npm - vibecheck-ai - Versions diffs - 2.0.2 → 5.0.0 - Mend

vibecheck-ai 2.0.2 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (456) hide show

package/bin/.generated +25 -0
package/bin/_deprecations.js +463 -0
package/bin/_router.js +46 -0
package/bin/cli-hygiene.js +241 -0
package/bin/dev/run-v2-torture.js +30 -0
package/bin/registry.js +656 -0
package/bin/runners/CLI_REFACTOR_SUMMARY.md +229 -0
package/bin/runners/ENHANCEMENT_GUIDE.md +121 -0
package/bin/runners/REPORT_AUDIT.md +64 -0
package/bin/runners/cli-utils.js +1070 -0
package/bin/runners/context/ai-task-decomposer.js +337 -0
package/bin/runners/context/analyzer.js +513 -0
package/bin/runners/context/api-contracts.js +427 -0
package/bin/runners/context/context-diff.js +342 -0
package/bin/runners/context/context-pruner.js +291 -0
package/bin/runners/context/dependency-graph.js +414 -0
package/bin/runners/context/generators/claude.js +107 -0
package/bin/runners/context/generators/codex.js +108 -0
package/bin/runners/context/generators/copilot.js +119 -0
package/bin/runners/context/generators/cursor-enhanced.js +2525 -0
package/bin/runners/context/generators/cursor.js +514 -0
package/bin/runners/context/generators/mcp.js +169 -0
package/bin/runners/context/generators/windsurf.js +180 -0
package/bin/runners/context/git-context.js +304 -0
package/bin/runners/context/index.js +1110 -0
package/bin/runners/context/insights.js +173 -0
package/bin/runners/context/mcp-server/generate-rules.js +337 -0
package/bin/runners/context/mcp-server/index.js +1176 -0
package/bin/runners/context/mcp-server/package.json +24 -0
package/bin/runners/context/memory.js +200 -0
package/bin/runners/context/monorepo.js +215 -0
package/bin/runners/context/multi-repo-federation.js +404 -0
package/bin/runners/context/patterns.js +253 -0
package/bin/runners/context/proof-context.js +1264 -0
package/bin/runners/context/security-scanner.js +541 -0
package/bin/runners/context/semantic-search.js +350 -0
package/bin/runners/context/shared.js +264 -0
package/bin/runners/context/team-conventions.js +336 -0
package/bin/runners/lib/__tests__/entitlements-v2.test.js +295 -0
package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +474 -0
package/bin/runners/lib/agent-firewall/change-packet/builder.js +488 -0
package/bin/runners/lib/agent-firewall/change-packet/schema.json +228 -0
package/bin/runners/lib/agent-firewall/change-packet/store.js +200 -0
package/bin/runners/lib/agent-firewall/claims/claim-types.js +21 -0
package/bin/runners/lib/agent-firewall/claims/extractor.js +303 -0
package/bin/runners/lib/agent-firewall/claims/patterns.js +24 -0
package/bin/runners/lib/agent-firewall/critic/index.js +151 -0
package/bin/runners/lib/agent-firewall/critic/judge.js +432 -0
package/bin/runners/lib/agent-firewall/critic/prompts.js +305 -0
package/bin/runners/lib/agent-firewall/enforcement/gateway.js +1059 -0
package/bin/runners/lib/agent-firewall/enforcement/index.js +98 -0
package/bin/runners/lib/agent-firewall/enforcement/mode.js +318 -0
package/bin/runners/lib/agent-firewall/enforcement/orchestrator.js +484 -0
package/bin/runners/lib/agent-firewall/enforcement/proof-artifact.js +418 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/change-event.schema.json +173 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/intent.schema.json +181 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/verdict.schema.json +222 -0
package/bin/runners/lib/agent-firewall/enforcement/verdict-v2.js +333 -0
package/bin/runners/lib/agent-firewall/evidence/auth-evidence.js +88 -0
package/bin/runners/lib/agent-firewall/evidence/contract-evidence.js +75 -0
package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +127 -0
package/bin/runners/lib/agent-firewall/evidence/resolver.js +102 -0
package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +213 -0
package/bin/runners/lib/agent-firewall/evidence/side-effect-evidence.js +145 -0
package/bin/runners/lib/agent-firewall/fs-hook/daemon.js +19 -0
package/bin/runners/lib/agent-firewall/fs-hook/installer.js +87 -0
package/bin/runners/lib/agent-firewall/fs-hook/watcher.js +184 -0
package/bin/runners/lib/agent-firewall/git-hook/pre-commit.js +163 -0
package/bin/runners/lib/agent-firewall/ide-extension/cursor.js +107 -0
package/bin/runners/lib/agent-firewall/ide-extension/vscode.js +68 -0
package/bin/runners/lib/agent-firewall/ide-extension/windsurf.js +66 -0
package/bin/runners/lib/agent-firewall/index.js +200 -0
package/bin/runners/lib/agent-firewall/integration/index.js +20 -0
package/bin/runners/lib/agent-firewall/integration/ship-gate.js +437 -0
package/bin/runners/lib/agent-firewall/intent/alignment-engine.js +634 -0
package/bin/runners/lib/agent-firewall/intent/auto-detect.js +426 -0
package/bin/runners/lib/agent-firewall/intent/index.js +102 -0
package/bin/runners/lib/agent-firewall/intent/schema.js +352 -0
package/bin/runners/lib/agent-firewall/intent/store.js +283 -0
package/bin/runners/lib/agent-firewall/interception/fs-interceptor.js +502 -0
package/bin/runners/lib/agent-firewall/interception/index.js +23 -0
package/bin/runners/lib/agent-firewall/interceptor/base.js +308 -0
package/bin/runners/lib/agent-firewall/interceptor/cursor.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/vscode.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/windsurf.js +34 -0
package/bin/runners/lib/agent-firewall/lawbook/distributor.js +465 -0
package/bin/runners/lib/agent-firewall/lawbook/evaluator.js +604 -0
package/bin/runners/lib/agent-firewall/lawbook/index.js +304 -0
package/bin/runners/lib/agent-firewall/lawbook/registry.js +514 -0
package/bin/runners/lib/agent-firewall/lawbook/schema.js +420 -0
package/bin/runners/lib/agent-firewall/logger.js +141 -0
package/bin/runners/lib/agent-firewall/policy/default-policy.json +90 -0
package/bin/runners/lib/agent-firewall/policy/engine.js +103 -0
package/bin/runners/lib/agent-firewall/policy/loader.js +451 -0
package/bin/runners/lib/agent-firewall/policy/rules/auth-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/contract-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +79 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js +227 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +191 -0
package/bin/runners/lib/agent-firewall/policy/rules/scope.js +93 -0
package/bin/runners/lib/agent-firewall/policy/rules/unsafe-side-effect.js +57 -0
package/bin/runners/lib/agent-firewall/policy/schema.json +183 -0
package/bin/runners/lib/agent-firewall/policy/verdict.js +54 -0
package/bin/runners/lib/agent-firewall/proposal/extractor.js +394 -0
package/bin/runners/lib/agent-firewall/proposal/index.js +212 -0
package/bin/runners/lib/agent-firewall/proposal/schema.js +251 -0
package/bin/runners/lib/agent-firewall/proposal/validator.js +386 -0
package/bin/runners/lib/agent-firewall/reality/index.js +332 -0
package/bin/runners/lib/agent-firewall/reality/state.js +625 -0
package/bin/runners/lib/agent-firewall/reality/watcher.js +322 -0
package/bin/runners/lib/agent-firewall/risk/index.js +173 -0
package/bin/runners/lib/agent-firewall/risk/scorer.js +328 -0
package/bin/runners/lib/agent-firewall/risk/thresholds.js +322 -0
package/bin/runners/lib/agent-firewall/risk/vectors.js +421 -0
package/bin/runners/lib/agent-firewall/session/collector.js +451 -0
package/bin/runners/lib/agent-firewall/session/index.js +26 -0
package/bin/runners/lib/agent-firewall/simulator/diff-simulator.js +472 -0
package/bin/runners/lib/agent-firewall/simulator/import-resolver.js +346 -0
package/bin/runners/lib/agent-firewall/simulator/index.js +181 -0
package/bin/runners/lib/agent-firewall/simulator/route-validator.js +380 -0
package/bin/runners/lib/agent-firewall/time-machine/incident-correlator.js +661 -0
package/bin/runners/lib/agent-firewall/time-machine/index.js +267 -0
package/bin/runners/lib/agent-firewall/time-machine/replay-engine.js +436 -0
package/bin/runners/lib/agent-firewall/time-machine/state-reconstructor.js +490 -0
package/bin/runners/lib/agent-firewall/time-machine/timeline-builder.js +530 -0
package/bin/runners/lib/agent-firewall/truthpack/index.js +67 -0
package/bin/runners/lib/agent-firewall/truthpack/loader.js +137 -0
package/bin/runners/lib/agent-firewall/unblock/planner.js +337 -0
package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +118 -0
package/bin/runners/lib/ai-bridge.js +416 -0
package/bin/runners/lib/analysis-core.js +309 -0
package/bin/runners/lib/analyzers.js +2500 -0
package/bin/runners/lib/api-client.js +269 -0
package/bin/runners/lib/approve-output.js +235 -0
package/bin/runners/lib/artifact-envelope.js +540 -0
package/bin/runners/lib/assets/vibecheck-logo.png +0 -0
package/bin/runners/lib/audit-bridge.js +391 -0
package/bin/runners/lib/auth-shared.js +977 -0
package/bin/runners/lib/auth-truth.js +193 -0
package/bin/runners/lib/auth.js +215 -0
package/bin/runners/lib/authority-badge.js +425 -0
package/bin/runners/lib/backup.js +62 -0
package/bin/runners/lib/billing.js +107 -0
package/bin/runners/lib/checkpoint.js +941 -0
package/bin/runners/lib/claims.js +118 -0
package/bin/runners/lib/classify-output.js +204 -0
package/bin/runners/lib/cleanup/engine.js +571 -0
package/bin/runners/lib/cleanup/index.js +53 -0
package/bin/runners/lib/cleanup/output.js +375 -0
package/bin/runners/lib/cleanup/rules.js +1060 -0
package/bin/runners/lib/cli-output.js +400 -0
package/bin/runners/lib/cli-ui.js +540 -0
package/bin/runners/lib/compliance-bridge-new.js +0 -0
package/bin/runners/lib/compliance-bridge.js +165 -0
package/bin/runners/lib/contracts/auth-contract.js +202 -0
package/bin/runners/lib/contracts/env-contract.js +181 -0
package/bin/runners/lib/contracts/external-contract.js +206 -0
package/bin/runners/lib/contracts/guard.js +168 -0
package/bin/runners/lib/contracts/index.js +89 -0
package/bin/runners/lib/contracts/plan-validator.js +311 -0
package/bin/runners/lib/contracts/route-contract.js +199 -0
package/bin/runners/lib/contracts.js +804 -0
package/bin/runners/lib/default-config.js +127 -0
package/bin/runners/lib/detect.js +89 -0
package/bin/runners/lib/detectors-v2.js +622 -0
package/bin/runners/lib/doctor/autofix.js +254 -0
package/bin/runners/lib/doctor/diagnosis-receipt.js +454 -0
package/bin/runners/lib/doctor/failure-signatures.js +526 -0
package/bin/runners/lib/doctor/fix-script.js +336 -0
package/bin/runners/lib/doctor/index.js +37 -0
package/bin/runners/lib/doctor/modules/build-tools.js +453 -0
package/bin/runners/lib/doctor/modules/dependencies.js +325 -0
package/bin/runners/lib/doctor/modules/index.js +105 -0
package/bin/runners/lib/doctor/modules/network.js +250 -0
package/bin/runners/lib/doctor/modules/os-quirks.js +706 -0
package/bin/runners/lib/doctor/modules/project.js +312 -0
package/bin/runners/lib/doctor/modules/repo-integrity.js +485 -0
package/bin/runners/lib/doctor/modules/runtime.js +224 -0
package/bin/runners/lib/doctor/modules/security.js +350 -0
package/bin/runners/lib/doctor/modules/system.js +213 -0
package/bin/runners/lib/doctor/modules/vibecheck.js +394 -0
package/bin/runners/lib/doctor/reporter.js +262 -0
package/bin/runners/lib/doctor/safe-repair.js +384 -0
package/bin/runners/lib/doctor/service.js +262 -0
package/bin/runners/lib/doctor/types.js +113 -0
package/bin/runners/lib/doctor/ui.js +263 -0
package/bin/runners/lib/doctor-enhanced.js +233 -0
package/bin/runners/lib/doctor-output.js +226 -0
package/bin/runners/lib/doctor-v2.js +608 -0
package/bin/runners/lib/drift.js +425 -0
package/bin/runners/lib/enforcement.js +72 -0
package/bin/runners/lib/engine/ast-cache.js +210 -0
package/bin/runners/lib/engine/auth-extractor.js +211 -0
package/bin/runners/lib/engine/billing-extractor.js +112 -0
package/bin/runners/lib/engine/enforcement-extractor.js +100 -0
package/bin/runners/lib/engine/env-extractor.js +207 -0
package/bin/runners/lib/engine/express-extractor.js +208 -0
package/bin/runners/lib/engine/extractors.js +849 -0
package/bin/runners/lib/engine/index.js +207 -0
package/bin/runners/lib/engine/repo-index.js +514 -0
package/bin/runners/lib/engine/types.js +124 -0
package/bin/runners/lib/engines/accessibility-engine.js +190 -0
package/bin/runners/lib/engines/api-consistency-engine.js +162 -0
package/bin/runners/lib/engines/ast-cache.js +99 -0
package/bin/runners/lib/engines/attack-detector.js +1192 -0
package/bin/runners/lib/engines/code-quality-engine.js +255 -0
package/bin/runners/lib/engines/console-logs-engine.js +115 -0
package/bin/runners/lib/engines/cross-file-analysis-engine.js +268 -0
package/bin/runners/lib/engines/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/deprecated-api-engine.js +226 -0
package/bin/runners/lib/engines/empty-catch-engine.js +150 -0
package/bin/runners/lib/engines/file-filter.js +131 -0
package/bin/runners/lib/engines/hardcoded-secrets-engine.js +251 -0
package/bin/runners/lib/engines/mock-data-engine.js +272 -0
package/bin/runners/lib/engines/parallel-processor.js +71 -0
package/bin/runners/lib/engines/performance-issues-engine.js +265 -0
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +243 -0
package/bin/runners/lib/engines/todo-fixme-engine.js +115 -0
package/bin/runners/lib/engines/type-aware-engine.js +152 -0
package/bin/runners/lib/engines/unsafe-regex-engine.js +225 -0
package/bin/runners/lib/engines/vibecheck-engines/README.md +53 -0
package/bin/runners/lib/engines/vibecheck-engines/index.js +15 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +291 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +83 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +275 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +167 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +139 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +140 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +234 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +78 -0
package/bin/runners/lib/engines/vibecheck-engines/package.json +13 -0
package/bin/runners/lib/enterprise-detect.js +603 -0
package/bin/runners/lib/enterprise-init.js +942 -0
package/bin/runners/lib/entitlements-v2.js +265 -0
package/bin/runners/lib/entitlements.generated.js +0 -0
package/bin/runners/lib/entitlements.js +340 -0
package/bin/runners/lib/env-resolver.js +417 -0
package/bin/runners/lib/env-template.js +66 -0
package/bin/runners/lib/env.js +189 -0
package/bin/runners/lib/error-handler.js +368 -0
package/bin/runners/lib/error-messages.js +289 -0
package/bin/runners/lib/evidence-pack.js +684 -0
package/bin/runners/lib/exit-codes.js +275 -0
package/bin/runners/lib/extractors/client-calls.js +990 -0
package/bin/runners/lib/extractors/fastify-route-dump.js +573 -0
package/bin/runners/lib/extractors/fastify-routes.js +426 -0
package/bin/runners/lib/extractors/index.js +363 -0
package/bin/runners/lib/extractors/next-routes.js +524 -0
package/bin/runners/lib/extractors/proof-graph.js +431 -0
package/bin/runners/lib/extractors/route-matcher.js +451 -0
package/bin/runners/lib/extractors/truthpack-v2.js +377 -0
package/bin/runners/lib/extractors/ui-bindings.js +547 -0
package/bin/runners/lib/finding-id.js +69 -0
package/bin/runners/lib/finding-sorter.js +89 -0
package/bin/runners/lib/findings-schema.js +281 -0
package/bin/runners/lib/fingerprint.js +377 -0
package/bin/runners/lib/firewall-prompt.js +50 -0
package/bin/runners/lib/fix-output.js +228 -0
package/bin/runners/lib/global-flags.js +250 -0
package/bin/runners/lib/graph/graph-builder.js +265 -0
package/bin/runners/lib/graph/html-renderer.js +413 -0
package/bin/runners/lib/graph/index.js +32 -0
package/bin/runners/lib/graph/runtime-collector.js +215 -0
package/bin/runners/lib/graph/static-extractor.js +518 -0
package/bin/runners/lib/help-formatter.js +413 -0
package/bin/runners/lib/html-proof-report.js +913 -0
package/bin/runners/lib/html-report.js +650 -0
package/bin/runners/lib/init-wizard.js +601 -0
package/bin/runners/lib/interactive-menu.js +1496 -0
package/bin/runners/lib/json-output.js +76 -0
package/bin/runners/lib/llm.js +75 -0
package/bin/runners/lib/logger.js +38 -0
package/bin/runners/lib/meter.js +61 -0
package/bin/runners/lib/missions/briefing.js +427 -0
package/bin/runners/lib/missions/checkpoint.js +753 -0
package/bin/runners/lib/missions/evidence.js +126 -0
package/bin/runners/lib/missions/hardening.js +851 -0
package/bin/runners/lib/missions/plan.js +648 -0
package/bin/runners/lib/missions/safety-gates.js +645 -0
package/bin/runners/lib/missions/schema.js +478 -0
package/bin/runners/lib/missions/templates.js +317 -0
package/bin/runners/lib/next-action.js +560 -0
package/bin/runners/lib/packs/bundle.js +675 -0
package/bin/runners/lib/packs/evidence-pack.js +671 -0
package/bin/runners/lib/packs/pack-factory.js +837 -0
package/bin/runners/lib/packs/permissions-pack.js +686 -0
package/bin/runners/lib/packs/proof-graph-pack.js +779 -0
package/bin/runners/lib/patch.js +40 -0
package/bin/runners/lib/permissions/auth-model.js +213 -0
package/bin/runners/lib/permissions/idor-prover.js +205 -0
package/bin/runners/lib/permissions/index.js +45 -0
package/bin/runners/lib/permissions/matrix-builder.js +198 -0
package/bin/runners/lib/pkgjson.js +28 -0
package/bin/runners/lib/policy.js +295 -0
package/bin/runners/lib/polish/accessibility.js +62 -0
package/bin/runners/lib/polish/analyzer.js +93 -0
package/bin/runners/lib/polish/backend.js +87 -0
package/bin/runners/lib/polish/configuration.js +83 -0
package/bin/runners/lib/polish/documentation.js +83 -0
package/bin/runners/lib/polish/frontend.js +817 -0
package/bin/runners/lib/polish/index.js +27 -0
package/bin/runners/lib/polish/infrastructure.js +80 -0
package/bin/runners/lib/polish/internationalization.js +85 -0
package/bin/runners/lib/polish/libraries.js +180 -0
package/bin/runners/lib/polish/observability.js +75 -0
package/bin/runners/lib/polish/performance.js +64 -0
package/bin/runners/lib/polish/privacy.js +110 -0
package/bin/runners/lib/polish/resilience.js +92 -0
package/bin/runners/lib/polish/security.js +78 -0
package/bin/runners/lib/polish/seo.js +71 -0
package/bin/runners/lib/polish/styles.js +62 -0
package/bin/runners/lib/polish/utils.js +104 -0
package/bin/runners/lib/preflight.js +142 -0
package/bin/runners/lib/prerequisites.js +149 -0
package/bin/runners/lib/prove-output.js +220 -0
package/bin/runners/lib/reality/correlation-detectors.js +359 -0
package/bin/runners/lib/reality/index.js +318 -0
package/bin/runners/lib/reality/request-hashing.js +416 -0
package/bin/runners/lib/reality/request-mapper.js +453 -0
package/bin/runners/lib/reality/safety-rails.js +463 -0
package/bin/runners/lib/reality/semantic-snapshot.js +408 -0
package/bin/runners/lib/reality/toast-detector.js +393 -0
package/bin/runners/lib/reality-findings.js +84 -0
package/bin/runners/lib/reality-output.js +231 -0
package/bin/runners/lib/receipts.js +179 -0
package/bin/runners/lib/redact.js +29 -0
package/bin/runners/lib/replay/capsule-manager.js +154 -0
package/bin/runners/lib/replay/index.js +263 -0
package/bin/runners/lib/replay/player.js +348 -0
package/bin/runners/lib/replay/recorder.js +331 -0
package/bin/runners/lib/report-engine.js +626 -0
package/bin/runners/lib/report-html.js +1233 -0
package/bin/runners/lib/report-output.js +366 -0
package/bin/runners/lib/report-templates.js +967 -0
package/bin/runners/lib/report.js +135 -0
package/bin/runners/lib/route-detection.js +1209 -0
package/bin/runners/lib/route-truth.js +1322 -0
package/bin/runners/lib/safelist/index.js +96 -0
package/bin/runners/lib/safelist/integration.js +334 -0
package/bin/runners/lib/safelist/matcher.js +696 -0
package/bin/runners/lib/safelist/schema.js +948 -0
package/bin/runners/lib/safelist/store.js +438 -0
package/bin/runners/lib/sandbox/index.js +59 -0
package/bin/runners/lib/sandbox/proof-chain.js +399 -0
package/bin/runners/lib/sandbox/sandbox-runner.js +205 -0
package/bin/runners/lib/sandbox/worktree.js +174 -0
package/bin/runners/lib/scan-cache.js +330 -0
package/bin/runners/lib/scan-output-schema.js +344 -0
package/bin/runners/lib/scan-output.js +631 -0
package/bin/runners/lib/scan-runner.js +135 -0
package/bin/runners/lib/schema-validator.js +350 -0
package/bin/runners/lib/schemas/ajv-validator.js +464 -0
package/bin/runners/lib/schemas/contracts.schema.json +160 -0
package/bin/runners/lib/schemas/error-envelope.schema.json +105 -0
package/bin/runners/lib/schemas/finding-v3.schema.json +151 -0
package/bin/runners/lib/schemas/finding.schema.json +100 -0
package/bin/runners/lib/schemas/mission-pack.schema.json +206 -0
package/bin/runners/lib/schemas/proof-graph.schema.json +176 -0
package/bin/runners/lib/schemas/reality-report.schema.json +162 -0
package/bin/runners/lib/schemas/report-artifact.schema.json +120 -0
package/bin/runners/lib/schemas/run-request.schema.json +108 -0
package/bin/runners/lib/schemas/share-pack.schema.json +180 -0
package/bin/runners/lib/schemas/ship-manifest.schema.json +251 -0
package/bin/runners/lib/schemas/ship-report.schema.json +117 -0
package/bin/runners/lib/schemas/truthpack-v2.schema.json +303 -0
package/bin/runners/lib/schemas/validator.js +465 -0
package/bin/runners/lib/schemas/verdict.schema.json +140 -0
package/bin/runners/lib/score-history.js +282 -0
package/bin/runners/lib/security-bridge.js +249 -0
package/bin/runners/lib/server-usage.js +513 -0
package/bin/runners/lib/share-pack.js +239 -0
package/bin/runners/lib/ship-gate.js +832 -0
package/bin/runners/lib/ship-manifest.js +1153 -0
package/bin/runners/lib/ship-output-enterprise.js +239 -0
package/bin/runners/lib/ship-output.js +1128 -0
package/bin/runners/lib/snippets.js +67 -0
package/bin/runners/lib/status-output.js +340 -0
package/bin/runners/lib/terminal-ui.js +356 -0
package/bin/runners/lib/truth.js +1691 -0
package/bin/runners/lib/ui.js +562 -0
package/bin/runners/lib/unified-cli-output.js +947 -0
package/bin/runners/lib/unified-output.js +197 -0
package/bin/runners/lib/upsell.js +410 -0
package/bin/runners/lib/usage.js +153 -0
package/bin/runners/lib/validate-patch.js +156 -0
package/bin/runners/lib/verdict-engine.js +628 -0
package/bin/runners/lib/verification.js +345 -0
package/bin/runners/lib/why-tree.js +650 -0
package/bin/runners/reality/engine.js +917 -0
package/bin/runners/reality/flows.js +122 -0
package/bin/runners/reality/report.js +378 -0
package/bin/runners/reality/session.js +193 -0
package/bin/runners/runAIAgent.js +229 -0
package/bin/runners/runAgent.d.ts +5 -0
package/bin/runners/runAgent.js +161 -0
package/bin/runners/runAllowlist.js +418 -0
package/bin/runners/runApprove.js +320 -0
package/bin/runners/runAudit.js +692 -0
package/bin/runners/runAuth.js +731 -0
package/bin/runners/runCI.js +353 -0
package/bin/runners/runCheckpoint.js +530 -0
package/bin/runners/runClassify.js +928 -0
package/bin/runners/runCleanup.js +343 -0
package/bin/runners/runContext.d.ts +4 -0
package/bin/runners/runContext.js +175 -0
package/bin/runners/runDoctor.js +877 -0
package/bin/runners/runEvidencePack.js +362 -0
package/bin/runners/runFirewall.d.ts +5 -0
package/bin/runners/runFirewall.js +134 -0
package/bin/runners/runFirewallHook.d.ts +5 -0
package/bin/runners/runFirewallHook.js +56 -0
package/bin/runners/runFix.js +1355 -0
package/bin/runners/runForge.js +451 -0
package/bin/runners/runGuard.js +262 -0
package/bin/runners/runInit.js +1927 -0
package/bin/runners/runIntent.js +906 -0
package/bin/runners/runKickoff.js +878 -0
package/bin/runners/runLabs.js +424 -0
package/bin/runners/runLaunch.js +2000 -0
package/bin/runners/runLink.js +785 -0
package/bin/runners/runMcp.js +1875 -0
package/bin/runners/runPacks.js +2089 -0
package/bin/runners/runPolish.d.ts +4 -0
package/bin/runners/runPolish.js +390 -0
package/bin/runners/runPromptFirewall.js +211 -0
package/bin/runners/runProve.js +1411 -0
package/bin/runners/runQuickstart.js +531 -0
package/bin/runners/runReality.js +2260 -0
package/bin/runners/runReport.js +726 -0
package/bin/runners/runRuntime.js +110 -0
package/bin/runners/runSafelist.js +1190 -0
package/bin/runners/runScan.js +688 -0
package/bin/runners/runShield.js +1282 -0
package/bin/runners/runShip.js +1660 -0
package/bin/runners/runTruth.d.ts +5 -0
package/bin/runners/runTruth.js +101 -0
package/bin/runners/runValidate.js +179 -0
package/bin/runners/runWatch.js +478 -0
package/bin/runners/utils.js +360 -0
package/bin/scan.js +617 -0
package/bin/vibecheck.js +1617 -0
package/dist/guardrail/index.d.ts +2405 -0
package/dist/guardrail/index.js +9747 -0
package/dist/guardrail/index.js.map +1 -0
package/dist/scanner/index.d.ts +282 -0
package/dist/scanner/index.js +3395 -0
package/dist/scanner/index.js.map +1 -0
package/package.json +123 -104
package/README.md +0 -491
package/dist/index.js +0 -99711
package/dist/index.js.map +0 -1

package/bin/runners/runReport.js ADDED Viewed

@@ -0,0 +1,726 @@
+/**
+ * vibecheck report - World-Class Enterprise Reports
+ *
+ * TIER ENFORCEMENT:
+ * - FREE: HTML, MD formats only
+ * - STARTER: + SARIF, CSV formats
+ * - PRO: + compliance packs, PDF export, redaction templates
+ *
+ * Enterprise-grade report generation with:
+ * - Beautiful interactive HTML with modern design
+ * - Multiple export formats (HTML, MD, JSON, SARIF, CSV, PDF)
+ * - Executive, Technical, Compliance report types
+ * - Historical trends and fix time estimates
+ * - Print-optimized layouts
+ * - White-label customization
+ */
+const path = require("path");
+const fs = require("fs");
+const { parseGlobalFlags, shouldShowBanner } = require("./lib/global-flags");
+const { EXIT } = require("./lib/exit-codes");
+const { ensureScanResults } = require("./lib/prerequisites");
+// Entitlements enforcement
+let entitlements;
+try {
+  entitlements = require("./lib/entitlements-v2");
+} catch {
+  // Fallback: allow all features if entitlements not available
+  entitlements = {
+    getLimits: () => ({ reportFormats: ["html", "md", "json", "sarif", "csv", "pdf"] }),
+    getTier: async () => "pro",
+    enforce: async () => ({ allowed: true }),
+    EXIT_FEATURE_NOT_ALLOWED: 1,
+  };
+}
+// Report modules
+let reportEngine, reportHtml, reportTemplates;
+try {
+  reportEngine = require("./lib/report-engine");
+} catch (e) {
+  console.error("Warning: report-engine not found:", e.message);
+}
+try {
+  reportHtml = require("./lib/report-html");
+} catch (e) {
+  console.error("Warning: report-html not found:", e.message);
+}
+try {
+  reportTemplates = require("./lib/report-templates");
+} catch (e) {
+  console.error("Warning: report-templates not found:", e.message);
+}
+// ═══════════════════════════════════════════════════════════════════════════════
+// ENHANCED TERMINAL UI & OUTPUT MODULES
+// ═══════════════════════════════════════════════════════════════════════════════
+const {
+  ansi,
+  colors,
+  icons,
+  Spinner,
+  renderSection,
+  formatDuration,
+} = require("./lib/terminal-ui");
+const {
+  BANNER,
+  formatHelp,
+  renderReportInfo,
+  renderSuccess,
+  renderError,
+} = require("./lib/report-output");
+function parseArgs(args) {
+  // Parse global flags first
+  const { flags: globalFlags, cleanArgs } = parseGlobalFlags(args);
+  const opts = {
+    type: "technical",
+    format: "html",
+    path: globalFlags.path || ".",
+    output: globalFlags.output || null,
+    logo: null,
+    company: null,
+    theme: "dark",
+    framework: "SOC2",
+    includeVerify: false,
+    includeTrends: false,
+    redactPaths: false,
+    maxFindings: 50,
+    open: false,
+    help: globalFlags.help || false,
+    quiet: globalFlags.quiet || false,
+    json: globalFlags.json || false,
+    noBanner: globalFlags.noBanner || false,
+    ci: globalFlags.ci || false,
+    verbose: globalFlags.verbose || false,
+  };
+  // Parse command-specific args
+  for (let i = 0; i < cleanArgs.length; i++) {
+    const a = cleanArgs[i];
+    if (a === "--type" || a === "-t") opts.type = cleanArgs[++i];
+    if (a === "--format" || a === "-f") opts.format = cleanArgs[++i];
+    if (a === "--output" || a === "-o") opts.output = cleanArgs[++i];
+    if (a === "--logo") opts.logo = cleanArgs[++i];
+    if (a === "--company") opts.company = cleanArgs[++i];
+    if (a === "--theme") opts.theme = cleanArgs[++i];
+    if (a === "--framework") opts.framework = args[++i];
+    if (a === "--light") opts.theme = "light";
+    if (a === "--dark") opts.theme = "dark";
+    if (a === "--include-verify") opts.includeVerify = true;
+    if (a === "--include-trends" || a === "--trends") opts.includeTrends = true;
+    if (a === "--redact-paths" || a === "--redact") opts.redactPaths = true;
+    if (a === "--max-findings") opts.maxFindings = parseInt(args[++i]) || 50;
+    if (a.startsWith("--path=")) opts.path = a.split("=")[1];
+    if (a === "--path" || a === "-p") opts.path = args[++i];
+    if (a === "--open") opts.open = true;
+    if (a === "--quiet" || a === "-q") opts.quiet = true;
+    if (a === "--help" || a === "-h") opts.help = true;
+  }
+  return opts;
+}
+function printHelp(showBanner = true) {
+  if (showBanner && shouldShowBanner({})) {
+    console.log(BANNER);
+  }
+  console.log(formatHelp());
+}
+async function runReport(args) {
+  const opts = parseArgs(args);
+  if (opts.help) {
+    printHelp(shouldShowBanner(opts));
+    return 0;
+  }
+  const projectPath = path.resolve(opts.path);
+  const outputDir = path.join(projectPath, ".vibecheck");
+  const projectName = path.basename(projectPath);
+  // TIER ENFORCEMENT
+  const format = opts.format.toLowerCase();
+  const tier = await entitlements.getTier({ projectPath });
+  const limits = entitlements.getLimits(tier);
+  const allowedFormats = limits.reportFormats || ["html", "md"];
+  // Check format access
+  if (!allowedFormats.includes(format) && format !== "json") {
+    if (format === "sarif" || format === "csv") {
+      const access = await entitlements.enforce("report.sarif_csv", {
+        projectPath,
+        silent: false,
+      });
+      if (!access.allowed) {
+        console.log(`\n  ${colors.warning}${icons.warning}${ansi.reset} ${ansi.dim}HTML and MD formats are available on FREE tier${ansi.reset}`);
+        console.log(`  ${ansi.dim}Upgrade to STARTER for SARIF/CSV export${ansi.reset}\n`);
+        return entitlements.EXIT_FEATURE_NOT_ALLOWED;
+      }
+    }
+    if (format === "pdf") {
+      const access = await entitlements.enforce("report.pdf_export", {
+        projectPath,
+        silent: false,
+      });
+      if (!access.allowed) {
+        console.log(`\n  ${colors.warning}${icons.warning}${ansi.reset} ${ansi.dim}PDF export requires PRO tier${ansi.reset}`);
+        console.log(`  ${ansi.dim}HTML reports can be printed to PDF from browser${ansi.reset}\n`);
+        return entitlements.EXIT_FEATURE_NOT_ALLOWED;
+      }
+    }
+  }
+  // Compliance reports require PRO
+  if (opts.type === "compliance") {
+    const access = await entitlements.enforce("report.compliance_packs", {
+      projectPath,
+      silent: false,
+    });
+    if (!access.allowed) {
+      console.log(`\n  ${colors.warning}${icons.warning}${ansi.reset} ${ansi.dim}Executive and technical reports available on lower tiers${ansi.reset}`);
+      return entitlements.EXIT_FEATURE_NOT_ALLOWED;
+    }
+  }
+  // Display banner and report info
+  if (!opts.quiet) {
+    if (shouldShowBanner(opts)) {
+      console.log(BANNER);
+      console.log(renderReportInfo(opts.type, opts.format, null));
+      console.log('');
+    }
+  }
+  // Progress spinner
+  const spinner = new Spinner({ color: colors.accent });
+  spinner.start(`Generating ${opts.type} report`);
+  // Auto-run scan if results are missing (unless in CI or explicitly disabled)
+  const scanPrereq = await ensureScanResults(projectPath, {
+    quiet: opts.quiet,
+    json: opts.json,
+    ci: opts.ci,
+    colors,
+    icons,
+    ansi,
+  });
+  if (scanPrereq.ran && !scanPrereq.success && !opts.quiet) {
+    spinner.warn("Auto-run scan failed - continuing with available data");
+  }
+  // Load ship results (prefer ship results, fall back to scan results)
+  let shipResults = loadShipResults(projectPath, outputDir);
+  // If no ship results, try to load scan results
+  if (!shipResults) {
+    const scanResultsPath = path.join(projectPath, ".vibecheck", "results", "latest.json");
+    if (fs.existsSync(scanResultsPath)) {
+      try {
+        const scanData = JSON.parse(fs.readFileSync(scanResultsPath, "utf8"));
+        shipResults = {
+          score: scanData.result?.score || scanData.score || 0,
+          verdict: scanData.result?.verdict || scanData.verdict || "UNKNOWN",
+          findings: scanData.result?.findings || scanData.findings || [],
+          truthpack: scanData.truthpack || null,
+        };
+      } catch {}
+    }
+  }
+  if (!shipResults) {
+    spinner.warn("No scan results found - using demo data");
+    if (!opts.quiet) {
+      console.log(`  ${ansi.dim}Tip: Run 'vibecheck scan' first for real results.${ansi.reset}\n`);
+    }
+    shipResults = getDemoData();
+  }
+  // Build comprehensive report data
+  spinner.update("Processing findings");
+  let reportData;
+  if (reportEngine) {
+    reportData = reportEngine.buildReportData(shipResults, {
+      projectName,
+      repoRoot: projectPath,
+      includeTrends: opts.includeTrends,
+    });
+  } else {
+    reportData = buildBasicReportData(shipResults, projectName);
+  }
+  // Generate report content
+  spinner.update(`Rendering ${format.toUpperCase()} output`);
+  let reportContent = "";
+  let fileExtension = format;
+  try {
+    switch (format) {
+      case "html":
+        // Debug: Log which HTML generator will be used
+        if (opts.verbose || opts.type === "technical") {
+          if (reportHtml && typeof reportHtml.generateWorldClassHTML === 'function') {
+            console.log(`  ${ansi.dim}Using world-class HTML generator${ansi.reset}`);
+          } else {
+            console.log(`  ${ansi.dim}Using basic HTML generator (report-html module not available)${ansi.reset}`);
+          }
+        }
+        reportContent = generateHTMLReport(reportData, opts);
+        break;
+      case "md":
+      case "markdown":
+        reportContent = generateMarkdownReport(reportData, opts);
+        fileExtension = "md";
+        break;
+      case "json":
+        reportContent = generateJSONReport(reportData, opts);
+        break;
+      case "sarif":
+        reportContent = generateSARIFReport(reportData, opts);
+        break;
+      case "csv":
+        reportContent = generateCSVReport(reportData, opts);
+        break;
+      case "pdf":
+        // PDF requires HTML first, then conversion
+        reportContent = await generatePDFReport(reportData, opts, outputDir);
+        break;
+      default:
+        spinner.fail(`Unknown format: ${format}`);
+        console.log(`  ${ansi.dim}Supported: html, md, json, sarif, csv, pdf${ansi.reset}`);
+        return EXIT.USER_ERROR;
+    }
+  } catch (err) {
+    spinner.fail(`Failed to generate report: ${err.message}`);
+    return EXIT.INTERNAL_ERROR;
+  }
+  // Determine output path
+  const outputFileName = opts.output || path.join(outputDir, `report.${fileExtension}`);
+  const outputDirPath = path.dirname(outputFileName);
+  // Ensure output directory exists
+  if (!fs.existsSync(outputDirPath)) {
+    fs.mkdirSync(outputDirPath, { recursive: true });
+  }
+  // Write report (always overwrite to ensure fresh content)
+  spinner.update("Writing report");
+  fs.writeFileSync(outputFileName, reportContent, 'utf8');
+  // If this is the default report.html, also update the timestamp to help with cache busting
+  if (!opts.output && fileExtension === 'html') {
+    try {
+      // Touch the file to update its modification time
+      const now = new Date();
+      fs.utimesSync(outputFileName, now, now);
+    } catch {
+      // Ignore errors on utimes
+    }
+  }
+  // Save report history for trend analysis
+  saveReportHistory(outputDir, reportData);
+  spinner.succeed("Report generated");
+  console.log("");
+  // Print success message using design system
+  console.log(renderSuccess(outputFileName, opts.format));
+  // Open in browser if requested
+  if (opts.open && format === "html") {
+    openInBrowser(outputFileName);
+  }
+  return 0;
+}
+// ============================================================================
+// DATA LOADING
+// ============================================================================
+function loadShipResults(projectPath, outputDir) {
+  const sources = [
+    path.join(outputDir, "ship_report.json"),
+    path.join(outputDir, "report.json"),
+    path.join(outputDir, "truth", "truthpack.json"),
+  ];
+  let results = null;
+  for (const src of sources) {
+    if (fs.existsSync(src)) {
+      try {
+        results = JSON.parse(fs.readFileSync(src, "utf8"));
+        break;
+      } catch {
+        continue;
+      }
+    }
+  }
+  // Also load reality report if available
+  const realitySources = [
+    path.join(outputDir, "reality", "last_reality.json"),
+    path.join(outputDir, "reality_report.json"),
+  ];
+  for (const src of realitySources) {
+    if (fs.existsSync(src)) {
+      try {
+        const realityData = JSON.parse(fs.readFileSync(src, "utf8"));
+        if (results) {
+          results.reality = realityData;
+        } else {
+          results = { reality: realityData };
+        }
+        break;
+      } catch {
+        continue;
+      }
+    }
+  }
+  return results;
+}
+function getDemoData() {
+  return {
+    score: 72,
+    verdict: "WARN",
+    findings: [
+      { id: "SEC001", severity: "BLOCK", type: "secret", message: "API key exposed in source code", title: "Exposed API Key", file: "src/config.ts", line: 42, fix: "Move to environment variable" },
+      { id: "AUTH001", severity: "BLOCK", type: "auth", message: "Authentication bypass in admin route", title: "Auth Bypass Vulnerability", file: "src/routes/admin.ts", line: 15, fix: "Add auth middleware" },
+      { id: "MOCK001", severity: "WARN", type: "mock", message: "Mock data used in production path", title: "Mock Data in Production", file: "src/api/users.ts", line: 88, fix: "Remove mock data fallback" },
+      { id: "ERR001", severity: "WARN", type: "error", message: "Empty catch block in payment flow", title: "Swallowed Exception", file: "src/billing/checkout.ts", line: 156, fix: "Add error handling" },
+      { id: "CFG001", severity: "INFO", type: "config", message: "Hardcoded timeout value", title: "Hardcoded Configuration", file: "src/utils/http.ts", line: 23, fix: "Move to config" },
+      { id: "DBG001", severity: "INFO", type: "quality", message: "Console.log statement", title: "Debug Statement", file: "src/debug.ts", line: 5, fix: "Remove or use logger" },
+    ],
+    categoryScores: { security: 65, auth: 50, billing: 90, quality: 75 },
+    truthpack: {
+      routes: { server: Array(12).fill({}) },
+      env: { vars: Array(8).fill("") },
+    },
+    reality: {
+      coverage: { clientCallsMapped: 87, uiActionsVerified: 95, authRoutes: 100 },
+      latencyP95: 412,
+      brokenFlows: [
+        {
+          title: "User cannot complete checkout flow",
+          severity: "BLOCK",
+          steps: [
+            { type: "ui", label: "Click 'Add to Cart'" },
+            { type: "api", label: "POST /api/cart" },
+            { type: "ui", label: "Click 'Checkout'" },
+            { type: "api", label: "POST /api/orders" },
+            { type: "error", label: "500 Internal Server Error" },
+          ],
+        },
+      ],
+    },
+  };
+}
+function buildBasicReportData(shipResults, projectName) {
+  const findings = shipResults?.findings || [];
+  const reality = shipResults?.reality || null;
+  return {
+    meta: {
+      projectName,
+      generatedAt: new Date().toISOString(),
+      version: "2.0.0",
+      reportId: `VC-${Date.now().toString(36).toUpperCase()}`,
+    },
+    summary: {
+      score: shipResults?.score || 0,
+      verdict: shipResults?.verdict || (shipResults?.canShip ? "SHIP" : "WARN"),
+      totalFindings: findings.length,
+      severityCounts: {
+        critical: findings.filter(f => f.severity === "BLOCK" || f.severity === "critical").length,
+        high: findings.filter(f => f.severity === "high").length,
+        medium: findings.filter(f => f.severity === "WARN" || f.severity === "medium").length,
+        low: findings.filter(f => f.severity === "low" || f.severity === "INFO").length,
+      },
+      categoryScores: shipResults?.categoryScores || {},
+    },
+    findings: findings.map((f, i) => ({ ...f, id: f.id || `F${String(i + 1).padStart(3, "0")}` })),
+    fixEstimates: { humanReadable: calculateFixTime(findings), totalMinutes: 120 },
+    truthpack: shipResults?.truthpack || null,
+    reality: reality,
+  };
+}
+// ============================================================================
+// REPORT GENERATORS
+// ============================================================================
+function generateHTMLReport(reportData, opts) {
+  // Route to appropriate template based on type
+  switch (opts.type) {
+    case "executive":
+      if (reportTemplates?.generateEnhancedExecutiveReport) {
+        return reportTemplates.generateEnhancedExecutiveReport(
+          convertToLegacyFormat(reportData),
+          opts
+        );
+      }
+      // Fall through if template not available
+      break;
+    case "compliance":
+      if (reportTemplates?.generateEnhancedComplianceReport) {
+        return reportTemplates.generateEnhancedComplianceReport(
+          convertToLegacyFormat(reportData),
+          opts
+        );
+      }
+      // Fall through if template not available
+      break;
+    default:
+      // Technical report - ALWAYS use world-class HTML generator
+      if (reportHtml && typeof reportHtml.generateWorldClassHTML === 'function') {
+        try {
+          // Ensure reportData has required structure
+          if (!reportData.meta) {
+            reportData.meta = { projectName: 'Unknown', generatedAt: new Date().toISOString(), version: '2.0.0' };
+          }
+          if (!reportData.summary) {
+            reportData.summary = { score: 0, verdict: 'WARN', totalFindings: 0, severityCounts: {} };
+          }
+          if (!reportData.findings) {
+            reportData.findings = [];
+          }
+          return reportHtml.generateWorldClassHTML(reportData, opts);
+        } catch (err) {
+          console.error(`\n  ${colors.error}${icons.error}${ansi.reset} Error generating world-class HTML: ${err.message}`);
+          if (opts.verbose) {
+            console.error(err.stack);
+          }
+          // Fall through to basic HTML only on error
+        }
+      } else {
+        console.warn(`\n  ${colors.warning}${icons.warning}${ansi.reset} report-html module not available, using basic HTML template`);
+      }
+      break;
+  }
+  // Fallback to basic HTML only if world-class generator failed or not available
+  console.warn(`  ${ansi.dim}Using basic HTML fallback${ansi.reset}`);
+  return generateBasicHTML(reportData, opts);
+}
+function generateMarkdownReport(reportData, opts) {
+  if (reportEngine?.exportToMarkdown) {
+    return reportEngine.exportToMarkdown(reportData, opts);
+  }
+  return generateBasicMarkdown(reportData, opts);
+}
+function generateJSONReport(reportData, opts) {
+  if (reportEngine?.exportToJSON) {
+    return reportEngine.exportToJSON(reportData);
+  }
+  return JSON.stringify(reportData, null, 2);
+}
+function generateSARIFReport(reportData, opts) {
+  if (reportEngine?.exportToSARIF) {
+    return JSON.stringify(reportEngine.exportToSARIF(reportData), null, 2);
+  }
+  // Basic SARIF fallback
+  return JSON.stringify({
+    $schema: "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+    version: "2.1.0",
+    runs: [{
+      tool: { driver: { name: "vibecheck", version: "2.0.0" } },
+      results: reportData.findings.map(f => ({
+        ruleId: f.id,
+        level: f.severity === "critical" ? "error" : "warning",
+        message: { text: f.title || f.message },
+      })),
+    }],
+  }, null, 2);
+}
+function generateCSVReport(reportData, opts) {
+  if (reportEngine?.exportToCSV) {
+    return reportEngine.exportToCSV(reportData);
+  }
+  // Basic CSV fallback
+  const headers = ["ID", "Severity", "Title", "File", "Line", "Fix"];
+  const rows = reportData.findings.map(f => [
+    f.id || "",
+    f.severity || "",
+    `"${(f.title || f.message || "").replace(/"/g, '""')}"`,
+    f.file || "",
+    f.line || "",
+    `"${(f.fix || "").replace(/"/g, '""')}"`,
+  ]);
+  return [headers.join(","), ...rows.map(r => r.join(","))].join("\n");
+}
+async function generatePDFReport(reportData, opts, outputDir) {
+  // Generate HTML first
+  const htmlContent = generateHTMLReport(reportData, { ...opts, format: "html" });
+  const tempHtmlPath = path.join(outputDir, "temp_report.html");
+  fs.writeFileSync(tempHtmlPath, htmlContent);
+  // Try to use puppeteer for PDF generation
+  try {
+    const puppeteer = require("puppeteer");
+    const browser = await puppeteer.launch({ headless: "new" });
+    const page = await browser.newPage();
+    await page.setContent(htmlContent, { waitUntil: "networkidle0" });
+    const pdf = await page.pdf({
+      format: "Letter",
+      printBackground: true,
+      margin: { top: "0.5in", right: "0.5in", bottom: "0.5in", left: "0.5in" },
+    });
+    await browser.close();
+    // Clean up temp file
+    try { fs.unlinkSync(tempHtmlPath); } catch {}
+    return pdf;
+  } catch (e) {
+    // Clean up temp file
+    try { fs.unlinkSync(tempHtmlPath); } catch {}
+    throw new Error(
+      `PDF generation requires puppeteer. Install with: npm install puppeteer\n` +
+      `Or use --format=html and print to PDF from your browser.`
+    );
+  }
+}
+function convertToLegacyFormat(reportData) {
+  return {
+    projectName: reportData.meta.projectName,
+    generatedAt: reportData.meta.generatedAt,
+    reportId: reportData.meta.reportId,
+    score: reportData.summary.score,
+    verdict: reportData.summary.verdict,
+    findings: reportData.findings,
+    categoryScores: reportData.summary.categoryScores,
+    reality: reportData.reality,
+  };
+}
+// ============================================================================
+// FALLBACK GENERATORS
+// ============================================================================
+function generateBasicHTML(reportData, opts) {
+  const { meta, summary } = reportData;
+  const verdictColor = summary.verdict === "SHIP" ? "#10b981" : summary.verdict === "WARN" ? "#f59e0b" : "#ef4444";
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>VibeCheck Report - ${meta.projectName}</title>
+  <style>
+    body { font-family: -apple-system, sans-serif; max-width: 800px; margin: 0 auto; padding: 40px; background: #0f172a; color: #f8fafc; }
+    .header { border-bottom: 2px solid #334155; padding-bottom: 20px; margin-bottom: 30px; }
+    .score { font-size: 4rem; font-weight: 800; text-align: center; margin: 40px 0; color: ${verdictColor}; }
+    .verdict { display: inline-block; padding: 12px 24px; border-radius: 50px; font-weight: 600; background: ${verdictColor}22; color: ${verdictColor}; }
+    .section { margin: 30px 0; }
+    h2 { color: #94a3b8; font-size: 0.875rem; text-transform: uppercase; letter-spacing: 0.1em; }
+    .finding { background: #1e293b; padding: 16px; border-radius: 8px; margin: 12px 0; border-left: 4px solid #3b82f6; }
+    .footer { margin-top: 60px; text-align: center; color: #64748b; }
+  </style>
+</head>
+<body>
+  <div class="header">
+    <h1>Ship Readiness Report</h1>
+    <p>Project: ${meta.projectName} · ${new Date(meta.generatedAt).toLocaleString()}</p>
+  </div>
+  <div class="score">${summary.score}</div>
+  <div style="text-align: center;"><span class="verdict">${summary.verdict}</span></div>
+  <div class="section">
+    <h2>Findings (${summary.totalFindings})</h2>
+    ${reportData.findings.slice(0, 10).map(f => `
+      <div class="finding">
+        <strong>${(f.severity || 'WARN').toUpperCase()}</strong>: ${f.title || f.message}
+        ${f.file ? `<br><code>${f.file}${f.line ? `:${f.line}` : ""}</code>` : ""}
+      </div>
+    `).join("")}
+  </div>
+  <div class="footer">Generated by VibeCheck · ${meta.reportId}</div>
+</body>
+</html>`;
+}
+function generateBasicMarkdown(reportData, opts) {
+  const { meta, summary, findings } = reportData;
+  return `# VibeCheck Report
+**Project:** ${meta.projectName}
+**Generated:** ${new Date(meta.generatedAt).toLocaleString()}
+**Score:** ${summary.score}/100
+**Verdict:** ${summary.verdict}
+## Findings (${summary.totalFindings})
+${findings.slice(0, 20).map(f => `- **${(f.severity || 'WARN').toUpperCase()}**: ${f.title || f.message}${f.file ? ` (\`${f.file}\`)` : ""}`).join("\n")}
+---
+*Generated by VibeCheck · ${meta.reportId}*
+`;
+}
+// ============================================================================
+// UTILITIES
+// ============================================================================
+function calculateFixTime(findings) {
+  if (!findings || findings.length === 0) return "0h";
+  const minutes = findings.reduce((total, f) => {
+    const sev = (f.severity || "").toLowerCase();
+    const time = { block: 60, critical: 60, high: 45, warn: 20, medium: 20, info: 10, low: 10 };
+    return total + (time[sev] || 15);
+  }, 0);
+  if (minutes < 60) return `${minutes}m`;
+  const hours = Math.round(minutes / 60 * 10) / 10;
+  return hours > 8 ? `${Math.ceil(hours / 8)}d` : `${hours}h`;
+}
+function saveReportHistory(outputDir, reportData) {
+  try {
+    const historyDir = path.join(outputDir, "history");
+    if (!fs.existsSync(historyDir)) {
+      fs.mkdirSync(historyDir, { recursive: true });
+    }
+    const timestamp = new Date().toISOString().split("T")[0];
+    const historyFile = path.join(historyDir, `${timestamp}.json`);
+    fs.writeFileSync(historyFile, JSON.stringify({
+      meta: reportData.meta,
+      summary: reportData.summary,
+    }, null, 2));
+  } catch {
+    // Silently fail history saving
+  }
+}
+function openInBrowser(filePath) {
+  const { exec } = require("child_process");
+  const cmd = process.platform === "darwin" ? "open" :
+              process.platform === "win32" ? "start" : "xdg-open";
+  exec(`${cmd} "${filePath}"`);
+}
+module.exports = { runReport };