vibecheck-ai 5.0.1 → 5.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/scanner/index.d.ts +95 -3
  2. package/dist/scanner/index.js +1167 -15
  3. package/dist/scanner/index.js.map +1 -1
  4. package/package.json +1 -1
package/dist/scanner/index.d.ts CHANGED
@@ -112,6 +112,26 @@ interface ScanReport {
112
112
  filesPerSecond: number;
113
113
  engineTimings: Record<string, number>;
114
114
  };
115
+ /** ISL spec compliance (if spec.isl exists) */
116
+ specCompliance?: {
117
+ specFound: boolean;
118
+ domain: string;
119
+ score: number;
120
+ summary: {
121
+ totalChecks: number;
122
+ passed: number;
123
+ failed: number;
124
+ warnings: number;
125
+ };
126
+ checks: Array<{
127
+ type: 'behavior' | 'entity' | 'policy';
128
+ name: string;
129
+ status: 'pass' | 'fail' | 'warn';
130
+ message: string;
131
+ specLine: number;
132
+ matchedFiles?: string[];
133
+ }>;
134
+ };
115
135
  }
116
136
  interface EngineResult {
117
137
  engine: string;
@@ -247,18 +267,90 @@ declare function getRuleOrDefault(ruleId: string): RuleDefinition;
247
267
 
248
268
  declare function classifyPath(relativePath: string): PathClassification;
249
269
 
270
+ /**
271
+ * ISL Spec Compliance Checker
272
+ *
273
+ * Post-scan step that reads spec.isl from the project root and cross-references
274
+ * declared behaviors, entities, and policies against the actual codebase.
275
+ *
276
+ * Rules:
277
+ * ISL001 — Behavior declared but no matching route/handler found
278
+ * ISL002 — Entity declared but no matching type/model/schema found
279
+ * ISL003 — Security policy declared but no matching enforcement found
280
+ * ISL004 — Rate limiting policy declared but no rate limiter found
281
+ * ISL005 — spec.isl parse error (malformed spec)
282
+ *
283
+ * This runs AFTER the 10 scanner engines, using the loaded file map.
284
+ */
285
+
286
+ interface ISLSpec {
287
+ domain: string;
288
+ version?: string;
289
+ behaviors: ISLBehavior[];
290
+ entities: ISLEntity[];
291
+ policies: ISLPolicy[];
292
+ }
293
+ interface ISLBehavior {
294
+ name: string;
295
+ line: number;
296
+ preconditions: string[];
297
+ postconditions: string[];
298
+ }
299
+ interface ISLEntity {
300
+ name: string;
301
+ line: number;
302
+ fields: string[];
303
+ }
304
+ interface ISLPolicy {
305
+ name: string;
306
+ line: number;
307
+ rule: string;
308
+ enforce: string;
309
+ }
310
+ interface SpecComplianceResult {
311
+ specFound: boolean;
312
+ specPath: string;
313
+ domain: string;
314
+ parseSuccess: boolean;
315
+ parseErrors: string[];
316
+ checks: SpecComplianceCheck[];
317
+ score: number;
318
+ summary: {
319
+ totalChecks: number;
320
+ passed: number;
321
+ failed: number;
322
+ warnings: number;
323
+ };
324
+ }
325
+ interface SpecComplianceCheck {
326
+ type: 'behavior' | 'entity' | 'policy';
327
+ name: string;
328
+ status: 'pass' | 'fail' | 'warn';
329
+ message: string;
330
+ specLine: number;
331
+ matchedFiles?: string[];
332
+ }
333
+ declare function checkISLCompliance(projectRoot: string, files: Map<string, FileContext>): {
334
+ result: SpecComplianceResult;
335
+ findings: Finding[];
336
+ };
337
+
250
338
  /**
251
339
  * VibeCheck Unified Scanner
252
340
  *
253
341
  * The most accurate AI code scanner on the market.
254
342
  *
255
- * Combines 6 specialized engines running in parallel:
343
+ * Combines 10 specialized engines running in parallel:
256
344
  * 1. Credentials — hardcoded secrets, API keys, tokens (20 patterns)
257
345
  * 2. Security — injection, XSS, SSRF, prototype pollution (30 patterns)
258
346
  * 3. Fake Features — stubs, fake success, auth bypass, silent failures (25+ patterns)
259
347
  * 4. Hallucinations — fake packages, ghost routes, placeholder URLs (13 patterns)
260
348
  * 5. Dead UI — dead links, noop handlers, coming soon, disabled without reason (5 checks)
261
349
  * 6. Code Quality — debug code, type safety, mock data (18 patterns)
350
+ * 7. Import Graph — circular deps, orphan modules, ghost routes/env vars
351
+ * 8. Runtime Verify — unhandled promises, dead exports, race conditions
352
+ * 9. AST Analysis — Babel-powered scope-aware detection (empty bodies, async bugs, stubs)
353
+ * 10. Flow Trace — Intra-file taint tracking from user input to dangerous sinks
262
354
  *
263
355
  * Plus:
264
356
  * - PathClassifier for smart file filtering (from FOUR v3.5.1)
@@ -267,7 +359,7 @@ declare function classifyPath(relativePath: string): PathClassification;
267
359
  * - Severity escalation for critical-path files (api/, auth/, payment/)
268
360
  *
269
361
  * Architecture:
270
- * Files → Classify → [6 Engines in parallel] → Deduplicate → Score → Report
362
+ * Files → Classify → [10 Engines in parallel] → Deduplicate → Score → Report
271
363
  */
272
364
 
273
365
  declare const ALL_ENGINES: ScanEngine[];
@@ -279,4 +371,4 @@ declare function fix(options: ScanOptions & {
279
371
  fixReport: FixReport;
280
372
  }>;
281
373
 
282
- export { ALL_ENGINES, type FileContext, type Finding, type FixReport, RULE_CATALOG, type ScanEngine, type ScanOptions, type ScanReport, applyFixes, classifyPath, fix, getRuleOrDefault, scan };
374
+ export { ALL_ENGINES, type FileContext, type Finding, type FixReport, type ISLSpec, RULE_CATALOG, type ScanEngine, type ScanOptions, type ScanReport, type SpecComplianceCheck, type SpecComplianceResult, applyFixes, checkISLCompliance, classifyPath, fix, getRuleOrDefault, scan };