@aigrc/cli 0.1.0 → 0.2.0

package/dist/aigrc.js

@@ -1,4 +1,10 @@
 #!/usr/bin/env node
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
 
 // src/bin/aigrc.ts
 import { program } from "commander";
@@ -714,59 +720,414 @@ function sanitizeFileName2(name) {
 
 // src/commands/validate.ts
 import { Command as Command4 } from "commander";
-import chalk5 from "chalk";
+import chalk6 from "chalk";
 import ora3 from "ora";
-import path4 from "path";
+import path5 from "path";
 import fs3 from "fs/promises";
+import YAML from "yaml";
 import {
   loadAssetCard,
   classifyRisk,
   validateAssetCard
 } from "@aigrc/core";
+
+// src/utils/exit-codes.ts
+function exit(code) {
+  process.exit(code);
+}
+
+// src/formatters/sarif.ts
+function formatSarif(results, version = "0.1.0") {
+  const sarifResults = [];
+  const artifacts = [];
+  const seenPaths = /* @__PURE__ */ new Set();
+  for (const result of results) {
+    if (!seenPaths.has(result.path)) {
+      seenPaths.add(result.path);
+      artifacts.push({
+        location: {
+          uri: result.path
+        },
+        mimeType: "application/x-yaml"
+      });
+    }
+    if (!result.validation.valid) {
+      for (const error of result.validation.errors) {
+        sarifResults.push({
+          ruleId: "AIGRC001",
+          level: "error",
+          message: {
+            text: error
+          },
+          locations: [
+            {
+              physicalLocation: {
+                artifactLocation: {
+                  uri: result.path
+                }
+              }
+            }
+          ],
+          properties: {
+            cardId: result.card?.id,
+            cardName: result.card?.name
+          }
+        });
+      }
+    } else {
+      sarifResults.push({
+        ruleId: "AIGRC001",
+        level: "none",
+        message: {
+          text: "Asset card validation passed"
+        },
+        locations: [
+          {
+            physicalLocation: {
+              artifactLocation: {
+                uri: result.path
+              }
+            }
+          }
+        ],
+        properties: {
+          cardId: result.card?.id,
+          cardName: result.card?.name,
+          riskLevel: result.card?.classification?.riskLevel
+        }
+      });
+    }
+  }
+  const sarif = {
+    version: "2.1.0",
+    $schema: "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+    runs: [
+      {
+        tool: {
+          driver: {
+            name: "AIGRC",
+            version,
+            informationUri: "https://github.com/aigrc/aigrc",
+            rules: [
+              {
+                id: "AIGRC001",
+                name: "AssetCardValidation",
+                shortDescription: {
+                  text: "Asset card must be valid according to AIGRC schema"
+                },
+                fullDescription: {
+                  text: "Validates asset cards against AIGRC compliance requirements including risk classification, ownership, and regulatory framework mappings."
+                },
+                help: {
+                  text: "Ensure your asset card includes all required fields and follows the AIGRC schema. Run 'aigrc validate --help' for more information."
+                },
+                defaultConfiguration: {
+                  level: "error"
+                }
+              }
+            ]
+          }
+        },
+        results: sarifResults,
+        artifacts
+      }
+    ]
+  };
+  return sarif;
+}
+function sarifToJson(sarif, pretty = true) {
+  return JSON.stringify(sarif, null, pretty ? 2 : 0);
+}
+
+// src/formatters/text.ts
+import chalk5 from "chalk";
+import path4 from "path";
+function printValidationSummary(results) {
+  console.log(chalk5.bold("Validation Summary"));
+  console.log(chalk5.dim("\u2500".repeat(50)));
+  console.log();
+  for (const result of results) {
+    const fileName = path4.basename(result.path);
+    if (!result.validation.valid) {
+      console.log(chalk5.red(`\u2717 ${fileName}`));
+      for (const error of result.validation.errors) {
+        console.log(chalk5.red(`    Error: ${error}`));
+      }
+      if (result.fixed && result.fixedFields && result.fixedFields.length > 0) {
+        console.log(chalk5.yellow(`    Fixed: ${result.fixedFields.join(", ")}`));
+      }
+    } else {
+      console.log(chalk5.green(`\u2713 ${fileName}`));
+      if (result.fixed && result.fixedFields && result.fixedFields.length > 0) {
+        console.log(chalk5.yellow(`    Fixed: ${result.fixedFields.join(", ")}`));
+      }
+      if (result.card && result.classification) {
+        const tierColor = getRiskLevelColor(result.classification.riskLevel);
+        console.log(
+          chalk5.dim("    Risk Level: ") + tierColor(result.classification.riskLevel)
+        );
+        if (result.classification.euAiActCategory) {
+          console.log(
+            chalk5.dim("    EU AI Act: ") + chalk5.yellow(result.classification.euAiActCategory)
+          );
+        }
+      }
+    }
+    console.log();
+  }
+  const valid = results.filter((r) => r.validation.valid).length;
+  const invalid = results.filter((r) => !r.validation.valid).length;
+  const fixed = results.filter((r) => r.fixed).length;
+  console.log(chalk5.dim("\u2500".repeat(50)));
+  console.log(
+    `Total: ${results.length} | ` + chalk5.green(`Valid: ${valid}`) + ` | ` + chalk5.red(`Invalid: ${invalid}`) + (fixed > 0 ? ` | ${chalk5.yellow(`Fixed: ${fixed}`)}` : "")
+  );
+}
+function getRiskLevelColor(level) {
+  switch (level) {
+    case "minimal":
+      return chalk5.green;
+    case "limited":
+      return chalk5.yellow;
+    case "high":
+      return chalk5.red;
+    case "unacceptable":
+      return chalk5.magenta;
+    default:
+      return chalk5.white;
+  }
+}
+
+// src/fixers/auto-fix.ts
+function autoFixAssetCard(card) {
+  const fixedFields = [];
+  const fixedCard = JSON.parse(JSON.stringify(card));
+  if (!fixedCard.metadata?.createdAt) {
+    if (!fixedCard.metadata) {
+      fixedCard.metadata = {
+        createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+        updatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+        version: "1.0.0"
+      };
+    } else {
+      fixedCard.metadata.createdAt = (/* @__PURE__ */ new Date()).toISOString();
+    }
+    fixedFields.push("metadata.createdAt");
+  } else if (!isValidISODate(fixedCard.metadata.createdAt)) {
+    fixedCard.metadata.createdAt = normalizeDate(fixedCard.metadata.createdAt);
+    fixedFields.push("metadata.createdAt (format)");
+  }
+  if (!fixedCard.metadata?.updatedAt) {
+    if (!fixedCard.metadata) {
+      fixedCard.metadata = {
+        createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+        updatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+        version: "1.0.0"
+      };
+    } else {
+      fixedCard.metadata.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+    }
+    fixedFields.push("metadata.updatedAt");
+  } else if (!isValidISODate(fixedCard.metadata.updatedAt)) {
+    fixedCard.metadata.updatedAt = normalizeDate(fixedCard.metadata.updatedAt);
+    fixedFields.push("metadata.updatedAt (format)");
+  }
+  if (!fixedCard.metadata?.version) {
+    if (!fixedCard.metadata) {
+      fixedCard.metadata = {
+        createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+        updatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+        version: "1.0.0"
+      };
+    } else {
+      fixedCard.metadata.version = "1.0.0";
+    }
+    fixedFields.push("metadata.version");
+  }
+  if (fixedCard.classification?.riskLevel) {
+    const normalized = normalizeRiskLevel(fixedCard.classification.riskLevel);
+    if (normalized !== fixedCard.classification.riskLevel) {
+      fixedCard.classification.riskLevel = normalized;
+      fixedFields.push("classification.riskLevel");
+    }
+  }
+  if (fixedCard.classification?.riskFactors?.piiProcessing !== void 0) {
+    const pii = fixedCard.classification.riskFactors.piiProcessing;
+    if (typeof pii === "boolean") {
+      fixedCard.classification.riskFactors.piiProcessing = pii ? "yes" : "no";
+      fixedFields.push("classification.riskFactors.piiProcessing");
+    }
+  }
+  if (!fixedCard.id) {
+    fixedCard.id = generateId(fixedCard.name);
+    fixedFields.push("id");
+  }
+  if (!fixedCard.name) {
+    fixedCard.name = "Unnamed Asset";
+    fixedFields.push("name");
+  }
+  if (!fixedCard.description) {
+    fixedCard.description = "No description provided";
+    fixedFields.push("description");
+  }
+  if (!fixedCard.classification) {
+    fixedCard.classification = {
+      riskLevel: "minimal",
+      riskFactors: {
+        autonomousDecisions: false,
+        customerFacing: false,
+        toolExecution: false,
+        externalDataAccess: false,
+        piiProcessing: "unknown",
+        highStakesDecisions: false
+      }
+    };
+    fixedFields.push("classification");
+  }
+  if (!fixedCard.classification.riskFactors) {
+    fixedCard.classification.riskFactors = {
+      autonomousDecisions: false,
+      customerFacing: false,
+      toolExecution: false,
+      externalDataAccess: false,
+      piiProcessing: "unknown",
+      highStakesDecisions: false
+    };
+    fixedFields.push("classification.riskFactors");
+  }
+  return {
+    fixed: fixedFields.length > 0,
+    fixedFields,
+    card: fixedCard
+  };
+}
+function isValidISODate(dateStr) {
+  const iso8601Regex = /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d{3})?Z?$/;
+  if (!iso8601Regex.test(dateStr)) {
+    return false;
+  }
+  const date = new Date(dateStr);
+  return !isNaN(date.getTime());
+}
+function normalizeDate(dateStr) {
+  const date = new Date(dateStr);
+  if (isNaN(date.getTime())) {
+    return (/* @__PURE__ */ new Date()).toISOString();
+  }
+  return date.toISOString();
+}
+function normalizeRiskLevel(level) {
+  const normalized = level.toLowerCase().trim();
+  const validLevels = ["minimal", "limited", "high", "unacceptable"];
+  if (validLevels.includes(normalized)) {
+    return normalized;
+  }
+  const mappings = {
+    low: "minimal",
+    medium: "limited",
+    critical: "unacceptable",
+    extreme: "unacceptable",
+    none: "minimal"
+  };
+  return mappings[normalized] || "minimal";
+}
+function generateId(name) {
+  return name.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "").substring(0, 50);
+}
+
+// src/commands/validate.ts
 var DEFAULT_CARDS_DIR3 = ".aigrc/cards";
-var validateCommand = new Command4("validate").description("Validate asset cards against compliance requirements").argument("[path]", "Path to asset card or cards directory").option("-s, --strict", "Fail on warnings as well as errors").option("-o, --output <format>", "Output format (text, json)", "text").option("-a, --all", "Validate all cards in the cards directory").action(async (cardPath, options) => {
+var validateCommand = new Command4("validate").description("Validate asset cards against compliance requirements").argument("[path]", "Path to asset card or cards directory").option("-s, --strict", "Fail on warnings as well as errors").option("-o, --output <format>", "Output format (text, json, sarif)", "text").option("-a, --all", "Validate all cards in the cards directory").option("--fix", "Automatically fix common issues").option("--dry-run", "Preview fixes without saving (requires --fix)").option("--output-file <path>", "Write output to file instead of stdout").action(async (cardPath, options) => {
   await runValidate(cardPath, options);
 });
 async function runValidate(cardPath, options) {
-  if (options.output === "text") {
+  if (options.dryRun && !options.fix) {
+    if (options.output === "text") {
+      console.error(chalk6.red("Error: --dry-run requires --fix"));
+    } else {
+      console.error(JSON.stringify({ error: "--dry-run requires --fix" }));
+    }
+    exit(2 /* INVALID_ARGUMENTS */);
+  }
+  if (options.output === "text" && !options.outputFile) {
     printHeader();
   }
   const cardsToValidate = [];
   if (options.all || !cardPath) {
-    const cardsDir = path4.join(process.cwd(), DEFAULT_CARDS_DIR3);
+    const cardsDir = path5.join(process.cwd(), DEFAULT_CARDS_DIR3);
     try {
       const files = await fs3.readdir(cardsDir);
       const yamlFiles = files.filter((f) => f.endsWith(".yaml") || f.endsWith(".yml"));
       for (const file of yamlFiles) {
-        cardsToValidate.push(path4.join(cardsDir, file));
+        cardsToValidate.push(path5.join(cardsDir, file));
       }
-    } catch {
-      if (options.output === "text") {
-        console.log(chalk5.yellow("No cards directory found."));
-        console.log(chalk5.dim(`Expected: ${cardsDir}`));
-        console.log(chalk5.dim("Run `aigrc init` to initialize AIGRC."));
+    } catch (error) {
+      if (options.output === "text" && !options.outputFile) {
+        console.log(chalk6.yellow("No cards directory found."));
+        console.log(chalk6.dim(`Expected: ${cardsDir}`));
+        console.log(chalk6.dim("Run `aigrc init` to initialize AIGRC."));
       } else {
-        console.log(JSON.stringify({ error: "No cards directory found" }));
+        const output = JSON.stringify({ error: "No cards directory found" });
+        if (options.outputFile) {
+          await fs3.writeFile(options.outputFile, output);
+        } else {
+          console.log(output);
+        }
       }
-      process.exit(1);
+      exit(4 /* FILE_NOT_FOUND */);
     }
   } else {
-    cardsToValidate.push(path4.resolve(process.cwd(), cardPath));
+    const resolvedPath = path5.resolve(process.cwd(), cardPath);
+    try {
+      await fs3.access(resolvedPath);
+      cardsToValidate.push(resolvedPath);
+    } catch {
+      if (options.output === "text" && !options.outputFile) {
+        console.log(chalk6.red(`Error: File not found: ${cardPath}`));
+      } else {
+        const output = JSON.stringify({ error: `File not found: ${cardPath}` });
+        if (options.outputFile) {
+          await fs3.writeFile(options.outputFile, output);
+        } else {
+          console.log(output);
+        }
+      }
+      exit(4 /* FILE_NOT_FOUND */);
+    }
   }
   if (cardsToValidate.length === 0) {
-    if (options.output === "text") {
-      console.log(chalk5.yellow("No asset cards found to validate."));
+    if (options.output === "text" && !options.outputFile) {
+      console.log(chalk6.yellow("No asset cards found to validate."));
     } else {
-      console.log(JSON.stringify({ error: "No asset cards found" }));
+      const output = JSON.stringify({ error: "No asset cards found" });
+      if (options.outputFile) {
+        await fs3.writeFile(options.outputFile, output);
+      } else {
+        console.log(output);
+      }
     }
-    process.exit(1);
+    exit(4 /* FILE_NOT_FOUND */);
   }
   const results = [];
   let hasErrors = false;
   for (const cardFile of cardsToValidate) {
-    const spinner = options.output === "text" ? ora3(`Validating ${path4.basename(cardFile)}...`).start() : void 0;
+    const spinner = options.output === "text" && !options.outputFile ? ora3(`Validating ${path5.basename(cardFile)}...`).start() : void 0;
     try {
-      const card = loadAssetCard(cardFile);
+      let card = loadAssetCard(cardFile);
+      let fixed = false;
+      let fixedFields = [];
+      if (options.fix) {
+        const fixResult = autoFixAssetCard(card);
+        if (fixResult.fixed) {
+          fixed = true;
+          fixedFields = fixResult.fixedFields;
+          card = fixResult.card;
+          if (!options.dryRun) {
+            const yamlContent = YAML.stringify(card);
+            await fs3.writeFile(cardFile, yamlContent, "utf-8");
+          }
+        }
+      }
       const validation = validateAssetCard(card);
       const classification = classifyRisk(card.classification.riskFactors);
       results.push({
@@ -776,13 +1137,17 @@ async function runValidate(cardPath, options) {
           valid: validation.valid,
           errors: validation.errors ?? []
         },
-        classification
+        classification,
+        fixed,
+        fixedFields
       });
       if (!validation.valid) {
         hasErrors = true;
-        spinner?.fail(`${path4.basename(cardFile)}: Invalid`);
+        spinner?.fail(`${path5.basename(cardFile)}: Invalid`);
+      } else if (fixed) {
+        spinner?.succeed(`${path5.basename(cardFile)}: Valid (fixed ${fixedFields.length} issues)`);
       } else {
-        spinner?.succeed(`${path4.basename(cardFile)}: Valid`);
+        spinner?.succeed(`${path5.basename(cardFile)}: Valid`);
       }
     } catch (error) {
       hasErrors = true;
@@ -794,76 +1159,93 @@ async function runValidate(cardPath, options) {
           errors: [errorMessage]
         }
       });
-      spinner?.fail(`${path4.basename(cardFile)}: Parse error`);
+      spinner?.fail(`${path5.basename(cardFile)}: Parse error`);
     }
   }
-  if (options.output === "json") {
-    console.log(JSON.stringify({ results }, null, 2));
-  } else {
-    console.log();
-    printValidationSummary(results);
-  }
+  await outputResults(results, options);
   if (hasErrors) {
-    process.exit(1);
+    exit(3 /* VALIDATION_ERRORS */);
   }
+  exit(0 /* SUCCESS */);
 }
-function printValidationSummary(results) {
-  console.log(chalk5.bold("Validation Summary"));
-  console.log(chalk5.dim("\u2500".repeat(50)));
-  console.log();
+async function outputResults(results, options) {
+  let output;
+  switch (options.output) {
+    case "sarif": {
+      const sarif = formatSarif(results);
+      output = sarifToJson(sarif);
+      break;
+    }
+    case "json": {
+      output = JSON.stringify({ results }, null, 2);
+      break;
+    }
+    case "text":
+    default: {
+      if (options.outputFile) {
+        output = formatTextOutput(results);
+      } else {
+        console.log();
+        printValidationSummary(results);
+        return;
+      }
+    }
+  }
+  if (options.outputFile) {
+    await fs3.writeFile(options.outputFile, output, "utf-8");
+    if (options.output === "text") {
+      console.log(chalk6.green(`\u2713 Output written to ${options.outputFile}`));
+    }
+  } else {
+    console.log(output);
+  }
+}
+function formatTextOutput(results) {
+  const lines = [];
+  lines.push("Validation Summary");
+  lines.push("\u2500".repeat(50));
+  lines.push("");
   for (const result of results) {
-    const fileName = path4.basename(result.path);
+    const fileName = path5.basename(result.path);
     if (!result.validation.valid) {
-      console.log(chalk5.red(`\u2717 ${fileName}`));
+      lines.push(`\u2717 ${fileName}`);
       for (const error of result.validation.errors) {
-        console.log(chalk5.red(`    Error: ${error}`));
+        lines.push(`    Error: ${error}`);
       }
     } else {
-      console.log(chalk5.green(`\u2713 ${fileName}`));
+      lines.push(`\u2713 ${fileName}`);
+      if (result.fixed && result.fixedFields && result.fixedFields.length > 0) {
+        lines.push(`    Fixed: ${result.fixedFields.join(", ")}`);
+      }
       if (result.card && result.classification) {
-        const tierColor = getRiskLevelColor(result.classification.riskLevel);
-        console.log(
-          chalk5.dim("    Risk Level: ") + tierColor(result.classification.riskLevel)
-        );
+        lines.push(`    Risk Level: ${result.classification.riskLevel}`);
         if (result.classification.euAiActCategory) {
-          console.log(
-            chalk5.dim("    EU AI Act: ") + chalk5.yellow(result.classification.euAiActCategory)
-          );
+          lines.push(`    EU AI Act: ${result.classification.euAiActCategory}`);
         }
       }
     }
-    console.log();
+    lines.push("");
   }
   const valid = results.filter((r) => r.validation.valid).length;
   const invalid = results.filter((r) => !r.validation.valid).length;
-  console.log(chalk5.dim("\u2500".repeat(50)));
-  console.log(
-    `Total: ${results.length} | ` + chalk5.green(`Valid: ${valid}`) + ` | ` + chalk5.red(`Invalid: ${invalid}`)
+  const fixed = results.filter((r) => r.fixed).length;
+  lines.push("\u2500".repeat(50));
+  lines.push(
+    `Total: ${results.length} | Valid: ${valid} | Invalid: ${invalid}` + (fixed > 0 ? ` | Fixed: ${fixed}` : "")
   );
-}
-function getRiskLevelColor(level) {
-  switch (level) {
-    case "minimal":
-      return chalk5.green;
-    case "limited":
-      return chalk5.yellow;
-    case "high":
-      return chalk5.red;
-    case "unacceptable":
-      return chalk5.magenta;
-    default:
-      return chalk5.white;
-  }
+  return lines.join("\n");
 }
 
 // src/commands/status.ts
 import { Command as Command5 } from "commander";
-import chalk6 from "chalk";
-import path5 from "path";
+import chalk7 from "chalk";
+import path6 from "path";
 import fs4 from "fs/promises";
 import {
   loadAssetCard as loadAssetCard2,
-  classifyRisk as classifyRisk2
+  classifyRisk as classifyRisk2,
+  extractGoldenThreadComponents,
+  verifyGoldenThreadHashSync
 } from "@aigrc/core";
 var DEFAULT_CARDS_DIR4 = ".aigrc/cards";
 var DEFAULT_CONFIG_FILE2 = ".aigrc.yaml";
@@ -875,14 +1257,14 @@ async function runStatus(options) {
   if (options.output === "text") {
     printHeader();
   }
-  const configPath = path5.join(cwd, DEFAULT_CONFIG_FILE2);
-  const cardsDir = path5.join(cwd, DEFAULT_CARDS_DIR4);
+  const configPath = path6.join(cwd, DEFAULT_CONFIG_FILE2);
+  const cardsDir = path6.join(cwd, DEFAULT_CARDS_DIR4);
   const configExists = await fileExists2(configPath);
   const cardsDirExists = await directoryExists(cardsDir);
   if (!configExists && !cardsDirExists) {
     if (options.output === "text") {
-      console.log(chalk6.yellow("AIGRC is not initialized in this directory."));
-      console.log(chalk6.dim("\nRun `aigrc init` to get started."));
+      console.log(chalk7.yellow("AIGRC is not initialized in this directory."));
+      console.log(chalk7.dim("\nRun `aigrc init` to get started."));
     } else {
       console.log(JSON.stringify({ initialized: false }));
     }
@@ -895,7 +1277,7 @@ async function runStatus(options) {
       const yamlFiles = files.filter((f) => f.endsWith(".yaml") || f.endsWith(".yml"));
       for (const file of yamlFiles) {
         try {
-          const filePath = path5.join(cardsDir, file);
+          const filePath = path6.join(cardsDir, file);
           const card = loadAssetCard2(filePath);
           const classification = classifyRisk2(card.classification.riskFactors);
           cards.push({ path: filePath, card, classification });
@@ -926,19 +1308,21 @@ async function runStatus(options) {
     );
     return;
   }
-  console.log(chalk6.bold("AIGRC Status"));
-  console.log(chalk6.dim("\u2500".repeat(50)));
+  console.log(chalk7.bold("AIGRC Status"));
+  console.log(chalk7.dim("\u2500".repeat(50)));
+  console.log();
+  console.log(chalk7.dim("Config:"), configExists ? chalk7.green("\u2713") : chalk7.red("\u2717"), configPath);
+  console.log(chalk7.dim("Cards:"), cardsDirExists ? chalk7.green("\u2713") : chalk7.red("\u2717"), cardsDir);
   console.log();
-  console.log(chalk6.dim("Config:"), configExists ? chalk6.green("\u2713") : chalk6.red("\u2717"), configPath);
-  console.log(chalk6.dim("Cards:"), cardsDirExists ? chalk6.green("\u2713") : chalk6.red("\u2717"), cardsDir);
+  printGoldenThreadStatus(cards);
   console.log();
   if (cards.length === 0) {
-    console.log(chalk6.yellow("No asset cards registered."));
-    console.log(chalk6.dim("\nRun `aigrc init` or `aigrc register` to create an asset card."));
+    console.log(chalk7.yellow("No asset cards registered."));
+    console.log(chalk7.dim("\nRun `aigrc init` or `aigrc register` to create an asset card."));
     return;
   }
-  console.log(chalk6.bold(`Registered Assets (${cards.length})`));
-  console.log(chalk6.dim("\u2500".repeat(50)));
+  console.log(chalk7.bold(`Registered Assets (${cards.length})`));
+  console.log(chalk7.dim("\u2500".repeat(50)));
   console.log();
   const byLevel = groupByRiskLevel(cards);
   for (const level of ["unacceptable", "high", "limited", "minimal"]) {
@@ -948,18 +1332,18 @@ async function runStatus(options) {
     console.log(levelColor(`${level.toUpperCase()} (${levelCards.length})`));
     console.log();
     for (const { card, classification } of levelCards) {
-      console.log(`  ${chalk6.bold(card.name)}`);
-      console.log(chalk6.dim(`    ID: ${card.id}`));
-      console.log(chalk6.dim(`    Risk Level: ${classification.riskLevel}`));
+      console.log(`  ${chalk7.bold(card.name)}`);
+      console.log(chalk7.dim(`    ID: ${card.id}`));
+      console.log(chalk7.dim(`    Risk Level: ${classification.riskLevel}`));
       if (classification.euAiActCategory) {
-        console.log(chalk6.dim(`    EU AI Act: `) + chalk6.yellow(classification.euAiActCategory));
+        console.log(chalk7.dim(`    EU AI Act: `) + chalk7.yellow(classification.euAiActCategory));
       }
       if (card.ownership?.owner) {
-        console.log(chalk6.dim(`    Owner: ${card.ownership.owner.name} <${card.ownership.owner.email}>`));
+        console.log(chalk7.dim(`    Owner: ${card.ownership.owner.name} <${card.ownership.owner.email}>`));
       }
       const activeRisks = getActiveRiskFactors(card);
       if (activeRisks.length > 0) {
-        console.log(chalk6.dim(`    Risks: `) + activeRisks.join(", "));
+        console.log(chalk7.dim(`    Risks: `) + activeRisks.join(", "));
       }
       console.log();
     }
@@ -978,17 +1362,17 @@ function groupByRiskLevel(cards) {
   return byLevel;
 }
 function printStatusSummary(cards) {
-  console.log(chalk6.dim("\u2500".repeat(50)));
+  console.log(chalk7.dim("\u2500".repeat(50)));
   const minimal = cards.filter((c) => c.classification.riskLevel === "minimal").length;
   const limited = cards.filter((c) => c.classification.riskLevel === "limited").length;
   const high = cards.filter((c) => c.classification.riskLevel === "high").length;
   const unacceptable = cards.filter((c) => c.classification.riskLevel === "unacceptable").length;
   console.log(
-    `Total: ${cards.length} | ` + chalk6.green(`Minimal: ${minimal}`) + ` | ` + chalk6.yellow(`Limited: ${limited}`) + ` | ` + chalk6.red(`High: ${high}`) + ` | ` + chalk6.magenta(`Unacceptable: ${unacceptable}`)
+    `Total: ${cards.length} | ` + chalk7.green(`Minimal: ${minimal}`) + ` | ` + chalk7.yellow(`Limited: ${limited}`) + ` | ` + chalk7.red(`High: ${high}`) + ` | ` + chalk7.magenta(`Unacceptable: ${unacceptable}`)
   );
   if (high > 0 || unacceptable > 0) {
     console.log();
-    console.log(chalk6.yellow("\u26A0 High-risk assets detected. Review compliance requirements."));
+    console.log(chalk7.yellow("\u26A0 High-risk assets detected. Review compliance requirements."));
   }
 }
 function getActiveRiskFactors(card) {
@@ -1006,15 +1390,15 @@ function getActiveRiskFactors(card) {
 function getRiskLevelColor2(level) {
   switch (level) {
     case "minimal":
-      return chalk6.green;
+      return chalk7.green;
     case "limited":
-      return chalk6.yellow;
+      return chalk7.yellow;
     case "high":
-      return chalk6.red;
+      return chalk7.red;
     case "unacceptable":
-      return chalk6.magenta;
+      return chalk7.magenta;
     default:
-      return chalk6.white;
+      return chalk7.white;
   }
 }
 async function fileExists2(filePath) {
@@ -1033,14 +1417,296 @@ async function directoryExists(dirPath) {
     return false;
   }
 }
+function printGoldenThreadStatus(cards) {
+  const cardsWithGoldenThread = cards.filter((c) => {
+    const components = extractGoldenThreadComponents(c.card);
+    return components && c.card.golden_thread?.hash;
+  });
+  if (cardsWithGoldenThread.length === 0) {
+    return;
+  }
+  console.log(chalk7.bold("Golden Thread"));
+  console.log(chalk7.dim("\u2500".repeat(50)));
+  console.log();
+  for (const { card } of cardsWithGoldenThread) {
+    const components = extractGoldenThreadComponents(card);
+    if (!components || !card.golden_thread?.hash) continue;
+    console.log(chalk7.bold(card.name));
+    console.log(chalk7.dim(`  Hash: ${card.golden_thread.hash}`));
+    try {
+      const verification = verifyGoldenThreadHashSync(components, card.golden_thread.hash);
+      if (verification.verified) {
+        console.log(chalk7.dim("  Status: ") + chalk7.green("\u2713 Verified"));
+      } else {
+        console.log(chalk7.dim("  Status: ") + chalk7.red("\u2717 Verification Failed"));
+        if (verification.mismatch_reason) {
+          console.log(chalk7.dim("  Reason: ") + chalk7.yellow(verification.mismatch_reason));
+        }
+      }
+    } catch (error) {
+      console.log(chalk7.dim("  Status: ") + chalk7.red("\u2717 Error"));
+    }
+    if (card.golden_thread?.signature) {
+      console.log(chalk7.dim("  Signature: ") + chalk7.green("\u2713 RSA-SHA256"));
+    }
+    console.log();
+  }
+}
 
-// src/commands/compliance.ts
+// src/commands/hash.ts
 import { Command as Command6 } from "commander";
-import chalk7 from "chalk";
+import chalk8 from "chalk";
 import ora4 from "ora";
+import path7 from "path";
+import {
+  loadAssetCard as loadAssetCard3,
+  extractGoldenThreadComponents as extractGoldenThreadComponents2,
+  computeGoldenThreadHashSync,
+  verifyGoldenThreadHashSync as verifyGoldenThreadHashSync2,
+  computeCanonicalString
+} from "@aigrc/core";
+var hashCommand = new Command6("hash").description("Compute or verify Golden Thread hashes").argument("[path]", "Path to asset card file").option("-v, --verify", "Verify the hash in the asset card").option("-o, --output <format>", "Output format (text, json)", "text").option("--ticket-id <id>", "Ticket ID for manual hash computation").option("--approved-by <email>", "Approver email for manual hash computation").option("--approved-at <datetime>", "Approval timestamp (ISO 8601) for manual hash computation").action(async (cardPath, options) => {
+  await runHash(cardPath, options);
+});
+async function runHash(cardPath, options) {
+  if (options.output === "text") {
+    printHeader();
+  }
+  if (options.ticketId && options.approvedBy && options.approvedAt) {
+    await runManualHash(options);
+    return;
+  }
+  if (!cardPath) {
+    if (options.output === "json") {
+      console.log(JSON.stringify({
+        success: false,
+        error: "No asset card path provided. Use --ticket-id, --approved-by, --approved-at for manual computation."
+      }));
+    } else {
+      console.log(chalk8.red("Error: No asset card path provided."));
+      console.log(chalk8.gray("Usage: aigrc hash <path-to-card>"));
+      console.log(chalk8.gray("   or: aigrc hash --ticket-id <id> --approved-by <email> --approved-at <datetime>"));
+    }
+    process.exit(1);
+  }
+  const spinner = options.output === "text" ? ora4("Loading asset card...").start() : null;
+  try {
+    const resolvedPath = path7.resolve(process.cwd(), cardPath);
+    const asset = loadAssetCard3(resolvedPath);
+    spinner?.succeed("Asset card loaded");
+    const components = extractGoldenThreadComponents2(asset);
+    if (!components) {
+      const result = {
+        success: false,
+        error: "Asset card does not have Golden Thread components (missing ticket_id, approved_by, or approved_at)"
+      };
+      outputResult(result, options.output);
+      process.exit(1);
+    }
+    if (options.verify) {
+      await runVerify(components, asset.golden_thread?.hash, options);
+    } else {
+      await runCompute(components, options);
+    }
+  } catch (error) {
+    spinner?.fail("Failed to load asset card");
+    const result = {
+      success: false,
+      error: error instanceof Error ? error.message : String(error)
+    };
+    outputResult(result, options.output);
+    process.exit(1);
+  }
+}
+async function runManualHash(options) {
+  const components = {
+    ticket_id: options.ticketId,
+    approved_by: options.approvedBy,
+    approved_at: options.approvedAt
+  };
+  const spinner = options.output === "text" ? ora4("Computing hash...").start() : null;
+  try {
+    const { canonical_string, hash } = computeGoldenThreadHashSync(components);
+    spinner?.succeed("Hash computed");
+    const result = {
+      success: true,
+      canonical_string,
+      hash
+    };
+    outputResult(result, options.output);
+  } catch (error) {
+    spinner?.fail("Failed to compute hash");
+    const result = {
+      success: false,
+      error: error instanceof Error ? error.message : String(error)
+    };
+    outputResult(result, options.output);
+    process.exit(1);
+  }
+}
+async function runCompute(components, options) {
+  const spinner = options.output === "text" ? ora4("Computing hash...").start() : null;
+  try {
+    const { canonical_string, hash } = computeGoldenThreadHashSync(components);
+    spinner?.succeed("Hash computed");
+    const result = {
+      success: true,
+      canonical_string,
+      hash
+    };
+    outputResult(result, options.output);
+  } catch (error) {
+    spinner?.fail("Failed to compute hash");
+    const result = {
+      success: false,
+      error: error instanceof Error ? error.message : String(error)
+    };
+    outputResult(result, options.output);
+    process.exit(1);
+  }
+}
+async function runVerify(components, expectedHash, options) {
+  const spinner = options.output === "text" ? ora4("Verifying hash...").start() : null;
+  if (!expectedHash) {
+    spinner?.fail("No hash to verify");
+    const result = {
+      success: false,
+      error: "Asset card does not have a hash in golden_thread.hash"
+    };
+    outputResult(result, options.output);
+    process.exit(1);
+  }
+  try {
+    const verification = verifyGoldenThreadHashSync2(components, expectedHash);
+    if (verification.verified) {
+      spinner?.succeed("Hash verified successfully");
+    } else {
+      spinner?.fail("Hash verification failed");
+    }
+    const result = {
+      success: verification.verified,
+      canonical_string: computeCanonicalString(components),
+      hash: verification.computed,
+      verified: verification.verified,
+      expected_hash: verification.expected,
+      error: verification.mismatch_reason
+    };
+    outputResult(result, options.output);
+    if (!verification.verified) {
+      process.exit(1);
+    }
+  } catch (error) {
+    spinner?.fail("Failed to verify hash");
+    const result = {
+      success: false,
+      error: error instanceof Error ? error.message : String(error)
+    };
+    outputResult(result, options.output);
+    process.exit(1);
+  }
+}
+function outputResult(result, format) {
+  if (format === "json") {
+    console.log(JSON.stringify(result, null, 2));
+    return;
+  }
+  if (result.success) {
+    if (result.verified !== void 0) {
+      if (result.verified) {
+        console.log(chalk8.green("\u2713 Golden Thread hash verified"));
+      } else {
+        console.log(chalk8.red("\u2717 Golden Thread hash verification failed"));
+        if (result.expected_hash) {
+          console.log(chalk8.dim(`Expected: ${result.expected_hash}`));
+        }
+        if (result.hash) {
+          console.log(chalk8.dim(`Computed: ${result.hash}`));
+        }
+      }
+    } else {
+      if (result.hash) {
+        console.log(result.hash);
+      }
+    }
+  } else {
+    console.log(chalk8.red("Error: ") + result.error);
+  }
+}
+
+// src/commands/version.ts
+import { Command as Command7 } from "commander";
+import chalk9 from "chalk";
+import fs5 from "fs/promises";
+import path8 from "path";
+var versionCommand = new Command7("version").description("Show version information for AIGRC CLI and packages").option("--json", "Output version information as JSON").action(async (options) => {
+  await runVersion(options);
+});
+async function runVersion(options) {
+  const versionInfo = await getVersionInfo();
+  if (options.json) {
+    console.log(JSON.stringify(versionInfo, null, 2));
+  } else {
+    printVersionText(versionInfo);
+  }
+}
+async function getVersionInfo() {
+  const cliVersion = await getPackageVersion("@aigrc/cli");
+  const coreVersion = await getPackageVersion("@aigrc/core");
+  const nodeVersion = process.version.replace("v", "");
+  const platform = process.platform;
+  const arch = process.arch;
+  return {
+    cli: cliVersion,
+    core: coreVersion,
+    node: nodeVersion,
+    platform,
+    arch
+  };
+}
+async function getPackageVersion(packageName) {
+  try {
+    const pkgPath = __require.resolve(`${packageName}/package.json`);
+    const pkgContent = await fs5.readFile(pkgPath, "utf-8");
+    const pkg = JSON.parse(pkgContent);
+    return pkg.version || "unknown";
+  } catch {
+    try {
+      const currentPkgPath = path8.join(process.cwd(), "package.json");
+      const pkgContent = await fs5.readFile(currentPkgPath, "utf-8");
+      const pkg = JSON.parse(pkgContent);
+      if (pkg.name === packageName) {
+        return pkg.version || "unknown";
+      }
+      if (pkg.dependencies?.[packageName]) {
+        return pkg.dependencies[packageName].replace("^", "").replace("~", "");
+      }
+      if (pkg.devDependencies?.[packageName]) {
+        return pkg.devDependencies[packageName].replace("^", "").replace("~", "");
+      }
+    } catch {
+    }
+    return "unknown";
+  }
+}
+function printVersionText(info) {
+  console.log();
+  console.log(chalk9.cyan.bold("AIGRC Version Information"));
+  console.log(chalk9.dim("\u2500".repeat(50)));
+  console.log();
+  console.log(`${chalk9.dim("aigrc CLI:")} ${chalk9.bold(info.cli)}`);
+  console.log(`${chalk9.dim("@aigrc/core:")} ${chalk9.bold(info.core)}`);
+  console.log(`${chalk9.dim("Node.js:")} ${chalk9.bold("v" + info.node)}`);
+  console.log(`${chalk9.dim("Platform:")} ${chalk9.bold(info.platform + " " + info.arch)}`);
+  console.log();
+}
+
+// src/commands/compliance.ts
+import { Command as Command8 } from "commander";
+import chalk10 from "chalk";
+import ora5 from "ora";
 import { existsSync, readFileSync, writeFileSync } from "fs";
 import { join } from "path";
-import YAML from "yaml";
+import YAML2 from "yaml";
 var BUILTIN_PROFILES = [
   {
     id: "eu-ai-act",
@@ -1071,16 +1737,16 @@ var BUILTIN_PROFILES = [
     description: "AI Management System Standard"
   }
 ];
-var complianceCommand = new Command6("compliance").description("Manage compliance profiles").addCommand(
-  new Command6("list").description("List available compliance profiles").option("-a, --active", "Show only active profiles").option("-o, --output <format>", "Output format (text, json, yaml)", "text").action(async (options) => {
+var complianceCommand = new Command8("compliance").description("Manage compliance profiles").addCommand(
+  new Command8("list").description("List available compliance profiles").option("-a, --active", "Show only active profiles").option("-o, --output <format>", "Output format (text, json, yaml)", "text").action(async (options) => {
     await listProfiles(options);
   })
 ).addCommand(
-  new Command6("show").description("Show details of a profile").argument("<profileId>", "Profile ID (e.g., eu-ai-act, us-omb-m24)").option("-o, --output <format>", "Output format (text, json, yaml)", "text").action(async (profileId, options) => {
+  new Command8("show").description("Show details of a profile").argument("<profileId>", "Profile ID (e.g., eu-ai-act, us-omb-m24)").option("-o, --output <format>", "Output format (text, json, yaml)", "text").action(async (profileId, options) => {
     await showProfile(profileId, options);
   })
 ).addCommand(
-  new Command6("set").description("Set active profiles in .aigrc.yaml").argument("<profiles...>", "Profile IDs to activate").option("--stack", "Enable profile stacking (strictest wins)").action(async (profiles, options) => {
+  new Command8("set").description("Set active profiles in .aigrc.yaml").argument("<profiles...>", "Profile IDs to activate").option("--stack", "Enable profile stacking (strictest wins)").action(async (profiles, options) => {
     await setProfiles(profiles, options);
   })
 );
@@ -1096,19 +1762,19 @@ async function listProfiles(options) {
     return;
   }
   if (options.output === "yaml") {
-    console.log(YAML.stringify(profiles));
+    console.log(YAML2.stringify(profiles));
     return;
   }
   console.log();
   console.log(
-    chalk7.dim("  ID".padEnd(16)) + chalk7.dim("Name".padEnd(28)) + chalk7.dim("Jurisdiction".padEnd(16)) + chalk7.dim("Active")
+    chalk10.dim("  ID".padEnd(16)) + chalk10.dim("Name".padEnd(28)) + chalk10.dim("Jurisdiction".padEnd(16)) + chalk10.dim("Active")
   );
-  console.log(chalk7.dim("  " + "\u2500".repeat(70)));
+  console.log(chalk10.dim("  " + "\u2500".repeat(70)));
   for (const profile of profiles) {
     const isActive = activeProfiles.includes(profile.id);
-    const activeIndicator = isActive ? chalk7.green("\u2713") : chalk7.gray("\xB7");
+    const activeIndicator = isActive ? chalk10.green("\u2713") : chalk10.gray("\xB7");
     console.log(
-      `  ${chalk7.cyan(profile.id.padEnd(14))} ${profile.name.padEnd(26)} ${chalk7.dim(profile.jurisdiction.padEnd(14))} ${activeIndicator}`
+      `  ${chalk10.cyan(profile.id.padEnd(14))} ${profile.name.padEnd(26)} ${chalk10.dim(profile.jurisdiction.padEnd(14))} ${activeIndicator}`
     );
   }
   console.log();
@@ -1127,21 +1793,21 @@ async function showProfile(profileId, options) {
     return;
   }
   if (options.output === "yaml") {
-    console.log(YAML.stringify(profile));
+    console.log(YAML2.stringify(profile));
     return;
   }
   printHeader();
-  console.log(chalk7.bold.cyan(`Profile: ${profile.name}`));
+  console.log(chalk10.bold.cyan(`Profile: ${profile.name}`));
   console.log();
-  console.log(`  ${chalk7.dim("ID:")}           ${profile.id}`);
-  console.log(`  ${chalk7.dim("Version:")}      ${profile.version}`);
-  console.log(`  ${chalk7.dim("Jurisdiction:")} ${profile.jurisdiction}`);
-  console.log(`  ${chalk7.dim("Description:")}  ${profile.description}`);
+  console.log(`  ${chalk10.dim("ID:")}           ${profile.id}`);
+  console.log(`  ${chalk10.dim("Version:")}      ${profile.version}`);
+  console.log(`  ${chalk10.dim("Jurisdiction:")} ${profile.jurisdiction}`);
+  console.log(`  ${chalk10.dim("Description:")}  ${profile.description}`);
   const activeProfiles = loadActiveProfiles();
   const isActive = activeProfiles.includes(profile.id);
   console.log();
   console.log(
-    `  ${chalk7.dim("Status:")}       ${isActive ? chalk7.green("Active") : chalk7.gray("Inactive")}`
+    `  ${chalk10.dim("Status:")}       ${isActive ? chalk10.green("Active") : chalk10.gray("Inactive")}`
   );
 }
 async function setProfiles(profiles, options) {
@@ -1155,19 +1821,19 @@ async function setProfiles(profiles, options) {
     printInfo(`Available profiles: ${BUILTIN_PROFILES.map((p) => p.id).join(", ")}`);
     process.exit(1);
   }
-  const spinner = ora4("Updating configuration...").start();
+  const spinner = ora5("Updating configuration...").start();
   try {
     const configPath = join(process.cwd(), ".aigrc.yaml");
     let config = {};
     if (existsSync(configPath)) {
       const content = readFileSync(configPath, "utf-8");
-      config = YAML.parse(content) || {};
+      config = YAML2.parse(content) || {};
     }
     config.profiles = profiles;
     if (options.stack) {
       config.stackProfiles = true;
     }
-    writeFileSync(configPath, YAML.stringify(config, { indent: 2 }), "utf-8");
+    writeFileSync(configPath, YAML2.stringify(config, { indent: 2 }), "utf-8");
     spinner.succeed("Configuration updated");
     console.log();
     printSuccess(`Active profiles: ${profiles.join(", ")}`);
@@ -1187,7 +1853,7 @@ function loadActiveProfiles() {
   }
   try {
     const content = readFileSync(configPath, "utf-8");
-    const config = YAML.parse(content);
+    const config = YAML2.parse(content);
     return config?.profiles || ["eu-ai-act"];
   } catch {
     return ["eu-ai-act"];
@@ -1195,13 +1861,13 @@ function loadActiveProfiles() {
 }
 
 // src/commands/classify.ts
-import { Command as Command7 } from "commander";
-import chalk8 from "chalk";
-import ora5 from "ora";
+import { Command as Command9 } from "commander";
+import chalk11 from "chalk";
+import ora6 from "ora";
 import { existsSync as existsSync2, readFileSync as readFileSync2 } from "fs";
 import { join as join2 } from "path";
-import YAML2 from "yaml";
-import { loadAssetCard as loadAssetCard3, saveAssetCard as saveAssetCard3 } from "@aigrc/core";
+import YAML3 from "yaml";
+import { loadAssetCard as loadAssetCard4, saveAssetCard as saveAssetCard3 } from "@aigrc/core";
 var RISK_MAPPINGS = {
   "eu-ai-act": {
     minimal: "minimal",
@@ -1234,7 +1900,7 @@ var PROFILE_NAMES = {
   "nist-ai-rmf": "NIST AI RMF",
   "iso-42001": "ISO/IEC 42001"
 };
-var classifyCommand = new Command7("classify").description("Classify an asset against compliance profiles").argument("<assetPath>", "Path to asset card YAML file").option("-p, --profiles <profiles...>", "Profile IDs to classify against").option("-a, --all", "Classify against all available profiles").option("-o, --output <format>", "Output format (text, json, yaml)", "text").option("-u, --update", "Update asset card with classification results").action(async (assetPath, options) => {
+var classifyCommand = new Command9("classify").description("Classify an asset against compliance profiles").argument("<assetPath>", "Path to asset card YAML file").option("-p, --profiles <profiles...>", "Profile IDs to classify against").option("-a, --all", "Classify against all available profiles").option("-o, --output <format>", "Output format (text, json, yaml)", "text").option("-u, --update", "Update asset card with classification results").action(async (assetPath, options) => {
   await runClassify(assetPath, options);
 });
 async function runClassify(assetPath, options) {
@@ -1245,10 +1911,10 @@ async function runClassify(assetPath, options) {
     printError(`Asset card not found: ${assetPath}`);
     process.exit(1);
   }
-  const spinner = ora5("Loading asset card...").start();
+  const spinner = ora6("Loading asset card...").start();
   let card;
   try {
-    card = loadAssetCard3(assetPath);
+    card = loadAssetCard4(assetPath);
     spinner.succeed(`Loaded: ${card.name}`);
   } catch (error) {
     spinner.fail("Failed to load asset card");
@@ -1296,7 +1962,7 @@ async function runClassify(assetPath, options) {
   }
   if (options.output === "yaml") {
     console.log(
-      YAML2.stringify({
+      YAML3.stringify({
         asset: card.name,
         aigrcRiskLevel: aigrcLevel,
         classifications
@@ -1307,12 +1973,12 @@ async function runClassify(assetPath, options) {
   console.log();
   printSubheader(`Classification: ${card.name}`);
   console.log();
-  console.log(`  ${chalk8.dim("AIGRC Risk Level:")} ${formatRiskLevel(aigrcLevel)}`);
+  console.log(`  ${chalk11.dim("AIGRC Risk Level:")} ${formatRiskLevel(aigrcLevel)}`);
   console.log();
   console.log(
-    chalk8.dim("  Profile".padEnd(24)) + chalk8.dim("Mapped Risk Level")
+    chalk11.dim("  Profile".padEnd(24)) + chalk11.dim("Mapped Risk Level")
   );
-  console.log(chalk8.dim("  " + "\u2500".repeat(50)));
+  console.log(chalk11.dim("  " + "\u2500".repeat(50)));
   for (const c of classifications) {
     console.log(
       `  ${c.profileName.padEnd(22)} ${formatRiskLevel(c.mappedLevel)}`
@@ -1329,9 +1995,9 @@ async function runClassify(assetPath, options) {
     }
   }
   console.log();
-  console.log(`  ${chalk8.dim("Strictest:")} ${formatRiskLevel(strictestLevel)}`);
+  console.log(`  ${chalk11.dim("Strictest:")} ${formatRiskLevel(strictestLevel)}`);
   if (options.update) {
-    const updateSpinner = ora5("Updating asset card...").start();
+    const updateSpinner = ora6("Updating asset card...").start();
     try {
       const jurisdictions = classifications.map((c) => ({
         jurisdictionId: c.profileId,
@@ -1349,19 +2015,19 @@ async function runClassify(assetPath, options) {
 }
 function formatRiskLevel(level) {
   const colors = {
-    minimal: chalk8.green,
-    neither: chalk8.green,
-    low: chalk8.green,
-    limited: chalk8.yellow,
-    medium: chalk8.yellow,
-    moderate: chalk8.yellow,
-    high: chalk8.red,
-    "rights-impacting": chalk8.red,
-    critical: chalk8.magenta,
-    "safety-impacting": chalk8.magenta,
-    unacceptable: chalk8.magenta.bold
+    minimal: chalk11.green,
+    neither: chalk11.green,
+    low: chalk11.green,
+    limited: chalk11.yellow,
+    medium: chalk11.yellow,
+    moderate: chalk11.yellow,
+    high: chalk11.red,
+    "rights-impacting": chalk11.red,
+    critical: chalk11.magenta,
+    "safety-impacting": chalk11.magenta,
+    unacceptable: chalk11.magenta.bold
   };
-  const colorFn = colors[level] || chalk8.white;
+  const colorFn = colors[level] || chalk11.white;
   return colorFn(level.toUpperCase());
 }
 function loadActiveProfiles2() {
@@ -1371,7 +2037,7 @@ function loadActiveProfiles2() {
   }
   try {
     const content = readFileSync2(configPath, "utf-8");
-    const config = YAML2.parse(content);
+    const config = YAML3.parse(content);
     return config?.profiles || ["eu-ai-act"];
   } catch {
     return ["eu-ai-act"];
@@ -1379,13 +2045,13 @@ function loadActiveProfiles2() {
 }
 
 // src/commands/check.ts
-import { Command as Command8 } from "commander";
-import chalk9 from "chalk";
-import ora6 from "ora";
+import { Command as Command10 } from "commander";
+import chalk12 from "chalk";
+import ora7 from "ora";
 import { existsSync as existsSync3, readFileSync as readFileSync3 } from "fs";
 import { join as join3 } from "path";
-import YAML3 from "yaml";
-import { loadAssetCard as loadAssetCard4 } from "@aigrc/core";
+import YAML4 from "yaml";
+import { loadAssetCard as loadAssetCard5 } from "@aigrc/core";
 var PROFILE_CONTROLS = {
   "eu-ai-act": [
     { id: "eu-art-9", name: "Risk Management System", category: "Risk Management", riskLevels: ["high"] },
@@ -1432,7 +2098,7 @@ var PROFILE_NAMES2 = {
   "nist-ai-rmf": "NIST AI RMF",
   "iso-42001": "ISO/IEC 42001"
 };
-var checkCommand = new Command8("check").description("Check compliance status for an asset").argument("<assetPath>", "Path to asset card YAML file").option("-p, --profiles <profiles...>", "Profile IDs to check").option("-s, --stack", "Check against stacked profiles (strictest wins)").option("-o, --output <format>", "Output format (text, json, yaml)", "text").option("-v, --verbose", "Show detailed control status").action(async (assetPath, options) => {
+var checkCommand = new Command10("check").description("Check compliance status for an asset").argument("<assetPath>", "Path to asset card YAML file").option("-p, --profiles <profiles...>", "Profile IDs to check").option("-s, --stack", "Check against stacked profiles (strictest wins)").option("-o, --output <format>", "Output format (text, json, yaml)", "text").option("-v, --verbose", "Show detailed control status").action(async (assetPath, options) => {
   await runCheck(assetPath, options);
 });
 async function runCheck(assetPath, options) {
@@ -1443,10 +2109,10 @@ async function runCheck(assetPath, options) {
     printError(`Asset card not found: ${assetPath}`);
     process.exit(1);
   }
-  const spinner = ora6("Loading asset card...").start();
+  const spinner = ora7("Loading asset card...").start();
   let card;
   try {
-    card = loadAssetCard4(assetPath);
+    card = loadAssetCard5(assetPath);
     spinner.succeed(`Loaded: ${card.name}`);
   } catch (error) {
     spinner.fail("Failed to load asset card");
@@ -1471,19 +2137,19 @@ async function runCheck(assetPath, options) {
     return;
   }
   if (options.output === "yaml") {
-    console.log(YAML3.stringify({ asset: card.name, results }));
+    console.log(YAML4.stringify({ asset: card.name, results }));
     return;
   }
   console.log();
   printSubheader(`Compliance Check: ${card.name}`);
   console.log();
   console.log(
-    chalk9.dim("  Profile".padEnd(20)) + chalk9.dim("Risk Level".padEnd(20)) + chalk9.dim("Compliant".padEnd(12)) + chalk9.dim("Score")
+    chalk12.dim("  Profile".padEnd(20)) + chalk12.dim("Risk Level".padEnd(20)) + chalk12.dim("Compliant".padEnd(12)) + chalk12.dim("Score")
   );
-  console.log(chalk9.dim("  " + "\u2500".repeat(60)));
+  console.log(chalk12.dim("  " + "\u2500".repeat(60)));
   for (const r of results) {
-    const compliantIcon = r.compliant ? chalk9.green("\u2713 Yes") : chalk9.red("\u2717 No");
-    const scoreColor = r.percentage >= 80 ? chalk9.green : r.percentage >= 50 ? chalk9.yellow : chalk9.red;
+    const compliantIcon = r.compliant ? chalk12.green("\u2713 Yes") : chalk12.red("\u2717 No");
+    const scoreColor = r.percentage >= 80 ? chalk12.green : r.percentage >= 50 ? chalk12.yellow : chalk12.red;
     console.log(
       `  ${r.profileName.padEnd(18)} ${formatRiskLevel2(r.riskLevel).padEnd(28)} ${compliantIcon.padEnd(20)} ${scoreColor(r.percentage + "%")}`
     );
@@ -1493,7 +2159,7 @@ async function runCheck(assetPath, options) {
     const allCompliant = results.every((r) => r.compliant);
     const avgPercentage = Math.round(results.reduce((acc, r) => acc + r.percentage, 0) / results.length);
     console.log(
-      `  ${chalk9.bold("STACKED")}`.padEnd(18) + `${chalk9.dim("(strictest)")}`.padEnd(28) + `${allCompliant ? chalk9.green("\u2713 Yes") : chalk9.red("\u2717 No")}`.padEnd(20) + `${avgPercentage}%`
+      `  ${chalk12.bold("STACKED")}`.padEnd(18) + `${chalk12.dim("(strictest)")}`.padEnd(28) + `${allCompliant ? chalk12.green("\u2713 Yes") : chalk12.red("\u2717 No")}`.padEnd(20) + `${avgPercentage}%`
     );
   }
   if (options.verbose) {
@@ -1502,9 +2168,9 @@ async function runCheck(assetPath, options) {
       printSubheader(`${r.profileName} Details`);
       console.log();
       console.log(
-        chalk9.dim("  Control".padEnd(32)) + chalk9.dim("Status")
+        chalk12.dim("  Control".padEnd(32)) + chalk12.dim("Status")
       );
-      console.log(chalk9.dim("  " + "\u2500".repeat(50)));
+      console.log(chalk12.dim("  " + "\u2500".repeat(50)));
       for (const c of r.controls) {
         const statusIcon = getStatusIcon(c.status);
         console.log(`  ${c.controlName.padEnd(30)} ${statusIcon}`);
@@ -1513,7 +2179,7 @@ async function runCheck(assetPath, options) {
         console.log();
         printWarning(`${r.gaps.length} gap(s) identified:`);
         for (const gap of r.gaps) {
-          console.log(chalk9.yellow(`    - ${gap}`));
+          console.log(chalk12.yellow(`    - ${gap}`));
         }
       }
     }
@@ -1575,9 +2241,9 @@ function evaluateControl(card, control) {
     "Risk Management": hasApprovals || hasIntent,
     "Data Governance": hasConstraints,
     Documentation: hasIntent && !!card.intent.businessJustification,
-    Logging: hasConstraints && card.constraints?.monitoring?.logAllDecisions,
+    Logging: hasConstraints && !!card.constraints?.monitoring?.logAllDecisions,
     Transparency: card.intent.linked,
-    Oversight: hasApprovals || hasConstraints && card.constraints?.humanApprovalRequired?.length,
+    Oversight: hasApprovals || hasConstraints && !!card.constraints?.humanApprovalRequired?.length,
     Technical: hasConstraints,
     Assessment: hasIntent && !!card.intent.businessJustification,
     Governance: hasApprovals,
@@ -1585,12 +2251,12 @@ function evaluateControl(card, control) {
     Leadership: hasApprovals,
     Support: card.ownership.team !== void 0,
     Operations: hasConstraints,
-    Performance: hasConstraints && card.constraints?.monitoring?.logAllDecisions,
+    Performance: hasConstraints && !!card.constraints?.monitoring?.logAllDecisions,
     Improvement: hasApprovals && card.governance.status !== "draft",
     Equity: hasIntent && !!card.intent.businessJustification,
     Remediation: hasApprovals,
     Testing: hasConstraints,
-    Measurement: hasConstraints && card.constraints?.monitoring,
+    Measurement: hasConstraints && !!card.constraints?.monitoring,
     Management: hasApprovals || hasIntent,
     "Risk Mapping": hasIntent
   };
@@ -1603,30 +2269,30 @@ function evaluateControl(card, control) {
 function getStatusIcon(status) {
   switch (status) {
     case "implemented":
-      return chalk9.green("\u2713 Implemented");
+      return chalk12.green("\u2713 Implemented");
     case "partial":
-      return chalk9.yellow("\u25D0 Partial");
+      return chalk12.yellow("\u25D0 Partial");
     case "not_implemented":
-      return chalk9.red("\u2717 Missing");
+      return chalk12.red("\u2717 Missing");
     case "not_applicable":
-      return chalk9.gray("- N/A");
+      return chalk12.gray("- N/A");
   }
 }
 function formatRiskLevel2(level) {
   const colors = {
-    minimal: chalk9.green,
-    neither: chalk9.green,
-    low: chalk9.green,
-    limited: chalk9.yellow,
-    medium: chalk9.yellow,
-    moderate: chalk9.yellow,
-    high: chalk9.red,
-    "rights-impacting": chalk9.red,
-    critical: chalk9.magenta,
-    "safety-impacting": chalk9.magenta,
-    unacceptable: chalk9.magenta.bold
+    minimal: chalk12.green,
+    neither: chalk12.green,
+    low: chalk12.green,
+    limited: chalk12.yellow,
+    medium: chalk12.yellow,
+    moderate: chalk12.yellow,
+    high: chalk12.red,
+    "rights-impacting": chalk12.red,
+    critical: chalk12.magenta,
+    "safety-impacting": chalk12.magenta,
+    unacceptable: chalk12.magenta.bold
   };
-  const colorFn = colors[level] || chalk9.white;
+  const colorFn = colors[level] || chalk12.white;
   return colorFn(level.toUpperCase());
 }
 function loadActiveProfiles3() {
@@ -1636,7 +2302,7 @@ function loadActiveProfiles3() {
   }
   try {
     const content = readFileSync3(configPath, "utf-8");
-    const config = YAML3.parse(content);
+    const config = YAML4.parse(content);
     return config?.profiles || ["eu-ai-act"];
   } catch {
     return ["eu-ai-act"];
@@ -1644,12 +2310,12 @@ function loadActiveProfiles3() {
 }
 
 // src/commands/generate.ts
-import { Command as Command9 } from "commander";
-import ora7 from "ora";
+import { Command as Command11 } from "commander";
+import ora8 from "ora";
 import { existsSync as existsSync4, mkdirSync, writeFileSync as writeFileSync3, readFileSync as readFileSync4 } from "fs";
 import { join as join4 } from "path";
-import YAML4 from "yaml";
-import { loadAssetCard as loadAssetCard5 } from "@aigrc/core";
+import YAML5 from "yaml";
+import { loadAssetCard as loadAssetCard6 } from "@aigrc/core";
 var ARTIFACT_TEMPLATES = {
   "eu-ai-act": [
     { id: "risk-management-plan", name: "Risk Management Plan", requiredFor: ["high"], format: "md" },
@@ -1682,7 +2348,7 @@ var PROFILE_NAMES3 = {
   "nist-ai-rmf": "NIST AI RMF",
   "iso-42001": "ISO/IEC 42001"
 };
-var generateCommand = new Command9("generate").description("Generate compliance artifacts from templates").argument("<assetPath>", "Path to asset card YAML file").option("-p, --profile <profile>", "Profile ID for templates").option("-t, --template <template>", "Specific template ID to generate").option("-a, --all", "Generate all required artifacts").option("-o, --output-dir <dir>", "Output directory", ".aigrc/artifacts").option("-f, --force", "Overwrite existing files").action(async (assetPath, options) => {
+var generateCommand = new Command11("generate").description("Generate compliance artifacts from templates").argument("<assetPath>", "Path to asset card YAML file").option("-p, --profile <profile>", "Profile ID for templates").option("-t, --template <template>", "Specific template ID to generate").option("-a, --all", "Generate all required artifacts").option("-o, --output-dir <dir>", "Output directory", ".aigrc/artifacts").option("-f, --force", "Overwrite existing files").action(async (assetPath, options) => {
   await runGenerate(assetPath, options);
 });
 async function runGenerate(assetPath, options) {
@@ -1691,10 +2357,10 @@ async function runGenerate(assetPath, options) {
     printError(`Asset card not found: ${assetPath}`);
     process.exit(1);
   }
-  const spinner = ora7("Loading asset card...").start();
+  const spinner = ora8("Loading asset card...").start();
   let card;
   try {
-    card = loadAssetCard5(assetPath);
+    card = loadAssetCard6(assetPath);
     spinner.succeed(`Loaded: ${card.name}`);
   } catch (error) {
     spinner.fail("Failed to load asset card");
@@ -1859,7 +2525,7 @@ function generateYamlTemplate(card, profileId, template) {
       pendingSections: ["All sections require review"]
     }
   };
-  return YAML4.stringify(content, { indent: 2 });
+  return YAML5.stringify(content, { indent: 2 });
 }
 function getSection2Title(templateId) {
   const titles = {
@@ -1950,7 +2616,7 @@ function loadActiveProfiles4() {
   }
   try {
     const content = readFileSync4(configPath, "utf-8");
-    const config = YAML4.parse(content);
+    const config = YAML5.parse(content);
     return config?.profiles || ["eu-ai-act"];
   } catch {
     return ["eu-ai-act"];
@@ -1958,12 +2624,12 @@ function loadActiveProfiles4() {
 }
 
 // src/commands/report.ts
-import { Command as Command10 } from "commander";
-import ora8 from "ora";
+import { Command as Command12 } from "commander";
+import ora9 from "ora";
 import { existsSync as existsSync5, mkdirSync as mkdirSync2, writeFileSync as writeFileSync4, readFileSync as readFileSync5, readdirSync } from "fs";
 import { join as join5 } from "path";
-import YAML5 from "yaml";
-import { loadAssetCard as loadAssetCard6 } from "@aigrc/core";
+import YAML6 from "yaml";
+import { loadAssetCard as loadAssetCard7 } from "@aigrc/core";
 var PROFILE_NAMES4 = {
   "eu-ai-act": "EU AI Act",
   "us-omb-m24": "US OMB M-24",
@@ -2007,26 +2673,26 @@ var CONTROL_CROSSWALK = {
     "iso-42001": ["iso-a8"]
   }
 };
-var reportCommand = new Command10("report").description("Generate compliance reports").addCommand(
-  new Command10("gap").description("Generate gap analysis report").argument("[assetPath]", "Path to asset card (or all in .aigrc/cards)").option("-p, --profiles <profiles...>", "Profile IDs to analyze").option("-o, --output <file>", "Output file path").option("-f, --format <format>", "Format (md, json, yaml)", "md").action(async (assetPath, options) => {
+var reportCommand = new Command12("report").description("Generate compliance reports").addCommand(
+  new Command12("gap").description("Generate gap analysis report").argument("[assetPath]", "Path to asset card (or all in .aigrc/cards)").option("-p, --profiles <profiles...>", "Profile IDs to analyze").option("-o, --output <file>", "Output file path").option("-f, --format <format>", "Format (md, json, yaml)", "md").action(async (assetPath, options) => {
     await generateGapReport(assetPath, options);
   })
 ).addCommand(
-  new Command10("crosswalk").description("Generate cross-framework mapping report").argument("<assetPath>", "Path to asset card").option("-p, --profiles <profiles...>", "Profile IDs to include").option("-o, --output <file>", "Output file path").option("-f, --format <format>", "Format (md, json, yaml)", "md").action(async (assetPath, options) => {
+  new Command12("crosswalk").description("Generate cross-framework mapping report").argument("<assetPath>", "Path to asset card").option("-p, --profiles <profiles...>", "Profile IDs to include").option("-o, --output <file>", "Output file path").option("-f, --format <format>", "Format (md, json, yaml)", "md").action(async (assetPath, options) => {
     await generateCrosswalkReport(assetPath, options);
   })
 ).addCommand(
-  new Command10("audit").description("Generate audit package").option("-p, --profile <profile>", "Profile ID", "eu-ai-act").option("-o, --output <dir>", "Output directory").option("--include-assets <assets...>", "Specific asset card paths").action(async (options) => {
+  new Command12("audit").description("Generate audit package").option("-p, --profile <profile>", "Profile ID", "eu-ai-act").option("-o, --output <dir>", "Output directory").option("--include-assets <assets...>", "Specific asset card paths").action(async (options) => {
     await generateAuditPackage(options);
   })
 );
 async function generateGapReport(assetPath, options) {
   printHeader();
-  const spinner = ora8("Loading assets...").start();
+  const spinner = ora9("Loading assets...").start();
   let cards = [];
   if (assetPath) {
     try {
-      const card = loadAssetCard6(assetPath);
+      const card = loadAssetCard7(assetPath);
       cards.push({ path: assetPath, card });
     } catch (error) {
       spinner.fail("Failed to load asset card");
@@ -2039,7 +2705,7 @@ async function generateGapReport(assetPath, options) {
       const files = readdirSync(cardsDir).filter((f) => f.endsWith(".yaml") || f.endsWith(".yml"));
       for (const file of files) {
         try {
-          const card = loadAssetCard6(join5(cardsDir, file));
+          const card = loadAssetCard7(join5(cardsDir, file));
           cards.push({ path: join5(cardsDir, file), card });
         } catch {
         }
@@ -2093,7 +2759,7 @@ async function generateGapReport(assetPath, options) {
     return;
   }
   if (options.format === "yaml") {
-    const output = YAML5.stringify({ generated: now, gaps });
+    const output = YAML6.stringify({ generated: now, gaps });
     if (options.output) {
       writeFileSync4(options.output, output, "utf-8");
       printSuccess(`Report saved to: ${options.output}`);
@@ -2154,7 +2820,7 @@ async function generateCrosswalkReport(assetPath, options) {
   }
   let card;
   try {
-    card = loadAssetCard6(assetPath);
+    card = loadAssetCard7(assetPath);
   } catch (error) {
     printError(error instanceof Error ? error.message : String(error));
     process.exit(1);
@@ -2193,7 +2859,7 @@ async function generateCrosswalkReport(assetPath, options) {
     return;
   }
   if (options.format === "yaml") {
-    const output = YAML5.stringify({
+    const output = YAML6.stringify({
       generated: now,
       asset: { id: card.id, name: card.name },
       aigrcRiskLevel: card.classification.riskLevel,
@@ -2256,7 +2922,7 @@ async function generateCrosswalkReport(assetPath, options) {
 async function generateAuditPackage(options) {
   printHeader();
   printSubheader("Generating Audit Package");
-  const spinner = ora8("Collecting assets...").start();
+  const spinner = ora9("Collecting assets...").start();
   let cardPaths = [];
   if (options.includeAssets && options.includeAssets.length > 0) {
     cardPaths = options.includeAssets;
@@ -2271,9 +2937,9 @@ async function generateAuditPackage(options) {
     process.exit(1);
   }
   const cards = [];
-  for (const path6 of cardPaths) {
+  for (const path9 of cardPaths) {
     try {
-      cards.push(loadAssetCard6(path6));
+      cards.push(loadAssetCard7(path9));
     } catch {
     }
   }
@@ -2311,7 +2977,7 @@ ${cards.map((c) => `| ${c.name} | ${c.classification.riskLevel} | ${c.governance
   mkdirSync2(assetsDir, { recursive: true });
   for (const card of cards) {
     const filename = `${card.id}.yaml`;
-    writeFileSync4(join5(assetsDir, filename), YAML5.stringify(card, { indent: 2 }), "utf-8");
+    writeFileSync4(join5(assetsDir, filename), YAML6.stringify(card, { indent: 2 }), "utf-8");
   }
   const inventory = {
     generated: now,
@@ -2335,7 +3001,7 @@ ${cards.map((c) => `| ${c.name} | ${c.classification.riskLevel} | ${c.governance
       status: c.governance.status
     }))
   };
-  writeFileSync4(join5(outputDir, "inventory.yaml"), YAML5.stringify(inventory, { indent: 2 }), "utf-8");
+  writeFileSync4(join5(outputDir, "inventory.yaml"), YAML6.stringify(inventory, { indent: 2 }), "utf-8");
   console.log();
   printSuccess(`Audit package created: ${outputDir}`);
   printInfo(`  - README.md (Executive Summary)`);
@@ -2349,7 +3015,7 @@ function loadActiveProfiles5() {
   }
   try {
     const content = readFileSync5(configPath, "utf-8");
-    const config = YAML5.parse(content);
+    const config = YAML6.parse(content);
     return config?.profiles || ["eu-ai-act"];
   } catch {
     return ["eu-ai-act"];
@@ -2363,6 +3029,8 @@ program.addCommand(initCommand);
 program.addCommand(registerCommand);
 program.addCommand(validateCommand);
 program.addCommand(statusCommand);
+program.addCommand(hashCommand);
+program.addCommand(versionCommand);
 program.addCommand(complianceCommand);
 program.addCommand(classifyCommand);
 program.addCommand(checkCommand);