npm - vibecheck-ai - Versions diffs - 2.0.2 → 5.0.1 - Mend

vibecheck-ai 2.0.2 → 5.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (456) hide show

package/bin/.generated +25 -0
package/bin/_deprecations.js +463 -0
package/bin/_router.js +46 -0
package/bin/cli-hygiene.js +241 -0
package/bin/dev/run-v2-torture.js +30 -0
package/bin/registry.js +656 -0
package/bin/runners/CLI_REFACTOR_SUMMARY.md +229 -0
package/bin/runners/ENHANCEMENT_GUIDE.md +121 -0
package/bin/runners/REPORT_AUDIT.md +64 -0
package/bin/runners/cli-utils.js +1070 -0
package/bin/runners/context/ai-task-decomposer.js +337 -0
package/bin/runners/context/analyzer.js +513 -0
package/bin/runners/context/api-contracts.js +427 -0
package/bin/runners/context/context-diff.js +342 -0
package/bin/runners/context/context-pruner.js +291 -0
package/bin/runners/context/dependency-graph.js +414 -0
package/bin/runners/context/generators/claude.js +107 -0
package/bin/runners/context/generators/codex.js +108 -0
package/bin/runners/context/generators/copilot.js +119 -0
package/bin/runners/context/generators/cursor-enhanced.js +2525 -0
package/bin/runners/context/generators/cursor.js +514 -0
package/bin/runners/context/generators/mcp.js +169 -0
package/bin/runners/context/generators/windsurf.js +180 -0
package/bin/runners/context/git-context.js +304 -0
package/bin/runners/context/index.js +1110 -0
package/bin/runners/context/insights.js +173 -0
package/bin/runners/context/mcp-server/generate-rules.js +337 -0
package/bin/runners/context/mcp-server/index.js +1176 -0
package/bin/runners/context/mcp-server/package.json +24 -0
package/bin/runners/context/memory.js +200 -0
package/bin/runners/context/monorepo.js +215 -0
package/bin/runners/context/multi-repo-federation.js +404 -0
package/bin/runners/context/patterns.js +253 -0
package/bin/runners/context/proof-context.js +1264 -0
package/bin/runners/context/security-scanner.js +541 -0
package/bin/runners/context/semantic-search.js +350 -0
package/bin/runners/context/shared.js +264 -0
package/bin/runners/context/team-conventions.js +336 -0
package/bin/runners/lib/__tests__/entitlements-v2.test.js +295 -0
package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +474 -0
package/bin/runners/lib/agent-firewall/change-packet/builder.js +488 -0
package/bin/runners/lib/agent-firewall/change-packet/schema.json +228 -0
package/bin/runners/lib/agent-firewall/change-packet/store.js +200 -0
package/bin/runners/lib/agent-firewall/claims/claim-types.js +21 -0
package/bin/runners/lib/agent-firewall/claims/extractor.js +303 -0
package/bin/runners/lib/agent-firewall/claims/patterns.js +24 -0
package/bin/runners/lib/agent-firewall/critic/index.js +151 -0
package/bin/runners/lib/agent-firewall/critic/judge.js +432 -0
package/bin/runners/lib/agent-firewall/critic/prompts.js +305 -0
package/bin/runners/lib/agent-firewall/enforcement/gateway.js +1059 -0
package/bin/runners/lib/agent-firewall/enforcement/index.js +98 -0
package/bin/runners/lib/agent-firewall/enforcement/mode.js +318 -0
package/bin/runners/lib/agent-firewall/enforcement/orchestrator.js +484 -0
package/bin/runners/lib/agent-firewall/enforcement/proof-artifact.js +418 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/change-event.schema.json +173 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/intent.schema.json +181 -0
package/bin/runners/lib/agent-firewall/enforcement/schemas/verdict.schema.json +222 -0
package/bin/runners/lib/agent-firewall/enforcement/verdict-v2.js +333 -0
package/bin/runners/lib/agent-firewall/evidence/auth-evidence.js +88 -0
package/bin/runners/lib/agent-firewall/evidence/contract-evidence.js +75 -0
package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +127 -0
package/bin/runners/lib/agent-firewall/evidence/resolver.js +102 -0
package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +213 -0
package/bin/runners/lib/agent-firewall/evidence/side-effect-evidence.js +145 -0
package/bin/runners/lib/agent-firewall/fs-hook/daemon.js +19 -0
package/bin/runners/lib/agent-firewall/fs-hook/installer.js +87 -0
package/bin/runners/lib/agent-firewall/fs-hook/watcher.js +184 -0
package/bin/runners/lib/agent-firewall/git-hook/pre-commit.js +163 -0
package/bin/runners/lib/agent-firewall/ide-extension/cursor.js +107 -0
package/bin/runners/lib/agent-firewall/ide-extension/vscode.js +68 -0
package/bin/runners/lib/agent-firewall/ide-extension/windsurf.js +66 -0
package/bin/runners/lib/agent-firewall/index.js +200 -0
package/bin/runners/lib/agent-firewall/integration/index.js +20 -0
package/bin/runners/lib/agent-firewall/integration/ship-gate.js +437 -0
package/bin/runners/lib/agent-firewall/intent/alignment-engine.js +634 -0
package/bin/runners/lib/agent-firewall/intent/auto-detect.js +426 -0
package/bin/runners/lib/agent-firewall/intent/index.js +102 -0
package/bin/runners/lib/agent-firewall/intent/schema.js +352 -0
package/bin/runners/lib/agent-firewall/intent/store.js +283 -0
package/bin/runners/lib/agent-firewall/interception/fs-interceptor.js +502 -0
package/bin/runners/lib/agent-firewall/interception/index.js +23 -0
package/bin/runners/lib/agent-firewall/interceptor/base.js +308 -0
package/bin/runners/lib/agent-firewall/interceptor/cursor.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/vscode.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/windsurf.js +34 -0
package/bin/runners/lib/agent-firewall/lawbook/distributor.js +465 -0
package/bin/runners/lib/agent-firewall/lawbook/evaluator.js +604 -0
package/bin/runners/lib/agent-firewall/lawbook/index.js +304 -0
package/bin/runners/lib/agent-firewall/lawbook/registry.js +514 -0
package/bin/runners/lib/agent-firewall/lawbook/schema.js +420 -0
package/bin/runners/lib/agent-firewall/logger.js +141 -0
package/bin/runners/lib/agent-firewall/policy/default-policy.json +90 -0
package/bin/runners/lib/agent-firewall/policy/engine.js +103 -0
package/bin/runners/lib/agent-firewall/policy/loader.js +451 -0
package/bin/runners/lib/agent-firewall/policy/rules/auth-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/contract-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +79 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js +227 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +191 -0
package/bin/runners/lib/agent-firewall/policy/rules/scope.js +93 -0
package/bin/runners/lib/agent-firewall/policy/rules/unsafe-side-effect.js +57 -0
package/bin/runners/lib/agent-firewall/policy/schema.json +183 -0
package/bin/runners/lib/agent-firewall/policy/verdict.js +54 -0
package/bin/runners/lib/agent-firewall/proposal/extractor.js +394 -0
package/bin/runners/lib/agent-firewall/proposal/index.js +212 -0
package/bin/runners/lib/agent-firewall/proposal/schema.js +251 -0
package/bin/runners/lib/agent-firewall/proposal/validator.js +386 -0
package/bin/runners/lib/agent-firewall/reality/index.js +332 -0
package/bin/runners/lib/agent-firewall/reality/state.js +625 -0
package/bin/runners/lib/agent-firewall/reality/watcher.js +322 -0
package/bin/runners/lib/agent-firewall/risk/index.js +173 -0
package/bin/runners/lib/agent-firewall/risk/scorer.js +328 -0
package/bin/runners/lib/agent-firewall/risk/thresholds.js +322 -0
package/bin/runners/lib/agent-firewall/risk/vectors.js +421 -0
package/bin/runners/lib/agent-firewall/session/collector.js +451 -0
package/bin/runners/lib/agent-firewall/session/index.js +26 -0
package/bin/runners/lib/agent-firewall/simulator/diff-simulator.js +472 -0
package/bin/runners/lib/agent-firewall/simulator/import-resolver.js +346 -0
package/bin/runners/lib/agent-firewall/simulator/index.js +181 -0
package/bin/runners/lib/agent-firewall/simulator/route-validator.js +380 -0
package/bin/runners/lib/agent-firewall/time-machine/incident-correlator.js +661 -0
package/bin/runners/lib/agent-firewall/time-machine/index.js +267 -0
package/bin/runners/lib/agent-firewall/time-machine/replay-engine.js +436 -0
package/bin/runners/lib/agent-firewall/time-machine/state-reconstructor.js +490 -0
package/bin/runners/lib/agent-firewall/time-machine/timeline-builder.js +530 -0
package/bin/runners/lib/agent-firewall/truthpack/index.js +67 -0
package/bin/runners/lib/agent-firewall/truthpack/loader.js +137 -0
package/bin/runners/lib/agent-firewall/unblock/planner.js +337 -0
package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +118 -0
package/bin/runners/lib/ai-bridge.js +416 -0
package/bin/runners/lib/analysis-core.js +309 -0
package/bin/runners/lib/analyzers.js +2500 -0
package/bin/runners/lib/api-client.js +269 -0
package/bin/runners/lib/approve-output.js +235 -0
package/bin/runners/lib/artifact-envelope.js +540 -0
package/bin/runners/lib/assets/vibecheck-logo.png +0 -0
package/bin/runners/lib/audit-bridge.js +391 -0
package/bin/runners/lib/auth-shared.js +977 -0
package/bin/runners/lib/auth-truth.js +193 -0
package/bin/runners/lib/auth.js +215 -0
package/bin/runners/lib/authority-badge.js +425 -0
package/bin/runners/lib/backup.js +62 -0
package/bin/runners/lib/billing.js +107 -0
package/bin/runners/lib/checkpoint.js +941 -0
package/bin/runners/lib/claims.js +118 -0
package/bin/runners/lib/classify-output.js +204 -0
package/bin/runners/lib/cleanup/engine.js +571 -0
package/bin/runners/lib/cleanup/index.js +53 -0
package/bin/runners/lib/cleanup/output.js +375 -0
package/bin/runners/lib/cleanup/rules.js +1060 -0
package/bin/runners/lib/cli-output.js +400 -0
package/bin/runners/lib/cli-ui.js +540 -0
package/bin/runners/lib/compliance-bridge-new.js +0 -0
package/bin/runners/lib/compliance-bridge.js +165 -0
package/bin/runners/lib/contracts/auth-contract.js +202 -0
package/bin/runners/lib/contracts/env-contract.js +181 -0
package/bin/runners/lib/contracts/external-contract.js +206 -0
package/bin/runners/lib/contracts/guard.js +168 -0
package/bin/runners/lib/contracts/index.js +89 -0
package/bin/runners/lib/contracts/plan-validator.js +311 -0
package/bin/runners/lib/contracts/route-contract.js +199 -0
package/bin/runners/lib/contracts.js +804 -0
package/bin/runners/lib/default-config.js +127 -0
package/bin/runners/lib/detect.js +89 -0
package/bin/runners/lib/detectors-v2.js +622 -0
package/bin/runners/lib/doctor/autofix.js +254 -0
package/bin/runners/lib/doctor/diagnosis-receipt.js +454 -0
package/bin/runners/lib/doctor/failure-signatures.js +526 -0
package/bin/runners/lib/doctor/fix-script.js +336 -0
package/bin/runners/lib/doctor/index.js +37 -0
package/bin/runners/lib/doctor/modules/build-tools.js +453 -0
package/bin/runners/lib/doctor/modules/dependencies.js +325 -0
package/bin/runners/lib/doctor/modules/index.js +105 -0
package/bin/runners/lib/doctor/modules/network.js +250 -0
package/bin/runners/lib/doctor/modules/os-quirks.js +706 -0
package/bin/runners/lib/doctor/modules/project.js +312 -0
package/bin/runners/lib/doctor/modules/repo-integrity.js +485 -0
package/bin/runners/lib/doctor/modules/runtime.js +224 -0
package/bin/runners/lib/doctor/modules/security.js +350 -0
package/bin/runners/lib/doctor/modules/system.js +213 -0
package/bin/runners/lib/doctor/modules/vibecheck.js +394 -0
package/bin/runners/lib/doctor/reporter.js +262 -0
package/bin/runners/lib/doctor/safe-repair.js +384 -0
package/bin/runners/lib/doctor/service.js +262 -0
package/bin/runners/lib/doctor/types.js +113 -0
package/bin/runners/lib/doctor/ui.js +263 -0
package/bin/runners/lib/doctor-enhanced.js +233 -0
package/bin/runners/lib/doctor-output.js +226 -0
package/bin/runners/lib/doctor-v2.js +608 -0
package/bin/runners/lib/drift.js +425 -0
package/bin/runners/lib/enforcement.js +72 -0
package/bin/runners/lib/engine/ast-cache.js +210 -0
package/bin/runners/lib/engine/auth-extractor.js +211 -0
package/bin/runners/lib/engine/billing-extractor.js +112 -0
package/bin/runners/lib/engine/enforcement-extractor.js +100 -0
package/bin/runners/lib/engine/env-extractor.js +207 -0
package/bin/runners/lib/engine/express-extractor.js +208 -0
package/bin/runners/lib/engine/extractors.js +849 -0
package/bin/runners/lib/engine/index.js +207 -0
package/bin/runners/lib/engine/repo-index.js +514 -0
package/bin/runners/lib/engine/types.js +124 -0
package/bin/runners/lib/engines/accessibility-engine.js +190 -0
package/bin/runners/lib/engines/api-consistency-engine.js +162 -0
package/bin/runners/lib/engines/ast-cache.js +99 -0
package/bin/runners/lib/engines/attack-detector.js +1192 -0
package/bin/runners/lib/engines/code-quality-engine.js +255 -0
package/bin/runners/lib/engines/console-logs-engine.js +115 -0
package/bin/runners/lib/engines/cross-file-analysis-engine.js +268 -0
package/bin/runners/lib/engines/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/deprecated-api-engine.js +226 -0
package/bin/runners/lib/engines/empty-catch-engine.js +150 -0
package/bin/runners/lib/engines/file-filter.js +131 -0
package/bin/runners/lib/engines/hardcoded-secrets-engine.js +251 -0
package/bin/runners/lib/engines/mock-data-engine.js +272 -0
package/bin/runners/lib/engines/parallel-processor.js +71 -0
package/bin/runners/lib/engines/performance-issues-engine.js +265 -0
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +243 -0
package/bin/runners/lib/engines/todo-fixme-engine.js +115 -0
package/bin/runners/lib/engines/type-aware-engine.js +152 -0
package/bin/runners/lib/engines/unsafe-regex-engine.js +225 -0
package/bin/runners/lib/engines/vibecheck-engines/README.md +53 -0
package/bin/runners/lib/engines/vibecheck-engines/index.js +15 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +291 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +83 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +275 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +167 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +139 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +140 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +234 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +78 -0
package/bin/runners/lib/engines/vibecheck-engines/package.json +13 -0
package/bin/runners/lib/enterprise-detect.js +603 -0
package/bin/runners/lib/enterprise-init.js +942 -0
package/bin/runners/lib/entitlements-v2.js +265 -0
package/bin/runners/lib/entitlements.generated.js +0 -0
package/bin/runners/lib/entitlements.js +340 -0
package/bin/runners/lib/env-resolver.js +417 -0
package/bin/runners/lib/env-template.js +66 -0
package/bin/runners/lib/env.js +189 -0
package/bin/runners/lib/error-handler.js +368 -0
package/bin/runners/lib/error-messages.js +289 -0
package/bin/runners/lib/evidence-pack.js +684 -0
package/bin/runners/lib/exit-codes.js +275 -0
package/bin/runners/lib/extractors/client-calls.js +990 -0
package/bin/runners/lib/extractors/fastify-route-dump.js +573 -0
package/bin/runners/lib/extractors/fastify-routes.js +426 -0
package/bin/runners/lib/extractors/index.js +363 -0
package/bin/runners/lib/extractors/next-routes.js +524 -0
package/bin/runners/lib/extractors/proof-graph.js +431 -0
package/bin/runners/lib/extractors/route-matcher.js +451 -0
package/bin/runners/lib/extractors/truthpack-v2.js +377 -0
package/bin/runners/lib/extractors/ui-bindings.js +547 -0
package/bin/runners/lib/finding-id.js +69 -0
package/bin/runners/lib/finding-sorter.js +89 -0
package/bin/runners/lib/findings-schema.js +281 -0
package/bin/runners/lib/fingerprint.js +377 -0
package/bin/runners/lib/firewall-prompt.js +50 -0
package/bin/runners/lib/fix-output.js +228 -0
package/bin/runners/lib/global-flags.js +250 -0
package/bin/runners/lib/graph/graph-builder.js +265 -0
package/bin/runners/lib/graph/html-renderer.js +413 -0
package/bin/runners/lib/graph/index.js +32 -0
package/bin/runners/lib/graph/runtime-collector.js +215 -0
package/bin/runners/lib/graph/static-extractor.js +518 -0
package/bin/runners/lib/help-formatter.js +413 -0
package/bin/runners/lib/html-proof-report.js +913 -0
package/bin/runners/lib/html-report.js +650 -0
package/bin/runners/lib/init-wizard.js +601 -0
package/bin/runners/lib/interactive-menu.js +1496 -0
package/bin/runners/lib/json-output.js +76 -0
package/bin/runners/lib/llm.js +75 -0
package/bin/runners/lib/logger.js +38 -0
package/bin/runners/lib/meter.js +61 -0
package/bin/runners/lib/missions/briefing.js +427 -0
package/bin/runners/lib/missions/checkpoint.js +753 -0
package/bin/runners/lib/missions/evidence.js +126 -0
package/bin/runners/lib/missions/hardening.js +851 -0
package/bin/runners/lib/missions/plan.js +648 -0
package/bin/runners/lib/missions/safety-gates.js +645 -0
package/bin/runners/lib/missions/schema.js +478 -0
package/bin/runners/lib/missions/templates.js +317 -0
package/bin/runners/lib/next-action.js +560 -0
package/bin/runners/lib/packs/bundle.js +675 -0
package/bin/runners/lib/packs/evidence-pack.js +671 -0
package/bin/runners/lib/packs/pack-factory.js +837 -0
package/bin/runners/lib/packs/permissions-pack.js +686 -0
package/bin/runners/lib/packs/proof-graph-pack.js +779 -0
package/bin/runners/lib/patch.js +40 -0
package/bin/runners/lib/permissions/auth-model.js +213 -0
package/bin/runners/lib/permissions/idor-prover.js +205 -0
package/bin/runners/lib/permissions/index.js +45 -0
package/bin/runners/lib/permissions/matrix-builder.js +198 -0
package/bin/runners/lib/pkgjson.js +28 -0
package/bin/runners/lib/policy.js +295 -0
package/bin/runners/lib/polish/accessibility.js +62 -0
package/bin/runners/lib/polish/analyzer.js +93 -0
package/bin/runners/lib/polish/backend.js +87 -0
package/bin/runners/lib/polish/configuration.js +83 -0
package/bin/runners/lib/polish/documentation.js +83 -0
package/bin/runners/lib/polish/frontend.js +817 -0
package/bin/runners/lib/polish/index.js +27 -0
package/bin/runners/lib/polish/infrastructure.js +80 -0
package/bin/runners/lib/polish/internationalization.js +85 -0
package/bin/runners/lib/polish/libraries.js +180 -0
package/bin/runners/lib/polish/observability.js +75 -0
package/bin/runners/lib/polish/performance.js +64 -0
package/bin/runners/lib/polish/privacy.js +110 -0
package/bin/runners/lib/polish/resilience.js +92 -0
package/bin/runners/lib/polish/security.js +78 -0
package/bin/runners/lib/polish/seo.js +71 -0
package/bin/runners/lib/polish/styles.js +62 -0
package/bin/runners/lib/polish/utils.js +104 -0
package/bin/runners/lib/preflight.js +142 -0
package/bin/runners/lib/prerequisites.js +149 -0
package/bin/runners/lib/prove-output.js +220 -0
package/bin/runners/lib/reality/correlation-detectors.js +359 -0
package/bin/runners/lib/reality/index.js +318 -0
package/bin/runners/lib/reality/request-hashing.js +416 -0
package/bin/runners/lib/reality/request-mapper.js +453 -0
package/bin/runners/lib/reality/safety-rails.js +463 -0
package/bin/runners/lib/reality/semantic-snapshot.js +408 -0
package/bin/runners/lib/reality/toast-detector.js +393 -0
package/bin/runners/lib/reality-findings.js +84 -0
package/bin/runners/lib/reality-output.js +231 -0
package/bin/runners/lib/receipts.js +179 -0
package/bin/runners/lib/redact.js +29 -0
package/bin/runners/lib/replay/capsule-manager.js +154 -0
package/bin/runners/lib/replay/index.js +263 -0
package/bin/runners/lib/replay/player.js +348 -0
package/bin/runners/lib/replay/recorder.js +331 -0
package/bin/runners/lib/report-engine.js +626 -0
package/bin/runners/lib/report-html.js +1233 -0
package/bin/runners/lib/report-output.js +366 -0
package/bin/runners/lib/report-templates.js +967 -0
package/bin/runners/lib/report.js +135 -0
package/bin/runners/lib/route-detection.js +1209 -0
package/bin/runners/lib/route-truth.js +1322 -0
package/bin/runners/lib/safelist/index.js +96 -0
package/bin/runners/lib/safelist/integration.js +334 -0
package/bin/runners/lib/safelist/matcher.js +696 -0
package/bin/runners/lib/safelist/schema.js +948 -0
package/bin/runners/lib/safelist/store.js +438 -0
package/bin/runners/lib/sandbox/index.js +59 -0
package/bin/runners/lib/sandbox/proof-chain.js +399 -0
package/bin/runners/lib/sandbox/sandbox-runner.js +205 -0
package/bin/runners/lib/sandbox/worktree.js +174 -0
package/bin/runners/lib/scan-cache.js +330 -0
package/bin/runners/lib/scan-output-schema.js +344 -0
package/bin/runners/lib/scan-output.js +631 -0
package/bin/runners/lib/scan-runner.js +135 -0
package/bin/runners/lib/schema-validator.js +350 -0
package/bin/runners/lib/schemas/ajv-validator.js +464 -0
package/bin/runners/lib/schemas/contracts.schema.json +160 -0
package/bin/runners/lib/schemas/error-envelope.schema.json +105 -0
package/bin/runners/lib/schemas/finding-v3.schema.json +151 -0
package/bin/runners/lib/schemas/finding.schema.json +100 -0
package/bin/runners/lib/schemas/mission-pack.schema.json +206 -0
package/bin/runners/lib/schemas/proof-graph.schema.json +176 -0
package/bin/runners/lib/schemas/reality-report.schema.json +162 -0
package/bin/runners/lib/schemas/report-artifact.schema.json +120 -0
package/bin/runners/lib/schemas/run-request.schema.json +108 -0
package/bin/runners/lib/schemas/share-pack.schema.json +180 -0
package/bin/runners/lib/schemas/ship-manifest.schema.json +251 -0
package/bin/runners/lib/schemas/ship-report.schema.json +117 -0
package/bin/runners/lib/schemas/truthpack-v2.schema.json +303 -0
package/bin/runners/lib/schemas/validator.js +465 -0
package/bin/runners/lib/schemas/verdict.schema.json +140 -0
package/bin/runners/lib/score-history.js +282 -0
package/bin/runners/lib/security-bridge.js +249 -0
package/bin/runners/lib/server-usage.js +513 -0
package/bin/runners/lib/share-pack.js +239 -0
package/bin/runners/lib/ship-gate.js +832 -0
package/bin/runners/lib/ship-manifest.js +1153 -0
package/bin/runners/lib/ship-output-enterprise.js +239 -0
package/bin/runners/lib/ship-output.js +1128 -0
package/bin/runners/lib/snippets.js +67 -0
package/bin/runners/lib/status-output.js +340 -0
package/bin/runners/lib/terminal-ui.js +356 -0
package/bin/runners/lib/truth.js +1691 -0
package/bin/runners/lib/ui.js +562 -0
package/bin/runners/lib/unified-cli-output.js +947 -0
package/bin/runners/lib/unified-output.js +197 -0
package/bin/runners/lib/upsell.js +410 -0
package/bin/runners/lib/usage.js +153 -0
package/bin/runners/lib/validate-patch.js +156 -0
package/bin/runners/lib/verdict-engine.js +628 -0
package/bin/runners/lib/verification.js +345 -0
package/bin/runners/lib/why-tree.js +650 -0
package/bin/runners/reality/engine.js +917 -0
package/bin/runners/reality/flows.js +122 -0
package/bin/runners/reality/report.js +378 -0
package/bin/runners/reality/session.js +193 -0
package/bin/runners/runAIAgent.js +229 -0
package/bin/runners/runAgent.d.ts +5 -0
package/bin/runners/runAgent.js +161 -0
package/bin/runners/runAllowlist.js +418 -0
package/bin/runners/runApprove.js +320 -0
package/bin/runners/runAudit.js +692 -0
package/bin/runners/runAuth.js +731 -0
package/bin/runners/runCI.js +353 -0
package/bin/runners/runCheckpoint.js +530 -0
package/bin/runners/runClassify.js +928 -0
package/bin/runners/runCleanup.js +343 -0
package/bin/runners/runContext.d.ts +4 -0
package/bin/runners/runContext.js +175 -0
package/bin/runners/runDoctor.js +877 -0
package/bin/runners/runEvidencePack.js +362 -0
package/bin/runners/runFirewall.d.ts +5 -0
package/bin/runners/runFirewall.js +134 -0
package/bin/runners/runFirewallHook.d.ts +5 -0
package/bin/runners/runFirewallHook.js +56 -0
package/bin/runners/runFix.js +1355 -0
package/bin/runners/runForge.js +380 -0
package/bin/runners/runGuard.js +262 -0
package/bin/runners/runInit.js +1927 -0
package/bin/runners/runIntent.js +906 -0
package/bin/runners/runKickoff.js +878 -0
package/bin/runners/runLabs.js +424 -0
package/bin/runners/runLaunch.js +2000 -0
package/bin/runners/runLink.js +785 -0
package/bin/runners/runMcp.js +1875 -0
package/bin/runners/runPacks.js +2089 -0
package/bin/runners/runPolish.d.ts +4 -0
package/bin/runners/runPolish.js +390 -0
package/bin/runners/runPromptFirewall.js +211 -0
package/bin/runners/runProve.js +1411 -0
package/bin/runners/runQuickstart.js +531 -0
package/bin/runners/runReality.js +2260 -0
package/bin/runners/runReport.js +726 -0
package/bin/runners/runRuntime.js +110 -0
package/bin/runners/runSafelist.js +1190 -0
package/bin/runners/runScan.js +688 -0
package/bin/runners/runShield.js +1282 -0
package/bin/runners/runShip.js +1660 -0
package/bin/runners/runTruth.d.ts +5 -0
package/bin/runners/runTruth.js +101 -0
package/bin/runners/runValidate.js +179 -0
package/bin/runners/runWatch.js +478 -0
package/bin/runners/utils.js +360 -0
package/bin/scan.js +617 -0
package/bin/vibecheck.js +1617 -0
package/dist/guardrail/index.d.ts +2405 -0
package/dist/guardrail/index.js +9747 -0
package/dist/guardrail/index.js.map +1 -0
package/dist/scanner/index.d.ts +282 -0
package/dist/scanner/index.js +3395 -0
package/dist/scanner/index.js.map +1 -0
package/package.json +123 -104
package/README.md +0 -491
package/dist/index.js +0 -99711
package/dist/index.js.map +0 -1

package/bin/runners/lib/entitlements-v2.js ADDED Viewed

@@ -0,0 +1,265 @@
+/**
+ * VibeCheck Entitlements
+ *
+ * Simple 2-tier model:
+ * - FREE ($0): Inspect & Observe
+ * - PRO ($49/mo): Fix, Prove & Enforce
+ */
+"use strict";
+const fs = require("fs");
+const path = require("path");
+const os = require("os");
+// ============================================================================
+// EXIT CODES
+// ============================================================================
+const EXIT_SUCCESS = 0;
+const EXIT_FEATURE_NOT_ALLOWED = 3;
+// ============================================================================
+// TIERS
+// ============================================================================
+const TIERS = {
+  free: { name: "FREE", price: 0 },
+  pro: { name: "PRO", price: 69 },
+};
+// ============================================================================
+// GATED FEATURES
+// ============================================================================
+const FREE_FEATURES = [
+  // Setup & environment
+  "init", "doctor", "install", "status", "watch", "preflight",
+  // Scan & analysis
+  "scan", "runtime",
+  // AI verification
+  "ctx", "contracts", "verify",
+  // Reports
+  "report", "export",
+  // Account
+  "login", "logout", "whoami",
+  // Preview modes
+  "reality.preview", "firewall.observe",
+  // Misc
+  "labs", "mdc",
+];
+const PRO_FEATURES = [
+  // CI/CD & PR
+  "gate", "pr", "badge", "ship",
+  // Fixes
+  "fix", "fix.apply", "fix.analyze", "fix.diff", "fix.rules", "scan.autofix",
+  // Prove & verify
+  "prove", "replay", "permissions", "graph", "ai-test", "share",
+  // Advanced
+  "checkpoint", "polish", "guard", "context",
+  // Full modes
+  "firewall.enforce", "reality.full", "mcp.full",
+  // All FREE features
+  ...FREE_FEATURES,
+];
+/**
+ * Check if developer mode bypass is allowed.
+ *
+ * SECURITY: VIBECHECK_DEV_PRO is ONLY allowed in non-production environments.
+ * This prevents environment variable injection from granting PRO access in production.
+ *
+ * @returns {boolean} True only if in development AND VIBECHECK_DEV_PRO=1
+ */
+function isDevProBypassAllowed() {
+  // SECURITY: Never allow dev bypass in production
+  if (process.env.NODE_ENV === "production") {
+    return false;
+  }
+  // Also block in CI environments to prevent pipeline exploitation
+  if (process.env.CI === "true" || process.env.CI === "1") {
+    return false;
+  }
+  return process.env.VIBECHECK_DEV_PRO === "1";
+}
+function isPro(tier) {
+  // Developer mode bypass (blocked in production)
+  if (isDevProBypassAllowed()) return true;
+  return tier === "pro";
+}
+function tierHasFeature(tier, feature) {
+  // Developer mode bypass - grant all features (blocked in production)
+  if (isDevProBypassAllowed()) return true;
+  if (tier === "pro") return true; // PRO has everything
+  return FREE_FEATURES.includes(feature);
+}
+// ============================================================================
+// API
+// ============================================================================
+const API_BASE_URL = process.env.VIBECHECK_API_URL || "https://api.vibecheckai.dev";
+let _cachedTier = null;
+let _cachedTierExpiry = 0;
+async function getTier(options = {}) {
+  const { apiKey, forceRefresh = false } = options;
+  // Developer mode: VIBECHECK_DEV_PRO=1 grants pro tier for local development
+  // SECURITY: This bypass is blocked in production environments
+  if (isDevProBypassAllowed()) {
+    _cachedTier = "pro";
+    _cachedTierExpiry = Date.now() + 86400000; // 24 hours
+    return "pro";
+  }
+  if (!forceRefresh && _cachedTier && Date.now() < _cachedTierExpiry) {
+    return _cachedTier;
+  }
+  if (!apiKey) {
+    _cachedTier = "free";
+    _cachedTierExpiry = Date.now() + 300000;
+    return "free";
+  }
+  try {
+    const res = await fetch(`${API_BASE_URL}/v1/auth/whoami`, {
+      method: "GET",
+      headers: { "Authorization": `Bearer ${apiKey}` },
+      signal: AbortSignal.timeout(5000),
+    });
+    if (res.ok) {
+      const data = await res.json();
+      // Map any paid tier to 'pro'
+      const plan = data.plan || data.tier || "free";
+      _cachedTier = (plan === "free") ? "free" : "pro";
+      _cachedTierExpiry = Date.now() + 300000;
+      return _cachedTier;
+    }
+  } catch {
+    // Network error - default to free
+  }
+  return "free";
+}
+// ============================================================================
+// ENFORCE
+// ============================================================================
+async function enforce(feature, options = {}) {
+  const { apiKey, silent = false } = options;
+  const tier = await getTier({ apiKey });
+  const hasAccess = tierHasFeature(tier, feature);
+  if (hasAccess) {
+    return { allowed: true, tier };
+  }
+  const message = formatUpgradeMessage(feature);
+  if (!silent) {
+    console.error(message);
+  }
+  return {
+    allowed: false,
+    tier,
+    exitCode: EXIT_FEATURE_NOT_ALLOWED,
+    message,
+  };
+}
+async function enforceOrExit(feature, options = {}) {
+  const result = await enforce(feature, options);
+  if (!result.allowed) {
+    process.exit(result.exitCode);
+  }
+  return result;
+}
+async function checkCommand(command, options = {}) {
+  return enforce(command, { ...options, silent: true });
+}
+// ============================================================================
+// MESSAGING
+// ============================================================================
+const c = {
+  reset: "\x1b[0m",
+  bold: "\x1b[1m",
+  cyan: "\x1b[36m",
+  yellow: "\x1b[33m",
+};
+function formatUpgradeMessage(feature) {
+  return `
+${c.bold}This feature requires Pro.${c.reset}
+${c.yellow}${feature}${c.reset} is a Pro feature.
+Upgrade to Pro ($49/mo) to unlock Fix, Prove & Enforce capabilities.
+  vibecheck upgrade
+  https://vibecheckai.dev/pricing
+`;
+}
+// ============================================================================
+// TIER LIMITS
+// ============================================================================
+const TIER_LIMITS = {
+  free: {
+    reportFormats: ["html", "md", "json"],
+    maxScansPerMonth: 100,
+    maxFilesPerScan: 1000,
+  },
+  pro: {
+    reportFormats: ["html", "md", "json", "sarif", "csv", "pdf"],
+    maxScansPerMonth: -1, // unlimited
+    maxFilesPerScan: -1,  // unlimited
+  },
+};
+/**
+ * Get limits for a tier
+ */
+function getLimits(tier) {
+  return TIER_LIMITS[tier] || TIER_LIMITS.free;
+}
+/**
+ * Check if current tier meets minimum required tier
+ */
+function tierMeetsMinimum(current, required) {
+  const tierOrder = ['free', 'pro'];
+  const currentIndex = tierOrder.indexOf(current);
+  const requiredIndex = tierOrder.indexOf(required);
+  return currentIndex >= requiredIndex;
+}
+// ============================================================================
+// EXPORTS
+// ============================================================================
+module.exports = {
+  // Core
+  getTier,
+  enforce,
+  enforceOrExit,
+  checkCommand,
+  // Helpers
+  isPro,
+  tierHasFeature,
+  getLimits,
+  tierMeetsMinimum,
+  // Constants
+  TIERS,
+  TIER_LIMITS,
+  FREE_FEATURES,
+  PRO_FEATURES,
+  EXIT_SUCCESS,
+  EXIT_FEATURE_NOT_ALLOWED,
+};

package/bin/runners/lib/entitlements.generated.js ADDED Viewed

File without changes

package/bin/runners/lib/entitlements.js ADDED Viewed

@@ -0,0 +1,340 @@
+/**
+ * Entitlements System - CLI Wrapper
+ *
+ * @deprecated Use entitlements-v2.js for new code. This module wraps @vibecheck/core
+ * and is kept for backward compatibility only.
+ *
+ * ⚠️  AUTO-GENERATED FILE - DO NOT EDIT DIRECTLY
+ *
+ * This file wraps the canonical entitlements implementation from @vibecheck/core.
+ * The source of truth is packages/core/src/entitlements.ts
+ *
+ * To modify entitlements logic, edit packages/core/src/entitlements.ts
+ * then run `pnpm build` in packages/core.
+ *
+ * This wrapper exists to:
+ * 1. Provide CommonJS exports for CLI runners
+ * 2. Add CLI-specific functionality (server-usage integration)
+ * 3. Maintain backward compatibility with existing CLI code
+ */
+"use strict";
+// Import from compiled @vibecheck/core
+let coreEntitlements;
+let usingFallback = false;
+try {
+  coreEntitlements = require("@vibecheck/core");
+} catch (e) {
+  // Fallback for development: try direct path
+  try {
+    coreEntitlements = require("../../../packages/dist-core/index.js");
+  } catch (e2) {
+    // Silent fallback - only show warning in verbose mode or when DEBUG is set
+    if (process.env.DEBUG || process.env.VIBECHECK_DEBUG) {
+      console.error(
+        "[entitlements] Using fallback mode. Run `pnpm build` in packages/core for full features.",
+      );
+    }
+    usingFallback = true;
+    // Provide minimal fallback
+    coreEntitlements = {
+      TIER_CONFIG: {},
+      SEAT_PRICING: {},
+      entitlements: {
+        getCurrentTier: async () => "free",
+        checkFeature: async () => ({ allowed: true }),
+        checkLimit: async () => ({ allowed: true }),
+        enforceFeature: async () => {},
+        enforceLimit: async () => {},
+        trackUsage: async () => {},
+        getUsageSummary: async () => "Usage summary unavailable",
+        getTierConfig: () => ({}),
+        checkSeatLimit: () => ({ allowed: true, effectiveSeats: 1 }),
+      },
+      calculateEffectiveSeats: () => 1,
+      canAddMember: () => ({ allowed: true }),
+      formatSeatInfo: () => "1 seat",
+      validateSeatReduction: () => ({ safe: true }),
+    };
+  }
+}
+// Import server-usage for CLI-specific server-authoritative enforcement
+const { serverUsage } = require("./server-usage");
+// Re-export everything from core
+const {
+  TIER_CONFIG,
+  SEAT_PRICING,
+  entitlements,
+  calculateEffectiveSeats,
+  canAddMember,
+  formatSeatInfo,
+  validateSeatReduction,
+  isValidTier,
+  getTierConfig,
+  getMinimumTierForFeature,
+} = coreEntitlements;
+// ============================================================================
+// CLI-SPECIFIC WRAPPER
+// ============================================================================
+/**
+ * CLI Entitlements Manager
+ * Wraps core entitlements with CLI-specific server-authoritative checks
+ */
+class CLIEntitlementsManager {
+  constructor(coreManager) {
+    this._core = coreManager;
+  }
+  async getCurrentTier() {
+    return this._core.getCurrentTier();
+  }
+  async checkFeature(feature) {
+    return this._core.checkFeature(feature);
+  }
+  /**
+   * Check usage limits - SERVER-AUTHORITATIVE for CLI
+   */
+  async checkLimit(limitType) {
+    // Map old limit types to new action types
+    const actionMap = {
+      scans: "scan",
+      realityRuns: "reality",
+      aiAgentRuns: "agent",
+    };
+    const actionType = actionMap[limitType] || limitType;
+    // Use server-authoritative check
+    try {
+      const result = await serverUsage.checkUsage(actionType);
+      if (result.allowed) {
+        return {
+          allowed: true,
+          usage: result.current,
+          limit: result.limit === -1 ? Infinity : result.limit,
+          source: result.source,
+        };
+      }
+      const tier = await this.getCurrentTier();
+      return {
+        allowed: false,
+        reason:
+          result.reason ||
+          `Monthly ${limitType} limit reached (${result.current}/${result.limit})`,
+        usage: result.current,
+        limit: result.limit,
+        upgradePrompt: this._core.formatLimitUpgradePrompt(
+          tier,
+          limitType,
+          result.current,
+          result.limit,
+        ),
+        source: result.source,
+      };
+    } catch (error) {
+      // Fallback to core check if server is unreachable
+      return this._core.checkLimit(limitType);
+    }
+  }
+  /**
+   * Track usage - SERVER-AUTHORITATIVE for CLI
+   */
+  async trackUsage(type, count = 1) {
+    // Map old types to new action types
+    const actionMap = {
+      scans: "scan",
+      realityRuns: "reality",
+      aiAgentRuns: "agent",
+      gateRuns: "gate",
+      fixRuns: "fix",
+    };
+    const actionType = actionMap[type] || type;
+    // Record on server (authoritative)
+    try {
+      const result = await serverUsage.recordUsage(actionType, count);
+      // Also update local via core
+      await this._core.trackUsage(type, count);
+      return result;
+    } catch (error) {
+      // Still update local, mark as unsynced
+      await this._core.trackUsage(type, count);
+      return { success: false, error: error.message, queued: true };
+    }
+  }
+  async enforceFeature(feature) {
+    return this._core.enforceFeature(feature);
+  }
+  /**
+   * Enforce usage limits - SERVER-AUTHORITATIVE for CLI
+   */
+  async enforceLimit(limitType) {
+    // Check if sync is required first
+    const needsSync = await serverUsage.requiresSync();
+    if (needsSync) {
+      const syncResult = await serverUsage.syncOfflineUsage();
+      if (syncResult.error) {
+        // Allow offline mode by default - CLI should work without internet
+        console.warn(
+          "\x1b[33mWarning: Could not connect to vibecheck API, using offline mode\x1b[0m\n",
+        );
+        return { allowed: true, source: "offline" };
+      }
+    }
+    const check = await this.checkLimit(limitType);
+    if (!check.allowed) {
+      const error = new Error(check.reason);
+      error.code = "LIMIT_EXCEEDED";
+      error.upgradePrompt = check.upgradePrompt;
+      error.usage = check.usage;
+      error.limit = check.limit;
+      throw error;
+    }
+    return check;
+  }
+  async getUsageSummary() {
+    // Try to get server-authoritative summary
+    try {
+      const serverSummary = await serverUsage.getUsageSummary();
+      if (serverSummary.success !== false && serverSummary.usage) {
+        const tier = serverSummary.tier || (await this.getCurrentTier());
+        const config = TIER_CONFIG[tier];
+        const limits = serverSummary.limits || config.limits;
+        const formatLimit = (current, limit) => {
+          if (limit === -1) return `${current} (unlimited)`;
+          const pct = Math.round((current / limit) * 100);
+          const bar = this.progressBar(pct);
+          return `${current}/${limit} ${bar} ${pct}%`;
+        };
+        const lines = [
+          "",
+          `\x1b[1m📊 Usage Summary\x1b[0m (\x1b[36m${config.name}\x1b[0m tier - $${config.price}/mo)`,
+          "\x1b[90m" + "─".repeat(50) + "\x1b[0m",
+          `Scans:        ${formatLimit(serverSummary.usage.scan || 0, limits.scans || limits.scansPerMonth)}`,
+          `Reality Runs: ${formatLimit(serverSummary.usage.reality || 0, limits.reality || limits.realityRunsPerMonth)}`,
+          `AI Agent:     ${formatLimit(serverSummary.usage.agent || 0, limits.agent || limits.aiAgentRunsPerMonth)}`,
+          `Team Seats:   ${formatSeatInfo(tier)}`,
+          "\x1b[90m" + "─".repeat(50) + "\x1b[0m",
+        ];
+        if (serverSummary.period) {
+          lines.push(
+            `Period: ${serverSummary.period.start.split("T")[0]} to ${serverSummary.period.end.split("T")[0]}`,
+          );
+        }
+        if (serverSummary.pendingOffline > 0) {
+          lines.push(
+            `\x1b[33m⚠ ${serverSummary.pendingOffline} action(s) pending sync\x1b[0m`,
+          );
+        }
+        lines.push(
+          `\x1b[90mSource: ${serverSummary.source || "server"}\x1b[0m`,
+        );
+        lines.push("");
+        return lines.join("\n");
+      }
+    } catch {
+      // Fall through to core summary
+    }
+    return this._core.getUsageSummary();
+  }
+  getTierConfig(tier) {
+    return this._core.getTierConfig(tier);
+  }
+  getAllTiers() {
+    return this._core.getAllTiers();
+  }
+  // Seat management
+  checkSeatLimit(tier, currentMemberCount, purchasedExtraSeats) {
+    return this._core.checkSeatLimit(
+      tier,
+      currentMemberCount,
+      purchasedExtraSeats,
+    );
+  }
+  getOrganizationSeats(tier, purchasedExtraSeats, currentMembers) {
+    return this._core.getOrganizationSeats(
+      tier,
+      purchasedExtraSeats,
+      currentMembers,
+    );
+  }
+  progressBar(percent) {
+    const filled = Math.min(10, Math.round(percent / 10));
+    const empty = 10 - filled;
+    return `[${"█".repeat(filled)}${"░".repeat(empty)}]`;
+  }
+}
+// Create CLI-specific wrapper
+const cliEntitlements = new CLIEntitlementsManager(entitlements);
+// ============================================================================
+// EXPORTS
+// ============================================================================
+module.exports = {
+  // Main entitlements instance (CLI wrapper)
+  entitlements: cliEntitlements,
+  // Tier configuration
+  TIER_CONFIG,
+  SEAT_PRICING,
+  // Convenience functions
+  checkFeature: (feature) => cliEntitlements.checkFeature(feature),
+  checkLimit: (limitType) => cliEntitlements.checkLimit(limitType),
+  enforceFeature: (feature) => cliEntitlements.enforceFeature(feature),
+  enforceLimit: (limitType) => cliEntitlements.enforceLimit(limitType),
+  trackUsage: (type, count) => cliEntitlements.trackUsage(type, count),
+  getCurrentTier: () => cliEntitlements.getCurrentTier(),
+  getUsageSummary: () => cliEntitlements.getUsageSummary(),
+  getTierConfig: (tier) => cliEntitlements.getTierConfig(tier),
+  // Seat management
+  checkSeatLimit: (tier, currentMemberCount, purchasedExtraSeats) =>
+    cliEntitlements.checkSeatLimit(
+      tier,
+      currentMemberCount,
+      purchasedExtraSeats,
+    ),
+  calculateEffectiveSeats,
+  canAddMember,
+  formatSeatInfo,
+  validateSeatReduction,
+  // Tier helpers
+  isValidTier,
+  getMinimumTierForFeature,
+  // Server-authoritative usage enforcement
+  serverUsage,
+  syncOfflineUsage: () => serverUsage.syncOfflineUsage(),
+  requiresSync: () => serverUsage.requiresSync(),
+};