span></td>
+          </tr>
+          `;
+        }).join('')}
+      </tbody>
+    </table>
+  </section>
+  ` : ''}
+  <section class="section">
+    <h2 class="section-title">Recommended Actions</h2>
+    <div class="recommendation-box">
+      <div class="recommendation-title">${getRecommendationTitle(verdict)}</div>
+      <p class="recommendation-text">${getRecommendationText(verdict, criticalCount, highCount)}</p>
+      <ul class="action-list">
+        ${getActionItems(verdict, criticalCount, highCount).map(item => `<li>${item}</li>`).join('')}
+      </ul>
+    </div>
+  </section>
+  <footer class="footer">
+    <span>Generated by VibeCheck · <a href="https://vibecheck.dev">vibecheck.dev</a></span>
+    <span>Report ID: ${data.reportId || 'VC-' + Date.now().toString(36).toUpperCase()}</span>
+  </footer>
+</body>
+</html>`;
+}
+/**
+ * Generate Compliance Report (SOC2/HIPAA/PCI-DSS ready)
+ */
+function generateEnhancedComplianceReport(data, opts = {}) {
+  const { projectName, generatedAt, score, verdict, findings, categoryScores } = data;
+  const company = opts.company || "Organization";
+  const framework = opts.framework || "SOC2";
+  // Map findings to compliance controls
+  const complianceMapping = mapToComplianceControls(findings || [], framework);
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>${framework} Compliance Report - ${projectName}</title>
+  <style>
+    @page { size: letter; margin: 0.75in; }
+    * { box-sizing: border-box; margin: 0; padding: 0; }
+    body {
+      font-family: 'Times New Roman', Georgia, serif;
+      background: #ffffff;
+      color: #1a1a1a;
+      line-height: 1.7;
+      max-width: 850px;
+      margin: 0 auto;
+      padding: 48px;
+      font-size: 12pt;
+    }
+    .cover {
+      text-align: center;
+      padding: 80px 0;
+      border-bottom: 3px double #1a1a1a;
+      margin-bottom: 40px;
+    }
+    .cover h1 {
+      font-size: 28pt;
+      font-weight: normal;
+      text-transform: uppercase;
+      letter-spacing: 0.1em;
+      margin-bottom: 16px;
+    }
+    .cover .subtitle {
+      font-size: 14pt;
+      color: #666;
+      margin-bottom: 40px;
+    }
+    .cover .meta {
+      font-size: 11pt;
+      color: #666;
+    }
+    .cover .meta p {
+      margin: 4px 0;
+    }
+    .toc {
+      margin-bottom: 40px;
+      page-break-after: always;
+    }
+    .toc h2 {
+      font-size: 14pt;
+      text-transform: uppercase;
+      letter-spacing: 0.1em;
+      border-bottom: 1px solid #1a1a1a;
+      padding-bottom: 8px;
+      margin-bottom: 16px;
+    }
+    .toc-item {
+      display: flex;
+      justify-content: space-between;
+      padding: 8px 0;
+      border-bottom: 1px dotted #ccc;
+    }
+    .section {
+      margin-bottom: 32px;
+    }
+    .section h2 {
+      font-size: 14pt;
+      text-transform: uppercase;
+      letter-spacing: 0.1em;
+      border-bottom: 1px solid #1a1a1a;
+      padding-bottom: 8px;
+      margin-bottom: 16px;
+    }
+    .section h3 {
+      font-size: 12pt;
+      font-weight: bold;
+      margin: 16px 0 8px;
+    }
+    p {
+      margin-bottom: 12px;
+      text-align: justify;
+    }
+    .attestation-box {
+      border: 2px solid #1a1a1a;
+      padding: 24px;
+      margin: 24px 0;
+      background: #fafafa;
+    }
+    .attestation-box h3 {
+      text-transform: uppercase;
+      letter-spacing: 0.1em;
+      font-size: 11pt;
+      margin-bottom: 12px;
+    }
+    .control-table {
+      width: 100%;
+      border-collapse: collapse;
+      margin: 16px 0;
+      font-size: 10pt;
+    }
+    .control-table th {
+      text-align: left;
+      background: #f0f0f0;
+      padding: 12px;
+      border: 1px solid #ccc;
+      font-weight: bold;
+    }
+    .control-table td {
+      padding: 12px;
+      border: 1px solid #ccc;
+      vertical-align: top;
+    }
+    .control-id {
+      font-family: 'Courier New', monospace;
+      font-weight: bold;
+    }
+    .status-compliant {
+      color: #065f46;
+      font-weight: bold;
+    }
+    .status-partial {
+      color: #92400e;
+      font-weight: bold;
+    }
+    .status-gap {
+      color: #991b1b;
+      font-weight: bold;
+    }
+    .finding-ref {
+      font-family: 'Courier New', monospace;
+      font-size: 9pt;
+      color: #666;
+    }
+    .signature-section {
+      margin-top: 60px;
+      padding-top: 24px;
+      border-top: 1px solid #1a1a1a;
+    }
+    .signature-line {
+      display: grid;
+      grid-template-columns: 1fr 1fr;
+      gap: 40px;
+      margin-top: 40px;
+    }
+    .signature-block {
+      border-top: 1px solid #1a1a1a;
+      padding-top: 8px;
+    }
+    .signature-label {
+      font-size: 10pt;
+      color: #666;
+    }
+    .footer {
+      margin-top: 40px;
+      padding-top: 16px;
+      border-top: 1px solid #ccc;
+      font-size: 10pt;
+      color: #666;
+      text-align: center;
+    }
+    @media print {
+      body { padding: 0; max-width: none; }
+      .section { break-inside: avoid; }
+      .control-table { break-inside: avoid; }
+    }
+  </style>
+</head>
+<body>
+  <div class="cover">
+    <h1>${framework} Type II</h1>
+    <div class="subtitle">Security Assessment Report</div>
+    <p style="font-size: 18pt; margin-bottom: 40px;">${company}</p>
+    <div class="meta">
+      <p><strong>Application:</strong> ${projectName}</p>
+      <p><strong>Assessment Date:</strong> ${new Date(generatedAt).toLocaleDateString('en-US', { year: 'numeric', month: 'long', day: 'numeric' })}</p>
+      <p><strong>Report Period:</strong> Point-in-Time Assessment</p>
+      <p><strong>Overall Score:</strong> ${score}/100</p>
+    </div>
+  </div>
+  <div class="toc">
+    <h2>Table of Contents</h2>
+    <div class="toc-item"><span>1. Executive Summary</span><span>2</span></div>
+    <div class="toc-item"><span>2. Scope of Assessment</span><span>3</span></div>
+    <div class="toc-item"><span>3. Control Assessment Results</span><span>4</span></div>
+    <div class="toc-item"><span>4. Findings and Recommendations</span><span>5</span></div>
+    <div class="toc-item"><span>5. Management Attestation</span><span>6</span></div>
+  </div>
+  <section class="section">
+    <h2>1. Executive Summary</h2>
+    <p>This report presents the results of a ${framework} security assessment conducted on ${projectName} as of ${new Date(generatedAt).toLocaleDateString('en-US', { year: 'numeric', month: 'long', day: 'numeric' })}. The assessment was performed using automated security scanning tools to evaluate the application's adherence to ${framework} Trust Services Criteria.</p>
+    <div class="attestation-box">
+      <h3>Assessment Summary</h3>
+      <p><strong>Overall Compliance Score:</strong> ${score}/100</p>
+      <p><strong>Assessment Result:</strong> ${getComplianceVerdict(score)}</p>
+      <p><strong>Critical Findings:</strong> ${findings?.filter(f => f.severity === 'critical' || f.severity === 'BLOCK').length || 0}</p>
+      <p><strong>Total Findings:</strong> ${findings?.length || 0}</p>
+    </div>
+    <p>${getComplianceSummaryText(score, findings?.length || 0)}</p>
+  </section>
+  <section class="section">
+    <h2>2. Scope of Assessment</h2>
+    <p>The assessment covered the following areas of the ${projectName} application:</p>
+    <ul style="margin-left: 24px; margin-bottom: 16px;">
+      <li>Source code security analysis</li>
+      <li>Authentication and authorization controls</li>
+      <li>Data protection mechanisms</li>
+      <li>Configuration management</li>
+      <li>Error handling and logging</li>
+      <li>Third-party dependency analysis</li>
+    </ul>
+    <p>The assessment was conducted using VibeCheck automated security scanning, which evaluates code against industry-standard security controls and best practices.</p>
+  </section>
+  <section class="section">
+    <h2>3. Control Assessment Results</h2>
+    <p>The following table summarizes the assessment results mapped to ${framework} Trust Services Criteria:</p>
+    <table class="control-table">
+      <thead>
+        <tr>
+          <th style="width: 100px;">Control ID</th>
+          <th style="width: 200px;">Control Description</th>
+          <th style="width: 80px;">Status</th>
+          <th>Findings</th>
+        </tr>
+      </thead>
+      <tbody>
+        ${complianceMapping.map(control => `
+        <tr>
+          <td class="control-id">${control.id}</td>
+          <td>${control.description}</td>
+          <td class="${control.statusClass}">${control.status}</td>
+          <td>${control.findings.length > 0
+            ? control.findings.map(f => `<span class="finding-ref">${f}</span>`).join(', ')
+            : 'No findings'}</td>
+        </tr>
+        `).join('')}
+      </tbody>
+    </table>
+  </section>
+  <section class="section">
+    <h2>4. Findings and Recommendations</h2>
+    ${findings && findings.length > 0 ? `
+    <p>The following findings were identified during the assessment and require remediation:</p>
+    ${findings.filter(f => f.severity === 'critical' || f.severity === 'BLOCK' || f.severity === 'high').slice(0, 10).map((f, i) => `
+    <h3>Finding ${i + 1}: ${sanitizeHtml(f.title || f.message)}</h3>
+    <p><strong>Severity:</strong> ${(f.severity || 'medium').toUpperCase()}</p>
+    <p><strong>Impact:</strong> ${getComplianceImpact(f.severity)}</p>
+    <p><strong>Recommendation:</strong> ${sanitizeHtml(f.fix) || 'Implement appropriate controls to address this finding.'}</p>
+    `).join('')}
+    ` : `
+    <p>No significant findings were identified during this assessment. The application demonstrates strong adherence to ${framework} security controls.</p>
+    `}
+  </section>
+  <section class="section">
+    <h2>5. Management Attestation</h2>
+    <p>This security assessment report has been prepared in accordance with ${framework} Trust Services Criteria. The assessment represents a point-in-time evaluation of the security controls implemented within the ${projectName} application.</p>
+    <div class="attestation-box">
+      <p>Management of ${company} is responsible for the design, implementation, and maintenance of effective internal controls relevant to the security, availability, processing integrity, confidentiality, and privacy of the ${projectName} application.</p>
+    </div>
+    <div class="signature-section">
+      <p>Authorized Signatures:</p>
+      <div class="signature-line">
+        <div class="signature-block">
+          <div class="signature-label">Security Officer / Date</div>
+        </div>
+        <div class="signature-block">
+          <div class="signature-label">Engineering Lead / Date</div>
+        </div>
+      </div>
+    </div>
+  </section>
+  <footer class="footer">
+    <p>This report was generated by VibeCheck Security Assessment Tool · vibecheck.dev</p>
+    <p>Report ID: ${data.reportId || 'VC-' + Date.now().toString(36).toUpperCase()}</p>
+  </footer>
+</body>
+</html>`;
+}
+// ============================================================================
+// HELPER FUNCTIONS
+// ============================================================================
+function formatCategoryName(cat) {
+  const names = {
+    security: "Security Controls",
+    auth: "Authentication & Access",
+    billing: "Payment Security",
+    routes: "API Security",
+    env: "Configuration Management",
+    quality: "Code Quality",
+    mock: "Data Integrity",
+    error: "Error Handling",
+  };
+  return names[cat] || cat.charAt(0).toUpperCase() + cat.slice(1).replace(/_/g, " ");
+}
+function getExecutiveSummary(verdict, critical, high, score) {
+  if (verdict === "SHIP") {
+    return "The application has successfully passed all critical security checks. No blocking vulnerabilities were identified, and the security posture meets production deployment requirements.";
+  } else if (verdict === "WARN") {
+    return `The application requires attention before production deployment. ${critical > 0 ? `${critical} critical` : `${high} high priority`} security issue${(critical + high) > 1 ? 's were' : ' was'} identified that should be addressed to reduce organizational risk.`;
+  } else {
+    return `The application is not recommended for production deployment in its current state. ${critical} critical security vulnerabilit${critical > 1 ? 'ies were' : 'y was'} identified that pose significant risk to the organization.`;
+  }
+}
+function getRecommendationTitle(verdict) {
+  if (verdict === "SHIP") return "Proceed with Deployment";
+  if (verdict === "WARN") return "Address Issues Before Deployment";
+  return "Halt Deployment - Remediation Required";
+}
+function getRecommendationText(verdict, critical, high) {
+  if (verdict === "SHIP") {
+    return "The security assessment indicates the application is ready for production. Maintain security hygiene through regular assessments.";
+  } else if (verdict === "WARN") {
+    return `Based on the assessment findings, we recommend addressing the identified issues before proceeding to production. Estimated remediation effort: ${(critical * 2 + high)}–${(critical * 4 + high * 2)} hours.`;
+  } else {
+    return `Immediate remediation is required before this application should be considered for production deployment. The identified vulnerabilities represent unacceptable risk to the organization.`;
+  }
+}
+function getActionItems(verdict, critical, high) {
+  if (verdict === "SHIP") {
+    return [
+      "Schedule regular security assessments (recommended: quarterly)",
+      "Monitor for newly discovered vulnerabilities in dependencies",
+      "Maintain security documentation for compliance purposes",
+    ];
+  } else if (verdict === "WARN") {
+    return [
+      critical > 0 ? `Resolve ${critical} critical finding${critical > 1 ? 's' : ''} immediately` : `Address ${high} high priority finding${high > 1 ? 's' : ''}`,
+      "Conduct security review with engineering team",
+      "Re-run assessment after remediation before deployment",
+    ];
+  } else {
+    return [
+      `Immediately address all ${critical} critical vulnerabilities`,
+      "Implement security review process before any code changes",
+      "Consider engaging security consultant for remediation guidance",
+      "Do not deploy to production until all critical issues are resolved",
+    ];
+  }
+}
+function mapToComplianceControls(findings, framework) {
+  // SOC2 Trust Services Criteria mapping
+  const controls = [
+    { id: "CC6.1", description: "Logical Access Security", category: ["auth", "secret"] },
+    { id: "CC6.2", description: "Access Provisioning", category: ["auth"] },
+    { id: "CC6.6", description: "Data Transmission Protection", category: ["security", "config"] },
+    { id: "CC6.7", description: "Data Destruction", category: ["quality"] },
+    { id: "CC7.1", description: "Configuration Management", category: ["config", "env"] },
+    { id: "CC7.2", description: "Security Monitoring", category: ["error", "quality"] },
+    { id: "CC8.1", description: "Change Management", category: ["quality", "mock"] },
+    { id: "CC9.1", description: "Business Continuity", category: ["error"] },
+    { id: "PI1.1", description: "Input Validation", category: ["injection", "xss", "security"] },
+    { id: "A1.2", description: "System Availability", category: ["error", "route"] },
+  ];
+  return controls.map(control => {
+    const relatedFindings = findings.filter(f =>
+      control.category.includes(f.type) || control.category.includes(f.category)
+    );
+    const criticalCount = relatedFindings.filter(f =>
+      f.severity === "critical" || f.severity === "BLOCK"
+    ).length;
+    const highCount = relatedFindings.filter(f => f.severity === "high").length;
+    let status, statusClass;
+    if (criticalCount > 0) {
+      status = "Gap";
+      statusClass = "status-gap";
+    } else if (highCount > 0 || relatedFindings.length > 2) {
+      status = "Partial";
+      statusClass = "status-partial";
+    } else {
+      status = "Compliant";
+      statusClass = "status-compliant";
+    }
+    return {
+      ...control,
+      status,
+      statusClass,
+      findings: relatedFindings.slice(0, 3).map(f => f.id),
+    };
+  });
+}
+function getComplianceVerdict(score) {
+  if (score >= 80) return "Meets Requirements";
+  if (score >= 60) return "Partially Meets Requirements";
+  return "Does Not Meet Requirements";
+}
+function getComplianceSummaryText(score, findingCount) {
+  if (score >= 80) {
+    return `The assessment indicates that ${findingCount > 0 ? 'while minor findings were identified, ' : ''}the application substantially meets the security requirements outlined in the Trust Services Criteria. Continued monitoring and periodic assessments are recommended to maintain compliance.`;
+  } else if (score >= 60) {
+    return `The assessment identified several areas where the application's security controls require enhancement to fully meet Trust Services Criteria requirements. Remediation of the identified findings is recommended before the next audit period.`;
+  } else {
+    return `The assessment identified significant gaps in the application's security controls relative to Trust Services Criteria requirements. Management should prioritize remediation of critical and high-severity findings before considering the application compliant.`;
+  }
+}
+function getComplianceImpact(severity) {
+  const impacts = {
+    critical: "This finding represents a significant risk that could result in unauthorized access, data breach, or system compromise.",
+    BLOCK: "This finding represents a significant risk that could result in unauthorized access, data breach, or system compromise.",
+    high: "This finding could potentially lead to security incidents if exploited.",
+    medium: "This finding represents a moderate risk that should be addressed to maintain security posture.",
+    low: "This finding represents a minor risk with limited potential impact.",
+  };
+  return impacts[severity] || impacts.medium;
+}
+function sanitizeHtml(str) {
+  if (!str) return '';
+  return String(str)
+    .replace(/&/g, '&amp;')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+    .replace(/"/g, '&quot;');
+}
+/**
+ * Generate Technical Report (for developers/CTOs)
+ */
+function generateEnhancedTechnicalReport(data, opts = {}) {
+  // For technical reports, we use the main HTML generator
+  // This is a passthrough - the report-html.js handles technical reports
+  const reportHtml = require("./report-html");
+  // Build report data if needed
+  const reportData = {
+    meta: {
+      projectName: data.projectName,
+      generatedAt: data.generatedAt,
+      version: "2.0.0",
+      reportId: data.reportId || 'VC-' + Date.now().toString(36).toUpperCase(),
+    },
+    summary: {
+      score: data.score,
+      verdict: data.verdict,
+      totalFindings: data.findings?.length || 0,
+      severityCounts: {
+        critical: data.findings?.filter(f => f.severity === "BLOCK" || f.severity === "critical").length || 0,
+        high: data.findings?.filter(f => f.severity === "high").length || 0,
+        medium: data.findings?.filter(f => f.severity === "WARN" || f.severity === "medium").length || 0,
+        low: data.findings?.filter(f => f.severity === "INFO" || f.severity === "low").length || 0,
+      },
+      categoryScores: data.categoryScores || {},
+    },
+    findings: data.findings || [],
+    fixEstimates: { humanReadable: "~2h" },
+    reality: data.reality || null,
+  };
+  return reportHtml.generateWorldClassHTML(reportData, opts);
+}
+module.exports = {
+  generateEnhancedExecutiveReport,
+  generateEnhancedComplianceReport,
+  generateEnhancedTechnicalReport,
+};