Add VibeRaven production readiness gate rule

[ohad6k]

Summary

Adds a reusable Cursor rule for running VibeRaven as a production-readiness gate before launch, deployment, auth, billing, database/RLS, env var, webhook, monitoring, or test-sensitive work.

The rule tells Cursor/agents to run npx -y viberaven --agent-mode, read the generated gate artifacts, fix one listed launch gap at a time, and avoid treating provider dashboard tasks as complete from repo edits alone.

Contribution Type

• New Cursor rule file or rules folder
• Update/fix to an existing rule
• New rules/*.mdc rule
• Documentation or README cleanup

Value To Cursor Users

This gives Cursor users a concrete pre-launch workflow for AI-built apps instead of a vague "make this production ready" prompt. It focuses the agent on repo evidence, .viberaven/gate-result.json, one-gap-at-a-time fixes, and provider-dashboard handoff steps for common production risks such as Supabase RLS, Vercel env drift, auth redirects, webhooks, billing, and monitoring.

Added Or Changed Files

• rules/viberaven-production-readiness-gate.mdc - new universal production-readiness gate rule with verified VibeRaven artifacts and CLI commands.
• README.md - adds the rule to the Hosting and Deployments section.

Quality Checklist

• The contribution includes original rule content, or clearly credits the source.
• New rule files use a descriptive kebab-case filename, such as react-typescript.mdc.
• New rules/*.mdc files include frontmatter with a non-empty description, relevant globs, and alwaysApply: false unless the rule is universal.
• README links use canonical GitHub URLs for repo files and point to the correct category.
• The text is neutral and useful, not sales copy.
• This is not a standalone external tool, product, directory, marketplace, or service listing.
• No secrets, tokens, affiliate links, tracking links, or unrelated product claims are included.
• I checked for duplicate or near-duplicate existing entries.

Notes For Maintainers

alwaysApply: true is intentional here because this is a universal pre-launch safety rule, not a framework-specific style rule. The command list was checked against npx -y viberaven@latest --help and the rule now distinguishes the primary generated artifacts from optional supporting summaries/playbooks.

Validation run locally:

• node scripts/check-repo-hygiene.mjs --only readme
• node scripts/check-repo-hygiene.mjs --only rules
• node scripts/check-awesome-list.mjs

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a new VibeRaven production-readiness gate rule document (metadata, required gate, agent-loop verification, provider-action guidance, and CLI commands) and registers the rule in README under Hosting and Deployments.

Changes

VibeRaven Production-Readiness Gate Documentation

Layer / File(s)

Summary

Production-readiness gate rule and README index rules/viberaven-production-readiness-gate.mdc, README.md

New rule file with metadata (globs: **/*, alwaysApply: true), Required Gate and Agent Loop instructions (read .viberaven/* artifacts, run viberaven --agent-mode and viberaven --verify until gate.status is "clear", handling for VIBERAVEN_NEXT_ACTION), Provider Work guidance for VIBERAVEN_PROVIDER_ACTION (external dashboard steps and user confirmation), and a list of Useful Commands; README entry registers the rule under Hosting and Deployments.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• PatrickJS

Poem

🐰 A little gate, a checklist bright,
Agent loops that work through night,
CLI hops and provider cheer,
Fix one gap, then re-run here—
Production ready, carrot near! 🥕

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title accurately and clearly describes the main change: adding a new VibeRaven production readiness gate rule.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The pull request description comprehensively follows the template with all required sections completed, including summary, contribution type, value to users, files changed, quality checklist, and maintainer notes.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@rules/viberaven-production-readiness-gate.mdc`:
- Around line 3-4: The frontmatter currently sets globs: **/* with alwaysApply:
false, which is ambiguous; either make the rule global by setting alwaysApply:
true or scope it by narrowing the globs to meaningful targets (e.g.,
deployment/config file patterns like **/*.{yml,yaml,json,env} or specific
production paths); update the frontmatter keys "globs" and "alwaysApply"
accordingly so the rule's intent is explicit and conforms to the hygiene check
contract.
- Around line 22-26: The rule in viberaven-production-readiness-gate.mdc
currently asserts VibeRaven will emit `.viberaven/agent-tasklist.md`,
`.viberaven/gate-result.json`, `.viberaven/context-map.json`,
`.viberaven/agent-summary.md`, and `.viberaven/launch-playbook.md`; verify
VibeRaven's actual output filenames/paths by checking its docs or running it
against a sample repo, then update the rule to reference the real output
locations (or remove the `.viberaven/*` expectations) so the entries in
viberaven-production-readiness-gate.mdc match the tool's documented/generated
artifacts.
- Around line 57-62: The "Useful Commands" snippet contains unverified CLI usage
(e.g., "npx -y viberaven next --json", "prompt --gap", "--heal --plan --gap",
"--strict", "audit --vercel-supabase"); run the published tool's help/docs (npx
viberaven --help or official docs) to confirm actual subcommands and flags, then
update the file rules/viberaven-production-readiness-gate.mdc to either replace
those lines with the exact, documented CLI invocations or remove the CLI block
if no CLI exists, ensuring any retained entries match the real command names and
flags shown by viberaven --help.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 320cc22e-24fa-4190-891e-39b68f15cb20

📥 Commits

Reviewing files that changed from the base of the PR and between b044f95 and 8da426f.

📒 Files selected for processing (2)

• README.md
• rules/viberaven-production-readiness-gate.mdc

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@rules/viberaven-production-readiness-gate.mdc`:
- Around line 59-64: The "Useful Commands" examples that show "npx -y viberaven
..." (e.g., "npx -y viberaven next --json", "npx -y viberaven prompt --gap
<gap-id>", "npx -y viberaven --heal --plan --gap <gap-id>", "npx -y viberaven
--heal --apply --gap <gap-id> --yes", "npx -y viberaven --strict", "npx -y
viberaven audit --vercel-supabase") are incorrect because VibeRaven is not a
CLI—remove these fake npx command examples or replace them with the correct
documented workflow for VibeRaven (for example, link or outline the web/docs
checklist usage, API calls, or supported integration steps), and update any
other occurrences of the same bogus CLI examples elsewhere in the rule to avoid
misleading users.
- Around line 22-28: Replace the hardcoded artifact filenames
`.viberaven/agent-tasklist.md`, `.viberaven/gate-result.json`, and
`.viberaven/context-map.json` in the readiness-gate rule text with either (a)
the actual filenames/paths produced by VibeRaven (as documented by the
extension/report) or (b) a configurable or referenced location pulled from the
VibeRaven report/extension metadata; specifically update the sentences that
assert those three `.viberaven/*` files exist and that `gate-result.json` is the
machine verdict to instead point at the real artifact path or to say “the
machine-readable verdict as specified by the VibeRaven extension/report” (so the
rule no longer assumes `.viberaven/` or those exact filenames).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 81d5a2f6-ab04-4d84-b787-fe77b8e192d7

📥 Commits

Reviewing files that changed from the base of the PR and between 8da426f and d83b4dd.

📒 Files selected for processing (1)

• rules/viberaven-production-readiness-gate.mdc

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check VibeRaven official docs and help output for artifact paths
echo "=== Checking viberaven.dev documentation ==="
curl -s https://viberaven.dev/ | grep -i "\.viberaven\|artifact\|output" | head -20 || echo "No direct matches"

echo ""
echo "=== Checking for npm package viberaven ==="
npm view viberaven@latest 2>/dev/null | grep -A 20 "description\|readme" || echo "Package not found on npm"

echo ""
echo "=== Checking for gh releases/docs ==="
gh api repos/viberaven-dev/viberaven/contents/README.md 2>/dev/null | jq -r '.content | `@base64d`' | grep -i "artifact\|\.viberaven\|output" | head -20 || echo "Repo or docs not accessible"

Repository: PatrickJS/awesome-cursorrules

Length of output: 923

---

🌐 Web query:

VibeRaven ".viberaven" agent-tasklist.md

💡 Result:

Based on current technical documentation and available resources, there is no standardized or official file named ".viberaven/agent-tasklist.md" associated with the VibeRaven platform [1][2][3]. VibeRaven is a tool designed to assess the production readiness of AI-built applications [1][4]. Its primary workflow involves scanning a repository for production gaps (such as authentication, database rules, billing, and deployment configuration) and generating scoped, repo-aware prompts to hand off to AI coding agents like Cursor or Claude Code [2][5]. While some developer workflows use directory structures like ".hermes/" or custom task lists (e.g., "*-tasklist.md") for managing autonomous agent tasks [6][7][8], VibeRaven's official methodology focuses on checklists, production-readiness guides, and prompt generation rather than a specific standardized ".viberaven/" task list file format [2][3][4]. If you are looking for a task list generated by a VibeRaven-integrated workflow, it is likely a custom implementation specific to your project's agent orchestration setup rather than a native component of the VibeRaven platform.

Citations:

• 1: https://viberaven.dev/
• 2: https://viberaven.dev/ai-app-production-checklist
• 3: https://viberaven.dev/guides
• 4: https://viberaven.dev/best-ai-app-production-readiness-tools
• 5: https://viberaven.dev/clerk-production-checklist-ai-apps
• 6: https://github.com/shanewas/agentic-stealth-browser/blob/master/.hermes/v1.1.0-tasklist.md
• 7: https://github.com/shanewas/agentic-stealth-browser/blob/master/.hermes/fix-tasklist.md
• 8: https://github.com/msitarzewski/agency-agents/blob/main/specialized/agents-orchestrator.md

---

🌐 Web query:

VibeRaven "gate-result.json"

💡 Result:

The string "VibeRaven "gate-result.json"" does not correspond to any single, authoritative, VibeRaven-specific file spec that I can find from current public sources. What I can confirm from authoritative/near-authoritative evidence: 1) Many “quality gate”/CI tools use a file named gate-result.json as a machine-readable JSON output for gate results (example: EvalGuard’s docs show evalguard gate ... --json > gate-result.json). [1] 2) The VibeRaven project itself is a production-readiness scanning/productivity tool for AI-built apps (not a known gate-result.json generator). Its docs describe checking launch gaps (auth, billing, deployment, env vars, monitoring, etc.) but don’t mention gate-result.json. [2][3] Separately, there are unrelated projects/workflows that explicitly write a gate result to a path ending in gate-result.json (e.g., a Vouch workflow writes compact gate results to .vouch/build/gate-result.json and describes that file as stable input for status checks/integrations). [4] So, unless you mean one of the above (or you have a specific repo/extension/source where VibeRaven emits/consumes gate-result.json), I can’t responsibly claim what that specific file is for inside VibeRaven itself. If you share: - the GitHub repo / package name where “VibeRaven” references gate-result.json, or - a snippet of the code/config that creates/reads it, then I can pinpoint exactly what VibeRaven is doing with that file in your context.

Citations:

• 1: https://evalguard.ai/docs/ci-cd
• 2: https://viberaven.vercel.app/
• 3: https://marketplace.visualstudio.com/items?itemName=VibeRaven-Dev.viberaven
• 4: duriantaco/vouch@b2aaf91

---

🌐 Web query:

VibeRaven "context-map.json"

💡 Result:

VibeRaven is a tool and VS Code/Cursor extension designed to assist developers in transitioning AI-built prototypes into production-ready applications [1][2]. It functions as a launch-readiness scanner that analyzes a codebase to identify configuration gaps in areas such as authentication, billing, database management, environment variables, and monitoring [1][3][4]. The file "context-map.json" is a common pattern used in various AI-coding and repository-analysis tools (including those similar to VibeRaven) to store a structured index or "map" of a project's codebase [5][6][7][8]. While VibeRaven itself uses internal scanning to generate "Mission Maps" and readiness reports, the broader context-map pattern—often referred to as a "context map" or "project map"—serves the following technical purposes in AI development workflows: 1. Sparse Context Loading: AI coding agents (like those in Cursor or Claude Code) use these files to understand the project structure without needing to scan every file in the repository, which saves tokens and improves relevance [5][6][7]. 2. Repository Topology: It acts as an index of project modules, entry points, dependencies, and file relationships [7][8]. 3. Agent Handoff: It provides a persistent, machine-readable summary of the project state that tools use to suggest the "next move" or prompt for a coding agent [7][3][9]. In the context of VibeRaven specifically, the tool inspects your workspace to surface production blockers and generates actionable, copy-ready prompts for your coding agent [3][9]. It focuses on maintaining alignment between your project's technical implementation and its development goals (often tracked via a "SPEC.md" or similar project memory file) [3].

Citations:

• 1: https://community.vercel.com/t/for-people-shipping-ai-built-apps-on-vercel/42595
• 2: https://forum.cursor.com/t/extension-verification-viberaven/161665
• 3: https://viberaven.vercel.app/
• 4: https://viberaven.dev/ai-app-production-checklist
• 5: https://www.reddit.com/r/cursor/comments/1qduksd/i_built_a_tool_that_gives_cursor_full_context_on/
• 6: https://libraries.io/npm/repo-harness
• 7: https://github.com/tamojit-123/project-context-map-mcp
• 8: https://glama.ai/mcp/servers/lastmanupinc-hub/AXIS-iliad
• 9: https://viberaven.dev/we-ran-viberaven-on-a-real-ai-built-app

---

🌐 Web query:

site:viberaven.dev .viberaven gate-result.json

💡 Result:

The term gate-result.json is not an official public standard or documented file format associated with VibeRaven. VibeRaven is a tool designed to help developers assess the production readiness of AI-built applications by scanning code repositories and generating checklists, launch gap analyses, and prompts for coding agents [1][2][3]. While VibeRaven analyzes repository evidence and provides outputs for production readiness, there is no public documentation indicating that it uses a file named gate-result.json [1][4][5]. It is likely that this filename is either an internal temporary file, a specific artifact generated by a custom local implementation, or a misunderstood reference to the tool's output data structure. For official information regarding VibeRaven's functionality, users should refer to their documentation at viberaven.dev [2][6].

Citations:

• 1: https://viberaven.dev/ai-app-production-checklist
• 2: https://viberaven.dev/guides
• 3: https://viberaven.dev/best-ai-app-production-readiness-tools
• 4: https://viberaven.dev/vercel-preview-to-production-checklist
• 5: https://viberaven.dev/clerk-production-checklist-ai-apps
• 6: https://viberaven.dev/

---

Fix hardcoded .viberaven/ artifact filenames in readiness gate rule.

Lines 22–28 assume VibeRaven generates .viberaven/agent-tasklist.md, .viberaven/gate-result.json, and .viberaven/context-map.json (and treats gate-result.json as the machine verdict). Public VibeRaven resources don’t document creating a .viberaven/ directory or these specific filenames, and gate-result.json / agent-tasklist.md are not indicated as VibeRaven artifacts. context-map.json is a common filename in other “context/project map” tools, but there’s no public evidence tying it to VibeRaven’s outputs.

Update the rule to match the actual artifact paths/filenames produced by VibeRaven (or make the instruction reference where the extension/report tells users to find the machine-readable verdict), instead of hardcoding these .viberaven/* files.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@rules/viberaven-production-readiness-gate.mdc` around lines 22 - 28, Replace
the hardcoded artifact filenames `.viberaven/agent-tasklist.md`,
`.viberaven/gate-result.json`, and `.viberaven/context-map.json` in the
readiness-gate rule text with either (a) the actual filenames/paths produced by
VibeRaven (as documented by the extension/report) or (b) a configurable or
referenced location pulled from the VibeRaven report/extension metadata;
specifically update the sentences that assert those three `.viberaven/*` files
exist and that `gate-result.json` is the machine verdict to instead point at the
real artifact path or to say “the machine-readable verdict as specified by the
VibeRaven extension/report” (so the rule no longer assumes `.viberaven/` or
those exact filenames).

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

What are the available command-line commands and flags for the VibeRaven tool?

💡 Result:

VibeRaven is not a command-line interface (CLI) tool with specific commands or flags [1][2]. Instead, VibeRaven is a documentation and checklist platform that provides guides, production-readiness checklists, and workflows for developers building applications with AI [1][3][4]. The tool focuses on assisting developers in transitioning AI-built apps from development or preview stages to production by identifying launch gaps in areas such as authentication, database rules, billing, deployment, and monitoring [4][2][5]. It works by analyzing repository evidence and providing actionable prompts that can be used with AI coding agents like Cursor, Claude Code, or other VS Code-integrated agents to perform the necessary fixes [4][2][5][6]. There is no installable CLI software or set of terminal commands associated with VibeRaven [1][7].

Citations:

• 1: https://viberaven.dev/
• 2: https://viberaven.dev/best-ai-app-production-readiness-tools
• 3: https://viberaven.dev/guides
• 4: https://viberaven.dev/ai-app-production-checklist
• 5: https://viberaven.dev/vercel-preview-to-production-checklist
• 6: https://viberaven.dev/clerk-production-checklist-ai-apps
• 7: https://github.com/viberaven

---

Remove/replace incorrect npx -y viberaven ... command examples in the readiness gate

VibeRaven isn’t an installable CLI with terminal subcommands/flags; it’s a docs/checklist platform, so the npx -y viberaven ... examples (including lines 17, 39, and the “Useful Commands” block on lines 59–64) are very likely non-functional and will mislead users. Update the rule to match the actual documented workflow or remove the CLI command section.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@rules/viberaven-production-readiness-gate.mdc` around lines 59 - 64, The
"Useful Commands" examples that show "npx -y viberaven ..." (e.g., "npx -y
viberaven next --json", "npx -y viberaven prompt --gap <gap-id>", "npx -y
viberaven --heal --plan --gap <gap-id>", "npx -y viberaven --heal --apply --gap
<gap-id> --yes", "npx -y viberaven --strict", "npx -y viberaven audit
--vercel-supabase") are incorrect because VibeRaven is not a CLI—remove these
fake npx command examples or replace them with the correct documented workflow
for VibeRaven (for example, link or outline the web/docs checklist usage, API
calls, or supported integration steps), and update any other occurrences of the
same bogus CLI examples elsewhere in the rule to avoid misleading users.